3cd2ea3699
* Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 The released Ruby 3.0.5 includes the following fix. * Fix HTTP response splitting in CGI. Resolves: RHEL-35741 The released Ruby 3.0.6 includes the following fixes. * Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 * Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 The released Ruby 3.0.7 includes the following fixes. * Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 * Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746 * Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747 Replaced the patch ruby-3.0.3-ext-openssl-extconf.rb-require-OpenSSL-version-1.0.1.patch with the tiny patch ruby-ext-openssl-extconf.rb-ignore-OpenSSL-version-check.patch not using the reverse logic. Because it was hard to maintain the patch file, when the included file was updated on the upstream. Added the following patches. * Fix net-http test errors due to expired certificate. The patch ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch was copied from the part on the Fedora rawhide <05a6c9c8f3
>. * Fix `TestNetHTTPS#test_session_reuse_but_expire` test failure cause. The patch ruby-3.3.1-Fix-test-session-reuse-but-expire.patch was copied from the part on Fedora rawhide <a34f33bc50
>. As a reference, the part comes from Fedora ruby-3.3 branch <99d21ecc4c
>.
524 lines
16 KiB
Diff
524 lines
16 KiB
Diff
From 8253d7c9cea16c2aa009b59db4f5d93afb74c6eb Mon Sep 17 00:00:00 2001
|
|
From: Kazuki Yamaguchi <k@rhe.jp>
|
|
Date: Tue, 30 Jun 2020 14:27:13 +0900
|
|
Subject: [PATCH 1/2] hmac: add a test case for OpenSSL::HMAC singleton methods
|
|
|
|
---
|
|
test/openssl/test_hmac.rb | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb
|
|
index 9cb3c5a86..7202a5902 100644
|
|
--- a/test/openssl/test_hmac.rb
|
|
+++ b/test/openssl/test_hmac.rb
|
|
@@ -49,6 +49,15 @@ def test_eq
|
|
refute_equal h1, h2.digest
|
|
refute_equal h1, h3
|
|
end
|
|
+
|
|
+ def test_singleton_methods
|
|
+ # RFC 2202 2. Test Cases for HMAC-MD5
|
|
+ key = ["0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"].pack("H*")
|
|
+ digest = OpenSSL::HMAC.digest("MD5", key, "Hi There")
|
|
+ assert_equal ["9294727a3638bb1c13f48ef8158bfc9d"].pack("H*"), digest
|
|
+ hexdigest = OpenSSL::HMAC.hexdigest("MD5", key, "Hi There")
|
|
+ assert_equal "9294727a3638bb1c13f48ef8158bfc9d", hexdigest
|
|
+ end
|
|
end
|
|
|
|
end
|
|
|
|
From 0317e2fc028be40a7d64d0e4337d3e21539613ce Mon Sep 17 00:00:00 2001
|
|
From: Kazuki Yamaguchi <k@rhe.jp>
|
|
Date: Mon, 18 May 2020 16:15:07 +0900
|
|
Subject: [PATCH 2/2] hmac: migrate from the low-level HMAC API to the EVP API
|
|
|
|
Use the EVP API instead of the low-level HMAC API. Use of the HMAC API
|
|
has been discouraged and is being marked as deprecated starting from
|
|
OpenSSL 3.0.0.
|
|
|
|
The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest
|
|
are now in lib/openssl/hmac.rb.
|
|
---
|
|
ext/openssl/extconf.rb | 3 +-
|
|
ext/openssl/lib/openssl/hmac.rb | 40 +++++++
|
|
ext/openssl/openssl_missing.c | 26 -----
|
|
ext/openssl/openssl_missing.h | 10 +-
|
|
ext/openssl/ossl.h | 1 -
|
|
ext/openssl/ossl_hmac.c | 179 ++++++++------------------------
|
|
6 files changed, 89 insertions(+), 170 deletions(-)
|
|
|
|
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
|
|
index 693e55cd9..063498a76 100644
|
|
--- a/ext/openssl/extconf.rb
|
|
+++ b/ext/openssl/extconf.rb
|
|
@@ -148,8 +148,7 @@ def find_openssl_library
|
|
have_func("BN_GENCB_get_arg")
|
|
have_func("EVP_MD_CTX_new")
|
|
have_func("EVP_MD_CTX_free")
|
|
-have_func("HMAC_CTX_new")
|
|
-have_func("HMAC_CTX_free")
|
|
+have_func("EVP_MD_CTX_pkey_ctx")
|
|
have_func("X509_STORE_get_ex_data")
|
|
have_func("X509_STORE_set_ex_data")
|
|
have_func("X509_STORE_get_ex_new_index")
|
|
diff --git a/ext/openssl/lib/openssl/hmac.rb b/ext/openssl/lib/openssl/hmac.rb
|
|
index 3d4427611d..9bc8bc8df3 100644
|
|
--- a/ext/openssl/lib/openssl/hmac.rb
|
|
+++ b/ext/openssl/lib/openssl/hmac.rb
|
|
@@ -9,5 +9,45 @@ def ==(other)
|
|
|
|
OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
|
|
end
|
|
+
|
|
+ class << self
|
|
+ # :call-seq:
|
|
+ # HMAC.digest(digest, key, data) -> aString
|
|
+ #
|
|
+ # Returns the authentication code as a binary string. The _digest_ parameter
|
|
+ # specifies the digest algorithm to use. This may be a String representing
|
|
+ # the algorithm name or an instance of OpenSSL::Digest.
|
|
+ #
|
|
+ # === Example
|
|
+ # key = 'key'
|
|
+ # data = 'The quick brown fox jumps over the lazy dog'
|
|
+ #
|
|
+ # hmac = OpenSSL::HMAC.digest('SHA1', key, data)
|
|
+ # #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
|
|
+ def digest(digest, key, data)
|
|
+ hmac = new(key, digest)
|
|
+ hmac << data
|
|
+ hmac.digest
|
|
+ end
|
|
+
|
|
+ # :call-seq:
|
|
+ # HMAC.hexdigest(digest, key, data) -> aString
|
|
+ #
|
|
+ # Returns the authentication code as a hex-encoded string. The _digest_
|
|
+ # parameter specifies the digest algorithm to use. This may be a String
|
|
+ # representing the algorithm name or an instance of OpenSSL::Digest.
|
|
+ #
|
|
+ # === Example
|
|
+ # key = 'key'
|
|
+ # data = 'The quick brown fox jumps over the lazy dog'
|
|
+ #
|
|
+ # hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
|
|
+ # #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
|
|
+ def hexdigest(digest, key, data)
|
|
+ hmac = new(key, digest)
|
|
+ hmac << data
|
|
+ hmac.hexdigest
|
|
+ end
|
|
+ end
|
|
end
|
|
end
|
|
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
|
|
index b36ef0288..010c158dc 100644
|
|
--- a/ext/openssl/openssl_missing.c
|
|
+++ b/ext/openssl/openssl_missing.c
|
|
@@ -13,9 +13,6 @@
|
|
#if !defined(OPENSSL_NO_ENGINE)
|
|
# include <openssl/engine.h>
|
|
#endif
|
|
-#if !defined(OPENSSL_NO_HMAC)
|
|
-# include <openssl/hmac.h>
|
|
-#endif
|
|
#include <openssl/x509_vfy.h>
|
|
|
|
#include "openssl_missing.h"
|
|
@@ -58,29 +55,6 @@ ossl_EC_curve_nist2nid(const char *name)
|
|
#endif
|
|
|
|
/*** added in 1.1.0 ***/
|
|
-#if !defined(HAVE_HMAC_CTX_NEW)
|
|
-HMAC_CTX *
|
|
-ossl_HMAC_CTX_new(void)
|
|
-{
|
|
- HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
|
|
- if (!ctx)
|
|
- return NULL;
|
|
- HMAC_CTX_init(ctx);
|
|
- return ctx;
|
|
-}
|
|
-#endif
|
|
-
|
|
-#if !defined(HAVE_HMAC_CTX_FREE)
|
|
-void
|
|
-ossl_HMAC_CTX_free(HMAC_CTX *ctx)
|
|
-{
|
|
- if (ctx) {
|
|
- HMAC_CTX_cleanup(ctx);
|
|
- OPENSSL_free(ctx);
|
|
- }
|
|
-}
|
|
-#endif
|
|
-
|
|
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
|
|
void
|
|
ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
|
|
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
|
|
index 7d218f86f..06d2a9082 100644
|
|
--- a/ext/openssl/openssl_missing.h
|
|
+++ b/ext/openssl/openssl_missing.h
|
|
@@ -54,14 +54,8 @@ int ossl_EC_curve_nist2nid(const char *);
|
|
# define EVP_MD_CTX_free EVP_MD_CTX_destroy
|
|
#endif
|
|
|
|
-#if !defined(HAVE_HMAC_CTX_NEW)
|
|
-HMAC_CTX *ossl_HMAC_CTX_new(void);
|
|
-# define HMAC_CTX_new ossl_HMAC_CTX_new
|
|
-#endif
|
|
-
|
|
-#if !defined(HAVE_HMAC_CTX_FREE)
|
|
-void ossl_HMAC_CTX_free(HMAC_CTX *);
|
|
-# define HMAC_CTX_free ossl_HMAC_CTX_free
|
|
+#if !defined(HAVE_EVP_MD_CTX_PKEY_CTX)
|
|
+# define EVP_MD_CTX_pkey_ctx(x) (x)->pctx
|
|
#endif
|
|
|
|
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
|
|
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
|
|
index c20f506bd..577eb6d6b 100644
|
|
--- a/ext/openssl/ossl.h
|
|
+++ b/ext/openssl/ossl.h
|
|
@@ -24,7 +24,6 @@
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/pkcs12.h>
|
|
#include <openssl/pkcs7.h>
|
|
-#include <openssl/hmac.h>
|
|
#include <openssl/rand.h>
|
|
#include <openssl/conf.h>
|
|
#ifndef OPENSSL_NO_TS
|
|
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
|
|
index 70e9fb819..a21db6c48 100644
|
|
--- a/ext/openssl/ossl_hmac.c
|
|
+++ b/ext/openssl/ossl_hmac.c
|
|
@@ -7,14 +7,12 @@
|
|
* This program is licensed under the same licence as Ruby.
|
|
* (See the file 'LICENCE'.)
|
|
*/
|
|
-#if !defined(OPENSSL_NO_HMAC)
|
|
-
|
|
#include "ossl.h"
|
|
|
|
#define NewHMAC(klass) \
|
|
TypedData_Wrap_Struct((klass), &ossl_hmac_type, 0)
|
|
#define GetHMAC(obj, ctx) do { \
|
|
- TypedData_Get_Struct((obj), HMAC_CTX, &ossl_hmac_type, (ctx)); \
|
|
+ TypedData_Get_Struct((obj), EVP_MD_CTX, &ossl_hmac_type, (ctx)); \
|
|
if (!(ctx)) { \
|
|
ossl_raise(rb_eRuntimeError, "HMAC wasn't initialized"); \
|
|
} \
|
|
@@ -36,7 +34,7 @@ VALUE eHMACError;
|
|
static void
|
|
ossl_hmac_free(void *ctx)
|
|
{
|
|
- HMAC_CTX_free(ctx);
|
|
+ EVP_MD_CTX_free(ctx);
|
|
}
|
|
|
|
static const rb_data_type_t ossl_hmac_type = {
|
|
@@ -51,12 +49,12 @@ static VALUE
|
|
ossl_hmac_alloc(VALUE klass)
|
|
{
|
|
VALUE obj;
|
|
- HMAC_CTX *ctx;
|
|
+ EVP_MD_CTX *ctx;
|
|
|
|
obj = NewHMAC(klass);
|
|
- ctx = HMAC_CTX_new();
|
|
+ ctx = EVP_MD_CTX_new();
|
|
if (!ctx)
|
|
- ossl_raise(eHMACError, NULL);
|
|
+ ossl_raise(eHMACError, "EVP_MD_CTX");
|
|
RTYPEDDATA_DATA(obj) = ctx;
|
|
|
|
return obj;
|
|
@@ -76,8 +74,7 @@ ossl_hmac_alloc(VALUE klass)
|
|
* === Example
|
|
*
|
|
* key = 'key'
|
|
- * digest = OpenSSL::Digest.new('sha1')
|
|
- * instance = OpenSSL::HMAC.new(key, digest)
|
|
+ * instance = OpenSSL::HMAC.new(key, 'SHA1')
|
|
* #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
|
|
* instance.class
|
|
* #=> OpenSSL::HMAC
|
|
@@ -86,7 +83,7 @@ ossl_hmac_alloc(VALUE klass)
|
|
*
|
|
* Two instances can be securely compared with #== in constant time:
|
|
*
|
|
- * other_instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
|
|
+ * other_instance = OpenSSL::HMAC.new('key', 'SHA1')
|
|
* #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
|
|
* instance == other_instance
|
|
* #=> true
|
|
@@ -95,12 +92,23 @@ ossl_hmac_alloc(VALUE klass)
|
|
static VALUE
|
|
ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
|
|
{
|
|
- HMAC_CTX *ctx;
|
|
+ EVP_MD_CTX *ctx;
|
|
+ EVP_PKEY *pkey;
|
|
|
|
- StringValue(key);
|
|
GetHMAC(self, ctx);
|
|
- HMAC_Init_ex(ctx, RSTRING_PTR(key), RSTRING_LENINT(key),
|
|
- ossl_evp_get_digestbyname(digest), NULL);
|
|
+ StringValue(key);
|
|
+ pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
|
|
+ (unsigned char *)RSTRING_PTR(key),
|
|
+ RSTRING_LENINT(key));
|
|
+ if (!pkey)
|
|
+ ossl_raise(eHMACError, "EVP_PKEY_new_mac_key");
|
|
+ if (EVP_DigestSignInit(ctx, NULL, ossl_evp_get_digestbyname(digest),
|
|
+ NULL, pkey) != 1) {
|
|
+ EVP_PKEY_free(pkey);
|
|
+ ossl_raise(eHMACError, "EVP_DigestSignInit");
|
|
+ }
|
|
+ /* Decrement reference counter; EVP_MD_CTX still keeps it */
|
|
+ EVP_PKEY_free(pkey);
|
|
|
|
return self;
|
|
}
|
|
@@ -108,16 +116,15 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
|
|
static VALUE
|
|
ossl_hmac_copy(VALUE self, VALUE other)
|
|
{
|
|
- HMAC_CTX *ctx1, *ctx2;
|
|
+ EVP_MD_CTX *ctx1, *ctx2;
|
|
|
|
rb_check_frozen(self);
|
|
if (self == other) return self;
|
|
|
|
GetHMAC(self, ctx1);
|
|
GetHMAC(other, ctx2);
|
|
-
|
|
- if (!HMAC_CTX_copy(ctx1, ctx2))
|
|
- ossl_raise(eHMACError, "HMAC_CTX_copy");
|
|
+ if (EVP_MD_CTX_copy(ctx1, ctx2) != 1)
|
|
+ ossl_raise(eHMACError, "EVP_MD_CTX_copy");
|
|
return self;
|
|
}
|
|
|
|
@@ -142,33 +149,16 @@ ossl_hmac_copy(VALUE self, VALUE other)
|
|
static VALUE
|
|
ossl_hmac_update(VALUE self, VALUE data)
|
|
{
|
|
- HMAC_CTX *ctx;
|
|
+ EVP_MD_CTX *ctx;
|
|
|
|
StringValue(data);
|
|
GetHMAC(self, ctx);
|
|
- HMAC_Update(ctx, (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data));
|
|
+ if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) != 1)
|
|
+ ossl_raise(eHMACError, "EVP_DigestSignUpdate");
|
|
|
|
return self;
|
|
}
|
|
|
|
-static void
|
|
-hmac_final(HMAC_CTX *ctx, unsigned char *buf, unsigned int *buf_len)
|
|
-{
|
|
- HMAC_CTX *final;
|
|
-
|
|
- final = HMAC_CTX_new();
|
|
- if (!final)
|
|
- ossl_raise(eHMACError, "HMAC_CTX_new");
|
|
-
|
|
- if (!HMAC_CTX_copy(final, ctx)) {
|
|
- HMAC_CTX_free(final);
|
|
- ossl_raise(eHMACError, "HMAC_CTX_copy");
|
|
- }
|
|
-
|
|
- HMAC_Final(final, buf, buf_len);
|
|
- HMAC_CTX_free(final);
|
|
-}
|
|
-
|
|
/*
|
|
* call-seq:
|
|
* hmac.digest -> string
|
|
@@ -176,7 +166,7 @@ hmac_final(HMAC_CTX *ctx, unsigned char *buf, unsigned int *buf_len)
|
|
* Returns the authentication code an instance represents as a binary string.
|
|
*
|
|
* === Example
|
|
- * instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
|
|
+ * instance = OpenSSL::HMAC.new('key', 'SHA1')
|
|
* #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
|
|
* instance.digest
|
|
* #=> "\xF4+\xB0\xEE\xB0\x18\xEB\xBDE\x97\xAEr\x13q\x1E\xC6\a`\x84?"
|
|
@@ -184,15 +174,16 @@ hmac_final(HMAC_CTX *ctx, unsigned char *buf, unsigned int *buf_len)
|
|
static VALUE
|
|
ossl_hmac_digest(VALUE self)
|
|
{
|
|
- HMAC_CTX *ctx;
|
|
- unsigned int buf_len;
|
|
+ EVP_MD_CTX *ctx;
|
|
+ size_t buf_len;
|
|
VALUE ret;
|
|
|
|
GetHMAC(self, ctx);
|
|
ret = rb_str_new(NULL, EVP_MAX_MD_SIZE);
|
|
- hmac_final(ctx, (unsigned char *)RSTRING_PTR(ret), &buf_len);
|
|
- assert(buf_len <= EVP_MAX_MD_SIZE);
|
|
- rb_str_set_len(ret, buf_len);
|
|
+ if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(ret),
|
|
+ &buf_len) != 1)
|
|
+ ossl_raise(eHMACError, "EVP_DigestSignFinal");
|
|
+ rb_str_set_len(ret, (long)buf_len);
|
|
|
|
return ret;
|
|
}
|
|
@@ -207,13 +198,14 @@ ossl_hmac_digest(VALUE self)
|
|
static VALUE
|
|
ossl_hmac_hexdigest(VALUE self)
|
|
{
|
|
- HMAC_CTX *ctx;
|
|
+ EVP_MD_CTX *ctx;
|
|
unsigned char buf[EVP_MAX_MD_SIZE];
|
|
- unsigned int buf_len;
|
|
+ size_t buf_len;
|
|
VALUE ret;
|
|
|
|
GetHMAC(self, ctx);
|
|
- hmac_final(ctx, buf, &buf_len);
|
|
+ if (EVP_DigestSignFinal(ctx, buf, &buf_len) != 1)
|
|
+ ossl_raise(eHMACError, "EVP_DigestSignFinal");
|
|
ret = rb_str_new(NULL, buf_len * 2);
|
|
ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);
|
|
|
|
@@ -230,7 +222,7 @@ ossl_hmac_hexdigest(VALUE self)
|
|
* === Example
|
|
*
|
|
* data = "The quick brown fox jumps over the lazy dog"
|
|
- * instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
|
|
+ * instance = OpenSSL::HMAC.new('key', 'SHA1')
|
|
* #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
|
|
*
|
|
* instance.update(data)
|
|
@@ -242,84 +234,17 @@ ossl_hmac_hexdigest(VALUE self)
|
|
static VALUE
|
|
ossl_hmac_reset(VALUE self)
|
|
{
|
|
- HMAC_CTX *ctx;
|
|
+ EVP_MD_CTX *ctx;
|
|
+ EVP_PKEY *pkey;
|
|
|
|
GetHMAC(self, ctx);
|
|
- HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
|
|
+ pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
|
|
+ if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_md(ctx), NULL, pkey) != 1)
|
|
+ ossl_raise(eHMACError, "EVP_DigestSignInit");
|
|
|
|
return self;
|
|
}
|
|
|
|
-/*
|
|
- * call-seq:
|
|
- * HMAC.digest(digest, key, data) -> aString
|
|
- *
|
|
- * Returns the authentication code as a binary string. The _digest_ parameter
|
|
- * specifies the digest algorithm to use. This may be a String representing
|
|
- * the algorithm name or an instance of OpenSSL::Digest.
|
|
- *
|
|
- * === Example
|
|
- *
|
|
- * key = 'key'
|
|
- * data = 'The quick brown fox jumps over the lazy dog'
|
|
- *
|
|
- * hmac = OpenSSL::HMAC.digest('sha1', key, data)
|
|
- * #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
|
|
- *
|
|
- */
|
|
-static VALUE
|
|
-ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data)
|
|
-{
|
|
- unsigned char *buf;
|
|
- unsigned int buf_len;
|
|
-
|
|
- StringValue(key);
|
|
- StringValue(data);
|
|
- buf = HMAC(ossl_evp_get_digestbyname(digest), RSTRING_PTR(key),
|
|
- RSTRING_LENINT(key), (unsigned char *)RSTRING_PTR(data),
|
|
- RSTRING_LEN(data), NULL, &buf_len);
|
|
-
|
|
- return rb_str_new((const char *)buf, buf_len);
|
|
-}
|
|
-
|
|
-/*
|
|
- * call-seq:
|
|
- * HMAC.hexdigest(digest, key, data) -> aString
|
|
- *
|
|
- * Returns the authentication code as a hex-encoded string. The _digest_
|
|
- * parameter specifies the digest algorithm to use. This may be a String
|
|
- * representing the algorithm name or an instance of OpenSSL::Digest.
|
|
- *
|
|
- * === Example
|
|
- *
|
|
- * key = 'key'
|
|
- * data = 'The quick brown fox jumps over the lazy dog'
|
|
- *
|
|
- * hmac = OpenSSL::HMAC.hexdigest('sha1', key, data)
|
|
- * #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
|
|
- *
|
|
- */
|
|
-static VALUE
|
|
-ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data)
|
|
-{
|
|
- unsigned char buf[EVP_MAX_MD_SIZE];
|
|
- unsigned int buf_len;
|
|
- VALUE ret;
|
|
-
|
|
- StringValue(key);
|
|
- StringValue(data);
|
|
-
|
|
- if (!HMAC(ossl_evp_get_digestbyname(digest), RSTRING_PTR(key),
|
|
- RSTRING_LENINT(key), (unsigned char *)RSTRING_PTR(data),
|
|
- RSTRING_LEN(data), buf, &buf_len))
|
|
- ossl_raise(eHMACError, "HMAC");
|
|
-
|
|
- ret = rb_str_new(NULL, buf_len * 2);
|
|
- ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);
|
|
-
|
|
- return ret;
|
|
-}
|
|
-
|
|
/*
|
|
* INIT
|
|
*/
|
|
@@ -353,8 +278,7 @@ Init_ossl_hmac(void)
|
|
* data1 = File.read("file1")
|
|
* data2 = File.read("file2")
|
|
* key = "key"
|
|
- * digest = OpenSSL::Digest.new('SHA256')
|
|
- * hmac = OpenSSL::HMAC.new(key, digest)
|
|
+ * hmac = OpenSSL::HMAC.new(key, 'SHA256')
|
|
* hmac << data1
|
|
* hmac << data2
|
|
* mac = hmac.digest
|
|
@@ -364,8 +288,6 @@ Init_ossl_hmac(void)
|
|
cHMAC = rb_define_class_under(mOSSL, "HMAC", rb_cObject);
|
|
|
|
rb_define_alloc_func(cHMAC, ossl_hmac_alloc);
|
|
- rb_define_singleton_method(cHMAC, "digest", ossl_hmac_s_digest, 3);
|
|
- rb_define_singleton_method(cHMAC, "hexdigest", ossl_hmac_s_hexdigest, 3);
|
|
|
|
rb_define_method(cHMAC, "initialize", ossl_hmac_initialize, 2);
|
|
rb_define_method(cHMAC, "initialize_copy", ossl_hmac_copy, 1);
|
|
@@ -378,12 +300,3 @@ Init_ossl_hmac(void)
|
|
rb_define_alias(cHMAC, "inspect", "hexdigest");
|
|
rb_define_alias(cHMAC, "to_s", "hexdigest");
|
|
}
|
|
-
|
|
-#else /* NO_HMAC */
|
|
-# warning >>> OpenSSL is compiled without HMAC support <<<
|
|
-void
|
|
-Init_ossl_hmac(void)
|
|
-{
|
|
- rb_warning("HMAC is not available: OpenSSL is compiled without HMAC.");
|
|
-}
|
|
-#endif /* NO_HMAC */
|
|
--
|
|
2.34.1
|
|
|