pkey: use high level EVP interface to generate parameters and keys #397
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rhenium
force-pushed
the
ky/pkey-refactor-generate
branch
from
8c6f515
to
1b71851
Compare
rb_thread_call_without_gvl() can be interrupted, but it may be able to resume the operation. Call rb_thread_check_ints() to see if it raises an exception or not.
Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and PKey::DH#generate_key! using PKey.generate_parameters and .generate_key instead of the low level DH functions. Note that the EVP interface can enforce additional restrictions - for example, DH key shorter than 2048 bits is no longer accepted by default in OpenSSL 3.0. The test code is updated accordingly.
Implement PKey::RSA.new(size, exponent) and PKey::RSA.generate using OpenSSL::PKey.generate_key instead of the low level RSA functions.
Implement PKey::DSA.new(size) and PKey::DSA.generate using OpenSSL::PKey.generate_parameters and .generate_key instead of the low level DSA functions.
The previous series of commits re-implemented key generation with the low level API with the EVP API. The BN_GENCB-based callback function is no longer used.
rhenium
force-pushed
the
ky/pkey-refactor-generate
branch
from
1b71851
to
81027b7
Compare
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request updates key/parameters generation methods of OpenSSL::PKey::{RSA,DSA,DH} (in other words, all but EC).
This is part of #369 (OpenSSL 3.0 support).
pkey/dh: use high level EVP interface to generate parameters and keys
Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and
PKey::DH#generate_key! using OpenSSL::PKey.generate_parameters and
.generate_key instead of the low level DH functions.
Note that the EVP interface can enforce additional restrictions - for
example, DH key shorter than 2048 bits is no longer supported by
default in OpenSSL 3.0. The test code is updated as such.
pkey/rsa: use high level EVP interface to generate parameters and keys
Implement PKey::RSA.new(size, exponent) and PKey::RSA.generate using
OpenSSL::PKey.generate_key instead of the low level RSA functions.
pkey/dsa: use high level EVP interface to generate parameters and keys
Implement PKey::DSA.new(size) and PKey::DSA.generate using
OpenSSL::PKey.generate_parameters and .generate_key instead of the low
level DSA functions.