Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New OpenSSL 3.* API for managing EVP_PKEY objects #2368

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

New OpenSSL 3.* API for managing EVP_PKEY objects #2368

wants to merge 1 commit into from
+606 −5

Conversation

Jakuje
Copy link

@Jakuje Jakuje commented Feb 14, 2025

The OpenSSL 3.* users now do not have a way to use non-deprecated API by using this rust bindings, which is not sustainable in the long term as either distributions will stop building with the deprecated API or it will be eventually removed.

This is now mostly PoC on using RSA and ECDSA keys using the new API in tests. It does not expose all possible API that are available as I did not have a good way to test the unused API yet.

I do not know if this API is available in some other *SSL libraries right now so for now all of the additions are marked with #[cfg(ossl300)].

This is partially based on #2051 which was abandoned.

Opening as a draft. I tried to follow existing logic in the project, but I might have missed some hints. Additionally, there are few TODO comments that point out to possible problematic API, where I would be happy to hear if that is acceptable or if we should try to figure out a better interface and how it should look like.

Fixes: #2047

@Jakuje Jakuje force-pushed the openssl-3-evp_pkey branch 2 times, most recently from 11c520b to 2ce1b9b Compare February 14, 2025 21:09
@Jakuje Jakuje marked this pull request as ready for review February 27, 2025 10:14
@Jakuje Jakuje force-pushed the openssl-3-evp_pkey branch 2 times, most recently from a7d1739 to 7d520ac Compare February 28, 2025 14:31
@Jakuje
New OpenSSL 3.* API for managing EVP_PKEY objects
fec04ce 
The OpenSSL 3.* users now do not have a way to use non-deprecated
API by using this rust bindings, which is not sustainable in the
long term as either distributions will stop building with the
deprecated API or it will be eventually removed.

This is now mostly PoC on using RSA and ECDSA keys using the new
API in tests. It does not expose all possible API that are available
as I did not have a good way to test the unused API yet.

I do not know if this API is available in some other *SSL libraries
right now so for now all of the additions are marked with #[cfg(ossl300)].

This is partially based on sfackler#2051 which was abandoned.

Fixes: sfackler#2047
@Jakuje Jakuje force-pushed the openssl-3-evp_pkey branch from 7d520ac to fec04ce Compare February 28, 2025 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fixing use of OpenSSL 3 deprecated functions
1 participant
@Jakuje