[openssl] OpenSSL_1_0_2-stable update

nic.tuv at gmail.com nic.tuv at gmail.com
Tue Oct 15 12:38:50 UTC 2019 

The branch OpenSSL_1_0_2-stable has been updated
       via  4e545c6a256fb1ab08cc5a3aabb00963dac3191b (commit)
      from  1c10029a68e910d936f9bf011f8c3bb18a05ff8b (commit)


- Log -----------------------------------------------------------------
commit 4e545c6a256fb1ab08cc5a3aabb00963dac3191b
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Thu Oct 10 20:30:58 2019 +0300

    [ec_asn1.c] Avoid injecting seed when built-in matches
    
    An unintended consequence of https://github.com/openssl/openssl/pull/9808
    is that when an explicit parameters curve is matched against one of the
    well-known builtin curves we automatically inherit also the associated
    seed parameter, even if the input parameters excluded such parameter.
    
    This later affects the serialization of such parsed keys, causing their
    input DER encoding and output DER encoding to differ due to the
    additional optional field.
    
    This does not cause problems internally but could affect external
    applications, as reported in
    https://github.com/openssl/openssl/pull/9811#issuecomment-536153288
    
    This commit fixes the issue by conditionally clearing the seed field if
    the original input parameters did not include it.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10141)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_asn1.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 865130f67e..30b3ebfbe0 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -973,6 +973,20 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
          * 0x0 = OPENSSL_EC_EXPLICIT_CURVE
          */
         EC_GROUP_set_asn1_flag(ret, 0x0);
+
+        /*
+         * If the input params do not contain the optional seed field we make
+         * sure it is not added to the returned group.
+         *
+         * The seed field is not really used inside libcrypto anyway, and
+         * adding it to parsed explicit parameter keys would alter their DER
+         * encoding output (because of the extra field) which could impact
+         * applications fingerprinting keys by their DER encoding.
+         */
+        if (params->curve->seed == NULL) {
+            if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
+                goto err;
+        }
     }
 
     ok = 1;

More information about the openssl-commits mailing list