From 4846facb5f35ff04bd48eadbef0b366e4ffb6234 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Tue, 26 Apr 2016 23:42:20 +0900 Subject: ext/openssl: EVP_PKEY, DH, DSA, RSA, EC_KEY are made opaque Use EVP_PKEY_get0_* instead of pkey->pkey.* Use EVP_PKEY_base_id(pkey) instead of EVP_PKEY_type(pkey->type) Because of this, we can no longer set the parameters/keys directly, and the newly added functions as alternative require setting all relevant values at the same time. So this patch contains incompatibility: the following code no longer works (if using 1.1.0): dh = OpenSSL::PKey::DH.new(...) dh.priv_key = OpenSSL::BN.new(...) ...and we have to write like: dh = OpenSSL::PKey::DH.new(...) priv = OpenSSL::BN.new(...) pub = dh.set_key(pub, priv) --- ext/openssl/extconf.rb | 1 + ext/openssl/openssl_missing.h | 87 ++++++++++++++++++++ ext/openssl/ossl_pkey.c | 2 +- ext/openssl/ossl_pkey.h | 134 ++++++++++++++++++++++++++++--- ext/openssl/ossl_pkey_dh.c | 78 +++++++++--------- ext/openssl/ossl_pkey_dsa.c | 94 +++++++++++++--------- ext/openssl/ossl_pkey_ec.c | 8 +- ext/openssl/ossl_pkey_rsa.c | 104 +++++++++++++----------- ext/openssl/ossl_ssl.c | 8 +- test/drb/ut_array_drbssl.rb | 3 +- test/drb/ut_drb_drbssl.rb | 3 +- test/openssl/utils.rb | 3 +- test/rubygems/test_gem_remote_fetcher.rb | 33 +++++--- 13 files changed, 400 insertions(+), 158 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index df826feae1..8a83cf58db 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -81,6 +81,7 @@ have_func("SSL_CTX_clear_options", ["openssl/ssl.h"]) # added in 1.0.0 have_func("EVP_CIPHER_CTX_copy") +have_func("EVP_PKEY_base_id") have_func("HMAC_CTX_copy") have_func("PKCS5_PBKDF2_HMAC") have_func("X509_NAME_hash_old") diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index ce3e1ec740..94032167d1 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -29,6 +29,10 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); #endif /*** added in 1.0.0 ***/ +#if !defined(HAVE_EVP_PKEY_BASE_ID) +# define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type) +#endif + #if !defined(HAVE_EVP_CIPHER_CTX_COPY) int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); #endif @@ -162,6 +166,89 @@ void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY); #endif +#if !defined(HAVE_OPAQUE_OPENSSL) +#if !defined(OPENSSL_NO_RSA) +static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { return pkey->pkey.rsa; } +static inline void RSA_get0_key(RSA *rsa, BIGNUM **n, BIGNUM **e, BIGNUM **d) { + if (n) *n = rsa->n; + if (e) *e = rsa->e; + if (d) *d = rsa->d; } +static inline int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) { + if (!n || !e) return 0; + BN_free(rsa->n); rsa->n = n; + BN_free(rsa->e); rsa->e = e; + BN_free(rsa->d); rsa->d = d; + return 1; } +static inline void RSA_get0_factors(RSA *rsa, BIGNUM **p, BIGNUM **q) { + if (p) *p = rsa->p; + if (q) *q = rsa->q; } +static inline int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) { + if (!p || !q) return 0; + BN_free(rsa->p); rsa->p = p; + BN_free(rsa->q); rsa->q = q; + return 1; } +static inline void RSA_get0_crt_params(RSA *rsa, BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqmp) { + if (dmp1) *dmp1 = rsa->dmp1; + if (dmq1) *dmq1 = rsa->dmq1; + if (iqmp) *iqmp = rsa->iqmp; } +static inline int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) { + if (!dmp1 || !dmq1 || !iqmp) return 0; + BN_free(rsa->dmp1); rsa->dmp1 = dmp1; + BN_free(rsa->dmq1); rsa->dmq1 = dmq1; + BN_free(rsa->iqmp); rsa->iqmp = iqmp; + return 1; } +#endif /* RSA */ + +#if !defined(OPENSSL_NO_DSA) +static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; } +static inline void DSA_get0_key(DSA *dsa, BIGNUM **pub_key, BIGNUM **priv_key) { + if (pub_key) *pub_key = dsa->pub_key; + if (priv_key) *priv_key = dsa->priv_key; } +static inline int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key) { + if (!pub_key) return 0; + BN_free(dsa->pub_key); dsa->pub_key = pub_key; + BN_free(dsa->priv_key); dsa->priv_key = priv_key; + return 1; } +static inline void DSA_get0_pqg(DSA *dsa, BIGNUM **p, BIGNUM **q, BIGNUM **g) { + if (p) *p = dsa->p; + if (q) *q = dsa->q; + if (g) *g = dsa->g; } +static inline int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) { + if (!p || !q || !g) return 0; + BN_free(dsa->p); dsa->p = p; + BN_free(dsa->q); dsa->q = q; + BN_free(dsa->g); dsa->g = g; + return 1; } +#endif /* DSA */ + +#if !defined(OPENSSL_NO_DH) +static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; } +static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; } +static inline void DH_get0_key(DH *dh, BIGNUM **pub_key, BIGNUM **priv_key) { + if (pub_key) *pub_key = dh->pub_key; + if (priv_key) *priv_key = dh->priv_key; } +static inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { + if (!pub_key) return 0; + BN_free(dh->pub_key); dh->pub_key = pub_key; + BN_free(dh->priv_key); dh->priv_key = priv_key; + return 1; } +static inline void DH_get0_pqg(DH *dh, BIGNUM **p, BIGNUM **q, BIGNUM **g) { + if (p) *p = dh->p; + if (q) *q = dh->q; + if (g) *g = dh->g; } +static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { + if (!p || !g) return 0; + BN_free(dh->p); dh->p = p; + BN_free(dh->q); dh->q = q; + BN_free(dh->g); dh->g = g; + return 1; } +#endif /* DH */ + +#if !defined(OPENSSL_NO_EC) +static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; } +#endif +#endif + #if defined(__cplusplus) } #endif diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 2d131a1e56..c787e02367 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -76,7 +76,7 @@ ossl_pkey_new(EVP_PKEY *pkey) if (!pkey) { ossl_raise(ePKeyError, "Cannot make new key from NULL."); } - switch (EVP_PKEY_type(pkey->type)) { + switch (EVP_PKEY_base_id(pkey)) { #if !defined(OPENSSL_NO_RSA) case EVP_PKEY_RSA: return ossl_rsa_new(pkey); diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h index b806d63e15..57d5fedbd4 100644 --- a/ext/openssl/ossl_pkey.h +++ b/ext/openssl/ossl_pkey.h @@ -95,32 +95,117 @@ extern VALUE eEC_POINT; VALUE ossl_ec_new(EVP_PKEY *); void Init_ossl_ec(void); - -#define OSSL_PKEY_BN(keytype, name) \ +#define OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, _name, _get) \ /* \ * call-seq: \ - * key.##name -> aBN \ + * _keytype##.##_name -> aBN \ */ \ -static VALUE ossl_##keytype##_get_##name(VALUE self) \ +static VALUE ossl_##_keytype##_get_##_name(VALUE self) \ { \ EVP_PKEY *pkey; \ BIGNUM *bn; \ + _type *obj; \ \ - GetPKey(self, pkey); \ - bn = pkey->pkey.keytype->name; \ - if (bn == NULL) \ + GetPKey##_type(self, pkey); \ + obj = EVP_PKEY_get0_##_type(pkey); \ + _get; \ + if (bn) \ + return ossl_bn_new(bn); \ + else \ return Qnil; \ - return ossl_bn_new(bn); \ -} \ +} + +#define OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \ + OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \ + _type##_get0_##_group(obj, &bn, NULL, NULL)) \ + OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \ + _type##_get0_##_group(obj, NULL, &bn, NULL)) \ + OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a3, \ + _type##_get0_##_group(obj, NULL, NULL, &bn)) + +#define OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \ + OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \ + _type##_get0_##_group(obj, &bn, NULL)) \ + OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \ + _type##_get0_##_group(obj, NULL, &bn)) + +#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \ +/* \ + * call-seq: \ + * _keytype##.set_##_group(a1, a2, a3) -> self \ + */ \ +static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \ +{ \ + EVP_PKEY *pkey; \ + _type *obj; \ + BIGNUM *bn1 = BN_dup(GetBNPtr(v1)); \ + BIGNUM *bn2 = BN_dup(GetBNPtr(v2)); \ + BIGNUM *bn3 = BN_dup(GetBNPtr(v3)); \ + \ + if (!NIL_P(v1) && !bn1 || \ + !NIL_P(v2) && !bn2 || \ + !NIL_P(v3) && !bn3) { \ + BN_clear_free(bn1); \ + BN_clear_free(bn2); \ + BN_clear_free(bn3); \ + ossl_raise(eBNError, NULL); \ + } \ + \ + GetPKey##_type(self, pkey); \ + obj = EVP_PKEY_get0_##_type(pkey); \ + \ + if (!_type##_set0_##_group(obj, bn1, bn2, bn3)) { \ + BN_clear_free(bn1); \ + BN_clear_free(bn2); \ + BN_clear_free(bn3); \ + ossl_raise(rb_eRuntimeError, #_type"_set0_"#_group"()");\ + } \ + return self; \ +} + +#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \ /* \ * call-seq: \ - * key.##name = bn -> bn \ + * _keytype##.set_##_group(a1, a2) -> self \ + */ \ +static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \ +{ \ + EVP_PKEY *pkey; \ + _type *obj; \ + BIGNUM *bn1 = BN_dup(GetBNPtr(v1)); \ + BIGNUM *bn2 = BN_dup(GetBNPtr(v2)); \ + \ + if (!NIL_P(v1) && !bn1 || \ + !NIL_P(v2) && !bn2) { \ + BN_clear_free(bn1); \ + BN_clear_free(bn2); \ + ossl_raise(eBNError, NULL); \ + } \ + \ + GetPKey##_type(self, pkey); \ + obj = EVP_PKEY_get0_##_type(pkey); \ + \ + if (!_type##_set0_##_group(obj, bn1, bn2)) { \ + BN_clear_free(bn1); \ + BN_clear_free(bn2); \ + ossl_raise(rb_eRuntimeError, #_type"_set0_"#_group"()");\ + } \ + return self; \ +} + +/* below no longer works with OpenSSL 1.1.0 */ +#define OSSL_PKEY_BN_OLD_SETTER(keytype, name) \ +/* \ + * call-seq: \ + * keytype##.##name = bn -> bn \ */ \ static VALUE ossl_##keytype##_set_##name(VALUE self, VALUE bignum) \ { \ EVP_PKEY *pkey; \ BIGNUM *bn; \ \ + rb_warn("#"#name"= is deprecated; use set_* methods instead"); \ + \ GetPKey(self, pkey); \ if (NIL_P(bignum)) { \ BN_clear_free(pkey->pkey.keytype->name); \ @@ -138,10 +223,37 @@ static VALUE ossl_##keytype##_set_##name(VALUE self, VALUE bignum) \ return bignum; \ } +#if defined(HAVE_OPAQUE_OPENSSL) /* OpenSSL 1.1.0 */ +#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \ + OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \ + OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) + +#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \ + OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \ + OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) + +#define DEF_OSSL_PKEY_BN(class, keytype, name) \ + rb_define_method((class), #name, ossl_##keytype##_get_##name, 0) + +#else /* not OpenSSL 1.1.0 */ +#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \ + OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \ + OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \ + OSSL_PKEY_BN_OLD_SETTER(_keytype, a1) \ + OSSL_PKEY_BN_OLD_SETTER(_keytype, a2) \ + OSSL_PKEY_BN_OLD_SETTER(_keytype, a3) + +#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \ + OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \ + OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \ + OSSL_PKEY_BN_OLD_SETTER(_keytype, a1) \ + OSSL_PKEY_BN_OLD_SETTER(_keytype, a2) + #define DEF_OSSL_PKEY_BN(class, keytype, name) \ do { \ - rb_define_method((class), #name, ossl_##keytype##_get_##name, 0); \ + rb_define_method((class), #name, ossl_##keytype##_get_##name, 0);\ rb_define_method((class), #name "=", ossl_##keytype##_set_##name, 1);\ } while (0) +#endif /* HAVE_OPAQUE_OPENSSL */ #endif /* _OSSL_PKEY_H_ */ diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 8704d96611..550f48c7eb 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -7,25 +7,20 @@ * This program is licensed under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(OPENSSL_NO_DH) - #include "ossl.h" +#if !defined(OPENSSL_NO_DH) + #define GetPKeyDH(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_DH) { /* PARANOIA? */ \ + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { /* PARANOIA? */ \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \ } \ } while (0) -#define DH_HAS_PRIVATE(dh) ((dh)->priv_key) - -#if !defined(OPENSSL_NO_ENGINE) -# define DH_PRIVATE(dh) (DH_HAS_PRIVATE(dh) || (dh)->engine) -#else -# define DH_PRIVATE(dh) DH_HAS_PRIVATE(dh) -#endif - +/* we don't use q */ +#define DH_get0_pg(obj, p, g) DH_get0_pqg(obj, p, NULL, g) +#define DH_set0_pg(obj, p, g) DH_set0_pqg(obj, p, NULL, g) /* * Classes @@ -67,7 +62,7 @@ ossl_dh_new(EVP_PKEY *pkey) obj = dh_instance(cDH, DH_new()); } else { obj = NewPKey(cDH); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) { ossl_raise(rb_eTypeError, "Not a DH key!"); } SetPKey(obj, pkey); @@ -82,6 +77,10 @@ ossl_dh_new(EVP_PKEY *pkey) /* * Private */ + +OSSL_PKEY_BN_DEF2(dh, DH, pg, p, g) +OSSL_PKEY_BN_DEF2(dh, DH, key, pub_key, priv_key) + struct dh_blocking_gen_arg { DH *dh; int size; @@ -249,11 +248,15 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_dh_is_public(VALUE self) { + BIGNUM *bn; EVP_PKEY *pkey; + DH *dh; GetPKeyDH(self, pkey); + dh = EVP_PKEY_get0_DH(pkey); + DH_get0_key(dh, &bn, NULL); - return (pkey->pkey.dh->pub_key) ? Qtrue : Qfalse; + return bn ? Qtrue : Qfalse; } /* @@ -266,11 +269,19 @@ ossl_dh_is_public(VALUE self) static VALUE ossl_dh_is_private(VALUE self) { + BIGNUM *bn; EVP_PKEY *pkey; + DH *dh; GetPKeyDH(self, pkey); + dh = EVP_PKEY_get0_DH(pkey); + DH_get0_key(dh, &bn, NULL); - return (DH_PRIVATE(pkey->pkey.dh)) ? Qtrue : Qfalse; +#if !defined(OPENSSL_NO_ENGINE) + return (bn || DH_get0_engine(dh)) ? Qtrue : Qfalse; +#else + return bn ? Qtrue : Qfalse; +#endif } /* @@ -294,7 +305,7 @@ ossl_dh_export(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDHError, NULL); } - if (!PEM_write_bio_DHparams(out, pkey->pkey.dh)) { + if (!PEM_write_bio_DHparams(out, EVP_PKEY_get0_DH(pkey))) { BIO_free(out); ossl_raise(eDHError, NULL); } @@ -321,11 +332,11 @@ ossl_dh_to_der(VALUE self) VALUE str; GetPKeyDH(self, pkey); - if((len = i2d_DHparams(pkey->pkey.dh, NULL)) <= 0) + if((len = i2d_DHparams(EVP_PKEY_get0_DH(pkey), NULL)) <= 0) ossl_raise(eDHError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); - if(i2d_DHparams(pkey->pkey.dh, &p) < 0) + if(i2d_DHparams(EVP_PKEY_get0_DH(pkey), &p) < 0) ossl_raise(eDHError, NULL); ossl_str_adjust(str, p); @@ -343,17 +354,12 @@ ossl_dh_to_der(VALUE self) static VALUE ossl_dh_get_params(VALUE self) { - EVP_PKEY *pkey; - VALUE hash; + VALUE hash = rb_hash_new(); - GetPKeyDH(self, pkey); - - hash = rb_hash_new(); - - rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dh->p)); - rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dh->g)); - rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dh->pub_key)); - rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dh->priv_key)); + rb_hash_aset(hash, rb_str_new2("p"), ossl_dh_get_p(self)); + rb_hash_aset(hash, rb_str_new2("g"), ossl_dh_get_g(self)); + rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_dh_get_pub_key(self)); + rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_dh_get_priv_key(self)); return hash; } @@ -377,7 +383,7 @@ ossl_dh_to_text(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDHError, NULL); } - if (!DHparams_print(out, pkey->pkey.dh)) { + if (!DHparams_print(out, EVP_PKEY_get0_DH(pkey))) { BIO_free(out); ossl_raise(eDHError, NULL); } @@ -415,7 +421,7 @@ ossl_dh_to_public_key(VALUE self) VALUE obj; GetPKeyDH(self, pkey); - dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */ + dh = DHparams_dup(EVP_PKEY_get0_DH(pkey)); /* err check perfomed by dh_instance */ obj = dh_instance(CLASS_OF(self), dh); if (obj == Qfalse) { DH_free(dh); @@ -441,7 +447,7 @@ ossl_dh_check_params(VALUE self) int codes; GetPKeyDH(self, pkey); - dh = pkey->pkey.dh; + dh = EVP_PKEY_get0_DH(pkey); if (!DH_check(dh, &codes)) { return Qfalse; @@ -473,7 +479,7 @@ ossl_dh_generate_key(VALUE self) EVP_PKEY *pkey; GetPKeyDH(self, pkey); - dh = pkey->pkey.dh; + dh = EVP_PKEY_get0_DH(pkey); if (!DH_generate_key(dh)) ossl_raise(eDHError, "Failed to generate key"); @@ -501,7 +507,7 @@ ossl_dh_compute_key(VALUE self, VALUE pub) int len; GetPKeyDH(self, pkey); - dh = pkey->pkey.dh; + dh = EVP_PKEY_get0_DH(pkey); pub_key = GetBNPtr(pub); len = DH_size(dh); str = rb_str_new(0, len); @@ -513,11 +519,6 @@ ossl_dh_compute_key(VALUE self, VALUE pub) return str; } -OSSL_PKEY_BN(dh, p) -OSSL_PKEY_BN(dh, g) -OSSL_PKEY_BN(dh, pub_key) -OSSL_PKEY_BN(dh, priv_key) - /* * INIT */ @@ -582,6 +583,9 @@ Init_ossl_dh(void) DEF_OSSL_PKEY_BN(cDH, dh, g); DEF_OSSL_PKEY_BN(cDH, dh, pub_key); DEF_OSSL_PKEY_BN(cDH, dh, priv_key); + rb_define_method(cDH, "set_pg", ossl_dh_set_pg, 2); + rb_define_method(cDH, "set_key", ossl_dh_set_key, 2); + rb_define_method(cDH, "params", ossl_dh_get_params, 0); } diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index f18760c4e2..840e14223a 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -7,20 +7,17 @@ * This program is licensed under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(OPENSSL_NO_DSA) - #include "ossl.h" +#if !defined(OPENSSL_NO_DSA) + #define GetPKeyDSA(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_DSA) { /* PARANOIA? */ \ + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { /* PARANOIA? */ \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \ } \ } while (0) -#define DSA_HAS_PRIVATE(dsa) ((dsa)->priv_key) -#define DSA_PRIVATE(obj,dsa) (DSA_HAS_PRIVATE(dsa)||OSSL_PKEY_IS_PRIVATE(obj)) - /* * Classes */ @@ -61,7 +58,7 @@ ossl_dsa_new(EVP_PKEY *pkey) obj = dsa_instance(cDSA, DSA_new()); } else { obj = NewPKey(cDSA); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { ossl_raise(rb_eTypeError, "Not a DSA key!"); } SetPKey(obj, pkey); @@ -76,6 +73,24 @@ ossl_dsa_new(EVP_PKEY *pkey) /* * Private */ + +OSSL_PKEY_BN_DEF3(dsa, DSA, pqg, p, q, g) +OSSL_PKEY_BN_DEF2(dsa, DSA, key, pub_key, priv_key) + +static inline int +dsa_has_private(DSA *dsa) +{ + BIGNUM *bn; + DSA_get0_key(dsa, NULL, &bn); + return !!bn; +} + +static inline int +dsa_is_private(VALUE obj, DSA *dsa) +{ + return dsa_has_private(dsa) || OSSL_PKEY_IS_PRIVATE(obj); +} + struct dsa_blocking_gen_arg { DSA *dsa; int size; @@ -260,10 +275,14 @@ static VALUE ossl_dsa_is_public(VALUE self) { EVP_PKEY *pkey; + DSA *dsa; + BIGNUM *bn; GetPKeyDSA(self, pkey); + dsa = EVP_PKEY_get0_DSA(pkey); + DSA_get0_key(dsa, &bn, NULL); - return (pkey->pkey.dsa->pub_key) ? Qtrue : Qfalse; + return bn ? Qtrue : Qfalse; } /* @@ -277,10 +296,12 @@ static VALUE ossl_dsa_is_private(VALUE self) { EVP_PKEY *pkey; + DSA *dsa; GetPKeyDSA(self, pkey); + dsa = EVP_PKEY_get0_DSA(pkey); - return (DSA_PRIVATE(self, pkey->pkey.dsa)) ? Qtrue : Qfalse; + return dsa_is_private(self, dsa) ? Qtrue : Qfalse; } /* @@ -323,14 +344,14 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDSAError, NULL); } - if (DSA_HAS_PRIVATE(pkey->pkey.dsa)) { - if (!PEM_write_bio_DSAPrivateKey(out, pkey->pkey.dsa, ciph, + if (dsa_has_private(EVP_PKEY_get0_DSA(pkey))) { + if (!PEM_write_bio_DSAPrivateKey(out, EVP_PKEY_get0_DSA(pkey), ciph, NULL, 0, ossl_pem_passwd_cb, passwd)){ BIO_free(out); ossl_raise(eDSAError, NULL); } } else { - if (!PEM_write_bio_DSA_PUBKEY(out, pkey->pkey.dsa)) { + if (!PEM_write_bio_DSA_PUBKEY(out, EVP_PKEY_get0_DSA(pkey))) { BIO_free(out); ossl_raise(eDSAError, NULL); } @@ -357,21 +378,22 @@ ossl_dsa_to_der(VALUE self) VALUE str; GetPKeyDSA(self, pkey); - if(DSA_HAS_PRIVATE(pkey->pkey.dsa)) + if(dsa_has_private(EVP_PKEY_get0_DSA(pkey))) i2d_func = (int(*)_((DSA*,unsigned char**)))i2d_DSAPrivateKey; else i2d_func = i2d_DSA_PUBKEY; - if((len = i2d_func(pkey->pkey.dsa, NULL)) <= 0) + if((len = i2d_func(EVP_PKEY_get0_DSA(pkey), NULL)) <= 0) ossl_raise(eDSAError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(pkey->pkey.dsa, &p) < 0) + if(i2d_func(EVP_PKEY_get0_DSA(pkey), &p) < 0) ossl_raise(eDSAError, NULL); ossl_str_adjust(str, p); return str; } + /* * call-seq: * dsa.params -> hash @@ -383,18 +405,13 @@ ossl_dsa_to_der(VALUE self) static VALUE ossl_dsa_get_params(VALUE self) { - EVP_PKEY *pkey; - VALUE hash; + VALUE hash = rb_hash_new(); - GetPKeyDSA(self, pkey); - - hash = rb_hash_new(); - - rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dsa->p)); - rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.dsa->q)); - rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dsa->g)); - rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dsa->pub_key)); - rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dsa->priv_key)); + rb_hash_aset(hash, rb_str_new2("p"), ossl_dsa_get_p(self)); + rb_hash_aset(hash, rb_str_new2("q"), ossl_dsa_get_q(self)); + rb_hash_aset(hash, rb_str_new2("g"), ossl_dsa_get_g(self)); + rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_dsa_get_pub_key(self)); + rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_dsa_get_priv_key(self)); return hash; } @@ -418,7 +435,7 @@ ossl_dsa_to_text(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDSAError, NULL); } - if (!DSA_print(out, pkey->pkey.dsa, 0)) { /* offset = 0 */ + if (!DSA_print(out, EVP_PKEY_get0_DSA(pkey), 0)) { /* offset = 0 */ BIO_free(out); ossl_raise(eDSAError, NULL); } @@ -455,7 +472,7 @@ ossl_dsa_to_public_key(VALUE self) /* err check performed by dsa_instance */ #define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \ (i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa)) - dsa = DSAPublicKey_dup(pkey->pkey.dsa); + dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey)); #undef DSAPublicKey_dup obj = dsa_instance(CLASS_OF(self), dsa); if (obj == Qfalse) { @@ -465,7 +482,7 @@ ossl_dsa_to_public_key(VALUE self) return obj; } -#define ossl_dsa_buf_size(pkey) (DSA_size((pkey)->pkey.dsa)+16) +#define ossl_dsa_buf_size(dsa) (DSA_size(dsa) + 16) /* * call-seq: @@ -490,18 +507,21 @@ static VALUE ossl_dsa_sign(VALUE self, VALUE data) { EVP_PKEY *pkey; + DSA *dsa; unsigned int buf_len; VALUE str; GetPKeyDSA(self, pkey); + dsa = EVP_PKEY_get0_DSA(pkey); + StringValue(data); - if (!DSA_PRIVATE(self, pkey->pkey.dsa)) { + if (!dsa_is_private(self, dsa)) { ossl_raise(eDSAError, "Private DSA key needed!"); } - str = rb_str_new(0, ossl_dsa_buf_size(pkey)); + str = rb_str_new(0, ossl_dsa_buf_size(dsa)); if (!DSA_sign(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data), (unsigned char *)RSTRING_PTR(str), - &buf_len, pkey->pkey.dsa)) { /* type is ignored (0) */ + &buf_len, dsa)) { /* type is ignored (0) */ ossl_raise(eDSAError, NULL); } rb_str_set_len(str, buf_len); @@ -539,7 +559,7 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) StringValue(sig); /* type is ignored (0) */ ret = DSA_verify(0, (unsigned char *)RSTRING_PTR(digest), RSTRING_LENINT(digest), - (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey->pkey.dsa); + (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), EVP_PKEY_get0_DSA(pkey)); if (ret < 0) { ossl_raise(eDSAError, NULL); } @@ -550,12 +570,6 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) return Qfalse; } -OSSL_PKEY_BN(dsa, p) -OSSL_PKEY_BN(dsa, q) -OSSL_PKEY_BN(dsa, g) -OSSL_PKEY_BN(dsa, pub_key) -OSSL_PKEY_BN(dsa, priv_key) - /* * INIT */ @@ -608,6 +622,8 @@ Init_ossl_dsa(void) DEF_OSSL_PKEY_BN(cDSA, dsa, g); DEF_OSSL_PKEY_BN(cDSA, dsa, pub_key); DEF_OSSL_PKEY_BN(cDSA, dsa, priv_key); + rb_define_method(cDSA, "set_pqg", ossl_dsa_set_pqg, 3); + rb_define_method(cDSA, "set_key", ossl_dsa_set_key, 2); rb_define_method(cDSA, "params", ossl_dsa_get_params, 0); } diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 424470cf33..78fdfce916 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -25,7 +25,7 @@ static const rb_data_type_t ossl_ec_point_type; #define GetPKeyEC(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_EC) { \ + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A EC PKEY!"); \ } \ } while (0) @@ -38,7 +38,7 @@ static const rb_data_type_t ossl_ec_point_type; #define Get_EC_KEY(obj, key) do { \ EVP_PKEY *pkey; \ GetPKeyEC((obj), pkey); \ - (key) = pkey->pkey.ec; \ + (key) = EVP_PKEY_get0_EC_KEY(pkey); \ } while(0) #define Require_EC_KEY(obj, key) do { \ @@ -137,7 +137,7 @@ VALUE ossl_ec_new(EVP_PKEY *pkey) obj = ec_instance(cEC, EC_KEY_new()); } else { obj = NewPKey(cEC); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { ossl_raise(rb_eTypeError, "Not a EC key!"); } SetPKey(obj, pkey); @@ -171,7 +171,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self) char *passwd = NULL; GetPKey(self, pkey); - if (pkey->pkey.ec) + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) ossl_raise(eECError, "EC_KEY already initialized"); rb_scan_args(argc, argv, "02", &arg, &pass); diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 3686d34361..b5c03f4e25 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -7,20 +7,17 @@ * This program is licensed under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(OPENSSL_NO_RSA) - #include "ossl.h" +#if !defined(OPENSSL_NO_RSA) + #define GetPKeyRSA(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_RSA) { /* PARANOIA? */ \ + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { /* PARANOIA? */ \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \ } \ } while (0) -#define RSA_HAS_PRIVATE(rsa) ((rsa)->p && (rsa)->q) -#define RSA_PRIVATE(obj,rsa) (RSA_HAS_PRIVATE(rsa)||OSSL_PKEY_IS_PRIVATE(obj)) - /* * Classes */ @@ -62,7 +59,7 @@ ossl_rsa_new(EVP_PKEY *pkey) } else { obj = NewPKey(cRSA); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { ossl_raise(rb_eTypeError, "Not a RSA key!"); } SetPKey(obj, pkey); @@ -77,6 +74,26 @@ ossl_rsa_new(EVP_PKEY *pkey) /* * Private */ + +OSSL_PKEY_BN_DEF3(rsa, RSA, key, n, e, d); +OSSL_PKEY_BN_DEF2(rsa, RSA, factors, p, q); +OSSL_PKEY_BN_DEF3(rsa, RSA, crt_params, dmp1, dmq1, iqmp); + +static inline int +rsa_has_private(RSA *rsa) +{ + BIGNUM *bnp, *bnq; + RSA_get0_factors(rsa, &bnp, &bnq); + return bnp && bnq; +} + +static inline int +rsa_is_private(VALUE obj, RSA *rsa) +{ + return rsa_has_private(rsa) || OSSL_PKEY_IS_PRIVATE(obj); +} + + struct rsa_blocking_gen_arg { RSA *rsa; BIGNUM *e; @@ -281,10 +298,12 @@ static VALUE ossl_rsa_is_private(VALUE self) { EVP_PKEY *pkey; + RSA *rsa; GetPKeyRSA(self, pkey); + rsa = EVP_PKEY_get0_RSA(pkey); - return (RSA_PRIVATE(self, pkey->pkey.rsa)) ? Qtrue : Qfalse; + return rsa_is_private(self, rsa) ? Qtrue : Qfalse; } /* @@ -322,14 +341,14 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eRSAError, NULL); } - if (RSA_HAS_PRIVATE(pkey->pkey.rsa)) { - if (!PEM_write_bio_RSAPrivateKey(out, pkey->pkey.rsa, ciph, + if (rsa_has_private(EVP_PKEY_get0_RSA(pkey))) { + if (!PEM_write_bio_RSAPrivateKey(out, EVP_PKEY_get0_RSA(pkey), ciph, NULL, 0, ossl_pem_passwd_cb, passwd)) { BIO_free(out); ossl_raise(eRSAError, NULL); } } else { - if (!PEM_write_bio_RSA_PUBKEY(out, pkey->pkey.rsa)) { + if (!PEM_write_bio_RSA_PUBKEY(out, EVP_PKEY_get0_RSA(pkey))) { BIO_free(out); ossl_raise(eRSAError, NULL); } @@ -355,22 +374,22 @@ ossl_rsa_to_der(VALUE self) VALUE str; GetPKeyRSA(self, pkey); - if(RSA_HAS_PRIVATE(pkey->pkey.rsa)) + if(rsa_has_private(EVP_PKEY_get0_RSA(pkey))) i2d_func = i2d_RSAPrivateKey; else i2d_func = (int (*)(const RSA*, unsigned char**))i2d_RSA_PUBKEY; - if((len = i2d_func(pkey->pkey.rsa, NULL)) <= 0) + if((len = i2d_func(EVP_PKEY_get0_RSA(pkey), NULL)) <= 0) ossl_raise(eRSAError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(pkey->pkey.rsa, &p) < 0) + if(i2d_func(EVP_PKEY_get0_RSA(pkey), &p) < 0) ossl_raise(eRSAError, NULL); ossl_str_adjust(str, p); return str; } -#define ossl_rsa_buf_size(pkey) (RSA_size((pkey)->pkey.rsa)+16) +#define ossl_rsa_buf_size(pkey) (RSA_size(EVP_PKEY_get0_RSA(pkey))+16) /* * call-seq: @@ -393,7 +412,7 @@ ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -422,7 +441,7 @@ ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -446,7 +465,7 @@ ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self) VALUE str, buffer, padding; GetPKeyRSA(self, pkey); - if (!RSA_PRIVATE(self, pkey->pkey.rsa)) { + if (!rsa_is_private(self, EVP_PKEY_get0_RSA(pkey))) { ossl_raise(eRSAError, "private key needed."); } rb_scan_args(argc, argv, "11", &buffer, &padding); @@ -454,7 +473,7 @@ ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -478,7 +497,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) VALUE str, buffer, padding; GetPKeyRSA(self, pkey); - if (!RSA_PRIVATE(self, pkey->pkey.rsa)) { + if (!rsa_is_private(self, EVP_PKEY_get0_RSA(pkey))) { ossl_raise(eRSAError, "private key needed."); } rb_scan_args(argc, argv, "11", &buffer, &padding); @@ -486,7 +505,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -508,21 +527,16 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) static VALUE ossl_rsa_get_params(VALUE self) { - EVP_PKEY *pkey; - VALUE hash; - - GetPKeyRSA(self, pkey); + VALUE hash = rb_hash_new(); - hash = rb_hash_new(); - - rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(pkey->pkey.rsa->n)); - rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(pkey->pkey.rsa->e)); - rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(pkey->pkey.rsa->d)); - rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.rsa->p)); - rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.rsa->q)); - rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(pkey->pkey.rsa->dmp1)); - rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(pkey->pkey.rsa->dmq1)); - rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(pkey->pkey.rsa->iqmp)); + rb_hash_aset(hash, rb_str_new2("n"), ossl_rsa_get_n(self)); + rb_hash_aset(hash, rb_str_new2("e"), ossl_rsa_get_e(self)); + rb_hash_aset(hash, rb_str_new2("d"), ossl_rsa_get_d(self)); + rb_hash_aset(hash, rb_str_new2("p"), ossl_rsa_get_p(self)); + rb_hash_aset(hash, rb_str_new2("q"), ossl_rsa_get_q(self)); + rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_rsa_get_dmp1(self)); + rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_rsa_get_dmq1(self)); + rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_rsa_get_iqmp(self)); return hash; } @@ -548,7 +562,7 @@ ossl_rsa_to_text(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eRSAError, NULL); } - if (!RSA_print(out, pkey->pkey.rsa, 0)) { /* offset = 0 */ + if (!RSA_print(out, EVP_PKEY_get0_RSA(pkey), 0)) { /* offset = 0 */ BIO_free(out); ossl_raise(eRSAError, NULL); } @@ -572,7 +586,7 @@ ossl_rsa_to_public_key(VALUE self) GetPKeyRSA(self, pkey); /* err check performed by rsa_instance */ - rsa = RSAPublicKey_dup(pkey->pkey.rsa); + rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey)); obj = rsa_instance(CLASS_OF(self), rsa); if (obj == Qfalse) { RSA_free(rsa); @@ -591,7 +605,7 @@ ossl_rsa_blinding_on(VALUE self) GetPKeyRSA(self, pkey); - if (RSA_blinding_on(pkey->pkey.rsa, ossl_bn_ctx) != 1) { + if (RSA_blinding_on(EVP_PKEY_get0_RSA(pkey), ossl_bn_ctx) != 1) { ossl_raise(eRSAError, NULL); } return self; @@ -603,21 +617,12 @@ ossl_rsa_blinding_off(VALUE self) EVP_PKEY *pkey; GetPKeyRSA(self, pkey); - RSA_blinding_off(pkey->pkey.rsa); + RSA_blinding_off(EVP_PKEY_get0_RSA(pkey)); return self; } */ -OSSL_PKEY_BN(rsa, n) -OSSL_PKEY_BN(rsa, e) -OSSL_PKEY_BN(rsa, d) -OSSL_PKEY_BN(rsa, p) -OSSL_PKEY_BN(rsa, q) -OSSL_PKEY_BN(rsa, dmp1) -OSSL_PKEY_BN(rsa, dmq1) -OSSL_PKEY_BN(rsa, iqmp) - /* * INIT */ @@ -675,6 +680,9 @@ Init_ossl_rsa(void) DEF_OSSL_PKEY_BN(cRSA, rsa, dmp1); DEF_OSSL_PKEY_BN(cRSA, rsa, dmq1); DEF_OSSL_PKEY_BN(cRSA, rsa, iqmp); + rb_define_method(cRSA, "set_key", ossl_rsa_set_key, 3); + rb_define_method(cRSA, "set_factors", ossl_rsa_set_factors, 2); + rb_define_method(cRSA, "set_crt_params", ossl_rsa_set_crt_params, 3); rb_define_method(cRSA, "params", ossl_rsa_get_params, 0); diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 3874543b2f..c66cea7d05 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -242,7 +242,7 @@ ossl_call_tmp_dh_callback(VALUE args) if (NIL_P(cb)) return Qfalse; dh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(dh); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse; + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DH) return Qfalse; return dh; } @@ -260,7 +260,7 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) if (!RTEST(dh)) return NULL; ossl_ssl_set_tmp_dh(rb_ssl, dh); - return GetPKeyPtr(dh)->pkey.dh; + return EVP_PKEY_get0_DH(GetPKeyPtr(dh)); } #endif /* OPENSSL_NO_DH */ @@ -276,7 +276,7 @@ ossl_call_tmp_ecdh_callback(VALUE args) if (NIL_P(cb)) return Qfalse; ecdh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(ecdh); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return Qfalse; + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) return Qfalse; return ecdh; } @@ -294,7 +294,7 @@ ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength) if (!RTEST(ecdh)) return NULL; ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh); - return GetPKeyPtr(ecdh)->pkey.ec; + return EVP_PKEY_get0_EC_KEY(GetPKeyPtr(ecdh)); } #endif diff --git a/test/drb/ut_array_drbssl.rb b/test/drb/ut_array_drbssl.rb index 08849ca176..ab9b947635 100644 --- a/test/drb/ut_array_drbssl.rb +++ b/test/drb/ut_array_drbssl.rb @@ -20,7 +20,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16) + TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16), + OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)) end diff --git a/test/drb/ut_drb_drbssl.rb b/test/drb/ut_drb_drbssl.rb index ddaa859e7d..df326ff66e 100644 --- a/test/drb/ut_drb_drbssl.rb +++ b/test/drb/ut_drb_drbssl.rb @@ -19,7 +19,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16) + TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16), + OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)) end diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index 6909854cad..02bafb6f21 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -105,7 +105,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16) + TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16), + OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)) DSA_SIGNATURE_DIGEST = OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000 ? OpenSSL::Digest::SHA1 : diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb index 49b6b6656c..9a038c9dee 100644 --- a/test/rubygems/test_gem_remote_fetcher.rb +++ b/test/rubygems/test_gem_remote_fetcher.rb @@ -81,7 +81,7 @@ gems: # Generated via: # x = OpenSSL::PKey::DH.new(2048) # wait a while... # x.to_s => pem - # x.priv_key.to_s => hex for OpenSSL::BN.new + # x.priv_key.to_s => decimal for OpenSSL::BN.new TEST_KEY_DH2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_ -----BEGIN DH PARAMETERS----- MIIBCAKCAQEA3Ze2EHSfYkZLUn557torAmjBgPsqzbodaRaGZtgK1gEU+9nNJaFV @@ -93,16 +93,27 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg== -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH2048.priv_key = OpenSSL::BN.new("108911488509734781344423639" \ - "5585749502236089033416160524030987005037540379474123441273555416835" \ - "4725688238369352738266590757370603937618499698665047757588998555345" \ - "3446251978586372525530219375408331096098220027413238477359960428372" \ - "0195464393332338164504352015535549496585792320286513563739305843396" \ - "9294344974028713065472959376197728193162272314514335882399554394661" \ - "5306385003430991221886779612878793446851681835397455333989268503748" \ - "7862488679178398716189205737442996155432191656080664090596502674943" \ - "7902481557157485795980326766117882761941455140582265347052939604724" \ - "964857770053363840471912215799994973597613931991572884", 16) + TEST_KEY_DH2048.set_key( + OpenSSL::BN.new("10725438530785912156218967697008486801800244817009" \ + "1560208603512885352948501237094708563096797190598021598409520414" \ + "9734679558435654191042970781199870011330210579002380736073809014" \ + "9003016222954352601621379700744012563282153596945640946475452284" \ + "5568928065134812770589561436732785097011997990440853684692745849" \ + "5583055233008348615239821368608596014481686097025313576691697895" \ + "7670520880307788062241291816848808660778193886241424406910257704" \ + "1278266290939665417244744475608290477073133083865528901891161122" \ + "7747762224198087674326339318681433826268250155004079667295543246" \ + "700724220484073250324190133688110281228977257161791447", 10), + OpenSSL::BN.new("10891148850973478134442363955857495022360890334161" \ + "6052403098700503754037947412344127355541683547256882383693527382" \ + "6659075737060393761849969866504775758899855534534462519785863725" \ + "2553021937540833109609822002741323847735996042837201954643933323" \ + "3816450435201553554949658579232028651356373930584339692943449740" \ + "2871306547295937619772819316227231451433588239955439466153063850" \ + "0343099122188677961287879344685168183539745533398926850374878624" \ + "8867917839871618920573744299615543219165608066409059650267494379" \ + "0248155715748579598032676611788276194145514058226534705293960472" \ + "4964857770053363840471912215799994973597613931991572884", 10)) def setup @proxies = %w[https_proxy http_proxy HTTP_PROXY http_proxy_user HTTP_PROXY_USER http_proxy_pass HTTP_PROXY_PASS no_proxy NO_PROXY] -- cgit v1.2.3