diff options
| author | Stan Hu <stanhu@gmail.com> | 2025-10-21 14:10:40 -0700 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2025-10-27 15:33:17 +0900 |
| commit | b839deec4914b096988d44016c37737bc7d1254f (patch) | |
| tree | bb517cf54a35a0f60522d77fd8a38d4ec607d8a8 | |
| parent | db59619ce5f7edd2ea0fdf60f29cfed466628987 (diff) | |
[ruby/openssl] Check NULL values for deprecated EVP_PKEY_get0() functions
In OpenSSL <= 1.1.1, EVP_PKEY_get0() always returned a valid object, so
a NULL check was not necessary. In OpenSSL 3.0, the function can return
NULL (https://docs.openssl.org/3.0/man7/migration_guide/#deprecated-function-mappings),
so guard against this issue.
https://github.com/ruby/openssl/commit/dc90b9c51e
| -rw-r--r-- | ext/openssl/ossl_pkey_dh.c | 2 | ||||
| -rw-r--r-- | ext/openssl/ossl_pkey_dsa.c | 2 | ||||
| -rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 2 | ||||
| -rw-r--r-- | ext/openssl/ossl_pkey_rsa.c | 2 |
4 files changed, 8 insertions, 0 deletions
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 77082d5c34..561007fec8 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -21,6 +21,8 @@ EVP_PKEY *_pkey; \ GetPKeyDH((obj), _pkey); \ (dh) = EVP_PKEY_get0_DH(_pkey); \ + if ((dh) == NULL) \ + ossl_raise(eDHError, "failed to get DH from EVP_PKEY"); \ } while (0) /* diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index bf92e1ceac..cb38786b56 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -21,6 +21,8 @@ EVP_PKEY *_pkey; \ GetPKeyDSA((obj), _pkey); \ (dsa) = EVP_PKEY_get0_DSA(_pkey); \ + if ((dsa) == NULL) \ + ossl_raise(eDSAError, "failed to get DSA from EVP_PKEY"); \ } while (0) static inline int diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index e3553c4418..8c97297a56 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -22,6 +22,8 @@ static const rb_data_type_t ossl_ec_point_type; EVP_PKEY *_pkey; \ GetPKeyEC(obj, _pkey); \ (key) = EVP_PKEY_get0_EC_KEY(_pkey); \ + if ((key) == NULL) \ + ossl_raise(eECError, "failed to get EC_KEY from EVP_PKEY"); \ } while (0) #define GetECGroup(obj, group) do { \ diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 4f7862023a..b2983d3b53 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -21,6 +21,8 @@ EVP_PKEY *_pkey; \ GetPKeyRSA((obj), _pkey); \ (rsa) = EVP_PKEY_get0_RSA(_pkey); \ + if ((rsa) == NULL) \ + ossl_raise(eRSAError, "failed to get RSA from EVP_PKEY"); \ } while (0) static inline int |