OpenSSL 3.2 features to expose

[reaperhulk]

This is a tracking issue for the features in OpenSSL 3.2.0 we want to expose or investigate further:

• AES-GCM-SIV
• RFC6979 (needs rust-openssl work for OSSL_PARAM)
• argon2id (needs rust-openssl work for OSSL_PARAM)
• Investigate whether we need to compile with no-sm2-precomp to prevent linking in a half megabyte of precomputed table.
• Build with no-apps and no-docs
• ed25519/ed448 [ctx/ph]
• HPKE
• default implicit rejection is now enabled for RSA (CVE-2020-25659 "fix" confirmed as insufficient #9785)

[alex]

#9914

[adiroiban]

Thanks for including OpenSSL 3.2.1 in 42.0.2

I am looking into argon2 support, so that I can read Putty v3 SSH key files.

I see that argon2 support in cryptography is blocked by rust-openssl
I don't see any issue created for argon2 in the rust-openssl repo.

I guess that this needs to be defined here https://github.com/sfackler/rust-openssl/blob/master/openssl-sys/src/evp.rs

I am new to rust, but I am happy to help with the work required for argon2

Should I create a PR for rust-openssl ?

Thanks!

[reaperhulk]

Adding argon2 in rust-OpenSSL is the blocker, yes. However that requires implementing EVP_KDF support, which in turn requires OSSL_PARAM. The latter should not be exposed as a public API in the rust library. We intend to do this work but don’t have an ETA so if you want to contribute feel free!

[adiroiban]

I can see that OSSL_PARAM is available since version 0.9.100
sfackler/rust-openssl#2144
I guess that is just the low-level binding API.

So it also needs https://www.openssl.org/docs/manmaster/man3/EVP_KDF.html this bindings

---

Why not implement this via cffi python bindings, similar to what is already implemented here https://github.com/pyca/cryptography/blob/main/src/_cffi_src/openssl/evp.py ?

[reaperhulk]

We are actively moving away from cffi and intend to eliminate it entirely at some point in the future.