openssl 2.1.2 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +232 -0
  4. data/README.md +2 -2
  5. data/ext/openssl/extconf.rb +61 -46
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +60 -44
  8. data/ext/openssl/ossl.c +112 -66
  9. data/ext/openssl/ossl.h +28 -11
  10. data/ext/openssl/ossl_asn1.c +42 -5
  11. data/ext/openssl/ossl_bn.c +276 -146
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +38 -29
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +31 -62
  17. data/ext/openssl/ossl_engine.c +18 -27
  18. data/ext/openssl/ossl_hmac.c +52 -145
  19. data/ext/openssl/ossl_kdf.c +11 -19
  20. data/ext/openssl/ossl_ns_spki.c +1 -1
  21. data/ext/openssl/ossl_ocsp.c +9 -62
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +21 -3
  24. data/ext/openssl/ossl_pkcs7.c +45 -78
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1255 -178
  27. data/ext/openssl/ossl_pkey.h +40 -77
  28. data/ext/openssl/ossl_pkey_dh.c +125 -335
  29. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  30. data/ext/openssl/ossl_pkey_ec.c +155 -318
  31. data/ext/openssl/ossl_pkey_rsa.c +105 -484
  32. data/ext/openssl/ossl_rand.c +2 -40
  33. data/ext/openssl/ossl_ssl.c +395 -364
  34. data/ext/openssl/ossl_ssl_session.c +24 -29
  35. data/ext/openssl/ossl_ts.c +1539 -0
  36. data/ext/openssl/ossl_ts.h +16 -0
  37. data/ext/openssl/ossl_x509.c +86 -1
  38. data/ext/openssl/ossl_x509cert.c +166 -10
  39. data/ext/openssl/ossl_x509crl.c +10 -7
  40. data/ext/openssl/ossl_x509ext.c +15 -2
  41. data/ext/openssl/ossl_x509name.c +16 -5
  42. data/ext/openssl/ossl_x509req.c +10 -7
  43. data/ext/openssl/ossl_x509store.c +193 -92
  44. data/lib/openssl/bn.rb +1 -1
  45. data/lib/openssl/buffering.rb +42 -17
  46. data/lib/openssl/cipher.rb +1 -1
  47. data/lib/openssl/digest.rb +10 -12
  48. data/lib/openssl/hmac.rb +78 -0
  49. data/lib/openssl/marshal.rb +30 -0
  50. data/lib/openssl/pkcs5.rb +1 -1
  51. data/lib/openssl/pkey.rb +435 -1
  52. data/lib/openssl/ssl.rb +53 -14
  53. data/lib/openssl/version.rb +5 -0
  54. data/lib/openssl/x509.rb +177 -1
  55. data/lib/openssl.rb +24 -9
  56. metadata +13 -69
  57. data/ext/openssl/deprecation.rb +0 -23
  58. data/ext/openssl/ossl_version.h +0 -15
  59. data/ext/openssl/ruby_missing.h +0 -24
  60. data/lib/openssl/config.rb +0 -474
@@ -1,5 +1,5 @@
1
1
  # coding: binary
2
- # frozen_string_literal: false
2
+ # frozen_string_literal: true
3
3
  #--
4
4
  #= Info
5
5
  # 'OpenSSL for Ruby 2' project
@@ -22,6 +22,29 @@
22
22
  module OpenSSL::Buffering
23
23
  include Enumerable
24
24
 
25
+ # A buffer which will retain binary encoding.
26
+ class Buffer < String
27
+ BINARY = Encoding::BINARY
28
+
29
+ def initialize
30
+ super
31
+
32
+ force_encoding(BINARY)
33
+ end
34
+
35
+ def << string
36
+ if string.encoding == BINARY
37
+ super(string)
38
+ else
39
+ super(string.b)
40
+ end
41
+
42
+ return self
43
+ end
44
+
45
+ alias concat <<
46
+ end
47
+
25
48
  ##
26
49
  # The "sync mode" of the SSLSocket.
27
50
  #
@@ -40,7 +63,7 @@ module OpenSSL::Buffering
40
63
  def initialize(*)
41
64
  super
42
65
  @eof = false
43
- @rbuffer = ""
66
+ @rbuffer = Buffer.new
44
67
  @sync = @io.sync
45
68
  end
46
69
 
@@ -78,6 +101,15 @@ module OpenSSL::Buffering
78
101
 
79
102
  public
80
103
 
104
+ # call-seq:
105
+ # ssl.getbyte => 81
106
+ #
107
+ # Get the next 8bit byte from `ssl`. Returns `nil` on EOF
108
+ def getbyte
109
+ byte = read(1)
110
+ byte && byte.unpack1("C")
111
+ end
112
+
81
113
  ##
82
114
  # Reads _size_ bytes from the stream. If _buf_ is provided it must
83
115
  # reference a string which will receive the data.
@@ -312,24 +344,19 @@ module OpenSSL::Buffering
312
344
  # buffer is flushed to the underlying socket.
313
345
 
314
346
  def do_write(s)
315
- @wbuffer = "" unless defined? @wbuffer
347
+ @wbuffer = Buffer.new unless defined? @wbuffer
316
348
  @wbuffer << s
317
349
  @wbuffer.force_encoding(Encoding::BINARY)
318
350
  @sync ||= false
319
- if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
320
- remain = idx ? idx + $/.size : @wbuffer.length
321
- nwritten = 0
322
- while remain > 0
323
- str = @wbuffer[nwritten,remain]
351
+ if @sync or @wbuffer.size > BLOCK_SIZE
352
+ until @wbuffer.empty?
324
353
  begin
325
- nwrote = syswrite(str)
354
+ nwrote = syswrite(@wbuffer)
326
355
  rescue Errno::EAGAIN
327
356
  retry
328
357
  end
329
- remain -= nwrote
330
- nwritten += nwrote
358
+ @wbuffer[0, nwrote] = ""
331
359
  end
332
- @wbuffer[0,nwritten] = ""
333
360
  end
334
361
  end
335
362
 
@@ -403,15 +430,13 @@ module OpenSSL::Buffering
403
430
  # See IO#puts for full details.
404
431
 
405
432
  def puts(*args)
406
- s = ""
433
+ s = Buffer.new
407
434
  if args.empty?
408
435
  s << "\n"
409
436
  end
410
437
  args.each{|arg|
411
438
  s << arg.to_s
412
- if $/ && /\n\z/ !~ s
413
- s << "\n"
414
- end
439
+ s.sub!(/(?<!\n)\z/, "\n")
415
440
  }
416
441
  do_write(s)
417
442
  nil
@@ -423,7 +448,7 @@ module OpenSSL::Buffering
423
448
  # See IO#print for full details.
424
449
 
425
450
  def print(*args)
426
- s = ""
451
+ s = Buffer.new
427
452
  args.each{ |arg| s << arg.to_s }
428
453
  do_write(s)
429
454
  nil
@@ -1,4 +1,4 @@
1
- # frozen_string_literal: false
1
+ # frozen_string_literal: true
2
2
  #--
3
3
  # = Ruby-space predefined Cipher subclasses
4
4
  #
@@ -1,4 +1,4 @@
1
- # frozen_string_literal: false
1
+ # frozen_string_literal: true
2
2
  #--
3
3
  # = Ruby-space predefined Digest subclasses
4
4
  #
@@ -15,11 +15,6 @@
15
15
  module OpenSSL
16
16
  class Digest
17
17
 
18
- alg = %w(MD2 MD4 MD5 MDC2 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
19
- if OPENSSL_VERSION_NUMBER < 0x10100000
20
- alg += %w(DSS DSS1 SHA)
21
- end
22
-
23
18
  # Return the hash value computed with _name_ Digest. _name_ is either the
24
19
  # long name or short name of a supported digest algorithm.
25
20
  #
@@ -29,23 +24,26 @@ module OpenSSL
29
24
  #
30
25
  # which is equivalent to:
31
26
  #
32
- # OpenSSL::Digest::SHA256.digest("abc")
27
+ # OpenSSL::Digest.digest('SHA256', "abc")
33
28
 
34
29
  def self.digest(name, data)
35
30
  super(data, name)
36
31
  end
37
32
 
38
- alg.each{|name|
33
+ %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512).each do |name|
39
34
  klass = Class.new(self) {
40
35
  define_method(:initialize, ->(data = nil) {super(name, data)})
41
36
  }
37
+
42
38
  singleton = (class << klass; self; end)
39
+
43
40
  singleton.class_eval{
44
- define_method(:digest){|data| new.digest(data) }
45
- define_method(:hexdigest){|data| new.hexdigest(data) }
41
+ define_method(:digest) {|data| new.digest(data)}
42
+ define_method(:hexdigest) {|data| new.hexdigest(data)}
46
43
  }
47
- const_set(name, klass)
48
- }
44
+
45
+ const_set(name.tr('-', '_'), klass)
46
+ end
49
47
 
50
48
  # Deprecated.
51
49
  #
@@ -0,0 +1,78 @@
1
+ # frozen_string_literal: true
2
+
3
+ module OpenSSL
4
+ class HMAC
5
+ # Securely compare with another HMAC instance in constant time.
6
+ def ==(other)
7
+ return false unless HMAC === other
8
+ return false unless self.digest.bytesize == other.digest.bytesize
9
+
10
+ OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
11
+ end
12
+
13
+ # :call-seq:
14
+ # hmac.base64digest -> string
15
+ #
16
+ # Returns the authentication code an a Base64-encoded string.
17
+ def base64digest
18
+ [digest].pack("m0")
19
+ end
20
+
21
+ class << self
22
+ # :call-seq:
23
+ # HMAC.digest(digest, key, data) -> aString
24
+ #
25
+ # Returns the authentication code as a binary string. The _digest_ parameter
26
+ # specifies the digest algorithm to use. This may be a String representing
27
+ # the algorithm name or an instance of OpenSSL::Digest.
28
+ #
29
+ # === Example
30
+ # key = 'key'
31
+ # data = 'The quick brown fox jumps over the lazy dog'
32
+ #
33
+ # hmac = OpenSSL::HMAC.digest('SHA1', key, data)
34
+ # #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
35
+ def digest(digest, key, data)
36
+ hmac = new(key, digest)
37
+ hmac << data
38
+ hmac.digest
39
+ end
40
+
41
+ # :call-seq:
42
+ # HMAC.hexdigest(digest, key, data) -> aString
43
+ #
44
+ # Returns the authentication code as a hex-encoded string. The _digest_
45
+ # parameter specifies the digest algorithm to use. This may be a String
46
+ # representing the algorithm name or an instance of OpenSSL::Digest.
47
+ #
48
+ # === Example
49
+ # key = 'key'
50
+ # data = 'The quick brown fox jumps over the lazy dog'
51
+ #
52
+ # hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
53
+ # #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
54
+ def hexdigest(digest, key, data)
55
+ hmac = new(key, digest)
56
+ hmac << data
57
+ hmac.hexdigest
58
+ end
59
+
60
+ # :call-seq:
61
+ # HMAC.base64digest(digest, key, data) -> aString
62
+ #
63
+ # Returns the authentication code as a Base64-encoded string. The _digest_
64
+ # parameter specifies the digest algorithm to use. This may be a String
65
+ # representing the algorithm name or an instance of OpenSSL::Digest.
66
+ #
67
+ # === Example
68
+ # key = 'key'
69
+ # data = 'The quick brown fox jumps over the lazy dog'
70
+ #
71
+ # hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
72
+ # #=> "3nybhbi3iqa8ino29wqQcBydtNk="
73
+ def base64digest(digest, key, data)
74
+ [digest(digest, key, data)].pack("m0")
75
+ end
76
+ end
77
+ end
78
+ end
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+ #--
3
+ # = Ruby-space definitions to add DER (de)serialization to classes
4
+ #
5
+ # = Info
6
+ # 'OpenSSL for Ruby 2' project
7
+ # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
8
+ # All rights reserved.
9
+ #
10
+ # = Licence
11
+ # This program is licensed under the same licence as Ruby.
12
+ # (See the file 'LICENCE'.)
13
+ #++
14
+ module OpenSSL
15
+ module Marshal
16
+ def self.included(base)
17
+ base.extend(ClassMethods)
18
+ end
19
+
20
+ module ClassMethods
21
+ def _load(string)
22
+ new(string)
23
+ end
24
+ end
25
+
26
+ def _dump(_level)
27
+ to_der
28
+ end
29
+ end
30
+ end
data/lib/openssl/pkcs5.rb CHANGED
@@ -1,4 +1,4 @@
1
- # frozen_string_literal: false
1
+ # frozen_string_literal: true
2
2
  #--
3
3
  # Ruby/OpenSSL Project
4
4
  # Copyright (C) 2017 Ruby/OpenSSL Project Authors