Previously, ZJIT miscompiled the following because of native SP
interference.
def a(n1,n2,n3,n4,n5,n6,n7,n8) = [n8]
a(0,0,0,0,0,0,0, :ok)
Commented problematic disassembly:
; call rb_ary_new_capa
mov x0, #1
mov x16, #0x1278
movk x16, #0x4bc, lsl #16
movk x16, #1, lsl #32
blr x16
; call rb_ary_push
mov x1, x0
str x1, [sp, #-0x10]! ; c_push() from alloc_regs()
mov x0, x1 ; arg0, the array
ldur x1, [sp] ; meant to be arg1=n8, but sp just moved!
mov x16, #0x3968
movk x16, #0x4bc, lsl #16
movk x16, #1, lsl #32
blr x16
Since the frame pointer stays constant in the body of the function,
static offsets based on it don't run the risk of being invalidated by SP
movements.
Pass the registers to preserve through Insn::FrameSetup. This allows ARM
to use STP and waste no gaps between EC, SP, and CFP.
x86 now preserves and restores RBP since we use it as the frame pointer.
Since all arches now have a frame pointer, remove offset based SP
movement in the epilogue and restore registers using the frame pointer.
compile_data_calloc2 may run GC (though because it allocates from an
arena this is rare in practice). When this happened when resizing
operands there was a risk of seeing the insn in an inconsistent state.
To solve this we need to make any allocations before we start modifying
the instrucitons. This refactors the code to use a new
insn_replace_with_operands() function that allocates the new operands
array before modifying the instruction object.
Co-authored-by: Aaron Patterson <tenderlove@ruby-lang.org>
OpenSSL::X509::StoreContext#current_cert returns an empty and invalid
OpenSSL::X509::Certificate instance if it is called before starting a
certificate verification.
https://redirect.github.com/ruby/openssl/pull/919 will change it to
return nil instead in such a case.
Adjust test_verify_certificate_extra_message to actually complete
StoreContext#verify so that it will not rely on this behavior.
823799088d
There are several issues with these which I'm not sure I'll have time to
address properly. I prefer to keep our default branch in a releasable
state just in case. Once they are fixed, this can be reverted.
We now run specs against a single version, so I prefer to keep a single
branch. Once we bump the major version, this will need very little
updates, and that seems fine.
3866d25a00
This reverts commit 4e8bbb07dd.
It broke RubyGems tests:
20250727T123003Z.fail.html.gz
OpenSSL::X509::StoreContext#current_cert incorrectly calls
ossl_x509_new() with NULL to create a bogus Certificate object, and a
test case in RubyGems relies on it. This will be reapplied when both
are fixed.
Among functions named ossl_*_new(), ossl_pkey_new() is now the only one
that takes ownership of the passed OpenSSL object instead of making a
copy or incrementing its reference counter. Rename it to make this
behavior easier to understand.
54c1c26eb5
Likewise, let it take a const pointer and not the ownership of the
OpenSSL object.
This fixes potential memory leak in OpenSSL::OCSP::BasicResponse#status.
7e0288ebbd
Similar to most of the other ossl_*_new() functions, let it take a const
pointer and make a copy of the object.
This also fixes a potential memory leak when the wrapper object
allocation fails.
eaabf6d8a3
Currently, calling ossl_bn_new() with a NULL argument allocates a new
OpenSSL::BN instance representing 0. This behavior is confusing. Raise
an exception if this is attempted, instead.
6fa793d997
This list was originally in alphabetical order. Sort it again.
This change should be safe since the .rb sources should only depend on
the extension and not each other.
eb3998728a
The key files were created by the following commands.
```
$ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \
-algorithm mldsa65 \
-out mldsa65-1.pem
$ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \
-algorithm mldsa65 \
-out mldsa65-2.pem
```
PQC algorithms, ML-KEM (FIPS 203) and ML-DSA (FIPS 204) used in the PQC tests
are supported on OpenSSL 3.5 or later.
https://openssl-library.org/post/2025-04-08-openssl-35-final-release/f3bb316018
If `load_uint8x16_4` has an external linkage, it is defined in
both `generator` and `parser` extension libraries. This duplicate
symbol causes a linker error when `--with-static-linked-ext` is
given, on some platforms.
020693b17a
- The `bundle plugin uninstall --all` was missing.
- The `bundle plugin install --local-git` was missing due to being
deprecated. We decided to reintroduce the doc for more clarity.
4da252945c
- Ref #8802
- ### Problem
Whenever a bundler command options is added, we want to make
sure that the associated command man page is updated to reflect
the new option (e.g. this mistake was made in #8624)
### Solution
In #8802 we discussed a bit on the implementation which would rely
on parsing ronn files and introduce some conventions on how options
documented in man pages should be written.
I figured I would try a simpler approach by just checking if the man
page of a command list options using a simple regex.
Pros:
- Simpler as we don't have to parse ronn files.
- No need to modify all existing man pages.
Cons:
- We can only verify one way (CLI options -> man pages).
If a CLI option get removed, we won't be able to warn that
the existing document man page option needs to be removed.
e10e60bd33
