Hey Matt,
I could close in on this a little bit. Seems like when calling the
Encoder the additional parameter OSSL_PKEY_PARAM_MAX_SIZE is used.
operating switch: 20 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR)
ED25519 Public-Key:
pub:
a8:40:93:b5:d5:d2:47:b5:c0:1f:25:7c:de:d2:c2:
4b:93:7a:6c:77:6b:90:5b:ae:1d:60:9a:80:03:f6:
f3:97
ed25519ph-provider/src/ed25519ph_keymgmt.c - setting pkey max size to 32
--- Start of PARAM list:
PARAM key=bits, data_type=1
PARAM key=security-bits, data_type=1
PARAM key=max-size, data_type=1
PARAM value - dump with len=4
20 00 00 00
dump done
--- End of PARAM list
But when in the Signing part this parameter is not found anymore.
operating switch: 12 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR)
operating switch: 10 (1=DIGEST, 2=CIPHER, 5=RAND, 10=KEYMGMT, 12=SIG,
20=ENC, 21=DEC, 22=STOR)
ed25519ph-provider/src/ed25519ph_sign_x509.c - digest sign newctx,
propq='?provider=myprov'
ed25519ph-provider/src/ed25519ph_keymgmt.c - keymgmt_get_params
--- Start of PARAM list:
PARAM key=default-digest, data_type=4
PARAM key=mandatory-digest, data_type=4
--- End of PARAM list
How could the list of parameters be different when both of them use the
keymanagement functions?
All the best,
Bernd
Am 12.08.24 um 08:24 schrieb 'Bernd Ritter' via openssl-users:
Hey Matt,
thanks, that seems to be it! I've set up a params list in keymanagement
with:
static const OSSL_PARAM keymgmt_params[] = {
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, &_ed25519_keysize),
OSSL_PARAM_END
};
static const OSSL_PARAM* keymgmt_gettable_params(ossl_unused void *provctx)
{
return keymgmt_params;
}
but still the OSSL_FUNC_KEYMGMT_GET_PARAMS only returns two prefilled
params:
* default-digest
* mandatory-digest
but has not the "max-size" param. Why would that be?
All the best,
Bernd
Am 08.08.24 um 10:44 schrieb Matt Caswell:
On Thu, Aug 8, 2024 at 7:34 AM 'Bernd Ritter' via openssl-users
<openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>> wrote:
> error:030000A7:digital envelope routines::unknown max size
That error comes from here:
https://github.com/openssl/openssl/blob/fd39d1c80cd5bd9cb5c64e3fc96102397e5e860f/crypto/evp/p_lib.c#L1811-L1827 <https://github.com/openssl/openssl/blob/fd39d1c80cd5bd9cb5c64e3fc96102397e5e860f/crypto/evp/p_lib.c#L1811-L1827>
So something is attempting to determine the size of a pkey and found
it to be invalid.
This value should be returned by the keymgmt get_params function for
the parameter OSSL_PKEY_PARAM_MAX_SIZE
See:
https://docs.openssl.org/master/man7/provider-keymgmt/#common-information-parameters <https://docs.openssl.org/master/man7/provider-keymgmt/#common-information-parameters>
and
https://docs.openssl.org/master/man3/EVP_PKEY_get_size/#description
<https://docs.openssl.org/master/man3/EVP_PKEY_get_size/#description>
Matt
--
Bernd Ritter
Senior Linux Developer
Tel.: +49 175 534 4534
Mail: ritter@xxxxxxxxxxxxx
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-users+unsubscribe@xxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/a/openssl.org/d/msgid/openssl-users/24c0a847-60fe-465e-b450-f5512146790b%40b1-systems.de.
