openssl 3.3.2 → 4.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +105 -0
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +30 -69
- data/ext/openssl/openssl_missing.h +0 -206
- data/ext/openssl/ossl.c +280 -301
- data/ext/openssl/ossl.h +15 -10
- data/ext/openssl/ossl_asn1.c +598 -406
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +257 -209
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +31 -37
- data/ext/openssl/ossl_ocsp.c +214 -241
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +176 -146
- data/ext/openssl/ossl_pkey.c +162 -178
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +31 -68
- data/ext/openssl/ossl_pkey_dsa.c +15 -54
- data/ext/openssl/ossl_pkey_ec.c +180 -238
- data/ext/openssl/ossl_pkey_rsa.c +56 -103
- data/ext/openssl/ossl_provider.c +0 -7
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +535 -384
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +81 -127
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509attr.c +33 -54
- data/ext/openssl/ossl_x509cert.c +69 -100
- data/ext/openssl/ossl_x509crl.c +78 -89
- data/ext/openssl/ossl_x509ext.c +45 -66
- data/ext/openssl/ossl_x509name.c +63 -88
- data/ext/openssl/ossl_x509req.c +55 -62
- data/ext/openssl/ossl_x509revoked.c +27 -41
- data/ext/openssl/ossl_x509store.c +38 -56
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +2 -4
- data/ext/openssl/openssl_missing.c +0 -40
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_cipher.c
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
#define AllocCipher(obj, ctx) do { \
|
|
15
15
|
(ctx) = EVP_CIPHER_CTX_new(); \
|
|
16
16
|
if (!(ctx)) \
|
|
17
|
-
|
|
17
|
+
ossl_raise(rb_eRuntimeError, NULL); \
|
|
18
18
|
RTYPEDDATA_DATA(obj) = (ctx); \
|
|
19
19
|
} while (0)
|
|
20
20
|
#define GetCipherInit(obj, ctx) do { \
|
|
@@ -23,7 +23,7 @@
|
|
|
23
23
|
#define GetCipher(obj, ctx) do { \
|
|
24
24
|
GetCipherInit((obj), (ctx)); \
|
|
25
25
|
if (!(ctx)) { \
|
|
26
|
-
|
|
26
|
+
ossl_raise(rb_eRuntimeError, "Cipher not initialized!"); \
|
|
27
27
|
} \
|
|
28
28
|
} while (0)
|
|
29
29
|
|
|
@@ -32,7 +32,8 @@
|
|
|
32
32
|
*/
|
|
33
33
|
static VALUE cCipher;
|
|
34
34
|
static VALUE eCipherError;
|
|
35
|
-
static
|
|
35
|
+
static VALUE eAuthTagError;
|
|
36
|
+
static ID id_auth_tag_len, id_key_set, id_cipher_holder;
|
|
36
37
|
|
|
37
38
|
static VALUE ossl_cipher_alloc(VALUE klass);
|
|
38
39
|
static void ossl_cipher_free(void *ptr);
|
|
@@ -40,35 +41,63 @@ static void ossl_cipher_free(void *ptr);
|
|
|
40
41
|
static const rb_data_type_t ossl_cipher_type = {
|
|
41
42
|
"OpenSSL/Cipher",
|
|
42
43
|
{
|
|
43
|
-
|
|
44
|
+
0, ossl_cipher_free,
|
|
44
45
|
},
|
|
45
46
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
46
47
|
};
|
|
47
48
|
|
|
49
|
+
#ifdef OSSL_USE_PROVIDER
|
|
50
|
+
static void
|
|
51
|
+
ossl_evp_cipher_free(void *ptr)
|
|
52
|
+
{
|
|
53
|
+
// This is safe to call against const EVP_CIPHER * returned by
|
|
54
|
+
// EVP_get_cipherbyname()
|
|
55
|
+
EVP_CIPHER_free(ptr);
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
static const rb_data_type_t ossl_evp_cipher_holder_type = {
|
|
59
|
+
"OpenSSL/EVP_CIPHER",
|
|
60
|
+
{
|
|
61
|
+
.dfree = ossl_evp_cipher_free,
|
|
62
|
+
},
|
|
63
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
64
|
+
};
|
|
65
|
+
#endif
|
|
66
|
+
|
|
48
67
|
/*
|
|
49
68
|
* PUBLIC
|
|
50
69
|
*/
|
|
51
70
|
const EVP_CIPHER *
|
|
52
|
-
|
|
71
|
+
ossl_evp_cipher_fetch(VALUE obj, volatile VALUE *holder)
|
|
53
72
|
{
|
|
73
|
+
*holder = Qnil;
|
|
54
74
|
if (rb_obj_is_kind_of(obj, cCipher)) {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
75
|
+
EVP_CIPHER_CTX *ctx;
|
|
76
|
+
GetCipher(obj, ctx);
|
|
77
|
+
EVP_CIPHER *cipher = (EVP_CIPHER *)EVP_CIPHER_CTX_cipher(ctx);
|
|
78
|
+
#ifdef OSSL_USE_PROVIDER
|
|
79
|
+
*holder = TypedData_Wrap_Struct(0, &ossl_evp_cipher_holder_type, NULL);
|
|
80
|
+
if (!EVP_CIPHER_up_ref(cipher))
|
|
81
|
+
ossl_raise(eCipherError, "EVP_CIPHER_up_ref");
|
|
82
|
+
RTYPEDDATA_DATA(*holder) = cipher;
|
|
83
|
+
#endif
|
|
84
|
+
return cipher;
|
|
60
85
|
}
|
|
61
|
-
else {
|
|
62
|
-
const EVP_CIPHER *cipher;
|
|
63
86
|
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
87
|
+
const char *name = StringValueCStr(obj);
|
|
88
|
+
EVP_CIPHER *cipher = (EVP_CIPHER *)EVP_get_cipherbyname(name);
|
|
89
|
+
#ifdef OSSL_USE_PROVIDER
|
|
90
|
+
if (!cipher) {
|
|
91
|
+
ossl_clear_error();
|
|
92
|
+
*holder = TypedData_Wrap_Struct(0, &ossl_evp_cipher_holder_type, NULL);
|
|
93
|
+
cipher = EVP_CIPHER_fetch(NULL, name, NULL);
|
|
94
|
+
RTYPEDDATA_DATA(*holder) = cipher;
|
|
71
95
|
}
|
|
96
|
+
#endif
|
|
97
|
+
if (!cipher)
|
|
98
|
+
ossl_raise(eCipherError, "unsupported cipher algorithm: %"PRIsVALUE,
|
|
99
|
+
obj);
|
|
100
|
+
return cipher;
|
|
72
101
|
}
|
|
73
102
|
|
|
74
103
|
VALUE
|
|
@@ -77,10 +106,13 @@ ossl_cipher_new(const EVP_CIPHER *cipher)
|
|
|
77
106
|
VALUE ret;
|
|
78
107
|
EVP_CIPHER_CTX *ctx;
|
|
79
108
|
|
|
109
|
+
// NOTE: This does not set id_cipher_holder because this function should
|
|
110
|
+
// only be called from ossl_engine.c, which will not use any
|
|
111
|
+
// reference-counted ciphers.
|
|
80
112
|
ret = ossl_cipher_alloc(cCipher);
|
|
81
113
|
AllocCipher(ret, ctx);
|
|
82
114
|
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
|
|
83
|
-
|
|
115
|
+
ossl_raise(eCipherError, NULL);
|
|
84
116
|
|
|
85
117
|
return ret;
|
|
86
118
|
}
|
|
@@ -113,23 +145,22 @@ ossl_cipher_initialize(VALUE self, VALUE str)
|
|
|
113
145
|
{
|
|
114
146
|
EVP_CIPHER_CTX *ctx;
|
|
115
147
|
const EVP_CIPHER *cipher;
|
|
116
|
-
|
|
148
|
+
VALUE cipher_holder;
|
|
117
149
|
|
|
118
|
-
name = StringValueCStr(str);
|
|
119
150
|
GetCipherInit(self, ctx);
|
|
120
151
|
if (ctx) {
|
|
121
|
-
|
|
152
|
+
ossl_raise(rb_eRuntimeError, "Cipher already initialized!");
|
|
122
153
|
}
|
|
154
|
+
cipher = ossl_evp_cipher_fetch(str, &cipher_holder);
|
|
123
155
|
AllocCipher(self, ctx);
|
|
124
|
-
if (!(cipher = EVP_get_cipherbyname(name))) {
|
|
125
|
-
ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%"PRIsVALUE")", str);
|
|
126
|
-
}
|
|
127
156
|
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
|
|
128
|
-
|
|
157
|
+
ossl_raise(eCipherError, "EVP_CipherInit_ex");
|
|
158
|
+
rb_ivar_set(self, id_cipher_holder, cipher_holder);
|
|
129
159
|
|
|
130
160
|
return self;
|
|
131
161
|
}
|
|
132
162
|
|
|
163
|
+
/* :nodoc: */
|
|
133
164
|
static VALUE
|
|
134
165
|
ossl_cipher_copy(VALUE self, VALUE other)
|
|
135
166
|
{
|
|
@@ -140,11 +171,11 @@ ossl_cipher_copy(VALUE self, VALUE other)
|
|
|
140
171
|
|
|
141
172
|
GetCipherInit(self, ctx1);
|
|
142
173
|
if (!ctx1) {
|
|
143
|
-
|
|
174
|
+
AllocCipher(self, ctx1);
|
|
144
175
|
}
|
|
145
176
|
GetCipher(other, ctx2);
|
|
146
177
|
if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1)
|
|
147
|
-
|
|
178
|
+
ossl_raise(eCipherError, NULL);
|
|
148
179
|
|
|
149
180
|
return self;
|
|
150
181
|
}
|
|
@@ -169,8 +200,8 @@ ossl_s_ciphers(VALUE self)
|
|
|
169
200
|
|
|
170
201
|
ary = rb_ary_new();
|
|
171
202
|
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
|
|
172
|
-
|
|
173
|
-
|
|
203
|
+
add_cipher_name_to_ary,
|
|
204
|
+
(void*)ary);
|
|
174
205
|
|
|
175
206
|
return ary;
|
|
176
207
|
}
|
|
@@ -191,53 +222,22 @@ ossl_cipher_reset(VALUE self)
|
|
|
191
222
|
|
|
192
223
|
GetCipher(self, ctx);
|
|
193
224
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1) != 1)
|
|
194
|
-
|
|
225
|
+
ossl_raise(eCipherError, NULL);
|
|
195
226
|
|
|
196
227
|
return self;
|
|
197
228
|
}
|
|
198
229
|
|
|
199
230
|
static VALUE
|
|
200
|
-
ossl_cipher_init(
|
|
231
|
+
ossl_cipher_init(VALUE self, int enc)
|
|
201
232
|
{
|
|
202
233
|
EVP_CIPHER_CTX *ctx;
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){
|
|
208
|
-
/*
|
|
209
|
-
* oops. this code mistakes salt for IV.
|
|
210
|
-
* We deprecated the arguments for this method, but we decided
|
|
211
|
-
* keeping this behaviour for backward compatibility.
|
|
212
|
-
*/
|
|
213
|
-
VALUE cname = rb_class_path(rb_obj_class(self));
|
|
214
|
-
rb_warn("arguments for %"PRIsVALUE"#encrypt and %"PRIsVALUE"#decrypt were deprecated; "
|
|
215
|
-
"use %"PRIsVALUE"#pkcs5_keyivgen to derive key and IV",
|
|
216
|
-
cname, cname, cname);
|
|
217
|
-
StringValue(pass);
|
|
218
|
-
GetCipher(self, ctx);
|
|
219
|
-
if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
|
|
220
|
-
else{
|
|
221
|
-
StringValue(init_v);
|
|
222
|
-
if (EVP_MAX_IV_LENGTH > RSTRING_LEN(init_v)) {
|
|
223
|
-
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
|
224
|
-
memcpy(iv, RSTRING_PTR(init_v), RSTRING_LEN(init_v));
|
|
225
|
-
}
|
|
226
|
-
else memcpy(iv, RSTRING_PTR(init_v), sizeof(iv));
|
|
227
|
-
}
|
|
228
|
-
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
|
|
229
|
-
(unsigned char *)RSTRING_PTR(pass), RSTRING_LENINT(pass), 1, key, NULL);
|
|
230
|
-
p_key = key;
|
|
231
|
-
p_iv = iv;
|
|
232
|
-
}
|
|
233
|
-
else {
|
|
234
|
-
GetCipher(self, ctx);
|
|
235
|
-
}
|
|
236
|
-
if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) {
|
|
237
|
-
ossl_raise(eCipherError, NULL);
|
|
234
|
+
|
|
235
|
+
GetCipher(self, ctx);
|
|
236
|
+
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, enc) != 1) {
|
|
237
|
+
ossl_raise(eCipherError, "EVP_CipherInit_ex");
|
|
238
238
|
}
|
|
239
239
|
|
|
240
|
-
rb_ivar_set(self, id_key_set,
|
|
240
|
+
rb_ivar_set(self, id_key_set, Qfalse);
|
|
241
241
|
|
|
242
242
|
return self;
|
|
243
243
|
}
|
|
@@ -248,16 +248,15 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
|
|
|
248
248
|
*
|
|
249
249
|
* Initializes the Cipher for encryption.
|
|
250
250
|
*
|
|
251
|
-
* Make sure to call
|
|
252
|
-
*
|
|
253
|
-
* * [#key=, #iv=, #random_key, #random_iv, #pkcs5_keyivgen]
|
|
251
|
+
* Make sure to call either #encrypt or #decrypt before using the Cipher for
|
|
252
|
+
* any operation or setting any parameters.
|
|
254
253
|
*
|
|
255
254
|
* Internally calls EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 1).
|
|
256
255
|
*/
|
|
257
256
|
static VALUE
|
|
258
|
-
ossl_cipher_encrypt(
|
|
257
|
+
ossl_cipher_encrypt(VALUE self)
|
|
259
258
|
{
|
|
260
|
-
return ossl_cipher_init(
|
|
259
|
+
return ossl_cipher_init(self, 1);
|
|
261
260
|
}
|
|
262
261
|
|
|
263
262
|
/*
|
|
@@ -266,16 +265,15 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
|
|
|
266
265
|
*
|
|
267
266
|
* Initializes the Cipher for decryption.
|
|
268
267
|
*
|
|
269
|
-
* Make sure to call
|
|
270
|
-
*
|
|
271
|
-
* * [#key=, #iv=, #random_key, #random_iv, #pkcs5_keyivgen]
|
|
268
|
+
* Make sure to call either #encrypt or #decrypt before using the Cipher for
|
|
269
|
+
* any operation or setting any parameters.
|
|
272
270
|
*
|
|
273
271
|
* Internally calls EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 0).
|
|
274
272
|
*/
|
|
275
273
|
static VALUE
|
|
276
|
-
ossl_cipher_decrypt(
|
|
274
|
+
ossl_cipher_decrypt(VALUE self)
|
|
277
275
|
{
|
|
278
|
-
return ossl_cipher_init(
|
|
276
|
+
return ossl_cipher_init(self, 0);
|
|
279
277
|
}
|
|
280
278
|
|
|
281
279
|
/*
|
|
@@ -284,46 +282,42 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
|
|
|
284
282
|
*
|
|
285
283
|
* Generates and sets the key/IV based on a password.
|
|
286
284
|
*
|
|
287
|
-
* *WARNING*: This method is
|
|
288
|
-
*
|
|
289
|
-
*
|
|
290
|
-
*
|
|
291
|
-
* OpenSSL::PKCS5 instead.
|
|
285
|
+
* *WARNING*: This method is deprecated and should not be used. This method
|
|
286
|
+
* corresponds to EVP_BytesToKey(), a non-standard OpenSSL extension of the
|
|
287
|
+
* legacy PKCS #5 v1.5 key derivation function. See OpenSSL::KDF for other
|
|
288
|
+
* options to derive keys from passwords.
|
|
292
289
|
*
|
|
293
290
|
* === Parameters
|
|
294
291
|
* * _salt_ must be an 8 byte string if provided.
|
|
295
292
|
* * _iterations_ is an integer with a default of 2048.
|
|
296
293
|
* * _digest_ is a Digest object that defaults to 'MD5'
|
|
297
|
-
*
|
|
298
|
-
* A minimum of 1000 iterations is recommended.
|
|
299
|
-
*
|
|
300
294
|
*/
|
|
301
295
|
static VALUE
|
|
302
296
|
ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
|
|
303
297
|
{
|
|
304
298
|
EVP_CIPHER_CTX *ctx;
|
|
305
299
|
const EVP_MD *digest;
|
|
306
|
-
VALUE vpass, vsalt, viter, vdigest;
|
|
300
|
+
VALUE vpass, vsalt, viter, vdigest, md_holder;
|
|
307
301
|
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL;
|
|
308
302
|
int iter;
|
|
309
303
|
|
|
310
304
|
rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest);
|
|
311
305
|
StringValue(vpass);
|
|
312
306
|
if(!NIL_P(vsalt)){
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
307
|
+
StringValue(vsalt);
|
|
308
|
+
if(RSTRING_LEN(vsalt) != PKCS5_SALT_LEN)
|
|
309
|
+
ossl_raise(eCipherError, "salt must be an 8-octet string");
|
|
310
|
+
salt = (unsigned char *)RSTRING_PTR(vsalt);
|
|
317
311
|
}
|
|
318
312
|
iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
|
|
319
313
|
if (iter <= 0)
|
|
320
|
-
|
|
321
|
-
digest = NIL_P(vdigest) ? EVP_md5() :
|
|
314
|
+
rb_raise(rb_eArgError, "iterations must be a positive integer");
|
|
315
|
+
digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_md_fetch(vdigest, &md_holder);
|
|
322
316
|
GetCipher(self, ctx);
|
|
323
317
|
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
|
|
324
|
-
|
|
318
|
+
(unsigned char *)RSTRING_PTR(vpass), RSTRING_LENINT(vpass), iter, key, iv);
|
|
325
319
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1)
|
|
326
|
-
|
|
320
|
+
ossl_raise(eCipherError, NULL);
|
|
327
321
|
OPENSSL_cleanse(key, sizeof key);
|
|
328
322
|
OPENSSL_cleanse(iv, sizeof iv);
|
|
329
323
|
|
|
@@ -334,25 +328,25 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
|
|
|
334
328
|
|
|
335
329
|
static int
|
|
336
330
|
ossl_cipher_update_long(EVP_CIPHER_CTX *ctx, unsigned char *out, long *out_len_ptr,
|
|
337
|
-
|
|
331
|
+
const unsigned char *in, long in_len)
|
|
338
332
|
{
|
|
339
333
|
int out_part_len;
|
|
340
334
|
int limit = INT_MAX / 2 + 1;
|
|
341
335
|
long out_len = 0;
|
|
342
336
|
|
|
343
337
|
do {
|
|
344
|
-
|
|
338
|
+
int in_part_len = in_len > limit ? limit : (int)in_len;
|
|
345
339
|
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
340
|
+
if (!EVP_CipherUpdate(ctx, out ? (out + out_len) : 0,
|
|
341
|
+
&out_part_len, in, in_part_len))
|
|
342
|
+
return 0;
|
|
349
343
|
|
|
350
|
-
|
|
351
|
-
|
|
344
|
+
out_len += out_part_len;
|
|
345
|
+
in += in_part_len;
|
|
352
346
|
} while ((in_len -= limit) > 0);
|
|
353
347
|
|
|
354
348
|
if (out_len_ptr)
|
|
355
|
-
|
|
349
|
+
*out_len_ptr = out_len;
|
|
356
350
|
|
|
357
351
|
return 1;
|
|
358
352
|
}
|
|
@@ -368,6 +362,9 @@ ossl_cipher_update_long(EVP_CIPHER_CTX *ctx, unsigned char *out, long *out_len_p
|
|
|
368
362
|
*
|
|
369
363
|
* If _buffer_ is given, the encryption/decryption result will be written to
|
|
370
364
|
* it. _buffer_ will be resized automatically.
|
|
365
|
+
*
|
|
366
|
+
* *NOTE*: When decrypting using an AEAD cipher, the integrity of the output
|
|
367
|
+
* is not verified until #final has been called.
|
|
371
368
|
*/
|
|
372
369
|
static VALUE
|
|
373
370
|
ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
@@ -380,7 +377,7 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
380
377
|
rb_scan_args(argc, argv, "11", &data, &str);
|
|
381
378
|
|
|
382
379
|
if (!RTEST(rb_attr_get(self, id_key_set)))
|
|
383
|
-
|
|
380
|
+
ossl_raise(eCipherError, "key not set");
|
|
384
381
|
|
|
385
382
|
StringValue(data);
|
|
386
383
|
in = (unsigned char *)RSTRING_PTR(data);
|
|
@@ -399,14 +396,14 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
399
396
|
* currently implemented in OpenSSL, but this can change in the future.
|
|
400
397
|
*/
|
|
401
398
|
if (in_len > LONG_MAX - EVP_MAX_BLOCK_LENGTH) {
|
|
402
|
-
|
|
403
|
-
|
|
399
|
+
ossl_raise(rb_eRangeError,
|
|
400
|
+
"data too big to make output buffer: %ld bytes", in_len);
|
|
404
401
|
}
|
|
405
402
|
out_len = in_len + EVP_MAX_BLOCK_LENGTH;
|
|
406
403
|
|
|
407
|
-
if (NIL_P(str))
|
|
408
|
-
str =
|
|
409
|
-
|
|
404
|
+
if (NIL_P(str))
|
|
405
|
+
str = rb_str_buf_new(out_len);
|
|
406
|
+
else {
|
|
410
407
|
StringValue(str);
|
|
411
408
|
if ((long)rb_str_capacity(str) >= out_len)
|
|
412
409
|
rb_str_modify(str);
|
|
@@ -414,9 +411,9 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
414
411
|
rb_str_modify_expand(str, out_len - RSTRING_LEN(str));
|
|
415
412
|
}
|
|
416
413
|
|
|
417
|
-
if (!ossl_cipher_update_long(ctx, (unsigned char *)RSTRING_PTR(str),
|
|
418
|
-
|
|
419
|
-
|
|
414
|
+
if (!ossl_cipher_update_long(ctx, (unsigned char *)RSTRING_PTR(str),
|
|
415
|
+
&out_len, in, in_len))
|
|
416
|
+
ossl_raise(eCipherError, "EVP_CipherUpdate");
|
|
420
417
|
rb_str_set_len(str, out_len);
|
|
421
418
|
|
|
422
419
|
return str;
|
|
@@ -427,14 +424,17 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
|
|
|
427
424
|
* cipher.final -> string
|
|
428
425
|
*
|
|
429
426
|
* Returns the remaining data held in the cipher object. Further calls to
|
|
430
|
-
* Cipher#update or Cipher#final
|
|
427
|
+
* Cipher#update or Cipher#final are invalid. This call should always
|
|
431
428
|
* be made as the last call of an encryption or decryption operation, after
|
|
432
429
|
* having fed the entire plaintext or ciphertext to the Cipher instance.
|
|
433
430
|
*
|
|
434
|
-
*
|
|
435
|
-
*
|
|
436
|
-
*
|
|
437
|
-
*
|
|
431
|
+
* When encrypting using an AEAD cipher, the authentication tag can be
|
|
432
|
+
* retrieved by #auth_tag after #final has been called.
|
|
433
|
+
*
|
|
434
|
+
* When decrypting using an AEAD cipher, this method will verify the integrity
|
|
435
|
+
* of the ciphertext and the associated data with the authentication tag,
|
|
436
|
+
* which must be set by #auth_tag= prior to calling this method.
|
|
437
|
+
* If the verification fails, CipherError will be raised.
|
|
438
438
|
*/
|
|
439
439
|
static VALUE
|
|
440
440
|
ossl_cipher_final(VALUE self)
|
|
@@ -445,9 +445,17 @@ ossl_cipher_final(VALUE self)
|
|
|
445
445
|
|
|
446
446
|
GetCipher(self, ctx);
|
|
447
447
|
str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx));
|
|
448
|
-
if (!EVP_CipherFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), &out_len))
|
|
449
|
-
|
|
450
|
-
|
|
448
|
+
if (!EVP_CipherFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), &out_len)) {
|
|
449
|
+
/* For AEAD ciphers, this is likely an authentication failure */
|
|
450
|
+
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
|
451
|
+
/* For AEAD ciphers, EVP_CipherFinal_ex failures are authentication tag verification failures */
|
|
452
|
+
ossl_raise(eAuthTagError, "AEAD authentication tag verification failed");
|
|
453
|
+
}
|
|
454
|
+
else {
|
|
455
|
+
/* For non-AEAD ciphers */
|
|
456
|
+
ossl_raise(eCipherError, "cipher final failed");
|
|
457
|
+
}
|
|
458
|
+
}
|
|
451
459
|
rb_str_set_len(str, out_len);
|
|
452
460
|
|
|
453
461
|
return str;
|
|
@@ -472,7 +480,7 @@ ossl_cipher_name(VALUE self)
|
|
|
472
480
|
|
|
473
481
|
/*
|
|
474
482
|
* call-seq:
|
|
475
|
-
* cipher.key = string
|
|
483
|
+
* cipher.key = string
|
|
476
484
|
*
|
|
477
485
|
* Sets the cipher key. To generate a key, you should either use a secure
|
|
478
486
|
* random byte string or, if the key is to be derived from a password, you
|
|
@@ -480,6 +488,8 @@ ossl_cipher_name(VALUE self)
|
|
|
480
488
|
* generate a secure random-based key, Cipher#random_key may be used.
|
|
481
489
|
*
|
|
482
490
|
* Only call this method after calling Cipher#encrypt or Cipher#decrypt.
|
|
491
|
+
*
|
|
492
|
+
* See also the man page EVP_CipherInit_ex(3).
|
|
483
493
|
*/
|
|
484
494
|
static VALUE
|
|
485
495
|
ossl_cipher_set_key(VALUE self, VALUE key)
|
|
@@ -492,10 +502,10 @@ ossl_cipher_set_key(VALUE self, VALUE key)
|
|
|
492
502
|
|
|
493
503
|
key_len = EVP_CIPHER_CTX_key_length(ctx);
|
|
494
504
|
if (RSTRING_LEN(key) != key_len)
|
|
495
|
-
|
|
505
|
+
ossl_raise(rb_eArgError, "key must be %d bytes", key_len);
|
|
496
506
|
|
|
497
507
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1)
|
|
498
|
-
|
|
508
|
+
ossl_raise(eCipherError, NULL);
|
|
499
509
|
|
|
500
510
|
rb_ivar_set(self, id_key_set, Qtrue);
|
|
501
511
|
|
|
@@ -504,15 +514,21 @@ ossl_cipher_set_key(VALUE self, VALUE key)
|
|
|
504
514
|
|
|
505
515
|
/*
|
|
506
516
|
* call-seq:
|
|
507
|
-
* cipher.iv = string
|
|
517
|
+
* cipher.iv = string
|
|
508
518
|
*
|
|
509
519
|
* Sets the cipher IV. Please note that since you should never be using ECB
|
|
510
520
|
* mode, an IV is always explicitly required and should be set prior to
|
|
511
|
-
* encryption. The IV itself can be safely transmitted in public
|
|
512
|
-
* should be unpredictable to prevent certain kinds of attacks. You may use
|
|
513
|
-
* Cipher#random_iv to create a secure random IV.
|
|
521
|
+
* encryption. The IV itself can be safely transmitted in public.
|
|
514
522
|
*
|
|
515
|
-
*
|
|
523
|
+
* This method expects the String to have the length equal to #iv_len. To use
|
|
524
|
+
* a different IV length with an AEAD cipher, #iv_len= must be set prior to
|
|
525
|
+
* calling this method.
|
|
526
|
+
*
|
|
527
|
+
* *NOTE*: In OpenSSL API conventions, the IV value may correspond to the
|
|
528
|
+
* "nonce" instead in some cipher modes. Refer to the OpenSSL man pages for
|
|
529
|
+
* details.
|
|
530
|
+
*
|
|
531
|
+
* See also the man page EVP_CipherInit_ex(3).
|
|
516
532
|
*/
|
|
517
533
|
static VALUE
|
|
518
534
|
ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|
@@ -524,14 +540,14 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|
|
524
540
|
GetCipher(self, ctx);
|
|
525
541
|
|
|
526
542
|
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
527
|
-
|
|
543
|
+
iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
|
|
528
544
|
if (!iv_len)
|
|
529
|
-
|
|
545
|
+
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
|
|
530
546
|
if (RSTRING_LEN(iv) != iv_len)
|
|
531
|
-
|
|
547
|
+
ossl_raise(rb_eArgError, "iv must be %d bytes", iv_len);
|
|
532
548
|
|
|
533
549
|
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, (unsigned char *)RSTRING_PTR(iv), -1) != 1)
|
|
534
|
-
|
|
550
|
+
ossl_raise(eCipherError, NULL);
|
|
535
551
|
|
|
536
552
|
return iv;
|
|
537
553
|
}
|
|
@@ -540,8 +556,7 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|
|
540
556
|
* call-seq:
|
|
541
557
|
* cipher.authenticated? -> true | false
|
|
542
558
|
*
|
|
543
|
-
*
|
|
544
|
-
* mode.
|
|
559
|
+
* Indicates whether this Cipher instance uses an AEAD mode.
|
|
545
560
|
*/
|
|
546
561
|
static VALUE
|
|
547
562
|
ossl_cipher_is_authenticated(VALUE self)
|
|
@@ -555,21 +570,23 @@ ossl_cipher_is_authenticated(VALUE self)
|
|
|
555
570
|
|
|
556
571
|
/*
|
|
557
572
|
* call-seq:
|
|
558
|
-
* cipher.auth_data = string
|
|
573
|
+
* cipher.auth_data = string
|
|
574
|
+
*
|
|
575
|
+
* Sets additional authenticated data (AAD), also called associated data, for
|
|
576
|
+
* this Cipher. This method is available for AEAD ciphers.
|
|
559
577
|
*
|
|
560
|
-
* Sets the cipher's additional authenticated data. This field must be
|
|
561
|
-
* set when using AEAD cipher modes such as GCM or CCM. If no associated
|
|
562
|
-
* data shall be used, this method must *still* be called with a value of "".
|
|
563
578
|
* The contents of this field should be non-sensitive data which will be
|
|
564
579
|
* added to the ciphertext to generate the authentication tag which validates
|
|
565
580
|
* the contents of the ciphertext.
|
|
566
581
|
*
|
|
567
|
-
*
|
|
568
|
-
*
|
|
569
|
-
*
|
|
570
|
-
*
|
|
571
|
-
*
|
|
572
|
-
*
|
|
582
|
+
* This method must be called after #key= and #iv= have been set, but before
|
|
583
|
+
* starting actual encryption or decryption with #update. In some cipher modes,
|
|
584
|
+
* #auth_tag_len= and #ccm_data_len= may also need to be called before this
|
|
585
|
+
* method.
|
|
586
|
+
*
|
|
587
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
588
|
+
* This method internally calls EVP_CipherUpdate() with the output buffer
|
|
589
|
+
* set to NULL.
|
|
573
590
|
*/
|
|
574
591
|
static VALUE
|
|
575
592
|
ossl_cipher_set_auth_data(VALUE self, VALUE data)
|
|
@@ -585,7 +602,7 @@ ossl_cipher_set_auth_data(VALUE self, VALUE data)
|
|
|
585
602
|
|
|
586
603
|
GetCipher(self, ctx);
|
|
587
604
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
588
|
-
|
|
605
|
+
ossl_raise(eCipherError, "AEAD not supported by this cipher");
|
|
589
606
|
|
|
590
607
|
if (!ossl_cipher_update_long(ctx, NULL, &out_len, in, in_len))
|
|
591
608
|
ossl_raise(eCipherError, "couldn't set additional authenticated data");
|
|
@@ -597,16 +614,17 @@ ossl_cipher_set_auth_data(VALUE self, VALUE data)
|
|
|
597
614
|
* call-seq:
|
|
598
615
|
* cipher.auth_tag(tag_len = 16) -> String
|
|
599
616
|
*
|
|
600
|
-
* Gets the authentication tag
|
|
601
|
-
*
|
|
602
|
-
*
|
|
603
|
-
*
|
|
604
|
-
*
|
|
605
|
-
*
|
|
606
|
-
*
|
|
607
|
-
* should be chosen.
|
|
617
|
+
* Gets the generated authentication tag. This method is available for AEAD
|
|
618
|
+
* ciphers, and should be called after encryption has been finalized by calling
|
|
619
|
+
* #final.
|
|
620
|
+
*
|
|
621
|
+
* The returned tag will be _tag_len_ bytes long. Some cipher modes require
|
|
622
|
+
* the desired length in advance using a separate call to #auth_tag_len=,
|
|
623
|
+
* before starting encryption.
|
|
608
624
|
*
|
|
609
|
-
*
|
|
625
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
626
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
627
|
+
* EVP_CTRL_AEAD_GET_TAG.
|
|
610
628
|
*/
|
|
611
629
|
static VALUE
|
|
612
630
|
ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
|
|
@@ -617,34 +635,42 @@ ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
|
|
|
617
635
|
|
|
618
636
|
rb_scan_args(argc, argv, "01", &vtag_len);
|
|
619
637
|
if (NIL_P(vtag_len))
|
|
620
|
-
|
|
638
|
+
vtag_len = rb_attr_get(self, id_auth_tag_len);
|
|
621
639
|
if (!NIL_P(vtag_len))
|
|
622
|
-
|
|
640
|
+
tag_len = NUM2INT(vtag_len);
|
|
623
641
|
|
|
624
642
|
GetCipher(self, ctx);
|
|
625
643
|
|
|
626
644
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
627
|
-
|
|
645
|
+
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
|
|
628
646
|
|
|
629
647
|
ret = rb_str_new(NULL, tag_len);
|
|
630
648
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tag_len, RSTRING_PTR(ret)))
|
|
631
|
-
|
|
649
|
+
ossl_raise(eCipherError, "retrieving the authentication tag failed");
|
|
632
650
|
|
|
633
651
|
return ret;
|
|
634
652
|
}
|
|
635
653
|
|
|
636
654
|
/*
|
|
637
655
|
* call-seq:
|
|
638
|
-
* cipher.auth_tag = string
|
|
656
|
+
* cipher.auth_tag = string
|
|
639
657
|
*
|
|
640
658
|
* Sets the authentication tag to verify the integrity of the ciphertext.
|
|
641
|
-
* This can be called only when the cipher supports AE. The tag must be set
|
|
642
|
-
* after calling Cipher#decrypt, Cipher#key= and Cipher#iv=, but before
|
|
643
|
-
* calling Cipher#final. After all decryption is performed, the tag is
|
|
644
|
-
* verified automatically in the call to Cipher#final.
|
|
645
659
|
*
|
|
646
|
-
*
|
|
647
|
-
*
|
|
660
|
+
* The authentication tag must be set before #final is called. The tag is
|
|
661
|
+
* verified during the #final call.
|
|
662
|
+
*
|
|
663
|
+
* Note that, for CCM mode and OCB mode, the expected length of the tag must
|
|
664
|
+
* be set before starting decryption by a separate call to #auth_tag_len=.
|
|
665
|
+
* The content of the tag can be provided at any time before #final is called.
|
|
666
|
+
*
|
|
667
|
+
* *NOTE*: The caller must ensure that the String passed to this method has
|
|
668
|
+
* the desired length. Some cipher modes support variable tag lengths, and
|
|
669
|
+
* this method may accept a truncated tag without raising an exception.
|
|
670
|
+
*
|
|
671
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
672
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
673
|
+
* EVP_CTRL_AEAD_SET_TAG.
|
|
648
674
|
*/
|
|
649
675
|
static VALUE
|
|
650
676
|
ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
|
|
@@ -659,24 +685,27 @@ ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
|
|
|
659
685
|
|
|
660
686
|
GetCipher(self, ctx);
|
|
661
687
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
662
|
-
|
|
688
|
+
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
|
|
663
689
|
|
|
664
690
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
|
|
665
|
-
|
|
691
|
+
ossl_raise(eCipherError, "unable to set AEAD tag");
|
|
666
692
|
|
|
667
693
|
return vtag;
|
|
668
694
|
}
|
|
669
695
|
|
|
670
696
|
/*
|
|
671
697
|
* call-seq:
|
|
672
|
-
* cipher.auth_tag_len =
|
|
698
|
+
* cipher.auth_tag_len = integer
|
|
699
|
+
*
|
|
700
|
+
* Sets the length of the expected authentication tag for this Cipher. This
|
|
701
|
+
* method is available for some of AEAD ciphers that require the length to be
|
|
702
|
+
* set before starting encryption or decryption, such as CCM mode or OCB mode.
|
|
673
703
|
*
|
|
674
|
-
*
|
|
675
|
-
* AEAD ciphers that requires it as in input parameter. Note that not all AEAD
|
|
676
|
-
* ciphers support this method.
|
|
704
|
+
* For CCM mode and OCB mode, the tag length must be set before #iv= is set.
|
|
677
705
|
*
|
|
678
|
-
*
|
|
679
|
-
*
|
|
706
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
707
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
708
|
+
* EVP_CTRL_AEAD_SET_TAG and a NULL buffer.
|
|
680
709
|
*/
|
|
681
710
|
static VALUE
|
|
682
711
|
ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
|
|
@@ -686,10 +715,10 @@ ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
|
|
|
686
715
|
|
|
687
716
|
GetCipher(self, ctx);
|
|
688
717
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
689
|
-
|
|
718
|
+
ossl_raise(eCipherError, "AEAD not supported by this cipher");
|
|
690
719
|
|
|
691
720
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
|
|
692
|
-
|
|
721
|
+
ossl_raise(eCipherError, "unable to set authentication tag length");
|
|
693
722
|
|
|
694
723
|
/* for #auth_tag */
|
|
695
724
|
rb_ivar_set(self, id_auth_tag_len, INT2NUM(tag_len));
|
|
@@ -699,11 +728,16 @@ ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
|
|
|
699
728
|
|
|
700
729
|
/*
|
|
701
730
|
* call-seq:
|
|
702
|
-
*
|
|
731
|
+
* cipher.iv_len = integer
|
|
703
732
|
*
|
|
704
|
-
* Sets the IV/nonce length
|
|
705
|
-
*
|
|
706
|
-
*
|
|
733
|
+
* Sets the IV/nonce length for this Cipher. This method is available for AEAD
|
|
734
|
+
* ciphers that support variable IV lengths. This method can be called if a
|
|
735
|
+
* different IV length than OpenSSL's default is desired, prior to calling
|
|
736
|
+
* #iv=.
|
|
737
|
+
*
|
|
738
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
739
|
+
* This method internally calls EVP_CIPHER_CTX_ctrl() with
|
|
740
|
+
* EVP_CTRL_AEAD_SET_IVLEN.
|
|
707
741
|
*/
|
|
708
742
|
static VALUE
|
|
709
743
|
ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
|
|
@@ -713,10 +747,10 @@ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
|
|
|
713
747
|
|
|
714
748
|
GetCipher(self, ctx);
|
|
715
749
|
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
716
|
-
|
|
750
|
+
ossl_raise(eCipherError, "cipher does not support AEAD");
|
|
717
751
|
|
|
718
752
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
|
|
719
|
-
|
|
753
|
+
ossl_raise(eCipherError, "unable to set IV length");
|
|
720
754
|
|
|
721
755
|
/*
|
|
722
756
|
* EVP_CIPHER_CTX_iv_length() returns the default length. So we need to save
|
|
@@ -729,13 +763,14 @@ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
|
|
|
729
763
|
|
|
730
764
|
/*
|
|
731
765
|
* call-seq:
|
|
732
|
-
* cipher.key_len = integer
|
|
766
|
+
* cipher.key_len = integer
|
|
733
767
|
*
|
|
734
768
|
* Sets the key length of the cipher. If the cipher is a fixed length cipher
|
|
735
769
|
* then attempting to set the key length to any value other than the fixed
|
|
736
770
|
* value is an error.
|
|
737
771
|
*
|
|
738
|
-
* Under normal circumstances you do not need to call this method (and
|
|
772
|
+
* Under normal circumstances you do not need to call this method (and
|
|
773
|
+
* probably shouldn't).
|
|
739
774
|
*
|
|
740
775
|
* See EVP_CIPHER_CTX_set_key_length for further information.
|
|
741
776
|
*/
|
|
@@ -752,13 +787,16 @@ ossl_cipher_set_key_length(VALUE self, VALUE key_length)
|
|
|
752
787
|
return key_length;
|
|
753
788
|
}
|
|
754
789
|
|
|
790
|
+
// TODO: Should #padding= take a boolean value instead?
|
|
755
791
|
/*
|
|
756
792
|
* call-seq:
|
|
757
|
-
* cipher.padding =
|
|
793
|
+
* cipher.padding = 1 or 0
|
|
758
794
|
*
|
|
759
|
-
* Enables or disables padding. By default encryption operations are padded
|
|
760
|
-
*
|
|
761
|
-
*
|
|
795
|
+
* Enables or disables padding. By default encryption operations are padded
|
|
796
|
+
* using standard block padding and the padding is checked and removed when
|
|
797
|
+
* decrypting. If the pad parameter is zero then no padding is performed, the
|
|
798
|
+
* total amount of data encrypted or decrypted must then be a multiple of the
|
|
799
|
+
* block size or an error will occur.
|
|
762
800
|
*
|
|
763
801
|
* See EVP_CIPHER_CTX_set_padding for further information.
|
|
764
802
|
*/
|
|
@@ -770,7 +808,7 @@ ossl_cipher_set_padding(VALUE self, VALUE padding)
|
|
|
770
808
|
|
|
771
809
|
GetCipher(self, ctx);
|
|
772
810
|
if (EVP_CIPHER_CTX_set_padding(ctx, pad) != 1)
|
|
773
|
-
|
|
811
|
+
ossl_raise(eCipherError, NULL);
|
|
774
812
|
return padding;
|
|
775
813
|
}
|
|
776
814
|
|
|
@@ -804,9 +842,9 @@ ossl_cipher_iv_length(VALUE self)
|
|
|
804
842
|
|
|
805
843
|
GetCipher(self, ctx);
|
|
806
844
|
if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
807
|
-
|
|
845
|
+
len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
|
|
808
846
|
if (!len)
|
|
809
|
-
|
|
847
|
+
len = EVP_CIPHER_CTX_iv_length(ctx);
|
|
810
848
|
|
|
811
849
|
return INT2NUM(len);
|
|
812
850
|
}
|
|
@@ -829,13 +867,17 @@ ossl_cipher_block_size(VALUE self)
|
|
|
829
867
|
|
|
830
868
|
/*
|
|
831
869
|
* call-seq:
|
|
832
|
-
* cipher.ccm_data_len = integer
|
|
870
|
+
* cipher.ccm_data_len = integer
|
|
833
871
|
*
|
|
834
|
-
* Sets the length of the plaintext / ciphertext message that will be
|
|
835
|
-
* processed in CCM mode.
|
|
836
|
-
* #iv= have been set, and before #auth_data=.
|
|
872
|
+
* Sets the total length of the plaintext / ciphertext message that will be
|
|
873
|
+
* processed by #update in CCM mode.
|
|
837
874
|
*
|
|
838
|
-
*
|
|
875
|
+
* Make sure to call this method after #key= and #iv= have been set, and
|
|
876
|
+
* before #auth_data= or #update are called.
|
|
877
|
+
*
|
|
878
|
+
* This method is only available for CCM mode ciphers.
|
|
879
|
+
*
|
|
880
|
+
* See also the "AEAD Interface" section of the man page EVP_EncryptInit(3).
|
|
839
881
|
*/
|
|
840
882
|
static VALUE
|
|
841
883
|
ossl_cipher_set_ccm_data_len(VALUE self, VALUE data_len)
|
|
@@ -858,11 +900,6 @@ ossl_cipher_set_ccm_data_len(VALUE self, VALUE data_len)
|
|
|
858
900
|
void
|
|
859
901
|
Init_ossl_cipher(void)
|
|
860
902
|
{
|
|
861
|
-
#if 0
|
|
862
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
863
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
864
|
-
#endif
|
|
865
|
-
|
|
866
903
|
/* Document-class: OpenSSL::Cipher
|
|
867
904
|
*
|
|
868
905
|
* Provides symmetric algorithms for encryption and decryption. The
|
|
@@ -1018,24 +1055,28 @@ Init_ossl_cipher(void)
|
|
|
1018
1055
|
* could otherwise be exploited to modify ciphertexts in ways beneficial to
|
|
1019
1056
|
* potential attackers.
|
|
1020
1057
|
*
|
|
1021
|
-
*
|
|
1058
|
+
* Associated data, also called additional authenticated data (AAD), is
|
|
1059
|
+
* optionally used where there is additional information, such as
|
|
1022
1060
|
* headers or some metadata, that must be also authenticated but not
|
|
1023
|
-
* necessarily need to be encrypted.
|
|
1024
|
-
* encryption and later decryption, the OpenSSL library still requires a
|
|
1025
|
-
* value to be set - "" may be used in case none is available.
|
|
1061
|
+
* necessarily need to be encrypted.
|
|
1026
1062
|
*
|
|
1027
1063
|
* An example using the GCM (Galois/Counter Mode). You have 16 bytes _key_,
|
|
1028
1064
|
* 12 bytes (96 bits) _nonce_ and the associated data _auth_data_. Be sure
|
|
1029
1065
|
* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
|
|
1030
1066
|
* security guarantees of GCM mode.
|
|
1031
1067
|
*
|
|
1068
|
+
* key = OpenSSL::Random.random_bytes(16)
|
|
1069
|
+
* nonce = OpenSSL::Random.random_bytes(12)
|
|
1070
|
+
* auth_data = "authenticated but unencrypted data"
|
|
1071
|
+
* data = "encrypted data"
|
|
1072
|
+
*
|
|
1032
1073
|
* cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
|
|
1033
1074
|
* cipher.key = key
|
|
1034
1075
|
* cipher.iv = nonce
|
|
1035
1076
|
* cipher.auth_data = auth_data
|
|
1036
1077
|
*
|
|
1037
1078
|
* encrypted = cipher.update(data) + cipher.final
|
|
1038
|
-
* tag = cipher.auth_tag
|
|
1079
|
+
* tag = cipher.auth_tag(16)
|
|
1039
1080
|
*
|
|
1040
1081
|
* Now you are the receiver. You know the _key_ and have received _nonce_,
|
|
1041
1082
|
* _auth_data_, _encrypted_ and _tag_ through an untrusted network. Note
|
|
@@ -1048,23 +1089,29 @@ Init_ossl_cipher(void)
|
|
|
1048
1089
|
* decipher = OpenSSL::Cipher.new('aes-128-gcm').decrypt
|
|
1049
1090
|
* decipher.key = key
|
|
1050
1091
|
* decipher.iv = nonce
|
|
1051
|
-
* decipher.auth_tag = tag
|
|
1092
|
+
* decipher.auth_tag = tag # could be called at any time before #final
|
|
1052
1093
|
* decipher.auth_data = auth_data
|
|
1053
1094
|
*
|
|
1054
1095
|
* decrypted = decipher.update(encrypted) + decipher.final
|
|
1055
1096
|
*
|
|
1056
1097
|
* puts data == decrypted #=> true
|
|
1098
|
+
*
|
|
1099
|
+
* Note that other AEAD ciphers may require additional steps, such as
|
|
1100
|
+
* setting the expected tag length (#auth_tag_len=) or the total data
|
|
1101
|
+
* length (#ccm_data_len=) in advance. Make sure to read the relevant man
|
|
1102
|
+
* page for details.
|
|
1057
1103
|
*/
|
|
1058
1104
|
cCipher = rb_define_class_under(mOSSL, "Cipher", rb_cObject);
|
|
1059
1105
|
eCipherError = rb_define_class_under(cCipher, "CipherError", eOSSLError);
|
|
1106
|
+
eAuthTagError = rb_define_class_under(cCipher, "AuthTagError", eCipherError);
|
|
1060
1107
|
|
|
1061
1108
|
rb_define_alloc_func(cCipher, ossl_cipher_alloc);
|
|
1062
1109
|
rb_define_method(cCipher, "initialize_copy", ossl_cipher_copy, 1);
|
|
1063
1110
|
rb_define_module_function(cCipher, "ciphers", ossl_s_ciphers, 0);
|
|
1064
1111
|
rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
|
|
1065
1112
|
rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
|
|
1066
|
-
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt,
|
|
1067
|
-
rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt,
|
|
1113
|
+
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, 0);
|
|
1114
|
+
rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, 0);
|
|
1068
1115
|
rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1);
|
|
1069
1116
|
rb_define_method(cCipher, "update", ossl_cipher_update, -1);
|
|
1070
1117
|
rb_define_method(cCipher, "final", ossl_cipher_final, 0);
|
|
@@ -1086,4 +1133,5 @@ Init_ossl_cipher(void)
|
|
|
1086
1133
|
|
|
1087
1134
|
id_auth_tag_len = rb_intern_const("auth_tag_len");
|
|
1088
1135
|
id_key_set = rb_intern_const("key_set");
|
|
1136
|
+
id_cipher_holder = rb_intern_const("EVP_CIPHER_holder");
|
|
1089
1137
|
}
|