openssl 2.1.0.beta2 → 2.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4dea8ca704a58adc4312acd244662598b72371fb69228c123b0adf64fdca4e42
4
- data.tar.gz: e45d8324405378f31a70fc2b56d580279b4fd765531d8569955eb0b4de06d604
3
+ metadata.gz: 7698d18ecab870cfddfbc527123fb4e77cd8f993321440167feec83485828ea7
4
+ data.tar.gz: 1132a2cc147808d3e42ca9d3f726b24d635da93d3c8e62af31f4f9c8b5c51ce1
5
5
  SHA512:
6
- metadata.gz: b42ba538068f938ae0f5301e202ca7aabc0cfbb78d8f66b06898dc248afd96e84944a8578159aed34f4a90d7d3e0f92cca4afd65ca311034ff48ec26e01c993a
7
- data.tar.gz: 2ca3439c2e39e598716df0bfc657b60a024abedc0a937f6120760008ae159363cb3d03d067ce15eba7745b8462cf9b2cf2d43b5a6a2b000a87e06ba176fb894f
6
+ metadata.gz: 99bad919e464275130913d0ba39db26271d3d43f843a27cefc16b7777727715214e26810236227ef2c13588a7311f4cfef6954275f64e034724b21696ecf37e7
7
+ data.tar.gz: d44e451531531e45db6f86ecfd2eaa0099c5e4143e5dc1f7794ff85822ef6dc92ad10ac87e62faa1c8a227e2aed1089cde2a022fb71f5eba4b764f6ef7bade12
data/History.md CHANGED
@@ -1,5 +1,53 @@
1
- Version 2.1.0.beta2
2
- ===================
1
+ Version 2.1.3
2
+ =============
3
+
4
+ Bug fixes
5
+ ---------
6
+
7
+ * Fix deprecation warnings on Ruby 3.0.
8
+ * Add ".include" directive support in `OpenSSL::Config`.
9
+ [[GitHub #216]](https://github.com/ruby/openssl/pull/216)
10
+ * Fix handling of IPv6 address SANs.
11
+ [[GitHub #185]](https://github.com/ruby/openssl/pull/185)
12
+ * Hostname verification failure with `OpenSSL::SSL::SSLContext#verify_hostname=`
13
+ sets a proper error code.
14
+ [[GitHub #350]](https://github.com/ruby/openssl/pull/350)
15
+ * Fix crash with `OpenSSL::BN.new(nil, 2)`.
16
+ [[Bug #15760]](https://bugs.ruby-lang.org/issues/15760)
17
+ * `OpenSSL::SSL::SSLSocket#sys{read,write}` prevent internal string buffers from
18
+ being modified by another thread.
19
+ [[GitHub #453]](https://github.com/ruby/openssl/pull/453)
20
+ * Fix misuse of input record separator in `OpenSSL::Buffering` where it was
21
+ for output.
22
+ * Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
23
+ [[GitHub #460]](https://github.com/ruby/openssl/pull/460)
24
+ * `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
25
+ newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
26
+ OpenSSL 3.0 API.
27
+ [[GitHub #458]](https://github.com/ruby/openssl/pull/458)
28
+ * Activate `digest` gem correctly. `digest` library could go into an
29
+ inconsistent state if there are multiple versions of `digest` is installed
30
+ and `openssl` is `require`d before `digest`.
31
+ [[GitHub #463]](https://github.com/ruby/openssl/pull/463)
32
+ * Fix GC.compact compatibility.
33
+ [[GitHub #464]](https://github.com/ruby/openssl/issues/464)
34
+ [[GitHub #465]](https://github.com/ruby/openssl/pull/465)
35
+
36
+
37
+ Version 2.1.2
38
+ =============
39
+
40
+ Merged changes in 2.0.9.
41
+
42
+
43
+ Version 2.1.1
44
+ =============
45
+
46
+ Merged changes in 2.0.8.
47
+
48
+
49
+ Version 2.1.0
50
+ =============
3
51
 
4
52
  Notable changes
5
53
  ---------------
@@ -50,6 +98,61 @@ Notable changes
50
98
  [[GitHub #169]](https://github.com/ruby/openssl/pull/169)
51
99
  * OpenSSL::SSL::SSLContext#add_certificate is added.
52
100
  [[GitHub #167]](https://github.com/ruby/openssl/pull/167)
101
+ * OpenSSL::PKey::EC::Point#to_octet_string is added.
102
+ OpenSSL::PKey::EC::Point.new can now take String as the second argument.
103
+ [[GitHub #177]](https://github.com/ruby/openssl/pull/177)
104
+
105
+
106
+ Version 2.0.9
107
+ =============
108
+
109
+ Security fixes
110
+ --------------
111
+
112
+ * OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
113
+ objects. CVE-2018-16395 is assigned for this issue.
114
+ https://hackerone.com/reports/387250
115
+
116
+ Bug fixes
117
+ ---------
118
+
119
+ * Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
120
+ interrupted.
121
+ [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
122
+ [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
123
+ * Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
124
+ called against an empty instance.
125
+ [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
126
+ [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
127
+
128
+
129
+ Version 2.0.8
130
+ =============
131
+
132
+ Bug fixes
133
+ ---------
134
+
135
+ * OpenSSL::Cipher#pkcs5_keyivgen raises an error when a negative iteration
136
+ count is given.
137
+ [[GitHub #184]](https://github.com/ruby/openssl/pull/184)
138
+ * Fixed build with LibreSSL 2.7.
139
+ [[GitHub #192]](https://github.com/ruby/openssl/issues/192)
140
+ [[GitHub #193]](https://github.com/ruby/openssl/pull/193)
141
+
142
+
143
+ Version 2.0.7
144
+ =============
145
+
146
+ Bug fixes
147
+ ---------
148
+
149
+ * OpenSSL::Cipher#auth_data= could segfault if called against a non-AEAD cipher.
150
+ [[Bug #14024]](https://bugs.ruby-lang.org/issues/14024)
151
+ * OpenSSL::X509::Certificate#public_key= (and similar methods) could segfault
152
+ when an instance of OpenSSL::PKey::PKey with no public key components is
153
+ passed.
154
+ [[Bug #14087]](https://bugs.ruby-lang.org/issues/14087)
155
+ [[GitHub #168]](https://github.com/ruby/openssl/pull/168)
53
156
 
54
157
 
55
158
  Version 2.0.6
@@ -3,7 +3,7 @@ module OpenSSL
3
3
  def self.deprecated_warning_flag
4
4
  unless flag = (@deprecated_warning_flag ||= nil)
5
5
  if try_compile("", flag = "-Werror=deprecated-declarations")
6
- $warnflags << " #{flag}"
6
+ $warnflags = "#{@warnflags = $warnflags}" #{flag}"
7
7
  else
8
8
  flag = ""
9
9
  end
@@ -12,6 +12,10 @@ module OpenSSL
12
12
  flag
13
13
  end
14
14
 
15
+ def self.restore_warning_flag
16
+ $warnflags = @warnflags
17
+ end
18
+
15
19
  def self.check_func(func, header)
16
20
  have_func(func, header, deprecated_warning_flag)
17
21
  end
@@ -19,7 +19,7 @@ dir_config("kerberos")
19
19
 
20
20
  Logging::message "=== OpenSSL for Ruby configurator ===\n"
21
21
 
22
- # Add -Werror=deprecated-declarations to $warnflags if available
22
+ # Check with -Werror=deprecated-declarations if available
23
23
  OpenSSL.deprecated_warning_flag
24
24
 
25
25
  ##
@@ -33,9 +33,9 @@ end
33
33
  Logging::message "=== Checking for system dependent stuff... ===\n"
34
34
  have_library("nsl", "t_open")
35
35
  have_library("socket", "socket")
36
-
37
- Logging::message "=== Checking for required stuff... ===\n"
38
- result = pkg_config("openssl") && have_header("openssl/ssl.h")
36
+ if $mswin || $mingw
37
+ have_library("ws2_32")
38
+ end
39
39
 
40
40
  def find_openssl_library
41
41
  if $mswin || $mingw
@@ -87,19 +87,33 @@ def find_openssl_library
87
87
  return false
88
88
  end
89
89
 
90
- unless result
91
- unless find_openssl_library
92
- Logging::message "=== Checking for required stuff failed. ===\n"
93
- Logging::message "Makefile wasn't created. Fix the errors above.\n"
94
- raise "OpenSSL library could not be found. You might want to use " \
95
- "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
96
- "is installed."
97
- end
90
+ Logging::message "=== Checking for required stuff... ===\n"
91
+ pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
92
+
93
+ if !pkg_config_found && !find_openssl_library
94
+ Logging::message "=== Checking for required stuff failed. ===\n"
95
+ Logging::message "Makefile wasn't created. Fix the errors above.\n"
96
+ raise "OpenSSL library could not be found. You might want to use " \
97
+ "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
98
+ "is installed."
98
99
  end
99
100
 
100
- unless checking_for("OpenSSL version is 1.0.1 or later") {
101
- try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
102
- raise "OpenSSL >= 1.0.1 or LibreSSL is required"
101
+ version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
102
+ is_libressl = true
103
+ checking_for("LibreSSL version >= 2.5.0") {
104
+ try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
105
+ else
106
+ checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
107
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
108
+ !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
109
+ end
110
+ unless version_ok
111
+ raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
112
+ end
113
+
114
+ # Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
115
+ if is_libressl && ($mswin || $mingw)
116
+ $defs.push("-DNOCRYPT")
103
117
  end
104
118
 
105
119
  Logging::message "=== Checking for OpenSSL features... ===\n"
@@ -122,8 +136,11 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
122
136
  have_func("SSL_is_server")
123
137
 
124
138
  # added in 1.1.0
139
+ if !have_struct_member("SSL", "ctx", "openssl/ssl.h") ||
140
+ try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h")
141
+ $defs.push("-DHAVE_OPAQUE_OPENSSL")
142
+ end
125
143
  have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
126
- have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
127
144
  have_func("BN_GENCB_new")
128
145
  have_func("BN_GENCB_free")
129
146
  have_func("BN_GENCB_get_arg")
@@ -159,5 +176,6 @@ have_func("EVP_PBE_scrypt")
159
176
  Logging::message "=== Checking done. ===\n"
160
177
 
161
178
  create_header
179
+ OpenSSL.restore_warning_flag
162
180
  create_makefile("openssl")
163
181
  Logging::message "Done.\n"
@@ -149,7 +149,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
149
149
  static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
150
150
  return pkey->pkey._name; }
151
151
  #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
152
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
152
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
153
153
  if (a1) *a1 = obj->a1; \
154
154
  if (a2) *a2 = obj->a2; } \
155
155
  static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@@ -158,7 +158,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
158
158
  BN_clear_free(obj->a2); obj->a2 = a2; \
159
159
  return 1; }
160
160
  #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
161
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
161
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
162
162
  if (a1) *a1 = obj->a1; \
163
163
  if (a2) *a2 = obj->a2; \
164
164
  if (a3) *a3 = obj->a3; } \
@@ -185,7 +185,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
185
185
  #if !defined(OPENSSL_NO_DH)
186
186
  IMPL_PKEY_GETTER(DH, dh)
187
187
  IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
188
- IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
188
+ IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
189
189
  static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
190
190
  #endif
191
191
 
data/ext/openssl/ossl.c CHANGED
@@ -338,7 +338,7 @@ ossl_clear_error(void)
338
338
  * implementation.
339
339
  */
340
340
  VALUE
341
- ossl_get_errors(void)
341
+ ossl_get_errors(VALUE _)
342
342
  {
343
343
  VALUE ary;
344
344
  long e;
@@ -398,7 +398,7 @@ ossl_debug_set(VALUE self, VALUE val)
398
398
  }
399
399
 
400
400
  /*
401
- * call-seq
401
+ * call-seq:
402
402
  * OpenSSL.fips_mode -> true | false
403
403
  */
404
404
  static VALUE
@@ -1099,6 +1099,7 @@ static void Init_ossl_locks(void)
1099
1099
  void
1100
1100
  Init_openssl(void)
1101
1101
  {
1102
+ #undef rb_intern
1102
1103
  /*
1103
1104
  * Init timezone info
1104
1105
  */
data/ext/openssl/ossl.h CHANGED
@@ -13,8 +13,8 @@
13
13
  #include RUBY_EXTCONF_H
14
14
 
15
15
  #include <assert.h>
16
- #include <errno.h>
17
16
  #include <ruby.h>
17
+ #include <errno.h>
18
18
  #include <ruby/io.h>
19
19
  #include <ruby/thread.h>
20
20
  #include <openssl/opensslv.h>
@@ -1360,6 +1360,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
1360
1360
  void
1361
1361
  Init_ossl_asn1(void)
1362
1362
  {
1363
+ #undef rb_intern
1363
1364
  VALUE ary;
1364
1365
  int i;
1365
1366
 
@@ -1665,12 +1666,12 @@ Init_ossl_asn1(void)
1665
1666
  * == Primitive sub-classes and their mapping to Ruby classes
1666
1667
  * * OpenSSL::ASN1::EndOfContent <=> _value_ is always +nil+
1667
1668
  * * OpenSSL::ASN1::Boolean <=> _value_ is +true+ or +false+
1668
- * * OpenSSL::ASN1::Integer <=> _value_ is an Integer
1669
+ * * OpenSSL::ASN1::Integer <=> _value_ is an OpenSSL::BN
1669
1670
  * * OpenSSL::ASN1::BitString <=> _value_ is a String
1670
1671
  * * OpenSSL::ASN1::OctetString <=> _value_ is a String
1671
1672
  * * OpenSSL::ASN1::Null <=> _value_ is always +nil+
1672
1673
  * * OpenSSL::ASN1::Object <=> _value_ is a String
1673
- * * OpenSSL::ASN1::Enumerated <=> _value_ is an Integer
1674
+ * * OpenSSL::ASN1::Enumerated <=> _value_ is an OpenSSL::BN
1674
1675
  * * OpenSSL::ASN1::UTF8String <=> _value_ is a String
1675
1676
  * * OpenSSL::ASN1::NumericString <=> _value_ is a String
1676
1677
  * * OpenSSL::ASN1::PrintableString <=> _value_ is a String
@@ -1823,6 +1824,7 @@ do{\
1823
1824
  rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
1824
1825
 
1825
1826
  class_tag_map = rb_hash_new();
1827
+ rb_gc_register_mark_object(class_tag_map);
1826
1828
  rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
1827
1829
  rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
1828
1830
  rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
@@ -1846,7 +1848,6 @@ do{\
1846
1848
  rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
1847
1849
  rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
1848
1850
  rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
1849
- rb_global_variable(&class_tag_map);
1850
1851
 
1851
1852
  id_each = rb_intern_const("each");
1852
1853
  }
@@ -187,6 +187,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
187
187
  BIGNUM *bn;
188
188
  VALUE str, bs;
189
189
  int base = 10;
190
+ char *ptr;
190
191
 
191
192
  if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) {
192
193
  base = NUM2INT(bs);
@@ -213,12 +214,14 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
213
214
  GetBN(self, bn);
214
215
  switch (base) {
215
216
  case 0:
216
- if (!BN_mpi2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
217
+ ptr = StringValuePtr(str);
218
+ if (!BN_mpi2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
217
219
  ossl_raise(eBNError, NULL);
218
220
  }
219
221
  break;
220
222
  case 2:
221
- if (!BN_bin2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
223
+ ptr = StringValuePtr(str);
224
+ if (!BN_bin2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
222
225
  ossl_raise(eBNError, NULL);
223
226
  }
224
227
  break;
@@ -397,7 +400,7 @@ ossl_bn_is_negative(VALUE self)
397
400
  if (!(result = BN_new())) { \
398
401
  ossl_raise(eBNError, NULL); \
399
402
  } \
400
- if (!BN_##func(result, bn, ossl_bn_ctx)) { \
403
+ if (BN_##func(result, bn, ossl_bn_ctx) <= 0) { \
401
404
  BN_free(result); \
402
405
  ossl_raise(eBNError, NULL); \
403
406
  } \
@@ -423,7 +426,7 @@ BIGNUM_1c(sqr)
423
426
  if (!(result = BN_new())) { \
424
427
  ossl_raise(eBNError, NULL); \
425
428
  } \
426
- if (!BN_##func(result, bn1, bn2)) { \
429
+ if (BN_##func(result, bn1, bn2) <= 0) { \
427
430
  BN_free(result); \
428
431
  ossl_raise(eBNError, NULL); \
429
432
  } \
@@ -456,7 +459,7 @@ BIGNUM_2(sub)
456
459
  if (!(result = BN_new())) { \
457
460
  ossl_raise(eBNError, NULL); \
458
461
  } \
459
- if (!BN_##func(result, bn1, bn2, ossl_bn_ctx)) { \
462
+ if (BN_##func(result, bn1, bn2, ossl_bn_ctx) <= 0) { \
460
463
  BN_free(result); \
461
464
  ossl_raise(eBNError, NULL); \
462
465
  } \
@@ -500,11 +503,21 @@ BIGNUM_2c(gcd)
500
503
  BIGNUM_2c(mod_sqr)
501
504
 
502
505
  /*
503
- * Document-method: OpenSSL::BN#mod_inverse
504
506
  * call-seq:
505
- * bn.mod_inverse(bn2) => aBN
507
+ * bn.mod_inverse(bn2) => aBN
506
508
  */
507
- BIGNUM_2c(mod_inverse)
509
+ static VALUE
510
+ ossl_bn_mod_inverse(VALUE self, VALUE other)
511
+ {
512
+ BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;
513
+ VALUE obj;
514
+ GetBN(self, bn1);
515
+ obj = NewBN(rb_obj_class(self));
516
+ if (!(result = BN_mod_inverse(NULL, bn1, bn2, ossl_bn_ctx)))
517
+ ossl_raise(eBNError, "BN_mod_inverse");
518
+ SetBN(obj, result);
519
+ return obj;
520
+ }
508
521
 
509
522
  /*
510
523
  * call-seq:
@@ -553,7 +566,7 @@ ossl_bn_div(VALUE self, VALUE other)
553
566
  if (!(result = BN_new())) { \
554
567
  ossl_raise(eBNError, NULL); \
555
568
  } \
556
- if (!BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx)) { \
569
+ if (BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx) <= 0) { \
557
570
  BN_free(result); \
558
571
  ossl_raise(eBNError, NULL); \
559
572
  } \
@@ -595,7 +608,7 @@ BIGNUM_3c(mod_exp)
595
608
  { \
596
609
  BIGNUM *bn; \
597
610
  GetBN(self, bn); \
598
- if (!BN_##func(bn, NUM2INT(bit))) { \
611
+ if (BN_##func(bn, NUM2INT(bit)) <= 0) { \
599
612
  ossl_raise(eBNError, NULL); \
600
613
  } \
601
614
  return self; \
@@ -655,7 +668,7 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit)
655
668
  if (!(result = BN_new())) { \
656
669
  ossl_raise(eBNError, NULL); \
657
670
  } \
658
- if (!BN_##func(result, bn, b)) { \
671
+ if (BN_##func(result, bn, b) <= 0) { \
659
672
  BN_free(result); \
660
673
  ossl_raise(eBNError, NULL); \
661
674
  } \
@@ -685,7 +698,7 @@ BIGNUM_SHIFT(rshift)
685
698
  int b; \
686
699
  b = NUM2INT(bits); \
687
700
  GetBN(self, bn); \
688
- if (!BN_##func(bn, bn, b)) \
701
+ if (BN_##func(bn, bn, b) <= 0) \
689
702
  ossl_raise(eBNError, NULL); \
690
703
  return self; \
691
704
  }
@@ -724,7 +737,7 @@ BIGNUM_SELF_SHIFT(rshift)
724
737
  if (!(result = BN_new())) { \
725
738
  ossl_raise(eBNError, NULL); \
726
739
  } \
727
- if (!BN_##func(result, b, top, bottom)) { \
740
+ if (BN_##func(result, b, top, bottom) <= 0) { \
728
741
  BN_free(result); \
729
742
  ossl_raise(eBNError, NULL); \
730
743
  } \
@@ -753,7 +766,7 @@ BIGNUM_RAND(pseudo_rand)
753
766
  if (!(result = BN_new())) { \
754
767
  ossl_raise(eBNError, NULL); \
755
768
  } \
756
- if (!BN_##func##_range(result, bn)) { \
769
+ if (BN_##func##_range(result, bn) <= 0) { \
757
770
  BN_free(result); \
758
771
  ossl_raise(eBNError, NULL); \
759
772
  } \
@@ -317,6 +317,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
317
317
  salt = (unsigned char *)RSTRING_PTR(vsalt);
318
318
  }
319
319
  iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
320
+ if (iter <= 0)
321
+ rb_raise(rb_eArgError, "iterations must be a positive integer");
320
322
  digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_get_digestbyname(vdigest);
321
323
  GetCipher(self, ctx);
322
324
  EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
@@ -313,8 +313,6 @@ ossl_digest_block_length(VALUE self)
313
313
  void
314
314
  Init_ossl_digest(void)
315
315
  {
316
- rb_require("digest");
317
-
318
316
  #if 0
319
317
  mOSSL = rb_define_module("OpenSSL");
320
318
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -433,6 +431,12 @@ Init_ossl_digest(void)
433
431
  * digest2 = sha256.digest(data2)
434
432
  *
435
433
  */
434
+
435
+ /*
436
+ * Digest::Class is defined by the digest library. rb_require() cannot be
437
+ * used here because it bypasses RubyGems.
438
+ */
439
+ rb_funcall(Qnil, rb_intern_const("require"), 1, rb_str_new_cstr("digest"));
436
440
  cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class"));
437
441
  /* Document-class: OpenSSL::Digest::DigestError
438
442
  *
@@ -232,6 +232,7 @@ ossl_pkcs12_to_der(VALUE self)
232
232
  void
233
233
  Init_ossl_pkcs12(void)
234
234
  {
235
+ #undef rb_intern
235
236
  #if 0
236
237
  mOSSL = rb_define_module("OpenSSL");
237
238
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -1042,6 +1042,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
1042
1042
  void
1043
1043
  Init_ossl_pkcs7(void)
1044
1044
  {
1045
+ #undef rb_intern
1045
1046
  #if 0
1046
1047
  mOSSL = rb_define_module("OpenSSL");
1047
1048
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -20,6 +20,21 @@ static ID id_private_q;
20
20
  /*
21
21
  * callback for generating keys
22
22
  */
23
+ static VALUE
24
+ call_check_ints0(VALUE arg)
25
+ {
26
+ rb_thread_check_ints();
27
+ return Qnil;
28
+ }
29
+
30
+ static void *
31
+ call_check_ints(void *arg)
32
+ {
33
+ int state;
34
+ rb_protect(call_check_ints0, Qnil, &state);
35
+ return (void *)(VALUE)state;
36
+ }
37
+
23
38
  int
24
39
  ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
25
40
  {
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
38
53
  */
39
54
  rb_protect(rb_yield, ary, &state);
40
55
  if (state) {
41
- arg->stop = 1;
42
56
  arg->state = state;
57
+ return 0;
58
+ }
59
+ }
60
+ if (arg->interrupted) {
61
+ arg->interrupted = 0;
62
+ state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
63
+ if (state) {
64
+ arg->state = state;
65
+ return 0;
43
66
  }
44
67
  }
45
- if (arg->stop) return 0;
46
68
  return 1;
47
69
  }
48
70
 
@@ -50,7 +72,7 @@ void
50
72
  ossl_generate_cb_stop(void *ptr)
51
73
  {
52
74
  struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
53
- arg->stop = 1;
75
+ arg->interrupted = 1;
54
76
  }
55
77
 
56
78
  static void
@@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
389
411
  void
390
412
  Init_ossl_pkey(void)
391
413
  {
414
+ #undef rb_intern
392
415
  #if 0
393
416
  mOSSL = rb_define_module("OpenSSL");
394
417
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -37,7 +37,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
37
37
 
38
38
  struct ossl_generate_cb_arg {
39
39
  int yield;
40
- int stop;
40
+ int interrupted;
41
41
  int state;
42
42
  };
43
43
  int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
@@ -133,9 +133,9 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALU
133
133
  BIGNUM *bn3 = NULL, *orig_bn3 = NIL_P(v3) ? NULL : GetBNPtr(v3);\
134
134
  \
135
135
  Get##_type(self, obj); \
136
- if (orig_bn1 && !(bn1 = BN_dup(orig_bn1)) || \
137
- orig_bn2 && !(bn2 = BN_dup(orig_bn2)) || \
138
- orig_bn3 && !(bn3 = BN_dup(orig_bn3))) { \
136
+ if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
137
+ (orig_bn2 && !(bn2 = BN_dup(orig_bn2))) || \
138
+ (orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) { \
139
139
  BN_clear_free(bn1); \
140
140
  BN_clear_free(bn2); \
141
141
  BN_clear_free(bn3); \
@@ -163,8 +163,8 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
163
163
  BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
164
164
  \
165
165
  Get##_type(self, obj); \
166
- if (orig_bn1 && !(bn1 = BN_dup(orig_bn1)) || \
167
- orig_bn2 && !(bn2 = BN_dup(orig_bn2))) { \
166
+ if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
167
+ (orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) { \
168
168
  BN_clear_free(bn1); \
169
169
  BN_clear_free(bn2); \
170
170
  ossl_raise(eBNError, NULL); \
@@ -262,7 +262,7 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
262
262
  BIGNUM *pub2 = BN_dup(pub);
263
263
  BIGNUM *priv2 = BN_dup(priv);
264
264
 
265
- if (!pub2 || priv && !priv2) {
265
+ if (!pub2 || (priv && !priv2)) {
266
266
  BN_clear_free(pub2);
267
267
  BN_clear_free(priv2);
268
268
  ossl_raise(eDHError, "BN_dup");