openssl 3.1.1 → 3.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +27 -0
  3. data/ext/openssl/ossl_pkey.c +1 -0
  4. data/ext/openssl/ossl_pkey_dh.c +2 -0
  5. data/ext/openssl/ossl_pkey_dsa.c +2 -0
  6. data/ext/openssl/ossl_pkey_ec.c +2 -0
  7. data/ext/openssl/ossl_pkey_rsa.c +2 -0
  8. data/lib/openssl/ssl.rb +0 -1
  9. data/lib/openssl/version.rb +1 -1
  10. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 65d16dc88820644059bc2773d3f9ea9511324aa07822a31b2bdf1dfd2306224f
4
- data.tar.gz: bbd4cdeec2d76994294061804456942b9528d86352375b8d2c4dfea171287ec5
3
+ metadata.gz: c0a6032c0639646fac204b99fe529e7f25f4f69724fc2ea8ac04e7e65395536e
4
+ data.tar.gz: c3527c0a090fc33356a1bbebe7c7a3de03c127a47313b40aa3a787e6186dc2f6
5
5
  SHA512:
6
- metadata.gz: 3b7477f09b389f6ed8ffc24c5adb43cfe9a19ba2ee6293adc5e1d08199ea3a9365c4006705c4a4c2935e251e6e720af699786f0eda6cebc7fa2ec9826eb1dbcb
7
- data.tar.gz: 765705e0e698d843b3a2809e957542c76dc414208a762ad58fdfdb6ed9f6400c39c797b0cdc7ad6173fd1d12b4b7c16a448e0a0445fec4efbf190a27318e4340
6
+ metadata.gz: c445e1f6158d6567479167e7569c0a49eba52df06078c7127e491207cb7b0a0fc74977ba187badf0f19badffabc1ae490988efb5e66cc037bc44e071c7b7d8da
7
+ data.tar.gz: 0e0f18e962c10fd57520c66776c732f557d7a7c54d5080bd1cde5fec8819fd57ad022dc1d271482ef43f71e2e50153e849c094287448751f7ec188b88caa8efc
data/History.md CHANGED
@@ -1,3 +1,30 @@
1
+ Version 3.1.3
2
+ =============
3
+
4
+ Bug fixes
5
+ ---------
6
+
7
+ * Fix missing NULL check for `EVP_PKEY_get0()` functions with OpenSSL 3.x.
8
+ [[GitHub #957]](https://github.com/ruby/openssl/pull/957)
9
+
10
+
11
+ Version 3.1.2
12
+ =============
13
+
14
+ Bug fixes
15
+ ---------
16
+
17
+ * Fix crash when attempting to export an incomplete `OpenSSL::PKey::DSA` key.
18
+ [[GitHub #845]](https://github.com/ruby/openssl/issues/845)
19
+ [[GitHub #847]](https://github.com/ruby/openssl/pull/847)
20
+ * Remove the `OpenSSL::X509::V_FLAG_CRL_CHECK_ALL` flag from the default store
21
+ used by `OpenSSL::SSL::SSLContext#set_params`. It causes certificate
22
+ verification to fail with OpenSSL 3.6.0. It has no effect with any other
23
+ OpenSSL versions.
24
+ [[GitHub #949]](https://github.com/ruby/openssl/issues/949)
25
+ [[GitHub #950]](https://github.com/ruby/openssl/pull/950)
26
+
27
+
1
28
  Version 3.1.1
2
29
  =============
3
30
 
data/ext/openssl/ossl_pkey.c CHANGED
@@ -807,6 +807,7 @@ ossl_pkey_export_spki(VALUE self, int to_der)
807
807
  BIO *bio;
808
808
 
809
809
  GetPKey(self, pkey);
810
+ ossl_pkey_check_public_key(pkey);
810
811
  bio = BIO_new(BIO_s_mem());
811
812
  if (!bio)
812
813
  ossl_raise(ePKeyError, "BIO_new");
data/ext/openssl/ossl_pkey_dh.c CHANGED
@@ -21,6 +21,8 @@
21
21
  EVP_PKEY *_pkey; \
22
22
  GetPKeyDH((obj), _pkey); \
23
23
  (dh) = EVP_PKEY_get0_DH(_pkey); \
24
+ if ((dh) == NULL) \
25
+ ossl_raise(eDHError, "failed to get DH from EVP_PKEY"); \
24
26
  } while (0)
25
27
 
26
28
  /*
data/ext/openssl/ossl_pkey_dsa.c CHANGED
@@ -21,6 +21,8 @@
21
21
  EVP_PKEY *_pkey; \
22
22
  GetPKeyDSA((obj), _pkey); \
23
23
  (dsa) = EVP_PKEY_get0_DSA(_pkey); \
24
+ if ((dsa) == NULL) \
25
+ ossl_raise(eDSAError, "failed to get DSA from EVP_PKEY"); \
24
26
  } while (0)
25
27
 
26
28
  static inline int
data/ext/openssl/ossl_pkey_ec.c CHANGED
@@ -22,6 +22,8 @@ static const rb_data_type_t ossl_ec_point_type;
22
22
  EVP_PKEY *_pkey; \
23
23
  GetPKeyEC(obj, _pkey); \
24
24
  (key) = EVP_PKEY_get0_EC_KEY(_pkey); \
25
+ if ((key) == NULL) \
26
+ ossl_raise(eECError, "failed to get EC_KEY from EVP_PKEY"); \
25
27
  } while (0)
26
28
 
27
29
  #define GetECGroup(obj, group) do { \
data/ext/openssl/ossl_pkey_rsa.c CHANGED
@@ -21,6 +21,8 @@
21
21
  EVP_PKEY *_pkey; \
22
22
  GetPKeyRSA((obj), _pkey); \
23
23
  (rsa) = EVP_PKEY_get0_RSA(_pkey); \
24
+ if ((rsa) == NULL) \
25
+ ossl_raise(eRSAError, "failed to get RSA from EVP_PKEY"); \
24
26
  } while (0)
25
27
 
26
28
  static inline int
data/lib/openssl/ssl.rb CHANGED
@@ -92,7 +92,6 @@ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
92
92
 
93
93
  DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
94
94
  DEFAULT_CERT_STORE.set_default_paths
95
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
96
95
 
97
96
  # A callback invoked when DH parameters are required for ephemeral DH key
98
97
  # exchange.
data/lib/openssl/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module OpenSSL
4
- VERSION = "3.1.1"
4
+ VERSION = "3.1.3"
5
5
  end
metadata CHANGED
@@ -1,9 +1,8 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.1
4
+ version: 3.1.3
5
5
  platform: ruby
6
- original_platform: ''
7
6
  authors:
8
7
  - Martin Bosslet
9
8
  - SHIBATA Hiroshi
@@ -11,7 +10,7 @@ authors:
11
10
  - Kazuki Yamaguchi
12
11
  bindir: bin
13
12
  cert_chain: []
14
- date: 2024-12-18 00:00:00.000000000 Z
13
+ date: 1980-01-02 00:00:00.000000000 Z
15
14
  dependencies: []
16
15
  description: It wraps the OpenSSL library.
17
16
  email:
@@ -116,7 +115,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
116
115
  - !ruby/object:Gem::Version
117
116
  version: '0'
118
117
  requirements: []
119
- rubygems_version: 3.6.1
118
+ rubygems_version: 3.8.0.dev
120
119
  specification_version: 4
121
120
  summary: OpenSSL provides SSL, TLS and general purpose cryptography.
122
121
  test_files: []