On Thu, 2022-03-24 at 22:19 -0600, Philip Prindeville wrote: > Hi, > > I'm incrementally trying to port asterisk to Openssl 3.0. > > First thing I'm trying to do is wean the code off of the RSA_* > functions, and use generic EVP_PKEY_* functions instead. > > Most of it is fairly straightforward (it seems), but I've been > looking for examples of reading PEM public and private keys into > EVP_PKEY's. > > Currently asterisk uses 1.1.0 or later, so I'm trying to figure make > the code build first under 1.1.0 dropping the functions that get > deprecated in 3.0, and then rewriting (in a separate PR) whatever the > delta is between 1.1.0 and 3.0. > > In 3.0, I can find examples of reading PEM into a public RSA key such > as: > > https://www.openssl.org/docs/manmaster/man3/OSSL_DECODER_from_bio.html > > Though I didn't understand why selection is > OSSL_KEYMGMT_SELECT_KEYPAIR and not OSSL_KEYMGMT_SELECT_PUBLIC or > _PRIVATE. > > What is the way to read a PEM file (as a FILE * or BIO *) into a > EVP_PKEY canonically in 1.1.0? > It's PEM_read_bio_PrivateKey and PEM_read_PrivateKey - these functions aren't deprecated in 3.0 so you can use them there as well. It's actually a better idea to use these than the decoder API directly as they can support legacy functionality (engine based keys). -- Tomáš Mráz, OpenSSL
