rubysl-openssl 1.0.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +5 -6
  3. data/ext/rubysl/openssl/.gitignore +3 -0
  4. data/ext/rubysl/openssl/deprecation.rb +21 -0
  5. data/ext/rubysl/openssl/extconf.rb +45 -32
  6. data/ext/rubysl/openssl/openssl_missing.c +20 -7
  7. data/ext/rubysl/openssl/openssl_missing.h +22 -15
  8. data/ext/rubysl/openssl/ossl.c +610 -61
  9. data/ext/rubysl/openssl/ossl.h +31 -17
  10. data/ext/rubysl/openssl/ossl_asn1.c +974 -183
  11. data/ext/rubysl/openssl/ossl_asn1.h +3 -3
  12. data/ext/rubysl/openssl/ossl_bio.c +4 -3
  13. data/ext/rubysl/openssl/ossl_bio.h +1 -1
  14. data/ext/rubysl/openssl/ossl_bn.c +32 -28
  15. data/ext/rubysl/openssl/ossl_bn.h +1 -1
  16. data/ext/rubysl/openssl/ossl_cipher.c +494 -93
  17. data/ext/rubysl/openssl/ossl_cipher.h +1 -1
  18. data/ext/rubysl/openssl/ossl_config.c +4 -5
  19. data/ext/rubysl/openssl/ossl_config.h +1 -1
  20. data/ext/rubysl/openssl/ossl_digest.c +206 -24
  21. data/ext/rubysl/openssl/ossl_digest.h +1 -1
  22. data/ext/rubysl/openssl/ossl_engine.c +48 -26
  23. data/ext/rubysl/openssl/ossl_engine.h +1 -1
  24. data/ext/rubysl/openssl/ossl_hmac.c +40 -38
  25. data/ext/rubysl/openssl/ossl_hmac.h +1 -1
  26. data/ext/rubysl/openssl/ossl_ns_spki.c +157 -25
  27. data/ext/rubysl/openssl/ossl_ns_spki.h +1 -1
  28. data/ext/rubysl/openssl/ossl_ocsp.c +57 -40
  29. data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
  30. data/ext/rubysl/openssl/ossl_pkcs12.c +15 -13
  31. data/ext/rubysl/openssl/ossl_pkcs12.h +1 -1
  32. data/ext/rubysl/openssl/ossl_pkcs5.c +108 -18
  33. data/ext/rubysl/openssl/ossl_pkcs7.c +44 -37
  34. data/ext/rubysl/openssl/ossl_pkcs7.h +1 -1
  35. data/ext/rubysl/openssl/ossl_pkey.c +211 -15
  36. data/ext/rubysl/openssl/ossl_pkey.h +19 -9
  37. data/ext/rubysl/openssl/ossl_pkey_dh.c +180 -47
  38. data/ext/rubysl/openssl/ossl_pkey_dsa.c +184 -47
  39. data/ext/rubysl/openssl/ossl_pkey_ec.c +177 -93
  40. data/ext/rubysl/openssl/ossl_pkey_rsa.c +209 -102
  41. data/ext/rubysl/openssl/ossl_rand.c +15 -15
  42. data/ext/rubysl/openssl/ossl_rand.h +1 -1
  43. data/ext/rubysl/openssl/ossl_ssl.c +939 -192
  44. data/ext/rubysl/openssl/ossl_ssl.h +6 -6
  45. data/ext/rubysl/openssl/ossl_ssl_session.c +78 -62
  46. data/ext/rubysl/openssl/ossl_version.h +2 -2
  47. data/ext/rubysl/openssl/ossl_x509.c +1 -1
  48. data/ext/rubysl/openssl/ossl_x509.h +1 -1
  49. data/ext/rubysl/openssl/ossl_x509attr.c +20 -19
  50. data/ext/rubysl/openssl/ossl_x509cert.c +169 -67
  51. data/ext/rubysl/openssl/ossl_x509crl.c +41 -39
  52. data/ext/rubysl/openssl/ossl_x509ext.c +51 -38
  53. data/ext/rubysl/openssl/ossl_x509name.c +139 -29
  54. data/ext/rubysl/openssl/ossl_x509req.c +42 -40
  55. data/ext/rubysl/openssl/ossl_x509revoked.c +20 -20
  56. data/ext/rubysl/openssl/ossl_x509store.c +99 -47
  57. data/ext/rubysl/openssl/ruby_missing.h +3 -16
  58. data/lib/openssl/bn.rb +19 -19
  59. data/lib/openssl/buffering.rb +222 -14
  60. data/lib/openssl/cipher.rb +20 -20
  61. data/lib/openssl/config.rb +1 -4
  62. data/lib/openssl/digest.rb +47 -19
  63. data/lib/openssl/ssl.rb +197 -1
  64. data/lib/openssl/x509.rb +162 -1
  65. data/lib/rubysl/openssl.rb +4 -8
  66. data/lib/rubysl/openssl/version.rb +1 -1
  67. data/rubysl-openssl.gemspec +1 -2
  68. metadata +16 -34
  69. data/ext/rubysl/openssl/extconf.h +0 -50
  70. data/lib/openssl/net/ftptls.rb +0 -53
  71. data/lib/openssl/net/telnets.rb +0 -251
  72. data/lib/openssl/pkcs7.rb +0 -25
  73. data/lib/openssl/ssl-internal.rb +0 -187
  74. data/lib/openssl/x509-internal.rb +0 -153
@@ -1,22 +1,22 @@
1
- =begin
2
- = $RCSfile$ -- Ruby-space predefined Cipher subclasses
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id: cipher.rb 12496 2007-06-08 15:02:04Z technorama $
15
- =end
16
-
17
- ##
18
- # Should we care what if somebody require this file directly?
19
- #require 'openssl'
1
+ #--
2
+ #
3
+ # $RCSfile$
4
+ #
5
+ # = Ruby-space predefined Cipher subclasses
6
+ #
7
+ # = Info
8
+ # 'OpenSSL for Ruby 2' project
9
+ # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
+ # All rights reserved.
11
+ #
12
+ # = Licence
13
+ # This program is licenced under the same licence as Ruby.
14
+ # (See the file 'LICENCE'.)
15
+ #
16
+ # = Version
17
+ # $Id$
18
+ #
19
+ #++
20
20
 
21
21
  module OpenSSL
22
22
  class Cipher
@@ -57,7 +57,7 @@ module OpenSSL
57
57
  return str
58
58
  end
59
59
 
60
- # This class is only provided for backwards compatibility. Use OpenSSL::Digest in the future.
60
+ # This class is only provided for backwards compatibility. Use OpenSSL::Cipher in the future.
61
61
  class Cipher < Cipher
62
62
  # add warning
63
63
  end
@@ -10,9 +10,6 @@
10
10
 
11
11
  =end
12
12
 
13
- ##
14
- # Should we care what if somebody require this file directly?
15
- #require 'openssl'
16
13
  require 'stringio'
17
14
 
18
15
  module OpenSSL
@@ -284,7 +281,7 @@ module OpenSSL
284
281
  def each
285
282
  @data.each do |section, hash|
286
283
  hash.each do |key, value|
287
- yield(section, key, value)
284
+ yield [section, key, value]
288
285
  end
289
286
  end
290
287
  end
@@ -1,22 +1,22 @@
1
- =begin
2
- = $RCSfile$ -- Ruby-space predefined Digest subclasses
3
-
4
- = Info
5
- 'OpenSSL for Ruby 2' project
6
- Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
- All rights reserved.
8
-
9
- = Licence
10
- This program is licenced under the same licence as Ruby.
11
- (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id: digest.rb 28004 2010-05-24 23:58:49Z shyouhei $
15
- =end
16
-
17
- ##
18
- # Should we care what if somebody require this file directly?
19
- #require 'openssl'
1
+ #--
2
+ #
3
+ # $RCSfile$
4
+ #
5
+ # = Ruby-space predefined Digest subclasses
6
+ #
7
+ # = Info
8
+ # 'OpenSSL for Ruby 2' project
9
+ # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
+ # All rights reserved.
11
+ #
12
+ # = Licence
13
+ # This program is licenced under the same licence as Ruby.
14
+ # (See the file 'LICENCE'.)
15
+ #
16
+ # = Version
17
+ # $Id$
18
+ #
19
+ #++
20
20
 
21
21
  module OpenSSL
22
22
  class Digest
@@ -26,6 +26,17 @@ module OpenSSL
26
26
  alg += %w(SHA224 SHA256 SHA384 SHA512)
27
27
  end
28
28
 
29
+ # Return the +data+ hash computed with +name+ Digest. +name+ is either the
30
+ # long name or short name of a supported digest algorithm.
31
+ #
32
+ # === Examples
33
+ #
34
+ # OpenSSL::Digest.digest("SHA256", "abc")
35
+ #
36
+ # which is equivalent to:
37
+ #
38
+ # OpenSSL::Digest::SHA256.digest("abc")
39
+
29
40
  def self.digest(name, data)
30
41
  super(data, name)
31
42
  end
@@ -57,5 +68,22 @@ module OpenSSL
57
68
  end
58
69
 
59
70
  end # Digest
71
+
72
+ # Returns a Digest subclass by +name+.
73
+ #
74
+ # require 'openssl'
75
+ #
76
+ # OpenSSL::Digest("MD5")
77
+ # # => OpenSSL::Digest::MD5
78
+ #
79
+ # Digest("Foo")
80
+ # # => NameError: wrong constant name Foo
81
+
82
+ def Digest(name)
83
+ OpenSSL::Digest.const_get(name)
84
+ end
85
+
86
+ module_function :Digest
87
+
60
88
  end # OpenSSL
61
89
 
@@ -1 +1,197 @@
1
- require 'openssl'
1
+ =begin
2
+ = $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
3
+
4
+ = Info
5
+ 'OpenSSL for Ruby 2' project
6
+ Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
7
+ All rights reserved.
8
+
9
+ = Licence
10
+ This program is licenced under the same licence as Ruby.
11
+ (See the file 'LICENCE'.)
12
+
13
+ = Version
14
+ $Id$
15
+ =end
16
+
17
+ require "openssl/buffering"
18
+ require "fcntl"
19
+
20
+ module OpenSSL
21
+ module SSL
22
+ class SSLContext
23
+ DEFAULT_PARAMS = {
24
+ :ssl_version => "SSLv23",
25
+ :verify_mode => OpenSSL::SSL::VERIFY_PEER,
26
+ :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
27
+ :options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ?
28
+ OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS :
29
+ OpenSSL::SSL::OP_ALL,
30
+ }
31
+
32
+ DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
33
+ DEFAULT_CERT_STORE.set_default_paths
34
+ if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
35
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
36
+ end
37
+
38
+ ##
39
+ # Sets the parameters for this SSL context to the values in +params+.
40
+ # The keys in +params+ must be assignment methods on SSLContext.
41
+ #
42
+ # If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
43
+ # cert_store are not set then the system default certificate store is
44
+ # used.
45
+
46
+ def set_params(params={})
47
+ params = DEFAULT_PARAMS.merge(params)
48
+ params.each{|name, value| self.__send__("#{name}=", value) }
49
+ if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
50
+ unless self.ca_file or self.ca_path or self.cert_store
51
+ self.cert_store = DEFAULT_CERT_STORE
52
+ end
53
+ end
54
+ return params
55
+ end
56
+ end
57
+
58
+ module SocketForwarder
59
+ def addr
60
+ to_io.addr
61
+ end
62
+
63
+ def peeraddr
64
+ to_io.peeraddr
65
+ end
66
+
67
+ def setsockopt(level, optname, optval)
68
+ to_io.setsockopt(level, optname, optval)
69
+ end
70
+
71
+ def getsockopt(level, optname)
72
+ to_io.getsockopt(level, optname)
73
+ end
74
+
75
+ def fcntl(*args)
76
+ to_io.fcntl(*args)
77
+ end
78
+
79
+ def closed?
80
+ to_io.closed?
81
+ end
82
+
83
+ def do_not_reverse_lookup=(flag)
84
+ to_io.do_not_reverse_lookup = flag
85
+ end
86
+ end
87
+
88
+ module Nonblock
89
+ def initialize(*args)
90
+ flag = File::NONBLOCK
91
+ flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
92
+ @io.fcntl(Fcntl::F_SETFL, flag)
93
+ super
94
+ end
95
+ end
96
+
97
+ def verify_certificate_identity(cert, hostname)
98
+ should_verify_common_name = true
99
+ cert.extensions.each{|ext|
100
+ next if ext.oid != "subjectAltName"
101
+ ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
102
+ sequence = OpenSSL::ASN1.decode(ostr.value)
103
+ sequence.value.each{|san|
104
+ case san.tag
105
+ when 2 # dNSName in GeneralName (RFC5280)
106
+ should_verify_common_name = false
107
+ reg = Regexp.escape(san.value).gsub(/\\\*/, "[^.]+")
108
+ return true if /\A#{reg}\z/i =~ hostname
109
+ when 7 # iPAddress in GeneralName (RFC5280)
110
+ should_verify_common_name = false
111
+ # follows GENERAL_NAME_print() in x509v3/v3_alt.c
112
+ if san.value.size == 4
113
+ return true if san.value.unpack('C*').join('.') == hostname
114
+ elsif san.value.size == 16
115
+ return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
116
+ end
117
+ end
118
+ }
119
+ }
120
+ if should_verify_common_name
121
+ cert.subject.to_a.each{|oid, value|
122
+ if oid == "CN"
123
+ reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
124
+ return true if /\A#{reg}\z/i =~ hostname
125
+ end
126
+ }
127
+ end
128
+ return false
129
+ end
130
+ module_function :verify_certificate_identity
131
+
132
+ class SSLSocket
133
+ include Buffering
134
+ include SocketForwarder
135
+ include Nonblock
136
+
137
+ def post_connection_check(hostname)
138
+ unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
139
+ raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
140
+ end
141
+ return true
142
+ end
143
+
144
+ def session
145
+ SSL::Session.new(self)
146
+ rescue SSL::Session::SessionError
147
+ nil
148
+ end
149
+ end
150
+
151
+ class SSLServer
152
+ include SocketForwarder
153
+ attr_accessor :start_immediately
154
+
155
+ def initialize(svr, ctx)
156
+ @svr = svr
157
+ @ctx = ctx
158
+ unless ctx.session_id_context
159
+ # see #6137 - session id may not exceed 32 bytes
160
+ prng = ::Random.new($0.hash)
161
+ session_id = prng.bytes(16).unpack('H*')[0]
162
+ @ctx.session_id_context = session_id
163
+ end
164
+ @start_immediately = true
165
+ end
166
+
167
+ def to_io
168
+ @svr
169
+ end
170
+
171
+ def listen(backlog=5)
172
+ @svr.listen(backlog)
173
+ end
174
+
175
+ def shutdown(how=Socket::SHUT_RDWR)
176
+ @svr.shutdown(how)
177
+ end
178
+
179
+ def accept
180
+ sock = @svr.accept
181
+ begin
182
+ ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
183
+ ssl.sync_close = true
184
+ ssl.accept if @start_immediately
185
+ ssl
186
+ rescue SSLError => ex
187
+ sock.close
188
+ raise ex
189
+ end
190
+ end
191
+
192
+ def close
193
+ @svr.close
194
+ end
195
+ end
196
+ end
197
+ end
@@ -1 +1,162 @@
1
- require 'openssl'
1
+ #--
2
+ #
3
+ # $RCSfile$
4
+ #
5
+ # = Ruby-space definitions that completes C-space funcs for X509 and subclasses
6
+ #
7
+ # = Info
8
+ # 'OpenSSL for Ruby 2' project
9
+ # Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
10
+ # All rights reserved.
11
+ #
12
+ # = Licence
13
+ # This program is licenced under the same licence as Ruby.
14
+ # (See the file 'LICENCE'.)
15
+ #
16
+ # = Version
17
+ # $Id$
18
+ #
19
+ #++
20
+
21
+ module OpenSSL
22
+ module X509
23
+ class ExtensionFactory
24
+ def create_extension(*arg)
25
+ if arg.size > 1
26
+ create_ext(*arg)
27
+ else
28
+ send("create_ext_from_"+arg[0].class.name.downcase, arg[0])
29
+ end
30
+ end
31
+
32
+ def create_ext_from_array(ary)
33
+ raise ExtensionError, "unexpected array form" if ary.size > 3
34
+ create_ext(ary[0], ary[1], ary[2])
35
+ end
36
+
37
+ def create_ext_from_string(str) # "oid = critical, value"
38
+ oid, value = str.split(/=/, 2)
39
+ oid.strip!
40
+ value.strip!
41
+ create_ext(oid, value)
42
+ end
43
+
44
+ def create_ext_from_hash(hash)
45
+ create_ext(hash["oid"], hash["value"], hash["critical"])
46
+ end
47
+ end
48
+
49
+ class Extension
50
+ def to_s # "oid = critical, value"
51
+ str = self.oid
52
+ str << " = "
53
+ str << "critical, " if self.critical?
54
+ str << self.value.gsub(/\n/, ", ")
55
+ end
56
+
57
+ def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false}
58
+ {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?}
59
+ end
60
+
61
+ def to_a
62
+ [ self.oid, self.value, self.critical? ]
63
+ end
64
+ end
65
+
66
+ class Name
67
+ module RFC2253DN
68
+ Special = ',=+<>#;'
69
+ HexChar = /[0-9a-fA-F]/
70
+ HexPair = /#{HexChar}#{HexChar}/
71
+ HexString = /#{HexPair}+/
72
+ Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/
73
+ StringChar = /[^#{Special}\\"]/
74
+ QuoteChar = /[^\\"]/
75
+ AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/
76
+ AttributeValue = /
77
+ (?!["#])((?:#{StringChar}|#{Pair})*)|
78
+ \#(#{HexString})|
79
+ "((?:#{QuoteChar}|#{Pair})*)"
80
+ /x
81
+ TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/
82
+
83
+ module_function
84
+
85
+ def expand_pair(str)
86
+ return nil unless str
87
+ return str.gsub(Pair){
88
+ pair = $&
89
+ case pair.size
90
+ when 2 then pair[1,1]
91
+ when 3 then Integer("0x#{pair[1,2]}").chr
92
+ else raise OpenSSL::X509::NameError, "invalid pair: #{str}"
93
+ end
94
+ }
95
+ end
96
+
97
+ def expand_hexstring(str)
98
+ return nil unless str
99
+ der = str.gsub(HexPair){$&.to_i(16).chr }
100
+ a1 = OpenSSL::ASN1.decode(der)
101
+ return a1.value, a1.tag
102
+ end
103
+
104
+ def expand_value(str1, str2, str3)
105
+ value = expand_pair(str1)
106
+ value, tag = expand_hexstring(str2) unless value
107
+ value = expand_pair(str3) unless value
108
+ return value, tag
109
+ end
110
+
111
+ def scan(dn)
112
+ str = dn
113
+ ary = []
114
+ while true
115
+ if md = TypeAndValue.match(str)
116
+ remain = md.post_match
117
+ type = md[1]
118
+ value, tag = expand_value(md[2], md[3], md[4]) rescue nil
119
+ if value
120
+ type_and_value = [type, value]
121
+ type_and_value.push(tag) if tag
122
+ ary.unshift(type_and_value)
123
+ if remain.length > 2 && remain[0] == ?,
124
+ str = remain[1..-1]
125
+ next
126
+ elsif remain.length > 2 && remain[0] == ?+
127
+ raise OpenSSL::X509::NameError,
128
+ "multi-valued RDN is not supported: #{dn}"
129
+ elsif remain.empty?
130
+ break
131
+ end
132
+ end
133
+ end
134
+ msg_dn = dn[0, dn.length - str.length] + " =>" + str
135
+ raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}"
136
+ end
137
+ return ary
138
+ end
139
+ end
140
+
141
+ class << self
142
+ def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE)
143
+ ary = OpenSSL::X509::Name::RFC2253DN.scan(str)
144
+ self.new(ary, template)
145
+ end
146
+
147
+ def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE)
148
+ ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) }
149
+ self.new(ary, template)
150
+ end
151
+
152
+ alias parse parse_openssl
153
+ end
154
+ end
155
+
156
+ class StoreContext
157
+ def cleanup
158
+ warn "(#{caller.first}) OpenSSL::X509::StoreContext#cleanup is deprecated with no replacement" if $VERBOSE
159
+ end
160
+ end
161
+ end
162
+ end