Add translation for ECX group parameter #19348
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
t8m
added
branch: master
|
I do not think it would be easy to add the test case. It would require a legacy ECX to be set up. There are some legacy EC tests in evp_extra_test.c but IMO none for ECX. |
t8m
reviewed
Oct 5, 2022
crypto/evp/ctrl_params_translate.c
Outdated
| * ECX | ||
| * === | ||
| */ | ||
| { SET, -1, -1, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, |
There was a problem hiding this comment.
I am not quite sure it is right to use the wildcard -1 key type here. It will probably work, but just by accident it won't break the EC keygen group support because it is last in the table so the
{ SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
fix_ec_paramgen_curve_nid },
entry is before. I'd suggest using the EVP_PKEY_X25519, EVP_PKEY_ED25519 as the key types. And add another entry for the X448, ED448 types.
There was a problem hiding this comment.
Isn't this just for X25519 and X448? At least the fixing function will not work for ED25519 and ED448. At least looking at https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-X25519.html it seems to be the X variants and not the ED variants.
There was a problem hiding this comment.
Updated to use the X25519 and X448 key types.
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes openssl#19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
juergenchrist
force-pushed
the
fix/ctrlparamstranslate
branch
from
7c02b65
to
b00f2ca
Compare
t8m
approved these changes
Oct 7, 2022
t8m
removed
the
approval: otc review pending
paulidale
approved these changes
Oct 10, 2022
paulidale
added
approval: done
openssl-machine
removed
the
approval: done
|
This pull request is ready to merge |
openssl-machine
added
the
approval: ready to merge
|
Merged to master and 3.0. Thank you. |
openssl-machine
pushed a commit
that referenced
this pull request
Oct 13, 2022
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #19348) (cherry picked from commit c048779)
openssl-machine
pushed a commit
that referenced
this pull request
Oct 13, 2022
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #19348)
beldmit
pushed a commit
to beldmit/openssl
that referenced
this pull request
Dec 26, 2022
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes openssl#19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#19348)
InfoHunter
pushed a commit
to InfoHunter/Tongsuo
that referenced
this pull request
Nov 28, 2023
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348)
5 tasks
InfoHunter
added a commit
to InfoHunter/Tongsuo
that referenced
this pull request
Nov 30, 2023
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348)
dongbeiouba
pushed a commit
to Tongsuo-Project/Tongsuo
that referenced
this pull request
Nov 30, 2023
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348)
dongbeiouba
pushed a commit
to Tongsuo-Project/Tongsuo
that referenced
this pull request
Nov 30, 2023
* Add translation for ECX group parameter Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348) * Address issue #540
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines.
Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves.
Fixes #19313
Signed-off-by: Juergen Christ jchrist@linux.ibm.com
I could not find any tests for the translation. Please provide me a hint where to search for these tests.
Checklist