| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This commit adds support for embedded strings with variable capacity and
uses Variable Width Allocation to allocate strings.
|
|
|
|
|
|
|
| |
* Make Coverage suspendable
Add `Coverage.suspend`, `Coverage.resume` and some methods.
[Feature #18176] [ruby-core:105321]
|
|
|
|
|
|
|
| |
Now that BN.pseudo_rand{,_range} are alias, those macros are only used
once. Let's expand the macros for better readability.
https://github.com/ruby/openssl/commit/7c2fc00dee
|
|
|
|
|
|
|
|
| |
BN_pseudo_rand() and BN_pseudo_rand_range() are deprecated in
OpenSSL 3.0. Since they are identical to their non-'pseudo' version
anyway, let's make them alias.
https://github.com/ruby/openssl/commit/2d34e85ddf
|
|
|
|
|
|
|
| |
OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a
confusing name.
https://github.com/ruby/openssl/commit/d42bd7fcdb
|
|
|
|
|
|
|
|
|
| |
EC_GROUP_clear_free() is deprecated in OpenSSL 3.0.
EC_GROUP does not include any sensitive data, so we can safely use
EC_GROUP_free() instead.
https://github.com/ruby/openssl/commit/e93a5fdffc
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
no-op
It converts the internal representation of the point object to the
affine coordinate system. However, it had no real use case because the
difference in the internal representation has not been visible from
Ruby/OpenSSL at all.
EC_POINT_make_affine() is marked as deprecated in OpenSSL 3.0.
https://github.com/ruby/openssl/commit/e2cc81fef7
|
|
|
|
|
|
|
|
|
|
| |
EVP_MD_CTX_pkey_ctx()
OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the
function name. Adjust compatibility macro so that we can use the new
function name for all OpenSSL 1.0.2-3.0.
https://github.com/ruby/openssl/commit/c106d888c6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
if exists
The function was renamed in OpenSSL 3.0 due to the change of the
lifetime of EVP_MD objects. They are no longer necessarily statically
allocated and can be reference-counted -- when an EVP_MD_CTX is free'd,
the associated EVP_MD can also become inaccessible.
Currently Ruby/OpenSSL only handles builtin algorithms, so no special
handling is needed except for adapting to the rename.
https://github.com/ruby/openssl/commit/0a253027e6
|
|
|
|
|
|
|
| |
In OpenSSL 3.0, BN_is_prime_ex() and BN_is_prime_fasttest_ex() are
deprecated in favor of BN_check_prime().
https://github.com/ruby/openssl/commit/90d51ef510
|
|
|
|
|
|
|
|
|
|
| |
Use SSL_get_rbio() instead of SSL_get_fd(). SSL_get_fd() internally
calls SSL_get_rbio() and it's enough for our purpose.
In OpenSSL 3.0, SSL_get_fd() leaves an entry in the OpenSSL error queue
if BIO has not been set up yet, and we would have to clean it up.
https://github.com/ruby/openssl/commit/e95ee24867
|
|
|
|
|
|
|
| |
SSL_CTX_load_verify_locations() is deprecated in OpenSSL 3.0 and
replaced with those two separate functions. Use them if they exist.
https://github.com/ruby/openssl/commit/5375a55ffc
|
|
|
|
|
|
|
|
|
| |
TS_VERIFY_CTS_set_certs
OpenSSL 3.0 fixed the typo in the function name and replaced the
current 'CTS' version with a macro.
https://github.com/ruby/openssl/commit/2be6779b08
|
|
|
|
|
|
|
| |
OpenSSL 3.0 deprecated ERR_get_error_line_data() in favor of
ERR_get_error_all(), as part of the error queue structure changes.
https://github.com/ruby/openssl/commit/8e98d2ecc8
|
|
|
|
|
|
|
|
|
|
|
|
| |
versions
Add following convenient macros:
- OSSL_IS_LIBRESSL
- OSSL_OPENSSL_PREREQ(maj, min, pat)
- OSSL_LIBRESSL_PREREQ(maj, min, pat)
https://github.com/ruby/openssl/commit/00abee791d
|
|
|
|
| |
https://github.com/flori/json/commit/2db5894cfa
|
|
|
|
| |
https://github.com/flori/json/commit/da94d9f059
|
|
|
|
| |
https://github.com/ruby/psych/commit/a0f55ee85a
|
|
|
|
| |
https://github.com/ruby/psych/commit/86e3049579
|
|
|
|
|
|
|
|
| |
If we use the same version as the default strscan gem in Ruby, "gem
install" doesn't extract .gem. It fails "gem install" because "gem
install" can't find ext/strscan/ to be built.
https://github.com/ruby/strscan/commit/3ceafa6cdc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a file
SSLSocket#connect eventually calls `GetOpenFile` in order to get the
underlying file descriptor for the IO object passed in on
initialization. `GetOpenFile` assumes that the Ruby object passed in is
a T_FILE object and just casts it to a T_FILE without any checks. If
you pass an object that *isn't* a T_FILE to that function, the program
will segv.
Since we assume the IO object is a file in the `connect` method, this
commit adds a `CheckType` in the initialize method to ensure that the IO
object is actually a T_FILE. If the object *isn't* a T_FILE, this class
will segv on `connect`, so I think this is a backwards compatible
change.
https://github.com/ruby/openssl/commit/919fa44ec2
|
| |
|
| |
|
|
|
|
| |
https://github.com/ruby/io-wait/commit/f6a1b10a59
|
|
|
|
| |
https://github.com/ruby/stringio/commit/f7c40aa339
|
|
|
|
| |
https://github.com/ruby/psych/commit/69a713f860
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Tie lifetime of uJIT blocks to iseqs
Blocks weren't being freed when iseqs are collected.
* Add rb_dary. Use it for method dependency table
* Keep track of blocks per iseq
Remove global version_tbl
* Block version bookkeeping fix
* dary -> darray
* free ujit_blocks
* comment about size of ujit_blocks
|
|
|
|
| |
https://github.com/ruby/etc/commit/85ca541d0b
|
|
|
|
| |
https://github.com/ruby/zlib/commit/82e9a636a6
|
|
|
|
|
|
| |
Fix https://github.com/ruby/etc/pull/12
https://github.com/ruby/etc/commit/7cbf03d22d
|
|
|
|
|
|
|
|
|
|
| |
Drop support for Ruby 2.3, 2.4, and 2.5.
As of 2021-10, Ruby 2.6 is the oldest version that still receives
security fixes from the Ruby core team, so it doesn't make much sense
to keep code for those ancient versions.
https://github.com/ruby/openssl/commit/3436bd040d
|
|
|
|
| |
https://github.com/ruby/openssl/commit/baa83a8a57
|
|
|
|
| |
https://github.com/ruby/openssl/commit/65e7207a07
|
|
|
|
| |
https://github.com/ruby/openssl/commit/e8ee01b22c
|
|
|
|
|
|
|
|
|
| |
On the server side, the serialized list of protocols is stored in
SSL_CTX as a String object reference. We utilize a hidden instance
variable to prevent it from being GC'ed, but this is not enough because
it can also be relocated by GC.compact.
https://github.com/ruby/openssl/commit/5eb68ba778
|
|
|
|
|
|
|
|
|
|
|
| |
Store/StoreContext
We store the reverse reference to the Ruby object in the OpenSSL
struct for use from OpenSSL callback functions. To prevent the Ruby
object from being relocated by GC.compact, we must "pin" it by calling
rb_gc_mark().
https://github.com/ruby/openssl/commit/a6ba9f894f
|
|
|
|
|
|
|
|
|
|
|
| |
SSLContext/SSLSocket objects
We store the reverse reference to the Ruby object in the OpenSSL
struct for use from OpenSSL callback functions. To prevent the Ruby
object from being relocated by GC.compact, we must "pin" it by calling
rb_gc_mark().
https://github.com/ruby/openssl/commit/022b7ceada
|
|
|
|
|
|
|
|
|
|
| |
The digest library is a default gem now, too. Therefore we can't simply
use rb_require() to load it, but we should use Kernel#require instead.
This change is based on the suggestion by David Rodríguez in
https://github.com/ruby/digest/commit/16172612d56ac42f57e5788465791329303ac5d0#commitcomment-57778397
https://github.com/ruby/openssl/commit/157f80794b
|
|
|
|
|
|
| |
prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.
https://github.com/ruby/openssl/commit/b29e215786
|
|
|
|
|
|
| |
TS_time_cb on libressl expects an long long/time_t 64 bits long instead.
https://github.com/ruby/openssl/commit/4c99f577b2
|
|
|
|
|
|
|
|
|
|
|
| |
Similarly to SSLSocket#syswrite, the blocking SSLSocket#sysread allows
context switches. We must prevent other threads from modifying the
string buffer.
We can use rb_str_locktmp() and rb_str_unlocktmp() to temporarily
prohibit modification of the string.
https://github.com/ruby/openssl/commit/d38274949f
|
|
|
|
|
|
|
|
|
|
| |
Since a blocking SSLSocket#syswrite call allows context switches while
waiting for the underlying socket to be ready, we must freeze the string
buffer to prevent other threads from modifying it.
Reference: https://github.com/ruby/openssl/issues/452
https://github.com/ruby/openssl/commit/aea874bc6e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a wrapper of SSL_set0_tmp_dh_pkey()/SSL_CTX_set_tmp_dh(), which
sets the DH parameters used for ephemeral DH key exchange.
SSLContext#tmp_dh_callback= already exists for this purpose, as a
wrapper around SSL_CTX_set_tmp_dh_callback(), but it is considered
obsolete and the OpenSSL API is deprecated for future removal. There is
no practical use case where an application needs to use different DH
parameters nowadays. This was originally introduced to support export
grade ciphers.
RDoc for #tmp_dh_callback= is updated to recommend the new #tmp_dh=.
Note that current versions of OpenSSL support automatic ECDHE curve
selection which is enabled by default. SSLContext#tmp_dh= should only be
necessary if you must allow ancient clients which don't support ECDHE.
https://github.com/ruby/openssl/commit/aa43da4f04
|
|
|
|
|
|
|
| |
Commit ee037e146037 ("ssl: remove SSL::SSLContext#tmp_ecdh_callback",
2020-08-12) forgot to remove the method.
https://github.com/ruby/openssl/commit/bef9ea84e4
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See also: https://github.com/ruby/csv/issues/117#issuecomment-933289373
How to reproduce with x.csv.gz in the issue comment:
Zlib::GzipReader.open("x.csv.gz") do |rio|
rio.gets(nil, 1024)
while line = rio.gets(nil, 8192)
raise line unless line.valid_encoding?
end
end
Reported by Dimitrij Denissenko. Thanks!!!
https://github.com/ruby/zlib/commit/b1f182e98f
|
| |
|
|
|
|
| |
https://github.com/ruby/date/commit/e0a4cbc8f6
|
|
|
|
| |
https://github.com/ruby/pathname/commit/e6b3b3ed25
|
|
|
|
| |
https://github.com/ruby/nkf/commit/9aa7c6b841
|
|
|
|
| |
https://github.com/ruby/etc/commit/c989bacc4c
|