* ext/openssl/extconf.rb: Check existence of accessor functions that
don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its
structures opaque and requires use of these accessor functions.
[ruby-core:75225] [Feature #12324]
* ext/openssl/openssl_missing.[ch]: Implement them if missing.
* ext/openssl/ossl*.c: Use these accessor functions.
* test/openssl/test_hmac.rb: Add missing test for HMAC#reset.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/extconf.rb: Check absence of CRYPTO_lock() to see if the
OpenSSL has the new threading API. In OpenSSL <= 1.0.2, an application
had to set locking callbacks to use OpenSSL in a multi-threaded
environment. OpenSSL 1.1.0 now finds pthreads or Windows threads so we
don't need to do something special.
[ruby-core:75225] [Feature #12324]
Also check existence of *_up_ref(). Some structures in OpenSSL have
a reference counter. We used to increment it with CRYPTO_add() which
is a part of the old API.
* ext/openssl/openssl_missing.h: Implement *_up_ref() if missing.
* ext/openssl/ossl.c: Don't set locking callbacks if unneeded.
* ext/openssl/ossl_pkey.c, ext/openssl/ossl_ssl.c,
ext/openssl/ossl_x509cert.c, ext/openssl/ossl_x509crl.c,
ext/openssl/ossl_x509store.c: Use *_up_ref() instead of CRYPTO_add().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55283 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the
argument to String with StringValue() and validate the length is in
4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers.
(ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we
used to pass the password to PEM_def_callback() directly but it was
problematic. It is not NUL character safe. And surprisingly, it
silently truncates the password to 1024 bytes. [GH ruby/openssl#51]
* ext/openssl/ossl.h: Add function prototype declaration of newly
added ossl_pem_passwd_value().
* ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use
ossl_pem_passwd_value() to validate the password String.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export):
ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize,
ossl_ec_key_to_string): ditto.
* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export):
ditto.
* test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl: make wrapper objects before allocating structs to
get rid of potential memory leaks.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50673 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* use rb_funcallv() for no arguments call instead of variadic
rb_funcall().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49612 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
finalizes only a copy of the digest context, the context must be
cleaned up after initialization by EVP_MD_CTX_cleanup() or a
memory leak will occur. [ruby-core:62038] [Bug #9743]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45595 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
t = Thread.new { print "."; sleep 0.1 }
key = OpenSSL::PKey::RSA.new(2048)
#=> Thread t works in parallel with public key generation if
OS/machine allows it.
This works with OpenSSL >= 0.9.8. From this version, it has new
public key generation function which allows us to interrupt the
execution while pkey generation iterations.
* ext/openssl/extconf.rb: Check existence of OpenSSL's new public key
generation function. (DH_generate_parameters_ex,
DSA_generate_parameters_ex and RSA_generate_key_ex.
* ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2,
ossl_generate_cb_stop): Added new callback function for OpenSSL pkey
generation which handles Thread interruption by Ruby.
ossl_generate_cb_stop is the unblock function(ubf) for Ruby which
sets a stop flag. New pkey generation callback ossl_generate_cb_2
checks the stop flag at each iterations of OpenSSL and interrupts
pkey generation when the flag is set.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call
rb_thread_blocking_region with the above unblock function to release
GVL while pkey generation.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): ditto.
* test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add additional documentation for OpenSSL::SSL::SSLContext and
OpenSSL::SSL::SSLSocket.
Move "let rdoc know about mOSSL" comments so they don't show up in output.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30090 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[ruby-core:22860]
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
warning.
* ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
be larger than long.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
(ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
time_t.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22925 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(RSTRING_LEN): defined for accessing string members.
(RSTRING_PTR): ditto.
* string.c: use RSTRING_LEN and RSTRING_PTR.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@10809 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
- SSLContext#client_cert_cb is a Proc. it is called when a client
certificate is requested by a server and no certificate was yet
set for the SSLContext. it must return an Array which includes
OpenSSL::X509::Certificate and OpenSSL::PKey::RSA/DSA objects.
- SSLContext#tmp_dh_callback is called in key exchange with DH
algorithm. it must return an OpenSSL::PKey::DH object.
* ext/openssl/ossl_ssl.c:
(ossl_sslctx_set_ciphers): ignore the argument if it's nil.
(ossl_start_ssl, ossl_ssl_write): call rb_sys_fail if errno isn't 0.
[ruby-dev:25831]
* ext/openssl/ossl_pkey.c
(GetPrivPKeyPtr, ossl_pkey_sign): should call rb_funcall first.
(DupPrivPKeyPtr): new function.
* ext/openssl/ossl_pkey_dh.c: add default DH parameters.
* ext/openssl/ossl_pkey.h: ditto.
* ext/openssl/lib/openssl/cipher.rb: fix typo. [ruby-dev:24285]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8129 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
public key only.
* ext/openssl/ossl_pkey_dh.c (ossl_dh_to_der): new function for
OpenSSL::PKey::DH#to_der.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_to_der): new function for
OpenSSL::PKey::DSA#to_der.
* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_to_der): new function for
OpenSSL::PKey::RSA#to_der.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5417 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* ext/openssl/extconf.rb: add check for assert.h.
* ext/openssl/ossl.c (ossl_buf2str): new function to convert
C buffer to String and free buffer.
* ext/openssl/ossl.c (ossl_x509_ary2sk): new function to convert
Array of OpenSSL::X509 to STACK_OF(X509) with exception safe.
* ext/openssl/ossl.c (ossl_to_der, ossl_to_der_if_possible): new
functions to convert object to DER string.
* ext/openssl/ossl.h: ditto.
* ext/openssl/ossl_bio.c (ossl_membio2str): new function to convert
BIO to String object and free BIO.
* ext/openssl/ossl_bio.h: ditto.
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_to_der): add for "to_der".
* ext/openssl/ossl_x509name.c (ossl_x509name_to_der): ditto.
* ext/openssl/ossl_x509ext.c (ossl_x509ext_to_der): ditto.
* ext/openssl/ossl_x509ext.c (create_ext_from_array): removed
and reimplement in openssl/x509.rb.
* ext/openssl/ossl_x509attr.c: reimplemented and disable some
method temporarily. this class doesn't work fine without ASN.1
data support;-) I'll rewrite in near future.
* ext/openssl/lib/openssl/x509.c (X509::Attribute): get rid off
unused code.
* ext/openssl/lib/openssl/x509.c (X509::ExtensionFactory): refine all.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4558 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
compatibility stuff. and remove DEFINE_ALLOC_WRAPPER from
all sources.
* ext/openssl/ossl_x509ext.c (X509::Extension.new): new method.
* ext/openssl/ossl_x509ext.c (X509::Extension#oid=): new method.
* ext/openssl/ossl_x509ext.c (X509::Extension#value=): new method.
* ext/openssl/ossl_x509ext.c (X509::Extension#critical=): new method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4522 b2dd03c8-39d4-4d8f-98ff-823fe69b080e