This adds CMS support to the Ruby layer.

The CMS_ContentInfo object can be used.
Access to the CMS_SignedInfo structure exists, but it can not be created or freed,
as it is just a pointer into CMS_ContentInfo stack.
feat: added NOINTERN and NO_SIGNER_CERT_VERIFY flags
feat: look for CMS_sign, and set HAVE_CMS_SIGN if present, enabling CMS support

Author: mcr

ext/openssl/extconf.rb

@@ -143,6 +143,9 @@ def find_openssl_library
 # added in 1.1.0, currently not in LibreSSL
 have_func("EVP_PBE_scrypt(\"\", 0, (unsigned char *)\"\", 0, 0, 0, 0, 0, NULL, 0)", evp_h)
 
+# look for CMS code, normally included, but some variations compile it out
+have_func("CMS_sign", ssl_h)
+
 # added in OpenSSL 1.1.1 and LibreSSL 3.5.0, then removed in LibreSSL 4.0.0
 have_func("EVP_PKEY_check(NULL)", evp_h)
 

ext/openssl/ossl.c

@@ -1044,6 +1044,9 @@ Init_openssl(void)
     Init_ossl_ocsp();
     Init_ossl_pkcs12();
     Init_ossl_pkcs7();
+#if defined(HAVE_CMS_SIGN)
+    Init_ossl_cms();
+#endif
     Init_ossl_pkey();
     Init_ossl_provider();
     Init_ossl_rand();

ext/openssl/ossl.h

@@ -31,6 +31,8 @@
 #include <openssl/ssl.h>
 #include <openssl/pkcs12.h>
 #include <openssl/pkcs7.h>
+#include <openssl/cms.h>
+#include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include <openssl/conf.h>
 #ifndef OPENSSL_NO_TS
@@ -193,6 +195,7 @@ extern VALUE dOSSL;
 #include "ossl_ocsp.h"
 #include "ossl_pkcs12.h"
 #include "ossl_pkcs7.h"
+#include "ossl_cms.h"
 #include "ossl_pkey.h"
 #include "ossl_provider.h"
 #include "ossl_rand.h"