Merge branch 'maint-3.1' into maint-3.2

rhenium · rhenium · commit 594ad6522e8f · 2025-10-27T15:16:57.000+09:00
* maint-3.1:
  Ruby/OpenSSL 3.1.3
  Check NULL values for deprecated EVP_PKEY_get0() functions
diff --git a/History.md b/History.md
@@ -50,6 +50,16 @@ Notable changes
   [[GitHub #141]](https://github.com/ruby/openssl/pull/141)
 
 
+Version 3.1.3
+=============
+
+Bug fixes
+---------
+
+* Fix missing NULL check for `EVP_PKEY_get0()` functions with OpenSSL 3.x.
+  [[GitHub #957]](https://github.com/ruby/openssl/pull/957)
+
+
 Version 3.1.2
 =============
 
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
@@ -21,6 +21,8 @@
     EVP_PKEY *_pkey; \
     GetPKeyDH((obj), _pkey); \
     (dh) = EVP_PKEY_get0_DH(_pkey); \
+    if ((dh) == NULL) \
+        ossl_raise(eDHError, "failed to get DH from EVP_PKEY"); \
 } while (0)
 
 /*
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
@@ -21,6 +21,8 @@
     EVP_PKEY *_pkey; \
     GetPKeyDSA((obj), _pkey); \
     (dsa) = EVP_PKEY_get0_DSA(_pkey); \
+    if ((dsa) == NULL) \
+        ossl_raise(eDSAError, "failed to get DSA from EVP_PKEY"); \
 } while (0)
 
 static inline int
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
@@ -22,6 +22,8 @@ static const rb_data_type_t ossl_ec_point_type;
     EVP_PKEY *_pkey; \
     GetPKeyEC(obj, _pkey); \
     (key) = EVP_PKEY_get0_EC_KEY(_pkey); \
+    if ((key) == NULL) \
+        ossl_raise(eECError, "failed to get EC_KEY from EVP_PKEY"); \
 } while (0)
 
 #define GetECGroup(obj, group) do { \
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
@@ -21,6 +21,8 @@
     EVP_PKEY *_pkey; \
     GetPKeyRSA((obj), _pkey); \
     (rsa) = EVP_PKEY_get0_RSA(_pkey); \
+    if ((rsa) == NULL) \
+        ossl_raise(eRSAError, "failed to get RSA from EVP_PKEY"); \
 } while (0)
 
 static inline int
