Skip to content

Commit 5e2e66c

Browse files
rheniumrhenium
committed
pkey/ec: deprecate OpenSSL::PKey::EC#generate_key!
OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because keys are made immutable. Users should use OpenSSL::PKey.generate_key instead.
1 parent 8ee6a58 commit 5e2e66c

File tree

2 files changed

+17
-8
lines changed

2 files changed

+17
-8
lines changed

ext/openssl/ossl_pkey_ec.c

+4
Original file line numberDiff line numberDiff line change
@@ -430,13 +430,17 @@ ossl_ec_key_to_der(VALUE self)
430430
*/
431431
static VALUE ossl_ec_key_generate_key(VALUE self)
432432
{
433+
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
434+
rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
435+
#else
433436
EC_KEY *ec;
434437

435438
GetEC(self, ec);
436439
if (EC_KEY_generate_key(ec) != 1)
437440
ossl_raise(eECError, "EC_KEY_generate_key");
438441

439442
return self;
443+
#endif
440444
}
441445

442446
/*

test/openssl/test_pkey_ec.rb

+13-8
Original file line numberDiff line numberDiff line change
@@ -13,15 +13,13 @@ def test_ec_key
1313
# FIPS-selftest failure on some environment, so skip for now.
1414
next if ["Oakley", "X25519"].any? { |n| curve_name.start_with?(n) }
1515

16-
key = OpenSSL::PKey::EC.new(curve_name)
17-
key.generate_key!
18-
16+
key = OpenSSL::PKey::EC.generate(curve_name)
1917
assert_predicate key, :private?
2018
assert_predicate key, :public?
2119
assert_nothing_raised { key.check_key }
2220
end
2321

24-
key1 = OpenSSL::PKey::EC.new("prime256v1").generate_key!
22+
key1 = OpenSSL::PKey::EC.generate("prime256v1")
2523

2624
key2 = OpenSSL::PKey::EC.new
2725
key2.group = key1.group
@@ -52,6 +50,13 @@ def test_generate
5250
assert_equal(true, ec.private?)
5351
end
5452

53+
def test_generate_key
54+
ec = OpenSSL::PKey::EC.new("prime256v1")
55+
assert_equal false, ec.private?
56+
ec.generate_key!
57+
assert_equal true, ec.private?
58+
end if !openssl?(3, 0, 0)
59+
5560
def test_marshal
5661
key = Fixtures.pkey("p256")
5762
deserialized = Marshal.load(Marshal.dump(key))
@@ -136,7 +141,7 @@ def test_sign_verify_raw
136141
end
137142

138143
def test_dsa_sign_asn1_FIPS186_3
139-
key = OpenSSL::PKey::EC.new("prime256v1").generate_key!
144+
key = OpenSSL::PKey::EC.generate("prime256v1")
140145
size = key.group.order.num_bits / 8 + 1
141146
dgst = (1..size).to_a.pack('C*')
142147
sig = key.dsa_sign_asn1(dgst)
@@ -145,8 +150,8 @@ def test_dsa_sign_asn1_FIPS186_3
145150
end
146151

147152
def test_dh_compute_key
148-
key_a = OpenSSL::PKey::EC.new("prime256v1").generate_key!
149-
key_b = OpenSSL::PKey::EC.new(key_a.group).generate_key!
153+
key_a = OpenSSL::PKey::EC.generate("prime256v1")
154+
key_b = OpenSSL::PKey::EC.generate(key_a.group)
150155

151156
pub_a = key_a.public_key
152157
pub_b = key_b.public_key
@@ -276,7 +281,7 @@ def test_ec_group
276281

277282
def test_ec_point
278283
group = OpenSSL::PKey::EC::Group.new("prime256v1")
279-
key = OpenSSL::PKey::EC.new(group).generate_key!
284+
key = OpenSSL::PKey::EC.generate(group)
280285
point = key.public_key
281286

282287
point2 = OpenSSL::PKey::EC::Point.new(group, point.to_bn)

0 commit comments

Comments
 (0)