openssl 2.1.2 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +9 -7
- data/History.md +77 -0
- data/README.md +2 -2
- data/ext/openssl/extconf.rb +24 -14
- data/ext/openssl/openssl_missing.h +37 -2
- data/ext/openssl/ossl.c +51 -25
- data/ext/openssl/ossl.h +8 -5
- data/ext/openssl/ossl_asn1.c +26 -1
- data/ext/openssl/ossl_bn.c +9 -3
- data/ext/openssl/ossl_cipher.c +33 -24
- data/ext/openssl/ossl_digest.c +16 -51
- data/ext/openssl/ossl_engine.c +2 -12
- data/ext/openssl/ossl_hmac.c +5 -11
- data/ext/openssl/ossl_kdf.c +3 -19
- data/ext/openssl/ossl_ns_spki.c +1 -1
- data/ext/openssl/ossl_ocsp.c +6 -11
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs7.c +3 -19
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +180 -14
- data/ext/openssl/ossl_pkey.h +5 -5
- data/ext/openssl/ossl_pkey_dh.c +1 -1
- data/ext/openssl/ossl_pkey_dsa.c +2 -2
- data/ext/openssl/ossl_pkey_ec.c +29 -0
- data/ext/openssl/ossl_pkey_rsa.c +17 -9
- data/ext/openssl/ossl_rand.c +2 -40
- data/ext/openssl/ossl_ssl.c +109 -25
- data/ext/openssl/ossl_ts.c +1514 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509.c +91 -0
- data/ext/openssl/ossl_x509cert.c +2 -2
- data/ext/openssl/ossl_x509ext.c +14 -0
- data/ext/openssl/ossl_x509name.c +8 -4
- data/ext/openssl/ossl_x509store.c +0 -2
- data/lib/openssl.rb +25 -9
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +33 -17
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/config.rb +53 -26
- data/lib/openssl/digest.rb +10 -12
- data/lib/openssl/hmac.rb +13 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +18 -1
- data/lib/openssl/ssl.rb +46 -7
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +155 -1
- metadata +8 -6
- data/ext/openssl/deprecation.rb +0 -23
- data/ext/openssl/ossl_version.h +0 -15
data/ext/openssl/ossl.h
CHANGED
@@ -13,8 +13,8 @@
|
|
13
13
|
#include RUBY_EXTCONF_H
|
14
14
|
|
15
15
|
#include <assert.h>
|
16
|
-
#include <errno.h>
|
17
16
|
#include <ruby.h>
|
17
|
+
#include <errno.h>
|
18
18
|
#include <ruby/io.h>
|
19
19
|
#include <ruby/thread.h>
|
20
20
|
#include <openssl/opensslv.h>
|
@@ -27,7 +27,9 @@
|
|
27
27
|
#include <openssl/hmac.h>
|
28
28
|
#include <openssl/rand.h>
|
29
29
|
#include <openssl/conf.h>
|
30
|
-
#
|
30
|
+
#ifndef OPENSSL_NO_TS
|
31
|
+
#include <openssl/ts.h>
|
32
|
+
#endif
|
31
33
|
#include <openssl/crypto.h>
|
32
34
|
#if !defined(OPENSSL_NO_ENGINE)
|
33
35
|
# include <openssl/engine.h>
|
@@ -86,9 +88,8 @@ VALUE ossl_buf2str(char *buf, int len);
|
|
86
88
|
VALUE ossl_str_new(const char *, long, int *);
|
87
89
|
#define ossl_str_adjust(str, p) \
|
88
90
|
do{\
|
89
|
-
long len = RSTRING_LEN(str);\
|
90
91
|
long newlen = (long)((p) - (unsigned char*)RSTRING_PTR(str));\
|
91
|
-
assert(newlen <=
|
92
|
+
assert(newlen <= RSTRING_LEN(str));\
|
92
93
|
rb_str_set_len((str), newlen);\
|
93
94
|
}while(0)
|
94
95
|
/*
|
@@ -168,7 +169,9 @@ void ossl_debug(const char *, ...);
|
|
168
169
|
#include "ossl_pkey.h"
|
169
170
|
#include "ossl_rand.h"
|
170
171
|
#include "ossl_ssl.h"
|
171
|
-
#
|
172
|
+
#ifndef OPENSSL_NO_TS
|
173
|
+
#include "ossl_ts.h"
|
174
|
+
#endif
|
172
175
|
#include "ossl_x509.h"
|
173
176
|
#include "ossl_engine.h"
|
174
177
|
#include "ossl_kdf.h"
|
data/ext/openssl/ossl_asn1.c
CHANGED
@@ -1285,6 +1285,30 @@ ossl_asn1obj_get_ln(VALUE self)
|
|
1285
1285
|
return ret;
|
1286
1286
|
}
|
1287
1287
|
|
1288
|
+
/*
|
1289
|
+
* call-seq:
|
1290
|
+
* oid == other_oid => true or false
|
1291
|
+
*
|
1292
|
+
* Returns +true+ if _other_oid_ is the same as _oid_
|
1293
|
+
*/
|
1294
|
+
static VALUE
|
1295
|
+
ossl_asn1obj_eq(VALUE self, VALUE other)
|
1296
|
+
{
|
1297
|
+
VALUE valSelf, valOther;
|
1298
|
+
int nidSelf, nidOther;
|
1299
|
+
|
1300
|
+
valSelf = ossl_asn1_get_value(self);
|
1301
|
+
valOther = ossl_asn1_get_value(other);
|
1302
|
+
|
1303
|
+
if ((nidSelf = OBJ_txt2nid(StringValueCStr(valSelf))) == NID_undef)
|
1304
|
+
ossl_raise(eASN1Error, "OBJ_txt2nid");
|
1305
|
+
|
1306
|
+
if ((nidOther = OBJ_txt2nid(StringValueCStr(valOther))) == NID_undef)
|
1307
|
+
ossl_raise(eASN1Error, "OBJ_txt2nid");
|
1308
|
+
|
1309
|
+
return nidSelf == nidOther ? Qtrue : Qfalse;
|
1310
|
+
}
|
1311
|
+
|
1288
1312
|
static VALUE
|
1289
1313
|
asn1obj_get_oid_i(VALUE vobj)
|
1290
1314
|
{
|
@@ -1818,12 +1842,14 @@ do{\
|
|
1818
1842
|
rb_define_method(cASN1ObjectId, "oid", ossl_asn1obj_get_oid, 0);
|
1819
1843
|
rb_define_alias(cASN1ObjectId, "short_name", "sn");
|
1820
1844
|
rb_define_alias(cASN1ObjectId, "long_name", "ln");
|
1845
|
+
rb_define_method(cASN1ObjectId, "==", ossl_asn1obj_eq, 1);
|
1821
1846
|
rb_attr(cASN1BitString, rb_intern("unused_bits"), 1, 1, 0);
|
1822
1847
|
|
1823
1848
|
rb_define_method(cASN1EndOfContent, "initialize", ossl_asn1eoc_initialize, 0);
|
1824
1849
|
rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
|
1825
1850
|
|
1826
1851
|
class_tag_map = rb_hash_new();
|
1852
|
+
rb_gc_register_mark_object(class_tag_map);
|
1827
1853
|
rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
|
1828
1854
|
rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
|
1829
1855
|
rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
|
@@ -1847,7 +1873,6 @@ do{\
|
|
1847
1873
|
rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
|
1848
1874
|
rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
|
1849
1875
|
rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
|
1850
|
-
rb_global_variable(&class_tag_map);
|
1851
1876
|
|
1852
1877
|
id_each = rb_intern_const("each");
|
1853
1878
|
}
|
data/ext/openssl/ossl_bn.c
CHANGED
@@ -173,7 +173,6 @@ ossl_bn_alloc(VALUE klass)
|
|
173
173
|
|
174
174
|
/*
|
175
175
|
* call-seq:
|
176
|
-
* OpenSSL::BN.new => aBN
|
177
176
|
* OpenSSL::BN.new(bn) => aBN
|
178
177
|
* OpenSSL::BN.new(integer) => aBN
|
179
178
|
* OpenSSL::BN.new(string) => aBN
|
@@ -187,11 +186,16 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
|
187
186
|
BIGNUM *bn;
|
188
187
|
VALUE str, bs;
|
189
188
|
int base = 10;
|
189
|
+
char *ptr;
|
190
190
|
|
191
191
|
if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) {
|
192
192
|
base = NUM2INT(bs);
|
193
193
|
}
|
194
194
|
|
195
|
+
if (NIL_P(str)) {
|
196
|
+
ossl_raise(rb_eArgError, "invalid argument");
|
197
|
+
}
|
198
|
+
|
195
199
|
if (RB_INTEGER_TYPE_P(str)) {
|
196
200
|
GetBN(self, bn);
|
197
201
|
integer_to_bnptr(str, bn);
|
@@ -213,12 +217,14 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
|
213
217
|
GetBN(self, bn);
|
214
218
|
switch (base) {
|
215
219
|
case 0:
|
216
|
-
|
220
|
+
ptr = StringValuePtr(str);
|
221
|
+
if (!BN_mpi2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
|
217
222
|
ossl_raise(eBNError, NULL);
|
218
223
|
}
|
219
224
|
break;
|
220
225
|
case 2:
|
221
|
-
|
226
|
+
ptr = StringValuePtr(str);
|
227
|
+
if (!BN_bin2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
|
222
228
|
ossl_raise(eBNError, NULL);
|
223
229
|
}
|
224
230
|
break;
|
data/ext/openssl/ossl_cipher.c
CHANGED
@@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass)
|
|
104
104
|
* call-seq:
|
105
105
|
* Cipher.new(string) -> cipher
|
106
106
|
*
|
107
|
-
* The string must
|
107
|
+
* The string must contain a valid cipher name like "AES-256-CBC".
|
108
108
|
*
|
109
109
|
* A list of cipher names is available by calling OpenSSL::Cipher.ciphers.
|
110
110
|
*/
|
@@ -237,8 +237,7 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
|
|
237
237
|
ossl_raise(eCipherError, NULL);
|
238
238
|
}
|
239
239
|
|
240
|
-
|
241
|
-
rb_ivar_set(self, id_key_set, Qtrue);
|
240
|
+
rb_ivar_set(self, id_key_set, p_key ? Qtrue : Qfalse);
|
242
241
|
|
243
242
|
return self;
|
244
243
|
}
|
@@ -814,6 +813,31 @@ ossl_cipher_block_size(VALUE self)
|
|
814
813
|
return INT2NUM(EVP_CIPHER_CTX_block_size(ctx));
|
815
814
|
}
|
816
815
|
|
816
|
+
/*
|
817
|
+
* call-seq:
|
818
|
+
* cipher.ccm_data_len = integer -> integer
|
819
|
+
*
|
820
|
+
* Sets the length of the plaintext / ciphertext message that will be
|
821
|
+
* processed in CCM mode. Make sure to call this method after #key= and
|
822
|
+
* #iv= have been set, and before #auth_data=.
|
823
|
+
*
|
824
|
+
* Only call this method after calling Cipher#encrypt or Cipher#decrypt.
|
825
|
+
*/
|
826
|
+
static VALUE
|
827
|
+
ossl_cipher_set_ccm_data_len(VALUE self, VALUE data_len)
|
828
|
+
{
|
829
|
+
int in_len, out_len;
|
830
|
+
EVP_CIPHER_CTX *ctx;
|
831
|
+
|
832
|
+
in_len = NUM2INT(data_len);
|
833
|
+
|
834
|
+
GetCipher(self, ctx);
|
835
|
+
if (EVP_CipherUpdate(ctx, NULL, &out_len, NULL, in_len) != 1)
|
836
|
+
ossl_raise(eCipherError, NULL);
|
837
|
+
|
838
|
+
return data_len;
|
839
|
+
}
|
840
|
+
|
817
841
|
/*
|
818
842
|
* INIT
|
819
843
|
*/
|
@@ -852,22 +876,6 @@ Init_ossl_cipher(void)
|
|
852
876
|
*
|
853
877
|
* cipher = OpenSSL::Cipher.new('AES-128-CBC')
|
854
878
|
*
|
855
|
-
* For each algorithm supported, there is a class defined under the
|
856
|
-
* Cipher class that goes by the name of the cipher, e.g. to obtain an
|
857
|
-
* instance of AES, you could also use
|
858
|
-
*
|
859
|
-
* # these are equivalent
|
860
|
-
* cipher = OpenSSL::Cipher::AES.new(128, :CBC)
|
861
|
-
* cipher = OpenSSL::Cipher::AES.new(128, 'CBC')
|
862
|
-
* cipher = OpenSSL::Cipher::AES.new('128-CBC')
|
863
|
-
*
|
864
|
-
* Finally, due to its wide-spread use, there are also extra classes
|
865
|
-
* defined for the different key sizes of AES
|
866
|
-
*
|
867
|
-
* cipher = OpenSSL::Cipher::AES128.new(:CBC)
|
868
|
-
* cipher = OpenSSL::Cipher::AES192.new(:CBC)
|
869
|
-
* cipher = OpenSSL::Cipher::AES256.new(:CBC)
|
870
|
-
*
|
871
879
|
* === Choosing either encryption or decryption mode
|
872
880
|
*
|
873
881
|
* Encryption and decryption are often very similar operations for
|
@@ -896,7 +904,7 @@ Init_ossl_cipher(void)
|
|
896
904
|
* without processing the password further. A simple and secure way to
|
897
905
|
* create a key for a particular Cipher is
|
898
906
|
*
|
899
|
-
* cipher = OpenSSL::
|
907
|
+
* cipher = OpenSSL::Cipher.new('AES-256-CFB')
|
900
908
|
* cipher.encrypt
|
901
909
|
* key = cipher.random_key # also sets the generated key on the Cipher
|
902
910
|
*
|
@@ -964,14 +972,14 @@ Init_ossl_cipher(void)
|
|
964
972
|
*
|
965
973
|
* data = "Very, very confidential data"
|
966
974
|
*
|
967
|
-
* cipher = OpenSSL::Cipher
|
975
|
+
* cipher = OpenSSL::Cipher.new('AES-128-CBC')
|
968
976
|
* cipher.encrypt
|
969
977
|
* key = cipher.random_key
|
970
978
|
* iv = cipher.random_iv
|
971
979
|
*
|
972
980
|
* encrypted = cipher.update(data) + cipher.final
|
973
981
|
* ...
|
974
|
-
* decipher = OpenSSL::Cipher
|
982
|
+
* decipher = OpenSSL::Cipher.new('AES-128-CBC')
|
975
983
|
* decipher.decrypt
|
976
984
|
* decipher.key = key
|
977
985
|
* decipher.iv = iv
|
@@ -1007,7 +1015,7 @@ Init_ossl_cipher(void)
|
|
1007
1015
|
* not to reuse the _key_ and _nonce_ pair. Reusing an nonce ruins the
|
1008
1016
|
* security guarantees of GCM mode.
|
1009
1017
|
*
|
1010
|
-
* cipher = OpenSSL::Cipher
|
1018
|
+
* cipher = OpenSSL::Cipher.new('AES-128-GCM').encrypt
|
1011
1019
|
* cipher.key = key
|
1012
1020
|
* cipher.iv = nonce
|
1013
1021
|
* cipher.auth_data = auth_data
|
@@ -1023,7 +1031,7 @@ Init_ossl_cipher(void)
|
|
1023
1031
|
* ciphertext with a probability of 1/256.
|
1024
1032
|
*
|
1025
1033
|
* raise "tag is truncated!" unless tag.bytesize == 16
|
1026
|
-
* decipher = OpenSSL::Cipher
|
1034
|
+
* decipher = OpenSSL::Cipher.new('AES-128-GCM').decrypt
|
1027
1035
|
* decipher.key = key
|
1028
1036
|
* decipher.iv = nonce
|
1029
1037
|
* decipher.auth_tag = tag
|
@@ -1060,6 +1068,7 @@ Init_ossl_cipher(void)
|
|
1060
1068
|
rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
|
1061
1069
|
rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0);
|
1062
1070
|
rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1);
|
1071
|
+
rb_define_method(cCipher, "ccm_data_len=", ossl_cipher_set_ccm_data_len, 1);
|
1063
1072
|
|
1064
1073
|
id_auth_tag_len = rb_intern_const("auth_tag_len");
|
1065
1074
|
id_key_set = rb_intern_const("key_set");
|
data/ext/openssl/ossl_digest.c
CHANGED
@@ -192,7 +192,7 @@ ossl_digest_reset(VALUE self)
|
|
192
192
|
* be passed individually to the Digest instance.
|
193
193
|
*
|
194
194
|
* === Example
|
195
|
-
* digest = OpenSSL::Digest
|
195
|
+
* digest = OpenSSL::Digest.new('SHA256')
|
196
196
|
* digest.update('First input')
|
197
197
|
* digest << 'Second input' # equivalent to digest.update('Second input')
|
198
198
|
* result = digest.digest
|
@@ -248,7 +248,7 @@ ossl_digest_finish(int argc, VALUE *argv, VALUE self)
|
|
248
248
|
* Returns the sn of this Digest algorithm.
|
249
249
|
*
|
250
250
|
* === Example
|
251
|
-
* digest = OpenSSL::Digest
|
251
|
+
* digest = OpenSSL::Digest.new('SHA512')
|
252
252
|
* puts digest.name # => SHA512
|
253
253
|
*
|
254
254
|
*/
|
@@ -270,7 +270,7 @@ ossl_digest_name(VALUE self)
|
|
270
270
|
* final message digest result.
|
271
271
|
*
|
272
272
|
* === Example
|
273
|
-
* digest = OpenSSL::Digest
|
273
|
+
* digest = OpenSSL::Digest.new('SHA1')
|
274
274
|
* puts digest.digest_length # => 20
|
275
275
|
*
|
276
276
|
*/
|
@@ -294,7 +294,7 @@ ossl_digest_size(VALUE self)
|
|
294
294
|
* consecutively.
|
295
295
|
*
|
296
296
|
* === Example
|
297
|
-
* digest = OpenSSL::Digest
|
297
|
+
* digest = OpenSSL::Digest.new('SHA1')
|
298
298
|
* puts digest.block_length # => 64
|
299
299
|
*/
|
300
300
|
static VALUE
|
@@ -348,54 +348,19 @@ Init_ossl_digest(void)
|
|
348
348
|
* the integrity of a signed document, it suffices to re-compute the hash
|
349
349
|
* and verify that it is equal to that in the signature.
|
350
350
|
*
|
351
|
-
*
|
352
|
-
*
|
353
|
-
* * MD2, MD4, MDC2 and MD5
|
354
|
-
* * RIPEMD160
|
355
|
-
* * DSS, DSS1 (Pseudo algorithms to be used for DSA signatures. DSS is
|
356
|
-
* equal to SHA and DSS1 is equal to SHA1)
|
351
|
+
* You can get a list of all digest algorithms supported on your system by
|
352
|
+
* running this command in your terminal:
|
357
353
|
*
|
358
|
-
*
|
359
|
-
* can be instantiated as simply as e.g.
|
354
|
+
* openssl list -digest-algorithms
|
360
355
|
*
|
361
|
-
*
|
356
|
+
* Among the OpenSSL 1.1.1 supported message digest algorithms are:
|
357
|
+
* * SHA224, SHA256, SHA384, SHA512, SHA512-224 and SHA512-256
|
358
|
+
* * SHA3-224, SHA3-256, SHA3-384 and SHA3-512
|
359
|
+
* * BLAKE2s256 and BLAKE2b512
|
362
360
|
*
|
363
|
-
*
|
361
|
+
* Each of these algorithms can be instantiated using the name:
|
364
362
|
*
|
365
|
-
*
|
366
|
-
* <openssl/object.h> and <openssl/obj_mac.h>. They are textual
|
367
|
-
* representations of ASN.1 OBJECT IDENTIFIERs. Each supported digest
|
368
|
-
* algorithm has an OBJECT IDENTIFIER associated to it and those again
|
369
|
-
* have short/long names assigned to them.
|
370
|
-
* E.g. the OBJECT IDENTIFIER for SHA-1 is 1.3.14.3.2.26 and its
|
371
|
-
* sn is "SHA1" and its ln is "sha1".
|
372
|
-
* ==== MD2
|
373
|
-
* * sn: MD2
|
374
|
-
* * ln: md2
|
375
|
-
* ==== MD4
|
376
|
-
* * sn: MD4
|
377
|
-
* * ln: md4
|
378
|
-
* ==== MD5
|
379
|
-
* * sn: MD5
|
380
|
-
* * ln: md5
|
381
|
-
* ==== SHA
|
382
|
-
* * sn: SHA
|
383
|
-
* * ln: SHA
|
384
|
-
* ==== SHA-1
|
385
|
-
* * sn: SHA1
|
386
|
-
* * ln: sha1
|
387
|
-
* ==== SHA-224
|
388
|
-
* * sn: SHA224
|
389
|
-
* * ln: sha224
|
390
|
-
* ==== SHA-256
|
391
|
-
* * sn: SHA256
|
392
|
-
* * ln: sha256
|
393
|
-
* ==== SHA-384
|
394
|
-
* * sn: SHA384
|
395
|
-
* * ln: sha384
|
396
|
-
* ==== SHA-512
|
397
|
-
* * sn: SHA512
|
398
|
-
* * ln: sha512
|
363
|
+
* digest = OpenSSL::Digest.new('SHA256')
|
399
364
|
*
|
400
365
|
* "Breaking" a message digest algorithm means defying its one-way
|
401
366
|
* function characteristics, i.e. producing a collision or finding a way
|
@@ -408,7 +373,7 @@ Init_ossl_digest(void)
|
|
408
373
|
* === Hashing a file
|
409
374
|
*
|
410
375
|
* data = File.read('document')
|
411
|
-
* sha256 = OpenSSL::Digest
|
376
|
+
* sha256 = OpenSSL::Digest.new('SHA256')
|
412
377
|
* digest = sha256.digest(data)
|
413
378
|
*
|
414
379
|
* === Hashing several pieces of data at once
|
@@ -416,7 +381,7 @@ Init_ossl_digest(void)
|
|
416
381
|
* data1 = File.read('file1')
|
417
382
|
* data2 = File.read('file2')
|
418
383
|
* data3 = File.read('file3')
|
419
|
-
* sha256 = OpenSSL::Digest
|
384
|
+
* sha256 = OpenSSL::Digest.new('SHA256')
|
420
385
|
* sha256 << data1
|
421
386
|
* sha256 << data2
|
422
387
|
* sha256 << data3
|
@@ -425,7 +390,7 @@ Init_ossl_digest(void)
|
|
425
390
|
* === Reuse a Digest instance
|
426
391
|
*
|
427
392
|
* data1 = File.read('file1')
|
428
|
-
* sha256 = OpenSSL::Digest
|
393
|
+
* sha256 = OpenSSL::Digest.new('SHA256')
|
429
394
|
* digest1 = sha256.digest(data1)
|
430
395
|
*
|
431
396
|
* data2 = File.read('file2')
|
data/ext/openssl/ossl_engine.c
CHANGED
@@ -93,9 +93,6 @@ static const rb_data_type_t ossl_engine_type = {
|
|
93
93
|
static VALUE
|
94
94
|
ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
|
95
95
|
{
|
96
|
-
#if !defined(HAVE_ENGINE_LOAD_BUILTIN_ENGINES)
|
97
|
-
return Qnil;
|
98
|
-
#else
|
99
96
|
VALUE name;
|
100
97
|
|
101
98
|
rb_scan_args(argc, argv, "01", &name);
|
@@ -104,10 +101,10 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
|
|
104
101
|
return Qtrue;
|
105
102
|
}
|
106
103
|
StringValueCStr(name);
|
107
|
-
#ifndef OPENSSL_NO_STATIC_ENGINE
|
108
104
|
#if HAVE_ENGINE_LOAD_DYNAMIC
|
109
105
|
OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC);
|
110
106
|
#endif
|
107
|
+
#ifndef OPENSSL_NO_STATIC_ENGINE
|
111
108
|
#if HAVE_ENGINE_LOAD_4758CCA
|
112
109
|
OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA);
|
113
110
|
#endif
|
@@ -144,20 +141,13 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
|
|
144
141
|
#if HAVE_ENGINE_LOAD_GOST
|
145
142
|
OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST);
|
146
143
|
#endif
|
144
|
+
#endif
|
147
145
|
#if HAVE_ENGINE_LOAD_CRYPTODEV
|
148
146
|
OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV);
|
149
|
-
#endif
|
150
|
-
#if HAVE_ENGINE_LOAD_AESNI
|
151
|
-
OSSL_ENGINE_LOAD_IF_MATCH(aesni, AESNI);
|
152
|
-
#endif
|
153
|
-
#endif
|
154
|
-
#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
|
155
|
-
OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto, OPENBSD_DEV_CRYPTO);
|
156
147
|
#endif
|
157
148
|
OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL);
|
158
149
|
rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
|
159
150
|
return Qnil;
|
160
|
-
#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
|
161
151
|
}
|
162
152
|
|
163
153
|
/*
|
data/ext/openssl/ossl_hmac.c
CHANGED
@@ -84,18 +84,12 @@ ossl_hmac_alloc(VALUE klass)
|
|
84
84
|
*
|
85
85
|
* === A note about comparisons
|
86
86
|
*
|
87
|
-
* Two instances
|
88
|
-
* same value. Use #to_s or #hexdigest to return the authentication code that
|
89
|
-
* the instance represents. For example:
|
87
|
+
* Two instances can be securely compared with #== in constant time:
|
90
88
|
*
|
91
89
|
* other_instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
|
92
|
-
*
|
93
|
-
*
|
94
|
-
*
|
95
|
-
* instance == other_instance
|
96
|
-
* #=> false
|
97
|
-
* instance.to_s == other_instance.to_s
|
98
|
-
* #=> true
|
90
|
+
* #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
|
91
|
+
* instance == other_instance
|
92
|
+
* #=> true
|
99
93
|
*
|
100
94
|
*/
|
101
95
|
static VALUE
|
@@ -359,7 +353,7 @@ Init_ossl_hmac(void)
|
|
359
353
|
* data1 = File.read("file1")
|
360
354
|
* data2 = File.read("file2")
|
361
355
|
* key = "key"
|
362
|
-
* digest = OpenSSL::Digest
|
356
|
+
* digest = OpenSSL::Digest.new('SHA256')
|
363
357
|
* hmac = OpenSSL::HMAC.new(key, digest)
|
364
358
|
* hmac << data1
|
365
359
|
* hmac << data2
|