Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use EVP API in more places #436

Merged
merged 3 commits into from
Apr 17, 2021
Merged

Use EVP API in more places #436

merged 3 commits into from
Apr 17, 2021

Commits on Apr 15, 2021

  1. pkey: implement #to_text using EVP API 

    Use EVP_PKEY_print_private() instead of the low-level API *_print()
functions, such as RSA_print().

EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.

Note that it falls back to EVP_PKEY_print_public() and
EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
type for which _private() fails if the private component is not set in
the pkey object.

Since the new API works in the same way for all key types, we now
implement #to_text in the base class OpenSSL::PKey::PKey rather than in
each subclass.
    @rhenium
    rhenium committed Apr 15, 2021
    Configuration menu
    Copy the full SHA
    e0b4c56 View commit details
    Browse the repository at this point in the history

  2. pkey: implement {DH,DSA,RSA}#public_key in Ruby 

    The low-level API that is used to implement #public_key is deprecated
in OpenSSL 3.0. It is actually very simple to implement in another way,
using existing methods only, in much shorter code. Let's do it.

While we are at it, the documentation is updated to recommend against
using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der
method, there is no real use case for #public_key in newly written Ruby
programs.
    @rhenium
    rhenium committed Apr 15, 2021
    Configuration menu
    Copy the full SHA
    48a6c39 View commit details
    Browse the repository at this point in the history

  3. pkey/dh, pkey/ec: use EVP_PKEY_check() family 

    Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
use EVP_PKEY_public_check() instead of EC_KEY_check_key().

EVP_PKEY_*check() is part of the EVP API and is meant to replace those
low-level functions. They were added by OpenSSL 1.1.1. It is currently
not provided by LibreSSL.
    @rhenium
    rhenium committed Apr 15, 2021
    Configuration menu
    Copy the full SHA
    797e9f8 View commit details
    Browse the repository at this point in the history