Skip to content

Commit 10f8d69

Browse files
rheniumrhenium
committed
Merge branch 'maint-2.2' into maint-3.0
* maint-2.2: Ruby/OpenSSL 2.2.3 ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5 Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3 pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINT raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true
2 parents 1f4c9d8 + 04acccd commit 10f8d69

File tree

3 files changed

+38
-17
lines changed

3 files changed

+38
-17
lines changed

.github/workflows/test.yml

+7-5
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,12 @@ jobs:
1010
strategy:
1111
fail-fast: false
1212
matrix:
13-
os: [ ubuntu-latest, macos-latest ]
13+
# ubuntu-latest is 22.04, uses OpenSSL 3
14+
os: [ ubuntu-20.04, macos-latest ]
1415
ruby: [ head, "3.0", "2.7", "2.6" ]
1516
steps:
1617
- name: repo checkout
17-
uses: actions/checkout@v2
18+
uses: actions/checkout@v3
1819

1920
- name: load ruby
2021
uses: ruby/setup-ruby@v1
@@ -38,10 +39,11 @@ jobs:
3839
fail-fast: false
3940
matrix:
4041
os: [ windows-latest ]
41-
ruby: [ mswin, mingw, "3.0", "2.7", "2.6" ]
42+
# current mswin build uses OpenSSL 3
43+
ruby: [ mingw, "3.0", "2.7", "2.6" ]
4244
steps:
4345
- name: repo checkout
44-
uses: actions/checkout@v2
46+
uses: actions/checkout@v3
4547

4648
- name: load ruby, install/update gcc, install openssl
4749
uses: MSP-Greg/setup-ruby-pkgs@v1
@@ -80,7 +82,7 @@ jobs:
8082
- libressl-3.3.4
8183
steps:
8284
- name: repo checkout
83-
uses: actions/checkout@v2
85+
uses: actions/checkout@v3
8486

8587
- name: prepare openssl
8688
run: |

History.md

+15
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,21 @@ Notable changes
124124
[[GitHub #342]](https://github.com/ruby/openssl/issues/342)
125125

126126

127+
Version 2.2.3
128+
=============
129+
130+
Bug fixes
131+
---------
132+
133+
* Fix serveral methods in OpenSSL::PKey::EC::Point attempting to raise an error
134+
with an incorrect class, which would end up with a TypeError.
135+
[[GitHub #570]](https://github.com/ruby/openssl/pull/570)
136+
* Fix OpenSSL::PKey::EC::Point#eql? and OpenSSL::PKey::EC::Group#eql?
137+
incorrectly treated OpenSSL's internal errors as "not equal".
138+
[[GitHub #564]](https://github.com/ruby/openssl/pull/564)
139+
* Fix build with LibreSSL 3.5 or later.
140+
141+
127142
Version 2.2.2
128143
=============
129144

ext/openssl/ossl_pkey_ec.c

+16-12
Original file line numberDiff line numberDiff line change
@@ -680,10 +680,11 @@ static VALUE ossl_ec_group_eql(VALUE a, VALUE b)
680680
GetECGroup(a, group1);
681681
GetECGroup(b, group2);
682682

683-
if (EC_GROUP_cmp(group1, group2, ossl_bn_ctx) == 1)
684-
return Qfalse;
685-
686-
return Qtrue;
683+
switch (EC_GROUP_cmp(group1, group2, ossl_bn_ctx)) {
684+
case 0: return Qtrue;
685+
case 1: return Qfalse;
686+
default: ossl_raise(eEC_GROUP, "EC_GROUP_cmp");
687+
}
687688
}
688689

689690
/*
@@ -1244,10 +1245,13 @@ static VALUE ossl_ec_point_eql(VALUE a, VALUE b)
12441245
GetECPoint(b, point2);
12451246
GetECGroup(group_v1, group);
12461247

1247-
if (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx) == 1)
1248-
return Qfalse;
1248+
switch (EC_POINT_cmp(group, point1, point2, ossl_bn_ctx)) {
1249+
case 0: return Qtrue;
1250+
case 1: return Qfalse;
1251+
default: ossl_raise(eEC_POINT, "EC_POINT_cmp");
1252+
}
12491253

1250-
return Qtrue;
1254+
UNREACHABLE;
12511255
}
12521256

12531257
/*
@@ -1265,7 +1269,7 @@ static VALUE ossl_ec_point_is_at_infinity(VALUE self)
12651269
switch (EC_POINT_is_at_infinity(group, point)) {
12661270
case 1: return Qtrue;
12671271
case 0: return Qfalse;
1268-
default: ossl_raise(cEC_POINT, "EC_POINT_is_at_infinity");
1272+
default: ossl_raise(eEC_POINT, "EC_POINT_is_at_infinity");
12691273
}
12701274

12711275
UNREACHABLE;
@@ -1286,7 +1290,7 @@ static VALUE ossl_ec_point_is_on_curve(VALUE self)
12861290
switch (EC_POINT_is_on_curve(group, point, ossl_bn_ctx)) {
12871291
case 1: return Qtrue;
12881292
case 0: return Qfalse;
1289-
default: ossl_raise(cEC_POINT, "EC_POINT_is_on_curve");
1293+
default: ossl_raise(eEC_POINT, "EC_POINT_is_on_curve");
12901294
}
12911295

12921296
UNREACHABLE;
@@ -1309,7 +1313,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
13091313
rb_warn("OpenSSL::PKey::EC::Point#make_affine! is deprecated");
13101314
#if !OSSL_OPENSSL_PREREQ(3, 0, 0)
13111315
if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
1312-
ossl_raise(cEC_POINT, "EC_POINT_make_affine");
1316+
ossl_raise(eEC_POINT, "EC_POINT_make_affine");
13131317
#endif
13141318

13151319
return self;
@@ -1328,7 +1332,7 @@ static VALUE ossl_ec_point_invert(VALUE self)
13281332
GetECPointGroup(self, group);
13291333

13301334
if (EC_POINT_invert(group, point, ossl_bn_ctx) != 1)
1331-
ossl_raise(cEC_POINT, "EC_POINT_invert");
1335+
ossl_raise(eEC_POINT, "EC_POINT_invert");
13321336

13331337
return self;
13341338
}
@@ -1346,7 +1350,7 @@ static VALUE ossl_ec_point_set_to_infinity(VALUE self)
13461350
GetECPointGroup(self, group);
13471351

13481352
if (EC_POINT_set_to_infinity(group, point) != 1)
1349-
ossl_raise(cEC_POINT, "EC_POINT_set_to_infinity");
1353+
ossl_raise(eEC_POINT, "EC_POINT_set_to_infinity");
13501354

13511355
return self;
13521356
}

0 commit comments

Comments
 (0)