openssl 2.1.1 → 2.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +9 -7
  3. data/History.md +165 -0
  4. data/README.md +2 -2
  5. data/ext/openssl/extconf.rb +51 -27
  6. data/ext/openssl/openssl_missing.h +39 -4
  7. data/ext/openssl/ossl.c +61 -27
  8. data/ext/openssl/ossl.h +8 -5
  9. data/ext/openssl/ossl_asn1.c +27 -1
  10. data/ext/openssl/ossl_bn.c +92 -24
  11. data/ext/openssl/ossl_bn.h +2 -1
  12. data/ext/openssl/ossl_cipher.c +33 -24
  13. data/ext/openssl/ossl_digest.c +22 -53
  14. data/ext/openssl/ossl_engine.c +2 -12
  15. data/ext/openssl/ossl_hmac.c +5 -11
  16. data/ext/openssl/ossl_kdf.c +3 -19
  17. data/ext/openssl/ossl_ns_spki.c +1 -1
  18. data/ext/openssl/ossl_ocsp.c +6 -11
  19. data/ext/openssl/ossl_ocsp.h +3 -3
  20. data/ext/openssl/ossl_pkcs12.c +1 -0
  21. data/ext/openssl/ossl_pkcs7.c +4 -19
  22. data/ext/openssl/ossl_pkcs7.h +16 -0
  23. data/ext/openssl/ossl_pkey.c +206 -17
  24. data/ext/openssl/ossl_pkey.h +6 -6
  25. data/ext/openssl/ossl_pkey_dh.c +1 -1
  26. data/ext/openssl/ossl_pkey_dsa.c +2 -2
  27. data/ext/openssl/ossl_pkey_ec.c +38 -8
  28. data/ext/openssl/ossl_pkey_rsa.c +17 -9
  29. data/ext/openssl/ossl_rand.c +2 -40
  30. data/ext/openssl/ossl_ssl.c +205 -75
  31. data/ext/openssl/ossl_ts.c +1524 -0
  32. data/ext/openssl/ossl_ts.h +16 -0
  33. data/ext/openssl/ossl_x509.c +91 -0
  34. data/ext/openssl/ossl_x509cert.c +2 -2
  35. data/ext/openssl/ossl_x509ext.c +15 -0
  36. data/ext/openssl/ossl_x509name.c +15 -10
  37. data/ext/openssl/ossl_x509store.c +40 -22
  38. data/lib/openssl/bn.rb +1 -1
  39. data/lib/openssl/buffering.rb +33 -17
  40. data/lib/openssl/cipher.rb +1 -1
  41. data/lib/openssl/config.rb +53 -26
  42. data/lib/openssl/digest.rb +10 -12
  43. data/lib/openssl/hmac.rb +13 -0
  44. data/lib/openssl/marshal.rb +30 -0
  45. data/lib/openssl/pkcs5.rb +1 -1
  46. data/lib/openssl/pkey.rb +18 -1
  47. data/lib/openssl/ssl.rb +46 -7
  48. data/lib/openssl/version.rb +5 -0
  49. data/lib/openssl/x509.rb +155 -1
  50. data/lib/openssl.rb +25 -9
  51. metadata +25 -9
  52. data/ext/openssl/deprecation.rb +0 -23
  53. data/ext/openssl/ossl_version.h +0 -15
@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
104
104
  * call-seq:
105
105
  * Cipher.new(string) -> cipher
106
106
  *
107
- * The string must be a valid cipher name like "AES-128-CBC" or "3DES".
107
+ * The string must contain a valid cipher name like "AES-256-CBC".
108
108
  *
109
109
  * A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
110
110
  */
@@ -237,8 +237,7 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
237
237
  ossl_raise(eCipherError, NULL);
238
238
  }
239
239
 
240
- if (p_key)
241
- rb_ivar_set(self, id_key_set, Qtrue);
240
+ rb_ivar_set(self, id_key_set, p_key ? Qtrue : Qfalse);
242
241
 
243
242
  return self;
244
243
  }
@@ -814,6 +813,31 @@ ossl_cipher_block_size(VALUE self)
814
813
  return INT2NUM(EVP_CIPHER_CTX_block_size(ctx));
815
814
  }
816
815
 
816
+ /*
817
+ * call-seq:
818
+ * cipher.ccm_data_len = integer -> integer
819
+ *
820
+ * Sets the length of the plaintext / ciphertext message that will be
821
+ * processed in CCM mode. Make sure to call this method after #key= and
822
+ * #iv= have been set, and before #auth_data=.
823
+ *
824
+ * Only call this method after calling Cipher#encrypt or Cipher#decrypt.
825
+ */
826
+ static VALUE
827
+ ossl_cipher_set_ccm_data_len(VALUE self, VALUE data_len)
828
+ {
829
+ int in_len, out_len;
830
+ EVP_CIPHER_CTX *ctx;
831
+
832
+ in_len = NUM2INT(data_len);
833
+
834
+ GetCipher(self, ctx);
835
+ if (EVP_CipherUpdate(ctx, NULL, &out_len, NULL, in_len) != 1)
836
+ ossl_raise(eCipherError, NULL);
837
+
838
+ return data_len;
839
+ }
840
+
817
841
  /*
818
842
  * INIT
819
843
  */
@@ -852,22 +876,6 @@ Init_ossl_cipher(void)
852
876
  *
853
877
  * cipher = OpenSSL::Cipher.new('AES-128-CBC')
854
878
  *
855
- * For each algorithm supported, there is a class defined under the
856
- * Cipher class that goes by the name of the cipher, e.g. to obtain an
857
- * instance of AES, you could also use
858
- *
859
- * # these are equivalent
860
- * cipher = OpenSSL::Cipher::AES.new(128, :CBC)
861
- * cipher = OpenSSL::Cipher::AES.new(128, 'CBC')
862
- * cipher = OpenSSL::Cipher::AES.new('128-CBC')
863
- *
864
- * Finally, due to its wide-spread use, there are also extra classes
865
- * defined for the different key sizes of AES
866
- *
867
- * cipher = OpenSSL::Cipher::AES128.new(:CBC)
868
- * cipher = OpenSSL::Cipher::AES192.new(:CBC)
869
- * cipher = OpenSSL::Cipher::AES256.new(:CBC)
870
- *
871
879
  * === Choosing either encryption or decryption mode
872
880
  *
873
881
  * Encryption and decryption are often very similar operations for
@@ -896,7 +904,7 @@ Init_ossl_cipher(void)
896
904
  * without processing the password further. A simple and secure way to
897
905
  * create a key for a particular Cipher is
898
906
  *
899
- * cipher = OpenSSL::AES256.new(:CFB)
907
+ * cipher = OpenSSL::Cipher.new('AES-256-CFB')
900
908
  * cipher.encrypt
901
909
  * key = cipher.random_key # also sets the generated key on the Cipher
902
910
  *
@@ -964,14 +972,14 @@ Init_ossl_cipher(void)
964
972
  *
965
973
  * data = "Very, very confidential data"
966
974
  *
967
- * cipher = OpenSSL::Cipher::AES.new(128, :CBC)
975
+ * cipher = OpenSSL::Cipher.new('AES-128-CBC')
968
976
  * cipher.encrypt
969
977
  * key = cipher.random_key
970
978
  * iv = cipher.random_iv
971
979
  *
972
980
  * encrypted = cipher.update(data) + cipher.final
973
981
  * ...
974
- * decipher = OpenSSL::Cipher::AES.new(128, :CBC)
982
+ * decipher = OpenSSL::Cipher.new('AES-128-CBC')
975
983
  * decipher.decrypt
976
984
  * decipher.key = key
977
985
  * decipher.iv = iv
@@ -1007,7 +1015,7 @@ Init_ossl_cipher(void)
1007
1015
  * not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
1008
1016
  * security guarantees of GCM mode.
1009
1017
  *
1010
- * cipher = OpenSSL::Cipher::AES.new(128, :GCM).encrypt
1018
+ * cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt
1011
1019
  * cipher.key = key
1012
1020
  * cipher.iv = nonce
1013
1021
  * cipher.auth_data = auth_data
@@ -1023,7 +1031,7 @@ Init_ossl_cipher(void)
1023
1031
  * ciphertext with a probability of 1/256.
1024
1032
  *
1025
1033
  * raise "tag is truncated!" unless tag.bytesize == 16
1026
- * decipher = OpenSSL::Cipher::AES.new(128, :GCM).decrypt
1034
+ * decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
1027
1035
  * decipher.key = key
1028
1036
  * decipher.iv = nonce
1029
1037
  * decipher.auth_tag = tag
@@ -1060,6 +1068,7 @@ Init_ossl_cipher(void)
1060
1068
  rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
1061
1069
  rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0);
1062
1070
  rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1);
1071
+ rb_define_method(cCipher, "ccm_data_len=", ossl_cipher_set_ccm_data_len, 1);
1063
1072
 
1064
1073
  id_auth_tag_len = rb_intern_const("auth_tag_len");
1065
1074
  id_key_set = rb_intern_const("key_set");
@@ -192,7 +192,7 @@ ossl_digest_reset(VALUE self)
192
192
  * be passed individually to the Digest instance.
193
193
  *
194
194
  * === Example
195
- * digest = OpenSSL::Digest::SHA256.new
195
+ * digest = OpenSSL::Digest.new('SHA256')
196
196
  * digest.update('First input')
197
197
  * digest << 'Second input' # equivalent to digest.update('Second input')
198
198
  * result = digest.digest
@@ -248,7 +248,7 @@ ossl_digest_finish(int argc, VALUE *argv, VALUE self)
248
248
  * Returns the sn of this Digest algorithm.
249
249
  *
250
250
  * === Example
251
- * digest = OpenSSL::Digest::SHA512.new
251
+ * digest = OpenSSL::Digest.new('SHA512')
252
252
  * puts digest.name # => SHA512
253
253
  *
254
254
  */
@@ -270,7 +270,7 @@ ossl_digest_name(VALUE self)
270
270
  * final message digest result.
271
271
  *
272
272
  * === Example
273
- * digest = OpenSSL::Digest::SHA1.new
273
+ * digest = OpenSSL::Digest.new('SHA1')
274
274
  * puts digest.digest_length # => 20
275
275
  *
276
276
  */
@@ -294,7 +294,7 @@ ossl_digest_size(VALUE self)
294
294
  * consecutively.
295
295
  *
296
296
  * === Example
297
- * digest = OpenSSL::Digest::SHA1.new
297
+ * digest = OpenSSL::Digest.new('SHA1')
298
298
  * puts digest.block_length # => 64
299
299
  */
300
300
  static VALUE
@@ -313,8 +313,6 @@ ossl_digest_block_length(VALUE self)
313
313
  void
314
314
  Init_ossl_digest(void)
315
315
  {
316
- rb_require("digest");
317
-
318
316
  #if 0
319
317
  mOSSL = rb_define_module("OpenSSL");
320
318
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -348,54 +346,19 @@ Init_ossl_digest(void)
348
346
  * the integrity of a signed document, it suffices to re-compute the hash
349
347
  * and verify that it is equal to that in the signature.
350
348
  *
351
- * Among the supported message digest algorithms are:
352
- * * SHA, SHA1, SHA224, SHA256, SHA384 and SHA512
353
- * * MD2, MD4, MDC2 and MD5
354
- * * RIPEMD160
355
- * * DSS, DSS1 (Pseudo algorithms to be used for DSA signatures. DSS is
356
- * equal to SHA and DSS1 is equal to SHA1)
349
+ * You can get a list of all digest algorithms supported on your system by
350
+ * running this command in your terminal:
357
351
  *
358
- * For each of these algorithms, there is a sub-class of Digest that
359
- * can be instantiated as simply as e.g.
352
+ * openssl list -digest-algorithms
360
353
  *
361
- * digest = OpenSSL::Digest::SHA1.new
354
+ * Among the OpenSSL 1.1.1 supported message digest algorithms are:
355
+ * * SHA224, SHA256, SHA384, SHA512, SHA512-224 and SHA512-256
356
+ * * SHA3-224, SHA3-256, SHA3-384 and SHA3-512
357
+ * * BLAKE2s256 and BLAKE2b512
362
358
  *
363
- * === Mapping between Digest class and sn/ln
359
+ * Each of these algorithms can be instantiated using the name:
364
360
  *
365
- * The sn (short names) and ln (long names) are defined in
366
- * <openssl/object.h> and <openssl/obj_mac.h>. They are textual
367
- * representations of ASN.1 OBJECT IDENTIFIERs. Each supported digest
368
- * algorithm has an OBJECT IDENTIFIER associated to it and those again
369
- * have short/long names assigned to them.
370
- * E.g. the OBJECT IDENTIFIER for SHA-1 is 1.3.14.3.2.26 and its
371
- * sn is "SHA1" and its ln is "sha1".
372
- * ==== MD2
373
- * * sn: MD2
374
- * * ln: md2
375
- * ==== MD4
376
- * * sn: MD4
377
- * * ln: md4
378
- * ==== MD5
379
- * * sn: MD5
380
- * * ln: md5
381
- * ==== SHA
382
- * * sn: SHA
383
- * * ln: SHA
384
- * ==== SHA-1
385
- * * sn: SHA1
386
- * * ln: sha1
387
- * ==== SHA-224
388
- * * sn: SHA224
389
- * * ln: sha224
390
- * ==== SHA-256
391
- * * sn: SHA256
392
- * * ln: sha256
393
- * ==== SHA-384
394
- * * sn: SHA384
395
- * * ln: sha384
396
- * ==== SHA-512
397
- * * sn: SHA512
398
- * * ln: sha512
361
+ * digest = OpenSSL::Digest.new('SHA256')
399
362
  *
400
363
  * "Breaking" a message digest algorithm means defying its one-way
401
364
  * function characteristics, i.e. producing a collision or finding a way
@@ -408,7 +371,7 @@ Init_ossl_digest(void)
408
371
  * === Hashing a file
409
372
  *
410
373
  * data = File.read('document')
411
- * sha256 = OpenSSL::Digest::SHA256.new
374
+ * sha256 = OpenSSL::Digest.new('SHA256')
412
375
  * digest = sha256.digest(data)
413
376
  *
414
377
  * === Hashing several pieces of data at once
@@ -416,7 +379,7 @@ Init_ossl_digest(void)
416
379
  * data1 = File.read('file1')
417
380
  * data2 = File.read('file2')
418
381
  * data3 = File.read('file3')
419
- * sha256 = OpenSSL::Digest::SHA256.new
382
+ * sha256 = OpenSSL::Digest.new('SHA256')
420
383
  * sha256 << data1
421
384
  * sha256 << data2
422
385
  * sha256 << data3
@@ -425,7 +388,7 @@ Init_ossl_digest(void)
425
388
  * === Reuse a Digest instance
426
389
  *
427
390
  * data1 = File.read('file1')
428
- * sha256 = OpenSSL::Digest::SHA256.new
391
+ * sha256 = OpenSSL::Digest.new('SHA256')
429
392
  * digest1 = sha256.digest(data1)
430
393
  *
431
394
  * data2 = File.read('file2')
@@ -433,6 +396,12 @@ Init_ossl_digest(void)
433
396
  * digest2 = sha256.digest(data2)
434
397
  *
435
398
  */
399
+
400
+ /*
401
+ * Digest::Class is defined by the digest library. rb_require() cannot be
402
+ * used here because it bypasses RubyGems.
403
+ */
404
+ rb_funcall(Qnil, rb_intern_const("require"), 1, rb_str_new_cstr("digest"));
436
405
  cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class"));
437
406
  /* Document-class: OpenSSL::Digest::DigestError
438
407
  *
@@ -93,9 +93,6 @@ static const rb_data_type_t ossl_engine_type = {
93
93
  static VALUE
94
94
  ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
95
95
  {
96
- #if !defined(HAVE_ENGINE_LOAD_BUILTIN_ENGINES)
97
- return Qnil;
98
- #else
99
96
  VALUE name;
100
97
 
101
98
  rb_scan_args(argc, argv, "01", &name);
@@ -104,10 +101,10 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
104
101
  return Qtrue;
105
102
  }
106
103
  StringValueCStr(name);
107
- #ifndef OPENSSL_NO_STATIC_ENGINE
108
104
  #if HAVE_ENGINE_LOAD_DYNAMIC
109
105
  OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC);
110
106
  #endif
107
+ #ifndef OPENSSL_NO_STATIC_ENGINE
111
108
  #if HAVE_ENGINE_LOAD_4758CCA
112
109
  OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA);
113
110
  #endif
@@ -144,20 +141,13 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
144
141
  #if HAVE_ENGINE_LOAD_GOST
145
142
  OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST);
146
143
  #endif
144
+ #endif
147
145
  #if HAVE_ENGINE_LOAD_CRYPTODEV
148
146
  OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV);
149
- #endif
150
- #if HAVE_ENGINE_LOAD_AESNI
151
- OSSL_ENGINE_LOAD_IF_MATCH(aesni, AESNI);
152
- #endif
153
- #endif
154
- #ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
155
- OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto, OPENBSD_DEV_CRYPTO);
156
147
  #endif
157
148
  OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL);
158
149
  rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
159
150
  return Qnil;
160
- #endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
161
151
  }
162
152
 
163
153
  /*
@@ -84,18 +84,12 @@ ossl_hmac_alloc(VALUE klass)
84
84
  *
85
85
  * === A note about comparisons
86
86
  *
87
- * Two instances won't be equal when they're compared, even if they have the
88
- * same value. Use #to_s or #hexdigest to return the authentication code that
89
- * the instance represents. For example:
87
+ * Two instances can be securely compared with #== in constant time:
90
88
  *
91
89
  * other_instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
92
- * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
93
- * instance
94
- * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
95
- * instance == other_instance
96
- * #=> false
97
- * instance.to_s == other_instance.to_s
98
- * #=> true
90
+ * #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
91
+ * instance == other_instance
92
+ * #=> true
99
93
  *
100
94
  */
101
95
  static VALUE
@@ -359,7 +353,7 @@ Init_ossl_hmac(void)
359
353
  * data1 = File.read("file1")
360
354
  * data2 = File.read("file2")
361
355
  * key = "key"
362
- * digest = OpenSSL::Digest::SHA256.new
356
+ * digest = OpenSSL::Digest.new('SHA256')
363
357
  * hmac = OpenSSL::HMAC.new(key, digest)
364
358
  * hmac << data1
365
359
  * hmac << data2
@@ -272,7 +272,7 @@ Init_ossl_kdf(void)
272
272
  * # store this with the generated value
273
273
  * salt = OpenSSL::Random.random_bytes(16)
274
274
  * iter = 20_000
275
- * hash = OpenSSL::Digest::SHA256.new
275
+ * hash = OpenSSL::Digest.new('SHA256')
276
276
  * len = hash.digest_length
277
277
  * # the final value to be stored
278
278
  * value = OpenSSL::KDF.pbkdf2_hmac(pass, salt: salt, iterations: iter,
@@ -284,24 +284,8 @@ Init_ossl_kdf(void)
284
284
  * Typically, "==" short-circuits on evaluation, and is therefore
285
285
  * vulnerable to timing attacks. The proper way is to use a method that
286
286
  * always takes the same amount of time when comparing two values, thus
287
- * not leaking any information to potential attackers. To compare two
288
- * values, the following could be used:
289
- *
290
- * def eql_time_cmp(a, b)
291
- * unless a.length == b.length
292
- * return false
293
- * end
294
- * cmp = b.bytes
295
- * result = 0
296
- * a.bytes.each_with_index {|c,i|
297
- * result |= c ^ cmp[i]
298
- * }
299
- * result == 0
300
- * end
301
- *
302
- * Please note that the premature return in case of differing lengths
303
- * typically does not leak valuable information - when using PBKDF2, the
304
- * length of the values to be compared is of fixed size.
287
+ * not leaking any information to potential attackers. To do this, use
288
+ * +OpenSSL.fixed_length_secure_compare+.
305
289
  */
306
290
  mKDF = rb_define_module_under(mOSSL, "KDF");
307
291
  /*
@@ -350,7 +350,7 @@ ossl_spki_verify(VALUE self, VALUE key)
350
350
  * spki = OpenSSL::Netscape::SPKI.new
351
351
  * spki.challenge = "RandomChallenge"
352
352
  * spki.public_key = key.public_key
353
- * spki.sign(key, OpenSSL::Digest::SHA256.new)
353
+ * spki.sign(key, OpenSSL::Digest.new('SHA256'))
354
354
  * #send a request containing this to a server generating a certificate
355
355
  * === Verifying an SPKI request
356
356
  * request = #...
@@ -1489,13 +1489,15 @@ ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
1489
1489
  * call-seq:
1490
1490
  * OpenSSL::OCSP::CertificateId.new(subject, issuer, digest = nil) -> certificate_id
1491
1491
  * OpenSSL::OCSP::CertificateId.new(der_string) -> certificate_id
1492
+ * OpenSSL::OCSP::CertificateId.new(obj) -> certificate_id
1492
1493
  *
1493
1494
  * Creates a new OpenSSL::OCSP::CertificateId for the given _subject_ and
1494
1495
  * _issuer_ X509 certificates. The _digest_ is a digest algorithm that is used
1495
1496
  * to compute the hash values. This defaults to SHA-1.
1496
1497
  *
1497
1498
  * If only one argument is given, decodes it as DER representation of a
1498
- * certificate ID.
1499
+ * certificate ID or generates certificate ID from the object that responds to
1500
+ * the to_der method.
1499
1501
  */
1500
1502
  static VALUE
1501
1503
  ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
@@ -1717,7 +1719,7 @@ Init_ossl_ocsp(void)
1717
1719
  * subject certificate so the CA knows which certificate we are asking
1718
1720
  * about:
1719
1721
  *
1720
- * digest = OpenSSL::Digest::SHA1.new
1722
+ * digest = OpenSSL::Digest.new('SHA1')
1721
1723
  * certificate_id =
1722
1724
  * OpenSSL::OCSP::CertificateId.new subject, issuer, digest
1723
1725
  *
@@ -1734,18 +1736,11 @@ Init_ossl_ocsp(void)
1734
1736
  * To submit the request to the CA for verification we need to extract the
1735
1737
  * OCSP URI from the subject certificate:
1736
1738
  *
1737
- * authority_info_access = subject.extensions.find do |extension|
1738
- * extension.oid == 'authorityInfoAccess'
1739
- * end
1740
- *
1741
- * descriptions = authority_info_access.value.split "\n"
1742
- * ocsp = descriptions.find do |description|
1743
- * description.start_with? 'OCSP'
1744
- * end
1739
+ * ocsp_uris = subject.ocsp_uris
1745
1740
  *
1746
1741
  * require 'uri'
1747
1742
  *
1748
- * ocsp_uri = URI ocsp[/URI:(.*)/, 1]
1743
+ * ocsp_uri = URI ocsp_uris[0]
1749
1744
  *
1750
1745
  * To submit the request we'll POST the request to the OCSP URI (per RFC
1751
1746
  * 2560). Note that we only handle HTTP requests and don't handle any
@@ -13,9 +13,9 @@
13
13
 
14
14
  #if !defined(OPENSSL_NO_OCSP)
15
15
  extern VALUE mOCSP;
16
- extern VALUE cOPCSReq;
17
- extern VALUE cOPCSRes;
18
- extern VALUE cOPCSBasicRes;
16
+ extern VALUE cOCSPReq;
17
+ extern VALUE cOCSPRes;
18
+ extern VALUE cOCSPBasicRes;
19
19
  #endif
20
20
 
21
21
  void Init_ossl_ocsp(void);
@@ -232,6 +232,7 @@ ossl_pkcs12_to_der(VALUE self)
232
232
  void
233
233
  Init_ossl_pkcs12(void)
234
234
  {
235
+ #undef rb_intern
235
236
  #if 0
236
237
  mOSSL = rb_define_module("OpenSSL");
237
238
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -9,21 +9,6 @@
9
9
  */
10
10
  #include "ossl.h"
11
11
 
12
- #define NewPKCS7(klass) \
13
- TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0)
14
- #define SetPKCS7(obj, pkcs7) do { \
15
- if (!(pkcs7)) { \
16
- ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
17
- } \
18
- RTYPEDDATA_DATA(obj) = (pkcs7); \
19
- } while (0)
20
- #define GetPKCS7(obj, pkcs7) do { \
21
- TypedData_Get_Struct((obj), PKCS7, &ossl_pkcs7_type, (pkcs7)); \
22
- if (!(pkcs7)) { \
23
- ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
24
- } \
25
- } while (0)
26
-
27
12
  #define NewPKCS7si(klass) \
28
13
  TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0)
29
14
  #define SetPKCS7si(obj, p7si) do { \
@@ -75,7 +60,7 @@ ossl_pkcs7_free(void *ptr)
75
60
  PKCS7_free(ptr);
76
61
  }
77
62
 
78
- static const rb_data_type_t ossl_pkcs7_type = {
63
+ const rb_data_type_t ossl_pkcs7_type = {
79
64
  "OpenSSL/PKCS7",
80
65
  {
81
66
  0, ossl_pkcs7_free,
@@ -803,9 +788,9 @@ ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self)
803
788
  BIO *out;
804
789
  VALUE str;
805
790
 
806
- rb_scan_args(argc, argv, "21", &pkey, &cert, &flags);
791
+ rb_scan_args(argc, argv, "12", &pkey, &cert, &flags);
807
792
  key = GetPrivPKeyPtr(pkey); /* NO NEED TO DUP */
808
- x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
793
+ x509 = NIL_P(cert) ? NULL : GetX509CertPtr(cert); /* NO NEED TO DUP */
809
794
  flg = NIL_P(flags) ? 0 : NUM2INT(flags);
810
795
  GetPKCS7(self, p7);
811
796
  if(!(out = BIO_new(BIO_s_mem())))
@@ -1042,6 +1027,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
1042
1027
  void
1043
1028
  Init_ossl_pkcs7(void)
1044
1029
  {
1030
+ #undef rb_intern
1045
1031
  #if 0
1046
1032
  mOSSL = rb_define_module("OpenSSL");
1047
1033
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -1087,7 +1073,6 @@ Init_ossl_pkcs7(void)
1087
1073
  rb_define_alloc_func(cPKCS7Signer, ossl_pkcs7si_alloc);
1088
1074
  rb_define_method(cPKCS7Signer, "initialize", ossl_pkcs7si_initialize,3);
1089
1075
  rb_define_method(cPKCS7Signer, "issuer", ossl_pkcs7si_get_issuer, 0);
1090
- rb_define_alias(cPKCS7Signer, "name", "issuer");
1091
1076
  rb_define_method(cPKCS7Signer, "serial", ossl_pkcs7si_get_serial,0);
1092
1077
  rb_define_method(cPKCS7Signer,"signed_time",ossl_pkcs7si_get_signed_time,0);
1093
1078
 
@@ -10,6 +10,22 @@
10
10
  #if !defined(_OSSL_PKCS7_H_)
11
11
  #define _OSSL_PKCS7_H_
12
12
 
13
+ #define NewPKCS7(klass) \
14
+ TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0)
15
+ #define SetPKCS7(obj, pkcs7) do { \
16
+ if (!(pkcs7)) { \
17
+ ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
18
+ } \
19
+ RTYPEDDATA_DATA(obj) = (pkcs7); \
20
+ } while (0)
21
+ #define GetPKCS7(obj, pkcs7) do { \
22
+ TypedData_Get_Struct((obj), PKCS7, &ossl_pkcs7_type, (pkcs7)); \
23
+ if (!(pkcs7)) { \
24
+ ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
25
+ } \
26
+ } while (0)
27
+
28
+ extern const rb_data_type_t ossl_pkcs7_type;
13
29
  extern VALUE cPKCS7;
14
30
  extern VALUE cPKCS7Signer;
15
31
  extern VALUE cPKCS7Recipient;