openssl 2.0.9 → 2.1.0.beta1

data/ext/openssl/ossl_x509revoked.c

@@ -23,10 +23,6 @@
 	ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
     } \
 } while (0)
-#define SafeGetX509Rev(obj, rev) do { \
-    OSSL_Check_Kind((obj), cX509Rev); \
-    GetX509Rev((obj), (rev)); \
-} while (0)
 
 /*
  * Classes
@@ -76,7 +72,7 @@ DupX509RevokedPtr(VALUE obj)
 {
     X509_REVOKED *rev, *new;
 
-    SafeGetX509Rev(obj, rev);
+    GetX509Rev(obj, rev);
     if (!(new = X509_REVOKED_dup(rev))) {
 	ossl_raise(eX509RevError, NULL);
     }
@@ -116,7 +112,7 @@ ossl_x509revoked_initialize_copy(VALUE self, VALUE other)
 
     rb_check_frozen(self);
     GetX509Rev(self, rev);
-    SafeGetX509Rev(other, rev_other);
+    GetX509Rev(other, rev_other);
 
     rev_new = X509_REVOKED_dup(rev_other);
     if (!rev_new)
@@ -159,10 +155,14 @@ static VALUE
 ossl_x509revoked_get_time(VALUE self)
 {
     X509_REVOKED *rev;
+    const ASN1_TIME *time;
 
     GetX509Rev(self, rev);
+    time = X509_REVOKED_get0_revocationDate(rev);
+    if (!time)
+	return Qnil;
 
-    return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev));
+    return asn1time_to_time(time);
 }
 
 static VALUE
@@ -267,7 +267,7 @@ Init_ossl_x509revoked(void)
 
     rb_define_alloc_func(cX509Rev, ossl_x509revoked_alloc);
     rb_define_method(cX509Rev, "initialize", ossl_x509revoked_initialize, -1);
-    rb_define_copy_func(cX509Rev, ossl_x509revoked_initialize_copy);
+    rb_define_method(cX509Rev, "initialize_copy", ossl_x509revoked_initialize_copy, 1);
 
     rb_define_method(cX509Rev, "serial", ossl_x509revoked_get_serial, 0);
     rb_define_method(cX509Rev, "serial=", ossl_x509revoked_set_serial, 1);

data/ext/openssl/ossl_x509store.c

@@ -23,10 +23,6 @@
 	ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
     } \
 } while (0)
-#define SafeGetX509Store(obj, st) do { \
-    OSSL_Check_Kind((obj), cX509Store); \
-    GetX509Store((obj), (st)); \
-} while (0)
 
 #define NewX509StCtx(klass) \
     TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
@@ -42,10 +38,6 @@
 	ossl_raise(rb_eRuntimeError, "STORE_CTX is out of scope!"); \
     } \
 } while (0)
-#define SafeGetX509StCtx(obj, storep) do { \
-    OSSL_Check_Kind((obj), cX509StoreContext); \
-    GetX509Store((obj), (ctx)); \
-} while (0)
 
 /*
  * Verify callback stuff
@@ -130,34 +122,12 @@ static const rb_data_type_t ossl_x509store_type = {
 /*
  * Public functions
  */
-VALUE
-ossl_x509store_new(X509_STORE *store)
-{
-    VALUE obj;
-
-    obj = NewX509Store(cX509Store);
-    SetX509Store(obj, store);
-
-    return obj;
-}
-
 X509_STORE *
 GetX509StorePtr(VALUE obj)
 {
     X509_STORE *store;
 
-    SafeGetX509Store(obj, store);
-
-    return store;
-}
-
-X509_STORE *
-DupX509StorePtr(VALUE obj)
-{
-    X509_STORE *store;
-
-    SafeGetX509Store(obj, store);
-    X509_STORE_up_ref(store);
+    GetX509Store(obj, store);
 
     return store;
 }
@@ -242,9 +212,9 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
 
 /*
  * call-seq:
- *   store.flags = flag
+ *   store.flags = flags
  *
- * Sets +flag+ to the Store. +flag+ consists of zero or more of the constants
+ * Sets _flags_ to the Store. _flags_ consists of zero or more of the constants
  * defined in with name V_FLAG_* or'ed together.
  */
 static VALUE
@@ -263,7 +233,7 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
  * call-seq:
  *   store.purpose = purpose
  *
- * Sets the store's purpose to +purpose+. If specified, the verifications on
+ * Sets the store's purpose to _purpose_. If specified, the verifications on
  * the store will check every untrusted certificate's extensions are consistent
  * with the purpose. The purpose is specified by constants:
  *
@@ -322,8 +292,9 @@ ossl_x509store_set_time(VALUE self, VALUE time)
  * call-seq:
  *   store.add_file(file) -> self
  *
- * Adds the certificates in +file+ to the certificate store.  The +file+ can
- * contain multiple PEM-encoded certificates.
+ * Adds the certificates in _file_ to the certificate store. _file_ is the path
+ * to the file, and the file contains one or more certificates in PEM format
+ * concatenated together.
  */
 static VALUE
 ossl_x509store_add_file(VALUE self, VALUE file)
@@ -359,7 +330,7 @@ ossl_x509store_add_file(VALUE self, VALUE file)
  * call-seq:
  *   store.add_path(path) -> self
  *
- * Adds +path+ as the hash dir to be looked up by the store.
+ * Adds _path_ as the hash dir to be looked up by the store.
  */
 static VALUE
 ossl_x509store_add_path(VALUE self, VALUE dir)
@@ -386,7 +357,7 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
  * call-seq:
  *   store.set_default_paths
  *
- * Configures +store+ to look up CA certificates from the system default
+ * Configures _store_ to look up CA certificates from the system default
  * certificate store as needed basis. The location of the store can usually be
  * determined by:
  *
@@ -410,7 +381,7 @@ ossl_x509store_set_default_paths(VALUE self)
  * call-seq:
  *   store.add_cert(cert)
  *
- * Adds the OpenSSL::X509::Certificate +cert+ to the certificate store.
+ * Adds the OpenSSL::X509::Certificate _cert_ to the certificate store.
  */
 static VALUE
 ossl_x509store_add_cert(VALUE self, VALUE arg)
@@ -431,7 +402,7 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
  * call-seq:
  *   store.add_crl(crl) -> self
  *
- * Adds the OpenSSL::X509::CRL +crl+ to the store.
+ * Adds the OpenSSL::X509::CRL _crl_ to the store.
  */
 static VALUE
 ossl_x509store_add_crl(VALUE self, VALUE arg)
@@ -456,15 +427,15 @@ static VALUE ossl_x509stctx_get_chain(VALUE);
  * call-seq:
  *   store.verify(cert, chain = nil) -> true | false
  *
- * Performs a certificate verification on the OpenSSL::X509::Certificate +cert+.
+ * Performs a certificate verification on the OpenSSL::X509::Certificate _cert_.
  *
- * +chain+ can be an array of OpenSSL::X509::Certificate that is used to
+ * _chain_ can be an array of OpenSSL::X509::Certificate that is used to
  * construct the certificate chain.
  *
  * If a block is given, it overrides the callback set by #verify_callback=.
  *
  * After finishing the verification, the error information can be retrieved by
- * #error, #error_string, and the resuting complete certificate chain can be
+ * #error, #error_string, and the resulting complete certificate chain can be
  * retrieved by #chain.
  */
 static VALUE
@@ -561,7 +532,7 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
 
     rb_scan_args(argc, argv, "12", &store, &cert, &chain);
     GetX509StCtx(self, ctx);
-    SafeGetX509Store(store, x509st);
+    GetX509Store(store, x509st);
     if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
     if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
     if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
@@ -800,7 +771,6 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
 void
 Init_ossl_x509store(void)
 {
-#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);

data/ext/openssl/ruby_missing.h

@@ -10,20 +10,9 @@
 #if !defined(_OSSL_RUBY_MISSING_H_)
 #define _OSSL_RUBY_MISSING_H_
 
-#define rb_define_copy_func(klass, func) \
-	rb_define_method((klass), "initialize_copy", (func), 1)
-
-#define FPTR_TO_FD(fptr) ((fptr)->fd)
-
-/* Ruby 2.4 */
 #ifndef RB_INTEGER_TYPE_P
-# define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
-#endif
-
-/* Ruby 2.5 */
-#ifndef ST2FIX
-# define RB_ST2FIX(h) LONG2FIX((long)(h))
-# define ST2FIX(h) RB_ST2FIX(h)
+/* for Ruby 2.3 compatibility */
+#define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
 #endif
 
 #endif /* _OSSL_RUBY_MISSING_H_ */

data/lib/openssl.rb

@@ -19,3 +19,4 @@ require 'openssl/config'
 require 'openssl/digest'
 require 'openssl/x509'
 require 'openssl/ssl'
+require 'openssl/pkcs5'

data/lib/openssl/bn.rb

@@ -27,8 +27,9 @@ module OpenSSL
 end # OpenSSL
 
 ##
+#--
 # Add double dispatch to Integer
-#
+#++
 class Integer
   # Casts an Integer as an OpenSSL::BN
   #

data/lib/openssl/buffering.rb

@@ -63,7 +63,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Consumes +size+ bytes from the buffer
+  # Consumes _size_ bytes from the buffer
 
   def consume_rbuff(size=nil)
     if @rbuffer.empty?
@@ -79,7 +79,7 @@ module OpenSSL::Buffering
   public
 
   ##
-  # Reads +size+ bytes from the stream.  If +buf+ is provided it must
+  # Reads _size_ bytes from the stream.  If _buf_ is provided it must
   # reference a string which will receive the data.
   #
   # See IO#read for full details.
@@ -106,7 +106,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads at most +maxlen+ bytes from the stream.  If +buf+ is provided it
+  # Reads at most _maxlen_ bytes from the stream.  If _buf_ is provided it
   # must reference a string which will receive the data.
   #
   # See IO#readpartial for full details.
@@ -136,7 +136,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads at most +maxlen+ bytes in the non-blocking manner.
+  # Reads at most _maxlen_ bytes in the non-blocking manner.
   #
   # When no data can be read without blocking it raises
   # OpenSSL::SSL::SSLError extended by IO::WaitReadable or IO::WaitWritable.
@@ -164,9 +164,10 @@ module OpenSSL::Buffering
   # when the peer requests a new TLS/SSL handshake.  See openssl the FAQ for
   # more details.  http://www.openssl.org/support/faq.html
   #
-  # By specifying `exception: false`, the options hash allows you to indicate
+  # By specifying a keyword argument _exception_ to +false+, you can indicate
   # that read_nonblock should not raise an IO::Wait*able exception, but
-  # return the symbol :wait_writable or :wait_readable instead.
+  # return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
+  # it will return +nil+ instead of raising EOFError.
 
   def read_nonblock(maxlen, buf=nil, exception: true)
     if maxlen == 0
@@ -189,11 +190,11 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads the next "line" from the stream.  Lines are separated by +eol+.  If
-  # +limit+ is provided the result will not be longer than the given number of
+  # Reads the next "line" from the stream.  Lines are separated by _eol_.  If
+  # _limit_ is provided the result will not be longer than the given number of
   # bytes.
   #
-  # +eol+ may be a String or Regexp.
+  # _eol_ may be a String or Regexp.
   #
   # Unlike IO#gets the line read will not be assigned to +$_+.
   #
@@ -219,7 +220,7 @@ module OpenSSL::Buffering
 
   ##
   # Executes the block for every line in the stream where lines are separated
-  # by +eol+.
+  # by _eol_.
   #
   # See also #gets
 
@@ -231,7 +232,7 @@ module OpenSSL::Buffering
   alias each_line each
 
   ##
-  # Reads lines from the stream which are separated by +eol+.
+  # Reads lines from the stream which are separated by _eol_.
   #
   # See also #gets
 
@@ -244,7 +245,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Reads a line from the stream which is separated by +eol+.
+  # Reads a line from the stream which is separated by _eol_.
   #
   # Raises EOFError if at end of file.
 
@@ -280,7 +281,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Pushes character +c+ back onto the stream such that a subsequent buffered
+  # Pushes character _c_ back onto the stream such that a subsequent buffered
   # character read will return it.
   #
   # Unlike IO#getc multiple bytes may be pushed back onto the stream.
@@ -307,7 +308,7 @@ module OpenSSL::Buffering
   private
 
   ##
-  # Writes +s+ to the buffer.  When the buffer is full or #sync is true the
+  # Writes _s_ to the buffer.  When the buffer is full or #sync is true the
   # buffer is flushed to the underlying socket.
 
   def do_write(s)
@@ -335,8 +336,8 @@ module OpenSSL::Buffering
   public
 
   ##
-  # Writes +s+ to the stream.  If the argument is not a string it will be
-  # converted using String#to_s.  Returns the number of bytes written.
+  # Writes _s_ to the stream.  If the argument is not a String it will be
+  # converted using +.to_s+ method.  Returns the number of bytes written.
 
   def write(s)
     do_write(s)
@@ -344,7 +345,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Writes +s+ in the non-blocking manner.
+  # Writes _s_ in the non-blocking manner.
   #
   # If there is buffered data, it is flushed first.  This may block.
   #
@@ -376,9 +377,9 @@ module OpenSSL::Buffering
   # is when the peer requests a new TLS/SSL handshake.  See the openssl FAQ
   # for more details.  http://www.openssl.org/support/faq.html
   #
-  # By specifying `exception: false`, the options hash allows you to indicate
+  # By specifying a keyword argument _exception_ to +false+, you can indicate
   # that write_nonblock should not raise an IO::Wait*able exception, but
-  # return the symbol :wait_writable or :wait_readable instead.
+  # return the symbol +:wait_writable+ or +:wait_readable+ instead.
 
   def write_nonblock(s, exception: true)
     flush
@@ -386,8 +387,8 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Writes +s+ to the stream.  +s+ will be converted to a String using
-  # String#to_s.
+  # Writes _s_ to the stream.  _s_ will be converted to a String using
+  # +.to_s+ method.
 
   def <<(s)
     do_write(s)
@@ -395,7 +396,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Writes +args+ to the stream along with a record separator.
+  # Writes _args_ to the stream along with a record separator.
   #
   # See IO#puts for full details.
 
@@ -415,7 +416,7 @@ module OpenSSL::Buffering
   end
 
   ##
-  # Writes +args+ to the stream.
+  # Writes _args_ to the stream.
   #
   # See IO#print for full details.
 

data/lib/openssl/config.rb

@@ -30,7 +30,8 @@ module OpenSSL
     class << self
 
       ##
-      # Parses a given +string+ as a blob that contains configuration for openssl.
+      # Parses a given _string_ as a blob that contains configuration for
+      # OpenSSL.
       #
       # If the source of the IO is a file, then consider using #parse_config.
       def parse(string)
@@ -46,7 +47,7 @@ module OpenSSL
       alias load new
 
       ##
-      # Parses the configuration data read from +io+, see also #parse.
+      # Parses the configuration data read from _io_, see also #parse.
       #
       # Raises a ConfigError on invalid configuration data.
       def parse_config(io)
@@ -236,7 +237,7 @@ module OpenSSL
     #
     # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
     #
-    # If the optional +filename+ parameter is provided, then it is read in and
+    # If the optional _filename_ parameter is provided, then it is read in and
     # parsed via #parse_config.
     #
     # This can raise IO exceptions based on the access, or availability of the
@@ -255,7 +256,7 @@ module OpenSSL
     end
 
     ##
-    # Gets the value of +key+ from the given +section+
+    # Gets the value of _key_ from the given _section_
     #
     # Given the following configurating file being loaded:
     #
@@ -265,8 +266,8 @@ module OpenSSL
     #     #=> [ default ]
     #     #   foo=bar
     #
-    # You can get a specific value from the config if you know the +section+
-    # and +key+ like so:
+    # You can get a specific value from the config if you know the _section_
+    # and _key_ like so:
     #
     #   config.get_value('default','foo')
     #     #=> "bar"
@@ -297,7 +298,7 @@ module OpenSSL
     end
 
     ##
-    # Set the target +key+ with a given +value+ under a specific +section+.
+    # Set the target _key_ with a given _value_ under a specific _section_.
     #
     # Given the following configurating file being loaded:
     #
@@ -307,7 +308,7 @@ module OpenSSL
     #     #=> [ default ]
     #     #   foo=bar
     #
-    # You can set the value of +foo+ under the +default+ section to a new
+    # You can set the value of _foo_ under the _default_ section to a new
     # value:
     #
     #   config.add_value('default', 'foo', 'buzz')
@@ -322,7 +323,7 @@ module OpenSSL
     end
 
     ##
-    # Get a specific +section+ from the current configuration
+    # Get a specific _section_ from the current configuration
     #
     # Given the following configurating file being loaded:
     #
@@ -351,7 +352,7 @@ module OpenSSL
     end
 
     ##
-    # Sets a specific +section+ name with a Hash +pairs+
+    # Sets a specific _section_ name with a Hash _pairs_.
     #
     # Given the following configuration being created:
     #
@@ -365,7 +366,7 @@ module OpenSSL
     #     #   baz=buz
     #
     # It's important to note that this will essentially merge any of the keys
-    # in +pairs+ with the existing +section+. For example:
+    # in _pairs_ with the existing _section_. For example:
     #
     #   config['default']
     #     #=> {"foo"=>"bar", "baz"=>"buz"}