Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EVP_PKEY_base_id always returns 0 for generated pkey on master #11823

Closed
fffonion opened this issue May 14, 2020 · 2 comments
Closed

EVP_PKEY_base_id always returns 0 for generated pkey on master #11823

fffonion opened this issue May 14, 2020 · 2 comments
Assignees
@levitte
Labels
triaged: bug The issue/pr is/fixes a bug

Comments

@fffonion
Copy link
Contributor 

#include <stdio>
#include <openssl/evp.h>
#include <openssl/rsa.h>

void main() {
    EVP_PKEY_CTX *ctx;
    EVP_PKEY *pkey = NULL;

    ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
    if (!ctx) {
        printf("1\n");
        exit(1);
    }
        
    if (EVP_PKEY_keygen_init(ctx) <= 0) {
        printf("2\n");
        exit(1);
    }

    if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
        printf("3\n");
        exit(1);
    }

    /* Generate key */
    if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
        printf("4\n");
        exit(1);
    }

    printf("key_type %d\n", EVP_PKEY_base_id(pkey));
}

This prints 0 for master branch but correctly prints 6 for previous versions.
@fffonion fffonion added the issue: bug report The issue was opened to report a bug label May 14, 2020
@levitte
Copy link
Member

levitte commented May 14, 2020

"correctly" is a matter of interpretation. Opinions are diverse regarding this... these ids were originally not meant to be public, and it would have been much better to return a constant string (even if the internal identity was a number).

That being said, I do understand that this is a surprising result, considering that you created the EVP_PKEY_CTX from one of those numeric identities. I'll see if I can make a sane enough fix.

@levitte levitte added triaged: bug The issue/pr is/fixes a bug and removed issue: bug report The issue was opened to report a bug labels May 14, 2020
@levitte levitte self-assigned this May 14, 2020
@levitte levitte mentioned this issue May 14, 2020
Closed
@fffonion
Copy link
Contributor Author

@levitte Thanks!

There's a related behaviour when using EVP_PKEY_new_raw_{public/private}_key, posting here as well:

#include <openssl/evp.h>
#include <openssl/rsa.h>

void main() {
    EVP_PKEY_CTX *ctx;
    EVP_PKEY *pkey = NULL;
    unsigned char buf[32] = {0};

    if (!(pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, buf, 32))) {
        exit(1);
    }
    printf ("%d", EVP_PKEY_base_id(pkey));
}

(outputs 0)

@levitte levitte mentioned this issue May 22, 2020
Closed
levitte added a commit to levitte/openssl that referenced this issue May 22, 2020
@levitte
Re-introduce legacy EVP_PKEY types for provided keys
04a9e65 
EVP_PKEYs with provider side internal keys got the key type
EVP_PKEY_NONE.  This turned out to be too disruptive, so we try
instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever
EVP_PKEY type it uses.

To make internal coding easier, we introduce a few internal macros to
distinguish what can be expected from a EVP_PKEY:

- evp_pkey_is_unknown(), to detect an unassigned EVP_PKEY.
- evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a
  type, which may be an old style type number or a EVP_KEYMGMT method.
- evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned
  an key value.
- evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a
  legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an
  EVP_PKEY_METHOD.
- evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is
  a provider side one, i.e. will be handdled via an EVP_KEYMGMT and
  other provider methods.

This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY
contains a provider side key for which there are no known
EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be
handled via EVP_KEYMGMT and other provider methods.

Fixes openssl#11823
@levitte levitte mentioned this issue May 22, 2020
Closed
@fffonion fffonion mentioned this issue Feb 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@levitte levitte

Labels
triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Re-introduce legacy EVP_PKEY types for provided keys levitte/openssl
2 participants
@levitte @fffonion