Skip to content

openssl 3.0 support #46526

@satya-rajesh

Description

@satya-rajesh

In continuation to PowerShell/PowerShell#14410

PowerShell-7.0.3$ grep -Rns "ERR_put_error" ./
Binary file ./src/powershell-unix/bin/Linux/netcoreapp3.1/linux-x64/System.Security.Cryptography.Native.OpenSsl.a matches
Binary file ./src/powershell-unix/bin/Linux/netcoreapp3.1/linux-x64/System.Security.Cryptography.Native.OpenSsl.so matches
Binary file ./bin/System.Security.Cryptography.Native.OpenSsl.a matches
Binary file ./bin/System.Security.Cryptography.Native.OpenSsl.so matches

System.Security.Cryptography.Native.OpenSsl.so contains deprecated APIs of Openssl 3.0
Reference: https://www.openssl.org/news/changelog.html

This bug is created for support of openssl 3.0 in dotnet


Project Plan (updated as data is known, checkmarks mean done locally, not necessarily merged)

  • Convert RSA shim from RSA* to EVP_PKEY*
    • Keygen
    • Sign
    • Verify
    • Encrypt
    • Decrypt
    • Import
    • Export
  • Rebuild the interop exception model.
    • Each operation should reset the error queue, and we want to throw the first error, not the last one.
  • Convert ECDSA shim to fully EVP_PKEY*
  • Convert ECDH shim to fully EVP_PKEY*
  • Convert DSA shim to fully EVP_PKEY*
  • Write translation table for X509ChainStatusCodes (some #define values changed in OpenSSL 3.0)

Metadata

Metadata

Labels

Cost:LWork that requires one engineer up to 4 weeksPriority:2Work that is important, but not critical for the releasearea-System.SecurityenhancementProduct code improvement that does NOT require public API changes/additionsos-linuxLinux OS (any supported distro)

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions