| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
There is code that returns nil in the passphrase block on purpose (to
prevent OpenSSL from prompting on stdin):
OpenSSL::PKey.read(File.read("file.pem")) { nil }
This is working just by chance because the TypeError from StringValue()
is silently ignored. Let's short circuit in that case and save raising
a needless exception, as this pattern has become too common.
|
|
|
|
|
|
| |
The minimum passphrase length of 4 bytes is only a limitation of
PEM_def_callback() which isn't relevant here. Commit f38501249f33
introduced this bug.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Read everything from an IO object into a String first and use the
memory buffer BIO method just as we do for String inputs.
For MSVC builds, the FILE BIO method uses the "UPLINK" interface that
requires the application to provide OPENSSL_Applink() function. For us,
the "application" means ruby.exe, in which we can't do anything. As a
workaround, avoid using the FILE BIO method at all.
Usually private keys or X.509 certificates aren't that large and the
temporarily increased memory usage hopefully won't be an issue.
Fixes: https://github.com/ruby/openssl/issues/128
|
|
|
|
|
|
| |
Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT.
Fixes: https://github.com/ruby/openssl/issues/127
|
|
|
|
|
|
|
|
|
|
|
| |
X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: https://bugs.ruby-lang.org/issues/11033
|
|\
| |
| |
| |
| | |
* topic/test-ssl-fix-typo:
test/test_ssl: fix typo in test_sysread_and_syswrite
|
| |
| |
| |
| |
| | |
The test case for second argument of OpenSSL::SSL::SSLSocket#sysread is
not testing the behavior correctly because of a typo.
|
|/
|
|
|
|
|
| |
X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in
hash table' if they are called twice, since the (unreleased) next
version of OpenSSL. Don't test that if we are built with OpenSSL >=
1.1.0.
|
| |
|
|
|
|
|
|
|
| |
Ubuntu trusty's OpenSSL package 1.0.1f-1ubuntu2.22 has backported an
OpenSSL commit f54be179aa4c that makes EC_GROUP_set_generator() call
BN_MONT_CTX_set() which can segfault if an invalid value (== 0) is
given. Avoid it.
|
|
|
|
|
|
|
|
| |
Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()",
2016-09-08) incorrectly inverted the result. Fix it, and add a test
case for this.
Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
|
|
|
|
| |
Import mu_pp method from Ruby trunk.
|
| |
|
|\
| |
| | |
asn1: handle GENERALIZEDTIME without seconds
|
| | |
|
| |
| |
| |
| |
| | |
This would have caught some of GC issues like one reported at
[ruby/openssl#87].
|
| |
| |
| |
| |
| |
| |
| | |
Write 4099-bytes blocks instead of 11-bytes blocks to run it faster. The
buffer may be as large as megabytes and it takes too much time to fill
up, especially under GC.stress. I didn't measured but it didn't finish
in an hour.
|
| |
| |
| |
| |
| |
| | |
Just like we already do for 'teardown' method, though we don't have
OpenSSL::TestCase#setup yet. This will be useful when we want to inject
GC.stress = true.
|
|/
|
|
|
|
|
|
|
| |
Set the authentication tag before the AAD when decrypting.
Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext
in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in
OpenSSL 1.0.1d), the authentication tag must be set before any calls of
EVP_CipherUpdate().
|
|\
| |
| |
| |
| |
| |
| |
| | |
* ruby-trunk r56492..r56927: (2 commits)
(r56927) parse.y: ambiguous parentheses
(r56578) openssl/ut_eof.rb: rename TestEOF
Sync-with-trunk: r56927
|
| |
| |
| |
| |
| |
| |
| | |
* test/openssl/ut_eof.rb (OpenSSL::TestEOF): move TestEOF module
under OpenSSL to get rid of conflict with test/ruby/ut_eof.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56578 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the fragile test cases that are sensitive to the difference between
Time.now.to_i and time(2).
When issuing test certificates, we are typically setting the current
time fetched by Time.now to the notBefore field. Time.now uses
clock_gettime(2) with CLOCK_REALTIME. On the other hand, OpenSSL uses
time(2) in its certificate verification code. On Linux/x86-64, time(2)
is implemented not to return the adjusted 'current time' like Time.now,
but to return the wall clock seconds at the last tick. This results in
that time(2) called later may return an earlier time, causing the
certificate verification to fail with 'certificate is not yet valid'
error.
So, create test certificates with notBefore<Time.now to avoid this.
Since it's awful to do "Time.now - 1" everywhere, make the notBefore and
notAfter fields optional with defaults with margin.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SSLSocket#setup uses the frozen state as "SSL_CTX is already set up".
If an user manually freeze the context, it misunderstands as if #setup
is already called, leading to unexpected behaviors because parameters
the user set won't be actually set to the underlying SSL_CTX and thus
ignored.
Ideally, #setup should go and be replaced with setters. But we don't
do this now because it is not that simple: some of them would produce
new ordering issues, e.g. 'ca_file' property which loads a file into
SSL_CTX::cert_store and 'cert_store' which replaces SSL_CTX::cert_store
would conflict. Fixing this properly would require deprecating 'ca_file'
first.
So, let's take the second best way: make it "just work" instead of
break silently.
Fixes: https://github.com/ruby/openssl/issues/85
|
| |
| |
| |
| |
| |
| | |
This prevents users from allocating OpenSSL::Engine instance using
OpenSSL::Engine.allocate. Undef'ing alloc function also allows us to
remove explicit undef of OpenSSL::Engine.new and #initialize_copy.
|
|\ \
| |/
|/|
| |
| | |
* topic/asn1-fix-oob-read-constructed:
asn1: fix out-of-bounds read in decoding constructed objects
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::ASN1.{decode,decode_all,traverse} have a bug of out-of-bounds
read. int_ossl_asn1_decode0_cons() does not give the correct available
length to ossl_asn1_decode() when decoding the inner components of a
constructed object. This can cause out-of-bounds read if a crafted input
given.
Reference: https://hackerone.com/reports/170316
|
| |
| |
| |
| |
| |
| |
| | |
It was added as a workaround for "bad write retry" error that occurs
when SSLSocket#write_nonblock is retried with a different String. This
is now fixed by r54466 ("openssl: accept moving write buffer for
write_nonblock", 2016-03-31).
|
|\ \
| | |
| | |
| | |
| | | |
* topic/test-static-test-vector:
test/test_pkey_*: refine sign/verify tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
20a88ace0778 ("test: refactor PKey::PKey#{sign,verify} tests",
2016-07-07) was not a good idea in the sense of readability. So, let's
revert it. Also, static test vectors generated by BouncyCastle are added
to ensure #verify correctly accept valid signatures and reject invalid
signatures.
|
|\| |
| | |
| | |
| | |
| | |
| | | |
* topic/test-static-test-vector:
test/test_hmac: use static test vectors
test/test_cipher: use static test vectors
|
| | |
| | |
| | |
| | |
| | | |
Ensure that OpenSSL::HMAC works as expected by comparing the result with
known correct test vectors.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Compare the result with static test vectors rather than just testing
that the encryption result can be decrypted. The current test cases
wouldn't catch failure if both the encryption and decryption routines
are broken.
Test vectors are taken from external sources as noted in the comments.
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
* topic/pkey-ec-conversion-form:
pkey: allow specifying conversion form in EC::Point#to_bn
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, when we want to convert a point data into an octet string
with non-default conversion form, we have to set the desirable form to
the associated EC::Group beforehand. This is inconvenient and
counterintuitive because the conversion form is not actually related to
the EC group.
point = ...
point.group.point_conversion_form = :compressed
point.to_bn
So, allow specifying the form as an optional parameter, like this:
point = ...
point.to_bn(:compressed)
|
| | |
| | |
| | |
| | |
| | | |
Implement Cipher#authenticated? even when the OpenSSL version does not
support AEAD. It just returns false.
|
| | |
| | |
| | |
| | |
| | | |
Compare with pre-calculated string literals rather than the output of
Digest::MD5 (ext/digest).
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
* topic/cipher-no-initialize-null-key:
cipher: don't set dummy encryption key in Cipher#initialize
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the encryption key initialization from Cipher#initialize. This
is effectively a revert of r32723 ("Avoid possible SEGV from AES
encryption/decryption", 2011-07-28).
r32723, which added the key initialization, was a workaround for
Ruby Bug #2768. For some certain ciphers, calling EVP_CipherUpdate()
before setting an encryption key caused segfault. It was not a problem
until OpenSSL implemented GCM mode - the encryption key could be
overridden by repeated calls of EVP_CipherInit_ex(). But, it is not the
case for AES-GCM ciphers. Setting a key, an IV, a key, in this order
causes the IV to be reset to an all-zero IV.
The problem of Bug #2768 persists on the current versions of OpenSSL.
So, make Cipher#update raise an exception if a key is not yet set by the
user. Since encrypting or decrypting without key does not make any
sense, this should not break existing applications.
Users can still call Cipher#key= and Cipher#iv= multiple times with
their own responsibility.
Reference: https://bugs.ruby-lang.org/issues/2768
Reference: https://bugs.ruby-lang.org/issues/8221
Reference: https://github.com/ruby/openssl/issues/49
|
| | |
| | |
| | |
| | |
| | | |
Add parentheses around regexp literals to suppress "ambiguous first
argument; put parentheses or a space even after `/' operator" warning.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Check existence of the public key in the PKey object before starting
verifying a signature.
For RSA keys, EVP_VerifyFinal() internally calls RSA_size(), which
requires the existence of RSA::n. Since we allow instatiating PKey::RSA
without any key materials, calling PKey#verify against an empty
PKey::RSA causes segfault.
Reference: https://bugs.ruby-lang.org/issues/12783
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| | |
Reorder the assertions. The fix in f9c04779a84b was incomplete - setting
nil as the options is also affected by the Ubuntu's patch:
http://rubyci.s3.amazonaws.com/ubuntu/ruby-trunk/log/20160917T063002Z.fail.html.gz
|
|/
|
|
|
| |
The patch included in Ubuntu's libssl1.0.0 1.0.2g-1ubuntu4.3 package
forcibly adds SSL_OP_NO_SSLv3 option.
|
|
|
|
|
|
|
|
|
| |
Only TestSSL#test_post_connect_check_with_anon_ciphers uses it. The
option just sets 'ADH-AES256-GCM-SHA384' as the available cipher suites
and set the security level of the context to 0 - both can be achieved
using ctx_proc option of start_server. And we don't have to stick to the
cipher suite 'ADH-AES256-GCM-SHA384' so specify 'aNULL' instead. This
allows removing the cipher suite existence check.
|
|
|
|
|
|
|
| |
test_servername_cb{,_sets_context_on_the_socket,_can_return_nil,
_calls_setup_on_returned_ctx} and test_tlsext_hostname are highly
overlapping. So unify them into a single test_tlsext_hostname. The test
coverage does not change.
|
|
|
|
|
| |
Move a test case of SSLSocket#gets to test_pair.rb, and remove test
cases from test_ssl.rb which duplicate the tests in test_pair.rb
|
|
|
|
|
|
| |
test_pair.rb is the file for tests of IO-like methods - the test cases
in OpenSSL::TestPairM run twice with different underlying socket type.
test_ssl.rb is more appropriate file for {EC,}DH tests.
|
|
|
|
|
|
| |
Unify test cases for SSLContext#options. Also add an assertion to
test_sslctx_set_params for OP_NO_COMPRESSION and
OP_DONT_INSERT_EMPTY_FRAGMENTS.
|
|
|
|
| |
Add an explicit test case for them.
|
|
|
|
|
| |
Move it to TestSSL#test_starttls using the server_proc option of
start_server, as it is the only user of the 'STARTTLS' code.
|