openssl 2.1.0 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +426 -0
  4. data/README.md +38 -21
  5. data/ext/openssl/extconf.rb +132 -72
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +62 -46
  8. data/ext/openssl/ossl.c +177 -252
  9. data/ext/openssl/ossl.h +39 -17
  10. data/ext/openssl/ossl_asn1.c +53 -14
  11. data/ext/openssl/ossl_bn.c +288 -146
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +42 -32
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +32 -63
  17. data/ext/openssl/ossl_engine.c +19 -28
  18. data/ext/openssl/ossl_hmac.c +61 -146
  19. data/ext/openssl/ossl_kdf.c +15 -23
  20. data/ext/openssl/ossl_ns_spki.c +2 -2
  21. data/ext/openssl/ossl_ocsp.c +17 -70
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +23 -4
  24. data/ext/openssl/ossl_pkcs7.c +49 -81
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1508 -195
  27. data/ext/openssl/ossl_pkey.h +41 -78
  28. data/ext/openssl/ossl_pkey_dh.c +153 -348
  29. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  30. data/ext/openssl/ossl_pkey_ec.c +257 -343
  31. data/ext/openssl/ossl_pkey_rsa.c +166 -490
  32. data/ext/openssl/ossl_provider.c +211 -0
  33. data/ext/openssl/ossl_provider.h +5 -0
  34. data/ext/openssl/ossl_rand.c +2 -40
  35. data/ext/openssl/ossl_ssl.c +666 -456
  36. data/ext/openssl/ossl_ssl_session.c +29 -30
  37. data/ext/openssl/ossl_ts.c +1539 -0
  38. data/ext/openssl/ossl_ts.h +16 -0
  39. data/ext/openssl/ossl_x509.c +86 -1
  40. data/ext/openssl/ossl_x509attr.c +1 -1
  41. data/ext/openssl/ossl_x509cert.c +170 -14
  42. data/ext/openssl/ossl_x509crl.c +14 -11
  43. data/ext/openssl/ossl_x509ext.c +29 -9
  44. data/ext/openssl/ossl_x509name.c +24 -12
  45. data/ext/openssl/ossl_x509req.c +14 -11
  46. data/ext/openssl/ossl_x509revoked.c +4 -4
  47. data/ext/openssl/ossl_x509store.c +205 -96
  48. data/lib/openssl/bn.rb +1 -1
  49. data/lib/openssl/buffering.rb +42 -20
  50. data/lib/openssl/cipher.rb +1 -1
  51. data/lib/openssl/digest.rb +10 -16
  52. data/lib/openssl/hmac.rb +78 -0
  53. data/lib/openssl/marshal.rb +30 -0
  54. data/lib/openssl/pkcs5.rb +1 -1
  55. data/lib/openssl/pkey.rb +447 -1
  56. data/lib/openssl/ssl.rb +68 -24
  57. data/lib/openssl/version.rb +5 -0
  58. data/lib/openssl/x509.rb +177 -1
  59. data/lib/openssl.rb +24 -9
  60. metadata +18 -71
  61. data/ext/openssl/deprecation.rb +0 -23
  62. data/ext/openssl/ossl_version.h +0 -15
  63. data/ext/openssl/ruby_missing.h +0 -24
  64. data/lib/openssl/config.rb +0 -474
@@ -0,0 +1,211 @@
1
+ /*
2
+ * This program is licensed under the same licence as Ruby.
3
+ * (See the file 'LICENCE'.)
4
+ */
5
+ #include "ossl.h"
6
+
7
+ #ifdef OSSL_USE_PROVIDER
8
+ # include <openssl/provider.h>
9
+
10
+ #define NewProvider(klass) \
11
+ TypedData_Wrap_Struct((klass), &ossl_provider_type, 0)
12
+ #define SetProvider(obj, provider) do { \
13
+ if (!(provider)) { \
14
+ ossl_raise(rb_eRuntimeError, "Provider wasn't initialized."); \
15
+ } \
16
+ RTYPEDDATA_DATA(obj) = (provider); \
17
+ } while(0)
18
+ #define GetProvider(obj, provider) do { \
19
+ TypedData_Get_Struct((obj), OSSL_PROVIDER, &ossl_provider_type, (provider)); \
20
+ if (!(provider)) { \
21
+ ossl_raise(rb_eRuntimeError, "PROVIDER wasn't initialized."); \
22
+ } \
23
+ } while (0)
24
+
25
+ static const rb_data_type_t ossl_provider_type = {
26
+ "OpenSSL/Provider",
27
+ {
28
+ 0,
29
+ },
30
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
31
+ };
32
+
33
+ /*
34
+ * Classes
35
+ */
36
+ /* Document-class: OpenSSL::Provider
37
+ *
38
+ * This class is the access to openssl's Provider
39
+ * See also, https://www.openssl.org/docs/manmaster/man7/provider.html
40
+ */
41
+ static VALUE cProvider;
42
+ /* Document-class: OpenSSL::Provider::ProviderError
43
+ *
44
+ * This is the generic exception for OpenSSL::Provider related errors
45
+ */
46
+ static VALUE eProviderError;
47
+
48
+ /*
49
+ * call-seq:
50
+ * OpenSSL::Provider.load(name) -> provider
51
+ *
52
+ * This method loads and initializes a provider
53
+ */
54
+ static VALUE
55
+ ossl_provider_s_load(VALUE klass, VALUE name)
56
+ {
57
+ OSSL_PROVIDER *provider = NULL;
58
+ VALUE obj;
59
+
60
+ const char *provider_name_ptr = StringValueCStr(name);
61
+
62
+ provider = OSSL_PROVIDER_load(NULL, provider_name_ptr);
63
+ if (provider == NULL) {
64
+ ossl_raise(eProviderError, "Failed to load %s provider", provider_name_ptr);
65
+ }
66
+ obj = NewProvider(klass);
67
+ SetProvider(obj, provider);
68
+
69
+ return obj;
70
+ }
71
+
72
+ struct ary_with_state { VALUE ary; int state; };
73
+ struct rb_push_provider_name_args { OSSL_PROVIDER *prov; VALUE ary; };
74
+
75
+ static VALUE
76
+ rb_push_provider_name(VALUE rb_push_provider_name_args)
77
+ {
78
+ struct rb_push_provider_name_args *args = (struct rb_push_provider_name_args *)rb_push_provider_name_args;
79
+
80
+ VALUE name = rb_str_new2(OSSL_PROVIDER_get0_name(args->prov));
81
+ return rb_ary_push(args->ary, name);
82
+ }
83
+
84
+ static int
85
+ push_provider(OSSL_PROVIDER *prov, void *cbdata)
86
+ {
87
+ struct ary_with_state *ary_with_state = (struct ary_with_state *)cbdata;
88
+ struct rb_push_provider_name_args args = { prov, ary_with_state->ary };
89
+
90
+ rb_protect(rb_push_provider_name, (VALUE)&args, &ary_with_state->state);
91
+ if (ary_with_state->state) {
92
+ return 0;
93
+ } else {
94
+ return 1;
95
+ }
96
+ }
97
+
98
+ /*
99
+ * call-seq:
100
+ * OpenSSL::Provider.provider_names -> [provider_name, ...]
101
+ *
102
+ * Returns an array of currently loaded provider names.
103
+ */
104
+ static VALUE
105
+ ossl_provider_s_provider_names(VALUE klass)
106
+ {
107
+ VALUE ary = rb_ary_new();
108
+ struct ary_with_state cbdata = { ary, 0 };
109
+
110
+ int result = OSSL_PROVIDER_do_all(NULL, &push_provider, (void*)&cbdata);
111
+ if (result != 1 ) {
112
+ if (cbdata.state) {
113
+ rb_jump_tag(cbdata.state);
114
+ } else {
115
+ ossl_raise(eProviderError, "Failed to load provider names");
116
+ }
117
+ }
118
+
119
+ return ary;
120
+ }
121
+
122
+ /*
123
+ * call-seq:
124
+ * provider.unload -> true
125
+ *
126
+ * This method unloads this provider.
127
+ *
128
+ * if provider unload fails or already unloaded, it raises OpenSSL::Provider::ProviderError
129
+ */
130
+ static VALUE
131
+ ossl_provider_unload(VALUE self)
132
+ {
133
+ OSSL_PROVIDER *prov;
134
+ if (RTYPEDDATA_DATA(self) == NULL) {
135
+ ossl_raise(eProviderError, "Provider already unloaded.");
136
+ }
137
+ GetProvider(self, prov);
138
+
139
+ int result = OSSL_PROVIDER_unload(prov);
140
+
141
+ if (result != 1) {
142
+ ossl_raise(eProviderError, "Failed to unload provider");
143
+ }
144
+ RTYPEDDATA_DATA(self) = NULL;
145
+ return Qtrue;
146
+ }
147
+
148
+ /*
149
+ * call-seq:
150
+ * provider.name -> string
151
+ *
152
+ * Get the name of this provider.
153
+ *
154
+ * if this provider is already unloaded, it raises OpenSSL::Provider::ProviderError
155
+ */
156
+ static VALUE
157
+ ossl_provider_get_name(VALUE self)
158
+ {
159
+ OSSL_PROVIDER *prov;
160
+ if (RTYPEDDATA_DATA(self) == NULL) {
161
+ ossl_raise(eProviderError, "Provider already unloaded.");
162
+ }
163
+ GetProvider(self, prov);
164
+
165
+ return rb_str_new2(OSSL_PROVIDER_get0_name(prov));
166
+ }
167
+
168
+ /*
169
+ * call-seq:
170
+ * provider.inspect -> string
171
+ *
172
+ * Pretty prints this provider.
173
+ */
174
+ static VALUE
175
+ ossl_provider_inspect(VALUE self)
176
+ {
177
+ OSSL_PROVIDER *prov;
178
+ if (RTYPEDDATA_DATA(self) == NULL ) {
179
+ return rb_sprintf("#<%"PRIsVALUE" unloaded provider>", rb_obj_class(self));
180
+ }
181
+ GetProvider(self, prov);
182
+
183
+ return rb_sprintf("#<%"PRIsVALUE" name=\"%s\">",
184
+ rb_obj_class(self), OSSL_PROVIDER_get0_name(prov));
185
+ }
186
+
187
+ void
188
+ Init_ossl_provider(void)
189
+ {
190
+ #if 0
191
+ mOSSL = rb_define_module("OpenSSL");
192
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
193
+ #endif
194
+
195
+ cProvider = rb_define_class_under(mOSSL, "Provider", rb_cObject);
196
+ eProviderError = rb_define_class_under(cProvider, "ProviderError", eOSSLError);
197
+
198
+ rb_undef_alloc_func(cProvider);
199
+ rb_define_singleton_method(cProvider, "load", ossl_provider_s_load, 1);
200
+ rb_define_singleton_method(cProvider, "provider_names", ossl_provider_s_provider_names, 0);
201
+
202
+ rb_define_method(cProvider, "unload", ossl_provider_unload, 0);
203
+ rb_define_method(cProvider, "name", ossl_provider_get_name, 0);
204
+ rb_define_method(cProvider, "inspect", ossl_provider_inspect, 0);
205
+ }
206
+ #else
207
+ void
208
+ Init_ossl_provider(void)
209
+ {
210
+ }
211
+ #endif
@@ -0,0 +1,5 @@
1
+ #if !defined(OSSL_PROVIDER_H)
2
+ #define OSSL_PROVIDER_H
3
+
4
+ void Init_ossl_provider(void);
5
+ #endif
@@ -67,8 +67,6 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
67
67
  static VALUE
68
68
  ossl_rand_load_file(VALUE self, VALUE filename)
69
69
  {
70
- rb_check_safe_obj(filename);
71
-
72
70
  if(!RAND_load_file(StringValueCStr(filename), -1)) {
73
71
  ossl_raise(eRandomError, NULL);
74
72
  }
@@ -86,8 +84,6 @@ ossl_rand_load_file(VALUE self, VALUE filename)
86
84
  static VALUE
87
85
  ossl_rand_write_file(VALUE self, VALUE filename)
88
86
  {
89
- rb_check_safe_obj(filename);
90
-
91
87
  if (RAND_write_file(StringValueCStr(filename)) == -1) {
92
88
  ossl_raise(eRandomError, NULL);
93
89
  }
@@ -124,36 +120,6 @@ ossl_rand_bytes(VALUE self, VALUE len)
124
120
  return str;
125
121
  }
126
122
 
127
- #if defined(HAVE_RAND_PSEUDO_BYTES)
128
- /*
129
- * call-seq:
130
- * pseudo_bytes(length) -> string
131
- *
132
- * Generates a String with _length_ number of pseudo-random bytes.
133
- *
134
- * Pseudo-random byte sequences generated by ::pseudo_bytes will be unique if
135
- * they are of sufficient length, but are not necessarily unpredictable.
136
- *
137
- * === Example
138
- *
139
- * OpenSSL::Random.pseudo_bytes(12)
140
- * #=> "..."
141
- */
142
- static VALUE
143
- ossl_rand_pseudo_bytes(VALUE self, VALUE len)
144
- {
145
- VALUE str;
146
- int n = NUM2INT(len);
147
-
148
- str = rb_str_new(0, n);
149
- if (RAND_pseudo_bytes((unsigned char *)RSTRING_PTR(str), n) < 1) {
150
- ossl_raise(eRandomError, NULL);
151
- }
152
-
153
- return str;
154
- }
155
- #endif
156
-
157
123
  #ifdef HAVE_RAND_EGD
158
124
  /*
159
125
  * call-seq:
@@ -164,8 +130,6 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
164
130
  static VALUE
165
131
  ossl_rand_egd(VALUE self, VALUE filename)
166
132
  {
167
- rb_check_safe_obj(filename);
168
-
169
133
  if (RAND_egd(StringValueCStr(filename)) == -1) {
170
134
  ossl_raise(eRandomError, NULL);
171
135
  }
@@ -186,8 +150,6 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
186
150
  {
187
151
  int n = NUM2INT(len);
188
152
 
189
- rb_check_safe_obj(filename);
190
-
191
153
  if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) {
192
154
  ossl_raise(eRandomError, NULL);
193
155
  }
@@ -227,8 +189,8 @@ Init_ossl_rand(void)
227
189
  rb_define_module_function(mRandom, "load_random_file", ossl_rand_load_file, 1);
228
190
  rb_define_module_function(mRandom, "write_random_file", ossl_rand_write_file, 1);
229
191
  rb_define_module_function(mRandom, "random_bytes", ossl_rand_bytes, 1);
230
- #if defined(HAVE_RAND_PSEUDO_BYTES)
231
- rb_define_module_function(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1);
192
+ #if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
193
+ rb_define_alias(rb_singleton_class(mRandom), "pseudo_bytes", "random_bytes");
232
194
  #endif
233
195
  #ifdef HAVE_RAND_EGD
234
196
  rb_define_module_function(mRandom, "egd", ossl_rand_egd, 1);