diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-09-07 12:15:41 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-09-07 15:44:07 +0900 |
commit | 9435c8b3cab02a78375cb43e122e4cfc7eee79b9 (patch) | |
tree | 4ec70564de4b4665900871decff9e258d259a62d /History.md | |
parent | 4076581a38279706e9d7084f866d6c4d339f96fd (diff) | |
download | ruby-openssl-9435c8b3cab02a78375cb43e122e4cfc7eee79b9.tar.gz |
pkey: make OpenSSL::PKey::EC::Group wrap an EC_GROUP directlytopic/pkey-ec-unlink
As done for EC::Point, remove ossl_ec_group struct. This contains a
breaking change. Modifications to an EC::Group returned by EC#group
no longer affects the EC object unless set to the key explicitly using
EC#group=. This is the common behavior in Ruby/OpenSSL, including other
getter methods of EC such as EC#public_key.
EC#group currently returns a EC::Group linked with the key, i.e. the
EC::Group object holds a reference to an EC_GROUP that the EC_KEY owns.
We use some ugly workaround - the ossl_ec_group struct has a flag
'dont_free' that indicates we must not free the EC_GROUP. But it is
still not possible to control OpenSSL of free'ing the EC_GROUP, so,
for example, the following code behaves strangely:
ec = OpenSSL::PKey::EC.generate("prime256v1")
group = ec.group
p group.curve_name #=> "prime256v1"
ec.group = OpenSSL::PKey::EC::Group.new("prime256v1")
p group.curve_name #=> nil
Diffstat (limited to 'History.md')
-rw-r--r-- | History.md | 18 |
1 files changed, 12 insertions, 6 deletions
@@ -56,13 +56,19 @@ Notable changes - OpenSSL::OCSP::BasicResponse#add_status accepts absolute times. They used to accept only relative seconds from the current time. -* OpenSSL::PKey::EC follows the general PKey interface. - [[Bug #6567]](https://bugs.ruby-lang.org/issues/6567) +* OpenSSL::PKey + + - OpenSSL::PKey::EC follows the general PKey interface. + [[Bug #6567]](https://bugs.ruby-lang.org/issues/6567) + + - OpenSSL::PKey.read raises OpenSSL::PKey::PKeyError instead of ArgumentError + for consistency with OpenSSL::PKey::{DH,DSA,RSA,EC}#new. + [[Bug #11774]](https://bugs.ruby-lang.org/issues/11774), + [[GH ruby/openssl#55]](https://github.com/ruby/openssl/pull/55) -* OpenSSL::PKey.read raises OpenSSL::PKey::PKeyError instead of ArgumentError - for consistency with OpenSSL::PKey::{DH,DSA,RSA,EC}#new. - [[Bug #11774]](https://bugs.ruby-lang.org/issues/11774), - [[GH ruby/openssl#55]](https://github.com/ruby/openssl/pull/55) + - OpenSSL::PKey::EC::Group retrieved by OpenSSL::PKey::EC#group is no longer + linked with the EC key. Modifications to the EC::Group have no effect on the + key. [[GH ruby/openssl#71]](https://github.com/ruby/openssl/pull/71) * OpenSSL::SSL |