summaryrefslogtreecommitdiff
path: root/ext/openssl
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2017-03-18 22:34:19 +0900
committerKazuki Yamaguchi <k@rhe.jp>2021-03-16 19:16:11 +0900
commit9d3ffe09c47a1dfd722693965fbf7dba8571aa88 (patch)
tree69078a7ed04b682182538e384f5977eec2356fa6 /ext/openssl
parentfbadb01d6e0881ef6c6e5e105b8ac20fe663c817 (diff)
[ruby/openssl] pkey: reimplement PKey::DH#compute_key and PKey::EC#dh_compute_key
Use the new OpenSSL::PKey::PKey#derive instead of the raw {EC,}DH_compute_key(), mainly to reduce amount of the C code. https://github.com/ruby/openssl/commit/28edf6bafc
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/4275
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/lib/openssl/pkey.rb33
-rw-r--r--ext/openssl/ossl_pkey_dh.c35
-rw-r--r--ext/openssl/ossl_pkey_ec.c32
3 files changed, 33 insertions, 67 deletions
diff --git a/ext/openssl/lib/openssl/pkey.rb b/ext/openssl/lib/openssl/pkey.rb
index 9cc32763568..be60ac2beb6 100644
--- a/ext/openssl/lib/openssl/pkey.rb
+++ b/ext/openssl/lib/openssl/pkey.rb
@@ -9,6 +9,24 @@ require_relative 'marshal'
module OpenSSL::PKey
class DH
include OpenSSL::Marshal
+
+ # :call-seq:
+ # dh.compute_key(pub_bn) -> string
+ #
+ # Returns a String containing a shared secret computed from the other
+ # party's public value.
+ #
+ # This method is provided for backwards compatibility, and calls #derive
+ # internally.
+ #
+ # === Parameters
+ # * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by
+ # DH#public_key as that contains the DH parameters only.
+ def compute_key(pub_bn)
+ peer = dup
+ peer.set_key(pub_bn, nil)
+ derive(peer)
+ end
end
class DSA
@@ -18,7 +36,22 @@ module OpenSSL::PKey
if defined?(EC)
class EC
include OpenSSL::Marshal
+
+ # :call-seq:
+ # ec.dh_compute_key(pubkey) -> string
+ #
+ # Derives a shared secret by ECDH. _pubkey_ must be an instance of
+ # OpenSSL::PKey::EC::Point and must belong to the same group.
+ #
+ # This method is provided for backwards compatibility, and calls #derive
+ # internally.
+ def dh_compute_key(pubkey)
+ peer = OpenSSL::PKey::EC.new(group)
+ peer.public_key = pubkey
+ derive(peer)
+ end
end
+
class EC::Point
# :call-seq:
# point.to_bn([conversion_form]) -> OpenSSL::BN
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index bc50e5566b7..5bc1c49ca1b 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -477,40 +477,6 @@ ossl_dh_generate_key(VALUE self)
}
/*
- * call-seq:
- * dh.compute_key(pub_bn) -> aString
- *
- * Returns a String containing a shared secret computed from the other party's public value.
- * See DH_compute_key() for further information.
- *
- * === Parameters
- * * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by
- * DH#public_key as that contains the DH parameters only.
- */
-static VALUE
-ossl_dh_compute_key(VALUE self, VALUE pub)
-{
- DH *dh;
- const BIGNUM *pub_key, *dh_p;
- VALUE str;
- int len;
-
- GetDH(self, dh);
- DH_get0_pqg(dh, &dh_p, NULL, NULL);
- if (!dh_p)
- ossl_raise(eDHError, "incomplete DH");
- pub_key = GetBNPtr(pub);
- len = DH_size(dh);
- str = rb_str_new(0, len);
- if ((len = DH_compute_key((unsigned char *)RSTRING_PTR(str), pub_key, dh)) < 0) {
- ossl_raise(eDHError, NULL);
- }
- rb_str_set_len(str, len);
-
- return str;
-}
-
-/*
* Document-method: OpenSSL::PKey::DH#set_pqg
* call-seq:
* dh.set_pqg(p, q, g) -> self
@@ -587,7 +553,6 @@ Init_ossl_dh(void)
rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0);
rb_define_method(cDH, "params_ok?", ossl_dh_check_params, 0);
rb_define_method(cDH, "generate_key!", ossl_dh_generate_key, 0);
- rb_define_method(cDH, "compute_key", ossl_dh_compute_key, 1);
DEF_OSSL_PKEY_BN(cDH, dh, p);
DEF_OSSL_PKEY_BN(cDH, dh, q);
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 6fe2533e2a6..c2534251c31 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -489,37 +489,6 @@ static VALUE ossl_ec_key_check_key(VALUE self)
/*
* call-seq:
- * key.dh_compute_key(pubkey) => String
- *
- * See the OpenSSL documentation for ECDH_compute_key()
- */
-static VALUE ossl_ec_key_dh_compute_key(VALUE self, VALUE pubkey)
-{
- EC_KEY *ec;
- EC_POINT *point;
- int buf_len;
- VALUE str;
-
- GetEC(self, ec);
- GetECPoint(pubkey, point);
-
-/* BUG: need a way to figure out the maximum string size */
- buf_len = 1024;
- str = rb_str_new(0, buf_len);
-/* BUG: take KDF as a block */
- buf_len = ECDH_compute_key(RSTRING_PTR(str), buf_len, point, ec, NULL);
- if (buf_len < 0)
- ossl_raise(eECError, "ECDH_compute_key");
-
- rb_str_resize(str, buf_len);
-
- return str;
-}
-
-/* sign_setup */
-
-/*
- * call-seq:
* key.dsa_sign_asn1(data) => String
*
* See the OpenSSL documentation for ECDSA_sign()
@@ -1657,7 +1626,6 @@ void Init_ossl_ec(void)
rb_define_alias(cEC, "generate_key", "generate_key!");
rb_define_method(cEC, "check_key", ossl_ec_key_check_key, 0);
- rb_define_method(cEC, "dh_compute_key", ossl_ec_key_dh_compute_key, 1);
rb_define_method(cEC, "dsa_sign_asn1", ossl_ec_key_dsa_sign_asn1, 1);
rb_define_method(cEC, "dsa_verify_asn1", ossl_ec_key_dsa_verify_asn1, 2);
/* do_sign/do_verify */