| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
* maint-3.1:
Remove "gemspec" from Gemfile
|
| |\
| | |
| | |
| | |
| | | |
* maint-3.0:
Remove "gemspec" from Gemfile
|
| | |\
| | | |
| | | | |
Remove "gemspec" from Gemfile
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The local lib directory may contain an incomplete openssl library.
The "gemspec" line in Gemfile causes "bundle exec" to put the lib
directory in the load path. Although our Rakefile does not use openssl
itself, it still indirectly tries to load it as a RubyGems dependency.
|
|\| |
| | |
| | |
| | |
| | | |
* maint-3.1:
Don't download OpenSSL from ftp.openssl.org anyomre
|
| |\|
| | |
| | |
| | |
| | | |
* maint-3.0:
Don't download OpenSSL from ftp.openssl.org anyomre
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.0 branch. ]
OpenSSL announced that they're changing how they handle releases in this
blog post: https://openssl.org/blog/blog/2024/04/30/releases-distribution-changes/
The tl;dr is that:
* ftp.openssl.org is being shut down (even for HTTP access)
* The releases at openssl.org/source will redirect to github
* git.openssl.org is also shut down (the git repo is on github)
This commit just changes over to using openss.org/source instead of
ftp.openssl.org. We might also need to switch to downloading directly
from Github... let's see.
It also changes to cloning the head of openssl from github too.
(cherry picked from commit 64c50112b60e2cdcc447620a1bd73380f7186600)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.2 branch. ]
We use dh2048_ffdhe2048.pem file (DH 2048 bits) instead of dh1024.pem file in
both non-FIPS and FIPS cases. Because the following command fails to generate
the pem file with 1024 bits. And the OpenSSL FIPS 140-2 security policy
document explains the DH public keys are allowed from 2048 bits.[1]
```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
dhparam -out dh1024.pem 1024
Generating DH parameters, 1024 bit long safe prime
dhparam: Generating DH key parameters failed
```
The dh2048_ffdhe2048.pem file was created by the following command with the
OpenSSL FIPS configuration file. The logic to generate the DH pem file is
different between non-FIPS and FIPS cases. In FIPS, it seems that the command
always returns the text defined as ffdhe2048 in the FFDHE groups in RFC 7919
unlike non-FIPS.[2]
As the generated pem file is a normal and valid PKCS#3-style group parameter, we
use the file for the non-FIPS case too.
```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
dhparam -out dh2048_ffdhe2048.pem 2048
```
Note that the hard-coded PEM-encoded string in the `test_DHparams` is
intentional to avoid modifying the content unintentionally.
* [1] https://www.openssl.org/source/ - OpenSSL 3.0.8 FIPS 140-2 security
policy document page 25, Table 10 – Public Keys - DH Public
- DH (2048/3072/4096/6144/8192) public key agreement key
* [2] RFC7919 - Appendix A.1: ffdhe2048
https://www.rfc-editor.org/rfc/rfc7919#appendix-A.1
(cherry picked from commit 6a4ff26475adbbd70a1df430f314f03544172b15)
|
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.2 branch. ]
(cherry picked from commit dc26433ae5705a0e040b2b79e09675308d53ab9f)
|
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.2 branch. ]
(cherry picked from commit fafe1af4a96e498ec49d3b0ad1998950f953d802)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.2 branch. ]
Where `assert_match` converts string matcher argument to regexp first
with escaping, `assert_include` does the same thing simpler.
(cherry picked from commit 81007e0a49990afb752f0eac6badb3a6e84a432d)
|
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.2 branch. ]
(cherry picked from commit 9a6e24daafd09c34a6aaef2626438c800d1fc86a)
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* maint-3.1:
Fix modular square root test with LibreSSL >= 3.8
pkcs7: raise PKCS7Error for PKCS7 without content in PKCS7.read_smime
pkcs7: raise ArgumentError for PKCS7 with no content in PKCS7.new
cipher: fix buffer overflow in Cipher#update
ssl: allow failure on test_connect_certificate_verify_failed_exception_message
.github/workflows/test.yml: synchronize with master
Only CSR version 1 (encoded as 0) is allowed by PKIX standards
test_asn1.rb: Remove the assertions of the time string format without second.
test/openssl/test_asn1.rb: skip failing tests on LibreSSL 3.6.0
Use EVP_Digest{Sign,Verify} when available
Fix performance regression in do_write(s)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.1 branch. ]
If x is a modular square root of a (mod p) then so is (p - x). Both
answers are valid. In particular, both 2 and 3 are valid square roots
of 4 (mod 5). Do not assume that a particular square root is chosen by
the algorithm. Indeed, the algorithm in OpenSSL and LibreSSL <= 3.7
returns a non-deterministic answer in many cases. LibreSSL 3.8 and
later will always return the smaller of the two possible answers. This
breaks the current test case.
Instead of checking for a particular square root, check that the square
of the claimed square root is the given value. This is always true. Add
the simplest test case where the answer is indeed non-deterministic.
(cherry picked from commit 93548ae9597ba40d3f8b564f6a948ce55b432e30)
|
| |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* maint-3.0:
pkcs7: raise PKCS7Error for PKCS7 without content in PKCS7.read_smime
pkcs7: raise ArgumentError for PKCS7 with no content in PKCS7.new
cipher: fix buffer overflow in Cipher#update
ssl: allow failure on test_connect_certificate_verify_failed_exception_message
.github/workflows/test.yml: synchronize with master
Only CSR version 1 (encoded as 0) is allowed by PKIX standards
test_asn1.rb: Remove the assertions of the time string format without second.
test/openssl/test_asn1.rb: skip failing tests on LibreSSL 3.6.0
Use EVP_Digest{Sign,Verify} when available
Fix performance regression in do_write(s)
|
| | |\
| | | |
| | | | |
Handle missing content in PKCS7
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[pkuzco: expanded the fix for other content types]
[ky: adjusted formatting and the exception type]
Co-authored-by: pkuzco <b.naamneh@gmail.com>
Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes [Bug #19974]
[pkuzco: expanded the fix for other content types]
[ky: adjusted formatting and the exception type]
Co-authored-by: pkuzco <b.naamneh@gmail.com>
Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
|
| | |\ \
| | | |/
| | |/| |
cipher: fix buffer overflow in Cipher#update
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL::Cipher#update currently allocates the output buffer with size
(input data length)+(the block size of the cipher). This is insufficient
for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers.
They have a block size of 8 bytes, but the output may be up to 15 bytes
larger than the input.
Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output
buffer size, instead. OpenSSL doesn't provide a generic way to tell the
maximum required buffer size for ciphers, but this is large enough for
all algorithms implemented in current versions of OpenSSL.
Fixes: https://bugs.ruby-lang.org/issues/20236
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This patch only applies to the 3.0 and 3.1 branch. ]
It is a test case for SSLSocket generating an informative error message
on a certificate verification failure. A change in OpenSSL 3.1 broke it
and a generic error message is currently generated.
This is fixed in the 3.2 branch by commit 5113777e8271, but I decided
not to backport the commit to the 3.0 branch because the diff doesn't
apply cleanly.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.0 branch. ]
Backport changes made to .github/workflows/test.yml in master branch,
except:
- Minimum version is Ruby 2.6
- FIPS-mode related changes are excluded (as it's not supported)
This includes the following commits:
fcf53d5d6e88 CI: Remove workaround for Ruby-3.2 and 3.3 on Windows
567b412612c3 CI: Upgrade OpenSSL and LibreSSL versions.
405f1eee3dcf CI: Add OpenSSL no-legacy case.
9a995837ba7b CI: Upgrade OpenSSL and LibreSSL versions.
6feeeb821592 CI: Add the rubyinstaller2 issue link that legacy provider is not loaded.
7aed35ac969d Windows Ruby 3.3: Workaround: Set OPENSSL_MODULES to find providers.
adfb6bb9e5b7 CI: Add OpenSSL 3.2.0.
fafe1af4a96e CI: Change the openssl_fips.cnf.tmpl and openssl_fips.cnf directories.
f07e6f5ff2e7 CI: Upgrade OpenSSL and LibreSSL versions.
0dda88d44811 Merge pull request #682 from ruby/dependabot/github_actions/actions/checkout-4
0b83eed154de Rakefile: Add test_fips task for convenience.
b94314f7165f Bump actions/checkout from 3 to 4
8c7a6a17e2bd Remove OSSL_DEBUG compile-time option
e35f19076aac CI: Replace "mode" in "FIPS mode" with "module".
61434f66d6a4 Rakefile: Print FIPS information in the `rake debug`.
7ec8024b1e9a CI: Add OpenSSL master branch head non-FIPS and FIPS cases.
24d8addd2ac9 CI: Upgrade OpenSSL versions.
fddfc5585482 CI: Add OpenSSL 3.1 FIPS case.
58ce7fa4b90c .github/workflows/test.yml: add provider load path for Windows
f6e57e1b9088 CI: Fix a typo in the comment. [ci skip]
52402f6a1cad CI: Check compiler warnings.
f6ba75e51e05 Drop support for Ruby 2.6
3456770a4219 CI: Upgrade OpenSSL and LibreSSL versions.
79786cab6f77 CI: Rename the key name "foo_bar" (underscore) to "foo-bar" (hyphen).
8149cdf6e874 CI: Add the test/openssl/test_pkey.rb on the FIPS mode case.
08e19817b5d0 CI: Enable the verbose mode in the mkmf.rb by env MAKEFLAGS.
121b3b2a35ca Revert "CI: Enable the verbose mode in the mkmf.rb."
a832f5cb98ee CI: Enable the verbose mode in the mkmf.rb.
18b017218ca8 CI: Add OpenSSL FIPS mode case.
af27f509a147 .github/workflows/test.yml: Update OpenSSL versions
d277123cb7bb skip failing test with truffleruby and ubuntu-22.04
25352f4f6c08 Exclude truffleruby with macos-latest
d7f90c7c03b7 Fix missing needs call
064066437607 Try to run with TruffleRuby
aeee125a7b3d Use ruby/actions/.github/workflows/ruby_versions.yml@master
fd4074235877 .github/workflows/test.yml: update LibreSSL versions
ff2fe4b4c5b3 Strip trailing spaces [ci skip]
9c24dccf5436 Actions - Use Ubuntu 20.04 for 1.1.1 CI, misc fixes
cc876f58532c [CI] test.yml - test-openssls - use 1.1.1q, 3.0.5
0fb8d1b43aa5 [CI] add Ubuntu-22.04 and update mswin, all are OpenSSL 3
158868649532 Merge pull request #505 from ruby/update-actions
9f901dc05ce5 Test on LibreSSL 3.4 and 3.5
f2d072cad504 Use actions/checkout@v3
699e2749f525 Added 3.1
b28df9025f12 Install openssl with vcpkg on mswin
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.0 branch. ]
RFC 2986, section 4.1 only defines version 1 for CSRs. This version
is encoded as a 0. Starting with OpenSSL 3.3, setting the CSR version
to anything but 1 fails.
Do not attempt to generate a CSR with invalid version (which now fails)
and invalidate the CSR in test_sign_and_verify_rsa_sha1 by changing its
subject rather than using an invalid version.
This commit fixes the following error.
```
2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError:
X509_REQ_set_version: passed invalid argument
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version='
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr'
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in
`test_version'
40: req = OpenSSL::X509::Request.new(req.to_der)
41: assert_equal(0, req.version)
42:
=> 43: req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
44: assert_equal(1, req.version)
45: req = OpenSSL::X509::Request.new(req.to_der)
46: assert_equal(1, req.version)
```
(cherry picked from commit c06fdeb0912221d9a2888369bbf9c10704af021e)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.0 branch. ]
This commit fixes the following errors in the tests.
Because the OpenSSL project changed the code to make the time string format
without second invalid. So, we drop the assertions.
```
1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime'
430: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
431: # LibreSSL 3.6.0 requires the seconds element
432: return if libressl?
=> 433: decode_test B(%w{ 18 0D }) + "201612081934Z".b,
434: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
435: # not implemented
436: # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b,
2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime'
408: end
409: # Seconds is omitted. LibreSSL 3.6.0 requires it
410: return if libressl?
=> 411: decode_test B(%w{ 17 0B }) + "1609082343Z".b,
412: OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
413: # not implemented
414: # decode_test B(%w{ 17 11 }) + "500908234339+0930".b,
```
(cherry picked from commit 2e826d571546cdc3beaa884f9e522a102d531641)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.0 branch. ]
LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime
to be always present. LibreSSL 3.6.0 release note [1] says:
> - The ASN.1 time parser has been refactored and rewritten using CBS.
> It has been made stricter in that it now enforces the rules from
> RFC 5280.
[1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt
(cherry picked from commit bbc540fe83195e2a54cf40fab448cea2afe4df1d)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ This is a backport to the 3.0 branch. ]
LibreSSL 3.4 added EVP_DigestSign() and EVP_DigestVerify(). Use them
when available to prepare for the addition of Ed25519 support in
LibreSSL 3.7.
(cherry picked from commit 475b2bf766d6093370e49abd5dce5436cc0034ca)
|
| | |\
| | | |
| | | | |
Fix regression in do_write(s) causing significant performance issues when using large (>10meg) writes
|
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This causes significant performance issues when using large (>10meg) writes
Fix by adjusting the buffer write function to clear the buffer once, rather than
piece by piece, avoiding a case where a large write (in our case, around
70mbytes) will consume 100% of CPU. This takes a webrick GET request via SSL
from around 200kbyts/sec and consuming 100% of a core, to line speed on gigabit
ethernet and 6% cpu utlization.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Reword the description in README for more clarity.
* Add a compatibility matrix of our stable branches and explain the
maintenance policy.
* Remove the obsolete paragraph for how to use the gem in Ruby 2.3,
which is no longer supported.
|
|\ \ \
| | | |
| | | | |
Bump actions/checkout from 3 to 4
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \ \
| |/ / /
|/| | | |
Fix test_pkey_ec.rb on FIPS.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
* Split the test in the FIPS case as another test.
* test/openssl/utils.rb: Add omit_on_fips and omit_on_non_fips methods.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Run the test with `assert_separately` for the `false` value of the
`OpenSSL.fips_mode` not to affect other tests.
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
Remove OSSL_DEBUG compile-time option
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove the OSSL_DEBUG flag and OpenSSL.mem_check_start which is only
compiled when the flag is given. They are meant purely for development
of Ruby/OpenSSL.
OpenSSL.mem_check_start helped us find memory leak bugs in past, but
it is no longer working with the recent OpenSSL versions. Let's just
remove it now.
|
|\ \ \ \
| | | | |
| | | | | |
Fix OCSP documentation
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
`port` should be called on the `ocsp_uri` URI instead of `ocsp`, which
is just a string.
|
|\ \ \ \
| |/ / /
|/| | | |
instead of looking of NIDs and then using X509V3_EXT_nconf_nid,
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
instead of looking of NIDs and then using X509V3_EXT_nconf_nid,
instead just pass strings to X509V3_EXT_nconf, which has all the logic for
processing dealing with generic extensions
also process the oid through ln2nid() to retain compatibility.
[rhe: tweaked commit message and added a test case]
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL::X509::ExtensionFactory#create_ext and #create_extensions
accepts both sn (short names) and ln (long names) for registered OIDs.
This is different from the behavior of the openssl command-line utility
which accepts only sn in openssl.cnf keys.
Add a test case to check this.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The test case test_error_data utilizes the error message generated by
X509V3_EXT_nconf_nid(). The next commit will use X509V3_EXT_nconf(),
which generates a slightly different error message. Let's adapt the
check to it.
|
|\ \ \ \
| | | | |
| | | | | |
ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In TLS 1.2 or before, if DH group parameters for DHE are not supplied
with SSLContext#tmp_dh= or #tmp_dh_callback=, we currently use the
self-generated parameters added in commit bb3399a61c03 ("support 2048
bit length DH-key", 2016-01-15) as the fallback.
While there is no known weakness in the current parameters, it would be
a good idea to switch to pre-defined, more well audited parameters.
This also allows the fallback to work in the FIPS mode.
The PEM encoding was derived with:
# RFC 7919 Appendix A.1. ffdhe2048
print OpenSSL::PKey.read(OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer((<<-END).split.join.to_i(16)), OpenSSL::ASN1::Integer(2)]).to_der).to_pem
FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
886B4238 61285C97 FFFFFFFF FFFFFFFF
END
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
String#unpack1 avoids the intermediate array created by String#unpack
for single elements, while also making a call to Array#first/[0]
unnecessary.
|
|\ \ \ \
| | | | |
| | | | | |
Refactor Buffering consume_rbuff and getbyte methods
|
| | |/ /
| |/| |
| | | | |
Prefer ``slice!`` for ``Buffering#consume_rbuff`` and safe navigation with ``ord`` for ``Buffering#getbyte``, similar to ``each_byte``.
|