openssl 2.0.4 → 2.0.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of openssl might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7038b25fd54bd0c3d69ac67508d48f28e755abda
4
- data.tar.gz: 93d386d03cf4ef0639cf0278d2e048dd0ed7b5dc
3
+ metadata.gz: 5a6ee994e4089dd195689cf471c593fa31787cdb
4
+ data.tar.gz: 7eeb660f5b68abf40b755d65c8c6d3e1033d98c3
5
5
  SHA512:
6
- metadata.gz: c1898849090209058a85e5fe2478dec5eb286dfadbd183d53197eb3fa856bb21a1232fafc2b66250676b552aaa43775f7eec5fa26634c559ebe888a2ea97f38b
7
- data.tar.gz: 5ee71162da1ff99aed88c3aab1acbed70c6e6686cd8c163f908eb743cbc31c33283cb4577aa9945207d8cc950963f1497e038b443b6d69ce248d150036505eb1
6
+ metadata.gz: a3369fcdbdb7799641c6ff5f2d4fa5ae8613ebb74c0791ba6e1a6fd0bab1d075f30bb27006b63335d3ab793ef90ffd9db15ba6595e7f26d38784cfd5b36e452e
7
+ data.tar.gz: 42fc88ebab1692afa7bb178589aba6177c562841a2159cc404582fbf1ab31d4c6508aac014db44eb1a27b7d5e2e259eb202b7519ece33f2c1a068068028993d0
data/History.md CHANGED
@@ -1,3 +1,16 @@
1
+ Version 2.0.5
2
+ =============
3
+
4
+ Bug fixes
5
+ ---------
6
+
7
+ * Reading a PEM/DER-encoded private key or certificate from an IO object did
8
+ not work properly on mswin platforms.
9
+ [[ruby/openssl#128]](https://github.com/ruby/openssl/issues/128)
10
+ * Broken length check in the PEM passphrase callback is fixed.
11
+ * It failed to compile when OpenSSL is configured without TLS 1.0 support.
12
+
13
+
1
14
  Version 2.0.4
2
15
  =============
3
16
 
@@ -109,14 +109,10 @@ end
109
109
  Logging::message "=== Checking for OpenSSL features... ===\n"
110
110
  # compile options
111
111
 
112
- # check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
113
- # exist even if compiled with no-ssl2 or no-ssl3-method.
114
- unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
115
- have_func("SSLv2_method")
116
- end
117
- unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
118
- have_func("SSLv3_method")
119
- end
112
+ # SSLv2 and SSLv3 may be removed in future versions of OpenSSL, and even macros
113
+ # like OPENSSL_NO_SSL2 may not be defined.
114
+ have_func("SSLv2_method")
115
+ have_func("SSLv3_method")
120
116
  have_func("TLSv1_1_method")
121
117
  have_func("TLSv1_2_method")
122
118
  have_func("RAND_egd")
@@ -129,13 +129,6 @@ ossl_bin2hex(unsigned char *in, char *out, size_t inlen)
129
129
  /*
130
130
  * our default PEM callback
131
131
  */
132
-
133
- /*
134
- * OpenSSL requires passwords for PEM-encoded files to be at least four
135
- * characters long. See crypto/pem/pem_lib.c (as of 1.0.2h)
136
- */
137
- #define OSSL_MIN_PWD_LEN 4
138
-
139
132
  VALUE
140
133
  ossl_pem_passwd_value(VALUE pass)
141
134
  {
@@ -144,8 +137,6 @@ ossl_pem_passwd_value(VALUE pass)
144
137
 
145
138
  StringValue(pass);
146
139
 
147
- if (RSTRING_LEN(pass) < OSSL_MIN_PWD_LEN)
148
- ossl_raise(eOSSLError, "password must be at least %d bytes", OSSL_MIN_PWD_LEN);
149
140
  /* PEM_BUFSIZE is currently used as the second argument of pem_password_cb,
150
141
  * that is +max_len+ of ossl_pem_passwd_cb() */
151
142
  if (RSTRING_LEN(pass) > PEM_BUFSIZE)
@@ -157,11 +148,10 @@ ossl_pem_passwd_value(VALUE pass)
157
148
  static VALUE
158
149
  ossl_pem_passwd_cb0(VALUE flag)
159
150
  {
160
- VALUE pass;
161
-
162
- pass = rb_yield(flag);
163
- SafeStringValue(pass);
164
-
151
+ VALUE pass = rb_yield(flag);
152
+ if (NIL_P(pass))
153
+ return Qnil;
154
+ StringValue(pass);
165
155
  return pass;
166
156
  }
167
157
 
@@ -178,7 +168,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
178
168
  * bytes silently if the input is over 1024 bytes */
179
169
  if (RB_TYPE_P(pass, T_STRING)) {
180
170
  len = RSTRING_LEN(pass);
181
- if (len >= OSSL_MIN_PWD_LEN && len <= max_len) {
171
+ if (len <= max_len) {
182
172
  memcpy(buf, RSTRING_PTR(pass), len);
183
173
  return (int)len;
184
174
  }
@@ -204,11 +194,9 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
204
194
  rb_set_errinfo(Qnil);
205
195
  return -1;
206
196
  }
197
+ if (NIL_P(pass))
198
+ return -1;
207
199
  len = RSTRING_LEN(pass);
208
- if (len < OSSL_MIN_PWD_LEN) {
209
- rb_warning("password must be at least %d bytes", OSSL_MIN_PWD_LEN);
210
- continue;
211
- }
212
200
  if (len > max_len) {
213
201
  rb_warning("password must not be longer than %d bytes", max_len);
214
202
  continue;
@@ -10,48 +10,21 @@
10
10
  #include "ossl.h"
11
11
 
12
12
  BIO *
13
- ossl_obj2bio(VALUE obj)
13
+ ossl_obj2bio(volatile VALUE *pobj)
14
14
  {
15
+ VALUE obj = *pobj;
15
16
  BIO *bio;
16
17
 
17
- if (RB_TYPE_P(obj, T_FILE)) {
18
- rb_io_t *fptr;
19
- FILE *fp;
20
- int fd;
21
-
22
- GetOpenFile(obj, fptr);
23
- rb_io_check_readable(fptr);
24
- if ((fd = rb_cloexec_dup(FPTR_TO_FD(fptr))) < 0){
25
- rb_sys_fail(0);
26
- }
27
- rb_update_max_fd(fd);
28
- if (!(fp = fdopen(fd, "r"))){
29
- int e = errno;
30
- close(fd);
31
- rb_syserr_fail(e, 0);
32
- }
33
- if (!(bio = BIO_new_fp(fp, BIO_CLOSE))){
34
- fclose(fp);
35
- ossl_raise(eOSSLError, NULL);
36
- }
37
- }
38
- else {
39
- StringValue(obj);
40
- bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj));
41
- if (!bio) ossl_raise(eOSSLError, NULL);
42
- }
43
-
18
+ if (RB_TYPE_P(obj, T_FILE))
19
+ obj = rb_funcallv(obj, rb_intern("read"), 0, NULL);
20
+ StringValue(obj);
21
+ bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj));
22
+ if (!bio)
23
+ ossl_raise(eOSSLError, "BIO_new_mem_buf");
24
+ *pobj = obj;
44
25
  return bio;
45
26
  }
46
27
 
47
- BIO *
48
- ossl_protect_obj2bio(VALUE obj, int *status)
49
- {
50
- BIO *ret = NULL;
51
- ret = (BIO*)rb_protect((VALUE (*)(VALUE))ossl_obj2bio, obj, status);
52
- return ret;
53
- }
54
-
55
28
  VALUE
56
29
  ossl_membio2str0(BIO *bio)
57
30
  {
@@ -10,8 +10,7 @@
10
10
  #if !defined(_OSSL_BIO_H_)
11
11
  #define _OSSL_BIO_H_
12
12
 
13
- BIO *ossl_obj2bio(VALUE);
14
- BIO *ossl_protect_obj2bio(VALUE,int*);
13
+ BIO *ossl_obj2bio(volatile VALUE *);
15
14
  VALUE ossl_membio2str0(BIO*);
16
15
  VALUE ossl_membio2str(BIO*);
17
16
  VALUE ossl_protect_membio2str(BIO*,int*);
@@ -41,7 +41,7 @@ DupConfigPtr(VALUE obj)
41
41
 
42
42
  OSSL_Check_Kind(obj, cConfig);
43
43
  str = rb_funcall(obj, rb_intern("to_s"), 0);
44
- bio = ossl_obj2bio(str);
44
+ bio = ossl_obj2bio(&str);
45
45
  conf = NCONF_new(NULL);
46
46
  if(!conf){
47
47
  BIO_free(bio);
@@ -178,7 +178,7 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
178
178
 
179
179
  if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) return self;
180
180
  passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass);
181
- in = ossl_obj2bio(arg);
181
+ in = ossl_obj2bio(&arg);
182
182
  d2i_PKCS12_bio(in, &pkcs);
183
183
  DATA_PTR(self) = pkcs;
184
184
  BIO_free(in);
@@ -209,7 +209,7 @@ ossl_pkcs7_s_read_smime(VALUE klass, VALUE arg)
209
209
  VALUE ret, data;
210
210
 
211
211
  ret = NewPKCS7(cPKCS7);
212
- in = ossl_obj2bio(arg);
212
+ in = ossl_obj2bio(&arg);
213
213
  out = NULL;
214
214
  pkcs7 = SMIME_read_PKCS7(in, &out);
215
215
  BIO_free(in);
@@ -241,7 +241,7 @@ ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass)
241
241
  SafeGetPKCS7(pkcs7, p7);
242
242
  if(!NIL_P(data) && PKCS7_is_detached(p7))
243
243
  flg |= PKCS7_DETACHED;
244
- in = NIL_P(data) ? NULL : ossl_obj2bio(data);
244
+ in = NIL_P(data) ? NULL : ossl_obj2bio(&data);
245
245
  if(!(out = BIO_new(BIO_s_mem()))){
246
246
  BIO_free(in);
247
247
  ossl_raise(ePKCS7Error, NULL);
@@ -278,7 +278,7 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
278
278
  pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
279
279
  flg = NIL_P(flags) ? 0 : NUM2INT(flags);
280
280
  ret = NewPKCS7(cPKCS7);
281
- in = ossl_obj2bio(data);
281
+ in = ossl_obj2bio(&data);
282
282
  if(NIL_P(certs)) x509s = NULL;
283
283
  else{
284
284
  x509s = ossl_protect_x509_ary2sk(certs, &status);
@@ -334,7 +334,7 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
334
334
  else ciph = GetCipherPtr(cipher); /* NO NEED TO DUP */
335
335
  flg = NIL_P(flags) ? 0 : NUM2INT(flags);
336
336
  ret = NewPKCS7(cPKCS7);
337
- in = ossl_obj2bio(data);
337
+ in = ossl_obj2bio(&data);
338
338
  x509s = ossl_protect_x509_ary2sk(certs, &status);
339
339
  if(status){
340
340
  BIO_free(in);
@@ -385,7 +385,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
385
385
  if(rb_scan_args(argc, argv, "01", &arg) == 0)
386
386
  return self;
387
387
  arg = ossl_to_der_if_possible(arg);
388
- in = ossl_obj2bio(arg);
388
+ in = ossl_obj2bio(&arg);
389
389
  p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL);
390
390
  if (!p7) {
391
391
  OSSL_BIO_reset(in);
@@ -777,7 +777,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
777
777
  x509st = GetX509StorePtr(store);
778
778
  flg = NIL_P(flags) ? 0 : NUM2INT(flags);
779
779
  if(NIL_P(indata)) indata = ossl_pkcs7_get_data(self);
780
- in = NIL_P(indata) ? NULL : ossl_obj2bio(indata);
780
+ in = NIL_P(indata) ? NULL : ossl_obj2bio(&indata);
781
781
  if(NIL_P(certs)) x509s = NULL;
782
782
  else{
783
783
  x509s = ossl_protect_x509_ary2sk(certs, &status);
@@ -844,7 +844,7 @@ ossl_pkcs7_add_data(VALUE self, VALUE data)
844
844
  if(!PKCS7_content_new(pkcs7, NID_pkcs7_data))
845
845
  ossl_raise(ePKCS7Error, NULL);
846
846
  }
847
- in = ossl_obj2bio(data);
847
+ in = ossl_obj2bio(&data);
848
848
  if(!(out = PKCS7_dataInit(pkcs7, NULL))) goto err;
849
849
  for(;;){
850
850
  if((len = BIO_read(in, buf, sizeof(buf))) <= 0)
@@ -144,7 +144,7 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
144
144
  rb_scan_args(argc, argv, "11", &data, &pass);
145
145
  pass = ossl_pem_passwd_value(pass);
146
146
 
147
- bio = ossl_obj2bio(data);
147
+ bio = ossl_obj2bio(&data);
148
148
  if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) {
149
149
  OSSL_BIO_reset(bio);
150
150
  if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, (void *)pass))) {
@@ -222,7 +222,7 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
222
222
  }
223
223
  else {
224
224
  arg = ossl_to_der_if_possible(arg);
225
- in = ossl_obj2bio(arg);
225
+ in = ossl_obj2bio(&arg);
226
226
  dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
227
227
  if (!dh){
228
228
  OSSL_BIO_reset(in);
@@ -229,7 +229,7 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
229
229
  else {
230
230
  pass = ossl_pem_passwd_value(pass);
231
231
  arg = ossl_to_der_if_possible(arg);
232
- in = ossl_obj2bio(arg);
232
+ in = ossl_obj2bio(&arg);
233
233
  dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
234
234
  if (!dsa) {
235
235
  OSSL_BIO_reset(in);
@@ -217,7 +217,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
217
217
  BIO *in;
218
218
 
219
219
  pass = ossl_pem_passwd_value(pass);
220
- in = ossl_obj2bio(arg);
220
+ in = ossl_obj2bio(&arg);
221
221
 
222
222
  ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
223
223
  if (!ec) {
@@ -775,7 +775,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
775
775
  if ((group = EC_GROUP_dup(arg1_group)) == NULL)
776
776
  ossl_raise(eEC_GROUP, "EC_GROUP_dup");
777
777
  } else {
778
- BIO *in = ossl_obj2bio(arg1);
778
+ BIO *in = ossl_obj2bio(&arg1);
779
779
 
780
780
  group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
781
781
  if (!group) {
@@ -1381,7 +1381,7 @@ static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self)
1381
1381
 
1382
1382
  point = EC_POINT_bn2point(group, bn, NULL, ossl_bn_ctx);
1383
1383
  } else {
1384
- BIO *in = ossl_obj2bio(arg1);
1384
+ BIO *in = ossl_obj2bio(&arg1);
1385
1385
 
1386
1386
  /* BUG: finish me */
1387
1387
 
@@ -236,7 +236,7 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
236
236
  else {
237
237
  pass = ossl_pem_passwd_value(pass);
238
238
  arg = ossl_to_der_if_possible(arg);
239
- in = ossl_obj2bio(arg);
239
+ in = ossl_obj2bio(&arg);
240
240
  rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
241
241
  if (!rsa) {
242
242
  OSSL_BIO_reset(in);
@@ -65,17 +65,19 @@ static const struct {
65
65
  { #name"_server", (SSL_METHOD *(*)(void))name##_server_method, version }, \
66
66
  { #name"_client", (SSL_METHOD *(*)(void))name##_client_method, version }
67
67
  #endif
68
- #if defined(HAVE_SSLV2_METHOD)
68
+ #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL2_METHOD) && defined(HAVE_SSLV2_METHOD)
69
69
  OSSL_SSL_METHOD_ENTRY(SSLv2, SSL2_VERSION),
70
70
  #endif
71
- #if defined(HAVE_SSLV3_METHOD)
71
+ #if !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL3_METHOD) && defined(HAVE_SSLV3_METHOD)
72
72
  OSSL_SSL_METHOD_ENTRY(SSLv3, SSL3_VERSION),
73
73
  #endif
74
+ #if !defined(OPENSSL_NO_TLS1) && !defined(OPENSSL_NO_TLS1_METHOD)
74
75
  OSSL_SSL_METHOD_ENTRY(TLSv1, TLS1_VERSION),
75
- #if defined(HAVE_TLSV1_1_METHOD)
76
+ #endif
77
+ #if !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1_METHOD) && defined(HAVE_TLSV1_1_METHOD)
76
78
  OSSL_SSL_METHOD_ENTRY(TLSv1_1, TLS1_1_VERSION),
77
79
  #endif
78
- #if defined(HAVE_TLSV1_2_METHOD)
80
+ #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2_METHOD) && defined(HAVE_TLSV1_2_METHOD)
79
81
  OSSL_SSL_METHOD_ENTRY(TLSv1_2, TLS1_2_VERSION),
80
82
  #endif
81
83
  OSSL_SSL_METHOD_ENTRY(SSLv23, 0),
@@ -49,7 +49,7 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
49
49
  if ((ctx = SSL_get1_session(ssl)) == NULL)
50
50
  ossl_raise(eSSLSession, "no session available");
51
51
  } else {
52
- BIO *in = ossl_obj2bio(arg1);
52
+ BIO *in = ossl_obj2bio(&arg1);
53
53
 
54
54
  ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
55
55
 
@@ -10,6 +10,6 @@
10
10
  #if !defined(_OSSL_VERSION_H_)
11
11
  #define _OSSL_VERSION_H_
12
12
 
13
- #define OSSL_VERSION "2.0.4"
13
+ #define OSSL_VERSION "2.0.5"
14
14
 
15
15
  #endif /* _OSSL_VERSION_H_ */
@@ -161,7 +161,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
161
161
  return self;
162
162
  }
163
163
  arg = ossl_to_der_if_possible(arg);
164
- in = ossl_obj2bio(arg);
164
+ in = ossl_obj2bio(&arg);
165
165
  x509 = PEM_read_bio_X509(in, &x, NULL, NULL);
166
166
  DATA_PTR(self) = x;
167
167
  if (!x509) {
@@ -115,7 +115,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
115
115
  return self;
116
116
  }
117
117
  arg = ossl_to_der_if_possible(arg);
118
- in = ossl_obj2bio(arg);
118
+ in = ossl_obj2bio(&arg);
119
119
  crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
120
120
  DATA_PTR(self) = x;
121
121
  if (!crl) {
@@ -123,7 +123,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self)
123
123
  return self;
124
124
  }
125
125
  arg = ossl_to_der_if_possible(arg);
126
- in = ossl_obj2bio(arg);
126
+ in = ossl_obj2bio(&arg);
127
127
  req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL);
128
128
  DATA_PTR(self) = x;
129
129
  if (!req) {
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.4
4
+ version: 2.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2017-06-14 00:00:00.000000000 Z
14
+ date: 2017-08-08 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rake
@@ -77,8 +77,8 @@ extensions:
77
77
  - ext/openssl/extconf.rb
78
78
  extra_rdoc_files:
79
79
  - CONTRIBUTING.md
80
- - README.md
81
80
  - History.md
81
+ - README.md
82
82
  files:
83
83
  - BSDL
84
84
  - CONTRIBUTING.md
@@ -152,7 +152,8 @@ files:
152
152
  homepage: https://www.ruby-lang.org/
153
153
  licenses:
154
154
  - Ruby
155
- metadata: {}
155
+ metadata:
156
+ msys2_mingw_dependencies: openssl
156
157
  post_install_message:
157
158
  rdoc_options:
158
159
  - "--main"