openssl 2.1.0 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +426 -0
  4. data/README.md +38 -21
  5. data/ext/openssl/extconf.rb +132 -72
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +62 -46
  8. data/ext/openssl/ossl.c +177 -252
  9. data/ext/openssl/ossl.h +39 -17
  10. data/ext/openssl/ossl_asn1.c +53 -14
  11. data/ext/openssl/ossl_bn.c +288 -146
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +42 -32
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +32 -63
  17. data/ext/openssl/ossl_engine.c +19 -28
  18. data/ext/openssl/ossl_hmac.c +61 -146
  19. data/ext/openssl/ossl_kdf.c +15 -23
  20. data/ext/openssl/ossl_ns_spki.c +2 -2
  21. data/ext/openssl/ossl_ocsp.c +17 -70
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +23 -4
  24. data/ext/openssl/ossl_pkcs7.c +49 -81
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1508 -195
  27. data/ext/openssl/ossl_pkey.h +41 -78
  28. data/ext/openssl/ossl_pkey_dh.c +153 -348
  29. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  30. data/ext/openssl/ossl_pkey_ec.c +257 -343
  31. data/ext/openssl/ossl_pkey_rsa.c +166 -490
  32. data/ext/openssl/ossl_provider.c +211 -0
  33. data/ext/openssl/ossl_provider.h +5 -0
  34. data/ext/openssl/ossl_rand.c +2 -40
  35. data/ext/openssl/ossl_ssl.c +666 -456
  36. data/ext/openssl/ossl_ssl_session.c +29 -30
  37. data/ext/openssl/ossl_ts.c +1539 -0
  38. data/ext/openssl/ossl_ts.h +16 -0
  39. data/ext/openssl/ossl_x509.c +86 -1
  40. data/ext/openssl/ossl_x509attr.c +1 -1
  41. data/ext/openssl/ossl_x509cert.c +170 -14
  42. data/ext/openssl/ossl_x509crl.c +14 -11
  43. data/ext/openssl/ossl_x509ext.c +29 -9
  44. data/ext/openssl/ossl_x509name.c +24 -12
  45. data/ext/openssl/ossl_x509req.c +14 -11
  46. data/ext/openssl/ossl_x509revoked.c +4 -4
  47. data/ext/openssl/ossl_x509store.c +205 -96
  48. data/lib/openssl/bn.rb +1 -1
  49. data/lib/openssl/buffering.rb +42 -20
  50. data/lib/openssl/cipher.rb +1 -1
  51. data/lib/openssl/digest.rb +10 -16
  52. data/lib/openssl/hmac.rb +78 -0
  53. data/lib/openssl/marshal.rb +30 -0
  54. data/lib/openssl/pkcs5.rb +1 -1
  55. data/lib/openssl/pkey.rb +447 -1
  56. data/lib/openssl/ssl.rb +68 -24
  57. data/lib/openssl/version.rb +5 -0
  58. data/lib/openssl/x509.rb +177 -1
  59. data/lib/openssl.rb +24 -9
  60. metadata +18 -71
  61. data/ext/openssl/deprecation.rb +0 -23
  62. data/ext/openssl/ossl_version.h +0 -15
  63. data/ext/openssl/ruby_missing.h +0 -24
  64. data/lib/openssl/config.rb +0 -474
@@ -1,474 +0,0 @@
1
- # frozen_string_literal: false
2
- =begin
3
- = Ruby-space definitions that completes C-space funcs for Config
4
-
5
- = Info
6
- Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
7
-
8
- = Licence
9
- This program is licensed under the same licence as Ruby.
10
- (See the file 'LICENCE'.)
11
-
12
- =end
13
-
14
- require 'stringio'
15
-
16
- module OpenSSL
17
- ##
18
- # = OpenSSL::Config
19
- #
20
- # Configuration for the openssl library.
21
- #
22
- # Many system's installation of openssl library will depend on your system
23
- # configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
24
- # the location of the file for your host.
25
- #
26
- # See also http://www.openssl.org/docs/apps/config.html
27
- class Config
28
- include Enumerable
29
-
30
- class << self
31
-
32
- ##
33
- # Parses a given _string_ as a blob that contains configuration for
34
- # OpenSSL.
35
- #
36
- # If the source of the IO is a file, then consider using #parse_config.
37
- def parse(string)
38
- c = new()
39
- parse_config(StringIO.new(string)).each do |section, hash|
40
- c[section] = hash
41
- end
42
- c
43
- end
44
-
45
- ##
46
- # load is an alias to ::new
47
- alias load new
48
-
49
- ##
50
- # Parses the configuration data read from _io_, see also #parse.
51
- #
52
- # Raises a ConfigError on invalid configuration data.
53
- def parse_config(io)
54
- begin
55
- parse_config_lines(io)
56
- rescue ConfigError => e
57
- e.message.replace("error in line #{io.lineno}: " + e.message)
58
- raise
59
- end
60
- end
61
-
62
- def get_key_string(data, section, key) # :nodoc:
63
- if v = data[section] && data[section][key]
64
- return v
65
- elsif section == 'ENV'
66
- if v = ENV[key]
67
- return v
68
- end
69
- end
70
- if v = data['default'] && data['default'][key]
71
- return v
72
- end
73
- end
74
-
75
- private
76
-
77
- def parse_config_lines(io)
78
- section = 'default'
79
- data = {section => {}}
80
- while definition = get_definition(io)
81
- definition = clear_comments(definition)
82
- next if definition.empty?
83
- if definition[0] == ?[
84
- if /\[([^\]]*)\]/ =~ definition
85
- section = $1.strip
86
- data[section] ||= {}
87
- else
88
- raise ConfigError, "missing close square bracket"
89
- end
90
- else
91
- if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
92
- if $2
93
- section = $1
94
- key = $2
95
- else
96
- key = $1
97
- end
98
- value = unescape_value(data, section, $3)
99
- (data[section] ||= {})[key] = value.strip
100
- else
101
- raise ConfigError, "missing equal sign"
102
- end
103
- end
104
- end
105
- data
106
- end
107
-
108
- # escape with backslash
109
- QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
110
- # escape with backslash and doubled dq
111
- QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
112
- # escaped char map
113
- ESCAPE_MAP = {
114
- "r" => "\r",
115
- "n" => "\n",
116
- "b" => "\b",
117
- "t" => "\t",
118
- }
119
-
120
- def unescape_value(data, section, value)
121
- scanned = []
122
- while m = value.match(/['"\\$]/)
123
- scanned << m.pre_match
124
- c = m[0]
125
- value = m.post_match
126
- case c
127
- when "'"
128
- if m = value.match(QUOTE_REGEXP_SQ)
129
- scanned << m[1].gsub(/\\(.)/, '\\1')
130
- value = m.post_match
131
- else
132
- break
133
- end
134
- when '"'
135
- if m = value.match(QUOTE_REGEXP_DQ)
136
- scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
137
- value = m.post_match
138
- else
139
- break
140
- end
141
- when "\\"
142
- c = value.slice!(0, 1)
143
- scanned << (ESCAPE_MAP[c] || c)
144
- when "$"
145
- ref, value = extract_reference(value)
146
- refsec = section
147
- if ref.index('::')
148
- refsec, ref = ref.split('::', 2)
149
- end
150
- if v = get_key_string(data, refsec, ref)
151
- scanned << v
152
- else
153
- raise ConfigError, "variable has no value"
154
- end
155
- else
156
- raise 'must not reaced'
157
- end
158
- end
159
- scanned << value
160
- scanned.join
161
- end
162
-
163
- def extract_reference(value)
164
- rest = ''
165
- if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
166
- value = m[1] || m[2]
167
- rest = m.post_match
168
- elsif [?(, ?{].include?(value[0])
169
- raise ConfigError, "no close brace"
170
- end
171
- if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
172
- return m[0], m.post_match + rest
173
- else
174
- raise
175
- end
176
- end
177
-
178
- def clear_comments(line)
179
- # FCOMMENT
180
- if m = line.match(/\A([\t\n\f ]*);.*\z/)
181
- return m[1]
182
- end
183
- # COMMENT
184
- scanned = []
185
- while m = line.match(/[#'"\\]/)
186
- scanned << m.pre_match
187
- c = m[0]
188
- line = m.post_match
189
- case c
190
- when '#'
191
- line = nil
192
- break
193
- when "'", '"'
194
- regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
195
- scanned << c
196
- if m = line.match(regexp)
197
- scanned << m[0]
198
- line = m.post_match
199
- else
200
- scanned << line
201
- line = nil
202
- break
203
- end
204
- when "\\"
205
- scanned << c
206
- scanned << line.slice!(0, 1)
207
- else
208
- raise 'must not reaced'
209
- end
210
- end
211
- scanned << line
212
- scanned.join
213
- end
214
-
215
- def get_definition(io)
216
- if line = get_line(io)
217
- while /[^\\]\\\z/ =~ line
218
- if extra = get_line(io)
219
- line += extra
220
- else
221
- break
222
- end
223
- end
224
- return line.strip
225
- end
226
- end
227
-
228
- def get_line(io)
229
- if line = io.gets
230
- line.gsub(/[\r\n]*/, '')
231
- end
232
- end
233
- end
234
-
235
- ##
236
- # Creates an instance of OpenSSL's configuration class.
237
- #
238
- # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
239
- #
240
- # If the optional _filename_ parameter is provided, then it is read in and
241
- # parsed via #parse_config.
242
- #
243
- # This can raise IO exceptions based on the access, or availability of the
244
- # file. A ConfigError exception may be raised depending on the validity of
245
- # the data being configured.
246
- #
247
- def initialize(filename = nil)
248
- @data = {}
249
- if filename
250
- File.open(filename.to_s) do |file|
251
- Config.parse_config(file).each do |section, hash|
252
- self[section] = hash
253
- end
254
- end
255
- end
256
- end
257
-
258
- ##
259
- # Gets the value of _key_ from the given _section_
260
- #
261
- # Given the following configurating file being loaded:
262
- #
263
- # config = OpenSSL::Config.load('foo.cnf')
264
- # #=> #<OpenSSL::Config sections=["default"]>
265
- # puts config.to_s
266
- # #=> [ default ]
267
- # # foo=bar
268
- #
269
- # You can get a specific value from the config if you know the _section_
270
- # and _key_ like so:
271
- #
272
- # config.get_value('default','foo')
273
- # #=> "bar"
274
- #
275
- def get_value(section, key)
276
- if section.nil?
277
- raise TypeError.new('nil not allowed')
278
- end
279
- section = 'default' if section.empty?
280
- get_key_string(section, key)
281
- end
282
-
283
- ##
284
- #
285
- # *Deprecated*
286
- #
287
- # Use #get_value instead
288
- def value(arg1, arg2 = nil) # :nodoc:
289
- warn('Config#value is deprecated; use Config#get_value')
290
- if arg2.nil?
291
- section, key = 'default', arg1
292
- else
293
- section, key = arg1, arg2
294
- end
295
- section ||= 'default'
296
- section = 'default' if section.empty?
297
- get_key_string(section, key)
298
- end
299
-
300
- ##
301
- # Set the target _key_ with a given _value_ under a specific _section_.
302
- #
303
- # Given the following configurating file being loaded:
304
- #
305
- # config = OpenSSL::Config.load('foo.cnf')
306
- # #=> #<OpenSSL::Config sections=["default"]>
307
- # puts config.to_s
308
- # #=> [ default ]
309
- # # foo=bar
310
- #
311
- # You can set the value of _foo_ under the _default_ section to a new
312
- # value:
313
- #
314
- # config.add_value('default', 'foo', 'buzz')
315
- # #=> "buzz"
316
- # puts config.to_s
317
- # #=> [ default ]
318
- # # foo=buzz
319
- #
320
- def add_value(section, key, value)
321
- check_modify
322
- (@data[section] ||= {})[key] = value
323
- end
324
-
325
- ##
326
- # Get a specific _section_ from the current configuration
327
- #
328
- # Given the following configurating file being loaded:
329
- #
330
- # config = OpenSSL::Config.load('foo.cnf')
331
- # #=> #<OpenSSL::Config sections=["default"]>
332
- # puts config.to_s
333
- # #=> [ default ]
334
- # # foo=bar
335
- #
336
- # You can get a hash of the specific section like so:
337
- #
338
- # config['default']
339
- # #=> {"foo"=>"bar"}
340
- #
341
- def [](section)
342
- @data[section] || {}
343
- end
344
-
345
- ##
346
- # Deprecated
347
- #
348
- # Use #[] instead
349
- def section(name) # :nodoc:
350
- warn('Config#section is deprecated; use Config#[]')
351
- @data[name] || {}
352
- end
353
-
354
- ##
355
- # Sets a specific _section_ name with a Hash _pairs_.
356
- #
357
- # Given the following configuration being created:
358
- #
359
- # config = OpenSSL::Config.new
360
- # #=> #<OpenSSL::Config sections=[]>
361
- # config['default'] = {"foo"=>"bar","baz"=>"buz"}
362
- # #=> {"foo"=>"bar", "baz"=>"buz"}
363
- # puts config.to_s
364
- # #=> [ default ]
365
- # # foo=bar
366
- # # baz=buz
367
- #
368
- # It's important to note that this will essentially merge any of the keys
369
- # in _pairs_ with the existing _section_. For example:
370
- #
371
- # config['default']
372
- # #=> {"foo"=>"bar", "baz"=>"buz"}
373
- # config['default'] = {"foo" => "changed"}
374
- # #=> {"foo"=>"changed"}
375
- # config['default']
376
- # #=> {"foo"=>"changed", "baz"=>"buz"}
377
- #
378
- def []=(section, pairs)
379
- check_modify
380
- @data[section] ||= {}
381
- pairs.each do |key, value|
382
- self.add_value(section, key, value)
383
- end
384
- end
385
-
386
- ##
387
- # Get the names of all sections in the current configuration
388
- def sections
389
- @data.keys
390
- end
391
-
392
- ##
393
- # Get the parsable form of the current configuration
394
- #
395
- # Given the following configuration being created:
396
- #
397
- # config = OpenSSL::Config.new
398
- # #=> #<OpenSSL::Config sections=[]>
399
- # config['default'] = {"foo"=>"bar","baz"=>"buz"}
400
- # #=> {"foo"=>"bar", "baz"=>"buz"}
401
- # puts config.to_s
402
- # #=> [ default ]
403
- # # foo=bar
404
- # # baz=buz
405
- #
406
- # You can parse get the serialized configuration using #to_s and then parse
407
- # it later:
408
- #
409
- # serialized_config = config.to_s
410
- # # much later...
411
- # new_config = OpenSSL::Config.parse(serialized_config)
412
- # #=> #<OpenSSL::Config sections=["default"]>
413
- # puts new_config
414
- # #=> [ default ]
415
- # foo=bar
416
- # baz=buz
417
- #
418
- def to_s
419
- ary = []
420
- @data.keys.sort.each do |section|
421
- ary << "[ #{section} ]\n"
422
- @data[section].keys.each do |key|
423
- ary << "#{key}=#{@data[section][key]}\n"
424
- end
425
- ary << "\n"
426
- end
427
- ary.join
428
- end
429
-
430
- ##
431
- # For a block.
432
- #
433
- # Receive the section and its pairs for the current configuration.
434
- #
435
- # config.each do |section, key, value|
436
- # # ...
437
- # end
438
- #
439
- def each
440
- @data.each do |section, hash|
441
- hash.each do |key, value|
442
- yield [section, key, value]
443
- end
444
- end
445
- end
446
-
447
- ##
448
- # String representation of this configuration object, including the class
449
- # name and its sections.
450
- def inspect
451
- "#<#{self.class.name} sections=#{sections.inspect}>"
452
- end
453
-
454
- protected
455
-
456
- def data # :nodoc:
457
- @data
458
- end
459
-
460
- private
461
-
462
- def initialize_copy(other)
463
- @data = other.data.dup
464
- end
465
-
466
- def check_modify
467
- raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
468
- end
469
-
470
- def get_key_string(section, key)
471
- Config.get_key_string(@data, section, key)
472
- end
473
- end
474
- end