| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
work with OpenSSL 3.0. The same can easily be achieved using
PKey#public_to_der regardless of the key kind.
https://github.com/ruby/openssl/commit/7b66eaa2db
|
|
|
|
|
|
|
|
|
|
| |
Drop support for Ruby 2.3, 2.4, and 2.5.
As of 2021-10, Ruby 2.6 is the oldest version that still receives
security fixes from the Ruby core team, so it doesn't make much sense
to keep code for those ancient versions.
https://github.com/ruby/openssl/commit/3436bd040d
|
|
|
|
|
|
|
|
|
| |
LibreSSL
LibreSSL 2.2.x has a bug in the Finished message handling with TLS 1.3.
This is fixed by LibreSSL 3.3.2.
https://github.com/ruby/openssl/commit/0bea59d245
|
|
|
|
|
|
| |
prevent `ossl_ts_*_free()` from calling when `d2i_TS_*_bio()` failed.
https://github.com/ruby/openssl/commit/b29e215786
|
|
|
|
|
|
|
|
|
|
| |
[ This is a backport to the 2.1 branch. ]
Fixed misspellings reported at [Bug #16437], for default gems.
(cherry picked from commit ruby/ruby@e68999c82c4863d33a6f893661fba1b7538c5671)
https://github.com/ruby/openssl/commit/0f43789503
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a wrapper of SSL_set0_tmp_dh_pkey()/SSL_CTX_set_tmp_dh(), which
sets the DH parameters used for ephemeral DH key exchange.
SSLContext#tmp_dh_callback= already exists for this purpose, as a
wrapper around SSL_CTX_set_tmp_dh_callback(), but it is considered
obsolete and the OpenSSL API is deprecated for future removal. There is
no practical use case where an application needs to use different DH
parameters nowadays. This was originally introduced to support export
grade ciphers.
RDoc for #tmp_dh_callback= is updated to recommend the new #tmp_dh=.
Note that current versions of OpenSSL support automatic ECDHE curve
selection which is enabled by default. SSLContext#tmp_dh= should only be
necessary if you must allow ancient clients which don't support ECDHE.
https://github.com/ruby/openssl/commit/aa43da4f04
|
| |
|
| |
|
|
|
|
| |
https://github.com/ruby/openssl/commit/8a1e3f5085
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also, OpenSSL::BN::CONSTTIME is added.
OpenSSL itself had a feature that was vulnerable against a side-channel
attack. The OpenSSL authors determined that it was not a security issue,
and they have already fixed the issue by using BN_set_flags.
https://github.com/openssl/openssl/pull/13888
If a Ruby OpenSSL user was faced with a similar issue, they couldn't
prevent the issue because Ruby OpenSSL lacks a wrapper to BN_set_flags.
For the case, this change introduces the wrapper.
https://github.com/ruby/openssl/commit/1e565eba89
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a variant of PKey#sign and #verify that do not hash the data
automatically.
Sometimes the caller has the hashed data only, but not the plaintext
to be signed. In that case, users would have to use the low-level API
such as RSA#private_encrypt or #public_decrypt directly.
OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify()
which provide the same functionality as part of the EVP API. This patch
adds wrappers for them.
https://github.com/ruby/openssl/commit/16cca4e0c4
|
|
|
|
|
|
|
| |
Support public key encryption and decryption operations using the EVP
API.
https://github.com/ruby/openssl/commit/75326d4bbc
|
|
|
|
|
|
|
|
|
| |
(https://github.com/ruby/openssl/pull/441)
* Add feature for loading the chained certificate into Certificate array.
https://github.com/ruby/openssl/commit/05e1c015d6
Co-authored-by: Sao I Kuan <saoikuan@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Methods that take both PEM-encoding and DER-encoding have not been
consistent in the order in which encoding to attempt to parse.
A DER-encoding may contain a valid PEM block ("\n-----BEGIN ..-----" to
"-----END ...-----") embedded within it. Also, the PEM-encoding parser
allows arbitrary data around the PEM block and silently skips it. As a
result, attempting to parse data in DER-encoding as PEM-encoding first
can incorrectly finds the embedded PEM block instead.
This commit ensures that DER encoding will always be attempted before
PEM encoding. OpenSSL::X509::Certificate is one of the updated classes.
With this, the following will always be true:
# obj is an OpenSSL::X509::Certificate
obj == OpenSSL::X509::Certificate.new(obj.to_der)
obj == OpenSSL::X509::Certificate.new(obj.to_pem)
https://github.com/ruby/openssl/commit/b280eb1fd0
|
|
|
|
|
|
|
|
| |
Normal sockets respond to `getbyte`, so we should make SSLSocket respond
to `getbyte` as well. This way we can substitute SSLSockets for regular
sockets.
https://github.com/ruby/openssl/commit/ac1490b7c9
|
|
|
|
|
|
|
|
|
|
|
| |
Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
use EVP_PKEY_public_check() instead of EC_KEY_check_key().
EVP_PKEY_*check() is part of the EVP API and is meant to replace those
low-level functions. They were added by OpenSSL 1.1.1. It is currently
not provided by LibreSSL.
https://github.com/ruby/openssl/commit/797e9f8e08
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The low-level API that is used to implement #public_key is deprecated
in OpenSSL 3.0. It is actually very simple to implement in another way,
using existing methods only, in much shorter code. Let's do it.
While we are at it, the documentation is updated to recommend against
using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der
method, there is no real use case for #public_key in newly written Ruby
programs.
https://github.com/ruby/openssl/commit/48a6c391ef
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use EVP_PKEY_print_private() instead of the low-level API *_print()
functions, such as RSA_print().
EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.
Note that it falls back to EVP_PKEY_print_public() and
EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
type for which _private() fails if the private component is not set in
the pkey object.
Since the new API works in the same way for all key types, we now
implement #to_text in the base class OpenSSL::PKey::PKey rather than in
each subclass.
https://github.com/ruby/openssl/commit/e0b4c56956
|
|
|
|
|
|
|
|
|
|
| |
and keys
Implement PKey::DSA.new(size) and PKey::DSA.generate using
OpenSSL::PKey.generate_parameters and .generate_key instead of the low
level DSA functions.
https://github.com/ruby/openssl/commit/1800a8d5eb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and keys
Implement PKey::DH.new(size, gen), PKey::DH.generate(size, gen), and
PKey::DH#generate_key! using PKey.generate_parameters and .generate_key
instead of the low level DH functions.
Note that the EVP interface can enforce additional restrictions - for
example, DH key shorter than 2048 bits is no longer accepted by default
in OpenSSL 3.0. The test code is updated accordingly.
https://github.com/ruby/openssl/commit/c2e9b16f0b
|
|
|
|
|
|
|
|
|
|
| |
#verify
Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
specifying control strings for EVP_PKEY_CTX_ctrl_str().
https://github.com/ruby/openssl/commit/faf85d7c1d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up old version guards in preparation for the upcoming OpenSSL 3.0
support.
OpenSSL 1.0.1 reached its EOL on 2016-12-31. At that time, we decided
to keep 1.0.1 support because many major Linux distributions were still
shipped with 1.0.1. Now, nearly 4 years later, most Linux distributions
are reaching their EOL and it should be safe to assume nobody uses them
anymore. Major ones that were using 1.0.1:
- Ubuntu 14.04 is EOL since 2019-04-30
- RHEL 6 will reach EOL on 2020-11-30
LibreSSL 3.0 and older versions are no longer supported by the LibreSSL
team as of October 2020.
Note that OpenSSL 1.0.2 also reached EOL on 2019-12-31 and 1.1.0 also
did on 2018-08-31.
https://github.com/ruby/openssl/commit/c055938f4b
|
|
|
|
|
|
| |
Adds standard math abs fuction and revises uplus to return a duplicated object due to BN mutability
https://github.com/ruby/openssl/commit/0321b1e945
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ASN1_dup() will not copy the 'pkey' field of a PKCS7_SIGNER_INFO object
by design; it is a temporary field kept until the PKCS7 structure is
finalized. Let's bump reference counter of the pkey in the original
object and use it in the new object, too.
This commit also removes PKCS7#add_signer's routine to add the
content-type attribute as a signed attribute automatically. This
behavior was not documented or tested. This change should not break any
working user code since the method was completely useless without the
change above.
https://github.com/ruby/openssl/commit/20ca7a27a8
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The .include directive was initially added by OpenSSL 1.1.1, but the
syntax was later modified in 1.1.1b to improve compatibility with the
parser in <= 1.1.0. The test case expects 1.1.1b's parser.
https://github.com/openssl/openssl/commit/95f59d398c3f28f7ee50f092106c5910d25f9e30
The test case is failing on Ubuntu 18.04 because it still uses the
initial 1.1.1 release:
http://rubyci.s3.amazonaws.com/graviton2/ruby-master/log/20210316T120003Z.fail.html.gz
|
|
|
|
|
|
|
|
|
|
|
|
| |
AES CCM mode in OpenSSL <= 1.1.1b was overly strict in the parameters
assignment order. This has been relaxed by OpenSSL 1.1.1c.
https://github.com/openssl/openssl/commit/b48e3be947ddc5da6b5a86db8341081c72b9a4ee
The test case is failing on Ubuntu 18.04 because it still uses the
initial 1.1.1 release and has the issue:
http://rubyci.s3.amazonaws.com/graviton2/ruby-master/log/20210316T120003Z.fail.html.gz
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LibreSSL 3.2.4 made the certificate verification logic back closer to
pre-3.2.2 one, which is more compatible with OpenSSL.
Part of the fixes added by commit a0e98d48c91f ("Enhance TLS 1.3 support
on LibreSSL 3.2/3.3", 2020-12-03) is required for 3.2.2 and 3.2.3 only
(and ~3.3.1, however 3.3 does not have a stable release yet). Since both
releases are security fix, it should be safe to remove those special
treatment from our test suite.
While we are at it, TestSSL#test_ecdh_curves is split into TLS 1.2 and
TLS 1.3 variants for clarity.
https://github.com/ruby/openssl/commit/a9954bac22
|
|
|
|
|
|
|
|
|
|
| |
Made stored values `Symbol`s instead of `ID`s.
Fixes https://bugs.ruby-lang.org/issues/17625
Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com>
https://github.com/ruby/openssl/commit/f2d004679a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This defines TLS1_3_VERSION when using LibreSSL 3.2+. LibreSSL 3.2/3.3
doesn't advertise this by default, even though it will use TLS 1.3
in both client and server modes.
Changes between LibreSSL 3.1 and 3.2/3.3 broke a few tests, Defining
TLS1_3_VERSION by itself fixes 1 test failure. A few tests now
fail on LibreSSL 3.2/3.3 unless TLS 1.2 is set as the maximum version,
and this adjusts those tests. The client CA test doesn't work in
LibreSSL 3.2+, so I've marked that as pending.
For the hostname verification, LibreSSL 3.2.2+ has a new stricter
hostname verifier that doesn't like subjectAltName such as
c*.example.com and d.*.example.com, so adjust the related tests.
With these changes, the tests pass on LibreSSL 3.2/3.3.
https://github.com/ruby/openssl/commit/a0e98d48c9
|
|
|
|
|
|
|
|
|
|
|
|
| |
The underlying API SSL_CTX_set_tmp_ecdh_callback() was removed by
LibreSSL >= 2.6.1 and OpenSSL >= 1.1.0, in other words, it is not
supported by any non-EOL versions of OpenSSL.
The wrapper was initially implemented in Ruby 2.3 and has been
deprecated since Ruby/OpenSSL 2.0 (bundled with Ruby 2.4) with explicit
warning with rb_warn().
https://github.com/ruby/openssl/commit/ee037e1460
|
|
|
|
|
|
|
|
|
| |
X509::Store#add_cert
Rename the test case to test_add_cert_duplicate to clarify what it is
actually testing.
https://github.com/ruby/openssl/commit/4cc3c4110f
|
|
|
|
|
|
|
| |
The test case is huge and too complex. Break it up into separate test
cases for better documentation.
https://github.com/ruby/openssl/commit/61012df03b
|
|
|
|
|
|
|
| |
Anything passed to OpenSSL::X509::Store.new was always ignored. Let's
emit an explicit warning to not confuse users.
https://github.com/ruby/openssl/commit/d173700eeb
|
|
|
|
|
|
|
|
|
|
|
|
| |
given
Undo special treatment of nil and simply pass the value to
StringValueCStr().
nil was never a valid argument for the method; OpenSSL::X509::StoreError
with an unhelpful error message "system lib" was raised in that case.
https://github.com/ruby/openssl/commit/fb2fcbb137
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
values
SSLContext's verify_mode expects an SSL_VERIFY_* constant (an integer)
and verify_hostname expects either true or false. However, they are set
to nil after calling OpenSSL::SSL::SSLContext.new, which is surprising.
Set a proper value to them by default: verify_mode is set to
OpenSSL::SSL::VERIFY_NONE and verify_hostname is set to false by
default.
Note that this does not change the default behavior. The certificate
verification was never performed unless verify_mode is set to
OpenSSL::SSL::VERIFY_PEER by a user. The same applies to
verify_hostname.
https://github.com/ruby/openssl/commit/87d869352c
|
|
|
|
|
|
|
|
| |
Add explicit test cases for the behaviors with different verify_mode.
If we made a bug in verify_mode, we would notice it by failures of other
test cases, but there were no dedicated test cases for verify_mode.
https://github.com/ruby/openssl/commit/1ccdc05662
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current test_client_auth_public_key test case checks that supplying
a PKey containing only public components through client_cert_cb will
cause handshake to fail. While this is a correct behavior as a whole,
the assertions are misleading in the sense that giving a public key is
causing the failure. Actually, the handshake fails because a client
certificate is not supplied at all, as a result of ArgumentError that is
silently ignored.
Rename the test case to test_client_cert_cb_ignore_error and simplify it
to clarify what it is testing.
https://github.com/ruby/openssl/commit/785b5569fc
|
|
|
|
|
|
|
|
| |
Explicitly check for type given some conflicting statements within openssl's
documentation around EVP_PKEY_cmp and EVP_PKEY_ASN1_METHOD(3).
Add documentation with an example for compare?
https://github.com/ruby/openssl/commit/0bf51da6e2
|
|
|
|
|
|
| |
We ran into some Linux-based systems not accepting the upper case variant
https://github.com/ruby/openssl/commit/7bc49121d5
|
|
|
|
|
|
|
| |
OpenSSL::HMAC implements the similar interface as ::Digest. Let's add
base64digest methods to OpenSSL::HMAC, too, for feature parity.
https://github.com/ruby/openssl/commit/098bcb68af
|
|
|
|
| |
https://github.com/ruby/openssl/commit/8253d7c9ce
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate it for future removal. However, I do not expect any
application is affected by this.
The other form of calling it, PKey::EC::Point#mul(bn [, bn]) remains
untouched.
PKey::EC::Point#mul calls EC_POINTs_mul(3) when multiple BNs
are given as an array. LibreSSL 2.8.0 released on 2018-08 removed the
feature and OpenSSL 3.0 which is planned to be released in 2020 will
also deprecate the function as there is no real use-case.
https://github.com/ruby/openssl/commit/812de4253d
|
|
|
|
|
|
|
|
| |
Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive().
This is useful for pkey types that we don't have dedicated classes, such
as X25519.
https://github.com/ruby/openssl/commit/28f0059bea
|
|
|
|
|
|
|
|
| |
OpenSSL 1.1.1 added EVP_DigestSign() and EVP_DigestVerify() functions
to the interface. Some EVP_PKEY methods such as PureEdDSA algorithms
do not support the streaming mechanism and require us to use them.
https://github.com/ruby/openssl/commit/ae19454592
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
interface
Use EVP_DigestSign*() and EVP_DigestVerify*() interface instead of the
old EVP_Sign*() and EVP_Verify*() functions. They were added in OpenSSL
1.0.0.
Also, allow the digest to be specified as nil, as certain EVP_PKEY types
don't expect a digest algorithm.
https://github.com/ruby/openssl/commit/9ff6e5143b
|
|
|
|
|
|
|
| |
Add two methods to create a PKey using the generic EVP interface. This
is useful for the PKey types we don't have a dedicated class.
https://github.com/ruby/openssl/commit/d8e8e57de9
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix test_socket_open_with_local_address_port_context.
Often with MinGW, it seems EACCES is returned on bind when the port
number is unavailable. Ignore it just as we do for EADDRINUSE and
continue searching free port number.
Fixes: 98f8787b4687 ("test/openssl/test_ssl: fix random failure in
SSLSocket.open test", 2020-02-17)
https://github.com/ruby/openssl/commit/413b15526e
|
|
|
|
|
|
|
| |
Try PEM_read_bio_Parameters(). Only PEM format is supported at the
moment since corresponding d2i_* functions are not provided by OpenSSL.
https://github.com/ruby/openssl/commit/867e5c021b
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert OpenSSL::Config to using the OpenSSL API and remove our own
parser implementation for the config file syntax.
OpenSSL::Config now wraps a CONF object. Accessor methods deal with the
object directly rather than Ruby-level internal state.
This work is based on the old C code we used before 2010.
https://github.com/ruby/openssl/commit/c891e0ea89
|