mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* ext/openssl/ossl_cipher.c (ossl_cipher_encrypt, ossl_cipher_decrypt):
re-implemnt (the arguments for this method is ). * ext/openssl/ossl_cipher.c (ossl_cipher_pkcs5_keyivgen): new method OpenSSL::Cipher::Cipher#pkcs5_keyivgen. it calls EVP_BytesToKey(). * ext/openssl/ossl_cipher.c (ossl_cipher_set_key_length): new method OpenSSL::Cipher::Cipher#key_len=. * ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): the type of argument is changed from integer to boolean. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6549 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
22ab58c03c
commit
0dc43217b1
2 changed files with 88 additions and 75 deletions
14
ChangeLog
14
ChangeLog
|
@ -1,3 +1,17 @@
|
|||
Thu Jul 1 00:44:42 2004 GOTOU Yuuzou <gotoyuzo@notwork.org>
|
||||
|
||||
* ext/openssl/ossl_cipher.c (ossl_cipher_encrypt, ossl_cipher_decrypt):
|
||||
re-implemnt (the arguments for this method is ).
|
||||
|
||||
* ext/openssl/ossl_cipher.c (ossl_cipher_pkcs5_keyivgen): new method
|
||||
OpenSSL::Cipher::Cipher#pkcs5_keyivgen. it calls EVP_BytesToKey().
|
||||
|
||||
* ext/openssl/ossl_cipher.c (ossl_cipher_set_key_length): new method
|
||||
OpenSSL::Cipher::Cipher#key_len=.
|
||||
|
||||
* ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): the type of
|
||||
argument is changed from integer to boolean.
|
||||
|
||||
Wed Jun 30 19:48:09 2004 GOTOU Yuuzou <gotoyuzo@notwork.org>
|
||||
|
||||
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
|
||||
|
|
|
@ -132,100 +132,85 @@ ossl_cipher_reset(VALUE self)
|
|||
}
|
||||
|
||||
static VALUE
|
||||
ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
|
||||
ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH], *p_key = NULL;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH], *p_iv = NULL;
|
||||
VALUE pass, init_v;
|
||||
|
||||
GetCipher(self, ctx);
|
||||
|
||||
rb_scan_args(argc, argv, "02", &pass, &init_v);
|
||||
|
||||
if (NIL_P(init_v)) {
|
||||
if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){
|
||||
/*
|
||||
* TODO:
|
||||
* random IV generation!
|
||||
*/
|
||||
memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
|
||||
/*
|
||||
RAND_add(data,i,0); where from take data?
|
||||
if (RAND_pseudo_bytes(iv, 8) < 0) {
|
||||
ossl_raise(eCipherError, NULL);
|
||||
}
|
||||
*/
|
||||
}
|
||||
else {
|
||||
init_v = rb_obj_as_string(init_v);
|
||||
if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
|
||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
||||
memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
|
||||
}
|
||||
else {
|
||||
memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv));
|
||||
* oops. this code mistakes salt for IV.
|
||||
* We deprecated the arguments for this method, but we decided
|
||||
* keeping this behaviour for backward compatibility.
|
||||
*/
|
||||
StringValue(pass);
|
||||
if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv));
|
||||
else{
|
||||
char *cname = rb_class2name(rb_obj_class(self));
|
||||
rb_warning("key derivation by %s#encrypt is deprecated; "
|
||||
"use %s::pkcs5_keyivgen instead", cname, cname);
|
||||
StringValue(init_v);
|
||||
if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
|
||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
||||
memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
|
||||
}
|
||||
else memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv));
|
||||
}
|
||||
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
|
||||
RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
|
||||
p_key = key;
|
||||
p_iv = iv;
|
||||
}
|
||||
|
||||
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 1) != 1) {
|
||||
ossl_raise(eCipherError, NULL);
|
||||
}
|
||||
|
||||
if (!NIL_P(pass)) {
|
||||
StringValue(pass);
|
||||
|
||||
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
|
||||
RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
|
||||
if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) {
|
||||
ossl_raise(eCipherError, NULL);
|
||||
}
|
||||
if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) {
|
||||
ossl_raise(eCipherError, NULL);
|
||||
}
|
||||
|
||||
return self;
|
||||
}
|
||||
|
||||
static VALUE
|
||||
ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
|
||||
{
|
||||
return ossl_cipher_init(argc, argv, self, 1);
|
||||
}
|
||||
|
||||
static VALUE
|
||||
ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
|
||||
{
|
||||
return ossl_cipher_init(argc, argv, self, 0);
|
||||
}
|
||||
|
||||
static VALUE
|
||||
ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
|
||||
VALUE pass, init_v;
|
||||
|
||||
const EVP_MD *digest;
|
||||
VALUE vpass, vsalt, viter, vdigest;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL;
|
||||
int iter;
|
||||
|
||||
GetCipher(self, ctx);
|
||||
rb_scan_args(argc, argv, "02", &pass, &init_v);
|
||||
|
||||
if (NIL_P(init_v)) {
|
||||
/*
|
||||
* TODO:
|
||||
* random IV generation!
|
||||
*/
|
||||
memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH);
|
||||
}
|
||||
else {
|
||||
init_v = rb_obj_as_string(init_v);
|
||||
if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) {
|
||||
memset(iv, 0, EVP_MAX_IV_LENGTH);
|
||||
memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len);
|
||||
}
|
||||
else {
|
||||
memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH);
|
||||
}
|
||||
rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest);
|
||||
StringValue(vpass);
|
||||
if(!NIL_P(vsalt)){
|
||||
StringValue(vsalt);
|
||||
if(RSTRING(vsalt)->len != PKCS5_SALT_LEN)
|
||||
rb_raise(eCipherError, "salt must be an 8-octet string.");
|
||||
salt = RSTRING(vsalt)->ptr;
|
||||
}
|
||||
iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
|
||||
digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest);
|
||||
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
|
||||
RSTRING(vpass)->ptr, RSTRING(vpass)->len, iter, key, iv);
|
||||
if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1)
|
||||
ossl_raise(eCipherError, NULL);
|
||||
OPENSSL_cleanse(key, sizeof key);
|
||||
OPENSSL_cleanse(iv, sizeof iv);
|
||||
|
||||
if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 0) != 1) {
|
||||
ossl_raise(eCipherError, NULL);
|
||||
}
|
||||
|
||||
if (!NIL_P(pass)) {
|
||||
StringValue(pass);
|
||||
|
||||
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
|
||||
RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
|
||||
if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) {
|
||||
ossl_raise(eCipherError, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
return self;
|
||||
return Qnil;
|
||||
}
|
||||
|
||||
static VALUE
|
||||
|
@ -312,6 +297,18 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|||
return iv;
|
||||
}
|
||||
|
||||
static VALUE
|
||||
ossl_cipher_set_key_length(VALUE self, VALUE key_length)
|
||||
{
|
||||
EVP_CIPHER_CTX *ctx;
|
||||
|
||||
GetCipher(self, ctx);
|
||||
if (EVP_CIPHER_CTX_set_key_length(ctx, NUM2INT(key_length)) != 1)
|
||||
ossl_raise(eCipherError, NULL);
|
||||
|
||||
return key_length;
|
||||
}
|
||||
|
||||
static VALUE
|
||||
ossl_cipher_set_padding(VALUE self, VALUE padding)
|
||||
{
|
||||
|
@ -319,7 +316,7 @@ ossl_cipher_set_padding(VALUE self, VALUE padding)
|
|||
EVP_CIPHER_CTX *ctx;
|
||||
|
||||
GetCipher(self, ctx);
|
||||
if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1)
|
||||
if (EVP_CIPHER_CTX_set_padding(ctx, RTEST(padding)) != 1)
|
||||
ossl_raise(eCipherError, NULL);
|
||||
#else
|
||||
rb_notimplement();
|
||||
|
@ -355,10 +352,12 @@ Init_ossl_cipher(void)
|
|||
rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
|
||||
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);
|
||||
rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1);
|
||||
rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1);
|
||||
rb_define_method(cCipher, "update", ossl_cipher_update, 1);
|
||||
rb_define_method(cCipher, "final", ossl_cipher_final, 0);
|
||||
rb_define_method(cCipher, "name", ossl_cipher_name, 0);
|
||||
rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1);
|
||||
rb_define_method(cCipher, "key_len=", ossl_cipher_set_key_length, 1);
|
||||
rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0);
|
||||
rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1);
|
||||
rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
|
||||
|
|
Loading…
Reference in a new issue