RubyGems - rubysl-openssl - Versions diffs - 0.0.1 → 1.0.1 - Mend

rubysl-openssl 0.0.1 → 1.0.1

Files changed (88) hide show

checksums.yaml +7 -0
data/.gitignore +0 -1
data/.travis.yml +7 -0
data/README.md +2 -2
data/Rakefile +0 -1
data/ext/rubysl/openssl/extconf.h +50 -0
data/ext/rubysl/openssl/extconf.rb +144 -0
data/ext/rubysl/openssl/openssl_missing.c +343 -0
data/ext/rubysl/openssl/openssl_missing.h +191 -0
data/ext/rubysl/openssl/ossl.c +552 -0
data/ext/rubysl/openssl/ossl.h +233 -0
data/ext/rubysl/openssl/ossl_asn1.c +1160 -0
data/ext/rubysl/openssl/ossl_asn1.h +59 -0
data/ext/rubysl/openssl/ossl_bio.c +86 -0
data/ext/rubysl/openssl/ossl_bio.h +21 -0
data/ext/rubysl/openssl/ossl_bn.c +852 -0
data/ext/rubysl/openssl/ossl_bn.h +25 -0
data/ext/rubysl/openssl/ossl_cipher.c +569 -0
data/ext/rubysl/openssl/ossl_cipher.h +22 -0
data/ext/rubysl/openssl/ossl_config.c +75 -0
data/ext/rubysl/openssl/ossl_config.h +22 -0
data/ext/rubysl/openssl/ossl_digest.c +259 -0
data/ext/rubysl/openssl/ossl_digest.h +22 -0
data/ext/rubysl/openssl/ossl_engine.c +411 -0
data/ext/rubysl/openssl/ossl_engine.h +20 -0
data/ext/rubysl/openssl/ossl_hmac.c +268 -0
data/ext/rubysl/openssl/ossl_hmac.h +19 -0
data/ext/rubysl/openssl/ossl_ns_spki.c +257 -0
data/ext/rubysl/openssl/ossl_ns_spki.h +21 -0
data/ext/rubysl/openssl/ossl_ocsp.c +769 -0
data/ext/rubysl/openssl/ossl_ocsp.h +24 -0
data/ext/rubysl/openssl/ossl_pkcs12.c +210 -0
data/ext/rubysl/openssl/ossl_pkcs12.h +15 -0
data/ext/rubysl/openssl/ossl_pkcs5.c +99 -0
data/ext/rubysl/openssl/ossl_pkcs5.h +6 -0
data/ext/rubysl/openssl/ossl_pkcs7.c +1039 -0
data/ext/rubysl/openssl/ossl_pkcs7.h +22 -0
data/ext/rubysl/openssl/ossl_pkey.c +240 -0
data/ext/rubysl/openssl/ossl_pkey.h +141 -0
data/ext/rubysl/openssl/ossl_pkey_dh.c +532 -0
data/ext/rubysl/openssl/ossl_pkey_dsa.c +484 -0
data/ext/rubysl/openssl/ossl_pkey_ec.c +1593 -0
data/ext/rubysl/openssl/ossl_pkey_rsa.c +593 -0
data/ext/rubysl/openssl/ossl_rand.c +202 -0
data/ext/rubysl/openssl/ossl_rand.h +20 -0
data/ext/rubysl/openssl/ossl_ssl.c +1484 -0
data/ext/rubysl/openssl/ossl_ssl.h +36 -0
data/ext/rubysl/openssl/ossl_ssl_session.c +307 -0
data/ext/rubysl/openssl/ossl_version.h +16 -0
data/ext/rubysl/openssl/ossl_x509.c +104 -0
data/ext/rubysl/openssl/ossl_x509.h +114 -0
data/ext/rubysl/openssl/ossl_x509attr.c +274 -0
data/ext/rubysl/openssl/ossl_x509cert.c +764 -0
data/ext/rubysl/openssl/ossl_x509crl.c +535 -0
data/ext/rubysl/openssl/ossl_x509ext.c +458 -0
data/ext/rubysl/openssl/ossl_x509name.c +399 -0
data/ext/rubysl/openssl/ossl_x509req.c +466 -0
data/ext/rubysl/openssl/ossl_x509revoked.c +229 -0
data/ext/rubysl/openssl/ossl_x509store.c +625 -0
data/ext/rubysl/openssl/ruby_missing.h +41 -0
data/lib/openssl.rb +1 -0
data/lib/openssl/bn.rb +35 -0
data/lib/openssl/buffering.rb +241 -0
data/lib/openssl/cipher.rb +65 -0
data/lib/openssl/config.rb +316 -0
data/lib/openssl/digest.rb +61 -0
data/lib/openssl/net/ftptls.rb +53 -0
data/lib/openssl/net/telnets.rb +251 -0
data/lib/openssl/pkcs7.rb +25 -0
data/lib/openssl/ssl-internal.rb +187 -0
data/lib/openssl/ssl.rb +1 -0
data/lib/openssl/x509-internal.rb +153 -0
data/lib/openssl/x509.rb +1 -0
data/lib/rubysl/openssl.rb +28 -0
data/lib/rubysl/openssl/version.rb +5 -0
data/rubysl-openssl.gemspec +19 -18
data/spec/cipher_spec.rb +16 -0
data/spec/config/freeze_spec.rb +17 -0
data/spec/hmac/digest_spec.rb +15 -0
data/spec/hmac/hexdigest_spec.rb +15 -0
data/spec/random/pseudo_bytes_spec.rb +5 -0
data/spec/random/random_bytes_spec.rb +5 -0
data/spec/random/shared/random_bytes.rb +28 -0
data/spec/shared/constants.rb +11 -0
data/spec/x509/name/parse_spec.rb +47 -0
metadata +153 -89
data/lib/rubysl-openssl.rb +0 -7
data/lib/rubysl-openssl/version.rb +0 -5

data/ext/rubysl/openssl/ossl_pkcs7.h ADDED

@@ -0,0 +1,22 @@
+/*
+ * $Id: ossl_pkcs7.h 12496 2007-06-08 15:02:04Z technorama $
+ * 'OpenSSL for Ruby' project
+ * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
+ * All rights reserved.
+ */
+/*
+ * This program is licenced under the same licence as Ruby.
+ * (See the file 'LICENCE'.)
+ */
+#if !defined(_OSSL_PKCS7_H_)
+#define _OSSL_PKCS7_H_
+extern VALUE cPKCS7;
+extern VALUE cPKCS7Signer;
+extern VALUE cPKCS7Recipient;
+extern VALUE ePKCS7Error;
+void Init_ossl_pkcs7(void);
+#endif /* _OSSL_PKCS7_H_ */

data/ext/rubysl/openssl/ossl_pkey.c ADDED

@@ -0,0 +1,240 @@
+/*
+ * $Id: ossl_pkey.c 28004 2010-05-24 23:58:49Z shyouhei $
+ * 'OpenSSL for Ruby' project
+ * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
+ * All rights reserved.
+ */
+/*
+ * This program is licenced under the same licence as Ruby.
+ * (See the file 'LICENCE'.)
+ */
+#include "ossl.h"
+/*
+ * Classes
+ */
+VALUE mPKey;
+VALUE cPKey;
+VALUE ePKeyError;
+ID id_private_q;
+/*
+ * callback for generating keys
+ */
+void
+ossl_generate_cb(int p, int n, void *arg)
+{
+    VALUE ary;
+    ary = rb_ary_new2(2);
+    rb_ary_store(ary, 0, INT2NUM(p));
+    rb_ary_store(ary, 1, INT2NUM(n));
+    rb_yield(ary);
+}
+/*
+ * Public
+ */
+VALUE
+ossl_pkey_new(EVP_PKEY *pkey)
+{
+    if (!pkey) {
+	ossl_raise(ePKeyError, "Cannot make new key from NULL.");
+    }
+    switch (EVP_PKEY_type(pkey->type)) {
+#if !defined(OPENSSL_NO_RSA)
+    case EVP_PKEY_RSA:
+	return ossl_rsa_new(pkey);
+#endif
+#if !defined(OPENSSL_NO_DSA)
+    case EVP_PKEY_DSA:
+	return ossl_dsa_new(pkey);
+#endif
+#if !defined(OPENSSL_NO_DH)
+    case EVP_PKEY_DH:
+	return ossl_dh_new(pkey);
+#endif
+#if !defined(OPENSSL_NO_EC) && (OPENSSL_VERSION_NUMBER >= 0x0090802fL)
+    case EVP_PKEY_EC:
+	return ossl_ec_new(pkey);
+#endif
+    default:
+	ossl_raise(ePKeyError, "unsupported key type");
+    }
+    return Qnil; /* not reached */
+}
+VALUE
+ossl_pkey_new_from_file(VALUE filename)
+{
+    FILE *fp;
+    EVP_PKEY *pkey;
+    SafeStringValue(filename);
+    if (!(fp = fopen(RSTRING_PTR(filename), "r"))) {
+	ossl_raise(ePKeyError, "%s", strerror(errno));
+    }
+    pkey = PEM_read_PrivateKey(fp, NULL, ossl_pem_passwd_cb, NULL);
+    fclose(fp);
+    if (!pkey) {
+	ossl_raise(ePKeyError, NULL);
+    }
+    return ossl_pkey_new(pkey);
+}
+EVP_PKEY *
+GetPKeyPtr(VALUE obj)
+{
+    EVP_PKEY *pkey;
+    SafeGetPKey(obj, pkey);
+    return pkey;
+}
+EVP_PKEY *
+GetPrivPKeyPtr(VALUE obj)
+{
+    EVP_PKEY *pkey;
+    if (rb_funcall(obj, id_private_q, 0, NULL) != Qtrue) {
+	ossl_raise(rb_eArgError, "Private key is needed.");
+    }
+    SafeGetPKey(obj, pkey);
+    return pkey;
+}
+EVP_PKEY *
+DupPKeyPtr(VALUE obj)
+{
+    EVP_PKEY *pkey;
+    SafeGetPKey(obj, pkey);
+    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    return pkey;
+}
+EVP_PKEY *
+DupPrivPKeyPtr(VALUE obj)
+{
+    EVP_PKEY *pkey;
+    if (rb_funcall(obj, id_private_q, 0, NULL) != Qtrue) {
+	ossl_raise(rb_eArgError, "Private key is needed.");
+    }
+    SafeGetPKey(obj, pkey);
+    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    return pkey;
+}
+/*
+ * Private
+ */
+static VALUE
+ossl_pkey_alloc(VALUE klass)
+{
+    EVP_PKEY *pkey;
+    VALUE obj;
+    if (!(pkey = EVP_PKEY_new())) {
+	ossl_raise(ePKeyError, NULL);
+    }
+    WrapPKey(klass, obj, pkey);
+    return obj;
+}
+static VALUE
+ossl_pkey_initialize(VALUE self)
+{
+    if (rb_obj_is_instance_of(self, cPKey)) {
+	ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class.");
+    }
+    return self;
+}
+static VALUE
+ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
+{
+    EVP_PKEY *pkey;
+    EVP_MD_CTX ctx;
+    int buf_len;
+    VALUE str;
+    if (rb_funcall(self, id_private_q, 0, NULL) != Qtrue) {
+	ossl_raise(rb_eArgError, "Private key is needed.");
+    }
+    GetPKey(self, pkey);
+    EVP_SignInit(&ctx, GetDigestPtr(digest));
+    StringValue(data);
+    EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
+    str = rb_str_new(0, EVP_PKEY_size(pkey)+16);
+    if (!EVP_SignFinal(&ctx, RSTRING_PTR(str), &buf_len, pkey))
+	ossl_raise(ePKeyError, NULL);
+    assert((long)buf_len <= RSTRING_LEN(str));
+    rb_str_set_len(str, buf_len);
+    return str;
+}
+static VALUE
+ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
+{
+    EVP_PKEY *pkey;
+    EVP_MD_CTX ctx;
+    GetPKey(self, pkey);
+    EVP_VerifyInit(&ctx, GetDigestPtr(digest));
+    StringValue(sig);
+    StringValue(data);
+    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
+    switch (EVP_VerifyFinal(&ctx, RSTRING_PTR(sig), RSTRING_LEN(sig), pkey)) {
+    case 0:
+	return Qfalse;
+    case 1:
+	return Qtrue;
+    default:
+	ossl_raise(ePKeyError, NULL);
+    }
+    return Qnil; /* dummy */
+}
+/*
+ * INIT
+ */
+void
+Init_ossl_pkey()
+{
+#if 0 /* let rdoc know about mOSSL */
+    mOSSL = rb_define_module("OpenSSL");
+#endif
+    mPKey = rb_define_module_under(mOSSL, "PKey");
+    ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
+    cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
+    rb_define_alloc_func(cPKey, ossl_pkey_alloc);
+    rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0);
+    rb_define_method(cPKey, "sign", ossl_pkey_sign, 2);
+    rb_define_method(cPKey, "verify", ossl_pkey_verify, 3);
+    id_private_q = rb_intern("private?");
+    /*
+     * INIT rsa, dsa, dh, ec
+     */
+    Init_ossl_rsa();
+    Init_ossl_dsa();
+    Init_ossl_dh();
+    Init_ossl_ec();
+}

data/ext/rubysl/openssl/ossl_pkey.h ADDED

@@ -0,0 +1,141 @@
+/*
+ * $Id: ossl_pkey.h 12496 2007-06-08 15:02:04Z technorama $
+ * 'OpenSSL for Ruby' project
+ * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
+ * All rights reserved.
+ */
+/*
+ * This program is licenced under the same licence as Ruby.
+ * (See the file 'LICENCE'.)
+ */
+#if !defined(_OSSL_PKEY_H_)
+#define _OSSL_PKEY_H_
+extern VALUE mPKey;
+extern VALUE cPKey;
+extern VALUE ePKeyError;
+extern ID id_private_q;
+#define OSSL_PKEY_SET_PRIVATE(obj) rb_iv_set((obj), "private", Qtrue)
+#define OSSL_PKEY_SET_PUBLIC(obj)  rb_iv_set((obj), "private", Qfalse)
+#define OSSL_PKEY_IS_PRIVATE(obj)  (rb_iv_get((obj), "private") == Qtrue)
+#define WrapPKey(klass, obj, pkey) do { \
+    if (!pkey) { \
+	rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!"); \
+    } \
+    obj = Data_Wrap_Struct(klass, 0, EVP_PKEY_free, pkey); \
+    OSSL_PKEY_SET_PUBLIC(obj); \
+} while (0)
+#define GetPKey(obj, pkey) do {\
+    Data_Get_Struct(obj, EVP_PKEY, pkey);\
+    if (!pkey) { \
+	rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\
+    } \
+} while (0)
+#define SafeGetPKey(obj, pkey) do { \
+    OSSL_Check_Kind(obj, cPKey); \
+    GetPKey(obj, pkey); \
+} while (0)
+void ossl_generate_cb(int, int, void *);
+VALUE ossl_pkey_new(EVP_PKEY *);
+VALUE ossl_pkey_new_from_file(VALUE);
+EVP_PKEY *GetPKeyPtr(VALUE);
+EVP_PKEY *DupPKeyPtr(VALUE);
+EVP_PKEY *GetPrivPKeyPtr(VALUE);
+EVP_PKEY *DupPrivPKeyPtr(VALUE);
+void Init_ossl_pkey(void);
+/*
+ * RSA
+ */
+extern VALUE cRSA;
+extern VALUE eRSAError;
+VALUE ossl_rsa_new(EVP_PKEY *);
+void Init_ossl_rsa(void);
+/*
+ * DSA
+ */
+extern VALUE cDSA;
+extern VALUE eDSAError;
+VALUE ossl_dsa_new(EVP_PKEY *);
+void Init_ossl_dsa(void);
+/*
+ * DH
+ */
+extern VALUE cDH;
+extern VALUE eDHError;
+extern DH *OSSL_DEFAULT_DH_512;
+extern DH *OSSL_DEFAULT_DH_1024;
+VALUE ossl_dh_new(EVP_PKEY *);
+void Init_ossl_dh(void);
+/*
+ * EC
+ */
+extern VALUE cEC;
+extern VALUE eECError;
+extern VALUE cEC_GROUP;
+extern VALUE eEC_GROUP;
+extern VALUE cEC_POINT;
+extern VALUE eEC_POINT;
+VALUE ossl_ec_new(EVP_PKEY *);
+void Init_ossl_ec(void);
+#define OSSL_PKEY_BN(keytype, name)					\
+/*									\
+ *  call-seq:								\
+ *     key.##name -> aBN						\
+ */									\
+static VALUE ossl_##keytype##_get_##name(VALUE self)			\
+{									\
+	EVP_PKEY *pkey;							\
+	BIGNUM *bn;							\
+									\
+	GetPKey(self, pkey);						\
+	bn = pkey->pkey.keytype->name;					\
+	if (bn == NULL)							\
+		return Qnil;						\
+	return ossl_bn_new(bn);						\
+}									\
+/*									\
+ *  call-seq:								\
+ *     key.##name = bn -> bn						\
+ */									\
+static VALUE ossl_##keytype##_set_##name(VALUE self, VALUE bignum)	\
+{									\
+	EVP_PKEY *pkey;							\
+	BIGNUM *bn;							\
+									\
+	GetPKey(self, pkey);						\
+	if (NIL_P(bignum)) {						\
+		BN_clear_free(pkey->pkey.keytype->name);		\
+		pkey->pkey.keytype->name = NULL;			\
+		return Qnil;						\
+	}								\
+									\
+	bn = GetBNPtr(bignum);						\
+	if (pkey->pkey.keytype->name == NULL)				\
+		pkey->pkey.keytype->name = BN_new();			\
+	if (pkey->pkey.keytype->name == NULL)				\
+		ossl_raise(eBNError, NULL);				\
+	if (BN_copy(pkey->pkey.keytype->name, bn) == NULL)		\
+		ossl_raise(eBNError, NULL);				\
+	return bignum;							\
+}
+#define DEF_OSSL_PKEY_BN(class, keytype, name)				\
+do {									\
+	rb_define_method(class, #name, ossl_##keytype##_get_##name, 0);	\
+	rb_define_method(class, #name "=", ossl_##keytype##_set_##name, 1);\
+} while (0)
+#endif /* _OSSL_PKEY_H_ */

data/ext/rubysl/openssl/ossl_pkey_dh.c ADDED

@@ -0,0 +1,532 @@
+/*
+ * $Id: ossl_pkey_dh.c 28004 2010-05-24 23:58:49Z shyouhei $
+ * 'OpenSSL for Ruby' project
+ * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
+ * All rights reserved.
+ */
+/*
+ * This program is licenced under the same licence as Ruby.
+ * (See the file 'LICENCE'.)
+ */
+#if !defined(OPENSSL_NO_DH)
+#include "ossl.h"
+#define GetPKeyDH(obj, pkey) do { \
+    GetPKey(obj, pkey); \
+    if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { /* PARANOIA? */ \
+	ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \
+    } \
+} while (0)
+#define DH_HAS_PRIVATE(dh) ((dh)->priv_key)
+#ifdef OSSL_ENGINE_ENABLED
+#  define DH_PRIVATE(dh) (DH_HAS_PRIVATE(dh) || (dh)->engine)
+#else
+#  define DH_PRIVATE(dh) DH_HAS_PRIVATE(dh)
+#endif
+/*
+ * Classes
+ */
+VALUE cDH;
+VALUE eDHError;
+/*
+ * Public
+ */
+static VALUE
+dh_instance(VALUE klass, DH *dh)
+{
+    EVP_PKEY *pkey;
+    VALUE obj;
+    if (!dh) {
+	return Qfalse;
+    }
+    if (!(pkey = EVP_PKEY_new())) {
+	return Qfalse;
+    }
+    if (!EVP_PKEY_assign_DH(pkey, dh)) {
+	EVP_PKEY_free(pkey);
+	return Qfalse;
+    }
+    WrapPKey(klass, obj, pkey);
+    return obj;
+}
+VALUE
+ossl_dh_new(EVP_PKEY *pkey)
+{
+    VALUE obj;
+    if (!pkey) {
+	obj = dh_instance(cDH, DH_new());
+    } else {
+	if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) {
+	    ossl_raise(rb_eTypeError, "Not a DH key!");
+	}
+	WrapPKey(cDH, obj, pkey);
+    }
+    if (obj == Qfalse) {
+	ossl_raise(eDHError, NULL);
+    }
+    return obj;
+}
+/*
+ * Private
+ */
+static DH *
+dh_generate(int size, int gen)
+{
+    DH *dh;
+    dh = DH_generate_parameters(size, gen,
+	    rb_block_given_p() ? ossl_generate_cb : NULL,
+	    NULL);
+    if (!dh) return 0;
+    if (!DH_generate_key(dh)) {
+	DH_free(dh);
+	return 0;
+    }
+    return dh;
+}
+/*
+ *  call-seq:
+ *     DH.generate(size [, generator]) -> dh
+ *
+ *  === Parameters
+ *  * +size+ is an integer representing the desired key size.  Keys smaller than 1024 should be considered insecure.
+ *  * +generator+ is a small number > 1, typically 2 or 5.
+ *
+ */
+static VALUE
+ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
+{
+    DH *dh ;
+    int g = 2;
+    VALUE size, gen, obj;
+    if (rb_scan_args(argc, argv, "11", &size, &gen) == 2) {
+	g = NUM2INT(gen);
+    }
+    dh = dh_generate(NUM2INT(size), g);
+    obj = dh_instance(klass, dh);
+    if (obj == Qfalse) {
+	DH_free(dh);
+	ossl_raise(eDHError, NULL);
+    }
+    return obj;
+}
+/*
+ *  call-seq:
+ *     DH.new([size [, generator] | string]) -> dh
+ *
+ *  === Parameters
+ *  * +size+ is an integer representing the desired key size.  Keys smaller than 1024 should be considered insecure.
+ *  * +generator+ is a small number > 1, typically 2 or 5.
+ *  * +string+ contains the DER or PEM encoded key.
+ *
+ *  === Examples
+ *  * DH.new -> dh
+ *  * DH.new(1024) -> dh
+ *  * DH.new(1024, 5) -> dh
+ *  * DH.new(File.read('key.pem')) -> dh
+ */
+static VALUE
+ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
+{
+    EVP_PKEY *pkey;
+    DH *dh;
+    int g = 2;
+    BIO *in;
+    VALUE arg, gen;
+    GetPKey(self, pkey);
+    if(rb_scan_args(argc, argv, "02", &arg, &gen) == 0) {
+      dh = DH_new();
+    }
+    else if (FIXNUM_P(arg)) {
+	if (!NIL_P(gen)) {
+	    g = NUM2INT(gen);
+	}
+	if (!(dh = dh_generate(FIX2INT(arg), g))) {
+	    ossl_raise(eDHError, NULL);
+	}
+    }
+    else {
+	arg = ossl_to_der_if_possible(arg);
+	in = ossl_obj2bio(arg);
+	dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+	if (!dh){
+	    BIO_reset(in);
+	    dh = d2i_DHparams_bio(in, NULL);
+	}
+	BIO_free(in);
+	if (!dh) ossl_raise(eDHError, NULL);
+    }
+    if (!EVP_PKEY_assign_DH(pkey, dh)) {
+	DH_free(dh);
+	ossl_raise(eDHError, NULL);
+    }
+    return self;
+}
+/*
+ *  call-seq:
+ *     dh.public? -> true | false
+ *
+ */
+static VALUE
+ossl_dh_is_public(VALUE self)
+{
+    EVP_PKEY *pkey;
+    GetPKeyDH(self, pkey);
+    return (pkey->pkey.dh->pub_key) ? Qtrue : Qfalse;
+}
+/*
+ *  call-seq:
+ *     dh.private? -> true | false
+ *
+ */
+static VALUE
+ossl_dh_is_private(VALUE self)
+{
+    EVP_PKEY *pkey;
+    GetPKeyDH(self, pkey);
+    return (DH_PRIVATE(pkey->pkey.dh)) ? Qtrue : Qfalse;
+}
+/*
+ *  call-seq:
+ *     dh.to_pem -> aString
+ *
+ */
+static VALUE
+ossl_dh_export(VALUE self)
+{
+    EVP_PKEY *pkey;
+    BIO *out;
+    VALUE str;
+    GetPKeyDH(self, pkey);
+    if (!(out = BIO_new(BIO_s_mem()))) {
+	ossl_raise(eDHError, NULL);
+    }
+    if (!PEM_write_bio_DHparams(out, pkey->pkey.dh)) {
+	BIO_free(out);
+	ossl_raise(eDHError, NULL);
+    }
+    str = ossl_membio2str(out);
+    return str;
+}
+/*
+ *  call-seq:
+ *     dh.to_der -> aString
+ *
+ */
+static VALUE
+ossl_dh_to_der(VALUE self)
+{
+    EVP_PKEY *pkey;
+    unsigned char *p;
+    long len;
+    VALUE str;
+    GetPKeyDH(self, pkey);
+    if((len = i2d_DHparams(pkey->pkey.dh, NULL)) <= 0)
+	ossl_raise(eDHError, NULL);
+    str = rb_str_new(0, len);
+    p = RSTRING_PTR(str);
+    if(i2d_DHparams(pkey->pkey.dh, &p) < 0)
+	ossl_raise(eDHError, NULL);
+    ossl_str_adjust(str, p);
+    return str;
+}
+/*
+ *  call-seq:
+ *     dh.params -> hash
+ *
+ * Stores all parameters of key to the hash
+ * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
+ * Don't use :-)) (I's up to you)
+ */
+static VALUE
+ossl_dh_get_params(VALUE self)
+{
+    EVP_PKEY *pkey;
+    VALUE hash;
+    GetPKeyDH(self, pkey);
+    hash = rb_hash_new();
+    rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dh->p));
+    rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dh->g));
+    rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dh->pub_key));
+    rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dh->priv_key));
+    return hash;
+}
+/*
+ *  call-seq:
+ *     dh.to_text -> aString
+ *
+ * Prints all parameters of key to buffer
+ * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
+ * Don't use :-)) (I's up to you)
+ */
+static VALUE
+ossl_dh_to_text(VALUE self)
+{
+    EVP_PKEY *pkey;
+    BIO *out;
+    VALUE str;
+    GetPKeyDH(self, pkey);
+    if (!(out = BIO_new(BIO_s_mem()))) {
+	ossl_raise(eDHError, NULL);
+    }
+    if (!DHparams_print(out, pkey->pkey.dh)) {
+	BIO_free(out);
+	ossl_raise(eDHError, NULL);
+    }
+    str = ossl_membio2str(out);
+    return str;
+}
+/*
+ *  call-seq:
+ *     dh.public_key -> aDH
+ *
+ *  Makes new instance DH PUBLIC_KEY from PRIVATE_KEY
+ */
+static VALUE
+ossl_dh_to_public_key(VALUE self)
+{
+    EVP_PKEY *pkey;
+    DH *dh;
+    VALUE obj;
+    GetPKeyDH(self, pkey);
+    dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */
+    obj = dh_instance(CLASS_OF(self), dh);
+    if (obj == Qfalse) {
+	DH_free(dh);
+	ossl_raise(eDHError, NULL);
+    }
+    return obj;
+}
+/*
+ *  call-seq:
+ *     dh.check_params -> true | false
+ *
+ */
+static VALUE
+ossl_dh_check_params(VALUE self)
+{
+    DH *dh;
+    EVP_PKEY *pkey;
+    int codes;
+    GetPKeyDH(self, pkey);
+    dh = pkey->pkey.dh;
+    if (!DH_check(dh, &codes)) {
+	return Qfalse;
+    }
+    return codes == 0 ? Qtrue : Qfalse;
+}
+/*
+ *  call-seq:
+ *     dh.generate_key -> self
+ *
+ */
+static VALUE
+ossl_dh_generate_key(VALUE self)
+{
+    DH *dh;
+    EVP_PKEY *pkey;
+    GetPKeyDH(self, pkey);
+    dh = pkey->pkey.dh;
+    if (!DH_generate_key(dh))
+	ossl_raise(eDHError, "Failed to generate key");
+    return self;
+}
+/*
+ *  call-seq:
+ *     dh.compute_key(pub_bn) -> aString
+ *
+ *  === Parameters
+ *  * +pub_bn+ is a OpenSSL::BN.
+ *
+ *  Returns aString containing a shared secret computed from the other parties public value.
+ *
+ *  See DH_compute_key() for further information.
+ *
+ */
+static VALUE
+ossl_dh_compute_key(VALUE self, VALUE pub)
+{
+    DH *dh;
+    EVP_PKEY *pkey;
+    BIGNUM *pub_key;
+    VALUE str;
+    int len;
+    GetPKeyDH(self, pkey);
+    dh = pkey->pkey.dh;
+    pub_key = GetBNPtr(pub);
+    len = DH_size(dh);
+    str = rb_str_new(0, len);
+    if ((len = DH_compute_key(RSTRING_PTR(str), pub_key, dh)) < 0) {
+	ossl_raise(eDHError, NULL);
+    }
+    rb_str_set_len(str, len);
+    return str;
+}
+OSSL_PKEY_BN(dh, p)
+OSSL_PKEY_BN(dh, g)
+OSSL_PKEY_BN(dh, pub_key)
+OSSL_PKEY_BN(dh, priv_key)
+/*
+ * -----BEGIN DH PARAMETERS-----
+ * MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
+ * zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
+ * -----END DH PARAMETERS-----
+ */
+static unsigned char DEFAULT_DH_512_PRIM[] = {
+    0xf4, 0xcd, 0x71, 0xe5, 0x8d, 0x18, 0x3f, 0x98,
+    0x9f, 0x4f, 0x60, 0xb0, 0x02, 0x2e, 0xfe, 0x7c,
+    0x09, 0xdf, 0x15, 0xc4, 0x1c, 0x71, 0x63, 0xba,
+    0x04, 0xb8, 0x27, 0x94, 0x44, 0xc8, 0x93, 0xa8,
+    0x48, 0x4c, 0xca, 0x6d, 0x7a, 0xae, 0x18, 0x4a,
+    0x81, 0x91, 0xb6, 0xce, 0x4d, 0x8e, 0xf6, 0xe5,
+    0x08, 0x04, 0x8c, 0x52, 0x8f, 0xe3, 0x4a, 0x31,
+    0x44, 0x47, 0x19, 0xa1, 0x4a, 0xc8, 0x8b, 0xcb,
+};
+static unsigned char DEFAULT_DH_512_GEN[] = { 0x02 };
+DH *OSSL_DEFAULT_DH_512 = NULL;
+/*
+ * -----BEGIN DH PARAMETERS-----
+ * MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
+ * AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
+ * T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
+ * -----END DH PARAMETERS-----
+ */
+static unsigned char DEFAULT_DH_1024_PRIM[] = {
+    0x9d, 0x25, 0x39, 0x5c, 0xb4, 0x54, 0x8a, 0xff,
+    0x25, 0xe6, 0xd6, 0x9f, 0x4c, 0xc3, 0xc1, 0x8d,
+    0xa1, 0xfa, 0xba, 0x88, 0x4c, 0x53, 0xa9, 0x74,
+    0xda, 0xfa, 0xba, 0x0b, 0x20, 0xbe, 0x40, 0xd7,
+    0xba, 0xe7, 0x1d, 0x70, 0x28, 0x61, 0x60, 0x4c,
+    0x49, 0x01, 0x5f, 0xd9, 0x0f, 0x60, 0x16, 0x3d,
+    0xba, 0xd3, 0xa9, 0x5e, 0xfa, 0x98, 0x64, 0x60,
+    0x26, 0x0e, 0x04, 0x75, 0xd8, 0x13, 0xd7, 0x31,
+    0xb4, 0x8e, 0xad, 0xeb, 0x9c, 0x57, 0x4c, 0x8f,
+    0x65, 0xf3, 0x90, 0x16, 0x31, 0xdc, 0x15, 0x6f,
+    0x7d, 0x1d, 0x00, 0xae, 0x76, 0xf2, 0xd1, 0x11,
+    0xd1, 0x4f, 0x88, 0x7b, 0x29, 0x9f, 0xf6, 0xce,
+    0x68, 0xef, 0x57, 0xe7, 0x85, 0xf2, 0x40, 0x54,
+    0x1c, 0x12, 0x40, 0xa2, 0x35, 0x25, 0xcf, 0x12,
+    0xa3, 0xe1, 0x07, 0x8e, 0xdb, 0x1d, 0xb4, 0x14,
+    0xff, 0x57, 0xe7, 0x19, 0x8d, 0x51, 0x77, 0x83
+};
+static unsigned char DEFAULT_DH_1024_GEN[] = { 0x02 };
+DH *OSSL_DEFAULT_DH_1024 = NULL;
+static DH*
+ossl_create_dh(unsigned char *p, size_t plen, unsigned char *g, size_t glen)
+{
+    DH *dh;
+    if ((dh = DH_new()) == NULL) ossl_raise(eDHError, NULL);
+    dh->p = BN_bin2bn(p, plen, NULL);
+    dh->g = BN_bin2bn(g, glen, NULL);
+    if (dh->p == NULL || dh->g == NULL){
+        DH_free(dh);
+	ossl_raise(eDHError, NULL);
+    }
+    return dh;
+}
+/*
+ * INIT
+ */
+void
+Init_ossl_dh()
+{
+#if 0 /* let rdoc know about mOSSL and mPKey */
+    mOSSL = rb_define_module("OpenSSL");
+    mPKey = rb_define_module_under(mOSSL, "PKey");
+#endif
+    eDHError = rb_define_class_under(mPKey, "DHError", ePKeyError);
+    cDH = rb_define_class_under(mPKey, "DH", cPKey);
+    rb_define_singleton_method(cDH, "generate", ossl_dh_s_generate, -1);
+    rb_define_method(cDH, "initialize", ossl_dh_initialize, -1);
+    rb_define_method(cDH, "public?", ossl_dh_is_public, 0);
+    rb_define_method(cDH, "private?", ossl_dh_is_private, 0);
+    rb_define_method(cDH, "to_text", ossl_dh_to_text, 0);
+    rb_define_method(cDH, "export", ossl_dh_export, 0);
+    rb_define_alias(cDH, "to_pem", "export");
+    rb_define_alias(cDH, "to_s", "export");
+    rb_define_method(cDH, "to_der", ossl_dh_to_der, 0);
+    rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0);
+    rb_define_method(cDH, "params_ok?", ossl_dh_check_params, 0);
+    rb_define_method(cDH, "generate_key!", ossl_dh_generate_key, 0);
+    rb_define_method(cDH, "compute_key", ossl_dh_compute_key, 1);
+    DEF_OSSL_PKEY_BN(cDH, dh, p);
+    DEF_OSSL_PKEY_BN(cDH, dh, g);
+    DEF_OSSL_PKEY_BN(cDH, dh, pub_key);
+    DEF_OSSL_PKEY_BN(cDH, dh, priv_key);
+    rb_define_method(cDH, "params", ossl_dh_get_params, 0);
+    OSSL_DEFAULT_DH_512 = ossl_create_dh(
+	DEFAULT_DH_512_PRIM, sizeof(DEFAULT_DH_512_PRIM),
+	DEFAULT_DH_512_GEN, sizeof(DEFAULT_DH_512_GEN));
+    OSSL_DEFAULT_DH_1024 = ossl_create_dh(
+	DEFAULT_DH_1024_PRIM, sizeof(DEFAULT_DH_1024_PRIM),
+	DEFAULT_DH_1024_GEN, sizeof(DEFAULT_DH_1024_GEN));
+}
+#else /* defined NO_DH */
+void
+Init_ossl_dh()
+{
+}
+#endif /* NO_DH */