Support generating DH pkeys from parameters

anakinj · anakinj · commit 7f95cd8f91b4 · 2022-12-28T20:54:28.000+02:00
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
@@ -454,12 +454,12 @@ add_ec_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {
     }
 
     if(strcmp(OSSL_PKEY_PARAM_PRIV_KEY, key_ptr) == 0) {
-        if(!OSSL_PARAM_BLD_push_BN(params_builder, OSSL_PKEY_PARAM_PRIV_KEY, GetBNPtr(value))) // unsigned integer, but presented as BN will work just fine
+        if(!OSSL_PARAM_BLD_push_BN(params_builder, OSSL_PKEY_PARAM_PRIV_KEY, GetBNPtr(value)))
             ossl_raise(ePKeyError, "OSSL_PARAM_BLD_push_BN");
         return ST_CONTINUE;
     }
 
-    ossl_raise(ePKeyError, "Unsupported EC parameter \"%s\"", key_ptr);
+    ossl_raise(ePKeyError, "Unsupported parameter \"%s\"", key_ptr);
 }
 
 static int
@@ -529,11 +529,11 @@ add_rsa_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {
         return ST_CONTINUE;
     }
 
-    ossl_raise(ePKeyError, "Unsupported RSA parameter \"%s\"", key_ptr);
+    ossl_raise(ePKeyError, "Unsupported parameter \"%s\"", key_ptr);
 }
 
 static int
-add_dsa_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {
+add_ffc_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {
     OSSL_PARAM_BLD *params_builder = (OSSL_PARAM_BLD *) arg;
 
     if(NIL_P(value))
@@ -583,7 +583,7 @@ add_dsa_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {
         return ST_CONTINUE;
     }
 
-    ossl_raise(ePKeyError, "Unsupported DSA parameter \"%s\"", key_ptr);
+    ossl_raise(ePKeyError, "Unsupported parameter \"%s\"", key_ptr);
 }
 
 static VALUE
@@ -604,7 +604,9 @@ pkey_from_parameters(int argc, VALUE *argv, VALUE self)
     else if (strcmp("EC", StringValueCStr(alg)) == 0)
         param_adder = &add_ec_parameters_to_builder;
     else if (strcmp("DSA", StringValueCStr(alg)) == 0)
-        param_adder = &add_dsa_parameters_to_builder;
+        param_adder = &add_ffc_parameters_to_builder;
+    else if (strcmp("DH", StringValueCStr(alg)) == 0)
+        param_adder = &add_ffc_parameters_to_builder;
     else
         ossl_raise(ePKeyError, "\"%s\" is not a supported algorithm", StringValueCStr(alg));
 
diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
@@ -268,7 +268,7 @@ def test_s_from_parameters_rsa_with_simple_names
 
     def test_s_from_parameters_rsa_with_invalid_parameter
       e = assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.from_parameters("RSA", invalid: 1234) }
-      assert_equal 'Unsupported RSA parameter "invalid"', e.message
+      assert_equal 'Unsupported parameter "invalid"', e.message
     end
 
     def test_s_from_parameters_ec_pub_given_as_string
@@ -321,7 +321,7 @@ def test_s_from_parameters_ec_pub_given_as_integer
 
     def test_s_from_parameters_ec_with_invalid_parameter
       e = assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.from_parameters("EC", invalid: 1234) }
-      assert_equal 'Unsupported EC parameter "invalid"', e.message
+      assert_equal 'Unsupported parameter "invalid"', e.message
     end
 
     def test_s_from_parameters_dsa_with_all_supported_parameters
@@ -333,6 +333,7 @@ def test_s_from_parameters_dsa_with_all_supported_parameters
                                                       q: source.params["q"],
                                                       g: source.params["g"])
 
+      assert_instance_of OpenSSL::PKey::DSA, new_key
       assert_equal source.params, new_key.params
     end
 
@@ -346,7 +347,21 @@ def test_s_from_parameters_dsa_with_gem_specific_keys
 
     def test_s_from_parameters_dsa_with_invalid_parameter
       e = assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.from_parameters("DSA", invalid: 1234) }
-      assert_equal 'Unsupported DSA parameter "invalid"', e.message
+      assert_equal 'Unsupported parameter "invalid"', e.message
+    end
+
+    def test_s_from_parameters_dh_with_all_supported_parameters
+      source  = OpenSSL::PKey::DH.generate(512)
+
+      new_key =  OpenSSL::PKey.from_parameters("DH", source.params)
+
+      assert_instance_of OpenSSL::PKey::DH, new_key
+      assert_equal source.params, new_key.params
+    end
+
+    def test_s_from_parameters_dh_with_invalid_parameter
+      e = assert_raise(OpenSSL::PKey::PKeyError) { OpenSSL::PKey.from_parameters("DH", invalid: 1234) }
+      assert_equal 'Unsupported parameter "invalid"', e.message
     end
   else
     def test_from_parameter_raises_on_pre_3_openssl

Original file line number	Diff line number	Diff line change
`@@ -454,12 +454,12 @@ add_ec_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {`
`454`	`454`	`}`
`455`	`455`
`456`	`456`	`if(strcmp(OSSL_PKEY_PARAM_PRIV_KEY, key_ptr) == 0) {`
`457`		`- if(!OSSL_PARAM_BLD_push_BN(params_builder, OSSL_PKEY_PARAM_PRIV_KEY, GetBNPtr(value))) // unsigned integer, but presented as BN will work just fine`
	`457`	`+ if(!OSSL_PARAM_BLD_push_BN(params_builder, OSSL_PKEY_PARAM_PRIV_KEY, GetBNPtr(value)))`
`458`	`458`	`ossl_raise(ePKeyError, "OSSL_PARAM_BLD_push_BN");`
`459`	`459`	`return ST_CONTINUE;`
`460`	`460`	`}`
`461`	`461`
`462`		`- ossl_raise(ePKeyError, "Unsupported EC parameter \"%s\"", key_ptr);`
	`462`	`+ ossl_raise(ePKeyError, "Unsupported parameter \"%s\"", key_ptr);`
`463`	`463`	`}`
`464`	`464`
`465`	`465`	`static int`
`@@ -529,11 +529,11 @@ add_rsa_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {`
`529`	`529`	`return ST_CONTINUE;`
`530`	`530`	`}`
`531`	`531`
`532`		`- ossl_raise(ePKeyError, "Unsupported RSA parameter \"%s\"", key_ptr);`
	`532`	`+ ossl_raise(ePKeyError, "Unsupported parameter \"%s\"", key_ptr);`
`533`	`533`	`}`
`534`	`534`
`535`	`535`	`static int`
`536`		`-add_dsa_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {`
	`536`	`+add_ffc_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {`
`537`	`537`	`OSSL_PARAM_BLD params_builder = (OSSL_PARAM_BLD ) arg;`
`538`	`538`
`539`	`539`	`if(NIL_P(value))`
`@@ -583,7 +583,7 @@ add_dsa_parameters_to_builder(VALUE key, VALUE value, VALUE arg) {`
`583`	`583`	`return ST_CONTINUE;`
`584`	`584`	`}`
`585`	`585`
`586`		`- ossl_raise(ePKeyError, "Unsupported DSA parameter \"%s\"", key_ptr);`
	`586`	`+ ossl_raise(ePKeyError, "Unsupported parameter \"%s\"", key_ptr);`
`587`	`587`	`}`
`588`	`588`
`589`	`589`	`static VALUE`
`@@ -604,7 +604,9 @@ pkey_from_parameters(int argc, VALUE *argv, VALUE self)`
`604`	`604`	`else if (strcmp("EC", StringValueCStr(alg)) == 0)`
`605`	`605`	`param_adder = &add_ec_parameters_to_builder;`
`606`	`606`	`else if (strcmp("DSA", StringValueCStr(alg)) == 0)`
`607`		`- param_adder = &add_dsa_parameters_to_builder;`
	`607`	`+ param_adder = &add_ffc_parameters_to_builder;`
	`608`	`+ else if (strcmp("DH", StringValueCStr(alg)) == 0)`
	`609`	`+ param_adder = &add_ffc_parameters_to_builder;`
`608`	`610`	`else`
`609`	`611`	`ossl_raise(ePKeyError, "\"%s\" is not a supported algorithm", StringValueCStr(alg));`
`610`	`612`