openssl 2.2.1 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +248 -1
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +101 -68
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +26 -45
  8. data/ext/openssl/ossl.c +128 -237
  9. data/ext/openssl/ossl.h +31 -12
  10. data/ext/openssl/ossl_asn1.c +26 -13
  11. data/ext/openssl/ossl_bn.c +213 -139
  12. data/ext/openssl/ossl_cipher.c +13 -14
  13. data/ext/openssl/ossl_config.c +412 -41
  14. data/ext/openssl/ossl_config.h +4 -7
  15. data/ext/openssl/ossl_digest.c +10 -10
  16. data/ext/openssl/ossl_engine.c +17 -16
  17. data/ext/openssl/ossl_hmac.c +57 -136
  18. data/ext/openssl/ossl_kdf.c +12 -4
  19. data/ext/openssl/ossl_ns_spki.c +1 -1
  20. data/ext/openssl/ossl_ocsp.c +11 -59
  21. data/ext/openssl/ossl_pkcs12.c +22 -4
  22. data/ext/openssl/ossl_pkcs7.c +45 -62
  23. data/ext/openssl/ossl_pkey.c +1320 -196
  24. data/ext/openssl/ossl_pkey.h +36 -73
  25. data/ext/openssl/ossl_pkey_dh.c +152 -347
  26. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  27. data/ext/openssl/ossl_pkey_ec.c +227 -343
  28. data/ext/openssl/ossl_pkey_rsa.c +159 -491
  29. data/ext/openssl/ossl_provider.c +211 -0
  30. data/ext/openssl/ossl_provider.h +5 -0
  31. data/ext/openssl/ossl_ssl.c +530 -450
  32. data/ext/openssl/ossl_ssl_session.c +29 -30
  33. data/ext/openssl/ossl_ts.c +38 -23
  34. data/ext/openssl/ossl_x509.c +0 -6
  35. data/ext/openssl/ossl_x509attr.c +1 -1
  36. data/ext/openssl/ossl_x509cert.c +168 -12
  37. data/ext/openssl/ossl_x509crl.c +14 -11
  38. data/ext/openssl/ossl_x509ext.c +14 -9
  39. data/ext/openssl/ossl_x509name.c +10 -3
  40. data/ext/openssl/ossl_x509req.c +14 -11
  41. data/ext/openssl/ossl_x509revoked.c +4 -4
  42. data/ext/openssl/ossl_x509store.c +166 -75
  43. data/lib/openssl/buffering.rb +9 -3
  44. data/lib/openssl/digest.rb +1 -5
  45. data/lib/openssl/hmac.rb +65 -0
  46. data/lib/openssl/pkey.rb +429 -0
  47. data/lib/openssl/ssl.rb +22 -17
  48. data/lib/openssl/version.rb +1 -1
  49. data/lib/openssl/x509.rb +22 -0
  50. data/lib/openssl.rb +0 -1
  51. metadata +10 -79
  52. data/ext/openssl/ruby_missing.h +0 -24
  53. data/lib/openssl/config.rb +0 -501
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,79 +11,10 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2021-10-16 00:00:00.000000000 Z
15
- dependencies:
16
- - !ruby/object:Gem::Dependency
17
- name: ipaddr
18
- requirement: !ruby/object:Gem::Requirement
19
- requirements:
20
- - - ">="
21
- - !ruby/object:Gem::Version
22
- version: '0'
23
- type: :runtime
24
- prerelease: false
25
- version_requirements: !ruby/object:Gem::Requirement
26
- requirements:
27
- - - ">="
28
- - !ruby/object:Gem::Version
29
- version: '0'
30
- - !ruby/object:Gem::Dependency
31
- name: rake
32
- requirement: !ruby/object:Gem::Requirement
33
- requirements:
34
- - - ">="
35
- - !ruby/object:Gem::Version
36
- version: '0'
37
- type: :development
38
- prerelease: false
39
- version_requirements: !ruby/object:Gem::Requirement
40
- requirements:
41
- - - ">="
42
- - !ruby/object:Gem::Version
43
- version: '0'
44
- - !ruby/object:Gem::Dependency
45
- name: rake-compiler
46
- requirement: !ruby/object:Gem::Requirement
47
- requirements:
48
- - - ">="
49
- - !ruby/object:Gem::Version
50
- version: '0'
51
- type: :development
52
- prerelease: false
53
- version_requirements: !ruby/object:Gem::Requirement
54
- requirements:
55
- - - ">="
56
- - !ruby/object:Gem::Version
57
- version: '0'
58
- - !ruby/object:Gem::Dependency
59
- name: test-unit
60
- requirement: !ruby/object:Gem::Requirement
61
- requirements:
62
- - - "~>"
63
- - !ruby/object:Gem::Version
64
- version: '3.0'
65
- type: :development
66
- prerelease: false
67
- version_requirements: !ruby/object:Gem::Requirement
68
- requirements:
69
- - - "~>"
70
- - !ruby/object:Gem::Version
71
- version: '3.0'
72
- - !ruby/object:Gem::Dependency
73
- name: rdoc
74
- requirement: !ruby/object:Gem::Requirement
75
- requirements:
76
- - - ">="
77
- - !ruby/object:Gem::Version
78
- version: '0'
79
- type: :development
80
- prerelease: false
81
- version_requirements: !ruby/object:Gem::Requirement
82
- requirements:
83
- - - ">="
84
- - !ruby/object:Gem::Version
85
- version: '0'
86
- description: It wraps the OpenSSL library.
14
+ date: 2023-09-21 00:00:00.000000000 Z
15
+ dependencies: []
16
+ description: OpenSSL for Ruby provides access to SSL/TLS and general-purpose cryptography
17
+ based on the OpenSSL library.
87
18
  email:
88
19
  - ruby-core@ruby-lang.org
89
20
  executables: []
@@ -136,6 +67,8 @@ files:
136
67
  - ext/openssl/ossl_pkey_dsa.c
137
68
  - ext/openssl/ossl_pkey_ec.c
138
69
  - ext/openssl/ossl_pkey_rsa.c
70
+ - ext/openssl/ossl_provider.c
71
+ - ext/openssl/ossl_provider.h
139
72
  - ext/openssl/ossl_rand.c
140
73
  - ext/openssl/ossl_rand.h
141
74
  - ext/openssl/ossl_ssl.c
@@ -153,12 +86,10 @@ files:
153
86
  - ext/openssl/ossl_x509req.c
154
87
  - ext/openssl/ossl_x509revoked.c
155
88
  - ext/openssl/ossl_x509store.c
156
- - ext/openssl/ruby_missing.h
157
89
  - lib/openssl.rb
158
90
  - lib/openssl/bn.rb
159
91
  - lib/openssl/buffering.rb
160
92
  - lib/openssl/cipher.rb
161
- - lib/openssl/config.rb
162
93
  - lib/openssl/digest.rb
163
94
  - lib/openssl/hmac.rb
164
95
  - lib/openssl/marshal.rb
@@ -182,15 +113,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
182
113
  requirements:
183
114
  - - ">="
184
115
  - !ruby/object:Gem::Version
185
- version: 2.3.0
116
+ version: 2.7.0
186
117
  required_rubygems_version: !ruby/object:Gem::Requirement
187
118
  requirements:
188
119
  - - ">="
189
120
  - !ruby/object:Gem::Version
190
121
  version: '0'
191
122
  requirements: []
192
- rubygems_version: 3.3.0.dev
123
+ rubygems_version: 3.4.10
193
124
  signing_key:
194
125
  specification_version: 4
195
- summary: OpenSSL provides SSL, TLS and general purpose cryptography.
126
+ summary: SSL/TLS and general-purpose cryptography for Ruby
196
127
  test_files: []
@@ -1,24 +0,0 @@
1
- /*
2
- * 'OpenSSL for Ruby' project
3
- * Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz>
4
- * All rights reserved.
5
- */
6
- /*
7
- * This program is licensed under the same licence as Ruby.
8
- * (See the file 'LICENCE'.)
9
- */
10
- #if !defined(_OSSL_RUBY_MISSING_H_)
11
- #define _OSSL_RUBY_MISSING_H_
12
-
13
- /* Ruby 2.4 */
14
- #ifndef RB_INTEGER_TYPE_P
15
- # define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
16
- #endif
17
-
18
- /* Ruby 2.5 */
19
- #ifndef ST2FIX
20
- # define RB_ST2FIX(h) LONG2FIX((long)(h))
21
- # define ST2FIX(h) RB_ST2FIX(h)
22
- #endif
23
-
24
- #endif /* _OSSL_RUBY_MISSING_H_ */
@@ -1,501 +0,0 @@
1
- # frozen_string_literal: true
2
- =begin
3
- = Ruby-space definitions that completes C-space funcs for Config
4
-
5
- = Info
6
- Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
7
-
8
- = Licence
9
- This program is licensed under the same licence as Ruby.
10
- (See the file 'LICENCE'.)
11
-
12
- =end
13
-
14
- require 'stringio'
15
-
16
- module OpenSSL
17
- ##
18
- # = OpenSSL::Config
19
- #
20
- # Configuration for the openssl library.
21
- #
22
- # Many system's installation of openssl library will depend on your system
23
- # configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
24
- # the location of the file for your host.
25
- #
26
- # See also http://www.openssl.org/docs/apps/config.html
27
- class Config
28
- include Enumerable
29
-
30
- class << self
31
-
32
- ##
33
- # Parses a given _string_ as a blob that contains configuration for
34
- # OpenSSL.
35
- #
36
- # If the source of the IO is a file, then consider using #parse_config.
37
- def parse(string)
38
- c = new()
39
- parse_config(StringIO.new(string)).each do |section, hash|
40
- c.set_section(section, hash)
41
- end
42
- c
43
- end
44
-
45
- ##
46
- # load is an alias to ::new
47
- alias load new
48
-
49
- ##
50
- # Parses the configuration data read from _io_, see also #parse.
51
- #
52
- # Raises a ConfigError on invalid configuration data.
53
- def parse_config(io)
54
- begin
55
- parse_config_lines(io)
56
- rescue => error
57
- raise ConfigError, "error in line #{io.lineno}: " + error.message
58
- end
59
- end
60
-
61
- def get_key_string(data, section, key) # :nodoc:
62
- if v = data[section] && data[section][key]
63
- return v
64
- elsif section == 'ENV'
65
- if v = ENV[key]
66
- return v
67
- end
68
- end
69
- if v = data['default'] && data['default'][key]
70
- return v
71
- end
72
- end
73
-
74
- private
75
-
76
- def parse_config_lines(io)
77
- section = 'default'
78
- data = {section => {}}
79
- io_stack = [io]
80
- while definition = get_definition(io_stack)
81
- definition = clear_comments(definition)
82
- next if definition.empty?
83
- case definition
84
- when /\A\[/
85
- if /\[([^\]]*)\]/ =~ definition
86
- section = $1.strip
87
- data[section] ||= {}
88
- else
89
- raise ConfigError, "missing close square bracket"
90
- end
91
- when /\A\.include (\s*=\s*)?(.+)\z/
92
- path = $2
93
- if File.directory?(path)
94
- files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB)
95
- else
96
- files = [path]
97
- end
98
-
99
- files.each do |filename|
100
- begin
101
- io_stack << StringIO.new(File.read(filename))
102
- rescue
103
- raise ConfigError, "could not include file '%s'" % filename
104
- end
105
- end
106
- when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/
107
- if $2
108
- section = $1
109
- key = $2
110
- else
111
- key = $1
112
- end
113
- value = unescape_value(data, section, $3)
114
- (data[section] ||= {})[key] = value.strip
115
- else
116
- raise ConfigError, "missing equal sign"
117
- end
118
- end
119
- data
120
- end
121
-
122
- # escape with backslash
123
- QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
124
- # escape with backslash and doubled dq
125
- QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
126
- # escaped char map
127
- ESCAPE_MAP = {
128
- "r" => "\r",
129
- "n" => "\n",
130
- "b" => "\b",
131
- "t" => "\t",
132
- }
133
-
134
- def unescape_value(data, section, value)
135
- scanned = []
136
- while m = value.match(/['"\\$]/)
137
- scanned << m.pre_match
138
- c = m[0]
139
- value = m.post_match
140
- case c
141
- when "'"
142
- if m = value.match(QUOTE_REGEXP_SQ)
143
- scanned << m[1].gsub(/\\(.)/, '\\1')
144
- value = m.post_match
145
- else
146
- break
147
- end
148
- when '"'
149
- if m = value.match(QUOTE_REGEXP_DQ)
150
- scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
151
- value = m.post_match
152
- else
153
- break
154
- end
155
- when "\\"
156
- c = value.slice!(0, 1)
157
- scanned << (ESCAPE_MAP[c] || c)
158
- when "$"
159
- ref, value = extract_reference(value)
160
- refsec = section
161
- if ref.index('::')
162
- refsec, ref = ref.split('::', 2)
163
- end
164
- if v = get_key_string(data, refsec, ref)
165
- scanned << v
166
- else
167
- raise ConfigError, "variable has no value"
168
- end
169
- else
170
- raise 'must not reaced'
171
- end
172
- end
173
- scanned << value
174
- scanned.join
175
- end
176
-
177
- def extract_reference(value)
178
- rest = ''
179
- if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
180
- value = m[1] || m[2]
181
- rest = m.post_match
182
- elsif [?(, ?{].include?(value[0])
183
- raise ConfigError, "no close brace"
184
- end
185
- if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
186
- return m[0], m.post_match + rest
187
- else
188
- raise
189
- end
190
- end
191
-
192
- def clear_comments(line)
193
- # FCOMMENT
194
- if m = line.match(/\A([\t\n\f ]*);.*\z/)
195
- return m[1]
196
- end
197
- # COMMENT
198
- scanned = []
199
- while m = line.match(/[#'"\\]/)
200
- scanned << m.pre_match
201
- c = m[0]
202
- line = m.post_match
203
- case c
204
- when '#'
205
- line = nil
206
- break
207
- when "'", '"'
208
- regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
209
- scanned << c
210
- if m = line.match(regexp)
211
- scanned << m[0]
212
- line = m.post_match
213
- else
214
- scanned << line
215
- line = nil
216
- break
217
- end
218
- when "\\"
219
- scanned << c
220
- scanned << line.slice!(0, 1)
221
- else
222
- raise 'must not reaced'
223
- end
224
- end
225
- scanned << line
226
- scanned.join
227
- end
228
-
229
- def get_definition(io_stack)
230
- if line = get_line(io_stack)
231
- while /[^\\]\\\z/ =~ line
232
- if extra = get_line(io_stack)
233
- line += extra
234
- else
235
- break
236
- end
237
- end
238
- return line.strip
239
- end
240
- end
241
-
242
- def get_line(io_stack)
243
- while io = io_stack.last
244
- if line = io.gets
245
- return line.gsub(/[\r\n]*/, '')
246
- end
247
- io_stack.pop
248
- end
249
- end
250
- end
251
-
252
- ##
253
- # Creates an instance of OpenSSL's configuration class.
254
- #
255
- # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
256
- #
257
- # If the optional _filename_ parameter is provided, then it is read in and
258
- # parsed via #parse_config.
259
- #
260
- # This can raise IO exceptions based on the access, or availability of the
261
- # file. A ConfigError exception may be raised depending on the validity of
262
- # the data being configured.
263
- #
264
- def initialize(filename = nil)
265
- @data = {}
266
- if filename
267
- File.open(filename.to_s) do |file|
268
- Config.parse_config(file).each do |section, hash|
269
- set_section(section, hash)
270
- end
271
- end
272
- end
273
- end
274
-
275
- ##
276
- # Gets the value of _key_ from the given _section_
277
- #
278
- # Given the following configurating file being loaded:
279
- #
280
- # config = OpenSSL::Config.load('foo.cnf')
281
- # #=> #<OpenSSL::Config sections=["default"]>
282
- # puts config.to_s
283
- # #=> [ default ]
284
- # # foo=bar
285
- #
286
- # You can get a specific value from the config if you know the _section_
287
- # and _key_ like so:
288
- #
289
- # config.get_value('default','foo')
290
- # #=> "bar"
291
- #
292
- def get_value(section, key)
293
- if section.nil?
294
- raise TypeError.new('nil not allowed')
295
- end
296
- section = 'default' if section.empty?
297
- get_key_string(section, key)
298
- end
299
-
300
- ##
301
- #
302
- # *Deprecated*
303
- #
304
- # Use #get_value instead
305
- def value(arg1, arg2 = nil) # :nodoc:
306
- warn('Config#value is deprecated; use Config#get_value')
307
- if arg2.nil?
308
- section, key = 'default', arg1
309
- else
310
- section, key = arg1, arg2
311
- end
312
- section ||= 'default'
313
- section = 'default' if section.empty?
314
- get_key_string(section, key)
315
- end
316
-
317
- ##
318
- # *Deprecated in v2.2.0*. This method will be removed in a future release.
319
- #
320
- # Set the target _key_ with a given _value_ under a specific _section_.
321
- #
322
- # Given the following configurating file being loaded:
323
- #
324
- # config = OpenSSL::Config.load('foo.cnf')
325
- # #=> #<OpenSSL::Config sections=["default"]>
326
- # puts config.to_s
327
- # #=> [ default ]
328
- # # foo=bar
329
- #
330
- # You can set the value of _foo_ under the _default_ section to a new
331
- # value:
332
- #
333
- # config.add_value('default', 'foo', 'buzz')
334
- # #=> "buzz"
335
- # puts config.to_s
336
- # #=> [ default ]
337
- # # foo=buzz
338
- #
339
- def add_value(section, key, value)
340
- check_modify
341
- (@data[section] ||= {})[key] = value
342
- end
343
-
344
- ##
345
- # Get a specific _section_ from the current configuration
346
- #
347
- # Given the following configurating file being loaded:
348
- #
349
- # config = OpenSSL::Config.load('foo.cnf')
350
- # #=> #<OpenSSL::Config sections=["default"]>
351
- # puts config.to_s
352
- # #=> [ default ]
353
- # # foo=bar
354
- #
355
- # You can get a hash of the specific section like so:
356
- #
357
- # config['default']
358
- # #=> {"foo"=>"bar"}
359
- #
360
- def [](section)
361
- @data[section] || {}
362
- end
363
-
364
- ##
365
- # Deprecated
366
- #
367
- # Use #[] instead
368
- def section(name) # :nodoc:
369
- warn('Config#section is deprecated; use Config#[]')
370
- @data[name] || {}
371
- end
372
-
373
- ##
374
- # *Deprecated in v2.2.0*. This method will be removed in a future release.
375
- #
376
- # Sets a specific _section_ name with a Hash _pairs_.
377
- #
378
- # Given the following configuration being created:
379
- #
380
- # config = OpenSSL::Config.new
381
- # #=> #<OpenSSL::Config sections=[]>
382
- # config['default'] = {"foo"=>"bar","baz"=>"buz"}
383
- # #=> {"foo"=>"bar", "baz"=>"buz"}
384
- # puts config.to_s
385
- # #=> [ default ]
386
- # # foo=bar
387
- # # baz=buz
388
- #
389
- # It's important to note that this will essentially merge any of the keys
390
- # in _pairs_ with the existing _section_. For example:
391
- #
392
- # config['default']
393
- # #=> {"foo"=>"bar", "baz"=>"buz"}
394
- # config['default'] = {"foo" => "changed"}
395
- # #=> {"foo"=>"changed"}
396
- # config['default']
397
- # #=> {"foo"=>"changed", "baz"=>"buz"}
398
- #
399
- def []=(section, pairs)
400
- check_modify
401
- set_section(section, pairs)
402
- end
403
-
404
- def set_section(section, pairs) # :nodoc:
405
- hash = @data[section] ||= {}
406
- pairs.each do |key, value|
407
- hash[key] = value
408
- end
409
- end
410
-
411
- ##
412
- # Get the names of all sections in the current configuration
413
- def sections
414
- @data.keys
415
- end
416
-
417
- ##
418
- # Get the parsable form of the current configuration
419
- #
420
- # Given the following configuration being created:
421
- #
422
- # config = OpenSSL::Config.new
423
- # #=> #<OpenSSL::Config sections=[]>
424
- # config['default'] = {"foo"=>"bar","baz"=>"buz"}
425
- # #=> {"foo"=>"bar", "baz"=>"buz"}
426
- # puts config.to_s
427
- # #=> [ default ]
428
- # # foo=bar
429
- # # baz=buz
430
- #
431
- # You can parse get the serialized configuration using #to_s and then parse
432
- # it later:
433
- #
434
- # serialized_config = config.to_s
435
- # # much later...
436
- # new_config = OpenSSL::Config.parse(serialized_config)
437
- # #=> #<OpenSSL::Config sections=["default"]>
438
- # puts new_config
439
- # #=> [ default ]
440
- # foo=bar
441
- # baz=buz
442
- #
443
- def to_s
444
- ary = []
445
- @data.keys.sort.each do |section|
446
- ary << "[ #{section} ]\n"
447
- @data[section].keys.each do |key|
448
- ary << "#{key}=#{@data[section][key]}\n"
449
- end
450
- ary << "\n"
451
- end
452
- ary.join
453
- end
454
-
455
- ##
456
- # For a block.
457
- #
458
- # Receive the section and its pairs for the current configuration.
459
- #
460
- # config.each do |section, key, value|
461
- # # ...
462
- # end
463
- #
464
- def each
465
- @data.each do |section, hash|
466
- hash.each do |key, value|
467
- yield [section, key, value]
468
- end
469
- end
470
- end
471
-
472
- ##
473
- # String representation of this configuration object, including the class
474
- # name and its sections.
475
- def inspect
476
- "#<#{self.class.name} sections=#{sections.inspect}>"
477
- end
478
-
479
- protected
480
-
481
- def data # :nodoc:
482
- @data
483
- end
484
-
485
- private
486
-
487
- def initialize_copy(other)
488
- @data = other.data.dup
489
- end
490
-
491
- def check_modify
492
- warn "#{caller(2, 1)[0]}: warning: do not modify OpenSSL::Config; this " \
493
- "method is deprecated and will be removed in a future release."
494
- raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
495
- end
496
-
497
- def get_key_string(section, key)
498
- Config.get_key_string(@data, section, key)
499
- end
500
- end
501
- end