RubyGems - openssl - Versions diffs - 2.0.9 → 2.1.0.beta1 - Mend

openssl 2.0.9 → 2.1.0.beta1

Potentially problematic release.

This version of openssl might be problematic. Click here for more details.

Files changed (60) hide show

checksums.yaml +5 -5
data/History.md +28 -69
data/README.md +1 -1
data/ext/openssl/deprecation.rb +0 -3
data/ext/openssl/extconf.rb +8 -52
data/ext/openssl/openssl_missing.c +0 -67
data/ext/openssl/openssl_missing.h +3 -50
data/ext/openssl/ossl.c +81 -74
data/ext/openssl/ossl.h +14 -27
data/ext/openssl/ossl_asn1.c +287 -374
data/ext/openssl/ossl_asn1.h +0 -4
data/ext/openssl/ossl_bio.c +5 -20
data/ext/openssl/ossl_bio.h +0 -2
data/ext/openssl/ossl_bn.c +70 -28
data/ext/openssl/ossl_cipher.c +18 -42
data/ext/openssl/ossl_cipher.h +1 -1
data/ext/openssl/ossl_digest.c +8 -12
data/ext/openssl/ossl_digest.h +1 -1
data/ext/openssl/ossl_engine.c +47 -47
data/ext/openssl/ossl_hmac.c +19 -22
data/ext/openssl/ossl_kdf.c +221 -0
data/ext/openssl/ossl_kdf.h +6 -0
data/ext/openssl/ossl_ns_spki.c +17 -21
data/ext/openssl/ossl_ocsp.c +85 -80
data/ext/openssl/ossl_pkcs12.c +15 -21
data/ext/openssl/ossl_pkcs7.c +8 -21
data/ext/openssl/ossl_pkey.c +24 -48
data/ext/openssl/ossl_pkey.h +1 -6
data/ext/openssl/ossl_pkey_dh.c +11 -11
data/ext/openssl/ossl_pkey_dsa.c +16 -22
data/ext/openssl/ossl_pkey_ec.c +43 -56
data/ext/openssl/ossl_pkey_rsa.c +19 -19
data/ext/openssl/ossl_rand.c +12 -12
data/ext/openssl/ossl_ssl.c +291 -243
data/ext/openssl/ossl_ssl.h +0 -5
data/ext/openssl/ossl_ssl_session.c +7 -9
data/ext/openssl/ossl_version.h +1 -1
data/ext/openssl/ossl_x509.c +0 -15
data/ext/openssl/ossl_x509.h +0 -7
data/ext/openssl/ossl_x509attr.c +3 -7
data/ext/openssl/ossl_x509cert.c +17 -54
data/ext/openssl/ossl_x509crl.c +15 -25
data/ext/openssl/ossl_x509ext.c +9 -14
data/ext/openssl/ossl_x509name.c +76 -41
data/ext/openssl/ossl_x509req.c +10 -47
data/ext/openssl/ossl_x509revoked.c +8 -8
data/ext/openssl/ossl_x509store.c +15 -45
data/ext/openssl/ruby_missing.h +2 -13
data/lib/openssl.rb +1 -0
data/lib/openssl/bn.rb +2 -1
data/lib/openssl/buffering.rb +24 -23
data/lib/openssl/config.rb +12 -11
data/lib/openssl/digest.rb +3 -6
data/lib/openssl/pkcs5.rb +22 -0
data/lib/openssl/pkey.rb +0 -41
data/lib/openssl/ssl.rb +118 -16
data/lib/openssl/x509.rb +7 -1
metadata +8 -7
data/ext/openssl/ossl_pkcs5.c +0 -180
data/ext/openssl/ossl_pkcs5.h +0 -6

@@ -24,11 +24,6 @@
 	} \
 } while (0)
-#define SafeGetSSLSession(obj, sess) do { \
-	OSSL_Check_Kind((obj), cSSLSession); \
-	GetSSLSession((obj), (sess)); \
-} while (0)
 extern const rb_data_type_t ossl_ssl_type;
 extern const rb_data_type_t ossl_ssl_session_type;
 extern VALUE mSSL;

data/ext/openssl/ossl_ssl_session.c CHANGED

@@ -80,7 +80,7 @@ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
     rb_check_frozen(self);
     sess = RTYPEDDATA_DATA(self); /* XXX */
-    SafeGetSSLSession(other, sess_other);
+    GetSSLSession(other, sess_other);
     sess_new = ASN1_dup((i2d_of_void *)i2d_SSL_SESSION, (d2i_of_void *)d2i_SSL_SESSION,
 			(char *)sess_other);
@@ -93,8 +93,8 @@ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
     return self;
 }
-#if !defined(HAVE_SSL_SESSION_CMP)
-int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
+static int
+ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
 {
     unsigned int a_len;
     const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
@@ -108,23 +108,21 @@ int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
     return CRYPTO_memcmp(a_sid, b_sid, a_len);
 }
-#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b)
-#endif
 /*
  * call-seq:
  *   session1 == session2 -> boolean
  *
- * Returns true if the two Session is the same, false if not.
+ * Returns +true+ if the two Session is the same, +false+ if not.
  */
 static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
 {
 	SSL_SESSION *ctx1, *ctx2;
 	GetSSLSession(val1, ctx1);
-	SafeGetSSLSession(val2, ctx2);
+	GetSSLSession(val2, ctx2);
-	switch (SSL_SESSION_cmp(ctx1, ctx2)) {
+	switch (ossl_SSL_SESSION_cmp(ctx1, ctx2)) {
 	case 0:		return Qtrue;
 	default:	return Qfalse;
 	}
@@ -319,7 +317,7 @@ void Init_ossl_ssl_session(void)
 	rb_define_alloc_func(cSSLSession, ossl_ssl_session_alloc);
 	rb_define_method(cSSLSession, "initialize", ossl_ssl_session_initialize, 1);
-	rb_define_copy_func(cSSLSession, ossl_ssl_session_initialize_copy);
+	rb_define_method(cSSLSession, "initialize_copy", ossl_ssl_session_initialize_copy, 1);
 	rb_define_method(cSSLSession, "==", ossl_ssl_session_eq, 1);

data/ext/openssl/ossl_version.h CHANGED

@@ -10,6 +10,6 @@
 #if !defined(_OSSL_VERSION_H_)
 #define _OSSL_VERSION_H_
-#define OSSL_VERSION "2.0.9"
+#define OSSL_VERSION "2.1.0"
 #endif /* _OSSL_VERSION_H_ */

data/ext/openssl/ossl_x509.c CHANGED

@@ -20,15 +20,10 @@ ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
 {
     time_t sec;
-#if defined(HAVE_ASN1_TIME_ADJ)
     int off_days;
     ossl_time_split(time, &sec, &off_days);
     return X509_time_adj_ex(s, off_days, 0, &sec);
-#else
-    sec = time_to_time_t(time);
-    return X509_time_adj(s, 0, &sec);
-#endif
 }
 void
@@ -112,21 +107,15 @@ Init_ossl_x509(void)
     DefX509Const(V_FLAG_INHIBIT_MAP);
     /* Set by Store#flags= and StoreContext#flags=. */
     DefX509Const(V_FLAG_NOTIFY_POLICY);
-#if defined(X509_V_FLAG_EXTENDED_CRL_SUPPORT)
     /* Set by Store#flags= and StoreContext#flags=. Enables some additional
      * features including support for indirect signed CRLs. */
     DefX509Const(V_FLAG_EXTENDED_CRL_SUPPORT);
-#endif
-#if defined(X509_V_FLAG_USE_DELTAS)
     /* Set by Store#flags= and StoreContext#flags=. Uses delta CRLs. If not
      * specified, deltas are ignored. */
     DefX509Const(V_FLAG_USE_DELTAS);
-#endif
-#if defined(X509_V_FLAG_CHECK_SS_SIGNATURE)
     /* Set by Store#flags= and StoreContext#flags=. Enables checking of the
      * signature of the root self-signed CA. */
     DefX509Const(V_FLAG_CHECK_SS_SIGNATURE);
-#endif
 #if defined(X509_V_FLAG_TRUSTED_FIRST)
     /* Set by Store#flags= and StoreContext#flags=. When constructing a
      * certificate chain, search the Store first for the issuer certificate.
@@ -161,10 +150,8 @@ Init_ossl_x509(void)
     DefX509Const(PURPOSE_ANY);
     /* Set by Store#purpose=. OCSP helper. */
     DefX509Const(PURPOSE_OCSP_HELPER);
-#if defined(X509_PURPOSE_TIMESTAMP_SIGN)
     /* Set by Store#purpose=. Time stamps signer. */
     DefX509Const(PURPOSE_TIMESTAMP_SIGN);
-#endif
     DefX509Const(TRUST_COMPAT);
     DefX509Const(TRUST_SSL_CLIENT);
@@ -173,9 +160,7 @@ Init_ossl_x509(void)
     DefX509Const(TRUST_OBJECT_SIGN);
     DefX509Const(TRUST_OCSP_SIGN);
     DefX509Const(TRUST_OCSP_REQUEST);
-#if defined(X509_TRUST_TSA)
     DefX509Const(TRUST_TSA);
-#endif
     DefX509Default(CERT_AREA, cert_area);
     DefX509Default(CERT_DIR, cert_dir);

data/ext/openssl/ossl_x509.h CHANGED

@@ -41,7 +41,6 @@ extern VALUE cX509Cert;
 extern VALUE eX509CertError;
 VALUE ossl_x509_new(X509 *);
-VALUE ossl_x509_new_from_file(VALUE);
 X509 *GetX509CertPtr(VALUE);
 X509 *DupX509CertPtr(VALUE);
 void Init_ossl_x509cert(void);
@@ -54,7 +53,6 @@ extern VALUE eX509CRLError;
 VALUE ossl_x509crl_new(X509_CRL *);
 X509_CRL *GetX509CRLPtr(VALUE);
-X509_CRL *DupX509CRLPtr(VALUE);
 void Init_ossl_x509crl(void);
 /*
@@ -84,9 +82,7 @@ void Init_ossl_x509name(void);
 extern VALUE cX509Req;
 extern VALUE eX509ReqError;
-VALUE ossl_x509req_new(X509_REQ *);
 X509_REQ *GetX509ReqPtr(VALUE);
-X509_REQ *DupX509ReqPtr(VALUE);
 void Init_ossl_x509req(void);
 /*
@@ -106,11 +102,8 @@ extern VALUE cX509Store;
 extern VALUE cX509StoreContext;
 extern VALUE eX509StoreError;
-VALUE ossl_x509store_new(X509_STORE *);
 X509_STORE *GetX509StorePtr(VALUE);
-X509_STORE *DupX509StorePtr(VALUE);
-X509_STORE_CTX *GetX509StCtxtPtr(VALUE);
 void Init_ossl_x509store(void);
 /*

data/ext/openssl/ossl_x509attr.c CHANGED

@@ -23,10 +23,6 @@
 	ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \
     } \
 } while (0)
-#define SafeGetX509Attr(obj, attr) do { \
-    OSSL_Check_Kind((obj), cX509Attr); \
-    GetX509Attr((obj), (attr)); \
-} while (0)
 /*
  * Classes
@@ -76,7 +72,7 @@ GetX509AttrPtr(VALUE obj)
 {
     X509_ATTRIBUTE *attr;
-    SafeGetX509Attr(obj, attr);
+    GetX509Attr(obj, attr);
     return attr;
 }
@@ -134,7 +130,7 @@ ossl_x509attr_initialize_copy(VALUE self, VALUE other)
     rb_check_frozen(self);
     GetX509Attr(self, attr);
-    SafeGetX509Attr(other, attr_other);
+    GetX509Attr(other, attr_other);
     attr_new = X509_ATTRIBUTE_dup(attr_other);
     if (!attr_new)
@@ -319,7 +315,7 @@ Init_ossl_x509attr(void)
     cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject);
     rb_define_alloc_func(cX509Attr, ossl_x509attr_alloc);
     rb_define_method(cX509Attr, "initialize", ossl_x509attr_initialize, -1);
-    rb_define_copy_func(cX509Attr, ossl_x509attr_initialize_copy);
+    rb_define_method(cX509Attr, "initialize_copy", ossl_x509attr_initialize_copy, 1);
     rb_define_method(cX509Attr, "oid=", ossl_x509attr_set_oid, 1);
     rb_define_method(cX509Attr, "oid", ossl_x509attr_get_oid, 0);
     rb_define_method(cX509Attr, "value=", ossl_x509attr_set_value, 1);

data/ext/openssl/ossl_x509cert.c CHANGED

@@ -23,10 +23,6 @@
 	ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \
     } \
 } while (0)
-#define SafeGetX509(obj, x509) do { \
-    OSSL_Check_Kind((obj), cX509Cert); \
-    GetX509((obj), (x509)); \
-} while (0)
 /*
  * Classes
@@ -71,46 +67,12 @@ ossl_x509_new(X509 *x509)
     return obj;
 }
-VALUE
-ossl_x509_new_from_file(VALUE filename)
-{
-    X509 *x509;
-    FILE *fp;
-    VALUE obj;
-    rb_check_safe_obj(filename);
-    obj = NewX509(cX509Cert);
-    if (!(fp = fopen(StringValueCStr(filename), "r"))) {
-	ossl_raise(eX509CertError, "%s", strerror(errno));
-    }
-    rb_fd_fix_cloexec(fileno(fp));
-    x509 = PEM_read_X509(fp, NULL, NULL, NULL);
-    /*
-     * prepare for DER...
-#if !defined(OPENSSL_NO_FP_API)
-    if (!x509) {
-    	(void)ERR_get_error();
-	rewind(fp);
-	x509 = d2i_X509_fp(fp, NULL);
-    }
-#endif
-    */
-    fclose(fp);
-    if (!x509) {
-	ossl_raise(eX509CertError, NULL);
-    }
-    SetX509(obj, x509);
-    return obj;
-}
 X509 *
 GetX509CertPtr(VALUE obj)
 {
     X509 *x509;
-    SafeGetX509(obj, x509);
+    GetX509(obj, x509);
     return x509;
 }
@@ -120,7 +82,7 @@ DupX509CertPtr(VALUE obj)
 {
     X509 *x509;
-    SafeGetX509(obj, x509);
+    GetX509(obj, x509);
     X509_up_ref(x509);
@@ -184,7 +146,7 @@ ossl_x509_copy(VALUE self, VALUE other)
     if (self == other) return self;
     GetX509(self, a);
-    SafeGetX509(other, b);
+    GetX509(other, b);
     x509 = X509_dup(b);
     if (!x509) ossl_raise(eX509CertError, NULL);
@@ -546,19 +508,18 @@ ossl_x509_get_public_key(VALUE self)
 /*
  * call-seq:
- *    cert.public_key = key
+ *    cert.public_key = key => key
  */
 static VALUE
 ossl_x509_set_public_key(VALUE self, VALUE key)
 {
     X509 *x509;
-    EVP_PKEY *pkey;
     GetX509(self, x509);
-    pkey = GetPKeyPtr(key);
-    ossl_pkey_check_public_key(pkey);
-    if (!X509_set_pubkey(x509, pkey))
-	ossl_raise(eX509CertError, "X509_set_pubkey");
+    if (!X509_set_pubkey(x509, GetPKeyPtr(key))) { /* DUPs pkey */
+	ossl_raise(eX509CertError, NULL);
+    }
     return key;
 }
@@ -574,7 +535,7 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
     const EVP_MD *md;
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
-    md = GetDigestPtr(digest);
+    md = ossl_evp_get_digestbyname(digest);
     GetX509(self, x509);
     if (!X509_sign(x509, pkey, md)) {
 	ossl_raise(eX509CertError, NULL);
@@ -587,7 +548,8 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
  * call-seq:
  *    cert.verify(key) => true | false
  *
- * Checks that cert signature is made with PRIVversion of this PUBLIC 'key'
+ * Verifies the signature of the certificate, with the public key _key_. _key_
+ * must be an instance of OpenSSL::PKey.
  */
 static VALUE
 ossl_x509_verify(VALUE self, VALUE key)
@@ -595,9 +557,9 @@ ossl_x509_verify(VALUE self, VALUE key)
     X509 *x509;
     EVP_PKEY *pkey;
+    pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
     GetX509(self, x509);
-    pkey = GetPKeyPtr(key);
-    ossl_pkey_check_public_key(pkey);
     switch (X509_verify(x509, pkey)) {
       case 1:
 	return Qtrue;
@@ -611,9 +573,10 @@ ossl_x509_verify(VALUE self, VALUE key)
 /*
  * call-seq:
- *    cert.check_private_key(key)
+ *    cert.check_private_key(key) -> true | false
  *
- * Checks if 'key' is PRIV key for this cert
+ * Returns +true+ if _key_ is the corresponding private key to the Subject
+ * Public Key Information, +false+ otherwise.
  */
 static VALUE
 ossl_x509_check_private_key(VALUE self, VALUE key)
@@ -830,7 +793,7 @@ Init_ossl_x509cert(void)
     rb_define_alloc_func(cX509Cert, ossl_x509_alloc);
     rb_define_method(cX509Cert, "initialize", ossl_x509_initialize, -1);
-    rb_define_copy_func(cX509Cert, ossl_x509_copy);
+    rb_define_method(cX509Cert, "initialize_copy", ossl_x509_copy, 1);
     rb_define_method(cX509Cert, "to_der", ossl_x509_to_der, 0);
     rb_define_method(cX509Cert, "to_pem", ossl_x509_to_pem, 0);

data/ext/openssl/ossl_x509crl.c CHANGED

@@ -23,10 +23,6 @@
 	ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
     } \
 } while (0)
-#define SafeGetX509CRL(obj, crl) do { \
-    OSSL_Check_Kind((obj), cX509CRL); \
-    GetX509CRL((obj), (crl)); \
-} while (0)
 /*
  * Classes
@@ -56,18 +52,7 @@ GetX509CRLPtr(VALUE obj)
 {
     X509_CRL *crl;
-    SafeGetX509CRL(obj, crl);
-    return crl;
-}
-X509_CRL *
-DupX509CRLPtr(VALUE obj)
-{
-    X509_CRL *crl;
-    SafeGetX509CRL(obj, crl);
-    X509_CRL_up_ref(crl);
+    GetX509CRL(obj, crl);
     return crl;
 }
@@ -137,7 +122,7 @@ ossl_x509crl_copy(VALUE self, VALUE other)
     rb_check_frozen(self);
     if (self == other) return self;
     GetX509CRL(self, a);
-    SafeGetX509CRL(other, b);
+    GetX509CRL(other, b);
     if (!(crl = X509_CRL_dup(b))) {
 	ossl_raise(eX509CRLError, NULL);
     }
@@ -223,10 +208,14 @@ static VALUE
 ossl_x509crl_get_last_update(VALUE self)
 {
     X509_CRL *crl;
+    const ASN1_TIME *time;
     GetX509CRL(self, crl);
+    time = X509_CRL_get0_lastUpdate(crl);
+    if (!time)
+	return Qnil;
-    return asn1time_to_time(X509_CRL_get0_lastUpdate(crl));
+    return asn1time_to_time(time);
 }
 static VALUE
@@ -250,10 +239,14 @@ static VALUE
 ossl_x509crl_get_next_update(VALUE self)
 {
     X509_CRL *crl;
+    const ASN1_TIME *time;
     GetX509CRL(self, crl);
+    time = X509_CRL_get0_nextUpdate(crl);
+    if (!time)
+	return Qnil;
-    return asn1time_to_time(X509_CRL_get0_nextUpdate(crl));
+    return asn1time_to_time(time);
 }
 static VALUE
@@ -354,7 +347,7 @@ ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest)
     GetX509CRL(self, crl);
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
-    md = GetDigestPtr(digest);
+    md = ossl_evp_get_digestbyname(digest);
     if (!X509_CRL_sign(crl, pkey, md)) {
 	ossl_raise(eX509CRLError, NULL);
     }
@@ -366,12 +359,9 @@ static VALUE
 ossl_x509crl_verify(VALUE self, VALUE key)
 {
     X509_CRL *crl;
-    EVP_PKEY *pkey;
     GetX509CRL(self, crl);
-    pkey = GetPKeyPtr(key);
-    ossl_pkey_check_public_key(pkey);
-    switch (X509_CRL_verify(crl, pkey)) {
+    switch (X509_CRL_verify(crl, GetPKeyPtr(key))) {
       case 1:
 	return Qtrue;
       case 0:
@@ -523,7 +513,7 @@ Init_ossl_x509crl(void)
     rb_define_alloc_func(cX509CRL, ossl_x509crl_alloc);
     rb_define_method(cX509CRL, "initialize", ossl_x509crl_initialize, -1);
-    rb_define_copy_func(cX509CRL, ossl_x509crl_copy);
+    rb_define_method(cX509CRL, "initialize_copy", ossl_x509crl_copy, 1);
     rb_define_method(cX509CRL, "version", ossl_x509crl_get_version, 0);
     rb_define_method(cX509CRL, "version=", ossl_x509crl_set_version, 1);