diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2021-03-20 23:16:41 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-12-20 19:07:03 +0900 |
| commit | ccdb6f7bfa5f988a07beecedbf2b6205b6ab8492 (patch) | |
| tree | ca08b11feebdfc6bd8994264911279eb2141bcfd | |
| parent | e168df0f3570709bfb38e9a39838bd0a7e78164c (diff) | |
| download | ruby-openssl-ccdb6f7bfa5f988a07beecedbf2b6205b6ab8492.tar.gz | |
pkey: assume a pkey always has public key components on OpenSSL 3.0
OpenSSL 3.0's EVP_PKEY_get0() returns NULL for provider-backed pkeys.
This causes segfault because it was supposed to never return NULL
before.
We can't check the existence of public key components in this way on
OpenSSL 3.0. Let's just skip it for now.
| -rw-r--r-- | ext/openssl/ossl_pkey.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 94760d32..09d45d85 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -429,9 +429,19 @@ ossl_pkey_s_generate_key(int argc, VALUE *argv, VALUE self) return pkey_generate(argc, argv, self, 0); } +/* + * TODO: There is no convenient way to check the presence of public key + * components on OpenSSL 3.0. But since keys are immutable on 3.0, pkeys without + * these should only be created by OpenSSL::PKey.generate_parameters or by + * parsing DER-/PEM-encoded string. We would need another flag for that. + */ void ossl_pkey_check_public_key(const EVP_PKEY *pkey) { +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + if (EVP_PKEY_missing_parameters(pkey)) + ossl_raise(ePKeyError, "parameters missing"); +#else void *ptr; const BIGNUM *n, *e, *pubkey; @@ -467,6 +477,7 @@ ossl_pkey_check_public_key(const EVP_PKEY *pkey) return; } ossl_raise(ePKeyError, "public key missing"); +#endif } EVP_PKEY * |