Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL 3.0.0 #199

Merged
merged 7 commits into from
Jun 30, 2022
Merged

OpenSSL 3.0.0 #199

merged 7 commits into from
Jun 30, 2022

Conversation

jprjr
Copy link
Contributor

@jprjr jprjr commented May 4, 2022
edited
Loading

Hi there - I took a crack at updating this Lua module to work with OpenSSL 3.0.0 (issue #195), by trying to make the EVP_KDF-emulating functions closer match the OpenSSL 3.0.0 signatures.

I'm very welcome to feedback on this, there's one area where I'm not sure if I'm doing the right thing or not -

Previously, when using EVP_KDF_ctrl with EVP_KDF_CTRL_SET_MD - that uses some opaque message digest type. It looks like in OpenSSL 3.0.0, if youset the digest they expect a printable string. I'm unsure if mk_checkdigest is just taking a regular printable string and converting it to that custom type?

I'm also not super-stoked about OpenSSL adding this new OSSL_PARAM type and requiring its usage - this resulted in having a whole lot of #if directives in the kdf_derive function. The only other way I see getting around that would be actually defining the OSSL_PARAM type and writing those construct functions, then write a replacement EVP_KDF_CTX_set_params function that iterates through the params and calls EVP_KDF_ctrl with the appropriate arguments.

There's a good number of deprecation warnings, but as far as I can tell it works correctly. But could/should probably get more eyes on it and tested.

jprjr
jprjr commented May 4, 2022
View reviewed changes
src/openssl.c Outdated Show resolved Hide resolved
@jprjr jprjr mentioned this pull request May 4, 2022
Closed
daurnimator
daurnimator reviewed May 5, 2022
View reviewed changes
src/openssl.c Outdated Show resolved Hide resolved
regress/regress.lua Show resolved Hide resolved
src/openssl.c Show resolved Hide resolved
@jprjr
Copy link
Contributor Author

jprjr commented May 5, 2022

There's still some deprecation warnings around some low-level object functions (RSA_new, DSA_new) but IMO, that effort could be done in a separate update, it's a bit more involved than changing some function signatures.

daurnimator
daurnimator approved these changes May 6, 2022
View reviewed changes
Copy link
Collaborator

@daurnimator daurnimator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't tested this at all, but a visual review looks good.

How have you tested this? With which OpenSSL releases and on which platforms?

@jprjr
Copy link
Contributor Author

jprjr commented May 6, 2022
edited
Loading

So I've compiled on Ubuntu 22.04 (OpenSSL 3.0.0) and Arch Linux (OpenSSL 1.1.1), and successfully ran the 95-kdf.lua script in the regress directory. I also ran the other scripts in the regress directory, but I figure that 95-kdf.lua script covers what's being updated in this PR.

@jfcap
Copy link

jfcap commented May 18, 2022

Hi @daurnimator , do you plan a new release on luarocks with this fix ?

@daurnimator
Copy link
Collaborator

I've now tested this on debian jessie (OpenSSL 1.0.1t 3 May 2016) and confirmed it works there; I think that's as old as we need to go these days.

@daurnimator daurnimator merged commit b9212f4 into wahern:master Jun 30, 2022
@daurnimator daurnimator mentioned this pull request Jun 30, 2022
Closed
@ConiKost
Copy link

Could you do a new release? Thank you!

loqs added a commit to loqs/PACKAGES-OSSL3 that referenced this pull request Jun 30, 2022
@loqs
OpenSSL 3.0 compatiblity patch
a6b6c72 
wahern/luaossl#199
wahern/luaossl#195
@mimi89999
Copy link

Would it also be possible to tag a new release on GH so that distros could start packaging the new version?

@ConiKost
Copy link

Thank you for providing new release!

This was referenced Nov 9, 2022
Closed
Open
@4mig4 4mig4 mentioned this pull request Feb 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daurnimator daurnimator daurnimator approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jprjr @jfcap @daurnimator @ConiKost @mimi89999