openssl 2.2.1 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +32 -44
- data/History.md +103 -1
- data/ext/openssl/extconf.rb +24 -26
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +26 -45
- data/ext/openssl/ossl.c +59 -46
- data/ext/openssl/ossl.h +20 -6
- data/ext/openssl/ossl_asn1.c +16 -4
- data/ext/openssl/ossl_bn.c +188 -126
- data/ext/openssl/ossl_cipher.c +11 -11
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +9 -9
- data/ext/openssl/ossl_engine.c +16 -15
- data/ext/openssl/ossl_hmac.c +48 -135
- data/ext/openssl/ossl_kdf.c +8 -0
- data/ext/openssl/ossl_ocsp.c +3 -51
- data/ext/openssl/ossl_pkcs12.c +21 -3
- data/ext/openssl/ossl_pkcs7.c +42 -59
- data/ext/openssl/ossl_pkey.c +1102 -191
- data/ext/openssl/ossl_pkey.h +35 -72
- data/ext/openssl/ossl_pkey_dh.c +124 -334
- data/ext/openssl/ossl_pkey_dsa.c +93 -398
- data/ext/openssl/ossl_pkey_ec.c +126 -318
- data/ext/openssl/ossl_pkey_rsa.c +100 -487
- data/ext/openssl/ossl_ssl.c +256 -355
- data/ext/openssl/ossl_ssl_session.c +24 -29
- data/ext/openssl/ossl_ts.c +35 -20
- data/ext/openssl/ossl_x509.c +0 -6
- data/ext/openssl/ossl_x509cert.c +164 -8
- data/ext/openssl/ossl_x509crl.c +10 -7
- data/ext/openssl/ossl_x509ext.c +1 -2
- data/ext/openssl/ossl_x509name.c +9 -2
- data/ext/openssl/ossl_x509req.c +10 -7
- data/ext/openssl/ossl_x509store.c +154 -70
- data/lib/openssl/buffering.rb +9 -0
- data/lib/openssl/hmac.rb +65 -0
- data/lib/openssl/pkey.rb +417 -0
- data/lib/openssl/ssl.rb +7 -7
- data/lib/openssl/version.rb +1 -1
- data/lib/openssl/x509.rb +22 -0
- data/lib/openssl.rb +0 -1
- metadata +4 -76
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -501
data/ext/openssl/ossl_pkey_rsa.c
CHANGED
@@ -44,175 +44,31 @@ RSA_PRIVATE(VALUE obj, RSA *rsa)
|
|
44
44
|
VALUE cRSA;
|
45
45
|
VALUE eRSAError;
|
46
46
|
|
47
|
-
/*
|
48
|
-
* Public
|
49
|
-
*/
|
50
|
-
static VALUE
|
51
|
-
rsa_instance(VALUE klass, RSA *rsa)
|
52
|
-
{
|
53
|
-
EVP_PKEY *pkey;
|
54
|
-
VALUE obj;
|
55
|
-
|
56
|
-
if (!rsa) {
|
57
|
-
return Qfalse;
|
58
|
-
}
|
59
|
-
obj = NewPKey(klass);
|
60
|
-
if (!(pkey = EVP_PKEY_new())) {
|
61
|
-
return Qfalse;
|
62
|
-
}
|
63
|
-
if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
|
64
|
-
EVP_PKEY_free(pkey);
|
65
|
-
return Qfalse;
|
66
|
-
}
|
67
|
-
SetPKey(obj, pkey);
|
68
|
-
|
69
|
-
return obj;
|
70
|
-
}
|
71
|
-
|
72
|
-
VALUE
|
73
|
-
ossl_rsa_new(EVP_PKEY *pkey)
|
74
|
-
{
|
75
|
-
VALUE obj;
|
76
|
-
|
77
|
-
if (!pkey) {
|
78
|
-
obj = rsa_instance(cRSA, RSA_new());
|
79
|
-
}
|
80
|
-
else {
|
81
|
-
obj = NewPKey(cRSA);
|
82
|
-
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
|
83
|
-
ossl_raise(rb_eTypeError, "Not a RSA key!");
|
84
|
-
}
|
85
|
-
SetPKey(obj, pkey);
|
86
|
-
}
|
87
|
-
if (obj == Qfalse) {
|
88
|
-
ossl_raise(eRSAError, NULL);
|
89
|
-
}
|
90
|
-
|
91
|
-
return obj;
|
92
|
-
}
|
93
|
-
|
94
47
|
/*
|
95
48
|
* Private
|
96
49
|
*/
|
97
|
-
struct rsa_blocking_gen_arg {
|
98
|
-
RSA *rsa;
|
99
|
-
BIGNUM *e;
|
100
|
-
int size;
|
101
|
-
BN_GENCB *cb;
|
102
|
-
int result;
|
103
|
-
};
|
104
|
-
|
105
|
-
static void *
|
106
|
-
rsa_blocking_gen(void *arg)
|
107
|
-
{
|
108
|
-
struct rsa_blocking_gen_arg *gen = (struct rsa_blocking_gen_arg *)arg;
|
109
|
-
gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb);
|
110
|
-
return 0;
|
111
|
-
}
|
112
|
-
|
113
|
-
static RSA *
|
114
|
-
rsa_generate(int size, unsigned long exp)
|
115
|
-
{
|
116
|
-
int i;
|
117
|
-
struct ossl_generate_cb_arg cb_arg = { 0 };
|
118
|
-
struct rsa_blocking_gen_arg gen_arg;
|
119
|
-
RSA *rsa = RSA_new();
|
120
|
-
BIGNUM *e = BN_new();
|
121
|
-
BN_GENCB *cb = BN_GENCB_new();
|
122
|
-
|
123
|
-
if (!rsa || !e || !cb) {
|
124
|
-
RSA_free(rsa);
|
125
|
-
BN_free(e);
|
126
|
-
BN_GENCB_free(cb);
|
127
|
-
return NULL;
|
128
|
-
}
|
129
|
-
for (i = 0; i < (int)sizeof(exp) * 8; ++i) {
|
130
|
-
if (exp & (1UL << i)) {
|
131
|
-
if (BN_set_bit(e, i) == 0) {
|
132
|
-
BN_free(e);
|
133
|
-
RSA_free(rsa);
|
134
|
-
BN_GENCB_free(cb);
|
135
|
-
return NULL;
|
136
|
-
}
|
137
|
-
}
|
138
|
-
}
|
139
|
-
|
140
|
-
if (rb_block_given_p())
|
141
|
-
cb_arg.yield = 1;
|
142
|
-
BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
|
143
|
-
gen_arg.rsa = rsa;
|
144
|
-
gen_arg.e = e;
|
145
|
-
gen_arg.size = size;
|
146
|
-
gen_arg.cb = cb;
|
147
|
-
if (cb_arg.yield == 1) {
|
148
|
-
/* we cannot release GVL when callback proc is supplied */
|
149
|
-
rsa_blocking_gen(&gen_arg);
|
150
|
-
} else {
|
151
|
-
/* there's a chance to unblock */
|
152
|
-
rb_thread_call_without_gvl(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
|
153
|
-
}
|
154
|
-
|
155
|
-
BN_GENCB_free(cb);
|
156
|
-
BN_free(e);
|
157
|
-
if (!gen_arg.result) {
|
158
|
-
RSA_free(rsa);
|
159
|
-
if (cb_arg.state) {
|
160
|
-
/* must clear OpenSSL error stack */
|
161
|
-
ossl_clear_error();
|
162
|
-
rb_jump_tag(cb_arg.state);
|
163
|
-
}
|
164
|
-
return NULL;
|
165
|
-
}
|
166
|
-
|
167
|
-
return rsa;
|
168
|
-
}
|
169
|
-
|
170
50
|
/*
|
171
51
|
* call-seq:
|
172
|
-
* RSA.
|
173
|
-
* RSA.
|
52
|
+
* RSA.new -> rsa
|
53
|
+
* RSA.new(encoded_key [, passphrase]) -> rsa
|
54
|
+
* RSA.new(encoded_key) { passphrase } -> rsa
|
55
|
+
* RSA.new(size [, exponent]) -> rsa
|
174
56
|
*
|
175
|
-
* Generates an RSA keypair.
|
176
|
-
* size. Keys smaller than 1024 should be considered insecure. _exponent_ is
|
177
|
-
* an odd number normally 3, 17, or 65537.
|
178
|
-
*/
|
179
|
-
static VALUE
|
180
|
-
ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass)
|
181
|
-
{
|
182
|
-
/* why does this method exist? why can't initialize take an optional exponent? */
|
183
|
-
RSA *rsa;
|
184
|
-
VALUE size, exp;
|
185
|
-
VALUE obj;
|
186
|
-
|
187
|
-
rb_scan_args(argc, argv, "11", &size, &exp);
|
188
|
-
|
189
|
-
rsa = rsa_generate(NUM2INT(size), NIL_P(exp) ? RSA_F4 : NUM2ULONG(exp)); /* err handled by rsa_instance */
|
190
|
-
obj = rsa_instance(klass, rsa);
|
191
|
-
|
192
|
-
if (obj == Qfalse) {
|
193
|
-
RSA_free(rsa);
|
194
|
-
ossl_raise(eRSAError, NULL);
|
195
|
-
}
|
196
|
-
|
197
|
-
return obj;
|
198
|
-
}
|
199
|
-
|
200
|
-
/*
|
201
|
-
* call-seq:
|
202
|
-
* RSA.new(key_size) => RSA instance
|
203
|
-
* RSA.new(encoded_key) => RSA instance
|
204
|
-
* RSA.new(encoded_key, pass_phrase) => RSA instance
|
57
|
+
* Generates or loads an \RSA keypair.
|
205
58
|
*
|
206
|
-
*
|
207
|
-
*
|
208
|
-
*
|
59
|
+
* If called without arguments, creates a new instance with no key components
|
60
|
+
* set. They can be set individually by #set_key, #set_factors, and
|
61
|
+
* #set_crt_params.
|
209
62
|
*
|
210
|
-
*
|
211
|
-
*
|
212
|
-
* OpenSSL will prompt for
|
63
|
+
* If called with a String, tries to parse as DER or PEM encoding of an \RSA key.
|
64
|
+
* Note that, if _passphrase_ is not specified but the key is encrypted with a
|
65
|
+
* passphrase, \OpenSSL will prompt for it.
|
66
|
+
* See also OpenSSL::PKey.read which can parse keys of any kinds.
|
213
67
|
*
|
214
|
-
*
|
68
|
+
* If called with a number, generates a new key pair. This form works as an
|
69
|
+
* alias of RSA.generate.
|
215
70
|
*
|
71
|
+
* Examples:
|
216
72
|
* OpenSSL::PKey::RSA.new 2048
|
217
73
|
* OpenSSL::PKey::RSA.new File.read 'rsa.pem'
|
218
74
|
* OpenSSL::PKey::RSA.new File.read('rsa.pem'), 'my pass phrase'
|
@@ -222,74 +78,91 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
222
78
|
{
|
223
79
|
EVP_PKEY *pkey;
|
224
80
|
RSA *rsa;
|
225
|
-
BIO *in;
|
81
|
+
BIO *in = NULL;
|
226
82
|
VALUE arg, pass;
|
83
|
+
int type;
|
227
84
|
|
228
|
-
|
229
|
-
if(
|
85
|
+
TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey);
|
86
|
+
if (pkey)
|
87
|
+
rb_raise(rb_eTypeError, "pkey already initialized");
|
88
|
+
|
89
|
+
/* The RSA.new(size, generator) form is handled by lib/openssl/pkey.rb */
|
90
|
+
rb_scan_args(argc, argv, "02", &arg, &pass);
|
91
|
+
if (argc == 0) {
|
230
92
|
rsa = RSA_new();
|
93
|
+
if (!rsa)
|
94
|
+
ossl_raise(eRSAError, "RSA_new");
|
95
|
+
goto legacy;
|
231
96
|
}
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
if (!rsa) {
|
258
|
-
OSSL_BIO_reset(in);
|
259
|
-
rsa = d2i_RSAPublicKey_bio(in, NULL);
|
260
|
-
}
|
261
|
-
BIO_free(in);
|
262
|
-
if (!rsa) {
|
263
|
-
ossl_raise(eRSAError, "Neither PUB key nor PRIV key");
|
264
|
-
}
|
265
|
-
}
|
266
|
-
if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
|
267
|
-
RSA_free(rsa);
|
268
|
-
ossl_raise(eRSAError, NULL);
|
97
|
+
|
98
|
+
pass = ossl_pem_passwd_value(pass);
|
99
|
+
arg = ossl_to_der_if_possible(arg);
|
100
|
+
in = ossl_obj2bio(&arg);
|
101
|
+
|
102
|
+
/* First try RSAPublicKey format */
|
103
|
+
rsa = d2i_RSAPublicKey_bio(in, NULL);
|
104
|
+
if (rsa)
|
105
|
+
goto legacy;
|
106
|
+
OSSL_BIO_reset(in);
|
107
|
+
rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
|
108
|
+
if (rsa)
|
109
|
+
goto legacy;
|
110
|
+
OSSL_BIO_reset(in);
|
111
|
+
|
112
|
+
/* Use the generic routine */
|
113
|
+
pkey = ossl_pkey_read_generic(in, pass);
|
114
|
+
BIO_free(in);
|
115
|
+
if (!pkey)
|
116
|
+
ossl_raise(eRSAError, "Neither PUB key nor PRIV key");
|
117
|
+
|
118
|
+
type = EVP_PKEY_base_id(pkey);
|
119
|
+
if (type != EVP_PKEY_RSA) {
|
120
|
+
EVP_PKEY_free(pkey);
|
121
|
+
rb_raise(eRSAError, "incorrect pkey type: %s", OBJ_nid2sn(type));
|
269
122
|
}
|
123
|
+
RTYPEDDATA_DATA(self) = pkey;
|
124
|
+
return self;
|
270
125
|
|
126
|
+
legacy:
|
127
|
+
BIO_free(in);
|
128
|
+
pkey = EVP_PKEY_new();
|
129
|
+
if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa) != 1) {
|
130
|
+
EVP_PKEY_free(pkey);
|
131
|
+
RSA_free(rsa);
|
132
|
+
ossl_raise(eRSAError, "EVP_PKEY_assign_RSA");
|
133
|
+
}
|
134
|
+
RTYPEDDATA_DATA(self) = pkey;
|
271
135
|
return self;
|
272
136
|
}
|
273
137
|
|
138
|
+
#ifndef HAVE_EVP_PKEY_DUP
|
274
139
|
static VALUE
|
275
140
|
ossl_rsa_initialize_copy(VALUE self, VALUE other)
|
276
141
|
{
|
277
142
|
EVP_PKEY *pkey;
|
278
143
|
RSA *rsa, *rsa_new;
|
279
144
|
|
280
|
-
|
281
|
-
if (
|
282
|
-
|
145
|
+
TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey);
|
146
|
+
if (pkey)
|
147
|
+
rb_raise(rb_eTypeError, "pkey already initialized");
|
283
148
|
GetRSA(other, rsa);
|
284
149
|
|
285
|
-
rsa_new = ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey,
|
150
|
+
rsa_new = (RSA *)ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey,
|
151
|
+
(d2i_of_void *)d2i_RSAPrivateKey,
|
152
|
+
(char *)rsa);
|
286
153
|
if (!rsa_new)
|
287
154
|
ossl_raise(eRSAError, "ASN1_dup");
|
288
155
|
|
289
|
-
|
156
|
+
pkey = EVP_PKEY_new();
|
157
|
+
if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa_new) != 1) {
|
158
|
+
RSA_free(rsa_new);
|
159
|
+
ossl_raise(eRSAError, "EVP_PKEY_assign_RSA");
|
160
|
+
}
|
161
|
+
RTYPEDDATA_DATA(self) = pkey;
|
290
162
|
|
291
163
|
return self;
|
292
164
|
}
|
165
|
+
#endif
|
293
166
|
|
294
167
|
/*
|
295
168
|
* call-seq:
|
@@ -327,221 +200,53 @@ ossl_rsa_is_private(VALUE self)
|
|
327
200
|
return RSA_PRIVATE(self, rsa) ? Qtrue : Qfalse;
|
328
201
|
}
|
329
202
|
|
330
|
-
|
331
|
-
|
332
|
-
* rsa.export([cipher, pass_phrase]) => PEM-format String
|
333
|
-
* rsa.to_pem([cipher, pass_phrase]) => PEM-format String
|
334
|
-
* rsa.to_s([cipher, pass_phrase]) => PEM-format String
|
335
|
-
*
|
336
|
-
* Outputs this keypair in PEM encoding. If _cipher_ and _pass_phrase_ are
|
337
|
-
* given they will be used to encrypt the key. _cipher_ must be an
|
338
|
-
* OpenSSL::Cipher instance.
|
339
|
-
*/
|
340
|
-
static VALUE
|
341
|
-
ossl_rsa_export(int argc, VALUE *argv, VALUE self)
|
203
|
+
static int
|
204
|
+
can_export_rsaprivatekey(VALUE self)
|
342
205
|
{
|
343
206
|
RSA *rsa;
|
344
207
|
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
|
345
|
-
BIO *out;
|
346
|
-
const EVP_CIPHER *ciph = NULL;
|
347
|
-
VALUE cipher, pass, str;
|
348
208
|
|
349
209
|
GetRSA(self, rsa);
|
350
210
|
|
351
|
-
rb_scan_args(argc, argv, "02", &cipher, &pass);
|
352
|
-
|
353
|
-
if (!NIL_P(cipher)) {
|
354
|
-
ciph = ossl_evp_get_cipherbyname(cipher);
|
355
|
-
pass = ossl_pem_passwd_value(pass);
|
356
|
-
}
|
357
|
-
if (!(out = BIO_new(BIO_s_mem()))) {
|
358
|
-
ossl_raise(eRSAError, NULL);
|
359
|
-
}
|
360
211
|
RSA_get0_key(rsa, &n, &e, &d);
|
361
212
|
RSA_get0_factors(rsa, &p, &q);
|
362
213
|
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
|
363
|
-
if (n && e && d && p && q && dmp1 && dmq1 && iqmp) {
|
364
|
-
if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0,
|
365
|
-
ossl_pem_passwd_cb, (void *)pass)) {
|
366
|
-
BIO_free(out);
|
367
|
-
ossl_raise(eRSAError, NULL);
|
368
|
-
}
|
369
|
-
} else {
|
370
|
-
if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) {
|
371
|
-
BIO_free(out);
|
372
|
-
ossl_raise(eRSAError, NULL);
|
373
|
-
}
|
374
|
-
}
|
375
|
-
str = ossl_membio2str(out);
|
376
214
|
|
377
|
-
return
|
215
|
+
return n && e && d && p && q && dmp1 && dmq1 && iqmp;
|
378
216
|
}
|
379
217
|
|
380
218
|
/*
|
381
219
|
* call-seq:
|
382
|
-
* rsa.
|
220
|
+
* rsa.export([cipher, pass_phrase]) => PEM-format String
|
221
|
+
* rsa.to_pem([cipher, pass_phrase]) => PEM-format String
|
222
|
+
* rsa.to_s([cipher, pass_phrase]) => PEM-format String
|
383
223
|
*
|
384
|
-
* Outputs this keypair in
|
224
|
+
* Outputs this keypair in PEM encoding. If _cipher_ and _pass_phrase_ are
|
225
|
+
* given they will be used to encrypt the key. _cipher_ must be an
|
226
|
+
* OpenSSL::Cipher instance.
|
385
227
|
*/
|
386
228
|
static VALUE
|
387
|
-
|
229
|
+
ossl_rsa_export(int argc, VALUE *argv, VALUE self)
|
388
230
|
{
|
389
|
-
|
390
|
-
|
391
|
-
int (*i2d_func)(const RSA *, unsigned char **);
|
392
|
-
unsigned char *ptr;
|
393
|
-
long len;
|
394
|
-
VALUE str;
|
395
|
-
|
396
|
-
GetRSA(self, rsa);
|
397
|
-
RSA_get0_key(rsa, &n, &e, &d);
|
398
|
-
RSA_get0_factors(rsa, &p, &q);
|
399
|
-
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
|
400
|
-
if (n && e && d && p && q && dmp1 && dmq1 && iqmp)
|
401
|
-
i2d_func = i2d_RSAPrivateKey;
|
231
|
+
if (can_export_rsaprivatekey(self))
|
232
|
+
return ossl_pkey_export_traditional(argc, argv, self, 0);
|
402
233
|
else
|
403
|
-
|
404
|
-
if((len = i2d_func(rsa, NULL)) <= 0)
|
405
|
-
ossl_raise(eRSAError, NULL);
|
406
|
-
str = rb_str_new(0, len);
|
407
|
-
ptr = (unsigned char *)RSTRING_PTR(str);
|
408
|
-
if(i2d_func(rsa, &ptr) < 0)
|
409
|
-
ossl_raise(eRSAError, NULL);
|
410
|
-
ossl_str_adjust(str, ptr);
|
411
|
-
|
412
|
-
return str;
|
234
|
+
return ossl_pkey_export_spki(self, 0);
|
413
235
|
}
|
414
236
|
|
415
237
|
/*
|
416
238
|
* call-seq:
|
417
|
-
* rsa.
|
418
|
-
* rsa.public_encrypt(string, padding) => String
|
419
|
-
*
|
420
|
-
* Encrypt _string_ with the public key. _padding_ defaults to PKCS1_PADDING.
|
421
|
-
* The encrypted string output can be decrypted using #private_decrypt.
|
422
|
-
*/
|
423
|
-
static VALUE
|
424
|
-
ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
|
425
|
-
{
|
426
|
-
RSA *rsa;
|
427
|
-
const BIGNUM *rsa_n;
|
428
|
-
int buf_len, pad;
|
429
|
-
VALUE str, buffer, padding;
|
430
|
-
|
431
|
-
GetRSA(self, rsa);
|
432
|
-
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
433
|
-
if (!rsa_n)
|
434
|
-
ossl_raise(eRSAError, "incomplete RSA");
|
435
|
-
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
436
|
-
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
437
|
-
StringValue(buffer);
|
438
|
-
str = rb_str_new(0, RSA_size(rsa));
|
439
|
-
buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
440
|
-
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
441
|
-
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
442
|
-
rb_str_set_len(str, buf_len);
|
443
|
-
|
444
|
-
return str;
|
445
|
-
}
|
446
|
-
|
447
|
-
/*
|
448
|
-
* call-seq:
|
449
|
-
* rsa.public_decrypt(string) => String
|
450
|
-
* rsa.public_decrypt(string, padding) => String
|
451
|
-
*
|
452
|
-
* Decrypt _string_, which has been encrypted with the private key, with the
|
453
|
-
* public key. _padding_ defaults to PKCS1_PADDING.
|
454
|
-
*/
|
455
|
-
static VALUE
|
456
|
-
ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
|
457
|
-
{
|
458
|
-
RSA *rsa;
|
459
|
-
const BIGNUM *rsa_n;
|
460
|
-
int buf_len, pad;
|
461
|
-
VALUE str, buffer, padding;
|
462
|
-
|
463
|
-
GetRSA(self, rsa);
|
464
|
-
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
465
|
-
if (!rsa_n)
|
466
|
-
ossl_raise(eRSAError, "incomplete RSA");
|
467
|
-
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
468
|
-
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
469
|
-
StringValue(buffer);
|
470
|
-
str = rb_str_new(0, RSA_size(rsa));
|
471
|
-
buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
472
|
-
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
473
|
-
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
474
|
-
rb_str_set_len(str, buf_len);
|
475
|
-
|
476
|
-
return str;
|
477
|
-
}
|
478
|
-
|
479
|
-
/*
|
480
|
-
* call-seq:
|
481
|
-
* rsa.private_encrypt(string) => String
|
482
|
-
* rsa.private_encrypt(string, padding) => String
|
483
|
-
*
|
484
|
-
* Encrypt _string_ with the private key. _padding_ defaults to PKCS1_PADDING.
|
485
|
-
* The encrypted string output can be decrypted using #public_decrypt.
|
486
|
-
*/
|
487
|
-
static VALUE
|
488
|
-
ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
|
489
|
-
{
|
490
|
-
RSA *rsa;
|
491
|
-
const BIGNUM *rsa_n;
|
492
|
-
int buf_len, pad;
|
493
|
-
VALUE str, buffer, padding;
|
494
|
-
|
495
|
-
GetRSA(self, rsa);
|
496
|
-
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
497
|
-
if (!rsa_n)
|
498
|
-
ossl_raise(eRSAError, "incomplete RSA");
|
499
|
-
if (!RSA_PRIVATE(self, rsa))
|
500
|
-
ossl_raise(eRSAError, "private key needed.");
|
501
|
-
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
502
|
-
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
503
|
-
StringValue(buffer);
|
504
|
-
str = rb_str_new(0, RSA_size(rsa));
|
505
|
-
buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
506
|
-
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
507
|
-
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
508
|
-
rb_str_set_len(str, buf_len);
|
509
|
-
|
510
|
-
return str;
|
511
|
-
}
|
512
|
-
|
513
|
-
/*
|
514
|
-
* call-seq:
|
515
|
-
* rsa.private_decrypt(string) => String
|
516
|
-
* rsa.private_decrypt(string, padding) => String
|
239
|
+
* rsa.to_der => DER-format String
|
517
240
|
*
|
518
|
-
*
|
519
|
-
* private key. _padding_ defaults to PKCS1_PADDING.
|
241
|
+
* Outputs this keypair in DER encoding.
|
520
242
|
*/
|
521
243
|
static VALUE
|
522
|
-
|
244
|
+
ossl_rsa_to_der(VALUE self)
|
523
245
|
{
|
524
|
-
|
525
|
-
|
526
|
-
|
527
|
-
|
528
|
-
|
529
|
-
GetRSA(self, rsa);
|
530
|
-
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
531
|
-
if (!rsa_n)
|
532
|
-
ossl_raise(eRSAError, "incomplete RSA");
|
533
|
-
if (!RSA_PRIVATE(self, rsa))
|
534
|
-
ossl_raise(eRSAError, "private key needed.");
|
535
|
-
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
536
|
-
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
537
|
-
StringValue(buffer);
|
538
|
-
str = rb_str_new(0, RSA_size(rsa));
|
539
|
-
buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
540
|
-
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
541
|
-
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
542
|
-
rb_str_set_len(str, buf_len);
|
543
|
-
|
544
|
-
return str;
|
246
|
+
if (can_export_rsaprivatekey(self))
|
247
|
+
return ossl_pkey_export_traditional(0, NULL, self, 1);
|
248
|
+
else
|
249
|
+
return ossl_pkey_export_spki(self, 1);
|
545
250
|
}
|
546
251
|
|
547
252
|
/*
|
@@ -573,7 +278,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
|
|
573
278
|
* data = "Sign me!"
|
574
279
|
* pkey = OpenSSL::PKey::RSA.new(2048)
|
575
280
|
* signature = pkey.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA256")
|
576
|
-
* pub_key = pkey.
|
281
|
+
* pub_key = OpenSSL::PKey.read(pkey.public_to_der)
|
577
282
|
* puts pub_key.verify_pss("SHA256", signature, data,
|
578
283
|
* salt_length: :auto, mgf1_hash: "SHA256") # => true
|
579
284
|
*/
|
@@ -770,88 +475,6 @@ ossl_rsa_get_params(VALUE self)
|
|
770
475
|
return hash;
|
771
476
|
}
|
772
477
|
|
773
|
-
/*
|
774
|
-
* call-seq:
|
775
|
-
* rsa.to_text => String
|
776
|
-
*
|
777
|
-
* THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
|
778
|
-
*
|
779
|
-
* Dumps all parameters of a keypair to a String
|
780
|
-
*
|
781
|
-
* Don't use :-)) (It's up to you)
|
782
|
-
*/
|
783
|
-
static VALUE
|
784
|
-
ossl_rsa_to_text(VALUE self)
|
785
|
-
{
|
786
|
-
RSA *rsa;
|
787
|
-
BIO *out;
|
788
|
-
VALUE str;
|
789
|
-
|
790
|
-
GetRSA(self, rsa);
|
791
|
-
if (!(out = BIO_new(BIO_s_mem()))) {
|
792
|
-
ossl_raise(eRSAError, NULL);
|
793
|
-
}
|
794
|
-
if (!RSA_print(out, rsa, 0)) { /* offset = 0 */
|
795
|
-
BIO_free(out);
|
796
|
-
ossl_raise(eRSAError, NULL);
|
797
|
-
}
|
798
|
-
str = ossl_membio2str(out);
|
799
|
-
|
800
|
-
return str;
|
801
|
-
}
|
802
|
-
|
803
|
-
/*
|
804
|
-
* call-seq:
|
805
|
-
* rsa.public_key -> RSA
|
806
|
-
*
|
807
|
-
* Makes new RSA instance containing the public key from the private key.
|
808
|
-
*/
|
809
|
-
static VALUE
|
810
|
-
ossl_rsa_to_public_key(VALUE self)
|
811
|
-
{
|
812
|
-
EVP_PKEY *pkey;
|
813
|
-
RSA *rsa;
|
814
|
-
VALUE obj;
|
815
|
-
|
816
|
-
GetPKeyRSA(self, pkey);
|
817
|
-
/* err check performed by rsa_instance */
|
818
|
-
rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey));
|
819
|
-
obj = rsa_instance(rb_obj_class(self), rsa);
|
820
|
-
if (obj == Qfalse) {
|
821
|
-
RSA_free(rsa);
|
822
|
-
ossl_raise(eRSAError, NULL);
|
823
|
-
}
|
824
|
-
return obj;
|
825
|
-
}
|
826
|
-
|
827
|
-
/*
|
828
|
-
* TODO: Test me
|
829
|
-
|
830
|
-
static VALUE
|
831
|
-
ossl_rsa_blinding_on(VALUE self)
|
832
|
-
{
|
833
|
-
RSA *rsa;
|
834
|
-
|
835
|
-
GetRSA(self, rsa);
|
836
|
-
|
837
|
-
if (RSA_blinding_on(rsa, ossl_bn_ctx) != 1) {
|
838
|
-
ossl_raise(eRSAError, NULL);
|
839
|
-
}
|
840
|
-
return self;
|
841
|
-
}
|
842
|
-
|
843
|
-
static VALUE
|
844
|
-
ossl_rsa_blinding_off(VALUE self)
|
845
|
-
{
|
846
|
-
RSA *rsa;
|
847
|
-
|
848
|
-
GetRSA(self, rsa);
|
849
|
-
RSA_blinding_off(rsa);
|
850
|
-
|
851
|
-
return self;
|
852
|
-
}
|
853
|
-
*/
|
854
|
-
|
855
478
|
/*
|
856
479
|
* Document-method: OpenSSL::PKey::RSA#set_key
|
857
480
|
* call-seq:
|
@@ -913,22 +536,17 @@ Init_ossl_rsa(void)
|
|
913
536
|
*/
|
914
537
|
cRSA = rb_define_class_under(mPKey, "RSA", cPKey);
|
915
538
|
|
916
|
-
rb_define_singleton_method(cRSA, "generate", ossl_rsa_s_generate, -1);
|
917
539
|
rb_define_method(cRSA, "initialize", ossl_rsa_initialize, -1);
|
540
|
+
#ifndef HAVE_EVP_PKEY_DUP
|
918
541
|
rb_define_method(cRSA, "initialize_copy", ossl_rsa_initialize_copy, 1);
|
542
|
+
#endif
|
919
543
|
|
920
544
|
rb_define_method(cRSA, "public?", ossl_rsa_is_public, 0);
|
921
545
|
rb_define_method(cRSA, "private?", ossl_rsa_is_private, 0);
|
922
|
-
rb_define_method(cRSA, "to_text", ossl_rsa_to_text, 0);
|
923
546
|
rb_define_method(cRSA, "export", ossl_rsa_export, -1);
|
924
547
|
rb_define_alias(cRSA, "to_pem", "export");
|
925
548
|
rb_define_alias(cRSA, "to_s", "export");
|
926
549
|
rb_define_method(cRSA, "to_der", ossl_rsa_to_der, 0);
|
927
|
-
rb_define_method(cRSA, "public_key", ossl_rsa_to_public_key, 0);
|
928
|
-
rb_define_method(cRSA, "public_encrypt", ossl_rsa_public_encrypt, -1);
|
929
|
-
rb_define_method(cRSA, "public_decrypt", ossl_rsa_public_decrypt, -1);
|
930
|
-
rb_define_method(cRSA, "private_encrypt", ossl_rsa_private_encrypt, -1);
|
931
|
-
rb_define_method(cRSA, "private_decrypt", ossl_rsa_private_decrypt, -1);
|
932
550
|
rb_define_method(cRSA, "sign_pss", ossl_rsa_sign_pss, -1);
|
933
551
|
rb_define_method(cRSA, "verify_pss", ossl_rsa_verify_pss, -1);
|
934
552
|
|
@@ -946,11 +564,6 @@ Init_ossl_rsa(void)
|
|
946
564
|
|
947
565
|
rb_define_method(cRSA, "params", ossl_rsa_get_params, 0);
|
948
566
|
|
949
|
-
DefRSAConst(PKCS1_PADDING);
|
950
|
-
DefRSAConst(SSLV23_PADDING);
|
951
|
-
DefRSAConst(NO_PADDING);
|
952
|
-
DefRSAConst(PKCS1_OAEP_PADDING);
|
953
|
-
|
954
567
|
/*
|
955
568
|
* TODO: Test it
|
956
569
|
rb_define_method(cRSA, "blinding_on!", ossl_rsa_blinding_on, 0);
|