Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkey: allow setting algorithm-specific options in #sign and #verify #374

Merged
merged 3 commits into from
Apr 4, 2021
Merged

pkey: allow setting algorithm-specific options in #sign and #verify #374

merged 3 commits into from
Apr 4, 2021

Conversation

rhenium
Copy link
Member

@rhenium rhenium commented May 21, 2020

Similarly to OpenSSL::PKey.generate_key and .generate_parameters, add
an optional parameter to OpenSSL::PKey::PKey#sign and #verify to specify
strings for EVP_PKEY_CTX_ctrl_str().

@rhenium rhenium force-pushed the ky/pkey-sign-verify-options branch from 76db8a4 to 4c13c6a Compare June 29, 2020 05:44
@ioquatix
Copy link
Member

Do these behave like keyword options?

@rhenium
Copy link
Member Author

rhenium commented Jun 30, 2020

Technically, it takes Hash as the last (3rd) positional parameter, and the key-value pairs are passed to EVP_PKEY_CTX_ctrl_str(). The Hash can have String and Symbol keys (both converted to String later), so caller can use the keyword argument style as well. My understanding is that Ruby 3 is not going to change this.

pkey.sign("sha256", data, { rsa_padding_mode: "pss", ... })
pkey.sign("sha256", data, rsa_padding_mode: "pss", ...)

The drawback is that we won't be able to add real keyword arguments to #sign or #verify later. But at the moment I can't think of any.

@rhenium rhenium mentioned this pull request Jun 30, 2020
Merged
@rhenium rhenium force-pushed the ky/pkey-sign-verify-options branch from 4c13c6a to e39e92c Compare August 21, 2020 09:15
@rhenium
Copy link
Member Author

rhenium commented Aug 21, 2020

CI is failing because the test depends on OpenSSL >= 1.0.2 feature (RSA-PSS).

@rhenium rhenium mentioned this pull request Aug 21, 2020
Closed
@rhenium rhenium force-pushed the ky/pkey-sign-verify-options branch from e39e92c to 7f57273 Compare April 4, 2021 14:32
@rhenium
pkey: fix potential memory leak in PKey#sign
99e8630 
Fix potential leak of EVP_MD_CTX object in an error path. This path is
normally unreachable, since the size of a signature generated by any
supported algorithms would not be larger than LONG_MAX.
@rhenium
pkey: prepare pkey_ctx_apply_options() for usage by other operations
b2b7752 
The routine to apply Hash to EVP_PKEY_CTX_ctrl_str() is currently used
by key generation, but it is useful for other operations too. Let's
change it to a slightly more generic name.
@rhenium
pkey: allow setting algorithm-specific options in #sign and #verify
faf85d7 
Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
specifying control strings for EVP_PKEY_CTX_ctrl_str().
@rhenium rhenium force-pushed the ky/pkey-sign-verify-options branch from 7f57273 to faf85d7 Compare April 4, 2021 14:40
@rhenium rhenium merged commit 44dbdfa into ruby:master Apr 4, 2021
@bdewater bdewater mentioned this pull request Oct 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rhenium @ioquatix