openssl 2.1.2 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +35 -45
- data/History.md +232 -0
- data/README.md +2 -2
- data/ext/openssl/extconf.rb +61 -46
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +60 -44
- data/ext/openssl/ossl.c +112 -66
- data/ext/openssl/ossl.h +28 -11
- data/ext/openssl/ossl_asn1.c +42 -5
- data/ext/openssl/ossl_bn.c +276 -146
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +38 -29
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +31 -62
- data/ext/openssl/ossl_engine.c +18 -27
- data/ext/openssl/ossl_hmac.c +52 -145
- data/ext/openssl/ossl_kdf.c +11 -19
- data/ext/openssl/ossl_ns_spki.c +1 -1
- data/ext/openssl/ossl_ocsp.c +9 -62
- data/ext/openssl/ossl_ocsp.h +3 -3
- data/ext/openssl/ossl_pkcs12.c +21 -3
- data/ext/openssl/ossl_pkcs7.c +45 -78
- data/ext/openssl/ossl_pkcs7.h +16 -0
- data/ext/openssl/ossl_pkey.c +1255 -178
- data/ext/openssl/ossl_pkey.h +40 -77
- data/ext/openssl/ossl_pkey_dh.c +125 -335
- data/ext/openssl/ossl_pkey_dsa.c +93 -398
- data/ext/openssl/ossl_pkey_ec.c +155 -318
- data/ext/openssl/ossl_pkey_rsa.c +105 -484
- data/ext/openssl/ossl_rand.c +2 -40
- data/ext/openssl/ossl_ssl.c +395 -364
- data/ext/openssl/ossl_ssl_session.c +24 -29
- data/ext/openssl/ossl_ts.c +1539 -0
- data/ext/openssl/ossl_ts.h +16 -0
- data/ext/openssl/ossl_x509.c +86 -1
- data/ext/openssl/ossl_x509cert.c +166 -10
- data/ext/openssl/ossl_x509crl.c +10 -7
- data/ext/openssl/ossl_x509ext.c +15 -2
- data/ext/openssl/ossl_x509name.c +16 -5
- data/ext/openssl/ossl_x509req.c +10 -7
- data/ext/openssl/ossl_x509store.c +193 -92
- data/lib/openssl/bn.rb +1 -1
- data/lib/openssl/buffering.rb +42 -17
- data/lib/openssl/cipher.rb +1 -1
- data/lib/openssl/digest.rb +10 -12
- data/lib/openssl/hmac.rb +78 -0
- data/lib/openssl/marshal.rb +30 -0
- data/lib/openssl/pkcs5.rb +1 -1
- data/lib/openssl/pkey.rb +435 -1
- data/lib/openssl/ssl.rb +53 -14
- data/lib/openssl/version.rb +5 -0
- data/lib/openssl/x509.rb +177 -1
- data/lib/openssl.rb +24 -9
- metadata +13 -69
- data/ext/openssl/deprecation.rb +0 -23
- data/ext/openssl/ossl_version.h +0 -15
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -474
data/lib/openssl/buffering.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
# coding: binary
|
2
|
-
# frozen_string_literal:
|
2
|
+
# frozen_string_literal: true
|
3
3
|
#--
|
4
4
|
#= Info
|
5
5
|
# 'OpenSSL for Ruby 2' project
|
@@ -22,6 +22,29 @@
|
|
22
22
|
module OpenSSL::Buffering
|
23
23
|
include Enumerable
|
24
24
|
|
25
|
+
# A buffer which will retain binary encoding.
|
26
|
+
class Buffer < String
|
27
|
+
BINARY = Encoding::BINARY
|
28
|
+
|
29
|
+
def initialize
|
30
|
+
super
|
31
|
+
|
32
|
+
force_encoding(BINARY)
|
33
|
+
end
|
34
|
+
|
35
|
+
def << string
|
36
|
+
if string.encoding == BINARY
|
37
|
+
super(string)
|
38
|
+
else
|
39
|
+
super(string.b)
|
40
|
+
end
|
41
|
+
|
42
|
+
return self
|
43
|
+
end
|
44
|
+
|
45
|
+
alias concat <<
|
46
|
+
end
|
47
|
+
|
25
48
|
##
|
26
49
|
# The "sync mode" of the SSLSocket.
|
27
50
|
#
|
@@ -40,7 +63,7 @@ module OpenSSL::Buffering
|
|
40
63
|
def initialize(*)
|
41
64
|
super
|
42
65
|
@eof = false
|
43
|
-
@rbuffer =
|
66
|
+
@rbuffer = Buffer.new
|
44
67
|
@sync = @io.sync
|
45
68
|
end
|
46
69
|
|
@@ -78,6 +101,15 @@ module OpenSSL::Buffering
|
|
78
101
|
|
79
102
|
public
|
80
103
|
|
104
|
+
# call-seq:
|
105
|
+
# ssl.getbyte => 81
|
106
|
+
#
|
107
|
+
# Get the next 8bit byte from `ssl`. Returns `nil` on EOF
|
108
|
+
def getbyte
|
109
|
+
byte = read(1)
|
110
|
+
byte && byte.unpack1("C")
|
111
|
+
end
|
112
|
+
|
81
113
|
##
|
82
114
|
# Reads _size_ bytes from the stream. If _buf_ is provided it must
|
83
115
|
# reference a string which will receive the data.
|
@@ -312,24 +344,19 @@ module OpenSSL::Buffering
|
|
312
344
|
# buffer is flushed to the underlying socket.
|
313
345
|
|
314
346
|
def do_write(s)
|
315
|
-
@wbuffer =
|
347
|
+
@wbuffer = Buffer.new unless defined? @wbuffer
|
316
348
|
@wbuffer << s
|
317
349
|
@wbuffer.force_encoding(Encoding::BINARY)
|
318
350
|
@sync ||= false
|
319
|
-
if @sync or @wbuffer.size > BLOCK_SIZE
|
320
|
-
|
321
|
-
nwritten = 0
|
322
|
-
while remain > 0
|
323
|
-
str = @wbuffer[nwritten,remain]
|
351
|
+
if @sync or @wbuffer.size > BLOCK_SIZE
|
352
|
+
until @wbuffer.empty?
|
324
353
|
begin
|
325
|
-
nwrote = syswrite(
|
354
|
+
nwrote = syswrite(@wbuffer)
|
326
355
|
rescue Errno::EAGAIN
|
327
356
|
retry
|
328
357
|
end
|
329
|
-
|
330
|
-
nwritten += nwrote
|
358
|
+
@wbuffer[0, nwrote] = ""
|
331
359
|
end
|
332
|
-
@wbuffer[0,nwritten] = ""
|
333
360
|
end
|
334
361
|
end
|
335
362
|
|
@@ -403,15 +430,13 @@ module OpenSSL::Buffering
|
|
403
430
|
# See IO#puts for full details.
|
404
431
|
|
405
432
|
def puts(*args)
|
406
|
-
s =
|
433
|
+
s = Buffer.new
|
407
434
|
if args.empty?
|
408
435
|
s << "\n"
|
409
436
|
end
|
410
437
|
args.each{|arg|
|
411
438
|
s << arg.to_s
|
412
|
-
|
413
|
-
s << "\n"
|
414
|
-
end
|
439
|
+
s.sub!(/(?<!\n)\z/, "\n")
|
415
440
|
}
|
416
441
|
do_write(s)
|
417
442
|
nil
|
@@ -423,7 +448,7 @@ module OpenSSL::Buffering
|
|
423
448
|
# See IO#print for full details.
|
424
449
|
|
425
450
|
def print(*args)
|
426
|
-
s =
|
451
|
+
s = Buffer.new
|
427
452
|
args.each{ |arg| s << arg.to_s }
|
428
453
|
do_write(s)
|
429
454
|
nil
|
data/lib/openssl/cipher.rb
CHANGED
data/lib/openssl/digest.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# frozen_string_literal:
|
1
|
+
# frozen_string_literal: true
|
2
2
|
#--
|
3
3
|
# = Ruby-space predefined Digest subclasses
|
4
4
|
#
|
@@ -15,11 +15,6 @@
|
|
15
15
|
module OpenSSL
|
16
16
|
class Digest
|
17
17
|
|
18
|
-
alg = %w(MD2 MD4 MD5 MDC2 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
|
19
|
-
if OPENSSL_VERSION_NUMBER < 0x10100000
|
20
|
-
alg += %w(DSS DSS1 SHA)
|
21
|
-
end
|
22
|
-
|
23
18
|
# Return the hash value computed with _name_ Digest. _name_ is either the
|
24
19
|
# long name or short name of a supported digest algorithm.
|
25
20
|
#
|
@@ -29,23 +24,26 @@ module OpenSSL
|
|
29
24
|
#
|
30
25
|
# which is equivalent to:
|
31
26
|
#
|
32
|
-
# OpenSSL::Digest
|
27
|
+
# OpenSSL::Digest.digest('SHA256', "abc")
|
33
28
|
|
34
29
|
def self.digest(name, data)
|
35
30
|
super(data, name)
|
36
31
|
end
|
37
32
|
|
38
|
-
|
33
|
+
%w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512).each do |name|
|
39
34
|
klass = Class.new(self) {
|
40
35
|
define_method(:initialize, ->(data = nil) {super(name, data)})
|
41
36
|
}
|
37
|
+
|
42
38
|
singleton = (class << klass; self; end)
|
39
|
+
|
43
40
|
singleton.class_eval{
|
44
|
-
define_method(:digest){|data| new.digest(data)
|
45
|
-
define_method(:hexdigest){|data| new.hexdigest(data)
|
41
|
+
define_method(:digest) {|data| new.digest(data)}
|
42
|
+
define_method(:hexdigest) {|data| new.hexdigest(data)}
|
46
43
|
}
|
47
|
-
|
48
|
-
|
44
|
+
|
45
|
+
const_set(name.tr('-', '_'), klass)
|
46
|
+
end
|
49
47
|
|
50
48
|
# Deprecated.
|
51
49
|
#
|
data/lib/openssl/hmac.rb
ADDED
@@ -0,0 +1,78 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module OpenSSL
|
4
|
+
class HMAC
|
5
|
+
# Securely compare with another HMAC instance in constant time.
|
6
|
+
def ==(other)
|
7
|
+
return false unless HMAC === other
|
8
|
+
return false unless self.digest.bytesize == other.digest.bytesize
|
9
|
+
|
10
|
+
OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
|
11
|
+
end
|
12
|
+
|
13
|
+
# :call-seq:
|
14
|
+
# hmac.base64digest -> string
|
15
|
+
#
|
16
|
+
# Returns the authentication code an a Base64-encoded string.
|
17
|
+
def base64digest
|
18
|
+
[digest].pack("m0")
|
19
|
+
end
|
20
|
+
|
21
|
+
class << self
|
22
|
+
# :call-seq:
|
23
|
+
# HMAC.digest(digest, key, data) -> aString
|
24
|
+
#
|
25
|
+
# Returns the authentication code as a binary string. The _digest_ parameter
|
26
|
+
# specifies the digest algorithm to use. This may be a String representing
|
27
|
+
# the algorithm name or an instance of OpenSSL::Digest.
|
28
|
+
#
|
29
|
+
# === Example
|
30
|
+
# key = 'key'
|
31
|
+
# data = 'The quick brown fox jumps over the lazy dog'
|
32
|
+
#
|
33
|
+
# hmac = OpenSSL::HMAC.digest('SHA1', key, data)
|
34
|
+
# #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
|
35
|
+
def digest(digest, key, data)
|
36
|
+
hmac = new(key, digest)
|
37
|
+
hmac << data
|
38
|
+
hmac.digest
|
39
|
+
end
|
40
|
+
|
41
|
+
# :call-seq:
|
42
|
+
# HMAC.hexdigest(digest, key, data) -> aString
|
43
|
+
#
|
44
|
+
# Returns the authentication code as a hex-encoded string. The _digest_
|
45
|
+
# parameter specifies the digest algorithm to use. This may be a String
|
46
|
+
# representing the algorithm name or an instance of OpenSSL::Digest.
|
47
|
+
#
|
48
|
+
# === Example
|
49
|
+
# key = 'key'
|
50
|
+
# data = 'The quick brown fox jumps over the lazy dog'
|
51
|
+
#
|
52
|
+
# hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
|
53
|
+
# #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
|
54
|
+
def hexdigest(digest, key, data)
|
55
|
+
hmac = new(key, digest)
|
56
|
+
hmac << data
|
57
|
+
hmac.hexdigest
|
58
|
+
end
|
59
|
+
|
60
|
+
# :call-seq:
|
61
|
+
# HMAC.base64digest(digest, key, data) -> aString
|
62
|
+
#
|
63
|
+
# Returns the authentication code as a Base64-encoded string. The _digest_
|
64
|
+
# parameter specifies the digest algorithm to use. This may be a String
|
65
|
+
# representing the algorithm name or an instance of OpenSSL::Digest.
|
66
|
+
#
|
67
|
+
# === Example
|
68
|
+
# key = 'key'
|
69
|
+
# data = 'The quick brown fox jumps over the lazy dog'
|
70
|
+
#
|
71
|
+
# hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
|
72
|
+
# #=> "3nybhbi3iqa8ino29wqQcBydtNk="
|
73
|
+
def base64digest(digest, key, data)
|
74
|
+
[digest(digest, key, data)].pack("m0")
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
#--
|
3
|
+
# = Ruby-space definitions to add DER (de)serialization to classes
|
4
|
+
#
|
5
|
+
# = Info
|
6
|
+
# 'OpenSSL for Ruby 2' project
|
7
|
+
# Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
8
|
+
# All rights reserved.
|
9
|
+
#
|
10
|
+
# = Licence
|
11
|
+
# This program is licensed under the same licence as Ruby.
|
12
|
+
# (See the file 'LICENCE'.)
|
13
|
+
#++
|
14
|
+
module OpenSSL
|
15
|
+
module Marshal
|
16
|
+
def self.included(base)
|
17
|
+
base.extend(ClassMethods)
|
18
|
+
end
|
19
|
+
|
20
|
+
module ClassMethods
|
21
|
+
def _load(string)
|
22
|
+
new(string)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def _dump(_level)
|
27
|
+
to_der
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
data/lib/openssl/pkcs5.rb
CHANGED