openssl 3.3.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +85 -0
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +30 -69
- data/ext/openssl/openssl_missing.h +0 -206
- data/ext/openssl/ossl.c +280 -301
- data/ext/openssl/ossl.h +15 -10
- data/ext/openssl/ossl_asn1.c +598 -406
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +252 -203
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +31 -37
- data/ext/openssl/ossl_ocsp.c +214 -241
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +175 -145
- data/ext/openssl/ossl_pkey.c +162 -178
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +31 -68
- data/ext/openssl/ossl_pkey_dsa.c +15 -54
- data/ext/openssl/ossl_pkey_ec.c +179 -237
- data/ext/openssl/ossl_pkey_rsa.c +56 -103
- data/ext/openssl/ossl_provider.c +0 -7
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +478 -353
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +81 -127
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509attr.c +33 -54
- data/ext/openssl/ossl_x509cert.c +69 -100
- data/ext/openssl/ossl_x509crl.c +78 -89
- data/ext/openssl/ossl_x509ext.c +45 -66
- data/ext/openssl/ossl_x509name.c +63 -88
- data/ext/openssl/ossl_x509req.c +55 -62
- data/ext/openssl/ossl_x509revoked.c +27 -41
- data/ext/openssl/ossl_x509store.c +38 -56
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +1 -3
- data/ext/openssl/openssl_missing.c +0 -40
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_pkey.h
CHANGED
|
@@ -22,12 +22,12 @@ extern const rb_data_type_t ossl_evp_pkey_type;
|
|
|
22
22
|
#define GetPKey(obj, pkey) do {\
|
|
23
23
|
TypedData_Get_Struct((obj), EVP_PKEY, &ossl_evp_pkey_type, (pkey)); \
|
|
24
24
|
if (!(pkey)) { \
|
|
25
|
-
|
|
25
|
+
rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\
|
|
26
26
|
} \
|
|
27
27
|
} while (0)
|
|
28
28
|
|
|
29
29
|
/* Takes ownership of the EVP_PKEY */
|
|
30
|
-
VALUE
|
|
30
|
+
VALUE ossl_pkey_wrap(EVP_PKEY *);
|
|
31
31
|
void ossl_pkey_check_public_key(const EVP_PKEY *);
|
|
32
32
|
EVP_PKEY *ossl_pkey_read_generic(BIO *, VALUE);
|
|
33
33
|
EVP_PKEY *GetPKeyPtr(VALUE);
|
|
@@ -45,7 +45,7 @@ VALUE ossl_pkey_export_spki(VALUE self, int to_der);
|
|
|
45
45
|
* #to_der.
|
|
46
46
|
*/
|
|
47
47
|
VALUE ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self,
|
|
48
|
-
|
|
48
|
+
int to_der);
|
|
49
49
|
|
|
50
50
|
void Init_ossl_pkey(void);
|
|
51
51
|
|
|
@@ -74,120 +74,120 @@ extern VALUE cEC;
|
|
|
74
74
|
VALUE ossl_ec_new(EVP_PKEY *);
|
|
75
75
|
void Init_ossl_ec(void);
|
|
76
76
|
|
|
77
|
-
#define OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, _name, _get)
|
|
78
|
-
/*
|
|
79
|
-
* call-seq:
|
|
80
|
-
* _keytype##.##_name -> aBN
|
|
81
|
-
*/
|
|
82
|
-
static VALUE ossl_##_keytype##_get_##_name(VALUE self)
|
|
83
|
-
{
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
77
|
+
#define OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, _name, _get) \
|
|
78
|
+
/* \
|
|
79
|
+
* call-seq: \
|
|
80
|
+
* _keytype##.##_name -> aBN \
|
|
81
|
+
*/ \
|
|
82
|
+
static VALUE ossl_##_keytype##_get_##_name(VALUE self) \
|
|
83
|
+
{ \
|
|
84
|
+
const _type *obj; \
|
|
85
|
+
const BIGNUM *bn; \
|
|
86
|
+
\
|
|
87
|
+
Get##_type(self, obj); \
|
|
88
|
+
_get; \
|
|
89
|
+
if (bn == NULL) \
|
|
90
|
+
return Qnil; \
|
|
91
|
+
return ossl_bn_new(bn); \
|
|
92
92
|
}
|
|
93
93
|
|
|
94
|
-
#define OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
#define OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2)
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
#
|
|
109
|
-
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
110
|
-
/*
|
|
111
|
-
* call-seq:
|
|
112
|
-
* _keytype##.set_##_group(a1, a2, a3) -> self
|
|
113
|
-
*/
|
|
94
|
+
#define OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
95
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
|
|
96
|
+
_type##_get0_##_group(obj, &bn, NULL, NULL)) \
|
|
97
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
|
|
98
|
+
_type##_get0_##_group(obj, NULL, &bn, NULL)) \
|
|
99
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a3, \
|
|
100
|
+
_type##_get0_##_group(obj, NULL, NULL, &bn))
|
|
101
|
+
|
|
102
|
+
#define OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
|
|
103
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
|
|
104
|
+
_type##_get0_##_group(obj, &bn, NULL)) \
|
|
105
|
+
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
|
|
106
|
+
_type##_get0_##_group(obj, NULL, &bn))
|
|
107
|
+
|
|
108
|
+
#ifndef OSSL_HAVE_IMMUTABLE_PKEY
|
|
109
|
+
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
110
|
+
/* \
|
|
111
|
+
* call-seq: \
|
|
112
|
+
* _keytype##.set_##_group(a1, a2, a3) -> self \
|
|
113
|
+
*/ \
|
|
114
114
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
|
|
115
|
-
{
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) ||
|
|
123
|
-
(orig_bn2 && !(bn2 = BN_dup(orig_bn2))) ||
|
|
124
|
-
(orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) {
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
115
|
+
{ \
|
|
116
|
+
_type *obj; \
|
|
117
|
+
BIGNUM *bn1 = NULL, *orig_bn1 = NIL_P(v1) ? NULL : GetBNPtr(v1);\
|
|
118
|
+
BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
|
|
119
|
+
BIGNUM *bn3 = NULL, *orig_bn3 = NIL_P(v3) ? NULL : GetBNPtr(v3);\
|
|
120
|
+
\
|
|
121
|
+
Get##_type(self, obj); \
|
|
122
|
+
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
|
123
|
+
(orig_bn2 && !(bn2 = BN_dup(orig_bn2))) || \
|
|
124
|
+
(orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) { \
|
|
125
|
+
BN_clear_free(bn1); \
|
|
126
|
+
BN_clear_free(bn2); \
|
|
127
|
+
BN_clear_free(bn3); \
|
|
128
|
+
ossl_raise(ePKeyError, "BN_dup"); \
|
|
129
|
+
} \
|
|
130
|
+
\
|
|
131
|
+
if (!_type##_set0_##_group(obj, bn1, bn2, bn3)) { \
|
|
132
|
+
BN_clear_free(bn1); \
|
|
133
|
+
BN_clear_free(bn2); \
|
|
134
|
+
BN_clear_free(bn3); \
|
|
135
|
+
ossl_raise(ePKeyError, #_type"_set0_"#_group); \
|
|
136
|
+
} \
|
|
137
|
+
return self; \
|
|
138
138
|
}
|
|
139
139
|
|
|
140
|
-
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
|
|
141
|
-
/*
|
|
142
|
-
* call-seq:
|
|
143
|
-
* _keytype##.set_##_group(a1, a2) -> self
|
|
144
|
-
*/
|
|
140
|
+
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
|
|
141
|
+
/* \
|
|
142
|
+
* call-seq: \
|
|
143
|
+
* _keytype##.set_##_group(a1, a2) -> self \
|
|
144
|
+
*/ \
|
|
145
145
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
|
|
146
|
-
{
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) ||
|
|
153
|
-
(orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) {
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
146
|
+
{ \
|
|
147
|
+
_type *obj; \
|
|
148
|
+
BIGNUM *bn1 = NULL, *orig_bn1 = NIL_P(v1) ? NULL : GetBNPtr(v1);\
|
|
149
|
+
BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
|
|
150
|
+
\
|
|
151
|
+
Get##_type(self, obj); \
|
|
152
|
+
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
|
153
|
+
(orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) { \
|
|
154
|
+
BN_clear_free(bn1); \
|
|
155
|
+
BN_clear_free(bn2); \
|
|
156
|
+
ossl_raise(ePKeyError, "BN_dup"); \
|
|
157
|
+
} \
|
|
158
|
+
\
|
|
159
|
+
if (!_type##_set0_##_group(obj, bn1, bn2)) { \
|
|
160
|
+
BN_clear_free(bn1); \
|
|
161
|
+
BN_clear_free(bn2); \
|
|
162
|
+
ossl_raise(ePKeyError, #_type"_set0_"#_group); \
|
|
163
|
+
} \
|
|
164
|
+
return self; \
|
|
165
165
|
}
|
|
166
166
|
#else
|
|
167
|
-
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
167
|
+
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
168
168
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
|
|
169
|
-
{
|
|
170
|
-
rb_raise(ePKeyError,
|
|
169
|
+
{ \
|
|
170
|
+
rb_raise(ePKeyError, \
|
|
171
171
|
#_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
|
|
172
172
|
}
|
|
173
173
|
|
|
174
|
-
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
|
|
174
|
+
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
|
|
175
175
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
|
|
176
|
-
{
|
|
177
|
-
rb_raise(ePKeyError,
|
|
176
|
+
{ \
|
|
177
|
+
rb_raise(ePKeyError, \
|
|
178
178
|
#_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
|
|
179
179
|
}
|
|
180
180
|
#endif
|
|
181
181
|
|
|
182
|
-
#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3)
|
|
183
|
-
|
|
184
|
-
|
|
182
|
+
#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \
|
|
183
|
+
OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
184
|
+
OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
185
185
|
|
|
186
|
-
#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2)
|
|
187
|
-
|
|
188
|
-
|
|
186
|
+
#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \
|
|
187
|
+
OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
|
|
188
|
+
OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
|
|
189
189
|
|
|
190
|
-
#define DEF_OSSL_PKEY_BN(class, keytype, name)
|
|
191
|
-
|
|
190
|
+
#define DEF_OSSL_PKEY_BN(class, keytype, name) \
|
|
191
|
+
rb_define_method((class), #name, ossl_##keytype##_get_##name, 0)
|
|
192
192
|
|
|
193
193
|
#endif /* OSSL_PKEY_H */
|
data/ext/openssl/ossl_pkey_dh.c
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
#define GetPKeyDH(obj, pkey) do { \
|
|
15
15
|
GetPKey((obj), (pkey)); \
|
|
16
16
|
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { /* PARANOIA? */ \
|
|
17
|
-
|
|
17
|
+
ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \
|
|
18
18
|
} \
|
|
19
19
|
} while (0)
|
|
20
20
|
#define GetDH(obj, dh) do { \
|
|
@@ -22,14 +22,13 @@
|
|
|
22
22
|
GetPKeyDH((obj), _pkey); \
|
|
23
23
|
(dh) = EVP_PKEY_get0_DH(_pkey); \
|
|
24
24
|
if ((dh) == NULL) \
|
|
25
|
-
ossl_raise(
|
|
25
|
+
ossl_raise(ePKeyError, "failed to get DH from EVP_PKEY"); \
|
|
26
26
|
} while (0)
|
|
27
27
|
|
|
28
28
|
/*
|
|
29
29
|
* Classes
|
|
30
30
|
*/
|
|
31
31
|
VALUE cDH;
|
|
32
|
-
static VALUE eDHError;
|
|
33
32
|
|
|
34
33
|
/*
|
|
35
34
|
* Private
|
|
@@ -45,6 +44,7 @@ static VALUE eDHError;
|
|
|
45
44
|
* If called without arguments, an empty instance without any parameter or key
|
|
46
45
|
* components is created. Use #set_pqg to manually set the parameters afterwards
|
|
47
46
|
* (and optionally #set_key to set private and public key components).
|
|
47
|
+
* This form is not compatible with OpenSSL 3.0 or later.
|
|
48
48
|
*
|
|
49
49
|
* If a String is given, tries to parse it as a DER- or PEM- encoded parameters.
|
|
50
50
|
* See also OpenSSL::PKey.read which can parse keys of any kinds.
|
|
@@ -60,14 +60,15 @@ static VALUE eDHError;
|
|
|
60
60
|
*
|
|
61
61
|
* Examples:
|
|
62
62
|
* # Creating an instance from scratch
|
|
63
|
-
* # Note that this is deprecated and will
|
|
63
|
+
* # Note that this is deprecated and will result in ArgumentError when
|
|
64
|
+
* # using OpenSSL 3.0 or later.
|
|
64
65
|
* dh = OpenSSL::PKey::DH.new
|
|
65
66
|
* dh.set_pqg(bn_p, nil, bn_g)
|
|
66
67
|
*
|
|
67
68
|
* # Generating a parameters and a key pair
|
|
68
69
|
* dh = OpenSSL::PKey::DH.new(2048) # An alias of OpenSSL::PKey::DH.generate(2048)
|
|
69
70
|
*
|
|
70
|
-
* # Reading DH parameters
|
|
71
|
+
* # Reading DH parameters from a PEM-encoded string
|
|
71
72
|
* dh_params = OpenSSL::PKey::DH.new(File.read('parameters.pem')) # loads parameters only
|
|
72
73
|
* dh = OpenSSL::PKey.generate_key(dh_params) # generates a key pair
|
|
73
74
|
*/
|
|
@@ -86,10 +87,15 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
86
87
|
|
|
87
88
|
/* The DH.new(size, generator) form is handled by lib/openssl/pkey.rb */
|
|
88
89
|
if (rb_scan_args(argc, argv, "01", &arg) == 0) {
|
|
90
|
+
#ifdef OSSL_HAVE_IMMUTABLE_PKEY
|
|
91
|
+
rb_raise(rb_eArgError, "OpenSSL::PKey::DH.new cannot be called " \
|
|
92
|
+
"without arguments; pkeys are immutable with OpenSSL 3.0");
|
|
93
|
+
#else
|
|
89
94
|
dh = DH_new();
|
|
90
95
|
if (!dh)
|
|
91
|
-
ossl_raise(
|
|
96
|
+
ossl_raise(ePKeyError, "DH_new");
|
|
92
97
|
goto legacy;
|
|
98
|
+
#endif
|
|
93
99
|
}
|
|
94
100
|
|
|
95
101
|
arg = ossl_to_der_if_possible(arg);
|
|
@@ -107,12 +113,12 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
107
113
|
pkey = ossl_pkey_read_generic(in, Qnil);
|
|
108
114
|
BIO_free(in);
|
|
109
115
|
if (!pkey)
|
|
110
|
-
ossl_raise(
|
|
116
|
+
ossl_raise(ePKeyError, "could not parse pkey");
|
|
111
117
|
|
|
112
118
|
type = EVP_PKEY_base_id(pkey);
|
|
113
119
|
if (type != EVP_PKEY_DH) {
|
|
114
120
|
EVP_PKEY_free(pkey);
|
|
115
|
-
rb_raise(
|
|
121
|
+
rb_raise(ePKeyError, "incorrect pkey type: %s", OBJ_nid2sn(type));
|
|
116
122
|
}
|
|
117
123
|
RTYPEDDATA_DATA(self) = pkey;
|
|
118
124
|
return self;
|
|
@@ -123,13 +129,14 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
123
129
|
if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) {
|
|
124
130
|
EVP_PKEY_free(pkey);
|
|
125
131
|
DH_free(dh);
|
|
126
|
-
ossl_raise(
|
|
132
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DH");
|
|
127
133
|
}
|
|
128
134
|
RTYPEDDATA_DATA(self) = pkey;
|
|
129
135
|
return self;
|
|
130
136
|
}
|
|
131
137
|
|
|
132
138
|
#ifndef HAVE_EVP_PKEY_DUP
|
|
139
|
+
/* :nodoc: */
|
|
133
140
|
static VALUE
|
|
134
141
|
ossl_dh_initialize_copy(VALUE self, VALUE other)
|
|
135
142
|
{
|
|
@@ -144,26 +151,26 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
|
|
|
144
151
|
|
|
145
152
|
dh = DHparams_dup(dh_other);
|
|
146
153
|
if (!dh)
|
|
147
|
-
|
|
154
|
+
ossl_raise(ePKeyError, "DHparams_dup");
|
|
148
155
|
|
|
149
156
|
DH_get0_key(dh_other, &pub, &priv);
|
|
150
157
|
if (pub) {
|
|
151
|
-
|
|
152
|
-
|
|
158
|
+
BIGNUM *pub2 = BN_dup(pub);
|
|
159
|
+
BIGNUM *priv2 = BN_dup(priv);
|
|
153
160
|
|
|
154
161
|
if (!pub2 || (priv && !priv2)) {
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
162
|
+
BN_clear_free(pub2);
|
|
163
|
+
BN_clear_free(priv2);
|
|
164
|
+
ossl_raise(ePKeyError, "BN_dup");
|
|
165
|
+
}
|
|
166
|
+
DH_set0_key(dh, pub2, priv2);
|
|
160
167
|
}
|
|
161
168
|
|
|
162
169
|
pkey = EVP_PKEY_new();
|
|
163
170
|
if (!pkey || EVP_PKEY_assign_DH(pkey, dh) != 1) {
|
|
164
171
|
EVP_PKEY_free(pkey);
|
|
165
172
|
DH_free(dh);
|
|
166
|
-
ossl_raise(
|
|
173
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DH");
|
|
167
174
|
}
|
|
168
175
|
RTYPEDDATA_DATA(self) = pkey;
|
|
169
176
|
return self;
|
|
@@ -242,11 +249,11 @@ ossl_dh_export(VALUE self)
|
|
|
242
249
|
|
|
243
250
|
GetDH(self, dh);
|
|
244
251
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
|
245
|
-
|
|
252
|
+
ossl_raise(ePKeyError, NULL);
|
|
246
253
|
}
|
|
247
254
|
if (!PEM_write_bio_DHparams(out, dh)) {
|
|
248
|
-
|
|
249
|
-
|
|
255
|
+
BIO_free(out);
|
|
256
|
+
ossl_raise(ePKeyError, NULL);
|
|
250
257
|
}
|
|
251
258
|
str = ossl_membio2str(out);
|
|
252
259
|
|
|
@@ -276,45 +283,16 @@ ossl_dh_to_der(VALUE self)
|
|
|
276
283
|
|
|
277
284
|
GetDH(self, dh);
|
|
278
285
|
if((len = i2d_DHparams(dh, NULL)) <= 0)
|
|
279
|
-
|
|
286
|
+
ossl_raise(ePKeyError, NULL);
|
|
280
287
|
str = rb_str_new(0, len);
|
|
281
288
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
282
289
|
if(i2d_DHparams(dh, &p) < 0)
|
|
283
|
-
|
|
290
|
+
ossl_raise(ePKeyError, NULL);
|
|
284
291
|
ossl_str_adjust(str, p);
|
|
285
292
|
|
|
286
293
|
return str;
|
|
287
294
|
}
|
|
288
295
|
|
|
289
|
-
/*
|
|
290
|
-
* call-seq:
|
|
291
|
-
* dh.params -> hash
|
|
292
|
-
*
|
|
293
|
-
* Stores all parameters of key to the hash
|
|
294
|
-
* INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
|
|
295
|
-
* Don't use :-)) (I's up to you)
|
|
296
|
-
*/
|
|
297
|
-
static VALUE
|
|
298
|
-
ossl_dh_get_params(VALUE self)
|
|
299
|
-
{
|
|
300
|
-
OSSL_3_const DH *dh;
|
|
301
|
-
VALUE hash;
|
|
302
|
-
const BIGNUM *p, *q, *g, *pub_key, *priv_key;
|
|
303
|
-
|
|
304
|
-
GetDH(self, dh);
|
|
305
|
-
DH_get0_pqg(dh, &p, &q, &g);
|
|
306
|
-
DH_get0_key(dh, &pub_key, &priv_key);
|
|
307
|
-
|
|
308
|
-
hash = rb_hash_new();
|
|
309
|
-
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
|
|
310
|
-
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
|
|
311
|
-
rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g));
|
|
312
|
-
rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key));
|
|
313
|
-
rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key));
|
|
314
|
-
|
|
315
|
-
return hash;
|
|
316
|
-
}
|
|
317
|
-
|
|
318
296
|
/*
|
|
319
297
|
* call-seq:
|
|
320
298
|
* dh.params_ok? -> true | false
|
|
@@ -336,7 +314,7 @@ ossl_dh_check_params(VALUE self)
|
|
|
336
314
|
GetPKey(self, pkey);
|
|
337
315
|
pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
|
|
338
316
|
if (!pctx)
|
|
339
|
-
ossl_raise(
|
|
317
|
+
ossl_raise(ePKeyError, "EVP_PKEY_CTX_new");
|
|
340
318
|
ret = EVP_PKEY_param_check(pctx);
|
|
341
319
|
EVP_PKEY_CTX_free(pctx);
|
|
342
320
|
#else
|
|
@@ -379,19 +357,6 @@ OSSL_PKEY_BN_DEF2(dh, DH, key, pub_key, priv_key)
|
|
|
379
357
|
void
|
|
380
358
|
Init_ossl_dh(void)
|
|
381
359
|
{
|
|
382
|
-
#if 0
|
|
383
|
-
mPKey = rb_define_module_under(mOSSL, "PKey");
|
|
384
|
-
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
|
|
385
|
-
ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
|
|
386
|
-
#endif
|
|
387
|
-
|
|
388
|
-
/* Document-class: OpenSSL::PKey::DHError
|
|
389
|
-
*
|
|
390
|
-
* Generic exception that is raised if an operation on a DH PKey
|
|
391
|
-
* fails unexpectedly or in case an instantiation of an instance of DH
|
|
392
|
-
* fails due to non-conformant input data.
|
|
393
|
-
*/
|
|
394
|
-
eDHError = rb_define_class_under(mPKey, "DHError", ePKeyError);
|
|
395
360
|
/* Document-class: OpenSSL::PKey::DH
|
|
396
361
|
*
|
|
397
362
|
* An implementation of the Diffie-Hellman key exchange protocol based on
|
|
@@ -445,8 +410,6 @@ Init_ossl_dh(void)
|
|
|
445
410
|
DEF_OSSL_PKEY_BN(cDH, dh, priv_key);
|
|
446
411
|
rb_define_method(cDH, "set_pqg", ossl_dh_set_pqg, 3);
|
|
447
412
|
rb_define_method(cDH, "set_key", ossl_dh_set_key, 2);
|
|
448
|
-
|
|
449
|
-
rb_define_method(cDH, "params", ossl_dh_get_params, 0);
|
|
450
413
|
}
|
|
451
414
|
|
|
452
415
|
#else /* defined NO_DH */
|
data/ext/openssl/ossl_pkey_dsa.c
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
#define GetPKeyDSA(obj, pkey) do { \
|
|
15
15
|
GetPKey((obj), (pkey)); \
|
|
16
16
|
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { /* PARANOIA? */ \
|
|
17
|
-
|
|
17
|
+
ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \
|
|
18
18
|
} \
|
|
19
19
|
} while (0)
|
|
20
20
|
#define GetDSA(obj, dsa) do { \
|
|
@@ -22,7 +22,7 @@
|
|
|
22
22
|
GetPKeyDSA((obj), _pkey); \
|
|
23
23
|
(dsa) = EVP_PKEY_get0_DSA(_pkey); \
|
|
24
24
|
if ((dsa) == NULL) \
|
|
25
|
-
ossl_raise(
|
|
25
|
+
ossl_raise(ePKeyError, "failed to get DSA from EVP_PKEY"); \
|
|
26
26
|
} while (0)
|
|
27
27
|
|
|
28
28
|
static inline int
|
|
@@ -43,7 +43,6 @@ DSA_PRIVATE(VALUE obj, OSSL_3_const DSA *dsa)
|
|
|
43
43
|
* Classes
|
|
44
44
|
*/
|
|
45
45
|
VALUE cDSA;
|
|
46
|
-
static VALUE eDSAError;
|
|
47
46
|
|
|
48
47
|
/*
|
|
49
48
|
* Private
|
|
@@ -58,6 +57,7 @@ static VALUE eDSAError;
|
|
|
58
57
|
*
|
|
59
58
|
* If called without arguments, creates a new instance with no key components
|
|
60
59
|
* set. They can be set individually by #set_pqg and #set_key.
|
|
60
|
+
* This form is not compatible with OpenSSL 3.0 or later.
|
|
61
61
|
*
|
|
62
62
|
* If called with a String, tries to parse as DER or PEM encoding of a \DSA key.
|
|
63
63
|
* See also OpenSSL::PKey.read which can parse keys of any kinds.
|
|
@@ -98,10 +98,15 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
98
98
|
/* The DSA.new(size, generator) form is handled by lib/openssl/pkey.rb */
|
|
99
99
|
rb_scan_args(argc, argv, "02", &arg, &pass);
|
|
100
100
|
if (argc == 0) {
|
|
101
|
+
#ifdef OSSL_HAVE_IMMUTABLE_PKEY
|
|
102
|
+
rb_raise(rb_eArgError, "OpenSSL::PKey::DSA.new cannot be called " \
|
|
103
|
+
"without arguments; pkeys are immutable with OpenSSL 3.0");
|
|
104
|
+
#else
|
|
101
105
|
dsa = DSA_new();
|
|
102
106
|
if (!dsa)
|
|
103
|
-
ossl_raise(
|
|
107
|
+
ossl_raise(ePKeyError, "DSA_new");
|
|
104
108
|
goto legacy;
|
|
109
|
+
#endif
|
|
105
110
|
}
|
|
106
111
|
|
|
107
112
|
pass = ossl_pem_passwd_value(pass);
|
|
@@ -119,12 +124,12 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
119
124
|
pkey = ossl_pkey_read_generic(in, pass);
|
|
120
125
|
BIO_free(in);
|
|
121
126
|
if (!pkey)
|
|
122
|
-
ossl_raise(
|
|
127
|
+
ossl_raise(ePKeyError, "Neither PUB key nor PRIV key");
|
|
123
128
|
|
|
124
129
|
type = EVP_PKEY_base_id(pkey);
|
|
125
130
|
if (type != EVP_PKEY_DSA) {
|
|
126
131
|
EVP_PKEY_free(pkey);
|
|
127
|
-
rb_raise(
|
|
132
|
+
rb_raise(ePKeyError, "incorrect pkey type: %s", OBJ_nid2sn(type));
|
|
128
133
|
}
|
|
129
134
|
RTYPEDDATA_DATA(self) = pkey;
|
|
130
135
|
return self;
|
|
@@ -135,13 +140,14 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
135
140
|
if (!pkey || EVP_PKEY_assign_DSA(pkey, dsa) != 1) {
|
|
136
141
|
EVP_PKEY_free(pkey);
|
|
137
142
|
DSA_free(dsa);
|
|
138
|
-
ossl_raise(
|
|
143
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DSA");
|
|
139
144
|
}
|
|
140
145
|
RTYPEDDATA_DATA(self) = pkey;
|
|
141
146
|
return self;
|
|
142
147
|
}
|
|
143
148
|
|
|
144
149
|
#ifndef HAVE_EVP_PKEY_DUP
|
|
150
|
+
/* :nodoc: */
|
|
145
151
|
static VALUE
|
|
146
152
|
ossl_dsa_initialize_copy(VALUE self, VALUE other)
|
|
147
153
|
{
|
|
@@ -157,13 +163,13 @@ ossl_dsa_initialize_copy(VALUE self, VALUE other)
|
|
|
157
163
|
(d2i_of_void *)d2i_DSAPrivateKey,
|
|
158
164
|
(char *)dsa);
|
|
159
165
|
if (!dsa_new)
|
|
160
|
-
|
|
166
|
+
ossl_raise(ePKeyError, "ASN1_dup");
|
|
161
167
|
|
|
162
168
|
pkey = EVP_PKEY_new();
|
|
163
169
|
if (!pkey || EVP_PKEY_assign_DSA(pkey, dsa_new) != 1) {
|
|
164
170
|
EVP_PKEY_free(pkey);
|
|
165
171
|
DSA_free(dsa_new);
|
|
166
|
-
ossl_raise(
|
|
172
|
+
ossl_raise(ePKeyError, "EVP_PKEY_assign_DSA");
|
|
167
173
|
}
|
|
168
174
|
RTYPEDDATA_DATA(self) = pkey;
|
|
169
175
|
|
|
@@ -305,35 +311,6 @@ ossl_dsa_to_der(VALUE self)
|
|
|
305
311
|
}
|
|
306
312
|
|
|
307
313
|
|
|
308
|
-
/*
|
|
309
|
-
* call-seq:
|
|
310
|
-
* dsa.params -> hash
|
|
311
|
-
*
|
|
312
|
-
* Stores all parameters of key to the hash
|
|
313
|
-
* INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
|
|
314
|
-
* Don't use :-)) (I's up to you)
|
|
315
|
-
*/
|
|
316
|
-
static VALUE
|
|
317
|
-
ossl_dsa_get_params(VALUE self)
|
|
318
|
-
{
|
|
319
|
-
OSSL_3_const DSA *dsa;
|
|
320
|
-
VALUE hash;
|
|
321
|
-
const BIGNUM *p, *q, *g, *pub_key, *priv_key;
|
|
322
|
-
|
|
323
|
-
GetDSA(self, dsa);
|
|
324
|
-
DSA_get0_pqg(dsa, &p, &q, &g);
|
|
325
|
-
DSA_get0_key(dsa, &pub_key, &priv_key);
|
|
326
|
-
|
|
327
|
-
hash = rb_hash_new();
|
|
328
|
-
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
|
|
329
|
-
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
|
|
330
|
-
rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g));
|
|
331
|
-
rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key));
|
|
332
|
-
rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key));
|
|
333
|
-
|
|
334
|
-
return hash;
|
|
335
|
-
}
|
|
336
|
-
|
|
337
314
|
/*
|
|
338
315
|
* Document-method: OpenSSL::PKey::DSA#set_pqg
|
|
339
316
|
* call-seq:
|
|
@@ -357,20 +334,6 @@ OSSL_PKEY_BN_DEF2(dsa, DSA, key, pub_key, priv_key)
|
|
|
357
334
|
void
|
|
358
335
|
Init_ossl_dsa(void)
|
|
359
336
|
{
|
|
360
|
-
#if 0
|
|
361
|
-
mPKey = rb_define_module_under(mOSSL, "PKey");
|
|
362
|
-
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
|
|
363
|
-
ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
|
|
364
|
-
#endif
|
|
365
|
-
|
|
366
|
-
/* Document-class: OpenSSL::PKey::DSAError
|
|
367
|
-
*
|
|
368
|
-
* Generic exception that is raised if an operation on a DSA PKey
|
|
369
|
-
* fails unexpectedly or in case an instantiation of an instance of DSA
|
|
370
|
-
* fails due to non-conformant input data.
|
|
371
|
-
*/
|
|
372
|
-
eDSAError = rb_define_class_under(mPKey, "DSAError", ePKeyError);
|
|
373
|
-
|
|
374
337
|
/* Document-class: OpenSSL::PKey::DSA
|
|
375
338
|
*
|
|
376
339
|
* DSA, the Digital Signature Algorithm, is specified in NIST's
|
|
@@ -398,8 +361,6 @@ Init_ossl_dsa(void)
|
|
|
398
361
|
DEF_OSSL_PKEY_BN(cDSA, dsa, priv_key);
|
|
399
362
|
rb_define_method(cDSA, "set_pqg", ossl_dsa_set_pqg, 3);
|
|
400
363
|
rb_define_method(cDSA, "set_key", ossl_dsa_set_key, 2);
|
|
401
|
-
|
|
402
|
-
rb_define_method(cDSA, "params", ossl_dsa_get_params, 0);
|
|
403
364
|
}
|
|
404
365
|
|
|
405
366
|
#else /* defined NO_DSA */
|