openssl 2.0.9 → 2.1.0.beta1

data/ext/openssl/ossl_pkcs12.c

@@ -17,11 +17,6 @@
     if(!(p12)) ossl_raise(rb_eRuntimeError, "PKCS12 wasn't initialized."); \
 } while (0)
 
-#define SafeGetPKCS12(obj, p12) do { \
-    OSSL_Check_Kind((obj), cPKCS12); \
-    GetPKCS12((obj), (p12)); \
-} while (0)
-
 #define ossl_pkcs12_set_key(o,v)      rb_iv_set((o), "@key", (v))
 #define ossl_pkcs12_set_cert(o,v)     rb_iv_set((o), "@certificate", (v))
 #define ossl_pkcs12_set_ca_certs(o,v) rb_iv_set((o), "@ca_certs", (v))
@@ -72,7 +67,7 @@ ossl_pkcs12_initialize_copy(VALUE self, VALUE other)
 
     rb_check_frozen(self);
     GetPKCS12(self, p12_old);
-    SafeGetPKCS12(other, p12);
+    GetPKCS12(other, p12);
 
     p12_new = ASN1_dup((i2d_of_void *)i2d_PKCS12, (d2i_of_void *)d2i_PKCS12, (char *)p12);
     if (!p12_new)
@@ -89,20 +84,20 @@ ossl_pkcs12_initialize_copy(VALUE self, VALUE other)
  *    PKCS12.create(pass, name, key, cert [, ca, [, key_pbe [, cert_pbe [, key_iter [, mac_iter [, keytype]]]]]])
  *
  * === Parameters
- * * +pass+ - string
- * * +name+ - A string describing the key.
- * * +key+ - Any PKey.
- * * +cert+ - A X509::Certificate.
+ * * _pass_ - string
+ * * _name_ - A string describing the key.
+ * * _key_ - Any PKey.
+ * * _cert_ - A X509::Certificate.
  *   * The public_key portion of the certificate must contain a valid public key.
  *   * The not_before and not_after fields must be filled in.
- * * +ca+ - An optional array of X509::Certificate's.
- * * +key_pbe+ - string
- * * +cert_pbe+ - string
- * * +key_iter+ - integer
- * * +mac_iter+ - integer
- * * +keytype+ - An integer representing an MSIE specific extension.
+ * * _ca_ - An optional array of X509::Certificate's.
+ * * _key_pbe_ - string
+ * * _cert_pbe_ - string
+ * * _key_iter_ - integer
+ * * _mac_iter_ - integer
+ * * _keytype_ - An integer representing an MSIE specific extension.
  *
- * Any optional arguments may be supplied as nil to preserve the OpenSSL defaults.
+ * Any optional arguments may be supplied as +nil+ to preserve the OpenSSL defaults.
  *
  * See the OpenSSL documentation for PKCS12_create().
  */
@@ -161,8 +156,8 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
  *    PKCS12.new(str, pass) -> pkcs12
  *
  * === Parameters
- * * +str+ - Must be a DER encoded PKCS12 string.
- * * +pass+ - string
+ * * _str_ - Must be a DER encoded PKCS12 string.
+ * * _pass_ - string
  */
 static VALUE
 ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
@@ -237,7 +232,6 @@ ossl_pkcs12_to_der(VALUE self)
 void
 Init_ossl_pkcs12(void)
 {
-#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -253,7 +247,7 @@ Init_ossl_pkcs12(void)
     rb_define_singleton_method(cPKCS12, "create", ossl_pkcs12_s_create, -1);
 
     rb_define_alloc_func(cPKCS12, ossl_pkcs12_s_allocate);
-    rb_define_copy_func(cPKCS12, ossl_pkcs12_initialize_copy);
+    rb_define_method(cPKCS12, "initialize_copy", ossl_pkcs12_initialize_copy, 1);
     rb_attr(cPKCS12, rb_intern("key"), 1, 0, Qfalse);
     rb_attr(cPKCS12, rb_intern("certificate"), 1, 0, Qfalse);
     rb_attr(cPKCS12, rb_intern("ca_certs"), 1, 0, Qfalse);

data/ext/openssl/ossl_pkcs7.c

@@ -23,10 +23,6 @@
 	ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
     } \
 } while (0)
-#define SafeGetPKCS7(obj, pkcs7) do { \
-    OSSL_Check_Kind((obj), cPKCS7); \
-    GetPKCS7((obj), (pkcs7)); \
-} while (0)
 
 #define NewPKCS7si(klass) \
     TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0)
@@ -42,10 +38,6 @@
 	ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \
     } \
 } while (0)
-#define SafeGetPKCS7si(obj, p7si) do { \
-    OSSL_Check_Kind((obj), cPKCS7Signer); \
-    GetPKCS7si((obj), (p7si)); \
-} while (0)
 
 #define NewPKCS7ri(klass) \
     TypedData_Wrap_Struct((klass), &ossl_pkcs7_recip_info_type, 0)
@@ -61,10 +53,6 @@
 	ossl_raise(rb_eRuntimeError, "PKCS7ri wasn't initialized."); \
     } \
 } while (0)
-#define SafeGetPKCS7ri(obj, p7ri) do { \
-    OSSL_Check_Kind((obj), cPKCS7Recipient); \
-    GetPKCS7ri((obj), (p7ri)); \
-} while (0)
 
 #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0]))
 
@@ -162,7 +150,7 @@ DupPKCS7SignerPtr(VALUE obj)
 {
     PKCS7_SIGNER_INFO *p7si, *pkcs7;
 
-    SafeGetPKCS7si(obj, p7si);
+    GetPKCS7si(obj, p7si);
     if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
 	ossl_raise(ePKCS7Error, NULL);
     }
@@ -189,7 +177,7 @@ DupPKCS7RecipientPtr(VALUE obj)
 {
     PKCS7_RECIP_INFO *p7ri, *pkcs7;
 
-    SafeGetPKCS7ri(obj, p7ri);
+    GetPKCS7ri(obj, p7ri);
     if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
 	ossl_raise(ePKCS7Error, NULL);
     }
@@ -238,7 +226,7 @@ ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass)
     rb_scan_args(argc, argv, "12", &pkcs7, &data, &flags);
     flg = NIL_P(flags) ? 0 : NUM2INT(flags);
     if(NIL_P(data)) data = ossl_pkcs7_get_data(pkcs7);
-    SafeGetPKCS7(pkcs7, p7);
+    GetPKCS7(pkcs7, p7);
     if(!NIL_P(data) && PKCS7_is_detached(p7))
 	flg |= PKCS7_DETACHED;
     in = NIL_P(data) ? NULL : ossl_obj2bio(&data);
@@ -331,7 +319,7 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
 #endif
 
     }
-    else ciph = GetCipherPtr(cipher); /* NO NEED TO DUP */
+    else ciph = ossl_evp_get_cipherbyname(cipher);
     flg = NIL_P(flags) ? 0 : NUM2INT(flags);
     ret = NewPKCS7(cPKCS7);
     in = ossl_obj2bio(&data);
@@ -414,7 +402,7 @@ ossl_pkcs7_copy(VALUE self, VALUE other)
     if (self == other) return self;
 
     GetPKCS7(self, a);
-    SafeGetPKCS7(other, b);
+    GetPKCS7(other, b);
 
     pkcs7 = PKCS7_dup(b);
     if (!pkcs7) {
@@ -537,7 +525,7 @@ ossl_pkcs7_set_cipher(VALUE self, VALUE cipher)
     PKCS7 *pkcs7;
 
     GetPKCS7(self, pkcs7);
-    if (!PKCS7_set_cipher(pkcs7, GetCipherPtr(cipher))) {
+    if (!PKCS7_set_cipher(pkcs7, ossl_evp_get_cipherbyname(cipher))) {
 	ossl_raise(ePKCS7Error, NULL);
     }
 
@@ -933,7 +921,7 @@ ossl_pkcs7si_initialize(VALUE self, VALUE cert, VALUE key, VALUE digest)
 
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
     x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
-    md = GetDigestPtr(digest);
+    md = ossl_evp_get_digestbyname(digest);
     GetPKCS7si(self, p7si);
     if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey, (EVP_MD*)md))) {
 	ossl_raise(ePKCS7Error, NULL);
@@ -1054,7 +1042,6 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
 void
 Init_ossl_pkcs7(void)
 {
-#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -1069,7 +1056,7 @@ Init_ossl_pkcs7(void)
     rb_attr(cPKCS7, rb_intern("data"), 1, 0, Qfalse);
     rb_attr(cPKCS7, rb_intern("error_string"), 1, 1, Qfalse);
     rb_define_alloc_func(cPKCS7, ossl_pkcs7_alloc);
-    rb_define_copy_func(cPKCS7, ossl_pkcs7_copy);
+    rb_define_method(cPKCS7, "initialize_copy", ossl_pkcs7_copy, 1);
     rb_define_method(cPKCS7, "initialize", ossl_pkcs7_initialize, -1);
     rb_define_method(cPKCS7, "type=", ossl_pkcs7_set_type, 1);
     rb_define_method(cPKCS7, "type", ossl_pkcs7_get_type, 0);

data/ext/openssl/ossl_pkey.c

@@ -20,21 +20,6 @@ static ID id_private_q;
 /*
  * callback for generating keys
  */
-static VALUE
-call_check_ints0(VALUE arg)
-{
-    rb_thread_check_ints();
-    return Qnil;
-}
-
-static void *
-call_check_ints(void *arg)
-{
-    int state;
-    rb_protect(call_check_ints0, Qnil, &state);
-    return (void *)(VALUE)state;
-}
-
 int
 ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
 {
@@ -53,18 +38,11 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
 	*/
 	rb_protect(rb_yield, ary, &state);
 	if (state) {
+	    arg->stop = 1;
 	    arg->state = state;
-	    return 0;
-	}
-    }
-    if (arg->interrupted) {
-	arg->interrupted = 0;
-	state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
-	if (state) {
-	    arg->state = state;
-	    return 0;
 	}
     }
+    if (arg->stop) return 0;
     return 1;
 }
 
@@ -72,7 +50,7 @@ void
 ossl_generate_cb_stop(void *ptr)
 {
     struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
-    arg->interrupted = 1;
+    arg->stop = 1;
 }
 
 static void
@@ -114,7 +92,7 @@ pkey_new0(EVP_PKEY *pkey)
     case EVP_PKEY_DH:
 	return ossl_dh_new(pkey);
 #endif
-#if !defined(OPENSSL_NO_EC) && (OPENSSL_VERSION_NUMBER >= 0x0090802fL)
+#if !defined(OPENSSL_NO_EC)
     case EVP_PKEY_EC:
 	return ossl_ec_new(pkey);
 #endif
@@ -145,15 +123,15 @@ ossl_pkey_new(EVP_PKEY *pkey)
  *     OpenSSL::PKey.read(string [, pwd ]) -> PKey
  *     OpenSSL::PKey.read(io [, pwd ]) -> PKey
  *
- * Reads a DER or PEM encoded string from +string+ or +io+ and returns an
+ * Reads a DER or PEM encoded string from _string_ or _io_ and returns an
  * instance of the appropriate PKey class.
  *
  * === Parameters
- * * +string+ is a DER- or PEM-encoded string containing an arbitrary private
+ * * _string+ is a DER- or PEM-encoded string containing an arbitrary private
  *   or public key.
- * * +io+ is an instance of +IO+ containing a DER- or PEM-encoded
+ * * _io_ is an instance of IO containing a DER- or PEM-encoded
  *   arbitrary private or public key.
- * * +pwd+ is an optional password in case +string+ or +file+ is an encrypted
+ * * _pwd_ is an optional password in case _string_ or _io_ is an encrypted
  *   PEM resource.
  */
 static VALUE
@@ -185,8 +163,8 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
     return ossl_pkey_new(pkey);
 }
 
-void
-ossl_pkey_check_public_key(const EVP_PKEY *pkey)
+static void
+pkey_check_public_key(EVP_PKEY *pkey)
 {
     void *ptr;
     const BIGNUM *n, *e, *pubkey;
@@ -194,8 +172,7 @@ ossl_pkey_check_public_key(const EVP_PKEY *pkey)
     if (EVP_PKEY_missing_parameters(pkey))
 	ossl_raise(ePKeyError, "parameters missing");
 
-    /* OpenSSL < 1.1.0 takes non-const pointer */
-    ptr = EVP_PKEY_get0((EVP_PKEY *)pkey);
+    ptr = EVP_PKEY_get0(pkey);
     switch (EVP_PKEY_base_id(pkey)) {
       case EVP_PKEY_RSA:
 	RSA_get0_key(ptr, &n, &e, NULL);
@@ -230,7 +207,7 @@ GetPKeyPtr(VALUE obj)
 {
     EVP_PKEY *pkey;
 
-    SafeGetPKey(obj, pkey);
+    GetPKey(obj, pkey);
 
     return pkey;
 }
@@ -243,7 +220,7 @@ GetPrivPKeyPtr(VALUE obj)
     if (rb_funcallv(obj, id_private_q, 0, NULL) != Qtrue) {
 	ossl_raise(rb_eArgError, "Private key is needed.");
     }
-    SafeGetPKey(obj, pkey);
+    GetPKey(obj, pkey);
 
     return pkey;
 }
@@ -253,7 +230,7 @@ DupPKeyPtr(VALUE obj)
 {
     EVP_PKEY *pkey;
 
-    SafeGetPKey(obj, pkey);
+    GetPKey(obj, pkey);
     EVP_PKEY_up_ref(pkey);
 
     return pkey;
@@ -282,7 +259,7 @@ ossl_pkey_alloc(VALUE klass)
  *      PKeyClass.new -> self
  *
  * Because PKey is an abstract class, actually calling this method explicitly
- * will raise a +NotImplementedError+.
+ * will raise a NotImplementedError.
  */
 static VALUE
 ossl_pkey_initialize(VALUE self)
@@ -297,10 +274,10 @@ ossl_pkey_initialize(VALUE self)
  *  call-seq:
  *      pkey.sign(digest, data) -> String
  *
- * To sign the +String+ +data+, +digest+, an instance of OpenSSL::Digest, must
- * be provided. The return value is again a +String+ containing the signature.
+ * To sign the String _data_, _digest_, an instance of OpenSSL::Digest, must
+ * be provided. The return value is again a String containing the signature.
  * A PKeyError is raised should errors occur.
- * Any previous state of the +Digest+ instance is irrelevant to the signature
+ * Any previous state of the Digest instance is irrelevant to the signature
  * outcome, the digest instance is reset to its initial state during the
  * operation.
  *
@@ -321,7 +298,7 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
     int result;
 
     pkey = GetPrivPKeyPtr(self);
-    md = GetDigestPtr(digest);
+    md = ossl_evp_get_digestbyname(digest);
     StringValue(data);
     str = rb_str_new(0, EVP_PKEY_size(pkey));
 
@@ -349,12 +326,12 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
  *  call-seq:
  *      pkey.verify(digest, signature, data) -> String
  *
- * To verify the +String+ +signature+, +digest+, an instance of
+ * To verify the String _signature_, _digest_, an instance of
  * OpenSSL::Digest, must be provided to re-compute the message digest of the
- * original +data+, also a +String+. The return value is +true+ if the
+ * original _data_, also a String. The return value is +true+ if the
  * signature is valid, +false+ otherwise. A PKeyError is raised should errors
  * occur.
- * Any previous state of the +Digest+ instance is irrelevant to the validation
+ * Any previous state of the Digest instance is irrelevant to the validation
  * outcome, the digest instance is reset to its initial state during the
  * operation.
  *
@@ -375,8 +352,8 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
     int siglen, result;
 
     GetPKey(self, pkey);
-    ossl_pkey_check_public_key(pkey);
-    md = GetDigestPtr(digest);
+    pkey_check_public_key(pkey);
+    md = ossl_evp_get_digestbyname(digest);
     StringValue(sig);
     siglen = RSTRING_LENINT(sig);
     StringValue(data);
@@ -411,7 +388,6 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
 void
 Init_ossl_pkey(void)
 {
-#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);

data/ext/openssl/ossl_pkey.h

@@ -34,21 +34,16 @@ extern const rb_data_type_t ossl_evp_pkey_type;
 	rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\
     } \
 } while (0)
-#define SafeGetPKey(obj, pkey) do { \
-    OSSL_Check_Kind((obj), cPKey); \
-    GetPKey((obj), (pkey)); \
-} while (0)
 
 struct ossl_generate_cb_arg {
     int yield;
-    int interrupted;
+    int stop;
     int state;
 };
 int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
 void ossl_generate_cb_stop(void *ptr);
 
 VALUE ossl_pkey_new(EVP_PKEY *);
-void ossl_pkey_check_public_key(const EVP_PKEY *);
 EVP_PKEY *GetPKeyPtr(VALUE);
 EVP_PKEY *DupPKeyPtr(VALUE);
 EVP_PKEY *GetPrivPKeyPtr(VALUE);

data/ext/openssl/ossl_pkey_dh.c

@@ -150,8 +150,8 @@ dh_generate(int size, int gen)
  * components alike.
  *
  * === Parameters
- * * +size+ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
- * * +generator+ is a small number > 1, typically 2 or 5.
+ * * _size_ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
+ * * _generator_ is a small number > 1, typically 2 or 5.
  *
  */
 static VALUE
@@ -181,15 +181,15 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass)
  *   DH.new(size [, generator]) -> dh
  *
  * Either generates a DH instance from scratch or by reading already existing
- * DH parameters from +string+. Note that when reading a DH instance from
+ * DH parameters from _string_. Note that when reading a DH instance from
  * data that was encoded from a DH instance by using DH#to_pem or DH#to_der
  * the result will *not* contain a public/private key pair yet. This needs to
  * be generated using DH#generate_key! first.
  *
  * === Parameters
- * * +size+ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
- * * +generator+ is a small number > 1, typically 2 or 5.
- * * +string+ contains the DER or PEM encoded key.
+ * * _size_ is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
+ * * _generator_ is a small number > 1, typically 2 or 5.
+ * * _string_ contains the DER or PEM encoded key.
  *
  * === Examples
  *  DH.new # -> dh
@@ -436,7 +436,7 @@ ossl_dh_to_text(VALUE self)
  *     dh.public_key -> aDH
  *
  * Returns a new DH instance that carries just the public information, i.e.
- * the prime +p+ and the generator +g+, but no public/private key yet. Such
+ * the prime _p_ and the generator _g_, but no public/private key yet. Such
  * a pair may be generated using DH#generate_key!. The "public key" needed
  * for a key exchange with DH#compute_key is considered as per-session
  * information and may be retrieved with DH#pub_key once a key pair has
@@ -526,7 +526,7 @@ ossl_dh_generate_key(VALUE self)
  * See DH_compute_key() for further information.
  *
  * === Parameters
- * * +pub_bn+ is a OpenSSL::BN, *not* the DH instance returned by
+ * * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by
  *   DH#public_key as that contains the DH parameters only.
  */
 static VALUE
@@ -557,7 +557,7 @@ ossl_dh_compute_key(VALUE self, VALUE pub)
  * call-seq:
  *   dh.set_pqg(p, q, g) -> self
  *
- * Sets +p+, +q+, +g+ for the DH instance.
+ * Sets _p_, _q_, _g_ to the DH instance.
  */
 OSSL_PKEY_BN_DEF3(dh, DH, pqg, p, q, g)
 /*
@@ -565,7 +565,7 @@ OSSL_PKEY_BN_DEF3(dh, DH, pqg, p, q, g)
  * call-seq:
  *   dh.set_key(pub_key, priv_key) -> self
  *
- * Sets +pub_key+ and +priv_key+ for the DH instance. +priv_key+ may be nil.
+ * Sets _pub_key_ and _priv_key_ for the DH instance. _priv_key_ may be +nil+.
  */
 OSSL_PKEY_BN_DEF2(dh, DH, key, pub_key, priv_key)
 
@@ -618,7 +618,7 @@ Init_ossl_dh(void)
     cDH = rb_define_class_under(mPKey, "DH", cPKey);
     rb_define_singleton_method(cDH, "generate", ossl_dh_s_generate, -1);
     rb_define_method(cDH, "initialize", ossl_dh_initialize, -1);
-    rb_define_copy_func(cDH, ossl_dh_initialize_copy);
+    rb_define_method(cDH, "initialize_copy", ossl_dh_initialize_copy, 1);
     rb_define_method(cDH, "public?", ossl_dh_is_public, 0);
     rb_define_method(cDH, "private?", ossl_dh_is_private, 0);
     rb_define_method(cDH, "to_text", ossl_dh_to_text, 0);