ruby.git/test/openssl/test_pkey_dh.rb, branch v3_2_11 The Ruby Programming Language [ruby/openssl] pkey: deprecate PKey#set_* methods 2021-12-20T14:42:02+00:00 Kazuki Yamaguchi k@rhe.jp 2021-09-21T09:29:59+00:00 8ebf5978852e22358cbcdf74c0eb506f22e2c73f OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const pointer of the low level struct and the following methods can no longer be provided when linked against OpenSSL 3.0: - OpenSSL::PKey::RSA#set_key - OpenSSL::PKey::RSA#set_factors - OpenSSL::PKey::RSA#set_crt_params - OpenSSL::PKey::DSA#set_pqg - OpenSSL::PKey::DSA#set_key - OpenSSL::PKey::DH#set_pqg - OpenSSL::PKey::DH#set_key - OpenSSL::PKey::EC#group= - OpenSSL::PKey::EC#private_key= - OpenSSL::PKey::EC#public_key= There is no direct replacement for this functionality at the moment. I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes all key components at once to construct an EVP_PKEY. https://github.com/ruby/openssl/commit/6848d2d969 
OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const
pointer of the low level struct and the following methods can no longer
be provided when linked against OpenSSL 3.0:

 - OpenSSL::PKey::RSA#set_key
 - OpenSSL::PKey::RSA#set_factors
 - OpenSSL::PKey::RSA#set_crt_params
 - OpenSSL::PKey::DSA#set_pqg
 - OpenSSL::PKey::DSA#set_key
 - OpenSSL::PKey::DH#set_pqg
 - OpenSSL::PKey::DH#set_key
 - OpenSSL::PKey::EC#group=
 - OpenSSL::PKey::EC#private_key=
 - OpenSSL::PKey::EC#public_key=

There is no direct replacement for this functionality at the moment.
I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes
all key components at once to construct an EVP_PKEY.

https://github.com/ruby/openssl/commit/6848d2d969
[ruby/openssl] pkey/dh: deprecate OpenSSL::PKey::DH#generate_key! 2021-12-20T14:42:02+00:00 Kazuki Yamaguchi k@rhe.jp 2021-10-22T07:24:07+00:00 0d698be04f6c76250706e8d56f542c3c7fca0fa7 OpenSSL::PKey::DH#generate_key! will not work on OpenSSL 3.0 because keys are made immutable. Users should use OpenSSL::PKey.generate_key instead. https://github.com/ruby/openssl/commit/8ee6a582c7 
OpenSSL::PKey::DH#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.

https://github.com/ruby/openssl/commit/8ee6a582c7
[ruby/openssl] test/openssl/utils: remove dup_public helper method 2021-10-23T04:38:36+00:00 Kazuki Yamaguchi k@rhe.jp 2021-05-31T02:44:05+00:00 37632a0ac635082e4ca9ca5b1c8da6b6770ff0ed It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not work with OpenSSL 3.0. The same can easily be achieved using PKey#public_to_der regardless of the key kind. https://github.com/ruby/openssl/commit/7b66eaa2db 
It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
work with OpenSSL 3.0. The same can easily be achieved using
PKey#public_to_der regardless of the key kind.

https://github.com/ruby/openssl/commit/7b66eaa2db
[ruby/openssl] pkey/dh, pkey/ec: use EVP_PKEY_check() family 2021-07-18T08:44:52+00:00 Kazuki Yamaguchi k@rhe.jp 2020-07-10T05:34:51+00:00 6d71918d94a6b34249015499e5e822d3b20fd10f Use EVP_PKEY_param_check() instead of DH_check() if available. Also, use EVP_PKEY_public_check() instead of EC_KEY_check_key(). EVP_PKEY_*check() is part of the EVP API and is meant to replace those low-level functions. They were added by OpenSSL 1.1.1. It is currently not provided by LibreSSL. https://github.com/ruby/openssl/commit/797e9f8e08 
Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
use EVP_PKEY_public_check() instead of EC_KEY_check_key().

EVP_PKEY_*check() is part of the EVP API and is meant to replace those
low-level functions. They were added by OpenSSL 1.1.1. It is currently
not provided by LibreSSL.

https://github.com/ruby/openssl/commit/797e9f8e08
[ruby/openssl] pkey/dh: use high level EVP interface to generate parameters and keys 2021-07-18T08:44:47+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-17T11:48:23+00:00 098985a5e66e4dd6b01d246909b66d3d7e4024c0 Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and PKey::DH#generate_key! using PKey.generate_parameters and .generate_key instead of the low level DH functions. Note that the EVP interface can enforce additional restrictions - for example, DH key shorter than 2048 bits is no longer accepted by default in OpenSSL 3.0. The test code is updated accordingly. https://github.com/ruby/openssl/commit/c2e9b16f0b 
Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and
PKey::DH#generate_key! using PKey.generate_parameters and .generate_key
instead of the low level DH functions.

Note that the EVP interface can enforce additional restrictions - for
example, DH key shorter than 2048 bits is no longer accepted by default
in OpenSSL 3.0. The test code is updated accordingly.

https://github.com/ruby/openssl/commit/c2e9b16f0b
[ruby/openssl] pkey: add PKey::PKey#derive 2021-03-16T10:16:11+00:00 Kazuki Yamaguchi k@rhe.jp 2017-03-18T12:58:46+00:00 fbadb01d6e0881ef6c6e5e105b8ac20fe663c817 Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive(). This is useful for pkey types that we don't have dedicated classes, such as X25519. https://github.com/ruby/openssl/commit/28f0059bea 
Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive().
This is useful for pkey types that we don't have dedicated classes, such
as X25519.

https://github.com/ruby/openssl/commit/28f0059bea
[ruby/openssl] pkey: have PKey.read parse PEM-encoded DHParameter 2021-03-16T10:16:10+00:00 Kazuki Yamaguchi k@rhe.jp 2017-03-18T08:26:33+00:00 efad0166c660d565d5e80e862cd9ff9457f8ed03 Try PEM_read_bio_Parameters(). Only PEM format is supported at the moment since corresponding d2i_* functions are not provided by OpenSSL. https://github.com/ruby/openssl/commit/867e5c021b 
Try PEM_read_bio_Parameters(). Only PEM format is supported at the
moment since corresponding d2i_* functions are not provided by OpenSSL.

https://github.com/ruby/openssl/commit/867e5c021b
[ruby/openssl] Add Marshal support to PKey objects 2020-05-13T06:47:51+00:00 Bart de Water bartdewater@gmail.com 2020-04-19T21:00:01+00:00 3f8665fe0ed5331aa723ddecbf6ad3728931c08d https://github.com/ruby/openssl/commit/c4374ff041 
https://github.com/ruby/openssl/commit/c4374ff041
Import openssl-2.2.0 (#2693) 2020-02-16T06:21:29+00:00 Hiroshi SHIBATA hsbt@ruby-lang.org 2020-02-16T06:21:29+00:00 b99775b163ce44079c1f8727ce9b4ed8bb03489d Import the master branch of ruby/openssl for preparing to release openssl-2.2.0 
Import the master branch of ruby/openssl for preparing to release openssl-2.2.0
test/openssl: Support OpenSSL 1.1.1 2019-06-06T05:20:58+00:00 Yusuke Endoh mame@ruby-lang.org 2019-06-05T12:07:27+00:00 1e54903684aa3c9ea3fe54520157846a1b1f07be OpenSSL 1.1.1 rejects some shorter keys, which caused some failures of `make test-all TESTS=openssl`. https://rubyci.org/logs/rubyci.s3.amazonaws.com/debian/ruby-master/log/20190606T003005Z.fail.html.gz This change merges 6bbc31ddd1 and 63fb3a36d1 in https://github.com/ruby/openssl. Reference: https://github.com/ruby/openssl/pull/217 
OpenSSL 1.1.1 rejects some shorter keys, which caused some failures of
`make test-all TESTS=openssl`.

https://rubyci.org/logs/rubyci.s3.amazonaws.com/debian/ruby-master/log/20190606T003005Z.fail.html.gz

This change merges 6bbc31ddd1 and 63fb3a36d1 in
https://github.com/ruby/openssl.
Reference: https://github.com/ruby/openssl/pull/217