From d7470d9756a361d7ced6ed5178c6aa4189ca661c Mon Sep 17 00:00:00 2001 From: Corey Bonnell Date: Thu, 29 Dec 2016 09:56:50 -0500 Subject: [PATCH 1/9] Fix for ASN1::Constructive 'each' implementation --- ext/openssl/ossl_asn1.c | 2 +- test/test_asn1.rb | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 534796f52..1d3ee4ac1 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1291,7 +1291,7 @@ ossl_asn1cons_to_der(VALUE self) static VALUE ossl_asn1cons_each(VALUE self) { - rb_funcall(ossl_asn1_get_value(self), id_each, 0); + rb_block_call(ossl_asn1_get_value(self), id_each, 0, 0, 0, 0); return self; } diff --git a/test/test_asn1.rb b/test/test_asn1.rb index a0ac1ddbf..91ae2cfd0 100644 --- a/test/test_asn1.rb +++ b/test/test_asn1.rb @@ -566,6 +566,13 @@ def test_decode_constructed_overread assert_equal 17, ret[0][6] end + def test_constructive_each + data = [OpenSSL::ASN1::Integer.new(0), OpenSSL::ASN1::Integer.new(1)] + seq = OpenSSL::ASN1::Sequence.new data + + assert_equal data, seq.entries + end + private def assert_universal(tag, asn1) From a2dc925ac646f30e7d518158d7931ff422444ffe Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 30 Dec 2016 02:21:12 +0900 Subject: [PATCH 2/9] Fix build with static OpenSSL libraries on Windows OpenSSL <= 1.0.2 requires gdi32 for RAND_screen(). OpenSSL >= 1.1.0 no longer has RAND_screen() but it now requires crypt32. If pkg-config is usable, they are automatically linked, but if it is not, configuring Ruby/OpenSSL fails. Fixes: https://bugs.ruby-lang.org/issues/13080 --- ext/openssl/extconf.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 7033b0e20..60bd518e1 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -37,6 +37,12 @@ Logging::message "=== Checking for required stuff... ===\n" result = pkg_config("openssl") && have_header("openssl/ssl.h") unless result + if $mswin || $mingw + # required for static OpenSSL libraries + have_library("gdi32") # OpenSSL <= 1.0.2 (for RAND_screen()) + have_library("crypt32") + end + result = have_header("openssl/ssl.h") result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "CRYPTO_malloc")} result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_new")} From be817ba62b71cb3635aa805338a6d536db4af8f8 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 12 Jan 2017 13:31:49 +0900 Subject: [PATCH 3/9] appveyor.yml: update OpenSSL version to 1.0.2j The new RubyInstaller 2.3.3 uses OpenSSL 1.0.2j. This will fix CI build on AppVayor. Note that this is not a future-proof resolution; the future releases of RubyInstaller that AppVayor will use may require another incompatible version of OpenSSL. --- appveyor.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/appveyor.yml b/appveyor.yml index c3e9c303a..bd72cedeb 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -2,9 +2,9 @@ clone_depth: 10 install: - SET PATH=C:\Ruby%ruby_version%\bin;%PATH% - - appveyor DownloadFile http://dl.bintray.com/oneclick/OpenKnapsack/x64/openssl-1.0.1m-x64-windows.tar.lzma - - 7z e openssl-1.0.1m-x64-windows.tar.lzma - - 7z x -y -oC:\Ruby%ruby_version% openssl-1.0.1m-x64-windows.tar + - appveyor DownloadFile http://dl.bintray.com/oneclick/OpenKnapsack/x64/openssl-1.0.2j-x64-windows.tar.lzma + - 7z e openssl-1.0.2j-x64-windows.tar.lzma + - 7z x -y -oC:\Ruby%ruby_version% openssl-1.0.2j-x64-windows.tar - ruby -S rake install_dependencies build_script: - rake -rdevkit compile -- --with-openssl-dir=C:\Ruby%ruby_version% From 64dfefdc745d3a61634a3e455d3b7527890e5a66 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Mon, 23 Jan 2017 10:07:31 +0900 Subject: [PATCH 4/9] buffering: fix typo in doc --- lib/openssl/buffering.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/openssl/buffering.rb b/lib/openssl/buffering.rb index 7fd647caa..b0dffefd3 100644 --- a/lib/openssl/buffering.rb +++ b/lib/openssl/buffering.rb @@ -189,7 +189,7 @@ def read_nonblock(maxlen, buf=nil, exception: true) end ## - # Reads the next "line+ from the stream. Lines are separated by +eol+. If + # Reads the next "line" from the stream. Lines are separated by +eol+. If # +limit+ is provided the result will not be longer than the given number of # bytes. # @@ -344,7 +344,7 @@ def write(s) end ## - # Writes +str+ in the non-blocking manner. + # Writes +s+ in the non-blocking manner. # # If there is buffered data, it is flushed first. This may block. # From 24a6774f623a681d6fd3b741b8b177e83c2f7160 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Fri, 20 Jan 2017 22:55:00 +0900 Subject: [PATCH 5/9] test/envutil: fix assert_raise_with_message Import mu_pp method from Ruby trunk. --- test/envutil.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/envutil.rb b/test/envutil.rb index da3041028..89332b355 100644 --- a/test/envutil.rb +++ b/test/envutil.rb @@ -1,6 +1,7 @@ # -*- coding: us-ascii -*- require "timeout" require "rbconfig" +require "pp" module EnvUtil def rubybin @@ -259,6 +260,10 @@ def assert_join_threads(threads, message = nil) values end + def mu_pp(obj) #:nodoc: + obj.pretty_inspect.chomp + end + # :call-seq: # assert_raise_with_message(exception, expected, msg = nil, &block) # From 4ccaf256a1c178eedaa6840613a54a00d8eba20c Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Tue, 24 Jan 2017 15:29:56 +0900 Subject: [PATCH 6/9] x509: fix OpenSSL::X509::Name#eql? Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()", 2016-09-08) incorrectly inverted the result. Fix it, and add a test case for this. Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()") --- ext/openssl/ossl_x509name.c | 2 +- test/test_x509name.rb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index 4523e0d71..ac98c1b94 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -375,7 +375,7 @@ ossl_x509name_eql(VALUE self, VALUE other) if (!rb_obj_is_kind_of(other, cX509Name)) return Qfalse; - return ossl_x509name_cmp0(self, other) ? Qtrue : Qfalse; + return ossl_x509name_cmp0(self, other) == 0 ? Qtrue : Qfalse; } /* diff --git a/test/test_x509name.rb b/test/test_x509name.rb index b30a02e64..60e8ddb8a 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -357,6 +357,16 @@ def test_hash assert_equal(expected, name_hash(name)) end + def test_equality + name0 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]]) + name1 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]]) + name2 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "baz.ruby-lang.org"]]) + assert_equal true, name0 == name1 + assert_equal true, name0.eql?(name1) + assert_equal false, name0 == name2 + assert_equal false, name0.eql?(name2) + end + def test_dup name = OpenSSL::X509::Name.parse("/CN=ruby-lang.org") assert_equal(name.to_der, name.dup.to_der) From c75e835fd70b614c662811557a8b1b50d6cf8c41 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Sat, 21 Jan 2017 01:59:55 +0900 Subject: [PATCH 7/9] ruby-openssl-docker: update versions of Ruby and OpenSSL Ruby 2.3.3/2.4.0, OpenSSL 1.0.2k/1.1.0d and LibreSSL 2.3.9/2.4.4. --- tool/ruby-openssl-docker/Dockerfile | 42 +++++++++++++++++------------ tool/ruby-openssl-docker/init.sh | 4 +-- 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/tool/ruby-openssl-docker/Dockerfile b/tool/ruby-openssl-docker/Dockerfile index a1518a9c2..d22a7e43f 100644 --- a/tool/ruby-openssl-docker/Dockerfile +++ b/tool/ruby-openssl-docker/Dockerfile @@ -19,46 +19,46 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ xz-utils \ zlib1g-dev -# Supported OpenSSL versions: 1.0.0, 1.0.1, 1.0.2, 1.1.0 +# Supported OpenSSL versions: 1.0.1- RUN mkdir -p /build/openssl RUN curl -s https://www.openssl.org/source/openssl-1.0.0t.tar.gz | tar -C /build/openssl -xzf - && \ cd /build/openssl/openssl-1.0.0t && \ ./Configure \ --openssldir=/opt/openssl/openssl-1.0.0 \ - shared debug-linux-x86_64 && \ + shared linux-x86_64 && \ make && make install_sw RUN curl -s https://www.openssl.org/source/openssl-1.0.1u.tar.gz | tar -C /build/openssl -xzf - && \ cd /build/openssl/openssl-1.0.1u && \ ./Configure \ --openssldir=/opt/openssl/openssl-1.0.1 \ - shared debug-linux-x86_64 && \ + shared linux-x86_64 && \ make && make install_sw -RUN curl -s https://www.openssl.org/source/openssl-1.0.2j.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/openssl-1.0.2j && \ +RUN curl -s https://www.openssl.org/source/openssl-1.0.2k.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.0.2k && \ ./Configure \ --openssldir=/opt/openssl/openssl-1.0.2 \ - shared debug-linux-x86_64 && \ + shared linux-x86_64 && \ make && make install_sw -RUN curl -s https://www.openssl.org/source/openssl-1.1.0b.tar.gz | tar -C /build/openssl -xzf - && \ - cd /build/openssl/openssl-1.1.0b && \ +RUN curl -s https://www.openssl.org/source/openssl-1.1.0d.tar.gz | tar -C /build/openssl -xzf - && \ + cd /build/openssl/openssl-1.1.0d && \ ./Configure \ --prefix=/opt/openssl/openssl-1.1.0 \ enable-crypto-mdebug enable-crypto-mdebug-backtrace \ - debug-linux-x86_64 && \ + linux-x86_64 && \ make && make install_sw -# Supported libressl versions: 2.3, 2.4, 2.5 -RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.8.tar.gz | tar -C /build/openssl -xzf - -RUN cd /build/openssl/libressl-2.3.8 && \ +# Supported libressl versions: 2.3- +RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.9.tar.gz | tar -C /build/openssl -xzf - +RUN cd /build/openssl/libressl-2.3.9 && \ ./configure \ --prefix=/opt/openssl/libressl-2.3 && \ make && make install -RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.3.tar.gz | tar -C /build/openssl -xzf - -RUN cd /build/openssl/libressl-2.4.3 && \ +RUN curl -s http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.4.tar.gz | tar -C /build/openssl -xzf - +RUN cd /build/openssl/libressl-2.4.4 && \ ./configure \ --prefix=/opt/openssl/libressl-2.4 && \ make && make install @@ -69,16 +69,24 @@ RUN cd /build/openssl/libressl-2.5.0 && \ --prefix=/opt/openssl/libressl-2.5 && \ make && make install -# Supported Ruby versions: 2.3 +# Supported Ruby versions: 2.3- RUN mkdir -p /build/ruby -RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.1.tar.gz | tar -C /build/ruby -xzf - && \ - cd /build/ruby/ruby-2.3.1 && \ +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.3.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.3.3 && \ autoconf && ./configure \ --without-openssl \ --prefix=/opt/ruby/ruby-2.3 \ --disable-install-doc && \ make && make install +RUN curl -s https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.0.tar.gz | tar -C /build/ruby -xzf - && \ + cd /build/ruby/ruby-2.4.0 && \ + autoconf && ./configure \ + --without-openssl \ + --prefix=/opt/ruby/ruby-2.4 \ + --disable-install-doc && \ + make && make install + ONBUILD ADD . /home/openssl/code ONBUILD WORKDIR /home/openssl/code diff --git a/tool/ruby-openssl-docker/init.sh b/tool/ruby-openssl-docker/init.sh index c4301482d..4d97e28c7 100755 --- a/tool/ruby-openssl-docker/init.sh +++ b/tool/ruby-openssl-docker/init.sh @@ -2,12 +2,12 @@ if [[ "$RUBY_VERSION" = "" ]] then - RUBY_VERSION=ruby-2.3 + RUBY_VERSION=ruby-2.4 fi if [[ "$OPENSSL_VERSION" = "" ]] then - OPENSSL_VERSION=openssl-1.0.2 + OPENSSL_VERSION=openssl-1.1.0 fi echo "Using Ruby ${RUBY_VERSION} with OpenSSL ${OPENSSL_VERSION}." From faefff2af2b454817b05ff21536d1f7aeaf28734 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Sat, 21 Jan 2017 02:01:37 +0900 Subject: [PATCH 8/9] .travis.yml: test with Ruby 2.4 --- .travis.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index c770d989b..1476daf6a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,11 +17,12 @@ script: matrix: fast_finish: true include: - - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.0 OSSL_MDEBUG=1 - - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.1 OSSL_MDEBUG=1 - - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2 OSSL_MDEBUG=1 - - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.1.0 OSSL_MDEBUG=1 - - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=libressl-2.3 - - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=libressl-2.4 - - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=libressl-2.5 + - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2 + - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.0 + - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.1 + - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.0.2 + - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=openssl-1.1.0 + - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.3 + - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.4 + - env: RUBY_VERSION=ruby-2.4 OPENSSL_VERSION=libressl-2.5 allow_failures: From 74f166f410bd75d625a69ecc2b53601718294930 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Tue, 31 Jan 2017 18:14:44 +0900 Subject: [PATCH 9/9] Ruby/OpenSSL 2.0.3 --- ext/openssl/ossl_version.h | 2 +- openssl.gemspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h index d1bd7bc4b..b98533f48 100644 --- a/ext/openssl/ossl_version.h +++ b/ext/openssl/ossl_version.h @@ -10,6 +10,6 @@ #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.0.2" +#define OSSL_VERSION "2.0.3" #endif /* _OSSL_VERSION_H_ */ diff --git a/openssl.gemspec b/openssl.gemspec index c637080c8..da7a17659 100644 --- a/openssl.gemspec +++ b/openssl.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |spec| spec.name = "openssl" - spec.version = "2.0.2" + spec.version = "2.0.3" spec.authors = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"] spec.email = ["ruby-core@ruby-lang.org"] spec.summary = %q{OpenSSL provides SSL, TLS and general purpose cryptography.}