Mercurial > dovecot > core-2.3
changeset 26372:d0c3492bce55
lib-dcrypt: Only use compressed points with dovecot internal formats
| author | Aki Tuomi <aki.tuomi@open-xchange.com> |
|---|---|
| date | Thu, 29 Aug 2019 17:09:55 +0300 |
| parents | 1d6ed0246396 |
| children | f962d5e2d1ce |
| files | src/lib-dcrypt/dcrypt-openssl.c src/lib-dcrypt/test-crypto.c |
| diffstat | 2 files changed, 27 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-dcrypt/dcrypt-openssl.c Thu Aug 29 16:54:27 2019 +0300 +++ b/src/lib-dcrypt/dcrypt-openssl.c Thu Aug 29 17:09:55 2019 +0300 @@ -695,8 +695,6 @@ EVP_PKEY_CTX_free(ctx); EC_KEY_set_asn1_flag(EVP_PKEY_get0_EC_KEY((*key)), OPENSSL_EC_NAMED_CURVE); - EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY((*key)), - POINT_CONVERSION_COMPRESSED); return TRUE; } @@ -786,7 +784,6 @@ EC_KEY_set_public_key(ec_key, pub) != 1) ec = -1; else - EC_KEY_set_conv_form(ec_key, POINT_CONVERSION_COMPRESSED); EC_POINT_free(pub); BN_CTX_free(bn_ctx); @@ -851,10 +848,10 @@ BN_CTX *bn_ctx = BN_CTX_new(); const EC_POINT *pub = EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(local)); const EC_GROUP *grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(local)); - size_t len = EC_POINT_point2oct(grp, pub, POINT_CONVERSION_COMPRESSED, + size_t len = EC_POINT_point2oct(grp, pub, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); unsigned char R_buf[len]; - EC_POINT_point2oct(grp, pub, POINT_CONVERSION_COMPRESSED, + EC_POINT_point2oct(grp, pub, POINT_CONVERSION_UNCOMPRESSED, R_buf, len, bn_ctx); BN_CTX_free(bn_ctx); buffer_append(R, R_buf, len); @@ -1108,7 +1105,6 @@ EC_KEY_free(eckey); return dcrypt_openssl_error(error_r); } - EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED); EC_KEY_set_private_key(eckey, point); EC_KEY_precompute_mult(eckey, bnctx); EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); @@ -1400,7 +1396,6 @@ BN_CTX_free(bnctx); return dcrypt_openssl_error(error_r); } - EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED); EC_KEY_set_private_key(eckey, point); EC_KEY_precompute_mult(eckey, bnctx); EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); @@ -1597,7 +1592,6 @@ EC_KEY_precompute_mult(ec_key, NULL); EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE); - EC_KEY_set_conv_form(ec_key, POINT_CONVERSION_COMPRESSED); /* return as EVP_PKEY */ EVP_PKEY *pkey = EVP_PKEY_new(); @@ -2268,6 +2262,8 @@ /* because otherwise we get wrong nid */ obj = OBJ_nid2obj(EC_GROUP_get_curve_name( EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)))); + EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey), + POINT_CONVERSION_COMPRESSED); } else { obj = OBJ_nid2obj(EVP_PKEY_id(pkey)); @@ -2360,6 +2356,9 @@ unsigned char *tmp = NULL; size_t dest_used = buffer_get_used_size(destination); + if (EVP_PKEY_base_id(pubkey) == EVP_PKEY_EC) + EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pubkey), + POINT_CONVERSION_COMPRESSED); int rv = i2d_PUBKEY(pubkey, &tmp); if (tmp == NULL) @@ -2430,8 +2429,8 @@ } if (EVP_PKEY_base_id(key) == EVP_PKEY_EC) { - EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(key), - POINT_CONVERSION_COMPRESSED); + EC_KEY_set_asn1_flag(EVP_PKEY_get0_EC_KEY(key), + OPENSSL_EC_NAMED_CURVE); } *key_r = i_new(struct dcrypt_private_key, 1); @@ -2495,7 +2494,6 @@ } EC_KEY *eckey = d2i_EC_PUBKEY_bio(b64, NULL); if (eckey != NULL) { - EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED); EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); key = EVP_PKEY_new(); if (key != NULL) @@ -2544,6 +2542,10 @@ return ret; } + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) + EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey), + POINT_CONVERSION_UNCOMPRESSED); + BIO *key_out = BIO_new(BIO_s_mem()); if (key_out == NULL) return dcrypt_openssl_error(error_r); @@ -2604,6 +2606,10 @@ return ret; } + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) + EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey), + POINT_CONVERSION_UNCOMPRESSED); + BIO *key_out = BIO_new(BIO_s_mem()); if (key_out == NULL) return dcrypt_openssl_error(error_r); @@ -3251,6 +3257,7 @@ } else if (EVP_PKEY_base_id(priv) == EVP_PKEY_EC) { /* store OID */ EC_KEY *key = EVP_PKEY_get0_EC_KEY(priv); + EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED); int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key)); ASN1_OBJECT *obj = OBJ_nid2obj(nid); int len = OBJ_length(obj); @@ -3304,6 +3311,7 @@ } else if (EVP_PKEY_base_id(pub) == EVP_PKEY_EC) { /* store OID */ EC_KEY *key = EVP_PKEY_get0_EC_KEY(pub); + EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED); int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key)); ASN1_OBJECT *obj = OBJ_nid2obj(nid); int len = OBJ_length(obj); @@ -3411,7 +3419,6 @@ return dcrypt_openssl_error(error_r); } EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE); - EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED); EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY_set1_EC_KEY(pkey, key); @@ -3490,7 +3497,6 @@ EC_KEY_precompute_mult(key, NULL); EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE); - EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED); EVP_PKEY *pkey = EVP_PKEY_new(); EVP_PKEY_set1_EC_KEY(pkey, key); EC_KEY_free(key);
--- a/src/lib-dcrypt/test-crypto.c Thu Aug 29 16:54:27 2019 +0300 +++ b/src/lib-dcrypt/test-crypto.c Thu Aug 29 17:09:55 2019 +0300 @@ -453,11 +453,12 @@ { const char *keys[] = { "-----BEGIN PRIVATE KEY-----\n" - "MGcCAQAwEwYHKoZIzj0CAQYIKoZIzj0D" - "AQcETTBLAgEBBCC25AkD65uhlZXCAdwN\n" - "yLJV2ui8A/CUyqyEMrezvwgMO6EkAyIA" - "AybRUR3MsH0+0PQcDwkrXOJ9aePwzTQV\n" - "DN51+n1JCxbI\n" + "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgtu" + "QJA+uboZWVwgHc\n" + "DciyVdrovAPwlMqshDK3s78IDDuhRANCAAQm0VEdzLB9PtD0HA" + "8JK1zifWnj8M00\n" + "FQzedfp9SQsWyA8dzs5/NFR5MTe6Xbh/ndKEs1zZH3vZ4FlNri" + "lZc0st\n" "-----END PRIVATE KEY-----\n", "2:1.2.840.10045.3.1.7:0:0000002100b6e40903eb9ba195" "95c201dc0dc8b255dae8bc03f094caac8432b7b3bf080c3b:a" @@ -1155,10 +1156,9 @@ /* Acquired using another tool */ const char *pem_key = "-----BEGIN PUBLIC KEY-----\n" - "MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgACKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n" - "yLG69yOisek4aMI=\n" + "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKp0Y4+Wpt+D9t/2XenFIj0LmvaZB\n" + "yLG69yOisek4aMLCMQ8HkGEflJE/DVwI3mCtassKmGtbX18IVHyntz07mg==\n" "-----END PUBLIC KEY-----"; - test_begin("test_jwk_keys"); struct dcrypt_keypair pair; buffer_t *pem = t_buffer_create(256);