New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add translation for ECX group parameter #19348
Add translation for ECX group parameter #19348
Conversation
I do not think it would be easy to add the test case. It would require a legacy ECX to be set up. There are some legacy EC tests in evp_extra_test.c but IMO none for ECX. |
crypto/evp/ctrl_params_translate.c
Outdated
* ECX | ||
* === | ||
*/ | ||
{ SET, -1, -1, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not quite sure it is right to use the wildcard -1 key type here. It will probably work, but just by accident it won't break the EC keygen group support because it is last in the table so the
{ SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
fix_ec_paramgen_curve_nid },
entry is before. I'd suggest using the EVP_PKEY_X25519, EVP_PKEY_ED25519 as the key types. And add another entry for the X448, ED448 types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@levite might also comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this just for X25519 and X448? At least the fixing function will not work for ED25519 and ED448. At least looking at https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-X25519.html it seems to be the X variants and not the ED variants.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated to use the X25519 and X448 key types.
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes openssl#19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
7c02b65
to
b00f2ca
Compare
This pull request is ready to merge |
Merged to master and 3.0. Thank you. |
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #19348) (cherry picked from commit c048779)
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #19348)
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes openssl#19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#19348)
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348)
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348)
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348)
* Add translation for ECX group parameter Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines. Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves. Fixes #19313 Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl/openssl#19348) * Address issue #540
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519 and X448. The translation of this parameter resulted in an error. This caused errors for legacy keys and engines.
Fix this situation by adding a translation that simply checks that the correct parameter is to be set, but does not actually set anything. This is correct since the group name is anyway optional for these two curves.
Fixes #19313
Signed-off-by: Juergen Christ jchrist@linux.ibm.com
I could not find any tests for the translation. Please provide me a hint where to search for these tests.
Checklist