aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Add cloudhsm to extconf.rbKyle Oliveira2020-01-251-1/+2
| | | | | | | | | to support the CloudHSM OpenSSL library
* | | Add cloudhsm to ossl_engine.cKyle Oliveira2020-01-251-0/+3
| | | | | | | | | to support the CloudHSM OpenSSL library
* | | fix an incorrect method namethekuwayama2020-01-251-2/+2
| | |
* | | fix comment; Examplethekuwayama2020-01-251-2/+2
| | |
* | | add X509_free and EVP_PKEY_freethekuwayama2020-01-251-7/+19
| | |
* | | check with EVP_PKEY_cmp in advancethekuwayama2020-01-251-2/+33
| | |
* | | modify ossl_sslctx_add_certificate_chain_file() to raise Error and to return ↵thekuwayama2020-01-251-10/+13
| | | | | | | | | | | | | | | | | | self add test_add_certificate_chain_file_multiple_certs
* | | modify test_add_certificate_chain_file to check ssl.peer_cert and ↵thekuwayama2020-01-251-4/+5
| | | | | | | | | | | | ssl.peer_cert_chain
* | | add pkey_path argument to ossl_sslctx_add_certificate_chain_file()thekuwayama2020-01-251-5/+35
| | |
* | | Fix typo of `OpenSSL::OCSP` extern varthekuwayama2020-01-161-3/+3
| | |
* | | Simplify handling of version constant.Samuel Williams2019-12-293-21/+0
| | |
* | | Prepend slashes to X509::Name.parse argument in examplesJoshua Stowers2019-12-142-3/+3
| | | | | | | | | | | | | | | | | | Addresses [issue 15882](https://bugs.ruby-lang.org/issues/15882) with [Zach Rowe's patch.](https://bugs.ruby-lang.org/attachments/7810) The #parse_openssl method [expects a forward slash at the beginning of the argument](https://github.com/ruby/openssl/blob/master/lib/openssl/x509.rb#L302) if used as the delimiter.
* | | modify the document about `CertificateId.new`thekuwayama2019-12-021-1/+3
| | |
* | | Restore compatibility with older versions of Ruby.Samuel Williams2019-11-271-9/+21
| | | | | | | | | | | | `RB_PASS_KEYWORDS` is not always available.
* | | Pull relevant changes from `ruby/ext/openssl`.Samuel Williams2019-11-275-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | Diff was generated: git diff --output openssl.patch 93bc10272734cbbb9197470ca629cc4ea019f6f0 ext/openssl/*.c ext/openssl/*.h ext/openssl/**/*.rb Appled using `patch -p1 < openssl.patch`.
* | | pkey: add support for PKCS #8 key serializationKazuki Yamaguchi2019-11-251-12/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL::PKey::PKey#private_to_der, #private_to_pem are added to the generic PKey class. They serialize the private key to PKCS #8 {Encrypted,}PrivateKeyInfo format, in DER- and PEM- encoding, respectively. For symmetry, also add #public_to_der and #public_to_pem that serialize the public key into X.509 SubjectPublicKeyInfo format. OpenSSL::PKey.read now reads DER-encoded PKCS #8 keys as well as the "raw" private keys. PEM-encoded PKCS #8 keys have been already handled by PEM_read_bio_PrivateKey().
* | | Update renegotiation_cb docstring to reflect its actual behavior in MRIOleg Pudeyev2019-11-221-7/+5
| | | | | | | | | | | | Closes #256
* | | add/update document about AuthorityInfoAccessthekuwayama2019-11-191-9/+2
| | | | | | | | | | | | add ca_issuer_uris and ocsp_uris description to the changelog
* | | Use fixed_length_secure_compare in HKDF example [ci skip]Bart de Water2019-11-041-18/+2
| | |
* | | Make OpenSSL::HMAC#== compare in constant time instead of returning falseBart de Water2019-11-041-10/+2
| | |
* | | Use constant time compare in HMAC exampleBart de Water2019-11-041-9/+11
| | |
* | | Remove unsupported DSS, DSS1 & SHA algorithms.Samuel Williams2019-11-011-2/+0
| | |
* | | Rename OpenSSL.secure_compare to fixed_length_secure_compareBart de Water2019-10-281-20/+8
| | | | | | | | | | | | | | | | | | | | | | | | In 1ade643cbc01f3f7bd96e90bd8837df7ed491a09 the Rails-like secure_compare naming was adopted and in original pull request introducing this functionality debate around timing of hash functions followed. This made me realize why Rails' default of hashing the values to protect users from making mistakes is a good idea.
* | | extconf.rb - update for new MSYS2, libsspMSP-Greg2019-10-271-0/+6
| | |
* | | Rename `memcmp?` to `secure_compare`.Samuel Williams2019-10-261-12/+18
| | | | | | | | | | | | Minor improvements to formatting and documentation.
* | | Remove taint supportJeremy Evans2019-10-203-11/+0
| | | | | | | | | | | | | | | | | | Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions.
* | | Add `OpenSSL.memcmp?` for constant time/timing safe string comparisonBart de Water2019-10-081-0/+36
| | | | | | | | | | | | Fixes https://bugs.ruby-lang.org/issues/10098
* | | Adds support for the 'get_finished' and 'get_peer_finished' functionsMo Morsi2019-10-081-0/+52
| | |
* | | expand tabsBen Toews2019-10-013-117/+117
| | |
* | | ts: require list of allowed digest algos for FactoryBen Toews2019-10-011-27/+45
| | |
* | | ts: address more feedbackBen Toews2019-10-012-39/+48
| | |
* | | ts: move TS_TST_INFO accessors to a new Timestamp::TokenInfo classBen Toews2019-10-011-188/+289
| | |
* | | ts: fix another leakBen Toews2019-10-011-4/+5
| | |
* | | ts: don't do anything that might raise in callbacksBen Toews2019-10-011-22/+20
| | |
* | | ts: simplify signature for TimestampFactory#additional_certs alsoBen Toews2019-10-011-19/+11
| | |
* | | ts: simplify TimestampResponse#response signatureBen Toews2019-10-011-123/+55
| | | | | | | | | | | | | | | | | | | | | This method allowed roots and intermediates to be specified in a number of ways. This complexity wasn't super valuable though and its better to only allow an X509::Store with an optional Array of intermediates. This greatly simplifies the code and fixes a few leaks.
* | | ts: address minor feedback from rhenium (more changes coming)Ben Toews2019-10-015-129/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - make some global variables static instead of extern - get rid of GetTsReqPtr/GetTsRespPtr functions - don't use c99 comments - fix some leaks - clarify what numeric type is returned (Integer or BN, never Fixnum) - typos - add missing checks, remove unecessary checks - use OPENSSL_NO_TS instead of our own macros checking for ts support - use EVP_{digest-name} instead of looking up algos by NID - don't differentiate between failure reasons when verifying - rename Response#pkcs7 to #token
* | | ts: fix windows buildBen Toews2019-10-011-14/+1
| | |
* | | ts: fix for libresslBen Toews2019-10-013-1/+13
| | | | | | | | | | | | | | | - define missing TS_RESP_CTX_set_time_cb - handle alternate case for nil oid
* | | ts: clean up some memory leaksBen Toews2019-10-011-38/+50
| | |
* | | ts: use newer TypedData_* macros instead of Data_* onesBen Toews2019-10-011-129/+153
| | |
* | | ts: update to work with openssl 1.1.xBen Toews2019-10-013-265/+265
| | | | | | | | | | | | | | | | | | | | | - clean up whitespace - be consistent with not returning after ossl_raise - use accessor functions when working with openssl TS_* structs - backport accessors for TS_STATUS_INFO, TS_VERIFY_CTX, and TS_RESP_CTX as macros
* | | ts: get tests running/passingBen Toews2019-10-013-24/+31
| | | | | | | | | | | | | | | | | | | | | A number of conventions seem to have changed, causing a fair bit of breakage: - `Data_*` was deprecated in favor of `TypedData_*` - `ossl_obj2bio` takes a `VALUE*` instead of `VALUE` now - `time_to_time_t()` was removed
* | | ts: Timestamp support (3/3)Martin Bosslet2019-10-011-3/+3
| | | | | | | | | | | | This commit applies the third patches (tsr3.tar.gz) from https://bugs.ruby-lang.org/issues/4183
* | | ts: Timestamp support (2/3)Martin Bosslet2019-10-015-45/+24
| | | | | | | | | | | | This commit applies the second patches (ts2.tar.gz) from https://bugs.ruby-lang.org/issues/4183
* | | ts: Timestamp support (1/3)Martin Bosslet2019-10-014-0/+1580
| | | | | | | | | | | | | | | | | | This commit applies the initial patches (ts.tar.gz) from https://bugs.ruby-lang.org/issues/4183 This compiles with several warnings. Tests don't run yet.
* | | Remove OpenSSL::PKCS7::SignerInfo#nameJeremy Evans2019-08-101-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method name is misleading, because it returns the name of the signer's issuer, not the name of the signing certificate. It is just an alias of issuer, which is more accurate. The "name" method is historical, it was replaced by the "issuer" method in 2005, and since then has been alias for backwards compatibility. Fixes Ruby Bug 8178.
* | | x509name: return nil for wrong type in Name#<=>Andy Brody2019-07-271-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, OpenSSL::X509::Name#{cmp,<=>} would raise a TypeError if you attempted to compare a Name object with another object of a different type. Most Ruby classes instead return nil in this situation. The old behavior resulted in some strange outcomes: >> n1 = OpenSSL::X509::Name.new >> 'abc' == n1 => false >> n1 == 'abc' TypeError: wrong argument type String (expected OpenSSL/X509/NAME) With the new behavior, cmp/<=> will return nil if the other object is not an X509::Name instead of raising an error. This allows `==` to also return false instead of raising an error for type mismatches. New behavior: >> n1 = OpenSSL::X509::Name.new >> n1 == 'abc' => false >> n1 <=> 'abc' => nil
* | | Set key_set ivar to false if encrypt/decrypt called without keyJeremy Evans2019-07-181-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes it obvious you have made a mistake if you call key= and then encrypt or decrypt. Calling encrypt or decrypt without an argument automatically sets the key to NULL, in which case the key_set ivar should be changed from false to true given if had been set before calling encrypt or decrypt. Fixes Ruby Bug 8720.
* | | Fix minimal typo on documentationEspartaco Palma2019-07-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Althrough `OpenSSL::Cipher::Cipher` do exist, it's deprecated: cipher = OpenSSL::Cipher::Cipher.new 'AES-256-CBC' # warning: constant OpenSSL::Cipher::Cipher is deprecated => #<OpenSSL::Cipher::Cipher:0x000056481ba57f58>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-28 00:25:28 +0000