| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
We currently treat end-of-contents octets as a BER encoding of a value
whose tag is universal class and the number is zero, and require users
to put one in the end of 'value' array when encoding using indefinite
length form. However, the end-of-contents are just a marker indicating
the end of the contents and not really part of the contents.
Do not require users to put an EOC object in the content when encoding,
and don't produce an EOC object when decoding an encoding that uses
indefinite length form.
|
|
|
|
|
|
| |
Encoding with indefinite length form produces an invalid encoding if the
contents array contains an EOC object in the middle. Raise an exception
in that case.
|
|
|
|
| |
Extract the common paths for code reduction.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove a mysterious behavior in Constructive#to_der: if the 'tagging'
attribute is set to :EXPLICIT and it is not an instance of universal
tag class classes, it "searches" the original tag from the first value
whose encoding is primitive.
ary = [
OpenSSL::ASN1.Sequence([
OpenSSL::ASN1.OctetString("abc")
])
]
cons = OpenSSL::ASN1::Constructive.new(ary, 1, :EXPLICIT)
cons.to_der
#=> "\xA1\x09\x24\x07\x30\x05\x04\x03\x61\x62\x63"
# ^
# This 4 comes from the OctetString
This is really confusing and nobody seems to be using this behavior.
Let's make it raise error instead.
|
|
|
|
|
| |
Use ossl_asn1_tag() instead of the combination of ossl_asn1_get_tag()
and NUM2INT().
|
|
|
|
|
| |
There are actually high-tag universal types such as the time-of-day
type.
|
|
|
|
|
|
|
|
|
| |
The setter method #indefinite_length= for OpenSSL::ASN1::Primitive is
undef-ed, but we can still set 'indefinite_length' to true illegally
when constructing an object with the raw OpenSSL::ASN1::ASN1Data.
Indefinite length form is not possible in primitive encoding. Raise an
exception in OpenSSL::ASN1::ASN1Data#to_der if specified.
|
|
|
|
|
| |
Constructed encoding can use the definite length form as well as the
indefinite length form, regardless of the tag number.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL::ASN1::ObjectId#oid, which returns the dotted representation of
the OID, is silently truncating the result if it overflows the 128-bytes
buffer. Although it normally won't be more than 127-characters, it'd be
better to avoid. This can be done by checking the return value of
OBJ_obj2txt().
Previous releases of LibreSSL (< 2.5.1) have a bug in OBJ_obj2txt() and
it does not work if the resulting string would be larger than the
buffer. A workaround is added to the test. It should be removed when we
deprecate support for LibreSSL 2.4.
|
|
|
|
| |
Let the callers check the validity of the ASN1_TIME.
|
|
|
|
|
|
|
| |
Invalid values such as nil or values not in the range 0 to 7 are
silently coerced into the valid range. This behavior is confusing and
hides user bugs. Raise an exception instead if an illegal value is
specified.
|
|
|
|
|
|
| |
Fix the initial value of 'unused_bits' attribute of
OpenSSL::ASN1::BitString. The attribute must always contain an Integer
in the range 0 to 7.
|
|
|
|
|
|
| |
Improve the error message of the exception raised when
OpenSSL::ASN1::Primitive.new or OpenSSL::ASN1::Constructive.new is
called with one argument (which is wrong).
|
| |
|
|
|
|
|
|
| |
Replace all occurrences of 'infinite' with 'inDEfinite'. Accessor
methods OpenSSL::ASN1::ASN1Data#infinite_length and #infinite_length=
are kept as alias for backwards compatibility.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.4
History.md: add entries for 2.0.1-2.0.3
History.md: wrap at 80 characters
extconf.rb: simplify searching libraries logic
Search SSL libraries by testing various filename patterns
openssl: fix broken openssl check
openssl: fix broken openssl check
x509store: clear error queue after calling X509_LOOKUP_load_file()
tool/sync-with-trunk: 'LASY' -> 'LAST'
Update .travis.yml and Dockerfile
test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
Fix documentation for OpenSSL::Cipher#final
Fix typos
ssl: check return value of SSL_set_fd()
test/test_ssl: fix typo in test_sysread_and_syswrite
Fix typos
test/test_pkey_ec: do not use dummy 0 order
|
| | |
|
| |
| |
| |
| |
| | |
Clarify what it's doing. For non-Windows and MinGW platforms we can
just give "crypto" and "ssl" to have_library.
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commits that went to master are excluded.
* ruby-trunk r56953..r58742: (3 commits)
(r58742) Search SSL libraries by testing various filename patterns
(r57592) openssl: fix broken openssl check
(r57591) openssl: fix broken openssl check
Sync-with-trunk: r58742
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb (find_openssl_library): should search by more flexible
method, especially for LibreSSL on Windows.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/deprecation.rb: check for broken OpenSSL only on mac
OS. [ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS.
[ruby-core:79475] [Bug #13200]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: https://bugs.ruby-lang.org/issues/11033
|
| | |
| | |
| | |
| | |
| | | |
"after after having fed the entire plaintext..." is changed to
"after having fed the entire plaintext..."
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
SSL_set_fd() may fail with 0 return if malloc() fails. Check that and
raise an exception to avoid potential crash.
|
| |/ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
ossl_membio2str0() and ossl_protect_membio2str() are removed as they
aren't used anywhere.
|
| |
| |
| |
| |
| |
| |
| | |
Add a new function ossl_str_new() as an exception-safe wrapper of
rb_str_new(). This is useful for the openssl library because we can't
always raise NoMemoryError immediately due to the independent memory
management of OpenSSL.
|
| |
| |
| |
| |
| | |
Similar to the previous one for GetCipherPtr(), GetDigest() and
GetDigestPtr() have been completely different. Let's disambiguate them.
|
| |
| |
| |
| |
| |
| |
| |
| | |
While GetCipherPtr() function gets a const EVP_CIPHER * from algorithm
name, GetCipher() macro that is locally defined in
ext/openssl/ossl_cipher.c gets the EVP_CIPHER_CTX from an
OpenSSL::Cipher object. They are completely different things. Rename
GetCipherPtr() for disambiguation.
|
| |
| |
| |
| |
| |
| | |
They are no longer useful since we use the TypedData_Get_Struct() which
also performs type checking (based on the rb_data_type_t) for the
non-safe Get*() macros. Just use them instead.
|
|\ \
| | |
| | |
| | |
| | |
| | | |
* topic/expand-ruby-missing-h:
Expand FPTR_TO_FD() macro
Expand rb_define_copy_func() macro
|
| | |
| | |
| | |
| | |
| | | |
It was introduced for compatibility with Ruby 1.8. Ruby 1.8 has gone
long ago and we will never support it.
|
| | |
| | |
| | |
| | |
| | | |
It's not really "missing". Let's expand that, as it does not improve the
readability so much.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
scrypt support is added.
* topic/kdf-module:
kdf: add scrypt
ossl.h: add NUM2UINT64T() macro
kdf: introduce OpenSSL::KDF module
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Add OpenSSL::KDF.scrypt as a wrapper around EVP_PBE_scrypt(). This is
added by OpenSSL 1.1.0.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
As a wrapper of NUM2ULONG() or NUM2ULL(). Converts a Ruby object to
uint64_t, raising an exception if the conversion fails.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Introduce a new OpenSSL::KDF module as a namespace for to-be-added
KDFs. This makes it easier to add new KDFs in future.
We already have a stand-alone KDF, OpenSSL::PKCS5.pbkdf2_hmac. This is
migrated to the new namespace. The backwards compatibility is retained
by the method defined in the newly added lib/openssl/pkcs5.rb.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Describe --with-openssl-dir option that specifies the directory the
OpenSSL installed if the libraries could not found, and suggest
installing "development package" if just the headers are missing.
Also, let it raise an exception instead of writing to Logging and
terminating the process. This improves the look of the error message on
'gem install openssl' or 'make' (on the Ruby tree) failure.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
The version bundled with macOS is anyway too old to compile the
extension.
|
| | | |
| | | |
| | | |
| | | | |
Remove an unused variable declaration.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Ruby core uses _str_ for emphasizing argument names and +str+ for codes.
Match with the rule for better rendering.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
https://github.com/ruby/ruby/pull/1527#issuecomment-281867551
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57694 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | | |
| | | |
| | | |
| | | | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | | |
| | | |
| | | |
| | | | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update docs to reflect EOF behavior change of read_nonblock and
write_nonblock when using `exception: false`.
[Fix GH-1527]
Author: Russell Davis <russell-stripe@users.noreply.github.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57690 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* topic/ssl-fixup-ex_data-handling:
ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
ssl: do not confuse different ex_data index registries
|