diff options
| author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-07-01 03:01:07 +0000 |
|---|---|---|
| committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2004-07-01 03:01:07 +0000 |
| commit | a9244b8aa7a00410b486fc9659e1bb59931dd16a (patch) | |
| tree | 9921142c623e5ea54e62f2ec1345eaa982d978fd /ext/openssl/ossl_cipher.c | |
| parent | 1d4a4d11cd2b79ed2e6b3e023256932e6bf2bb45 (diff) | |
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
EVP_DigestFinal_ex and EVP_DigestInit_ex.
* ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
* ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
OpenSSL 0.9.6.
* ext/openssl/ossl_cipher.c (ossl_cipher_encrypt, ossl_cipher_decrypt):
re-implemnt (the arguments for this method is ).
* ext/openssl/ossl_cipher.c (ossl_cipher_pkcs5_keyivgen): new method
OpenSSL::Cipher::Cipher#pkcs5_keyivgen. it calls EVP_BytesToKey().
* ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
ossl_cipher_copy, ossl_cipher_reset ossl_cipher_final,
ossl_cipher_set_key, ossl_cipher_set_iv): replace all EVP_CipherInit
and EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
and EVP_CIPHER_CTX_init should only be called once.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_key_length): new method
OpenSSL::Cipher::Cipher#key_len=.
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): the type of
argument is changed from integer to boolean.
* ext/openssl/ossl_cipher.c (ossl_cipher_init_deprecated): new
finction; print warning for Cipher#<<.
* ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
and EVP_MD_CTX_init should only be called once.
* ext/openssl/ossl_digest.c (digest_final): should call
EVP_MD_CTX_cleanup to avoid memory leak.
* ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
* ext/openssl/ossl_hmac.c (hmac_final): should call
HMAC_CTX_cleanup to avoid memory leak.
* test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
test/openssl/test_hmac.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6555 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_cipher.c')
| -rw-r--r-- | ext/openssl/ossl_cipher.c | 207 |
1 files changed, 102 insertions, 105 deletions
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 93b3f6ccf9..6e238189d1 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -54,7 +54,7 @@ ossl_cipher_new(const EVP_CIPHER *cipher) ret = ossl_cipher_alloc(cCipher); GetCipher(ret, ctx); EVP_CIPHER_CTX_init(ctx); - if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return ret; @@ -79,6 +79,7 @@ ossl_cipher_alloc(VALUE klass) VALUE obj; MakeCipher(obj, klass, ctx); + EVP_CIPHER_CTX_init(ctx); return obj; } @@ -97,9 +98,8 @@ ossl_cipher_initialize(VALUE self, VALUE str) if (!(cipher = EVP_get_cipherbyname(name))) { ossl_raise(rb_eRuntimeError, "Unsupported cipher algorithm (%s).", name); } - EVP_CIPHER_CTX_init(ctx); - if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1) - ossl_raise(eCipherError, NULL); + if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1) + ossl_raise(eCipherError, NULL); return self; } @@ -113,8 +113,8 @@ ossl_cipher_copy(VALUE self, VALUE other) GetCipher(self, ctx1); SafeGetCipher(other, ctx2); - - memcpy(ctx1, ctx2, sizeof(EVP_CIPHER_CTX)); + if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1) + ossl_raise(eCipherError, NULL); return self; } @@ -125,107 +125,92 @@ ossl_cipher_reset(VALUE self) EVP_CIPHER_CTX *ctx; GetCipher(self, ctx); - if (EVP_CipherInit(ctx, NULL, NULL, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return self; } static VALUE -ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) +ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode) { EVP_CIPHER_CTX *ctx; - unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; + unsigned char key[EVP_MAX_KEY_LENGTH], *p_key = NULL; + unsigned char iv[EVP_MAX_IV_LENGTH], *p_iv = NULL; VALUE pass, init_v; GetCipher(self, ctx); - - rb_scan_args(argc, argv, "02", &pass, &init_v); - - if (NIL_P(init_v)) { + if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){ /* - * TODO: - * random IV generation! - */ - memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv)); - /* - RAND_add(data,i,0); where from take data? - if (RAND_pseudo_bytes(iv, 8) < 0) { - ossl_raise(eCipherError, NULL); - } - */ - } - else { - init_v = rb_obj_as_string(init_v); - if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) { - memset(iv, 0, EVP_MAX_IV_LENGTH); - memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); - } - else { - memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv)); + * oops. this code mistakes salt for IV. + * We deprecated the arguments for this method, but we decided + * keeping this behaviour for backward compatibility. + */ + StringValue(pass); + if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv)); + else{ + char *cname = rb_class2name(rb_obj_class(self)); + rb_warning("key derivation by %s#encrypt is deprecated; " + "use %s::pkcs5_keyivgen instead", cname, cname); + StringValue(init_v); + if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) { + memset(iv, 0, EVP_MAX_IV_LENGTH); + memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); + } + else memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv)); } + EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv, + RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); + p_key = key; + p_iv = iv; } - - if (EVP_CipherInit(ctx, NULL, NULL, NULL, 1) != 1) { - ossl_raise(eCipherError, NULL); - } - - if (!NIL_P(pass)) { - StringValue(pass); - - EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv, - RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); - if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) { - ossl_raise(eCipherError, NULL); - } + if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) { + ossl_raise(eCipherError, NULL); } return self; } static VALUE -ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self) +ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) { - EVP_CIPHER_CTX *ctx; - unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; - VALUE pass, init_v; - - GetCipher(self, ctx); - rb_scan_args(argc, argv, "02", &pass, &init_v); - - if (NIL_P(init_v)) { - /* - * TODO: - * random IV generation! - */ - memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH); - } - else { - init_v = rb_obj_as_string(init_v); - if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) { - memset(iv, 0, EVP_MAX_IV_LENGTH); - memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); - } - else { - memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH); - } - } + return ossl_cipher_init(argc, argv, self, 1); +} - if (EVP_CipherInit(ctx, NULL, NULL, NULL, 0) != 1) { - ossl_raise(eCipherError, NULL); - } +static VALUE +ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self) +{ + return ossl_cipher_init(argc, argv, self, 0); +} - if (!NIL_P(pass)) { - StringValue(pass); +static VALUE +ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) +{ + EVP_CIPHER_CTX *ctx; + const EVP_MD *digest; + VALUE vpass, vsalt, viter, vdigest; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL; + int iter; - EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv, - RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); - if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) { - ossl_raise(eCipherError, NULL); - } + GetCipher(self, ctx); + rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest); + StringValue(vpass); + if(!NIL_P(vsalt)){ + StringValue(vsalt); + if(RSTRING(vsalt)->len != PKCS5_SALT_LEN) + rb_raise(eCipherError, "salt must be an 8-octet string."); + salt = RSTRING(vsalt)->ptr; } + iter = NIL_P(viter) ? 2048 : NUM2INT(viter); + digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest); + EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt, + RSTRING(vpass)->ptr, RSTRING(vpass)->len, iter, key, iv); + if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) + ossl_raise(eCipherError, NULL); + OPENSSL_cleanse(key, sizeof key); + OPENSSL_cleanse(iv, sizeof iv); - return self; + return Qnil; } static VALUE @@ -250,6 +235,16 @@ ossl_cipher_update(VALUE self, VALUE data) return str; } +static VALUE +ossl_cipher_update_deprecated(VALUE self, VALUE data) +{ + char *cname; + + cname = rb_class2name(rb_obj_class(self)); + rb_warning("%s#<< is deprecated; use %s#update instead", cname, cname); + return ossl_cipher_update(self, data); +} + static VALUE ossl_cipher_final(VALUE self) { @@ -259,7 +254,7 @@ ossl_cipher_final(VALUE self) GetCipher(self, ctx); str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx)); - if (!EVP_CipherFinal(ctx, RSTRING(str)->ptr, &out_len)) + if (!EVP_CipherFinal_ex(ctx, RSTRING(str)->ptr, &out_len)) ossl_raise(eCipherError, NULL); assert(out_len <= RSTRING(str)->len); RSTRING(str)->len = out_len; @@ -289,7 +284,7 @@ ossl_cipher_set_key(VALUE self, VALUE key) if (RSTRING(key)->len < EVP_CIPHER_CTX_key_length(ctx)) ossl_raise(eCipherError, "key length too short"); - if (EVP_CipherInit(ctx, NULL, RSTRING(key)->ptr, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, NULL, NULL, RSTRING(key)->ptr, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return key; @@ -306,22 +301,35 @@ ossl_cipher_set_iv(VALUE self, VALUE iv) if (RSTRING(iv)->len < EVP_CIPHER_CTX_iv_length(ctx)) ossl_raise(eCipherError, "iv length too short"); - if (EVP_CipherInit(ctx, NULL, NULL, RSTRING(iv)->ptr, -1) != 1) - ossl_raise(eCipherError, NULL); + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, RSTRING(iv)->ptr, -1) != 1) + ossl_raise(eCipherError, NULL); return iv; } static VALUE +ossl_cipher_set_key_length(VALUE self, VALUE key_length) +{ + EVP_CIPHER_CTX *ctx; + + GetCipher(self, ctx); + if (EVP_CIPHER_CTX_set_key_length(ctx, NUM2INT(key_length)) != 1) + ossl_raise(eCipherError, NULL); + + return key_length; +} + +static VALUE ossl_cipher_set_padding(VALUE self, VALUE padding) { -#if defined(HAVE_ST_FLAGS) +#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING) EVP_CIPHER_CTX *ctx; GetCipher(self, ctx); - - if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1) - ossl_raise(eCipherError, NULL); + if(rb_obj_is_kind_of(padding, rb_cInteger)) + padding = NUM2INT(padding) ? Qtrue : Qfalse; + if (EVP_CIPHER_CTX_set_padding(ctx, RTEST(padding)) != 1) + ossl_raise(eCipherError, NULL); #else rb_notimplement(); #endif @@ -351,32 +359,21 @@ Init_ossl_cipher(void) cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject); rb_define_alloc_func(cCipher, ossl_cipher_alloc); - rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1); - rb_define_copy_func(cCipher, ossl_cipher_copy); - + rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1); rb_define_method(cCipher, "reset", ossl_cipher_reset, 0); - rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1); rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1); + rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1); rb_define_method(cCipher, "update", ossl_cipher_update, 1); - rb_define_alias(cCipher, "<<", "update"); + rb_define_method(cCipher, "<<", ossl_cipher_update_deprecated, 1); rb_define_method(cCipher, "final", ossl_cipher_final, 0); - rb_define_method(cCipher, "name", ossl_cipher_name, 0); - rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1); + rb_define_method(cCipher, "key_len=", ossl_cipher_set_key_length, 1); rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0); -/* - * TODO - * int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); - */ rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1); rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0); - rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0); - rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1); - -} /* Init_ossl_cipher */ - +} |