rubysl-openssl 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
----
-SHA1:
-  metadata.gz: ec2fe860dc0818eb7d9e1adb4cbe97d99eee63c1
-  data.tar.gz: 5902d7b0637599095ba8b0ca8649dafc77a06d5f
-SHA512:
-  metadata.gz: 464e5e0a80b148566ddccdbd3d99a1cd7cf4a20ae3f6b6a83430b8f2d3ca86310f81050dd192f80a25e11ff2729afc0e23906b1876727dd77087376faa0a65a0
-  data.tar.gz: c72fe13a360ad5ca0c07bbc3820fa3c25a325187b06e75a020ebbb14cb90bd250584f052ea9041b611d0b9dc0e9808c7630aacd9c1c33f292e57b86fa4d9eee6
+--- 
+SHA1: 
+  metadata.gz: 6b3988369f86f1fbb46045c54d623c57099d55c5
+  data.tar.gz: 35112e17b1e09c08fb9418716efae287097b3356
+SHA512: 
+  metadata.gz: dc8425d85daf0d3605f1c6cac3015556df849c79d206efa71d629dbaa351473ac6c86c4bc5b17e250c50c7e62d42fab21114b38617ffcafe044a2708a3af12b2
+  data.tar.gz: 25dcc1ecb2117d1427d79c6f01d256e0a70e21c48a454a7ae3adfc517ec781a48384ecf27cb8423f0a912c7ef3df1b2e64b13d3ecd43572a28a11dbb8dba4c11

data/ext/rubysl/openssl/extconf.rb

@@ -31,9 +31,6 @@ if with_config("debug") or enable_config("debug")
   $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
 end
 
-# Nothing we can do about these problems.
-$CPPFLAGS += " -Wno-deprecated-declarations -Wno-pointer-sign"
-
 Logging::message "=== Checking for system dependent stuff... ===\n"
 have_library("nsl", "t_open")
 have_library("socket", "socket")
@@ -61,6 +58,9 @@ end
 unless have_header("openssl/conf_api.h")
   raise "OpenSSL 0.9.6 or later required."
 end
+unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
+  raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
+end
 
 Logging::message "=== Checking for OpenSSL features... ===\n"
 have_func("ERR_peek_last_error")
@@ -144,6 +144,7 @@ if checking_for('OpenSSL version is 0.9.7 or later') {
   }
   have_header("openssl/ocsp.h")
 end
+have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
 have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
 have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
 have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
@@ -153,5 +154,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTH
 Logging::message "=== Checking done. ===\n"
 
 create_header
-create_makefile("openssl/openssl")
+create_makefile("openssl/openssl") {|conf|
+  conf << "THREAD_MODEL = #{CONFIG["THREAD_MODEL"]}\n"
+}
 Logging::message "Done.\n"

data/ext/rubysl/openssl/openssl_missing.c

@@ -10,7 +10,7 @@
  */
 #include RUBY_EXTCONF_H
 
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ST_ENGINE)
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
 # include <openssl/engine.h>
 #endif
 #include <openssl/x509_vfy.h>
@@ -122,7 +122,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
 {
     memcpy(out, in, sizeof(EVP_CIPHER_CTX));
 
-#if defined(HAVE_ENGINE_ADD) && defined(HAVE_ST_ENGINE)
+#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
     if (in->engine) ENGINE_add(out->engine);
     if (in->cipher_data) {
 	out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);

data/ext/rubysl/openssl/ossl.c

@@ -293,10 +293,9 @@ ossl_to_der_if_possible(VALUE obj)
 static VALUE
 ossl_make_error(VALUE exc, const char *fmt, va_list args)
 {
-    char buf[BUFSIZ];
+    VALUE str = Qnil;
     const char *msg;
     long e;
-    int len = 0;
 
 #ifdef HAVE_ERR_PEEK_LAST_ERROR
     e = ERR_peek_last_error();
@@ -304,14 +303,20 @@ ossl_make_error(VALUE exc, const char *fmt, va_list args)
     e = ERR_peek_error();
 #endif
     if (fmt) {
-	len = vsnprintf(buf, BUFSIZ, fmt, args);
+	str = rb_sprintf(fmt, args);
     }
-    if (len < BUFSIZ && e) {
+    if (e) {
 	if (dOSSL == Qtrue) /* FULL INFO */
 	    msg = ERR_error_string(e, NULL);
 	else
 	    msg = ERR_reason_error_string(e);
-	len += snprintf(buf+len, BUFSIZ-len, "%s%s", (len ? ": " : ""), msg);
+	if (NIL_P(str)) {
+	    if (msg) str = rb_str_new_cstr(msg);
+	}
+	else {
+	    if (RSTRING_LEN(str)) rb_str_cat2(str, ": ");
+	    rb_str_cat2(str, msg ? msg : "(null)");
+	}
     }
     if (dOSSL == Qtrue){ /* show all errors on the stack */
 	while ((e = ERR_get_error()) != 0){
@@ -320,8 +325,8 @@ ossl_make_error(VALUE exc, const char *fmt, va_list args)
     }
     ERR_clear_error();
 
-    if(len > BUFSIZ) len = rb_long2int(strlen(buf));
-    return rb_exc_new(exc, buf, len);
+    if (NIL_P(str)) str = rb_str_new(0, 0);
+    return rb_exc_new3(exc, str);
 }
 
 void
@@ -461,33 +466,89 @@ ossl_fips_mode_set(VALUE self, VALUE enabled)
 /**
  * Stores locks needed for OpenSSL thread safety
  */
-static VALUE* ossl_locks;
+#include "ruby/thread_native.h"
+static rb_nativethread_lock_t *ossl_locks;
+
+static void
+ossl_lock_unlock(int mode, rb_nativethread_lock_t *lock)
+{
+    if (mode & CRYPTO_LOCK) {
+	rb_nativethread_lock_lock(lock);
+    } else {
+	rb_nativethread_lock_unlock(lock);
+    }
+}
+
+static void
+ossl_lock_callback(int mode, int type, const char *file, int line)
+{
+    ossl_lock_unlock(mode, &ossl_locks[type]);
+}
+
+struct CRYPTO_dynlock_value {
+    rb_nativethread_lock_t lock;
+};
+
+static struct CRYPTO_dynlock_value *
+ossl_dyn_create_callback(const char *file, int line)
+{
+    struct CRYPTO_dynlock_value *dynlock = (struct CRYPTO_dynlock_value *)OPENSSL_malloc((int)sizeof(struct CRYPTO_dynlock_value));
+    rb_nativethread_lock_initialize(&dynlock->lock);
+    return dynlock;
+}
+
+static void
+ossl_dyn_lock_callback(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)
+{
+    ossl_lock_unlock(mode, &l->lock);
+}
 
-static void ossl_lock_callback(int mode, int type, char *file, int line)
+static void
+ossl_dyn_destroy_callback(struct CRYPTO_dynlock_value *l, const char *file, int line)
 {
-  if (mode & CRYPTO_LOCK) {
-    rb_mutex_lock(ossl_locks[type]);
-  } else {
-    rb_mutex_unlock(ossl_locks[type]);
-  }
+    rb_nativethread_lock_destroy(&l->lock);
+    OPENSSL_free(l);
 }
 
+#ifdef HAVE_CRYPTO_THREADID_PTR
+static void ossl_threadid_func(CRYPTO_THREADID *id)
+{
+    /* register native thread id */
+    CRYPTO_THREADID_set_pointer(id, (void *)rb_nativethread_self());
+}
+#else
 static unsigned long ossl_thread_id(void)
 {
-  return NUM2ULONG(rb_obj_id(rb_thread_current()));
+    /* before OpenSSL 1.0, this is 'unsigned long' */
+    return (unsigned long)rb_nativethread_self();
 }
+#endif
 
 static void Init_ossl_locks(void)
 {
-  int i;
-  ossl_locks = (VALUE*) OPENSSL_malloc(CRYPTO_num_locks() * sizeof(VALUE));
-  for (i = 0; i < CRYPTO_num_locks(); i++) {
-    ossl_locks[i] = rb_mutex_new();
-    rb_global_variable(&(ossl_locks[i]));
-  }
-
-  CRYPTO_set_id_callback((unsigned long (*)())ossl_thread_id);
-  CRYPTO_set_locking_callback((void (*)())ossl_lock_callback);
+    int i;
+    int num_locks = CRYPTO_num_locks();
+
+    if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) {
+	rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks);
+    }
+    ossl_locks = (rb_nativethread_lock_t *) OPENSSL_malloc(num_locks * (int)sizeof(rb_nativethread_lock_t));
+    if (!ossl_locks) {
+	rb_raise(rb_eNoMemError, "CRYPTO_num_locks() is too big: %d", num_locks);
+    }
+    for (i = 0; i < num_locks; i++) {
+	rb_nativethread_lock_initialize(&ossl_locks[i]);
+    }
+
+#ifdef HAVE_CRYPTO_THREADID_PTR
+    CRYPTO_THREADID_set_callback(ossl_threadid_func);
+#else
+    CRYPTO_set_id_callback(ossl_thread_id);
+#endif
+    CRYPTO_set_locking_callback(ossl_lock_callback);
+    CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback);
+    CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback);
+    CRYPTO_set_dynlock_destroy_callback(ossl_dyn_destroy_callback);
 }
 
 /*
@@ -788,7 +849,7 @@ static void Init_ossl_locks(void)
  *   cipher = OpenSSL::Cipher::Cipher.new 'AES-128-CBC'
  *
  *   open 'ca_key.pem', 'w', 0400 do |io|
- *     io.write key.export(cipher, pass_phrase)
+ *     io.write ca_key.export(cipher, pass_phrase)
  *   end
  *
  * === CA Certificate
@@ -1021,6 +1082,11 @@ Init_openssl()
      */
     rb_define_const(mOSSL, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
 
+    /*
+     * Version of OpenSSL the ruby OpenSSL extension is running with
+     */
+    rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
+
     /*
      * Version number of OpenSSL the ruby OpenSSL extension was built with
      * (base 16)

data/ext/rubysl/openssl/ossl.h

@@ -28,7 +28,6 @@ extern "C" {
 #if defined(RFILE) /*&& !defined(OSSL_DEBUG)*/
 #  undef RFILE
 #endif
-#define RSTRING_NOT_MODIFIED 1
 #include <ruby.h>
 #include <ruby/io.h>
 #include <ruby/thread.h>
@@ -67,7 +66,7 @@ extern "C" {
 #include <openssl/conf_api.h>
 #undef X509_NAME
 #undef PKCS7_SIGNER_INFO
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ST_ENGINE)
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
 #  define OSSL_ENGINE_ENABLED
 #  include <openssl/engine.h>
 #endif
@@ -97,14 +96,14 @@ extern VALUE eOSSLError;
 #define OSSL_Check_Kind(obj, klass) do {\
   if (!rb_obj_is_kind_of((obj), (klass))) {\
     ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected kind of %s)",\
-               rb_obj_classname(obj), rb_class2name(klass));\
+               rb_obj_classname(obj), RSTRING_PTR(rb_class_name(klass)));\
   }\
 } while (0)
 
 #define OSSL_Check_Instance(obj, klass) do {\
   if (!rb_obj_is_instance_of((obj), (klass))) {\
     ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected instance of %s)",\
-               rb_obj_classname(obj), rb_class2name(klass));\
+               rb_obj_classname(obj), RSTRING_PTR(rb_class_name(klass)));\
   }\
 } while (0)
 

data/ext/rubysl/openssl/ossl_asn1.c

@@ -33,15 +33,22 @@ asn1time_to_time(ASN1_TIME *time)
 {
     struct tm tm;
     VALUE argv[6];
+    int count;
 
     if (!time || !time->data) return Qnil;
     memset(&tm, 0, sizeof(struct tm));
 
     switch (time->type) {
     case V_ASN1_UTCTIME:
-	if (sscanf((const char *)time->data, "%2d%2d%2d%2d%2d%2dZ", &tm.tm_year, &tm.tm_mon,
-    		&tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) {
-	    ossl_raise(rb_eTypeError, "bad UTCTIME format");
+	count = sscanf((const char *)time->data, "%2d%2d%2d%2d%2d%2dZ",
+		&tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min,
+		&tm.tm_sec);
+
+	if (count == 5) {
+	    tm.tm_sec = 0;
+	} else if (count != 6) {
+	    ossl_raise(rb_eTypeError, "bad UTCTIME format: \"%s\"",
+		    time->data);
 	}
 	if (tm.tm_year < 69) {
 	    tm.tm_year += 2000;
@@ -618,7 +625,7 @@ ossl_asn1_default_tag(VALUE obj)
     	tmp_class = rb_class_superclass(tmp_class);
     }
     ossl_raise(eASN1Error, "universal tag for %s not found",
-	       rb_class2name(CLASS_OF(obj)));
+	       rb_obj_class(obj));
 
     return -1; /* dummy */
 }
@@ -726,7 +733,7 @@ ossl_asn1data_initialize(VALUE self, VALUE value, VALUE tag, VALUE tag_class)
 }
 
 static VALUE
-join_der_i(VALUE i, VALUE str)
+join_der_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, str))
 {
     i = ossl_to_der_if_possible(i);
     StringValue(i);
@@ -1143,7 +1150,7 @@ ossl_asn1_initialize(int argc, VALUE *argv, VALUE self)
 	}
 	if(!SYMBOL_P(tag_class))
 	    ossl_raise(eASN1Error, "invalid tag class");
-	if(SYM2ID(tagging) == sIMPLICIT && NUM2INT(tag) > 31)
+	if(!NIL_P(tagging) && SYM2ID(tagging) == sIMPLICIT && NUM2INT(tag) > 31)
 	    ossl_raise(eASN1Error, "tag number for Universal too large");
     }
     else{
@@ -1351,6 +1358,17 @@ ossl_asn1cons_each(VALUE self)
     return self;
 }
 
+/*
+ * call-seq:
+ *    ObjectId.register(object_id, short_name, long_name)
+ *
+ * This adds a new ObjectId to the internal tables. Where +object_id+ is the
+ * numerical form, +short_name+ is the short name, and +long_name+ is the long
+ * name.
+ *
+ * Returns +true+ if successful. Raises an ASN1Error otherwise.
+ *
+ */
 static VALUE
 ossl_asn1obj_s_register(VALUE self, VALUE oid, VALUE sn, VALUE ln)
 {
@@ -1364,6 +1382,14 @@ ossl_asn1obj_s_register(VALUE self, VALUE oid, VALUE sn, VALUE ln)
     return Qtrue;
 }
 
+/* Document-method: OpenSSL::ASN1::ObjectId#sn
+ *
+ * The short name of the ObjectId, as defined in +openssl/objects.h+.
+ */
+/* Document-method: OpenSSL::ASN1::ObjectId#short_name
+ *
+ * #short_name is an alias to #sn
+ */
 static VALUE
 ossl_asn1obj_get_sn(VALUE self)
 {
@@ -1377,6 +1403,14 @@ ossl_asn1obj_get_sn(VALUE self)
     return ret;
 }
 
+/* Document-method: OpenSSL::ASN1::ObjectId#ln
+ *
+ * The long name of the ObjectId, as defined in +openssl/objects.h+.
+ */
+/* Document-method: OpenSSL::ASN1::ObjectId.long_name
+ *
+ * #long_name is an alias to #ln
+ */
 static VALUE
 ossl_asn1obj_get_ln(VALUE self)
 {
@@ -1390,6 +1424,10 @@ ossl_asn1obj_get_ln(VALUE self)
     return ret;
 }
 
+/* Document-method: OpenSSL::ASN1::ObjectId#oid
+ *
+ * The object identifier as a String.
+ */
 static VALUE
 ossl_asn1obj_get_oid(VALUE self)
 {
@@ -1771,6 +1809,10 @@ Init_ossl_asn1()
      *
      * == OpenSSL::ASN1::ObjectId
      *
+     * While OpenSSL::ASN1::ObjectId.new will allocate a new ObjectId, it is
+     * not typically allocated this way, but rather that are received from
+     * parsed ASN1 encodings.
+     *
      * === Additional attributes
      * * +sn+: the short name as defined in <openssl/objects.h>.
      * * +ln+: the long name as defined in <openssl/objects.h>.
@@ -1910,6 +1952,10 @@ do{\
     OSSL_ASN1_DEFINE_CLASS(EndOfContent, Data);
 
 
+    /* Document-class: OpenSSL::ASN1::ObjectId
+     *
+     * Represents the primitive object id for OpenSSL::ASN1
+     */
 #if 0
     cASN1ObjectId = rb_define_class_under(mASN1, "ObjectId", cASN1Primitive);  /* let rdoc know */
 #endif

data/ext/rubysl/openssl/ossl_bio.c

@@ -25,7 +25,7 @@ ossl_obj2bio(VALUE obj)
 
 	GetOpenFile(obj, fptr);
 	rb_io_check_readable(fptr);
-	if ((fd = dup(FPTR_TO_FD(fptr))) < 0){
+	if ((fd = rb_cloexec_dup(FPTR_TO_FD(fptr))) < 0){
 	    rb_sys_fail(0);
 	}
         rb_update_max_fd(fd);

data/ext/rubysl/openssl/ossl_bn.c

@@ -106,6 +106,7 @@ ossl_bn_alloc(VALUE klass)
  * call-seq:
  *    BN.new => aBN
  *    BN.new(bn) => aBN
+ *    BN.new(integer) => aBN
  *    BN.new(string) => aBN
  *    BN.new(string, 0 | 2 | 10 | 16) => aBN
  */
@@ -120,6 +121,40 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
 	base = NUM2INT(bs);
     }
 
+    if (RB_TYPE_P(str, T_FIXNUM)) {
+	long i;
+	unsigned char bin[sizeof(long)];
+	long n = FIX2LONG(str);
+	unsigned long un = labs(n);
+
+	for (i = sizeof(long) - 1; 0 <= i; i--) {
+	    bin[i] = un&0xff;
+	    un >>= 8;
+	}
+
+	GetBN(self, bn);
+	if (!BN_bin2bn(bin, sizeof(bin), bn)) {
+	    ossl_raise(eBNError, NULL);
+	}
+	if (n < 0) BN_set_negative(bn, 1);
+	return self;
+    }
+    else if (RB_TYPE_P(str, T_BIGNUM)) {
+        int len = rb_big_bytes_used(str);
+        unsigned char* bin = (unsigned char*)XMALLOC(len);
+
+        rb_big_pack(str, (unsigned long*)bin, len / sizeof(long));
+
+        GetBN(self, bn);
+	if (!BN_bin2bn(bin, len, bn)) {
+	    XFREE(bin);
+	    ossl_raise(eBNError, NULL);
+	}
+        XFREE(bin);
+
+	if (!RBIGNUM_SIGN(str)) BN_set_negative(bn, 1);
+	return self;
+    }
     if (RTEST(rb_obj_is_kind_of(str, cBN))) {
 	BIGNUM *other;
 
@@ -226,10 +261,10 @@ ossl_bn_to_i(VALUE self)
 
     GetBN(self, bn);
 
-    if (!(txt = BN_bn2dec(bn))) {
+    if (!(txt = BN_bn2hex(bn))) {
 	ossl_raise(eBNError, NULL);
     }
-    num = rb_cstr_to_inum(txt, 10, Qtrue);
+    num = rb_cstr_to_inum(txt, 16, Qtrue);
     OPENSSL_free(txt);
 
     return num;

data/ext/rubysl/openssl/ossl_cipher.c

@@ -213,7 +213,7 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode)
 	 * We deprecated the arguments for this method, but we decided
 	 * keeping this behaviour for backward compatibility.
 	 */
-	const char *cname  = rb_class2name(rb_obj_class(self));
+	VALUE cname  = rb_class_path(rb_obj_class(self));
 	rb_warn("arguments for %s#encrypt and %s#decrypt were deprecated; "
                 "use %s#pkcs5_keyivgen to derive key and IV",
                 cname, cname, cname);

data/ext/rubysl/openssl/ossl_config.c

@@ -15,6 +15,11 @@
  * Classes
  */
 VALUE cConfig;
+/* Document-class: OpenSSL::ConfigError
+ *
+ * General error for openssl library configuration files. Including formating,
+ * parsing errors, etc.
+ */
 VALUE eConfigError;
 
 /*
@@ -55,6 +60,10 @@ GetConfigPtr(VALUE obj)
     return conf;
 }
 
+/* Document-const: DEFAULT_CONFIG_FILE
+ *
+ * The default system configuration file for openssl
+ */
 
 /*
  * INIT

data/ext/rubysl/openssl/ossl_digest.c

@@ -296,6 +296,8 @@ ossl_digest_block_length(VALUE self)
 void
 Init_ossl_digest()
 {
+    rb_require("digest");
+
 #if 0
     mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
 #endif