Add support for OpenSSL 3.0

ClearlyClaire · ClearlyClaire · commit b86aaaece797 · 2022-03-15T15:34:14.000+01:00
Fixes #4 `ECDSA::SigningKey` and `RSA::SigningKey` are changed to wrap the OpenSSL PKey classes instead of inheriting them, because there seem to be no way with version 3.0.0 of the `openssl` gem to generate such PKeys without using a `.generate` factory method.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -2,7 +2,7 @@ PATH
   remote: .
   specs:
     openssl-signature_algorithm (1.1.1)
-      openssl (~> 2.0)
+      openssl (> 2.0, < 3.1)
 
 GEM
   remote: https://rubygems.org/
@@ -16,7 +16,7 @@ GEM
     diff-lcs (1.3)
     ed25519 (1.2.4)
     jaro_winkler (1.5.4)
-    openssl (2.2.0)
+    openssl (3.0.0)
     parallel (1.19.1)
     parser (2.7.0.5)
       ast (~> 2.4.0)
diff --git a/lib/openssl/signature_algorithm/ecdsa.rb b/lib/openssl/signature_algorithm/ecdsa.rb
@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "forwardable"
 require "openssl"
 require "openssl/signature_algorithm/base"
 
@@ -8,9 +9,15 @@ module SignatureAlgorithm
     class ECDSA < Base
       BYTE_LENGTH = 8
 
-      class SigningKey < OpenSSL::PKey::EC
+      class SigningKey
+        extend Forwardable
+
+        def_delegators :@pkey, :sign, :verify
+        def_delegators :@pkey, :public_key, :private_key, :to_pem, :to_der, :public?, :private?, :export, :to_s
+        def_delegators :@pkey, :group, :check_key, :dh_compute_key, :dsa_sign_asn1, :dsa_verify_asn1
+
         def initialize(*args)
-          super(*args).generate_key
+          @pkey = OpenSSL::PKey::EC.generate(*args)
         end
 
         def verify_key
@@ -30,10 +37,16 @@ def serialize
         def ec_key
           @ec_key ||=
             begin
-              ec_key = OpenSSL::PKey::EC.new(group)
-              ec_key.public_key = self
-
-              ec_key
+              # RFC5480 SubjectPublicKeyInfo
+              asn1 = OpenSSL::ASN1::Sequence([
+                OpenSSL::ASN1::Sequence([
+                  OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                  OpenSSL::ASN1::ObjectId(group.curve_name),
+                ]),
+                OpenSSL::ASN1::BitString(to_octet_string(:uncompressed))
+              ])
+
+              OpenSSL::PKey::EC.new(asn1.to_der)
             end
         end
 
diff --git a/lib/openssl/signature_algorithm/rsa.rb b/lib/openssl/signature_algorithm/rsa.rb
@@ -1,12 +1,26 @@
 # frozen_string_literal: true
 
+require "forwardable"
 require "openssl"
 require "openssl/signature_algorithm/base"
 
 module OpenSSL
   module SignatureAlgorithm
     class RSA < Base
-      class SigningKey < OpenSSL::PKey::RSA
+      class SigningKey
+        extend Forwardable
+
+        def_delegators :@pkey, :sign, :verify
+        def_delegators :@pkey, :public_key, :private_key, :to_pem, :to_der, :public?, :private?, :export, :to_s
+        def_delegators :@pkey, :public_encrypt, :public_decrypt, :private_encrypt, :private_decrypt
+        def_delegators :@pkey, :sign_pss, :verify_pss
+        def_delegators :@pkey, :blinding_off!, :blinding_on!
+        def_delegators :@pkey, :params, :to_text
+
+        def initialize(*args)
+          @pkey = OpenSSL::PKey::RSA.generate(*args)
+        end
+
         def verify_key
           VerifyKey.new(public_key.to_pem)
         end
diff --git a/openssl-signature_algorithm.gemspec b/openssl-signature_algorithm.gemspec
@@ -28,5 +28,5 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency "openssl", "~> 2.0"
+  spec.add_runtime_dependency "openssl", "> 2.0", "< 3.1"
 end
