From: Matt Caswell Date: Thu, 21 Jan 2021 15:12:30 +0000 (+0000) Subject: Ensure EC keys with a private key but without a public key can be created X-Git-Tag: openssl-3.0.0-alpha12~175 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec7aef3356336012f77101f5c97e2e736e0c61ee;p=thirdparty%2Fopenssl.git Ensure EC keys with a private key but without a public key can be created In 1.1.1 and earlier it was possible to create EC_KEYs that did not have the public key in it. We need to ensure that this continues to work in 3.0. Fixes #12612 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13922) --- diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 8b020711fbe..fc49aad1b98 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -353,7 +353,7 @@ int common_import(void *keydata, int selection, const OSSL_PARAM params[], * following combinations: * - domain parameters (+optional other params) * - public key with associated domain parameters (+optional other params) - * - private key with associated public key and domain parameters + * - private key with associated domain parameters and optional public key * (+optional other params) * * This means: @@ -363,12 +363,8 @@ int common_import(void *keydata, int selection, const OSSL_PARAM params[], */ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0) return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - ok = ok && ec_group_fromdata(ec, params); + ok = ok && ec_group_fromdata(ec, params); /* * sm2_curve: import the keys or domparams only on SM2 Curve