openssl 2.1.0.beta1 → 2.1.0.beta2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of openssl might be problematic. Click here for more details.

Files changed (24) hide show
  1. checksums.yaml +5 -5
  2. data/History.md +49 -6
  3. data/ext/openssl/openssl_missing.h +4 -0
  4. data/ext/openssl/ossl.c +48 -41
  5. data/ext/openssl/ossl.h +5 -0
  6. data/ext/openssl/ossl_bn.c +6 -6
  7. data/ext/openssl/ossl_cipher.c +9 -7
  8. data/ext/openssl/ossl_engine.c +34 -20
  9. data/ext/openssl/ossl_kdf.c +98 -0
  10. data/ext/openssl/ossl_ns_spki.c +14 -10
  11. data/ext/openssl/ossl_pkey.c +5 -4
  12. data/ext/openssl/ossl_pkey.h +1 -0
  13. data/ext/openssl/ossl_pkey_rsa.c +192 -0
  14. data/ext/openssl/ossl_ssl.c +170 -20
  15. data/ext/openssl/ossl_x509cert.c +31 -9
  16. data/ext/openssl/ossl_x509crl.c +6 -3
  17. data/ext/openssl/ossl_x509name.c +1 -1
  18. data/ext/openssl/ossl_x509req.c +6 -6
  19. data/ext/openssl/ossl_x509revoked.c +21 -0
  20. data/ext/openssl/ruby_missing.h +8 -2
  21. data/lib/openssl/buffering.rb +5 -3
  22. data/lib/openssl/ssl.rb +2 -1
  23. data/lib/openssl/x509.rb +33 -0
  24. metadata +4 -4
data/ext/openssl/ossl_x509cert.c CHANGED
@@ -440,7 +440,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time)
440
440
 
441
441
  GetX509(self, x509);
442
442
  asn1time = ossl_x509_time_adjust(NULL, time);
443
- if (!X509_set_notBefore(x509, asn1time)) {
443
+ if (!X509_set1_notBefore(x509, asn1time)) {
444
444
  ASN1_TIME_free(asn1time);
445
445
  ossl_raise(eX509CertError, "X509_set_notBefore");
446
446
  }
@@ -479,7 +479,7 @@ ossl_x509_set_not_after(VALUE self, VALUE time)
479
479
 
480
480
  GetX509(self, x509);
481
481
  asn1time = ossl_x509_time_adjust(NULL, time);
482
- if (!X509_set_notAfter(x509, asn1time)) {
482
+ if (!X509_set1_notAfter(x509, asn1time)) {
483
483
  ASN1_TIME_free(asn1time);
484
484
  ossl_raise(eX509CertError, "X509_set_notAfter");
485
485
  }
@@ -508,18 +508,19 @@ ossl_x509_get_public_key(VALUE self)
508
508
 
509
509
  /*
510
510
  * call-seq:
511
- * cert.public_key = key => key
511
+ * cert.public_key = key
512
512
  */
513
513
  static VALUE
514
514
  ossl_x509_set_public_key(VALUE self, VALUE key)
515
515
  {
516
516
  X509 *x509;
517
+ EVP_PKEY *pkey;
517
518
 
518
519
  GetX509(self, x509);
519
- if (!X509_set_pubkey(x509, GetPKeyPtr(key))) { /* DUPs pkey */
520
- ossl_raise(eX509CertError, NULL);
521
- }
522
-
520
+ pkey = GetPKeyPtr(key);
521
+ ossl_pkey_check_public_key(pkey);
522
+ if (!X509_set_pubkey(x509, pkey))
523
+ ossl_raise(eX509CertError, "X509_set_pubkey");
523
524
  return key;
524
525
  }
525
526
 
@@ -557,9 +558,9 @@ ossl_x509_verify(VALUE self, VALUE key)
557
558
  X509 *x509;
558
559
  EVP_PKEY *pkey;
559
560
 
560
- pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
561
561
  GetX509(self, x509);
562
-
562
+ pkey = GetPKeyPtr(key);
563
+ ossl_pkey_check_public_key(pkey);
563
564
  switch (X509_verify(x509, pkey)) {
564
565
  case 1:
565
566
  return Qtrue;
@@ -683,6 +684,26 @@ ossl_x509_inspect(VALUE self)
683
684
  ossl_x509_get_not_after(self));
684
685
  }
685
686
 
687
+ /*
688
+ * call-seq:
689
+ * cert1 == cert2 -> true | false
690
+ *
691
+ * Compares the two certificates. Note that this takes into account all fields,
692
+ * not just the issuer name and the serial number.
693
+ */
694
+ static VALUE
695
+ ossl_x509_eq(VALUE self, VALUE other)
696
+ {
697
+ X509 *a, *b;
698
+
699
+ GetX509(self, a);
700
+ if (!rb_obj_is_kind_of(other, cX509Cert))
701
+ return Qfalse;
702
+ GetX509(other, b);
703
+
704
+ return !X509_cmp(a, b) ? Qtrue : Qfalse;
705
+ }
706
+
686
707
  /*
687
708
  * INIT
688
709
  */
@@ -821,4 +842,5 @@ Init_ossl_x509cert(void)
821
842
  rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1);
822
843
  rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1);
823
844
  rb_define_method(cX509Cert, "inspect", ossl_x509_inspect, 0);
845
+ rb_define_method(cX509Cert, "==", ossl_x509_eq, 1);
824
846
  }
data/ext/openssl/ossl_x509crl.c CHANGED
@@ -226,7 +226,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
226
226
 
227
227
  GetX509CRL(self, crl);
228
228
  asn1time = ossl_x509_time_adjust(NULL, time);
229
- if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
229
+ if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
230
230
  ASN1_TIME_free(asn1time);
231
231
  ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
232
232
  }
@@ -257,7 +257,7 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time)
257
257
 
258
258
  GetX509CRL(self, crl);
259
259
  asn1time = ossl_x509_time_adjust(NULL, time);
260
- if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
260
+ if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
261
261
  ASN1_TIME_free(asn1time);
262
262
  ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
263
263
  }
@@ -359,9 +359,12 @@ static VALUE
359
359
  ossl_x509crl_verify(VALUE self, VALUE key)
360
360
  {
361
361
  X509_CRL *crl;
362
+ EVP_PKEY *pkey;
362
363
 
363
364
  GetX509CRL(self, crl);
364
- switch (X509_CRL_verify(crl, GetPKeyPtr(key))) {
365
+ pkey = GetPKeyPtr(key);
366
+ ossl_pkey_check_public_key(pkey);
367
+ switch (X509_CRL_verify(crl, pkey)) {
365
368
  case 1:
366
369
  return Qtrue;
367
370
  case 0:
data/ext/openssl/ossl_x509name.c CHANGED
@@ -305,7 +305,7 @@ ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
305
305
  }
306
306
 
307
307
  /*
308
- * call-seq;
308
+ * call-seq:
309
309
  * name.to_utf8 -> string
310
310
  *
311
311
  * Returns an UTF-8 representation of the distinguished name, as specified
data/ext/openssl/ossl_x509req.c CHANGED
@@ -293,11 +293,10 @@ ossl_x509req_set_public_key(VALUE self, VALUE key)
293
293
  EVP_PKEY *pkey;
294
294
 
295
295
  GetX509Req(self, req);
296
- pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
297
- if (!X509_REQ_set_pubkey(req, pkey)) {
298
- ossl_raise(eX509ReqError, NULL);
299
- }
300
-
296
+ pkey = GetPKeyPtr(key);
297
+ ossl_pkey_check_public_key(pkey);
298
+ if (!X509_REQ_set_pubkey(req, pkey))
299
+ ossl_raise(eX509ReqError, "X509_REQ_set_pubkey");
301
300
  return key;
302
301
  }
303
302
 
@@ -328,7 +327,8 @@ ossl_x509req_verify(VALUE self, VALUE key)
328
327
  EVP_PKEY *pkey;
329
328
 
330
329
  GetX509Req(self, req);
331
- pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
330
+ pkey = GetPKeyPtr(key);
331
+ ossl_pkey_check_public_key(pkey);
332
332
  switch (X509_REQ_verify(req, pkey)) {
333
333
  case 1:
334
334
  return Qtrue;
data/ext/openssl/ossl_x509revoked.c CHANGED
@@ -249,6 +249,26 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext)
249
249
  return ext;
250
250
  }
251
251
 
252
+ static VALUE
253
+ ossl_x509revoked_to_der(VALUE self)
254
+ {
255
+ X509_REVOKED *rev;
256
+ VALUE str;
257
+ int len;
258
+ unsigned char *p;
259
+
260
+ GetX509Rev(self, rev);
261
+ len = i2d_X509_REVOKED(rev, NULL);
262
+ if (len <= 0)
263
+ ossl_raise(eX509RevError, "i2d_X509_REVOKED");
264
+ str = rb_str_new(NULL, len);
265
+ p = (unsigned char *)RSTRING_PTR(str);
266
+ if (i2d_X509_REVOKED(rev, &p) <= 0)
267
+ ossl_raise(eX509RevError, "i2d_X509_REVOKED");
268
+ ossl_str_adjust(str, p);
269
+ return str;
270
+ }
271
+
252
272
  /*
253
273
  * INIT
254
274
  */
@@ -276,4 +296,5 @@ Init_ossl_x509revoked(void)
276
296
  rb_define_method(cX509Rev, "extensions", ossl_x509revoked_get_extensions, 0);
277
297
  rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1);
278
298
  rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1);
299
+ rb_define_method(cX509Rev, "to_der", ossl_x509revoked_to_der, 0);
279
300
  }
data/ext/openssl/ruby_missing.h CHANGED
@@ -10,9 +10,15 @@
10
10
  #if !defined(_OSSL_RUBY_MISSING_H_)
11
11
  #define _OSSL_RUBY_MISSING_H_
12
12
 
13
+ /* Ruby 2.4 */
13
14
  #ifndef RB_INTEGER_TYPE_P
14
- /* for Ruby 2.3 compatibility */
15
- #define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
15
+ # define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
16
+ #endif
17
+
18
+ /* Ruby 2.5 */
19
+ #ifndef ST2FIX
20
+ # define RB_ST2FIX(h) LONG2FIX((long)(h))
21
+ # define ST2FIX(h) RB_ST2FIX(h)
16
22
  #endif
17
23
 
18
24
  #endif /* _OSSL_RUBY_MISSING_H_ */
data/lib/openssl/buffering.rb CHANGED
@@ -339,9 +339,11 @@ module OpenSSL::Buffering
339
339
  # Writes _s_ to the stream. If the argument is not a String it will be
340
340
  # converted using +.to_s+ method. Returns the number of bytes written.
341
341
 
342
- def write(s)
343
- do_write(s)
344
- s.bytesize
342
+ def write(*s)
343
+ s.inject(0) do |written, str|
344
+ do_write(str)
345
+ written + str.bytesize
346
+ end
345
347
  end
346
348
 
347
349
  ##
data/lib/openssl/ssl.rb CHANGED
@@ -136,6 +136,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
136
136
  # used.
137
137
  def set_params(params={})
138
138
  params = DEFAULT_PARAMS.merge(params)
139
+ self.options = params.delete(:options) # set before min_version/max_version
139
140
  params.each{|name, value| self.__send__("#{name}=", value) }
140
141
  if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
141
142
  unless self.ca_file or self.ca_path or self.cert_store
@@ -201,7 +202,7 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
201
202
  if /(?<type>_client|_server)\z/ =~ meth
202
203
  meth = $`
203
204
  if $VERBOSE
204
- warn "#{caller(1)[0]}: method type #{type.inspect} is ignored"
205
+ warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored"
205
206
  end
206
207
  end
207
208
  version = METHODS_MAP[meth.intern] or
data/lib/openssl/x509.rb CHANGED
@@ -41,6 +41,11 @@ module OpenSSL
41
41
  end
42
42
 
43
43
  class Extension
44
+ def ==(other)
45
+ return false unless Extension === other
46
+ to_der == other.to_der
47
+ end
48
+
44
49
  def to_s # "oid = critical, value"
45
50
  str = self.oid
46
51
  str << " = "
@@ -160,6 +165,13 @@ module OpenSSL
160
165
  end
161
166
  end
162
167
 
168
+ class Attribute
169
+ def ==(other)
170
+ return false unless Attribute === other
171
+ to_der == other.to_der
172
+ end
173
+ end
174
+
163
175
  class StoreContext
164
176
  def cleanup
165
177
  warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
@@ -178,5 +190,26 @@ module OpenSSL
178
190
  }
179
191
  end
180
192
  end
193
+
194
+ class CRL
195
+ def ==(other)
196
+ return false unless CRL === other
197
+ to_der == other.to_der
198
+ end
199
+ end
200
+
201
+ class Revoked
202
+ def ==(other)
203
+ return false unless Revoked === other
204
+ to_der == other.to_der
205
+ end
206
+ end
207
+
208
+ class Request
209
+ def ==(other)
210
+ return false unless Request === other
211
+ to_der == other.to_der
212
+ end
213
+ end
181
214
  end
182
215
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0.beta1
4
+ version: 2.1.0.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2017-09-03 00:00:00.000000000 Z
14
+ date: 2017-11-25 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rake
@@ -150,7 +150,7 @@ files:
150
150
  - lib/openssl/pkey.rb
151
151
  - lib/openssl/ssl.rb
152
152
  - lib/openssl/x509.rb
153
- homepage: https://www.ruby-lang.org/
153
+ homepage: https://github.com/ruby/openssl
154
154
  licenses:
155
155
  - Ruby
156
156
  metadata:
@@ -173,7 +173,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
173
173
  version: 1.3.1
174
174
  requirements: []
175
175
  rubyforge_project:
176
- rubygems_version: 2.6.13
176
+ rubygems_version: 2.7.2
177
177
  signing_key:
178
178
  specification_version: 4
179
179
  summary: OpenSSL provides SSL, TLS and general purpose cryptography.