OSDN -- オープンソース・ソフトウェアの開発とダウンロード
日本語の翻訳状況 translation status for ja
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

コミット

タグ
未設定

よく使われているワード(クリックで追加)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

TLS/SSL and crypto library


コミットメタ情報

リビジョン4e545c6a256fb1ab08cc5a3aabb00963dac3191b (tree)
日時2019-10-15 21:28:36
作者Nicola Tuveri <nic.tuv@gmai...>
コミッターNicola Tuveri

ログメッセージ

[ec_asn1.c] Avoid injecting seed when built-in matches

An unintended consequence of https://github.com/openssl/openssl/pull/9808
is that when an explicit parameters curve is matched against one of the
well-known builtin curves we automatically inherit also the associated
seed parameter, even if the input parameters excluded such parameter.

This later affects the serialization of such parsed keys, causing their
input DER encoding and output DER encoding to differ due to the
additional optional field.

This does not cause problems internally but could affect external
applications, as reported in
https://github.com/openssl/openssl/pull/9811#issuecomment-536153288

This commit fixes the issue by conditionally clearing the seed field if
the original input parameters did not include it.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10141)

変更サマリ

差分

--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -973,6 +973,20 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
973973 * 0x0 = OPENSSL_EC_EXPLICIT_CURVE
974974 */
975975 EC_GROUP_set_asn1_flag(ret, 0x0);
976+
977+ /*
978+ * If the input params do not contain the optional seed field we make
979+ * sure it is not added to the returned group.
980+ *
981+ * The seed field is not really used inside libcrypto anyway, and
982+ * adding it to parsed explicit parameter keys would alter their DER
983+ * encoding output (because of the extra field) which could impact
984+ * applications fingerprinting keys by their DER encoding.
985+ */
986+ if (params->curve->seed == NULL) {
987+ if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
988+ goto err;
989+ }
976990 }
977991
978992 ok = 1;