[ruby/openssl] Workaround: Fix OpenSSL::PKey.read that cannot parse PKey in the FIPS mode.
This commit is a workaround to avoid the error below that the OpenSSL::PKey.read fails with the OpenSSL 3.0 FIPS mode.
$ openssl genrsa -out key.pem 4096 $ ruby -e "require 'openssl'; OpenSSL::PKey.read(File.read('key.pem'))" -e:1:in `read': Could not parse PKey (OpenSSL::PKey::PKeyError) from -e:1:in `<main>'
The root cause is on the OpenSSL side. The OSSL_DECODER_CTX_set_selection doesn't apply the selection value properly if there are multiple providers, and a provider (e.g. "base" provider) handles the decoder implementation, and another provider (e.g. "fips" provider) handles the keys.
The workaround is to create OSSL_DECODER_CTX variable each time without using the OSSL_DECODER_CTX_set_selection.
[ruby/openssl] Workaround: Fix OpenSSL::PKey.read that cannot parse PKey in the FIPS mode.
This commit is a workaround to avoid the error below that the
OpenSSL::PKey.readfails with the OpenSSL 3.0 FIPS mode.The root cause is on the OpenSSL side. The
OSSL_DECODER_CTX_set_selectiondoesn't apply the selection value properly if there are multiple providers, and
a provider (e.g. "base" provider) handles the decoder implementation, and
another provider (e.g. "fips" provider) handles the keys.
The workaround is to create
OSSL_DECODER_CTXvariable each time without usingthe
OSSL_DECODER_CTX_set_selection.https://github.com/ruby/openssl/commit/5ff4a31621