openssl 2.1.0 → 3.2.0

data/ext/openssl/ossl_provider.c

@@ -0,0 +1,211 @@
+/*
+ * This program is licensed under the same licence as Ruby.
+ * (See the file 'LICENCE'.)
+ */
+#include "ossl.h"
+
+#ifdef OSSL_USE_PROVIDER
+# include <openssl/provider.h>
+
+#define NewProvider(klass) \
+    TypedData_Wrap_Struct((klass), &ossl_provider_type, 0)
+#define SetProvider(obj, provider) do { \
+    if (!(provider)) { \
+        ossl_raise(rb_eRuntimeError, "Provider wasn't initialized."); \
+    } \
+    RTYPEDDATA_DATA(obj) = (provider); \
+} while(0)
+#define GetProvider(obj, provider) do { \
+    TypedData_Get_Struct((obj), OSSL_PROVIDER, &ossl_provider_type, (provider)); \
+    if (!(provider)) { \
+        ossl_raise(rb_eRuntimeError, "PROVIDER wasn't initialized."); \
+    } \
+} while (0)
+
+static const rb_data_type_t ossl_provider_type = {
+    "OpenSSL/Provider",
+    {
+        0,
+    },
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+};
+
+/*
+ * Classes
+ */
+/* Document-class: OpenSSL::Provider
+ *
+ * This class is the access to openssl's Provider
+ * See also, https://www.openssl.org/docs/manmaster/man7/provider.html
+ */
+static VALUE cProvider;
+/* Document-class: OpenSSL::Provider::ProviderError
+ *
+ * This is the generic exception for OpenSSL::Provider related errors
+ */
+static VALUE eProviderError;
+
+/*
+ * call-seq:
+ *    OpenSSL::Provider.load(name) -> provider
+ *
+ * This method loads and initializes a provider
+ */
+static VALUE
+ossl_provider_s_load(VALUE klass, VALUE name)
+{
+    OSSL_PROVIDER *provider = NULL;
+    VALUE obj;
+
+    const char *provider_name_ptr = StringValueCStr(name);
+
+    provider = OSSL_PROVIDER_load(NULL, provider_name_ptr);
+    if (provider == NULL) {
+        ossl_raise(eProviderError, "Failed to load %s provider", provider_name_ptr);
+    }
+    obj = NewProvider(klass);
+    SetProvider(obj, provider);
+
+    return obj;
+}
+
+struct ary_with_state { VALUE ary; int state; };
+struct rb_push_provider_name_args { OSSL_PROVIDER *prov; VALUE ary; };
+
+static VALUE
+rb_push_provider_name(VALUE rb_push_provider_name_args)
+{
+    struct rb_push_provider_name_args *args = (struct rb_push_provider_name_args *)rb_push_provider_name_args;
+
+    VALUE name = rb_str_new2(OSSL_PROVIDER_get0_name(args->prov));
+    return rb_ary_push(args->ary, name);
+}
+
+static int
+push_provider(OSSL_PROVIDER *prov, void *cbdata)
+{
+    struct ary_with_state *ary_with_state = (struct ary_with_state *)cbdata;
+    struct rb_push_provider_name_args args = { prov, ary_with_state->ary };
+
+    rb_protect(rb_push_provider_name, (VALUE)&args, &ary_with_state->state);
+    if (ary_with_state->state) {
+        return 0;
+    } else {
+        return 1;
+    }
+}
+
+/*
+ * call-seq:
+ *    OpenSSL::Provider.provider_names -> [provider_name, ...]
+ *
+ * Returns an array of currently loaded provider names.
+ */
+static VALUE
+ossl_provider_s_provider_names(VALUE klass)
+{
+    VALUE ary = rb_ary_new();
+    struct ary_with_state cbdata = { ary, 0 };
+
+    int result = OSSL_PROVIDER_do_all(NULL, &push_provider, (void*)&cbdata);
+    if (result != 1 ) {
+        if (cbdata.state) {
+            rb_jump_tag(cbdata.state);
+        } else {
+            ossl_raise(eProviderError, "Failed to load provider names");
+        }
+    }
+
+    return ary;
+}
+
+/*
+ * call-seq:
+ *    provider.unload -> true
+ *
+ * This method unloads this provider.
+ *
+ * if provider unload fails or already unloaded, it raises OpenSSL::Provider::ProviderError
+ */
+static VALUE
+ossl_provider_unload(VALUE self)
+{
+    OSSL_PROVIDER *prov;
+    if (RTYPEDDATA_DATA(self) == NULL) {
+        ossl_raise(eProviderError, "Provider already unloaded.");
+    }
+    GetProvider(self, prov);
+
+    int result = OSSL_PROVIDER_unload(prov);
+
+    if (result != 1) {
+        ossl_raise(eProviderError, "Failed to unload provider");
+    }
+    RTYPEDDATA_DATA(self) = NULL;
+    return Qtrue;
+}
+
+/*
+ * call-seq:
+ *    provider.name -> string
+ *
+ * Get the name of this provider.
+ *
+ * if this provider is already unloaded, it raises OpenSSL::Provider::ProviderError
+ */
+static VALUE
+ossl_provider_get_name(VALUE self)
+{
+    OSSL_PROVIDER *prov;
+    if (RTYPEDDATA_DATA(self) == NULL) {
+        ossl_raise(eProviderError, "Provider already unloaded.");
+    }
+    GetProvider(self, prov);
+
+    return rb_str_new2(OSSL_PROVIDER_get0_name(prov));
+}
+
+/*
+ * call-seq:
+ *    provider.inspect -> string
+ *
+ * Pretty prints this provider.
+ */
+static VALUE
+ossl_provider_inspect(VALUE self)
+{
+    OSSL_PROVIDER *prov;
+    if (RTYPEDDATA_DATA(self) == NULL ) {
+        return rb_sprintf("#<%"PRIsVALUE" unloaded provider>", rb_obj_class(self));
+    }
+    GetProvider(self, prov);
+
+    return rb_sprintf("#<%"PRIsVALUE" name=\"%s\">",
+                      rb_obj_class(self), OSSL_PROVIDER_get0_name(prov));
+}
+
+void
+Init_ossl_provider(void)
+{
+#if 0
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+#endif
+
+    cProvider = rb_define_class_under(mOSSL, "Provider", rb_cObject);
+    eProviderError = rb_define_class_under(cProvider, "ProviderError", eOSSLError);
+
+    rb_undef_alloc_func(cProvider);
+    rb_define_singleton_method(cProvider, "load", ossl_provider_s_load, 1);
+    rb_define_singleton_method(cProvider, "provider_names", ossl_provider_s_provider_names, 0);
+
+    rb_define_method(cProvider, "unload", ossl_provider_unload, 0);
+    rb_define_method(cProvider, "name", ossl_provider_get_name, 0);
+    rb_define_method(cProvider, "inspect", ossl_provider_inspect, 0);
+}
+#else
+void
+Init_ossl_provider(void)
+{
+}
+#endif

data/ext/openssl/ossl_provider.h

@@ -0,0 +1,5 @@
+#if !defined(OSSL_PROVIDER_H)
+#define OSSL_PROVIDER_H
+
+void Init_ossl_provider(void);
+#endif

data/ext/openssl/ossl_rand.c

@@ -67,8 +67,6 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
 static VALUE
 ossl_rand_load_file(VALUE self, VALUE filename)
 {
-    rb_check_safe_obj(filename);
-
     if(!RAND_load_file(StringValueCStr(filename), -1)) {
 	ossl_raise(eRandomError, NULL);
     }
@@ -86,8 +84,6 @@ ossl_rand_load_file(VALUE self, VALUE filename)
 static VALUE
 ossl_rand_write_file(VALUE self, VALUE filename)
 {
-    rb_check_safe_obj(filename);
-
     if (RAND_write_file(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
@@ -124,36 +120,6 @@ ossl_rand_bytes(VALUE self, VALUE len)
     return str;
 }
 
-#if defined(HAVE_RAND_PSEUDO_BYTES)
-/*
- *  call-seq:
- *	pseudo_bytes(length) -> string
- *
- * Generates a String with _length_ number of pseudo-random bytes.
- *
- * Pseudo-random byte sequences generated by ::pseudo_bytes will be unique if
- * they are of sufficient length, but are not necessarily unpredictable.
- *
- * === Example
- *
- *    OpenSSL::Random.pseudo_bytes(12)
- *    #=> "..."
- */
-static VALUE
-ossl_rand_pseudo_bytes(VALUE self, VALUE len)
-{
-    VALUE str;
-    int n = NUM2INT(len);
-
-    str = rb_str_new(0, n);
-    if (RAND_pseudo_bytes((unsigned char *)RSTRING_PTR(str), n) < 1) {
-	ossl_raise(eRandomError, NULL);
-    }
-
-    return str;
-}
-#endif
-
 #ifdef HAVE_RAND_EGD
 /*
  *  call-seq:
@@ -164,8 +130,6 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
 static VALUE
 ossl_rand_egd(VALUE self, VALUE filename)
 {
-    rb_check_safe_obj(filename);
-
     if (RAND_egd(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
@@ -186,8 +150,6 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
 {
     int n = NUM2INT(len);
 
-    rb_check_safe_obj(filename);
-
     if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
@@ -227,8 +189,8 @@ Init_ossl_rand(void)
     rb_define_module_function(mRandom, "load_random_file", ossl_rand_load_file, 1);
     rb_define_module_function(mRandom, "write_random_file", ossl_rand_write_file, 1);
     rb_define_module_function(mRandom, "random_bytes", ossl_rand_bytes, 1);
-#if defined(HAVE_RAND_PSEUDO_BYTES)
-    rb_define_module_function(mRandom, "pseudo_bytes", ossl_rand_pseudo_bytes, 1);
+#if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
+    rb_define_alias(rb_singleton_class(mRandom), "pseudo_bytes", "random_bytes");
 #endif
 #ifdef HAVE_RAND_EGD
     rb_define_module_function(mRandom, "egd", ossl_rand_egd, 1);