openssl 3.3.0 → 3.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a8432d7080faee7ddacde9ce67046b585bed0364f1f63f3e34ca68e28b94c939
-  data.tar.gz: 2e55e3ed68ce1bfa26d38e95481510d126282e4fb44b6f2379efe060cbc6a9d9
+  metadata.gz: 7a3b0d69bc08bb79d515fb7da072e3b1d577733e96ae8345c15d3075b158fcdd
+  data.tar.gz: a356d7aa88c016eedea776b2961c3715c6957d6d5dcd6fbd9f88b4f5c45c4a0f
 SHA512:
-  metadata.gz: 8b47e7a7d5e2eb91a2beb38a3054f51bbec651823e4644ac16778d5a9d60545b8e53f8065ad8aa059d880d19aa01d7d5e171f8aea4d7262a62717221a4c47d1f
-  data.tar.gz: b3fd16b1cbe564abcafcf849c9666644f6a74672bd65c4019ba008e7f377b1ed4b121d89d9bc6f8b38306ee0c76ed60e1df798b6fe3533d633389393263438f7
+  metadata.gz: c39f8504d95719f6eead6ad79f904215cf006062be30c0c11f8b7d56e0fe470a74b9bb90daa989ced9c3c0108ec6b1b44e1d800a9a30ed6582ed65ff144909b9
+  data.tar.gz: 3dd3c824bd9927df9c1e7b1c213c78262e013a2c3357c5c8067a0882d231f6b1040003ac087465e53f173411b6ca709d398282a05551019b5ff5739951c1198d

data/History.md

@@ -1,3 +1,9 @@
+Version 3.3.1
+=============
+
+Merged changes in 3.1.2 and 3.2.2.
+
+
 Version 3.3.0
 =============
 
@@ -74,6 +80,12 @@ And various non-user-visible changes and bug fixes. Please see the commit
 history for more details.
 
 
+Version 3.2.2
+=============
+
+Merged changes in 3.1.2.
+
+
 Version 3.2.1
 =============
 
@@ -120,6 +132,23 @@ Notable changes
   [[GitHub #141]](https://github.com/ruby/openssl/pull/141)
 
 
+Version 3.1.2
+=============
+
+Bug fixes
+---------
+
+* Fix crash when attempting to export an incomplete `OpenSSL::PKey::DSA` key.
+  [[GitHub #845]](https://github.com/ruby/openssl/issues/845)
+  [[GitHub #847]](https://github.com/ruby/openssl/pull/847)
+* Remove the `OpenSSL::X509::V_FLAG_CRL_CHECK_ALL` flag from the default store
+  used by `OpenSSL::SSL::SSLContext#set_params`. It causes certificate
+  verification to fail with OpenSSL 3.6.0. It has no effect with any other
+  OpenSSL versions.
+  [[GitHub #949]](https://github.com/ruby/openssl/issues/949)
+  [[GitHub #950]](https://github.com/ruby/openssl/pull/950)
+
+
 Version 3.1.1
 =============
 

data/ext/openssl/ossl_pkey.c

@@ -937,6 +937,7 @@ ossl_pkey_export_spki(VALUE self, int to_der)
     BIO *bio;
 
     GetPKey(self, pkey);
+    ossl_pkey_check_public_key(pkey);
     bio = BIO_new(BIO_s_mem());
     if (!bio)
 	ossl_raise(ePKeyError, "BIO_new");

data/ext/openssl/ossl_ssl.c

@@ -1959,9 +1959,10 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
 
     VALUE io = rb_attr_get(self, id_i_io);
 
-    rb_str_locktmp(str);
     for (;;) {
+        rb_str_locktmp(str);
         int nread = SSL_read(ssl, RSTRING_PTR(str), ilen);
+        rb_str_unlocktmp(str);
 
         cb_state = rb_attr_get(self, ID_callback_state);
         if (!NIL_P(cb_state)) {
@@ -1972,32 +1973,27 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
 
         switch (ssl_get_error(ssl, nread)) {
           case SSL_ERROR_NONE:
-            rb_str_unlocktmp(str);
             rb_str_set_len(str, nread);
             return str;
           case SSL_ERROR_ZERO_RETURN:
-            rb_str_unlocktmp(str);
             if (no_exception_p(opts)) { return Qnil; }
             rb_eof_error();
           case SSL_ERROR_WANT_WRITE:
             if (nonblock) {
-                rb_str_unlocktmp(str);
                 if (no_exception_p(opts)) { return sym_wait_writable; }
                 write_would_block(nonblock);
             }
             io_wait_writable(io);
-            continue;
+            break;
           case SSL_ERROR_WANT_READ:
             if (nonblock) {
-                rb_str_unlocktmp(str);
                 if (no_exception_p(opts)) { return sym_wait_readable; }
                 read_would_block(nonblock);
             }
             io_wait_readable(io);
-            continue;
+            break;
           case SSL_ERROR_SYSCALL:
             if (!ERR_peek_error()) {
-                rb_str_unlocktmp(str);
                 if (errno)
                     rb_sys_fail(0);
                 else {
@@ -2014,9 +2010,13 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
             }
             /* fall through */
           default:
-            rb_str_unlocktmp(str);
             ossl_raise(eSSLError, "SSL_read");
         }
+
+        // Ensure the buffer is not modified during io_wait_*able()
+        rb_str_modify(str);
+        if (rb_str_capacity(str) < (size_t)ilen)
+            rb_raise(eSSLError, "read buffer was modified");
     }
 }
 

data/lib/openssl/ssl.rb

@@ -92,7 +92,6 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
 
       DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
       DEFAULT_CERT_STORE.set_default_paths
-      DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
 
       # A callback invoked when DH parameters are required for ephemeral DH key
       # exchange.

data/lib/openssl/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenSSL
-  VERSION = "3.3.0"
+  VERSION = "3.3.1"
 end

metadata

@@ -1,17 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: openssl
 version: !ruby/object:Gem::Version
-  version: 3.3.0
+  version: 3.3.1
 platform: ruby
 authors:
 - Martin Bosslet
 - SHIBATA Hiroshi
 - Zachary Scott
 - Kazuki Yamaguchi
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-21 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies: []
 description: OpenSSL for Ruby provides access to SSL/TLS and general-purpose cryptography
   based on the OpenSSL library.
@@ -105,7 +104,6 @@ licenses:
 - BSD-2-Clause
 metadata:
   msys2_mingw_dependencies: openssl
-post_install_message:
 rdoc_options:
 - "--main"
 - README.md
@@ -122,8 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: SSL/TLS and general-purpose cryptography for Ruby
 test_files: []