| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't set in SSLContext#set_params when built with OpenSSL 1.1.0 or
newer.
The list was added as a workaround to exclude known weak cipher suites
([Bug #9424]). In OpenSSL <= 1.0.2, the default list (DEFAULT) included
even cipher suites using MD5. Now, OpenSSL 1.1.0 has better DEFAULT. So
make SSLContext#set_params just use it.
Here is the diff between our current explicit list and DEFAULT of
OpenSSL 1.1.0-pre6 (with sorted):
$ list_ruby=$(openssl ciphers -v $(ruby -ropenssl -e'puts OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]') | sort)
$ list_default=$(openssl ciphers -v 'DEAFULT:!PSK:!SRP' | sort)
$ diff <(echo "$list_ruby") <(echo "$list_default")
7,12c7
< DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
< DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
< DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
< DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
< DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
< DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
---
> DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
18a14,15
> DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
> DHE-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
24a22,23
> ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
> ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
30a30,31
> ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
> ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
|
|
|
|
|
|
|
| |
SSL_CTX_set_tmp_ecdh() increments the reference counter of EC_KEY so we
must decrement with EC_KEY_free().
Fixes: fcb9b4a6b5c6 (openssl: add SSLContext#ecdh_curves=)
|
|
|
|
|
| |
Since openssl.so itself doesn't have the funtionality of memory leak
check, there is no point doing it.
|
|
|
|
| |
The message may change depending on the value of OpenSSL.debug.
|
|
|
|
|
| |
Fixes cad3226a06a1 (openssl: adapt to OpenSSL 1.1.0 opaque structs,
2016-06-05).
|
|
|
|
| |
The input may not be a Fixnum.
|
|
|
|
| |
Their return type was void in ancient versions of OpenSSL but no longer.
|
|\
| |
| |
| |
| |
| |
| | |
* ruby-trunk r55757..r55822: (1 commits)
(r55822) openssl: avoid undefined behavior on empty SSL_write
Sync-with-trunk: r55822
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_write(3ssl) manpage has this in the WARNINGS section:
When calling SSL_write() with num=0 bytes to be sent the
behaviour is undefined.
And indeed, the new test case demonstrates failures when
empty strings are used. So, match the behavior of IO#write,
IO#write_nonblock, and IO#syswrite by returning zero, as the
OpenSSL::SSL::SSLSocket API already closely mimics the IO one.
* ext/openssl/ossl_ssl.c (ossl_ssl_write_internal):
avoid undefined behavior
* test/openssl/test_pair.rb (test_write_zero): new test
[ruby-core:76751] [Bug #12660]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
|
|
|
| |
Preparing for gem release... The task copies the content of this
repository to the Ruby tree.
|
|
|
|
|
| |
A workaround so that the OpenSSL version doesn't affect
ext/openssl/depend generated by Ruby's tool/update-deps script.
|
|
|
|
|
| |
Ruby's assert_raise doesn't allow the expected exception to be an
instance of an exception.
|
|
|
|
| |
It is already removed in Ruby tree at r48399.
|
|
|
|
|
|
|
|
|
|
| |
We currently always pass 20 random bytes generated by RAND_bytes(). It
is fine when generating parameters <= 1024 bits, because OpenSSL
requires a seed with the same length as the prime q, which is 160 bits.
FIPS 186-3 allowed the parameters to be >= 2048 bits. For them, OpenSSL
generates a 256 bits long q. We can pass 32 bytes long random bytes
instead, but the function is able to generate on its own. So just give
NULL.
|
|
|
|
| |
I kept OpenSSL 1.1.0-pre6 in allow_failures as it is still beta.
|
|
|
|
| |
This removes unnecessary @_protocols instance variable.
|
|
|
|
| |
Picked from Ruby trunk (r55812).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement initialize_copy for:
- OpenSSL::PKCS12
- OpenSSL::SSL::SSLSession
- OpenSSL::X509::Attribute
- OpenSSL::X509::Extension
- OpenSSL::X509::Name
- OpenSSL::X509::Revoked
Remove initialize_copy from:
- OpenSSL::SSL::SSLContext
- OpenSSL::SSL::SSLSocket
- OpenSSL::Engine
- OpenSSL::X509::Store
- OpenSSL::X509::StoreContext
[Bug #12381]
|
|\
| |
| |
| |
| |
| |
| | |
* topic/ssl-verify-hostname:
ssl: add verify_hostname option to SSLContext
test/test_ssl: avoid SSLContext#set_params where not required
Refactor common verify callback code
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If a client sets this to true and enables SNI with SSLSocket#hostname=,
the hostname verification on the server certificate is performed
automatically during the handshake using
OpenSSL::SSL.verify_certificate_identity().
Currently an user who wants to do the hostname verification needs to
call SSLSocket#post_connection_check explicitly after the TLS connection
is established.
This commit also enables the option in SSLContext::DEFAULT_PARAMS.
Applications using SSLContext#set_params may be affected by this.
[GH ruby/openssl#8]
|
| |
| |
| |
| |
| | |
Set verify_mode to OpenSSL::SSL::VERIFY_PEER directly. They are tests
for verify_callback so they don't need to use SSLContext#set_params.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There is a function ossl_verify_cb() that fetches the custom callback
Proc from X509_STORE/X509_STORE_CTX and calls it, but it was not very
useful for SSL code. It's only used in ossl_x509store.c and ossl_ssl.c
so move X509::Store specific code to ossl_x509store.c.
Also make struct ossl_verify_cb_args and ossl_call_verify_cb_proc()
local to ossl.c.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
* ruby-trunk r55538..r55757: (1 commits)
(r55757) test: use assert_include
Sync-with-trunk: r55757
|
|/ /
| |
| |
| | |
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55757 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
|
| |
| |
| |
| | |
Fixes c0548c94e499.
|
|\ \
| | |
| | |
| | |
| | |
| | | |
* topic/cipher-fixes:
cipher: use lower-case cipher name in OpenSSL::Cipher::*.new
cipher: fix handling huge data larger than INT_MAX bytes
|
| | |
| | |
| | |
| | | |
AES-GCM ciphers don't have upper-case sn.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The function ossl_cipher_update_long() was added to fix this in r48923
(ossl_cipher.c: workaround of OpenSSL API, 2014-12-23), but it didn't
work well. [Bug #10633]
This can be tested by running:
$ fallocate -l 2G data.img
$ ruby -ropenssl <<EOF
cipher = OpenSSL::Cipher.new("aes-128-ecb").encrypt
cipher.key = "\x00" * 16
ct = cipher.update(File.read("data.img")) << cipher.final
p ct.bytesize
EOF
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
* topic/ssl-check-pkey-private:
ssl: reject keys without private components
ssl: remove unneeded instance variable x509 and key from SSL::SSLSocket
pkey: remove unused things
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL checks if the PKey's public key matches with the certificate,
but does not check that the PKey contains the private components. As a
result, OpenSSL does a NULL dereference while doing SSL/TLS negotiation.
[Bug #8673]
|
| | |
| | |
| | |
| | |
| | |
| | | |
They are only used to pass two objects across rb_protect(). So just
remove them and use temporary array instead. Since they are not public
attributes, this should be safe.
|
| | |
| | |
| | |
| | |
| | | |
Make id_private_q local to ossl_pkey.c, and remove unused
DupPrivPKeyPtr() function.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
* topic/cipher-iv-len:
cipher: allow setting IV length when using AEAD ciphers
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add OpenSSL::Cipher#iv_len=. For interoperability with other
applications, it is sometimes required. Normally 'IV' is fixed-length,
but in OpenSSL, some ciphers such as aes-128-gcm make use of it as
'nonce', which is variable-length.
Changing the IV length in Cipher#iv= is also an option but I decided not
to choose it. Because in Ruby <= 2.3 Cipher#iv= truncates the input when
the length is longer than the current IV length, changing the behavior
might cause unexpected encryption result.
[Bug #8667] [Bug #10420] [GH ruby/ruby#569]
|
| |_|/
|/| | |
|
|\ \ \
| | | |
| | | | |
Make PKey.read raise PKey::PKeyError rather than ArgumentError
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
PKey.read is a generic method to load an arbitrary PKey structure from a
PEM or DER encoded String. Each PKey classes's constructor also can load
from a String, but the behavior on error is different. While they raises
its own exception (are subclasses of PKey::PKeyError), PKey.read raises
ArgumentError. [Bug #11774]
|
|\ \ \
| | | |
| | | | |
Improve 'Loading a key' section of the documentation
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Show the return values of both PKey::RSA#public? and #private? for each
two .pem files. The current example is not technically incorrect, but
very confusing.
This is based on the reports by Rob Nichols and Brett Goulder.
[Bug #10115] [GH ruby/openssl#52]
|
| | |
| | |
| | |
| | |
| | |
| | | |
Mark OpenSSL::{Digest::Digest,Cipher::Cipher} as deprecated using
Module#deprecate_constant. They have been deprecated for years in the
documentation.
|
| | |
| | |
| | |
| | | |
Load path needs to be passed.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* topic/rdoc-fixes:
Fix RDoc style
Update .gitignore
Add RDoc task to Rakefile
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Ignore /html and /ext/openssl/extconf.h. Also remove impossible files -
we currently don't use YARD or Bundler.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* topic/ocsp-basic-verify-bug:
ocsp: add workaround for OCSP_basic_verify() bug
ocsp: refactor tests
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Older versions of OpenSSL have a bug that it doesn't use the
certificates passed to OCSP_basic_verify() for verifying the chain. This
can be a problem when the response is signed by a certificate issued by
an intermediate CA.
root_ca
|
intermediate_ca
|-------------|
end_entity ocsp_signer
When the certificate hierarchy is like this, and the response contains
only ocsp_signer certificate, the following code wrongly fails.
store = OpenSSL::X509::Store.new; store.add_cert(root_ca)
basic_response.verify([intermediate_ca], store)
So duplicate the OCSP_BASICRESP and add the certificates to the embedded
list first.
|
| |/ / /
| | | |
| | | |
| | | | |
Make @cert an intermediate CA, add @cert2 that issued by @cert.
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | | |
* topic/doc-ssl-sync-close:
Document OpenSSL::SSL::SSLSocket#sync_close
|