| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | |
|
| |/ |
|
|\ \
| | |
| | | |
Fix a typo in ossl_engine.c
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SSLContext#setup encodes the protocol list set in @npn_protocols into a
String. The String is passed to SSL_CTX_set_next_protos_advertised_cb()
and OpenSSL invokes the callback function with the String. However since
Ruby's GC can't find the reference to the String from the inside of
OpenSSL, it can be free'd before the callback is invoked. So store the
String in an instance variable to prevent this.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GetBNPtr() accepts both OpenSSL::BN and Ruby integers. In the latter
case, it creates a temporary OpenSSL::BN internally. The OpenSSL::BN
object immediately disappears from the stack and is not protected from
GC.
Fixes: https://github.com/ruby/openssl/issues/87
|
|/
|
|
|
| |
EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define
ourselves if needed.
|
|
|
|
|
|
|
|
| |
Remove the comment added by commit 072d53ecf984 ("ssl: workaround for
new behavior of SSL_read() in OpenSSL >= 1.1.0c"). The breaking change
in OpenSSL 1.1.0c has been reverted in the 1.1.0 branch. However, for
the sake of safety, ensure that we never call rb_sys_fail() with
errno == 0. So there is no change in the actual code.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSLSocket#setup uses the frozen state as "SSL_CTX is already set up".
If an user manually freeze the context, it misunderstands as if #setup
is already called, leading to unexpected behaviors because parameters
the user set won't be actually set to the underlying SSL_CTX and thus
ignored.
Ideally, #setup should go and be replaced with setters. But we don't
do this now because it is not that simple: some of them would produce
new ordering issues, e.g. 'ca_file' property which loads a file into
SSL_CTX::cert_store and 'cert_store' which replaces SSL_CTX::cert_store
would conflict. Fixing this properly would require deprecating 'ca_file'
first.
So, let's take the second best way: make it "just work" instead of
break silently.
Fixes: https://github.com/ruby/openssl/issues/85
|
|
|
|
|
|
|
|
|
|
|
| |
rb_ary_new_from_args() is called from non-protected callback function
which will be directly called from OpenSSL. It may raise NoMemoryError
and may corrupt the internal state of SSL object. So, avoid creating
Array here and pass raw values to the protected function instead.
The same change has been applied to ALPN/NPN selection callbacks in
3a926047a729 ("ssl: catch exceptions raised in ALPN/NPN callbacks",
2016-08-30).
|
|
|
|
|
|
|
|
| |
We call SSL_shutdown() four times at most meaninglessly. Since the
underlying socket is in non-blocking mode, if the first call failed
because the underlying socket is not write/readable, the subsequent
calls would just fail with the same error. Just call once, and give up
if it fails.
|
|
|
|
|
|
| |
This prevents users from allocating OpenSSL::Engine instance using
OpenSSL::Engine.allocate. Undef'ing alloc function also allows us to
remove explicit undef of OpenSSL::Engine.new and #initialize_copy.
|
|
|
|
|
| |
Don't blindy assume that the value which can be modified from Ruby code
is always an Array, and just call its #each method.
|
|
|
|
|
|
| |
Delay allocation of EVP_MD_CTX until #initialize or #initialize_copy is
called. This fixes segfault that can occur if OpenSSL::Digest#name is
called before the actual initialization.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4880672a9b41 of OpenSSL[1] (which then was backported to 1.1.0
branch at 122580ef71e4) changed the bahavior of SSL_read(): it now
returns -1 in the case the underlying BIO reaches EOF unexpectedly. This
means, it is possible that rb_sys_fail() is called with errno == 0,
resulting in [BUG].
So, as a workaround, let's distinguish IO error from the underlying BIO
and EOF in violation of SSL/TLS protocol with the value of errno.
[1] https://git.openssl.org/?p=openssl.git;a=commit;h=4880672a9b41a09a0984b55e219f02a2de7ab75e
|
|\
| |
| |
| |
| | |
* topic/asn1-fix-oob-read-constructed:
asn1: fix out-of-bounds read in decoding constructed objects
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::ASN1.{decode,decode_all,traverse} have a bug of out-of-bounds
read. int_ossl_asn1_decode0_cons() does not give the correct available
length to ossl_asn1_decode() when decoding the inner components of a
constructed object. This can cause out-of-bounds read if a crafted input
given.
Reference: https://hackerone.com/reports/170316
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
* ruby-trunk r56225..r56492: (1 commits)
(r56492) [DOC] replace Fixnum with Integer [ci skip]
Sync-with-trunk: r56492
|
| |/
| |
| |
| |
| |
| | |
* numeric.c: [DOC] update document for Integer class.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| | |
Accordingly, unused functions ossl_x509stctx_new() and
ossl_x509stctx_clear_ptr() are now removed.
|
| |
| |
| |
| |
| | |
It defines the platform specific macros. But it should be included from
other OpenSSL headers.
|
| |
| |
| |
| |
| | |
And also remove alternative declaration of struct timeval. We don't
actually use struct timeval nor struct timespec anymore since r4660.
|
| |
| |
| |
| |
| | |
The Ruby core code uses assert.h without a guard. So, we can assume it
is always available.
|
| |
| |
| |
| |
| |
| |
| | |
As the comment suggests, ossl_ssl.c used to call read() and write() in
the past. However r6806 replaced them with method calls for the
underlying IO object. Anyway, unistd.h will be included by Ruby's
header files if available.
|
| |
| |
| |
| | |
It should be usable regardless of the platform.
|
| |
| |
| |
| |
| |
| |
| | |
Use ERR_peek_error() which does not remove the fetched error from the
queue instead, then clear the queue explicitly with the dedicated
function ossl_clear_error(). OpenSSL may put multiple error items to the
queue in one function call.
|
| |
| |
| |
| |
| |
| |
| | |
Avoid using ossl_exc_new() and rb_exc_raise() but just use ossl_raise().
This simplifies the code with the exactly same effect.
ossl_exc_new() is now removed as it is no longer used anywhere.
|
| |
| |
| |
| |
| |
| | |
The macro RFILE is defined in e_os.h, that is no longer an exported
header in OpenSSL >= 0.9.7. Since OpenSSL < 0.9.8 is not supported, we
can safely remove this.
|
| |
| |
| |
| |
| | |
Remove unnecessary macros defined for compatibility with Ruby < 1.9. We
won't support Ruby versions before 2.3.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Avoid RSTRING_LENINT() which may raise RangeError.
Since ossl_pem_passwd_cb() is supposed to be called from OpenSSL as a
callback, we must not do longjmp from it.
|
| |
| |
| |
| |
| |
| |
| | |
When a too long password is given as the PEM password, an exception with
the message "password must be shorter than 1024 bytes" is raised. But
this is not really accurate. The effective password actually can be up
to PEM_BUFSIZE (== 1024) bytes long.
|
| |
| |
| |
| |
| |
| | |
Print more error data in ossl_clear_error(). OpenSSL's error queue item
can additionally have an associated data. The data may contain helpful
information for debugging.
|
| |
| |
| |
| |
| |
| | |
The ownership of the EVP_PKEY object given as the argument is moved to
ossl_pkey_new(). So, the function must not raise an exception without
freeing it on failure.
|
| |
| |
| |
| |
| |
| | |
The function was added by e10f4de2aeec ("for compatibility with old
SSLSocket", 2001-11-16) and is no longer used since 902312feaae7
(2002-12-22).
|
| |
| |
| |
| |
| |
| | |
Fix a possible memory leak that happens when the given signature is too
long for int. Check that the signature length can be represented in int
before allocating EVP_MD_CTX.
|
| |
| |
| |
| | |
SSL_SESSION_get_{time,timeout}() return long, not time_t.
|
| |
| |
| |
| |
| |
| |
| | |
We are currently not checking the return value of EVP_{Sign,Verify}*()
functions, but of course, this is a bad habit. So do check. Calls for
EVP_{Sign,Verify}Init() are replaced by *_ex() functions as they does
not return error but just ignore.
|
| |
| |
| |
| |
| |
| |
| | |
We allocate too large buffer for the generated signature. The resulting
signature, or the RSA encryption result, should not be larger than the
size returned by EVP_PKEY_size() (or, DSA_size(), RSA_size(), and
ECDSA_size()).
|
|\ \
| | |
| | |
| | |
| | | |
* topic/pkey-ec-conversion-form:
pkey: allow specifying conversion form in EC::Point#to_bn
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, when we want to convert a point data into an octet string
with non-default conversion form, we have to set the desirable form to
the associated EC::Group beforehand. This is inconvenient and
counterintuitive because the conversion form is not actually related to
the EC group.
point = ...
point.group.point_conversion_form = :compressed
point.to_bn
So, allow specifying the form as an optional parameter, like this:
point = ...
point.to_bn(:compressed)
|
| | |
| | |
| | |
| | |
| | | |
Implement Cipher#authenticated? even when the OpenSSL version does not
support AEAD. It just returns false.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove a sentence "If not explicitly set, the OpenSSL default of an
all-zeroes ("\\0") IV is used." It actually works so, but not guranteed
by the OpenSSL API. At least I didn't find any formal documentation
saying so.
|
| | |
| | |
| | |
| | |
| | | |
Use ossl_membio2str() to convert a mem BIO to Ruby String. This fixes
possible memory leak on rb_str_new() failure, and also reduces code.
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
* topic/cipher-no-initialize-null-key:
cipher: don't set dummy encryption key in Cipher#initialize
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the encryption key initialization from Cipher#initialize. This
is effectively a revert of r32723 ("Avoid possible SEGV from AES
encryption/decryption", 2011-07-28).
r32723, which added the key initialization, was a workaround for
Ruby Bug #2768. For some certain ciphers, calling EVP_CipherUpdate()
before setting an encryption key caused segfault. It was not a problem
until OpenSSL implemented GCM mode - the encryption key could be
overridden by repeated calls of EVP_CipherInit_ex(). But, it is not the
case for AES-GCM ciphers. Setting a key, an IV, a key, in this order
causes the IV to be reset to an all-zero IV.
The problem of Bug #2768 persists on the current versions of OpenSSL.
So, make Cipher#update raise an exception if a key is not yet set by the
user. Since encrypting or decrypting without key does not make any
sense, this should not break existing applications.
Users can still call Cipher#key= and Cipher#iv= multiple times with
their own responsibility.
Reference: https://bugs.ruby-lang.org/issues/2768
Reference: https://bugs.ruby-lang.org/issues/8221
Reference: https://github.com/ruby/openssl/issues/49
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* ruby-trunk r56173..r56225: (1 commits)
(r56225) fid typos [ci skip]
Sync-with-trunk: r56225
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
* fix typos, "a" before "Integer" to "an". [Fix GH-1438]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56225 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Check existence of the public key in the PKey object before starting
verifying a signature.
For RSA keys, EVP_VerifyFinal() internally calls RSA_size(), which
requires the existence of RSA::n. Since we allow instatiating PKey::RSA
without any key materials, calling PKey#verify against an empty
PKey::RSA causes segfault.
Reference: https://bugs.ruby-lang.org/issues/12783
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove code relating DO_IT_VIA_RUBY. If DO_IT_VIA_RUBY is set to 1,
OpenSSL::ASN1.decode will decode ASN.1 INTEGER values into a Ruby's
Integer instead of OpenSSL::BN. However it would be too late to change
now. Anyway, if we change out mind, we will rewrite it to avoid
unnecessary conversions between BIGNUM.
|