RubyGems - openssl - Versions diffs - 2.1.0 → 3.2.0 - Mend

openssl 2.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

checksums.yaml +4 -4
data/CONTRIBUTING.md +35 -45
data/History.md +426 -0
data/README.md +38 -21
data/ext/openssl/extconf.rb +132 -72
data/ext/openssl/openssl_missing.c +0 -66
data/ext/openssl/openssl_missing.h +62 -46
data/ext/openssl/ossl.c +177 -252
data/ext/openssl/ossl.h +39 -17
data/ext/openssl/ossl_asn1.c +53 -14
data/ext/openssl/ossl_bn.c +288 -146
data/ext/openssl/ossl_bn.h +2 -1
data/ext/openssl/ossl_cipher.c +42 -32
data/ext/openssl/ossl_config.c +412 -41
data/ext/openssl/ossl_config.h +4 -7
data/ext/openssl/ossl_digest.c +32 -63
data/ext/openssl/ossl_engine.c +19 -28
data/ext/openssl/ossl_hmac.c +61 -146
data/ext/openssl/ossl_kdf.c +15 -23
data/ext/openssl/ossl_ns_spki.c +2 -2
data/ext/openssl/ossl_ocsp.c +17 -70
data/ext/openssl/ossl_ocsp.h +3 -3
data/ext/openssl/ossl_pkcs12.c +23 -4
data/ext/openssl/ossl_pkcs7.c +49 -81
data/ext/openssl/ossl_pkcs7.h +16 -0
data/ext/openssl/ossl_pkey.c +1508 -195
data/ext/openssl/ossl_pkey.h +41 -78
data/ext/openssl/ossl_pkey_dh.c +153 -348
data/ext/openssl/ossl_pkey_dsa.c +157 -413
data/ext/openssl/ossl_pkey_ec.c +257 -343
data/ext/openssl/ossl_pkey_rsa.c +166 -490
data/ext/openssl/ossl_provider.c +211 -0
data/ext/openssl/ossl_provider.h +5 -0
data/ext/openssl/ossl_rand.c +2 -40
data/ext/openssl/ossl_ssl.c +666 -456
data/ext/openssl/ossl_ssl_session.c +29 -30
data/ext/openssl/ossl_ts.c +1539 -0
data/ext/openssl/ossl_ts.h +16 -0
data/ext/openssl/ossl_x509.c +86 -1
data/ext/openssl/ossl_x509attr.c +1 -1
data/ext/openssl/ossl_x509cert.c +170 -14
data/ext/openssl/ossl_x509crl.c +14 -11
data/ext/openssl/ossl_x509ext.c +29 -9
data/ext/openssl/ossl_x509name.c +24 -12
data/ext/openssl/ossl_x509req.c +14 -11
data/ext/openssl/ossl_x509revoked.c +4 -4
data/ext/openssl/ossl_x509store.c +205 -96
data/lib/openssl/bn.rb +1 -1
data/lib/openssl/buffering.rb +42 -20
data/lib/openssl/cipher.rb +1 -1
data/lib/openssl/digest.rb +10 -16
data/lib/openssl/hmac.rb +78 -0
data/lib/openssl/marshal.rb +30 -0
data/lib/openssl/pkcs5.rb +1 -1
data/lib/openssl/pkey.rb +447 -1
data/lib/openssl/ssl.rb +68 -24
data/lib/openssl/version.rb +5 -0
data/lib/openssl/x509.rb +177 -1
data/lib/openssl.rb +24 -9
metadata +18 -71
data/ext/openssl/deprecation.rb +0 -23
data/ext/openssl/ossl_version.h +0 -15
data/ext/openssl/ruby_missing.h +0 -24
data/lib/openssl/config.rb +0 -474

data/ext/openssl/ossl.h CHANGED Viewed

@@ -13,25 +13,24 @@
 #include RUBY_EXTCONF_H
 #include <assert.h>
-#include <errno.h>
 #include <ruby.h>
+#include <errno.h>
 #include <ruby/io.h>
 #include <ruby/thread.h>
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
 #include <openssl/ssl.h>
 #include <openssl/pkcs12.h>
 #include <openssl/pkcs7.h>
-#include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include <openssl/crypto.h>
-#if !defined(OPENSSL_NO_ENGINE)
-#  include <openssl/engine.h>
+#ifndef OPENSSL_NO_TS
+  #include <openssl/ts.h>
 #endif
+#include <openssl/crypto.h>
 #if !defined(OPENSSL_NO_OCSP)
 #  include <openssl/ocsp.h>
 #endif
@@ -41,6 +40,32 @@
 #include <openssl/evp.h>
 #include <openssl/dh.h>
+#ifndef LIBRESSL_VERSION_NUMBER
+# define OSSL_IS_LIBRESSL 0
+# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
+      (OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
+#else
+# define OSSL_IS_LIBRESSL 1
+# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
+      (LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
+#endif
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_3_const const
+#else
+# define OSSL_3_const /* const */
+#endif
+#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_USE_ENGINE
+#endif
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_USE_PROVIDER
+#endif
 /*
  * Common Module
  */
@@ -86,9 +111,8 @@ VALUE ossl_buf2str(char *buf, int len);
 VALUE ossl_str_new(const char *, long, int *);
 #define ossl_str_adjust(str, p) \
 do{\
-    long len = RSTRING_LEN(str);\
     long newlen = (long)((p) - (unsigned char*)RSTRING_PTR(str));\
-    assert(newlen <= len);\
+    assert(newlen <= RSTRING_LEN(str));\
     rb_str_set_len((str), newlen);\
 }while(0)
 /*
@@ -120,7 +144,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
 /*
  * ERRor messages
  */
-NORETURN(void ossl_raise(VALUE, const char *, ...));
+PRINTF_ARGS(NORETURN(void ossl_raise(VALUE, const char *, ...)), 2, 3);
+/* Make exception instance from str and OpenSSL error reason string. */
+VALUE ossl_make_error(VALUE exc, VALUE str);
 /* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
 void ossl_clear_error(void);
@@ -135,7 +161,6 @@ VALUE ossl_to_der_if_possible(VALUE);
  */
 extern VALUE dOSSL;
-#if defined(HAVE_VA_ARGS_MACRO)
 #define OSSL_Debug(...) do { \
   if (dOSSL == Qtrue) { \
     fprintf(stderr, "OSSL_DEBUG: "); \
@@ -144,16 +169,10 @@ extern VALUE dOSSL;
   } \
 } while (0)
-#else
-void ossl_debug(const char *, ...);
-#define OSSL_Debug ossl_debug
-#endif
 /*
  * Include all parts
  */
 #include "openssl_missing.h"
-#include "ruby_missing.h"
 #include "ossl_asn1.h"
 #include "ossl_bio.h"
 #include "ossl_bn.h"
@@ -168,9 +187,12 @@ void ossl_debug(const char *, ...);
 #include "ossl_pkey.h"
 #include "ossl_rand.h"
 #include "ossl_ssl.h"
-#include "ossl_version.h"
+#ifndef OPENSSL_NO_TS
+  #include "ossl_ts.h"
+#endif
 #include "ossl_x509.h"
 #include "ossl_engine.h"
+#include "ossl_provider.h"
 #include "ossl_kdf.h"
 void Init_openssl(void);

data/ext/openssl/ossl_asn1.c CHANGED Viewed

@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
     return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
 }
+static VALUE
+asn1time_to_time_i(VALUE arg)
+{
+    return asn1time_to_time((ASN1_TIME *)arg);
+}
 void
 ossl_time_split(VALUE time, time_t *sec, int *days)
 {
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
     return ai;
 }
+static VALUE
+asn1integer_to_num_i(VALUE arg)
+{
+    return asn1integer_to_num((ASN1_INTEGER *)arg);
+}
 /********/
 /*
  * ASN1 module
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
     p = der;
     if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
 	ossl_raise(eASN1Error, NULL);
-    ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
+    ret = rb_protect(asn1integer_to_num_i,
 		     (VALUE)ai, &status);
     ASN1_INTEGER_free(ai);
     if(status) rb_jump_tag(status);
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
     p = der;
     if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
 	ossl_raise(eASN1Error, NULL);
-    ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
+    ret = rb_protect(asn1integer_to_num_i,
 		     (VALUE)ai, &status);
     ASN1_ENUMERATED_free(ai);
     if(status) rb_jump_tag(status);
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
     p = der;
     if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
 	ossl_raise(eASN1Error, NULL);
-    ret = rb_protect((VALUE (*)(VALUE))asn1time_to_time,
+    ret = rb_protect(asn1time_to_time_i,
 		     (VALUE)time, &status);
     ASN1_TIME_free(time);
     if(status) rb_jump_tag(status);
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
     ASN1_TYPE *ret;
     VALUE value, rflag;
     void *ptr;
-    void (*free_func)();
+    typedef void free_func_type(void *);
+    free_func_type *free_func;
     int tag;
     tag = ossl_asn1_default_tag(obj);
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
     case V_ASN1_INTEGER:         /* FALLTHROUGH */
     case V_ASN1_ENUMERATED:
 	ptr = obj_to_asn1int(value);
-	free_func = ASN1_INTEGER_free;
+	free_func = (free_func_type *)ASN1_INTEGER_free;
 	break;
     case V_ASN1_BIT_STRING:
         rflag = rb_attr_get(obj, sivUNUSED_BITS);
 	ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
-	free_func = ASN1_BIT_STRING_free;
+	free_func = (free_func_type *)ASN1_BIT_STRING_free;
 	break;
     case V_ASN1_NULL:
 	ptr = obj_to_asn1null(value);
-	free_func = ASN1_NULL_free;
+	free_func = (free_func_type *)ASN1_NULL_free;
 	break;
     case V_ASN1_OCTET_STRING:    /* FALLTHROUGH */
     case V_ASN1_UTF8STRING:      /* FALLTHROUGH */
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
     case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
     case V_ASN1_BMPSTRING:
 	ptr = obj_to_asn1str(value);
-	free_func = ASN1_STRING_free;
+	free_func = (free_func_type *)ASN1_STRING_free;
 	break;
     case V_ASN1_OBJECT:
 	ptr = obj_to_asn1obj(value);
-	free_func = ASN1_OBJECT_free;
+	free_func = (free_func_type *)ASN1_OBJECT_free;
 	break;
     case V_ASN1_UTCTIME:
 	ptr = obj_to_asn1utime(value);
-	free_func = ASN1_TIME_free;
+	free_func = (free_func_type *)ASN1_TIME_free;
 	break;
     case V_ASN1_GENERALIZEDTIME:
 	ptr = obj_to_asn1gtime(value);
-	free_func = ASN1_TIME_free;
+	free_func = (free_func_type *)ASN1_TIME_free;
 	break;
     case V_ASN1_SET:             /* FALLTHROUGH */
     case V_ASN1_SEQUENCE:
 	ptr = obj_to_asn1derstr(obj);
-	free_func = ASN1_STRING_free;
+	free_func = (free_func_type *)ASN1_STRING_free;
 	break;
     default:
 	ossl_raise(eASN1Error, "unsupported ASN.1 type");
@@ -1285,6 +1298,30 @@ ossl_asn1obj_get_ln(VALUE self)
     return ret;
 }
+/*
+ *  call-seq:
+ *     oid == other_oid => true or false
+ *
+ *  Returns +true+ if _other_oid_ is the same as _oid_
+ */
+static VALUE
+ossl_asn1obj_eq(VALUE self, VALUE other)
+{
+    VALUE valSelf, valOther;
+    int nidSelf, nidOther;
+    valSelf = ossl_asn1_get_value(self);
+    valOther = ossl_asn1_get_value(other);
+    if ((nidSelf = OBJ_txt2nid(StringValueCStr(valSelf))) == NID_undef)
+	ossl_raise(eASN1Error, "OBJ_txt2nid");
+    if ((nidOther = OBJ_txt2nid(StringValueCStr(valOther))) == NID_undef)
+	ossl_raise(eASN1Error, "OBJ_txt2nid");
+    return nidSelf == nidOther ? Qtrue : Qfalse;
+}
 static VALUE
 asn1obj_get_oid_i(VALUE vobj)
 {
@@ -1360,6 +1397,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
 void
 Init_ossl_asn1(void)
 {
+#undef rb_intern
     VALUE ary;
     int i;
@@ -1485,7 +1523,7 @@ Init_ossl_asn1(void)
      *
      * An Array that stores the name of a given tag number. These names are
      * the same as the name of the tag constant that is additionally defined,
-     * e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2.
+     * e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
      *
      * == Example usage
      *
@@ -1817,12 +1855,14 @@ do{\
     rb_define_method(cASN1ObjectId, "oid", ossl_asn1obj_get_oid, 0);
     rb_define_alias(cASN1ObjectId, "short_name", "sn");
     rb_define_alias(cASN1ObjectId, "long_name", "ln");
+    rb_define_method(cASN1ObjectId, "==", ossl_asn1obj_eq, 1);
     rb_attr(cASN1BitString, rb_intern("unused_bits"), 1, 1, 0);
     rb_define_method(cASN1EndOfContent, "initialize", ossl_asn1eoc_initialize, 0);
     rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
     class_tag_map = rb_hash_new();
+    rb_gc_register_mark_object(class_tag_map);
     rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
     rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
     rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
@@ -1846,7 +1886,6 @@ do{\
     rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
     rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
     rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
-    rb_global_variable(&class_tag_map);
     id_each = rb_intern_const("each");
 }