summaryrefslogtreecommitdiff
path: root/ext/openssl
Commit message (Collapse)AuthorAgeFilesLines
* [ruby/openssl] Register global variables before assignmentNobuyoshi Nakada2023-04-071-2/+2
| | | | https://github.com/ruby/openssl/commit/98099d3796
* Update the depend filesMatt Valentine-House2023-02-281-32/+0
|
* Remove intern/gc.h from Make depsMatt Valentine-House2023-02-271-32/+0
|
* [ruby/openssl] Stub gemspec for JRubyCharles Oliver Nutter2023-02-211-3/+9
| | | | | | | | | | | | | JRuby has its own implementation of the `openssl` library in jruby-openssl. The simplest way for us to allow users to set openssl as a gem dependency is to ship a stub gem that just depends on jruby-openssl. This patch adds that to the gemspec. Additional work may be required to fit this stub gem into the test and release process. See #20 for more details. https://github.com/ruby/openssl/commit/74ccaa5e18
* Extract include/ruby/internal/attr/packed_struct.hNobuyoshi Nakada2023-02-081-0/+32
| | | | | | | | | Split `PACKED_STRUCT` and `PACKED_STRUCT_UNALIGNED` macros into the macros bellow: * `RBIMPL_ATTR_PACKED_STRUCT_BEGIN` * `RBIMPL_ATTR_PACKED_STRUCT_END` * `RBIMPL_ATTR_PACKED_STRUCT_UNALIGNED_BEGIN` * `RBIMPL_ATTR_PACKED_STRUCT_UNALIGNED_END`
* [ruby/openssl] [DOC] Remove repeated example from DigestMau Magnaguagno2023-01-311-5/+1
| | | | https://github.com/ruby/openssl/commit/5a36cc3cb2
* Apply the accidental commits again before Ruby 3.2.Hiroshi SHIBATA2022-12-261-1/+1
| | | | | | | | Reverts the following commits: eb8d4d7b5145849325985c00b810b8d75661d86e edb83dc3a2c374e880e8eb488152872152790e92 d40064d1846b5835dff81e3f168c0c3a6c85e814
* Revert the additional change from openssl-3.1.0Hiroshi SHIBATA2022-12-231-1/+1
| | | | | | Revert "[ruby/openssl] pkey/ec: constify" This reverts commit d2cd903c85f38f42c6aefc6d97a1558f74d8d9db.
* [ruby/openssl] pkey/ec: constifyNobuyoshi Nakada2022-12-231-1/+1
| | | | https://github.com/ruby/openssl/commit/6fb3499a7b
* [ruby/openssl] Ruby/OpenSSL 3.1.0Kazuki Yamaguchi2022-12-233-2/+38
| | | | https://github.com/ruby/openssl/commit/c2f7d775c6
* [ruby/openssl] Ruby/OpenSSL 3.0.2Kazuki Yamaguchi2022-12-231-0/+14
| | | | https://github.com/ruby/openssl/commit/48b79333e0
* [ruby/openssl] Ruby/OpenSSL 2.2.3Kazuki Yamaguchi2022-12-231-0/+15
| | | | https://github.com/ruby/openssl/commit/04acccd692
* [ruby/openssl] pkey/ec: check private key validity with OpenSSL 3Joe Truba2022-12-231-5/+17
| | | | | | | | | | | | The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1 and 3.0 so that it no longer validates the private key. Instead, private keys can be validated through EVP_PKEY_private_check and EVP_PKEY_pairwise_check. [ky: simplified condition to use either EVP_PKEY_check() or EVP_PKEY_public_check().] https://github.com/ruby/openssl/commit/e38a63ab3d
* [ruby/openssl] Undefine `OpenSSL::SSL` for no socket platformsYuta Saito2022-12-233-5/+12
| | | | | | | | | | | | | | | | | This fixes a linkage error about `ossl_ssl_type` on platforms which do not have socket, like WASI. Even before this patch, some items are disabled under `OPENSSL_NO_SOCK` since https://github.com/ruby/ruby/commit/ee22fad45d394818690c4a7586d7bb576ba67c56 However, due to some new use of OpenSSL::SSL::Socket over the past few years, the build under `OPENSSL_NO_SOCK` had been broken. This patch guards whole `OpenSSL::SSL` items by `OPENSSL_NO_SOCK`. [ky: adjusted to apply on top of my previous commit that removed the OpenSSL::ExtConfig, and added a guard to lib/openssl/ssl.rb.] https://github.com/ruby/openssl/commit/b0cfac6a96
* [ruby/openssl] ssl: remove OpenSSL::ExtConfigKazuki Yamaguchi2022-12-231-15/+0
| | | | | | | | | | | This module was introduced in 2015 for internal use within this library. Neither of the two constants in it is used anymore. I don't think we will be adding a new constant in the foreseeable future, either. OPENSSL_NO_SOCK is unused since commit https://github.com/ruby/openssl/commit/998d66712a78 (r55191). HAVE_TLSEXT_HOST_NAME is unused since commit https://github.com/ruby/openssl/commit/4eb4b3297a92. https://github.com/ruby/openssl/commit/eed3894bda
* [ruby/openssl] ssl: disable NPN support on LibreSSLKazuki Yamaguchi2022-12-231-5/+9
| | | | | | | | | | | | | | As noted in commit https://github.com/ruby/openssl/commit/a2ed156cc9f1 ("test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly on LibreSSL. Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is defined or not. NPN is less relevant today anyway. Let's also silence test suite when it's not available. https://github.com/ruby/openssl/commit/289f6e0e1f
* [ruby/openssl] ssl: update TLS1_3_VERSION workaround for older LibreSSL versionsKazuki Yamaguchi2022-12-231-2/+1
| | | | | | | The macro is now defined by default in LibreSSL 3.4+. Let's document it for future readers. https://github.com/ruby/openssl/commit/935698e9f9
* [ruby/openssl] Suppress deprecation warnings by OpenSSL 3Nobuyoshi Nakada2022-12-231-0/+1
| | | | https://github.com/ruby/openssl/commit/91657a7924
* [ruby/openssl] Constify when building with OpenSSL 3Nobuyoshi Nakada2022-12-237-28/+34
| | | | https://github.com/ruby/openssl/commit/c0023822fe
* [ruby/openssl] Check for functions with argumentsNobuyoshi Nakada2022-12-231-44/+44
| | | | https://github.com/ruby/openssl/commit/b67aaf925d
* [ruby/openssl] pkey/ec: fix ossl_raise() calls using cEC_POINT instead of ↵Joe Truba2022-12-231-5/+5
| | | | | | eEC_POINT https://github.com/ruby/openssl/commit/b2e9f5e132
* [ruby/openssl] raise when EC_POINT_cmp or EC_GROUP_cmp error instead of ↵Joe Truba2022-12-231-7/+11
| | | | | | returning true https://github.com/ruby/openssl/commit/e1e8f3cebe
* [ruby/openssl] [DOC] Remove duplicate docNobuyoshi Nakada2022-12-131-6/+3
| | | | | | | RDoc does not consider preprocessor conditionals, but equally uses both documents of `#if` and `#else` sides. https://github.com/ruby/openssl/commit/ea0a112a0c
* We should apply https://github.com/ruby/openssl/pull/576 instead of them:Hiroshi SHIBATA2022-12-131-7/+0
| | | | | https://github.com/ruby/ruby/commit/6d8f396f37350b7aa9c85a097929f54a0939448b https://github.com/ruby/ruby/commit/c8b3bd45cc3cae93ae701333202416838ee6a00c
* [ruby/openssl] Fixes OPENSSL_LIBRARY_VERSION description onHenrique Bontempo2022-12-131-3/+6
| | | | | | documentation (https://github.com/ruby/openssl/pull/559) Adds back missing constant description on the documentation.
* [ruby/openssl] Enable HKDF support for LibreSSL 3.6 and laterTheo Buehler2022-12-131-3/+3
| | | | | | LibreSSL 3.6 added support for HKDF in EVP. Enable this in ossl_kdf.c. https://github.com/ruby/openssl/commit/9bdd39a7e2
* [ruby/openssl] Allow empty string to OpenSSL::Cipher#updateYusuke Nakamura2022-12-131-2/+1
| | | | | | | | For some reasons, plaintext may be empty string. ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8 https://github.com/ruby/openssl/commit/953592a29e
* [ruby/openssl] Use EVP_Digest{Sign,Verify} when availableTheo Buehler2022-12-131-2/+2
| | | | | | | | LibreSSL 3.4 added EVP_DigestSign() and EVP_DigestVerify(). Use them when available to prepare for the addition of Ed25519 support in LibreSSL 3.7. https://github.com/ruby/openssl/commit/475b2bf766
* [ruby/openssl] add document-method for BN#mod_inverseBen Toews2022-10-171-0/+1
| | | | https://github.com/ruby/openssl/commit/5befde7519
* [ruby/openssl] add BN#mod_sqrtBen Toews2022-10-171-0/+8
| | | | https://github.com/ruby/openssl/commit/4619ab3e76
* [ruby/openssl] define BIGNUM_2cr macro for BN function that takes context andBen Toews2022-10-171-12/+15
| | | | | | returns a BN https://github.com/ruby/openssl/commit/4d0971c51c
* [ruby/openssl] Call out insecure PKCS #1 v1.5 default padding for RSABart de Water2022-10-171-4/+8
| | | | https://github.com/ruby/openssl/commit/fd5eaa6dfc
* [ruby/openssl] Use default `IO#timeout` if possible.Samuel Williams2022-10-171-4/+5
| | | | https://github.com/ruby/openssl/commit/471340f612
* [ruby/openssl] Add support to SSL_CTX_set_keylog_callbackChristophe De La Fuente2022-10-171-1/+85
| | | | | | | | | | | | | | | - This callback is invoked when TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes. - It is invoked with an `SSLSocket` and a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output. - This commit adds the Ruby binding `keylog_cb` and the related tests - It is only compatible with OpenSSL >= 1.1.1. Even if LibreSSL implements `SSL_CTX_set_keylog_callback()` from v3.4.2, it does nothing (see https://github.com/libressl-portable/openbsd/commit/648d39f0f035835d0653342d139883b9661e9cb6) https://github.com/ruby/openssl/commit/3b63232cf1
* [ruby/openssl] ssl: fix "warning: ‘ctx’ may be used uninitialized"Kazuki Yamaguchi2022-10-171-1/+1
| | | | | | | | | The code was introduced by https://github.com/ruby/openssl/commit/65530b887e54 ("ssl: enable generating keying material from SSL sessions", 2022-08-03). This is harmless, but we should avoid it. https://github.com/ruby/openssl/commit/f5b82e814b
* [ruby/openssl] bump version number to 3.1.0.preKazuki Yamaguchi2022-10-172-2/+2
| | | | https://github.com/ruby/openssl/commit/fceb978a5d
* [ruby/openssl] Ruby/OpenSSL 3.0.1Kazuki Yamaguchi2022-10-173-2/+26
| | | | https://github.com/ruby/openssl/commit/e5bbd015dc
* [ruby/openssl] Ruby/OpenSSL 2.2.2Kazuki Yamaguchi2022-10-171-0/+6
| | | | https://github.com/ruby/openssl/commit/de8a644bc4
* [ruby/openssl] Ruby/OpenSSL 2.1.4Kazuki Yamaguchi2022-10-171-0/+10
| | | | https://github.com/ruby/openssl/commit/5316241e61
* [ruby/openssl] pkey/ec: check existence of public key component before exportingKazuki Yamaguchi2022-10-171-0/+4
| | | | | | | | | | | | | i2d_PUBKEY_bio() against an EC_KEY without the public key component trggers a null dereference. This is a regression introduced by commit https://github.com/ruby/openssl/commit/56f0d34d63fb ("pkey: refactor #export/#to_pem and #to_der", 2017-06-14). Fixes https://github.com/ruby/openssl/pull/527#issuecomment-1220504524 Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1221554057 https://github.com/ruby/openssl/commit/f6ee0fa4de
* [ruby/openssl] pkey: restore support for decoding "openssl ecparam -genkey" ↵Kazuki Yamaguchi2022-10-171-0/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | output Scan through the input for a private key, then fallback to generic decoder. OpenSSL 3.0's OSSL_DECODER supports encoded key parameters. The PEM header "-----BEGIN EC PARAMETERS-----" is used by one of such encoding formats. While this is useful for OpenSSL::PKey::PKey, an edge case has been discovered. The openssl CLI command line "openssl ecparam -genkey" prints two PEM blocks in a row, one for EC parameters and another for the private key. Feeding the whole output into OSSL_DECODER results in only the first PEM block, the key parameters, being decoded. Previously, ruby/openssl did not support decoding key parameters and it would decode the private key PEM block instead. While the new behavior is technically correct, "openssl ecparam -genkey" is so widely used that ruby/openssl does not want to break existing applications. Fixes https://github.com/ruby/openssl/pull/535 https://github.com/ruby/openssl/commit/d486c82833
* [ruby/openssl] pkey: clear error queue before each OSSL_DECODER_from_bio() callKazuki Yamaguchi2022-10-171-4/+7
| | | | | | Fix potential error queue leak. https://github.com/ruby/openssl/commit/3992b6f208
* [ruby/openssl] pkey/dsa: let PKey::DSA.generate choose appropriate q sizeKazuki Yamaguchi2022-10-171-0/+8
| | | | | | | | | | | | | DSA parameters generation via EVP_PKEY_paramgen() will not automatically adjust the size of q value but uses 224 bits by default unless specified explicitly. This behavior is different from the now-deprecated DSA_generate_parameters_ex(), which PKey::DSA.generate used to call. Fixes https://github.com/ruby/openssl/issues/483 Fixes: https://github.com/ruby/openssl/commit/1800a8d5ebaf ("pkey/dsa: use high level EVP interface to generate parameters and keys", 2020-05-17) https://github.com/ruby/openssl/commit/0105975a0b
* [ruby/openssl] hmac: use EVP_PKEY_new_raw_private_key() if availableKazuki Yamaguchi2022-10-172-0/+9
| | | | | | | | | | | | | | | | Current OpenSSL 3.0.x release has a regression with zero-length MAC keys. While this issue should be fixed in a future release of OpenSSL, we can use EVP_PKEY_new_raw_private_key() in place of the problematic EVP_PKEY_new_mac_key() to avoid the issue. OpenSSL 3.0's man page recommends using it regardless: > EVP_PKEY_new_mac_key() works in the same way as > EVP_PKEY_new_raw_private_key(). New applications should use > EVP_PKEY_new_raw_private_key() instead. Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1224912710 https://github.com/ruby/openssl/commit/4293f18b1f
* [ruby/openssl] x509*: fix error queue leak in #extensions= and #attributes= ↵Kazuki Yamaguchi2022-10-174-12/+12
| | | | | | | | | | methods X509at_delete_attr() in OpenSSL master puts an error queue entry if there is no attribute left to delete. We must either clear the error queue, or try not to call it when the list is already empty. https://github.com/ruby/openssl/commit/a0c878481f
* [ruby/openssl] ssl: enable generating keying material from SSL sessionsmadblobfish2022-10-171-0/+44
| | | | | | Add OpenSSL::SSL::SSLSocket#export_keying_material to support RFC 5705 https://github.com/ruby/openssl/commit/65530b887e
* [ruby/openssl] Check if the option is an Hash in `pkey_ctx_apply_options0()`Nobuhiro IMAI2022-10-171-0/+1
| | | | | | causes SEGV if it is an Array or something like that. https://github.com/ruby/openssl/commit/ef23525210
* [ruby/openssl] Pass arguments to check macro presenceAlan Wu2022-10-171-1/+1
| | | | | | | | | X509_STORE_get_ex_new_index() is a macro, so passing just its name to have_func() doesn't detect it. Pass an example call instead. https://github.com/ruby/openssl/commit/8d264d3e60 Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
* [ruby/openssl] Check for OpenSSL functions in headersAlan Wu2022-10-171-46/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While building with a custom build of OpenSSL, I noticed in mkmf.log that all the feature detection checks are done using a program lacking an OpenSSL header include. `mkmf` retries using a fallback program when this fails, but that means all the `have_func` calls compile twice when compiling once should suffice. Example log without this commit: have_func: checking for X509_STORE_CTX_get0_cert()... -------------------- yes DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ... conftest.c:14:57: error: use of undeclared identifier 'X509_STORE_CTX_get0_cert' int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; } ^ 1 error generated. checked program was: /* begin */ 1: #include "ruby.h" 2: 3: /*top*/ 4: extern int t(void); 5: int main(int argc, char **argv) 6: { 7: if (argc > 1000000) { 8: int (* volatile tp)(void)=(int (*)(void))&t; 9: printf("%d", (*tp)()); 10: } 11: 12: return !!argv[argc]; 13: } 14: int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; } /* end */ DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ... checked program was: /* begin */ 1: #include "ruby.h" 2: 3: /*top*/ 4: extern int t(void); 5: int main(int argc, char **argv) 6: { 7: if (argc > 1000000) { 8: int (* volatile tp)(void)=(int (*)(void))&t; 9: printf("%d", (*tp)()); 10: } 11: 12: return !!argv[argc]; 13: } 14: extern void X509_STORE_CTX_get0_cert(); 15: int t(void) { X509_STORE_CTX_get0_cert(); return 0; } /* end */ The second compilation succeeds. Specify the header for each checked function. https://github.com/ruby/openssl/commit/34ae7d92d0
* openssl: use the old rb_ary_tmp_new() aliasKazuki Yamaguchi2022-10-171-1/+1
| | | | | | openssl has to support older versions of Ruby. Undo the change in ext/openssl/ossl_pkey_ec.c by commit efb91ff19b73 ("Rename rb_ary_tmp_new to rb_ary_hidden_new", 2022-07-25).
View Lorry Controller Status