diff options
author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-05 15:00:47 +0000 |
---|---|---|
committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-05 15:00:47 +0000 |
commit | ad3cb1523f8c98ce1de5f1255c4a16e18b8f19eb (patch) | |
tree | 64b8295bf3f80cd8f72d0c775e9a0be79ed87fe3 /ext/openssl/ossl_ssl.c | |
parent | eebee71287191ead1f90d8e27a9499a361618ebf (diff) | |
download | ruby-ad3cb1523f8c98ce1de5f1255c4a16e18b8f19eb.tar.gz |
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
-rw-r--r-- | ext/openssl/ossl_ssl.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index cfb64d2cec..fd1ad746b9 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -258,7 +258,7 @@ ossl_call_tmp_dh_callback(VALUE args) if (NIL_P(cb)) return Qfalse; dh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(dh); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse; + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) return Qfalse; return dh; } @@ -276,7 +276,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) if (!RTEST(dh)) return NULL; ossl_ssl_set_tmp_dh(rb_ssl, dh); - return GetPKeyPtr(dh)->pkey.dh; + return EVP_PKEY_get0_DH(GetPKeyPtr(dh)); } #endif /* OPENSSL_NO_DH */ @@ -292,7 +292,7 @@ ossl_call_tmp_ecdh_callback(VALUE args) if (NIL_P(cb)) return Qfalse; ecdh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(ecdh); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return Qfalse; + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) return Qfalse; return ecdh; } @@ -310,7 +310,7 @@ ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength) if (!RTEST(ecdh)) return NULL; ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh); - return GetPKeyPtr(ecdh)->pkey.ec; + return EVP_PKEY_get0_EC_KEY(GetPKeyPtr(ecdh)); } #endif |