'y' and 'n' are kind of ambiguous. Syck treated y and n literals in
YAML documents as strings. But this is not what the YAML 1.1 spec says.
YAML 1.1 says they should be treated as booleans. When we're dumping
documents, we know it's a string, so adding quotes will eliminate the
"ambiguity" in the emitted document
Fixes#4436a1c30634e
Previously, `+.inf` was not handled correctly. Additionally, the regexp
was checking for inf and NaN, even though these cases are handled earlier
in the condition. Added a few tests to ensure handling some missing
cases.
6e0e7a1e9f
Currently when calling any of the "FileUtils" methods on pathname `require` is called every time even though that library might already be loaded. This is slow:
We can speed it up by either checking first if the constant is already defined, or by using autoload.
Using defined speeds up the action by about 300x and using autoload is about twice as fast as that (600x faster than current require method).
I'm proposing we use autoload:
```ruby
require 'benchmark/ips'
Benchmark.ips do |x|
autoload(:FileUtils, "fileutils")
x.report("require") { require 'fileutils' }
x.report("defined") { require 'fileutils' unless defined?(FileUtils) }
x.report("autoload") { FileUtils }
x.compare!
end
# Warming up --------------------------------------
# require 3.624k i/100ms
# defined 1.465M i/100ms
# autoload 2.320M i/100ms
# Calculating -------------------------------------
# require 36.282k (± 2.4%) i/s - 184.824k in 5.097153s
# defined 14.539M (± 2.0%) i/s - 73.260M in 5.041161s
# autoload 23.100M (± 1.9%) i/s - 115.993M in 5.023271s
# Comparison:
# autoload: 23099779.2 i/s
# defined: 14538544.9 i/s - 1.59x (± 0.00) slower
# require: 36282.3 i/s - 636.67x (± 0.00) slower
```
Because this autoload is scoped to Pathname it will not change the behavior of existing programs that are not expecting FileUtils to be loaded yet:
```
ruby -rpathname -e "class Pathname; autoload(:FileUtils, 'fileutils'); end; puts FileUtils.exist?"
Traceback (most recent call last):
-e:1:in `<main>': uninitialized constant FileUtils (NameError)
```
This commit removes T_PAYLOAD since the new VWA implementation no longer
requires T_PAYLOAD types.
Co-authored-by: Aaron Patterson <tenderlove@ruby-lang.org>
This commit removes T_PAYLOAD since the new VWA implementation no longer
requires T_PAYLOAD types.
Co-authored-by: Aaron Patterson <tenderlove@ruby-lang.org>
LibYAML has moved from their previous Mercurial based hosting on BitBucket to a git repository on GitHub. This commit updates the `Psych` module's documentation to point to this new repository, instead of the old one which is now a 404.
947a84d0dd
I'm not sure whether this handles all multithreaded use cases,
but this handles the example that crashes almost immediately
and does 10,000,000 total deflates using 100 separate threads.
To prevent the tests from taking forever, the committed test
for this uses only 10,000 deflates across 10 separate threads,
which still causes a segfault in the previous implementation
almost immediately.
Fixes [Bug #17803]
4b1023b3f2
* It used to be hardcoded since 0affbf9d2c7c5c618b8d3fe191e74d9ae8ad22fc
but got removed in 23abf3d3fb82afcc26d35769f0dec59dd46de4bb
* This means that since that second commit, rb_iterate() was used unintentionally.
8816ced525
Back in 2016, we chose not to use Bundler in Ruby/OpenSSL development
because Bundler depended on openssl and could not be used for testing
openssl itself - "bundle exec rake test" would end up with loading two
different versions of openssl at the same time.
This has been resolved long time ago. We can now safely use it for
development dependency management and for Rake tasks.
47283d9161
Also, OpenSSL::BN::CONSTTIME is added.
OpenSSL itself had a feature that was vulnerable against a side-channel
attack. The OpenSSL authors determined that it was not a security issue,
and they have already fixed the issue by using BN_set_flags.
https://github.com/openssl/openssl/pull/13888
If a Ruby OpenSSL user was faced with a similar issue, they couldn't
prevent the issue because Ruby OpenSSL lacks a wrapper to BN_set_flags.
For the case, this change introduces the wrapper.
1e565eba89
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::DSA's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
ce805adf0c
With the newly added OpenSSL::PKey::PKey#{sign,verify}_raw,
OpenSSL::PKey::EC's low level signing operation methods can be
implemented in Ruby. The definitions are now in lib/openssl/pkey.rb.
1f9da0cd9d
Implement these methods using the new OpenSSL::PKey::PKey#{encrypt,sign}
family. The definitions are now in lib/openssl/pkey.rb.
Also, recommend using those generic methods in the documentation.
2dfc1779d3
Add a variant of PKey#sign and #verify that do not hash the data
automatically.
Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.
OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.
16cca4e0c4
Remove the following methods, which have been marked as deprecated and
produced a warning since version 2.0, commit 7ea72f1f5084 ("adapt
OpenSSL::PKey to OpenSSL 1.1.0 opaque structs", 2016-06-05).
- OpenSSL::PKey::RSA#n=, #e=, #d=, #p=, #q=, #dmp1=, #dmq1=, #iqmp=
- OpenSSL::PKey::DSA#p=, #q=, #g=, #priv_key=, #pub_key=
- OpenSSL::PKey::DH#p=, #g=, #priv_key=, #pub_key=
These methods could only work with OpenSSL 1.0.2 or older, which is now
EOL.
2334862cc0
Methods that take both PEM-encoding and DER-encoding have not been
consistent in the order in which encoding to attempt to parse.
A DER-encoding may contain a valid PEM block ("\n-----BEGIN ..-----" to
"-----END ...-----") embedded within it. Also, the PEM-encoding parser
allows arbitrary data around the PEM block and silently skips it. As a
result, attempting to parse data in DER-encoding as PEM-encoding first
can incorrectly finds the embedded PEM block instead.
This commit ensures that DER encoding will always be attempted before
PEM encoding. OpenSSL::X509::Certificate is one of the updated classes.
With this, the following will always be true:
# obj is an OpenSSL::X509::Certificate
obj == OpenSSL::X509::Certificate.new(obj.to_der)
obj == OpenSSL::X509::Certificate.new(obj.to_pem)
b280eb1fd0
Normal sockets respond to `getbyte`, so we should make SSLSocket respond
to `getbyte` as well. This way we can substitute SSLSockets for regular
sockets.
ac1490b7c9
Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
use EVP_PKEY_public_check() instead of EC_KEY_check_key().
EVP_PKEY_*check() is part of the EVP API and is meant to replace those
low-level functions. They were added by OpenSSL 1.1.1. It is currently
not provided by LibreSSL.
797e9f8e08
