openssl 2.0.8 → 2.0.9

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of openssl might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: aaf3892e604545c94e4a743227ba410a95bc8d42914648f8f6573526ee7f8782
4
- data.tar.gz: aded4f0191146eb59089b5c30741f659a35fa7d00e1d2d32e12ab7eba4f745a6
3
+ metadata.gz: 91fe9d652320bafb549ff509a248703fb6344805a6054a646f48377bab07a57b
4
+ data.tar.gz: c581caac26a9edb277a214e14d470fbba9e94b0b553835aae5d7114488c1f94e
5
5
  SHA512:
6
- metadata.gz: a9343f73db2ec7389646be22d1de4f58e8ecf190848112b278e8451b65b3e2aed446e050b29cbda7fb523da6a35087c5bead7452282ad4decf195247d2492964
7
- data.tar.gz: 0612bc4a0687c28b008125191fd29726376ca91570bfd2ebb4b950197a3930d0f5d7368cfaa12b31962a2ce89604eacfdfd15646e48b3a1da429197ca2f8d2e3
6
+ metadata.gz: 7a63763e084612b0ebff8c17285046de11b8b21d80b20b7118e1b6245d17eb6226906d57cbae7187fa080d12236083c5f7fbaa4b45f2ef98305176cc09f485a5
7
+ data.tar.gz: 986d486b248c941099272e984b62b221178bf0ebb4566e24b83d97c8168b364aa9da3c27d73ed6b9c6eb606764a2c0d82a93adb3b156072a03b39b638e5fe890
data/History.md CHANGED
@@ -1,3 +1,26 @@
1
+ Version 2.0.9
2
+ =============
3
+
4
+ Security fixes
5
+ --------------
6
+
7
+ * OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
8
+ objects. CVE-2018-16395 is assigned for this issue.
9
+ https://hackerone.com/reports/387250
10
+
11
+ Bug fixes
12
+ ---------
13
+
14
+ * Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
15
+ interrupted.
16
+ [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
17
+ [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
18
+ * Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
19
+ called against an empty instance.
20
+ [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
21
+ [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
22
+
23
+
1
24
  Version 2.0.8
2
25
  =============
3
26
 
@@ -33,6 +33,9 @@ end
33
33
  Logging::message "=== Checking for system dependent stuff... ===\n"
34
34
  have_library("nsl", "t_open")
35
35
  have_library("socket", "socket")
36
+ if $mswin || $mingw
37
+ have_library("ws2_32")
38
+ end
36
39
 
37
40
  Logging::message "=== Checking for required stuff... ===\n"
38
41
  result = pkg_config("openssl") && have_header("openssl/ssl.h")
@@ -122,6 +125,10 @@ engines.each { |name|
122
125
  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
123
126
  }
124
127
 
128
+ if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
129
+ $defs.push("-DNOCRYPT")
130
+ end
131
+
125
132
  # added in 0.9.8X
126
133
  have_func("EVP_CIPHER_CTX_new")
127
134
  have_func("EVP_CIPHER_CTX_free")
@@ -196,7 +196,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
196
196
  static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
197
197
  return pkey->pkey._name; }
198
198
  #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
199
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
199
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
200
200
  if (a1) *a1 = obj->a1; \
201
201
  if (a2) *a2 = obj->a2; } \
202
202
  static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@@ -205,7 +205,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
205
205
  BN_clear_free(obj->a2); obj->a2 = a2; \
206
206
  return 1; }
207
207
  #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
208
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
208
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
209
209
  if (a1) *a1 = obj->a1; \
210
210
  if (a2) *a2 = obj->a2; \
211
211
  if (a3) *a3 = obj->a3; } \
data/ext/openssl/ossl.c CHANGED
@@ -1078,6 +1078,7 @@ static void Init_ossl_locks(void)
1078
1078
  void
1079
1079
  Init_openssl(void)
1080
1080
  {
1081
+ #undef rb_intern
1081
1082
  /*
1082
1083
  * Init timezone info
1083
1084
  */
@@ -1412,6 +1412,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
1412
1412
  void
1413
1413
  Init_ossl_asn1(void)
1414
1414
  {
1415
+ #undef rb_intern
1415
1416
  VALUE ary;
1416
1417
  int i;
1417
1418
 
@@ -237,6 +237,7 @@ ossl_pkcs12_to_der(VALUE self)
237
237
  void
238
238
  Init_ossl_pkcs12(void)
239
239
  {
240
+ #undef rb_intern
240
241
  #if 0
241
242
  mOSSL = rb_define_module("OpenSSL");
242
243
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -1054,6 +1054,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
1054
1054
  void
1055
1055
  Init_ossl_pkcs7(void)
1056
1056
  {
1057
+ #undef rb_intern
1057
1058
  #if 0
1058
1059
  mOSSL = rb_define_module("OpenSSL");
1059
1060
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -20,6 +20,21 @@ static ID id_private_q;
20
20
  /*
21
21
  * callback for generating keys
22
22
  */
23
+ static VALUE
24
+ call_check_ints0(VALUE arg)
25
+ {
26
+ rb_thread_check_ints();
27
+ return Qnil;
28
+ }
29
+
30
+ static void *
31
+ call_check_ints(void *arg)
32
+ {
33
+ int state;
34
+ rb_protect(call_check_ints0, Qnil, &state);
35
+ return (void *)(VALUE)state;
36
+ }
37
+
23
38
  int
24
39
  ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
25
40
  {
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
38
53
  */
39
54
  rb_protect(rb_yield, ary, &state);
40
55
  if (state) {
41
- arg->stop = 1;
42
56
  arg->state = state;
57
+ return 0;
58
+ }
59
+ }
60
+ if (arg->interrupted) {
61
+ arg->interrupted = 0;
62
+ state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
63
+ if (state) {
64
+ arg->state = state;
65
+ return 0;
43
66
  }
44
67
  }
45
- if (arg->stop) return 0;
46
68
  return 1;
47
69
  }
48
70
 
@@ -50,7 +72,7 @@ void
50
72
  ossl_generate_cb_stop(void *ptr)
51
73
  {
52
74
  struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
53
- arg->stop = 1;
75
+ arg->interrupted = 1;
54
76
  }
55
77
 
56
78
  static void
@@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
389
411
  void
390
412
  Init_ossl_pkey(void)
391
413
  {
414
+ #undef rb_intern
392
415
  #if 0
393
416
  mOSSL = rb_define_module("OpenSSL");
394
417
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -41,7 +41,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
41
41
 
42
42
  struct ossl_generate_cb_arg {
43
43
  int yield;
44
- int stop;
44
+ int interrupted;
45
45
  int state;
46
46
  };
47
47
  int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
@@ -1676,6 +1676,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
1676
1676
 
1677
1677
  void Init_ossl_ec(void)
1678
1678
  {
1679
+ #undef rb_intern
1679
1680
  #if 0
1680
1681
  mPKey = rb_define_module_under(mOSSL, "PKey");
1681
1682
  cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
@@ -10,6 +10,6 @@
10
10
  #if !defined(_OSSL_VERSION_H_)
11
11
  #define _OSSL_VERSION_H_
12
12
 
13
- #define OSSL_VERSION "2.0.8"
13
+ #define OSSL_VERSION "2.0.9"
14
14
 
15
15
  #endif /* _OSSL_VERSION_H_ */
@@ -441,6 +441,7 @@ ossl_x509ext_to_der(VALUE obj)
441
441
  void
442
442
  Init_ossl_x509ext(void)
443
443
  {
444
+ #undef rb_intern
444
445
  #if 0
445
446
  mOSSL = rb_define_module("OpenSSL");
446
447
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -239,14 +239,31 @@ ossl_x509name_to_s_old(VALUE self)
239
239
  {
240
240
  X509_NAME *name;
241
241
  char *buf;
242
- VALUE str;
243
242
 
244
243
  GetX509Name(self, name);
245
244
  buf = X509_NAME_oneline(name, NULL, 0);
246
- str = rb_str_new2(buf);
247
- OPENSSL_free(buf);
245
+ if (!buf)
246
+ ossl_raise(eX509NameError, "X509_NAME_oneline");
247
+ return ossl_buf2str(buf, rb_long2int(strlen(buf)));
248
+ }
248
249
 
249
- return str;
250
+ static VALUE
251
+ x509name_print(VALUE self, unsigned long iflag)
252
+ {
253
+ X509_NAME *name;
254
+ BIO *out;
255
+ int ret;
256
+
257
+ GetX509Name(self, name);
258
+ out = BIO_new(BIO_s_mem());
259
+ if (!out)
260
+ ossl_raise(eX509NameError, NULL);
261
+ ret = X509_NAME_print_ex(out, name, 0, iflag);
262
+ if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
263
+ BIO_free(out);
264
+ ossl_raise(eX509NameError, "X509_NAME_print_ex");
265
+ }
266
+ return ossl_membio2str(out);
250
267
  }
251
268
 
252
269
  /*
@@ -264,25 +281,12 @@ ossl_x509name_to_s_old(VALUE self)
264
281
  static VALUE
265
282
  ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
266
283
  {
267
- X509_NAME *name;
268
- VALUE flag, str;
269
- BIO *out;
270
- unsigned long iflag;
271
-
272
- rb_scan_args(argc, argv, "01", &flag);
273
- if (NIL_P(flag))
284
+ rb_check_arity(argc, 0, 1);
285
+ /* name.to_s(nil) was allowed */
286
+ if (!argc || NIL_P(argv[0]))
274
287
  return ossl_x509name_to_s_old(self);
275
- else iflag = NUM2ULONG(flag);
276
- if (!(out = BIO_new(BIO_s_mem())))
277
- ossl_raise(eX509NameError, NULL);
278
- GetX509Name(self, name);
279
- if (!X509_NAME_print_ex(out, name, 0, iflag)){
280
- BIO_free(out);
281
- ossl_raise(eX509NameError, NULL);
282
- }
283
- str = ossl_membio2str(out);
284
-
285
- return str;
288
+ else
289
+ return x509name_print(self, NUM2ULONG(argv[0]));
286
290
  }
287
291
 
288
292
  /*
@@ -358,7 +362,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
358
362
 
359
363
  result = ossl_x509name_cmp0(self, other);
360
364
  if (result < 0) return INT2FIX(-1);
361
- if (result > 1) return INT2FIX(1);
365
+ if (result > 0) return INT2FIX(1);
362
366
 
363
367
  return INT2FIX(0);
364
368
  }
@@ -462,6 +466,7 @@ ossl_x509name_to_der(VALUE self)
462
466
  void
463
467
  Init_ossl_x509name(void)
464
468
  {
469
+ #undef rb_intern
465
470
  VALUE utf8str, ptrstr, ia5str, hash;
466
471
 
467
472
  #if 0
@@ -800,6 +800,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
800
800
  void
801
801
  Init_ossl_x509store(void)
802
802
  {
803
+ #undef rb_intern
803
804
  #if 0
804
805
  mOSSL = rb_define_module("OpenSSL");
805
806
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.8
4
+ version: 2.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2018-05-12 00:00:00.000000000 Z
14
+ date: 2018-10-18 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rake