RubyGems - sha3 - Versions diffs - 2.2.2 → 2.2.4 - Mend

sha3 2.2.2 → 2.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

data/ext/sha3/digest.c CHANGED Viewed

@@ -79,15 +79,18 @@ static ID _shake_128_id;
 static ID _shake_256_id;
 /* TypedData structure for sha3_digest_context_t */
-const rb_data_type_t sha3_digest_data_type_t = {"SHA3::Digest",
-                                                {
-                                                    NULL,
-                                                    sha3_digest_free_context,
-                                                    sha3_digest_context_size,
-                                                },
-                                                NULL,
-                                                NULL,
-                                                RUBY_TYPED_FREE_IMMEDIATELY};
+const rb_data_type_t sha3_digest_data_type = {
+    "SHA3::Digest",
+    {
+        NULL,
+        sha3_digest_free_context,
+        sha3_digest_context_size,
+        NULL,
+    },
+    NULL,
+    NULL,
+    RUBY_TYPED_FREE_IMMEDIATELY,
+};
 void Init_sha3_digest(void) {
     rb_require("digest");
@@ -154,10 +157,14 @@ void Init_sha3_digest(void) {
 // Static inline functions replacing macros
 static inline void get_sha3_digest_context(VALUE obj, sha3_digest_context_t **context) {
-    TypedData_Get_Struct((obj), sha3_digest_context_t, &sha3_digest_data_type_t, (*context));
+    TypedData_Get_Struct((obj), sha3_digest_context_t, &sha3_digest_data_type, (*context));
     if (!(*context)) {
         rb_raise(rb_eRuntimeError, "Digest data not initialized!");
     }
+    if (!(*context)->state) {
+        rb_raise(rb_eRuntimeError, "Digest state not initialized!");
+    }
 }
 static inline void safe_get_sha3_digest_context(VALUE obj, sha3_digest_context_t **context) {
@@ -170,36 +177,36 @@ static inline void safe_get_sha3_digest_context(VALUE obj, sha3_digest_context_t
 static inline int is_shake_algorithm(sha3_digest_algorithms alg) { return alg == SHAKE_128 || alg == SHAKE_256; }
-int get_hashbit_length(VALUE obj, sha3_digest_algorithms *algorithm) {
-    if (TYPE(obj) == T_SYMBOL) {
-        ID symid = SYM2ID(obj);
-        if (symid == _sha3_224_id) {
-            *algorithm = SHA3_224;
-            return 224;
-        } else if (symid == _sha3_256_id) {
-            *algorithm = SHA3_256;
-            return 256;
-        } else if (symid == _sha3_384_id) {
-            *algorithm = SHA3_384;
-            return 384;
-        } else if (symid == _sha3_512_id) {
-            *algorithm = SHA3_512;
-            return 512;
-        } else if (symid == _shake_128_id) {
-            *algorithm = SHAKE_128;
-            return 128;
-        } else if (symid == _shake_256_id) {
-            *algorithm = SHAKE_256;
-            return 256;
-        }
-        rb_raise(rb_eArgError,
-                 "invalid hash algorithm symbol (should be: :sha3_224, "
-                 ":sha3_256, :sha3_384, :sha3_512, :shake_128, or :shake_256)");
-    }
-    rb_raise(_sha3_digest_error_class, "unknown type value");
+static int get_hashbit_length(VALUE obj, sha3_digest_algorithms *algorithm) {
+    if (TYPE(obj) != T_SYMBOL) {
+        rb_raise(_sha3_digest_error_class, "hash algorithm must be a symbol");
+    }
+    ID symid = SYM2ID(obj);
+    if (symid == _sha3_224_id) {
+        *algorithm = SHA3_224;
+        return 224;
+    } else if (symid == _sha3_256_id) {
+        *algorithm = SHA3_256;
+        return 256;
+    } else if (symid == _sha3_384_id) {
+        *algorithm = SHA3_384;
+        return 384;
+    } else if (symid == _sha3_512_id) {
+        *algorithm = SHA3_512;
+        return 512;
+    } else if (symid == _shake_128_id) {
+        *algorithm = SHAKE_128;
+        return 128;
+    } else if (symid == _shake_256_id) {
+        *algorithm = SHAKE_256;
+        return 256;
+    }
+    rb_raise(rb_eArgError,
+             "invalid hash algorithm symbol (should be: :sha3_224, "
+             ":sha3_256, :sha3_384, :sha3_512, :shake_128, or :shake_256)");
     return 0;  // Never reached, but silences compiler warnings
 }
@@ -208,9 +215,10 @@ static void sha3_digest_free_context(void *ptr) {
     sha3_digest_context_t *context = (sha3_digest_context_t *)ptr;
     if (context) {
         if (context->state) {
-            free(context->state);
+            ruby_xfree(context->state);
+            context->state = NULL;
         }
-        free(context);
+        ruby_xfree(context);
     }
 }
@@ -245,21 +253,22 @@ static HashReturn keccak_hash_initialize(sha3_digest_context_t *context) {
 }
 static VALUE rb_sha3_digest_alloc(VALUE klass) {
-    sha3_digest_context_t *context = (sha3_digest_context_t *)malloc(sizeof(sha3_digest_context_t));
+    sha3_digest_context_t *context = RB_ALLOC(sha3_digest_context_t);
     if (!context) {
         rb_raise(_sha3_digest_error_class, "failed to allocate object memory");
     }
-    context->state = (Keccak_HashInstance *)calloc(1, sizeof(Keccak_HashInstance));
+    context->state = RB_ALLOC(Keccak_HashInstance);
     if (!context->state) {
-        sha3_digest_free_context(context);
+        ruby_xfree(context);
         rb_raise(_sha3_digest_error_class, "failed to allocate state memory");
     }
+    memset(context->state, 0, sizeof(*context->state));
-    VALUE obj = TypedData_Wrap_Struct(klass, &sha3_digest_data_type_t, context);
     context->hashbitlen = 0;
-    context->algorithm = SHA3_256;  // Default algorithm
+    context->algorithm = SHA3_256;
+    VALUE obj = TypedData_Wrap_Struct(klass, &sha3_digest_data_type, context);
     return obj;
 }
@@ -342,7 +351,13 @@ static VALUE rb_sha3_digest_update(VALUE self, VALUE data) {
         rb_raise(_sha3_digest_error_class, "cannot update with NULL data");
     }
-    dlen = (RSTRING_LEN(data) * 8);
+    // Prevent integer overflow and validate size
+    size_t data_len = RSTRING_LEN(data);
+    if (data_len > SIZE_MAX / 8) {
+        rb_raise(_sha3_digest_error_class, "data too large (exceeds maximum size)");
+    }
+    dlen = (data_len * 8);
     if (Keccak_HashUpdate(context->state, (BitSequence *)RSTRING_PTR(data), dlen) != KECCAK_SUCCESS) {
         rb_raise(_sha3_digest_error_class, "failed to update hash data");
@@ -374,6 +389,10 @@ static VALUE rb_sha3_digest_reset(VALUE self) {
 }
 static int compare_contexts(const sha3_digest_context_t *context1, const sha3_digest_context_t *context2) {
+    if (!context1 || !context2 || !context1->state || !context2->state) {
+        return 0;
+    }
     // First check the hashbitlen and algorithm
     if (context1->hashbitlen != context2->hashbitlen || context1->algorithm != context2->algorithm) {
         return 0;
@@ -429,7 +448,11 @@ static VALUE rb_sha3_digest_copy(VALUE self, VALUE other) {
     }
     safe_get_sha3_digest_context(other, &other_context);
-    get_sha3_digest_context(self, &context);
+    safe_get_sha3_digest_context(self, &context);
+    if (!context || !other_context) {
+        rb_raise(_sha3_digest_error_class, "invalid context for copy");
+    }
     context->hashbitlen = other_context->hashbitlen;
     context->algorithm = other_context->algorithm;
@@ -489,17 +512,17 @@ static VALUE rb_sha3_digest_name(VALUE self) {
     switch (context->algorithm) {
         case SHA3_224:
-            return rb_str_new2("SHA3-224");
+            return rb_str_new_cstr("SHA3-224");
         case SHA3_256:
-            return rb_str_new2("SHA3-256");
+            return rb_str_new_cstr("SHA3-256");
         case SHA3_384:
-            return rb_str_new2("SHA3-384");
+            return rb_str_new_cstr("SHA3-384");
         case SHA3_512:
-            return rb_str_new2("SHA3-512");
+            return rb_str_new_cstr("SHA3-512");
         case SHAKE_128:
-            return rb_str_new2("SHAKE128");
+            return rb_str_new_cstr("SHAKE128");
         case SHAKE_256:
-            return rb_str_new2("SHAKE256");
+            return rb_str_new_cstr("SHAKE256");
         default:
             rb_raise(_sha3_digest_error_class, "unknown algorithm");
     }
@@ -560,15 +583,19 @@ static VALUE rb_sha3_digest_finish(int argc, VALUE *argv, VALUE self) {
 static VALUE rb_sha3_digest_squeeze(VALUE self, VALUE length) {
     sha3_digest_context_t *context;
     VALUE str, copy;
-    int output_bytes;
+    long output_bytes;
     Check_Type(length, T_FIXNUM);
-    output_bytes = NUM2INT(length);
+    output_bytes = NUM2LONG(length);
     if (output_bytes <= 0) {
         rb_raise(_sha3_digest_error_class, "output length must be positive");
     }
+    if (output_bytes > (1L << 20)) {  // Limit to 1MB output
+        rb_raise(_sha3_digest_error_class, "output length too large (max 1MB)");
+    }
     get_sha3_digest_context(self, &context);
     // Only SHAKE algorithms support arbitrary-length output
@@ -578,6 +605,9 @@ static VALUE rb_sha3_digest_squeeze(VALUE self, VALUE length) {
     // Create a copy of the digest object to avoid modifying the original
     copy = rb_obj_clone(self);
+    if (NIL_P(copy)) {
+        rb_raise(_sha3_digest_error_class, "failed to clone digest object");
+    }
     // Get the sha3_digest_context_t struct from the copy
     sha3_digest_context_t *context_copy;
@@ -595,6 +625,9 @@ static VALUE rb_sha3_digest_squeeze(VALUE self, VALUE length) {
         rb_raise(_sha3_digest_error_class, "failed to squeeze output");
     }
+    // Keep `copy` reachable so the GC can't free context_copy->state via rb_str_new above.
+    RB_GC_GUARD(copy);
     return str;
 }
@@ -615,7 +648,7 @@ static VALUE rb_sha3_digest_hex_squeeze(VALUE self, VALUE length) {
     // Get the binary output using the existing squeeze function
     VALUE bin_str = rb_sha3_digest_squeeze(self, length);
     // Use Ruby's built-in unpack method to convert to hex
-    return rb_funcall(bin_str, rb_intern("unpack1"), 1, rb_str_new2("H*"));
+    return rb_funcall(bin_str, rb_intern("unpack1"), 1, rb_str_new_cstr("H*"));
 }
 static VALUE prepare_shake_output(VALUE self, int argc, VALUE *argv, int hex_output) {
@@ -800,32 +833,26 @@ static VALUE rb_sha3_digest_self_digest(VALUE klass, VALUE name, VALUE data) {
  * To squeeze a different length, use #hex_squeeze instance method.
  */
 static VALUE rb_sha3_digest_self_hexdigest(VALUE klass, VALUE name, VALUE data) {
-    VALUE args[2];
+    VALUE digest;
-    // Need to add type checking for the data parameter
-    StringValue(data);
+    if (NIL_P(name) || NIL_P(data)) {
+        rb_raise(_sha3_digest_error_class, "algorithm name and data cannot be nil");
+    }
-    /* For SHAKE algorithms, we need to handle them differently */
-    if (TYPE(name) == T_SYMBOL) {
-        ID symid = SYM2ID(name);
-        if (symid == _shake_128_id || symid == _shake_256_id) {
-            /* Create a new digest instance with the specified algorithm */
-            VALUE digest = rb_class_new_instance(1, &name, klass);
+    if (TYPE(name) != T_SYMBOL) {
+        rb_raise(_sha3_digest_error_class, "algorithm name must be a symbol");
+    }
-            /* Update it with the data */
-            rb_sha3_digest_update(digest, data);
+    StringValue(data);
-            /* For SHAKE algorithms, use a default output length based on the security strength */
-            int output_length = (symid == _shake_128_id) ? 16 : 32; /* 128/8 or 256/8 */
+    ID symid = SYM2ID(name);
+    digest = rb_class_new_instance(1, &name, klass);
+    rb_sha3_digest_update(digest, data);
-            /* Return the hexadecimal representation of the squeezed output */
-            return rb_sha3_digest_hex_squeeze(digest, INT2NUM(output_length));
-        }
+    if (symid == _shake_128_id || symid == _shake_256_id) {
+        int output_length = (symid == _shake_128_id) ? 16 : 32;
+        return rb_sha3_digest_hex_squeeze(digest, INT2NUM(output_length));
     }
-    /* Call the superclass method with arguments in reverse order */
-    args[0] = data;
-    args[1] = name;
-    return rb_call_super(2, args);
+    return rb_funcall(digest, rb_intern("hexdigest"), 0);
 }

data/ext/sha3/kmac.c CHANGED Viewed

@@ -1,5 +1,6 @@
 #include "kmac.h"
+#include "common.h"
 #include "sha3.h"
 #include "sp800_185.h"
@@ -42,7 +43,7 @@ static ID _kmac_128_id;
 static ID _kmac_256_id;
 /* TypedData structure for sha3_kmac_context_t */
-const rb_data_type_t sha3_kmac_data_type_t = {
+const rb_data_type_t sha3_kmac_data_type = {
     "SHA3::KMAC",
     {
         NULL, sha3_kmac_free_context, sha3_kmac_context_size, NULL, /* dcompact field */
@@ -55,7 +56,7 @@ const rb_data_type_t sha3_kmac_data_type_t = {
 // Helper function to extract context from a Ruby object
 void get_kmac_context(VALUE obj, sp800_185_context_t **context) {
     sha3_kmac_context_t *kmac_ctx;
-    TypedData_Get_Struct(obj, sha3_kmac_context_t, &sha3_kmac_data_type_t, kmac_ctx);
+    TypedData_Get_Struct(obj, sha3_kmac_context_t, &sha3_kmac_data_type, kmac_ctx);
     *context = &kmac_ctx->base;
 }
@@ -104,25 +105,11 @@ void Init_sha3_kmac(void) {
     return;
 }
-static void sha3_kmac_free_context(void *ptr) { sp800_185_free_context((sp800_185_context_t *)ptr); }
+/* Use common memory management functions */
+DEFINE_SP800_185_MEMORY_FUNCS(sha3_kmac, sha3_kmac_context_t)
-static size_t sha3_kmac_context_size(const void *ptr) {
-    return sp800_185_context_size((const sp800_185_context_t *)ptr, sizeof(sha3_kmac_context_t));
-}
-static VALUE rb_sha3_kmac_alloc(VALUE klass) {
-    sha3_kmac_context_t *context =
-        (sha3_kmac_context_t *)sp800_185_alloc_context(sizeof(sha3_kmac_context_t), sizeof(KMAC_Instance));
-    if (!context) {
-        rb_raise(_sha3_kmac_error_class, "failed to allocate memory");
-    }
-    // Create the Ruby object with TypedData - this will automatically handle freeing
-    VALUE obj = TypedData_Wrap_Struct(klass, &sha3_kmac_data_type_t, context);
-    return obj;
-}
+/* Use common allocation function */
+DEFINE_SP800_185_ALLOC(sha3_kmac, sha3_kmac_context_t, KMAC_Instance, _sha3_kmac_error_class)
 /*
  * :call-seq:
@@ -179,7 +166,7 @@ static VALUE rb_sha3_kmac_init(int argc, VALUE *argv, VALUE self) {
     }
     sha3_kmac_context_t *context;
-    TypedData_Get_Struct(self, sha3_kmac_context_t, &sha3_kmac_data_type_t, context);
+    TypedData_Get_Struct(self, sha3_kmac_context_t, &sha3_kmac_data_type, context);
     // Store the output length in bits
     context->base.output_length = NUM2ULONG(output_length) * 8;
@@ -229,31 +216,7 @@ static VALUE rb_sha3_kmac_init(int argc, VALUE *argv, VALUE self) {
  * = example
  *   new_kmac = kmac.dup
  */
-static VALUE rb_sha3_kmac_copy(VALUE self, VALUE other) {
-    sha3_kmac_context_t *context, *other_context;
-    rb_check_frozen(self);
-    if (self == other) {
-        return self;
-    }
-    if (!rb_obj_is_kind_of(other, _sha3_kmac_class)) {
-        rb_raise(rb_eTypeError, "wrong argument (%s)! (expected %s)", rb_obj_classname(other),
-                 rb_class2name(_sha3_kmac_class));
-    }
-    TypedData_Get_Struct(other, sha3_kmac_context_t, &sha3_kmac_data_type_t, other_context);
-    TypedData_Get_Struct(self, sha3_kmac_context_t, &sha3_kmac_data_type_t, context);
-    // Copy the base context attributes
-    context->base.functions = other_context->base.functions;
-    context->base.output_length = other_context->base.output_length;
-    // Copy the algorithm-specific state
-    memcpy(context->base.state, other_context->base.state, context->base.functions->state_size);
-    return self;
-}
+DEFINE_SP800_185_COPY_METHOD(rb_sha3_kmac_copy, sha3_kmac_context_t, sha3_kmac_data_type, _sha3_kmac_class)
 /*
  * :call-seq:
@@ -268,13 +231,7 @@ static VALUE rb_sha3_kmac_copy(VALUE self, VALUE other) {
  *   kmac.update("more data")
  *   kmac << "more data"  # alias for update
  */
-static VALUE rb_sha3_kmac_update(VALUE self, VALUE data) {
-    sp800_185_context_t *context;
-    get_kmac_context(self, &context);
-    sp800_185_update(context, data);
-    return self;
-}
+DEFINE_SP800_185_SIMPLE_METHOD(rb_sha3_kmac_update, sp800_185_rb_update, get_kmac_context)
 /*
  * :call-seq:
@@ -285,12 +242,7 @@ static VALUE rb_sha3_kmac_update(VALUE self, VALUE data) {
  * = example
  *   kmac.name  #=> "KMAC128" or "KMAC256"
  */
-static VALUE rb_sha3_kmac_name(VALUE self) {
-    sp800_185_context_t *context;
-    get_kmac_context(self, &context);
-    return rb_str_new2(sp800_185_name(context));
-}
+DEFINE_SP800_185_RETURN_METHOD(rb_sha3_kmac_name, sp800_185_rb_name, get_kmac_context)
 /*
  * :call-seq:
@@ -304,14 +256,7 @@ static VALUE rb_sha3_kmac_name(VALUE self) {
  * = example
  *   kmac.finish
  */
-static VALUE rb_sha3_kmac_finish(int argc, VALUE *argv, VALUE self) {
-    sp800_185_context_t *context;
-    get_kmac_context(self, &context);
-    VALUE output = argc > 0 ? argv[0] : Qnil;
-    return sp800_185_finish(context, output);
-}
+DEFINE_SP800_185_VARARGS_METHOD(rb_sha3_kmac_finish, sp800_185_rb_finish, get_kmac_context)
 /*
  * :call-seq:
@@ -329,14 +274,7 @@ static VALUE rb_sha3_kmac_finish(int argc, VALUE *argv, VALUE self) {
  *   kmac.digest
  *   kmac.digest('final chunk')
  */
-static VALUE rb_sha3_kmac_digest(int argc, VALUE *argv, VALUE self) {
-    sp800_185_context_t *context;
-    get_kmac_context(self, &context);
-    VALUE data = argc > 0 ? argv[0] : Qnil;
-    return sp800_185_digest(context, data);
-}
+DEFINE_SP800_185_VARARGS_METHOD(rb_sha3_kmac_digest, sp800_185_rb_digest, get_kmac_context)
 /*
  * :call-seq:
@@ -354,14 +292,7 @@ static VALUE rb_sha3_kmac_digest(int argc, VALUE *argv, VALUE self) {
  *   kmac.hexdigest
  *   kmac.hexdigest('final chunk')
  */
-static VALUE rb_sha3_kmac_hexdigest(int argc, VALUE *argv, VALUE self) {
-    sp800_185_context_t *context;
-    get_kmac_context(self, &context);
-    VALUE data = argc > 0 ? argv[0] : Qnil;
-    return sp800_185_hexdigest(context, data);
-}
+DEFINE_SP800_185_VARARGS_METHOD(rb_sha3_kmac_hexdigest, sp800_185_rb_hexdigest, get_kmac_context)
 /*
  * :call-seq:
@@ -377,12 +308,7 @@ static VALUE rb_sha3_kmac_hexdigest(int argc, VALUE *argv, VALUE self) {
  * = example
  *   kmac.squeeze(128)
  */
-static VALUE rb_sha3_kmac_squeeze(VALUE self, VALUE length) {
-    sp800_185_context_t *context;
-    get_kmac_context(self, &context);
-    return sp800_185_squeeze(context, length);
-}
+DEFINE_SP800_185_VALUE_METHOD(rb_sha3_kmac_squeeze, sp800_185_rb_squeeze, get_kmac_context)
 /*
  * :call-seq:
@@ -398,12 +324,7 @@ static VALUE rb_sha3_kmac_squeeze(VALUE self, VALUE length) {
  * = example
  *   kmac.hex_squeeze(128)
  */
-static VALUE rb_sha3_kmac_hex_squeeze(VALUE self, VALUE length) {
-    sp800_185_context_t *context;
-    get_kmac_context(self, &context);
-    return sp800_185_hex_squeeze(context, length);
-}
+DEFINE_SP800_185_VALUE_METHOD(rb_sha3_kmac_hex_squeeze, sp800_185_rb_hex_squeeze, get_kmac_context)
 /*
  * :call-seq:
@@ -432,7 +353,7 @@ static VALUE rb_sha3_kmac_self_digest(int argc, VALUE *argv, VALUE klass) {
     rb_scan_args(argc, argv, "41", &algorithm, &data, &output_length, &key, &customization);
     Check_Type(output_length, T_FIXNUM);
-    if (!NIL_P(output_length) && output_length <= INT2FIX(0)) {
+    if (!NIL_P(output_length) && NUM2INT(output_length) <= 0) {
         rb_raise(rb_eArgError, "class method digest does not support XOF mode");
     }
@@ -468,7 +389,7 @@ static VALUE rb_sha3_kmac_self_hexdigest(int argc, VALUE *argv, VALUE klass) {
     rb_scan_args(argc, argv, "41", &algorithm, &data, &output_length, &key, &customization);
     Check_Type(output_length, T_FIXNUM);
-    if (!NIL_P(output_length) && output_length <= INT2FIX(0)) {
+    if (!NIL_P(output_length) && NUM2INT(output_length) <= 0) {
         rb_raise(rb_eArgError, "class method hexdigest does not support XOF mode");
     }