Commit 7d5b02fc authored by Antonio Terceiro's avatar Antonio Terceiro

New upstream version 2.1.1

parent fe805d67
......@@ -18,13 +18,11 @@ matrix:
fast_finish: true
include:
- env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.0
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.1
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.2
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.1.0
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.3
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.4
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.5
- env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.6
- language: ruby
rvm: ruby-head
before_install:
......
Version 2.1.0
=============
Notable changes
---------------
* Support for OpenSSL versions before 1.0.1 and LibreSSL versions before 2.5
is removed.
[[GitHub #86]](https://github.com/ruby/openssl/pull/86)
* OpenSSL::BN#negative?, #+@, and #-@ are added.
* OpenSSL::SSL::SSLSocket#connect raises a more informative exception when
certificate verification fails.
[[GitHub #99]](https://github.com/ruby/openssl/pull/99)
* OpenSSL::KDF module is newly added. In addition to PBKDF2-HMAC that has moved
from OpenSSL::PKCS5, scrypt and HKDF are supported.
[[GitHub #109]](https://github.com/ruby/openssl/pull/109)
[[GitHub #173]](https://github.com/ruby/openssl/pull/173)
* OpenSSL.fips_mode is added. We had the setter, but not the getter.
[[GitHub #125]](https://github.com/ruby/openssl/pull/125)
* OpenSSL::OCSP::Request#signed? is added.
* OpenSSL::ASN1 handles the indefinite length form better. OpenSSL::ASN1.decode
no longer wrongly treats the end-of-contents octets as part of the content.
OpenSSL::ASN1::ASN1Data#infinite_length is renamed to #indefinite_length.
[[GitHub #98]](https://github.com/ruby/openssl/pull/98)
* OpenSSL::X509::Name#add_entry now accepts two additional keyword arguments
'loc' and 'set'.
[[GitHub #94]](https://github.com/ruby/openssl/issues/94)
* OpenSSL::SSL::SSLContext#min_version= and #max_version= are added to replace
#ssl_version= that was built on top of the deprecated OpenSSL C API. Use of
that method and the constant OpenSSL::SSL::SSLContext::METHODS is now
deprecated.
[[GitHub #142]](https://github.com/ruby/openssl/pull/142)
* OpenSSL::X509::Name#to_utf8 is added.
[[GitHub #26]](https://github.com/ruby/openssl/issues/26)
[[GitHub #143]](https://github.com/ruby/openssl/pull/143)
* OpenSSL::X509::{Extension,Attribute,Certificate,CRL,Revoked,Request} can be
compared with == operator.
[[GitHub #161]](https://github.com/ruby/openssl/pull/161)
* TLS Fallback Signaling Cipher Suite Value (SCSV) support is added.
[[GitHub #165]](https://github.com/ruby/openssl/pull/165)
* Build failure with OpenSSL 1.1 built with no-deprecated is fixed.
[[GitHub #160]](https://github.com/ruby/openssl/pull/160)
* OpenSSL::Buffering#write accepts an arbitrary number of arguments.
[[Feature #9323]](https://bugs.ruby-lang.org/issues/9323)
[[GitHub #162]](https://github.com/ruby/openssl/pull/162)
* OpenSSL::PKey::RSA#sign_pss and #verify_pss are added. They perform RSA-PSS
signature and verification.
[[GitHub #75]](https://github.com/ruby/openssl/issues/75)
[[GitHub #76]](https://github.com/ruby/openssl/pull/76)
[[GitHub #169]](https://github.com/ruby/openssl/pull/169)
* OpenSSL::SSL::SSLContext#add_certificate is added.
[[GitHub #167]](https://github.com/ruby/openssl/pull/167)
* OpenSSL::PKey::EC::Point#to_octet_string is added.
OpenSSL::PKey::EC::Point.new can now take String as the second argument.
[[GitHub #177]](https://github.com/ruby/openssl/pull/177)
Version 2.0.8
=============
Bug fixes
---------
* OpenSSL::Cipher#pkcs5_keyivgen raises an error when a negative iteration
count is given.
[[GitHub #184]](https://github.com/ruby/openssl/pull/184)
* Fixed build with LibreSSL 2.7.
[[GitHub #192]](https://github.com/ruby/openssl/issues/192)
[[GitHub #193]](https://github.com/ruby/openssl/pull/193)
Version 2.0.7
=============
Bug fixes
---------
* OpenSSL::Cipher#auth_data= could segfault if called against a non-AEAD cipher.
[[Bug #14024]](https://bugs.ruby-lang.org/issues/14024)
* OpenSSL::X509::Certificate#public_key= (and similar methods) could segfault
when an instance of OpenSSL::PKey::PKey with no public key components is
passed.
[[Bug #14087]](https://bugs.ruby-lang.org/issues/14087)
[[GitHub #168]](https://github.com/ruby/openssl/pull/168)
Version 2.0.6
=============
Bug fixes
---------
* The session_remove_cb set to an OpenSSL::SSL::SSLContext is no longer called
during GC.
* A possible deadlock in OpenSSL::SSL::SSLSocket#sysread is fixed.
[[GitHub #139]](https://github.com/ruby/openssl/pull/139)
* OpenSSL::BN#hash could return an unnormalized fixnum value on Windows.
[[Bug #13877]](https://bugs.ruby-lang.org/issues/13877)
* OpenSSL::SSL::SSLSocket#sysread and #sysread_nonblock set the length of the
destination buffer String to 0 on error.
[[GitHub #153]](https://github.com/ruby/openssl/pull/153)
* Possible deadlock is fixed. This happened only when built with older versions
of OpenSSL (before 1.1.0) or LibreSSL.
[[GitHub #155]](https://github.com/ruby/openssl/pull/155)
Version 2.0.5
=============
......@@ -150,7 +256,7 @@ Notable changes
- A new option 'verify_hostname' is added to OpenSSL::SSL::SSLContext. When it
is enabled, and the SNI hostname is also set, the hostname verification on
the server certificate is automatically performed. It is now enabled by
OpenSSL::SSL::Context#set_params.
OpenSSL::SSL::SSLContext#set_params.
[[GH ruby/openssl#60]](https://github.com/ruby/openssl/pull/60)
Removals
......
......@@ -27,7 +27,7 @@ Alternatively, you can install the gem with `bundler`:
# Gemfile
gem 'openssl'
# or specify git master
gem 'openssl', github: 'ruby/openssl'
gem 'openssl', git: 'https://github.com/ruby/openssl'
```
After doing `bundle install`, you should have the gem installed in your bundle.
......
......@@ -20,7 +20,7 @@ RDoc::Task.new do |rdoc|
rdoc.rdoc_files.include("*.md", "lib/**/*.rb", "ext/**/*.c")
end
task :test => :debug
task :test => [:compile, :debug]
task :debug do
ruby "-I./lib -ropenssl -ve'puts OpenSSL::OPENSSL_VERSION, OpenSSL::OPENSSL_LIBRARY_VERSION'"
end
......@@ -58,11 +58,12 @@ namespace :sync do
paths = [
["ext/openssl/", "ext/openssl/"],
["lib/", "ext/openssl/lib/"],
["sample/", "sample/openssl/"],
["test/fixtures/", "test/openssl/fixtures/"],
["test/utils.rb", "test/openssl/"],
["test/ut_eof.rb", "test/openssl/"],
["test/test_*", "test/openssl/"],
["lib/", "ext/openssl/lib/"],
["sample/", "sample/openssl/"],
["History.md", "ext/openssl/"],
]
paths.each do |src, dst|
......@@ -76,3 +77,5 @@ namespace :sync do
puts "Don't forget to update ext/openssl/depend"
end
end
task :default => :test
......@@ -14,12 +14,11 @@ install:
$Env:openssl_dir = "C:\msys64\mingw64"
}
- ruby -v
- openssl version
- rake install_dependencies
build_script:
- rake -rdevkit compile -- --with-openssl-dir=%openssl_dir%
- rake -rdevkit compile -- --with-openssl-dir=%openssl_dir% --enable-debug
test_script:
- rake test
- rake test OSSL_MDEBUG=1
deploy: off
environment:
matrix:
......
......@@ -3,11 +3,10 @@ compile: &defaults
environment:
RUBY_VERSION:
OPENSSL_VERSION:
MDEBUG:
command: rake compile
test:
<<: *defaults
command: rake compile test
command: rake compile test OSSL_MDEBUG=1 -- --enable-debug
debug:
<<: *defaults
command: /bin/bash
......@@ -3,9 +3,6 @@ module OpenSSL
def self.deprecated_warning_flag
unless flag = (@deprecated_warning_flag ||= nil)
if try_compile("", flag = "-Werror=deprecated-declarations")
if /darwin/ =~ RUBY_PLATFORM and with_config("broken-apple-openssl")
flag = "-Wno-deprecated-declarations"
end
$warnflags << " #{flag}"
else
flag = ""
......
......@@ -91,30 +91,19 @@ unless result
unless find_openssl_library
Logging::message "=== Checking for required stuff failed. ===\n"
Logging::message "Makefile wasn't created. Fix the errors above.\n"
exit 1
raise "OpenSSL library could not be found. You might want to use " \
"--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
"is installed."
end
end
result = checking_for("OpenSSL version is 0.9.8 or later") {
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
}
unless result
raise "OpenSSL 0.9.8 or later required."
end
if /darwin/ =~ RUBY_PLATFORM and !OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
unless checking_for("OpenSSL version is 1.0.1 or later") {
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
raise "OpenSSL >= 1.0.1 or LibreSSL is required"
end
Logging::message "=== Checking for OpenSSL features... ===\n"
# compile options
# SSLv2 and SSLv3 may be removed in future versions of OpenSSL, and even macros
# like OPENSSL_NO_SSL2 may not be defined.
have_func("SSLv2_method")
have_func("SSLv3_method")
have_func("TLSv1_1_method")
have_func("TLSv1_2_method")
have_func("RAND_egd")
engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
......@@ -122,30 +111,6 @@ engines.each { |name|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
}
# added in 0.9.8X
have_func("EVP_CIPHER_CTX_new")
have_func("EVP_CIPHER_CTX_free")
OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
# added in 1.0.0
have_func("ASN1_TIME_adj")
have_func("EVP_CIPHER_CTX_copy")
have_func("EVP_PKEY_base_id")
have_func("HMAC_CTX_copy")
have_func("PKCS5_PBKDF2_HMAC")
have_func("X509_NAME_hash_old")
have_func("X509_STORE_CTX_get0_current_crl")
have_func("X509_STORE_set_verify_cb")
have_func("i2d_ASN1_SET_ANY")
have_func("SSL_SESSION_cmp") # removed
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
have_func("EVP_PKEY_get0")
# added in 1.0.1
have_func("SSL_CTX_set_next_proto_select_cb")
have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
# added in 1.0.2
have_func("EC_curve_nist2nid")
have_func("X509_REVOKED_dup")
......@@ -157,8 +122,11 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
have_func("SSL_is_server")
# added in 1.1.0
if !have_struct_member("SSL", "ctx", "openssl/ssl.h") ||
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h")
$defs.push("-DHAVE_OPAQUE_OPENSSL")
end
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
have_func("BN_GENCB_new")
have_func("BN_GENCB_free")
have_func("BN_GENCB_get_arg")
......@@ -189,6 +157,7 @@ OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
have_func("SSL_CTX_get_security_level")
have_func("X509_get0_notBefore")
have_func("SSL_SESSION_get_protocol_version")
have_func("EVP_PBE_scrypt")
Logging::message "=== Checking done. ===\n"
......
......@@ -20,73 +20,6 @@
#include "openssl_missing.h"
/* added in 0.9.8X */
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
EVP_CIPHER_CTX *
ossl_EVP_CIPHER_CTX_new(void)
{
EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
if (!ctx)
return NULL;
EVP_CIPHER_CTX_init(ctx);
return ctx;
}
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
void
ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
{
if (ctx) {
EVP_CIPHER_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
}
#endif
/* added in 1.0.0 */
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
/*
* this function does not exist in OpenSSL yet... or ever?.
* a future version may break this function.
* tested on 0.9.7d.
*/
int
ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
#if !defined(OPENSSL_NO_ENGINE)
if (in->engine) ENGINE_add(out->engine);
if (in->cipher_data) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
}
#endif
return 1;
}
#endif
#if !defined(OPENSSL_NO_HMAC)
#if !defined(HAVE_HMAC_CTX_COPY)
int
ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
if (!out || !in)
return 0;
memcpy(out, in, sizeof(HMAC_CTX));
EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
return 1;
}
#endif /* HAVE_HMAC_CTX_COPY */
#endif /* NO_HMAC */
/* added in 1.0.2 */
#if !defined(OPENSSL_NO_EC)
#if !defined(HAVE_EC_CURVE_NIST2NID)
......
......@@ -12,53 +12,6 @@
#include "ruby/config.h"
/* added in 0.9.8X */
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
EVP_CIPHER_CTX *ossl_EVP_CIPHER_CTX_new(void);
# define EVP_CIPHER_CTX_new ossl_EVP_CIPHER_CTX_new
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
void ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
# define EVP_CIPHER_CTX_free ossl_EVP_CIPHER_CTX_free
#endif
#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS)
# define SSL_CTX_clear_options(ctx, op) ((ctx)->options &= ~(op))
#endif
/* added in 1.0.0 */
#if !defined(HAVE_EVP_PKEY_BASE_ID)
# define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type)
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
int ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *, const EVP_CIPHER_CTX *);
# define EVP_CIPHER_CTX_copy ossl_EVP_CIPHER_CTX_copy
#endif
#if !defined(HAVE_HMAC_CTX_COPY)
int ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
# define HMAC_CTX_copy ossl_HMAC_CTX_copy
#endif
#if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL)
# define X509_STORE_CTX_get0_current_crl(x) ((x)->current_crl)
#endif
#if !defined(HAVE_X509_STORE_SET_VERIFY_CB)
# define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func
#endif
#if !defined(HAVE_I2D_ASN1_SET_ANY)
# define i2d_ASN1_SET_ANY(sk, x) i2d_ASN1_SET_OF_ASN1_TYPE((sk), (x), \
i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0)
#endif
#if !defined(HAVE_EVP_PKEY_GET0)
# define EVP_PKEY_get0(pk) (pk->pkey.ptr)
#endif
/* added in 1.0.2 */
#if !defined(OPENSSL_NO_EC)
#if !defined(HAVE_EC_CURVE_NIST2NID)
......@@ -245,7 +198,7 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
#undef IMPL_KEY_ACCESSOR3
#endif /* HAVE_OPAQUE_OPENSSL */
#if defined(HAVE_AUTHENTICATED_ENCRYPTION) && !defined(EVP_CTRL_AEAD_GET_TAG)
#if !defined(EVP_CTRL_AEAD_GET_TAG)
# define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
# define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
# define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
......@@ -256,6 +209,10 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
# define X509_get0_notAfter(x) X509_get_notAfter(x)
# define X509_CRL_get0_lastUpdate(x) X509_CRL_get_lastUpdate(x)
# define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x)
# define X509_set1_notBefore(x, t) X509_set_notBefore(x, t)
# define X509_set1_notAfter(x, t) X509_set_notAfter(x, t)
# define X509_CRL_set1_lastUpdate(x, t) X509_CRL_set_lastUpdate(x, t)
# define X509_CRL_set1_nextUpdate(x, t) X509_CRL_set_nextUpdate(x, t)
#endif
#if !defined(HAVE_SSL_SESSION_GET_PROTOCOL_VERSION)
......
This diff is collapsed.
......@@ -35,6 +35,11 @@
#if !defined(OPENSSL_NO_OCSP)
# include <openssl/ocsp.h>
#endif
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/dh.h>
/*
* Common Module
......@@ -56,29 +61,29 @@ extern VALUE eOSSLError;
}\
} while (0)
#define OSSL_Check_Instance(obj, klass) do {\
if (!rb_obj_is_instance_of((obj), (klass))) {\
ossl_raise(rb_eTypeError, "wrong argument (%"PRIsVALUE")! (Expected instance of %"PRIsVALUE")",\
rb_obj_class(obj), (klass));\
}\
} while (0)
#define OSSL_Check_Same_Class(obj1, obj2) do {\
if (!rb_obj_is_instance_of((obj1), rb_obj_class(obj2))) {\
ossl_raise(rb_eTypeError, "wrong argument type");\
}\
} while (0)
/*
* Type conversions
*/
#if !defined(NUM2UINT64T) /* in case Ruby starts to provide */
# if SIZEOF_LONG == 8
# define NUM2UINT64T(x) ((uint64_t)NUM2ULONG(x))
# elif defined(HAVE_LONG_LONG) && SIZEOF_LONG_LONG == 8
# define NUM2UINT64T(x) ((uint64_t)NUM2ULL(x))
# else
# error "unknown platform; no 64-bit width integer"
# endif
#endif
/*
* Data Conversion
*/
STACK_OF(X509) *ossl_x509_ary2sk0(VALUE);
STACK_OF(X509) *ossl_x509_ary2sk(VALUE);
STACK_OF(X509) *ossl_protect_x509_ary2sk(VALUE,int*);
VALUE ossl_x509_sk2ary(const STACK_OF(X509) *certs);
VALUE ossl_x509crl_sk2ary(const STACK_OF(X509_CRL) *crl);
VALUE ossl_x509name_sk2ary(const STACK_OF(X509_NAME) *names);
VALUE ossl_buf2str(char *buf, int len);
VALUE ossl_str_new(const char *, long, int *);
#define ossl_str_adjust(str, p) \
do{\
long len = RSTRING_LEN(str);\
......@@ -115,7 +120,6 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
/*
* ERRor messages
*/
#define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error())
NORETURN(void ossl_raise(VALUE, const char *, ...));
/* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
void ossl_clear_error(void);
......@@ -123,7 +127,6 @@ void ossl_clear_error(void);
/*
* String to DER String
*/
extern ID ossl_s_to_der;
VALUE ossl_to_der(VALUE);
VALUE ossl_to_der_if_possible(VALUE);
......@@ -141,20 +144,9 @@ extern VALUE dOSSL;
} \
} while (0)
#define OSSL_Warning(fmt, ...) do { \
OSSL_Debug((fmt), ##__VA_ARGS__); \
rb_warning((fmt), ##__VA_ARGS__); \
} while (0)
#define OSSL_Warn(fmt, ...) do { \
OSSL_Debug((fmt), ##__VA_ARGS__); \
rb_warn((fmt), ##__VA_ARGS__); \
} while (0)
#else
void ossl_debug(const char *, ...);
#define OSSL_Debug ossl_debug
#define OSSL_Warning rb_warning
#define OSSL_Warn rb_warn
#endif
/*
......@@ -173,13 +165,13 @@ void ossl_debug(const char *, ...);
#include "ossl_ocsp.h"
#include "ossl_pkcs12.h"
#include "ossl_pkcs7.h"
#include "ossl_pkcs5.h"
#include "ossl_pkey.h"
#include "ossl_rand.h"
#include "ossl_ssl.h"
#include "ossl_version.h"
#include "ossl_x509.h"
#include "ossl_engine.h"
#include "ossl_kdf.h"
void Init_openssl(void);
......
This diff is collapsed.
......@@ -14,15 +14,11 @@
* ASN1_DATE conversions
*/
VALUE asn1time_to_time(const ASN1_TIME *);
#if defined(HAVE_ASN1_TIME_ADJ)
/* Splits VALUE to seconds and offset days. VALUE is typically a Time or an
* Integer. This is used when updating ASN1_*TIME with ASN1_TIME_adj() or
* X509_time_adj_ex(). We can't use ASN1_TIME_set() and X509_time_adj() because
* they have the Year 2038 issue on sizeof(time_t) == 4 environment */
void ossl_time_split(VALUE, time_t *, int *);
#else
time_t time_to_time_t(VALUE);
#endif
/*
* ASN1_STRING conversions
......
......@@ -26,32 +26,17 @@ ossl_obj2bio(volatile VALUE *pobj)
}
VALUE
ossl_membio2str0(BIO *bio)
ossl_membio2str(BIO *bio)
{
VALUE ret;
int state;
BUF_MEM *buf;
BIO_get_mem_ptr(bio, &buf);
ret = rb_str_new(buf->data, buf->length);
return ret;
}
VALUE
ossl_protect_membio2str(BIO *bio, int *status)
{
return rb_protect((VALUE (*)(VALUE))ossl_membio2str0, (VALUE)bio, status);
}
VALUE
ossl_membio2str(BIO *bio)
{
VALUE ret;
int status = 0;
ret = ossl_protect_membio2str(bio, &status);
ret = ossl_str_new(buf->data, buf->length, &state);
BIO_free(bio);
if(status) rb_jump_tag(status);
if (state)
rb_jump_tag(state);
return ret;
}
......@@ -11,8 +11,6 @@
#define _OSSL_BIO_H_
BIO *ossl_obj2bio(volatile VALUE *);
VALUE ossl_membio2str0(BIO*);
VALUE ossl_membio2str(BIO*);
VALUE ossl_protect_membio2str(BIO*,int*);
#endif
......@@ -26,11 +26,6 @@
} \
} while (0)
#define SafeGetBN(obj, bn) do { \
OSSL_Check_Kind((obj), cBN); \
GetBN((obj), (bn)); \
} while (0)
static void
ossl_bn_free(void *ptr)
{
......@@ -176,8 +171,7 @@ ossl_bn_alloc(VALUE klass)
return obj;
}
/* Document-method: OpenSSL::BN.new
*
/*
* call-seq:
* OpenSSL::BN.new => aBN
* OpenSSL::BN.new(bn) => aBN
......@@ -185,7 +179,7 @@ ossl_bn_alloc(VALUE klass)
* OpenSSL::BN.new(string) => aBN
* OpenSSL::BN.new(string, 0 | 2 | 10 | 16) => aBN
*
* Construct a new OpenSSL BigNum object.
* Construct a new OpenSSL BIGNUM object.
*/
static VALUE
ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
......@@ -250,7 +244,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
* bn.to_s(base) => string
*
* === Parameters
* * +base+ - integer
* * _base_ - Integer
* Valid values:
* * 0 - MPI
* * 2 - binary
......@@ -377,6 +371,21 @@ BIGNUM_BOOL1(is_one)
*/
BIGNUM_BOOL1(is_odd)
/*
* call-seq:
* bn.negative? => true | false
*/
static VALUE
ossl_bn_is_negative(VALUE self)
{
BIGNUM *bn;
GetBN(self, bn);
if (BN_is_zero(bn))
return Qfalse;
return BN_is_negative(bn) ? Qtrue : Qfalse;
}
#define BIGNUM_1c(func) \
static VALUE \
ossl_bn_##func(VALUE self) \
......@@ -498,7 +507,6 @@ BIGNUM_2c(mod_sqr)
BIGNUM_2c(mod_inverse)
/*
* Document-method: OpenSSL::BN#/
* call-seq:
* bn1 / bn2 => [result, remainder]
*
......@@ -614,12 +622,11 @@ BIGNUM_BIT(clear_bit)
*/
BIGNUM_BIT(mask_bits)
/* Document-method: OpenSSL::BN#bit_set?
/*
* call-seq:
* bn.bit_set?(bit) => true | false
*
* Returns boolean of whether +bit+ is set.
* Bitwise operations for openssl BIGNUMs.
* Tests bit _bit_ in _bn_ and returns +true+ if set, +false+ if not set.
*/
static VALUE
ossl_bn_is_bit_set(VALUE self, VALUE bit)
......@@ -774,15 +781,15 @@ BIGNUM_RAND_RANGE(pseudo_rand)
* call-seq:
* BN.generate_prime(bits, [, safe [, add [, rem]]]) => bn
*
* Generates a random prime number of bit length +bits+. If +safe+ is true,
* generates a safe prime. If +add+ is specified, generates a prime that
* Generates a random prime number of bit length _bits_. If _safe_ is set to
* +true+, generates a safe prime. If _add_ is specified, generates a prime that
* fulfills condition <tt>p % add = rem</tt>.
*
* === Parameters
* * +bits+ - integer
* * +safe+ - boolean
* * +add+ - BN
* * +rem+ - BN
* * _bits_ - integer
* * _safe_ - boolean
* * _add_ - BN
* * _rem_ - BN
*/
static VALUE
ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass)
......@@ -856,6 +863,37 @@ ossl_bn_copy(VALUE self, VALUE other)
return self;