diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2021-12-17 02:21:42 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-12-20 23:42:02 +0900 |
commit | b93ae54258684d0c3d1501400af949c013f44fba (patch) | |
tree | c247ccec4f01313bcb0403fc2832235f9eaa3956 | |
parent | 0d698be04f6c76250706e8d56f542c3c7fca0fa7 (diff) | |
download | ruby-b93ae54258684d0c3d1501400af949c013f44fba.tar.gz |
[ruby/openssl] pkey/ec: deprecate OpenSSL::PKey::EC#generate_key!
OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.
https://github.com/ruby/openssl/commit/5e2e66cce8
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 4 | ||||
-rw-r--r-- | test/openssl/test_pkey_ec.rb | 21 |
2 files changed, 17 insertions, 8 deletions
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 3b4930f353..ff3150dac0 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -441,6 +441,9 @@ ossl_ec_key_to_der(VALUE self) */ static VALUE ossl_ec_key_generate_key(VALUE self) { +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0"); +#else EC_KEY *ec; GetEC(self, ec); @@ -448,6 +451,7 @@ static VALUE ossl_ec_key_generate_key(VALUE self) ossl_raise(eECError, "EC_KEY_generate_key"); return self; +#endif } /* diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index 3f5958af50..33f78a4c77 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -13,15 +13,13 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase # FIPS-selftest failure on some environment, so skip for now. next if ["Oakley", "X25519"].any? { |n| curve_name.start_with?(n) } - key = OpenSSL::PKey::EC.new(curve_name) - key.generate_key! - + key = OpenSSL::PKey::EC.generate(curve_name) assert_predicate key, :private? assert_predicate key, :public? assert_nothing_raised { key.check_key } end - key1 = OpenSSL::PKey::EC.new("prime256v1").generate_key! + key1 = OpenSSL::PKey::EC.generate("prime256v1") key2 = OpenSSL::PKey::EC.new key2.group = key1.group @@ -52,6 +50,13 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase assert_equal(true, ec.private?) end + def test_generate_key + ec = OpenSSL::PKey::EC.new("prime256v1") + assert_equal false, ec.private? + ec.generate_key! + assert_equal true, ec.private? + end if !openssl?(3, 0, 0) + def test_marshal key = Fixtures.pkey("p256") deserialized = Marshal.load(Marshal.dump(key)) @@ -136,7 +141,7 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase end def test_dsa_sign_asn1_FIPS186_3 - key = OpenSSL::PKey::EC.new("prime256v1").generate_key! + key = OpenSSL::PKey::EC.generate("prime256v1") size = key.group.order.num_bits / 8 + 1 dgst = (1..size).to_a.pack('C*') sig = key.dsa_sign_asn1(dgst) @@ -145,8 +150,8 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase end def test_dh_compute_key - key_a = OpenSSL::PKey::EC.new("prime256v1").generate_key! - key_b = OpenSSL::PKey::EC.new(key_a.group).generate_key! + key_a = OpenSSL::PKey::EC.generate("prime256v1") + key_b = OpenSSL::PKey::EC.generate(key_a.group) pub_a = key_a.public_key pub_b = key_b.public_key @@ -276,7 +281,7 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase def test_ec_point group = OpenSSL::PKey::EC::Group.new("prime256v1") - key = OpenSSL::PKey::EC.new(group).generate_key! + key = OpenSSL::PKey::EC.generate(group) point = key.public_key point2 = OpenSSL::PKey::EC::Point.new(group, point.to_bn) |