Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use EVP API in more places #436

Merged
merged 3 commits into from
Apr 17, 2021
Merged

Use EVP API in more places #436

merged 3 commits into from
Apr 17, 2021

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented Apr 15, 2021

Use the EVP API in the following methods. This does not intend to introduce any incompatibilities in the Ruby interface.

  • OpenSSL::PKey::{DH,DSA,RSA,EC}#to_text
  • OpenSSL::PKey::{DH,DSA,RSA}#public_key
  • OpenSSL::PKey::DH#params_ok?
  • OpenSSL::PKey::EC#check_key

This is part of #369.

@rhenium
pkey: implement #to_text using EVP API
e0b4c56 
Use EVP_PKEY_print_private() instead of the low-level API *_print()
functions, such as RSA_print().

EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.

Note that it falls back to EVP_PKEY_print_public() and
EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
type for which _private() fails if the private component is not set in
the pkey object.

Since the new API works in the same way for all key types, we now
implement #to_text in the base class OpenSSL::PKey::PKey rather than in
each subclass.
@rhenium
pkey: implement {DH,DSA,RSA}#public_key in Ruby
48a6c39 
The low-level API that is used to implement #public_key is deprecated
in OpenSSL 3.0. It is actually very simple to implement in another way,
using existing methods only, in much shorter code. Let's do it.

While we are at it, the documentation is updated to recommend against
using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der
method, there is no real use case for #public_key in newly written Ruby
programs.
@rhenium
pkey/dh, pkey/ec: use EVP_PKEY_check() family
797e9f8 
Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
use EVP_PKEY_public_check() instead of EC_KEY_check_key().

EVP_PKEY_*check() is part of the EVP API and is meant to replace those
low-level functions. They were added by OpenSSL 1.1.1. It is currently
not provided by LibreSSL.
@rhenium rhenium mentioned this pull request Apr 15, 2021
Closed
@rhenium rhenium merged commit c310840 into ruby:master Apr 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ioquatix ioquatix ioquatix approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rhenium @ioquatix