ruby-changes:61242
From: Bart <ko1@a...>
Date: Wed, 13 May 2020 15:48:26 +0900 (JST)
Subject: [ruby-changes:61242] 0b2c70eaa1 (master): [ruby/openssl] Look up digest by name instead of constant
https://git.ruby-lang.org/ruby.git/commit/?id=0b2c70eaa1 From 0b2c70eaa1e8e41fcb6332b22b084dabb81e637c Mon Sep 17 00:00:00 2001 From: Bart de Water <bartdewater@g...> Date: Sun, 19 Apr 2020 11:14:36 -0400 Subject: [ruby/openssl] Look up digest by name instead of constant https://github.com/ruby/openssl/commit/b28fb2f05c diff --git a/ext/openssl/lib/openssl.rb b/ext/openssl/lib/openssl.rb index 00e2db1..b047485 100644 --- a/ext/openssl/lib/openssl.rb +++ b/ext/openssl/lib/openssl.rb @@ -31,8 +31,8 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl.rb#L31 # the length of the secret. Returns +true+ if the strings are identical, # +false+ otherwise. def self.secure_compare(a, b) - hashed_a = OpenSSL::Digest::SHA256.digest(a) - hashed_b = OpenSSL::Digest::SHA256.digest(b) + hashed_a = OpenSSL::Digest.digest('SHA256', a) + hashed_b = OpenSSL::Digest.digest('SHA256', b) OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b end end diff --git a/ext/openssl/lib/openssl/digest.rb b/ext/openssl/lib/openssl/digest.rb index 92d358d..2ff8398 100644 --- a/ext/openssl/lib/openssl/digest.rb +++ b/ext/openssl/lib/openssl/digest.rb @@ -15,17 +15,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/digest.rb#L15 module OpenSSL class Digest - # You can get a list of all algorithms: - # openssl list -digest-algorithms - - ALGORITHMS = %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512) - - if !OPENSSL_VERSION.include?("LibreSSL") && OPENSSL_VERSION_NUMBER > 0x10101000 - ALGORITHMS.concat %w(BLAKE2b512 BLAKE2s256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 SHA512-224 SHA512-256) - end - - ALGORITHMS.freeze - # Return the hash value computed with _name_ Digest. _name_ is either the # long name or short name of a supported digest algorithm. # @@ -35,13 +24,13 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/digest.rb#L24 # # which is equivalent to: # - # OpenSSL::Digest::SHA256.digest("abc") + # OpenSSL::Digest.digest('SHA256', "abc") def self.digest(name, data) super(data, name) end - ALGORITHMS.each do |name| + %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512).each do |name| klass = Class.new(self) { define_method(:initialize, ->(data = nil) {super(name, data)}) } diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 14a7919..5d3ee74 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -739,7 +739,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L739 * To sign a document, a cryptographically secure hash of the document is * computed first, which is then signed using the private key. * - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * signature = key.sign digest, document * * To validate the signature, again a hash of the document is computed and @@ -747,7 +747,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L747 * compared to the hash just computed, if they are equal the signature was * valid. * - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * if key.verify digest, signature, document * puts 'Valid' * else @@ -782,7 +782,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L782 * salt = OpenSSL::Random.random_bytes 16 * iter = 20000 * key_len = cipher.key_len - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * * key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest) * cipher.key = key @@ -805,7 +805,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L805 * salt = ... # the one generated above * iter = 20000 * key_len = cipher.key_len - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * * key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest) * cipher.key = key @@ -901,7 +901,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L901 * certificate. * * cert.issuer = name - * cert.sign key, OpenSSL::Digest::SHA1.new + * cert.sign key, OpenSSL::Digest.new('SHA1') * * open 'certificate.pem', 'w' do |io| io.write cert.to_pem end * @@ -977,7 +977,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L977 * * Root CA certificates are self-signed. * - * ca_cert.sign ca_key, OpenSSL::Digest::SHA1.new + * ca_cert.sign ca_key, OpenSSL::Digest.new('SHA1') * * The CA certificate is saved to disk so it may be distributed to all the * users of the keys this CA will sign. @@ -995,7 +995,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L995 * csr.version = 0 * csr.subject = name * csr.public_key = key.public_key - * csr.sign key, OpenSSL::Digest::SHA1.new + * csr.sign key, OpenSSL::Digest.new('SHA1') * * A CSR is saved to disk and sent to the CA for signing. * @@ -1039,7 +1039,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L1039 * csr_cert.add_extension \ * extension_factory.create_extension('subjectKeyIdentifier', 'hash') * - * csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new + * csr_cert.sign ca_key, OpenSSL::Digest.new('SHA1') * * open 'csr_cert.pem', 'w' do |io| * io.write csr_cert.to_pem diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index 661b230..1233732 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -192,7 +192,7 @@ ossl_digest_reset(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L192 * be passed individually to the Digest instance. * * === Example - * digest = OpenSSL::Digest::SHA256.new + * digest = OpenSSL::Digest.new('SHA256') * digest.update('First input') * digest << 'Second input' # equivalent to digest.update('Second input') * result = digest.digest @@ -248,7 +248,7 @@ ossl_digest_finish(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L248 * Returns the sn of this Digest algorithm. * * === Example - * digest = OpenSSL::Digest::SHA512.new + * digest = OpenSSL::Digest.new('SHA512') * puts digest.name # => SHA512 * */ @@ -270,7 +270,7 @@ ossl_digest_name(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L270 * final message digest result. * * === Example - * digest = OpenSSL::Digest::SHA1.new + * digest = OpenSSL::Digest.new('SHA1') * puts digest.digest_length # => 20 * */ @@ -294,7 +294,7 @@ ossl_digest_size(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L294 * consecutively. * * === Example - * digest = OpenSSL::Digest::SHA1.new + * digest = OpenSSL::Digest.new('SHA1') * puts digest.block_length # => 64 */ static VALUE @@ -348,15 +348,19 @@ Init_ossl_digest(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L348 * the integrity of a signed document, it suffices to re-compute the hash * and verify that it is equal to that in the signature. * - * Among the supported message digest algorithms are: - * * SHA, SHA1, SHA224, SHA256, SHA384 and SHA512 - * * MD2, MD4, MDC2 and MD5 - * * RIPEMD160 + * You can get a list of all digest algorithms supported on your system by + * running this command in your terminal: * - * For each of these algorithms, there is a sub-class of Digest that - * can be instantiated as simply as e.g. + * openssl list -digest-algorithms * - * digest = OpenSSL::Digest::SHA1.new + * Among the OpenSSL 1.1.1 supported message digest algorithms are: + * * SHA224, SHA256, SHA384, SHA512, SHA512-224 and SHA512-256 + * * SHA3-224, SHA3-256, SHA3-384 and SHA3-512 + * * BLAKE2s256 and BLAKE2b512 + * + * Each of these algorithms can be instantiated using the name: + * + * digest = OpenSSL::Digest.new('SHA256') * * === Mapping between Digest class and sn/ln * @@ -406,7 +410,7 @@ Init_ossl_digest(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L410 * === Hashing a file * * data = File.read('document') - * sha256 = OpenSSL::Digest::SHA256.new + * sha256 = OpenSSL::Digest.new('SHA256') * digest = sha256.digest(data) * * === Hashing several pieces of data at once @@ -414,7 +418,7 @@ Init_ossl_digest(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L418 * data1 = File.read('file1') * data2 = File.read('file2') * data3 = File.read('file3') - * sha256 = OpenSSL::Digest::SHA256.new + * sha256 = OpenSSL::Digest.new('SHA256') * sha256 << data1 * sha256 << data2 * sha256 << data3 @@ -423,7 +427,7 @@ Init_ossl_digest(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_digest.c#L427 * === Reuse a Digest instance * * data1 = File.read('file1') - * sha256 = OpenSSL::Digest::SHA256.new + * sha256 = OpenSSL::Digest.new('SHA256') * digest1 = sha256.digest(data1) * * data2 = File.read('file2') diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index 2ac2e5c..e831cff (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/