ruby.git/ext/openssl/ossl_pkey_ec.c, branch v4.0.3 The Ruby Programming Language [ruby/openssl] Expand tabs in C source files 2025-12-04T17:46:59+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-29T18:40:32+00:00 5062c0c621d887367af8a054e5e5d83d7ec57dd3 Since around 2018, we have been using spaces for indentation for newly added code[1]. The mixed use of tabs and spaces has repeatedly confused new contributors who configured their editors to use a different tab size than 8. Since git blame can now skip specific commits, ruby/ruby did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl. While at it, fix a few indentation issues, mainly in switch-case labels and in ossl_ssl_session.c, which used doubled indentation size. This patch contains white-space changes only. git diff -w output should be empty. [1] https://bugs.ruby-lang.org/issues/14246 [2] https://bugs.ruby-lang.org/issues/18891 https://github.com/ruby/openssl/commit/4d6214f507 
Since around 2018, we have been using spaces for indentation for newly
added code[1]. The mixed use of tabs and spaces has repeatedly confused
new contributors who configured their editors to use a different tab
size than 8. Since git blame can now skip specific commits, ruby/ruby
did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl.

While at it, fix a few indentation issues, mainly in switch-case labels
and in ossl_ssl_session.c, which used doubled indentation size.

This patch contains white-space changes only. git diff -w output should
be empty.

[1] https://bugs.ruby-lang.org/issues/14246
[2] https://bugs.ruby-lang.org/issues/18891

https://github.com/ruby/openssl/commit/4d6214f507
[ruby/openssl] Remove dummy declarations for mOSSL and eOSSLError 2025-11-29T17:05:19+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-29T16:47:26+00:00 bae06ce22c5ab6a4a3085300274f258d55858e90 These declarations were added to every source file because older versions of RDoc did not resolve ancestor tree across files. Since RDoc 6.9.0 supports this, this workaround is no longer needed. https://redirect.github.com/ruby/rdoc/pull/1217 https://github.com/ruby/openssl/commit/6491ce63be 
These declarations were added to every source file because older
versions of RDoc did not resolve ancestor tree across files. Since
RDoc 6.9.0 supports this, this workaround is no longer needed.

    https://redirect.github.com/ruby/rdoc/pull/1217

https://github.com/ruby/openssl/commit/6491ce63be
[ruby/openssl] pkey/ec: fix OpenSSL::PKey::EC::Group#curve_name for unknown curves 2025-11-22T14:25:15+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-22T13:11:31+00:00 f9efa0cc0468692739770e754c12edf46cdf7c8e EC_GROUP_get_curve_name() returns NID_undef when OpenSSL does not recognize the curve and there is no associated OID. Handle this case explicitly and return nil instead of the string "UNDEF", which should not be exposed outside the extension. https://github.com/ruby/openssl/commit/2c16821c07 
EC_GROUP_get_curve_name() returns NID_undef when OpenSSL does not
recognize the curve and there is no associated OID.

Handle this case explicitly and return nil instead of the string
"UNDEF", which should not be exposed outside the extension.

https://github.com/ruby/openssl/commit/2c16821c07
[ruby/openssl] pkey: unify error classes into PKeyError 2025-11-06T13:33:15+00:00 Kazuki Yamaguchi k@rhe.jp 2024-12-02T14:23:20+00:00 16b1aa4e4ab1b81914c58eae8b2f31c963b4bd4c Remove the following subclasses of OpenSSL::PKey::PKeyError and make them aliases of it. - OpenSSL::PKey::DHError - OpenSSL::PKey::DSAError - OpenSSL::PKey::ECError - OpenSSL::PKey::RSAError Historically, methods defined on OpenSSL::PKey and OpenSSL::PKey::PKey raise OpenSSL::PKey::PKeyError, while methods on the subclasses raise their respective exception classes. However, this distinction is not particularly useful since all those exception classes represent the same kind of errors from the underlying EVP_PKEY API. I think this convention comes from the fact that OpenSSL::PKey::{DH, DSA,RSA} originally wrapped the corresponding OpenSSL structs DH, DSA, and RSA, before they were unified to wrap EVP_PKEY, way back in 2002. OpenSSL::PKey::EC::Group::Error and OpenSSL::PKey::EC::Point::Error are out of scope of this change, as they are not subclasses of OpenSSL::PKey::PKeyError and do not represent errors from the EVP_PKEY API. https://github.com/ruby/openssl/commit/e74ff3e272 
Remove the following subclasses of OpenSSL::PKey::PKeyError and make
them aliases of it.

 - OpenSSL::PKey::DHError
 - OpenSSL::PKey::DSAError
 - OpenSSL::PKey::ECError
 - OpenSSL::PKey::RSAError

Historically, methods defined on OpenSSL::PKey and OpenSSL::PKey::PKey
raise OpenSSL::PKey::PKeyError, while methods on the subclasses raise
their respective exception classes. However, this distinction is not
particularly useful since all those exception classes represent the
same kind of errors from the underlying EVP_PKEY API.

I think this convention comes from the fact that OpenSSL::PKey::{DH,
DSA,RSA} originally wrapped the corresponding OpenSSL structs DH, DSA,
and RSA, before they were unified to wrap EVP_PKEY, way back in 2002.

OpenSSL::PKey::EC::Group::Error and OpenSSL::PKey::EC::Point::Error
are out of scope of this change, as they are not subclasses of
OpenSSL::PKey::PKeyError and do not represent errors from the EVP_PKEY
API.

https://github.com/ruby/openssl/commit/e74ff3e272
[ruby/openssl] Check NULL values for deprecated EVP_PKEY_get0() functions 2025-10-27T06:33:17+00:00 Stan Hu stanhu@gmail.com 2025-10-21T21:10:40+00:00 b839deec4914b096988d44016c37737bc7d1254f In OpenSSL <= 1.1.1, EVP_PKEY_get0() always returned a valid object, so a NULL check was not necessary. In OpenSSL 3.0, the function can return NULL (https://docs.openssl.org/3.0/man7/migration_guide/#deprecated-function-mappings), so guard against this issue. https://github.com/ruby/openssl/commit/dc90b9c51e 
In OpenSSL <= 1.1.1, EVP_PKEY_get0() always returned a valid object, so
a NULL check was not necessary. In OpenSSL 3.0, the function can return
NULL (https://docs.openssl.org/3.0/man7/migration_guide/#deprecated-function-mappings),
so guard against this issue.

https://github.com/ruby/openssl/commit/dc90b9c51e
[ruby/openssl] pkey: disallow {DH,DSA,EC,RSA}.new without arguments with OpenSSL 3.0 2025-09-30T11:59:28+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-29T17:26:41+00:00 ad35a4be82f9356045036875759874bfac6c483b Raise ArgumentError if this is attempted when the extension is compiled with OpenSSL 3.0 or later. The form will be fully removed when we drop support for OpenSSL 1.1.1. When OpenSSL::PKey::{DH,DSA,EC,RSA}.new is called without any arguments, it sets up an empty corresponding low-level struct and wraps it in an EVP_PKEY. This is useful when the user later fills the missing fields using low-level setter methods such as OpenSSL::PKey::RSA#set_key. Such setter methods are not compatible with OpenSSL 3.0 or later, where EVP_PKEY is immutable once created. This means that the ability to create an empty instance is useless. https://github.com/ruby/openssl/commit/affd569f78 
Raise ArgumentError if this is attempted when the extension is compiled
with OpenSSL 3.0 or later. The form will be fully removed when we drop
support for OpenSSL 1.1.1.

When OpenSSL::PKey::{DH,DSA,EC,RSA}.new is called without any arguments,
it sets up an empty corresponding low-level struct and wraps it in an
EVP_PKEY. This is useful when the user later fills the missing fields
using low-level setter methods such as OpenSSL::PKey::RSA#set_key.

Such setter methods are not compatible with OpenSSL 3.0 or later, where
EVP_PKEY is immutable once created. This means that the ability to
create an empty instance is useless.

https://github.com/ruby/openssl/commit/affd569f78
[ruby/openssl] pkey: define and use OSSL_HAVE_IMMUTABLE_PKEY macro 2025-09-30T11:59:27+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-25T06:50:03+00:00 986d9177dd63aaecbbb6e3a02fe20370cbd21bc5 Introduce a useful macro indicating that the low-level struct wrapped in an EVP_PKEY cannot be modified. Currently, the macro is defined for OpenSSL 3.0 or later only. LibreSSL and AWS-LC can follow suit in the future. https://github.com/ruby/openssl/commit/032ed63096 
Introduce a useful macro indicating that the low-level struct wrapped
in an EVP_PKEY cannot be modified.

Currently, the macro is defined for OpenSSL 3.0 or later only. LibreSSL
and AWS-LC can follow suit in the future.

https://github.com/ruby/openssl/commit/032ed63096
[ruby/openssl] bn: avoid ossl_bn_new(NULL) 2025-07-27T12:17:23+00:00 Kazuki Yamaguchi k@rhe.jp 2024-05-21T08:22:47+00:00 ba0b3ad4f338a43f1d59e89d9c1c6d785644b682 Currently, calling ossl_bn_new() with a NULL argument allocates a new OpenSSL::BN instance representing 0. This behavior is confusing. Raise an exception if this is attempted, instead. https://github.com/ruby/openssl/commit/6fa793d997 
Currently, calling ossl_bn_new() with a NULL argument allocates a new
OpenSSL::BN instance representing 0. This behavior is confusing. Raise
an exception if this is attempted, instead.

https://github.com/ruby/openssl/commit/6fa793d997
[ruby/openssl] pkey/ec: avoid calling SYM2ID() on user-supplied objects 2025-07-05T14:03:32+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-04T12:57:42+00:00 b6817392957b8879d2f847280abd481f4cd062fe Compare by the VALUE value instead of ID. Calling SYM2ID() on a dynamic symbol will pin a permanent ID. These methods only accept known static symbols, and passing anything else is an incorrect usage that results in an exception. Nonetheless, avoiding SYM2ID() seems to be a good idea since there is no runtime cost. https://github.com/ruby/openssl/commit/0d66296cdc 
Compare by the VALUE value instead of ID. Calling SYM2ID() on a dynamic
symbol will pin a permanent ID.

These methods only accept known static symbols, and passing anything
else is an incorrect usage that results in an exception. Nonetheless,
avoiding SYM2ID() seems to be a good idea since there is no runtime
cost.

https://github.com/ruby/openssl/commit/0d66296cdc
[ruby/openssl] mark `initialize_copy` as :nodoc: 2025-03-12T16:03:47+00:00 Sarun Rattanasiri midnight_w@gmx.tw 2025-03-08T14:43:11+00:00 9ec8dc9c6504e62c6a3ff6b111cee53f67d5508c https://github.com/ruby/openssl/commit/17f87d2cf0 
https://github.com/ruby/openssl/commit/17f87d2cf0