openssl 2.1.0.beta2 → 2.1.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of openssl might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4dea8ca704a58adc4312acd244662598b72371fb69228c123b0adf64fdca4e42
4
- data.tar.gz: e45d8324405378f31a70fc2b56d580279b4fd765531d8569955eb0b4de06d604
3
+ metadata.gz: 0aff67f2204b80c3025d586532781b964e53dbc5e09007ea2d565af06a058ef9
4
+ data.tar.gz: 2893f6b8e1a1d331ec37834e283aaab4ed67b4700a45937abe4820d01ef3b7ca
5
5
  SHA512:
6
- metadata.gz: b42ba538068f938ae0f5301e202ca7aabc0cfbb78d8f66b06898dc248afd96e84944a8578159aed34f4a90d7d3e0f92cca4afd65ca311034ff48ec26e01c993a
7
- data.tar.gz: 2ca3439c2e39e598716df0bfc657b60a024abedc0a937f6120760008ae159363cb3d03d067ce15eba7745b8462cf9b2cf2d43b5a6a2b000a87e06ba176fb894f
6
+ metadata.gz: f96194c09bd09d7a344b4580689c0fb1da891954c3dedfaaf1c15aa0178b67df0c07a8cb7c18279a3567f66011ab5a848173dd2967e627f5a26ce27a6d524c13
7
+ data.tar.gz: 270a163d72b3d3e63233f148ee1d642d8cef55f30475d405130654a595f072c71a692c1f164f44a4bfadda29d944c2d5fc1ff17811aff8dad1bb7e19299a4803
data/History.md CHANGED
@@ -1,5 +1,5 @@
1
- Version 2.1.0.beta2
2
- ===================
1
+ Version 2.1.0
2
+ =============
3
3
 
4
4
  Notable changes
5
5
  ---------------
@@ -50,6 +50,24 @@ Notable changes
50
50
  [[GitHub #169]](https://github.com/ruby/openssl/pull/169)
51
51
  * OpenSSL::SSL::SSLContext#add_certificate is added.
52
52
  [[GitHub #167]](https://github.com/ruby/openssl/pull/167)
53
+ * OpenSSL::PKey::EC::Point#to_octet_string is added.
54
+ OpenSSL::PKey::EC::Point.new can now take String as the second argument.
55
+ [[GitHub #177]](https://github.com/ruby/openssl/pull/177)
56
+
57
+
58
+ Version 2.0.7
59
+ =============
60
+
61
+ Bug fixes
62
+ ---------
63
+
64
+ * OpenSSL::Cipher#auth_data= could segfault if called against a non-AEAD cipher.
65
+ [[Bug #14024]](https://bugs.ruby-lang.org/issues/14024)
66
+ * OpenSSL::X509::Certificate#public_key= (and similar methods) could segfault
67
+ when an instance of OpenSSL::PKey::PKey with no public key components is
68
+ passed.
69
+ [[Bug #14087]](https://bugs.ruby-lang.org/issues/14087)
70
+ [[GitHub #168]](https://github.com/ruby/openssl/pull/168)
53
71
 
54
72
 
55
73
  Version 2.0.6
@@ -1665,12 +1665,12 @@ Init_ossl_asn1(void)
1665
1665
  * == Primitive sub-classes and their mapping to Ruby classes
1666
1666
  * * OpenSSL::ASN1::EndOfContent <=> _value_ is always +nil+
1667
1667
  * * OpenSSL::ASN1::Boolean <=> _value_ is +true+ or +false+
1668
- * * OpenSSL::ASN1::Integer <=> _value_ is an Integer
1668
+ * * OpenSSL::ASN1::Integer <=> _value_ is an OpenSSL::BN
1669
1669
  * * OpenSSL::ASN1::BitString <=> _value_ is a String
1670
1670
  * * OpenSSL::ASN1::OctetString <=> _value_ is a String
1671
1671
  * * OpenSSL::ASN1::Null <=> _value_ is always +nil+
1672
1672
  * * OpenSSL::ASN1::Object <=> _value_ is a String
1673
- * * OpenSSL::ASN1::Enumerated <=> _value_ is an Integer
1673
+ * * OpenSSL::ASN1::Enumerated <=> _value_ is an OpenSSL::BN
1674
1674
  * * OpenSSL::ASN1::UTF8String <=> _value_ is a String
1675
1675
  * * OpenSSL::ASN1::NumericString <=> _value_ is a String
1676
1676
  * * OpenSSL::ASN1::PrintableString <=> _value_ is a String
@@ -1319,76 +1319,61 @@ ec_point_new(const EC_POINT *point, const EC_GROUP *group)
1319
1319
  return obj;
1320
1320
  }
1321
1321
 
1322
+ static VALUE ossl_ec_point_initialize_copy(VALUE, VALUE);
1322
1323
  /*
1323
1324
  * call-seq:
1324
1325
  * OpenSSL::PKey::EC::Point.new(point)
1325
- * OpenSSL::PKey::EC::Point.new(group)
1326
- * OpenSSL::PKey::EC::Point.new(group, bn)
1326
+ * OpenSSL::PKey::EC::Point.new(group [, encoded_point])
1327
1327
  *
1328
- * See the OpenSSL documentation for EC_POINT_*
1328
+ * Creates a new instance of OpenSSL::PKey::EC::Point. If the only argument is
1329
+ * an instance of EC::Point, a copy is returned. Otherwise, creates a point
1330
+ * that belongs to _group_.
1331
+ *
1332
+ * _encoded_point_ is the octet string representation of the point. This
1333
+ * must be either a String or an OpenSSL::BN.
1329
1334
  */
1330
1335
  static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self)
1331
1336
  {
1332
1337
  EC_POINT *point;
1333
- VALUE arg1, arg2;
1334
- VALUE group_v = Qnil;
1335
- const EC_GROUP *group = NULL;
1338
+ VALUE group_v, arg2;
1339
+ const EC_GROUP *group;
1336
1340
 
1337
1341
  TypedData_Get_Struct(self, EC_POINT, &ossl_ec_point_type, point);
1338
1342
  if (point)
1339
- ossl_raise(eEC_POINT, "EC_POINT already initialized");
1340
-
1341
- switch (rb_scan_args(argc, argv, "11", &arg1, &arg2)) {
1342
- case 1:
1343
- if (rb_obj_is_kind_of(arg1, cEC_POINT)) {
1344
- const EC_POINT *arg_point;
1345
-
1346
- group_v = rb_attr_get(arg1, id_i_group);
1347
- GetECGroup(group_v, group);
1348
- GetECPoint(arg1, arg_point);
1349
-
1350
- point = EC_POINT_dup(arg_point, group);
1351
- } else if (rb_obj_is_kind_of(arg1, cEC_GROUP)) {
1352
- group_v = arg1;
1353
- GetECGroup(group_v, group);
1354
-
1355
- point = EC_POINT_new(group);
1356
- } else {
1357
- ossl_raise(eEC_POINT, "wrong argument type: must be OpenSSL::PKey::EC::Point or OpenSSL::Pkey::EC::Group");
1358
- }
1343
+ rb_raise(eEC_POINT, "EC_POINT already initialized");
1359
1344
 
1360
- break;
1361
- case 2:
1362
- if (!rb_obj_is_kind_of(arg1, cEC_GROUP))
1363
- ossl_raise(rb_eArgError, "1st argument must be OpenSSL::PKey::EC::Group");
1364
- group_v = arg1;
1365
- GetECGroup(group_v, group);
1366
-
1367
- if (rb_obj_is_kind_of(arg2, cBN)) {
1368
- const BIGNUM *bn = GetBNPtr(arg2);
1369
-
1370
- point = EC_POINT_bn2point(group, bn, NULL, ossl_bn_ctx);
1371
- } else {
1372
- BIO *in = ossl_obj2bio(&arg1);
1373
-
1374
- /* BUG: finish me */
1375
-
1376
- BIO_free(in);
1377
-
1378
- if (point == NULL) {
1379
- ossl_raise(eEC_POINT, "unknown type for 2nd arg");
1380
- }
1381
- }
1382
- break;
1383
- default:
1384
- ossl_raise(rb_eArgError, "wrong number of arguments");
1345
+ rb_scan_args(argc, argv, "11", &group_v, &arg2);
1346
+ if (rb_obj_is_kind_of(group_v, cEC_POINT)) {
1347
+ if (argc != 1)
1348
+ rb_raise(rb_eArgError, "invalid second argument");
1349
+ return ossl_ec_point_initialize_copy(self, group_v);
1385
1350
  }
1386
1351
 
1387
- if (point == NULL)
1388
- ossl_raise(eEC_POINT, NULL);
1389
-
1390
- if (NIL_P(group_v))
1391
- ossl_raise(rb_eRuntimeError, "missing group (internal error)");
1352
+ GetECGroup(group_v, group);
1353
+ if (argc == 1) {
1354
+ point = EC_POINT_new(group);
1355
+ if (!point)
1356
+ ossl_raise(eEC_POINT, "EC_POINT_new");
1357
+ }
1358
+ else {
1359
+ if (rb_obj_is_kind_of(arg2, cBN)) {
1360
+ point = EC_POINT_bn2point(group, GetBNPtr(arg2), NULL, ossl_bn_ctx);
1361
+ if (!point)
1362
+ ossl_raise(eEC_POINT, "EC_POINT_bn2point");
1363
+ }
1364
+ else {
1365
+ StringValue(arg2);
1366
+ point = EC_POINT_new(group);
1367
+ if (!point)
1368
+ ossl_raise(eEC_POINT, "EC_POINT_new");
1369
+ if (!EC_POINT_oct2point(group, point,
1370
+ (unsigned char *)RSTRING_PTR(arg2),
1371
+ RSTRING_LEN(arg2), ossl_bn_ctx)) {
1372
+ EC_POINT_free(point);
1373
+ ossl_raise(eEC_POINT, "EC_POINT_oct2point");
1374
+ }
1375
+ }
1376
+ }
1392
1377
 
1393
1378
  RTYPEDDATA_DATA(self) = point;
1394
1379
  rb_ivar_set(self, id_i_group, group_v);
@@ -1543,38 +1528,38 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
1543
1528
 
1544
1529
  /*
1545
1530
  * call-seq:
1546
- * point.to_bn(conversion_form = nil) => OpenSSL::BN
1531
+ * point.to_octet_string(conversion_form) -> String
1547
1532
  *
1548
- * Convert the EC point into an octet string and store in an OpenSSL::BN. If
1549
- * _conversion_form_ is given, the point data is converted using the specified
1550
- * form. If not given, the default form set in the EC::Group object is used.
1533
+ * Returns the octet string representation of the elliptic curve point.
1551
1534
  *
1552
- * See also EC::Point#point_conversion_form=.
1535
+ * _conversion_form_ specifies how the point is converted. Possible values are:
1536
+ *
1537
+ * - +:compressed+
1538
+ * - +:uncompressed+
1539
+ * - +:hybrid+
1553
1540
  */
1554
1541
  static VALUE
1555
- ossl_ec_point_to_bn(int argc, VALUE *argv, VALUE self)
1542
+ ossl_ec_point_to_octet_string(VALUE self, VALUE conversion_form)
1556
1543
  {
1557
1544
  EC_POINT *point;
1558
- VALUE form_obj, bn_obj;
1559
1545
  const EC_GROUP *group;
1560
1546
  point_conversion_form_t form;
1561
- BIGNUM *bn;
1547
+ VALUE str;
1548
+ size_t len;
1562
1549
 
1563
1550
  GetECPoint(self, point);
1564
1551
  GetECPointGroup(self, group);
1565
- rb_scan_args(argc, argv, "01", &form_obj);
1566
- if (NIL_P(form_obj))
1567
- form = EC_GROUP_get_point_conversion_form(group);
1568
- else
1569
- form = parse_point_conversion_form_symbol(form_obj);
1570
-
1571
- bn_obj = rb_obj_alloc(cBN);
1572
- bn = GetBNPtr(bn_obj);
1573
-
1574
- if (EC_POINT_point2bn(group, point, form, bn, ossl_bn_ctx) == NULL)
1575
- ossl_raise(eEC_POINT, "EC_POINT_point2bn");
1576
-
1577
- return bn_obj;
1552
+ form = parse_point_conversion_form_symbol(conversion_form);
1553
+
1554
+ len = EC_POINT_point2oct(group, point, form, NULL, 0, ossl_bn_ctx);
1555
+ if (!len)
1556
+ ossl_raise(eEC_POINT, "EC_POINT_point2oct");
1557
+ str = rb_str_new(NULL, (long)len);
1558
+ if (!EC_POINT_point2oct(group, point, form,
1559
+ (unsigned char *)RSTRING_PTR(str), len,
1560
+ ossl_bn_ctx))
1561
+ ossl_raise(eEC_POINT, "EC_POINT_point2oct");
1562
+ return str;
1578
1563
  }
1579
1564
 
1580
1565
  /*
@@ -1799,7 +1784,7 @@ void Init_ossl_ec(void)
1799
1784
  rb_define_method(cEC_POINT, "set_to_infinity!", ossl_ec_point_set_to_infinity, 0);
1800
1785
  /* all the other methods */
1801
1786
 
1802
- rb_define_method(cEC_POINT, "to_bn", ossl_ec_point_to_bn, -1);
1787
+ rb_define_method(cEC_POINT, "to_octet_string", ossl_ec_point_to_octet_string, 1);
1803
1788
  rb_define_method(cEC_POINT, "mul", ossl_ec_point_mul, -1);
1804
1789
 
1805
1790
  id_i_group = rb_intern("@group");
@@ -377,7 +377,6 @@ ossl_call_session_get_cb(VALUE ary)
377
377
  return rb_funcallv(cb, id_call, 1, &ary);
378
378
  }
379
379
 
380
- /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
381
380
  static SSL_SESSION *
382
381
  #if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
383
382
  ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy)
@@ -1035,10 +1034,6 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
1035
1034
  }
1036
1035
 
1037
1036
  GetSSLCTX(self, ctx);
1038
- if(!ctx){
1039
- ossl_raise(eSSLError, "SSL_CTX is not initialized.");
1040
- return Qnil;
1041
- }
1042
1037
  if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) {
1043
1038
  ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
1044
1039
  }
@@ -1,3 +1,25 @@
1
1
  # frozen_string_literal: false
2
- module OpenSSL
2
+ #--
3
+ # Ruby/OpenSSL Project
4
+ # Copyright (C) 2017 Ruby/OpenSSL Project Authors
5
+ #++
6
+
7
+ module OpenSSL::PKey
8
+ if defined?(EC)
9
+ class EC::Point
10
+ # :call-seq:
11
+ # point.to_bn([conversion_form]) -> OpenSSL::BN
12
+ #
13
+ # Returns the octet string representation of the EC point as an instance of
14
+ # OpenSSL::BN.
15
+ #
16
+ # If _conversion_form_ is not given, the _point_conversion_form_ attribute
17
+ # set to the group is used.
18
+ #
19
+ # See #to_octet_string for more information.
20
+ def to_bn(conversion_form = group.point_conversion_form)
21
+ OpenSSL::BN.new(to_octet_string(conversion_form), 2)
22
+ end
23
+ end
24
+ end
3
25
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0.beta2
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Martin Bosslet
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2017-11-25 00:00:00.000000000 Z
14
+ date: 2017-12-14 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rake
@@ -168,12 +168,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
168
168
  version: 2.3.0
169
169
  required_rubygems_version: !ruby/object:Gem::Requirement
170
170
  requirements:
171
- - - ">"
171
+ - - ">="
172
172
  - !ruby/object:Gem::Version
173
- version: 1.3.1
173
+ version: '0'
174
174
  requirements: []
175
175
  rubyforge_project:
176
- rubygems_version: 2.7.2
176
+ rubygems_version: 2.7.3
177
177
  signing_key:
178
178
  specification_version: 4
179
179
  summary: OpenSSL provides SSL, TLS and general purpose cryptography.