| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
Handle missing content in PKCS7
|
| | |
| |
| |
| |
| |
| |
| |
| | |
[pkuzco: expanded the fix for other content types]
[ky: adjusted formatting and the exception type]
Co-authored-by: pkuzco <b.naamneh@gmail.com>
Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes [Bug #19974]
[pkuzco: expanded the fix for other content types]
[ky: adjusted formatting and the exception type]
Co-authored-by: pkuzco <b.naamneh@gmail.com>
Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL::Cipher#update currently allocates the output buffer with size
(input data length)+(the block size of the cipher). This is insufficient
for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers.
They have a block size of 8 bytes, but the output may be up to 15 bytes
larger than the input.
Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output
buffer size, instead. OpenSSL doesn't provide a generic way to tell the
maximum required buffer size for ciphers, but this is large enough for
all algorithms implemented in current versions of OpenSSL.
Fixes: https://bugs.ruby-lang.org/issues/20236
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[ This patch only applies to the 3.0 and 3.1 branch. ]
It is a test case for SSLSocket generating an informative error message
on a certificate verification failure. A change in OpenSSL 3.1 broke it
and a generic error message is currently generated.
This is fixed in the 3.2 branch by commit 5113777e8271, but I decided
not to backport the commit to the 3.0 branch because the diff doesn't
apply cleanly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ This is a backport to the 3.0 branch. ]
RFC 2986, section 4.1 only defines version 1 for CSRs. This version
is encoded as a 0. Starting with OpenSSL 3.3, setting the CSR version
to anything but 1 fails.
Do not attempt to generate a CSR with invalid version (which now fails)
and invalidate the CSR in test_sign_and_verify_rsa_sha1 by changing its
subject rather than using an invalid version.
This commit fixes the following error.
```
2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError:
X509_REQ_set_version: passed invalid argument
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version='
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr'
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in
`test_version'
40: req = OpenSSL::X509::Request.new(req.to_der)
41: assert_equal(0, req.version)
42:
=> 43: req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
44: assert_equal(1, req.version)
45: req = OpenSSL::X509::Request.new(req.to_der)
46: assert_equal(1, req.version)
```
(cherry picked from commit c06fdeb0912221d9a2888369bbf9c10704af021e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ This is a backport to the 3.0 branch. ]
This commit fixes the following errors in the tests.
Because the OpenSSL project changed the code to make the time string format
without second invalid. So, we drop the assertions.
```
1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime'
430: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
431: # LibreSSL 3.6.0 requires the seconds element
432: return if libressl?
=> 433: decode_test B(%w{ 18 0D }) + "201612081934Z".b,
434: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
435: # not implemented
436: # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b,
2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime'
408: end
409: # Seconds is omitted. LibreSSL 3.6.0 requires it
410: return if libressl?
=> 411: decode_test B(%w{ 17 0B }) + "1609082343Z".b,
412: OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
413: # not implemented
414: # decode_test B(%w{ 17 11 }) + "500908234339+0930".b,
```
(cherry picked from commit 2e826d571546cdc3beaa884f9e522a102d531641)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[ This is a backport to the 3.0 branch. ]
LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime
to be always present. LibreSSL 3.6.0 release note [1] says:
> - The ASN.1 time parser has been refactored and rewritten using CBS.
> It has been made stricter in that it now enforces the rules from
> RFC 5280.
[1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt
(cherry picked from commit bbc540fe83195e2a54cf40fab448cea2afe4df1d)
|
| |
|
|
|
|
|
| |
Commit f2e2a5e5ed8e ("test/openssl/test_pkey.rb: allow failures in
test_s_generate_parameters", 2022-12-23) was completely bogus. The
problem in OpenSSL 3.0.0-3.0.5 is that errors from the callback are
sometimes silently suppressed.
|
| |\
| |
| | |
pkey/ec: check private key validity with OpenSSL 3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1
and 3.0 so that it no longer validates the private key. Instead, private
keys can be validated through EVP_PKEY_private_check and
EVP_PKEY_pairwise_check.
[ky: simplified condition to use either EVP_PKEY_check() or
EVP_PKEY_public_check().]
|
| |/
|
|
|
|
|
| |
The root cause has been fixed by OpenSSL 3.0.6, but Ubuntu 22.04's
OpenSSL package has not backported the patch yet.
Reference: https://github.com/ruby/openssl/issues/492
|
| |\
| |
| | |
pkey/ec: check existence of public key component before exporting
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
i2d_PUBKEY_bio() against an EC_KEY without the public key component
trggers a null dereference.
This is a regression introduced by commit 56f0d34d63fb ("pkey:
refactor #export/#to_pem and #to_der", 2017-06-14).
Fixes https://github.com/ruby/openssl/pull/527#issuecomment-1220504524
Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1221554057
|
| |\ \
| | |
| | | |
pkey: restore support for decoding "openssl ecparam -genkey" output
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Scan through the input for a private key, then fallback to generic
decoder.
OpenSSL 3.0's OSSL_DECODER supports encoded key parameters. The PEM
header "-----BEGIN EC PARAMETERS-----" is used by one of such encoding
formats. While this is useful for OpenSSL::PKey::PKey, an edge case has
been discovered.
The openssl CLI command line "openssl ecparam -genkey" prints two PEM
blocks in a row, one for EC parameters and another for the private key.
Feeding the whole output into OSSL_DECODER results in only the first PEM
block, the key parameters, being decoded. Previously, ruby/openssl did
not support decoding key parameters and it would decode the private key
PEM block instead.
While the new behavior is technically correct, "openssl ecparam -genkey"
is so widely used that ruby/openssl does not want to break existing
applications.
Fixes https://github.com/ruby/openssl/pull/535
|
| |\ \
| | |
| | | |
pkey/dsa: let PKey::DSA.generate choose appropriate q size
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
DSA parameters generation via EVP_PKEY_paramgen() will not automatically
adjust the size of q value but uses 224 bits by default unless specified
explicitly. This behavior is different from the now-deprecated
DSA_generate_parameters_ex(), which PKey::DSA.generate used to call.
Fixes https://github.com/ruby/openssl/issues/483
Fixes: 1800a8d5ebaf ("pkey/dsa: use high level EVP interface to generate parameters and keys", 2020-05-17)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Current OpenSSL 3.0.x release has a regression with zero-length MAC
keys. While this issue should be fixed in a future release of OpenSSL,
we can use EVP_PKEY_new_raw_private_key() in place of the problematic
EVP_PKEY_new_mac_key() to avoid the issue. OpenSSL 3.0's man page
recommends using it regardless:
> EVP_PKEY_new_mac_key() works in the same way as
> EVP_PKEY_new_raw_private_key(). New applications should use
> EVP_PKEY_new_raw_private_key() instead.
Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1224912710
|
| | |
| |
| |
| | |
causes SEGV if it is an Array or something like that.
|
| |/
|
|
|
|
|
|
|
|
| |
RFC 6066 states how some wildcard SAN entries MAY be handled, but
it does not say they MUST be handled. LibreSSL 3.5.0 only handles
suffix wildcard SANs, not prefix wildcard SANs, or interior
wildcard SANs, so return early from the wildcard SAN tests on
LibreSSL 3.5.0.
Fixes #471
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test_connect_certificate_verify_failed_exception_message occasionally
fails. Is it possible that OpenSSL sees a different clock from Ruby by
more than 10 seconds?
http://ci.rvm.jp/logfiles/brlog.trunk-random0.20211111-072828
Let's give more time after the certificate expiration date to see if
this fixes the flakiness. We had similar occasional failures in
test_x509store.rb before, which disappeared after ruby/ruby commit
7930a352a57c and ruby/openssl commit fb2fcbb13734.
(cherry picked from commit ruby/ruby@cd51bf61a2178a73219f7884792dfb82ca64c082)
|
| |
|
|
|
|
| |
OpenSSL::BN has been make ractor-safed in 9e7cf9e ,
but there was no test.
And to use 'ractor' annotation, update test-unit to v3.4.6 or higher.
|
| |
|
|
|
| |
Use the combination of TLS 1.2 and TLS 1.3 instead of TLS 1.1 and TLS
1.2 so that will the test case will be run on latest platforms.
|
| |
|
|
|
| |
Use a different invalid data example to prevent SSLSocket#accept from
reaching EOF.
|
| |
|
|
|
|
| |
EVP_MD_CTX_copy() doesn't seem to work as intended on HMAC EVP_MD_CTX
on OpenSSL 3.0.0 and causes a double free. I haven't found the root
problem yet, but let's skip the test case for now.
|
| |
|
|
|
| |
Do not attempt to actually use all algorithms. Not all algorithms listed
in OpenSSL::Cipher.ciphers are always available.
|
| |\
| |
| | |
pkey: deprecate PKey::*#set_* and PKey::{DH,EC}#generate_key!
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const
pointer of the low level struct and the following methods can no longer
be provided when linked against OpenSSL 3.0:
- OpenSSL::PKey::RSA#set_key
- OpenSSL::PKey::RSA#set_factors
- OpenSSL::PKey::RSA#set_crt_params
- OpenSSL::PKey::DSA#set_pqg
- OpenSSL::PKey::DSA#set_key
- OpenSSL::PKey::DH#set_pqg
- OpenSSL::PKey::DH#set_key
- OpenSSL::PKey::EC#group=
- OpenSSL::PKey::EC#private_key=
- OpenSSL::PKey::EC#public_key=
There is no direct replacement for this functionality at the moment.
I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes
all key components at once to construct an EVP_PKEY.
|
| | |
| |
| |
| |
| |
| | |
OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.
|
| | |
| |
| |
| |
| |
| | |
OpenSSL::PKey::DH#generate_key! will not work on OpenSSL 3.0 because
keys are made immutable. Users should use OpenSSL::PKey.generate_key
instead.
|
| |/
|
|
|
|
|
|
|
|
|
| |
PEM-encoded private keys are sometimes stored together with irrelevant
PEM blocks, such as the corresponding X.509 certificate.
PEM_read_bio_*() family automatically skips unknown PEM blocks, but on
OpenSSL 3.0 we will be using the new OSSL_DECODER API instead due to
some breaking changes around the password callback.
Let's add a test case so that we won't break the current behavior.
|
| | |
|
| |\
| |
| | |
ssl: disallow reading/writing to unstarted SSL socket
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::SSL::SSLSocket allowed #read and #write to be called before an
SSL/TLS handshake is completed. They passed unencrypted data to the
underlying socket.
This behavior is very odd to have in this library. A verbose mode
warning "SSL session is not started yet" was emitted whenever this
happened. It also didn't behave well with OpenSSL::Buffering. Let's
just get rid of it.
Fixes: https://github.com/ruby/openssl/issues/9
|
| |/
|
|
|
|
| |
BN_pseudo_rand() and BN_pseudo_rand_range() are deprecated in
OpenSSL 3.0. Since they are identical to their non-'pseudo' version
anyway, let's make them alias.
|
| |
|
|
| |
The Ruby tree disallows assert_raises.
|
| |\
| |
| | |
Raise an exception if the IO object passed to SSLSocket isn't a file
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SSLSocket#connect eventually calls `GetOpenFile` in order to get the
underlying file descriptor for the IO object passed in on
initialization. `GetOpenFile` assumes that the Ruby object passed in is
a T_FILE object and just casts it to a T_FILE without any checks. If
you pass an object that *isn't* a T_FILE to that function, the program
will segv.
Since we assume the IO object is a file in the `connect` method, this
commit adds a `CheckType` in the initialize method to ensure that the IO
object is actually a T_FILE. If the object *isn't* a T_FILE, this class
will segv on `connect`, so I think this is a backwards compatible
change.
|
| | |
| |
| |
| |
| | |
OpenSSL::PKey::RSA#set_key does not exist when built with OpenSSL 3.0,
so it is not possible to create an RSA object with incomplete state.
|
| | |
| |
| |
| |
| |
| | |
OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits,
but generating 2048 bits parameters takes very long time. Let's use EC
in these test cases instead.
|
| | |
| |
| |
| |
| |
| | |
A certificate can only have one SubjectAltName extension. OpenSSL 3.0
performs a stricter validation and certificates containing multiple SANs
will be rejected.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL's PKCS12_create() by default uses pbewithSHAAnd40BitRC2-CBC for
encryption of the certificates. However, in OpenSSL 3.0, the algorithm
is part of the legacy provider and is not enabled by default.
Specify another algorithm that is still in the default provider for
these test cases.
|
| | |
| |
| |
| |
| |
| | |
OpenSSL 3.0 slightly changed the error message for a certificate
verification failure when an untrusted self-signed certificate is found
in the chain.
|
| | |
| |
| |
| |
| |
| | |
Remove availability test for MD4 and RIPEMD160 as they are considered
legacy and may be missing depending on the compile-time options of
OpenSSL. OpenSSL 3.0 by default disables them.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Disabling ECC support of OpenSSL is impractical nowadays.
We still try to have the C extension compile on no-ec builds (as well
as no-dh or no-engine, etc.) as long as we can, but keeping test cases
for such an extreme scenario is not worth the effort.
|
| | |
| |
| |
| |
| | |
Current versions of OpenSSL and LibreSSL all support TLS 1.2, so there
is no need for checking the availability.
|
| |/
|
|
|
|
| |
It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
work with OpenSSL 3.0. The same can easily be achieved using
PKey#public_to_der regardless of the key kind.
|
| |
|
|
|
|
|
|
| |
Drop support for Ruby 2.3, 2.4, and 2.5.
As of 2021-10, Ruby 2.6 is the oldest version that still receives
security fixes from the Ruby core team, so it doesn't make much sense
to keep code for those ancient versions.
|
| |
|
|
| |
(cherry picked from commit ruby/ruby@ecfbf1df33a1e90008baa131369c80cfa6282692)
|
