openssl 2.2.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +32 -44
  3. data/History.md +103 -1
  4. data/ext/openssl/extconf.rb +24 -26
  5. data/ext/openssl/openssl_missing.c +0 -66
  6. data/ext/openssl/openssl_missing.h +26 -45
  7. data/ext/openssl/ossl.c +59 -46
  8. data/ext/openssl/ossl.h +20 -6
  9. data/ext/openssl/ossl_asn1.c +16 -4
  10. data/ext/openssl/ossl_bn.c +188 -126
  11. data/ext/openssl/ossl_cipher.c +11 -11
  12. data/ext/openssl/ossl_config.c +412 -41
  13. data/ext/openssl/ossl_config.h +4 -7
  14. data/ext/openssl/ossl_digest.c +9 -9
  15. data/ext/openssl/ossl_engine.c +16 -15
  16. data/ext/openssl/ossl_hmac.c +48 -135
  17. data/ext/openssl/ossl_kdf.c +8 -0
  18. data/ext/openssl/ossl_ocsp.c +3 -51
  19. data/ext/openssl/ossl_pkcs12.c +21 -3
  20. data/ext/openssl/ossl_pkcs7.c +42 -59
  21. data/ext/openssl/ossl_pkey.c +1102 -191
  22. data/ext/openssl/ossl_pkey.h +35 -72
  23. data/ext/openssl/ossl_pkey_dh.c +124 -334
  24. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  25. data/ext/openssl/ossl_pkey_ec.c +126 -318
  26. data/ext/openssl/ossl_pkey_rsa.c +100 -487
  27. data/ext/openssl/ossl_ssl.c +256 -355
  28. data/ext/openssl/ossl_ssl_session.c +24 -29
  29. data/ext/openssl/ossl_ts.c +35 -20
  30. data/ext/openssl/ossl_x509.c +0 -6
  31. data/ext/openssl/ossl_x509cert.c +164 -8
  32. data/ext/openssl/ossl_x509crl.c +10 -7
  33. data/ext/openssl/ossl_x509ext.c +1 -2
  34. data/ext/openssl/ossl_x509name.c +9 -2
  35. data/ext/openssl/ossl_x509req.c +10 -7
  36. data/ext/openssl/ossl_x509store.c +154 -70
  37. data/lib/openssl/buffering.rb +9 -0
  38. data/lib/openssl/hmac.rb +65 -0
  39. data/lib/openssl/pkey.rb +417 -0
  40. data/lib/openssl/ssl.rb +7 -7
  41. data/lib/openssl/version.rb +1 -1
  42. data/lib/openssl/x509.rb +22 -0
  43. data/lib/openssl.rb +0 -1
  44. metadata +4 -76
  45. data/ext/openssl/ruby_missing.h +0 -24
  46. data/lib/openssl/config.rb +0 -501
@@ -52,8 +52,15 @@ struct ossl_verify_cb_args {
52
52
  };
53
53
 
54
54
  static VALUE
55
- call_verify_cb_proc(struct ossl_verify_cb_args *args)
55
+ ossl_x509stctx_new_i(VALUE arg)
56
56
  {
57
+ return ossl_x509stctx_new((X509_STORE_CTX *)arg);
58
+ }
59
+
60
+ static VALUE
61
+ call_verify_cb_proc(VALUE arg)
62
+ {
63
+ struct ossl_verify_cb_args *args = (struct ossl_verify_cb_args *)arg;
57
64
  return rb_funcall(args->proc, rb_intern("call"), 2,
58
65
  args->preverify_ok, args->store_ctx);
59
66
  }
@@ -69,7 +76,7 @@ ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
69
76
  return ok;
70
77
 
71
78
  ret = Qfalse;
72
- rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state);
79
+ rctx = rb_protect(ossl_x509stctx_new_i, (VALUE)ctx, &state);
73
80
  if (state) {
74
81
  rb_set_errinfo(Qnil);
75
82
  rb_warn("StoreContext initialization failure");
@@ -78,7 +85,7 @@ ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
78
85
  args.proc = proc;
79
86
  args.preverify_ok = ok ? Qtrue : Qfalse;
80
87
  args.store_ctx = rctx;
81
- ret = rb_protect((VALUE(*)(VALUE))call_verify_cb_proc, (VALUE)&args, &state);
88
+ ret = rb_protect(call_verify_cb_proc, (VALUE)&args, &state);
82
89
  if (state) {
83
90
  rb_set_errinfo(Qnil);
84
91
  rb_warn("exception in verify_callback is ignored");
@@ -164,9 +171,8 @@ ossl_x509store_alloc(VALUE klass)
164
171
  VALUE obj;
165
172
 
166
173
  obj = NewX509Store(klass);
167
- if((store = X509_STORE_new()) == NULL){
168
- ossl_raise(eX509StoreError, NULL);
169
- }
174
+ if ((store = X509_STORE_new()) == NULL)
175
+ ossl_raise(eX509StoreError, "X509_STORE_new");
170
176
  SetX509Store(obj, store);
171
177
 
172
178
  return obj;
@@ -199,8 +205,9 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
199
205
  {
200
206
  X509_STORE *store;
201
207
 
202
- /* BUG: This method takes any number of arguments but appears to ignore them. */
203
208
  GetX509Store(self, store);
209
+ if (argc != 0)
210
+ rb_warn("OpenSSL::X509::Store.new does not take any arguments");
204
211
  #if !defined(HAVE_OPAQUE_OPENSSL)
205
212
  /* [Bug #405] [Bug #1678] [Bug #3000]; already fixed? */
206
213
  store->ex_data.sk = NULL;
@@ -221,8 +228,16 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
221
228
  * call-seq:
222
229
  * store.flags = flags
223
230
  *
224
- * Sets _flags_ to the Store. _flags_ consists of zero or more of the constants
225
- * defined in with name V_FLAG_* or'ed together.
231
+ * Sets the default flags used by certificate chain verification performed with
232
+ * the Store.
233
+ *
234
+ * _flags_ consists of zero or more of the constants defined in OpenSSL::X509
235
+ * with name V_FLAG_* or'ed together.
236
+ *
237
+ * OpenSSL::X509::StoreContext#flags= can be used to change the flags for a
238
+ * single verification operation.
239
+ *
240
+ * See also the man page X509_VERIFY_PARAM_set_flags(3).
226
241
  */
227
242
  static VALUE
228
243
  ossl_x509store_set_flags(VALUE self, VALUE flags)
@@ -240,9 +255,9 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
240
255
  * call-seq:
241
256
  * store.purpose = purpose
242
257
  *
243
- * Sets the store's purpose to _purpose_. If specified, the verifications on
244
- * the store will check every untrusted certificate's extensions are consistent
245
- * with the purpose. The purpose is specified by constants:
258
+ * Sets the store's default verification purpose. If specified,
259
+ * the verifications on the store will check every certificate's extensions are
260
+ * consistent with the purpose. The purpose is specified by constants:
246
261
  *
247
262
  * * X509::PURPOSE_SSL_CLIENT
248
263
  * * X509::PURPOSE_SSL_SERVER
@@ -253,6 +268,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
253
268
  * * X509::PURPOSE_ANY
254
269
  * * X509::PURPOSE_OCSP_HELPER
255
270
  * * X509::PURPOSE_TIMESTAMP_SIGN
271
+ *
272
+ * OpenSSL::X509::StoreContext#purpose= can be used to change the value for a
273
+ * single verification operation.
274
+ *
275
+ * See also the man page X509_VERIFY_PARAM_set_purpose(3).
256
276
  */
257
277
  static VALUE
258
278
  ossl_x509store_set_purpose(VALUE self, VALUE purpose)
@@ -269,6 +289,14 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
269
289
  /*
270
290
  * call-seq:
271
291
  * store.trust = trust
292
+ *
293
+ * Sets the default trust settings used by the certificate verification with
294
+ * the store.
295
+ *
296
+ * OpenSSL::X509::StoreContext#trust= can be used to change the value for a
297
+ * single verification operation.
298
+ *
299
+ * See also the man page X509_VERIFY_PARAM_set_trust(3).
272
300
  */
273
301
  static VALUE
274
302
  ossl_x509store_set_trust(VALUE self, VALUE trust)
@@ -286,7 +314,13 @@ ossl_x509store_set_trust(VALUE self, VALUE trust)
286
314
  * call-seq:
287
315
  * store.time = time
288
316
  *
289
- * Sets the time to be used in verifications.
317
+ * Sets the time to be used in the certificate verifications with the store.
318
+ * By default, if not specified, the current system time is used.
319
+ *
320
+ * OpenSSL::X509::StoreContext#time= can be used to change the value for a
321
+ * single verification operation.
322
+ *
323
+ * See also the man page X509_VERIFY_PARAM_set_time(3).
290
324
  */
291
325
  static VALUE
292
326
  ossl_x509store_set_time(VALUE self, VALUE time)
@@ -302,23 +336,23 @@ ossl_x509store_set_time(VALUE self, VALUE time)
302
336
  * Adds the certificates in _file_ to the certificate store. _file_ is the path
303
337
  * to the file, and the file contains one or more certificates in PEM format
304
338
  * concatenated together.
339
+ *
340
+ * See also the man page X509_LOOKUP_file(3).
305
341
  */
306
342
  static VALUE
307
343
  ossl_x509store_add_file(VALUE self, VALUE file)
308
344
  {
309
345
  X509_STORE *store;
310
346
  X509_LOOKUP *lookup;
311
- char *path = NULL;
347
+ const char *path;
312
348
 
313
- if(file != Qnil){
314
- path = StringValueCStr(file);
315
- }
316
349
  GetX509Store(self, store);
350
+ path = StringValueCStr(file);
317
351
  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
318
- if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
319
- if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
320
- ossl_raise(eX509StoreError, NULL);
321
- }
352
+ if (!lookup)
353
+ ossl_raise(eX509StoreError, "X509_STORE_add_lookup");
354
+ if (X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1)
355
+ ossl_raise(eX509StoreError, "X509_LOOKUP_load_file");
322
356
  #if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
323
357
  /*
324
358
  * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
@@ -337,23 +371,23 @@ ossl_x509store_add_file(VALUE self, VALUE file)
337
371
  * store.add_path(path) -> self
338
372
  *
339
373
  * Adds _path_ as the hash dir to be looked up by the store.
374
+ *
375
+ * See also the man page X509_LOOKUP_hash_dir(3).
340
376
  */
341
377
  static VALUE
342
378
  ossl_x509store_add_path(VALUE self, VALUE dir)
343
379
  {
344
380
  X509_STORE *store;
345
381
  X509_LOOKUP *lookup;
346
- char *path = NULL;
382
+ const char *path;
347
383
 
348
- if(dir != Qnil){
349
- path = StringValueCStr(dir);
350
- }
351
384
  GetX509Store(self, store);
385
+ path = StringValueCStr(dir);
352
386
  lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
353
- if(lookup == NULL) ossl_raise(eX509StoreError, NULL);
354
- if(X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1){
355
- ossl_raise(eX509StoreError, NULL);
356
- }
387
+ if (!lookup)
388
+ ossl_raise(eX509StoreError, "X509_STORE_add_lookup");
389
+ if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
390
+ ossl_raise(eX509StoreError, "X509_LOOKUP_add_dir");
357
391
 
358
392
  return self;
359
393
  }
@@ -368,6 +402,8 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
368
402
  *
369
403
  * * OpenSSL::X509::DEFAULT_CERT_FILE
370
404
  * * OpenSSL::X509::DEFAULT_CERT_DIR
405
+ *
406
+ * See also the man page X509_STORE_set_default_paths(3).
371
407
  */
372
408
  static VALUE
373
409
  ossl_x509store_set_default_paths(VALUE self)
@@ -375,18 +411,19 @@ ossl_x509store_set_default_paths(VALUE self)
375
411
  X509_STORE *store;
376
412
 
377
413
  GetX509Store(self, store);
378
- if (X509_STORE_set_default_paths(store) != 1){
379
- ossl_raise(eX509StoreError, NULL);
380
- }
414
+ if (X509_STORE_set_default_paths(store) != 1)
415
+ ossl_raise(eX509StoreError, "X509_STORE_set_default_paths");
381
416
 
382
417
  return Qnil;
383
418
  }
384
419
 
385
420
  /*
386
421
  * call-seq:
387
- * store.add_cert(cert)
422
+ * store.add_cert(cert) -> self
388
423
  *
389
424
  * Adds the OpenSSL::X509::Certificate _cert_ to the certificate store.
425
+ *
426
+ * See also the man page X509_STORE_add_cert(3).
390
427
  */
391
428
  static VALUE
392
429
  ossl_x509store_add_cert(VALUE self, VALUE arg)
@@ -396,9 +433,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
396
433
 
397
434
  cert = GetX509CertPtr(arg); /* NO NEED TO DUP */
398
435
  GetX509Store(self, store);
399
- if (X509_STORE_add_cert(store, cert) != 1){
400
- ossl_raise(eX509StoreError, NULL);
401
- }
436
+ if (X509_STORE_add_cert(store, cert) != 1)
437
+ ossl_raise(eX509StoreError, "X509_STORE_add_cert");
402
438
 
403
439
  return self;
404
440
  }
@@ -408,6 +444,8 @@ ossl_x509store_add_cert(VALUE self, VALUE arg)
408
444
  * store.add_crl(crl) -> self
409
445
  *
410
446
  * Adds the OpenSSL::X509::CRL _crl_ to the store.
447
+ *
448
+ * See also the man page X509_STORE_add_crl(3).
411
449
  */
412
450
  static VALUE
413
451
  ossl_x509store_add_crl(VALUE self, VALUE arg)
@@ -417,9 +455,8 @@ ossl_x509store_add_crl(VALUE self, VALUE arg)
417
455
 
418
456
  crl = GetX509CRLPtr(arg); /* NO NEED TO DUP */
419
457
  GetX509Store(self, store);
420
- if (X509_STORE_add_crl(store, crl) != 1){
421
- ossl_raise(eX509StoreError, NULL);
422
- }
458
+ if (X509_STORE_add_crl(store, crl) != 1)
459
+ ossl_raise(eX509StoreError, "X509_STORE_add_crl");
423
460
 
424
461
  return self;
425
462
  }
@@ -499,9 +536,8 @@ ossl_x509stctx_alloc(VALUE klass)
499
536
  VALUE obj;
500
537
 
501
538
  obj = NewX509StCtx(klass);
502
- if((ctx = X509_STORE_CTX_new()) == NULL){
503
- ossl_raise(eX509StoreError, NULL);
504
- }
539
+ if ((ctx = X509_STORE_CTX_new()) == NULL)
540
+ ossl_raise(eX509StoreError, "X509_STORE_CTX_new");
505
541
  SetX509StCtx(obj, ctx);
506
542
 
507
543
  return obj;
@@ -567,6 +603,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
567
603
  /*
568
604
  * call-seq:
569
605
  * stctx.verify -> true | false
606
+ *
607
+ * Performs the certificate verification using the parameters set to _stctx_.
608
+ *
609
+ * See also the man page X509_verify_cert(3).
570
610
  */
571
611
  static VALUE
572
612
  ossl_x509stctx_verify(VALUE self)
@@ -579,48 +619,45 @@ ossl_x509stctx_verify(VALUE self)
579
619
 
580
620
  switch (X509_verify_cert(ctx)) {
581
621
  case 1:
582
- return Qtrue;
622
+ return Qtrue;
583
623
  case 0:
584
- ossl_clear_error();
585
- return Qfalse;
624
+ ossl_clear_error();
625
+ return Qfalse;
586
626
  default:
587
- ossl_raise(eX509CertError, NULL);
627
+ ossl_raise(eX509CertError, "X509_verify_cert");
588
628
  }
589
629
  }
590
630
 
591
631
  /*
592
632
  * call-seq:
593
- * stctx.chain -> Array of X509::Certificate
633
+ * stctx.chain -> nil | Array of X509::Certificate
634
+ *
635
+ * Returns the verified chain.
636
+ *
637
+ * See also the man page X509_STORE_CTX_set0_verified_chain(3).
594
638
  */
595
639
  static VALUE
596
640
  ossl_x509stctx_get_chain(VALUE self)
597
641
  {
598
642
  X509_STORE_CTX *ctx;
599
- STACK_OF(X509) *chain;
600
- X509 *x509;
601
- int i, num;
602
- VALUE ary;
643
+ const STACK_OF(X509) *chain;
603
644
 
604
645
  GetX509StCtx(self, ctx);
605
- if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){
606
- return Qnil;
607
- }
608
- if((num = sk_X509_num(chain)) < 0){
609
- OSSL_Debug("certs in chain < 0???");
610
- return rb_ary_new();
611
- }
612
- ary = rb_ary_new2(num);
613
- for(i = 0; i < num; i++) {
614
- x509 = sk_X509_value(chain, i);
615
- rb_ary_push(ary, ossl_x509_new(x509));
616
- }
617
-
618
- return ary;
646
+ chain = X509_STORE_CTX_get0_chain(ctx);
647
+ if (!chain)
648
+ return Qnil; /* Could be an empty array instead? */
649
+ return ossl_x509_sk2ary(chain);
619
650
  }
620
651
 
621
652
  /*
622
653
  * call-seq:
623
654
  * stctx.error -> Integer
655
+ *
656
+ * Returns the error code of _stctx_. This is typically called after #verify
657
+ * is done, or from the verification callback set to
658
+ * OpenSSL::X509::Store#verify_callback=.
659
+ *
660
+ * See also the man page X509_STORE_CTX_get_error(3).
624
661
  */
625
662
  static VALUE
626
663
  ossl_x509stctx_get_err(VALUE self)
@@ -635,6 +672,11 @@ ossl_x509stctx_get_err(VALUE self)
635
672
  /*
636
673
  * call-seq:
637
674
  * stctx.error = error_code
675
+ *
676
+ * Sets the error code of _stctx_. This is used by the verification callback
677
+ * set to OpenSSL::X509::Store#verify_callback=.
678
+ *
679
+ * See also the man page X509_STORE_CTX_set_error(3).
638
680
  */
639
681
  static VALUE
640
682
  ossl_x509stctx_set_error(VALUE self, VALUE err)
@@ -651,7 +693,10 @@ ossl_x509stctx_set_error(VALUE self, VALUE err)
651
693
  * call-seq:
652
694
  * stctx.error_string -> String
653
695
  *
654
- * Returns the error string corresponding to the error code retrieved by #error.
696
+ * Returns the human readable error string corresponding to the error code
697
+ * retrieved by #error.
698
+ *
699
+ * See also the man page X509_verify_cert_error_string(3).
655
700
  */
656
701
  static VALUE
657
702
  ossl_x509stctx_get_err_string(VALUE self)
@@ -668,6 +713,10 @@ ossl_x509stctx_get_err_string(VALUE self)
668
713
  /*
669
714
  * call-seq:
670
715
  * stctx.error_depth -> Integer
716
+ *
717
+ * Returns the depth of the chain. This is used in combination with #error.
718
+ *
719
+ * See also the man page X509_STORE_CTX_get_error_depth(3).
671
720
  */
672
721
  static VALUE
673
722
  ossl_x509stctx_get_err_depth(VALUE self)
@@ -682,6 +731,10 @@ ossl_x509stctx_get_err_depth(VALUE self)
682
731
  /*
683
732
  * call-seq:
684
733
  * stctx.current_cert -> X509::Certificate
734
+ *
735
+ * Returns the certificate which caused the error.
736
+ *
737
+ * See also the man page X509_STORE_CTX_get_current_cert(3).
685
738
  */
686
739
  static VALUE
687
740
  ossl_x509stctx_get_curr_cert(VALUE self)
@@ -696,6 +749,10 @@ ossl_x509stctx_get_curr_cert(VALUE self)
696
749
  /*
697
750
  * call-seq:
698
751
  * stctx.current_crl -> X509::CRL
752
+ *
753
+ * Returns the CRL which caused the error.
754
+ *
755
+ * See also the man page X509_STORE_CTX_get_current_crl(3).
699
756
  */
700
757
  static VALUE
701
758
  ossl_x509stctx_get_curr_crl(VALUE self)
@@ -715,7 +772,10 @@ ossl_x509stctx_get_curr_crl(VALUE self)
715
772
  * call-seq:
716
773
  * stctx.flags = flags
717
774
  *
718
- * Sets the verification flags to the context. See Store#flags=.
775
+ * Sets the verification flags to the context. This overrides the default value
776
+ * set by Store#flags=.
777
+ *
778
+ * See also the man page X509_VERIFY_PARAM_set_flags(3).
719
779
  */
720
780
  static VALUE
721
781
  ossl_x509stctx_set_flags(VALUE self, VALUE flags)
@@ -733,7 +793,10 @@ ossl_x509stctx_set_flags(VALUE self, VALUE flags)
733
793
  * call-seq:
734
794
  * stctx.purpose = purpose
735
795
  *
736
- * Sets the purpose of the context. See Store#purpose=.
796
+ * Sets the purpose of the context. This overrides the default value set by
797
+ * Store#purpose=.
798
+ *
799
+ * See also the man page X509_VERIFY_PARAM_set_purpose(3).
737
800
  */
738
801
  static VALUE
739
802
  ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
@@ -750,6 +813,11 @@ ossl_x509stctx_set_purpose(VALUE self, VALUE purpose)
750
813
  /*
751
814
  * call-seq:
752
815
  * stctx.trust = trust
816
+ *
817
+ * Sets the trust settings of the context. This overrides the default value set
818
+ * by Store#trust=.
819
+ *
820
+ * See also the man page X509_VERIFY_PARAM_set_trust(3).
753
821
  */
754
822
  static VALUE
755
823
  ossl_x509stctx_set_trust(VALUE self, VALUE trust)
@@ -768,6 +836,8 @@ ossl_x509stctx_set_trust(VALUE self, VALUE trust)
768
836
  * stctx.time = time
769
837
  *
770
838
  * Sets the time used in the verification. If not set, the current time is used.
839
+ *
840
+ * See also the man page X509_VERIFY_PARAM_set_time(3).
771
841
  */
772
842
  static VALUE
773
843
  ossl_x509stctx_set_time(VALUE self, VALUE time)
@@ -843,23 +913,37 @@ Init_ossl_x509store(void)
843
913
  cX509Store = rb_define_class_under(mX509, "Store", rb_cObject);
844
914
  /*
845
915
  * The callback for additional certificate verification. It is invoked for
846
- * each untrusted certificate in the chain.
916
+ * each certificate in the chain and can be used to implement custom
917
+ * certificate verification conditions.
847
918
  *
848
919
  * The callback is invoked with two values, a boolean that indicates if the
849
920
  * pre-verification by OpenSSL has succeeded or not, and the StoreContext in
850
- * use. The callback must return either true or false.
921
+ * use.
922
+ *
923
+ * The callback can use StoreContext#error= to change the error code as
924
+ * needed. The callback must return either true or false.
925
+ *
926
+ * NOTE: any exception raised within the callback will be ignored.
927
+ *
928
+ * See also the man page X509_STORE_CTX_set_verify_cb(3).
851
929
  */
852
930
  rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse);
853
931
  /*
854
932
  * The error code set by the last call of #verify.
933
+ *
934
+ * See also StoreContext#error.
855
935
  */
856
936
  rb_attr(cX509Store, rb_intern("error"), 1, 0, Qfalse);
857
937
  /*
858
938
  * The description for the error code set by the last call of #verify.
939
+ *
940
+ * See also StoreContext#error_string.
859
941
  */
860
942
  rb_attr(cX509Store, rb_intern("error_string"), 1, 0, Qfalse);
861
943
  /*
862
944
  * The certificate chain constructed by the last call of #verify.
945
+ *
946
+ * See also StoreContext#chain.
863
947
  */
864
948
  rb_attr(cX509Store, rb_intern("chain"), 1, 0, Qfalse);
865
949
  rb_define_alloc_func(cX509Store, ossl_x509store_alloc);
@@ -101,6 +101,15 @@ module OpenSSL::Buffering
101
101
 
102
102
  public
103
103
 
104
+ # call-seq:
105
+ # ssl.getbyte => 81
106
+ #
107
+ # Get the next 8bit byte from `ssl`. Returns `nil` on EOF
108
+ def getbyte
109
+ byte = read(1)
110
+ byte && byte.unpack1("C")
111
+ end
112
+
104
113
  ##
105
114
  # Reads _size_ bytes from the stream. If _buf_ is provided it must
106
115
  # reference a string which will receive the data.
data/lib/openssl/hmac.rb CHANGED
@@ -9,5 +9,70 @@ module OpenSSL
9
9
 
10
10
  OpenSSL.fixed_length_secure_compare(self.digest, other.digest)
11
11
  end
12
+
13
+ # :call-seq:
14
+ # hmac.base64digest -> string
15
+ #
16
+ # Returns the authentication code an a Base64-encoded string.
17
+ def base64digest
18
+ [digest].pack("m0")
19
+ end
20
+
21
+ class << self
22
+ # :call-seq:
23
+ # HMAC.digest(digest, key, data) -> aString
24
+ #
25
+ # Returns the authentication code as a binary string. The _digest_ parameter
26
+ # specifies the digest algorithm to use. This may be a String representing
27
+ # the algorithm name or an instance of OpenSSL::Digest.
28
+ #
29
+ # === Example
30
+ # key = 'key'
31
+ # data = 'The quick brown fox jumps over the lazy dog'
32
+ #
33
+ # hmac = OpenSSL::HMAC.digest('SHA1', key, data)
34
+ # #=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
35
+ def digest(digest, key, data)
36
+ hmac = new(key, digest)
37
+ hmac << data
38
+ hmac.digest
39
+ end
40
+
41
+ # :call-seq:
42
+ # HMAC.hexdigest(digest, key, data) -> aString
43
+ #
44
+ # Returns the authentication code as a hex-encoded string. The _digest_
45
+ # parameter specifies the digest algorithm to use. This may be a String
46
+ # representing the algorithm name or an instance of OpenSSL::Digest.
47
+ #
48
+ # === Example
49
+ # key = 'key'
50
+ # data = 'The quick brown fox jumps over the lazy dog'
51
+ #
52
+ # hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
53
+ # #=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
54
+ def hexdigest(digest, key, data)
55
+ hmac = new(key, digest)
56
+ hmac << data
57
+ hmac.hexdigest
58
+ end
59
+
60
+ # :call-seq:
61
+ # HMAC.base64digest(digest, key, data) -> aString
62
+ #
63
+ # Returns the authentication code as a Base64-encoded string. The _digest_
64
+ # parameter specifies the digest algorithm to use. This may be a String
65
+ # representing the algorithm name or an instance of OpenSSL::Digest.
66
+ #
67
+ # === Example
68
+ # key = 'key'
69
+ # data = 'The quick brown fox jumps over the lazy dog'
70
+ #
71
+ # hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
72
+ # #=> "3nybhbi3iqa8ino29wqQcBydtNk="
73
+ def base64digest(digest, key, data)
74
+ [digest(digest, key, data)].pack("m0")
75
+ end
76
+ end
12
77
  end
13
78
  end