| Age | Commit message (Collapse) | Author |
|---|
|
(https://github.com/ruby/openssl/pull/441)
* Add feature for loading the chained certificate into Certificate array.
https://github.com/ruby/openssl/commit/05e1c015d6
Co-authored-by: Sao I Kuan <saoikuan@gmail.com>
|
|
Methods that take both PEM-encoding and DER-encoding have not been
consistent in the order in which encoding to attempt to parse.
A DER-encoding may contain a valid PEM block ("\n-----BEGIN ..-----" to
"-----END ...-----") embedded within it. Also, the PEM-encoding parser
allows arbitrary data around the PEM block and silently skips it. As a
result, attempting to parse data in DER-encoding as PEM-encoding first
can incorrectly finds the embedded PEM block instead.
This commit ensures that DER encoding will always be attempted before
PEM encoding. OpenSSL::X509::Certificate is one of the updated classes.
With this, the following will always be true:
# obj is an OpenSSL::X509::Certificate
obj == OpenSSL::X509::Certificate.new(obj.to_der)
obj == OpenSSL::X509::Certificate.new(obj.to_pem)
https://github.com/ruby/openssl/commit/b280eb1fd0
|
|
https://github.com/ruby/openssl/commit/51b3030b2b
|
|
Normal sockets respond to `getbyte`, so we should make SSLSocket respond
to `getbyte` as well. This way we can substitute SSLSockets for regular
sockets.
https://github.com/ruby/openssl/commit/ac1490b7c9
|
|
Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
use EVP_PKEY_public_check() instead of EC_KEY_check_key().
EVP_PKEY_*check() is part of the EVP API and is meant to replace those
low-level functions. They were added by OpenSSL 1.1.1. It is currently
not provided by LibreSSL.
https://github.com/ruby/openssl/commit/797e9f8e08
|
|
The low-level API that is used to implement #public_key is deprecated
in OpenSSL 3.0. It is actually very simple to implement in another way,
using existing methods only, in much shorter code. Let's do it.
While we are at it, the documentation is updated to recommend against
using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der
method, there is no real use case for #public_key in newly written Ruby
programs.
https://github.com/ruby/openssl/commit/48a6c391ef
|
|
Use EVP_PKEY_print_private() instead of the low-level API *_print()
functions, such as RSA_print().
EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.
Note that it falls back to EVP_PKEY_print_public() and
EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
type for which _private() fails if the private component is not set in
the pkey object.
Since the new API works in the same way for all key types, we now
implement #to_text in the base class OpenSSL::PKey::PKey rather than in
each subclass.
https://github.com/ruby/openssl/commit/e0b4c56956
|
|
The previous series of commits re-implemented key generation with the
low level API with the EVP API. The BN_GENCB-based callback function is
no longer used.
https://github.com/ruby/openssl/commit/81027b7463
|
|
and keys
Implement PKey::DSA.new(size) and PKey::DSA.generate using
OpenSSL::PKey.generate_parameters and .generate_key instead of the low
level DSA functions.
https://github.com/ruby/openssl/commit/1800a8d5eb
|
|
and keys
Implement PKey::RSA.new(size, exponent) and PKey::RSA.generate using
OpenSSL::PKey.generate_key instead of the low level RSA functions.
https://github.com/ruby/openssl/commit/363fd10713
|
|
and keys
Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and
PKey::DH#generate_key! using PKey.generate_parameters and .generate_key
instead of the low level DH functions.
Note that the EVP interface can enforce additional restrictions - for
example, DH key shorter than 2048 bits is no longer accepted by default
in OpenSSL 3.0. The test code is updated accordingly.
https://github.com/ruby/openssl/commit/c2e9b16f0b
|
|
rb_thread_call_without_gvl() can be interrupted, but it may be able to
resume the operation. Call rb_thread_check_ints() to see if it raises
an exception or not.
https://github.com/ruby/openssl/commit/88b90fb856
|
|
#verify
Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
specifying control strings for EVP_PKEY_CTX_ctrl_str().
https://github.com/ruby/openssl/commit/faf85d7c1d
|
|
operations
The routine to apply Hash to EVP_PKEY_CTX_ctrl_str() is currently used
by key generation, but it is useful for other operations too. Let's
change it to a slightly more generic name.
https://github.com/ruby/openssl/commit/b2b77527fd
|
|
Fix potential leak of EVP_MD_CTX object in an error path. This path is
normally unreachable, since the size of a signature generated by any
supported algorithms would not be larger than LONG_MAX.
https://github.com/ruby/openssl/commit/99e8630518
|
|
Similarly to OpenSSL >= 1.1.0, LibreSSL 2.9.0 ensures thread safety
without requiring applications to set locking callbacks and made
related functions no-op.
https://github.com/ruby/openssl/commit/7276233e1a
|
|
LibreSSL 2.2.2 introduced TLS_method(), but with different semantics
from OpenSSL: TLS_method() enabled TLS >= 1.0 while SSLv23_method()
enabled all available versions, which included SSL 3.0 in addition.
However, LibreSSL 2.3.0 removed SSL 3.0 support completely and now
TLS_method() and SSLv23_method() are equivalent.
https://github.com/ruby/openssl/commit/3b7d7045b8
|
|
SSL_CTX_set_ecdh_auto() exists in OpenSSL 1.1.0 and LibreSSL 2.6.1, but
it is made no-op and the automatic curve selection cannot be disabled.
Wrap it with ifdef to make it clear that it is safe to remove it
completely when we drop support for OpenSSL 1.0.2.
https://github.com/ruby/openssl/commit/2ae8f21234
|
|
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.
OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:
- Ubuntu 14.04 is EOL since 2019-04-30
- RHEL 6 will reach EOL on 2020-11-30
LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.
Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.
https://github.com/ruby/openssl/commit/c055938f4b
|
|
Clarify that BN.new(str, 2) and bn.to_s(2) handles binary string in
big-endian, and the sign of the bignum is ignored.
Reference: https://github.com/ruby/openssl/issues/431
https://github.com/ruby/openssl/commit/6fae2bd612
|
|
Adds standard math abs fuction and revises uplus to return a duplicated object due to BN mutability
https://github.com/ruby/openssl/commit/0321b1e945
|
|
(https://github.com/ruby/fiddle/pull/88)
https://github.com/ruby/fiddle/commit/4ee1c6fc4b
|
|
(https://github.com/ruby/fiddle/pull/86)
https://github.com/ruby/fiddle/commit/c5abcc3a7e
|
|
FIddle::Handle#to_ptr (https://github.com/ruby/fiddle/pull/87)
https://github.com/ruby/fiddle/commit/170111a0cb
|
|
|
|
https://github.com/ruby/fiddle/commit/93f9564446
|
|
(https://github.com/ruby/fiddle/pull/85)
Drop supports for old versions, keeping 2.5 as CI supports it for
now.
https://github.com/ruby/fiddle/commit/90634e7c55
|
|
Fix https://github.com/ruby/fiddle/pull/84
It may detect ruby/memory_view.h for system Ruby that is installed in
/usr.
We can use RUBY_API_VERSION_MAJOR to detect memory view availability
because memory view is available since Ruby 3.0.
Reported by Jun Aruga. Thanks!!!
https://github.com/ruby/fiddle/commit/3292929830
|
|
(https://github.com/ruby/fiddle/pull/83)
* Add "offsetof" to Struct classes
I need to get the offset of a member inside a struct without allocating
the struct. This patch adds an "offsetof" class method to structs that
are generated.
The usage is like this:
```ruby
MyStruct = struct [
"int64_t i",
"char c",
]
MyStruct.offsetof("i") # => 0
MyStruct.offsetof("c") # => 8
```
* Update test/fiddle/test_c_struct_builder.rb
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
https://github.com/ruby/fiddle/commit/4e3b60c5b6
Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
|
|
https://github.com/ruby/fiddle/commit/049138b4b8
|
|
https://github.com/ruby/fiddle/commit/0ed39345fe
|
|
https://github.com/ruby/fiddle/commit/bddca7c895
|
|
(https://github.com/ruby/fiddle/pull/80)
fix https://github.com/ruby/fiddle/pull/79
Users can release memory views explicitly before process exit.
Reported by xtkoba. Thanks!!!
https://github.com/ruby/fiddle/commit/1de64b7e76
|
|
(https://github.com/ruby/fiddle/pull/78)
Fix https://github.com/ruby/fiddle/pull/74
Reported by dsisnero. Thanks!!!
|
|
Ruby: [Bug #11579]
Patch by cremno phobia. Thanks!!!
https://github.com/ruby/fiddle/commit/760a8f9b14
|
|
https://github.com/ruby/fiddle/commit/3784cfeec4
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4645
|
|
https://github.com/ruby/date/commit/404f9d2096
|
|
Fixes [Bug #17945]
https://github.com/ruby/date/commit/953d907238
|
|
|
|
https://github.com/ruby/stringio/commit/a88c070e0b
|
|
|
|
```
../../../src/ext/bigdecimal/bigdecimal.c:303:5: error: 'maybe_unused' attribute cannot be applied to types
ENTER(1);
^
```
|
|
* Prefix "./" to the import library name to expanded when static
linking exts.
* Copy zlib shared library to the top build directory.
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4612
|
|
|
|
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4592
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4477
|
|
https://github.com/ruby/readline-ext/commit/8541aaccb5
|
