openssl 2.1.2 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +232 -0
  4. data/README.md +2 -2
  5. data/ext/openssl/extconf.rb +61 -46
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +60 -44
  8. data/ext/openssl/ossl.c +112 -66
  9. data/ext/openssl/ossl.h +28 -11
  10. data/ext/openssl/ossl_asn1.c +42 -5
  11. data/ext/openssl/ossl_bn.c +276 -146
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +38 -29
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +31 -62
  17. data/ext/openssl/ossl_engine.c +18 -27
  18. data/ext/openssl/ossl_hmac.c +52 -145
  19. data/ext/openssl/ossl_kdf.c +11 -19
  20. data/ext/openssl/ossl_ns_spki.c +1 -1
  21. data/ext/openssl/ossl_ocsp.c +9 -62
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +21 -3
  24. data/ext/openssl/ossl_pkcs7.c +45 -78
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1255 -178
  27. data/ext/openssl/ossl_pkey.h +40 -77
  28. data/ext/openssl/ossl_pkey_dh.c +125 -335
  29. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  30. data/ext/openssl/ossl_pkey_ec.c +155 -318
  31. data/ext/openssl/ossl_pkey_rsa.c +105 -484
  32. data/ext/openssl/ossl_rand.c +2 -40
  33. data/ext/openssl/ossl_ssl.c +395 -364
  34. data/ext/openssl/ossl_ssl_session.c +24 -29
  35. data/ext/openssl/ossl_ts.c +1539 -0
  36. data/ext/openssl/ossl_ts.h +16 -0
  37. data/ext/openssl/ossl_x509.c +86 -1
  38. data/ext/openssl/ossl_x509cert.c +166 -10
  39. data/ext/openssl/ossl_x509crl.c +10 -7
  40. data/ext/openssl/ossl_x509ext.c +15 -2
  41. data/ext/openssl/ossl_x509name.c +16 -5
  42. data/ext/openssl/ossl_x509req.c +10 -7
  43. data/ext/openssl/ossl_x509store.c +193 -92
  44. data/lib/openssl/bn.rb +1 -1
  45. data/lib/openssl/buffering.rb +42 -17
  46. data/lib/openssl/cipher.rb +1 -1
  47. data/lib/openssl/digest.rb +10 -12
  48. data/lib/openssl/hmac.rb +78 -0
  49. data/lib/openssl/marshal.rb +30 -0
  50. data/lib/openssl/pkcs5.rb +1 -1
  51. data/lib/openssl/pkey.rb +435 -1
  52. data/lib/openssl/ssl.rb +53 -14
  53. data/lib/openssl/version.rb +5 -0
  54. data/lib/openssl/x509.rb +177 -1
  55. data/lib/openssl.rb +24 -9
  56. metadata +13 -69
  57. data/ext/openssl/deprecation.rb +0 -23
  58. data/ext/openssl/ossl_version.h +0 -15
  59. data/ext/openssl/ruby_missing.h +0 -24
  60. data/lib/openssl/config.rb +0 -474
@@ -7,27 +7,18 @@
7
7
  * This program is licensed under the same licence as Ruby.
8
8
  * (See the file 'LICENCE'.)
9
9
  */
10
- #if !defined(_OSSL_PKEY_H_)
11
- #define _OSSL_PKEY_H_
10
+ #if !defined(OSSL_PKEY_H)
11
+ #define OSSL_PKEY_H
12
12
 
13
13
  extern VALUE mPKey;
14
14
  extern VALUE cPKey;
15
15
  extern VALUE ePKeyError;
16
16
  extern const rb_data_type_t ossl_evp_pkey_type;
17
17
 
18
- #define OSSL_PKEY_SET_PRIVATE(obj) rb_iv_set((obj), "private", Qtrue)
19
- #define OSSL_PKEY_SET_PUBLIC(obj) rb_iv_set((obj), "private", Qfalse)
20
- #define OSSL_PKEY_IS_PRIVATE(obj) (rb_iv_get((obj), "private") == Qtrue)
18
+ /* For ENGINE */
19
+ #define OSSL_PKEY_SET_PRIVATE(obj) rb_ivar_set((obj), rb_intern("private"), Qtrue)
20
+ #define OSSL_PKEY_IS_PRIVATE(obj) (rb_attr_get((obj), rb_intern("private")) == Qtrue)
21
21
 
22
- #define NewPKey(klass) \
23
- TypedData_Wrap_Struct((klass), &ossl_evp_pkey_type, 0)
24
- #define SetPKey(obj, pkey) do { \
25
- if (!(pkey)) { \
26
- rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!"); \
27
- } \
28
- RTYPEDDATA_DATA(obj) = (pkey); \
29
- OSSL_PKEY_SET_PUBLIC(obj); \
30
- } while (0)
31
22
  #define GetPKey(obj, pkey) do {\
32
23
  TypedData_Get_Struct((obj), EVP_PKEY, &ossl_evp_pkey_type, (pkey)); \
33
24
  if (!(pkey)) { \
@@ -35,19 +26,27 @@ extern const rb_data_type_t ossl_evp_pkey_type;
35
26
  } \
36
27
  } while (0)
37
28
 
38
- struct ossl_generate_cb_arg {
39
- int yield;
40
- int interrupted;
41
- int state;
42
- };
43
- int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
44
- void ossl_generate_cb_stop(void *ptr);
45
-
29
+ /* Takes ownership of the EVP_PKEY */
46
30
  VALUE ossl_pkey_new(EVP_PKEY *);
47
31
  void ossl_pkey_check_public_key(const EVP_PKEY *);
32
+ EVP_PKEY *ossl_pkey_read_generic(BIO *, VALUE);
48
33
  EVP_PKEY *GetPKeyPtr(VALUE);
49
34
  EVP_PKEY *DupPKeyPtr(VALUE);
50
35
  EVP_PKEY *GetPrivPKeyPtr(VALUE);
36
+
37
+ /*
38
+ * Serializes _self_ in X.509 SubjectPublicKeyInfo format and returns the
39
+ * resulting String. Sub-classes use this when overriding #to_der.
40
+ */
41
+ VALUE ossl_pkey_export_spki(VALUE self, int to_der);
42
+ /*
43
+ * Serializes the private key _self_ in the traditional private key format
44
+ * and returns the resulting String. Sub-classes use this when overriding
45
+ * #to_der.
46
+ */
47
+ VALUE ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self,
48
+ int to_der);
49
+
51
50
  void Init_ossl_pkey(void);
52
51
 
53
52
  /*
@@ -56,7 +55,6 @@ void Init_ossl_pkey(void);
56
55
  extern VALUE cRSA;
57
56
  extern VALUE eRSAError;
58
57
 
59
- VALUE ossl_rsa_new(EVP_PKEY *);
60
58
  void Init_ossl_rsa(void);
61
59
 
62
60
  /*
@@ -65,7 +63,6 @@ void Init_ossl_rsa(void);
65
63
  extern VALUE cDSA;
66
64
  extern VALUE eDSAError;
67
65
 
68
- VALUE ossl_dsa_new(EVP_PKEY *);
69
66
  void Init_ossl_dsa(void);
70
67
 
71
68
  /*
@@ -74,7 +71,6 @@ void Init_ossl_dsa(void);
74
71
  extern VALUE cDH;
75
72
  extern VALUE eDHError;
76
73
 
77
- VALUE ossl_dh_new(EVP_PKEY *);
78
74
  void Init_ossl_dh(void);
79
75
 
80
76
  /*
@@ -120,6 +116,7 @@ static VALUE ossl_##_keytype##_get_##_name(VALUE self) \
120
116
  OSSL_PKEY_BN_DEF_GETTER0(_keytype, _type, a2, \
121
117
  _type##_get0_##_group(obj, NULL, &bn))
122
118
 
119
+ #if !OSSL_OPENSSL_PREREQ(3, 0, 0)
123
120
  #define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
124
121
  /* \
125
122
  * call-seq: \
@@ -133,9 +130,9 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALU
133
130
  BIGNUM *bn3 = NULL, *orig_bn3 = NIL_P(v3) ? NULL : GetBNPtr(v3);\
134
131
  \
135
132
  Get##_type(self, obj); \
136
- if (orig_bn1 && !(bn1 = BN_dup(orig_bn1)) || \
137
- orig_bn2 && !(bn2 = BN_dup(orig_bn2)) || \
138
- orig_bn3 && !(bn3 = BN_dup(orig_bn3))) { \
133
+ if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
134
+ (orig_bn2 && !(bn2 = BN_dup(orig_bn2))) || \
135
+ (orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) { \
139
136
  BN_clear_free(bn1); \
140
137
  BN_clear_free(bn2); \
141
138
  BN_clear_free(bn3); \
@@ -163,8 +160,8 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
163
160
  BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
164
161
  \
165
162
  Get##_type(self, obj); \
166
- if (orig_bn1 && !(bn1 = BN_dup(orig_bn1)) || \
167
- orig_bn2 && !(bn2 = BN_dup(orig_bn2))) { \
163
+ if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
164
+ (orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) { \
168
165
  BN_clear_free(bn1); \
169
166
  BN_clear_free(bn2); \
170
167
  ossl_raise(eBNError, NULL); \
@@ -177,36 +174,22 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
177
174
  } \
178
175
  return self; \
179
176
  }
177
+ #else
178
+ #define OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
179
+ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALUE v3) \
180
+ { \
181
+ rb_raise(ePKeyError, \
182
+ #_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
183
+ }
180
184
 
181
- #define OSSL_PKEY_BN_DEF_SETTER_OLD(_keytype, _type, _group, _name) \
182
- /* \
183
- * call-seq: \
184
- * _keytype##.##_name = bn -> bn \
185
- */ \
186
- static VALUE ossl_##_keytype##_set_##_name(VALUE self, VALUE bignum) \
185
+ #define OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
186
+ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
187
187
  { \
188
- _type *obj; \
189
- BIGNUM *bn; \
190
- \
191
- rb_warning("#"#_name"= is deprecated; use #set_"#_group); \
192
- Get##_type(self, obj); \
193
- if (NIL_P(bignum)) { \
194
- BN_clear_free(obj->_name); \
195
- obj->_name = NULL; \
196
- return Qnil; \
197
- } \
198
- \
199
- bn = GetBNPtr(bignum); \
200
- if (obj->_name == NULL) \
201
- obj->_name = BN_new(); \
202
- if (obj->_name == NULL) \
203
- ossl_raise(eBNError, NULL); \
204
- if (BN_copy(obj->_name, bn) == NULL) \
205
- ossl_raise(eBNError, NULL); \
206
- return bignum; \
188
+ rb_raise(ePKeyError, \
189
+ #_keytype"#set_"#_group"= is incompatible with OpenSSL 3.0"); \
207
190
  }
191
+ #endif
208
192
 
209
- #if defined(HAVE_OPAQUE_OPENSSL) /* OpenSSL 1.1.0 */
210
193
  #define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \
211
194
  OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
212
195
  OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3)
@@ -218,24 +201,4 @@ static VALUE ossl_##_keytype##_set_##_name(VALUE self, VALUE bignum) \
218
201
  #define DEF_OSSL_PKEY_BN(class, keytype, name) \
219
202
  rb_define_method((class), #name, ossl_##keytype##_get_##name, 0)
220
203
 
221
- #else
222
- #define OSSL_PKEY_BN_DEF3(_keytype, _type, _group, a1, a2, a3) \
223
- OSSL_PKEY_BN_DEF_GETTER3(_keytype, _type, _group, a1, a2, a3) \
224
- OSSL_PKEY_BN_DEF_SETTER3(_keytype, _type, _group, a1, a2, a3) \
225
- OSSL_PKEY_BN_DEF_SETTER_OLD(_keytype, _type, _group, a1) \
226
- OSSL_PKEY_BN_DEF_SETTER_OLD(_keytype, _type, _group, a2) \
227
- OSSL_PKEY_BN_DEF_SETTER_OLD(_keytype, _type, _group, a3)
228
-
229
- #define OSSL_PKEY_BN_DEF2(_keytype, _type, _group, a1, a2) \
230
- OSSL_PKEY_BN_DEF_GETTER2(_keytype, _type, _group, a1, a2) \
231
- OSSL_PKEY_BN_DEF_SETTER2(_keytype, _type, _group, a1, a2) \
232
- OSSL_PKEY_BN_DEF_SETTER_OLD(_keytype, _type, _group, a1) \
233
- OSSL_PKEY_BN_DEF_SETTER_OLD(_keytype, _type, _group, a2)
234
-
235
- #define DEF_OSSL_PKEY_BN(class, keytype, name) do { \
236
- rb_define_method((class), #name, ossl_##keytype##_get_##name, 0);\
237
- rb_define_method((class), #name "=", ossl_##keytype##_set_##name, 1);\
238
- } while (0)
239
- #endif /* HAVE_OPAQUE_OPENSSL */
240
-
241
- #endif /* _OSSL_PKEY_H_ */
204
+ #endif /* OSSL_PKEY_H */