| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\
| |
| | |
asn1: handle GENERALIZEDTIME without seconds
|
| | |
|
| |
| |
| |
| |
| | |
This would have caught some of GC issues like one reported at
[ruby/openssl#87].
|
| |
| |
| |
| |
| |
| |
| | |
Write 4099-bytes blocks instead of 11-bytes blocks to run it faster. The
buffer may be as large as megabytes and it takes too much time to fill
up, especially under GC.stress. I didn't measured but it didn't finish
in an hour.
|
| |
| |
| |
| |
| |
| | |
Just like we already do for 'teardown' method, though we don't have
OpenSSL::TestCase#setup yet. This will be useful when we want to inject
GC.stress = true.
|
|/
|
|
|
|
|
|
|
| |
Set the authentication tag before the AAD when decrypting.
Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext
in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in
OpenSSL 1.0.1d), the authentication tag must be set before any calls of
EVP_CipherUpdate().
|
|\
| |
| |
| |
| |
| |
| |
| | |
* ruby-trunk r56492..r56927: (2 commits)
(r56927) parse.y: ambiguous parentheses
(r56578) openssl/ut_eof.rb: rename TestEOF
Sync-with-trunk: r56927
|
| |
| |
| |
| |
| |
| |
| | |
* test/openssl/ut_eof.rb (OpenSSL::TestEOF): move TestEOF module
under OpenSSL to get rid of conflict with test/ruby/ut_eof.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56578 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the fragile test cases that are sensitive to the difference between
Time.now.to_i and time(2).
When issuing test certificates, we are typically setting the current
time fetched by Time.now to the notBefore field. Time.now uses
clock_gettime(2) with CLOCK_REALTIME. On the other hand, OpenSSL uses
time(2) in its certificate verification code. On Linux/x86-64, time(2)
is implemented not to return the adjusted 'current time' like Time.now,
but to return the wall clock seconds at the last tick. This results in
that time(2) called later may return an earlier time, causing the
certificate verification to fail with 'certificate is not yet valid'
error.
So, create test certificates with notBefore<Time.now to avoid this.
Since it's awful to do "Time.now - 1" everywhere, make the notBefore and
notAfter fields optional with defaults with margin.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SSLSocket#setup uses the frozen state as "SSL_CTX is already set up".
If an user manually freeze the context, it misunderstands as if #setup
is already called, leading to unexpected behaviors because parameters
the user set won't be actually set to the underlying SSL_CTX and thus
ignored.
Ideally, #setup should go and be replaced with setters. But we don't
do this now because it is not that simple: some of them would produce
new ordering issues, e.g. 'ca_file' property which loads a file into
SSL_CTX::cert_store and 'cert_store' which replaces SSL_CTX::cert_store
would conflict. Fixing this properly would require deprecating 'ca_file'
first.
So, let's take the second best way: make it "just work" instead of
break silently.
Fixes: https://github.com/ruby/openssl/issues/85
|
| |
| |
| |
| |
| |
| | |
This prevents users from allocating OpenSSL::Engine instance using
OpenSSL::Engine.allocate. Undef'ing alloc function also allows us to
remove explicit undef of OpenSSL::Engine.new and #initialize_copy.
|
|\ \
| |/
|/|
| |
| | |
* topic/asn1-fix-oob-read-constructed:
asn1: fix out-of-bounds read in decoding constructed objects
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::ASN1.{decode,decode_all,traverse} have a bug of out-of-bounds
read. int_ossl_asn1_decode0_cons() does not give the correct available
length to ossl_asn1_decode() when decoding the inner components of a
constructed object. This can cause out-of-bounds read if a crafted input
given.
Reference: https://hackerone.com/reports/170316
|
| |
| |
| |
| |
| |
| |
| | |
It was added as a workaround for "bad write retry" error that occurs
when SSLSocket#write_nonblock is retried with a different String. This
is now fixed by r54466 ("openssl: accept moving write buffer for
write_nonblock", 2016-03-31).
|
|\ \
| | |
| | |
| | |
| | | |
* topic/test-static-test-vector:
test/test_pkey_*: refine sign/verify tests
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
20a88ace0778 ("test: refactor PKey::PKey#{sign,verify} tests",
2016-07-07) was not a good idea in the sense of readability. So, let's
revert it. Also, static test vectors generated by BouncyCastle are added
to ensure #verify correctly accept valid signatures and reject invalid
signatures.
|
|\| |
| | |
| | |
| | |
| | |
| | | |
* topic/test-static-test-vector:
test/test_hmac: use static test vectors
test/test_cipher: use static test vectors
|
| | |
| | |
| | |
| | |
| | | |
Ensure that OpenSSL::HMAC works as expected by comparing the result with
known correct test vectors.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Compare the result with static test vectors rather than just testing
that the encryption result can be decrypted. The current test cases
wouldn't catch failure if both the encryption and decryption routines
are broken.
Test vectors are taken from external sources as noted in the comments.
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
* topic/pkey-ec-conversion-form:
pkey: allow specifying conversion form in EC::Point#to_bn
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently, when we want to convert a point data into an octet string
with non-default conversion form, we have to set the desirable form to
the associated EC::Group beforehand. This is inconvenient and
counterintuitive because the conversion form is not actually related to
the EC group.
point = ...
point.group.point_conversion_form = :compressed
point.to_bn
So, allow specifying the form as an optional parameter, like this:
point = ...
point.to_bn(:compressed)
|
| | |
| | |
| | |
| | |
| | | |
Implement Cipher#authenticated? even when the OpenSSL version does not
support AEAD. It just returns false.
|
| | |
| | |
| | |
| | |
| | | |
Compare with pre-calculated string literals rather than the output of
Digest::MD5 (ext/digest).
|
|\ \ \
| |_|/
|/| |
| | |
| | | |
* topic/cipher-no-initialize-null-key:
cipher: don't set dummy encryption key in Cipher#initialize
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the encryption key initialization from Cipher#initialize. This
is effectively a revert of r32723 ("Avoid possible SEGV from AES
encryption/decryption", 2011-07-28).
r32723, which added the key initialization, was a workaround for
Ruby Bug #2768. For some certain ciphers, calling EVP_CipherUpdate()
before setting an encryption key caused segfault. It was not a problem
until OpenSSL implemented GCM mode - the encryption key could be
overridden by repeated calls of EVP_CipherInit_ex(). But, it is not the
case for AES-GCM ciphers. Setting a key, an IV, a key, in this order
causes the IV to be reset to an all-zero IV.
The problem of Bug #2768 persists on the current versions of OpenSSL.
So, make Cipher#update raise an exception if a key is not yet set by the
user. Since encrypting or decrypting without key does not make any
sense, this should not break existing applications.
Users can still call Cipher#key= and Cipher#iv= multiple times with
their own responsibility.
Reference: https://bugs.ruby-lang.org/issues/2768
Reference: https://bugs.ruby-lang.org/issues/8221
Reference: https://github.com/ruby/openssl/issues/49
|
| | |
| | |
| | |
| | |
| | | |
Add parentheses around regexp literals to suppress "ambiguous first
argument; put parentheses or a space even after `/' operator" warning.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Check existence of the public key in the PKey object before starting
verifying a signature.
For RSA keys, EVP_VerifyFinal() internally calls RSA_size(), which
requires the existence of RSA::n. Since we allow instatiating PKey::RSA
without any key materials, calling PKey#verify against an empty
PKey::RSA causes segfault.
Reference: https://bugs.ruby-lang.org/issues/12783
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| | |
Reorder the assertions. The fix in f9c04779a84b was incomplete - setting
nil as the options is also affected by the Ubuntu's patch:
http://rubyci.s3.amazonaws.com/ubuntu/ruby-trunk/log/20160917T063002Z.fail.html.gz
|
|/
|
|
|
| |
The patch included in Ubuntu's libssl1.0.0 1.0.2g-1ubuntu4.3 package
forcibly adds SSL_OP_NO_SSLv3 option.
|
|
|
|
|
|
|
|
|
| |
Only TestSSL#test_post_connect_check_with_anon_ciphers uses it. The
option just sets 'ADH-AES256-GCM-SHA384' as the available cipher suites
and set the security level of the context to 0 - both can be achieved
using ctx_proc option of start_server. And we don't have to stick to the
cipher suite 'ADH-AES256-GCM-SHA384' so specify 'aNULL' instead. This
allows removing the cipher suite existence check.
|
|
|
|
|
|
|
| |
test_servername_cb{,_sets_context_on_the_socket,_can_return_nil,
_calls_setup_on_returned_ctx} and test_tlsext_hostname are highly
overlapping. So unify them into a single test_tlsext_hostname. The test
coverage does not change.
|
|
|
|
|
| |
Move a test case of SSLSocket#gets to test_pair.rb, and remove test
cases from test_ssl.rb which duplicate the tests in test_pair.rb
|
|
|
|
|
|
| |
test_pair.rb is the file for tests of IO-like methods - the test cases
in OpenSSL::TestPairM run twice with different underlying socket type.
test_ssl.rb is more appropriate file for {EC,}DH tests.
|
|
|
|
|
|
| |
Unify test cases for SSLContext#options. Also add an assertion to
test_sslctx_set_params for OP_NO_COMPRESSION and
OP_DONT_INSERT_EMPTY_FRAGMENTS.
|
|
|
|
| |
Add an explicit test case for them.
|
|
|
|
|
| |
Move it to TestSSL#test_starttls using the server_proc option of
start_server, as it is the only user of the 'STARTTLS' code.
|
|
|
|
|
|
|
|
|
| |
Convert the two mandatory parameters, verify_mode and start_immediately,
into keyword arguments with a default value.
The verify_mode parameter is only useful for client certificate
authentication. So most test cases sets to OpenSSL::SSL::VERIFY_NONE.
Also the start_immediately option is usually set to true.
|
|
|
|
|
|
|
|
|
|
| |
It's possible that a PKCS #12 strucuture holds zero private keys. At
such a time PKCS12_parse() returns NULL as the private key. Likewise,
when the strucuture does not contain the corresponding certificate to
the private key, PKCS12_parse() returns NULL as the certificate.
Reported and fix suggested by Masahiro Tomita <tommy@tmtm.org>.
[ruby-dev:49776] [Bug #12726]
|
|
|
|
|
|
|
|
|
| |
's2.connect' can block indefinitely depending on the version of OpenSSL.
Since the point of the test case is to check the failure path on ALPN
protocol selection callback, that is called on the server side, just
avoid blocking with SSLSocket#connect_nonblock on the client side. The
callback is called just after receiving the Client Hello so calling
SSLSocket#connect_nonblock once should be sufficient.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They aren't exception safe - they are called during parsing the
Client/Server Hello from OpenSSL code. An exception raised in the
callbacks escapes directly from OpenSSL code so it can break internal
status of OpenSSL.
We have a procedure for handling such exceptions raised during an
handshake: catch them and store the state number in the SSLSocket
object, and then check it in ossl_ssl_start() and re-raise after the
control turned back to our side.
This fixes the instability of
TestSSL::test_alpn_protocol_selection_cancel.
|
|
|
|
| |
It can make use of ssl_pair. This allows removing 6 secs sleep.
|
|
|
|
|
|
|
| |
The assumption in commit 1b1d520818e0 ("x509ext: fix memory leak in
X509::ExtensionFactory#config=") was wrong. The uninitialized
X509V3_CTX::db can be referred through "r2i" functions when creating
certain types of extension that use them.
|
|
|
|
|
| |
It was not implemented in a good way - for example it doesn't compile on
Windows and causes 'rake compile' to fail... So remove for now.
|
|\
| |
| |
| |
| | |
* topic/cipher-auth-tag-len:
cipher: add Cipher#auth_tag_len=
|
| |
| |
| |
| |
| |
| | |
Add a method to set the authentication tag length to be generate by an
AEAD ciphers. In particular, OCB mode which is implemented in OpenSSL
1.1.0 requires this.
|
| | |
|
| |
| |
| |
| | |
Reference: https://rt.openssl.org/Ticket/Display.html?id=2560
|
| |
| |
| |
| | |
Remove unnecessary or duplicate assertions, and merge test cases.
|
| |
| |
| |
| |
| | |
The removed assertions are wrong and testing a bug - the verification
must fail because OpenSSL shouldn't find the signer's certificate.
|