ruby-changes:65569
From: Colton <ko1@a...>
Date: Tue, 16 Mar 2021 20:39:08 +0900 (JST)
Subject: [ruby-changes:65569] c71afc9db7 (master): [ruby/openssl] Add compare? method to OpenSSL::PKey that wraps EVP_PKEY_cmp.
https://git.ruby-lang.org/ruby.git/commit/?id=c71afc9db7 From c71afc9db7fd938a71f806bace7a2aed2722c0e9 Mon Sep 17 00:00:00 2001 From: Colton Jenkins <jenkinscolton7@g...> Date: Sun, 5 Jul 2020 17:25:54 -0400 Subject: [ruby/openssl] Add compare? method to OpenSSL::PKey that wraps EVP_PKEY_cmp. Explicitly check for type given some conflicting statements within openssl's documentation around EVP_PKEY_cmp and EVP_PKEY_ASN1_METHOD(3). Add documentation with an example for compare? https://github.com/ruby/openssl/commit/0bf51da6e2 --- ext/openssl/ossl_pkey.c | 39 +++++++++++++++++++++++++++++++++++++++ test/openssl/test_pkey.rb | 18 ++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index df8b425..d5f5a51 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -734,6 +734,44 @@ ossl_pkey_public_to_pem(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L734 /* * call-seq: + * pkey.compare?(another_pkey) -> true | false + * + * Used primarily to check if an OpenSSL::X509::Certificate#public_key compares to its private key. + * + * == Example + * x509 = OpenSSL::X509::Certificate.new(pem_encoded_certificate) + * rsa_key = OpenSSL::PKey::RSA.new(pem_encoded_private_key) + * + * rsa_key.compare?(x509.public_key) => true | false + */ +static VALUE +ossl_pkey_compare(VALUE self, VALUE other) +{ + int ret; + EVP_PKEY *selfPKey; + EVP_PKEY *otherPKey; + + GetPKey(self, selfPKey); + GetPKey(other, otherPKey); + + /* Explicitly check the key type given EVP_PKEY_ASN1_METHOD(3) + * docs param_cmp could return any negative number. + */ + if (EVP_PKEY_id(selfPKey) != EVP_PKEY_id(otherPKey)) + ossl_raise(rb_eTypeError, "cannot match different PKey types"); + + ret = EVP_PKEY_cmp(selfPKey, otherPKey); + + if (ret == 0) + return Qfalse; + else if (ret == 1) + return Qtrue; + else + ossl_raise(ePKeyError, "EVP_PKEY_cmp"); +} + +/* + * call-seq: * pkey.sign(digest, data) -> String * * To sign the String _data_, _digest_, an instance of OpenSSL::Digest, must @@ -1031,6 +1069,7 @@ Init_ossl_pkey(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L1069 rb_define_method(cPKey, "private_to_pem", ossl_pkey_private_to_pem, -1); rb_define_method(cPKey, "public_to_der", ossl_pkey_public_to_der, 0); rb_define_method(cPKey, "public_to_pem", ossl_pkey_public_to_pem, 0); + rb_define_method(cPKey, "compare?", ossl_pkey_compare, 1); rb_define_method(cPKey, "sign", ossl_pkey_sign, 2); rb_define_method(cPKey, "verify", ossl_pkey_verify, 3); diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb index 5307fe5..0a516f9 100644 --- a/test/openssl/test_pkey.rb +++ b/test/openssl/test_pkey.rb @@ -151,4 +151,22 @@ class OpenSSL::TestPKey < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey.rb#L151 assert_equal bob_pem, bob.public_to_pem assert_equal [shared_secret].pack("H*"), alice.derive(bob) end + + def test_compare? + key1 = Fixtures.pkey("rsa1024") + key2 = Fixtures.pkey("rsa1024") + key3 = Fixtures.pkey("rsa2048") + key4 = Fixtures.pkey("dh-1") + + assert_equal(true, key1.compare?(key2)) + assert_equal(true, key1.public_key.compare?(key2)) + assert_equal(true, key2.compare?(key1)) + assert_equal(true, key2.public_key.compare?(key1)) + + assert_equal(false, key1.compare?(key3)) + + assert_raise(TypeError) do + key1.compare?(key4) + end + end end -- cgit v1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/