openssl 3.3.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +85 -0
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +30 -69
- data/ext/openssl/openssl_missing.h +0 -206
- data/ext/openssl/ossl.c +280 -301
- data/ext/openssl/ossl.h +15 -10
- data/ext/openssl/ossl_asn1.c +598 -406
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +252 -203
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +31 -37
- data/ext/openssl/ossl_ocsp.c +214 -241
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +175 -145
- data/ext/openssl/ossl_pkey.c +162 -178
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +31 -68
- data/ext/openssl/ossl_pkey_dsa.c +15 -54
- data/ext/openssl/ossl_pkey_ec.c +179 -237
- data/ext/openssl/ossl_pkey_rsa.c +56 -103
- data/ext/openssl/ossl_provider.c +0 -7
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +478 -353
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +81 -127
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509attr.c +33 -54
- data/ext/openssl/ossl_x509cert.c +69 -100
- data/ext/openssl/ossl_x509crl.c +78 -89
- data/ext/openssl/ossl_x509ext.c +45 -66
- data/ext/openssl/ossl_x509name.c +63 -88
- data/ext/openssl/ossl_x509req.c +55 -62
- data/ext/openssl/ossl_x509revoked.c +27 -41
- data/ext/openssl/ossl_x509store.c +38 -56
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +1 -3
- data/ext/openssl/openssl_missing.c +0 -40
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_cipher.h
CHANGED
|
@@ -10,7 +10,16 @@
|
|
|
10
10
|
#if !defined(_OSSL_CIPHER_H_)
|
|
11
11
|
#define _OSSL_CIPHER_H_
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
/*
|
|
14
|
+
* Gets EVP_CIPHER from a String or an OpenSSL::Digest instance (discouraged,
|
|
15
|
+
* but still supported for compatibility). A holder object is created if the
|
|
16
|
+
* EVP_CIPHER is a "fetched" algorithm.
|
|
17
|
+
*/
|
|
18
|
+
const EVP_CIPHER *ossl_evp_cipher_fetch(VALUE obj, volatile VALUE *holder);
|
|
19
|
+
/*
|
|
20
|
+
* This is meant for OpenSSL::Engine#cipher. EVP_CIPHER must not be a fetched
|
|
21
|
+
* one.
|
|
22
|
+
*/
|
|
14
23
|
VALUE ossl_cipher_new(const EVP_CIPHER *);
|
|
15
24
|
void Init_ossl_cipher(void);
|
|
16
25
|
|
data/ext/openssl/ossl_config.c
CHANGED
|
@@ -413,11 +413,6 @@ Init_ossl_config(void)
|
|
|
413
413
|
char *path;
|
|
414
414
|
VALUE path_str;
|
|
415
415
|
|
|
416
|
-
#if 0
|
|
417
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
418
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
419
|
-
#endif
|
|
420
|
-
|
|
421
416
|
/* Document-class: OpenSSL::Config
|
|
422
417
|
*
|
|
423
418
|
* Configuration for the openssl library.
|
|
@@ -426,7 +421,7 @@ Init_ossl_config(void)
|
|
|
426
421
|
* configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
|
|
427
422
|
* the location of the file for your host.
|
|
428
423
|
*
|
|
429
|
-
* See also
|
|
424
|
+
* See also https://docs.openssl.org/master/man5/config/
|
|
430
425
|
*/
|
|
431
426
|
cConfig = rb_define_class_under(mOSSL, "Config", rb_cObject);
|
|
432
427
|
|
data/ext/openssl/ossl_digest.c
CHANGED
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
#define GetDigest(obj, ctx) do { \
|
|
13
13
|
TypedData_Get_Struct((obj), EVP_MD_CTX, &ossl_digest_type, (ctx)); \
|
|
14
14
|
if (!(ctx)) { \
|
|
15
|
-
|
|
15
|
+
ossl_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \
|
|
16
16
|
} \
|
|
17
17
|
} while (0)
|
|
18
18
|
|
|
@@ -21,6 +21,7 @@
|
|
|
21
21
|
*/
|
|
22
22
|
static VALUE cDigest;
|
|
23
23
|
static VALUE eDigestError;
|
|
24
|
+
static ID id_md_holder;
|
|
24
25
|
|
|
25
26
|
static VALUE ossl_digest_alloc(VALUE klass);
|
|
26
27
|
|
|
@@ -33,39 +34,67 @@ ossl_digest_free(void *ctx)
|
|
|
33
34
|
static const rb_data_type_t ossl_digest_type = {
|
|
34
35
|
"OpenSSL/Digest",
|
|
35
36
|
{
|
|
36
|
-
|
|
37
|
+
0, ossl_digest_free,
|
|
37
38
|
},
|
|
38
39
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
39
40
|
};
|
|
40
41
|
|
|
42
|
+
#ifdef OSSL_USE_PROVIDER
|
|
43
|
+
static void
|
|
44
|
+
ossl_evp_md_free(void *ptr)
|
|
45
|
+
{
|
|
46
|
+
// This is safe to call against const EVP_MD * returned by
|
|
47
|
+
// EVP_get_digestbyname()
|
|
48
|
+
EVP_MD_free(ptr);
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
static const rb_data_type_t ossl_evp_md_holder_type = {
|
|
52
|
+
"OpenSSL/EVP_MD",
|
|
53
|
+
{
|
|
54
|
+
.dfree = ossl_evp_md_free,
|
|
55
|
+
},
|
|
56
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
57
|
+
};
|
|
58
|
+
#endif
|
|
59
|
+
|
|
41
60
|
/*
|
|
42
61
|
* Public
|
|
43
62
|
*/
|
|
44
63
|
const EVP_MD *
|
|
45
|
-
|
|
64
|
+
ossl_evp_md_fetch(VALUE obj, volatile VALUE *holder)
|
|
46
65
|
{
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
if (RB_TYPE_P(obj, T_STRING)) {
|
|
51
|
-
const char *name = StringValueCStr(obj);
|
|
52
|
-
|
|
53
|
-
md = EVP_get_digestbyname(name);
|
|
54
|
-
if (!md) {
|
|
55
|
-
oid = OBJ_txt2obj(name, 0);
|
|
56
|
-
md = EVP_get_digestbyobj(oid);
|
|
57
|
-
ASN1_OBJECT_free(oid);
|
|
58
|
-
}
|
|
59
|
-
if(!md)
|
|
60
|
-
ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%"PRIsVALUE").", obj);
|
|
61
|
-
} else {
|
|
66
|
+
*holder = Qnil;
|
|
67
|
+
if (rb_obj_is_kind_of(obj, cDigest)) {
|
|
62
68
|
EVP_MD_CTX *ctx;
|
|
63
|
-
|
|
64
69
|
GetDigest(obj, ctx);
|
|
65
|
-
|
|
66
|
-
|
|
70
|
+
EVP_MD *md = (EVP_MD *)EVP_MD_CTX_get0_md(ctx);
|
|
71
|
+
#ifdef OSSL_USE_PROVIDER
|
|
72
|
+
*holder = TypedData_Wrap_Struct(0, &ossl_evp_md_holder_type, NULL);
|
|
73
|
+
if (!EVP_MD_up_ref(md))
|
|
74
|
+
ossl_raise(eDigestError, "EVP_MD_up_ref");
|
|
75
|
+
RTYPEDDATA_DATA(*holder) = md;
|
|
76
|
+
#endif
|
|
77
|
+
return md;
|
|
67
78
|
}
|
|
68
79
|
|
|
80
|
+
const char *name = StringValueCStr(obj);
|
|
81
|
+
EVP_MD *md = (EVP_MD *)EVP_get_digestbyname(name);
|
|
82
|
+
if (!md) {
|
|
83
|
+
ASN1_OBJECT *oid = OBJ_txt2obj(name, 0);
|
|
84
|
+
md = (EVP_MD *)EVP_get_digestbyobj(oid);
|
|
85
|
+
ASN1_OBJECT_free(oid);
|
|
86
|
+
}
|
|
87
|
+
#ifdef OSSL_USE_PROVIDER
|
|
88
|
+
if (!md) {
|
|
89
|
+
ossl_clear_error();
|
|
90
|
+
*holder = TypedData_Wrap_Struct(0, &ossl_evp_md_holder_type, NULL);
|
|
91
|
+
md = EVP_MD_fetch(NULL, name, NULL);
|
|
92
|
+
RTYPEDDATA_DATA(*holder) = md;
|
|
93
|
+
}
|
|
94
|
+
#endif
|
|
95
|
+
if (!md)
|
|
96
|
+
ossl_raise(eDigestError, "unsupported digest algorithm: %"PRIsVALUE,
|
|
97
|
+
obj);
|
|
69
98
|
return md;
|
|
70
99
|
}
|
|
71
100
|
|
|
@@ -75,14 +104,17 @@ ossl_digest_new(const EVP_MD *md)
|
|
|
75
104
|
VALUE ret;
|
|
76
105
|
EVP_MD_CTX *ctx;
|
|
77
106
|
|
|
107
|
+
// NOTE: This does not set id_md_holder because this function should
|
|
108
|
+
// only be called from ossl_engine.c, which will not use any
|
|
109
|
+
// reference-counted digests.
|
|
78
110
|
ret = ossl_digest_alloc(cDigest);
|
|
79
111
|
ctx = EVP_MD_CTX_new();
|
|
80
112
|
if (!ctx)
|
|
81
|
-
|
|
113
|
+
ossl_raise(eDigestError, "EVP_MD_CTX_new");
|
|
82
114
|
RTYPEDDATA_DATA(ret) = ctx;
|
|
83
115
|
|
|
84
116
|
if (!EVP_DigestInit_ex(ctx, md, NULL))
|
|
85
|
-
|
|
117
|
+
ossl_raise(eDigestError, "Digest initialization failed");
|
|
86
118
|
|
|
87
119
|
return ret;
|
|
88
120
|
}
|
|
@@ -121,26 +153,28 @@ ossl_digest_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
121
153
|
{
|
|
122
154
|
EVP_MD_CTX *ctx;
|
|
123
155
|
const EVP_MD *md;
|
|
124
|
-
VALUE type, data;
|
|
156
|
+
VALUE type, data, md_holder;
|
|
125
157
|
|
|
126
158
|
rb_scan_args(argc, argv, "11", &type, &data);
|
|
127
|
-
md =
|
|
159
|
+
md = ossl_evp_md_fetch(type, &md_holder);
|
|
128
160
|
if (!NIL_P(data)) StringValue(data);
|
|
129
161
|
|
|
130
162
|
TypedData_Get_Struct(self, EVP_MD_CTX, &ossl_digest_type, ctx);
|
|
131
163
|
if (!ctx) {
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
164
|
+
RTYPEDDATA_DATA(self) = ctx = EVP_MD_CTX_new();
|
|
165
|
+
if (!ctx)
|
|
166
|
+
ossl_raise(eDigestError, "EVP_MD_CTX_new");
|
|
135
167
|
}
|
|
136
168
|
|
|
137
169
|
if (!EVP_DigestInit_ex(ctx, md, NULL))
|
|
138
|
-
|
|
170
|
+
ossl_raise(eDigestError, "Digest initialization failed");
|
|
171
|
+
rb_ivar_set(self, id_md_holder, md_holder);
|
|
139
172
|
|
|
140
173
|
if (!NIL_P(data)) return ossl_digest_update(self, data);
|
|
141
174
|
return self;
|
|
142
175
|
}
|
|
143
176
|
|
|
177
|
+
/* :nodoc: */
|
|
144
178
|
static VALUE
|
|
145
179
|
ossl_digest_copy(VALUE self, VALUE other)
|
|
146
180
|
{
|
|
@@ -151,14 +185,14 @@ ossl_digest_copy(VALUE self, VALUE other)
|
|
|
151
185
|
|
|
152
186
|
TypedData_Get_Struct(self, EVP_MD_CTX, &ossl_digest_type, ctx1);
|
|
153
187
|
if (!ctx1) {
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
188
|
+
RTYPEDDATA_DATA(self) = ctx1 = EVP_MD_CTX_new();
|
|
189
|
+
if (!ctx1)
|
|
190
|
+
ossl_raise(eDigestError, "EVP_MD_CTX_new");
|
|
157
191
|
}
|
|
158
192
|
GetDigest(other, ctx2);
|
|
159
193
|
|
|
160
194
|
if (!EVP_MD_CTX_copy(ctx1, ctx2)) {
|
|
161
|
-
|
|
195
|
+
ossl_raise(eDigestError, NULL);
|
|
162
196
|
}
|
|
163
197
|
return self;
|
|
164
198
|
}
|
|
@@ -183,8 +217,8 @@ ossl_s_digests(VALUE self)
|
|
|
183
217
|
|
|
184
218
|
ary = rb_ary_new();
|
|
185
219
|
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
|
|
186
|
-
|
|
187
|
-
|
|
220
|
+
add_digest_name_to_ary,
|
|
221
|
+
(void*)ary);
|
|
188
222
|
|
|
189
223
|
return ary;
|
|
190
224
|
}
|
|
@@ -204,7 +238,7 @@ ossl_digest_reset(VALUE self)
|
|
|
204
238
|
|
|
205
239
|
GetDigest(self, ctx);
|
|
206
240
|
if (EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL) != 1) {
|
|
207
|
-
|
|
241
|
+
ossl_raise(eDigestError, "Digest initialization failed.");
|
|
208
242
|
}
|
|
209
243
|
|
|
210
244
|
return self;
|
|
@@ -234,7 +268,7 @@ ossl_digest_update(VALUE self, VALUE data)
|
|
|
234
268
|
GetDigest(self, ctx);
|
|
235
269
|
|
|
236
270
|
if (!EVP_DigestUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)))
|
|
237
|
-
|
|
271
|
+
ossl_raise(eDigestError, "EVP_DigestUpdate");
|
|
238
272
|
|
|
239
273
|
return self;
|
|
240
274
|
}
|
|
@@ -253,7 +287,7 @@ ossl_digest_finish(VALUE self)
|
|
|
253
287
|
GetDigest(self, ctx);
|
|
254
288
|
str = rb_str_new(NULL, EVP_MD_CTX_size(ctx));
|
|
255
289
|
if (!EVP_DigestFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), NULL))
|
|
256
|
-
|
|
290
|
+
ossl_raise(eDigestError, "EVP_DigestFinal_ex");
|
|
257
291
|
|
|
258
292
|
return str;
|
|
259
293
|
}
|
|
@@ -331,11 +365,6 @@ ossl_digest_block_length(VALUE self)
|
|
|
331
365
|
void
|
|
332
366
|
Init_ossl_digest(void)
|
|
333
367
|
{
|
|
334
|
-
#if 0
|
|
335
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
336
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
337
|
-
#endif
|
|
338
|
-
|
|
339
368
|
/* Document-class: OpenSSL::Digest
|
|
340
369
|
*
|
|
341
370
|
* OpenSSL::Digest allows you to compute message digests (sometimes
|
|
@@ -441,4 +470,6 @@ Init_ossl_digest(void)
|
|
|
441
470
|
rb_define_method(cDigest, "block_length", ossl_digest_block_length, 0);
|
|
442
471
|
|
|
443
472
|
rb_define_method(cDigest, "name", ossl_digest_name, 0);
|
|
473
|
+
|
|
474
|
+
id_md_holder = rb_intern_const("EVP_MD_holder");
|
|
444
475
|
}
|
data/ext/openssl/ossl_digest.h
CHANGED
|
@@ -10,7 +10,15 @@
|
|
|
10
10
|
#if !defined(_OSSL_DIGEST_H_)
|
|
11
11
|
#define _OSSL_DIGEST_H_
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
/*
|
|
14
|
+
* Gets EVP_MD from a String or an OpenSSL::Digest instance (discouraged, but
|
|
15
|
+
* still supported for compatibility). A holder object is created if the EVP_MD
|
|
16
|
+
* is a "fetched" algorithm.
|
|
17
|
+
*/
|
|
18
|
+
const EVP_MD *ossl_evp_md_fetch(VALUE obj, volatile VALUE *holder);
|
|
19
|
+
/*
|
|
20
|
+
* This is meant for OpenSSL::Engine#digest. EVP_MD must not be a fetched one.
|
|
21
|
+
*/
|
|
14
22
|
VALUE ossl_digest_new(const EVP_MD *);
|
|
15
23
|
void Init_ossl_digest(void);
|
|
16
24
|
|
data/ext/openssl/ossl_engine.c
CHANGED
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
|
|
17
17
|
#define SetEngine(obj, engine) do { \
|
|
18
18
|
if (!(engine)) { \
|
|
19
|
-
|
|
19
|
+
ossl_raise(rb_eRuntimeError, "ENGINE wasn't initialized."); \
|
|
20
20
|
} \
|
|
21
21
|
RTYPEDDATA_DATA(obj) = (engine); \
|
|
22
22
|
} while(0)
|
|
@@ -47,25 +47,15 @@ static VALUE eEngineError;
|
|
|
47
47
|
/*
|
|
48
48
|
* Private
|
|
49
49
|
*/
|
|
50
|
-
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
|
|
51
50
|
#define OSSL_ENGINE_LOAD_IF_MATCH(engine_name, x) \
|
|
52
51
|
do{\
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
}while(0)
|
|
60
|
-
#else
|
|
61
|
-
#define OSSL_ENGINE_LOAD_IF_MATCH(engine_name, x) \
|
|
62
|
-
do{\
|
|
63
|
-
if(!strcmp(#engine_name, RSTRING_PTR(name))){\
|
|
64
|
-
ENGINE_load_##engine_name();\
|
|
65
|
-
return Qtrue;\
|
|
66
|
-
}\
|
|
52
|
+
if(!strcmp(#engine_name, RSTRING_PTR(name))){\
|
|
53
|
+
if (OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL))\
|
|
54
|
+
return Qtrue;\
|
|
55
|
+
else\
|
|
56
|
+
ossl_raise(eEngineError, "OPENSSL_init_crypto"); \
|
|
57
|
+
}\
|
|
67
58
|
}while(0)
|
|
68
|
-
#endif
|
|
69
59
|
|
|
70
60
|
static void
|
|
71
61
|
ossl_engine_free(void *engine)
|
|
@@ -76,7 +66,7 @@ ossl_engine_free(void *engine)
|
|
|
76
66
|
static const rb_data_type_t ossl_engine_type = {
|
|
77
67
|
"OpenSSL/Engine",
|
|
78
68
|
{
|
|
79
|
-
|
|
69
|
+
0, ossl_engine_free,
|
|
80
70
|
},
|
|
81
71
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
82
72
|
};
|
|
@@ -102,50 +92,10 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
|
|
|
102
92
|
return Qtrue;
|
|
103
93
|
}
|
|
104
94
|
StringValueCStr(name);
|
|
105
|
-
#ifdef HAVE_ENGINE_LOAD_DYNAMIC
|
|
106
95
|
OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC);
|
|
107
|
-
#endif
|
|
108
|
-
#ifndef OPENSSL_NO_STATIC_ENGINE
|
|
109
|
-
#ifdef HAVE_ENGINE_LOAD_4758CCA
|
|
110
|
-
OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA);
|
|
111
|
-
#endif
|
|
112
|
-
#ifdef HAVE_ENGINE_LOAD_AEP
|
|
113
|
-
OSSL_ENGINE_LOAD_IF_MATCH(aep, AEP);
|
|
114
|
-
#endif
|
|
115
|
-
#ifdef HAVE_ENGINE_LOAD_ATALLA
|
|
116
|
-
OSSL_ENGINE_LOAD_IF_MATCH(atalla, ATALLA);
|
|
117
|
-
#endif
|
|
118
|
-
#ifdef HAVE_ENGINE_LOAD_CHIL
|
|
119
|
-
OSSL_ENGINE_LOAD_IF_MATCH(chil, CHIL);
|
|
120
|
-
#endif
|
|
121
|
-
#ifdef HAVE_ENGINE_LOAD_CSWIFT
|
|
122
|
-
OSSL_ENGINE_LOAD_IF_MATCH(cswift, CSWIFT);
|
|
123
|
-
#endif
|
|
124
|
-
#ifdef HAVE_ENGINE_LOAD_NURON
|
|
125
|
-
OSSL_ENGINE_LOAD_IF_MATCH(nuron, NURON);
|
|
126
|
-
#endif
|
|
127
|
-
#ifdef HAVE_ENGINE_LOAD_SUREWARE
|
|
128
|
-
OSSL_ENGINE_LOAD_IF_MATCH(sureware, SUREWARE);
|
|
129
|
-
#endif
|
|
130
|
-
#ifdef HAVE_ENGINE_LOAD_UBSEC
|
|
131
|
-
OSSL_ENGINE_LOAD_IF_MATCH(ubsec, UBSEC);
|
|
132
|
-
#endif
|
|
133
|
-
#ifdef HAVE_ENGINE_LOAD_PADLOCK
|
|
134
96
|
OSSL_ENGINE_LOAD_IF_MATCH(padlock, PADLOCK);
|
|
135
|
-
#endif
|
|
136
|
-
#ifdef HAVE_ENGINE_LOAD_CAPI
|
|
137
97
|
OSSL_ENGINE_LOAD_IF_MATCH(capi, CAPI);
|
|
138
|
-
#endif
|
|
139
|
-
#ifdef HAVE_ENGINE_LOAD_GMP
|
|
140
|
-
OSSL_ENGINE_LOAD_IF_MATCH(gmp, GMP);
|
|
141
|
-
#endif
|
|
142
|
-
#ifdef HAVE_ENGINE_LOAD_GOST
|
|
143
|
-
OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST);
|
|
144
|
-
#endif
|
|
145
|
-
#endif
|
|
146
|
-
#ifdef HAVE_ENGINE_LOAD_CRYPTODEV
|
|
147
98
|
OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV);
|
|
148
|
-
#endif
|
|
149
99
|
OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL);
|
|
150
100
|
rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
|
|
151
101
|
return Qnil;
|
|
@@ -163,9 +113,6 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
|
|
|
163
113
|
static VALUE
|
|
164
114
|
ossl_engine_s_cleanup(VALUE self)
|
|
165
115
|
{
|
|
166
|
-
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
|
|
167
|
-
ENGINE_cleanup();
|
|
168
|
-
#endif
|
|
169
116
|
return Qnil;
|
|
170
117
|
}
|
|
171
118
|
|
|
@@ -183,12 +130,12 @@ ossl_engine_s_engines(VALUE klass)
|
|
|
183
130
|
|
|
184
131
|
ary = rb_ary_new();
|
|
185
132
|
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)){
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
133
|
+
obj = NewEngine(klass);
|
|
134
|
+
/* Need a ref count of two here because of ENGINE_free being
|
|
135
|
+
* called internally by OpenSSL when moving to the next ENGINE
|
|
136
|
+
* and by us when releasing the ENGINE reference */
|
|
137
|
+
ENGINE_up_ref(e);
|
|
138
|
+
SetEngine(obj, e);
|
|
192
139
|
rb_ary_push(ary, obj);
|
|
193
140
|
}
|
|
194
141
|
|
|
@@ -216,13 +163,13 @@ ossl_engine_s_by_id(VALUE klass, VALUE id)
|
|
|
216
163
|
ossl_engine_s_load(1, &id, klass);
|
|
217
164
|
obj = NewEngine(klass);
|
|
218
165
|
if(!(e = ENGINE_by_id(RSTRING_PTR(id))))
|
|
219
|
-
|
|
166
|
+
ossl_raise(eEngineError, NULL);
|
|
220
167
|
SetEngine(obj, e);
|
|
221
168
|
if(rb_block_given_p()) rb_yield(obj);
|
|
222
169
|
if(!ENGINE_init(e))
|
|
223
|
-
|
|
170
|
+
ossl_raise(eEngineError, NULL);
|
|
224
171
|
ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK,
|
|
225
|
-
|
|
172
|
+
0, NULL, (void(*)(void))ossl_pem_passwd_cb);
|
|
226
173
|
ossl_clear_error();
|
|
227
174
|
|
|
228
175
|
return obj;
|
|
@@ -237,7 +184,7 @@ ossl_engine_s_by_id(VALUE klass, VALUE id)
|
|
|
237
184
|
* OpenSSL::Engine.load
|
|
238
185
|
* OpenSSL::Engine.engines #=> [#<OpenSSL::Engine#>, ...]
|
|
239
186
|
* OpenSSL::Engine.engines.first.id
|
|
240
|
-
*
|
|
187
|
+
* #=> "rsax"
|
|
241
188
|
*/
|
|
242
189
|
static VALUE
|
|
243
190
|
ossl_engine_get_id(VALUE self)
|
|
@@ -256,7 +203,7 @@ ossl_engine_get_id(VALUE self)
|
|
|
256
203
|
* OpenSSL::Engine.load
|
|
257
204
|
* OpenSSL::Engine.engines #=> [#<OpenSSL::Engine#>, ...]
|
|
258
205
|
* OpenSSL::Engine.engines.first.name
|
|
259
|
-
*
|
|
206
|
+
* #=> "RSAX engine support"
|
|
260
207
|
*
|
|
261
208
|
*/
|
|
262
209
|
static VALUE
|
|
@@ -327,11 +274,11 @@ ossl_engine_get_cipher(VALUE self, VALUE name)
|
|
|
327
274
|
* Will raise an EngineError if the digest is unavailable.
|
|
328
275
|
*
|
|
329
276
|
* e = OpenSSL::Engine.by_id("openssl")
|
|
330
|
-
*
|
|
277
|
+
* #=> #<OpenSSL::Engine id="openssl" name="Software engine support">
|
|
331
278
|
* e.digest("SHA1")
|
|
332
|
-
*
|
|
279
|
+
* #=> #<OpenSSL::Digest: da39a3ee5e6b4b0d3255bfef95601890afd80709>
|
|
333
280
|
* e.digest("zomg")
|
|
334
|
-
*
|
|
281
|
+
* #=> OpenSSL::Engine::EngineError: no such digest `zomg'
|
|
335
282
|
*/
|
|
336
283
|
static VALUE
|
|
337
284
|
ossl_engine_get_digest(VALUE self, VALUE name)
|
|
@@ -373,7 +320,7 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self)
|
|
|
373
320
|
GetEngine(self, e);
|
|
374
321
|
pkey = ENGINE_load_private_key(e, sid, NULL, sdata);
|
|
375
322
|
if (!pkey) ossl_raise(eEngineError, NULL);
|
|
376
|
-
obj =
|
|
323
|
+
obj = ossl_pkey_wrap(pkey);
|
|
377
324
|
OSSL_PKEY_SET_PRIVATE(obj);
|
|
378
325
|
|
|
379
326
|
return obj;
|
|
@@ -403,7 +350,7 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
|
|
|
403
350
|
pkey = ENGINE_load_public_key(e, sid, NULL, sdata);
|
|
404
351
|
if (!pkey) ossl_raise(eEngineError, NULL);
|
|
405
352
|
|
|
406
|
-
return
|
|
353
|
+
return ossl_pkey_wrap(pkey);
|
|
407
354
|
}
|
|
408
355
|
|
|
409
356
|
/*
|
|
@@ -418,7 +365,7 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
|
|
|
418
365
|
* your OS.
|
|
419
366
|
*
|
|
420
367
|
* [All flags] 0xFFFF
|
|
421
|
-
* [No flags]
|
|
368
|
+
* [No flags] 0x0000
|
|
422
369
|
*
|
|
423
370
|
* See also <openssl/engine.h>
|
|
424
371
|
*/
|
|
@@ -452,7 +399,7 @@ ossl_engine_ctrl_cmd(int argc, VALUE *argv, VALUE self)
|
|
|
452
399
|
GetEngine(self, e);
|
|
453
400
|
rb_scan_args(argc, argv, "11", &cmd, &val);
|
|
454
401
|
ret = ENGINE_ctrl_cmd_string(e, StringValueCStr(cmd),
|
|
455
|
-
|
|
402
|
+
NIL_P(val) ? NULL : StringValueCStr(val), 0);
|
|
456
403
|
if (!ret) ossl_raise(eEngineError, NULL);
|
|
457
404
|
|
|
458
405
|
return self;
|
|
@@ -462,11 +409,11 @@ static VALUE
|
|
|
462
409
|
ossl_engine_cmd_flag_to_name(int flag)
|
|
463
410
|
{
|
|
464
411
|
switch(flag){
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
412
|
+
case ENGINE_CMD_FLAG_NUMERIC: return rb_str_new2("NUMERIC");
|
|
413
|
+
case ENGINE_CMD_FLAG_STRING: return rb_str_new2("STRING");
|
|
414
|
+
case ENGINE_CMD_FLAG_NO_INPUT: return rb_str_new2("NO_INPUT");
|
|
415
|
+
case ENGINE_CMD_FLAG_INTERNAL: return rb_str_new2("INTERNAL");
|
|
416
|
+
default: return rb_str_new2("UNKNOWN");
|
|
470
417
|
}
|
|
471
418
|
}
|
|
472
419
|
|
|
@@ -486,13 +433,13 @@ ossl_engine_get_cmds(VALUE self)
|
|
|
486
433
|
GetEngine(self, e);
|
|
487
434
|
ary = rb_ary_new();
|
|
488
435
|
if ((defn = ENGINE_get_cmd_defns(e)) != NULL){
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
436
|
+
for (p = defn; p->cmd_num > 0; p++){
|
|
437
|
+
tmp = rb_ary_new();
|
|
438
|
+
rb_ary_push(tmp, rb_str_new2(p->cmd_name));
|
|
439
|
+
rb_ary_push(tmp, rb_str_new2(p->cmd_desc));
|
|
440
|
+
rb_ary_push(tmp, ossl_engine_cmd_flag_to_name(p->cmd_flags));
|
|
441
|
+
rb_ary_push(ary, tmp);
|
|
442
|
+
}
|
|
496
443
|
}
|
|
497
444
|
|
|
498
445
|
return ary;
|
|
@@ -511,7 +458,7 @@ ossl_engine_inspect(VALUE self)
|
|
|
511
458
|
|
|
512
459
|
GetEngine(self, e);
|
|
513
460
|
return rb_sprintf("#<%"PRIsVALUE" id=\"%s\" name=\"%s\">",
|
|
514
|
-
|
|
461
|
+
rb_obj_class(self), ENGINE_get_id(e), ENGINE_get_name(e));
|
|
515
462
|
}
|
|
516
463
|
|
|
517
464
|
#define DefEngineConst(x) rb_define_const(cEngine, #x, INT2NUM(ENGINE_##x))
|
|
@@ -519,11 +466,6 @@ ossl_engine_inspect(VALUE self)
|
|
|
519
466
|
void
|
|
520
467
|
Init_ossl_engine(void)
|
|
521
468
|
{
|
|
522
|
-
#if 0
|
|
523
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
524
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
525
|
-
#endif
|
|
526
|
-
|
|
527
469
|
cEngine = rb_define_class_under(mOSSL, "Engine", rb_cObject);
|
|
528
470
|
eEngineError = rb_define_class_under(cEngine, "EngineError", eOSSLError);
|
|
529
471
|
|
|
@@ -549,12 +491,6 @@ Init_ossl_engine(void)
|
|
|
549
491
|
DefEngineConst(METHOD_DSA);
|
|
550
492
|
DefEngineConst(METHOD_DH);
|
|
551
493
|
DefEngineConst(METHOD_RAND);
|
|
552
|
-
#ifdef ENGINE_METHOD_BN_MOD_EXP
|
|
553
|
-
DefEngineConst(METHOD_BN_MOD_EXP);
|
|
554
|
-
#endif
|
|
555
|
-
#ifdef ENGINE_METHOD_BN_MOD_EXP_CRT
|
|
556
|
-
DefEngineConst(METHOD_BN_MOD_EXP_CRT);
|
|
557
|
-
#endif
|
|
558
494
|
DefEngineConst(METHOD_CIPHERS);
|
|
559
495
|
DefEngineConst(METHOD_DIGESTS);
|
|
560
496
|
DefEngineConst(METHOD_ALL);
|