| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL::Cipher#update currently allocates the output buffer with size
(input data length)+(the block size of the cipher). This is insufficient
for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers.
They have a block size of 8 bytes, but the output may be up to 15 bytes
larger than the input.
Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output
buffer size, instead. OpenSSL doesn't provide a generic way to tell the
maximum required buffer size for ciphers, but this is large enough for
all algorithms implemented in current versions of OpenSSL.
Fixes: https://bugs.ruby-lang.org/issues/20236
|
| |
|
|
|
|
|
|
|
|
| |
[ This is a backport to the 3.0 branch. ]
LibreSSL 3.4 added EVP_DigestSign() and EVP_DigestVerify(). Use them
when available to prepare for the addition of Ed25519 support in
LibreSSL 3.7.
(cherry picked from commit 475b2bf766d6093370e49abd5dce5436cc0034ca)
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* maint-2.2:
Ruby/OpenSSL 2.2.3
ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs
ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5
Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3
pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINT
raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
[ This is a backport to the 2.2 branch to fix build with LibreSSL. ]
OpenSSL 3.0 fixed the typo in the function name and replaced the
current 'CTS' version with a macro.
(cherry picked from commit 2be6779b08161a084a1a5d2758de21a913740b94)
|
| | |
| |
| |
| |
| |
| |
| | |
The workaround is not needed on LibreSSL 3.5. LibreSSL 3.5 at the same
time made the structure opaque, so it does not compile.
This is a patch to the 2.2 branch; the code no longer exists in v3.0.
|
| | |\
| | |
| | | |
raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true
|
| | | | |
|
| | |/ |
|
| | |
| |
| |
| |
| |
| | |
[ This is a backport to the 3.0 branch. ]
(cherry picked from commit e25fb0d0d86da5a9398ebdc9216b2ea89f80fa3d)
|
| | |
| |
| |
| |
| |
| | |
[ This is a backport to the 3.0 branch. ]
(cherry picked from commit b02815271fcc295cb8b07ef740684b88a10f2760)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1
and 3.0 so that it no longer validates the private key. Instead, private
keys can be validated through EVP_PKEY_private_check and
EVP_PKEY_pairwise_check.
[ky: simplified condition to use either EVP_PKEY_check() or
EVP_PKEY_public_check().]
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
* maint-2.2:
Ruby/OpenSSL 2.2.2
Ruby/OpenSSL 2.1.4
Make GitHub Actions happy on 2.1/2.2 branches
test/openssl/test_cipher: skip AES-CCM tests on OpenSSL <= 1.1.1b
ignore pkgconfig when any openssl option is specified
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | | |
* maint-2.1:
Ruby/OpenSSL 2.1.4
Make GitHub Actions happy on 2.1/2.2 branches
ignore pkgconfig when any openssl option is specified
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
pkey/ec: check existence of public key component before exporting
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
i2d_PUBKEY_bio() against an EC_KEY without the public key component
trggers a null dereference.
This is a regression introduced by commit 56f0d34d63fb ("pkey:
refactor #export/#to_pem and #to_der", 2017-06-14).
Fixes https://github.com/ruby/openssl/pull/527#issuecomment-1220504524
Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1221554057
|
| |\ \ \ \
| | | | |
| | | | | |
pkey: restore support for decoding "openssl ecparam -genkey" output
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Scan through the input for a private key, then fallback to generic
decoder.
OpenSSL 3.0's OSSL_DECODER supports encoded key parameters. The PEM
header "-----BEGIN EC PARAMETERS-----" is used by one of such encoding
formats. While this is useful for OpenSSL::PKey::PKey, an edge case has
been discovered.
The openssl CLI command line "openssl ecparam -genkey" prints two PEM
blocks in a row, one for EC parameters and another for the private key.
Feeding the whole output into OSSL_DECODER results in only the first PEM
block, the key parameters, being decoded. Previously, ruby/openssl did
not support decoding key parameters and it would decode the private key
PEM block instead.
While the new behavior is technically correct, "openssl ecparam -genkey"
is so widely used that ruby/openssl does not want to break existing
applications.
Fixes https://github.com/ruby/openssl/pull/535
|
| | |/ / /
| | | |
| | | |
| | | | |
Fix potential error queue leak.
|
| |\ \ \ \
| | | | |
| | | | | |
x509*: fix error queue leak in #extensions= and #attributes= methods
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
X509at_delete_attr() in OpenSSL master puts an error queue entry if
there is no attribute left to delete. We must either clear the error
queue, or try not to call it when the list is already empty.
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Current OpenSSL 3.0.x release has a regression with zero-length MAC
keys. While this issue should be fixed in a future release of OpenSSL,
we can use EVP_PKEY_new_raw_private_key() in place of the problematic
EVP_PKEY_new_mac_key() to avoid the issue. OpenSSL 3.0's man page
recommends using it regardless:
> EVP_PKEY_new_mac_key() works in the same way as
> EVP_PKEY_new_raw_private_key(). New applications should use
> EVP_PKEY_new_raw_private_key() instead.
Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1224912710
|
| |/ / /
| | |
| | |
| | | |
causes SEGV if it is an Array or something like that.
|
| | | |
| | |
| | |
| | |
| | | |
Replace EVP_PKEY_CTX_new_id() with the new EVP_PKEY_CTX_new_from_name()
which takes the algorithm name in a string instead of in an NID.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL 3.0's EVP_PKEY_get0() returns NULL for provider-backed pkeys.
This causes segfault because it was supposed to never return NULL
before.
We can't check the existence of public key components in this way on
OpenSSL 3.0. Let's just skip it for now.
|
| | | |
| | |
| | |
| | |
| | | |
Add all SSL_OP_* constants defined in OpenSSL 3.0.0 which are not
specific to DTLS.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The entire ENGINE API is deprecated in OpenSSL 3.0 in favor of the new
"Provider" concept.
OpenSSL::Engine will not be defined when compiled with OpenSSL 3.0.
We would need a way to interact with providers from Ruby programs, but
since the concept is completely different from the ENGINE API, it will
not be through the current OpenSSL::Engine interface.
|
| | | |
| | |
| | |
| | |
| | | |
According to the manpage, the "siglen" parameter must be initialized
beforehand.
|
| |\ \ \
| | | |
| | | | |
pkey: deprecate PKey::*#set_* and PKey::{DH,EC}#generate_key!
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const
pointer of the low level struct and the following methods can no longer
be provided when linked against OpenSSL 3.0:
- OpenSSL::PKey::RSA#set_key
- OpenSSL::PKey::RSA#set_factors
- OpenSSL::PKey::RSA#set_crt_params
- OpenSSL::PKey::DSA#set_pqg
- OpenSSL::PKey::DSA#set_key
- OpenSSL::PKey::DH#set_pqg
- OpenSSL::PKey::DH#set_key
- OpenSSL::PKey::EC#group=
- OpenSSL::PKey::EC#private_key=
- OpenSSL::PKey::EC#public_key=
There is no direct replacement for this functionality at the moment.
I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes
all key components at once to construct an EVP_PKEY.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL::PKey::DH#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.
|
| |\ \ \ \
| | | | |
| | | | | |
pkey: allocate EVP_PKEY on #initialize
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We can use it to implement OpenSSL::PKey::PKey#initialize_copy. This
should work on all key types, not just DH/DSA/EC/RSA types.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Allocate an EVP_PKEY when the content is ready: when #initialize
or #initialize_copy is called, rather than when a T_DATA is allocated.
This is more natural because the lower level API has been deprecated
and an EVP_PKEY is becoming the minimum unit of handling keys.
|
| | |/ / /
| | | |
| | | |
| | | |
| | | | |
Passing NULL to ossl_pkey_new() makes no sense in the first place, and
in fact it is ensured not to be NULL in all cases.
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenSSL 3.0 has rewritten routines to load pkeys (PEM_read_bio_* and
d2i_* functions) around the newly introduced OSSL_DECODER API.
This comes with a slight behavior change. They now decrypt and parse
each encountered PEM block, then check the kind of the block. This used
to be the reverse: they checked the PEM header to see the kind, and then
decrypted the content. This means that the password callback may now be
called repeatedly.
Let's use the OSSL_DECODER API directly on OpenSSL 3.0 so that the
return value from the password callback will be reused automatically.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
ssl: disallow reading/writing to unstarted SSL socket
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL::SSL::SSLSocket allowed #read and #write to be called before an
SSL/TLS handshake is completed. They passed unencrypted data to the
underlying socket.
This behavior is very odd to have in this library. A verbose mode
warning "SSL session is not started yet" was emitted whenever this
happened. It also didn't behave well with OpenSSL::Buffering. Let's
just get rid of it.
Fixes: https://github.com/ruby/openssl/issues/9
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add docs for X509::Name.parse_openssl and X509::Name.parse_rfc2253,
which are currently undocumented despite being widely used.
Small changes are also made to #to_s and the class description to
recommend using RFC 2253-based methods.
Fixes: https://github.com/ruby/openssl/issues/470
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Now that BN.pseudo_rand{,_range} are alias, those macros are only used
once. Let's expand the macros for better readability.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
BN_pseudo_rand() and BN_pseudo_rand_range() are deprecated in
OpenSSL 3.0. Since they are identical to their non-'pseudo' version
anyway, let's make them alias.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL 3.0 renamed EVP_PKEY_cmp() to EVP_PKEY_eq() because that was a
confusing name.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
EC_GROUP_clear_free() is deprecated in OpenSSL 3.0.
EC_GROUP does not include any sensitive data, so we can safely use
EC_GROUP_free() instead.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It converts the internal representation of the point object to the
affine coordinate system. However, it had no real use case because the
difference in the internal representation has not been visible from
Ruby/OpenSSL at all.
EC_POINT_make_affine() is marked as deprecated in OpenSSL 3.0.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenSSL 3.0 renamed EVP_MD_CTX_pkey_ctx() to include "get" in the
function name. Adjust compatibility macro so that we can use the new
function name for all OpenSSL 1.0.2-3.0.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The function was renamed in OpenSSL 3.0 due to the change of the
lifetime of EVP_MD objects. They are no longer necessarily statically
allocated and can be reference-counted -- when an EVP_MD_CTX is free'd,
the associated EVP_MD can also become inaccessible.
Currently Ruby/OpenSSL only handles builtin algorithms, so no special
handling is needed except for adapting to the rename.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
In OpenSSL 3.0, BN_is_prime_ex() and BN_is_prime_fasttest_ex() are
deprecated in favor of BN_check_prime().
|
