From 63abe0078521d91db7a28de1db14bd193f74aad3 Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 5 Jun 2016 15:00:47 +0000
Subject: openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs

* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
  {RSA,DSA,EC_KEY,DH}_get0_*() functions.
  OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
  setter methods for each parameter of each PKey type, for example
  PKey::RSA#e=, but this is no longer possible because the new API
  RSA_set0_key() requires the 'n' at the same time. This commit adds
  deprecation warning to them and adds PKey::*#set_* methods as direct
  wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
  rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
  [ruby-core:75225] [Feature #12324]

* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
  RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
  Emit a warning with rb_warning() when old setter methods are used.

* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
  test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
  object that are used in tmp_dh_callback. Generating a new key pair
  every time should be fine - actually the private exponent is ignored
  in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
  https://www.openssl.org/news/secadv/20160128.txt

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/rubygems/test_gem_remote_fetcher.rb | 12 ------------
 1 file changed, 12 deletions(-)

(limited to 'test/rubygems')

diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb
index 49b6b6656c..cf1b27d547 100644
--- a/test/rubygems/test_gem_remote_fetcher.rb
+++ b/test/rubygems/test_gem_remote_fetcher.rb
@@ -81,7 +81,6 @@ gems:
   # Generated via:
   #   x = OpenSSL::PKey::DH.new(2048) # wait a while...
   #   x.to_s => pem
-  #   x.priv_key.to_s => hex for OpenSSL::BN.new
   TEST_KEY_DH2048 =  OpenSSL::PKey::DH.new <<-_end_of_pem_
 -----BEGIN DH PARAMETERS-----
 MIIBCAKCAQEA3Ze2EHSfYkZLUn557torAmjBgPsqzbodaRaGZtgK1gEU+9nNJaFV
@@ -93,17 +92,6 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg==
 -----END DH PARAMETERS-----
     _end_of_pem_
 
-  TEST_KEY_DH2048.priv_key = OpenSSL::BN.new("108911488509734781344423639" \
-     "5585749502236089033416160524030987005037540379474123441273555416835" \
-     "4725688238369352738266590757370603937618499698665047757588998555345" \
-     "3446251978586372525530219375408331096098220027413238477359960428372" \
-     "0195464393332338164504352015535549496585792320286513563739305843396" \
-     "9294344974028713065472959376197728193162272314514335882399554394661" \
-     "5306385003430991221886779612878793446851681835397455333989268503748" \
-     "7862488679178398716189205737442996155432191656080664090596502674943" \
-     "7902481557157485795980326766117882761941455140582265347052939604724" \
-     "964857770053363840471912215799994973597613931991572884", 16)
-
   def setup
     @proxies = %w[https_proxy http_proxy HTTP_PROXY http_proxy_user HTTP_PROXY_USER http_proxy_pass HTTP_PROXY_PASS no_proxy NO_PROXY]
     @old_proxies = @proxies.map {|k| ENV[k] }
-- 
cgit v1.2.3