| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Check existence of the public key in the PKey object before starting
verifying a signature.
For RSA keys, EVP_VerifyFinal() internally calls RSA_size(), which
requires the existence of RSA::n. Since we allow instatiating PKey::RSA
without any key materials, calling PKey#verify against an empty
PKey::RSA causes segfault.
Reference: https://bugs.ruby-lang.org/issues/12783
|
| | |
|
| |
|
|
|
|
|
| |
Reorder the assertions. The fix in f9c04779a84b was incomplete - setting
nil as the options is also affected by the Ubuntu's patch:
http://rubyci.s3.amazonaws.com/ubuntu/ruby-trunk/log/20160917T063002Z.fail.html.gz
|
| |
|
|
|
| |
The patch included in Ubuntu's libssl1.0.0 1.0.2g-1ubuntu4.3 package
forcibly adds SSL_OP_NO_SSLv3 option.
|
| |
|
|
|
|
|
|
|
| |
Only TestSSL#test_post_connect_check_with_anon_ciphers uses it. The
option just sets 'ADH-AES256-GCM-SHA384' as the available cipher suites
and set the security level of the context to 0 - both can be achieved
using ctx_proc option of start_server. And we don't have to stick to the
cipher suite 'ADH-AES256-GCM-SHA384' so specify 'aNULL' instead. This
allows removing the cipher suite existence check.
|
| |
|
|
|
|
|
| |
test_servername_cb{,_sets_context_on_the_socket,_can_return_nil,
_calls_setup_on_returned_ctx} and test_tlsext_hostname are highly
overlapping. So unify them into a single test_tlsext_hostname. The test
coverage does not change.
|
| |
|
|
|
| |
Move a test case of SSLSocket#gets to test_pair.rb, and remove test
cases from test_ssl.rb which duplicate the tests in test_pair.rb
|
| |
|
|
|
|
| |
test_pair.rb is the file for tests of IO-like methods - the test cases
in OpenSSL::TestPairM run twice with different underlying socket type.
test_ssl.rb is more appropriate file for {EC,}DH tests.
|
| |
|
|
|
|
| |
Unify test cases for SSLContext#options. Also add an assertion to
test_sslctx_set_params for OP_NO_COMPRESSION and
OP_DONT_INSERT_EMPTY_FRAGMENTS.
|
| |
|
|
| |
Add an explicit test case for them.
|
| |
|
|
|
| |
Move it to TestSSL#test_starttls using the server_proc option of
start_server, as it is the only user of the 'STARTTLS' code.
|
| |
|
|
|
|
|
|
|
| |
Convert the two mandatory parameters, verify_mode and start_immediately,
into keyword arguments with a default value.
The verify_mode parameter is only useful for client certificate
authentication. So most test cases sets to OpenSSL::SSL::VERIFY_NONE.
Also the start_immediately option is usually set to true.
|
| |
|
|
|
|
|
|
|
|
| |
It's possible that a PKCS #12 strucuture holds zero private keys. At
such a time PKCS12_parse() returns NULL as the private key. Likewise,
when the strucuture does not contain the corresponding certificate to
the private key, PKCS12_parse() returns NULL as the certificate.
Reported and fix suggested by Masahiro Tomita <tommy@tmtm.org>.
[ruby-dev:49776] [Bug #12726]
|
| |
|
|
|
|
|
|
|
| |
's2.connect' can block indefinitely depending on the version of OpenSSL.
Since the point of the test case is to check the failure path on ALPN
protocol selection callback, that is called on the server side, just
avoid blocking with SSLSocket#connect_nonblock on the client side. The
callback is called just after receiving the Client Hello so calling
SSLSocket#connect_nonblock once should be sufficient.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They aren't exception safe - they are called during parsing the
Client/Server Hello from OpenSSL code. An exception raised in the
callbacks escapes directly from OpenSSL code so it can break internal
status of OpenSSL.
We have a procedure for handling such exceptions raised during an
handshake: catch them and store the state number in the SSLSocket
object, and then check it in ossl_ssl_start() and re-raise after the
control turned back to our side.
This fixes the instability of
TestSSL::test_alpn_protocol_selection_cancel.
|
| |
|
|
| |
It can make use of ssl_pair. This allows removing 6 secs sleep.
|
| |
|
|
|
|
|
| |
The assumption in commit 1b1d520818e0 ("x509ext: fix memory leak in
X509::ExtensionFactory#config=") was wrong. The uninitialized
X509V3_CTX::db can be referred through "r2i" functions when creating
certain types of extension that use them.
|
| |
|
|
|
| |
It was not implemented in a good way - for example it doesn't compile on
Windows and causes 'rake compile' to fail... So remove for now.
|
| |\
| |
| |
| |
| | |
* topic/cipher-auth-tag-len:
cipher: add Cipher#auth_tag_len=
|
| | |
| |
| |
| |
| |
| | |
Add a method to set the authentication tag length to be generate by an
AEAD ciphers. In particular, OCB mode which is implemented in OpenSSL
1.1.0 requires this.
|
| | | |
|
| | |
| |
| |
| | |
Reference: https://rt.openssl.org/Ticket/Display.html?id=2560
|
| | |
| |
| |
| | |
Remove unnecessary or duplicate assertions, and merge test cases.
|
| | |
| |
| |
| |
| | |
The removed assertions are wrong and testing a bug - the verification
must fail because OpenSSL shouldn't find the signer's certificate.
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
* topic/fixup-tests:
test: remove unused methods
test/test_ssl: fix failure on Windows
|
| | | |
| | |
| | |
| | | |
They are imported from Ruby tree but unused in this tree.
|
| | | |
| | |
| | |
| | |
| | | |
Due to the difference in error handling, the error raised by
SSLSocket#connect may differ.
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* topic/fixup-tests:
test: refactor PKey::PKey#{sign,verify} tests
test: rework PEM/DER encoding and decoding tests
test/test_pkey_ec: stop iterating all curves
test/test_pkey_dh: refine OpenSSL::PKey::DH::DEFAULT_* tests
|
| | | |
| | |
| | |
| | |
| | | |
RSA, DSA and EC should work in the same way, so extract to a new file,
test/test_pkey.rb.
|
| | | |
| | |
| | |
| | |
| | | |
Check that PKey::*.new actually read the ASN.1 structure, and
PKey::PKey#to_der and #export return the expected structure.
|
| | | |
| | |
| | |
| | |
| | | |
It takes much time. All curves should work in the same way so we don't
need it. Also improve test coverage.
|
| | | |
| | |
| | |
| | |
| | | |
Just comparing parameters does not make sense. Test that they have a
safe prime 'p' with appropriate length.
|
| |/ / |
|
| |\ \
| | |
| | |
| | |
| | | |
* topic/ssl-contiditional-explicit-ciphersuites:
ssl: conditionally set explicit cipher suite list
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't set in SSLContext#set_params when built with OpenSSL 1.1.0 or
newer.
The list was added as a workaround to exclude known weak cipher suites
([Bug #9424]). In OpenSSL <= 1.0.2, the default list (DEFAULT) included
even cipher suites using MD5. Now, OpenSSL 1.1.0 has better DEFAULT. So
make SSLContext#set_params just use it.
Here is the diff between our current explicit list and DEFAULT of
OpenSSL 1.1.0-pre6 (with sorted):
$ list_ruby=$(openssl ciphers -v $(ruby -ropenssl -e'puts OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]') | sort)
$ list_default=$(openssl ciphers -v 'DEAFULT:!PSK:!SRP' | sort)
$ diff <(echo "$list_ruby") <(echo "$list_default")
7,12c7
< DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
< DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
< DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
< DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
< DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
< DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
---
> DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
18a14,15
> DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
> DHE-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
24a22,23
> ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
> ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
30a30,31
> ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
> ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
|
| | |
| |
| |
| |
| | |
It takes some time. Memory leaks should be now caught by running
`MDEBUG=1 rake test`. So just remove it.
|
| | |
| |
| |
| | |
ASN1_OBJECT returned by OBJ_txt2obj() must be free'd.
|
| | |
| |
| |
| |
| | |
When the OpenSSL is compiled with crypto-mdebug, and the environment
variable MDEBUG is set, print found memory leaks on exit.
|
| |/
|
|
|
|
| |
It adds OpenSSL.print_mem_leaks method, that prints the memory leaks
recorded by OpenSSL. This useful to find memory leaks originating in our
bugs.
|
| |
|
|
| |
The message may change depending on the value of OpenSSL.debug.
|
| |
|
|
|
| |
Fixes cad3226a06a1 (openssl: adapt to OpenSSL 1.1.0 opaque structs,
2016-06-05).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSL_write(3ssl) manpage has this in the WARNINGS section:
When calling SSL_write() with num=0 bytes to be sent the
behaviour is undefined.
And indeed, the new test case demonstrates failures when
empty strings are used. So, match the behavior of IO#write,
IO#write_nonblock, and IO#syswrite by returning zero, as the
OpenSSL::SSL::SSLSocket API already closely mimics the IO one.
* ext/openssl/ossl_ssl.c (ossl_ssl_write_internal):
avoid undefined behavior
* test/openssl/test_pair.rb (test_write_zero): new test
[ruby-core:76751] [Bug #12660]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
|
|
|
| |
Ruby's assert_raise doesn't allow the expected exception to be an
instance of an exception.
|
| |
|
|
| |
It is already removed in Ruby tree at r48399.
|
| |
|
|
|
|
|
|
|
|
| |
We currently always pass 20 random bytes generated by RAND_bytes(). It
is fine when generating parameters <= 1024 bits, because OpenSSL
requires a seed with the same length as the prime q, which is 160 bits.
FIPS 186-3 allowed the parameters to be >= 2048 bits. For them, OpenSSL
generates a 256 bits long q. We can pass 32 bytes long random bytes
instead, but the function is able to generate on its own. So just give
NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement initialize_copy for:
- OpenSSL::PKCS12
- OpenSSL::SSL::SSLSession
- OpenSSL::X509::Attribute
- OpenSSL::X509::Extension
- OpenSSL::X509::Name
- OpenSSL::X509::Revoked
Remove initialize_copy from:
- OpenSSL::SSL::SSLContext
- OpenSSL::SSL::SSLSocket
- OpenSSL::Engine
- OpenSSL::X509::Store
- OpenSSL::X509::StoreContext
[Bug #12381]
|
| |\
| |
| |
| |
| |
| |
| | |
* topic/ssl-verify-hostname:
ssl: add verify_hostname option to SSLContext
test/test_ssl: avoid SSLContext#set_params where not required
Refactor common verify callback code
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If a client sets this to true and enables SNI with SSLSocket#hostname=,
the hostname verification on the server certificate is performed
automatically during the handshake using
OpenSSL::SSL.verify_certificate_identity().
Currently an user who wants to do the hostname verification needs to
call SSLSocket#post_connection_check explicitly after the TLS connection
is established.
This commit also enables the option in SSLContext::DEFAULT_PARAMS.
Applications using SSLContext#set_params may be affected by this.
[GH ruby/openssl#8]
|
| | |
| |
| |
| |
| | |
Set verify_mode to OpenSSL::SSL::VERIFY_PEER directly. They are tests
for verify_callback so they don't need to use SSLContext#set_params.
|
