RubyGems - rubysl-openssl - Versions diffs - 2.10 → 2.11 - Mend

rubysl-openssl 2.10 → 2.11

Files changed (55) hide show

checksums.yaml +5 -5
data/ext/rubysl/openssl/deprecation.rb +7 -3
data/ext/rubysl/openssl/extconf.rb +148 -103
data/ext/rubysl/openssl/openssl_missing.c +94 -275
data/ext/rubysl/openssl/openssl_missing.h +167 -98
data/ext/rubysl/openssl/ossl.c +266 -212
data/ext/rubysl/openssl/ossl.h +27 -89
data/ext/rubysl/openssl/ossl_asn1.c +157 -221
data/ext/rubysl/openssl/ossl_asn1.h +11 -3
data/ext/rubysl/openssl/ossl_bio.c +10 -40
data/ext/rubysl/openssl/ossl_bio.h +1 -2
data/ext/rubysl/openssl/ossl_bn.c +144 -100
data/ext/rubysl/openssl/ossl_bn.h +3 -1
data/ext/rubysl/openssl/ossl_cipher.c +270 -195
data/ext/rubysl/openssl/ossl_config.c +7 -1
data/ext/rubysl/openssl/ossl_config.h +0 -1
data/ext/rubysl/openssl/ossl_digest.c +40 -29
data/ext/rubysl/openssl/ossl_engine.c +23 -62
data/ext/rubysl/openssl/ossl_hmac.c +82 -55
data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
data/ext/rubysl/openssl/ossl_pkey.c +151 -99
data/ext/rubysl/openssl/ossl_pkey.h +123 -29
data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
data/ext/rubysl/openssl/ossl_rand.c +25 -21
data/ext/rubysl/openssl/ossl_ssl.c +795 -413
data/ext/rubysl/openssl/ossl_ssl.h +3 -0
data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
data/ext/rubysl/openssl/ossl_version.h +1 -1
data/ext/rubysl/openssl/ossl_x509.c +92 -8
data/ext/rubysl/openssl/ossl_x509.h +14 -5
data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
data/ext/rubysl/openssl/ossl_x509name.c +68 -45
data/ext/rubysl/openssl/ossl_x509req.c +32 -38
data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
data/ext/rubysl/openssl/ossl_x509store.c +309 -104
data/ext/rubysl/openssl/ruby_missing.h +8 -6
data/lib/openssl/buffering.rb +11 -5
data/lib/openssl/cipher.rb +23 -15
data/lib/openssl/digest.rb +7 -10
data/lib/openssl/pkey.rb +15 -8
data/lib/openssl/ssl.rb +81 -105
data/lib/rubysl/openssl.rb +1 -4
data/lib/rubysl/openssl/version.rb +1 -1
metadata +3 -4

data/ext/rubysl/openssl/ossl_x509ext.c CHANGED Viewed

@@ -95,19 +95,6 @@ GetX509ExtPtr(VALUE obj)
     return ext;
 }
-X509_EXTENSION *
-DupX509ExtPtr(VALUE obj)
-{
-    X509_EXTENSION *ext, *new;
-    SafeGetX509Ext(obj, ext);
-    if (!(new = X509_EXTENSION_dup(ext))) {
-	ossl_raise(eX509ExtError, NULL);
-    }
-    return new;
-}
 /*
  * Private
  */
@@ -211,12 +198,11 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
 }
 /*
- * Array to X509_EXTENSION
- * Structure:
- * ["ln", "value", bool_critical] or
- * ["sn", "value", bool_critical] or
- * ["ln", "critical,value"] or the same for sn
- * ["ln", "value"] => not critical
+ * call-seq:
+ *   ef.create_ext(ln_or_sn, "value", critical = false) -> X509::Extension
+ *   ef.create_ext(ln_or_sn, "critical,value")          -> X509::Extension
+ *
+ * Creates a new X509::Extension with passed values. See also x509v3_config(5).
  */
 static VALUE
 ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
@@ -225,39 +211,32 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
     X509_EXTENSION *ext;
     VALUE oid, value, critical, valstr, obj;
     int nid;
-#ifdef HAVE_X509V3_EXT_NCONF_NID
     VALUE rconf;
     CONF *conf;
-#else
-    static LHASH *empty_lhash;
-#endif
     rb_scan_args(argc, argv, "21", &oid, &value, &critical);
-    StringValue(oid);
+    StringValueCStr(oid);
     StringValue(value);
     if(NIL_P(critical)) critical = Qfalse;
     nid = OBJ_ln2nid(RSTRING_PTR(oid));
     if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid));
-    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%s'", RSTRING_PTR(oid));
+    if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid);
     valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
     rb_str_append(valstr, value);
+    StringValueCStr(valstr);
     GetX509ExtFactory(self, ctx);
     obj = NewX509Ext(cX509Ext);
-#ifdef HAVE_X509V3_EXT_NCONF_NID
     rconf = rb_iv_get(self, "@config");
     conf = NIL_P(rconf) ? NULL : DupConfigPtr(rconf);
     X509V3_set_nconf(ctx, conf);
     ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
     X509V3_set_ctx_nodb(ctx);
     NCONF_free(conf);
-#else
-    if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
-    ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
-#endif
     if (!ext){
-	ossl_raise(eX509ExtError, "%s = %s",
-		   RSTRING_PTR(oid), RSTRING_PTR(value));
+	ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
     }
     SetX509Ext(obj, ext);
@@ -319,6 +298,25 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
+static VALUE
+ossl_x509ext_initialize_copy(VALUE self, VALUE other)
+{
+    X509_EXTENSION *ext, *ext_other, *ext_new;
+    rb_check_frozen(self);
+    GetX509Ext(self, ext);
+    SafeGetX509Ext(other, ext_other);
+    ext_new = X509_EXTENSION_dup(ext_other);
+    if (!ext_new)
+	ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
+    SetX509Ext(self, ext_new);
+    X509_EXTENSION_free(ext);
+    return self;
+}
 static VALUE
 ossl_x509ext_set_oid(VALUE self, VALUE oid)
 {
@@ -402,7 +400,7 @@ ossl_x509ext_get_value(VALUE obj)
     if (!(out = BIO_new(BIO_s_mem())))
 	ossl_raise(eX509ExtError, NULL);
     if (!X509V3_EXT_print(out, ext, 0, 0))
-	M_ASN1_OCTET_STRING_print(out, ext->value);
+	ASN1_STRING_print(out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
     ret = ossl_membio2str(out);
     return ret;
@@ -443,6 +441,13 @@ ossl_x509ext_to_der(VALUE obj)
 void
 Init_ossl_x509ext(void)
 {
+#undef rb_intern
+#if 0
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+    mX509 = rb_define_module_under(mOSSL, "X509");
+#endif
     eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError);
     cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject);
@@ -465,6 +470,7 @@ Init_ossl_x509ext(void)
     cX509Ext = rb_define_class_under(mX509, "Extension", rb_cObject);
     rb_define_alloc_func(cX509Ext, ossl_x509ext_alloc);
     rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1);
+    rb_define_copy_func(cX509Ext, ossl_x509ext_initialize_copy);
     rb_define_method(cX509Ext, "oid=", ossl_x509ext_set_oid, 1);
     rb_define_method(cX509Ext, "value=", ossl_x509ext_set_value, 1);
     rb_define_method(cX509Ext, "critical=", ossl_x509ext_set_critical, 1);

data/ext/rubysl/openssl/ossl_x509name.c CHANGED Viewed

@@ -181,6 +181,25 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
+static VALUE
+ossl_x509name_initialize_copy(VALUE self, VALUE other)
+{
+    X509_NAME *name, *name_other, *name_new;
+    rb_check_frozen(self);
+    GetX509Name(self, name);
+    SafeGetX509Name(other, name_other);
+    name_new = X509_NAME_dup(name_other);
+    if (!name_new)
+	ossl_raise(eX509NameError, "X509_NAME_dup");
+    SetX509Name(self, name_new);
+    X509_NAME_free(name);
+    return self;
+}
 /*
  * call-seq:
  *    name.add_entry(oid, value [, type]) => self
@@ -220,14 +239,31 @@ ossl_x509name_to_s_old(VALUE self)
 {
     X509_NAME *name;
     char *buf;
-    VALUE str;
     GetX509Name(self, name);
     buf = X509_NAME_oneline(name, NULL, 0);
-    str = rb_str_new2(buf);
-    OPENSSL_free(buf);
+    if (!buf)
+	ossl_raise(eX509NameError, "X509_NAME_oneline");
+    return ossl_buf2str(buf, rb_long2int(strlen(buf)));
+}
-    return str;
+static VALUE
+x509name_print(VALUE self, unsigned long iflag)
+{
+    X509_NAME *name;
+    BIO *out;
+    int ret;
+    GetX509Name(self, name);
+    out = BIO_new(BIO_s_mem());
+    if (!out)
+	ossl_raise(eX509NameError, NULL);
+    ret = X509_NAME_print_ex(out, name, 0, iflag);
+    if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
+	BIO_free(out);
+	ossl_raise(eX509NameError, "X509_NAME_print_ex");
+    }
+    return ossl_membio2str(out);
 }
 /*
@@ -245,25 +281,12 @@ ossl_x509name_to_s_old(VALUE self)
 static VALUE
 ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
 {
-    X509_NAME *name;
-    VALUE flag, str;
-    BIO *out;
-    unsigned long iflag;
-    rb_scan_args(argc, argv, "01", &flag);
-    if (NIL_P(flag))
+    rb_check_arity(argc, 0, 1);
+    /* name.to_s(nil) was allowed */
+    if (!argc || NIL_P(argv[0]))
 	return ossl_x509name_to_s_old(self);
-    else iflag = NUM2ULONG(flag);
-    if (!(out = BIO_new(BIO_s_mem())))
-	ossl_raise(eX509NameError, NULL);
-    GetX509Name(self, name);
-    if (!X509_NAME_print_ex(out, name, 0, iflag)){
-	BIO_free(out);
-	ossl_raise(eX509NameError, NULL);
-    }
-    str = ossl_membio2str(out);
-    return str;
+    else
+	return x509name_print(self, NUM2ULONG(argv[0]));
 }
 /*
@@ -282,6 +305,7 @@ ossl_x509name_to_a(VALUE self)
     char long_name[512];
     const char *short_name;
     VALUE ary, vname, ret;
+    ASN1_STRING *value;
     GetX509Name(self, name);
     entries = X509_NAME_entry_count(name);
@@ -294,7 +318,8 @@ ossl_x509name_to_a(VALUE self)
 	if (!(entry = X509_NAME_get_entry(name, i))) {
 	    ossl_raise(eX509NameError, NULL);
 	}
-	if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) {
+	if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name),
+			     X509_NAME_ENTRY_get_object(entry))) {
 	    ossl_raise(eX509NameError, NULL);
 	}
 	nid = OBJ_ln2nid(long_name);
@@ -304,10 +329,8 @@ ossl_x509name_to_a(VALUE self)
 	    short_name = OBJ_nid2sn(nid);
 	    vname = rb_str_new2(short_name); /*do not free*/
 	}
-	ary = rb_ary_new3(3,
-			  vname,
-        		  rb_str_new((const char *)entry->value->data, entry->value->length),
-        		  INT2FIX(entry->value->type));
+	value = X509_NAME_ENTRY_get_data(entry);
+	ary = rb_ary_new3(3, vname, asn1str_to_str(value), INT2NUM(value->type));
 	rb_ary_push(ret, ary);
     }
     return ret;
@@ -339,7 +362,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
     result = ossl_x509name_cmp0(self, other);
     if (result < 0) return INT2FIX(-1);
-    if (result > 1) return INT2FIX(1);
+    if (result > 0) return INT2FIX(1);
     return INT2FIX(0);
 }
@@ -353,12 +376,10 @@ ossl_x509name_cmp(VALUE self, VALUE other)
 static VALUE
 ossl_x509name_eql(VALUE self, VALUE other)
 {
-    int result;
+    if (!rb_obj_is_kind_of(other, cX509Name))
+	return Qfalse;
-    if(CLASS_OF(other) != cX509Name) return Qfalse;
-    result = ossl_x509name_cmp0(self, other);
-    return (result == 0) ? Qtrue : Qfalse;
+    return ossl_x509name_cmp0(self, other) == 0 ? Qtrue : Qfalse;
 }
 /*
@@ -445,8 +466,15 @@ ossl_x509name_to_der(VALUE self)
 void
 Init_ossl_x509name(void)
 {
+#undef rb_intern
     VALUE utf8str, ptrstr, ia5str, hash;
+#if 0
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+    mX509 = rb_define_module_under(mOSSL, "X509");
+#endif
     id_aref = rb_intern("[]");
     eX509NameError = rb_define_class_under(mX509, "NameError", eOSSLError);
     cX509Name = rb_define_class_under(mX509, "Name", rb_cObject);
@@ -455,6 +483,7 @@ Init_ossl_x509name(void)
     rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
     rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
+    rb_define_copy_func(cX509Name, ossl_x509name_initialize_copy);
     rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
     rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
     rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
@@ -471,8 +500,7 @@ Init_ossl_x509name(void)
     ptrstr = INT2NUM(V_ASN1_PRINTABLESTRING);
     ia5str = INT2NUM(V_ASN1_IA5STRING);
-    /* Document-const: DEFAULT_OBJECT_TYPE
-     *
+    /*
      * The default object type for name entries.
      */
     rb_define_const(cX509Name, "DEFAULT_OBJECT_TYPE", utf8str);
@@ -486,14 +514,12 @@ Init_ossl_x509name(void)
     rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
     rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
-    /* Document-const: OBJECT_TYPE_TEMPLATE
-     *
+    /*
      * The default object type template for name entries.
      */
     rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
-    /* Document-const: COMPAT
-     *
+    /*
      * A flag for #to_s.
      *
      * Breaks the name returned into multiple lines if longer than 80
@@ -501,24 +527,21 @@ Init_ossl_x509name(void)
      */
     rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
-    /* Document-const: RFC2253
-     *
+    /*
      * A flag for #to_s.
      *
      * Returns an RFC2253 format name.
      */
     rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
-    /* Document-const: ONELINE
-     *
+    /*
      * A flag for #to_s.
      *
      * Returns a more readable format than RFC2253.
      */
     rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
-    /* Document-const: MULTILINE
-     *
+    /*
      * A flag for #to_s.
      *
      * Returns a multiline format.

data/ext/rubysl/openssl/ossl_x509req.c CHANGED Viewed

@@ -123,7 +123,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self)
 	return self;
     }
     arg = ossl_to_der_if_possible(arg);
-    in = ossl_obj2bio(arg);
+    in = ossl_obj2bio(&arg);
     req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL);
     DATA_PTR(self) = x;
     if (!req) {
@@ -160,8 +160,6 @@ ossl_x509req_to_pem(VALUE self)
 {
     X509_REQ *req;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -171,11 +169,8 @@ ossl_x509req_to_pem(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+    return ossl_membio2str(out);
 }
 static VALUE
@@ -203,8 +198,6 @@ ossl_x509req_to_text(VALUE self)
 {
     X509_REQ *req;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -214,11 +207,8 @@ ossl_x509req_to_text(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+    return ossl_membio2str(out);
 }
 #if 0
@@ -250,7 +240,7 @@ ossl_x509req_get_version(VALUE self)
     GetX509Req(self, req);
     version = X509_REQ_get_version(req);
-    return LONG2FIX(version);
+    return LONG2NUM(version);
 }
 static VALUE
@@ -259,12 +249,12 @@ ossl_x509req_set_version(VALUE self, VALUE version)
     X509_REQ *req;
     long ver;
-    if ((ver = FIX2LONG(version)) < 0) {
+    if ((ver = NUM2LONG(version)) < 0) {
 	ossl_raise(eX509ReqError, "version must be >= 0!");
     }
     GetX509Req(self, req);
     if (!X509_REQ_set_version(req, ver)) {
-	ossl_raise(eX509ReqError, NULL);
+	ossl_raise(eX509ReqError, "X509_REQ_set_version");
     }
     return version;
@@ -302,23 +292,21 @@ static VALUE
 ossl_x509req_get_signature_algorithm(VALUE self)
 {
     X509_REQ *req;
+    const X509_ALGOR *alg;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
 	ossl_raise(eX509ReqError, NULL);
     }
-    if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) {
+    X509_REQ_get0_signature(req, NULL, &alg);
+    if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+    return ossl_membio2str(out);
 }
 static VALUE
@@ -342,11 +330,10 @@ ossl_x509req_set_public_key(VALUE self, VALUE key)
     EVP_PKEY *pkey;
     GetX509Req(self, req);
-    pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
-    if (!X509_REQ_set_pubkey(req, pkey)) {
-	ossl_raise(eX509ReqError, NULL);
-    }
+    pkey = GetPKeyPtr(key);
+    ossl_pkey_check_public_key(pkey);
+    if (!X509_REQ_set_pubkey(req, pkey))
+	ossl_raise(eX509ReqError, "X509_REQ_set_pubkey");
     return key;
 }
@@ -375,18 +362,19 @@ ossl_x509req_verify(VALUE self, VALUE key)
 {
     X509_REQ *req;
     EVP_PKEY *pkey;
-    int i;
     GetX509Req(self, req);
-    pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
-    if ((i = X509_REQ_verify(req, pkey)) < 0) {
-	ossl_raise(eX509ReqError, NULL);
-    }
-    if (i > 0) {
+    pkey = GetPKeyPtr(key);
+    ossl_pkey_check_public_key(pkey);
+    switch (X509_REQ_verify(req, pkey)) {
+      case 1:
 	return Qtrue;
+      case 0:
+	ossl_clear_error();
+	return Qfalse;
+      default:
+	ossl_raise(eX509ReqError, NULL);
     }
-    return Qfalse;
 }
 static VALUE
@@ -426,8 +414,8 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
     }
     GetX509Req(self, req);
-    sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
-    req->req_info->attributes = NULL;
+    while ((attr = X509_REQ_delete_attr(req, 0)))
+	X509_ATTRIBUTE_free(attr);
     for (i=0;i<RARRAY_LEN(ary); i++) {
 	item = RARRAY_AREF(ary, i);
 	attr = GetX509AttrPtr(item);
@@ -457,6 +445,12 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr)
 void
 Init_ossl_x509req(void)
 {
+#if 0
+    mOSSL = rb_define_module("OpenSSL");
+    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
+    mX509 = rb_define_module_under(mOSSL, "X509");
+#endif
     eX509ReqError = rb_define_class_under(mX509, "RequestError", eOSSLError);
     cX509Req = rb_define_class_under(mX509, "Request", rb_cObject);