ruby.git/test/openssl/test_pkey_rsa.rb, branch v3_2_11 The Ruby Programming Language [ruby/openssl] Use SHA256 instead of SHA1 where needed in tests. 2022-12-13T09:07:41+00:00 Jarek Prokop jprokop@redhat.com 2022-10-18T07:52:13+00:00 ce025a5cb4a7aea62629fcf8685e931671a0672d Systems such as RHEL 9 are moving away from SHA1 disabling it completely in default configuration. https://github.com/ruby/openssl/commit/32648da2f6 
Systems such as RHEL 9 are moving away from SHA1
disabling it completely in default configuration.

https://github.com/ruby/openssl/commit/32648da2f6
[ruby/openssl] Check if the option is an Hash in `pkey_ctx_apply_options0()` 2022-10-17T07:35:35+00:00 Nobuhiro IMAI nov@yo.rim.or.jp 2022-08-05T09:42:06+00:00 a98096349ec7280edabf3822d2c6932ac6e63634 causes SEGV if it is an Array or something like that. https://github.com/ruby/openssl/commit/ef23525210 
causes SEGV if it is an Array or something like that.

https://github.com/ruby/openssl/commit/ef23525210
[ruby/openssl] pkey: deprecate PKey#set_* methods 2021-12-20T14:42:02+00:00 Kazuki Yamaguchi k@rhe.jp 2021-09-21T09:29:59+00:00 8ebf5978852e22358cbcdf74c0eb506f22e2c73f OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const pointer of the low level struct and the following methods can no longer be provided when linked against OpenSSL 3.0: - OpenSSL::PKey::RSA#set_key - OpenSSL::PKey::RSA#set_factors - OpenSSL::PKey::RSA#set_crt_params - OpenSSL::PKey::DSA#set_pqg - OpenSSL::PKey::DSA#set_key - OpenSSL::PKey::DH#set_pqg - OpenSSL::PKey::DH#set_key - OpenSSL::PKey::EC#group= - OpenSSL::PKey::EC#private_key= - OpenSSL::PKey::EC#public_key= There is no direct replacement for this functionality at the moment. I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes all key components at once to construct an EVP_PKEY. https://github.com/ruby/openssl/commit/6848d2d969 
OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const
pointer of the low level struct and the following methods can no longer
be provided when linked against OpenSSL 3.0:

 - OpenSSL::PKey::RSA#set_key
 - OpenSSL::PKey::RSA#set_factors
 - OpenSSL::PKey::RSA#set_crt_params
 - OpenSSL::PKey::DSA#set_pqg
 - OpenSSL::PKey::DSA#set_key
 - OpenSSL::PKey::DH#set_pqg
 - OpenSSL::PKey::DH#set_key
 - OpenSSL::PKey::EC#group=
 - OpenSSL::PKey::EC#private_key=
 - OpenSSL::PKey::EC#public_key=

There is no direct replacement for this functionality at the moment.
I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes
all key components at once to construct an EVP_PKEY.

https://github.com/ruby/openssl/commit/6848d2d969
[ruby/openssl] pkey: test parsing concatenated PEM string 2021-12-20T14:42:00+00:00 Kazuki Yamaguchi k@rhe.jp 2021-11-03T14:31:29+00:00 582606dc58d51d333e30860c1f2cea7a6774c7f8 PEM-encoded private keys are sometimes stored together with irrelevant PEM blocks, such as the corresponding X.509 certificate. PEM_read_bio_*() family automatically skips unknown PEM blocks, but on OpenSSL 3.0 we will be using the new OSSL_DECODER API instead due to some breaking changes around the password callback. Let's add a test case so that we won't break the current behavior. https://github.com/ruby/openssl/commit/8c185e0ae5 
PEM-encoded private keys are sometimes stored together with irrelevant
PEM blocks, such as the corresponding X.509 certificate.

PEM_read_bio_*() family automatically skips unknown PEM blocks, but on
OpenSSL 3.0 we will be using the new OSSL_DECODER API instead due to
some breaking changes around the password callback.

Let's add a test case so that we won't break the current behavior.

https://github.com/ruby/openssl/commit/8c185e0ae5
[ruby/openssl] test/openssl/test_pkey_rsa: disable test_no_private_exp on OpenSSL 3.0 2021-10-23T04:38:39+00:00 Kazuki Yamaguchi k@rhe.jp 2021-05-31T05:17:21+00:00 47975ece4096cdab16b3f200f93ea2377dfb41ac OpenSSL::PKey::RSA#set_key does not exist when built with OpenSSL 3.0, so it is not possible to create an RSA object with incomplete state. https://github.com/ruby/openssl/commit/ca03c9c070 
OpenSSL::PKey::RSA#set_key does not exist when built with OpenSSL 3.0,
so it is not possible to create an RSA object with incomplete state.

https://github.com/ruby/openssl/commit/ca03c9c070
[ruby/openssl] test/openssl/utils: remove dup_public helper method 2021-10-23T04:38:36+00:00 Kazuki Yamaguchi k@rhe.jp 2021-05-31T02:44:05+00:00 37632a0ac635082e4ca9ca5b1c8da6b6770ff0ed It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not work with OpenSSL 3.0. The same can easily be achieved using PKey#public_to_der regardless of the key kind. https://github.com/ruby/openssl/commit/7b66eaa2db 
It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
work with OpenSSL 3.0. The same can easily be achieved using
PKey#public_to_der regardless of the key kind.

https://github.com/ruby/openssl/commit/7b66eaa2db
[ruby/openssl] pkey: implement PKey#sign_raw, #verify_raw, and #verify_recover 2021-07-18T08:44:58+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-22T07:10:35+00:00 4ebff35971d499f4ddd13f48bff0444f77d63421 Add a variant of PKey#sign and #verify that do not hash the data automatically. Sometimes the caller has the hashed data only, but not the plaintext to be signed. In that case, users would have to use the low-level API such as RSA#private_encrypt or #public_decrypt directly. OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify() which provide the same functionality as part of the EVP API. This patch adds wrappers for them. https://github.com/ruby/openssl/commit/16cca4e0c4 
Add a variant of PKey#sign and #verify that do not hash the data
automatically.

Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.

OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.

https://github.com/ruby/openssl/commit/16cca4e0c4
[ruby/openssl] pkey: implement PKey#encrypt and #decrypt 2021-07-18T08:44:57+00:00 Kazuki Yamaguchi k@rhe.jp 2020-05-18T11:06:16+00:00 87458ff2aecc3e054716271f3416d4a389d2352c Support public key encryption and decryption operations using the EVP API. https://github.com/ruby/openssl/commit/75326d4bbc 
Support public key encryption and decryption operations using the EVP
API.

https://github.com/ruby/openssl/commit/75326d4bbc
[ruby/openssl] pkey: implement {DH,DSA,RSA}#public_key in Ruby 2021-07-18T08:44:51+00:00 Kazuki Yamaguchi k@rhe.jp 2021-04-15T10:11:32+00:00 3fe8387950f83874372172a79233ffc0d5d335b0 The low-level API that is used to implement #public_key is deprecated in OpenSSL 3.0. It is actually very simple to implement in another way, using existing methods only, in much shorter code. Let's do it. While we are at it, the documentation is updated to recommend against using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der method, there is no real use case for #public_key in newly written Ruby programs. https://github.com/ruby/openssl/commit/48a6c391ef 
The low-level API that is used to implement #public_key is deprecated
in OpenSSL 3.0. It is actually very simple to implement in another way,
using existing methods only, in much shorter code. Let's do it.

While we are at it, the documentation is updated to recommend against
using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der
method, there is no real use case for #public_key in newly written Ruby
programs.

https://github.com/ruby/openssl/commit/48a6c391ef
[ruby/openssl] pkey: allow setting algorithm-specific options in #sign and #verify 2021-07-18T08:44:46+00:00 Kazuki Yamaguchi k@rhe.jp 2020-07-18T11:40:39+00:00 8cfe92b8a249465457ebef1d49b9e14a9fdaaddd Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let OpenSSL::PKey::PKey#sign and #verify take an optional parameter for specifying control strings for EVP_PKEY_CTX_ctrl_str(). https://github.com/ruby/openssl/commit/faf85d7c1d 
Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
specifying control strings for EVP_PKEY_CTX_ctrl_str().

https://github.com/ruby/openssl/commit/faf85d7c1d