[ruby/openssl] pkey/ec: deprecate OpenSSL::PKey::EC#generate_key!

OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because keys are made immutable. Users should use OpenSSL::PKey.generate_key instead. https://github.com/ruby/openssl/commit/5e2e66cce8
2022-11-09 12:17:21 -05:00 · 2021-12-17 02:21:42 +09:00 · 2021-12-17 02:21:42 +09:00 · b93ae54258
commit b93ae54258
parent 0d698be04f
2 changed files with 17 additions and 8 deletions
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@ -441,6 +441,9 @@ ossl_ec_key_to_der(VALUE self)
 */
 static VALUE ossl_ec_key_generate_key(VALUE self)
 {
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+    rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
+#else
    EC_KEY *ec;

    GetEC(self, ec);
@ -448,6 +451,7 @@ static VALUE ossl_ec_key_generate_key(VALUE self)
 	ossl_raise(eECError, "EC_KEY_generate_key");

    return self;
+#endif
 }

 /*
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@ -13,15 +13,13 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
      # FIPS-selftest failure on some environment, so skip for now.
      next if ["Oakley", "X25519"].any? { |n| curve_name.start_with?(n) }

-      key = OpenSSL::PKey::EC.new(curve_name)
-      key.generate_key!
-
+      key = OpenSSL::PKey::EC.generate(curve_name)
      assert_predicate key, :private?
      assert_predicate key, :public?
      assert_nothing_raised { key.check_key }
    end

-    key1 = OpenSSL::PKey::EC.new("prime256v1").generate_key!
+    key1 = OpenSSL::PKey::EC.generate("prime256v1")

    key2 = OpenSSL::PKey::EC.new
    key2.group = key1.group
@ -52,6 +50,13 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
    assert_equal(true, ec.private?)
  end

+  def test_generate_key
+    ec = OpenSSL::PKey::EC.new("prime256v1")
+    assert_equal false, ec.private?
+    ec.generate_key!
+    assert_equal true, ec.private?
+  end if !openssl?(3, 0, 0)
+
  def test_marshal
    key = Fixtures.pkey("p256")
    deserialized = Marshal.load(Marshal.dump(key))
@ -136,7 +141,7 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
  end

  def test_dsa_sign_asn1_FIPS186_3
-    key = OpenSSL::PKey::EC.new("prime256v1").generate_key!
+    key = OpenSSL::PKey::EC.generate("prime256v1")
    size = key.group.order.num_bits / 8 + 1
    dgst = (1..size).to_a.pack('C*')
    sig = key.dsa_sign_asn1(dgst)
@ -145,8 +150,8 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
  end

  def test_dh_compute_key
-    key_a = OpenSSL::PKey::EC.new("prime256v1").generate_key!
-    key_b = OpenSSL::PKey::EC.new(key_a.group).generate_key!
+    key_a = OpenSSL::PKey::EC.generate("prime256v1")
+    key_b = OpenSSL::PKey::EC.generate(key_a.group)

    pub_a = key_a.public_key
    pub_b = key_b.public_key
@ -276,7 +281,7 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase

  def test_ec_point
    group = OpenSSL::PKey::EC::Group.new("prime256v1")
-    key = OpenSSL::PKey::EC.new(group).generate_key!
+    key = OpenSSL::PKey::EC.generate(group)
    point = key.public_key

    point2 = OpenSSL::PKey::EC::Point.new(group, point.to_bn)