rubysl-openssl 2.10 → 2.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/ext/rubysl/openssl/deprecation.rb +7 -3
- data/ext/rubysl/openssl/extconf.rb +148 -103
- data/ext/rubysl/openssl/openssl_missing.c +94 -275
- data/ext/rubysl/openssl/openssl_missing.h +167 -98
- data/ext/rubysl/openssl/ossl.c +266 -212
- data/ext/rubysl/openssl/ossl.h +27 -89
- data/ext/rubysl/openssl/ossl_asn1.c +157 -221
- data/ext/rubysl/openssl/ossl_asn1.h +11 -3
- data/ext/rubysl/openssl/ossl_bio.c +10 -40
- data/ext/rubysl/openssl/ossl_bio.h +1 -2
- data/ext/rubysl/openssl/ossl_bn.c +144 -100
- data/ext/rubysl/openssl/ossl_bn.h +3 -1
- data/ext/rubysl/openssl/ossl_cipher.c +270 -195
- data/ext/rubysl/openssl/ossl_config.c +7 -1
- data/ext/rubysl/openssl/ossl_config.h +0 -1
- data/ext/rubysl/openssl/ossl_digest.c +40 -29
- data/ext/rubysl/openssl/ossl_engine.c +23 -62
- data/ext/rubysl/openssl/ossl_hmac.c +82 -55
- data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
- data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
- data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
- data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
- data/ext/rubysl/openssl/ossl_pkey.c +151 -99
- data/ext/rubysl/openssl/ossl_pkey.h +123 -29
- data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
- data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
- data/ext/rubysl/openssl/ossl_rand.c +25 -21
- data/ext/rubysl/openssl/ossl_ssl.c +795 -413
- data/ext/rubysl/openssl/ossl_ssl.h +3 -0
- data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
- data/ext/rubysl/openssl/ossl_version.h +1 -1
- data/ext/rubysl/openssl/ossl_x509.c +92 -8
- data/ext/rubysl/openssl/ossl_x509.h +14 -5
- data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
- data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
- data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
- data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
- data/ext/rubysl/openssl/ossl_x509name.c +68 -45
- data/ext/rubysl/openssl/ossl_x509req.c +32 -38
- data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
- data/ext/rubysl/openssl/ossl_x509store.c +309 -104
- data/ext/rubysl/openssl/ruby_missing.h +8 -6
- data/lib/openssl/buffering.rb +11 -5
- data/lib/openssl/cipher.rb +23 -15
- data/lib/openssl/digest.rb +7 -10
- data/lib/openssl/pkey.rb +15 -8
- data/lib/openssl/ssl.rb +81 -105
- data/lib/rubysl/openssl.rb +1 -4
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +3 -4
@@ -7,19 +7,36 @@
|
|
7
7
|
* This program is licensed under the same licence as Ruby.
|
8
8
|
* (See the file 'LICENCE'.)
|
9
9
|
*/
|
10
|
-
#if !defined(OPENSSL_NO_RSA)
|
11
|
-
|
12
10
|
#include "ossl.h"
|
13
11
|
|
12
|
+
#if !defined(OPENSSL_NO_RSA)
|
13
|
+
|
14
14
|
#define GetPKeyRSA(obj, pkey) do { \
|
15
15
|
GetPKey((obj), (pkey)); \
|
16
|
-
if (
|
16
|
+
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { /* PARANOIA? */ \
|
17
17
|
ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \
|
18
18
|
} \
|
19
19
|
} while (0)
|
20
|
+
#define GetRSA(obj, rsa) do { \
|
21
|
+
EVP_PKEY *_pkey; \
|
22
|
+
GetPKeyRSA((obj), _pkey); \
|
23
|
+
(rsa) = EVP_PKEY_get0_RSA(_pkey); \
|
24
|
+
} while (0)
|
20
25
|
|
21
|
-
|
22
|
-
|
26
|
+
static inline int
|
27
|
+
RSA_HAS_PRIVATE(RSA *rsa)
|
28
|
+
{
|
29
|
+
const BIGNUM *p, *q;
|
30
|
+
|
31
|
+
RSA_get0_factors(rsa, &p, &q);
|
32
|
+
return p && q; /* d? why? */
|
33
|
+
}
|
34
|
+
|
35
|
+
static inline int
|
36
|
+
RSA_PRIVATE(VALUE obj, RSA *rsa)
|
37
|
+
{
|
38
|
+
return RSA_HAS_PRIVATE(rsa) || OSSL_PKEY_IS_PRIVATE(obj);
|
39
|
+
}
|
23
40
|
|
24
41
|
/*
|
25
42
|
* Classes
|
@@ -62,7 +79,7 @@ ossl_rsa_new(EVP_PKEY *pkey)
|
|
62
79
|
}
|
63
80
|
else {
|
64
81
|
obj = NewPKey(cRSA);
|
65
|
-
if (
|
82
|
+
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
|
66
83
|
ossl_raise(rb_eTypeError, "Not a RSA key!");
|
67
84
|
}
|
68
85
|
SetPKey(obj, pkey);
|
@@ -77,7 +94,6 @@ ossl_rsa_new(EVP_PKEY *pkey)
|
|
77
94
|
/*
|
78
95
|
* Private
|
79
96
|
*/
|
80
|
-
#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
|
81
97
|
struct rsa_blocking_gen_arg {
|
82
98
|
RSA *rsa;
|
83
99
|
BIGNUM *e;
|
@@ -93,42 +109,41 @@ rsa_blocking_gen(void *arg)
|
|
93
109
|
gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb);
|
94
110
|
return 0;
|
95
111
|
}
|
96
|
-
#endif
|
97
112
|
|
98
113
|
static RSA *
|
99
114
|
rsa_generate(int size, unsigned long exp)
|
100
115
|
{
|
101
|
-
#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
|
102
116
|
int i;
|
103
|
-
|
104
|
-
struct ossl_generate_cb_arg cb_arg;
|
117
|
+
struct ossl_generate_cb_arg cb_arg = { 0 };
|
105
118
|
struct rsa_blocking_gen_arg gen_arg;
|
106
119
|
RSA *rsa = RSA_new();
|
107
120
|
BIGNUM *e = BN_new();
|
121
|
+
BN_GENCB *cb = BN_GENCB_new();
|
108
122
|
|
109
|
-
if (!rsa || !e) {
|
110
|
-
|
111
|
-
|
112
|
-
|
123
|
+
if (!rsa || !e || !cb) {
|
124
|
+
RSA_free(rsa);
|
125
|
+
BN_free(e);
|
126
|
+
BN_GENCB_free(cb);
|
127
|
+
return NULL;
|
113
128
|
}
|
114
129
|
for (i = 0; i < (int)sizeof(exp) * 8; ++i) {
|
115
130
|
if (exp & (1UL << i)) {
|
116
131
|
if (BN_set_bit(e, i) == 0) {
|
117
132
|
BN_free(e);
|
118
133
|
RSA_free(rsa);
|
119
|
-
|
134
|
+
BN_GENCB_free(cb);
|
135
|
+
return NULL;
|
120
136
|
}
|
121
137
|
}
|
122
138
|
}
|
123
139
|
|
124
|
-
memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
|
125
140
|
if (rb_block_given_p())
|
126
141
|
cb_arg.yield = 1;
|
127
|
-
BN_GENCB_set(
|
142
|
+
BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
|
128
143
|
gen_arg.rsa = rsa;
|
129
144
|
gen_arg.e = e;
|
130
145
|
gen_arg.size = size;
|
131
|
-
gen_arg.cb =
|
146
|
+
gen_arg.cb = cb;
|
132
147
|
if (cb_arg.yield == 1) {
|
133
148
|
/* we cannot release GVL when callback proc is supplied */
|
134
149
|
rsa_blocking_gen(&gen_arg);
|
@@ -136,18 +151,20 @@ rsa_generate(int size, unsigned long exp)
|
|
136
151
|
/* there's a chance to unblock */
|
137
152
|
rb_thread_call_without_gvl(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
|
138
153
|
}
|
154
|
+
|
155
|
+
BN_GENCB_free(cb);
|
156
|
+
BN_free(e);
|
139
157
|
if (!gen_arg.result) {
|
140
|
-
BN_free(e);
|
141
158
|
RSA_free(rsa);
|
142
|
-
if (cb_arg.state)
|
143
|
-
|
159
|
+
if (cb_arg.state) {
|
160
|
+
/* must clear OpenSSL error stack */
|
161
|
+
ossl_clear_error();
|
162
|
+
rb_jump_tag(cb_arg.state);
|
163
|
+
}
|
164
|
+
return NULL;
|
144
165
|
}
|
145
166
|
|
146
|
-
BN_free(e);
|
147
167
|
return rsa;
|
148
|
-
#else
|
149
|
-
return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
|
150
|
-
#endif
|
151
168
|
}
|
152
169
|
|
153
170
|
/*
|
@@ -206,22 +223,21 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
206
223
|
EVP_PKEY *pkey;
|
207
224
|
RSA *rsa;
|
208
225
|
BIO *in;
|
209
|
-
char *passwd = NULL;
|
210
226
|
VALUE arg, pass;
|
211
227
|
|
212
228
|
GetPKey(self, pkey);
|
213
229
|
if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) {
|
214
230
|
rsa = RSA_new();
|
215
231
|
}
|
216
|
-
else if (
|
217
|
-
rsa = rsa_generate(
|
232
|
+
else if (RB_INTEGER_TYPE_P(arg)) {
|
233
|
+
rsa = rsa_generate(NUM2INT(arg), NIL_P(pass) ? RSA_F4 : NUM2ULONG(pass));
|
218
234
|
if (!rsa) ossl_raise(eRSAError, NULL);
|
219
235
|
}
|
220
236
|
else {
|
221
|
-
|
237
|
+
pass = ossl_pem_passwd_value(pass);
|
222
238
|
arg = ossl_to_der_if_possible(arg);
|
223
|
-
in = ossl_obj2bio(arg);
|
224
|
-
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb,
|
239
|
+
in = ossl_obj2bio(&arg);
|
240
|
+
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
|
225
241
|
if (!rsa) {
|
226
242
|
OSSL_BIO_reset(in);
|
227
243
|
rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL);
|
@@ -255,6 +271,26 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
255
271
|
return self;
|
256
272
|
}
|
257
273
|
|
274
|
+
static VALUE
|
275
|
+
ossl_rsa_initialize_copy(VALUE self, VALUE other)
|
276
|
+
{
|
277
|
+
EVP_PKEY *pkey;
|
278
|
+
RSA *rsa, *rsa_new;
|
279
|
+
|
280
|
+
GetPKey(self, pkey);
|
281
|
+
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE)
|
282
|
+
ossl_raise(eRSAError, "RSA already initialized");
|
283
|
+
GetRSA(other, rsa);
|
284
|
+
|
285
|
+
rsa_new = ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey, (d2i_of_void *)d2i_RSAPrivateKey, (char *)rsa);
|
286
|
+
if (!rsa_new)
|
287
|
+
ossl_raise(eRSAError, "ASN1_dup");
|
288
|
+
|
289
|
+
EVP_PKEY_assign_RSA(pkey, rsa_new);
|
290
|
+
|
291
|
+
return self;
|
292
|
+
}
|
293
|
+
|
258
294
|
/*
|
259
295
|
* call-seq:
|
260
296
|
* rsa.public? => true
|
@@ -265,12 +301,13 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
|
|
265
301
|
static VALUE
|
266
302
|
ossl_rsa_is_public(VALUE self)
|
267
303
|
{
|
268
|
-
|
304
|
+
RSA *rsa;
|
269
305
|
|
270
|
-
|
306
|
+
GetRSA(self, rsa);
|
271
307
|
/*
|
272
308
|
* This method should check for n and e. BUG.
|
273
309
|
*/
|
310
|
+
(void)rsa;
|
274
311
|
return Qtrue;
|
275
312
|
}
|
276
313
|
|
@@ -283,11 +320,11 @@ ossl_rsa_is_public(VALUE self)
|
|
283
320
|
static VALUE
|
284
321
|
ossl_rsa_is_private(VALUE self)
|
285
322
|
{
|
286
|
-
|
323
|
+
RSA *rsa;
|
287
324
|
|
288
|
-
|
325
|
+
GetRSA(self, rsa);
|
289
326
|
|
290
|
-
return
|
327
|
+
return RSA_PRIVATE(self, rsa) ? Qtrue : Qfalse;
|
291
328
|
}
|
292
329
|
|
293
330
|
/*
|
@@ -298,41 +335,35 @@ ossl_rsa_is_private(VALUE self)
|
|
298
335
|
*
|
299
336
|
* Outputs this keypair in PEM encoding. If +cipher+ and +pass_phrase+ are
|
300
337
|
* given they will be used to encrypt the key. +cipher+ must be an
|
301
|
-
* OpenSSL::Cipher
|
338
|
+
* OpenSSL::Cipher instance.
|
302
339
|
*/
|
303
340
|
static VALUE
|
304
341
|
ossl_rsa_export(int argc, VALUE *argv, VALUE self)
|
305
342
|
{
|
306
|
-
|
343
|
+
RSA *rsa;
|
307
344
|
BIO *out;
|
308
345
|
const EVP_CIPHER *ciph = NULL;
|
309
|
-
char *passwd = NULL;
|
310
346
|
VALUE cipher, pass, str;
|
311
347
|
|
312
|
-
|
348
|
+
GetRSA(self, rsa);
|
313
349
|
|
314
350
|
rb_scan_args(argc, argv, "02", &cipher, &pass);
|
315
351
|
|
316
352
|
if (!NIL_P(cipher)) {
|
317
353
|
ciph = GetCipherPtr(cipher);
|
318
|
-
|
319
|
-
StringValue(pass);
|
320
|
-
if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
|
321
|
-
ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
|
322
|
-
passwd = RSTRING_PTR(pass);
|
323
|
-
}
|
354
|
+
pass = ossl_pem_passwd_value(pass);
|
324
355
|
}
|
325
356
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
326
357
|
ossl_raise(eRSAError, NULL);
|
327
358
|
}
|
328
|
-
if (RSA_HAS_PRIVATE(
|
329
|
-
if (!PEM_write_bio_RSAPrivateKey(out,
|
330
|
-
|
359
|
+
if (RSA_HAS_PRIVATE(rsa)) {
|
360
|
+
if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0,
|
361
|
+
ossl_pem_passwd_cb, (void *)pass)) {
|
331
362
|
BIO_free(out);
|
332
363
|
ossl_raise(eRSAError, NULL);
|
333
364
|
}
|
334
365
|
} else {
|
335
|
-
if (!PEM_write_bio_RSA_PUBKEY(out,
|
366
|
+
if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) {
|
336
367
|
BIO_free(out);
|
337
368
|
ossl_raise(eRSAError, NULL);
|
338
369
|
}
|
@@ -351,30 +382,28 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self)
|
|
351
382
|
static VALUE
|
352
383
|
ossl_rsa_to_der(VALUE self)
|
353
384
|
{
|
354
|
-
|
355
|
-
int (*i2d_func)
|
385
|
+
RSA *rsa;
|
386
|
+
int (*i2d_func)(const RSA *, unsigned char **);
|
356
387
|
unsigned char *p;
|
357
388
|
long len;
|
358
389
|
VALUE str;
|
359
390
|
|
360
|
-
|
361
|
-
if(RSA_HAS_PRIVATE(
|
391
|
+
GetRSA(self, rsa);
|
392
|
+
if (RSA_HAS_PRIVATE(rsa))
|
362
393
|
i2d_func = i2d_RSAPrivateKey;
|
363
394
|
else
|
364
|
-
i2d_func = (int (*)(const RSA*, unsigned char**))i2d_RSA_PUBKEY;
|
365
|
-
if((len = i2d_func(
|
395
|
+
i2d_func = (int (*)(const RSA *, unsigned char **))i2d_RSA_PUBKEY;
|
396
|
+
if((len = i2d_func(rsa, NULL)) <= 0)
|
366
397
|
ossl_raise(eRSAError, NULL);
|
367
398
|
str = rb_str_new(0, len);
|
368
399
|
p = (unsigned char *)RSTRING_PTR(str);
|
369
|
-
if(i2d_func(
|
400
|
+
if(i2d_func(rsa, &p) < 0)
|
370
401
|
ossl_raise(eRSAError, NULL);
|
371
402
|
ossl_str_adjust(str, p);
|
372
403
|
|
373
404
|
return str;
|
374
405
|
}
|
375
406
|
|
376
|
-
#define ossl_rsa_buf_size(pkey) (RSA_size((pkey)->pkey.rsa)+16)
|
377
|
-
|
378
407
|
/*
|
379
408
|
* call-seq:
|
380
409
|
* rsa.public_encrypt(string) => String
|
@@ -386,20 +415,21 @@ ossl_rsa_to_der(VALUE self)
|
|
386
415
|
static VALUE
|
387
416
|
ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
|
388
417
|
{
|
389
|
-
|
418
|
+
RSA *rsa;
|
419
|
+
const BIGNUM *rsa_n;
|
390
420
|
int buf_len, pad;
|
391
421
|
VALUE str, buffer, padding;
|
392
422
|
|
393
|
-
|
394
|
-
|
423
|
+
GetRSA(self, rsa);
|
424
|
+
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
425
|
+
if (!rsa_n)
|
395
426
|
ossl_raise(eRSAError, "incomplete RSA");
|
396
427
|
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
397
428
|
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
398
429
|
StringValue(buffer);
|
399
|
-
str = rb_str_new(0,
|
430
|
+
str = rb_str_new(0, RSA_size(rsa));
|
400
431
|
buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
401
|
-
(unsigned char *)RSTRING_PTR(str),
|
402
|
-
pad);
|
432
|
+
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
403
433
|
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
404
434
|
rb_str_set_len(str, buf_len);
|
405
435
|
|
@@ -417,20 +447,21 @@ ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
|
|
417
447
|
static VALUE
|
418
448
|
ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
|
419
449
|
{
|
420
|
-
|
450
|
+
RSA *rsa;
|
451
|
+
const BIGNUM *rsa_n;
|
421
452
|
int buf_len, pad;
|
422
453
|
VALUE str, buffer, padding;
|
423
454
|
|
424
|
-
|
425
|
-
|
455
|
+
GetRSA(self, rsa);
|
456
|
+
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
457
|
+
if (!rsa_n)
|
426
458
|
ossl_raise(eRSAError, "incomplete RSA");
|
427
459
|
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
428
460
|
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
429
461
|
StringValue(buffer);
|
430
|
-
str = rb_str_new(0,
|
462
|
+
str = rb_str_new(0, RSA_size(rsa));
|
431
463
|
buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
432
|
-
(unsigned char *)RSTRING_PTR(str),
|
433
|
-
pad);
|
464
|
+
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
434
465
|
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
435
466
|
rb_str_set_len(str, buf_len);
|
436
467
|
|
@@ -448,22 +479,23 @@ ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
|
|
448
479
|
static VALUE
|
449
480
|
ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
|
450
481
|
{
|
451
|
-
|
482
|
+
RSA *rsa;
|
483
|
+
const BIGNUM *rsa_n;
|
452
484
|
int buf_len, pad;
|
453
485
|
VALUE str, buffer, padding;
|
454
486
|
|
455
|
-
|
456
|
-
|
487
|
+
GetRSA(self, rsa);
|
488
|
+
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
489
|
+
if (!rsa_n)
|
457
490
|
ossl_raise(eRSAError, "incomplete RSA");
|
458
|
-
if (!RSA_PRIVATE(self,
|
459
|
-
ossl_raise(eRSAError, "private key needed");
|
491
|
+
if (!RSA_PRIVATE(self, rsa))
|
492
|
+
ossl_raise(eRSAError, "private key needed.");
|
460
493
|
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
461
494
|
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
462
495
|
StringValue(buffer);
|
463
|
-
str = rb_str_new(0,
|
496
|
+
str = rb_str_new(0, RSA_size(rsa));
|
464
497
|
buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
465
|
-
(unsigned char *)RSTRING_PTR(str),
|
466
|
-
pad);
|
498
|
+
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
467
499
|
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
468
500
|
rb_str_set_len(str, buf_len);
|
469
501
|
|
@@ -481,22 +513,23 @@ ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
|
|
481
513
|
static VALUE
|
482
514
|
ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
|
483
515
|
{
|
484
|
-
|
516
|
+
RSA *rsa;
|
517
|
+
const BIGNUM *rsa_n;
|
485
518
|
int buf_len, pad;
|
486
519
|
VALUE str, buffer, padding;
|
487
520
|
|
488
|
-
|
489
|
-
|
521
|
+
GetRSA(self, rsa);
|
522
|
+
RSA_get0_key(rsa, &rsa_n, NULL, NULL);
|
523
|
+
if (!rsa_n)
|
490
524
|
ossl_raise(eRSAError, "incomplete RSA");
|
491
|
-
if (!RSA_PRIVATE(self,
|
492
|
-
ossl_raise(eRSAError, "private key needed");
|
525
|
+
if (!RSA_PRIVATE(self, rsa))
|
526
|
+
ossl_raise(eRSAError, "private key needed.");
|
493
527
|
rb_scan_args(argc, argv, "11", &buffer, &padding);
|
494
528
|
pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
|
495
529
|
StringValue(buffer);
|
496
|
-
str = rb_str_new(0,
|
530
|
+
str = rb_str_new(0, RSA_size(rsa));
|
497
531
|
buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
|
498
|
-
(unsigned char *)RSTRING_PTR(str),
|
499
|
-
pad);
|
532
|
+
(unsigned char *)RSTRING_PTR(str), rsa, pad);
|
500
533
|
if (buf_len < 0) ossl_raise(eRSAError, NULL);
|
501
534
|
rb_str_set_len(str, buf_len);
|
502
535
|
|
@@ -517,21 +550,24 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
|
|
517
550
|
static VALUE
|
518
551
|
ossl_rsa_get_params(VALUE self)
|
519
552
|
{
|
520
|
-
|
553
|
+
RSA *rsa;
|
521
554
|
VALUE hash;
|
555
|
+
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
|
522
556
|
|
523
|
-
|
557
|
+
GetRSA(self, rsa);
|
558
|
+
RSA_get0_key(rsa, &n, &e, &d);
|
559
|
+
RSA_get0_factors(rsa, &p, &q);
|
560
|
+
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
|
524
561
|
|
525
562
|
hash = rb_hash_new();
|
526
|
-
|
527
|
-
rb_hash_aset(hash, rb_str_new2("
|
528
|
-
rb_hash_aset(hash, rb_str_new2("
|
529
|
-
rb_hash_aset(hash, rb_str_new2("
|
530
|
-
rb_hash_aset(hash, rb_str_new2("
|
531
|
-
rb_hash_aset(hash, rb_str_new2("
|
532
|
-
rb_hash_aset(hash, rb_str_new2("
|
533
|
-
rb_hash_aset(hash, rb_str_new2("
|
534
|
-
rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(pkey->pkey.rsa->iqmp));
|
563
|
+
rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(n));
|
564
|
+
rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(e));
|
565
|
+
rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(d));
|
566
|
+
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
|
567
|
+
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
|
568
|
+
rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(dmp1));
|
569
|
+
rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(dmq1));
|
570
|
+
rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(iqmp));
|
535
571
|
|
536
572
|
return hash;
|
537
573
|
}
|
@@ -549,15 +585,15 @@ ossl_rsa_get_params(VALUE self)
|
|
549
585
|
static VALUE
|
550
586
|
ossl_rsa_to_text(VALUE self)
|
551
587
|
{
|
552
|
-
|
588
|
+
RSA *rsa;
|
553
589
|
BIO *out;
|
554
590
|
VALUE str;
|
555
591
|
|
556
|
-
|
592
|
+
GetRSA(self, rsa);
|
557
593
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
558
594
|
ossl_raise(eRSAError, NULL);
|
559
595
|
}
|
560
|
-
if (!RSA_print(out,
|
596
|
+
if (!RSA_print(out, rsa, 0)) { /* offset = 0 */
|
561
597
|
BIO_free(out);
|
562
598
|
ossl_raise(eRSAError, NULL);
|
563
599
|
}
|
@@ -581,8 +617,8 @@ ossl_rsa_to_public_key(VALUE self)
|
|
581
617
|
|
582
618
|
GetPKeyRSA(self, pkey);
|
583
619
|
/* err check performed by rsa_instance */
|
584
|
-
rsa = RSAPublicKey_dup(pkey
|
585
|
-
obj = rsa_instance(
|
620
|
+
rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey));
|
621
|
+
obj = rsa_instance(rb_obj_class(self), rsa);
|
586
622
|
if (obj == Qfalse) {
|
587
623
|
RSA_free(rsa);
|
588
624
|
ossl_raise(eRSAError, NULL);
|
@@ -596,11 +632,11 @@ ossl_rsa_to_public_key(VALUE self)
|
|
596
632
|
static VALUE
|
597
633
|
ossl_rsa_blinding_on(VALUE self)
|
598
634
|
{
|
599
|
-
|
635
|
+
RSA *rsa;
|
600
636
|
|
601
|
-
|
637
|
+
GetRSA(self, rsa);
|
602
638
|
|
603
|
-
if (RSA_blinding_on(
|
639
|
+
if (RSA_blinding_on(rsa, ossl_bn_ctx) != 1) {
|
604
640
|
ossl_raise(eRSAError, NULL);
|
605
641
|
}
|
606
642
|
return self;
|
@@ -609,35 +645,54 @@ ossl_rsa_blinding_on(VALUE self)
|
|
609
645
|
static VALUE
|
610
646
|
ossl_rsa_blinding_off(VALUE self)
|
611
647
|
{
|
612
|
-
|
648
|
+
RSA *rsa;
|
613
649
|
|
614
|
-
|
615
|
-
RSA_blinding_off(
|
650
|
+
GetRSA(self, rsa);
|
651
|
+
RSA_blinding_off(rsa);
|
616
652
|
|
617
653
|
return self;
|
618
654
|
}
|
619
655
|
*/
|
620
656
|
|
621
|
-
|
622
|
-
|
623
|
-
|
624
|
-
|
625
|
-
|
626
|
-
|
627
|
-
|
628
|
-
|
657
|
+
/*
|
658
|
+
* Document-method: OpenSSL::PKey::RSA#set_key
|
659
|
+
* call-seq:
|
660
|
+
* rsa.set_key(n, e, d) -> self
|
661
|
+
*
|
662
|
+
* Sets +n+, +e+, +d+ for the RSA instance.
|
663
|
+
*/
|
664
|
+
OSSL_PKEY_BN_DEF3(rsa, RSA, key, n, e, d)
|
665
|
+
/*
|
666
|
+
* Document-method: OpenSSL::PKey::RSA#set_factors
|
667
|
+
* call-seq:
|
668
|
+
* rsa.set_factors(p, q) -> self
|
669
|
+
*
|
670
|
+
* Sets +p+, +q+ for the RSA instance.
|
671
|
+
*/
|
672
|
+
OSSL_PKEY_BN_DEF2(rsa, RSA, factors, p, q)
|
673
|
+
/*
|
674
|
+
* Document-method: OpenSSL::PKey::RSA#set_crt_params
|
675
|
+
* call-seq:
|
676
|
+
* rsa.set_crt_params(dmp1, dmq1, iqmp) -> self
|
677
|
+
*
|
678
|
+
* Sets +dmp1+, +dmq1+, +iqmp+ for the RSA instance. They are calculated by
|
679
|
+
* <tt>d mod (p - 1)</tt>, <tt>d mod (q - 1)</tt> and <tt>q^(-1) mod p</tt>
|
680
|
+
* respectively.
|
681
|
+
*/
|
682
|
+
OSSL_PKEY_BN_DEF3(rsa, RSA, crt_params, dmp1, dmq1, iqmp)
|
629
683
|
|
630
684
|
/*
|
631
685
|
* INIT
|
632
686
|
*/
|
633
|
-
#define DefRSAConst(x) rb_define_const(cRSA, #x,
|
687
|
+
#define DefRSAConst(x) rb_define_const(cRSA, #x, INT2NUM(RSA_##x))
|
634
688
|
|
635
689
|
void
|
636
690
|
Init_ossl_rsa(void)
|
637
691
|
{
|
638
692
|
#if 0
|
639
|
-
mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL and mPKey */
|
640
693
|
mPKey = rb_define_module_under(mOSSL, "PKey");
|
694
|
+
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
|
695
|
+
ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError);
|
641
696
|
#endif
|
642
697
|
|
643
698
|
/* Document-class: OpenSSL::PKey::RSAError
|
@@ -651,7 +706,7 @@ Init_ossl_rsa(void)
|
|
651
706
|
/* Document-class: OpenSSL::PKey::RSA
|
652
707
|
*
|
653
708
|
* RSA is an asymmetric public key algorithm that has been formalized in
|
654
|
-
* RFC 3447. It is in widespread use in public key
|
709
|
+
* RFC 3447. It is in widespread use in public key infrastructures (PKI)
|
655
710
|
* where certificates (cf. OpenSSL::X509::Certificate) often are issued
|
656
711
|
* on the basis of a public/private RSA key pair. RSA is used in a wide
|
657
712
|
* field of applications such as secure (symmetric) key exchange, e.g.
|
@@ -662,6 +717,7 @@ Init_ossl_rsa(void)
|
|
662
717
|
|
663
718
|
rb_define_singleton_method(cRSA, "generate", ossl_rsa_s_generate, -1);
|
664
719
|
rb_define_method(cRSA, "initialize", ossl_rsa_initialize, -1);
|
720
|
+
rb_define_copy_func(cRSA, ossl_rsa_initialize_copy);
|
665
721
|
|
666
722
|
rb_define_method(cRSA, "public?", ossl_rsa_is_public, 0);
|
667
723
|
rb_define_method(cRSA, "private?", ossl_rsa_is_private, 0);
|
@@ -684,6 +740,9 @@ Init_ossl_rsa(void)
|
|
684
740
|
DEF_OSSL_PKEY_BN(cRSA, rsa, dmp1);
|
685
741
|
DEF_OSSL_PKEY_BN(cRSA, rsa, dmq1);
|
686
742
|
DEF_OSSL_PKEY_BN(cRSA, rsa, iqmp);
|
743
|
+
rb_define_method(cRSA, "set_key", ossl_rsa_set_key, 3);
|
744
|
+
rb_define_method(cRSA, "set_factors", ossl_rsa_set_factors, 2);
|
745
|
+
rb_define_method(cRSA, "set_crt_params", ossl_rsa_set_crt_params, 3);
|
687
746
|
|
688
747
|
rb_define_method(cRSA, "params", ossl_rsa_get_params, 0);
|
689
748
|
|