openssl 2.2.2 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +32 -44
- data/History.md +99 -13
- data/ext/openssl/extconf.rb +26 -28
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +26 -45
- data/ext/openssl/ossl.c +59 -46
- data/ext/openssl/ossl.h +20 -6
- data/ext/openssl/ossl_asn1.c +16 -4
- data/ext/openssl/ossl_bn.c +188 -126
- data/ext/openssl/ossl_cipher.c +11 -11
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +9 -9
- data/ext/openssl/ossl_engine.c +16 -15
- data/ext/openssl/ossl_hmac.c +48 -135
- data/ext/openssl/ossl_kdf.c +8 -0
- data/ext/openssl/ossl_ocsp.c +3 -51
- data/ext/openssl/ossl_pkcs12.c +21 -3
- data/ext/openssl/ossl_pkcs7.c +42 -59
- data/ext/openssl/ossl_pkey.c +1102 -191
- data/ext/openssl/ossl_pkey.h +35 -72
- data/ext/openssl/ossl_pkey_dh.c +124 -334
- data/ext/openssl/ossl_pkey_dsa.c +93 -398
- data/ext/openssl/ossl_pkey_ec.c +126 -318
- data/ext/openssl/ossl_pkey_rsa.c +100 -487
- data/ext/openssl/ossl_ssl.c +256 -355
- data/ext/openssl/ossl_ssl_session.c +24 -29
- data/ext/openssl/ossl_ts.c +35 -20
- data/ext/openssl/ossl_x509.c +0 -6
- data/ext/openssl/ossl_x509cert.c +164 -8
- data/ext/openssl/ossl_x509crl.c +10 -7
- data/ext/openssl/ossl_x509ext.c +1 -2
- data/ext/openssl/ossl_x509name.c +9 -2
- data/ext/openssl/ossl_x509req.c +10 -7
- data/ext/openssl/ossl_x509store.c +154 -70
- data/lib/openssl/buffering.rb +9 -0
- data/lib/openssl/hmac.rb +65 -0
- data/lib/openssl/pkey.rb +417 -0
- data/lib/openssl/ssl.rb +7 -7
- data/lib/openssl/version.rb +1 -1
- data/lib/openssl/x509.rb +22 -0
- data/lib/openssl.rb +0 -1
- metadata +5 -77
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -501
data/ext/openssl/ossl_bn.c
CHANGED
@@ -10,7 +10,7 @@
|
|
10
10
|
/* modified by Michal Rokos <m.rokos@sh.cvut.cz> */
|
11
11
|
#include "ossl.h"
|
12
12
|
|
13
|
-
#
|
13
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
14
14
|
#include <ruby/ractor.h>
|
15
15
|
#endif
|
16
16
|
|
@@ -155,7 +155,7 @@ ossl_bn_value_ptr(volatile VALUE *ptr)
|
|
155
155
|
* Private
|
156
156
|
*/
|
157
157
|
|
158
|
-
#
|
158
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
159
159
|
void
|
160
160
|
ossl_bn_ctx_free(void *ptr)
|
161
161
|
{
|
@@ -223,12 +223,29 @@ ossl_bn_alloc(VALUE klass)
|
|
223
223
|
|
224
224
|
/*
|
225
225
|
* call-seq:
|
226
|
-
* OpenSSL::BN.new(bn)
|
227
|
-
* OpenSSL::BN.new(integer)
|
228
|
-
* OpenSSL::BN.new(string)
|
229
|
-
*
|
226
|
+
* OpenSSL::BN.new(bn) -> aBN
|
227
|
+
* OpenSSL::BN.new(integer) -> aBN
|
228
|
+
* OpenSSL::BN.new(string, base = 10) -> aBN
|
229
|
+
*
|
230
|
+
* Construct a new \OpenSSL BIGNUM object.
|
231
|
+
*
|
232
|
+
* If +bn+ is an Integer or OpenSSL::BN, a new instance of OpenSSL::BN
|
233
|
+
* representing the same value is returned. See also Integer#to_bn for the
|
234
|
+
* short-hand.
|
230
235
|
*
|
231
|
-
*
|
236
|
+
* If a String is given, the content will be parsed according to +base+.
|
237
|
+
*
|
238
|
+
* +string+::
|
239
|
+
* The string to be parsed.
|
240
|
+
* +base+::
|
241
|
+
* The format. Must be one of the following:
|
242
|
+
* - +0+ - MPI format. See the man page BN_mpi2bn(3) for details.
|
243
|
+
* - +2+ - Variable-length and big-endian binary encoding of a positive
|
244
|
+
* number.
|
245
|
+
* - +10+ - Decimal number representation, with a leading '-' for a negative
|
246
|
+
* number.
|
247
|
+
* - +16+ - Hexadeciaml number representation, with a leading '-' for a
|
248
|
+
* negative number.
|
232
249
|
*/
|
233
250
|
static VALUE
|
234
251
|
ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
@@ -296,16 +313,21 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
|
296
313
|
|
297
314
|
/*
|
298
315
|
* call-seq:
|
299
|
-
* bn.to_s
|
300
|
-
* bn.to_s(base) => string
|
316
|
+
* bn.to_s(base = 10) -> string
|
301
317
|
*
|
302
|
-
*
|
303
|
-
*
|
304
|
-
*
|
305
|
-
*
|
306
|
-
*
|
307
|
-
*
|
308
|
-
*
|
318
|
+
* Returns the string representation of the bignum.
|
319
|
+
*
|
320
|
+
* BN.new can parse the encoded string to convert back into an OpenSSL::BN.
|
321
|
+
*
|
322
|
+
* +base+::
|
323
|
+
* The format. Must be one of the following:
|
324
|
+
* - +0+ - MPI format. See the man page BN_bn2mpi(3) for details.
|
325
|
+
* - +2+ - Variable-length and big-endian binary encoding. The sign of
|
326
|
+
* the bignum is ignored.
|
327
|
+
* - +10+ - Decimal number representation, with a leading '-' for a negative
|
328
|
+
* bignum.
|
329
|
+
* - +16+ - Hexadeciaml number representation, with a leading '-' for a
|
330
|
+
* negative bignum.
|
309
331
|
*/
|
310
332
|
static VALUE
|
311
333
|
ossl_bn_to_s(int argc, VALUE *argv, VALUE self)
|
@@ -770,78 +792,64 @@ BIGNUM_SELF_SHIFT(lshift)
|
|
770
792
|
*/
|
771
793
|
BIGNUM_SELF_SHIFT(rshift)
|
772
794
|
|
773
|
-
#define BIGNUM_RAND(func) \
|
774
|
-
static VALUE \
|
775
|
-
ossl_bn_s_##func(int argc, VALUE *argv, VALUE klass) \
|
776
|
-
{ \
|
777
|
-
BIGNUM *result; \
|
778
|
-
int bottom = 0, top = 0, b; \
|
779
|
-
VALUE bits, fill, odd, obj; \
|
780
|
-
\
|
781
|
-
switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) { \
|
782
|
-
case 3: \
|
783
|
-
bottom = (odd == Qtrue) ? 1 : 0; \
|
784
|
-
/* FALLTHROUGH */ \
|
785
|
-
case 2: \
|
786
|
-
top = NUM2INT(fill); \
|
787
|
-
} \
|
788
|
-
b = NUM2INT(bits); \
|
789
|
-
obj = NewBN(klass); \
|
790
|
-
if (!(result = BN_new())) { \
|
791
|
-
ossl_raise(eBNError, NULL); \
|
792
|
-
} \
|
793
|
-
if (BN_##func(result, b, top, bottom) <= 0) { \
|
794
|
-
BN_free(result); \
|
795
|
-
ossl_raise(eBNError, NULL); \
|
796
|
-
} \
|
797
|
-
SetBN(obj, result); \
|
798
|
-
return obj; \
|
799
|
-
}
|
800
|
-
|
801
|
-
/*
|
802
|
-
* Document-method: OpenSSL::BN.rand
|
803
|
-
* BN.rand(bits [, fill [, odd]]) -> aBN
|
804
|
-
*/
|
805
|
-
BIGNUM_RAND(rand)
|
806
|
-
|
807
|
-
/*
|
808
|
-
* Document-method: OpenSSL::BN.pseudo_rand
|
809
|
-
* BN.pseudo_rand(bits [, fill [, odd]]) -> aBN
|
810
|
-
*/
|
811
|
-
BIGNUM_RAND(pseudo_rand)
|
812
|
-
|
813
|
-
#define BIGNUM_RAND_RANGE(func) \
|
814
|
-
static VALUE \
|
815
|
-
ossl_bn_s_##func##_range(VALUE klass, VALUE range) \
|
816
|
-
{ \
|
817
|
-
BIGNUM *bn = GetBNPtr(range), *result; \
|
818
|
-
VALUE obj = NewBN(klass); \
|
819
|
-
if (!(result = BN_new())) { \
|
820
|
-
ossl_raise(eBNError, NULL); \
|
821
|
-
} \
|
822
|
-
if (BN_##func##_range(result, bn) <= 0) { \
|
823
|
-
BN_free(result); \
|
824
|
-
ossl_raise(eBNError, NULL); \
|
825
|
-
} \
|
826
|
-
SetBN(obj, result); \
|
827
|
-
return obj; \
|
828
|
-
}
|
829
|
-
|
830
795
|
/*
|
831
|
-
* Document-method: OpenSSL::BN.rand_range
|
832
796
|
* call-seq:
|
833
|
-
*
|
797
|
+
* BN.rand(bits [, fill [, odd]]) -> aBN
|
798
|
+
*
|
799
|
+
* Generates a cryptographically strong pseudo-random number of +bits+.
|
834
800
|
*
|
801
|
+
* See also the man page BN_rand(3).
|
835
802
|
*/
|
836
|
-
|
803
|
+
static VALUE
|
804
|
+
ossl_bn_s_rand(int argc, VALUE *argv, VALUE klass)
|
805
|
+
{
|
806
|
+
BIGNUM *result;
|
807
|
+
int bottom = 0, top = 0, b;
|
808
|
+
VALUE bits, fill, odd, obj;
|
809
|
+
|
810
|
+
switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) {
|
811
|
+
case 3:
|
812
|
+
bottom = (odd == Qtrue) ? 1 : 0;
|
813
|
+
/* FALLTHROUGH */
|
814
|
+
case 2:
|
815
|
+
top = NUM2INT(fill);
|
816
|
+
}
|
817
|
+
b = NUM2INT(bits);
|
818
|
+
obj = NewBN(klass);
|
819
|
+
if (!(result = BN_new())) {
|
820
|
+
ossl_raise(eBNError, "BN_new");
|
821
|
+
}
|
822
|
+
if (BN_rand(result, b, top, bottom) <= 0) {
|
823
|
+
BN_free(result);
|
824
|
+
ossl_raise(eBNError, "BN_rand");
|
825
|
+
}
|
826
|
+
SetBN(obj, result);
|
827
|
+
return obj;
|
828
|
+
}
|
837
829
|
|
838
830
|
/*
|
839
|
-
* Document-method: OpenSSL::BN.pseudo_rand_range
|
840
831
|
* call-seq:
|
841
|
-
*
|
832
|
+
* BN.rand_range(range) -> aBN
|
842
833
|
*
|
834
|
+
* Generates a cryptographically strong pseudo-random number in the range
|
835
|
+
* 0...+range+.
|
836
|
+
*
|
837
|
+
* See also the man page BN_rand_range(3).
|
843
838
|
*/
|
844
|
-
|
839
|
+
static VALUE
|
840
|
+
ossl_bn_s_rand_range(VALUE klass, VALUE range)
|
841
|
+
{
|
842
|
+
BIGNUM *bn = GetBNPtr(range), *result;
|
843
|
+
VALUE obj = NewBN(klass);
|
844
|
+
if (!(result = BN_new()))
|
845
|
+
ossl_raise(eBNError, "BN_new");
|
846
|
+
if (BN_rand_range(result, bn) <= 0) {
|
847
|
+
BN_free(result);
|
848
|
+
ossl_raise(eBNError, "BN_rand_range");
|
849
|
+
}
|
850
|
+
SetBN(obj, result);
|
851
|
+
return obj;
|
852
|
+
}
|
845
853
|
|
846
854
|
/*
|
847
855
|
* call-seq:
|
@@ -936,7 +944,17 @@ ossl_bn_copy(VALUE self, VALUE other)
|
|
936
944
|
static VALUE
|
937
945
|
ossl_bn_uplus(VALUE self)
|
938
946
|
{
|
939
|
-
|
947
|
+
VALUE obj;
|
948
|
+
BIGNUM *bn1, *bn2;
|
949
|
+
|
950
|
+
GetBN(self, bn1);
|
951
|
+
obj = NewBN(cBN);
|
952
|
+
bn2 = BN_dup(bn1);
|
953
|
+
if (!bn2)
|
954
|
+
ossl_raise(eBNError, "BN_dup");
|
955
|
+
SetBN(obj, bn2);
|
956
|
+
|
957
|
+
return obj;
|
940
958
|
}
|
941
959
|
|
942
960
|
/*
|
@@ -960,6 +978,24 @@ ossl_bn_uminus(VALUE self)
|
|
960
978
|
return obj;
|
961
979
|
}
|
962
980
|
|
981
|
+
/*
|
982
|
+
* call-seq:
|
983
|
+
* bn.abs -> aBN
|
984
|
+
*/
|
985
|
+
static VALUE
|
986
|
+
ossl_bn_abs(VALUE self)
|
987
|
+
{
|
988
|
+
BIGNUM *bn1;
|
989
|
+
|
990
|
+
GetBN(self, bn1);
|
991
|
+
if (BN_is_negative(bn1)) {
|
992
|
+
return ossl_bn_uminus(self);
|
993
|
+
}
|
994
|
+
else {
|
995
|
+
return ossl_bn_uplus(self);
|
996
|
+
}
|
997
|
+
}
|
998
|
+
|
963
999
|
#define BIGNUM_CMP(func) \
|
964
1000
|
static VALUE \
|
965
1001
|
ossl_bn_##func(VALUE self, VALUE other) \
|
@@ -1068,34 +1104,29 @@ ossl_bn_hash(VALUE self)
|
|
1068
1104
|
* bn.prime? => true | false
|
1069
1105
|
* bn.prime?(checks) => true | false
|
1070
1106
|
*
|
1071
|
-
* Performs a Miller-Rabin probabilistic primality test
|
1072
|
-
* iterations. If _checks_ is not specified, a number of iterations is used
|
1073
|
-
* that yields a false positive rate of at most 2^-80 for random input.
|
1107
|
+
* Performs a Miller-Rabin probabilistic primality test for +bn+.
|
1074
1108
|
*
|
1075
|
-
*
|
1076
|
-
* * _checks_ - integer
|
1109
|
+
* <b>+checks+ parameter is deprecated in version 3.0.</b> It has no effect.
|
1077
1110
|
*/
|
1078
1111
|
static VALUE
|
1079
1112
|
ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
|
1080
1113
|
{
|
1081
1114
|
BIGNUM *bn;
|
1082
|
-
|
1083
|
-
int checks = BN_prime_checks;
|
1115
|
+
int ret;
|
1084
1116
|
|
1085
|
-
|
1086
|
-
checks = NUM2INT(vchecks);
|
1087
|
-
}
|
1117
|
+
rb_check_arity(argc, 0, 1);
|
1088
1118
|
GetBN(self, bn);
|
1089
|
-
|
1090
|
-
|
1091
|
-
|
1092
|
-
|
1093
|
-
|
1094
|
-
|
1095
|
-
|
1096
|
-
|
1097
|
-
|
1098
|
-
|
1119
|
+
|
1120
|
+
#ifdef HAVE_BN_CHECK_PRIME
|
1121
|
+
ret = BN_check_prime(bn, ossl_bn_ctx, NULL);
|
1122
|
+
if (ret < 0)
|
1123
|
+
ossl_raise(eBNError, "BN_check_prime");
|
1124
|
+
#else
|
1125
|
+
ret = BN_is_prime_fasttest_ex(bn, BN_prime_checks, ossl_bn_ctx, 1, NULL);
|
1126
|
+
if (ret < 0)
|
1127
|
+
ossl_raise(eBNError, "BN_is_prime_fasttest_ex");
|
1128
|
+
#endif
|
1129
|
+
return ret ? Qtrue : Qfalse;
|
1099
1130
|
}
|
1100
1131
|
|
1101
1132
|
/*
|
@@ -1104,39 +1135,52 @@ ossl_bn_is_prime(int argc, VALUE *argv, VALUE self)
|
|
1104
1135
|
* bn.prime_fasttest?(checks) => true | false
|
1105
1136
|
* bn.prime_fasttest?(checks, trial_div) => true | false
|
1106
1137
|
*
|
1107
|
-
* Performs a Miller-Rabin primality test
|
1108
|
-
* first attempts trial divisions with some small primes.
|
1138
|
+
* Performs a Miller-Rabin probabilistic primality test for +bn+.
|
1109
1139
|
*
|
1110
|
-
*
|
1111
|
-
*
|
1112
|
-
*
|
1140
|
+
* <b>Deprecated in version 3.0.</b> Use #prime? instead.
|
1141
|
+
*
|
1142
|
+
* +checks+ and +trial_div+ parameters no longer have any effect.
|
1113
1143
|
*/
|
1114
1144
|
static VALUE
|
1115
1145
|
ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self)
|
1146
|
+
{
|
1147
|
+
rb_check_arity(argc, 0, 2);
|
1148
|
+
return ossl_bn_is_prime(0, argv, self);
|
1149
|
+
}
|
1150
|
+
|
1151
|
+
/*
|
1152
|
+
* call-seq:
|
1153
|
+
* bn.get_flags(flags) => flags
|
1154
|
+
*
|
1155
|
+
* Returns the flags on the BN object.
|
1156
|
+
* The argument is used as a bit mask.
|
1157
|
+
*
|
1158
|
+
* === Parameters
|
1159
|
+
* * _flags_ - integer
|
1160
|
+
*/
|
1161
|
+
static VALUE
|
1162
|
+
ossl_bn_get_flags(VALUE self, VALUE arg)
|
1116
1163
|
{
|
1117
1164
|
BIGNUM *bn;
|
1118
|
-
|
1119
|
-
int checks = BN_prime_checks, do_trial_division = 1;
|
1165
|
+
GetBN(self, bn);
|
1120
1166
|
|
1121
|
-
|
1167
|
+
return INT2NUM(BN_get_flags(bn, NUM2INT(arg)));
|
1168
|
+
}
|
1122
1169
|
|
1123
|
-
|
1124
|
-
|
1125
|
-
|
1170
|
+
/*
|
1171
|
+
* call-seq:
|
1172
|
+
* bn.set_flags(flags) => nil
|
1173
|
+
*
|
1174
|
+
* Enables the flags on the BN object.
|
1175
|
+
* Currently, the flags argument can contain zero of OpenSSL::BN::CONSTTIME.
|
1176
|
+
*/
|
1177
|
+
static VALUE
|
1178
|
+
ossl_bn_set_flags(VALUE self, VALUE arg)
|
1179
|
+
{
|
1180
|
+
BIGNUM *bn;
|
1126
1181
|
GetBN(self, bn);
|
1127
|
-
|
1128
|
-
|
1129
|
-
do_trial_division = 0;
|
1130
|
-
}
|
1131
|
-
switch (BN_is_prime_fasttest_ex(bn, checks, ossl_bn_ctx, do_trial_division, NULL)) {
|
1132
|
-
case 1:
|
1133
|
-
return Qtrue;
|
1134
|
-
case 0:
|
1135
|
-
return Qfalse;
|
1136
|
-
default:
|
1137
|
-
ossl_raise(eBNError, NULL);
|
1138
|
-
}
|
1139
|
-
/* not reachable */
|
1182
|
+
|
1183
|
+
BN_set_flags(bn, NUM2INT(arg));
|
1140
1184
|
return Qnil;
|
1141
1185
|
}
|
1142
1186
|
|
@@ -1176,6 +1220,7 @@ Init_ossl_bn(void)
|
|
1176
1220
|
|
1177
1221
|
rb_define_method(cBN, "+@", ossl_bn_uplus, 0);
|
1178
1222
|
rb_define_method(cBN, "-@", ossl_bn_uminus, 0);
|
1223
|
+
rb_define_method(cBN, "abs", ossl_bn_abs, 0);
|
1179
1224
|
|
1180
1225
|
rb_define_method(cBN, "+", ossl_bn_add, 1);
|
1181
1226
|
rb_define_method(cBN, "-", ossl_bn_sub, 1);
|
@@ -1219,9 +1264,9 @@ Init_ossl_bn(void)
|
|
1219
1264
|
* get_word */
|
1220
1265
|
|
1221
1266
|
rb_define_singleton_method(cBN, "rand", ossl_bn_s_rand, -1);
|
1222
|
-
rb_define_singleton_method(cBN, "pseudo_rand", ossl_bn_s_pseudo_rand, -1);
|
1223
1267
|
rb_define_singleton_method(cBN, "rand_range", ossl_bn_s_rand_range, 1);
|
1224
|
-
|
1268
|
+
rb_define_alias(rb_singleton_class(cBN), "pseudo_rand", "rand");
|
1269
|
+
rb_define_alias(rb_singleton_class(cBN), "pseudo_rand_range", "rand_range");
|
1225
1270
|
|
1226
1271
|
rb_define_singleton_method(cBN, "generate_prime", ossl_bn_s_generate_prime, -1);
|
1227
1272
|
rb_define_method(cBN, "prime?", ossl_bn_is_prime, -1);
|
@@ -1238,6 +1283,23 @@ Init_ossl_bn(void)
|
|
1238
1283
|
/* lshift1 - DON'T IMPL. */
|
1239
1284
|
/* rshift1 - DON'T IMPL. */
|
1240
1285
|
|
1286
|
+
rb_define_method(cBN, "get_flags", ossl_bn_get_flags, 1);
|
1287
|
+
rb_define_method(cBN, "set_flags", ossl_bn_set_flags, 1);
|
1288
|
+
|
1289
|
+
#ifdef BN_FLG_CONSTTIME
|
1290
|
+
rb_define_const(cBN, "CONSTTIME", INT2NUM(BN_FLG_CONSTTIME));
|
1291
|
+
#endif
|
1292
|
+
/* BN_FLG_MALLOCED and BN_FLG_STATIC_DATA seems for C programming.
|
1293
|
+
* Allowing them leads to memory leak.
|
1294
|
+
* So, for now, they are not exported
|
1295
|
+
#ifdef BN_FLG_MALLOCED
|
1296
|
+
rb_define_const(cBN, "MALLOCED", INT2NUM(BN_FLG_MALLOCED));
|
1297
|
+
#endif
|
1298
|
+
#ifdef BN_FLG_STATIC_DATA
|
1299
|
+
rb_define_const(cBN, "STATIC_DATA", INT2NUM(BN_FLG_STATIC_DATA));
|
1300
|
+
#endif
|
1301
|
+
*/
|
1302
|
+
|
1241
1303
|
/*
|
1242
1304
|
* bn2bin
|
1243
1305
|
* bin2bn
|
data/ext/openssl/ossl_cipher.c
CHANGED
@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
|
|
104
104
|
* call-seq:
|
105
105
|
* Cipher.new(string) -> cipher
|
106
106
|
*
|
107
|
-
* The string must contain a valid cipher name like "
|
107
|
+
* The string must contain a valid cipher name like "aes-256-cbc".
|
108
108
|
*
|
109
109
|
* A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
|
110
110
|
*/
|
@@ -149,11 +149,11 @@ ossl_cipher_copy(VALUE self, VALUE other)
|
|
149
149
|
return self;
|
150
150
|
}
|
151
151
|
|
152
|
-
static void
|
153
|
-
add_cipher_name_to_ary(const OBJ_NAME *name,
|
152
|
+
static void
|
153
|
+
add_cipher_name_to_ary(const OBJ_NAME *name, void *arg)
|
154
154
|
{
|
155
|
+
VALUE ary = (VALUE)arg;
|
155
156
|
rb_ary_push(ary, rb_str_new2(name->name));
|
156
|
-
return NULL;
|
157
157
|
}
|
158
158
|
|
159
159
|
/*
|
@@ -169,7 +169,7 @@ ossl_s_ciphers(VALUE self)
|
|
169
169
|
|
170
170
|
ary = rb_ary_new();
|
171
171
|
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
172
|
-
|
172
|
+
add_cipher_name_to_ary,
|
173
173
|
(void*)ary);
|
174
174
|
|
175
175
|
return ary;
|
@@ -874,7 +874,7 @@ Init_ossl_cipher(void)
|
|
874
874
|
* individual components name, key length and mode. Either all uppercase
|
875
875
|
* or all lowercase strings may be used, for example:
|
876
876
|
*
|
877
|
-
* cipher = OpenSSL::Cipher.new('
|
877
|
+
* cipher = OpenSSL::Cipher.new('aes-128-cbc')
|
878
878
|
*
|
879
879
|
* === Choosing either encryption or decryption mode
|
880
880
|
*
|
@@ -904,7 +904,7 @@ Init_ossl_cipher(void)
|
|
904
904
|
* without processing the password further. A simple and secure way to
|
905
905
|
* create a key for a particular Cipher is
|
906
906
|
*
|
907
|
-
* cipher = OpenSSL::Cipher.new('
|
907
|
+
* cipher = OpenSSL::Cipher.new('aes-256-cfb')
|
908
908
|
* cipher.encrypt
|
909
909
|
* key = cipher.random_key # also sets the generated key on the Cipher
|
910
910
|
*
|
@@ -972,14 +972,14 @@ Init_ossl_cipher(void)
|
|
972
972
|
*
|
973
973
|
* data = "Very, very confidential data"
|
974
974
|
*
|
975
|
-
* cipher = OpenSSL::Cipher.new('
|
975
|
+
* cipher = OpenSSL::Cipher.new('aes-128-cbc')
|
976
976
|
* cipher.encrypt
|
977
977
|
* key = cipher.random_key
|
978
978
|
* iv = cipher.random_iv
|
979
979
|
*
|
980
980
|
* encrypted = cipher.update(data) + cipher.final
|
981
981
|
* ...
|
982
|
-
* decipher = OpenSSL::Cipher.new('
|
982
|
+
* decipher = OpenSSL::Cipher.new('aes-128-cbc')
|
983
983
|
* decipher.decrypt
|
984
984
|
* decipher.key = key
|
985
985
|
* decipher.iv = iv
|
@@ -1015,7 +1015,7 @@ Init_ossl_cipher(void)
|
|
1015
1015
|
* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
|
1016
1016
|
* security guarantees of GCM mode.
|
1017
1017
|
*
|
1018
|
-
* cipher = OpenSSL::Cipher.new('
|
1018
|
+
* cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
|
1019
1019
|
* cipher.key = key
|
1020
1020
|
* cipher.iv = nonce
|
1021
1021
|
* cipher.auth_data = auth_data
|
@@ -1031,7 +1031,7 @@ Init_ossl_cipher(void)
|
|
1031
1031
|
* ciphertext with a probability of 1/256.
|
1032
1032
|
*
|
1033
1033
|
* raise "tag is truncated!" unless tag.bytesize == 16
|
1034
|
-
* decipher = OpenSSL::Cipher.new('
|
1034
|
+
* decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
|
1035
1035
|
* decipher.key = key
|
1036
1036
|
* decipher.iv = nonce
|
1037
1037
|
* decipher.auth_tag = tag
|