digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() if exists

rhenium · rhenium · commit a77b0cd58916 · 2021-10-24T16:58:12.000+09:00
The function was renamed in OpenSSL 3.0 due to the change of the
lifetime of EVP_MD objects. They are no longer necessarily statically
allocated and can be reference-counted -- when an EVP_MD_CTX is free'd,
the associated EVP_MD can also become inaccessible.

Currently Ruby/OpenSSL only handles builtin algorithms, so no special
handling is needed except for adapting to the rename.
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
@@ -176,6 +176,7 @@ def find_openssl_library
 have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
 have_func("SSL_CTX_load_verify_file")
 have_func("BN_check_prime")
+have_func("EVP_MD_CTX_get0_md")
 
 Logging::message "=== Checking done. ===\n"
 
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
@@ -219,4 +219,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
 #  define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
 #endif
 
+#ifndef HAVE_EVP_MD_CTX_GET0_MD
+#  define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
+#endif
+
 #endif /* _OSSL_OPENSSL_MISSING_H_ */
diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
@@ -63,7 +63,7 @@ ossl_evp_get_digestbyname(VALUE obj)
 
         GetDigest(obj, ctx);
 
-        md = EVP_MD_CTX_md(ctx);
+        md = EVP_MD_CTX_get0_md(ctx);
     }
 
     return md;
@@ -176,7 +176,7 @@ ossl_digest_reset(VALUE self)
     EVP_MD_CTX *ctx;
 
     GetDigest(self, ctx);
-    if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL) != 1) {
+    if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) {
 	ossl_raise(eDigestError, "Digest initialization failed.");
     }
 
@@ -259,7 +259,7 @@ ossl_digest_name(VALUE self)
 
     GetDigest(self, ctx);
 
-    return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx)));
+    return rb_str_new_cstr(EVP_MD_name(EVP_MD_CTX_get0_md(ctx)));
 }
 
 /*
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
@@ -239,7 +239,7 @@ ossl_hmac_reset(VALUE self)
 
     GetHMAC(self, ctx);
     pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
-    if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_md(ctx), NULL, pkey) != 1)
+    if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1)
         ossl_raise(eHMACError, "EVP_DigestSignInit");
 
     return self;

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ ossl_evp_get_digestbyname(VALUE obj)`
`63`	`63`
`64`	`64`	`GetDigest(obj, ctx);`
`65`	`65`
`66`		`- md = EVP_MD_CTX_md(ctx);`
	`66`	`+ md = EVP_MD_CTX_get0_md(ctx);`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`return md;`
`@@ -176,7 +176,7 @@ ossl_digest_reset(VALUE self)`
`176`	`176`	`EVP_MD_CTX *ctx;`
`177`	`177`
`178`	`178`	`GetDigest(self, ctx);`
`179`		`- if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL) != 1) {`
	`179`	`+ if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) {`
`180`	`180`	`ossl_raise(eDigestError, "Digest initialization failed.");`
`181`	`181`	`}`
`182`	`182`
`@@ -259,7 +259,7 @@ ossl_digest_name(VALUE self)`
`259`	`259`
`260`	`260`	`GetDigest(self, ctx);`
`261`	`261`
`262`		`- return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx)));`
	`262`	`+ return rb_str_new_cstr(EVP_MD_name(EVP_MD_CTX_get0_md(ctx)));`
`263`	`263`	`}`
`264`	`264`
`265`	`265`	`/*`