Conversation
…meter APIs (#920) Replace all EVP_PKEY_get0_EC_KEY, EC_KEY_*, and EVP_PKEY_assign_EC_KEY calls with modern EVP parameter APIs: - EVP_PKEY_get_bn_param / EVP_PKEY_get_octet_string_param / EVP_PKEY_get_utf8_string_param for reading EC key data - OSSL_PARAM_BLD + EVP_PKEY_fromdata for constructing EC keys Affected files: - SignUtils.hpp: getBytesOfRS() uses EVP param API for curve order - HybridKeyObjectHandle.cpp: exportKey, exportJwk, initJwk, keyDetail, initECRaw all migrated to EVP param APIs - HybridECDH.cpp: getPrivateKey, getPublicKey, setPrivateKey, setPublicKey, computeSecret all migrated; shared createEcEvpPkey helper added; deprecation warning pragmas removed EC_GROUP, EC_POINT, and related functions remain as they are not deprecated. The ncrypto dependency's internal deprecated usage is out of scope.
- Extract shared createEcEvpPkey() utility to QuickCryptoUtils.hpp, eliminating 3 duplicate OSSL_PARAM_BLD patterns across HybridECDH.cpp, HybridKeyObjectHandle.cpp (initJwk + initECRaw) - Fix getBytesOfRS() performance: query EC order directly via OSSL_PKEY_PARAM_EC_ORDER instead of allocating EC_GROUP per call - Fix exportJwk() to throw when EC public key coordinates extraction fails instead of silently producing invalid JWK - Add missing return value check on EC_POINT_point2oct in setPrivateKey - Remove stale migration comment Tests: - Add ECDSA P1363 signing tests for P-384 (96-byte sig) and P-521 (132-byte sig) to validate getBytesOfRS correctness - Add ECDH setPrivateKey + computeSecret round-trip tests for P-384, P-521, and secp256k1 curves - Add JWK EC round-trip tests (export -> import -> sign/verify) for P-256, P-384, P-521 via createPrivateKey/createPublicKey
…icKey)
Wire up PublicKeyObject.export({ format: 'jwk' }) and
PrivateKeyObject.export({ format: 'jwk' }) to the existing native
exportJwk() method instead of throwing 'not implemented'.
The native C++ implementation was already complete — this change
bridges the TypeScript layer to call it.
- Replace CryptoKeyInternal duck type with CryptoKey import in hkdf.ts, removing the any escape hatch (#2) - Use EVP_PKEY_bits() instead of allocating EC_GROUP just for field_size in exportJwk; hardcode field sizes for known curves in initJwk (#3) - Move createEcEvpPkey from inline header to QuickCryptoUtils.cpp to avoid code duplication across translation units (#4) - Remove unnecessary 'as any' casts in JWK round-trip tests since KeyInputObject already accepts JWK (#6)
Contributor
🤖 End-to-End Test Results - AndroidStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
Contributor
🤖 End-to-End Test Results - iOSStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates all deprecated
EC_KEY_*andEVP_PKEY_get0_EC_KEY/EVP_PKEY_assign_EC_KEYAPIs to modern OpenSSL 3.x EVP parameter APIs (OSSL_PARAM_BLD,EVP_PKEY_fromdata,EVP_PKEY_get_bn_param,EVP_PKEY_get_octet_string_param). Also implements JWK export for EC keys viacreatePrivateKey/createPublicKey.Changes
C++ (OpenSSL migration)
HybridECDH.cpp: Replace allEC_KEY_*usage incomputeSecret,getPrivateKey,setPrivateKey,getPublicKey,setPublicKeywith EVP parameter APIsHybridKeyObjectHandle.cpp: MigrateexportKey(raw EC public key),exportJwk(EC coordinate extraction),initJwk(EC key construction),keyDetail(curve name), andinitECRawto EVP APIsSignUtils.hpp: ReplaceEVP_PKEY_get0_EC_KEYingetBytesOfRS()withEVP_PKEY_get_bn_param(OSSL_PKEY_PARAM_EC_ORDER)QuickCryptoUtils.hpp/.cpp: Extract sharedcreateEcEvpPkey()utility usingOSSL_PARAM_BLD+EVP_PKEY_fromdata, moved from inline header to dedicated compilation unit#pragma clang diagnosticdeprecation warning suppression (no longer needed)TypeScript (JWK export)
classes.ts: Implementexport({ format: 'jwk' })forPublicKeyObjectandPrivateKeyObject(previously threw "not implemented")index.ts: Add JWK import support increatePublicKeyandcreatePrivateKeyhkdf.ts: ReplaceCryptoKeyInternalduck-type interface with properCryptoKeyimport (removesanyescape hatch)Tests
Testing
Tests run in the React Native example app. All new tests cover the migrated code paths across multiple EC curves.
Closes #920