RubyGems - openssl - Versions diffs - 3.3.2 → 4.0.0 - Mend

openssl 3.3.2 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

checksums.yaml +4 -4
data/CONTRIBUTING.md +3 -0
data/History.md +85 -0
data/README.md +12 -11
data/ext/openssl/extconf.rb +30 -69
data/ext/openssl/openssl_missing.h +0 -206
data/ext/openssl/ossl.c +280 -301
data/ext/openssl/ossl.h +15 -10
data/ext/openssl/ossl_asn1.c +598 -406
data/ext/openssl/ossl_asn1.h +15 -1
data/ext/openssl/ossl_bio.c +3 -3
data/ext/openssl/ossl_bn.c +286 -291
data/ext/openssl/ossl_cipher.c +252 -203
data/ext/openssl/ossl_cipher.h +10 -1
data/ext/openssl/ossl_config.c +1 -6
data/ext/openssl/ossl_digest.c +74 -43
data/ext/openssl/ossl_digest.h +9 -1
data/ext/openssl/ossl_engine.c +39 -103
data/ext/openssl/ossl_hmac.c +30 -36
data/ext/openssl/ossl_kdf.c +42 -53
data/ext/openssl/ossl_ns_spki.c +31 -37
data/ext/openssl/ossl_ocsp.c +214 -241
data/ext/openssl/ossl_pkcs12.c +26 -26
data/ext/openssl/ossl_pkcs7.c +175 -145
data/ext/openssl/ossl_pkey.c +162 -178
data/ext/openssl/ossl_pkey.h +99 -99
data/ext/openssl/ossl_pkey_dh.c +31 -68
data/ext/openssl/ossl_pkey_dsa.c +15 -54
data/ext/openssl/ossl_pkey_ec.c +179 -237
data/ext/openssl/ossl_pkey_rsa.c +56 -103
data/ext/openssl/ossl_provider.c +0 -7
data/ext/openssl/ossl_rand.c +7 -14
data/ext/openssl/ossl_ssl.c +478 -353
data/ext/openssl/ossl_ssl.h +8 -8
data/ext/openssl/ossl_ssl_session.c +93 -97
data/ext/openssl/ossl_ts.c +81 -127
data/ext/openssl/ossl_x509.c +9 -28
data/ext/openssl/ossl_x509attr.c +33 -54
data/ext/openssl/ossl_x509cert.c +69 -100
data/ext/openssl/ossl_x509crl.c +78 -89
data/ext/openssl/ossl_x509ext.c +45 -66
data/ext/openssl/ossl_x509name.c +63 -88
data/ext/openssl/ossl_x509req.c +55 -62
data/ext/openssl/ossl_x509revoked.c +27 -41
data/ext/openssl/ossl_x509store.c +38 -56
data/lib/openssl/buffering.rb +30 -24
data/lib/openssl/digest.rb +1 -1
data/lib/openssl/pkey.rb +71 -49
data/lib/openssl/ssl.rb +12 -79
data/lib/openssl/version.rb +2 -1
data/lib/openssl/x509.rb +9 -0
data/lib/openssl.rb +9 -6
metadata +1 -3
data/ext/openssl/openssl_missing.c +0 -40
data/lib/openssl/asn1.rb +0 -188

data/ext/openssl/ossl_pkcs12.c CHANGED Viewed

@@ -42,7 +42,7 @@ ossl_pkcs12_free(void *ptr)
 static const rb_data_type_t ossl_pkcs12_type = {
     "OpenSSL/PKCS12",
     {
-	0, ossl_pkcs12_free,
+        0, ossl_pkcs12_free,
     },
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
 };
@@ -60,6 +60,7 @@ ossl_pkcs12_s_allocate(VALUE klass)
     return obj;
 }
+/* :nodoc: */
 static VALUE
 ossl_pkcs12_initialize_copy(VALUE self, VALUE other)
 {
@@ -71,7 +72,7 @@ ossl_pkcs12_initialize_copy(VALUE self, VALUE other)
     p12_new = ASN1_dup((i2d_of_void *)i2d_PKCS12, (d2i_of_void *)d2i_PKCS12, (char *)p12);
     if (!p12_new)
-	ossl_raise(ePKCS12Error, "ASN1_dup");
+        ossl_raise(ePKCS12Error, "ASN1_dup");
     SetPKCS12(self, p12_new);
     PKCS12_free(p12_old);
@@ -121,11 +122,11 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
 /* TODO: make a VALUE to nid function */
     if (!NIL_P(key_nid)) {
         if ((nkey = OBJ_txt2nid(StringValueCStr(key_nid))) == NID_undef)
-	    ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, key_nid);
+            ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, key_nid);
     }
     if (!NIL_P(cert_nid)) {
         if ((ncert = OBJ_txt2nid(StringValueCStr(cert_nid))) == NID_undef)
-	    ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, cert_nid);
+            ossl_raise(rb_eArgError, "Unknown PBE algorithm %"PRIsVALUE, cert_nid);
     }
     if (!NIL_P(key_iter))
         kiter = NUM2INT(key_iter);
@@ -134,9 +135,15 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
     if (!NIL_P(keytype))
         ktype = NUM2INT(keytype);
+#if defined(OPENSSL_IS_AWSLC)
+    if (ktype != 0) {
+        ossl_raise(rb_eArgError, "Unknown key usage type %"PRIsVALUE, INT2NUM(ktype));
+    }
+#else
     if (ktype != 0 && ktype != KEY_SIG && ktype != KEY_EX) {
         ossl_raise(rb_eArgError, "Unknown key usage type %"PRIsVALUE, INT2NUM(ktype));
     }
+#endif
     obj = NewPKCS12(cPKCS12);
     x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca);
@@ -154,9 +161,9 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
 }
 static VALUE
-ossl_pkey_new_i(VALUE arg)
+ossl_pkey_wrap_i(VALUE arg)
 {
-    return ossl_pkey_new((EVP_PKEY *)arg);
+    return ossl_pkey_wrap((EVP_PKEY *)arg);
 }
 static VALUE
@@ -201,23 +208,19 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
     BIO_free(in);
     pkey = cert = ca = Qnil;
-    /* OpenSSL's bug; PKCS12_parse() puts errors even if it succeeds.
-     * Fixed in OpenSSL 1.0.0t, 1.0.1p, 1.0.2d */
-    ERR_set_mark();
     if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s))
-	ossl_raise(ePKCS12Error, "PKCS12_parse");
-    ERR_pop_to_mark();
+        ossl_raise(ePKCS12Error, "PKCS12_parse");
     if (key) {
-	pkey = rb_protect(ossl_pkey_new_i, (VALUE)key, &st);
-	if (st) goto err;
+        pkey = rb_protect(ossl_pkey_wrap_i, (VALUE)key, &st);
+        if (st) goto err;
     }
     if (x509) {
-	cert = rb_protect(ossl_x509_new_i, (VALUE)x509, &st);
-	if (st) goto err;
+        cert = rb_protect(ossl_x509_new_i, (VALUE)x509, &st);
+        if (st) goto err;
     }
     if (x509s) {
-	ca = rb_protect(ossl_x509_sk2ary_i, (VALUE)x509s, &st);
-	if (st) goto err;
+        ca = rb_protect(ossl_x509_sk2ary_i, (VALUE)x509s, &st);
+        if (st) goto err;
     }
   err:
@@ -241,11 +244,11 @@ ossl_pkcs12_to_der(VALUE self)
     GetPKCS12(self, p12);
     if((len = i2d_PKCS12(p12, NULL)) <= 0)
-	ossl_raise(ePKCS12Error, NULL);
+        ossl_raise(ePKCS12Error, NULL);
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
     if(i2d_PKCS12(p12, &p) <= 0)
-	ossl_raise(ePKCS12Error, NULL);
+        ossl_raise(ePKCS12Error, NULL);
     ossl_str_adjust(str, p);
     return str;
@@ -268,7 +271,7 @@ static VALUE
 pkcs12_set_mac(int argc, VALUE *argv, VALUE self)
 {
     PKCS12 *p12;
-    VALUE pass, salt, iter, md_name;
+    VALUE pass, salt, iter, md_name, md_holder = Qnil;
     int iter_i = 0;
     const EVP_MD *md_type = NULL;
@@ -282,7 +285,7 @@ pkcs12_set_mac(int argc, VALUE *argv, VALUE self)
     if (!NIL_P(iter))
         iter_i = NUM2INT(iter);
     if (!NIL_P(md_name))
-        md_type = ossl_evp_get_digestbyname(md_name);
+        md_type = ossl_evp_md_fetch(md_name, &md_holder);
     if (!PKCS12_set_mac(p12, RSTRING_PTR(pass), RSTRING_LENINT(pass),
                         !NIL_P(salt) ? (unsigned char *)RSTRING_PTR(salt) : NULL,
@@ -297,11 +300,6 @@ void
 Init_ossl_pkcs12(void)
 {
 #undef rb_intern
-#if 0
-    mOSSL = rb_define_module("OpenSSL");
-    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
-#endif
     /*
      * Defines a file format commonly used to store private keys with
      * accompanying public key certificates, protected with a password-based
@@ -320,7 +318,9 @@ Init_ossl_pkcs12(void)
     rb_define_method(cPKCS12, "to_der", ossl_pkcs12_to_der, 0);
     rb_define_method(cPKCS12, "set_mac", pkcs12_set_mac, -1);
+#if !defined(OPENSSL_IS_AWSLC)
     /* MSIE specific PKCS12 key usage extensions */
     rb_define_const(cPKCS12, "KEY_EX", INT2NUM(KEY_EX));
     rb_define_const(cPKCS12, "KEY_SIG", INT2NUM(KEY_SIG));
+#endif
 }