openssl 3.2.4 → 3.3.0

data/ext/openssl/ossl_ocsp.h

@@ -6,18 +6,11 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_OCSP_H_)
 #define _OSSL_OCSP_H_
 
-#if !defined(OPENSSL_NO_OCSP)
-extern VALUE mOCSP;
-extern VALUE cOCSPReq;
-extern VALUE cOCSPRes;
-extern VALUE cOCSPBasicRes;
-#endif
-
 void Init_ossl_ocsp(void);
 
 #endif /* _OSSL_OCSP_H_ */

data/ext/openssl/ossl_pkcs12.c

@@ -1,6 +1,6 @@
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
@@ -27,8 +27,8 @@
 /*
  * Classes
  */
-VALUE cPKCS12;
-VALUE ePKCS12Error;
+static VALUE cPKCS12;
+static VALUE ePKCS12Error;
 
 /*
  * Private
@@ -134,6 +134,10 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
     if (!NIL_P(keytype))
         ktype = NUM2INT(keytype);
 
+    if (ktype != 0 && ktype != KEY_SIG && ktype != KEY_EX) {
+        ossl_raise(rb_eArgError, "Unknown key usage type %"PRIsVALUE, INT2NUM(ktype));
+    }
+
     obj = NewPKCS12(cPKCS12);
     x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca);
     p12 = PKCS12_create(passphrase, friendlyname, key, x509, x509s,
@@ -247,6 +251,48 @@ ossl_pkcs12_to_der(VALUE self)
     return str;
 }
 
+/*
+ * call-seq:
+ *    pkcs12.set_mac(pass, salt = nil, iter = nil, md_type = nil)
+ *
+ * Sets MAC parameters and generates MAC over the PKCS #12 structure.
+ *
+ * This method uses HMAC and the PKCS #12 specific password-based KDF as
+ * specified in the original PKCS #12.
+ *
+ * See also the man page PKCS12_set_mac(3).
+ *
+ * Added in version 3.3.0.
+ */
+static VALUE
+pkcs12_set_mac(int argc, VALUE *argv, VALUE self)
+{
+    PKCS12 *p12;
+    VALUE pass, salt, iter, md_name;
+    int iter_i = 0;
+    const EVP_MD *md_type = NULL;
+
+    rb_scan_args(argc, argv, "13", &pass, &salt, &iter, &md_name);
+    rb_check_frozen(self);
+    GetPKCS12(self, p12);
+
+    StringValue(pass);
+    if (!NIL_P(salt))
+        StringValue(salt);
+    if (!NIL_P(iter))
+        iter_i = NUM2INT(iter);
+    if (!NIL_P(md_name))
+        md_type = ossl_evp_get_digestbyname(md_name);
+
+    if (!PKCS12_set_mac(p12, RSTRING_PTR(pass), RSTRING_LENINT(pass),
+                        !NIL_P(salt) ? (unsigned char *)RSTRING_PTR(salt) : NULL,
+                        !NIL_P(salt) ? RSTRING_LENINT(salt) : 0,
+                        iter_i, md_type))
+        ossl_raise(ePKCS12Error, "PKCS12_set_mac");
+
+    return Qnil;
+}
+
 void
 Init_ossl_pkcs12(void)
 {
@@ -272,4 +318,9 @@ Init_ossl_pkcs12(void)
     rb_attr(cPKCS12, rb_intern("ca_certs"), 1, 0, Qfalse);
     rb_define_method(cPKCS12, "initialize", ossl_pkcs12_initialize, -1);
     rb_define_method(cPKCS12, "to_der", ossl_pkcs12_to_der, 0);
+    rb_define_method(cPKCS12, "set_mac", pkcs12_set_mac, -1);
+
+    /* MSIE specific PKCS12 key usage extensions */
+    rb_define_const(cPKCS12, "KEY_EX", INT2NUM(KEY_EX));
+    rb_define_const(cPKCS12, "KEY_SIG", INT2NUM(KEY_SIG));
 }

data/ext/openssl/ossl_pkcs12.h

@@ -1,13 +1,10 @@
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_PKCS12_H_)
 #define _OSSL_PKCS12_H_
 
-extern VALUE cPKCS12;
-extern VALUE ePKCS12Error;
-
 void Init_ossl_pkcs12(void);
 
 #endif /* _OSSL_PKCS12_H_ */

data/ext/openssl/ossl_pkcs7.c

@@ -5,10 +5,25 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
+#define NewPKCS7(klass) \
+    TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0)
+#define SetPKCS7(obj, pkcs7) do { \
+    if (!(pkcs7)) { \
+        ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
+    } \
+    RTYPEDDATA_DATA(obj) = (pkcs7); \
+} while (0)
+#define GetPKCS7(obj, pkcs7) do { \
+    TypedData_Get_Struct((obj), PKCS7, &ossl_pkcs7_type, (pkcs7)); \
+    if (!(pkcs7)) { \
+        ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
+    } \
+} while (0)
+
 #define NewPKCS7si(klass) \
     TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0)
 #define SetPKCS7si(obj, p7si) do { \
@@ -49,10 +64,10 @@
 /*
  * Classes
  */
-VALUE cPKCS7;
-VALUE cPKCS7Signer;
-VALUE cPKCS7Recipient;
-VALUE ePKCS7Error;
+static VALUE cPKCS7;
+static VALUE cPKCS7Signer;
+static VALUE cPKCS7Recipient;
+static VALUE ePKCS7Error;
 
 static void
 ossl_pkcs7_free(void *ptr)
@@ -60,7 +75,7 @@ ossl_pkcs7_free(void *ptr)
     PKCS7_free(ptr);
 }
 
-const rb_data_type_t ossl_pkcs7_type = {
+static const rb_data_type_t ossl_pkcs7_type = {
     "OpenSSL/PKCS7",
     {
 	0, ossl_pkcs7_free,
@@ -68,6 +83,20 @@ const rb_data_type_t ossl_pkcs7_type = {
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
 };
 
+VALUE
+ossl_pkcs7_new(PKCS7 *p7)
+{
+    PKCS7 *new;
+    VALUE obj = NewPKCS7(cPKCS7);
+
+    new = PKCS7_dup(p7);
+    if (!new)
+        ossl_raise(ePKCS7Error, "PKCS7_dup");
+    SetPKCS7(obj, new);
+
+    return obj;
+}
+
 static void
 ossl_pkcs7_signer_info_free(void *ptr)
 {
@@ -261,7 +290,14 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
 
 /*
  * call-seq:
- *    PKCS7.encrypt(certs, data, [, cipher [, flags]]) => pkcs7
+ *    PKCS7.encrypt(certs, data, cipher, flags = 0) => pkcs7
+ *
+ * Creates a PKCS #7 enveloped-data structure.
+ *
+ * Before version 3.3.0, +cipher+ was optional and defaulted to
+ * <tt>"RC2-40-CBC"</tt>.
+ *
+ * See also the man page PKCS7_encrypt(3).
  */
 static VALUE
 ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
@@ -275,21 +311,12 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
     PKCS7 *p7;
 
     rb_scan_args(argc, argv, "22", &certs, &data, &cipher, &flags);
-    if(NIL_P(cipher)){
-#if !defined(OPENSSL_NO_RC2)
-	ciph = EVP_rc2_40_cbc();
-#elif !defined(OPENSSL_NO_DES)
-	ciph = EVP_des_ede3_cbc();
-#elif !defined(OPENSSL_NO_RC2)
-	ciph = EVP_rc2_40_cbc();
-#elif !defined(OPENSSL_NO_AES)
-	ciph = EVP_EVP_aes_128_cbc();
-#else
-	ossl_raise(ePKCS7Error, "Must specify cipher");
-#endif
-
+    if (NIL_P(cipher)) {
+        rb_raise(rb_eArgError,
+                 "cipher must be specified. Before version 3.3, " \
+                 "the default cipher was RC2-40-CBC.");
     }
-    else ciph = ossl_evp_get_cipherbyname(cipher);
+    ciph = ossl_evp_get_cipherbyname(cipher);
     flg = NIL_P(flags) ? 0 : NUM2INT(flags);
     ret = NewPKCS7(cPKCS7);
     in = ossl_obj2bio(&data);
@@ -851,6 +878,25 @@ ossl_pkcs7_to_der(VALUE self)
     return str;
 }
 
+static VALUE
+ossl_pkcs7_to_text(VALUE self)
+{
+    PKCS7 *pkcs7;
+    BIO *out;
+    VALUE str;
+
+    GetPKCS7(self, pkcs7);
+    if(!(out = BIO_new(BIO_s_mem())))
+        ossl_raise(ePKCS7Error, NULL);
+    if(!PKCS7_print_ctx(out, pkcs7, 0, NULL)) {
+        BIO_free(out);
+        ossl_raise(ePKCS7Error, NULL);
+    }
+    str = ossl_membio2str(out);
+
+    return str;
+}
+
 static VALUE
 ossl_pkcs7_to_pem(VALUE self)
 {
@@ -932,7 +978,7 @@ static VALUE
 ossl_pkcs7si_get_signed_time(VALUE self)
 {
     PKCS7_SIGNER_INFO *p7si;
-    const ASN1_TYPE *asn1obj;
+    ASN1_TYPE *asn1obj;
 
     GetPKCS7si(self, p7si);
 
@@ -1060,6 +1106,7 @@ Init_ossl_pkcs7(void)
     rb_define_method(cPKCS7, "to_pem", ossl_pkcs7_to_pem, 0);
     rb_define_alias(cPKCS7,  "to_s", "to_pem");
     rb_define_method(cPKCS7, "to_der", ossl_pkcs7_to_der, 0);
+    rb_define_method(cPKCS7, "to_text", ossl_pkcs7_to_text, 0);
 
     cPKCS7Signer = rb_define_class_under(cPKCS7, "SignerInfo", rb_cObject);
     rb_define_const(cPKCS7, "Signer", cPKCS7Signer);

data/ext/openssl/ossl_pkcs7.h

@@ -5,32 +5,12 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_PKCS7_H_)
 #define _OSSL_PKCS7_H_
 
-#define NewPKCS7(klass) \
-    TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0)
-#define SetPKCS7(obj, pkcs7) do { \
-    if (!(pkcs7)) { \
-        ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
-    } \
-    RTYPEDDATA_DATA(obj) = (pkcs7); \
-} while (0)
-#define GetPKCS7(obj, pkcs7) do { \
-    TypedData_Get_Struct((obj), PKCS7, &ossl_pkcs7_type, (pkcs7)); \
-    if (!(pkcs7)) { \
-        ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
-    } \
-} while (0)
-
-extern const rb_data_type_t ossl_pkcs7_type;
-extern VALUE cPKCS7;
-extern VALUE cPKCS7Signer;
-extern VALUE cPKCS7Recipient;
-extern VALUE ePKCS7Error;
-
+VALUE ossl_pkcs7_new(PKCS7 *p7);
 void Init_ossl_pkcs7(void);
 
 #endif /* _OSSL_PKCS7_H_ */

data/ext/openssl/ossl_pkey.c

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
@@ -636,30 +636,6 @@ ossl_pkey_initialize_copy(VALUE self, VALUE other)
 #endif
 
 #ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
-
-#ifndef OSSL_USE_PROVIDER
-static int
-lookup_pkey_type(VALUE type)
-{
-    const EVP_PKEY_ASN1_METHOD *ameth;
-    int pkey_id;
-
-    StringValue(type);
-    /*
-     * XXX: EVP_PKEY_asn1_find_str() looks up a PEM type string. Should we use
-     * OBJ_txt2nid() instead (and then somehow check if the NID is an acceptable
-     * EVP_PKEY type)?
-     * It is probably fine, though, since it can handle all algorithms that
-     * support raw keys in 1.1.1: { X25519, X448, ED25519, ED448, HMAC }.
-     */
-    ameth = EVP_PKEY_asn1_find_str(NULL, RSTRING_PTR(type), RSTRING_LENINT(type));
-    if (!ameth)
-        ossl_raise(ePKeyError, "algorithm %"PRIsVALUE" not found", type);
-    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
-    return pkey_id;
-}
-#endif
-
 /*
  *  call-seq:
  *      OpenSSL::PKey.new_raw_private_key(algo, string) -> PKey
@@ -671,23 +647,22 @@ static VALUE
 ossl_pkey_new_raw_private_key(VALUE self, VALUE type, VALUE key)
 {
     EVP_PKEY *pkey;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    int pkey_id;
     size_t keylen;
 
+    StringValue(type);
     StringValue(key);
+    ameth = EVP_PKEY_asn1_find_str(NULL, RSTRING_PTR(type), RSTRING_LENINT(type));
+    if (!ameth)
+        ossl_raise(ePKeyError, "algorithm %"PRIsVALUE" not found", type);
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+
     keylen = RSTRING_LEN(key);
 
-#ifdef OSSL_USE_PROVIDER
-    pkey = EVP_PKEY_new_raw_private_key_ex(NULL, StringValueCStr(type), NULL,
-                                           (unsigned char *)RSTRING_PTR(key),
-                                           keylen);
-    if (!pkey)
-        ossl_raise(ePKeyError, "EVP_PKEY_new_raw_private_key_ex");
-#else
-    int pkey_id = lookup_pkey_type(type);
     pkey = EVP_PKEY_new_raw_private_key(pkey_id, NULL, (unsigned char *)RSTRING_PTR(key), keylen);
     if (!pkey)
         ossl_raise(ePKeyError, "EVP_PKEY_new_raw_private_key");
-#endif
 
     return ossl_pkey_new(pkey);
 }
@@ -705,23 +680,22 @@ static VALUE
 ossl_pkey_new_raw_public_key(VALUE self, VALUE type, VALUE key)
 {
     EVP_PKEY *pkey;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    int pkey_id;
     size_t keylen;
 
+    StringValue(type);
     StringValue(key);
+    ameth = EVP_PKEY_asn1_find_str(NULL, RSTRING_PTR(type), RSTRING_LENINT(type));
+    if (!ameth)
+        ossl_raise(ePKeyError, "algorithm %"PRIsVALUE" not found", type);
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+
     keylen = RSTRING_LEN(key);
 
-#ifdef OSSL_USE_PROVIDER
-    pkey = EVP_PKEY_new_raw_public_key_ex(NULL, StringValueCStr(type), NULL,
-                                          (unsigned char *)RSTRING_PTR(key),
-                                          keylen);
-    if (!pkey)
-        ossl_raise(ePKeyError, "EVP_PKEY_new_raw_public_key_ex");
-#else
-    int pkey_id = lookup_pkey_type(type);
     pkey = EVP_PKEY_new_raw_public_key(pkey_id, NULL, (unsigned char *)RSTRING_PTR(key), keylen);
     if (!pkey)
         ossl_raise(ePKeyError, "EVP_PKEY_new_raw_public_key");
-#endif
 
     return ossl_pkey_new(pkey);
 }
@@ -741,10 +715,6 @@ ossl_pkey_oid(VALUE self)
 
     GetPKey(self, pkey);
     nid = EVP_PKEY_id(pkey);
-#ifdef OSSL_USE_PROVIDER
-    if (nid == EVP_PKEY_KEYMGMT)
-        ossl_raise(ePKeyError, "EVP_PKEY_id");
-#endif
     return rb_str_new_cstr(OBJ_nid2sn(nid));
 }
 
@@ -758,23 +728,13 @@ static VALUE
 ossl_pkey_inspect(VALUE self)
 {
     EVP_PKEY *pkey;
+    int nid;
 
     GetPKey(self, pkey);
-    VALUE str = rb_sprintf("#<%"PRIsVALUE":%p",
-                           rb_obj_class(self), (void *)self);
-    int nid = EVP_PKEY_id(pkey);
-#ifdef OSSL_USE_PROVIDER
-    if (nid != EVP_PKEY_KEYMGMT)
-#endif
-    rb_str_catf(str, " oid=%s", OBJ_nid2sn(nid));
-#ifdef OSSL_USE_PROVIDER
-    rb_str_catf(str, " type_name=%s", EVP_PKEY_get0_type_name(pkey));
-    const OSSL_PROVIDER *prov = EVP_PKEY_get0_provider(pkey);
-    if (prov)
-        rb_str_catf(str, " provider=%s", OSSL_PROVIDER_get0_name(prov));
-#endif
-    rb_str_catf(str, ">");
-    return str;
+    nid = EVP_PKEY_id(pkey);
+    return rb_sprintf("#<%"PRIsVALUE":%p oid=%s>",
+                      rb_class_name(CLASS_OF(self)), (void *)self,
+                      OBJ_nid2sn(nid));
 }
 
 /*
@@ -977,7 +937,6 @@ ossl_pkey_export_spki(VALUE self, int to_der)
     BIO *bio;
 
     GetPKey(self, pkey);
-    ossl_pkey_check_public_key(pkey);
     bio = BIO_new(BIO_s_mem());
     if (!bio)
 	ossl_raise(ePKeyError, "BIO_new");

data/ext/openssl/ossl_pkey.h

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(OSSL_PKEY_H)
 #define OSSL_PKEY_H
@@ -53,35 +53,24 @@ void Init_ossl_pkey(void);
  * RSA
  */
 extern VALUE cRSA;
-extern VALUE eRSAError;
-
 void Init_ossl_rsa(void);
 
 /*
  * DSA
  */
 extern VALUE cDSA;
-extern VALUE eDSAError;
-
 void Init_ossl_dsa(void);
 
 /*
  * DH
  */
 extern VALUE cDH;
-extern VALUE eDHError;
-
 void Init_ossl_dh(void);
 
 /*
  * EC
  */
 extern VALUE cEC;
-extern VALUE eECError;
-extern VALUE cEC_GROUP;
-extern VALUE eEC_GROUP;
-extern VALUE cEC_POINT;
-extern VALUE eEC_POINT;
 VALUE ossl_ec_new(EVP_PKEY *);
 void Init_ossl_ec(void);
 
@@ -136,7 +125,7 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALU
 		BN_clear_free(bn1);					\
 		BN_clear_free(bn2);					\
 		BN_clear_free(bn3);					\
-		ossl_raise(eBNError, NULL);				\
+		ossl_raise(ePKeyError, "BN_dup");			\
 	}								\
 									\
 	if (!_type##_set0_##_group(obj, bn1, bn2, bn3)) {		\
@@ -164,7 +153,7 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
             (orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) {			\
 		BN_clear_free(bn1);					\
 		BN_clear_free(bn2);					\
-		ossl_raise(eBNError, NULL);				\
+		ossl_raise(ePKeyError, "BN_dup");			\
 	}								\
 									\
 	if (!_type##_set0_##_group(obj, bn1, bn2)) {			\

data/ext/openssl/ossl_pkey_dh.c

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
@@ -21,15 +21,13 @@
     EVP_PKEY *_pkey; \
     GetPKeyDH((obj), _pkey); \
     (dh) = EVP_PKEY_get0_DH(_pkey); \
-    if ((dh) == NULL) \
-        ossl_raise(eDHError, "failed to get DH from EVP_PKEY"); \
 } while (0)
 
 /*
  * Classes
  */
 VALUE cDH;
-VALUE eDHError;
+static VALUE eDHError;
 
 /*
  * Private

data/ext/openssl/ossl_pkey_dsa.c

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
@@ -21,8 +21,6 @@
     EVP_PKEY *_pkey; \
     GetPKeyDSA((obj), _pkey); \
     (dsa) = EVP_PKEY_get0_DSA(_pkey); \
-    if ((dsa) == NULL) \
-        ossl_raise(eDSAError, "failed to get DSA from EVP_PKEY"); \
 } while (0)
 
 static inline int
@@ -43,7 +41,7 @@ DSA_PRIVATE(VALUE obj, OSSL_3_const DSA *dsa)
  * Classes
  */
 VALUE cDSA;
-VALUE eDSAError;
+static VALUE eDSAError;
 
 /*
  * Private

data/ext/openssl/ossl_pkey_ec.c

@@ -22,8 +22,6 @@ static const rb_data_type_t ossl_ec_point_type;
     EVP_PKEY *_pkey; \
     GetPKeyEC(obj, _pkey); \
     (key) = EVP_PKEY_get0_EC_KEY(_pkey); \
-    if ((key) == NULL) \
-        ossl_raise(eECError, "failed to get EC_KEY from EVP_PKEY"); \
 } while (0)
 
 #define GetECGroup(obj, group) do { \
@@ -43,11 +41,11 @@ static const rb_data_type_t ossl_ec_point_type;
 } while (0)
 
 VALUE cEC;
-VALUE eECError;
-VALUE cEC_GROUP;
-VALUE eEC_GROUP;
-VALUE cEC_POINT;
-VALUE eEC_POINT;
+static VALUE eECError;
+static VALUE cEC_GROUP;
+static VALUE eEC_GROUP;
+static VALUE cEC_POINT;
+static VALUE eEC_POINT;
 
 static ID s_GFp, s_GF2m;
 
@@ -176,7 +174,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
     type = EVP_PKEY_base_id(pkey);
     if (type != EVP_PKEY_EC) {
         EVP_PKEY_free(pkey);
-        rb_raise(eDSAError, "incorrect pkey type: %s", OBJ_nid2sn(type));
+        rb_raise(eECError, "incorrect pkey type: %s", OBJ_nid2sn(type));
     }
     RTYPEDDATA_DATA(self) = pkey;
     return self;

data/ext/openssl/ossl_pkey_rsa.c

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
@@ -21,8 +21,6 @@
     EVP_PKEY *_pkey; \
     GetPKeyRSA((obj), _pkey); \
     (rsa) = EVP_PKEY_get0_RSA(_pkey); \
-    if ((rsa) == NULL) \
-        ossl_raise(eRSAError, "failed to get RSA from EVP_PKEY"); \
 } while (0)
 
 static inline int
@@ -44,7 +42,7 @@ RSA_PRIVATE(VALUE obj, OSSL_3_const RSA *rsa)
  * Classes
  */
 VALUE cRSA;
-VALUE eRSAError;
+static VALUE eRSAError;
 
 /*
  * Private

data/ext/openssl/ossl_provider.c

@@ -1,10 +1,12 @@
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
 #ifdef OSSL_USE_PROVIDER
+# include <openssl/provider.h>
+
 #define NewProvider(klass) \
     TypedData_Wrap_Struct((klass), &ossl_provider_type, 0)
 #define SetProvider(obj, provider) do { \

data/ext/openssl/ossl_rand.c

@@ -5,12 +5,12 @@
  * All rights reserved.
  *
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
-VALUE mRandom;
-VALUE eRandomError;
+static VALUE mRandom;
+static VALUE eRandomError;
 
 /*
  *  call-seq:

data/ext/openssl/ossl_rand.h

@@ -5,14 +5,11 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_RAND_H_)
 #define _OSSL_RAND_H_
 
-extern VALUE mRandom;
-extern VALUE eRandomError;
-
 void Init_ossl_rand(void);
 
 #endif /* _OSSL_RAND_H_ */