openssl 2.2.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +260 -0
  4. data/ext/openssl/extconf.rb +85 -72
  5. data/ext/openssl/openssl_missing.c +0 -66
  6. data/ext/openssl/openssl_missing.h +26 -45
  7. data/ext/openssl/ossl.c +67 -47
  8. data/ext/openssl/ossl.h +26 -6
  9. data/ext/openssl/ossl_asn1.c +26 -13
  10. data/ext/openssl/ossl_bn.c +278 -142
  11. data/ext/openssl/ossl_bn.h +2 -1
  12. data/ext/openssl/ossl_cipher.c +12 -13
  13. data/ext/openssl/ossl_config.c +412 -41
  14. data/ext/openssl/ossl_config.h +4 -7
  15. data/ext/openssl/ossl_digest.c +15 -11
  16. data/ext/openssl/ossl_engine.c +16 -15
  17. data/ext/openssl/ossl_hmac.c +56 -135
  18. data/ext/openssl/ossl_kdf.c +11 -3
  19. data/ext/openssl/ossl_ocsp.c +5 -53
  20. data/ext/openssl/ossl_pkcs12.c +21 -3
  21. data/ext/openssl/ossl_pkcs7.c +42 -59
  22. data/ext/openssl/ossl_pkey.c +1142 -191
  23. data/ext/openssl/ossl_pkey.h +36 -73
  24. data/ext/openssl/ossl_pkey_dh.c +130 -340
  25. data/ext/openssl/ossl_pkey_dsa.c +100 -405
  26. data/ext/openssl/ossl_pkey_ec.c +163 -335
  27. data/ext/openssl/ossl_pkey_rsa.c +106 -493
  28. data/ext/openssl/ossl_ssl.c +529 -421
  29. data/ext/openssl/ossl_ssl_session.c +28 -29
  30. data/ext/openssl/ossl_ts.c +64 -39
  31. data/ext/openssl/ossl_x509.c +0 -6
  32. data/ext/openssl/ossl_x509cert.c +167 -11
  33. data/ext/openssl/ossl_x509crl.c +13 -10
  34. data/ext/openssl/ossl_x509ext.c +1 -2
  35. data/ext/openssl/ossl_x509name.c +9 -2
  36. data/ext/openssl/ossl_x509req.c +13 -10
  37. data/ext/openssl/ossl_x509revoked.c +3 -3
  38. data/ext/openssl/ossl_x509store.c +193 -90
  39. data/lib/openssl/buffering.rb +10 -1
  40. data/lib/openssl/hmac.rb +65 -0
  41. data/lib/openssl/pkey.rb +429 -0
  42. data/lib/openssl/ssl.rb +13 -8
  43. data/lib/openssl/version.rb +1 -1
  44. data/lib/openssl/x509.rb +22 -0
  45. data/lib/openssl.rb +0 -1
  46. metadata +8 -66
  47. data/ext/openssl/ruby_missing.h +0 -24
  48. data/lib/openssl/config.rb +0 -501
@@ -10,77 +10,11 @@
10
10
  #include RUBY_EXTCONF_H
11
11
 
12
12
  #include <string.h> /* memcpy() */
13
- #if !defined(OPENSSL_NO_ENGINE)
14
- # include <openssl/engine.h>
15
- #endif
16
- #if !defined(OPENSSL_NO_HMAC)
17
- # include <openssl/hmac.h>
18
- #endif
19
13
  #include <openssl/x509_vfy.h>
20
14
 
21
15
  #include "openssl_missing.h"
22
16
 
23
- /* added in 1.0.2 */
24
- #if !defined(OPENSSL_NO_EC)
25
- #if !defined(HAVE_EC_CURVE_NIST2NID)
26
- static struct {
27
- const char *name;
28
- int nid;
29
- } nist_curves[] = {
30
- {"B-163", NID_sect163r2},
31
- {"B-233", NID_sect233r1},
32
- {"B-283", NID_sect283r1},
33
- {"B-409", NID_sect409r1},
34
- {"B-571", NID_sect571r1},
35
- {"K-163", NID_sect163k1},
36
- {"K-233", NID_sect233k1},
37
- {"K-283", NID_sect283k1},
38
- {"K-409", NID_sect409k1},
39
- {"K-571", NID_sect571k1},
40
- {"P-192", NID_X9_62_prime192v1},
41
- {"P-224", NID_secp224r1},
42
- {"P-256", NID_X9_62_prime256v1},
43
- {"P-384", NID_secp384r1},
44
- {"P-521", NID_secp521r1}
45
- };
46
-
47
- int
48
- ossl_EC_curve_nist2nid(const char *name)
49
- {
50
- size_t i;
51
- for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
52
- if (!strcmp(nist_curves[i].name, name))
53
- return nist_curves[i].nid;
54
- }
55
- return NID_undef;
56
- }
57
- #endif
58
- #endif
59
-
60
17
  /*** added in 1.1.0 ***/
61
- #if !defined(HAVE_HMAC_CTX_NEW)
62
- HMAC_CTX *
63
- ossl_HMAC_CTX_new(void)
64
- {
65
- HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
66
- if (!ctx)
67
- return NULL;
68
- HMAC_CTX_init(ctx);
69
- return ctx;
70
- }
71
- #endif
72
-
73
- #if !defined(HAVE_HMAC_CTX_FREE)
74
- void
75
- ossl_HMAC_CTX_free(HMAC_CTX *ctx)
76
- {
77
- if (ctx) {
78
- HMAC_CTX_cleanup(ctx);
79
- OPENSSL_free(ctx);
80
- }
81
- }
82
- #endif
83
-
84
18
  #if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
85
19
  void
86
20
  ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
@@ -12,40 +12,7 @@
12
12
 
13
13
  #include "ruby/config.h"
14
14
 
15
- /* added in 1.0.2 */
16
- #if !defined(OPENSSL_NO_EC)
17
- #if !defined(HAVE_EC_CURVE_NIST2NID)
18
- int ossl_EC_curve_nist2nid(const char *);
19
- # define EC_curve_nist2nid ossl_EC_curve_nist2nid
20
- #endif
21
- #endif
22
-
23
- #if !defined(HAVE_X509_REVOKED_DUP)
24
- # define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
25
- (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
26
- #endif
27
-
28
- #if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
29
- # define X509_STORE_CTX_get0_store(x) ((x)->ctx)
30
- #endif
31
-
32
- #if !defined(HAVE_SSL_IS_SERVER)
33
- # define SSL_is_server(s) ((s)->server)
34
- #endif
35
-
36
15
  /* added in 1.1.0 */
37
- #if !defined(HAVE_BN_GENCB_NEW)
38
- # define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
39
- #endif
40
-
41
- #if !defined(HAVE_BN_GENCB_FREE)
42
- # define BN_GENCB_free(cb) OPENSSL_free(cb)
43
- #endif
44
-
45
- #if !defined(HAVE_BN_GENCB_GET_ARG)
46
- # define BN_GENCB_get_arg(cb) (cb)->arg
47
- #endif
48
-
49
16
  #if !defined(HAVE_EVP_MD_CTX_NEW)
50
17
  # define EVP_MD_CTX_new EVP_MD_CTX_create
51
18
  #endif
@@ -54,16 +21,6 @@ int ossl_EC_curve_nist2nid(const char *);
54
21
  # define EVP_MD_CTX_free EVP_MD_CTX_destroy
55
22
  #endif
56
23
 
57
- #if !defined(HAVE_HMAC_CTX_NEW)
58
- HMAC_CTX *ossl_HMAC_CTX_new(void);
59
- # define HMAC_CTX_new ossl_HMAC_CTX_new
60
- #endif
61
-
62
- #if !defined(HAVE_HMAC_CTX_FREE)
63
- void ossl_HMAC_CTX_free(HMAC_CTX *);
64
- # define HMAC_CTX_free ossl_HMAC_CTX_free
65
- #endif
66
-
67
24
  #if !defined(HAVE_X509_STORE_GET_EX_DATA)
68
25
  # define X509_STORE_get_ex_data(x, idx) \
69
26
  CRYPTO_get_ex_data(&(x)->ex_data, (idx))
@@ -147,8 +104,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
147
104
  CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
148
105
  #endif
149
106
 
150
- #if !defined(HAVE_OPAQUE_OPENSSL) && \
151
- (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
107
+ #if !defined(HAVE_OPAQUE_OPENSSL)
152
108
  #define IMPL_PKEY_GETTER(_type, _name) \
153
109
  static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
154
110
  return pkey->pkey._name; }
@@ -254,4 +210,29 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
254
210
  } while (0)
255
211
  #endif
256
212
 
213
+ /* added in 3.0.0 */
214
+ #if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
215
+ # define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
216
+ #endif
217
+
218
+ #ifndef HAVE_EVP_MD_CTX_GET0_MD
219
+ # define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
220
+ #endif
221
+
222
+ /*
223
+ * OpenSSL 1.1.0 added EVP_MD_CTX_pkey_ctx(), and then it was renamed to
224
+ * EVP_MD_CTX_get_pkey_ctx(x) in OpenSSL 3.0.
225
+ */
226
+ #ifndef HAVE_EVP_MD_CTX_GET_PKEY_CTX
227
+ # ifdef HAVE_EVP_MD_CTX_PKEY_CTX
228
+ # define EVP_MD_CTX_get_pkey_ctx(x) EVP_MD_CTX_pkey_ctx(x)
229
+ # else
230
+ # define EVP_MD_CTX_get_pkey_ctx(x) (x)->pctx
231
+ # endif
232
+ #endif
233
+
234
+ #ifndef HAVE_EVP_PKEY_EQ
235
+ # define EVP_PKEY_eq(a, b) EVP_PKEY_cmp(a, b)
236
+ #endif
237
+
257
238
  #endif /* _OSSL_OPENSSL_MISSING_H_ */
data/ext/openssl/ossl.c CHANGED
@@ -9,13 +9,19 @@
9
9
  */
10
10
  #include "ossl.h"
11
11
  #include <stdarg.h> /* for ossl_raise */
12
- #include <ruby/thread_native.h> /* for OpenSSL < 1.1.0 locks */
12
+
13
+ /* OpenSSL >= 1.1.0 and LibreSSL >= 2.9.0 */
14
+ #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER >= 0x10100000
15
+ # define HAVE_OPENSSL_110_THREADING_API
16
+ #else
17
+ # include <ruby/thread_native.h>
18
+ #endif
13
19
 
14
20
  /*
15
21
  * Data Conversion
16
22
  */
17
23
  #define OSSL_IMPL_ARY2SK(name, type, expected_class, dup) \
18
- STACK_OF(type) * \
24
+ VALUE \
19
25
  ossl_##name##_ary2sk0(VALUE ary) \
20
26
  { \
21
27
  STACK_OF(type) *sk; \
@@ -37,7 +43,7 @@ ossl_##name##_ary2sk0(VALUE ary) \
37
43
  x = dup(val); /* NEED TO DUP */ \
38
44
  sk_##type##_push(sk, x); \
39
45
  } \
40
- return sk; \
46
+ return (VALUE)sk; \
41
47
  } \
42
48
  \
43
49
  STACK_OF(type) * \
@@ -262,15 +268,11 @@ ossl_to_der_if_possible(VALUE obj)
262
268
  /*
263
269
  * Errors
264
270
  */
265
- static VALUE
266
- ossl_make_error(VALUE exc, const char *fmt, va_list args)
271
+ VALUE
272
+ ossl_make_error(VALUE exc, VALUE str)
267
273
  {
268
- VALUE str = Qnil;
269
274
  unsigned long e;
270
275
 
271
- if (fmt) {
272
- str = rb_vsprintf(fmt, args);
273
- }
274
276
  e = ERR_peek_last_error();
275
277
  if (e) {
276
278
  const char *msg = ERR_reason_error_string(e);
@@ -294,37 +296,48 @@ ossl_raise(VALUE exc, const char *fmt, ...)
294
296
  {
295
297
  va_list args;
296
298
  VALUE err;
297
- va_start(args, fmt);
298
- err = ossl_make_error(exc, fmt, args);
299
- va_end(args);
300
- rb_exc_raise(err);
299
+
300
+ if (fmt) {
301
+ va_start(args, fmt);
302
+ err = rb_vsprintf(fmt, args);
303
+ va_end(args);
304
+ }
305
+ else {
306
+ err = Qnil;
307
+ }
308
+
309
+ rb_exc_raise(ossl_make_error(exc, err));
301
310
  }
302
311
 
303
312
  void
304
313
  ossl_clear_error(void)
305
314
  {
306
315
  if (dOSSL == Qtrue) {
307
- unsigned long e;
308
- const char *file, *data, *errstr;
309
- int line, flags;
310
-
311
- while ((e = ERR_get_error_line_data(&file, &line, &data, &flags))) {
312
- errstr = ERR_error_string(e, NULL);
313
- if (!errstr)
314
- errstr = "(null)";
315
-
316
- if (flags & ERR_TXT_STRING) {
317
- if (!data)
318
- data = "(null)";
319
- rb_warn("error on stack: %s (%s)", errstr, data);
320
- }
321
- else {
322
- rb_warn("error on stack: %s", errstr);
323
- }
324
- }
316
+ unsigned long e;
317
+ const char *file, *data, *func, *lib, *reason;
318
+ char append[256] = "";
319
+ int line, flags;
320
+
321
+ #ifdef HAVE_ERR_GET_ERROR_ALL
322
+ while ((e = ERR_get_error_all(&file, &line, &func, &data, &flags))) {
323
+ #else
324
+ while ((e = ERR_get_error_line_data(&file, &line, &data, &flags))) {
325
+ func = ERR_func_error_string(e);
326
+ #endif
327
+ lib = ERR_lib_error_string(e);
328
+ reason = ERR_reason_error_string(e);
329
+
330
+ if (flags & ERR_TXT_STRING) {
331
+ if (!data)
332
+ data = "(null)";
333
+ snprintf(append, sizeof(append), " (%s)", data);
334
+ }
335
+ rb_warn("error on stack: error:%08lX:%s:%s:%s%s", e, lib ? lib : "",
336
+ func ? func : "", reason ? reason : "", append);
337
+ }
325
338
  }
326
339
  else {
327
- ERR_clear_error();
340
+ ERR_clear_error();
328
341
  }
329
342
  }
330
343
 
@@ -386,7 +399,7 @@ ossl_debug_get(VALUE self)
386
399
  * call-seq:
387
400
  * OpenSSL.debug = boolean -> boolean
388
401
  *
389
- * Turns on or off debug mode. With debug mode, all erros added to the OpenSSL
402
+ * Turns on or off debug mode. With debug mode, all errors added to the OpenSSL
390
403
  * error queue will be printed to stderr.
391
404
  */
392
405
  static VALUE
@@ -497,8 +510,11 @@ print_mem_leaks(VALUE self)
497
510
  int ret;
498
511
  #endif
499
512
 
500
- BN_CTX_free(ossl_bn_ctx);
501
- ossl_bn_ctx = NULL;
513
+ #ifndef HAVE_RB_EXT_RACTOR_SAFE
514
+ // for Ruby 2.x
515
+ void ossl_bn_ctx_free(void); // ossl_bn.c
516
+ ossl_bn_ctx_free();
517
+ #endif
502
518
 
503
519
  #if OPENSSL_VERSION_NUMBER >= 0x10100000
504
520
  ret = CRYPTO_mem_leaks_fp(stderr);
@@ -664,7 +680,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
664
680
  * ahold of the key may use it unless it is encrypted. In order to securely
665
681
  * export a key you may export it with a pass phrase.
666
682
  *
667
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
683
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
668
684
  * pass_phrase = 'my secure pass phrase goes here'
669
685
  *
670
686
  * key_secure = key.export cipher, pass_phrase
@@ -679,13 +695,13 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
679
695
  *
680
696
  * A key can also be loaded from a file.
681
697
  *
682
- * key2 = OpenSSL::PKey::RSA.new File.read 'private_key.pem'
698
+ * key2 = OpenSSL::PKey.read File.read 'private_key.pem'
683
699
  * key2.public? # => true
684
700
  * key2.private? # => true
685
701
  *
686
702
  * or
687
703
  *
688
- * key3 = OpenSSL::PKey::RSA.new File.read 'public_key.pem'
704
+ * key3 = OpenSSL::PKey.read File.read 'public_key.pem'
689
705
  * key3.public? # => true
690
706
  * key3.private? # => false
691
707
  *
@@ -697,7 +713,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
697
713
  *
698
714
  * key4_pem = File.read 'private.secure.pem'
699
715
  * pass_phrase = 'my secure pass phrase goes here'
700
- * key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
716
+ * key4 = OpenSSL::PKey.read key4_pem, pass_phrase
701
717
  *
702
718
  * == RSA Encryption
703
719
  *
@@ -772,7 +788,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
772
788
  * using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt,
773
789
  * the number of iterations largely depends on the hardware being used.
774
790
  *
775
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
791
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
776
792
  * cipher.encrypt
777
793
  * iv = cipher.random_iv
778
794
  *
@@ -795,7 +811,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
795
811
  * Use the same steps as before to derive the symmetric AES key, this time
796
812
  * setting the Cipher up for decryption.
797
813
  *
798
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
814
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
799
815
  * cipher.decrypt
800
816
  * cipher.iv = iv # the one generated with #random_iv
801
817
  *
@@ -830,7 +846,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
830
846
  *
831
847
  * First set up the cipher for encryption
832
848
  *
833
- * encryptor = OpenSSL::Cipher.new 'AES-256-CBC'
849
+ * encryptor = OpenSSL::Cipher.new 'aes-256-cbc'
834
850
  * encryptor.encrypt
835
851
  * encryptor.pkcs5_keyivgen pass_phrase, salt
836
852
  *
@@ -843,7 +859,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
843
859
  *
844
860
  * Use a new Cipher instance set up for decryption
845
861
  *
846
- * decryptor = OpenSSL::Cipher.new 'AES-256-CBC'
862
+ * decryptor = OpenSSL::Cipher.new 'aes-256-cbc'
847
863
  * decryptor.decrypt
848
864
  * decryptor.pkcs5_keyivgen pass_phrase, salt
849
865
  *
@@ -931,7 +947,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
931
947
  * ca_key = OpenSSL::PKey::RSA.new 2048
932
948
  * pass_phrase = 'my secure pass phrase goes here'
933
949
  *
934
- * cipher = OpenSSL::Cipher.new 'AES-256-CBC'
950
+ * cipher = OpenSSL::Cipher.new 'aes-256-cbc'
935
951
  *
936
952
  * open 'ca_key.pem', 'w', 0400 do |io|
937
953
  * io.write ca_key.export(cipher, pass_phrase)
@@ -1069,13 +1085,13 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
1069
1085
  * loop do
1070
1086
  * ssl_connection = ssl_server.accept
1071
1087
  *
1072
- * data = connection.gets
1088
+ * data = ssl_connection.gets
1073
1089
  *
1074
1090
  * response = "I got #{data.dump}"
1075
1091
  * puts response
1076
1092
  *
1077
- * connection.puts "I got #{data.dump}"
1078
- * connection.close
1093
+ * ssl_connection.puts "I got #{data.dump}"
1094
+ * ssl_connection.close
1079
1095
  * end
1080
1096
  *
1081
1097
  * === SSL client
@@ -1126,6 +1142,10 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
1126
1142
  void
1127
1143
  Init_openssl(void)
1128
1144
  {
1145
+ #ifdef HAVE_RB_EXT_RACTOR_SAFE
1146
+ rb_ext_ractor_safe(true);
1147
+ #endif
1148
+
1129
1149
  #undef rb_intern
1130
1150
  /*
1131
1151
  * Init timezone info
data/ext/openssl/ossl.h CHANGED
@@ -18,22 +18,19 @@
18
18
  #include <ruby/io.h>
19
19
  #include <ruby/thread.h>
20
20
  #include <openssl/opensslv.h>
21
+
21
22
  #include <openssl/err.h>
22
23
  #include <openssl/asn1.h>
23
24
  #include <openssl/x509v3.h>
24
25
  #include <openssl/ssl.h>
25
26
  #include <openssl/pkcs12.h>
26
27
  #include <openssl/pkcs7.h>
27
- #include <openssl/hmac.h>
28
28
  #include <openssl/rand.h>
29
29
  #include <openssl/conf.h>
30
30
  #ifndef OPENSSL_NO_TS
31
31
  #include <openssl/ts.h>
32
32
  #endif
33
33
  #include <openssl/crypto.h>
34
- #if !defined(OPENSSL_NO_ENGINE)
35
- # include <openssl/engine.h>
36
- #endif
37
34
  #if !defined(OPENSSL_NO_OCSP)
38
35
  # include <openssl/ocsp.h>
39
36
  #endif
@@ -43,6 +40,28 @@
43
40
  #include <openssl/evp.h>
44
41
  #include <openssl/dh.h>
45
42
 
43
+ #ifndef LIBRESSL_VERSION_NUMBER
44
+ # define OSSL_IS_LIBRESSL 0
45
+ # define OSSL_OPENSSL_PREREQ(maj, min, pat) \
46
+ (OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
47
+ # define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
48
+ #else
49
+ # define OSSL_IS_LIBRESSL 1
50
+ # define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
51
+ # define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
52
+ (LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
53
+ #endif
54
+
55
+ #if OSSL_OPENSSL_PREREQ(3, 0, 0)
56
+ # define OSSL_3_const const
57
+ #else
58
+ # define OSSL_3_const /* const */
59
+ #endif
60
+
61
+ #if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
62
+ # define OSSL_USE_ENGINE
63
+ #endif
64
+
46
65
  /*
47
66
  * Common Module
48
67
  */
@@ -121,7 +140,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
121
140
  /*
122
141
  * ERRor messages
123
142
  */
124
- NORETURN(void ossl_raise(VALUE, const char *, ...));
143
+ PRINTF_ARGS(NORETURN(void ossl_raise(VALUE, const char *, ...)), 2, 3);
144
+ /* Make exception instance from str and OpenSSL error reason string. */
145
+ VALUE ossl_make_error(VALUE exc, VALUE str);
125
146
  /* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
126
147
  void ossl_clear_error(void);
127
148
 
@@ -154,7 +175,6 @@ void ossl_debug(const char *, ...);
154
175
  * Include all parts
155
176
  */
156
177
  #include "openssl_missing.h"
157
- #include "ruby_missing.h"
158
178
  #include "ossl_asn1.h"
159
179
  #include "ossl_bio.h"
160
180
  #include "ossl_bn.h"
@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
69
69
  return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
70
70
  }
71
71
 
72
+ static VALUE
73
+ asn1time_to_time_i(VALUE arg)
74
+ {
75
+ return asn1time_to_time((ASN1_TIME *)arg);
76
+ }
77
+
72
78
  void
73
79
  ossl_time_split(VALUE time, time_t *sec, int *days)
74
80
  {
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
136
142
  return ai;
137
143
  }
138
144
 
145
+ static VALUE
146
+ asn1integer_to_num_i(VALUE arg)
147
+ {
148
+ return asn1integer_to_num((ASN1_INTEGER *)arg);
149
+ }
150
+
139
151
  /********/
140
152
  /*
141
153
  * ASN1 module
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
325
337
  p = der;
326
338
  if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
327
339
  ossl_raise(eASN1Error, NULL);
328
- ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
340
+ ret = rb_protect(asn1integer_to_num_i,
329
341
  (VALUE)ai, &status);
330
342
  ASN1_INTEGER_free(ai);
331
343
  if(status) rb_jump_tag(status);
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
365
377
  p = der;
366
378
  if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
367
379
  ossl_raise(eASN1Error, NULL);
368
- ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
380
+ ret = rb_protect(asn1integer_to_num_i,
369
381
  (VALUE)ai, &status);
370
382
  ASN1_ENUMERATED_free(ai);
371
383
  if(status) rb_jump_tag(status);
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
427
439
  p = der;
428
440
  if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
429
441
  ossl_raise(eASN1Error, NULL);
430
- ret = rb_protect((VALUE (*)(VALUE))asn1time_to_time,
442
+ ret = rb_protect(asn1time_to_time_i,
431
443
  (VALUE)time, &status);
432
444
  ASN1_TIME_free(time);
433
445
  if(status) rb_jump_tag(status);
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
497
509
  ASN1_TYPE *ret;
498
510
  VALUE value, rflag;
499
511
  void *ptr;
500
- void (*free_func)();
512
+ typedef void free_func_type(void *);
513
+ free_func_type *free_func;
501
514
  int tag;
502
515
 
503
516
  tag = ossl_asn1_default_tag(obj);
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
510
523
  case V_ASN1_INTEGER: /* FALLTHROUGH */
511
524
  case V_ASN1_ENUMERATED:
512
525
  ptr = obj_to_asn1int(value);
513
- free_func = ASN1_INTEGER_free;
526
+ free_func = (free_func_type *)ASN1_INTEGER_free;
514
527
  break;
515
528
  case V_ASN1_BIT_STRING:
516
529
  rflag = rb_attr_get(obj, sivUNUSED_BITS);
517
530
  ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
518
- free_func = ASN1_BIT_STRING_free;
531
+ free_func = (free_func_type *)ASN1_BIT_STRING_free;
519
532
  break;
520
533
  case V_ASN1_NULL:
521
534
  ptr = obj_to_asn1null(value);
522
- free_func = ASN1_NULL_free;
535
+ free_func = (free_func_type *)ASN1_NULL_free;
523
536
  break;
524
537
  case V_ASN1_OCTET_STRING: /* FALLTHROUGH */
525
538
  case V_ASN1_UTF8STRING: /* FALLTHROUGH */
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
534
547
  case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
535
548
  case V_ASN1_BMPSTRING:
536
549
  ptr = obj_to_asn1str(value);
537
- free_func = ASN1_STRING_free;
550
+ free_func = (free_func_type *)ASN1_STRING_free;
538
551
  break;
539
552
  case V_ASN1_OBJECT:
540
553
  ptr = obj_to_asn1obj(value);
541
- free_func = ASN1_OBJECT_free;
554
+ free_func = (free_func_type *)ASN1_OBJECT_free;
542
555
  break;
543
556
  case V_ASN1_UTCTIME:
544
557
  ptr = obj_to_asn1utime(value);
545
- free_func = ASN1_TIME_free;
558
+ free_func = (free_func_type *)ASN1_TIME_free;
546
559
  break;
547
560
  case V_ASN1_GENERALIZEDTIME:
548
561
  ptr = obj_to_asn1gtime(value);
549
- free_func = ASN1_TIME_free;
562
+ free_func = (free_func_type *)ASN1_TIME_free;
550
563
  break;
551
564
  case V_ASN1_SET: /* FALLTHROUGH */
552
565
  case V_ASN1_SEQUENCE:
553
566
  ptr = obj_to_asn1derstr(obj);
554
- free_func = ASN1_STRING_free;
567
+ free_func = (free_func_type *)ASN1_STRING_free;
555
568
  break;
556
569
  default:
557
570
  ossl_raise(eASN1Error, "unsupported ASN.1 type");
@@ -1510,7 +1523,7 @@ Init_ossl_asn1(void)
1510
1523
  *
1511
1524
  * An Array that stores the name of a given tag number. These names are
1512
1525
  * the same as the name of the tag constant that is additionally defined,
1513
- * e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2.
1526
+ * e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
1514
1527
  *
1515
1528
  * == Example usage
1516
1529
  *