openssl 3.0 support

[satya-rajesh]

In continuation to PowerShell/PowerShell#14410

PowerShell-7.0.3$ grep -Rns "ERR_put_error" ./
Binary file ./src/powershell-unix/bin/Linux/netcoreapp3.1/linux-x64/System.Security.Cryptography.Native.OpenSsl.a matches
Binary file ./src/powershell-unix/bin/Linux/netcoreapp3.1/linux-x64/System.Security.Cryptography.Native.OpenSsl.so matches
Binary file ./bin/System.Security.Cryptography.Native.OpenSsl.a matches
Binary file ./bin/System.Security.Cryptography.Native.OpenSsl.so matches

System.Security.Cryptography.Native.OpenSsl.so contains deprecated APIs of Openssl 3.0
Reference: https://www.openssl.org/news/changelog.html

This bug is created for support of openssl 3.0 in dotnet

---

Project Plan (updated as data is known, checkmarks mean done locally, not necessarily merged)

• Convert RSA shim from RSA* to EVP_PKEY*
  • Keygen
  • Sign
  • Verify
  • Encrypt
  • Decrypt
  • Import
  • Export
• Rebuild the interop exception model.
  • Each operation should reset the error queue, and we want to throw the first error, not the last one.
• Convert ECDSA shim to fully EVP_PKEY*
• Convert ECDH shim to fully EVP_PKEY*
• Convert DSA shim to fully EVP_PKEY*
• Write translation table for X509ChainStatusCodes (some #define values changed in OpenSSL 3.0)

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq
See info in area-owners.md if you want to be subscribed.

Issue Details

---

In continuation to PowerShell/PowerShell#14410

PowerShell-7.0.3$ grep -Rns "ERR_put_error" ./
Binary file ./src/powershell-unix/bin/Linux/netcoreapp3.1/linux-x64/System.Security.Cryptography.Native.OpenSsl.a matches
Binary file ./src/powershell-unix/bin/Linux/netcoreapp3.1/linux-x64/System.Security.Cryptography.Native.OpenSsl.so matches
Binary file ./bin/System.Security.Cryptography.Native.OpenSsl.a matches
Binary file ./bin/System.Security.Cryptography.Native.OpenSsl.so matches

System.Security.Cryptography.Native.OpenSsl.so contains deprecated APIs of Openssl 3.0
Reference: https://www.openssl.org/news/changelog.html

This bug is created for support of openssl 3.0 in dotnet

Author:	satya-rajesh
Assignees:	-
Labels:	area-System.Security, untriaged
Milestone:	-

[bartonjs]

I thought we already had an issue tracking this, but apparently it was just on my implicit TODO. So now this is the issue tracking working with OpenSSL 3. (Which we may have to service... at least, I think we did for 1.0/1.1 hybridization)

[jeffhandley]

@bartonjs I just found that we simply had a note card on our project board for it (hence you thinking we had something tracking it). I've updated the board to use this issue instead of the note card.

[omajid]

Fedora 34, tracked via dotnet/core#5851, will have OpenSSL 3.0: https://fedoraproject.org/wiki/Changes/OpenSSL3.0, though there are plans for a OpenSSL 1.1 package for compatibility.