aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/ossl_pkey_dh.c
Commit message (Collapse)AuthorAgeFilesLines
* pkey/dh, pkey/ec: use EVP_PKEY_check() familyky/pkey-generic-evp-moreKazuki Yamaguchi2021-04-151-4/+23
| | | | | | | | | Use EVP_PKEY_param_check() instead of DH_check() if available. Also, use EVP_PKEY_public_check() instead of EC_KEY_check_key(). EVP_PKEY_*check() is part of the EVP API and is meant to replace those low-level functions. They were added by OpenSSL 1.1.1. It is currently not provided by LibreSSL.
* pkey: implement {DH,DSA,RSA}#public_key in RubyKazuki Yamaguchi2021-04-151-50/+13
| | | | | | | | | | | The low-level API that is used to implement #public_key is deprecated in OpenSSL 3.0. It is actually very simple to implement in another way, using existing methods only, in much shorter code. Let's do it. While we are at it, the documentation is updated to recommend against using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der method, there is no real use case for #public_key in newly written Ruby programs.
* pkey: implement #to_text using EVP APIKazuki Yamaguchi2021-04-151-29/+0
| | | | | | | | | | | | | | | | Use EVP_PKEY_print_private() instead of the low-level API *_print() functions, such as RSA_print(). EVP_PKEY_print_*() family was added in OpenSSL 1.0.0. Note that it falls back to EVP_PKEY_print_public() and EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH type for which _private() fails if the private component is not set in the pkey object. Since the new API works in the same way for all key types, we now implement #to_text in the base class OpenSSL::PKey::PKey rather than in each subclass.
* pkey/dh: use high level EVP interface to generate parameters and keysKazuki Yamaguchi2021-04-051-153/+33
| | | | | | | | | | Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and PKey::DH#generate_key! using PKey.generate_parameters and .generate_key instead of the low level DH functions. Note that the EVP interface can enforce additional restrictions - for example, DH key shorter than 2048 bits is no longer accepted by default in OpenSSL 3.0. The test code is updated accordingly.
* Merge pull request #329 from rhenium/ky/pkey-generic-operationsKazuki Yamaguchi2020-05-131-35/+0
|\ | | | | pkey: add more support for 'generic' pkey types
| * pkey: reimplement PKey::DH#compute_key and PKey::EC#dh_compute_keyky/pkey-generic-operationsKazuki Yamaguchi2020-05-131-35/+0
| | | | | | | | | | Use the new OpenSSL::PKey::PKey#derive instead of the raw {EC,}DH_compute_key(), mainly to reduce amount of the C code.
* | pkey: inline {rsa,dsa,dh,ec}_instance()Kazuki Yamaguchi2020-05-131-42/+21
| | | | | | | | | | | | | | Merge the code into the callers so that the wrapping Ruby object is allocated before the raw key object is allocated. This prevents possible memory leak on Ruby object allocation failure, and also reduces the lines of code.
* | pkey: simplify ossl_pkey_new()Kazuki Yamaguchi2020-05-131-21/+0
|/ | | | | | ossl_{rsa,dsa,dh,ec}_new() called from this function are not used anywhere else. Inline them into pkey_new0() and reduce code duplication.
* Remove -Wno-parentheses flag.nobu2018-10-181-1/+1
| | | | | | | | | | | | | | | | | | | | [Fix GH-1958] From: Jun Aruga <jaruga@redhat.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e * expand tabs. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Suppress more -Wparentheses warnings [Fix GH-1958] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e [ky: this is a combined patch of r64806-r64808.] Sync-with-trunk: r64808
* Merge branch 'maint'Kazuki Yamaguchi2017-08-081-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.5 ssl: fix compile error with OpenSSL 1.0.0 ssl: remove unsupported TLS versions from SSLContext::METHODS Add msys2 library dependency tag in gem metadata ossl_pem_passwd_cb: handle nil from the block explicitly ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: relax passphrase length constraint appveyor.yml: test against Ruby 2.4 Rakefile: install_dependencies: install only when needed bio: do not use the FILE BIO method in ossl_obj2bio() bio: prevent possible GC issue in ossl_obj2bio() test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
| * bio: prevent possible GC issue in ossl_obj2bio()Kazuki Yamaguchi2017-07-111-1/+1
| | | | | | | | | | | | | | | | | | | | Prevent the new object created by StringValue() from being GCed. Luckily, as none of the callers of ossl_obj2bio() reads from the returned BIO after possible triggering GC, this has not been a real problem. As a bonus, ossl_protect_obj2bio() function which is no longer used anywhere is removed.
* | Merge branch 'topic/expand-ruby-missing-h'Kazuki Yamaguchi2017-04-281-1/+1
|\ \ | | | | | | | | | | | | | | | * topic/expand-ruby-missing-h: Expand FPTR_TO_FD() macro Expand rb_define_copy_func() macro
| * | Expand rb_define_copy_func() macroKazuki Yamaguchi2017-04-281-1/+1
| |/ | | | | | | | | It's not really "missing". Let's expand that, as it does not improve the readability so much.
* / Fix RDoc markuptopic/fix-rdoc-markupKazuki Yamaguchi2017-02-241-10/+10
|/ | | | | Ruby core uses _str_ for emphasizing argument names and +str+ for codes. Match with the rule for better rendering.
* Use rb_obj_class() instead of CLASS_OF()Kazuki Yamaguchi2016-09-081-1/+1
| | | | | | CLASS_OF() (or, rb_class_of()) may return the singleton class of the object; so avoid using it and replace with rb_obj_class() that returns the actual class of the object.
* Avoid using *2FIX() where we don't know if it really fits in FixnumKazuki Yamaguchi2016-08-221-2/+2
|
* pkey: fixup documentKazuki Yamaguchi2016-08-221-3/+19
|
* Fix RDoc styletopic/rdoc-fixesKazuki Yamaguchi2016-07-091-10/+11
|
* openssl: implement initialize_copy method for PKey classesrhe2016-06-191-0/+34
| | | | | | | | | | | | | | * ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement initialize_copy method for OpenSSL::PKey::*. [ruby-core:75504] [Bug #12381] * test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they actually copy the OpenSSL objects, and modifications to cloned object don't affect the original object. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: add 'const's required in OpenSSL masterrhe2016-06-191-4/+4
| | | | | | | | | | * ext/openssl/ossl_pkey.h, ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_rsa.c: A few days ago, OpenSSL changed {DH,DSA,RSA}_get0_*() to take const BIGNUM **. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fd809cfdbd6e32b6b67b68c59f6d55fbed7a9327 [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55450 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: adapt to OpenSSL 1.1.0 opaque structsrhe2016-06-091-8/+12
| | | | | | | | | | | | | | | * ext/openssl/extconf.rb: Check existence of accessor functions that don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its structures opaque and requires use of these accessor functions. [ruby-core:75225] [Feature #12324] * ext/openssl/openssl_missing.[ch]: Implement them if missing. * ext/openssl/ossl*.c: Use these accessor functions. * test/openssl/test_hmac.rb: Add missing test for HMAC#reset. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structsrhe2016-06-091-57/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and {RSA,DSA,EC_KEY,DH}_get0_*() functions. OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide setter methods for each parameter of each PKey type, for example PKey::RSA#e=, but this is no longer possible because the new API RSA_set0_key() requires the 'n' at the same time. This commit adds deprecation warning to them and adds PKey::*#set_* methods as direct wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}. Emit a warning with rb_warning() when old setter methods are used. * test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb, test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH object that are used in tmp_dh_callback. Generating a new key pair every time should be fine - actually the private exponent is ignored in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set. https://www.openssl.org/news/secadv/20160128.txt git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: avoid NULL dereference in {DH,DSA,RSA}_size()rhe2016-05-311-0/+2
| | | | | | | | | | | | | | | | * ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH has 'p' (the prime) before calling DH_size(). We can create a DH with no parameter but DH_size() does not check and dereferences NULL. [ruby-core:75720] [Bug #12428] * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does not check dsa->q. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt, ossl_rsa_public_decrypt, ossl_rsa_private_encrypt, ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: drop OpenSSL 0.9.6/0.9.7 supportrhe2016-05-311-10/+1
| | | | | | * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: clear OpenSSL error queue before return to Rubyrhe2016-05-311-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Sync with ruby trunkZachary Scott2015-09-231-71/+0
|
* Upstream ruby/ruby@451fe26 from r50673Zachary Scott2015-06-031-2/+4
|
* Apply ruby/ruby@325a50fc572516a171d640765d6ddf9b20be14dc to fix typosZachary Scott2015-05-041-1/+1
| | | | See also r50351 from ruby/ruby#876
* import ruby trunkSHIBATA Hiroshi2014-10-271-0/+666
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-06 05:57:03 +0000