openssl 2.2.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +248 -1
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +101 -68
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +26 -45
  8. data/ext/openssl/ossl.c +128 -237
  9. data/ext/openssl/ossl.h +31 -12
  10. data/ext/openssl/ossl_asn1.c +26 -13
  11. data/ext/openssl/ossl_bn.c +213 -139
  12. data/ext/openssl/ossl_cipher.c +13 -14
  13. data/ext/openssl/ossl_config.c +412 -41
  14. data/ext/openssl/ossl_config.h +4 -7
  15. data/ext/openssl/ossl_digest.c +10 -10
  16. data/ext/openssl/ossl_engine.c +17 -16
  17. data/ext/openssl/ossl_hmac.c +57 -136
  18. data/ext/openssl/ossl_kdf.c +12 -4
  19. data/ext/openssl/ossl_ns_spki.c +1 -1
  20. data/ext/openssl/ossl_ocsp.c +11 -59
  21. data/ext/openssl/ossl_pkcs12.c +22 -4
  22. data/ext/openssl/ossl_pkcs7.c +45 -62
  23. data/ext/openssl/ossl_pkey.c +1320 -196
  24. data/ext/openssl/ossl_pkey.h +36 -73
  25. data/ext/openssl/ossl_pkey_dh.c +152 -347
  26. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  27. data/ext/openssl/ossl_pkey_ec.c +227 -343
  28. data/ext/openssl/ossl_pkey_rsa.c +159 -491
  29. data/ext/openssl/ossl_provider.c +211 -0
  30. data/ext/openssl/ossl_provider.h +5 -0
  31. data/ext/openssl/ossl_ssl.c +530 -450
  32. data/ext/openssl/ossl_ssl_session.c +29 -30
  33. data/ext/openssl/ossl_ts.c +38 -23
  34. data/ext/openssl/ossl_x509.c +0 -6
  35. data/ext/openssl/ossl_x509attr.c +1 -1
  36. data/ext/openssl/ossl_x509cert.c +168 -12
  37. data/ext/openssl/ossl_x509crl.c +14 -11
  38. data/ext/openssl/ossl_x509ext.c +14 -9
  39. data/ext/openssl/ossl_x509name.c +10 -3
  40. data/ext/openssl/ossl_x509req.c +14 -11
  41. data/ext/openssl/ossl_x509revoked.c +4 -4
  42. data/ext/openssl/ossl_x509store.c +166 -75
  43. data/lib/openssl/buffering.rb +9 -3
  44. data/lib/openssl/digest.rb +1 -5
  45. data/lib/openssl/hmac.rb +65 -0
  46. data/lib/openssl/pkey.rb +429 -0
  47. data/lib/openssl/ssl.rb +22 -17
  48. data/lib/openssl/version.rb +1 -1
  49. data/lib/openssl/x509.rb +22 -0
  50. data/lib/openssl.rb +0 -1
  51. metadata +10 -79
  52. data/ext/openssl/ruby_missing.h +0 -24
  53. data/lib/openssl/config.rb +0 -501
@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
69
69
  return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
70
70
  }
71
71
 
72
+ static VALUE
73
+ asn1time_to_time_i(VALUE arg)
74
+ {
75
+ return asn1time_to_time((ASN1_TIME *)arg);
76
+ }
77
+
72
78
  void
73
79
  ossl_time_split(VALUE time, time_t *sec, int *days)
74
80
  {
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
136
142
  return ai;
137
143
  }
138
144
 
145
+ static VALUE
146
+ asn1integer_to_num_i(VALUE arg)
147
+ {
148
+ return asn1integer_to_num((ASN1_INTEGER *)arg);
149
+ }
150
+
139
151
  /********/
140
152
  /*
141
153
  * ASN1 module
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
325
337
  p = der;
326
338
  if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
327
339
  ossl_raise(eASN1Error, NULL);
328
- ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
340
+ ret = rb_protect(asn1integer_to_num_i,
329
341
  (VALUE)ai, &status);
330
342
  ASN1_INTEGER_free(ai);
331
343
  if(status) rb_jump_tag(status);
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
365
377
  p = der;
366
378
  if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
367
379
  ossl_raise(eASN1Error, NULL);
368
- ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
380
+ ret = rb_protect(asn1integer_to_num_i,
369
381
  (VALUE)ai, &status);
370
382
  ASN1_ENUMERATED_free(ai);
371
383
  if(status) rb_jump_tag(status);
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
427
439
  p = der;
428
440
  if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
429
441
  ossl_raise(eASN1Error, NULL);
430
- ret = rb_protect((VALUE (*)(VALUE))asn1time_to_time,
442
+ ret = rb_protect(asn1time_to_time_i,
431
443
  (VALUE)time, &status);
432
444
  ASN1_TIME_free(time);
433
445
  if(status) rb_jump_tag(status);
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
497
509
  ASN1_TYPE *ret;
498
510
  VALUE value, rflag;
499
511
  void *ptr;
500
- void (*free_func)();
512
+ typedef void free_func_type(void *);
513
+ free_func_type *free_func;
501
514
  int tag;
502
515
 
503
516
  tag = ossl_asn1_default_tag(obj);
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
510
523
  case V_ASN1_INTEGER: /* FALLTHROUGH */
511
524
  case V_ASN1_ENUMERATED:
512
525
  ptr = obj_to_asn1int(value);
513
- free_func = ASN1_INTEGER_free;
526
+ free_func = (free_func_type *)ASN1_INTEGER_free;
514
527
  break;
515
528
  case V_ASN1_BIT_STRING:
516
529
  rflag = rb_attr_get(obj, sivUNUSED_BITS);
517
530
  ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
518
- free_func = ASN1_BIT_STRING_free;
531
+ free_func = (free_func_type *)ASN1_BIT_STRING_free;
519
532
  break;
520
533
  case V_ASN1_NULL:
521
534
  ptr = obj_to_asn1null(value);
522
- free_func = ASN1_NULL_free;
535
+ free_func = (free_func_type *)ASN1_NULL_free;
523
536
  break;
524
537
  case V_ASN1_OCTET_STRING: /* FALLTHROUGH */
525
538
  case V_ASN1_UTF8STRING: /* FALLTHROUGH */
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
534
547
  case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
535
548
  case V_ASN1_BMPSTRING:
536
549
  ptr = obj_to_asn1str(value);
537
- free_func = ASN1_STRING_free;
550
+ free_func = (free_func_type *)ASN1_STRING_free;
538
551
  break;
539
552
  case V_ASN1_OBJECT:
540
553
  ptr = obj_to_asn1obj(value);
541
- free_func = ASN1_OBJECT_free;
554
+ free_func = (free_func_type *)ASN1_OBJECT_free;
542
555
  break;
543
556
  case V_ASN1_UTCTIME:
544
557
  ptr = obj_to_asn1utime(value);
545
- free_func = ASN1_TIME_free;
558
+ free_func = (free_func_type *)ASN1_TIME_free;
546
559
  break;
547
560
  case V_ASN1_GENERALIZEDTIME:
548
561
  ptr = obj_to_asn1gtime(value);
549
- free_func = ASN1_TIME_free;
562
+ free_func = (free_func_type *)ASN1_TIME_free;
550
563
  break;
551
564
  case V_ASN1_SET: /* FALLTHROUGH */
552
565
  case V_ASN1_SEQUENCE:
553
566
  ptr = obj_to_asn1derstr(obj);
554
- free_func = ASN1_STRING_free;
567
+ free_func = (free_func_type *)ASN1_STRING_free;
555
568
  break;
556
569
  default:
557
570
  ossl_raise(eASN1Error, "unsupported ASN.1 type");
@@ -1510,7 +1523,7 @@ Init_ossl_asn1(void)
1510
1523
  *
1511
1524
  * An Array that stores the name of a given tag number. These names are
1512
1525
  * the same as the name of the tag constant that is additionally defined,
1513
- * e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2.
1526
+ * e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
1514
1527
  *
1515
1528
  * == Example usage
1516
1529
  *
@@ -10,7 +10,7 @@
10
10
  /* modified by Michal Rokos <m.rokos@sh.cvut.cz> */
11
11
  #include "ossl.h"
12
12
 
13
- #if HAVE_RB_EXT_RACTOR_SAFE
13
+ #ifdef HAVE_RB_EXT_RACTOR_SAFE
14
14
  #include <ruby/ractor.h>
15
15
  #endif
16
16
 
@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_bn_type = {
41
41
  {
42
42
  0, ossl_bn_free,
43
43
  },
44
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
44
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
45
45
  };
46
46
 
47
47
  /*
@@ -155,7 +155,7 @@ ossl_bn_value_ptr(volatile VALUE *ptr)
155
155
  * Private
156
156
  */
157
157
 
158
- #if HAVE_RB_EXT_RACTOR_SAFE
158
+ #ifdef HAVE_RB_EXT_RACTOR_SAFE
159
159
  void
160
160
  ossl_bn_ctx_free(void *ptr)
161
161
  {
@@ -223,12 +223,29 @@ ossl_bn_alloc(VALUE klass)
223
223
 
224
224
  /*
225
225
  * call-seq:
226
- * OpenSSL::BN.new(bn) => aBN
227
- * OpenSSL::BN.new(integer) => aBN
228
- * OpenSSL::BN.new(string) => aBN
229
- * OpenSSL::BN.new(string, 0 | 2 | 10 | 16) => aBN
226
+ * OpenSSL::BN.new(bn) -> aBN
227
+ * OpenSSL::BN.new(integer) -> aBN
228
+ * OpenSSL::BN.new(string, base = 10) -> aBN
229
+ *
230
+ * Construct a new \OpenSSL BIGNUM object.
231
+ *
232
+ * If +bn+ is an Integer or OpenSSL::BN, a new instance of OpenSSL::BN
233
+ * representing the same value is returned. See also Integer#to_bn for the
234
+ * short-hand.
235
+ *
236
+ * If a String is given, the content will be parsed according to +base+.
230
237
  *
231
- * Construct a new OpenSSL BIGNUM object.
238
+ * +string+::
239
+ * The string to be parsed.
240
+ * +base+::
241
+ * The format. Must be one of the following:
242
+ * - +0+ - MPI format. See the man page BN_mpi2bn(3) for details.
243
+ * - +2+ - Variable-length and big-endian binary encoding of a positive
244
+ * number.
245
+ * - +10+ - Decimal number representation, with a leading '-' for a negative
246
+ * number.
247
+ * - +16+ - Hexadeciaml number representation, with a leading '-' for a
248
+ * negative number.
232
249
  */
233
250
  static VALUE
234
251
  ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
@@ -296,16 +313,21 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
296
313
 
297
314
  /*
298
315
  * call-seq:
299
- * bn.to_s => string
300
- * bn.to_s(base) => string
316
+ * bn.to_s(base = 10) -> string
301
317
  *
302
- * === Parameters
303
- * * _base_ - Integer
304
- * Valid values:
305
- * * 0 - MPI
306
- * * 2 - binary
307
- * * 10 - the default
308
- * * 16 - hex
318
+ * Returns the string representation of the bignum.
319
+ *
320
+ * BN.new can parse the encoded string to convert back into an OpenSSL::BN.
321
+ *
322
+ * +base+::
323
+ * The format. Must be one of the following:
324
+ * - +0+ - MPI format. See the man page BN_bn2mpi(3) for details.
325
+ * - +2+ - Variable-length and big-endian binary encoding. The sign of
326
+ * the bignum is ignored.
327
+ * - +10+ - Decimal number representation, with a leading '-' for a negative
328
+ * bignum.
329
+ * - +16+ - Hexadeciaml number representation, with a leading '-' for a
330
+ * negative bignum.
309
331
  */
310
332
  static VALUE
311
333
  ossl_bn_to_s(int argc, VALUE *argv, VALUE self)
@@ -555,22 +577,33 @@ BIGNUM_2c(gcd)
555
577
  */
556
578
  BIGNUM_2c(mod_sqr)
557
579
 
580
+ #define BIGNUM_2cr(func) \
581
+ static VALUE \
582
+ ossl_bn_##func(VALUE self, VALUE other) \
583
+ { \
584
+ BIGNUM *bn1, *bn2 = GetBNPtr(other), *result; \
585
+ VALUE obj; \
586
+ GetBN(self, bn1); \
587
+ obj = NewBN(rb_obj_class(self)); \
588
+ if (!(result = BN_##func(NULL, bn1, bn2, ossl_bn_ctx))) \
589
+ ossl_raise(eBNError, NULL); \
590
+ SetBN(obj, result); \
591
+ return obj; \
592
+ }
593
+
594
+ /*
595
+ * Document-method: OpenSSL::BN#mod_sqrt
596
+ * call-seq:
597
+ * bn.mod_sqrt(bn2) => aBN
598
+ */
599
+ BIGNUM_2cr(mod_sqrt)
600
+
558
601
  /*
602
+ * Document-method: OpenSSL::BN#mod_inverse
559
603
  * call-seq:
560
604
  * bn.mod_inverse(bn2) => aBN
561
605
  */
562
- static VALUE
563
- ossl_bn_mod_inverse(VALUE self, VALUE other)
564
- {
565
- BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;
566
- VALUE obj;
567
- GetBN(self, bn1);
568
- obj = NewBN(rb_obj_class(self));
569
- if (!(result = BN_mod_inverse(NULL, bn1, bn2, ossl_bn_ctx)))
570
- ossl_raise(eBNError, "BN_mod_inverse");
571
- SetBN(obj, result);
572
- return obj;
573
- }
606
+ BIGNUM_2cr(mod_inverse)
574
607
 
575
608
  /*
576
609
  * call-seq:
@@ -770,78 +803,64 @@ BIGNUM_SELF_SHIFT(lshift)
770
803
  */
771
804
  BIGNUM_SELF_SHIFT(rshift)
772
805
 
773
- #define BIGNUM_RAND(func) \
774
- static VALUE \
775
- ossl_bn_s_##func(int argc, VALUE *argv, VALUE klass) \
776
- { \
777
- BIGNUM *result; \
778
- int bottom = 0, top = 0, b; \
779
- VALUE bits, fill, odd, obj; \
780
- \
781
- switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) { \
782
- case 3: \
783
- bottom = (odd == Qtrue) ? 1 : 0; \
784
- /* FALLTHROUGH */ \
785
- case 2: \
786
- top = NUM2INT(fill); \
787
- } \
788
- b = NUM2INT(bits); \
789
- obj = NewBN(klass); \
790
- if (!(result = BN_new())) { \
791
- ossl_raise(eBNError, NULL); \
792
- } \
793
- if (BN_##func(result, b, top, bottom) <= 0) { \
794
- BN_free(result); \
795
- ossl_raise(eBNError, NULL); \
796
- } \
797
- SetBN(obj, result); \
798
- return obj; \
799
- }
800
-
801
- /*
802
- * Document-method: OpenSSL::BN.rand
803
- * BN.rand(bits [, fill [, odd]]) -> aBN
804
- */
805
- BIGNUM_RAND(rand)
806
-
807
- /*
808
- * Document-method: OpenSSL::BN.pseudo_rand
809
- * BN.pseudo_rand(bits [, fill [, odd]]) -> aBN
810
- */
811
- BIGNUM_RAND(pseudo_rand)
812
-
813
- #define BIGNUM_RAND_RANGE(func) \
814
- static VALUE \
815
- ossl_bn_s_##func##_range(VALUE klass, VALUE range) \
816
- { \
817
- BIGNUM *bn = GetBNPtr(range), *result; \
818
- VALUE obj = NewBN(klass); \
819
- if (!(result = BN_new())) { \
820
- ossl_raise(eBNError, NULL); \
821
- } \
822
- if (BN_##func##_range(result, bn) <= 0) { \
823
- BN_free(result); \
824
- ossl_raise(eBNError, NULL); \
825
- } \
826
- SetBN(obj, result); \
827
- return obj; \
828
- }
829
-
830
806
  /*
831
- * Document-method: OpenSSL::BN.rand_range
832
807
  * call-seq:
833
- * BN.rand_range(range) -> aBN
808
+ * BN.rand(bits [, fill [, odd]]) -> aBN
834
809
  *
810
+ * Generates a cryptographically strong pseudo-random number of +bits+.
811
+ *
812
+ * See also the man page BN_rand(3).
835
813
  */
836
- BIGNUM_RAND_RANGE(rand)
814
+ static VALUE
815
+ ossl_bn_s_rand(int argc, VALUE *argv, VALUE klass)
816
+ {
817
+ BIGNUM *result;
818
+ int bottom = 0, top = 0, b;
819
+ VALUE bits, fill, odd, obj;
820
+
821
+ switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) {
822
+ case 3:
823
+ bottom = (odd == Qtrue) ? 1 : 0;
824
+ /* FALLTHROUGH */
825
+ case 2:
826
+ top = NUM2INT(fill);
827
+ }
828
+ b = NUM2INT(bits);
829
+ obj = NewBN(klass);
830
+ if (!(result = BN_new())) {
831
+ ossl_raise(eBNError, "BN_new");
832
+ }
833
+ if (BN_rand(result, b, top, bottom) <= 0) {
834
+ BN_free(result);
835
+ ossl_raise(eBNError, "BN_rand");
836
+ }
837
+ SetBN(obj, result);
838
+ return obj;
839
+ }
837
840
 
838
841
  /*
839
- * Document-method: OpenSSL::BN.pseudo_rand_range
840
842
  * call-seq:
841
- * BN.pseudo_rand_range(range) -> aBN
843
+ * BN.rand_range(range) -> aBN
844
+ *
845
+ * Generates a cryptographically strong pseudo-random number in the range
846
+ * 0...+range+.
842
847
  *
848
+ * See also the man page BN_rand_range(3).
843
849
  */
844
- BIGNUM_RAND_RANGE(pseudo_rand)
850
+ static VALUE
851
+ ossl_bn_s_rand_range(VALUE klass, VALUE range)
852
+ {
853
+ BIGNUM *bn = GetBNPtr(range), *result;
854
+ VALUE obj = NewBN(klass);
855
+ if (!(result = BN_new()))
856
+ ossl_raise(eBNError, "BN_new");
857
+ if (BN_rand_range(result, bn) <= 0) {
858
+ BN_free(result);
859
+ ossl_raise(eBNError, "BN_rand_range");
860
+ }
861
+ SetBN(obj, result);
862
+ return obj;
863
+ }
845
864
 
846
865
  /*
847
866
  * call-seq:
@@ -936,7 +955,17 @@ ossl_bn_copy(VALUE self, VALUE other)
936
955
  static VALUE
937
956
  ossl_bn_uplus(VALUE self)
938
957
  {
939
- return self;
958
+ VALUE obj;
959
+ BIGNUM *bn1, *bn2;
960
+
961
+ GetBN(self, bn1);
962
+ obj = NewBN(cBN);
963
+ bn2 = BN_dup(bn1);
964
+ if (!bn2)
965
+ ossl_raise(eBNError, "BN_dup");
966
+ SetBN(obj, bn2);
967
+
968
+ return obj;
940
969
  }
941
970
 
942
971
  /*
@@ -960,6 +989,24 @@ ossl_bn_uminus(VALUE self)
960
989
  return obj;
961
990
  }
962
991
 
992
+ /*
993
+ * call-seq:
994
+ * bn.abs -> aBN
995
+ */
996
+ static VALUE
997
+ ossl_bn_abs(VALUE self)
998
+ {
999
+ BIGNUM *bn1;
1000
+
1001
+ GetBN(self, bn1);
1002
+ if (BN_is_negative(bn1)) {
1003
+ return ossl_bn_uminus(self);
1004
+ }
1005
+ else {
1006
+ return ossl_bn_uplus(self);
1007
+ }
1008
+ }
1009
+
963
1010
  #define BIGNUM_CMP(func) \
964
1011
  static VALUE \
965
1012
  ossl_bn_##func(VALUE self, VALUE other) \
@@ -1068,34 +1115,29 @@ ossl_bn_hash(VALUE self)
1068
1115
  * bn.prime? => true | false
1069
1116
  * bn.prime?(checks) => true | false
1070
1117
  *
1071
- * Performs a Miller-Rabin probabilistic primality test with _checks_
1072
- * iterations. If _checks_ is not specified, a number of iterations is used
1073
- * that yields a false positive rate of at most 2^-80 for random input.
1118
+ * Performs a Miller-Rabin probabilistic primality test for +bn+.
1074
1119
  *
1075
- * === Parameters
1076
- * * _checks_ - integer
1120
+ * <b>+checks+ parameter is deprecated in version 3.0.</b> It has no effect.
1077
1121
  */
1078
1122
  static VALUE
1079
1123
  ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
1080
1124
  {
1081
1125
  BIGNUM *bn;
1082
- VALUE vchecks;
1083
- int checks = BN_prime_checks;
1126
+ int ret;
1084
1127
 
1085
- if (rb_scan_args(argc, argv, "01", &vchecks) == 1) {
1086
- checks = NUM2INT(vchecks);
1087
- }
1128
+ rb_check_arity(argc, 0, 1);
1088
1129
  GetBN(self, bn);
1089
- switch (BN_is_prime_ex(bn, checks, ossl_bn_ctx, NULL)) {
1090
- case 1:
1091
- return Qtrue;
1092
- case 0:
1093
- return Qfalse;
1094
- default:
1095
- ossl_raise(eBNError, NULL);
1096
- }
1097
- /* not reachable */
1098
- return Qnil;
1130
+
1131
+ #ifdef HAVE_BN_CHECK_PRIME
1132
+ ret = BN_check_prime(bn, ossl_bn_ctx, NULL);
1133
+ if (ret < 0)
1134
+ ossl_raise(eBNError, "BN_check_prime");
1135
+ #else
1136
+ ret = BN_is_prime_fasttest_ex(bn, BN_prime_checks, ossl_bn_ctx, 1, NULL);
1137
+ if (ret < 0)
1138
+ ossl_raise(eBNError, "BN_is_prime_fasttest_ex");
1139
+ #endif
1140
+ return ret ? Qtrue : Qfalse;
1099
1141
  }
1100
1142
 
1101
1143
  /*
@@ -1104,39 +1146,52 @@ ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
1104
1146
  * bn.prime_fasttest?(checks) => true | false
1105
1147
  * bn.prime_fasttest?(checks, trial_div) => true | false
1106
1148
  *
1107
- * Performs a Miller-Rabin primality test. This is same as #prime? except this
1108
- * first attempts trial divisions with some small primes.
1149
+ * Performs a Miller-Rabin probabilistic primality test for +bn+.
1109
1150
  *
1110
- * === Parameters
1111
- * * _checks_ - integer
1112
- * * _trial_div_ - boolean
1151
+ * <b>Deprecated in version 3.0.</b> Use #prime? instead.
1152
+ *
1153
+ * +checks+ and +trial_div+ parameters no longer have any effect.
1113
1154
  */
1114
1155
  static VALUE
1115
1156
  ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self)
1157
+ {
1158
+ rb_check_arity(argc, 0, 2);
1159
+ return ossl_bn_is_prime(0, argv, self);
1160
+ }
1161
+
1162
+ /*
1163
+ * call-seq:
1164
+ * bn.get_flags(flags) => flags
1165
+ *
1166
+ * Returns the flags on the BN object.
1167
+ * The argument is used as a bit mask.
1168
+ *
1169
+ * === Parameters
1170
+ * * _flags_ - integer
1171
+ */
1172
+ static VALUE
1173
+ ossl_bn_get_flags(VALUE self, VALUE arg)
1116
1174
  {
1117
1175
  BIGNUM *bn;
1118
- VALUE vchecks, vtrivdiv;
1119
- int checks = BN_prime_checks, do_trial_division = 1;
1176
+ GetBN(self, bn);
1120
1177
 
1121
- rb_scan_args(argc, argv, "02", &vchecks, &vtrivdiv);
1178
+ return INT2NUM(BN_get_flags(bn, NUM2INT(arg)));
1179
+ }
1122
1180
 
1123
- if (!NIL_P(vchecks)) {
1124
- checks = NUM2INT(vchecks);
1125
- }
1181
+ /*
1182
+ * call-seq:
1183
+ * bn.set_flags(flags) => nil
1184
+ *
1185
+ * Enables the flags on the BN object.
1186
+ * Currently, the flags argument can contain zero of OpenSSL::BN::CONSTTIME.
1187
+ */
1188
+ static VALUE
1189
+ ossl_bn_set_flags(VALUE self, VALUE arg)
1190
+ {
1191
+ BIGNUM *bn;
1126
1192
  GetBN(self, bn);
1127
- /* handle true/false */
1128
- if (vtrivdiv == Qfalse) {
1129
- do_trial_division = 0;
1130
- }
1131
- switch (BN_is_prime_fasttest_ex(bn, checks, ossl_bn_ctx, do_trial_division, NULL)) {
1132
- case 1:
1133
- return Qtrue;
1134
- case 0:
1135
- return Qfalse;
1136
- default:
1137
- ossl_raise(eBNError, NULL);
1138
- }
1139
- /* not reachable */
1193
+
1194
+ BN_set_flags(bn, NUM2INT(arg));
1140
1195
  return Qnil;
1141
1196
  }
1142
1197
 
@@ -1176,6 +1231,7 @@ Init_ossl_bn(void)
1176
1231
 
1177
1232
  rb_define_method(cBN, "+@", ossl_bn_uplus, 0);
1178
1233
  rb_define_method(cBN, "-@", ossl_bn_uminus, 0);
1234
+ rb_define_method(cBN, "abs", ossl_bn_abs, 0);
1179
1235
 
1180
1236
  rb_define_method(cBN, "+", ossl_bn_add, 1);
1181
1237
  rb_define_method(cBN, "-", ossl_bn_sub, 1);
@@ -1189,6 +1245,7 @@ Init_ossl_bn(void)
1189
1245
  rb_define_method(cBN, "mod_sub", ossl_bn_mod_sub, 2);
1190
1246
  rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2);
1191
1247
  rb_define_method(cBN, "mod_sqr", ossl_bn_mod_sqr, 1);
1248
+ rb_define_method(cBN, "mod_sqrt", ossl_bn_mod_sqrt, 1);
1192
1249
  rb_define_method(cBN, "**", ossl_bn_exp, 1);
1193
1250
  rb_define_method(cBN, "mod_exp", ossl_bn_mod_exp, 2);
1194
1251
  rb_define_method(cBN, "gcd", ossl_bn_gcd, 1);
@@ -1219,9 +1276,9 @@ Init_ossl_bn(void)
1219
1276
  * get_word */
1220
1277
 
1221
1278
  rb_define_singleton_method(cBN, "rand", ossl_bn_s_rand, -1);
1222
- rb_define_singleton_method(cBN, "pseudo_rand", ossl_bn_s_pseudo_rand, -1);
1223
1279
  rb_define_singleton_method(cBN, "rand_range", ossl_bn_s_rand_range, 1);
1224
- rb_define_singleton_method(cBN, "pseudo_rand_range", ossl_bn_s_pseudo_rand_range, 1);
1280
+ rb_define_alias(rb_singleton_class(cBN), "pseudo_rand", "rand");
1281
+ rb_define_alias(rb_singleton_class(cBN), "pseudo_rand_range", "rand_range");
1225
1282
 
1226
1283
  rb_define_singleton_method(cBN, "generate_prime", ossl_bn_s_generate_prime, -1);
1227
1284
  rb_define_method(cBN, "prime?", ossl_bn_is_prime, -1);
@@ -1238,6 +1295,23 @@ Init_ossl_bn(void)
1238
1295
  /* lshift1 - DON'T IMPL. */
1239
1296
  /* rshift1 - DON'T IMPL. */
1240
1297
 
1298
+ rb_define_method(cBN, "get_flags", ossl_bn_get_flags, 1);
1299
+ rb_define_method(cBN, "set_flags", ossl_bn_set_flags, 1);
1300
+
1301
+ #ifdef BN_FLG_CONSTTIME
1302
+ rb_define_const(cBN, "CONSTTIME", INT2NUM(BN_FLG_CONSTTIME));
1303
+ #endif
1304
+ /* BN_FLG_MALLOCED and BN_FLG_STATIC_DATA seems for C programming.
1305
+ * Allowing them leads to memory leak.
1306
+ * So, for now, they are not exported
1307
+ #ifdef BN_FLG_MALLOCED
1308
+ rb_define_const(cBN, "MALLOCED", INT2NUM(BN_FLG_MALLOCED));
1309
+ #endif
1310
+ #ifdef BN_FLG_STATIC_DATA
1311
+ rb_define_const(cBN, "STATIC_DATA", INT2NUM(BN_FLG_STATIC_DATA));
1312
+ #endif
1313
+ */
1314
+
1241
1315
  /*
1242
1316
  * bn2bin
1243
1317
  * bin2bn
@@ -42,7 +42,7 @@ static const rb_data_type_t ossl_cipher_type = {
42
42
  {
43
43
  0, ossl_cipher_free,
44
44
  },
45
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
45
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
46
46
  };
47
47
 
48
48
  /*
@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
104
104
  * call-seq:
105
105
  * Cipher.new(string) -> cipher
106
106
  *
107
- * The string must contain a valid cipher name like "AES-256-CBC".
107
+ * The string must contain a valid cipher name like "aes-256-cbc".
108
108
  *
109
109
  * A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
110
110
  */
@@ -149,11 +149,11 @@ ossl_cipher_copy(VALUE self, VALUE other)
149
149
  return self;
150
150
  }
151
151
 
152
- static void*
153
- add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
152
+ static void
153
+ add_cipher_name_to_ary(const OBJ_NAME *name, void *arg)
154
154
  {
155
+ VALUE ary = (VALUE)arg;
155
156
  rb_ary_push(ary, rb_str_new2(name->name));
156
- return NULL;
157
157
  }
158
158
 
159
159
  /*
@@ -169,7 +169,7 @@ ossl_s_ciphers(VALUE self)
169
169
 
170
170
  ary = rb_ary_new();
171
171
  OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
172
- (void(*)(const OBJ_NAME*,void*))add_cipher_name_to_ary,
172
+ add_cipher_name_to_ary,
173
173
  (void*)ary);
174
174
 
175
175
  return ary;
@@ -384,8 +384,7 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
384
384
 
385
385
  StringValue(data);
386
386
  in = (unsigned char *)RSTRING_PTR(data);
387
- if ((in_len = RSTRING_LEN(data)) == 0)
388
- ossl_raise(rb_eArgError, "data must not be empty");
387
+ in_len = RSTRING_LEN(data);
389
388
  GetCipher(self, ctx);
390
389
  out_len = in_len+EVP_CIPHER_CTX_block_size(ctx);
391
390
  if (out_len <= 0) {
@@ -874,7 +873,7 @@ Init_ossl_cipher(void)
874
873
  * individual components name, key length and mode. Either all uppercase
875
874
  * or all lowercase strings may be used, for example:
876
875
  *
877
- * cipher = OpenSSL::Cipher.new('AES-128-CBC')
876
+ * cipher = OpenSSL::Cipher.new('aes-128-cbc')
878
877
  *
879
878
  * === Choosing either encryption or decryption mode
880
879
  *
@@ -904,7 +903,7 @@ Init_ossl_cipher(void)
904
903
  * without processing the password further. A simple and secure way to
905
904
  * create a key for a particular Cipher is
906
905
  *
907
- * cipher = OpenSSL::Cipher.new('AES-256-CFB')
906
+ * cipher = OpenSSL::Cipher.new('aes-256-cfb')
908
907
  * cipher.encrypt
909
908
  * key = cipher.random_key # also sets the generated key on the Cipher
910
909
  *
@@ -972,14 +971,14 @@ Init_ossl_cipher(void)
972
971
  *
973
972
  * data = "Very, very confidential data"
974
973
  *
975
- * cipher = OpenSSL::Cipher.new('AES-128-CBC')
974
+ * cipher = OpenSSL::Cipher.new('aes-128-cbc')
976
975
  * cipher.encrypt
977
976
  * key = cipher.random_key
978
977
  * iv = cipher.random_iv
979
978
  *
980
979
  * encrypted = cipher.update(data) + cipher.final
981
980
  * ...
982
- * decipher = OpenSSL::Cipher.new('AES-128-CBC')
981
+ * decipher = OpenSSL::Cipher.new('aes-128-cbc')
983
982
  * decipher.decrypt
984
983
  * decipher.key = key
985
984
  * decipher.iv = iv
@@ -1015,7 +1014,7 @@ Init_ossl_cipher(void)
1015
1014
  * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
1016
1015
  * security guarantees of GCM mode.
1017
1016
  *
1018
- * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt
1017
+ * cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
1019
1018
  * cipher.key = key
1020
1019
  * cipher.iv = nonce
1021
1020
  * cipher.auth_data = auth_data
@@ -1031,7 +1030,7 @@ Init_ossl_cipher(void)
1031
1030
  * ciphertext with a probability of 1/256.
1032
1031
  *
1033
1032
  * raise "tag is truncated!" unless tag.bytesize == 16
1034
- * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
1033
+ * decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
1035
1034
  * decipher.key = key
1036
1035
  * decipher.iv = nonce
1037
1036
  * decipher.auth_tag = tag