Project

General

Profile

Bug #6567

Let OpenSSL::PKey::EC follow the general PKey interface

Added by Martin Bosslet over 4 years ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
ruby -v:
trunk
Backport:
[ruby-core:45541]

Description

This is supposed to be a parent task that references several quirks and issues that came up with OpenSSL::PKey::EC. The recurring theme is that EC doesn't follow the PKey interface established by RSA and DSA at times, and this results in things failing that shouldn't. These issues should be fixed even if they break backwards compatibility - in my opinion there's nothing won by keeping an interface that doesn't follow the contract.

Related issues:

https://bugs.ruby-lang.org/issues/5600
https://bugs.ruby-lang.org/issues/6252
https://bugs.ruby-lang.org/issues/4418
https://bugs.ruby-lang.org/issues/6310


Related issues

Related to Ruby trunk - Bug #8177: ext/openssl/pkcs7 signing fails with EC keys Closed
Related to Ruby trunk - Bug #5600: OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC Closed
Related to Ruby trunk - Bug #10257: Generate X.509 certificate/request/CRL with elliptic curve keys Closed

Associated revisions

Revision 55098
Added by rhe 4 months ago

openssl: add OpenSSL::PKey::EC#private? and #public?

  • ext/openssl/ossl_pkey_ec.c: rename PKey::EC#private_key? and
    #public_key? to #private? and #public? for consistency with other
    PKey types. Old names remain as alias. [Bug #6567]

  • test/openssl/test_pkey_ec.rb (test_check_key): check private? and
    public? works correctly.

Revision 55151
Added by rhe 4 months ago

openssl: rename EC#generate_key to EC#generate_key!

  • ext/openssl/ossl_pkey_ec.c (ossl_ec_key_generate_key): Fix up RDoc.
    (Init_ossl_ec): Rename EC#generate_key to EC#generate_key!. Make the
    old name an alias of #generate_key!. This change is for consistency
    with other PKey types. [Bug #6567]

  • test/openssl/test_pkey_ec.rb: Use EC#generate_key! instead of
    EC#generate_key.

Revision 55152
Added by rhe 4 months ago

openssl: add EC.generate

  • ext/openssl/ossl_pkey_ec.c (ec_key_new_from_group): Create a new
    EC_KEY on given EC group. Extracted from ossl_ec_key_initialize().
    (ossl_ec_key_s_generate): Added. Create a new EC instance and
    generate a random private and public key.
    (ossl_ec_key_initialize): Use ec_key_new_from_group().
    (Init_ossl_ec): Define the new method EC.generate. This change is
    for consistency with other PKey types. [Bug #6567]

  • test/openssl/test_pkey_ec.rb: Test that EC.generate works.

History

#1 [ruby-core:45542] Updated by Martin Bosslet over 4 years ago

  • Category set to ext
  • Assignee set to Martin Bosslet

#3 [ruby-core:52455] Updated by Yusuke Endoh over 3 years ago

  • Target version changed from 2.0.0 to next minor

#4 Updated by Zachary Scott about 1 year ago

  • Assignee changed from Martin Bosslet to openssl

#5 [ruby-core:75503] Updated by Kazuki Yamaguchi 4 months ago

I want to work on this before the release of openssl gem.

  • EC#public_key returns an EC::Point, not an EC

    I think it's better to add new #dup_public (or #public_pkey ?) method for each PKey types, rather than changing EC#public_key to return an EC. Compatibility is one of the reasons, but more important, the name 'public_key' is confusing.

  • EC#private? and #public? are missing

    Adding aliases to #private_key? and #public_key? respectively should be enough.

  • EC#generate_key should be #generate_key!

    DH has #generate_key!.

  • EC.generate is missing

    This can be implemented as a shorthand for EC.new(group).generate_key.

#6 Updated by Anonymous 4 months ago

  • Status changed from Assigned to Closed

Applied in changeset r55098.


openssl: add OpenSSL::PKey::EC#private? and #public?

  • ext/openssl/ossl_pkey_ec.c: rename PKey::EC#private_key? and
    #public_key? to #private? and #public? for consistency with other
    PKey types. Old names remain as alias. [Bug #6567]

  • test/openssl/test_pkey_ec.rb (test_check_key): check private? and
    public? works correctly.

#7 Updated by Kazuki Yamaguchi 3 months ago

  • Related to Bug #5600: OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC added

#8 Updated by Kazuki Yamaguchi 3 months ago

  • Related to Bug #10257: Generate X.509 certificate/request/CRL with elliptic curve keys added

Also available in: Atom PDF