aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/ossl_pkey_rsa.c
Commit message (Collapse)AuthorAgeFilesLines
* Constify when building with OpenSSL 3Nobuyoshi Nakada2022-11-291-6/+6
|
* pkey: use EVP_PKEY_dup() if availableky/pkey-base-dupKazuki Yamaguchi2021-12-121-0/+4
| | | | | We can use it to implement OpenSSL::PKey::PKey#initialize_copy. This should work on all key types, not just DH/DSA/EC/RSA types.
* pkey: allocate EVP_PKEY on #initializeKazuki Yamaguchi2021-12-121-39/+57
| | | | | | | Allocate an EVP_PKEY when the content is ready: when #initialize or #initialize_copy is called, rather than when a T_DATA is allocated. This is more natural because the lower level API has been deprecated and an EVP_PKEY is becoming the minimum unit of handling keys.
* pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the EVP APIKazuki Yamaguchi2021-05-251-141/+0
| | | | | | | Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign} family. The definitions are now in lib/openssl/pkey.rb. Also, recommend using those generic methods in the documentation.
* pkey: implement {DH,DSA,RSA}#public_key in RubyKazuki Yamaguchi2021-04-151-57/+1
| | | | | | | | | | | The low-level API that is used to implement #public_key is deprecated in OpenSSL 3.0. It is actually very simple to implement in another way, using existing methods only, in much shorter code. Let's do it. While we are at it, the documentation is updated to recommend against using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der method, there is no real use case for #public_key in newly written Ruby programs.
* pkey: implement #to_text using EVP APIKazuki Yamaguchi2021-04-151-31/+0
| | | | | | | | | | | | | | | | Use EVP_PKEY_print_private() instead of the low-level API *_print() functions, such as RSA_print(). EVP_PKEY_print_*() family was added in OpenSSL 1.0.0. Note that it falls back to EVP_PKEY_print_public() and EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH type for which _private() fails if the private component is not set in the pkey object. Since the new API works in the same way for all key types, we now implement #to_text in the base class OpenSSL::PKey::PKey rather than in each subclass.
* pkey/rsa: use high level EVP interface to generate parameters and keysKazuki Yamaguchi2021-04-051-116/+16
| | | | | Implement PKey::RSA.new(size, exponent) and PKey::RSA.generate using OpenSSL::PKey.generate_key instead of the low level RSA functions.
* pkey: refactor #export/#to_pem and #to_derky/pkey-refactor-serializationKazuki Yamaguchi2020-05-131-60/+24
| | | | | Add ossl_pkey_export_traditional() and ossl_pkey_export_spki() helper functions, and use them. This reduces code duplication.
* pkey: refactor DER/PEM-encoded string parsing codeKazuki Yamaguchi2020-05-131-14/+12
| | | | | Export the flow used by OpenSSL::PKey.read and let the subclasses call it before attempting other formats.
* pkey: inline {rsa,dsa,dh,ec}_instance()Kazuki Yamaguchi2020-05-131-44/+23
| | | | | | | Merge the code into the callers so that the wrapping Ruby object is allocated before the raw key object is allocated. This prevents possible memory leak on Ruby object allocation failure, and also reduces the lines of code.
* pkey: simplify ossl_pkey_new()Kazuki Yamaguchi2020-05-131-22/+0
| | | | | | ossl_{rsa,dsa,dh,ec}_new() called from this function are not used anywhere else. Inline them into pkey_new0() and reduce code duplication.
* Revert "Fix segfaults in OpenSSL::PKey::RSA#private_{en,de}crypt when ↵Kazuki Yamaguchi2020-02-161-6/+6
| | | | | | | | | | | | | | | | private exp not set" This reverts commit e30b9a27f00338b065e90c6172d1c4509edc2853 (#255) except the added test code. The 'd' value can be NULL when the RSA private key is backed by an OpenSSL engine, such as an HSM. In that case, only 'n' and 'e' are visible from the OpenSSL API. The original issue has been fixed by Pull Request #258 in another way. Reference: https://github.com/ruby/openssl/pull/255 Reference: https://github.com/ruby/openssl/pull/258
* Fix segfaults in OpenSSL::PKey::RSA#private_{en,de}crypt when private exp ↵Jeremy Evans2019-07-031-6/+6
| | | | | | | | not set The public exp not set would trigger this for #public_{en,de}crypt, but OpenSSL::PKey::RSA#set_key does not allow setting a NULL public exp.
* fix RSA#export and RSA#to_der to check key, factors and crt_paramsthekuwayama2019-06-201-6/+14
|
* fix RSA_HAS_PRIVATE to check that both `e` and `d` are not NULLthekuwayama2019-06-201-3/+3
|
* Add RSA sign_pss() and verify_pss() methodsky/pkey-rsa-sign-pssPeter Karman2017-11-131-0/+192
| | | | | | | Support Probabilistic Signature Scheme for RSA key signing. [ky: the patch was originally submitted as GitHub Pull Request #76. finish keyword arguments handling, update docs, and fix tests.]
* Merge branch 'maint'Kazuki Yamaguchi2017-08-081-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.5 ssl: fix compile error with OpenSSL 1.0.0 ssl: remove unsupported TLS versions from SSLContext::METHODS Add msys2 library dependency tag in gem metadata ossl_pem_passwd_cb: handle nil from the block explicitly ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: relax passphrase length constraint appveyor.yml: test against Ruby 2.4 Rakefile: install_dependencies: install only when needed bio: do not use the FILE BIO method in ossl_obj2bio() bio: prevent possible GC issue in ossl_obj2bio() test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
| * bio: prevent possible GC issue in ossl_obj2bio()Kazuki Yamaguchi2017-07-111-1/+1
| | | | | | | | | | | | | | | | | | | | Prevent the new object created by StringValue() from being GCed. Luckily, as none of the callers of ossl_obj2bio() reads from the returned BIO after possible triggering GC, this has not been a real problem. As a bonus, ossl_protect_obj2bio() function which is no longer used anywhere is removed.
* | Merge branch 'maint'bpointKazuki Yamaguchi2017-06-141-1/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
| * Fix typosKazuki Yamaguchi2017-04-201-1/+1
| |
* | cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()Kazuki Yamaguchi2017-05-021-1/+1
| | | | | | | | | | | | | | | | While GetCipherPtr() function gets a const EVP_CIPHER * from algorithm name, GetCipher() macro that is locally defined in ext/openssl/ossl_cipher.c gets the EVP_CIPHER_CTX from an OpenSSL::Cipher object. They are completely different things. Rename GetCipherPtr() for disambiguation.
* | Merge branch 'topic/expand-ruby-missing-h'Kazuki Yamaguchi2017-04-281-1/+1
|\ \ | | | | | | | | | | | | | | | * topic/expand-ruby-missing-h: Expand FPTR_TO_FD() macro Expand rb_define_copy_func() macro
| * | Expand rb_define_copy_func() macroKazuki Yamaguchi2017-04-281-1/+1
| |/ | | | | | | | | It's not really "missing". Let's expand that, as it does not improve the readability so much.
* / Fix RDoc markuptopic/fix-rdoc-markupKazuki Yamaguchi2017-02-241-17/+17
|/ | | | | Ruby core uses _str_ for emphasizing argument names and +str+ for codes. Match with the rule for better rendering.
* pkey: tighten buffer size for signatureKazuki Yamaguchi2016-10-141-6/+4
| | | | | | | We allocate too large buffer for the generated signature. The resulting signature, or the RSA encryption result, should not be larger than the size returned by EVP_PKEY_size() (or, DSA_size(), RSA_size(), and ECDSA_size()).
* Use rb_obj_class() instead of CLASS_OF()Kazuki Yamaguchi2016-09-081-1/+1
| | | | | | CLASS_OF() (or, rb_class_of()) may return the singleton class of the object; so avoid using it and replace with rb_obj_class() that returns the actual class of the object.
* Avoid using *2FIX() where we don't know if it really fits in FixnumKazuki Yamaguchi2016-08-221-3/+3
|
* pkey: fixup documentKazuki Yamaguchi2016-08-221-0/+23
|
* Remove unnecessary usage of _() macroKazuki Yamaguchi2016-07-251-2/+2
|
* Fix RDoc styletopic/rdoc-fixesKazuki Yamaguchi2016-07-091-2/+3
|
* * ext/digest/md5/md5ossl.h: Remove excess semicolons.ngoto2016-06-291-3/+3
| | | | | | | | | | | | | | | Suppress warning on Solaris with Oracle Solaris Studio 12. [ruby-dev:49692] [Bug #12524] * ext/digest/md5/md5cc.h: ditto. * ext/digest/sha1/sha1cc.h: ditto. * ext/digest/sha1/sha1ossl.h: ditto. * ext/digest/sha2/sha2cc.h: ditto. * ext/digest/sha2/sha2ossl.h: ditto. * ext/openssl/ossl_pkey_rsa.c: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55523 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: implement initialize_copy method for PKey classesrhe2016-06-191-0/+21
| | | | | | | | | | | | | | * ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement initialize_copy method for OpenSSL::PKey::*. [ruby-core:75504] [Bug #12381] * test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they actually copy the OpenSSL objects, and modifications to cloned object don't affect the original object. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: add 'const's required in OpenSSL masterrhe2016-06-191-6/+6
| | | | | | | | | | * ext/openssl/ossl_pkey.h, ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_rsa.c: A few days ago, OpenSSL changed {DH,DSA,RSA}_get0_*() to take const BIGNUM **. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fd809cfdbd6e32b6b67b68c59f6d55fbed7a9327 [ruby-core:75225] [Feature #12324] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55450 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: adapt to OpenSSL 1.1.0 opaque structsrhe2016-06-091-13/+15
| | | | | | | | | | | | | | | * ext/openssl/extconf.rb: Check existence of accessor functions that don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its structures opaque and requires use of these accessor functions. [ruby-core:75225] [Feature #12324] * ext/openssl/openssl_missing.[ch]: Implement them if missing. * ext/openssl/ossl*.c: Use these accessor functions. * test/openssl/test_hmac.rb: Add missing test for HMAC#reset. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structsrhe2016-06-091-80/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and {RSA,DSA,EC_KEY,DH}_get0_*() functions. OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide setter methods for each parameter of each PKey type, for example PKey::RSA#e=, but this is no longer possible because the new API RSA_set0_key() requires the 'n' at the same time. This commit adds deprecation warning to them and adds PKey::*#set_* methods as direct wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}. Emit a warning with rb_warning() when old setter methods are used. * test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb, test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH object that are used in tmp_dh_callback. Generating a new key pair every time should be fine - actually the private exponent is ignored in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set. https://www.openssl.org/news/secadv/20160128.txt git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: avoid NULL dereference in {DH,DSA,RSA}_size()rhe2016-05-311-6/+12
| | | | | | | | | | | | | | | | * ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH has 'p' (the prime) before calling DH_size(). We can create a DH with no parameter but DH_size() does not check and dereferences NULL. [ruby-core:75720] [Bug #12428] * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does not check dsa->q. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt, ossl_rsa_public_decrypt, ossl_rsa_private_encrypt, ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: drop OpenSSL 0.9.6/0.9.7 supportrhe2016-05-311-6/+0
| | | | | | * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: improve handling of password for encrypted PEMrhe2016-05-311-11/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the argument to String with StringValue() and validate the length is in 4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers. (ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we used to pass the password to PEM_def_callback() directly but it was problematic. It is not NUL character safe. And surprisingly, it silently truncates the password to 1024 bytes. [GH ruby/openssl#51] * ext/openssl/ossl.h: Add function prototype declaration of newly added ossl_pem_passwd_value(). * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use ossl_pem_passwd_value() to validate the password String. * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export): ditto. * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize, ossl_ec_key_to_string): ditto. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export): ditto. * test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* openssl: clear OpenSSL error queue before return to Rubyrhe2016-05-311-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Sync with ruby trunkZachary Scott2015-09-231-2/+0
|
* Upstream ruby/ruby@451fe26 from r50673Zachary Scott2015-06-031-2/+4
|
* Apply ruby/ruby@325a50fc572516a171d640765d6ddf9b20be14dc to fix typosZachary Scott2015-05-041-1/+1
| | | | See also r50351 from ruby/ruby#876
* import ruby trunkSHIBATA Hiroshi2014-10-271-0/+701
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-23 21:13:23 +0000