diff options
| -rw-r--r-- | ChangeLog | 349 | ||||
| -rw-r--r-- | LICENCE | 12 | ||||
| -rw-r--r-- | README | 115 | ||||
| -rw-r--r-- | ToDo | 45 | ||||
| -rw-r--r-- | examples/01cert.pem (renamed from test/01cert.pem) | 0 | ||||
| -rw-r--r-- | examples/01crl.pem (renamed from test/01crl.pem) | 0 | ||||
| -rw-r--r-- | examples/01key.pem (renamed from test/01key.pem) | 0 | ||||
| -rw-r--r-- | examples/01pub.pem (renamed from test/01pub.pem) | 0 | ||||
| -rw-r--r-- | examples/01req.pem (renamed from test/01req.pem) | 0 | ||||
| -rw-r--r-- | examples/02cert.pem (renamed from test/02cert.pem) | 0 | ||||
| -rw-r--r-- | examples/02key.pem (renamed from test/02key.pem) | 0 | ||||
| -rw-r--r-- | examples/02req.pem (renamed from test/02req.pem) | 0 | ||||
| -rw-r--r-- | examples/0cert.pem (renamed from test/0cert.pem) | 0 | ||||
| -rw-r--r-- | examples/0key.pem (renamed from test/0key.pem) | 0 | ||||
| -rw-r--r-- | examples/1cert.pem (renamed from test/1cert.pem) | 0 | ||||
| -rw-r--r-- | examples/1key.pem (renamed from test/1key.pem) | 0 | ||||
| -rw-r--r-- | examples/c/hash.c (renamed from test/c/hash.c) | 0 | ||||
| -rw-r--r-- | examples/c/key.c (renamed from test/c/key.c) | 0 | ||||
| -rw-r--r-- | examples/cacert.pem (renamed from test/cacert.pem) | 0 | ||||
| -rw-r--r-- | examples/config.cnf (renamed from test/config.cnf) | 0 | ||||
| -rw-r--r-- | examples/data (renamed from test/data) | 0 | ||||
| -rwxr-xr-x | examples/gen_ca_cert.rb (renamed from test/gen_ca_cert.rb) | 0 | ||||
| -rwxr-xr-x | examples/gen_cert.rb (renamed from test/gen_cert.rb) | 0 | ||||
| -rwxr-xr-x | examples/key_hash.rb (renamed from test/key_hash.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_cipher.rb (renamed from test/ossl_cipher.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_config.rb (renamed from test/ossl_config.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_digest.rb (renamed from test/ossl_digest.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_pkey.rb (renamed from test/ossl_pkey.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_rsa.rb (renamed from test/ossl_rsa.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_x509.rb (renamed from test/ossl_x509.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_x509crl.rb (renamed from test/ossl_x509crl.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_x509req.rb (renamed from test/ossl_x509req.rb) | 0 | ||||
| -rwxr-xr-x | examples/ossl_x509store.rb (renamed from test/ossl_x509store.rb) | 0 | ||||
| -rwxr-xr-x | examples/pkcs7.rb (renamed from test/pkcs7.rb) | 0 | ||||
| -rw-r--r-- | examples/server.pem (renamed from test/server.pem) | 0 | ||||
| -rw-r--r-- | examples/spki.pem (renamed from test/spki.pem) | 0 | ||||
| -rw-r--r-- | examples/spki.rb (renamed from test/spki.rb) | 0 | ||||
| -rwxr-xr-x | examples/spki2cert.rb (renamed from test/spki2cert.rb) | 0 | ||||
| -rw-r--r-- | examples/spki_cert.pem (renamed from test/spki_cert.pem) | 0 | ||||
| -rw-r--r-- | examples/spki_dn.txt (renamed from test/spki_dn.txt) | 0 | ||||
| -rwxr-xr-x | examples/ssl/cli.rb (renamed from test/ssl/cli.rb) | 0 | ||||
| -rwxr-xr-x | examples/ssl/login.rb (renamed from test/ssl/login.rb) | 0 | ||||
| -rwxr-xr-x | examples/ssl/svr.rb (renamed from test/ssl/svr.rb) | 0 | ||||
| -rw-r--r-- | examples/ssl/verify_cb.rb (renamed from test/ssl/verify_cb.rb) | 0 | ||||
| -rwxr-xr-x | examples/ssl/wget.rb (renamed from test/ssl/wget.rb) | 0 | ||||
| -rw-r--r-- | examples/ssl/wget2.rb (renamed from test/ssl/wget2.rb) | 2 | ||||
| -rw-r--r-- | extconf.rb | 40 | ||||
| -rw-r--r-- | lib/net/https.rb | 18 | ||||
| -rw-r--r-- | lib/net/protocols.rb | 18 | ||||
| -rw-r--r-- | lib/net/telnets.rb | 15 | ||||
| -rw-r--r-- | lib/openssl.rb | 335 | ||||
| -rw-r--r-- | lib/openssl/bn.rb | 39 | ||||
| -rw-r--r-- | lib/openssl/buffering.rb | 12 | ||||
| -rw-r--r-- | lib/openssl/digest.rb | 42 | ||||
| -rw-r--r-- | lib/openssl/pkey.rb | 123 | ||||
| -rw-r--r-- | lib/openssl/ssl.rb | 42 | ||||
| -rw-r--r-- | lib/openssl/x509.rb | 186 | ||||
| -rw-r--r-- | lib/ssl.rb | 110 | ||||
| -rw-r--r-- | openssl_missing.c | 2 | ||||
| -rw-r--r-- | openssl_missing.h | 27 | ||||
| -rw-r--r-- | ossl.c | 66 | ||||
| -rw-r--r-- | ossl.h | 173 | ||||
| -rw-r--r-- | ossl_bn.c | 519 | ||||
| -rw-r--r-- | ossl_bn.h | 40 | ||||
| -rw-r--r-- | ossl_cipher.c | 70 | ||||
| -rw-r--r-- | ossl_cipher.h | 27 | ||||
| -rw-r--r-- | ossl_config.c | 2 | ||||
| -rw-r--r-- | ossl_digest.c | 261 | ||||
| -rw-r--r-- | ossl_digest.h | 40 | ||||
| -rw-r--r-- | ossl_hmac.c | 8 | ||||
| -rw-r--r-- | ossl_ns_spki.c | 2 | ||||
| -rw-r--r-- | ossl_pkcs7.c | 4 | ||||
| -rw-r--r-- | ossl_pkey.c | 12 | ||||
| -rw-r--r-- | ossl_pkey.h | 2 | ||||
| -rw-r--r-- | ossl_pkey_dh.c | 6 | ||||
| -rw-r--r-- | ossl_pkey_dsa.c | 4 | ||||
| -rw-r--r-- | ossl_pkey_rsa.c | 4 | ||||
| -rw-r--r-- | ossl_rand.c | 2 | ||||
| -rw-r--r-- | ossl_ssl.c | 7 | ||||
| -rw-r--r-- | ossl_version.h | 18 | ||||
| -rw-r--r-- | ossl_x509.c | 642 | ||||
| -rw-r--r-- | ossl_x509.h | 92 | ||||
| -rw-r--r-- | ossl_x509attr.c | 2 | ||||
| -rw-r--r-- | ossl_x509cert.c | 647 | ||||
| -rw-r--r-- | ossl_x509crl.c | 2 | ||||
| -rw-r--r-- | ossl_x509ext.c | 2 | ||||
| -rw-r--r-- | ossl_x509name.c | 2 | ||||
| -rw-r--r-- | ossl_x509req.c | 2 | ||||
| -rw-r--r-- | ossl_x509revoked.c | 2 | ||||
| -rw-r--r-- | ossl_x509store.c | 6 |
90 files changed, 2120 insertions, 2078 deletions
@@ -1,267 +1,84 @@ -$Id$ -'OpenSSL for Ruby' project -Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> -All rights reserved. - -$Log$ -Revision 1.37 2002/04/07 16:35:32 majkl - * Macros fixups - * X509ExtFactory cleanup - * fixed strptime warning on Linux - * X509::Certificate#version has been changed! - !!! WARNING !!! - x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...) - p x509.version -> 2, means that it is X509v3 - !!! WARNING !!! - -Revision 1.36 2002/03/11 21:35:39 majkl - * Cipher IV fixup - -Revision 1.35 2002/03/11 17:20:22 majkl - * Big internal cleanup (all structs with only 1 member rearranged) - * improved getting time_t from cTime - -Revision 1.34 2002/03/06 08:05:05 majkl - * build fix-ups - -Revision 1.33 2002/03/05 15:05:57 majkl - * WARNING! All to_str methods are not used any longer (use to_text instead) - * made an aliases to_pem as to_s - * more relaxed params checking - everywhere where string was needed it is OK that obj implements to_s method - -Revision 1.32 2002/02/23 07:28:00 majkl - * More benevolent checks (Check_SafeStr(x) -> Check_Type(x, T_STRING) - (where we don't care) - -Revision 1.31 2002/02/20 08:43:54 majkl - * Fixed some memory leaks - -Revision 1.30 2002/02/13 13:09:49 majkl - * transition from rb_raise to OSSL_Raise (where possible) - * some mem checks - * preliminary DH key support - -Revision 1.29 2002/02/06 13:47:00 majkl - * ossl-0.1.1 released - -Revision 1.28 2002/02/06 13:36:15 majkl - * Dropped Random class - * Added Random module - * Added egd interface to Random module - -Revision 1.27 2002/01/16 14:49:52 majkl - * really fixed strptime.c (silly me, thanks Hynek) - -Revision 1.26 2002/01/16 13:52:24 majkl - * fixed missing/strptime.c (Hynek) - * more strict format for UTC time (ossl.c - 'Z' in the end) - -Revision 1.25 2002/01/16 12:12:50 majkl - * selfdipatch BN implementation (test only) - * removed strncasecmp (for WIN32 made alias to _strnicmp) - * fixed missing/strptime.c (Hynek Rostinsky) - -Revision 1.24 2002/01/12 11:49:17 majkl - * fixed callbacks in ossl_(ssl|x509store).c - * added method X509::Store#verify_status= - -Revision 1.23 2002/01/10 19:32:23 majkl - * fixed and improved verify_callbacks in ossl_(ssl|x509store).c - * enhanced ossl_x509store.rb examples - -Revision 1.22 2002/01/10 17:33:16 majkl - * OpenSSL::Cipher::BITx constant == x (so BIT40 = 40,...) - -Revision 1.21 2002/01/10 13:46:09 majkl - * added OpenSSL-SNAPSHOT style NO_* (OPENSSL_NO_*) - * added AES cipher when compiled under OpenSSL-SNAPSHOT - * added warnings if the OpenSSL is compiled without some feature - * handle NO_RSA, NO_DSA in openssl.rb - * incremented version in ossl_version.h - -Revision 1.20 2002/01/10 00:44:17 majkl - * OpenSSL 0.9.6c support (BN) - * MS_CALLBACK to ossl_pkey_*.c - * Memory checking with OSSL_DEBUG - * API doc style change - -Revision 1.19 2002/01/06 16:18:32 majkl - * ossl-0.1.0 released - -Revision 1.18 2002/01/06 16:10:37 majkl - * BN is (somewhat) full imp. now - * Config reworked (get_value, get_section) - -Revision 1.17 2002/01/04 11:27:45 majkl - * API doc in README (but still not completed) - * missing str(ncasecmp|strptime).c files moved to missing/ - * ifdef NO_* handled - -Revision 1.16 2002/01/04 11:22:55 majkl - * SelfDispatching used for X509:: Name, Extension, Attribute - def XXX.new(arg) - XXX.send("new_from_#{arg.type.name.downcase}", arg) - end - - * RSA,DSA - 'new_from_pem', 'generate' singleton methods defined - 'new' - implemented in Ruby space - -Revision 1.15 2002/01/04 11:12:45 majkl - * Further checking (Check_SafeStr, memory leaks) - -Revision 1.14 2001/12/21 20:10:24 majkl -*** empty log message *** - -Revision 1.13 2001/12/21 20:10:12 majkl - * Memory checking - -Revision 1.12 2001/12/21 19:21:35 gotoyuzo - * fixed unusual usage of ## preprocessing token sequence. - -Revision 1.11 2001/12/13 18:08:58 majkl - * added bn methods (thanks to UNKNOWN <oss-ruby@technorama.net>) - * simplify ossl_digest sources - -Revision 1.10 2001/11/29 13:17:24 majkl - * Make work under MS Windows (strptime added) + doc in README - -Revision 1.9 2001/11/26 11:48:36 majkl - * Just forgot to add stuff to changelog... - -2001/11/21 majkl - * BN added (only proof of concept) - * indent changed - * rand.h to ossl.h added - -Revision 1.8 2001/11/21 09:37:03 gotoyuzo - * buffering.rb went under ``openssl'' directory. - -Revision 1.7 2001/11/20 19:39:37 majkl - * HMAC added - * Config came back - * API changed in PKCS7 (param. order) - * API changed in Cipher (can't add data in .new) - * indentation changed (only half of files, 2nd half to do) - * some API doc added to README - -Revision 1.6 2001/11/19 12:44:57 majkl - * added X509::Certificate .to_der - -2001/11/18 (ossl-0.0.9) - * all project is moved to savannah.gnu.org - * applied patch to make yielding optional (GOTOU Yuuzou - thanks!) - -2001/11/17 - * ossl_version.h - new file - * SSL::VERSION and SSL::OPENSSL_VERSION went under OpenSSL - * SSLSocket - connect and accept were reworked; use Mutex to protect verify_callback_proc from race condition - * SSLSocket - new allows certificate and pkey as filename - * ossl_x509_new_from_file() added - * ossl_pkey_new_from_file() added - * lib/ssl.rb added for migrations from old SSLSocket - * lib/net/* should follow above changes - -2001/11/16 - * added yielding when generating RSA key (see test/ossl_pkey.rb) - * added yielding when generating DSA key (see test/ossl_pkey.rb) - -2001/11/15 - * PKCS7::Signer - introduced - * PKCS7 - yield Signer when verifiing data - -2001/11/14 - * PKCS7 - sign is working, verify problem remains - * X509::Store - verify_callback implemented - * PKCS7 - verify is working! - -2001/11/13 - * PKCS7 added (not fully tested, but it seems to be working) - * some additions to X509::Store - -2001/11/12 - * added set_default_paths, load_locations(path) to X509::Store - * fixed StringValuePtr --> RSTRING()->ptr - -2001/11/06 (ossl-0.0.8) - * GOTOU Yuuzou: patches to lib/*.rb in order to mark his SSLlib as deprecated - * lib name is now 'openssl' (not 'OpenSSL' anymore - GOTOU Yuuzou's idea) - -2001/11/05 - * openssl_missing.c dropped :-)) - * PKeys reworked (Again? Am I mad???) - * sign/verify methods for RSA/DSA - compatibility tests needed! - -2001/11/02 (ossl-0.0.7) - * GOTOU Yuuzou: remove nasty warnings - make compilation clean (Thanks!) - * GOTOU Yuuzou: ossl_ssl.c cleanups, more error proof - * openssl_missing.c - for easy key _dups - * fixed completely dead ossl_pkey_new2, ossl_pkey_get_EVP_PKEY - * fixed ExtFactory's create_extension - * make test/ssl/svr.rb generate selfsigned cert (GOTOU Yuuzou's idea) - -2001/11/01 - * Added 'protect' method to X509::Store that denies freeing internal X509_STORE_CTX - * changed all // comments to /* */ (Gotou requested) - * brought back .ca_file, .ca_path (Gotou requested) - -2001/10/31 - * fixed serious BUG in PKey .encrypt, .decrypt - * disabled .enc/.dec for DSA since it's not supported from OpenSSL - * since I don't know how to _dup X509_STORE_CTX, free is disabled (SSLSocket is not segfaulting now) - * added lib/* from Yuuzou's project (nothing changed => TODO!) - * ported some SSL examples test/ssl/* (cli, svr, verify_cb, wget) - -2001/10/30 - * fixed PKey .public?, .private? - * SSL project from GOTOU Yuuzou <gotoyuzo@notwork.org> merged in (not tested, waiting for responce from Yuuzou) - * API for PKey to README - * DSS digest added (SHA for DSA) - * some more API to README - * really add challenge to SPKI ;-) - -2001/10/29 (ossl-0.0.6) - * openssl_missing.h added - * PKey reworked (some methods deleted, keys made Abstract) - * DSA keys added - * DSS1 digest added (SHA1 for DSA) - * PKey sign and verify added (see test/ossl_pkey.rb) - -2001/10/28 - * API doc for Cipers - * Random class and API for it to README - -2001/10/27 - * Challenge added to SPKI - * Added ChangeLog - * Added OpenSSL module functions for RAND (seed, load_random_file, write_random_file) - -2001/10/26 (ossl-0.0.5) - * Ciphers reworked, more general approach (less classes) - * All OpenSSL ciphers added - * Added cipher option to RSA - -2001/10/25 - * ExtensionMaker renamed to ExtensionFactory - * First Cipher class made (#of classes will be HUGE - is this good approach???) - * Whole project is now licenced under Ruby's licence - -2001/10/23 - * OpenSSL::Netscape::SPKI added - -2001/10/20 (ossl-0.0.4) - * step ahead to merge with Gotou Yuuzou <gotoyuzo@notwork.org>'s ssl project - * (X509::Store reworked - behave like gotoyuzo's ssl version) - * make build on FreeBSD (remove strndup) - GOTOU Yuuzou <gotoyuzo@notwork.org> contributed - -2001/10/19 - * add_extension methods added - * all (hopefully) setters to extension= frees old extensions mem. - * some changes to api (RSA mainly) - * openssl.cnf parser to be dropped??? - * lib and main module renamed to OpenSSL - * full modularization introduced (will you hate it?) - -2001/10/13 - * Extensions reworked (ExtensionMaker added) - * build fixed up (Robert Feldt <feldt@ce.chalmers.se>) +ChangeLog for +'OpenSSL for Ruby 2' project + + ### CHANGE LOG ### + +Mon, 3 Jun 2002 21:14:34 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * digest.c: new methods added to have the same protocol as Ruby's classes + Digest::digest(name, data) + Digest::hexdigest(name, data) + d.clone() + d.==(other) + * digest.rb: rewritten to eval + +Mon, 3 Jun 2002 17:23:10 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * digest.rb: new (holds predefined Digest classes) + * digest.c: redesigned (introduced runtime loading Digest algs from OpenSSL) + * digest.c: ported to Ruby 1.8 interface + * openssl.rb: added require for digest.rb + +Mon, 3 Jun 2002 13:19:34 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * x509.c renamed to x509cert.c + * x509.h: new (moved all bits related to x509 there) + * x509.c: new (moved init from ossl.c for all x509 related classes there) + +Mon, 3 Jun 2002 13:03:08 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * Moved all Error classes under eOSSLError + +Mon, 3 Jun 2002 12:50:57 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * cipher.h: new (moved bits from ossl.h) + * cipher.h: new MACROS: + OSSLCipherValue + OSSLCipherValuePtr + +Mon, 3 Jun 2002 11:27:46 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * digest.h: new file (moved bits from ossl.h there) + * digest.h: new MACROs: + OSSLWrapDigest + OSSLGetDigest + OSSLDigestValue + +Mon, 3 Jun 2002 10:55:44 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * bn.c: added methods mod_add, mod_sub, mod_sqr + +Mon, 3 Jun 2002 10:46:03 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * bn.c: ported to Ruby 1.8 interface (allocate, enable_super) + +Mon, 3 Jun 2002 10:22:17 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * moved from #ifdef, #ifndef to #if defined() + * renamed all Init_[^o] to Init_ossl_ + +Mon, 3 Jun 2002 09:46:43 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * bn.h: new (all .c will have it's .h to lower ossl.h size and increase modularity) + * bn.h: new MACROs introduced: + OSSLWrapBN - creates instance of BN (DOESN'T DUP THE ARG) + OSSLGetBN - gets BIGNUM with check (DOESN'T DUP THE BIGNUM FROM OBJ) + OSSLBNValue - alias to OSSL_Check_Instance(obj, cBN) + OSSLBNValuePtr - alias to ossl_bn_get_BIGNUM (DUPS THE BIGNUM FROM OBJ) + +Mon, 3 Jun 2002 01:17:07 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * dsa.c: removed MS_CALLBACK. + * dh.c: ditto. + * rsa.c: ditto. + * ssl.c: ditto. + * ossl.c: introduced generic error-class: OpenSSLError + * bn.c: initialize moved from Ruby-space to C-space + * bn.c: reordered method defs by 'man bn' + * bn.c: speed up math. ops by 1 global BN_CTX (dropped all local BN_CTXes and BN_CTX_inits) + +Sat, 1 Jun 2002 13:38:03 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * ossl.h: OSSL2 cannot be compiled if Ruby < 1.7.2 and OpenSSL < 0.9.7 + +Sat, 1 Jun 2002 11:49:40 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * Dropped all #if !defined(NO_*) dependences (stayed just OPENSSL_NO_*) + * Dropped all checks for OPENSSL_VERSION_NUMBER + +Sat, 1 Jun 2002 11:25:32 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * openssl.rb: splitted to openssl/bn.rb, openssl/pkey.rb, openssl/ssl.rb, and openssl/x509.rb + * lib/*: added proped descriptions + * bn.rb: simplified BN#initialize (TODO: move it to C-space) + +Sat, 1 Jun 2002 00:40:59 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * Started work on OSSL2 (Starting version = CVS 2002/04/07) + OSSL2 will support only upcomming Ruby 1.8 and OpenSSL 0.9.7. @@ -17,22 +17,22 @@ You can redistribute it and/or modify it under either the terms of the GPL b) use the modified software only within your corporation or organization. - c) rename any non-standard executables so the names do not conflict - with standard executables, which must also be provided. + c) give non-standard binaries non-standard names, with + instructions on where to get the original software distribution. d) make other distribution arrangements with the author. - 3. You may distribute the software in object code or executable - form, provided that you do at least ONE of the following: + 3. You may distribute the software in object code or binary form, + provided that you do at least ONE of the following: - a) distribute the executables and library files of the software, + a) distribute the binaries and library files of the software, together with instructions (in the manual page or equivalent) on where to get the original distribution. b) accompany the distribution with the machine-readable source of the software. - c) give non-standard executables non-standard names, with + c) give non-standard binaries non-standard names, with instructions on where to get the original software distribution. d) make other distribution arrangements with the author. @@ -1,75 +1,80 @@ -$Id$ -'OpenSSL for Ruby' project -Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> +'OpenSSL for Ruby 2' project +Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> All rights reserved. This program is licenced under the same licence as Ruby. (See the file 'LICENCE'.) + + $Id$ + + ['OpenSSL for Ruby' team members] -GOTOU Yuuzou <gotoyuzo@notwork.org> - SSL Socket implementation -Michal Rokos <m.rokos@sh.cvut.cz> - The rest (too long to enumerate), maintainer + GOTOU Yuuzou <gotoyuzo@notwork.org> - SSL Socket implementation + Michal Rokos <m.rokos@sh.cvut.cz> - The rest (too long to enumerate), maintainer [Contributors] -UNKNOWN <oss-ruby@technorama.net> - BN implementation core -Hynek Rostinsky <hynek.rostinsky@foresta.cz> - Windows platform fixes (strptime mainly) + UNKNOWN <oss-ruby@technorama.net> - BN implementation core + Hynek Rostinsky <hynek.rostinsky@foresta.cz> - Windows platform fixes (strptime mainly) [Done] (but not fully tested) -= PKey:: RSA,DSA keys - new, load, export -= X509::Certificate - generating new certs, load, looking inside -= X509::CRL - load, new, looking inside -= X509::Name - new, export, to_a, to_h (hash) -= X509::Revoked - new, looking inside (on parameters) -= X509::Store - new, import trusted certs and CRL, verifiing certs -= Digest::... - various hashes -= X509::Request - Cert requests -= X509::Attribute - as X509Request extensions (not tested) -= X509::Extension - to Certs, CRLs... -= X509::ExtensionMaker - for easy creating new Extensions -= Netscape::SPKI - for requests from NetscapeCommunicators -= Cipher::... - various ciphers -= basic PRNG functions (random generator) for OpenSSL module and class Random -= SSLSocket (merged Gotou Yuuzou's SSLsocket-Ruby project) -= PKCS7 (signing&data_verify is working, rest needs some testing) -= HMAC -= OpenSSL config file parser (part) -= BN (safe bignums) -= Diffie-Hellman + = PKey:: RSA,DSA keys - new, load, export + = X509::Certificate - generating new certs, load, looking inside + = X509::CRL - load, new, looking inside + = X509::Name - new, export, to_a, to_h (hash) + = X509::Revoked - new, looking inside (on parameters) + = X509::Store - new, import trusted certs and CRL, verifiing certs + = Digest::... - various hashes + = X509::Request - Cert requests + = X509::Attribute - as X509Request extensions (not tested) + = X509::Extension - to Certs, CRLs... + = X509::ExtensionMaker - for easy creating new Extensions + = Netscape::SPKI - for requests from NetscapeCommunicators + = Cipher::... - various ciphers + = basic PRNG functions (random generator) for OpenSSL module and class Random + = SSLSocket (merged Gotou Yuuzou's SSLsocket-Ruby project) + = PKCS7 (signing&data_verify is working, rest needs some testing) + = HMAC + = OpenSSL config file parser (part) + = BN (safe bignums) + = Diffie-Hellman [To-Do] -= check for memory leaking :-)) -= cleaner code -= examples -= RubyUnit to be used! -= API documentation -= comments to sources!!! -= further functionality to existing -= Std. Extensions, Attributes to be made as Classes? -= AttributeFactory? -= add aliases to to_pem as s_dump s_load to support Marshal module -= CipherFactory? -= autogen random IVs for Ciphers -= PKCS12 -= PKCS8 -= ASN.1 ??? -= BIO ??? -= compat tests for RSA/DSA sign/encrypt + = check for memory leaking :-)) + = cleaner code + = examples + = RubyUnit to be used! + = API documentation + = comments to sources!!! + = further functionality to existing + = Std. Extensions, Attributes to be made as Classes? + = AttributeFactory? + = add aliases to to_pem as s_dump s_load to support Marshal module + = CipherFactory? + = autogen random IVs for Ciphers + = PKCS12 + = PKCS8 + = ASN.1 ??? + = BIO ??? + = compat tests for RSA/DSA sign/encrypt [Requirements] Ruby >= 1.6.4 OpenSSL >= 0.9.6b [Instalation] -= Unix like systems: - ruby extconf.rb - make - su root -c make install - -= Windows like systems: - add to %PATH%: c:\openssl\bin (where the dlls lays) - ruby extconf.rb --with-openssl-include=c:\openssl\include --with-openssl-lib=c:\openssl\lib - (or ruby extconf.rb --with-openssl-dir=c:\openssl (NOT TESTED)) - nmake - nmake install + * Unix like systems: + ruby extconf.rb + make + su root -c make install + + * Windows like systems: + add to %PATH%: c:\openssl\bin (where the dlls lays) + ruby extconf.rb --with-openssl-include=c:\openssl\include --with-openssl-lib=c:\openssl\lib + (or ruby extconf.rb --with-openssl-dir=c:\openssl (NOT TESTED)) + nmake + nmake install + + * Developers can use 'ruby extconf.rb --with-debug' (or --enable-debug) [Documentation/API] Sorry, not done. See 'test' folder's examples and grep C sources for rb_define_*method :-)) @@ -0,0 +1,45 @@ +TODO list for +'OpenSSL for Ruby 2' project + +----------------------------------------------------------------------- +OpenSSL:: + * Move all Errors as child of OpenSSLError + * Implement Ruby 1.8 style of creating instances (see StringIO) + * Detailed object inspection (ie. all params for RSA) + * How to support HW crypto engines? + * Rename ANY classes to uniq ones + * Support more detailed requies (like: require 'openssl/crypto', require 'openssl/ssl')? + * WRITE TEST CASES! + * Use RDoc and write documentation to sources? + * Prune openssl_missing.[ch] + * Add SMIME, PKCS#8 + * Is there any need to implement BIO? (Wrap BIO to Ruby's IO?) + + BN:: + [DONE] Move initialize to Cspace + [DONE] Rethink type= (String or Integer?) [Integer!] + [DONE] Speed up math. ops by the Thread uniq BN_CTX [No - 1 global is OK (Ruby is not thread safe => Don't be afraid of this one)] + [DONE] Convert BN#to_s to Ruby-like behaviour + * introduce BN#pack for MPI, BIN (and call it from BN#to_s and BN#initialize)? + + Cipher:: + * Use Factory (Cipher.new("DES_EDE3_CBC"))? + + Conf:: + * Port it to new (0.9.7) interface + + Digest:: + * Use Factory (Digest.new("SHA1"))? + + HMAC:: + * Move it to Digest module? + + PKey:: + * Make it as class? + * Factory? RSA#initialize -> PKey.new("RSA")? + + SSL:: + * Support more conns via 1 SSL_CTX? + + X509:: + * Rethink X509::Attribute, and X509::Extension diff --git a/test/01cert.pem b/examples/01cert.pem index 15a8679..15a8679 100644 --- a/test/01cert.pem +++ b/examples/01cert.pem diff --git a/test/01crl.pem b/examples/01crl.pem index 0c9a48f..0c9a48f 100644 --- a/test/01crl.pem +++ b/examples/01crl.pem diff --git a/test/01key.pem b/examples/01key.pem index 913ed6f..913ed6f 100644 --- a/test/01key.pem +++ b/examples/01key.pem diff --git a/test/01pub.pem b/examples/01pub.pem index d3e9faa..d3e9faa 100644 --- a/test/01pub.pem +++ b/examples/01pub.pem diff --git a/test/01req.pem b/examples/01req.pem index a3400af..a3400af 100644 --- a/test/01req.pem +++ b/examples/01req.pem diff --git a/test/02cert.pem b/examples/02cert.pem index 2e948e8..2e948e8 100644 --- a/test/02cert.pem +++ b/examples/02cert.pem diff --git a/test/02key.pem b/examples/02key.pem index e2e8e08..e2e8e08 100644 --- a/test/02key.pem +++ b/examples/02key.pem diff --git a/test/02req.pem b/examples/02req.pem index 3fa9be4..3fa9be4 100644 --- a/test/02req.pem +++ b/examples/02req.pem diff --git a/test/0cert.pem b/examples/0cert.pem index cb383c7..cb383c7 100644 --- a/test/0cert.pem +++ b/examples/0cert.pem diff --git a/test/0key.pem b/examples/0key.pem index 0ef2deb..0ef2deb 100644 --- a/test/0key.pem +++ b/examples/0key.pem diff --git a/test/1cert.pem b/examples/1cert.pem index 34cfc3b..34cfc3b 100644 --- a/test/1cert.pem +++ b/examples/1cert.pem diff --git a/test/1key.pem b/examples/1key.pem index b82fc7f..b82fc7f 100644 --- a/test/1key.pem +++ b/examples/1key.pem diff --git a/test/c/hash.c b/examples/c/hash.c index 76f2fa4..76f2fa4 100644 --- a/test/c/hash.c +++ b/examples/c/hash.c diff --git a/test/c/key.c b/examples/c/key.c index 5f6cbf3..5f6cbf3 100644 --- a/test/c/key.c +++ b/examples/c/key.c diff --git a/test/cacert.pem b/examples/cacert.pem index 5b592ed..5b592ed 100644 --- a/test/cacert.pem +++ b/examples/cacert.pem diff --git a/test/config.cnf b/examples/config.cnf index 2c3fcda..2c3fcda 100644 --- a/test/config.cnf +++ b/examples/config.cnf diff --git a/test/data b/examples/data index 4effa19..4effa19 100644 --- a/test/data +++ b/examples/data diff --git a/test/gen_ca_cert.rb b/examples/gen_ca_cert.rb index 798a323..798a323 100755 --- a/test/gen_ca_cert.rb +++ b/examples/gen_ca_cert.rb diff --git a/test/gen_cert.rb b/examples/gen_cert.rb index 27bd2af..27bd2af 100755 --- a/test/gen_cert.rb +++ b/examples/gen_cert.rb diff --git a/test/key_hash.rb b/examples/key_hash.rb index 5af095c..5af095c 100755 --- a/test/key_hash.rb +++ b/examples/key_hash.rb diff --git a/test/ossl_cipher.rb b/examples/ossl_cipher.rb index 6a54dce..6a54dce 100755 --- a/test/ossl_cipher.rb +++ b/examples/ossl_cipher.rb diff --git a/test/ossl_config.rb b/examples/ossl_config.rb index e7f28b2..e7f28b2 100755 --- a/test/ossl_config.rb +++ b/examples/ossl_config.rb diff --git a/test/ossl_digest.rb b/examples/ossl_digest.rb index 0ea7e0e..0ea7e0e 100755 --- a/test/ossl_digest.rb +++ b/examples/ossl_digest.rb diff --git a/test/ossl_pkey.rb b/examples/ossl_pkey.rb index 1876ba4..1876ba4 100755 --- a/test/ossl_pkey.rb +++ b/examples/ossl_pkey.rb diff --git a/test/ossl_rsa.rb b/examples/ossl_rsa.rb index 266cece..266cece 100755 --- a/test/ossl_rsa.rb +++ b/examples/ossl_rsa.rb diff --git a/test/ossl_x509.rb b/examples/ossl_x509.rb index 6d6261e..6d6261e 100755 --- a/test/ossl_x509.rb +++ b/examples/ossl_x509.rb diff --git a/test/ossl_x509crl.rb b/examples/ossl_x509crl.rb index 7e19ac0..7e19ac0 100755 --- a/test/ossl_x509crl.rb +++ b/examples/ossl_x509crl.rb diff --git a/test/ossl_x509req.rb b/examples/ossl_x509req.rb index 215888e..215888e 100755 --- a/test/ossl_x509req.rb +++ b/examples/ossl_x509req.rb diff --git a/test/ossl_x509store.rb b/examples/ossl_x509store.rb index d70e85d..d70e85d 100755 --- a/test/ossl_x509store.rb +++ b/examples/ossl_x509store.rb diff --git a/test/pkcs7.rb b/examples/pkcs7.rb index 8bd479b..8bd479b 100755 --- a/test/pkcs7.rb +++ b/examples/pkcs7.rb diff --git a/test/server.pem b/examples/server.pem index 750aac2..750aac2 100644 --- a/test/server.pem +++ b/examples/server.pem diff --git a/test/spki.pem b/examples/spki.pem index ff3c03a..ff3c03a 100644 --- a/test/spki.pem +++ b/examples/spki.pem diff --git a/test/spki.rb b/examples/spki.rb index f97a163..f97a163 100644 --- a/test/spki.rb +++ b/examples/spki.rb diff --git a/test/spki2cert.rb b/examples/spki2cert.rb index a59796d..a59796d 100755 --- a/test/spki2cert.rb +++ b/examples/spki2cert.rb diff --git a/test/spki_cert.pem b/examples/spki_cert.pem index 3bb4396..3bb4396 100644 --- a/test/spki_cert.pem +++ b/examples/spki_cert.pem diff --git a/test/spki_dn.txt b/examples/spki_dn.txt index 44fcbfb..44fcbfb 100644 --- a/test/spki_dn.txt +++ b/examples/spki_dn.txt diff --git a/test/ssl/cli.rb b/examples/ssl/cli.rb index 82f26db..82f26db 100755 --- a/test/ssl/cli.rb +++ b/examples/ssl/cli.rb diff --git a/test/ssl/login.rb b/examples/ssl/login.rb index 0835ef0..0835ef0 100755 --- a/test/ssl/login.rb +++ b/examples/ssl/login.rb diff --git a/test/ssl/svr.rb b/examples/ssl/svr.rb index 0494342..0494342 100755 --- a/test/ssl/svr.rb +++ b/examples/ssl/svr.rb diff --git a/test/ssl/verify_cb.rb b/examples/ssl/verify_cb.rb index 3196973..3196973 100644 --- a/test/ssl/verify_cb.rb +++ b/examples/ssl/verify_cb.rb diff --git a/test/ssl/wget.rb b/examples/ssl/wget.rb index e71f55a..e71f55a 100755 --- a/test/ssl/wget.rb +++ b/examples/ssl/wget.rb diff --git a/test/ssl/wget2.rb b/examples/ssl/wget2.rb index e163b7b..4d6a36b 100644 --- a/test/ssl/wget2.rb +++ b/examples/ssl/wget2.rb @@ -1,4 +1,4 @@ -#!/usr/local/bin/ruby +#!/usr/bin/env ruby require 'net/https' require 'getopts' @@ -1,11 +1,17 @@ =begin -$Id$ -'OpenSSL for Ruby' project -Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> -All rights reserved. += $RCSfile$ -- Generator for Makefile -This program is licenced under the same licence as Ruby. -(See the file 'LICENCE'.) += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ =end require "mkmf" @@ -22,14 +28,22 @@ dir_config("openssl") have_func("strptime", "time.h") -if with_config("debug") or enable_config("debug") # '--enable-debug' or '--with-debug=yes' - $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG" - $CPPFLAGS += " " + "-Wall" unless $CPPFLAGS.split.include? "-Wall" +## +# Adds -Wall -DOSSL_DEBUG for compilation +# Use as --with-debug or --enable-debug +# +if with_config("debug") or enable_config("debug") + $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG" + $CPPFLAGS += " " + "-Wall" unless $CPPFLAGS.split.include? "-Wall" end -if have_header("openssl/ssl.h") - if have_library(CRYPTOLIB, nil) and have_library(SSLLIB, nil) #"SSLv23_method") - create_makefile("openssl") - end + +if have_header("openssl/crypto.h") and + have_library(CRYPTOLIB, nil) and + have_library(SSLLIB, nil) #"SSLv23_method") + create_makefile("openssl") + puts "Done." +else + puts "Makefile wasn't created." end diff --git a/lib/net/https.rb b/lib/net/https.rb index 8ea304b..c8bf329 100644 --- a/lib/net/https.rb +++ b/lib/net/https.rb @@ -1,16 +1,23 @@ =begin += $RCSfile$ -- SSL/TLS enhancement for Net::HTTP. -= https.rb -- SSL/TLS enhancement for Net::HTTP. - += Info + 'OpenSSL for Ruby 2' project Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) += Requirements This program requires Net 1.2.0 or higher version. You can get it from RAA or Ruby's CVS repository. - $IPR: https.rb,v 1.5 2001/07/15 22:24:05 gotoyuzo Exp $ - - 2001/11/06: Contiributed to Ruby/OpenSSL project. += Version $Id$ + + 2001/11/06: Contiributed to Ruby/OpenSSL project. == class Net::HTTP @@ -88,7 +95,6 @@ It can be replaced by follow one: : verify_depth=((|num|)) Sets the maximum depth for the certificate chain verification. - =end require 'net/protocols' diff --git a/lib/net/protocols.rb b/lib/net/protocols.rb index 72807e5..7cd634d 100644 --- a/lib/net/protocols.rb +++ b/lib/net/protocols.rb @@ -1,17 +1,23 @@ =begin += $RCSfile$ -- SSL/TLS enhancement for Net. -= protocols.rb -- SSL/TLS enhancement for Net. - += Info + 'OpenSSL for Ruby 2' project Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) += Requirements This program requires Net 1.2.0 or higher version. You can get it from RAA or Ruby's CVS repository. - $IPR: protocols.rb,v 1.1 2001/06/17 14:30:22 gotoyuzo Exp $ - - 2001/11/06: Contiributed to Ruby/OpenSSL project. += Version $Id$ - + + 2001/11/06: Contiributed to Ruby/OpenSSL project. =end require 'net/protocol' diff --git a/lib/net/telnets.rb b/lib/net/telnets.rb index d66815a..c7ecbd7 100644 --- a/lib/net/telnets.rb +++ b/lib/net/telnets.rb @@ -1,13 +1,19 @@ =begin += $RCSfile$ -- SSL/TLS enhancement for Net::Telnet. -= telnets.rb -- SSL/TLS enhancement for Net::Telnet. - += Info + 'OpenSSL for Ruby 2' project Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> + All rights reserved. - $IPR: telnets.rb,v 1.5 2001/09/13 16:42:50 gotoyuzo Exp $ += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) - 2001/11/06: Contiributed to Ruby/OpenSSL project. += Version $Id$ + + 2001/11/06: Contiributed to Ruby/OpenSSL project. == class Net::Telnet @@ -45,7 +51,6 @@ Michal Rokos's OpenSSL module. }) This class is expected to be a superset of usual Net::Telnet. - =end require "net/telnet" diff --git a/lib/openssl.rb b/lib/openssl.rb index d182220..c3d4212 100644 --- a/lib/openssl.rb +++ b/lib/openssl.rb @@ -1,323 +1,24 @@ -#!/usr/bin/env ruby +=begin += $RCSfile$ -- Loader for all OpenSSL C-space and Ruby-space definitions -require 'openssl.so' -require 'openssl/buffering' -require 'thread' - -module OpenSSL - module PKey -if defined? DSA - class DSA - def DSA::new(arg, pass=nil) - if arg.kind_of? Fixnum - DSA::generate(arg) {|p,n| - if block_given? then yield [p,n] end - } - else - DSA::new_from_pem(arg, pass) - end - end # DSA::new - # - # DSA::new_from_pem(PEM string, pass) is built-in - # DSA::new_from_fixnum(size) is an alias to DSA::generate(size) - # DSA::generate(size) is built-in; yields p,n - # - def sign(digest, data) - unless self.private? - raise OpenSSL::PKey::DSAError, "Cannot sign with public key!" - end - unless digest.kind_of? OpenSSL::Digest::ANY - raise TypeError, "digest alg needed! (got #{digest.class})" - end - self.sign_digest digest.update(data.to_s).digest - end # sign - - def verify(digest, signature, data) - unless digest.kind_of? OpenSSL::Digest::ANY - raise TypeError, "digest alg needed! (got #{digest.class})" - end - unless signature.class == String - raise TypeError, "Signature as String expected (got #{sign.class})" - end - self.verify_digest(digest.update(data.to_s).digest, signature) - end # verify - end # DSA -end #defined? DSA -if defined? RSA - class RSA - def RSA::new(arg, pass=nil) - if arg.kind_of? Fixnum - RSA::generate(arg) {|p,n| - if block_given? then yield [p,n] end - } - else - RSA::new_from_pem(arg, pass) - end - end # RSA::new - # - # RSA::new_from_pem(PEM string, pass) is built-in - # RSA::new_from_fixnum(size) is an alias to RSA::generate(size) - # RSA::generate(size) is built-in; yields p,n - # - def sign(digest, data) - unless self.private? - raise OpenSSL::PKey::RSAError, "Cannot sign with public key!" - end - unless digest.kind_of? OpenSSL::Digest::ANY - raise TypeError, "digest alg needed! (got #{digest.class})" - end - self.private_encrypt digest.update(data.to_s).digest - end # sign - - def verify(digest, signature, data) - unless digest.kind_of? OpenSSL::Digest::ANY - raise TypeError, "digest alg needed! (got #{digest.class})" - end - unless signature.class == String - raise TypeError, "Signature as String expected (got #{sign.class})" - end - md_s = self.public_decrypt signature - md_d = digest.update(data.to_s).digest - md_s == md_d - end # verify - end # RSA -end # defined? RSA -if defined? DH - class DH - def DH::new(arg, gen = 2) - if arg.kind_of? Fixnum - DH::generate(arg, gen) {|p,n| - if block_given? then yield [p,n] end - } - else - DH::new_from_pem(arg) - end - end # DH::new - # - # DH::new_from_pem(PEM string, pass) is built-in - # DH::new_from_fixnum(size, gen) is an alias to DH::generate(size, gen) - # DH::generate(size, gen) is built-in; yields p,n - # - end # DH -end # defined? DH - end # PKey - - module SSL - class SSLSocket - include Buffering - CallbackMutex = Mutex.new - - def connect - CallbackMutex.synchronize{ __connect } - end - - def accept - CallbackMutex.synchronize{ __accept } - end - end # SSLSocket - end # SSL - - module X509 - class Name - def Name::new(arg) - type = arg.class - while type - method = "new_from_#{type.name.downcase}".intern - return Name::send(method, arg) if Name::respond_to? method - type = type.superclass - end - raise TypeError, "Don't how to make new #{self} from #{arg.class}" - ###Name::send("new_from_#{arg.class.name.downcase}", arg) - end - # - # Name::new_from_hash(hash) is built-in method - # - def Name::new_from_string(str) # we're expecting string like "/A=B/C=D/E=F" - hash = Hash::new - key = val = nil # speed optim. - ary = str.split("/") - ary.shift # first item is "" - so skip it - ary.each {|item| - key, val = item.split("=") - hash[key] = val - } - Name::new_from_hash(hash) - ###ary.collect! {|item| item.split("=") } - ###Name::new_from_array(ary) - end - - def Name::new_from_array(ary) # [["A","B"],["C","D"],["E","F"]] - hash = Hash::new - ary.each {|key, val| - hash[key] = val - } - Name::new_from_hash(hash) - end - # - # to_h is built-in method - # - def to_s # "/A=B/C=D/E=F" - hash = self.to_h - str = "" - hash.keys.each do |key| - str += "/" + key + "=" + hash[key] - end - str - end - - def to_a # [["A","B"],["C","D"],["E","F"]] - self.to_h.to_a - end - end # Name - - class ExtensionFactory - def create_extension(*arg) - if arg.size == 1 then arg = arg[0] end - type = arg.class - while type - method = "create_ext_from_#{type.name.downcase}".intern - return send(method, arg) if respond_to? method - type = type.superclass - end - raise TypeError, "Don't how to create ext from #{arg.class}" - ###send("create_ext_from_#{arg.class.name.downcase}", arg) - end - # - # create_ext_from_array is built-in - # - def create_ext_from_string(str) # "oid = critical, value" - unless str =~ /\s*=\s*/ - raise ArgumentError, "string in format \"oid = value\" expected" - end - ary = [] - ary << $`.sub(/^\s*/,"") # delete whitespaces from the beginning - rest = $'.sub(/\s*$/,"") # delete them from the end - if rest =~ /^critical,\s*/ # handle 'critical' option - ary << $' - ary << true - else - ary << rest - end - create_ext_from_array(ary) - end - - def create_ext_from_hash(hash) # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} - unless (hash.has_key? "oid" and hash.has_key? "value") - raise ArgumentError, "hash in format {\"oid\"=>..., \"value\"=>...} expected" - end - ary = [] - ary << hash["oid"] - ary << hash["value"] - ary << hash["critical"] if hash.has_key? "critical" - create_ext_from_array(ary) - end - end # ExtensionFactory - - class Extension - # note: Extension.new is UNDEFed! - use ExtensionFactory.create_extension - # - # to_a is built-in - # - def to_s # "oid = critical, value" - ary = self.to_a - str = ary[0] + " = " - str += "critical, " if ary[2] == true - str += ary[1] - end - - def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} - ary = self.to_a - {"oid"=>ary[0],"value"=>ary[1],"critical"=>ary[2]} - end - - def oid - self.to_a[0] - end - - def value - self.to_a[1] - end - - def critical? - self.to_a[2] - end - end # Extension - - class Attribute - def Attribute::new(arg) - type = arg.class - while type - method = "new_from_#{type.name.downcase}".intern - return Attribute::send(method, arg) if Attribute::respond_to? method - type = type.superclass - end - raise "Don't how to make new #{self} from #{arg.class}" - ###Attribute::send("new_from_#{arg.class.name.downcase}", arg) - end - # - # Attribute::new_from_array(ary) is built-in method - # - def Attribute::new_from_string(str) # "oid = value" - unless str =~ /\s*=\s*/ - raise ArgumentError, "string in format \"oid = value\" expected" - end - ary = [] - ary << $`.sub(/^\s*/,"") # delete whitespaces from the beginning - ary << $'.sub(/\s*$/,"") # delete them from the end - Attribute::new_from_array(ary) - end += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. - def Attribute::new_from_hash(hash) # {"oid"=>"...", "value"=>"..."} - unless (hash.has_key? "oid" and hash.has_key? "value") - raise ArgumentError, "hash in format {\"oid\"=>..., \"value\"=>...} expected" - end - ary = [] - ary << hash["oid"] - ary << hash["value"] - Attribute::new_from_array(ary) - end - end # Attribute - end # X509 += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) - class BN - def initialize(arg=nil, type="dec") - return if arg.nil? - t = arg.class - while t - method = "from_#{t.name.downcase.split("::").last}".intern - return send(method, arg, type) if respond_to?(method, true) - t = t.superclass - end - raise "Don't how to init #{self.class.name} from #{arg.class}" - end += Version + $Id$ +=end - def from_bn(arg, dummy=nil) - copy(arg) - end - - def from_integer(arg, type="dec") - from_string(arg.to_s, type) - end - - def from_string(arg, type="dec") - send("from_s_#{type.downcase}", arg) - end - - private :from_bn, :from_integer, :from_string - - def to_s(type="dec") - send("to_s_#{type.downcase}") - end - - def to_i - self.to_s.to_i - end - end # BN -end # OpenSSL +require 'openssl.so' -class Integer - def to_bn - OpenSSL::BN::new(self) - end -end # Integer +require 'openssl/bn' +require 'openssl/digest' +require 'openssl/pkey' +require 'openssl/ssl' +require 'openssl/x509' diff --git a/lib/openssl/bn.rb b/lib/openssl/bn.rb new file mode 100644 index 0000000..f2ea761 --- /dev/null +++ b/lib/openssl/bn.rb @@ -0,0 +1,39 @@ +=begin += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for BN + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +## +# Should we care what if somebody require this file directly? +#require 'openssl' + +module OpenSSL + +class BN + def to_i + to_s.to_i + end +end # BN + +end # OpenSSL + +## +# Add double dispatch to Integer +# +class Integer + def to_bn + OpenSSL::BN::new(self) + end +end # Integer + diff --git a/lib/openssl/buffering.rb b/lib/openssl/buffering.rb index 5832025..a490772 100644 --- a/lib/openssl/buffering.rb +++ b/lib/openssl/buffering.rb @@ -1,11 +1,17 @@ =begin += $RCSfile$ -- Buffering mix-in module. -= buffering.rb -- Buffering mix-in module. - += Info + 'OpenSSL for Ruby 2' project Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> + All rights reserved. - $IPR: buffering.rb,v 1.13 2001/09/13 16:42:49 gotoyuzo Exp $ += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) += Version + $Id$ =end module Buffering diff --git a/lib/openssl/digest.rb b/lib/openssl/digest.rb new file mode 100644 index 0000000..2cfb8a7 --- /dev/null +++ b/lib/openssl/digest.rb @@ -0,0 +1,42 @@ +=begin += $RCSfile$ -- Ruby-space predefined Digest subclasses + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +## +# Should we care what if somebody require this file directly? +#require 'openssl' + +module OpenSSL +module Digest + +["DSS", "DSS1", "MD2", "MD4", "MD5", "MDC2", "RIPEMD160", "SHA", "SHA1"].each do |digest| + eval(<<-EOD) + class #{digest} < Digest + def initialize() + super(\"#{digest}\") + end + def #{digest}::digest(data) + super(\"#{digest}\", data) + end + def #{digest}::hexdigest(data) + super(\"#{digest}\", data) + end + end + EOD +end + +end # Digest +end # OpenSSL + diff --git a/lib/openssl/pkey.rb b/lib/openssl/pkey.rb new file mode 100644 index 0000000..f05878b --- /dev/null +++ b/lib/openssl/pkey.rb @@ -0,0 +1,123 @@ +=begin += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for PKey and subclasses + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +## +# Should we care what if somebody require this file directly? +#require 'openssl' + +module OpenSSL +module PKey + +if defined? DSA + class DSA + def DSA::new(arg, pass=nil) + if arg.kind_of? Fixnum + DSA::generate(arg) {|p,n| + if block_given? then yield [p,n] end + } + else + DSA::new_from_pem(arg, pass) + end + end # DSA::new + # + # DSA::new_from_pem(PEM string, pass) is built-in + # DSA::new_from_fixnum(size) is an alias to DSA::generate(size) + # DSA::generate(size) is built-in; yields p,n + # + def sign(digest, data) + unless private? + raise OpenSSL::PKey::DSAError, "Cannot sign with public key!" + end + unless digest.kind_of? OpenSSL::Digest::ANY + raise TypeError, "digest alg needed! (got #{digest.class})" + end + sign_digest digest.update(data.to_s).digest + end # sign + + def verify(digest, signature, data) + unless digest.kind_of? OpenSSL::Digest::ANY + raise TypeError, "digest alg needed! (got #{digest.class})" + end + unless signature.class == String + raise TypeError, "Signature as String expected (got #{sign.class})" + end + verify_digest(digest.update(data.to_s).digest, signature) + end # verify + end # DSA +end #defined? DSA + +if defined? RSA + class RSA + def RSA::new(arg, pass=nil) + if arg.kind_of? Fixnum + RSA::generate(arg) {|p,n| + if block_given? then yield [p,n] end + } + else + RSA::new_from_pem(arg, pass) + end + end # RSA::new + # + # RSA::new_from_pem(PEM string, pass) is built-in + # RSA::new_from_fixnum(size) is an alias to RSA::generate(size) + # RSA::generate(size) is built-in; yields p,n + # + def sign(digest, data) + unless self.private? + raise OpenSSL::PKey::RSAError, "Cannot sign with public key!" + end + unless digest.kind_of? OpenSSL::Digest::ANY + raise TypeError, "digest alg needed! (got #{digest.class})" + end + private_encrypt digest.update(data.to_s).digest + end # sign + + def verify(digest, signature, data) + unless digest.kind_of? OpenSSL::Digest::ANY + raise TypeError, "digest alg needed! (got #{digest.class})" + end + unless signature.class == String + raise TypeError, "Signature as String expected (got #{sign.class})" + end + md_s = self.public_decrypt signature + md_d = digest.update(data.to_s).digest + md_s == md_d + end # verify + end # RSA +end # defined? RSA + +if defined? DH + class DH + def DH::new(arg, gen = 2) + if arg.kind_of? Fixnum + DH::generate(arg, gen) {|p,n| + if block_given? then yield [p,n] end + } + else + DH::new_from_pem(arg) + end + end # DH::new + # + # DH::new_from_pem(PEM string, pass) is built-in + # DH::new_from_fixnum(size, gen) is an alias to DH::generate(size, gen) + # DH::generate(size, gen) is built-in; yields p,n + # + end # DH +end # defined? DH + +end # PKey +end # OpenSSL + diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb new file mode 100644 index 0000000..2ce8a67 --- /dev/null +++ b/lib/openssl/ssl.rb @@ -0,0 +1,42 @@ +=begin += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +## +# Should we care what if somebody require this file directly? +#require 'openssl' + +require 'openssl/buffering' +require 'thread' + +module OpenSSL +module SSL + +class SSLSocket + include Buffering + CallbackMutex = Mutex.new + + def connect + CallbackMutex.synchronize{ __connect } + end + + def accept + CallbackMutex.synchronize{ __accept } + end +end # SSLSocket + +end # SSL +end # OpenSSL + diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb new file mode 100644 index 0000000..f64774f --- /dev/null +++ b/lib/openssl/x509.rb @@ -0,0 +1,186 @@ +=begin += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +## +# Should we care what if somebody require this file directly? +#require 'openssl' + +module OpenSSL +module X509 + +class Name + def Name::new(arg) + type = arg.class + while type + method = "new_from_#{type.name.downcase}".intern + return Name::send(method, arg) if Name::respond_to? method + type = type.superclass + end + raise TypeError, "Don't how to make new #{self} from #{arg.class}" + ###Name::send("new_from_#{arg.class.name.downcase}", arg) + end + # + # Name::new_from_hash(hash) is built-in method + # + def Name::new_from_string(str) # we're expecting string like "/A=B/C=D/E=F" + hash = Hash::new + key = val = nil # speed optim. + ary = str.split("/") + ary.shift # first item is "" - so skip it + ary.each {|item| + key, val = item.split("=") + hash[key] = val + } + Name::new_from_hash(hash) + ###ary.collect! {|item| item.split("=") } + ###Name::new_from_array(ary) + end + + def Name::new_from_array(ary) # [["A","B"],["C","D"],["E","F"]] + hash = Hash::new + ary.each {|key, val| + hash[key] = val + } + Name::new_from_hash(hash) + end + # + # to_h is built-in method + # + def to_s # "/A=B/C=D/E=F" + hash = self.to_h + str = "" + hash.keys.each do |key| + str += "/" + key + "=" + hash[key] + end + str + end + + def to_a # [["A","B"],["C","D"],["E","F"]] + to_h.to_a + end +end # Name + +class ExtensionFactory + def create_extension(*arg) + if arg.size == 1 then arg = arg[0] end + type = arg.class + while type + method = "create_ext_from_#{type.name.downcase}".intern + return send(method, arg) if respond_to? method + type = type.superclass + end + raise TypeError, "Don't how to create ext from #{arg.class}" + ###send("create_ext_from_#{arg.class.name.downcase}", arg) + end + # + # create_ext_from_array is built-in + # + def create_ext_from_string(str) # "oid = critical, value" + unless str =~ /\s*=\s*/ + raise ArgumentError, "string in format \"oid = value\" expected" + end + ary = [] + ary << $`.sub(/^\s*/,"") # delete whitespaces from the beginning + rest = $'.sub(/\s*$/,"") # delete them from the end + if rest =~ /^critical,\s*/ # handle 'critical' option + ary << $' + ary << true + else + ary << rest + end + create_ext_from_array(ary) + end + + def create_ext_from_hash(hash) # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} + unless (hash.has_key? "oid" and hash.has_key? "value") + raise ArgumentError, "hash in format {\"oid\"=>..., \"value\"=>...} expected" + end + ary = [] + ary << hash["oid"] + ary << hash["value"] + ary << hash["critical"] if hash.has_key? "critical" + create_ext_from_array(ary) + end +end # ExtensionFactory + +class Extension + # note: Extension.new is UNDEFed! - use ExtensionFactory.create_extension + # + # to_a is built-in + # + def to_s # "oid = critical, value" + ary = self.to_a + str = ary[0] + " = " + str += "critical, " if ary[2] == true + str += ary[1] + end + + def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} + ary = self.to_a + {"oid"=>ary[0],"value"=>ary[1],"critical"=>ary[2]} + end + + def oid + self.to_a[0] + end + + def value + self.to_a[1] + end + + def critical? + self.to_a[2] + end +end # Extension + +class Attribute + def Attribute::new(arg) + type = arg.class + while type + method = "new_from_#{type.name.downcase}".intern + return Attribute::send(method, arg) if Attribute::respond_to? method + type = type.superclass + end + raise "Don't how to make new #{self} from #{arg.class}" + ###Attribute::send("new_from_#{arg.class.name.downcase}", arg) + end + # + # Attribute::new_from_array(ary) is built-in method + # + def Attribute::new_from_string(str) # "oid = value" + unless str =~ /\s*=\s*/ + raise ArgumentError, "string in format \"oid = value\" expected" + end + ary = [] + ary << $`.sub(/^\s*/,"") # delete whitespaces from the beginning + ary << $'.sub(/\s*$/,"") # delete them from the end + Attribute::new_from_array(ary) + end + + def Attribute::new_from_hash(hash) # {"oid"=>"...", "value"=>"..."} + unless (hash.has_key? "oid" and hash.has_key? "value") + raise ArgumentError, "hash in format {\"oid\"=>..., \"value\"=>...} expected" + end + ary = [] + ary << hash["oid"] + ary << hash["value"] + Attribute::new_from_array(ary) + end +end # Attribute + +end # X509 +end # OpenSSL + diff --git a/lib/ssl.rb b/lib/ssl.rb deleted file mode 100644 index 6da79a7..0000000 --- a/lib/ssl.rb +++ /dev/null @@ -1,110 +0,0 @@ -=begin - - ssl.rb -- to support migrations from SSLSocket. - - Copyright (C) 2001-2002 GOTOU Yuuzou <gotoyuzo@notowrk.org> - - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -=end - -require 'openssl' - -$stderr.puts "Warning: `ssl.rb' is obsolete. please use `openssl.rb'" - -module SSL - include OpenSSL::SSL - VERSION = ::OpenSSL::VERSION - OPENSSL_VERSION = ::OpenSSL::OPENSSL_VERSION - - X509_STORE_CTX = ::OpenSSL::X509::Store - class X509_STORE_CTX - alias error_message verify_message - alias error verify_status - alias current_cert cert - alias error_depth verify_depth - end - - X509 = ::OpenSSL::X509::Certificate - class X509 - alias serialNumber serial - alias inspect to_pem - def notBefore; not_before.to_s; end - def notAfter; not_after.to_s; end - - def sigAlgor - # sorry, not support on Ruby/OpenSSL - "" - end - - def key_type - case public_key - when ::OpenSSL::PKey::RSA - "rsaEncryption" - when ::OpenSSL::PKey::DSA - "dsaEncryption" - else - "unknown" - end - end - - alias __initialize initialize - def initialize(arg) - if arg.is_a?(String) - arg = open(arg){|io| io.read } - end - __initialize(arg) - end - - alias __verify verify - def verify(arg) - case arg - when String; arg = type.new(arg).public_key - when type; arg = arg.public_key - end - __verify arg - end - - def extension - extensions.collect{|ext| ext.to_a } - end - - %w( UNABLE_TO_GET_ISSUER_CERT - UNABLE_TO_GET_CRL - UNABLE_TO_DECRYPT_CERT_SIGNATURE - UNABLE_TO_DECRYPT_CRL_SIGNATURE - UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY - CERT_SIGNATURE_FAILURE - CRL_SIGNATURE_FAILURE - CERT_NOT_YET_VALID - CERT_HAS_EXPIRED - CRL_NOT_YET_VALID - CRL_HAS_EXPIRED - ERROR_IN_CERT_NOT_BEFORE_FIELD - ERROR_IN_CERT_NOT_AFTER_FIELD - ERROR_IN_CRL_LAST_UPDATE_FIELD - ERROR_IN_CRL_NEXT_UPDATE_FIELD - OUT_OF_MEM - DEPTH_ZERO_SELF_SIGNED_CERT - SELF_SIGNED_CERT_IN_CHAIN - UNABLE_TO_GET_ISSUER_CERT_LOCALLY - UNABLE_TO_VERIFY_LEAF_SIGNATURE - CERT_CHAIN_TOO_LONG - CERT_REVOKED - INVALID_CA - PATH_LENGTH_EXCEEDED - INVALID_PURPOSE - CERT_UNTRUSTED - CERT_REJECTED - SUBJECT_ISSUER_MISMATCH - AKID_SKID_MISMATCH - AKID_ISSUER_SERIAL_MISMATCH - KEYUSAGE_NO_CERTSIGN - APPLICATION_VERIFICATION - ).each{|name| - eval("#{name} = ::OpenSSL::X509::Store::#{name}") - } - end - -end diff --git a/openssl_missing.c b/openssl_missing.c index 4ab85aa..4aeef13 100644 --- a/openssl_missing.c +++ b/openssl_missing.c @@ -8,7 +8,7 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(NO_HMAC) && !defined(OPENSSL_NO_HMAC) +#if !defined(OPENSSL_NO_HMAC) #include <string.h> #include <openssl/hmac.h> diff --git a/openssl_missing.h b/openssl_missing.h index 56f1667..e2af05f 100644 --- a/openssl_missing.h +++ b/openssl_missing.h @@ -8,10 +8,10 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#ifndef _OPENSSL_MISSING_H_ -#define _OPENSSL_MISSING_H_ +#if !defined(_OSSL_OPENSSL_MISSING_H_) +#define _OSSL_OPENSSL_MISSING_H_ -#ifdef __cplusplus +#if defined(__cplusplus) extern "C" { #endif @@ -20,23 +20,24 @@ extern "C" { */ /* to pem.h */ -#if !(NO_DSA) && !(OPENSSL_NO_DSA) -#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ +#if !defined(OPENSSL_NO_DSA) +# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ (char *(*)())d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,(char **)x,cb,u) -#define PEM_write_bio_DSAPublicKey(bp,x) \ +# define PEM_write_bio_DSAPublicKey(bp,x) \ PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\ PEM_STRING_DSA_PUBLIC,\ bp,(char *)x, NULL, NULL, 0, NULL, NULL) #endif /* NO_DSA */ /* to x509.h */ -#if !(NO_DSA) && !(OPENSSL_NO_DSA) -#define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \ +#if !defined(OPENSSL_NO_DSA) +# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \ (char *(*)())d2i_DSAPrivateKey,(char *)dsa) -#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \ +# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \ (char *(*)())d2i_DSAPublicKey,(char *)dsa) #endif /* NO_DSA */ -#define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \ + +# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \ (char *(*)())d2i_X509_REVOKED, (char *)rev) /* to pkcs7.h */ @@ -46,13 +47,13 @@ extern "C" { (char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri) /* to hmac.[ch] */ -#if !defined(NO_HMAC) && !defined(OPENSSL_NO_HMAC) +#if !defined(OPENSSL_NO_HMAC) int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); #endif /* NO_HMAC */ -#ifdef __cplusplus +#if defined(__cplusplus) } #endif -#endif /*_OPENSSL_MISSING_H_*/ +#endif /* _OSSL_OPENSSL_MISSING_H_ */ @@ -16,14 +16,13 @@ #endif #include "ossl.h" + /* * On Windows platform there is no strptime function * implementation in strptime.c */ -#ifndef HAVE_STRPTIME +#if !defined(HAVE_STRPTIME) # include "./missing/strptime.c" -#else -# include <time.h> #endif /* @@ -74,7 +73,7 @@ asn1time_to_time(ASN1_UTCTIME *time) } /* - * This function is not exported to ruby.h + * This function is not exported in Ruby's *.h */ extern struct timeval rb_time_timeval(VALUE time); @@ -92,14 +91,17 @@ time_to_time_t(VALUE time) * Modules */ VALUE mOSSL; -VALUE mX509; -VALUE mDigest; -VALUE mCipher; -VALUE mPKey; -VALUE mNetscape; -VALUE mSSL; -VALUE mPKCS7; -VALUE mRandom; +VALUE mDigest; +VALUE mNetscape; +VALUE mPKCS7; +VALUE mPKey; +VALUE mRandom; +VALUE mSSL; + +/* + * OpenSSLError < StandardError + */ +VALUE eOSSLError; /* * OSSL library init @@ -121,42 +123,38 @@ Init_openssl() * Universe of Modules */ mOSSL = rb_define_module("OpenSSL"); - mX509 = rb_define_module_under(mOSSL, "X509"); - mDigest = rb_define_module_under(mOSSL, "Digest"); - mPKey = rb_define_module_under(mOSSL, "PKey"); mNetscape = rb_define_module_under(mOSSL, "Netscape"); - mCipher = rb_define_module_under(mOSSL, "Cipher"); - mSSL = rb_define_module_under(mOSSL, "SSL"); mPKCS7 = rb_define_module_under(mOSSL, "PKCS7"); + mPKey = rb_define_module_under(mOSSL, "PKey"); mRandom = rb_define_module_under(mOSSL, "Random"); + mSSL = rb_define_module_under(mOSSL, "SSL"); /* * Constants */ rb_define_const(mOSSL, "VERSION", rb_str_new2(OSSL_VERSION)); rb_define_const(mOSSL, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT)); + + /* + * Generic error, + * common for all classes under OpenSSL module + */ + eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); /* - * Components + * Init components */ + Init_ossl_bn(); + Init_ossl_cipher(); Init_ossl_config(mOSSL); - Init_ossl_x509(mX509); - Init_ossl_x509name(mX509); - Init_ossl_x509revoked(mX509); - Init_ossl_x509crl(mX509); - Init_ossl_x509store(mX509); - Init_ossl_digest(mDigest); - Init_ossl_x509req(mX509); - Init_ossl_x509ext(mX509); - Init_ossl_x509attr(mX509); - Init_ossl_spki(mNetscape); - Init_ossl_cipher(mCipher); - Init_ossl_rand(mRandom); + Init_ossl_digest(); + Init_ossl_hmac(mOSSL); + Init_ossl_pkcs7(mPKCS7); Init_ossl_pkey(mPKey); - Init_ssl(mSSL); - Init_pkcs7(mPKCS7); - Init_hmac(mOSSL); - Init_bn(mOSSL); + Init_ossl_rand(mRandom); + Init_ossl_spki(mNetscape); + Init_ossl_ssl(mSSL); + Init_ossl_x509(); } #if defined(OSSL_DEBUG) @@ -8,10 +8,10 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#ifndef _OSSL_H_ +#if !defined(_OSSL_H_) #define _OSSL_H_ -#ifdef __cplusplus +#if defined(__cplusplus) extern "C" { #endif @@ -25,13 +25,11 @@ extern "C" { #include <openssl/ssl.h> #include <openssl/hmac.h> #include <openssl/rand.h> +#include <openssl/bn_lcl.h> #if defined(NT) # undef OpenFile #endif -#include "openssl_missing.h" -#include "ossl_version.h" - /* * OpenSSL has defined RFILE and Ruby has defined RFILE - so undef it! */ @@ -41,51 +39,41 @@ extern "C" { #include <ruby.h> /* - * Modules + * Check the Ruby version and OpenSSL + * The only supported are: + * Ruby >= 1.7 + * OpenSSL >= 0.9.7 + */ +#include <version.h> +#include <openssl/opensslv.h> + +#if (OPENSSL_VERSION_NUMBER < 0x00907000L) && (RUBY_VERSION_CODE < 172) +# error ! OSSL2 needs Ruby >= 1.7.2 and OpenSSL >= 0.9.7 its run. +#endif + +/* + * Common Module */ extern VALUE mOSSL; -extern VALUE mX509; -extern VALUE mDigest; -extern VALUE mPKey; -extern VALUE mNetscape; -extern VALUE mCipher; -extern VALUE mSSL; -extern VALUE mPKCS7; -extern VALUE mRandom; +extern VALUE mNetscape; +extern VALUE mPKCS7; +extern VALUE mPKey; +extern VALUE mRandom; +extern VALUE mSSL; + +/* + * Common Error Class + */ +VALUE eOSSLError; /* * Classes */ -extern VALUE cX509Certificate; -extern VALUE eX509CertificateError; -extern VALUE cX509Attribute; -extern VALUE eX509AttributeError; -extern VALUE cX509CRL; -extern VALUE eX509CRLError; -extern VALUE cX509Extension; -extern VALUE cX509ExtensionFactory; -extern VALUE eX509ExtensionError; -extern VALUE cX509Name; -extern VALUE eX509NameError; -extern VALUE cX509Request; -extern VALUE eX509RequestError; -extern VALUE cX509Revoked; -extern VALUE eX509RevokedError; -extern VALUE cX509Store; -extern VALUE eX509StoreError; extern VALUE cSPKI; extern VALUE eSPKIError; extern VALUE eRandomError; extern VALUE cSSLSocket; extern VALUE eSSLError; -/* Cipher */ -extern VALUE cCipher; -extern VALUE eCipherError; -extern VALUE cDES, cRC4, cIdea, cRC2, cBlowFish, cCast5, cRC5, cAES; -/* Digest */ -extern VALUE cDigest; -extern VALUE eDigestError; -extern VALUE cMD2, cMD4, cMD5, cMDC2, cRIPEMD160, cSHA, cSHA1, cDSS, cDSS1; /* PKey */ extern ID id_private_q; extern VALUE cPKey; @@ -106,9 +94,6 @@ extern VALUE eHMACError; /* Conf */ extern VALUE cConfig; extern VALUE eConfigError; -/* BN */ -extern VALUE cBN; -extern VALUE eBNError; /* * CheckTypes @@ -116,8 +101,8 @@ extern VALUE eBNError; #define OSSL_Check_Kind(obj, klass) ossl_check_kind(obj, klass) void ossl_check_kind(VALUE, VALUE); #define OSSL_Check_Instance(obj, klass) ossl_check_instance(obj, klass) +#define OSSL_Check_Type(obj, klass) OSSL_Check_Instance(obj, klass) void ossl_check_instance(VALUE, VALUE); -#define OSSL_Check_Type OSSL_Check_Kind /* COMPAT */ /* * DATE conversion @@ -141,14 +126,14 @@ time_t time_to_time_t(VALUE); # define OSSL_Warning(text) \ rb_warning("%s%s [in '%s', ('%s':%d)]", \ text, OSSL_ErrMsg(), __func__, __FILE__, __LINE__) -#else /*OSSL_DEBUG*/ +#else /* OSSL_DEBUG */ # define OSSL_Raise(klass,text) \ rb_raise(klass, "%s%s", text, OSSL_ErrMsg()) # define OSSL_Warn(text) \ rb_warn("%s%s", text, OSSL_ErrMsg()) # define OSSL_Warning(text) \ rb_warning("%s%s", text, OSSL_ErrMsg()) -#endif /*OSSL_DEBUG*/ +#endif /* OSSL_DEBUG */ /* * Config @@ -156,81 +141,11 @@ time_t time_to_time_t(VALUE); void Init_ossl_config(VALUE); /* - * Digest - */ -int ossl_digest_get_NID(VALUE); -const EVP_MD *ossl_digest_get_EVP_MD(VALUE); -void Init_ossl_digest(VALUE); - -/* - * X509 - */ -VALUE ossl_x509_new(X509 *); -VALUE ossl_x509_new_from_file(VALUE); -X509 *ossl_x509_get_X509(VALUE); -void Init_ossl_x509(VALUE); - -/* - * X509CRL - */ -X509_CRL *ossl_x509crl_get_X509_CRL(VALUE); -void Init_ossl_x509crl(VALUE); - -/* - * X509Name - */ -VALUE ossl_x509name_new(X509_NAME *); -X509_NAME *ossl_x509name_get_X509_NAME(VALUE); -void Init_ossl_x509name(VALUE); - -/* - * X509Request - */ -VALUE ossl_x509req_new(X509_REQ *); -X509_REQ *ossl_x509req_get_X509_REQ(VALUE); -void Init_ossl_x509req(VALUE); - -/* - * X509Revoked - */ -VALUE ossl_x509revoked_new(X509_REVOKED *); -X509_REVOKED *ossl_x509revoked_get_X509_REVOKED(VALUE); -void Init_ossl_x509revoked(VALUE); - -/* - * X509Store - */ -VALUE ossl_x509store_new(X509_STORE_CTX *); -X509_STORE *ossl_x509store_get_X509_STORE(VALUE); -void Init_ossl_x509store(VALUE); - -/* - * X509Extension - */ -VALUE ossl_x509ext_new(X509_EXTENSION *); -X509_EXTENSION *ossl_x509ext_get_X509_EXTENSION(VALUE); -void Init_ossl_x509ext(VALUE); - -/* - * X509Attribute - */ -VALUE ossl_x509attr_new(X509_ATTRIBUTE *); -X509_ATTRIBUTE *ossl_x509attr_get_X509_ATTRIBUTE(VALUE); -void Init_ossl_x509attr(VALUE); - -/* * Netscape SPKI */ void Init_ossl_spki(VALUE); /* - * Ciphers - */ -int ossl_cipher_get_NID(VALUE); -const EVP_CIPHER *ossl_cipher_get_EVP_CIPHER(VALUE); -void Init_ossl_cipher(VALUE); - -/* * RAND - module methods only */ void Init_ossl_rand(VALUE); @@ -246,7 +161,7 @@ void Init_ossl_pkey(VALUE); /* * RSA */ -#if !defined(NO_RSA) && !defined(OPENSSL_NO_RSA) +#if !defined(OPENSSL_NO_RSA) VALUE ossl_rsa_new(RSA *); RSA *ossl_rsa_get_RSA(VALUE); EVP_PKEY *ossl_rsa_get_EVP_PKEY(VALUE); @@ -256,7 +171,7 @@ void Init_ossl_rsa(VALUE, VALUE, VALUE); /* * DSA */ -#if !defined(NO_DSA) && !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_DSA) VALUE ossl_dsa_new(DSA *); DSA *ossl_dsa_get_DSA(VALUE); EVP_PKEY *ossl_dsa_get_EVP_PKEY(VALUE); @@ -266,7 +181,7 @@ void Init_ossl_dsa(VALUE, VALUE, VALUE); /* * DH */ -#if !defined(NO_DH) && !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_DH) VALUE ossl_dh_new(DH *); DH *ossl_dh_get_DH(VALUE); EVP_PKEY *ossl_dh_get_EVP_PKEY(VALUE); @@ -276,30 +191,30 @@ void Init_ossl_dh(VALUE, VALUE, VALUE); /* * SSL */ -void Init_ssl(VALUE); +void Init_ossl_ssl(VALUE); /* * PKCS7 */ VALUE ossl_pkcs7si_new(PKCS7_SIGNER_INFO *); PKCS7_SIGNER_INFO *ossl_pkcs7si_get_PKCS7_SIGNER_INFO(VALUE); -void Init_pkcs7(VALUE); +void Init_ossl_pkcs7(VALUE); /* * HMAC */ -void Init_hmac(VALUE); +void Init_ossl_hmac(VALUE); -/* - * BN - */ -VALUE ossl_bn_new(BIGNUM *); -BIGNUM *ossl_bn_get_BIGNUM(VALUE); -void Init_bn(VALUE); +#include "openssl_missing.h" +#include "ossl_bn.h" +#include "ossl_cipher.h" +#include "ossl_digest.h" +#include "ossl_version.h" +#include "ossl_x509.h" -#ifdef __cplusplus +#if defined(__cplusplus) } #endif -#endif /*_OSSL_H_*/ +#endif /* _OSSL_H_ */ @@ -11,8 +11,19 @@ /* modified by Michal Rokos <m.rokos@sh.cvut.cz> */ #include "ossl.h" -#define WrapBN(obj, bn) obj = Data_Wrap_Struct(cBN, 0, BN_clear_free, bn) -#define GetBN(obj, bn) Data_Get_Struct(obj, BIGNUM, bn) +#define WrapBN OSSLWrapBN +#define GetBN(obj, bn) do { \ + Data_Get_Struct(obj, BIGNUM, bn); \ + if (!bn) { \ + rb_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ + } \ +} while (0) + +/* + * BN_CTX - is used in more difficult math. ops + * (Why just 1? Because Ruby itself isn't thread safe, we don't need to care about threads) + */ +static BN_CTX *ossl_bn_ctx; /* * Classes @@ -29,15 +40,16 @@ ossl_bn_new(BIGNUM *bn) BIGNUM *new = NULL; VALUE obj; - if (!bn) + if (!bn) { new = BN_new(); - else new = BN_dup(bn); + } else { + new = BN_dup(bn); + } - if (!new) + if (!new) { OSSL_Raise(eBNError, ""); - + } WrapBN(obj, new); - return obj; } @@ -46,9 +58,7 @@ ossl_bn_get_BIGNUM(VALUE obj) { BIGNUM *bn = NULL, *new; - OSSL_Check_Type(obj, cBN); - - GetBN(obj, bn); + OSSLGetBN(obj, bn); if (!(new = BN_dup(bn))) { OSSL_Raise(eBNError, ""); @@ -60,124 +70,124 @@ ossl_bn_get_BIGNUM(VALUE obj) * Private */ static VALUE -ossl_bn_s_new(int argc, VALUE *argv, VALUE klass) +ossl_bn_s_allocate(VALUE klass) { - VALUE obj; - - obj = ossl_bn_new(NULL); - - rb_obj_call_init(obj, argc, argv); - - return obj; + return ossl_bn_new(NULL); } -#define BIGNUM_FROM_S(func) \ - static VALUE \ - ossl_bn_from_s_##func(VALUE self, VALUE str) \ - { \ - BIGNUM *bn = NULL; \ - \ - str = rb_String(str); \ - \ - GetBN(self, bn); \ - \ - if (!BN_##func##2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { \ - OSSL_Raise(eBNError, ""); \ - } \ - return self; \ - } -BIGNUM_FROM_S(bin); -BIGNUM_FROM_S(mpi); - -#define BIGNUM_FROM_S2(func) \ - static VALUE \ - ossl_bn_from_s_##func(VALUE self, VALUE str) \ - { \ - BIGNUM *bn = NULL; \ - \ - str = rb_String(str); \ - \ - GetBN(self, bn); \ - \ - if (!BN_##func##2bn(&bn, RSTRING(str)->ptr)) { \ - OSSL_Raise(eBNError, ""); \ - } \ - return self; \ - } -BIGNUM_FROM_S2(dec); -BIGNUM_FROM_S2(hex); - static VALUE -ossl_bn_to_s_bin(VALUE self) +ossl_bn_initialize(int argc, VALUE *argv, VALUE self) { BIGNUM *bn = NULL; - char *buf = NULL; - int len; - VALUE str; + VALUE str, bs; + int base = 10; GetBN(self, bn); - - len = BN_num_bytes(bn); - if (!(buf = OPENSSL_malloc(len))) { - OSSL_Raise(eBNError, "Cannot allocate mem for BN"); - } - if (BN_bn2bin(bn, buf) != len) { - OPENSSL_free(buf); - OSSL_Raise(eBNError, ""); + + rb_call_super(0, 0); + + if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) { + base = NUM2INT(bs); } - - str = rb_str_new(buf, len); - OPENSSL_free(buf); - return str; + if (rb_obj_is_instance_of(str, cBN)) { + BIGNUM *other; + + GetBN(str, other); + if (!BN_copy(bn, other)) { + OSSL_Raise(eBNError, ""); + } + } else { + str = rb_String(str); + + switch (base) { + /* + * MPI: + if (!BN_mpi2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { + OSSL_Raise(eBNError, ""); + } + break; + case 2: + if (!BN_bin2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { + OSSL_Raise(eBNError, ""); + } + break; + */ + case 10: + if (!BN_dec2bn(&bn, StringValuePtr(str))) { + OSSL_Raise(eBNError, ""); + } + break; + case 16: + if (!BN_hex2bn(&bn, StringValuePtr(str))) { + OSSL_Raise(eBNError, ""); + } + break; + default: + rb_raise(rb_eArgError, "illegal radix %d", base); + } + } + return self; } static VALUE -ossl_bn_to_s_mpi(VALUE self) +ossl_bn_to_s(int argc, VALUE *argv, VALUE self) { BIGNUM *bn = NULL; + VALUE str, bs; + int base = 10; char *buf = NULL; - int len; - VALUE str; GetBN(self, bn); - len = BN_bn2mpi(bn, NULL); - if (!(buf = OPENSSL_malloc(len))) { - OSSL_Raise(eBNError, "Cannot allocate mem for BN"); - } - if (BN_bn2mpi(bn, buf) != len) { - OPENSSL_free(buf); - OSSL_Raise(eBNError, ""); + if (rb_scan_args(argc, argv, "01", &bs) == 1) { + base = NUM2INT(bs); } - str = rb_str_new(buf, len); + switch (base) { + /* + * MPI: { + int len = BN_bn2mpi(bn, NULL); + if (!(buf = OPENSSL_malloc(len))) { + OSSL_Raise(eBNError, "Cannot allocate mem for BN"); + } + if (BN_bn2mpi(bn, buf) != len) { + OPENSSL_free(buf); + OSSL_Raise(eBNError, ""); + } + } + case 2: { + int len = BN_num_bytes(bn); + if (!(buf = OPENSSL_malloc(len))) { + OSSL_Raise(eBNError, "Cannot allocate mem for BN"); + } + if (BN_bn2bin(bn, buf) != len) { + OPENSSL_free(buf); + OSSL_Raise(eBNError, ""); + } + buf[len-1] = '\0'; + } + break; + */ + case 10: + if (!(buf = BN_bn2dec(bn))) { + OSSL_Raise(eBNError, ""); + } + break; + case 16: + if (!(buf = BN_bn2hex(bn))) { + OSSL_Raise(eBNError, ""); + } + break; + default: + rb_raise(rb_eArgError, "illegal radix %d", base); + } + str = rb_str_new2(buf); OPENSSL_free(buf); - + return str; } -#define BIGNUM_TO_S(func) \ - static VALUE \ - ossl_bn_to_s_##func(VALUE self) \ - { \ - BIGNUM *bn = NULL; \ - char *txt = NULL; \ - VALUE str; \ - \ - GetBN(self, bn); \ - \ - if (!(txt = BN_bn2##func(bn))) { \ - OSSL_Raise(eBNError, ""); \ - } \ - str = rb_str_new2(txt); \ - OPENSSL_free(txt); \ - \ - return str; \ - } -BIGNUM_TO_S(dec); -BIGNUM_TO_S(hex); - #define BIGNUM_BOOL1(func) \ static VALUE \ ossl_bn_##func(VALUE self) \ @@ -186,9 +196,9 @@ BIGNUM_TO_S(hex); \ GetBN(self, bn); \ \ - if (BN_##func(bn) == 1) \ + if (BN_##func(bn) == 1) { \ return Qtrue; \ - \ + } \ return Qfalse; \ } BIGNUM_BOOL1(is_zero); @@ -201,7 +211,6 @@ BIGNUM_BOOL1(is_odd); { \ BIGNUM *bn = NULL; \ BIGNUM *result = NULL; \ - BN_CTX ctx; \ VALUE obj; \ \ GetBN(self, bn); \ @@ -209,12 +218,10 @@ BIGNUM_BOOL1(is_odd); if (!(result = BN_new())) { \ OSSL_Raise(eBNError, ""); \ } \ - BN_CTX_init(&ctx); \ - if (BN_##func(result, bn, &ctx) != 1) { \ + if (BN_##func(result, bn, ossl_bn_ctx) != 1) { \ BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - \ WrapBN(obj, result); \ \ return obj; \ @@ -231,8 +238,7 @@ BIGNUM_1c(sqr); \ GetBN(self, bn1); \ \ - OSSL_Check_Type(other, cBN); \ - GetBN(other, bn2); \ + OSSLGetBN(other, bn2); \ \ if (!(result = BN_new())) { \ OSSL_Raise(eBNError, ""); \ @@ -241,7 +247,6 @@ BIGNUM_1c(sqr); BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - \ WrapBN(obj, result); \ \ return obj; \ @@ -255,23 +260,19 @@ BIGNUM_2(sub); { \ BIGNUM *bn1 = NULL, *bn2 = NULL; \ BIGNUM *result = NULL; \ - BN_CTX ctx; \ VALUE obj; \ \ GetBN(self, bn1); \ \ - OSSL_Check_Type(other, cBN); \ - GetBN(other, bn2); \ + OSSLGetBN(other, bn2); \ \ if (!(result = BN_new())) { \ OSSL_Raise(eBNError, ""); \ } \ - BN_CTX_init(&ctx); \ - if (BN_##func(result, bn1, bn2, &ctx) != 1) { \ + if (BN_##func(result, bn1, bn2, ossl_bn_ctx) != 1) { \ BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - \ WrapBN(obj, result); \ \ return obj; \ @@ -280,19 +281,18 @@ BIGNUM_2c(mul); BIGNUM_2c(mod); BIGNUM_2c(exp); BIGNUM_2c(gcd); +BIGNUM_2c(mod_sqr); static VALUE ossl_bn_div(VALUE self, VALUE other) { BIGNUM *bn1 = NULL, *bn2 = NULL; BIGNUM *r1 = NULL, *r2 = NULL; - BN_CTX ctx; VALUE obj1, obj2; GetBN(self, bn1); - OSSL_Check_Type(other, cBN); - GetBN(other, bn2); + OSSLGetBN(other, bn2); if (!(r1 = BN_new())) { OSSL_Raise(eBNError, ""); @@ -302,13 +302,11 @@ ossl_bn_div(VALUE self, VALUE other) OSSL_Raise(eBNError, ""); } - BN_CTX_init(&ctx); - if (BN_div(r1, r2, bn1, bn2, &ctx) != 1) { + if (BN_div(r1, r2, bn1, bn2, ossl_bn_ctx) != 1) { BN_free(r1); BN_free(r2); OSSL_Raise(eBNError, ""); } - WrapBN(obj1, r1); WrapBN(obj2, r2); @@ -320,23 +318,19 @@ ossl_bn_mod_inverse(VALUE self, VALUE other) { BIGNUM *bn1 = NULL, *bn2 = NULL; BIGNUM *result = NULL; - BN_CTX ctx; VALUE obj; GetBN(self, bn1); - OSSL_Check_Type(other, cBN); - GetBN(other, bn2); + OSSLGetBN(other, bn2); if (!(result = BN_new())) { OSSL_Raise(eBNError, ""); } - BN_CTX_init(&ctx); - if (!BN_mod_inverse(result, bn1, bn2, &ctx)) { + if (!BN_mod_inverse(result, bn1, bn2, ossl_bn_ctx)) { BN_free(result); OSSL_Raise(eBNError, ""); } - WrapBN(obj, result); return obj; @@ -348,33 +342,30 @@ ossl_bn_mod_inverse(VALUE self, VALUE other) { \ BIGNUM *bn1 = NULL, *bn2 = NULL, *bn3 = NULL; \ BIGNUM *result = NULL; \ - BN_CTX ctx; \ VALUE obj; \ \ GetBN(self, bn1); \ \ - OSSL_Check_Type(other1, cBN); \ - OSSL_Check_Type(other2, cBN); \ - GetBN(other1, bn2); \ - GetBN(other2, bn3); \ + OSSLGetBN(other1, bn2); \ + OSSLGetBN(other2, bn3); \ \ if (!(result = BN_new())) { \ OSSL_Raise(eBNError, ""); \ } \ - BN_CTX_init(&ctx); \ - if (BN_##func(result, bn1, bn2, bn3, &ctx) != 1) { \ + if (BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx) != 1) { \ BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - \ WrapBN(obj, result); \ \ return obj; \ } +BIGNUM_3c(mod_add); +BIGNUM_3c(mod_sub); BIGNUM_3c(mod_mul); BIGNUM_3c(mod_exp); -#define BIGNUM_BIT_SETCLEAR(func) \ +#define BIGNUM_BIT(func) \ static VALUE \ ossl_bn_##func(VALUE self, VALUE bit) \ { \ @@ -387,8 +378,9 @@ BIGNUM_3c(mod_exp); } \ return self; \ } -BIGNUM_BIT_SETCLEAR(set_bit); -BIGNUM_BIT_SETCLEAR(clear_bit); +BIGNUM_BIT(set_bit); +BIGNUM_BIT(clear_bit); +BIGNUM_BIT(mask_bits); static VALUE ossl_bn_is_bit_set(VALUE self, VALUE bit) @@ -397,23 +389,10 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit) GetBN(self, bn); - if (BN_is_bit_set(bn, NUM2INT(bit)) == 1) + if (BN_is_bit_set(bn, NUM2INT(bit)) == 1) { return Qtrue; - - return Qfalse; -} - -static VALUE -ossl_bn_mask_bits(VALUE self, VALUE bit) -{ - BIGNUM *bn = NULL; - - GetBN(self, bn); - - if (BN_mask_bits(bn, NUM2INT(bit)) != 1) { - OSSL_Raise(eBNError, ""); } - return self; + return Qfalse; } #define BIGNUM_SHIFT(func) \ @@ -433,7 +412,6 @@ ossl_bn_mask_bits(VALUE self, VALUE bit) BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - \ WrapBN(obj, result); \ \ return obj; \ @@ -466,28 +444,25 @@ BIGNUM_RAND(pseudo_rand); static VALUE \ ossl_bn_s_##func##_range(VALUE klass, VALUE range) \ { \ - BIGNUM *bn = NULL; \ - BIGNUM *result = NULL; \ - VALUE obj; \ - \ - OSSL_Check_Type(range, cBN); \ - GetBN(range, bn); \ - \ - if (!(result = BN_new())) { \ - OSSL_Raise(eBNError, ""); \ - } \ - if (!BN_##func##_range(result, bn)) { \ - BN_free(result); \ - OSSL_Raise(eBNError, ""); \ - } \ - WrapBN(obj, result); \ - \ - return obj; \ -} + BIGNUM *bn = NULL; \ + BIGNUM *result = NULL; \ + VALUE obj; \ + \ + OSSLGetBN(range, bn); \ + \ + if (!(result = BN_new())) { \ + OSSL_Raise(eBNError, ""); \ + } \ + if (!BN_##func##_range(result, bn)) { \ + BN_free(result); \ + OSSL_Raise(eBNError, ""); \ + } \ + WrapBN(obj, result); \ + \ + return obj; \ + } BIGNUM_RAND_RANGE(rand); -#if OPENSSL_VERSION_NUMBER >= 0x0090603fL /* "OpenSSL 0.9.6c 21 dec 2001" */ - BIGNUM_RAND_RANGE(pseudo_rand); -#endif +BIGNUM_RAND_RANGE(pseudo_rand); static VALUE ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) @@ -498,18 +473,15 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) rb_scan_args(argc, argv, "13", &vnum, &vsafe, &vadd, &vrem); - if (vsafe == Qfalse) + if (vsafe == Qfalse) { safe = 0; - + } if (!NIL_P(vadd)) { - if (NIL_P(vrem)) + if (NIL_P(vrem)) { rb_raise(rb_eArgError, "if ADD is specified, REM must be also given"); - - OSSL_Check_Type(vadd, cBN); - OSSL_Check_Type(vrem, cBN); - - GetBN(vadd, add); - GetBN(vrem, rem); + } + OSSLGetBN(vadd, add); + OSSLGetBN(vrem, rem); } if (!(result = BN_new())) { @@ -524,7 +496,7 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) return obj; } -#define BIGNUM_RETURN_INT(func) \ +#define BIGNUM_NUM(func) \ static VALUE \ ossl_bn_##func(VALUE self) \ { \ @@ -534,8 +506,8 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) \ return INT2FIX(BN_##func(bn)); \ } -BIGNUM_RETURN_INT(num_bytes); -BIGNUM_RETURN_INT(num_bits); +BIGNUM_NUM(num_bytes); +BIGNUM_NUM(num_bits); static VALUE ossl_bn_dup(VALUE self) @@ -554,8 +526,7 @@ ossl_bn_copy(VALUE self, VALUE other) GetBN(self, bn1); - OSSL_Check_Type(other, cBN); - GetBN(other, bn2); + OSSLGetBN(other, bn2); if (!BN_copy(bn1, bn2)) { OSSL_Raise(eBNError, ""); @@ -569,10 +540,9 @@ ossl_bn_copy(VALUE self, VALUE other) { \ BIGNUM *bn1 = NULL, *bn2 = NULL; \ \ - OSSL_Check_Type(other, cBN); \ - \ GetBN(self, bn1); \ - GetBN(other, bn2); \ + \ + OSSLGetBN(other, bn2); \ \ return INT2FIX(BN_##func(bn1, bn2)); \ } @@ -582,9 +552,9 @@ BIGNUM_CMP(ucmp); static VALUE ossl_bn_eql(VALUE self, VALUE other) { - if (FIX2INT(ossl_bn_cmp(self, other)) == 0) + if (ossl_bn_cmp(self, other) == INT2FIX(0)) { return Qtrue; - + } return Qfalse; } @@ -592,19 +562,16 @@ static VALUE ossl_bn_is_prime(int argc, VALUE *argv, VALUE self) { BIGNUM *bn = NULL; - BN_CTX ctx; VALUE vchecks; int checks = BN_prime_checks; - rb_scan_args(argc, argv, "01", &vchecks); - GetBN(self, bn); - if (!NIL_P(vchecks)) + if (rb_scan_args(argc, argv, "01", &vchecks) == 0) { checks = NUM2INT(vchecks); + } - BN_CTX_init(&ctx); - switch (BN_is_prime(bn, checks, NULL, &ctx, NULL)) { + switch (BN_is_prime(bn, checks, NULL, ossl_bn_ctx, NULL)) { case 1: return Qtrue; case 0: @@ -621,23 +588,22 @@ static VALUE ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) { BIGNUM *bn = NULL; - BN_CTX ctx; VALUE vchecks, vtrivdiv; int checks = BN_prime_checks, do_trial_division = 1; + GetBN(self, bn); + rb_scan_args(argc, argv, "02", &vchecks, &vtrivdiv); - GetBN(self, bn); - if (!NIL_P(vchecks)) + if (!NIL_P(vchecks)) { checks = NUM2INT(vchecks); - + } /* handle true/false */ - if (vtrivdiv == Qfalse) + if (vtrivdiv == Qfalse) { do_trial_division = 0; - - BN_CTX_init(&ctx); - switch (BN_is_prime_fasttest(bn, checks, NULL, &ctx, NULL, do_trial_division)) { + } + switch (BN_is_prime_fasttest(bn, checks, NULL, ossl_bn_ctx, NULL, do_trial_division)) { case 1: return Qtrue; case 0: @@ -652,78 +618,115 @@ ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) /* * INIT + * (NOTE: ordering of methods is the same as in 'man bn') */ void -Init_bn(VALUE module) +Init_ossl_bn() { - eBNError = rb_define_class_under(module, "BNError", rb_eStandardError); + if (!(ossl_bn_ctx = BN_CTX_new())) { + OSSL_Raise(rb_eRuntimeError, "Cannot init BN_CTX"); + } - cBN = rb_define_class_under(module, "BN", rb_cObject); + eBNError = rb_define_class_under(mOSSL, "BNError", eOSSLError); - rb_define_singleton_method(cBN, "new", ossl_bn_s_new, -1); - - rb_define_private_method(cBN, "from_s_bin", ossl_bn_from_s_bin, 1); - rb_define_private_method(cBN, "from_s_mpi", ossl_bn_from_s_mpi, 1); - rb_define_private_method(cBN, "from_s_dec", ossl_bn_from_s_dec, 1); - rb_define_private_method(cBN, "from_s_hex", ossl_bn_from_s_hex, 1); + cBN = rb_define_class_under(mOSSL, "BN", rb_cObject); + + rb_define_singleton_method(cBN, "allocate", ossl_bn_s_allocate, 0); + rb_define_method(cBN, "initialize", ossl_bn_initialize, -1); + rb_enable_super(cBN, "initialize"); - rb_define_method(cBN, "to_s_bin", ossl_bn_to_s_bin, 0); - rb_define_method(cBN, "to_s_mpi", ossl_bn_to_s_mpi, 0); - rb_define_method(cBN, "to_s_dec", ossl_bn_to_s_dec, 0); - rb_define_method(cBN, "to_s_hex", ossl_bn_to_s_hex, 0); + rb_define_method(cBN, "copy", ossl_bn_copy, 1); + rb_define_method(cBN, "dup", ossl_bn_dup, 0); - rb_define_method(cBN, "zero?", ossl_bn_is_zero, 0); - rb_define_method(cBN, "one?", ossl_bn_is_one, 0); - rb_define_method(cBN, "odd?", ossl_bn_is_odd, 0); + /* swap (=coerce?) */ + + rb_define_method(cBN, "num_bytes", ossl_bn_num_bytes, 0); + rb_define_method(cBN, "num_bits", ossl_bn_num_bits, 0); + /* num_bits_word */ - rb_define_method(cBN, "sqr", ossl_bn_sqr, 0); - rb_define_method(cBN, "+", ossl_bn_add, 1); rb_define_method(cBN, "-", ossl_bn_sub, 1); - rb_define_method(cBN, "*", ossl_bn_mul, 1); - rb_define_method(cBN, "%", ossl_bn_mod, 1); - rb_define_method(cBN, "**", ossl_bn_exp, 1); - rb_define_method(cBN, "gcd", ossl_bn_gcd, 1); - + rb_define_method(cBN, "sqr", ossl_bn_sqr, 0); rb_define_method(cBN, "/", ossl_bn_div, 1); - rb_define_method(cBN, "mod_inverse", ossl_bn_mod_inverse, 1); - + rb_define_method(cBN, "%", ossl_bn_mod, 1); + /* nnmod */ + + rb_define_method(cBN, "mod_add", ossl_bn_mod_add, 1); + rb_define_method(cBN, "mod_sub", ossl_bn_mod_sub, 1); rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 1); + rb_define_method(cBN, "mod_sqr", ossl_bn_mod_sqr, 1); + rb_define_method(cBN, "**", ossl_bn_exp, 1); rb_define_method(cBN, "mod_exp", ossl_bn_mod_exp, 1); + rb_define_method(cBN, "gcd", ossl_bn_gcd, 1); - rb_define_method(cBN, "set_bit!", ossl_bn_set_bit, 1); - rb_define_method(cBN, "clear_bit!", ossl_bn_clear_bit, 1); - - rb_define_method(cBN, "bit_set?", ossl_bn_is_bit_set, 1); - rb_define_method(cBN, "mask_bits!", ossl_bn_mask_bits, 1); - - rb_define_method(cBN, "<<", ossl_bn_lshift, 1); - rb_define_method(cBN, ">>", ossl_bn_rshift, 1); + /* add_word + * sub_word + * mul_word + * div_word + * mod_word */ + + rb_define_method(cBN, "cmp", ossl_bn_cmp, 1); + rb_define_alias(cBN, "<=>", "cmp"); + rb_define_method(cBN, "ucmp", ossl_bn_ucmp, 1); + rb_define_method(cBN, "eql?", ossl_bn_eql, 1); + rb_define_alias(cBN, "==", "eql?"); + rb_define_alias(cBN, "===", "eql?"); + rb_define_method(cBN, "zero?", ossl_bn_is_zero, 0); + rb_define_method(cBN, "one?", ossl_bn_is_one, 0); + /* is_word */ + rb_define_method(cBN, "odd?", ossl_bn_is_odd, 0); + + /* zero + * one + * value_one - DON'T IMPL. + * set_word + * get_word */ rb_define_singleton_method(cBN, "rand", ossl_bn_s_rand, 3); rb_define_singleton_method(cBN, "pseudo_rand", ossl_bn_s_pseudo_rand, 3); rb_define_singleton_method(cBN, "rand_range", ossl_bn_s_rand_range, 1); -#if OPENSSL_VERSION_NUMBER >= 0x0090603fL /* "OpenSSL 0.9.6c 21 dec 2001" */ rb_define_singleton_method(cBN, "pseudo_rand_range", ossl_bn_s_pseudo_rand_range, 1); -#endif + rb_define_singleton_method(cBN, "generate_prime", ossl_bn_s_generate_prime, -1); + rb_define_method(cBN, "prime?", ossl_bn_is_prime, -1); - rb_define_method(cBN, "num_bytes", ossl_bn_num_bytes, 0); - rb_define_method(cBN, "num_bits", ossl_bn_num_bits, 0); + rb_define_method(cBN, "set_bit!", ossl_bn_set_bit, 1); + rb_define_method(cBN, "clear_bit!", ossl_bn_clear_bit, 1); + rb_define_method(cBN, "bit_set?", ossl_bn_is_bit_set, 1); + rb_define_method(cBN, "mask_bits!", ossl_bn_mask_bits, 1); + rb_define_method(cBN, "<<", ossl_bn_lshift, 1); + /* lshift1 - DON'T IMPL. */ + rb_define_method(cBN, ">>", ossl_bn_rshift, 1); + /* rshift1 - DON'T IMPL. */ + + /* bn2bin + * bin2bn + * bn2hex + * bn2dec + * hex2bn + * dec2bn - all these are implemented in ossl_bn_initialize, and ossl_bn_to_s + * print - NOT IMPL. + * print_fp - NOT IMPL. + * bn2mpi + * mpi2bn */ + rb_define_method(cBN, "to_s", ossl_bn_to_s, -1); + /* + * TODO: + * But how to: from_bin, from_mpi? PACK? + * to_bin + * to_mpi + */ - rb_define_method(cBN, "dup", ossl_bn_dup, 0); - rb_define_method(cBN, "copy", ossl_bn_copy, 1); + rb_define_method(cBN, "mod_inverse", ossl_bn_mod_inverse, 1); - rb_define_method(cBN, "cmp", ossl_bn_cmp, 1); - rb_define_alias(cBN, "<=>", "cmp"); - rb_define_method(cBN, "ucmp", ossl_bn_ucmp, 1); - - rb_define_method(cBN, "eql?", ossl_bn_eql, 1); - rb_define_alias(cBN, "==", "eql?"); - rb_define_alias(cBN, "===", "eql?"); + /* RECiProcal + * MONTgomery */ - rb_define_method(cBN, "prime?", ossl_bn_is_prime, -1); + /* + * TODO: + * Where to belong these? + */ rb_define_method(cBN, "prime_fasttest?", ossl_bn_is_prime_fasttest, -1); } diff --git a/ossl_bn.h b/ossl_bn.h new file mode 100644 index 0000000..74be2a5 --- /dev/null +++ b/ossl_bn.h @@ -0,0 +1,40 @@ +/* + * $Id$ + * 'OpenSSL for Ruby' project + * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is licenced under the same licence as Ruby. + * (See the file 'LICENCE'.) + */ +#if !defined(_OSSL_BN_H_) +#define _OSSL_BN_H_ + +extern VALUE cBN; +extern VALUE eBNError; + +#define OSSLWrapBN(obj, bn) do { \ + if (!bn) { \ + rb_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(cBN, 0, BN_clear_free, bn); \ +} while (0) + +#define OSSLGetBN(obj, bn) do { \ + OSSL_Check_Instance(obj, cBN); \ + Data_Get_Struct(obj, BIGNUM, bn); \ + if (!bn) { \ + rb_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ + } \ +} while (0) + +#define OSSLBNValue(obj) OSSL_Check_Instance((obj), cBN) +#define OSSLBNValuePtr(obj) ossl_bn_get_BIGNUM((obj)) + +VALUE ossl_bn_new(BIGNUM *); +BIGNUM *ossl_bn_get_BIGNUM(VALUE); +void Init_ossl_bn(void); + +#endif /* _OSS_BN_H_ */ + diff --git a/ossl_cipher.c b/ossl_cipher.c index f908257..38e0d7c 100644 --- a/ossl_cipher.c +++ b/ossl_cipher.c @@ -33,6 +33,7 @@ /* * Classes */ +VALUE mCipher; VALUE cCipher; VALUE eCipherError; VALUE cDES, cRC4, cIdea, cRC2, cBlowFish, cCast5, cRC5, cAES; @@ -92,7 +93,7 @@ ossl_cipher_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; if (klass == cCipher) - rb_raise(rb_eNotImpError, "cannot do Cipher::ANY.new - it is an abstract class"); + rb_raise(rb_eNotImpError, "cannot do Cipher::Cipher.new - it is an abstract class"); MakeCipher(obj, klass, ciphp); @@ -264,12 +265,15 @@ ossl_des_initialize(int argc, VALUE *argv, VALUE self) case ECB: nid = NID_des_ecb; break; +/* + * NO LONGER SUPPORTED IN OPENSSL case EDE: nid = NID_des_ede; break; case EDE3: nid = NID_des_ede3; break; + */ case CFB: nid = NID_des_cfb64; break; @@ -541,46 +545,46 @@ ossl_aes_initialize(int argc, VALUE *argv, VALUE self) switch (spec) { case BIT128+ECB: - nid = NID_aes128_ecb; + nid = NID_aes_128_ecb; break; /* case BIT128+CFB: - nid = NID_aes128_cfb; + nid = NID_aes_128_cfb; break; case BIT128+OFB: - nid = NID_aes128_ofb; + nid = NID_aes_128_ofb; break; */ case BIT128+CBC: - nid = NID_aes128_cbc; + nid = NID_aes_128_cbc; break; case BIT192+ECB: - nid = NID_aes192_ecb; + nid = NID_aes_192_ecb; break; /* case BIT192+CFB: - nid = NID_aes192_cfb; + nid = NID_aes_192_cfb; break; case BIT192+OFB: - nid = NID_aes192_ofb; + nid = NID_aes_192_ofb; break; */ case BIT192+CBC: - nid = NID_aes192_cbc; + nid = NID_aes_192_cbc; break; case BIT256+ECB: - nid = NID_aes256_ecb; + nid = NID_aes_256_ecb; break; /* case BIT256+CFB: - nid = NID_aes256_cfb; + nid = NID_aes_256_cfb; break; case BIT256+OFB: - nid = NID_aes256_ofb; + nid = NID_aes_256_ofb; break; */ case BIT256+CBC: - nid = NID_aes256_cbc; + nid = NID_aes_256_cbc; break; default: rb_raise(rb_eTypeError, "unsupported combination of modes"); @@ -595,11 +599,13 @@ ossl_aes_initialize(int argc, VALUE *argv, VALUE self) * INIT */ void -Init_ossl_cipher(VALUE module) +Init_ossl_cipher(void) { - eCipherError = rb_define_class_under(module, "CipherError", rb_eStandardError); + mCipher = rb_define_module_under(mOSSL, "Cipher"); + + eCipherError = rb_define_class_under(mOSSL, "CipherError", eOSSLError); - cCipher = rb_define_class_under(module, "ANY", rb_cObject); + cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject); rb_define_singleton_method(cCipher, "new", ossl_cipher_s_new, -1); /*"initialize"*/ rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1); @@ -611,7 +617,7 @@ Init_ossl_cipher(VALUE module) /* * Constants */ -#define DefCipherConst(x) rb_define_const(module, #x, INT2FIX(x)) +#define DefCipherConst(x) rb_define_const(mOSSL, #x, INT2FIX(x)) DefCipherConst(ECB); DefCipherConst(EDE); @@ -629,69 +635,67 @@ Init_ossl_cipher(VALUE module) * automation for classes creation and initialize method binding */ #define DefCipher(name, func) \ - c##name = rb_define_class_under(module, #name, cCipher); \ + c##name = rb_define_class_under(mOSSL, #name, cCipher); \ rb_define_method(c##name, "initialize", ossl_##func##_initialize, -1) /* * create classes and bind initialize method */ -#if !defined(NO_DES) && !defined(OPENSSL_NO_DES) +#if !defined(OPENSSL_NO_DES) DefCipher(DES, des); #else # warning >>> OpenSSL is compiled without DES support <<< rb_warning("OpenSSL is compiled without DES support"); #endif /* NO_DES */ - -#if !defined(NO_RC2) && !defined(OPENSSL_NO_RC2) + +#if !defined(OPENSSL_NO_RC2) DefCipher(RC2, rc2); #else # warning >>> OpenSSL is compiled without RC2 support <<< rb_warning("OpenSSL is compiled without RC2 support"); #endif /* NO_RC2 */ - -#if !defined(NO_RC4) && !defined(OPENSSL_NO_RC4) + +#if !defined(OPENSSL_NO_RC4) DefCipher(RC4, rc4); #else # warning >>> OpenSSL is compiled without RC4 support <<< rb_warning("OpenSSL is compiled without RC4 support"); #endif /* NO_RC4 */ -#if !defined(NO_RC5) && !defined(OPENSSL_NO_RC5) +#if !defined(OPENSSL_NO_RC5) DefCipher(RC5, rc5); #else # warning >>> OpenSSL is compiled without RC5 support <<< rb_warning("OpenSSL is compiled without RC5 support"); #endif /* NO_RC5 */ -#if !defined(NO_BF) && !defined(OPENSSL_NO_BF) +#if !defined(OPENSSL_NO_BF) DefCipher(BlowFish, bf); #else # warning >>> OpenSSL is compiled without BF support <<< rb_warning("OpenSSL is compiled without BlowFish support"); #endif /* NO_BF */ -#if !defined(NO_CAST) && !defined(OPENSSL_NO_CAST) +#if !defined(OPENSSL_NO_CAST) DefCipher(Cast5, cast5); #else # warning >>> OpenSSL is compiled without CAST support <<< rb_warning("OpenSSL is compiled without Cast5 support"); #endif /* NO_CAST */ -#if !defined(NO_IDEA) && !defined(OPENSSL_NO_IDEA) +#if !defined(OPENSSL_NO_IDEA) DefCipher(Idea, idea); #else # warning >>> OpenSSL is compiled without IDEA support <<< rb_warning("OpenSSL is compiled without Idea support"); #endif /* NO_IDEA */ -#if OPENSSL_VERSION_NUMBER >= 0x00907000L /* DEV version of OpenSSL has AES */ -# if !defined(OPENSSL_NO_AES) +#if !defined(OPENSSL_NO_AES) DefCipher(AES, aes); -# else +#else # warning >>> OpenSSL is compiled without AES support <<< rb_warning("OpenSSL is compiled without AES support"); -# endif /* NO_AES */ -#endif /* OPENSSL_VERSION_NUMBER */ +#endif /* NO_AES */ -} /* Init_ */ +} /* Init_ossl_cipher */ diff --git a/ossl_cipher.h b/ossl_cipher.h new file mode 100644 index 0000000..24c7b3d --- /dev/null +++ b/ossl_cipher.h @@ -0,0 +1,27 @@ +/* + * $Id$ + * 'OpenSSL for Ruby' project + * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is licenced under the same licence as Ruby. + * (See the file 'LICENCE'.) + */ +#if !defined(_OSSL_CIPHER_H_) +#define _OSSL_CIPHER_H_ + +extern VALUE mCipher; +extern VALUE cCipher; +extern VALUE eCipherError; +extern VALUE cDES, cRC4, cIdea, cRC2, cBlowFish, cCast5, cRC5, cAES; + +#define OSSLCipherValue(obj) OSSL_Check_Instance((obj), cCipher) +#define OSSLCipherValuePtr(obj) ossl_cipher_get_EVP_CIPHER((obj)) + +int ossl_cipher_get_NID(VALUE); +const EVP_CIPHER *ossl_cipher_get_EVP_CIPHER(VALUE); +void Init_ossl_cipher(void); + +#endif /* _OSSL_DIGEST_H_ */ + diff --git a/ossl_config.c b/ossl_config.c index 01508a9..109c687 100644 --- a/ossl_config.c +++ b/ossl_config.c @@ -114,7 +114,7 @@ ossl_config_get_section(VALUE self, VALUE section) void Init_ossl_config(VALUE module) { - eConfigError = rb_define_class_under(module, "ConfigError", rb_eStandardError); + eConfigError = rb_define_class_under(module, "ConfigError", eOSSLError); cConfig = rb_define_class_under(module, "Config", rb_cObject); diff --git a/ossl_digest.c b/ossl_digest.c index 8a62b3f..0c284c3 100644 --- a/ossl_digest.c +++ b/ossl_digest.c @@ -10,15 +10,19 @@ */ #include "ossl.h" -#define WrapDigest(klass, obj, ctx) obj = Data_Wrap_Struct(klass, 0, CRYPTO_free, ctx) -#define GetDigest(obj, ctx) Data_Get_Struct(obj, EVP_MD_CTX, ctx) +#define WrapDigest OSSLWrapDigest +#define GetDigest(obj, ctx) do { \ + Data_Get_Struct(obj, EVP_MD_CTX, ctx); \ + if (!ctx) { \ + rb_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \ + } \ +} while (0) /* * Classes */ VALUE cDigest; VALUE eDigestError; -VALUE cMD2, cMD4, cMD5, cMDC2, cRIPEMD160, cSHA, cSHA1, cDSS, cDSS1; /* * Public @@ -28,9 +32,7 @@ ossl_digest_get_NID(VALUE obj) { EVP_MD_CTX *ctx = NULL; - OSSL_Check_Type(obj, cDigest); - - GetDigest(obj, ctx); + OSSLGetDigest(obj, ctx); return EVP_MD_CTX_type(ctx); /*== ctx->digest->type*/ } @@ -40,9 +42,7 @@ ossl_digest_get_EVP_MD(VALUE obj) { EVP_MD_CTX *ctx = NULL; - OSSL_Check_Type(obj, cDigest); - - GetDigest(obj, ctx); + OSSLGetDigest(obj, ctx); return EVP_MD_CTX_md(ctx); /*== ctx->digest*/ } @@ -51,32 +51,46 @@ ossl_digest_get_EVP_MD(VALUE obj) * Private */ static VALUE -ossl_digest_s_new(int argc, VALUE *argv, VALUE klass) +ossl_digest_s_allocate(VALUE klass) { EVP_MD_CTX *ctx = NULL; VALUE obj; - if (klass == cDigest) - rb_raise(rb_eNotImpError, "cannot do Digest::ANY.new - it is an abstract class"); - if (!(ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)))) { OSSL_Raise(eDigestError, "Cannot allocate memory for a digest's CTX"); } WrapDigest(klass, obj, ctx); - rb_obj_call_init(obj, argc, argv); - return obj; } static VALUE +ossl_digest_initialize(VALUE self, VALUE str) +{ + EVP_MD_CTX *ctx = NULL; + const EVP_MD *md; + char *md_name = NULL; + + GetDigest(self, ctx); + + md_name = StringValuePtr(str); + + if (!(md = EVP_get_digestbyname(md_name))) { + rb_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", md_name); + } + EVP_DigestInit(ctx, md); + + return self; +} + +static VALUE ossl_digest_update(VALUE self, VALUE data) { EVP_MD_CTX *ctx = NULL; GetDigest(self, ctx); - data = rb_String(data); + StringValue(data); EVP_DigestUpdate(ctx, RSTRING(data)->ptr, RSTRING(data)->len); @@ -107,9 +121,6 @@ ossl_digest_digest(VALUE self) return digest; } -/* - * RUBY attitude - */ static VALUE ossl_digest_hexdigest(VALUE self) { @@ -129,176 +140,120 @@ ossl_digest_hexdigest(VALUE self) } EVP_DigestFinal(&final, digest_txt, &digest_len); - if (!(hexdigest_txt = OPENSSL_malloc(2*digest_len+1))) { + if (!(hexdigest_txt = OPENSSL_malloc(2 * digest_len + 1))) { OPENSSL_free(digest_txt); OSSL_Raise(eDigestError, "Memory alloc error"); } for (i = 0; i < digest_len; i++) { - hexdigest_txt[i + i] = hex[((unsigned char)digest_txt[i]) >> 4]; - hexdigest_txt[i + i + 1] = hex[digest_txt[i] & 0x0f]; + hexdigest_txt[2 * i] = hex[((unsigned char)digest_txt[i]) >> 4]; + hexdigest_txt[2 * i + 1] = hex[digest_txt[i] & 0x0f]; } - hexdigest_txt[i + i] = '\0'; - hexdigest = rb_str_new(hexdigest_txt, 2*digest_len); + hexdigest_txt[2 * i] = '\0'; + hexdigest = rb_str_new(hexdigest_txt, 2 * digest_len); OPENSSL_free(digest_txt); OPENSSL_free(hexdigest_txt); return hexdigest; } -/* - * OPENSSL attitude - * static VALUE -ossl_digest_hexdigest(VALUE self) +ossl_digest_s_digest(VALUE klass, VALUE str, VALUE data) { - EVP_MD_CTX *ctx = NULL, final; - unsigned char *digest_txt = NULL, *hexdigest_txt = NULL; - int i,digest_len = 0; - VALUE hexdigest; + VALUE obj = rb_class_new_instance(1, &str, cDigest); + + ossl_digest_update(obj, data); + + return ossl_digest_digest(obj); +} + +static VALUE +ossl_digest_s_hexdigest(VALUE klass, VALUE str, VALUE data) +{ + VALUE obj = rb_class_new_instance(1, &str, cDigest); + + ossl_digest_update(obj, data); + + return ossl_digest_hexdigest(obj); +} + +static VALUE +ossl_digest_clone(VALUE self) +{ + EVP_MD_CTX *ctx = NULL, *other; + VALUE obj; GetDigest(self, ctx); - if (!EVP_MD_CTX_copy(&final, ctx)) { + obj = rb_obj_alloc(CLASS_OF(self)); + + GetDigest(obj, other); + + if (!EVP_MD_CTX_copy(other, ctx)) { OSSL_Raise(eDigestError, ""); } + + return obj; +} - if (!(digest_txt = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) { - OSSL_Raise(eDigestError, "Cannot allocate memory for digest"); - } - EVP_DigestFinal(&final, digest_txt, &digest_len); +static VALUE +ossl_digest_equal(VALUE self, VALUE other) +{ + EVP_MD_CTX *ctx = NULL; + VALUE str1, str2; - hexdigest_txt = hex_to_string(digest_txt, digest_len); - hexdigest = rb_str_new2(hexdigest_txt); - OPENSSL_free(digest_txt); - OPENSSL_free(hexdigest_txt); + GetDigest(self, ctx); + + if (CLASS_OF(other) == CLASS_OF(self)) { + str2 = ossl_digest_digest(other); + } else { + StringValue(other); + str2 = other; + } - return hexdigest; -} - */ + if (RSTRING(str2)->len == EVP_MD_CTX_size(ctx)) { + str1 = ossl_digest_digest(self); + } else { + str1 = ossl_digest_hexdigest(self); + } -/* - * automation of digest initialization method - */ -#define DefDigestInit(dgst) \ - static VALUE \ - ossl_##dgst##_initialize(int argc, VALUE *argv, VALUE self) \ - { \ - EVP_MD_CTX *ctx = NULL; \ - VALUE data; \ - \ - GetDigest(self, ctx); \ - \ - EVP_DigestInit(ctx, EVP_##dgst()); \ - \ - if (rb_scan_args(argc, argv, "01", &data) == 1) { \ - data = rb_String(data); \ - EVP_DigestUpdate(ctx, RSTRING(data)->ptr, RSTRING(data)->len); \ - } \ - return self; \ + if (RSTRING(str1)->len == RSTRING(str2)->len && + rb_str_cmp(str1, str2) == 0) { + return Qtrue; } -/* - * Define digest initialize methods - */ -#if !defined(NO_MD2) && !defined(OPENSSL_NO_MD2) - DefDigestInit(md2); -#endif -#if !defined(NO_MD4) && !defined(OPENSSL_NO_MD4) - DefDigestInit(md4); -#endif -#if !defined(NO_MD5) && !defined(OPENSSL_NO_MD5) - DefDigestInit(md5); -#endif -#if !defined(NO_SHA) && !defined(OPENSSL_NO_SHA) - DefDigestInit(sha); - DefDigestInit(sha1); - DefDigestInit(dss); - DefDigestInit(dss1); -#endif -#if !defined(NO_RIPEMD) && !defined(OPENSSL_NO_RIPEMD) - DefDigestInit(ripemd160); -#endif -#if !defined(NO_MDC2) && !defined(OPENSSL_NO_MDC2) - DefDigestInit(mdc2); -#endif + return Qfalse; +} /* * INIT */ void -Init_ossl_digest(VALUE module) +Init_ossl_digest() { - eDigestError = rb_define_class_under(module, "DigestError", rb_eStandardError); + mDigest = rb_define_module_under(mOSSL, "Digest"); - cDigest = rb_define_class_under(module, "ANY", rb_cObject); - rb_define_singleton_method(cDigest, "new", ossl_digest_s_new, -1); -/* rb_define_singleton_method(cDigest, "digest", ossl_digest_s_digest, 1); - rb_define_singleton_method(cDigest, "hexdigest", ossl_digest_s_hexdigest, 1); - rb_define_method(cDigest, "initialize", ossl_digest_init, -1); + eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError); + + cDigest = rb_define_class_under(mDigest, "Digest", rb_cObject); + + rb_define_singleton_method(cDigest, "allocate", ossl_digest_s_allocate, 0); + rb_define_singleton_method(cDigest, "digest", ossl_digest_s_digest, 2); + rb_define_singleton_method(cDigest, "hexdigest", ossl_digest_s_hexdigest, 2); + + rb_define_method(cDigest, "initialize", ossl_digest_initialize, 1); + rb_enable_super(cDigest, "initialize"); + rb_define_method(cDigest, "clone", ossl_digest_clone, 0); - */ - rb_define_method(cDigest, "update", ossl_digest_update, 1); - rb_define_alias(cDigest, "<<", "update"); + rb_define_method(cDigest, "digest", ossl_digest_digest, 0); rb_define_method(cDigest, "hexdigest", ossl_digest_hexdigest, 0); rb_define_alias(cDigest, "inspect", "hexdigest"); rb_define_alias(cDigest, "to_s", "hexdigest"); - /*rb_define_method(cDigest, "==", ossl_digest_equal, 1);*/ - -/* - * automation for classes creation and initialize method binding - */ -#define DefDigest(name, func) \ - c##name = rb_define_class_under(module, #name, cDigest); \ - rb_define_method(c##name, "initialize", ossl_##func##_initialize, -1) - -/* - * create classes and bind initialize method - */ -#if !defined(NO_MD2) && !defined(OPENSSL_NO_MD2) - DefDigest(MD2, md2); -#else -# warning >>> OpenSSL is compiled without MD2 support <<< - rb_warning("OpenSSL is compiled without MD2 support"); -#endif /* NO_MD2 */ - -#if !defined(NO_MD4) && !defined(OPENSSL_NO_MD4) - DefDigest(MD4, md4); -#else -# warning >>> OpenSSL is compiled without MD4 support <<< - rb_warning("OpenSSL is compiled without MD4 support"); -#endif /* NO_MD4 */ - -#if !defined(NO_MD5) && !defined(OPENSSL_NO_MD5) - DefDigest(MD5, md5); -#else -# warning >>> OpenSSL is compiled without MD5 support <<< - rb_warning("OpenSSL is compiled without MD5 support"); -#endif /* NO_MD5 */ -#if !defined(NO_SHA) && !defined(OPENSSL_NO_SHA) - DefDigest(SHA, sha); - DefDigest(SHA1, sha1); - DefDigest(DSS, dss); - DefDigest(DSS1, dss1); -#else -# warning >>> OpenSSL is compiled without SHA, DSS support <<< - rb_warning("OpenSSL is compiled without SHA, DSS support"); -#endif /* NO_SHA */ - -#if !defined(NO_RIPEMD) && !defined(OPENSSL_NO_RIPEMD) - DefDigest(RIPEMD160, ripemd160); -#else -# warning >>> OpenSSL is compiled without RIPEMD160 support <<< - rb_warning("OpenSSL is compiled without RIPEMD160 support"); -#endif /* NO_RIPEMD */ - -#if !defined(NO_MDC2) && !defined(OPENSSL_NO_MDC2) - DefDigest(MDC2, mdc2); -#else -# warning >>> OpenSSL is compiled without MDC2 support <<< - rb_warning("OpenSSL is compiled without MDC2 support"); -#endif /* NO_MDC2 */ + rb_define_method(cDigest, "update", ossl_digest_update, 1); + rb_define_alias(cDigest, "<<", "update"); -} /* Init_ */ + rb_define_method(cDigest, "==", ossl_digest_equal, 1); + +} /* Init_ossl_digest */ diff --git a/ossl_digest.h b/ossl_digest.h new file mode 100644 index 0000000..aad8e25 --- /dev/null +++ b/ossl_digest.h @@ -0,0 +1,40 @@ +/* + * $Id$ + * 'OpenSSL for Ruby' project + * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is licenced under the same licence as Ruby. + * (See the file 'LICENCE'.) + */ +#if !defined(_OSSL_DIGEST_H_) +#define _OSSL_DIGEST_H_ + +extern VALUE mDigest; +extern VALUE cDigest; +extern VALUE eDigestError; + +#define OSSLWrapDigest(klass, obj, ctx) do { \ + if (!ctx) { \ + rb_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, CRYPTO_free, ctx); \ +} while (0) + +#define OSSLGetDigest(obj, ctx) do { \ + OSSL_Check_Instance(obj, cDigest); \ + Data_Get_Struct(obj, EVP_MD_CTX, ctx); \ + if (!ctx) { \ + rb_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \ + } \ +} while (0) + +#define OSSLDigestValue(obj) OSSL_Check_Instance((obj), cDigest) + +int ossl_digest_get_NID(VALUE); +const EVP_MD *ossl_digest_get_EVP_MD(VALUE); +void Init_ossl_digest(void); + +#endif /* _OSSL_DIGEST_H_ */ + diff --git a/ossl_hmac.c b/ossl_hmac.c index f09775f..3bbd0d9 100644 --- a/ossl_hmac.c +++ b/ossl_hmac.c @@ -8,7 +8,7 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(NO_HMAC) && !defined(OPENSSL_NO_HMAC) +#if !defined(OPENSSL_NO_HMAC) #include "ossl.h" @@ -142,9 +142,9 @@ ossl_hmac_hexhmac(VALUE self) * INIT */ void -Init_hmac(VALUE module) +Init_ossl_hmac(VALUE module) { - eHMACError = rb_define_class_under(module, "HMACError", rb_eStandardError); + eHMACError = rb_define_class_under(module, "HMACError", eOSSLError); cHMAC = rb_define_class_under(module, "HMAC", rb_cObject); rb_define_singleton_method(cHMAC, "new", ossl_hmac_s_new, -1); @@ -160,7 +160,7 @@ Init_hmac(VALUE module) #else /* NO_HMAC */ void -Init_hmac(VALUE module) +Init_ossl_hmac(VALUE module) { rb_warning("HMAC will NOT be avaible: OpenSSL is compiled without HMAC."); } diff --git a/ossl_ns_spki.c b/ossl_ns_spki.c index 6529365..f1c0f89 100644 --- a/ossl_ns_spki.c +++ b/ossl_ns_spki.c @@ -224,7 +224,7 @@ ossl_spki_verify(VALUE self, VALUE key) void Init_ossl_spki(VALUE module) { - eSPKIError = rb_define_class_under(module, "SPKIError", rb_eStandardError); + eSPKIError = rb_define_class_under(module, "SPKIError", eOSSLError); cSPKI = rb_define_class_under(module, "SPKI", rb_cObject); rb_define_singleton_method(cSPKI, "new", ossl_spki_s_new, -1); diff --git a/ossl_pkcs7.c b/ossl_pkcs7.c index 07c828d..27026f1 100644 --- a/ossl_pkcs7.c +++ b/ossl_pkcs7.c @@ -575,9 +575,9 @@ ossl_pkcs7si_get_signed_time(VALUE self) * INIT */ void -Init_pkcs7(VALUE module) +Init_ossl_pkcs7(VALUE module) { - ePKCS7Error = rb_define_class_under(module, "PKCS7Error", rb_eStandardError); + ePKCS7Error = rb_define_class_under(module, "PKCS7Error", eOSSLError); cPKCS7 = rb_define_class_under(module, "PKCS7", rb_cObject); /* diff --git a/ossl_pkey.c b/ossl_pkey.c index e45b4cf..7252c45 100644 --- a/ossl_pkey.c +++ b/ossl_pkey.c @@ -11,10 +11,10 @@ #include "ossl.h" #include "ossl_pkey.h" -#define GetPKey(obj, pkeyp) {\ +#define GetPKey(obj, pkeyp) do {\ Data_Get_Struct(obj, ossl_pkey, pkeyp);\ if (!pkeyp->get_EVP_PKEY) rb_raise(ePKeyError, "not initialized!");\ -} +} while (0) /* * Classes @@ -38,15 +38,15 @@ ossl_pkey_new(EVP_PKEY *key) rb_raise(ePKeyError, "Cannot make new key from NULL."); switch (key->type) { -#if !defined(NO_RSA) && !defined(OPENSSL_NO_RSA) +#if !defined(OPENSSL_NO_RSA) case EVP_PKEY_RSA: return ossl_rsa_new(key->pkey.rsa); #endif -#if !defined(NO_DSA) && !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_DSA) case EVP_PKEY_DSA: return ossl_dsa_new(key->pkey.dsa); #endif -#if !defined(NO_DH) && !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_DH) case EVP_PKEY_DH: return ossl_dh_new(key->pkey.dh); #endif @@ -122,7 +122,7 @@ Init_ossl_pkey(VALUE module) { id_private_q = rb_intern("private?"); - ePKeyError = rb_define_class_under(module, "PKeyError", rb_eStandardError); + ePKeyError = rb_define_class_under(module, "PKeyError", eOSSLError); cPKey = rb_define_class_under(module, "ANY", rb_cObject); rb_define_singleton_method(cPKey, "new", ossl_pkey_s_new, -1); diff --git a/ossl_pkey.h b/ossl_pkey.h index ab0895f..77e4e43 100644 --- a/ossl_pkey.h +++ b/ossl_pkey.h @@ -8,7 +8,7 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#ifndef _OSSL_PKEY_H_ +#if !defined(_OSSL_PKEY_H_) #define _OSSL_PKEY_H_ /* diff --git a/ossl_pkey_dh.c b/ossl_pkey_dh.c index 82d2920..afe2f16 100644 --- a/ossl_pkey_dh.c +++ b/ossl_pkey_dh.c @@ -8,7 +8,7 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(NO_DH) && !defined(OPENSSL_NO_DH) +#if !defined(OPENSSL_NO_DH) #include "ossl.h" #include "ossl_pkey.h" @@ -78,7 +78,7 @@ ossl_dh_get_DH(VALUE obj) ossl_dh *dhp = NULL; DH *dh = NULL; - OSSL_Check_Type(obj, cDH); + OSSL_Check_Instance(obj, cDH); GetDH(obj, dhp); dh = DHparams_dup(dhp->dh); @@ -142,7 +142,7 @@ ossl_dh_s_new_from_pem(VALUE klass, VALUE buffer) /* * CB for yielding when generating DH params */ -static void MS_CALLBACK +static void ossl_dh_generate_cb(int p, int n, void *arg) { VALUE ary; diff --git a/ossl_pkey_dsa.c b/ossl_pkey_dsa.c index 22be74b..d0779ce 100644 --- a/ossl_pkey_dsa.c +++ b/ossl_pkey_dsa.c @@ -8,7 +8,7 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(NO_DSA) && !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_DSA) #include "ossl.h" #include "ossl_pkey.h" @@ -154,7 +154,7 @@ ossl_dsa_s_new_from_pem(int argc, VALUE *argv, VALUE klass) /* * CB for yielding when generating DSA params */ -static void MS_CALLBACK +static void ossl_dsa_generate_cb(int p, int n, void *arg) { VALUE ary; diff --git a/ossl_pkey_rsa.c b/ossl_pkey_rsa.c index 2f9a7cd..e74892c 100644 --- a/ossl_pkey_rsa.c +++ b/ossl_pkey_rsa.c @@ -8,7 +8,7 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#if !defined(NO_RSA) && !defined(OPENSSL_NO_RSA) +#if !defined(OPENSSL_NO_RSA) #include "ossl.h" #include "ossl_pkey.h" @@ -155,7 +155,7 @@ ossl_rsa_s_new_from_pem(int argc, VALUE *argv, VALUE klass) /* * CB for yielding when generating RSA data */ -static void MS_CALLBACK +static void ossl_rsa_generate_cb(int p, int n, void *arg) { VALUE ary; diff --git a/ossl_rand.c b/ossl_rand.c index e149fbd..f5fbf9f 100644 --- a/ossl_rand.c +++ b/ossl_rand.c @@ -121,6 +121,6 @@ Init_ossl_rand(VALUE module) rb_define_method(module, "egd", ossl_rand_egd, 1); rb_define_method(module, "egd_bytes", ossl_rand_egd_bytes, 2); - eRandomError = rb_define_class_under(module, "RandomError", rb_eStandardError); + eRandomError = rb_define_class_under(module, "RandomError", eOSSLError); } @@ -32,6 +32,7 @@ #include "ossl.h" #include <rubysig.h> #include <rubyio.h> +#include <unistd.h> /* for read(), and write() */ #define numberof(ary) (sizeof(ary)/sizeof((ary)[0])) @@ -136,7 +137,7 @@ ssl_false(VALUE dummy) return Qfalse; } -static int MS_CALLBACK +static int ssl_verify_callback(int ok, X509_STORE_CTX *ctx) { VALUE x509stc, args, ret = Qnil; @@ -607,12 +608,12 @@ ssl_set_key_file2(VALUE self, VALUE v) } void -Init_ssl(VALUE module) +Init_ossl_ssl(VALUE module) { int i; /* class SSLError */ - eSSLError = rb_define_class_under(module, "Error", rb_eStandardError); + eSSLError = rb_define_class_under(module, "SSLError", eOSSLError); /* class SSLSocket */ cSSLSocket = rb_define_class_under(module, "SSLSocket", rb_cObject); diff --git a/ossl_version.h b/ossl_version.h index c1842ea..a10476c 100644 --- a/ossl_version.h +++ b/ossl_version.h @@ -1,8 +1,18 @@ -#ifndef OSSL_VERSION_H -#define OSSL_VERSION_H +/* + * $Id$ + * 'OpenSSL for Ruby' project + * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is licenced under the same licence as Ruby. + * (See the file 'LICENCE'.) + */ +#if !defined(_OSSL_VERSION_H_) +#define _OSSL_VERSION_H_ -/*#define OSSL_VERSION "0.1.2"*/ -#define OSSL_VERSION "CVS SNAPSHOT ($Date$)" +/*#define OSSL_VERSION "0.2.0"*/ +#define OSSL_VERSION "OSSL2 - CVS SNAPSHOT ($Date$)" #endif diff --git a/ossl_x509.c b/ossl_x509.c index f42d376..63a121c 100644 --- a/ossl_x509.c +++ b/ossl_x509.c @@ -10,638 +10,20 @@ */ #include "ossl.h" -#define WrapX509(obj, x509) obj = Data_Wrap_Struct(cX509Certificate, 0, X509_free, x509) -#define GetX509(obj, x509) Data_Get_Struct(obj, X509, x509) +VALUE mX509; -/* - * Classes - */ -VALUE cX509Certificate; -VALUE eX509CertificateError; - -/* - * Public - */ -VALUE -ossl_x509_new(X509 *x509) -{ - X509 *new = NULL; - VALUE obj; - - if (!x509) - new = X509_new(); - else new = X509_dup(x509); - - if (!new) - OSSL_Raise(eX509CertificateError, ""); - - WrapX509(obj, new); - - return obj; -} - -VALUE -ossl_x509_new_from_file(VALUE filename) -{ - X509 *x509 = NULL; - char *path; - FILE *fp; - VALUE obj; - - filename = rb_str_to_str(filename); - Check_SafeStr(filename); - - path = RSTRING(filename)->ptr; - - if (!(fp = fopen(path, "r"))) - rb_raise(eX509CertificateError, "%s", strerror(errno)); - - x509 = PEM_read_X509(fp, NULL, NULL, NULL); - fclose(fp); - - if (!x509) - OSSL_Raise(eX509CertificateError, ""); - - WrapX509(obj, x509); - - return obj; -} - -X509 * -ossl_x509_get_X509(VALUE obj) -{ - X509 *x509 = NULL, *new; - - OSSL_Check_Type(obj, cX509Certificate); - - GetX509(obj, x509); - - if (!(new = X509_dup(x509))) { - OSSL_Raise(eX509CertificateError, ""); - } - return new; -} - -/* - * Private - */ -static VALUE -ossl_x509_s_new(int argc, VALUE *argv, VALUE klass) -{ - VALUE obj; - - obj = ossl_x509_new(NULL); - - rb_obj_call_init(obj, argc, argv); - - return obj; -} - -static VALUE -ossl_x509_initialize(int argc, VALUE *argv, VALUE self) -{ - BIO *in = NULL; - VALUE buffer; - - if (argc == 0) - return self; - - buffer = rb_String(argv[0]); - - if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { - OSSL_Raise(eX509CertificateError, ""); - } - if (!PEM_read_bio_X509(in, (X509 **)&DATA_PTR(self), NULL, NULL)) { - BIO_free(in); - OSSL_Raise(eX509CertificateError, ""); - } - BIO_free(in); - - return self; -} - -static VALUE -ossl_x509_to_der(VALUE self) -{ - X509 *x509 = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; - VALUE str; - - GetX509(self, x509); - - if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509CertificateError, ""); - } - if (!i2d_X509_bio(out, x509)) { - BIO_free(out); - OSSL_Raise(eX509CertificateError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); - BIO_free(out); - - return str; -} - -static VALUE -ossl_x509_to_pem(VALUE self) -{ - X509 *x509 = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; - VALUE str; - - GetX509(self, x509); - - if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509CertificateError, ""); - } - if (!PEM_write_bio_X509(out, x509)) { - BIO_free(out); - OSSL_Raise(eX509CertificateError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); - BIO_free(out); - - return str; -} - -static VALUE -ossl_x509_to_text(VALUE self) -{ - X509 *x509 = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; - VALUE str; - - GetX509(self, x509); - - if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509CertificateError, ""); - } - if (!X509_print(out, x509)) { - BIO_free(out); - OSSL_Raise(eX509CertificateError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); - BIO_free(out); - - return str; -} - -/* - * Makes from X509 X509_REQuest - * -static VALUE -ossl_x509_to_req(VALUE self) -{ - X509 *x509 = NULL; - X509_REQ *req = NULL; - - GetX509(self, x509); - - if (!(req = X509_to_X509_REQ(x509, NULL, EVP_md5()))) { - OSSL_Raise(eX509CertificateError, ""); - } - - return ossl_x509req_new(req); -} - */ - -static VALUE -ossl_x509_get_version(VALUE self) -{ - X509 *x509 = NULL; - long ver = 0; - - GetX509(self, x509); - - ver = X509_get_version(x509); - - return INT2NUM(ver); -} - -static VALUE -ossl_x509_set_version(VALUE self, VALUE version) -{ - X509 *x509 = NULL; - long ver = 0; - - GetX509(self, x509); - - if ((ver = FIX2LONG(version)) < 0) { - rb_raise(eX509CertificateError, "version must be >= 0!"); - } - if (!X509_set_version(x509, ver)) { - OSSL_Raise(eX509CertificateError, ""); - } - - return version; -} - -static VALUE -ossl_x509_get_serial(VALUE self) -{ - X509 *x509 = NULL; - ASN1_INTEGER *asn1int = NULL; - long serial = 0; - - GetX509(self, x509); - - if (!(asn1int = X509_get_serialNumber(x509))) { /* NO DUP - don't free */ - OSSL_Raise(eX509CertificateError, ""); - } - serial = ASN1_INTEGER_get(asn1int); - - return INT2NUM(serial); -} - -static VALUE -ossl_x509_set_serial(VALUE self, VALUE serial) -{ - X509 *x509 = NULL; - ASN1_INTEGER *asn1int = NULL; - - GetX509(self, x509); - - if (!(asn1int = ASN1_INTEGER_new())) { - OSSL_Raise(eX509CertificateError, ""); - } - if (!ASN1_INTEGER_set(asn1int, FIX2LONG(serial))) { - ASN1_INTEGER_free(asn1int); - OSSL_Raise(eX509CertificateError, ""); - } - if (!X509_set_serialNumber(x509, asn1int)) { /* DUPs asn1int - FREE it */ - ASN1_INTEGER_free(asn1int); - OSSL_Raise(eX509CertificateError, ""); - } - ASN1_INTEGER_free(asn1int); - - return serial; -} - -static VALUE -ossl_x509_get_subject(VALUE self) -{ - X509 *x509 = NULL; - X509_NAME *name = NULL; - - GetX509(self, x509); - - if (!(name = X509_get_subject_name(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); - } - - return ossl_x509name_new(name); -} - -static VALUE -ossl_x509_set_subject(VALUE self, VALUE subject) -{ - X509 *x509 = NULL; - X509_NAME *name = NULL; - - GetX509(self, x509); - - name = ossl_x509name_get_X509_NAME(subject); - - if (!X509_set_subject_name(x509, name)) { /* DUPs name - FREE it */ - X509_NAME_free(name); - OSSL_Raise(eX509CertificateError, ""); - } - X509_NAME_free(name); - - return subject; -} - -static VALUE -ossl_x509_get_issuer(VALUE self) -{ - X509 *x509 = NULL; - X509_NAME *name = NULL; - - GetX509(self, x509); - - if(!(name = X509_get_issuer_name(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); - } - - return ossl_x509name_new(name); -} - -static VALUE -ossl_x509_set_issuer(VALUE self, VALUE issuer) -{ - X509 *x509 = NULL; - X509_NAME *name = NULL; - - GetX509(self, x509); - - name = ossl_x509name_get_X509_NAME(issuer); - - if (!X509_set_issuer_name(x509, name)) { /* DUPs name - FREE it */ - X509_NAME_free(name); - OSSL_Raise(eX509CertificateError, ""); - } - X509_NAME_free(name); - - return issuer; -} - -static VALUE -ossl_x509_get_not_before(VALUE self) -{ - X509 *x509 = NULL; - ASN1_UTCTIME *asn1time = NULL; - - GetX509(self, x509); - - if (!(asn1time = X509_get_notBefore(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); - } - - return asn1time_to_time(asn1time); -} - -static VALUE -ossl_x509_set_not_before(VALUE self, VALUE time) -{ - X509 *x509 = NULL; - time_t sec; - - GetX509(self, x509); - - sec = time_to_time_t(time); - - if (!ASN1_UTCTIME_set(X509_get_notBefore(x509), sec)) { - OSSL_Raise(eX509CertificateError, ""); - } - return time; -} - -static VALUE -ossl_x509_get_not_after(VALUE self) -{ - X509 *x509 = NULL; - ASN1_UTCTIME *asn1time = NULL; - - GetX509(self, x509); - - if (!(asn1time = X509_get_notAfter(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); - } - - return asn1time_to_time(asn1time); -} - -static VALUE -ossl_x509_set_not_after(VALUE self, VALUE time) -{ - X509 *x509 = NULL; - time_t sec; - - GetX509(self, x509); - - sec = time_to_time_t(time); - - if (!ASN1_UTCTIME_set(X509_get_notAfter(x509), sec)) { - OSSL_Raise(eX509CertificateError, ""); - } - return time; -} - -static VALUE -ossl_x509_get_public_key(VALUE self) -{ - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - VALUE pub_key; - - GetX509(self, x509); - - if (!(pkey = X509_get_pubkey(x509))) { /* adds an reference - safe to FREE */ - OSSL_Raise(eX509CertificateError, ""); - } - pub_key = ossl_pkey_new(pkey); - EVP_PKEY_free(pkey); - - return pub_key; -} - -static VALUE -ossl_x509_set_public_key(VALUE self, VALUE pubk) -{ - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - - GetX509(self, x509); - - pkey = ossl_pkey_get_EVP_PKEY(pubk); - - if (!X509_set_pubkey(x509, pkey)) { /* DUPs pkey - FREE it */ - EVP_PKEY_free(pkey); - OSSL_Raise(eX509CertificateError, ""); - } - EVP_PKEY_free(pkey); - - return self; -} - -static VALUE -ossl_x509_sign(VALUE self, VALUE key, VALUE digest) -{ - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - const EVP_MD *md = NULL; - - GetX509(self, x509); - - OSSL_Check_Type(key, cPKey); - OSSL_Check_Type(digest, cDigest); - - if (rb_funcall(key, rb_intern("private?"), 0, NULL) == Qfalse) { - rb_raise(eX509CertificateError, "PRIVATE key needed to sign X509 Certificate!"); - } - - pkey = ossl_pkey_get_EVP_PKEY(key); - md = ossl_digest_get_EVP_MD(digest); - - if (!X509_sign(x509, pkey, md)) { - EVP_PKEY_free(pkey); - OSSL_Raise(eX509CertificateError, ""); - } - EVP_PKEY_free(pkey); - - return self; -} - -/* - * Checks that cert signature is made with PRIVversion of this PUBLIC 'key' - */ -static VALUE -ossl_x509_verify(VALUE self, VALUE key) -{ - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - int i = 0; - - GetX509(self, x509); - - pkey = ossl_pkey_get_EVP_PKEY(key); - - i = X509_verify(x509, pkey); - EVP_PKEY_free(pkey); - - if (i < 0) { - OSSL_Raise(eX509CertificateError, ""); - } else if (i > 0) - return Qtrue; - - return Qfalse; -} - -/* - * Checks is 'key' is PRIV key for this cert - */ -static VALUE -ossl_x509_check_private_key(VALUE self, VALUE key) -{ - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - VALUE result; - - GetX509(self, x509); - - pkey = ossl_pkey_get_EVP_PKEY(key); - - if (!X509_check_private_key(x509, pkey)) { - OSSL_Warning("Check private key:"); - result = Qfalse; - } else - result = Qtrue; - - EVP_PKEY_free(pkey); - - return result; -} - -/* - * Gets X509v3 extensions as array of X509Ext objects - */ -static VALUE -ossl_x509_get_extensions(VALUE self) -{ - X509 *x509 = NULL; - int count = 0, i; - X509_EXTENSION *ext = NULL; - VALUE ary; - - GetX509(self, x509); - - count = X509_get_ext_count(x509); - - if (count > 0) - ary = rb_ary_new2(count); - else - return rb_ary_new(); - - for (i=0; i<count; i++) { - ext = X509_get_ext(x509, i); /* NO DUP - don't free! */ - rb_ary_push(ary, ossl_x509ext_new(ext)); - } - - return ary; -} - -/* - * Sets X509_EXTENSIONs - */ -static VALUE -ossl_x509_set_extensions(VALUE self, VALUE ary) -{ - X509 *x509 = NULL; - X509_EXTENSION *ext = NULL; - int i = 0; - - GetX509(self, x509); - - Check_Type(ary, T_ARRAY); - for (i=0; i<RARRAY(ary)->len; i++) { /* All ary's members should be X509Extension */ - OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Extension); - } - - sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); - x509->cert_info->extensions = NULL; - - for (i=0; i<RARRAY(ary)->len; i++) { - ext = ossl_x509ext_get_X509_EXTENSION(RARRAY(ary)->ptr[i]); - - if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ - X509_EXTENSION_free(ext); - OSSL_Raise(eX509CertificateError, ""); - } - X509_EXTENSION_free(ext); - } - - return ary; -} - -static VALUE -ossl_x509_add_extension(VALUE self, VALUE extension) -{ - X509 *x509 = NULL; - X509_EXTENSION *ext = NULL; - - GetX509(self, x509); - - ext = ossl_x509ext_get_X509_EXTENSION(extension); - - if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ - X509_EXTENSION_free(ext); - OSSL_Raise(eX509CertificateError, ""); - } - X509_EXTENSION_free(ext); - - return extension; -} - -/* - * INIT - */ -void -Init_ossl_x509(VALUE module) +void +Init_ossl_x509() { - eX509CertificateError = rb_define_class_under(module, "CertificateError", rb_eStandardError); + mX509 = rb_define_module_under(mOSSL, "X509"); - cX509Certificate = rb_define_class_under(module, "Certificate", rb_cObject); - rb_define_singleton_method(cX509Certificate, "new", ossl_x509_s_new, -1); - rb_define_method(cX509Certificate, "initialize", ossl_x509_initialize, -1); - rb_define_method(cX509Certificate, "to_der", ossl_x509_to_der, 0); - rb_define_method(cX509Certificate, "to_pem", ossl_x509_to_pem, 0); - rb_define_alias(cX509Certificate, "to_s", "to_pem"); - rb_define_method(cX509Certificate, "to_text", ossl_x509_to_text, 0); - rb_define_method(cX509Certificate, "version", ossl_x509_get_version, 0); - rb_define_method(cX509Certificate, "version=", ossl_x509_set_version, 1); - rb_define_method(cX509Certificate, "serial", ossl_x509_get_serial, 0); - rb_define_method(cX509Certificate, "serial=", ossl_x509_set_serial, 1); - rb_define_method(cX509Certificate, "subject", ossl_x509_get_subject, 0); - rb_define_method(cX509Certificate, "subject=", ossl_x509_set_subject, 1); - rb_define_method(cX509Certificate, "issuer", ossl_x509_get_issuer, 0); - rb_define_method(cX509Certificate, "issuer=", ossl_x509_set_issuer, 1); - rb_define_method(cX509Certificate, "not_before", ossl_x509_get_not_before, 0); - rb_define_method(cX509Certificate, "not_before=", ossl_x509_set_not_before, 1); - rb_define_method(cX509Certificate, "not_after", ossl_x509_get_not_after, 0); - rb_define_method(cX509Certificate, "not_after=", ossl_x509_set_not_after, 1); - rb_define_method(cX509Certificate, "public_key", ossl_x509_get_public_key, 0); - rb_define_method(cX509Certificate, "public_key=", ossl_x509_set_public_key, 1); - rb_define_method(cX509Certificate, "sign", ossl_x509_sign, 2); - rb_define_method(cX509Certificate, "verify", ossl_x509_verify, 1); - rb_define_method(cX509Certificate, "check_private_key", ossl_x509_check_private_key, 1); - rb_define_method(cX509Certificate, "extensions", ossl_x509_get_extensions, 0); - rb_define_method(cX509Certificate, "extensions=", ossl_x509_set_extensions, 1); - rb_define_method(cX509Certificate, "add_extension", ossl_x509_add_extension, 1); + Init_ossl_x509attr(mX509); + Init_ossl_x509cert(mX509); + Init_ossl_x509crl(mX509); + Init_ossl_x509ext(mX509); + Init_ossl_x509name(mX509); + Init_ossl_x509req(mX509); + Init_ossl_x509revoked(mX509); + Init_ossl_x509store(mX509); } diff --git a/ossl_x509.h b/ossl_x509.h new file mode 100644 index 0000000..6f6f272 --- /dev/null +++ b/ossl_x509.h @@ -0,0 +1,92 @@ +/* + * $Id$ + * 'OpenSSL for Ruby' project + * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is licenced under the same licence as Ruby. + * (See the file 'LICENCE'.) + */ +#if !defined(_OSSL_X509_H_) +#define _OSSL_X509_H_ + +extern VALUE mX509; +extern VALUE cX509Certificate; +extern VALUE eX509CertificateError; +extern VALUE cX509Attribute; +extern VALUE eX509AttributeError; +extern VALUE cX509CRL; +extern VALUE eX509CRLError; +extern VALUE cX509Extension; +extern VALUE cX509ExtensionFactory; +extern VALUE eX509ExtensionError; +extern VALUE cX509Name; +extern VALUE eX509NameError; +extern VALUE cX509Request; +extern VALUE eX509RequestError; +extern VALUE cX509Revoked; +extern VALUE eX509RevokedError; +extern VALUE cX509Store; +extern VALUE eX509StoreError; + +void Init_ossl_x509(void); + +/* + * X509 + */ +VALUE ossl_x509_new(X509 *); +VALUE ossl_x509_new_from_file(VALUE); +X509 *ossl_x509_get_X509(VALUE); +void Init_ossl_x509cert(VALUE); + +/* + * X509CRL + */ +X509_CRL *ossl_x509crl_get_X509_CRL(VALUE); +void Init_ossl_x509crl(VALUE); + +/* + * X509Name + */ +VALUE ossl_x509name_new(X509_NAME *); +X509_NAME *ossl_x509name_get_X509_NAME(VALUE); +void Init_ossl_x509name(VALUE); + +/* + * X509Request + */ +VALUE ossl_x509req_new(X509_REQ *); +X509_REQ *ossl_x509req_get_X509_REQ(VALUE); +void Init_ossl_x509req(VALUE); + +/* + * X509Revoked + */ +VALUE ossl_x509revoked_new(X509_REVOKED *); +X509_REVOKED *ossl_x509revoked_get_X509_REVOKED(VALUE); +void Init_ossl_x509revoked(VALUE); + +/* + * X509Store + */ +VALUE ossl_x509store_new(X509_STORE_CTX *); +X509_STORE *ossl_x509store_get_X509_STORE(VALUE); +void Init_ossl_x509store(VALUE); + +/* + * X509Extension + */ +VALUE ossl_x509ext_new(X509_EXTENSION *); +X509_EXTENSION *ossl_x509ext_get_X509_EXTENSION(VALUE); +void Init_ossl_x509ext(VALUE); + +/* + * X509Attribute + */ +VALUE ossl_x509attr_new(X509_ATTRIBUTE *); +X509_ATTRIBUTE *ossl_x509attr_get_X509_ATTRIBUTE(VALUE); +void Init_ossl_x509attr(VALUE); + +#endif /* _OSSL_X509_H_ */ + diff --git a/ossl_x509attr.c b/ossl_x509attr.c index 67eecd3..404dd20 100644 --- a/ossl_x509attr.c +++ b/ossl_x509attr.c @@ -135,7 +135,7 @@ ossl_x509attr_to_a(VALUE self) void Init_ossl_x509attr(VALUE module) { - eX509AttributeError = rb_define_class_under(module, "AttributeError", rb_eStandardError); + eX509AttributeError = rb_define_class_under(module, "AttributeError", eOSSLError); cX509Attribute = rb_define_class_under(module, "Attribute", rb_cObject); rb_define_singleton_method(cX509Attribute, "new_from_array", ossl_x509attr_s_new_from_array, 1); diff --git a/ossl_x509cert.c b/ossl_x509cert.c new file mode 100644 index 0000000..378217e --- /dev/null +++ b/ossl_x509cert.c @@ -0,0 +1,647 @@ +/* + * $Id$ + * 'OpenSSL for Ruby' project + * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is licenced under the same licence as Ruby. + * (See the file 'LICENCE'.) + */ +#include "ossl.h" + +#define WrapX509(obj, x509) obj = Data_Wrap_Struct(cX509Certificate, 0, X509_free, x509) +#define GetX509(obj, x509) Data_Get_Struct(obj, X509, x509) + +/* + * Classes + */ +VALUE cX509Certificate; +VALUE eX509CertificateError; + +/* + * Public + */ +VALUE +ossl_x509_new(X509 *x509) +{ + X509 *new = NULL; + VALUE obj; + + if (!x509) + new = X509_new(); + else new = X509_dup(x509); + + if (!new) + OSSL_Raise(eX509CertificateError, ""); + + WrapX509(obj, new); + + return obj; +} + +VALUE +ossl_x509_new_from_file(VALUE filename) +{ + X509 *x509 = NULL; + char *path; + FILE *fp; + VALUE obj; + + filename = rb_str_to_str(filename); + Check_SafeStr(filename); + + path = RSTRING(filename)->ptr; + + if (!(fp = fopen(path, "r"))) + rb_raise(eX509CertificateError, "%s", strerror(errno)); + + x509 = PEM_read_X509(fp, NULL, NULL, NULL); + fclose(fp); + + if (!x509) + OSSL_Raise(eX509CertificateError, ""); + + WrapX509(obj, x509); + + return obj; +} + +X509 * +ossl_x509_get_X509(VALUE obj) +{ + X509 *x509 = NULL, *new; + + OSSL_Check_Type(obj, cX509Certificate); + + GetX509(obj, x509); + + if (!(new = X509_dup(x509))) { + OSSL_Raise(eX509CertificateError, ""); + } + return new; +} + +/* + * Private + */ +static VALUE +ossl_x509_s_new(int argc, VALUE *argv, VALUE klass) +{ + VALUE obj; + + obj = ossl_x509_new(NULL); + + rb_obj_call_init(obj, argc, argv); + + return obj; +} + +static VALUE +ossl_x509_initialize(int argc, VALUE *argv, VALUE self) +{ + BIO *in = NULL; + VALUE buffer; + + if (argc == 0) + return self; + + buffer = rb_String(argv[0]); + + if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { + OSSL_Raise(eX509CertificateError, ""); + } + if (!PEM_read_bio_X509(in, (X509 **)&DATA_PTR(self), NULL, NULL)) { + BIO_free(in); + OSSL_Raise(eX509CertificateError, ""); + } + BIO_free(in); + + return self; +} + +static VALUE +ossl_x509_to_der(VALUE self) +{ + X509 *x509 = NULL; + BIO *out = NULL; + BUF_MEM *buf = NULL; + VALUE str; + + GetX509(self, x509); + + if (!(out = BIO_new(BIO_s_mem()))) { + OSSL_Raise(eX509CertificateError, ""); + } + if (!i2d_X509_bio(out, x509)) { + BIO_free(out); + OSSL_Raise(eX509CertificateError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; +} + +static VALUE +ossl_x509_to_pem(VALUE self) +{ + X509 *x509 = NULL; + BIO *out = NULL; + BUF_MEM *buf = NULL; + VALUE str; + + GetX509(self, x509); + + if (!(out = BIO_new(BIO_s_mem()))) { + OSSL_Raise(eX509CertificateError, ""); + } + if (!PEM_write_bio_X509(out, x509)) { + BIO_free(out); + OSSL_Raise(eX509CertificateError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; +} + +static VALUE +ossl_x509_to_text(VALUE self) +{ + X509 *x509 = NULL; + BIO *out = NULL; + BUF_MEM *buf = NULL; + VALUE str; + + GetX509(self, x509); + + if (!(out = BIO_new(BIO_s_mem()))) { + OSSL_Raise(eX509CertificateError, ""); + } + if (!X509_print(out, x509)) { + BIO_free(out); + OSSL_Raise(eX509CertificateError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; +} + +/* + * Makes from X509 X509_REQuest + * +static VALUE +ossl_x509_to_req(VALUE self) +{ + X509 *x509 = NULL; + X509_REQ *req = NULL; + + GetX509(self, x509); + + if (!(req = X509_to_X509_REQ(x509, NULL, EVP_md5()))) { + OSSL_Raise(eX509CertificateError, ""); + } + + return ossl_x509req_new(req); +} + */ + +static VALUE +ossl_x509_get_version(VALUE self) +{ + X509 *x509 = NULL; + long ver = 0; + + GetX509(self, x509); + + ver = X509_get_version(x509); + + return INT2NUM(ver); +} + +static VALUE +ossl_x509_set_version(VALUE self, VALUE version) +{ + X509 *x509 = NULL; + long ver = 0; + + GetX509(self, x509); + + if ((ver = FIX2LONG(version)) < 0) { + rb_raise(eX509CertificateError, "version must be >= 0!"); + } + if (!X509_set_version(x509, ver)) { + OSSL_Raise(eX509CertificateError, ""); + } + + return version; +} + +static VALUE +ossl_x509_get_serial(VALUE self) +{ + X509 *x509 = NULL; + ASN1_INTEGER *asn1int = NULL; + long serial = 0; + + GetX509(self, x509); + + if (!(asn1int = X509_get_serialNumber(x509))) { /* NO DUP - don't free */ + OSSL_Raise(eX509CertificateError, ""); + } + serial = ASN1_INTEGER_get(asn1int); + + return INT2NUM(serial); +} + +static VALUE +ossl_x509_set_serial(VALUE self, VALUE serial) +{ + X509 *x509 = NULL; + ASN1_INTEGER *asn1int = NULL; + + GetX509(self, x509); + + if (!(asn1int = ASN1_INTEGER_new())) { + OSSL_Raise(eX509CertificateError, ""); + } + if (!ASN1_INTEGER_set(asn1int, FIX2LONG(serial))) { + ASN1_INTEGER_free(asn1int); + OSSL_Raise(eX509CertificateError, ""); + } + if (!X509_set_serialNumber(x509, asn1int)) { /* DUPs asn1int - FREE it */ + ASN1_INTEGER_free(asn1int); + OSSL_Raise(eX509CertificateError, ""); + } + ASN1_INTEGER_free(asn1int); + + return serial; +} + +static VALUE +ossl_x509_get_subject(VALUE self) +{ + X509 *x509 = NULL; + X509_NAME *name = NULL; + + GetX509(self, x509); + + if (!(name = X509_get_subject_name(x509))) { /* NO DUP - don't free! */ + OSSL_Raise(eX509CertificateError, ""); + } + + return ossl_x509name_new(name); +} + +static VALUE +ossl_x509_set_subject(VALUE self, VALUE subject) +{ + X509 *x509 = NULL; + X509_NAME *name = NULL; + + GetX509(self, x509); + + name = ossl_x509name_get_X509_NAME(subject); + + if (!X509_set_subject_name(x509, name)) { /* DUPs name - FREE it */ + X509_NAME_free(name); + OSSL_Raise(eX509CertificateError, ""); + } + X509_NAME_free(name); + + return subject; +} + +static VALUE +ossl_x509_get_issuer(VALUE self) +{ + X509 *x509 = NULL; + X509_NAME *name = NULL; + + GetX509(self, x509); + + if(!(name = X509_get_issuer_name(x509))) { /* NO DUP - don't free! */ + OSSL_Raise(eX509CertificateError, ""); + } + + return ossl_x509name_new(name); +} + +static VALUE +ossl_x509_set_issuer(VALUE self, VALUE issuer) +{ + X509 *x509 = NULL; + X509_NAME *name = NULL; + + GetX509(self, x509); + + name = ossl_x509name_get_X509_NAME(issuer); + + if (!X509_set_issuer_name(x509, name)) { /* DUPs name - FREE it */ + X509_NAME_free(name); + OSSL_Raise(eX509CertificateError, ""); + } + X509_NAME_free(name); + + return issuer; +} + +static VALUE +ossl_x509_get_not_before(VALUE self) +{ + X509 *x509 = NULL; + ASN1_UTCTIME *asn1time = NULL; + + GetX509(self, x509); + + if (!(asn1time = X509_get_notBefore(x509))) { /* NO DUP - don't free! */ + OSSL_Raise(eX509CertificateError, ""); + } + + return asn1time_to_time(asn1time); +} + +static VALUE +ossl_x509_set_not_before(VALUE self, VALUE time) +{ + X509 *x509 = NULL; + time_t sec; + + GetX509(self, x509); + + sec = time_to_time_t(time); + + if (!ASN1_UTCTIME_set(X509_get_notBefore(x509), sec)) { + OSSL_Raise(eX509CertificateError, ""); + } + return time; +} + +static VALUE +ossl_x509_get_not_after(VALUE self) +{ + X509 *x509 = NULL; + ASN1_UTCTIME *asn1time = NULL; + + GetX509(self, x509); + + if (!(asn1time = X509_get_notAfter(x509))) { /* NO DUP - don't free! */ + OSSL_Raise(eX509CertificateError, ""); + } + + return asn1time_to_time(asn1time); +} + +static VALUE +ossl_x509_set_not_after(VALUE self, VALUE time) +{ + X509 *x509 = NULL; + time_t sec; + + GetX509(self, x509); + + sec = time_to_time_t(time); + + if (!ASN1_UTCTIME_set(X509_get_notAfter(x509), sec)) { + OSSL_Raise(eX509CertificateError, ""); + } + return time; +} + +static VALUE +ossl_x509_get_public_key(VALUE self) +{ + X509 *x509 = NULL; + EVP_PKEY *pkey = NULL; + VALUE pub_key; + + GetX509(self, x509); + + if (!(pkey = X509_get_pubkey(x509))) { /* adds an reference - safe to FREE */ + OSSL_Raise(eX509CertificateError, ""); + } + pub_key = ossl_pkey_new(pkey); + EVP_PKEY_free(pkey); + + return pub_key; +} + +static VALUE +ossl_x509_set_public_key(VALUE self, VALUE pubk) +{ + X509 *x509 = NULL; + EVP_PKEY *pkey = NULL; + + GetX509(self, x509); + + pkey = ossl_pkey_get_EVP_PKEY(pubk); + + if (!X509_set_pubkey(x509, pkey)) { /* DUPs pkey - FREE it */ + EVP_PKEY_free(pkey); + OSSL_Raise(eX509CertificateError, ""); + } + EVP_PKEY_free(pkey); + + return self; +} + +static VALUE +ossl_x509_sign(VALUE self, VALUE key, VALUE digest) +{ + X509 *x509 = NULL; + EVP_PKEY *pkey = NULL; + const EVP_MD *md = NULL; + + GetX509(self, x509); + + OSSL_Check_Type(key, cPKey); + OSSL_Check_Type(digest, cDigest); + + if (rb_funcall(key, rb_intern("private?"), 0, NULL) == Qfalse) { + rb_raise(eX509CertificateError, "PRIVATE key needed to sign X509 Certificate!"); + } + + pkey = ossl_pkey_get_EVP_PKEY(key); + md = ossl_digest_get_EVP_MD(digest); + + if (!X509_sign(x509, pkey, md)) { + EVP_PKEY_free(pkey); + OSSL_Raise(eX509CertificateError, ""); + } + EVP_PKEY_free(pkey); + + return self; +} + +/* + * Checks that cert signature is made with PRIVversion of this PUBLIC 'key' + */ +static VALUE +ossl_x509_verify(VALUE self, VALUE key) +{ + X509 *x509 = NULL; + EVP_PKEY *pkey = NULL; + int i = 0; + + GetX509(self, x509); + + pkey = ossl_pkey_get_EVP_PKEY(key); + + i = X509_verify(x509, pkey); + EVP_PKEY_free(pkey); + + if (i < 0) { + OSSL_Raise(eX509CertificateError, ""); + } else if (i > 0) + return Qtrue; + + return Qfalse; +} + +/* + * Checks is 'key' is PRIV key for this cert + */ +static VALUE +ossl_x509_check_private_key(VALUE self, VALUE key) +{ + X509 *x509 = NULL; + EVP_PKEY *pkey = NULL; + VALUE result; + + GetX509(self, x509); + + pkey = ossl_pkey_get_EVP_PKEY(key); + + if (!X509_check_private_key(x509, pkey)) { + OSSL_Warning("Check private key:"); + result = Qfalse; + } else + result = Qtrue; + + EVP_PKEY_free(pkey); + + return result; +} + +/* + * Gets X509v3 extensions as array of X509Ext objects + */ +static VALUE +ossl_x509_get_extensions(VALUE self) +{ + X509 *x509 = NULL; + int count = 0, i; + X509_EXTENSION *ext = NULL; + VALUE ary; + + GetX509(self, x509); + + count = X509_get_ext_count(x509); + + if (count > 0) + ary = rb_ary_new2(count); + else + return rb_ary_new(); + + for (i=0; i<count; i++) { + ext = X509_get_ext(x509, i); /* NO DUP - don't free! */ + rb_ary_push(ary, ossl_x509ext_new(ext)); + } + + return ary; +} + +/* + * Sets X509_EXTENSIONs + */ +static VALUE +ossl_x509_set_extensions(VALUE self, VALUE ary) +{ + X509 *x509 = NULL; + X509_EXTENSION *ext = NULL; + int i = 0; + + GetX509(self, x509); + + Check_Type(ary, T_ARRAY); + for (i=0; i<RARRAY(ary)->len; i++) { /* All ary's members should be X509Extension */ + OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Extension); + } + + sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); + x509->cert_info->extensions = NULL; + + for (i=0; i<RARRAY(ary)->len; i++) { + ext = ossl_x509ext_get_X509_EXTENSION(RARRAY(ary)->ptr[i]); + + if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ + X509_EXTENSION_free(ext); + OSSL_Raise(eX509CertificateError, ""); + } + X509_EXTENSION_free(ext); + } + + return ary; +} + +static VALUE +ossl_x509_add_extension(VALUE self, VALUE extension) +{ + X509 *x509 = NULL; + X509_EXTENSION *ext = NULL; + + GetX509(self, x509); + + ext = ossl_x509ext_get_X509_EXTENSION(extension); + + if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ + X509_EXTENSION_free(ext); + OSSL_Raise(eX509CertificateError, ""); + } + X509_EXTENSION_free(ext); + + return extension; +} + +/* + * INIT + */ +void +Init_ossl_x509cert(VALUE module) +{ + eX509CertificateError = rb_define_class_under(module, "CertificateError", eOSSLError); + + cX509Certificate = rb_define_class_under(module, "Certificate", rb_cObject); + rb_define_singleton_method(cX509Certificate, "new", ossl_x509_s_new, -1); + rb_define_method(cX509Certificate, "initialize", ossl_x509_initialize, -1); + rb_define_method(cX509Certificate, "to_der", ossl_x509_to_der, 0); + rb_define_method(cX509Certificate, "to_pem", ossl_x509_to_pem, 0); + rb_define_alias(cX509Certificate, "to_s", "to_pem"); + rb_define_method(cX509Certificate, "to_text", ossl_x509_to_text, 0); + rb_define_method(cX509Certificate, "version", ossl_x509_get_version, 0); + rb_define_method(cX509Certificate, "version=", ossl_x509_set_version, 1); + rb_define_method(cX509Certificate, "serial", ossl_x509_get_serial, 0); + rb_define_method(cX509Certificate, "serial=", ossl_x509_set_serial, 1); + rb_define_method(cX509Certificate, "subject", ossl_x509_get_subject, 0); + rb_define_method(cX509Certificate, "subject=", ossl_x509_set_subject, 1); + rb_define_method(cX509Certificate, "issuer", ossl_x509_get_issuer, 0); + rb_define_method(cX509Certificate, "issuer=", ossl_x509_set_issuer, 1); + rb_define_method(cX509Certificate, "not_before", ossl_x509_get_not_before, 0); + rb_define_method(cX509Certificate, "not_before=", ossl_x509_set_not_before, 1); + rb_define_method(cX509Certificate, "not_after", ossl_x509_get_not_after, 0); + rb_define_method(cX509Certificate, "not_after=", ossl_x509_set_not_after, 1); + rb_define_method(cX509Certificate, "public_key", ossl_x509_get_public_key, 0); + rb_define_method(cX509Certificate, "public_key=", ossl_x509_set_public_key, 1); + rb_define_method(cX509Certificate, "sign", ossl_x509_sign, 2); + rb_define_method(cX509Certificate, "verify", ossl_x509_verify, 1); + rb_define_method(cX509Certificate, "check_private_key", ossl_x509_check_private_key, 1); + rb_define_method(cX509Certificate, "extensions", ossl_x509_get_extensions, 0); + rb_define_method(cX509Certificate, "extensions=", ossl_x509_set_extensions, 1); + rb_define_method(cX509Certificate, "add_extension", ossl_x509_add_extension, 1); +} + diff --git a/ossl_x509crl.c b/ossl_x509crl.c index 9f982e9..accf598 100644 --- a/ossl_x509crl.c +++ b/ossl_x509crl.c @@ -460,7 +460,7 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension) void Init_ossl_x509crl(VALUE module) { - eX509CRLError = rb_define_class_under(module, "CRLError", rb_eStandardError); + eX509CRLError = rb_define_class_under(module, "CRLError", eOSSLError); cX509CRL = rb_define_class_under(module, "CRL", rb_cObject); rb_define_singleton_method(cX509CRL, "new", ossl_x509crl_s_new, -1); diff --git a/ossl_x509ext.c b/ossl_x509ext.c index 42ebc31..555712a 100644 --- a/ossl_x509ext.c +++ b/ossl_x509ext.c @@ -261,7 +261,7 @@ void Init_ossl_x509ext(VALUE module) { - eX509ExtensionError = rb_define_class_under(module, "ExtensionError", rb_eStandardError); + eX509ExtensionError = rb_define_class_under(module, "ExtensionError", eOSSLError); cX509ExtensionFactory = rb_define_class_under(module, "ExtensionFactory", rb_cObject); rb_define_singleton_method(cX509ExtensionFactory, "new", ossl_x509extfactory_s_new, -1); diff --git a/ossl_x509name.c b/ossl_x509name.c index 905aa5d..89e1ae3 100644 --- a/ossl_x509name.c +++ b/ossl_x509name.c @@ -147,7 +147,7 @@ ossl_x509name_to_h(VALUE self) void Init_ossl_x509name(VALUE module) { - eX509NameError = rb_define_class_under(module, "NameError", rb_eStandardError); + eX509NameError = rb_define_class_under(module, "NameError", eOSSLError); cX509Name = rb_define_class_under(module, "Name", rb_cObject); rb_define_singleton_method(cX509Name, "new_from_hash", ossl_x509name_s_new_from_hash, 1); diff --git a/ossl_x509req.c b/ossl_x509req.c index ee7e76d..7208cd0 100644 --- a/ossl_x509req.c +++ b/ossl_x509req.c @@ -393,7 +393,7 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr) void Init_ossl_x509req(VALUE module) { - eX509RequestError = rb_define_class_under(module, "RequestError", rb_eStandardError); + eX509RequestError = rb_define_class_under(module, "RequestError", eOSSLError); cX509Request = rb_define_class_under(module, "Request", rb_cObject); rb_define_singleton_method(cX509Request, "new", ossl_x509req_s_new, -1); diff --git a/ossl_x509revoked.c b/ossl_x509revoked.c index fa8e0bb..eab88c6 100644 --- a/ossl_x509revoked.c +++ b/ossl_x509revoked.c @@ -214,7 +214,7 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext) void Init_ossl_x509revoked(VALUE module) { - eX509RevokedError = rb_define_class_under(module, "RevokedError", rb_eStandardError); + eX509RevokedError = rb_define_class_under(module, "RevokedError", eOSSLError); cX509Revoked = rb_define_class_under(module, "Revoked", rb_cObject); rb_define_singleton_method(cX509Revoked, "new", ossl_x509revoked_s_new, -1); diff --git a/ossl_x509store.c b/ossl_x509store.c index 8dcb143..00ee0c8 100644 --- a/ossl_x509store.c +++ b/ossl_x509store.c @@ -27,7 +27,7 @@ VALUE eX509StoreError; /* * General callback for OpenSSL verify */ -int MS_CALLBACK ossl_x509store_verify_cb(int, X509_STORE_CTX *); +int ossl_x509store_verify_cb(int, X509_STORE_CTX *); /* * Struct @@ -282,7 +282,7 @@ ossl_x509store_verify_false(VALUE dummy) return Qfalse; } -int MS_CALLBACK +int ossl_x509store_verify_cb(int ok, X509_STORE_CTX *ctx) { VALUE proc, store_ctx, args, ret = Qnil; @@ -466,7 +466,7 @@ Init_ossl_x509store(VALUE module) */ db_root = NULL; - eX509StoreError = rb_define_class_under(module, "StoreError", rb_eStandardError); + eX509StoreError = rb_define_class_under(module, "StoreError", eOSSLError); cX509Store = rb_define_class_under(module, "Store", rb_cObject); rb_define_singleton_method(cX509Store, "new", ossl_x509store_s_new, -1); |