diff options
| author | tb <> | 2021-09-12 16:23:19 +0000 |
|---|---|---|
| committer | tb <> | 2021-09-12 16:23:19 +0000 |
| commit | 0a4d30f7edc0f2ea45a8c403587f0e7ad064547c (patch) | |
| tree | b56ccede67272adac043d4d9b35f1e73cfed19db | |
| parent | d71c4e2e3796f1094105cb2e98f9a746cba12af4 (diff) | |
| download | openbsd-0a4d30f7edc0f2ea45a8c403587f0e7ad064547c.tar.gz openbsd-0a4d30f7edc0f2ea45a8c403587f0e7ad064547c.tar.bz2 openbsd-0a4d30f7edc0f2ea45a8c403587f0e7ad064547c.zip | |
Default to using named curve parameter encoding
The pre-OpenSSL 1.1.0 default was to use explicit curve parameter
encoding. Most applications want to use named curve parameter encoding
and have to opt into this explicitly.
Stephen Henson changed this default in OpenSSL commit 86f300d3 6 years
ago and provided a new OPENSSL_EC_EXPLICIT_CURVE define to opt back into
the old default. According to Debian's codesearch, no application
currently does this, which indicates that we currently have a bad default.
In the future it is more likely that applications expect the new
default, so we follow OpenSSL to avoid problems.
Prompted by schwarze who noted that OPENSSL_EC_EXPLICIT_CURVE is missing.
ok beck inoguchi jsing
| -rw-r--r-- | src/lib/libcrypto/ec/ec.h | 5 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_lib.c | 4 |
2 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h index fc70a1eba9..d8ff42c0c9 100644 --- a/src/lib/libcrypto/ec/ec.h +++ b/src/lib/libcrypto/ec/ec.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec.h,v 1.26 2021/09/10 14:35:36 tb Exp $ */ | 1 | /* $OpenBSD: ec.h,v 1.27 2021/09/12 16:23:19 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | 3 | * Originally written by Bodo Moeller for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -708,7 +708,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, | |||
| 708 | unsigned int *k2, unsigned int *k3); | 708 | unsigned int *k2, unsigned int *k3); |
| 709 | #endif | 709 | #endif |
| 710 | 710 | ||
| 711 | #define OPENSSL_EC_NAMED_CURVE 0x001 | 711 | #define OPENSSL_EC_EXPLICIT_CURVE 0x000 |
| 712 | #define OPENSSL_EC_NAMED_CURVE 0x001 | ||
| 712 | 713 | ||
| 713 | typedef struct ecpk_parameters_st ECPKPARAMETERS; | 714 | typedef struct ecpk_parameters_st ECPKPARAMETERS; |
| 714 | 715 | ||
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index 994fd2d4c1..7cc69f8154 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_lib.c,v 1.40 2021/09/08 17:29:21 tb Exp $ */ | 1 | /* $OpenBSD: ec_lib.c,v 1.41 2021/09/12 16:23:19 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Originally written by Bodo Moeller for the OpenSSL project. | 3 | * Originally written by Bodo Moeller for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -100,7 +100,7 @@ EC_GROUP_new(const EC_METHOD * meth) | |||
| 100 | BN_init(&ret->cofactor); | 100 | BN_init(&ret->cofactor); |
| 101 | 101 | ||
| 102 | ret->curve_name = 0; | 102 | ret->curve_name = 0; |
| 103 | ret->asn1_flag = 0; | 103 | ret->asn1_flag = OPENSSL_EC_NAMED_CURVE; |
| 104 | ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; | 104 | ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; |
| 105 | 105 | ||
| 106 | ret->seed = NULL; | 106 | ret->seed = NULL; |