summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authorBart de Water <bartdewater@gmail.com>2020-04-19 11:14:36 -0400
committerKazuki Yamaguchi <k@rhe.jp>2020-05-13 15:47:51 +0900
commit0b2c70eaa1e8e41fcb6332b22b084dabb81e637c (patch)
treef12d0c69a0b21c56b0df53ecd4615e2d6418d1f0 /ext
parent3f8665fe0ed5331aa723ddecbf6ad3728931c08d (diff)
[ruby/openssl] Look up digest by name instead of constant
https://github.com/ruby/openssl/commit/b28fb2f05c
Diffstat (limited to 'ext')
-rw-r--r--ext/openssl/lib/openssl.rb4
-rw-r--r--ext/openssl/lib/openssl/digest.rb15
-rw-r--r--ext/openssl/ossl.c16
-rw-r--r--ext/openssl/ossl_digest.c32
-rw-r--r--ext/openssl/ossl_hmac.c2
-rw-r--r--ext/openssl/ossl_kdf.c2
-rw-r--r--ext/openssl/ossl_ns_spki.c2
-rw-r--r--ext/openssl/ossl_ocsp.c2
-rw-r--r--ext/openssl/ossl_pkey.c4
-rw-r--r--ext/openssl/ossl_pkey_dsa.c4
-rw-r--r--ext/openssl/ossl_ts.c6
-rw-r--r--ext/openssl/ossl_x509cert.c4
12 files changed, 43 insertions, 50 deletions
diff --git a/ext/openssl/lib/openssl.rb b/ext/openssl/lib/openssl.rb
index 00e2db1f40..b047485785 100644
--- a/ext/openssl/lib/openssl.rb
+++ b/ext/openssl/lib/openssl.rb
@@ -31,8 +31,8 @@ module OpenSSL
# the length of the secret. Returns +true+ if the strings are identical,
# +false+ otherwise.
def self.secure_compare(a, b)
- hashed_a = OpenSSL::Digest::SHA256.digest(a)
- hashed_b = OpenSSL::Digest::SHA256.digest(b)
+ hashed_a = OpenSSL::Digest.digest('SHA256', a)
+ hashed_b = OpenSSL::Digest.digest('SHA256', b)
OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b
end
end
diff --git a/ext/openssl/lib/openssl/digest.rb b/ext/openssl/lib/openssl/digest.rb
index 92d358d241..2ff8398e44 100644
--- a/ext/openssl/lib/openssl/digest.rb
+++ b/ext/openssl/lib/openssl/digest.rb
@@ -15,17 +15,6 @@
module OpenSSL
class Digest
- # You can get a list of all algorithms:
- # openssl list -digest-algorithms
-
- ALGORITHMS = %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
-
- if !OPENSSL_VERSION.include?("LibreSSL") && OPENSSL_VERSION_NUMBER > 0x10101000
- ALGORITHMS.concat %w(BLAKE2b512 BLAKE2s256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 SHA512-224 SHA512-256)
- end
-
- ALGORITHMS.freeze
-
# Return the hash value computed with _name_ Digest. _name_ is either the
# long name or short name of a supported digest algorithm.
#
@@ -35,13 +24,13 @@ module OpenSSL
#
# which is equivalent to:
#
- # OpenSSL::Digest::SHA256.digest("abc")
+ # OpenSSL::Digest.digest('SHA256', "abc")
def self.digest(name, data)
super(data, name)
end
- ALGORITHMS.each do |name|
+ %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512).each do |name|
klass = Class.new(self) {
define_method(:initialize, ->(data = nil) {super(name, data)})
}
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 14a7919a93..5d3ee741af 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -739,7 +739,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* To sign a document, a cryptographically secure hash of the document is
* computed first, which is then signed using the private key.
*
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
* signature = key.sign digest, document
*
* To validate the signature, again a hash of the document is computed and
@@ -747,7 +747,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* compared to the hash just computed, if they are equal the signature was
* valid.
*
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
* if key.verify digest, signature, document
* puts 'Valid'
* else
@@ -782,7 +782,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* salt = OpenSSL::Random.random_bytes 16
* iter = 20000
* key_len = cipher.key_len
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
*
* key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
* cipher.key = key
@@ -805,7 +805,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* salt = ... # the one generated above
* iter = 20000
* key_len = cipher.key_len
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
*
* key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
* cipher.key = key
@@ -901,7 +901,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* certificate.
*
* cert.issuer = name
- * cert.sign key, OpenSSL::Digest::SHA1.new
+ * cert.sign key, OpenSSL::Digest.new('SHA1')
*
* open 'certificate.pem', 'w' do |io| io.write cert.to_pem end
*
@@ -977,7 +977,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
*
* Root CA certificates are self-signed.
*
- * ca_cert.sign ca_key, OpenSSL::Digest::SHA1.new
+ * ca_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
*
* The CA certificate is saved to disk so it may be distributed to all the
* users of the keys this CA will sign.
@@ -995,7 +995,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* csr.version = 0
* csr.subject = name
* csr.public_key = key.public_key
- * csr.sign key, OpenSSL::Digest::SHA1.new
+ * csr.sign key, OpenSSL::Digest.new('SHA1')
*
* A CSR is saved to disk and sent to the CA for signing.
*
@@ -1039,7 +1039,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
* csr_cert.add_extension \
* extension_factory.create_extension('subjectKeyIdentifier', 'hash')
*
- * csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
+ * csr_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
*
* open 'csr_cert.pem', 'w' do |io|
* io.write csr_cert.to_pem
diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
index 661b230fb7..123373233c 100644
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@@ -192,7 +192,7 @@ ossl_digest_reset(VALUE self)
* be passed individually to the Digest instance.
*
* === Example
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
* digest.update('First input')
* digest << 'Second input' # equivalent to digest.update('Second input')
* result = digest.digest
@@ -248,7 +248,7 @@ ossl_digest_finish(int argc, VALUE *argv, VALUE self)
* Returns the sn of this Digest algorithm.
*
* === Example
- * digest = OpenSSL::Digest::SHA512.new
+ * digest = OpenSSL::Digest.new('SHA512')
* puts digest.name # => SHA512
*
*/
@@ -270,7 +270,7 @@ ossl_digest_name(VALUE self)
* final message digest result.
*
* === Example
- * digest = OpenSSL::Digest::SHA1.new
+ * digest = OpenSSL::Digest.new('SHA1')
* puts digest.digest_length # => 20
*
*/
@@ -294,7 +294,7 @@ ossl_digest_size(VALUE self)
* consecutively.
*
* === Example
- * digest = OpenSSL::Digest::SHA1.new
+ * digest = OpenSSL::Digest.new('SHA1')
* puts digest.block_length # => 64
*/
static VALUE
@@ -348,15 +348,19 @@ Init_ossl_digest(void)
* the integrity of a signed document, it suffices to re-compute the hash
* and verify that it is equal to that in the signature.
*
- * Among the supported message digest algorithms are:
- * * SHA, SHA1, SHA224, SHA256, SHA384 and SHA512
- * * MD2, MD4, MDC2 and MD5
- * * RIPEMD160
+ * You can get a list of all digest algorithms supported on your system by
+ * running this command in your terminal:
*
- * For each of these algorithms, there is a sub-class of Digest that
- * can be instantiated as simply as e.g.
+ * openssl list -digest-algorithms
*
- * digest = OpenSSL::Digest::SHA1.new
+ * Among the OpenSSL 1.1.1 supported message digest algorithms are:
+ * * SHA224, SHA256, SHA384, SHA512, SHA512-224 and SHA512-256
+ * * SHA3-224, SHA3-256, SHA3-384 and SHA3-512
+ * * BLAKE2s256 and BLAKE2b512
+ *
+ * Each of these algorithms can be instantiated using the name:
+ *
+ * digest = OpenSSL::Digest.new('SHA256')
*
* === Mapping between Digest class and sn/ln
*
@@ -406,7 +410,7 @@ Init_ossl_digest(void)
* === Hashing a file
*
* data = File.read('document')
- * sha256 = OpenSSL::Digest::SHA256.new
+ * sha256 = OpenSSL::Digest.new('SHA256')
* digest = sha256.digest(data)
*
* === Hashing several pieces of data at once
@@ -414,7 +418,7 @@ Init_ossl_digest(void)
* data1 = File.read('file1')
* data2 = File.read('file2')
* data3 = File.read('file3')
- * sha256 = OpenSSL::Digest::SHA256.new
+ * sha256 = OpenSSL::Digest.new('SHA256')
* sha256 << data1
* sha256 << data2
* sha256 << data3
@@ -423,7 +427,7 @@ Init_ossl_digest(void)
* === Reuse a Digest instance
*
* data1 = File.read('file1')
- * sha256 = OpenSSL::Digest::SHA256.new
+ * sha256 = OpenSSL::Digest.new('SHA256')
* digest1 = sha256.digest(data1)
*
* data2 = File.read('file2')
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
index 2ac2e5c6ce..e831cff519 100644
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@@ -353,7 +353,7 @@ Init_ossl_hmac(void)
* data1 = File.read("file1")
* data2 = File.read("file2")
* key = "key"
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
* hmac = OpenSSL::HMAC.new(key, digest)
* hmac << data1
* hmac << data2
diff --git a/ext/openssl/ossl_kdf.c b/ext/openssl/ossl_kdf.c
index 3d0e66b5f5..486e789458 100644
--- a/ext/openssl/ossl_kdf.c
+++ b/ext/openssl/ossl_kdf.c
@@ -272,7 +272,7 @@ Init_ossl_kdf(void)
* # store this with the generated value
* salt = OpenSSL::Random.random_bytes(16)
* iter = 20_000
- * hash = OpenSSL::Digest::SHA256.new
+ * hash = OpenSSL::Digest.new('SHA256')
* len = hash.digest_length
* # the final value to be stored
* value = OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter,
diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c
index 6f61e61bf5..9b1147367a 100644
--- a/ext/openssl/ossl_ns_spki.c
+++ b/ext/openssl/ossl_ns_spki.c
@@ -350,7 +350,7 @@ ossl_spki_verify(VALUE self, VALUE key)
* spki = OpenSSL::Netscape::SPKI.new
* spki.challenge = "RandomChallenge"
* spki.public_key = key.public_key
- * spki.sign(key, OpenSSL::Digest::SHA256.new)
+ * spki.sign(key, OpenSSL::Digest.new('SHA256'))
* #send a request containing this to a server generating a certificate
* === Verifying an SPKI request
* request = #...
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index 2ca4f62f70..7a92e5df68 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -1719,7 +1719,7 @@ Init_ossl_ocsp(void)
* subject certificate so the CA knows which certificate we are asking
* about:
*
- * digest = OpenSSL::Digest::SHA1.new
+ * digest = OpenSSL::Digest.new('SHA1')
* certificate_id =
* OpenSSL::OCSP::CertificateId.new subject, issuer, digest
*
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index fc4cac3bc4..fc08ebf5ff 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -430,7 +430,7 @@ ossl_pkey_public_to_pem(VALUE self)
*
* == Example
* data = 'Sign me!'
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
* pkey = OpenSSL::PKey::RSA.new(2048)
* signature = pkey.sign(digest, data)
*/
@@ -484,7 +484,7 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
*
* == Example
* data = 'Sign me!'
- * digest = OpenSSL::Digest::SHA256.new
+ * digest = OpenSSL::Digest.new('SHA256')
* pkey = OpenSSL::PKey::RSA.new(2048)
* signature = pkey.sign(digest, data)
* pub_key = pkey.public_key
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index 56cc9dd4f1..431c20e05c 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -513,7 +513,7 @@ ossl_dsa_to_public_key(VALUE self)
* === Example
* dsa = OpenSSL::PKey::DSA.new(2048)
* doc = "Sign me"
- * digest = OpenSSL::Digest::SHA1.digest(doc)
+ * digest = OpenSSL::Digest.digest('SHA1', doc)
* sig = dsa.syssign(digest)
*
*
@@ -558,7 +558,7 @@ ossl_dsa_sign(VALUE self, VALUE data)
* === Example
* dsa = OpenSSL::PKey::DSA.new(2048)
* doc = "Sign me"
- * digest = OpenSSL::Digest::SHA1.digest(doc)
+ * digest = OpenSSL::Digest.digest('SHA1', doc)
* sig = dsa.syssign(digest)
* puts dsa.sysverify(digest, sig) # => true
*
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c
index ba0df750cf..160ec0d8dd 100644
--- a/ext/openssl/ossl_ts.c
+++ b/ext/openssl/ossl_ts.c
@@ -1281,7 +1281,7 @@ Init_ossl_ts(void)
* #Assumes ts.p12 is a PKCS#12-compatible file with a private key
* #and a certificate that has an extended key usage of 'timeStamping'
* p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd')
- * md = OpenSSL::Digest::SHA1.new
+ * md = OpenSSL::Digest.new('SHA1')
* hash = md.digest(data) #some binary data to be timestamped
* req = OpenSSL::Timestamp::Request.new
* req.algorithm = 'SHA1'
@@ -1498,8 +1498,8 @@ Init_ossl_ts(void)
* Must be an Array of String or OpenSSL::Digest subclass instances.
*
* call-seq:
- * factory.allowed_digests = ["sha1", OpenSSL::Digest::SHA256.new] -> [ "sha1", OpenSSL::Digest::SHA256.new ]
- * factory.allowed_digests -> array or nil
+ * factory.allowed_digests = ["sha1", OpenSSL::Digest.new('SHA256').new] -> [ "sha1", OpenSSL::Digest) ]
+ * factory.allowed_digests -> array or nil
*
*/
cTimestampFactory = rb_define_class_under(mTimestamp, "Factory", rb_cObject);
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index 40542c4a78..e3766b1b16 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -788,7 +788,7 @@ Init_ossl_x509cert(void)
* root_ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
* root_ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
* root_ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
- * root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+ * root_ca.sign(root_key, OpenSSL::Digest.new('SHA256'))
*
* The next step is to create the end-entity certificate using the root CA
* certificate.
@@ -807,7 +807,7 @@ Init_ossl_x509cert(void)
* ef.issuer_certificate = root_ca
* cert.add_extension(ef.create_extension("keyUsage","digitalSignature", true))
* cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
- * cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+ * cert.sign(root_key, OpenSSL::Digest.new('SHA256'))
*
*/
cX509Cert = rb_define_class_under(mX509, "Certificate", rb_cObject);