From: Nicola Tuveri <nic.tuv@gmail.com>
Date: Fri, 1 Nov 2019 20:38:21 +0000 (+0200)
Subject: Fix EC_POINT_bn2point() for BN_zero()
X-Git-Tag: OpenSSL_1_1_1e~146
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6f6adf1d7bf44abfae96a52c791a69cf694fd7f8;p=oweals%2Fopenssl.git

Fix EC_POINT_bn2point() for BN_zero()

EC_POINT_bn2point() rejected BIGNUMs with a zero value.

This behavior indirectly caused failures when converting a point
at infinity through EC_POINT_point2hex() and then back to a point with
EC_POINT_hex2point().

With this change such BIGNUMs are treated like any other and exported to
an octet buffer filled with zero.
It is then EC_POINT_oct2point() (either the default implementation or
the custom one in group->meth->oct2point) to determine if such encoding
maps to a valid point (generally the point at infinity is encoded as
0x00).

Fixes #10258

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10329)

(cherry picked from commit d47c10875656790d146f62ac3c437db54c58dbf7)
---

diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
index f2525cbaa6..660fc400fb 100644
--- a/crypto/ec/ec_print.c
+++ b/crypto/ec/ec_print.c
@@ -39,13 +39,13 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
     EC_POINT *ret;
 
     if ((buf_len = BN_num_bytes(bn)) == 0)
-        return NULL;
+        buf_len = 1;
     if ((buf = OPENSSL_malloc(buf_len)) == NULL) {
         ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
-    if (!BN_bn2bin(bn, buf)) {
+    if (!BN_bn2binpad(bn, buf, buf_len)) {
         OPENSSL_free(buf);
         return NULL;
     }