diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2021-04-22 13:57:47 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-10-24 17:24:50 +0900 |
commit | 0a253027e6be47c0b7fd8b664f1048f24d7ca657 (patch) | |
tree | f7e5ea48a182d650b3535a8fca35aafdc76b3abd /ext/openssl | |
parent | 90d51ef51091384cde33614d3665232be16682a0 (diff) | |
download | ruby-openssl-0a253027e6be47c0b7fd8b664f1048f24d7ca657.tar.gz |
digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists
The function was renamed in OpenSSL 3.0 due to the change of the
lifetime of EVP_MD objects. They are no longer necessarily statically
allocated and can be reference-counted -- when an EVP_MD_CTX is free'd,
the associated EVP_MD can also become inaccessible.
Currently Ruby/OpenSSL only handles builtin algorithms, so no special
handling is needed except for adapting to the rename.
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/extconf.rb | 1 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 4 | ||||
-rw-r--r-- | ext/openssl/ossl_digest.c | 6 | ||||
-rw-r--r-- | ext/openssl/ossl_hmac.c | 2 |
4 files changed, 9 insertions, 4 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 98f96afe..842b7f5b 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -176,6 +176,7 @@ have_func("ERR_get_error_all") have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h") have_func("SSL_CTX_load_verify_file") have_func("BN_check_prime") +have_func("EVP_MD_CTX_get0_md") Logging::message "=== Checking done. ===\n" diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 1b1a54a8..64212349 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -219,4 +219,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec) # define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts) #endif +#ifndef HAVE_EVP_MD_CTX_GET0_MD +# define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx) +#endif + #endif /* _OSSL_OPENSSL_MISSING_H_ */ diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index b2506de7..fc326ec1 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -63,7 +63,7 @@ ossl_evp_get_digestbyname(VALUE obj) GetDigest(obj, ctx); - md = EVP_MD_CTX_md(ctx); + md = EVP_MD_CTX_get0_md(ctx); } return md; @@ -176,7 +176,7 @@ ossl_digest_reset(VALUE self) EVP_MD_CTX *ctx; GetDigest(self, ctx); - if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL) != 1) { + if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) { ossl_raise(eDigestError, "Digest initialization failed."); } @@ -259,7 +259,7 @@ ossl_digest_name(VALUE self) GetDigest(self, ctx); - return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx))); + return rb_str_new_cstr(EVP_MD_name(EVP_MD_CTX_get0_md(ctx))); } /* diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index a21db6c4..2642728b 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -239,7 +239,7 @@ ossl_hmac_reset(VALUE self) GetHMAC(self, ctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); - if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_md(ctx), NULL, pkey) != 1) + if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1) ossl_raise(eHMACError, "EVP_DigestSignInit"); return self; |