1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Commit graph

9 commits

Author SHA1 Message Date
Kazuki Yamaguchi
2e601c284c digest: remove OpenSSL engine
The OpenSSL engine of Digest uses the low-level API of OpenSSL, whose
use has been discouraged for years for multiple reasons.

A long-standing issue on a FIPS-enabled system is that using ::Digest
results in crashing the Ruby process, because the low-level API lacks
the mechanism to report an error (the policy violation) and thus kills
the process as a last resort[1][2]. Also, the upcoming OpenSSL 3.0 will
deprecate it for future removal[3]. Compiling with
-Wdeprecated-declarations will start to emit warnings.

A proper fix for this is to make it use the EVP API instead. This is a
non-trivial work as it requires backwards-incompatible changes to the
framework interface of Digest::Base and rb_digest_metadata_t.

It is more than 15 years ago that the openssl library became part of the
standard library. It has implemented the exactly same functionality as
OpenSSL::Digest, in fact, as a subclass of Digest::Class. There is not
much point in having an identical code in the digest library. Let's
just get rid of OpenSSL within digest. This leaves the C implementations
and the CommonCrypto engine for Apple systems.

A patch is being prepared for the openssl library to provide ::Digest
constants for better performance[4].

[1] https://bugs.ruby-lang.org/issues/6946
[2] https://bugs.ruby-lang.org/issues/13681
[3] https://www.openssl.org/docs/OpenSSL300Design.html
[4] https://github.com/ruby/openssl/pull/377
2020-12-02 11:09:12 +09:00
Kazuki Yamaguchi
28f3e03880 digest: do not depend on ext/openssl/deprecation.rb
ext/openssl/deprecation.rb has been removed in ext/openssl upstream[1].

It was originally introduced to detect and prevent linking against
Apple's bundled (and very outdated) version of OpenSSL. It is long gone
and the header files do not exist in current versions of macOS.

The dependency in ext/digest was introduced by commit 26e258c807.
Note that the original issue[2] is resolved without this dependency.
The commit also added the pkg_config("openss") call to match what
ext/openssl does.

[1] https://github.com/ruby/openssl/pull/333
[2] https://bugs.ruby-lang.org/issues/6379
2020-03-10 17:41:01 +09:00
hsbt
13155d4df5 Copy openssl library finder for ext/digest from OpenSSL extention.
* ext/digest/digest_conf.rb: Support to search variaous filenames of
    OpenSSL/LibreSSL libraries.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59362 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-07-18 11:28:49 +00:00
nobu
1bdc1a5529 Local header dependencies
* lib/mkmf.rb (create_makefile): store $headers in LOCAL_HDRS for
  depend files.
* ext/digest/digest_conf.rb (digest_conf): add implementation
  specific headers to $header.
* ext/digest/{md5,rmd160,sha1,sha2}/depend: add LOCAL_HDRS to the
  dependencies.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55588 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-07-06 05:44:58 +00:00
naruse
c4fdfabcc8 handle ext/ as r53141
g -L frozen_string_literal ext/**/*.rb|xargs ruby -Ka -e'ARGV.each{|fn|puts
fn;open(fn,"r+"){|f|s=f.read.sub(/\A(#!.*\n)?(#.*coding.*\n)?/,"\\&#
frozen_string_literal: false\n");f.rewind;f.write s}}'

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53143 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16 05:31:54 +00:00
naruse
360b98355e fixup! r52695
OpenSSL's SHA1 struct name is SHA_CTX (which is also used for SHA-0),
but function name is SHA1_Transform.
http://openssl.org/docs/man0.9.8/crypto/SHA1.html

also note that LibreSSL 2.3 remove the SHA-0 support but still support SHA-1.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52755 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-11-26 08:31:12 +00:00
nobu
b97ceb66e9 digest: CommonDigest
* ext/digest/digest_conf.rb (digest_conf): check for CommonDigest.
* ext/digest/*/*cc.h: for Apple CommonCrypto/CommonDigest.h.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-02-11 02:09:55 +00:00
nobu
935275bb59 digest: define Finish func from Final func
* ext/digest/digest.h (DEFINE_FINISH_FUNC_FROM_FINAL): macro for
  finish functions, by inverting arguments order.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-02-11 02:09:23 +00:00
nobu
b632ca436c digest: common configurations
* ext/digest/digest_conf.rb (digest_conf): extract common
  configurations.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-02-11 02:08:50 +00:00