summaryrefslogtreecommitdiff
path: root/ext/openssl
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2020-07-10 13:43:20 +0900
committerKazuki Yamaguchi <k@rhe.jp>2021-07-18 17:45:00 +0900
commit0c23e4a7aa5ff260281be07873eaeaebfa5d5155 (patch)
tree96d7bd89ed1a6a70cc86863e0b4043528c8c103d /ext/openssl
parent857a177b03dded0d56c395e979a35b9a27753e15 (diff)
[ruby/openssl] pkey/ec: refactor EC#dsa_{sign,verify}_asn1 with PKey#{sign,verify}_raw
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw, OpenSSL::PKey::EC's low level signing operation methods can be implemented in Ruby. The definitions are now in lib/openssl/pkey.rb. https://github.com/ruby/openssl/commit/1f9da0cd9d
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/lib/openssl/pkey.rb22
-rw-r--r--ext/openssl/ossl_pkey_ec.c55
2 files changed, 22 insertions, 55 deletions
diff --git a/ext/openssl/lib/openssl/pkey.rb b/ext/openssl/lib/openssl/pkey.rb
index dd8c7c0b093..e5871096942 100644
--- a/ext/openssl/lib/openssl/pkey.rb
+++ b/ext/openssl/lib/openssl/pkey.rb
@@ -165,6 +165,28 @@ module OpenSSL::PKey
include OpenSSL::Marshal
# :call-seq:
+ # key.dsa_sign_asn1(data) -> String
+ #
+ # <b>Deprecated in version 3.0</b>.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+ def dsa_sign_asn1(data)
+ sign_raw(nil, data)
+ rescue OpenSSL::PKey::PKeyError
+ raise OpenSSL::PKey::ECError, $!.message
+ end
+
+ # :call-seq:
+ # key.dsa_verify_asn1(data, sig) -> true | false
+ #
+ # <b>Deprecated in version 3.0</b>.
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
+ def dsa_verify_asn1(data, sig)
+ verify_raw(nil, sig, data)
+ rescue OpenSSL::PKey::PKeyError
+ raise OpenSSL::PKey::ECError, $!.message
+ end
+
+ # :call-seq:
# ec.dh_compute_key(pubkey) -> string
#
# Derives a shared secret by ECDH. _pubkey_ must be an instance of
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 41f63289bd9..9b461cb6a25 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -472,57 +472,6 @@ static VALUE ossl_ec_key_check_key(VALUE self)
}
/*
- * call-seq:
- * key.dsa_sign_asn1(data) => String
- *
- * See the OpenSSL documentation for ECDSA_sign()
- */
-static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data)
-{
- EC_KEY *ec;
- unsigned int buf_len;
- VALUE str;
-
- GetEC(self, ec);
- StringValue(data);
-
- if (EC_KEY_get0_private_key(ec) == NULL)
- ossl_raise(eECError, "Private EC key needed!");
-
- str = rb_str_new(0, ECDSA_size(ec));
- if (ECDSA_sign(0, (unsigned char *) RSTRING_PTR(data), RSTRING_LENINT(data), (unsigned char *) RSTRING_PTR(str), &buf_len, ec) != 1)
- ossl_raise(eECError, "ECDSA_sign");
- rb_str_set_len(str, buf_len);
-
- return str;
-}
-
-/*
- * call-seq:
- * key.dsa_verify_asn1(data, sig) => true or false
- *
- * See the OpenSSL documentation for ECDSA_verify()
- */
-static VALUE ossl_ec_key_dsa_verify_asn1(VALUE self, VALUE data, VALUE sig)
-{
- EC_KEY *ec;
-
- GetEC(self, ec);
- StringValue(data);
- StringValue(sig);
-
- switch (ECDSA_verify(0, (unsigned char *) RSTRING_PTR(data), RSTRING_LENINT(data), (unsigned char *) RSTRING_PTR(sig), (int)RSTRING_LEN(sig), ec)) {
- case 1: return Qtrue;
- case 0: return Qfalse;
- default: break;
- }
-
- ossl_raise(eECError, "ECDSA_verify");
-
- UNREACHABLE;
-}
-
-/*
* OpenSSL::PKey::EC::Group
*/
static void
@@ -1583,10 +1532,6 @@ void Init_ossl_ec(void)
rb_define_alias(cEC, "generate_key", "generate_key!");
rb_define_method(cEC, "check_key", ossl_ec_key_check_key, 0);
- rb_define_method(cEC, "dsa_sign_asn1", ossl_ec_key_dsa_sign_asn1, 1);
- rb_define_method(cEC, "dsa_verify_asn1", ossl_ec_key_dsa_verify_asn1, 2);
-/* do_sign/do_verify */
-
rb_define_method(cEC, "export", ossl_ec_key_export, -1);
rb_define_alias(cEC, "to_pem", "export");
rb_define_method(cEC, "to_der", ossl_ec_key_to_der, 0);