New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crypto API: deprecating commonly used functions severely decreases ease of use #14628
Comments
I agree, helper functions would be really nice. I don't think we'll hold back beta for this. Likewise for the documentation. Now, if someone came along and presented a PR, we'd likely include it. For MAC, I'd change I'd also consider adding an OSSL_PARAM pointer to the function to allow a user to set additional things without diving into the curious details. I don't know if this is over complicating things. |
We should be looking for a common prefix for the "helper" functions - and this is something that should consistent across all the APIs of this form. Perhaps EVP_Q_? |
I've already started preparing a PR that includes at least
|
Using the new
As a side effect, the upcoming PR will thus also fix these mem leaks. |
Agreed. That pile of arguments to |
So I'll go for
and some instances like |
Why exactly are convenient functions like |
The |
I would argue that we want to stop locking ourselves to specific algorithms, and look to generic functionality that can serve any algo served by providers. |
It's a valid aim to be fully general and future-proof, and I see the point of achieving this for 3.0. There are surely some advanced users who are willing to complicate(!) their applications by switching to the new API because they appreciate the flexibility they gain this way and hopefully have the resources to deal with that. BUT: I am pretty sure that the vast majority of users won't. I strongly fear that by trying to
will not work and rather lead to an overall loss of acceptance. Please note that I do not aim at arguing or working against the new API,
|
@DDvO, it sounds like you're suggesting that I'm not trying to say that we shall not have these easy enough functions, I'm asking for a little bit of remaining generality. |
Well, my response was aimed also at #14664 (comment) which asked for using the flexible Sure
Do we really want this? |
Unless you plan on restoring the exact functions that are deprecated, they need to adapt their code anyway, so I really fail to see how adapting to a name string based call isn't at least as acceptable as a call where the intended algo is part of the function name. |
As mentioned above, there are also other ways, like using the modern implementation underneath and adding a wrapper declaration, either as a simple proper C function or as a macro.
What you fail to see is that even such innocent/trivial adaptations can be painful: Another problem is that sometimes code needs to compile with OpenSSL versions both pre-3.0 and 3.0+.
I developed a security utilities library on top of OpenSSL which is now facing exactly this issue, |
So a backward compatibility library of sorts. This is simple in some cases (like MACs), but quite challenging in others (any RSA function... you'll end up having an RSA type aliased to an EVP_PKEY that itself points at key data where the provider also uses an RSA type that looks completely different. It's doable, but better not mix the header files...) |
You know, the other way is, of course, to continue to use the deprecated functions all you want, and to tell the compiler to be silent about that particular warning. You will have at least 5 years to adapt... |
@levitte depreciation is a strong recommendation to move away from using an API and many organisations have policies to not use deprecated APIs. If we have a problem with APIs then pushing this off does not help - it just creates an ever increasing mess. Helper functions can ease the burden of supporting multiple versions and in reality a lot of our users have to support multiple versions in the one code base. |
Yes, but this would just defer the problem until 5 years later when one is forced to migrate to the new API (or stick with an unmaintained OpenSSL version or move away from OpenSSL).
If one adapts in between, the other issues mentioned above still apply at that point. |
OTC is in favour of having new APIs for one shots (e.g. EVP_Digest). Older one shots (HMAC, SHA256) that can be implemented as a macro wrapping a single function call should be supported. However, such one shots for algorithms in the legacy provider should not be done -- they are legacy and should go away. There will need to be a macro guard to avoid the new macros and the deprecated functions from clashing. |
OTC are also ok with a oneshot keygen function which takes both a "size" parameter and a string parameter to handle both RSA and EC use cases. |
Currently the suggested name for that is |
Would |
AFAICS, yes!
to
|
IMO it is not a good idea. The user should explicitly indicate that he wants these macros. Especially if we are talking about macros such as SHA256() or similar. |
I disagree, we are adding these to make life easier for users. Forcing an additional macro to be defined is an extra step. We've decided that we want these helpers as macros, lets just have them regardless of deprecation. |
The discussion about guards is really not relevant. What you're talking about is to undeprecate certain symbols (such as |
Sweet! So
reduces to simply
|
0a8a6af used the phrase |
Very pleased that finally the PRs improving the situation for HMAC(), SHA*(), and key generation are merged. Are there any further crypto API elements that are planned to be deprecated but would deserve to be handled more user-friendly? |
The AES functions in aes.h all take an AES_KEY pointer, so they aren't suitable for this treatment. They're mostly old modes, so not a big loss IMO. |
Ready to close? |
All related PRs are now merged. Closing. |
… MAC functions This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib, apps, and tests. Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c. and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod Partially fixes openssl#14628. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#14664)
Currently related PRs:
Over the last two days I've been struggling with making code that includes many rather superficial uses of OpenSSL 1.1.x ready for the upcoming version 3.0.
Taking deprecation warnings serious and cleanly getting rid of them was a PITA.
For many cases, user guidance, as well as library support for the new preferred style is still missing or rather poor.
Let me give a couple of examples.
SHA256()
and the like have been deprecated. Then one looks around for alternatives. The man pageSHA256_Init.pod
says:Similarly,
CHANGES.md
says:Reading this, any - typically anyway heavy loaded - programmer will wonder:
For my innocent SHA hash value calculation, why do I suddenly have to bother using a combination of
EVP_Digest*
functions,EVP_MD*
types, and related error conditions - OpenSSL guys, are you serious?Digging around in OpenSSL lib, apps, and test code, I eventually found
EVP_Digest()
, which can serve as a reasonable replacement ofSHA256(data, count, md_buf)
as follows (ignoring the result value here):EVP_Digest(data, count, md_buf, NULL, EVP_sha256(), NULL)
.Still it's cumbersome to change all occurrences of
SHA*()
by suitable invocations ofEVP_Digest()
.Why does OpenSSL not give the most typical use cases at least practically helpful hints, or even better provide automatically usable compatibility definitions?
In this case the old declaration
could be replaced by
HMAC()
the deprecation situation is even worse.HMAC.pod
just states that this and related functions are deprecated, but gives no hints.CHANGES.md
gives some hints similar to those mentioned above:I was not able to find a rather direct replacement, so I ended up defining one myself:
By inserting the following preprocessor trick:
I was able to keep the original code sections that call
HMAC()
untouched.In order to avoid a clash with the current deprecation declaration of
HMAC()
,at first I did this in a place not followed by an inclusion of
hmac.h
.Then I realized this is better done using
RSA_new.pod
andEC_KEY_new.pod
.Their deprecation is just mentioned in
CHANGES.md
, where for RSA no replacement hints are given. For EC at least some hints are given:Since I did not find any simply readily usable functions, I defined them myself:
This code is entirely different to the even more alchemist way of doing the key generation using the pre-3.0. API.
I really wonder why nobody within OpenSSL bothered providing user-friendly key generation functions.
These would also be helpful in various places in the OpenSSL libs, apps, and tests, themselves.
Unless transition is significantly alleviated, user acceptance is put at risk.
The text was updated successfully, but these errors were encountered: