https://git.ruby-lang.org/ruby.git/commit/?id=61e426ae05

From 61e426ae059945088b2bf84cdf1c8bdef273f314 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@r...>
Date: Sat, 20 Mar 2021 23:16:41 +0900
Subject: [ruby/openssl] pkey: assume a pkey always has public key components
 on OpenSSL 3.0

OpenSSL 3.0's EVP_PKEY_get0() returns NULL for provider-backed pkeys.
This causes segfault because it was supposed to never return NULL
before.

We can't check the existence of public key components in this way on
OpenSSL 3.0. Let's just skip it for now.

https://github.com/ruby/openssl/commit/ccdb6f7bfa
---
 ext/openssl/ossl_pkey.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 94760d32f41..09d45d85ca8 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -429,9 +429,19 @@ ossl_pkey_s_generate_key(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L429
     return pkey_generate(argc, argv, self, 0);
 }
 
+/*
+ * TODO: There is no convenient way to check the presence of public key
+ * components on OpenSSL 3.0. But since keys are immutable on 3.0, pkeys without
+ * these should only be created by OpenSSL::PKey.generate_parameters or by
+ * parsing DER-/PEM-encoded string. We would need another flag for that.
+ */
 void
 ossl_pkey_check_public_key(const EVP_PKEY *pkey)
 {
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+    if (EVP_PKEY_missing_parameters(pkey))
+        ossl_raise(ePKeyError, "parameters missing");
+#else
     void *ptr;
     const BIGNUM *n, *e, *pubkey;
 
@@ -467,6 +477,7 @@ ossl_pkey_check_public_key(const EVP_PKEY *pkey) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L477
 	return;
     }
     ossl_raise(ePKeyError, "public key missing");
+#endif
 }
 
 EVP_PKEY *
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/