* {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit
history since v2.0.0.beta.1 can be found at:
https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1.
ext/openssl is now converted into a default gem. The full commit
history since r55538 can be found at:
https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1
[Feature #9612]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c,
ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement
initialize_copy method for OpenSSL::PKey::*.
[ruby-core:75504] [Bug #12381]
* test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb,
test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they
actually copy the OpenSSL objects, and modifications to cloned object
don't affect the original object.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey_ec.c (ec_key_new_from_group): Create a new
EC_KEY on given EC group. Extracted from ossl_ec_key_initialize().
(ossl_ec_key_s_generate): Added. Create a new EC instance and
generate a random private and public key.
(ossl_ec_key_initialize): Use ec_key_new_from_group().
(Init_ossl_ec): Define the new method EC.generate. This change is
for consistency with other PKey types. [ruby-core:45541] [Bug #6567]
* test/openssl/test_pkey_ec.rb: Test that EC.generate works.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_generate_key): Fix up RDoc.
(Init_ossl_ec): Rename EC#generate_key to EC#generate_key!. Make the
old name an alias of #generate_key!. This change is for consistency
with other PKey types. [ruby-core:45541] [Bug #6567]
* test/openssl/test_pkey_ec.rb: Use EC#generate_key! instead of
EC#generate_key.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55151 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey_ec.c: rename PKey::EC#private_key? and
#public_key? to #private? and #public? for consistency with other
PKey types. Old names remain as alias. [ruby-core:45541] [Bug #6567]
* test/openssl/test_pkey_ec.rb (test_check_key): check private? and
public? works correctly.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the
argument to String with StringValue() and validate the length is in
4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers.
(ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we
used to pass the password to PEM_def_callback() directly but it was
problematic. It is not NUL character safe. And surprisingly, it
silently truncates the password to 1024 bytes. [GH ruby/openssl#51]
* ext/openssl/ossl.h: Add function prototype declaration of newly
added ossl_pem_passwd_value().
* ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use
ossl_pem_passwd_value() to validate the password String.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export):
ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize,
ossl_ec_key_to_string): ditto.
* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export):
ditto.
* test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): fix index types.
Array length is long, not int.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55052 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_clear_error): Extracted from
ossl_make_error(). This prints errors in the OpenSSL error queue if
OpenSSL.debug is true, and clears the queue.
(ossl_make_error): use ossl_clear_error().
* ext/openssl/ossl.h: add prototype declaration of ossl_make_error().
(OSSL_BIO_reset) use ossl_clear_error() to clear the queue. Clearing
silently makes debugging difficult.
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): ditto.
* ext/openssl/ossl_ns_spki.c (ossl_spki_initialize): ditto.
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_verify): ditto.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
(ossl_ec_group_initialize): ditto.
* ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55050 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the
arguments before passing to EC_POINT(s)_mul(). Add description of this
method. [ruby-core:65152] [Bug #10268]
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): Test that
OpenSSL::PKey::EC::Point#mul works.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55048 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl: make wrapper objects before allocating structs to
get rid of potential memory leaks.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50673 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not
defined.
* test/openssl/test_pkey_ec.rb: Iterate over built-in curves
(and assert their non-emptiness!) instead of hard-coding them, as
this may cause problems with respect to the different availability
of individual curves in individual OpenSSL builds.
[ruby-core:54881] [Bug #8384]
Thanks to Vit Ondruch for providing the patch!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
of an aggregate type is a C99ism.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): get rid of VC++
warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36364 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* io.c (sysopen_func, rb_sysopen_internal): cast through VALUE to get
rid of warnings. fixup of r36355.
* process.c (rb_waitpid_blocking, rb_waitpid): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36361 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
ext/openssl/ossl_pkey_rsa.c
ext/openssl/ossl_pkey_dsa.c
ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less
than four characters long, as OpenSSL itself does not allow this.
Issue found by Eric Hodel.
* ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem,
following the PKey interface contract.
* test/openssl/test_pkey_dsa.rb
test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_ec.rb: Add tests that assert correct
behaviour when dealing with passwords that are less than four
characters long.
[ruby-core: 42281][ruby-trunk - Bug #5951]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
pop pushed error after each try of reading. fixes#4550
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_initialize): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31244 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
truncated with ec_key.group.order.size after openssl 0.9.8m for
FIPS 186-3 compliance.
WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
false when you pass dgst longer than expected (no truncation
performed).
* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@27645 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Fix ruby-Bugs-11513.
* ext/openssl/ossl_pkey_ec.c
New methods EC::Point.[eql,make_affine!,invert!,on_curve?,infinity?]
By default output the same key form as the openssl command.
* ext/openssl/ossl_rand.c
New method Random.status?
* test/openssl/test_ec.rb
New tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12571 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
nobu
rhe
svn
emboss
zzak
usa
drbrain
naruse
akr
wanabe
mame
ko1
technorama