Merge pull request cedarcode#360 from ClearlyClaire/openssl-3

Prepare for OpenSSL 3 compatibility
elquimista · Jul 14, 2022 · f7e17bd · f7e17bd
2 parents 0ae9489 + f8476eb
commit f7e17bd
Show file tree

Hide file tree

Showing 9 changed files with 15 additions and 15 deletions.
diff --git a/lib/webauthn/attestation_statement/tpm.rb b/lib/webauthn/attestation_statement/tpm.rb
@@ -42,7 +42,7 @@ def valid_key_attestation?(certified_extra_data, key, aaguid)
  OpenSSL::Digest.digest(cose_algorithm.hash_function, certified_extra_data),
  signature_algorithm: tpm_algorithm[:signature],
  hash_algorithm: tpm_algorithm[:hash],
- root_certificates: root_certificates(aaguid: aaguid)
+ trusted_certificates: root_certificates(aaguid: aaguid)
  )
 
  key_attestation.valid? && key_attestation.key && key_attestation.key.to_pem == key.to_pem
@@ -54,7 +54,7 @@ def valid_certificate_chain?(**_)
  end
 
  def default_root_certificates
- ::TPM::KeyAttestation::ROOT_CERTIFICATES
+ ::TPM::KeyAttestation::TRUSTED_CERTIFICATES
  end
 
  def tpm_algorithm

diff --git a/lib/webauthn/fake_authenticator.rb b/lib/webauthn/fake_authenticator.rb
@@ -95,7 +95,7 @@ def get_assertion(
  attr_reader :credentials
 
  def new_credential
- [SecureRandom.random_bytes(16), OpenSSL::PKey::EC.new("prime256v1").generate_key, 0]
+ [SecureRandom.random_bytes(16), OpenSSL::PKey::EC.generate("prime256v1"), 0]
  end
 
  def hashed(target)

diff --git a/lib/webauthn/fake_authenticator/authenticator_data.rb b/lib/webauthn/fake_authenticator/authenticator_data.rb
@@ -15,7 +15,7 @@ def initialize(
  rp_id_hash:,
  credential: {
  id: SecureRandom.random_bytes(16),
- public_key: OpenSSL::PKey::EC.new("prime256v1").generate_key.public_key
+ public_key: OpenSSL::PKey::EC.generate("prime256v1").public_key
  },
  sign_count: 0,
  user_present: true,

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -102,7 +102,7 @@ def create_rsa_key
 end
 
 def create_ec_key
- OpenSSL::PKey::EC.new("prime256v1").generate_key
+ OpenSSL::PKey::EC.generate("prime256v1")
 end
 
 X509_V3 = 2

diff --git a/spec/webauthn/attestation_statement/fido_u2f_spec.rb b/spec/webauthn/attestation_statement/fido_u2f_spec.rb
@@ -87,7 +87,7 @@
  let(:credential_public_key) do
  WebAuthn.configuration.algorithms << "ES384"
 
- OpenSSL::PKey::EC.new("secp384r1").generate_key.public_key
+ OpenSSL::PKey::EC.generate("secp384r1").public_key
  end
 
  it "fails" do
@@ -119,7 +119,7 @@
  end
 
  context "because it is not of the correct curve" do
- let(:attestation_key) { OpenSSL::PKey::EC.new("secp384r1").generate_key }
+ let(:attestation_key) { OpenSSL::PKey::EC.generate("secp384r1") }
 
  it "fails" do
  expect(statement.valid?(authenticator_data, client_data_hash)).to be_falsy

diff --git a/spec/webauthn/attestation_statement/packed_spec.rb b/spec/webauthn/attestation_statement/packed_spec.rb
@@ -43,7 +43,7 @@
  let(:credential_key) do
  WebAuthn.configuration.algorithms << "ES512"
 
- OpenSSL::PKey::EC.new("secp521r1").generate_key
+ OpenSSL::PKey::EC.generate("secp521r1")
  end
 
  it "fails" do

diff --git a/spec/webauthn/attestation_statement/tpm_spec.rb b/spec/webauthn/attestation_statement/tpm_spec.rb
@@ -139,10 +139,10 @@
 
  around do |example|
  silence_warnings do
- original_tpm_certificates = ::TPM::KeyAttestation::ROOT_CERTIFICATES
- ::TPM::KeyAttestation::ROOT_CERTIFICATES = tpm_certificates
+ original_tpm_certificates = ::TPM::KeyAttestation::TRUSTED_CERTIFICATES
+ ::TPM::KeyAttestation::TRUSTED_CERTIFICATES = tpm_certificates
  example.run
- ::TPM::KeyAttestation::ROOT_CERTIFICATES = original_tpm_certificates
+ ::TPM::KeyAttestation::TRUSTED_CERTIFICATES = original_tpm_certificates
  end
  end
 

diff --git a/spec/webauthn/public_key_spec.rb b/spec/webauthn/public_key_spec.rb
@@ -126,7 +126,7 @@
 
  cose_key
  end
- let(:key) { OpenSSL::PKey::EC.new("prime256v1").generate_key }
+ let(:key) { OpenSSL::PKey::EC.generate("prime256v1") }
  let(:webauthn_public_key) { WebAuthn::PublicKey.new(cose_key: cose_key) }
 
  it "works" do
@@ -143,7 +143,7 @@
 
  context "when it was signed with a different key" do
  let(:signature) do
- OpenSSL::PKey::EC.new("prime256v1").generate_key.sign(
+ OpenSSL::PKey::EC.generate("prime256v1").sign(
  hash_algorithm,
  to_be_signed
  )

diff --git a/webauthn.gemspec b/webauthn.gemspec
@@ -38,9 +38,9 @@ Gem::Specification.new do |spec|
  spec.add_dependency "bindata", "~> 2.4"
  spec.add_dependency "cbor", "~> 0.5.9"
  spec.add_dependency "cose", "~> 1.1"
- spec.add_dependency "openssl", "~> 2.2"
+ spec.add_dependency "openssl", ">= 2.2", "< 3.1"
  spec.add_dependency "safety_net_attestation", "~> 0.4.0"
- spec.add_dependency "tpm-key_attestation", "~> 0.10.0"
+ spec.add_dependency "tpm-key_attestation", "~> 0.11.0"
 
  spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
  spec.add_development_dependency "byebug", "~> 11.0"