openssl 2.1.1 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.md +35 -0
- data/ext/openssl/extconf.rb +7 -0
- data/ext/openssl/openssl_missing.h +2 -2
- data/ext/openssl/ossl.c +1 -0
- data/ext/openssl/ossl_asn1.c +1 -0
- data/ext/openssl/ossl_pkcs12.c +1 -0
- data/ext/openssl/ossl_pkcs7.c +1 -0
- data/ext/openssl/ossl_pkey.c +26 -3
- data/ext/openssl/ossl_pkey.h +1 -1
- data/ext/openssl/ossl_pkey_ec.c +1 -0
- data/ext/openssl/ossl_version.h +1 -1
- data/ext/openssl/ossl_x509ext.c +1 -0
- data/ext/openssl/ossl_x509name.c +8 -7
- data/ext/openssl/ossl_x509store.c +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9a5ba46835caa91a77f80010c07b52e8532221c8a1b4726159584eb92a6ce204
|
|
4
|
+
data.tar.gz: ca5ba9b87ceb945ac1f312e00ceadae32c868e2659e89677ed534a22ed145cf8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0eb54df27a2aa1455fb18b6e5e05c40598ba3f342ad933fd035342596b55a1e68c3b9607cede2b955961805150ca8eb7dcfa2a046600614da1d80dc9d17db17b
|
|
7
|
+
data.tar.gz: 31ac63101df5218fa003477b130b07a32826f685e465c71cf43fc9db28d3ecbb275e5dcc4b685860f418ea893378c133009af92ff1a2293b3d91606a8055b70b
|
data/History.md
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
Version 2.1.2
|
|
2
|
+
=============
|
|
3
|
+
|
|
4
|
+
Merged changes in 2.0.9.
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
Version 2.1.1
|
|
8
|
+
=============
|
|
9
|
+
|
|
10
|
+
Merged changes in 2.0.8.
|
|
11
|
+
|
|
12
|
+
|
|
1
13
|
Version 2.1.0
|
|
2
14
|
=============
|
|
3
15
|
|
|
@@ -55,6 +67,29 @@ Notable changes
|
|
|
55
67
|
[[GitHub #177]](https://github.com/ruby/openssl/pull/177)
|
|
56
68
|
|
|
57
69
|
|
|
70
|
+
Version 2.0.9
|
|
71
|
+
=============
|
|
72
|
+
|
|
73
|
+
Security fixes
|
|
74
|
+
--------------
|
|
75
|
+
|
|
76
|
+
* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
|
|
77
|
+
objects. CVE-2018-16395 is assigned for this issue.
|
|
78
|
+
https://hackerone.com/reports/387250
|
|
79
|
+
|
|
80
|
+
Bug fixes
|
|
81
|
+
---------
|
|
82
|
+
|
|
83
|
+
* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
|
|
84
|
+
interrupted.
|
|
85
|
+
[[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
|
|
86
|
+
[[GitHub #205]](https://github.com/ruby/openssl/pull/205)
|
|
87
|
+
* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
|
|
88
|
+
called against an empty instance.
|
|
89
|
+
[[GitHub #200]](https://github.com/ruby/openssl/issues/200)
|
|
90
|
+
[[GitHub #211]](https://github.com/ruby/openssl/pull/211)
|
|
91
|
+
|
|
92
|
+
|
|
58
93
|
Version 2.0.8
|
|
59
94
|
=============
|
|
60
95
|
|
data/ext/openssl/extconf.rb
CHANGED
|
@@ -33,6 +33,9 @@ end
|
|
|
33
33
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
|
34
34
|
have_library("nsl", "t_open")
|
|
35
35
|
have_library("socket", "socket")
|
|
36
|
+
if $mswin || $mingw
|
|
37
|
+
have_library("ws2_32")
|
|
38
|
+
end
|
|
36
39
|
|
|
37
40
|
Logging::message "=== Checking for required stuff... ===\n"
|
|
38
41
|
result = pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
@@ -111,6 +114,10 @@ engines.each { |name|
|
|
|
111
114
|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
|
|
112
115
|
}
|
|
113
116
|
|
|
117
|
+
if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
|
118
|
+
$defs.push("-DNOCRYPT")
|
|
119
|
+
end
|
|
120
|
+
|
|
114
121
|
# added in 1.0.2
|
|
115
122
|
have_func("EC_curve_nist2nid")
|
|
116
123
|
have_func("X509_REVOKED_dup")
|
|
@@ -149,7 +149,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
|
149
149
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
|
150
150
|
return pkey->pkey._name; }
|
|
151
151
|
#define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
|
|
152
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
|
152
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
|
153
153
|
if (a1) *a1 = obj->a1; \
|
|
154
154
|
if (a2) *a2 = obj->a2; } \
|
|
155
155
|
static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
@@ -158,7 +158,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
|
158
158
|
BN_clear_free(obj->a2); obj->a2 = a2; \
|
|
159
159
|
return 1; }
|
|
160
160
|
#define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
|
|
161
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
|
161
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
|
162
162
|
if (a1) *a1 = obj->a1; \
|
|
163
163
|
if (a2) *a2 = obj->a2; \
|
|
164
164
|
if (a3) *a3 = obj->a3; } \
|
data/ext/openssl/ossl.c
CHANGED
data/ext/openssl/ossl_asn1.c
CHANGED
data/ext/openssl/ossl_pkcs12.c
CHANGED
data/ext/openssl/ossl_pkcs7.c
CHANGED
data/ext/openssl/ossl_pkey.c
CHANGED
|
@@ -20,6 +20,21 @@ static ID id_private_q;
|
|
|
20
20
|
/*
|
|
21
21
|
* callback for generating keys
|
|
22
22
|
*/
|
|
23
|
+
static VALUE
|
|
24
|
+
call_check_ints0(VALUE arg)
|
|
25
|
+
{
|
|
26
|
+
rb_thread_check_ints();
|
|
27
|
+
return Qnil;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
static void *
|
|
31
|
+
call_check_ints(void *arg)
|
|
32
|
+
{
|
|
33
|
+
int state;
|
|
34
|
+
rb_protect(call_check_ints0, Qnil, &state);
|
|
35
|
+
return (void *)(VALUE)state;
|
|
36
|
+
}
|
|
37
|
+
|
|
23
38
|
int
|
|
24
39
|
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
|
25
40
|
{
|
|
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
|
|
38
53
|
*/
|
|
39
54
|
rb_protect(rb_yield, ary, &state);
|
|
40
55
|
if (state) {
|
|
41
|
-
arg->stop = 1;
|
|
42
56
|
arg->state = state;
|
|
57
|
+
return 0;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
if (arg->interrupted) {
|
|
61
|
+
arg->interrupted = 0;
|
|
62
|
+
state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
|
|
63
|
+
if (state) {
|
|
64
|
+
arg->state = state;
|
|
65
|
+
return 0;
|
|
43
66
|
}
|
|
44
67
|
}
|
|
45
|
-
if (arg->stop) return 0;
|
|
46
68
|
return 1;
|
|
47
69
|
}
|
|
48
70
|
|
|
@@ -50,7 +72,7 @@ void
|
|
|
50
72
|
ossl_generate_cb_stop(void *ptr)
|
|
51
73
|
{
|
|
52
74
|
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
|
|
53
|
-
arg->
|
|
75
|
+
arg->interrupted = 1;
|
|
54
76
|
}
|
|
55
77
|
|
|
56
78
|
static void
|
|
@@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
|
|
|
389
411
|
void
|
|
390
412
|
Init_ossl_pkey(void)
|
|
391
413
|
{
|
|
414
|
+
#undef rb_intern
|
|
392
415
|
#if 0
|
|
393
416
|
mOSSL = rb_define_module("OpenSSL");
|
|
394
417
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
data/ext/openssl/ossl_pkey.h
CHANGED
data/ext/openssl/ossl_pkey_ec.c
CHANGED
|
@@ -1649,6 +1649,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
|
|
|
1649
1649
|
|
|
1650
1650
|
void Init_ossl_ec(void)
|
|
1651
1651
|
{
|
|
1652
|
+
#undef rb_intern
|
|
1652
1653
|
#if 0
|
|
1653
1654
|
mPKey = rb_define_module_under(mOSSL, "PKey");
|
|
1654
1655
|
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
|
data/ext/openssl/ossl_version.h
CHANGED
data/ext/openssl/ossl_x509ext.c
CHANGED
data/ext/openssl/ossl_x509name.c
CHANGED
|
@@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self)
|
|
|
250
250
|
{
|
|
251
251
|
X509_NAME *name;
|
|
252
252
|
char *buf;
|
|
253
|
-
VALUE str;
|
|
254
253
|
|
|
255
254
|
GetX509Name(self, name);
|
|
256
255
|
buf = X509_NAME_oneline(name, NULL, 0);
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
return str;
|
|
256
|
+
if (!buf)
|
|
257
|
+
ossl_raise(eX509NameError, "X509_NAME_oneline");
|
|
258
|
+
return ossl_buf2str(buf, rb_long2int(strlen(buf)));
|
|
261
259
|
}
|
|
262
260
|
|
|
263
261
|
static VALUE
|
|
@@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long iflag)
|
|
|
265
263
|
{
|
|
266
264
|
X509_NAME *name;
|
|
267
265
|
BIO *out;
|
|
266
|
+
int ret;
|
|
268
267
|
|
|
269
268
|
GetX509Name(self, name);
|
|
270
269
|
out = BIO_new(BIO_s_mem());
|
|
271
270
|
if (!out)
|
|
272
271
|
ossl_raise(eX509NameError, NULL);
|
|
273
|
-
|
|
272
|
+
ret = X509_NAME_print_ex(out, name, 0, iflag);
|
|
273
|
+
if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
|
|
274
274
|
BIO_free(out);
|
|
275
275
|
ossl_raise(eX509NameError, "X509_NAME_print_ex");
|
|
276
276
|
}
|
|
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
|
|
|
400
400
|
|
|
401
401
|
result = ossl_x509name_cmp0(self, other);
|
|
402
402
|
if (result < 0) return INT2FIX(-1);
|
|
403
|
-
if (result >
|
|
403
|
+
if (result > 0) return INT2FIX(1);
|
|
404
404
|
|
|
405
405
|
return INT2FIX(0);
|
|
406
406
|
}
|
|
@@ -502,6 +502,7 @@ ossl_x509name_to_der(VALUE self)
|
|
|
502
502
|
void
|
|
503
503
|
Init_ossl_x509name(void)
|
|
504
504
|
{
|
|
505
|
+
#undef rb_intern
|
|
505
506
|
VALUE utf8str, ptrstr, ia5str, hash;
|
|
506
507
|
|
|
507
508
|
#if 0
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openssl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martin Bosslet
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2018-
|
|
14
|
+
date: 2018-10-18 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: rake
|