openssl 3.0.0 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.md +69 -0
- data/ext/openssl/extconf.rb +3 -2
- data/ext/openssl/ossl.h +2 -2
- data/ext/openssl/ossl_hmac.c +8 -0
- data/ext/openssl/ossl_pkey.c +44 -4
- data/ext/openssl/ossl_pkey_ec.c +37 -17
- data/ext/openssl/ossl_x509cert.c +3 -3
- data/ext/openssl/ossl_x509crl.c +3 -3
- data/ext/openssl/ossl_x509req.c +3 -3
- data/ext/openssl/ossl_x509revoked.c +3 -3
- data/lib/openssl/pkey.rb +8 -0
- data/lib/openssl/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b8568ca84395c137b32a22127dcaa2125265d1f5b61a62ba1d56e2373b7a96c4
|
4
|
+
data.tar.gz: 1cef2e5798b482c3096826306a3264b82626f6d6cb23f53d9a71025f5afa46b3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1bb9f6a40f535f4331097321296028fc2bdc8e5f90e6366c8db5c8e6dca771b55932c01479f667bd0751940917c83a9c98ca9ea70d7c622688cbb24432afdb36
|
7
|
+
data.tar.gz: d9905167ac9e1ffc3201155d39d947e5b0e923797a09ba172a443d4a4040a5d8663edfdb30c935a6d2fa71438e8f8a0fec025c21b5af9290eb76b02a8c100326
|
data/History.md
CHANGED
@@ -1,3 +1,41 @@
|
|
1
|
+
Version 3.0.2
|
2
|
+
=============
|
3
|
+
|
4
|
+
Merged changes in 2.2.3. Additionally, the following issues are fixed by this
|
5
|
+
release.
|
6
|
+
|
7
|
+
Bug fixes
|
8
|
+
---------
|
9
|
+
|
10
|
+
* Fix OpenSSL::PKey::EC#check_key not working correctly on OpenSSL 3.0.
|
11
|
+
[[GitHub #563]](https://github.com/ruby/openssl/issues/563)
|
12
|
+
[[GitHub #580]](https://github.com/ruby/openssl/pull/580)
|
13
|
+
|
14
|
+
|
15
|
+
Version 3.0.1
|
16
|
+
=============
|
17
|
+
|
18
|
+
Merged changes in 2.1.4 and 2.2.2. Additionally, the following issues are fixed
|
19
|
+
by this release.
|
20
|
+
|
21
|
+
Bug fixes
|
22
|
+
---------
|
23
|
+
|
24
|
+
* Add missing type check in OpenSSL::PKey::PKey#sign's optional parameters.
|
25
|
+
[[GitHub #531]](https://github.com/ruby/openssl/pull/531)
|
26
|
+
* Work around OpenSSL 3.0's HMAC issues with a zero-length key.
|
27
|
+
[[GitHub #538]](https://github.com/ruby/openssl/pull/538)
|
28
|
+
* Fix a regression in OpenSSL::PKey::DSA.generate's default of 'q' size.
|
29
|
+
[[GitHub #483]](https://github.com/ruby/openssl/issues/483)
|
30
|
+
[[GitHub #539]](https://github.com/ruby/openssl/pull/539)
|
31
|
+
* Restore OpenSSL::PKey.read's ability to decode "openssl ecparam -genkey"
|
32
|
+
output when linked against OpenSSL 3.0.
|
33
|
+
[[GitHub #535]](https://github.com/ruby/openssl/pull/535)
|
34
|
+
[[GitHub #540]](https://github.com/ruby/openssl/pull/540)
|
35
|
+
* Restore error checks in OpenSSL::PKey::EC#{to_der,to_pem}.
|
36
|
+
[[GitHub #541]](https://github.com/ruby/openssl/pull/541)
|
37
|
+
|
38
|
+
|
1
39
|
Version 3.0.0
|
2
40
|
=============
|
3
41
|
|
@@ -100,6 +138,27 @@ Notable changes
|
|
100
138
|
[[GitHub #342]](https://github.com/ruby/openssl/issues/342)
|
101
139
|
|
102
140
|
|
141
|
+
Version 2.2.3
|
142
|
+
=============
|
143
|
+
|
144
|
+
Bug fixes
|
145
|
+
---------
|
146
|
+
|
147
|
+
* Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
|
148
|
+
with an incorrect class, which would end up with a TypeError.
|
149
|
+
[[GitHub #570]](https://github.com/ruby/openssl/pull/570)
|
150
|
+
* Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
|
151
|
+
incorrectly treated OpenSSL's internal errors as "not equal".
|
152
|
+
[[GitHub #564]](https://github.com/ruby/openssl/pull/564)
|
153
|
+
* Fix build with LibreSSL 3.5 or later.
|
154
|
+
|
155
|
+
|
156
|
+
Version 2.2.2
|
157
|
+
=============
|
158
|
+
|
159
|
+
Merged changes in 2.1.4.
|
160
|
+
|
161
|
+
|
103
162
|
Version 2.2.1
|
104
163
|
=============
|
105
164
|
|
@@ -194,6 +253,16 @@ Notable changes
|
|
194
253
|
[[GitHub #297]](https://github.com/ruby/openssl/pull/297)
|
195
254
|
|
196
255
|
|
256
|
+
Version 2.1.4
|
257
|
+
=============
|
258
|
+
|
259
|
+
Bug fixes
|
260
|
+
---------
|
261
|
+
|
262
|
+
* Do not use pkg-config if --with-openssl-dir option is specified.
|
263
|
+
[[GitHub #486]](https://github.com/ruby/openssl/pull/486)
|
264
|
+
|
265
|
+
|
197
266
|
Version 2.1.3
|
198
267
|
=============
|
199
268
|
|
data/ext/openssl/extconf.rb
CHANGED
@@ -13,7 +13,7 @@
|
|
13
13
|
|
14
14
|
require "mkmf"
|
15
15
|
|
16
|
-
dir_config("openssl")
|
16
|
+
dir_config_given = dir_config("openssl").any?
|
17
17
|
dir_config("kerberos")
|
18
18
|
|
19
19
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
@@ -92,7 +92,7 @@ def find_openssl_library
|
|
92
92
|
end
|
93
93
|
|
94
94
|
Logging::message "=== Checking for required stuff... ===\n"
|
95
|
-
pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
|
95
|
+
pkg_config_found = !dir_config_given && pkg_config("openssl") && have_header("openssl/ssl.h")
|
96
96
|
|
97
97
|
if !pkg_config_found && !find_openssl_library
|
98
98
|
Logging::message "=== Checking for required stuff failed. ===\n"
|
@@ -169,6 +169,7 @@ have_func("SSL_CTX_set_post_handshake_auth")
|
|
169
169
|
|
170
170
|
# added in 1.1.1
|
171
171
|
have_func("EVP_PKEY_check")
|
172
|
+
have_func("EVP_PKEY_new_raw_private_key")
|
172
173
|
|
173
174
|
# added in 3.0.0
|
174
175
|
have_func("SSL_set0_tmp_dh_pkey")
|
data/ext/openssl/ossl.h
CHANGED
@@ -43,13 +43,13 @@
|
|
43
43
|
#ifndef LIBRESSL_VERSION_NUMBER
|
44
44
|
# define OSSL_IS_LIBRESSL 0
|
45
45
|
# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
|
46
|
-
(OPENSSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
|
46
|
+
(OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
|
47
47
|
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
|
48
48
|
#else
|
49
49
|
# define OSSL_IS_LIBRESSL 1
|
50
50
|
# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
|
51
51
|
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
|
52
|
-
(LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
|
52
|
+
(LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
|
53
53
|
#endif
|
54
54
|
|
55
55
|
#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
|
data/ext/openssl/ossl_hmac.c
CHANGED
@@ -97,11 +97,19 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
|
|
97
97
|
|
98
98
|
GetHMAC(self, ctx);
|
99
99
|
StringValue(key);
|
100
|
+
#ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
|
101
|
+
pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
|
102
|
+
(unsigned char *)RSTRING_PTR(key),
|
103
|
+
RSTRING_LENINT(key));
|
104
|
+
if (!pkey)
|
105
|
+
ossl_raise(eHMACError, "EVP_PKEY_new_raw_private_key");
|
106
|
+
#else
|
100
107
|
pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
|
101
108
|
(unsigned char *)RSTRING_PTR(key),
|
102
109
|
RSTRING_LENINT(key));
|
103
110
|
if (!pkey)
|
104
111
|
ossl_raise(eHMACError, "EVP_PKEY_new_mac_key");
|
112
|
+
#endif
|
105
113
|
if (EVP_DigestSignInit(ctx, NULL, ossl_evp_get_digestbyname(digest),
|
106
114
|
NULL, pkey) != 1) {
|
107
115
|
EVP_PKEY_free(pkey);
|
data/ext/openssl/ossl_pkey.c
CHANGED
@@ -99,17 +99,56 @@ ossl_pkey_read_generic(BIO *bio, VALUE pass)
|
|
99
99
|
/* First check DER */
|
100
100
|
if (OSSL_DECODER_from_bio(dctx, bio) == 1)
|
101
101
|
goto out;
|
102
|
+
OSSL_BIO_reset(bio);
|
102
103
|
|
103
104
|
/* Then check PEM; multiple OSSL_DECODER_from_bio() calls may be needed */
|
104
|
-
OSSL_BIO_reset(bio);
|
105
105
|
if (OSSL_DECODER_CTX_set_input_type(dctx, "PEM") != 1)
|
106
106
|
goto out;
|
107
|
-
|
108
|
-
|
107
|
+
/*
|
108
|
+
* First check for private key formats. This is to keep compatibility with
|
109
|
+
* ruby/openssl < 3.0 which decoded the following as a private key.
|
110
|
+
*
|
111
|
+
* $ openssl ecparam -name prime256v1 -genkey -outform PEM
|
112
|
+
* -----BEGIN EC PARAMETERS-----
|
113
|
+
* BggqhkjOPQMBBw==
|
114
|
+
* -----END EC PARAMETERS-----
|
115
|
+
* -----BEGIN EC PRIVATE KEY-----
|
116
|
+
* MHcCAQEEIAG8ugBbA5MHkqnZ9ujQF93OyUfL9tk8sxqM5Wv5tKg5oAoGCCqGSM49
|
117
|
+
* AwEHoUQDQgAEVcjhJfkwqh5C7kGuhAf8XaAjVuG5ADwb5ayg/cJijCgs+GcXeedj
|
118
|
+
* 86avKpGH84DXUlB23C/kPt+6fXYlitUmXQ==
|
119
|
+
* -----END EC PRIVATE KEY-----
|
120
|
+
*
|
121
|
+
* While the first PEM block is a proper encoding of ECParameters, thus
|
122
|
+
* OSSL_DECODER_from_bio() would pick it up, ruby/openssl used to return
|
123
|
+
* the latter instead. Existing applications expect this behavior.
|
124
|
+
*
|
125
|
+
* Note that normally, the input is supposed to contain a single decodable
|
126
|
+
* PEM block only, so this special handling should not create a new problem.
|
127
|
+
*/
|
128
|
+
OSSL_DECODER_CTX_set_selection(dctx, EVP_PKEY_KEYPAIR);
|
129
|
+
while (1) {
|
130
|
+
if (OSSL_DECODER_from_bio(dctx, bio) == 1)
|
109
131
|
goto out;
|
132
|
+
if (BIO_eof(bio))
|
133
|
+
break;
|
110
134
|
pos2 = BIO_tell(bio);
|
111
135
|
if (pos2 < 0 || pos2 <= pos)
|
136
|
+
break;
|
137
|
+
ossl_clear_error();
|
138
|
+
pos = pos2;
|
139
|
+
}
|
140
|
+
|
141
|
+
OSSL_BIO_reset(bio);
|
142
|
+
OSSL_DECODER_CTX_set_selection(dctx, 0);
|
143
|
+
while (1) {
|
144
|
+
if (OSSL_DECODER_from_bio(dctx, bio) == 1)
|
112
145
|
goto out;
|
146
|
+
if (BIO_eof(bio))
|
147
|
+
break;
|
148
|
+
pos2 = BIO_tell(bio);
|
149
|
+
if (pos2 < 0 || pos2 <= pos)
|
150
|
+
break;
|
151
|
+
ossl_clear_error();
|
113
152
|
pos = pos2;
|
114
153
|
}
|
115
154
|
|
@@ -200,6 +239,7 @@ static VALUE
|
|
200
239
|
pkey_ctx_apply_options0(VALUE args_v)
|
201
240
|
{
|
202
241
|
VALUE *args = (VALUE *)args_v;
|
242
|
+
Check_Type(args[1], T_HASH);
|
203
243
|
|
204
244
|
rb_block_call(args[1], rb_intern("each"), 0, NULL,
|
205
245
|
pkey_ctx_apply_options_i, args[0]);
|
@@ -670,7 +710,7 @@ ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self, int to_der)
|
|
670
710
|
}
|
671
711
|
}
|
672
712
|
else {
|
673
|
-
#if
|
713
|
+
#if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_LIBRESSL_PREREQ(3, 5, 0)
|
674
714
|
if (!PEM_write_bio_PrivateKey_traditional(bio, pkey, enc, NULL, 0,
|
675
715
|
ossl_pem_passwd_cb,
|
676
716
|
(void *)pass)) {
|
data/ext/openssl/ossl_pkey_ec.c
CHANGED
@@ -414,6 +414,8 @@ ossl_ec_key_export(int argc, VALUE *argv, VALUE self)
|
|
414
414
|
EC_KEY *ec;
|
415
415
|
|
416
416
|
GetEC(self, ec);
|
417
|
+
if (EC_KEY_get0_public_key(ec) == NULL)
|
418
|
+
ossl_raise(eECError, "can't export - no public key set");
|
417
419
|
if (EC_KEY_get0_private_key(ec))
|
418
420
|
return ossl_pkey_export_traditional(argc, argv, self, 0);
|
419
421
|
else
|
@@ -432,6 +434,8 @@ ossl_ec_key_to_der(VALUE self)
|
|
432
434
|
EC_KEY *ec;
|
433
435
|
|
434
436
|
GetEC(self, ec);
|
437
|
+
if (EC_KEY_get0_public_key(ec) == NULL)
|
438
|
+
ossl_raise(eECError, "can't export - no public key set");
|
435
439
|
if (EC_KEY_get0_private_key(ec))
|
436
440
|
return ossl_pkey_export_traditional(0, NULL, self, 1);
|
437
441
|
else
|
@@ -479,16 +483,28 @@ static VALUE ossl_ec_key_check_key(VALUE self)
|
|
479
483
|
#ifdef HAVE_EVP_PKEY_CHECK
|
480
484
|
EVP_PKEY *pkey;
|
481
485
|
EVP_PKEY_CTX *pctx;
|
482
|
-
|
486
|
+
EC_KEY *ec;
|
483
487
|
|
484
488
|
GetPKey(self, pkey);
|
489
|
+
GetEC(self, ec);
|
485
490
|
pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
|
486
491
|
if (!pctx)
|
487
|
-
ossl_raise(
|
488
|
-
|
492
|
+
ossl_raise(eECError, "EVP_PKEY_CTX_new");
|
493
|
+
|
494
|
+
if (EC_KEY_get0_private_key(ec) != NULL) {
|
495
|
+
if (EVP_PKEY_check(pctx) != 1) {
|
496
|
+
EVP_PKEY_CTX_free(pctx);
|
497
|
+
ossl_raise(eECError, "EVP_PKEY_check");
|
498
|
+
}
|
499
|
+
}
|
500
|
+
else {
|
501
|
+
if (EVP_PKEY_public_check(pctx) != 1) {
|
502
|
+
EVP_PKEY_CTX_free(pctx);
|
503
|
+
ossl_raise(eECError, "EVP_PKEY_public_check");
|
504
|
+
}
|
505
|
+
}
|
506
|
+
|
489
507
|
EVP_PKEY_CTX_free(pctx);
|
490
|
-
if (ret != 1)
|
491
|
-
ossl_raise(eECError, "EVP_PKEY_public_check");
|
492
508
|
#else
|
493
509
|
EC_KEY *ec;
|
494
510
|
|
@@ -664,10 +680,11 @@ static VALUE ossl_ec_group_eql(VALUE a, VALUE b)
|
|
664
680
|
GetECGroup(a, group1);
|
665
681
|
GetECGroup(b, group2);
|
666
682
|
|
667
|
-
|
668
|
-
|
669
|
-
|
670
|
-
|
683
|
+
switch (EC_GROUP_cmp(group1, group2, ossl_bn_ctx)) {
|
684
|
+
case 0: return Qtrue;
|
685
|
+
case 1: return Qfalse;
|
686
|
+
default: ossl_raise(eEC_GROUP, "EC_GROUP_cmp");
|
687
|
+
}
|
671
688
|
}
|
672
689
|
|
673
690
|
/*
|
@@ -1228,10 +1245,13 @@ static VALUE ossl_ec_point_eql(VALUE a, VALUE b)
|
|
1228
1245
|
GetECPoint(b, point2);
|
1229
1246
|
GetECGroup(group_v1, group);
|
1230
1247
|
|
1231
|
-
|
1232
|
-
|
1248
|
+
switch (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx)) {
|
1249
|
+
case 0: return Qtrue;
|
1250
|
+
case 1: return Qfalse;
|
1251
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_cmp");
|
1252
|
+
}
|
1233
1253
|
|
1234
|
-
|
1254
|
+
UNREACHABLE;
|
1235
1255
|
}
|
1236
1256
|
|
1237
1257
|
/*
|
@@ -1249,7 +1269,7 @@ static VALUE ossl_ec_point_is_at_infinity(VALUE self)
|
|
1249
1269
|
switch (EC_POINT_is_at_infinity(group, point)) {
|
1250
1270
|
case 1: return Qtrue;
|
1251
1271
|
case 0: return Qfalse;
|
1252
|
-
default: ossl_raise(
|
1272
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_is_at_infinity");
|
1253
1273
|
}
|
1254
1274
|
|
1255
1275
|
UNREACHABLE;
|
@@ -1270,7 +1290,7 @@ static VALUE ossl_ec_point_is_on_curve(VALUE self)
|
|
1270
1290
|
switch (EC_POINT_is_on_curve(group, point, ossl_bn_ctx)) {
|
1271
1291
|
case 1: return Qtrue;
|
1272
1292
|
case 0: return Qfalse;
|
1273
|
-
default: ossl_raise(
|
1293
|
+
default: ossl_raise(eEC_POINT, "EC_POINT_is_on_curve");
|
1274
1294
|
}
|
1275
1295
|
|
1276
1296
|
UNREACHABLE;
|
@@ -1293,7 +1313,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
|
|
1293
1313
|
rb_warn("OpenSSL::PKey::EC::Point#make_affine! is deprecated");
|
1294
1314
|
#if !OSSL_OPENSSL_PREREQ(3, 0, 0)
|
1295
1315
|
if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
|
1296
|
-
ossl_raise(
|
1316
|
+
ossl_raise(eEC_POINT, "EC_POINT_make_affine");
|
1297
1317
|
#endif
|
1298
1318
|
|
1299
1319
|
return self;
|
@@ -1312,7 +1332,7 @@ static VALUE ossl_ec_point_invert(VALUE self)
|
|
1312
1332
|
GetECPointGroup(self, group);
|
1313
1333
|
|
1314
1334
|
if (EC_POINT_invert(group, point, ossl_bn_ctx) != 1)
|
1315
|
-
ossl_raise(
|
1335
|
+
ossl_raise(eEC_POINT, "EC_POINT_invert");
|
1316
1336
|
|
1317
1337
|
return self;
|
1318
1338
|
}
|
@@ -1330,7 +1350,7 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
|
|
1330
1350
|
GetECPointGroup(self, group);
|
1331
1351
|
|
1332
1352
|
if (EC_POINT_set_to_infinity(group, point) != 1)
|
1333
|
-
ossl_raise(
|
1353
|
+
ossl_raise(eEC_POINT, "EC_POINT_set_to_infinity");
|
1334
1354
|
|
1335
1355
|
return self;
|
1336
1356
|
}
|
data/ext/openssl/ossl_x509cert.c
CHANGED
@@ -642,12 +642,12 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
|
|
642
642
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
643
643
|
}
|
644
644
|
GetX509(self, x509);
|
645
|
-
|
646
|
-
|
645
|
+
for (i = X509_get_ext_count(x509); i > 0; i--)
|
646
|
+
X509_EXTENSION_free(X509_delete_ext(x509, 0));
|
647
647
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
648
648
|
ext = GetX509ExtPtr(RARRAY_AREF(ary, i));
|
649
649
|
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */
|
650
|
-
ossl_raise(eX509CertError,
|
650
|
+
ossl_raise(eX509CertError, "X509_add_ext");
|
651
651
|
}
|
652
652
|
}
|
653
653
|
|
data/ext/openssl/ossl_x509crl.c
CHANGED
@@ -474,12 +474,12 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
|
|
474
474
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
475
475
|
}
|
476
476
|
GetX509CRL(self, crl);
|
477
|
-
|
478
|
-
|
477
|
+
for (i = X509_CRL_get_ext_count(crl); i > 0; i--)
|
478
|
+
X509_EXTENSION_free(X509_CRL_delete_ext(crl, 0));
|
479
479
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
480
480
|
ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
|
481
481
|
if (!X509_CRL_add_ext(crl, ext, -1)) {
|
482
|
-
ossl_raise(eX509CRLError,
|
482
|
+
ossl_raise(eX509CRLError, "X509_CRL_add_ext");
|
483
483
|
}
|
484
484
|
}
|
485
485
|
|
data/ext/openssl/ossl_x509req.c
CHANGED
@@ -380,13 +380,13 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
|
|
380
380
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
|
381
381
|
}
|
382
382
|
GetX509Req(self, req);
|
383
|
-
|
384
|
-
|
383
|
+
for (i = X509_REQ_get_attr_count(req); i > 0; i--)
|
384
|
+
X509_ATTRIBUTE_free(X509_REQ_delete_attr(req, 0));
|
385
385
|
for (i=0;i<RARRAY_LEN(ary); i++) {
|
386
386
|
item = RARRAY_AREF(ary, i);
|
387
387
|
attr = GetX509AttrPtr(item);
|
388
388
|
if (!X509_REQ_add1_attr(req, attr)) {
|
389
|
-
ossl_raise(eX509ReqError,
|
389
|
+
ossl_raise(eX509ReqError, "X509_REQ_add1_attr");
|
390
390
|
}
|
391
391
|
}
|
392
392
|
return ary;
|
@@ -223,13 +223,13 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
|
|
223
223
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
224
224
|
}
|
225
225
|
GetX509Rev(self, rev);
|
226
|
-
|
227
|
-
|
226
|
+
for (i = X509_REVOKED_get_ext_count(rev); i > 0; i--)
|
227
|
+
X509_EXTENSION_free(X509_REVOKED_delete_ext(rev, 0));
|
228
228
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
229
229
|
item = RARRAY_AREF(ary, i);
|
230
230
|
ext = GetX509ExtPtr(item);
|
231
231
|
if(!X509_REVOKED_add_ext(rev, ext, -1)) {
|
232
|
-
ossl_raise(eX509RevError,
|
232
|
+
ossl_raise(eX509RevError, "X509_REVOKED_add_ext");
|
233
233
|
}
|
234
234
|
}
|
235
235
|
|
data/lib/openssl/pkey.rb
CHANGED
@@ -167,8 +167,16 @@ module OpenSSL::PKey
|
|
167
167
|
# +size+::
|
168
168
|
# The desired key size in bits.
|
169
169
|
def generate(size, &blk)
|
170
|
+
# FIPS 186-4 specifies four (L,N) pairs: (1024,160), (2048,224),
|
171
|
+
# (2048,256), and (3072,256).
|
172
|
+
#
|
173
|
+
# q size is derived here with compatibility with
|
174
|
+
# DSA_generator_parameters_ex() which previous versions of ruby/openssl
|
175
|
+
# used to call.
|
176
|
+
qsize = size >= 2048 ? 256 : 160
|
170
177
|
dsaparams = OpenSSL::PKey.generate_parameters("DSA", {
|
171
178
|
"dsa_paramgen_bits" => size,
|
179
|
+
"dsa_paramgen_q_bits" => qsize,
|
172
180
|
}, &blk)
|
173
181
|
OpenSSL::PKey.generate_key(dsaparams)
|
174
182
|
end
|
data/lib/openssl/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openssl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Martin Bosslet
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2022-12-23 00:00:00.000000000 Z
|
15
15
|
dependencies: []
|
16
16
|
description: It wraps the OpenSSL library.
|
17
17
|
email:
|
@@ -117,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
117
117
|
- !ruby/object:Gem::Version
|
118
118
|
version: '0'
|
119
119
|
requirements: []
|
120
|
-
rubygems_version: 3.
|
120
|
+
rubygems_version: 3.4.0.dev
|
121
121
|
signing_key:
|
122
122
|
specification_version: 4
|
123
123
|
summary: OpenSSL provides SSL, TLS and general purpose cryptography.
|