openssl 2.2.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +33 -45
- data/History.md +260 -0
- data/ext/openssl/extconf.rb +85 -72
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +26 -45
- data/ext/openssl/ossl.c +67 -47
- data/ext/openssl/ossl.h +26 -6
- data/ext/openssl/ossl_asn1.c +26 -13
- data/ext/openssl/ossl_bn.c +278 -142
- data/ext/openssl/ossl_bn.h +2 -1
- data/ext/openssl/ossl_cipher.c +12 -13
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +15 -11
- data/ext/openssl/ossl_engine.c +16 -15
- data/ext/openssl/ossl_hmac.c +56 -135
- data/ext/openssl/ossl_kdf.c +11 -3
- data/ext/openssl/ossl_ocsp.c +5 -53
- data/ext/openssl/ossl_pkcs12.c +21 -3
- data/ext/openssl/ossl_pkcs7.c +42 -59
- data/ext/openssl/ossl_pkey.c +1142 -191
- data/ext/openssl/ossl_pkey.h +36 -73
- data/ext/openssl/ossl_pkey_dh.c +130 -340
- data/ext/openssl/ossl_pkey_dsa.c +100 -405
- data/ext/openssl/ossl_pkey_ec.c +163 -335
- data/ext/openssl/ossl_pkey_rsa.c +106 -493
- data/ext/openssl/ossl_ssl.c +529 -421
- data/ext/openssl/ossl_ssl_session.c +28 -29
- data/ext/openssl/ossl_ts.c +64 -39
- data/ext/openssl/ossl_x509.c +0 -6
- data/ext/openssl/ossl_x509cert.c +167 -11
- data/ext/openssl/ossl_x509crl.c +13 -10
- data/ext/openssl/ossl_x509ext.c +1 -2
- data/ext/openssl/ossl_x509name.c +9 -2
- data/ext/openssl/ossl_x509req.c +13 -10
- data/ext/openssl/ossl_x509revoked.c +3 -3
- data/ext/openssl/ossl_x509store.c +193 -90
- data/lib/openssl/buffering.rb +10 -1
- data/lib/openssl/hmac.rb +65 -0
- data/lib/openssl/pkey.rb +429 -0
- data/lib/openssl/ssl.rb +13 -8
- data/lib/openssl/version.rb +1 -1
- data/lib/openssl/x509.rb +22 -0
- data/lib/openssl.rb +0 -1
- metadata +8 -66
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -501
@@ -10,77 +10,11 @@
|
|
10
10
|
#include RUBY_EXTCONF_H
|
11
11
|
|
12
12
|
#include <string.h> /* memcpy() */
|
13
|
-
#if !defined(OPENSSL_NO_ENGINE)
|
14
|
-
# include <openssl/engine.h>
|
15
|
-
#endif
|
16
|
-
#if !defined(OPENSSL_NO_HMAC)
|
17
|
-
# include <openssl/hmac.h>
|
18
|
-
#endif
|
19
13
|
#include <openssl/x509_vfy.h>
|
20
14
|
|
21
15
|
#include "openssl_missing.h"
|
22
16
|
|
23
|
-
/* added in 1.0.2 */
|
24
|
-
#if !defined(OPENSSL_NO_EC)
|
25
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
26
|
-
static struct {
|
27
|
-
const char *name;
|
28
|
-
int nid;
|
29
|
-
} nist_curves[] = {
|
30
|
-
{"B-163", NID_sect163r2},
|
31
|
-
{"B-233", NID_sect233r1},
|
32
|
-
{"B-283", NID_sect283r1},
|
33
|
-
{"B-409", NID_sect409r1},
|
34
|
-
{"B-571", NID_sect571r1},
|
35
|
-
{"K-163", NID_sect163k1},
|
36
|
-
{"K-233", NID_sect233k1},
|
37
|
-
{"K-283", NID_sect283k1},
|
38
|
-
{"K-409", NID_sect409k1},
|
39
|
-
{"K-571", NID_sect571k1},
|
40
|
-
{"P-192", NID_X9_62_prime192v1},
|
41
|
-
{"P-224", NID_secp224r1},
|
42
|
-
{"P-256", NID_X9_62_prime256v1},
|
43
|
-
{"P-384", NID_secp384r1},
|
44
|
-
{"P-521", NID_secp521r1}
|
45
|
-
};
|
46
|
-
|
47
|
-
int
|
48
|
-
ossl_EC_curve_nist2nid(const char *name)
|
49
|
-
{
|
50
|
-
size_t i;
|
51
|
-
for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
|
52
|
-
if (!strcmp(nist_curves[i].name, name))
|
53
|
-
return nist_curves[i].nid;
|
54
|
-
}
|
55
|
-
return NID_undef;
|
56
|
-
}
|
57
|
-
#endif
|
58
|
-
#endif
|
59
|
-
|
60
17
|
/*** added in 1.1.0 ***/
|
61
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
62
|
-
HMAC_CTX *
|
63
|
-
ossl_HMAC_CTX_new(void)
|
64
|
-
{
|
65
|
-
HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
|
66
|
-
if (!ctx)
|
67
|
-
return NULL;
|
68
|
-
HMAC_CTX_init(ctx);
|
69
|
-
return ctx;
|
70
|
-
}
|
71
|
-
#endif
|
72
|
-
|
73
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
74
|
-
void
|
75
|
-
ossl_HMAC_CTX_free(HMAC_CTX *ctx)
|
76
|
-
{
|
77
|
-
if (ctx) {
|
78
|
-
HMAC_CTX_cleanup(ctx);
|
79
|
-
OPENSSL_free(ctx);
|
80
|
-
}
|
81
|
-
}
|
82
|
-
#endif
|
83
|
-
|
84
18
|
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
|
85
19
|
void
|
86
20
|
ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
|
@@ -12,40 +12,7 @@
|
|
12
12
|
|
13
13
|
#include "ruby/config.h"
|
14
14
|
|
15
|
-
/* added in 1.0.2 */
|
16
|
-
#if !defined(OPENSSL_NO_EC)
|
17
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
18
|
-
int ossl_EC_curve_nist2nid(const char *);
|
19
|
-
# define EC_curve_nist2nid ossl_EC_curve_nist2nid
|
20
|
-
#endif
|
21
|
-
#endif
|
22
|
-
|
23
|
-
#if !defined(HAVE_X509_REVOKED_DUP)
|
24
|
-
# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
|
25
|
-
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
|
26
|
-
#endif
|
27
|
-
|
28
|
-
#if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
|
29
|
-
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
|
30
|
-
#endif
|
31
|
-
|
32
|
-
#if !defined(HAVE_SSL_IS_SERVER)
|
33
|
-
# define SSL_is_server(s) ((s)->server)
|
34
|
-
#endif
|
35
|
-
|
36
15
|
/* added in 1.1.0 */
|
37
|
-
#if !defined(HAVE_BN_GENCB_NEW)
|
38
|
-
# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
|
39
|
-
#endif
|
40
|
-
|
41
|
-
#if !defined(HAVE_BN_GENCB_FREE)
|
42
|
-
# define BN_GENCB_free(cb) OPENSSL_free(cb)
|
43
|
-
#endif
|
44
|
-
|
45
|
-
#if !defined(HAVE_BN_GENCB_GET_ARG)
|
46
|
-
# define BN_GENCB_get_arg(cb) (cb)->arg
|
47
|
-
#endif
|
48
|
-
|
49
16
|
#if !defined(HAVE_EVP_MD_CTX_NEW)
|
50
17
|
# define EVP_MD_CTX_new EVP_MD_CTX_create
|
51
18
|
#endif
|
@@ -54,16 +21,6 @@ int ossl_EC_curve_nist2nid(const char *);
|
|
54
21
|
# define EVP_MD_CTX_free EVP_MD_CTX_destroy
|
55
22
|
#endif
|
56
23
|
|
57
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
58
|
-
HMAC_CTX *ossl_HMAC_CTX_new(void);
|
59
|
-
# define HMAC_CTX_new ossl_HMAC_CTX_new
|
60
|
-
#endif
|
61
|
-
|
62
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
63
|
-
void ossl_HMAC_CTX_free(HMAC_CTX *);
|
64
|
-
# define HMAC_CTX_free ossl_HMAC_CTX_free
|
65
|
-
#endif
|
66
|
-
|
67
24
|
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
|
68
25
|
# define X509_STORE_get_ex_data(x, idx) \
|
69
26
|
CRYPTO_get_ex_data(&(x)->ex_data, (idx))
|
@@ -147,8 +104,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
147
104
|
CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
148
105
|
#endif
|
149
106
|
|
150
|
-
#if !defined(HAVE_OPAQUE_OPENSSL)
|
151
|
-
(!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
107
|
+
#if !defined(HAVE_OPAQUE_OPENSSL)
|
152
108
|
#define IMPL_PKEY_GETTER(_type, _name) \
|
153
109
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
154
110
|
return pkey->pkey._name; }
|
@@ -254,4 +210,29 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
254
210
|
} while (0)
|
255
211
|
#endif
|
256
212
|
|
213
|
+
/* added in 3.0.0 */
|
214
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
|
215
|
+
# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
|
216
|
+
#endif
|
217
|
+
|
218
|
+
#ifndef HAVE_EVP_MD_CTX_GET0_MD
|
219
|
+
# define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
|
220
|
+
#endif
|
221
|
+
|
222
|
+
/*
|
223
|
+
* OpenSSL 1.1.0 added EVP_MD_CTX_pkey_ctx(), and then it was renamed to
|
224
|
+
* EVP_MD_CTX_get_pkey_ctx(x) in OpenSSL 3.0.
|
225
|
+
*/
|
226
|
+
#ifndef HAVE_EVP_MD_CTX_GET_PKEY_CTX
|
227
|
+
# ifdef HAVE_EVP_MD_CTX_PKEY_CTX
|
228
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) EVP_MD_CTX_pkey_ctx(x)
|
229
|
+
# else
|
230
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) (x)->pctx
|
231
|
+
# endif
|
232
|
+
#endif
|
233
|
+
|
234
|
+
#ifndef HAVE_EVP_PKEY_EQ
|
235
|
+
# define EVP_PKEY_eq(a, b) EVP_PKEY_cmp(a, b)
|
236
|
+
#endif
|
237
|
+
|
257
238
|
#endif /* _OSSL_OPENSSL_MISSING_H_ */
|
data/ext/openssl/ossl.c
CHANGED
@@ -9,13 +9,19 @@
|
|
9
9
|
*/
|
10
10
|
#include "ossl.h"
|
11
11
|
#include <stdarg.h> /* for ossl_raise */
|
12
|
-
|
12
|
+
|
13
|
+
/* OpenSSL >= 1.1.0 and LibreSSL >= 2.9.0 */
|
14
|
+
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER >= 0x10100000
|
15
|
+
# define HAVE_OPENSSL_110_THREADING_API
|
16
|
+
#else
|
17
|
+
# include <ruby/thread_native.h>
|
18
|
+
#endif
|
13
19
|
|
14
20
|
/*
|
15
21
|
* Data Conversion
|
16
22
|
*/
|
17
23
|
#define OSSL_IMPL_ARY2SK(name, type, expected_class, dup) \
|
18
|
-
|
24
|
+
VALUE \
|
19
25
|
ossl_##name##_ary2sk0(VALUE ary) \
|
20
26
|
{ \
|
21
27
|
STACK_OF(type) *sk; \
|
@@ -37,7 +43,7 @@ ossl_##name##_ary2sk0(VALUE ary) \
|
|
37
43
|
x = dup(val); /* NEED TO DUP */ \
|
38
44
|
sk_##type##_push(sk, x); \
|
39
45
|
} \
|
40
|
-
return sk;
|
46
|
+
return (VALUE)sk; \
|
41
47
|
} \
|
42
48
|
\
|
43
49
|
STACK_OF(type) * \
|
@@ -262,15 +268,11 @@ ossl_to_der_if_possible(VALUE obj)
|
|
262
268
|
/*
|
263
269
|
* Errors
|
264
270
|
*/
|
265
|
-
|
266
|
-
ossl_make_error(VALUE exc,
|
271
|
+
VALUE
|
272
|
+
ossl_make_error(VALUE exc, VALUE str)
|
267
273
|
{
|
268
|
-
VALUE str = Qnil;
|
269
274
|
unsigned long e;
|
270
275
|
|
271
|
-
if (fmt) {
|
272
|
-
str = rb_vsprintf(fmt, args);
|
273
|
-
}
|
274
276
|
e = ERR_peek_last_error();
|
275
277
|
if (e) {
|
276
278
|
const char *msg = ERR_reason_error_string(e);
|
@@ -294,37 +296,48 @@ ossl_raise(VALUE exc, const char *fmt, ...)
|
|
294
296
|
{
|
295
297
|
va_list args;
|
296
298
|
VALUE err;
|
297
|
-
|
298
|
-
|
299
|
-
|
300
|
-
|
299
|
+
|
300
|
+
if (fmt) {
|
301
|
+
va_start(args, fmt);
|
302
|
+
err = rb_vsprintf(fmt, args);
|
303
|
+
va_end(args);
|
304
|
+
}
|
305
|
+
else {
|
306
|
+
err = Qnil;
|
307
|
+
}
|
308
|
+
|
309
|
+
rb_exc_raise(ossl_make_error(exc, err));
|
301
310
|
}
|
302
311
|
|
303
312
|
void
|
304
313
|
ossl_clear_error(void)
|
305
314
|
{
|
306
315
|
if (dOSSL == Qtrue) {
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
316
|
+
unsigned long e;
|
317
|
+
const char *file, *data, *func, *lib, *reason;
|
318
|
+
char append[256] = "";
|
319
|
+
int line, flags;
|
320
|
+
|
321
|
+
#ifdef HAVE_ERR_GET_ERROR_ALL
|
322
|
+
while ((e = ERR_get_error_all(&file, &line, &func, &data, &flags))) {
|
323
|
+
#else
|
324
|
+
while ((e = ERR_get_error_line_data(&file, &line, &data, &flags))) {
|
325
|
+
func = ERR_func_error_string(e);
|
326
|
+
#endif
|
327
|
+
lib = ERR_lib_error_string(e);
|
328
|
+
reason = ERR_reason_error_string(e);
|
329
|
+
|
330
|
+
if (flags & ERR_TXT_STRING) {
|
331
|
+
if (!data)
|
332
|
+
data = "(null)";
|
333
|
+
snprintf(append, sizeof(append), " (%s)", data);
|
334
|
+
}
|
335
|
+
rb_warn("error on stack: error:%08lX:%s:%s:%s%s", e, lib ? lib : "",
|
336
|
+
func ? func : "", reason ? reason : "", append);
|
337
|
+
}
|
325
338
|
}
|
326
339
|
else {
|
327
|
-
|
340
|
+
ERR_clear_error();
|
328
341
|
}
|
329
342
|
}
|
330
343
|
|
@@ -386,7 +399,7 @@ ossl_debug_get(VALUE self)
|
|
386
399
|
* call-seq:
|
387
400
|
* OpenSSL.debug = boolean -> boolean
|
388
401
|
*
|
389
|
-
* Turns on or off debug mode. With debug mode, all
|
402
|
+
* Turns on or off debug mode. With debug mode, all errors added to the OpenSSL
|
390
403
|
* error queue will be printed to stderr.
|
391
404
|
*/
|
392
405
|
static VALUE
|
@@ -497,8 +510,11 @@ print_mem_leaks(VALUE self)
|
|
497
510
|
int ret;
|
498
511
|
#endif
|
499
512
|
|
500
|
-
|
501
|
-
|
513
|
+
#ifndef HAVE_RB_EXT_RACTOR_SAFE
|
514
|
+
// for Ruby 2.x
|
515
|
+
void ossl_bn_ctx_free(void); // ossl_bn.c
|
516
|
+
ossl_bn_ctx_free();
|
517
|
+
#endif
|
502
518
|
|
503
519
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
504
520
|
ret = CRYPTO_mem_leaks_fp(stderr);
|
@@ -664,7 +680,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
664
680
|
* ahold of the key may use it unless it is encrypted. In order to securely
|
665
681
|
* export a key you may export it with a pass phrase.
|
666
682
|
*
|
667
|
-
* cipher = OpenSSL::Cipher.new '
|
683
|
+
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
|
668
684
|
* pass_phrase = 'my secure pass phrase goes here'
|
669
685
|
*
|
670
686
|
* key_secure = key.export cipher, pass_phrase
|
@@ -679,13 +695,13 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
679
695
|
*
|
680
696
|
* A key can also be loaded from a file.
|
681
697
|
*
|
682
|
-
* key2 = OpenSSL::PKey
|
698
|
+
* key2 = OpenSSL::PKey.read File.read 'private_key.pem'
|
683
699
|
* key2.public? # => true
|
684
700
|
* key2.private? # => true
|
685
701
|
*
|
686
702
|
* or
|
687
703
|
*
|
688
|
-
* key3 = OpenSSL::PKey
|
704
|
+
* key3 = OpenSSL::PKey.read File.read 'public_key.pem'
|
689
705
|
* key3.public? # => true
|
690
706
|
* key3.private? # => false
|
691
707
|
*
|
@@ -697,7 +713,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
697
713
|
*
|
698
714
|
* key4_pem = File.read 'private.secure.pem'
|
699
715
|
* pass_phrase = 'my secure pass phrase goes here'
|
700
|
-
* key4 = OpenSSL::PKey
|
716
|
+
* key4 = OpenSSL::PKey.read key4_pem, pass_phrase
|
701
717
|
*
|
702
718
|
* == RSA Encryption
|
703
719
|
*
|
@@ -772,7 +788,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
772
788
|
* using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt,
|
773
789
|
* the number of iterations largely depends on the hardware being used.
|
774
790
|
*
|
775
|
-
* cipher = OpenSSL::Cipher.new '
|
791
|
+
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
|
776
792
|
* cipher.encrypt
|
777
793
|
* iv = cipher.random_iv
|
778
794
|
*
|
@@ -795,7 +811,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
795
811
|
* Use the same steps as before to derive the symmetric AES key, this time
|
796
812
|
* setting the Cipher up for decryption.
|
797
813
|
*
|
798
|
-
* cipher = OpenSSL::Cipher.new '
|
814
|
+
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
|
799
815
|
* cipher.decrypt
|
800
816
|
* cipher.iv = iv # the one generated with #random_iv
|
801
817
|
*
|
@@ -830,7 +846,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
830
846
|
*
|
831
847
|
* First set up the cipher for encryption
|
832
848
|
*
|
833
|
-
* encryptor = OpenSSL::Cipher.new '
|
849
|
+
* encryptor = OpenSSL::Cipher.new 'aes-256-cbc'
|
834
850
|
* encryptor.encrypt
|
835
851
|
* encryptor.pkcs5_keyivgen pass_phrase, salt
|
836
852
|
*
|
@@ -843,7 +859,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
843
859
|
*
|
844
860
|
* Use a new Cipher instance set up for decryption
|
845
861
|
*
|
846
|
-
* decryptor = OpenSSL::Cipher.new '
|
862
|
+
* decryptor = OpenSSL::Cipher.new 'aes-256-cbc'
|
847
863
|
* decryptor.decrypt
|
848
864
|
* decryptor.pkcs5_keyivgen pass_phrase, salt
|
849
865
|
*
|
@@ -931,7 +947,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
931
947
|
* ca_key = OpenSSL::PKey::RSA.new 2048
|
932
948
|
* pass_phrase = 'my secure pass phrase goes here'
|
933
949
|
*
|
934
|
-
* cipher = OpenSSL::Cipher.new '
|
950
|
+
* cipher = OpenSSL::Cipher.new 'aes-256-cbc'
|
935
951
|
*
|
936
952
|
* open 'ca_key.pem', 'w', 0400 do |io|
|
937
953
|
* io.write ca_key.export(cipher, pass_phrase)
|
@@ -1069,13 +1085,13 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
1069
1085
|
* loop do
|
1070
1086
|
* ssl_connection = ssl_server.accept
|
1071
1087
|
*
|
1072
|
-
* data =
|
1088
|
+
* data = ssl_connection.gets
|
1073
1089
|
*
|
1074
1090
|
* response = "I got #{data.dump}"
|
1075
1091
|
* puts response
|
1076
1092
|
*
|
1077
|
-
*
|
1078
|
-
*
|
1093
|
+
* ssl_connection.puts "I got #{data.dump}"
|
1094
|
+
* ssl_connection.close
|
1079
1095
|
* end
|
1080
1096
|
*
|
1081
1097
|
* === SSL client
|
@@ -1126,6 +1142,10 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2)
|
|
1126
1142
|
void
|
1127
1143
|
Init_openssl(void)
|
1128
1144
|
{
|
1145
|
+
#ifdef HAVE_RB_EXT_RACTOR_SAFE
|
1146
|
+
rb_ext_ractor_safe(true);
|
1147
|
+
#endif
|
1148
|
+
|
1129
1149
|
#undef rb_intern
|
1130
1150
|
/*
|
1131
1151
|
* Init timezone info
|
data/ext/openssl/ossl.h
CHANGED
@@ -18,22 +18,19 @@
|
|
18
18
|
#include <ruby/io.h>
|
19
19
|
#include <ruby/thread.h>
|
20
20
|
#include <openssl/opensslv.h>
|
21
|
+
|
21
22
|
#include <openssl/err.h>
|
22
23
|
#include <openssl/asn1.h>
|
23
24
|
#include <openssl/x509v3.h>
|
24
25
|
#include <openssl/ssl.h>
|
25
26
|
#include <openssl/pkcs12.h>
|
26
27
|
#include <openssl/pkcs7.h>
|
27
|
-
#include <openssl/hmac.h>
|
28
28
|
#include <openssl/rand.h>
|
29
29
|
#include <openssl/conf.h>
|
30
30
|
#ifndef OPENSSL_NO_TS
|
31
31
|
#include <openssl/ts.h>
|
32
32
|
#endif
|
33
33
|
#include <openssl/crypto.h>
|
34
|
-
#if !defined(OPENSSL_NO_ENGINE)
|
35
|
-
# include <openssl/engine.h>
|
36
|
-
#endif
|
37
34
|
#if !defined(OPENSSL_NO_OCSP)
|
38
35
|
# include <openssl/ocsp.h>
|
39
36
|
#endif
|
@@ -43,6 +40,28 @@
|
|
43
40
|
#include <openssl/evp.h>
|
44
41
|
#include <openssl/dh.h>
|
45
42
|
|
43
|
+
#ifndef LIBRESSL_VERSION_NUMBER
|
44
|
+
# define OSSL_IS_LIBRESSL 0
|
45
|
+
# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
|
46
|
+
(OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
|
47
|
+
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
|
48
|
+
#else
|
49
|
+
# define OSSL_IS_LIBRESSL 1
|
50
|
+
# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
|
51
|
+
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
|
52
|
+
(LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
|
53
|
+
#endif
|
54
|
+
|
55
|
+
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
|
56
|
+
# define OSSL_3_const const
|
57
|
+
#else
|
58
|
+
# define OSSL_3_const /* const */
|
59
|
+
#endif
|
60
|
+
|
61
|
+
#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
|
62
|
+
# define OSSL_USE_ENGINE
|
63
|
+
#endif
|
64
|
+
|
46
65
|
/*
|
47
66
|
* Common Module
|
48
67
|
*/
|
@@ -121,7 +140,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
|
|
121
140
|
/*
|
122
141
|
* ERRor messages
|
123
142
|
*/
|
124
|
-
NORETURN(void ossl_raise(VALUE, const char *, ...));
|
143
|
+
PRINTF_ARGS(NORETURN(void ossl_raise(VALUE, const char *, ...)), 2, 3);
|
144
|
+
/* Make exception instance from str and OpenSSL error reason string. */
|
145
|
+
VALUE ossl_make_error(VALUE exc, VALUE str);
|
125
146
|
/* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
|
126
147
|
void ossl_clear_error(void);
|
127
148
|
|
@@ -154,7 +175,6 @@ void ossl_debug(const char *, ...);
|
|
154
175
|
* Include all parts
|
155
176
|
*/
|
156
177
|
#include "openssl_missing.h"
|
157
|
-
#include "ruby_missing.h"
|
158
178
|
#include "ossl_asn1.h"
|
159
179
|
#include "ossl_bio.h"
|
160
180
|
#include "ossl_bn.h"
|
data/ext/openssl/ossl_asn1.c
CHANGED
@@ -69,6 +69,12 @@ asn1time_to_time(const ASN1_TIME *time)
|
|
69
69
|
return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
|
70
70
|
}
|
71
71
|
|
72
|
+
static VALUE
|
73
|
+
asn1time_to_time_i(VALUE arg)
|
74
|
+
{
|
75
|
+
return asn1time_to_time((ASN1_TIME *)arg);
|
76
|
+
}
|
77
|
+
|
72
78
|
void
|
73
79
|
ossl_time_split(VALUE time, time_t *sec, int *days)
|
74
80
|
{
|
@@ -136,6 +142,12 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
|
|
136
142
|
return ai;
|
137
143
|
}
|
138
144
|
|
145
|
+
static VALUE
|
146
|
+
asn1integer_to_num_i(VALUE arg)
|
147
|
+
{
|
148
|
+
return asn1integer_to_num((ASN1_INTEGER *)arg);
|
149
|
+
}
|
150
|
+
|
139
151
|
/********/
|
140
152
|
/*
|
141
153
|
* ASN1 module
|
@@ -325,7 +337,7 @@ decode_int(unsigned char* der, long length)
|
|
325
337
|
p = der;
|
326
338
|
if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
|
327
339
|
ossl_raise(eASN1Error, NULL);
|
328
|
-
ret = rb_protect(
|
340
|
+
ret = rb_protect(asn1integer_to_num_i,
|
329
341
|
(VALUE)ai, &status);
|
330
342
|
ASN1_INTEGER_free(ai);
|
331
343
|
if(status) rb_jump_tag(status);
|
@@ -365,7 +377,7 @@ decode_enum(unsigned char* der, long length)
|
|
365
377
|
p = der;
|
366
378
|
if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
|
367
379
|
ossl_raise(eASN1Error, NULL);
|
368
|
-
ret = rb_protect(
|
380
|
+
ret = rb_protect(asn1integer_to_num_i,
|
369
381
|
(VALUE)ai, &status);
|
370
382
|
ASN1_ENUMERATED_free(ai);
|
371
383
|
if(status) rb_jump_tag(status);
|
@@ -427,7 +439,7 @@ decode_time(unsigned char* der, long length)
|
|
427
439
|
p = der;
|
428
440
|
if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
|
429
441
|
ossl_raise(eASN1Error, NULL);
|
430
|
-
ret = rb_protect(
|
442
|
+
ret = rb_protect(asn1time_to_time_i,
|
431
443
|
(VALUE)time, &status);
|
432
444
|
ASN1_TIME_free(time);
|
433
445
|
if(status) rb_jump_tag(status);
|
@@ -497,7 +509,8 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
497
509
|
ASN1_TYPE *ret;
|
498
510
|
VALUE value, rflag;
|
499
511
|
void *ptr;
|
500
|
-
void (*
|
512
|
+
typedef void free_func_type(void *);
|
513
|
+
free_func_type *free_func;
|
501
514
|
int tag;
|
502
515
|
|
503
516
|
tag = ossl_asn1_default_tag(obj);
|
@@ -510,16 +523,16 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
510
523
|
case V_ASN1_INTEGER: /* FALLTHROUGH */
|
511
524
|
case V_ASN1_ENUMERATED:
|
512
525
|
ptr = obj_to_asn1int(value);
|
513
|
-
free_func = ASN1_INTEGER_free;
|
526
|
+
free_func = (free_func_type *)ASN1_INTEGER_free;
|
514
527
|
break;
|
515
528
|
case V_ASN1_BIT_STRING:
|
516
529
|
rflag = rb_attr_get(obj, sivUNUSED_BITS);
|
517
530
|
ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
|
518
|
-
free_func = ASN1_BIT_STRING_free;
|
531
|
+
free_func = (free_func_type *)ASN1_BIT_STRING_free;
|
519
532
|
break;
|
520
533
|
case V_ASN1_NULL:
|
521
534
|
ptr = obj_to_asn1null(value);
|
522
|
-
free_func = ASN1_NULL_free;
|
535
|
+
free_func = (free_func_type *)ASN1_NULL_free;
|
523
536
|
break;
|
524
537
|
case V_ASN1_OCTET_STRING: /* FALLTHROUGH */
|
525
538
|
case V_ASN1_UTF8STRING: /* FALLTHROUGH */
|
@@ -534,24 +547,24 @@ ossl_asn1_get_asn1type(VALUE obj)
|
|
534
547
|
case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
|
535
548
|
case V_ASN1_BMPSTRING:
|
536
549
|
ptr = obj_to_asn1str(value);
|
537
|
-
free_func = ASN1_STRING_free;
|
550
|
+
free_func = (free_func_type *)ASN1_STRING_free;
|
538
551
|
break;
|
539
552
|
case V_ASN1_OBJECT:
|
540
553
|
ptr = obj_to_asn1obj(value);
|
541
|
-
free_func = ASN1_OBJECT_free;
|
554
|
+
free_func = (free_func_type *)ASN1_OBJECT_free;
|
542
555
|
break;
|
543
556
|
case V_ASN1_UTCTIME:
|
544
557
|
ptr = obj_to_asn1utime(value);
|
545
|
-
free_func = ASN1_TIME_free;
|
558
|
+
free_func = (free_func_type *)ASN1_TIME_free;
|
546
559
|
break;
|
547
560
|
case V_ASN1_GENERALIZEDTIME:
|
548
561
|
ptr = obj_to_asn1gtime(value);
|
549
|
-
free_func = ASN1_TIME_free;
|
562
|
+
free_func = (free_func_type *)ASN1_TIME_free;
|
550
563
|
break;
|
551
564
|
case V_ASN1_SET: /* FALLTHROUGH */
|
552
565
|
case V_ASN1_SEQUENCE:
|
553
566
|
ptr = obj_to_asn1derstr(obj);
|
554
|
-
free_func = ASN1_STRING_free;
|
567
|
+
free_func = (free_func_type *)ASN1_STRING_free;
|
555
568
|
break;
|
556
569
|
default:
|
557
570
|
ossl_raise(eASN1Error, "unsupported ASN.1 type");
|
@@ -1510,7 +1523,7 @@ Init_ossl_asn1(void)
|
|
1510
1523
|
*
|
1511
1524
|
* An Array that stores the name of a given tag number. These names are
|
1512
1525
|
* the same as the name of the tag constant that is additionally defined,
|
1513
|
-
* e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2
|
1526
|
+
* e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
|
1514
1527
|
*
|
1515
1528
|
* == Example usage
|
1516
1529
|
*
|