openssl 2.2.2 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +32 -44
  3. data/History.md +99 -13
  4. data/ext/openssl/extconf.rb +26 -28
  5. data/ext/openssl/openssl_missing.c +0 -66
  6. data/ext/openssl/openssl_missing.h +26 -45
  7. data/ext/openssl/ossl.c +59 -46
  8. data/ext/openssl/ossl.h +20 -6
  9. data/ext/openssl/ossl_asn1.c +16 -4
  10. data/ext/openssl/ossl_bn.c +188 -126
  11. data/ext/openssl/ossl_cipher.c +11 -11
  12. data/ext/openssl/ossl_config.c +412 -41
  13. data/ext/openssl/ossl_config.h +4 -7
  14. data/ext/openssl/ossl_digest.c +9 -9
  15. data/ext/openssl/ossl_engine.c +16 -15
  16. data/ext/openssl/ossl_hmac.c +48 -135
  17. data/ext/openssl/ossl_kdf.c +8 -0
  18. data/ext/openssl/ossl_ocsp.c +3 -51
  19. data/ext/openssl/ossl_pkcs12.c +21 -3
  20. data/ext/openssl/ossl_pkcs7.c +42 -59
  21. data/ext/openssl/ossl_pkey.c +1102 -191
  22. data/ext/openssl/ossl_pkey.h +35 -72
  23. data/ext/openssl/ossl_pkey_dh.c +124 -334
  24. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  25. data/ext/openssl/ossl_pkey_ec.c +126 -318
  26. data/ext/openssl/ossl_pkey_rsa.c +100 -487
  27. data/ext/openssl/ossl_ssl.c +256 -355
  28. data/ext/openssl/ossl_ssl_session.c +24 -29
  29. data/ext/openssl/ossl_ts.c +35 -20
  30. data/ext/openssl/ossl_x509.c +0 -6
  31. data/ext/openssl/ossl_x509cert.c +164 -8
  32. data/ext/openssl/ossl_x509crl.c +10 -7
  33. data/ext/openssl/ossl_x509ext.c +1 -2
  34. data/ext/openssl/ossl_x509name.c +9 -2
  35. data/ext/openssl/ossl_x509req.c +10 -7
  36. data/ext/openssl/ossl_x509store.c +154 -70
  37. data/lib/openssl/buffering.rb +9 -0
  38. data/lib/openssl/hmac.rb +65 -0
  39. data/lib/openssl/pkey.rb +417 -0
  40. data/lib/openssl/ssl.rb +7 -7
  41. data/lib/openssl/version.rb +1 -1
  42. data/lib/openssl/x509.rb +22 -0
  43. data/lib/openssl.rb +0 -1
  44. metadata +5 -77
  45. data/ext/openssl/ruby_missing.h +0 -24
  46. data/lib/openssl/config.rb +0 -501
data/lib/openssl/pkey.rb CHANGED
@@ -9,16 +9,282 @@ require_relative 'marshal'
9
9
  module OpenSSL::PKey
10
10
  class DH
11
11
  include OpenSSL::Marshal
12
+
13
+ # :call-seq:
14
+ # dh.public_key -> dhnew
15
+ #
16
+ # Returns a new DH instance that carries just the \DH parameters.
17
+ #
18
+ # Contrary to the method name, the returned DH object contains only
19
+ # parameters and not the public key.
20
+ #
21
+ # This method is provided for backwards compatibility. In most cases, there
22
+ # is no need to call this method.
23
+ #
24
+ # For the purpose of re-generating the key pair while keeping the
25
+ # parameters, check OpenSSL::PKey.generate_key.
26
+ #
27
+ # Example:
28
+ # # OpenSSL::PKey::DH.generate by default generates a random key pair
29
+ # dh1 = OpenSSL::PKey::DH.generate(2048)
30
+ # p dh1.priv_key #=> #<OpenSSL::BN 1288347...>
31
+ # dhcopy = dh1.public_key
32
+ # p dhcopy.priv_key #=> nil
33
+ def public_key
34
+ DH.new(to_der)
35
+ end
36
+
37
+ # :call-seq:
38
+ # dh.compute_key(pub_bn) -> string
39
+ #
40
+ # Returns a String containing a shared secret computed from the other
41
+ # party's public value.
42
+ #
43
+ # This method is provided for backwards compatibility, and calls #derive
44
+ # internally.
45
+ #
46
+ # === Parameters
47
+ # * _pub_bn_ is a OpenSSL::BN, *not* the DH instance returned by
48
+ # DH#public_key as that contains the DH parameters only.
49
+ def compute_key(pub_bn)
50
+ # FIXME: This is constructing an X.509 SubjectPublicKeyInfo and is very
51
+ # inefficient
52
+ obj = OpenSSL::ASN1.Sequence([
53
+ OpenSSL::ASN1.Sequence([
54
+ OpenSSL::ASN1.ObjectId("dhKeyAgreement"),
55
+ OpenSSL::ASN1.Sequence([
56
+ OpenSSL::ASN1.Integer(p),
57
+ OpenSSL::ASN1.Integer(g),
58
+ ]),
59
+ ]),
60
+ OpenSSL::ASN1.BitString(OpenSSL::ASN1.Integer(pub_bn).to_der),
61
+ ])
62
+ derive(OpenSSL::PKey.read(obj.to_der))
63
+ end
64
+
65
+ # :call-seq:
66
+ # dh.generate_key! -> self
67
+ #
68
+ # Generates a private and public key unless a private key already exists.
69
+ # If this DH instance was generated from public \DH parameters (e.g. by
70
+ # encoding the result of DH#public_key), then this method needs to be
71
+ # called first in order to generate the per-session keys before performing
72
+ # the actual key exchange.
73
+ #
74
+ # <b>Deprecated in version 3.0</b>. This method is incompatible with
75
+ # OpenSSL 3.0.0 or later.
76
+ #
77
+ # See also OpenSSL::PKey.generate_key.
78
+ #
79
+ # Example:
80
+ # # DEPRECATED USAGE: This will not work on OpenSSL 3.0 or later
81
+ # dh0 = OpenSSL::PKey::DH.new(2048)
82
+ # dh = dh0.public_key # #public_key only copies the DH parameters (contrary to the name)
83
+ # dh.generate_key!
84
+ # puts dh.private? # => true
85
+ # puts dh0.pub_key == dh.pub_key #=> false
86
+ #
87
+ # # With OpenSSL::PKey.generate_key
88
+ # dh0 = OpenSSL::PKey::DH.new(2048)
89
+ # dh = OpenSSL::PKey.generate_key(dh0)
90
+ # puts dh0.pub_key == dh.pub_key #=> false
91
+ def generate_key!
92
+ if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x30000000
93
+ raise DHError, "OpenSSL::PKey::DH is immutable on OpenSSL 3.0; " \
94
+ "use OpenSSL::PKey.generate_key instead"
95
+ end
96
+
97
+ unless priv_key
98
+ tmp = OpenSSL::PKey.generate_key(self)
99
+ set_key(tmp.pub_key, tmp.priv_key)
100
+ end
101
+ self
102
+ end
103
+
104
+ class << self
105
+ # :call-seq:
106
+ # DH.generate(size, generator = 2) -> dh
107
+ #
108
+ # Creates a new DH instance from scratch by generating random parameters
109
+ # and a key pair.
110
+ #
111
+ # See also OpenSSL::PKey.generate_parameters and
112
+ # OpenSSL::PKey.generate_key.
113
+ #
114
+ # +size+::
115
+ # The desired key size in bits.
116
+ # +generator+::
117
+ # The generator.
118
+ def generate(size, generator = 2, &blk)
119
+ dhparams = OpenSSL::PKey.generate_parameters("DH", {
120
+ "dh_paramgen_prime_len" => size,
121
+ "dh_paramgen_generator" => generator,
122
+ }, &blk)
123
+ OpenSSL::PKey.generate_key(dhparams)
124
+ end
125
+
126
+ # Handle DH.new(size, generator) form here; new(str) and new() forms
127
+ # are handled by #initialize
128
+ def new(*args, &blk) # :nodoc:
129
+ if args[0].is_a?(Integer)
130
+ generate(*args, &blk)
131
+ else
132
+ super
133
+ end
134
+ end
135
+ end
12
136
  end
13
137
 
14
138
  class DSA
15
139
  include OpenSSL::Marshal
140
+
141
+ # :call-seq:
142
+ # dsa.public_key -> dsanew
143
+ #
144
+ # Returns a new DSA instance that carries just the \DSA parameters and the
145
+ # public key.
146
+ #
147
+ # This method is provided for backwards compatibility. In most cases, there
148
+ # is no need to call this method.
149
+ #
150
+ # For the purpose of serializing the public key, to PEM or DER encoding of
151
+ # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
152
+ # PKey#public_to_der.
153
+ def public_key
154
+ OpenSSL::PKey.read(public_to_der)
155
+ end
156
+
157
+ class << self
158
+ # :call-seq:
159
+ # DSA.generate(size) -> dsa
160
+ #
161
+ # Creates a new DSA instance by generating a private/public key pair
162
+ # from scratch.
163
+ #
164
+ # See also OpenSSL::PKey.generate_parameters and
165
+ # OpenSSL::PKey.generate_key.
166
+ #
167
+ # +size+::
168
+ # The desired key size in bits.
169
+ def generate(size, &blk)
170
+ dsaparams = OpenSSL::PKey.generate_parameters("DSA", {
171
+ "dsa_paramgen_bits" => size,
172
+ }, &blk)
173
+ OpenSSL::PKey.generate_key(dsaparams)
174
+ end
175
+
176
+ # Handle DSA.new(size) form here; new(str) and new() forms
177
+ # are handled by #initialize
178
+ def new(*args, &blk) # :nodoc:
179
+ if args[0].is_a?(Integer)
180
+ generate(*args, &blk)
181
+ else
182
+ super
183
+ end
184
+ end
185
+ end
186
+
187
+ # :call-seq:
188
+ # dsa.syssign(string) -> string
189
+ #
190
+ # Computes and returns the \DSA signature of +string+, where +string+ is
191
+ # expected to be an already-computed message digest of the original input
192
+ # data. The signature is issued using the private key of this DSA instance.
193
+ #
194
+ # <b>Deprecated in version 3.0</b>.
195
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
196
+ #
197
+ # +string+::
198
+ # A message digest of the original input data to be signed.
199
+ #
200
+ # Example:
201
+ # dsa = OpenSSL::PKey::DSA.new(2048)
202
+ # doc = "Sign me"
203
+ # digest = OpenSSL::Digest.digest('SHA1', doc)
204
+ #
205
+ # # With legacy #syssign and #sysverify:
206
+ # sig = dsa.syssign(digest)
207
+ # p dsa.sysverify(digest, sig) #=> true
208
+ #
209
+ # # With #sign_raw and #verify_raw:
210
+ # sig = dsa.sign_raw(nil, digest)
211
+ # p dsa.verify_raw(nil, sig, digest) #=> true
212
+ def syssign(string)
213
+ q or raise OpenSSL::PKey::DSAError, "incomplete DSA"
214
+ private? or raise OpenSSL::PKey::DSAError, "Private DSA key needed!"
215
+ begin
216
+ sign_raw(nil, string)
217
+ rescue OpenSSL::PKey::PKeyError
218
+ raise OpenSSL::PKey::DSAError, $!.message
219
+ end
220
+ end
221
+
222
+ # :call-seq:
223
+ # dsa.sysverify(digest, sig) -> true | false
224
+ #
225
+ # Verifies whether the signature is valid given the message digest input.
226
+ # It does so by validating +sig+ using the public key of this DSA instance.
227
+ #
228
+ # <b>Deprecated in version 3.0</b>.
229
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
230
+ #
231
+ # +digest+::
232
+ # A message digest of the original input data to be signed.
233
+ # +sig+::
234
+ # A \DSA signature value.
235
+ def sysverify(digest, sig)
236
+ verify_raw(nil, sig, digest)
237
+ rescue OpenSSL::PKey::PKeyError
238
+ raise OpenSSL::PKey::DSAError, $!.message
239
+ end
16
240
  end
17
241
 
18
242
  if defined?(EC)
19
243
  class EC
20
244
  include OpenSSL::Marshal
245
+
246
+ # :call-seq:
247
+ # key.dsa_sign_asn1(data) -> String
248
+ #
249
+ # <b>Deprecated in version 3.0</b>.
250
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
251
+ def dsa_sign_asn1(data)
252
+ sign_raw(nil, data)
253
+ rescue OpenSSL::PKey::PKeyError
254
+ raise OpenSSL::PKey::ECError, $!.message
255
+ end
256
+
257
+ # :call-seq:
258
+ # key.dsa_verify_asn1(data, sig) -> true | false
259
+ #
260
+ # <b>Deprecated in version 3.0</b>.
261
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
262
+ def dsa_verify_asn1(data, sig)
263
+ verify_raw(nil, sig, data)
264
+ rescue OpenSSL::PKey::PKeyError
265
+ raise OpenSSL::PKey::ECError, $!.message
266
+ end
267
+
268
+ # :call-seq:
269
+ # ec.dh_compute_key(pubkey) -> string
270
+ #
271
+ # Derives a shared secret by ECDH. _pubkey_ must be an instance of
272
+ # OpenSSL::PKey::EC::Point and must belong to the same group.
273
+ #
274
+ # This method is provided for backwards compatibility, and calls #derive
275
+ # internally.
276
+ def dh_compute_key(pubkey)
277
+ obj = OpenSSL::ASN1.Sequence([
278
+ OpenSSL::ASN1.Sequence([
279
+ OpenSSL::ASN1.ObjectId("id-ecPublicKey"),
280
+ group.to_der,
281
+ ]),
282
+ OpenSSL::ASN1.BitString(pubkey.to_octet_string(:uncompressed)),
283
+ ])
284
+ derive(OpenSSL::PKey.read(obj.to_der))
285
+ end
21
286
  end
287
+
22
288
  class EC::Point
23
289
  # :call-seq:
24
290
  # point.to_bn([conversion_form]) -> OpenSSL::BN
@@ -38,5 +304,156 @@ module OpenSSL::PKey
38
304
 
39
305
  class RSA
40
306
  include OpenSSL::Marshal
307
+
308
+ # :call-seq:
309
+ # rsa.public_key -> rsanew
310
+ #
311
+ # Returns a new RSA instance that carries just the public key components.
312
+ #
313
+ # This method is provided for backwards compatibility. In most cases, there
314
+ # is no need to call this method.
315
+ #
316
+ # For the purpose of serializing the public key, to PEM or DER encoding of
317
+ # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
318
+ # PKey#public_to_der.
319
+ def public_key
320
+ OpenSSL::PKey.read(public_to_der)
321
+ end
322
+
323
+ class << self
324
+ # :call-seq:
325
+ # RSA.generate(size, exponent = 65537) -> RSA
326
+ #
327
+ # Generates an \RSA keypair.
328
+ #
329
+ # See also OpenSSL::PKey.generate_key.
330
+ #
331
+ # +size+::
332
+ # The desired key size in bits.
333
+ # +exponent+::
334
+ # An odd Integer, normally 3, 17, or 65537.
335
+ def generate(size, exp = 0x10001, &blk)
336
+ OpenSSL::PKey.generate_key("RSA", {
337
+ "rsa_keygen_bits" => size,
338
+ "rsa_keygen_pubexp" => exp,
339
+ }, &blk)
340
+ end
341
+
342
+ # Handle RSA.new(size, exponent) form here; new(str) and new() forms
343
+ # are handled by #initialize
344
+ def new(*args, &blk) # :nodoc:
345
+ if args[0].is_a?(Integer)
346
+ generate(*args, &blk)
347
+ else
348
+ super
349
+ end
350
+ end
351
+ end
352
+
353
+ # :call-seq:
354
+ # rsa.private_encrypt(string) -> String
355
+ # rsa.private_encrypt(string, padding) -> String
356
+ #
357
+ # Encrypt +string+ with the private key. +padding+ defaults to
358
+ # PKCS1_PADDING. The encrypted string output can be decrypted using
359
+ # #public_decrypt.
360
+ #
361
+ # <b>Deprecated in version 3.0</b>.
362
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
363
+ # PKey::PKey#verify_recover instead.
364
+ def private_encrypt(string, padding = PKCS1_PADDING)
365
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
366
+ private? or raise OpenSSL::PKey::RSAError, "private key needed."
367
+ begin
368
+ sign_raw(nil, string, {
369
+ "rsa_padding_mode" => translate_padding_mode(padding),
370
+ })
371
+ rescue OpenSSL::PKey::PKeyError
372
+ raise OpenSSL::PKey::RSAError, $!.message
373
+ end
374
+ end
375
+
376
+ # :call-seq:
377
+ # rsa.public_decrypt(string) -> String
378
+ # rsa.public_decrypt(string, padding) -> String
379
+ #
380
+ # Decrypt +string+, which has been encrypted with the private key, with the
381
+ # public key. +padding+ defaults to PKCS1_PADDING.
382
+ #
383
+ # <b>Deprecated in version 3.0</b>.
384
+ # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
385
+ # PKey::PKey#verify_recover instead.
386
+ def public_decrypt(string, padding = PKCS1_PADDING)
387
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
388
+ begin
389
+ verify_recover(nil, string, {
390
+ "rsa_padding_mode" => translate_padding_mode(padding),
391
+ })
392
+ rescue OpenSSL::PKey::PKeyError
393
+ raise OpenSSL::PKey::RSAError, $!.message
394
+ end
395
+ end
396
+
397
+ # :call-seq:
398
+ # rsa.public_encrypt(string) -> String
399
+ # rsa.public_encrypt(string, padding) -> String
400
+ #
401
+ # Encrypt +string+ with the public key. +padding+ defaults to
402
+ # PKCS1_PADDING. The encrypted string output can be decrypted using
403
+ # #private_decrypt.
404
+ #
405
+ # <b>Deprecated in version 3.0</b>.
406
+ # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
407
+ def public_encrypt(data, padding = PKCS1_PADDING)
408
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
409
+ begin
410
+ encrypt(data, {
411
+ "rsa_padding_mode" => translate_padding_mode(padding),
412
+ })
413
+ rescue OpenSSL::PKey::PKeyError
414
+ raise OpenSSL::PKey::RSAError, $!.message
415
+ end
416
+ end
417
+
418
+ # :call-seq:
419
+ # rsa.private_decrypt(string) -> String
420
+ # rsa.private_decrypt(string, padding) -> String
421
+ #
422
+ # Decrypt +string+, which has been encrypted with the public key, with the
423
+ # private key. +padding+ defaults to PKCS1_PADDING.
424
+ #
425
+ # <b>Deprecated in version 3.0</b>.
426
+ # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
427
+ def private_decrypt(data, padding = PKCS1_PADDING)
428
+ n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
429
+ private? or raise OpenSSL::PKey::RSAError, "private key needed."
430
+ begin
431
+ decrypt(data, {
432
+ "rsa_padding_mode" => translate_padding_mode(padding),
433
+ })
434
+ rescue OpenSSL::PKey::PKeyError
435
+ raise OpenSSL::PKey::RSAError, $!.message
436
+ end
437
+ end
438
+
439
+ PKCS1_PADDING = 1
440
+ SSLV23_PADDING = 2
441
+ NO_PADDING = 3
442
+ PKCS1_OAEP_PADDING = 4
443
+
444
+ private def translate_padding_mode(num)
445
+ case num
446
+ when PKCS1_PADDING
447
+ "pkcs1"
448
+ when SSLV23_PADDING
449
+ "sslv23"
450
+ when NO_PADDING
451
+ "none"
452
+ when PKCS1_OAEP_PADDING
453
+ "oaep"
454
+ else
455
+ raise OpenSSL::PKey::PKeyError, "unsupported padding mode"
456
+ end
457
+ end
41
458
  end
42
459
  end
data/lib/openssl/ssl.rb CHANGED
@@ -91,15 +91,17 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
91
91
  DEFAULT_CERT_STORE.set_default_paths
92
92
  DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
93
93
 
94
- # A callback invoked when DH parameters are required.
94
+ # A callback invoked when DH parameters are required for ephemeral DH key
95
+ # exchange.
95
96
  #
96
- # The callback is invoked with the Session for the key exchange, an
97
+ # The callback is invoked with the SSLSocket, a
97
98
  # flag indicating the use of an export cipher and the keylength
98
99
  # required.
99
100
  #
100
101
  # The callback must return an OpenSSL::PKey::DH instance of the correct
101
102
  # key length.
102
-
103
+ #
104
+ # <b>Deprecated in version 3.0.</b> Use #tmp_dh= instead.
103
105
  attr_accessor :tmp_dh_callback
104
106
 
105
107
  # A callback invoked at connect time to distinguish between multiple
@@ -122,6 +124,8 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
122
124
  def initialize(version = nil)
123
125
  self.options |= OpenSSL::SSL::OP_ALL
124
126
  self.ssl_version = version if version
127
+ self.verify_mode = OpenSSL::SSL::VERIFY_NONE
128
+ self.verify_hostname = false
125
129
  end
126
130
 
127
131
  ##
@@ -430,10 +434,6 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
430
434
  @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
431
435
  end
432
436
 
433
- def tmp_ecdh_callback
434
- @context.tmp_ecdh_callback
435
- end
436
-
437
437
  def session_new_cb
438
438
  @context.session_new_cb
439
439
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module OpenSSL
4
- VERSION = "2.2.2"
4
+ VERSION = "3.0.0"
5
5
  end
data/lib/openssl/x509.rb CHANGED
@@ -279,11 +279,29 @@ module OpenSSL
279
279
  end
280
280
 
281
281
  class << self
282
+ # Parses the UTF-8 string representation of a distinguished name,
283
+ # according to RFC 2253.
284
+ #
285
+ # See also #to_utf8 for the opposite operation.
282
286
  def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
283
287
  ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
284
288
  self.new(ary, template)
285
289
  end
286
290
 
291
+ # Parses the string representation of a distinguished name. Two
292
+ # different forms are supported:
293
+ #
294
+ # - \OpenSSL format (<tt>X509_NAME_oneline()</tt>) used by
295
+ # <tt>#to_s</tt>. For example: <tt>/DC=com/DC=example/CN=nobody</tt>
296
+ # - \OpenSSL format (<tt>X509_NAME_print()</tt>)
297
+ # used by <tt>#to_s(OpenSSL::X509::Name::COMPAT)</tt>. For example:
298
+ # <tt>DC=com, DC=example, CN=nobody</tt>
299
+ #
300
+ # Neither of them is standardized and has quirks and inconsistencies
301
+ # in handling of escaped characters or multi-valued RDNs.
302
+ #
303
+ # Use of this method is discouraged in new applications. See
304
+ # Name.parse_rfc2253 and #to_utf8 for the alternative.
287
305
  def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
288
306
  if str.start_with?("/")
289
307
  # /A=B/C=D format
@@ -338,6 +356,10 @@ module OpenSSL
338
356
  q.text 'not_after='; q.pp self.not_after
339
357
  }
340
358
  end
359
+
360
+ def self.load_file(path)
361
+ load(File.binread(path))
362
+ end
341
363
  end
342
364
 
343
365
  class CRL
data/lib/openssl.rb CHANGED
@@ -15,7 +15,6 @@ require 'openssl.so'
15
15
  require_relative 'openssl/bn'
16
16
  require_relative 'openssl/pkey'
17
17
  require_relative 'openssl/cipher'
18
- require_relative 'openssl/config'
19
18
  require_relative 'openssl/digest'
20
19
  require_relative 'openssl/hmac'
21
20
  require_relative 'openssl/x509'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.2
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,78 +11,8 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2022-09-08 00:00:00.000000000 Z
15
- dependencies:
16
- - !ruby/object:Gem::Dependency
17
- name: ipaddr
18
- requirement: !ruby/object:Gem::Requirement
19
- requirements:
20
- - - ">="
21
- - !ruby/object:Gem::Version
22
- version: '0'
23
- type: :runtime
24
- prerelease: false
25
- version_requirements: !ruby/object:Gem::Requirement
26
- requirements:
27
- - - ">="
28
- - !ruby/object:Gem::Version
29
- version: '0'
30
- - !ruby/object:Gem::Dependency
31
- name: rake
32
- requirement: !ruby/object:Gem::Requirement
33
- requirements:
34
- - - ">="
35
- - !ruby/object:Gem::Version
36
- version: 11.2.0
37
- type: :development
38
- prerelease: false
39
- version_requirements: !ruby/object:Gem::Requirement
40
- requirements:
41
- - - ">="
42
- - !ruby/object:Gem::Version
43
- version: 11.2.0
44
- - !ruby/object:Gem::Dependency
45
- name: rake-compiler
46
- requirement: !ruby/object:Gem::Requirement
47
- requirements:
48
- - - ">="
49
- - !ruby/object:Gem::Version
50
- version: '0'
51
- type: :development
52
- prerelease: false
53
- version_requirements: !ruby/object:Gem::Requirement
54
- requirements:
55
- - - ">="
56
- - !ruby/object:Gem::Version
57
- version: '0'
58
- - !ruby/object:Gem::Dependency
59
- name: test-unit
60
- requirement: !ruby/object:Gem::Requirement
61
- requirements:
62
- - - "~>"
63
- - !ruby/object:Gem::Version
64
- version: '3.0'
65
- type: :development
66
- prerelease: false
67
- version_requirements: !ruby/object:Gem::Requirement
68
- requirements:
69
- - - "~>"
70
- - !ruby/object:Gem::Version
71
- version: '3.0'
72
- - !ruby/object:Gem::Dependency
73
- name: rdoc
74
- requirement: !ruby/object:Gem::Requirement
75
- requirements:
76
- - - ">="
77
- - !ruby/object:Gem::Version
78
- version: '0'
79
- type: :development
80
- prerelease: false
81
- version_requirements: !ruby/object:Gem::Requirement
82
- requirements:
83
- - - ">="
84
- - !ruby/object:Gem::Version
85
- version: '0'
14
+ date: 2021-12-24 00:00:00.000000000 Z
15
+ dependencies: []
86
16
  description: It wraps the OpenSSL library.
87
17
  email:
88
18
  - ruby-core@ruby-lang.org
@@ -153,12 +83,10 @@ files:
153
83
  - ext/openssl/ossl_x509req.c
154
84
  - ext/openssl/ossl_x509revoked.c
155
85
  - ext/openssl/ossl_x509store.c
156
- - ext/openssl/ruby_missing.h
157
86
  - lib/openssl.rb
158
87
  - lib/openssl/bn.rb
159
88
  - lib/openssl/buffering.rb
160
89
  - lib/openssl/cipher.rb
161
- - lib/openssl/config.rb
162
90
  - lib/openssl/digest.rb
163
91
  - lib/openssl/hmac.rb
164
92
  - lib/openssl/marshal.rb
@@ -182,14 +110,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
182
110
  requirements:
183
111
  - - ">="
184
112
  - !ruby/object:Gem::Version
185
- version: 2.3.0
113
+ version: 2.6.0
186
114
  required_rubygems_version: !ruby/object:Gem::Requirement
187
115
  requirements:
188
116
  - - ">="
189
117
  - !ruby/object:Gem::Version
190
118
  version: '0'
191
119
  requirements: []
192
- rubygems_version: 3.3.8
120
+ rubygems_version: 3.3.0.dev
193
121
  signing_key:
194
122
  specification_version: 4
195
123
  summary: OpenSSL provides SSL, TLS and general purpose cryptography.
@@ -1,24 +0,0 @@
1
- /*
2
- * 'OpenSSL for Ruby' project
3
- * Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz>
4
- * All rights reserved.
5
- */
6
- /*
7
- * This program is licensed under the same licence as Ruby.
8
- * (See the file 'LICENCE'.)
9
- */
10
- #if !defined(_OSSL_RUBY_MISSING_H_)
11
- #define _OSSL_RUBY_MISSING_H_
12
-
13
- /* Ruby 2.4 */
14
- #ifndef RB_INTEGER_TYPE_P
15
- # define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
16
- #endif
17
-
18
- /* Ruby 2.5 */
19
- #ifndef ST2FIX
20
- # define RB_ST2FIX(h) LONG2FIX((long)(h))
21
- # define ST2FIX(h) RB_ST2FIX(h)
22
- #endif
23
-
24
- #endif /* _OSSL_RUBY_MISSING_H_ */