Miscellaneous changes for OpenSSL 3.0 support #468
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rhenium
force-pushed
the
ky/openssl-3.0.0-part1
branch
2 times, most recently
from
dc777db
to
448ec99
Compare
Add following convenient macros: - OSSL_IS_LIBRESSL - OSSL_OPENSSL_PREREQ(maj, min, pat) - OSSL_LIBRESSL_PREREQ(maj, min, pat)
OpenSSL 3.0 deprecated ERR_get_error_line_data() in favor of ERR_get_error_all(), as part of the error queue structure changes.
OpenSSL 3.0 fixed the typo in the function name and replaced the current 'CTS' version with a macro.
SSL_CTX_load_verify_locations() is deprecated in OpenSSL 3.0 and replaced with those two separate functions. Use them if they exist.
Use SSL_get_rbio() instead of SSL_get_fd(). SSL_get_fd() internally calls SSL_get_rbio() and it's enough for our purpose. In OpenSSL 3.0, SSL_get_fd() leaves an entry in the OpenSSL error queue if BIO has not been set up yet, and we would have to clean it up.
In OpenSSL 3.0, BN_is_prime_ex() and BN_is_prime_fasttest_ex() are deprecated in favor of BN_check_prime().
The function was renamed in OpenSSL 3.0 due to the change of the lifetime of EVP_MD objects. They are no longer necessarily statically allocated and can be reference-counted -- when an EVP_MD_CTX is free'd, the associated EVP_MD can also become inaccessible. Currently Ruby/OpenSSL only handles builtin algorithms, so no special handling is needed except for adapting to the rename.
OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the function name. Adjust compatibility macro so that we can use the new function name for all OpenSSL 1.0.2-3.0.
It converts the internal representation of the point object to the affine coordinate system. However, it had no real use case because the difference in the internal representation has not been visible from Ruby/OpenSSL at all. EC_POINT_make_affine() is marked as deprecated in OpenSSL 3.0.
EC_GROUP_clear_free() is deprecated in OpenSSL 3.0. EC_GROUP does not include any sensitive data, so we can safely use EC_GROUP_free() instead.
OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a confusing name.
BN_pseudo_rand() and BN_pseudo_rand_range() are deprecated in OpenSSL 3.0. Since they are identical to their non-'pseudo' version anyway, let's make them alias.
Now that BN.pseudo_rand{,_range} are alias, those macros are only used
once. Let's expand the macros for better readability.
rhenium
force-pushed
the
ky/openssl-3.0.0-part1
branch
from
448ec99
to
7c2fc00
Compare
|
Thank you for your effort. |
|
thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Extracted from #399. This Pull Request contains mostly straightforward and backwards-compatible changes.
This is part of #369.