openssl 2.2.1 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +33 -45
- data/History.md +248 -1
- data/README.md +36 -19
- data/ext/openssl/extconf.rb +101 -68
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +26 -45
- data/ext/openssl/ossl.c +128 -237
- data/ext/openssl/ossl.h +31 -12
- data/ext/openssl/ossl_asn1.c +26 -13
- data/ext/openssl/ossl_bn.c +213 -139
- data/ext/openssl/ossl_cipher.c +13 -14
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +10 -10
- data/ext/openssl/ossl_engine.c +17 -16
- data/ext/openssl/ossl_hmac.c +57 -136
- data/ext/openssl/ossl_kdf.c +12 -4
- data/ext/openssl/ossl_ns_spki.c +1 -1
- data/ext/openssl/ossl_ocsp.c +11 -59
- data/ext/openssl/ossl_pkcs12.c +22 -4
- data/ext/openssl/ossl_pkcs7.c +45 -62
- data/ext/openssl/ossl_pkey.c +1320 -196
- data/ext/openssl/ossl_pkey.h +36 -73
- data/ext/openssl/ossl_pkey_dh.c +152 -347
- data/ext/openssl/ossl_pkey_dsa.c +157 -413
- data/ext/openssl/ossl_pkey_ec.c +227 -343
- data/ext/openssl/ossl_pkey_rsa.c +159 -491
- data/ext/openssl/ossl_provider.c +211 -0
- data/ext/openssl/ossl_provider.h +5 -0
- data/ext/openssl/ossl_ssl.c +530 -450
- data/ext/openssl/ossl_ssl_session.c +29 -30
- data/ext/openssl/ossl_ts.c +38 -23
- data/ext/openssl/ossl_x509.c +0 -6
- data/ext/openssl/ossl_x509attr.c +1 -1
- data/ext/openssl/ossl_x509cert.c +168 -12
- data/ext/openssl/ossl_x509crl.c +14 -11
- data/ext/openssl/ossl_x509ext.c +14 -9
- data/ext/openssl/ossl_x509name.c +10 -3
- data/ext/openssl/ossl_x509req.c +14 -11
- data/ext/openssl/ossl_x509revoked.c +4 -4
- data/ext/openssl/ossl_x509store.c +166 -75
- data/lib/openssl/buffering.rb +9 -3
- data/lib/openssl/digest.rb +1 -5
- data/lib/openssl/hmac.rb +65 -0
- data/lib/openssl/pkey.rb +429 -0
- data/lib/openssl/ssl.rb +22 -17
- data/lib/openssl/version.rb +1 -1
- data/lib/openssl/x509.rb +22 -0
- data/lib/openssl.rb +0 -1
- metadata +10 -79
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -501
data/ext/openssl/ossl_asn1.c
CHANGED
@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
|
|
69
69
|
return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
|
70
70
|
}
|
71
71
|
|
72
|
+
static VALUE
|
73
|
+
asn1time_to_time_i(VALUE arg)
|
74
|
+
{
|
75
|
+
return asn1time_to_time((ASN1_TIME *)arg);
|
76
|
+
}
|
77
|
+
|
72
78
|
void
|
73
79
|
ossl_time_split(VALUE time, time_t *sec, int *days)
|
74
80
|
{
|
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
|
|
136
142
|
return ai;
|
137
143
|
}
|
138
144
|
|
145
|
+
static VALUE
|
146
|
+
asn1integer_to_num_i(VALUE arg)
|
147
|
+
{
|
148
|
+
return asn1integer_to_num((ASN1_INTEGER *)arg);
|
149
|
+
}
|
150
|
+
|
139
151
|
/********/
|
140
152
|
/*
|
141
153
|
* ASN1 module
|
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
|
|
325
337
|
p = der;
|
326
338
|
if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
|
327
339
|
ossl_raise(eASN1Error, NULL);
|
328
|
-
ret = rb_protect(
|
340
|
+
ret = rb_protect(asn1integer_to_num_i,
|
329
341
|
(VALUE)ai, &status);
|
330
342
|
ASN1_INTEGER_free(ai);
|
331
343
|
if(status) rb_jump_tag(status);
|
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
|
|
365
377
|
p = der;
|
366
378
|
if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
|
367
379
|
ossl_raise(eASN1Error, NULL);
|
368
|
-
ret = rb_protect(
|
380
|
+
ret = rb_protect(asn1integer_to_num_i,
|
369
381
|
(VALUE)ai, &status);
|
370
382
|
ASN1_ENUMERATED_free(ai);
|
371
383
|
if(status) rb_jump_tag(status);
|
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
|
|
427
439
|
p = der;
|
428
440
|
if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
|
429
441
|
ossl_raise(eASN1Error, NULL);
|
430
|
-
ret = rb_protect(
|
442
|
+
ret = rb_protect(asn1time_to_time_i,
|
431
443
|
(VALUE)time, &status);
|
432
444
|
ASN1_TIME_free(time);
|
433
445
|
if(status) rb_jump_tag(status);
|
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
497
509
|
ASN1_TYPE *ret;
|
498
510
|
VALUE value, rflag;
|
499
511
|
void *ptr;
|
500
|
-
void (*
|
512
|
+
typedef void free_func_type(void *);
|
513
|
+
free_func_type *free_func;
|
501
514
|
int tag;
|
502
515
|
|
503
516
|
tag = ossl_asn1_default_tag(obj);
|
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
510
523
|
case V_ASN1_INTEGER: /* FALLTHROUGH */
|
511
524
|
case V_ASN1_ENUMERATED:
|
512
525
|
ptr = obj_to_asn1int(value);
|
513
|
-
free_func = ASN1_INTEGER_free;
|
526
|
+
free_func = (free_func_type *)ASN1_INTEGER_free;
|
514
527
|
break;
|
515
528
|
case V_ASN1_BIT_STRING:
|
516
529
|
rflag = rb_attr_get(obj, sivUNUSED_BITS);
|
517
530
|
ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
|
518
|
-
free_func = ASN1_BIT_STRING_free;
|
531
|
+
free_func = (free_func_type *)ASN1_BIT_STRING_free;
|
519
532
|
break;
|
520
533
|
case V_ASN1_NULL:
|
521
534
|
ptr = obj_to_asn1null(value);
|
522
|
-
free_func = ASN1_NULL_free;
|
535
|
+
free_func = (free_func_type *)ASN1_NULL_free;
|
523
536
|
break;
|
524
537
|
case V_ASN1_OCTET_STRING: /* FALLTHROUGH */
|
525
538
|
case V_ASN1_UTF8STRING: /* FALLTHROUGH */
|
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
534
547
|
case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
|
535
548
|
case V_ASN1_BMPSTRING:
|
536
549
|
ptr = obj_to_asn1str(value);
|
537
|
-
free_func = ASN1_STRING_free;
|
550
|
+
free_func = (free_func_type *)ASN1_STRING_free;
|
538
551
|
break;
|
539
552
|
case V_ASN1_OBJECT:
|
540
553
|
ptr = obj_to_asn1obj(value);
|
541
|
-
free_func = ASN1_OBJECT_free;
|
554
|
+
free_func = (free_func_type *)ASN1_OBJECT_free;
|
542
555
|
break;
|
543
556
|
case V_ASN1_UTCTIME:
|
544
557
|
ptr = obj_to_asn1utime(value);
|
545
|
-
free_func = ASN1_TIME_free;
|
558
|
+
free_func = (free_func_type *)ASN1_TIME_free;
|
546
559
|
break;
|
547
560
|
case V_ASN1_GENERALIZEDTIME:
|
548
561
|
ptr = obj_to_asn1gtime(value);
|
549
|
-
free_func = ASN1_TIME_free;
|
562
|
+
free_func = (free_func_type *)ASN1_TIME_free;
|
550
563
|
break;
|
551
564
|
case V_ASN1_SET: /* FALLTHROUGH */
|
552
565
|
case V_ASN1_SEQUENCE:
|
553
566
|
ptr = obj_to_asn1derstr(obj);
|
554
|
-
free_func = ASN1_STRING_free;
|
567
|
+
free_func = (free_func_type *)ASN1_STRING_free;
|
555
568
|
break;
|
556
569
|
default:
|
557
570
|
ossl_raise(eASN1Error, "unsupported ASN.1 type");
|
@@ -1510,7 +1523,7 @@ Init_ossl_asn1(void)
|
|
1510
1523
|
*
|
1511
1524
|
* An Array that stores the name of a given tag number. These names are
|
1512
1525
|
* the same as the name of the tag constant that is additionally defined,
|
1513
|
-
* e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2
|
1526
|
+
* e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
|
1514
1527
|
*
|
1515
1528
|
* == Example usage
|
1516
1529
|
*
|
data/ext/openssl/ossl_bn.c
CHANGED
@@ -10,7 +10,7 @@
|
|
10
10
|
/* modified by Michal Rokos <m.rokos@sh.cvut.cz> */
|
11
11
|
#include "ossl.h"
|
12
12
|
|
13
|
-
#
|
13
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
14
14
|
#include <ruby/ractor.h>
|
15
15
|
#endif
|
16
16
|
|
@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_bn_type = {
|
|
41
41
|
{
|
42
42
|
0, ossl_bn_free,
|
43
43
|
},
|
44
|
-
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
44
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
45
45
|
};
|
46
46
|
|
47
47
|
/*
|
@@ -155,7 +155,7 @@ ossl_bn_value_ptr(volatile VALUE *ptr)
|
|
155
155
|
* Private
|
156
156
|
*/
|
157
157
|
|
158
|
-
#
|
158
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
159
159
|
void
|
160
160
|
ossl_bn_ctx_free(void *ptr)
|
161
161
|
{
|
@@ -223,12 +223,29 @@ ossl_bn_alloc(VALUE klass)
|
|
223
223
|
|
224
224
|
/*
|
225
225
|
* call-seq:
|
226
|
-
* OpenSSL::BN.new(bn)
|
227
|
-
* OpenSSL::BN.new(integer)
|
228
|
-
* OpenSSL::BN.new(string)
|
229
|
-
*
|
226
|
+
* OpenSSL::BN.new(bn) -> aBN
|
227
|
+
* OpenSSL::BN.new(integer) -> aBN
|
228
|
+
* OpenSSL::BN.new(string, base = 10) -> aBN
|
229
|
+
*
|
230
|
+
* Construct a new \OpenSSL BIGNUM object.
|
231
|
+
*
|
232
|
+
* If +bn+ is an Integer or OpenSSL::BN, a new instance of OpenSSL::BN
|
233
|
+
* representing the same value is returned. See also Integer#to_bn for the
|
234
|
+
* short-hand.
|
235
|
+
*
|
236
|
+
* If a String is given, the content will be parsed according to +base+.
|
230
237
|
*
|
231
|
-
*
|
238
|
+
* +string+::
|
239
|
+
* The string to be parsed.
|
240
|
+
* +base+::
|
241
|
+
* The format. Must be one of the following:
|
242
|
+
* - +0+ - MPI format. See the man page BN_mpi2bn(3) for details.
|
243
|
+
* - +2+ - Variable-length and big-endian binary encoding of a positive
|
244
|
+
* number.
|
245
|
+
* - +10+ - Decimal number representation, with a leading '-' for a negative
|
246
|
+
* number.
|
247
|
+
* - +16+ - Hexadeciaml number representation, with a leading '-' for a
|
248
|
+
* negative number.
|
232
249
|
*/
|
233
250
|
static VALUE
|
234
251
|
ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
@@ -296,16 +313,21 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
|
296
313
|
|
297
314
|
/*
|
298
315
|
* call-seq:
|
299
|
-
* bn.to_s
|
300
|
-
* bn.to_s(base) => string
|
316
|
+
* bn.to_s(base = 10) -> string
|
301
317
|
*
|
302
|
-
*
|
303
|
-
*
|
304
|
-
*
|
305
|
-
*
|
306
|
-
*
|
307
|
-
*
|
308
|
-
*
|
318
|
+
* Returns the string representation of the bignum.
|
319
|
+
*
|
320
|
+
* BN.new can parse the encoded string to convert back into an OpenSSL::BN.
|
321
|
+
*
|
322
|
+
* +base+::
|
323
|
+
* The format. Must be one of the following:
|
324
|
+
* - +0+ - MPI format. See the man page BN_bn2mpi(3) for details.
|
325
|
+
* - +2+ - Variable-length and big-endian binary encoding. The sign of
|
326
|
+
* the bignum is ignored.
|
327
|
+
* - +10+ - Decimal number representation, with a leading '-' for a negative
|
328
|
+
* bignum.
|
329
|
+
* - +16+ - Hexadeciaml number representation, with a leading '-' for a
|
330
|
+
* negative bignum.
|
309
331
|
*/
|
310
332
|
static VALUE
|
311
333
|
ossl_bn_to_s(int argc, VALUE *argv, VALUE self)
|
@@ -555,22 +577,33 @@ BIGNUM_2c(gcd)
|
|
555
577
|
*/
|
556
578
|
BIGNUM_2c(mod_sqr)
|
557
579
|
|
580
|
+
#define BIGNUM_2cr(func) \
|
581
|
+
static VALUE \
|
582
|
+
ossl_bn_##func(VALUE self, VALUE other) \
|
583
|
+
{ \
|
584
|
+
BIGNUM *bn1, *bn2 = GetBNPtr(other), *result; \
|
585
|
+
VALUE obj; \
|
586
|
+
GetBN(self, bn1); \
|
587
|
+
obj = NewBN(rb_obj_class(self)); \
|
588
|
+
if (!(result = BN_##func(NULL, bn1, bn2, ossl_bn_ctx))) \
|
589
|
+
ossl_raise(eBNError, NULL); \
|
590
|
+
SetBN(obj, result); \
|
591
|
+
return obj; \
|
592
|
+
}
|
593
|
+
|
594
|
+
/*
|
595
|
+
* Document-method: OpenSSL::BN#mod_sqrt
|
596
|
+
* call-seq:
|
597
|
+
* bn.mod_sqrt(bn2) => aBN
|
598
|
+
*/
|
599
|
+
BIGNUM_2cr(mod_sqrt)
|
600
|
+
|
558
601
|
/*
|
602
|
+
* Document-method: OpenSSL::BN#mod_inverse
|
559
603
|
* call-seq:
|
560
604
|
* bn.mod_inverse(bn2) => aBN
|
561
605
|
*/
|
562
|
-
|
563
|
-
ossl_bn_mod_inverse(VALUE self, VALUE other)
|
564
|
-
{
|
565
|
-
BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;
|
566
|
-
VALUE obj;
|
567
|
-
GetBN(self, bn1);
|
568
|
-
obj = NewBN(rb_obj_class(self));
|
569
|
-
if (!(result = BN_mod_inverse(NULL, bn1, bn2, ossl_bn_ctx)))
|
570
|
-
ossl_raise(eBNError, "BN_mod_inverse");
|
571
|
-
SetBN(obj, result);
|
572
|
-
return obj;
|
573
|
-
}
|
606
|
+
BIGNUM_2cr(mod_inverse)
|
574
607
|
|
575
608
|
/*
|
576
609
|
* call-seq:
|
@@ -770,78 +803,64 @@ BIGNUM_SELF_SHIFT(lshift)
|
|
770
803
|
*/
|
771
804
|
BIGNUM_SELF_SHIFT(rshift)
|
772
805
|
|
773
|
-
#define BIGNUM_RAND(func) \
|
774
|
-
static VALUE \
|
775
|
-
ossl_bn_s_##func(int argc, VALUE *argv, VALUE klass) \
|
776
|
-
{ \
|
777
|
-
BIGNUM *result; \
|
778
|
-
int bottom = 0, top = 0, b; \
|
779
|
-
VALUE bits, fill, odd, obj; \
|
780
|
-
\
|
781
|
-
switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) { \
|
782
|
-
case 3: \
|
783
|
-
bottom = (odd == Qtrue) ? 1 : 0; \
|
784
|
-
/* FALLTHROUGH */ \
|
785
|
-
case 2: \
|
786
|
-
top = NUM2INT(fill); \
|
787
|
-
} \
|
788
|
-
b = NUM2INT(bits); \
|
789
|
-
obj = NewBN(klass); \
|
790
|
-
if (!(result = BN_new())) { \
|
791
|
-
ossl_raise(eBNError, NULL); \
|
792
|
-
} \
|
793
|
-
if (BN_##func(result, b, top, bottom) <= 0) { \
|
794
|
-
BN_free(result); \
|
795
|
-
ossl_raise(eBNError, NULL); \
|
796
|
-
} \
|
797
|
-
SetBN(obj, result); \
|
798
|
-
return obj; \
|
799
|
-
}
|
800
|
-
|
801
|
-
/*
|
802
|
-
* Document-method: OpenSSL::BN.rand
|
803
|
-
* BN.rand(bits [, fill [, odd]]) -> aBN
|
804
|
-
*/
|
805
|
-
BIGNUM_RAND(rand)
|
806
|
-
|
807
|
-
/*
|
808
|
-
* Document-method: OpenSSL::BN.pseudo_rand
|
809
|
-
* BN.pseudo_rand(bits [, fill [, odd]]) -> aBN
|
810
|
-
*/
|
811
|
-
BIGNUM_RAND(pseudo_rand)
|
812
|
-
|
813
|
-
#define BIGNUM_RAND_RANGE(func) \
|
814
|
-
static VALUE \
|
815
|
-
ossl_bn_s_##func##_range(VALUE klass, VALUE range) \
|
816
|
-
{ \
|
817
|
-
BIGNUM *bn = GetBNPtr(range), *result; \
|
818
|
-
VALUE obj = NewBN(klass); \
|
819
|
-
if (!(result = BN_new())) { \
|
820
|
-
ossl_raise(eBNError, NULL); \
|
821
|
-
} \
|
822
|
-
if (BN_##func##_range(result, bn) <= 0) { \
|
823
|
-
BN_free(result); \
|
824
|
-
ossl_raise(eBNError, NULL); \
|
825
|
-
} \
|
826
|
-
SetBN(obj, result); \
|
827
|
-
return obj; \
|
828
|
-
}
|
829
|
-
|
830
806
|
/*
|
831
|
-
* Document-method: OpenSSL::BN.rand_range
|
832
807
|
* call-seq:
|
833
|
-
*
|
808
|
+
* BN.rand(bits [, fill [, odd]]) -> aBN
|
834
809
|
*
|
810
|
+
* Generates a cryptographically strong pseudo-random number of +bits+.
|
811
|
+
*
|
812
|
+
* See also the man page BN_rand(3).
|
835
813
|
*/
|
836
|
-
|
814
|
+
static VALUE
|
815
|
+
ossl_bn_s_rand(int argc, VALUE *argv, VALUE klass)
|
816
|
+
{
|
817
|
+
BIGNUM *result;
|
818
|
+
int bottom = 0, top = 0, b;
|
819
|
+
VALUE bits, fill, odd, obj;
|
820
|
+
|
821
|
+
switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) {
|
822
|
+
case 3:
|
823
|
+
bottom = (odd == Qtrue) ? 1 : 0;
|
824
|
+
/* FALLTHROUGH */
|
825
|
+
case 2:
|
826
|
+
top = NUM2INT(fill);
|
827
|
+
}
|
828
|
+
b = NUM2INT(bits);
|
829
|
+
obj = NewBN(klass);
|
830
|
+
if (!(result = BN_new())) {
|
831
|
+
ossl_raise(eBNError, "BN_new");
|
832
|
+
}
|
833
|
+
if (BN_rand(result, b, top, bottom) <= 0) {
|
834
|
+
BN_free(result);
|
835
|
+
ossl_raise(eBNError, "BN_rand");
|
836
|
+
}
|
837
|
+
SetBN(obj, result);
|
838
|
+
return obj;
|
839
|
+
}
|
837
840
|
|
838
841
|
/*
|
839
|
-
* Document-method: OpenSSL::BN.pseudo_rand_range
|
840
842
|
* call-seq:
|
841
|
-
*
|
843
|
+
* BN.rand_range(range) -> aBN
|
844
|
+
*
|
845
|
+
* Generates a cryptographically strong pseudo-random number in the range
|
846
|
+
* 0...+range+.
|
842
847
|
*
|
848
|
+
* See also the man page BN_rand_range(3).
|
843
849
|
*/
|
844
|
-
|
850
|
+
static VALUE
|
851
|
+
ossl_bn_s_rand_range(VALUE klass, VALUE range)
|
852
|
+
{
|
853
|
+
BIGNUM *bn = GetBNPtr(range), *result;
|
854
|
+
VALUE obj = NewBN(klass);
|
855
|
+
if (!(result = BN_new()))
|
856
|
+
ossl_raise(eBNError, "BN_new");
|
857
|
+
if (BN_rand_range(result, bn) <= 0) {
|
858
|
+
BN_free(result);
|
859
|
+
ossl_raise(eBNError, "BN_rand_range");
|
860
|
+
}
|
861
|
+
SetBN(obj, result);
|
862
|
+
return obj;
|
863
|
+
}
|
845
864
|
|
846
865
|
/*
|
847
866
|
* call-seq:
|
@@ -936,7 +955,17 @@ ossl_bn_copy(VALUE self, VALUE other)
|
|
936
955
|
static VALUE
|
937
956
|
ossl_bn_uplus(VALUE self)
|
938
957
|
{
|
939
|
-
|
958
|
+
VALUE obj;
|
959
|
+
BIGNUM *bn1, *bn2;
|
960
|
+
|
961
|
+
GetBN(self, bn1);
|
962
|
+
obj = NewBN(cBN);
|
963
|
+
bn2 = BN_dup(bn1);
|
964
|
+
if (!bn2)
|
965
|
+
ossl_raise(eBNError, "BN_dup");
|
966
|
+
SetBN(obj, bn2);
|
967
|
+
|
968
|
+
return obj;
|
940
969
|
}
|
941
970
|
|
942
971
|
/*
|
@@ -960,6 +989,24 @@ ossl_bn_uminus(VALUE self)
|
|
960
989
|
return obj;
|
961
990
|
}
|
962
991
|
|
992
|
+
/*
|
993
|
+
* call-seq:
|
994
|
+
* bn.abs -> aBN
|
995
|
+
*/
|
996
|
+
static VALUE
|
997
|
+
ossl_bn_abs(VALUE self)
|
998
|
+
{
|
999
|
+
BIGNUM *bn1;
|
1000
|
+
|
1001
|
+
GetBN(self, bn1);
|
1002
|
+
if (BN_is_negative(bn1)) {
|
1003
|
+
return ossl_bn_uminus(self);
|
1004
|
+
}
|
1005
|
+
else {
|
1006
|
+
return ossl_bn_uplus(self);
|
1007
|
+
}
|
1008
|
+
}
|
1009
|
+
|
963
1010
|
#define BIGNUM_CMP(func) \
|
964
1011
|
static VALUE \
|
965
1012
|
ossl_bn_##func(VALUE self, VALUE other) \
|
@@ -1068,34 +1115,29 @@ ossl_bn_hash(VALUE self)
|
|
1068
1115
|
* bn.prime? => true | false
|
1069
1116
|
* bn.prime?(checks) => true | false
|
1070
1117
|
*
|
1071
|
-
* Performs a Miller-Rabin probabilistic primality test
|
1072
|
-
* iterations. If _checks_ is not specified, a number of iterations is used
|
1073
|
-
* that yields a false positive rate of at most 2^-80 for random input.
|
1118
|
+
* Performs a Miller-Rabin probabilistic primality test for +bn+.
|
1074
1119
|
*
|
1075
|
-
*
|
1076
|
-
* * _checks_ - integer
|
1120
|
+
* <b>+checks+ parameter is deprecated in version 3.0.</b> It has no effect.
|
1077
1121
|
*/
|
1078
1122
|
static VALUE
|
1079
1123
|
ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
|
1080
1124
|
{
|
1081
1125
|
BIGNUM *bn;
|
1082
|
-
|
1083
|
-
int checks = BN_prime_checks;
|
1126
|
+
int ret;
|
1084
1127
|
|
1085
|
-
|
1086
|
-
checks = NUM2INT(vchecks);
|
1087
|
-
}
|
1128
|
+
rb_check_arity(argc, 0, 1);
|
1088
1129
|
GetBN(self, bn);
|
1089
|
-
|
1090
|
-
|
1091
|
-
|
1092
|
-
|
1093
|
-
|
1094
|
-
|
1095
|
-
|
1096
|
-
|
1097
|
-
|
1098
|
-
|
1130
|
+
|
1131
|
+
#ifdef HAVE_BN_CHECK_PRIME
|
1132
|
+
ret = BN_check_prime(bn, ossl_bn_ctx, NULL);
|
1133
|
+
if (ret < 0)
|
1134
|
+
ossl_raise(eBNError, "BN_check_prime");
|
1135
|
+
#else
|
1136
|
+
ret = BN_is_prime_fasttest_ex(bn, BN_prime_checks, ossl_bn_ctx, 1, NULL);
|
1137
|
+
if (ret < 0)
|
1138
|
+
ossl_raise(eBNError, "BN_is_prime_fasttest_ex");
|
1139
|
+
#endif
|
1140
|
+
return ret ? Qtrue : Qfalse;
|
1099
1141
|
}
|
1100
1142
|
|
1101
1143
|
/*
|
@@ -1104,39 +1146,52 @@ ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
|
|
1104
1146
|
* bn.prime_fasttest?(checks) => true | false
|
1105
1147
|
* bn.prime_fasttest?(checks, trial_div) => true | false
|
1106
1148
|
*
|
1107
|
-
* Performs a Miller-Rabin primality test
|
1108
|
-
* first attempts trial divisions with some small primes.
|
1149
|
+
* Performs a Miller-Rabin probabilistic primality test for +bn+.
|
1109
1150
|
*
|
1110
|
-
*
|
1111
|
-
*
|
1112
|
-
*
|
1151
|
+
* <b>Deprecated in version 3.0.</b> Use #prime? instead.
|
1152
|
+
*
|
1153
|
+
* +checks+ and +trial_div+ parameters no longer have any effect.
|
1113
1154
|
*/
|
1114
1155
|
static VALUE
|
1115
1156
|
ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self)
|
1157
|
+
{
|
1158
|
+
rb_check_arity(argc, 0, 2);
|
1159
|
+
return ossl_bn_is_prime(0, argv, self);
|
1160
|
+
}
|
1161
|
+
|
1162
|
+
/*
|
1163
|
+
* call-seq:
|
1164
|
+
* bn.get_flags(flags) => flags
|
1165
|
+
*
|
1166
|
+
* Returns the flags on the BN object.
|
1167
|
+
* The argument is used as a bit mask.
|
1168
|
+
*
|
1169
|
+
* === Parameters
|
1170
|
+
* * _flags_ - integer
|
1171
|
+
*/
|
1172
|
+
static VALUE
|
1173
|
+
ossl_bn_get_flags(VALUE self, VALUE arg)
|
1116
1174
|
{
|
1117
1175
|
BIGNUM *bn;
|
1118
|
-
|
1119
|
-
int checks = BN_prime_checks, do_trial_division = 1;
|
1176
|
+
GetBN(self, bn);
|
1120
1177
|
|
1121
|
-
|
1178
|
+
return INT2NUM(BN_get_flags(bn, NUM2INT(arg)));
|
1179
|
+
}
|
1122
1180
|
|
1123
|
-
|
1124
|
-
|
1125
|
-
|
1181
|
+
/*
|
1182
|
+
* call-seq:
|
1183
|
+
* bn.set_flags(flags) => nil
|
1184
|
+
*
|
1185
|
+
* Enables the flags on the BN object.
|
1186
|
+
* Currently, the flags argument can contain zero of OpenSSL::BN::CONSTTIME.
|
1187
|
+
*/
|
1188
|
+
static VALUE
|
1189
|
+
ossl_bn_set_flags(VALUE self, VALUE arg)
|
1190
|
+
{
|
1191
|
+
BIGNUM *bn;
|
1126
1192
|
GetBN(self, bn);
|
1127
|
-
|
1128
|
-
|
1129
|
-
do_trial_division = 0;
|
1130
|
-
}
|
1131
|
-
switch (BN_is_prime_fasttest_ex(bn, checks, ossl_bn_ctx, do_trial_division, NULL)) {
|
1132
|
-
case 1:
|
1133
|
-
return Qtrue;
|
1134
|
-
case 0:
|
1135
|
-
return Qfalse;
|
1136
|
-
default:
|
1137
|
-
ossl_raise(eBNError, NULL);
|
1138
|
-
}
|
1139
|
-
/* not reachable */
|
1193
|
+
|
1194
|
+
BN_set_flags(bn, NUM2INT(arg));
|
1140
1195
|
return Qnil;
|
1141
1196
|
}
|
1142
1197
|
|
@@ -1176,6 +1231,7 @@ Init_ossl_bn(void)
|
|
1176
1231
|
|
1177
1232
|
rb_define_method(cBN, "+@", ossl_bn_uplus, 0);
|
1178
1233
|
rb_define_method(cBN, "-@", ossl_bn_uminus, 0);
|
1234
|
+
rb_define_method(cBN, "abs", ossl_bn_abs, 0);
|
1179
1235
|
|
1180
1236
|
rb_define_method(cBN, "+", ossl_bn_add, 1);
|
1181
1237
|
rb_define_method(cBN, "-", ossl_bn_sub, 1);
|
@@ -1189,6 +1245,7 @@ Init_ossl_bn(void)
|
|
1189
1245
|
rb_define_method(cBN, "mod_sub", ossl_bn_mod_sub, 2);
|
1190
1246
|
rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2);
|
1191
1247
|
rb_define_method(cBN, "mod_sqr", ossl_bn_mod_sqr, 1);
|
1248
|
+
rb_define_method(cBN, "mod_sqrt", ossl_bn_mod_sqrt, 1);
|
1192
1249
|
rb_define_method(cBN, "**", ossl_bn_exp, 1);
|
1193
1250
|
rb_define_method(cBN, "mod_exp", ossl_bn_mod_exp, 2);
|
1194
1251
|
rb_define_method(cBN, "gcd", ossl_bn_gcd, 1);
|
@@ -1219,9 +1276,9 @@ Init_ossl_bn(void)
|
|
1219
1276
|
* get_word */
|
1220
1277
|
|
1221
1278
|
rb_define_singleton_method(cBN, "rand", ossl_bn_s_rand, -1);
|
1222
|
-
rb_define_singleton_method(cBN, "pseudo_rand", ossl_bn_s_pseudo_rand, -1);
|
1223
1279
|
rb_define_singleton_method(cBN, "rand_range", ossl_bn_s_rand_range, 1);
|
1224
|
-
|
1280
|
+
rb_define_alias(rb_singleton_class(cBN), "pseudo_rand", "rand");
|
1281
|
+
rb_define_alias(rb_singleton_class(cBN), "pseudo_rand_range", "rand_range");
|
1225
1282
|
|
1226
1283
|
rb_define_singleton_method(cBN, "generate_prime", ossl_bn_s_generate_prime, -1);
|
1227
1284
|
rb_define_method(cBN, "prime?", ossl_bn_is_prime, -1);
|
@@ -1238,6 +1295,23 @@ Init_ossl_bn(void)
|
|
1238
1295
|
/* lshift1 - DON'T IMPL. */
|
1239
1296
|
/* rshift1 - DON'T IMPL. */
|
1240
1297
|
|
1298
|
+
rb_define_method(cBN, "get_flags", ossl_bn_get_flags, 1);
|
1299
|
+
rb_define_method(cBN, "set_flags", ossl_bn_set_flags, 1);
|
1300
|
+
|
1301
|
+
#ifdef BN_FLG_CONSTTIME
|
1302
|
+
rb_define_const(cBN, "CONSTTIME", INT2NUM(BN_FLG_CONSTTIME));
|
1303
|
+
#endif
|
1304
|
+
/* BN_FLG_MALLOCED and BN_FLG_STATIC_DATA seems for C programming.
|
1305
|
+
* Allowing them leads to memory leak.
|
1306
|
+
* So, for now, they are not exported
|
1307
|
+
#ifdef BN_FLG_MALLOCED
|
1308
|
+
rb_define_const(cBN, "MALLOCED", INT2NUM(BN_FLG_MALLOCED));
|
1309
|
+
#endif
|
1310
|
+
#ifdef BN_FLG_STATIC_DATA
|
1311
|
+
rb_define_const(cBN, "STATIC_DATA", INT2NUM(BN_FLG_STATIC_DATA));
|
1312
|
+
#endif
|
1313
|
+
*/
|
1314
|
+
|
1241
1315
|
/*
|
1242
1316
|
* bn2bin
|
1243
1317
|
* bin2bn
|
data/ext/openssl/ossl_cipher.c
CHANGED
@@ -42,7 +42,7 @@ static const rb_data_type_t ossl_cipher_type = {
|
|
42
42
|
{
|
43
43
|
0, ossl_cipher_free,
|
44
44
|
},
|
45
|
-
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
45
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
46
46
|
};
|
47
47
|
|
48
48
|
/*
|
@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
|
|
104
104
|
* call-seq:
|
105
105
|
* Cipher.new(string) -> cipher
|
106
106
|
*
|
107
|
-
* The string must contain a valid cipher name like "
|
107
|
+
* The string must contain a valid cipher name like "aes-256-cbc".
|
108
108
|
*
|
109
109
|
* A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
|
110
110
|
*/
|
@@ -149,11 +149,11 @@ ossl_cipher_copy(VALUE self, VALUE other)
|
|
149
149
|
return self;
|
150
150
|
}
|
151
151
|
|
152
|
-
static void
|
153
|
-
add_cipher_name_to_ary(const OBJ_NAME *name,
|
152
|
+
static void
|
153
|
+
add_cipher_name_to_ary(const OBJ_NAME *name, void *arg)
|
154
154
|
{
|
155
|
+
VALUE ary = (VALUE)arg;
|
155
156
|
rb_ary_push(ary, rb_str_new2(name->name));
|
156
|
-
return NULL;
|
157
157
|
}
|
158
158
|
|
159
159
|
/*
|
@@ -169,7 +169,7 @@ ossl_s_ciphers(VALUE self)
|
|
169
169
|
|
170
170
|
ary = rb_ary_new();
|
171
171
|
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
172
|
-
|
172
|
+
add_cipher_name_to_ary,
|
173
173
|
(void*)ary);
|
174
174
|
|
175
175
|
return ary;
|
@@ -384,8 +384,7 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
384
384
|
|
385
385
|
StringValue(data);
|
386
386
|
in = (unsigned char *)RSTRING_PTR(data);
|
387
|
-
|
388
|
-
ossl_raise(rb_eArgError, "data must not be empty");
|
387
|
+
in_len = RSTRING_LEN(data);
|
389
388
|
GetCipher(self, ctx);
|
390
389
|
out_len = in_len+EVP_CIPHER_CTX_block_size(ctx);
|
391
390
|
if (out_len <= 0) {
|
@@ -874,7 +873,7 @@ Init_ossl_cipher(void)
|
|
874
873
|
* individual components name, key length and mode. Either all uppercase
|
875
874
|
* or all lowercase strings may be used, for example:
|
876
875
|
*
|
877
|
-
* cipher = OpenSSL::Cipher.new('
|
876
|
+
* cipher = OpenSSL::Cipher.new('aes-128-cbc')
|
878
877
|
*
|
879
878
|
* === Choosing either encryption or decryption mode
|
880
879
|
*
|
@@ -904,7 +903,7 @@ Init_ossl_cipher(void)
|
|
904
903
|
* without processing the password further. A simple and secure way to
|
905
904
|
* create a key for a particular Cipher is
|
906
905
|
*
|
907
|
-
* cipher = OpenSSL::Cipher.new('
|
906
|
+
* cipher = OpenSSL::Cipher.new('aes-256-cfb')
|
908
907
|
* cipher.encrypt
|
909
908
|
* key = cipher.random_key # also sets the generated key on the Cipher
|
910
909
|
*
|
@@ -972,14 +971,14 @@ Init_ossl_cipher(void)
|
|
972
971
|
*
|
973
972
|
* data = "Very, very confidential data"
|
974
973
|
*
|
975
|
-
* cipher = OpenSSL::Cipher.new('
|
974
|
+
* cipher = OpenSSL::Cipher.new('aes-128-cbc')
|
976
975
|
* cipher.encrypt
|
977
976
|
* key = cipher.random_key
|
978
977
|
* iv = cipher.random_iv
|
979
978
|
*
|
980
979
|
* encrypted = cipher.update(data) + cipher.final
|
981
980
|
* ...
|
982
|
-
* decipher = OpenSSL::Cipher.new('
|
981
|
+
* decipher = OpenSSL::Cipher.new('aes-128-cbc')
|
983
982
|
* decipher.decrypt
|
984
983
|
* decipher.key = key
|
985
984
|
* decipher.iv = iv
|
@@ -1015,7 +1014,7 @@ Init_ossl_cipher(void)
|
|
1015
1014
|
* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
|
1016
1015
|
* security guarantees of GCM mode.
|
1017
1016
|
*
|
1018
|
-
* cipher = OpenSSL::Cipher.new('
|
1017
|
+
* cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
|
1019
1018
|
* cipher.key = key
|
1020
1019
|
* cipher.iv = nonce
|
1021
1020
|
* cipher.auth_data = auth_data
|
@@ -1031,7 +1030,7 @@ Init_ossl_cipher(void)
|
|
1031
1030
|
* ciphertext with a probability of 1/256.
|
1032
1031
|
*
|
1033
1032
|
* raise "tag is truncated!" unless tag.bytesize == 16
|
1034
|
-
* decipher = OpenSSL::Cipher.new('
|
1033
|
+
* decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
|
1035
1034
|
* decipher.key = key
|
1036
1035
|
* decipher.iv = nonce
|
1037
1036
|
* decipher.auth_tag = tag
|