openssl 2.1.0.beta2 → 2.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +105 -2
- data/ext/openssl/deprecation.rb +5 -1
- data/ext/openssl/extconf.rb +34 -16
- data/ext/openssl/openssl_missing.h +3 -3
- data/ext/openssl/ossl.c +3 -2
- data/ext/openssl/ossl.h +1 -1
- data/ext/openssl/ossl_asn1.c +4 -3
- data/ext/openssl/ossl_bn.c +27 -14
- data/ext/openssl/ossl_cipher.c +2 -0
- data/ext/openssl/ossl_digest.c +6 -2
- data/ext/openssl/ossl_pkcs12.c +1 -0
- data/ext/openssl/ossl_pkcs7.c +1 -0
- data/ext/openssl/ossl_pkey.c +26 -3
- data/ext/openssl/ossl_pkey.h +6 -6
- data/ext/openssl/ossl_pkey_dh.c +1 -1
- data/ext/openssl/ossl_pkey_ec.c +72 -86
- data/ext/openssl/ossl_rand.c +0 -8
- data/ext/openssl/ossl_ssl.c +111 -38
- data/ext/openssl/ossl_version.h +1 -1
- data/ext/openssl/ossl_x509.c +91 -0
- data/ext/openssl/ossl_x509ext.c +1 -0
- data/ext/openssl/ossl_x509name.c +8 -7
- data/ext/openssl/ossl_x509store.c +40 -22
- data/lib/openssl/buffering.rb +5 -12
- data/lib/openssl/config.rb +36 -18
- data/lib/openssl/pkey.rb +23 -1
- data/lib/openssl/ssl.rb +6 -5
- metadata +22 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7698d18ecab870cfddfbc527123fb4e77cd8f993321440167feec83485828ea7
|
4
|
+
data.tar.gz: 1132a2cc147808d3e42ca9d3f726b24d635da93d3c8e62af31f4f9c8b5c51ce1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 99bad919e464275130913d0ba39db26271d3d43f843a27cefc16b7777727715214e26810236227ef2c13588a7311f4cfef6954275f64e034724b21696ecf37e7
|
7
|
+
data.tar.gz: d44e451531531e45db6f86ecfd2eaa0099c5e4143e5dc1f7794ff85822ef6dc92ad10ac87e62faa1c8a227e2aed1089cde2a022fb71f5eba4b764f6ef7bade12
|
data/History.md
CHANGED
@@ -1,5 +1,53 @@
|
|
1
|
-
Version 2.1.
|
2
|
-
|
1
|
+
Version 2.1.3
|
2
|
+
=============
|
3
|
+
|
4
|
+
Bug fixes
|
5
|
+
---------
|
6
|
+
|
7
|
+
* Fix deprecation warnings on Ruby 3.0.
|
8
|
+
* Add ".include" directive support in `OpenSSL::Config`.
|
9
|
+
[[GitHub #216]](https://github.com/ruby/openssl/pull/216)
|
10
|
+
* Fix handling of IPv6 address SANs.
|
11
|
+
[[GitHub #185]](https://github.com/ruby/openssl/pull/185)
|
12
|
+
* Hostname verification failure with `OpenSSL::SSL::SSLContext#verify_hostname=`
|
13
|
+
sets a proper error code.
|
14
|
+
[[GitHub #350]](https://github.com/ruby/openssl/pull/350)
|
15
|
+
* Fix crash with `OpenSSL::BN.new(nil, 2)`.
|
16
|
+
[[Bug #15760]](https://bugs.ruby-lang.org/issues/15760)
|
17
|
+
* `OpenSSL::SSL::SSLSocket#sys{read,write}` prevent internal string buffers from
|
18
|
+
being modified by another thread.
|
19
|
+
[[GitHub #453]](https://github.com/ruby/openssl/pull/453)
|
20
|
+
* Fix misuse of input record separator in `OpenSSL::Buffering` where it was
|
21
|
+
for output.
|
22
|
+
* Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
|
23
|
+
[[GitHub #460]](https://github.com/ruby/openssl/pull/460)
|
24
|
+
* `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
|
25
|
+
newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
|
26
|
+
OpenSSL 3.0 API.
|
27
|
+
[[GitHub #458]](https://github.com/ruby/openssl/pull/458)
|
28
|
+
* Activate `digest` gem correctly. `digest` library could go into an
|
29
|
+
inconsistent state if there are multiple versions of `digest` is installed
|
30
|
+
and `openssl` is `require`d before `digest`.
|
31
|
+
[[GitHub #463]](https://github.com/ruby/openssl/pull/463)
|
32
|
+
* Fix GC.compact compatibility.
|
33
|
+
[[GitHub #464]](https://github.com/ruby/openssl/issues/464)
|
34
|
+
[[GitHub #465]](https://github.com/ruby/openssl/pull/465)
|
35
|
+
|
36
|
+
|
37
|
+
Version 2.1.2
|
38
|
+
=============
|
39
|
+
|
40
|
+
Merged changes in 2.0.9.
|
41
|
+
|
42
|
+
|
43
|
+
Version 2.1.1
|
44
|
+
=============
|
45
|
+
|
46
|
+
Merged changes in 2.0.8.
|
47
|
+
|
48
|
+
|
49
|
+
Version 2.1.0
|
50
|
+
=============
|
3
51
|
|
4
52
|
Notable changes
|
5
53
|
---------------
|
@@ -50,6 +98,61 @@ Notable changes
|
|
50
98
|
[[GitHub #169]](https://github.com/ruby/openssl/pull/169)
|
51
99
|
* OpenSSL::SSL::SSLContext#add_certificate is added.
|
52
100
|
[[GitHub #167]](https://github.com/ruby/openssl/pull/167)
|
101
|
+
* OpenSSL::PKey::EC::Point#to_octet_string is added.
|
102
|
+
OpenSSL::PKey::EC::Point.new can now take String as the second argument.
|
103
|
+
[[GitHub #177]](https://github.com/ruby/openssl/pull/177)
|
104
|
+
|
105
|
+
|
106
|
+
Version 2.0.9
|
107
|
+
=============
|
108
|
+
|
109
|
+
Security fixes
|
110
|
+
--------------
|
111
|
+
|
112
|
+
* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
|
113
|
+
objects. CVE-2018-16395 is assigned for this issue.
|
114
|
+
https://hackerone.com/reports/387250
|
115
|
+
|
116
|
+
Bug fixes
|
117
|
+
---------
|
118
|
+
|
119
|
+
* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
|
120
|
+
interrupted.
|
121
|
+
[[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
|
122
|
+
[[GitHub #205]](https://github.com/ruby/openssl/pull/205)
|
123
|
+
* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
|
124
|
+
called against an empty instance.
|
125
|
+
[[GitHub #200]](https://github.com/ruby/openssl/issues/200)
|
126
|
+
[[GitHub #211]](https://github.com/ruby/openssl/pull/211)
|
127
|
+
|
128
|
+
|
129
|
+
Version 2.0.8
|
130
|
+
=============
|
131
|
+
|
132
|
+
Bug fixes
|
133
|
+
---------
|
134
|
+
|
135
|
+
* OpenSSL::Cipher#pkcs5_keyivgen raises an error when a negative iteration
|
136
|
+
count is given.
|
137
|
+
[[GitHub #184]](https://github.com/ruby/openssl/pull/184)
|
138
|
+
* Fixed build with LibreSSL 2.7.
|
139
|
+
[[GitHub #192]](https://github.com/ruby/openssl/issues/192)
|
140
|
+
[[GitHub #193]](https://github.com/ruby/openssl/pull/193)
|
141
|
+
|
142
|
+
|
143
|
+
Version 2.0.7
|
144
|
+
=============
|
145
|
+
|
146
|
+
Bug fixes
|
147
|
+
---------
|
148
|
+
|
149
|
+
* OpenSSL::Cipher#auth_data= could segfault if called against a non-AEAD cipher.
|
150
|
+
[[Bug #14024]](https://bugs.ruby-lang.org/issues/14024)
|
151
|
+
* OpenSSL::X509::Certificate#public_key= (and similar methods) could segfault
|
152
|
+
when an instance of OpenSSL::PKey::PKey with no public key components is
|
153
|
+
passed.
|
154
|
+
[[Bug #14087]](https://bugs.ruby-lang.org/issues/14087)
|
155
|
+
[[GitHub #168]](https://github.com/ruby/openssl/pull/168)
|
53
156
|
|
54
157
|
|
55
158
|
Version 2.0.6
|
data/ext/openssl/deprecation.rb
CHANGED
@@ -3,7 +3,7 @@ module OpenSSL
|
|
3
3
|
def self.deprecated_warning_flag
|
4
4
|
unless flag = (@deprecated_warning_flag ||= nil)
|
5
5
|
if try_compile("", flag = "-Werror=deprecated-declarations")
|
6
|
-
$warnflags
|
6
|
+
$warnflags = "#{@warnflags = $warnflags}" #{flag}"
|
7
7
|
else
|
8
8
|
flag = ""
|
9
9
|
end
|
@@ -12,6 +12,10 @@ module OpenSSL
|
|
12
12
|
flag
|
13
13
|
end
|
14
14
|
|
15
|
+
def self.restore_warning_flag
|
16
|
+
$warnflags = @warnflags
|
17
|
+
end
|
18
|
+
|
15
19
|
def self.check_func(func, header)
|
16
20
|
have_func(func, header, deprecated_warning_flag)
|
17
21
|
end
|
data/ext/openssl/extconf.rb
CHANGED
@@ -19,7 +19,7 @@ dir_config("kerberos")
|
|
19
19
|
|
20
20
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
21
21
|
|
22
|
-
#
|
22
|
+
# Check with -Werror=deprecated-declarations if available
|
23
23
|
OpenSSL.deprecated_warning_flag
|
24
24
|
|
25
25
|
##
|
@@ -33,9 +33,9 @@ end
|
|
33
33
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
34
34
|
have_library("nsl", "t_open")
|
35
35
|
have_library("socket", "socket")
|
36
|
-
|
37
|
-
|
38
|
-
|
36
|
+
if $mswin || $mingw
|
37
|
+
have_library("ws2_32")
|
38
|
+
end
|
39
39
|
|
40
40
|
def find_openssl_library
|
41
41
|
if $mswin || $mingw
|
@@ -87,19 +87,33 @@ def find_openssl_library
|
|
87
87
|
return false
|
88
88
|
end
|
89
89
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
90
|
+
Logging::message "=== Checking for required stuff... ===\n"
|
91
|
+
pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
|
92
|
+
|
93
|
+
if !pkg_config_found && !find_openssl_library
|
94
|
+
Logging::message "=== Checking for required stuff failed. ===\n"
|
95
|
+
Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
96
|
+
raise "OpenSSL library could not be found. You might want to use " \
|
97
|
+
"--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
|
98
|
+
"is installed."
|
98
99
|
end
|
99
100
|
|
100
|
-
|
101
|
-
|
102
|
-
|
101
|
+
version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
102
|
+
is_libressl = true
|
103
|
+
checking_for("LibreSSL version >= 2.5.0") {
|
104
|
+
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
|
105
|
+
else
|
106
|
+
checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
|
107
|
+
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
|
108
|
+
!try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
|
109
|
+
end
|
110
|
+
unless version_ok
|
111
|
+
raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
|
112
|
+
end
|
113
|
+
|
114
|
+
# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
|
115
|
+
if is_libressl && ($mswin || $mingw)
|
116
|
+
$defs.push("-DNOCRYPT")
|
103
117
|
end
|
104
118
|
|
105
119
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
@@ -122,8 +136,11 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
|
|
122
136
|
have_func("SSL_is_server")
|
123
137
|
|
124
138
|
# added in 1.1.0
|
139
|
+
if !have_struct_member("SSL", "ctx", "openssl/ssl.h") ||
|
140
|
+
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h")
|
141
|
+
$defs.push("-DHAVE_OPAQUE_OPENSSL")
|
142
|
+
end
|
125
143
|
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
|
126
|
-
have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
|
127
144
|
have_func("BN_GENCB_new")
|
128
145
|
have_func("BN_GENCB_free")
|
129
146
|
have_func("BN_GENCB_get_arg")
|
@@ -159,5 +176,6 @@ have_func("EVP_PBE_scrypt")
|
|
159
176
|
Logging::message "=== Checking done. ===\n"
|
160
177
|
|
161
178
|
create_header
|
179
|
+
OpenSSL.restore_warning_flag
|
162
180
|
create_makefile("openssl")
|
163
181
|
Logging::message "Done.\n"
|
@@ -149,7 +149,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
149
149
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
150
150
|
return pkey->pkey._name; }
|
151
151
|
#define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
|
152
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
152
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
153
153
|
if (a1) *a1 = obj->a1; \
|
154
154
|
if (a2) *a2 = obj->a2; } \
|
155
155
|
static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
@@ -158,7 +158,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
158
158
|
BN_clear_free(obj->a2); obj->a2 = a2; \
|
159
159
|
return 1; }
|
160
160
|
#define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
|
161
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
161
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
162
162
|
if (a1) *a1 = obj->a1; \
|
163
163
|
if (a2) *a2 = obj->a2; \
|
164
164
|
if (a3) *a3 = obj->a3; } \
|
@@ -185,7 +185,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
|
|
185
185
|
#if !defined(OPENSSL_NO_DH)
|
186
186
|
IMPL_PKEY_GETTER(DH, dh)
|
187
187
|
IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
|
188
|
-
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
|
188
|
+
IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
|
189
189
|
static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
|
190
190
|
#endif
|
191
191
|
|
data/ext/openssl/ossl.c
CHANGED
@@ -338,7 +338,7 @@ ossl_clear_error(void)
|
|
338
338
|
* implementation.
|
339
339
|
*/
|
340
340
|
VALUE
|
341
|
-
ossl_get_errors(
|
341
|
+
ossl_get_errors(VALUE _)
|
342
342
|
{
|
343
343
|
VALUE ary;
|
344
344
|
long e;
|
@@ -398,7 +398,7 @@ ossl_debug_set(VALUE self, VALUE val)
|
|
398
398
|
}
|
399
399
|
|
400
400
|
/*
|
401
|
-
* call-seq
|
401
|
+
* call-seq:
|
402
402
|
* OpenSSL.fips_mode -> true | false
|
403
403
|
*/
|
404
404
|
static VALUE
|
@@ -1099,6 +1099,7 @@ static void Init_ossl_locks(void)
|
|
1099
1099
|
void
|
1100
1100
|
Init_openssl(void)
|
1101
1101
|
{
|
1102
|
+
#undef rb_intern
|
1102
1103
|
/*
|
1103
1104
|
* Init timezone info
|
1104
1105
|
*/
|
data/ext/openssl/ossl.h
CHANGED
data/ext/openssl/ossl_asn1.c
CHANGED
@@ -1360,6 +1360,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
|
|
1360
1360
|
void
|
1361
1361
|
Init_ossl_asn1(void)
|
1362
1362
|
{
|
1363
|
+
#undef rb_intern
|
1363
1364
|
VALUE ary;
|
1364
1365
|
int i;
|
1365
1366
|
|
@@ -1665,12 +1666,12 @@ Init_ossl_asn1(void)
|
|
1665
1666
|
* == Primitive sub-classes and their mapping to Ruby classes
|
1666
1667
|
* * OpenSSL::ASN1::EndOfContent <=> _value_ is always +nil+
|
1667
1668
|
* * OpenSSL::ASN1::Boolean <=> _value_ is +true+ or +false+
|
1668
|
-
* * OpenSSL::ASN1::Integer <=> _value_ is an
|
1669
|
+
* * OpenSSL::ASN1::Integer <=> _value_ is an OpenSSL::BN
|
1669
1670
|
* * OpenSSL::ASN1::BitString <=> _value_ is a String
|
1670
1671
|
* * OpenSSL::ASN1::OctetString <=> _value_ is a String
|
1671
1672
|
* * OpenSSL::ASN1::Null <=> _value_ is always +nil+
|
1672
1673
|
* * OpenSSL::ASN1::Object <=> _value_ is a String
|
1673
|
-
* * OpenSSL::ASN1::Enumerated <=> _value_ is an
|
1674
|
+
* * OpenSSL::ASN1::Enumerated <=> _value_ is an OpenSSL::BN
|
1674
1675
|
* * OpenSSL::ASN1::UTF8String <=> _value_ is a String
|
1675
1676
|
* * OpenSSL::ASN1::NumericString <=> _value_ is a String
|
1676
1677
|
* * OpenSSL::ASN1::PrintableString <=> _value_ is a String
|
@@ -1823,6 +1824,7 @@ do{\
|
|
1823
1824
|
rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
|
1824
1825
|
|
1825
1826
|
class_tag_map = rb_hash_new();
|
1827
|
+
rb_gc_register_mark_object(class_tag_map);
|
1826
1828
|
rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
|
1827
1829
|
rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
|
1828
1830
|
rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
|
@@ -1846,7 +1848,6 @@ do{\
|
|
1846
1848
|
rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
|
1847
1849
|
rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
|
1848
1850
|
rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
|
1849
|
-
rb_global_variable(&class_tag_map);
|
1850
1851
|
|
1851
1852
|
id_each = rb_intern_const("each");
|
1852
1853
|
}
|
data/ext/openssl/ossl_bn.c
CHANGED
@@ -187,6 +187,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
|
187
187
|
BIGNUM *bn;
|
188
188
|
VALUE str, bs;
|
189
189
|
int base = 10;
|
190
|
+
char *ptr;
|
190
191
|
|
191
192
|
if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) {
|
192
193
|
base = NUM2INT(bs);
|
@@ -213,12 +214,14 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
|
|
213
214
|
GetBN(self, bn);
|
214
215
|
switch (base) {
|
215
216
|
case 0:
|
216
|
-
|
217
|
+
ptr = StringValuePtr(str);
|
218
|
+
if (!BN_mpi2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
|
217
219
|
ossl_raise(eBNError, NULL);
|
218
220
|
}
|
219
221
|
break;
|
220
222
|
case 2:
|
221
|
-
|
223
|
+
ptr = StringValuePtr(str);
|
224
|
+
if (!BN_bin2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
|
222
225
|
ossl_raise(eBNError, NULL);
|
223
226
|
}
|
224
227
|
break;
|
@@ -397,7 +400,7 @@ ossl_bn_is_negative(VALUE self)
|
|
397
400
|
if (!(result = BN_new())) { \
|
398
401
|
ossl_raise(eBNError, NULL); \
|
399
402
|
} \
|
400
|
-
if (
|
403
|
+
if (BN_##func(result, bn, ossl_bn_ctx) <= 0) { \
|
401
404
|
BN_free(result); \
|
402
405
|
ossl_raise(eBNError, NULL); \
|
403
406
|
} \
|
@@ -423,7 +426,7 @@ BIGNUM_1c(sqr)
|
|
423
426
|
if (!(result = BN_new())) { \
|
424
427
|
ossl_raise(eBNError, NULL); \
|
425
428
|
} \
|
426
|
-
if (
|
429
|
+
if (BN_##func(result, bn1, bn2) <= 0) { \
|
427
430
|
BN_free(result); \
|
428
431
|
ossl_raise(eBNError, NULL); \
|
429
432
|
} \
|
@@ -456,7 +459,7 @@ BIGNUM_2(sub)
|
|
456
459
|
if (!(result = BN_new())) { \
|
457
460
|
ossl_raise(eBNError, NULL); \
|
458
461
|
} \
|
459
|
-
if (
|
462
|
+
if (BN_##func(result, bn1, bn2, ossl_bn_ctx) <= 0) { \
|
460
463
|
BN_free(result); \
|
461
464
|
ossl_raise(eBNError, NULL); \
|
462
465
|
} \
|
@@ -500,11 +503,21 @@ BIGNUM_2c(gcd)
|
|
500
503
|
BIGNUM_2c(mod_sqr)
|
501
504
|
|
502
505
|
/*
|
503
|
-
* Document-method: OpenSSL::BN#mod_inverse
|
504
506
|
* call-seq:
|
505
|
-
*
|
507
|
+
* bn.mod_inverse(bn2) => aBN
|
506
508
|
*/
|
507
|
-
|
509
|
+
static VALUE
|
510
|
+
ossl_bn_mod_inverse(VALUE self, VALUE other)
|
511
|
+
{
|
512
|
+
BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;
|
513
|
+
VALUE obj;
|
514
|
+
GetBN(self, bn1);
|
515
|
+
obj = NewBN(rb_obj_class(self));
|
516
|
+
if (!(result = BN_mod_inverse(NULL, bn1, bn2, ossl_bn_ctx)))
|
517
|
+
ossl_raise(eBNError, "BN_mod_inverse");
|
518
|
+
SetBN(obj, result);
|
519
|
+
return obj;
|
520
|
+
}
|
508
521
|
|
509
522
|
/*
|
510
523
|
* call-seq:
|
@@ -553,7 +566,7 @@ ossl_bn_div(VALUE self, VALUE other)
|
|
553
566
|
if (!(result = BN_new())) { \
|
554
567
|
ossl_raise(eBNError, NULL); \
|
555
568
|
} \
|
556
|
-
if (
|
569
|
+
if (BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx) <= 0) { \
|
557
570
|
BN_free(result); \
|
558
571
|
ossl_raise(eBNError, NULL); \
|
559
572
|
} \
|
@@ -595,7 +608,7 @@ BIGNUM_3c(mod_exp)
|
|
595
608
|
{ \
|
596
609
|
BIGNUM *bn; \
|
597
610
|
GetBN(self, bn); \
|
598
|
-
if (
|
611
|
+
if (BN_##func(bn, NUM2INT(bit)) <= 0) { \
|
599
612
|
ossl_raise(eBNError, NULL); \
|
600
613
|
} \
|
601
614
|
return self; \
|
@@ -655,7 +668,7 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit)
|
|
655
668
|
if (!(result = BN_new())) { \
|
656
669
|
ossl_raise(eBNError, NULL); \
|
657
670
|
} \
|
658
|
-
if (
|
671
|
+
if (BN_##func(result, bn, b) <= 0) { \
|
659
672
|
BN_free(result); \
|
660
673
|
ossl_raise(eBNError, NULL); \
|
661
674
|
} \
|
@@ -685,7 +698,7 @@ BIGNUM_SHIFT(rshift)
|
|
685
698
|
int b; \
|
686
699
|
b = NUM2INT(bits); \
|
687
700
|
GetBN(self, bn); \
|
688
|
-
if (
|
701
|
+
if (BN_##func(bn, bn, b) <= 0) \
|
689
702
|
ossl_raise(eBNError, NULL); \
|
690
703
|
return self; \
|
691
704
|
}
|
@@ -724,7 +737,7 @@ BIGNUM_SELF_SHIFT(rshift)
|
|
724
737
|
if (!(result = BN_new())) { \
|
725
738
|
ossl_raise(eBNError, NULL); \
|
726
739
|
} \
|
727
|
-
if (
|
740
|
+
if (BN_##func(result, b, top, bottom) <= 0) { \
|
728
741
|
BN_free(result); \
|
729
742
|
ossl_raise(eBNError, NULL); \
|
730
743
|
} \
|
@@ -753,7 +766,7 @@ BIGNUM_RAND(pseudo_rand)
|
|
753
766
|
if (!(result = BN_new())) { \
|
754
767
|
ossl_raise(eBNError, NULL); \
|
755
768
|
} \
|
756
|
-
if (
|
769
|
+
if (BN_##func##_range(result, bn) <= 0) { \
|
757
770
|
BN_free(result); \
|
758
771
|
ossl_raise(eBNError, NULL); \
|
759
772
|
} \
|
data/ext/openssl/ossl_cipher.c
CHANGED
@@ -317,6 +317,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
|
|
317
317
|
salt = (unsigned char *)RSTRING_PTR(vsalt);
|
318
318
|
}
|
319
319
|
iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
|
320
|
+
if (iter <= 0)
|
321
|
+
rb_raise(rb_eArgError, "iterations must be a positive integer");
|
320
322
|
digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_get_digestbyname(vdigest);
|
321
323
|
GetCipher(self, ctx);
|
322
324
|
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,
|
data/ext/openssl/ossl_digest.c
CHANGED
@@ -313,8 +313,6 @@ ossl_digest_block_length(VALUE self)
|
|
313
313
|
void
|
314
314
|
Init_ossl_digest(void)
|
315
315
|
{
|
316
|
-
rb_require("digest");
|
317
|
-
|
318
316
|
#if 0
|
319
317
|
mOSSL = rb_define_module("OpenSSL");
|
320
318
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
@@ -433,6 +431,12 @@ Init_ossl_digest(void)
|
|
433
431
|
* digest2 = sha256.digest(data2)
|
434
432
|
*
|
435
433
|
*/
|
434
|
+
|
435
|
+
/*
|
436
|
+
* Digest::Class is defined by the digest library. rb_require() cannot be
|
437
|
+
* used here because it bypasses RubyGems.
|
438
|
+
*/
|
439
|
+
rb_funcall(Qnil, rb_intern_const("require"), 1, rb_str_new_cstr("digest"));
|
436
440
|
cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class"));
|
437
441
|
/* Document-class: OpenSSL::Digest::DigestError
|
438
442
|
*
|
data/ext/openssl/ossl_pkcs12.c
CHANGED
data/ext/openssl/ossl_pkcs7.c
CHANGED
data/ext/openssl/ossl_pkey.c
CHANGED
@@ -20,6 +20,21 @@ static ID id_private_q;
|
|
20
20
|
/*
|
21
21
|
* callback for generating keys
|
22
22
|
*/
|
23
|
+
static VALUE
|
24
|
+
call_check_ints0(VALUE arg)
|
25
|
+
{
|
26
|
+
rb_thread_check_ints();
|
27
|
+
return Qnil;
|
28
|
+
}
|
29
|
+
|
30
|
+
static void *
|
31
|
+
call_check_ints(void *arg)
|
32
|
+
{
|
33
|
+
int state;
|
34
|
+
rb_protect(call_check_ints0, Qnil, &state);
|
35
|
+
return (void *)(VALUE)state;
|
36
|
+
}
|
37
|
+
|
23
38
|
int
|
24
39
|
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
25
40
|
{
|
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
|
38
53
|
*/
|
39
54
|
rb_protect(rb_yield, ary, &state);
|
40
55
|
if (state) {
|
41
|
-
arg->stop = 1;
|
42
56
|
arg->state = state;
|
57
|
+
return 0;
|
58
|
+
}
|
59
|
+
}
|
60
|
+
if (arg->interrupted) {
|
61
|
+
arg->interrupted = 0;
|
62
|
+
state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
|
63
|
+
if (state) {
|
64
|
+
arg->state = state;
|
65
|
+
return 0;
|
43
66
|
}
|
44
67
|
}
|
45
|
-
if (arg->stop) return 0;
|
46
68
|
return 1;
|
47
69
|
}
|
48
70
|
|
@@ -50,7 +72,7 @@ void
|
|
50
72
|
ossl_generate_cb_stop(void *ptr)
|
51
73
|
{
|
52
74
|
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
|
53
|
-
arg->
|
75
|
+
arg->interrupted = 1;
|
54
76
|
}
|
55
77
|
|
56
78
|
static void
|
@@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
|
|
389
411
|
void
|
390
412
|
Init_ossl_pkey(void)
|
391
413
|
{
|
414
|
+
#undef rb_intern
|
392
415
|
#if 0
|
393
416
|
mOSSL = rb_define_module("OpenSSL");
|
394
417
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
data/ext/openssl/ossl_pkey.h
CHANGED
@@ -37,7 +37,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
|
|
37
37
|
|
38
38
|
struct ossl_generate_cb_arg {
|
39
39
|
int yield;
|
40
|
-
int
|
40
|
+
int interrupted;
|
41
41
|
int state;
|
42
42
|
};
|
43
43
|
int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
|
@@ -133,9 +133,9 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALU
|
|
133
133
|
BIGNUM *bn3 = NULL, *orig_bn3 = NIL_P(v3) ? NULL : GetBNPtr(v3);\
|
134
134
|
\
|
135
135
|
Get##_type(self, obj); \
|
136
|
-
|
137
|
-
|
138
|
-
|
136
|
+
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
137
|
+
(orig_bn2 && !(bn2 = BN_dup(orig_bn2))) || \
|
138
|
+
(orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) { \
|
139
139
|
BN_clear_free(bn1); \
|
140
140
|
BN_clear_free(bn2); \
|
141
141
|
BN_clear_free(bn3); \
|
@@ -163,8 +163,8 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
|
|
163
163
|
BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
|
164
164
|
\
|
165
165
|
Get##_type(self, obj); \
|
166
|
-
|
167
|
-
|
166
|
+
if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
|
167
|
+
(orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) { \
|
168
168
|
BN_clear_free(bn1); \
|
169
169
|
BN_clear_free(bn2); \
|
170
170
|
ossl_raise(eBNError, NULL); \
|
data/ext/openssl/ossl_pkey_dh.c
CHANGED
@@ -262,7 +262,7 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
|
|
262
262
|
BIGNUM *pub2 = BN_dup(pub);
|
263
263
|
BIGNUM *priv2 = BN_dup(priv);
|
264
264
|
|
265
|
-
|
265
|
+
if (!pub2 || (priv && !priv2)) {
|
266
266
|
BN_clear_free(pub2);
|
267
267
|
BN_clear_free(priv2);
|
268
268
|
ossl_raise(eDHError, "BN_dup");
|