ruby.git/ext/openssl/ossl.c, branch ruby_1_8_7 The Ruby Programming Language merge revision(s) 26836:26859,26861,27921: 2010-06-21T09:18:59+00:00 shyouhei shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2010-06-21T09:18:59+00:00 1ae16961956c2459c0f29b676c5da9cb9cc875bf * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by backporting. (see [ruby-dev:40573]) use long in according to OpenSSL API. (SSL_SESSION_{get,set}_time{,out}) * ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper for X509_NAME_hash_old in OpenSSL 1.0.0. * test/openssl/test_x509name.rb (test_hash): make test pass with OpenSSL 1.0.0. * test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5. * PKey::PKey#verify raises an exception when a given PKey does not match with signature. * PKey::DSA#sign accepts SHA1, SHA256 other than DSS1. * backport the commit from trunk: Sun Feb 28 11:49:35 2010 NARUSE, Yui <naruse@ruby-lang.org> * openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0. patched by Jeroen van Meeuwen at [ruby-core:25210] fixed by Nobuyoshi Nakada [ruby-core:25238], Hongli Lai [ruby-core:27417], and Motohiro KOSAKI [ruby-core:28063] * ext/openssl/ossl_ssl.c (ossl_ssl_method_tab), (ossl_ssl_cipher_to_ary): constified. * ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls): split pkcs7_get_certs_or_crls. * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is truncated with ec_key.group.order.size after openssl 0.9.8m for FIPS 186-3 compliance. WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns false when you pass dgst longer than expected (no truncation performed). * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed. * ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098 macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m. OpenSSL 1.0.0beta5 has a slightly different definiton so it could be a temporal workaround for 0.9.8 and 1.0.0 dual support. * ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0 (0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1) * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use SSL_SESSION_cmp and implement equality func by ousrself. See the comment. * ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0. * ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which exists. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28367 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_ssl_session.c
	  (ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by
	  backporting. (see [ruby-dev:40573])  use long in according to
	  OpenSSL API. (SSL_SESSION_{get,set}_time{,out})
	* ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper
	  for X509_NAME_hash_old in OpenSSL 1.0.0.
	* test/openssl/test_x509name.rb (test_hash): make test pass with
	  OpenSSL 1.0.0.
	* test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5.
	  * PKey::PKey#verify raises an exception when a given PKey does not
	    match with signature.
	  * PKey::DSA#sign accepts SHA1, SHA256 other than DSS1.
	* backport the commit from trunk:
	  Sun Feb 28 11:49:35 2010  NARUSE, Yui  <naruse@ruby-lang.org>
	* openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0.
	  patched by Jeroen van Meeuwen at [ruby-core:25210]
	  fixed by Nobuyoshi Nakada [ruby-core:25238],
	  Hongli Lai [ruby-core:27417],
	  and Motohiro KOSAKI [ruby-core:28063]
	* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab),
	  (ossl_ssl_cipher_to_ary): constified.
	* ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls):
	  split pkcs7_get_certs_or_crls.
	* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
	  truncated with ec_key.group.order.size after openssl 0.9.8m for
	  FIPS 186-3 compliance.
	  WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
	  openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
	  OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
	  false when you pass dgst longer than expected (no truncation
	  performed).
	* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
	* ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098
	  macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m.
	  OpenSSL 1.0.0beta5 has a slightly different definiton so it could
	  be a temporal workaround for 0.9.8 and 1.0.0 dual support.
	* ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function
	  definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0
	  (0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1)
	* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use
	  SSL_SESSION_cmp and implement equality func by ousrself.  See the
	  comment.
	* ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0.
	* ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which
	  exists.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28367 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 26835: 2010-05-24T23:58:49+00:00 shyouhei shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2010-05-24T23:58:49+00:00 ffdcd1a4dc9ad1ea4d2a320461746dbe50fb5527 * ext/openssl: backport fixes in 1.9. * r25019 by marcandre * ossl_ocsp.c (ossl_ocspres_to_der): Bug fix in Response#to_def. Patch by Chris Chandler [ruby-core:18411] * r25017 by marcandre * ossl_config.c (ossl_config_add_value_m, ossl_config_set_section): Check if frozen (or untrusted for $SECURE >= 4) [ruby-core:18377] * r22925 by nobu * ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks. [ruby-core:22860] * ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a warning. * ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may be larger than long. * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time), (ossl_ssl_session_get_timeout): use TIMET2NUM() to convert time_t. * r22924 by nobu * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): should use OPENSSL_free instead of free. a patch from Charlie Savage at [ruby-core:22858]. * r22918 by akr * ext/openssl: suppress warnings. * ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for variadic macro. * r22666 by akr * ext/openssl/lib/openssl/buffering.rb: define Buffering module under OpenSSL. [ruby-dev:37906] * r22440 by nobu * ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): OCSP_basic_verify returns positive value on success, not non-zero. [ruby-core:21762] * r22378 by akr * ext/openssl: avoid cyclic require. * ext/openssl/lib/openssl/ssl-internal.rb: renamed from ssl.rb * ext/openssl/lib/openssl/x509-internal.rb: renamed from x509.rb. [ruby-dev:38018] * r22101 by nobu * ext/openssl/ossl_cipher.c (add_cipher_name_to_ary): used conditionally. * r21510 by akr * ext/openssl/ossl.c (ossl_raise): abolish a warning. * r21208 by akr * ext/openssl/ossl_digest.c (GetDigestPtr): use StringValueCStr instead of STR2CSTR. * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto. (ossl_ec_group_initialize): ditto. * r19420 by mame * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_to_string): comment out fragments of unused code. * r18975 by nobu * ext/openssl/ossl_ocsp.c (ossl_ocspres_initialize): fix for initialization of r18168. * r18971 by nobu * ext/openssl/ossl_config.c (Init_ossl_config): removed C99ism. * r18944 by matz * ext/openssl/ossl_config.c (Init_ossl_config): memory leak fixed. a patch <shinichiro.hamaji at gmail.com> in [ruby-dev:35880]. * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): ditto. * r18917 by nobu * ext/openssl/ossl_x509attr.c (ossl_x509attr_initialize): fix for initialization of r18168. * ext/openssl/ossl_ocsp.c (ossl_ocspreq_initialize): ditto. * ext/openssl/ossl_x509name.c (ossl_x509name_initialize): ditto. * r18283 by nobu * ext/openssl/ossl_asn1.c (ossl_asn1_get_asn1type): suppress warnings on platforms which int size differs from pointer size. * r18181 by nobu * ext/openssl/openssl_missing.h (d2i_of_void): define for older versions. [ruby-dev:35637] * r18168 by nobu * ext/openssl: suppress warnings. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28004 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl: backport fixes in 1.9.
	  * r25019 by marcandre
	    * ossl_ocsp.c (ossl_ocspres_to_der): Bug fix in Response#to_def.
	      Patch by Chris Chandler [ruby-core:18411]
	  * r25017 by marcandre
	    * ossl_config.c (ossl_config_add_value_m,
	      ossl_config_set_section): Check if frozen (or untrusted for
	      $SECURE >= 4) [ruby-core:18377]
	  * r22925 by nobu
	    * ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks.
	      [ruby-core:22860]
	    * ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
	      warning.
	    * ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
	      be larger than long.
	    * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
	      (ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
	      time_t.
	  * r22924 by nobu
	    * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): should use
	      OPENSSL_free instead of free.  a patch from Charlie Savage at
	      [ruby-core:22858].
	  * r22918 by akr
	    * ext/openssl: suppress warnings.
	    * ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for
	      variadic macro.
	  * r22666 by akr
	    * ext/openssl/lib/openssl/buffering.rb: define Buffering module
	      under OpenSSL.  [ruby-dev:37906]
	  * r22440 by nobu
	    * ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): OCSP_basic_verify
	      returns positive value on success, not non-zero.
	      [ruby-core:21762]
	  * r22378 by akr
	    * ext/openssl: avoid cyclic require.
	    * ext/openssl/lib/openssl/ssl-internal.rb: renamed from ssl.rb
	    * ext/openssl/lib/openssl/x509-internal.rb: renamed from x509.rb.
	      [ruby-dev:38018]
	  * r22101 by nobu
	    * ext/openssl/ossl_cipher.c (add_cipher_name_to_ary): used
	      conditionally.
	  * r21510 by akr
	    * ext/openssl/ossl.c (ossl_raise): abolish a warning.
	  * r21208 by akr
	    * ext/openssl/ossl_digest.c (GetDigestPtr): use StringValueCStr
	      instead of STR2CSTR.
	    * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
	      (ossl_ec_group_initialize): ditto.
	  * r19420 by mame
	    * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_to_string): comment out
	      fragments of unused code.
	  * r18975 by nobu
	    * ext/openssl/ossl_ocsp.c (ossl_ocspres_initialize): fix for
	      initialization of r18168.
	  * r18971 by nobu
	    * ext/openssl/ossl_config.c (Init_ossl_config): removed C99ism.
	  * r18944 by matz
	    * ext/openssl/ossl_config.c (Init_ossl_config): memory leak fixed.
	      a patch <shinichiro.hamaji at gmail.com> in [ruby-dev:35880].
	    * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): ditto.
	  * r18917 by nobu
	    * ext/openssl/ossl_x509attr.c (ossl_x509attr_initialize): fix for
	      initialization of r18168.
	    * ext/openssl/ossl_ocsp.c (ossl_ocspreq_initialize): ditto.
	    * ext/openssl/ossl_x509name.c (ossl_x509name_initialize): ditto.
	  * r18283 by nobu
	    * ext/openssl/ossl_asn1.c (ossl_asn1_get_asn1type): suppress
	      warnings on platforms which int size differs from pointer size.
	  * r18181 by nobu
	    * ext/openssl/openssl_missing.h (d2i_of_void): define for older
	      versions.  [ruby-dev:35637]
	  * r18168 by nobu
	    * ext/openssl: suppress warnings.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28004 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
import OpenSSL from trunk 2007-06-08T15:02:04+00:00 technorama technorama@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2007-06-08T15:02:04+00:00 18342ff8e00ebe27584786276a68d99767a2c38d git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@12496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@12496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/extconf.rb: should check ERR_peek_last_error(). 2005-11-01T01:52:13+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-11-01T01:52:13+00:00 4798cd1bb3e7b38b0f56d71b88538a773a8c03ca [ruby-dev:27597] * ext/openssl/ossl.c (ossl_raise): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  [ruby-dev:27597]

* ext/openssl/ossl.c (ossl_raise): ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (Init_openssl): should call OpenSSL_add_ssl_algorithms(). 2005-10-12T03:56:04+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-10-12T03:56:04+00:00 2743a0530847ad6665811190d257fecfc9c15337 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9381 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_raise): should use ERR_peek_last_error 2005-09-10T00:54:31+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-09-10T00:54:31+00:00 2ec654a1a042979088d6d84c0c7c5eae3aaf31d5 to get last error on the current thread. And should report errors are on the stack while OpenSSL.debug is true. * ext/openssl/ossl.c (ossl_get_errors): new method for debugging this library. * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message. * ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid of unused variable. * ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should set @time to avoid warning. * ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths, X509_STORE_add_cert, X509_STORE_add_crl): should raise error if wrapped functions failed. * test/openssl/test_x509store.rb: add test for errors. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  to get last error on the current thread. And should report
  errors are on the stack while OpenSSL.debug is true.

* ext/openssl/ossl.c (ossl_get_errors): new method for debugging
  this library.

* ext/openssl/ossl_ssl.c (ossl_sslctx_set_ciphers): fix error message.

* ext/openssl/ossl_x509req.c (ossl_x509req_set_attributes): get rid
  of unused variable.

* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): should
  set @time to avoid warning.

* ext/openssl/ossl_x509store.c (ossl_x509store_set_default_paths,
  X509_STORE_add_cert, X509_STORE_add_crl): should raise error if
  wrapped functions failed.

* test/openssl/test_x509store.rb: add test for errors.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9110 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_raise): refine message format. 2004-12-16T09:39:54+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2004-12-16T09:39:54+00:00 d238fd1322f6ef19208666f9fbb76533bbf56070 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7577 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7577 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_raise): avoid buffer overrun. [ruby-dev:25187] 2004-12-14T05:05:17+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2004-12-14T05:05:17+00:00 08dc317502511db1d0d48fa51742aa8bbb58e8de git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7550 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7550 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* eval.c (top_include): include in the wrapped load is done for 2004-04-05T07:45:32+00:00 matz matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2004-04-05T07:45:32+00:00 849bc0234abaa8458f132981404e198666c5610b the wrapper, not for a singleton class for wrapped main. [ruby-dev:23305] * bignum.c (rb_big_eq): use temporary double variable to save the result (internal float register may be bigger than 64 bits, for example, 80 bits on x86). [ruby-dev:23311] * eval.c (block_pass): should generate unique identifier of the pushing block. [ruby-talk:96363] * ext/socket/socket.c (make_hostent): fix memory leak, based on the patch from HORIKAWA Hisashi <vzw00011@nifty.ne.jp>. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6092 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  the wrapper, not for a singleton class for wrapped main.
  [ruby-dev:23305]

* bignum.c (rb_big_eq): use temporary double variable to save the
  result (internal float register may be bigger than 64 bits, for
  example, 80 bits on x86).  [ruby-dev:23311]

* eval.c (block_pass): should generate unique identifier of the
  pushing block.  [ruby-talk:96363]

* ext/socket/socket.c (make_hostent): fix memory leak, based on
  the patch from HORIKAWA Hisashi <vzw00011@nifty.ne.jp>.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@6092 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkcs12.[ch]: new files. add OpenSSL::PKCS12. 2003-12-11T12:29:08+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2003-12-11T12:29:08+00:00 ab2e1c141fa996348d836b4e1537aace5e4d4463 * ext/openssl/ossl_ossl.[ch]: ditto. * ext/openssl/MANIFEST: add ossl_pkcs12.[ch]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* ext/openssl/ossl_ossl.[ch]: ditto.

* ext/openssl/MANIFEST: add ossl_pkcs12.[ch].


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e