openssl 2.0.0.beta.1

data/lib/openssl/cipher.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: false
+#--
+# = Ruby-space predefined Cipher subclasses
+#
+# = Info
+# 'OpenSSL for Ruby 2' project
+# Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+# All rights reserved.
+#
+# = Licence
+# This program is licensed under the same licence as Ruby.
+# (See the file 'LICENCE'.)
+#++
+
+module OpenSSL
+  class Cipher
+    %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
+      klass = Class.new(Cipher){
+        define_method(:initialize){|*args|
+          cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
+          super(cipher_name.downcase)
+        }
+      }
+      const_set(name, klass)
+    }
+
+    %w(128 192 256).each{|keylen|
+      klass = Class.new(Cipher){
+        define_method(:initialize){|mode = "CBC"|
+          super("aes-#{keylen}-#{mode}".downcase)
+        }
+      }
+      const_set("AES#{keylen}", klass)
+    }
+
+    # call-seq:
+    #   cipher.random_key -> key
+    #
+    # Generate a random key with OpenSSL::Random.random_bytes and sets it to
+    # the cipher, and returns it.
+    #
+    # You must call #encrypt or #decrypt before calling this method.
+    def random_key
+      str = OpenSSL::Random.random_bytes(self.key_len)
+      self.key = str
+    end
+
+    # call-seq:
+    #   cipher.random_iv -> iv
+    #
+    # Generate a random IV with OpenSSL::Random.random_bytes and sets it to the
+    # cipher, and returns it.
+    #
+    # You must call #encrypt or #decrypt before calling this method.
+    def random_iv
+      str = OpenSSL::Random.random_bytes(self.iv_len)
+      self.iv = str
+    end
+
+    # Deprecated.
+    #
+    # This class is only provided for backwards compatibility.
+    # Use OpenSSL::Cipher.
+    class Cipher < Cipher; end
+    deprecate_constant :Cipher
+  end # Cipher
+end # OpenSSL

data/lib/openssl/config.rb

@@ -0,0 +1,473 @@
+# frozen_string_literal: false
+=begin
+= Ruby-space definitions that completes C-space funcs for Config
+
+= Info
+  Copyright (C) 2010  Hiroshi Nakamura <nahi@ruby-lang.org>
+
+= Licence
+  This program is licensed under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+=end
+
+require 'stringio'
+
+module OpenSSL
+  ##
+  # = OpenSSL::Config
+  #
+  # Configuration for the openssl library.
+  #
+  # Many system's installation of openssl library will depend on your system
+  # configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
+  # the location of the file for your host.
+  #
+  # See also http://www.openssl.org/docs/apps/config.html
+  class Config
+    include Enumerable
+
+    class << self
+
+      ##
+      # Parses a given +string+ as a blob that contains configuration for openssl.
+      #
+      # If the source of the IO is a file, then consider using #parse_config.
+      def parse(string)
+        c = new()
+        parse_config(StringIO.new(string)).each do |section, hash|
+          c[section] = hash
+        end
+        c
+      end
+
+      ##
+      # load is an alias to ::new
+      alias load new
+
+      ##
+      # Parses the configuration data read from +io+, see also #parse.
+      #
+      # Raises a ConfigError on invalid configuration data.
+      def parse_config(io)
+        begin
+          parse_config_lines(io)
+        rescue ConfigError => e
+          e.message.replace("error in line #{io.lineno}: " + e.message)
+          raise
+        end
+      end
+
+      def get_key_string(data, section, key) # :nodoc:
+        if v = data[section] && data[section][key]
+          return v
+        elsif section == 'ENV'
+          if v = ENV[key]
+            return v
+          end
+        end
+        if v = data['default'] && data['default'][key]
+          return v
+        end
+      end
+
+    private
+
+      def parse_config_lines(io)
+        section = 'default'
+        data = {section => {}}
+        while definition = get_definition(io)
+          definition = clear_comments(definition)
+          next if definition.empty?
+          if definition[0] == ?[
+            if /\[([^\]]*)\]/ =~ definition
+              section = $1.strip
+              data[section] ||= {}
+            else
+              raise ConfigError, "missing close square bracket"
+            end
+          else
+            if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
+              if $2
+                section = $1
+                key = $2
+              else
+                key = $1
+              end
+              value = unescape_value(data, section, $3)
+              (data[section] ||= {})[key] = value.strip
+            else
+              raise ConfigError, "missing equal sign"
+            end
+          end
+        end
+        data
+      end
+
+      # escape with backslash
+      QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
+      # escape with backslash and doubled dq
+      QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
+      # escaped char map
+      ESCAPE_MAP = {
+        "r" => "\r",
+        "n" => "\n",
+        "b" => "\b",
+        "t" => "\t",
+      }
+
+      def unescape_value(data, section, value)
+        scanned = []
+        while m = value.match(/['"\\$]/)
+          scanned << m.pre_match
+          c = m[0]
+          value = m.post_match
+          case c
+          when "'"
+            if m = value.match(QUOTE_REGEXP_SQ)
+              scanned << m[1].gsub(/\\(.)/, '\\1')
+              value = m.post_match
+            else
+              break
+            end
+          when '"'
+            if m = value.match(QUOTE_REGEXP_DQ)
+              scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
+              value = m.post_match
+            else
+              break
+            end
+          when "\\"
+            c = value.slice!(0, 1)
+            scanned << (ESCAPE_MAP[c] || c)
+          when "$"
+            ref, value = extract_reference(value)
+            refsec = section
+            if ref.index('::')
+              refsec, ref = ref.split('::', 2)
+            end
+            if v = get_key_string(data, refsec, ref)
+              scanned << v
+            else
+              raise ConfigError, "variable has no value"
+            end
+          else
+            raise 'must not reaced'
+          end
+        end
+        scanned << value
+        scanned.join
+      end
+
+      def extract_reference(value)
+        rest = ''
+        if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
+          value = m[1] || m[2]
+          rest = m.post_match
+        elsif [?(, ?{].include?(value[0])
+          raise ConfigError, "no close brace"
+        end
+        if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
+          return m[0], m.post_match + rest
+        else
+          raise
+        end
+      end
+
+      def clear_comments(line)
+        # FCOMMENT
+        if m = line.match(/\A([\t\n\f ]*);.*\z/)
+          return m[1]
+        end
+        # COMMENT
+        scanned = []
+        while m = line.match(/[#'"\\]/)
+          scanned << m.pre_match
+          c = m[0]
+          line = m.post_match
+          case c
+          when '#'
+            line = nil
+            break
+          when "'", '"'
+            regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
+            scanned << c
+            if m = line.match(regexp)
+              scanned << m[0]
+              line = m.post_match
+            else
+              scanned << line
+              line = nil
+              break
+            end
+          when "\\"
+            scanned << c
+            scanned << line.slice!(0, 1)
+          else
+            raise 'must not reaced'
+          end
+        end
+        scanned << line
+        scanned.join
+      end
+
+      def get_definition(io)
+        if line = get_line(io)
+          while /[^\\]\\\z/ =~ line
+            if extra = get_line(io)
+              line += extra
+            else
+              break
+            end
+          end
+          return line.strip
+        end
+      end
+
+      def get_line(io)
+        if line = io.gets
+          line.gsub(/[\r\n]*/, '')
+        end
+      end
+    end
+
+    ##
+    # Creates an instance of OpenSSL's configuration class.
+    #
+    # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
+    #
+    # If the optional +filename+ parameter is provided, then it is read in and
+    # parsed via #parse_config.
+    #
+    # This can raise IO exceptions based on the access, or availability of the
+    # file. A ConfigError exception may be raised depending on the validity of
+    # the data being configured.
+    #
+    def initialize(filename = nil)
+      @data = {}
+      if filename
+        File.open(filename.to_s) do |file|
+          Config.parse_config(file).each do |section, hash|
+            self[section] = hash
+          end
+        end
+      end
+    end
+
+    ##
+    # Gets the value of +key+ from the given +section+
+    #
+    # Given the following configurating file being loaded:
+    #
+    #   config = OpenSSL::Config.load('foo.cnf')
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #
+    # You can get a specific value from the config if you know the +section+
+    # and +key+ like so:
+    #
+    #   config.get_value('default','foo')
+    #     #=> "bar"
+    #
+    def get_value(section, key)
+      if section.nil?
+        raise TypeError.new('nil not allowed')
+      end
+      section = 'default' if section.empty?
+      get_key_string(section, key)
+    end
+
+    ##
+    #
+    # *Deprecated*
+    #
+    # Use #get_value instead
+    def value(arg1, arg2 = nil) # :nodoc:
+      warn('Config#value is deprecated; use Config#get_value')
+      if arg2.nil?
+        section, key = 'default', arg1
+      else
+        section, key = arg1, arg2
+      end
+      section ||= 'default'
+      section = 'default' if section.empty?
+      get_key_string(section, key)
+    end
+
+    ##
+    # Set the target +key+ with a given +value+ under a specific +section+.
+    #
+    # Given the following configurating file being loaded:
+    #
+    #   config = OpenSSL::Config.load('foo.cnf')
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #
+    # You can set the value of +foo+ under the +default+ section to a new
+    # value:
+    #
+    #   config.add_value('default', 'foo', 'buzz')
+    #     #=> "buzz"
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=buzz
+    #
+    def add_value(section, key, value)
+      check_modify
+      (@data[section] ||= {})[key] = value
+    end
+
+    ##
+    # Get a specific +section+ from the current configuration
+    #
+    # Given the following configurating file being loaded:
+    #
+    #   config = OpenSSL::Config.load('foo.cnf')
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #
+    # You can get a hash of the specific section like so:
+    #
+    #   config['default']
+    #     #=> {"foo"=>"bar"}
+    #
+    def [](section)
+      @data[section] || {}
+    end
+
+    ##
+    # Deprecated
+    #
+    # Use #[] instead
+    def section(name) # :nodoc:
+      warn('Config#section is deprecated; use Config#[]')
+      @data[name] || {}
+    end
+
+    ##
+    # Sets a specific +section+ name with a Hash +pairs+
+    #
+    # Given the following configuration being created:
+    #
+    #   config = OpenSSL::Config.new
+    #     #=> #<OpenSSL::Config sections=[]>
+    #   config['default'] = {"foo"=>"bar","baz"=>"buz"}
+    #     #=> {"foo"=>"bar", "baz"=>"buz"}
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #     #   baz=buz
+    #
+    # It's important to note that this will essentially merge any of the keys
+    # in +pairs+ with the existing +section+. For example:
+    #
+    #   config['default']
+    #     #=> {"foo"=>"bar", "baz"=>"buz"}
+    #   config['default'] = {"foo" => "changed"}
+    #     #=> {"foo"=>"changed"}
+    #   config['default']
+    #     #=> {"foo"=>"changed", "baz"=>"buz"}
+    #
+    def []=(section, pairs)
+      check_modify
+      @data[section] ||= {}
+      pairs.each do |key, value|
+        self.add_value(section, key, value)
+      end
+    end
+
+    ##
+    # Get the names of all sections in the current configuration
+    def sections
+      @data.keys
+    end
+
+    ##
+    # Get the parsable form of the current configuration
+    #
+    # Given the following configuration being created:
+    #
+    #   config = OpenSSL::Config.new
+    #     #=> #<OpenSSL::Config sections=[]>
+    #   config['default'] = {"foo"=>"bar","baz"=>"buz"}
+    #     #=> {"foo"=>"bar", "baz"=>"buz"}
+    #   puts config.to_s
+    #     #=> [ default ]
+    #     #   foo=bar
+    #     #   baz=buz
+    #
+    # You can parse get the serialized configuration using #to_s and then parse
+    # it later:
+    #
+    #   serialized_config = config.to_s
+    #   # much later...
+    #   new_config = OpenSSL::Config.parse(serialized_config)
+    #     #=> #<OpenSSL::Config sections=["default"]>
+    #   puts new_config
+    #     #=> [ default ]
+    #         foo=bar
+    #         baz=buz
+    #
+    def to_s
+      ary = []
+      @data.keys.sort.each do |section|
+        ary << "[ #{section} ]\n"
+        @data[section].keys.each do |key|
+          ary << "#{key}=#{@data[section][key]}\n"
+        end
+        ary << "\n"
+      end
+      ary.join
+    end
+
+    ##
+    # For a block.
+    #
+    # Receive the section and its pairs for the current configuration.
+    #
+    #   config.each do |section, key, value|
+    #     # ...
+    #   end
+    #
+    def each
+      @data.each do |section, hash|
+        hash.each do |key, value|
+          yield [section, key, value]
+        end
+      end
+    end
+
+    ##
+    # String representation of this configuration object, including the class
+    # name and its sections.
+    def inspect
+      "#<#{self.class.name} sections=#{sections.inspect}>"
+    end
+
+  protected
+
+    def data # :nodoc:
+      @data
+    end
+
+  private
+
+    def initialize_copy(other)
+      @data = other.data.dup
+    end
+
+    def check_modify
+      raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
+    end
+
+    def get_key_string(section, key)
+      Config.get_key_string(@data, section, key)
+    end
+  end
+end