openssl 2.2.1 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +32 -44
  3. data/History.md +103 -1
  4. data/ext/openssl/extconf.rb +24 -26
  5. data/ext/openssl/openssl_missing.c +0 -66
  6. data/ext/openssl/openssl_missing.h +26 -45
  7. data/ext/openssl/ossl.c +59 -46
  8. data/ext/openssl/ossl.h +20 -6
  9. data/ext/openssl/ossl_asn1.c +16 -4
  10. data/ext/openssl/ossl_bn.c +188 -126
  11. data/ext/openssl/ossl_cipher.c +11 -11
  12. data/ext/openssl/ossl_config.c +412 -41
  13. data/ext/openssl/ossl_config.h +4 -7
  14. data/ext/openssl/ossl_digest.c +9 -9
  15. data/ext/openssl/ossl_engine.c +16 -15
  16. data/ext/openssl/ossl_hmac.c +48 -135
  17. data/ext/openssl/ossl_kdf.c +8 -0
  18. data/ext/openssl/ossl_ocsp.c +3 -51
  19. data/ext/openssl/ossl_pkcs12.c +21 -3
  20. data/ext/openssl/ossl_pkcs7.c +42 -59
  21. data/ext/openssl/ossl_pkey.c +1102 -191
  22. data/ext/openssl/ossl_pkey.h +35 -72
  23. data/ext/openssl/ossl_pkey_dh.c +124 -334
  24. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  25. data/ext/openssl/ossl_pkey_ec.c +126 -318
  26. data/ext/openssl/ossl_pkey_rsa.c +100 -487
  27. data/ext/openssl/ossl_ssl.c +256 -355
  28. data/ext/openssl/ossl_ssl_session.c +24 -29
  29. data/ext/openssl/ossl_ts.c +35 -20
  30. data/ext/openssl/ossl_x509.c +0 -6
  31. data/ext/openssl/ossl_x509cert.c +164 -8
  32. data/ext/openssl/ossl_x509crl.c +10 -7
  33. data/ext/openssl/ossl_x509ext.c +1 -2
  34. data/ext/openssl/ossl_x509name.c +9 -2
  35. data/ext/openssl/ossl_x509req.c +10 -7
  36. data/ext/openssl/ossl_x509store.c +154 -70
  37. data/lib/openssl/buffering.rb +9 -0
  38. data/lib/openssl/hmac.rb +65 -0
  39. data/lib/openssl/pkey.rb +417 -0
  40. data/lib/openssl/ssl.rb +7 -7
  41. data/lib/openssl/version.rb +1 -1
  42. data/lib/openssl/x509.rb +22 -0
  43. data/lib/openssl.rb +0 -1
  44. metadata +4 -76
  45. data/ext/openssl/ruby_missing.h +0 -24
  46. data/lib/openssl/config.rb +0 -501
@@ -52,8 +52,15 @@ struct ossl_verify_cb_args {
52
52
  };
53
53
 
54
54
  static VALUE
55
- call_verify_cb_proc(struct ossl_verify_cb_args *args)
55
+ ossl_x509stctx_new_i(VALUE arg)
56
56
  {
57
+ return ossl_x509stctx_new((X509_STORE_CTX *)arg);
58
+ }
59
+
60
+ static VALUE
61
+ call_verify_cb_proc(VALUE arg)
62
+ {
63
+ struct ossl_verify_cb_args *args = (struct ossl_verify_cb_args *)arg;
57
64
  return rb_funcall(args->proc, rb_intern("call"), 2,
58
65
  args->preverify_ok, args->store_ctx);
59
66
  }
@@ -69,7 +76,7 @@ ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
69
76
  return ok;
70
77
 
71
78
  ret = Qfalse;
72
- rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state);
79
+ rctx = rb_protect(ossl_x509stctx_new_i, (VALUE)ctx, &state);
73
80
  if (state) {
74
81
  rb_set_errinfo(Qnil);
75
82
  rb_warn("StoreContext initialization failure");
@@ -78,7 +85,7 @@ ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
78
85
  args.proc = proc;
79
86
  args.preverify_ok = ok ? Qtrue : Qfalse;
80
87
  args.store_ctx = rctx;
81
- ret = rb_protect((VALUE(*)(VALUE))call_verify_cb_proc, (VALUE)&args, &state);
88
+ ret = rb_protect(call_verify_cb_proc, (VALUE)&args, &state);
82
89
  if (state) {
83
90
  rb_set_errinfo(Qnil);
84
91
  rb_warn("exception in verify_callback is ignored");
@@ -164,9 +171,8 @@ ossl_x509store_alloc(VALUE klass)
164
171
  VALUE obj;
165
172
 
166
173
  obj = NewX509Store(klass);
167
- if((store = X509_STORE_new()) == NULL){
168
- ossl_raise(eX509StoreError, NULL);
169
- }
174
+ if ((store = X509_STORE_new()) == NULL)
175
+ ossl_raise(eX509StoreError, "X509_STORE_new");
170
176
  SetX509Store(obj, store);
171
177
 
172
178
  return obj;
@@ -199,8 +205,9 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
199
205
  {
200
206
  X509_STORE *store;
201
207
 
202
- /* BUG: This method takes any number of arguments but appears to ignore them. */
203
208
  GetX509Store(self, store);
209
+ if (argc != 0)
210
+ rb_warn("OpenSSL::X509::Store.new does not take any arguments");
204
211
  #if !defined(HAVE_OPAQUE_OPENSSL)
205
212
  /* [Bug #405] [Bug #1678] [Bug #3000]; already fixed? */
206
213
  store->ex_data.sk = NULL;
@@ -221,8 +228,16 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
221
228
  * call-seq:
222
229
  * store.flags = flags
223
230
  *
224
- * Sets _flags_ to the Store. _flags_ consists of zero or more of the constants
225
- * defined in with name V_FLAG_* or'ed together.
231
+ * Sets the default flags used by certificate chain verification performed with
232
+ * the Store.
233
+ *
234
+ * _flags_ consists of zero or more of the constants defined in OpenSSL::X509
235
+ * with name V_FLAG_* or'ed together.
236
+ *
237
+ * OpenSSL::X509::StoreContext#flags= can be used to change the flags for a
238
+ * single verification operation.
239
+ *
240
+ * See also the man page X509_VERIFY_PARAM_set_flags(3).
226
241
  */
227
242
  static VALUE
228
243
  ossl_x509store_set_flags(VALUE self, VALUE flags)
@@ -240,9 +255,9 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
240
255
  * call-seq:
241
256
  * store.purpose = purpose
242
257
  *
243
- * Sets the store's purpose to _purpose_. If specified, the verifications on
244
- * the store will check every untrusted certificate's extensions are consistent
245
- * with the purpose. The purpose is specified by constants:
258
+ * Sets the store's default verification purpose. If specified,
259
+ * the verifications on the store will check every certificate's extensions are
260
+ * consistent with the purpose. The purpose is specified by constants:
246
261
  *
247
262
  * * X509::PURPOSE_SSL_CLIENT
248
263
  * * X509::PURPOSE_SSL_SERVER
@@ -253,6 +268,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
253
268
  * * X509::PURPOSE_ANY
254
269
  * * X509::PURPOSE_OCSP_HELPER
255
270
  * * X509::PURPOSE_TIMESTAMP_SIGN
271
+ *
272
+ * OpenSSL::X509::StoreContext#purpose= can be used to change the value for a
273
+ * single verification operation.
274
+ *
275
+ * See also the man page X509_VERIFY_PARAM_set_purpose(3).
256
276
  */
257
277
  static VALUE
258
278
  ossl_x509store_set_purpose(VALUE self, VALUE purpose)
@@ -269,6 +289,14 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
269
289
  /*
270
290
  * call-seq:
271
291
  * store.trust = trust
292
+ *
293
+ * Sets the default trust settings used by the certificate verification with
294
+ * the store.
295
+ *
296
+ * OpenSSL::X509::StoreContext#trust= can be used to change the value for a
297
+ * single verification operation.
298
+ *
299
+ * See also the man page X509_VERIFY_PARAM_set_trust(3).
272
300
  */
273
301
  static VALUE
274
302
  ossl_x509store_set_trust(VALUE self, VALUE trust)
@@ -286,7 +314,13 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
286
314
  * call-seq:
287
315
  * store.time = time
288
316
  *
289
- * Sets the time to be used in verifications.
317
+ * Sets the time to be used in the certificate verifications with the store.
318
+ * By default, if not specified, the current system time is used.
319
+ *
320
+ * OpenSSL::X509::StoreContext#time= can be used to change the value for a
321
+ * single verification operation.
322
+ *
323
+ * See also the man page X509_VERIFY_PARAM_set_time(3).
290
324
  */
291
325
  static VALUE
292
326
  ossl_x509store_set_time(VALUE self, VALUE time)
@@ -302,23 +336,23 @@ ossl_x509store_set_time(VALUE self, VALUE time)
302
336
  * Adds the certificates in _file_ to the certificate store. _file_ is the path
303
337
  * to the file, and the file contains one or more certificates in PEM format
304
338
  * concatenated together.
339
+ *
340
+ * See also the man page X509_LOOKUP_file(3).
305
341
  */
306
342
  static VALUE
307
343
  ossl_x509store_add_file(VALUE self, VALUE file)
308
344
  {
309
345
  X509_STORE *store;
310
346
  X509_LOOKUP *lookup;
311
- char *path = NULL;
347
+ const char *path;
312
348
 
313
- if(file != Qnil){
314
- path = StringValueCStr(file);
315
- }
316
349
  GetX509Store(self, store);
350
+ path = StringValueCStr(file);
317
351
  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
318
- if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
319
- if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
320
- ossl_raise(eX509StoreError, NULL);
321
- }
352
+ if (!lookup)
353
+ ossl_raise(eX509StoreError, "X509_STORE_add_lookup");
354
+ if (X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1)
355
+ ossl_raise(eX509StoreError, "X509_LOOKUP_load_file");
322
356
  #if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
323
357
  /*
324
358
  * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
@@ -337,23 +371,23 @@ ossl_x509store_add_file(VALUE self, VALUE file)
337
371
  * store.add_path(path) -> self
338
372
  *
339
373
  * Adds _path_ as the hash dir to be looked up by the store.
374
+ *
375
+ * See also the man page X509_LOOKUP_hash_dir(3).
340
376
  */
341
377
  static VALUE
342
378
  ossl_x509store_add_path(VALUE self, VALUE dir)
343
379
  {
344
380
  X509_STORE *store;
345
381
  X509_LOOKUP *lookup;
346
- char *path = NULL;
382
+ const char *path;
347
383
 
348
- if(dir != Qnil){
349
- path = StringValueCStr(dir);
350
- }
351
384
  GetX509Store(self, store);
385
+ path = StringValueCStr(dir);
352
386
  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
353
- if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
354
- if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){
355
- ossl_raise(eX509StoreError, NULL);
356
- }
387
+ if (!lookup)
388
+ ossl_raise(eX509StoreError, "X509_STORE_add_lookup");
389
+ if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
390
+ ossl_raise(eX509StoreError, "X509_LOOKUP_add_dir");
357
391
 
358
392
  return self;
359
393
  }
@@ -368,6 +402,8 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
368
402
  *
369
403
  * * OpenSSL::X509::DEFAULT_CERT_FILE
370
404
  * * OpenSSL::X509::DEFAULT_CERT_DIR
405
+ *
406
+ * See also the man page X509_STORE_set_default_paths(3).
371
407
  */
372
408
  static VALUE
373
409
  ossl_x509store_set_default_paths(VALUE self)
@@ -375,18 +411,19 @@ ossl_x509store_set_default_paths(VALUE self)
375
411
  X509_STORE *store;
376
412
 
377
413
  GetX509Store(self, store);
378
- if (X509_STORE_set_default_paths(store) != 1){
379
- ossl_raise(eX509StoreError, NULL);
380
- }
414
+ if (X509_STORE_set_default_paths(store) != 1)
415
+ ossl_raise(eX509StoreError, "X509_STORE_set_default_paths");
381
416
 
382
417
  return Qnil;
383
418
  }
384
419
 
385
420
  /*
386
421
  * call-seq:
387
- * store.add_cert(cert)
422
+ * store.add_cert(cert) -> self
388
423
  *
389
424
  * Adds the OpenSSL::X509::Certificate _cert_ to the certificate store.
425
+ *
426
+ * See also the man page X509_STORE_add_cert(3).
390
427
  */
391
428
  static VALUE
392
429
  ossl_x509store_add_cert(VALUE self, VALUE arg)
@@ -396,9 +433,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
396
433
 
397
434
  cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
398
435
  GetX509Store(self, store);
399
- if (X509_STORE_add_cert(store, cert) != 1){
400
- ossl_raise(eX509StoreError, NULL);
401
- }
436
+ if (X509_STORE_add_cert(store, cert) != 1)
437
+ ossl_raise(eX509StoreError, "X509_STORE_add_cert");
402
438
 
403
439
  return self;
404
440
  }
@@ -408,6 +444,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
408
444
  * store.add_crl(crl) -> self
409
445
  *
410
446
  * Adds the OpenSSL::X509::CRL _crl_ to the store.
447
+ *
448
+ * See also the man page X509_STORE_add_crl(3).
411
449
  */
412
450
  static VALUE
413
451
  ossl_x509store_add_crl(VALUE self, VALUE arg)
@@ -417,9 +455,8 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
417
455
 
418
456
  crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
419
457
  GetX509Store(self, store);
420
- if (X509_STORE_add_crl(store, crl) != 1){
421
- ossl_raise(eX509StoreError, NULL);
422
- }
458
+ if (X509_STORE_add_crl(store, crl) != 1)
459
+ ossl_raise(eX509StoreError, "X509_STORE_add_crl");
423
460
 
424
461
  return self;
425
462
  }
@@ -499,9 +536,8 @@ ossl_x509stctx_alloc(VALUE klass)
499
536
  VALUE obj;
500
537
 
501
538
  obj = NewX509StCtx(klass);
502
- if((ctx = X509_STORE_CTX_new()) == NULL){
503
- ossl_raise(eX509StoreError, NULL);
504
- }
539
+ if ((ctx = X509_STORE_CTX_new()) == NULL)
540
+ ossl_raise(eX509StoreError, "X509_STORE_CTX_new");
505
541
  SetX509StCtx(obj, ctx);
506
542
 
507
543
  return obj;
@@ -567,6 +603,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
567
603
  /*
568
604
  * call-seq:
569
605
  * stctx.verify -> true | false
606
+ *
607
+ * Performs the certificate verification using the parameters set to _stctx_.
608
+ *
609
+ * See also the man page X509_verify_cert(3).
570
610
  */
571
611
  static VALUE
572
612
  ossl_x509stctx_verify(VALUE self)
@@ -579,48 +619,45 @@ ossl_x509stctx_verify(VALUE self)
579
619
 
580
620
  switch (X509_verify_cert(ctx)) {
581
621
  case 1:
582
- return Qtrue;
622
+ return Qtrue;
583
623
  case 0:
584
- ossl_clear_error();
585
- return Qfalse;
624
+ ossl_clear_error();
625
+ return Qfalse;
586
626
  default:
587
- ossl_raise(eX509CertError, NULL);
627
+ ossl_raise(eX509CertError, "X509_verify_cert");
588
628
  }
589
629
  }
590
630
 
591
631
  /*
592
632
  * call-seq:
593
- * stctx.chain -> Array of X509::Certificate
633
+ * stctx.chain -> nil | Array of X509::Certificate
634
+ *
635
+ * Returns the verified chain.
636
+ *
637
+ * See also the man page X509_STORE_CTX_set0_verified_chain(3).
594
638
  */
595
639
  static VALUE
596
640
  ossl_x509stctx_get_chain(VALUE self)
597
641
  {
598
642
  X509_STORE_CTX *ctx;
599
- STACK_OF(X509) *chain;
600
- X509 *x509;
601
- int i, num;
602
- VALUE ary;
643
+ const STACK_OF(X509) *chain;
603
644
 
604
645
  GetX509StCtx(self, ctx);
605
- if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){
606
- return Qnil;
607
- }
608
- if((num = sk_X509_num(chain)) < 0){
609
- OSSL_Debug("certs in chain < 0???");
610
- return rb_ary_new();
611
- }
612
- ary = rb_ary_new2(num);
613
- for(i = 0; i < num; i++) {
614
- x509 = sk_X509_value(chain, i);
615
- rb_ary_push(ary, ossl_x509_new(x509));
616
- }
617
-
618
- return ary;
646
+ chain = X509_STORE_CTX_get0_chain(ctx);
647
+ if (!chain)
648
+ return Qnil; /* Could be an empty array instead? */
649
+ return ossl_x509_sk2ary(chain);
619
650
  }
620
651
 
621
652
  /*
622
653
  * call-seq:
623
654
  * stctx.error -> Integer
655
+ *
656
+ * Returns the error code of _stctx_. This is typically called after #verify
657
+ * is done, or from the verification callback set to
658
+ * OpenSSL::X509::Store#verify_callback=.
659
+ *
660
+ * See also the man page X509_STORE_CTX_get_error(3).
624
661
  */
625
662
  static VALUE
626
663
  ossl_x509stctx_get_err(VALUE self)
@@ -635,6 +672,11 @@ ossl_x509stctx_get_err(VALUE self)
635
672
  /*
636
673
  * call-seq:
637
674
  * stctx.error = error_code
675
+ *
676
+ * Sets the error code of _stctx_. This is used by the verification callback
677
+ * set to OpenSSL::X509::Store#verify_callback=.
678
+ *
679
+ * See also the man page X509_STORE_CTX_set_error(3).
638
680
  */
639
681
  static VALUE
640
682
  ossl_x509stctx_set_error(VALUE self, VALUE err)
@@ -651,7 +693,10 @@ ossl_x509stctx_set_error(VALUE self, VALUE err)
651
693
  * call-seq:
652
694
  * stctx.error_string -> String
653
695
  *
654
- * Returns the error string corresponding to the error code retrieved by #error.
696
+ * Returns the human readable error string corresponding to the error code
697
+ * retrieved by #error.
698
+ *
699
+ * See also the man page X509_verify_cert_error_string(3).
655
700
  */
656
701
  static VALUE
657
702
  ossl_x509stctx_get_err_string(VALUE self)
@@ -668,6 +713,10 @@ ossl_x509stctx_get_err_string(VALUE self)
668
713
  /*
669
714
  * call-seq:
670
715
  * stctx.error_depth -> Integer
716
+ *
717
+ * Returns the depth of the chain. This is used in combination with #error.
718
+ *
719
+ * See also the man page X509_STORE_CTX_get_error_depth(3).
671
720
  */
672
721
  static VALUE
673
722
  ossl_x509stctx_get_err_depth(VALUE self)
@@ -682,6 +731,10 @@ ossl_x509stctx_get_err_depth(VALUE self)
682
731
  /*
683
732
  * call-seq:
684
733
  * stctx.current_cert -> X509::Certificate
734
+ *
735
+ * Returns the certificate which caused the error.
736
+ *
737
+ * See also the man page X509_STORE_CTX_get_current_cert(3).
685
738
  */
686
739
  static VALUE
687
740
  ossl_x509stctx_get_curr_cert(VALUE self)
@@ -696,6 +749,10 @@ ossl_x509stctx_get_curr_cert(VALUE self)
696
749
  /*
697
750
  * call-seq:
698
751
  * stctx.current_crl -> X509::CRL
752
+ *
753
+ * Returns the CRL which caused the error.
754
+ *
755
+ * See also the man page X509_STORE_CTX_get_current_crl(3).
699
756
  */
700
757
  static VALUE
701
758
  ossl_x509stctx_get_curr_crl(VALUE self)
@@ -715,7 +772,10 @@ ossl_x509stctx_get_curr_crl(VALUE self)
715
772
  * call-seq:
716
773
  * stctx.flags = flags
717
774
  *
718
- * Sets the verification flags to the context. See Store#flags=.
775
+ * Sets the verification flags to the context. This overrides the default value
776
+ * set by Store#flags=.
777
+ *
778
+ * See also the man page X509_VERIFY_PARAM_set_flags(3).
719
779
  */
720
780
  static VALUE
721
781
  ossl_x509stctx_set_flags(VALUE self, VALUE flags)
@@ -733,7 +793,10 @@ ossl_x509stctx_set_flags(VALUE self, VALUE flags)
733
793
  * call-seq:
734
794
  * stctx.purpose = purpose
735
795
  *
736
- * Sets the purpose of the context. See Store#purpose=.
796
+ * Sets the purpose of the context. This overrides the default value set by
797
+ * Store#purpose=.
798
+ *
799
+ * See also the man page X509_VERIFY_PARAM_set_purpose(3).
737
800
  */
738
801
  static VALUE
739
802
  ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
@@ -750,6 +813,11 @@ ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
750
813
  /*
751
814
  * call-seq:
752
815
  * stctx.trust = trust
816
+ *
817
+ * Sets the trust settings of the context. This overrides the default value set
818
+ * by Store#trust=.
819
+ *
820
+ * See also the man page X509_VERIFY_PARAM_set_trust(3).
753
821
  */
754
822
  static VALUE
755
823
  ossl_x509stctx_set_trust(VALUE self, VALUE trust)
@@ -768,6 +836,8 @@ ossl_x509stctx_set_trust(VALUE self, VALUE trust)
768
836
  * stctx.time = time
769
837
  *
770
838
  * Sets the time used in the verification. If not set, the current time is used.
839
+ *
840
+ * See also the man page X509_VERIFY_PARAM_set_time(3).
771
841
  */
772
842
  static VALUE
773
843
  ossl_x509stctx_set_time(VALUE self, VALUE time)
@@ -843,23 +913,37 @@ Init_ossl_x509store(void)
843
913
  cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
844
914
  /*
845
915
  * The callback for additional certificate verification. It is invoked for
846
- * each untrusted certificate in the chain.
916
+ * each certificate in the chain and can be used to implement custom
917
+ * certificate verification conditions.
847
918
  *
848
919
  * The callback is invoked with two values, a boolean that indicates if the
849
920
  * pre-verification by OpenSSL has succeeded or not, and the StoreContext in
850
- * use. The callback must return either true or false.
921
+ * use.
922
+ *
923
+ * The callback can use StoreContext#error= to change the error code as
924
+ * needed. The callback must return either true or false.
925
+ *
926
+ * NOTE: any exception raised within the callback will be ignored.
927
+ *
928
+ * See also the man page X509_STORE_CTX_set_verify_cb(3).
851
929
  */
852
930
  rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
853
931
  /*
854
932
  * The error code set by the last call of #verify.
933
+ *
934
+ * See also StoreContext#error.
855
935
  */
856
936
  rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
857
937
  /*
858
938
  * The description for the error code set by the last call of #verify.
939
+ *
940
+ * See also StoreContext#error_string.
859
941
  */
860
942
  rb_attr(cX509Store, rb_intern("error_string"), 1, 0, Qfalse);
861
943
  /*
862
944
  * The certificate chain constructed by the last call of #verify.
945
+ *
946
+ * See also StoreContext#chain.
863
947
  */
864
948
  rb_attr(cX509Store, rb_intern("chain"), 1, 0, Qfalse);
865
949
  rb_define_alloc_func(cX509Store, ossl_x509store_alloc);
@@ -101,6 +101,15 @@ module OpenSSL::Buffering
101
101
 
102
102
  public
103
103
 
104
+ # call-seq:
105
+ # ssl.getbyte => 81
106
+ #
107
+ # Get the next 8bit byte from `ssl`. Returns `nil` on EOF
108
+ def getbyte
109
+ byte = read(1)
110
+ byte && byte.unpack1("C")
111
+ end
112
+
104
113
  ##
105
114
  # Reads _size_ bytes from the stream. If _buf_ is provided it must
106
115
  # reference a string which will receive the data.
data/lib/openssl/hmac.rb CHANGED
@@ -9,5 +9,70 @@ module OpenSSL
9
9
 
10
10
  OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
11
11
  end
12
+
13
+ # :call-seq:
14
+ # hmac.base64digest -> string
15
+ #
16
+ # Returns the authentication code an a Base64-encoded string.
17
+ def base64digest
18
+ [digest].pack("m0")
19
+ end
20
+
21
+ class << self
22
+ # :call-seq:
23
+ # HMAC.digest(digest, key, data) -> aString
24
+ #
25
+ # Returns the authentication code as a binary string. The _digest_ parameter
26
+ # specifies the digest algorithm to use. This may be a String representing
27
+ # the algorithm name or an instance of OpenSSL::Digest.
28
+ #
29
+ # === Example
30
+ # key = 'key'
31
+ # data = 'The quick brown fox jumps over the lazy dog'
32
+ #
33
+ # hmac = OpenSSL::HMAC.digest('SHA1', key, data)
34
+ # #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
35
+ def digest(digest, key, data)
36
+ hmac = new(key, digest)
37
+ hmac << data
38
+ hmac.digest
39
+ end
40
+
41
+ # :call-seq:
42
+ # HMAC.hexdigest(digest, key, data) -> aString
43
+ #
44
+ # Returns the authentication code as a hex-encoded string. The _digest_
45
+ # parameter specifies the digest algorithm to use. This may be a String
46
+ # representing the algorithm name or an instance of OpenSSL::Digest.
47
+ #
48
+ # === Example
49
+ # key = 'key'
50
+ # data = 'The quick brown fox jumps over the lazy dog'
51
+ #
52
+ # hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
53
+ # #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
54
+ def hexdigest(digest, key, data)
55
+ hmac = new(key, digest)
56
+ hmac << data
57
+ hmac.hexdigest
58
+ end
59
+
60
+ # :call-seq:
61
+ # HMAC.base64digest(digest, key, data) -> aString
62
+ #
63
+ # Returns the authentication code as a Base64-encoded string. The _digest_
64
+ # parameter specifies the digest algorithm to use. This may be a String
65
+ # representing the algorithm name or an instance of OpenSSL::Digest.
66
+ #
67
+ # === Example
68
+ # key = 'key'
69
+ # data = 'The quick brown fox jumps over the lazy dog'
70
+ #
71
+ # hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
72
+ # #=> "3nybhbi3iqa8ino29wqQcBydtNk="
73
+ def base64digest(digest, key, data)
74
+ [digest(digest, key, data)].pack("m0")
75
+ end
76
+ end
12
77
  end
13
78
  end