Porting asterisk to Openssl-3.0
Tomas Mraz
tomas at openssl.org
Fri Mar 25 08:37:26 UTC 2022
On Thu, 2022-03-24 at 22:19 -0600, Philip Prindeville wrote:
> Hi,
>
> I'm incrementally trying to port asterisk to Openssl 3.0.
>
> First thing I'm trying to do is wean the code off of the RSA_*
> functions, and use generic EVP_PKEY_* functions instead.
>
> Most of it is fairly straightforward (it seems), but I've been
> looking for examples of reading PEM public and private keys into
> EVP_PKEY's.
>
> Currently asterisk uses 1.1.0 or later, so I'm trying to figure make
> the code build first under 1.1.0 dropping the functions that get
> deprecated in 3.0, and then rewriting (in a separate PR) whatever the
> delta is between 1.1.0 and 3.0.
>
> In 3.0, I can find examples of reading PEM into a public RSA key such
> as:
>
> https://www.openssl.org/docs/manmaster/man3/OSSL_DECODER_from_bio.html
>
> Though I didn't understand why selection is
> OSSL_KEYMGMT_SELECT_KEYPAIR and not OSSL_KEYMGMT_SELECT_PUBLIC or
> _PRIVATE.
>
> What is the way to read a PEM file (as a FILE * or BIO *) into a
> EVP_PKEY canonically in 1.1.0?
>
It's PEM_read_bio_PrivateKey and PEM_read_PrivateKey - these functions
aren't deprecated in 3.0 so you can use them there as well. It's
actually a better idea to use these than the decoder API directly as
they can support legacy functionality (engine based keys).
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list