openssl 2.1.1 → 2.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +35 -0
- data/ext/openssl/extconf.rb +7 -0
- data/ext/openssl/openssl_missing.h +2 -2
- data/ext/openssl/ossl.c +1 -0
- data/ext/openssl/ossl_asn1.c +1 -0
- data/ext/openssl/ossl_pkcs12.c +1 -0
- data/ext/openssl/ossl_pkcs7.c +1 -0
- data/ext/openssl/ossl_pkey.c +26 -3
- data/ext/openssl/ossl_pkey.h +1 -1
- data/ext/openssl/ossl_pkey_ec.c +1 -0
- data/ext/openssl/ossl_version.h +1 -1
- data/ext/openssl/ossl_x509ext.c +1 -0
- data/ext/openssl/ossl_x509name.c +8 -7
- data/ext/openssl/ossl_x509store.c +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9a5ba46835caa91a77f80010c07b52e8532221c8a1b4726159584eb92a6ce204
|
|
4
|
+
data.tar.gz: ca5ba9b87ceb945ac1f312e00ceadae32c868e2659e89677ed534a22ed145cf8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0eb54df27a2aa1455fb18b6e5e05c40598ba3f342ad933fd035342596b55a1e68c3b9607cede2b955961805150ca8eb7dcfa2a046600614da1d80dc9d17db17b
|
|
7
|
+
data.tar.gz: 31ac63101df5218fa003477b130b07a32826f685e465c71cf43fc9db28d3ecbb275e5dcc4b685860f418ea893378c133009af92ff1a2293b3d91606a8055b70b
|
data/History.md
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
Version 2.1.2
|
|
2
|
+
=============
|
|
3
|
+
|
|
4
|
+
Merged changes in 2.0.9.
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
Version 2.1.1
|
|
8
|
+
=============
|
|
9
|
+
|
|
10
|
+
Merged changes in 2.0.8.
|
|
11
|
+
|
|
12
|
+
|
|
1
13
|
Version 2.1.0
|
|
2
14
|
=============
|
|
3
15
|
|
|
@@ -55,6 +67,29 @@ Notable changes
|
|
|
55
67
|
[[GitHub #177]](https://github.com/ruby/openssl/pull/177)
|
|
56
68
|
|
|
57
69
|
|
|
70
|
+
Version 2.0.9
|
|
71
|
+
=============
|
|
72
|
+
|
|
73
|
+
Security fixes
|
|
74
|
+
--------------
|
|
75
|
+
|
|
76
|
+
* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
|
|
77
|
+
objects. CVE-2018-16395 is assigned for this issue.
|
|
78
|
+
https://hackerone.com/reports/387250
|
|
79
|
+
|
|
80
|
+
Bug fixes
|
|
81
|
+
---------
|
|
82
|
+
|
|
83
|
+
* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
|
|
84
|
+
interrupted.
|
|
85
|
+
[[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
|
|
86
|
+
[[GitHub #205]](https://github.com/ruby/openssl/pull/205)
|
|
87
|
+
* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
|
|
88
|
+
called against an empty instance.
|
|
89
|
+
[[GitHub #200]](https://github.com/ruby/openssl/issues/200)
|
|
90
|
+
[[GitHub #211]](https://github.com/ruby/openssl/pull/211)
|
|
91
|
+
|
|
92
|
+
|
|
58
93
|
Version 2.0.8
|
|
59
94
|
=============
|
|
60
95
|
|
data/ext/openssl/extconf.rb
CHANGED
|
@@ -33,6 +33,9 @@ end
|
|
|
33
33
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
|
34
34
|
have_library("nsl", "t_open")
|
|
35
35
|
have_library("socket", "socket")
|
|
36
|
+
if $mswin || $mingw
|
|
37
|
+
have_library("ws2_32")
|
|
38
|
+
end
|
|
36
39
|
|
|
37
40
|
Logging::message "=== Checking for required stuff... ===\n"
|
|
38
41
|
result = pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
@@ -111,6 +114,10 @@ engines.each { |name|
|
|
|
111
114
|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
|
|
112
115
|
}
|
|
113
116
|
|
|
117
|
+
if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
|
118
|
+
$defs.push("-DNOCRYPT")
|
|
119
|
+
end
|
|
120
|
+
|
|
114
121
|
# added in 1.0.2
|
|
115
122
|
have_func("EC_curve_nist2nid")
|
|
116
123
|
have_func("X509_REVOKED_dup")
|
|
@@ -149,7 +149,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
|
149
149
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
|
150
150
|
return pkey->pkey._name; }
|
|
151
151
|
#define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
|
|
152
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
|
152
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
|
|
153
153
|
if (a1) *a1 = obj->a1; \
|
|
154
154
|
if (a2) *a2 = obj->a2; } \
|
|
155
155
|
static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
@@ -158,7 +158,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
|
|
|
158
158
|
BN_clear_free(obj->a2); obj->a2 = a2; \
|
|
159
159
|
return 1; }
|
|
160
160
|
#define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
|
|
161
|
-
static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
|
161
|
+
static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
|
|
162
162
|
if (a1) *a1 = obj->a1; \
|
|
163
163
|
if (a2) *a2 = obj->a2; \
|
|
164
164
|
if (a3) *a3 = obj->a3; } \
|
data/ext/openssl/ossl.c
CHANGED
data/ext/openssl/ossl_asn1.c
CHANGED
data/ext/openssl/ossl_pkcs12.c
CHANGED
data/ext/openssl/ossl_pkcs7.c
CHANGED
data/ext/openssl/ossl_pkey.c
CHANGED
|
@@ -20,6 +20,21 @@ static ID id_private_q;
|
|
|
20
20
|
/*
|
|
21
21
|
* callback for generating keys
|
|
22
22
|
*/
|
|
23
|
+
static VALUE
|
|
24
|
+
call_check_ints0(VALUE arg)
|
|
25
|
+
{
|
|
26
|
+
rb_thread_check_ints();
|
|
27
|
+
return Qnil;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
static void *
|
|
31
|
+
call_check_ints(void *arg)
|
|
32
|
+
{
|
|
33
|
+
int state;
|
|
34
|
+
rb_protect(call_check_ints0, Qnil, &state);
|
|
35
|
+
return (void *)(VALUE)state;
|
|
36
|
+
}
|
|
37
|
+
|
|
23
38
|
int
|
|
24
39
|
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
|
25
40
|
{
|
|
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
|
|
|
38
53
|
*/
|
|
39
54
|
rb_protect(rb_yield, ary, &state);
|
|
40
55
|
if (state) {
|
|
41
|
-
arg->stop = 1;
|
|
42
56
|
arg->state = state;
|
|
57
|
+
return 0;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
if (arg->interrupted) {
|
|
61
|
+
arg->interrupted = 0;
|
|
62
|
+
state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
|
|
63
|
+
if (state) {
|
|
64
|
+
arg->state = state;
|
|
65
|
+
return 0;
|
|
43
66
|
}
|
|
44
67
|
}
|
|
45
|
-
if (arg->stop) return 0;
|
|
46
68
|
return 1;
|
|
47
69
|
}
|
|
48
70
|
|
|
@@ -50,7 +72,7 @@ void
|
|
|
50
72
|
ossl_generate_cb_stop(void *ptr)
|
|
51
73
|
{
|
|
52
74
|
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
|
|
53
|
-
arg->
|
|
75
|
+
arg->interrupted = 1;
|
|
54
76
|
}
|
|
55
77
|
|
|
56
78
|
static void
|
|
@@ -389,6 +411,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
|
|
|
389
411
|
void
|
|
390
412
|
Init_ossl_pkey(void)
|
|
391
413
|
{
|
|
414
|
+
#undef rb_intern
|
|
392
415
|
#if 0
|
|
393
416
|
mOSSL = rb_define_module("OpenSSL");
|
|
394
417
|
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
data/ext/openssl/ossl_pkey.h
CHANGED
data/ext/openssl/ossl_pkey_ec.c
CHANGED
|
@@ -1649,6 +1649,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
|
|
|
1649
1649
|
|
|
1650
1650
|
void Init_ossl_ec(void)
|
|
1651
1651
|
{
|
|
1652
|
+
#undef rb_intern
|
|
1652
1653
|
#if 0
|
|
1653
1654
|
mPKey = rb_define_module_under(mOSSL, "PKey");
|
|
1654
1655
|
cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
|
data/ext/openssl/ossl_version.h
CHANGED
data/ext/openssl/ossl_x509ext.c
CHANGED
data/ext/openssl/ossl_x509name.c
CHANGED
|
@@ -250,14 +250,12 @@ ossl_x509name_to_s_old(VALUE self)
|
|
|
250
250
|
{
|
|
251
251
|
X509_NAME *name;
|
|
252
252
|
char *buf;
|
|
253
|
-
VALUE str;
|
|
254
253
|
|
|
255
254
|
GetX509Name(self, name);
|
|
256
255
|
buf = X509_NAME_oneline(name, NULL, 0);
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
return str;
|
|
256
|
+
if (!buf)
|
|
257
|
+
ossl_raise(eX509NameError, "X509_NAME_oneline");
|
|
258
|
+
return ossl_buf2str(buf, rb_long2int(strlen(buf)));
|
|
261
259
|
}
|
|
262
260
|
|
|
263
261
|
static VALUE
|
|
@@ -265,12 +263,14 @@ x509name_print(VALUE self, unsigned long iflag)
|
|
|
265
263
|
{
|
|
266
264
|
X509_NAME *name;
|
|
267
265
|
BIO *out;
|
|
266
|
+
int ret;
|
|
268
267
|
|
|
269
268
|
GetX509Name(self, name);
|
|
270
269
|
out = BIO_new(BIO_s_mem());
|
|
271
270
|
if (!out)
|
|
272
271
|
ossl_raise(eX509NameError, NULL);
|
|
273
|
-
|
|
272
|
+
ret = X509_NAME_print_ex(out, name, 0, iflag);
|
|
273
|
+
if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
|
|
274
274
|
BIO_free(out);
|
|
275
275
|
ossl_raise(eX509NameError, "X509_NAME_print_ex");
|
|
276
276
|
}
|
|
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
|
|
|
400
400
|
|
|
401
401
|
result = ossl_x509name_cmp0(self, other);
|
|
402
402
|
if (result < 0) return INT2FIX(-1);
|
|
403
|
-
if (result >
|
|
403
|
+
if (result > 0) return INT2FIX(1);
|
|
404
404
|
|
|
405
405
|
return INT2FIX(0);
|
|
406
406
|
}
|
|
@@ -502,6 +502,7 @@ ossl_x509name_to_der(VALUE self)
|
|
|
502
502
|
void
|
|
503
503
|
Init_ossl_x509name(void)
|
|
504
504
|
{
|
|
505
|
+
#undef rb_intern
|
|
505
506
|
VALUE utf8str, ptrstr, ia5str, hash;
|
|
506
507
|
|
|
507
508
|
#if 0
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openssl
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Martin Bosslet
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2018-
|
|
14
|
+
date: 2018-10-18 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: rake
|