openssl 3.3.2 → 4.0.0

data/lib/openssl/pkey.rb

@@ -7,6 +7,9 @@
 require_relative 'marshal'
 
 module OpenSSL::PKey
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  DHError = PKeyError
+
   class DH
     include OpenSSL::Marshal
 
@@ -34,6 +37,18 @@ module OpenSSL::PKey
       DH.new(to_der)
     end
 
+    # :call-seq:
+    #    dh.params -> hash
+    #
+    # Stores all parameters of key to a Hash.
+    #
+    # The hash has keys 'p', 'q', 'g', 'pub_key', and 'priv_key'.
+    def params
+      %w{p q g pub_key priv_key}.map { |name|
+        [name, send(name)]
+      }.to_h
+    end
+
     # :call-seq:
     #    dh.compute_key(pub_bn) -> string
     #
@@ -90,7 +105,7 @@ module OpenSSL::PKey
     #   puts dh0.pub_key == dh.pub_key #=> false
     def generate_key!
       if OpenSSL::OPENSSL_VERSION_NUMBER >= 0x30000000
-        raise DHError, "OpenSSL::PKey::DH is immutable on OpenSSL 3.0; " \
+        raise PKeyError, "OpenSSL::PKey::DH is immutable on OpenSSL 3.0; " \
         "use OpenSSL::PKey.generate_key instead"
       end
 
@@ -135,6 +150,9 @@ module OpenSSL::PKey
     end
   end
 
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  DSAError = PKeyError
+
   class DSA
     include OpenSSL::Marshal
 
@@ -154,6 +172,18 @@ module OpenSSL::PKey
       OpenSSL::PKey.read(public_to_der)
     end
 
+    # :call-seq:
+    #    dsa.params -> hash
+    #
+    # Stores all parameters of key to a Hash.
+    #
+    # The hash has keys 'p', 'q', 'g', 'pub_key', and 'priv_key'.
+    def params
+      %w{p q g pub_key priv_key}.map { |name|
+        [name, send(name)]
+      }.to_h
+    end
+
     class << self
       # :call-seq:
       #    DSA.generate(size) -> dsa
@@ -218,13 +248,9 @@ module OpenSSL::PKey
     #   sig = dsa.sign_raw(nil, digest)
     #   p dsa.verify_raw(nil, sig, digest) #=> true
     def syssign(string)
-      q or raise OpenSSL::PKey::DSAError, "incomplete DSA"
-      private? or raise OpenSSL::PKey::DSAError, "Private DSA key needed!"
-      begin
-        sign_raw(nil, string)
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::DSAError, $!.message
-      end
+      q or raise PKeyError, "incomplete DSA"
+      private? or raise PKeyError, "Private DSA key needed!"
+      sign_raw(nil, string)
     end
 
     # :call-seq:
@@ -242,12 +268,13 @@ module OpenSSL::PKey
     #   A \DSA signature value.
     def sysverify(digest, sig)
       verify_raw(nil, sig, digest)
-    rescue OpenSSL::PKey::PKeyError
-      raise OpenSSL::PKey::DSAError, $!.message
     end
   end
 
   if defined?(EC)
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  ECError = PKeyError
+
   class EC
     include OpenSSL::Marshal
 
@@ -258,8 +285,6 @@ module OpenSSL::PKey
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
     def dsa_sign_asn1(data)
       sign_raw(nil, data)
-    rescue OpenSSL::PKey::PKeyError
-      raise OpenSSL::PKey::ECError, $!.message
     end
 
     # :call-seq:
@@ -269,8 +294,6 @@ module OpenSSL::PKey
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw instead.
     def dsa_verify_asn1(data, sig)
       verify_raw(nil, sig, data)
-    rescue OpenSSL::PKey::PKeyError
-      raise OpenSSL::PKey::ECError, $!.message
     end
 
     # :call-seq:
@@ -310,6 +333,9 @@ module OpenSSL::PKey
   end
   end
 
+  # Alias of PKeyError. Before version 4.0.0, this was a subclass of PKeyError.
+  RSAError = PKeyError
+
   class RSA
     include OpenSSL::Marshal
 
@@ -328,6 +354,18 @@ module OpenSSL::PKey
       OpenSSL::PKey.read(public_to_der)
     end
 
+    # :call-seq:
+    #    rsa.params -> hash
+    #
+    # Stores all parameters of key to a Hash.
+    #
+    # The hash has keys 'n', 'e', 'd', 'p', 'q', 'dmp1', 'dmq1', and 'iqmp'.
+    def params
+      %w{n e d p q dmp1 dmq1 iqmp}.map { |name|
+        [name, send(name)]
+      }.to_h
+    end
+
     class << self
       # :call-seq:
       #    RSA.generate(size, exponent = 65537) -> RSA
@@ -371,15 +409,11 @@ module OpenSSL::PKey
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
     # PKey::PKey#verify_recover instead.
     def private_encrypt(string, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      private? or raise OpenSSL::PKey::RSAError, "private key needed."
-      begin
-        sign_raw(nil, string, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      private? or raise PKeyError, "private key needed."
+      sign_raw(nil, string, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     # :call-seq:
@@ -394,14 +428,10 @@ module OpenSSL::PKey
     # Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and
     # PKey::PKey#verify_recover instead.
     def public_decrypt(string, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      begin
-        verify_recover(nil, string, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      verify_recover(nil, string, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     # :call-seq:
@@ -416,14 +446,10 @@ module OpenSSL::PKey
     # <b>Deprecated in version 3.0</b>.
     # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
     def public_encrypt(data, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      begin
-        encrypt(data, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      encrypt(data, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     # :call-seq:
@@ -437,15 +463,11 @@ module OpenSSL::PKey
     # <b>Deprecated in version 3.0</b>.
     # Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
     def private_decrypt(data, padding = PKCS1_PADDING)
-      n or raise OpenSSL::PKey::RSAError, "incomplete RSA"
-      private? or raise OpenSSL::PKey::RSAError, "private key needed."
-      begin
-        decrypt(data, {
-          "rsa_padding_mode" => translate_padding_mode(padding),
-        })
-      rescue OpenSSL::PKey::PKeyError
-        raise OpenSSL::PKey::RSAError, $!.message
-      end
+      n or raise PKeyError, "incomplete RSA"
+      private? or raise PKeyError, "private key needed."
+      decrypt(data, {
+        "rsa_padding_mode" => translate_padding_mode(padding),
+      })
     end
 
     PKCS1_PADDING = 1
@@ -464,7 +486,7 @@ module OpenSSL::PKey
       when PKCS1_OAEP_PADDING
         "oaep"
       else
-        raise OpenSSL::PKey::PKeyError, "unsupported padding mode"
+        raise PKeyError, "unsupported padding mode"
       end
     end
   end

data/lib/openssl/ssl.rb

@@ -32,27 +32,7 @@ module OpenSSL
         }.call
       }
 
-      if defined?(OpenSSL::PKey::DH)
-        DH_ffdhe2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
-+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
-87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
-YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
-7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
-ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
------END DH PARAMETERS-----
-        _end_of_pem_
-        private_constant :DH_ffdhe2048
-
-        DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
-          warn "using default DH parameters." if $VERBOSE
-          DH_ffdhe2048
-        }
-      end
-
-      if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
-           OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
+      if !OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL")
         DEFAULT_PARAMS.merge!(
           min_version: OpenSSL::SSL::TLS1_VERSION,
           ciphers: %w{
@@ -86,26 +66,14 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
             AES256-SHA256
             AES128-SHA
             AES256-SHA
-          }.join(":"),
+          }.join(":").freeze,
         )
       end
+      DEFAULT_PARAMS.freeze
 
       DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
       DEFAULT_CERT_STORE.set_default_paths
 
-      # A callback invoked when DH parameters are required for ephemeral DH key
-      # exchange.
-      #
-      # The callback is invoked with the SSLSocket, a
-      # flag indicating the use of an export cipher and the keylength
-      # required.
-      #
-      # The callback must return an OpenSSL::PKey::DH instance of the correct
-      # key length.
-      #
-      # <b>Deprecated in version 3.0.</b> Use #tmp_dh= instead.
-      attr_accessor :tmp_dh_callback
-
       # A callback invoked at connect time to distinguish between multiple
       # server names.
       #
@@ -147,49 +115,19 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
         params.each{|name, value| self.__send__("#{name}=", value) }
         if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
           unless self.ca_file or self.ca_path or self.cert_store
-            self.cert_store = DEFAULT_CERT_STORE
+            if not defined?(Ractor) or Ractor.current == Ractor.main
+              self.cert_store = DEFAULT_CERT_STORE
+            else
+              self.cert_store = Ractor.current[:__openssl_default_store__] ||=
+                OpenSSL::X509::Store.new.tap { |store|
+                  store.set_default_paths
+                }
+            end
           end
         end
         return params
       end
 
-      # call-seq:
-      #    ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
-      #    ctx.min_version = :TLS1_2
-      #    ctx.min_version = nil
-      #
-      # Sets the lower bound on the supported SSL/TLS protocol version. The
-      # version may be specified by an integer constant named
-      # OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
-      #
-      # Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
-      # options by #options= once you have called #min_version= or
-      # #max_version=.
-      #
-      # === Example
-      #   ctx = OpenSSL::SSL::SSLContext.new
-      #   ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
-      #   ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
-      #
-      #   sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
-      #   sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
-      def min_version=(version)
-        set_minmax_proto_version(version, @max_proto_version ||= nil)
-        @min_proto_version = version
-      end
-
-      # call-seq:
-      #    ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
-      #    ctx.max_version = :TLS1_2
-      #    ctx.max_version = nil
-      #
-      # Sets the upper bound of the supported SSL/TLS protocol version. See
-      # #min_version= for the possible values.
-      def max_version=(version)
-        set_minmax_proto_version(@min_proto_version ||= nil, version)
-        @max_proto_version = version
-      end
-
       # call-seq:
       #    ctx.ssl_version = :TLSv1
       #    ctx.ssl_version = "SSLv23"
@@ -214,8 +152,7 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
         end
         version = METHODS_MAP[meth.intern] or
           raise ArgumentError, "unknown SSL method `%s'" % meth
-        set_minmax_proto_version(version, version)
-        @min_proto_version = @max_proto_version = version
+        self.min_version = self.max_version = version
       end
 
       METHODS_MAP = {
@@ -495,10 +432,6 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
         @context.client_cert_cb
       end
 
-      def tmp_dh_callback
-        @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
-      end
-
       def session_new_cb
         @context.session_new_cb
       end

data/lib/openssl/version.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
 module OpenSSL
-  VERSION = "3.3.2"
+  # The version string of Ruby/OpenSSL.
+  VERSION = "4.0.0"
 end

data/lib/openssl/x509.rb

@@ -346,6 +346,15 @@ module OpenSSL
       include Extension::CRLDistributionPoints
       include Extension::AuthorityInfoAccess
 
+      def inspect
+        "#<#{self.class}: " \
+          "subject=#{subject.inspect}, " \
+          "issuer=#{issuer.inspect}, " \
+          "serial=#{serial.inspect}, " \
+          "not_before=#{not_before.inspect rescue "(error)"}, " \
+          "not_after=#{not_after.inspect rescue "(error)"}>"
+      end
+
       def pretty_print(q)
         q.object_group(self) {
           q.breakable

data/lib/openssl.rb

@@ -13,23 +13,26 @@
 require 'openssl.so'
 
 require_relative 'openssl/bn'
-require_relative 'openssl/asn1'
-require_relative 'openssl/pkey'
 require_relative 'openssl/cipher'
 require_relative 'openssl/digest'
 require_relative 'openssl/hmac'
-require_relative 'openssl/x509'
-require_relative 'openssl/ssl'
 require_relative 'openssl/pkcs5'
+require_relative 'openssl/pkey'
+require_relative 'openssl/ssl'
 require_relative 'openssl/version'
+require_relative 'openssl/x509'
 
 module OpenSSL
-  # call-seq:
-  #   OpenSSL.secure_compare(string, string) -> boolean
+  # :call-seq:
+  #    OpenSSL.secure_compare(string, string) -> true or false
   #
   # Constant time memory comparison. Inputs are hashed using SHA-256 to mask
   # the length of the secret. Returns +true+ if the strings are identical,
   # +false+ otherwise.
+  #
+  # This method is expensive due to the SHA-256 hashing. In most cases, where
+  # the input lengths are known to be equal or are not sensitive,
+  # OpenSSL.fixed_length_secure_compare should be used instead.
   def self.secure_compare(a, b)
     hashed_a = OpenSSL::Digest.digest('SHA256', a)
     hashed_b = OpenSSL::Digest.digest('SHA256', b)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openssl
 version: !ruby/object:Gem::Version
-  version: 3.3.2
+  version: 4.0.0
 platform: ruby
 authors:
 - Martin Bosslet
@@ -30,7 +30,6 @@ files:
 - History.md
 - README.md
 - ext/openssl/extconf.rb
-- ext/openssl/openssl_missing.c
 - ext/openssl/openssl_missing.h
 - ext/openssl/ossl.c
 - ext/openssl/ossl.h
@@ -86,7 +85,6 @@ files:
 - ext/openssl/ossl_x509revoked.c
 - ext/openssl/ossl_x509store.c
 - lib/openssl.rb
-- lib/openssl/asn1.rb
 - lib/openssl/bn.rb
 - lib/openssl/buffering.rb
 - lib/openssl/cipher.rb

data/ext/openssl/openssl_missing.c

@@ -1,40 +0,0 @@
-/*
- * 'OpenSSL for Ruby' project
- * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
- * All rights reserved.
- */
-/*
- * This program is licensed under the same licence as Ruby.
- * (See the file 'COPYING'.)
- */
-#include RUBY_EXTCONF_H
-
-#include <string.h> /* memcpy() */
-#include <openssl/x509_vfy.h>
-
-#include "openssl_missing.h"
-
-/*** added in 1.1.0 ***/
-#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
-void
-ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
-			     const X509_ALGOR **palg)
-{
-    if (psig != NULL)
-	*psig = crl->signature;
-    if (palg != NULL)
-	*palg = crl->sig_alg;
-}
-#endif
-
-#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
-void
-ossl_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
-			     const X509_ALGOR **palg)
-{
-    if (psig != NULL)
-	*psig = req->signature;
-    if (palg != NULL)
-	*palg = req->sig_alg;
-}
-#endif

data/lib/openssl/asn1.rb

@@ -1,188 +0,0 @@
-# frozen_string_literal: true
-#--
-#
-# = Ruby-space definitions that completes C-space funcs for ASN.1
-#
-# = Licence
-# This program is licensed under the same licence as Ruby.
-# (See the file 'COPYING'.)
-#++
-
-module OpenSSL
-  module ASN1
-    class ASN1Data
-      #
-      # Carries the value of a ASN.1 type.
-      # Please confer Constructive and Primitive for the mappings between
-      # ASN.1 data types and Ruby classes.
-      #
-      attr_accessor :value
-
-      # An Integer representing the tag number of this ASN1Data. Never +nil+.
-      attr_accessor :tag
-
-      # A Symbol representing the tag class of this ASN1Data. Never +nil+.
-      # See ASN1Data for possible values.
-      attr_accessor :tag_class
-
-      #
-      # Never +nil+. A boolean value indicating whether the encoding uses
-      # indefinite length (in the case of parsing) or whether an indefinite
-      # length form shall be used (in the encoding case).
-      # In DER, every value uses definite length form. But in scenarios where
-      # large amounts of data need to be transferred it might be desirable to
-      # have some kind of streaming support available.
-      # For example, huge OCTET STRINGs are preferably sent in smaller-sized
-      # chunks, each at a time.
-      # This is possible in BER by setting the length bytes of an encoding
-      # to zero and by this indicating that the following value will be
-      # sent in chunks. Indefinite length encodings are always constructed.
-      # The end of such a stream of chunks is indicated by sending a EOC
-      # (End of Content) tag. SETs and SEQUENCEs may use an indefinite length
-      # encoding, but also primitive types such as e.g. OCTET STRINGS or
-      # BIT STRINGS may leverage this functionality (cf. ITU-T X.690).
-      #
-      attr_accessor :indefinite_length
-
-      alias infinite_length indefinite_length
-      alias infinite_length= indefinite_length=
-
-      #
-      # :call-seq:
-      #    OpenSSL::ASN1::ASN1Data.new(value, tag, tag_class) => ASN1Data
-      #
-      # _value_: Please have a look at Constructive and Primitive to see how Ruby
-      # types are mapped to ASN.1 types and vice versa.
-      #
-      # _tag_: An Integer indicating the tag number.
-      #
-      # _tag_class_: A Symbol indicating the tag class. Please cf. ASN1 for
-      # possible values.
-      #
-      # == Example
-      #   asn1_int = OpenSSL::ASN1Data.new(42, 2, :UNIVERSAL) # => Same as OpenSSL::ASN1::Integer.new(42)
-      #   tagged_int = OpenSSL::ASN1Data.new(42, 0, :CONTEXT_SPECIFIC) # implicitly 0-tagged INTEGER
-      #
-      def initialize(value, tag, tag_class)
-        raise ASN1Error, "invalid tag class" unless tag_class.is_a?(Symbol)
-
-        @tag = tag
-        @value = value
-        @tag_class = tag_class
-        @indefinite_length = false
-      end
-    end
-
-    module TaggedASN1Data
-      #
-      # May be used as a hint for encoding a value either implicitly or
-      # explicitly by setting it either to +:IMPLICIT+ or to +:EXPLICIT+.
-      # _tagging_ is not set when a ASN.1 structure is parsed using
-      # OpenSSL::ASN1.decode.
-      #
-      attr_accessor :tagging
-
-      # :call-seq:
-      #    OpenSSL::ASN1::Primitive.new(value [, tag, tagging, tag_class ]) => Primitive
-      #
-      # _value_: is mandatory.
-      #
-      # _tag_: optional, may be specified for tagged values. If no _tag_ is
-      # specified, the UNIVERSAL tag corresponding to the Primitive sub-class
-      # is used by default.
-      #
-      # _tagging_: may be used as an encoding hint to encode a value either
-      # explicitly or implicitly, see ASN1 for possible values.
-      #
-      # _tag_class_: if _tag_ and _tagging_ are +nil+ then this is set to
-      # +:UNIVERSAL+ by default. If either _tag_ or _tagging_ are set then
-      # +:CONTEXT_SPECIFIC+ is used as the default. For possible values please
-      # cf. ASN1.
-      #
-      # == Example
-      #   int = OpenSSL::ASN1::Integer.new(42)
-      #   zero_tagged_int = OpenSSL::ASN1::Integer.new(42, 0, :IMPLICIT)
-      #   private_explicit_zero_tagged_int = OpenSSL::ASN1::Integer.new(42, 0, :EXPLICIT, :PRIVATE)
-      #
-      def initialize(value, tag = nil, tagging = nil, tag_class = nil)
-        tag ||= ASN1.take_default_tag(self.class)
-
-        raise ASN1Error, "must specify tag number" unless tag
-
-        if tagging
-          raise ASN1Error, "invalid tagging method" unless tagging.is_a?(Symbol)
-        end
-
-        tag_class ||= tagging ? :CONTEXT_SPECIFIC : :UNIVERSAL
-
-        raise ASN1Error, "invalid tag class" unless tag_class.is_a?(Symbol)
-
-        @tagging = tagging
-        super(value ,tag, tag_class)
-      end
-    end
-
-    class Primitive < ASN1Data
-      include TaggedASN1Data
-
-      undef_method :indefinite_length=
-      undef_method :infinite_length=
-    end
-
-    class Constructive < ASN1Data
-      include TaggedASN1Data
-      include Enumerable
-
-      # :call-seq:
-      #    asn1_ary.each { |asn1| block } => asn1_ary
-      #
-      # Calls the given block once for each element in self, passing that element
-      # as parameter _asn1_. If no block is given, an enumerator is returned
-      # instead.
-      #
-      # == Example
-      #   asn1_ary.each do |asn1|
-      #     puts asn1
-      #   end
-      #
-      def each(&blk)
-        @value.each(&blk)
-
-        self
-      end
-    end
-
-    class Boolean < Primitive ; end
-    class Integer < Primitive ; end
-    class Enumerated < Primitive ; end
-
-    class BitString < Primitive
-      attr_accessor :unused_bits
-
-      def initialize(*)
-        super
-
-        @unused_bits = 0
-      end
-    end
-
-    class EndOfContent < ASN1Data
-      def initialize
-        super("", 0, :UNIVERSAL)
-      end
-    end
-
-    # :nodoc:
-    def self.take_default_tag(klass)
-      tag = CLASS_TAG_MAP[klass]
-
-      return tag if tag
-
-      sklass = klass.superclass
-
-      return unless sklass
-
-      take_default_tag(sklass)
-    end
-  end
-end