ruby.git/ext/openssl/ossl_cipher.c, branch v3_4_9 The Ruby Programming Language [ruby/openssl] cipher: make output buffer String independent 2024-12-21T18:33:03+00:00 Kazuki Yamaguchi k@rhe.jp 2024-12-10T14:06:00+00:00 637f019f1f7611ba41f761a1b17e4228661d0a5b OpenSSL::Cipher#update accepts a String as the second argument to be used as the output buffer. The buffer must be directly writable, in other words, it must not be frozen and not a shared string. rb_str_resize() does not make the String independent if the String already has the intended length. Use the rb_str_modify() family instead to check it. Fixes: https://bugs.ruby-lang.org/issues/20937 https://github.com/ruby/openssl/commit/1de3b80a46 
OpenSSL::Cipher#update accepts a String as the second argument to be
used as the output buffer. The buffer must be directly writable, in
other words, it must not be frozen and not a shared string.

rb_str_resize() does not make the String independent if the String
already has the intended length. Use the rb_str_modify() family instead
to check it.

Fixes: https://bugs.ruby-lang.org/issues/20937

https://github.com/ruby/openssl/commit/1de3b80a46
[ruby/openssl] Mark variables and functions as static whenever possible 2024-12-07T07:55:47+00:00 Kazuki Yamaguchi k@rhe.jp 2024-10-29T19:03:05+00:00 1df63d9451459209c00f5e8db033f18d145cc741 https://github.com/ruby/openssl/commit/85d6b7f192 
https://github.com/ruby/openssl/commit/85d6b7f192
[ruby/openssl] Fix references to the license text 2024-06-08T10:59:17+00:00 Kazuki Yamaguchi k@rhe.jp 2024-05-01T08:10:44+00:00 69c0b1438a45938e79e63407035f116de4634dcb Update the references to the file "LICENCE" with "COPYING". The file LICENCE doesn't exist in ruby/ruby nor ruby/openssl. This has been always the case since OpenSSL for Ruby 2 was merged to the ruby tree as a standard library in 2003. In OpenSSL for Ruby 2's CVS repository[1], the LICENCE file contained an old version of the Ruby License, identical to the COPYING file that was in Ruby's tree at that time (r4128[2]). [1] http://cvs.savannah.gnu.org/viewvc/rubypki/ossl2/LICENCE?revision=1.1.1.1&view=markup [2] https://github.com/ruby/ruby/blob/231247c010acba191b78ed2d1310c935e63ad919/COPYING https://github.com/ruby/openssl/commit/5bccf07d04 
Update the references to the file "LICENCE" with "COPYING".

The file LICENCE doesn't exist in ruby/ruby nor ruby/openssl. This has
been always the case since OpenSSL for Ruby 2 was merged to the ruby
tree as a standard library in 2003.

In OpenSSL for Ruby 2's CVS repository[1], the LICENCE file contained
an old version of the Ruby License, identical to the COPYING file that
was in Ruby's tree at that time (r4128[2]).

[1] http://cvs.savannah.gnu.org/viewvc/rubypki/ossl2/LICENCE?revision=1.1.1.1&view=markup
[2] https://github.com/ruby/ruby/blob/231247c010acba191b78ed2d1310c935e63ad919/COPYING

https://github.com/ruby/openssl/commit/5bccf07d04
[ruby/openssl] cipher: fix buffer overflow in Cipher#update 2024-05-02T07:26:11+00:00 Kazuki Yamaguchi k@rhe.jp 2024-02-05T12:54:32+00:00 eb6f0000a4b752803ff7431d24d1a0a535a4387e OpenSSL::Cipher#update currently allocates the output buffer with size (input data length)+(the block size of the cipher). This is insufficient for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers. They have a block size of 8 bytes, but the output may be up to 15 bytes larger than the input. Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output buffer size, instead. OpenSSL doesn't provide a generic way to tell the maximum required buffer size for ciphers, but this is large enough for all algorithms implemented in current versions of OpenSSL. Fixes: https://bugs.ruby-lang.org/issues/20236 https://github.com/ruby/openssl/commit/3035559f54 
OpenSSL::Cipher#update currently allocates the output buffer with size
(input data length)+(the block size of the cipher). This is insufficient
for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers.
They have a block size of 8 bytes, but the output may be up to 15 bytes
larger than the input.

Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output
buffer size, instead. OpenSSL doesn't provide a generic way to tell the
maximum required buffer size for ciphers, but this is large enough for
all algorithms implemented in current versions of OpenSSL.

Fixes: https://bugs.ruby-lang.org/issues/20236

https://github.com/ruby/openssl/commit/3035559f54
[ruby/openssl] Update Cipher#name to match Digest#name explanation 2024-04-30T15:05:50+00:00 Bart de Water 496367+bdewater@users.noreply.github.com 2024-03-15T15:05:20+00:00 9d75d9f07ce1d7ac5a75d787c5acff2aa11e99c9 https://github.com/ruby/openssl/commit/79e6dead6e 
https://github.com/ruby/openssl/commit/79e6dead6e
[ruby/openssl] Implement Write Barrier for all OpenSSL types 2023-06-18T16:57:09+00:00 Jean Boussier jean.boussier@gmail.com 2023-03-13T08:51:53+00:00 1965c09ee50b5202d45462cd8bc6224ca6e45ae9 The vast majority have no reference so it's just a matter of setting the flags. For the couple exception, they have very little references so it's easy. https://github.com/ruby/openssl/commit/2c7c6de69e 
The vast majority have no reference so it's just a matter of setting the flags.

For the couple exception, they have very little references so it's
easy.

https://github.com/ruby/openssl/commit/2c7c6de69e
[ruby/openssl] Allow empty string to OpenSSL::Cipher#update 2022-12-13T09:07:41+00:00 Yusuke Nakamura yusuke1994525@gmail.com 2022-11-23T12:05:49+00:00 d4dce27d894f4889f29d779c94ba2d30c231f9f8 For some reasons, plaintext may be empty string. ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8 https://github.com/ruby/openssl/commit/953592a29e 
For some reasons, plaintext may be empty string.

ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8

https://github.com/ruby/openssl/commit/953592a29e
[ruby/openssl] Suppress cast-function-type warnings 2021-09-12T13:49:05+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2021-09-12T07:27:01+00:00 6920f3dc964052112795dc9c5c4f9650807726c8 https://github.com/ruby/openssl/commit/0f91e2a6ee 
https://github.com/ruby/openssl/commit/0f91e2a6ee
[ruby/openssl] User lower case cipher names for maximum compatibility 2021-03-16T10:16:11+00:00 Bart de Water bartdewater@gmail.com 2020-07-07T16:59:11+00:00 da6341b70942cf448888471f66dfde2cf614f052 We ran into some Linux-based systems not accepting the upper case variant https://github.com/ruby/openssl/commit/7bc49121d5 
We ran into some Linux-based systems not accepting the upper case variant

https://github.com/ruby/openssl/commit/7bc49121d5
[ruby/openssl] Define Cipher #ccm_data_len= for CCM mode ciphers 2021-03-16T10:16:10+00:00 Spencer McIntyre zeroSteiner@gmail.com 2020-03-30T18:42:53+00:00 4d8bce227c85ef4d1f8b794a8c96a7b23e4cf357 Allow specifying just length to #update CCM mode ciphers need to specify the total plaintext or ciphertext length to EVP_CipherUpdate. Update the link to the tests file Define Cipher#ccm_data_len= for CCM mode ciphers Add a unit test for CCM mode Also check CCM is authenticated when testing https://github.com/ruby/openssl/commit/bb3816953b 
Allow specifying just length to #update

CCM mode ciphers need to specify the total plaintext or ciphertext
length to EVP_CipherUpdate.

Update the link to the tests file

Define Cipher#ccm_data_len= for CCM mode ciphers

Add a unit test for CCM mode

Also check CCM is authenticated when testing

https://github.com/ruby/openssl/commit/bb3816953b