aboutsummaryrefslogtreecommitdiffstats
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
* Fix modular square root test with LibreSSL >= 3.8maint-3.1Theo Buehler2024-05-021-1/+3
| | | | | | | | | | | | | | | | | | [ This is a backport to the 3.1 branch. ] If x is a modular square root of a (mod p) then so is (p - x). Both answers are valid. In particular, both 2 and 3 are valid square roots of 4 (mod 5). Do not assume that a particular square root is chosen by the algorithm. Indeed, the algorithm in OpenSSL and LibreSSL <= 3.7 returns a non-deterministic answer in many cases. LibreSSL 3.8 and later will always return the smaller of the two possible answers. This breaks the current test case. Instead of checking for a particular square root, check that the square of the claimed square root is the given value. This is always true. Add the simplest test case where the answer is indeed non-deterministic. (cherry picked from commit 93548ae9597ba40d3f8b564f6a948ce55b432e30)
* Merge branch 'maint-3.0' into maint-3.1Kazuki Yamaguchi2024-05-025-14/+35
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | * maint-3.0: pkcs7: raise PKCS7Error for PKCS7 without content in PKCS7.read_smime pkcs7: raise ArgumentError for PKCS7 with no content in PKCS7.new cipher: fix buffer overflow in Cipher#update ssl: allow failure on test_connect_certificate_verify_failed_exception_message .github/workflows/test.yml: synchronize with master Only CSR version 1 (encoded as 0) is allowed by PKIX standards test_asn1.rb: Remove the assertions of the time string format without second. test/openssl/test_asn1.rb: skip failing tests on LibreSSL 3.6.0 Use EVP_Digest{Sign,Verify} when available Fix performance regression in do_write(s)
| * Merge pull request #752 from rhenium/pkcs7-empty-signed-data-19974maint-3.0Kazuki Yamaguchi2024-05-021-0/+15
| |\ | | | | | | Handle missing content in PKCS7
| | * pkcs7: raise PKCS7Error for PKCS7 without content in PKCS7.read_smimepkcs7-empty-signed-data-19974Jeremy Evans2024-05-011-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | [pkuzco: expanded the fix for other content types] [ky: adjusted formatting and the exception type] Co-authored-by: pkuzco <b.naamneh@gmail.com> Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
| | * pkcs7: raise ArgumentError for PKCS7 with no content in PKCS7.newJeremy Evans2024-05-011-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes [Bug #19974] [pkuzco: expanded the fix for other content types] [ky: adjusted formatting and the exception type] Co-authored-by: pkuzco <b.naamneh@gmail.com> Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
| * | cipher: fix buffer overflow in Cipher#updateky/cipher-update-fix-buffer-sizeKazuki Yamaguchi2024-05-011-0/+16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenSSL::Cipher#update currently allocates the output buffer with size (input data length)+(the block size of the cipher). This is insufficient for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers. They have a block size of 8 bytes, but the output may be up to 15 bytes larger than the input. Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output buffer size, instead. OpenSSL doesn't provide a generic way to tell the maximum required buffer size for ciphers, but this is large enough for all algorithms implemented in current versions of OpenSSL. Fixes: https://bugs.ruby-lang.org/issues/20236
| * ssl: allow failure on test_connect_certificate_verify_failed_exception_messageky/maint-3.0-backportsKazuki Yamaguchi2024-05-011-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | [ This patch only applies to the 3.0 and 3.1 branch. ] It is a test case for SSLSocket generating an informative error message on a certificate verification failure. A change in OpenSSL 3.1 broke it and a generic error message is currently generated. This is fixed in the 3.2 branch by commit 5113777e8271, but I decided not to backport the commit to the 3.0 branch because the diff doesn't apply cleanly.
| * Only CSR version 1 (encoded as 0) is allowed by PKIX standardsJob Snijders2024-05-011-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] RFC 2986, section 4.1 only defines version 1 for CSRs. This version is encoded as a 0. Starting with OpenSSL 3.3, setting the CSR version to anything but 1 fails. Do not attempt to generate a CSR with invalid version (which now fails) and invalidate the CSR in test_sign_and_verify_rsa_sha1 by changing its subject rather than using an invalid version. This commit fixes the following error. ``` 2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError: X509_REQ_set_version: passed invalid argument /home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version=' /home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr' /home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in `test_version' 40: req = OpenSSL::X509::Request.new(req.to_der) 41: assert_equal(0, req.version) 42: => 43: req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256')) 44: assert_equal(1, req.version) 45: req = OpenSSL::X509::Request.new(req.to_der) 46: assert_equal(1, req.version) ``` (cherry picked from commit c06fdeb0912221d9a2888369bbf9c10704af021e)
| * test_asn1.rb: Remove the assertions of the time string format without second.Jun Aruga2024-05-011-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] This commit fixes the following errors in the tests. Because the OpenSSL project changed the code to make the time string format without second invalid. So, we drop the assertions. ``` 1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime' 430: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39)) 431: # LibreSSL 3.6.0 requires the seconds element 432: return if libressl? => 433: decode_test B(%w{ 18 0D }) + "201612081934Z".b, 434: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0)) 435: # not implemented 436: # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b, 2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test' /home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime' 408: end 409: # Seconds is omitted. LibreSSL 3.6.0 requires it 410: return if libressl? => 411: decode_test B(%w{ 17 0B }) + "1609082343Z".b, 412: OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0)) 413: # not implemented 414: # decode_test B(%w{ 17 11 }) + "500908234339+0930".b, ``` (cherry picked from commit 2e826d571546cdc3beaa884f9e522a102d531641)
| * test/openssl/test_asn1.rb: skip failing tests on LibreSSL 3.6.0Kazuki Yamaguchi2024-05-011-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ This is a backport to the 3.0 branch. ] LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime to be always present. LibreSSL 3.6.0 release note [1] says: > - The ASN.1 time parser has been refactored and rewritten using CBS. > It has been made stricter in that it now enforces the rules from > RFC 5280. [1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt (cherry picked from commit bbc540fe83195e2a54cf40fab448cea2afe4df1d)
* | Merge branch 'maint-3.0'Kazuki Yamaguchi2022-12-241-5/+5
|\| | | | | | | | | * maint-3.0: test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters
| * test/openssl/test_pkey.rb: allow failures in test_s_generate_parametersky/pkcs7-certs-emptyKazuki Yamaguchi2022-12-241-5/+5
| | | | | | | | | | | | | | Commit f2e2a5e5ed8e ("test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters", 2022-12-23) was completely bogus. The problem in OpenSSL 3.0.0-3.0.5 is that errors from the callback are sometimes silently suppressed.
* | Merge branch 'maint-3.0'Kazuki Yamaguchi2022-12-234-0/+23
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint-3.0: Ruby/OpenSSL 3.0.2 Fix build with LibreSSL 3.5 Fix operator precedence in OSSL_OPENSSL_PREREQ and OSSL_LIBRESSL_PREREQ Ruby/OpenSSL 2.2.3 ts: use TS_VERIFY_CTX_set_certs instead of TS_VERIFY_CTS_set_certs ocsp: disable OCSP_basic_verify() workaround on LibreSSL 3.5 test/openssl/test_pkey.rb: allow failures in test_s_generate_parameters pkey/ec: check private key validity with OpenSSL 3 Actions - update workflow to use OpenSSL 1.1.1, actions/checkout@v3 pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINT raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true
| * Merge pull request #580 from rhenium/ky/pkey-ec-fix-checkKazuki Yamaguchi2022-12-233-0/+18
| |\ | | | | | | pkey/ec: check private key validity with OpenSSL 3
| | * pkey/ec: check private key validity with OpenSSL 3ky/pkey-ec-fix-checkJoe Truba2022-12-233-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1 and 3.0 so that it no longer validates the private key. Instead, private keys can be validated through EVP_PKEY_private_check and EVP_PKEY_pairwise_check. [ky: simplified condition to use either EVP_PKEY_check() or EVP_PKEY_public_check().]
| * | test/openssl/test_pkey.rb: allow failures in test_s_generate_parametersKazuki Yamaguchi2022-12-231-0/+5
| |/ | | | | | | | | | | | | The root cause has been fixed by OpenSSL 3.0.6, but Ubuntu 22.04's OpenSSL package has not backported the patch yet. Reference: https://github.com/ruby/openssl/issues/492
* | Merge pull request #558 from kateinoigakukun/katei/fix-no-sock-supportKazuki Yamaguchi2022-12-233-3/+3
|\ \ | | | | | | Undefine `OpenSSL::SSL` for no socket platforms
| * | test/openssl/test_ssl.rb: do not run SSL tests if not availableKazuki Yamaguchi2022-12-233-3/+3
| | |
* | | ssl: disable NPN support on LibreSSLky/libressl-3.7.0Kazuki Yamaguchi2022-12-231-15/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As noted in commit a2ed156cc9f1 ("test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1", 2017-08-13), NPN is known not to work properly on LibreSSL. Disable NPN support on LibreSSL, whether OPENSSL_NO_NEXTPROTONEG is defined or not. NPN is less relevant today anyway. Let's also silence test suite when it's not available.
* | | test/openssl/test_asn1.rb: remove pend for unsupported LibreSSL versionsKazuki Yamaguchi2022-12-231-8/+3
| | | | | | | | | | | | | | | | | | | | | | | | Commit af895bc5596b ("asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid", 2016-12-15) added this test case. The OBJ_obj2txt() issue was fixed by LibreSSL 2.5.1 (released in 2017) and is no longer relevant today.
* | | test/openssl/test_asn1.rb: skip failing tests on LibreSSL 3.6.0Kazuki Yamaguchi2022-12-231-3/+6
|/ / | | | | | | | | | | | | | | | | | | | | LibreSSL 3.6.0 expects the seconds part in UTCTime and GeneralizedTime to be always present. LibreSSL 3.6.0 release note [1] says: > - The ASN.1 time parser has been refactored and rewritten using CBS. > It has been made stricter in that it now enforces the rules from > RFC 5280. [1] https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt
* | Allow empty string to OpenSSL::Cipher#updateYusuke Nakamura2022-11-241-6/+0
| | | | | | | | | | | | For some reasons, plaintext may be empty string. ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8
* | Use SHA256 instead of SHA1 where needed in tests.Jarek Prokop2022-10-188-40/+43
| | | | | | | | | | Systems such as RHEL 9 are moving away from SHA1 disabling it completely in default configuration.
* | add BN#mod_sqrtBen Toews2022-10-171-0/+6
| |
* | Merge pull request #536 from cdelafuente-r7/add_keylog_cbKazuki Yamaguchi2022-09-201-0/+48
|\ \ | | | | | | Add support to SSL_CTX_set_keylog_callback()
| * | Add support to SSL_CTX_set_keylog_callbackChristophe De La Fuente2022-09-201-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - This callback is invoked when TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes. - It is invoked with an `SSLSocket` and a string containing the key material in the format used by NSS for its SSLKEYLOGFILE debugging output. - This commit adds the Ruby binding `keylog_cb` and the related tests - It is only compatible with OpenSSL >= 1.1.1. Even if LibreSSL implements `SSL_CTX_set_keylog_callback()` from v3.4.2, it does nothing (see https://github.com/libressl-portable/openbsd/commit/648d39f0f035835d0653342d139883b9661e9cb6)
* | | Merge branch 'maint-3.0'Kazuki Yamaguchi2022-09-084-0/+57
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint-3.0: Ruby/OpenSSL 3.0.1 Ruby/OpenSSL 2.2.2 Ruby/OpenSSL 2.1.4 Make GitHub Actions happy on 2.1/2.2 branches test/openssl/test_cipher: skip AES-CCM tests on OpenSSL <= 1.1.1b pkey/ec: check existence of public key component before exporting pkey: restore support for decoding "openssl ecparam -genkey" output pkey: clear error queue before each OSSL_DECODER_from_bio() call pkey/dsa: let PKey::DSA.generate choose appropriate q size hmac: use EVP_PKEY_new_raw_private_key() if available x509*: fix error queue leak in #extensions= and #attributes= methods Check if the option is an Hash in `pkey_ctx_apply_options0()`
| * | Merge pull request #541 from rhenium/ky/pkey-ec-export-segfault-regressionKazuki Yamaguchi2022-09-081-0/+2
| |\ \ | | | | | | | | pkey/ec: check existence of public key component before exporting
| | * | pkey/ec: check existence of public key component before exportingky/pkey-ec-export-segfault-regressionKazuki Yamaguchi2022-09-021-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | i2d_PUBKEY_bio() against an EC_KEY without the public key component trggers a null dereference. This is a regression introduced by commit 56f0d34d63fb ("pkey: refactor #export/#to_pem and #to_der", 2017-06-14). Fixes https://github.com/ruby/openssl/pull/527#issuecomment-1220504524 Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1221554057
| * | | Merge pull request #540 from rhenium/ky/pkey-read-prefer-keysKazuki Yamaguchi2022-09-081-0/+23
| |\ \ \ | | | | | | | | | | pkey: restore support for decoding "openssl ecparam -genkey" output
| | * | | pkey: restore support for decoding "openssl ecparam -genkey" outputky/pkey-read-prefer-keysKazuki Yamaguchi2022-09-021-0/+23
| | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Scan through the input for a private key, then fallback to generic decoder. OpenSSL 3.0's OSSL_DECODER supports encoded key parameters. The PEM header "-----BEGIN EC PARAMETERS-----" is used by one of such encoding formats. While this is useful for OpenSSL::PKey::PKey, an edge case has been discovered. The openssl CLI command line "openssl ecparam -genkey" prints two PEM blocks in a row, one for EC parameters and another for the private key. Feeding the whole output into OSSL_DECODER results in only the first PEM block, the key parameters, being decoded. Previously, ruby/openssl did not support decoding key parameters and it would decode the private key PEM block instead. While the new behavior is technically correct, "openssl ecparam -genkey" is so widely used that ruby/openssl does not want to break existing applications. Fixes https://github.com/ruby/openssl/pull/535
| * | | Merge pull request #539 from rhenium/ky/pkey-dsa-generate-fix-qKazuki Yamaguchi2022-09-021-0/+19
| |\ \ \ | | | | | | | | | | pkey/dsa: let PKey::DSA.generate choose appropriate q size
| | * | | pkey/dsa: let PKey::DSA.generate choose appropriate q sizeky/pkey-dsa-generate-fix-qKazuki Yamaguchi2022-09-021-0/+19
| | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DSA parameters generation via EVP_PKEY_paramgen() will not automatically adjust the size of q value but uses 224 bits by default unless specified explicitly. This behavior is different from the now-deprecated DSA_generate_parameters_ex(), which PKey::DSA.generate used to call. Fixes https://github.com/ruby/openssl/issues/483 Fixes: 1800a8d5ebaf ("pkey/dsa: use high level EVP interface to generate parameters and keys", 2020-05-17)
| * | | hmac: use EVP_PKEY_new_raw_private_key() if availableky/hmac-evp-use-raw-private-keyKazuki Yamaguchi2022-09-021-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current OpenSSL 3.0.x release has a regression with zero-length MAC keys. While this issue should be fixed in a future release of OpenSSL, we can use EVP_PKEY_new_raw_private_key() in place of the problematic EVP_PKEY_new_mac_key() to avoid the issue. OpenSSL 3.0's man page recommends using it regardless: > EVP_PKEY_new_mac_key() works in the same way as > EVP_PKEY_new_raw_private_key(). New applications should use > EVP_PKEY_new_raw_private_key() instead. Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1224912710
| * | | Check if the option is an Hash in `pkey_ctx_apply_options0()`Nobuhiro IMAI2022-08-081-0/+5
| | | | | | | | | | | | | | | | causes SEGV if it is an Array or something like that.
* | | | Merge pull request #530 from madblobfish/openssl-add-rfc5705Kazuki Yamaguchi2022-08-311-0/+13
|\ \ \ \ | |_|_|/ |/| | | implement SSLSocket#export_keying_material for doing RFC 5705 operations
| * | | ssl: enable generating keying material from SSL sessionsmadblobfish2022-08-231-0/+13
| | | | | | | | | | | | | | | | Add OpenSSL::SSL::SSLSocket#export_keying_material to support RFC 5705
* | | | [CI] TestHMAC#test_dup - remove 'pend' for OpenSSL 3MSP-Greg2022-07-271-1/+0
|/ / /
* | | Skip a new test when old OpenSSLNobuyoshi Nakada2022-07-091-0/+4
| | | | | | | | | | | | | | | It does not raise an error when setting an invalid value to SSLContext ciphers on Ubuntu 18.04.
* | | Strip trailing spaces [ci skip]Nobuyoshi Nakada2022-07-081-2/+2
| | |
* | | Let OpenSSL choose the digest if digest for ↵Jarek Prokop2022-04-121-1/+1
| | | | | | | | | | | | Openssl::OCSP::BasicResponse#sign is nil.
* | | Fix test of cipher name to pass in LibreSSL 3.4Jeremy Evans2022-04-011-1/+5
| | | | | | | | | | | | LibreSSL 3.5 switched the cipher naming to match OpenSSL.
* | | Add 'ciphersuites=' method to allow setting of TLSv1.3 cipher suites along ↵twkmd122022-02-011-0/+89
|/ / | | | | | | | | with some unit tests (#493) Add OpenSSL::SSL::SSLContext#ciphersuites= method along with unit tests.
* / Skip optional wildcard SAN tests on LibreSSL 3.5.0+Jeremy Evans2022-01-041-0/+6
|/ | | | | | | | | | RFC 6066 states how some wildcard SAN entries MAY be handled, but it does not say they MUST be handled. LibreSSL 3.5.0 only handles suffix wildcard SANs, not prefix wildcard SANs, or interior wildcard SANs, so return early from the wildcard SAN tests on LibreSSL 3.5.0. Fixes #471
* test/openssl/test_ssl: adjust certificate expiry dateKazuki Yamaguchi2021-12-251-1/+2
| | | | | | | | | | | | | | | test_connect_certificate_verify_failed_exception_message occasionally fails. Is it possible that OpenSSL sees a different clock from Ruby by more than 10 seconds? http://ci.rvm.jp/logfiles/brlog.trunk-random0.20211111-072828 Let's give more time after the certificate expiration date to see if this fixes the flakiness. We had similar occasional failures in test_x509store.rb before, which disappeared after ruby/ruby commit 7930a352a57c and ruby/openssl commit fb2fcbb13734. (cherry picked from commit ruby/ruby@cd51bf61a2178a73219f7884792dfb82ca64c082)
* Add tast cases to OpenSSL::BN using ractorYusuke Nakamura2021-12-211-0/+25
| | | | | | OpenSSL::BN has been make ractor-safed in 9e7cf9e , but there was no test. And to use 'ractor' annotation, update test-unit to v3.4.6 or higher.
* ssl: update test_options_disable_versionsKazuki Yamaguchi2021-12-201-35/+40
| | | | | Use the combination of TLS 1.2 and TLS 1.3 instead of TLS 1.1 and TLS 1.2 so that will the test case will be run on latest platforms.
* ssl: update test_accept_errors_include_peeraddr test caseKazuki Yamaguchi2021-12-201-6/+4
| | | | | Use a different invalid data example to prevent SSLSocket#accept from reaching EOF.
* hmac: skip test_dup on OpenSSL 3.0 for nowKazuki Yamaguchi2021-12-201-0/+1
| | | | | | EVP_MD_CTX_copy() doesn't seem to work as intended on HMAC EVP_MD_CTX on OpenSSL 3.0.0 and causes a double free. I haven't found the root problem yet, but let's skip the test case for now.
* cipher: update test_ciphersKazuki Yamaguchi2021-12-201-8/+5
| | | | | Do not attempt to actually use all algorithms. Not all algorithms listed in OpenSSL::Cipher.ciphers are always available.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-31 20:39:53 +0000