| Age | Commit message (Collapse) | Author |
|---|
|
When compiled with OpenSSL <= 1.1.1, OpenSSL::SSL::SSLContext#setup
does not raise an exception on an error return from
SSL_CTX_load_verify_locations(), but instead only prints a verbose-mode
warning. This is not helpful since it very likely indicates an actual
error, such as the specified file not being readable.
Also, OpenSSL's error queue is not correctly cleared:
$ ruby -w -ropenssl -e'OpenSSL.debug=true; ctx=OpenSSL::SSL::SSLContext.new; ctx.ca_file="bad-path"; ctx.setup; pp OpenSSL.errors'
-e:1: warning: can't set verify locations
["error:02001002:system library:fopen:No such file or directory",
"error:2006D080:BIO routines:BIO_new_file:no such file",
"error:0B084002:x509 certificate routines:X509_load_cert_crl_file: system lib"]
The behavior is currently different when compiled with OpenSSL >= 3.0:
SSLError is raised if SSL_CTX_load_verify_file() or
SSL_CTX_load_verify_dir() fails.
This inconsistency was unintentionally introduced by commit https://github.com/ruby/openssl/commit/5375a55ffc35
("ssl: use SSL_CTX_load_verify_{file,dir}() if available", 2020-02-22).
However, raising SSLError seems more appropriate in this situation.
Let's adjust the OpenSSL <= 1.1.1 code so that it behaves the same way
as the OpenSSL >= 3.0 code currently does.
Fixes: https://github.com/ruby/openssl/issues/649
https://github.com/ruby/openssl/commit/7eb10f7b75
|
|
doesn't exist.
OpenSSL built from the source creates the library directory to the
`/path/to/openssl_dir/lib64` as a default.
In the case, the `bundle exec rake compile -- --with-openssl-dir=<openssl_dir>`
cannot compile with the lib64 directory, and may compile with system OpenSSL's
libraries unintentionally. This commit is to check this case to avoid linking
with an unintentional library directory.
https://github.com/ruby/openssl/commit/ca54087462
|
|
Describe the behavior of OpenSSL::PKey::{DH,DSA,EC,RSA}#to_pem
and #to_der more clearly. They return a different result depending on
whether the pkey is a public or private key. This was not documented
adequately.
Also, suggest the use of OpenSSL::PKey::PKey#private_to_pem
and #public_to_pem instead, if possible.
https://github.com/ruby/openssl/commit/d22769af8f
|
|
Suggest the use of OpenSSL::PKey::PKey#private_to_pem and #public_to_pem
in the top-level documentation. For new programs, these are recommended
over OpenSSL::PKey::RSA#export (also aliased as #to_s and #to_pem)
unless there is a specific reason to use it, i.e., unless the PKCS#1
output format specifically is required.
The output format of OpenSSL::PKey::RSA#export depends on whether the
key is a public key or a private key, which is very counter-intuitive.
Additionally, when called with arguments to encrypt a private key, as in
this example, OpenSSL's own, non-standard format is used. The man page
of PEM_write_bio_PrivateKey_traditional(3) in OpenSSL 1.1.1 or later
states that it "should only be used for compatibility with legacy
programs".
https://github.com/ruby/openssl/commit/56312038d6
|
|
Let's consistently use the word "password". Although they are considered
synonymous, the mixed usage in the rdoc can cause confusion.
OpenSSL::KDF.scrypt is an exception. This is because RFC 7914 refers to
the input parameter as "passphrase".
https://github.com/ruby/openssl/commit/06d67640e9
|
|
SSL_ERROR_SYSCALL
Enrich SSLError's message with the low-level certificate verification
result, even if SSL_get_error() returns SSL_ERROR_SYSCALL. This is
currently done on SSL_ERROR_SSL only.
According to the man page of SSL_get_error(), SSL_ERROR_SYSCALL may be
returned for "other errors, check the error queue for details". This
apparently means we have to treat SSL_ERROR_SYSCALL, if errno is not
set, as equivalent to SSL_ERROR_SSL.
https://github.com/ruby/openssl/commit/5113777e82
|
|
Expand tabs, insert some spaces, and adjust indentation of switch-case
to match Ruby's style.
https://github.com/ruby/openssl/commit/10833aa8f6
|
|
(https://github.com/ruby/zlib/pull/55)
zstream_discard_input was encoding and character-aware when given input is user-provided, so this discards `len` chars instead of `len` bytes.
Also Zlib.gunzip explains in its rdoc that it is equivalent with the following code, but this doesn't fail for UTF-8 String.
```ruby
string = %w[1f8b0800c28000000003cb48cdc9c9070086a6103605000000].pack("H*").force_encoding('UTF-8')
sio = StringIO.new(string)
p gz.read #=> "hello"
gz&.close
p Zlib.gunzip(string) #=> Zlib::DataError
```
Reported and discovered by eagletmt at https://twitter.com/eagletmt/status/1689692467929694209
https://github.com/ruby/zlib/commit/c5e58bc62a
|
|
Both for being closer to real IOs and also because it's a convenient API
in multithreaded scenarios.
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
|
https://github.com/ruby/fiddle/commit/c313a74632
|
|
https://github.com/ruby/fiddle/commit/69ff680bf6
|
|
GitHub: fix https://github.com/ruby/fiddle/pull/130
Reported by Benoit Daloze. Thanks!!!
https://github.com/ruby/fiddle/commit/bc6c66bbb9
|
|
https://github.com/ruby/fiddle/commit/6cdf53726d
|
|
[ci skip]
|
|
rb_reg_onig_match performs preparation, error handling, and cleanup for
matching a regex against a string. This reduces repetitive code and
removes the need for StringScanner to access internal data of regex.
Notes:
Merged: https://github.com/ruby/ruby/pull/8123
|
|
Syncs commit ruby/strscan@76b377a5d875ec77282d9319d62d8f24fe283b40.
|
|
truffle/openssl-prefix on TruffleRuby
* See https://github.com/ruby/openssl/issues/650#issuecomment-1645699608
https://github.com/ruby/openssl/commit/ca738e7e13
|
|
https://github.com/flori/json/commit/82a75ba98e
Notes:
Merged: https://github.com/ruby/ruby/pull/8091
|
|
In `JSON#generate` and `JSON#fast_generate`:
- When the given `opts` is a `JSON::State` the variable is set to
`nil`.
- But it will be never used as the next `if` blocks will not be
executed.
- `JSON::State#configure` does the conversion to `Hash`, the
conversions in the `if` block are just duplication.
- `JSON::State.new` does the same thing with `configure` when an
argument is given.
https://github.com/flori/json/commit/5d9ab87f8e
Notes:
Merged: https://github.com/ruby/ruby/pull/8091
|
|
https://github.com/flori/json/commit/ed242667b4
Notes:
Merged: https://github.com/ruby/ruby/pull/8091
|
|
This macro is defined since ruby 2.1, which is older than the required
ruby version.
https://github.com/flori/json/commit/dd1d54e78a
Notes:
Merged: https://github.com/ruby/ruby/pull/8091
|
|
https://github.com/flori/json/commit/3dd36c6077
|
|
https://github.com/flori/json/commit/20b80ca317
|
|
Before:
```c
/* First part of user prologue. */
#line 14 "parse.y"
```
After:
```c
/* First part of user prologue. */
#line 14 "ripper.y"
```
Notes:
Merged: https://github.com/ruby/ruby/pull/8083
|
|
In `rb_ruby_ripper_parser_allocate`, `r->p` is NULL between creating
`self` and `parser_params` assignment. As GC can happen there, the
typed-data functions for it need to consider the case.
Notes:
Merged: https://github.com/ruby/ruby/pull/8085
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/8057
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/8066
|
|
Although MinGW provides this header but not the function, Windows
version ruby provides the function.
https://github.com/ruby/etc/commit/f7fa1884fa
|
|
OpenSSL::Cipher#pkcs5_keyivgen
(https://github.com/ruby/openssl/pull/647)
OpenSSL::Cipher#pkcs5_keyivgen should only be used when it is
absolutely necessary for compatibility with ancient applications.
Having an example can be misleading. We already have another example
for OpenSSL::Cipher in which PBKDF2 is used to derive a key.
As described in the rdoc of OpenSSL::Cipher#pkcs5_keyivgen, it is
compatible with PKCS#5 PBES1 (PKCS#5 v1.5) only when used in combination
of a hash function MD2, MD5, or SHA-1, and a cipher DES-CBC or RC2-CBC.
This example uses MD5 as the hash function and combines it with AES.
This is considered insecure and also using a non-standard technique to
derive longer keys.
https://github.com/ruby/openssl/commit/e379cc0cca
|
|
(https://github.com/ruby/openssl/pull/646)
Add OpenSSL::PKey.new_raw_private_key, #raw_private_key and public
equivalents. These methods are useful for importing and exporting keys
that support "raw private/public key". Currently, OpenSSL implements
X25519/X448 and Ed25519/Ed448 keys.
[rhe: rewrote commit message]
https://github.com/ruby/openssl/commit/3f29525618
Co-authored-by: Bart de Water <bartdewater@gmail.com>
|
|
https://github.com/ruby/etc/commit/b95ddef386
|
|
Fixes https://github.com/ruby/etc/pull/22.
Build failure when the ruby installed directory name contains spaces.
https://github.com/ruby/etc/commit/1ab19d5815
|
|
https://github.com/ruby/etc/commit/365398ea47
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/8050
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/8046
|
|
https://github.com/ruby/bigdecimal/commit/8a94a29cf1
|
|
https://github.com/ruby/bigdecimal/commit/f63544d465
|
|
We should leave additional dependency if we leave from them.
https://github.com/ruby/psych/commit/3d0325a774
|
|
https://github.com/ruby/psych/commit/902c292f26
|
|
According to the C99 specification section 7.20.3.2 paragraph 2:
> If ptr is a null pointer, no action occurs.
So we do not need to check that the pointer is a null pointer.
Notes:
Merged: https://github.com/ruby/ruby/pull/8004
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/7999
|
|
The following script leaks memory in Ripper:
```ruby
require "ripper"
20.times do
100_000.times do
Ripper.parse("")
end
puts `ps -o rss= -p #{$$}`
end
```
Notes:
Merged: https://github.com/ruby/ruby/pull/7985
|
|
protected
(https://github.com/ruby/fiddle/pull/129)
They don't have a mark function, so they don't need any change.
https://github.com/ruby/fiddle/commit/9bbc732aef
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
|
(https://github.com/ruby/fiddle/pull/127)
Save from having to mark them on every minor.
https://github.com/ruby/fiddle/commit/153c09c99f
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
|
https://github.com/ruby/fiddle/commit/4c0c5da1a5
|
|
GitHub: fix https://github.com/ruby/fiddle/pull/96
I wanted to add a test for this but I couldn't find a function that
has a "char" argument in libc...
Reported by kojix2. Thanks!!!
https://github.com/ruby/fiddle/commit/2c863ef8ba
|
|
https://github.com/ruby/fiddle/commit/2b22bb9d74
|
|
GitHub: fix https://github.com/ruby/fiddle/pull/100
Reported by David M. Lary. Thanks!!!
https://github.com/ruby/fiddle/commit/516333dd78
|
|
(https://github.com/ruby/fiddle/pull/123)
This commit adds two new methods, `Fiddle::Pointer.read` and
`Fiddle::Pointer.write`. Both methods take an address, and will read or
write bytes at that address respectively.
For example we can read from an address without making a Pointer object:
```ruby
Fiddle::Pointer.read(address, 5) # read 5 bytes
```
We can also write to an address without allocating a Pointer object:
```ruby
Fiddle::Pointer.write(address, "bytes") # write 5 bytes
```
This allows us to read / write memory at arbitrary addresses without
instantiating a new `Fiddle::Pointer` object.
Examples where this API would be useful
[1](https://github.com/tenderlove/tenderjit/blob/f03481d28bff4d248746e596929b0841de65f181/lib/tenderjit/fiddle_hacks.rb#L26-L28)
[2](https://github.com/tenderlove/ruby/blob/77c8daa2d40dd58eeb3785ce17dea2ee38f308d1/lib/ruby_vm/rjit/c_pointer.rb#L193)
[3](https://github.com/tenderlove/ruby/blob/77c8daa2d40dd58eeb3785ce17dea2ee38f308d1/lib/ruby_vm/rjit/c_pointer.rb#L284)
I also added a writer method for the same reasons as the reader.
---------
https://github.com/ruby/fiddle/commit/04238cefed
Co-authored-by: Sutou Kouhei <kou@clear-code.com>
|
|
https://github.com/ruby/openssl/commit/189c167e40
[rhe: tool/update-deps --fix to update ext/openssl/depend]
|
