aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/ossl_bn.c2
-rw-r--r--ext/openssl/ossl_cipher.c8
-rw-r--r--ext/openssl/ossl_ns_spki.c4
-rw-r--r--ext/openssl/ossl_pkey_ec.c6
-rw-r--r--ext/openssl/ossl_pkey_rsa.c2
-rw-r--r--ext/openssl/ossl_ssl.c3
-rw-r--r--ext/openssl/ossl_x509store.c9
7 files changed, 22 insertions, 12 deletions
diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c
index 4e371cb2..aa0f2c60 100644
--- a/ext/openssl/ossl_bn.c
+++ b/ext/openssl/ossl_bn.c
@@ -129,7 +129,7 @@ try_convert_to_bn(VALUE obj)
if (rb_obj_is_kind_of(obj, cBN))
return obj;
if (RB_INTEGER_TYPE_P(obj)) {
- newobj = NewBN(cBN); /* Handle potencial mem leaks */
+ newobj = NewBN(cBN); /* Handle potential mem leaks */
bn = integer_to_bnptr(obj, NULL);
SetBN(newobj, bn);
}
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 73b667b2..c2f0927a 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -23,7 +23,7 @@
#define GetCipher(obj, ctx) do { \
GetCipherInit((obj), (ctx)); \
if (!(ctx)) { \
- ossl_raise(rb_eRuntimeError, "Cipher not inititalized!"); \
+ ossl_raise(rb_eRuntimeError, "Cipher not initialized!"); \
} \
} while (0)
#define SafeGetCipher(obj, ctx) do { \
@@ -122,7 +122,7 @@ ossl_cipher_initialize(VALUE self, VALUE str)
name = StringValueCStr(str);
GetCipherInit(self, ctx);
if (ctx) {
- ossl_raise(rb_eRuntimeError, "Cipher already inititalized!");
+ ossl_raise(rb_eRuntimeError, "Cipher already initialized!");
}
AllocCipher(self, ctx);
if (!(cipher = EVP_get_cipherbyname(name))) {
@@ -418,7 +418,7 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
* Returns the remaining data held in the cipher object. Further calls to
* Cipher#update or Cipher#final will return garbage. This call should always
* be made as the last call of an encryption or decryption operation, after
- * after having fed the entire plaintext or ciphertext to the Cipher instance.
+ * having fed the entire plaintext or ciphertext to the Cipher instance.
*
* If an authenticated cipher was used, a CipherError is raised if the tag
* could not be authenticated successfully. Only call this method after
@@ -1023,7 +1023,7 @@ Init_ossl_cipher(void)
* An example using the GCM (Galois/Counter Mode). You have 16 bytes +key+,
* 12 bytes (96 bits) +nonce+ and the associated data +auth_data+. Be sure
* not to reuse the +key+ and +nonce+ pair. Reusing an nonce ruins the
- * security gurantees of GCM mode.
+ * security guarantees of GCM mode.
*
* cipher = OpenSSL::Cipher::AES.new(128, :GCM).encrypt
* cipher.key = key
diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c
index 98f6552e..4d978bd0 100644
--- a/ext/openssl/ossl_ns_spki.c
+++ b/ext/openssl/ossl_ns_spki.c
@@ -322,7 +322,7 @@ ossl_spki_verify(VALUE self, VALUE key)
/* Document-class: OpenSSL::Netscape::SPKI
*
- * A Simple Public Key Infrastructure implementation (pronounced "spookey").
+ * A Simple Public Key Infrastructure implementation (pronounced "spooky").
* The structure is defined as
* PublicKeyAndChallenge ::= SEQUENCE {
* spki SubjectPublicKeyInfo,
@@ -348,7 +348,7 @@ ossl_spki_verify(VALUE self, VALUE key)
* spki.public_key = key.public_key
* spki.sign(key, OpenSSL::Digest::SHA256.new)
* #send a request containing this to a server generating a certificate
- * === Verifiying an SPKI request
+ * === Verifying an SPKI request
* request = #...
* spki = OpenSSL::Netscape::SPKI.new request
* unless spki.verify(spki.public_key)
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index fc3f034a..10800d23 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -296,7 +296,7 @@ ossl_ec_key_get_group(VALUE self)
* key.group = group
*
* Sets the EC::Group for the key. The group structure is internally copied so
- * modifition to +group+ after assigning to a key has no effect on the key.
+ * modification to +group+ after assigning to a key has no effect on the key.
*/
static VALUE
ossl_ec_key_set_group(VALUE self, VALUE group_v)
@@ -1597,11 +1597,11 @@ ossl_ec_point_to_bn(int argc, VALUE *argv, VALUE self)
* Performs elliptic curve point multiplication.
*
* The first form calculates <tt>bn1 * point + bn2 * G</tt>, where +G+ is the
- * generator of the group of +point+. +bn2+ may be ommitted, and in that case,
+ * generator of the group of +point+. +bn2+ may be omitted, and in that case,
* the result is just <tt>bn1 * point</tt>.
*
* The second form calculates <tt>bns[0] * point + bns[1] * points[0] + ...
- * + bns[-1] * points[-1] + bn2 * G</tt>. +bn2+ may be ommitted. +bns+ must be
+ * + bns[-1] * points[-1] + bn2 * G</tt>. +bn2+ may be omitted. +bns+ must be
* an array of OpenSSL::BN. +points+ must be an array of
* OpenSSL::PKey::EC::Point. Please note that <tt>points[0]</tt> is not
* multiplied by <tt>bns[0]</tt>, but <tt>bns[1]</tt>.
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index cea228d6..5aa09d0d 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -706,7 +706,7 @@ Init_ossl_rsa(void)
/* Document-class: OpenSSL::PKey::RSA
*
* RSA is an asymmetric public key algorithm that has been formalized in
- * RFC 3447. It is in widespread use in public key infrastuctures (PKI)
+ * RFC 3447. It is in widespread use in public key infrastructures (PKI)
* where certificates (cf. OpenSSL::X509::Certificate) often are issued
* on the basis of a public/private RSA key pair. RSA is used in a wide
* field of applications such as secure (symmetric) key exchange, e.g.
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index eef7dbec..e2c8eb5e 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1483,7 +1483,8 @@ ossl_ssl_setup(VALUE self)
GetOpenFile(io, fptr);
rb_io_check_readable(fptr);
rb_io_check_writable(fptr);
- SSL_set_fd(ssl, TO_SOCKET(FPTR_TO_FD(fptr)));
+ if (!SSL_set_fd(ssl, TO_SOCKET(FPTR_TO_FD(fptr))))
+ ossl_raise(eSSLError, "SSL_set_fd");
return Qtrue;
}
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index eb81e0d4..4becc8e3 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -342,6 +342,15 @@ ossl_x509store_add_file(VALUE self, VALUE file)
if(X509_LOOKUP_load_file(lookup, path, X509_FILETYPE_PEM) != 1){
ossl_raise(eX509StoreError, NULL);
}
+#if OPENSSL_VERSION_NUMBER < 0x10101000 || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+ * X509_load_cert_crl_file() which is called from X509_LOOKUP_load_file()
+ * did not check the return value of X509_STORE_add_{cert,crl}(), leaking
+ * "cert already in hash table" errors on the error queue, if duplicate
+ * certificates are found. This will be fixed by OpenSSL 1.1.1.
+ */
+ ossl_clear_error();
+#endif
return self;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-25 11:34:54 +0000