| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Use the EVP API instead of the low-level HMAC API. Use of the HMAC API
has been discouraged and is being marked as deprecated starting from
OpenSSL 3.0.0.
The two singleton methods OpenSSL::HMAC, HMAC.digest and HMAC.hexdigest
are now in lib/openssl/hmac.rb.
|
|
|
|
|
|
| |
It produces "unused variable" warnings in NDEBUG mode
[ Cherry-picked from ruby.git commit 3bca1b6aadff. ]
|
| |
|
|
|
|
|
|
|
|
| |
Diff was generated:
git diff --output openssl.patch 93bc10272734cbbb9197470ca629cc4ea019f6f0 ext/openssl/*.c ext/openssl/*.h ext/openssl/**/*.rb
Appled using `patch -p1 < openssl.patch`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- make some global variables static instead of extern
- get rid of GetTsReqPtr/GetTsRespPtr functions
- don't use c99 comments
- fix some leaks
- clarify what numeric type is returned (Integer or BN, never Fixnum)
- typos
- add missing checks, remove unecessary checks
- use OPENSSL_NO_TS instead of our own macros checking for ts support
- use EVP_{digest-name} instead of looking up algos by NID
- don't differentiate between failure reasons when verifying
- rename Response#pkcs7 to #token
|
|
|
|
| |
This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
|
|
|
|
|
|
| |
This commit applies the initial patches (ts.tar.gz) from https://bugs.ruby-lang.org/issues/4183
This compiles with several warnings. Tests don't run yet.
|
|
|
|
| |
Thanks rhenium for the code review and fixes.
|
| |
|
|
|
|
|
|
|
| |
Add a new function ossl_str_new() as an exception-safe wrapper of
rb_str_new(). This is useful for the openssl library because we can't
always raise NoMemoryError immediately due to the independent memory
management of OpenSSL.
|
|
|
|
|
| |
As a wrapper of NUM2ULONG() or NUM2ULL(). Converts a Ruby object to
uint64_t, raising an exception if the conversion fails.
|
|
|
|
|
|
|
|
|
| |
Introduce a new OpenSSL::KDF module as a namespace for to-be-added
KDFs. This makes it easier to add new KDFs in future.
We already have a stand-alone KDF, OpenSSL::PKCS5.pbkdf2_hmac. This is
migrated to the new namespace. The backwards compatibility is retained
by the method defined in the newly added lib/openssl/pkcs5.rb.
|
|
|
|
|
| |
Accordingly, unused functions ossl_x509stctx_new() and
ossl_x509stctx_clear_ptr() are now removed.
|
|
|
|
|
| |
It defines the platform specific macros. But it should be included from
other OpenSSL headers.
|
|
|
|
|
| |
The Ruby core code uses assert.h without a guard. So, we can assume it
is always available.
|
|
|
|
| |
It should be usable regardless of the platform.
|
|
|
|
|
|
|
| |
Avoid using ossl_exc_new() and rb_exc_raise() but just use ossl_raise().
This simplifies the code with the exactly same effect.
ossl_exc_new() is now removed as it is no longer used anywhere.
|
|
|
|
|
|
| |
The macro RFILE is defined in e_os.h, that is no longer an exported
header in OpenSSL >= 0.9.7. Since OpenSSL < 0.9.8 is not supported, we
can safely remove this.
|
|
|
|
|
|
|
| |
Remove string2hex() and replace with newly added ossl_bin2hex(). Since
the output hex string is always returned to users as a String, we can
avoid the memory allocation by writing directly to the String buffer.
This also reduces some lines of code.
|
|
|
|
| |
In order to avoid compiler warnings when build with OpenSSL 1.1.0.
|
|
|
|
|
|
|
|
|
|
| |
There is a function ossl_verify_cb() that fetches the custom callback
Proc from X509_STORE/X509_STORE_CTX and calls it, but it was not very
useful for SSL code. It's only used in ossl_x509store.c and ossl_ssl.c
so move X509::Store specific code to ossl_x509store.c.
Also make struct ossl_verify_cb_args and ossl_call_verify_cb_proc()
local to ossl.c.
|
|
|
|
|
|
| |
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
| |
* ext/openssl/openssl_missing.h, ext/openssl/ossl.h: Remove
unnecessary 'extern "C"' blocks. We don't use C++ and these headers
are local to ext/openssl, so there is no need to enclose with it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55161 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): Use
ASN1_OCTET_STRING_set() instead of M_ASN1_OCTET_STRING_set(). Macros
prefixed by "M_" are discouraged to be used from outside OpenSSL
library[1].
(ossl_x509ext_get_value): Likewise, use ASN1_STRING_print() instead
of M_ASN1_OCTET_STRING_print().
[1] https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=CHANGES;h=bf61913d7b01212b4d8b2f3c13d71d645914f67c;hb=b6079a7835f61daa9fb2cbf9addfa86049523933#l878
* ext/openssl/ossl.h: Include openssl/asn1.h instead of
openssl/asn1_mac.h. It just includes openssl/asn1.h and defines some
additional "M_" macros.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55145 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the
argument to String with StringValue() and validate the length is in
4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers.
(ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we
used to pass the password to PEM_def_callback() directly but it was
problematic. It is not NUL character safe. And surprisingly, it
silently truncates the password to 1024 bytes. [GH ruby/openssl#51]
* ext/openssl/ossl.h: Add function prototype declaration of newly
added ossl_pem_passwd_value().
* ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use
ossl_pem_passwd_value() to validate the password String.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export):
ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize,
ossl_ec_key_to_string): ditto.
* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export):
ditto.
* test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl.c (Init_openssl): register an ex_data index for
X509_STORE and X509_STORE_CTX respectively. Since they don't share
the ex_data index registry, we can't use the same index.
(ossl_verify_cb): use the the correct index.
* ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.
* ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
(ossl_x509stctx_verify): ditto.
* ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
of ossl_store_{ctx_,}ex_verify_cb_idx.
* ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
X509_STORE_get_ex_data.
* ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55074 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl.c (ossl_clear_error): Extracted from
ossl_make_error(). This prints errors in the OpenSSL error queue if
OpenSSL.debug is true, and clears the queue.
(ossl_make_error): use ossl_clear_error().
* ext/openssl/ossl.h: add prototype declaration of ossl_make_error().
(OSSL_BIO_reset) use ossl_clear_error() to clear the queue. Clearing
silently makes debugging difficult.
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): ditto.
* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): ditto.
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_verify): ditto.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
(ossl_ec_group_initialize): ditto.
* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55050 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
| |
|
|
|
|
| |
See also r50351 from ruby/ruby#876
|
| |
|
|
|