RubyGems - openssl - Versions diffs - 2.1.0 → 3.2.0 - Mend

openssl 2.1.0 → 3.2.0

Files changed (64) hide show

checksums.yaml +4 -4
data/CONTRIBUTING.md +35 -45
data/History.md +426 -0
data/README.md +38 -21
data/ext/openssl/extconf.rb +132 -72
data/ext/openssl/openssl_missing.c +0 -66
data/ext/openssl/openssl_missing.h +62 -46
data/ext/openssl/ossl.c +177 -252
data/ext/openssl/ossl.h +39 -17
data/ext/openssl/ossl_asn1.c +53 -14
data/ext/openssl/ossl_bn.c +288 -146
data/ext/openssl/ossl_bn.h +2 -1
data/ext/openssl/ossl_cipher.c +42 -32
data/ext/openssl/ossl_config.c +412 -41
data/ext/openssl/ossl_config.h +4 -7
data/ext/openssl/ossl_digest.c +32 -63
data/ext/openssl/ossl_engine.c +19 -28
data/ext/openssl/ossl_hmac.c +61 -146
data/ext/openssl/ossl_kdf.c +15 -23
data/ext/openssl/ossl_ns_spki.c +2 -2
data/ext/openssl/ossl_ocsp.c +17 -70
data/ext/openssl/ossl_ocsp.h +3 -3
data/ext/openssl/ossl_pkcs12.c +23 -4
data/ext/openssl/ossl_pkcs7.c +49 -81
data/ext/openssl/ossl_pkcs7.h +16 -0
data/ext/openssl/ossl_pkey.c +1508 -195
data/ext/openssl/ossl_pkey.h +41 -78
data/ext/openssl/ossl_pkey_dh.c +153 -348
data/ext/openssl/ossl_pkey_dsa.c +157 -413
data/ext/openssl/ossl_pkey_ec.c +257 -343
data/ext/openssl/ossl_pkey_rsa.c +166 -490
data/ext/openssl/ossl_provider.c +211 -0
data/ext/openssl/ossl_provider.h +5 -0
data/ext/openssl/ossl_rand.c +2 -40
data/ext/openssl/ossl_ssl.c +666 -456
data/ext/openssl/ossl_ssl_session.c +29 -30
data/ext/openssl/ossl_ts.c +1539 -0
data/ext/openssl/ossl_ts.h +16 -0
data/ext/openssl/ossl_x509.c +86 -1
data/ext/openssl/ossl_x509attr.c +1 -1
data/ext/openssl/ossl_x509cert.c +170 -14
data/ext/openssl/ossl_x509crl.c +14 -11
data/ext/openssl/ossl_x509ext.c +29 -9
data/ext/openssl/ossl_x509name.c +24 -12
data/ext/openssl/ossl_x509req.c +14 -11
data/ext/openssl/ossl_x509revoked.c +4 -4
data/ext/openssl/ossl_x509store.c +205 -96
data/lib/openssl/bn.rb +1 -1
data/lib/openssl/buffering.rb +42 -20
data/lib/openssl/cipher.rb +1 -1
data/lib/openssl/digest.rb +10 -16
data/lib/openssl/hmac.rb +78 -0
data/lib/openssl/marshal.rb +30 -0
data/lib/openssl/pkcs5.rb +1 -1
data/lib/openssl/pkey.rb +447 -1
data/lib/openssl/ssl.rb +68 -24
data/lib/openssl/version.rb +5 -0
data/lib/openssl/x509.rb +177 -1
data/lib/openssl.rb +24 -9
metadata +18 -71
data/ext/openssl/deprecation.rb +0 -23
data/ext/openssl/ossl_version.h +0 -15
data/ext/openssl/ruby_missing.h +0 -24
data/lib/openssl/config.rb +0 -474

data/ext/openssl/ossl.h CHANGED Viewed

@@ -13,25 +13,24 @@
 #include RUBY_EXTCONF_H
 #include <assert.h>
-#include <errno.h>
 #include <ruby.h>
+#include <errno.h>
 #include <ruby/io.h>
 #include <ruby/thread.h>
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
 #include <openssl/ssl.h>
 #include <openssl/pkcs12.h>
 #include <openssl/pkcs7.h>
-#include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include <openssl/crypto.h>
-#if !defined(OPENSSL_NO_ENGINE)
-#  include <openssl/engine.h>
+#ifndef OPENSSL_NO_TS
+  #include <openssl/ts.h>
 #endif
+#include <openssl/crypto.h>
 #if !defined(OPENSSL_NO_OCSP)
 #  include <openssl/ocsp.h>
 #endif
@@ -41,6 +40,32 @@
 #include <openssl/evp.h>
 #include <openssl/dh.h>
+#ifndef LIBRESSL_VERSION_NUMBER
+# define OSSL_IS_LIBRESSL 0
+# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
+      (OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
+#else
+# define OSSL_IS_LIBRESSL 1
+# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
+      (LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
+#endif
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_3_const const
+#else
+# define OSSL_3_const /* const */
+#endif
+#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_USE_ENGINE
+#endif
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+# define OSSL_USE_PROVIDER
+#endif
 /*
  * Common Module
  */
@@ -86,9 +111,8 @@ VALUE ossl_buf2str(char *buf, int len);
 VALUE ossl_str_new(const char *, long, int *);
 #define ossl_str_adjust(str, p) \
 do{\
-    long len = RSTRING_LEN(str);\
     long newlen = (long)((p) - (unsigned char*)RSTRING_PTR(str));\
-    assert(newlen <= len);\
+    assert(newlen <= RSTRING_LEN(str));\
     rb_str_set_len((str), newlen);\
 }while(0)
 /*
@@ -120,7 +144,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
 /*
  * ERRor messages
  */
-NORETURN(void ossl_raise(VALUE, const char *, ...));
+PRINTF_ARGS(NORETURN(void ossl_raise(VALUE, const char *, ...)), 2, 3);
+/* Make exception instance from str and OpenSSL error reason string. */
+VALUE ossl_make_error(VALUE exc, VALUE str);
 /* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
 void ossl_clear_error(void);
@@ -135,7 +161,6 @@ VALUE ossl_to_der_if_possible(VALUE);
  */
 extern VALUE dOSSL;
-#if defined(HAVE_VA_ARGS_MACRO)
 #define OSSL_Debug(...) do { \
   if (dOSSL == Qtrue) { \
     fprintf(stderr, "OSSL_DEBUG: "); \
@@ -144,16 +169,10 @@ extern VALUE dOSSL;
   } \
 } while (0)
-#else
-void ossl_debug(const char *, ...);
-#define OSSL_Debug ossl_debug
-#endif
 /*
  * Include all parts
  */
 #include "openssl_missing.h"
-#include "ruby_missing.h"
 #include "ossl_asn1.h"
 #include "ossl_bio.h"
 #include "ossl_bn.h"
@@ -168,9 +187,12 @@ void ossl_debug(const char *, ...);
 #include "ossl_pkey.h"
 #include "ossl_rand.h"
 #include "ossl_ssl.h"
-#include "ossl_version.h"
+#ifndef OPENSSL_NO_TS
+  #include "ossl_ts.h"
+#endif
 #include "ossl_x509.h"
 #include "ossl_engine.h"
+#include "ossl_provider.h"
 #include "ossl_kdf.h"
 void Init_openssl(void);

data/ext/openssl/ossl_asn1.c CHANGED Viewed

@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
     return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
 }
+static VALUE
+asn1time_to_time_i(VALUE arg)
+{
+    return asn1time_to_time((ASN1_TIME *)arg);
+}
 void
 ossl_time_split(VALUE time, time_t *sec, int *days)
 {
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
     return ai;
 }
+static VALUE
+asn1integer_to_num_i(VALUE arg)
+{
+    return asn1integer_to_num((ASN1_INTEGER *)arg);
+}
 /********/
 /*
  * ASN1 module
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
     p = der;
     if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
 	ossl_raise(eASN1Error, NULL);
-    ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
+    ret = rb_protect(asn1integer_to_num_i,
 		     (VALUE)ai, &status);
     ASN1_INTEGER_free(ai);
     if(status) rb_jump_tag(status);
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
     p = der;
     if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
 	ossl_raise(eASN1Error, NULL);
-    ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
+    ret = rb_protect(asn1integer_to_num_i,
 		     (VALUE)ai, &status);
     ASN1_ENUMERATED_free(ai);
     if(status) rb_jump_tag(status);
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
     p = der;
     if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
 	ossl_raise(eASN1Error, NULL);
-    ret = rb_protect((VALUE (*)(VALUE))asn1time_to_time,
+    ret = rb_protect(asn1time_to_time_i,
 		     (VALUE)time, &status);
     ASN1_TIME_free(time);
     if(status) rb_jump_tag(status);
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
     ASN1_TYPE *ret;
     VALUE value, rflag;
     void *ptr;
-    void (*free_func)();
+    typedef void free_func_type(void *);
+    free_func_type *free_func;
     int tag;
     tag = ossl_asn1_default_tag(obj);
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
     case V_ASN1_INTEGER:         /* FALLTHROUGH */
     case V_ASN1_ENUMERATED:
 	ptr = obj_to_asn1int(value);
-	free_func = ASN1_INTEGER_free;
+	free_func = (free_func_type *)ASN1_INTEGER_free;
 	break;
     case V_ASN1_BIT_STRING:
         rflag = rb_attr_get(obj, sivUNUSED_BITS);
 	ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
-	free_func = ASN1_BIT_STRING_free;
+	free_func = (free_func_type *)ASN1_BIT_STRING_free;
 	break;
     case V_ASN1_NULL:
 	ptr = obj_to_asn1null(value);
-	free_func = ASN1_NULL_free;
+	free_func = (free_func_type *)ASN1_NULL_free;
 	break;
     case V_ASN1_OCTET_STRING:    /* FALLTHROUGH */
     case V_ASN1_UTF8STRING:      /* FALLTHROUGH */
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
     case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
     case V_ASN1_BMPSTRING:
 	ptr = obj_to_asn1str(value);
-	free_func = ASN1_STRING_free;
+	free_func = (free_func_type *)ASN1_STRING_free;
 	break;
     case V_ASN1_OBJECT:
 	ptr = obj_to_asn1obj(value);
-	free_func = ASN1_OBJECT_free;
+	free_func = (free_func_type *)ASN1_OBJECT_free;
 	break;
     case V_ASN1_UTCTIME:
 	ptr = obj_to_asn1utime(value);
-	free_func = ASN1_TIME_free;
+	free_func = (free_func_type *)ASN1_TIME_free;
 	break;
     case V_ASN1_GENERALIZEDTIME:
 	ptr = obj_to_asn1gtime(value);
-	free_func = ASN1_TIME_free;
+	free_func = (free_func_type *)ASN1_TIME_free;
 	break;
     case V_ASN1_SET:             /* FALLTHROUGH */
     case V_ASN1_SEQUENCE:
 	ptr = obj_to_asn1derstr(obj);
-	free_func = ASN1_STRING_free;
+	free_func = (free_func_type *)ASN1_STRING_free;
 	break;
     default:
 	ossl_raise(eASN1Error, "unsupported ASN.1 type");
@@ -1285,6 +1298,30 @@ ossl_asn1obj_get_ln(VALUE self)
     return ret;
 }
+/*
+ *  call-seq:
+ *     oid == other_oid => true or false
+ *
+ *  Returns +true+ if _other_oid_ is the same as _oid_
+ */
+static VALUE
+ossl_asn1obj_eq(VALUE self, VALUE other)
+{
+    VALUE valSelf, valOther;
+    int nidSelf, nidOther;
+    valSelf = ossl_asn1_get_value(self);
+    valOther = ossl_asn1_get_value(other);
+    if ((nidSelf = OBJ_txt2nid(StringValueCStr(valSelf))) == NID_undef)
+	ossl_raise(eASN1Error, "OBJ_txt2nid");
+    if ((nidOther = OBJ_txt2nid(StringValueCStr(valOther))) == NID_undef)
+	ossl_raise(eASN1Error, "OBJ_txt2nid");
+    return nidSelf == nidOther ? Qtrue : Qfalse;
+}
 static VALUE
 asn1obj_get_oid_i(VALUE vobj)
 {
@@ -1360,6 +1397,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
 void
 Init_ossl_asn1(void)
 {
+#undef rb_intern
     VALUE ary;
     int i;
@@ -1485,7 +1523,7 @@ Init_ossl_asn1(void)
      *
      * An Array that stores the name of a given tag number. These names are
      * the same as the name of the tag constant that is additionally defined,
-     * e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2.
+     * e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
      *
      * == Example usage
      *
@@ -1817,12 +1855,14 @@ do{\
     rb_define_method(cASN1ObjectId, "oid", ossl_asn1obj_get_oid, 0);
     rb_define_alias(cASN1ObjectId, "short_name", "sn");
     rb_define_alias(cASN1ObjectId, "long_name", "ln");
+    rb_define_method(cASN1ObjectId, "==", ossl_asn1obj_eq, 1);
     rb_attr(cASN1BitString, rb_intern("unused_bits"), 1, 1, 0);
     rb_define_method(cASN1EndOfContent, "initialize", ossl_asn1eoc_initialize, 0);
     rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
     class_tag_map = rb_hash_new();
+    rb_gc_register_mark_object(class_tag_map);
     rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
     rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
     rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
@@ -1846,7 +1886,6 @@ do{\
     rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
     rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
     rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
-    rb_global_variable(&class_tag_map);
     id_each = rb_intern_const("each");
 }