| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=>
could return 0 when the two objects aren't identical.
Reported by Tyler Eckstein. CVE-2018-16395.
Reference: https://hackerone.com/reports/387250
|
| |
|
|
|
|
|
| |
Clients that implement TLS 1.3's Middlebox Compatibility Mode will
always provide a non-empty session ID in the ClientHello. This means
the "get" callback for the server-side session caching may be called
for the initial connection.
|
| |
|
|
| |
OpenSSL 1.1.1 raised the minimum size for RSA keys to 512 bits.
|
| |
|
|
|
|
|
| |
EVP_BytesToKey() internally converts the iteration count given as an
"int" into an "unsigned int". Calling that with a negative integer will
result in a hang. This is surprising, so let's validate the value by
ourselves and raise ArgumentError as necessary.
|
| |
|
|
|
|
|
|
|
| |
Those threads can purposefully raise exceptions when they call 'pend'.
The report_on_exception feature can be safely disabled in this case
since we use assert_join_threads that captures all exceptions raised.
This is necessary to suppress warnings on Ruby 2.5, which enables the
report_on_exception feature by default.
|
| |
|
|
|
|
| |
A follow-up to commit bb10767b0570 ("cipher: disallow setting AAD for
non-AEAD ciphers", 2017-10-18). Cipher#auth_data= raises
NotImplementedError if built with OpenSSL < 1.0.1.
|
| |
|
|
|
|
|
|
|
| |
EVP_CipherUpdate() must not be call with the output parameter set to
NULL when the cipher does not support AEAD. Check the flag of
EVP_CIPHER, and raise an exception as necessary.
Reference: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/83337
Reference: https://bugs.ruby-lang.org/issues/14024
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In OpenSSL < 1.1.0, the session_remove_cb callback is called inside the
global lock for CRYPTO_LOCK_SSL_CTX which is shared across the entire
process, not just for the specific SSL_CTX object. It is possible that
the callback releases GVL while the lock for CRYPTO_LOCK_SSL_CTX is
held, causing another thread calling an OpenSSL function that tries to
acquire the same lock stuck forever.
Add a note about the possible deadlock to the docs for
SSLContext#session_remove_cb=, and skip the relevant test cases unless
the OSSL_TEST_ALL environment variable is set to 1.
A deadlock due to this issue is observed:
http://ci.rvm.jp/results/trunk-test@frontier/104428
|
| |\
| |
| | |
ssl: prevent SSLSocket#sysread* from leaking uninitialized data
|
| | |
| |
| |
| |
| |
| | |
Set the length of the buffer string to 0 first, and adjust to the size
successfully read by the SSL_read() call later. This is needed because
the buffer string may be provided by the caller.
|
| | |
| |
| |
| |
| | |
The sleep was to ensure that the SSLSocket#read_nonblock will get
close_notify alert. A simple IO.select will suffice.
|
| | |
| |
| |
| |
| |
| |
| | |
Skip test_openssl_engine_cipher_rc4 which will fail without RC4 support.
It may be disabled by 'no-rc4' configure option of the OpenSSL library.
Reference: https://github.com/ruby/openssl/issues/154
|
| |/
|
|
|
|
|
| |
Use ignore_stderr option of assert_separately instead of $stderr.reopen
which may not work if the OpenSSL library uses a different stdio.
Reference: https://github.com/ruby/openssl/issues/154
|
| |
|
|
|
|
| |
Similar to the previous one, LibreSSL 2.6.1 has relevant functions such
as SSL_CTX_set_next_proto_select_cb(), but they are broken and do
nothing.
|
| |
|
|
|
| |
LibreSSL 2.6.1 has SSL_CTX_set_tmp_ecdh_callback() function, but it does
not work.
|
| |
|
|
|
|
|
| |
The test cases added by commit 8ed81ff4b0a8 ("test/test_pair: fix
test_write_nonblock{,_no_exceptions}", 2017-09-04) can consume much
memory and time if the OpenSSL supports SSL/TLS compression. Disable it
explicitly.
|
| |
|
|
| |
Suppress "using default DH parameters" message.
|
| |
|
|
|
|
|
|
|
|
| |
* include/ruby/ruby.h (ST2FIX): fix unnormalized Fixnum value bug
on mingw/mswin. [ruby-core:82687] [Bug #13877]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59765 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
[ky: add ST2FIX() definition to ext/openssl/ruby_missing.h, and adapt
the test case to the 2.0 branch.]
Sync-with-trunk: r59765
|
| |
|
|
|
|
|
|
|
| |
When the previous SSLSocket#write_nonblock call does not finish writing
the complete contents, SSL_shutdown() which is called through
SSLSocket#close will not send a close_notify alert.
As of commit e3a305063675 ssl_pair no longer uses the sync_close
feature. Do not expect that SSL_read() would get ECONNRESET.
|
| |
|
|
|
|
| |
OpenSSL in Debian sid has recently disabled TLS < 1.2 by default, so in
order to test that TLS 1.1 works, we need to explicitly make our test
client accept it.
|
| |
|
|
| |
Fix test cases failing with TLS 1.3-enabled OpenSSL master.
|
| |
|
|
|
| |
Use TLS 1.2 explicitly where needed, since TLS 1.3 will remove session
ID based session resumption.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The very patch that added this test case made the dfree function not
send close_notify alert when an SSLSocket is being GCed.
Anyway, the new OSSL_GC_STRESS option added by 6ee4b285036e ("test: run
test cases under GC.stress if OSSL_GC_STRESS is specified", 2016-12-04)
will cover this kind of issues.
|
| |
|
|
|
|
| |
LibreSSL 2.6.1 removed DSA support from its SSL code. Also, TLS 1.3 will
not support DSA certificates. Use an RSA certificate as the client
certificate in the tests, too.
|
| |
|
|
|
|
| |
Add methods that check whether the running OpenSSL is an OpenSSL or a
LibreSSL, and optionally check whether the version is newer or equal to
the given version number.
|
| |
|
|
|
|
| |
start_server can hang if the given block exits before closing sockets
that the block opens. While this is a carelessness of the caller, we
can do a better job.
|
| |
|
|
|
| |
Close the socket by server_loop rather than by server_proc. This reduces
code duplication.
|
| |
|
|
|
|
|
|
|
| |
An assumption in OpenSSL::TestSSL#test_get_ephemeral_key is that the
ephemeral key type is always EVP_PKEY_EC when negotiated with an ECDHE
cipher suite. This is not true if X25519 is chosen.
The test is passing because we happen to fix the group to P-256 in
start_server, but let's make it explicit.
|
| |
|
|
|
|
|
| |
The block passed to start_server is invoked with two arguments, the
running thread object for the server and the automatically-selected port
number. The first argument is completely useless and actually is not
used anywhere.
|
| |
|
|
|
| |
Add a method that returns whether the OpenSSL supports TLS 1.2 or not.
This will be useful for test cases that are specific to TLS ~1.2.
|
| |
|
|
|
| |
Use EnvUtil.suppress_warning instead. We have started to use it already,
and the name 'suppress_warning' expresses what it does more clearly.
|
| |
|
|
|
|
| |
Fix wrong nesting in test/utils.rb. Remove unnecessary requires. Wrap
the code with 'if defined?(OpenSSL::TestUtils) ~ end' and avoid class
definition with modifier if.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* topic/test-memory-leak:
Enable OSSL_MDEBUG on CI builds
Add OpenSSL.print_mem_leaks
test: prepare test PKey instances on demand
test: let OpenSSL::TestCase include OpenSSL::TestUtils
Don't define main() when built with --enable-debug
(cherry picked from commit 5c586acc387834ab4e09260937dc21064fc59de4)
Note that fix for new test cases that use the old constants removed by
this is squashed in.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check for all version-specific SSL methods. We do check for existence of
TLSv1_1_method() and TLSv1_2_method(), but not for TLSv1_method(). This
fixes compile error when OpenSSL is configured with no-tls1-method.
Also check the OPENSSL_NO_TLS{1,1_1,1_2} macros for whether OpenSSL
supports the corresponding versions or not. This prevents :TLSv1 from
being in SSLContext::METHODS when OpenSSL is compiled with no-tls1.
In particular, Debian sid has disabled TLS 1.0/1.1 support recently.
The changes in ext/openssl are partial backport of 4eb4b3297a92 ("Remove
support for OpenSSL 0.9.8 and 1.0.0", 2016-11-30).
|
| |
|
|
|
|
|
|
|
|
|
| |
There is code that returns nil in the passphrase block on purpose (to
prevent OpenSSL from prompting on stdin):
OpenSSL::PKey.read(File.read("file.pem")) { nil }
This is working just by chance because the TypeError from StringValue()
is silently ignored. Let's short circuit in that case and save raising
a needless exception, as this pattern has become too common.
|
| |
|
|
|
|
| |
The minimum passphrase length of 4 bytes is only a limitation of
PEM_def_callback() which isn't relevant here. Commit f38501249f33
introduced this bug.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Read everything from an IO object into a String first and use the
memory buffer BIO method just as we do for String inputs.
For MSVC builds, the FILE BIO method uses the "UPLINK" interface that
requires the application to provide OPENSSL_Applink() function. For us,
the "application" means ruby.exe, in which we can't do anything. As a
workaround, avoid using the FILE BIO method at all.
Usually private keys or X.509 certificates aren't that large and the
temporarily increased memory usage hopefully won't be an issue.
Fixes: https://github.com/ruby/openssl/issues/128
|
| |
|
|
|
|
| |
Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT.
Fixes: https://github.com/ruby/openssl/issues/127
|
| |
|
|
|
|
|
|
|
|
|
| |
X509_LOOKUP_load_file(), which ends up calling X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: https://bugs.ruby-lang.org/issues/11033
|
| |\
| |
| |
| |
| | |
* topic/test-ssl-fix-typo:
test/test_ssl: fix typo in test_sysread_and_syswrite
|
| | |
| |
| |
| |
| | |
The test case for second argument of OpenSSL::SSL::SSLSocket#sysread is
not testing the behavior correctly because of a typo.
|
| |/
|
|
|
|
|
| |
X509_STORE_add_{cert,crl}() will no longer fail with 'cert already in
hash table' if they are called twice, since the (unreleased) next
version of OpenSSL. Don't test that if we are built with OpenSSL >=
1.1.0.
|
| | |
|
| |
|
|
|
|
|
| |
Ubuntu trusty's OpenSSL package 1.0.1f-1ubuntu2.22 has backported an
OpenSSL commit f54be179aa4c that makes EC_GROUP_set_generator() call
BN_MONT_CTX_set() which can segfault if an invalid value (== 0) is
given. Avoid it.
|
| |
|
|
|
|
|
|
| |
Commit 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()",
2016-09-08) incorrectly inverted the result. Fix it, and add a test
case for this.
Fixes: 34e7fe34ee32 ("Use rb_obj_class() instead of CLASS_OF()")
|
| |
|
|
| |
Import mu_pp method from Ruby trunk.
|
| | |
|
| |\
| |
| | |
asn1: handle GENERALIZEDTIME without seconds
|
| | | |
|
