openssl 3.3.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +85 -0
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +30 -69
- data/ext/openssl/openssl_missing.h +0 -206
- data/ext/openssl/ossl.c +280 -301
- data/ext/openssl/ossl.h +15 -10
- data/ext/openssl/ossl_asn1.c +598 -406
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +252 -203
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +31 -37
- data/ext/openssl/ossl_ocsp.c +214 -241
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +175 -145
- data/ext/openssl/ossl_pkey.c +162 -178
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +31 -68
- data/ext/openssl/ossl_pkey_dsa.c +15 -54
- data/ext/openssl/ossl_pkey_ec.c +179 -237
- data/ext/openssl/ossl_pkey_rsa.c +56 -103
- data/ext/openssl/ossl_provider.c +0 -7
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +478 -353
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +81 -127
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509attr.c +33 -54
- data/ext/openssl/ossl_x509cert.c +69 -100
- data/ext/openssl/ossl_x509crl.c +78 -89
- data/ext/openssl/ossl_x509ext.c +45 -66
- data/ext/openssl/ossl_x509name.c +63 -88
- data/ext/openssl/ossl_x509req.c +55 -62
- data/ext/openssl/ossl_x509revoked.c +27 -41
- data/ext/openssl/ossl_x509store.c +38 -56
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +1 -3
- data/ext/openssl/openssl_missing.c +0 -40
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_cipher.c
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
#define AllocCipher(obj, ctx) do { \
|
|
15
15
|
(ctx) = EVP_CIPHER_CTX_new(); \
|
|
16
16
|
if (!(ctx)) \
|
|
17
|
-
|
|
17
|
+
ossl_raise(rb_eRuntimeError, NULL); \
|
|
18
18
|
RTYPEDDATA_DATA(obj) = (ctx); \
|
|
19
19
|
} while (0)
|
|
20
20
|
#define GetCipherInit(obj, ctx) do { \
|
|
@@ -23,7 +23,7 @@
|
|
|
23
23
|
#define GetCipher(obj, ctx) do { \
|
|
24
24
|
GetCipherInit((obj), (ctx)); \
|
|
25
25
|
if (!(ctx)) { \
|
|
26
|
-
|
|
26
|
+
ossl_raise(rb_eRuntimeError, "Cipher not initialized!"); \
|
|
27
27
|
} \
|
|
28
28
|
} while (0)
|
|
29
29
|
|
|
@@ -32,7 +32,8 @@
|
|
|
32
32
|
*/
|
|
33
33
|
static VALUE cCipher;
|
|
34
34
|
static VALUE eCipherError;
|
|
35
|
-
static
|
|
35
|
+
static VALUE eAuthTagError;
|
|
36
|
+
static ID id_auth_tag_len, id_key_set, id_cipher_holder;
|
|
36
37
|
|
|
37
38
|
static VALUE ossl_cipher_alloc(VALUE klass);
|
|
38
39
|
static void ossl_cipher_free(void *ptr);
|
|
@@ -40,35 +41,63 @@ static void ossl_cipher_free(void *ptr);
|
|
|
40
41
|
static const rb_data_type_t ossl_cipher_type = {
|
|
41
42
|
"OpenSSL/Cipher",
|
|
42
43
|
{
|
|
43
|
-
|
|
44
|
+
0, ossl_cipher_free,
|
|
44
45
|
},
|
|
45
46
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
46
47
|
};
|
|
47
48
|
|
|
49
|
+
#ifdef OSSL_USE_PROVIDER
|
|
50
|
+
static void
|
|
51
|
+
ossl_evp_cipher_free(void *ptr)
|
|
52
|
+
{
|
|
53
|
+
// This is safe to call against const EVP_CIPHER * returned by
|
|
54
|
+
// EVP_get_cipherbyname()
|
|
55
|
+
EVP_CIPHER_free(ptr);
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
static const rb_data_type_t ossl_evp_cipher_holder_type = {
|
|
59
|
+
"OpenSSL/EVP_CIPHER",
|
|
60
|
+
{
|
|
61
|
+
.dfree = ossl_evp_cipher_free,
|
|
62
|
+
},
|
|
63
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
64
|
+
};
|
|
65
|
+
#endif
|
|
66
|
+
|
|
48
67
|
/*
|
|
49
68
|
* PUBLIC
|
|
50
69
|
*/
|
|
51
70
|
const EVP_CIPHER *
|
|
52
|
-
|
|
71
|
+
ossl_evp_cipher_fetch(VALUE obj, volatile VALUE *holder)
|
|
53
72
|
{
|
|
73
|
+
*holder = Qnil;
|
|
54
74
|
if (rb_obj_is_kind_of(obj, cCipher)) {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
75
|
+
EVP_CIPHER_CTX *ctx;
|
|
76
|
+
GetCipher(obj, ctx);
|
|
77
|
+
EVP_CIPHER *cipher = (EVP_CIPHER *)EVP_CIPHER_CTX_cipher(ctx);
|
|
78
|
+
#ifdef OSSL_USE_PROVIDER
|
|
79
|
+
*holder = TypedData_Wrap_Struct(0, &ossl_evp_cipher_holder_type, NULL);
|
|
80
|
+
if (!EVP_CIPHER_up_ref(cipher))
|
|
81
|
+
ossl_raise(eCipherError, "EVP_CIPHER_up_ref");
|
|
82
|
+
RTYPEDDATA_DATA(*holder) = cipher;
|
|
83
|
+
#endif
|
|
84
|
+
return cipher;
|
|
60
85
|
}
|
|
61
|
-
else {
|
|
62
|
-
const EVP_CIPHER *cipher;
|
|
63
86
|
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
87
|
+
const char *name = StringValueCStr(obj);
|
|
88
|
+
EVP_CIPHER *cipher = (EVP_CIPHER *)EVP_get_cipherbyname(name);
|
|
89
|
+
#ifdef OSSL_USE_PROVIDER
|
|
90
|
+
if (!cipher) {
|
|
91
|
+
ossl_clear_error();
|
|
92
|
+
*holder = TypedData_Wrap_Struct(0, &ossl_evp_cipher_holder_type, NULL);
|
|
93
|
+
cipher = EVP_CIPHER_fetch(NULL, name, NULL);
|
|
94
|
+
RTYPEDDATA_DATA(*holder) = cipher;
|
|
71
95
|
}
|
|
96
|
+
#endif
|
|
97
|
+
if (!cipher)
|
|
98
|
+
ossl_raise(eCipherError, "unsupported cipher algorithm: %"PRIsVALUE,
|
|
99
|
+
obj);
|
|
100
|
+
return cipher;
|
|
72
101
|
}
|
|
73
102
|
|
|
74
103
|
VALUE
|
|
@@ -77,10 +106,13 @@ ossl_cipher_new(const EVP_CIPHER *cipher)
|
|
|
77
106
|
VALUE ret;
|
|
78
107
|
EVP_CIPHER_CTX *ctx;
|
|
79
108
|
|
|
109
|
+
// NOTE: This does not set id_cipher_holder because this function should
|
|
110
|
+
// only be called from ossl_engine.c, which will not use any
|
|
111
|
+
// reference-counted ciphers.
|
|
80
112
|
ret = ossl_cipher_alloc(cCipher);
|
|
81
113
|
AllocCipher(ret, ctx);
|
|
82
114
|
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
|
|
83
|
-
|
|
115
|
+
ossl_raise(eCipherError, NULL);
|
|
84
116
|
|
|
85
117
|
return ret;
|
|
86
118
|
}
|
|
@@ -113,23 +145,22 @@ ossl_cipher_initialize(VALUE self, VALUE str)
|
|
|
113
145
|
{
|
|
114
146
|
EVP_CIPHER_CTX *ctx;
|
|
115
147
|
const EVP_CIPHER *cipher;
|
|
116
|
-
|
|
148
|
+
VALUE cipher_holder;
|
|
117
149
|
|
|
118
|
-
name = StringValueCStr(str);
|
|
119
150
|
GetCipherInit(self, ctx);
|
|
120
151
|
if (ctx) {
|
|
121
|
-
|
|
152
|
+
ossl_raise(rb_eRuntimeError, "Cipher already initialized!");
|
|
122
153
|
}
|
|
154
|
+
cipher = ossl_evp_cipher_fetch(str, &cipher_holder);
|
|
123
155
|
AllocCipher(self, ctx);
|
|
124
|
-
if (!(cipher = EVP_get_cipherbyname(name))) {
|
|
125
|
-
ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%"PRIsVALUE")", str);
|
|
126
|
-
}
|
|
127
156
|
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
|
|
128
|
-
|
|
157
|
+
ossl_raise(eCipherError, "EVP_CipherInit_ex");
|
|
158
|
+
rb_ivar_set(self, id_cipher_holder, cipher_holder);
|
|
129
159
|
|
|
130
160
|
return self;
|
|
131
161
|
}
|
|
132
162
|
|
|
163
|
+
/* :nodoc: */
|
|
133
164
|
static VALUE
|
|
134
165
|
ossl_cipher_copy(VALUE self, VALUE other)
|
|
135
166
|
{
|
|
@@ -140,11 +171,11 @@ ossl_cipher_copy(VALUE self, VALUE other)
|
|
|
140
171
|
|
|
141
172
|
GetCipherInit(self, ctx1);
|
|
142
173
|
if (!ctx1) {
|
|
143
|
-
|
|
174
|
+
AllocCipher(self, ctx1);
|
|
144
175
|
}
|
|
145
176
|
GetCipher(other, ctx2);
|
|
146
177
|
if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1)
|
|
147
|
-
|
|
178
|
+
ossl_raise(eCipherError, NULL);
|
|
148
179
|
|
|
149
180
|
return self;
|
|
150
181
|
}
|
|
@@ -169,8 +200,8 @@ ossl_s_ciphers(VALUE self)
|
|
|
169
200
|
|
|
170
201
|
ary = rb_ary_new();
|
|
171
202
|
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
|
172
|
-
|
|
173
|
-
|
|
203
|
+
add_cipher_name_to_ary,
|
|
204
|
+
(void*)ary);
|
|
174
205
|
|
|
175
206
|
return ary;
|
|
176
207
|
}
|
|
@@ -191,53 +222,22 @@ ossl_cipher_reset(VALUE self)
|
|
|
191
222
|
|
|
192
223
|
GetCipher(self, ctx);
|
|
193
224
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1) != 1)
|
|
194
|
-
|
|
225
|
+
ossl_raise(eCipherError, NULL);
|
|
195
226
|
|
|
196
227
|
return self;
|
|
197
228
|
}
|
|
198
229
|
|
|
199
230
|
static VALUE
|
|
200
|
-
ossl_cipher_init(
|
|
231
|
+
ossl_cipher_init(VALUE self, int enc)
|
|
201
232
|
{
|
|
202
233
|
EVP_CIPHER_CTX *ctx;
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){
|
|
208
|
-
/*
|
|
209
|
-
* oops. this code mistakes salt for IV.
|
|
210
|
-
* We deprecated the arguments for this method, but we decided
|
|
211
|
-
* keeping this behaviour for backward compatibility.
|
|
212
|
-
*/
|
|
213
|
-
VALUE cname = rb_class_path(rb_obj_class(self));
|
|
214
|
-
rb_warn("arguments for %"PRIsVALUE"#encrypt and %"PRIsVALUE"#decrypt were deprecated; "
|
|
215
|
-
"use %"PRIsVALUE"#pkcs5_keyivgen to derive key and IV",
|
|
216
|
-
cname, cname, cname);
|
|
217
|
-
StringValue(pass);
|
|
218
|
-
GetCipher(self, ctx);
|
|
219
|
-
if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
|
|
220
|
-
else{
|
|
221
|
-
StringValue(init_v);
|
|
222
|
-
if (EVP_MAX_IV_LENGTH > RSTRING_LEN(init_v)) {
|
|
223
|
-
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
|
224
|
-
memcpy(iv, RSTRING_PTR(init_v), RSTRING_LEN(init_v));
|
|
225
|
-
}
|
|
226
|
-
else memcpy(iv, RSTRING_PTR(init_v), sizeof(iv));
|
|
227
|
-
}
|
|
228
|
-
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
|
|
229
|
-
(unsigned char *)RSTRING_PTR(pass), RSTRING_LENINT(pass), 1, key, NULL);
|
|
230
|
-
p_key = key;
|
|
231
|
-
p_iv = iv;
|
|
232
|
-
}
|
|
233
|
-
else {
|
|
234
|
-
GetCipher(self, ctx);
|
|
235
|
-
}
|
|
236
|
-
if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) {
|
|
237
|
-
ossl_raise(eCipherError, NULL);
|
|
234
|
+
|
|
235
|
+
GetCipher(self, ctx);
|
|
236
|
+
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, enc) != 1) {
|
|
237
|
+
ossl_raise(eCipherError, "EVP_CipherInit_ex");
|
|
238
238
|
}
|
|
239
239
|
|
|
240
|
-
rb_ivar_set(self, id_key_set,
|
|
240
|
+
rb_ivar_set(self, id_key_set, Qfalse);
|
|
241
241
|
|
|
242
242
|
return self;
|
|
243
243
|
}
|
|
@@ -248,16 +248,15 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
|
|
|
248
248
|
*
|
|
249
249
|
* Initializes the Cipher for encryption.
|
|
250
250
|
*
|
|
251
|
-
* Make sure to call
|
|
252
|
-
*
|
|
253
|
-
* * [#key=, #iv=, #random_key, #random_iv, #pkcs5_keyivgen]
|
|
251
|
+
* Make sure to call either #encrypt or #decrypt before using the Cipher for
|
|
252
|
+
* any operation or setting any parameters.
|
|
254
253
|
*
|
|
255
254
|
* Internally calls EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 1).
|
|
256
255
|
*/
|
|
257
256
|
static VALUE
|
|
258
|
-
ossl_cipher_encrypt(
|
|
257
|
+
ossl_cipher_encrypt(VALUE self)
|
|
259
258
|
{
|
|
260
|
-
return ossl_cipher_init(
|
|
259
|
+
return ossl_cipher_init(self, 1);
|
|
261
260
|
}
|
|
262
261
|
|
|
263
262
|
/*
|
|
@@ -266,16 +265,15 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
|
|
|
266
265
|
*
|
|
267
266
|
* Initializes the Cipher for decryption.
|
|
268
267
|
*
|
|
269
|
-
* Make sure to call
|
|
270
|
-
*
|
|
271
|
-
* * [#key=, #iv=, #random_key, #random_iv, #pkcs5_keyivgen]
|
|
268
|
+
* Make sure to call either #encrypt or #decrypt before using the Cipher for
|
|
269
|
+
* any operation or setting any parameters.
|
|
272
270
|
*
|
|
273
271
|
* Internally calls EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 0).
|
|
274
272
|
*/
|
|
275
273
|
static VALUE
|
|
276
|
-
ossl_cipher_decrypt(
|
|
274
|
+
ossl_cipher_decrypt(VALUE self)
|
|
277
275
|
{
|
|
278
|
-
return ossl_cipher_init(
|
|
276
|
+
return ossl_cipher_init(self, 0);
|
|
279
277
|
}
|
|
280
278
|
|
|
281
279
|
/*
|
|
@@ -284,46 +282,42 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
|
|
|
284
282
|
*
|
|
285
283
|
* Generates and sets the key/IV based on a password.
|
|
286
284
|
*
|
|
287
|
-
* *WARNING*: This method is
|
|
288
|
-
*
|
|
289
|
-
*
|
|
290
|
-
*
|
|
291
|
-
* OpenSSL::PKCS5 instead.
|
|
285
|
+
* *WARNING*: This method is deprecated and should not be used. This method
|
|
286
|
+
* corresponds to EVP_BytesToKey(), a non-standard OpenSSL extension of the
|
|
287
|
+
* legacy PKCS #5 v1.5 key derivation function. See OpenSSL::KDF for other
|
|
288
|
+
* options to derive keys from passwords.
|
|
292
289
|
*
|
|
293
290
|
* === Parameters
|
|
294
291
|
* * _salt_ must be an 8 byte string if provided.
|
|
295
292
|
* * _iterations_ is an integer with a default of 2048.
|
|
296
293
|
* * _digest_ is a Digest object that defaults to 'MD5'
|
|
297
|
-
*
|
|
298
|
-
* A minimum of 1000 iterations is recommended.
|
|
299
|
-
*
|
|
300
294
|
*/
|
|
301
295
|
static VALUE
|
|
302
296
|
ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
|
|
303
297
|
{
|
|
304
298
|
EVP_CIPHER_CTX *ctx;
|
|
305
299
|
const EVP_MD *digest;
|
|
306
|
-
VALUE vpass, vsalt, viter, vdigest;
|
|
300
|
+
VALUE vpass, vsalt, viter, vdigest, md_holder;
|
|
307
301
|
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL;
|
|
308
302
|
int iter;
|
|
309
303
|
|
|
310
304
|
rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest);
|
|
311
305
|
StringValue(vpass);
|
|
312
306
|
if(!NIL_P(vsalt)){
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
307
|
+
StringValue(vsalt);
|
|
308
|
+
if(RSTRING_LEN(vsalt) != PKCS5_SALT_LEN)
|
|
309
|
+
ossl_raise(eCipherError, "salt must be an 8-octet string");
|
|
310
|
+
salt = (unsigned char *)RSTRING_PTR(vsalt);
|
|
317
311
|
}
|
|
318
312
|
iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
|
|
319
313
|
if (iter <= 0)
|
|
320
|
-
|
|
321
|
-
digest = NIL_P(vdigest) ? EVP_md5() :
|
|
314
|
+
rb_raise(rb_eArgError, "iterations must be a positive integer");
|
|
315
|
+
digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_md_fetch(vdigest, &md_holder);
|
|
322
316
|
GetCipher(self, ctx);
|
|
323
317
|
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
|
|
324
|
-
|
|
318
|
+
(unsigned char *)RSTRING_PTR(vpass), RSTRING_LENINT(vpass), iter, key, iv);
|
|
325
319
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1)
|
|
326
|
-
|
|
320
|
+
ossl_raise(eCipherError, NULL);
|
|
327
321
|
OPENSSL_cleanse(key, sizeof key);
|
|
328
322
|
OPENSSL_cleanse(iv, sizeof iv);
|
|
329
323
|
|
|
@@ -334,25 +328,25 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
|
|
|
334
328
|
|
|
335
329
|
static int
|
|
336
330
|
ossl_cipher_update_long(EVP_CIPHER_CTX *ctx, unsigned char *out, long *out_len_ptr,
|
|
337
|
-
|
|
331
|
+
const unsigned char *in, long in_len)
|
|
338
332
|
{
|
|
339
333
|
int out_part_len;
|
|
340
334
|
int limit = INT_MAX / 2 + 1;
|
|
341
335
|
long out_len = 0;
|
|
342
336
|
|
|
343
337
|
do {
|
|
344
|
-
|
|
338
|
+
int in_part_len = in_len > limit ? limit : (int)in_len;
|
|
345
339
|
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
340
|
+
if (!EVP_CipherUpdate(ctx, out ? (out + out_len) : 0,
|
|
341
|
+
&out_part_len, in, in_part_len))
|
|
342
|
+
return 0;
|
|
349
343
|
|
|
350
|
-
|
|
351
|
-
|
|
344
|
+
out_len += out_part_len;
|
|
345
|
+
in += in_part_len;
|
|
352
346
|
} while ((in_len -= limit) > 0);
|
|
353
347
|
|
|
354
348
|
if (out_len_ptr)
|
|
355
|
-
|
|
349
|
+
*out_len_ptr = out_len;
|
|
356
350
|
|
|
357
351
|
return 1;
|
|
358
352
|
}
|
|
@@ -368,6 +362,9 @@ ossl_cipher_update_long(EVP_CIPHER_CTX *ctx, unsigned char *out, long *out_len_p
|
|
|
368
362
|
*
|
|
369
363
|
* If _buffer_ is given, the encryption/decryption result will be written to
|
|
370
364
|
* it. _buffer_ will be resized automatically.
|
|
365
|
+
*
|
|
366
|
+
* *NOTE*: When decrypting using an AEAD cipher, the integrity of the output
|
|
367
|
+
* is not verified until #final has been called.
|
|
371
368
|
*/
|
|
372
369
|
static VALUE
|
|
373
370
|
ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
@@ -380,7 +377,7 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
380
377
|
rb_scan_args(argc, argv, "11", &data, &str);
|
|
381
378
|
|
|
382
379
|
if (!RTEST(rb_attr_get(self, id_key_set)))
|
|
383
|
-
|
|
380
|
+
ossl_raise(eCipherError, "key not set");
|
|
384
381
|
|
|
385
382
|
StringValue(data);
|
|
386
383
|
in = (unsigned char *)RSTRING_PTR(data);
|
|
@@ -399,8 +396,8 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
399
396
|
* currently implemented in OpenSSL, but this can change in the future.
|
|
400
397
|
*/
|
|
401
398
|
if (in_len > LONG_MAX - EVP_MAX_BLOCK_LENGTH) {
|
|
402
|
-
|
|
403
|
-
|
|
399
|
+
ossl_raise(rb_eRangeError,
|
|
400
|
+
"data too big to make output buffer: %ld bytes", in_len);
|
|
404
401
|
}
|
|
405
402
|
out_len = in_len + EVP_MAX_BLOCK_LENGTH;
|
|
406
403
|
|
|
@@ -415,7 +412,7 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
415
412
|
}
|
|
416
413
|
|
|
417
414
|
if (!ossl_cipher_update_long(ctx, (unsigned char *)RSTRING_PTR(str), &out_len, in, in_len))
|
|
418
|
-
|
|
415
|
+
ossl_raise(eCipherError, NULL);
|
|
419
416
|
assert(out_len <= RSTRING_LEN(str));
|
|
420
417
|
rb_str_set_len(str, out_len);
|
|
421
418
|
|
|
@@ -427,14 +424,17 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
427
424
|
* cipher.final -> string
|
|
428
425
|
*
|
|
429
426
|
* Returns the remaining data held in the cipher object. Further calls to
|
|
430
|
-
* Cipher#update or Cipher#final
|
|
427
|
+
* Cipher#update or Cipher#final are invalid. This call should always
|
|
431
428
|
* be made as the last call of an encryption or decryption operation, after
|
|
432
429
|
* having fed the entire plaintext or ciphertext to the Cipher instance.
|
|
433
430
|
*
|
|
434
|
-
*
|
|
435
|
-
*
|
|
436
|
-
*
|
|
437
|
-
*
|
|
431
|
+
* When encrypting using an AEAD cipher, the authentication tag can be
|
|
432
|
+
* retrieved by #auth_tag after #final has been called.
|
|
433
|
+
*
|
|
434
|
+
* When decrypting using an AEAD cipher, this method will verify the integrity
|
|
435
|
+
* of the ciphertext and the associated data with the authentication tag,
|
|
436
|
+
* which must be set by #auth_tag= prior to calling this method.
|
|
437
|
+
* If the verification fails, CipherError will be raised.
|
|
438
438
|
*/
|
|
439
439
|
static VALUE
|
|
440
440
|
ossl_cipher_final(VALUE self)
|
|
@@ -445,8 +445,17 @@ ossl_cipher_final(VALUE self)
|
|
|
445
445
|
|
|
446
446
|
GetCipher(self, ctx);
|
|
447
447
|
str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx));
|
|
448
|
-
if (!EVP_CipherFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), &out_len))
|
|
449
|
-
|
|
448
|
+
if (!EVP_CipherFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), &out_len)) {
|
|
449
|
+
/* For AEAD ciphers, this is likely an authentication failure */
|
|
450
|
+
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
|
451
|
+
/* For AEAD ciphers, EVP_CipherFinal_ex failures are authentication tag verification failures */
|
|
452
|
+
ossl_raise(eAuthTagError, "AEAD authentication tag verification failed");
|
|
453
|
+
}
|
|
454
|
+
else {
|
|
455
|
+
/* For non-AEAD ciphers */
|
|
456
|
+
ossl_raise(eCipherError, "cipher final failed");
|
|
457
|
+
}
|
|
458
|
+
}
|
|
450
459
|
assert(out_len <= RSTRING_LEN(str));
|
|
451
460
|
rb_str_set_len(str, out_len);
|
|
452
461
|
|
|
@@ -472,7 +481,7 @@ ossl_cipher_name(VALUE self)
|
|
|
472
481
|
|
|
473
482
|
/*
|
|
474
483
|
* call-seq:
|
|
475
|
-
* cipher.key = string
|
|
484
|
+
* cipher.key = string
|
|
476
485
|
*
|
|
477
486
|
* Sets the cipher key. To generate a key, you should either use a secure
|
|
478
487
|
* random byte string or, if the key is to be derived from a password, you
|
|
@@ -480,6 +489,8 @@ ossl_cipher_name(VALUE self)
|
|
|
480
489
|
* generate a secure random-based key, Cipher#random_key may be used.
|
|
481
490
|
*
|
|
482
491
|
* Only call this method after calling Cipher#encrypt or Cipher#decrypt.
|
|
492
|
+
*
|
|
493
|
+
* See also the man page EVP_CipherInit_ex(3).
|
|
483
494
|
*/
|
|
484
495
|
static VALUE
|
|
485
496
|
ossl_cipher_set_key(VALUE self, VALUE key)
|
|
@@ -492,10 +503,10 @@ ossl_cipher_set_key(VALUE self, VALUE key)
|
|
|
492
503
|
|
|
493
504
|
key_len = EVP_CIPHER_CTX_key_length(ctx);
|
|
494
505
|
if (RSTRING_LEN(key) != key_len)
|
|
495
|
-
|
|
506
|
+
ossl_raise(rb_eArgError, "key must be %d bytes", key_len);
|
|
496
507
|
|
|
497
508
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1)
|
|
498
|
-
|
|
509
|
+
ossl_raise(eCipherError, NULL);
|
|
499
510
|
|
|
500
511
|
rb_ivar_set(self, id_key_set, Qtrue);
|
|
501
512
|
|
|
@@ -504,15 +515,21 @@ ossl_cipher_set_key(VALUE self, VALUE key)
|
|
|
504
515
|
|
|
505
516
|
/*
|
|
506
517
|
* call-seq:
|
|
507
|
-
* cipher.iv = string
|
|
518
|
+
* cipher.iv = string
|
|
508
519
|
*
|
|
509
520
|
* Sets the cipher IV. Please note that since you should never be using ECB
|
|
510
521
|
* mode, an IV is always explicitly required and should be set prior to
|
|
511
|
-
* encryption. The IV itself can be safely transmitted in public
|
|
512
|
-
* should be unpredictable to prevent certain kinds of attacks. You may use
|
|
513
|
-
* Cipher#random_iv to create a secure random IV.
|
|
522
|
+
* encryption. The IV itself can be safely transmitted in public.
|
|
514
523
|
*
|
|
515
|
-
*
|
|
524
|
+
* This method expects the String to have the length equal to #iv_len. To use
|
|
525
|
+
* a different IV length with an AEAD cipher, #iv_len= must be set prior to
|
|
526
|
+
* calling this method.
|
|
527
|
+
*
|
|
528
|
+
* *NOTE*: In OpenSSL API conventions, the IV value may correspond to the
|
|
529
|
+
* "nonce" instead in some cipher modes. Refer to the OpenSSL man pages for
|
|
530
|
+
* details.
|
|
531
|
+
*
|
|
532
|
+
* See also the man page EVP_CipherInit_ex(3).
|
|
516
533
|
*/
|
|
517
534
|
static VALUE
|
|
518
535
|
ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|
@@ -524,14 +541,14 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|
|
524
541
|
GetCipher(self, ctx);
|
|
525
542
|
|
|
526
543
|
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
527
|
-
|
|
544
|
+
iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
|
|
528
545
|
if (!iv_len)
|
|
529
|
-
|
|
546
|
+
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
|
|
530
547
|
if (RSTRING_LEN(iv) != iv_len)
|
|
531
|
-
|
|
548
|
+
ossl_raise(rb_eArgError, "iv must be %d bytes", iv_len);
|
|
532
549
|
|
|
533
550
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, (unsigned char *)RSTRING_PTR(iv), -1) != 1)
|
|
534
|
-
|
|
551
|
+
ossl_raise(eCipherError, NULL);
|
|
535
552
|
|
|
536
553
|
return iv;
|
|
537
554
|
}
|
|
@@ -540,8 +557,7 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|
|
540
557
|
* call-seq:
|
|
541
558
|
* cipher.authenticated? -> true | false
|
|
542
559
|
*
|
|
543
|
-
*
|
|
544
|
-
* mode.
|
|
560
|
+
* Indicates whether this Cipher instance uses an AEAD mode.
|
|
545
561
|
*/
|
|
546
562
|
static VALUE
|
|
547
563
|
ossl_cipher_is_authenticated(VALUE self)
|
|
@@ -555,21 +571,23 @@ ossl_cipher_is_authenticated(VALUE self)
|
|
|
555
571
|
|
|
556
572
|
/*
|
|
557
573
|
* call-seq:
|
|
558
|
-
* cipher.auth_data = string
|
|
574
|
+
* cipher.auth_data = string
|
|
575
|
+
*
|
|
576
|
+
* Sets additional authenticated data (AAD), also called associated data, for
|
|
577
|
+
* this Cipher. This method is available for AEAD ciphers.
|
|
559
578
|
*
|
|
560
|
-
* Sets the cipher's additional authenticated data. This field must be
|
|
561
|
-
* set when using AEAD cipher modes such as GCM or CCM. If no associated
|
|
562
|
-
* data shall be used, this method must *still* be called with a value of "".
|
|
563
579
|
* The contents of this field should be non-sensitive data which will be
|
|
564
580
|
* added to the ciphertext to generate the authentication tag which validates
|
|
565
581
|
* the contents of the ciphertext.
|
|
566
582
|
*
|
|
567
|
-
*
|
|
568
|
-
*
|
|
569
|
-
*
|
|
570
|
-
*
|
|
571
|
-
*
|
|
572
|
-
*
|
|
583
|
+
* This method must be called after #key= and #iv= have been set, but before
|
|
584
|
+
* starting actual encryption or decryption with #update. In some cipher modes,
|
|
585
|
+
* #auth_tag_len= and #ccm_data_len= may also need to be called before this
|
|
586
|
+
* method.
|
|
587
|
+
*
|
|
588
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
589
|
+
* This method internally calls EVP_CipherUpdate() with the output buffer
|
|
590
|
+
* set to NULL.
|
|
573
591
|
*/
|
|
574
592
|
static VALUE
|
|
575
593
|
ossl_cipher_set_auth_data(VALUE self, VALUE data)
|
|
@@ -585,7 +603,7 @@ ossl_cipher_set_auth_data(VALUE self, VALUE data)
|
|
|
585
603
|
|
|
586
604
|
GetCipher(self, ctx);
|
|
587
605
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
588
|
-
|
|
606
|
+
ossl_raise(eCipherError, "AEAD not supported by this cipher");
|
|
589
607
|
|
|
590
608
|
if (!ossl_cipher_update_long(ctx, NULL, &out_len, in, in_len))
|
|
591
609
|
ossl_raise(eCipherError, "couldn't set additional authenticated data");
|
|
@@ -597,16 +615,17 @@ ossl_cipher_set_auth_data(VALUE self, VALUE data)
|
|
|
597
615
|
* call-seq:
|
|
598
616
|
* cipher.auth_tag(tag_len = 16) -> String
|
|
599
617
|
*
|
|
600
|
-
* Gets the authentication tag
|
|
601
|
-
*
|
|
602
|
-
*
|
|
603
|
-
*
|
|
604
|
-
*
|
|
605
|
-
*
|
|
606
|
-
*
|
|
607
|
-
* should be chosen.
|
|
618
|
+
* Gets the generated authentication tag. This method is available for AEAD
|
|
619
|
+
* ciphers, and should be called after encryption has been finalized by calling
|
|
620
|
+
* #final.
|
|
621
|
+
*
|
|
622
|
+
* The returned tag will be _tag_len_ bytes long. Some cipher modes require
|
|
623
|
+
* the desired length in advance using a separate call to #auth_tag_len=,
|
|
624
|
+
* before starting encryption.
|
|
608
625
|
*
|
|
609
|
-
*
|
|
626
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
627
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
628
|
+
* EVP_CTRL_AEAD_GET_TAG.
|
|
610
629
|
*/
|
|
611
630
|
static VALUE
|
|
612
631
|
ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
|
|
@@ -617,34 +636,42 @@ ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
|
|
|
617
636
|
|
|
618
637
|
rb_scan_args(argc, argv, "01", &vtag_len);
|
|
619
638
|
if (NIL_P(vtag_len))
|
|
620
|
-
|
|
639
|
+
vtag_len = rb_attr_get(self, id_auth_tag_len);
|
|
621
640
|
if (!NIL_P(vtag_len))
|
|
622
|
-
|
|
641
|
+
tag_len = NUM2INT(vtag_len);
|
|
623
642
|
|
|
624
643
|
GetCipher(self, ctx);
|
|
625
644
|
|
|
626
645
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
627
|
-
|
|
646
|
+
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
|
|
628
647
|
|
|
629
648
|
ret = rb_str_new(NULL, tag_len);
|
|
630
649
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_len, RSTRING_PTR(ret)))
|
|
631
|
-
|
|
650
|
+
ossl_raise(eCipherError, "retrieving the authentication tag failed");
|
|
632
651
|
|
|
633
652
|
return ret;
|
|
634
653
|
}
|
|
635
654
|
|
|
636
655
|
/*
|
|
637
656
|
* call-seq:
|
|
638
|
-
* cipher.auth_tag = string
|
|
657
|
+
* cipher.auth_tag = string
|
|
639
658
|
*
|
|
640
659
|
* Sets the authentication tag to verify the integrity of the ciphertext.
|
|
641
|
-
* This can be called only when the cipher supports AE. The tag must be set
|
|
642
|
-
* after calling Cipher#decrypt, Cipher#key= and Cipher#iv=, but before
|
|
643
|
-
* calling Cipher#final. After all decryption is performed, the tag is
|
|
644
|
-
* verified automatically in the call to Cipher#final.
|
|
645
660
|
*
|
|
646
|
-
*
|
|
647
|
-
*
|
|
661
|
+
* The authentication tag must be set before #final is called. The tag is
|
|
662
|
+
* verified during the #final call.
|
|
663
|
+
*
|
|
664
|
+
* Note that, for CCM mode and OCB mode, the expected length of the tag must
|
|
665
|
+
* be set before starting decryption by a separate call to #auth_tag_len=.
|
|
666
|
+
* The content of the tag can be provided at any time before #final is called.
|
|
667
|
+
*
|
|
668
|
+
* *NOTE*: The caller must ensure that the String passed to this method has
|
|
669
|
+
* the desired length. Some cipher modes support variable tag lengths, and
|
|
670
|
+
* this method may accept a truncated tag without raising an exception.
|
|
671
|
+
*
|
|
672
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
673
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
674
|
+
* EVP_CTRL_AEAD_SET_TAG.
|
|
648
675
|
*/
|
|
649
676
|
static VALUE
|
|
650
677
|
ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
|
|
@@ -659,24 +686,27 @@ ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
|
|
|
659
686
|
|
|
660
687
|
GetCipher(self, ctx);
|
|
661
688
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
662
|
-
|
|
689
|
+
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
|
|
663
690
|
|
|
664
691
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
|
|
665
|
-
|
|
692
|
+
ossl_raise(eCipherError, "unable to set AEAD tag");
|
|
666
693
|
|
|
667
694
|
return vtag;
|
|
668
695
|
}
|
|
669
696
|
|
|
670
697
|
/*
|
|
671
698
|
* call-seq:
|
|
672
|
-
* cipher.auth_tag_len =
|
|
699
|
+
* cipher.auth_tag_len = integer
|
|
700
|
+
*
|
|
701
|
+
* Sets the length of the expected authentication tag for this Cipher. This
|
|
702
|
+
* method is available for some of AEAD ciphers that require the length to be
|
|
703
|
+
* set before starting encryption or decryption, such as CCM mode or OCB mode.
|
|
673
704
|
*
|
|
674
|
-
*
|
|
675
|
-
* AEAD ciphers that requires it as in input parameter. Note that not all AEAD
|
|
676
|
-
* ciphers support this method.
|
|
705
|
+
* For CCM mode and OCB mode, the tag length must be set before #iv= is set.
|
|
677
706
|
*
|
|
678
|
-
*
|
|
679
|
-
*
|
|
707
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
708
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
709
|
+
* EVP_CTRL_AEAD_SET_TAG and a NULL buffer.
|
|
680
710
|
*/
|
|
681
711
|
static VALUE
|
|
682
712
|
ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
|
|
@@ -686,10 +716,10 @@ ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
|
|
|
686
716
|
|
|
687
717
|
GetCipher(self, ctx);
|
|
688
718
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
689
|
-
|
|
719
|
+
ossl_raise(eCipherError, "AEAD not supported by this cipher");
|
|
690
720
|
|
|
691
721
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
|
|
692
|
-
|
|
722
|
+
ossl_raise(eCipherError, "unable to set authentication tag length");
|
|
693
723
|
|
|
694
724
|
/* for #auth_tag */
|
|
695
725
|
rb_ivar_set(self, id_auth_tag_len, INT2NUM(tag_len));
|
|
@@ -699,11 +729,16 @@ ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
|
|
|
699
729
|
|
|
700
730
|
/*
|
|
701
731
|
* call-seq:
|
|
702
|
-
*
|
|
732
|
+
* cipher.iv_len = integer
|
|
703
733
|
*
|
|
704
|
-
* Sets the IV/nonce length
|
|
705
|
-
*
|
|
706
|
-
*
|
|
734
|
+
* Sets the IV/nonce length for this Cipher. This method is available for AEAD
|
|
735
|
+
* ciphers that support variable IV lengths. This method can be called if a
|
|
736
|
+
* different IV length than OpenSSL's default is desired, prior to calling
|
|
737
|
+
* #iv=.
|
|
738
|
+
*
|
|
739
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
740
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
741
|
+
* EVP_CTRL_AEAD_SET_IVLEN.
|
|
707
742
|
*/
|
|
708
743
|
static VALUE
|
|
709
744
|
ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
|
|
@@ -713,10 +748,10 @@ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
|
|
|
713
748
|
|
|
714
749
|
GetCipher(self, ctx);
|
|
715
750
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
716
|
-
|
|
751
|
+
ossl_raise(eCipherError, "cipher does not support AEAD");
|
|
717
752
|
|
|
718
753
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
|
|
719
|
-
|
|
754
|
+
ossl_raise(eCipherError, "unable to set IV length");
|
|
720
755
|
|
|
721
756
|
/*
|
|
722
757
|
* EVP_CIPHER_CTX_iv_length() returns the default length. So we need to save
|
|
@@ -729,13 +764,14 @@ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
|
|
|
729
764
|
|
|
730
765
|
/*
|
|
731
766
|
* call-seq:
|
|
732
|
-
* cipher.key_len = integer
|
|
767
|
+
* cipher.key_len = integer
|
|
733
768
|
*
|
|
734
769
|
* Sets the key length of the cipher. If the cipher is a fixed length cipher
|
|
735
770
|
* then attempting to set the key length to any value other than the fixed
|
|
736
771
|
* value is an error.
|
|
737
772
|
*
|
|
738
|
-
* Under normal circumstances you do not need to call this method (and
|
|
773
|
+
* Under normal circumstances you do not need to call this method (and
|
|
774
|
+
* probably shouldn't).
|
|
739
775
|
*
|
|
740
776
|
* See EVP_CIPHER_CTX_set_key_length for further information.
|
|
741
777
|
*/
|
|
@@ -752,13 +788,16 @@ ossl_cipher_set_key_length(VALUE self, VALUE key_length)
|
|
|
752
788
|
return key_length;
|
|
753
789
|
}
|
|
754
790
|
|
|
791
|
+
// TODO: Should #padding= take a boolean value instead?
|
|
755
792
|
/*
|
|
756
793
|
* call-seq:
|
|
757
|
-
* cipher.padding =
|
|
794
|
+
* cipher.padding = 1 or 0
|
|
758
795
|
*
|
|
759
|
-
* Enables or disables padding. By default encryption operations are padded
|
|
760
|
-
*
|
|
761
|
-
*
|
|
796
|
+
* Enables or disables padding. By default encryption operations are padded
|
|
797
|
+
* using standard block padding and the padding is checked and removed when
|
|
798
|
+
* decrypting. If the pad parameter is zero then no padding is performed, the
|
|
799
|
+
* total amount of data encrypted or decrypted must then be a multiple of the
|
|
800
|
+
* block size or an error will occur.
|
|
762
801
|
*
|
|
763
802
|
* See EVP_CIPHER_CTX_set_padding for further information.
|
|
764
803
|
*/
|
|
@@ -770,7 +809,7 @@ ossl_cipher_set_padding(VALUE self, VALUE padding)
|
|
|
770
809
|
|
|
771
810
|
GetCipher(self, ctx);
|
|
772
811
|
if (EVP_CIPHER_CTX_set_padding(ctx, pad) != 1)
|
|
773
|
-
|
|
812
|
+
ossl_raise(eCipherError, NULL);
|
|
774
813
|
return padding;
|
|
775
814
|
}
|
|
776
815
|
|
|
@@ -804,9 +843,9 @@ ossl_cipher_iv_length(VALUE self)
|
|
|
804
843
|
|
|
805
844
|
GetCipher(self, ctx);
|
|
806
845
|
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
807
|
-
|
|
846
|
+
len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
|
|
808
847
|
if (!len)
|
|
809
|
-
|
|
848
|
+
len = EVP_CIPHER_CTX_iv_length(ctx);
|
|
810
849
|
|
|
811
850
|
return INT2NUM(len);
|
|
812
851
|
}
|
|
@@ -829,13 +868,17 @@ ossl_cipher_block_size(VALUE self)
|
|
|
829
868
|
|
|
830
869
|
/*
|
|
831
870
|
* call-seq:
|
|
832
|
-
* cipher.ccm_data_len = integer
|
|
871
|
+
* cipher.ccm_data_len = integer
|
|
833
872
|
*
|
|
834
|
-
* Sets the length of the plaintext / ciphertext message that will be
|
|
835
|
-
* processed in CCM mode.
|
|
836
|
-
* #iv= have been set, and before #auth_data=.
|
|
873
|
+
* Sets the total length of the plaintext / ciphertext message that will be
|
|
874
|
+
* processed by #update in CCM mode.
|
|
837
875
|
*
|
|
838
|
-
*
|
|
876
|
+
* Make sure to call this method after #key= and #iv= have been set, and
|
|
877
|
+
* before #auth_data= or #update are called.
|
|
878
|
+
*
|
|
879
|
+
* This method is only available for CCM mode ciphers.
|
|
880
|
+
*
|
|
881
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
839
882
|
*/
|
|
840
883
|
static VALUE
|
|
841
884
|
ossl_cipher_set_ccm_data_len(VALUE self, VALUE data_len)
|
|
@@ -858,11 +901,6 @@ ossl_cipher_set_ccm_data_len(VALUE self, VALUE data_len)
|
|
|
858
901
|
void
|
|
859
902
|
Init_ossl_cipher(void)
|
|
860
903
|
{
|
|
861
|
-
#if 0
|
|
862
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
863
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
864
|
-
#endif
|
|
865
|
-
|
|
866
904
|
/* Document-class: OpenSSL::Cipher
|
|
867
905
|
*
|
|
868
906
|
* Provides symmetric algorithms for encryption and decryption. The
|
|
@@ -1018,24 +1056,28 @@ Init_ossl_cipher(void)
|
|
|
1018
1056
|
* could otherwise be exploited to modify ciphertexts in ways beneficial to
|
|
1019
1057
|
* potential attackers.
|
|
1020
1058
|
*
|
|
1021
|
-
*
|
|
1059
|
+
* Associated data, also called additional authenticated data (AAD), is
|
|
1060
|
+
* optionally used where there is additional information, such as
|
|
1022
1061
|
* headers or some metadata, that must be also authenticated but not
|
|
1023
|
-
* necessarily need to be encrypted.
|
|
1024
|
-
* encryption and later decryption, the OpenSSL library still requires a
|
|
1025
|
-
* value to be set - "" may be used in case none is available.
|
|
1062
|
+
* necessarily need to be encrypted.
|
|
1026
1063
|
*
|
|
1027
1064
|
* An example using the GCM (Galois/Counter Mode). You have 16 bytes _key_,
|
|
1028
1065
|
* 12 bytes (96 bits) _nonce_ and the associated data _auth_data_. Be sure
|
|
1029
1066
|
* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
|
|
1030
1067
|
* security guarantees of GCM mode.
|
|
1031
1068
|
*
|
|
1069
|
+
* key = OpenSSL::Random.random_bytes(16)
|
|
1070
|
+
* nonce = OpenSSL::Random.random_bytes(12)
|
|
1071
|
+
* auth_data = "authenticated but unencrypted data"
|
|
1072
|
+
* data = "encrypted data"
|
|
1073
|
+
*
|
|
1032
1074
|
* cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
|
|
1033
1075
|
* cipher.key = key
|
|
1034
1076
|
* cipher.iv = nonce
|
|
1035
1077
|
* cipher.auth_data = auth_data
|
|
1036
1078
|
*
|
|
1037
1079
|
* encrypted = cipher.update(data) + cipher.final
|
|
1038
|
-
* tag = cipher.auth_tag
|
|
1080
|
+
* tag = cipher.auth_tag(16)
|
|
1039
1081
|
*
|
|
1040
1082
|
* Now you are the receiver. You know the _key_ and have received _nonce_,
|
|
1041
1083
|
* _auth_data_, _encrypted_ and _tag_ through an untrusted network. Note
|
|
@@ -1048,23 +1090,29 @@ Init_ossl_cipher(void)
|
|
|
1048
1090
|
* decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
|
|
1049
1091
|
* decipher.key = key
|
|
1050
1092
|
* decipher.iv = nonce
|
|
1051
|
-
* decipher.auth_tag = tag
|
|
1093
|
+
* decipher.auth_tag = tag # could be called at any time before #final
|
|
1052
1094
|
* decipher.auth_data = auth_data
|
|
1053
1095
|
*
|
|
1054
1096
|
* decrypted = decipher.update(encrypted) + decipher.final
|
|
1055
1097
|
*
|
|
1056
1098
|
* puts data == decrypted #=> true
|
|
1099
|
+
*
|
|
1100
|
+
* Note that other AEAD ciphers may require additional steps, such as
|
|
1101
|
+
* setting the expected tag length (#auth_tag_len=) or the total data
|
|
1102
|
+
* length (#ccm_data_len=) in advance. Make sure to read the relevant man
|
|
1103
|
+
* page for details.
|
|
1057
1104
|
*/
|
|
1058
1105
|
cCipher = rb_define_class_under(mOSSL, "Cipher", rb_cObject);
|
|
1059
1106
|
eCipherError = rb_define_class_under(cCipher, "CipherError", eOSSLError);
|
|
1107
|
+
eAuthTagError = rb_define_class_under(cCipher, "AuthTagError", eCipherError);
|
|
1060
1108
|
|
|
1061
1109
|
rb_define_alloc_func(cCipher, ossl_cipher_alloc);
|
|
1062
1110
|
rb_define_method(cCipher, "initialize_copy", ossl_cipher_copy, 1);
|
|
1063
1111
|
rb_define_module_function(cCipher, "ciphers", ossl_s_ciphers, 0);
|
|
1064
1112
|
rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
|
|
1065
1113
|
rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
|
|
1066
|
-
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt,
|
|
1067
|
-
rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt,
|
|
1114
|
+
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, 0);
|
|
1115
|
+
rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, 0);
|
|
1068
1116
|
rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1);
|
|
1069
1117
|
rb_define_method(cCipher, "update", ossl_cipher_update, -1);
|
|
1070
1118
|
rb_define_method(cCipher, "final", ossl_cipher_final, 0);
|
|
@@ -1086,4 +1134,5 @@ Init_ossl_cipher(void)
|
|
|
1086
1134
|
|
|
1087
1135
|
id_auth_tag_len = rb_intern_const("auth_tag_len");
|
|
1088
1136
|
id_key_set = rb_intern_const("key_set");
|
|
1137
|
+
id_cipher_holder = rb_intern_const("EVP_CIPHER_holder");
|
|
1089
1138
|
}
|