| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
We ran into some Linux-based systems not accepting the upper case variant
|
| |\
| |
| | |
Allow specifying the data length for CCM mode
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow specifying just length to #update
CCM mode ciphers need to specify the total plaintext or ciphertext
length to EVP_CipherUpdate.
Update the link to the tests file
Define Cipher#ccm_data_len= for CCM mode ciphers
Add a unit test for CCM mode
Also check CCM is authenticated when testing
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
| |
This makes it obvious you have made a mistake if you call key= and
then encrypt or decrypt. Calling encrypt or decrypt without an
argument automatically sets the key to NULL, in which case the
key_set ivar should be changed from false to true given if had
been set before calling encrypt or decrypt.
Fixes Ruby Bug 8720.
|
| |
|
|
|
| |
This will help users pick stronger ciphers if they aren't educated about
encryption gotchas.
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint-2.0:
Ruby/OpenSSL 2.0.8
test/test_ssl_session: set client protocol version explicitly
test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
extconf.rb: fix build with LibreSSL 2.7.0
cipher: validate iterations argument for Cipher#pkcs5_keyivgen
test/utils: disable Thread's report_on_exception in start_server
|
| | |
| |
| |
| |
| |
| |
| | |
EVP_BytesToKey() internally converts the iteration count given as an
"int" into an "unsigned int". Calling that with a negative integer will
result in a hang. This is surprising, so let's validate the value by
ourselves and raise ArgumentError as necessary.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
History.md: fix a typo
x509cert, x509crl, x509req, ns_spki: check sanity of public key
pkey: make pkey_check_public_key() non-static
test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
cipher: disallow setting AAD for non-AEAD ciphers
test/test_ssl_session: skip tests for session_remove_cb
appveyor.yml: remove 'openssl version' line
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
EVP_CipherUpdate() must not be call with the output parameter set to
NULL when the cipher does not support AEAD. Check the flag of
EVP_CIPHER, and raise an exception as necessary.
Reference: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/83337
Reference: https://bugs.ruby-lang.org/issues/14024
|
| | |
| |
| |
| | |
Thanks rhenium for the code review and fixes.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also restores 'if defined?(OpenSSL)-end' wrapping the test code.
They have been removed erroneously by commit 4eb4b3297a92 ("Remove
support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
* maint:
test/test_ssl: explicitly accept TLS 1.1 in corresponding test
ssl: remove useless call to rb_thread_wait_fd()
test/test_pair, test/test_ssl: fix for TLS 1.3
test/test_ssl_session: rearrange tests
test/test_ssl: move test_multibyte_read_write to test_pair
test/test_ssl: remove test_invalid_shutdown_by_gc
test/utils: do not use DSA certificates in SSL tests
test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
test/utils: improve error handling in start_server
test/utils: let server_loop close socket
test/utils: do not set ecdh_curves in start_server
test/utils: have start_server yield only the port number
test/utils: add SSLTestCase#tls12_supported?
test/utils: remove OpenSSL::TestUtils.silent
test: fix formatting
Rakefile: let sync:to_ruby know about test/openssl/fixtures
cipher: update the documentation for Cipher#auth_tag=
Backport "Merge branch 'topic/test-memory-leak'" to maint
ssl: do not call session_remove_cb during GC
|
| | |
| |
| |
| |
| |
| |
| | |
The authentication tag can be set after starting the decryption, if
only it is before Cipher#final is called.
Fixes: https://github.com/ruby/openssl/issues/74
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.4
History.md: add entries for 2.0.1-2.0.3
History.md: wrap at 80 characters
extconf.rb: simplify searching libraries logic
Search SSL libraries by testing various filename patterns
openssl: fix broken openssl check
openssl: fix broken openssl check
x509store: clear error queue after calling X509_LOOKUP_load_file()
tool/sync-with-trunk: 'LASY' -> 'LAST'
Update .travis.yml and Dockerfile
test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
Fix documentation for OpenSSL::Cipher#final
Fix typos
ssl: check return value of SSL_set_fd()
test/test_ssl: fix typo in test_sysread_and_syswrite
Fix typos
test/test_pkey_ec: do not use dummy 0 order
|
| | |
| |
| |
| |
| | |
"after after having fed the entire plaintext..." is changed to
"after having fed the entire plaintext..."
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Similar to the previous one for GetCipherPtr(), GetDigest() and
GetDigestPtr() have been completely different. Let's disambiguate them.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
While GetCipherPtr() function gets a const EVP_CIPHER * from algorithm
name, GetCipher() macro that is locally defined in
ext/openssl/ossl_cipher.c gets the EVP_CIPHER_CTX from an
OpenSSL::Cipher object. They are completely different things. Rename
GetCipherPtr() for disambiguation.
|
| | |
| |
| |
| |
| |
| | |
They are no longer useful since we use the TypedData_Get_Struct() which
also performs type checking (based on the rb_data_type_t) for the
non-safe Get*() macros. Just use them instead.
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
* topic/expand-ruby-missing-h:
Expand FPTR_TO_FD() macro
Expand rb_define_copy_func() macro
|
| | |/
| |
| |
| |
| | |
It's not really "missing". Let's expand that, as it does not improve the
readability so much.
|
| | |
| |
| |
| |
| | |
Ruby core uses _str_ for emphasizing argument names and +str+ for codes.
Match with the rule for better rendering.
|
| |/
|
|
|
|
|
|
|
|
| |
They are no longer receiving security updates from the OpenSSL
development team since 2015-12.
We have kept basic compatibility until now because RHEL 5 still uses an
(heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03,
thus it is now safe to assume nobody is still using such old versions of
OpenSSL.
|
| |
|
|
|
| |
Implement Cipher#authenticated? even when the OpenSSL version does not
support AEAD. It just returns false.
|
| |
|
|
|
|
|
| |
Remove a sentence "If not explicitly set, the OpenSSL default of an
all-zeroes ("\\0") IV is used." It actually works so, but not guranteed
by the OpenSSL API. At least I didn't find any formal documentation
saying so.
|
| |\
| |
| |
| |
| | |
* topic/cipher-no-initialize-null-key:
cipher: don't set dummy encryption key in Cipher#initialize
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove the encryption key initialization from Cipher#initialize. This
is effectively a revert of r32723 ("Avoid possible SEGV from AES
encryption/decryption", 2011-07-28).
r32723, which added the key initialization, was a workaround for
Ruby Bug #2768. For some certain ciphers, calling EVP_CipherUpdate()
before setting an encryption key caused segfault. It was not a problem
until OpenSSL implemented GCM mode - the encryption key could be
overridden by repeated calls of EVP_CipherInit_ex(). But, it is not the
case for AES-GCM ciphers. Setting a key, an IV, a key, in this order
causes the IV to be reset to an all-zero IV.
The problem of Bug #2768 persists on the current versions of OpenSSL.
So, make Cipher#update raise an exception if a key is not yet set by the
user. Since encrypting or decrypting without key does not make any
sense, this should not break existing applications.
Users can still call Cipher#key= and Cipher#iv= multiple times with
their own responsibility.
Reference: https://bugs.ruby-lang.org/issues/2768
Reference: https://bugs.ruby-lang.org/issues/8221
Reference: https://github.com/ruby/openssl/issues/49
|
| |/
|
|
|
|
| |
* fix typos, "a" before "Integer" to "an". [Fix GH-1438]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56225 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |\
| |
| |
| |
| | |
* topic/cipher-auth-tag-len:
cipher: add Cipher#auth_tag_len=
|
| | |
| |
| |
| |
| |
| | |
Add a method to set the authentication tag length to be generate by an
AEAD ciphers. In particular, OCB mode which is implemented in OpenSSL
1.1.0 requires this.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The function GetCipherPtr() is used when we want a const EVP_CIPHER that
represents a cipher algorithm. This change allows users to write a code
that exports a PKey encrypted without creating an OpenSSL::Cipher
instance:
pkey = OpenSSL::PKey.read(...)
pkey.export("aes-128-cbc") { password }
This is the same as what happened to GetDigestPtr() in r12128.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Add some explaination about the associated data. Also fix the
description of the AES-GCM example: the IV (nonce) doesn't need to be
unpredictable.
|
| |/
|
|
|
| |
Add a note about GCM mode - warn of the risk of reusing nonce and
authentication tag truncation. [GH ruby/openssl#63]
|
| |
|
|
| |
Fixes c0548c94e499.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function ossl_cipher_update_long() was added to fix this in r48923
(ossl_cipher.c: workaround of OpenSSL API, 2014-12-23), but it didn't
work well. [Bug #10633]
This can be tested by running:
$ fallocate -l 2G data.img
$ ruby -ropenssl <<EOF
cipher = OpenSSL::Cipher.new("aes-128-ecb").encrypt
cipher.key = "\x00" * 16
ct = cipher.update(File.read("data.img")) << cipher.final
p ct.bytesize
EOF
|
| |\
| |
| |
| |
| | |
* topic/cipher-iv-len:
cipher: allow setting IV length when using AEAD ciphers
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add OpenSSL::Cipher#iv_len=. For interoperability with other
applications, it is sometimes required. Normally 'IV' is fixed-length,
but in OpenSSL, some ciphers such as aes-128-gcm make use of it as
'nonce', which is variable-length.
Changing the IV length in Cipher#iv= is also an option but I decided not
to choose it. Because in Ruby <= 2.3 Cipher#iv= truncates the input when
the length is longer than the current IV length, changing the behavior
might cause unexpected encryption result.
[Bug #8667] [Bug #10420] [GH ruby/ruby#569]
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_cipher.c (ossl_cipher_get_auth_tag,
ossl_cipher_set_auth_tag): Check if the cipher flags retrieved by
EVP_CIPHER_CTX_flags() includes EVP_CIPH_FLAG_AEAD_CIPHER to see if
the cipher supports AEAD. AES-GCM was the only supported in OpenSSL
1.0.1.
(Init_ossl_cipher): Fix doc; OpenSSL::Cipher::AES.new(128, :GCM) can't
work.
* ext/openssl/openssl_missing.h: Define EVP_CTRL_AEAD_{GET,SET}_TAG if
missing. They are added in OpenSSL 1.1.0, and have the same value as
EVP_CTRL_GCM_{GET,SET}_TAG and EVP_CTRL_CCM_{GET,SET}_TAG.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
|
|
|
|
|
| |
* ext/openssl/ossl_cipher.c (ossl_cipher_free): Use EVP_CIPHER_CTX_free()
to free EVP_CIPHER_CTX allocated by EVP_CIPHER_CTX_new().
[ruby-core:75225] [Feature #12324]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/extconf.rb: Check existence of accessor functions that
don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its
structures opaque and requires use of these accessor functions.
[ruby-core:75225] [Feature #12324]
* ext/openssl/openssl_missing.[ch]: Implement them if missing.
* ext/openssl/ossl*.c: Use these accessor functions.
* test/openssl/test_hmac.rb: Add missing test for HMAC#reset.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55287 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
|
|
|
| |
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_cipher.c (ossl_cipher_set_key, ossl_cipher_set_iv):
Reject too long values as well as too short ones. Currently they
just truncate the input but this would hide bugs and lead to
unexpected encryption/decryption results.
* test/openssl/test_cipher.rb: Test that Cipher#key= and #iv= reject
Strings with invalid length.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ext/openssl/ossl_asn1.c, ext/openssl/ossl_bn.c,
ext/openssl/ossl_cipher.c, ext/openssl/ossl_digest.c
ext/openssl/ossl_engine.c, ext/openssl/ossl_ns_spki.c
ext/openssl/ossl_pkcs12.c, ext/openssl/ossl_pkcs7.c
ext/openssl/ossl_pkey.c, ext/openssl/ossl_pkey_ec.c
ext/openssl/ossl_rand.c, ext/openssl/ossl_ssl.c
ext/openssl/ossl_x509attr.c, ext/openssl/ossl_x509cert.c
ext/openssl/ossl_x509ext.c, ext/openssl/ossl_x509store.c: Use
StringValueCStr() where NUL-terminated string is expected.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
|
| | |
|
| | |
|
