ruby-changes:70378
From: Kazuki <ko1@a...>
Date: Tue, 21 Dec 2021 00:11:49 +0900 (JST)
Subject: [ruby-changes:70378] b93ae54258 (master): [ruby/openssl] pkey/ec: deprecate OpenSSL::PKey::EC#generate_key!
https://git.ruby-lang.org/ruby.git/commit/?id=b93ae54258 From b93ae54258684d0c3d1501400af949c013f44fba Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Fri, 17 Dec 2021 02:21:42 +0900 Subject: [ruby/openssl] pkey/ec: deprecate OpenSSL::PKey::EC#generate_key! OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because keys are made immutable. Users should use OpenSSL::PKey.generate_key instead. https://github.com/ruby/openssl/commit/5e2e66cce8 --- ext/openssl/ossl_pkey_ec.c | 4 ++++ test/openssl/test_pkey_ec.rb | 21 +++++++++++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 3b4930f3534..ff3150dac03 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -441,6 +441,9 @@ ossl_ec_key_to_der(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L441 */ static VALUE ossl_ec_key_generate_key(VALUE self) { +#if OSSL_OPENSSL_PREREQ(3, 0, 0) + rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0"); +#else EC_KEY *ec; GetEC(self, ec); @@ -448,6 +451,7 @@ static VALUE ossl_ec_key_generate_key(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L451 ossl_raise(eECError, "EC_KEY_generate_key"); return self; +#endif } /* diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index 3f5958af50b..33f78a4c778 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -13,15 +13,13 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L13 # FIPS-selftest failure on some environment, so skip for now. next if ["Oakley", "X25519"].any? { |n| curve_name.start_with?(n) } - key = OpenSSL::PKey::EC.new(curve_name) - key.generate_key! - + key = OpenSSL::PKey::EC.generate(curve_name) assert_predicate key, :private? assert_predicate key, :public? assert_nothing_raised { key.check_key } end - key1 = OpenSSL::PKey::EC.new("prime256v1").generate_key! + key1 = OpenSSL::PKey::EC.generate("prime256v1") key2 = OpenSSL::PKey::EC.new key2.group = key1.group @@ -52,6 +50,13 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L50 assert_equal(true, ec.private?) end + def test_generate_key + ec = OpenSSL::PKey::EC.new("prime256v1") + assert_equal false, ec.private? + ec.generate_key! + assert_equal true, ec.private? + end if !openssl?(3, 0, 0) + def test_marshal key = Fixtures.pkey("p256") deserialized = Marshal.load(Marshal.dump(key)) @@ -136,7 +141,7 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L141 end def test_dsa_sign_asn1_FIPS186_3 - key = OpenSSL::PKey::EC.new("prime256v1").generate_key! + key = OpenSSL::PKey::EC.generate("prime256v1") size = key.group.order.num_bits / 8 + 1 dgst = (1..size).to_a.pack('C*') sig = key.dsa_sign_asn1(dgst) @@ -145,8 +150,8 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L150 end def test_dh_compute_key - key_a = OpenSSL::PKey::EC.new("prime256v1").generate_key! - key_b = OpenSSL::PKey::EC.new(key_a.group).generate_key! + key_a = OpenSSL::PKey::EC.generate("prime256v1") + key_b = OpenSSL::PKey::EC.generate(key_a.group) pub_a = key_a.public_key pub_b = key_b.public_key @@ -276,7 +281,7 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L281 def test_ec_point group = OpenSSL::PKey::EC::Group.new("prime256v1") - key = OpenSSL::PKey::EC.new(group).generate_key! + key = OpenSSL::PKey::EC.generate(group) point = key.public_key point2 = OpenSSL::PKey::EC::Point.new(group, point.to_bn) -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/