ruby.git/ext/openssl/ossl_rand.c, branch v4.0.4 The Ruby Programming Language [ruby/openssl] Expand tabs in C source files 2025-12-04T17:46:59+00:00 Kazuki Yamaguchi k@rhe.jp 2025-07-29T18:40:32+00:00 5062c0c621d887367af8a054e5e5d83d7ec57dd3 Since around 2018, we have been using spaces for indentation for newly added code[1]. The mixed use of tabs and spaces has repeatedly confused new contributors who configured their editors to use a different tab size than 8. Since git blame can now skip specific commits, ruby/ruby did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl. While at it, fix a few indentation issues, mainly in switch-case labels and in ossl_ssl_session.c, which used doubled indentation size. This patch contains white-space changes only. git diff -w output should be empty. [1] https://bugs.ruby-lang.org/issues/14246 [2] https://bugs.ruby-lang.org/issues/18891 https://github.com/ruby/openssl/commit/4d6214f507 
Since around 2018, we have been using spaces for indentation for newly
added code[1]. The mixed use of tabs and spaces has repeatedly confused
new contributors who configured their editors to use a different tab
size than 8. Since git blame can now skip specific commits, ruby/ruby
did a mass reformatting of tabs in 2022[2]. Do the same in ruby/openssl.

While at it, fix a few indentation issues, mainly in switch-case labels
and in ossl_ssl_session.c, which used doubled indentation size.

This patch contains white-space changes only. git diff -w output should
be empty.

[1] https://bugs.ruby-lang.org/issues/14246
[2] https://bugs.ruby-lang.org/issues/18891

https://github.com/ruby/openssl/commit/4d6214f507
[ruby/openssl] Remove dummy declarations for mOSSL and eOSSLError 2025-11-29T17:05:19+00:00 Kazuki Yamaguchi k@rhe.jp 2025-11-29T16:47:26+00:00 bae06ce22c5ab6a4a3085300274f258d55858e90 These declarations were added to every source file because older versions of RDoc did not resolve ancestor tree across files. Since RDoc 6.9.0 supports this, this workaround is no longer needed. https://redirect.github.com/ruby/rdoc/pull/1217 https://github.com/ruby/openssl/commit/6491ce63be 
These declarations were added to every source file because older
versions of RDoc did not resolve ancestor tree across files. Since
RDoc 6.9.0 supports this, this workaround is no longer needed.

    https://redirect.github.com/ruby/rdoc/pull/1217

https://github.com/ruby/openssl/commit/6491ce63be
[ruby/openssl] Require OpenSSL 1.1.1 or later 2025-01-21T18:14:14+00:00 Kazuki Yamaguchi k@rhe.jp 2025-01-20T17:08:54+00:00 43c48e3030c513c17bfcf4c37bbe533097fa1a22 Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2. Distributions that shipped with OpenSSL 1.1.0 include: - Debian 9 (EOL 2022-06) - Ubuntu 18.04 LTS (EOL 2023-04) https://github.com/ruby/openssl/commit/ba83abe920 
Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and
it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2.
Distributions that shipped with OpenSSL 1.1.0 include:

 - Debian 9 (EOL 2022-06)
 - Ubuntu 18.04 LTS (EOL 2023-04)

https://github.com/ruby/openssl/commit/ba83abe920
[ruby/openssl] Mark variables and functions as static whenever possible 2024-12-07T07:55:47+00:00 Kazuki Yamaguchi k@rhe.jp 2024-10-29T19:03:05+00:00 1df63d9451459209c00f5e8db033f18d145cc741 https://github.com/ruby/openssl/commit/85d6b7f192 
https://github.com/ruby/openssl/commit/85d6b7f192
[ruby/openssl] Fix references to the license text 2024-06-08T10:59:17+00:00 Kazuki Yamaguchi k@rhe.jp 2024-05-01T08:10:44+00:00 69c0b1438a45938e79e63407035f116de4634dcb Update the references to the file "LICENCE" with "COPYING". The file LICENCE doesn't exist in ruby/ruby nor ruby/openssl. This has been always the case since OpenSSL for Ruby 2 was merged to the ruby tree as a standard library in 2003. In OpenSSL for Ruby 2's CVS repository[1], the LICENCE file contained an old version of the Ruby License, identical to the COPYING file that was in Ruby's tree at that time (r4128[2]). [1] http://cvs.savannah.gnu.org/viewvc/rubypki/ossl2/LICENCE?revision=1.1.1.1&view=markup [2] https://github.com/ruby/ruby/blob/231247c010acba191b78ed2d1310c935e63ad919/COPYING https://github.com/ruby/openssl/commit/5bccf07d04 
Update the references to the file "LICENCE" with "COPYING".

The file LICENCE doesn't exist in ruby/ruby nor ruby/openssl. This has
been always the case since OpenSSL for Ruby 2 was merged to the ruby
tree as a standard library in 2003.

In OpenSSL for Ruby 2's CVS repository[1], the LICENCE file contained
an old version of the Ruby License, identical to the COPYING file that
was in Ruby's tree at that time (r4128[2]).

[1] http://cvs.savannah.gnu.org/viewvc/rubypki/ossl2/LICENCE?revision=1.1.1.1&view=markup
[2] https://github.com/ruby/ruby/blob/231247c010acba191b78ed2d1310c935e63ad919/COPYING

https://github.com/ruby/openssl/commit/5bccf07d04
openssl: sync with upstream repository 2020-03-10T08:41:01+00:00 Kazuki Yamaguchi k@rhe.jp 2020-03-09T09:26:19+00:00 e4a26cd4f8e74e5d29de10a3a0ce5829829301b0 Import current master (2c43241dc0ed) of ruby/openssl.git. Below are the commits that were made since the last batch at commit b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of them have been applied already. ---------------------------------------------------------------- Benoit Daloze (1): Remove redundant and ignored workflow file DBL-Lee (1): add support for SHA512_256/SHA512_224 Hiroshi SHIBATA (2): Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms Fixed inconsistency directory structure with ruby/ruby repo Jeremy Evans (2): Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock Remove taint support Kazuki Yamaguchi (26): config: support .include directive random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes extconf.rb: get rid of -Werror=deprecated-declarations test/openssl/test_ssl: skip test_fallback_scsv if necessary ts: simplify OpenSSL::Timestamp::Request#algorithm History.md: add missing references to GitHub issues config: deprecate OpenSSL::Config#add_value and #[]= test/openssl/test_ssl: remove sleep from test_finished_messages test/openssl/test_ssl: fix random failure in SSLSocket.open test test/openssl/test_ssl: avoid explicitly-sized private keys test/openssl/test_ssl: remove commented-out test case test/openssl/test_ssl: allow kRSA tests to fail ssl: avoid declarations after statements engine: revert OpenSSL::Engine.load changes for cloudhsm engine: remove really outdated static engines engine: do not check for ENGINE_load_builtin_engines() engine: fix guards for 'dynamic' and 'cryptodev' engines lib/openssl.rb: require openssl/version.rb x509: add error code and verify flags constants ssl: set verify error code in the case of verify_hostname failure .github/workflows: merge CI jobs into a single workflow .github/workflows: test against different OpenSSL versions .travis.yml: fully migrate to GitHub Actions ssl: suppress test failure with SSLContext#add_certificate_chain_file ssl: remove test case test_puts_meta from test_pair Revert "Use version.rb in gemspec" MSP-Greg (2): .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2 Use version.rb in gemspec Samuel Williams (1): Restore compatibility with older versions of Ruby. Yusuke Endoh (1): Make OpenSSL::OSSL#test_memcmp_timing robust 
Import current master (2c43241dc0ed) of ruby/openssl.git.

Below are the commits that were made since the last batch at commit
b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of
them have been applied already.

----------------------------------------------------------------
Benoit Daloze (1):
      Remove redundant and ignored workflow file

DBL-Lee (1):
      add support for SHA512_256/SHA512_224

Hiroshi SHIBATA (2):
      Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms
      Fixed inconsistency directory structure with ruby/ruby repo

Jeremy Evans (2):
      Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock
      Remove taint support

Kazuki Yamaguchi (26):
      config: support .include directive
      random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes
      extconf.rb: get rid of -Werror=deprecated-declarations
      test/openssl/test_ssl: skip test_fallback_scsv if necessary
      ts: simplify OpenSSL::Timestamp::Request#algorithm
      History.md: add missing references to GitHub issues
      config: deprecate OpenSSL::Config#add_value and #[]=
      test/openssl/test_ssl: remove sleep from test_finished_messages
      test/openssl/test_ssl: fix random failure in SSLSocket.open test
      test/openssl/test_ssl: avoid explicitly-sized private keys
      test/openssl/test_ssl: remove commented-out test case
      test/openssl/test_ssl: allow kRSA tests to fail
      ssl: avoid declarations after statements
      engine: revert OpenSSL::Engine.load changes for cloudhsm
      engine: remove really outdated static engines
      engine: do not check for ENGINE_load_builtin_engines()
      engine: fix guards for 'dynamic' and 'cryptodev' engines
      lib/openssl.rb: require openssl/version.rb
      x509: add error code and verify flags constants
      ssl: set verify error code in the case of verify_hostname failure
      .github/workflows: merge CI jobs into a single workflow
      .github/workflows: test against different OpenSSL versions
      .travis.yml: fully migrate to GitHub Actions
      ssl: suppress test failure with SSLContext#add_certificate_chain_file
      ssl: remove test case test_puts_meta from test_pair
      Revert "Use version.rb in gemspec"

MSP-Greg (2):
      .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2
      Use version.rb in gemspec

Samuel Williams (1):
      Restore compatibility with older versions of Ruby.

Yusuke Endoh (1):
      Make OpenSSL::OSSL#test_memcmp_timing robust
[ruby/openssl] Remove taint support 2019-11-17T23:00:25+00:00 Jeremy Evans code@jeremyevans.net 2019-10-18T19:28:44+00:00 afbd8f384a54b934debe6e48cfc299fb2c7669e9 Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions. 
Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.
Deprecate taint/trust and related methods, and make the methods no-ops 2019-11-17T23:00:25+00:00 Jeremy Evans code@jeremyevans.net 2019-09-25T03:59:12+00:00 ffd0820ab317542f8780aac475da590a4bdbc7a8 This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby. 
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
Warn on access/modify of $SAFE, and remove effects of modifying $SAFE 2019-11-17T23:00:25+00:00 Jeremy Evans code@jeremyevans.net 2019-09-21T02:06:22+00:00 c5c05460ac20abcbc0ed686eb4acf06da7a39a79 This removes the security features added by $SAFE = 1, and warns for access or modification of $SAFE from Ruby-level, as well as warning when calling all public C functions related to $SAFE. This modifies some internal functions that took a safe level argument to no longer take the argument. rb_require_safe now warns, rb_require_string has been added as a version that takes a VALUE and does not warn. One public C function that still takes a safe level argument and that this doesn't warn for is rb_eval_cmd. We may want to consider adding an alternative method that does not take a safe level argument, and warn for rb_eval_cmd. 
This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.

This modifies some internal functions that took a safe level argument
to no longer take the argument.

rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.

One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd.  We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.
openssl: import v2.1.0.beta1 2017-09-03T12:35:27+00:00 rhe rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-09-03T12:35:27+00:00 609103dbb5fb182eec12f052226c43e39b907682 Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5 (imported by r59567) can be found at: https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1 ---------------------------------------------------------------- Antonio Terceiro (1): test/test_ssl: explicitly accept TLS 1.1 in corresponding test Colby Swandale (1): document using secure protocol to fetch git master in Bundler Colton Jenkins (1): Add fips_mode_get to return fips_mode Kazuki Yamaguchi (85): Start preparing for 2.1.0 Remove support for OpenSSL 0.9.8 and 1.0.0 bn: refine tests bn: implement unary {plus,minus} operators for OpenSSL::BN bn: implement OpenSSL::BN#negative? Don't define main() when built with --enable-debug test: let OpenSSL::TestCase include OpenSSL::TestUtils test: prepare test PKey instances on demand Add OpenSSL.print_mem_leaks Enable OSSL_MDEBUG on CI builds ssl: move default DH parameters from OpenSSL::PKey::DH Make exceptions with the same format regardless of OpenSSL.debug ssl: show reason of 'certificate verify error' in exception message ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384 ssl: do not confuse different ex_data index registries ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object Fix RDoc markup ssl: suppress compiler warning ext/openssl/deprecation.rb: remove broken-apple-openssl extconf.rb: print informative message if OpenSSL can't be found Rakefile: compile the extension before test kdf: introduce OpenSSL::KDF module ossl.h: add NUM2UINT64T() macro kdf: add scrypt Expand rb_define_copy_func() macro Expand FPTR_TO_FD() macro Remove SafeGet*() macros cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname() digest: rename GetDigestPtr() to ossl_evp_get_digestbyname() Add ossl_str_new(), an exception-safe rb_str_new() bio: simplify ossl_membio2str() using ossl_str_new() Remove unused functions and macros Drop support for LibreSSL 2.3 ocsp: add OpenSSL::OCSP::Request#signed? asn1: infinite length -> indefinite length asn1: rearrange tests ssl: remove a needless NULL check in SSL::SSLContext#ciphers ssl: return nil in SSL::SSLSocket#cipher if session is not started asn1: remove an unnecessary function prototype asn1: require tag information when instantiating generic type asn1: initialize 'unused_bits' attribute of BitString with 0 asn1: check for illegal 'unused_bits' value of BitString asn1: disallow NULL to be passed to asn1time_to_time() asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid asn1: allow constructed encoding with definite length form asn1: prohibit indefinite length form for primitive encoding asn1: allow tag number to be >= 32 for universal tag class asn1: use ossl_asn1_tag() asn1: clean up OpenSSL::ASN1::Constructive#to_der asn1: harmonize OpenSSL::ASN1::*#to_der asn1: prevent EOC octets from being in the middle of the content asn1: do not treat EOC octets as part of content octets x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry ssl: do not call session_remove_cb during GC Backport "Merge branch 'topic/test-memory-leak'" to maint cipher: update the documentation for Cipher#auth_tag= Rakefile: let sync:to_ruby know about test/openssl/fixtures test: fix formatting test/utils: remove OpenSSL::TestUtils.silent test/utils: add SSLTestCase#tls12_supported? test/utils: have start_server yield only the port number test/utils: do not set ecdh_curves in start_server test/utils: let server_loop close socket test/utils: improve error handling in start_server test/utils: add OpenSSL::TestUtils.openssl? and .libressl? test/utils: do not use DSA certificates in SSL tests test/test_ssl: remove test_invalid_shutdown_by_gc test/test_ssl: move test_multibyte_read_write to test_pair test/test_ssl_session: rearrange tests test/test_pair, test/test_ssl: fix for TLS 1.3 ssl: remove useless call to rb_thread_wait_fd() ssl: fix NPN support ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private ssl: use 2048-bit group in the default tmp_dh_cb ssl: ensure that SSL option flags are non-negative ssl: update OpenSSL::SSL::OP_* flags ssl: prefer TLS_method() over SSLv23_method() ssl: add SSLContext#min_version= and #max_version= ssl: rework SSLContext#ssl_version= test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: add OpenSSL::X509::Name#to_utf8 x509name: add OpenSSL::X509::Name#inspect x509name: update regexp in OpenSSL::X509::Name.parse Ruby/OpenSSL 2.1.0.beta1 Marcus Stollsteimer (1): Fix rdoc for core Integer class nobu (4): [DOC] {read,write}_nonblock with exception: false [DOC] keyword argument _exception_ [DOC] mark up literals Revert r57690 except for read_nonblock git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5
(imported by r59567) can be found at:

	https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1

----------------------------------------------------------------
Antonio Terceiro (1):
      test/test_ssl: explicitly accept TLS 1.1 in corresponding test

Colby Swandale (1):
      document using secure protocol to fetch git master in Bundler

Colton Jenkins (1):
      Add fips_mode_get to return fips_mode

Kazuki Yamaguchi (85):
      Start preparing for 2.1.0
      Remove support for OpenSSL 0.9.8 and 1.0.0
      bn: refine tests
      bn: implement unary {plus,minus} operators for OpenSSL::BN
      bn: implement OpenSSL::BN#negative?
      Don't define main() when built with --enable-debug
      test: let OpenSSL::TestCase include OpenSSL::TestUtils
      test: prepare test PKey instances on demand
      Add OpenSSL.print_mem_leaks
      Enable OSSL_MDEBUG on CI builds
      ssl: move default DH parameters from OpenSSL::PKey::DH
      Make exceptions with the same format regardless of OpenSSL.debug
      ssl: show reason of 'certificate verify error' in exception message
      ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
      ssl: do not confuse different ex_data index registries
      ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
      Fix RDoc markup
      ssl: suppress compiler warning
      ext/openssl/deprecation.rb: remove broken-apple-openssl
      extconf.rb: print informative message if OpenSSL can't be found
      Rakefile: compile the extension before test
      kdf: introduce OpenSSL::KDF module
      ossl.h: add NUM2UINT64T() macro
      kdf: add scrypt
      Expand rb_define_copy_func() macro
      Expand FPTR_TO_FD() macro
      Remove SafeGet*() macros
      cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()
      digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()
      Add ossl_str_new(), an exception-safe rb_str_new()
      bio: simplify ossl_membio2str() using ossl_str_new()
      Remove unused functions and macros
      Drop support for LibreSSL 2.3
      ocsp: add OpenSSL::OCSP::Request#signed?
      asn1: infinite length -> indefinite length
      asn1: rearrange tests
      ssl: remove a needless NULL check in SSL::SSLContext#ciphers
      ssl: return nil in SSL::SSLSocket#cipher if session is not started
      asn1: remove an unnecessary function prototype
      asn1: require tag information when instantiating generic type
      asn1: initialize 'unused_bits' attribute of BitString with 0
      asn1: check for illegal 'unused_bits' value of BitString
      asn1: disallow NULL to be passed to asn1time_to_time()
      asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
      asn1: allow constructed encoding with definite length form
      asn1: prohibit indefinite length form for primitive encoding
      asn1: allow tag number to be >= 32 for universal tag class
      asn1: use ossl_asn1_tag()
      asn1: clean up OpenSSL::ASN1::Constructive#to_der
      asn1: harmonize OpenSSL::ASN1::*#to_der
      asn1: prevent EOC octets from being in the middle of the content
      asn1: do not treat EOC octets as part of content octets
      x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry
      ssl: do not call session_remove_cb during GC
      Backport "Merge branch 'topic/test-memory-leak'" to maint
      cipher: update the documentation for Cipher#auth_tag=
      Rakefile: let sync:to_ruby know about test/openssl/fixtures
      test: fix formatting
      test/utils: remove OpenSSL::TestUtils.silent
      test/utils: add SSLTestCase#tls12_supported?
      test/utils: have start_server yield only the port number
      test/utils: do not set ecdh_curves in start_server
      test/utils: let server_loop close socket
      test/utils: improve error handling in start_server
      test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
      test/utils: do not use DSA certificates in SSL tests
      test/test_ssl: remove test_invalid_shutdown_by_gc
      test/test_ssl: move test_multibyte_read_write to test_pair
      test/test_ssl_session: rearrange tests
      test/test_pair, test/test_ssl: fix for TLS 1.3
      ssl: remove useless call to rb_thread_wait_fd()
      ssl: fix NPN support
      ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private
      ssl: use 2048-bit group in the default tmp_dh_cb
      ssl: ensure that SSL option flags are non-negative
      ssl: update OpenSSL::SSL::OP_* flags
      ssl: prefer TLS_method() over SSLv23_method()
      ssl: add SSLContext#min_version= and #max_version=
      ssl: rework SSLContext#ssl_version=
      test/test_x509name: change script encoding to ASCII-8BIT
      x509name: refactor OpenSSL::X509::Name#to_s
      x509name: add OpenSSL::X509::Name#to_utf8
      x509name: add OpenSSL::X509::Name#inspect
      x509name: update regexp in OpenSSL::X509::Name.parse
      Ruby/OpenSSL 2.1.0.beta1

Marcus Stollsteimer (1):
      Fix rdoc for core Integer class

nobu (4):
      [DOC] {read,write}_nonblock with exception: false
      [DOC] keyword argument _exception_
      [DOC] mark up literals
      Revert r57690 except for read_nonblock

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e