OpenSSL::PKey::EC.new(nil).generate_key fails with OpenSSL::PKey::PKeyError about openssl HOT 6 CLOSED

Methods on OpenSSL::PKey::{RSA,DSA,DH,EC} that modify the receiver object will not work if ruby/openssl is compiled against OpenSSL (the C library) 3.0 or later. This is a backwards-incompatible change introduced by OpenSSL 3.0 and there is nothing ruby/openssl can do.

Instead of OpenSSL::PKey::EC.new(group_name).generate_key!, please use OpenSSL::PKey::EC.generate(group_name).

from openssl.

The library is actually using generate_key and not generate_key! the issue is that for this one it looks like generate_key is aliased to generated_key! for EC

from openssl.

Yes it is an alias. EC#generate_key was renamed to EC#generate_key! (in 2016, for parity with DH#generate_key!) and the old name was kept as an alias. EC#generate_key always modified the receiver.

from openssl.

Oh I see, I misread the error message I guess OpenSSL::PKey.generate_key is the one to use not specific keys ones anymore. Is that correct?

from openssl.

Thanks a lot for your help and time on this :) This all makes sense. Will open a PR on that r509 gem to modify it's usage.

from openssl.

Yes, the following methods will continue to work and do the same thing:

• OpenSSL::PKey.generate_key("EC", "ec_paramgen_curve" => "prime256v1") (the manpage openssl-genpkey(1) documents ec_paramgen_curve and other optional parameters)
• OpenSSL::PKey::EC.generate("prime256v1")

from openssl.