From 6fac3515d08fa0a3b4d85fd2a309c158f5adb9ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 19 Mar 2014 16:39:52 +0100
Subject: [PATCH] Make support for SpecifiedECDomain optional

---
 include/polarssl/config.h | 14 ++++++++++++++
 library/pkparse.c         | 13 +++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index c070df2ac..decfc73ae 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -587,6 +587,20 @@
  */
 #define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
+/**
+ * \def POLARSSL_PK_PARSE_EC_EXTENDED
+ *
+ * Enhance support for reading EC keys using variants of SEC1 not allowed by
+ * RFC 5915 and RFC 5480.
+ *
+ * Currently this means parsing the SpecifiedECDomain choice of EC
+ * parameters (only known groups are supported, not arbitrary domains, to
+ * avoid validation issues).
+ *
+ * Disable if you only need to support RFC 5915 + 5480 key formats.
+ */
+#define POLARSSL_PK_PARSE_EC_EXTENDED
+
 /**
  * \def POLARSSL_ERROR_STRERROR_BC
  *
diff --git a/library/pkparse.c b/library/pkparse.c
index aed50d1b1..4e9e4001d 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -163,8 +163,11 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 
     /* Tag may be either OID or SEQUENCE */
     params->tag = **p;
-    if( params->tag != ASN1_OID &&
-        params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
+    if( params->tag != ASN1_OID
+#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
+            && params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE )
+#endif
+            )
     {
         return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
                 POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
@@ -185,6 +188,7 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
     return( 0 );
 }
 
+#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
 /*
  * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
  * WARNING: the resulting group should only be used with
@@ -411,6 +415,7 @@ cleanup:
 
     return( ret );
 }
+#endif /* POLARSSL_PK_PARSE_EC_EXTENDED */
 
 /*
  * Use EC parameters to initialise an EC group
@@ -432,8 +437,12 @@ static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp )
     }
     else
     {
+#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
         if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
             return( ret );
+#else
+        return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
+#endif
     }
 
     /*