remove openssl dependency

Cargo.toml

@@ -10,7 +10,6 @@ crate-type = ["cdylib", "lib"]
 
 [dependencies]
 mpecdsa = { git = "https://github.com/jirigav/mpecdsa.git", optional = true }
-openssl = "0.10.55"
 prost = "0.11"
 serde = "1.0"
 serde_json = "1.0"
@@ -21,6 +20,11 @@ curve25519-dalek = { version = "4", default-features = false, features = ["alloc
 frost-secp256k1 = { git  = "https://github.com/dufkan/frost.git", branch = "serialize-state", features = ["serde"], optional = true }
 aes-gcm = "0.10.2"
 k256 = { version = "0.13.1", features = ["arithmetic"] }
+p12 = "0.6.3"
+x509-cert = { version = "0.2.5", features = ["builder"] }
+p256 = { version = "0.13.2", features = ["ecdsa"] }
+# https://github.com/RustCrypto/elliptic-curves/discussions/1005
+sha2 = { version = "0.10.7", features = ["oid"] }
 
 [build-dependencies]
 cbindgen = "0.20.0"
@@ -37,4 +41,4 @@ protocol = []
 bindings = []
 gg18 = ["protocol", "dep:mpecdsa"]
 frost = ["protocol", "dep:frost-secp256k1"]
-elgamal = ["protocol", "dep:elastic-elgamal"]
+elgamal = ["protocol", "dep:elastic-elgamal"]

src/auth.rs

@@ -1,39 +1,30 @@
-use openssl::{
-    ec::{EcGroup, EcKey},
-    error::ErrorStack,
-    hash::MessageDigest,
-    nid::Nid,
-    pkcs12::Pkcs12,
-    pkey::PKey,
-    x509::{X509Name, X509Req, X509},
-};
+use std::{error::Error, str::FromStr};
 
-pub fn gen_key_with_csr(name: &str) -> Result<(Vec<u8>, Vec<u8>), ErrorStack> {
-    let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1)?;
-    let ec_key = EcKey::generate(&group)?;
-    let key = PKey::from_ec_key(ec_key)?;
-    let key_der = key.private_key_to_der()?;
+use p256::ecdsa::{DerSignature, SigningKey};
+use p256::pkcs8::EncodePrivateKey;
+use rand::rngs::OsRng;
+use x509_cert::der::Encode;
+use x509_cert::{
+    builder::{Builder, RequestBuilder},
+    name::Name,
+};
 
-    let mut name_builder = X509Name::builder()?;
-    name_builder.append_entry_by_nid(Nid::COMMONNAME, name)?;
-    let subj_name = name_builder.build();
+pub fn gen_key_with_csr(name: &str) -> Result<(Vec<u8>, Vec<u8>), Box<dyn Error>> {
+    let key = SigningKey::random(&mut OsRng);
+    let key_der = key.to_pkcs8_der()?.as_bytes().to_vec();
 
-    let mut req_builder = X509Req::builder()?;
-    req_builder.set_subject_name(&subj_name)?;
-    req_builder.set_pubkey(&key)?;
-    req_builder.sign(&key, MessageDigest::sha256())?;
-    let csr_der = req_builder.build().to_der()?;
+    let subject = Name::from_str(&format!("CN={name}"))?;
+    let builder = RequestBuilder::new(subject, &key)?;
+    let csr = builder.build::<DerSignature>()?;
+    let csr_der = csr.to_der()?;
 
     Ok((key_der, csr_der))
 }
 
-pub fn cert_key_to_pkcs12(key_der: &[u8], cert_der: &[u8]) -> Result<Vec<u8>, ErrorStack> {
-    let key = PKey::private_key_from_der(key_der)?;
-    let cert = X509::from_der(cert_der)?;
-    Pkcs12::builder()
-        .name("meesign auth key")
-        .pkey(&key)
-        .cert(&cert)
-        .build2("")?
-        .to_der()
+pub fn cert_key_to_pkcs12(key_der: &[u8], cert_der: &[u8]) -> Result<Vec<u8>, Box<dyn Error>> {
+    let ca_der = None;
+    let password = "";
+    let pfx = p12::PFX::new(cert_der, key_der, ca_der, password, "meesign auth key")
+        .ok_or("Error creating PKCS #12")?;
+    Ok(pfx.to_der())
 }

src/c_api.rs

@@ -214,7 +214,7 @@ pub unsafe extern "C" fn auth_keygen(name: *const c_char, error_out: *mut *mut c
     match auth::gen_key_with_csr(name) {
         Ok((key, csr)) => AuthKey::new(key, csr),
         Err(error) => {
-            set_error(error_out, &error);
+            set_error(error_out, &*error);
             AuthKey::new(vec![], vec![])
         }
     }
@@ -234,7 +234,7 @@ pub unsafe extern "C" fn auth_cert_key_to_pkcs12(
     match auth::cert_key_to_pkcs12(key_der, cert_der) {
         Ok(pkcs12) => pkcs12.into(),
         Err(error) => {
-            set_error(error_out, &error);
+            set_error(error_out, &*error);
             vec![].into()
         }
     }