aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl
Commit message (Collapse)AuthorAgeFilesLines
* asn1: do not treat EOC octets as part of content octetstopic/asn1-overhaulKazuki Yamaguchi2017-07-231-3/+13
| | | | | | | | | | | | We currently treat end-of-contents octets as a BER encoding of a value whose tag is universal class and the number is zero, and require users to put one in the end of 'value' array when encoding using indefinite length form. However, the end-of-contents are just a marker indicating the end of the contents and not really part of the contents. Do not require users to put an EOC object in the content when encoding, and don't produce an EOC object when decoding an encoding that uses indefinite length form.
* asn1: prevent EOC octets from being in the middle of the contentKazuki Yamaguchi2017-07-231-0/+5
| | | | | | Encoding with indefinite length form produces an invalid encoding if the contents array contains an EOC object in the middle. Raise an exception in that case.
* asn1: harmonize OpenSSL::ASN1::*#to_derKazuki Yamaguchi2017-07-231-128/+92
| | | | Extract the common paths for code reduction.
* asn1: clean up OpenSSL::ASN1::Constructive#to_derKazuki Yamaguchi2017-07-231-57/+32
| | | | | | | | | | | | | | | | | | | | | Remove a mysterious behavior in Constructive#to_der: if the 'tagging' attribute is set to :EXPLICIT and it is not an instance of universal tag class classes, it "searches" the original tag from the first value whose encoding is primitive. ary = [ OpenSSL::ASN1.Sequence([ OpenSSL::ASN1.OctetString("abc") ]) ] cons = OpenSSL::ASN1::Constructive.new(ary, 1, :EXPLICIT) cons.to_der #=> "\xA1\x09\x24\x07\x30\x05\x04\x03\x61\x62\x63" # ^ # This 4 comes from the OctetString This is really confusing and nobody seems to be using this behavior. Let's make it raise error instead.
* asn1: use ossl_asn1_tag()Kazuki Yamaguchi2017-07-231-3/+3
| | | | | Use ossl_asn1_tag() instead of the combination of ossl_asn1_get_tag() and NUM2INT().
* asn1: allow tag number to be >= 32 for universal tag classKazuki Yamaguchi2017-07-231-4/+0
| | | | | There are actually high-tag universal types such as the time-of-day type.
* asn1: prohibit indefinite length form for primitive encodingKazuki Yamaguchi2017-07-231-0/+2
| | | | | | | | | The setter method #indefinite_length= for OpenSSL::ASN1::Primitive is undef-ed, but we can still set 'indefinite_length' to true illegally when constructing an object with the raw OpenSSL::ASN1::ASN1Data. Indefinite length form is not possible in primitive encoding. Raise an exception in OpenSSL::ASN1::ASN1Data#to_der if specified.
* asn1: allow constructed encoding with definite length formKazuki Yamaguchi2017-07-231-19/+6
| | | | | Constructed encoding can use the definite length form as well as the indefinite length form, regardless of the tag number.
* asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oidKazuki Yamaguchi2017-07-231-7/+29
| | | | | | | | | | | | | OpenSSL::ASN1::ObjectId#oid, which returns the dotted representation of the OID, is silently truncating the result if it overflows the 128-bytes buffer. Although it normally won't be more than 127-characters, it'd be better to avoid. This can be done by checking the return value of OBJ_obj2txt(). Previous releases of LibreSSL (< 2.5.1) have a bug in OBJ_obj2txt() and it does not work if the resulting string would be larger than the buffer. A workaround is added to the test. It should be removed when we deprecate support for LibreSSL 2.4.
* asn1: disallow NULL to be passed to asn1time_to_time()Kazuki Yamaguchi2017-07-234-5/+22
| | | | Let the callers check the validity of the ASN1_TIME.
* asn1: check for illegal 'unused_bits' value of BitStringKazuki Yamaguchi2017-07-231-5/+6
| | | | | | | Invalid values such as nil or values not in the range 0 to 7 are silently coerced into the valid range. This behavior is confusing and hides user bugs. Raise an exception instead if an illegal value is specified.
* asn1: initialize 'unused_bits' attribute of BitString with 0Kazuki Yamaguchi2017-07-231-0/+2
| | | | | | Fix the initial value of 'unused_bits' attribute of OpenSSL::ASN1::BitString. The attribute must always contain an Integer in the range 0 to 7.
* asn1: require tag information when instantiating generic typeKazuki Yamaguchi2017-07-231-5/+8
| | | | | | Improve the error message of the exception raised when OpenSSL::ASN1::Primitive.new or OpenSSL::ASN1::Constructive.new is called with one argument (which is wrong).
* asn1: remove an unnecessary function prototypeKazuki Yamaguchi2017-07-231-1/+0
|
* asn1: infinite length -> indefinite lengthKazuki Yamaguchi2017-07-011-81/+47
| | | | | | Replace all occurrences of 'infinite' with 'inDEfinite'. Accessor methods OpenSSL::ASN1::ASN1Data#infinite_length and #infinite_length= are kept as alias for backwards compatibility.
* Merge branch 'maint'bpointKazuki Yamaguchi2017-06-148-21/+71
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint: Ruby/OpenSSL 2.0.4 History.md: add entries for 2.0.1-2.0.3 History.md: wrap at 80 characters extconf.rb: simplify searching libraries logic Search SSL libraries by testing various filename patterns openssl: fix broken openssl check openssl: fix broken openssl check x509store: clear error queue after calling X509_LOOKUP_load_file() tool/sync-with-trunk: 'LASY' -> 'LAST' Update .travis.yml and Dockerfile test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors Fix documentation for OpenSSL::Cipher#final Fix typos ssl: check return value of SSL_set_fd() test/test_ssl: fix typo in test_sysread_and_syswrite Fix typos test/test_pkey_ec: do not use dummy 0 order
| * Ruby/OpenSSL 2.0.4v2.0.4Kazuki Yamaguchi2017-06-141-1/+1
| |
| * extconf.rb: simplify searching libraries logicKazuki Yamaguchi2017-06-141-31/+33
| | | | | | | | | | Clarify what it's doing. For non-Windows and MinGW platforms we can just give "crypto" and "ssl" to have_library.
| * Merge changes from Ruby trunk r56953..r58742Kazuki Yamaguchi2017-06-142-7/+47
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commits that went to master are excluded. * ruby-trunk r56953..r58742: (3 commits) (r58742) Search SSL libraries by testing various filename patterns (r57592) openssl: fix broken openssl check (r57591) openssl: fix broken openssl check Sync-with-trunk: r58742
| | * Search SSL libraries by testing various filename patternsusa2017-06-141-5/+45
| | | | | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb (find_openssl_library): should search by more flexible method, especially for LibreSSL on Windows. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| | * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | | | | | | | | * ext/openssl/deprecation.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57592 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| | * openssl: fix broken openssl checknobu2017-06-141-1/+1
| | | | | | | | | | | | | | | | | | | | | * ext/openssl/extconf.rb: check for broken OpenSSL only on mac OS. [ruby-core:79475] [Bug #13200] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57591 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| * | x509store: clear error queue after calling X509_LOOKUP_load_file()Kazuki Yamaguchi2017-06-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file() internally, may leave error entries in the queue even when it returns non-zero value (which indicates success). This will be fixed by OpenSSL 1.1.1, but can be worked around by clearing the error queue ourselves. Fixes: https://bugs.ruby-lang.org/issues/11033
| * | Fix documentation for OpenSSL::Cipher#finalVladimir Rybas2017-04-211-1/+1
| | | | | | | | | | | | | | | "after after having fed the entire plaintext..." is changed to "after having fed the entire plaintext..."
| * | Fix typosKazuki Yamaguchi2017-04-205-7/+7
| | |
| * | ssl: check return value of SSL_set_fd()Kazuki Yamaguchi2017-03-311-1/+2
| | | | | | | | | | | | | | | SSL_set_fd() may fail with 0 return if malloc() fails. Check that and raise an exception to avoid potential crash.
| * | Fix typosSHIBATA Hiroshi2017-02-142-3/+3
| |/
* | Add fips_mode_get to return fips_modeColton Jenkins2017-06-091-1/+19
| |
* | Remove unused functions and macrosKazuki Yamaguchi2017-05-229-144/+1
| |
* | bio: simplify ossl_membio2str() using ossl_str_new()Kazuki Yamaguchi2017-05-222-22/+5
| | | | | | | | | | ossl_membio2str0() and ossl_protect_membio2str() are removed as they aren't used anywhere.
* | Add ossl_str_new(), an exception-safe rb_str_new()Kazuki Yamaguchi2017-05-222-7/+26
| | | | | | | | | | | | | | Add a new function ossl_str_new() as an exception-safe wrapper of rb_str_new(). This is useful for the openssl library because we can't always raise NoMemoryError immediately due to the independent memory management of OpenSSL.
* | digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()Kazuki Yamaguchi2017-05-0212-21/+22
| | | | | | | | | | Similar to the previous one for GetCipherPtr(), GetDigest() and GetDigestPtr() have been completely different. Let's disambiguate them.
* | cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()Kazuki Yamaguchi2017-05-026-7/+7
| | | | | | | | | | | | | | | | While GetCipherPtr() function gets a const EVP_CIPHER * from algorithm name, GetCipher() macro that is locally defined in ext/openssl/ossl_cipher.c gets the EVP_CIPHER_CTX from an OpenSSL::Cipher object. They are completely different things. Rename GetCipherPtr() for disambiguation.
* | Remove SafeGet*() macrosKazuki Yamaguchi2017-05-0222-186/+71
| | | | | | | | | | | | They are no longer useful since we use the TypedData_Get_Struct() which also performs type checking (based on the rb_data_type_t) for the non-safe Get*() macros. Just use them instead.
* | Merge branch 'topic/expand-ruby-missing-h'Kazuki Yamaguchi2017-04-2822-39/+34
|\ \ | | | | | | | | | | | | | | | * topic/expand-ruby-missing-h: Expand FPTR_TO_FD() macro Expand rb_define_copy_func() macro
| * | Expand FPTR_TO_FD() macrotopic/expand-ruby-missing-hKazuki Yamaguchi2017-04-283-11/+9
| | | | | | | | | | | | | | | It was introduced for compatibility with Ruby 1.8. Ruby 1.8 has gone long ago and we will never support it.
| * | Expand rb_define_copy_func() macroKazuki Yamaguchi2017-04-2820-28/+25
| | | | | | | | | | | | | | | It's not really "missing". Let's expand that, as it does not improve the readability so much.
* | | Merge branch 'topic/kdf-module'Kazuki Yamaguchi2017-03-237-180/+243
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scrypt support is added. * topic/kdf-module: kdf: add scrypt ossl.h: add NUM2UINT64T() macro kdf: introduce OpenSSL::KDF module
| * | | kdf: add scrypttopic/kdf-moduleKazuki Yamaguchi2017-03-232-0/+79
| | | | | | | | | | | | | | | | | | | | Add OpenSSL::KDF.scrypt as a wrapper around EVP_PBE_scrypt(). This is added by OpenSSL 1.1.0.
| * | | ossl.h: add NUM2UINT64T() macroKazuki Yamaguchi2017-03-231-0/+13
| | | | | | | | | | | | | | | | | | | | As a wrapper of NUM2ULONG() or NUM2ULL(). Converts a Ruby object to uint64_t, raising an exception if the conversion fails.
| * | | kdf: introduce OpenSSL::KDF moduleKazuki Yamaguchi2017-03-236-180/+151
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce a new OpenSSL::KDF module as a namespace for to-be-added KDFs. This makes it easier to add new KDFs in future. We already have a stand-alone KDF, OpenSSL::PKCS5.pbkdf2_hmac. This is migrated to the new namespace. The backwards compatibility is retained by the method defined in the newly added lib/openssl/pkcs5.rb.
* | | | extconf.rb: print informative message if OpenSSL can't be foundKazuki Yamaguchi2017-03-131-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Describe --with-openssl-dir option that specifies the directory the OpenSSL installed if the libraries could not found, and suggest installing "development package" if just the headers are missing. Also, let it raise an exception instead of writing to Logging and terminating the process. This improves the look of the error message on 'gem install openssl' or 'make' (on the Ruby tree) failure.
* | | | ext/openssl/deprecation.rb: remove broken-apple-opensslKazuki Yamaguchi2017-03-031-3/+0
| | | | | | | | | | | | | | | | | | | | The version bundled with macOS is anyway too old to compile the extension.
* | | | ssl: suppress compiler warningKazuki Yamaguchi2017-03-031-1/+0
| | | | | | | | | | | | | | | | Remove an unused variable declaration.
* | | | Fix RDoc markuptopic/fix-rdoc-markupKazuki Yamaguchi2017-02-2422-381/+390
| | | | | | | | | | | | | | | | | | | | Ruby core uses _str_ for emphasizing argument names and +str+ for codes. Match with the rule for better rendering.
* | | | Revert r57690 except for read_nonblocknobu2017-02-241-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | https://github.com/ruby/ruby/pull/1527#issuecomment-281867551 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57694 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | [DOC] mark up literalsnobu2017-02-241-4/+6
| | | | | | | | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | [DOC] keyword argument _exception_nobu2017-02-241-2/+2
| | | | | | | | | | | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | [DOC] {read,write}_nonblock with exception: falsenobu2017-02-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update docs to reflect EOF behavior change of read_nonblock and write_nonblock when using `exception: false`. [Fix GH-1527] Author: Russell Davis <russell-stripe@users.noreply.github.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57690 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | | | Merge branch 'topic/ssl-fixup-ex_data-handling'Kazuki Yamaguchi2017-02-191-27/+26
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | * topic/ssl-fixup-ex_data-handling: ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object ssl: do not confuse different ex_data index registries
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-25 16:33:51 +0000