ruby-changes:65573
From: Kazuki <ko1@a...>
Date: Tue, 16 Mar 2021 20:38:49 +0900 (JST)
Subject: [ruby-changes:65573] 9d3ffe09c4 (master): [ruby/openssl] pkey: reimplement PKey::DH#compute_key and PKey::EC#dh_compute_key
https://git.ruby-lang.org/ruby.git/commit/?id=9d3ffe09c4 From 9d3ffe09c47a1dfd722693965fbf7dba8571aa88 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Sat, 18 Mar 2017 22:34:19 +0900 Subject: [ruby/openssl] pkey: reimplement PKey::DH#compute_key and PKey::EC#dh_compute_key Use the new OpenSSL::PKey::PKey#derive instead of the raw {EC,}DH_compute_key(), mainly to reduce amount of the C code. https://github.com/ruby/openssl/commit/28edf6bafc --- ext/openssl/lib/openssl/pkey.rb | 33 +++++++++++++++++++++++++++++++++ ext/openssl/ossl_pkey_dh.c | 35 ----------------------------------- ext/openssl/ossl_pkey_ec.c | 32 -------------------------------- 3 files changed, 33 insertions(+), 67 deletions(-) diff --git a/ext/openssl/lib/openssl/pkey.rb b/ext/openssl/lib/openssl/pkey.rb index 9cc3276..be60ac2 100644 --- a/ext/openssl/lib/openssl/pkey.rb +++ b/ext/openssl/lib/openssl/pkey.rb @@ -9,6 +9,24 @@ require_relative 'marshal' https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/pkey.rb#L9 module OpenSSL::PKey class DH include OpenSSL::Marshal + + # :call-seq: + # dh.compute_key(pub_bn) -> string + # + # Returns a String containing a shared secret computed from the other + # party's public value. + # + # This method is provided for backwards compatibility, and calls #derive + # internally. + # + # === Parameters + # * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by + # DH#public_key as that contains the DH parameters only. + def compute_key(pub_bn) + peer = dup + peer.set_key(pub_bn, nil) + derive(peer) + end end class DSA @@ -18,7 +36,22 @@ module OpenSSL::PKey https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/pkey.rb#L36 if defined?(EC) class EC include OpenSSL::Marshal + + # :call-seq: + # ec.dh_compute_key(pubkey) -> string + # + # Derives a shared secret by ECDH. _pubkey_ must be an instance of + # OpenSSL::PKey::EC::Point and must belong to the same group. + # + # This method is provided for backwards compatibility, and calls #derive + # internally. + def dh_compute_key(pubkey) + peer = OpenSSL::PKey::EC.new(group) + peer.public_key = pubkey + derive(peer) + end end + class EC::Point # :call-seq: # point.to_bn([conversion_form]) -> OpenSSL::BN diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index bc50e55..5bc1c49 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -477,40 +477,6 @@ ossl_dh_generate_key(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L477 } /* - * call-seq: - * dh.compute_key(pub_bn) -> aString - * - * Returns a String containing a shared secret computed from the other party's public value. - * See DH_compute_key() for further information. - * - * === Parameters - * * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by - * DH#public_key as that contains the DH parameters only. - */ -static VALUE -ossl_dh_compute_key(VALUE self, VALUE pub) -{ - DH *dh; - const BIGNUM *pub_key, *dh_p; - VALUE str; - int len; - - GetDH(self, dh); - DH_get0_pqg(dh, &dh_p, NULL, NULL); - if (!dh_p) - ossl_raise(eDHError, "incomplete DH"); - pub_key = GetBNPtr(pub); - len = DH_size(dh); - str = rb_str_new(0, len); - if ((len = DH_compute_key((unsigned char *)RSTRING_PTR(str), pub_key, dh)) < 0) { - ossl_raise(eDHError, NULL); - } - rb_str_set_len(str, len); - - return str; -} - -/* * Document-method: OpenSSL::PKey::DH#set_pqg * call-seq: * dh.set_pqg(p, q, g) -> self @@ -587,7 +553,6 @@ Init_ossl_dh(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L553 rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0); rb_define_method(cDH, "params_ok?", ossl_dh_check_params, 0); rb_define_method(cDH, "generate_key!", ossl_dh_generate_key, 0); - rb_define_method(cDH, "compute_key", ossl_dh_compute_key, 1); DEF_OSSL_PKEY_BN(cDH, dh, p); DEF_OSSL_PKEY_BN(cDH, dh, q); diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 6fe2533..c253425 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -489,37 +489,6 @@ static VALUE ossl_ec_key_check_key(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L489 /* * call-seq: - * key.dh_compute_key(pubkey) => String - * - * See the OpenSSL documentation for ECDH_compute_key() - */ -static VALUE ossl_ec_key_dh_compute_key(VALUE self, VALUE pubkey) -{ - EC_KEY *ec; - EC_POINT *point; - int buf_len; - VALUE str; - - GetEC(self, ec); - GetECPoint(pubkey, point); - -/* BUG: need a way to figure out the maximum string size */ - buf_len = 1024; - str = rb_str_new(0, buf_len); -/* BUG: take KDF as a block */ - buf_len = ECDH_compute_key(RSTRING_PTR(str), buf_len, point, ec, NULL); - if (buf_len < 0) - ossl_raise(eECError, "ECDH_compute_key"); - - rb_str_resize(str, buf_len); - - return str; -} - -/* sign_setup */ - -/* - * call-seq: * key.dsa_sign_asn1(data) => String * * See the OpenSSL documentation for ECDSA_sign() @@ -1657,7 +1626,6 @@ void Init_ossl_ec(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L1626 rb_define_alias(cEC, "generate_key", "generate_key!"); rb_define_method(cEC, "check_key", ossl_ec_key_check_key, 0); - rb_define_method(cEC, "dh_compute_key", ossl_ec_key_dh_compute_key, 1); rb_define_method(cEC, "dsa_sign_asn1", ossl_ec_key_dsa_sign_asn1, 1); rb_define_method(cEC, "dsa_verify_asn1", ossl_ec_key_dsa_verify_asn1, 2); /* do_sign/do_verify */ -- cgit v1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/