RubyGems - openssl_rsa_pss_verify - Versions diffs - 0.0.2 → 0.0.3 - Mend

openssl_rsa_pss_verify 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/.gitignore +1 -0
data/Gemfile.lock +1 -1
data/README.md +33 -0
data/ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c +3 -2
data/lib/openssl_rsa_pss_verify/version.rb +1 -1
metadata +2 -2
data/README +0 -1

data/.gitignore CHANGED

@@ -3,3 +3,4 @@
 *.bundle
 *.o
 *.dSYM
+*.gem

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    openssl_rsa_pss_verify (0.0.1)
+    openssl_rsa_pss_verify (0.0.2)
 GEM
   remote: http://rubygems.org/

data/README.md ADDED

@@ -0,0 +1,33 @@
+## Support PSS signatures in RSA verification
+This gem requires that ruby be built against OpenSSL 1.0.1 or higher! Earlier versions don't support PSS signature verification.
+### Usage
+```ruby
+require 'openssl_rsa_pss_verify'
+pubkey = OpenSSL::PKey::RSA.new File.read("my_pubkey.pem")
+raw_data = File.read("my_raw_data")
+signature = File.read("my_signature")
+salt_lenth = 0
+pubkey.verify_pss_sha1(signature,
+                       OpenSSL::Digest::SHA1.digest(raw_data),
+                       salt_length)
+#=> true or false
+```
+This the above is identical to
+```bash
+openssl sha1 -binary my_raw_data > my_hashed_data
+openssl pkeyutl -verify -in my_hashed_data -pubin -inkey my_pubkey.pem \
+  -sigfile my_signature -pkeyopt digest:sha1 -pkeyopt rsa_padding_mode:pss \
+  -pkeyopt rsa_pss_saltlen:0
+```
+See the [man page](https://www.openssl.org/docs/apps/pkeyutl.html) for more information.
+### Notes
+- Only supports SHA1
+- OpenSSL 1.0.1 is not available on Heroku! I'm working on a custom buildpack, but it's very ad hoc.

data/ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c CHANGED

@@ -14,10 +14,11 @@ static VALUE rb_cRSAError;
 VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHashData, VALUE vSaltLen) {
   EVP_PKEY * pkey;
   EVP_PKEY_CTX * pkey_ctx;
-  int verify_rval;
+  int verify_rval, salt_len;
   StringValue(vSig);
   StringValue(vHashData);
+  salt_len = NUM2INT(vSaltLen);
   Data_Get_Struct(self, EVP_PKEY, pkey);
   pkey_ctx = EVP_PKEY_CTX_new(pkey, ENGINE_get_default_RSA());
@@ -25,7 +26,7 @@ VALUE openssl_rsa_pss_verify__verify_pss_sha1(VALUE self, VALUE vSig, VALUE vHas
   EVP_PKEY_verify_init(pkey_ctx);
   EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha1());
   EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING);
-  EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, NUM2INT(vSaltLen));
+  EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len);
   verify_rval = EVP_PKEY_verify(pkey_ctx,
                                 (unsigned char*)RSTRING_PTR(vSig), RSTRING_LEN(vSig),

data/lib/openssl_rsa_pss_verify/version.rb CHANGED

@@ -1,3 +1,3 @@
 module OpenSSL_RSA_PSS_Verify
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openssl_rsa_pss_verify
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease:
 platform: ruby
 authors:
@@ -74,7 +74,7 @@ files:
 - .ruby-version
 - Gemfile
 - Gemfile.lock
-- README
+- README.md
 - Rakefile
 - ext/openssl_rsa_pss_verify/extconf.rb
 - ext/openssl_rsa_pss_verify/openssl_rsa_pss_verify_ext.c

data/README DELETED

	@@ -1 +0,0 @@
1	- Support PSS signatures in RSA verification