Expose operations for RSA flags #2345
Open
+55
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
notgull
force-pushed
the
flags
branch
5 times, most recently
from
61c2791 to
e7e355b
Compare
This commit adds the functions needed to manipulated the flags on the RSA object. These flags are not used in normal SSL as far as I know, but are used by custom providers/engines to change some functionality. The functions I've added are as follows: - RSA_test_flags - RSA_set_flags - RSA_clear_flags Since these operations are not available on OpenSSL 1.0.2 or earlier, I've also added shims that allow one to directly manipulate the "flags" variable on these older versions. This patch is made on behalf of Marvell Technology Inc. Signed-off-by: John Nunley <[email protected]>
|
Sorry for the delay. I'm not sure this is sound: Rsas are reference counted objects, which means multiple can exist with the same pointer. As a result, I don't think mutation operations are sound on them? |
|
Do you think it would be sound if we did this during the RSA creation process? Like if we had a builder for the struct? |
|
Yes, doing it during construction can be sound. I'm ambivalent about a
builder for Rsa, given the fact that it's a deprecated API in OpenSSL
(and we have other PRs to remove/alter it). This whole API space is
very frustrating, which compounds into frustration for you since I'm
not sure what to suggest.
…On Thu, Aug 7, 2025 at 3:14 PM John Nunley ***@***.***> wrote:
notgull left a comment (sfackler/rust-openssl#2345)
Do you think it would be sound if we did this during the RSA creation process? Like if we had a builder for the struct?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
At the moment we're just using a |
|
More like conflicts with other design frustrations 🙃 If you want to have this PR do the test_flags + add ghe handwritten bindings, and then you can do the unsafe call in your own codebase, that works. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit adds the functions needed to manipulate the flags on the RSA object. These flags are not used in normal SSL as far as I know, but are used by custom providers/engines to change some functionality. The functions I've added are as follows:
Since these operations are not available on OpenSSL 1.0.2 or earlier, I've also added shims that allow one to directly manipulate the "flags" variable on these older versions.
This patch is made on behalf of Marvell Technology Inc.