From 7ea72f1f50849ad0c36e08c0ac70bbdba1d96169 Mon Sep 17 00:00:00 2001 From: rhe Date: Sun, 5 Jun 2016 15:00:47 +0000 Subject: openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs * ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and {RSA,DSA,EC_KEY,DH}_get0_*() functions. OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide setter methods for each parameter of each PKey type, for example PKey::RSA#e=, but this is no longer possible because the new API RSA_set0_key() requires the 'n' at the same time. This commit adds deprecation warning to them and adds PKey::*#set_* methods as direct wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}. Emit a warning with rb_warning() when old setter methods are used. * test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb, test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH object that are used in tmp_dh_callback. Generating a new key pair every time should be fine - actually the private exponent is ignored in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set. https://www.openssl.org/news/secadv/20160128.txt git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_pkey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ext/openssl/ossl_pkey.c') diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index e795f424..c59a3646 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -76,7 +76,7 @@ ossl_pkey_new(EVP_PKEY *pkey) if (!pkey) { ossl_raise(ePKeyError, "Cannot make new key from NULL."); } - switch (EVP_PKEY_type(pkey->type)) { + switch (EVP_PKEY_base_id(pkey)) { #if !defined(OPENSSL_NO_RSA) case EVP_PKEY_RSA: return ossl_rsa_new(pkey); -- cgit v1.2.3