ruby-openssl.git - rhe's working repository

	Commit message (Collapse)	Author	Age	Files	Lines
*	test: prepare test PKey instances on demand	Kazuki Yamaguchi	2017-01-17	1	-30/+32
\| \| \| \| \| \|	Preparing for the introduction of the memory leak checker. Do not leave OpenSSL objects in constants that wouldn't be GCed in order to avoid false positives.
*	Remove support for OpenSSL 0.9.8 and 1.0.0topic/drop-openssl-098-and-100	Kazuki Yamaguchi	2016-12-22	1	-5/+0
\| \| \| \| \| \| \| \| \| \|	They are no longer receiving security updates from the OpenSSL development team since 2015-12. We have kept basic compatibility until now because RHEL 5 still uses an (heavily modified) OpenSSL 0.9.8e. The RHEL 5 will reach EOL on 2017-03, thus it is now safe to assume nobody is still using such old versions of OpenSSL.
*	test/test_pkey_*: refine sign/verify teststopic/test-static-test-vector	Kazuki Yamaguchi	2016-10-16	1	-0/+20
\| \| \| \| \| \| \| \|	20a88ace0778 ("test: refactor PKey::PKey#{sign,verify} tests", 2016-07-07) was not a good idea in the sense of readability. So, let's revert it. Also, static test vectors generated by BouncyCastle are added to ensure #verify correctly accept valid signatures and reject invalid signatures.
*	test: refactor PKey::PKey#{sign,verify} tests	Kazuki Yamaguchi	2016-08-18	1	-33/+0
\| \| \| \| \|	RSA, DSA and EC should work in the same way, so extract to a new file, test/test_pkey.rb.
*	test: rework PEM/DER encoding and decoding tests	Kazuki Yamaguchi	2016-08-18	1	-143/+100
\| \| \| \| \|	Check that PKey::*.new actually read the ASN.1 structure, and PKey::PKey#to_der and #export return the expected structure.
*	pkey: don't pass a seed to DSA_generate_parameters_ex()	Kazuki Yamaguchi	2016-08-07	1	-0/+5
\| \| \| \| \| \| \| \| \| \|	We currently always pass 20 random bytes generated by RAND_bytes(). It is fine when generating parameters <= 1024 bits, because OpenSSL requires a seed with the same length as the prime q, which is 160 bits. FIPS 186-3 allowed the parameters to be >= 2048 bits. For them, OpenSSL generates a 256 bits long q. We can pass 32 bytes long random bytes instead, but the function is able to generate on its own. So just give NULL.
*	pkey: make PKey.read raise PKey::PKeyError rather than ArgumentErrortopic/pkey-read-pkey-error	Kazuki Yamaguchi	2016-07-09	1	-1/+1
\| \| \| \| \| \| \| \|	PKey.read is a generic method to load an arbitrary PKey structure from a PEM or DER encoded String. Each PKey classes's constructor also can load from a String, but the behavior on error is different. While they raises its own exception (are subclasses of PKey::PKeyError), PKey.read raises ArgumentError. [Bug #11774]
*	openssl: implement initialize_copy method for PKey classes	rhe	2016-06-19	1	-0/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement initialize_copy method for OpenSSL::PKey::. [ruby-core:75504] [Bug #12381] test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they actually copy the OpenSSL objects, and modifications to cloned object don't affect the original object. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
*	openssl: adjust tests for OpenSSL 1.1.0	rhe	2016-06-09	1	-3/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This fixes `make test-all TESTS=openssl` with OpenSSL master. * test/openssl/test_x509name.rb: Don't register OID for 'emailAddress' and 'serialNumber'. A recent change in OpenSSL made OBJ_create() reject an already existing OID. They were needed to run tests with OpenSSL 0.9.6 which is now unsupported. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25 [ruby-core:75225] [Feature #12324] * test/openssl/test_ssl_session.rb (test_server_session): Duplicate SSL::Session before re-adding to the session store. OpenSSL 1.1.0 starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session(). https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75 * test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519 is new in OpenSSL 1.1.0 but this is for key agreement and not for signing. * test/openssl/test_pair.rb, test/openssl/test_ssl.rb, test/openssl/utils.rb: Set security level to 0 when using aNULL cipher suites. * test/openssl/utils.rb: Use 1024 bits DSA key for client certificates. * test/openssl/test_engine.rb: Run each test in separate process. We can no longer cleanup engines explicitly as ENGINE_cleanup() was removed. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743 * ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the RDoc for Engine.cleanup. * ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS, DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed. * test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb, test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't test unsupported hash functions. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
*	openssl: improve handling of password for encrypted PEM	rhe	2016-05-31	1	-0/+12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the argument to String with StringValue() and validate the length is in 4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers. (ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we used to pass the password to PEM_def_callback() directly but it was problematic. It is not NUL character safe. And surprisingly, it silently truncates the password to 1024 bytes. [GH ruby/openssl#51] * ext/openssl/ossl.h: Add function prototype declaration of newly added ossl_pem_passwd_value(). * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use ossl_pem_passwd_value() to validate the password String. * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export): ditto. * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize, ossl_ec_key_to_string): ditto. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export): ditto. * test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
*	openssl: clear OpenSSL error queue before return to Ruby	rhe	2016-05-31	1	-11/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
*	Sync trunk	Zachary Scott	2016-02-02	1	-0/+1
\|
*	Sync tests with trunk	Zachary Scott	2015-01-06	1	-1/+1
\|
*	import ruby trunk	SHIBATA Hiroshi	2014-10-27	1	-0/+240