openssl: import v2.1.0.beta1

Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5
(imported by r59567) can be found at:

	https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1

----------------------------------------------------------------
Antonio Terceiro (1):
      test/test_ssl: explicitly accept TLS 1.1 in corresponding test

Colby Swandale (1):
      document using secure protocol to fetch git master in Bundler

Colton Jenkins (1):
      Add fips_mode_get to return fips_mode

Kazuki Yamaguchi (85):
      Start preparing for 2.1.0
      Remove support for OpenSSL 0.9.8 and 1.0.0
      bn: refine tests
      bn: implement unary {plus,minus} operators for OpenSSL::BN
      bn: implement OpenSSL::BN#negative?
      Don't define main() when built with --enable-debug
      test: let OpenSSL::TestCase include OpenSSL::TestUtils
      test: prepare test PKey instances on demand
      Add OpenSSL.print_mem_leaks
      Enable OSSL_MDEBUG on CI builds
      ssl: move default DH parameters from OpenSSL::PKey::DH
      Make exceptions with the same format regardless of OpenSSL.debug
      ssl: show reason of 'certificate verify error' in exception message
      ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
      ssl: do not confuse different ex_data index registries
      ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
      Fix RDoc markup
      ssl: suppress compiler warning
      ext/openssl/deprecation.rb: remove broken-apple-openssl
      extconf.rb: print informative message if OpenSSL can't be found
      Rakefile: compile the extension before test
      kdf: introduce OpenSSL::KDF module
      ossl.h: add NUM2UINT64T() macro
      kdf: add scrypt
      Expand rb_define_copy_func() macro
      Expand FPTR_TO_FD() macro
      Remove SafeGet*() macros
      cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()
      digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()
      Add ossl_str_new(), an exception-safe rb_str_new()
      bio: simplify ossl_membio2str() using ossl_str_new()
      Remove unused functions and macros
      Drop support for LibreSSL 2.3
      ocsp: add OpenSSL::OCSP::Request#signed?
      asn1: infinite length -> indefinite length
      asn1: rearrange tests
      ssl: remove a needless NULL check in SSL::SSLContext#ciphers
      ssl: return nil in SSL::SSLSocket#cipher if session is not started
      asn1: remove an unnecessary function prototype
      asn1: require tag information when instantiating generic type
      asn1: initialize 'unused_bits' attribute of BitString with 0
      asn1: check for illegal 'unused_bits' value of BitString
      asn1: disallow NULL to be passed to asn1time_to_time()
      asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
      asn1: allow constructed encoding with definite length form
      asn1: prohibit indefinite length form for primitive encoding
      asn1: allow tag number to be >= 32 for universal tag class
      asn1: use ossl_asn1_tag()
      asn1: clean up OpenSSL::ASN1::Constructive#to_der
      asn1: harmonize OpenSSL::ASN1::*#to_der
      asn1: prevent EOC octets from being in the middle of the content
      asn1: do not treat EOC octets as part of content octets
      x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry
      ssl: do not call session_remove_cb during GC
      Backport "Merge branch 'topic/test-memory-leak'" to maint
      cipher: update the documentation for Cipher#auth_tag=
      Rakefile: let sync:to_ruby know about test/openssl/fixtures
      test: fix formatting
      test/utils: remove OpenSSL::TestUtils.silent
      test/utils: add SSLTestCase#tls12_supported?
      test/utils: have start_server yield only the port number
      test/utils: do not set ecdh_curves in start_server
      test/utils: let server_loop close socket
      test/utils: improve error handling in start_server
      test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
      test/utils: do not use DSA certificates in SSL tests
      test/test_ssl: remove test_invalid_shutdown_by_gc
      test/test_ssl: move test_multibyte_read_write to test_pair
      test/test_ssl_session: rearrange tests
      test/test_pair, test/test_ssl: fix for TLS 1.3
      ssl: remove useless call to rb_thread_wait_fd()
      ssl: fix NPN support
      ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private
      ssl: use 2048-bit group in the default tmp_dh_cb
      ssl: ensure that SSL option flags are non-negative
      ssl: update OpenSSL::SSL::OP_* flags
      ssl: prefer TLS_method() over SSLv23_method()
      ssl: add SSLContext#min_version= and #max_version=
      ssl: rework SSLContext#ssl_version=
      test/test_x509name: change script encoding to ASCII-8BIT
      x509name: refactor OpenSSL::X509::Name#to_s
      x509name: add OpenSSL::X509::Name#to_utf8
      x509name: add OpenSSL::X509::Name#inspect
      x509name: update regexp in OpenSSL::X509::Name.parse
      Ruby/OpenSSL 2.1.0.beta1

Marcus Stollsteimer (1):
      Fix rdoc for core Integer class

nobu (4):
      [DOC] {read,write}_nonblock with exception: false
      [DOC] keyword argument _exception_
      [DOC] mark up literals
      Revert r57690 except for read_nonblock

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 89 insertions, 49 deletions

diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index ac98c1b94c..b2063954d1 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -23,10 +23,6 @@
 	ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \
     } \
 } while (0)
-#define SafeGetX509Name(obj, name) do { \
-    OSSL_Check_Kind((obj), cX509Name); \
-    GetX509Name((obj), (name)); \
-} while (0)
 
 #define OBJECT_TYPE_TEMPLATE \
   rb_const_get(cX509Name, rb_intern("OBJECT_TYPE_TEMPLATE"))
@@ -81,7 +77,7 @@ GetX509NamePtr(VALUE obj)
 {
     X509_NAME *name;
 
-    SafeGetX509Name(obj, name);
+    GetX509Name(obj, name);
 
     return name;
 }
@@ -135,15 +131,15 @@ ossl_x509name_init_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, args))
  *
  * Creates a new Name.
  *
- * A name may be created from a DER encoded string +der+, an Array
- * representing a +distinguished_name+ or a +distinguished_name+ along with a
- * +template+.
+ * A name may be created from a DER encoded string _der_, an Array
+ * representing a _distinguished_name_ or a _distinguished_name_ along with a
+ * _template_.
  *
  *   name = OpenSSL::X509::Name.new [['CN', 'nobody'], ['DC', 'example']]
  *
  *   name = OpenSSL::X509::Name.new name.to_der
  *
- * See add_entry for a description of the +distinguished_name+ Array's
+ * See add_entry for a description of the _distinguished_name_ Array's
  * contents
  */
 static VALUE
@@ -188,7 +184,7 @@ ossl_x509name_initialize_copy(VALUE self, VALUE other)
 
     rb_check_frozen(self);
     GetX509Name(self, name);
-    SafeGetX509Name(other, name_other);
+    GetX509Name(other, name_other);
 
     name_new = X509_NAME_dup(name_other);
     if (!name_new)
@@ -202,9 +198,9 @@ ossl_x509name_initialize_copy(VALUE self, VALUE other)
 
 /*
  * call-seq:
- *    name.add_entry(oid, value [, type]) => self
+ *    name.add_entry(oid, value [, type], loc: -1, set: 0) => self
  *
- * Adds a new entry with the given +oid+ and +value+ to this name.  The +oid+
+ * Adds a new entry with the given _oid_ and _value_ to this name.  The _oid_
  * is an object identifier defined in ASN.1.  Some common OIDs are:
  *
  * C::  Country Name
@@ -213,24 +209,39 @@ ossl_x509name_initialize_copy(VALUE self, VALUE other)
  * O::  Organization Name
  * OU:: Organizational Unit Name
  * ST:: State or Province Name
+ *
+ * The optional keyword parameters _loc_ and _set_ specify where to insert the
+ * new attribute. Refer to the manpage of X509_NAME_add_entry(3) for details.
+ * _loc_ defaults to -1 and _set_ defaults to 0. This appends a single-valued
+ * RDN to the end.
  */
 static
 VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
 {
     X509_NAME *name;
-    VALUE oid, value, type;
+    VALUE oid, value, type, opts, kwargs[2];
+    static ID kwargs_ids[2];
     const char *oid_name;
+    int loc = -1, set = 0;
 
-    rb_scan_args(argc, argv, "21", &oid, &value, &type);
+    if (!kwargs_ids[0]) {
+	kwargs_ids[0] = rb_intern_const("loc");
+	kwargs_ids[1] = rb_intern_const("set");
+    }
+    rb_scan_args(argc, argv, "21:", &oid, &value, &type, &opts);
+    rb_get_kwargs(opts, kwargs_ids, 0, 2, kwargs);
     oid_name = StringValueCStr(oid);
     StringValue(value);
     if(NIL_P(type)) type = rb_aref(OBJECT_TYPE_TEMPLATE, oid);
+    if (kwargs[0] != Qundef)
+	loc = NUM2INT(kwargs[0]);
+    if (kwargs[1] != Qundef)
+	set = NUM2INT(kwargs[1]);
     GetX509Name(self, name);
     if (!X509_NAME_add_entry_by_txt(name, oid_name, NUM2INT(type),
-		(const unsigned char *)RSTRING_PTR(value), RSTRING_LENINT(value), -1, 0)) {
-	ossl_raise(eX509NameError, NULL);
-    }
-
+				    (unsigned char *)RSTRING_PTR(value),
+				    RSTRING_LENINT(value), loc, set))
+	ossl_raise(eX509NameError, "X509_NAME_add_entry_by_txt");
     return self;
 }
 
@@ -249,42 +260,73 @@ ossl_x509name_to_s_old(VALUE self)
     return str;
 }
 
+static VALUE
+x509name_print(VALUE self, unsigned long iflag)
+{
+    X509_NAME *name;
+    BIO *out;
+
+    GetX509Name(self, name);
+    out = BIO_new(BIO_s_mem());
+    if (!out)
+	ossl_raise(eX509NameError, NULL);
+    if (!X509_NAME_print_ex(out, name, 0, iflag)) {
+	BIO_free(out);
+	ossl_raise(eX509NameError, "X509_NAME_print_ex");
+    }
+    return ossl_membio2str(out);
+}
+
 /*
  * call-seq:
- *    name.to_s => string
- *    name.to_s(flags) => string
+ *    name.to_s         -> string
+ *    name.to_s(format) -> string
  *
- * Returns this name as a Distinguished Name string.  +flags+ may be one of:
+ * Returns a String representation of the Distinguished Name. _format_ is
+ * one of:
  *
  * * OpenSSL::X509::Name::COMPAT
  * * OpenSSL::X509::Name::RFC2253
  * * OpenSSL::X509::Name::ONELINE
  * * OpenSSL::X509::Name::MULTILINE
+ *
+ * If _format_ is omitted, the largely broken and traditional OpenSSL format
+ * is used.
  */
 static VALUE
 ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
 {
-    X509_NAME *name;
-    VALUE flag, str;
-    BIO *out;
-    unsigned long iflag;
-
-    rb_scan_args(argc, argv, "01", &flag);
-    if (NIL_P(flag))
+    rb_check_arity(argc, 0, 1);
+    /* name.to_s(nil) was allowed */
+    if (!argc || NIL_P(argv[0]))
 	return ossl_x509name_to_s_old(self);
-    else iflag = NUM2ULONG(flag);
-    if (!(out = BIO_new(BIO_s_mem())))
-	ossl_raise(eX509NameError, NULL);
-    GetX509Name(self, name);
-    if (!X509_NAME_print_ex(out, name, 0, iflag)){
-	BIO_free(out);
-	ossl_raise(eX509NameError, NULL);
-    }
-    str = ossl_membio2str(out);
+    else
+	return x509name_print(self, NUM2ULONG(argv[0]));
+}
 
+/*
+ * call-seq;
+ *    name.to_utf8 -> string
+ *
+ * Returns an UTF-8 representation of the distinguished name, as specified
+ * in {RFC 2253}[https://www.ietf.org/rfc/rfc2253.txt].
+ */
+static VALUE
+ossl_x509name_to_utf8(VALUE self)
+{
+    VALUE str = x509name_print(self, XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB);
+    rb_enc_associate_index(str, rb_utf8_encindex());
     return str;
 }
 
+/* :nodoc: */
+static VALUE
+ossl_x509name_inspect(VALUE self)
+{
+    return rb_enc_sprintf(rb_utf8_encoding(), "#<%"PRIsVALUE" %"PRIsVALUE">",
+			  rb_obj_class(self), ossl_x509name_to_utf8(self));
+}
+
 /*
  * call-seq:
  *    name.to_a => [[name, data, type], ...]
@@ -338,18 +380,18 @@ ossl_x509name_cmp0(VALUE self, VALUE other)
     X509_NAME *name1, *name2;
 
     GetX509Name(self, name1);
-    SafeGetX509Name(other, name2);
+    GetX509Name(other, name2);
 
     return X509_NAME_cmp(name1, name2);
 }
 
 /*
  * call-seq:
- *    name.cmp other => integer
- *    name.<=> other => integer
+ *    name.cmp(other) -> -1 | 0 | 1
+ *    name <=> other  -> -1 | 0 | 1
  *
- * Compares this Name with +other+ and returns 0 if they are the same and -1 or
- * +1 if they are greater or less than each other respectively.
+ * Compares this Name with _other_ and returns +0+ if they are the same and +-1+
+ * or ++1+ if they are greater or less than each other respectively.
  */
 static VALUE
 ossl_x509name_cmp(VALUE self, VALUE other)
@@ -365,9 +407,9 @@ ossl_x509name_cmp(VALUE self, VALUE other)
 
 /*
  * call-seq:
- *   name.eql? other => boolean
+ *   name.eql?(other) -> true | false
  *
- * Returns true if +name+ and +other+ refer to the same hash key.
+ * Returns true if _name_ and _other_ refer to the same hash key.
  */
 static VALUE
 ossl_x509name_eql(VALUE self, VALUE other)
@@ -398,7 +440,6 @@ ossl_x509name_hash(VALUE self)
     return ULONG2NUM(hash);
 }
 
-#ifdef HAVE_X509_NAME_HASH_OLD
 /*
  * call-seq:
  *    name.hash_old => integer
@@ -417,7 +458,6 @@ ossl_x509name_hash_old(VALUE self)
 
     return ULONG2NUM(hash);
 }
-#endif
 
 /*
  * call-seq:
@@ -478,17 +518,17 @@ Init_ossl_x509name(void)
 
     rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
     rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
-    rb_define_copy_func(cX509Name, ossl_x509name_initialize_copy);
+    rb_define_method(cX509Name, "initialize_copy", ossl_x509name_initialize_copy, 1);
     rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
     rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
+    rb_define_method(cX509Name, "to_utf8", ossl_x509name_to_utf8, 0);
+    rb_define_method(cX509Name, "inspect", ossl_x509name_inspect, 0);
     rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
     rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1);
     rb_define_alias(cX509Name, "<=>", "cmp");
     rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1);
     rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0);
-#ifdef HAVE_X509_NAME_HASH_OLD
     rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0);
-#endif
     rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0);
 
     utf8str = INT2NUM(V_ASN1_UTF8STRING);