OpenSSLECPrivateKey: no encoding for ENGINE-backed keys
ENGINE-backed keys can't be encoded, so check their status before trying
to return anything in getEncoded or getFormat.
Bug: 12877721
Change-Id: I067172b864202e4fb2043e76ad51fc56af356da1
diff --git a/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java b/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java
index a4b41db..4010ec5 100644
--- a/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java
+++ b/crypto/src/main/java/org/conscrypt/OpenSSLECPrivateKey.java
@@ -78,11 +78,29 @@
@Override
public String getFormat() {
+ /*
+ * If we're using an OpenSSL ENGINE, there's no guarantee we can export
+ * the key. Returning {@code null} tells the caller that there's no
+ * encoded format.
+ */
+ if (key.isEngineBased()) {
+ return null;
+ }
+
return "PKCS#8";
}
@Override
public byte[] getEncoded() {
+ /*
+ * If we're using an OpenSSL ENGINE, there's no guarantee we can export
+ * the key. Returning {@code null} tells the caller that there's no
+ * encoded format.
+ */
+ if (key.isEngineBased()) {
+ return null;
+ }
+
return NativeCrypto.i2d_PKCS8_PRIV_KEY_INFO(key.getPkeyContext());
}