| Age | Commit message (Collapse) | Author |
|---|
|
* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of
out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the
correct available length to ossl_asn1_decode() when decoding the
inner components of a constructed object. This can cause
out-of-bounds read if a crafted input given.
Reference: https://hackerone.com/reports/170316
https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59903 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing
protocol list.
The protocol list from OpenSSL is not null-terminated.
patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c (Init_openssl): register an ex_data index for
X509_STORE and X509_STORE_CTX respectively. Since they don't share
the ex_data index registry, we can't use the same index.
(ossl_verify_cb): use the the correct index.
* ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.
* ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
(ossl_x509stctx_verify): ditto.
* ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
of ossl_store_{ctx_,}ex_verify_cb_idx.
* ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
X509_STORE_get_ex_data.
* ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56727 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_ssl_write_internal):
avoid undefined behavior
* test/openssl/test_pair.rb (test_write_zero): new test
[ruby-core:76751] [Bug #12660]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_bn.c (try_convert_to_bnptr): Extracted from
GetBNPtr(). This doesn't raise exception but returns NULL on error.
(GetBNPtr): Raise TypeError if conversion fails.
(ossl_bn_eq): Implement BN#==.
(ossl_bn_eql): #eql? should not raise TypeError even if the argument
is not compatible with BN.
(ossl_bn_hash): Implement BN#hash.
* ext/openssl/ossl_bn.c (Init_ossl_bn): Define #== and #hash.
* test/openssl/test_bn.rb: Test BN#eql?, #== and #hash
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55937 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
has 'p' (the prime) before calling DH_size(). We can create a DH with
no parameter but DH_size() does not check and dereferences NULL.
[ruby-core:75720] [Bug #12428]
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
not check dsa->q.
* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55935 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: check RAND_edg to support libressl.
* ext/openssl/ossl_rand.c (ossl_rand_egd): define only if RAND_edg
is available. [Fix GH-829]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54688 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb
function rather than OPENSSL_NPN_NEGOTIATED macro. it exists
even if it is disabled by OpenSSL configuration.
[ruby-core:74384] [Bug #12182]
* ext/openssl/ossl_ssl.c: update #ifdef(s) as above.
* test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54428 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): document as MT-unsafe
[ruby-core:73803] [Bug #12069]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54332 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_ssl_read_internal):
do not process kwargs in blocking mode
* test/openssl/test_ssl.rb: test sysread
* io.c (io_getpartial): remove unused kwarg from template
* test/ruby/test_io.rb (test_readpartial_bad_args): new
[Bug #11885]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54045 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error
in ext/openssl instead of OpenSSL itself because LibreSSL
silently truncate the selected protocol name by casting the length
from int to unsigned char. [Bug #11369]
Patch by Jeremy Evans <merch-redmine@jeremyevans.net>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@52772 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey.c: Merge ruby/openssl@b9ea8ef [Bug #10735]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@52651 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 support
if the SSL library supports it. Thanks Kurt Roeckx <kurt@roeckx.be>
[Bug #11376]
* ext/openssl/extconf.rb: check for SSLv3 support in the SSL
implementation.
* test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
if there is no support.
* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab): Only add SSLv3 support
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@52649 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/ssl.rb (module OpenSSL): raise a more
helpful exception when verifying the peer connection and an
anonymous cipher has been selected. [ruby-core:68330] [Bug #10910]
Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for the patch.
* test/openssl/test_ssl.rb (class OpenSSL): test for change
* .travis.yml: update libssl before running tests.
Thanks to Chris Sinjakli <chris@sinjakli.co.uk> for figuring out the
travis settings!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@51554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_asn1.c (ossl_asn1_traverse, ossl_asn1_decode,
ossl_asn1_decode_all): use RB_GC_GUARD instead of volatile
[ruby-core:69371] [Bug #11185]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@50837 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/lib/openssl/ssl.rb: stricter hostname verification
following RFC 6125. with the patch provided by Tony Arcieri and
Hiroshi Nakamura [ruby-core:61545] [Bug #9644]
* test/openssl/test_ssl.rb: add tests for above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@50293 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_cipher.c (ossl_cipher_update_long): update huge
data gradually not to exceed INT_MAX. workaround of OpenSSL API
limitation. [ruby-core:67043] [Bug #10633]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48923 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509store.c (ossl_x509stctx_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48818 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509store.c (ossl_x509store_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48817 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509revoked.c (ossl_x509rev_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509req.c (ossl_x509req_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48815 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509name.c (ossl_x509name_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48814 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509ext.c (ossl_x509extfactory_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48813 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509ext.c (ossl_x509ext_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509crl.c (ossl_x509crl_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48811 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509cert.c (ossl_x509_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48810 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509attr.c (ossl_x509attr_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey_ec.c (ossl_ec_group_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey.c (ossl_evp_pkey_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_recip_info_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_signer_info_type): use
typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48804 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48803 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkcs12.c (ossl_pkcs12_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48802 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_ssl_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48801 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (ossl_sslctx_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48800 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_type): use
typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ocsp.c (ossl_ocsp_certid_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ocsp.c (ossl_ocsp_basicresp_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ocsp.c (ossl_ocsp_response_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ocsp.c (ossl_ocsp_request_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ns_spki.c (ossl_netscape_spki_type): use typed
data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48794 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_hmac.c (ossl_hmac_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48793 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_engine.c (ossl_engine_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48792 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_digest.c (ossl_digest_type): use typed data.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48791 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_ssl.c (GetSSLCTX): accessor macro.
* ext/openssl/ossl_ssl.h (GetSSL): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48790 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
use 0 for rb_data_type_t::reserved instead of NULL, since its type
may be changed in the future and possibly not a pointer type.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48526 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
(OpenSSL::X509::Name::RFC2253DN::StringChar): get rid of a false
positive assertion in ripper's test.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48521 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
