Граф коммитов

23 Коммитов

Автор SHA1 Сообщение Дата
rhe be1baf4a9a openssl: implement initialize_copy method for PKey classes
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c,
  ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement
  initialize_copy method for OpenSSL::PKey::*.
  [ruby-core:75504] [Bug #12381]

* test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb,
  test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they
  actually copy the OpenSSL objects, and modifications to cloned object
  don't affect the original object.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 09:29:59 +00:00
rhe f52ab6e494 openssl: improve handling of password for encrypted PEM
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the
  argument to String with StringValue() and validate the length is in
  4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers.
  (ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we
  used to pass the password to PEM_def_callback() directly but it was
  problematic. It is not NUL character safe. And surprisingly, it
  silently truncates the password to 1024 bytes.  [GH ruby/openssl#51]

* ext/openssl/ossl.h: Add function prototype declaration of newly
  added ossl_pem_passwd_value().

* ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use
  ossl_pem_passwd_value() to validate the password String.

* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export):
  ditto.

* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize,
  ossl_ec_key_to_string): ditto.

* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export):
  ditto.

* test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-20 15:05:25 +00:00
rhe c8cb26252a openssl: clear OpenSSL error queue before return to Ruby
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
  family may put errors on 0 return (0 means verification failure).
  Clear OpenSSL error queue before return to Ruby. Since the queue is
  thread global, remaining errors in the queue can cause an unexpected
  error in the next OpenSSL operation.  [ruby-core:48284] [Bug #7215]

* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.

* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.

* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.

* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
  queue before re-raising exception.

* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.

* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.

* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.

* test/openssl: check that OpenSSL.errors is empty every time after
  running a test case.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18 04:07:47 +00:00
naruse 3e92b635fb Add frozen_string_literal: false for all files
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16 05:07:31 +00:00
nobu af06381332 test/openssl: skip old OpenSSL
* test/openssl/utils.rb (OpenSSL::TestUtils): ignore out-of-date
  OpenSSL before 1.0.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-13 03:05:43 +00:00
hsbt 51ee0a634e * test/openssl/test_pkey_rsa.rb (OpenSSL#test_sign_verify_memory_leak):
added timeout into testcase for low performance environment.
  [Bug #9984][ruby-core:63367]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47362 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-09-03 02:33:18 +00:00
nobu a39b88d2fd ossl_pkey.c: fix memory leak
* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
  finalizes only a copy of the digest context, the context must be
  cleaned up after initialization by EVP_MD_CTX_cleanup() or a
  memory leak will occur.  [ruby-core:62038] [Bug #9743]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45595 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-04-16 00:51:18 +00:00
emboss 5bd7899b98 * ext/openssl/ossl.c
ext/openssl/ossl_pkey_rsa.c
  ext/openssl/ossl_pkey_dsa.c
  ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less
  than four characters long, as OpenSSL itself does not allow this.
  Issue found by Eric Hodel.
* ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem,
  following the PKey interface contract.
* test/openssl/test_pkey_dsa.rb
  test/openssl/test_pkey_rsa.rb
  test/openssl/test_pkey_ec.rb: Add tests that assert correct
  behaviour when dealing with passwords that are less than four
  characters long.
  [ruby-core: 42281][ruby-trunk - Bug #5951]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10 01:23:21 +00:00
nahi be4f7bf512 * Make sure to clear $! when ignoring an exception
* ext/openssl/ossl.c (ossl_pem_passwd_cb0, ossl_verify_cb): 
  pem_passwd_cb and verify_cb ignores the exception raised in a 
  callback proc so it should clear $! for subsequent execution. 

  That's said, both subsequent processes for pem_passwd_cb and 
  verify_cb raises another exception before leaking $! to Ruby world.
  We cannot test this fix in Ruby land.

* test/openssl/test_pkey_rsa.rb
  (test_read_private_key_pem_pw_exception): Test for pem_passwd_cb + 
  exception.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34078 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-12-20 06:06:46 +00:00
nahi ab682d95e0 * ext/openssl/ossl_pkey_rsa.c (rsa_generate): [SECURITY] Set RSA
exponent value correctly.  Awful bug.  This bug caused exponent of
  generated key to be always '1'.  By default, and regardless of e
  given as a parameter.
    
  !!! Keys generated by this code (trunk after 2011-09-01) must be 
  re-generated !!! (ruby_1_9_3 is safe)
        
* test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
  specifying exponent by a parameter.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-11-04 05:12:31 +00:00
nahi d3507e3ea6 * Release GVL while OpenSSL's public key generation.
t = Thread.new { print "."; sleep 0.1 }
    key = OpenSSL::PKey::RSA.new(2048)
    #=> Thread t works in parallel with public key generation if
        OS/machine allows it.

  This works with OpenSSL >= 0.9.8. From this version, it has new 
  public key generation function which allows us to interrupt the
  execution while pkey generation iterations.

* ext/openssl/extconf.rb: Check existence of OpenSSL's new public key
  generation function. (DH_generate_parameters_ex,
  DSA_generate_parameters_ex and RSA_generate_key_ex.

* ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2,
  ossl_generate_cb_stop): Added new callback function for OpenSSL pkey
  generation which handles Thread interruption by Ruby.
  ossl_generate_cb_stop is the unblock function(ubf) for Ruby which
  sets a stop flag. New pkey generation callback ossl_generate_cb_2
  checks the stop flag at each iterations of OpenSSL and interrupts
  pkey generation when the flag is set.

* ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call
  rb_thread_blocking_region with the above unblock function to release
  GVL while pkey generation.

* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.

* ext/openssl/ossl_pkey_dh.c (dh_generate): ditto.

* test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-09-01 07:42:29 +00:00
emboss 26cb830df9 * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER
fallback scenarios.

* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.

* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
  ossl_raise. This automatically flushes OpenSSL's error queue.

* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
  fails.

* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
  empty.

* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
  test_new.
  [ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22 08:41:08 +00:00
naruse bfa6c6b41b Clear error messages before process and get errors. [ruby-dev:43791] [Bug #4879]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32076 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-14 01:38:56 +00:00
emboss bbb3cfb12b * ext/openssl/ossl_pkey.c: added PKey.read module function that allow
reading arbitrary public/private keys from DER-/PEM-encoded File or
  string instances.
* ext/openssl/ossl_pkey_dh.c: improved documentation.
* test/openssl/utils.rb: added EC test key.
* test/openssl/test_pkey_rsa.rb
  test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from 
  OpenSSL::TestUtils.
* test/openssl/test_pkey_ec.rb: Created test file for EC tests.
  Test PKey.read.
  [Ruby 1.9 - Feature #4424] [ruby-core:35330]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12 20:39:38 +00:00
emboss 1fae66fca2 * test/openssl/test_pkey_rsa.rb: Add tests for sign/verify.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31640 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-05-18 22:50:35 +00:00
emboss 4ccb387f3b Sat May 14 12:00:54 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* test/openssl/test_pkey_dsa.rb: Add basic tests and tests that 
	ensure new public key PEM encoding behavior and ensure backward 
	compatibility.
	[Ruby 1.9 - Bug #4422] [ruby-core:35328]
	* test/openssl/test_pkey_rsa.rb: Remove line with 'puts'.

previous revision: 31561



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-05-14 03:14:33 +00:00
emboss ad10cfeb52 Sat May 14 10:32:36 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* test/openssl/test_pkey_rsa.rb: Add tests that ensure new public key
	encoding behavior and also ensure backward compatibility.
	[Ruby 1.9 - Bug #4421, Bug #4422] [ruby-core:35327,35328]

previous revision: 31559



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31560 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-05-14 01:33:58 +00:00
emboss e16d6108c0 Sat May 14 05:08:32 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl_digest.c
	* ext/openssl/ossl_pkey.c
	* ext/openssl/ossl_pkey.h
	* test/openssl/pkey/test_pkey_rsa.rb
	Reverted premature commit. Sorry for the noise!

Previous revision: 31555



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-05-13 20:10:27 +00:00
emboss cb57042bee Sat May 14 04:19:06 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* NEWS: Describe altered behaviour for RSA and DSA public key
	encoding. [Ruby 1.9 - Bug #4421, Bug #4422]
	[ruby-core:35327,35328]

Previous revision: 31553



git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-05-13 19:25:18 +00:00
naruse d5b1fde5c7 * ext/openssl/ossl_pkey_dh.c (ossl_dh_initialize):
pop pushed error after each try of reading. fixes #4550

* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.

* ext/openssl/ossl_pkey_ec.c (ossl_ec_initialize): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31244 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-04-06 06:14:05 +00:00
tenderlove 033cea7d8e drying up the requires in the openssl tests
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2010-12-15 19:50:00 +00:00
gotoyuzo 246f5cfe67 * ext/openssl/ossl_pkey.h, ossl_pkey_rsa.c, ossl_pkey_dsa.c:
an instance variable "private" is added to OpenSSL::PKey class.
  this ivar is a flag that shows whether there is a private key
  in the instance.

* ext/openssl/ossl_engine.c: (ossl_engine_load_privkey): set private
  key flag.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2005-09-18 22:56:11 +00:00
gotoyuzo dd92742ce1 * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
  ossl_rsa_private_decrypt): should take an optional argument
  to specify padding mode. [ruby-talk:122539]

* ext/openssl/ossl_pkey_rsa.c (Init_ossl_rsa): add new constants
  PKCS1_PADDING, SSLV23_PADDING, NO_PADDING and PKCS1_OAEP_PADDING
  under OpenSSL::PKey::RSA.

* test/openssl/test_pkey_rsa.rb: new file.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7465 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2004-12-05 16:36:26 +00:00