openssl 2.1.0 → 3.2.0

data/lib/openssl/buffering.rb

@@ -1,5 +1,5 @@
 # coding: binary
-# frozen_string_literal: false
+# frozen_string_literal: true
 #--
 #= Info
 #  'OpenSSL for Ruby 2' project
@@ -22,6 +22,29 @@
 module OpenSSL::Buffering
   include Enumerable
 
+  # A buffer which will retain binary encoding.
+  class Buffer < String
+    BINARY = Encoding::BINARY
+
+    def initialize
+      super
+
+      force_encoding(BINARY)
+    end
+
+    def << string
+      if string.encoding == BINARY
+        super(string)
+      else
+        super(string.b)
+      end
+
+      return self
+    end
+
+    alias concat <<
+  end
+
   ##
   # The "sync mode" of the SSLSocket.
   #
@@ -40,7 +63,7 @@ module OpenSSL::Buffering
   def initialize(*)
     super
     @eof = false
-    @rbuffer = ""
+    @rbuffer = Buffer.new
     @sync = @io.sync
   end
 
@@ -70,14 +93,20 @@ module OpenSSL::Buffering
       nil
     else
       size = @rbuffer.size unless size
-      ret = @rbuffer[0, size]
-      @rbuffer[0, size] = ""
-      ret
+      @rbuffer.slice!(0, size)
     end
   end
 
   public
 
+  # call-seq:
+  #   ssl.getbyte => 81
+  #
+  # Get the next 8bit byte from `ssl`.  Returns `nil` on EOF
+  def getbyte
+    read(1)&.ord
+  end
+
   ##
   # Reads _size_ bytes from the stream.  If _buf_ is provided it must
   # reference a string which will receive the data.
@@ -312,24 +341,19 @@ module OpenSSL::Buffering
   # buffer is flushed to the underlying socket.
 
   def do_write(s)
-    @wbuffer = "" unless defined? @wbuffer
+    @wbuffer = Buffer.new unless defined? @wbuffer
     @wbuffer << s
     @wbuffer.force_encoding(Encoding::BINARY)
     @sync ||= false
-    if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
-      remain = idx ? idx + $/.size : @wbuffer.length
-      nwritten = 0
-      while remain > 0
-        str = @wbuffer[nwritten,remain]
+    if @sync or @wbuffer.size > BLOCK_SIZE
+      until @wbuffer.empty?
         begin
-          nwrote = syswrite(str)
+          nwrote = syswrite(@wbuffer)
         rescue Errno::EAGAIN
           retry
         end
-        remain -= nwrote
-        nwritten += nwrote
+        @wbuffer[0, nwrote] = ""
       end
-      @wbuffer[0,nwritten] = ""
     end
   end
 
@@ -403,15 +427,13 @@ module OpenSSL::Buffering
   # See IO#puts for full details.
 
   def puts(*args)
-    s = ""
+    s = Buffer.new
     if args.empty?
       s << "\n"
     end
     args.each{|arg|
       s << arg.to_s
-      if $/ && /\n\z/ !~ s
-        s << "\n"
-      end
+      s.sub!(/(?<!\n)\z/, "\n")
     }
     do_write(s)
     nil
@@ -423,7 +445,7 @@ module OpenSSL::Buffering
   # See IO#print for full details.
 
   def print(*args)
-    s = ""
+    s = Buffer.new
     args.each{ |arg| s << arg.to_s }
     do_write(s)
     nil

data/lib/openssl/cipher.rb

@@ -1,4 +1,4 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
 #--
 # = Ruby-space predefined Cipher subclasses
 #

data/lib/openssl/digest.rb

@@ -1,4 +1,4 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
 #--
 # = Ruby-space predefined Digest subclasses
 #
@@ -15,37 +15,31 @@
 module OpenSSL
   class Digest
 
-    alg = %w(MD2 MD4 MD5 MDC2 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
-    if OPENSSL_VERSION_NUMBER < 0x10100000
-      alg += %w(DSS DSS1 SHA)
-    end
-
     # Return the hash value computed with _name_ Digest. _name_ is either the
     # long name or short name of a supported digest algorithm.
     #
-    # === Examples
+    # === Example
     #
     #   OpenSSL::Digest.digest("SHA256", "abc")
-    #
-    # which is equivalent to:
-    #
-    #   OpenSSL::Digest::SHA256.digest("abc")
 
     def self.digest(name, data)
       super(data, name)
     end
 
-    alg.each{|name|
+    %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512).each do |name|
       klass = Class.new(self) {
         define_method(:initialize, ->(data = nil) {super(name, data)})
       }
+
       singleton = (class << klass; self; end)
+
       singleton.class_eval{
-        define_method(:digest){|data| new.digest(data) }
-        define_method(:hexdigest){|data| new.hexdigest(data) }
+        define_method(:digest) {|data| new.digest(data)}
+        define_method(:hexdigest) {|data| new.hexdigest(data)}
       }
-      const_set(name, klass)
-    }
+
+      const_set(name.tr('-', '_'), klass)
+    end
 
     # Deprecated.
     #

data/lib/openssl/hmac.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+module OpenSSL
+  class HMAC
+    # Securely compare with another HMAC instance in constant time.
+    def ==(other)
+      return false unless HMAC === other
+      return false unless self.digest.bytesize == other.digest.bytesize
+
+      OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
+    end
+
+    # :call-seq:
+    #    hmac.base64digest -> string
+    #
+    # Returns the authentication code an a Base64-encoded string.
+    def base64digest
+      [digest].pack("m0")
+    end
+
+    class << self
+      # :call-seq:
+      #    HMAC.digest(digest, key, data) -> aString
+      #
+      # Returns the authentication code as a binary string. The _digest_ parameter
+      # specifies the digest algorithm to use. This may be a String representing
+      # the algorithm name or an instance of OpenSSL::Digest.
+      #
+      # === Example
+      #  key = 'key'
+      #  data = 'The quick brown fox jumps over the lazy dog'
+      #
+      #  hmac = OpenSSL::HMAC.digest('SHA1', key, data)
+      #  #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
+      def digest(digest, key, data)
+        hmac = new(key, digest)
+        hmac << data
+        hmac.digest
+      end
+
+      # :call-seq:
+      #    HMAC.hexdigest(digest, key, data) -> aString
+      #
+      # Returns the authentication code as a hex-encoded string. The _digest_
+      # parameter specifies the digest algorithm to use. This may be a String
+      # representing the algorithm name or an instance of OpenSSL::Digest.
+      #
+      # === Example
+      #  key = 'key'
+      #  data = 'The quick brown fox jumps over the lazy dog'
+      #
+      #  hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
+      #  #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
+      def hexdigest(digest, key, data)
+        hmac = new(key, digest)
+        hmac << data
+        hmac.hexdigest
+      end
+
+      # :call-seq:
+      #    HMAC.base64digest(digest, key, data) -> aString
+      #
+      # Returns the authentication code as a Base64-encoded string. The _digest_
+      # parameter specifies the digest algorithm to use. This may be a String
+      # representing the algorithm name or an instance of OpenSSL::Digest.
+      #
+      # === Example
+      #  key = 'key'
+      #  data = 'The quick brown fox jumps over the lazy dog'
+      #
+      #  hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
+      #  #=> "3nybhbi3iqa8ino29wqQcBydtNk="
+      def base64digest(digest, key, data)
+        [digest(digest, key, data)].pack("m0")
+      end
+    end
+  end
+end

data/lib/openssl/marshal.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+#--
+# = Ruby-space definitions to add DER (de)serialization to classes
+#
+# = Info
+# 'OpenSSL for Ruby 2' project
+# Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+# All rights reserved.
+#
+# = Licence
+# This program is licensed under the same licence as Ruby.
+# (See the file 'LICENCE'.)
+#++
+module OpenSSL
+  module Marshal
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def _load(string)
+        new(string)
+      end
+    end
+
+    def _dump(_level)
+      to_der
+    end
+  end
+end

data/lib/openssl/pkcs5.rb

@@ -1,4 +1,4 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
 #--
 # Ruby/OpenSSL Project
 # Copyright (C) 2017 Ruby/OpenSSL Project Authors