[ruby/openssl] digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists

The function was renamed in OpenSSL 3.0 due to the change of the lifetime of EVP_MD objects. They are no longer necessarily statically allocated and can be reference-counted -- when an EVP_MD_CTX is free'd, the associated EVP_MD can also become inaccessible. Currently Ruby/OpenSSL only handles builtin algorithms, so no special handling is needed except for adapting to the rename. https://github.com/ruby/openssl/commit/0a253027e6
author: Kazuki Yamaguchi <k@rhe.jp> 2021-04-22 13:57:47 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2021-10-25 00:40:45 +0900
commit: 040387d265e405c769867dbedd47c723185bc944 (patch)
tree: 1b3ca31419ad548040d7afce17559404d792196c /ext
parent: cfa4fa636efefddd70df82f1b0bf0d1c96bf1cf7 (diff)
4 files changed, 9 insertions, 4 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 98f96afe77..842b7f5b1a 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -176,6 +176,7 @@ have_func("ERR_get_error_all")
 have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
 have_func("SSL_CTX_load_verify_file")
 have_func("BN_check_prime")
+have_func("EVP_MD_CTX_get0_md")
 
 Logging::message "=== Checking done. ===\n"
 
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 1b1a54a824..64212349c9 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -219,4 +219,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
 #  define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
 #endif
 
+#ifndef HAVE_EVP_MD_CTX_GET0_MD
+#  define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
+#endif
+
 #endif /* _OSSL_OPENSSL_MISSING_H_ */
diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
index b2506de7f7..fc326ec14a 100644
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@@ -63,7 +63,7 @@ ossl_evp_get_digestbyname(VALUE obj)
 
         GetDigest(obj, ctx);
 
-        md = EVP_MD_CTX_md(ctx);
+        md = EVP_MD_CTX_get0_md(ctx);
     }
 
     return md;
@@ -176,7 +176,7 @@ ossl_digest_reset(VALUE self)
     EVP_MD_CTX *ctx;
 
     GetDigest(self, ctx);
-    if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL) != 1) {
+    if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) {
 	ossl_raise(eDigestError, "Digest initialization failed.");
     }
 
@@ -259,7 +259,7 @@ ossl_digest_name(VALUE self)
 
     GetDigest(self, ctx);
 
-    return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx)));
+    return rb_str_new_cstr(EVP_MD_name(EVP_MD_CTX_get0_md(ctx)));
 }
 
 /*
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
index a21db6c481..2642728b85 100644
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@@ -239,7 +239,7 @@ ossl_hmac_reset(VALUE self)
 
     GetHMAC(self, ctx);
     pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
-    if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_md(ctx), NULL, pkey) != 1)
+    if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1)
         ossl_raise(eHMACError, "EVP_DigestSignInit");
 
     return self;
author	Kazuki Yamaguchi <k@rhe.jp>	2021-04-22 13:57:47 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2021-10-25 00:40:45 +0900
commit	040387d265e405c769867dbedd47c723185bc944 (patch)
tree	1b3ca31419ad548040d7afce17559404d792196c /ext
parent	cfa4fa636efefddd70df82f1b0bf0d1c96bf1cf7 (diff)