| Age | Commit message (Collapse) | Author |
|---|
|
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
tmp_dh_callback Ruby code and set it as a default in `initialize`.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_512_GEN):
move this constant to Ruby.
* ext/openssl/ossl_pkey_dh.c (static unsigned char DEFAULT_DH_1024_GEN):
ditto
* ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): ditto
* ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): ditto
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): tmp_dh_callback should
always be set, so we can remove this conditional
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl: make wrapper objects before allocating structs to
get rid of potential memory leaks.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50673 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[fix GH-876][ci skip] Patch by @davydovanton
* lib/net/https.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey.c (ossl_evp_pkey_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33634 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
t = Thread.new { print "."; sleep 0.1 }
key = OpenSSL::PKey::RSA.new(2048)
#=> Thread t works in parallel with public key generation if
OS/machine allows it.
This works with OpenSSL >= 0.9.8. From this version, it has new
public key generation function which allows us to interrupt the
execution while pkey generation iterations.
* ext/openssl/extconf.rb: Check existence of OpenSSL's new public key
generation function. (DH_generate_parameters_ex,
DSA_generate_parameters_ex and RSA_generate_key_ex.
* ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2,
ossl_generate_cb_stop): Added new callback function for OpenSSL pkey
generation which handles Thread interruption by Ruby.
ossl_generate_cb_stop is the unblock function(ubf) for Ruby which
sets a stop flag. New pkey generation callback ossl_generate_cb_2
checks the stop flag at each iterations of OpenSSL and interrupts
pkey generation when the flag is set.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call
rb_thread_blocking_region with the above unblock function to release
GVL while pkey generation.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): ditto.
* test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_digest.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey.h
* test/openssl/pkey/test_pkey_rsa.rb
Reverted premature commit. Sorry for the noise!
Previous revision: 31555
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* NEWS: Describe altered behaviour for RSA and DSA public key
encoding. [Ruby 1.9 - Bug #4421, Bug #4422]
[ruby-core:35327,35328]
Previous revision: 31553
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31046 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
environment variables. based on a patch from funny-falcon at
https://gist.github.com/856296, but honors safe level.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31044 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/ossl_{pkey,pkey_ec}.[ch]: Add elliptic curves.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12139 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_hmac.c Add reset method.
* ext/openssl/ossl_cipher.c (Cipher#update) Take additional buffer argument.
* ext/openssl/{ossl_bio.c,ossl_ssl.c,ruby_missing.h} compatibility with 1.8.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12133 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
an instance variable "private" is added to OpenSSL::PKey class.
this ivar is a flag that shows whether there is a private key
in the instance.
* ext/openssl/ossl_engine.c: (ossl_engine_load_privkey): set private
key flag.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
- SSLContext#client_cert_cb is a Proc. it is called when a client
certificate is requested by a server and no certificate was yet
set for the SSLContext. it must return an Array which includes
OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.
- SSLContext#tmp_dh_callback is called in key exchange with DH
algorithm. it must return an OpenSSL::PKey::DH object.
* ext/openssl/ossl_ssl.c:
(ossl_sslctx_set_ciphers): ignore the argument if it's nil.
(ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0.
[ruby-dev:25831]
* ext/openssl/ossl_pkey.c
(GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
(DupPrivPKeyPtr): new function.
* ext/openssl/ossl_pkey_dh.c: add default DH parameters.
* ext/openssl/ossl_pkey.h: ditto.
* ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4552 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4128 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
