[openssl/openssl] 999509: Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT a...
Nicola Tuveri
noreply at github.com
Thu Dec 22 09:16:01 UTC 2022
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: 999509c235a59f0f65bc52522235db4c65297775
https://github.com/openssl/openssl/commit/999509c235a59f0f65bc52522235db4c65297775
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M CHANGES.md
M crypto/ec/ec_ameth.c
M doc/man7/EVP_PKEY-EC.pod
M providers/implementations/keymgmt/ec_kmgmt.c
M test/evp_pkey_provided_test.c
Log Message:
-----------
Honor OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT as set and default to UNCOMPRESSED
Originally the code to im/export the EC pubkey was meant to be consumed
only by the im/export functions when crossing the provider boundary.
Having our providers exporting to a COMPRESSED format octet string made
sense to avoid memory waste, as it wasn't exposed outside the provider
API, and providers had all tools available to convert across the three
formats.
Later on, with #13139 deprecating the `EC_KEY_*` functions, more state
was added among the params imported/exported on an EC provider-native
key (including `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`, although it
did not affect the format used to export `OSSL_PKEY_PARAM_PUB_KEY`).
Finally, in #14800, `EVP_PKEY_todata()` was introduced and prominently
exposed directly to users outside the provider API, and the choice of
COMPRESSED over UNCOMPRESSED as the default became less sensible in
light of usability, given the latter is more often needed by
applications and protocols.
This commit fixes it, by using `EC_KEY_get_conv_form()` to get the
point format from the internal state (an `EC_KEY` under the hood) of the
provider-side object, and using it on
`EVP_PKEY_export()`/`EVP_PKEY_todata()` to format
`OSSL_PKEY_PARAM_PUB_KEY`.
The default for an `EC_KEY` was already UNCOMPRESSED, and it is altered
if the user sets `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` via
`EVP_PKEY_fromdata()`, `EVP_PKEY_set_params()`, or one of the
more specialized methods.
For symmetry, this commit also alters `ec_pkey_export_to()` in
`crypto/ec/ec_ameth.c`, part of the `EVP_PKEY_ASN1_METHOD` for legacy EC
keys: it exclusively used COMPRESSED format, and now it honors the
conversion format specified in the EC_KEY object being exported to a
provider when this function is called.
Expand documentation about `OSSL_PKEY_PARAM_PUB_KEY` and mention the
change in behavior for our providers.
Fixes #16595
(cherry picked from commit 926db476bc669fdcc4c4d2f1cb547060bdbfa153)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19901)
Commit: 36d6ebad8f6fc599823071f154844cbeb18cf578
https://github.com/openssl/openssl/commit/36d6ebad8f6fc599823071f154844cbeb18cf578
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date: 2022-12-22 (Thu, 22 Dec 2022)
Changed paths:
M pyca-cryptography
Log Message:
-----------
Update pyca-cryptography submodule to 38.0.4
(cherry picked from commit d656efb9eb7692c0b1cba843d7787751e388cc8a)
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19901)
Compare: https://github.com/openssl/openssl/compare/6651044b4d8a...36d6ebad8f6f
More information about the openssl-commits
mailing list