aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-05-05 16:23:38 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-05-05 18:43:53 +0900
commitdd778cd0c87586f8b8f774ff9da6fad9df1824c4 (patch)
tree97d6905fa876489836527b338307b8cd1a3c52b2
parent81b7b8f80e3b423e08bc20e051da050551ff3dee (diff)
downloadruby-dd778cd0c87586f8b8f774ff9da6fad9df1824c4.tar.gz
ext/openssl: EVP_PKEY, DH, DSA, RSA, EC_KEY are made opaque
Use EVP_PKEY_get0_* instead of pkey->pkey.* Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type) Because of this, we can no longer set the parameters/keys directly, and the newly added functions as alternative require setting all relevant values at the same time. So this patch contains incompatibility: the following code no longer works (if using 1.1.0): dh = OpenSSL::PKey::DH.new(...) dh.priv_key = OpenSSL::BN.new(...) ...and we have to write like: dh = OpenSSL::PKey::DH.new(...) priv = OpenSSL::BN.new(...) pub = <calculate (dh.g ** priv) % dh.p> dh.set_key(pub, priv)
-rw-r--r--ext/openssl/extconf.rb1
-rw-r--r--ext/openssl/openssl_missing.h87
-rw-r--r--ext/openssl/ossl_pkey.c2
-rw-r--r--ext/openssl/ossl_pkey.h134
-rw-r--r--ext/openssl/ossl_pkey_dh.c78
-rw-r--r--ext/openssl/ossl_pkey_dsa.c94
-rw-r--r--ext/openssl/ossl_pkey_ec.c8
-rw-r--r--ext/openssl/ossl_pkey_rsa.c104
-rw-r--r--ext/openssl/ossl_ssl.c8
-rw-r--r--test/drb/ut_array_drbssl.rb3
-rw-r--r--test/drb/ut_drb_drbssl.rb3
-rw-r--r--test/openssl/utils.rb3
-rw-r--r--test/rubygems/test_gem_remote_fetcher.rb33
13 files changed, 400 insertions, 158 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 4f43a6686e..689cf84f9b 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -84,6 +84,7 @@ OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
# added in 1.0.0
have_func("EVP_CIPHER_CTX_copy")
+have_func("EVP_PKEY_base_id")
have_func("HMAC_CTX_copy")
have_func("PKCS5_PBKDF2_HMAC")
have_func("X509_NAME_hash_old")
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 03732f6a80..473458af96 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -25,6 +25,10 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
#endif
/* added in 1.0.0 */
+#if !defined(HAVE_EVP_PKEY_BASE_ID)
+# define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type)
+#endif
+
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
#endif
@@ -169,4 +173,87 @@ void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ
CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
#endif
+#if !defined(HAVE_OPAQUE_OPENSSL)
+#if !defined(OPENSSL_NO_RSA)
+static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { return pkey->pkey.rsa; }
+static inline void RSA_get0_key(RSA *rsa, BIGNUM **n, BIGNUM **e, BIGNUM **d) {
+ if (n) *n = rsa->n;
+ if (e) *e = rsa->e;
+ if (d) *d = rsa->d; }
+static inline int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
+ if (!n || !e) return 0;
+ BN_free(rsa->n); rsa->n = n;
+ BN_free(rsa->e); rsa->e = e;
+ BN_free(rsa->d); rsa->d = d;
+ return 1; }
+static inline void RSA_get0_factors(RSA *rsa, BIGNUM **p, BIGNUM **q) {
+ if (p) *p = rsa->p;
+ if (q) *q = rsa->q; }
+static inline int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) {
+ if (!p || !q) return 0;
+ BN_free(rsa->p); rsa->p = p;
+ BN_free(rsa->q); rsa->q = q;
+ return 1; }
+static inline void RSA_get0_crt_params(RSA *rsa, BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqmp) {
+ if (dmp1) *dmp1 = rsa->dmp1;
+ if (dmq1) *dmq1 = rsa->dmq1;
+ if (iqmp) *iqmp = rsa->iqmp; }
+static inline int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
+ if (!dmp1 || !dmq1 || !iqmp) return 0;
+ BN_free(rsa->dmp1); rsa->dmp1 = dmp1;
+ BN_free(rsa->dmq1); rsa->dmq1 = dmq1;
+ BN_free(rsa->iqmp); rsa->iqmp = iqmp;
+ return 1; }
+#endif /* RSA */
+
+#if !defined(OPENSSL_NO_DSA)
+static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; }
+static inline void DSA_get0_key(DSA *dsa, BIGNUM **pub_key, BIGNUM **priv_key) {
+ if (pub_key) *pub_key = dsa->pub_key;
+ if (priv_key) *priv_key = dsa->priv_key; }
+static inline int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key) {
+ if (!pub_key) return 0;
+ BN_free(dsa->pub_key); dsa->pub_key = pub_key;
+ BN_free(dsa->priv_key); dsa->priv_key = priv_key;
+ return 1; }
+static inline void DSA_get0_pqg(DSA *dsa, BIGNUM **p, BIGNUM **q, BIGNUM **g) {
+ if (p) *p = dsa->p;
+ if (q) *q = dsa->q;
+ if (g) *g = dsa->g; }
+static inline int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+ if (!p || !q || !g) return 0;
+ BN_free(dsa->p); dsa->p = p;
+ BN_free(dsa->q); dsa->q = q;
+ BN_free(dsa->g); dsa->g = g;
+ return 1; }
+#endif /* DSA */
+
+#if !defined(OPENSSL_NO_DH)
+static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; }
+static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
+static inline void DH_get0_key(DH *dh, BIGNUM **pub_key, BIGNUM **priv_key) {
+ if (pub_key) *pub_key = dh->pub_key;
+ if (priv_key) *priv_key = dh->priv_key; }
+static inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
+ if (!pub_key) return 0;
+ BN_free(dh->pub_key); dh->pub_key = pub_key;
+ BN_free(dh->priv_key); dh->priv_key = priv_key;
+ return 1; }
+static inline void DH_get0_pqg(DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g) {
+ if (p) *p = dh->p;
+ if (q) *q = dh->q;
+ if (g) *g = dh->g; }
+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+ if (!p || !g) return 0;
+ BN_free(dh->p); dh->p = p;
+ BN_free(dh->q); dh->q = q;
+ BN_free(dh->g); dh->g = g;
+ return 1; }
+#endif /* DH */
+
+#if !defined(OPENSSL_NO_EC)
+static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; }
+#endif
+#endif
+
#endif /* _OSSL_OPENSSL_MISSING_H_ */
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 2d131a1e56..c787e02367 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -76,7 +76,7 @@ ossl_pkey_new(EVP_PKEY *pkey)
if (!pkey) {
ossl_raise(ePKeyError, "Cannot make new key from NULL.");
}
- switch (EVP_PKEY_type(pkey->type)) {
+ switch (EVP_PKEY_base_id(pkey)) {
#if !defined(OPENSSL_NO_RSA)
case EVP_PKEY_RSA:
return ossl_rsa_new(pkey);
diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h
index b806d63e15..57d5fedbd4 100644
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@@ -95,32 +95,117 @@ extern VALUE eEC_POINT;
VALUE ossl_ec_new(EVP_PKEY *);
void Init_ossl_ec(void);
-
-#define OSSL_PKEY_BN(keytype, name) \
+#define OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, _name, _get) \
/* \
* call-seq: \
- * key.##name -> aBN \
+ * _keytype##.##_name -> aBN \
*/ \
-static VALUE ossl_##keytype##_get_##name(VALUE self) \
+static VALUE ossl_##_keytype##_get_##_name(VALUE self) \
{ \
EVP_PKEY *pkey; \
BIGNUM *bn; \
+ _type *obj; \
\
- GetPKey(self, pkey); \
- bn = pkey->pkey.keytype->name; \
- if (bn == NULL) \
+ GetPKey##_type(self, pkey); \
+ obj = EVP_PKEY_get0_##_type(pkey); \
+ _get; \
+ if (bn) \
+ return ossl_bn_new(bn); \
+ else \
return Qnil; \
- return ossl_bn_new(bn); \
-} \
+}
+
+#define OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
+ OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
+ _type##_get0_##_group(obj, &bn, NULL, NULL)) \
+ OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
+ _type##_get0_##_group(obj, NULL, &bn, NULL)) \
+ OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a3, \
+ _type##_get0_##_group(obj, NULL, NULL, &bn))
+
+#define OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
+ OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
+ _type##_get0_##_group(obj, &bn, NULL)) \
+ OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
+ _type##_get0_##_group(obj, NULL, &bn))
+
+#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
+/* \
+ * call-seq: \
+ * _keytype##.set_##_group(a1, a2, a3) -> self \
+ */ \
+static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
+{ \
+ EVP_PKEY *pkey; \
+ _type *obj; \
+ BIGNUM *bn1 = BN_dup(GetBNPtr(v1)); \
+ BIGNUM *bn2 = BN_dup(GetBNPtr(v2)); \
+ BIGNUM *bn3 = BN_dup(GetBNPtr(v3)); \
+ \
+ if (!NIL_P(v1) && !bn1 || \
+ !NIL_P(v2) && !bn2 || \
+ !NIL_P(v3) && !bn3) { \
+ BN_clear_free(bn1); \
+ BN_clear_free(bn2); \
+ BN_clear_free(bn3); \
+ ossl_raise(eBNError, NULL); \
+ } \
+ \
+ GetPKey##_type(self, pkey); \
+ obj = EVP_PKEY_get0_##_type(pkey); \
+ \
+ if (!_type##_set0_##_group(obj, bn1, bn2, bn3)) { \
+ BN_clear_free(bn1); \
+ BN_clear_free(bn2); \
+ BN_clear_free(bn3); \
+ ossl_raise(rb_eRuntimeError, #_type"_set0_"#_group"()");\
+ } \
+ return self; \
+}
+
+#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
/* \
* call-seq: \
- * key.##name = bn -> bn \
+ * _keytype##.set_##_group(a1, a2) -> self \
+ */ \
+static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
+{ \
+ EVP_PKEY *pkey; \
+ _type *obj; \
+ BIGNUM *bn1 = BN_dup(GetBNPtr(v1)); \
+ BIGNUM *bn2 = BN_dup(GetBNPtr(v2)); \
+ \
+ if (!NIL_P(v1) && !bn1 || \
+ !NIL_P(v2) && !bn2) { \
+ BN_clear_free(bn1); \
+ BN_clear_free(bn2); \
+ ossl_raise(eBNError, NULL); \
+ } \
+ \
+ GetPKey##_type(self, pkey); \
+ obj = EVP_PKEY_get0_##_type(pkey); \
+ \
+ if (!_type##_set0_##_group(obj, bn1, bn2)) { \
+ BN_clear_free(bn1); \
+ BN_clear_free(bn2); \
+ ossl_raise(rb_eRuntimeError, #_type"_set0_"#_group"()");\
+ } \
+ return self; \
+}
+
+/* below no longer works with OpenSSL 1.1.0 */
+#define OSSL_PKEY_BN_OLD_SETTER(keytype, name) \
+/* \
+ * call-seq: \
+ * keytype##.##name = bn -> bn \
*/ \
static VALUE ossl_##keytype##_set_##name(VALUE self, VALUE bignum) \
{ \
EVP_PKEY *pkey; \
BIGNUM *bn; \
\
+ rb_warn("#"#name"= is deprecated; use set_* methods instead"); \
+ \
GetPKey(self, pkey); \
if (NIL_P(bignum)) { \
BN_clear_free(pkey->pkey.keytype->name); \
@@ -138,10 +223,37 @@ static VALUE ossl_##keytype##_set_##name(VALUE self, VALUE bignum) \
return bignum; \
}
+#if defined(HAVE_OPAQUE_OPENSSL) /* OpenSSL 1.1.0 */
+#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \
+ OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
+ OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
+
+#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \
+ OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
+ OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
+
+#define DEF_OSSL_PKEY_BN(class, keytype, name) \
+ rb_define_method((class), #name, ossl_##keytype##_get_##name, 0)
+
+#else /* not OpenSSL 1.1.0 */
+#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \
+ OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
+ OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
+ OSSL_PKEY_BN_OLD_SETTER(_keytype, a1) \
+ OSSL_PKEY_BN_OLD_SETTER(_keytype, a2) \
+ OSSL_PKEY_BN_OLD_SETTER(_keytype, a3)
+
+#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \
+ OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
+ OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
+ OSSL_PKEY_BN_OLD_SETTER(_keytype, a1) \
+ OSSL_PKEY_BN_OLD_SETTER(_keytype, a2)
+
#define DEF_OSSL_PKEY_BN(class, keytype, name) \
do { \
- rb_define_method((class), #name, ossl_##keytype##_get_##name, 0); \
+ rb_define_method((class), #name, ossl_##keytype##_get_##name, 0);\
rb_define_method((class), #name "=", ossl_##keytype##_set_##name, 1);\
} while (0)
+#endif /* HAVE_OPAQUE_OPENSSL */
#endif /* _OSSL_PKEY_H_ */
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 8704d96611..550f48c7eb 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -7,25 +7,20 @@
* This program is licensed under the same licence as Ruby.
* (See the file 'LICENCE'.)
*/
-#if !defined(OPENSSL_NO_DH)
-
#include "ossl.h"
+#if !defined(OPENSSL_NO_DH)
+
#define GetPKeyDH(obj, pkey) do { \
GetPKey((obj), (pkey)); \
- if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_DH) { /* PARANOIA? */ \
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { /* PARANOIA? */ \
ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \
} \
} while (0)
-#define DH_HAS_PRIVATE(dh) ((dh)->priv_key)
-
-#if !defined(OPENSSL_NO_ENGINE)
-# define DH_PRIVATE(dh) (DH_HAS_PRIVATE(dh) || (dh)->engine)
-#else
-# define DH_PRIVATE(dh) DH_HAS_PRIVATE(dh)
-#endif
-
+/* we don't use q */
+#define DH_get0_pg(obj, p, g) DH_get0_pqg(obj, p, NULL, g)
+#define DH_set0_pg(obj, p, g) DH_set0_pqg(obj, p, NULL, g)
/*
* Classes
@@ -67,7 +62,7 @@ ossl_dh_new(EVP_PKEY *pkey)
obj = dh_instance(cDH, DH_new());
} else {
obj = NewPKey(cDH);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) {
ossl_raise(rb_eTypeError, "Not a DH key!");
}
SetPKey(obj, pkey);
@@ -82,6 +77,10 @@ ossl_dh_new(EVP_PKEY *pkey)
/*
* Private
*/
+
+OSSL_PKEY_BN_DEF2(dh, DH, pg, p, g)
+OSSL_PKEY_BN_DEF2(dh, DH, key, pub_key, priv_key)
+
struct dh_blocking_gen_arg {
DH *dh;
int size;
@@ -249,11 +248,15 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
static VALUE
ossl_dh_is_public(VALUE self)
{
+ BIGNUM *bn;
EVP_PKEY *pkey;
+ DH *dh;
GetPKeyDH(self, pkey);
+ dh = EVP_PKEY_get0_DH(pkey);
+ DH_get0_key(dh, &bn, NULL);
- return (pkey->pkey.dh->pub_key) ? Qtrue : Qfalse;
+ return bn ? Qtrue : Qfalse;
}
/*
@@ -266,11 +269,19 @@ ossl_dh_is_public(VALUE self)
static VALUE
ossl_dh_is_private(VALUE self)
{
+ BIGNUM *bn;
EVP_PKEY *pkey;
+ DH *dh;
GetPKeyDH(self, pkey);
+ dh = EVP_PKEY_get0_DH(pkey);
+ DH_get0_key(dh, &bn, NULL);
- return (DH_PRIVATE(pkey->pkey.dh)) ? Qtrue : Qfalse;
+#if !defined(OPENSSL_NO_ENGINE)
+ return (bn || DH_get0_engine(dh)) ? Qtrue : Qfalse;
+#else
+ return bn ? Qtrue : Qfalse;
+#endif
}
/*
@@ -294,7 +305,7 @@ ossl_dh_export(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eDHError, NULL);
}
- if (!PEM_write_bio_DHparams(out, pkey->pkey.dh)) {
+ if (!PEM_write_bio_DHparams(out, EVP_PKEY_get0_DH(pkey))) {
BIO_free(out);
ossl_raise(eDHError, NULL);
}
@@ -321,11 +332,11 @@ ossl_dh_to_der(VALUE self)
VALUE str;
GetPKeyDH(self, pkey);
- if((len = i2d_DHparams(pkey->pkey.dh, NULL)) <= 0)
+ if((len = i2d_DHparams(EVP_PKEY_get0_DH(pkey), NULL)) <= 0)
ossl_raise(eDHError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
- if(i2d_DHparams(pkey->pkey.dh, &p) < 0)
+ if(i2d_DHparams(EVP_PKEY_get0_DH(pkey), &p) < 0)
ossl_raise(eDHError, NULL);
ossl_str_adjust(str, p);
@@ -343,17 +354,12 @@ ossl_dh_to_der(VALUE self)
static VALUE
ossl_dh_get_params(VALUE self)
{
- EVP_PKEY *pkey;
- VALUE hash;
+ VALUE hash = rb_hash_new();
- GetPKeyDH(self, pkey);
-
- hash = rb_hash_new();
-
- rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dh->p));
- rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dh->g));
- rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dh->pub_key));
- rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dh->priv_key));
+ rb_hash_aset(hash, rb_str_new2("p"), ossl_dh_get_p(self));
+ rb_hash_aset(hash, rb_str_new2("g"), ossl_dh_get_g(self));
+ rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_dh_get_pub_key(self));
+ rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_dh_get_priv_key(self));
return hash;
}
@@ -377,7 +383,7 @@ ossl_dh_to_text(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eDHError, NULL);
}
- if (!DHparams_print(out, pkey->pkey.dh)) {
+ if (!DHparams_print(out, EVP_PKEY_get0_DH(pkey))) {
BIO_free(out);
ossl_raise(eDHError, NULL);
}
@@ -415,7 +421,7 @@ ossl_dh_to_public_key(VALUE self)
VALUE obj;
GetPKeyDH(self, pkey);
- dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */
+ dh = DHparams_dup(EVP_PKEY_get0_DH(pkey)); /* err check perfomed by dh_instance */
obj = dh_instance(CLASS_OF(self), dh);
if (obj == Qfalse) {
DH_free(dh);
@@ -441,7 +447,7 @@ ossl_dh_check_params(VALUE self)
int codes;
GetPKeyDH(self, pkey);
- dh = pkey->pkey.dh;
+ dh = EVP_PKEY_get0_DH(pkey);
if (!DH_check(dh, &codes)) {
return Qfalse;
@@ -473,7 +479,7 @@ ossl_dh_generate_key(VALUE self)
EVP_PKEY *pkey;
GetPKeyDH(self, pkey);
- dh = pkey->pkey.dh;
+ dh = EVP_PKEY_get0_DH(pkey);
if (!DH_generate_key(dh))
ossl_raise(eDHError, "Failed to generate key");
@@ -501,7 +507,7 @@ ossl_dh_compute_key(VALUE self, VALUE pub)
int len;
GetPKeyDH(self, pkey);
- dh = pkey->pkey.dh;
+ dh = EVP_PKEY_get0_DH(pkey);
pub_key = GetBNPtr(pub);
len = DH_size(dh);
str = rb_str_new(0, len);
@@ -513,11 +519,6 @@ ossl_dh_compute_key(VALUE self, VALUE pub)
return str;
}
-OSSL_PKEY_BN(dh, p)
-OSSL_PKEY_BN(dh, g)
-OSSL_PKEY_BN(dh, pub_key)
-OSSL_PKEY_BN(dh, priv_key)
-
/*
* INIT
*/
@@ -582,6 +583,9 @@ Init_ossl_dh(void)
DEF_OSSL_PKEY_BN(cDH, dh, g);
DEF_OSSL_PKEY_BN(cDH, dh, pub_key);
DEF_OSSL_PKEY_BN(cDH, dh, priv_key);
+ rb_define_method(cDH, "set_pg", ossl_dh_set_pg, 2);
+ rb_define_method(cDH, "set_key", ossl_dh_set_key, 2);
+
rb_define_method(cDH, "params", ossl_dh_get_params, 0);
}
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index f18760c4e2..840e14223a 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -7,20 +7,17 @@
* This program is licensed under the same licence as Ruby.
* (See the file 'LICENCE'.)
*/
-#if !defined(OPENSSL_NO_DSA)
-
#include "ossl.h"
+#if !defined(OPENSSL_NO_DSA)
+
#define GetPKeyDSA(obj, pkey) do { \
GetPKey((obj), (pkey)); \
- if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_DSA) { /* PARANOIA? */ \
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { /* PARANOIA? */ \
ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \
} \
} while (0)
-#define DSA_HAS_PRIVATE(dsa) ((dsa)->priv_key)
-#define DSA_PRIVATE(obj,dsa) (DSA_HAS_PRIVATE(dsa)||OSSL_PKEY_IS_PRIVATE(obj))
-
/*
* Classes
*/
@@ -61,7 +58,7 @@ ossl_dsa_new(EVP_PKEY *pkey)
obj = dsa_instance(cDSA, DSA_new());
} else {
obj = NewPKey(cDSA);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
ossl_raise(rb_eTypeError, "Not a DSA key!");
}
SetPKey(obj, pkey);
@@ -76,6 +73,24 @@ ossl_dsa_new(EVP_PKEY *pkey)
/*
* Private
*/
+
+OSSL_PKEY_BN_DEF3(dsa, DSA, pqg, p, q, g)
+OSSL_PKEY_BN_DEF2(dsa, DSA, key, pub_key, priv_key)
+
+static inline int
+dsa_has_private(DSA *dsa)
+{
+ BIGNUM *bn;
+ DSA_get0_key(dsa, NULL, &bn);
+ return !!bn;
+}
+
+static inline int
+dsa_is_private(VALUE obj, DSA *dsa)
+{
+ return dsa_has_private(dsa) || OSSL_PKEY_IS_PRIVATE(obj);
+}
+
struct dsa_blocking_gen_arg {
DSA *dsa;
int size;
@@ -260,10 +275,14 @@ static VALUE
ossl_dsa_is_public(VALUE self)
{
EVP_PKEY *pkey;
+ DSA *dsa;
+ BIGNUM *bn;
GetPKeyDSA(self, pkey);
+ dsa = EVP_PKEY_get0_DSA(pkey);
+ DSA_get0_key(dsa, &bn, NULL);
- return (pkey->pkey.dsa->pub_key) ? Qtrue : Qfalse;
+ return bn ? Qtrue : Qfalse;
}
/*
@@ -277,10 +296,12 @@ static VALUE
ossl_dsa_is_private(VALUE self)
{
EVP_PKEY *pkey;
+ DSA *dsa;
GetPKeyDSA(self, pkey);
+ dsa = EVP_PKEY_get0_DSA(pkey);
- return (DSA_PRIVATE(self, pkey->pkey.dsa)) ? Qtrue : Qfalse;
+ return dsa_is_private(self, dsa) ? Qtrue : Qfalse;
}
/*
@@ -323,14 +344,14 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eDSAError, NULL);
}
- if (DSA_HAS_PRIVATE(pkey->pkey.dsa)) {
- if (!PEM_write_bio_DSAPrivateKey(out, pkey->pkey.dsa, ciph,
+ if (dsa_has_private(EVP_PKEY_get0_DSA(pkey))) {
+ if (!PEM_write_bio_DSAPrivateKey(out, EVP_PKEY_get0_DSA(pkey), ciph,
NULL, 0, ossl_pem_passwd_cb, passwd)){
BIO_free(out);
ossl_raise(eDSAError, NULL);
}
} else {
- if (!PEM_write_bio_DSA_PUBKEY(out, pkey->pkey.dsa)) {
+ if (!PEM_write_bio_DSA_PUBKEY(out, EVP_PKEY_get0_DSA(pkey))) {
BIO_free(out);
ossl_raise(eDSAError, NULL);
}
@@ -357,21 +378,22 @@ ossl_dsa_to_der(VALUE self)
VALUE str;
GetPKeyDSA(self, pkey);
- if(DSA_HAS_PRIVATE(pkey->pkey.dsa))
+ if(dsa_has_private(EVP_PKEY_get0_DSA(pkey)))
i2d_func = (int(*)_((DSA*,unsigned char**)))i2d_DSAPrivateKey;
else
i2d_func = i2d_DSA_PUBKEY;
- if((len = i2d_func(pkey->pkey.dsa, NULL)) <= 0)
+ if((len = i2d_func(EVP_PKEY_get0_DSA(pkey), NULL)) <= 0)
ossl_raise(eDSAError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
- if(i2d_func(pkey->pkey.dsa, &p) < 0)
+ if(i2d_func(EVP_PKEY_get0_DSA(pkey), &p) < 0)
ossl_raise(eDSAError, NULL);
ossl_str_adjust(str, p);
return str;
}
+
/*
* call-seq:
* dsa.params -> hash
@@ -383,18 +405,13 @@ ossl_dsa_to_der(VALUE self)
static VALUE
ossl_dsa_get_params(VALUE self)
{
- EVP_PKEY *pkey;
- VALUE hash;
+ VALUE hash = rb_hash_new();
- GetPKeyDSA(self, pkey);
-
- hash = rb_hash_new();
-
- rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dsa->p));
- rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.dsa->q));
- rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dsa->g));
- rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dsa->pub_key));
- rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dsa->priv_key));
+ rb_hash_aset(hash, rb_str_new2("p"), ossl_dsa_get_p(self));
+ rb_hash_aset(hash, rb_str_new2("q"), ossl_dsa_get_q(self));
+ rb_hash_aset(hash, rb_str_new2("g"), ossl_dsa_get_g(self));
+ rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_dsa_get_pub_key(self));
+ rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_dsa_get_priv_key(self));
return hash;
}
@@ -418,7 +435,7 @@ ossl_dsa_to_text(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eDSAError, NULL);
}
- if (!DSA_print(out, pkey->pkey.dsa, 0)) { /* offset = 0 */
+ if (!DSA_print(out, EVP_PKEY_get0_DSA(pkey), 0)) { /* offset = 0 */
BIO_free(out);
ossl_raise(eDSAError, NULL);
}
@@ -455,7 +472,7 @@ ossl_dsa_to_public_key(VALUE self)
/* err check performed by dsa_instance */
#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \
(i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa))
- dsa = DSAPublicKey_dup(pkey->pkey.dsa);
+ dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey));
#undef DSAPublicKey_dup
obj = dsa_instance(CLASS_OF(self), dsa);
if (obj == Qfalse) {
@@ -465,7 +482,7 @@ ossl_dsa_to_public_key(VALUE self)
return obj;
}
-#define ossl_dsa_buf_size(pkey) (DSA_size((pkey)->pkey.dsa)+16)
+#define ossl_dsa_buf_size(dsa) (DSA_size(dsa) + 16)
/*
* call-seq:
@@ -490,18 +507,21 @@ static VALUE
ossl_dsa_sign(VALUE self, VALUE data)
{
EVP_PKEY *pkey;
+ DSA *dsa;
unsigned int buf_len;
VALUE str;
GetPKeyDSA(self, pkey);
+ dsa = EVP_PKEY_get0_DSA(pkey);
+
StringValue(data);
- if (!DSA_PRIVATE(self, pkey->pkey.dsa)) {
+ if (!dsa_is_private(self, dsa)) {
ossl_raise(eDSAError, "Private DSA key needed!");
}
- str = rb_str_new(0, ossl_dsa_buf_size(pkey));
+ str = rb_str_new(0, ossl_dsa_buf_size(dsa));
if (!DSA_sign(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data),
(unsigned char *)RSTRING_PTR(str),
- &buf_len, pkey->pkey.dsa)) { /* type is ignored (0) */
+ &buf_len, dsa)) { /* type is ignored (0) */
ossl_raise(eDSAError, NULL);
}
rb_str_set_len(str, buf_len);
@@ -539,7 +559,7 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig)
StringValue(sig);
/* type is ignored (0) */
ret = DSA_verify(0, (unsigned char *)RSTRING_PTR(digest), RSTRING_LENINT(digest),
- (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey->pkey.dsa);
+ (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), EVP_PKEY_get0_DSA(pkey));
if (ret < 0) {
ossl_raise(eDSAError, NULL);
}
@@ -550,12 +570,6 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig)
return Qfalse;
}
-OSSL_PKEY_BN(dsa, p)
-OSSL_PKEY_BN(dsa, q)
-OSSL_PKEY_BN(dsa, g)
-OSSL_PKEY_BN(dsa, pub_key)
-OSSL_PKEY_BN(dsa, priv_key)
-
/*
* INIT
*/
@@ -608,6 +622,8 @@ Init_ossl_dsa(void)
DEF_OSSL_PKEY_BN(cDSA, dsa, g);
DEF_OSSL_PKEY_BN(cDSA, dsa, pub_key);
DEF_OSSL_PKEY_BN(cDSA, dsa, priv_key);
+ rb_define_method(cDSA, "set_pqg", ossl_dsa_set_pqg, 3);
+ rb_define_method(cDSA, "set_key", ossl_dsa_set_key, 2);
rb_define_method(cDSA, "params", ossl_dsa_get_params, 0);
}
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 424470cf33..78fdfce916 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -25,7 +25,7 @@ static const rb_data_type_t ossl_ec_point_type;
#define GetPKeyEC(obj, pkey) do { \
GetPKey((obj), (pkey)); \
- if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_EC) { \
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { \
ossl_raise(rb_eRuntimeError, "THIS IS NOT A EC PKEY!"); \
} \
} while (0)
@@ -38,7 +38,7 @@ static const rb_data_type_t ossl_ec_point_type;
#define Get_EC_KEY(obj, key) do { \
EVP_PKEY *pkey; \
GetPKeyEC((obj), pkey); \
- (key) = pkey->pkey.ec; \
+ (key) = EVP_PKEY_get0_EC_KEY(pkey); \
} while(0)
#define Require_EC_KEY(obj, key) do { \
@@ -137,7 +137,7 @@ VALUE ossl_ec_new(EVP_PKEY *pkey)
obj = ec_instance(cEC, EC_KEY_new());
} else {
obj = NewPKey(cEC);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
ossl_raise(rb_eTypeError, "Not a EC key!");
}
SetPKey(obj, pkey);
@@ -171,7 +171,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
char *passwd = NULL;
GetPKey(self, pkey);
- if (pkey->pkey.ec)
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE)
ossl_raise(eECError, "EC_KEY already initialized");
rb_scan_args(argc, argv, "02", &arg, &pass);
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 3686d34361..b5c03f4e25 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -7,20 +7,17 @@
* This program is licensed under the same licence as Ruby.
* (See the file 'LICENCE'.)
*/
-#if !defined(OPENSSL_NO_RSA)
-
#include "ossl.h"
+#if !defined(OPENSSL_NO_RSA)
+
#define GetPKeyRSA(obj, pkey) do { \
GetPKey((obj), (pkey)); \
- if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_RSA) { /* PARANOIA? */ \
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { /* PARANOIA? */ \
ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \
} \
} while (0)
-#define RSA_HAS_PRIVATE(rsa) ((rsa)->p && (rsa)->q)
-#define RSA_PRIVATE(obj,rsa) (RSA_HAS_PRIVATE(rsa)||OSSL_PKEY_IS_PRIVATE(obj))
-
/*
* Classes
*/
@@ -62,7 +59,7 @@ ossl_rsa_new(EVP_PKEY *pkey)
}
else {
obj = NewPKey(cRSA);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
ossl_raise(rb_eTypeError, "Not a RSA key!");
}
SetPKey(obj, pkey);
@@ -77,6 +74,26 @@ ossl_rsa_new(EVP_PKEY *pkey)
/*
* Private
*/
+
+OSSL_PKEY_BN_DEF3(rsa, RSA, key, n, e, d);
+OSSL_PKEY_BN_DEF2(rsa, RSA, factors, p, q);
+OSSL_PKEY_BN_DEF3(rsa, RSA, crt_params, dmp1, dmq1, iqmp);
+
+static inline int
+rsa_has_private(RSA *rsa)
+{
+ BIGNUM *bnp, *bnq;
+ RSA_get0_factors(rsa, &bnp, &bnq);
+ return bnp && bnq;
+}
+
+static inline int
+rsa_is_private(VALUE obj, RSA *rsa)
+{
+ return rsa_has_private(rsa) || OSSL_PKEY_IS_PRIVATE(obj);
+}
+
+
struct rsa_blocking_gen_arg {
RSA *rsa;
BIGNUM *e;
@@ -281,10 +298,12 @@ static VALUE
ossl_rsa_is_private(VALUE self)
{
EVP_PKEY *pkey;
+ RSA *rsa;
GetPKeyRSA(self, pkey);
+ rsa = EVP_PKEY_get0_RSA(pkey);
- return (RSA_PRIVATE(self, pkey->pkey.rsa)) ? Qtrue : Qfalse;
+ return rsa_is_private(self, rsa) ? Qtrue : Qfalse;
}
/*
@@ -322,14 +341,14 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
- if (RSA_HAS_PRIVATE(pkey->pkey.rsa)) {
- if (!PEM_write_bio_RSAPrivateKey(out, pkey->pkey.rsa, ciph,
+ if (rsa_has_private(EVP_PKEY_get0_RSA(pkey))) {
+ if (!PEM_write_bio_RSAPrivateKey(out, EVP_PKEY_get0_RSA(pkey), ciph,
NULL, 0, ossl_pem_passwd_cb, passwd)) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
} else {
- if (!PEM_write_bio_RSA_PUBKEY(out, pkey->pkey.rsa)) {
+ if (!PEM_write_bio_RSA_PUBKEY(out, EVP_PKEY_get0_RSA(pkey))) {
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
@@ -355,22 +374,22 @@ ossl_rsa_to_der(VALUE self)
VALUE str;
GetPKeyRSA(self, pkey);
- if(RSA_HAS_PRIVATE(pkey->pkey.rsa))
+ if(rsa_has_private(EVP_PKEY_get0_RSA(pkey)))
i2d_func = i2d_RSAPrivateKey;
else
i2d_func = (int (*)(const RSA*, unsigned char**))i2d_RSA_PUBKEY;
- if((len = i2d_func(pkey->pkey.rsa, NULL)) <= 0)
+ if((len = i2d_func(EVP_PKEY_get0_RSA(pkey), NULL)) <= 0)
ossl_raise(eRSAError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
- if(i2d_func(pkey->pkey.rsa, &p) < 0)
+ if(i2d_func(EVP_PKEY_get0_RSA(pkey), &p) < 0)
ossl_raise(eRSAError, NULL);
ossl_str_adjust(str, p);
return str;
}
-#define ossl_rsa_buf_size(pkey) (RSA_size((pkey)->pkey.rsa)+16)
+#define ossl_rsa_buf_size(pkey) (RSA_size(EVP_PKEY_get0_RSA(pkey))+16)
/*
* call-seq:
@@ -393,7 +412,7 @@ ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
- (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
+ (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
@@ -422,7 +441,7 @@ ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
- (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
+ (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
@@ -446,7 +465,7 @@ ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
VALUE str, buffer, padding;
GetPKeyRSA(self, pkey);
- if (!RSA_PRIVATE(self, pkey->pkey.rsa)) {
+ if (!rsa_is_private(self, EVP_PKEY_get0_RSA(pkey))) {
ossl_raise(eRSAError, "private key needed.");
}
rb_scan_args(argc, argv, "11", &buffer, &padding);
@@ -454,7 +473,7 @@ ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
- (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
+ (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
@@ -478,7 +497,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
VALUE str, buffer, padding;
GetPKeyRSA(self, pkey);
- if (!RSA_PRIVATE(self, pkey->pkey.rsa)) {
+ if (!rsa_is_private(self, EVP_PKEY_get0_RSA(pkey))) {
ossl_raise(eRSAError, "private key needed.");
}
rb_scan_args(argc, argv, "11", &buffer, &padding);
@@ -486,7 +505,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
StringValue(buffer);
str = rb_str_new(0, ossl_rsa_buf_size(pkey));
buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
- (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa,
+ (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
pad);
if (buf_len < 0) ossl_raise(eRSAError, NULL);
rb_str_set_len(str, buf_len);
@@ -508,21 +527,16 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
static VALUE
ossl_rsa_get_params(VALUE self)
{
- EVP_PKEY *pkey;
- VALUE hash;
-
- GetPKeyRSA(self, pkey);
+ VALUE hash = rb_hash_new();
- hash = rb_hash_new();
-
- rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(pkey->pkey.rsa->n));
- rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(pkey->pkey.rsa->e));
- rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(pkey->pkey.rsa->d));
- rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.rsa->p));
- rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.rsa->q));
- rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(pkey->pkey.rsa->dmp1));
- rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(pkey->pkey.rsa->dmq1));
- rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(pkey->pkey.rsa->iqmp));
+ rb_hash_aset(hash, rb_str_new2("n"), ossl_rsa_get_n(self));
+ rb_hash_aset(hash, rb_str_new2("e"), ossl_rsa_get_e(self));
+ rb_hash_aset(hash, rb_str_new2("d"), ossl_rsa_get_d(self));
+ rb_hash_aset(hash, rb_str_new2("p"), ossl_rsa_get_p(self));
+ rb_hash_aset(hash, rb_str_new2("q"), ossl_rsa_get_q(self));
+ rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_rsa_get_dmp1(self));
+ rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_rsa_get_dmq1(self));
+ rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_rsa_get_iqmp(self));
return hash;
}
@@ -548,7 +562,7 @@ ossl_rsa_to_text(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eRSAError, NULL);
}
- if (!RSA_print(out, pkey->pkey.rsa, 0)) { /* offset = 0 */
+ if (!RSA_print(out, EVP_PKEY_get0_RSA(pkey), 0)) { /* offset = 0 */
BIO_free(out);
ossl_raise(eRSAError, NULL);
}
@@ -572,7 +586,7 @@ ossl_rsa_to_public_key(VALUE self)
GetPKeyRSA(self, pkey);
/* err check performed by rsa_instance */
- rsa = RSAPublicKey_dup(pkey->pkey.rsa);
+ rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey));
obj = rsa_instance(CLASS_OF(self), rsa);
if (obj == Qfalse) {
RSA_free(rsa);
@@ -591,7 +605,7 @@ ossl_rsa_blinding_on(VALUE self)
GetPKeyRSA(self, pkey);
- if (RSA_blinding_on(pkey->pkey.rsa, ossl_bn_ctx) != 1) {
+ if (RSA_blinding_on(EVP_PKEY_get0_RSA(pkey), ossl_bn_ctx) != 1) {
ossl_raise(eRSAError, NULL);
}
return self;
@@ -603,21 +617,12 @@ ossl_rsa_blinding_off(VALUE self)
EVP_PKEY *pkey;
GetPKeyRSA(self, pkey);
- RSA_blinding_off(pkey->pkey.rsa);
+ RSA_blinding_off(EVP_PKEY_get0_RSA(pkey));
return self;
}
*/
-OSSL_PKEY_BN(rsa, n)
-OSSL_PKEY_BN(rsa, e)
-OSSL_PKEY_BN(rsa, d)
-OSSL_PKEY_BN(rsa, p)
-OSSL_PKEY_BN(rsa, q)
-OSSL_PKEY_BN(rsa, dmp1)
-OSSL_PKEY_BN(rsa, dmq1)
-OSSL_PKEY_BN(rsa, iqmp)
-
/*
* INIT
*/
@@ -675,6 +680,9 @@ Init_ossl_rsa(void)
DEF_OSSL_PKEY_BN(cRSA, rsa, dmp1);
DEF_OSSL_PKEY_BN(cRSA, rsa, dmq1);
DEF_OSSL_PKEY_BN(cRSA, rsa, iqmp);
+ rb_define_method(cRSA, "set_key", ossl_rsa_set_key, 3);
+ rb_define_method(cRSA, "set_factors", ossl_rsa_set_factors, 2);
+ rb_define_method(cRSA, "set_crt_params", ossl_rsa_set_crt_params, 3);
rb_define_method(cRSA, "params", ossl_rsa_get_params, 0);
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index df7f7e9cca..13e6d06e3b 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -249,7 +249,7 @@ ossl_call_tmp_dh_callback(VALUE args)
if (NIL_P(cb)) return Qfalse;
dh = rb_apply(cb, rb_intern("call"), args);
pkey = GetPKeyPtr(dh);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse;
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) return Qfalse;
return dh;
}
@@ -267,7 +267,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
if (!RTEST(dh)) return NULL;
ossl_ssl_set_tmp_dh(rb_ssl, dh);
- return GetPKeyPtr(dh)->pkey.dh;
+ return EVP_PKEY_get0_DH(GetPKeyPtr(dh));
}
#endif /* OPENSSL_NO_DH */
@@ -283,7 +283,7 @@ ossl_call_tmp_ecdh_callback(VALUE args)
if (NIL_P(cb)) return Qfalse;
ecdh = rb_apply(cb, rb_intern("call"), args);
pkey = GetPKeyPtr(ecdh);
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return Qfalse;
+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) return Qfalse;
return ecdh;
}
@@ -301,7 +301,7 @@ ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength)
if (!RTEST(ecdh)) return NULL;
ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh);
- return GetPKeyPtr(ecdh)->pkey.ec;
+ return EVP_PKEY_get0_EC_KEY(GetPKeyPtr(ecdh));
}
#endif
diff --git a/test/drb/ut_array_drbssl.rb b/test/drb/ut_array_drbssl.rb
index 08849ca176..ab9b947635 100644
--- a/test/drb/ut_array_drbssl.rb
+++ b/test/drb/ut_array_drbssl.rb
@@ -20,7 +20,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
-----END DH PARAMETERS-----
_end_of_pem_
- TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)
+ TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16),
+ OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16))
end
diff --git a/test/drb/ut_drb_drbssl.rb b/test/drb/ut_drb_drbssl.rb
index ddaa859e7d..df326ff66e 100644
--- a/test/drb/ut_drb_drbssl.rb
+++ b/test/drb/ut_drb_drbssl.rb
@@ -19,7 +19,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
-----END DH PARAMETERS-----
_end_of_pem_
- TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)
+ TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16),
+ OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16))
end
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index 6909854cad..02bafb6f21 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -105,7 +105,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
-----END DH PARAMETERS-----
_end_of_pem_
- TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)
+ TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16),
+ OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16))
DSA_SIGNATURE_DIGEST = OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000 ?
OpenSSL::Digest::SHA1 :
diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb
index 49b6b6656c..9a038c9dee 100644
--- a/test/rubygems/test_gem_remote_fetcher.rb
+++ b/test/rubygems/test_gem_remote_fetcher.rb
@@ -81,7 +81,7 @@ gems:
# Generated via:
# x = OpenSSL::PKey::DH.new(2048) # wait a while...
# x.to_s => pem
- # x.priv_key.to_s => hex for OpenSSL::BN.new
+ # x.priv_key.to_s => decimal for OpenSSL::BN.new
TEST_KEY_DH2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA3Ze2EHSfYkZLUn557torAmjBgPsqzbodaRaGZtgK1gEU+9nNJaFV
@@ -93,16 +93,27 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg==
-----END DH PARAMETERS-----
_end_of_pem_
- TEST_KEY_DH2048.priv_key = OpenSSL::BN.new("108911488509734781344423639" \
- "5585749502236089033416160524030987005037540379474123441273555416835" \
- "4725688238369352738266590757370603937618499698665047757588998555345" \
- "3446251978586372525530219375408331096098220027413238477359960428372" \
- "0195464393332338164504352015535549496585792320286513563739305843396" \
- "9294344974028713065472959376197728193162272314514335882399554394661" \
- "5306385003430991221886779612878793446851681835397455333989268503748" \
- "7862488679178398716189205737442996155432191656080664090596502674943" \
- "7902481557157485795980326766117882761941455140582265347052939604724" \
- "964857770053363840471912215799994973597613931991572884", 16)
+ TEST_KEY_DH2048.set_key(
+ OpenSSL::BN.new("10725438530785912156218967697008486801800244817009" \
+ "1560208603512885352948501237094708563096797190598021598409520414" \
+ "9734679558435654191042970781199870011330210579002380736073809014" \
+ "9003016222954352601621379700744012563282153596945640946475452284" \
+ "5568928065134812770589561436732785097011997990440853684692745849" \
+ "5583055233008348615239821368608596014481686097025313576691697895" \
+ "7670520880307788062241291816848808660778193886241424406910257704" \
+ "1278266290939665417244744475608290477073133083865528901891161122" \
+ "7747762224198087674326339318681433826268250155004079667295543246" \
+ "700724220484073250324190133688110281228977257161791447", 10),
+ OpenSSL::BN.new("10891148850973478134442363955857495022360890334161" \
+ "6052403098700503754037947412344127355541683547256882383693527382" \
+ "6659075737060393761849969866504775758899855534534462519785863725" \
+ "2553021937540833109609822002741323847735996042837201954643933323" \
+ "3816450435201553554949658579232028651356373930584339692943449740" \
+ "2871306547295937619772819316227231451433588239955439466153063850" \
+ "0343099122188677961287879344685168183539745533398926850374878624" \
+ "8867917839871618920573744299615543219165608066409059650267494379" \
+ "0248155715748579598032676611788276194145514058226534705293960472" \
+ "4964857770053363840471912215799994973597613931991572884", 10))
def setup
@proxies = %w[https_proxy http_proxy HTTP_PROXY http_proxy_user HTTP_PROXY_USER http_proxy_pass HTTP_PROXY_PASS no_proxy NO_PROXY]