| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a variant of PKey#sign and #verify that do not hash the data
automatically.
Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.
OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.
|
|
|
|
| |
The next release is decided to be 3.0 rather than 2.3.
|
|
|
|
|
| |
Support public key encryption and decryption operations using the EVP
API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use EVP_PKEY_print_private() instead of the low-level API *_print()
functions, such as RSA_print().
EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.
Note that it falls back to EVP_PKEY_print_public() and
EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
type for which _private() fails if the private component is not set in
the pkey object.
Since the new API works in the same way for all key types, we now
implement #to_text in the base class OpenSSL::PKey::PKey rather than in
each subclass.
|
|\
| |
| | |
pkey: use high level EVP interface to generate parameters and keys
|
| |
| |
| |
| |
| |
| | |
The previous series of commits re-implemented key generation with the
low level API with the EVP API. The BN_GENCB-based callback function is
no longer used.
|
| |
| |
| |
| |
| |
| | |
rb_thread_call_without_gvl() can be interrupted, but it may be able to
resume the operation. Call rb_thread_check_ints() to see if it raises
an exception or not.
|
| |
| |
| |
| |
| |
| | |
Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
specifying control strings for EVP_PKEY_CTX_ctrl_str().
|
| |
| |
| |
| |
| |
| | |
The routine to apply Hash to EVP_PKEY_CTX_ctrl_str() is currently used
by key generation, but it is useful for other operations too. Let's
change it to a slightly more generic name.
|
|/
|
|
|
|
| |
Fix potential leak of EVP_MD_CTX object in an error path. This path is
normally unreachable, since the size of a signature generated by any
supported algorithms would not be larger than LONG_MAX.
|
| |
|
|
|
|
|
|
| |
Explicitly check for type given some conflicting statements within openssl's
documentation around EVP_PKEY_cmp and EVP_PKEY_ASN1_METHOD(3).
Add documentation with an example for compare?
|
|\
| |
| | |
pkey: add more support for 'generic' pkey types
|
| |
| |
| |
| |
| |
| | |
Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive().
This is useful for pkey types that we don't have dedicated classes, such
as X25519.
|
| |
| |
| |
| |
| |
| | |
OpenSSL 1.1.1 added EVP_DigestSign() and EVP_DigestVerify() functions
to the interface. Some EVP_PKEY methods such as PureEdDSA algorithms
do not support the streaming mechanism and require us to use them.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use EVP_DigestSign*() and EVP_DigestVerify*() interface instead of the
old EVP_Sign*() and EVP_Verify*() functions. They were added in OpenSSL
1.0.0.
Also, allow the digest to be specified as nil, as certain EVP_PKEY types
don't expect a digest algorithm.
|
| |
| |
| |
| |
| | |
Add two methods to create a PKey using the generic EVP interface. This
is useful for the PKey types we don't have a dedicated class.
|
| |
| |
| |
| |
| |
| | |
The EVP interface cannot tell whether if a pkey contains the private
components or not. Assume it does if it does not respond to #private?.
This fixes the NoMethodError on calling #sign on a generic PKey.
|
| |
| |
| |
| |
| | |
Add ossl_pkey_export_traditional() and ossl_pkey_export_spki() helper
functions, and use them. This reduces code duplication.
|
| |
| |
| |
| |
| | |
Export the flow used by OpenSSL::PKey.read and let the subclasses call
it before attempting other formats.
|
| |
| |
| |
| |
| | |
Try PEM_read_bio_Parameters(). Only PEM format is supported at the
moment since corresponding d2i_* functions are not provided by OpenSSL.
|
|/
|
|
|
|
| |
ossl_{rsa,dsa,dh,ec}_new() called from this function are not used
anywhere else. Inline them into pkey_new0() and reduce code
duplication.
|
|
|
|
|
|
|
|
|
|
|
| |
Implement OpenSSL::PKey::PKey#oid as a wrapper around EVP_PKEY_id().
This allows user code to check the type of a PKey object.
EVP_PKEY can have a pkey type for which we do not provide a dedicated
subclass. In other words, an EVP_PKEY that is not any of {RSA,DSA,DH,EC}
can exist. It is currently not possible to distinguish such a pkey.
Also, implement PKey#inspect to include the key type for convenience.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL::PKey::PKey#private_to_der, #private_to_pem are added to the
generic PKey class. They serialize the private key to PKCS #8
{Encrypted,}PrivateKeyInfo format, in DER- and PEM- encoding,
respectively. For symmetry, also add #public_to_der and #public_to_pem
that serialize the public key into X.509 SubjectPublicKeyInfo format.
OpenSSL::PKey.read now reads DER-encoded PKCS #8 keys as well as the
"raw" private keys. PEM-encoded PKCS #8 keys have been already handled
by PEM_read_bio_PrivateKey().
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fix made in 6fcc6c0efc42 ("test/test_ssl: fix test failure with
TLS 1.3", 2018-08-06) is applied to the new test cases.
* maint-2.0:
reduce LibreSSL warnings
openssl_missing.h: constified
openssl: search winsock
search winsock libraries explicitly
no ID cache in Init functions
test/test_ssl: fix test failure with TLS 1.3
tool/ruby-openssl-docker: update to latest versions
pkey: resume key generation after interrupt
|
| |\
| | |
| | | |
pkey: resume key generation after interrupt [Bug #14882]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Key/parameter generation (OpenSSL::PKey::*.{new,generate}) immediately
aborts when it is done with GVL released (in other words, no block is
given) and the thread is interrupted (e.g., by a signal) during the
operation.
Have ossl_generate_cb_2() acquire GVL and call rb_thread_check_ints()
if needed to process the pending interrupt rather than abort the
operation completely by returning 0.
Reference: https://bugs.ruby-lang.org/issues/14882
|
| |/
| |
| |
| |
| |
| |
| | |
Init functions are called only once, cache is useless.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r62429
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
History.md: fix a typo
x509cert, x509crl, x509req, ns_spki: check sanity of public key
pkey: make pkey_check_public_key() non-static
test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
cipher: disallow setting AAD for non-AEAD ciphers
test/test_ssl_session: skip tests for session_remove_cb
appveyor.yml: remove 'openssl version' line
|
| |
| |
| |
| | |
Also make it take const pointer as it never modifies the pkey.
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint:
Ruby/OpenSSL 2.0.5
ssl: fix compile error with OpenSSL 1.0.0
ssl: remove unsupported TLS versions from SSLContext::METHODS
Add msys2 library dependency tag in gem metadata
ossl_pem_passwd_cb: handle nil from the block explicitly
ossl_pem_passwd_cb: do not check for taintedness
ossl_pem_passwd_cb: relax passphrase length constraint
appveyor.yml: test against Ruby 2.4
Rakefile: install_dependencies: install only when needed
bio: do not use the FILE BIO method in ossl_obj2bio()
bio: prevent possible GC issue in ossl_obj2bio()
test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prevent the new object created by StringValue() from being GCed.
Luckily, as none of the callers of ossl_obj2bio() reads from the
returned BIO after possible triggering GC, this has not been a real
problem.
As a bonus, ossl_protect_obj2bio() function which is no longer used
anywhere is removed.
|
| |
| |
| |
| |
| | |
Similar to the previous one for GetCipherPtr(), GetDigest() and
GetDigestPtr() have been completely different. Let's disambiguate them.
|
| |
| |
| |
| |
| |
| | |
They are no longer useful since we use the TypedData_Get_Struct() which
also performs type checking (based on the rb_data_type_t) for the
non-safe Get*() macros. Just use them instead.
|
| |
| |
| |
| |
| | |
Ruby core uses _str_ for emphasizing argument names and +str+ for codes.
Match with the rule for better rendering.
|
|/
|
|
|
|
|
|
|
|
| |
They are no longer receiving security updates from the OpenSSL
development team since 2015-12.
We have kept basic compatibility until now because RHEL 5 still uses an
(heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03,
thus it is now safe to assume nobody is still using such old versions of
OpenSSL.
|
|
|
|
|
|
|
|
|
|
| |
Fix 'unsupported key type' error if OpenSSL::SSL::SSLSocket#tmp_key is
called when X25519 is used for key exchange.
EVP_PKEY may have a key type that we don't have have a dedicated
subclass. Let's allow instantiating OpenSSL::PKey::PKey with such an
EVP_PKEY, although the resulting instance is not so useful because it
can't be exported at the moment.
|
|
|
|
|
|
| |
The ownership of the EVP_PKEY object given as the argument is moved to
ossl_pkey_new(). So, the function must not raise an exception without
freeing it on failure.
|
|
|
|
|
|
| |
The function was added by e10f4de2aeec ("for compatibility with old
SSLSocket", 2001-11-16) and is no longer used since 902312feaae7
(2002-12-22).
|
|
|
|
|
|
| |
Fix a possible memory leak that happens when the given signature is too
long for int. Check that the signature length can be represented in int
before allocating EVP_MD_CTX.
|
|
|
|
|
|
|
| |
We are currently not checking the return value of EVP_{Sign,Verify}*()
functions, but of course, this is a bad habit. So do check. Calls for
EVP_{Sign,Verify}Init() are replaced by *_ex() functions as they does
not return error but just ignore.
|
|
|
|
|
|
|
| |
We allocate too large buffer for the generated signature. The resulting
signature, or the RSA encryption result, should not be larger than the
size returned by EVP_PKEY_size() (or, DSA_size(), RSA_size(), and
ECDSA_size()).
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check existence of the public key in the PKey object before starting
verifying a signature.
For RSA keys, EVP_VerifyFinal() internally calls RSA_size(), which
requires the existence of RSA::n. Since we allow instatiating PKey::RSA
without any key materials, calling PKey#verify against an empty
PKey::RSA causes segfault.
Reference: https://bugs.ruby-lang.org/issues/12783
|
| |
|
|
|
|
|
| |
Similar to 0789643d7333 or 9af69abcec15, EVP_VerifyFinal() may put an
error to the error queue when the verification failed.
|
|\
| |
| |
| |
| |
| |
| | |
* topic/ssl-check-pkey-private:
ssl: reject keys without private components
ssl: remove unneeded instance variable x509 and key from SSL::SSLSocket
pkey: remove unused things
|
| |
| |
| |
| |
| | |
Make id_private_q local to ossl_pkey.c, and remove unused
DupPrivPKeyPtr() function.
|
|\ \
| | |
| | | |
Make PKey.read raise PKey::PKeyError rather than ArgumentError
|