From 18f30697536ac2e71359008252524213e27dea94 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Tue, 20 Feb 2024 14:06:09 +0100 Subject: openpgp: Fix serialized points on Weierstrass curves with OpenSSL. - OpenPGP uses the uncompressed representation. Previously, the OpenSSL backend used the compressed representation by mistake. --- openpgp/NEWS | 4 ++++ openpgp/src/crypto/backend/openssl/asymmetric.rs | 2 +- openpgp/src/crypto/backend/openssl/ecdh.rs | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/openpgp/NEWS b/openpgp/NEWS index ce276afe..3524af4b 100644 --- a/openpgp/NEWS +++ b/openpgp/NEWS @@ -9,6 +9,10 @@ secret scalar to make the generated secret key packet more compatible with implementations that do not implicitly do the clamping before decryption. + - Sequoia built with the OpenSSL backend will now use the correct + representation of points on Weierstrass curves. OpenPGP uses the + uncompressed representation. Previously, the OpenSSL backend + used the compressed representation by mistake. ** New functionality - Curve::variants * Changes in 1.18.0 diff --git a/openpgp/src/crypto/backend/openssl/asymmetric.rs b/openpgp/src/crypto/backend/openssl/asymmetric.rs index 6fd9f6a7..0ae2ca15 100644 --- a/openpgp/src/crypto/backend/openssl/asymmetric.rs +++ b/openpgp/src/crypto/backend/openssl/asymmetric.rs @@ -548,7 +548,7 @@ where let q = MPI::new(&key.public_key().to_bytes( &group, - PointConversionForm::COMPRESSED, + PointConversionForm::UNCOMPRESSED, &mut ctx, )?); let scalar = key.private_key().to_vec().into(); diff --git a/openpgp/src/crypto/backend/openssl/ecdh.rs b/openpgp/src/crypto/backend/openssl/ecdh.rs index bf6237c2..04a87c23 100644 --- a/openpgp/src/crypto/backend/openssl/ecdh.rs +++ b/openpgp/src/crypto/backend/openssl/ecdh.rs @@ -53,7 +53,7 @@ where let q = mpi::MPI::new(&key.public_key().to_bytes( &group, - PointConversionForm::COMPRESSED, + PointConversionForm::UNCOMPRESSED, &mut ctx, )?); -- cgit v1.2.3