| Message ID | 20240404181630.2431991-7-juliusz@wolfssl.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [01/24] wolfssl: simplify tls_get_cipher | expand |
On Thu, Apr 04, 2024 at 08:16:13PM +0200, Juliusz Sosinowicz wrote:
> OpenSSL <3.0 uses ECC keys in the uncompressed format. We should keep it that way for compatibility. The wolfSSL backend also uses the uncompressed format.
I don't really want to change behavior with OpenSSL for this without
significant amount of additional testing (which I'm unlikely to find
time for any time soon) since this area has been quite a mess in the
past especially with the DPP requirements of various constructions there
using either compressed or uncompressed format. In practice, if this
were ever to be done as a generic change, there would need to be
explicit format conversion routines in all places where a protocol
definition mandates a specific format to be used. Testing this would
likely need explicit checks of the correct format being used as well
since otherwise it would be way too easy to break something subtle that
might seem to work with some crypto libraries but would not be compliant
with the protocol definition.
I understand that this is a potentially breaking change but I don't see this change (uncompressed -> compressed) noted anywhere. If this would be a breaking change then the OpenSSL 3 implementation would clash with existing OpenSSL <3 deployments. Does the DPP work you mention only target the OpenSSL 3 implementation? Do you know of protocols that explicitly mandate one format or the other? On 02/02/2025 19:50, Jouni Malinen wrote: > On Thu, Apr 04, 2024 at 08:16:13PM +0200, Juliusz Sosinowicz wrote: >> OpenSSL <3.0 uses ECC keys in the uncompressed format. We should keep it that way for compatibility. The wolfSSL backend also uses the uncompressed format. > I don't really want to change behavior with OpenSSL for this without > significant amount of additional testing (which I'm unlikely to find > time for any time soon) since this area has been quite a mess in the > past especially with the DPP requirements of various constructions there > using either compressed or uncompressed format. In practice, if this > were ever to be done as a generic change, there would need to be > explicit format conversion routines in all places where a protocol > definition mandates a specific format to be used. Testing this would > likely need explicit checks of the correct format being used as well > since otherwise it would be way too easy to break something subtle that > might seem to work with some crypto libraries but would not be compliant > with the protocol definition. >
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index 2d8ff60aa9..e83a40b57c 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -3676,6 +3676,8 @@ struct wpabuf * crypto_ec_key_get_ecprivate_key(struct crypto_ec_key *key, 0); pkey = copy; } + EVP_PKEY_set_utf8_string_param(pkey, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, "uncompressed"); ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "DER", "type-specific", NULL);
OpenSSL <3.0 uses ECC keys in the uncompressed format. We should keep it that way for compatibility. The wolfSSL backend also uses the uncompressed format. Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> --- src/crypto/crypto_openssl.c | 2 ++ 1 file changed, 2 insertions(+)