From b28fb2f05c1e90130b2d4fdcbdae5234b66bbb05 Mon Sep 17 00:00:00 2001 From: Bart de Water Date: Sun, 19 Apr 2020 11:14:36 -0400 Subject: Look up digest by name instead of constant --- ext/openssl/ossl.c | 16 ++++++++-------- ext/openssl/ossl_digest.c | 32 ++++++++++++++++++-------------- ext/openssl/ossl_hmac.c | 2 +- ext/openssl/ossl_kdf.c | 2 +- ext/openssl/ossl_ns_spki.c | 2 +- ext/openssl/ossl_ocsp.c | 2 +- ext/openssl/ossl_pkey.c | 4 ++-- ext/openssl/ossl_pkey_dsa.c | 4 ++-- ext/openssl/ossl_ts.c | 6 +++--- ext/openssl/ossl_x509cert.c | 4 ++-- 10 files changed, 39 insertions(+), 35 deletions(-) (limited to 'ext') diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 14a7919a..5d3ee741 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -739,7 +739,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * To sign a document, a cryptographically secure hash of the document is * computed first, which is then signed using the private key. * - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * signature = key.sign digest, document * * To validate the signature, again a hash of the document is computed and @@ -747,7 +747,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * compared to the hash just computed, if they are equal the signature was * valid. * - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * if key.verify digest, signature, document * puts 'Valid' * else @@ -782,7 +782,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * salt = OpenSSL::Random.random_bytes 16 * iter = 20000 * key_len = cipher.key_len - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * * key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest) * cipher.key = key @@ -805,7 +805,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * salt = ... # the one generated above * iter = 20000 * key_len = cipher.key_len - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * * key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest) * cipher.key = key @@ -901,7 +901,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * certificate. * * cert.issuer = name - * cert.sign key, OpenSSL::Digest::SHA1.new + * cert.sign key, OpenSSL::Digest.new('SHA1') * * open 'certificate.pem', 'w' do |io| io.write cert.to_pem end * @@ -977,7 +977,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * * Root CA certificates are self-signed. * - * ca_cert.sign ca_key, OpenSSL::Digest::SHA1.new + * ca_cert.sign ca_key, OpenSSL::Digest.new('SHA1') * * The CA certificate is saved to disk so it may be distributed to all the * users of the keys this CA will sign. @@ -995,7 +995,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * csr.version = 0 * csr.subject = name * csr.public_key = key.public_key - * csr.sign key, OpenSSL::Digest::SHA1.new + * csr.sign key, OpenSSL::Digest.new('SHA1') * * A CSR is saved to disk and sent to the CA for signing. * @@ -1039,7 +1039,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) * csr_cert.add_extension \ * extension_factory.create_extension('subjectKeyIdentifier', 'hash') * - * csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new + * csr_cert.sign ca_key, OpenSSL::Digest.new('SHA1') * * open 'csr_cert.pem', 'w' do |io| * io.write csr_cert.to_pem diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index 661b230f..12337323 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -192,7 +192,7 @@ ossl_digest_reset(VALUE self) * be passed individually to the Digest instance. * * === Example - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * digest.update('First input') * digest << 'Second input' # equivalent to digest.update('Second input') * result = digest.digest @@ -248,7 +248,7 @@ ossl_digest_finish(int argc, VALUE *argv, VALUE self) * Returns the sn of this Digest algorithm. * * === Example - * digest = OpenSSL::Digest::SHA512.new + * digest = OpenSSL::Digest.new('SHA512') * puts digest.name # => SHA512 * */ @@ -270,7 +270,7 @@ ossl_digest_name(VALUE self) * final message digest result. * * === Example - * digest = OpenSSL::Digest::SHA1.new + * digest = OpenSSL::Digest.new('SHA1') * puts digest.digest_length # => 20 * */ @@ -294,7 +294,7 @@ ossl_digest_size(VALUE self) * consecutively. * * === Example - * digest = OpenSSL::Digest::SHA1.new + * digest = OpenSSL::Digest.new('SHA1') * puts digest.block_length # => 64 */ static VALUE @@ -348,15 +348,19 @@ Init_ossl_digest(void) * the integrity of a signed document, it suffices to re-compute the hash * and verify that it is equal to that in the signature. * - * Among the supported message digest algorithms are: - * * SHA, SHA1, SHA224, SHA256, SHA384 and SHA512 - * * MD2, MD4, MDC2 and MD5 - * * RIPEMD160 + * You can get a list of all digest algorithms supported on your system by + * running this command in your terminal: * - * For each of these algorithms, there is a sub-class of Digest that - * can be instantiated as simply as e.g. + * openssl list -digest-algorithms * - * digest = OpenSSL::Digest::SHA1.new + * Among the OpenSSL 1.1.1 supported message digest algorithms are: + * * SHA224, SHA256, SHA384, SHA512, SHA512-224 and SHA512-256 + * * SHA3-224, SHA3-256, SHA3-384 and SHA3-512 + * * BLAKE2s256 and BLAKE2b512 + * + * Each of these algorithms can be instantiated using the name: + * + * digest = OpenSSL::Digest.new('SHA256') * * === Mapping between Digest class and sn/ln * @@ -406,7 +410,7 @@ Init_ossl_digest(void) * === Hashing a file * * data = File.read('document') - * sha256 = OpenSSL::Digest::SHA256.new + * sha256 = OpenSSL::Digest.new('SHA256') * digest = sha256.digest(data) * * === Hashing several pieces of data at once @@ -414,7 +418,7 @@ Init_ossl_digest(void) * data1 = File.read('file1') * data2 = File.read('file2') * data3 = File.read('file3') - * sha256 = OpenSSL::Digest::SHA256.new + * sha256 = OpenSSL::Digest.new('SHA256') * sha256 << data1 * sha256 << data2 * sha256 << data3 @@ -423,7 +427,7 @@ Init_ossl_digest(void) * === Reuse a Digest instance * * data1 = File.read('file1') - * sha256 = OpenSSL::Digest::SHA256.new + * sha256 = OpenSSL::Digest.new('SHA256') * digest1 = sha256.digest(data1) * * data2 = File.read('file2') diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index 2ac2e5c6..e831cff5 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -353,7 +353,7 @@ Init_ossl_hmac(void) * data1 = File.read("file1") * data2 = File.read("file2") * key = "key" - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * hmac = OpenSSL::HMAC.new(key, digest) * hmac << data1 * hmac << data2 diff --git a/ext/openssl/ossl_kdf.c b/ext/openssl/ossl_kdf.c index 3d0e66b5..486e7894 100644 --- a/ext/openssl/ossl_kdf.c +++ b/ext/openssl/ossl_kdf.c @@ -272,7 +272,7 @@ Init_ossl_kdf(void) * # store this with the generated value * salt = OpenSSL::Random.random_bytes(16) * iter = 20_000 - * hash = OpenSSL::Digest::SHA256.new + * hash = OpenSSL::Digest.new('SHA256') * len = hash.digest_length * # the final value to be stored * value = OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter, diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c index 6f61e61b..9b114736 100644 --- a/ext/openssl/ossl_ns_spki.c +++ b/ext/openssl/ossl_ns_spki.c @@ -350,7 +350,7 @@ ossl_spki_verify(VALUE self, VALUE key) * spki = OpenSSL::Netscape::SPKI.new * spki.challenge = "RandomChallenge" * spki.public_key = key.public_key - * spki.sign(key, OpenSSL::Digest::SHA256.new) + * spki.sign(key, OpenSSL::Digest.new('SHA256')) * #send a request containing this to a server generating a certificate * === Verifying an SPKI request * request = #... diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 2ca4f62f..7a92e5df 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -1719,7 +1719,7 @@ Init_ossl_ocsp(void) * subject certificate so the CA knows which certificate we are asking * about: * - * digest = OpenSSL::Digest::SHA1.new + * digest = OpenSSL::Digest.new('SHA1') * certificate_id = * OpenSSL::OCSP::CertificateId.new subject, issuer, digest * diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index fc4cac3b..fc08ebf5 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -430,7 +430,7 @@ ossl_pkey_public_to_pem(VALUE self) * * == Example * data = 'Sign me!' - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * pkey = OpenSSL::PKey::RSA.new(2048) * signature = pkey.sign(digest, data) */ @@ -484,7 +484,7 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) * * == Example * data = 'Sign me!' - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * pkey = OpenSSL::PKey::RSA.new(2048) * signature = pkey.sign(digest, data) * pub_key = pkey.public_key diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 56cc9dd4..431c20e0 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -513,7 +513,7 @@ ossl_dsa_to_public_key(VALUE self) * === Example * dsa = OpenSSL::PKey::DSA.new(2048) * doc = "Sign me" - * digest = OpenSSL::Digest::SHA1.digest(doc) + * digest = OpenSSL::Digest.digest('SHA1', doc) * sig = dsa.syssign(digest) * * @@ -558,7 +558,7 @@ ossl_dsa_sign(VALUE self, VALUE data) * === Example * dsa = OpenSSL::PKey::DSA.new(2048) * doc = "Sign me" - * digest = OpenSSL::Digest::SHA1.digest(doc) + * digest = OpenSSL::Digest.digest('SHA1', doc) * sig = dsa.syssign(digest) * puts dsa.sysverify(digest, sig) # => true * diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c index ba0df750..160ec0d8 100644 --- a/ext/openssl/ossl_ts.c +++ b/ext/openssl/ossl_ts.c @@ -1281,7 +1281,7 @@ Init_ossl_ts(void) * #Assumes ts.p12 is a PKCS#12-compatible file with a private key * #and a certificate that has an extended key usage of 'timeStamping' * p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd') - * md = OpenSSL::Digest::SHA1.new + * md = OpenSSL::Digest.new('SHA1') * hash = md.digest(data) #some binary data to be timestamped * req = OpenSSL::Timestamp::Request.new * req.algorithm = 'SHA1' @@ -1498,8 +1498,8 @@ Init_ossl_ts(void) * Must be an Array of String or OpenSSL::Digest subclass instances. * * call-seq: - * factory.allowed_digests = ["sha1", OpenSSL::Digest::SHA256.new] -> [ "sha1", OpenSSL::Digest::SHA256.new ] - * factory.allowed_digests -> array or nil + * factory.allowed_digests = ["sha1", OpenSSL::Digest.new('SHA256').new] -> [ "sha1", OpenSSL::Digest) ] + * factory.allowed_digests -> array or nil * */ cTimestampFactory = rb_define_class_under(mTimestamp, "Factory", rb_cObject); diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 40542c4a..e3766b1b 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -788,7 +788,7 @@ Init_ossl_x509cert(void) * root_ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) * root_ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) * root_ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) - * root_ca.sign(root_key, OpenSSL::Digest::SHA256.new) + * root_ca.sign(root_key, OpenSSL::Digest.new('SHA256')) * * The next step is to create the end-entity certificate using the root CA * certificate. @@ -807,7 +807,7 @@ Init_ossl_x509cert(void) * ef.issuer_certificate = root_ca * cert.add_extension(ef.create_extension("keyUsage","digitalSignature", true)) * cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) - * cert.sign(root_key, OpenSSL::Digest::SHA256.new) + * cert.sign(root_key, OpenSSL::Digest.new('SHA256')) * */ cX509Cert = rb_define_class_under(mX509, "Certificate", rb_cObject); -- cgit v1.2.3