commit adc4c29c56659fcb3899aea27c8e62eed3fa83b3
author Kenny Root <kroot@google.com> Thu Feb 06 13:29:13 2014 -0800
committer Alex Klyubin <klyubin@google.com> Thu Feb 06 13:30:46 2014 -0800
tree 45f6fdf3bc5420bbdd60a9104c2c10fcabc3cf00
parent 8629cea4bb842ac8e13caf1979a5463215be259f

OpenSSLECPrivateKey: no encoding for ENGINE-backed keys

ENGINE-backed keys can't be encoded, so check their status before trying
to return anything in getEncoded or getFormat.

Bug: 12877721
Change-Id: I067172b864202e4fb2043e76ad51fc56af356da1

crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java

diff --git a/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java b/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java
index a4b41db..4010ec5 100644
--- a/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java
+++ b/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java
@@ -78,11 +78,29 @@
 
     @Override
     public String getFormat() {
+        /*
+         * If we're using an OpenSSL ENGINE, there's no guarantee we can export
+         * the key. Returning {@code null} tells the caller that there's no
+         * encoded format.
+         */
+        if (key.isEngineBased()) {
+            return null;
+        }
+
         return "PKCS#8";
     }
 
     @Override
     public byte[] getEncoded() {
+        /*
+         * If we're using an OpenSSL ENGINE, there's no guarantee we can export
+         * the key. Returning {@code null} tells the caller that there's no
+         * encoded format.
+         */
+        if (key.isEngineBased()) {
+            return null;
+        }
+
         return NativeCrypto.i2d_PKCS8_PRIV_KEY_INFO(key.getPkeyContext());
     }