openssl 3.3.3 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +3 -0
  3. data/History.md +81 -12
  4. data/README.md +12 -11
  5. data/ext/openssl/extconf.rb +29 -72
  6. data/ext/openssl/openssl_missing.h +0 -233
  7. data/ext/openssl/ossl.c +279 -300
  8. data/ext/openssl/ossl.h +13 -9
  9. data/ext/openssl/ossl_asn1.c +610 -423
  10. data/ext/openssl/ossl_asn1.h +15 -1
  11. data/ext/openssl/ossl_bio.c +3 -3
  12. data/ext/openssl/ossl_bn.c +286 -291
  13. data/ext/openssl/ossl_cipher.c +252 -203
  14. data/ext/openssl/ossl_cipher.h +10 -1
  15. data/ext/openssl/ossl_config.c +1 -6
  16. data/ext/openssl/ossl_digest.c +74 -43
  17. data/ext/openssl/ossl_digest.h +9 -1
  18. data/ext/openssl/ossl_engine.c +39 -103
  19. data/ext/openssl/ossl_hmac.c +30 -36
  20. data/ext/openssl/ossl_kdf.c +42 -53
  21. data/ext/openssl/ossl_ns_spki.c +27 -32
  22. data/ext/openssl/ossl_ocsp.c +209 -236
  23. data/ext/openssl/ossl_pkcs12.c +26 -26
  24. data/ext/openssl/ossl_pkcs7.c +176 -146
  25. data/ext/openssl/ossl_pkey.c +102 -158
  26. data/ext/openssl/ossl_pkey.h +99 -99
  27. data/ext/openssl/ossl_pkey_dh.c +31 -68
  28. data/ext/openssl/ossl_pkey_dsa.c +15 -54
  29. data/ext/openssl/ossl_pkey_ec.c +179 -237
  30. data/ext/openssl/ossl_pkey_rsa.c +56 -103
  31. data/ext/openssl/ossl_provider.c +0 -5
  32. data/ext/openssl/ossl_rand.c +7 -14
  33. data/ext/openssl/ossl_ssl.c +478 -353
  34. data/ext/openssl/ossl_ssl.h +8 -8
  35. data/ext/openssl/ossl_ssl_session.c +93 -97
  36. data/ext/openssl/ossl_ts.c +79 -125
  37. data/ext/openssl/ossl_x509.c +9 -28
  38. data/ext/openssl/ossl_x509.h +6 -6
  39. data/ext/openssl/ossl_x509attr.c +35 -57
  40. data/ext/openssl/ossl_x509cert.c +73 -104
  41. data/ext/openssl/ossl_x509crl.c +80 -91
  42. data/ext/openssl/ossl_x509ext.c +45 -75
  43. data/ext/openssl/ossl_x509name.c +64 -91
  44. data/ext/openssl/ossl_x509req.c +57 -64
  45. data/ext/openssl/ossl_x509revoked.c +29 -44
  46. data/ext/openssl/ossl_x509store.c +41 -57
  47. data/lib/openssl/buffering.rb +30 -24
  48. data/lib/openssl/digest.rb +1 -1
  49. data/lib/openssl/pkey.rb +71 -49
  50. data/lib/openssl/ssl.rb +12 -79
  51. data/lib/openssl/version.rb +2 -1
  52. data/lib/openssl/x509.rb +9 -0
  53. data/lib/openssl.rb +9 -6
  54. metadata +2 -4
  55. data/ext/openssl/openssl_missing.c +0 -41
  56. data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_pkey.c CHANGED
@@ -33,13 +33,13 @@ ossl_evp_pkey_free(void *ptr)
33
33
  const rb_data_type_t ossl_evp_pkey_type = {
34
34
  "OpenSSL/EVP_PKEY",
35
35
  {
36
- 0, ossl_evp_pkey_free,
36
+ 0, ossl_evp_pkey_free,
37
37
  },
38
38
  0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
39
39
  };
40
40
 
41
41
  static VALUE
42
- pkey_new0(VALUE arg)
42
+ pkey_wrap0(VALUE arg)
43
43
  {
44
44
  EVP_PKEY *pkey = (EVP_PKEY *)arg;
45
45
  VALUE klass, obj;
@@ -65,15 +65,15 @@ pkey_new0(VALUE arg)
65
65
  }
66
66
 
67
67
  VALUE
68
- ossl_pkey_new(EVP_PKEY *pkey)
68
+ ossl_pkey_wrap(EVP_PKEY *pkey)
69
69
  {
70
70
  VALUE obj;
71
71
  int status;
72
72
 
73
- obj = rb_protect(pkey_new0, (VALUE)pkey, &status);
73
+ obj = rb_protect(pkey_wrap0, (VALUE)pkey, &status);
74
74
  if (status) {
75
- EVP_PKEY_free(pkey);
76
- rb_jump_tag(status);
75
+ EVP_PKEY_free(pkey);
76
+ rb_jump_tag(status);
77
77
  }
78
78
 
79
79
  return obj;
@@ -94,7 +94,8 @@ ossl_pkey_read(BIO *bio, const char *input_type, int selection, VALUE pass)
94
94
  selection, NULL, NULL);
95
95
  if (!dctx)
96
96
  goto out;
97
- if (OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb,
97
+ if (selection == EVP_PKEY_KEYPAIR &&
98
+ OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb,
98
99
  ppass) != 1)
99
100
  goto out;
100
101
  while (1) {
@@ -187,23 +188,23 @@ ossl_pkey_read_generic(BIO *bio, VALUE pass)
187
188
  EVP_PKEY *pkey;
188
189
 
189
190
  if ((pkey = d2i_PrivateKey_bio(bio, NULL)))
190
- goto out;
191
+ goto out;
191
192
  OSSL_BIO_reset(bio);
192
193
  if ((pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, ossl_pem_passwd_cb, ppass)))
193
- goto out;
194
+ goto out;
194
195
  OSSL_BIO_reset(bio);
195
196
  if ((pkey = d2i_PUBKEY_bio(bio, NULL)))
196
- goto out;
197
+ goto out;
197
198
  OSSL_BIO_reset(bio);
198
199
  /* PEM_read_bio_PrivateKey() also parses PKCS #8 formats */
199
200
  if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, ppass)))
200
- goto out;
201
+ goto out;
201
202
  OSSL_BIO_reset(bio);
202
203
  if ((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)))
203
- goto out;
204
+ goto out;
204
205
  OSSL_BIO_reset(bio);
205
206
  if ((pkey = PEM_read_bio_Parameters(bio, NULL)))
206
- goto out;
207
+ goto out;
207
208
 
208
209
  out:
209
210
  return pkey;
@@ -238,8 +239,8 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
238
239
  pkey = ossl_pkey_read_generic(bio, ossl_pem_passwd_value(pass));
239
240
  BIO_free(bio);
240
241
  if (!pkey)
241
- ossl_raise(ePKeyError, "Could not parse PKey");
242
- return ossl_pkey_new(pkey);
242
+ ossl_raise(ePKeyError, "Could not parse PKey");
243
+ return ossl_pkey_wrap(pkey);
243
244
  }
244
245
 
245
246
  static VALUE
@@ -443,7 +444,7 @@ pkey_generate(int argc, VALUE *argv, VALUE self, int genparam)
443
444
  }
444
445
  }
445
446
 
446
- return ossl_pkey_new(gen_arg.pkey);
447
+ return ossl_pkey_wrap(gen_arg.pkey);
447
448
  }
448
449
 
449
450
  /*
@@ -507,7 +508,7 @@ ossl_pkey_s_generate_key(int argc, VALUE *argv, VALUE self)
507
508
  void
508
509
  ossl_pkey_check_public_key(const EVP_PKEY *pkey)
509
510
  {
510
- #if OSSL_OPENSSL_PREREQ(3, 0, 0)
511
+ #ifdef OSSL_HAVE_IMMUTABLE_PKEY
511
512
  if (EVP_PKEY_missing_parameters(pkey))
512
513
  ossl_raise(ePKeyError, "parameters missing");
513
514
  #else
@@ -515,35 +516,34 @@ ossl_pkey_check_public_key(const EVP_PKEY *pkey)
515
516
  const BIGNUM *n, *e, *pubkey;
516
517
 
517
518
  if (EVP_PKEY_missing_parameters(pkey))
518
- ossl_raise(ePKeyError, "parameters missing");
519
+ ossl_raise(ePKeyError, "parameters missing");
519
520
 
520
- /* OpenSSL < 1.1.0 takes non-const pointer */
521
- ptr = EVP_PKEY_get0((EVP_PKEY *)pkey);
521
+ ptr = EVP_PKEY_get0(pkey);
522
522
  switch (EVP_PKEY_base_id(pkey)) {
523
523
  case EVP_PKEY_RSA:
524
- RSA_get0_key(ptr, &n, &e, NULL);
525
- if (n && e)
526
- return;
527
- break;
524
+ RSA_get0_key(ptr, &n, &e, NULL);
525
+ if (n && e)
526
+ return;
527
+ break;
528
528
  case EVP_PKEY_DSA:
529
- DSA_get0_key(ptr, &pubkey, NULL);
530
- if (pubkey)
531
- return;
532
- break;
529
+ DSA_get0_key(ptr, &pubkey, NULL);
530
+ if (pubkey)
531
+ return;
532
+ break;
533
533
  case EVP_PKEY_DH:
534
- DH_get0_key(ptr, &pubkey, NULL);
535
- if (pubkey)
536
- return;
537
- break;
534
+ DH_get0_key(ptr, &pubkey, NULL);
535
+ if (pubkey)
536
+ return;
537
+ break;
538
538
  #if !defined(OPENSSL_NO_EC)
539
539
  case EVP_PKEY_EC:
540
- if (EC_KEY_get0_public_key(ptr))
541
- return;
542
- break;
540
+ if (EC_KEY_get0_public_key(ptr))
541
+ return;
542
+ break;
543
543
  #endif
544
544
  default:
545
- /* unsupported type; assuming ok */
546
- return;
545
+ /* unsupported type; assuming ok */
546
+ return;
547
547
  }
548
548
  ossl_raise(ePKeyError, "public key missing");
549
549
  #endif
@@ -610,12 +610,13 @@ static VALUE
610
610
  ossl_pkey_initialize(VALUE self)
611
611
  {
612
612
  if (rb_obj_is_instance_of(self, cPKey)) {
613
- ossl_raise(rb_eTypeError, "OpenSSL::PKey::PKey can't be instantiated directly");
613
+ ossl_raise(rb_eTypeError, "OpenSSL::PKey::PKey can't be instantiated directly");
614
614
  }
615
615
  return self;
616
616
  }
617
617
 
618
618
  #ifdef HAVE_EVP_PKEY_DUP
619
+ /* :nodoc: */
619
620
  static VALUE
620
621
  ossl_pkey_initialize_copy(VALUE self, VALUE other)
621
622
  {
@@ -635,8 +636,6 @@ ossl_pkey_initialize_copy(VALUE self, VALUE other)
635
636
  }
636
637
  #endif
637
638
 
638
- #ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
639
-
640
639
  #ifndef OSSL_USE_PROVIDER
641
640
  static int
642
641
  lookup_pkey_type(VALUE type)
@@ -689,11 +688,9 @@ ossl_pkey_new_raw_private_key(VALUE self, VALUE type, VALUE key)
689
688
  ossl_raise(ePKeyError, "EVP_PKEY_new_raw_private_key");
690
689
  #endif
691
690
 
692
- return ossl_pkey_new(pkey);
691
+ return ossl_pkey_wrap(pkey);
693
692
  }
694
- #endif
695
693
 
696
- #ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
697
694
  /*
698
695
  * call-seq:
699
696
  * OpenSSL::PKey.new_raw_public_key(algo, string) -> PKey
@@ -723,9 +720,8 @@ ossl_pkey_new_raw_public_key(VALUE self, VALUE type, VALUE key)
723
720
  ossl_raise(ePKeyError, "EVP_PKEY_new_raw_public_key");
724
721
  #endif
725
722
 
726
- return ossl_pkey_new(pkey);
723
+ return ossl_pkey_wrap(pkey);
727
724
  }
728
- #endif
729
725
 
730
726
  /*
731
727
  * call-seq:
@@ -818,44 +814,33 @@ VALUE
818
814
  ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self, int to_der)
819
815
  {
820
816
  EVP_PKEY *pkey;
821
- VALUE cipher, pass;
817
+ VALUE cipher, pass, cipher_holder;
822
818
  const EVP_CIPHER *enc = NULL;
823
819
  BIO *bio;
824
820
 
825
821
  GetPKey(self, pkey);
826
822
  rb_scan_args(argc, argv, "02", &cipher, &pass);
827
823
  if (!NIL_P(cipher)) {
828
- enc = ossl_evp_get_cipherbyname(cipher);
829
- pass = ossl_pem_passwd_value(pass);
824
+ enc = ossl_evp_cipher_fetch(cipher, &cipher_holder);
825
+ pass = ossl_pem_passwd_value(pass);
830
826
  }
831
827
 
832
828
  bio = BIO_new(BIO_s_mem());
833
829
  if (!bio)
834
- ossl_raise(ePKeyError, "BIO_new");
830
+ ossl_raise(ePKeyError, "BIO_new");
835
831
  if (to_der) {
836
- if (!i2d_PrivateKey_bio(bio, pkey)) {
837
- BIO_free(bio);
838
- ossl_raise(ePKeyError, "i2d_PrivateKey_bio");
839
- }
832
+ if (!i2d_PrivateKey_bio(bio, pkey)) {
833
+ BIO_free(bio);
834
+ ossl_raise(ePKeyError, "i2d_PrivateKey_bio");
835
+ }
840
836
  }
841
837
  else {
842
- #if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_LIBRESSL_PREREQ(3, 5, 0)
843
- if (!PEM_write_bio_PrivateKey_traditional(bio, pkey, enc, NULL, 0,
844
- ossl_pem_passwd_cb,
845
- (void *)pass)) {
846
- #else
847
- char pem_str[80];
848
- const char *aname;
849
-
850
- EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &aname, pkey->ameth);
851
- snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY", aname);
852
- if (!PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, pem_str, bio,
853
- pkey, enc, NULL, 0, ossl_pem_passwd_cb,
854
- (void *)pass)) {
855
- #endif
856
- BIO_free(bio);
857
- ossl_raise(ePKeyError, "PEM_write_bio_PrivateKey_traditional");
858
- }
838
+ if (!PEM_write_bio_PrivateKey_traditional(bio, pkey, enc, NULL, 0,
839
+ ossl_pem_passwd_cb,
840
+ (void *)pass)) {
841
+ BIO_free(bio);
842
+ ossl_raise(ePKeyError, "PEM_write_bio_PrivateKey_traditional");
843
+ }
859
844
  }
860
845
  return ossl_membio2str(bio);
861
846
  }
@@ -864,37 +849,37 @@ static VALUE
864
849
  do_pkcs8_export(int argc, VALUE *argv, VALUE self, int to_der)
865
850
  {
866
851
  EVP_PKEY *pkey;
867
- VALUE cipher, pass;
852
+ VALUE cipher, pass, cipher_holder;
868
853
  const EVP_CIPHER *enc = NULL;
869
854
  BIO *bio;
870
855
 
871
856
  GetPKey(self, pkey);
872
857
  rb_scan_args(argc, argv, "02", &cipher, &pass);
873
858
  if (argc > 0) {
874
- /*
875
- * TODO: EncryptedPrivateKeyInfo actually has more options.
876
- * Should they be exposed?
877
- */
878
- enc = ossl_evp_get_cipherbyname(cipher);
879
- pass = ossl_pem_passwd_value(pass);
859
+ /*
860
+ * TODO: EncryptedPrivateKeyInfo actually has more options.
861
+ * Should they be exposed?
862
+ */
863
+ enc = ossl_evp_cipher_fetch(cipher, &cipher_holder);
864
+ pass = ossl_pem_passwd_value(pass);
880
865
  }
881
866
 
882
867
  bio = BIO_new(BIO_s_mem());
883
868
  if (!bio)
884
- ossl_raise(ePKeyError, "BIO_new");
869
+ ossl_raise(ePKeyError, "BIO_new");
885
870
  if (to_der) {
886
- if (!i2d_PKCS8PrivateKey_bio(bio, pkey, enc, NULL, 0,
887
- ossl_pem_passwd_cb, (void *)pass)) {
888
- BIO_free(bio);
889
- ossl_raise(ePKeyError, "i2d_PKCS8PrivateKey_bio");
890
- }
871
+ if (!i2d_PKCS8PrivateKey_bio(bio, pkey, enc, NULL, 0,
872
+ ossl_pem_passwd_cb, (void *)pass)) {
873
+ BIO_free(bio);
874
+ ossl_raise(ePKeyError, "i2d_PKCS8PrivateKey_bio");
875
+ }
891
876
  }
892
877
  else {
893
- if (!PEM_write_bio_PKCS8PrivateKey(bio, pkey, enc, NULL, 0,
894
- ossl_pem_passwd_cb, (void *)pass)) {
895
- BIO_free(bio);
896
- ossl_raise(ePKeyError, "PEM_write_bio_PKCS8PrivateKey");
897
- }
878
+ if (!PEM_write_bio_PKCS8PrivateKey(bio, pkey, enc, NULL, 0,
879
+ ossl_pem_passwd_cb, (void *)pass)) {
880
+ BIO_free(bio);
881
+ ossl_raise(ePKeyError, "PEM_write_bio_PKCS8PrivateKey");
882
+ }
898
883
  }
899
884
  return ossl_membio2str(bio);
900
885
  }
@@ -941,7 +926,6 @@ ossl_pkey_private_to_pem(int argc, VALUE *argv, VALUE self)
941
926
  return do_pkcs8_export(argc, argv, self, 0);
942
927
  }
943
928
 
944
- #ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
945
929
  /*
946
930
  * call-seq:
947
931
  * pkey.raw_private_key => string
@@ -968,7 +952,6 @@ ossl_pkey_raw_private_key(VALUE self)
968
952
 
969
953
  return str;
970
954
  }
971
- #endif
972
955
 
973
956
  VALUE
974
957
  ossl_pkey_export_spki(VALUE self, int to_der)
@@ -980,18 +963,18 @@ ossl_pkey_export_spki(VALUE self, int to_der)
980
963
  ossl_pkey_check_public_key(pkey);
981
964
  bio = BIO_new(BIO_s_mem());
982
965
  if (!bio)
983
- ossl_raise(ePKeyError, "BIO_new");
966
+ ossl_raise(ePKeyError, "BIO_new");
984
967
  if (to_der) {
985
- if (!i2d_PUBKEY_bio(bio, pkey)) {
986
- BIO_free(bio);
987
- ossl_raise(ePKeyError, "i2d_PUBKEY_bio");
988
- }
968
+ if (!i2d_PUBKEY_bio(bio, pkey)) {
969
+ BIO_free(bio);
970
+ ossl_raise(ePKeyError, "i2d_PUBKEY_bio");
971
+ }
989
972
  }
990
973
  else {
991
- if (!PEM_write_bio_PUBKEY(bio, pkey)) {
992
- BIO_free(bio);
993
- ossl_raise(ePKeyError, "PEM_write_bio_PUBKEY");
994
- }
974
+ if (!PEM_write_bio_PUBKEY(bio, pkey)) {
975
+ BIO_free(bio);
976
+ ossl_raise(ePKeyError, "PEM_write_bio_PUBKEY");
977
+ }
995
978
  }
996
979
  return ossl_membio2str(bio);
997
980
  }
@@ -1026,7 +1009,6 @@ ossl_pkey_public_to_pem(VALUE self)
1026
1009
  return ossl_pkey_export_spki(self, 0);
1027
1010
  }
1028
1011
 
1029
- #ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
1030
1012
  /*
1031
1013
  * call-seq:
1032
1014
  * pkey.raw_public_key => string
@@ -1053,7 +1035,6 @@ ossl_pkey_raw_public_key(VALUE self)
1053
1035
 
1054
1036
  return str;
1055
1037
  }
1056
- #endif
1057
1038
 
1058
1039
  /*
1059
1040
  * call-seq:
@@ -1130,7 +1111,7 @@ static VALUE
1130
1111
  ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
1131
1112
  {
1132
1113
  EVP_PKEY *pkey;
1133
- VALUE digest, data, options, sig;
1114
+ VALUE digest, data, options, sig, md_holder;
1134
1115
  const EVP_MD *md = NULL;
1135
1116
  EVP_MD_CTX *ctx;
1136
1117
  EVP_PKEY_CTX *pctx;
@@ -1140,7 +1121,7 @@ ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
1140
1121
  pkey = GetPrivPKeyPtr(self);
1141
1122
  rb_scan_args(argc, argv, "21", &digest, &data, &options);
1142
1123
  if (!NIL_P(digest))
1143
- md = ossl_evp_get_digestbyname(digest);
1124
+ md = ossl_evp_md_fetch(digest, &md_holder);
1144
1125
  StringValue(data);
1145
1126
 
1146
1127
  ctx = EVP_MD_CTX_new();
@@ -1157,7 +1138,6 @@ ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
1157
1138
  rb_jump_tag(state);
1158
1139
  }
1159
1140
  }
1160
- #if OSSL_OPENSSL_PREREQ(1, 1, 1) || OSSL_LIBRESSL_PREREQ(3, 4, 0)
1161
1141
  if (EVP_DigestSign(ctx, NULL, &siglen, (unsigned char *)RSTRING_PTR(data),
1162
1142
  RSTRING_LEN(data)) < 1) {
1163
1143
  EVP_MD_CTX_free(ctx);
@@ -1178,30 +1158,6 @@ ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
1178
1158
  EVP_MD_CTX_free(ctx);
1179
1159
  ossl_raise(ePKeyError, "EVP_DigestSign");
1180
1160
  }
1181
- #else
1182
- if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) < 1) {
1183
- EVP_MD_CTX_free(ctx);
1184
- ossl_raise(ePKeyError, "EVP_DigestSignUpdate");
1185
- }
1186
- if (EVP_DigestSignFinal(ctx, NULL, &siglen) < 1) {
1187
- EVP_MD_CTX_free(ctx);
1188
- ossl_raise(ePKeyError, "EVP_DigestSignFinal");
1189
- }
1190
- if (siglen > LONG_MAX) {
1191
- EVP_MD_CTX_free(ctx);
1192
- rb_raise(ePKeyError, "signature would be too large");
1193
- }
1194
- sig = ossl_str_new(NULL, (long)siglen, &state);
1195
- if (state) {
1196
- EVP_MD_CTX_free(ctx);
1197
- rb_jump_tag(state);
1198
- }
1199
- if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(sig),
1200
- &siglen) < 1) {
1201
- EVP_MD_CTX_free(ctx);
1202
- ossl_raise(ePKeyError, "EVP_DigestSignFinal");
1203
- }
1204
- #endif
1205
1161
  EVP_MD_CTX_free(ctx);
1206
1162
  rb_str_set_len(sig, siglen);
1207
1163
  return sig;
@@ -1234,7 +1190,7 @@ static VALUE
1234
1190
  ossl_pkey_verify(int argc, VALUE *argv, VALUE self)
1235
1191
  {
1236
1192
  EVP_PKEY *pkey;
1237
- VALUE digest, sig, data, options;
1193
+ VALUE digest, sig, data, options, md_holder;
1238
1194
  const EVP_MD *md = NULL;
1239
1195
  EVP_MD_CTX *ctx;
1240
1196
  EVP_PKEY_CTX *pctx;
@@ -1244,7 +1200,7 @@ ossl_pkey_verify(int argc, VALUE *argv, VALUE self)
1244
1200
  rb_scan_args(argc, argv, "31", &digest, &sig, &data, &options);
1245
1201
  ossl_pkey_check_public_key(pkey);
1246
1202
  if (!NIL_P(digest))
1247
- md = ossl_evp_get_digestbyname(digest);
1203
+ md = ossl_evp_md_fetch(digest, &md_holder);
1248
1204
  StringValue(sig);
1249
1205
  StringValue(data);
1250
1206
 
@@ -1262,24 +1218,12 @@ ossl_pkey_verify(int argc, VALUE *argv, VALUE self)
1262
1218
  rb_jump_tag(state);
1263
1219
  }
1264
1220
  }
1265
- #if OSSL_OPENSSL_PREREQ(1, 1, 1) || OSSL_LIBRESSL_PREREQ(3, 4, 0)
1266
1221
  ret = EVP_DigestVerify(ctx, (unsigned char *)RSTRING_PTR(sig),
1267
1222
  RSTRING_LEN(sig), (unsigned char *)RSTRING_PTR(data),
1268
1223
  RSTRING_LEN(data));
1269
1224
  EVP_MD_CTX_free(ctx);
1270
1225
  if (ret < 0)
1271
1226
  ossl_raise(ePKeyError, "EVP_DigestVerify");
1272
- #else
1273
- if (EVP_DigestVerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) < 1) {
1274
- EVP_MD_CTX_free(ctx);
1275
- ossl_raise(ePKeyError, "EVP_DigestVerifyUpdate");
1276
- }
1277
- ret = EVP_DigestVerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig),
1278
- RSTRING_LEN(sig));
1279
- EVP_MD_CTX_free(ctx);
1280
- if (ret < 0)
1281
- ossl_raise(ePKeyError, "EVP_DigestVerifyFinal");
1282
- #endif
1283
1227
  if (ret)
1284
1228
  return Qtrue;
1285
1229
  else {
@@ -1325,7 +1269,7 @@ static VALUE
1325
1269
  ossl_pkey_sign_raw(int argc, VALUE *argv, VALUE self)
1326
1270
  {
1327
1271
  EVP_PKEY *pkey;
1328
- VALUE digest, data, options, sig;
1272
+ VALUE digest, data, options, sig, md_holder;
1329
1273
  const EVP_MD *md = NULL;
1330
1274
  EVP_PKEY_CTX *ctx;
1331
1275
  size_t outlen;
@@ -1334,7 +1278,7 @@ ossl_pkey_sign_raw(int argc, VALUE *argv, VALUE self)
1334
1278
  GetPKey(self, pkey);
1335
1279
  rb_scan_args(argc, argv, "21", &digest, &data, &options);
1336
1280
  if (!NIL_P(digest))
1337
- md = ossl_evp_get_digestbyname(digest);
1281
+ md = ossl_evp_md_fetch(digest, &md_holder);
1338
1282
  StringValue(data);
1339
1283
 
1340
1284
  ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
@@ -1401,7 +1345,7 @@ static VALUE
1401
1345
  ossl_pkey_verify_raw(int argc, VALUE *argv, VALUE self)
1402
1346
  {
1403
1347
  EVP_PKEY *pkey;
1404
- VALUE digest, sig, data, options;
1348
+ VALUE digest, sig, data, options, md_holder;
1405
1349
  const EVP_MD *md = NULL;
1406
1350
  EVP_PKEY_CTX *ctx;
1407
1351
  int state, ret;
@@ -1410,7 +1354,7 @@ ossl_pkey_verify_raw(int argc, VALUE *argv, VALUE self)
1410
1354
  rb_scan_args(argc, argv, "31", &digest, &sig, &data, &options);
1411
1355
  ossl_pkey_check_public_key(pkey);
1412
1356
  if (!NIL_P(digest))
1413
- md = ossl_evp_get_digestbyname(digest);
1357
+ md = ossl_evp_md_fetch(digest, &md_holder);
1414
1358
  StringValue(sig);
1415
1359
  StringValue(data);
1416
1360
 
@@ -1464,7 +1408,7 @@ static VALUE
1464
1408
  ossl_pkey_verify_recover(int argc, VALUE *argv, VALUE self)
1465
1409
  {
1466
1410
  EVP_PKEY *pkey;
1467
- VALUE digest, sig, options, out;
1411
+ VALUE digest, sig, options, out, md_holder;
1468
1412
  const EVP_MD *md = NULL;
1469
1413
  EVP_PKEY_CTX *ctx;
1470
1414
  int state;
@@ -1474,7 +1418,7 @@ ossl_pkey_verify_recover(int argc, VALUE *argv, VALUE self)
1474
1418
  rb_scan_args(argc, argv, "21", &digest, &sig, &options);
1475
1419
  ossl_pkey_check_public_key(pkey);
1476
1420
  if (!NIL_P(digest))
1477
- md = ossl_evp_get_digestbyname(digest);
1421
+ md = ossl_evp_md_fetch(digest, &md_holder);
1478
1422
  StringValue(sig);
1479
1423
 
1480
1424
  ctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
@@ -1714,11 +1658,6 @@ void
1714
1658
  Init_ossl_pkey(void)
1715
1659
  {
1716
1660
  #undef rb_intern
1717
- #if 0
1718
- mOSSL = rb_define_module("OpenSSL");
1719
- eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
1720
- #endif
1721
-
1722
1661
  /* Document-module: OpenSSL::PKey
1723
1662
  *
1724
1663
  * == Asymmetric Public Key Algorithms
@@ -1774,7 +1713,16 @@ Init_ossl_pkey(void)
1774
1713
 
1775
1714
  /* Document-class: OpenSSL::PKey::PKeyError
1776
1715
  *
1777
- *Raised when errors occur during PKey#sign or PKey#verify.
1716
+ * Raised when errors occur during PKey#sign or PKey#verify.
1717
+ *
1718
+ * Before version 4.0.0, OpenSSL::PKey::PKeyError had the following
1719
+ * subclasses. These subclasses have been removed and the constants are
1720
+ * now defined as aliases of OpenSSL::PKey::PKeyError.
1721
+ *
1722
+ * * OpenSSL::PKey::DHError
1723
+ * * OpenSSL::PKey::DSAError
1724
+ * * OpenSSL::PKey::ECError
1725
+ * * OpenSSL::PKey::RSAError
1778
1726
  */
1779
1727
  ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
1780
1728
 
@@ -1792,10 +1740,8 @@ Init_ossl_pkey(void)
1792
1740
  rb_define_module_function(mPKey, "read", ossl_pkey_new_from_data, -1);
1793
1741
  rb_define_module_function(mPKey, "generate_parameters", ossl_pkey_s_generate_parameters, -1);
1794
1742
  rb_define_module_function(mPKey, "generate_key", ossl_pkey_s_generate_key, -1);
1795
- #ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
1796
1743
  rb_define_module_function(mPKey, "new_raw_private_key", ossl_pkey_new_raw_private_key, 2);
1797
1744
  rb_define_module_function(mPKey, "new_raw_public_key", ossl_pkey_new_raw_public_key, 2);
1798
- #endif
1799
1745
 
1800
1746
  rb_define_alloc_func(cPKey, ossl_pkey_alloc);
1801
1747
  rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0);
@@ -1811,10 +1757,8 @@ Init_ossl_pkey(void)
1811
1757
  rb_define_method(cPKey, "private_to_pem", ossl_pkey_private_to_pem, -1);
1812
1758
  rb_define_method(cPKey, "public_to_der", ossl_pkey_public_to_der, 0);
1813
1759
  rb_define_method(cPKey, "public_to_pem", ossl_pkey_public_to_pem, 0);
1814
- #ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
1815
1760
  rb_define_method(cPKey, "raw_private_key", ossl_pkey_raw_private_key, 0);
1816
1761
  rb_define_method(cPKey, "raw_public_key", ossl_pkey_raw_public_key, 0);
1817
- #endif
1818
1762
  rb_define_method(cPKey, "compare?", ossl_pkey_compare, 1);
1819
1763
 
1820
1764
  rb_define_method(cPKey, "sign", ossl_pkey_sign, -1);