1 files changed, 40 insertions, 14 deletions
diff --git a/src/es256.c b/src/es256.c
index c8fd9f4..020ecaa 100644
--- a/src/es256.c
+++ b/src/es256.c
@@ -176,10 +176,15 @@ es256_pk_free(es256_pk_t **pkp)
 int
 es256_pk_from_ptr(es256_pk_t *pk, const void *ptr, size_t len)
 {
+        const uint8_t *p = ptr;
        if (len < sizeof(*pk))
                return (FIDO_ERR_INVALID_ARGUMENT);
-        memcpy(pk, ptr, sizeof(*pk));
+        if (len == sizeof(*pk) + 1 && *p == 0x04)
+                memcpy(pk, ++p, sizeof(*pk)); /* uncompressed format */
+        else
+                memcpy(pk, ptr, sizeof(*pk)); /* libfido2 x||y format */
        return (FIDO_OK);
 }
@@ -262,8 +267,12 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k)
        const int        nid = NID_X9_62_prime256v1;
        int              ok = -1;
-        if ((bnctx = BN_CTX_new()) == NULL ||
+        if ((bnctx = BN_CTX_new()) == NULL)
-            (x = BN_CTX_get(bnctx)) == NULL ||
+                goto fail;
+        BN_CTX_start(bnctx);
+        if ((x = BN_CTX_get(bnctx)) == NULL ||
            (y = BN_CTX_get(bnctx)) == NULL)
                goto fail;
@@ -296,12 +305,16 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k)
        ok = 0;
 fail:
-        if (bnctx != NULL)
+        if (bnctx != NULL) {
+                BN_CTX_end(bnctx);
                BN_CTX_free(bnctx);
+        }
        if (ec != NULL)
                EC_KEY_free(ec);
        if (q != NULL)
                EC_POINT_free(q);
        if (ok < 0 && pkey != NULL) {
                EVP_PKEY_free(pkey);
                pkey = NULL;
@@ -313,7 +326,7 @@ fail:
 int
 es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec)
 {
-        BN_CTX          *ctx = NULL;
+        BN_CTX          *bnctx = NULL;
        BIGNUM          *x = NULL;
        BIGNUM          *y = NULL;
        const EC_POINT  *q = NULL;
@@ -322,15 +335,17 @@ es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec)
        int              n;
        if ((q = EC_KEY_get0_public_key(ec)) == NULL ||
-            (g = EC_KEY_get0_group(ec)) == NULL)
+            (g = EC_KEY_get0_group(ec)) == NULL ||
+            (bnctx = BN_CTX_new()) == NULL)
                goto fail;
-        if ((ctx = BN_CTX_new()) == NULL ||
+        BN_CTX_start(bnctx);
-            (x = BN_CTX_get(ctx)) == NULL ||
-            (y = BN_CTX_get(ctx)) == NULL)
+        if ((x = BN_CTX_get(bnctx)) == NULL ||
+            (y = BN_CTX_get(bnctx)) == NULL)
                goto fail;
-        if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, ctx) == 0 ||
+        if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
            (n = BN_num_bytes(x)) < 0 || (size_t)n > sizeof(pk->x) ||
            (n = BN_num_bytes(y)) < 0 || (size_t)n > sizeof(pk->y)) {
                fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",
@@ -346,8 +361,10 @@ es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec)
        ok = FIDO_OK;
 fail:
-        if (ctx != NULL)
+        if (bnctx != NULL) {
-                BN_CTX_free(ctx);
+                BN_CTX_end(bnctx);
+                BN_CTX_free(bnctx);
+        }
        return (ok);
 }
@@ -362,7 +379,12 @@ es256_sk_to_EVP_PKEY(const es256_sk_t *k)
        const int        nid = NID_X9_62_prime256v1;
        int              ok = -1;
-        if ((bnctx = BN_CTX_new()) == NULL || (d = BN_CTX_get(bnctx)) == NULL ||
+        if ((bnctx = BN_CTX_new()) == NULL)
+                goto fail;
+        BN_CTX_start(bnctx);
+        if ((d = BN_CTX_get(bnctx)) == NULL ||
            BN_bin2bn(k->d, sizeof(k->d), d) == NULL) {
                fido_log_debug("%s: BN_bin2bn", __func__);
                goto fail;
@@ -384,10 +406,14 @@ es256_sk_to_EVP_PKEY(const es256_sk_t *k)
        ok = 0;
 fail:
-        if (bnctx != NULL)
+        if (bnctx != NULL) {
+                BN_CTX_end(bnctx);
                BN_CTX_free(bnctx);
+        }
        if (ec != NULL)
                EC_KEY_free(ec);
        if (ok < 0 && pkey != NULL) {
                EVP_PKEY_free(pkey);
                pkey = NULL;

diff --git a/src/es256.c b/src/es256.c index c8fd9f4..020ecaa 100644 --- a/src/es256.c +++ b/src/es256.c
@@ -176,10 +176,15 @@ es256_pk_free(es256_pk_t **pkp)
176	int	176	int
177	es256_pk_from_ptr(es256_pk_t pk, const void ptr, size_t len)	177	es256_pk_from_ptr(es256_pk_t pk, const void ptr, size_t len)
178	{	178	{
		179	const uint8_t *p = ptr;
		180
179	if (len < sizeof(*pk))	181	if (len < sizeof(*pk))
180	return (FIDO_ERR_INVALID_ARGUMENT);	182	return (FIDO_ERR_INVALID_ARGUMENT);
181		183
182	memcpy(pk, ptr, sizeof(*pk));	184	if (len == sizeof(pk) + 1 && p == 0x04)
		185	memcpy(pk, ++p, sizeof(pk)); / uncompressed format */
		186	else
		187	memcpy(pk, ptr, sizeof(pk)); / libfido2 x\|\|y format */
183		188
184	return (FIDO_OK);	189	return (FIDO_OK);
185	}	190	}
@@ -262,8 +267,12 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k)
262	const int nid = NID_X9_62_prime256v1;	267	const int nid = NID_X9_62_prime256v1;
263	int ok = -1;	268	int ok = -1;
264		269
265	if ((bnctx = BN_CTX_new()) == NULL \|\|	270	if ((bnctx = BN_CTX_new()) == NULL)
266	(x = BN_CTX_get(bnctx)) == NULL \|\|	271	goto fail;
		272
		273	BN_CTX_start(bnctx);
		274
		275	if ((x = BN_CTX_get(bnctx)) == NULL \|\|
267	(y = BN_CTX_get(bnctx)) == NULL)	276	(y = BN_CTX_get(bnctx)) == NULL)
268	goto fail;	277	goto fail;
269		278
@@ -296,12 +305,16 @@ es256_pk_to_EVP_PKEY(const es256_pk_t *k)
296		305
297	ok = 0;	306	ok = 0;
298	fail:	307	fail:
299	if (bnctx != NULL)	308	if (bnctx != NULL) {
		309	BN_CTX_end(bnctx);
300	BN_CTX_free(bnctx);	310	BN_CTX_free(bnctx);
		311	}
		312
301	if (ec != NULL)	313	if (ec != NULL)
302	EC_KEY_free(ec);	314	EC_KEY_free(ec);
303	if (q != NULL)	315	if (q != NULL)
304	EC_POINT_free(q);	316	EC_POINT_free(q);
		317
305	if (ok < 0 && pkey != NULL) {	318	if (ok < 0 && pkey != NULL) {
306	EVP_PKEY_free(pkey);	319	EVP_PKEY_free(pkey);
307	pkey = NULL;	320	pkey = NULL;
@@ -313,7 +326,7 @@ fail:
313	int	326	int
314	es256_pk_from_EC_KEY(es256_pk_t pk, const EC_KEY ec)	327	es256_pk_from_EC_KEY(es256_pk_t pk, const EC_KEY ec)
315	{	328	{
316	BN_CTX *ctx = NULL;	329	BN_CTX *bnctx = NULL;
317	BIGNUM *x = NULL;	330	BIGNUM *x = NULL;
318	BIGNUM *y = NULL;	331	BIGNUM *y = NULL;
319	const EC_POINT *q = NULL;	332	const EC_POINT *q = NULL;
@@ -322,15 +335,17 @@ es256_pk_from_EC_KEY(es256_pk_t pk, const EC_KEY ec)
322	int n;	335	int n;
323		336
324	if ((q = EC_KEY_get0_public_key(ec)) == NULL \|\|	337	if ((q = EC_KEY_get0_public_key(ec)) == NULL \|\|
325	(g = EC_KEY_get0_group(ec)) == NULL)	338	(g = EC_KEY_get0_group(ec)) == NULL \|\|
		339	(bnctx = BN_CTX_new()) == NULL)
326	goto fail;	340	goto fail;
327		341
328	if ((ctx = BN_CTX_new()) == NULL \|\|	342	BN_CTX_start(bnctx);
329	(x = BN_CTX_get(ctx)) == NULL \|\|	343
330	(y = BN_CTX_get(ctx)) == NULL)	344	if ((x = BN_CTX_get(bnctx)) == NULL \|\|
		345	(y = BN_CTX_get(bnctx)) == NULL)
331	goto fail;	346	goto fail;
332		347
333	if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, ctx) == 0 \|\|	348	if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 \|\|
334	(n = BN_num_bytes(x)) < 0 \|\| (size_t)n > sizeof(pk->x) \|\|	349	(n = BN_num_bytes(x)) < 0 \|\| (size_t)n > sizeof(pk->x) \|\|
335	(n = BN_num_bytes(y)) < 0 \|\| (size_t)n > sizeof(pk->y)) {	350	(n = BN_num_bytes(y)) < 0 \|\| (size_t)n > sizeof(pk->y)) {
336	fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",	351	fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",
@@ -346,8 +361,10 @@ es256_pk_from_EC_KEY(es256_pk_t pk, const EC_KEY ec)
346		361
347	ok = FIDO_OK;	362	ok = FIDO_OK;
348	fail:	363	fail:
349	if (ctx != NULL)	364	if (bnctx != NULL) {
350	BN_CTX_free(ctx);	365	BN_CTX_end(bnctx);
		366	BN_CTX_free(bnctx);
		367	}
351		368
352	return (ok);	369	return (ok);
353	}	370	}
@@ -362,7 +379,12 @@ es256_sk_to_EVP_PKEY(const es256_sk_t *k)
362	const int nid = NID_X9_62_prime256v1;	379	const int nid = NID_X9_62_prime256v1;
363	int ok = -1;	380	int ok = -1;
364		381
365	if ((bnctx = BN_CTX_new()) == NULL \|\| (d = BN_CTX_get(bnctx)) == NULL \|\|	382	if ((bnctx = BN_CTX_new()) == NULL)
		383	goto fail;
		384
		385	BN_CTX_start(bnctx);
		386
		387	if ((d = BN_CTX_get(bnctx)) == NULL \|\|
366	BN_bin2bn(k->d, sizeof(k->d), d) == NULL) {	388	BN_bin2bn(k->d, sizeof(k->d), d) == NULL) {
367	fido_log_debug("%s: BN_bin2bn", __func__);	389	fido_log_debug("%s: BN_bin2bn", __func__);
368	goto fail;	390	goto fail;
@@ -384,10 +406,14 @@ es256_sk_to_EVP_PKEY(const es256_sk_t *k)
384		406
385	ok = 0;	407	ok = 0;
386	fail:	408	fail:
387	if (bnctx != NULL)	409	if (bnctx != NULL) {
		410	BN_CTX_end(bnctx);
388	BN_CTX_free(bnctx);	411	BN_CTX_free(bnctx);
		412	}
		413
389	if (ec != NULL)	414	if (ec != NULL)
390	EC_KEY_free(ec);	415	EC_KEY_free(ec);
		416
391	if (ok < 0 && pkey != NULL) {	417	if (ok < 0 && pkey != NULL) {
392	EVP_PKEY_free(pkey);	418	EVP_PKEY_free(pkey);
393	pkey = NULL;	419	pkey = NULL;