Use uncompressed point conversion form for 'tls ephemeral' ECC keys

author Aram Sargsyan <aram@isc.org>

Fri, 7 Jan 2022 20:37:46 +0000 (20:37 +0000)

committer Aram Sargsyan <aram@isc.org>

Thu, 13 Jan 2022 11:03:06 +0000 (11:03 +0000)
author Aram Sargsyan <aram@isc.org>
Fri, 7 Jan 2022 20:37:46 +0000 (20:37 +0000)
committer Aram Sargsyan <aram@isc.org>
Thu, 13 Jan 2022 11:03:06 +0000 (11:03 +0000)
diff --git a/lib/isc/tls.c b/lib/isc/tls.c

index 2d24481882b69b4d898516643a97ef3a0ceb03e6..cb8d41beb7b364da77ca68845c033950708449d7 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -317,16 +317,16 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
                         goto ssl_error;
                 }
  
-               /* We use a named curve and compressed point conversion form. */
+               /* Use a named curve and uncompressed point conversion form. */
  #if HAVE_EVP_PKEY_GET0_EC_KEY
                 EC_KEY_set_asn1_flag(EVP_PKEY_get0_EC_KEY(pkey),
                                      OPENSSL_EC_NAMED_CURVE);
                 EC_KEY_set_conv_form(EVP_PKEY_get0_EC_KEY(pkey),
-                                    POINT_CONVERSION_COMPRESSED);
+                                    POINT_CONVERSION_UNCOMPRESSED);
  #else
                 EC_KEY_set_asn1_flag(pkey->pkey.ec, OPENSSL_EC_NAMED_CURVE);
                 EC_KEY_set_conv_form(pkey->pkey.ec,
-                                    POINT_CONVERSION_COMPRESSED);
+                                    POINT_CONVERSION_UNCOMPRESSED);
  #endif /* HAVE_EVP_PKEY_GET0_EC_KEY */
  
  #if defined(SSL_CTX_set_ecdh_auto)
author	Aram Sargsyan <aram@isc.org>
	Fri, 7 Jan 2022 20:37:46 +0000 (20:37 +0000)
committer	Aram Sargsyan <aram@isc.org>
	Thu, 13 Jan 2022 11:03:06 +0000 (11:03 +0000)