2003-07-23 20:12:24 +04:00
|
|
|
/*
|
|
|
|
* 'OpenSSL for Ruby' project
|
|
|
|
* Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
|
|
|
|
* All rights reserved.
|
|
|
|
*/
|
|
|
|
/*
|
2015-04-20 06:55:09 +03:00
|
|
|
* This program is licensed under the same licence as Ruby.
|
2003-07-23 20:12:24 +04:00
|
|
|
* (See the file 'LICENCE'.)
|
|
|
|
*/
|
[ruby/openssl] pkey: remove deprecated parameter setters
Remove the following methods, which have been marked as deprecated and
produced a warning since version 2.0, commit 7ea72f1f5084 ("adapt
OpenSSL::PKey to OpenSSL 1.1.0 opaque structs", 2016-06-05).
- OpenSSL::PKey::RSA#n=, #e=, #d=, #p=, #q=, #dmp1=, #dmq1=, #iqmp=
- OpenSSL::PKey::DSA#p=, #q=, #g=, #priv_key=, #pub_key=
- OpenSSL::PKey::DH#p=, #g=, #priv_key=, #pub_key=
These methods could only work with OpenSSL 1.0.2 or older, which is now
EOL.
https://github.com/ruby/openssl/commit/2334862cc0
2021-05-25 11:31:08 +03:00
|
|
|
#if !defined(OSSL_PKEY_H)
|
|
|
|
#define OSSL_PKEY_H
|
2003-07-23 20:12:24 +04:00
|
|
|
|
|
|
|
extern VALUE mPKey;
|
|
|
|
extern VALUE cPKey;
|
|
|
|
extern VALUE ePKeyError;
|
2014-12-13 02:19:07 +03:00
|
|
|
extern const rb_data_type_t ossl_evp_pkey_type;
|
2003-07-23 20:12:24 +04:00
|
|
|
|
2021-04-12 12:32:40 +03:00
|
|
|
/* For ENGINE */
|
|
|
|
#define OSSL_PKEY_SET_PRIVATE(obj) rb_ivar_set((obj), rb_intern("private"), Qtrue)
|
|
|
|
#define OSSL_PKEY_IS_PRIVATE(obj) (rb_attr_get((obj), rb_intern("private")) == Qtrue)
|
2005-09-19 02:56:11 +04:00
|
|
|
|
2003-07-23 20:12:24 +04:00
|
|
|
#define GetPKey(obj, pkey) do {\
|
2014-12-13 02:19:07 +03:00
|
|
|
TypedData_Get_Struct((obj), EVP_PKEY, &ossl_evp_pkey_type, (pkey)); \
|
2011-03-07 11:44:45 +03:00
|
|
|
if (!(pkey)) { \
|
2003-07-23 20:12:24 +04:00
|
|
|
rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\
|
|
|
|
} \
|
|
|
|
} while (0)
|
|
|
|
|
2021-04-12 07:55:10 +03:00
|
|
|
/* Takes ownership of the EVP_PKEY */
|
2003-07-23 20:12:24 +04:00
|
|
|
VALUE ossl_pkey_new(EVP_PKEY *);
|
2017-11-25 17:12:08 +03:00
|
|
|
void ossl_pkey_check_public_key(const EVP_PKEY *);
|
2017-06-13 17:39:41 +03:00
|
|
|
EVP_PKEY *ossl_pkey_read_generic(BIO *, VALUE);
|
2003-07-23 20:12:24 +04:00
|
|
|
EVP_PKEY *GetPKeyPtr(VALUE);
|
2005-03-09 13:45:42 +03:00
|
|
|
EVP_PKEY *DupPKeyPtr(VALUE);
|
2003-07-23 20:12:24 +04:00
|
|
|
EVP_PKEY *GetPrivPKeyPtr(VALUE);
|
2017-06-13 18:25:43 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Serializes _self_ in X.509 SubjectPublicKeyInfo format and returns the
|
|
|
|
* resulting String. Sub-classes use this when overriding #to_der.
|
|
|
|
*/
|
|
|
|
VALUE ossl_pkey_export_spki(VALUE self, int to_der);
|
|
|
|
/*
|
|
|
|
* Serializes the private key _self_ in the traditional private key format
|
|
|
|
* and returns the resulting String. Sub-classes use this when overriding
|
|
|
|
* #to_der.
|
|
|
|
*/
|
|
|
|
VALUE ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self,
|
|
|
|
int to_der);
|
|
|
|
|
2003-07-23 20:12:24 +04:00
|
|
|
void Init_ossl_pkey(void);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* RSA
|
|
|
|
*/
|
|
|
|
extern VALUE cRSA;
|
|
|
|
extern VALUE eRSAError;
|
|
|
|
|
|
|
|
void Init_ossl_rsa(void);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* DSA
|
|
|
|
*/
|
|
|
|
extern VALUE cDSA;
|
|
|
|
extern VALUE eDSAError;
|
|
|
|
|
|
|
|
void Init_ossl_dsa(void);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* DH
|
|
|
|
*/
|
|
|
|
extern VALUE cDH;
|
|
|
|
extern VALUE eDHError;
|
|
|
|
|
|
|
|
void Init_ossl_dh(void);
|
|
|
|
|
2007-04-03 11:02:44 +04:00
|
|
|
/*
|
|
|
|
* EC
|
|
|
|
*/
|
|
|
|
extern VALUE cEC;
|
|
|
|
extern VALUE eECError;
|
|
|
|
extern VALUE cEC_GROUP;
|
|
|
|
extern VALUE eEC_GROUP;
|
|
|
|
extern VALUE cEC_POINT;
|
|
|
|
extern VALUE eEC_POINT;
|
|
|
|
VALUE ossl_ec_new(EVP_PKEY *);
|
|
|
|
void Init_ossl_ec(void);
|
|
|
|
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
#define OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, _name, _get) \
|
2007-04-02 23:00:23 +04:00
|
|
|
/* \
|
|
|
|
* call-seq: \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
* _keytype##.##_name -> aBN \
|
2007-04-02 23:00:23 +04:00
|
|
|
*/ \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
static VALUE ossl_##_keytype##_get_##_name(VALUE self) \
|
2003-07-23 20:12:24 +04:00
|
|
|
{ \
|
2022-07-08 18:17:25 +03:00
|
|
|
const _type *obj; \
|
2016-06-19 08:31:28 +03:00
|
|
|
const BIGNUM *bn; \
|
2003-07-23 20:12:24 +04:00
|
|
|
\
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
Get##_type(self, obj); \
|
|
|
|
_get; \
|
2003-07-23 20:12:24 +04:00
|
|
|
if (bn == NULL) \
|
|
|
|
return Qnil; \
|
|
|
|
return ossl_bn_new(bn); \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
#define OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
|
|
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
|
|
|
|
_type##_get0_##_group(obj, &bn, NULL, NULL)) \
|
|
|
|
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
|
|
|
|
_type##_get0_##_group(obj, NULL, &bn, NULL)) \
|
|
|
|
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a3, \
|
|
|
|
_type##_get0_##_group(obj, NULL, NULL, &bn))
|
|
|
|
|
|
|
|
#define OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
|
|
|
|
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a1, \
|
|
|
|
_type##_get0_##_group(obj, &bn, NULL)) \
|
|
|
|
OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
|
|
|
|
_type##_get0_##_group(obj, NULL, &bn))
|
|
|
|
|
2021-09-21 12:29:59 +03:00
|
|
|
#if !OSSL_OPENSSL_PREREQ(3, 0, 0)
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
|
|
/* \
|
|
|
|
* call-seq: \
|
|
|
|
* _keytype##.set_##_group(a1, a2, a3) -> self \
|
|
|
|
*/ \
|
|
|
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
|
|
|
|
{ \
|
|
|
|
_type *obj; \
|
|
|
|
BIGNUM *bn1 = NULL, *orig_bn1 = NIL_P(v1) ? NULL : GetBNPtr(v1);\
|
|
|
|
BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
|
|
|
|
BIGNUM *bn3 = NULL, *orig_bn3 = NIL_P(v3) ? NULL : GetBNPtr(v3);\
|
|
|
|
\
|
|
|
|
Get##_type(self, obj); \
|
2018-09-21 13:19:14 +03:00
|
|
|
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
|
|
|
(orig_bn2 && !(bn2 = BN_dup(orig_bn2))) || \
|
|
|
|
(orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) { \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
BN_clear_free(bn1); \
|
|
|
|
BN_clear_free(bn2); \
|
|
|
|
BN_clear_free(bn3); \
|
|
|
|
ossl_raise(eBNError, NULL); \
|
|
|
|
} \
|
|
|
|
\
|
|
|
|
if (!_type##_set0_##_group(obj, bn1, bn2, bn3)) { \
|
|
|
|
BN_clear_free(bn1); \
|
|
|
|
BN_clear_free(bn2); \
|
|
|
|
BN_clear_free(bn3); \
|
|
|
|
ossl_raise(ePKeyError, #_type"_set0_"#_group); \
|
|
|
|
} \
|
|
|
|
return self; \
|
|
|
|
}
|
|
|
|
|
|
|
|
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
|
2007-04-02 23:00:23 +04:00
|
|
|
/* \
|
|
|
|
* call-seq: \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
* _keytype##.set_##_group(a1, a2) -> self \
|
2007-04-02 23:00:23 +04:00
|
|
|
*/ \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
|
2003-07-23 20:12:24 +04:00
|
|
|
{ \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
_type *obj; \
|
|
|
|
BIGNUM *bn1 = NULL, *orig_bn1 = NIL_P(v1) ? NULL : GetBNPtr(v1);\
|
|
|
|
BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
|
|
|
|
\
|
|
|
|
Get##_type(self, obj); \
|
2018-09-21 13:19:14 +03:00
|
|
|
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
|
|
|
(orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) { \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
BN_clear_free(bn1); \
|
|
|
|
BN_clear_free(bn2); \
|
|
|
|
ossl_raise(eBNError, NULL); \
|
|
|
|
} \
|
|
|
|
\
|
|
|
|
if (!_type##_set0_##_group(obj, bn1, bn2)) { \
|
|
|
|
BN_clear_free(bn1); \
|
|
|
|
BN_clear_free(bn2); \
|
|
|
|
ossl_raise(ePKeyError, #_type"_set0_"#_group); \
|
|
|
|
} \
|
|
|
|
return self; \
|
|
|
|
}
|
2021-09-21 12:29:59 +03:00
|
|
|
#else
|
|
|
|
#define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
|
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
|
|
|
|
{ \
|
|
|
|
rb_raise(ePKeyError, \
|
|
|
|
#_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
|
|
|
|
}
|
|
|
|
|
|
|
|
#define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
|
|
|
|
static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
|
|
|
|
{ \
|
|
|
|
rb_raise(ePKeyError, \
|
|
|
|
#_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
|
|
|
|
}
|
|
|
|
#endif
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
|
|
|
|
#define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \
|
|
|
|
OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
|
|
|
|
OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
|
|
|
|
|
|
|
|
#define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \
|
|
|
|
OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
|
|
|
|
OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2)
|
|
|
|
|
2005-03-09 13:45:42 +03:00
|
|
|
#define DEF_OSSL_PKEY_BN(class, keytype, name) \
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 18:00:47 +03:00
|
|
|
rb_define_method((class), #name, ossl_##keytype##_get_##name, 0)
|
|
|
|
|
[ruby/openssl] pkey: remove deprecated parameter setters
Remove the following methods, which have been marked as deprecated and
produced a warning since version 2.0, commit 7ea72f1f5084 ("adapt
OpenSSL::PKey to OpenSSL 1.1.0 opaque structs", 2016-06-05).
- OpenSSL::PKey::RSA#n=, #e=, #d=, #p=, #q=, #dmp1=, #dmq1=, #iqmp=
- OpenSSL::PKey::DSA#p=, #q=, #g=, #priv_key=, #pub_key=
- OpenSSL::PKey::DH#p=, #g=, #priv_key=, #pub_key=
These methods could only work with OpenSSL 1.0.2 or older, which is now
EOL.
https://github.com/ruby/openssl/commit/2334862cc0
2021-05-25 11:31:08 +03:00
|
|
|
#endif /* OSSL_PKEY_H */
|