path: root/ext/openssl/ossl_rand.c
AgeCommit message (Collapse)Author
2020-03-10openssl: sync with upstream repositoryKazuki Yamaguchi
Import current master (2c43241dc0ed) of ruby/openssl.git. Below are the commits that were made since the last batch at commit b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of them have been applied already. ---------------------------------------------------------------- Benoit Daloze (1): Remove redundant and ignored workflow file DBL-Lee (1): add support for SHA512_256/SHA512_224 Hiroshi SHIBATA (2): Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms Fixed inconsistency directory structure with ruby/ruby repo Jeremy Evans (2): Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock Remove taint support Kazuki Yamaguchi (26): config: support .include directive random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes extconf.rb: get rid of -Werror=deprecated-declarations test/openssl/test_ssl: skip test_fallback_scsv if necessary ts: simplify OpenSSL::Timestamp::Request#algorithm add missing references to GitHub issues config: deprecate OpenSSL::Config#add_value and #[]= test/openssl/test_ssl: remove sleep from test_finished_messages test/openssl/test_ssl: fix random failure in test test/openssl/test_ssl: avoid explicitly-sized private keys test/openssl/test_ssl: remove commented-out test case test/openssl/test_ssl: allow kRSA tests to fail ssl: avoid declarations after statements engine: revert OpenSSL::Engine.load changes for cloudhsm engine: remove really outdated static engines engine: do not check for ENGINE_load_builtin_engines() engine: fix guards for 'dynamic' and 'cryptodev' engines lib/openssl.rb: require openssl/version.rb x509: add error code and verify flags constants ssl: set verify error code in the case of verify_hostname failure .github/workflows: merge CI jobs into a single workflow .github/workflows: test against different OpenSSL versions .travis.yml: fully migrate to GitHub Actions ssl: suppress test failure with SSLContext#add_certificate_chain_file ssl: remove test case test_puts_meta from test_pair Revert "Use version.rb in gemspec" MSP-Greg (2): .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2 Use version.rb in gemspec Samuel Williams (1): Restore compatibility with older versions of Ruby. Yusuke Endoh (1): Make OpenSSL::OSSL#test_memcmp_timing robust
2019-11-18[ruby/openssl] Remove taint supportJeremy Evans
Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions. Notes: Merged:
2019-11-18Deprecate taint/trust and related methods, and make the methods no-opsJeremy Evans
This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby. Notes: Merged:
2019-11-18Warn on access/modify of $SAFE, and remove effects of modifying $SAFEJeremy Evans
This removes the security features added by $SAFE = 1, and warns for access or modification of $SAFE from Ruby-level, as well as warning when calling all public C functions related to $SAFE. This modifies some internal functions that took a safe level argument to no longer take the argument. rb_require_safe now warns, rb_require_string has been added as a version that takes a VALUE and does not warn. One public C function that still takes a safe level argument and that this doesn't warn for is rb_eval_cmd. We may want to consider adding an alternative method that does not take a safe level argument, and warn for rb_eval_cmd. Notes: Merged:
2017-09-03openssl: import v2.1.0.beta1rhe
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5 (imported by r59567) can be found at: ---------------------------------------------------------------- Antonio Terceiro (1): test/test_ssl: explicitly accept TLS 1.1 in corresponding test Colby Swandale (1): document using secure protocol to fetch git master in Bundler Colton Jenkins (1): Add fips_mode_get to return fips_mode Kazuki Yamaguchi (85): Start preparing for 2.1.0 Remove support for OpenSSL 0.9.8 and 1.0.0 bn: refine tests bn: implement unary {plus,minus} operators for OpenSSL::BN bn: implement OpenSSL::BN#negative? Don't define main() when built with --enable-debug test: let OpenSSL::TestCase include OpenSSL::TestUtils test: prepare test PKey instances on demand Add OpenSSL.print_mem_leaks Enable OSSL_MDEBUG on CI builds ssl: move default DH parameters from OpenSSL::PKey::DH Make exceptions with the same format regardless of OpenSSL.debug ssl: show reason of 'certificate verify error' in exception message ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384 ssl: do not confuse different ex_data index registries ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object Fix RDoc markup ssl: suppress compiler warning ext/openssl/deprecation.rb: remove broken-apple-openssl extconf.rb: print informative message if OpenSSL can't be found Rakefile: compile the extension before test kdf: introduce OpenSSL::KDF module ossl.h: add NUM2UINT64T() macro kdf: add scrypt Expand rb_define_copy_func() macro Expand FPTR_TO_FD() macro Remove SafeGet*() macros cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname() digest: rename GetDigestPtr() to ossl_evp_get_digestbyname() Add ossl_str_new(), an exception-safe rb_str_new() bio: simplify ossl_membio2str() using ossl_str_new() Remove unused functions and macros Drop support for LibreSSL 2.3 ocsp: add OpenSSL::OCSP::Request#signed? asn1: infinite length -> indefinite length asn1: rearrange tests ssl: remove a needless NULL check in SSL::SSLContext#ciphers ssl: return nil in SSL::SSLSocket#cipher if session is not started asn1: remove an unnecessary function prototype asn1: require tag information when instantiating generic type asn1: initialize 'unused_bits' attribute of BitString with 0 asn1: check for illegal 'unused_bits' value of BitString asn1: disallow NULL to be passed to asn1time_to_time() asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid asn1: allow constructed encoding with definite length form asn1: prohibit indefinite length form for primitive encoding asn1: allow tag number to be >= 32 for universal tag class asn1: use ossl_asn1_tag() asn1: clean up OpenSSL::ASN1::Constructive#to_der asn1: harmonize OpenSSL::ASN1::*#to_der asn1: prevent EOC octets from being in the middle of the content asn1: do not treat EOC octets as part of content octets x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry ssl: do not call session_remove_cb during GC Backport "Merge branch 'topic/test-memory-leak'" to maint cipher: update the documentation for Cipher#auth_tag= Rakefile: let sync:to_ruby know about test/openssl/fixtures test: fix formatting test/utils: remove OpenSSL::TestUtils.silent test/utils: add SSLTestCase#tls12_supported? test/utils: have start_server yield only the port number test/utils: do not set ecdh_curves in start_server test/utils: let server_loop close socket test/utils: improve error handling in start_server test/utils: add OpenSSL::TestUtils.openssl? and .libressl? test/utils: do not use DSA certificates in SSL tests test/test_ssl: remove test_invalid_shutdown_by_gc test/test_ssl: move test_multibyte_read_write to test_pair test/test_ssl_session: rearrange tests test/test_pair, test/test_ssl: fix for TLS 1.3 ssl: remove useless call to rb_thread_wait_fd() ssl: fix NPN support ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private ssl: use 2048-bit group in the default tmp_dh_cb ssl: ensure that SSL option flags are non-negative ssl: update OpenSSL::SSL::OP_* flags ssl: prefer TLS_method() over SSLv23_method() ssl: add SSLContext#min_version= and #max_version= ssl: rework SSLContext#ssl_version= test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: add OpenSSL::X509::Name#to_utf8 x509name: add OpenSSL::X509::Name#inspect x509name: update regexp in OpenSSL::X509::Name.parse Ruby/OpenSSL 2.1.0.beta1 Marcus Stollsteimer (1): Fix rdoc for core Integer class nobu (4): [DOC] {read,write}_nonblock with exception: false [DOC] keyword argument _exception_ [DOC] mark up literals Revert r57690 except for read_nonblock git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29import Ruby/OpenSSL 2.0.0.beta.1rhe
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: [Feature #9612] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05openssl: check existence of RAND_pseudo_bytes()rhe
* ext/openssl/extconf.rb: Check if RAND_pseudo_bytes() is usable. It is marked as deprecated in OpenSSL 1.1.0. [ruby-core:75225] [Feature #12324] * ext/openssl/ossl_rand.c: Disable Random.pseudo_bytes if RAND_pseudo_bytes() is unavailable. * test/openssl/test_random.rb: Don't test Random.pseudo_bytes if not defined. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-23openssl: use StringValueCStr() where NUL-terminated string is expectedrhe
* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c, ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use StringValueCStr() where NUL-terminated string is expected. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-23openssl: fix incorrect return value check of RAND_* functionsrhe
* ext/openssl/ossl_rand.c (ossl_rand_egd, ossl_rand_egd_bytes): RAND_egd{_bytes,}() return -1 on failure, not 0. Patch by cremno phobia <> [ruby-core:63795] [Bug #10053] (ossl_pseudo_bytes): Similar, RAND_pseudo_bytes() may return 0 or -1 on failure. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-11-30* ext/openssl/ossl_rand.c (ossl_rand_bytes): RAND_bytes couldkosaki
be return -1 as an error. Therefore, added error handling. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-09-22* ext/openssl/*: Remove svn commit id macros to make sync easierzzak
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-04-20* ext/openssl/*: use license instead of licence.hsbt
[fix GH-876][ci skip] Patch by @davydovanton * lib/net/https.rb: ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-02-12openssl: check RAND_edg to support libresslnobu
* ext/openssl/extconf.rb: check RAND_edg to support libressl. * ext/openssl/ossl_rand.c (ossl_rand_egd): define only if RAND_edg is available. [Fix GH-829] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-10-04* ext/openssl/ossl_rand.c: [DOC] Add call signature for pseudo_byteszzak
and random_bytes, wrap lines at 80 chars, and remove useless comments. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-10-03* ext/openssl/ossl_rand.c: [DOC] Add rdoc for method descriptionszzak
By @vipulnsward [Fixes GH-657] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-10-03* ext/openssl/ossl_rand.c: Use rb_define_module_function instead ofzzak
macro. [Fixes GH-686] git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-09-30protoize no-arguments functionsnobu
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-03-24* ext/openssl/ossl.c: surpress warning: shorten-64-to-32.naruse
* ext/openssl/ossl.h: ditto. * ext/openssl/ossl_asn1.c: ditto. * ext/openssl/ossl_bio.c: ditto. * ext/openssl/ossl_bn.c: ditto. * ext/openssl/ossl_cipher.c: ditto. * ext/openssl/ossl_hmac.c: ditto. * ext/openssl/ossl_ns_spki.c: ditto. * ext/openssl/ossl_ocsp.c: ditto. * ext/openssl/ossl_pkcs5.c: ditto. * ext/openssl/ossl_pkey.c: ditto. * ext/openssl/ossl_pkey_dh.c: ditto. * ext/openssl/ossl_pkey_dsa.c: ditto. * ext/openssl/ossl_pkey_ec.c: ditto. * ext/openssl/ossl_pkey_rsa.c: ditto. * ext/openssl/ossl_rand.c: ditto. * ext/openssl/ossl_ssl.c: ditto. * ext/openssl/ossl_x509ext.c: ditto. * ext/openssl/ossl_x509name.c: ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-03-24* ext/openssl/ossl_rand.c (ossl_rand_egd_bytes): use NUM2INT becausenaruse
the result is used with functions whose argument is int. * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): ditto. * ext/openssl/ossl_x509store.c (ossl_x509store_set_purpose): ditto. * ext/openssl/ossl_x509store.c (ossl_x509store_set_trust): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_set_purpose): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_set_trust): ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-03-08* ext/openssl/ossl_rand.c: parenthesize macro arguments.akr
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-12-06Add toplevel documentation for OpenSSLdrbrain
Add additional documentation for OpenSSL::SSL::SSLContext and OpenSSL::SSL::SSLSocket. Move "let rdoc know about mOSSL" comments so they don't show up in output. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-04-22* ext/**/*.[ch]: removed trailing spaces.nobu
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-07-22* ext/openssl: suppress warnings.nobu
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-05-29* ext/openssl/ossl_bn.c (ossl_bn_s_rand, ossl_bn_s_pseudo_rand):knu
Int should be enough here. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2008-05-29* ext/openssl/ossl_bn.c (ossl_bn_s_rand, ossl_bn_s_pseudo_rand),knu
ext/openssl/ossl_pkey_dh.c (ossl_dh_s_generate) (ossl_dh_initialize), ext/openssl/ossl_pkey_dsa.c (ossl_dsa_s_generate), ext/openssl/ossl_rand.c (ossl_rand_bytes) (ossl_rand_pseudo_bytes, ossl_rand_egd_bytes), ext/openssl/ossl_x509store.c (ossl_x509stctx_set_error): Do not use FIX2INT() without checking the value type. Use NUM2INT() instead; found by akr in [ruby-dev:34890]. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-12-25* ext/openssl/ossl_ssl.c: Only show a warning if the default technorama
DH callback is actually used. * ext/openssl/ossl_rand.c: New method: random_add(). git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-06-18* ext/openssl/{extconf.rb,ossl_ssl_session.c}:technorama
Fix ruby-Bugs-11513. * ext/openssl/ossl_pkey_ec.c New methods EC::Point.[eql,make_affine!,invert!,on_curve?,infinity?] By default output the same key form as the openssl command. * ext/openssl/ossl_rand.c New method Random.status? * test/openssl/test_ec.rb New tests. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-03-29* ext/openssl/ossl_{bn,cipher,digest,hmac,rand,pkey_{dh,dsa,rsa}}.c: Add ↵technorama
Documentation for various methods. * ext/openssl/lib/openssl/cipher.rb: Ditto * ext/openssl/ossl_bn.c: add lshift! and rshift! methods. * ext/openssl/ossl_digest.c: GetDigestPtr() also accept a string. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2007-03-12* ext/openssl/ossl_asn1.c (Init_ossl_asn1): Let rdoc know aboutknu
externally defined modules; submitted by Technorama Ltd. <oss-ruby AT> in [ruby-bugs:PR#4704]. * ext/openssl/ossl_bn.c (Init_ossl_bn): Ditto. * ext/openssl/ossl_cipher.c (Init_ossl_cipher): Ditto. * ext/openssl/ossl_digest.c (Init_ossl_digest): Ditto. * ext/openssl/ossl_hmac.c (Init_ossl_hmac): Ditto. * ext/openssl/ossl_pkey.c (Init_ossl_pkey): Ditto. * ext/openssl/ossl_pkey_dh.c (Init_ossl_dh): Ditto. * ext/openssl/ossl_pkey_dsa.c (Init_ossl_dsa): Ditto. * ext/openssl/ossl_pkey_rsa.c (Init_ossl_rsa): Ditto. * ext/openssl/ossl_rand.c (Init_ossl_rand): Ditto. * ext/openssl/ossl_ssl.c (Init_ossl_ssl): Ditto. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-08-31* ruby.h (struct RString): embed small strings.matz
(RSTRING_LEN): defined for accessing string members. (RSTRING_PTR): ditto. * string.c: use RSTRING_LEN and RSTRING_PTR. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2003-09-17* ext/openssl: all files are reviewed to simplify and avoid memory leak.gotoyuzo
* ext/openssl/extconf.rb: add check for assert.h. * ext/openssl/ossl.c (ossl_buf2str): new function to convert C buffer to String and free buffer. * ext/openssl/ossl.c (ossl_x509_ary2sk): new function to convert Array of OpenSSL::X509 to STACK_OF(X509) with exception safe. * ext/openssl/ossl.c (ossl_to_der, ossl_to_der_if_possible): new functions to convert object to DER string. * ext/openssl/ossl.h: ditto. * ext/openssl/ossl_bio.c (ossl_membio2str): new function to convert BIO to String object and free BIO. * ext/openssl/ossl_bio.h: ditto. * ext/openssl/ossl_pkcs7.c (ossl_pkcs7_to_der): add for "to_der". * ext/openssl/ossl_x509name.c (ossl_x509name_to_der): ditto. * ext/openssl/ossl_x509ext.c (ossl_x509ext_to_der): ditto. * ext/openssl/ossl_x509ext.c (create_ext_from_array): removed and reimplement in openssl/x509.rb. * ext/openssl/ossl_x509attr.c: reimplemented and disable some method temporarily. this class doesn't work fine without ASN.1 data support;-) I'll rewrite in near future. * ext/openssl/lib/openssl/x509.c (X509::Attribute): get rid off unused code. * ext/openssl/lib/openssl/x509.c (X509::ExtensionFactory): refine all. git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2003-07-23* ext/openssl: imported.gotoyuzo
git-svn-id: svn+ssh:// b2dd03c8-39d4-4d8f-98ff-823fe69b080e