Project

General

Profile

Bug #6567

Let OpenSSL::PKey::EC follow the general PKey interface

Added by Martin Bosslet about 4 years ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
ruby -v:
trunk
Backport:
[ruby-core:45541]

Description

This is supposed to be a parent task that references several quirks and issues that came up with OpenSSL::PKey::EC. The recurring theme is that EC doesn't follow the PKey interface established by RSA and DSA at times, and this results in things failing that shouldn't. These issues should be fixed even if they break backwards compatibility - in my opinion there's nothing won by keeping an interface that doesn't follow the contract.

Related issues:

https://bugs.ruby-lang.org/issues/5600
https://bugs.ruby-lang.org/issues/6252
https://bugs.ruby-lang.org/issues/4418
https://bugs.ruby-lang.org/issues/6310


Related issues

Related to Ruby trunk - Bug #8177: ext/openssl/pkcs7 signing fails with EC keys Assigned
Related to Ruby trunk - Bug #5600: OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC Closed

Associated revisions

Revision 55098
Added by rhe about 1 month ago

openssl: add OpenSSL::PKey::EC#private? and #public?

  • ext/openssl/ossl_pkey_ec.c: rename PKey::EC#private_key? and
    #public_key? to #private? and #public? for consistency with other
    PKey types. Old names remain as alias. [Bug #6567]

  • test/openssl/test_pkey_ec.rb (test_check_key): check private? and
    public? works correctly.

Revision 55151
Added by rhe about 1 month ago

openssl: rename EC#generate_key to EC#generate_key!

  • ext/openssl/ossl_pkey_ec.c (ossl_ec_key_generate_key): Fix up RDoc.
    (Init_ossl_ec): Rename EC#generate_key to EC#generate_key!. Make the
    old name an alias of #generate_key!. This change is for consistency
    with other PKey types. [Bug #6567]

  • test/openssl/test_pkey_ec.rb: Use EC#generate_key! instead of
    EC#generate_key.

Revision 55152
Added by rhe about 1 month ago

openssl: add EC.generate

  • ext/openssl/ossl_pkey_ec.c (ec_key_new_from_group): Create a new
    EC_KEY on given EC group. Extracted from ossl_ec_key_initialize().
    (ossl_ec_key_s_generate): Added. Create a new EC instance and
    generate a random private and public key.
    (ossl_ec_key_initialize): Use ec_key_new_from_group().
    (Init_ossl_ec): Define the new method EC.generate. This change is
    for consistency with other PKey types. [Bug #6567]

  • test/openssl/test_pkey_ec.rb: Test that EC.generate works.

History

#1 [ruby-core:45542] Updated by Martin Bosslet about 4 years ago

  • Category set to ext
  • Assignee set to Martin Bosslet

#3 [ruby-core:52455] Updated by Yusuke Endoh over 3 years ago

  • Target version changed from 2.0.0 to next minor

#4 Updated by Zachary Scott 10 months ago

  • Assignee changed from Martin Bosslet to openssl

#5 [ruby-core:75503] Updated by Kazuki Yamaguchi about 2 months ago

I want to work on this before the release of openssl gem.

  • EC#public_key returns an EC::Point, not an EC

    I think it's better to add new #dup_public (or #public_pkey ?) method for each PKey types, rather than changing EC#public_key to return an EC. Compatibility is one of the reasons, but more important, the name 'public_key' is confusing.

  • EC#private? and #public? are missing

    Adding aliases to #private_key? and #public_key? respectively should be enough.

  • EC#generate_key should be #generate_key!

    DH has #generate_key!.

  • EC.generate is missing

    This can be implemented as a shorthand for EC.new(group).generate_key.

#6 Updated by Anonymous about 1 month ago

  • Status changed from Assigned to Closed

Applied in changeset r55098.


openssl: add OpenSSL::PKey::EC#private? and #public?

  • ext/openssl/ossl_pkey_ec.c: rename PKey::EC#private_key? and
    #public_key? to #private? and #public? for consistency with other
    PKey types. Old names remain as alias. [Bug #6567]

  • test/openssl/test_pkey_ec.rb (test_check_key): check private? and
    public? works correctly.

#7 Updated by Kazuki Yamaguchi 16 days ago

  • Related to Bug #5600: OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC added

Also available in: Atom PDF