Project

General

Profile

Actions
Copy link

Feature #5154

closed

OpenSSL 3.0 support

Added by Davide Pesavento over 3 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Davide Pesavento
Category:
Security
Target version:
0.8.1
Start date:
Due date:
% Done:

100%

Estimated time:
Tags:
openssl

Description

https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/
https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/
https://www.openssl.org/docs/OpenSSL300Design.html
https://www.openssl.org/news/changelog.html#openssl-30
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
https://wiki.openssl.org/index.php/OpenSSL_3.0

Related issues 2 (1 open1 closed)

Related to ndn-cxx - Task #5241: Redesign support for HMAC keysNew

Actions
Related to ndn-cxx - Bug #5251: EVP_PKEY_base_id returns 0ClosedVarun Patil

Actions
Actions
Copy link
 #1

Updated by Davide Pesavento over 3 years ago

  • % Done changed from 0 to 30

With this patch, ndn-cxx can successfully detect openssl 3.0.0-alpha13. The build then proceeds normally.
There are about 40 test failures across various modules, plus several deprecation warnings in security/transform/private-key.cpp and tests/unit/util/random.t.cpp.

Actions
Copy link
 #2

Updated by Davide Pesavento over 3 years ago

  • Description updated (diff)
  • Target version changed from 0.8.0 to 0.9.0
Actions
Copy link
 #3

Updated by Davide Pesavento about 3 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Davide Pesavento about 3 years ago

  • Description updated (diff)
Actions
Copy link
 #5

Updated by Davide Pesavento about 3 years ago

  • Category changed from Build to Security
  • % Done changed from 30 to 60

https://gerrit.named-data.net/c/ndn-cxx/+/6497 This patch conditionally disables testing of the DES-encrypted PKCS #8 private keys in Security/Transform/TestPrivateKey because OpenSSL 3.0 no longer supports DES in the default crypto provider, so loading those keys will fail. It also adds testing of AES-encrypted keys (generated/exported by current versions of ndn-cxx) and DES-EDE3-encrypted keys (briefly used between v0.6.0 and v0.6.3 included).

Actions
Copy link
 #6

Updated by Davide Pesavento over 2 years ago

  • % Done changed from 60 to 70

https://gerrit.named-data.net/c/ndn-cxx/+/6700 fixes the deprecation warnings in private (EC/RSA) key generation.
Most HMAC functionality remains disabled and I'm afraid it will require a major redesign.

Actions
Copy link
 #7

Updated by Davide Pesavento about 2 years ago

  • Related to Task #5241: Redesign support for HMAC keys added
Actions
Copy link
 #8

Updated by Davide Pesavento about 2 years ago

  • Status changed from In Progress to Closed
  • Target version changed from 0.9.0 to 0.8.1
  • % Done changed from 70 to 100

The HMAC redesign is split into #5241.

Actions
Copy link
 #9

Updated by Davide Pesavento almost 2 years ago

  • Related to Bug #5251: EVP_PKEY_base_id returns 0 added
Actions
Copy link
 #10

Updated by Davide Pesavento about 1 year ago

  • Tags set to openssl
Actions
Copy link

Also available in: Atom PDF