| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
* Updated the `OpenSSL::OPENSSL_VERSION_NUMBER` comment explaining the format.
* Added the `OpenSSL::LIBRESSL_VERSION_NUMBER` to print LibreSSL version number,
in the case that Ruby OpenSSL binding is compiled with LibreSSL. Note
`test/openssl/utils.rb#libressl?` is not using this value in it for now.
* Update `rake debug` to print the values in a readable way, adding
`OpenSSL::OPENSSL_VERSION_NUMBER` and `OpenSSL::LIBRESSL_VERSION_NUMBER`.
https://github.com/ruby/openssl/commit/d19e6360ed
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error entries in the OpenSSL error queue may contain additional
contextual information associated with the error, which can be helpful
when debugging.
This "additional data" is currently only printed to stderr when
OpenSSL.debug is enabled. Let's include this in the exception messages
raised with ossl_raise(), too.
$ ruby -Ilib -ropenssl -e'OpenSSL.debug=true; OpenSSL::SSL::SSLContext.new.ecdh_curves="P-256:not-a-curve"'
-e:1: warning: error on stack: error:0A080106:SSL routines:gid_cb:passed invalid argument (group 'not-a-curve' cannot be set)
-e:1:in `ecdh_curves=': passed invalid argument (group 'not-a-curve' cannot be set) (OpenSSL::SSL::SSLError)
from -e:1:in `<main>'
https://github.com/ruby/openssl/commit/1c5bbdd68e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When compiled with OpenSSL <= 1.1.1, OpenSSL::SSL::SSLContext#setup
does not raise an exception on an error return from
SSL_CTX_load_verify_locations(), but instead only prints a verbose-mode
warning. This is not helpful since it very likely indicates an actual
error, such as the specified file not being readable.
Also, OpenSSL's error queue is not correctly cleared:
$ ruby -w -ropenssl -e'OpenSSL.debug=true; ctx=OpenSSL::SSL::SSLContext.new; ctx.ca_file="bad-path"; ctx.setup; pp OpenSSL.errors'
-e:1: warning: can't set verify locations
["error:02001002:system library:fopen:No such file or directory",
"error:2006D080:BIO routines:BIO_new_file:no such file",
"error:0B084002:x509 certificate routines:X509_load_cert_crl_file: system lib"]
The behavior is currently different when compiled with OpenSSL >= 3.0:
SSLError is raised if SSL_CTX_load_verify_file() or
SSL_CTX_load_verify_dir() fails.
This inconsistency was unintentionally introduced by commit https://github.com/ruby/openssl/commit/5375a55ffc35
("ssl: use SSL_CTX_load_verify_{file,dir}() if available", 2020-02-22).
However, raising SSLError seems more appropriate in this situation.
Let's adjust the OpenSSL <= 1.1.1 code so that it behaves the same way
as the OpenSSL >= 3.0 code currently does.
Fixes: https://github.com/ruby/openssl/issues/649
https://github.com/ruby/openssl/commit/7eb10f7b75
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
doesn't exist.
OpenSSL built from the source creates the library directory to the
`/path/to/openssl_dir/lib64` as a default.
In the case, the `bundle exec rake compile -- --with-openssl-dir=<openssl_dir>`
cannot compile with the lib64 directory, and may compile with system OpenSSL's
libraries unintentionally. This commit is to check this case to avoid linking
with an unintentional library directory.
https://github.com/ruby/openssl/commit/ca54087462
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Describe the behavior of OpenSSL::PKey::{DH,DSA,EC,RSA}#to_pem
and #to_der more clearly. They return a different result depending on
whether the pkey is a public or private key. This was not documented
adequately.
Also, suggest the use of OpenSSL::PKey::PKey#private_to_pem
and #public_to_pem instead, if possible.
https://github.com/ruby/openssl/commit/d22769af8f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Suggest the use of OpenSSL::PKey::PKey#private_to_pem and #public_to_pem
in the top-level documentation. For new programs, these are recommended
over OpenSSL::PKey::RSA#export (also aliased as #to_s and #to_pem)
unless there is a specific reason to use it, i.e., unless the PKCS#1
output format specifically is required.
The output format of OpenSSL::PKey::RSA#export depends on whether the
key is a public key or a private key, which is very counter-intuitive.
Additionally, when called with arguments to encrypt a private key, as in
this example, OpenSSL's own, non-standard format is used. The man page
of PEM_write_bio_PrivateKey_traditional(3) in OpenSSL 1.1.1 or later
states that it "should only be used for compatibility with legacy
programs".
https://github.com/ruby/openssl/commit/56312038d6
|
| |
|
|
|
|
|
|
|
|
| |
Let's consistently use the word "password". Although they are considered
synonymous, the mixed usage in the rdoc can cause confusion.
OpenSSL::KDF.scrypt is an exception. This is because RFC 7914 refers to
the input parameter as "passphrase".
https://github.com/ruby/openssl/commit/06d67640e9
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_ERROR_SYSCALL
Enrich SSLError's message with the low-level certificate verification
result, even if SSL_get_error() returns SSL_ERROR_SYSCALL. This is
currently done on SSL_ERROR_SSL only.
According to the man page of SSL_get_error(), SSL_ERROR_SYSCALL may be
returned for "other errors, check the error queue for details". This
apparently means we have to treat SSL_ERROR_SYSCALL, if errno is not
set, as equivalent to SSL_ERROR_SSL.
https://github.com/ruby/openssl/commit/5113777e82
|
| |
|
|
|
|
|
| |
Expand tabs, insert some spaces, and adjust indentation of switch-case
to match Ruby's style.
https://github.com/ruby/openssl/commit/10833aa8f6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(https://github.com/ruby/zlib/pull/55)
zstream_discard_input was encoding and character-aware when given input is user-provided, so this discards `len` chars instead of `len` bytes.
Also Zlib.gunzip explains in its rdoc that it is equivalent with the following code, but this doesn't fail for UTF-8 String.
```ruby
string = %w[1f8b0800c28000000003cb48cdc9c9070086a6103605000000].pack("H*").force_encoding('UTF-8')
sio = StringIO.new(string)
p gz.read #=> "hello"
gz&.close
p Zlib.gunzip(string) #=> Zlib::DataError
```
Reported and discovered by eagletmt at https://twitter.com/eagletmt/status/1689692467929694209
https://github.com/ruby/zlib/commit/c5e58bc62a
|
| |
|
|
|
|
|
| |
Both for being closer to real IOs and also because it's a convenient API
in multithreaded scenarios.
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
| |
|
|
| |
https://github.com/ruby/fiddle/commit/c313a74632
|
| |
|
|
| |
https://github.com/ruby/fiddle/commit/69ff680bf6
|
| |
|
|
|
|
|
|
| |
GitHub: fix https://github.com/ruby/fiddle/pull/130
Reported by Benoit Daloze. Thanks!!!
https://github.com/ruby/fiddle/commit/bc6c66bbb9
|
| |
|
|
| |
https://github.com/ruby/fiddle/commit/6cdf53726d
|
| |
|
|
| |
[ci skip]
|
| |
|
|
|
|
| |
rb_reg_onig_match performs preparation, error handling, and cleanup for
matching a regex against a string. This reduces repetitive code and
removes the need for StringScanner to access internal data of regex.
|
| |
|
|
| |
Syncs commit ruby/strscan@76b377a5d875ec77282d9319d62d8f24fe283b40.
|
| |
|
|
|
|
|
|
| |
truffle/openssl-prefix on TruffleRuby
* See https://github.com/ruby/openssl/issues/650#issuecomment-1645699608
https://github.com/ruby/openssl/commit/ca738e7e13
|
| |
|
|
| |
https://github.com/flori/json/commit/82a75ba98e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In `JSON#generate` and `JSON#fast_generate`:
- When the given `opts` is a `JSON::State` the variable is set to
`nil`.
- But it will be never used as the next `if` blocks will not be
executed.
- `JSON::State#configure` does the conversion to `Hash`, the
conversions in the `if` block are just duplication.
- `JSON::State.new` does the same thing with `configure` when an
argument is given.
https://github.com/flori/json/commit/5d9ab87f8e
|
| |
|
|
| |
https://github.com/flori/json/commit/ed242667b4
|
| |
|
|
|
|
|
| |
This macro is defined since ruby 2.1, which is older than the required
ruby version.
https://github.com/flori/json/commit/dd1d54e78a
|
| |
|
|
| |
https://github.com/flori/json/commit/3dd36c6077
|
| |
|
|
| |
https://github.com/flori/json/commit/20b80ca317
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before:
```c
/* First part of user prologue. */
#line 14 "parse.y"
```
After:
```c
/* First part of user prologue. */
#line 14 "ripper.y"
```
|
| |
|
|
|
|
| |
In `rb_ruby_ripper_parser_allocate`, `r->p` is NULL between creating
`self` and `parser_params` assignment. As GC can happen there, the
typed-data functions for it need to consider the case.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Although MinGW provides this header but not the function, Windows
version ruby provides the function.
https://github.com/ruby/etc/commit/f7fa1884fa
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL::Cipher#pkcs5_keyivgen
(https://github.com/ruby/openssl/pull/647)
OpenSSL::Cipher#pkcs5_keyivgen should only be used when it is
absolutely necessary for compatibility with ancient applications.
Having an example can be misleading. We already have another example
for OpenSSL::Cipher in which PBKDF2 is used to derive a key.
As described in the rdoc of OpenSSL::Cipher#pkcs5_keyivgen, it is
compatible with PKCS#5 PBES1 (PKCS#5 v1.5) only when used in combination
of a hash function MD2, MD5, or SHA-1, and a cipher DES-CBC or RC2-CBC.
This example uses MD5 as the hash function and combines it with AES.
This is considered insecure and also using a non-standard technique to
derive longer keys.
https://github.com/ruby/openssl/commit/e379cc0cca
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(https://github.com/ruby/openssl/pull/646)
Add OpenSSL::PKey.new_raw_private_key, #raw_private_key and public
equivalents. These methods are useful for importing and exporting keys
that support "raw private/public key". Currently, OpenSSL implements
X25519/X448 and Ed25519/Ed448 keys.
[rhe: rewrote commit message]
https://github.com/ruby/openssl/commit/3f29525618
Co-authored-by: Bart de Water <bartdewater@gmail.com>
|
| |
|
|
| |
https://github.com/ruby/etc/commit/b95ddef386
|
| |
|
|
|
|
|
| |
Fixes https://github.com/ruby/etc/pull/22.
Build failure when the ruby installed directory name contains spaces.
https://github.com/ruby/etc/commit/1ab19d5815
|
| |
|
|
| |
https://github.com/ruby/etc/commit/365398ea47
|
| | |
|
| | |
|
| |
|
|
| |
https://github.com/ruby/bigdecimal/commit/8a94a29cf1
|
| |
|
|
| |
https://github.com/ruby/bigdecimal/commit/f63544d465
|
| |
|
|
|
|
| |
We should leave additional dependency if we leave from them.
https://github.com/ruby/psych/commit/3d0325a774
|
| |
|
|
| |
https://github.com/ruby/psych/commit/902c292f26
|
| |
|
|
|
|
|
|
| |
According to the C99 specification section 7.20.3.2 paragraph 2:
> If ptr is a null pointer, no action occurs.
So we do not need to check that the pointer is a null pointer.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following script leaks memory in Ripper:
```ruby
require "ripper"
20.times do
100_000.times do
Ripper.parse("")
end
puts `ps -o rss= -p #{$$}`
end
```
|
| |
|
|
|
|
|
|
|
|
|
| |
protected
(https://github.com/ruby/fiddle/pull/129)
They don't have a mark function, so they don't need any change.
https://github.com/ruby/fiddle/commit/9bbc732aef
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
(https://github.com/ruby/fiddle/pull/127)
Save from having to mark them on every minor.
https://github.com/ruby/fiddle/commit/153c09c99f
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
| |
|
|
| |
https://github.com/ruby/fiddle/commit/4c0c5da1a5
|
| |
|
|
|
|
|
|
|
|
|
| |
GitHub: fix https://github.com/ruby/fiddle/pull/96
I wanted to add a test for this but I couldn't find a function that
has a "char" argument in libc...
Reported by kojix2. Thanks!!!
https://github.com/ruby/fiddle/commit/2c863ef8ba
|
| |
|
|
| |
https://github.com/ruby/fiddle/commit/2b22bb9d74
|
| |
|
|
|
|
|
|
| |
GitHub: fix https://github.com/ruby/fiddle/pull/100
Reported by David M. Lary. Thanks!!!
https://github.com/ruby/fiddle/commit/516333dd78
|
