[ruby/openssl] pkey: implement PKey::{RSA,DSA,DH}#params in Ruby

Move the definitions to lib/openssl/pkey.rb. They need not to be in the
extension and can be implemented using existing methods.

This reduces direct usage of the now-deprecated OpenSSL APIs around the
low-level structs such as DH, DSA, or RSA.

https://github.com/ruby/openssl/commit/c14178f387
This commit is contained in:
Kazuki Yamaguchi 2024-05-21 16:53:15 +09:00
parent 47fe59cd82
commit ec4592280f
4 changed files with 36 additions and 100 deletions

View File

@ -34,6 +34,18 @@ module OpenSSL::PKey
DH.new(to_der)
end
# :call-seq:
# dh.params -> hash
#
# Stores all parameters of key to a Hash.
#
# The hash has keys 'p', 'q', 'g', 'pub_key', and 'priv_key'.
def params
%w{p q g pub_key priv_key}.map { |name|
[name, send(name) || 0.to_bn]
}.to_h
end
# :call-seq:
# dh.compute_key(pub_bn) -> string
#
@ -154,6 +166,18 @@ module OpenSSL::PKey
OpenSSL::PKey.read(public_to_der)
end
# :call-seq:
# dsa.params -> hash
#
# Stores all parameters of key to a Hash.
#
# The hash has keys 'p', 'q', 'g', 'pub_key', and 'priv_key'.
def params
%w{p q g pub_key priv_key}.map { |name|
[name, send(name) || 0.to_bn]
}.to_h
end
class << self
# :call-seq:
# DSA.generate(size) -> dsa
@ -328,6 +352,18 @@ module OpenSSL::PKey
OpenSSL::PKey.read(public_to_der)
end
# :call-seq:
# rsa.params -> hash
#
# Stores all parameters of key to a Hash.
#
# The hash has keys 'n', 'e', 'd', 'p', 'q', 'dmp1', 'dmq1', and 'iqmp'.
def params
%w{n e d p q dmp1 dmq1 iqmp}.map { |name|
[name, send(name) || 0.to_bn]
}.to_h
end
class << self
# :call-seq:
# RSA.generate(size, exponent = 65537) -> RSA

View File

@ -284,35 +284,6 @@ ossl_dh_to_der(VALUE self)
return str;
}
/*
* call-seq:
* dh.params -> hash
*
* Stores all parameters of key to the hash
* INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
* Don't use :-)) (I's up to you)
*/
static VALUE
ossl_dh_get_params(VALUE self)
{
OSSL_3_const DH *dh;
VALUE hash;
const BIGNUM *p, *q, *g, *pub_key, *priv_key;
GetDH(self, dh);
DH_get0_pqg(dh, &p, &q, &g);
DH_get0_key(dh, &pub_key, &priv_key);
hash = rb_hash_new();
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g));
rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key));
rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key));
return hash;
}
/*
* call-seq:
* dh.params_ok? -> true | false
@ -443,8 +414,6 @@ Init_ossl_dh(void)
DEF_OSSL_PKEY_BN(cDH, dh, priv_key);
rb_define_method(cDH, "set_pqg", ossl_dh_set_pqg, 3);
rb_define_method(cDH, "set_key", ossl_dh_set_key, 2);
rb_define_method(cDH, "params", ossl_dh_get_params, 0);
}
#else /* defined NO_DH */

View File

@ -303,35 +303,6 @@ ossl_dsa_to_der(VALUE self)
}
/*
* call-seq:
* dsa.params -> hash
*
* Stores all parameters of key to the hash
* INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
* Don't use :-)) (I's up to you)
*/
static VALUE
ossl_dsa_get_params(VALUE self)
{
OSSL_3_const DSA *dsa;
VALUE hash;
const BIGNUM *p, *q, *g, *pub_key, *priv_key;
GetDSA(self, dsa);
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, &priv_key);
hash = rb_hash_new();
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(g));
rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pub_key));
rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(priv_key));
return hash;
}
/*
* Document-method: OpenSSL::PKey::DSA#set_pqg
* call-seq:
@ -396,8 +367,6 @@ Init_ossl_dsa(void)
DEF_OSSL_PKEY_BN(cDSA, dsa, priv_key);
rb_define_method(cDSA, "set_pqg", ossl_dsa_set_pqg, 3);
rb_define_method(cDSA, "set_key", ossl_dsa_set_key, 2);
rb_define_method(cDSA, "params", ossl_dsa_get_params, 0);
}
#else /* defined NO_DSA */

View File

@ -494,42 +494,6 @@ ossl_rsa_verify_pss(int argc, VALUE *argv, VALUE self)
ossl_raise(eRSAError, NULL);
}
/*
* call-seq:
* rsa.params => hash
*
* THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
*
* Stores all parameters of key to the hash. The hash has keys 'n', 'e', 'd',
* 'p', 'q', 'dmp1', 'dmq1', 'iqmp'.
*
* Don't use :-)) (It's up to you)
*/
static VALUE
ossl_rsa_get_params(VALUE self)
{
OSSL_3_const RSA *rsa;
VALUE hash;
const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
GetRSA(self, rsa);
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
hash = rb_hash_new();
rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(n));
rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(e));
rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(d));
rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(p));
rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(q));
rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(dmp1));
rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(dmq1));
rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(iqmp));
return hash;
}
/*
* Document-method: OpenSSL::PKey::RSA#set_key
* call-seq:
@ -617,8 +581,6 @@ Init_ossl_rsa(void)
rb_define_method(cRSA, "set_factors", ossl_rsa_set_factors, 2);
rb_define_method(cRSA, "set_crt_params", ossl_rsa_set_crt_params, 3);
rb_define_method(cRSA, "params", ossl_rsa_get_params, 0);
/*
* TODO: Test it
rb_define_method(cRSA, "blinding_on!", ossl_rsa_blinding_on, 0);