RubyGems - openssl - Versions diffs - 2.1.0.beta2 → 2.1.0 - Mend

openssl 2.1.0.beta2 → 2.1.0

Potentially problematic release.

This version of openssl might be problematic. Click here for more details.

Files changed (7) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4dea8ca704a58adc4312acd244662598b72371fb69228c123b0adf64fdca4e42
-  data.tar.gz: e45d8324405378f31a70fc2b56d580279b4fd765531d8569955eb0b4de06d604
+  metadata.gz: 0aff67f2204b80c3025d586532781b964e53dbc5e09007ea2d565af06a058ef9
+  data.tar.gz: 2893f6b8e1a1d331ec37834e283aaab4ed67b4700a45937abe4820d01ef3b7ca
 SHA512:
-  metadata.gz: b42ba538068f938ae0f5301e202ca7aabc0cfbb78d8f66b06898dc248afd96e84944a8578159aed34f4a90d7d3e0f92cca4afd65ca311034ff48ec26e01c993a
-  data.tar.gz: 2ca3439c2e39e598716df0bfc657b60a024abedc0a937f6120760008ae159363cb3d03d067ce15eba7745b8462cf9b2cf2d43b5a6a2b000a87e06ba176fb894f
+  metadata.gz: f96194c09bd09d7a344b4580689c0fb1da891954c3dedfaaf1c15aa0178b67df0c07a8cb7c18279a3567f66011ab5a848173dd2967e627f5a26ce27a6d524c13
+  data.tar.gz: 270a163d72b3d3e63233f148ee1d642d8cef55f30475d405130654a595f072c71a692c1f164f44a4bfadda29d944c2d5fc1ff17811aff8dad1bb7e19299a4803

data/History.md CHANGED

@@ -1,5 +1,5 @@
-Version 2.1.0.beta2
-===================
+Version 2.1.0
+=============
 Notable changes
 ---------------
@@ -50,6 +50,24 @@ Notable changes
   [[GitHub #169]](https://github.com/ruby/openssl/pull/169)
 * OpenSSL::SSL::SSLContext#add_certificate is added.
   [[GitHub #167]](https://github.com/ruby/openssl/pull/167)
+* OpenSSL::PKey::EC::Point#to_octet_string is added.
+  OpenSSL::PKey::EC::Point.new can now take String as the second argument.
+  [[GitHub #177]](https://github.com/ruby/openssl/pull/177)
+Version 2.0.7
+=============
+Bug fixes
+---------
+* OpenSSL::Cipher#auth_data= could segfault if called against a non-AEAD cipher.
+  [[Bug #14024]](https://bugs.ruby-lang.org/issues/14024)
+* OpenSSL::X509::Certificate#public_key= (and similar methods) could segfault
+  when an instance of OpenSSL::PKey::PKey with no public key components is
+  passed.
+  [[Bug #14087]](https://bugs.ruby-lang.org/issues/14087)
+  [[GitHub #168]](https://github.com/ruby/openssl/pull/168)
 Version 2.0.6

data/ext/openssl/ossl_asn1.c CHANGED

@@ -1665,12 +1665,12 @@ Init_ossl_asn1(void)
      * == Primitive sub-classes and their mapping to Ruby classes
      * * OpenSSL::ASN1::EndOfContent    <=> _value_ is always +nil+
      * * OpenSSL::ASN1::Boolean         <=> _value_ is +true+ or +false+
-     * * OpenSSL::ASN1::Integer         <=> _value_ is an Integer
+     * * OpenSSL::ASN1::Integer         <=> _value_ is an OpenSSL::BN
      * * OpenSSL::ASN1::BitString       <=> _value_ is a String
      * * OpenSSL::ASN1::OctetString     <=> _value_ is a String
      * * OpenSSL::ASN1::Null            <=> _value_ is always +nil+
      * * OpenSSL::ASN1::Object          <=> _value_ is a String
-     * * OpenSSL::ASN1::Enumerated      <=> _value_ is an Integer
+     * * OpenSSL::ASN1::Enumerated      <=> _value_ is an OpenSSL::BN
      * * OpenSSL::ASN1::UTF8String      <=> _value_ is a String
      * * OpenSSL::ASN1::NumericString   <=> _value_ is a String
      * * OpenSSL::ASN1::PrintableString <=> _value_ is a String

data/ext/openssl/ossl_pkey_ec.c CHANGED

@@ -1319,76 +1319,61 @@ ec_point_new(const EC_POINT *point, const EC_GROUP *group)
     return obj;
 }
+static VALUE ossl_ec_point_initialize_copy(VALUE, VALUE);
 /*
  * call-seq:
  *   OpenSSL::PKey::EC::Point.new(point)
- *   OpenSSL::PKey::EC::Point.new(group)
- *   OpenSSL::PKey::EC::Point.new(group, bn)
+ *   OpenSSL::PKey::EC::Point.new(group [, encoded_point])
  *
- * See the OpenSSL documentation for EC_POINT_*
+ * Creates a new instance of OpenSSL::PKey::EC::Point. If the only argument is
+ * an instance of EC::Point, a copy is returned. Otherwise, creates a point
+ * that belongs to _group_.
+ *
+ * _encoded_point_ is the octet string representation of the point. This
+ * must be either a String or an OpenSSL::BN.
  */
 static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self)
 {
     EC_POINT *point;
-    VALUE arg1, arg2;
-    VALUE group_v = Qnil;
-    const EC_GROUP *group = NULL;
+    VALUE group_v, arg2;
+    const EC_GROUP *group;
     TypedData_Get_Struct(self, EC_POINT, &ossl_ec_point_type, point);
     if (point)
-        ossl_raise(eEC_POINT, "EC_POINT already initialized");
-    switch (rb_scan_args(argc, argv, "11", &arg1, &arg2)) {
-    case 1:
-        if (rb_obj_is_kind_of(arg1, cEC_POINT)) {
-            const EC_POINT *arg_point;
-	    group_v = rb_attr_get(arg1, id_i_group);
-	    GetECGroup(group_v, group);
-	    GetECPoint(arg1, arg_point);
-            point = EC_POINT_dup(arg_point, group);
-        } else if (rb_obj_is_kind_of(arg1, cEC_GROUP)) {
-            group_v = arg1;
-            GetECGroup(group_v, group);
-            point = EC_POINT_new(group);
-        } else {
-            ossl_raise(eEC_POINT, "wrong argument type: must be OpenSSL::PKey::EC::Point or OpenSSL::Pkey::EC::Group");
-        }
+	rb_raise(eEC_POINT, "EC_POINT already initialized");
-        break;
-     case 2:
-        if (!rb_obj_is_kind_of(arg1, cEC_GROUP))
-            ossl_raise(rb_eArgError, "1st argument must be OpenSSL::PKey::EC::Group");
-        group_v = arg1;
-        GetECGroup(group_v, group);
-        if (rb_obj_is_kind_of(arg2, cBN)) {
-            const BIGNUM *bn = GetBNPtr(arg2);
-            point = EC_POINT_bn2point(group, bn, NULL, ossl_bn_ctx);
-        } else {
-            BIO *in = ossl_obj2bio(&arg1);
-/* BUG: finish me */
-            BIO_free(in);
-            if (point == NULL) {
-                ossl_raise(eEC_POINT, "unknown type for 2nd arg");
-            }
-        }
-        break;
-    default:
-        ossl_raise(rb_eArgError, "wrong number of arguments");
+    rb_scan_args(argc, argv, "11", &group_v, &arg2);
+    if (rb_obj_is_kind_of(group_v, cEC_POINT)) {
+	if (argc != 1)
+	    rb_raise(rb_eArgError, "invalid second argument");
+	return ossl_ec_point_initialize_copy(self, group_v);
     }
-    if (point == NULL)
-        ossl_raise(eEC_POINT, NULL);
-    if (NIL_P(group_v))
-        ossl_raise(rb_eRuntimeError, "missing group (internal error)");
+    GetECGroup(group_v, group);
+    if (argc == 1) {
+	point = EC_POINT_new(group);
+	if (!point)
+	    ossl_raise(eEC_POINT, "EC_POINT_new");
+    }
+    else {
+	if (rb_obj_is_kind_of(arg2, cBN)) {
+	    point = EC_POINT_bn2point(group, GetBNPtr(arg2), NULL, ossl_bn_ctx);
+	    if (!point)
+		ossl_raise(eEC_POINT, "EC_POINT_bn2point");
+	}
+	else {
+	    StringValue(arg2);
+	    point = EC_POINT_new(group);
+	    if (!point)
+		ossl_raise(eEC_POINT, "EC_POINT_new");
+	    if (!EC_POINT_oct2point(group, point,
+				    (unsigned char *)RSTRING_PTR(arg2),
+				    RSTRING_LEN(arg2), ossl_bn_ctx)) {
+		EC_POINT_free(point);
+		ossl_raise(eEC_POINT, "EC_POINT_oct2point");
+	    }
+	}
+    }
     RTYPEDDATA_DATA(self) = point;
     rb_ivar_set(self, id_i_group, group_v);
@@ -1543,38 +1528,38 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
 /*
  * call-seq:
- *   point.to_bn(conversion_form = nil) => OpenSSL::BN
+ *    point.to_octet_string(conversion_form) -> String
  *
- * Convert the EC point into an octet string and store in an OpenSSL::BN. If
- * _conversion_form_ is given, the point data is converted using the specified
- * form. If not given, the default form set in the EC::Group object is used.
+ * Returns the octet string representation of the elliptic curve point.
  *
- * See also EC::Point#point_conversion_form=.
+ * _conversion_form_ specifies how the point is converted. Possible values are:
+ *
+ * - +:compressed+
+ * - +:uncompressed+
+ * - +:hybrid+
  */
 static VALUE
-ossl_ec_point_to_bn(int argc, VALUE *argv, VALUE self)
+ossl_ec_point_to_octet_string(VALUE self, VALUE conversion_form)
 {
     EC_POINT *point;
-    VALUE form_obj, bn_obj;
     const EC_GROUP *group;
     point_conversion_form_t form;
-    BIGNUM *bn;
+    VALUE str;
+    size_t len;
     GetECPoint(self, point);
     GetECPointGroup(self, group);
-    rb_scan_args(argc, argv, "01", &form_obj);
-    if (NIL_P(form_obj))
-	form = EC_GROUP_get_point_conversion_form(group);
-    else
-	form = parse_point_conversion_form_symbol(form_obj);
-    bn_obj = rb_obj_alloc(cBN);
-    bn = GetBNPtr(bn_obj);
-    if (EC_POINT_point2bn(group, point, form, bn, ossl_bn_ctx) == NULL)
-        ossl_raise(eEC_POINT, "EC_POINT_point2bn");
-    return bn_obj;
+    form = parse_point_conversion_form_symbol(conversion_form);
+    len = EC_POINT_point2oct(group, point, form, NULL, 0, ossl_bn_ctx);
+    if (!len)
+	ossl_raise(eEC_POINT, "EC_POINT_point2oct");
+    str = rb_str_new(NULL, (long)len);
+    if (!EC_POINT_point2oct(group, point, form,
+			    (unsigned char *)RSTRING_PTR(str), len,
+			    ossl_bn_ctx))
+	ossl_raise(eEC_POINT, "EC_POINT_point2oct");
+    return str;
 }
 /*
@@ -1799,7 +1784,7 @@ void Init_ossl_ec(void)
     rb_define_method(cEC_POINT, "set_to_infinity!", ossl_ec_point_set_to_infinity, 0);
 /* all the other methods */
-    rb_define_method(cEC_POINT, "to_bn", ossl_ec_point_to_bn, -1);
+    rb_define_method(cEC_POINT, "to_octet_string", ossl_ec_point_to_octet_string, 1);
     rb_define_method(cEC_POINT, "mul", ossl_ec_point_mul, -1);
     id_i_group = rb_intern("@group");

data/ext/openssl/ossl_ssl.c CHANGED

@@ -377,7 +377,6 @@ ossl_call_session_get_cb(VALUE ary)
     return rb_funcallv(cb, id_call, 1, &ary);
 }
-/* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
 static SSL_SESSION *
 #if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
 ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy)
@@ -1035,10 +1034,6 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
     }
     GetSSLCTX(self, ctx);
-    if(!ctx){
-        ossl_raise(eSSLError, "SSL_CTX is not initialized.");
-        return Qnil;
-    }
     if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) {
         ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
     }

data/lib/openssl/pkey.rb CHANGED

@@ -1,3 +1,25 @@
 # frozen_string_literal: false
-module OpenSSL
+#--
+# Ruby/OpenSSL Project
+# Copyright (C) 2017 Ruby/OpenSSL Project Authors
+#++
+module OpenSSL::PKey
+  if defined?(EC)
+  class EC::Point
+    # :call-seq:
+    #    point.to_bn([conversion_form]) -> OpenSSL::BN
+    #
+    # Returns the octet string representation of the EC point as an instance of
+    # OpenSSL::BN.
+    #
+    # If _conversion_form_ is not given, the _point_conversion_form_ attribute
+    # set to the group is used.
+    #
+    # See #to_octet_string for more information.
+    def to_bn(conversion_form = group.point_conversion_form)
+      OpenSSL::BN.new(to_octet_string(conversion_form), 2)
+    end
+  end
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openssl
 version: !ruby/object:Gem::Version
-  version: 2.1.0.beta2
+  version: 2.1.0
 platform: ruby
 authors:
 - Martin Bosslet
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-11-25 00:00:00.000000000 Z
+date: 2017-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -168,12 +168,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.2
+rubygems_version: 2.7.3
 signing_key:
 specification_version: 4
 summary: OpenSSL provides SSL, TLS and general purpose cryptography.