diff options
| author | rhe <rhe@ruby-lang.org> | 2016-06-05 15:00:47 +0000 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-06-09 15:05:21 +0900 |
| commit | 7ea72f1f50849ad0c36e08c0ac70bbdba1d96169 (patch) | |
| tree | 46033201fd4c5e4c50226996e6124bc9165773b1 /ext/openssl/ossl_pkey_ec.c | |
| parent | 6a32c74bd56053175a7426d50ff89bf954615855 (diff) | |
| download | ruby-openssl-7ea72f1f50849ad0c36e08c0ac70bbdba1d96169.tar.gz | |
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_pkey_ec.c')
| -rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 958e7105..30ded33c 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -25,7 +25,7 @@ static const rb_data_type_t ossl_ec_point_type; #define GetPKeyEC(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_EC) { \ + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A EC PKEY!"); \ } \ } while (0) @@ -38,7 +38,7 @@ static const rb_data_type_t ossl_ec_point_type; #define Get_EC_KEY(obj, key) do { \ EVP_PKEY *pkey; \ GetPKeyEC((obj), pkey); \ - (key) = pkey->pkey.ec; \ + (key) = EVP_PKEY_get0_EC_KEY(pkey); \ } while(0) #define Require_EC_KEY(obj, key) do { \ @@ -137,7 +137,7 @@ VALUE ossl_ec_new(EVP_PKEY *pkey) obj = ec_instance(cEC, EC_KEY_new()); } else { obj = NewPKey(cEC); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { ossl_raise(rb_eTypeError, "Not a EC key!"); } SetPKey(obj, pkey); @@ -232,7 +232,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self) VALUE arg, pass; GetPKey(self, pkey); - if (pkey->pkey.ec) + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) ossl_raise(eECError, "EC_KEY already initialized"); rb_scan_args(argc, argv, "02", &arg, &pass); |