ruby-changes:69395
From: Kazuki <ko1@a...>
Date: Mon, 25 Oct 2021 00:43:47 +0900 (JST)
Subject: [ruby-changes:69395] 040387d265 (master): [ruby/openssl] digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists
https://git.ruby-lang.org/ruby.git/commit/?id=040387d265 From 040387d265e405c769867dbedd47c723185bc944 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Thu, 22 Apr 2021 13:57:47 +0900 Subject: [ruby/openssl] digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists The function was renamed in OpenSSL 3.0 due to the change of the lifetime of EVP_MD objects. They are no longer necessarily statically allocated and can be reference-counted -- when an EVP_MD_CTX is free'd, the associated EVP_MD can also become inaccessible. Currently Ruby/OpenSSL only handles builtin algorithms, so no special handling is needed except for adapting to the rename. https://github.com/ruby/openssl/commit/0a253027e6 --- ext/openssl/extconf.rb | 1 + ext/openssl/openssl_missing.h | 4 ++++ ext/openssl/ossl_digest.c | 6 +++--- ext/openssl/ossl_hmac.c | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 98f96afe77..842b7f5b1a 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -176,6 +176,7 @@ have_func("ERR_get_error_all") https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L176 have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h") have_func("SSL_CTX_load_verify_file") have_func("BN_check_prime") +have_func("EVP_MD_CTX_get0_md") Logging::message "=== Checking done. ===\n" diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 1b1a54a824..64212349c9 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -219,4 +219,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L219 # define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts) #endif +#ifndef HAVE_EVP_MD_CTX_GET0_MD +# define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx) +#endif + #endif /* _OSSL_OPENSSL_MISSING_H_ */ diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index b2506de7f7..fc326ec14a 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -63,7 +63,7 @@ ossl_evp_get_digestbyname(VALUE obj) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L63 GetDigest(obj, ctx); - md = EVP_MD_CTX_md(ctx); + md = EVP_MD_CTX_get0_md(ctx); } return md; @@ -176,7 +176,7 @@ ossl_digest_reset(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L176 EVP_MD_CTX *ctx; GetDigest(self, ctx); - if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL) != 1) { + if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) { ossl_raise(eDigestError, "Digest initialization failed."); } @@ -259,7 +259,7 @@ ossl_digest_name(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L259 GetDigest(self, ctx); - return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx))); + return rb_str_new_cstr(EVP_MD_name(EVP_MD_CTX_get0_md(ctx))); } /* diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index a21db6c481..2642728b85 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -239,7 +239,7 @@ ossl_hmac_reset(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_hmac.c#L239 GetHMAC(self, ctx); pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); - if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_md(ctx), NULL, pkey) != 1) + if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1) ossl_raise(eHMACError, "EVP_DigestSignInit"); return self; -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/