Porting asterisk to Openssl-3.0

[Philip Prindeville]

Hi,

I'm incrementally trying to port asterisk to Openssl 3.0.

First thing I'm trying to do is wean the code off of the RSA_* functions, and 
use generic EVP_PKEY_* functions instead.

Most of it is fairly straightforward (it seems), but I've been looking for 
examples of reading PEM public and private keys into EVP_PKEY's.

Currently asterisk uses 1.1.0 or later, so I'm trying to figure make the code 
build first under 1.1.0 dropping the functions that get deprecated in 3.0, and 
then rewriting (in a separate PR) whatever the delta is between 1.1.0 and 3.0.

In 3.0, I can find examples of reading PEM into a public RSA key such as:

https://www.openssl.org/docs/manmaster/man3/OSSL_DECODER_from_bio.html

Though I didn't understand why selection is OSSL_KEYMGMT_SELECT_KEYPAIR and not 
OSSL_KEYMGMT_SELECT_PUBLIC or _PRIVATE.

What is the way to read a PEM file (as a FILE * or BIO *) into a EVP_PKEY 
canonically in 1.1.0?

I can't find an example in the docs.

Thanks,

-Philip

Re: [External] Re: SSL_connect() failing on SSL3_MT_NEWSESSION_TICKET on Raspberry Pi

[Matt Caswell]

On 23/03/2022 18:08, Helde, Paavo wrote:

Great! That does suggest an unknown bug exists in master though...

If you can manage it would be useful for us if you tried the latest master version of 
OpenSSL with the "no-asm" config option. My guess is new assembler code might 
be the cause of this. If turning off assembler resolves the issue then that would confirm 
my guess.


You are right, I ran through the builds and it appears indeed no-asm fixes the 
problem with the current github master on raspberry pi (aarch64, 
little-endian). Let me know if you need any more info!


Thanks for this. I have raised this issue to track the problem:

https://github.com/openssl/openssl/issues/17958

Matt