[3.0.0] genpkey -algorithm EC -pkeyopt ec_param_enc:explicit fails #12102
Description
With PR #11328 we broke the CLI compatibility of genpkey for EC keys when using -pkeyopt ec_param_enc:explicit.
More in general, this will also affects existing applications that are using
EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_EXPLICIT_CURVE);EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_EC_PARAM_ENC, OPENSSL_EC_EXPLICIT_CURVE, NULL)EVP_PKEY_CTX_ctrl_str(ctx, "ec_param_enc", "explicit");
Before 3.0.0, setting this parameter on the keygen ctx, would alter the EC_GROUP associated with it via EC_GROUP_set_asn1_flag(ctx->gen_group, OPENSSL_EC_EXPLICIT_CURVE);.
EVP_PKEY objects generated through such a ctx would then point to an EC_KEY object pointing to an EC_GROUP object for which group->asn1_flag == OPENSSL_EC_EXPLICIT_CURVE.
Thus, before 3.0.0, this parameter is associated with the key objects, even though conceptually in the 3.0.0 way of things this would be a parameter for the serialize operation on this key object.
Reproducing the issue
; /opt/openssl-1.1.1g/bin/openssl genpkey \
-algorithm EC \
-pkeyopt ec_paramgen_curve:P-256 \
-pkeyopt ec_param_enc:explicit \
-text
-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgYHz9F/CV6sfi
ygfH2NRCBsoFaFu53y1G1ZgNA2B7eGmhRANCAAQEgb+2nreZ4XSo94LaR1hfJDBm
BkbFtOKCdxPWp+ayZkQllXvsqr0CCY+M2eupbj5eR02ZHmcY8oxDdc7lJMhz
-----END PRIVATE KEY-----
Private-Key: (256 bit)
priv:
60:7c:fd:17:f0:95:ea:c7:e2:ca:07:c7:d8:d4:42:
06:ca:05:68:5b:b9:df:2d:46:d5:98:0d:03:60:7b:
78:69
pub:
04:04:81:bf:b6:9e:b7:99:e1:74:a8:f7:82:da:47:
58:5f:24:30:66:06:46:c5:b4:e2:82:77:13:d6:a7:
e6:b2:66:44:25:95:7b:ec:aa:bd:02:09:8f:8c:d9:
eb:a9:6e:3e:5e:47:4d:99:1e:67:18:f2:8c:43:75:
ce:e5:24:c8:73
Field Type: prime-field
Prime:
00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:ff
A:
00:ff:ff:ff:ff:00:00:00:01:00:00:00:00:00:00:
00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:
ff:ff:fc
B:
5a:c6:35:d8:aa:3a:93:e7:b3:eb:bd:55:76:98:86:
bc:65:1d:06:b0:cc:53:b0:f6:3b:ce:3c:3e:27:d2:
60:4b
Generator (uncompressed):
04:6b:17:d1:f2:e1:2c:42:47:f8:bc:e6:e5:63:a4:
40:f2:77:03:7d:81:2d:eb:33:a0:f4:a1:39:45:d8:
98:c2:96:4f:e3:42:e2:fe:1a:7f:9b:8e:e7:eb:4a:
7c:0f:9e:16:2b:ce:33:57:6b:31:5e:ce:cb:b6:40:
68:37:bf:51:f5
Order:
00:ff:ff:ff:ff:00:00:00:00:ff:ff:ff:ff:ff:ff:
ff:ff:bc:e6:fa:ad:a7:17:9e:84:f3:b9:ca:c2:fc:
63:25:51
Cofactor: 1 (0x1)
Seed:
c4:9d:36:08:86:e7:04:93:6a:66:78:e1:13:9d:26:
b7:81:9f:7e:90; /opt/openssl-3.0.0-alpha3/bin/openssl genpkey \
-algorithm EC \
-pkeyopt ec_paramgen_curve:P-256 \
-pkeyopt ec_param_enc:explicit \
-text
genpkey: Error setting ec_param_enc:explicit parameter:
C0873F2AD37F0000:error::digital envelope routines:legacy_ctrl_str_to_param:command not supported:crypto/evp/pmeth_lib.c:1042:Credits
Thanks to @bbbrumley and the rest of the team behind the OpenSSL Triggerflow CI (paper) that detected and reported this problem!
Related PRs
Since the issue was first detected, we added tests in 1.1.1 and 3.0.0 testing EC key generation through the genpkey CLI:
- Test genpkey app for EC keygen with various args #12080 (master) (failing tests annotated with a surrounding
TODO: {}block) - [1.1.1] Test genpkey app for EC keygen with various args #12085 (1.1.1) (all tests passing)