aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ssl: conditionally set explicit cipher suite listtopic/ssl-contiditional-explicit-ciphersuitesKazuki Yamaguchi2016-08-142-52/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't set in SSLContext#set_params when built with OpenSSL 1.1.0 or newer. The list was added as a workaround to exclude known weak cipher suites ([Bug #9424]). In OpenSSL <= 1.0.2, the default list (DEFAULT) included even cipher suites using MD5. Now, OpenSSL 1.1.0 has better DEFAULT. So make SSLContext#set_params just use it. Here is the diff between our current explicit list and DEFAULT of OpenSSL 1.1.0-pre6 (with sorted): $ list_ruby=$(openssl ciphers -v $(ruby -ropenssl -e'puts OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]') | sort) $ list_default=$(openssl ciphers -v 'DEAFULT:!PSK:!SRP' | sort) $ diff <(echo "$list_ruby") <(echo "$list_default") 7,12c7 < DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD < DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 < DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 < DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD < DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 < DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 --- > DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 18a14,15 > DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD > DHE-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 24a22,23 > ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD > ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 30a30,31 > ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD > ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
* ssl: fix memory leak in SSLContext#ecdh_curves=Kazuki Yamaguchi2016-08-131-1/+5
| | | | | | | SSL_CTX_set_tmp_ecdh() increments the reference counter of EC_KEY so we must decrement with EC_KEY_free(). Fixes: fcb9b4a6b5c6 (openssl: add SSLContext#ecdh_curves=)
* Don't turn on/off OpenSSL's mem check in OpenSSL.debug=Kazuki Yamaguchi2016-08-131-14/+4
| | | | | Since openssl.so itself doesn't have the funtionality of memory leak check, there is no point doing it.
* test/test_cipher: fix an assertionKazuki Yamaguchi2016-08-131-2/+1
| | | | The message may change depending on the value of OpenSSL.debug.
* x509crl: fix CRL#revoked=Kazuki Yamaguchi2016-08-092-1/+9
| | | | | Fixes cad3226a06a1 (openssl: adapt to OpenSSL 1.1.0 opaque structs, 2016-06-05).
* x509req: fix integer conversion in Request#version, #version=Kazuki Yamaguchi2016-08-091-3/+3
| | | | The input may not be a Fixnum.
* digest: check return value of EVP_Digest{Update,Final_ex}Kazuki Yamaguchi2016-08-091-6/+10
| | | | Their return type was void in ancient versions of OpenSSL but no longer.
* Merge changes from Ruby trunk r55757..r55822Kazuki Yamaguchi2016-08-072-1/+18
|\ | | | | | | | | | | | | * ruby-trunk r55757..r55822: (1 commits) (r55822) openssl: avoid undefined behavior on empty SSL_write Sync-with-trunk: r55822
| * openssl: avoid undefined behavior on empty SSL_writenormal2016-08-072-1/+18
|/ | | | | | | | | | | | | | | | | | | SSL_write(3ssl) manpage has this in the WARNINGS section: When calling SSL_write() with num=0 bytes to be sent the behaviour is undefined. And indeed, the new test case demonstrates failures when empty strings are used. So, match the behavior of IO#write, IO#write_nonblock, and IO#syswrite by returning zero, as the OpenSSL::SSL::SSLSocket API already closely mimics the IO one. * ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): avoid undefined behavior * test/openssl/test_pair.rb (test_write_zero): new test [ruby-core:76751] [Bug #12660] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Add Rake task sync:to_rubyKazuki Yamaguchi2016-08-071-6/+29
| | | | | Preparing for gem release... The task copies the content of this repository to the Ruby tree.
* Include ruby/thread_native.h regardless of the OpenSSL versionKazuki Yamaguchi2016-08-071-1/+1
| | | | | A workaround so that the OpenSSL version doesn't affect ext/openssl/depend generated by Ruby's tool/update-deps script.
* test/envutil: port assert_raise_with_message from Ruby treeKazuki Yamaguchi2016-08-072-6/+56
| | | | | Ruby's assert_raise doesn't allow the expected exception to be an instance of an exception.
* Remove unnecessary file test/ssl_server.rbKazuki Yamaguchi2016-08-071-81/+0
| | | | It is already removed in Ruby tree at r48399.
* pkey: don't pass a seed to DSA_generate_parameters_ex()Kazuki Yamaguchi2016-08-072-10/+8
| | | | | | | | | | We currently always pass 20 random bytes generated by RAND_bytes(). It is fine when generating parameters <= 1024 bits, because OpenSSL requires a seed with the same length as the prime q, which is 160 bits. FIPS 186-3 allowed the parameters to be >= 2048 bits. For them, OpenSSL generates a 256 bits long q. We can pass 32 bytes long random bytes instead, but the function is able to generate on its own. So just give NULL.
* Update build matrix to use zzak/ruby-openssl-docker@bb2f959f1dfdKazuki Yamaguchi2016-08-051-5/+5
| | | | I kept OpenSSL 1.1.0-pre6 in allow_failures as it is still beta.
* ssl: refactor ssl_npn_advertise_cb()Kazuki Yamaguchi2016-08-051-4/+3
| | | | This removes unnecessary @_protocols instance variable.
* Add BSDL fileKazuki Yamaguchi2016-08-041-0/+22
| | | | Picked from Ruby trunk (r55812).
* Implement missing initialize_copytopic/fix-initialize-copyKazuki Yamaguchi2016-08-0418-1/+189
| | | | | | | | | | | | | | | | | | | | | Implement initialize_copy for: - OpenSSL::PKCS12 - OpenSSL::SSL::SSLSession - OpenSSL::X509::Attribute - OpenSSL::X509::Extension - OpenSSL::X509::Name - OpenSSL::X509::Revoked Remove initialize_copy from: - OpenSSL::SSL::SSLContext - OpenSSL::SSL::SSLSocket - OpenSSL::Engine - OpenSSL::X509::Store - OpenSSL::X509::StoreContext [Bug #12381]
* Merge branch 'topic/ssl-verify-hostname'Kazuki Yamaguchi2016-07-287-70/+180
|\ | | | | | | | | | | | | * topic/ssl-verify-hostname: ssl: add verify_hostname option to SSLContext test/test_ssl: avoid SSLContext#set_params where not required Refactor common verify callback code
| * ssl: add verify_hostname option to SSLContexttopic/ssl-verify-hostnameKazuki Yamaguchi2016-07-234-5/+111
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a client sets this to true and enables SNI with SSLSocket#hostname=, the hostname verification on the server certificate is performed automatically during the handshake using OpenSSL::SSL.verify_certificate_identity(). Currently an user who wants to do the hostname verification needs to call SSLSocket#post_connection_check explicitly after the TLS connection is established. This commit also enables the option in SSLContext::DEFAULT_PARAMS. Applications using SSLContext#set_params may be affected by this. [GH ruby/openssl#8]
| * test/test_ssl: avoid SSLContext#set_params where not requiredKazuki Yamaguchi2016-07-231-19/+16
| | | | | | | | | | Set verify_mode to OpenSSL::SSL::VERIFY_PEER directly. They are tests for verify_callback so they don't need to use SSLContext#set_params.
| * Refactor common verify callback codeKazuki Yamaguchi2016-07-104-46/+53
| | | | | | | | | | | | | | | | | | | | There is a function ossl_verify_cb() that fetches the custom callback Proc from X509_STORE/X509_STORE_CTX and calls it, but it was not very useful for SSL code. It's only used in ossl_x509store.c and ossl_ssl.c so move X509::Store specific code to ossl_x509store.c. Also make struct ossl_verify_cb_args and ossl_call_verify_cb_proc() local to ossl.c.
* | Merge changes from Ruby trunk r55538..r55757Kazuki Yamaguchi2016-07-281-2/+2
|\ \ | | | | | | | | | | | | | | | | | | * ruby-trunk r55538..r55757: (1 commits) (r55757) test: use assert_include Sync-with-trunk: r55757
| * | test: use assert_includenobu2016-07-281-2/+2
|/ / | | | | | | git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55757 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* | Remove unnecessary usage of _() macroKazuki Yamaguchi2016-07-257-16/+16
| |
* | cipher: avoid -Wshorten-64-to-32 warning in ossl_cipher_update_long()Kazuki Yamaguchi2016-07-241-1/+1
| | | | | | | | Fixes c0548c94e499.
* | Merge branch 'topic/cipher-fixes'Kazuki Yamaguchi2016-07-242-23/+19
|\ \ | | | | | | | | | | | | | | | * topic/cipher-fixes: cipher: use lower-case cipher name in OpenSSL::Cipher::*.new cipher: fix handling huge data larger than INT_MAX bytes
| * | cipher: use lower-case cipher name in OpenSSL::Cipher::*.newtopic/cipher-fixesKazuki Yamaguchi2016-07-241-5/+3
| | | | | | | | | | | | AES-GCM ciphers don't have upper-case sn.
| * | cipher: fix handling huge data larger than INT_MAX bytesKazuki Yamaguchi2016-07-241-18/+16
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function ossl_cipher_update_long() was added to fix this in r48923 (ossl_cipher.c: workaround of OpenSSL API, 2014-12-23), but it didn't work well. [Bug #10633] This can be tested by running: $ fallocate -l 2G data.img $ ruby -ropenssl <<EOF cipher = OpenSSL::Cipher.new("aes-128-ecb").encrypt cipher.key = "\x00" * 16 ct = cipher.update(File.read("data.img")) << cipher.final p ct.bytesize EOF
* | Merge branch 'topic/ssl-check-pkey-private'Kazuki Yamaguchi2016-07-204-36/+36
|\ \ | | | | | | | | | | | | | | | | | | * topic/ssl-check-pkey-private: ssl: reject keys without private components ssl: remove unneeded instance variable x509 and key from SSL::SSLSocket pkey: remove unused things
| * | ssl: reject keys without private componentstopic/ssl-check-pkey-privateKazuki Yamaguchi2016-07-032-2/+22
| | | | | | | | | | | | | | | | | | | | | OpenSSL checks if the PKey's public key matches with the certificate, but does not check that the PKey contains the private components. As a result, OpenSSL does a NULL dereference while doing SSL/TLS negotiation. [Bug #8673]
| * | ssl: remove unneeded instance variable x509 and key from SSL::SSLSocketKazuki Yamaguchi2016-07-031-14/+12
| | | | | | | | | | | | | | | | | | They are only used to pass two objects across rb_protect(). So just remove them and use temporary array instead. Since they are not public attributes, this should be safe.
| * | pkey: remove unused thingsKazuki Yamaguchi2016-07-032-20/+2
| | | | | | | | | | | | | | | Make id_private_q local to ossl_pkey.c, and remove unused DupPrivPKeyPtr() function.
* | | Merge branch 'topic/cipher-iv-len'Kazuki Yamaguchi2016-07-204-3/+102
|\ \ \ | | | | | | | | | | | | | | | | * topic/cipher-iv-len: cipher: allow setting IV length when using AEAD ciphers
| * | | cipher: allow setting IV length when using AEAD cipherstopic/cipher-iv-lenKazuki Yamaguchi2016-07-094-3/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add OpenSSL::Cipher#iv_len=. For interoperability with other applications, it is sometimes required. Normally 'IV' is fixed-length, but in OpenSSL, some ciphers such as aes-128-gcm make use of it as 'nonce', which is variable-length. Changing the IV length in Cipher#iv= is also an option but I decided not to choose it. Because in Ruby <= 2.3 Cipher#iv= truncates the input when the length is longer than the current IV length, changing the behavior might cause unexpected encryption result. [Bug #8667] [Bug #10420] [GH ruby/ruby#569]
* | | | Suppress warnings in testsKazuki Yamaguchi2016-07-103-28/+28
| |_|/ |/| |
* | | Merge pull request #55 from rhenium/topic/pkey-read-pkey-errorKazuki Yamaguchi2016-07-105-5/+14
|\ \ \ | | | | | | | | Make PKey.read raise PKey::PKeyError rather than ArgumentError
| * | | pkey: make PKey.read raise PKey::PKeyError rather than ArgumentErrortopic/pkey-read-pkey-errorKazuki Yamaguchi2016-07-095-5/+14
| |/ / | | | | | | | | | | | | | | | | | | | | | PKey.read is a generic method to load an arbitrary PKey structure from a PEM or DER encoded String. Each PKey classes's constructor also can load from a String, but the behavior on error is different. While they raises its own exception (are subclasses of PKey::PKeyError), PKey.read raises ArgumentError. [Bug #11774]
* | | Merge pull request #57 from rhenium/topic/fix-doc-pkey-loadingKazuki Yamaguchi2016-07-101-0/+2
|\ \ \ | | | | | | | | Improve 'Loading a key' section of the documentation
| * | | Improve 'Loading a key' section of the documentationtopic/fix-doc-pkey-loadingKazuki Yamaguchi2016-07-031-0/+2
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | Show the return values of both PKey::RSA#public? and #private? for each two .pem files. The current example is not technically incorrect, but very confusing. This is based on the reports by Rob Nichols and Brett Goulder. [Bug #10115] [GH ruby/openssl#52]
* | | Deprecate constant OpenSSL::Digest::Digest and OpenSSL::Cipher::CipherKazuki Yamaguchi2016-07-094-17/+13
| | | | | | | | | | | | | | | | | | Mark OpenSSL::{Digest::Digest,Cipher::Cipher} as deprecated using Module#deprecate_constant. They have been deprecated for years in the documentation.
* | | Fix 'debug' taskKazuki Yamaguchi2016-07-091-1/+1
| | | | | | | | | | | | Load path needs to be passed.
* | | Merge branch 'topic/rdoc-fixes'Kazuki Yamaguchi2016-07-0933-105/+199
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | * topic/rdoc-fixes: Fix RDoc style Update .gitignore Add RDoc task to Rakefile
| * | | Fix RDoc styletopic/rdoc-fixesKazuki Yamaguchi2016-07-0930-97/+190
| | | |
| * | | Update .gitignoreKazuki Yamaguchi2016-07-091-8/+3
| | | | | | | | | | | | | | | | | | | | Ignore /html and /ext/openssl/extconf.h. Also remove impossible files - we currently don't use YARD or Bundler.
| * | | Add RDoc task to RakefileKazuki Yamaguchi2016-07-092-0/+6
| | | |
* | | | Merge branch 'topic/ocsp-basic-verify-bug'Kazuki Yamaguchi2016-07-092-32/+115
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | * topic/ocsp-basic-verify-bug: ocsp: add workaround for OCSP_basic_verify() bug ocsp: refactor tests
| * | | | ocsp: add workaround for OCSP_basic_verify() bugtopic/ocsp-basic-verify-bugKazuki Yamaguchi2016-07-082-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Older versions of OpenSSL have a bug that it doesn't use the certificates passed to OCSP_basic_verify() for verifying the chain. This can be a problem when the response is signed by a certificate issued by an intermediate CA. root_ca | intermediate_ca |-------------| end_entity ocsp_signer When the certificate hierarchy is like this, and the response contains only ocsp_signer certificate, the following code wrongly fails. store = OpenSSL::X509::Store.new; store.add_cert(root_ca) basic_response.verify([intermediate_ca], store) So duplicate the OCSP_BASICRESP and add the certificates to the embedded list first.
| * | | | ocsp: refactor testsKazuki Yamaguchi2016-07-081-32/+56
| |/ / / | | | | | | | | | | | | Make @cert an intermediate CA, add @cert2 that issued by @cert.
* | | | Merge branch 'topic/doc-ssl-sync-close'Kazuki Yamaguchi2016-07-092-0/+10
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | * topic/doc-ssl-sync-close: Document OpenSSL::SSL::SSLSocket#sync_close
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-10 00:20:38 +0000