openssl 2.2.2 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +32 -44
  3. data/History.md +99 -13
  4. data/ext/openssl/extconf.rb +26 -28
  5. data/ext/openssl/openssl_missing.c +0 -66
  6. data/ext/openssl/openssl_missing.h +26 -45
  7. data/ext/openssl/ossl.c +59 -46
  8. data/ext/openssl/ossl.h +20 -6
  9. data/ext/openssl/ossl_asn1.c +16 -4
  10. data/ext/openssl/ossl_bn.c +188 -126
  11. data/ext/openssl/ossl_cipher.c +11 -11
  12. data/ext/openssl/ossl_config.c +412 -41
  13. data/ext/openssl/ossl_config.h +4 -7
  14. data/ext/openssl/ossl_digest.c +9 -9
  15. data/ext/openssl/ossl_engine.c +16 -15
  16. data/ext/openssl/ossl_hmac.c +48 -135
  17. data/ext/openssl/ossl_kdf.c +8 -0
  18. data/ext/openssl/ossl_ocsp.c +3 -51
  19. data/ext/openssl/ossl_pkcs12.c +21 -3
  20. data/ext/openssl/ossl_pkcs7.c +42 -59
  21. data/ext/openssl/ossl_pkey.c +1102 -191
  22. data/ext/openssl/ossl_pkey.h +35 -72
  23. data/ext/openssl/ossl_pkey_dh.c +124 -334
  24. data/ext/openssl/ossl_pkey_dsa.c +93 -398
  25. data/ext/openssl/ossl_pkey_ec.c +126 -318
  26. data/ext/openssl/ossl_pkey_rsa.c +100 -487
  27. data/ext/openssl/ossl_ssl.c +256 -355
  28. data/ext/openssl/ossl_ssl_session.c +24 -29
  29. data/ext/openssl/ossl_ts.c +35 -20
  30. data/ext/openssl/ossl_x509.c +0 -6
  31. data/ext/openssl/ossl_x509cert.c +164 -8
  32. data/ext/openssl/ossl_x509crl.c +10 -7
  33. data/ext/openssl/ossl_x509ext.c +1 -2
  34. data/ext/openssl/ossl_x509name.c +9 -2
  35. data/ext/openssl/ossl_x509req.c +10 -7
  36. data/ext/openssl/ossl_x509store.c +154 -70
  37. data/lib/openssl/buffering.rb +9 -0
  38. data/lib/openssl/hmac.rb +65 -0
  39. data/lib/openssl/pkey.rb +417 -0
  40. data/lib/openssl/ssl.rb +7 -7
  41. data/lib/openssl/version.rb +1 -1
  42. data/lib/openssl/x509.rb +22 -0
  43. data/lib/openssl.rb +0 -1
  44. metadata +5 -77
  45. data/ext/openssl/ruby_missing.h +0 -24
  46. data/lib/openssl/config.rb +0 -501
@@ -1,501 +0,0 @@
1
- # frozen_string_literal: true
2
- =begin
3
- = Ruby-space definitions that completes C-space funcs for Config
4
-
5
- = Info
6
- Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
7
-
8
- = Licence
9
- This program is licensed under the same licence as Ruby.
10
- (See the file 'LICENCE'.)
11
-
12
- =end
13
-
14
- require 'stringio'
15
-
16
- module OpenSSL
17
- ##
18
- # = OpenSSL::Config
19
- #
20
- # Configuration for the openssl library.
21
- #
22
- # Many system's installation of openssl library will depend on your system
23
- # configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
24
- # the location of the file for your host.
25
- #
26
- # See also http://www.openssl.org/docs/apps/config.html
27
- class Config
28
- include Enumerable
29
-
30
- class << self
31
-
32
- ##
33
- # Parses a given _string_ as a blob that contains configuration for
34
- # OpenSSL.
35
- #
36
- # If the source of the IO is a file, then consider using #parse_config.
37
- def parse(string)
38
- c = new()
39
- parse_config(StringIO.new(string)).each do |section, hash|
40
- c.set_section(section, hash)
41
- end
42
- c
43
- end
44
-
45
- ##
46
- # load is an alias to ::new
47
- alias load new
48
-
49
- ##
50
- # Parses the configuration data read from _io_, see also #parse.
51
- #
52
- # Raises a ConfigError on invalid configuration data.
53
- def parse_config(io)
54
- begin
55
- parse_config_lines(io)
56
- rescue => error
57
- raise ConfigError, "error in line #{io.lineno}: " + error.message
58
- end
59
- end
60
-
61
- def get_key_string(data, section, key) # :nodoc:
62
- if v = data[section] && data[section][key]
63
- return v
64
- elsif section == 'ENV'
65
- if v = ENV[key]
66
- return v
67
- end
68
- end
69
- if v = data['default'] && data['default'][key]
70
- return v
71
- end
72
- end
73
-
74
- private
75
-
76
- def parse_config_lines(io)
77
- section = 'default'
78
- data = {section => {}}
79
- io_stack = [io]
80
- while definition = get_definition(io_stack)
81
- definition = clear_comments(definition)
82
- next if definition.empty?
83
- case definition
84
- when /\A\[/
85
- if /\[([^\]]*)\]/ =~ definition
86
- section = $1.strip
87
- data[section] ||= {}
88
- else
89
- raise ConfigError, "missing close square bracket"
90
- end
91
- when /\A\.include (\s*=\s*)?(.+)\z/
92
- path = $2
93
- if File.directory?(path)
94
- files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB)
95
- else
96
- files = [path]
97
- end
98
-
99
- files.each do |filename|
100
- begin
101
- io_stack << StringIO.new(File.read(filename))
102
- rescue
103
- raise ConfigError, "could not include file '%s'" % filename
104
- end
105
- end
106
- when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/
107
- if $2
108
- section = $1
109
- key = $2
110
- else
111
- key = $1
112
- end
113
- value = unescape_value(data, section, $3)
114
- (data[section] ||= {})[key] = value.strip
115
- else
116
- raise ConfigError, "missing equal sign"
117
- end
118
- end
119
- data
120
- end
121
-
122
- # escape with backslash
123
- QUOTE_REGEXP_SQ = /\A([^'\\]*(?:\\.[^'\\]*)*)'/
124
- # escape with backslash and doubled dq
125
- QUOTE_REGEXP_DQ = /\A([^"\\]*(?:""[^"\\]*|\\.[^"\\]*)*)"/
126
- # escaped char map
127
- ESCAPE_MAP = {
128
- "r" => "\r",
129
- "n" => "\n",
130
- "b" => "\b",
131
- "t" => "\t",
132
- }
133
-
134
- def unescape_value(data, section, value)
135
- scanned = []
136
- while m = value.match(/['"\\$]/)
137
- scanned << m.pre_match
138
- c = m[0]
139
- value = m.post_match
140
- case c
141
- when "'"
142
- if m = value.match(QUOTE_REGEXP_SQ)
143
- scanned << m[1].gsub(/\\(.)/, '\\1')
144
- value = m.post_match
145
- else
146
- break
147
- end
148
- when '"'
149
- if m = value.match(QUOTE_REGEXP_DQ)
150
- scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
151
- value = m.post_match
152
- else
153
- break
154
- end
155
- when "\\"
156
- c = value.slice!(0, 1)
157
- scanned << (ESCAPE_MAP[c] || c)
158
- when "$"
159
- ref, value = extract_reference(value)
160
- refsec = section
161
- if ref.index('::')
162
- refsec, ref = ref.split('::', 2)
163
- end
164
- if v = get_key_string(data, refsec, ref)
165
- scanned << v
166
- else
167
- raise ConfigError, "variable has no value"
168
- end
169
- else
170
- raise 'must not reaced'
171
- end
172
- end
173
- scanned << value
174
- scanned.join
175
- end
176
-
177
- def extract_reference(value)
178
- rest = ''
179
- if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
180
- value = m[1] || m[2]
181
- rest = m.post_match
182
- elsif [?(, ?{].include?(value[0])
183
- raise ConfigError, "no close brace"
184
- end
185
- if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
186
- return m[0], m.post_match + rest
187
- else
188
- raise
189
- end
190
- end
191
-
192
- def clear_comments(line)
193
- # FCOMMENT
194
- if m = line.match(/\A([\t\n\f ]*);.*\z/)
195
- return m[1]
196
- end
197
- # COMMENT
198
- scanned = []
199
- while m = line.match(/[#'"\\]/)
200
- scanned << m.pre_match
201
- c = m[0]
202
- line = m.post_match
203
- case c
204
- when '#'
205
- line = nil
206
- break
207
- when "'", '"'
208
- regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
209
- scanned << c
210
- if m = line.match(regexp)
211
- scanned << m[0]
212
- line = m.post_match
213
- else
214
- scanned << line
215
- line = nil
216
- break
217
- end
218
- when "\\"
219
- scanned << c
220
- scanned << line.slice!(0, 1)
221
- else
222
- raise 'must not reaced'
223
- end
224
- end
225
- scanned << line
226
- scanned.join
227
- end
228
-
229
- def get_definition(io_stack)
230
- if line = get_line(io_stack)
231
- while /[^\\]\\\z/ =~ line
232
- if extra = get_line(io_stack)
233
- line += extra
234
- else
235
- break
236
- end
237
- end
238
- return line.strip
239
- end
240
- end
241
-
242
- def get_line(io_stack)
243
- while io = io_stack.last
244
- if line = io.gets
245
- return line.gsub(/[\r\n]*/, '')
246
- end
247
- io_stack.pop
248
- end
249
- end
250
- end
251
-
252
- ##
253
- # Creates an instance of OpenSSL's configuration class.
254
- #
255
- # This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
256
- #
257
- # If the optional _filename_ parameter is provided, then it is read in and
258
- # parsed via #parse_config.
259
- #
260
- # This can raise IO exceptions based on the access, or availability of the
261
- # file. A ConfigError exception may be raised depending on the validity of
262
- # the data being configured.
263
- #
264
- def initialize(filename = nil)
265
- @data = {}
266
- if filename
267
- File.open(filename.to_s) do |file|
268
- Config.parse_config(file).each do |section, hash|
269
- set_section(section, hash)
270
- end
271
- end
272
- end
273
- end
274
-
275
- ##
276
- # Gets the value of _key_ from the given _section_
277
- #
278
- # Given the following configurating file being loaded:
279
- #
280
- # config = OpenSSL::Config.load('foo.cnf')
281
- # #=> #<OpenSSL::Config sections=["default"]>
282
- # puts config.to_s
283
- # #=> [ default ]
284
- # # foo=bar
285
- #
286
- # You can get a specific value from the config if you know the _section_
287
- # and _key_ like so:
288
- #
289
- # config.get_value('default','foo')
290
- # #=> "bar"
291
- #
292
- def get_value(section, key)
293
- if section.nil?
294
- raise TypeError.new('nil not allowed')
295
- end
296
- section = 'default' if section.empty?
297
- get_key_string(section, key)
298
- end
299
-
300
- ##
301
- #
302
- # *Deprecated*
303
- #
304
- # Use #get_value instead
305
- def value(arg1, arg2 = nil) # :nodoc:
306
- warn('Config#value is deprecated; use Config#get_value')
307
- if arg2.nil?
308
- section, key = 'default', arg1
309
- else
310
- section, key = arg1, arg2
311
- end
312
- section ||= 'default'
313
- section = 'default' if section.empty?
314
- get_key_string(section, key)
315
- end
316
-
317
- ##
318
- # *Deprecated in v2.2.0*. This method will be removed in a future release.
319
- #
320
- # Set the target _key_ with a given _value_ under a specific _section_.
321
- #
322
- # Given the following configurating file being loaded:
323
- #
324
- # config = OpenSSL::Config.load('foo.cnf')
325
- # #=> #<OpenSSL::Config sections=["default"]>
326
- # puts config.to_s
327
- # #=> [ default ]
328
- # # foo=bar
329
- #
330
- # You can set the value of _foo_ under the _default_ section to a new
331
- # value:
332
- #
333
- # config.add_value('default', 'foo', 'buzz')
334
- # #=> "buzz"
335
- # puts config.to_s
336
- # #=> [ default ]
337
- # # foo=buzz
338
- #
339
- def add_value(section, key, value)
340
- check_modify
341
- (@data[section] ||= {})[key] = value
342
- end
343
-
344
- ##
345
- # Get a specific _section_ from the current configuration
346
- #
347
- # Given the following configurating file being loaded:
348
- #
349
- # config = OpenSSL::Config.load('foo.cnf')
350
- # #=> #<OpenSSL::Config sections=["default"]>
351
- # puts config.to_s
352
- # #=> [ default ]
353
- # # foo=bar
354
- #
355
- # You can get a hash of the specific section like so:
356
- #
357
- # config['default']
358
- # #=> {"foo"=>"bar"}
359
- #
360
- def [](section)
361
- @data[section] || {}
362
- end
363
-
364
- ##
365
- # Deprecated
366
- #
367
- # Use #[] instead
368
- def section(name) # :nodoc:
369
- warn('Config#section is deprecated; use Config#[]')
370
- @data[name] || {}
371
- end
372
-
373
- ##
374
- # *Deprecated in v2.2.0*. This method will be removed in a future release.
375
- #
376
- # Sets a specific _section_ name with a Hash _pairs_.
377
- #
378
- # Given the following configuration being created:
379
- #
380
- # config = OpenSSL::Config.new
381
- # #=> #<OpenSSL::Config sections=[]>
382
- # config['default'] = {"foo"=>"bar","baz"=>"buz"}
383
- # #=> {"foo"=>"bar", "baz"=>"buz"}
384
- # puts config.to_s
385
- # #=> [ default ]
386
- # # foo=bar
387
- # # baz=buz
388
- #
389
- # It's important to note that this will essentially merge any of the keys
390
- # in _pairs_ with the existing _section_. For example:
391
- #
392
- # config['default']
393
- # #=> {"foo"=>"bar", "baz"=>"buz"}
394
- # config['default'] = {"foo" => "changed"}
395
- # #=> {"foo"=>"changed"}
396
- # config['default']
397
- # #=> {"foo"=>"changed", "baz"=>"buz"}
398
- #
399
- def []=(section, pairs)
400
- check_modify
401
- set_section(section, pairs)
402
- end
403
-
404
- def set_section(section, pairs) # :nodoc:
405
- hash = @data[section] ||= {}
406
- pairs.each do |key, value|
407
- hash[key] = value
408
- end
409
- end
410
-
411
- ##
412
- # Get the names of all sections in the current configuration
413
- def sections
414
- @data.keys
415
- end
416
-
417
- ##
418
- # Get the parsable form of the current configuration
419
- #
420
- # Given the following configuration being created:
421
- #
422
- # config = OpenSSL::Config.new
423
- # #=> #<OpenSSL::Config sections=[]>
424
- # config['default'] = {"foo"=>"bar","baz"=>"buz"}
425
- # #=> {"foo"=>"bar", "baz"=>"buz"}
426
- # puts config.to_s
427
- # #=> [ default ]
428
- # # foo=bar
429
- # # baz=buz
430
- #
431
- # You can parse get the serialized configuration using #to_s and then parse
432
- # it later:
433
- #
434
- # serialized_config = config.to_s
435
- # # much later...
436
- # new_config = OpenSSL::Config.parse(serialized_config)
437
- # #=> #<OpenSSL::Config sections=["default"]>
438
- # puts new_config
439
- # #=> [ default ]
440
- # foo=bar
441
- # baz=buz
442
- #
443
- def to_s
444
- ary = []
445
- @data.keys.sort.each do |section|
446
- ary << "[ #{section} ]\n"
447
- @data[section].keys.each do |key|
448
- ary << "#{key}=#{@data[section][key]}\n"
449
- end
450
- ary << "\n"
451
- end
452
- ary.join
453
- end
454
-
455
- ##
456
- # For a block.
457
- #
458
- # Receive the section and its pairs for the current configuration.
459
- #
460
- # config.each do |section, key, value|
461
- # # ...
462
- # end
463
- #
464
- def each
465
- @data.each do |section, hash|
466
- hash.each do |key, value|
467
- yield [section, key, value]
468
- end
469
- end
470
- end
471
-
472
- ##
473
- # String representation of this configuration object, including the class
474
- # name and its sections.
475
- def inspect
476
- "#<#{self.class.name} sections=#{sections.inspect}>"
477
- end
478
-
479
- protected
480
-
481
- def data # :nodoc:
482
- @data
483
- end
484
-
485
- private
486
-
487
- def initialize_copy(other)
488
- @data = other.data.dup
489
- end
490
-
491
- def check_modify
492
- warn "#{caller(2, 1)[0]}: warning: do not modify OpenSSL::Config; this " \
493
- "method is deprecated and will be removed in a future release."
494
- raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
495
- end
496
-
497
- def get_key_string(section, key)
498
- Config.get_key_string(@data, section, key)
499
- end
500
- end
501
- end