mirror of
https://github.com/ruby/ruby.git
synced 2025-08-15 13:39:04 +02:00
1ae1696195
* ext/openssl/ossl_ssl_session.c
(ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by
backporting. (see [ruby-dev:40573]) use long in according to
OpenSSL API. (SSL_SESSION_{get,set}_time{,out})
* ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper
for X509_NAME_hash_old in OpenSSL 1.0.0.
* test/openssl/test_x509name.rb (test_hash): make test pass with
OpenSSL 1.0.0.
* test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5.
* PKey::PKey#verify raises an exception when a given PKey does not
match with signature.
* PKey::DSA#sign accepts SHA1, SHA256 other than DSS1.
* backport the commit from trunk:
Sun Feb 28 11:49:35 2010 NARUSE, Yui <naruse@ruby-lang.org>
* openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0.
patched by Jeroen van Meeuwen at [ruby-core:25210]
fixed by Nobuyoshi Nakada [ruby-core:25238],
Hongli Lai [ruby-core:27417],
and Motohiro KOSAKI [ruby-core:28063]
* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab),
(ossl_ssl_cipher_to_ary): constified.
* ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls):
split pkcs7_get_certs_or_crls.
* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
* ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098
macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m.
OpenSSL 1.0.0beta5 has a slightly different definiton so it could
be a temporal workaround for 0.9.8 and 1.0.0 dual support.
* ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function
definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0
(0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1)
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use
SSL_SESSION_cmp and implement equality func by ousrself. See the
comment.
* ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0.
* ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which
exists.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28367 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
233 lines
4.8 KiB
C
233 lines
4.8 KiB
C
/*
|
|
* $Id$
|
|
* 'OpenSSL for Ruby' project
|
|
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
|
* All rights reserved.
|
|
*/
|
|
/*
|
|
* This program is licenced under the same licence as Ruby.
|
|
* (See the file 'LICENCE'.)
|
|
*/
|
|
#if !defined(_OSSL_H_)
|
|
#define _OSSL_H_
|
|
|
|
#include RUBY_EXTCONF_H
|
|
|
|
#if defined(__cplusplus)
|
|
extern "C" {
|
|
#endif
|
|
|
|
#if 0
|
|
mOSSL = rb_define_module("OpenSSL");
|
|
mX509 = rb_define_module_under(mOSSL, "X509");
|
|
#endif
|
|
|
|
/*
|
|
* OpenSSL has defined RFILE and Ruby has defined RFILE - so undef it!
|
|
*/
|
|
#if defined(RFILE) /*&& !defined(OSSL_DEBUG)*/
|
|
# undef RFILE
|
|
#endif
|
|
#include <ruby.h>
|
|
#include <rubyio.h>
|
|
|
|
/*
|
|
* Check the OpenSSL version
|
|
* The only supported are:
|
|
* OpenSSL >= 0.9.7
|
|
*/
|
|
#include <openssl/opensslv.h>
|
|
|
|
#ifdef HAVE_ASSERT_H
|
|
# include <assert.h>
|
|
#else
|
|
# define assert(condition)
|
|
#endif
|
|
|
|
#if defined(_WIN32)
|
|
# define OSSL_NO_CONF_API 1
|
|
# ifdef USE_WINSOCK2
|
|
# include <winsock2.h>
|
|
# else
|
|
# include <winsock.h>
|
|
# endif
|
|
#endif
|
|
#include <errno.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/asn1_mac.h>
|
|
#include <openssl/x509v3.h>
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/pkcs12.h>
|
|
#include <openssl/pkcs7.h>
|
|
#include <openssl/hmac.h>
|
|
#include <openssl/rand.h>
|
|
#include <openssl/conf.h>
|
|
#include <openssl/conf_api.h>
|
|
#undef X509_NAME
|
|
#undef PKCS7_SIGNER_INFO
|
|
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ST_ENGINE)
|
|
# define OSSL_ENGINE_ENABLED
|
|
# include <openssl/engine.h>
|
|
#endif
|
|
#if defined(HAVE_OPENSSL_OCSP_H)
|
|
# define OSSL_OCSP_ENABLED
|
|
# include <openssl/ocsp.h>
|
|
#endif
|
|
|
|
/*
|
|
* Common Module
|
|
*/
|
|
extern VALUE mOSSL;
|
|
|
|
/*
|
|
* Common Error Class
|
|
*/
|
|
extern VALUE eOSSLError;
|
|
|
|
/*
|
|
* CheckTypes
|
|
*/
|
|
#define OSSL_Check_Kind(obj, klass) do {\
|
|
if (!rb_obj_is_kind_of(obj, klass)) {\
|
|
ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected kind of %s)",\
|
|
rb_obj_classname(obj), rb_class2name(klass));\
|
|
}\
|
|
} while (0)
|
|
|
|
#define OSSL_Check_Instance(obj, klass) do {\
|
|
if (!rb_obj_is_instance_of(obj, klass)) {\
|
|
ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected instance of %s)",\
|
|
rb_obj_classname(obj), rb_class2name(klass));\
|
|
}\
|
|
} while (0)
|
|
|
|
#define OSSL_Check_Same_Class(obj1, obj2) do {\
|
|
if (!rb_obj_is_instance_of(obj1, rb_obj_class(obj2))) {\
|
|
ossl_raise(rb_eTypeError, "wrong argument type");\
|
|
}\
|
|
} while (0)
|
|
|
|
/*
|
|
* Compatibility
|
|
*/
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
#define STACK _STACK
|
|
#endif
|
|
|
|
/*
|
|
* String to HEXString conversion
|
|
*/
|
|
int string2hex(char *, int, char **, int *);
|
|
|
|
/*
|
|
* Data Conversion
|
|
*/
|
|
STACK_OF(X509) *ossl_x509_ary2sk0(VALUE);
|
|
STACK_OF(X509) *ossl_x509_ary2sk(VALUE);
|
|
STACK_OF(X509) *ossl_protect_x509_ary2sk(VALUE,int*);
|
|
VALUE ossl_x509_sk2ary(STACK_OF(X509) *certs);
|
|
VALUE ossl_x509crl_sk2ary(STACK_OF(X509_CRL) *crl);
|
|
VALUE ossl_buf2str(char *buf, int len);
|
|
#define ossl_str_adjust(str, p) \
|
|
do{\
|
|
int len = RSTRING_LEN(str);\
|
|
int newlen = (p) - (unsigned char*)RSTRING_PTR(str);\
|
|
assert(newlen <= len);\
|
|
rb_str_set_len(str, newlen);\
|
|
}while(0)
|
|
|
|
/*
|
|
* our default PEM callback
|
|
*/
|
|
int ossl_pem_passwd_cb(char *, int, int, void *);
|
|
|
|
/*
|
|
* ERRor messages
|
|
*/
|
|
#define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error())
|
|
NORETURN(void ossl_raise(VALUE, const char *, ...));
|
|
VALUE ossl_exc_new(VALUE, const char *, ...);
|
|
|
|
/*
|
|
* Verify callback
|
|
*/
|
|
extern int ossl_verify_cb_idx;
|
|
|
|
struct ossl_verify_cb_args {
|
|
VALUE proc;
|
|
VALUE preverify_ok;
|
|
VALUE store_ctx;
|
|
};
|
|
|
|
VALUE ossl_call_verify_cb_proc(struct ossl_verify_cb_args *);
|
|
int ossl_verify_cb(int, X509_STORE_CTX *);
|
|
|
|
/*
|
|
* String to DER String
|
|
*/
|
|
extern ID ossl_s_to_der;
|
|
VALUE ossl_to_der(VALUE);
|
|
VALUE ossl_to_der_if_possible(VALUE);
|
|
|
|
/*
|
|
* Debug
|
|
*/
|
|
extern VALUE dOSSL;
|
|
|
|
#if defined(HAVE_VA_ARGS_MACRO)
|
|
#define OSSL_Debug(...) do { \
|
|
if (dOSSL == Qtrue) { \
|
|
fprintf(stderr, "OSSL_DEBUG: "); \
|
|
fprintf(stderr, __VA_ARGS__); \
|
|
fprintf(stderr, " [%s:%d]\n", __FILE__, __LINE__); \
|
|
} \
|
|
} while (0)
|
|
|
|
#define OSSL_Warning(fmt, ...) do { \
|
|
OSSL_Debug(fmt, ##__VA_ARGS__); \
|
|
rb_warning(fmt, ##__VA_ARGS__); \
|
|
} while (0)
|
|
|
|
#define OSSL_Warn(fmt, ...) do { \
|
|
OSSL_Debug(fmt, ##__VA_ARGS__); \
|
|
rb_warn(fmt, ##__VA_ARGS__); \
|
|
} while (0)
|
|
#else
|
|
void ossl_debug(const char *, ...);
|
|
#define OSSL_Debug ossl_debug
|
|
#define OSSL_Warning rb_warning
|
|
#define OSSL_Warn rb_warn
|
|
#endif
|
|
|
|
/*
|
|
* Include all parts
|
|
*/
|
|
#include "openssl_missing.h"
|
|
#include "ruby_missing.h"
|
|
#include "ossl_asn1.h"
|
|
#include "ossl_bio.h"
|
|
#include "ossl_bn.h"
|
|
#include "ossl_cipher.h"
|
|
#include "ossl_config.h"
|
|
#include "ossl_digest.h"
|
|
#include "ossl_hmac.h"
|
|
#include "ossl_ns_spki.h"
|
|
#include "ossl_ocsp.h"
|
|
#include "ossl_pkcs12.h"
|
|
#include "ossl_pkcs7.h"
|
|
#include "ossl_pkcs5.h"
|
|
#include "ossl_pkey.h"
|
|
#include "ossl_rand.h"
|
|
#include "ossl_ssl.h"
|
|
#include "ossl_version.h"
|
|
#include "ossl_x509.h"
|
|
#include "ossl_engine.h"
|
|
|
|
void Init_openssl(void);
|
|
|
|
#if defined(__cplusplus)
|
|
}
|
|
#endif
|
|
|
|
#endif /* _OSSL_H_ */
|
|
|