openssl 2.2.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +33 -45
  3. data/History.md +248 -1
  4. data/README.md +36 -19
  5. data/ext/openssl/extconf.rb +101 -68
  6. data/ext/openssl/openssl_missing.c +0 -66
  7. data/ext/openssl/openssl_missing.h +26 -45
  8. data/ext/openssl/ossl.c +128 -237
  9. data/ext/openssl/ossl.h +31 -12
  10. data/ext/openssl/ossl_asn1.c +26 -13
  11. data/ext/openssl/ossl_bn.c +213 -139
  12. data/ext/openssl/ossl_cipher.c +13 -14
  13. data/ext/openssl/ossl_config.c +412 -41
  14. data/ext/openssl/ossl_config.h +4 -7
  15. data/ext/openssl/ossl_digest.c +10 -10
  16. data/ext/openssl/ossl_engine.c +17 -16
  17. data/ext/openssl/ossl_hmac.c +57 -136
  18. data/ext/openssl/ossl_kdf.c +12 -4
  19. data/ext/openssl/ossl_ns_spki.c +1 -1
  20. data/ext/openssl/ossl_ocsp.c +11 -59
  21. data/ext/openssl/ossl_pkcs12.c +22 -4
  22. data/ext/openssl/ossl_pkcs7.c +45 -62
  23. data/ext/openssl/ossl_pkey.c +1320 -196
  24. data/ext/openssl/ossl_pkey.h +36 -73
  25. data/ext/openssl/ossl_pkey_dh.c +152 -347
  26. data/ext/openssl/ossl_pkey_dsa.c +157 -413
  27. data/ext/openssl/ossl_pkey_ec.c +227 -343
  28. data/ext/openssl/ossl_pkey_rsa.c +159 -491
  29. data/ext/openssl/ossl_provider.c +211 -0
  30. data/ext/openssl/ossl_provider.h +5 -0
  31. data/ext/openssl/ossl_ssl.c +530 -450
  32. data/ext/openssl/ossl_ssl_session.c +29 -30
  33. data/ext/openssl/ossl_ts.c +38 -23
  34. data/ext/openssl/ossl_x509.c +0 -6
  35. data/ext/openssl/ossl_x509attr.c +1 -1
  36. data/ext/openssl/ossl_x509cert.c +168 -12
  37. data/ext/openssl/ossl_x509crl.c +14 -11
  38. data/ext/openssl/ossl_x509ext.c +14 -9
  39. data/ext/openssl/ossl_x509name.c +10 -3
  40. data/ext/openssl/ossl_x509req.c +14 -11
  41. data/ext/openssl/ossl_x509revoked.c +4 -4
  42. data/ext/openssl/ossl_x509store.c +166 -75
  43. data/lib/openssl/buffering.rb +9 -3
  44. data/lib/openssl/digest.rb +1 -5
  45. data/lib/openssl/hmac.rb +65 -0
  46. data/lib/openssl/pkey.rb +429 -0
  47. data/lib/openssl/ssl.rb +22 -17
  48. data/lib/openssl/version.rb +1 -1
  49. data/lib/openssl/x509.rb +22 -0
  50. data/lib/openssl.rb +0 -1
  51. metadata +10 -79
  52. data/ext/openssl/ruby_missing.h +0 -24
  53. data/lib/openssl/config.rb +0 -501
@@ -65,7 +65,7 @@ const rb_data_type_t ossl_pkcs7_type = {
65
65
  {
66
66
  0, ossl_pkcs7_free,
67
67
  },
68
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
68
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
69
69
  };
70
70
 
71
71
  static void
@@ -79,7 +79,7 @@ static const rb_data_type_t ossl_pkcs7_signer_info_type = {
79
79
  {
80
80
  0, ossl_pkcs7_signer_info_free,
81
81
  },
82
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
82
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
83
83
  };
84
84
 
85
85
  static void
@@ -93,7 +93,7 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = {
93
93
  {
94
94
  0, ossl_pkcs7_recip_info_free,
95
95
  },
96
- 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
96
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
97
97
  };
98
98
 
99
99
  /*
@@ -101,19 +101,24 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = {
101
101
  * (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM)
102
102
  */
103
103
  static PKCS7_SIGNER_INFO *
104
- ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si)
104
+ ossl_PKCS7_SIGNER_INFO_dup(PKCS7_SIGNER_INFO *si)
105
105
  {
106
- return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
107
- (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
108
- (char *)si);
106
+ PKCS7_SIGNER_INFO *si_new = ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
107
+ (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
108
+ si);
109
+ if (si_new && si->pkey) {
110
+ EVP_PKEY_up_ref(si->pkey);
111
+ si_new->pkey = si->pkey;
112
+ }
113
+ return si_new;
109
114
  }
110
115
 
111
116
  static PKCS7_RECIP_INFO *
112
- ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si)
117
+ ossl_PKCS7_RECIP_INFO_dup(PKCS7_RECIP_INFO *si)
113
118
  {
114
- return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
115
- (d2i_of_void *)d2i_PKCS7_RECIP_INFO,
116
- (char *)si);
119
+ return ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
120
+ (d2i_of_void *)d2i_PKCS7_RECIP_INFO,
121
+ si);
117
122
  }
118
123
 
119
124
  static VALUE
@@ -130,19 +135,6 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
130
135
  return obj;
131
136
  }
132
137
 
133
- static PKCS7_SIGNER_INFO *
134
- DupPKCS7SignerPtr(VALUE obj)
135
- {
136
- PKCS7_SIGNER_INFO *p7si, *pkcs7;
137
-
138
- GetPKCS7si(obj, p7si);
139
- if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
140
- ossl_raise(ePKCS7Error, NULL);
141
- }
142
-
143
- return pkcs7;
144
- }
145
-
146
138
  static VALUE
147
139
  ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
148
140
  {
@@ -157,19 +149,6 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
157
149
  return obj;
158
150
  }
159
151
 
160
- static PKCS7_RECIP_INFO *
161
- DupPKCS7RecipientPtr(VALUE obj)
162
- {
163
- PKCS7_RECIP_INFO *p7ri, *pkcs7;
164
-
165
- GetPKCS7ri(obj, p7ri);
166
- if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
167
- ossl_raise(ePKCS7Error, NULL);
168
- }
169
-
170
- return pkcs7;
171
- }
172
-
173
152
  /*
174
153
  * call-seq:
175
154
  * PKCS7.read_smime(string) => pkcs7
@@ -351,7 +330,7 @@ ossl_pkcs7_alloc(VALUE klass)
351
330
  static VALUE
352
331
  ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
353
332
  {
354
- PKCS7 *p7, *pkcs = DATA_PTR(self);
333
+ PKCS7 *p7, *p7_orig = RTYPEDDATA_DATA(self);
355
334
  BIO *in;
356
335
  VALUE arg;
357
336
 
@@ -359,19 +338,17 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
359
338
  return self;
360
339
  arg = ossl_to_der_if_possible(arg);
361
340
  in = ossl_obj2bio(&arg);
362
- p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL);
341
+ p7 = d2i_PKCS7_bio(in, NULL);
363
342
  if (!p7) {
364
- OSSL_BIO_reset(in);
365
- p7 = d2i_PKCS7_bio(in, &pkcs);
366
- if (!p7) {
367
- BIO_free(in);
368
- PKCS7_free(pkcs);
369
- DATA_PTR(self) = NULL;
370
- ossl_raise(rb_eArgError, "Could not parse the PKCS7");
371
- }
343
+ OSSL_BIO_reset(in);
344
+ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
372
345
  }
373
- DATA_PTR(self) = pkcs;
374
346
  BIO_free(in);
347
+ if (!p7)
348
+ ossl_raise(rb_eArgError, "Could not parse the PKCS7");
349
+
350
+ RTYPEDDATA_DATA(self) = p7;
351
+ PKCS7_free(p7_orig);
375
352
  ossl_pkcs7_set_data(self, Qnil);
376
353
  ossl_pkcs7_set_err_string(self, Qnil);
377
354
 
@@ -521,17 +498,18 @@ static VALUE
521
498
  ossl_pkcs7_add_signer(VALUE self, VALUE signer)
522
499
  {
523
500
  PKCS7 *pkcs7;
524
- PKCS7_SIGNER_INFO *p7si;
501
+ PKCS7_SIGNER_INFO *si, *si_new;
525
502
 
526
- p7si = DupPKCS7SignerPtr(signer); /* NEED TO DUP */
527
503
  GetPKCS7(self, pkcs7);
528
- if (!PKCS7_add_signer(pkcs7, p7si)) {
529
- PKCS7_SIGNER_INFO_free(p7si);
530
- ossl_raise(ePKCS7Error, "Could not add signer.");
531
- }
532
- if (PKCS7_type_is_signed(pkcs7)){
533
- PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
534
- V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
504
+ GetPKCS7si(signer, si);
505
+
506
+ si_new = ossl_PKCS7_SIGNER_INFO_dup(si);
507
+ if (!si_new)
508
+ ossl_raise(ePKCS7Error, "PKCS7_SIGNER_INFO_dup");
509
+
510
+ if (PKCS7_add_signer(pkcs7, si_new) != 1) {
511
+ PKCS7_SIGNER_INFO_free(si_new);
512
+ ossl_raise(ePKCS7Error, "PKCS7_add_signer");
535
513
  }
536
514
 
537
515
  return self;
@@ -567,13 +545,18 @@ static VALUE
567
545
  ossl_pkcs7_add_recipient(VALUE self, VALUE recip)
568
546
  {
569
547
  PKCS7 *pkcs7;
570
- PKCS7_RECIP_INFO *ri;
548
+ PKCS7_RECIP_INFO *ri, *ri_new;
571
549
 
572
- ri = DupPKCS7RecipientPtr(recip); /* NEED TO DUP */
573
550
  GetPKCS7(self, pkcs7);
574
- if (!PKCS7_add_recipient_info(pkcs7, ri)) {
575
- PKCS7_RECIP_INFO_free(ri);
576
- ossl_raise(ePKCS7Error, "Could not add recipient.");
551
+ GetPKCS7ri(recip, ri);
552
+
553
+ ri_new = ossl_PKCS7_RECIP_INFO_dup(ri);
554
+ if (!ri_new)
555
+ ossl_raise(ePKCS7Error, "PKCS7_RECIP_INFO_dup");
556
+
557
+ if (PKCS7_add_recipient_info(pkcs7, ri_new) != 1) {
558
+ PKCS7_RECIP_INFO_free(ri_new);
559
+ ossl_raise(ePKCS7Error, "PKCS7_add_recipient_info");
577
560
  }
578
561
 
579
562
  return self;