openssl 2.2.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +32 -44
  3. data/History.md +103 -1
  4. data/ext/openssl/extconf.rb +24 -26
  5. data/ext/openssl/openssl_missing.c +0 -66
  6. data/ext/openssl/openssl_missing.h +26 -45
  7. data/ext/openssl/ossl.c +59 -46
  8. data/ext/openssl/ossl.h +20 -6
  9. data/ext/openssl/ossl_asn1.c +16 -4
  10. data/ext/openssl/ossl_bn.c +188 -126
  11. data/ext/openssl/ossl_cipher.c +11 -11
  12. data/ext/openssl/ossl_config.c +412 -41
  13. data/ext/openssl/ossl_config.h +4 -7
  14. data/ext/openssl/ossl_digest.c +9 -9
  15. data/ext/openssl/ossl_engine.c +16 -15
  16. data/ext/openssl/ossl_hmac.c +48 -135
  17. data/ext/openssl/ossl_kdf.c +8 -0
  18. data/ext/openssl/ossl_ocsp.c +3 -51
  19. data/ext/openssl/ossl_pkcs12.c +21 -3
  20. data/ext/openssl/ossl_pkcs7.c +42 -59
  21. data/ext/openssl/ossl_pkey.c +1102 -191
  22. data/ext/openssl/ossl_pkey.h +35 -72
  23. data/ext/openssl/ossl_pkey_dh.c +124 -334
  24. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  25. data/ext/openssl/ossl_pkey_ec.c +126 -318
  26. data/ext/openssl/ossl_pkey_rsa.c +100 -487
  27. data/ext/openssl/ossl_ssl.c +256 -355
  28. data/ext/openssl/ossl_ssl_session.c +24 -29
  29. data/ext/openssl/ossl_ts.c +35 -20
  30. data/ext/openssl/ossl_x509.c +0 -6
  31. data/ext/openssl/ossl_x509cert.c +164 -8
  32. data/ext/openssl/ossl_x509crl.c +10 -7
  33. data/ext/openssl/ossl_x509ext.c +1 -2
  34. data/ext/openssl/ossl_x509name.c +9 -2
  35. data/ext/openssl/ossl_x509req.c +10 -7
  36. data/ext/openssl/ossl_x509store.c +154 -70
  37. data/lib/openssl/buffering.rb +9 -0
  38. data/lib/openssl/hmac.rb +65 -0
  39. data/lib/openssl/pkey.rb +417 -0
  40. data/lib/openssl/ssl.rb +7 -7
  41. data/lib/openssl/version.rb +1 -1
  42. data/lib/openssl/x509.rb +22 -0
  43. data/lib/openssl.rb +0 -1
  44. metadata +4 -76
  45. data/ext/openssl/ruby_missing.h +0 -24
  46. data/lib/openssl/config.rb +0 -501
data/lib/openssl/pkey.rb CHANGED
@@ -9,16 +9,282 @@ require_relative 'marshal'
9
9
  module OpenSSL::PKey
10
10
  class DH
11
11
  include OpenSSL::Marshal
12
+
13
+ # :call-seq:
14
+ # dh.public_key -> dhnew
15
+ #
16
+ # Returns a new DH instance that carries just the \DH parameters.
17
+ #
18
+ # Contrary to the method name, the returned DH object contains only
19
+ # parameters and not the public key.
20
+ #
21
+ # This method is provided for backwards compatibility. In most cases, there
22
+ # is no need to call this method.
23
+ #
24
+ # For the purpose of re-generating the key pair while keeping the
25
+ # parameters, check OpenSSL::PKey.generate_key.
26
+ #
27
+ # Example:
28
+ # # OpenSSL::PKey::DH.generate by default generates a random key pair
29
+ # dh1 = OpenSSL::PKey::DH.generate(2048)
30
+ # p dh1.priv_key #=> #<OpenSSL::BN 1288347...>
31
+ # dhcopy = dh1.public_key
32
+ # p dhcopy.priv_key #=> nil
33
+ def public_key
34
+ DH.new(to_der)
35
+ end
36
+
37
+ # :call-seq:
38
+ # dh.compute_key(pub_bn) -> string
39
+ #
40
+ # Returns a String containing a shared secret computed from the other
41
+ # party's public value.
42
+ #
43
+ # This method is provided for backwards compatibility, and calls #derive
44
+ # internally.
45
+ #
46
+ # === Parameters
47
+ # * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by
48
+ # DH#public_key as that contains the DH parameters only.
49
+ def compute_key(pub_bn)
50
+ # FIXME: This is constructing an X.509 SubjectPublicKeyInfo and is very
51
+ # inefficient
52
+ obj = OpenSSL::ASN1.Sequence([
53
+ OpenSSL::ASN1.Sequence([
54
+ OpenSSL::ASN1.ObjectId("dhKeyAgreement"),
55
+ OpenSSL::ASN1.Sequence([
56
+ OpenSSL::ASN1.Integer(p),
57
+ OpenSSL::ASN1.Integer(g),
58
+ ]),
59
+ ]),
60
+ OpenSSL::ASN1.BitString(OpenSSL::ASN1.Integer(pub_bn).to_der),
61
+ ])
62
+ derive(OpenSSL::PKey.read(obj.to_der))
63
+ end
64
+
65
+ # :call-seq:
66
+ # dh.generate_key! -> self
67
+ #
68
+ # Generates a private and public key unless a private key already exists.
69
+ # If this DH instance was generated from public \DH parameters (e.g. by
70
+ # encoding the result of DH#public_key), then this method needs to be
71
+ # called first in order to generate the per-session keys before performing
72
+ # the actual key exchange.
73
+ #
74
+ # <b>Deprecated in version 3.0</b>. This method is incompatible with
75
+ # OpenSSL 3.0.0 or later.
76
+ #
77
+ # See also OpenSSL::PKey.generate_key.
78
+ #
79
+ # Example:
80
+ # # DEPRECATED USAGE: This will not work on OpenSSL 3.0 or later
81
+ # dh0 = OpenSSL::PKey::DH.new(2048)
82
+ # dh = dh0.public_key # #public_key only copies the DH parameters (contrary to the name)
83
+ # dh.generate_key!
84
+ # puts dh.private? # => true
85
+ # puts dh0.pub_key == dh.pub_key #=> false
86
+ #
87
+ # # With OpenSSL::PKey.generate_key
88
+ # dh0 = OpenSSL::PKey::DH.new(2048)
89
+ # dh = OpenSSL::PKey.generate_key(dh0)
90
+ # puts dh0.pub_key == dh.pub_key #=> false
91
+ def generate_key!
92
+ if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x30000000
93
+ raise DHError, "OpenSSL::PKey::DH is immutable on OpenSSL 3.0; " \
94
+ "use OpenSSL::PKey.generate_key instead"
95
+ end
96
+
97
+ unless priv_key
98
+ tmp = OpenSSL::PKey.generate_key(self)
99
+ set_key(tmp.pub_key, tmp.priv_key)
100
+ end
101
+ self
102
+ end
103
+
104
+ class << self
105
+ # :call-seq:
106
+ # DH.generate(size, generator = 2) -> dh
107
+ #
108
+ # Creates a new DH instance from scratch by generating random parameters
109
+ # and a key pair.
110
+ #
111
+ # See also OpenSSL::PKey.generate_parameters and
112
+ # OpenSSL::PKey.generate_key.
113
+ #
114
+ # +size+::
115
+ # The desired key size in bits.
116
+ # +generator+::
117
+ # The generator.
118
+ def generate(size, generator = 2, &blk)
119
+ dhparams = OpenSSL::PKey.generate_parameters("DH", {
120
+ "dh_paramgen_prime_len" => size,
121
+ "dh_paramgen_generator" => generator,
122
+ }, &blk)
123
+ OpenSSL::PKey.generate_key(dhparams)
124
+ end
125
+
126
+ # Handle DH.new(size, generator) form here; new(str) and new() forms
127
+ # are handled by #initialize
128
+ def new(*args, &blk) # :nodoc:
129
+ if args[0].is_a?(Integer)
130
+ generate(*args, &blk)
131
+ else
132
+ super
133
+ end
134
+ end
135
+ end
12
136
  end
13
137
 
14
138
  class DSA
15
139
  include OpenSSL::Marshal
140
+
141
+ # :call-seq:
142
+ # dsa.public_key -> dsanew
143
+ #
144
+ # Returns a new DSA instance that carries just the \DSA parameters and the
145
+ # public key.
146
+ #
147
+ # This method is provided for backwards compatibility. In most cases, there
148
+ # is no need to call this method.
149
+ #
150
+ # For the purpose of serializing the public key, to PEM or DER encoding of
151
+ # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
152
+ # PKey#public_to_der.
153
+ def public_key
154
+ OpenSSL::PKey.read(public_to_der)
155
+ end
156
+
157
+ class << self
158
+ # :call-seq:
159
+ # DSA.generate(size) -> dsa
160
+ #
161
+ # Creates a new DSA instance by generating a private/public key pair
162
+ # from scratch.
163
+ #
164
+ # See also OpenSSL::PKey.generate_parameters and
165
+ # OpenSSL::PKey.generate_key.
166
+ #
167
+ # +size+::
168
+ # The desired key size in bits.
169
+ def generate(size, &blk)
170
+ dsaparams = OpenSSL::PKey.generate_parameters("DSA", {
171
+ "dsa_paramgen_bits" => size,
172
+ }, &blk)
173
+ OpenSSL::PKey.generate_key(dsaparams)
174
+ end
175
+
176
+ # Handle DSA.new(size) form here; new(str) and new() forms
177
+ # are handled by #initialize
178
+ def new(*args, &blk) # :nodoc:
179
+ if args[0].is_a?(Integer)
180
+ generate(*args, &blk)
181
+ else
182
+ super
183
+ end
184
+ end
185
+ end
186
+
187
+ # :call-seq:
188
+ # dsa.syssign(string) -> string
189
+ #
190
+ # Computes and returns the \DSA signature of +string+, where +string+ is
191
+ # expected to be an already-computed message digest of the original input
192
+ # data. The signature is issued using the private key of this DSA instance.
193
+ #
194
+ # <b>Deprecated in version 3.0</b>.
195
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
196
+ #
197
+ # +string+::
198
+ # A message digest of the original input data to be signed.
199
+ #
200
+ # Example:
201
+ # dsa = OpenSSL::PKey::DSA.new(2048)
202
+ # doc = "Sign me"
203
+ # digest = OpenSSL::Digest.digest('SHA1', doc)
204
+ #
205
+ # # With legacy #syssign and #sysverify:
206
+ # sig = dsa.syssign(digest)
207
+ # p dsa.sysverify(digest, sig) #=> true
208
+ #
209
+ # # With #sign_raw and #verify_raw:
210
+ # sig = dsa.sign_raw(nil, digest)
211
+ # p dsa.verify_raw(nil, sig, digest) #=> true
212
+ def syssign(string)
213
+ q or raise OpenSSL::PKey::DSAError, "incomplete DSA"
214
+ private? or raise OpenSSL::PKey::DSAError, "Private DSA key needed!"
215
+ begin
216
+ sign_raw(nil, string)
217
+ rescue OpenSSL::PKey::PKeyError
218
+ raise OpenSSL::PKey::DSAError, $!.message
219
+ end
220
+ end
221
+
222
+ # :call-seq:
223
+ # dsa.sysverify(digest, sig) -> true | false
224
+ #
225
+ # Verifies whether the signature is valid given the message digest input.
226
+ # It does so by validating +sig+ using the public key of this DSA instance.
227
+ #
228
+ # <b>Deprecated in version 3.0</b>.
229
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
230
+ #
231
+ # +digest+::
232
+ # A message digest of the original input data to be signed.
233
+ # +sig+::
234
+ # A \DSA signature value.
235
+ def sysverify(digest, sig)
236
+ verify_raw(nil, sig, digest)
237
+ rescue OpenSSL::PKey::PKeyError
238
+ raise OpenSSL::PKey::DSAError, $!.message
239
+ end
16
240
  end
17
241
 
18
242
  if defined?(EC)
19
243
  class EC
20
244
  include OpenSSL::Marshal
245
+
246
+ # :call-seq:
247
+ # key.dsa_sign_asn1(data) -> String
248
+ #
249
+ # <b>Deprecated in version 3.0</b>.
250
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
251
+ def dsa_sign_asn1(data)
252
+ sign_raw(nil, data)
253
+ rescue OpenSSL::PKey::PKeyError
254
+ raise OpenSSL::PKey::ECError, $!.message
255
+ end
256
+
257
+ # :call-seq:
258
+ # key.dsa_verify_asn1(data, sig) -> true | false
259
+ #
260
+ # <b>Deprecated in version 3.0</b>.
261
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
262
+ def dsa_verify_asn1(data, sig)
263
+ verify_raw(nil, sig, data)
264
+ rescue OpenSSL::PKey::PKeyError
265
+ raise OpenSSL::PKey::ECError, $!.message
266
+ end
267
+
268
+ # :call-seq:
269
+ # ec.dh_compute_key(pubkey) -> string
270
+ #
271
+ # Derives a shared secret by ECDH. _pubkey_ must be an instance of
272
+ # OpenSSL::PKey::EC::Point and must belong to the same group.
273
+ #
274
+ # This method is provided for backwards compatibility, and calls #derive
275
+ # internally.
276
+ def dh_compute_key(pubkey)
277
+ obj = OpenSSL::ASN1.Sequence([
278
+ OpenSSL::ASN1.Sequence([
279
+ OpenSSL::ASN1.ObjectId("id-ecPublicKey"),
280
+ group.to_der,
281
+ ]),
282
+ OpenSSL::ASN1.BitString(pubkey.to_octet_string(:uncompressed)),
283
+ ])
284
+ derive(OpenSSL::PKey.read(obj.to_der))
285
+ end
21
286
  end
287
+
22
288
  class EC::Point
23
289
  # :call-seq:
24
290
  # point.to_bn([conversion_form]) -> OpenSSL::BN
@@ -38,5 +304,156 @@ module OpenSSL::PKey
38
304
 
39
305
  class RSA
40
306
  include OpenSSL::Marshal
307
+
308
+ # :call-seq:
309
+ # rsa.public_key -> rsanew
310
+ #
311
+ # Returns a new RSA instance that carries just the public key components.
312
+ #
313
+ # This method is provided for backwards compatibility. In most cases, there
314
+ # is no need to call this method.
315
+ #
316
+ # For the purpose of serializing the public key, to PEM or DER encoding of
317
+ # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
318
+ # PKey#public_to_der.
319
+ def public_key
320
+ OpenSSL::PKey.read(public_to_der)
321
+ end
322
+
323
+ class << self
324
+ # :call-seq:
325
+ # RSA.generate(size, exponent = 65537) -> RSA
326
+ #
327
+ # Generates an \RSA keypair.
328
+ #
329
+ # See also OpenSSL::PKey.generate_key.
330
+ #
331
+ # +size+::
332
+ # The desired key size in bits.
333
+ # +exponent+::
334
+ # An odd Integer, normally 3, 17, or 65537.
335
+ def generate(size, exp = 0x10001, &blk)
336
+ OpenSSL::PKey.generate_key("RSA", {
337
+ "rsa_keygen_bits" => size,
338
+ "rsa_keygen_pubexp" => exp,
339
+ }, &blk)
340
+ end
341
+
342
+ # Handle RSA.new(size, exponent) form here; new(str) and new() forms
343
+ # are handled by #initialize
344
+ def new(*args, &blk) # :nodoc:
345
+ if args[0].is_a?(Integer)
346
+ generate(*args, &blk)
347
+ else
348
+ super
349
+ end
350
+ end
351
+ end
352
+
353
+ # :call-seq:
354
+ # rsa.private_encrypt(string) -> String
355
+ # rsa.private_encrypt(string, padding) -> String
356
+ #
357
+ # Encrypt +string+ with the private key. +padding+ defaults to
358
+ # PKCS1_PADDING. The encrypted string output can be decrypted using
359
+ # #public_decrypt.
360
+ #
361
+ # <b>Deprecated in version 3.0</b>.
362
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
363
+ # PKey::PKey#verify_recover instead.
364
+ def private_encrypt(string, padding = PKCS1_PADDING)
365
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
366
+ private? or raise OpenSSL::PKey::RSAError, "private key needed."
367
+ begin
368
+ sign_raw(nil, string, {
369
+ "rsa_padding_mode" => translate_padding_mode(padding),
370
+ })
371
+ rescue OpenSSL::PKey::PKeyError
372
+ raise OpenSSL::PKey::RSAError, $!.message
373
+ end
374
+ end
375
+
376
+ # :call-seq:
377
+ # rsa.public_decrypt(string) -> String
378
+ # rsa.public_decrypt(string, padding) -> String
379
+ #
380
+ # Decrypt +string+, which has been encrypted with the private key, with the
381
+ # public key. +padding+ defaults to PKCS1_PADDING.
382
+ #
383
+ # <b>Deprecated in version 3.0</b>.
384
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
385
+ # PKey::PKey#verify_recover instead.
386
+ def public_decrypt(string, padding = PKCS1_PADDING)
387
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
388
+ begin
389
+ verify_recover(nil, string, {
390
+ "rsa_padding_mode" => translate_padding_mode(padding),
391
+ })
392
+ rescue OpenSSL::PKey::PKeyError
393
+ raise OpenSSL::PKey::RSAError, $!.message
394
+ end
395
+ end
396
+
397
+ # :call-seq:
398
+ # rsa.public_encrypt(string) -> String
399
+ # rsa.public_encrypt(string, padding) -> String
400
+ #
401
+ # Encrypt +string+ with the public key. +padding+ defaults to
402
+ # PKCS1_PADDING. The encrypted string output can be decrypted using
403
+ # #private_decrypt.
404
+ #
405
+ # <b>Deprecated in version 3.0</b>.
406
+ # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
407
+ def public_encrypt(data, padding = PKCS1_PADDING)
408
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
409
+ begin
410
+ encrypt(data, {
411
+ "rsa_padding_mode" => translate_padding_mode(padding),
412
+ })
413
+ rescue OpenSSL::PKey::PKeyError
414
+ raise OpenSSL::PKey::RSAError, $!.message
415
+ end
416
+ end
417
+
418
+ # :call-seq:
419
+ # rsa.private_decrypt(string) -> String
420
+ # rsa.private_decrypt(string, padding) -> String
421
+ #
422
+ # Decrypt +string+, which has been encrypted with the public key, with the
423
+ # private key. +padding+ defaults to PKCS1_PADDING.
424
+ #
425
+ # <b>Deprecated in version 3.0</b>.
426
+ # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
427
+ def private_decrypt(data, padding = PKCS1_PADDING)
428
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
429
+ private? or raise OpenSSL::PKey::RSAError, "private key needed."
430
+ begin
431
+ decrypt(data, {
432
+ "rsa_padding_mode" => translate_padding_mode(padding),
433
+ })
434
+ rescue OpenSSL::PKey::PKeyError
435
+ raise OpenSSL::PKey::RSAError, $!.message
436
+ end
437
+ end
438
+
439
+ PKCS1_PADDING = 1
440
+ SSLV23_PADDING = 2
441
+ NO_PADDING = 3
442
+ PKCS1_OAEP_PADDING = 4
443
+
444
+ private def translate_padding_mode(num)
445
+ case num
446
+ when PKCS1_PADDING
447
+ "pkcs1"
448
+ when SSLV23_PADDING
449
+ "sslv23"
450
+ when NO_PADDING
451
+ "none"
452
+ when PKCS1_OAEP_PADDING
453
+ "oaep"
454
+ else
455
+ raise OpenSSL::PKey::PKeyError, "unsupported padding mode"
456
+ end
457
+ end
41
458
  end
42
459
  end
data/lib/openssl/ssl.rb CHANGED
@@ -91,15 +91,17 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
91
91
  DEFAULT_CERT_STORE.set_default_paths
92
92
  DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
93
93
 
94
- # A callback invoked when DH parameters are required.
94
+ # A callback invoked when DH parameters are required for ephemeral DH key
95
+ # exchange.
95
96
  #
96
- # The callback is invoked with the Session for the key exchange, an
97
+ # The callback is invoked with the SSLSocket, a
97
98
  # flag indicating the use of an export cipher and the keylength
98
99
  # required.
99
100
  #
100
101
  # The callback must return an OpenSSL::PKey::DH instance of the correct
101
102
  # key length.
102
-
103
+ #
104
+ # <b>Deprecated in version 3.0.</b> Use #tmp_dh= instead.
103
105
  attr_accessor :tmp_dh_callback
104
106
 
105
107
  # A callback invoked at connect time to distinguish between multiple
@@ -122,6 +124,8 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
122
124
  def initialize(version = nil)
123
125
  self.options |= OpenSSL::SSL::OP_ALL
124
126
  self.ssl_version = version if version
127
+ self.verify_mode = OpenSSL::SSL::VERIFY_NONE
128
+ self.verify_hostname = false
125
129
  end
126
130
 
127
131
  ##
@@ -430,10 +434,6 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
430
434
  @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
431
435
  end
432
436
 
433
- def tmp_ecdh_callback
434
- @context.tmp_ecdh_callback
435
- end
436
-
437
437
  def session_new_cb
438
438
  @context.session_new_cb
439
439
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module OpenSSL
4
- VERSION = "2.2.1"
4
+ VERSION = "3.0.0"
5
5
  end
data/lib/openssl/x509.rb CHANGED
@@ -279,11 +279,29 @@ module OpenSSL
279
279
  end
280
280
 
281
281
  class << self
282
+ # Parses the UTF-8 string representation of a distinguished name,
283
+ # according to RFC 2253.
284
+ #
285
+ # See also #to_utf8 for the opposite operation.
282
286
  def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
283
287
  ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
284
288
  self.new(ary, template)
285
289
  end
286
290
 
291
+ # Parses the string representation of a distinguished name. Two
292
+ # different forms are supported:
293
+ #
294
+ # - \OpenSSL format (<tt>X509_NAME_oneline()</tt>) used by
295
+ # <tt>#to_s</tt>. For example: <tt>/DC=com/DC=example/CN=nobody</tt>
296
+ # - \OpenSSL format (<tt>X509_NAME_print()</tt>)
297
+ # used by <tt>#to_s(OpenSSL::X509::Name::COMPAT)</tt>. For example:
298
+ # <tt>DC=com, DC=example, CN=nobody</tt>
299
+ #
300
+ # Neither of them is standardized and has quirks and inconsistencies
301
+ # in handling of escaped characters or multi-valued RDNs.
302
+ #
303
+ # Use of this method is discouraged in new applications. See
304
+ # Name.parse_rfc2253 and #to_utf8 for the alternative.
287
305
  def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
288
306
  if str.start_with?("/")
289
307
  # /A=B/C=D format
@@ -338,6 +356,10 @@ module OpenSSL
338
356
  q.text 'not_after='; q.pp self.not_after
339
357
  }
340
358
  end
359
+
360
+ def self.load_file(path)
361
+ load(File.binread(path))
362
+ end
341
363
  end
342
364
 
343
365
  class CRL
data/lib/openssl.rb CHANGED
@@ -15,7 +15,6 @@ require 'openssl.so'
15
15
  require_relative 'openssl/bn'
16
16
  require_relative 'openssl/pkey'
17
17
  require_relative 'openssl/cipher'
18
- require_relative 'openssl/config'
19
18
  require_relative 'openssl/digest'
20
19
  require_relative 'openssl/hmac'
21
20
  require_relative 'openssl/x509'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,78 +11,8 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2021-10-16 00:00:00.000000000 Z
15
- dependencies:
16
- - !ruby/object:Gem::Dependency
17
- name: ipaddr
18
- requirement: !ruby/object:Gem::Requirement
19
- requirements:
20
- - - ">="
21
- - !ruby/object:Gem::Version
22
- version: '0'
23
- type: :runtime
24
- prerelease: false
25
- version_requirements: !ruby/object:Gem::Requirement
26
- requirements:
27
- - - ">="
28
- - !ruby/object:Gem::Version
29
- version: '0'
30
- - !ruby/object:Gem::Dependency
31
- name: rake
32
- requirement: !ruby/object:Gem::Requirement
33
- requirements:
34
- - - ">="
35
- - !ruby/object:Gem::Version
36
- version: '0'
37
- type: :development
38
- prerelease: false
39
- version_requirements: !ruby/object:Gem::Requirement
40
- requirements:
41
- - - ">="
42
- - !ruby/object:Gem::Version
43
- version: '0'
44
- - !ruby/object:Gem::Dependency
45
- name: rake-compiler
46
- requirement: !ruby/object:Gem::Requirement
47
- requirements:
48
- - - ">="
49
- - !ruby/object:Gem::Version
50
- version: '0'
51
- type: :development
52
- prerelease: false
53
- version_requirements: !ruby/object:Gem::Requirement
54
- requirements:
55
- - - ">="
56
- - !ruby/object:Gem::Version
57
- version: '0'
58
- - !ruby/object:Gem::Dependency
59
- name: test-unit
60
- requirement: !ruby/object:Gem::Requirement
61
- requirements:
62
- - - "~>"
63
- - !ruby/object:Gem::Version
64
- version: '3.0'
65
- type: :development
66
- prerelease: false
67
- version_requirements: !ruby/object:Gem::Requirement
68
- requirements:
69
- - - "~>"
70
- - !ruby/object:Gem::Version
71
- version: '3.0'
72
- - !ruby/object:Gem::Dependency
73
- name: rdoc
74
- requirement: !ruby/object:Gem::Requirement
75
- requirements:
76
- - - ">="
77
- - !ruby/object:Gem::Version
78
- version: '0'
79
- type: :development
80
- prerelease: false
81
- version_requirements: !ruby/object:Gem::Requirement
82
- requirements:
83
- - - ">="
84
- - !ruby/object:Gem::Version
85
- version: '0'
14
+ date: 2021-12-24 00:00:00.000000000 Z
15
+ dependencies: []
86
16
  description: It wraps the OpenSSL library.
87
17
  email:
88
18
  - ruby-core@ruby-lang.org
@@ -153,12 +83,10 @@ files:
153
83
  - ext/openssl/ossl_x509req.c
154
84
  - ext/openssl/ossl_x509revoked.c
155
85
  - ext/openssl/ossl_x509store.c
156
- - ext/openssl/ruby_missing.h
157
86
  - lib/openssl.rb
158
87
  - lib/openssl/bn.rb
159
88
  - lib/openssl/buffering.rb
160
89
  - lib/openssl/cipher.rb
161
- - lib/openssl/config.rb
162
90
  - lib/openssl/digest.rb
163
91
  - lib/openssl/hmac.rb
164
92
  - lib/openssl/marshal.rb
@@ -182,7 +110,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
182
110
  requirements:
183
111
  - - ">="
184
112
  - !ruby/object:Gem::Version
185
- version: 2.3.0
113
+ version: 2.6.0
186
114
  required_rubygems_version: !ruby/object:Gem::Requirement
187
115
  requirements:
188
116
  - - ">="
@@ -1,24 +0,0 @@
1
- /*
2
- * 'OpenSSL for Ruby' project
3
- * Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz>
4
- * All rights reserved.
5
- */
6
- /*
7
- * This program is licensed under the same licence as Ruby.
8
- * (See the file 'LICENCE'.)
9
- */
10
- #if !defined(_OSSL_RUBY_MISSING_H_)
11
- #define _OSSL_RUBY_MISSING_H_
12
-
13
- /* Ruby 2.4 */
14
- #ifndef RB_INTEGER_TYPE_P
15
- # define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
16
- #endif
17
-
18
- /* Ruby 2.5 */
19
- #ifndef ST2FIX
20
- # define RB_ST2FIX(h) LONG2FIX((long)(h))
21
- # define ST2FIX(h) RB_ST2FIX(h)
22
- #endif
23
-
24
- #endif /* _OSSL_RUBY_MISSING_H_ */