From 9eb04f6231bc98de31f17b344979f757128ec5d1 Mon Sep 17 00:00:00 2001 From: Nan Xiao Date: Sat, 1 Jul 2023 02:15:16 -0400 Subject: [PATCH 01/19] Skip ssl-ctx test if offline (#116) --- tests/testthat/test_ssl_ctx.R | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/testthat/test_ssl_ctx.R b/tests/testthat/test_ssl_ctx.R index 5ad219a..1c49778 100644 --- a/tests/testthat/test_ssl_ctx.R +++ b/tests/testthat/test_ssl_ctx.R @@ -2,6 +2,7 @@ test_that("ssl-ctx integration works", { skip_if_not_installed('curl') skip_if(packageVersion('curl') < '4.3.3') skip_if_not(ssl_ctx_curl_version_match()) + skip_if_offline() test <- download_ssl_cert('cran.r-project.org')[[1]] From 3df8739c47c4b463bde031cf5c1258aa9d5f318b Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Fri, 14 Jul 2023 14:41:21 +0200 Subject: [PATCH 02/19] Add sha3 wrapper --- NAMESPACE | 1 + NEWS | 1 + R/hash.R | 6 ++++++ man/hash.Rd | 3 +++ 4 files changed, 11 insertions(+) diff --git a/NAMESPACE b/NAMESPACE index 71ec2f5..c88e843 100644 --- a/NAMESPACE +++ b/NAMESPACE @@ -118,6 +118,7 @@ export(sha1) export(sha2) export(sha224) export(sha256) +export(sha3) export(sha384) export(sha512) export(signature_create) diff --git a/NEWS b/NEWS index 4f12094..987e8d7 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ 2.1.0 - MacOS and Windows binaries have been bumped to libssl 3.1.0 + - Added sha3() function 2.0.6 - Add new functions pkcs7_encrypt and pkcs7_decrypt diff --git a/R/hash.R b/R/hash.R index f489b1a..6933b97 100644 --- a/R/hash.R +++ b/R/hash.R @@ -103,6 +103,12 @@ sha2 <- function(x, size = 256, key = NULL){ rawstringhash(x, paste0("sha", size), key) } +#' @rdname hash +#' @export +sha3 <- function(x, size = 256, key = NULL){ + rawstringhash(x, paste0("sha3-", size), key) +} + #' @rdname hash #' @export md4 <- function(x, key = NULL){ diff --git a/man/hash.Rd b/man/hash.Rd index 4c2c736..eca87e6 100644 --- a/man/hash.Rd +++ b/man/hash.Rd @@ -11,6 +11,7 @@ \alias{sha384} \alias{sha512} \alias{sha2} +\alias{sha3} \alias{md4} \alias{md5} \alias{blake2b} @@ -31,6 +32,8 @@ sha512(x, key = NULL) sha2(x, size = 256, key = NULL) +sha3(x, size = 256, key = NULL) + md4(x, key = NULL) md5(x, key = NULL) From 917e41f9f768a8e8b3d6c424122737eb8d9b4493 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Fri, 14 Jul 2023 15:01:24 +0200 Subject: [PATCH 03/19] Revert premature news entry --- NEWS | 1 - 1 file changed, 1 deletion(-) diff --git a/NEWS b/NEWS index 987e8d7..6102792 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,4 @@ 2.1.0 - - MacOS and Windows binaries have been bumped to libssl 3.1.0 - Added sha3() function 2.0.6 From cefc47acaff435c7b1ce0f1f775cbe31a5c54dec Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Fri, 14 Jul 2023 15:12:53 +0200 Subject: [PATCH 04/19] MacOS: update to libssl 3.1.1 --- NEWS | 1 + configure | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 6102792..08f807e 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,5 @@ 2.1.0 + - MacOS binaries have been bumped to libssl 3.1.1 - Added sha3() function 2.0.6 diff --git a/configure b/configure index 362d8a9..f21879a 100755 --- a/configure +++ b/configure @@ -37,8 +37,8 @@ elif [ `uname` = "Darwin" ]; then test ! "$CI" && brew --version 2>/dev/null if [ $? -eq 0 ]; then BREWDIR=`brew --prefix` - PKG_CFLAGS="-I$BREWDIR/opt/openssl/include -I$BREWDIR/opt/openssl@1.1/include" - PKG_LIBS="-L$BREWDIR/opt/openssl/lib -L$BREWDIR/opt/openssl@1.1/lib $PKG_LIBS" + PKG_CFLAGS="-I$BREWDIR/opt/openssl/include" + PKG_LIBS="-L$BREWDIR/opt/openssl/lib $PKG_LIBS" else curl -sfL "https://autobrew.github.io/scripts/$PKG_BREW_NAME" > autobrew . ./autobrew From 8abf11779f930f83b02a4933c53d2b5ca823db12 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Fri, 14 Jul 2023 17:21:19 +0200 Subject: [PATCH 05/19] Windows: update to libssl 3.1.1 --- .github/workflows/R-CMD-check.yaml | 6 ++++-- src/Makevars.ucrt | 2 -- src/Makevars.win | 15 +++++++++++---- 3 files changed, 15 insertions(+), 8 deletions(-) delete mode 100644 src/Makevars.ucrt diff --git a/.github/workflows/R-CMD-check.yaml b/.github/workflows/R-CMD-check.yaml index 5b875c5..b0964c8 100644 --- a/.github/workflows/R-CMD-check.yaml +++ b/.github/workflows/R-CMD-check.yaml @@ -16,13 +16,15 @@ jobs: fail-fast: false matrix: config: - - {os: macOS-latest, r: 'release'} + - {os: windows-latest, r: '3.6'} + - {os: windows-latest, r: '4.1'} - {os: windows-latest, r: 'release'} - {os: windows-latest, r: 'release', ssl_backend: 'openssl'} - - {os: windows-2022, r: 'devel'} + - {os: windows-latest, r: 'devel'} - {os: ubuntu-latest, r: 'devel', http-user-agent: 'release'} - {os: ubuntu-latest, r: 'release'} - {os: ubuntu-latest, r: 'oldrel-1'} + - {os: macOS-latest, r: 'release'} env: GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} diff --git a/src/Makevars.ucrt b/src/Makevars.ucrt deleted file mode 100644 index 1a2e101..0000000 --- a/src/Makevars.ucrt +++ /dev/null @@ -1,2 +0,0 @@ -CRT=-ucrt -include Makevars.win diff --git a/src/Makevars.win b/src/Makevars.win index a17fb08..abc49dc 100644 --- a/src/Makevars.win +++ b/src/Makevars.win @@ -1,10 +1,17 @@ -VERSION = 1.1.1k -PKG_CPPFLAGS = -I../windows/openssl-$(VERSION)/include -PKG_LIBS = -Lbcrypt -lstatbcrypt -L../windows/openssl-$(VERSION)/lib${R_ARCH}${CRT} \ - -lssl -lcrypto -lws2_32 -lgdi32 -lcrypt32 +VERSION = 3.1.1 +RWINLIB = ../windows/openssl-$(VERSION) +TARGET = lib$(subst gcc,,$(COMPILED_BY))$(R_ARCH) +PKG_CPPFLAGS = -I$(RWINLIB)/include -DOPENSSL_SUPPRESS_DEPRECATED + STATLIB = bcrypt/libstatbcrypt.a LIBBCRYPT = bcrypt/bcrypt_pbkdf.o bcrypt/blowfish.o +PKG_LIBS = \ + -Lbcrypt -lstatbcrypt \ + -L$(RWINLIB)/$(TARGET) \ + -L$(RWINLIB)/lib$(R_ARCH) \ + -lssl -lcrypto -lz -lws2_32 -lgdi32 -lcrypt32 + #all: clean all: $(SHLIB) From 2081383383b8de0edd5aeb4534bb1fbeaa91b0d3 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Fri, 14 Jul 2023 18:04:39 +0200 Subject: [PATCH 06/19] Trigger build --- DESCRIPTION | 2 +- NEWS | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/DESCRIPTION b/DESCRIPTION index f5f8652..63b0b2a 100644 --- a/DESCRIPTION +++ b/DESCRIPTION @@ -1,7 +1,7 @@ Package: openssl Type: Package Title: Toolkit for Encryption, Signatures and Certificates Based on OpenSSL -Version: 2.0.6 +Version: 2.1.0 Authors@R: c(person("Jeroen", "Ooms", role = c("aut", "cre"), email = "jeroen@berkeley.edu", comment = c(ORCID = "0000-0002-4035-0289")), person("Oliver", "Keyes", role = "ctb")) diff --git a/NEWS b/NEWS index 08f807e..cae077b 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,5 @@ 2.1.0 - - MacOS binaries have been bumped to libssl 3.1.1 + - Windows and MacOS binaries have been bumped to libssl 3.1.1 - Added sha3() function 2.0.6 From f9ea7c44d4fe6d3eeba385dd7eb93416ad2c1cfa Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Sat, 15 Jul 2023 10:27:29 +0200 Subject: [PATCH 07/19] Update NEWS --- DESCRIPTION | 2 +- NEWS | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/DESCRIPTION b/DESCRIPTION index 63b0b2a..022aeb7 100644 --- a/DESCRIPTION +++ b/DESCRIPTION @@ -15,7 +15,7 @@ Description: Bindings to OpenSSL libssl and libcrypto, plus custom SSH key parse number generator, and 'bignum' math methods for manually performing crypto calculations on large multibyte integers. License: MIT + file LICENSE -URL: https://github.com/jeroen/openssl +URL: https://jeroen.r-universe.dev/openssl BugReports: https://github.com/jeroen/openssl/issues SystemRequirements: OpenSSL >= 1.0.2 VignetteBuilder: knitr diff --git a/NEWS b/NEWS index cae077b..665b9bd 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ 2.1.0 - - Windows and MacOS binaries have been bumped to libssl 3.1.1 + - Windows and autobrew binaries have been bumped to libssl 3.1.1. (MacOS CRAN + binaries use libssl from CRAN 'recipes' which is currently libssl 1.1.1) - Added sha3() function 2.0.6 From 6220595d88f3cddcdbdf8be8db18bcd971f46fa0 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Sat, 15 Jul 2023 14:49:38 +0200 Subject: [PATCH 08/19] Fix warning --- R/openssh.R | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/R/openssh.R b/R/openssh.R index f9ad6d7..ed55f0d 100644 --- a/R/openssh.R +++ b/R/openssh.R @@ -35,7 +35,7 @@ fingerprint.pubkey <- function(key, hashfun = sha256){ hashfun(unlist(unname(hashdata))) } -fpdata <- function(x, ...){ +fpdata <- function(pubkey, ...){ UseMethod("fpdata") } From 2199ed7e50cb68c176b3ee09b6d1542fb2ae2ee4 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Sat, 15 Jul 2023 15:32:20 +0200 Subject: [PATCH 09/19] Fix signatures --- R/openssh.R | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/R/openssh.R b/R/openssh.R index ed55f0d..d1fa06c 100644 --- a/R/openssh.R +++ b/R/openssh.R @@ -35,7 +35,7 @@ fingerprint.pubkey <- function(key, hashfun = sha256){ hashfun(unlist(unname(hashdata))) } -fpdata <- function(pubkey, ...){ +fpdata <- function(pubkey){ UseMethod("fpdata") } From 92cf8245a1c25139de6ef547d849997415067e1f Mon Sep 17 00:00:00 2001 From: Mervin Fansler Date: Thu, 27 Jul 2023 14:24:23 -0400 Subject: [PATCH 10/19] check sodium (#118) --- tests/testthat/test_sodium.R | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/testthat/test_sodium.R b/tests/testthat/test_sodium.R index 804ac0e..3a46200 100644 --- a/tests/testthat/test_sodium.R +++ b/tests/testthat/test_sodium.R @@ -1,6 +1,7 @@ context("Sodium Compatibility") test_that("Signatures are compatible with sodium", { + skip_if_not_installed('sodium') skip_if(fips_mode()) skip_if_not(openssl_config()$x25519) @@ -26,6 +27,7 @@ test_that("Signatures are compatible with sodium", { }) test_that("Diffie Hellman is compatible with sodium", { + skip_if_not_installed('sodium') skip_if(fips_mode()) skip_if_not(openssl_config()$x25519) # Generate keypair with sodium From 736d6a83c795f50dc6284da3efc3cfe0c9c40911 Mon Sep 17 00:00:00 2001 From: George Stagg Date: Thu, 29 Jun 2023 08:54:55 +0100 Subject: [PATCH 11/19] Error when running under webR on use of SSL_set_fd --- src/ssl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 4ff5b88..90dcc50 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -110,6 +110,10 @@ static SEXP R_write_cert_chain(STACK_OF(X509) *chain){ } SEXP R_download_cert(SEXP hostname, SEXP service, SEXP ipv4_only) { +#ifdef __EMSCRIPTEN__ + Rf_error("Raw network access is unavailable when running under Wasm."); + return NULL; +#else /* The 'hints' arg is only needed for solaris */ struct addrinfo hints; memset(&hints,0,sizeof(hints)); @@ -204,6 +208,7 @@ SEXP R_download_cert(SEXP hostname, SEXP service, SEXP ipv4_only) { SSL_free(ssl); SSL_CTX_free(ctx); return res; +#endif // __EMSCRIPTEN__ } static int sslVerifyCallback(X509_STORE_CTX* x509Ctx, void *fun) { From 0c93ca302a9d5f2c047266075f23f23a7efdf171 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Mon, 18 Sep 2023 21:41:51 +0200 Subject: [PATCH 12/19] Windows: update to libssl 3.1.2 --- .github/workflows/R-CMD-check.yaml | 1 + src/Makevars.win | 7 +++---- tools/winlibs.R | 22 ++++++++++++++-------- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/.github/workflows/R-CMD-check.yaml b/.github/workflows/R-CMD-check.yaml index b0964c8..af022ac 100644 --- a/.github/workflows/R-CMD-check.yaml +++ b/.github/workflows/R-CMD-check.yaml @@ -18,6 +18,7 @@ jobs: config: - {os: windows-latest, r: '3.6'} - {os: windows-latest, r: '4.1'} + - {os: windows-latest, r: '4.2'} - {os: windows-latest, r: 'release'} - {os: windows-latest, r: 'release', ssl_backend: 'openssl'} - {os: windows-latest, r: 'devel'} diff --git a/src/Makevars.win b/src/Makevars.win index abc49dc..a98f3fe 100644 --- a/src/Makevars.win +++ b/src/Makevars.win @@ -1,5 +1,4 @@ -VERSION = 3.1.1 -RWINLIB = ../windows/openssl-$(VERSION) +RWINLIB = ../windows/libssl TARGET = lib$(subst gcc,,$(COMPILED_BY))$(R_ARCH) PKG_CPPFLAGS = -I$(RWINLIB)/include -DOPENSSL_SUPPRESS_DEPRECATED @@ -9,7 +8,7 @@ LIBBCRYPT = bcrypt/bcrypt_pbkdf.o bcrypt/blowfish.o PKG_LIBS = \ -Lbcrypt -lstatbcrypt \ -L$(RWINLIB)/$(TARGET) \ - -L$(RWINLIB)/lib$(R_ARCH) \ + -L$(RWINLIB)/lib \ -lssl -lcrypto -lz -lws2_32 -lgdi32 -lcrypt32 #all: clean @@ -22,7 +21,7 @@ $(SHLIB): $(OBJECTS) $(STATLIB) $(STATLIB): $(LIBBCRYPT) winlibs: - "${R_HOME}/bin${R_ARCH_BIN}/Rscript.exe" "../tools/winlibs.R" $(VERSION) + "${R_HOME}/bin${R_ARCH_BIN}/Rscript.exe" "../tools/winlibs.R" clean: rm -f $(SHLIB) $(OBJECTS) $(STATLIB) $(LIBBCRYPT) diff --git a/tools/winlibs.R b/tools/winlibs.R index 4b0597e..bb77d35 100644 --- a/tools/winlibs.R +++ b/tools/winlibs.R @@ -1,10 +1,16 @@ -# Build against mingw-w64 build of openssl -VERSION <- commandArgs(TRUE) -if(!file.exists(sprintf("../windows/openssl-%s/include/openssl/ssl.h", VERSION))){ - if(getRversion() < "3.3.0") setInternet2() - download.file(sprintf("https://github.com/rwinlib/openssl/archive/v%s.zip", VERSION), - "lib.zip", quiet = TRUE) +if(!file.exists("../windows/libssl/include/openssl/pem.h")){ + unlink("../windows", recursive = TRUE) + url <- if(grepl("aarch", R.version$platform)){ + "https://github.com/r-windows/bundles/releases/download/openssl-3.1.2/openssl-3.1.2-clang-aarch64.tar.xz" + } else if(getRversion() >= "4.2") { + "https://github.com/r-windows/bundles/releases/download/openssl-3.1.2/openssl-3.1.2-ucrt-x86_64.tar.xz" + } else { + "https://github.com/rwinlib/openssl/archive/v3.1.1.tar.gz" + } + download.file(url, basename(url), quiet = TRUE) dir.create("../windows", showWarnings = FALSE) - unzip("lib.zip", exdir = "../windows") - unlink("lib.zip") + untar(basename(url), exdir = "../windows", tar = 'internal') + unlink(basename(url)) + setwd("../windows") + file.rename(list.files(), 'libssl') } From c82ac66ef91ee888ccc1414dad2031e96b960c80 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Mon, 18 Sep 2023 23:40:46 +0200 Subject: [PATCH 13/19] Bump version --- DESCRIPTION | 2 +- NEWS | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/DESCRIPTION b/DESCRIPTION index 022aeb7..81722f4 100644 --- a/DESCRIPTION +++ b/DESCRIPTION @@ -1,7 +1,7 @@ Package: openssl Type: Package Title: Toolkit for Encryption, Signatures and Certificates Based on OpenSSL -Version: 2.1.0 +Version: 2.1.1 Authors@R: c(person("Jeroen", "Ooms", role = c("aut", "cre"), email = "jeroen@berkeley.edu", comment = c(ORCID = "0000-0002-4035-0289")), person("Oliver", "Keyes", role = "ctb")) diff --git a/NEWS b/NEWS index 665b9bd..704a8be 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +2.1.1 + - Windows: update to openssl 3.1.2 + arm support + 2.1.0 - Windows and autobrew binaries have been bumped to libssl 3.1.1. (MacOS CRAN binaries use libssl from CRAN 'recipes' which is currently libssl 1.1.1) From 634c8857e8565cf2b0397eaf90b25c539973c344 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Mon, 25 Sep 2023 19:29:50 +0200 Subject: [PATCH 14/19] Add clang --- tools/winlibs.R | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/winlibs.R b/tools/winlibs.R index bb77d35..68f75d8 100644 --- a/tools/winlibs.R +++ b/tools/winlibs.R @@ -2,7 +2,9 @@ if(!file.exists("../windows/libssl/include/openssl/pem.h")){ unlink("../windows", recursive = TRUE) url <- if(grepl("aarch", R.version$platform)){ "https://github.com/r-windows/bundles/releases/download/openssl-3.1.2/openssl-3.1.2-clang-aarch64.tar.xz" - } else if(getRversion() >= "4.2") { + } else if(grepl("clang", Sys.getenv('R_COMPILED_BY'))){ + "https://github.com/r-windows/bundles/releases/download/openssl-3.1.2/openssl-3.1.2-clang-x86_64.tar.xz" + } else if(getRversion() >= "4.2") { "https://github.com/r-windows/bundles/releases/download/openssl-3.1.2/openssl-3.1.2-ucrt-x86_64.tar.xz" } else { "https://github.com/rwinlib/openssl/archive/v3.1.1.tar.gz" From 5302c6fc737aad45808be489bdf72297bf942321 Mon Sep 17 00:00:00 2001 From: Jason Law Date: Thu, 5 Oct 2023 14:22:18 -0700 Subject: [PATCH 15/19] Added support for OAEP padding to RSA encryption/decryption. (#120) Co-authored-by: Jason Law --- R/rsa.R | 9 +++++---- man/rsa_encrypt.Rd | 6 ++++-- src/rsa.c | 10 ++++++---- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/R/rsa.R b/R/rsa.R index 404abd1..920bf72 100644 --- a/R/rsa.R +++ b/R/rsa.R @@ -8,6 +8,7 @@ #' #' @export #' @param data raw vector of max 245 bytes (for 2048 bit keys) with data to encrypt/decrypt +#' @param oaep if TRUE, changes padding to EME-OAEP as defined in PKCS #1 v2.0 #' @inheritParams signature_create #' @rdname rsa_encrypt #' @aliases rsa encrypt @@ -28,19 +29,19 @@ #' tempkey <- rsa_decrypt(ciphertext, key) #' message <- aes_cbc_decrypt(blob, tempkey, iv) #' out <- rawToChar(message) -rsa_encrypt <- function(data, pubkey = my_pubkey()){ +rsa_encrypt <- function(data, pubkey = my_pubkey(), oaep = FALSE){ pk <- read_pubkey(pubkey) stopifnot(inherits(pk, "rsa")) stopifnot(is.raw(data)) - .Call(R_rsa_encrypt, data, pk) + .Call(R_rsa_encrypt, data, pk, oaep) } #' @useDynLib openssl R_rsa_decrypt #' @export #' @rdname rsa_encrypt -rsa_decrypt <- function(data, key = my_key(), password = askpass){ +rsa_decrypt <- function(data, key = my_key(), password = askpass, oaep = FALSE){ sk <- read_key(key, password) stopifnot(inherits(sk, "rsa")) stopifnot(is.raw(data)) - .Call(R_rsa_decrypt, data, sk) + .Call(R_rsa_decrypt, data, sk, oaep) } diff --git a/man/rsa_encrypt.Rd b/man/rsa_encrypt.Rd index 4127f02..ba1413f 100644 --- a/man/rsa_encrypt.Rd +++ b/man/rsa_encrypt.Rd @@ -7,15 +7,17 @@ \alias{rsa_decrypt} \title{Low-level RSA encryption} \usage{ -rsa_encrypt(data, pubkey = my_pubkey()) +rsa_encrypt(data, pubkey = my_pubkey(), oaep = FALSE) -rsa_decrypt(data, key = my_key(), password = askpass) +rsa_decrypt(data, key = my_key(), password = askpass, oaep = FALSE) } \arguments{ \item{data}{raw vector of max 245 bytes (for 2048 bit keys) with data to encrypt/decrypt} \item{pubkey}{public key or file path. See \code{\link[=read_pubkey]{read_pubkey()}}.} +\item{oaep}{if TRUE, changes padding to EME-OAEP as defined in PKCS #1 v2.0} + \item{key}{private key or file path. See \code{\link[=read_key]{read_key()}}.} \item{password}{string or a function to read protected keys. See \code{\link[=read_key]{read_key()}}.} diff --git a/src/rsa.c b/src/rsa.c index 512d354..38a23b4 100644 --- a/src/rsa.c +++ b/src/rsa.c @@ -5,13 +5,14 @@ #include #include "utils.h" -SEXP R_rsa_encrypt(SEXP data, SEXP keydata) { +SEXP R_rsa_encrypt(SEXP data, SEXP keydata, SEXP oaep) { const unsigned char *ptr = RAW(keydata); RSA *rsa = d2i_RSA_PUBKEY(NULL, &ptr, LENGTH(keydata)); + int pad = asLogical(oaep) ? RSA_PKCS1_OAEP_PADDING : RSA_PKCS1_PADDING; bail(!!rsa); int keysize = RSA_size(rsa); unsigned char* buf = OPENSSL_malloc(keysize); - int len = RSA_public_encrypt(LENGTH(data), RAW(data), buf, rsa, RSA_PKCS1_PADDING); + int len = RSA_public_encrypt(LENGTH(data), RAW(data), buf, rsa, pad); bail(len > 0); RSA_free(rsa); SEXP res = allocVector(RAWSXP, len); @@ -20,13 +21,14 @@ SEXP R_rsa_encrypt(SEXP data, SEXP keydata) { return res; } -SEXP R_rsa_decrypt(SEXP data, SEXP keydata){ +SEXP R_rsa_decrypt(SEXP data, SEXP keydata, SEXP oaep){ const unsigned char *ptr = RAW(keydata); RSA *rsa = d2i_RSAPrivateKey(NULL, &ptr, LENGTH(keydata)); + int pad = asLogical(oaep) ? RSA_PKCS1_OAEP_PADDING : RSA_PKCS1_PADDING; bail(!!rsa); int keysize = RSA_size(rsa); unsigned char* buf = OPENSSL_malloc(keysize); - int len = RSA_private_decrypt(LENGTH(data), RAW(data), buf, rsa, RSA_PKCS1_PADDING); + int len = RSA_private_decrypt(LENGTH(data), RAW(data), buf, rsa, pad); bail(len > 0); RSA_free(rsa); SEXP res = allocVector(RAWSXP, len); From 5ff630ce7bccc8fd066d966285b487167aaec418 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Thu, 5 Oct 2023 23:24:10 +0200 Subject: [PATCH 16/19] Type safety --- R/rsa.R | 2 ++ 1 file changed, 2 insertions(+) diff --git a/R/rsa.R b/R/rsa.R index 920bf72..a038e22 100644 --- a/R/rsa.R +++ b/R/rsa.R @@ -33,6 +33,7 @@ rsa_encrypt <- function(data, pubkey = my_pubkey(), oaep = FALSE){ pk <- read_pubkey(pubkey) stopifnot(inherits(pk, "rsa")) stopifnot(is.raw(data)) + oaep <- as.logical(oaep) .Call(R_rsa_encrypt, data, pk, oaep) } @@ -43,5 +44,6 @@ rsa_decrypt <- function(data, key = my_key(), password = askpass, oaep = FALSE){ sk <- read_key(key, password) stopifnot(inherits(sk, "rsa")) stopifnot(is.raw(data)) + oaep <- as.logical(oaep) .Call(R_rsa_decrypt, data, sk, oaep) } From d66eeb4a36c7ebf797fd5c9b54a7bcad9847e593 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Thu, 14 Dec 2023 12:29:42 +0100 Subject: [PATCH 17/19] Make script robust against 'extern' in openssl headers --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index f21879a..92bfcff 100755 --- a/configure +++ b/configure @@ -76,7 +76,7 @@ fi # Try to link against the correct OpenSSL version if [ -z "$AUTOBREW" ]; then -SONAME=`${CC} -E ${PKG_CFLAGS} src/tests/soname.h | sh | xargs` +SONAME=`${CC} -E ${PKG_CFLAGS} src/tests/soname.h | grep 'echo' | sh | xargs` if [ "$SONAME" ]; then if [ `uname` = "Darwin" ]; then PKG_LIBS_VERSIONED=`echo "${PKG_LIBS}" | sed "s/-lssl/-lssl.${SONAME}/" | sed "s/-lcrypto/-lcrypto.${SONAME}/"` From 7184cce624ea8926457b0d518d8cddd66d617646 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Mon, 15 Jan 2024 20:02:02 +0100 Subject: [PATCH 18/19] Test this thing --- .github/workflows/R-CMD-check.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/R-CMD-check.yaml b/.github/workflows/R-CMD-check.yaml index af022ac..6a9adb0 100644 --- a/.github/workflows/R-CMD-check.yaml +++ b/.github/workflows/R-CMD-check.yaml @@ -26,7 +26,7 @@ jobs: - {os: ubuntu-latest, r: 'release'} - {os: ubuntu-latest, r: 'oldrel-1'} - {os: macOS-latest, r: 'release'} - + - {os: flyci-macos-large-latest-m1, r: 'release'} env: GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} R_KEEP_PKG_SOURCE: yes @@ -36,7 +36,7 @@ jobs: - uses: r-lib/actions/setup-pandoc@v2 - - uses: r-lib/actions/setup-r@v2 + - uses: r-lib/actions/setup-r@m1 with: r-version: ${{ matrix.config.r }} http-user-agent: ${{ matrix.config.http-user-agent }} From a20a6fe5ce51be4964f0470265f77f36088866f7 Mon Sep 17 00:00:00 2001 From: Jeroen Ooms Date: Thu, 22 Feb 2024 16:14:31 +0100 Subject: [PATCH 19/19] Test rhub2 --- .github/workflows/rhub.yaml | 95 +++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 .github/workflows/rhub.yaml diff --git a/.github/workflows/rhub.yaml b/.github/workflows/rhub.yaml new file mode 100644 index 0000000..ff3a268 --- /dev/null +++ b/.github/workflows/rhub.yaml @@ -0,0 +1,95 @@ +# R-hub's generic GitHub Actions workflow file. It's canonical location is at +# https://github.com/r-hub/rhub2/blob/v1/inst/workflow/rhub.yaml +# You can update this file to a newer version using the rhub2 package: +# +# rhub2::rhub_setup() +# +# It is unlikely that you need to modify this file manually. + +name: R-hub +run-name: "${{ github.event.inputs.id }}: ${{ github.event.inputs.name || format('Manually run by {0}', github.triggering_actor) }}" + +on: + workflow_dispatch: + inputs: + config: + description: 'A comma separated list of R-hub platforms to use.' + type: string + default: 'linux,windows,macos' + name: + description: 'Run name. You can leave this empty now.' + type: string + id: + description: 'Unique ID. You can leave this empty now.' + type: string + +jobs: + + setup: + runs-on: ubuntu-latest + outputs: + containers: ${{ steps.rhub-setup.outputs.containers }} + platforms: ${{ steps.rhub-setup.outputs.platforms }} + + steps: + # NO NEED TO CHECKOUT HERE + - uses: r-hub/rhub2/actions/rhub-setup@v1 + with: + config: ${{ github.event.inputs.config }} + id: rhub-setup + + linux-containers: + needs: setup + if: ${{ needs.setup.outputs.containers != '[]' }} + runs-on: ubuntu-latest + name: ${{ matrix.config.label }} + strategy: + fail-fast: false + matrix: + config: ${{ fromJson(needs.setup.outputs.containers) }} + container: + image: ${{ matrix.config.container }} + + steps: + - uses: r-hub/rhub2/actions/rhub-checkout@v1 + - uses: r-hub/rhub2/actions/rhub-platform-info@v1 + with: + token: ${{ secrets.RHUB_TOKEN }} + job-config: ${{ matrix.config.job-config }} + - uses: r-hub/rhub2/actions/rhub-setup-deps@v1 + with: + token: ${{ secrets.RHUB_TOKEN }} + job-config: ${{ matrix.config.job-config }} + - uses: r-hub/rhub2/actions/rhub-run-check@v1 + with: + token: ${{ secrets.RHUB_TOKEN }} + job-config: ${{ matrix.config.job-config }} + + other-platforms: + needs: setup + if: ${{ needs.setup.outputs.platforms != '[]' }} + runs-on: ${{ matrix.config.os }} + name: ${{ matrix.config.label }} + strategy: + fail-fast: false + matrix: + config: ${{ fromJson(needs.setup.outputs.platforms) }} + + steps: + - uses: r-hub/rhub2/actions/rhub-checkout@v1 + - uses: r-hub/rhub2/actions/rhub-setup-r@v1 + with: + job-config: ${{ matrix.config.job-config }} + token: ${{ secrets.RHUB_TOKEN }} + - uses: r-hub/rhub2/actions/rhub-platform-info@v1 + with: + token: ${{ secrets.RHUB_TOKEN }} + job-config: ${{ matrix.config.job-config }} + - uses: r-hub/rhub2/actions/rhub-setup-deps@v1 + with: + job-config: ${{ matrix.config.job-config }} + token: ${{ secrets.RHUB_TOKEN }} + - uses: r-hub/rhub2/actions/rhub-run-check@v1 + with: + job-config: ${{ matrix.config.job-config }} + token: ${{ secrets.RHUB_TOKEN }}