Additional testing at the TLS layer uncovered a number of bugs that must be fixed before further rollout. These bugs were not surfaced when testing at the crypto layer.
Fixed wrong pointer returned from kmac_dupctx
Fixed incorrect return value check in dh_kmgmt_export
Support algorithm ID fetch in RSA and ECDSA signing interfaces
TLS layer will fail without this
Support getting/setting OSSL_PKEY_PARAM_EC_ENCODING
Some TLS layer functions will explicitly set this and fail if the provider doesn't expose this parameter
Only OSSL_PKEY_EC_ENCODING_GROUP is allowed, so this doesn't change any behavior
Allow DH group to be set without key data and support
Implement OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE for DH
Support setting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY for DH
libssl imports the peer key group without the key data to a key object. The peer key object is passed to the OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE function for keygen. The peer key data is set in the peer key object through the OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY parameter instead of import.
Support TLS mode for AES block ciphers
OpenSSL 3 moved the responsibility of padding and MAC fetching to the providers. In TLS mode, each record is independently padded and encrypted/decrypted by a call to OSSL_FUNC_CIPHER_UPDATE. The provider must also remove and store the MAC if present. This is done in the provider using an implementation adapted from OpenSSL.
Additional testing at the TLS layer uncovered a number of bugs that must be fixed before further rollout. These bugs were not surfaced when testing at the crypto layer.