path: root/ext/openssl
AgeCommit message (Collapse)Author
4 days[ruby/openssl] bn: expand BIGNUM_RAND and BIGNUM_RAND_RANGE macrosKazuki Yamaguchi
Now that BN.pseudo_rand{,_range} are alias, those macros are only used once. Let's expand the macros for better readability.
4 days[ruby/openssl] bn: make BN.pseudo_rand{,_range} an alias of BN.rand{,_range}Kazuki Yamaguchi
BN_pseudo_rand() and BN_pseudo_rand_range() are deprecated in OpenSSL 3.0. Since they are identical to their non-'pseudo' version anyway, let's make them alias.
4 days[ruby/openssl] pkey, ssl: use EVP_PKEY_eq() instead of EVP_PKEY_cmp()Kazuki Yamaguchi
OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a confusing name.
4 days[ruby/openssl] pkey/ec: use EC_GROUP_free() instead of EC_GROUP_clear_free()Kazuki Yamaguchi
EC_GROUP_clear_free() is deprecated in OpenSSL 3.0. EC_GROUP does not include any sensitive data, so we can safely use EC_GROUP_free() instead.
4 days[ruby/openssl] pkey/ec: deprecate PKey::EC::Point#make_affine! and make it a ↵Kazuki Yamaguchi
no-op It converts the internal representation of the point object to the affine coordinate system. However, it had no real use case because the difference in the internal representation has not been visible from Ruby/OpenSSL at all. EC_POINT_make_affine() is marked as deprecated in OpenSSL 3.0.
4 days[ruby/openssl] hmac: use EVP_MD_CTX_get_pkey_ctx() instead of ↵Kazuki Yamaguchi
EVP_MD_CTX_pkey_ctx() OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the function name. Adjust compatibility macro so that we can use the new function name for all OpenSSL 1.0.2-3.0.
4 days[ruby/openssl] digest: use EVP_MD_CTX_get0_md() instead of EVP_MD_CTX_md() ↵Kazuki Yamaguchi
if exists The function was renamed in OpenSSL 3.0 due to the change of the lifetime of EVP_MD objects. They are no longer necessarily statically allocated and can be reference-counted -- when an EVP_MD_CTX is free'd, the associated EVP_MD can also become inaccessible. Currently Ruby/OpenSSL only handles builtin algorithms, so no special handling is needed except for adapting to the rename.
4 days[ruby/openssl] bn: use BN_check_prime() in OpenSSL::BN#prime{,_fasttest}?Kazuki Yamaguchi
In OpenSSL 3.0, BN_is_prime_ex() and BN_is_prime_fasttest_ex() are deprecated in favor of BN_check_prime().
4 days[ruby/openssl] ssl: use SSL_get_rbio() to check if SSL is started or notKazuki Yamaguchi
Use SSL_get_rbio() instead of SSL_get_fd(). SSL_get_fd() internally calls SSL_get_rbio() and it's enough for our purpose. In OpenSSL 3.0, SSL_get_fd() leaves an entry in the OpenSSL error queue if BIO has not been set up yet, and we would have to clean it up.
4 days[ruby/openssl] ssl: use SSL_CTX_load_verify_{file,dir}() if availableKazuki Yamaguchi
SSL_CTX_load_verify_locations() is deprecated in OpenSSL 3.0 and replaced with those two separate functions. Use them if they exist.
4 days[ruby/openssl] ts: use TS_VERIFY_CTX_set_certs instead of ↵Kazuki Yamaguchi
TS_VERIFY_CTS_set_certs OpenSSL 3.0 fixed the typo in the function name and replaced the current 'CTS' version with a macro.
4 days[ruby/openssl] ossl.c: use ERR_get_error_all() if availableKazuki Yamaguchi
OpenSSL 3.0 deprecated ERR_get_error_line_data() in favor of ERR_get_error_all(), as part of the error queue structure changes.
4 days[ruby/openssl] ext/openssl/ossl.h: add helper macros for OpenSSL/LibreSSL ↵Kazuki Yamaguchi
versions Add following convenient macros: - OSSL_IS_LIBRESSL - OSSL_OPENSSL_PREREQ(maj, min, pat) - OSSL_LIBRESSL_PREREQ(maj, min, pat)
5 days[ruby/openssl] Raise an exception if the IO object passed to SSLSocket isn't ↵Aaron Patterson
a file SSLSocket#connect eventually calls `GetOpenFile` in order to get the underlying file descriptor for the IO object passed in on initialization. `GetOpenFile` assumes that the Ruby object passed in is a T_FILE object and just casts it to a T_FILE without any checks. If you pass an object that *isn't* a T_FILE to that function, the program will segv. Since we assume the IO object is a file in the `connect` method, this commit adds a `CheckType` in the initialize method to ensure that the IO object is actually a T_FILE. If the object *isn't* a T_FILE, this class will segv on `connect`, so I think this is a backwards compatible change.
12 days[ruby/openssl] require Ruby 2.6 or laterKazuki Yamaguchi
Drop support for Ruby 2.3, 2.4, and 2.5. As of 2021-10, Ruby 2.6 is the oldest version that still receives security fixes from the Ruby core team, so it doesn't make much sense to keep code for those ancient versions.
12 days[ruby/openssl] bump version number to 3.0.0.preKazuki Yamaguchi
12 days[ruby/openssl] Ruby/OpenSSL 2.2.1Kazuki Yamaguchi
12 days[ruby/openssl] Ruby/OpenSSL 2.1.3Kazuki Yamaguchi
12 days[ruby/openssl] ssl: avoid directly storing String object in NPN callbackKazuki Yamaguchi
On the server side, the serialized list of protocols is stored in SSL_CTX as a String object reference. We utilize a hidden instance variable to prevent it from being GC'ed, but this is not enough because it can also be relocated by GC.compact.
12 days[ruby/openssl] x509store: explicitly call rb_gc_mark() against ↵Kazuki Yamaguchi
Store/StoreContext We store the reverse reference to the Ruby object in the OpenSSL struct for use from OpenSSL callback functions. To prevent the Ruby object from being relocated by GC.compact, we must "pin" it by calling rb_gc_mark().
12 days[ruby/openssl] ssl: explicitly call rb_gc_mark() against ↵Kazuki Yamaguchi
SSLContext/SSLSocket objects We store the reverse reference to the Ruby object in the OpenSSL struct for use from OpenSSL callback functions. To prevent the Ruby object from being relocated by GC.compact, we must "pin" it by calling rb_gc_mark().
12 days[ruby/openssl] digest: load digest library using Kernel#requireKazuki Yamaguchi
The digest library is a default gem now, too. Therefore we can't simply use rb_require() to load it, but we should use Kernel#require instead. This change is based on the suggestion by David Rodríguez in
12 days[ruby/openssl] fix segv in Timestamp::{Request,Response,TokenInfo}.newNobuhiro IMAI
prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.
12 days[ruby/openssl] ts: libressl build fix warningDavid Carlier
TS_time_cb on libressl expects an long long/time_t 64 bits long instead.
12 days[ruby/openssl] ssl: temporary lock string buffer while readingKazuki Yamaguchi
Similarly to SSLSocket#syswrite, the blocking SSLSocket#sysread allows context switches. We must prevent other threads from modifying the string buffer. We can use rb_str_locktmp() and rb_str_unlocktmp() to temporarily prohibit modification of the string.
12 days[ruby/openssl] ssl: create a temporary frozen string buffer when writingKazuki Yamaguchi
Since a blocking SSLSocket#syswrite call allows context switches while waiting for the underlying socket to be ready, we must freeze the string buffer to prevent other threads from modifying it. Reference:
12 days[ruby/openssl] ssl: add SSLContext#tmp_dh=Kazuki Yamaguchi
Provide a wrapper of SSL_set0_tmp_dh_pkey()/SSL_CTX_set_tmp_dh(), which sets the DH parameters used for ephemeral DH key exchange. SSLContext#tmp_dh_callback= already exists for this purpose, as a wrapper around SSL_CTX_set_tmp_dh_callback(), but it is considered obsolete and the OpenSSL API is deprecated for future removal. There is no practical use case where an application needs to use different DH parameters nowadays. This was originally introduced to support export grade ciphers. RDoc for #tmp_dh_callback= is updated to recommend the new #tmp_dh=. Note that current versions of OpenSSL support automatic ECDHE curve selection which is enabled by default. SSLContext#tmp_dh= should only be necessary if you must allow ancient clients which don't support ECDHE.
12 days[ruby/openssl] ssl: remove private method SSLSocket#tmp_ecdh_callbackKazuki Yamaguchi
Commit ee037e146037 ("ssl: remove SSL::SSLContext#tmp_ecdh_callback", 2020-08-12) forgot to remove the method.
2021-10-05ruby tool/update-deps --fix卜部昌平
Notes: Merged:
2021-09-12[ruby/openssl] Add fallthrough commentsNobuyoshi Nakada
2021-09-12[ruby/openssl] Suppress cast-function-type warningsNobuyoshi Nakada
2021-09-12[ruby/openssl] Separate formatting from ossl_make_errorNobuyoshi Nakada
Just append OpenSSL error reason to the given message string object, which would be alreadly formatted. Suppress -Wformat-security warning in `ossl_tsfac_create_ts`.
2021-09-12[ruby/openssl] Suppress printf format warningsNobuyoshi Nakada
* Add `printf` format attribute to `ossl_raise`. * Fix a format specifier in `config_load_bio`. * Use `ASSUME` for the unreachable condition.
2021-07-18[ruby/openssl] Strip trailing spacesKazuki Yamaguchi
2021-07-18[ruby/openssl] Deprecate and rework old (fd) centric functionsSamuel Williams
[ky: fixed compatibility with older versions of Ruby] (cherry picked from commit ruby/ruby@45e65f302b663b2c6ab69df06d3b6f219c1797b2)
2021-07-18[ruby/openssl] Use rb_block_call() instead of the deprecated rb_iterate() in ↵Benoit Daloze
OpenSSL * See and
2021-07-18[ruby/openssl] Add example to OpenSSL::KDF.hkdf method ↵Yusuke Nakamura
( The values from RFC 5869
2021-07-18[ruby/openssl] use Bundler for dependency management and Rake gem tasksKazuki Yamaguchi
Back in 2016, we chose not to use Bundler in Ruby/OpenSSL development because Bundler depended on openssl and could not be used for testing openssl itself - "bundle exec rake test" would end up with loading two different versions of openssl at the same time. This has been resolved long time ago. We can now safely use it for development dependency management and for Rake tasks.
2021-07-18[ruby/openssl] Include peer socket IP address in errorsVinicius Stock
2021-07-18[ruby/openssl] Add OpenSSL::BN#set_flags and #get_flagsYusuke Endoh
Also, OpenSSL::BN::CONSTTIME is added. OpenSSL itself had a feature that was vulnerable against a side-channel attack. The OpenSSL authors determined that it was not a security issue, and they have already fixed the issue by using BN_set_flags. If a Ruby OpenSSL user was faced with a similar issue, they couldn't prevent the issue because Ruby OpenSSL lacks a wrapper to BN_set_flags. For the case, this change introduces the wrapper.
2021-07-18[ruby/openssl] pkey/dsa: refactor DSA#sys{sign,verify} with ↵Kazuki Yamaguchi
PKey#{sign,verify}_raw With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw, OpenSSL::PKey::DSA's low level signing operation methods can be implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
2021-07-18[ruby/openssl] pkey/ec: refactor EC#dsa_{sign,verify}_asn1 with ↵Kazuki Yamaguchi
PKey#{sign,verify}_raw With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw, OpenSSL::PKey::EC's low level signing operation methods can be implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
2021-07-18[ruby/openssl] pkey/rsa: port RSA#{private,public}_{encrypt,decrypt} to the ↵Kazuki Yamaguchi
EVP API Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign} family. The definitions are now in lib/openssl/pkey.rb. Also, recommend using those generic methods in the documentation.
2021-07-18[ruby/openssl] pkey: implement PKey#sign_raw, #verify_raw, and #verify_recoverKazuki Yamaguchi
Add a variant of PKey#sign and #verify that do not hash the data automatically. Sometimes the caller has the hashed data only, but not the plaintext to be signed. In that case, users would have to use the low-level API such as RSA#private_encrypt or #public_decrypt directly. OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify() which provide the same functionality as part of the EVP API. This patch adds wrappers for them.
2021-07-18[ruby/openssl] pkey: update version reference in #sign and #verify documentationKazuki Yamaguchi
The next release is decided to be 3.0 rather than 2.3.
2021-07-18[ruby/openssl] pkey: implement PKey#encrypt and #decryptKazuki Yamaguchi
Support public key encryption and decryption operations using the EVP API.
2021-07-18[ruby/openssl] pkey: remove deprecated parameter settersKazuki Yamaguchi
Remove the following methods, which have been marked as deprecated and produced a warning since version 2.0, commit 7ea72f1f5084 ("adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs", 2016-06-05). - OpenSSL::PKey::RSA#n=, #e=, #d=, #p=, #q=, #dmp1=, #dmq1=, #iqmp= - OpenSSL::PKey::DSA#p=, #q=, #g=, #priv_key=, #pub_key= - OpenSSL::PKey::DH#p=, #g=, #priv_key=, #pub_key= These methods could only work with OpenSSL 1.0.2 or older, which is now EOL.
2021-07-18[ruby/openssl] Implement `Certificate.load` to load certificate chain. ↵Samuel Williams
( * Add feature for loading the chained certificate into Certificate array. Co-authored-by: Sao I Kuan <>
2021-07-18[ruby/openssl] x509, ssl, pkcs7: try to parse as DER-encoding firstKazuki Yamaguchi
Methods that take both PEM-encoding and DER-encoding have not been consistent in the order in which encoding to attempt to parse. A DER-encoding may contain a valid PEM block ("\n-----BEGIN ..-----" to "-----END ...-----") embedded within it. Also, the PEM-encoding parser allows arbitrary data around the PEM block and silently skips it. As a result, attempting to parse data in DER-encoding as PEM-encoding first can incorrectly finds the embedded PEM block instead. This commit ensures that DER encoding will always be attempted before PEM encoding. OpenSSL::X509::Certificate is one of the updated classes. With this, the following will always be true: # obj is an OpenSSL::X509::Certificate obj == obj ==
2021-07-18[ruby/openssl] Fix some typos [ci skip]Ryuta Kamizono