Skip to content

Commit

Permalink
Merge branch 'maint-3.2'
Browse files Browse the repository at this point in the history
* maint-3.2:
  Ruby/OpenSSL 3.2.1
  Configure RubyGems Trusted Publishing
  Ruby/OpenSSL 3.1.1
  Ruby/OpenSSL 3.0.3
  digest: make output buffer String independent in #finish
  cipher: make output buffer String independent
  • Loading branch information
rhenium committed Dec 18, 2024
2 parents 63db970 + 2d7247e commit 3f9a87a
Show file tree
Hide file tree
Showing 7 changed files with 119 additions and 3 deletions.
51 changes: 51 additions & 0 deletions .github/workflows/push_gem.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Publish gem to rubygems.org

on:
push:
tags:
- 'v*'

permissions:
contents: read

jobs:
push:
if: github.repository == 'ruby/openssl'
runs-on: ubuntu-latest

environment:
name: rubygems.org
url: https://rubygems.org/gems/openssl

permissions:
contents: write
id-token: write

strategy:
matrix:
ruby: [ 'ruby', 'jruby' ]

steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit

- uses: actions/checkout@v4

- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
ruby-version: ${{ matrix.ruby }}

- name: Publish to RubyGems
uses: rubygems/release-gem@v1

- name: Create GitHub release
run: |
tag_name="$(git describe --tags --abbrev=0)"
gh release create "${tag_name}" --verify-tag --draft --generate-notes pkg/*.gem
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: matrix.ruby == 'ruby'
37 changes: 37 additions & 0 deletions History.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
Version 3.2.1
=============

Merged changes in 3.0.3.


Version 3.2.0
=============

Expand Down Expand Up @@ -38,6 +44,12 @@ Notable changes
[[GitHub #141]](https://github.com/ruby/openssl/pull/141)


Version 3.1.1
=============

Merged changes in 3.0.3.


Version 3.1.0
=============

Expand Down Expand Up @@ -74,6 +86,31 @@ Notable changes
LibreSSL 3.6 and Ed25519 support in LibreSSL 3.7.


Version 3.0.3
=============

Bug fixes
---------

* Fix a performance regression introduced in v2.1.3 on a buffered write to
`SSLSocket`.
[[GitHub #706]](https://github.com/ruby/openssl/pull/706)
* Fix `OpenSSL::PKCS7` to handle PKCS#7 structures without content.
[[GitHub #690]](https://github.com/ruby/openssl/pull/690)
[[GitHub #752]](https://github.com/ruby/openssl/pull/752)
* Fix `OpenSSL::ASN1::ObjectId#==` with OIDs without a known name.
[[GitHub #791]](https://github.com/ruby/openssl/issues/791)
[[GitHub #792]](https://github.com/ruby/openssl/pull/792)
* Fix `OpenSSL::X509::Certificate#crl_uris` to handle CDP with multiple CRL
URIs.
[[GitHub #775]](https://github.com/ruby/openssl/issues/775)
[[GitHub #776]](https://github.com/ruby/openssl/pull/776)
* Fix `OpenSSL::Cipher#update` to always make the output buffer `String`
independent.
[[Bug #20937]](https://bugs.ruby-lang.org/issues/20937)
[[GitHub #824]](https://github.com/ruby/openssl/pull/824)


Version 3.0.2
=============

Expand Down
5 changes: 4 additions & 1 deletion ext/openssl/ossl_cipher.c
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,10 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
str = rb_str_new(0, out_len);
} else {
StringValue(str);
rb_str_resize(str, out_len);
if ((long)rb_str_capacity(str) >= out_len)
rb_str_modify(str);
else
rb_str_modify_expand(str, out_len - RSTRING_LEN(str));
}

if (!ossl_cipher_update_long(ctx, (unsigned char *)RSTRING_PTR(str), &out_len, in, in_len))
Expand Down
1 change: 1 addition & 0 deletions ext/openssl/ossl_digest.c
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,7 @@ ossl_digest_finish(int argc, VALUE *argv, VALUE self)
str = rb_str_new(NULL, out_len);
} else {
StringValue(str);
rb_str_modify(str);
rb_str_resize(str, out_len);
}

Expand Down
2 changes: 1 addition & 1 deletion lib/openssl/version.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# frozen_string_literal: true

module OpenSSL
VERSION = "3.2.0"
VERSION = "3.2.1"
end
2 changes: 1 addition & 1 deletion openssl.gemspec
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Gem::Specification.new do |spec|
spec.name = "openssl"
spec.version = "3.2.0"
spec.version = "3.2.1"
spec.authors = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"]
spec.email = ["[email protected]"]
spec.summary = %q{SSL/TLS and general-purpose cryptography for Ruby}
Expand Down
24 changes: 24 additions & 0 deletions test/openssl/test_cipher.rb
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,30 @@ def test_ctr_if_exists
assert_equal pt, cipher.update(ct) << cipher.final
end

def test_update_with_buffer
cipher = OpenSSL::Cipher.new("aes-128-ecb").encrypt
cipher.random_key
expected = cipher.update("data") << cipher.final
assert_equal 16, expected.bytesize

# Buffer is supplied
cipher.reset
buf = String.new
assert_same buf, cipher.update("data", buf)
assert_equal expected, buf + cipher.final

# Buffer is frozen
cipher.reset
assert_raise(FrozenError) { cipher.update("data", String.new.freeze) }

# Buffer is a shared string [ruby-core:120141] [Bug #20937]
cipher.reset
buf = "x" * 1024
shared = buf[-("data".bytesize + 32)..-1]
assert_same shared, cipher.update("data", shared)
assert_equal expected, shared + cipher.final
end

def test_ciphers
ciphers = OpenSSL::Cipher.ciphers
assert_kind_of Array, ciphers
Expand Down

0 comments on commit 3f9a87a

Please sign in to comment.