rubysl-openssl 0.0.1 → 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 76f5a7a94f60ad0a165b1917125508ceb550786b
+  data.tar.gz: 5bbe823de538860a62ad2194bee659aa1ea1d351
+SHA512:
+  metadata.gz: a9a604acb9afc7a04cd9c95553357d056d3b7ffb42b8cfa34f1423de7e3e30d98ba47341de7301f4da1a293215ac7082232249da067fa4e3ed9c7a798ea55e60
+  data.tar.gz: ff37c957590fee69b1587d7dbd529d27a695db35ab6ac852d40bb918dede59e4b1b20527b057e955b8bf99aaf23235eb6589c2c5dfcbe19df768bf9ba354486c

data/.gitignore

@@ -15,4 +15,3 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
-.rbx

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+env:
+  - RUBYLIB=lib
+script: bundle exec mspec
+rvm:
+  - 1.8.7
+  - rbx-nightly-18mode

data/README.md

@@ -1,4 +1,4 @@
-# RubySL::Openssl
+# Rubysl::Openssl
 
 TODO: Write a gem description
 
@@ -24,6 +24,6 @@ TODO: Write usage instructions here
 
 1. Fork it
 2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Added some feature'`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request

data/Rakefile

@@ -1,2 +1 @@
-#!/usr/bin/env rake
 require "bundler/gem_tasks"

data/ext/rubysl/openssl/extconf.h

@@ -0,0 +1,50 @@
+#ifndef EXTCONF_H
+#define EXTCONF_H
+#define HAVE_ASSERT_H 1
+#define HAVE_OPENSSL_SSL_H 1
+#define HAVE_OPENSSL_CONF_API_H 1
+#define HAVE_ERR_PEEK_LAST_ERROR 1
+#define HAVE_BN_MOD_ADD 1
+#define HAVE_BN_MOD_SQR 1
+#define HAVE_BN_MOD_SUB 1
+#define HAVE_BN_PSEUDO_RAND_RANGE 1
+#define HAVE_BN_RAND_RANGE 1
+#define HAVE_CONF_GET1_DEFAULT_CONFIG_FILE 1
+#define HAVE_EVP_CIPHER_CTX_SET_PADDING 1
+#define HAVE_EVP_CIPHERFINAL_EX 1
+#define HAVE_EVP_CIPHERINIT_EX 1
+#define HAVE_EVP_DIGESTFINAL_EX 1
+#define HAVE_EVP_DIGESTINIT_EX 1
+#define HAVE_EVP_MD_CTX_CLEANUP 1
+#define HAVE_EVP_MD_CTX_CREATE 1
+#define HAVE_EVP_MD_CTX_DESTROY 1
+#define HAVE_EVP_MD_CTX_INIT 1
+#define HAVE_HMAC_CTX_CLEANUP 1
+#define HAVE_HMAC_CTX_INIT 1
+#define HAVE_PEM_DEF_CALLBACK 1
+#define HAVE_PKCS5_PBKDF2_HMAC_SHA1 1
+#define HAVE_X509V3_SET_NCONF 1
+#define HAVE_X509V3_EXT_NCONF_NID 1
+#define HAVE_X509_CRL_ADD0_REVOKED 1
+#define HAVE_X509_CRL_SET_ISSUER_NAME 1
+#define HAVE_X509_CRL_SET_VERSION 1
+#define HAVE_X509_CRL_SORT 1
+#define HAVE_OBJ_NAME_DO_ALL_SORTED 1
+#define HAVE_SSL_SESSION_GET_ID 1
+#define HAVE_OPENSSL_CLEANSE 1
+#define HAVE_VA_ARGS_MACRO 1
+#define HAVE_SSLV2_METHOD 1
+#define HAVE_SSLV2_SERVER_METHOD 1
+#define HAVE_SSLV2_CLIENT_METHOD 1
+#define HAVE_SSL_SET_TLSEXT_HOST_NAME 1
+#define HAVE_OPENSSL_ENGINE_H 1
+#define HAVE_ENGINE_ADD 1
+#define HAVE_ENGINE_LOAD_BUILTIN_ENGINES 1
+#define HAVE_ENGINE_GET_DIGEST 1
+#define HAVE_ENGINE_GET_CIPHER 1
+#define HAVE_ENGINE_CLEANUP 1
+#define HAVE_OPENSSL_OCSP_H 1
+#define HAVE_ST_FLAGS 1
+#define HAVE_ST_ENGINE 1
+#define HAVE_ST_SINGLE 1
+#endif

data/ext/rubysl/openssl/extconf.rb

@@ -0,0 +1,144 @@
+=begin
+= $RCSfile$ -- Generator for Makefile
+
+= Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2002  Michal Rokos <m.rokos@sh.cvut.cz>
+  All rights reserved.
+
+= Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+= Version
+  $Id: extconf.rb 32234 2011-06-26 08:58:06Z shyouhei $
+=end
+
+require "mkmf"
+
+dir_config("openssl")
+dir_config("kerberos")
+
+message "=== OpenSSL for Ruby configurator ===\n"
+
+##
+# Adds -Wall -DOSSL_DEBUG for compilation and some more targets when GCC is used
+# To turn it on, use: --with-debug or --enable-debug
+#
+if with_config("debug") or enable_config("debug")
+  $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
+
+  if /gcc/ =~ CONFIG["CC"]
+    $CPPFLAGS += " -Wall" unless $CPPFLAGS.split.include? "-Wall"
+  end
+end
+
+# Nothing we can do about these problems.
+$CPPFLAGS += " -Wno-deprecated-declarations -Wno-pointer-sign"
+
+message "=== Checking for system dependent stuff... ===\n"
+have_library("nsl", "t_open")
+have_library("socket", "socket")
+have_header("assert.h")
+
+message "=== Checking for required stuff... ===\n"
+if $mingw
+  have_library("wsock32")
+  have_library("gdi32")
+end
+result = have_header("openssl/ssl.h")
+result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
+result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_library_init")}
+if !result
+  unless pkg_config("openssl") and have_header("openssl/ssl.h")
+    message "=== Checking for required stuff failed. ===\n"
+    message "Makefile wasn't created. Fix the errors above.\n"
+    exit 1
+  end
+end
+
+unless have_header("openssl/conf_api.h")
+  message "OpenSSL 0.9.6 or later required.\n"
+  exit 1
+end
+
+%w"rb_str_set_len rb_block_call".each {|func| have_func(func, "ruby.h")}
+
+message "=== Checking for OpenSSL features... ===\n"
+have_func("ERR_peek_last_error")
+have_func("BN_mod_add")
+have_func("BN_mod_sqr")
+have_func("BN_mod_sub")
+have_func("BN_pseudo_rand_range")
+have_func("BN_rand_range")
+have_func("CONF_get1_default_config_file")
+have_func("EVP_CIPHER_CTX_copy")
+have_func("EVP_CIPHER_CTX_set_padding")
+have_func("EVP_CipherFinal_ex")
+have_func("EVP_CipherInit_ex")
+have_func("EVP_DigestFinal_ex")
+have_func("EVP_DigestInit_ex")
+have_func("EVP_MD_CTX_cleanup")
+have_func("EVP_MD_CTX_create")
+have_func("EVP_MD_CTX_destroy")
+have_func("EVP_MD_CTX_init")
+have_func("HMAC_CTX_cleanup")
+have_func("HMAC_CTX_copy")
+have_func("HMAC_CTX_init")
+have_func("PEM_def_callback")
+have_func("PKCS5_PBKDF2_HMAC")
+have_func("PKCS5_PBKDF2_HMAC_SHA1")
+have_func("X509V3_set_nconf")
+have_func("X509V3_EXT_nconf_nid")
+have_func("X509_CRL_add0_revoked")
+have_func("X509_CRL_set_issuer_name")
+have_func("X509_CRL_set_version")
+have_func("X509_CRL_sort")
+have_func("X509_NAME_hash_old")
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+have_func("OBJ_NAME_do_all_sorted")
+have_func("SSL_SESSION_get_id")
+have_func("OPENSSL_cleanse")
+if try_compile("#define FOO(...) foo(__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
+  $defs.push("-DHAVE_VA_ARGS_MACRO")
+end
+have_func("SSLv2_method")
+have_func("SSLv2_server_method")
+have_func("SSLv2_client_method")
+unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
+  have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
+end
+if have_header("openssl/engine.h")
+  have_func("ENGINE_add")
+  have_func("ENGINE_load_builtin_engines")
+  have_func("ENGINE_load_openbsd_dev_crypto")
+  have_func("ENGINE_get_digest")
+  have_func("ENGINE_get_cipher")
+  have_func("ENGINE_cleanup")
+  have_func("ENGINE_load_4758cca")
+  have_func("ENGINE_load_aep")
+  have_func("ENGINE_load_atalla")
+  have_func("ENGINE_load_chil")
+  have_func("ENGINE_load_cswift")
+  have_func("ENGINE_load_nuron")
+  have_func("ENGINE_load_sureware")
+  have_func("ENGINE_load_ubsec")
+end
+if try_compile(<<SRC)
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# error "OpenSSL version is less than 0.9.7."
+#endif
+SRC
+  have_header("openssl/ocsp.h")
+end
+have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
+have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
+have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
+
+message "=== Checking done. ===\n"
+
+create_header
+create_makefile("openssl/openssl")
+message "Done.\n"

data/ext/rubysl/openssl/openssl_missing.c

@@ -0,0 +1,343 @@
+/*
+ * $Id: openssl_missing.c 16467 2008-05-19 03:00:52Z knu $
+ * 'OpenSSL for Ruby' project
+ * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
+ * All rights reserved.
+ */
+/*
+ * This program is licenced under the same licence as Ruby.
+ * (See the file 'LICENCE'.)
+ */
+#include RUBY_EXTCONF_H
+
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ST_ENGINE)
+# include <openssl/engine.h>
+#endif
+#include <openssl/x509_vfy.h>
+
+#if !defined(OPENSSL_NO_HMAC)
+#include <string.h> /* memcpy() */
+#include <openssl/hmac.h>
+
+#include "openssl_missing.h"
+
+#if !defined(HAVE_HMAC_CTX_COPY)
+void
+HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
+{
+    if (!out || !in) return;
+    memcpy(out, in, sizeof(HMAC_CTX));
+
+    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
+    EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
+    EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
+}
+#endif /* HAVE_HMAC_CTX_COPY */
+#endif /* NO_HMAC */
+
+#if !defined(HAVE_X509_STORE_SET_EX_DATA)
+
+int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&str->ex_data, idx, data);
+}
+ 
+void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
+{
+    return CRYPTO_get_ex_data(&str->ex_data, idx);
+}
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_CREATE)
+EVP_MD_CTX *
+EVP_MD_CTX_create(void)
+{
+    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
+    if (!ctx) return NULL;
+
+    memset(ctx, 0, sizeof(EVP_MD_CTX));
+
+    return ctx;
+}
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
+int
+EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+{
+    /* FIXME!!! */
+    memset(ctx, 0, sizeof(EVP_MD_CTX));
+
+    return 1;
+}
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_DESTROY)
+void
+EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+{
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_INIT)
+void
+EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+{
+    memset(ctx, 0, sizeof(EVP_MD_CTX));
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_INIT)
+void
+HMAC_CTX_init(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_init(&ctx->i_ctx);
+    EVP_MD_CTX_init(&ctx->o_ctx);
+    EVP_MD_CTX_init(&ctx->md_ctx);
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_CLEANUP)
+void
+HMAC_CTX_cleanup(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_cleanup(&ctx->i_ctx);
+    EVP_MD_CTX_cleanup(&ctx->o_ctx);
+    EVP_MD_CTX_cleanup(&ctx->md_ctx);
+    memset(ctx, 0, sizeof(HMAC_CTX));
+}
+#endif
+
+#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+/* 
+ * this function does not exist in OpenSSL yet... or ever?.
+ * a future version may break this function.
+ * tested on 0.9.7d.
+ */
+int
+EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
+{
+    memcpy(out, in, sizeof(EVP_CIPHER_CTX));
+
+#if defined(HAVE_ENGINE_ADD) && defined(HAVE_ST_ENGINE)
+    if (in->engine) ENGINE_add(out->engine);
+    if (in->cipher_data) {
+	out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+	memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+    }
+#endif
+
+    return 1;
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_SET_VERSION)
+int
+X509_CRL_set_version(X509_CRL *x, long version)
+{
+    if (x == NULL || x->crl == NULL) return 0;
+    if (x->crl->version == NULL) {
+	x->crl->version = M_ASN1_INTEGER_new();
+	if (x->crl->version == NULL) return 0;
+    }
+    return ASN1_INTEGER_set(x->crl->version, version);
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
+int
+X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+{
+    if (x == NULL || x->crl == NULL) return 0;
+    return X509_NAME_set(&x->crl->issuer, name);
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_SORT)
+int
+X509_CRL_sort(X509_CRL *c)
+{
+    int i;
+    X509_REVOKED *r;
+    /* sort the data so it will be written in serial
+     * number order */
+    sk_X509_REVOKED_sort(c->crl->revoked);
+    for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) {
+	r=sk_X509_REVOKED_value(c->crl->revoked, i);
+	r->sequence=i;
+    }
+    return 1;
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
+static int
+OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
+{
+    return(ASN1_STRING_cmp(
+		(ASN1_STRING *)(*a)->serialNumber,
+		(ASN1_STRING *)(*b)->serialNumber));
+}
+		    
+int
+X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+    X509_CRL_INFO *inf;
+    
+    inf = crl->crl;
+    if (!inf->revoked)
+	inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
+    if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev))
+	return 0;
+    return 1;
+}
+#endif
+
+#if !defined(HAVE_BN_MOD_SQR)
+int
+BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_sqr(r, (BIGNUM*)a, ctx)) return 0;
+    return BN_mod(r, r, m, ctx);
+}
+#endif
+
+#if !defined(HAVE_BN_MOD_ADD) || !defined(HAVE_BN_MOD_SUB)
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
+    if (!BN_mod(r,m,d,ctx)) return 0;
+    if (!r->neg) return 1;
+    return (d->neg ? BN_sub : BN_add)(r, r, d);
+}
+#endif
+
+#if !defined(HAVE_BN_MOD_ADD)
+int
+BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_add(r, a, b)) return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+#endif
+
+#if !defined(HAVE_BN_MOD_SUB)
+int
+BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_sub(r, a, b)) return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+#endif
+
+#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE)
+static int
+bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
+{
+    int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
+    int n;
+
+    if (range->neg || BN_is_zero(range)) return 0;
+
+    n = BN_num_bits(range);
+
+    if (n == 1) {
+	if (!BN_zero(r)) return 0;
+    } else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+	do {
+	    if (!bn_rand(r, n + 1, -1, 0)) return 0;
+	    if (BN_cmp(r ,range) >= 0) {
+		if (!BN_sub(r, r, range)) return 0;
+		if (BN_cmp(r, range) >= 0)
+		    if (!BN_sub(r, r, range)) return 0;
+	    }
+	} while (BN_cmp(r, range) >= 0);
+    } else {
+	do {
+	    if (!bn_rand(r, n, -1, 0)) return 0;
+	} while (BN_cmp(r, range) >= 0);
+    }
+
+    return 1;
+}
+#endif
+
+#if !defined(HAVE_BN_RAND_RANGE)
+int
+BN_rand_range(BIGNUM *r, BIGNUM *range)
+{
+    return bn_rand_range(0, r, range);
+}
+#endif
+
+#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
+int
+BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
+{
+    return bn_rand_range(1, r, range);
+}
+#endif
+
+#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
+#define OPENSSL_CONF "openssl.cnf"
+char *
+CONF_get1_default_config_file(void)
+{
+    char *file;
+    int len;
+
+    file = getenv("OPENSSL_CONF");
+    if (file) return BUF_strdup(file);
+    len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+    len++;
+#endif
+    len += strlen(OPENSSL_CONF);
+    file = OPENSSL_malloc(len + 1);
+    if (!file) return NULL;
+    strcpy(file,X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+    strcat(file,"/");
+#endif
+    strcat(file,OPENSSL_CONF);
+
+    return file;
+}
+#endif
+
+#if !defined(HAVE_PEM_DEF_CALLBACK)
+#define OSSL_PASS_MIN_LENGTH 4
+int
+PEM_def_callback(char *buf, int num, int w, void *key)
+{
+    int i,j;
+    const char *prompt;
+    
+    if (key) {
+	i = strlen(key);
+	i = (i > num) ? num : i;
+	memcpy(buf, key, i);
+	return i;
+    }
+
+    prompt = EVP_get_pw_prompt();
+    if (prompt == NULL) prompt = "Enter PEM pass phrase:";
+    for (;;) {
+	i = EVP_read_pw_string(buf, num, prompt, w);
+	if (i != 0) {
+	    memset(buf, 0, (unsigned int)num);
+	    return(-1);
+	}
+	j = strlen(buf);
+	if (j < OSSL_PASS_MIN_LENGTH) {
+	    fprintf(stderr,
+		    "phrase is too short, needs to be at least %d chars\n",
+		    OSSL_PASS_MIN_LENGTH);
+	}
+	else break;
+    }
+    return j;
+}
+#endif
+