From: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Date: Fri, 29 Oct 2021 09:05:30 +0000 (+0200)
Subject: OpenSSL: Clear the correct flag in crypto_ec_key_get_ecprivate_key()
X-Git-Tag: hostap_2_10~82
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4aed5668b4b158ecd9660241681125a754dd3cb9;p=thirdparty%2Fhostap.git

OpenSSL: Clear the correct flag in crypto_ec_key_get_ecprivate_key()

In case the public key was not included in the EC private key ASN.1
sequence, the flag that was cleared was not the right one. Fix this by
using EC_KEY_set_enc_flags() for both setting and clearing the
EC_PKEY_NO_PUBKEY flag instead of trying to clear that with the
unrelated EC_KEY_clear_flags() function.

Fixes: 2d5772e691f6 ("DPP: Factorize conversion to ASN.1 ECPrivateKey")
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
---

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 96ce493e3..c198748de 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -2501,15 +2501,18 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key,
 	unsigned char *der = NULL;
 	int der_len;
 	struct wpabuf *buf;
+	unsigned int key_flags;
 
 	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
 	if (!eckey)
 		return NULL;
 
+	key_flags = EC_KEY_get_enc_flags(eckey);
 	if (include_pub)
-		EC_KEY_clear_flags(eckey, EC_PKEY_NO_PUBKEY);
+		key_flags &= ~EC_PKEY_NO_PUBKEY;
 	else
-		EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
+		key_flags |= EC_PKEY_NO_PUBKEY;
+	EC_KEY_set_enc_flags(eckey, key_flags);
 
 	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);