[Pending #11074] EVP: Adapt EVP_PKEY checking, comparing and copying for provider keys, take 2#11025
[Pending #11074] EVP: Adapt EVP_PKEY checking, comparing and copying for provider keys, take 2#11025levitte wants to merge 8 commits intoopenssl:masterfrom
Conversation
|
The commits from #11006 are here as well, but will disappear as soon as that one is merged and this gets rebased. This PR will remain a draft until that happens. Feel free to roam around in the last 6 commits and comment on those here. |
|
I dont think I am going to review this until it is rebased. |
|
It is possible to look at one commit at a time... But yeah, I get it, the combo is massive |
levitte
force-pushed
the
provider-key-check+cmp+dup-take2
branch
from
fa3c304 to
e5db8ce
Compare
|
Rebase done, now that #11006 is in |
|
Please make initial reviews. I'm still keeping it WIP for a little bit more while investigating what happens in a merge with #10797, but I suspect I'm pretty much done... |
|
(at the very least, I like this take much more than #10807) |
crypto/evp/keymgmt_lib.c
Outdated
There was a problem hiding this comment.
I have a tendency to think we should have a different return code for "unknown"
There was a problem hiding this comment.
I originally had that idea for #11006, actually. so was basically thinking that we could have these possible return values for all of EVP_KEYMGMT:
# define EVP_KEYMGMT_FAILURE 0
# define EVP_KEYMGMT_FALSE 0
# define EVP_KEYMGMT_SUCCESS 1
# define EVP_KEYMGMT_TRUE 1
# define EVP_KEYMGMT_UNSUPPORTED -1That would leave it to the caller to decide how to handle unknown / unsupported cases.
I'm not sure if such a change belongs in this PR, though...
crypto/evp/keymgmt_lib.c
Outdated
There was a problem hiding this comment.
If the finder doesn't return true, is there any point in going around the inner loop?
There was a problem hiding this comment.
Yes. The idea is that it may be sufficient if either of the EVP_PKEYs have a keymgmt for which finder returns true.
The next step will be prepare_binary_op, which does a cross-wise export and should end up finding the most suitable keymgmt to use.
There was a problem hiding this comment.
Probably I'm misunderstanding something here. If finder doesn't return true here, then when we get to the inner loop one of the following is true:
- tmp_keymgmt1 and tmpkeydata1 are both NULL - which means the "bigbreak" condition will never be hit in that case
or - tmp_keymgmt1 and tmpkeydata1 have the same values as the last time we went around the outer loop. So if we didn't find a match in the inner loop last time - why go around it again?
There was a problem hiding this comment.
I believe this question needs to wait for #11074, as conditions are changing with that one. Basically, when that one lands, any EVP_PKEY with pkeys[0].keymgmt == NULL is to be considered unassigned as far as this file goes (legacy export is taken care of in evp_pkey_make_provided()).
levitte
changed the title
|
This is now pending on #11074 |
levitte
force-pushed
the
provider-key-check+cmp+dup-take2
branch
2 times, most recently
from
328ec0f to
a5cd9b8
Compare
levitte
changed the title
|
This is not WIP any more, but still pending on #11074. Early reviews are welcome |
levitte
force-pushed
the
provider-key-check+cmp+dup-take2
branch
2 times, most recently
from
3b6593b to
e79072e
Compare
This adds evp_keymgmt_util_match() and affects EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). The word 'match' was used for the new routines because many associate 'cmp' with comparison functions that allows sorting, i.e. return -1, 0 or 1 depending on the order in which the two compared elements should be sorted. EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() don't quite do that.
This adds evp_keymgmt_util_copy() and affects EVP_PKEY_copy_parameters()
levitte
force-pushed
the
provider-key-check+cmp+dup-take2
branch
from
e79072e to
bce9191
Compare
crypto/evp/keymgmt_lib.c
Outdated
There was a problem hiding this comment.
Probably I'm misunderstanding something here. If finder doesn't return true here, then when we get to the inner loop one of the following is true:
- tmp_keymgmt1 and tmpkeydata1 are both NULL - which means the "bigbreak" condition will never be hit in that case
or - tmp_keymgmt1 and tmpkeydata1 have the same values as the last time we went around the outer loop. So if we didn't find a match in the inner loop last time - why go around it again?
| * do this check, after having exported either of them that isn't | ||
| * provided. | ||
| */ | ||
| if (!(evp_pkey_is_pure_provided(to) && evp_pkey_is_pure_provided(from))) { |
There was a problem hiding this comment.
This logic doesnt match the comment does it? Dont you want !X && !Y
You are currently testing is either key a legacy key?
There was a problem hiding this comment.
You're right. I'll have another look in the morning...
There was a problem hiding this comment.
Cheers, I have just about finished reviewing.. I dont want you being held up. Is there any other PR's you need to be reviewed?
There was a problem hiding this comment.
I need #11074 in place before tackling this one
|
|
||
| if (from->ameth && from->ameth->param_copy) | ||
| /* | ||
| * Only use the routine for provided keys if either key is purely provided. |
There was a problem hiding this comment.
This comment also doesn't match the logic below (which is both keys)
Looks like you mean to use ||
There was a problem hiding this comment.
I need #11074 in place before tackling this one
| static int implements_copy_and_export(EVP_KEYMGMT *keymgmt) | ||
| { | ||
| return keymgmt->copy != NULL | ||
| && (keymgmt->import == NULL || keymgmt->export != NULL); |
There was a problem hiding this comment.
Are you sure you mean keymgmt->import == NULL ?
Below it says 'only implement |copy|, but must also implement |export| if it
* implements |import|'
There was a problem hiding this comment.
but must also implement |export| if it implements |import|
That translates into: "it's ok if |import| isn't implemented, then we don't care about checking for |export|. However, if |import| is implemented, then so must |export|"
In logical terms:
- IF |import| == NULL THEN True
- OTHERWISE, IF |export| != NULL THEN True
- OTHERWISE False
Makes sense?
There was a problem hiding this comment.
I don't understand. A provider can do import-only or export-only or both. Is that concept not supported by this change?
There was a problem hiding this comment.
Hmmm, good question. I'll have a look again.
|
This one is closed in favor of #11158 |
5 participants
This is an adaptation of the following functions for provided keys:
This also adds the necessary EVP_KEYMGMT interfaces to support those functions, and the implementations for RSA, DSA and DH.
This replaces #10807 and is built on top of #11006