aboutsummaryrefslogtreecommitdiffstats
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | extconf.rb: get rid of -Werror=deprecated-declarationsky/remove-wdeprecated-declarationsKazuki Yamaguchi2020-02-162-33/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | No function needs -Werror=deprecated-declarations flag to check availability any more. This also fixes -Werror=deprecated-declarations erroneously carrying on to the actual compilation, resulting in an compilation error on some environment. Fixes: https://github.com/ruby/openssl/pull/331
| * | | random: make OpenSSL::Random.pseudo_bytes alias of .random_bytesKazuki Yamaguchi2020-02-162-33/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default implementation of RAND_pseudo_bytes() uses the same routine as RAND_bytes(). Note that OpenSSL::Random.pseudo_bytes has been available only when it is compiled with EOL versions of OpenSSL.
* | | | ts: simplify OpenSSL::Timestamp::Request#algorithmky/ts-simplify-tsreq-get-algorithmKazuki Yamaguchi2020-02-171-6/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stop the special treatment of invalid hashAlgorithm of the message imprint. Those invalid values can only appear after the object is instantiated, before the user sets an actual message digest algorithm. OpenSSL::Timestamp::TokenInfo#algorithm already does the same. Also, remove the test case "test_create_request" since it does not make much sense. Those fields are to be set by the user after creation of the object and checking the initial value is pointless. Fixes: https://github.com/ruby/openssl/issues/335
* | | Revert "Fix segfaults in OpenSSL::PKey::RSA#private_{en,de}crypt when ↵Kazuki Yamaguchi2020-02-161-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | private exp not set" This reverts commit e30b9a27f00338b065e90c6172d1c4509edc2853 (#255) except the added test code. The 'd' value can be NULL when the RSA private key is backed by an OpenSSL engine, such as an HSM. In that case, only 'n' and 'e' are visible from the OpenSSL API. The original issue has been fixed by Pull Request #258 in another way. Reference: https://github.com/ruby/openssl/pull/255 Reference: https://github.com/ruby/openssl/pull/258
* | | Revert add_certificate_chain_file changes (#320)Hiroshi SHIBATA2020-02-161-82/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Revert SSLContext#add_certificate_chain_file changes * 0da0dfaf09f549b2b2cd984627b321b7908d1186. * 8d12f0f6ca944212cb8000e689469d7aaa8190d7. * 49f42ad5f82f8b61f51a16e3a6df1ab0d5307d5f. * 5ee295ab8e37c8ffc6eb8c1b7b79ec024f3253e4. * 8b4fa5e336c7544ea677ccee160ec6d221559e10. * 443d13e9b2c127230fde2733959eaa4d41eb355d. * 5d866038920edf2729865653d6dc9309589f089a. * f18559acf97a6f6aaf3d253417eb0100b262cbc6.
* | | Improve string allocation.Samuel Williams2020-02-071-8/+8
| | |
* | | 'finished' messages: expand sizer array to 1-bytesMo Morsi2020-02-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Zero-size arrays not playing nicely with visual studio / mingw, see: https://github.com/ruby/ruby/pull/2693 Also see related discussion pertaining to using NULL pointer here: https://github.com/ruby/openssl/pull/315
* | | Prefer `frozen_string_literal: true`.Samuel Williams2020-02-062-2/+2
| | |
* | | Add cloudhsm to extconf.rbKyle Oliveira2020-01-251-1/+2
| | | | | | | | | to support the CloudHSM OpenSSL library
* | | Add cloudhsm to ossl_engine.cKyle Oliveira2020-01-251-0/+3
| | | | | | | | | to support the CloudHSM OpenSSL library
* | | fix an incorrect method namethekuwayama2020-01-251-2/+2
| | |
* | | fix comment; Examplethekuwayama2020-01-251-2/+2
| | |
* | | add X509_free and EVP_PKEY_freethekuwayama2020-01-251-7/+19
| | |
* | | check with EVP_PKEY_cmp in advancethekuwayama2020-01-251-2/+33
| | |
* | | modify ossl_sslctx_add_certificate_chain_file() to raise Error and to return ↵thekuwayama2020-01-251-10/+13
| | | | | | | | | | | | | | | | | | self add test_add_certificate_chain_file_multiple_certs
* | | modify test_add_certificate_chain_file to check ssl.peer_cert and ↵thekuwayama2020-01-251-4/+5
| | | | | | | | | | | | ssl.peer_cert_chain
* | | add pkey_path argument to ossl_sslctx_add_certificate_chain_file()thekuwayama2020-01-251-5/+35
| | |
* | | Fix typo of `OpenSSL::OCSP` extern varthekuwayama2020-01-161-3/+3
| | |
* | | Simplify handling of version constant.Samuel Williams2019-12-293-21/+0
| | |
* | | Prepend slashes to X509::Name.parse argument in examplesJoshua Stowers2019-12-142-3/+3
| | | | | | | | | | | | | | | | | | Addresses [issue 15882](https://bugs.ruby-lang.org/issues/15882) with [Zach Rowe's patch.](https://bugs.ruby-lang.org/attachments/7810) The #parse_openssl method [expects a forward slash at the beginning of the argument](https://github.com/ruby/openssl/blob/master/lib/openssl/x509.rb#L302) if used as the delimiter.
* | | modify the document about `CertificateId.new`thekuwayama2019-12-021-1/+3
| | |
* | | Restore compatibility with older versions of Ruby.Samuel Williams2019-11-271-9/+21
| | | | | | | | | | | | `RB_PASS_KEYWORDS` is not always available.
* | | Pull relevant changes from `ruby/ext/openssl`.Samuel Williams2019-11-275-13/+25
| | | | | | | | | | | | | | | | | | | | | | | | Diff was generated: git diff --output openssl.patch 93bc10272734cbbb9197470ca629cc4ea019f6f0 ext/openssl/*.c ext/openssl/*.h ext/openssl/**/*.rb Appled using `patch -p1 < openssl.patch`.
* | | pkey: add support for PKCS #8 key serializationKazuki Yamaguchi2019-11-251-12/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL::PKey::PKey#private_to_der, #private_to_pem are added to the generic PKey class. They serialize the private key to PKCS #8 {Encrypted,}PrivateKeyInfo format, in DER- and PEM- encoding, respectively. For symmetry, also add #public_to_der and #public_to_pem that serialize the public key into X.509 SubjectPublicKeyInfo format. OpenSSL::PKey.read now reads DER-encoded PKCS #8 keys as well as the "raw" private keys. PEM-encoded PKCS #8 keys have been already handled by PEM_read_bio_PrivateKey().
* | | Update renegotiation_cb docstring to reflect its actual behavior in MRIOleg Pudeyev2019-11-221-7/+5
| | | | | | | | | | | | Closes #256
* | | add/update document about AuthorityInfoAccessthekuwayama2019-11-191-9/+2
| | | | | | | | | | | | add ca_issuer_uris and ocsp_uris description to the changelog
* | | Use fixed_length_secure_compare in HKDF example [ci skip]Bart de Water2019-11-041-18/+2
| | |
* | | Make OpenSSL::HMAC#== compare in constant time instead of returning falseBart de Water2019-11-041-10/+2
| | |
* | | Use constant time compare in HMAC exampleBart de Water2019-11-041-9/+11
| | |
* | | Remove unsupported DSS, DSS1 & SHA algorithms.Samuel Williams2019-11-011-2/+0
| | |
* | | Rename OpenSSL.secure_compare to fixed_length_secure_compareBart de Water2019-10-281-20/+8
| | | | | | | | | | | | | | | | | | | | | | | | In 1ade643cbc01f3f7bd96e90bd8837df7ed491a09 the Rails-like secure_compare naming was adopted and in original pull request introducing this functionality debate around timing of hash functions followed. This made me realize why Rails' default of hashing the values to protect users from making mistakes is a good idea.
* | | extconf.rb - update for new MSYS2, libsspMSP-Greg2019-10-271-0/+6
| | |
* | | Rename `memcmp?` to `secure_compare`.Samuel Williams2019-10-261-12/+18
| | | | | | | | | | | | Minor improvements to formatting and documentation.
* | | Remove taint supportJeremy Evans2019-10-203-11/+0
| | | | | | | | | | | | | | | | | | Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions.
* | | Add `OpenSSL.memcmp?` for constant time/timing safe string comparisonBart de Water2019-10-081-0/+36
| | | | | | | | | | | | Fixes https://bugs.ruby-lang.org/issues/10098
* | | Adds support for the 'get_finished' and 'get_peer_finished' functionsMo Morsi2019-10-081-0/+52
| | |
* | | expand tabsBen Toews2019-10-013-117/+117
| | |
* | | ts: require list of allowed digest algos for FactoryBen Toews2019-10-011-27/+45
| | |
* | | ts: address more feedbackBen Toews2019-10-012-39/+48
| | |
* | | ts: move TS_TST_INFO accessors to a new Timestamp::TokenInfo classBen Toews2019-10-011-188/+289
| | |
* | | ts: fix another leakBen Toews2019-10-011-4/+5
| | |
* | | ts: don't do anything that might raise in callbacksBen Toews2019-10-011-22/+20
| | |
* | | ts: simplify signature for TimestampFactory#additional_certs alsoBen Toews2019-10-011-19/+11
| | |
* | | ts: simplify TimestampResponse#response signatureBen Toews2019-10-011-123/+55
| | | | | | | | | | | | | | | | | | | | | This method allowed roots and intermediates to be specified in a number of ways. This complexity wasn't super valuable though and its better to only allow an X509::Store with an optional Array of intermediates. This greatly simplifies the code and fixes a few leaks.
* | | ts: address minor feedback from rhenium (more changes coming)Ben Toews2019-10-015-129/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - make some global variables static instead of extern - get rid of GetTsReqPtr/GetTsRespPtr functions - don't use c99 comments - fix some leaks - clarify what numeric type is returned (Integer or BN, never Fixnum) - typos - add missing checks, remove unecessary checks - use OPENSSL_NO_TS instead of our own macros checking for ts support - use EVP_{digest-name} instead of looking up algos by NID - don't differentiate between failure reasons when verifying - rename Response#pkcs7 to #token
* | | ts: fix windows buildBen Toews2019-10-011-14/+1
| | |
* | | ts: fix for libresslBen Toews2019-10-013-1/+13
| | | | | | | | | | | | | | | - define missing TS_RESP_CTX_set_time_cb - handle alternate case for nil oid
* | | ts: clean up some memory leaksBen Toews2019-10-011-38/+50
| | |
* | | ts: use newer TypedData_* macros instead of Data_* onesBen Toews2019-10-011-129/+153
| | |
* | | ts: update to work with openssl 1.1.xBen Toews2019-10-013-265/+265
| | | | | | | | | | | | | | | | | | | | | - clean up whitespace - be consistent with not returning after ossl_raise - use accessor functions when working with openssl TS_* structs - backport accessors for TS_STATUS_INFO, TS_VERIFY_CTX, and TS_RESP_CTX as macros
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-10 01:25:57 +0000