add support for EVP_PKEY_CTX callback functions #1905
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
samuel40791765
force-pushed
the
evp-callback
branch
from
c8e534e to
26728c3
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1905 +/- ##
==========================================
+ Coverage 78.47% 78.51% +0.03%
==========================================
Files 585 585
Lines 99518 99681 +163
Branches 14243 14263 +20
==========================================
+ Hits 78101 78260 +159
- Misses 20780 20785 +5
+ Partials 637 636 -1 ☔ View full report in Codecov by Sentry. |
samuel40791765
force-pushed
the
evp-callback
branch
from
b4d618c to
a6bd437
Compare
skmcgrail
reviewed
Oct 4, 2024
Co-authored-by: Sean McGrail <[email protected]>
justsmth
reviewed
Oct 7, 2024
Comment on lines
697
to
+701
| int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) { | ||
| // No-op | ||
| return 0; | ||
| GUARD_PTR(ctx); | ||
| if (idx == -1) { | ||
| return EVP_PKEY_CTX_KEYGEN_INFO_COUNT; | ||
| } |
There was a problem hiding this comment.
- Should this return 0 if
ctx->operation != EVP_PKEY_OP_KEYGEN && ctx->operation != EVP_PKEY_OP_PARAMGEN? EVP_PKEY_CTX_KEYGEN_INFO_COUNTis the maximum possible, but might the actual number of indices available differ by the type and the operation? Should there be a comment here relating to that possibility?
There was a problem hiding this comment.
- Sure, I think that makes sense. I initially tried returning 0 if the key type was not RSA or DH, but that didn't work because there was the possibility where
EVP_PKEY_CTXdid not have a set type yet. This should be a good way to enforce something similar. - My interpretation of the array and how it's used in OpenSSL is that it's only used to map to the arguments available in
BN_GENCB. Each operation that uses this only has 2 available arguments to configure, so I thought it was safe to lock this as2.
I did document some parts of this inEVP_PKEY_CTX_get_keygen_info, but forget to mention how I came to the conclusion for this variable. Will add!
justsmth
reviewed
Oct 7, 2024
| bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr)); | ||
| ASSERT_TRUE(ctx); | ||
|
|
||
| // Check the initial values of |ctx->keygen_info|. |
There was a problem hiding this comment.
Should the keygen operation be initialized (EVP_PKEY_keygen_init) prior to this check?
There was a problem hiding this comment.
My initial intention for the check here was to see if the new EVP_PKEY_CTX fields had been initialized correctly upon creating a new EVP_PKEY_CTX.
So the fields should have a readable value, regardless of EVP_PKEY_keygen_init was called.
justsmth
reviewed
Oct 7, 2024
skmcgrail
approved these changes
Oct 7, 2024
justsmth
approved these changes
Oct 7, 2024
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Oct 22, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Oct 29, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Oct 30, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 1, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 4, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 6, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 16, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 18, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 18, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 25, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 25, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
WillChilds-Klein
pushed a commit
to WillChilds-Klein/aws-lc
that referenced
this pull request
Nov 26, 2024
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
Resolves
CryptoAlg-1716Resolves
CryptoAlg-2698Description of changes:
We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on
EVP_PKEY_CTX_get_app_datato return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on theEVP_PKEYcallback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure intest/openssl/test_pkey_dh.rbandtest/openssl/test_pkey_dsa.rb. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line.Call-outs:
N/A
Testing:
new test that verifies this works with
EVP_PKEY_RSABy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.