summaryrefslogtreecommitdiff
path: root/ext/openssl/ossl_ssl.c
diff options
context:
space:
mode:
authorrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-06-05 15:00:47 +0000
committerrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-06-05 15:00:47 +0000
commit63abe0078521d91db7a28de1db14bd193f74aad3 (patch)
tree64b8295bf3f80cd8f72d0c775e9a0be79ed87fe3 /ext/openssl/ossl_ssl.c
parent3cb77c4b03af3ba73299f71d2cc964ba29599d75 (diff)
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and {RSA,DSA,EC_KEY,DH}_get0_*() functions. OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide setter methods for each parameter of each PKey type, for example PKey::RSA#e=, but this is no longer possible because the new API RSA_set0_key() requires the 'n' at the same time. This commit adds deprecation warning to them and adds PKey::*#set_* methods as direct wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}. Emit a warning with rb_warning() when old setter methods are used. * test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb, test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH object that are used in tmp_dh_callback. Generating a new key pair every time should be fine - actually the private exponent is ignored in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set. https://www.openssl.org/news/secadv/20160128.txt git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
-rw-r--r--ext/openssl/ossl_ssl.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index cfb64d2..fd1ad74 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -258,7 +258,7 @@ ossl_call_tmp_dh_callback(VALUE args)
if (NIL_P(cb)) return Qfalse;
dh = rb_apply(cb, rb_intern("call"), args);
pkey = GetPKeyPtr(dh);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse;
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) return Qfalse;
return dh;
}
@@ -276,7 +276,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
if (!RTEST(dh)) return NULL;
ossl_ssl_set_tmp_dh(rb_ssl, dh);
- return GetPKeyPtr(dh)->pkey.dh;
+ return EVP_PKEY_get0_DH(GetPKeyPtr(dh));
}
#endif /* OPENSSL_NO_DH */
@@ -292,7 +292,7 @@ ossl_call_tmp_ecdh_callback(VALUE args)
if (NIL_P(cb)) return Qfalse;
ecdh = rb_apply(cb, rb_intern("call"), args);
pkey = GetPKeyPtr(ecdh);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return Qfalse;
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) return Qfalse;
return ecdh;
}
@@ -310,7 +310,7 @@ ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength)
if (!RTEST(ecdh)) return NULL;
ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh);
- return GetPKeyPtr(ecdh)->pkey.ec;
+ return EVP_PKEY_get0_EC_KEY(GetPKeyPtr(ecdh));
}
#endif