EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys#10778
EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys#10778levitte wants to merge 11 commits intoopenssl:masterfrom
Conversation
levitte
added
branch: master
|
Note that #10289 is now pending on this as well |
romen
left a comment
romen
left a comment
There was a problem hiding this comment.
Seems fine at a first look, I will test more later on.
But I notice a doc update is missing in this PR and maybe it could also be the right PR to add simple tests for the involved EVP_PKEY_* functions.
Bonus points if you want to revise the doc for EVP_PKEY_bits vs security_bits because last time I checked I had trouble understanding the exact definition of the returned values!
|
I have tweaked a test for this already. Docs to be added today |
|
Documentation added. @romen, are you happy with the result? |
levitte
force-pushed
the
get-evp_pkey-params
branch
from
f854036 to
4a32483
Compare
|
Finally got all the docs bits right. Final review, please? |
There was a problem hiding this comment.
Add OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS
There was a problem hiding this comment.
You're thinking of PSS, aren't you? Otherwise, rsa doesn't come with domain parameters as far as I know.
Either way, I'm finally about to put together PSS support across the diverse implementations where it's missing.
|
Let's move the discussion away from specific diff spots, shall we? [for those not quite following, the discussion is about @romen said:
With legacy keys, this is implemented in the Something to be noted is that I'm quite doubtful that having |
|
I've wrapped my brain around the idea of operation specific size functions and could give that a go in a separate PR. |
|
What if we reduce the size of this PR by excluding the bits (pun intended) about That way we can proceed with the rest of this PR that seems pretty much ready, and debate to our hearts content about what to do for the naming and the ambiguity of Does it sound a plausible approach? (also I am out of cycles for reviews for today, so it is unlikely I can look at big changes before tomorrow) |
@levitte I think that this could become a good interim definition of what |
|
@romen said:
The problem is that this is used everywhere to allocate a suitable buffer. Without this change, anything that uses provider-only keys (such as those created with This is actually a very serious stumbling block (of many) that has kinda halted #10289 for quite some time. |
levitte
force-pushed
the
get-evp_pkey-params
branch
from
489246f to
922f7c6
Compare
|
@romen, there's one thing I don't quite understand, and it's why a KEYMGMT shouldn't be able to return a known max buffer size for all operations that will use the particular key. I mean this technically rather than on principle. However, I realise that you might not be entirely aware of one little fact: the KEYMGMT used with any operation must belong to the same provider as the operation that uses the keys. This means that as far as provider authors' "whims" are concerned, it should not be a concern, because that provider will have to be self-consistent to work properly, i.e. what the KEYMGMT part returns must be correct for all the operations that the same provider implements. In other words, an exhaustive search for a maximum size should not be necessary, technically speaking. It can be provided once, by the provider author. |
levitte
force-pushed
the
get-evp_pkey-params
branch
from
da3b4da to
70072ca
Compare
|
I've added some more changes that eliminate quite a lot of our internal use of I haven't touched libssl at all. The code in openssl/ssl/statem/statem_lib.c Line 274 in 1e88796 openssl/ssl/statem/statem_srvr.c Line 2795 in 1e88796 (*)
|
|
With the definition of "is the maximum size of any supported operation on I was against it when the definition seemed to be "it must return the first The first definition is self contained, the second is pushing hacks to That being said, I still feel that it is not particularly elegant to It is bad enough that I have to consider every possible combination of Anyway, while my first objection felt like something worth holding this PR, |
That's not the legacy behaviour either. The number returned for one legacy key is constant for that key and is large enough to accommodate a signature done using that key, as well as a secret key encrypted with key, as well as a derived key (DH). It returns a maximum meaningful size for all. That explains why it returns Actually, this also strengthens my believe that the description of |
That was a fun experiment, but I'm going to move it to another branch / PR. For the intents and purposes of this PR, that was a bit over the top. |
levitte
force-pushed
the
get-evp_pkey-params
branch
from
38ed4a5 to
d7ab98f
Compare
... to make them accessible from the FIPS provider module.
levitte
force-pushed
the
get-evp_pkey-params
branch
from
ca035c9 to
f9fbfd0
Compare
Indeed, I'm a bit lost and unsure where the discussion about @romen have all your concerns about |
|
Yes all my concerns about EVP_PKEY_size() have been addressed so far, we are just trying to please the CIs |
|
Current travis failure is not relevant, it's just a worker that's slow (it seems to be one and the same, I've seen that job fail with early timeouts for a while now) |
romen
left a comment
romen
left a comment
There was a problem hiding this comment.
I have a few very minor nits/side notes.
My approval stands even in case the resolution of these minor things is won't fix, as I don't really have a strong opinion on them and are just very minor things that popped out during my last review!
P. S. I agree that the Travis failure seems unrelated.
|
The extra commits that came just now solve the nits @romen had for me. From where I stand, the approval still stands. |
levitte
added
approval: done
|
Yes, I confirm that my approval was implicitly granted! |
|
I actually found it rather explicit 😉 |
levitte
added
approval: ready to merge
…keys These functions relied entirely on the presence of 'pkey->pmeth', which is NULL on provider only keys. This adds an interface to get domparam and key data from a provider, given corresponding provider data (the actual domparam or key). The retrieved data is cached in the EVP_PKEY structure (lending the idea from provided EVP_CIPHER). Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #10778)
They now all respond to requests for key size, bits and security bits. Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #10778)
This is for the case where we build keys from user data Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #10778)
…ity_bits() We change the description to be about the key rather than the signature. How the key size is related to the signature is explained in the description of EVP_SignFinal() anyway. Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #10778)
Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #10778)
Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #10778)
... to make them accessible from the FIPS provider module. Reviewed-by: Nicola Tuveri <[email protected]> (Merged from #10778)
|
Merged. 6508e85 EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys |
…ity_bits() We change the description to be about the key rather than the signature. How the key size is related to the signature is explained in the description of EVP_SignFinal() anyway. Reviewed-by: Nicola Tuveri <[email protected]> (Merged from openssl#10778) (cherry picked from commit 6942a0d)
Reviewed-by: Nicola Tuveri <[email protected]> (Merged from openssl#10778) (cherry picked from commit 03d65ca)
6 participants
These functions relied entirely on the presence of 'pkey->pmeth',
which is NULL on provider only keys. This adds an interface to get
domparam and key data from a provider, given corresponding provider
data (the actual domparam or key).
The retrieved data is cached in the EVP_PKEY structure (lending the
idea from provided EVP_CIPHER).
Checklist