Project

General

Profile

Actions
Copy link

Bug #5600

closed

OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC

Added by scaligo (Steve Caligo) over 12 years ago. Updated almost 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]
Backport:
[ruby-core:40853]

Description

Unlike the PKey::DSA and PKey::RSA classes, PKey::EC provides a private_key?() rather than private?() method and is thus incompatible with the other OpenSSL classes that rely on them, i.e. it makes impossible to generate a certificate signing request:

key = OpenSSL::PKey::EC.new('secp521r1')
key.generate_key

req = OpenSSL::X509::Request.new
req.public_key = key
req.subject = OpenSSL::X509::Name.parse('CN=whatever')
req.sign(key, OpenSSL::Digest::SHA384.new)

which produces the error:

in sign': undefined method private?' for #OpenSSL::PKey::EC:0x000000021b4980 (NoMethodError)

ossl_pkey_ec.c should either:

  • rb_define_method() the missing private? and public? methods
  • rename public_key? to public? and private_key? to private?

Judging by the source code, this should be present in branch 1.8 as well.

Related issues 1 (0 open1 closed)

Related to Ruby master - Bug #6567: Let OpenSSL::PKey::EC follow the general PKey interface ClosedActions
Actions
Copy link
 #1 [ruby-core:40854]

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)
  • Target version set to 2.0.0
Actions
Copy link
 #2 [ruby-core:45540]

Updated by MartinBosslet (Martin Bosslet) almost 12 years ago

Unfortunately it's not done by simply renaming the methods appropriately. It still would fail because OpenSSL::PKey::EC#public_key returns an OpenSSL::PKey::EC::Point instead of another OpenSSL::PKey::EC, and as a consequence, there's no reference to an EVP_PKEY that is needed internally. The whole EC interface needs an overhaul. I'll set up a parent task referencing all the issues that piled up since the release of 1.9.3. The goal would be to make EC follow the general PKey interface, allowing to use them interchangeably wherever a PKey instance is expected.

Actions
Copy link
 #3 [ruby-core:52444]

Updated by mame (Yusuke Endoh) about 11 years ago

  • Subject changed from OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC to OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC
  • Target version changed from 2.0.0 to 2.6

It is too late for "an overhaul". Postponing to next minor.

--
Yusuke Endoh

Actions
Copy link
 #4

Updated by adam (Adam M) almost 9 years ago

Any updates on this?

Actions
Copy link
 #5

Updated by zzak (zzak _) over 8 years ago

  • Assignee changed from MartinBosslet (Martin Bosslet) to 7150
Actions
Copy link
 #6 [ruby-core:76037]

Updated by rhenium (Kazuki Yamaguchi) almost 8 years ago

  • Status changed from Assigned to Closed

r55098 (openssl: add OpenSSL::PKey::EC#private? and #public?, 2016-05-21) added OpenSSL::PKey::EC#private?. The code should work now.

Please see also #6567.

Actions
Copy link
 #7

Updated by rhenium (Kazuki Yamaguchi) almost 8 years ago

  • Related to Bug #6567: Let OpenSSL::PKey::EC follow the general PKey interface added
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0