[design] Functions for explicitly fetched signature algorithms by levitte · Pull Request #22672 · openssl/openssl

levitte · 2023-11-09T09:53:59Z

This design goes into more details what was outlined in the design for
fetching composite (PKEY) algorithms and using them.

It also changes what functionality will be used for this. The design for
signature was originally to add modified initializers for DigestSign and
DigestVerify, but recent OTC discussions redirected us to have a closer look
at EVP_PKEY_sign() and EVP_PKEY_verify().

Finally, it also takes into account the need to specify the signature
to be verified against with EVP_PKEY_verify() streaming functions,
which has been discussed in #22357.

Related to #22357 (in progress), #22129 (merged), and openssl/project#231

levitte · 2023-11-09T10:05:38Z

This design is still missing some provider interfaces to be added. I'm currently looking more closely at that. But don't let that stop you from commenting or discussing further in #22671, input is welcome!

t8m

This looks good so far, although I need to think through how applications should change to be able to use these new functions but still work with old providers and legacy.

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md

levitte · 2023-11-09T11:06:35Z

This looks good so far, although I need to think through how applications should change to be able to use these new functions but still work with old providers and legacy.

This new functionality won't support legacy. This is about explicitly fetched algorithms, there's nothing legacy about that.

The streaming functions (update, final) will also not be possible to use with old providers. The one-shot functions should continue to work transparently, however.

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md

openssl-machine · 2023-12-15T00:10:20Z

This PR is waiting for the creator to make requested changes but it has not been updated for 30 days. If you have made changes or commented to the reviewer please make sure you re-request a review (see icon in the 'reviewers' section).

openssl-machine · 2024-01-15T00:09:26Z

This PR is waiting for the creator to make requested changes but it has not been updated for 61 days. If you have made changes or commented to the reviewer please make sure you re-request a review (see icon in the 'reviewers' section).

levitte · 2024-01-16T13:42:13Z

Rebased...

Also, I had forgotten that this was still draft, it should have been made ready for review a while ago.

openssl-machine · 2024-02-16T00:08:58Z

This PR is waiting for the creator to make requested changes but it has not been updated for 30 days. If you have made changes or commented to the reviewer please make sure you re-request a review (see icon in the 'reviewers' section).

openssl-machine · 2024-03-18T00:09:04Z

This PR is waiting for the creator to make requested changes but it has not been updated for 61 days. If you have made changes or commented to the reviewer please make sure you re-request a review (see icon in the 'reviewers' section).

openssl-machine · 2024-04-16T00:09:15Z

This PR has been closed. It was waiting for the creator to make requested changes but it has not been updated for 90 days.

t8m · 2024-04-16T06:59:14Z

@levitte please drop the unrelated fuzz-corpora submodule change.

levitte · 2024-04-17T08:05:33Z

I squashed and rebased too, while I was at it

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md

openssl-machine · 2024-10-24T00:08:31Z

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

openssl-machine · 2024-11-24T00:08:27Z

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

openssl-machine · 2024-12-25T00:08:55Z

This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago

openssl-machine · 2025-01-25T00:08:43Z

This PR is in a state where it requires action by @openssl/committers but the last update was 92 days ago

openssl-machine · 2025-02-25T00:08:55Z

This PR is in a state where it requires action by @openssl/committers but the last update was 123 days ago

openssl-machine · 2025-03-28T00:08:57Z

This PR is in a state where it requires action by @openssl/committers but the last update was 154 days ago

openssl-machine · 2025-04-28T00:08:56Z

This PR is in a state where it requires action by @openssl/committers but the last update was 185 days ago

openssl-machine · 2025-05-29T00:09:08Z

This PR is in a state where it requires action by @openssl/committers but the last update was 216 days ago

levitte · 2025-05-29T04:31:32Z

Ping! One more review needed to finally merge this design document! @openssl/committers

paulidale · 2025-05-29T04:44:04Z

This possibly warrants back porting to relevant older branches.

openssl-machine · 2025-05-30T05:00:36Z

24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually.

This design goes into more details what was outlined in the design for [fetching composite (PKEY) algorithms and using them]. It also changes what functionality will be used for this. The design for signature was originally to add modified initializers for DigestSign and DigestVerify, but recent OTC discussions redirected us to have a closer look at EVP_PKEY_sign() and EVP_PKEY_verify(). [fetching composite (PKEY) algorithms and using them]: ./fetching-composite-algorithms.md Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #22672)

This design goes into more details what was outlined in the design for [fetching composite (PKEY) algorithms and using them]. It also changes what functionality will be used for this. The design for signature was originally to add modified initializers for DigestSign and DigestVerify, but recent OTC discussions redirected us to have a closer look at EVP_PKEY_sign() and EVP_PKEY_verify(). [fetching composite (PKEY) algorithms and using them]: ./fetching-composite-algorithms.md Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #22672) (cherry picked from commit 66454bf)

t8m · 2025-05-30T09:32:11Z

Merged to the master, 3.4 and 3.5 branches. Thank you.

This design goes into more details what was outlined in the design for [fetching composite (PKEY) algorithms and using them]. It also changes what functionality will be used for this. The design for signature was originally to add modified initializers for DigestSign and DigestVerify, but recent OTC discussions redirected us to have a closer look at EVP_PKEY_sign() and EVP_PKEY_verify(). [fetching composite (PKEY) algorithms and using them]: ./fetching-composite-algorithms.md Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#22672)

levitte mentioned this pull request Nov 9, 2023

Add design document for LMS. #22357

Closed

2 tasks

levitte force-pushed the design-functions-for-explicitly-fetched-signature-algorithms branch from 317c78b to 07c769d Compare November 9, 2023 09:56

levitte force-pushed the design-functions-for-explicitly-fetched-signature-algorithms branch from 07c769d to b986ca5 Compare November 9, 2023 10:26

t8m reviewed Nov 9, 2023

View reviewed changes

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md Outdated Show resolved Hide resolved

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md Outdated Show resolved Hide resolved

slontis reviewed Nov 9, 2023

View reviewed changes

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md Outdated Show resolved Hide resolved

t8m requested changes Nov 10, 2023

View reviewed changes

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md Outdated Show resolved Hide resolved

doc/designs/functions-for-explicitly-fetched-signature-algorithms.md Outdated Show resolved Hide resolved

slontis mentioned this pull request Nov 14, 2023

Init - Update - Final EdDSA signature verification #22567

Open

t8m added branch: master Applies to master branch triaged: design The issue/pr deals with a design document labels Nov 14, 2023

slontis mentioned this pull request Dec 6, 2023

Add support for streaming ED verify #22958

Closed

2 tasks

slontis mentioned this pull request Jan 8, 2024

Signing using ECDSA with nonce-type=1 (deterministic signing) only works if digest has been previously set using EVP_PKEY_CTX_set_params #23205

Closed

levitte force-pushed the design-functions-for-explicitly-fetched-signature-algorithms branch from a4be04b to 1dd902c Compare January 16, 2024 13:41

levitte marked this pull request as ready for review January 16, 2024 13:41

levitte mentioned this pull request Jan 29, 2024

Implement functionality for direct use of composite signature algorithms #23416

Closed

openssl-machine closed this Apr 16, 2024

t8m reopened this Apr 16, 2024

t8m added approval: review pending This pull request needs review by a committer approval: otc review pending tests: exempted The PR is exempt from requirements for testing labels Apr 16, 2024

levitte force-pushed the design-functions-for-explicitly-fetched-signature-algorithms branch from 1dd902c to e50903a Compare April 17, 2024 08:05

vdukhovni requested changes Sep 21, 2024

View reviewed changes

levitte added 2 commits September 23, 2024 11:15

fixup! [design] Functions for explicitly fetched signature algorithms

ff14bc0

fixup! [design] Functions for explicitly fetched signature algorithms

6edc9ae

t8m approved these changes Oct 24, 2024

View reviewed changes

paulidale approved these changes May 29, 2025

View reviewed changes

paulidale added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels May 29, 2025

t8m added branch: 3.4 Applies to openssl-3.4 branch: 3.5 Applies to openssl-3.5 labels May 29, 2025

t8m added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels May 30, 2025

t8m closed this May 30, 2025

Uh oh!

Comments

Conversation

levitte commented Nov 9, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

levitte commented Nov 9, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

t8m left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

levitte commented Nov 9, 2023

Uh oh!

Uh oh!

Uh oh!

Uh oh!

openssl-machine commented Dec 15, 2023

Uh oh!

openssl-machine commented Jan 15, 2024

Uh oh!

levitte commented Jan 16, 2024

Uh oh!

openssl-machine commented Feb 16, 2024

Uh oh!

openssl-machine commented Mar 18, 2024

Uh oh!

openssl-machine commented Apr 16, 2024

Uh oh!

t8m commented Apr 16, 2024

Uh oh!

levitte commented Apr 17, 2024

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

openssl-machine commented Oct 24, 2024

Uh oh!

openssl-machine commented Nov 24, 2024

Uh oh!

openssl-machine commented Dec 25, 2024

Uh oh!

openssl-machine commented Jan 25, 2025

Uh oh!

openssl-machine commented Feb 25, 2025

Uh oh!

openssl-machine commented Mar 28, 2025

Uh oh!

openssl-machine commented Apr 28, 2025

Uh oh!

openssl-machine commented May 29, 2025

Uh oh!

levitte commented May 29, 2025

Uh oh!

paulidale commented May 29, 2025

Uh oh!

openssl-machine commented May 30, 2025

Uh oh!

t8m commented May 30, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants

levitte commented Nov 9, 2023 •

edited

Loading

levitte commented Nov 9, 2023 •

edited

Loading