From a9d6f3aa67def0d7217f5851d9bffef9489ae9c0 Mon Sep 17 00:00:00 2001 From: Samuel Chiang Date: Mon, 7 Oct 2024 16:28:11 -0700 Subject: [PATCH] Add support for EVP_PKEY_CTX callback functions (#1905) We tried to no-op these functions, but it turns out Ruby depends on them pretty extensively as the interruption mechanism for threads. One of Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an actual value from the callback function, but we return NULL as a no-op. Ruby seems to depend on the `EVP_PKEY` callback function and relevant application data to correctly handle interruptions. Based on the relevant commit messages, the expectation is that the operation is interrupted, but AWS-LC continues resuming the operation and returns a generated RSA key. It looks like we may have to consider implementing functionality for these callback functions. This issue also applies to a test failure in `test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We probably aren't going to support DSA, but this will need to be applied to DH somewhere down the line. * Commits: * ruby/openssl@88b90fb * ruby/ruby@d3507e3 new test that verifies this works with `EVP_PKEY_RSA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license. --- crypto/fipsmodule/evp/internal.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/fipsmodule/evp/internal.h b/crypto/fipsmodule/evp/internal.h index cbf42caa3a4..062686d1338 100644 --- a/crypto/fipsmodule/evp/internal.h +++ b/crypto/fipsmodule/evp/internal.h @@ -254,7 +254,12 @@ int EVP_RSA_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void * #define EVP_PKEY_CTX_KEYGEN_INFO_COUNT 2 // EVP_PKEY_CTX_KEYGEN_INFO_COUNT is the maximum array length for -// |EVP_PKEY_CTX->keygen_info|. +// |EVP_PKEY_CTX->keygen_info|. The array length corresponds to the number of +// arguments |BN_GENCB|'s callback function handles. +// +// |ctx->keygen_info| map to the following values in |BN_GENCB|: +// 1. |ctx->keygen_info[0]| -> |event| +// 2. |ctx->keygen_info[1]| -> |n| #define EVP_PKEY_CTX_KEYGEN_INFO_COUNT 2 struct evp_pkey_ctx_st {