diff options
| author | Kazuki Yamaguchi <[email protected]> | 2020-03-09 18:26:19 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <[email protected]> | 2020-03-10 17:41:01 +0900 |
| commit | e4a26cd4f8e74e5d29de10a3a0ce5829829301b0 (patch) | |
| tree | 3e2ca67325456a954d6f0f898594453b13119a0d /ext/openssl/lib | |
| parent | 61cfd6da84e9cbf02c2e3ff5fae476fec92a1cec (diff) | |
openssl: sync with upstream repository
Import current master (2c43241dc0ed) of ruby/openssl.git.
Below are the commits that were made since the last batch at commit
b99775b163ce (ruby/openssl.git commit f49e7110ca1e). Note that some of
them have been applied already.
----------------------------------------------------------------
Benoit Daloze (1):
Remove redundant and ignored workflow file
DBL-Lee (1):
add support for SHA512_256/SHA512_224
Hiroshi SHIBATA (2):
Guard for OpenSSL::PKey::EC::Group::Error with unsupported platforms
Fixed inconsistency directory structure with ruby/ruby repo
Jeremy Evans (2):
Fix keyword argument separation issues in OpenSSL::SSL::SSLSocket#sys{read,write}_nonblock
Remove taint support
Kazuki Yamaguchi (26):
config: support .include directive
random: make OpenSSL::Random.pseudo_bytes alias of .random_bytes
extconf.rb: get rid of -Werror=deprecated-declarations
test/openssl/test_ssl: skip test_fallback_scsv if necessary
ts: simplify OpenSSL::Timestamp::Request#algorithm
History.md: add missing references to GitHub issues
config: deprecate OpenSSL::Config#add_value and #[]=
test/openssl/test_ssl: remove sleep from test_finished_messages
test/openssl/test_ssl: fix random failure in SSLSocket.open test
test/openssl/test_ssl: avoid explicitly-sized private keys
test/openssl/test_ssl: remove commented-out test case
test/openssl/test_ssl: allow kRSA tests to fail
ssl: avoid declarations after statements
engine: revert OpenSSL::Engine.load changes for cloudhsm
engine: remove really outdated static engines
engine: do not check for ENGINE_load_builtin_engines()
engine: fix guards for 'dynamic' and 'cryptodev' engines
lib/openssl.rb: require openssl/version.rb
x509: add error code and verify flags constants
ssl: set verify error code in the case of verify_hostname failure
.github/workflows: merge CI jobs into a single workflow
.github/workflows: test against different OpenSSL versions
.travis.yml: fully migrate to GitHub Actions
ssl: suppress test failure with SSLContext#add_certificate_chain_file
ssl: remove test case test_puts_meta from test_pair
Revert "Use version.rb in gemspec"
MSP-Greg (2):
.travis.yml - remove 2.3/1.0.2, 2.5/1.1.1, head/1.0.2
Use version.rb in gemspec
Samuel Williams (1):
Restore compatibility with older versions of Ruby.
Yusuke Endoh (1):
Make OpenSSL::OSSL#test_memcmp_timing robust
Diffstat (limited to 'ext/openssl/lib')
| -rw-r--r-- | ext/openssl/lib/openssl.rb | 1 | ||||
| -rw-r--r-- | ext/openssl/lib/openssl/config.rb | 72 | ||||
| -rw-r--r-- | ext/openssl/lib/openssl/digest.rb | 2 | ||||
| -rw-r--r-- | ext/openssl/lib/openssl/version.rb | 2 |
4 files changed, 53 insertions, 24 deletions
diff --git a/ext/openssl/lib/openssl.rb b/ext/openssl/lib/openssl.rb index 7ba2229a1b..00e2db1f40 100644 --- a/ext/openssl/lib/openssl.rb +++ b/ext/openssl/lib/openssl.rb @@ -21,6 +21,7 @@ require_relative 'openssl/hmac' require_relative 'openssl/x509' require_relative 'openssl/ssl' require_relative 'openssl/pkcs5' +require_relative 'openssl/version' module OpenSSL # call-seq: diff --git a/ext/openssl/lib/openssl/config.rb b/ext/openssl/lib/openssl/config.rb index ef83c57b20..9a0b787420 100644 --- a/ext/openssl/lib/openssl/config.rb +++ b/ext/openssl/lib/openssl/config.rb @@ -37,7 +37,7 @@ module OpenSSL def parse(string) c = new() parse_config(StringIO.new(string)).each do |section, hash| - c[section] = hash + c.set_section(section, hash) end c end @@ -76,29 +76,44 @@ module OpenSSL def parse_config_lines(io) section = 'default' data = {section => {}} - while definition = get_definition(io) + io_stack = [io] + while definition = get_definition(io_stack) definition = clear_comments(definition) next if definition.empty? - if definition[0] == ?[ + case definition + when /\A\[/ if /\[([^\]]*)\]/ =~ definition section = $1.strip data[section] ||= {} else raise ConfigError, "missing close square bracket" end - else - if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition - if $2 - section = $1 - key = $2 - else - key = $1 + when /\A\.include (\s*=\s*)?(.+)\z/ + path = $2 + if File.directory?(path) + files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB) + else + files = [path] + end + + files.each do |filename| + begin + io_stack << StringIO.new(File.read(filename)) + rescue + raise ConfigError, "could not include file '%s'" % filename end - value = unescape_value(data, section, $3) - (data[section] ||= {})[key] = value.strip + end + when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ + if $2 + section = $1 + key = $2 else - raise ConfigError, "missing equal sign" + key = $1 end + value = unescape_value(data, section, $3) + (data[section] ||= {})[key] = value.strip + else + raise ConfigError, "missing equal sign" end end data @@ -211,10 +226,10 @@ module OpenSSL scanned.join end - def get_definition(io) - if line = get_line(io) + def get_definition(io_stack) + if line = get_line(io_stack) while /[^\\]\\\z/ =~ line - if extra = get_line(io) + if extra = get_line(io_stack) line += extra else break @@ -224,9 +239,12 @@ module OpenSSL end end - def get_line(io) - if line = io.gets - line.gsub(/[\r\n]*/, '') + def get_line(io_stack) + while io = io_stack.last + if line = io.gets + return line.gsub(/[\r\n]*/, '') + end + io_stack.pop end end end @@ -248,7 +266,7 @@ module OpenSSL if filename File.open(filename.to_s) do |file| Config.parse_config(file).each do |section, hash| - self[section] = hash + set_section(section, hash) end end end @@ -297,6 +315,8 @@ module OpenSSL end ## + # *Deprecated in v2.2.0*. This method will be removed in a future release. + # # Set the target _key_ with a given _value_ under a specific _section_. # # Given the following configurating file being loaded: @@ -351,6 +371,8 @@ module OpenSSL end ## + # *Deprecated in v2.2.0*. This method will be removed in a future release. + # # Sets a specific _section_ name with a Hash _pairs_. # # Given the following configuration being created: @@ -376,9 +398,13 @@ module OpenSSL # def []=(section, pairs) check_modify - @data[section] ||= {} + set_section(section, pairs) + end + + def set_section(section, pairs) # :nodoc: + hash = @data[section] ||= {} pairs.each do |key, value| - self.add_value(section, key, value) + hash[key] = value end end @@ -463,6 +489,8 @@ module OpenSSL end def check_modify + warn "#{caller(2, 1)[0]}: warning: do not modify OpenSSL::Config; this " \ + "method is deprecated and will be removed in a future release." raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen? end diff --git a/ext/openssl/lib/openssl/digest.rb b/ext/openssl/lib/openssl/digest.rb index c953911954..92d358d241 100644 --- a/ext/openssl/lib/openssl/digest.rb +++ b/ext/openssl/lib/openssl/digest.rb @@ -21,7 +21,7 @@ module OpenSSL ALGORITHMS = %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512) if !OPENSSL_VERSION.include?("LibreSSL") && OPENSSL_VERSION_NUMBER > 0x10101000 - ALGORITHMS.concat %w(BLAKE2b512 BLAKE2s256 SHA3-224 SHA3-256 SHA3-384 SHA3-512) + ALGORITHMS.concat %w(BLAKE2b512 BLAKE2s256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 SHA512-224 SHA512-256) end ALGORITHMS.freeze diff --git a/ext/openssl/lib/openssl/version.rb b/ext/openssl/lib/openssl/version.rb index b07bb33009..9c7515ba0f 100644 --- a/ext/openssl/lib/openssl/version.rb +++ b/ext/openssl/lib/openssl/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module OpenSSL - VERSION = "2.2.0" unless defined?(VERSION) + VERSION = "2.2.0" end |