Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL 3.2 features to expose #9795

Open
6 of 8 tasks
reaperhulk opened this issue Oct 28, 2023 · 5 comments
Open
6 of 8 tasks

OpenSSL 3.2 features to expose #9795

reaperhulk opened this issue Oct 28, 2023 · 5 comments

Comments

@reaperhulk
Copy link
Member

reaperhulk commented Oct 28, 2023

This is a tracking issue for the features in OpenSSL 3.2.0 we want to expose or investigate further:

@alex
Copy link
Member

alex commented Nov 23, 2023

#9914

@adiroiban
Copy link
Contributor

adiroiban commented Mar 14, 2024

Thanks for including OpenSSL 3.2.1 in 42.0.2

I am looking into argon2 support, so that I can read Putty v3 SSH key files.

I see that argon2 support in cryptography is blocked by rust-openssl
I don't see any issue created for argon2 in the rust-openssl repo.

I guess that this needs to be defined here https://github.com/sfackler/rust-openssl/blob/master/openssl-sys/src/evp.rs

I am new to rust, but I am happy to help with the work required for argon2

Should I create a PR for rust-openssl ?

Thanks!

@reaperhulk
Copy link
Member Author

Adding argon2 in rust-OpenSSL is the blocker, yes. However that requires implementing EVP_KDF support, which in turn requires OSSL_PARAM. The latter should not be exposed as a public API in the rust library. We intend to do this work but don’t have an ETA so if you want to contribute feel free!

@adiroiban
Copy link
Contributor

I can see that OSSL_PARAM is available since version 0.9.100
sfackler/rust-openssl#2144
I guess that is just the low-level binding API.

So it also needs https://www.openssl.org/docs/manmaster/man3/EVP_KDF.html this bindings


Why not implement this via cffi python bindings, similar to what is already implemented here https://github.com/pyca/cryptography/blob/main/src/_cffi_src/openssl/evp.py ?

@reaperhulk
Copy link
Member Author

We are actively moving away from cffi and intend to eliminate it entirely at some point in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants