Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkey: deprecate PKey::*#set_* and PKey::{DH,EC}#generate_key! #480

Merged
merged 5 commits into from
Dec 20, 2021
Merged

pkey: deprecate PKey::*#set_* and PKey::{DH,EC}#generate_key! #480

merged 5 commits into from
Dec 20, 2021

Commits on Dec 16, 2021

  1. pkey/dh: avoid using DH#set_key in DH#compute_key 

    DH#set_key will not work on OpenSSL 3.0 because keys are immutable.
For now, let's reimplement DH#compute_key by manually constructing a
DER-encoded SubjectPublicKeyInfo structure and feeding it to
OpenSSL::PKey.read.

Eventually, we should implement a new method around EVP_PKEY_fromdata()
and use it instead.
    @rhenium
    rhenium committed Dec 16, 2021
    Configuration menu
    Copy the full SHA
    46ca470 View commit details
    Browse the repository at this point in the history

  2. pkey/ec: avoid using EC#public_key= in EC#dh_compute_key 

    Similarly to DH#compute_key, work around it by constructing a
SubjectPublicKeyInfo. This should be considered as a temporary
implementation.
    @rhenium
    rhenium committed Dec 16, 2021
    Configuration menu
    Copy the full SHA
    fc9aabc View commit details
    Browse the repository at this point in the history

Commits on Dec 20, 2021

  1. pkey/dh: deprecate OpenSSL::PKey::DH#generate_key! 

    OpenSSL::PKey::DH#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.
    @rhenium
    rhenium committed Dec 20, 2021
    Configuration menu
    Copy the full SHA
    8ee6a58 View commit details
    Browse the repository at this point in the history

  2. pkey/ec: deprecate OpenSSL::PKey::EC#generate_key! 

    OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.
    @rhenium
    rhenium committed Dec 20, 2021
    Configuration menu
    Copy the full SHA
    5e2e66c View commit details
    Browse the repository at this point in the history

  3. pkey: deprecate PKey#set_* methods 

    OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const
pointer of the low level struct and the following methods can no longer
be provided when linked against OpenSSL 3.0:

 - OpenSSL::PKey::RSA#set_key
 - OpenSSL::PKey::RSA#set_factors
 - OpenSSL::PKey::RSA#set_crt_params
 - OpenSSL::PKey::DSA#set_pqg
 - OpenSSL::PKey::DSA#set_key
 - OpenSSL::PKey::DH#set_pqg
 - OpenSSL::PKey::DH#set_key
 - OpenSSL::PKey::EC#group=
 - OpenSSL::PKey::EC#private_key=
 - OpenSSL::PKey::EC#public_key=

There is no direct replacement for this functionality at the moment.
I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes
all key components at once to construct an EVP_PKEY.
    @rhenium
    rhenium committed Dec 20, 2021
    Configuration menu
    Copy the full SHA
    6848d2d View commit details
    Browse the repository at this point in the history