CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/10/31 08:58:22
Modified files:
lib/libcrypto/ec: ec_asn1.c
Log message:
Rewrite i2o_ECPublicKey()
Turn the function into single exit and use ec_point_to_octets() to avoid
the point2oct dance. Ensure that the buf_len size_t doesn't get truncated
by the int return.
While we could avoid an allocation in case out == NULL, we don't do so.
In case out != NULL and *out != NULL this API assumes *out has sufficient
room, copies the result into it and advances *out past it. This is just
asking for trouble (of course, i2d has the same misfeature). Don't use
this if you can help it.
Unfortunately, OpenSSH couldn't help it in at least one spot (that one's
on BoringSSL's allocator not returning an allocated pointer that you can
pass to free). We had to do it lest people run RedHat patches of dubious
quality. For: FIPS the monkey must be pleased at all cost.
ok jsing
