rubysl-openssl 2.4.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/ext/rubysl/openssl/deprecation.rb +1 -0
  3. data/ext/rubysl/openssl/extconf.rb +6 -8
  4. data/ext/rubysl/openssl/openssl_missing.c +1 -3
  5. data/ext/rubysl/openssl/openssl_missing.h +1 -3
  6. data/ext/rubysl/openssl/ossl.c +15 -3
  7. data/ext/rubysl/openssl/ossl.h +5 -4
  8. data/ext/rubysl/openssl/ossl_asn1.c +19 -13
  9. data/ext/rubysl/openssl/ossl_asn1.h +1 -2
  10. data/ext/rubysl/openssl/ossl_bio.c +1 -2
  11. data/ext/rubysl/openssl/ossl_bio.h +1 -3
  12. data/ext/rubysl/openssl/ossl_bn.c +227 -90
  13. data/ext/rubysl/openssl/ossl_bn.h +1 -3
  14. data/ext/rubysl/openssl/ossl_cipher.c +5 -11
  15. data/ext/rubysl/openssl/ossl_cipher.h +1 -3
  16. data/ext/rubysl/openssl/ossl_config.c +1 -2
  17. data/ext/rubysl/openssl/ossl_config.h +1 -3
  18. data/ext/rubysl/openssl/ossl_digest.c +6 -7
  19. data/ext/rubysl/openssl/ossl_digest.h +1 -3
  20. data/ext/rubysl/openssl/ossl_engine.c +11 -7
  21. data/ext/rubysl/openssl/ossl_engine.h +1 -2
  22. data/ext/rubysl/openssl/ossl_hmac.c +1 -2
  23. data/ext/rubysl/openssl/ossl_hmac.h +1 -2
  24. data/ext/rubysl/openssl/ossl_ns_spki.c +7 -6
  25. data/ext/rubysl/openssl/ossl_ns_spki.h +1 -3
  26. data/ext/rubysl/openssl/ossl_ocsp.c +39 -25
  27. data/ext/rubysl/openssl/ossl_ocsp.h +1 -2
  28. data/ext/rubysl/openssl/ossl_pkcs12.c +10 -6
  29. data/ext/rubysl/openssl/ossl_pkcs12.h +1 -3
  30. data/ext/rubysl/openssl/ossl_pkcs5.c +0 -1
  31. data/ext/rubysl/openssl/ossl_pkcs7.c +29 -16
  32. data/ext/rubysl/openssl/ossl_pkcs7.h +1 -3
  33. data/ext/rubysl/openssl/ossl_pkey.c +10 -8
  34. data/ext/rubysl/openssl/ossl_pkey.h +5 -6
  35. data/ext/rubysl/openssl/ossl_pkey_dh.c +5 -74
  36. data/ext/rubysl/openssl/ossl_pkey_dsa.c +7 -6
  37. data/ext/rubysl/openssl/ossl_pkey_ec.c +4 -2
  38. data/ext/rubysl/openssl/ossl_pkey_rsa.c +5 -5
  39. data/ext/rubysl/openssl/ossl_rand.c +13 -5
  40. data/ext/rubysl/openssl/ossl_rand.h +1 -3
  41. data/ext/rubysl/openssl/ossl_ssl.c +334 -265
  42. data/ext/rubysl/openssl/ossl_ssl.h +1 -5
  43. data/ext/rubysl/openssl/ossl_ssl_session.c +5 -1
  44. data/ext/rubysl/openssl/ossl_version.h +1 -2
  45. data/ext/rubysl/openssl/ossl_x509.c +1 -3
  46. data/ext/rubysl/openssl/ossl_x509.h +1 -2
  47. data/ext/rubysl/openssl/ossl_x509attr.c +9 -6
  48. data/ext/rubysl/openssl/ossl_x509cert.c +14 -12
  49. data/ext/rubysl/openssl/ossl_x509crl.c +15 -13
  50. data/ext/rubysl/openssl/ossl_x509ext.c +13 -8
  51. data/ext/rubysl/openssl/ossl_x509name.c +9 -6
  52. data/ext/rubysl/openssl/ossl_x509req.c +12 -10
  53. data/ext/rubysl/openssl/ossl_x509revoked.c +12 -10
  54. data/ext/rubysl/openssl/ossl_x509store.c +17 -10
  55. data/ext/rubysl/openssl/ruby_missing.h +1 -2
  56. data/lib/openssl/bn.rb +2 -8
  57. data/lib/openssl/buffering.rb +3 -7
  58. data/lib/openssl/cipher.rb +3 -9
  59. data/lib/openssl/config.rb +2 -1
  60. data/lib/openssl/digest.rb +3 -10
  61. data/lib/openssl/pkey.rb +37 -0
  62. data/lib/openssl/ssl.rb +128 -17
  63. data/lib/openssl/x509.rb +2 -8
  64. data/lib/rubysl/openssl.rb +4 -7
  65. data/lib/rubysl/openssl/version.rb +1 -1
  66. metadata +12 -11
@@ -1,20 +1,21 @@
1
1
  /*
2
- * $Id: ossl_x509req.c 48815 2014-12-12 23:59:28Z nobu $
3
2
  * 'OpenSSL for Ruby' project
4
3
  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5
4
  * All rights reserved.
6
5
  */
7
6
  /*
8
- * This program is licenced under the same licence as Ruby.
7
+ * This program is licensed under the same licence as Ruby.
9
8
  * (See the file 'LICENCE'.)
10
9
  */
11
10
  #include "ossl.h"
12
11
 
13
- #define WrapX509Req(klass, obj, req) do { \
12
+ #define NewX509Req(klass) \
13
+ TypedData_Wrap_Struct((klass), &ossl_x509req_type, 0)
14
+ #define SetX509Req(obj, req) do { \
14
15
  if (!(req)) { \
15
16
  ossl_raise(rb_eRuntimeError, "Req wasn't initialized!"); \
16
17
  } \
17
- (obj) = TypedData_Wrap_Struct((klass), &ossl_x509req_type, (req)); \
18
+ RTYPEDDATA_DATA(obj) = (req); \
18
19
  } while (0)
19
20
  #define GetX509Req(obj, req) do { \
20
21
  TypedData_Get_Struct((obj), X509_REQ, &ossl_x509req_type, (req)); \
@@ -56,6 +57,7 @@ ossl_x509req_new(X509_REQ *req)
56
57
  X509_REQ *new;
57
58
  VALUE obj;
58
59
 
60
+ obj = NewX509Req(cX509Req);
59
61
  if (!req) {
60
62
  new = X509_REQ_new();
61
63
  } else {
@@ -64,7 +66,7 @@ ossl_x509req_new(X509_REQ *req)
64
66
  if (!new) {
65
67
  ossl_raise(eX509ReqError, NULL);
66
68
  }
67
- WrapX509Req(cX509Req, obj, new);
69
+ SetX509Req(obj, new);
68
70
 
69
71
  return obj;
70
72
  }
@@ -101,10 +103,11 @@ ossl_x509req_alloc(VALUE klass)
101
103
  X509_REQ *req;
102
104
  VALUE obj;
103
105
 
106
+ obj = NewX509Req(klass);
104
107
  if (!(req = X509_REQ_new())) {
105
108
  ossl_raise(eX509ReqError, NULL);
106
109
  }
107
- WrapX509Req(klass, obj, req);
110
+ SetX509Req(obj, req);
108
111
 
109
112
  return obj;
110
113
  }
@@ -415,18 +418,18 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
415
418
  {
416
419
  X509_REQ *req;
417
420
  X509_ATTRIBUTE *attr;
418
- int i;
421
+ long i;
419
422
  VALUE item;
420
423
 
421
424
  Check_Type(ary, T_ARRAY);
422
425
  for (i=0;i<RARRAY_LEN(ary); i++) {
423
- OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Attr);
426
+ OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
424
427
  }
425
428
  GetX509Req(self, req);
426
429
  sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
427
430
  req->req_info->attributes = NULL;
428
431
  for (i=0;i<RARRAY_LEN(ary); i++) {
429
- item = RARRAY_PTR(ary)[i];
432
+ item = RARRAY_AREF(ary, i);
430
433
  attr = DupX509AttrPtr(item);
431
434
  if (!X509_REQ_add1_attr(req, attr)) {
432
435
  ossl_raise(eX509ReqError, NULL);
@@ -479,4 +482,3 @@ Init_ossl_x509req(void)
479
482
  rb_define_method(cX509Req, "attributes=", ossl_x509req_set_attributes, 1);
480
483
  rb_define_method(cX509Req, "add_attribute", ossl_x509req_add_attribute, 1);
481
484
  }
482
-
@@ -1,20 +1,21 @@
1
1
  /*
2
- * $Id: ossl_x509revoked.c 48816 2014-12-12 23:59:36Z nobu $
3
2
  * 'OpenSSL for Ruby' project
4
3
  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5
4
  * All rights reserved.
6
5
  */
7
6
  /*
8
- * This program is licenced under the same licence as Ruby.
7
+ * This program is licensed under the same licence as Ruby.
9
8
  * (See the file 'LICENCE'.)
10
9
  */
11
10
  #include "ossl.h"
12
11
 
13
- #define WrapX509Rev(klass, obj, rev) do { \
12
+ #define NewX509Rev(klass) \
13
+ TypedData_Wrap_Struct((klass), &ossl_x509rev_type, 0)
14
+ #define SetX509Rev(obj, rev) do { \
14
15
  if (!(rev)) { \
15
16
  ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \
16
17
  } \
17
- (obj) = TypedData_Wrap_Struct((klass), &ossl_x509rev_type, (rev)); \
18
+ RTYPEDDATA_DATA(obj) = (rev); \
18
19
  } while (0)
19
20
  #define GetX509Rev(obj, rev) do { \
20
21
  TypedData_Get_Struct((obj), X509_REVOKED, &ossl_x509rev_type, (rev)); \
@@ -56,6 +57,7 @@ ossl_x509revoked_new(X509_REVOKED *rev)
56
57
  X509_REVOKED *new;
57
58
  VALUE obj;
58
59
 
60
+ obj = NewX509Rev(cX509Rev);
59
61
  if (!rev) {
60
62
  new = X509_REVOKED_new();
61
63
  } else {
@@ -64,7 +66,7 @@ ossl_x509revoked_new(X509_REVOKED *rev)
64
66
  if (!new) {
65
67
  ossl_raise(eX509RevError, NULL);
66
68
  }
67
- WrapX509Rev(cX509Rev, obj, new);
69
+ SetX509Rev(obj, new);
68
70
 
69
71
  return obj;
70
72
  }
@@ -91,10 +93,11 @@ ossl_x509revoked_alloc(VALUE klass)
91
93
  X509_REVOKED *rev;
92
94
  VALUE obj;
93
95
 
96
+ obj = NewX509Rev(klass);
94
97
  if (!(rev = X509_REVOKED_new())) {
95
98
  ossl_raise(eX509RevError, NULL);
96
99
  }
97
- WrapX509Rev(klass, obj, rev);
100
+ SetX509Rev(obj, rev);
98
101
 
99
102
  return obj;
100
103
  }
@@ -185,18 +188,18 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
185
188
  {
186
189
  X509_REVOKED *rev;
187
190
  X509_EXTENSION *ext;
188
- int i;
191
+ long i;
189
192
  VALUE item;
190
193
 
191
194
  Check_Type(ary, T_ARRAY);
192
195
  for (i=0; i<RARRAY_LEN(ary); i++) {
193
- OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
196
+ OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
194
197
  }
195
198
  GetX509Rev(self, rev);
196
199
  sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
197
200
  rev->extensions = NULL;
198
201
  for (i=0; i<RARRAY_LEN(ary); i++) {
199
- item = RARRAY_PTR(ary)[i];
202
+ item = RARRAY_AREF(ary, i);
200
203
  ext = DupX509ExtPtr(item);
201
204
  if(!X509_REVOKED_add_ext(rev, ext, -1)) {
202
205
  ossl_raise(eX509RevError, NULL);
@@ -240,4 +243,3 @@ Init_ossl_x509revoked(void)
240
243
  rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1);
241
244
  rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1);
242
245
  }
243
-
@@ -1,20 +1,21 @@
1
1
  /*
2
- * $Id: ossl_x509store.c 48818 2014-12-13 00:06:54Z nobu $
3
2
  * 'OpenSSL for Ruby' project
4
3
  * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
5
4
  * All rights reserved.
6
5
  */
7
6
  /*
8
- * This program is licenced under the same licence as Ruby.
7
+ * This program is licensed under the same licence as Ruby.
9
8
  * (See the file 'LICENCE'.)
10
9
  */
11
10
  #include "ossl.h"
12
11
 
13
- #define WrapX509Store(klass, obj, st) do { \
12
+ #define NewX509Store(klass) \
13
+ TypedData_Wrap_Struct((klass), &ossl_x509store_type, 0)
14
+ #define SetX509Store(obj, st) do { \
14
15
  if (!(st)) { \
15
16
  ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \
16
17
  } \
17
- (obj) = TypedData_Wrap_Struct((klass), &ossl_x509store_type, (st)); \
18
+ RTYPEDDATA_DATA(obj) = (st); \
18
19
  } while (0)
19
20
  #define GetX509Store(obj, st) do { \
20
21
  TypedData_Get_Struct((obj), X509_STORE, &ossl_x509store_type, (st)); \
@@ -27,11 +28,13 @@
27
28
  GetX509Store((obj), (st)); \
28
29
  } while (0)
29
30
 
30
- #define WrapX509StCtx(klass, obj, ctx) do { \
31
+ #define NewX509StCtx(klass) \
32
+ TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, 0)
33
+ #define SetX509StCtx(obj, ctx) do { \
31
34
  if (!(ctx)) { \
32
35
  ossl_raise(rb_eRuntimeError, "STORE_CTX wasn't initialized!"); \
33
36
  } \
34
- (obj) = TypedData_Wrap_Struct((klass), &ossl_x509stctx_type, (ctx)); \
37
+ RTYPEDDATA_DATA(obj) = (ctx); \
35
38
  } while (0)
36
39
  #define GetX509StCtx(obj, ctx) do { \
37
40
  TypedData_Get_Struct((obj), X509_STORE_CTX, &ossl_x509stctx_type, (ctx)); \
@@ -73,7 +76,8 @@ ossl_x509store_new(X509_STORE *store)
73
76
  {
74
77
  VALUE obj;
75
78
 
76
- WrapX509Store(cX509Store, obj, store);
79
+ obj = NewX509Store(cX509Store);
80
+ SetX509Store(obj, store);
77
81
 
78
82
  return obj;
79
83
  }
@@ -108,10 +112,11 @@ ossl_x509store_alloc(VALUE klass)
108
112
  X509_STORE *store;
109
113
  VALUE obj;
110
114
 
115
+ obj = NewX509Store(klass);
111
116
  if((store = X509_STORE_new()) == NULL){
112
117
  ossl_raise(eX509StoreError, NULL);
113
118
  }
114
- WrapX509Store(klass, obj, store);
119
+ SetX509Store(obj, store);
115
120
 
116
121
  return obj;
117
122
  }
@@ -373,7 +378,8 @@ ossl_x509stctx_new(X509_STORE_CTX *ctx)
373
378
  {
374
379
  VALUE obj;
375
380
 
376
- WrapX509StCtx(cX509StoreContext, obj, ctx);
381
+ obj = NewX509StCtx(cX509StoreContext);
382
+ SetX509StCtx(obj, ctx);
377
383
 
378
384
  return obj;
379
385
  }
@@ -407,10 +413,11 @@ ossl_x509stctx_alloc(VALUE klass)
407
413
  X509_STORE_CTX *ctx;
408
414
  VALUE obj;
409
415
 
416
+ obj = NewX509StCtx(klass);
410
417
  if((ctx = X509_STORE_CTX_new()) == NULL){
411
418
  ossl_raise(eX509StoreError, NULL);
412
419
  }
413
- WrapX509StCtx(klass, obj, ctx);
420
+ SetX509StCtx(obj, ctx);
414
421
 
415
422
  return obj;
416
423
  }
@@ -1,11 +1,10 @@
1
1
  /*
2
- * $Id: ruby_missing.h 33843 2011-11-26 01:49:36Z emboss $
3
2
  * 'OpenSSL for Ruby' project
4
3
  * Copyright (C) 2001-2003 Michal Rokos <m.rokos@sh.cvut.cz>
5
4
  * All rights reserved.
6
5
  */
7
6
  /*
8
- * This program is licenced under the same licence as Ruby.
7
+ * This program is licensed under the same licence as Ruby.
9
8
  * (See the file 'LICENCE'.)
10
9
  */
11
10
  #if !defined(_OSSL_RUBY_MISSING_H_)
data/lib/openssl/bn.rb CHANGED
@@ -1,7 +1,6 @@
1
+ # frozen_string_literal: false
1
2
  #--
2
3
  #
3
- # $RCSfile$
4
- #
5
4
  # = Ruby-space definitions that completes C-space funcs for BN
6
5
  #
7
6
  # = Info
@@ -10,12 +9,8 @@
10
9
  # All rights reserved.
11
10
  #
12
11
  # = Licence
13
- # This program is licenced under the same licence as Ruby.
12
+ # This program is licensed under the same licence as Ruby.
14
13
  # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id: bn.rb 47647 2014-09-20 01:17:05Z akr $
18
- #
19
14
  #++
20
15
 
21
16
  module OpenSSL
@@ -42,4 +37,3 @@ class Integer
42
37
  OpenSSL::BN::new(self)
43
38
  end
44
39
  end # Integer
45
-
@@ -1,18 +1,14 @@
1
1
  # coding: binary
2
+ # frozen_string_literal: false
2
3
  #--
3
- #= $RCSfile$ -- Buffering mix-in module.
4
- #
5
4
  #= Info
6
5
  # 'OpenSSL for Ruby 2' project
7
6
  # Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
8
7
  # All rights reserved.
9
8
  #
10
9
  #= Licence
11
- # This program is licenced under the same licence as Ruby.
10
+ # This program is licensed under the same licence as Ruby.
12
11
  # (See the file 'LICENCE'.)
13
- #
14
- #= Version
15
- # $Id: buffering.rb 43964 2013-12-03 01:44:41Z drbrain $
16
12
  #++
17
13
 
18
14
  ##
@@ -213,7 +209,7 @@ module OpenSSL::Buffering
213
209
  else
214
210
  size = idx ? idx+eol.size : nil
215
211
  end
216
- if limit and limit >= 0
212
+ if size && limit && limit >= 0
217
213
  size = [size, limit].min
218
214
  end
219
215
  consume_rbuff(size)
@@ -1,7 +1,5 @@
1
+ # frozen_string_literal: false
1
2
  #--
2
- #
3
- # $RCSfile$
4
- #
5
3
  # = Ruby-space predefined Cipher subclasses
6
4
  #
7
5
  # = Info
@@ -10,12 +8,8 @@
10
8
  # All rights reserved.
11
9
  #
12
10
  # = Licence
13
- # This program is licenced under the same licence as Ruby.
11
+ # This program is licensed under the same licence as Ruby.
14
12
  # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id: cipher.rb 36895 2012-09-04 00:57:31Z nobu $
18
- #
19
13
  #++
20
14
 
21
15
  module OpenSSL
@@ -58,7 +52,7 @@ module OpenSSL
58
52
  end
59
53
 
60
54
  # This class is only provided for backwards compatibility. Use OpenSSL::Cipher in the future.
61
- class Cipher < ::OpenSSL::Cipher
55
+ class Cipher < Cipher
62
56
  # add warning
63
57
  end
64
58
  end # Cipher
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: false
1
2
  =begin
2
3
  = Ruby-space definitions that completes C-space funcs for Config
3
4
 
@@ -5,7 +6,7 @@
5
6
  Copyright (C) 2010 Hiroshi Nakamura <nahi@ruby-lang.org>
6
7
 
7
8
  = Licence
8
- This program is licenced under the same licence as Ruby.
9
+ This program is licensed under the same licence as Ruby.
9
10
  (See the file 'LICENCE'.)
10
11
 
11
12
  =end
@@ -1,7 +1,5 @@
1
+ # frozen_string_literal: false
1
2
  #--
2
- #
3
- # $RCSfile$
4
- #
5
3
  # = Ruby-space predefined Digest subclasses
6
4
  #
7
5
  # = Info
@@ -10,12 +8,8 @@
10
8
  # All rights reserved.
11
9
  #
12
10
  # = Licence
13
- # This program is licenced under the same licence as Ruby.
11
+ # This program is licensed under the same licence as Ruby.
14
12
  # (See the file 'LICENCE'.)
15
- #
16
- # = Version
17
- # $Id: digest.rb 44116 2013-12-10 07:16:03Z nobu $
18
- #
19
13
  #++
20
14
 
21
15
  module OpenSSL
@@ -56,7 +50,7 @@ module OpenSSL
56
50
  # Deprecated.
57
51
  #
58
52
  # This class is only provided for backwards compatibility.
59
- class Digest < ::OpenSSL::Digest # :nodoc:
53
+ class Digest < Digest # :nodoc:
60
54
  # Deprecated.
61
55
  #
62
56
  # See OpenSSL::Digest.new
@@ -85,4 +79,3 @@ module OpenSSL
85
79
  module_function :Digest
86
80
 
87
81
  end # OpenSSL
88
-
@@ -0,0 +1,37 @@
1
+ # frozen_string_literal: false
2
+ module OpenSSL
3
+ module PKey
4
+ if defined?(OpenSSL::PKey::DH)
5
+
6
+ class DH
7
+ DEFAULT_512 = new <<-_end_of_pem_
8
+ -----BEGIN DH PARAMETERS-----
9
+ MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
10
+ zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
11
+ -----END DH PARAMETERS-----
12
+ _end_of_pem_
13
+
14
+ DEFAULT_1024 = new <<-_end_of_pem_
15
+ -----BEGIN DH PARAMETERS-----
16
+ MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
17
+ AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
18
+ T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
19
+ -----END DH PARAMETERS-----
20
+ _end_of_pem_
21
+ end
22
+
23
+ DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
24
+ warn "using default DH parameters." if $VERBOSE
25
+ case keylen
26
+ when 512 then OpenSSL::PKey::DH::DEFAULT_512
27
+ when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
28
+ else
29
+ nil
30
+ end
31
+ }
32
+
33
+ else
34
+ DEFAULT_TMP_DH_CALLBACK = nil
35
+ end
36
+ end
37
+ end
data/lib/openssl/ssl.rb CHANGED
@@ -1,21 +1,17 @@
1
+ # frozen_string_literal: false
1
2
  =begin
2
- = $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL
3
-
4
3
  = Info
5
4
  'OpenSSL for Ruby 2' project
6
5
  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
7
6
  All rights reserved.
8
7
 
9
8
  = Licence
10
- This program is licenced under the same licence as Ruby.
9
+ This program is licensed under the same licence as Ruby.
11
10
  (See the file 'LICENCE'.)
12
-
13
- = Version
14
- $Id: ssl.rb 50293 2015-04-13 13:13:01Z nagachika $
15
11
  =end
16
12
 
17
13
  require "openssl/buffering"
18
- require "fcntl"
14
+ require "io/nonblock"
19
15
 
20
16
  module OpenSSL
21
17
  module SSL
@@ -74,6 +70,48 @@ module OpenSSL
74
70
  DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
75
71
  end
76
72
 
73
+ INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
74
+ "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
75
+ "verify_callback", "cert_store", "extra_chain_cert",
76
+ "client_cert_cb", "session_id_context", "tmp_dh_callback",
77
+ "session_get_cb", "session_new_cb", "session_remove_cb",
78
+ "tmp_ecdh_callback", "servername_cb", "npn_protocols",
79
+ "alpn_protocols", "alpn_select_cb",
80
+ "npn_select_cb"].map { |x| "@#{x}" }
81
+
82
+ # A callback invoked when DH parameters are required.
83
+ #
84
+ # The callback is invoked with the Session for the key exchange, an
85
+ # flag indicating the use of an export cipher and the keylength
86
+ # required.
87
+ #
88
+ # The callback must return an OpenSSL::PKey::DH instance of the correct
89
+ # key length.
90
+
91
+ attr_accessor :tmp_dh_callback
92
+
93
+ if ExtConfig::HAVE_TLSEXT_HOST_NAME
94
+ # A callback invoked at connect time to distinguish between multiple
95
+ # server names.
96
+ #
97
+ # The callback is invoked with an SSLSocket and a server name. The
98
+ # callback must return an SSLContext for the server name or nil.
99
+ attr_accessor :servername_cb
100
+ end
101
+
102
+ # call-seq:
103
+ # SSLContext.new => ctx
104
+ # SSLContext.new(:TLSv1) => ctx
105
+ # SSLContext.new("SSLv23_client") => ctx
106
+ #
107
+ # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
108
+ def initialize(version = nil)
109
+ INIT_VARS.each { |v| instance_variable_set v, nil }
110
+ self.options = self.options | OpenSSL::SSL::OP_ALL
111
+ return unless version
112
+ self.ssl_version = version
113
+ end
114
+
77
115
  ##
78
116
  # Sets the parameters for this SSL context to the values in +params+.
79
117
  # The keys in +params+ must be assignment methods on SSLContext.
@@ -124,15 +162,6 @@ module OpenSSL
124
162
  end
125
163
  end
126
164
 
127
- module Nonblock
128
- def initialize(*args)
129
- flag = File::NONBLOCK
130
- flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL)
131
- @io.fcntl(Fcntl::F_SETFL, flag)
132
- super
133
- end
134
- end
135
-
136
165
  def verify_certificate_identity(cert, hostname)
137
166
  should_verify_common_name = true
138
167
  cert.extensions.each{|ext|
@@ -220,7 +249,53 @@ module OpenSSL
220
249
  class SSLSocket
221
250
  include Buffering
222
251
  include SocketForwarder
223
- include Nonblock
252
+
253
+ if ExtConfig::OPENSSL_NO_SOCK
254
+ def initialize(io, ctx = nil); raise NotImplmentedError; end
255
+ else
256
+ if ExtConfig::HAVE_TLSEXT_HOST_NAME
257
+ attr_accessor :hostname
258
+ end
259
+
260
+ attr_reader :io, :context
261
+ attr_accessor :sync_close
262
+ alias :to_io :io
263
+
264
+ # call-seq:
265
+ # SSLSocket.new(io) => aSSLSocket
266
+ # SSLSocket.new(io, ctx) => aSSLSocket
267
+ #
268
+ # Creates a new SSL socket from +io+ which must be a real ruby object (not an
269
+ # IO-like object that responds to read/write).
270
+ #
271
+ # If +ctx+ is provided the SSL Sockets initial params will be taken from
272
+ # the context.
273
+ #
274
+ # The OpenSSL::Buffering module provides additional IO methods.
275
+ #
276
+ # This method will freeze the SSLContext if one is provided;
277
+ # however, session management is still allowed in the frozen SSLContext.
278
+
279
+ def initialize(io, context = OpenSSL::SSL::SSLContext.new)
280
+ @io = io
281
+ @context = context
282
+ @sync_close = false
283
+ @hostname = nil
284
+ @io.nonblock = true if @io.respond_to?(:nonblock=)
285
+ context.setup
286
+ super()
287
+ end
288
+ end
289
+
290
+ # call-seq:
291
+ # ssl.sysclose => nil
292
+ #
293
+ # Shuts down the SSL connection and prepares it for another connection.
294
+ def sysclose
295
+ return if closed?
296
+ stop
297
+ io.close if sync_close
298
+ end
224
299
 
225
300
  ##
226
301
  # Perform hostname verification after an SSL connection is established
@@ -228,6 +303,14 @@ module OpenSSL
228
303
  # This method MUST be called after calling #connect to ensure that the
229
304
  # hostname of a remote peer has been verified.
230
305
  def post_connection_check(hostname)
306
+ if peer_cert.nil?
307
+ msg = "Peer verification enabled, but no certificate received."
308
+ if using_anon_cipher?
309
+ msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
310
+ end
311
+ raise SSLError, msg
312
+ end
313
+
231
314
  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
232
315
  raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
233
316
  end
@@ -239,6 +322,34 @@ module OpenSSL
239
322
  rescue SSL::Session::SessionError
240
323
  nil
241
324
  end
325
+
326
+ private
327
+
328
+ def using_anon_cipher?
329
+ ctx = OpenSSL::SSL::SSLContext.new
330
+ ctx.ciphers = "aNULL"
331
+ ctx.ciphers.include?(cipher)
332
+ end
333
+
334
+ def client_cert_cb
335
+ @context.client_cert_cb
336
+ end
337
+
338
+ def tmp_dh_callback
339
+ @context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
340
+ end
341
+
342
+ def tmp_ecdh_callback
343
+ @context.tmp_ecdh_callback
344
+ end
345
+
346
+ def session_new_cb
347
+ @context.session_new_cb
348
+ end
349
+
350
+ def session_get_cb
351
+ @context.session_get_cb
352
+ end
242
353
  end
243
354
 
244
355
  ##