openssl 2.1.0 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +35 -45
- data/History.md +426 -0
- data/README.md +38 -21
- data/ext/openssl/extconf.rb +132 -72
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +62 -46
- data/ext/openssl/ossl.c +177 -252
- data/ext/openssl/ossl.h +39 -17
- data/ext/openssl/ossl_asn1.c +53 -14
- data/ext/openssl/ossl_bn.c +288 -146
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +42 -32
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +32 -63
- data/ext/openssl/ossl_engine.c +19 -28
- data/ext/openssl/ossl_hmac.c +61 -146
- data/ext/openssl/ossl_kdf.c +15 -23
- data/ext/openssl/ossl_ns_spki.c +2 -2
- data/ext/openssl/ossl_ocsp.c +17 -70
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs12.c +23 -4
- data/ext/openssl/ossl_pkcs7.c +49 -81
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +1508 -195
- data/ext/openssl/ossl_pkey.h +41 -78
- data/ext/openssl/ossl_pkey_dh.c +153 -348
- data/ext/openssl/ossl_pkey_dsa.c +157 -413
- data/ext/openssl/ossl_pkey_ec.c +257 -343
- data/ext/openssl/ossl_pkey_rsa.c +166 -490
- data/ext/openssl/ossl_provider.c +211 -0
- data/ext/openssl/ossl_provider.h +5 -0
- data/ext/openssl/ossl_rand.c +2 -40
- data/ext/openssl/ossl_ssl.c +666 -456
- data/ext/openssl/ossl_ssl_session.c +29 -30
- data/ext/openssl/ossl_ts.c +1539 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509.c +86 -1
- data/ext/openssl/ossl_x509attr.c +1 -1
- data/ext/openssl/ossl_x509cert.c +170 -14
- data/ext/openssl/ossl_x509crl.c +14 -11
- data/ext/openssl/ossl_x509ext.c +29 -9
- data/ext/openssl/ossl_x509name.c +24 -12
- data/ext/openssl/ossl_x509req.c +14 -11
- data/ext/openssl/ossl_x509revoked.c +4 -4
- data/ext/openssl/ossl_x509store.c +205 -96
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +42 -20
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/digest.rb +10 -16
- data/lib/openssl/hmac.rb +78 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +447 -1
- data/lib/openssl/ssl.rb +68 -24
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +177 -1
- data/lib/openssl.rb +24 -9
- metadata +18 -71
- data/ext/openssl/deprecation.rb +0 -23
- data/ext/openssl/ossl_version.h +0 -15
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -474
data/lib/openssl/config.rb
DELETED
@@ -1,474 +0,0 @@
|
|
1
|
-
# frozen_string_literal: false
|
2
|
-
=begin
|
3
|
-
= Ruby-space definitions that completes C-space funcs for Config
|
4
|
-
|
5
|
-
= Info
|
6
|
-
Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
|
7
|
-
|
8
|
-
= Licence
|
9
|
-
This program is licensed under the same licence as Ruby.
|
10
|
-
(See the file 'LICENCE'.)
|
11
|
-
|
12
|
-
=end
|
13
|
-
|
14
|
-
require 'stringio'
|
15
|
-
|
16
|
-
module OpenSSL
|
17
|
-
##
|
18
|
-
# = OpenSSL::Config
|
19
|
-
#
|
20
|
-
# Configuration for the openssl library.
|
21
|
-
#
|
22
|
-
# Many system's installation of openssl library will depend on your system
|
23
|
-
# configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
|
24
|
-
# the location of the file for your host.
|
25
|
-
#
|
26
|
-
# See also http://www.openssl.org/docs/apps/config.html
|
27
|
-
class Config
|
28
|
-
include Enumerable
|
29
|
-
|
30
|
-
class << self
|
31
|
-
|
32
|
-
##
|
33
|
-
# Parses a given _string_ as a blob that contains configuration for
|
34
|
-
# OpenSSL.
|
35
|
-
#
|
36
|
-
# If the source of the IO is a file, then consider using #parse_config.
|
37
|
-
def parse(string)
|
38
|
-
c = new()
|
39
|
-
parse_config(StringIO.new(string)).each do |section, hash|
|
40
|
-
c[section] = hash
|
41
|
-
end
|
42
|
-
c
|
43
|
-
end
|
44
|
-
|
45
|
-
##
|
46
|
-
# load is an alias to ::new
|
47
|
-
alias load new
|
48
|
-
|
49
|
-
##
|
50
|
-
# Parses the configuration data read from _io_, see also #parse.
|
51
|
-
#
|
52
|
-
# Raises a ConfigError on invalid configuration data.
|
53
|
-
def parse_config(io)
|
54
|
-
begin
|
55
|
-
parse_config_lines(io)
|
56
|
-
rescue ConfigError => e
|
57
|
-
e.message.replace("error in line #{io.lineno}: " + e.message)
|
58
|
-
raise
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
def get_key_string(data, section, key) # :nodoc:
|
63
|
-
if v = data[section] && data[section][key]
|
64
|
-
return v
|
65
|
-
elsif section == 'ENV'
|
66
|
-
if v = ENV[key]
|
67
|
-
return v
|
68
|
-
end
|
69
|
-
end
|
70
|
-
if v = data['default'] && data['default'][key]
|
71
|
-
return v
|
72
|
-
end
|
73
|
-
end
|
74
|
-
|
75
|
-
private
|
76
|
-
|
77
|
-
def parse_config_lines(io)
|
78
|
-
section = 'default'
|
79
|
-
data = {section => {}}
|
80
|
-
while definition = get_definition(io)
|
81
|
-
definition = clear_comments(definition)
|
82
|
-
next if definition.empty?
|
83
|
-
if definition[0] == ?[
|
84
|
-
if /\[([^\]]*)\]/ =~ definition
|
85
|
-
section = $1.strip
|
86
|
-
data[section] ||= {}
|
87
|
-
else
|
88
|
-
raise ConfigError, "missing close square bracket"
|
89
|
-
end
|
90
|
-
else
|
91
|
-
if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
|
92
|
-
if $2
|
93
|
-
section = $1
|
94
|
-
key = $2
|
95
|
-
else
|
96
|
-
key = $1
|
97
|
-
end
|
98
|
-
value = unescape_value(data, section, $3)
|
99
|
-
(data[section] ||= {})[key] = value.strip
|
100
|
-
else
|
101
|
-
raise ConfigError, "missing equal sign"
|
102
|
-
end
|
103
|
-
end
|
104
|
-
end
|
105
|
-
data
|
106
|
-
end
|
107
|
-
|
108
|
-
# escape with backslash
|
109
|
-
QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
|
110
|
-
# escape with backslash and doubled dq
|
111
|
-
QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
|
112
|
-
# escaped char map
|
113
|
-
ESCAPE_MAP = {
|
114
|
-
"r" => "\r",
|
115
|
-
"n" => "\n",
|
116
|
-
"b" => "\b",
|
117
|
-
"t" => "\t",
|
118
|
-
}
|
119
|
-
|
120
|
-
def unescape_value(data, section, value)
|
121
|
-
scanned = []
|
122
|
-
while m = value.match(/['"\\$]/)
|
123
|
-
scanned << m.pre_match
|
124
|
-
c = m[0]
|
125
|
-
value = m.post_match
|
126
|
-
case c
|
127
|
-
when "'"
|
128
|
-
if m = value.match(QUOTE_REGEXP_SQ)
|
129
|
-
scanned << m[1].gsub(/\\(.)/, '\\1')
|
130
|
-
value = m.post_match
|
131
|
-
else
|
132
|
-
break
|
133
|
-
end
|
134
|
-
when '"'
|
135
|
-
if m = value.match(QUOTE_REGEXP_DQ)
|
136
|
-
scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
|
137
|
-
value = m.post_match
|
138
|
-
else
|
139
|
-
break
|
140
|
-
end
|
141
|
-
when "\\"
|
142
|
-
c = value.slice!(0, 1)
|
143
|
-
scanned << (ESCAPE_MAP[c] || c)
|
144
|
-
when "$"
|
145
|
-
ref, value = extract_reference(value)
|
146
|
-
refsec = section
|
147
|
-
if ref.index('::')
|
148
|
-
refsec, ref = ref.split('::', 2)
|
149
|
-
end
|
150
|
-
if v = get_key_string(data, refsec, ref)
|
151
|
-
scanned << v
|
152
|
-
else
|
153
|
-
raise ConfigError, "variable has no value"
|
154
|
-
end
|
155
|
-
else
|
156
|
-
raise 'must not reaced'
|
157
|
-
end
|
158
|
-
end
|
159
|
-
scanned << value
|
160
|
-
scanned.join
|
161
|
-
end
|
162
|
-
|
163
|
-
def extract_reference(value)
|
164
|
-
rest = ''
|
165
|
-
if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
|
166
|
-
value = m[1] || m[2]
|
167
|
-
rest = m.post_match
|
168
|
-
elsif [?(, ?{].include?(value[0])
|
169
|
-
raise ConfigError, "no close brace"
|
170
|
-
end
|
171
|
-
if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
|
172
|
-
return m[0], m.post_match + rest
|
173
|
-
else
|
174
|
-
raise
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
def clear_comments(line)
|
179
|
-
# FCOMMENT
|
180
|
-
if m = line.match(/\A([\t\n\f ]*);.*\z/)
|
181
|
-
return m[1]
|
182
|
-
end
|
183
|
-
# COMMENT
|
184
|
-
scanned = []
|
185
|
-
while m = line.match(/[#'"\\]/)
|
186
|
-
scanned << m.pre_match
|
187
|
-
c = m[0]
|
188
|
-
line = m.post_match
|
189
|
-
case c
|
190
|
-
when '#'
|
191
|
-
line = nil
|
192
|
-
break
|
193
|
-
when "'", '"'
|
194
|
-
regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
|
195
|
-
scanned << c
|
196
|
-
if m = line.match(regexp)
|
197
|
-
scanned << m[0]
|
198
|
-
line = m.post_match
|
199
|
-
else
|
200
|
-
scanned << line
|
201
|
-
line = nil
|
202
|
-
break
|
203
|
-
end
|
204
|
-
when "\\"
|
205
|
-
scanned << c
|
206
|
-
scanned << line.slice!(0, 1)
|
207
|
-
else
|
208
|
-
raise 'must not reaced'
|
209
|
-
end
|
210
|
-
end
|
211
|
-
scanned << line
|
212
|
-
scanned.join
|
213
|
-
end
|
214
|
-
|
215
|
-
def get_definition(io)
|
216
|
-
if line = get_line(io)
|
217
|
-
while /[^\\]\\\z/ =~ line
|
218
|
-
if extra = get_line(io)
|
219
|
-
line += extra
|
220
|
-
else
|
221
|
-
break
|
222
|
-
end
|
223
|
-
end
|
224
|
-
return line.strip
|
225
|
-
end
|
226
|
-
end
|
227
|
-
|
228
|
-
def get_line(io)
|
229
|
-
if line = io.gets
|
230
|
-
line.gsub(/[\r\n]*/, '')
|
231
|
-
end
|
232
|
-
end
|
233
|
-
end
|
234
|
-
|
235
|
-
##
|
236
|
-
# Creates an instance of OpenSSL's configuration class.
|
237
|
-
#
|
238
|
-
# This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
|
239
|
-
#
|
240
|
-
# If the optional _filename_ parameter is provided, then it is read in and
|
241
|
-
# parsed via #parse_config.
|
242
|
-
#
|
243
|
-
# This can raise IO exceptions based on the access, or availability of the
|
244
|
-
# file. A ConfigError exception may be raised depending on the validity of
|
245
|
-
# the data being configured.
|
246
|
-
#
|
247
|
-
def initialize(filename = nil)
|
248
|
-
@data = {}
|
249
|
-
if filename
|
250
|
-
File.open(filename.to_s) do |file|
|
251
|
-
Config.parse_config(file).each do |section, hash|
|
252
|
-
self[section] = hash
|
253
|
-
end
|
254
|
-
end
|
255
|
-
end
|
256
|
-
end
|
257
|
-
|
258
|
-
##
|
259
|
-
# Gets the value of _key_ from the given _section_
|
260
|
-
#
|
261
|
-
# Given the following configurating file being loaded:
|
262
|
-
#
|
263
|
-
# config = OpenSSL::Config.load('foo.cnf')
|
264
|
-
# #=> #<OpenSSL::Config sections=["default"]>
|
265
|
-
# puts config.to_s
|
266
|
-
# #=> [ default ]
|
267
|
-
# # foo=bar
|
268
|
-
#
|
269
|
-
# You can get a specific value from the config if you know the _section_
|
270
|
-
# and _key_ like so:
|
271
|
-
#
|
272
|
-
# config.get_value('default','foo')
|
273
|
-
# #=> "bar"
|
274
|
-
#
|
275
|
-
def get_value(section, key)
|
276
|
-
if section.nil?
|
277
|
-
raise TypeError.new('nil not allowed')
|
278
|
-
end
|
279
|
-
section = 'default' if section.empty?
|
280
|
-
get_key_string(section, key)
|
281
|
-
end
|
282
|
-
|
283
|
-
##
|
284
|
-
#
|
285
|
-
# *Deprecated*
|
286
|
-
#
|
287
|
-
# Use #get_value instead
|
288
|
-
def value(arg1, arg2 = nil) # :nodoc:
|
289
|
-
warn('Config#value is deprecated; use Config#get_value')
|
290
|
-
if arg2.nil?
|
291
|
-
section, key = 'default', arg1
|
292
|
-
else
|
293
|
-
section, key = arg1, arg2
|
294
|
-
end
|
295
|
-
section ||= 'default'
|
296
|
-
section = 'default' if section.empty?
|
297
|
-
get_key_string(section, key)
|
298
|
-
end
|
299
|
-
|
300
|
-
##
|
301
|
-
# Set the target _key_ with a given _value_ under a specific _section_.
|
302
|
-
#
|
303
|
-
# Given the following configurating file being loaded:
|
304
|
-
#
|
305
|
-
# config = OpenSSL::Config.load('foo.cnf')
|
306
|
-
# #=> #<OpenSSL::Config sections=["default"]>
|
307
|
-
# puts config.to_s
|
308
|
-
# #=> [ default ]
|
309
|
-
# # foo=bar
|
310
|
-
#
|
311
|
-
# You can set the value of _foo_ under the _default_ section to a new
|
312
|
-
# value:
|
313
|
-
#
|
314
|
-
# config.add_value('default', 'foo', 'buzz')
|
315
|
-
# #=> "buzz"
|
316
|
-
# puts config.to_s
|
317
|
-
# #=> [ default ]
|
318
|
-
# # foo=buzz
|
319
|
-
#
|
320
|
-
def add_value(section, key, value)
|
321
|
-
check_modify
|
322
|
-
(@data[section] ||= {})[key] = value
|
323
|
-
end
|
324
|
-
|
325
|
-
##
|
326
|
-
# Get a specific _section_ from the current configuration
|
327
|
-
#
|
328
|
-
# Given the following configurating file being loaded:
|
329
|
-
#
|
330
|
-
# config = OpenSSL::Config.load('foo.cnf')
|
331
|
-
# #=> #<OpenSSL::Config sections=["default"]>
|
332
|
-
# puts config.to_s
|
333
|
-
# #=> [ default ]
|
334
|
-
# # foo=bar
|
335
|
-
#
|
336
|
-
# You can get a hash of the specific section like so:
|
337
|
-
#
|
338
|
-
# config['default']
|
339
|
-
# #=> {"foo"=>"bar"}
|
340
|
-
#
|
341
|
-
def [](section)
|
342
|
-
@data[section] || {}
|
343
|
-
end
|
344
|
-
|
345
|
-
##
|
346
|
-
# Deprecated
|
347
|
-
#
|
348
|
-
# Use #[] instead
|
349
|
-
def section(name) # :nodoc:
|
350
|
-
warn('Config#section is deprecated; use Config#[]')
|
351
|
-
@data[name] || {}
|
352
|
-
end
|
353
|
-
|
354
|
-
##
|
355
|
-
# Sets a specific _section_ name with a Hash _pairs_.
|
356
|
-
#
|
357
|
-
# Given the following configuration being created:
|
358
|
-
#
|
359
|
-
# config = OpenSSL::Config.new
|
360
|
-
# #=> #<OpenSSL::Config sections=[]>
|
361
|
-
# config['default'] = {"foo"=>"bar","baz"=>"buz"}
|
362
|
-
# #=> {"foo"=>"bar", "baz"=>"buz"}
|
363
|
-
# puts config.to_s
|
364
|
-
# #=> [ default ]
|
365
|
-
# # foo=bar
|
366
|
-
# # baz=buz
|
367
|
-
#
|
368
|
-
# It's important to note that this will essentially merge any of the keys
|
369
|
-
# in _pairs_ with the existing _section_. For example:
|
370
|
-
#
|
371
|
-
# config['default']
|
372
|
-
# #=> {"foo"=>"bar", "baz"=>"buz"}
|
373
|
-
# config['default'] = {"foo" => "changed"}
|
374
|
-
# #=> {"foo"=>"changed"}
|
375
|
-
# config['default']
|
376
|
-
# #=> {"foo"=>"changed", "baz"=>"buz"}
|
377
|
-
#
|
378
|
-
def []=(section, pairs)
|
379
|
-
check_modify
|
380
|
-
@data[section] ||= {}
|
381
|
-
pairs.each do |key, value|
|
382
|
-
self.add_value(section, key, value)
|
383
|
-
end
|
384
|
-
end
|
385
|
-
|
386
|
-
##
|
387
|
-
# Get the names of all sections in the current configuration
|
388
|
-
def sections
|
389
|
-
@data.keys
|
390
|
-
end
|
391
|
-
|
392
|
-
##
|
393
|
-
# Get the parsable form of the current configuration
|
394
|
-
#
|
395
|
-
# Given the following configuration being created:
|
396
|
-
#
|
397
|
-
# config = OpenSSL::Config.new
|
398
|
-
# #=> #<OpenSSL::Config sections=[]>
|
399
|
-
# config['default'] = {"foo"=>"bar","baz"=>"buz"}
|
400
|
-
# #=> {"foo"=>"bar", "baz"=>"buz"}
|
401
|
-
# puts config.to_s
|
402
|
-
# #=> [ default ]
|
403
|
-
# # foo=bar
|
404
|
-
# # baz=buz
|
405
|
-
#
|
406
|
-
# You can parse get the serialized configuration using #to_s and then parse
|
407
|
-
# it later:
|
408
|
-
#
|
409
|
-
# serialized_config = config.to_s
|
410
|
-
# # much later...
|
411
|
-
# new_config = OpenSSL::Config.parse(serialized_config)
|
412
|
-
# #=> #<OpenSSL::Config sections=["default"]>
|
413
|
-
# puts new_config
|
414
|
-
# #=> [ default ]
|
415
|
-
# foo=bar
|
416
|
-
# baz=buz
|
417
|
-
#
|
418
|
-
def to_s
|
419
|
-
ary = []
|
420
|
-
@data.keys.sort.each do |section|
|
421
|
-
ary << "[ #{section} ]\n"
|
422
|
-
@data[section].keys.each do |key|
|
423
|
-
ary << "#{key}=#{@data[section][key]}\n"
|
424
|
-
end
|
425
|
-
ary << "\n"
|
426
|
-
end
|
427
|
-
ary.join
|
428
|
-
end
|
429
|
-
|
430
|
-
##
|
431
|
-
# For a block.
|
432
|
-
#
|
433
|
-
# Receive the section and its pairs for the current configuration.
|
434
|
-
#
|
435
|
-
# config.each do |section, key, value|
|
436
|
-
# # ...
|
437
|
-
# end
|
438
|
-
#
|
439
|
-
def each
|
440
|
-
@data.each do |section, hash|
|
441
|
-
hash.each do |key, value|
|
442
|
-
yield [section, key, value]
|
443
|
-
end
|
444
|
-
end
|
445
|
-
end
|
446
|
-
|
447
|
-
##
|
448
|
-
# String representation of this configuration object, including the class
|
449
|
-
# name and its sections.
|
450
|
-
def inspect
|
451
|
-
"#<#{self.class.name} sections=#{sections.inspect}>"
|
452
|
-
end
|
453
|
-
|
454
|
-
protected
|
455
|
-
|
456
|
-
def data # :nodoc:
|
457
|
-
@data
|
458
|
-
end
|
459
|
-
|
460
|
-
private
|
461
|
-
|
462
|
-
def initialize_copy(other)
|
463
|
-
@data = other.data.dup
|
464
|
-
end
|
465
|
-
|
466
|
-
def check_modify
|
467
|
-
raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
|
468
|
-
end
|
469
|
-
|
470
|
-
def get_key_string(section, key)
|
471
|
-
Config.get_key_string(@data, section, key)
|
472
|
-
end
|
473
|
-
end
|
474
|
-
end
|