openssl 3.3.1 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +107 -0
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +30 -69
- data/ext/openssl/openssl_missing.h +0 -206
- data/ext/openssl/ossl.c +280 -301
- data/ext/openssl/ossl.h +15 -10
- data/ext/openssl/ossl_asn1.c +598 -406
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +252 -203
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +31 -37
- data/ext/openssl/ossl_ocsp.c +214 -241
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +175 -145
- data/ext/openssl/ossl_pkey.c +162 -178
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +32 -67
- data/ext/openssl/ossl_pkey_dsa.c +16 -53
- data/ext/openssl/ossl_pkey_ec.c +180 -236
- data/ext/openssl/ossl_pkey_rsa.c +57 -102
- data/ext/openssl/ossl_provider.c +0 -7
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +478 -353
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +81 -127
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509attr.c +33 -54
- data/ext/openssl/ossl_x509cert.c +69 -100
- data/ext/openssl/ossl_x509crl.c +78 -89
- data/ext/openssl/ossl_x509ext.c +45 -66
- data/ext/openssl/ossl_x509name.c +63 -88
- data/ext/openssl/ossl_x509req.c +55 -62
- data/ext/openssl/ossl_x509revoked.c +27 -41
- data/ext/openssl/ossl_x509store.c +38 -56
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +1 -3
- data/ext/openssl/openssl_missing.c +0 -40
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_pkey.h
CHANGED
|
@@ -22,12 +22,12 @@ extern const rb_data_type_t ossl_evp_pkey_type;
|
|
|
22
22
|
#define GetPKey(obj, pkey) do {\
|
|
23
23
|
TypedData_Get_Struct((obj), EVP_PKEY, &ossl_evp_pkey_type, (pkey)); \
|
|
24
24
|
if (!(pkey)) { \
|
|
25
|
-
|
|
25
|
+
rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\
|
|
26
26
|
} \
|
|
27
27
|
} while (0)
|
|
28
28
|
|
|
29
29
|
/* Takes ownership of the EVP_PKEY */
|
|
30
|
-
VALUE
|
|
30
|
+
VALUE ossl_pkey_wrap(EVP_PKEY *);
|
|
31
31
|
void ossl_pkey_check_public_key(const EVP_PKEY *);
|
|
32
32
|
EVP_PKEY *ossl_pkey_read_generic(BIO *, VALUE);
|
|
33
33
|
EVP_PKEY *GetPKeyPtr(VALUE);
|
|
@@ -45,7 +45,7 @@ VALUE ossl_pkey_export_spki(VALUE self, int to_der);
|
|
|
45
45
|
* #to_der.
|
|
46
46
|
*/
|
|
47
47
|
VALUE ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self,
|
|
48
|
-
|
|
48
|
+
int to_der);
|
|
49
49
|
|
|
50
50
|
void Init_ossl_pkey(void);
|
|
51
51
|
|
|
@@ -74,120 +74,120 @@ extern VALUE cEC;
|
|
|
74
74
|
VALUE ossl_ec_new(EVP_PKEY *);
|
|
75
75
|
void Init_ossl_ec(void);
|
|
76
76
|
|
|
77
|
-
#define OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, _name, _get)
|
|
78
|
-
/*
|
|
79
|
-
* call-seq:
|
|
80
|
-
* _keytype##.##_name -> aBN
|
|
81
|
-
*/
|
|
82
|
-
static VALUE ossl_##_keytype##_get_##_name(VALUE self)
|
|
83
|
-
{
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
77
|
+
#define OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, _name, _get) \
|
|
78
|
+
/* \
|
|
79
|
+
* call-seq: \
|
|
80
|
+
* _keytype##.##_name -> aBN \
|
|
81
|
+
*/ \
|
|
82
|
+
static VALUE ossl_##_keytype##_get_##_name(VALUE self) \
|
|
83
|
+
{ \
|
|
84
|
+
const _type *obj; \
|
|
85
|
+
const BIGNUM *bn; \
|
|
86
|
+
\
|
|
87
|
+
Get##_type(self, obj); \
|
|
88
|
+
_get; \
|
|
89
|
+
if (bn == NULL) \
|
|
90
|
+
return Qnil; \
|
|
91
|
+
return ossl_bn_new(bn); \
|
|
92
92
|
}
|
|
93
93
|
|
|
94
|
-
#define OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
#define OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2)
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
#
|
|
109
|
-
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
110
|
-
/*
|
|
111
|
-
* call-seq:
|
|
112
|
-
* _keytype##.set_##_group(a1, a2, a3) -> self
|
|
113
|
-
*/
|
|
94
|
+
#define OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
95
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
|
|
96
|
+
_type##_get0_##_group(obj, &bn, NULL, NULL)) \
|
|
97
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
|
|
98
|
+
_type##_get0_##_group(obj, NULL, &bn, NULL)) \
|
|
99
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a3, \
|
|
100
|
+
_type##_get0_##_group(obj, NULL, NULL, &bn))
|
|
101
|
+
|
|
102
|
+
#define OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
|
|
103
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
|
|
104
|
+
_type##_get0_##_group(obj, &bn, NULL)) \
|
|
105
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
|
|
106
|
+
_type##_get0_##_group(obj, NULL, &bn))
|
|
107
|
+
|
|
108
|
+
#ifndef OSSL_HAVE_IMMUTABLE_PKEY
|
|
109
|
+
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
110
|
+
/* \
|
|
111
|
+
* call-seq: \
|
|
112
|
+
* _keytype##.set_##_group(a1, a2, a3) -> self \
|
|
113
|
+
*/ \
|
|
114
114
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
|
|
115
|
-
{
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) ||
|
|
123
|
-
(orig_bn2 && !(bn2 = BN_dup(orig_bn2))) ||
|
|
124
|
-
(orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) {
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
115
|
+
{ \
|
|
116
|
+
_type *obj; \
|
|
117
|
+
BIGNUM *bn1 = NULL, *orig_bn1 = NIL_P(v1) ? NULL : GetBNPtr(v1);\
|
|
118
|
+
BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
|
|
119
|
+
BIGNUM *bn3 = NULL, *orig_bn3 = NIL_P(v3) ? NULL : GetBNPtr(v3);\
|
|
120
|
+
\
|
|
121
|
+
Get##_type(self, obj); \
|
|
122
|
+
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
|
123
|
+
(orig_bn2 && !(bn2 = BN_dup(orig_bn2))) || \
|
|
124
|
+
(orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) { \
|
|
125
|
+
BN_clear_free(bn1); \
|
|
126
|
+
BN_clear_free(bn2); \
|
|
127
|
+
BN_clear_free(bn3); \
|
|
128
|
+
ossl_raise(ePKeyError, "BN_dup"); \
|
|
129
|
+
} \
|
|
130
|
+
\
|
|
131
|
+
if (!_type##_set0_##_group(obj, bn1, bn2, bn3)) { \
|
|
132
|
+
BN_clear_free(bn1); \
|
|
133
|
+
BN_clear_free(bn2); \
|
|
134
|
+
BN_clear_free(bn3); \
|
|
135
|
+
ossl_raise(ePKeyError, #_type"_set0_"#_group); \
|
|
136
|
+
} \
|
|
137
|
+
return self; \
|
|
138
138
|
}
|
|
139
139
|
|
|
140
|
-
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
|
|
141
|
-
/*
|
|
142
|
-
* call-seq:
|
|
143
|
-
* _keytype##.set_##_group(a1, a2) -> self
|
|
144
|
-
*/
|
|
140
|
+
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
|
|
141
|
+
/* \
|
|
142
|
+
* call-seq: \
|
|
143
|
+
* _keytype##.set_##_group(a1, a2) -> self \
|
|
144
|
+
*/ \
|
|
145
145
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
|
|
146
|
-
{
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) ||
|
|
153
|
-
(orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) {
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
146
|
+
{ \
|
|
147
|
+
_type *obj; \
|
|
148
|
+
BIGNUM *bn1 = NULL, *orig_bn1 = NIL_P(v1) ? NULL : GetBNPtr(v1);\
|
|
149
|
+
BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
|
|
150
|
+
\
|
|
151
|
+
Get##_type(self, obj); \
|
|
152
|
+
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
|
153
|
+
(orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) { \
|
|
154
|
+
BN_clear_free(bn1); \
|
|
155
|
+
BN_clear_free(bn2); \
|
|
156
|
+
ossl_raise(ePKeyError, "BN_dup"); \
|
|
157
|
+
} \
|
|
158
|
+
\
|
|
159
|
+
if (!_type##_set0_##_group(obj, bn1, bn2)) { \
|
|
160
|
+
BN_clear_free(bn1); \
|
|
161
|
+
BN_clear_free(bn2); \
|
|
162
|
+
ossl_raise(ePKeyError, #_type"_set0_"#_group); \
|
|
163
|
+
} \
|
|
164
|
+
return self; \
|
|
165
165
|
}
|
|
166
166
|
#else
|
|
167
|
-
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
167
|
+
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
168
168
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
|
|
169
|
-
{
|
|
170
|
-
rb_raise(ePKeyError,
|
|
169
|
+
{ \
|
|
170
|
+
rb_raise(ePKeyError, \
|
|
171
171
|
#_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
|
|
172
172
|
}
|
|
173
173
|
|
|
174
|
-
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
|
|
174
|
+
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
|
|
175
175
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
|
|
176
|
-
{
|
|
177
|
-
rb_raise(ePKeyError,
|
|
176
|
+
{ \
|
|
177
|
+
rb_raise(ePKeyError, \
|
|
178
178
|
#_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
|
|
179
179
|
}
|
|
180
180
|
#endif
|
|
181
181
|
|
|
182
|
-
#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3)
|
|
183
|
-
|
|
184
|
-
|
|
182
|
+
#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \
|
|
183
|
+
OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
184
|
+
OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
185
185
|
|
|
186
|
-
#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2)
|
|
187
|
-
|
|
188
|
-
|
|
186
|
+
#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \
|
|
187
|
+
OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
|
|
188
|
+
OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
|
|
189
189
|
|
|
190
|
-
#define DEF_OSSL_PKEY_BN(class, keytype, name)
|
|
191
|
-
|
|
190
|
+
#define DEF_OSSL_PKEY_BN(class, keytype, name) \
|
|
191
|
+
rb_define_method((class), #name, ossl_##keytype##_get_##name, 0)
|
|
192
192
|
|
|
193
193
|
#endif /* OSSL_PKEY_H */
|
data/ext/openssl/ossl_pkey_dh.c
CHANGED
|
@@ -14,20 +14,21 @@
|
|
|
14
14
|
#define GetPKeyDH(obj, pkey) do { \
|
|
15
15
|
GetPKey((obj), (pkey)); \
|
|
16
16
|
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { /* PARANOIA? */ \
|
|
17
|
-
|
|
17
|
+
ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \
|
|
18
18
|
} \
|
|
19
19
|
} while (0)
|
|
20
20
|
#define GetDH(obj, dh) do { \
|
|
21
21
|
EVP_PKEY *_pkey; \
|
|
22
22
|
GetPKeyDH((obj), _pkey); \
|
|
23
23
|
(dh) = EVP_PKEY_get0_DH(_pkey); \
|
|
24
|
+
if ((dh) == NULL) \
|
|
25
|
+
ossl_raise(ePKeyError, "failed to get DH from EVP_PKEY"); \
|
|
24
26
|
} while (0)
|
|
25
27
|
|
|
26
28
|
/*
|
|
27
29
|
* Classes
|
|
28
30
|
*/
|
|
29
31
|
VALUE cDH;
|
|
30
|
-
static VALUE eDHError;
|
|
31
32
|
|
|
32
33
|
/*
|
|
33
34
|
* Private
|
|
@@ -43,6 +44,7 @@ static VALUE eDHError;
|
|
|
43
44
|
* If called without arguments, an empty instance without any parameter or key
|
|
44
45
|
* components is created. Use #set_pqg to manually set the parameters afterwards
|
|
45
46
|
* (and optionally #set_key to set private and public key components).
|
|
47
|
+
* This form is not compatible with OpenSSL 3.0 or later.
|
|
46
48
|
*
|
|
47
49
|
* If a String is given, tries to parse it as a DER- or PEM- encoded parameters.
|
|
48
50
|
* See also OpenSSL::PKey.read which can parse keys of any kinds.
|
|
@@ -58,14 +60,15 @@ static VALUE eDHError;
|
|
|
58
60
|
*
|
|
59
61
|
* Examples:
|
|
60
62
|
* # Creating an instance from scratch
|
|
61
|
-
* # Note that this is deprecated and will
|
|
63
|
+
* # Note that this is deprecated and will result in ArgumentError when
|
|
64
|
+
* # using OpenSSL 3.0 or later.
|
|
62
65
|
* dh = OpenSSL::PKey::DH.new
|
|
63
66
|
* dh.set_pqg(bn_p, nil, bn_g)
|
|
64
67
|
*
|
|
65
68
|
* # Generating a parameters and a key pair
|
|
66
69
|
* dh = OpenSSL::PKey::DH.new(2048) # An alias of OpenSSL::PKey::DH.generate(2048)
|
|
67
70
|
*
|
|
68
|
-
* # Reading DH parameters
|
|
71
|
+
* # Reading DH parameters from a PEM-encoded string
|
|
69
72
|
* dh_params = OpenSSL::PKey::DH.new(File.read('parameters.pem')) # loads parameters only
|
|
70
73
|
* dh = OpenSSL::PKey.generate_key(dh_params) # generates a key pair
|
|
71
74
|
*/
|
|
@@ -84,10 +87,15 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
84
87
|
|
|
85
88
|
/* The DH.new(size, generator) form is handled by lib/openssl/pkey.rb */
|
|
86
89
|
if (rb_scan_args(argc, argv, "01", &arg) == 0) {
|
|
90
|
+
#ifdef OSSL_HAVE_IMMUTABLE_PKEY
|
|
91
|
+
rb_raise(rb_eArgError, "OpenSSL::PKey::DH.new cannot be called " \
|
|
92
|
+
"without arguments; pkeys are immutable with OpenSSL 3.0");
|
|
93
|
+
#else
|
|
87
94
|
dh = DH_new();
|
|
88
95
|
if (!dh)
|
|
89
|
-
ossl_raise(
|
|
96
|
+
ossl_raise(ePKeyError, "DH_new");
|
|
90
97
|
goto legacy;
|
|
98
|
+
#endif
|
|
91
99
|
}
|
|
92
100
|
|
|
93
101
|
arg = ossl_to_der_if_possible(arg);
|
|
@@ -105,12 +113,12 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
105
113
|
pkey = ossl_pkey_read_generic(in, Qnil);
|
|
106
114
|
BIO_free(in);
|
|
107
115
|
if (!pkey)
|
|
108
|
-
ossl_raise(
|
|
116
|
+
ossl_raise(ePKeyError, "could not parse pkey");
|
|
109
117
|
|
|
110
118
|
type = EVP_PKEY_base_id(pkey);
|
|
111
119
|
if (type != EVP_PKEY_DH) {
|
|
112
120
|
EVP_PKEY_free(pkey);
|
|
113
|
-
rb_raise(
|
|
121
|
+
rb_raise(ePKeyError, "incorrect pkey type: %s", OBJ_nid2sn(type));
|
|
114
122
|
}
|
|
115
123
|
RTYPEDDATA_DATA(self) = pkey;
|
|
116
124
|
return self;
|
|
@@ -121,13 +129,14 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
121
129
|
if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) {
|
|
122
130
|
EVP_PKEY_free(pkey);
|
|
123
131
|
DH_free(dh);
|
|
124
|
-
ossl_raise(
|
|
132
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DH");
|
|
125
133
|
}
|
|
126
134
|
RTYPEDDATA_DATA(self) = pkey;
|
|
127
135
|
return self;
|
|
128
136
|
}
|
|
129
137
|
|
|
130
138
|
#ifndef HAVE_EVP_PKEY_DUP
|
|
139
|
+
/* :nodoc: */
|
|
131
140
|
static VALUE
|
|
132
141
|
ossl_dh_initialize_copy(VALUE self, VALUE other)
|
|
133
142
|
{
|
|
@@ -142,26 +151,26 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
|
|
|
142
151
|
|
|
143
152
|
dh = DHparams_dup(dh_other);
|
|
144
153
|
if (!dh)
|
|
145
|
-
|
|
154
|
+
ossl_raise(ePKeyError, "DHparams_dup");
|
|
146
155
|
|
|
147
156
|
DH_get0_key(dh_other, &pub, &priv);
|
|
148
157
|
if (pub) {
|
|
149
|
-
|
|
150
|
-
|
|
158
|
+
BIGNUM *pub2 = BN_dup(pub);
|
|
159
|
+
BIGNUM *priv2 = BN_dup(priv);
|
|
151
160
|
|
|
152
161
|
if (!pub2 || (priv && !priv2)) {
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
162
|
+
BN_clear_free(pub2);
|
|
163
|
+
BN_clear_free(priv2);
|
|
164
|
+
ossl_raise(ePKeyError, "BN_dup");
|
|
165
|
+
}
|
|
166
|
+
DH_set0_key(dh, pub2, priv2);
|
|
158
167
|
}
|
|
159
168
|
|
|
160
169
|
pkey = EVP_PKEY_new();
|
|
161
170
|
if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) {
|
|
162
171
|
EVP_PKEY_free(pkey);
|
|
163
172
|
DH_free(dh);
|
|
164
|
-
ossl_raise(
|
|
173
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DH");
|
|
165
174
|
}
|
|
166
175
|
RTYPEDDATA_DATA(self) = pkey;
|
|
167
176
|
return self;
|
|
@@ -240,11 +249,11 @@ ossl_dh_export(VALUE self)
|
|
|
240
249
|
|
|
241
250
|
GetDH(self, dh);
|
|
242
251
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
|
243
|
-
|
|
252
|
+
ossl_raise(ePKeyError, NULL);
|
|
244
253
|
}
|
|
245
254
|
if (!PEM_write_bio_DHparams(out, dh)) {
|
|
246
|
-
|
|
247
|
-
|
|
255
|
+
BIO_free(out);
|
|
256
|
+
ossl_raise(ePKeyError, NULL);
|
|
248
257
|
}
|
|
249
258
|
str = ossl_membio2str(out);
|
|
250
259
|
|
|
@@ -274,45 +283,16 @@ ossl_dh_to_der(VALUE self)
|
|
|
274
283
|
|
|
275
284
|
GetDH(self, dh);
|
|
276
285
|
if((len = i2d_DHparams(dh, NULL)) <= 0)
|
|
277
|
-
|
|
286
|
+
ossl_raise(ePKeyError, NULL);
|
|
278
287
|
str = rb_str_new(0, len);
|
|
279
288
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
280
289
|
if(i2d_DHparams(dh, &p) < 0)
|
|
281
|
-
|
|
290
|
+
ossl_raise(ePKeyError, NULL);
|
|
282
291
|
ossl_str_adjust(str, p);
|
|
283
292
|
|
|
284
293
|
return str;
|
|
285
294
|
}
|
|
286
295
|
|
|
287
|
-
/*
|
|
288
|
-
* call-seq:
|
|
289
|
-
* dh.params -> hash
|
|
290
|
-
*
|
|
291
|
-
* Stores all parameters of key to the hash
|
|
292
|
-
* INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
|
|
293
|
-
* Don't use :-)) (I's up to you)
|
|
294
|
-
*/
|
|
295
|
-
static VALUE
|
|
296
|
-
ossl_dh_get_params(VALUE self)
|
|
297
|
-
{
|
|
298
|
-
OSSL_3_const DH *dh;
|
|
299
|
-
VALUE hash;
|
|
300
|
-
const BIGNUM *p, *q, *g, *pub_key, *priv_key;
|
|
301
|
-
|
|
302
|
-
GetDH(self, dh);
|
|
303
|
-
DH_get0_pqg(dh, &p, &q, &g);
|
|
304
|
-
DH_get0_key(dh, &pub_key, &priv_key);
|
|
305
|
-
|
|
306
|
-
hash = rb_hash_new();
|
|
307
|
-
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
|
|
308
|
-
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
|
|
309
|
-
rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g));
|
|
310
|
-
rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key));
|
|
311
|
-
rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key));
|
|
312
|
-
|
|
313
|
-
return hash;
|
|
314
|
-
}
|
|
315
|
-
|
|
316
296
|
/*
|
|
317
297
|
* call-seq:
|
|
318
298
|
* dh.params_ok? -> true | false
|
|
@@ -334,7 +314,7 @@ ossl_dh_check_params(VALUE self)
|
|
|
334
314
|
GetPKey(self, pkey);
|
|
335
315
|
pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
|
|
336
316
|
if (!pctx)
|
|
337
|
-
ossl_raise(
|
|
317
|
+
ossl_raise(ePKeyError, "EVP_PKEY_CTX_new");
|
|
338
318
|
ret = EVP_PKEY_param_check(pctx);
|
|
339
319
|
EVP_PKEY_CTX_free(pctx);
|
|
340
320
|
#else
|
|
@@ -377,19 +357,6 @@ OSSL_PKEY_BN_DEF2(dh, DH, key, pub_key, priv_key)
|
|
|
377
357
|
void
|
|
378
358
|
Init_ossl_dh(void)
|
|
379
359
|
{
|
|
380
|
-
#if 0
|
|
381
|
-
mPKey = rb_define_module_under(mOSSL, "PKey");
|
|
382
|
-
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
|
|
383
|
-
ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
|
|
384
|
-
#endif
|
|
385
|
-
|
|
386
|
-
/* Document-class: OpenSSL::PKey::DHError
|
|
387
|
-
*
|
|
388
|
-
* Generic exception that is raised if an operation on a DH PKey
|
|
389
|
-
* fails unexpectedly or in case an instantiation of an instance of DH
|
|
390
|
-
* fails due to non-conformant input data.
|
|
391
|
-
*/
|
|
392
|
-
eDHError = rb_define_class_under(mPKey, "DHError", ePKeyError);
|
|
393
360
|
/* Document-class: OpenSSL::PKey::DH
|
|
394
361
|
*
|
|
395
362
|
* An implementation of the Diffie-Hellman key exchange protocol based on
|
|
@@ -443,8 +410,6 @@ Init_ossl_dh(void)
|
|
|
443
410
|
DEF_OSSL_PKEY_BN(cDH, dh, priv_key);
|
|
444
411
|
rb_define_method(cDH, "set_pqg", ossl_dh_set_pqg, 3);
|
|
445
412
|
rb_define_method(cDH, "set_key", ossl_dh_set_key, 2);
|
|
446
|
-
|
|
447
|
-
rb_define_method(cDH, "params", ossl_dh_get_params, 0);
|
|
448
413
|
}
|
|
449
414
|
|
|
450
415
|
#else /* defined NO_DH */
|
data/ext/openssl/ossl_pkey_dsa.c
CHANGED
|
@@ -14,13 +14,15 @@
|
|
|
14
14
|
#define GetPKeyDSA(obj, pkey) do { \
|
|
15
15
|
GetPKey((obj), (pkey)); \
|
|
16
16
|
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { /* PARANOIA? */ \
|
|
17
|
-
|
|
17
|
+
ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \
|
|
18
18
|
} \
|
|
19
19
|
} while (0)
|
|
20
20
|
#define GetDSA(obj, dsa) do { \
|
|
21
21
|
EVP_PKEY *_pkey; \
|
|
22
22
|
GetPKeyDSA((obj), _pkey); \
|
|
23
23
|
(dsa) = EVP_PKEY_get0_DSA(_pkey); \
|
|
24
|
+
if ((dsa) == NULL) \
|
|
25
|
+
ossl_raise(ePKeyError, "failed to get DSA from EVP_PKEY"); \
|
|
24
26
|
} while (0)
|
|
25
27
|
|
|
26
28
|
static inline int
|
|
@@ -41,7 +43,6 @@ DSA_PRIVATE(VALUE obj, OSSL_3_const DSA *dsa)
|
|
|
41
43
|
* Classes
|
|
42
44
|
*/
|
|
43
45
|
VALUE cDSA;
|
|
44
|
-
static VALUE eDSAError;
|
|
45
46
|
|
|
46
47
|
/*
|
|
47
48
|
* Private
|
|
@@ -56,6 +57,7 @@ static VALUE eDSAError;
|
|
|
56
57
|
*
|
|
57
58
|
* If called without arguments, creates a new instance with no key components
|
|
58
59
|
* set. They can be set individually by #set_pqg and #set_key.
|
|
60
|
+
* This form is not compatible with OpenSSL 3.0 or later.
|
|
59
61
|
*
|
|
60
62
|
* If called with a String, tries to parse as DER or PEM encoding of a \DSA key.
|
|
61
63
|
* See also OpenSSL::PKey.read which can parse keys of any kinds.
|
|
@@ -96,10 +98,15 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
96
98
|
/* The DSA.new(size, generator) form is handled by lib/openssl/pkey.rb */
|
|
97
99
|
rb_scan_args(argc, argv, "02", &arg, &pass);
|
|
98
100
|
if (argc == 0) {
|
|
101
|
+
#ifdef OSSL_HAVE_IMMUTABLE_PKEY
|
|
102
|
+
rb_raise(rb_eArgError, "OpenSSL::PKey::DSA.new cannot be called " \
|
|
103
|
+
"without arguments; pkeys are immutable with OpenSSL 3.0");
|
|
104
|
+
#else
|
|
99
105
|
dsa = DSA_new();
|
|
100
106
|
if (!dsa)
|
|
101
|
-
ossl_raise(
|
|
107
|
+
ossl_raise(ePKeyError, "DSA_new");
|
|
102
108
|
goto legacy;
|
|
109
|
+
#endif
|
|
103
110
|
}
|
|
104
111
|
|
|
105
112
|
pass = ossl_pem_passwd_value(pass);
|
|
@@ -117,12 +124,12 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
117
124
|
pkey = ossl_pkey_read_generic(in, pass);
|
|
118
125
|
BIO_free(in);
|
|
119
126
|
if (!pkey)
|
|
120
|
-
ossl_raise(
|
|
127
|
+
ossl_raise(ePKeyError, "Neither PUB key nor PRIV key");
|
|
121
128
|
|
|
122
129
|
type = EVP_PKEY_base_id(pkey);
|
|
123
130
|
if (type != EVP_PKEY_DSA) {
|
|
124
131
|
EVP_PKEY_free(pkey);
|
|
125
|
-
rb_raise(
|
|
132
|
+
rb_raise(ePKeyError, "incorrect pkey type: %s", OBJ_nid2sn(type));
|
|
126
133
|
}
|
|
127
134
|
RTYPEDDATA_DATA(self) = pkey;
|
|
128
135
|
return self;
|
|
@@ -133,13 +140,14 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
133
140
|
if (!pkey || EVP_PKEY_assign_DSA(pkey, dsa) != 1) {
|
|
134
141
|
EVP_PKEY_free(pkey);
|
|
135
142
|
DSA_free(dsa);
|
|
136
|
-
ossl_raise(
|
|
143
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DSA");
|
|
137
144
|
}
|
|
138
145
|
RTYPEDDATA_DATA(self) = pkey;
|
|
139
146
|
return self;
|
|
140
147
|
}
|
|
141
148
|
|
|
142
149
|
#ifndef HAVE_EVP_PKEY_DUP
|
|
150
|
+
/* :nodoc: */
|
|
143
151
|
static VALUE
|
|
144
152
|
ossl_dsa_initialize_copy(VALUE self, VALUE other)
|
|
145
153
|
{
|
|
@@ -155,13 +163,13 @@ ossl_dsa_initialize_copy(VALUE self, VALUE other)
|
|
|
155
163
|
(d2i_of_void *)d2i_DSAPrivateKey,
|
|
156
164
|
(char *)dsa);
|
|
157
165
|
if (!dsa_new)
|
|
158
|
-
|
|
166
|
+
ossl_raise(ePKeyError, "ASN1_dup");
|
|
159
167
|
|
|
160
168
|
pkey = EVP_PKEY_new();
|
|
161
169
|
if (!pkey || EVP_PKEY_assign_DSA(pkey, dsa_new) != 1) {
|
|
162
170
|
EVP_PKEY_free(pkey);
|
|
163
171
|
DSA_free(dsa_new);
|
|
164
|
-
ossl_raise(
|
|
172
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DSA");
|
|
165
173
|
}
|
|
166
174
|
RTYPEDDATA_DATA(self) = pkey;
|
|
167
175
|
|
|
@@ -303,35 +311,6 @@ ossl_dsa_to_der(VALUE self)
|
|
|
303
311
|
}
|
|
304
312
|
|
|
305
313
|
|
|
306
|
-
/*
|
|
307
|
-
* call-seq:
|
|
308
|
-
* dsa.params -> hash
|
|
309
|
-
*
|
|
310
|
-
* Stores all parameters of key to the hash
|
|
311
|
-
* INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
|
|
312
|
-
* Don't use :-)) (I's up to you)
|
|
313
|
-
*/
|
|
314
|
-
static VALUE
|
|
315
|
-
ossl_dsa_get_params(VALUE self)
|
|
316
|
-
{
|
|
317
|
-
OSSL_3_const DSA *dsa;
|
|
318
|
-
VALUE hash;
|
|
319
|
-
const BIGNUM *p, *q, *g, *pub_key, *priv_key;
|
|
320
|
-
|
|
321
|
-
GetDSA(self, dsa);
|
|
322
|
-
DSA_get0_pqg(dsa, &p, &q, &g);
|
|
323
|
-
DSA_get0_key(dsa, &pub_key, &priv_key);
|
|
324
|
-
|
|
325
|
-
hash = rb_hash_new();
|
|
326
|
-
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
|
|
327
|
-
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
|
|
328
|
-
rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g));
|
|
329
|
-
rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key));
|
|
330
|
-
rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key));
|
|
331
|
-
|
|
332
|
-
return hash;
|
|
333
|
-
}
|
|
334
|
-
|
|
335
314
|
/*
|
|
336
315
|
* Document-method: OpenSSL::PKey::DSA#set_pqg
|
|
337
316
|
* call-seq:
|
|
@@ -355,20 +334,6 @@ OSSL_PKEY_BN_DEF2(dsa, DSA, key, pub_key, priv_key)
|
|
|
355
334
|
void
|
|
356
335
|
Init_ossl_dsa(void)
|
|
357
336
|
{
|
|
358
|
-
#if 0
|
|
359
|
-
mPKey = rb_define_module_under(mOSSL, "PKey");
|
|
360
|
-
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
|
|
361
|
-
ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
|
|
362
|
-
#endif
|
|
363
|
-
|
|
364
|
-
/* Document-class: OpenSSL::PKey::DSAError
|
|
365
|
-
*
|
|
366
|
-
* Generic exception that is raised if an operation on a DSA PKey
|
|
367
|
-
* fails unexpectedly or in case an instantiation of an instance of DSA
|
|
368
|
-
* fails due to non-conformant input data.
|
|
369
|
-
*/
|
|
370
|
-
eDSAError = rb_define_class_under(mPKey, "DSAError", ePKeyError);
|
|
371
|
-
|
|
372
337
|
/* Document-class: OpenSSL::PKey::DSA
|
|
373
338
|
*
|
|
374
339
|
* DSA, the Digital Signature Algorithm, is specified in NIST's
|
|
@@ -396,8 +361,6 @@ Init_ossl_dsa(void)
|
|
|
396
361
|
DEF_OSSL_PKEY_BN(cDSA, dsa, priv_key);
|
|
397
362
|
rb_define_method(cDSA, "set_pqg", ossl_dsa_set_pqg, 3);
|
|
398
363
|
rb_define_method(cDSA, "set_key", ossl_dsa_set_key, 2);
|
|
399
|
-
|
|
400
|
-
rb_define_method(cDSA, "params", ossl_dsa_get_params, 0);
|
|
401
364
|
}
|
|
402
365
|
|
|
403
366
|
#else /* defined NO_DSA */
|