openssl 2.1.1 → 2.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e17353c3f443f1f4ba2afd65319630911e93cd4204b71e0a50a0640ab50ee714
4
- data.tar.gz: 8a7b4d82c64a0a80198624fa96af48c03163205ec84331e9618b26ff764f6c4c
3
+ metadata.gz: 88da06860381b21467805e571f0b92f020a070dd3088f39cd8511a6a1dcc87aa
4
+ data.tar.gz: 28dbc9f0648e7a4a4400fcc8ced412286099dca4bfeea603cc0804a8c204e33f
5
5
  SHA512:
6
- metadata.gz: e7d48ecc23c6dabc5eb29ee78b605096bfed6d62e83f66d2cbb67316afdb68dafe5c1b9c8c0ced0fba6478d671fda75969e35d50b22051458ca237b470973a9c
7
- data.tar.gz: c349830b16d8a87f1563b5f25f6451889e323c7a9b7666e9769f5c412c3f412728586adb4b4cb1365e34c54cb0d931467388c8f0b37f140dbc825459af20bb64
6
+ metadata.gz: 7a2f752f6cafd6de5a0ef4674ae625d1afe8061da727a46732031de22d150d972bca92e783bef224706a0c511e27b6fc1aec787554c00efbb03b08ebf6e12f6e
7
+ data.tar.gz: '09459c4b38deda5c19ad1fde1129e0de914f25f131d2f7d27ec535d6216130cdd3fe1b0f8ee8edd8f661625f62185e68b688b4f3d5713fc13562285b4e8651e4'
data/History.md CHANGED
@@ -1,3 +1,61 @@
1
+ Version 2.1.4
2
+ =============
3
+
4
+ Bug fixes
5
+ ---------
6
+
7
+ * Do not use pkg-config if --with-openssl-dir option is specified.
8
+ [[GitHub #486]](https://github.com/ruby/openssl/pull/486)
9
+
10
+
11
+ Version 2.1.3
12
+ =============
13
+
14
+ Bug fixes
15
+ ---------
16
+
17
+ * Fix deprecation warnings on Ruby 3.0.
18
+ * Add ".include" directive support in `OpenSSL::Config`.
19
+ [[GitHub #216]](https://github.com/ruby/openssl/pull/216)
20
+ * Fix handling of IPv6 address SANs.
21
+ [[GitHub #185]](https://github.com/ruby/openssl/pull/185)
22
+ * Hostname verification failure with `OpenSSL::SSL::SSLContext#verify_hostname=`
23
+ sets a proper error code.
24
+ [[GitHub #350]](https://github.com/ruby/openssl/pull/350)
25
+ * Fix crash with `OpenSSL::BN.new(nil, 2)`.
26
+ [[Bug #15760]](https://bugs.ruby-lang.org/issues/15760)
27
+ * `OpenSSL::SSL::SSLSocket#sys{read,write}` prevent internal string buffers from
28
+ being modified by another thread.
29
+ [[GitHub #453]](https://github.com/ruby/openssl/pull/453)
30
+ * Fix misuse of input record separator in `OpenSSL::Buffering` where it was
31
+ for output.
32
+ * Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
33
+ [[GitHub #460]](https://github.com/ruby/openssl/pull/460)
34
+ * `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
35
+ newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
36
+ OpenSSL 3.0 API.
37
+ [[GitHub #458]](https://github.com/ruby/openssl/pull/458)
38
+ * Activate `digest` gem correctly. `digest` library could go into an
39
+ inconsistent state if there are multiple versions of `digest` is installed
40
+ and `openssl` is `require`d before `digest`.
41
+ [[GitHub #463]](https://github.com/ruby/openssl/pull/463)
42
+ * Fix GC.compact compatibility.
43
+ [[GitHub #464]](https://github.com/ruby/openssl/issues/464)
44
+ [[GitHub #465]](https://github.com/ruby/openssl/pull/465)
45
+
46
+
47
+ Version 2.1.2
48
+ =============
49
+
50
+ Merged changes in 2.0.9.
51
+
52
+
53
+ Version 2.1.1
54
+ =============
55
+
56
+ Merged changes in 2.0.8.
57
+
58
+
1
59
  Version 2.1.0
2
60
  =============
3
61
 
@@ -55,6 +113,29 @@ Notable changes
55
113
  [[GitHub #177]](https://github.com/ruby/openssl/pull/177)
56
114
 
57
115
 
116
+ Version 2.0.9
117
+ =============
118
+
119
+ Security fixes
120
+ --------------
121
+
122
+ * OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
123
+ objects. CVE-2018-16395 is assigned for this issue.
124
+ https://hackerone.com/reports/387250
125
+
126
+ Bug fixes
127
+ ---------
128
+
129
+ * Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
130
+ interrupted.
131
+ [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
132
+ [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
133
+ * Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
134
+ called against an empty instance.
135
+ [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
136
+ [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
137
+
138
+
58
139
  Version 2.0.8
59
140
  =============
60
141
 
@@ -3,7 +3,7 @@ module OpenSSL
3
3
  def self.deprecated_warning_flag
4
4
  unless flag = (@deprecated_warning_flag ||= nil)
5
5
  if try_compile("", flag = "-Werror=deprecated-declarations")
6
- $warnflags << " #{flag}"
6
+ $warnflags = "#{@warnflags = $warnflags}" #{flag}"
7
7
  else
8
8
  flag = ""
9
9
  end
@@ -12,6 +12,10 @@ module OpenSSL
12
12
  flag
13
13
  end
14
14
 
15
+ def self.restore_warning_flag
16
+ $warnflags = @warnflags
17
+ end
18
+
15
19
  def self.check_func(func, header)
16
20
  have_func(func, header, deprecated_warning_flag)
17
21
  end
@@ -14,12 +14,12 @@
14
14
  require "mkmf"
15
15
  require File.expand_path('../deprecation', __FILE__)
16
16
 
17
- dir_config("openssl")
17
+ dir_config_given = dir_config("openssl").any?
18
18
  dir_config("kerberos")
19
19
 
20
20
  Logging::message "=== OpenSSL for Ruby configurator ===\n"
21
21
 
22
- # Add -Werror=deprecated-declarations to $warnflags if available
22
+ # Check with -Werror=deprecated-declarations if available
23
23
  OpenSSL.deprecated_warning_flag
24
24
 
25
25
  ##
@@ -33,9 +33,9 @@ end
33
33
  Logging::message "=== Checking for system dependent stuff... ===\n"
34
34
  have_library("nsl", "t_open")
35
35
  have_library("socket", "socket")
36
-
37
- Logging::message "=== Checking for required stuff... ===\n"
38
- result = pkg_config("openssl") && have_header("openssl/ssl.h")
36
+ if $mswin || $mingw
37
+ have_library("ws2_32")
38
+ end
39
39
 
40
40
  def find_openssl_library
41
41
  if $mswin || $mingw
@@ -87,19 +87,33 @@ def find_openssl_library
87
87
  return false
88
88
  end
89
89
 
90
- unless result
91
- unless find_openssl_library
92
- Logging::message "=== Checking for required stuff failed. ===\n"
93
- Logging::message "Makefile wasn't created. Fix the errors above.\n"
94
- raise "OpenSSL library could not be found. You might want to use " \
95
- "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
96
- "is installed."
97
- end
90
+ Logging::message "=== Checking for required stuff... ===\n"
91
+ pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
92
+
93
+ if !pkg_config_found && !find_openssl_library
94
+ Logging::message "=== Checking for required stuff failed. ===\n"
95
+ Logging::message "Makefile wasn't created. Fix the errors above.\n"
96
+ raise "OpenSSL library could not be found. You might want to use " \
97
+ "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
98
+ "is installed."
99
+ end
100
+
101
+ version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
102
+ is_libressl = true
103
+ checking_for("LibreSSL version >= 2.5.0") {
104
+ try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
105
+ else
106
+ checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
107
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
108
+ !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
109
+ end
110
+ unless version_ok
111
+ raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
98
112
  end
99
113
 
100
- unless checking_for("OpenSSL version is 1.0.1 or later") {
101
- try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
102
- raise "OpenSSL >= 1.0.1 or LibreSSL is required"
114
+ # Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
115
+ if is_libressl && ($mswin || $mingw)
116
+ $defs.push("-DNOCRYPT")
103
117
  end
104
118
 
105
119
  Logging::message "=== Checking for OpenSSL features... ===\n"
@@ -162,5 +176,6 @@ have_func("EVP_PBE_scrypt")
162
176
  Logging::message "=== Checking done. ===\n"
163
177
 
164
178
  create_header
179
+ OpenSSL.restore_warning_flag
165
180
  create_makefile("openssl")
166
181
  Logging::message "Done.\n"
@@ -149,7 +149,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
149
149
  static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
150
150
  return pkey->pkey._name; }
151
151
  #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
152
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
152
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
153
153
  if (a1) *a1 = obj->a1; \
154
154
  if (a2) *a2 = obj->a2; } \
155
155
  static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@@ -158,7 +158,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
158
158
  BN_clear_free(obj->a2); obj->a2 = a2; \
159
159
  return 1; }
160
160
  #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
161
- static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
161
+ static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
162
162
  if (a1) *a1 = obj->a1; \
163
163
  if (a2) *a2 = obj->a2; \
164
164
  if (a3) *a3 = obj->a3; } \
@@ -185,7 +185,7 @@ IMPL_KEY_ACCESSOR3(DSA, pqg, p, q, g, (p == obj->p || q == obj->q || g == obj->g
185
185
  #if !defined(OPENSSL_NO_DH)
186
186
  IMPL_PKEY_GETTER(DH, dh)
187
187
  IMPL_KEY_ACCESSOR2(DH, key, pub_key, priv_key, (pub_key == obj->pub_key || (obj->priv_key && priv_key == obj->priv_key)))
188
- IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || obj->q && q == obj->q || g == obj->g))
188
+ IMPL_KEY_ACCESSOR3(DH, pqg, p, q, g, (p == obj->p || (obj->q && q == obj->q) || g == obj->g))
189
189
  static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
190
190
  #endif
191
191
 
data/ext/openssl/ossl.c CHANGED
@@ -338,7 +338,7 @@ ossl_clear_error(void)
338
338
  * implementation.
339
339
  */
340
340
  VALUE
341
- ossl_get_errors(void)
341
+ ossl_get_errors(VALUE _)
342
342
  {
343
343
  VALUE ary;
344
344
  long e;
@@ -398,7 +398,7 @@ ossl_debug_set(VALUE self, VALUE val)
398
398
  }
399
399
 
400
400
  /*
401
- * call-seq
401
+ * call-seq:
402
402
  * OpenSSL.fips_mode -> true | false
403
403
  */
404
404
  static VALUE
@@ -1099,6 +1099,7 @@ static void Init_ossl_locks(void)
1099
1099
  void
1100
1100
  Init_openssl(void)
1101
1101
  {
1102
+ #undef rb_intern
1102
1103
  /*
1103
1104
  * Init timezone info
1104
1105
  */
data/ext/openssl/ossl.h CHANGED
@@ -13,8 +13,8 @@
13
13
  #include RUBY_EXTCONF_H
14
14
 
15
15
  #include <assert.h>
16
- #include <errno.h>
17
16
  #include <ruby.h>
17
+ #include <errno.h>
18
18
  #include <ruby/io.h>
19
19
  #include <ruby/thread.h>
20
20
  #include <openssl/opensslv.h>
@@ -1360,6 +1360,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
1360
1360
  void
1361
1361
  Init_ossl_asn1(void)
1362
1362
  {
1363
+ #undef rb_intern
1363
1364
  VALUE ary;
1364
1365
  int i;
1365
1366
 
@@ -1823,6 +1824,7 @@ do{\
1823
1824
  rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
1824
1825
 
1825
1826
  class_tag_map = rb_hash_new();
1827
+ rb_gc_register_mark_object(class_tag_map);
1826
1828
  rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
1827
1829
  rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
1828
1830
  rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
@@ -1846,7 +1848,6 @@ do{\
1846
1848
  rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
1847
1849
  rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
1848
1850
  rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
1849
- rb_global_variable(&class_tag_map);
1850
1851
 
1851
1852
  id_each = rb_intern_const("each");
1852
1853
  }
@@ -187,6 +187,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
187
187
  BIGNUM *bn;
188
188
  VALUE str, bs;
189
189
  int base = 10;
190
+ char *ptr;
190
191
 
191
192
  if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) {
192
193
  base = NUM2INT(bs);
@@ -213,12 +214,14 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
213
214
  GetBN(self, bn);
214
215
  switch (base) {
215
216
  case 0:
216
- if (!BN_mpi2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
217
+ ptr = StringValuePtr(str);
218
+ if (!BN_mpi2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
217
219
  ossl_raise(eBNError, NULL);
218
220
  }
219
221
  break;
220
222
  case 2:
221
- if (!BN_bin2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
223
+ ptr = StringValuePtr(str);
224
+ if (!BN_bin2bn((unsigned char *)ptr, RSTRING_LENINT(str), bn)) {
222
225
  ossl_raise(eBNError, NULL);
223
226
  }
224
227
  break;
@@ -397,7 +400,7 @@ ossl_bn_is_negative(VALUE self)
397
400
  if (!(result = BN_new())) { \
398
401
  ossl_raise(eBNError, NULL); \
399
402
  } \
400
- if (!BN_##func(result, bn, ossl_bn_ctx)) { \
403
+ if (BN_##func(result, bn, ossl_bn_ctx) <= 0) { \
401
404
  BN_free(result); \
402
405
  ossl_raise(eBNError, NULL); \
403
406
  } \
@@ -423,7 +426,7 @@ BIGNUM_1c(sqr)
423
426
  if (!(result = BN_new())) { \
424
427
  ossl_raise(eBNError, NULL); \
425
428
  } \
426
- if (!BN_##func(result, bn1, bn2)) { \
429
+ if (BN_##func(result, bn1, bn2) <= 0) { \
427
430
  BN_free(result); \
428
431
  ossl_raise(eBNError, NULL); \
429
432
  } \
@@ -456,7 +459,7 @@ BIGNUM_2(sub)
456
459
  if (!(result = BN_new())) { \
457
460
  ossl_raise(eBNError, NULL); \
458
461
  } \
459
- if (!BN_##func(result, bn1, bn2, ossl_bn_ctx)) { \
462
+ if (BN_##func(result, bn1, bn2, ossl_bn_ctx) <= 0) { \
460
463
  BN_free(result); \
461
464
  ossl_raise(eBNError, NULL); \
462
465
  } \
@@ -500,11 +503,21 @@ BIGNUM_2c(gcd)
500
503
  BIGNUM_2c(mod_sqr)
501
504
 
502
505
  /*
503
- * Document-method: OpenSSL::BN#mod_inverse
504
506
  * call-seq:
505
- * bn.mod_inverse(bn2) => aBN
507
+ * bn.mod_inverse(bn2) => aBN
506
508
  */
507
- BIGNUM_2c(mod_inverse)
509
+ static VALUE
510
+ ossl_bn_mod_inverse(VALUE self, VALUE other)
511
+ {
512
+ BIGNUM *bn1, *bn2 = GetBNPtr(other), *result;
513
+ VALUE obj;
514
+ GetBN(self, bn1);
515
+ obj = NewBN(rb_obj_class(self));
516
+ if (!(result = BN_mod_inverse(NULL, bn1, bn2, ossl_bn_ctx)))
517
+ ossl_raise(eBNError, "BN_mod_inverse");
518
+ SetBN(obj, result);
519
+ return obj;
520
+ }
508
521
 
509
522
  /*
510
523
  * call-seq:
@@ -553,7 +566,7 @@ ossl_bn_div(VALUE self, VALUE other)
553
566
  if (!(result = BN_new())) { \
554
567
  ossl_raise(eBNError, NULL); \
555
568
  } \
556
- if (!BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx)) { \
569
+ if (BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx) <= 0) { \
557
570
  BN_free(result); \
558
571
  ossl_raise(eBNError, NULL); \
559
572
  } \
@@ -595,7 +608,7 @@ BIGNUM_3c(mod_exp)
595
608
  { \
596
609
  BIGNUM *bn; \
597
610
  GetBN(self, bn); \
598
- if (!BN_##func(bn, NUM2INT(bit))) { \
611
+ if (BN_##func(bn, NUM2INT(bit)) <= 0) { \
599
612
  ossl_raise(eBNError, NULL); \
600
613
  } \
601
614
  return self; \
@@ -655,7 +668,7 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit)
655
668
  if (!(result = BN_new())) { \
656
669
  ossl_raise(eBNError, NULL); \
657
670
  } \
658
- if (!BN_##func(result, bn, b)) { \
671
+ if (BN_##func(result, bn, b) <= 0) { \
659
672
  BN_free(result); \
660
673
  ossl_raise(eBNError, NULL); \
661
674
  } \
@@ -685,7 +698,7 @@ BIGNUM_SHIFT(rshift)
685
698
  int b; \
686
699
  b = NUM2INT(bits); \
687
700
  GetBN(self, bn); \
688
- if (!BN_##func(bn, bn, b)) \
701
+ if (BN_##func(bn, bn, b) <= 0) \
689
702
  ossl_raise(eBNError, NULL); \
690
703
  return self; \
691
704
  }
@@ -724,7 +737,7 @@ BIGNUM_SELF_SHIFT(rshift)
724
737
  if (!(result = BN_new())) { \
725
738
  ossl_raise(eBNError, NULL); \
726
739
  } \
727
- if (!BN_##func(result, b, top, bottom)) { \
740
+ if (BN_##func(result, b, top, bottom) <= 0) { \
728
741
  BN_free(result); \
729
742
  ossl_raise(eBNError, NULL); \
730
743
  } \
@@ -753,7 +766,7 @@ BIGNUM_RAND(pseudo_rand)
753
766
  if (!(result = BN_new())) { \
754
767
  ossl_raise(eBNError, NULL); \
755
768
  } \
756
- if (!BN_##func##_range(result, bn)) { \
769
+ if (BN_##func##_range(result, bn) <= 0) { \
757
770
  BN_free(result); \
758
771
  ossl_raise(eBNError, NULL); \
759
772
  } \
@@ -313,8 +313,6 @@ ossl_digest_block_length(VALUE self)
313
313
  void
314
314
  Init_ossl_digest(void)
315
315
  {
316
- rb_require("digest");
317
-
318
316
  #if 0
319
317
  mOSSL = rb_define_module("OpenSSL");
320
318
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -433,6 +431,12 @@ Init_ossl_digest(void)
433
431
  * digest2 = sha256.digest(data2)
434
432
  *
435
433
  */
434
+
435
+ /*
436
+ * Digest::Class is defined by the digest library. rb_require() cannot be
437
+ * used here because it bypasses RubyGems.
438
+ */
439
+ rb_funcall(Qnil, rb_intern_const("require"), 1, rb_str_new_cstr("digest"));
436
440
  cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class"));
437
441
  /* Document-class: OpenSSL::Digest::DigestError
438
442
  *
@@ -232,6 +232,7 @@ ossl_pkcs12_to_der(VALUE self)
232
232
  void
233
233
  Init_ossl_pkcs12(void)
234
234
  {
235
+ #undef rb_intern
235
236
  #if 0
236
237
  mOSSL = rb_define_module("OpenSSL");
237
238
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -1042,6 +1042,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
1042
1042
  void
1043
1043
  Init_ossl_pkcs7(void)
1044
1044
  {
1045
+ #undef rb_intern
1045
1046
  #if 0
1046
1047
  mOSSL = rb_define_module("OpenSSL");
1047
1048
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -20,6 +20,21 @@ static ID id_private_q;
20
20
  /*
21
21
  * callback for generating keys
22
22
  */
23
+ static VALUE
24
+ call_check_ints0(VALUE arg)
25
+ {
26
+ rb_thread_check_ints();
27
+ return Qnil;
28
+ }
29
+
30
+ static void *
31
+ call_check_ints(void *arg)
32
+ {
33
+ int state;
34
+ rb_protect(call_check_ints0, Qnil, &state);
35
+ return (void *)(VALUE)state;
36
+ }
37
+
23
38
  int
24
39
  ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
25
40
  {
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
38
53
  */
39
54
  rb_protect(rb_yield, ary, &state);
40
55
  if (state) {
41
- arg->stop = 1;
42
56
  arg->state = state;
57
+ return 0;
58
+ }
59
+ }
60
+ if (arg->interrupted) {
61
+ arg->interrupted = 0;
62
+ state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
63
+ if (state) {
64
+ arg->state = state;
65
+ return 0;
43
66
  }
44
67
  }
45
- if (arg->stop) return 0;
46
68
  return 1;
47
69
  }
48
70
 
@@ -50,7 +72,7 @@ void
50
72
  ossl_generate_cb_stop(void *ptr)
51
73
  {
52
74
  struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
53
- arg->stop = 1;
75
+ arg->interrupted = 1;
54
76
  }
55
77
 
56
78
  static void
@@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
389
411
  void
390
412
  Init_ossl_pkey(void)
391
413
  {
414
+ #undef rb_intern
392
415
  #if 0
393
416
  mOSSL = rb_define_module("OpenSSL");
394
417
  eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
@@ -37,7 +37,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
37
37
 
38
38
  struct ossl_generate_cb_arg {
39
39
  int yield;
40
- int stop;
40
+ int interrupted;
41
41
  int state;
42
42
  };
43
43
  int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
@@ -133,9 +133,9 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2, VALU
133
133
  BIGNUM *bn3 = NULL, *orig_bn3 = NIL_P(v3) ? NULL : GetBNPtr(v3);\
134
134
  \
135
135
  Get##_type(self, obj); \
136
- if (orig_bn1 && !(bn1 = BN_dup(orig_bn1)) || \
137
- orig_bn2 && !(bn2 = BN_dup(orig_bn2)) || \
138
- orig_bn3 && !(bn3 = BN_dup(orig_bn3))) { \
136
+ if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
137
+ (orig_bn2 && !(bn2 = BN_dup(orig_bn2))) || \
138
+ (orig_bn3 && !(bn3 = BN_dup(orig_bn3)))) { \
139
139
  BN_clear_free(bn1); \
140
140
  BN_clear_free(bn2); \
141
141
  BN_clear_free(bn3); \
@@ -163,8 +163,8 @@ static VALUE ossl_##_keytype##_set_##_group(VALUE self, VALUE v1, VALUE v2) \
163
163
  BIGNUM *bn2 = NULL, *orig_bn2 = NIL_P(v2) ? NULL : GetBNPtr(v2);\
164
164
  \
165
165
  Get##_type(self, obj); \
166
- if (orig_bn1 && !(bn1 = BN_dup(orig_bn1)) || \
167
- orig_bn2 && !(bn2 = BN_dup(orig_bn2))) { \
166
+ if ((orig_bn1 && !(bn1 = BN_dup(orig_bn1))) || \
167
+ (orig_bn2 && !(bn2 = BN_dup(orig_bn2)))) { \
168
168
  BN_clear_free(bn1); \
169
169
  BN_clear_free(bn2); \
170
170
  ossl_raise(eBNError, NULL); \
@@ -262,7 +262,7 @@ ossl_dh_initialize_copy(VALUE self, VALUE other)
262
262
  BIGNUM *pub2 = BN_dup(pub);
263
263
  BIGNUM *priv2 = BN_dup(priv);
264
264
 
265
- if (!pub2 || priv && !priv2) {
265
+ if (!pub2 || (priv && !priv2)) {
266
266
  BN_clear_free(pub2);
267
267
  BN_clear_free(priv2);
268
268
  ossl_raise(eDHError, "BN_dup");
@@ -653,15 +653,15 @@ static VALUE ossl_ec_key_dsa_verify_asn1(VALUE self, VALUE data, VALUE sig)
653
653
  StringValue(data);
654
654
  StringValue(sig);
655
655
 
656
- switch (ECDSA_verify(0, (unsigned char *) RSTRING_PTR(data), RSTRING_LENINT(data), (unsigned char *) RSTRING_PTR(sig), (int)RSTRING_LEN(sig), ec)) {
657
- case 1: return Qtrue;
658
- case 0: return Qfalse;
659
- default: break;
656
+ switch (ECDSA_verify(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data),
657
+ (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), ec)) {
658
+ case 1:
659
+ return Qtrue;
660
+ case 0:
661
+ return Qfalse;
662
+ default:
663
+ ossl_raise(eECError, "ECDSA_verify");
660
664
  }
661
-
662
- ossl_raise(eECError, "ECDSA_verify");
663
-
664
- UNREACHABLE;
665
665
  }
666
666
 
667
667
  /*
@@ -1649,6 +1649,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
1649
1649
 
1650
1650
  void Init_ossl_ec(void)
1651
1651
  {
1652
+ #undef rb_intern
1652
1653
  #if 0
1653
1654
  mPKey = rb_define_module_under(mOSSL, "PKey");
1654
1655
  cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
@@ -67,8 +67,6 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
67
67
  static VALUE
68
68
  ossl_rand_load_file(VALUE self, VALUE filename)
69
69
  {
70
- rb_check_safe_obj(filename);
71
-
72
70
  if(!RAND_load_file(StringValueCStr(filename), -1)) {
73
71
  ossl_raise(eRandomError, NULL);
74
72
  }
@@ -86,8 +84,6 @@ ossl_rand_load_file(VALUE self, VALUE filename)
86
84
  static VALUE
87
85
  ossl_rand_write_file(VALUE self, VALUE filename)
88
86
  {
89
- rb_check_safe_obj(filename);
90
-
91
87
  if (RAND_write_file(StringValueCStr(filename)) == -1) {
92
88
  ossl_raise(eRandomError, NULL);
93
89
  }
@@ -164,8 +160,6 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
164
160
  static VALUE
165
161
  ossl_rand_egd(VALUE self, VALUE filename)
166
162
  {
167
- rb_check_safe_obj(filename);
168
-
169
163
  if (RAND_egd(StringValueCStr(filename)) == -1) {
170
164
  ossl_raise(eRandomError, NULL);
171
165
  }
@@ -186,8 +180,6 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
186
180
  {
187
181
  int n = NUM2INT(len);
188
182
 
189
- rb_check_safe_obj(filename);
190
-
191
183
  if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) {
192
184
  ossl_raise(eRandomError, NULL);
193
185
  }