[PATCH 07/24] openssl: Use uncompressed format for ECC keys

[Juliusz Sosinowicz]

I understand that this is a potentially breaking change but I don't see 
this change (uncompressed -> compressed) noted anywhere. If this would 
be a breaking change then the OpenSSL 3 implementation would clash with 
existing OpenSSL <3 deployments. Does the DPP work you mention only 
target the OpenSSL 3 implementation? Do you know of protocols that 
explicitly mandate one format or the other?

On 02/02/2025 19:50, Jouni Malinen wrote:
> On Thu, Apr 04, 2024 at 08:16:13PM +0200, Juliusz Sosinowicz wrote:
>> OpenSSL <3.0 uses ECC keys in the uncompressed format. We should keep it that way for compatibility. The wolfSSL backend also uses the uncompressed format.
> I don't really want to change behavior with OpenSSL for this without
> significant amount of additional testing (which I'm unlikely to find
> time for any time soon) since this area has been quite a mess in the
> past especially with the DPP requirements of various constructions there
> using either compressed or uncompressed format. In practice, if this
> were ever to be done as a generic change, there would need to be
> explicit format conversion routines in all places where a protocol
> definition mandates a specific format to be used. Testing this would
> likely need explicit checks of the correct format being used as well
> since otherwise it would be way too easy to break something subtle that
> might seem to work with some crypto libraries but would not be compliant
> with the protocol definition.
>