From 4aed5668b4b158ecd9660241681125a754dd3cb9 Mon Sep 17 00:00:00 2001 From: Cedric Izoard Date: Fri, 29 Oct 2021 11:05:30 +0200 Subject: [PATCH] OpenSSL: Clear the correct flag in crypto_ec_key_get_ecprivate_key() In case the public key was not included in the EC private key ASN.1 sequence, the flag that was cleared was not the right one. Fix this by using EC_KEY_set_enc_flags() for both setting and clearing the EC_PKEY_NO_PUBKEY flag instead of trying to clear that with the unrelated EC_KEY_clear_flags() function. Fixes: 2d5772e691f6 ("DPP: Factorize conversion to ASN.1 ECPrivateKey") Signed-off-by: Cedric Izoard --- src/crypto/crypto_openssl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 96ce493e3..c198748de 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -2501,15 +2501,18 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key, unsigned char *der = NULL; int der_len; struct wpabuf *buf; + unsigned int key_flags; eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key); if (!eckey) return NULL; + key_flags = EC_KEY_get_enc_flags(eckey); if (include_pub) - EC_KEY_clear_flags(eckey, EC_PKEY_NO_PUBKEY); + key_flags &= ~EC_PKEY_NO_PUBKEY; else - EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY); + key_flags |= EC_PKEY_NO_PUBKEY; + EC_KEY_set_enc_flags(eckey, key_flags); EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);