aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #348 from rhenium/ky/fix-openssl-version-constantKazuki Yamaguchi2020-02-222-1/+2
|\ | | | | lib/openssl.rb: require openssl/version.rb
| * lib/openssl.rb: require openssl/version.rbky/fix-openssl-version-constantKazuki Yamaguchi2020-02-222-1/+2
|/ | | | | | | | The OpenSSL::VERSION constant is now defined by lib/openssl/version.rb instead of by the extension. Add missing require statement. Fixes: 0cddb0b736c8 ("Simplify handling of version constant.", 2019-10-31) Reference: https://github.com/ruby/openssl/issues/347
* Merge pull request #322 from rhenium/ky/config-deprecate-modifyKazuki Yamaguchi2020-02-213-49/+77
|\ | | | | config: deprecate OpenSSL::Config#add_value and #[]=
| * config: deprecate OpenSSL::Config#add_value and #[]=ky/config-deprecate-modifyKazuki Yamaguchi2020-02-193-49/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL::Config is currently implemented in Ruby, but we plan to revert back to use OpenSSL API, just as it did before r28632 (in ruby_1_8; r29048 in trunk). It's not clear what was the issue with Windows, but the CONF library should work on Windows too. Modifying a CONF object is not possible in OpenSSL API. Actually, it was possible in previous versions of OpenSSL, but we used their internal functions that are not exposed in shared libraries anymore. Accordingly, OpenSSL::Config#add_value and #[]= have to be removed. As a first step towards the change, let's deprecate those methods.
* | Merge pull request #346 from rhenium/ky/engine-load-updatesKazuki Yamaguchi2020-02-212-14/+4
|\ \ | | | | | | engine: small cleanups on OpenSSL::Engine.load
| * | engine: fix guards for 'dynamic' and 'cryptodev' enginesky/engine-load-updatesKazuki Yamaguchi2020-02-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Those two engines exist as builtin engines even if static engines are disabled with OPENSSL_NO_STATIC_ENGINE. This is the default with recent OpenSSL. This has prevented Engine.load("dynamic") from working and required the user to call OpenSSL::Engine.load with no arguments, which loads all builtin engines including 'dynamic'. Note that OpenSSL 1.1.0 and newer calls (the equivalent of) ENGINE_load_builtin_engines() on its initialization. This includes 'dynamic' and 'cryptodev' engines (if available).
| * | engine: do not check for ENGINE_load_builtin_engines()Kazuki Yamaguchi2020-02-212-5/+1
| | | | | | | | | | | | | | | | | | Remove dead code. The function, or a macro in OpenSSL 1.1.0 and newer, always exists unless the whole engine code is disabled with OPENSSL_NO_ENGINE.
| * | engine: remove really outdated static enginesKazuki Yamaguchi2020-02-212-8/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | They no longer exists in OpenSSL 1.0.1, which is the oldest version Ruby/OpenSSL currently compiles with. Note that OpenSSL 1.0.2 and older is already in EOL state. The following engines should also be removed when we completely drop support for those versions as they were removed in OpenSSL 1.1.0. - 4758cca - aep - atalla - chil - cswift - nuron - sureware - ubsec - gmp - gost
* | | Merge pull request #345 from rhenium/ky/engine-load-revert-cloudhsmKazuki Yamaguchi2020-02-212-5/+1
|\| | | | | | | | engine: revert OpenSSL::Engine.load changes for cloudhsm
| * | engine: revert OpenSSL::Engine.load changes for cloudhsmky/engine-load-revert-cloudhsmKazuki Yamaguchi2020-02-202-5/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Revert two commits: - ea49ccc82aa4 Add cloudhsm to extconf.rb - 33ed3ba10424 Add cloudhsm to ossl_engine.c OpenSSL::Engine.load is a binding for ENGINE_load_*() functions which are provided by OpenSSL itself, so-called "static engines". Since the AWS CloudHSM engine is a dynamic engine, which is provided as a shared library, this change is not a correct solution for the issue. Reference: https://github.com/ruby/openssl/issues/189 Reference: https://github.com/ruby/openssl/pull/190
* | Merge pull request #344 from rhenium/ky/ssl-test-fixupsKazuki Yamaguchi2020-02-191-20/+18
|\ \ | | | | | | test/openssl/test_ssl: test fixes
| * | test/openssl/test_ssl: allow kRSA tests to failky/ssl-test-fixupsKazuki Yamaguchi2020-02-191-2/+7
| | | | | | | | | | | | | | | Non-forward-secrecy cipher suites may be disabled when OpenSSL's security level is set to 3 or higher.
| * | test/openssl/test_ssl: remove commented-out test caseKazuki Yamaguchi2020-02-191-13/+0
| | | | | | | | | | | | | | | | | | Reapply commit ca77d5504f0a ("Remove out-of-scope test.", 2019-12-29). Private methods are not to be used by users and the behavior should not be tested.
| * | test/openssl/test_ssl: avoid explicitly-sized private keysKazuki Yamaguchi2020-02-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix possible test failure in test_add_certificate_multiple_certs. In environment with OpenSSL's security level set to 3, RSA keys with 2048 bits will be rejected. Since the test case does not require the exact size of a key, just use the generic rsa-3 key.
| * | test/openssl/test_ssl: fix random failure in SSLSocket.open testKazuki Yamaguchi2020-02-191-2/+6
| | | | | | | | | | | | | | | Let test_socket_open_with_local_address_port_context use a random high port number and also ignore Errno::EADDRINUSE in case it is in use.
| * | test/openssl/test_ssl: remove sleep from test_finished_messagesKazuki Yamaguchi2020-02-191-2/+4
| | | | | | | | | | | | | | | Ensure that the handshake fully completes by sending data each other rather than by inserting 50ms sleep.
* | | Merge pull request #343 from rhenium/ky/ssl-avoid-mixed-declarationsKazuki Yamaguchi2020-02-191-12/+12
|\ \ \ | |_|/ |/| | ssl: avoid declarations after statements
| * | ssl: avoid declarations after statementsky/ssl-avoid-mixed-declarationsKazuki Yamaguchi2020-02-191-12/+12
| |/ | | | | | | | | | | We cannot use C99 features yet, as we still support Ruby 2.6 and older. Fixes: debaca25604c ("Adds support for the 'get_finished' and 'get_peer_finished' functions", 2019-06-25)
* / History.md: add missing references to GitHub issuesKazuki Yamaguchi2020-02-191-10/+31
|/ | | | | | | Add links to GitHub issues or pull requests. Also, move incompatible changes to a separate section for better visibility.
* Merge pull request #333 from rhenium/ky/remove-wdeprecated-declarationsKazuki Yamaguchi2020-02-173-66/+8
|\ | | | | extconf.rb: get rid of -Werror=deprecated-declarations
| * extconf.rb: get rid of -Werror=deprecated-declarationsky/remove-wdeprecated-declarationsKazuki Yamaguchi2020-02-162-33/+6
| | | | | | | | | | | | | | | | | | | | | | No function needs -Werror=deprecated-declarations flag to check availability any more. This also fixes -Werror=deprecated-declarations erroneously carrying on to the actual compilation, resulting in an compilation error on some environment. Fixes: https://github.com/ruby/openssl/pull/331
| * random: make OpenSSL::Random.pseudo_bytes alias of .random_bytesKazuki Yamaguchi2020-02-162-33/+2
| | | | | | | | | | | | | | | | The default implementation of RAND_pseudo_bytes() uses the same routine as RAND_bytes(). Note that OpenSSL::Random.pseudo_bytes has been available only when it is compiled with EOL versions of OpenSSL.
* | Merge pull request #339 from rhenium/ky/ts-simplify-tsreq-get-algorithmKazuki Yamaguchi2020-02-172-16/+1
|\ \ | | | | | | ts: simplify OpenSSL::Timestamp::Request#algorithm
| * | ts: simplify OpenSSL::Timestamp::Request#algorithmky/ts-simplify-tsreq-get-algorithmKazuki Yamaguchi2020-02-172-16/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stop the special treatment of invalid hashAlgorithm of the message imprint. Those invalid values can only appear after the object is instantiated, before the user sets an actual message digest algorithm. OpenSSL::Timestamp::TokenInfo#algorithm already does the same. Also, remove the test case "test_create_request" since it does not make much sense. Those fields are to be set by the user after creation of the object and checking the initial value is pointless. Fixes: https://github.com/ruby/openssl/issues/335
* | | Merge pull request #338 from rhenium/ky/ssl-test-fix-fallback-scsvKazuki Yamaguchi2020-02-171-0/+4
|\ \ \ | | | | | | | | test/openssl/test_ssl: skip test_fallback_scsv if necessary
| * | | test/openssl/test_ssl: skip test_fallback_scsv if necessaryky/ssl-test-fix-fallback-scsvKazuki Yamaguchi2020-02-171-0/+4
| |/ / | | | | | | | | | | | | | | | | | | | | | Run the test case only when the OpenSSL supports both TLS 1.1 and TLS 1.2. Note that the fallback SCSV mechanism is for TLS 1.2 or older and not for 1.3. Fixes: https://github.com/ruby/openssl/issues/336
* | | Merge pull request #326 from MSP-Greg/travis-pruneKazuki Yamaguchi2020-02-171-13/+0
|\ \ \ | |/ / |/| | .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2
| * | .travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2MSP-Greg2020-02-151-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | Two jobs in Travis are duplicates of Actions jobs, and one is unlikely. The below two jobs are running in Actions on all OS's Ruby 2.3 and OpenSSL 1.0.2, Ruby 2.5 and OpenSSL 1.1.1 Ruby head and OpenSSL 1.0.2 - OpenSSL 1.0.2 is EOL, and the CI is running 1.0.2g, last release was 1.0.2u.
* | | Fixed inconsistency directory structure with ruby/ruby repoHiroshi SHIBATA2020-02-1750-1/+2
| | |
* | | Merge pull request #332 from mame/make-fixed_length_secure_compare-test-tolerantKazuki Yamaguchi2020-02-161-4/+7
|\ \ \ | |_|/ |/| | Make OpenSSL::OSSL#test_memcmp_timing robust
| * | Make OpenSSL::OSSL#test_memcmp_timing robustYusuke Endoh2020-02-161-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test was too fragile. Actually, it fails on one of our CIs immediately after it was merged to ruby/ruby. https://gist.github.com/ko1/7ea4a5826641f79e2f9e041d83e45dba#file-brlog-trunk_clang_40-20200216-101730-L532-L535 https://gist.github.com/ko1/1c657746092b871359d8bf9e0ad28921#file-brlog-trunk-test4-20200216-104518-L473-L476 * Two measurements, a-b and a-c, must be interative instead of sequential; the execution time will be easily affected by disturbance (say, cron job or some external process invoked during measurement) * The comparison of the two results must be relative instead of absolute; slow machine may take several tens of seconds for each execution, and one delta second is too small. The test cases of a, b, and c are very extreme, so if the target method has a bug, the two execution times would be very different. So I think it is enough to check if the difference is less than 10 times.
* | | Merge pull request #330 from ruby/guard-pkey-ec-addHiroshi SHIBATA2020-02-161-6/+11
|\ \ \ | |/ / |/| | Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms
| * | Guard for OpenSSL::PKey::EC::Group::Error with unsupported platformsHiroshi SHIBATA2020-02-161-6/+11
|/ /
* | Merge pull request #321 from ruby/revert-ref-version-fileHiroshi SHIBATA2020-02-161-8/+1
|\ \ | |/ |/| Drop to reference OpenSSL::VERSION on gemspec
| * Drop to reference OpenSSL::VERSION on gemspec. It failed to test with ruby ↵Hiroshi SHIBATA2020-02-161-8/+1
| | | | | | | | core repository
* | Revert "Fix segfaults in OpenSSL::PKey::RSA#private_{en,de}crypt when ↵Kazuki Yamaguchi2020-02-161-6/+6
|/ | | | | | | | | | | | | | | | private exp not set" This reverts commit e30b9a27f00338b065e90c6172d1c4509edc2853 (#255) except the added test code. The 'd' value can be NULL when the RSA private key is backed by an OpenSSL engine, such as an HSM. In that case, only 'n' and 'e' are visible from the OpenSSL API. The original issue has been fixed by Pull Request #258 in another way. Reference: https://github.com/ruby/openssl/pull/255 Reference: https://github.com/ruby/openssl/pull/258
* Revert add_certificate_chain_file changes (#320)Hiroshi SHIBATA2020-02-163-185/+7
| | | | | | | | | | | | | Revert SSLContext#add_certificate_chain_file changes * 0da0dfaf09f549b2b2cd984627b321b7908d1186. * 8d12f0f6ca944212cb8000e689469d7aaa8190d7. * 49f42ad5f82f8b61f51a16e3a6df1ab0d5307d5f. * 5ee295ab8e37c8ffc6eb8c1b7b79ec024f3253e4. * 8b4fa5e336c7544ea677ccee160ec6d221559e10. * 443d13e9b2c127230fde2733959eaa4d41eb355d. * 5d866038920edf2729865653d6dc9309589f089a. * f18559acf97a6f6aaf3d253417eb0100b262cbc6.
* Merge pull request #323 from ruby/remove-appveyorSHIBATA Hiroshi2020-02-152-27/+1
|\ | | | | Removed appveyor configuration and badge
| * Removed appveyorHiroshi SHIBATA2020-02-152-27/+1
|/
* Add Actions mswin, update CIMSP-Greg2020-02-095-95/+123
|
* Improve string allocation.Samuel Williams2020-02-071-8/+8
|
* 'finished' messages: expand sizer array to 1-bytesMo Morsi2020-02-061-4/+4
| | | | | | | | Zero-size arrays not playing nicely with visual studio / mingw, see: https://github.com/ruby/ruby/pull/2693 Also see related discussion pertaining to using NULL pointer here: https://github.com/ruby/openssl/pull/315
* Tests are failing sporadically on Darwin with EPIPE.Samuel Williams2020-02-061-2/+2
|
* Merge in changes to tests from upstream.Samuel Williams2020-02-061-0/+13
|
* Ensure that binary buffer is used at all times.Samuel Williams2020-02-062-5/+35
|
* Prefer `frozen_string_literal: true`.Samuel Williams2020-02-0643-66/+65
|
* Merge pull request #311 from ruby/support-ruby-repoSHIBATA Hiroshi2020-01-283-38/+42
|\ | | | | Support Ruby repository
| * Use assert_raise instead of assert_raisesHiroshi SHIBATA2020-01-282-37/+37
| |
| * fallback for ruby core repositoyHiroshi SHIBATA2020-01-281-1/+5
|/
* Add cloudhsm to extconf.rbKyle Oliveira2020-01-251-1/+2
| | | to support the CloudHSM OpenSSL library
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 14:51:21 +0000