ruby-changes:43212
From: rhe <ko1@a...>
Date: Mon, 6 Jun 2016 00:00:55 +0900 (JST)
Subject: [ruby-changes:43212] rhe:r55285 (trunk): openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
rhe 2016-06-06 00:00:47 +0900 (Mon, 06 Jun 2016) New Revision: 55285 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55285 Log: openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs * ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and {RSA,DSA,EC_KEY,DH}_get0_*() functions. OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide setter methods for each parameter of each PKey type, for example PKey::RSA#e=, but this is no longer possible because the new API RSA_set0_key() requires the 'n' at the same time. This commit adds deprecation warning to them and adds PKey::*#set_* methods as direct wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}. Emit a warning with rb_warning() when old setter methods are used. * test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb, test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH object that are used in tmp_dh_callback. Generating a new key pair every time should be fine - actually the private exponent is ignored in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set. https://www.openssl.org/news/secadv/20160128.txt Modified files: trunk/ChangeLog trunk/ext/openssl/extconf.rb trunk/ext/openssl/openssl_missing.h trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_pkey.h trunk/ext/openssl/ossl_pkey_dh.c trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/ext/openssl/ossl_ssl.c trunk/test/drb/ut_array_drbssl.rb trunk/test/drb/ut_drb_drbssl.rb trunk/test/openssl/utils.rb trunk/test/rubygems/test_gem_remote_fetcher.rb Index: test/drb/ut_drb_drbssl.rb =================================================================== --- test/drb/ut_drb_drbssl.rb (revision 55284) +++ test/drb/ut_drb_drbssl.rb (revision 55285) @@ -19,8 +19,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/drb/ut_drb_drbssl.rb#L19 -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16) - end config = Hash.new Index: test/drb/ut_array_drbssl.rb =================================================================== --- test/drb/ut_array_drbssl.rb (revision 55284) +++ test/drb/ut_array_drbssl.rb (revision 55285) @@ -20,8 +20,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/drb/ut_array_drbssl.rb#L20 -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16) - end config = Hash.new Index: test/openssl/utils.rb =================================================================== --- test/openssl/utils.rb (revision 55284) +++ test/openssl/utils.rb (revision 55285) @@ -105,7 +105,8 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L105 -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH1024.priv_key = OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16) + TEST_KEY_DH1024.set_key(OpenSSL::BN.new("556AF1598AE69899867CEBA9F29CE4862B884C2B43C9019EA0231908F6EFA785E3C462A6ECB16DF676866E997FFB72B487DC7967C58C3CA38CE974473BF19B2AA5DCBF102735572EBA6F353F6F0BBE7FF1DE1B07FE1381A355C275C33405004317F9491B5955F191F6615A63B30E55A027FB88A1A4B25608E09EEE68A7DF32D", 16), + OpenSSL::BN.new("48561834C67E65FFD2A9B47F41E5E78FDC95C387428FDB1E4B0188B64D1643C3A8D3455B945B7E8C4D166010C7C2CE23BFB9BEF43D0348FE7FA5284B0225E7FE1537546D114E3D8A4411B9B9351AB451E1A358F50ED61B1F00DA29336EEBBD649980AC86D76AF8BBB065298C2052672EEF3EF13AB47A15275FC2836F3AC74CEA", 16)) DSA_SIGNATURE_DIGEST = OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000 ? OpenSSL::Digest::SHA1 : Index: test/rubygems/test_gem_remote_fetcher.rb =================================================================== --- test/rubygems/test_gem_remote_fetcher.rb (revision 55284) +++ test/rubygems/test_gem_remote_fetcher.rb (revision 55285) @@ -81,7 +81,6 @@ gems: https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_remote_fetcher.rb#L81 # Generated via: # x = OpenSSL::PKey::DH.new(2048) # wait a while... # x.to_s => pem - # x.priv_key.to_s => hex for OpenSSL::BN.new TEST_KEY_DH2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_ -----BEGIN DH PARAMETERS----- MIIBCAKCAQEA3Ze2EHSfYkZLUn557torAmjBgPsqzbodaRaGZtgK1gEU+9nNJaFV @@ -93,17 +92,6 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg== https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_remote_fetcher.rb#L92 -----END DH PARAMETERS----- _end_of_pem_ - TEST_KEY_DH2048.priv_key = OpenSSL::BN.new("108911488509734781344423639" \ - "5585749502236089033416160524030987005037540379474123441273555416835" \ - "4725688238369352738266590757370603937618499698665047757588998555345" \ - "3446251978586372525530219375408331096098220027413238477359960428372" \ - "0195464393332338164504352015535549496585792320286513563739305843396" \ - "9294344974028713065472959376197728193162272314514335882399554394661" \ - "5306385003430991221886779612878793446851681835397455333989268503748" \ - "7862488679178398716189205737442996155432191656080664090596502674943" \ - "7902481557157485795980326766117882761941455140582265347052939604724" \ - "964857770053363840471912215799994973597613931991572884", 16) - def setup @proxies = %w[https_proxy http_proxy HTTP_PROXY http_proxy_user HTTP_PROXY_USER http_proxy_pass HTTP_PROXY_PASS no_proxy NO_PROXY] @old_proxies = @proxies.map {|k| ENV[k] } Index: ChangeLog =================================================================== --- ChangeLog (revision 55284) +++ ChangeLog (revision 55285) @@ -1,3 +1,27 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Mon Jun 6 00:00:13 2016 Kazuki Yamaguchi <k@r...> + + * ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and + {RSA,DSA,EC_KEY,DH}_get0_*() functions. + OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide + setter methods for each parameter of each PKey type, for example + PKey::RSA#e=, but this is no longer possible because the new API + RSA_set0_key() requires the 'n' at the same time. This commit adds + deprecation warning to them and adds PKey::*#set_* methods as direct + wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be + rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'. + [ruby-core:75225] [Feature #12324] + + * ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement + RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}. + Emit a warning with rb_warning() when old setter methods are used. + + * test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb, + test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH + object that are used in tmp_dh_callback. Generating a new key pair + every time should be fine - actually the private exponent is ignored + in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set. + https://www.openssl.org/news/secadv/20160128.txt + Sun Jun 5 22:06:00 2016 Kenta Murata <mrkn@m...> * configure.in: Fix the timing to detect the appropriate C++ compiler Index: ext/openssl/ossl_pkey_rsa.c =================================================================== --- ext/openssl/ossl_pkey_rsa.c (revision 55284) +++ ext/openssl/ossl_pkey_rsa.c (revision 55285) @@ -7,19 +7,36 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L7 * This program is licensed under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(OPENSSL_NO_RSA) - #include "ossl.h" +#if !defined(OPENSSL_NO_RSA) + #define GetPKeyRSA(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_RSA) { /* PARANOIA? */ \ + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { /* PARANOIA? */ \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \ } \ } while (0) +#define GetRSA(obj, rsa) do { \ + EVP_PKEY *_pkey; \ + GetPKeyRSA((obj), _pkey); \ + (rsa) = EVP_PKEY_get0_RSA(_pkey); \ +} while (0) + +static inline int +RSA_HAS_PRIVATE(RSA *rsa) +{ + BIGNUM *p, *q; + + RSA_get0_factors(rsa, &p, &q); + return p && q; /* d? why? */ +} -#define RSA_HAS_PRIVATE(rsa) ((rsa)->p && (rsa)->q) -#define RSA_PRIVATE(obj,rsa) (RSA_HAS_PRIVATE(rsa)||OSSL_PKEY_IS_PRIVATE(obj)) +static inline int +RSA_PRIVATE(VALUE obj, RSA *rsa) +{ + return RSA_HAS_PRIVATE(rsa) || OSSL_PKEY_IS_PRIVATE(obj); +} /* * Classes @@ -62,7 +79,7 @@ ossl_rsa_new(EVP_PKEY *pkey) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L79 } else { obj = NewPKey(cRSA); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { ossl_raise(rb_eTypeError, "Not a RSA key!"); } SetPKey(obj, pkey); @@ -262,12 +279,13 @@ ossl_rsa_initialize(int argc, VALUE *arg https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L279 static VALUE ossl_rsa_is_public(VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; - GetPKeyRSA(self, pkey); + GetRSA(self, rsa); /* * This method should check for n and e. BUG. */ + (void)rsa; return Qtrue; } @@ -280,11 +298,11 @@ ossl_rsa_is_public(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L298 static VALUE ossl_rsa_is_private(VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; - GetPKeyRSA(self, pkey); + GetRSA(self, rsa); - return (RSA_PRIVATE(self, pkey->pkey.rsa)) ? Qtrue : Qfalse; + return RSA_PRIVATE(self, rsa) ? Qtrue : Qfalse; } /* @@ -300,12 +318,12 @@ ossl_rsa_is_private(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L318 static VALUE ossl_rsa_export(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; BIO *out; const EVP_CIPHER *ciph = NULL; VALUE cipher, pass, str; - GetPKeyRSA(self, pkey); + GetRSA(self, rsa); rb_scan_args(argc, argv, "02", &cipher, &pass); @@ -316,14 +334,14 @@ ossl_rsa_export(int argc, VALUE *argv, V https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L334 if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eRSAError, NULL); } - if (RSA_HAS_PRIVATE(pkey->pkey.rsa)) { - if (!PEM_write_bio_RSAPrivateKey(out, pkey->pkey.rsa, ciph, - NULL, 0, ossl_pem_passwd_cb, (void *)pass)) { + if (RSA_HAS_PRIVATE(rsa)) { + if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0, + ossl_pem_passwd_cb, (void *)pass)) { BIO_free(out); ossl_raise(eRSAError, NULL); } } else { - if (!PEM_write_bio_RSA_PUBKEY(out, pkey->pkey.rsa)) { + if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) { BIO_free(out); ossl_raise(eRSAError, NULL); } @@ -342,29 +360,29 @@ ossl_rsa_export(int argc, VALUE *argv, V https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L360 static VALUE ossl_rsa_to_der(VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; int (*i2d_func)_((const RSA*, unsigned char**)); unsigned char *p; long len; VALUE str; - GetPKeyRSA(self, pkey); - if(RSA_HAS_PRIVATE(pkey->pkey.rsa)) + GetRSA(self, rsa); + if (RSA_HAS_PRIVATE(rsa)) i2d_func = i2d_RSAPrivateKey; else i2d_func = (int (*)(const RSA*, unsigned char**))i2d_RSA_PUBKEY; - if((len = i2d_func(pkey->pkey.rsa, NULL)) <= 0) + if((len = i2d_func(rsa, NULL)) <= 0) ossl_raise(eRSAError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(pkey->pkey.rsa, &p) < 0) + if(i2d_func(rsa, &p) < 0) ossl_raise(eRSAError, NULL); ossl_str_adjust(str, p); return str; } -#define ossl_rsa_buf_size(pkey) (RSA_size((pkey)->pkey.rsa)+16) +#define ossl_rsa_buf_size(rsa) (RSA_size(rsa)+16) /* * call-seq: @@ -377,20 +395,21 @@ ossl_rsa_to_der(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L395 static VALUE ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; + BIGNUM *rsa_n; int buf_len, pad; VALUE str, buffer, padding; - GetPKeyRSA(self, pkey); - if (!pkey->pkey.rsa->n) + GetRSA(self, rsa); + RSA_get0_key(rsa, &rsa_n, NULL, NULL); + if (!rsa_n) ossl_raise(eRSAError, "incomplete RSA"); rb_scan_args(argc, argv, "11", &buffer, &padding); pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); - str = rb_str_new(0, ossl_rsa_buf_size(pkey)); + str = rb_str_new(0, ossl_rsa_buf_size(rsa)); buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, - pad); + (unsigned char *)RSTRING_PTR(str), rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -408,20 +427,21 @@ ossl_rsa_public_encrypt(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L427 static VALUE ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; + BIGNUM *rsa_n; int buf_len, pad; VALUE str, buffer, padding; - GetPKeyRSA(self, pkey); - if (!pkey->pkey.rsa->n) + GetRSA(self, rsa); + RSA_get0_key(rsa, &rsa_n, NULL, NULL); + if (!rsa_n) ossl_raise(eRSAError, "incomplete RSA"); rb_scan_args(argc, argv, "11", &buffer, &padding); pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); - str = rb_str_new(0, ossl_rsa_buf_size(pkey)); + str = rb_str_new(0, ossl_rsa_buf_size(rsa)); buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, - pad); + (unsigned char *)RSTRING_PTR(str), rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -439,22 +459,23 @@ ossl_rsa_public_decrypt(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L459 static VALUE ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; + BIGNUM *rsa_n; int buf_len, pad; VALUE str, buffer, padding; - GetPKeyRSA(self, pkey); - if (!pkey->pkey.rsa->n) + GetRSA(self, rsa); + RSA_get0_key(rsa, &rsa_n, NULL, NULL); + if (!rsa_n) ossl_raise(eRSAError, "incomplete RSA"); - if (!RSA_PRIVATE(self, pkey->pkey.rsa)) - ossl_raise(eRSAError, "private key needed"); + if (!RSA_PRIVATE(self, rsa)) + ossl_raise(eRSAError, "private key needed."); rb_scan_args(argc, argv, "11", &buffer, &padding); pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); - str = rb_str_new(0, ossl_rsa_buf_size(pkey)); + str = rb_str_new(0, ossl_rsa_buf_size(rsa)); buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, - pad); + (unsigned char *)RSTRING_PTR(str), rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -472,22 +493,23 @@ ossl_rsa_private_encrypt(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L493 static VALUE ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; + BIGNUM *rsa_n; int buf_len, pad; VALUE str, buffer, padding; - GetPKeyRSA(self, pkey); - if (!pkey->pkey.rsa->n) + GetRSA(self, rsa); + RSA_get0_key(rsa, &rsa_n, NULL, NULL); + if (!rsa_n) ossl_raise(eRSAError, "incomplete RSA"); - if (!RSA_PRIVATE(self, pkey->pkey.rsa)) - ossl_raise(eRSAError, "private key needed"); + if (!RSA_PRIVATE(self, rsa)) + ossl_raise(eRSAError, "private key needed."); rb_scan_args(argc, argv, "11", &buffer, &padding); pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); - str = rb_str_new(0, ossl_rsa_buf_size(pkey)); + str = rb_str_new(0, ossl_rsa_buf_size(rsa)); buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, - pad); + (unsigned char *)RSTRING_PTR(str), rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -508,21 +530,24 @@ ossl_rsa_private_decrypt(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L530 static VALUE ossl_rsa_get_params(VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; VALUE hash; + BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; - GetPKeyRSA(self, pkey); + GetRSA(self, rsa); + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); hash = rb_hash_new(); - - rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(pkey->pkey.rsa->n)); - rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(pkey->pkey.rsa->e)); - rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(pkey->pkey.rsa->d)); - rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.rsa->p)); - rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.rsa->q)); - rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(pkey->pkey.rsa->dmp1)); - rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(pkey->pkey.rsa->dmq1)); - rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(pkey->pkey.rsa->iqmp)); + rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(n)); + rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(e)); + rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(d)); + rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p)); + rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q)); + rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(dmp1)); + rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(dmq1)); + rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(iqmp)); return hash; } @@ -540,15 +565,15 @@ ossl_rsa_get_params(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L565 static VALUE ossl_rsa_to_text(VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; BIO *out; VALUE str; - GetPKeyRSA(self, pkey); + GetRSA(self, rsa); if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eRSAError, NULL); } - if (!RSA_print(out, pkey->pkey.rsa, 0)) { /* offset = 0 */ + if (!RSA_print(out, rsa, 0)) { /* offset = 0 */ BIO_free(out); ossl_raise(eRSAError, NULL); } @@ -572,7 +597,7 @@ ossl_rsa_to_public_key(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L597 GetPKeyRSA(self, pkey); /* err check performed by rsa_instance */ - rsa = RSAPublicKey_dup(pkey->pkey.rsa); + rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey)); obj = rsa_instance(CLASS_OF(self), rsa); if (obj == Qfalse) { RSA_free(rsa); @@ -587,11 +612,11 @@ ossl_rsa_to_public_key(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L612 static VALUE ossl_rsa_blinding_on(VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; - GetPKeyRSA(self, pkey); + GetRSA(self, rsa); - if (RSA_blinding_on(pkey->pkey.rsa, ossl_bn_ctx) != 1) { + if (RSA_blinding_on(rsa, ossl_bn_ctx) != 1) { ossl_raise(eRSAError, NULL); } return self; @@ -600,23 +625,18 @@ ossl_rsa_blinding_on(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L625 static VALUE ossl_rsa_blinding_off(VALUE self) { - EVP_PKEY *pkey; + RSA *rsa; - GetPKeyRSA(self, pkey); - RSA_blinding_off(pkey->pkey.rsa); + GetRSA(self, rsa); + RSA_blinding_off(rsa); return self; } */ -OSSL_PKEY_BN(rsa, n) -OSSL_PKEY_BN(rsa, e) -OSSL_PKEY_BN(rsa, d) -OSSL_PKEY_BN(rsa, p) -OSSL_PKEY_BN(rsa, q) -OSSL_PKEY_BN(rsa, dmp1) -OSSL_PKEY_BN(rsa, dmq1) -OSSL_PKEY_BN(rsa, iqmp) +OSSL_PKEY_BN_DEF3(rsa, RSA, key, n, e, d); +OSSL_PKEY_BN_DEF2(rsa, RSA, factors, p, q); +OSSL_PKEY_BN_DEF3(rsa, RSA, crt_params, dmp1, dmq1, iqmp); /* * INIT @@ -675,6 +695,9 @@ Init_ossl_rsa(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L695 DEF_OSSL_PKEY_BN(cRSA, rsa, dmp1); DEF_OSSL_PKEY_BN(cRSA, rsa, dmq1); DEF_OSSL_PKEY_BN(cRSA, rsa, iqmp); + rb_define_method(cRSA, "set_key", ossl_rsa_set_key, 3); + rb_define_method(cRSA, "set_factors", ossl_rsa_set_factors, 2); + rb_define_method(cRSA, "set_crt_params", ossl_rsa_set_crt_params, 3); rb_define_method(cRSA, "params", ossl_rsa_get_params, 0); Index: ext/openssl/ossl_pkey_ec.c =================================================================== --- ext/openssl/ossl_pkey_ec.c (revision 55284) +++ ext/openssl/ossl_pke (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/