openssl 2.1.3 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +35 -45
  3. data/History.md +237 -1
  4. data/README.md +2 -2
  5. data/ext/openssl/extconf.rb +46 -38
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +59 -43
  8. data/ext/openssl/ossl.c +110 -64
  9. data/ext/openssl/ossl.h +27 -10
  10. data/ext/openssl/ossl_asn1.c +41 -4
  11. data/ext/openssl/ossl_bn.c +251 -134
  12. data/ext/openssl/ossl_bn.h +2 -1
  13. data/ext/openssl/ossl_cipher.c +38 -29
  14. data/ext/openssl/ossl_config.c +412 -41
  15. data/ext/openssl/ossl_config.h +4 -7
  16. data/ext/openssl/ossl_digest.c +25 -60
  17. data/ext/openssl/ossl_engine.c +18 -27
  18. data/ext/openssl/ossl_hmac.c +60 -145
  19. data/ext/openssl/ossl_kdf.c +11 -19
  20. data/ext/openssl/ossl_ns_spki.c +1 -1
  21. data/ext/openssl/ossl_ocsp.c +9 -62
  22. data/ext/openssl/ossl_ocsp.h +3 -3
  23. data/ext/openssl/ossl_pkcs12.c +21 -3
  24. data/ext/openssl/ossl_pkcs7.c +45 -78
  25. data/ext/openssl/ossl_pkcs7.h +16 -0
  26. data/ext/openssl/ossl_pkey.c +1295 -178
  27. data/ext/openssl/ossl_pkey.h +35 -72
  28. data/ext/openssl/ossl_pkey_dh.c +124 -334
  29. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  30. data/ext/openssl/ossl_pkey_ec.c +159 -318
  31. data/ext/openssl/ossl_pkey_rsa.c +105 -484
  32. data/ext/openssl/ossl_rand.c +2 -32
  33. data/ext/openssl/ossl_ssl.c +347 -394
  34. data/ext/openssl/ossl_ssl_session.c +24 -29
  35. data/ext/openssl/ossl_ts.c +1539 -0
  36. data/ext/openssl/ossl_ts.h +16 -0
  37. data/ext/openssl/ossl_x509.c +0 -6
  38. data/ext/openssl/ossl_x509cert.c +169 -13
  39. data/ext/openssl/ossl_x509crl.c +13 -10
  40. data/ext/openssl/ossl_x509ext.c +15 -2
  41. data/ext/openssl/ossl_x509name.c +15 -4
  42. data/ext/openssl/ossl_x509req.c +13 -10
  43. data/ext/openssl/ossl_x509revoked.c +3 -3
  44. data/ext/openssl/ossl_x509store.c +154 -70
  45. data/lib/openssl/bn.rb +1 -1
  46. data/lib/openssl/buffering.rb +37 -5
  47. data/lib/openssl/cipher.rb +1 -1
  48. data/lib/openssl/digest.rb +10 -12
  49. data/lib/openssl/hmac.rb +78 -0
  50. data/lib/openssl/marshal.rb +30 -0
  51. data/lib/openssl/pkcs5.rb +1 -1
  52. data/lib/openssl/pkey.rb +443 -1
  53. data/lib/openssl/ssl.rb +47 -9
  54. data/lib/openssl/version.rb +5 -0
  55. data/lib/openssl/x509.rb +177 -1
  56. data/lib/openssl.rb +24 -9
  57. metadata +10 -79
  58. data/ext/openssl/deprecation.rb +0 -27
  59. data/ext/openssl/ossl_version.h +0 -15
  60. data/ext/openssl/ruby_missing.h +0 -24
  61. data/lib/openssl/config.rb +0 -492
@@ -9,21 +9,6 @@
9
9
  */
10
10
  #include "ossl.h"
11
11
 
12
- #define NewPKCS7(klass) \
13
- TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0)
14
- #define SetPKCS7(obj, pkcs7) do { \
15
- if (!(pkcs7)) { \
16
- ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
17
- } \
18
- RTYPEDDATA_DATA(obj) = (pkcs7); \
19
- } while (0)
20
- #define GetPKCS7(obj, pkcs7) do { \
21
- TypedData_Get_Struct((obj), PKCS7, &ossl_pkcs7_type, (pkcs7)); \
22
- if (!(pkcs7)) { \
23
- ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
24
- } \
25
- } while (0)
26
-
27
12
  #define NewPKCS7si(klass) \
28
13
  TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0)
29
14
  #define SetPKCS7si(obj, p7si) do { \
@@ -75,7 +60,7 @@ ossl_pkcs7_free(void *ptr)
75
60
  PKCS7_free(ptr);
76
61
  }
77
62
 
78
- static const rb_data_type_t ossl_pkcs7_type = {
63
+ const rb_data_type_t ossl_pkcs7_type = {
79
64
  "OpenSSL/PKCS7",
80
65
  {
81
66
  0, ossl_pkcs7_free,
@@ -116,19 +101,24 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = {
116
101
  * (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM)
117
102
  */
118
103
  static PKCS7_SIGNER_INFO *
119
- ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si)
104
+ ossl_PKCS7_SIGNER_INFO_dup(PKCS7_SIGNER_INFO *si)
120
105
  {
121
- return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
122
- (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
123
- (char *)si);
106
+ PKCS7_SIGNER_INFO *si_new = ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
107
+ (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
108
+ si);
109
+ if (si_new && si->pkey) {
110
+ EVP_PKEY_up_ref(si->pkey);
111
+ si_new->pkey = si->pkey;
112
+ }
113
+ return si_new;
124
114
  }
125
115
 
126
116
  static PKCS7_RECIP_INFO *
127
- ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si)
117
+ ossl_PKCS7_RECIP_INFO_dup(PKCS7_RECIP_INFO *si)
128
118
  {
129
- return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
130
- (d2i_of_void *)d2i_PKCS7_RECIP_INFO,
131
- (char *)si);
119
+ return ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
120
+ (d2i_of_void *)d2i_PKCS7_RECIP_INFO,
121
+ si);
132
122
  }
133
123
 
134
124
  static VALUE
@@ -145,19 +135,6 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
145
135
  return obj;
146
136
  }
147
137
 
148
- static PKCS7_SIGNER_INFO *
149
- DupPKCS7SignerPtr(VALUE obj)
150
- {
151
- PKCS7_SIGNER_INFO *p7si, *pkcs7;
152
-
153
- GetPKCS7si(obj, p7si);
154
- if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
155
- ossl_raise(ePKCS7Error, NULL);
156
- }
157
-
158
- return pkcs7;
159
- }
160
-
161
138
  static VALUE
162
139
  ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
163
140
  {
@@ -172,19 +149,6 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
172
149
  return obj;
173
150
  }
174
151
 
175
- static PKCS7_RECIP_INFO *
176
- DupPKCS7RecipientPtr(VALUE obj)
177
- {
178
- PKCS7_RECIP_INFO *p7ri, *pkcs7;
179
-
180
- GetPKCS7ri(obj, p7ri);
181
- if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
182
- ossl_raise(ePKCS7Error, NULL);
183
- }
184
-
185
- return pkcs7;
186
- }
187
-
188
152
  /*
189
153
  * call-seq:
190
154
  * PKCS7.read_smime(string) => pkcs7
@@ -366,7 +330,7 @@ ossl_pkcs7_alloc(VALUE klass)
366
330
  static VALUE
367
331
  ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
368
332
  {
369
- PKCS7 *p7, *pkcs = DATA_PTR(self);
333
+ PKCS7 *p7, *p7_orig = RTYPEDDATA_DATA(self);
370
334
  BIO *in;
371
335
  VALUE arg;
372
336
 
@@ -374,19 +338,17 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
374
338
  return self;
375
339
  arg = ossl_to_der_if_possible(arg);
376
340
  in = ossl_obj2bio(&arg);
377
- p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL);
341
+ p7 = d2i_PKCS7_bio(in, NULL);
378
342
  if (!p7) {
379
- OSSL_BIO_reset(in);
380
- p7 = d2i_PKCS7_bio(in, &pkcs);
381
- if (!p7) {
382
- BIO_free(in);
383
- PKCS7_free(pkcs);
384
- DATA_PTR(self) = NULL;
385
- ossl_raise(rb_eArgError, "Could not parse the PKCS7");
386
- }
343
+ OSSL_BIO_reset(in);
344
+ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
387
345
  }
388
- DATA_PTR(self) = pkcs;
389
346
  BIO_free(in);
347
+ if (!p7)
348
+ ossl_raise(rb_eArgError, "Could not parse the PKCS7");
349
+
350
+ RTYPEDDATA_DATA(self) = p7;
351
+ PKCS7_free(p7_orig);
390
352
  ossl_pkcs7_set_data(self, Qnil);
391
353
  ossl_pkcs7_set_err_string(self, Qnil);
392
354
 
@@ -536,17 +498,18 @@ static VALUE
536
498
  ossl_pkcs7_add_signer(VALUE self, VALUE signer)
537
499
  {
538
500
  PKCS7 *pkcs7;
539
- PKCS7_SIGNER_INFO *p7si;
501
+ PKCS7_SIGNER_INFO *si, *si_new;
540
502
 
541
- p7si = DupPKCS7SignerPtr(signer); /* NEED TO DUP */
542
503
  GetPKCS7(self, pkcs7);
543
- if (!PKCS7_add_signer(pkcs7, p7si)) {
544
- PKCS7_SIGNER_INFO_free(p7si);
545
- ossl_raise(ePKCS7Error, "Could not add signer.");
546
- }
547
- if (PKCS7_type_is_signed(pkcs7)){
548
- PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
549
- V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
504
+ GetPKCS7si(signer, si);
505
+
506
+ si_new = ossl_PKCS7_SIGNER_INFO_dup(si);
507
+ if (!si_new)
508
+ ossl_raise(ePKCS7Error, "PKCS7_SIGNER_INFO_dup");
509
+
510
+ if (PKCS7_add_signer(pkcs7, si_new) != 1) {
511
+ PKCS7_SIGNER_INFO_free(si_new);
512
+ ossl_raise(ePKCS7Error, "PKCS7_add_signer");
550
513
  }
551
514
 
552
515
  return self;
@@ -582,13 +545,18 @@ static VALUE
582
545
  ossl_pkcs7_add_recipient(VALUE self, VALUE recip)
583
546
  {
584
547
  PKCS7 *pkcs7;
585
- PKCS7_RECIP_INFO *ri;
548
+ PKCS7_RECIP_INFO *ri, *ri_new;
586
549
 
587
- ri = DupPKCS7RecipientPtr(recip); /* NEED TO DUP */
588
550
  GetPKCS7(self, pkcs7);
589
- if (!PKCS7_add_recipient_info(pkcs7, ri)) {
590
- PKCS7_RECIP_INFO_free(ri);
591
- ossl_raise(ePKCS7Error, "Could not add recipient.");
551
+ GetPKCS7ri(recip, ri);
552
+
553
+ ri_new = ossl_PKCS7_RECIP_INFO_dup(ri);
554
+ if (!ri_new)
555
+ ossl_raise(ePKCS7Error, "PKCS7_RECIP_INFO_dup");
556
+
557
+ if (PKCS7_add_recipient_info(pkcs7, ri_new) != 1) {
558
+ PKCS7_RECIP_INFO_free(ri_new);
559
+ ossl_raise(ePKCS7Error, "PKCS7_add_recipient_info");
592
560
  }
593
561
 
594
562
  return self;
@@ -803,9 +771,9 @@ ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self)
803
771
  BIO *out;
804
772
  VALUE str;
805
773
 
806
- rb_scan_args(argc, argv, "21", &pkey, &cert, &flags);
774
+ rb_scan_args(argc, argv, "12", &pkey, &cert, &flags);
807
775
  key = GetPrivPKeyPtr(pkey); /* NO NEED TO DUP */
808
- x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
776
+ x509 = NIL_P(cert) ? NULL : GetX509CertPtr(cert); /* NO NEED TO DUP */
809
777
  flg = NIL_P(flags) ? 0 : NUM2INT(flags);
810
778
  GetPKCS7(self, p7);
811
779
  if(!(out = BIO_new(BIO_s_mem())))
@@ -1088,7 +1056,6 @@ Init_ossl_pkcs7(void)
1088
1056
  rb_define_alloc_func(cPKCS7Signer, ossl_pkcs7si_alloc);
1089
1057
  rb_define_method(cPKCS7Signer, "initialize", ossl_pkcs7si_initialize,3);
1090
1058
  rb_define_method(cPKCS7Signer, "issuer", ossl_pkcs7si_get_issuer, 0);
1091
- rb_define_alias(cPKCS7Signer, "name", "issuer");
1092
1059
  rb_define_method(cPKCS7Signer, "serial", ossl_pkcs7si_get_serial,0);
1093
1060
  rb_define_method(cPKCS7Signer,"signed_time",ossl_pkcs7si_get_signed_time,0);
1094
1061
 
@@ -10,6 +10,22 @@
10
10
  #if !defined(_OSSL_PKCS7_H_)
11
11
  #define _OSSL_PKCS7_H_
12
12
 
13
+ #define NewPKCS7(klass) \
14
+ TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0)
15
+ #define SetPKCS7(obj, pkcs7) do { \
16
+ if (!(pkcs7)) { \
17
+ ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
18
+ } \
19
+ RTYPEDDATA_DATA(obj) = (pkcs7); \
20
+ } while (0)
21
+ #define GetPKCS7(obj, pkcs7) do { \
22
+ TypedData_Get_Struct((obj), PKCS7, &ossl_pkcs7_type, (pkcs7)); \
23
+ if (!(pkcs7)) { \
24
+ ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
25
+ } \
26
+ } while (0)
27
+
28
+ extern const rb_data_type_t ossl_pkcs7_type;
13
29
  extern VALUE cPKCS7;
14
30
  extern VALUE cPKCS7Signer;
15
31
  extern VALUE cPKCS7Recipient;