Forum: Ruby-core [ruby-trunk - Bug #5600][Open] OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC

Issue #5600 has been reported by Steve Caligo.

----------------------------------------
Bug #5600: OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC
http://redmine.ruby-lang.org/issues/5600

Author: Steve Caligo
Status: Open
Priority: Normal
Assignee:
Category: ext
Target version:
ruby -v: ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]


Unlike the PKey::DSA and PKey::RSA classes, PKey::EC provides a 
private_key?() rather than private?() method and is thus incompatible 
with the other OpenSSL classes that rely on them, i.e. it makes 
impossible to generate a certificate signing request:

key = OpenSSL::PKey::EC.new('secp521r1')
key.generate_key

req = OpenSSL::X509::Request.new
req.public_key = key
req.subject = OpenSSL::X509::Name.parse('CN=whatever')
req.sign(key, OpenSSL::Digest::SHA384.new)


which produces the error:

in `sign': undefined method `private?' for 
#<OpenSSL::PKey::EC:0x000000021b4980> (NoMethodError)


ossl_pkey_ec.c should either:
- rb_define_method() the missing private? and public? methods
- rename public_key? to public? and private_key? to private?

Judging by the source code, this should be present in branch 1.8 as 
well.

Issue #5600 has been updated by Martin Bosslet.

Status changed from Open to Assigned
Assignee set to Martin Bosslet
Target version set to 2.0.0


----------------------------------------
Bug #5600: OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC
http://redmine.ruby-lang.org/issues/5600

Author: Steve Caligo
Status: Assigned
Priority: Normal
Assignee: Martin Bosslet
Category: ext
Target version: 2.0.0
ruby -v: ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]


Unlike the PKey::DSA and PKey::RSA classes, PKey::EC provides a 
private_key?() rather than private?() method and is thus incompatible 
with the other OpenSSL classes that rely on them, i.e. it makes 
impossible to generate a certificate signing request:

key = OpenSSL::PKey::EC.new('secp521r1')
key.generate_key

req = OpenSSL::X509::Request.new
req.public_key = key
req.subject = OpenSSL::X509::Name.parse('CN=whatever')
req.sign(key, OpenSSL::Digest::SHA384.new)


which produces the error:

in `sign': undefined method `private?' for 
#<OpenSSL::PKey::EC:0x000000021b4980> (NoMethodError)


ossl_pkey_ec.c should either:
- rb_define_method() the missing private? and public? methods
- rename public_key? to public? and private_key? to private?

Judging by the source code, this should be present in branch 1.8 as 
well.

Issue #5600 has been updated by MartinBosslet (Martin Bosslet).


Unfortunately it's not done by simply renaming the methods 
appropriately. It still would fail because OpenSSL::PKey::EC#public_key 
returns an OpenSSL::PKey::EC::Point instead of another 
OpenSSL::PKey::EC, and as a consequence, there's no reference to an 
EVP_PKEY that is needed internally. The whole EC interface needs an 
overhaul. I'll set up a parent task referencing all the issues that 
piled up since the release of 1.9.3. The goal would be to make EC follow 
the general PKey interface, allowing to use them interchangeably 
wherever a PKey instance is expected.
----------------------------------------
Bug #5600: OpenSSL::X509::Request can't sign() an OpenSSL::PKey::EC
https://bugs.ruby-lang.org/issues/5600#change-27135

Author: scaligo (Steve Caligo)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0
ruby -v: ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]


Unlike the PKey::DSA and PKey::RSA classes, PKey::EC provides a 
private_key?() rather than private?() method and is thus incompatible 
with the other OpenSSL classes that rely on them, i.e. it makes 
impossible to generate a certificate signing request:

key = OpenSSL::PKey::EC.new('secp521r1')
key.generate_key

req = OpenSSL::X509::Request.new
req.public_key = key
req.subject = OpenSSL::X509::Name.parse('CN=whatever')
req.sign(key, OpenSSL::Digest::SHA384.new)


which produces the error:

in `sign': undefined method `private?' for 
#<OpenSSL::PKey::EC:0x000000021b4980> (NoMethodError)


ossl_pkey_ec.c should either:
- rb_define_method() the missing private? and public? methods
- rename public_key? to public? and private_key? to private?

Judging by the source code, this should be present in branch 1.8 as 
well.

Issue #5600 has been updated by mame (Yusuke Endoh).

Subject changed from OpenSSL::X509::Request can't sign() an 
OpenSSL::PKey::EC to OpenSSL::X509::Request can't sign() an 
OpenSSL::PKey::EC
Target version changed from 2.0.0 to next minor

It is too late for "an overhaul".  Postponing to next minor.

--
Yusuke Endoh <mame@tsg.ne.jp>
----------------------------------------
Bug #5600: OpenSSL::X509::Request can&#x27;t sign() an OpenSSL::PKey::EC
https://bugs.ruby-lang.org/issues/5600#change-36510

Author: scaligo (Steve Caligo)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: next minor
ruby -v: ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]


Unlike the PKey::DSA and PKey::RSA classes, PKey::EC provides a 
private_key?() rather than private?() method and is thus incompatible 
with the other OpenSSL classes that rely on them, i.e. it makes 
impossible to generate a certificate signing request:

key = OpenSSL::PKey::EC.new('secp521r1')
key.generate_key

req = OpenSSL::X509::Request.new
req.public_key = key
req.subject = OpenSSL::X509::Name.parse('CN=whatever')
req.sign(key, OpenSSL::Digest::SHA384.new)


which produces the error:

in `sign': undefined method `private?' for 
#<OpenSSL::PKey::EC:0x000000021b4980> (NoMethodError)


ossl_pkey_ec.c should either:
- rb_define_method() the missing private? and public? methods
- rename public_key? to public? and private_key? to private?

Judging by the source code, this should be present in branch 1.8 as 
well.