Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle compressed EC point from OpenSSL < 3.0.8 #349

Merged
merged 1 commit into from
Feb 26, 2024
Merged

Handle compressed EC point from OpenSSL < 3.0.8 #349

merged 1 commit into from
Feb 26, 2024

Conversation

space88man
Copy link
Contributor

@space88man space88man commented Feb 22, 2024
edited
Loading

  • we use uncompressed format so detect if the exporting provider has used compressed format
    (this is not specified and a provider is allowed to use any format)
  • cannot rely on OSSL_PARAM point-format as, e.g., OpenSSL < 3.0.8 unconditionally uses compressed format which does not necessarily match the param
  • use the heuristic p->data starts-with '\x02' or '\x03' (02 with P-256, P-384, 03 with P-521)

References:

Addresses #348

simo5
simo5 requested changes Feb 22, 2024
View reviewed changes
Copy link
Member

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty good, just minor tweaks needed.

src/objects.c Outdated Show resolved Hide resolved
src/objects.c Outdated Show resolved Hide resolved
src/objects.c Outdated Show resolved Hide resolved
@space88man space88man force-pushed the openssl307 branch 2 times, most recently from 2a86af3 to f1ed513 Compare February 22, 2024 23:53
@space88man space88man changed the title RFC: Workaround compressed EC points from OpenSSL 3.0.7 Workaround for compressed EC points from OpenSSL <= 3.0.7 Feb 22, 2024
@space88man space88man requested a review from simo5 February 22, 2024 23:55
@space88man space88man mentioned this pull request Feb 22, 2024
Closed
@space88man space88man force-pushed the openssl307 branch 3 times, most recently from 4abecd8 to 0e6be22 Compare February 23, 2024 02:51
@space88man space88man changed the title Workaround for compressed EC points from OpenSSL <= 3.0.7 Handle compressed EC point from OpenSSL < 3.0.8 Feb 23, 2024
@space88man
Detect compressed EC points and convert to uncompressed
5b03a56 
openssl/openssl#16595

Providers may export EC points in compressed format, e.g.,
OpenSSL < 3.0.8, and this format may not actually match
the OSSL_PARAM "point-format". Use heuristics to
detect compressed points and convert to uncompressed.

Addresses latchset#348

Signed-off-by: S-P Chan <[email protected]>
@simo5
Copy link
Member

simo5 commented Feb 26, 2024

Thanks for this one too, exactly how I liked it to be built.
Merging.

@simo5 simo5 merged commit 3bb9a96 into latchset:main Feb 26, 2024
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simo5 simo5 simo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@space88man @simo5