From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 21 Aug 2023 20:27:30 +0000 (+0300)
Subject: lib-dcrypt: Force compressed point format in ec_key_get_pub_point_hex
X-Git-Tag: 2.4.0~2616
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e6d63b68c72b77998845a91e423055074952581;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: Force compressed point format in ec_key_get_pub_point_hex
---

diff --git a/src/lib-dcrypt/dcrypt-openssl3.c b/src/lib-dcrypt/dcrypt-openssl3.c
index e0d2f897df..abb2c34d51 100644
--- a/src/lib-dcrypt/dcrypt-openssl3.c
+++ b/src/lib-dcrypt/dcrypt-openssl3.c
@@ -663,9 +663,28 @@ dcrypt_openssl_ctx_hmac_final(struct dcrypt_context_hmac *ctx, buffer_t *result,
 static const char *ec_key_get_pub_point_hex(const EVP_PKEY *pkey)
 {
 	/* get the public key */
+	EVP_PKEY *pkey2 = NULL;
 	unsigned char buf[EVP_PKEY_size(pkey)*2];
 	size_t len;
-	EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, buf, sizeof(buf), &len);
+
+	/* force compressed format */
+	OSSL_PARAM *params = NULL;
+	if (EVP_PKEY_todata(pkey, EVP_PKEY_PUBLIC_KEY, &params) == 0)
+		i_unreached();
+	OSSL_PARAM *param = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
+	if (param != NULL)
+		OSSL_PARAM_set_utf8_string(param, "compressed");
+	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_get_id(pkey), NULL);
+	if (EVP_PKEY_fromdata_init(ctx) < 1 ||
+	    EVP_PKEY_fromdata(ctx, &pkey2, EVP_PKEY_PUBLIC_KEY, params) < 1) {
+		i_unreached();
+	}
+	EVP_PKEY_CTX_free(ctx);
+	OSSL_PARAM_free(params);
+
+	EVP_PKEY_get_octet_string_param(pkey2, OSSL_PKEY_PARAM_PUB_KEY, buf, sizeof(buf), &len);
+	EVP_PKEY_free(pkey2);
+
 	return binary_to_hex_ucase(buf, len);
 }