[openssl.org #3065] [PATCH] ec_private_key_dont_crash
Both suggested patches have been applied (with small modifications) to all branches above and including 1.0.0. See commits 0388ac4c99e801462dafef3f2dab3f255ec33c96 and f063e30fe9f316067950bdf0397b51cf87d4b6a6 Thanks! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #3065] [PATCH] ec_private_key_dont_crash
This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -BEGIN EC PRIVATE KEY- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -END EC PRIVATE KEY- 0009-ec_private_key_dont_crash.patch Description: Binary data
Re: [openssl.org #3065] [PATCH] ec_private_key_dont_crash
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote: This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -BEGIN EC PRIVATE KEY- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -END EC PRIVATE KEY- Interesting...I'm not sure though that fixing some of the functions in the ec library to handle missing public keys is the correct approach. I believe that the ec library extensively assumes that a public key is mandatory, whilst a private key is optional. Really I think the underlying problem is that the EC_KEY is not being constructed properly in the first place. I propose an alternative fix. If the public key is missing then it should be derived. Here is my patch. Matt ec-privkey-fix.patch Description: Binary data
Re: [openssl.org #3065] [PATCH] ec_private_key_dont_crash
On 4 June 2013 13:49, Adam Langley via RT r...@openssl.org wrote: This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -BEGIN EC PRIVATE KEY- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -END EC PRIVATE KEY- Interesting...I'm not sure though that fixing some of the functions in the ec library to handle missing public keys is the correct approach. I believe that the ec library extensively assumes that a public key is mandatory, whilst a private key is optional. Really I think the underlying problem is that the EC_KEY is not being constructed properly in the first place. I propose an alternative fix. If the public key is missing then it should be derived. Here is my patch. Matt ec-privkey-fix.patch Description: Binary data
