ruby-changes:69537
From: Kazuki <ko1@a...>
Date: Sat, 30 Oct 2021 20:22:24 +0900 (JST)
Subject: [ruby-changes:69537] 00e89fe36b (ruby_3_0): openssl: import v2.2.1
https://git.ruby-lang.org/ruby.git/commit/?id=00e89fe36b From 00e89fe36b57e2d7c4ea269bc827d9806edef5ed Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Tue, 28 Sep 2021 18:03:24 +0900 Subject: openssl: import v2.2.1 Bring the local copy of ruby/openssl in sync with the upstream gem release v2.2.1. The commits happened in the upstream repository can be found at: https://github.com/ruby/openssl/compare/v2.2.0...v2.2.1 Note that many of these have already been applied to ruby.git and don't appear in the file changes of this commit. --- ext/openssl/History.md | 53 +++++++++++++++++++++++++ ext/openssl/extconf.rb | 43 +++++++++++--------- ext/openssl/lib/openssl/version.rb | 2 +- ext/openssl/openssl.gemspec | 3 +- ext/openssl/ossl_bn.c | 34 ++++++++++------ ext/openssl/ossl_cipher.c | 26 +++++++++++++ ext/openssl/ossl_digest.c | 8 +++- ext/openssl/ossl_pkey_ec.c | 16 ++++---- ext/openssl/ossl_ssl.c | 80 ++++++++++++++++++++++++++++++-------- ext/openssl/ossl_ts.c | 16 ++++++-- ext/openssl/ossl_x509store.c | 59 ++++++++++++++++++---------- test/openssl/test_cipher.rb | 42 ++++++++++++++++++++ test/openssl/test_config.rb | 16 ++++---- test/openssl/test_ssl.rb | 48 +++++++++++++++++------ test/openssl/test_ssl_session.rb | 1 + test/openssl/test_ts.rb | 18 +++++++++ test/openssl/test_x509store.rb | 4 +- test/openssl/utils.rb | 8 ++++ 18 files changed, 375 insertions(+), 102 deletions(-) diff --git a/ext/openssl/History.md b/ext/openssl/History.md index a4a82a146c5..46435f9be61 100644 --- a/ext/openssl/History.md +++ b/ext/openssl/History.md @@ -1,3 +1,20 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/History.md#L1 +Version 2.2.1 +============= + +Merged changes in 2.1.3. Additionally, the following issues are fixed by this +release. + +Bug fixes +--------- + +* Fix crash in `OpenSSL::Timestamp::{Request,Response,TokenInfo}.new` when + invalid arguments are given. + [[GitHub #407]](https://github.com/ruby/openssl/pull/407) +* Fix `OpenSSL::Timestamp::Factory#create_timestamp` with LibreSSL on platforms + where `time_t` has a different size from `long`. + [[GitHub #454]](https://github.com/ruby/openssl/pull/454) + + Version 2.2.0 ============= @@ -75,6 +92,42 @@ Notable changes https://github.com/ruby/ruby/blob/trunk/ext/openssl/History.md#L92 [[GitHub #297]](https://github.com/ruby/openssl/pull/297) +Version 2.1.3 +============= + +Bug fixes +--------- + +* Fix deprecation warnings on Ruby 3.0. +* Add ".include" directive support in `OpenSSL::Config`. + [[GitHub #216]](https://github.com/ruby/openssl/pull/216) +* Fix handling of IPv6 address SANs. + [[GitHub #185]](https://github.com/ruby/openssl/pull/185) +* Hostname verification failure with `OpenSSL::SSL::SSLContext#verify_hostname=` + sets a proper error code. + [[GitHub #350]](https://github.com/ruby/openssl/pull/350) +* Fix crash with `OpenSSL::BN.new(nil, 2)`. + [[Bug #15760]](https://bugs.ruby-lang.org/issues/15760) +* `OpenSSL::SSL::SSLSocket#sys{read,write}` prevent internal string buffers from + being modified by another thread. + [[GitHub #453]](https://github.com/ruby/openssl/pull/453) +* Fix misuse of input record separator in `OpenSSL::Buffering` where it was + for output. +* Fix wrong interger casting in `OpenSSL::PKey::EC#dsa_verify_asn1`. + [[GitHub #460]](https://github.com/ruby/openssl/pull/460) +* `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or + newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support + OpenSSL 3.0 API. + [[GitHub #458]](https://github.com/ruby/openssl/pull/458) +* Activate `digest` gem correctly. `digest` library could go into an + inconsistent state if there are multiple versions of `digest` is installed + and `openssl` is `require`d before `digest`. + [[GitHub #463]](https://github.com/ruby/openssl/pull/463) +* Fix GC.compact compatibility. + [[GitHub #464]](https://github.com/ruby/openssl/issues/464) + [[GitHub #465]](https://github.com/ruby/openssl/pull/465) + + Version 2.1.2 ============= diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 693e55cd970..e13595c7c79 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -33,9 +33,6 @@ if $mswin || $mingw https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L33 have_library("ws2_32") end -Logging::message "=== Checking for required stuff... ===\n" -result = pkg_config("openssl") && have_header("openssl/ssl.h") - if $mingw append_cflags '-D_FORTIFY_SOURCE=2' append_ldflags '-fstack-protector' @@ -92,19 +89,33 @@ def find_openssl_library https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L89 return false end -unless result - unless find_openssl_library - Logging::message "=== Checking for required stuff failed. ===\n" - Logging::message "Makefile wasn't created. Fix the errors above.\n" - raise "OpenSSL library could not be found. You might want to use " \ - "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \ - "is installed." - end +Logging::message "=== Checking for required stuff... ===\n" +pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h") + +if !pkg_config_found && !find_openssl_library + Logging::message "=== Checking for required stuff failed. ===\n" + Logging::message "Makefile wasn't created. Fix the errors above.\n" + raise "OpenSSL library could not be found. You might want to use " \ + "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \ + "is installed." end -unless checking_for("OpenSSL version is 1.0.1 or later") { - try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") } - raise "OpenSSL >= 1.0.1 or LibreSSL is required" +version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") + is_libressl = true + checking_for("LibreSSL version >= 2.5.0") { + try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") } +else + checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") { + try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") && + !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") } +end +unless version_ok + raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required" +end + +# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h +if is_libressl && ($mswin || $mingw) + $defs.push("-DNOCRYPT") end Logging::message "=== Checking for OpenSSL features... ===\n" @@ -116,10 +127,6 @@ engines.each { |name| https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L127 have_func("ENGINE_load_#{name}()", "openssl/engine.h") } -if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") - $defs.push("-DNOCRYPT") -end - # added in 1.0.2 have_func("EC_curve_nist2nid") have_func("X509_REVOKED_dup") diff --git a/ext/openssl/lib/openssl/version.rb b/ext/openssl/lib/openssl/version.rb index 9c7515ba0f3..d541cbf162a 100644 --- a/ext/openssl/lib/openssl/version.rb +++ b/ext/openssl/lib/openssl/version.rb @@ -1,5 +1,5 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/version.rb#L1 # frozen_string_literal: true module OpenSSL - VERSION = "2.2.0" + VERSION = "2.2.1" end diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec index 471a3c42654..ebbd0923dd3 100644 --- a/ext/openssl/openssl.gemspec +++ b/ext/openssl/openssl.gemspec @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl.gemspec#L1 Gem::Specification.new do |spec| spec.name = "openssl" - spec.version = "2.2.0" + spec.version = "2.2.1" spec.authors = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"] spec.email = ["ruby-core@r..."] spec.summary = %q{OpenSSL provides SSL, TLS and general purpose cryptography.} @@ -17,6 +17,7 @@ Gem::Specification.new do |spec| https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl.gemspec#L17 spec.required_ruby_version = ">= 2.3.0" + spec.add_runtime_dependency "ipaddr" spec.add_development_dependency "rake" spec.add_development_dependency "rake-compiler" spec.add_development_dependency "test-unit", "~> 3.0" diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index d94b8e375c3..bec37299f74 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -453,7 +453,7 @@ ossl_bn_is_negative(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L453 if (!(result = BN_new())) { \ ossl_raise(eBNError, NULL); \ } \ - if (!BN_##func(result, bn, ossl_bn_ctx)) { \ + if (BN_##func(result, bn, ossl_bn_ctx) <= 0) { \ BN_free(result); \ ossl_raise(eBNError, NULL); \ } \ @@ -479,7 +479,7 @@ BIGNUM_1c(sqr) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L479 if (!(result = BN_new())) { \ ossl_raise(eBNError, NULL); \ } \ - if (!BN_##func(result, bn1, bn2)) { \ + if (BN_##func(result, bn1, bn2) <= 0) { \ BN_free(result); \ ossl_raise(eBNError, NULL); \ } \ @@ -512,7 +512,7 @@ BIGNUM_2(sub) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L512 if (!(result = BN_new())) { \ ossl_raise(eBNError, NULL); \ } \ - if (!BN_##func(result, bn1, bn2, ossl_bn_ctx)) { \ + if (BN_##func(result, bn1, bn2, ossl_bn_ctx) <= 0) { \ BN_free(result); \ ossl_raise(eBNError, NULL); \ } \ @@ -556,11 +556,21 @@ BIGNUM_2c(gcd) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L556 BIGNUM_2c(mod_sqr) /* - * Document-method: OpenSSL::BN#mod_inverse * call-seq: - * bn.mod_inverse(bn2) => aBN + * bn.mod_inverse(bn2) => aBN */ -BIGNUM_2c(mod_inverse) (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/