openssl 2.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +35 -45
- data/History.md +426 -0
- data/README.md +38 -21
- data/ext/openssl/extconf.rb +132 -72
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +62 -46
- data/ext/openssl/ossl.c +177 -252
- data/ext/openssl/ossl.h +39 -17
- data/ext/openssl/ossl_asn1.c +53 -14
- data/ext/openssl/ossl_bn.c +288 -146
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +42 -32
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +32 -63
- data/ext/openssl/ossl_engine.c +19 -28
- data/ext/openssl/ossl_hmac.c +61 -146
- data/ext/openssl/ossl_kdf.c +15 -23
- data/ext/openssl/ossl_ns_spki.c +2 -2
- data/ext/openssl/ossl_ocsp.c +17 -70
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs12.c +23 -4
- data/ext/openssl/ossl_pkcs7.c +49 -81
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +1508 -195
- data/ext/openssl/ossl_pkey.h +41 -78
- data/ext/openssl/ossl_pkey_dh.c +153 -348
- data/ext/openssl/ossl_pkey_dsa.c +157 -413
- data/ext/openssl/ossl_pkey_ec.c +257 -343
- data/ext/openssl/ossl_pkey_rsa.c +166 -490
- data/ext/openssl/ossl_provider.c +211 -0
- data/ext/openssl/ossl_provider.h +5 -0
- data/ext/openssl/ossl_rand.c +2 -40
- data/ext/openssl/ossl_ssl.c +666 -456
- data/ext/openssl/ossl_ssl_session.c +29 -30
- data/ext/openssl/ossl_ts.c +1539 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509.c +86 -1
- data/ext/openssl/ossl_x509attr.c +1 -1
- data/ext/openssl/ossl_x509cert.c +170 -14
- data/ext/openssl/ossl_x509crl.c +14 -11
- data/ext/openssl/ossl_x509ext.c +29 -9
- data/ext/openssl/ossl_x509name.c +24 -12
- data/ext/openssl/ossl_x509req.c +14 -11
- data/ext/openssl/ossl_x509revoked.c +4 -4
- data/ext/openssl/ossl_x509store.c +205 -96
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +42 -20
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/digest.rb +10 -16
- data/lib/openssl/hmac.rb +78 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +447 -1
- data/lib/openssl/ssl.rb +68 -24
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +177 -1
- data/lib/openssl.rb +24 -9
- metadata +18 -71
- data/ext/openssl/deprecation.rb +0 -23
- data/ext/openssl/ossl_version.h +0 -15
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -474
data/ext/openssl/ossl.h
CHANGED
@@ -13,25 +13,24 @@
|
|
13
13
|
#include RUBY_EXTCONF_H
|
14
14
|
|
15
15
|
#include <assert.h>
|
16
|
-
#include <errno.h>
|
17
16
|
#include <ruby.h>
|
17
|
+
#include <errno.h>
|
18
18
|
#include <ruby/io.h>
|
19
19
|
#include <ruby/thread.h>
|
20
20
|
#include <openssl/opensslv.h>
|
21
|
+
|
21
22
|
#include <openssl/err.h>
|
22
23
|
#include <openssl/asn1.h>
|
23
24
|
#include <openssl/x509v3.h>
|
24
25
|
#include <openssl/ssl.h>
|
25
26
|
#include <openssl/pkcs12.h>
|
26
27
|
#include <openssl/pkcs7.h>
|
27
|
-
#include <openssl/hmac.h>
|
28
28
|
#include <openssl/rand.h>
|
29
29
|
#include <openssl/conf.h>
|
30
|
-
#
|
31
|
-
#include <openssl/
|
32
|
-
#if !defined(OPENSSL_NO_ENGINE)
|
33
|
-
# include <openssl/engine.h>
|
30
|
+
#ifndef OPENSSL_NO_TS
|
31
|
+
#include <openssl/ts.h>
|
34
32
|
#endif
|
33
|
+
#include <openssl/crypto.h>
|
35
34
|
#if !defined(OPENSSL_NO_OCSP)
|
36
35
|
# include <openssl/ocsp.h>
|
37
36
|
#endif
|
@@ -41,6 +40,32 @@
|
|
41
40
|
#include <openssl/evp.h>
|
42
41
|
#include <openssl/dh.h>
|
43
42
|
|
43
|
+
#ifndef LIBRESSL_VERSION_NUMBER
|
44
|
+
# define OSSL_IS_LIBRESSL 0
|
45
|
+
# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
|
46
|
+
(OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
|
47
|
+
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
|
48
|
+
#else
|
49
|
+
# define OSSL_IS_LIBRESSL 1
|
50
|
+
# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
|
51
|
+
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
|
52
|
+
(LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
|
53
|
+
#endif
|
54
|
+
|
55
|
+
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
|
56
|
+
# define OSSL_3_const const
|
57
|
+
#else
|
58
|
+
# define OSSL_3_const /* const */
|
59
|
+
#endif
|
60
|
+
|
61
|
+
#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
|
62
|
+
# define OSSL_USE_ENGINE
|
63
|
+
#endif
|
64
|
+
|
65
|
+
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
|
66
|
+
# define OSSL_USE_PROVIDER
|
67
|
+
#endif
|
68
|
+
|
44
69
|
/*
|
45
70
|
* Common Module
|
46
71
|
*/
|
@@ -86,9 +111,8 @@ VALUE ossl_buf2str(char *buf, int len);
|
|
86
111
|
VALUE ossl_str_new(const char *, long, int *);
|
87
112
|
#define ossl_str_adjust(str, p) \
|
88
113
|
do{\
|
89
|
-
long len = RSTRING_LEN(str);\
|
90
114
|
long newlen = (long)((p) - (unsigned char*)RSTRING_PTR(str));\
|
91
|
-
assert(newlen <=
|
115
|
+
assert(newlen <= RSTRING_LEN(str));\
|
92
116
|
rb_str_set_len((str), newlen);\
|
93
117
|
}while(0)
|
94
118
|
/*
|
@@ -120,7 +144,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
|
|
120
144
|
/*
|
121
145
|
* ERRor messages
|
122
146
|
*/
|
123
|
-
NORETURN(void ossl_raise(VALUE, const char *, ...));
|
147
|
+
PRINTF_ARGS(NORETURN(void ossl_raise(VALUE, const char *, ...)), 2, 3);
|
148
|
+
/* Make exception instance from str and OpenSSL error reason string. */
|
149
|
+
VALUE ossl_make_error(VALUE exc, VALUE str);
|
124
150
|
/* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
|
125
151
|
void ossl_clear_error(void);
|
126
152
|
|
@@ -135,7 +161,6 @@ VALUE ossl_to_der_if_possible(VALUE);
|
|
135
161
|
*/
|
136
162
|
extern VALUE dOSSL;
|
137
163
|
|
138
|
-
#if defined(HAVE_VA_ARGS_MACRO)
|
139
164
|
#define OSSL_Debug(...) do { \
|
140
165
|
if (dOSSL == Qtrue) { \
|
141
166
|
fprintf(stderr, "OSSL_DEBUG: "); \
|
@@ -144,16 +169,10 @@ extern VALUE dOSSL;
|
|
144
169
|
} \
|
145
170
|
} while (0)
|
146
171
|
|
147
|
-
#else
|
148
|
-
void ossl_debug(const char *, ...);
|
149
|
-
#define OSSL_Debug ossl_debug
|
150
|
-
#endif
|
151
|
-
|
152
172
|
/*
|
153
173
|
* Include all parts
|
154
174
|
*/
|
155
175
|
#include "openssl_missing.h"
|
156
|
-
#include "ruby_missing.h"
|
157
176
|
#include "ossl_asn1.h"
|
158
177
|
#include "ossl_bio.h"
|
159
178
|
#include "ossl_bn.h"
|
@@ -168,9 +187,12 @@ void ossl_debug(const char *, ...);
|
|
168
187
|
#include "ossl_pkey.h"
|
169
188
|
#include "ossl_rand.h"
|
170
189
|
#include "ossl_ssl.h"
|
171
|
-
#
|
190
|
+
#ifndef OPENSSL_NO_TS
|
191
|
+
#include "ossl_ts.h"
|
192
|
+
#endif
|
172
193
|
#include "ossl_x509.h"
|
173
194
|
#include "ossl_engine.h"
|
195
|
+
#include "ossl_provider.h"
|
174
196
|
#include "ossl_kdf.h"
|
175
197
|
|
176
198
|
void Init_openssl(void);
|
data/ext/openssl/ossl_asn1.c
CHANGED
@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
|
|
69
69
|
return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
|
70
70
|
}
|
71
71
|
|
72
|
+
static VALUE
|
73
|
+
asn1time_to_time_i(VALUE arg)
|
74
|
+
{
|
75
|
+
return asn1time_to_time((ASN1_TIME *)arg);
|
76
|
+
}
|
77
|
+
|
72
78
|
void
|
73
79
|
ossl_time_split(VALUE time, time_t *sec, int *days)
|
74
80
|
{
|
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
|
|
136
142
|
return ai;
|
137
143
|
}
|
138
144
|
|
145
|
+
static VALUE
|
146
|
+
asn1integer_to_num_i(VALUE arg)
|
147
|
+
{
|
148
|
+
return asn1integer_to_num((ASN1_INTEGER *)arg);
|
149
|
+
}
|
150
|
+
|
139
151
|
/********/
|
140
152
|
/*
|
141
153
|
* ASN1 module
|
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
|
|
325
337
|
p = der;
|
326
338
|
if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
|
327
339
|
ossl_raise(eASN1Error, NULL);
|
328
|
-
ret = rb_protect(
|
340
|
+
ret = rb_protect(asn1integer_to_num_i,
|
329
341
|
(VALUE)ai, &status);
|
330
342
|
ASN1_INTEGER_free(ai);
|
331
343
|
if(status) rb_jump_tag(status);
|
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
|
|
365
377
|
p = der;
|
366
378
|
if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
|
367
379
|
ossl_raise(eASN1Error, NULL);
|
368
|
-
ret = rb_protect(
|
380
|
+
ret = rb_protect(asn1integer_to_num_i,
|
369
381
|
(VALUE)ai, &status);
|
370
382
|
ASN1_ENUMERATED_free(ai);
|
371
383
|
if(status) rb_jump_tag(status);
|
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
|
|
427
439
|
p = der;
|
428
440
|
if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
|
429
441
|
ossl_raise(eASN1Error, NULL);
|
430
|
-
ret = rb_protect(
|
442
|
+
ret = rb_protect(asn1time_to_time_i,
|
431
443
|
(VALUE)time, &status);
|
432
444
|
ASN1_TIME_free(time);
|
433
445
|
if(status) rb_jump_tag(status);
|
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
497
509
|
ASN1_TYPE *ret;
|
498
510
|
VALUE value, rflag;
|
499
511
|
void *ptr;
|
500
|
-
void (*
|
512
|
+
typedef void free_func_type(void *);
|
513
|
+
free_func_type *free_func;
|
501
514
|
int tag;
|
502
515
|
|
503
516
|
tag = ossl_asn1_default_tag(obj);
|
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
510
523
|
case V_ASN1_INTEGER: /* FALLTHROUGH */
|
511
524
|
case V_ASN1_ENUMERATED:
|
512
525
|
ptr = obj_to_asn1int(value);
|
513
|
-
free_func = ASN1_INTEGER_free;
|
526
|
+
free_func = (free_func_type *)ASN1_INTEGER_free;
|
514
527
|
break;
|
515
528
|
case V_ASN1_BIT_STRING:
|
516
529
|
rflag = rb_attr_get(obj, sivUNUSED_BITS);
|
517
530
|
ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
|
518
|
-
free_func = ASN1_BIT_STRING_free;
|
531
|
+
free_func = (free_func_type *)ASN1_BIT_STRING_free;
|
519
532
|
break;
|
520
533
|
case V_ASN1_NULL:
|
521
534
|
ptr = obj_to_asn1null(value);
|
522
|
-
free_func = ASN1_NULL_free;
|
535
|
+
free_func = (free_func_type *)ASN1_NULL_free;
|
523
536
|
break;
|
524
537
|
case V_ASN1_OCTET_STRING: /* FALLTHROUGH */
|
525
538
|
case V_ASN1_UTF8STRING: /* FALLTHROUGH */
|
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
534
547
|
case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
|
535
548
|
case V_ASN1_BMPSTRING:
|
536
549
|
ptr = obj_to_asn1str(value);
|
537
|
-
free_func = ASN1_STRING_free;
|
550
|
+
free_func = (free_func_type *)ASN1_STRING_free;
|
538
551
|
break;
|
539
552
|
case V_ASN1_OBJECT:
|
540
553
|
ptr = obj_to_asn1obj(value);
|
541
|
-
free_func = ASN1_OBJECT_free;
|
554
|
+
free_func = (free_func_type *)ASN1_OBJECT_free;
|
542
555
|
break;
|
543
556
|
case V_ASN1_UTCTIME:
|
544
557
|
ptr = obj_to_asn1utime(value);
|
545
|
-
free_func = ASN1_TIME_free;
|
558
|
+
free_func = (free_func_type *)ASN1_TIME_free;
|
546
559
|
break;
|
547
560
|
case V_ASN1_GENERALIZEDTIME:
|
548
561
|
ptr = obj_to_asn1gtime(value);
|
549
|
-
free_func = ASN1_TIME_free;
|
562
|
+
free_func = (free_func_type *)ASN1_TIME_free;
|
550
563
|
break;
|
551
564
|
case V_ASN1_SET: /* FALLTHROUGH */
|
552
565
|
case V_ASN1_SEQUENCE:
|
553
566
|
ptr = obj_to_asn1derstr(obj);
|
554
|
-
free_func = ASN1_STRING_free;
|
567
|
+
free_func = (free_func_type *)ASN1_STRING_free;
|
555
568
|
break;
|
556
569
|
default:
|
557
570
|
ossl_raise(eASN1Error, "unsupported ASN.1 type");
|
@@ -1285,6 +1298,30 @@ ossl_asn1obj_get_ln(VALUE self)
|
|
1285
1298
|
return ret;
|
1286
1299
|
}
|
1287
1300
|
|
1301
|
+
/*
|
1302
|
+
* call-seq:
|
1303
|
+
* oid == other_oid => true or false
|
1304
|
+
*
|
1305
|
+
* Returns +true+ if _other_oid_ is the same as _oid_
|
1306
|
+
*/
|
1307
|
+
static VALUE
|
1308
|
+
ossl_asn1obj_eq(VALUE self, VALUE other)
|
1309
|
+
{
|
1310
|
+
VALUE valSelf, valOther;
|
1311
|
+
int nidSelf, nidOther;
|
1312
|
+
|
1313
|
+
valSelf = ossl_asn1_get_value(self);
|
1314
|
+
valOther = ossl_asn1_get_value(other);
|
1315
|
+
|
1316
|
+
if ((nidSelf = OBJ_txt2nid(StringValueCStr(valSelf))) == NID_undef)
|
1317
|
+
ossl_raise(eASN1Error, "OBJ_txt2nid");
|
1318
|
+
|
1319
|
+
if ((nidOther = OBJ_txt2nid(StringValueCStr(valOther))) == NID_undef)
|
1320
|
+
ossl_raise(eASN1Error, "OBJ_txt2nid");
|
1321
|
+
|
1322
|
+
return nidSelf == nidOther ? Qtrue : Qfalse;
|
1323
|
+
}
|
1324
|
+
|
1288
1325
|
static VALUE
|
1289
1326
|
asn1obj_get_oid_i(VALUE vobj)
|
1290
1327
|
{
|
@@ -1360,6 +1397,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
|
|
1360
1397
|
void
|
1361
1398
|
Init_ossl_asn1(void)
|
1362
1399
|
{
|
1400
|
+
#undef rb_intern
|
1363
1401
|
VALUE ary;
|
1364
1402
|
int i;
|
1365
1403
|
|
@@ -1485,7 +1523,7 @@ Init_ossl_asn1(void)
|
|
1485
1523
|
*
|
1486
1524
|
* An Array that stores the name of a given tag number. These names are
|
1487
1525
|
* the same as the name of the tag constant that is additionally defined,
|
1488
|
-
* e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2
|
1526
|
+
* e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
|
1489
1527
|
*
|
1490
1528
|
* == Example usage
|
1491
1529
|
*
|
@@ -1817,12 +1855,14 @@ do{\
|
|
1817
1855
|
rb_define_method(cASN1ObjectId, "oid", ossl_asn1obj_get_oid, 0);
|
1818
1856
|
rb_define_alias(cASN1ObjectId, "short_name", "sn");
|
1819
1857
|
rb_define_alias(cASN1ObjectId, "long_name", "ln");
|
1858
|
+
rb_define_method(cASN1ObjectId, "==", ossl_asn1obj_eq, 1);
|
1820
1859
|
rb_attr(cASN1BitString, rb_intern("unused_bits"), 1, 1, 0);
|
1821
1860
|
|
1822
1861
|
rb_define_method(cASN1EndOfContent, "initialize", ossl_asn1eoc_initialize, 0);
|
1823
1862
|
rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
|
1824
1863
|
|
1825
1864
|
class_tag_map = rb_hash_new();
|
1865
|
+
rb_gc_register_mark_object(class_tag_map);
|
1826
1866
|
rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
|
1827
1867
|
rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
|
1828
1868
|
rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
|
@@ -1846,7 +1886,6 @@ do{\
|
|
1846
1886
|
rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
|
1847
1887
|
rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
|
1848
1888
|
rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
|
1849
|
-
rb_global_variable(&class_tag_map);
|
1850
1889
|
|
1851
1890
|
id_each = rb_intern_const("each");
|
1852
1891
|
}
|