RubyGems - openssl-additions - Versions diffs - 0.7.1 → 0.8.0 - Mend

openssl-additions 0.7.1 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 960c29488ad97c87c67fa2b6aa7a286a51b4678ab190ebc628a3d55efcb9125a
-  data.tar.gz: 284c3dc79c7325406e06567c7e2c34d6439b3050f8bf25202b088e5a1fe802f7
+  metadata.gz: 9d01b46bfb7b9b7ede0a8bb827bcd9471fc77b9b742e0c05f48e3f087d5825fe
+  data.tar.gz: 997750442f217b63103d55aef642d668f2979075cf8e7d96fd50e4e00e13ee5e
 SHA512:
-  metadata.gz: 578c11f9214f96bb30aed6332fb8893fdd547a66b5d0c6c10fff5df39dbcc5d48d71966dce0f88b2e52344d7ac4cf126fd829939fbf75783b61ae801b93eebb7
-  data.tar.gz: 788e22b2e62c2d1573ce49d4c6de45f56af518f1bb0476e7a83856164480d81a9f3cfbd6cad41b4d801817078069c75d76c7b20d8603ba8f9720bc9d9184fd83
+  metadata.gz: 9baca53d9a137c51dc68e1dc57187864cad7aba656616752a7d5c7d8493a0650372923969313f080623283990e31d81d4fe6ecdf55b28d31b8cb8a5c9e160b1a
+  data.tar.gz: 0a6ce69fa390f8295e81dad132b5994031eeb28fa8df962c6aad957404bf3eb36e7f877a37e9e4d96f82a08b6d95567187bfdc14ed17006d314af85f373aa04d

data/lib/openssl/ssh_pkey.rb CHANGED Viewed

@@ -296,7 +296,7 @@ module OpenSSL::PKey
   end
   def self.decode_public_ssh_key(s)
-    if s =~ /\A(ssh|ecdsa)-[a-z0-9-]+ /
+    if s =~ /\A(sk-)?(ssh|ecdsa)-/
       # WHOOP WHOOP prefixed key detected.
       s = s.split(" ")[1]
     else
@@ -313,27 +313,50 @@ module OpenSSL::PKey
     case parts.first
     when "ssh-rsa"
-      OpenSSL::PKey::RSA.new.tap do |k|
-        # n, e
-        k.set_key(ssh_key_mpi_decode(parts[2]), ssh_key_mpi_decode(parts[1]), nil)
-      end
-    when "ssh-dss"
-      OpenSSL::PKey::DSA.new.tap do |k|
-        # Self-explanatory, one would hope
-        k.set_pqg(ssh_key_mpi_decode(parts[1]), ssh_key_mpi_decode(parts[2]), ssh_key_mpi_decode(parts[3]))
-      end
+      e = ssh_key_mpi_decode(parts[1])
+      n = ssh_key_mpi_decode(parts[2])
+      # OpenSSL 3.0 stole our set_key, so we now have to play silly DER round-trip games... sigh
+      OpenSSL::PKey.read(
+        OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::Sequence.new([
+            OpenSSL::ASN1::ObjectId.new("rsaEncryption"),
+            OpenSSL::ASN1::Null.new(nil),
+          ]),
+          OpenSSL::ASN1::BitString.new(
+            OpenSSL::ASN1::Sequence.new([
+              OpenSSL::ASN1::Integer.new(n),
+              OpenSSL::ASN1::Integer.new(e),
+            ]).to_der
+          ),
+        ]).to_der
+      )
     when /ecdsa-sha2-/
-      begin
-        OpenSSL::PKey::EC.new(SSH_CURVE_NAME_MAP[parts[1]]).tap do |k|
-          k.public_key = OpenSSL::PKey::EC::Point.new(k.group, parts[2])
-        end
-      rescue TypeError
-        raise OpenSSL::PKey::PKeyError.new,
-              "Unknown curve identifier #{parts[1]}"
+      curve_name = SSH_CURVE_NAME_MAP[parts[1]]
+      if curve_name.nil?
+        raise OpenSSL::PKey::PKeyError.new, "Unknown curve identifier #{parts[1]}"
       end
+      point = parts[2]
+      # OpenSSL 3.0 stole our set_key, so we now have to play silly DER round-trip games... sigh
+      OpenSSL::PKey.read(
+        OpenSSL::ASN1::Sequence.new([
+          OpenSSL::ASN1::Sequence.new([
+            OpenSSL::ASN1::ObjectId.new("id-ecPublicKey"),
+            OpenSSL::ASN1::ObjectId.new(curve_name),
+          ]),
+          OpenSSL::ASN1::BitString.new(point),
+        ]).to_der
+      )
+    when "ssh-ed25519", "sk-ssh-ed25519@openssh.com"
+      # The Ruby OpenSSL bindings don't appear to provide a way to directly construct
+      # an ed25519 key from its parts; instead, we've got to encode our own public key
+      # DER and then get OpenSSL to read it.  Thankfully, ed25519 keys aren't too
+      # complicated to construct in DER.
+      OpenSSL::PKey.read(OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::Sequence.new([OpenSSL::ASN1::ObjectId.new("ED25519")]), OpenSSL::ASN1::BitString.new(parts[1])]).to_der)
     else
       raise OpenSSL::PKey::PKeyError,
-            "Unknown key type #{parts.first.inspect}"
+            "Unsupported key type #{parts.first.inspect}"
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openssl-additions
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.8.0
 platform: ruby
 authors:
 - Matt Palmer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-13 00:00:00.000000000 Z
+date: 2024-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler