openssl 2.1.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +232 -0
  4. data/README.md +2 -2
  5. data/ext/openssl/extconf.rb +61 -46
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +60 -44
  8. data/ext/openssl/ossl.c +112 -66
  9. data/ext/openssl/ossl.h +28 -11
  10. data/ext/openssl/ossl_asn1.c +42 -5
  11. data/ext/openssl/ossl_bn.c +276 -146
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +38 -29
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +31 -62
  17. data/ext/openssl/ossl_engine.c +18 -27
  18. data/ext/openssl/ossl_hmac.c +52 -145
  19. data/ext/openssl/ossl_kdf.c +11 -19
  20. data/ext/openssl/ossl_ns_spki.c +1 -1
  21. data/ext/openssl/ossl_ocsp.c +9 -62
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +21 -3
  24. data/ext/openssl/ossl_pkcs7.c +45 -78
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1255 -178
  27. data/ext/openssl/ossl_pkey.h +40 -77
  28. data/ext/openssl/ossl_pkey_dh.c +125 -335
  29. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  30. data/ext/openssl/ossl_pkey_ec.c +155 -318
  31. data/ext/openssl/ossl_pkey_rsa.c +105 -484
  32. data/ext/openssl/ossl_rand.c +2 -40
  33. data/ext/openssl/ossl_ssl.c +395 -364
  34. data/ext/openssl/ossl_ssl_session.c +24 -29
  35. data/ext/openssl/ossl_ts.c +1539 -0
  36. data/ext/openssl/ossl_ts.h +16 -0
  37. data/ext/openssl/ossl_x509.c +86 -1
  38. data/ext/openssl/ossl_x509cert.c +166 -10
  39. data/ext/openssl/ossl_x509crl.c +10 -7
  40. data/ext/openssl/ossl_x509ext.c +15 -2
  41. data/ext/openssl/ossl_x509name.c +16 -5
  42. data/ext/openssl/ossl_x509req.c +10 -7
  43. data/ext/openssl/ossl_x509store.c +193 -92
  44. data/lib/openssl/bn.rb +1 -1
  45. data/lib/openssl/buffering.rb +42 -17
  46. data/lib/openssl/cipher.rb +1 -1
  47. data/lib/openssl/digest.rb +10 -12
  48. data/lib/openssl/hmac.rb +78 -0
  49. data/lib/openssl/marshal.rb +30 -0
  50. data/lib/openssl/pkcs5.rb +1 -1
  51. data/lib/openssl/pkey.rb +435 -1
  52. data/lib/openssl/ssl.rb +53 -14
  53. data/lib/openssl/version.rb +5 -0
  54. data/lib/openssl/x509.rb +177 -1
  55. data/lib/openssl.rb +24 -9
  56. metadata +13 -69
  57. data/ext/openssl/deprecation.rb +0 -23
  58. data/ext/openssl/ossl_version.h +0 -15
  59. data/ext/openssl/ruby_missing.h +0 -24
  60. data/lib/openssl/config.rb +0 -474
@@ -1,5 +1,5 @@
1
1
  # coding: binary
2
- # frozen_string_literal: false
2
+ # frozen_string_literal: true
3
3
  #--
4
4
  #= Info
5
5
  # 'OpenSSL for Ruby 2' project
@@ -22,6 +22,29 @@
22
22
  module OpenSSL::Buffering
23
23
  include Enumerable
24
24
 
25
+ # A buffer which will retain binary encoding.
26
+ class Buffer < String
27
+ BINARY = Encoding::BINARY
28
+
29
+ def initialize
30
+ super
31
+
32
+ force_encoding(BINARY)
33
+ end
34
+
35
+ def << string
36
+ if string.encoding == BINARY
37
+ super(string)
38
+ else
39
+ super(string.b)
40
+ end
41
+
42
+ return self
43
+ end
44
+
45
+ alias concat <<
46
+ end
47
+
25
48
  ##
26
49
  # The "sync mode" of the SSLSocket.
27
50
  #
@@ -40,7 +63,7 @@ module OpenSSL::Buffering
40
63
  def initialize(*)
41
64
  super
42
65
  @eof = false
43
- @rbuffer = ""
66
+ @rbuffer = Buffer.new
44
67
  @sync = @io.sync
45
68
  end
46
69
 
@@ -78,6 +101,15 @@ module OpenSSL::Buffering
78
101
 
79
102
  public
80
103
 
104
+ # call-seq:
105
+ # ssl.getbyte => 81
106
+ #
107
+ # Get the next 8bit byte from `ssl`. Returns `nil` on EOF
108
+ def getbyte
109
+ byte = read(1)
110
+ byte && byte.unpack1("C")
111
+ end
112
+
81
113
  ##
82
114
  # Reads _size_ bytes from the stream. If _buf_ is provided it must
83
115
  # reference a string which will receive the data.
@@ -312,24 +344,19 @@ module OpenSSL::Buffering
312
344
  # buffer is flushed to the underlying socket.
313
345
 
314
346
  def do_write(s)
315
- @wbuffer = "" unless defined? @wbuffer
347
+ @wbuffer = Buffer.new unless defined? @wbuffer
316
348
  @wbuffer << s
317
349
  @wbuffer.force_encoding(Encoding::BINARY)
318
350
  @sync ||= false
319
- if @sync or @wbuffer.size > BLOCK_SIZE or idx = @wbuffer.rindex($/)
320
- remain = idx ? idx + $/.size : @wbuffer.length
321
- nwritten = 0
322
- while remain > 0
323
- str = @wbuffer[nwritten,remain]
351
+ if @sync or @wbuffer.size > BLOCK_SIZE
352
+ until @wbuffer.empty?
324
353
  begin
325
- nwrote = syswrite(str)
354
+ nwrote = syswrite(@wbuffer)
326
355
  rescue Errno::EAGAIN
327
356
  retry
328
357
  end
329
- remain -= nwrote
330
- nwritten += nwrote
358
+ @wbuffer[0, nwrote] = ""
331
359
  end
332
- @wbuffer[0,nwritten] = ""
333
360
  end
334
361
  end
335
362
 
@@ -403,15 +430,13 @@ module OpenSSL::Buffering
403
430
  # See IO#puts for full details.
404
431
 
405
432
  def puts(*args)
406
- s = ""
433
+ s = Buffer.new
407
434
  if args.empty?
408
435
  s << "\n"
409
436
  end
410
437
  args.each{|arg|
411
438
  s << arg.to_s
412
- if $/ && /\n\z/ !~ s
413
- s << "\n"
414
- end
439
+ s.sub!(/(?<!\n)\z/, "\n")
415
440
  }
416
441
  do_write(s)
417
442
  nil
@@ -423,7 +448,7 @@ module OpenSSL::Buffering
423
448
  # See IO#print for full details.
424
449
 
425
450
  def print(*args)
426
- s = ""
451
+ s = Buffer.new
427
452
  args.each{ |arg| s << arg.to_s }
428
453
  do_write(s)
429
454
  nil
@@ -1,4 +1,4 @@
1
- # frozen_string_literal: false
1
+ # frozen_string_literal: true
2
2
  #--
3
3
  # = Ruby-space predefined Cipher subclasses
4
4
  #
@@ -1,4 +1,4 @@
1
- # frozen_string_literal: false
1
+ # frozen_string_literal: true
2
2
  #--
3
3
  # = Ruby-space predefined Digest subclasses
4
4
  #
@@ -15,11 +15,6 @@
15
15
  module OpenSSL
16
16
  class Digest
17
17
 
18
- alg = %w(MD2 MD4 MD5 MDC2 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
19
- if OPENSSL_VERSION_NUMBER < 0x10100000
20
- alg += %w(DSS DSS1 SHA)
21
- end
22
-
23
18
  # Return the hash value computed with _name_ Digest. _name_ is either the
24
19
  # long name or short name of a supported digest algorithm.
25
20
  #
@@ -29,23 +24,26 @@ module OpenSSL
29
24
  #
30
25
  # which is equivalent to:
31
26
  #
32
- # OpenSSL::Digest::SHA256.digest("abc")
27
+ # OpenSSL::Digest.digest('SHA256', "abc")
33
28
 
34
29
  def self.digest(name, data)
35
30
  super(data, name)
36
31
  end
37
32
 
38
- alg.each{|name|
33
+ %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512).each do |name|
39
34
  klass = Class.new(self) {
40
35
  define_method(:initialize, ->(data = nil) {super(name, data)})
41
36
  }
37
+
42
38
  singleton = (class << klass; self; end)
39
+
43
40
  singleton.class_eval{
44
- define_method(:digest){|data| new.digest(data) }
45
- define_method(:hexdigest){|data| new.hexdigest(data) }
41
+ define_method(:digest) {|data| new.digest(data)}
42
+ define_method(:hexdigest) {|data| new.hexdigest(data)}
46
43
  }
47
- const_set(name, klass)
48
- }
44
+
45
+ const_set(name.tr('-', '_'), klass)
46
+ end
49
47
 
50
48
  # Deprecated.
51
49
  #
@@ -0,0 +1,78 @@
1
+ # frozen_string_literal: true
2
+
3
+ module OpenSSL
4
+ class HMAC
5
+ # Securely compare with another HMAC instance in constant time.
6
+ def ==(other)
7
+ return false unless HMAC === other
8
+ return false unless self.digest.bytesize == other.digest.bytesize
9
+
10
+ OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
11
+ end
12
+
13
+ # :call-seq:
14
+ # hmac.base64digest -> string
15
+ #
16
+ # Returns the authentication code an a Base64-encoded string.
17
+ def base64digest
18
+ [digest].pack("m0")
19
+ end
20
+
21
+ class << self
22
+ # :call-seq:
23
+ # HMAC.digest(digest, key, data) -> aString
24
+ #
25
+ # Returns the authentication code as a binary string. The _digest_ parameter
26
+ # specifies the digest algorithm to use. This may be a String representing
27
+ # the algorithm name or an instance of OpenSSL::Digest.
28
+ #
29
+ # === Example
30
+ # key = 'key'
31
+ # data = 'The quick brown fox jumps over the lazy dog'
32
+ #
33
+ # hmac = OpenSSL::HMAC.digest('SHA1', key, data)
34
+ # #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
35
+ def digest(digest, key, data)
36
+ hmac = new(key, digest)
37
+ hmac << data
38
+ hmac.digest
39
+ end
40
+
41
+ # :call-seq:
42
+ # HMAC.hexdigest(digest, key, data) -> aString
43
+ #
44
+ # Returns the authentication code as a hex-encoded string. The _digest_
45
+ # parameter specifies the digest algorithm to use. This may be a String
46
+ # representing the algorithm name or an instance of OpenSSL::Digest.
47
+ #
48
+ # === Example
49
+ # key = 'key'
50
+ # data = 'The quick brown fox jumps over the lazy dog'
51
+ #
52
+ # hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
53
+ # #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
54
+ def hexdigest(digest, key, data)
55
+ hmac = new(key, digest)
56
+ hmac << data
57
+ hmac.hexdigest
58
+ end
59
+
60
+ # :call-seq:
61
+ # HMAC.base64digest(digest, key, data) -> aString
62
+ #
63
+ # Returns the authentication code as a Base64-encoded string. The _digest_
64
+ # parameter specifies the digest algorithm to use. This may be a String
65
+ # representing the algorithm name or an instance of OpenSSL::Digest.
66
+ #
67
+ # === Example
68
+ # key = 'key'
69
+ # data = 'The quick brown fox jumps over the lazy dog'
70
+ #
71
+ # hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
72
+ # #=> "3nybhbi3iqa8ino29wqQcBydtNk="
73
+ def base64digest(digest, key, data)
74
+ [digest(digest, key, data)].pack("m0")
75
+ end
76
+ end
77
+ end
78
+ end
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+ #--
3
+ # = Ruby-space definitions to add DER (de)serialization to classes
4
+ #
5
+ # = Info
6
+ # 'OpenSSL for Ruby 2' project
7
+ # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
8
+ # All rights reserved.
9
+ #
10
+ # = Licence
11
+ # This program is licensed under the same licence as Ruby.
12
+ # (See the file 'LICENCE'.)
13
+ #++
14
+ module OpenSSL
15
+ module Marshal
16
+ def self.included(base)
17
+ base.extend(ClassMethods)
18
+ end
19
+
20
+ module ClassMethods
21
+ def _load(string)
22
+ new(string)
23
+ end
24
+ end
25
+
26
+ def _dump(_level)
27
+ to_der
28
+ end
29
+ end
30
+ end
data/lib/openssl/pkcs5.rb CHANGED
@@ -1,4 +1,4 @@
1
- # frozen_string_literal: false
1
+ # frozen_string_literal: true
2
2
  #--
3
3
  # Ruby/OpenSSL Project
4
4
  # Copyright (C) 2017 Ruby/OpenSSL Project Authors