openssl 2.2.1 → 3.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +248 -1
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +101 -68
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +26 -45
  8. data/ext/openssl/ossl.c +128 -237
  9. data/ext/openssl/ossl.h +31 -12
  10. data/ext/openssl/ossl_asn1.c +26 -13
  11. data/ext/openssl/ossl_bn.c +213 -139
  12. data/ext/openssl/ossl_cipher.c +13 -14
  13. data/ext/openssl/ossl_config.c +412 -41
  14. data/ext/openssl/ossl_config.h +4 -7
  15. data/ext/openssl/ossl_digest.c +10 -10
  16. data/ext/openssl/ossl_engine.c +17 -16
  17. data/ext/openssl/ossl_hmac.c +57 -136
  18. data/ext/openssl/ossl_kdf.c +12 -4
  19. data/ext/openssl/ossl_ns_spki.c +1 -1
  20. data/ext/openssl/ossl_ocsp.c +11 -59
  21. data/ext/openssl/ossl_pkcs12.c +22 -4
  22. data/ext/openssl/ossl_pkcs7.c +45 -62
  23. data/ext/openssl/ossl_pkey.c +1320 -196
  24. data/ext/openssl/ossl_pkey.h +36 -73
  25. data/ext/openssl/ossl_pkey_dh.c +152 -347
  26. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  27. data/ext/openssl/ossl_pkey_ec.c +227 -343
  28. data/ext/openssl/ossl_pkey_rsa.c +159 -491
  29. data/ext/openssl/ossl_provider.c +211 -0
  30. data/ext/openssl/ossl_provider.h +5 -0
  31. data/ext/openssl/ossl_ssl.c +530 -450
  32. data/ext/openssl/ossl_ssl_session.c +29 -30
  33. data/ext/openssl/ossl_ts.c +38 -23
  34. data/ext/openssl/ossl_x509.c +0 -6
  35. data/ext/openssl/ossl_x509attr.c +1 -1
  36. data/ext/openssl/ossl_x509cert.c +168 -12
  37. data/ext/openssl/ossl_x509crl.c +14 -11
  38. data/ext/openssl/ossl_x509ext.c +14 -9
  39. data/ext/openssl/ossl_x509name.c +10 -3
  40. data/ext/openssl/ossl_x509req.c +14 -11
  41. data/ext/openssl/ossl_x509revoked.c +4 -4
  42. data/ext/openssl/ossl_x509store.c +166 -75
  43. data/lib/openssl/buffering.rb +9 -3
  44. data/lib/openssl/digest.rb +1 -5
  45. data/lib/openssl/hmac.rb +65 -0
  46. data/lib/openssl/pkey.rb +429 -0
  47. data/lib/openssl/ssl.rb +22 -17
  48. data/lib/openssl/version.rb +1 -1
  49. data/lib/openssl/x509.rb +22 -0
  50. data/lib/openssl.rb +0 -1
  51. metadata +10 -79
  52. data/ext/openssl/ruby_missing.h +0 -24
  53. data/lib/openssl/config.rb +0 -501
@@ -9,81 +9,452 @@
9
9
  */
10
10
  #include "ossl.h"
11
11
 
12
+ static VALUE cConfig, eConfigError;
13
+
14
+ static void
15
+ nconf_free(void *conf)
16
+ {
17
+ NCONF_free(conf);
18
+ }
19
+
20
+ static const rb_data_type_t ossl_config_type = {
21
+ "OpenSSL/CONF",
22
+ {
23
+ 0, nconf_free,
24
+ },
25
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
26
+ };
27
+
28
+ CONF *
29
+ GetConfig(VALUE obj)
30
+ {
31
+ CONF *conf;
32
+
33
+ TypedData_Get_Struct(obj, CONF, &ossl_config_type, conf);
34
+ if (!conf)
35
+ rb_raise(rb_eRuntimeError, "CONF is not initialized");
36
+ return conf;
37
+ }
38
+
39
+ static VALUE
40
+ config_s_alloc(VALUE klass)
41
+ {
42
+ VALUE obj;
43
+ CONF *conf;
44
+
45
+ obj = TypedData_Wrap_Struct(klass, &ossl_config_type, 0);
46
+ conf = NCONF_new(NULL);
47
+ if (!conf)
48
+ ossl_raise(eConfigError, "NCONF_new");
49
+ RTYPEDDATA_DATA(obj) = conf;
50
+ return obj;
51
+ }
52
+
53
+ static void
54
+ config_load_bio(CONF *conf, BIO *bio)
55
+ {
56
+ long eline = -1;
57
+
58
+ if (!NCONF_load_bio(conf, bio, &eline)) {
59
+ BIO_free(bio);
60
+ if (eline <= 0)
61
+ ossl_raise(eConfigError, "wrong config format");
62
+ else
63
+ ossl_raise(eConfigError, "error in line %ld", eline);
64
+ }
65
+ BIO_free(bio);
66
+
67
+ /*
68
+ * Clear the error queue even if it is parsed successfully.
69
+ * Particularly, when the .include directive refers to a non-existent file,
70
+ * it is only reported in the error queue.
71
+ */
72
+ ossl_clear_error();
73
+ }
12
74
 
13
75
  /*
14
- * Classes
15
- */
16
- VALUE cConfig;
17
- /* Document-class: OpenSSL::ConfigError
76
+ * call-seq:
77
+ * Config.parse(string) -> OpenSSL::Config
18
78
  *
19
- * General error for openssl library configuration files. Including formatting,
20
- * parsing errors, etc.
79
+ * Parses a given _string_ as a blob that contains configuration for OpenSSL.
21
80
  */
22
- VALUE eConfigError;
81
+ static VALUE
82
+ config_s_parse(VALUE klass, VALUE str)
83
+ {
84
+ VALUE obj = config_s_alloc(klass);
85
+ CONF *conf = GetConfig(obj);
86
+ BIO *bio;
87
+
88
+ bio = ossl_obj2bio(&str);
89
+ config_load_bio(conf, bio); /* Consumes BIO */
90
+ return obj;
91
+ }
92
+
93
+ static VALUE config_get_sections(VALUE self);
94
+ static VALUE config_get_section(VALUE self, VALUE section);
23
95
 
24
96
  /*
25
- * Public
97
+ * call-seq:
98
+ * Config.parse_config(io) -> hash
99
+ *
100
+ * Parses the configuration data read from _io_ and returns the whole content
101
+ * as a Hash.
26
102
  */
103
+ static VALUE
104
+ config_s_parse_config(VALUE klass, VALUE io)
105
+ {
106
+ VALUE obj, sections, ret;
107
+ long i;
108
+
109
+ obj = config_s_parse(klass, io);
110
+ sections = config_get_sections(obj);
111
+ ret = rb_hash_new();
112
+ for (i = 0; i < RARRAY_LEN(sections); i++) {
113
+ VALUE section = rb_ary_entry(sections, i);
114
+ rb_hash_aset(ret, section, config_get_section(obj, section));
115
+ }
116
+ return ret;
117
+ }
27
118
 
28
119
  /*
29
- * DupConfigPtr is a public C-level function for getting OpenSSL CONF struct
30
- * from an OpenSSL::Config(eConfig) instance. We decided to implement
31
- * OpenSSL::Config in Ruby level but we need to pass native CONF struct for
32
- * some OpenSSL features such as X509V3_EXT_*.
120
+ * call-seq:
121
+ * Config.new(filename) -> OpenSSL::Config
122
+ *
123
+ * Creates an instance of OpenSSL::Config from the content of the file
124
+ * specified by _filename_.
125
+ *
126
+ * This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
127
+ *
128
+ * This can raise IO exceptions based on the access, or availability of the
129
+ * file. A ConfigError exception may be raised depending on the validity of
130
+ * the data being configured.
33
131
  */
34
- CONF *
35
- DupConfigPtr(VALUE obj)
132
+ static VALUE
133
+ config_initialize(int argc, VALUE *argv, VALUE self)
36
134
  {
37
- CONF *conf;
135
+ CONF *conf = GetConfig(self);
136
+ VALUE filename;
137
+
138
+ /* 0-arguments call has no use-case, but is kept for compatibility */
139
+ rb_scan_args(argc, argv, "01", &filename);
140
+ rb_check_frozen(self);
141
+ if (!NIL_P(filename)) {
142
+ BIO *bio = BIO_new_file(StringValueCStr(filename), "rb");
143
+ if (!bio)
144
+ ossl_raise(eConfigError, "BIO_new_file");
145
+ config_load_bio(conf, bio); /* Consumes BIO */
146
+ }
147
+ return self;
148
+ }
149
+
150
+ static VALUE
151
+ config_initialize_copy(VALUE self, VALUE other)
152
+ {
153
+ CONF *conf = GetConfig(self);
38
154
  VALUE str;
39
155
  BIO *bio;
40
- long eline = -1;
41
156
 
42
- OSSL_Check_Kind(obj, cConfig);
43
- str = rb_funcall(obj, rb_intern("to_s"), 0);
157
+ str = rb_funcall(other, rb_intern("to_s"), 0);
158
+ rb_check_frozen(self);
44
159
  bio = ossl_obj2bio(&str);
45
- conf = NCONF_new(NULL);
46
- if(!conf){
47
- BIO_free(bio);
48
- ossl_raise(eConfigError, NULL);
160
+ config_load_bio(conf, bio); /* Consumes BIO */
161
+ return self;
162
+ }
163
+
164
+ /*
165
+ * call-seq:
166
+ * config.get_value(section, key) -> string
167
+ *
168
+ * Gets the value of _key_ from the given _section_.
169
+ *
170
+ * Given the following configurating file being loaded:
171
+ *
172
+ * config = OpenSSL::Config.load('foo.cnf')
173
+ * #=> #<OpenSSL::Config sections=["default"]>
174
+ * puts config.to_s
175
+ * #=> [ default ]
176
+ * # foo=bar
177
+ *
178
+ * You can get a specific value from the config if you know the _section_
179
+ * and _key_ like so:
180
+ *
181
+ * config.get_value('default','foo')
182
+ * #=> "bar"
183
+ */
184
+ static VALUE
185
+ config_get_value(VALUE self, VALUE section, VALUE key)
186
+ {
187
+ CONF *conf = GetConfig(self);
188
+ const char *str, *sectionp;
189
+
190
+ StringValueCStr(section);
191
+ StringValueCStr(key);
192
+ /* For compatibility; NULL means "default". */
193
+ sectionp = RSTRING_LEN(section) ? RSTRING_PTR(section) : NULL;
194
+ str = NCONF_get_string(conf, sectionp, RSTRING_PTR(key));
195
+ if (!str) {
196
+ ossl_clear_error();
197
+ return Qnil;
198
+ }
199
+ return rb_str_new_cstr(str);
200
+ }
201
+
202
+ /*
203
+ * call-seq:
204
+ * config[section] -> hash
205
+ *
206
+ * Gets all key-value pairs in a specific _section_ from the current
207
+ * configuration.
208
+ *
209
+ * Given the following configurating file being loaded:
210
+ *
211
+ * config = OpenSSL::Config.load('foo.cnf')
212
+ * #=> #<OpenSSL::Config sections=["default"]>
213
+ * puts config.to_s
214
+ * #=> [ default ]
215
+ * # foo=bar
216
+ *
217
+ * You can get a hash of the specific section like so:
218
+ *
219
+ * config['default']
220
+ * #=> {"foo"=>"bar"}
221
+ *
222
+ */
223
+ static VALUE
224
+ config_get_section(VALUE self, VALUE section)
225
+ {
226
+ CONF *conf = GetConfig(self);
227
+ STACK_OF(CONF_VALUE) *sk;
228
+ int i, entries;
229
+ VALUE hash;
230
+
231
+ hash = rb_hash_new();
232
+ StringValueCStr(section);
233
+ if (!(sk = NCONF_get_section(conf, RSTRING_PTR(section)))) {
234
+ ossl_clear_error();
235
+ return hash;
49
236
  }
50
- if(!NCONF_load_bio(conf, bio, &eline)){
51
- BIO_free(bio);
52
- NCONF_free(conf);
53
- if (eline <= 0)
54
- ossl_raise(eConfigError, "wrong config format");
55
- else
56
- ossl_raise(eConfigError, "error in line %d", eline);
237
+ entries = sk_CONF_VALUE_num(sk);
238
+ for (i = 0; i < entries; i++) {
239
+ CONF_VALUE *entry = sk_CONF_VALUE_value(sk, i);
240
+ rb_hash_aset(hash, rb_str_new_cstr(entry->name),
241
+ rb_str_new_cstr(entry->value));
57
242
  }
58
- BIO_free(bio);
243
+ return hash;
244
+ }
59
245
 
60
- return conf;
246
+ static void
247
+ get_conf_section_doall_arg(CONF_VALUE *cv, VALUE *aryp)
248
+ {
249
+ if (cv->name)
250
+ return;
251
+ rb_ary_push(*aryp, rb_str_new_cstr(cv->section));
61
252
  }
62
253
 
63
- /* Document-const: DEFAULT_CONFIG_FILE
254
+ /* IMPLEMENT_LHASH_DOALL_ARG_CONST() requires >= OpenSSL 1.1.0 */
255
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE, VALUE)
256
+
257
+ /*
258
+ * call-seq:
259
+ * config.sections -> array of string
64
260
  *
65
- * The default system configuration file for openssl
261
+ * Get the names of all sections in the current configuration.
66
262
  */
263
+ static VALUE
264
+ config_get_sections(VALUE self)
265
+ {
266
+ CONF *conf = GetConfig(self);
267
+ VALUE ary;
268
+
269
+ ary = rb_ary_new();
270
+ lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(get_conf_section),
271
+ &ary);
272
+ return ary;
273
+ }
274
+
275
+ static void
276
+ dump_conf_value_doall_arg(CONF_VALUE *cv, VALUE *strp)
277
+ {
278
+ VALUE str = *strp;
279
+ STACK_OF(CONF_VALUE) *sk;
280
+ int i, num;
281
+
282
+ if (cv->name)
283
+ return;
284
+ sk = (STACK_OF(CONF_VALUE) *)cv->value;
285
+ num = sk_CONF_VALUE_num(sk);
286
+ rb_str_cat_cstr(str, "[ ");
287
+ rb_str_cat_cstr(str, cv->section);
288
+ rb_str_cat_cstr(str, " ]\n");
289
+ for (i = 0; i < num; i++){
290
+ CONF_VALUE *v = sk_CONF_VALUE_value(sk, i);
291
+ rb_str_cat_cstr(str, v->name ? v->name : "None");
292
+ rb_str_cat_cstr(str, "=");
293
+ rb_str_cat_cstr(str, v->value ? v->value : "None");
294
+ rb_str_cat_cstr(str, "\n");
295
+ }
296
+ rb_str_cat_cstr(str, "\n");
297
+ }
298
+
299
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE, VALUE)
67
300
 
68
301
  /*
69
- * INIT
302
+ * call-seq:
303
+ * config.to_s -> string
304
+ *
305
+ *
306
+ * Gets the parsable form of the current configuration.
307
+ *
308
+ * Given the following configuration being created:
309
+ *
310
+ * config = OpenSSL::Config.new
311
+ * #=> #<OpenSSL::Config sections=[]>
312
+ * config['default'] = {"foo"=>"bar","baz"=>"buz"}
313
+ * #=> {"foo"=>"bar", "baz"=>"buz"}
314
+ * puts config.to_s
315
+ * #=> [ default ]
316
+ * # foo=bar
317
+ * # baz=buz
318
+ *
319
+ * You can parse get the serialized configuration using #to_s and then parse
320
+ * it later:
321
+ *
322
+ * serialized_config = config.to_s
323
+ * # much later...
324
+ * new_config = OpenSSL::Config.parse(serialized_config)
325
+ * #=> #<OpenSSL::Config sections=["default"]>
326
+ * puts new_config
327
+ * #=> [ default ]
328
+ * foo=bar
329
+ * baz=buz
70
330
  */
331
+ static VALUE
332
+ config_to_s(VALUE self)
333
+ {
334
+ CONF *conf = GetConfig(self);
335
+ VALUE str;
336
+
337
+ str = rb_str_new(NULL, 0);
338
+ lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(dump_conf_value),
339
+ &str);
340
+ return str;
341
+ }
342
+
343
+ static void
344
+ each_conf_value_doall_arg(CONF_VALUE *cv, void *unused)
345
+ {
346
+ STACK_OF(CONF_VALUE) *sk;
347
+ VALUE section;
348
+ int i, num;
349
+
350
+ if (cv->name)
351
+ return;
352
+ sk = (STACK_OF(CONF_VALUE) *)cv->value;
353
+ num = sk_CONF_VALUE_num(sk);
354
+ section = rb_str_new_cstr(cv->section);
355
+ for (i = 0; i < num; i++){
356
+ CONF_VALUE *v = sk_CONF_VALUE_value(sk, i);
357
+ VALUE name = v->name ? rb_str_new_cstr(v->name) : Qnil;
358
+ VALUE value = v->value ? rb_str_new_cstr(v->value) : Qnil;
359
+ rb_yield(rb_ary_new3(3, section, name, value));
360
+ }
361
+ }
362
+
363
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE, void)
364
+
365
+ /*
366
+ * call-seq:
367
+ * config.each { |section, key, value| }
368
+ *
369
+ * Retrieves the section and its pairs for the current configuration.
370
+ *
371
+ * config.each do |section, key, value|
372
+ * # ...
373
+ * end
374
+ */
375
+ static VALUE
376
+ config_each(VALUE self)
377
+ {
378
+ CONF *conf = GetConfig(self);
379
+
380
+ RETURN_ENUMERATOR(self, 0, 0);
381
+
382
+ lh_doall_arg((_LHASH *)conf->data, LHASH_DOALL_ARG_FN(each_conf_value),
383
+ NULL);
384
+ return self;
385
+ }
386
+
387
+ /*
388
+ * call-seq:
389
+ * config.inspect -> string
390
+ *
391
+ * String representation of this configuration object, including the class
392
+ * name and its sections.
393
+ */
394
+ static VALUE
395
+ config_inspect(VALUE self)
396
+ {
397
+ VALUE str, ary = config_get_sections(self);
398
+ const char *cname = rb_class2name(rb_obj_class(self));
399
+
400
+ str = rb_str_new_cstr("#<");
401
+ rb_str_cat_cstr(str, cname);
402
+ rb_str_cat_cstr(str, " sections=");
403
+ rb_str_append(str, rb_inspect(ary));
404
+ rb_str_cat_cstr(str, ">");
405
+
406
+ return str;
407
+ }
408
+
71
409
  void
72
410
  Init_ossl_config(void)
73
411
  {
74
- char *default_config_file;
412
+ char *path;
413
+ VALUE path_str;
75
414
 
76
415
  #if 0
77
416
  mOSSL = rb_define_module("OpenSSL");
78
417
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
79
418
  #endif
80
419
 
81
- eConfigError = rb_define_class_under(mOSSL, "ConfigError", eOSSLError);
420
+ /* Document-class: OpenSSL::Config
421
+ *
422
+ * Configuration for the openssl library.
423
+ *
424
+ * Many system's installation of openssl library will depend on your system
425
+ * configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
426
+ * the location of the file for your host.
427
+ *
428
+ * See also http://www.openssl.org/docs/apps/config.html
429
+ */
82
430
  cConfig = rb_define_class_under(mOSSL, "Config", rb_cObject);
83
431
 
84
- default_config_file = CONF_get1_default_config_file();
85
- rb_define_const(cConfig, "DEFAULT_CONFIG_FILE",
86
- rb_str_new2(default_config_file));
87
- OPENSSL_free(default_config_file);
88
- /* methods are defined by openssl/config.rb */
432
+ /* Document-class: OpenSSL::ConfigError
433
+ *
434
+ * General error for openssl library configuration files. Including formatting,
435
+ * parsing errors, etc.
436
+ */
437
+ eConfigError = rb_define_class_under(mOSSL, "ConfigError", eOSSLError);
438
+
439
+ rb_include_module(cConfig, rb_mEnumerable);
440
+ rb_define_singleton_method(cConfig, "parse", config_s_parse, 1);
441
+ rb_define_singleton_method(cConfig, "parse_config", config_s_parse_config, 1);
442
+ rb_define_alias(CLASS_OF(cConfig), "load", "new");
443
+ rb_define_alloc_func(cConfig, config_s_alloc);
444
+ rb_define_method(cConfig, "initialize", config_initialize, -1);
445
+ rb_define_method(cConfig, "initialize_copy", config_initialize_copy, 1);
446
+ rb_define_method(cConfig, "get_value", config_get_value, 2);
447
+ rb_define_method(cConfig, "[]", config_get_section, 1);
448
+ rb_define_method(cConfig, "sections", config_get_sections, 0);
449
+ rb_define_method(cConfig, "to_s", config_to_s, 0);
450
+ rb_define_method(cConfig, "each", config_each, 0);
451
+ rb_define_method(cConfig, "inspect", config_inspect, 0);
452
+
453
+ /* Document-const: DEFAULT_CONFIG_FILE
454
+ *
455
+ * The default system configuration file for OpenSSL.
456
+ */
457
+ path = CONF_get1_default_config_file();
458
+ path_str = ossl_buf2str(path, rb_long2int(strlen(path)));
459
+ rb_define_const(cConfig, "DEFAULT_CONFIG_FILE", path_str);
89
460
  }
@@ -7,13 +7,10 @@
7
7
  * This program is licensed under the same licence as Ruby.
8
8
  * (See the file 'LICENCE'.)
9
9
  */
10
- #if !defined(_OSSL_CONFIG_H_)
11
- #define _OSSL_CONFIG_H_
10
+ #ifndef OSSL_CONFIG_H
11
+ #define OSSL_CONFIG_H
12
12
 
13
- extern VALUE cConfig;
14
- extern VALUE eConfigError;
15
-
16
- CONF* DupConfigPtr(VALUE obj);
13
+ CONF *GetConfig(VALUE obj);
17
14
  void Init_ossl_config(void);
18
15
 
19
- #endif /* _OSSL_CONFIG_H_ */
16
+ #endif /* OSSL_CONFIG_H */
@@ -35,7 +35,7 @@ static const rb_data_type_t ossl_digest_type = {
35
35
  {
36
36
  0, ossl_digest_free,
37
37
  },
38
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
38
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
39
39
  };
40
40
 
41
41
  /*
@@ -63,7 +63,7 @@ ossl_evp_get_digestbyname(VALUE obj)
63
63
 
64
64
  GetDigest(obj, ctx);
65
65
 
66
- md = EVP_MD_CTX_md(ctx);
66
+ md = EVP_MD_CTX_get0_md(ctx);
67
67
  }
68
68
 
69
69
  return md;
@@ -176,7 +176,7 @@ ossl_digest_reset(VALUE self)
176
176
  EVP_MD_CTX *ctx;
177
177
 
178
178
  GetDigest(self, ctx);
179
- if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL) != 1) {
179
+ if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) {
180
180
  ossl_raise(eDigestError, "Digest initialization failed.");
181
181
  }
182
182
 
@@ -259,7 +259,7 @@ ossl_digest_name(VALUE self)
259
259
 
260
260
  GetDigest(self, ctx);
261
261
 
262
- return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx)));
262
+ return rb_str_new_cstr(EVP_MD_name(EVP_MD_CTX_get0_md(ctx)));
263
263
  }
264
264
 
265
265
  /*
@@ -370,15 +370,15 @@ Init_ossl_digest(void)
370
370
  *
371
371
  * === Hashing a file
372
372
  *
373
- * data = File.read('document')
373
+ * data = File.binread('document')
374
374
  * sha256 = OpenSSL::Digest.new('SHA256')
375
375
  * digest = sha256.digest(data)
376
376
  *
377
377
  * === Hashing several pieces of data at once
378
378
  *
379
- * data1 = File.read('file1')
380
- * data2 = File.read('file2')
381
- * data3 = File.read('file3')
379
+ * data1 = File.binread('file1')
380
+ * data2 = File.binread('file2')
381
+ * data3 = File.binread('file3')
382
382
  * sha256 = OpenSSL::Digest.new('SHA256')
383
383
  * sha256 << data1
384
384
  * sha256 << data2
@@ -387,11 +387,11 @@ Init_ossl_digest(void)
387
387
  *
388
388
  * === Reuse a Digest instance
389
389
  *
390
- * data1 = File.read('file1')
390
+ * data1 = File.binread('file1')
391
391
  * sha256 = OpenSSL::Digest.new('SHA256')
392
392
  * digest1 = sha256.digest(data1)
393
393
  *
394
- * data2 = File.read('file2')
394
+ * data2 = File.binread('file2')
395
395
  * sha256.reset
396
396
  * digest2 = sha256.digest(data2)
397
397
  *
@@ -9,7 +9,8 @@
9
9
  */
10
10
  #include "ossl.h"
11
11
 
12
- #if !defined(OPENSSL_NO_ENGINE)
12
+ #ifdef OSSL_USE_ENGINE
13
+ # include <openssl/engine.h>
13
14
 
14
15
  #define NewEngine(klass) \
15
16
  TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
@@ -77,7 +78,7 @@ static const rb_data_type_t ossl_engine_type = {
77
78
  {
78
79
  0, ossl_engine_free,
79
80
  },
80
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
81
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
81
82
  };
82
83
 
83
84
  /*
@@ -101,48 +102,48 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
101
102
  return Qtrue;
102
103
  }
103
104
  StringValueCStr(name);
104
- #if HAVE_ENGINE_LOAD_DYNAMIC
105
+ #ifdef HAVE_ENGINE_LOAD_DYNAMIC
105
106
  OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC);
106
107
  #endif
107
108
  #ifndef OPENSSL_NO_STATIC_ENGINE
108
- #if HAVE_ENGINE_LOAD_4758CCA
109
+ #ifdef HAVE_ENGINE_LOAD_4758CCA
109
110
  OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA);
110
111
  #endif
111
- #if HAVE_ENGINE_LOAD_AEP
112
+ #ifdef HAVE_ENGINE_LOAD_AEP
112
113
  OSSL_ENGINE_LOAD_IF_MATCH(aep, AEP);
113
114
  #endif
114
- #if HAVE_ENGINE_LOAD_ATALLA
115
+ #ifdef HAVE_ENGINE_LOAD_ATALLA
115
116
  OSSL_ENGINE_LOAD_IF_MATCH(atalla, ATALLA);
116
117
  #endif
117
- #if HAVE_ENGINE_LOAD_CHIL
118
+ #ifdef HAVE_ENGINE_LOAD_CHIL
118
119
  OSSL_ENGINE_LOAD_IF_MATCH(chil, CHIL);
119
120
  #endif
120
- #if HAVE_ENGINE_LOAD_CSWIFT
121
+ #ifdef HAVE_ENGINE_LOAD_CSWIFT
121
122
  OSSL_ENGINE_LOAD_IF_MATCH(cswift, CSWIFT);
122
123
  #endif
123
- #if HAVE_ENGINE_LOAD_NURON
124
+ #ifdef HAVE_ENGINE_LOAD_NURON
124
125
  OSSL_ENGINE_LOAD_IF_MATCH(nuron, NURON);
125
126
  #endif
126
- #if HAVE_ENGINE_LOAD_SUREWARE
127
+ #ifdef HAVE_ENGINE_LOAD_SUREWARE
127
128
  OSSL_ENGINE_LOAD_IF_MATCH(sureware, SUREWARE);
128
129
  #endif
129
- #if HAVE_ENGINE_LOAD_UBSEC
130
+ #ifdef HAVE_ENGINE_LOAD_UBSEC
130
131
  OSSL_ENGINE_LOAD_IF_MATCH(ubsec, UBSEC);
131
132
  #endif
132
- #if HAVE_ENGINE_LOAD_PADLOCK
133
+ #ifdef HAVE_ENGINE_LOAD_PADLOCK
133
134
  OSSL_ENGINE_LOAD_IF_MATCH(padlock, PADLOCK);
134
135
  #endif
135
- #if HAVE_ENGINE_LOAD_CAPI
136
+ #ifdef HAVE_ENGINE_LOAD_CAPI
136
137
  OSSL_ENGINE_LOAD_IF_MATCH(capi, CAPI);
137
138
  #endif
138
- #if HAVE_ENGINE_LOAD_GMP
139
+ #ifdef HAVE_ENGINE_LOAD_GMP
139
140
  OSSL_ENGINE_LOAD_IF_MATCH(gmp, GMP);
140
141
  #endif
141
- #if HAVE_ENGINE_LOAD_GOST
142
+ #ifdef HAVE_ENGINE_LOAD_GOST
142
143
  OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST);
143
144
  #endif
144
145
  #endif
145
- #if HAVE_ENGINE_LOAD_CRYPTODEV
146
+ #ifdef HAVE_ENGINE_LOAD_CRYPTODEV
146
147
  OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV);
147
148
  #endif
148
149
  OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL);