openssl 2.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +426 -0
  4. data/README.md +38 -21
  5. data/ext/openssl/extconf.rb +132 -72
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +62 -46
  8. data/ext/openssl/ossl.c +177 -252
  9. data/ext/openssl/ossl.h +39 -17
  10. data/ext/openssl/ossl_asn1.c +53 -14
  11. data/ext/openssl/ossl_bn.c +288 -146
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +42 -32
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +32 -63
  17. data/ext/openssl/ossl_engine.c +19 -28
  18. data/ext/openssl/ossl_hmac.c +61 -146
  19. data/ext/openssl/ossl_kdf.c +15 -23
  20. data/ext/openssl/ossl_ns_spki.c +2 -2
  21. data/ext/openssl/ossl_ocsp.c +17 -70
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +23 -4
  24. data/ext/openssl/ossl_pkcs7.c +49 -81
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1508 -195
  27. data/ext/openssl/ossl_pkey.h +41 -78
  28. data/ext/openssl/ossl_pkey_dh.c +153 -348
  29. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  30. data/ext/openssl/ossl_pkey_ec.c +257 -343
  31. data/ext/openssl/ossl_pkey_rsa.c +166 -490
  32. data/ext/openssl/ossl_provider.c +211 -0
  33. data/ext/openssl/ossl_provider.h +5 -0
  34. data/ext/openssl/ossl_rand.c +2 -40
  35. data/ext/openssl/ossl_ssl.c +666 -456
  36. data/ext/openssl/ossl_ssl_session.c +29 -30
  37. data/ext/openssl/ossl_ts.c +1539 -0
  38. data/ext/openssl/ossl_ts.h +16 -0
  39. data/ext/openssl/ossl_x509.c +86 -1
  40. data/ext/openssl/ossl_x509attr.c +1 -1
  41. data/ext/openssl/ossl_x509cert.c +170 -14
  42. data/ext/openssl/ossl_x509crl.c +14 -11
  43. data/ext/openssl/ossl_x509ext.c +29 -9
  44. data/ext/openssl/ossl_x509name.c +24 -12
  45. data/ext/openssl/ossl_x509req.c +14 -11
  46. data/ext/openssl/ossl_x509revoked.c +4 -4
  47. data/ext/openssl/ossl_x509store.c +205 -96
  48. data/lib/openssl/bn.rb +1 -1
  49. data/lib/openssl/buffering.rb +42 -20
  50. data/lib/openssl/cipher.rb +1 -1
  51. data/lib/openssl/digest.rb +10 -16
  52. data/lib/openssl/hmac.rb +78 -0
  53. data/lib/openssl/marshal.rb +30 -0
  54. data/lib/openssl/pkcs5.rb +1 -1
  55. data/lib/openssl/pkey.rb +447 -1
  56. data/lib/openssl/ssl.rb +68 -24
  57. data/lib/openssl/version.rb +5 -0
  58. data/lib/openssl/x509.rb +177 -1
  59. data/lib/openssl.rb +24 -9
  60. metadata +18 -71
  61. data/ext/openssl/deprecation.rb +0 -23
  62. data/ext/openssl/ossl_version.h +0 -15
  63. data/ext/openssl/ruby_missing.h +0 -24
  64. data/lib/openssl/config.rb +0 -474
data/ext/openssl/ossl.h CHANGED
@@ -13,25 +13,24 @@
13
13
  #include RUBY_EXTCONF_H
14
14
 
15
15
  #include <assert.h>
16
- #include <errno.h>
17
16
  #include <ruby.h>
17
+ #include <errno.h>
18
18
  #include <ruby/io.h>
19
19
  #include <ruby/thread.h>
20
20
  #include <openssl/opensslv.h>
21
+
21
22
  #include <openssl/err.h>
22
23
  #include <openssl/asn1.h>
23
24
  #include <openssl/x509v3.h>
24
25
  #include <openssl/ssl.h>
25
26
  #include <openssl/pkcs12.h>
26
27
  #include <openssl/pkcs7.h>
27
- #include <openssl/hmac.h>
28
28
  #include <openssl/rand.h>
29
29
  #include <openssl/conf.h>
30
- #include <openssl/conf_api.h>
31
- #include <openssl/crypto.h>
32
- #if !defined(OPENSSL_NO_ENGINE)
33
- # include <openssl/engine.h>
30
+ #ifndef OPENSSL_NO_TS
31
+ #include <openssl/ts.h>
34
32
  #endif
33
+ #include <openssl/crypto.h>
35
34
  #if !defined(OPENSSL_NO_OCSP)
36
35
  # include <openssl/ocsp.h>
37
36
  #endif
@@ -41,6 +40,32 @@
41
40
  #include <openssl/evp.h>
42
41
  #include <openssl/dh.h>
43
42
 
43
+ #ifndef LIBRESSL_VERSION_NUMBER
44
+ # define OSSL_IS_LIBRESSL 0
45
+ # define OSSL_OPENSSL_PREREQ(maj, min, pat) \
46
+ (OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
47
+ # define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
48
+ #else
49
+ # define OSSL_IS_LIBRESSL 1
50
+ # define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
51
+ # define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
52
+ (LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
53
+ #endif
54
+
55
+ #if OSSL_OPENSSL_PREREQ(3, 0, 0)
56
+ # define OSSL_3_const const
57
+ #else
58
+ # define OSSL_3_const /* const */
59
+ #endif
60
+
61
+ #if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
62
+ # define OSSL_USE_ENGINE
63
+ #endif
64
+
65
+ #if OSSL_OPENSSL_PREREQ(3, 0, 0)
66
+ # define OSSL_USE_PROVIDER
67
+ #endif
68
+
44
69
  /*
45
70
  * Common Module
46
71
  */
@@ -86,9 +111,8 @@ VALUE ossl_buf2str(char *buf, int len);
86
111
  VALUE ossl_str_new(const char *, long, int *);
87
112
  #define ossl_str_adjust(str, p) \
88
113
  do{\
89
- long len = RSTRING_LEN(str);\
90
114
  long newlen = (long)((p) - (unsigned char*)RSTRING_PTR(str));\
91
- assert(newlen <= len);\
115
+ assert(newlen <= RSTRING_LEN(str));\
92
116
  rb_str_set_len((str), newlen);\
93
117
  }while(0)
94
118
  /*
@@ -120,7 +144,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
120
144
  /*
121
145
  * ERRor messages
122
146
  */
123
- NORETURN(void ossl_raise(VALUE, const char *, ...));
147
+ PRINTF_ARGS(NORETURN(void ossl_raise(VALUE, const char *, ...)), 2, 3);
148
+ /* Make exception instance from str and OpenSSL error reason string. */
149
+ VALUE ossl_make_error(VALUE exc, VALUE str);
124
150
  /* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
125
151
  void ossl_clear_error(void);
126
152
 
@@ -135,7 +161,6 @@ VALUE ossl_to_der_if_possible(VALUE);
135
161
  */
136
162
  extern VALUE dOSSL;
137
163
 
138
- #if defined(HAVE_VA_ARGS_MACRO)
139
164
  #define OSSL_Debug(...) do { \
140
165
  if (dOSSL == Qtrue) { \
141
166
  fprintf(stderr, "OSSL_DEBUG: "); \
@@ -144,16 +169,10 @@ extern VALUE dOSSL;
144
169
  } \
145
170
  } while (0)
146
171
 
147
- #else
148
- void ossl_debug(const char *, ...);
149
- #define OSSL_Debug ossl_debug
150
- #endif
151
-
152
172
  /*
153
173
  * Include all parts
154
174
  */
155
175
  #include "openssl_missing.h"
156
- #include "ruby_missing.h"
157
176
  #include "ossl_asn1.h"
158
177
  #include "ossl_bio.h"
159
178
  #include "ossl_bn.h"
@@ -168,9 +187,12 @@ void ossl_debug(const char *, ...);
168
187
  #include "ossl_pkey.h"
169
188
  #include "ossl_rand.h"
170
189
  #include "ossl_ssl.h"
171
- #include "ossl_version.h"
190
+ #ifndef OPENSSL_NO_TS
191
+ #include "ossl_ts.h"
192
+ #endif
172
193
  #include "ossl_x509.h"
173
194
  #include "ossl_engine.h"
195
+ #include "ossl_provider.h"
174
196
  #include "ossl_kdf.h"
175
197
 
176
198
  void Init_openssl(void);
@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
69
69
  return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
70
70
  }
71
71
 
72
+ static VALUE
73
+ asn1time_to_time_i(VALUE arg)
74
+ {
75
+ return asn1time_to_time((ASN1_TIME *)arg);
76
+ }
77
+
72
78
  void
73
79
  ossl_time_split(VALUE time, time_t *sec, int *days)
74
80
  {
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
136
142
  return ai;
137
143
  }
138
144
 
145
+ static VALUE
146
+ asn1integer_to_num_i(VALUE arg)
147
+ {
148
+ return asn1integer_to_num((ASN1_INTEGER *)arg);
149
+ }
150
+
139
151
  /********/
140
152
  /*
141
153
  * ASN1 module
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
325
337
  p = der;
326
338
  if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
327
339
  ossl_raise(eASN1Error, NULL);
328
- ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
340
+ ret = rb_protect(asn1integer_to_num_i,
329
341
  (VALUE)ai, &status);
330
342
  ASN1_INTEGER_free(ai);
331
343
  if(status) rb_jump_tag(status);
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
365
377
  p = der;
366
378
  if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
367
379
  ossl_raise(eASN1Error, NULL);
368
- ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
380
+ ret = rb_protect(asn1integer_to_num_i,
369
381
  (VALUE)ai, &status);
370
382
  ASN1_ENUMERATED_free(ai);
371
383
  if(status) rb_jump_tag(status);
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
427
439
  p = der;
428
440
  if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
429
441
  ossl_raise(eASN1Error, NULL);
430
- ret = rb_protect((VALUE (*)(VALUE))asn1time_to_time,
442
+ ret = rb_protect(asn1time_to_time_i,
431
443
  (VALUE)time, &status);
432
444
  ASN1_TIME_free(time);
433
445
  if(status) rb_jump_tag(status);
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
497
509
  ASN1_TYPE *ret;
498
510
  VALUE value, rflag;
499
511
  void *ptr;
500
- void (*free_func)();
512
+ typedef void free_func_type(void *);
513
+ free_func_type *free_func;
501
514
  int tag;
502
515
 
503
516
  tag = ossl_asn1_default_tag(obj);
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
510
523
  case V_ASN1_INTEGER: /* FALLTHROUGH */
511
524
  case V_ASN1_ENUMERATED:
512
525
  ptr = obj_to_asn1int(value);
513
- free_func = ASN1_INTEGER_free;
526
+ free_func = (free_func_type *)ASN1_INTEGER_free;
514
527
  break;
515
528
  case V_ASN1_BIT_STRING:
516
529
  rflag = rb_attr_get(obj, sivUNUSED_BITS);
517
530
  ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
518
- free_func = ASN1_BIT_STRING_free;
531
+ free_func = (free_func_type *)ASN1_BIT_STRING_free;
519
532
  break;
520
533
  case V_ASN1_NULL:
521
534
  ptr = obj_to_asn1null(value);
522
- free_func = ASN1_NULL_free;
535
+ free_func = (free_func_type *)ASN1_NULL_free;
523
536
  break;
524
537
  case V_ASN1_OCTET_STRING: /* FALLTHROUGH */
525
538
  case V_ASN1_UTF8STRING: /* FALLTHROUGH */
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
534
547
  case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
535
548
  case V_ASN1_BMPSTRING:
536
549
  ptr = obj_to_asn1str(value);
537
- free_func = ASN1_STRING_free;
550
+ free_func = (free_func_type *)ASN1_STRING_free;
538
551
  break;
539
552
  case V_ASN1_OBJECT:
540
553
  ptr = obj_to_asn1obj(value);
541
- free_func = ASN1_OBJECT_free;
554
+ free_func = (free_func_type *)ASN1_OBJECT_free;
542
555
  break;
543
556
  case V_ASN1_UTCTIME:
544
557
  ptr = obj_to_asn1utime(value);
545
- free_func = ASN1_TIME_free;
558
+ free_func = (free_func_type *)ASN1_TIME_free;
546
559
  break;
547
560
  case V_ASN1_GENERALIZEDTIME:
548
561
  ptr = obj_to_asn1gtime(value);
549
- free_func = ASN1_TIME_free;
562
+ free_func = (free_func_type *)ASN1_TIME_free;
550
563
  break;
551
564
  case V_ASN1_SET: /* FALLTHROUGH */
552
565
  case V_ASN1_SEQUENCE:
553
566
  ptr = obj_to_asn1derstr(obj);
554
- free_func = ASN1_STRING_free;
567
+ free_func = (free_func_type *)ASN1_STRING_free;
555
568
  break;
556
569
  default:
557
570
  ossl_raise(eASN1Error, "unsupported ASN.1 type");
@@ -1285,6 +1298,30 @@ ossl_asn1obj_get_ln(VALUE self)
1285
1298
  return ret;
1286
1299
  }
1287
1300
 
1301
+ /*
1302
+ * call-seq:
1303
+ * oid == other_oid => true or false
1304
+ *
1305
+ * Returns +true+ if _other_oid_ is the same as _oid_
1306
+ */
1307
+ static VALUE
1308
+ ossl_asn1obj_eq(VALUE self, VALUE other)
1309
+ {
1310
+ VALUE valSelf, valOther;
1311
+ int nidSelf, nidOther;
1312
+
1313
+ valSelf = ossl_asn1_get_value(self);
1314
+ valOther = ossl_asn1_get_value(other);
1315
+
1316
+ if ((nidSelf = OBJ_txt2nid(StringValueCStr(valSelf))) == NID_undef)
1317
+ ossl_raise(eASN1Error, "OBJ_txt2nid");
1318
+
1319
+ if ((nidOther = OBJ_txt2nid(StringValueCStr(valOther))) == NID_undef)
1320
+ ossl_raise(eASN1Error, "OBJ_txt2nid");
1321
+
1322
+ return nidSelf == nidOther ? Qtrue : Qfalse;
1323
+ }
1324
+
1288
1325
  static VALUE
1289
1326
  asn1obj_get_oid_i(VALUE vobj)
1290
1327
  {
@@ -1360,6 +1397,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
1360
1397
  void
1361
1398
  Init_ossl_asn1(void)
1362
1399
  {
1400
+ #undef rb_intern
1363
1401
  VALUE ary;
1364
1402
  int i;
1365
1403
 
@@ -1485,7 +1523,7 @@ Init_ossl_asn1(void)
1485
1523
  *
1486
1524
  * An Array that stores the name of a given tag number. These names are
1487
1525
  * the same as the name of the tag constant that is additionally defined,
1488
- * e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2.
1526
+ * e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
1489
1527
  *
1490
1528
  * == Example usage
1491
1529
  *
@@ -1817,12 +1855,14 @@ do{\
1817
1855
  rb_define_method(cASN1ObjectId, "oid", ossl_asn1obj_get_oid, 0);
1818
1856
  rb_define_alias(cASN1ObjectId, "short_name", "sn");
1819
1857
  rb_define_alias(cASN1ObjectId, "long_name", "ln");
1858
+ rb_define_method(cASN1ObjectId, "==", ossl_asn1obj_eq, 1);
1820
1859
  rb_attr(cASN1BitString, rb_intern("unused_bits"), 1, 1, 0);
1821
1860
 
1822
1861
  rb_define_method(cASN1EndOfContent, "initialize", ossl_asn1eoc_initialize, 0);
1823
1862
  rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
1824
1863
 
1825
1864
  class_tag_map = rb_hash_new();
1865
+ rb_gc_register_mark_object(class_tag_map);
1826
1866
  rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
1827
1867
  rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
1828
1868
  rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
@@ -1846,7 +1886,6 @@ do{\
1846
1886
  rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
1847
1887
  rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
1848
1888
  rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
1849
- rb_global_variable(&class_tag_map);
1850
1889
 
1851
1890
  id_each = rb_intern_const("each");
1852
1891
  }