Merge branch 'maint-3.0'

* maint-3.0: Ruby/OpenSSL 3.0.2 Fix build with LibreSSL 3.5 Fix operator precedence in OSSL_OPENSSL_PREREQ and OSSL_LIBRESSL_PREREQ Ruby/OpenSSL 2.2.3 ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5 test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters pkey/ec: check private key validity with OpenSSL 3 Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3 pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINT raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true
author: Kazuki Yamaguchi <k@rhe.jp> 2022-12-23 09:23:13 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2022-12-23 09:23:13 +0900
commit: 5cb3bfb233c06311b101e2ccbace93c476828eff (patch)
tree: b8446eac06c0189d475d686324c6c988890d29fa /ext/openssl
parent: 75bbc8ad71ec869adf5f5353c2afb5ce916c6aa5 (diff)
parent: 466d1be205901c19c2b61bbeba13177bef758b99 (diff)
download: ruby-openssl-5cb3bfb233c06311b101e2ccbace93c476828eff.tar.gz
1 files changed, 33 insertions, 17 deletions
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index ab39b9c8..a59849f7 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -483,16 +483,28 @@ static VALUE ossl_ec_key_check_key(VALUE self)
 #ifdef HAVE_EVP_PKEY_CHECK
     EVP_PKEY *pkey;
     EVP_PKEY_CTX *pctx;
-    int ret;
+    EC_KEY *ec;
 
     GetPKey(self, pkey);
+    GetEC(self, ec);
     pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
     if (!pctx)
-        ossl_raise(eDHError, "EVP_PKEY_CTX_new");
-    ret = EVP_PKEY_public_check(pctx);
+        ossl_raise(eECError, "EVP_PKEY_CTX_new");
+
+    if (EC_KEY_get0_private_key(ec) != NULL) {
+        if (EVP_PKEY_check(pctx) != 1) {
+            EVP_PKEY_CTX_free(pctx);
+            ossl_raise(eECError, "EVP_PKEY_check");
+        }
+    }
+    else {
+        if (EVP_PKEY_public_check(pctx) != 1) {
+            EVP_PKEY_CTX_free(pctx);
+            ossl_raise(eECError, "EVP_PKEY_public_check");
+        }
+    }
+
     EVP_PKEY_CTX_free(pctx);
-    if (ret != 1)
-        ossl_raise(eECError, "EVP_PKEY_public_check");
 #else
     EC_KEY *ec;
 
@@ -668,10 +680,11 @@ static VALUE ossl_ec_group_eql(VALUE a, VALUE b)
     GetECGroup(a, group1);
     GetECGroup(b, group2);
 
-    if (EC_GROUP_cmp(group1, group2, ossl_bn_ctx) == 1)
-       return Qfalse;
-
-    return Qtrue;
+    switch (EC_GROUP_cmp(group1, group2, ossl_bn_ctx)) {
+    case 0: return Qtrue;
+    case 1: return Qfalse;
+    default: ossl_raise(eEC_GROUP, "EC_GROUP_cmp");
+    }
 }
 
 /*
@@ -1232,10 +1245,13 @@ static VALUE ossl_ec_point_eql(VALUE a, VALUE b)
     GetECPoint(b, point2);
     GetECGroup(group_v1, group);
 
-    if (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx) == 1)
-        return Qfalse;
+    switch (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx)) {
+    case 0: return Qtrue;
+    case 1: return Qfalse;
+    default: ossl_raise(eEC_POINT, "EC_POINT_cmp");
+    }
 
-    return Qtrue;
+    UNREACHABLE;
 }
 
 /*
@@ -1253,7 +1269,7 @@ static VALUE ossl_ec_point_is_at_infinity(VALUE self)
     switch (EC_POINT_is_at_infinity(group, point)) {
     case 1: return Qtrue;
     case 0: return Qfalse;
-    default: ossl_raise(cEC_POINT, "EC_POINT_is_at_infinity");
+    default: ossl_raise(eEC_POINT, "EC_POINT_is_at_infinity");
     }
 
     UNREACHABLE;
@@ -1274,7 +1290,7 @@ static VALUE ossl_ec_point_is_on_curve(VALUE self)
     switch (EC_POINT_is_on_curve(group, point, ossl_bn_ctx)) {
     case 1: return Qtrue;
     case 0: return Qfalse;
-    default: ossl_raise(cEC_POINT, "EC_POINT_is_on_curve");
+    default: ossl_raise(eEC_POINT, "EC_POINT_is_on_curve");
     }
 
     UNREACHABLE;
@@ -1297,7 +1313,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
     rb_warn("OpenSSL::PKey::EC::Point#make_affine! is deprecated");
 #if !OSSL_OPENSSL_PREREQ(3, 0, 0)
     if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
-        ossl_raise(cEC_POINT, "EC_POINT_make_affine");
+        ossl_raise(eEC_POINT, "EC_POINT_make_affine");
 #endif
 
     return self;
@@ -1316,7 +1332,7 @@ static VALUE ossl_ec_point_invert(VALUE self)
     GetECPointGroup(self, group);
 
     if (EC_POINT_invert(group, point, ossl_bn_ctx) != 1)
-        ossl_raise(cEC_POINT, "EC_POINT_invert");
+        ossl_raise(eEC_POINT, "EC_POINT_invert");
 
     return self;
 }
@@ -1334,7 +1350,7 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
     GetECPointGroup(self, group);
 
     if (EC_POINT_set_to_infinity(group, point) != 1)
-        ossl_raise(cEC_POINT, "EC_POINT_set_to_infinity");
+        ossl_raise(eEC_POINT, "EC_POINT_set_to_infinity");
 
     return self;
 }
author	Kazuki Yamaguchi <k@rhe.jp>	2022-12-23 09:23:13 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2022-12-23 09:23:13 +0900
commit	5cb3bfb233c06311b101e2ccbace93c476828eff (patch)
tree	b8446eac06c0189d475d686324c6c988890d29fa /ext/openssl
parent	75bbc8ad71ec869adf5f5353c2afb5ce916c6aa5 (diff)
parent	466d1be205901c19c2b61bbeba13177bef758b99 (diff)
download	ruby-openssl-5cb3bfb233c06311b101e2ccbace93c476828eff.tar.gz