OpenSSL: Clear the correct flag in crypto_ec_key_get_ecprivate_key()

In case the public key was not included in the EC private key ASN.1
sequence, the flag that was cleared was not the right one. Fix this by
using EC_KEY_set_enc_flags() for both setting and clearing the
EC_PKEY_NO_PUBKEY flag instead of trying to clear that with the
unrelated EC_KEY_clear_flags() function.

Fixes: 2d5772e691f6 ("DPP: Factorize conversion to ASN.1 ECPrivateKey")
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 96ce493e324d90d808939453bbbb8cdcfb77c75a..c198748de25b6015918fb0afa59d0c475d8375da 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -2501,15 +2501,18 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key,
        unsigned char *der = NULL;
        int der_len;
        struct wpabuf *buf;
+       unsigned int key_flags;
 
        eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
        if (!eckey)
                return NULL;
 
+       key_flags = EC_KEY_get_enc_flags(eckey);
        if (include_pub)
-               EC_KEY_clear_flags(eckey, EC_PKEY_NO_PUBKEY);
+               key_flags &= ~EC_PKEY_NO_PUBKEY;
        else
-               EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
+               key_flags |= EC_PKEY_NO_PUBKEY;
+       EC_KEY_set_enc_flags(eckey, key_flags);
 
        EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);