summaryrefslogtreecommitdiff
path: root/ext/openssl/ossl_cipher.c
diff options
context:
space:
mode:
authorgotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-07-01 03:01:07 +0000
committergotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-07-01 03:01:07 +0000
commita9244b8aa7a00410b486fc9659e1bb59931dd16a (patch)
tree9921142c623e5ea54e62f2ec1345eaa982d978fd /ext/openssl/ossl_cipher.c
parent1d4a4d11cd2b79ed2e6b3e023256932e6bf2bb45 (diff)
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex, EVP_DigestFinal_ex and EVP_DigestInit_ex. * ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function. * ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex, EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for OpenSSL 0.9.6. * ext/openssl/ossl_cipher.c (ossl_cipher_encrypt, ossl_cipher_decrypt): re-implemnt (the arguments for this method is ). * ext/openssl/ossl_cipher.c (ossl_cipher_pkcs5_keyivgen): new method OpenSSL::Cipher::Cipher#pkcs5_keyivgen. it calls EVP_BytesToKey(). * ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize, ossl_cipher_copy, ossl_cipher_reset ossl_cipher_final, ossl_cipher_set_key, ossl_cipher_set_iv): replace all EVP_CipherInit and EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex. and EVP_CIPHER_CTX_init should only be called once. * ext/openssl/ossl_cipher.c (ossl_cipher_set_key_length): new method OpenSSL::Cipher::Cipher#key_len=. * ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): the type of argument is changed from integer to boolean. * ext/openssl/ossl_cipher.c (ossl_cipher_init_deprecated): new finction; print warning for Cipher#<<. * ext/openssl/ossl_digest.c: replace all EVP_DigestInit and EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex. and EVP_MD_CTX_init should only be called once. * ext/openssl/ossl_digest.c (digest_final): should call EVP_MD_CTX_cleanup to avoid memory leak. * ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc. * ext/openssl/ossl_hmac.c (hmac_final): should call HMAC_CTX_cleanup to avoid memory leak. * test/openssl/test_cipher.rb, test/openssl/test_digest.rb, test/openssl/test_hmac.rb: new file. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6555 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_cipher.c')
-rw-r--r--ext/openssl/ossl_cipher.c207
1 files changed, 102 insertions, 105 deletions
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 93b3f6c..6e23818 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -54,7 +54,7 @@ ossl_cipher_new(const EVP_CIPHER *cipher)
ret = ossl_cipher_alloc(cCipher);
GetCipher(ret, ctx);
EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1)
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
return ret;
@@ -79,6 +79,7 @@ ossl_cipher_alloc(VALUE klass)
VALUE obj;
MakeCipher(obj, klass, ctx);
+ EVP_CIPHER_CTX_init(ctx);
return obj;
}
@@ -97,9 +98,8 @@ ossl_cipher_initialize(VALUE self, VALUE str)
if (!(cipher = EVP_get_cipherbyname(name))) {
ossl_raise(rb_eRuntimeError, "Unsupported cipher algorithm (%s).", name);
}
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1)
- ossl_raise(eCipherError, NULL);
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
+ ossl_raise(eCipherError, NULL);
return self;
}
@@ -113,8 +113,8 @@ ossl_cipher_copy(VALUE self, VALUE other)
GetCipher(self, ctx1);
SafeGetCipher(other, ctx2);
-
- memcpy(ctx1, ctx2, sizeof(EVP_CIPHER_CTX));
+ if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1)
+ ossl_raise(eCipherError, NULL);
return self;
}
@@ -125,107 +125,92 @@ ossl_cipher_reset(VALUE self)
EVP_CIPHER_CTX *ctx;
GetCipher(self, ctx);
- if (EVP_CipherInit(ctx, NULL, NULL, NULL, -1) != 1)
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
return self;
}
static VALUE
-ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
+ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
{
EVP_CIPHER_CTX *ctx;
- unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
+ unsigned char key[EVP_MAX_KEY_LENGTH], *p_key = NULL;
+ unsigned char iv[EVP_MAX_IV_LENGTH], *p_iv = NULL;
VALUE pass, init_v;
GetCipher(self, ctx);
-
- rb_scan_args(argc, argv, "02", &pass, &init_v);
-
- if (NIL_P(init_v)) {
+ if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){
/*
- * TODO:
- * random IV generation!
- */
- memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
- /*
- RAND_add(data,i,0); where from take data?
- if (RAND_pseudo_bytes(iv, 8) < 0) {
- ossl_raise(eCipherError, NULL);
- }
- */
- }
- else {
- init_v = rb_obj_as_string(init_v);
- if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
- memset(iv, 0, EVP_MAX_IV_LENGTH);
- memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
- }
- else {
- memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv));
+ * oops. this code mistakes salt for IV.
+ * We deprecated the arguments for this method, but we decided
+ * keeping this behaviour for backward compatibility.
+ */
+ StringValue(pass);
+ if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
+ else{
+ char *cname = rb_class2name(rb_obj_class(self));
+ rb_warning("key derivation by %s#encrypt is deprecated; "
+ "use %s::pkcs5_keyivgen instead", cname, cname);
+ StringValue(init_v);
+ if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
+ memset(iv, 0, EVP_MAX_IV_LENGTH);
+ memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
+ }
+ else memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv));
}
+ EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
+ RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
+ p_key = key;
+ p_iv = iv;
}
-
- if (EVP_CipherInit(ctx, NULL, NULL, NULL, 1) != 1) {
- ossl_raise(eCipherError, NULL);
- }
-
- if (!NIL_P(pass)) {
- StringValue(pass);
-
- EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
- RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
- if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) {
- ossl_raise(eCipherError, NULL);
- }
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) {
+ ossl_raise(eCipherError, NULL);
}
return self;
}
static VALUE
-ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
+ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
{
- EVP_CIPHER_CTX *ctx;
- unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
- VALUE pass, init_v;
-
- GetCipher(self, ctx);
- rb_scan_args(argc, argv, "02", &pass, &init_v);
-
- if (NIL_P(init_v)) {
- /*
- * TODO:
- * random IV generation!
- */
- memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH);
- }
- else {
- init_v = rb_obj_as_string(init_v);
- if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
- memset(iv, 0, EVP_MAX_IV_LENGTH);
- memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
- }
- else {
- memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH);
- }
- }
+ return ossl_cipher_init(argc, argv, self, 1);
+}
- if (EVP_CipherInit(ctx, NULL, NULL, NULL, 0) != 1) {
- ossl_raise(eCipherError, NULL);
- }
+static VALUE
+ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
+{
+ return ossl_cipher_init(argc, argv, self, 0);
+}
- if (!NIL_P(pass)) {
- StringValue(pass);
+static VALUE
+ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
+{
+ EVP_CIPHER_CTX *ctx;
+ const EVP_MD *digest;
+ VALUE vpass, vsalt, viter, vdigest;
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL;
+ int iter;
- EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
- RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
- if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) {
- ossl_raise(eCipherError, NULL);
- }
+ GetCipher(self, ctx);
+ rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest);
+ StringValue(vpass);
+ if(!NIL_P(vsalt)){
+ StringValue(vsalt);
+ if(RSTRING(vsalt)->len != PKCS5_SALT_LEN)
+ rb_raise(eCipherError, "salt must be an 8-octet string.");
+ salt = RSTRING(vsalt)->ptr;
}
+ iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
+ digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest);
+ EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
+ RSTRING(vpass)->ptr, RSTRING(vpass)->len, iter, key, iv);
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1)
+ ossl_raise(eCipherError, NULL);
+ OPENSSL_cleanse(key, sizeof key);
+ OPENSSL_cleanse(iv, sizeof iv);
- return self;
+ return Qnil;
}
static VALUE
@@ -250,6 +235,16 @@ ossl_cipher_update(VALUE self, VALUE data)
return str;
}
+static VALUE
+ossl_cipher_update_deprecated(VALUE self, VALUE data)
+{
+ char *cname;
+
+ cname = rb_class2name(rb_obj_class(self));
+ rb_warning("%s#<< is deprecated; use %s#update instead", cname, cname);
+ return ossl_cipher_update(self, data);
+}
+
static VALUE
ossl_cipher_final(VALUE self)
{
@@ -259,7 +254,7 @@ ossl_cipher_final(VALUE self)
GetCipher(self, ctx);
str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx));
- if (!EVP_CipherFinal(ctx, RSTRING(str)->ptr, &out_len))
+ if (!EVP_CipherFinal_ex(ctx, RSTRING(str)->ptr, &out_len))
ossl_raise(eCipherError, NULL);
assert(out_len <= RSTRING(str)->len);
RSTRING(str)->len = out_len;
@@ -289,7 +284,7 @@ ossl_cipher_set_key(VALUE self, VALUE key)
if (RSTRING(key)->len < EVP_CIPHER_CTX_key_length(ctx))
ossl_raise(eCipherError, "key length too short");
- if (EVP_CipherInit(ctx, NULL, RSTRING(key)->ptr, NULL, -1) != 1)
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, RSTRING(key)->ptr, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
return key;
@@ -306,22 +301,35 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
if (RSTRING(iv)->len < EVP_CIPHER_CTX_iv_length(ctx))
ossl_raise(eCipherError, "iv length too short");
- if (EVP_CipherInit(ctx, NULL, NULL, RSTRING(iv)->ptr, -1) != 1)
- ossl_raise(eCipherError, NULL);
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, RSTRING(iv)->ptr, -1) != 1)
+ ossl_raise(eCipherError, NULL);
return iv;
}
static VALUE
+ossl_cipher_set_key_length(VALUE self, VALUE key_length)
+{
+ EVP_CIPHER_CTX *ctx;
+
+ GetCipher(self, ctx);
+ if (EVP_CIPHER_CTX_set_key_length(ctx, NUM2INT(key_length)) != 1)
+ ossl_raise(eCipherError, NULL);
+
+ return key_length;
+}
+
+static VALUE
ossl_cipher_set_padding(VALUE self, VALUE padding)
{
-#if defined(HAVE_ST_FLAGS)
+#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
EVP_CIPHER_CTX *ctx;
GetCipher(self, ctx);
-
- if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1)
- ossl_raise(eCipherError, NULL);
+ if(rb_obj_is_kind_of(padding, rb_cInteger))
+ padding = NUM2INT(padding) ? Qtrue : Qfalse;
+ if (EVP_CIPHER_CTX_set_padding(ctx, RTEST(padding)) != 1)
+ ossl_raise(eCipherError, NULL);
#else
rb_notimplement();
#endif
@@ -351,32 +359,21 @@ Init_ossl_cipher(void)
cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject);
rb_define_alloc_func(cCipher, ossl_cipher_alloc);
- rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
-
rb_define_copy_func(cCipher, ossl_cipher_copy);
-
+ rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
-
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);
rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1);
+ rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1);
rb_define_method(cCipher, "update", ossl_cipher_update, 1);
- rb_define_alias(cCipher, "<<", "update");
+ rb_define_method(cCipher, "<<", ossl_cipher_update_deprecated, 1);
rb_define_method(cCipher, "final", ossl_cipher_final, 0);
-
rb_define_method(cCipher, "name", ossl_cipher_name, 0);
-
rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1);
+ rb_define_method(cCipher, "key_len=", ossl_cipher_set_key_length, 1);
rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0);
-/*
- * TODO
- * int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
- */
rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1);
rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
-
rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0);
-
rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1);
-
-} /* Init_ossl_cipher */
-
+}