Skip to content

Add ability to create PKey from parameters #2439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Add ability to create PKey from parameters #2439

wants to merge 15 commits into from

Conversation

huwcbjones
Copy link
Contributor

@huwcbjones huwcbjones commented Aug 6, 2025
edited
Loading

Work towards #2047 by adding ability to create PKeys from OSSL params.

As such:

  1. Add wrappers around OSSL_PARAM_BLD and OSSL_PARAM to make it easier interacting with these APIs (as well as ensuring lifetimes/ownership is respected). As noted in sys/evp: set/get params bindings #2436 (comment) it's not preferrable to expose these APIs publicly, so leave them as an internal module.
  2. Add the EVP_PKEY_fromdata* APIs to PkeyCtx.
  3. Use the ParamBuilder instead of manually constructing a list of params in KDF and PKEY_CTX.

For Rsa, this means that from_public_components would look like this

        #[cfg(ossl300)]
        {
            let params = ParamBuilder::new()
                .push_bignum(c"n", &n)?
                .push_bignum(c"e", &e)?
                .build()?;
            return pkey_from_params(Id::RSA, &params)?.rsa();
        }

        #[cfg(not(ossl300))]
        unsafe {
            let rsa = cvt_p(ffi::RSA_new())?;
            RSA_set0_key(rsa, n.as_ptr(), e.as_ptr(), ptr::null_mut());
            mem::forget((n, e));
            Ok(Rsa::from_ptr(rsa))
        }

@huwcbjones huwcbjones force-pushed the huw/evp-from-params branch 6 times, most recently from 33d55eb to 6ec4f5e Compare August 6, 2025 16:58
@huwcbjones huwcbjones marked this pull request as ready for review August 6, 2025 17:33
@huwcbjones huwcbjones force-pushed the huw/evp-from-params branch 5 times, most recently from ddfc4d6 to d5a03e9 Compare August 13, 2025 15:32
@huwcbjones huwcbjones mentioned this pull request Aug 13, 2025
Open
@huwcbjones huwcbjones force-pushed the huw/evp-from-params branch from d5a03e9 to a87b819 Compare August 19, 2025 09:12
@huwcbjones huwcbjones force-pushed the huw/evp-from-params branch from a87b819 to 5e26fd8 Compare August 26, 2025 11:01
@huwcbjones
Copy link
Contributor Author

@alex, any chance you could take a look at this PR?

@alex
Copy link
Collaborator

alex commented Aug 27, 2025

So, I'm not interested in including ossl params anywhere in the public API, I think they're a giant mistake and I hope OpenSSL gets rid of them.

I'd be ok:

  • With a PR that just adds the -sys bindings
  • Refactoring the private usage of OSSL_PARAMS to have a param builder or similar

But I'm not interested in any changes to the public APIs for this.

@huwcbjones
Copy link
Contributor Author

After working with params API to get things working in a non-deprecated way, I completely agree with you!

Regarding the comment about changes to the public APIs, there was a reason why I added the params mod as a non-public one, see:

rust-openssl/openssl/src/lib.rs

Lines 180 to 181 in 5e26fd8

#[cfg(ossl300)]
mod params;
.
I left the visibility of everything else in that mod as pub because I was lazy. I can change it all to pub(crate) if you want?
Either way, I don't think I've changed the public API (and if I have, it was completely unintentional as I agree that the params stuff should be kept internal only).

@huwcbjones huwcbjones force-pushed the huw/evp-from-params branch from 5e26fd8 to a8cce0c Compare August 29, 2025 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@huwcbjones @alex