puma 3.5.0 → 3.12.0

data/ext/puma_http11/http11_parser.h

@@ -1,6 +1,7 @@
 /**
  * Copyright (c) 2005 Zed A. Shaw
  * You can redistribute it and/or modify it under the same terms as Ruby.
+ * License 3-clause BSD
  */
 
 #ifndef http11_parser_h

data/ext/puma_http11/http11_parser.rl

@@ -1,6 +1,7 @@
 /**
  * Copyright (c) 2005 Zed A. Shaw
  * You can redistribute it and/or modify it under the same terms as Ruby.
+ * License 3-clause BSD
  */
 #include "http11_parser.h"
 #include <stdio.h>
@@ -28,7 +29,7 @@ static void snake_upcase_char(char *c)
 /** Machine **/
 
 %%{
-  
+
   machine puma_parser;
 
   action mark { MARK(mark, fpc); }
@@ -36,7 +37,7 @@ static void snake_upcase_char(char *c)
 
   action start_field { MARK(field_start, fpc); }
   action snake_upcase_field { snake_upcase_char((char *)fpc); }
-  action write_field { 
+  action write_field {
     parser->field_len = LEN(field_start, fpc);
   }
 
@@ -44,10 +45,10 @@ static void snake_upcase_char(char *c)
   action write_value {
     parser->http_field(parser, PTR_TO(field_start), parser->field_len, PTR_TO(mark), LEN(mark, fpc));
   }
-  action request_method { 
+  action request_method {
     parser->request_method(parser, PTR_TO(mark), LEN(mark, fpc));
   }
-  action request_uri { 
+  action request_uri {
     parser->request_uri(parser, PTR_TO(mark), LEN(mark, fpc));
   }
   action fragment {
@@ -55,11 +56,11 @@ static void snake_upcase_char(char *c)
   }
 
   action start_query { MARK(query_start, fpc); }
-  action query_string { 
+  action query_string {
     parser->query_string(parser, PTR_TO(query_start), LEN(query_start, fpc));
   }
 
-  action http_version {	
+  action http_version {
     parser->http_version(parser, PTR_TO(mark), LEN(mark, fpc));
   }
 
@@ -67,8 +68,8 @@ static void snake_upcase_char(char *c)
     parser->request_path(parser, PTR_TO(mark), LEN(mark,fpc));
   }
 
-  action done { 
-    parser->body_start = fpc - buffer + 1; 
+  action done {
+    parser->body_start = fpc - buffer + 1;
     parser->header_done(parser, fpc + 1, pe - fpc - 1);
     fbreak;
   }
@@ -108,7 +109,7 @@ size_t puma_parser_execute(puma_parser *parser, const char *buffer, size_t len,
   pe = buffer+len;
 
   /* assert(*pe == '\0' && "pointer does not end on NUL"); */
-  assert(pe - p == len - off && "pointers aren't same distance");
+  assert((size_t) (pe - p) == len - off && "pointers aren't same distance");
 
   %% write exec;
 

data/ext/puma_http11/io_buffer.c

@@ -14,8 +14,8 @@ struct buf_int {
 #define BUF_TOLERANCE 32
 
 static void buf_free(struct buf_int* internal) {
-  free(internal->top);
-  free(internal);
+  xfree(internal->top);
+  xfree(internal);
 }
 
 static VALUE buf_alloc(VALUE self) {
@@ -25,7 +25,7 @@ static VALUE buf_alloc(VALUE self) {
   buf = Data_Make_Struct(self, struct buf_int, 0, buf_free, internal);
 
   internal->size = BUF_DEFAULT_SIZE;
-  internal->top = malloc(BUF_DEFAULT_SIZE);
+  internal->top = ALLOC_N(uint8_t, BUF_DEFAULT_SIZE);
   internal->cur = internal->top;
 
   return buf;
@@ -51,13 +51,13 @@ static VALUE buf_append(VALUE self, VALUE str) {
 
     new_size = (n > new_size ? n : new_size + BUF_TOLERANCE);
 
-    top = malloc(new_size);
+    top = ALLOC_N(uint8_t, new_size);
     old = b->top;
     memcpy(top, old, used);
     b->top = top;
     b->cur = top + used;
     b->size = new_size;
-    free(old);
+    xfree(old);
   }
 
   memcpy(b->cur, RSTRING_PTR(str), str_len);
@@ -92,13 +92,13 @@ static VALUE buf_append2(int argc, VALUE* argv, VALUE self) {
 
     new_size = (n > new_size ? n : new_size + BUF_TOLERANCE);
 
-    top = malloc(new_size);
+    top = ALLOC_N(uint8_t, new_size);
     old = b->top;
     memcpy(top, old, used);
     b->top = top;
     b->cur = top + used;
     b->size = new_size;
-    free(old);
+    xfree(old);
   }
 
   for(i = 0; i < argc; i++) {

data/ext/puma_http11/mini_ssl.c

@@ -87,6 +87,8 @@ DH *get_dh1024() {
 
   DH *dh;
   dh = DH_new();
+
+#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
   dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
   dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
 
@@ -94,6 +96,18 @@ DH *get_dh1024() {
     DH_free(dh);
     return NULL;
   }
+#else
+  BIGNUM *p, *g;
+  p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+  g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+
+  if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
+    DH_free(dh);
+    BN_free(p);
+    BN_free(g);
+    return NULL;
+  }
+#endif
 
   return dh;
 }
@@ -134,15 +148,22 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
   ID sym_key = rb_intern("key");
   VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0);
 
+  StringValue(key);
+
   ID sym_cert = rb_intern("cert");
   VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);
 
+  StringValue(cert);
+
   ID sym_ca = rb_intern("ca");
   VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);
 
   ID sym_verify_mode = rb_intern("verify_mode");
   VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);
 
+  ID sym_ssl_cipher_filter = rb_intern("ssl_cipher_filter");
+  VALUE ssl_cipher_filter = rb_funcall(mini_ssl_ctx, sym_ssl_cipher_filter, 0);
+
   ctx = SSL_CTX_new(SSLv23_server_method());
   conn->ctx = ctx;
 
@@ -150,13 +171,20 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
   SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
 
   if (!NIL_P(ca)) {
+    StringValue(ca);
     SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
   }
-  
+
   SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION);
   SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 
-  SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
+  if (!NIL_P(ssl_cipher_filter)) {
+    StringValue(ssl_cipher_filter);
+    SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(ssl_cipher_filter));
+  }
+  else {
+    SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
+  }
 
   DH *dh = get_dh1024();
   SSL_CTX_set_tmp_dh(ctx, dh);
@@ -225,7 +253,7 @@ void raise_error(SSL* ssl, int result) {
   const char* err_str;
   int err = errno;
   int ssl_err = SSL_get_error(ssl, result);
-  int verify_err = SSL_get_verify_result(ssl);
+  int verify_err = (int) SSL_get_verify_result(ssl);
 
   if(SSL_ERROR_SYSCALL == ssl_err) {
     snprintf(msg, sizeof(msg), "System error: %s - %d", strerror(err), err);
@@ -238,7 +266,7 @@ void raise_error(SSL* ssl, int result) {
                err_str, verify_err);
 
     } else {
-      err = ERR_get_error();
+      err = (int) ERR_get_error();
       ERR_error_string_n(err, buf, sizeof(buf));
       snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err);
 
@@ -322,6 +350,30 @@ VALUE engine_extract(VALUE self) {
   return Qnil;
 }
 
+VALUE engine_shutdown(VALUE self) {
+  ms_conn* conn;
+  int ok;
+
+  Data_Get_Struct(self, ms_conn, conn);
+
+  ERR_clear_error();
+
+  ok = SSL_shutdown(conn->ssl);
+  if (ok == 0) {
+    return Qfalse;
+  }
+
+  return Qtrue;
+}
+
+VALUE engine_init(VALUE self) {
+  ms_conn* conn;
+
+  Data_Get_Struct(self, ms_conn, conn);
+
+  return SSL_in_init(conn->ssl) ? Qtrue : Qfalse;
+}
+
 VALUE engine_peercert(VALUE self) {
   ms_conn* conn;
   X509* cert;
@@ -368,11 +420,16 @@ VALUE noop(VALUE self) {
 void Init_mini_ssl(VALUE puma) {
   VALUE mod, eng;
 
+/* Fake operation for documentation (RDoc, YARD) */
+#if 0 == 1
+  puma = rb_define_module("Puma");
+#endif
+
   SSL_library_init();
   OpenSSL_add_ssl_algorithms();
   SSL_load_error_strings();
   ERR_load_crypto_strings();
-  
+
   mod = rb_define_module_under(puma, "MiniSSL");
   eng = rb_define_class_under(mod, "Engine", rb_cObject);
 
@@ -389,6 +446,10 @@ void Init_mini_ssl(VALUE puma) {
   rb_define_method(eng, "write",  engine_write, 1);
   rb_define_method(eng, "extract", engine_extract, 0);
 
+  rb_define_method(eng, "shutdown", engine_shutdown, 0);
+
+  rb_define_method(eng, "init?", engine_init, 0);
+
   rb_define_method(eng, "peercert", engine_peercert, 0);
 }
 
@@ -400,7 +461,7 @@ VALUE raise_error(VALUE self) {
 }
 
 void Init_mini_ssl(VALUE puma) {
-  VALUE mod, eng;
+  VALUE mod;
 
   mod = rb_define_module_under(puma, "MiniSSL");
   rb_define_class_under(mod, "SSLError", rb_eStandardError);

data/ext/puma_http11/org/jruby/puma/Http11Parser.java

@@ -182,9 +182,6 @@ static final int puma_parser_start = 1;
 static final int puma_parser_first_final = 47;
 static final int puma_parser_error = 0;
 
-static final int puma_parser_en_main = 1;
-
-
 // line 69 "ext/puma_http11/http11_parser.java.rl"
 
    public static interface ElementCB {
@@ -220,7 +217,7 @@ static final int puma_parser_en_main = 1;
       public void init() {
           cs = 0;
 
-          
+
 // line 225 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
 	{
 	cs = puma_parser_start;
@@ -252,7 +249,7 @@ static final int puma_parser_en_main = 1;
      byte[] data = buffer.bytes();
      parser.buffer = buffer;
 
-     
+
 // line 257 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
 	{
 	int _klen;
@@ -347,7 +344,7 @@ case 1:
 	break;
 	case 3:
 // line 17 "ext/puma_http11/http11_parser.java.rl"
-	{ 
+	{
     parser.field_len = p-parser.field_start;
   }
 	break;
@@ -357,7 +354,7 @@ case 1:
 	break;
 	case 5:
 // line 22 "ext/puma_http11/http11_parser.java.rl"
-	{ 
+	{
     if(parser.http_field != null) {
       parser.http_field.call(parser.data, parser.field_start, parser.field_len, parser.mark, p-parser.mark);
     }
@@ -365,21 +362,21 @@ case 1:
 	break;
 	case 6:
 // line 27 "ext/puma_http11/http11_parser.java.rl"
-	{ 
-    if(parser.request_method != null) 
+	{
+    if(parser.request_method != null)
       parser.request_method.call(parser.data, parser.mark, p-parser.mark);
   }
 	break;
 	case 7:
 // line 31 "ext/puma_http11/http11_parser.java.rl"
-	{ 
+	{
     if(parser.request_uri != null)
       parser.request_uri.call(parser.data, parser.mark, p-parser.mark);
   }
 	break;
 	case 8:
 // line 35 "ext/puma_http11/http11_parser.java.rl"
-	{ 
+	{
     if(parser.fragment != null)
       parser.fragment.call(parser.data, parser.mark, p-parser.mark);
   }
@@ -390,14 +387,14 @@ case 1:
 	break;
 	case 10:
 // line 41 "ext/puma_http11/http11_parser.java.rl"
-	{ 
+	{
     if(parser.query_string != null)
       parser.query_string.call(parser.data, parser.query_start, p-parser.query_start);
   }
 	break;
 	case 11:
 // line 46 "ext/puma_http11/http11_parser.java.rl"
-	{	
+	{
     if(parser.http_version != null)
       parser.http_version.call(parser.data, parser.mark, p-parser.mark);
   }
@@ -411,8 +408,8 @@ case 1:
 	break;
 	case 13:
 // line 56 "ext/puma_http11/http11_parser.java.rl"
-	{ 
-    parser.body_start = p + 1; 
+	{
+    parser.body_start = p + 1;
     if(parser.header_done != null)
       parser.header_done.call(parser.data, p + 1, pe - p - 1);
     { p += 1; _goto_targ = 5; if (true)  continue _goto;}
@@ -442,7 +439,7 @@ case 5:
 
      parser.cs = cs;
      parser.nread += (p - off);
-     
+
      assert p <= pe                  : "buffer overflow after parsing execute";
      assert parser.nread <= len      : "nread longer than length";
      assert parser.body_start <= len : "body starts after buffer end";

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -6,6 +6,7 @@ import org.jruby.RubyModule;
 import org.jruby.RubyObject;
 import org.jruby.RubyString;
 import org.jruby.anno.JRubyMethod;
+import org.jruby.javasupport.JavaEmbedUtils;
 import org.jruby.runtime.Block;
 import org.jruby.runtime.ObjectAllocator;
 import org.jruby.runtime.ThreadContext;
@@ -18,6 +19,7 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLEngineResult;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -27,6 +29,7 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 
 import static javax.net.ssl.SSLEngineResult.Status;
@@ -167,6 +170,12 @@ public class MiniSSL extends RubyObject {
         engine.setNeedClientAuth(true);
     }
 
+    IRubyObject sslCipherListObject = miniSSLContext.callMethod(threadContext, "ssl_cipher_list");
+    if (!sslCipherListObject.isNil()) {
+      String[] sslCipherList = sslCipherListObject.convertToString().asJavaString().split(",");
+      engine.setEnabledCipherSuites(sslCipherList);
+    }
+
     SSLSession session = engine.getSession();
     inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
     outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());
@@ -333,7 +342,11 @@ public class MiniSSL extends RubyObject {
   }
 
   @JRubyMethod
-  public IRubyObject peercert() {
-    return getRuntime().getNil();
+  public IRubyObject peercert() throws CertificateEncodingException {
+    try {
+      return JavaEmbedUtils.javaToRuby(getRuntime(), engine.getSession().getPeerCertificates()[0].getEncoded());
+    } catch (SSLPeerUnverifiedException ex) {
+      return getRuntime().getNil();
+    }
   }
 }

data/ext/puma_http11/puma_http11.c

@@ -1,6 +1,7 @@
 /**
  * Copyright (c) 2005 Zed A. Shaw
  * You can redistribute it and/or modify it under the same terms as Ruby.
+ * License 3-clause BSD
  */
 
 #define RSTRING_NOT_MODIFIED 1