[ruby/openssl] pkey: define and use OSSL_HAVE_IMMUTABLE_PKEY macro

Introduce a useful macro indicating that the low-level struct wrapped in an EVP_PKEY cannot be modified. Currently, the macro is defined for OpenSSL 3.0 or later only. LibreSSL and AWS-LC can follow suit in the future. https://github.com/ruby/openssl/commit/032ed63096
2026-01-27 04:24:23 +00:00 · 2025-01-25 15:50:03 +09:00 · 2025-01-25 15:50:03 +09:00 · 986d9177dd
commit 986d9177dd
parent 00fcef5378
4 changed files with 11 additions and 7 deletions
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@ -74,6 +74,10 @@
 # include <openssl/provider.h>
 #endif

+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_HAVE_IMMUTABLE_PKEY
+#endif
+
 /*
 * Common Module
 */
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@ -508,7 +508,7 @@ ossl_pkey_s_generate_key(int argc, VALUE *argv, VALUE self)
 void
 ossl_pkey_check_public_key(const EVP_PKEY *pkey)
 {
-#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+#ifdef OSSL_HAVE_IMMUTABLE_PKEY
    if (EVP_PKEY_missing_parameters(pkey))
        ossl_raise(ePKeyError, "parameters missing");
 #else
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@ -105,7 +105,7 @@ static VALUE ossl_##_keytype##_get_##_name(VALUE self)			\
 	OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2,			\
 		_type##_get0_##_group(obj, NULL, &bn))

-#if !OSSL_OPENSSL_PREREQ(3, 0, 0)
+#ifndef OSSL_HAVE_IMMUTABLE_PKEY
 #define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)	\
 /*									\
 *  call-seq:								\
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@ -246,7 +246,7 @@ ossl_ec_key_get_group(VALUE self)
 static VALUE
 ossl_ec_key_set_group(VALUE self, VALUE group_v)
 {
-#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+#ifdef OSSL_HAVE_IMMUTABLE_PKEY
    rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
 #else
    EC_KEY *ec;
@ -288,7 +288,7 @@ static VALUE ossl_ec_key_get_private_key(VALUE self)
 */
 static VALUE ossl_ec_key_set_private_key(VALUE self, VALUE private_key)
 {
-#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+#ifdef OSSL_HAVE_IMMUTABLE_PKEY
    rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
 #else
    EC_KEY *ec;
@ -339,7 +339,7 @@ static VALUE ossl_ec_key_get_public_key(VALUE self)
 */
 static VALUE ossl_ec_key_set_public_key(VALUE self, VALUE public_key)
 {
-#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+#ifdef OSSL_HAVE_IMMUTABLE_PKEY
    rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
 #else
    EC_KEY *ec;
@ -511,7 +511,7 @@ ossl_ec_key_to_der(VALUE self)
 */
 static VALUE ossl_ec_key_generate_key(VALUE self)
 {
-#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+#ifdef OSSL_HAVE_IMMUTABLE_PKEY
    rb_raise(ePKeyError, "pkeys are immutable on OpenSSL 3.0");
 #else
    EC_KEY *ec;
@ -1368,7 +1368,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
    GetECPointGroup(self, group);

    rb_warn("OpenSSL::PKey::EC::Point#make_affine! is deprecated");
-#if !OSSL_OPENSSL_PREREQ(3, 0, 0) && !defined(OPENSSL_IS_AWSLC)
+#if !defined(OSSL_HAVE_IMMUTABLE_PKEY) && !defined(OPENSSL_IS_AWSLC)
    if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
        ossl_raise(eEC_POINT, "EC_POINT_make_affine");
 #endif