sys/evp: set/get params bindings

[huwcbjones]

• sys/evp: add EVP_PKEY_gettable_params
• sys/evp: add EVP_PKEY_settable_params

[alex]

What's the purpose of these? I'm not wild about exposing params as a public API, they're so volatile...

[huwcbjones]

I'm running with the idea of switching the underlying implementation of the Rsa, etc implementations to be backed by the EVP API rather than the deprecated RSA_* APIs.
The Rsa impls have accessors for d, p, q, etc and my plan was to back those funcs with these APIs (see WIP: https://github.com/huwcbjones/rust-openssl/blob/b207499b65deddea14a372fba12737e50dde772b/openssl/src/rsa.rs#L241-L25).

In hindsight, they could probably be pub(crate) so we can use them internally, but not expose them.

[alex]

Yes, these shouldn't be public APIs. Given that, I think they can be merged in with that.

…

On Mon, Aug 4, 2025 at 6:42 PM Huw Jones ***@***.***> wrote: *huwcbjones* left a comment (rust-openssl/rust-openssl#2436) <#2436 (comment)> I'm running with the idea of switching the underlying implementation of the Rsa, etc implementations to be backed by the EVP API rather than the deprecated RSA_* APIs. The Rsa impls have accessors for d, p, q, etc and my plan was to back those funcs with these APIs (see WIP: https://github.com/huwcbjones/rust-openssl/blob/b207499b65deddea14a372fba12737e50dde772b/openssl/src/rsa.rs#L241-L25 ). In hindsight, they could probably be pub(crate) so we can use them internally, but not expose them. — Reply to this email directly, view it on GitHub <#2436 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAAGBFYPOJ3YSN5S3DU2O33L7OXBAVCNFSM6AAAAACDCN3SRCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTCNJSGY2DAMBSGA> . You are receiving this because you commented.Message ID: ***@***.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

[huwcbjones]

Have reduced the visibility of those funcs

[alex]

If you'd like to add the bindings to openssl-sys, that's fine, but it doesn't make sense to add APIs to EVP PKEY that we don't have actual callers for.

[alex]

If you'd like to add the bindings to openssl-sys, that's fine, but it doesn't make sense to add APIs to EVP PKEY that we don't have actual callers for.