openssl-custom 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. checksums.yaml +7 -0
  2. data/BSDL +22 -0
  3. data/CONTRIBUTING.md +132 -0
  4. data/History.md +485 -0
  5. data/LICENSE.txt +56 -0
  6. data/README.md +66 -0
  7. data/ext/openssl/extconf.rb +190 -0
  8. data/ext/openssl/openssl_missing.c +106 -0
  9. data/ext/openssl/openssl_missing.h +257 -0
  10. data/ext/openssl/ossl.c +1282 -0
  11. data/ext/openssl/ossl.h +181 -0
  12. data/ext/openssl/ossl_asn1.c +1878 -0
  13. data/ext/openssl/ossl_asn1.h +62 -0
  14. data/ext/openssl/ossl_bio.c +42 -0
  15. data/ext/openssl/ossl_bio.h +16 -0
  16. data/ext/openssl/ossl_bn.c +1270 -0
  17. data/ext/openssl/ossl_bn.h +26 -0
  18. data/ext/openssl/ossl_cipher.c +1075 -0
  19. data/ext/openssl/ossl_cipher.h +20 -0
  20. data/ext/openssl/ossl_config.c +89 -0
  21. data/ext/openssl/ossl_config.h +19 -0
  22. data/ext/openssl/ossl_digest.c +425 -0
  23. data/ext/openssl/ossl_digest.h +20 -0
  24. data/ext/openssl/ossl_engine.c +567 -0
  25. data/ext/openssl/ossl_engine.h +19 -0
  26. data/ext/openssl/ossl_hmac.c +389 -0
  27. data/ext/openssl/ossl_hmac.h +18 -0
  28. data/ext/openssl/ossl_kdf.c +303 -0
  29. data/ext/openssl/ossl_kdf.h +6 -0
  30. data/ext/openssl/ossl_ns_spki.c +405 -0
  31. data/ext/openssl/ossl_ns_spki.h +19 -0
  32. data/ext/openssl/ossl_ocsp.c +2013 -0
  33. data/ext/openssl/ossl_ocsp.h +23 -0
  34. data/ext/openssl/ossl_pkcs12.c +257 -0
  35. data/ext/openssl/ossl_pkcs12.h +13 -0
  36. data/ext/openssl/ossl_pkcs7.c +1098 -0
  37. data/ext/openssl/ossl_pkcs7.h +36 -0
  38. data/ext/openssl/ossl_pkey.c +673 -0
  39. data/ext/openssl/ossl_pkey.h +241 -0
  40. data/ext/openssl/ossl_pkey_dh.c +650 -0
  41. data/ext/openssl/ossl_pkey_dsa.c +664 -0
  42. data/ext/openssl/ossl_pkey_ec.c +1827 -0
  43. data/ext/openssl/ossl_pkey_rsa.c +966 -0
  44. data/ext/openssl/ossl_rand.c +200 -0
  45. data/ext/openssl/ossl_rand.h +18 -0
  46. data/ext/openssl/ossl_ssl.c +3080 -0
  47. data/ext/openssl/ossl_ssl.h +36 -0
  48. data/ext/openssl/ossl_ssl_session.c +332 -0
  49. data/ext/openssl/ossl_ts.c +1524 -0
  50. data/ext/openssl/ossl_ts.h +16 -0
  51. data/ext/openssl/ossl_x509.c +262 -0
  52. data/ext/openssl/ossl_x509.h +115 -0
  53. data/ext/openssl/ossl_x509attr.c +324 -0
  54. data/ext/openssl/ossl_x509cert.c +846 -0
  55. data/ext/openssl/ossl_x509crl.c +542 -0
  56. data/ext/openssl/ossl_x509ext.c +491 -0
  57. data/ext/openssl/ossl_x509name.c +590 -0
  58. data/ext/openssl/ossl_x509req.c +441 -0
  59. data/ext/openssl/ossl_x509revoked.c +300 -0
  60. data/ext/openssl/ossl_x509store.c +902 -0
  61. data/ext/openssl/ruby_missing.h +24 -0
  62. data/lib/openssl/bn.rb +40 -0
  63. data/lib/openssl/buffering.rb +478 -0
  64. data/lib/openssl/cipher.rb +67 -0
  65. data/lib/openssl/config.rb +501 -0
  66. data/lib/openssl/digest.rb +73 -0
  67. data/lib/openssl/hmac.rb +13 -0
  68. data/lib/openssl/marshal.rb +30 -0
  69. data/lib/openssl/pkcs5.rb +22 -0
  70. data/lib/openssl/pkey.rb +42 -0
  71. data/lib/openssl/ssl.rb +542 -0
  72. data/lib/openssl/version.rb +5 -0
  73. data/lib/openssl/x509.rb +369 -0
  74. data/lib/openssl.rb +38 -0
  75. metadata +196 -0
@@ -0,0 +1,24 @@
1
+ /*
2
+ * 'OpenSSL for Ruby' project
3
+ * Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz>
4
+ * All rights reserved.
5
+ */
6
+ /*
7
+ * This program is licensed under the same licence as Ruby.
8
+ * (See the file 'LICENCE'.)
9
+ */
10
+ #if !defined(_OSSL_RUBY_MISSING_H_)
11
+ #define _OSSL_RUBY_MISSING_H_
12
+
13
+ /* Ruby 2.4 */
14
+ #ifndef RB_INTEGER_TYPE_P
15
+ # define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
16
+ #endif
17
+
18
+ /* Ruby 2.5 */
19
+ #ifndef ST2FIX
20
+ # define RB_ST2FIX(h) LONG2FIX((long)(h))
21
+ # define ST2FIX(h) RB_ST2FIX(h)
22
+ #endif
23
+
24
+ #endif /* _OSSL_RUBY_MISSING_H_ */
data/lib/openssl/bn.rb ADDED
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+ #--
3
+ #
4
+ # = Ruby-space definitions that completes C-space funcs for BN
5
+ #
6
+ # = Info
7
+ # 'OpenSSL for Ruby 2' project
8
+ # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
9
+ # All rights reserved.
10
+ #
11
+ # = Licence
12
+ # This program is licensed under the same licence as Ruby.
13
+ # (See the file 'LICENCE'.)
14
+ #++
15
+
16
+ module OpenSSL
17
+ class BN
18
+ include Comparable
19
+
20
+ def pretty_print(q)
21
+ q.object_group(self) {
22
+ q.text ' '
23
+ q.text to_i.to_s
24
+ }
25
+ end
26
+ end # BN
27
+ end # OpenSSL
28
+
29
+ ##
30
+ #--
31
+ # Add double dispatch to Integer
32
+ #++
33
+ class Integer
34
+ # Casts an Integer as an OpenSSL::BN
35
+ #
36
+ # See `man bn` for more info.
37
+ def to_bn
38
+ OpenSSL::BN::new(self)
39
+ end
40
+ end # Integer
@@ -0,0 +1,478 @@
1
+ # coding: binary
2
+ # frozen_string_literal: true
3
+ #--
4
+ #= Info
5
+ # 'OpenSSL for Ruby 2' project
6
+ # Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
7
+ # All rights reserved.
8
+ #
9
+ #= Licence
10
+ # This program is licensed under the same licence as Ruby.
11
+ # (See the file 'LICENCE'.)
12
+ #++
13
+
14
+ ##
15
+ # OpenSSL IO buffering mix-in module.
16
+ #
17
+ # This module allows an OpenSSL::SSL::SSLSocket to behave like an IO.
18
+ #
19
+ # You typically won't use this module directly, you can see it implemented in
20
+ # OpenSSL::SSL::SSLSocket.
21
+
22
+ module OpenSSL::Buffering
23
+ include Enumerable
24
+
25
+ # A buffer which will retain binary encoding.
26
+ class Buffer < String
27
+ BINARY = Encoding::BINARY
28
+
29
+ def initialize
30
+ super
31
+
32
+ force_encoding(BINARY)
33
+ end
34
+
35
+ def << string
36
+ if string.encoding == BINARY
37
+ super(string)
38
+ else
39
+ super(string.b)
40
+ end
41
+
42
+ return self
43
+ end
44
+
45
+ alias concat <<
46
+ end
47
+
48
+ ##
49
+ # The "sync mode" of the SSLSocket.
50
+ #
51
+ # See IO#sync for full details.
52
+
53
+ attr_accessor :sync
54
+
55
+ ##
56
+ # Default size to read from or write to the SSLSocket for buffer operations.
57
+
58
+ BLOCK_SIZE = 1024*16
59
+
60
+ ##
61
+ # Creates an instance of OpenSSL's buffering IO module.
62
+
63
+ def initialize(*)
64
+ super
65
+ @eof = false
66
+ @rbuffer = Buffer.new
67
+ @sync = @io.sync
68
+ end
69
+
70
+ #
71
+ # for reading.
72
+ #
73
+ private
74
+
75
+ ##
76
+ # Fills the buffer from the underlying SSLSocket
77
+
78
+ def fill_rbuff
79
+ begin
80
+ @rbuffer << self.sysread(BLOCK_SIZE)
81
+ rescue Errno::EAGAIN
82
+ retry
83
+ rescue EOFError
84
+ @eof = true
85
+ end
86
+ end
87
+
88
+ ##
89
+ # Consumes _size_ bytes from the buffer
90
+
91
+ def consume_rbuff(size=nil)
92
+ if @rbuffer.empty?
93
+ nil
94
+ else
95
+ size = @rbuffer.size unless size
96
+ ret = @rbuffer[0, size]
97
+ @rbuffer[0, size] = ""
98
+ ret
99
+ end
100
+ end
101
+
102
+ public
103
+
104
+ ##
105
+ # Reads _size_ bytes from the stream. If _buf_ is provided it must
106
+ # reference a string which will receive the data.
107
+ #
108
+ # See IO#read for full details.
109
+
110
+ def read(size=nil, buf=nil)
111
+ if size == 0
112
+ if buf
113
+ buf.clear
114
+ return buf
115
+ else
116
+ return ""
117
+ end
118
+ end
119
+ until @eof
120
+ break if size && size <= @rbuffer.size
121
+ fill_rbuff
122
+ end
123
+ ret = consume_rbuff(size) || ""
124
+ if buf
125
+ buf.replace(ret)
126
+ ret = buf
127
+ end
128
+ (size && ret.empty?) ? nil : ret
129
+ end
130
+
131
+ ##
132
+ # Reads at most _maxlen_ bytes from the stream. If _buf_ is provided it
133
+ # must reference a string which will receive the data.
134
+ #
135
+ # See IO#readpartial for full details.
136
+
137
+ def readpartial(maxlen, buf=nil)
138
+ if maxlen == 0
139
+ if buf
140
+ buf.clear
141
+ return buf
142
+ else
143
+ return ""
144
+ end
145
+ end
146
+ if @rbuffer.empty?
147
+ begin
148
+ return sysread(maxlen, buf)
149
+ rescue Errno::EAGAIN
150
+ retry
151
+ end
152
+ end
153
+ ret = consume_rbuff(maxlen)
154
+ if buf
155
+ buf.replace(ret)
156
+ ret = buf
157
+ end
158
+ ret
159
+ end
160
+
161
+ ##
162
+ # Reads at most _maxlen_ bytes in the non-blocking manner.
163
+ #
164
+ # When no data can be read without blocking it raises
165
+ # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
166
+ #
167
+ # IO::WaitReadable means SSL needs to read internally so read_nonblock
168
+ # should be called again when the underlying IO is readable.
169
+ #
170
+ # IO::WaitWritable means SSL needs to write internally so read_nonblock
171
+ # should be called again after the underlying IO is writable.
172
+ #
173
+ # OpenSSL::Buffering#read_nonblock needs two rescue clause as follows:
174
+ #
175
+ # # emulates blocking read (readpartial).
176
+ # begin
177
+ # result = ssl.read_nonblock(maxlen)
178
+ # rescue IO::WaitReadable
179
+ # IO.select([io])
180
+ # retry
181
+ # rescue IO::WaitWritable
182
+ # IO.select(nil, [io])
183
+ # retry
184
+ # end
185
+ #
186
+ # Note that one reason that read_nonblock writes to the underlying IO is
187
+ # when the peer requests a new TLS/SSL handshake. See openssl the FAQ for
188
+ # more details. http://www.openssl.org/support/faq.html
189
+ #
190
+ # By specifying a keyword argument _exception_ to +false+, you can indicate
191
+ # that read_nonblock should not raise an IO::Wait*able exception, but
192
+ # return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
193
+ # it will return +nil+ instead of raising EOFError.
194
+
195
+ def read_nonblock(maxlen, buf=nil, exception: true)
196
+ if maxlen == 0
197
+ if buf
198
+ buf.clear
199
+ return buf
200
+ else
201
+ return ""
202
+ end
203
+ end
204
+ if @rbuffer.empty?
205
+ return sysread_nonblock(maxlen, buf, exception: exception)
206
+ end
207
+ ret = consume_rbuff(maxlen)
208
+ if buf
209
+ buf.replace(ret)
210
+ ret = buf
211
+ end
212
+ ret
213
+ end
214
+
215
+ ##
216
+ # Reads the next "line" from the stream. Lines are separated by _eol_. If
217
+ # _limit_ is provided the result will not be longer than the given number of
218
+ # bytes.
219
+ #
220
+ # _eol_ may be a String or Regexp.
221
+ #
222
+ # Unlike IO#gets the line read will not be assigned to +$_+.
223
+ #
224
+ # Unlike IO#gets the separator must be provided if a limit is provided.
225
+
226
+ def gets(eol=$/, limit=nil)
227
+ idx = @rbuffer.index(eol)
228
+ until @eof
229
+ break if idx
230
+ fill_rbuff
231
+ idx = @rbuffer.index(eol)
232
+ end
233
+ if eol.is_a?(Regexp)
234
+ size = idx ? idx+$&.size : nil
235
+ else
236
+ size = idx ? idx+eol.size : nil
237
+ end
238
+ if size && limit && limit >= 0
239
+ size = [size, limit].min
240
+ end
241
+ consume_rbuff(size)
242
+ end
243
+
244
+ ##
245
+ # Executes the block for every line in the stream where lines are separated
246
+ # by _eol_.
247
+ #
248
+ # See also #gets
249
+
250
+ def each(eol=$/)
251
+ while line = self.gets(eol)
252
+ yield line
253
+ end
254
+ end
255
+ alias each_line each
256
+
257
+ ##
258
+ # Reads lines from the stream which are separated by _eol_.
259
+ #
260
+ # See also #gets
261
+
262
+ def readlines(eol=$/)
263
+ ary = []
264
+ while line = self.gets(eol)
265
+ ary << line
266
+ end
267
+ ary
268
+ end
269
+
270
+ ##
271
+ # Reads a line from the stream which is separated by _eol_.
272
+ #
273
+ # Raises EOFError if at end of file.
274
+
275
+ def readline(eol=$/)
276
+ raise EOFError if eof?
277
+ gets(eol)
278
+ end
279
+
280
+ ##
281
+ # Reads one character from the stream. Returns nil if called at end of
282
+ # file.
283
+
284
+ def getc
285
+ read(1)
286
+ end
287
+
288
+ ##
289
+ # Calls the given block once for each byte in the stream.
290
+
291
+ def each_byte # :yields: byte
292
+ while c = getc
293
+ yield(c.ord)
294
+ end
295
+ end
296
+
297
+ ##
298
+ # Reads a one-character string from the stream. Raises an EOFError at end
299
+ # of file.
300
+
301
+ def readchar
302
+ raise EOFError if eof?
303
+ getc
304
+ end
305
+
306
+ ##
307
+ # Pushes character _c_ back onto the stream such that a subsequent buffered
308
+ # character read will return it.
309
+ #
310
+ # Unlike IO#getc multiple bytes may be pushed back onto the stream.
311
+ #
312
+ # Has no effect on unbuffered reads (such as #sysread).
313
+
314
+ def ungetc(c)
315
+ @rbuffer[0,0] = c.chr
316
+ end
317
+
318
+ ##
319
+ # Returns true if the stream is at file which means there is no more data to
320
+ # be read.
321
+
322
+ def eof?
323
+ fill_rbuff if !@eof && @rbuffer.empty?
324
+ @eof && @rbuffer.empty?
325
+ end
326
+ alias eof eof?
327
+
328
+ #
329
+ # for writing.
330
+ #
331
+ private
332
+
333
+ ##
334
+ # Writes _s_ to the buffer. When the buffer is full or #sync is true the
335
+ # buffer is flushed to the underlying socket.
336
+
337
+ def do_write(s)
338
+ @wbuffer = Buffer.new unless defined? @wbuffer
339
+ @wbuffer << s
340
+ @wbuffer.force_encoding(Encoding::BINARY)
341
+ @sync ||= false
342
+ if @sync or @wbuffer.size > BLOCK_SIZE
343
+ until @wbuffer.empty?
344
+ begin
345
+ nwrote = syswrite(@wbuffer)
346
+ rescue Errno::EAGAIN
347
+ retry
348
+ end
349
+ @wbuffer[0, nwrote] = ""
350
+ end
351
+ end
352
+ end
353
+
354
+ public
355
+
356
+ ##
357
+ # Writes _s_ to the stream. If the argument is not a String it will be
358
+ # converted using +.to_s+ method. Returns the number of bytes written.
359
+
360
+ def write(*s)
361
+ s.inject(0) do |written, str|
362
+ do_write(str)
363
+ written + str.bytesize
364
+ end
365
+ end
366
+
367
+ ##
368
+ # Writes _s_ in the non-blocking manner.
369
+ #
370
+ # If there is buffered data, it is flushed first. This may block.
371
+ #
372
+ # write_nonblock returns number of bytes written to the SSL connection.
373
+ #
374
+ # When no data can be written without blocking it raises
375
+ # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
376
+ #
377
+ # IO::WaitReadable means SSL needs to read internally so write_nonblock
378
+ # should be called again after the underlying IO is readable.
379
+ #
380
+ # IO::WaitWritable means SSL needs to write internally so write_nonblock
381
+ # should be called again after underlying IO is writable.
382
+ #
383
+ # So OpenSSL::Buffering#write_nonblock needs two rescue clause as follows.
384
+ #
385
+ # # emulates blocking write.
386
+ # begin
387
+ # result = ssl.write_nonblock(str)
388
+ # rescue IO::WaitReadable
389
+ # IO.select([io])
390
+ # retry
391
+ # rescue IO::WaitWritable
392
+ # IO.select(nil, [io])
393
+ # retry
394
+ # end
395
+ #
396
+ # Note that one reason that write_nonblock reads from the underlying IO
397
+ # is when the peer requests a new TLS/SSL handshake. See the openssl FAQ
398
+ # for more details. http://www.openssl.org/support/faq.html
399
+ #
400
+ # By specifying a keyword argument _exception_ to +false+, you can indicate
401
+ # that write_nonblock should not raise an IO::Wait*able exception, but
402
+ # return the symbol +:wait_writable+ or +:wait_readable+ instead.
403
+
404
+ def write_nonblock(s, exception: true)
405
+ flush
406
+ syswrite_nonblock(s, exception: exception)
407
+ end
408
+
409
+ ##
410
+ # Writes _s_ to the stream. _s_ will be converted to a String using
411
+ # +.to_s+ method.
412
+
413
+ def <<(s)
414
+ do_write(s)
415
+ self
416
+ end
417
+
418
+ ##
419
+ # Writes _args_ to the stream along with a record separator.
420
+ #
421
+ # See IO#puts for full details.
422
+
423
+ def puts(*args)
424
+ s = Buffer.new
425
+ if args.empty?
426
+ s << "\n"
427
+ end
428
+ args.each{|arg|
429
+ s << arg.to_s
430
+ s.sub!(/(?<!\n)\z/, "\n")
431
+ }
432
+ do_write(s)
433
+ nil
434
+ end
435
+
436
+ ##
437
+ # Writes _args_ to the stream.
438
+ #
439
+ # See IO#print for full details.
440
+
441
+ def print(*args)
442
+ s = Buffer.new
443
+ args.each{ |arg| s << arg.to_s }
444
+ do_write(s)
445
+ nil
446
+ end
447
+
448
+ ##
449
+ # Formats and writes to the stream converting parameters under control of
450
+ # the format string.
451
+ #
452
+ # See Kernel#sprintf for format string details.
453
+
454
+ def printf(s, *args)
455
+ do_write(s % args)
456
+ nil
457
+ end
458
+
459
+ ##
460
+ # Flushes buffered data to the SSLSocket.
461
+
462
+ def flush
463
+ osync = @sync
464
+ @sync = true
465
+ do_write ""
466
+ return self
467
+ ensure
468
+ @sync = osync
469
+ end
470
+
471
+ ##
472
+ # Closes the SSLSocket and flushes any unwritten data.
473
+
474
+ def close
475
+ flush rescue nil
476
+ sysclose
477
+ end
478
+ end
@@ -0,0 +1,67 @@
1
+ # frozen_string_literal: true
2
+ #--
3
+ # = Ruby-space predefined Cipher subclasses
4
+ #
5
+ # = Info
6
+ # 'OpenSSL for Ruby 2' project
7
+ # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
8
+ # All rights reserved.
9
+ #
10
+ # = Licence
11
+ # This program is licensed under the same licence as Ruby.
12
+ # (See the file 'LICENCE'.)
13
+ #++
14
+
15
+ module OpenSSL
16
+ class Cipher
17
+ %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
18
+ klass = Class.new(Cipher){
19
+ define_method(:initialize){|*args|
20
+ cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
21
+ super(cipher_name.downcase)
22
+ }
23
+ }
24
+ const_set(name, klass)
25
+ }
26
+
27
+ %w(128 192 256).each{|keylen|
28
+ klass = Class.new(Cipher){
29
+ define_method(:initialize){|mode = "CBC"|
30
+ super("aes-#{keylen}-#{mode}".downcase)
31
+ }
32
+ }
33
+ const_set("AES#{keylen}", klass)
34
+ }
35
+
36
+ # call-seq:
37
+ # cipher.random_key -> key
38
+ #
39
+ # Generate a random key with OpenSSL::Random.random_bytes and sets it to
40
+ # the cipher, and returns it.
41
+ #
42
+ # You must call #encrypt or #decrypt before calling this method.
43
+ def random_key
44
+ str = OpenSSL::Random.random_bytes(self.key_len)
45
+ self.key = str
46
+ end
47
+
48
+ # call-seq:
49
+ # cipher.random_iv -> iv
50
+ #
51
+ # Generate a random IV with OpenSSL::Random.random_bytes and sets it to the
52
+ # cipher, and returns it.
53
+ #
54
+ # You must call #encrypt or #decrypt before calling this method.
55
+ def random_iv
56
+ str = OpenSSL::Random.random_bytes(self.iv_len)
57
+ self.iv = str
58
+ end
59
+
60
+ # Deprecated.
61
+ #
62
+ # This class is only provided for backwards compatibility.
63
+ # Use OpenSSL::Cipher.
64
+ class Cipher < Cipher; end
65
+ deprecate_constant :Cipher
66
+ end # Cipher
67
+ end # OpenSSL