[openssl] OpenSSL_1_1_1-stable update
nic.tuv at gmail.com
nic.tuv at gmail.com
Tue Oct 15 12:25:58 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via ac8881e160632a8de6ca123a9f85b2e6f8ae173b (commit)
from df22cbb555430b7206a8d30cb41f4e28b9e28370 (commit)
- Log -----------------------------------------------------------------
commit ac8881e160632a8de6ca123a9f85b2e6f8ae173b
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date: Thu Oct 10 20:30:58 2019 +0300
[ec_asn1.c] Avoid injecting seed when built-in matches
An unintended consequence of https://github.com/openssl/openssl/pull/9808
is that when an explicit parameters curve is matched against one of the
well-known builtin curves we automatically inherit also the associated
seed parameter, even if the input parameters excluded such
parameter.
This later affects the serialization of such parsed keys, causing their
input DER encoding and output DER encoding to differ due to the
additional optional field.
This does not cause problems internally but could affect external
applications, as reported in
https://github.com/openssl/openssl/pull/9811#issuecomment-536153288
This commit fixes the issue by conditionally clearing the seed field if
the original input parameters did not include it.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10140)
(cherry picked from commit f97a8af2f3f3573f0759693117c9d33d2a63c27e)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_asn1.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index f14d1b5249..336afc989d 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -849,6 +849,20 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
* serialized using explicit parameters by default.
*/
EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
+
+ /*
+ * If the input params do not contain the optional seed field we make
+ * sure it is not added to the returned group.
+ *
+ * The seed field is not really used inside libcrypto anyway, and
+ * adding it to parsed explicit parameter keys would alter their DER
+ * encoding output (because of the extra field) which could impact
+ * applications fingerprinting keys by their DER encoding.
+ */
+ if (params->curve->seed == NULL) {
+ if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
+ goto err;
+ }
}
ok = 1;
More information about the openssl-commits
mailing list