openssl 2.0.0.beta.2 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +1 -1
- data/History.md +4 -1
- data/README.md +4 -8
- data/ext/openssl/extconf.rb +0 -6
- data/ext/openssl/ossl.c +27 -88
- data/ext/openssl/ossl.h +3 -39
- data/ext/openssl/ossl_asn1.c +69 -129
- data/ext/openssl/ossl_bio.c +0 -3
- data/ext/openssl/ossl_bn.c +9 -8
- data/ext/openssl/ossl_cipher.c +39 -40
- data/ext/openssl/ossl_digest.c +22 -15
- data/ext/openssl/ossl_engine.c +1 -18
- data/ext/openssl/ossl_ns_spki.c +1 -6
- data/ext/openssl/ossl_pkcs7.c +1 -1
- data/ext/openssl/ossl_pkey.c +75 -32
- data/ext/openssl/ossl_pkey.h +0 -1
- data/ext/openssl/ossl_pkey_dh.c +1 -1
- data/ext/openssl/ossl_pkey_dsa.c +2 -4
- data/ext/openssl/ossl_pkey_ec.c +39 -25
- data/ext/openssl/ossl_pkey_rsa.c +5 -7
- data/ext/openssl/ossl_ssl.c +105 -79
- data/ext/openssl/ossl_ssl_session.c +19 -36
- data/ext/openssl/ossl_x509.h +6 -3
- data/ext/openssl/ossl_x509cert.c +1 -1
- data/ext/openssl/ossl_x509crl.c +5 -24
- data/ext/openssl/ossl_x509name.c +3 -5
- data/ext/openssl/ossl_x509req.c +4 -18
- data/ext/openssl/ossl_x509store.c +83 -25
- data/ext/openssl/ruby_missing.h +0 -9
- data/lib/openssl/buffering.rb +9 -1
- data/lib/openssl/ssl.rb +8 -12
- metadata +17 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 03d318590b847c8c1c1b994254b8e2487107bf31
|
4
|
+
data.tar.gz: 67dee2b7da3246aa429b2a35ec3fc44c93a7cc8f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2797a1a1a48b1ddd8181f668a4bbda6efa4362f20a8aaf05b8e9e14e403f25bc98eeec8a4749c98756ce88da465b21c5494432dcebcdbd52437805209f376b1d
|
7
|
+
data.tar.gz: e49508cdc45afcc6c564b4de70f1029b163c2660a583b06059f524b1a67e1295171bc253c2172d0ae7e77ac59d44a7b9edebc7415e135b5838120bca3dba3f05
|
data/CONTRIBUTING.md
CHANGED
data/History.md
CHANGED
@@ -17,7 +17,7 @@ Supported platforms
|
|
17
17
|
|
18
18
|
* OpenSSL 1.0.0, 1.0.1, 1.0.2, 1.1.0
|
19
19
|
* OpenSSL < 0.9.8 is no longer supported.
|
20
|
-
* LibreSSL 2.
|
20
|
+
* LibreSSL 2.3, 2.4, 2.5
|
21
21
|
* Ruby 2.3, 2.4
|
22
22
|
|
23
23
|
Notable changes
|
@@ -70,6 +70,9 @@ Notable changes
|
|
70
70
|
linked with the EC key. Modifications to the EC::Group have no effect on the
|
71
71
|
key. [[GH ruby/openssl#71]](https://github.com/ruby/openssl/pull/71)
|
72
72
|
|
73
|
+
- OpenSSL::PKey::EC::Point#to_bn allows specifying the point conversion form
|
74
|
+
by the optional argument.
|
75
|
+
|
73
76
|
* OpenSSL::SSL
|
74
77
|
|
75
78
|
- OpenSSL::SSL::SSLSocket#tmp_key is added. A client can call it after the
|
data/README.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
|
-
# OpenSSL
|
1
|
+
# OpenSSL for Ruby
|
2
2
|
|
3
3
|
[](https://travis-ci.org/ruby/openssl)
|
4
|
+
[](https://ci.appveyor.com/project/ruby/openssl/branch/master)
|
4
5
|
|
5
6
|
OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
|
6
7
|
OpenSSL library.
|
@@ -48,14 +49,9 @@ gem "openssl"
|
|
48
49
|
require "openssl"
|
49
50
|
```
|
50
51
|
|
51
|
-
|
52
|
-
and the official [OpenSSL library](http://www.openssl.org/).
|
52
|
+
## Documentation
|
53
53
|
|
54
|
-
|
55
|
-
|
56
|
-
1. `$ gem install rake-compiler test-unit`
|
57
|
-
2. `$ rake compile`
|
58
|
-
3. `$ rake test`
|
54
|
+
See https://ruby.github.io/openssl/.
|
59
55
|
|
60
56
|
## Contributing
|
61
57
|
|
data/ext/openssl/extconf.rb
CHANGED
@@ -33,14 +33,8 @@ end
|
|
33
33
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
34
34
|
have_library("nsl", "t_open")
|
35
35
|
have_library("socket", "socket")
|
36
|
-
have_header("assert.h")
|
37
36
|
|
38
37
|
Logging::message "=== Checking for required stuff... ===\n"
|
39
|
-
if $mingw
|
40
|
-
have_library("wsock32")
|
41
|
-
have_library("gdi32")
|
42
|
-
end
|
43
|
-
|
44
38
|
result = pkg_config("openssl") && have_header("openssl/ssl.h")
|
45
39
|
unless result
|
46
40
|
result = have_header("openssl/ssl.h")
|
data/ext/openssl/ossl.c
CHANGED
@@ -149,7 +149,7 @@ ossl_pem_passwd_value(VALUE pass)
|
|
149
149
|
/* PEM_BUFSIZE is currently used as the second argument of pem_password_cb,
|
150
150
|
* that is +max_len+ of ossl_pem_passwd_cb() */
|
151
151
|
if (RSTRING_LEN(pass) > PEM_BUFSIZE)
|
152
|
-
ossl_raise(eOSSLError, "password must be
|
152
|
+
ossl_raise(eOSSLError, "password must not be longer than %d bytes", PEM_BUFSIZE);
|
153
153
|
|
154
154
|
return pass;
|
155
155
|
}
|
@@ -168,7 +168,8 @@ ossl_pem_passwd_cb0(VALUE flag)
|
|
168
168
|
int
|
169
169
|
ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
|
170
170
|
{
|
171
|
-
|
171
|
+
long len;
|
172
|
+
int status;
|
172
173
|
VALUE rflag, pass = (VALUE)pwd_;
|
173
174
|
|
174
175
|
if (RTEST(pass)) {
|
@@ -176,7 +177,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
|
|
176
177
|
* work because it does not allow NUL characters and truncates to 1024
|
177
178
|
* bytes silently if the input is over 1024 bytes */
|
178
179
|
if (RB_TYPE_P(pass, T_STRING)) {
|
179
|
-
len =
|
180
|
+
len = RSTRING_LEN(pass);
|
180
181
|
if (len >= OSSL_MIN_PWD_LEN && len <= max_len) {
|
181
182
|
memcpy(buf, RSTRING_PTR(pass), len);
|
182
183
|
return len;
|
@@ -203,78 +204,19 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
|
|
203
204
|
rb_set_errinfo(Qnil);
|
204
205
|
return -1;
|
205
206
|
}
|
206
|
-
len =
|
207
|
+
len = RSTRING_LEN(pass);
|
207
208
|
if (len < OSSL_MIN_PWD_LEN) {
|
208
209
|
rb_warning("password must be at least %d bytes", OSSL_MIN_PWD_LEN);
|
209
210
|
continue;
|
210
211
|
}
|
211
212
|
if (len > max_len) {
|
212
|
-
rb_warning("password must be
|
213
|
+
rb_warning("password must not be longer than %d bytes", max_len);
|
213
214
|
continue;
|
214
215
|
}
|
215
216
|
memcpy(buf, RSTRING_PTR(pass), len);
|
216
217
|
break;
|
217
218
|
}
|
218
|
-
return len;
|
219
|
-
}
|
220
|
-
|
221
|
-
/*
|
222
|
-
* Verify callback
|
223
|
-
*/
|
224
|
-
int ossl_store_ctx_ex_verify_cb_idx;
|
225
|
-
int ossl_store_ex_verify_cb_idx;
|
226
|
-
|
227
|
-
struct ossl_verify_cb_args {
|
228
|
-
VALUE proc;
|
229
|
-
VALUE preverify_ok;
|
230
|
-
VALUE store_ctx;
|
231
|
-
};
|
232
|
-
|
233
|
-
static VALUE
|
234
|
-
ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args)
|
235
|
-
{
|
236
|
-
return rb_funcall(args->proc, rb_intern("call"), 2,
|
237
|
-
args->preverify_ok, args->store_ctx);
|
238
|
-
}
|
239
|
-
|
240
|
-
int
|
241
|
-
ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
|
242
|
-
{
|
243
|
-
VALUE rctx, ret;
|
244
|
-
struct ossl_verify_cb_args args;
|
245
|
-
int state;
|
246
|
-
|
247
|
-
if (NIL_P(proc))
|
248
|
-
return ok;
|
249
|
-
|
250
|
-
ret = Qfalse;
|
251
|
-
rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state);
|
252
|
-
if (state) {
|
253
|
-
rb_set_errinfo(Qnil);
|
254
|
-
rb_warn("StoreContext initialization failure");
|
255
|
-
}
|
256
|
-
else {
|
257
|
-
args.proc = proc;
|
258
|
-
args.preverify_ok = ok ? Qtrue : Qfalse;
|
259
|
-
args.store_ctx = rctx;
|
260
|
-
ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state);
|
261
|
-
if (state) {
|
262
|
-
rb_set_errinfo(Qnil);
|
263
|
-
rb_warn("exception in verify_callback is ignored");
|
264
|
-
}
|
265
|
-
ossl_x509stctx_clear_ptr(rctx);
|
266
|
-
}
|
267
|
-
if (ret == Qtrue) {
|
268
|
-
X509_STORE_CTX_set_error(ctx, X509_V_OK);
|
269
|
-
ok = 1;
|
270
|
-
}
|
271
|
-
else {
|
272
|
-
if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
|
273
|
-
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
|
274
|
-
ok = 0;
|
275
|
-
}
|
276
|
-
|
277
|
-
return ok;
|
219
|
+
return (int)len;
|
278
220
|
}
|
279
221
|
|
280
222
|
/*
|
@@ -355,27 +297,32 @@ ossl_raise(VALUE exc, const char *fmt, ...)
|
|
355
297
|
rb_exc_raise(err);
|
356
298
|
}
|
357
299
|
|
358
|
-
VALUE
|
359
|
-
ossl_exc_new(VALUE exc, const char *fmt, ...)
|
360
|
-
{
|
361
|
-
va_list args;
|
362
|
-
VALUE err;
|
363
|
-
va_start(args, fmt);
|
364
|
-
err = ossl_make_error(exc, fmt, args);
|
365
|
-
va_end(args);
|
366
|
-
return err;
|
367
|
-
}
|
368
|
-
|
369
300
|
void
|
370
301
|
ossl_clear_error(void)
|
371
302
|
{
|
372
303
|
if (dOSSL == Qtrue) {
|
373
|
-
long e;
|
374
|
-
|
375
|
-
|
304
|
+
unsigned long e;
|
305
|
+
const char *file, *data, *errstr;
|
306
|
+
int line, flags;
|
307
|
+
|
308
|
+
while ((e = ERR_get_error_line_data(&file, &line, &data, &flags))) {
|
309
|
+
errstr = ERR_error_string(e, NULL);
|
310
|
+
if (!errstr)
|
311
|
+
errstr = "(null)";
|
312
|
+
|
313
|
+
if (flags & ERR_TXT_STRING) {
|
314
|
+
if (!data)
|
315
|
+
data = "(null)";
|
316
|
+
rb_warn("error on stack: %s (%s)", errstr, data);
|
317
|
+
}
|
318
|
+
else {
|
319
|
+
rb_warn("error on stack: %s", errstr);
|
320
|
+
}
|
376
321
|
}
|
377
322
|
}
|
378
|
-
|
323
|
+
else {
|
324
|
+
ERR_clear_error();
|
325
|
+
}
|
379
326
|
}
|
380
327
|
|
381
328
|
/*
|
@@ -1151,14 +1098,6 @@ Init_openssl(void)
|
|
1151
1098
|
rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1);
|
1152
1099
|
rb_define_module_function(mOSSL, "errors", ossl_get_errors, 0);
|
1153
1100
|
|
1154
|
-
/*
|
1155
|
-
* Verify callback Proc index for ext-data
|
1156
|
-
*/
|
1157
|
-
if ((ossl_store_ctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_store_ctx_ex_verify_cb_idx", 0, 0, 0)) < 0)
|
1158
|
-
ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index");
|
1159
|
-
if ((ossl_store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"ossl_store_ex_verify_cb_idx", 0, 0, 0)) < 0)
|
1160
|
-
ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index");
|
1161
|
-
|
1162
1101
|
/*
|
1163
1102
|
* Get ID of to_der
|
1164
1103
|
*/
|
data/ext/openssl/ossl.h
CHANGED
@@ -12,37 +12,12 @@
|
|
12
12
|
|
13
13
|
#include RUBY_EXTCONF_H
|
14
14
|
|
15
|
-
#
|
16
|
-
|
17
|
-
mX509 = rb_define_module_under(mOSSL, "X509");
|
18
|
-
#endif
|
19
|
-
|
20
|
-
/*
|
21
|
-
* OpenSSL has defined RFILE and Ruby has defined RFILE - so undef it!
|
22
|
-
*/
|
23
|
-
#if defined(RFILE) /*&& !defined(OSSL_DEBUG)*/
|
24
|
-
# undef RFILE
|
25
|
-
#endif
|
15
|
+
#include <assert.h>
|
16
|
+
#include <errno.h>
|
26
17
|
#include <ruby.h>
|
27
18
|
#include <ruby/io.h>
|
28
19
|
#include <ruby/thread.h>
|
29
|
-
|
30
20
|
#include <openssl/opensslv.h>
|
31
|
-
|
32
|
-
#ifdef HAVE_ASSERT_H
|
33
|
-
# include <assert.h>
|
34
|
-
#else
|
35
|
-
# define assert(condition)
|
36
|
-
#endif
|
37
|
-
|
38
|
-
#if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER)
|
39
|
-
# include <openssl/e_os2.h>
|
40
|
-
# if !defined(OPENSSL_SYS_WIN32)
|
41
|
-
# define OPENSSL_SYS_WIN32 1
|
42
|
-
# endif
|
43
|
-
# include <winsock2.h>
|
44
|
-
#endif
|
45
|
-
#include <errno.h>
|
46
21
|
#include <openssl/err.h>
|
47
22
|
#include <openssl/asn1.h>
|
48
23
|
#include <openssl/x509v3.h>
|
@@ -53,9 +28,7 @@
|
|
53
28
|
#include <openssl/rand.h>
|
54
29
|
#include <openssl/conf.h>
|
55
30
|
#include <openssl/conf_api.h>
|
56
|
-
#
|
57
|
-
# include <openssl/crypto.h>
|
58
|
-
#endif
|
31
|
+
#include <openssl/crypto.h>
|
59
32
|
#if !defined(OPENSSL_NO_ENGINE)
|
60
33
|
# include <openssl/engine.h>
|
61
34
|
#endif
|
@@ -144,18 +117,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
|
|
144
117
|
*/
|
145
118
|
#define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error())
|
146
119
|
NORETURN(void ossl_raise(VALUE, const char *, ...));
|
147
|
-
VALUE ossl_exc_new(VALUE, const char *, ...);
|
148
120
|
/* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
|
149
121
|
void ossl_clear_error(void);
|
150
122
|
|
151
|
-
/*
|
152
|
-
* Verify callback
|
153
|
-
*/
|
154
|
-
extern int ossl_store_ctx_ex_verify_cb_idx;
|
155
|
-
extern int ossl_store_ex_verify_cb_idx;
|
156
|
-
|
157
|
-
int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *);
|
158
|
-
|
159
123
|
/*
|
160
124
|
* String to DER String
|
161
125
|
*/
|
data/ext/openssl/ossl_asn1.c
CHANGED
@@ -9,15 +9,6 @@
|
|
9
9
|
*/
|
10
10
|
#include "ossl.h"
|
11
11
|
|
12
|
-
#if defined(HAVE_SYS_TIME_H)
|
13
|
-
# include <sys/time.h>
|
14
|
-
#elif !defined(NT) && !defined(_WIN32)
|
15
|
-
struct timeval {
|
16
|
-
long tv_sec; /* seconds */
|
17
|
-
long tv_usec; /* and microseconds */
|
18
|
-
};
|
19
|
-
#endif
|
20
|
-
|
21
12
|
static VALUE join_der(VALUE enumerable);
|
22
13
|
static VALUE ossl_asn1_decode0(unsigned char **pp, long length, long *offset,
|
23
14
|
int depth, int yield, long *num_read);
|
@@ -110,16 +101,11 @@ asn1str_to_str(const ASN1_STRING *str)
|
|
110
101
|
|
111
102
|
/*
|
112
103
|
* ASN1_INTEGER conversions
|
113
|
-
* TODO: Make a decision what's the right way to do this.
|
114
104
|
*/
|
115
|
-
#define DO_IT_VIA_RUBY 0
|
116
105
|
VALUE
|
117
106
|
asn1integer_to_num(const ASN1_INTEGER *ai)
|
118
107
|
{
|
119
108
|
BIGNUM *bn;
|
120
|
-
#if DO_IT_VIA_RUBY
|
121
|
-
char *txt;
|
122
|
-
#endif
|
123
109
|
VALUE num;
|
124
110
|
|
125
111
|
if (!ai) {
|
@@ -133,43 +119,12 @@ asn1integer_to_num(const ASN1_INTEGER *ai)
|
|
133
119
|
|
134
120
|
if (!bn)
|
135
121
|
ossl_raise(eOSSLError, NULL);
|
136
|
-
#if DO_IT_VIA_RUBY
|
137
|
-
if (!(txt = BN_bn2dec(bn))) {
|
138
|
-
BN_free(bn);
|
139
|
-
ossl_raise(eOSSLError, NULL);
|
140
|
-
}
|
141
|
-
num = rb_cstr_to_inum(txt, 10, Qtrue);
|
142
|
-
OPENSSL_free(txt);
|
143
|
-
#else
|
144
122
|
num = ossl_bn_new(bn);
|
145
|
-
#endif
|
146
123
|
BN_free(bn);
|
147
124
|
|
148
125
|
return num;
|
149
126
|
}
|
150
127
|
|
151
|
-
#if DO_IT_VIA_RUBY
|
152
|
-
ASN1_INTEGER *
|
153
|
-
num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
|
154
|
-
{
|
155
|
-
BIGNUM *bn = NULL;
|
156
|
-
|
157
|
-
if (RTEST(rb_obj_is_kind_of(obj, cBN))) {
|
158
|
-
bn = GetBNPtr(obj);
|
159
|
-
} else {
|
160
|
-
obj = rb_String(obj);
|
161
|
-
if (!BN_dec2bn(&bn, StringValueCStr(obj))) {
|
162
|
-
ossl_raise(eOSSLError, NULL);
|
163
|
-
}
|
164
|
-
}
|
165
|
-
if (!(ai = BN_to_ASN1_INTEGER(bn, ai))) {
|
166
|
-
BN_free(bn);
|
167
|
-
ossl_raise(eOSSLError, NULL);
|
168
|
-
}
|
169
|
-
BN_free(bn);
|
170
|
-
return ai;
|
171
|
-
}
|
172
|
-
#else
|
173
128
|
ASN1_INTEGER *
|
174
129
|
num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
|
175
130
|
{
|
@@ -185,7 +140,6 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
|
|
185
140
|
|
186
141
|
return ai;
|
187
142
|
}
|
188
|
-
#endif
|
189
143
|
|
190
144
|
/********/
|
191
145
|
/*
|
@@ -225,9 +179,10 @@ VALUE cASN1ObjectId; /* OBJECT IDENTIFIER */
|
|
225
179
|
VALUE cASN1UTCTime, cASN1GeneralizedTime; /* TIME */
|
226
180
|
VALUE cASN1Sequence, cASN1Set; /* CONSTRUCTIVE */
|
227
181
|
|
228
|
-
static
|
229
|
-
static
|
182
|
+
static VALUE sym_IMPLICIT, sym_EXPLICIT;
|
183
|
+
static VALUE sym_UNIVERSAL, sym_APPLICATION, sym_CONTEXT_SPECIFIC, sym_PRIVATE;
|
230
184
|
static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINFINITE_LENGTH, sivUNUSED_BITS;
|
185
|
+
static ID id_each;
|
231
186
|
|
232
187
|
/*
|
233
188
|
* Ruby to ASN1 converters
|
@@ -364,13 +319,12 @@ decode_bool(unsigned char* der, long length)
|
|
364
319
|
{
|
365
320
|
const unsigned char *p = der;
|
366
321
|
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
ossl_raise(eASN1Error, "length is not 1");
|
322
|
+
if (length != 3)
|
323
|
+
ossl_raise(eASN1Error, "invalid length for BOOLEAN");
|
324
|
+
if (p[0] != 1 || p[1] != 1)
|
325
|
+
ossl_raise(eASN1Error, "invalid BOOLEAN");
|
372
326
|
|
373
|
-
return
|
327
|
+
return p[2] ? Qtrue : Qfalse;
|
374
328
|
}
|
375
329
|
|
376
330
|
static VALUE
|
@@ -632,17 +586,14 @@ ossl_asn1_default_tag(VALUE obj)
|
|
632
586
|
VALUE tmp_class, tag;
|
633
587
|
|
634
588
|
tmp_class = CLASS_OF(obj);
|
635
|
-
while (tmp_class) {
|
589
|
+
while (!NIL_P(tmp_class)) {
|
636
590
|
tag = rb_hash_lookup(class_tag_map, tmp_class);
|
637
|
-
if (tag != Qnil)
|
638
|
-
|
639
|
-
|
640
|
-
tmp_class = rb_class_superclass(tmp_class);
|
591
|
+
if (tag != Qnil)
|
592
|
+
return NUM2INT(tag);
|
593
|
+
tmp_class = rb_class_superclass(tmp_class);
|
641
594
|
}
|
642
595
|
ossl_raise(eASN1Error, "universal tag for %"PRIsVALUE" not found",
|
643
596
|
rb_obj_class(obj));
|
644
|
-
|
645
|
-
return -1; /* dummy */
|
646
597
|
}
|
647
598
|
|
648
599
|
static int
|
@@ -661,59 +612,45 @@ static int
|
|
661
612
|
ossl_asn1_is_explicit(VALUE obj)
|
662
613
|
{
|
663
614
|
VALUE s;
|
664
|
-
int ret = -1;
|
665
615
|
|
666
616
|
s = ossl_asn1_get_tagging(obj);
|
667
|
-
if(NIL_P(s)
|
668
|
-
|
669
|
-
|
670
|
-
|
671
|
-
|
672
|
-
ret = 1;
|
673
|
-
}
|
674
|
-
if(ret < 0){
|
617
|
+
if (NIL_P(s) || s == sym_IMPLICIT)
|
618
|
+
return 0;
|
619
|
+
else if (s == sym_EXPLICIT)
|
620
|
+
return 1;
|
621
|
+
else
|
675
622
|
ossl_raise(eASN1Error, "invalid tag default");
|
676
|
-
}
|
677
|
-
|
678
|
-
return ret;
|
679
623
|
}
|
680
624
|
|
681
625
|
static int
|
682
626
|
ossl_asn1_tag_class(VALUE obj)
|
683
627
|
{
|
684
628
|
VALUE s;
|
685
|
-
int ret = -1;
|
686
629
|
|
687
630
|
s = ossl_asn1_get_tag_class(obj);
|
688
|
-
if(NIL_P(s)
|
689
|
-
|
690
|
-
|
691
|
-
|
692
|
-
|
693
|
-
|
694
|
-
|
695
|
-
|
696
|
-
|
697
|
-
ret = V_ASN1_PRIVATE;
|
698
|
-
}
|
699
|
-
if(ret < 0){
|
631
|
+
if (NIL_P(s) || s == sym_UNIVERSAL)
|
632
|
+
return V_ASN1_UNIVERSAL;
|
633
|
+
else if (s == sym_APPLICATION)
|
634
|
+
return V_ASN1_APPLICATION;
|
635
|
+
else if (s == sym_CONTEXT_SPECIFIC)
|
636
|
+
return V_ASN1_CONTEXT_SPECIFIC;
|
637
|
+
else if (s == sym_PRIVATE)
|
638
|
+
return V_ASN1_PRIVATE;
|
639
|
+
else
|
700
640
|
ossl_raise(eASN1Error, "invalid tag class");
|
701
|
-
}
|
702
|
-
|
703
|
-
return ret;
|
704
641
|
}
|
705
642
|
|
706
643
|
static VALUE
|
707
644
|
ossl_asn1_class2sym(int tc)
|
708
645
|
{
|
709
646
|
if((tc & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
|
710
|
-
return
|
647
|
+
return sym_PRIVATE;
|
711
648
|
else if((tc & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
|
712
|
-
return
|
649
|
+
return sym_CONTEXT_SPECIFIC;
|
713
650
|
else if((tc & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
|
714
|
-
return
|
651
|
+
return sym_APPLICATION;
|
715
652
|
else
|
716
|
-
return
|
653
|
+
return sym_UNIVERSAL;
|
717
654
|
}
|
718
655
|
|
719
656
|
/*
|
@@ -737,7 +674,7 @@ ossl_asn1data_initialize(VALUE self, VALUE value, VALUE tag, VALUE tag_class)
|
|
737
674
|
{
|
738
675
|
if(!SYMBOL_P(tag_class))
|
739
676
|
ossl_raise(eASN1Error, "invalid tag class");
|
740
|
-
if(
|
677
|
+
if (tag_class == sym_UNIVERSAL && NUM2INT(tag) > 31)
|
741
678
|
ossl_raise(eASN1Error, "tag number for Universal too large");
|
742
679
|
ossl_asn1_set_tag(self, tag);
|
743
680
|
ossl_asn1_set_value(self, value);
|
@@ -760,7 +697,7 @@ static VALUE
|
|
760
697
|
join_der(VALUE enumerable)
|
761
698
|
{
|
762
699
|
VALUE str = rb_str_new(0, 0);
|
763
|
-
rb_block_call(enumerable,
|
700
|
+
rb_block_call(enumerable, id_each, 0, 0, join_der_i, str);
|
764
701
|
return str;
|
765
702
|
}
|
766
703
|
|
@@ -816,7 +753,7 @@ int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
|
|
816
753
|
|
817
754
|
p = *pp;
|
818
755
|
|
819
|
-
if(tc ==
|
756
|
+
if(tc == sym_UNIVERSAL && tag < ossl_asn1_info_size) {
|
820
757
|
switch(tag){
|
821
758
|
case V_ASN1_EOC:
|
822
759
|
value = decode_eoc(p, hlen+length);
|
@@ -858,13 +795,14 @@ int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
|
|
858
795
|
*pp += hlen + length;
|
859
796
|
*num_read = hlen + length;
|
860
797
|
|
861
|
-
if (tc ==
|
798
|
+
if (tc == sym_UNIVERSAL &&
|
799
|
+
tag < ossl_asn1_info_size && ossl_asn1_info[tag].klass) {
|
862
800
|
VALUE klass = *ossl_asn1_info[tag].klass;
|
863
801
|
VALUE args[4];
|
864
802
|
args[0] = value;
|
865
803
|
args[1] = INT2NUM(tag);
|
866
804
|
args[2] = Qnil;
|
867
|
-
args[3] =
|
805
|
+
args[3] = tc;
|
868
806
|
asn1data = rb_obj_alloc(klass);
|
869
807
|
ossl_asn1_initialize(4, args, asn1data);
|
870
808
|
if(tag == V_ASN1_BIT_STRING){
|
@@ -873,7 +811,7 @@ int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
|
|
873
811
|
}
|
874
812
|
else {
|
875
813
|
asn1data = rb_obj_alloc(cASN1Data);
|
876
|
-
ossl_asn1data_initialize(asn1data, value, INT2NUM(tag),
|
814
|
+
ossl_asn1data_initialize(asn1data, value, INT2NUM(tag), tc);
|
877
815
|
}
|
878
816
|
|
879
817
|
return asn1data;
|
@@ -886,28 +824,27 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
|
|
886
824
|
{
|
887
825
|
VALUE value, asn1data, ary;
|
888
826
|
int infinite;
|
889
|
-
long off = *offset;
|
827
|
+
long available_len, off = *offset;
|
890
828
|
|
891
829
|
infinite = (j == 0x21);
|
892
830
|
ary = rb_ary_new();
|
893
831
|
|
894
|
-
|
832
|
+
available_len = infinite ? max_len : length;
|
833
|
+
while (available_len > 0) {
|
895
834
|
long inner_read = 0;
|
896
|
-
value = ossl_asn1_decode0(pp,
|
835
|
+
value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read);
|
897
836
|
*num_read += inner_read;
|
898
|
-
|
837
|
+
available_len -= inner_read;
|
899
838
|
rb_ary_push(ary, value);
|
900
|
-
if (length > 0)
|
901
|
-
length -= inner_read;
|
902
839
|
|
903
840
|
if (infinite &&
|
904
841
|
NUM2INT(ossl_asn1_get_tag(value)) == V_ASN1_EOC &&
|
905
|
-
|
842
|
+
ossl_asn1_get_tag_class(value) == sym_UNIVERSAL) {
|
906
843
|
break;
|
907
844
|
}
|
908
845
|
}
|
909
846
|
|
910
|
-
if (tc ==
|
847
|
+
if (tc == sym_UNIVERSAL) {
|
911
848
|
VALUE args[4];
|
912
849
|
int not_sequence_or_set;
|
913
850
|
|
@@ -929,12 +866,12 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
|
|
929
866
|
args[0] = ary;
|
930
867
|
args[1] = INT2NUM(tag);
|
931
868
|
args[2] = Qnil;
|
932
|
-
args[3] =
|
869
|
+
args[3] = tc;
|
933
870
|
ossl_asn1_initialize(4, args, asn1data);
|
934
871
|
}
|
935
872
|
else {
|
936
873
|
asn1data = rb_obj_alloc(cASN1Data);
|
937
|
-
ossl_asn1data_initialize(asn1data, ary, INT2NUM(tag),
|
874
|
+
ossl_asn1data_initialize(asn1data, ary, INT2NUM(tag), tc);
|
938
875
|
}
|
939
876
|
|
940
877
|
if (infinite)
|
@@ -964,13 +901,13 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth,
|
|
964
901
|
if(j & 0x80) ossl_raise(eASN1Error, NULL);
|
965
902
|
if(len > length) ossl_raise(eASN1Error, "value is too short");
|
966
903
|
if((tc & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
|
967
|
-
tag_class =
|
904
|
+
tag_class = sym_PRIVATE;
|
968
905
|
else if((tc & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
|
969
|
-
tag_class =
|
906
|
+
tag_class = sym_CONTEXT_SPECIFIC;
|
970
907
|
else if((tc & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
|
971
|
-
tag_class =
|
908
|
+
tag_class = sym_APPLICATION;
|
972
909
|
else
|
973
|
-
tag_class =
|
910
|
+
tag_class = sym_UNIVERSAL;
|
974
911
|
|
975
912
|
hlen = p - start;
|
976
913
|
|
@@ -989,7 +926,7 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth,
|
|
989
926
|
if(j & V_ASN1_CONSTRUCTED) {
|
990
927
|
*pp += hlen;
|
991
928
|
off += hlen;
|
992
|
-
asn1data = int_ossl_asn1_decode0_cons(pp, length, len, &off, depth, yield, j, tag, tag_class, &inner_read);
|
929
|
+
asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read);
|
993
930
|
inner_read += hlen;
|
994
931
|
}
|
995
932
|
else {
|
@@ -1162,19 +1099,19 @@ ossl_asn1_initialize(int argc, VALUE *argv, VALUE self)
|
|
1162
1099
|
ossl_raise(eASN1Error, "invalid tagging method");
|
1163
1100
|
if(NIL_P(tag_class)) {
|
1164
1101
|
if (NIL_P(tagging))
|
1165
|
-
tag_class =
|
1102
|
+
tag_class = sym_UNIVERSAL;
|
1166
1103
|
else
|
1167
|
-
tag_class =
|
1104
|
+
tag_class = sym_CONTEXT_SPECIFIC;
|
1168
1105
|
}
|
1169
1106
|
if(!SYMBOL_P(tag_class))
|
1170
1107
|
ossl_raise(eASN1Error, "invalid tag class");
|
1171
|
-
if
|
1108
|
+
if (tagging == sym_IMPLICIT && NUM2INT(tag) > 31)
|
1172
1109
|
ossl_raise(eASN1Error, "tag number for Universal too large");
|
1173
1110
|
}
|
1174
1111
|
else{
|
1175
1112
|
tag = INT2NUM(ossl_asn1_default_tag(self));
|
1176
1113
|
tagging = Qnil;
|
1177
|
-
tag_class =
|
1114
|
+
tag_class = sym_UNIVERSAL;
|
1178
1115
|
}
|
1179
1116
|
ossl_asn1_set_tag(self, tag);
|
1180
1117
|
ossl_asn1_set_value(self, value);
|
@@ -1190,7 +1127,7 @@ ossl_asn1eoc_initialize(VALUE self) {
|
|
1190
1127
|
VALUE tag, tagging, tag_class, value;
|
1191
1128
|
tag = INT2NUM(ossl_asn1_default_tag(self));
|
1192
1129
|
tagging = Qnil;
|
1193
|
-
tag_class =
|
1130
|
+
tag_class = sym_UNIVERSAL;
|
1194
1131
|
value = rb_str_new("", 0);
|
1195
1132
|
ossl_asn1_set_tag(self, tag);
|
1196
1133
|
ossl_asn1_set_value(self, value);
|
@@ -1264,8 +1201,8 @@ ossl_asn1cons_to_der(VALUE self)
|
|
1264
1201
|
if (inf_length == Qtrue) {
|
1265
1202
|
VALUE ary, example;
|
1266
1203
|
constructed = 2;
|
1267
|
-
if (
|
1268
|
-
|
1204
|
+
if (rb_obj_class(self) == cASN1Sequence ||
|
1205
|
+
rb_obj_class(self) == cASN1Set) {
|
1269
1206
|
tag = ossl_asn1_default_tag(self);
|
1270
1207
|
}
|
1271
1208
|
else { /* must be a constructive encoding of a primitive value */
|
@@ -1294,7 +1231,7 @@ ossl_asn1cons_to_der(VALUE self)
|
|
1294
1231
|
}
|
1295
1232
|
}
|
1296
1233
|
else {
|
1297
|
-
if (
|
1234
|
+
if (rb_obj_class(self) == cASN1Constructive)
|
1298
1235
|
ossl_raise(eASN1Error, "Constructive shall only be used with infinite length");
|
1299
1236
|
tag = ossl_asn1_default_tag(self);
|
1300
1237
|
}
|
@@ -1348,7 +1285,8 @@ ossl_asn1cons_to_der(VALUE self)
|
|
1348
1285
|
static VALUE
|
1349
1286
|
ossl_asn1cons_each(VALUE self)
|
1350
1287
|
{
|
1351
|
-
|
1288
|
+
rb_funcall(ossl_asn1_get_value(self), id_each, 0);
|
1289
|
+
|
1352
1290
|
return self;
|
1353
1291
|
}
|
1354
1292
|
|
@@ -1476,12 +1414,12 @@ Init_ossl_asn1(void)
|
|
1476
1414
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
1477
1415
|
#endif
|
1478
1416
|
|
1479
|
-
|
1480
|
-
|
1481
|
-
|
1482
|
-
|
1483
|
-
|
1484
|
-
|
1417
|
+
sym_UNIVERSAL = ID2SYM(rb_intern_const("UNIVERSAL"));
|
1418
|
+
sym_CONTEXT_SPECIFIC = ID2SYM(rb_intern_const("CONTEXT_SPECIFIC"));
|
1419
|
+
sym_APPLICATION = ID2SYM(rb_intern_const("APPLICATION"));
|
1420
|
+
sym_PRIVATE = ID2SYM(rb_intern_const("PRIVATE"));
|
1421
|
+
sym_EXPLICIT = ID2SYM(rb_intern_const("EXPLICIT"));
|
1422
|
+
sym_IMPLICIT = ID2SYM(rb_intern_const("IMPLICIT"));
|
1485
1423
|
|
1486
1424
|
sivVALUE = rb_intern("@value");
|
1487
1425
|
sivTAG = rb_intern("@tag");
|
@@ -1989,4 +1927,6 @@ do{\
|
|
1989
1927
|
rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
|
1990
1928
|
rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
|
1991
1929
|
rb_global_variable(&class_tag_map);
|
1930
|
+
|
1931
|
+
id_each = rb_intern_const("each");
|
1992
1932
|
}
|