Re: RSA_set0_key() equivalent for 3.0.0

[William Roberts]

On Wed, Jul 14, 2021, 09:27 Ken Goldman  wrote:

> On 7/13/2021 5:14 PM, William Roberts wrote:
> > Outside of the migration guide others have pointed out, I think the
> functions you need are:
> >
> > https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html <
> https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html>
> >
> > Use use EVP level now as pointed out in the guide.
>
> Perhaps I'm reading it incorrectly, but I think that API is
> deprecated.
>
> 1 - When I read the SYNOPSIS, there are a few APIs, then a
> "deprecated since OpenSSL 3.0" separator, and then more APIs.
>
> I thought that APIs below the separator are deprecated.
> Is that wrong?
>
> 2 - In evp.h, there is this:
>
> OSSL_DEPRECATEDIN_3_0
> int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
>
> I interpreted that to mean it's deprecated.
>
> Is that wrong?
>
> 3 - When I try to use it, I get:
>
> warning: 'EVP_PKEY_set1_RSA' is deprecated (declared at
> openssl/include/openssl/evp.h:1344)
>
> Seems deprecated.
>


Matt Caswell pointed out that you want EVP_PKEY_fromdata()

Re: RSA_set0_key() equivalent for 3.0.0

[Ken Goldman]

On 7/13/2021 5:14 PM, William Roberts wrote:

Outside of the migration guide others have pointed out, I think the functions 
you need are:

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html 


Use use EVP level now as pointed out in the guide.


Perhaps I'm reading it incorrectly, but I think that API is
deprecated.

1 - When I read the SYNOPSIS, there are a few APIs, then a
"deprecated since OpenSSL 3.0" separator, and then more APIs.

I thought that APIs below the separator are deprecated.
Is that wrong?

2 - In evp.h, there is this:

OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);

I interpreted that to mean it's deprecated.

Is that wrong?

3 - When I try to use it, I get:

warning: 'EVP_PKEY_set1_RSA' is deprecated (declared at 
openssl/include/openssl/evp.h:1344)

Seems deprecated.

Re: RSA_set0_key() equivalent for 3.0.0

[William Roberts]

I'd be nice to have a more detailed porting guide, I'd been poking into
this a little bit, but did you see Matt's response? (Pasted below)

Those functions are deprecated. Better would be EVP_PKEY_fromdata():

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_fromdata.html


On Wed, Jul 14, 2021, 09:15 Ken Goldman  wrote:

> On 7/13/2021 5:08 PM, Nicola Tuveri wrote:
> > There is the migration guide:
> https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
> <
> https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
> >
> >
>
> The migration guide is very general.  It says that the low level APIs are
> deprecated,
> and should be replaced with EVP functions.
>
> Is there anything more specific - replace RSA_set0_key() with ...
>
>

Re: RSA_set0_key() equivalent for 3.0.0

[Ken Goldman]

On 7/13/2021 5:08 PM, Nicola Tuveri wrote:

There is the migration guide: 
https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod 




The migration guide is very general.  It says that the low level APIs are 
deprecated,
and should be replaced with EVP functions.

Is there anything more specific - replace RSA_set0_key() with ...

Re: RSA_set0_key() equivalent for 3.0.0

[Matt Caswell]

On 13/07/2021 22:14, William Roberts wrote:
Outside of the migration guide others have pointed out, I think the 
functions you need are:


https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html 
<https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html>


Those functions are deprecated. Better would be EVP_PKEY_fromdata():

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_fromdata.html

Matt



Use use EVP level now as pointed out in the guide.



On Tue, Jul 13, 2021, 16:04 Ken Goldman <mailto:kgold...@us.ibm.com>> wrote:


    What is the 3.0.0 equivalent to RSA_set0_key() when I
want to create a key token from n and e.

Meta question:  Is there a porting guide for these
type of questions - something that says, "If you
used this before, use this now."

Re: RSA_set0_key() equivalent for 3.0.0

[William Roberts]

Outside of the migration guide others have pointed out, I think the
functions you need are:

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_set1_RSA.html

Use use EVP level now as pointed out in the guide.



On Tue, Jul 13, 2021, 16:04 Ken Goldman  wrote:

> What is the 3.0.0 equivalent to RSA_set0_key() when I
> want to create a key token from n and e.
>
> Meta question:  Is there a porting guide for these
> type of questions - something that says, "If you
> used this before, use this now."
>
>

Re: RSA_set0_key() equivalent for 3.0.0

[Sahana Prasad]

On Tue, Jul 13, 2021 at 11:04 PM Ken Goldman  wrote:

> What is the 3.0.0 equivalent to RSA_set0_key() when I
> want to create a key token from n and e.
>
> Meta question:  Is there a porting guide for these
> type of questions - something that says, "If you
> used this before, use this now."
>

Hi Ken,

you could have a look at the migration guide [1], if you haven't looked at
it already.

[1]
https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod

Thank you,
Regards,
Sahana Prasad

Re: RSA_set0_key() equivalent for 3.0.0

[Nicola Tuveri]

There is the migration guide:
https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod



Best regards,

Nicola

On Wed, Jul 14, 2021, 00:04 Ken Goldman  wrote:

> What is the 3.0.0 equivalent to RSA_set0_key() when I
> want to create a key token from n and e.
>
> Meta question:  Is there a porting guide for these
> type of questions - something that says, "If you
> used this before, use this now."
>
>

RSA_set0_key() equivalent for 3.0.0

[Ken Goldman]

What is the 3.0.0 equivalent to RSA_set0_key() when I
want to create a key token from n and e.

Meta question:  Is there a porting guide for these
type of questions - something that says, "If you
used this before, use this now."