pkey/ec: avoid using EC#public_key= in EC#dh_compute_key

Similarly to DH#compute_key, work around it by constructing a SubjectPublicKeyInfo. This should be considered as a temporary implementation.
ruby · Dec 16, 2021 · fc9aabc · fc9aabc
1 parent 46ca470
commit fc9aabc
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/lib/openssl/pkey.rb b/lib/openssl/pkey.rb
@@ -259,9 +259,14 @@ def dsa_verify_asn1(data, sig)
     # This method is provided for backwards compatibility, and calls #derive
     # internally.
     def dh_compute_key(pubkey)
-      peer = OpenSSL::PKey::EC.new(group)
-      peer.public_key = pubkey
-      derive(peer)
+      obj = OpenSSL::ASN1.Sequence([
+        OpenSSL::ASN1.Sequence([
+          OpenSSL::ASN1.ObjectId("id-ecPublicKey"),
+          group.to_der,
+        ]),
+        OpenSSL::ASN1.BitString(pubkey.to_octet_string(:uncompressed)),
+      ])
+      derive(OpenSSL::PKey.read(obj.to_der))
     end
   end