Граф коммитов

383 Коммитов

Автор SHA1 Сообщение Дата
Yusuke Endoh 75751dca2b test/openssl/utils.rb: Extend the timeout for armv7l
https://rubyci.org/logs/rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20190607T051708Z.fail.html.gz
2019-06-07 23:37:55 +09:00
Jeremy Evans b8af33e63b Skip one assertion for OpenSSL::PKey::EC::Point#mul on LibreSSL
LibreSSL 2.8.0+ does not support multiple elements in the first
argument.
2019-06-06 21:46:36 -07:00
Yusuke Endoh 7e403dc6c8 test/openssl/utils.rb: Extend the timeout
https://rubyci.org/logs/rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20190606T171708Z.fail.html.gz
2019-06-07 09:26:40 +09:00
Yusuke Endoh 1e54903684 test/openssl: Support OpenSSL 1.1.1
OpenSSL 1.1.1 rejects some shorter keys, which caused some failures of
`make test-all TESTS=openssl`.

https://rubyci.org/logs/rubyci.s3.amazonaws.com/debian/ruby-master/log/20190606T003005Z.fail.html.gz

This change merges 6bbc31ddd1 and 63fb3a36d1 in
https://github.com/ruby/openssl.
Reference: https://github.com/ruby/openssl/pull/217
2019-06-06 14:20:58 +09:00
Hiroshi SHIBATA 3c77ef9adc
Ignore warnings about ambiguous first argument with the negative integer. 2019-06-01 15:07:35 +03:00
mame 82632d4c0c ext/openssl/ossl_bn.c (ossl_bn_initialize): get rid of SEGV
OpenSSL::BN.new(nil, 2) dumped core.

[ruby-core:92231] [Bug #15760]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67506 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-04-10 12:57:39 +00:00
kazu 25c1fd3b90 Reverting all commits from r67479 to r67496 because of CI failures
Because hard to specify commits related to r67479 only.
So please commit again.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-04-10 09:15:21 +00:00
mame 83fc324d1d ext/openssl/ossl_bn.c (ossl_bn_initialize): get rid of SEGV
OpenSSL::BN.new(nil, 2) dumped core.

[ruby-core:92231] [Bug #15760]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67497 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2019-04-10 08:03:47 +00:00
rhe 93bc102727 openssl: sync with upstream repository
Import current master (01b23fa8eee2) of ruby/openssl.git.

----------------------------------------------------------------
Kazuki Yamaguchi (3):
      x509name: fix OpenSSL::X509::Name#{cmp,<=>}
      Ruby/OpenSSL 2.0.9
      Ruby/OpenSSL 2.1.2

nobu (2):
      needs openssl/opensslv.h
      Remove -Wno-parentheses flag.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65139 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-10-18 00:24:49 +00:00
rhe a0f292bbcd openssl: sync with upstream repository
Sync with the current tip of master branch, 62436385306c of
ruby/openssl.git. Changes can be found at:

	https://github.com/ruby/openssl/compare/v2.1.1...62436385306c

----------------------------------------------------------------
Brian Cunnie (1):
      Correctly verify abbreviated IPv6 SANs

Janko Marohnić (1):
      Reduce memory allocation when writing to SSLSocket

Jeremy Evans (1):
      Move rb_global_variable call to directly after assignment

Kazuki Yamaguchi (7):
      pkcs7: allow recipient's certificate to be omitted for PKCS7#decrypt
      pkey: resume key generation after interrupt
      tool/ruby-openssl-docker: update to latest versions
      test/test_ssl: fix test failure with TLS 1.3
      test/test_x509name: change script encoding to ASCII-8BIT
      x509name: refactor OpenSSL::X509::Name#to_s
      x509name: fix handling of X509_NAME_{oneline,print_ex}() return value

ahadc (1):
      Update CONTRIBUTING.md

nobu (6):
      no ID cache in Init functions
      search winsock libraries explicitly
      openssl: search winsock
      openssl_missing.h: constified
      reduce LibreSSL warnings
      openssl/buffering.rb: no RS when output

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-08-08 14:13:53 +00:00
rhe 961cbe5262 openssl: merge changes in v2.1.1
Commits in upstream repository since v2.1.0 can be found at:

	https://github.com/ruby/openssl/compare/v2.1.0...v2.1.1

----------------------------------------------------------------
Kazuki Yamaguchi (7):
      test/utils: disable Thread's report_on_exception in start_server
      cipher: validate iterations argument for Cipher#pkcs5_keyivgen
      extconf.rb: fix build with LibreSSL 2.7.0
      test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
      test/test_ssl_session: set client protocol version explicitly
      Ruby/OpenSSL 2.0.8
      Ruby/OpenSSL 2.1.1

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63406 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2018-05-12 07:33:53 +00:00
rhe 42c4ca634d openssl: suppress report_on_exception warning
Import a commit from upstream:

	33a67ac96492 test/utils: disable Thread's report_on_exception in start_server

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-15 08:19:32 +00:00
rhe ed2b4d0a42 openssl: import v2.1.0
Import Ruby/OpenSSL 2.1.0. Commits since v2.1.0.beta2 can be found at:

	https://github.com/ruby/openssl/compare/v2.1.0.beta2...v2.1.0

----------------------------------------------------------------
Kazuki Yamaguchi (8):
      test/test_ssl: prevent changing default internal encoding
      ssl: remove a misleading comment
      pkey/ec: rearrange PKey::EC::Point#initialize
      ssl: remove unreachable code
      asn1: fix docs
      pkey/ec: add support for octet string encoding of EC point
      Ruby/OpenSSL 2.0.7
      Ruby/OpenSSL 2.1.0

eregon (1):
      Fix test-all tests to avoid creating report_on_exception warnings

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61235 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-14 11:19:16 +00:00
eregon 15689ed778 Fix test-all tests to avoid creating report_on_exception warnings
* The warnings are shown by Thread.report_on_exception defaulting to
  true. [Feature #14143] [ruby-core:83979]
* Improves tests by narrowing down the scope where an exception
  is expected.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61188 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-12-12 18:44:49 +00:00
rhe a996893397 openssl: sync with 2475d94517b4
Merge a commit from upstream:

	01445af367ec test/test_ssl: prevent changing default internal encoding

OpenSSL::TestSSL#test_fallback_scsv could change the default internal
encoding accidentally, causing other unrelated test cases to fail.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60911 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-11-26 10:33:32 +00:00
rhe a55320b093 openssl: import v2.1.0.beta2
Import Ruby/OpenSSL 2.1.0.beta2. The full commit log since commit
e72d960db262 which was imported by r60013 can be found at:

	https://github.com/ruby/openssl/compare/e72d960db262...v2.1.0.beta2

----------------------------------------------------------------
Kazuki Yamaguchi (26):
      bn: use ALLOCV() macro instead of xmalloc()
      appveyor.yml: remove 'openssl version' line
      test/test_ssl_session: skip tests for session_remove_cb
      x509ext: implement X509::Extension#==
      x509attr: implement X509::Attribute#==
      x509cert: implement X509::Certificate#==
      x509revoked: add missing X509::Revoked#to_der
      x509crl, x509revoked: implement X509::{CRL,Revoked}#==
      x509req: implement X509::Request#==
      ssl: extract rb_intern("call")
      cipher: disallow setting AAD for non-AEAD ciphers
      test/test_cipher: fix test_non_aead_cipher_set_auth_data failure
      ssl: fix conflict of options in SSLContext#set_params
      buffering: let #write accept multiple arguments
      pkey: make pkey_check_public_key() non-static
      x509cert, x509crl, x509req, ns_spki: check sanity of public key
      test/envutil: port assert_warning from Ruby trunk
      test/utils: remove a pointless .public_key call in issue_cert
      ssl: add SSLContext#add_certificate
      test/test_ssl: fix test_security_level
      Drop support for LibreSSL 2.4
      kdf: add HKDF support
      test/test_x509cert: fix flaky test
      test/test_x509crl: fix random failure
      History.md: fix a typo
      Ruby/OpenSSL 2.1.0.beta2

Mark Wright (1):
      Fix build failure against OpenSSL 1.1 built with no-deprecated Thanks rhenium for the code review and fixes.

Peter Karman (1):
      Add RSA sign_pss() and verify_pss() methods

aeris (1):
      TLS Fallback Signaling Cipher Suite Value

kazu (1):
      Use caller with length to reduce unused strings

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60907 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-11-25 14:12:08 +00:00
rhe 51423bd9ce openssl: pull test case from upstream commit 62af0446569a
The test case added by r60310 ("fix OpenSSL::SSL::SSLContext#min_version
doesn't work", 2017-10-21) does not pass with OpenSSL >= 1.1.0 or
LibreSSL >= 2.6.0. Check that the default 'min_version' value is
properly enforced by actually attempting a handshake rather than by
inspecting the SSL option flags.  [ruby-core:83479] [Bug #14039]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60636 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-11-04 06:56:16 +00:00
rhe 66fd565153 openssl: merge test fix from upstream
Merge a commit from upstream:

	d1cbf6d75280 test/test_ssl_session: skip tests for session_remove_cb

Tests using SSL::SSLContext#session_remove_cb= are now skipped.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60318 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-10-21 20:26:26 +00:00
naruse 8cbf2dae5a fix OpenSSL::SSL::SSLContext#min_version doesn't work
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60310 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-10-21 16:25:19 +00:00
rhe fdd01b5356 openssl: import e72d960db262
Sync with master branch of ruby/openssl.git to import changes in
v2.1.0.beta1..v2.0.6. The commit log since v2.1.0.beta1 which was
imported by r59734 can be found at:

	https://github.com/ruby/openssl/compare/v2.1.0.beta1...e72d960db262

----------------------------------------------------------------
Kazuki Yamaguchi (16):
      test/test_pair: fix test_write_nonblock{,_no_exceptions}
      x509name: fix a typo in docs
      test/test_fips: skip if setting FIPS mode fails
      test/test_asn1: fix possible failure in test_utctime
      test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel
      test/test_pair: disable compression
      test/test_ssl: skip tmp_ecdh_callback test for LibreSSL >= 2.6.1
      test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1
      tool/ruby-openssl-docker: update
      test/test_pair: replace sleep with IO.select
      ssl: prevent SSLSocket#sysread* from leaking uninitialized data
      ossl.c: use struct CRYPTO_dynlock_value for non-dynamic locks
      ossl.c: make legacy locking callbacks reentrant
      test/test_engine: suppress stderr
      test/test_engine: check if RC4 is supported
      Ruby/OpenSSL 2.0.6

SHIBATA Hiroshi (1):
      To use upstream url of github

nobu (1):
      ruby.h: unnormalized Fixnum value

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60013 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-24 16:26:22 +00:00
rhe d0cdb26c75 openssl: merge test fixes from upstream, part 2
This is a combined patch of the following two commits in maint:

	a09d8c78dd30 test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel
	de965374ee85 test/test_pair: disable compression

This hopefully fixes the RubyCI gentoo failure:

	http://rubyci.s3.amazonaws.com/gentoo/ruby-trunk/log/20170912T033004Z.fail.html.gz

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59857 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-12 13:52:51 +00:00
nobu 65b87de350 ruby.h: unnormalized Fixnum value
* include/ruby/ruby.h (ST2FIX): fix unnormalized Fixnum value bug
  on mingw/mswin.  [ruby-core:82687] [Bug #13877]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59765 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-07 03:24:08 +00:00
rhe d68a6b3ebe openssl: merge test fixes from upstream
Fix platform-dependent or fragile test cases added by r59734. This is a
combined patch of the three commits below:

	4fc17977350a test/test_fips: skip if setting FIPS mode fails
	b25179fbeebf test/test_asn1: fix possible failure in test_utctime
	8ed81ff4b0a8 test/test_pair: fix test_write_nonblock{,_no_exceptions}

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59751 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-05 09:47:59 +00:00
rhe 609103dbb5 openssl: import v2.1.0.beta1
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5
(imported by r59567) can be found at:

	https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1

----------------------------------------------------------------
Antonio Terceiro (1):
      test/test_ssl: explicitly accept TLS 1.1 in corresponding test

Colby Swandale (1):
      document using secure protocol to fetch git master in Bundler

Colton Jenkins (1):
      Add fips_mode_get to return fips_mode

Kazuki Yamaguchi (85):
      Start preparing for 2.1.0
      Remove support for OpenSSL 0.9.8 and 1.0.0
      bn: refine tests
      bn: implement unary {plus,minus} operators for OpenSSL::BN
      bn: implement OpenSSL::BN#negative?
      Don't define main() when built with --enable-debug
      test: let OpenSSL::TestCase include OpenSSL::TestUtils
      test: prepare test PKey instances on demand
      Add OpenSSL.print_mem_leaks
      Enable OSSL_MDEBUG on CI builds
      ssl: move default DH parameters from OpenSSL::PKey::DH
      Make exceptions with the same format regardless of OpenSSL.debug
      ssl: show reason of 'certificate verify error' in exception message
      ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
      ssl: do not confuse different ex_data index registries
      ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
      Fix RDoc markup
      ssl: suppress compiler warning
      ext/openssl/deprecation.rb: remove broken-apple-openssl
      extconf.rb: print informative message if OpenSSL can't be found
      Rakefile: compile the extension before test
      kdf: introduce OpenSSL::KDF module
      ossl.h: add NUM2UINT64T() macro
      kdf: add scrypt
      Expand rb_define_copy_func() macro
      Expand FPTR_TO_FD() macro
      Remove SafeGet*() macros
      cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()
      digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()
      Add ossl_str_new(), an exception-safe rb_str_new()
      bio: simplify ossl_membio2str() using ossl_str_new()
      Remove unused functions and macros
      Drop support for LibreSSL 2.3
      ocsp: add OpenSSL::OCSP::Request#signed?
      asn1: infinite length -> indefinite length
      asn1: rearrange tests
      ssl: remove a needless NULL check in SSL::SSLContext#ciphers
      ssl: return nil in SSL::SSLSocket#cipher if session is not started
      asn1: remove an unnecessary function prototype
      asn1: require tag information when instantiating generic type
      asn1: initialize 'unused_bits' attribute of BitString with 0
      asn1: check for illegal 'unused_bits' value of BitString
      asn1: disallow NULL to be passed to asn1time_to_time()
      asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
      asn1: allow constructed encoding with definite length form
      asn1: prohibit indefinite length form for primitive encoding
      asn1: allow tag number to be >= 32 for universal tag class
      asn1: use ossl_asn1_tag()
      asn1: clean up OpenSSL::ASN1::Constructive#to_der
      asn1: harmonize OpenSSL::ASN1::*#to_der
      asn1: prevent EOC octets from being in the middle of the content
      asn1: do not treat EOC octets as part of content octets
      x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry
      ssl: do not call session_remove_cb during GC
      Backport "Merge branch 'topic/test-memory-leak'" to maint
      cipher: update the documentation for Cipher#auth_tag=
      Rakefile: let sync:to_ruby know about test/openssl/fixtures
      test: fix formatting
      test/utils: remove OpenSSL::TestUtils.silent
      test/utils: add SSLTestCase#tls12_supported?
      test/utils: have start_server yield only the port number
      test/utils: do not set ecdh_curves in start_server
      test/utils: let server_loop close socket
      test/utils: improve error handling in start_server
      test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
      test/utils: do not use DSA certificates in SSL tests
      test/test_ssl: remove test_invalid_shutdown_by_gc
      test/test_ssl: move test_multibyte_read_write to test_pair
      test/test_ssl_session: rearrange tests
      test/test_pair, test/test_ssl: fix for TLS 1.3
      ssl: remove useless call to rb_thread_wait_fd()
      ssl: fix NPN support
      ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private
      ssl: use 2048-bit group in the default tmp_dh_cb
      ssl: ensure that SSL option flags are non-negative
      ssl: update OpenSSL::SSL::OP_* flags
      ssl: prefer TLS_method() over SSLv23_method()
      ssl: add SSLContext#min_version= and #max_version=
      ssl: rework SSLContext#ssl_version=
      test/test_x509name: change script encoding to ASCII-8BIT
      x509name: refactor OpenSSL::X509::Name#to_s
      x509name: add OpenSSL::X509::Name#to_utf8
      x509name: add OpenSSL::X509::Name#inspect
      x509name: update regexp in OpenSSL::X509::Name.parse
      Ruby/OpenSSL 2.1.0.beta1

Marcus Stollsteimer (1):
      Fix rdoc for core Integer class

nobu (4):
      [DOC] {read,write}_nonblock with exception: false
      [DOC] keyword argument _exception_
      [DOC] mark up literals
      Revert r57690 except for read_nonblock

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-03 12:35:27 +00:00
rhe df94c66f71 openssl: import v2.0.5
Import Ruby/OpenSSL 2.0.5. The full commit history since v2.0.4
(imported at r59081) can be found at:

	https://github.com/ruby/openssl/compare/v2.0.4...v2.0.5

This will fix the test failure on latest Debian sid and the "no
OPENSSL_Applink" issue on mswin.

----------------------------------------------------------------
Kazuki Yamaguchi (11):
      test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
      bio: prevent possible GC issue in ossl_obj2bio()
      bio: do not use the FILE BIO method in ossl_obj2bio()
      Rakefile: install_dependencies: install only when needed
      appveyor.yml: test against Ruby 2.4
      ossl_pem_passwd_cb: relax passphrase length constraint
      ossl_pem_passwd_cb: do not check for taintedness
      ossl_pem_passwd_cb: handle nil from the block explicitly
      ssl: remove unsupported TLS versions from SSLContext::METHODS
      ssl: fix compile error with OpenSSL 1.0.0
      Ruby/OpenSSL 2.0.5

Lars Kanis (1):
      Add msys2 library dependency tag in gem metadata

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59567 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-08-10 09:23:45 +00:00
rhe 9eb92007b6 openssl: import v2.0.4
Import Ruby/OpenSSL 2.0.4. Only bug (and typo) fixes. The full commit
history since v2.0.3 (imported at r57482) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.3...v2.0.4

This contains the fix for [Bug #11033].

----------------------------------------------------------------
Jun Aruga (1):
      Update .travis.yml and Dockerfile

Kazuki Yamaguchi (9):
      test/test_pkey_ec: do not use dummy 0 order
      test/test_ssl: fix typo in test_sysread_and_syswrite
      ssl: check return value of SSL_set_fd()
      Fix typos
      test/test_x509store: skip OpenSSL::TestX509Store#test_set_errors
      tool/sync-with-trunk: 'LASY' -> 'LAST'
      x509store: clear error queue after calling X509_LOOKUP_load_file()
      extconf.rb: simplify searching libraries logic
      Ruby/OpenSSL 2.0.4

SHIBATA Hiroshi (1):
      Fix typos

Vladimir Rybas (1):
      Fix documentation for OpenSSL::Cipher#final

nobu (2):
      openssl: fix broken openssl check
      openssl: fix broken openssl check

usa (1):
      Search SSL libraries by testing various filename patterns

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59081 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-06-14 09:49:09 +00:00
rhe 3acda398d5 openssl: avoid segfault during running tests on Ubuntu trusty
Import the commit 6693a549d673 ("test/test_pkey_ec: do not use dummy 0
order", 2017-02-03) from upstream. Hopefully this will fix the segfault
on RubyCI icc16-x64:

  http://rubyci.org/logs/rubyci.s3.amazonaws.com/icc-x64/ruby-trunk/log/20170301T050002Z.fail.html.gz

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-03-01 10:15:55 +00:00
rhe 8795838fcb openssl: import v2.0.3
Import Ruby/OpenSSL 2.0.3. Only bugfixes. The full commit log since
2.0.2 (imported at r57146) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.2...v2.0.3

----------------------------------------------------------------
Corey Bonnell (1):
      Fix for ASN1::Constructive 'each' implementation

Kazuki Yamaguchi (10):
      Fix build with static OpenSSL libraries on Windows
       ([ruby-core:78878] [Bug #13080])
      Merge pull request #96 from CBonnell/master
      Merge branch 'topic/windows-static-linking-without-pkg-config' into maint
      appveyor.yml: update OpenSSL version to 1.0.2j
      buffering: fix typo in doc
      test/envutil: fix assert_raise_with_message
      x509: fix OpenSSL::X509::Name#eql?
       ([ruby-core:79310] [Bug #13170])
      ruby-openssl-docker: update versions of Ruby and OpenSSL
      .travis.yml: test with Ruby 2.4
      Ruby/OpenSSL 2.0.3

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-01-31 10:08:22 +00:00
rhe 0c83666c6c openssl: import v2.0.1
Import Ruby/OpenSSL 2.0.1. The full commit history since 2.0.0 (imported
at r56946) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.0...v2.0.1

This release contains only bug fixes. Note, the first two commits since
v2.0.0 are already imported at r56953 to make Travis and RubyCI green.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57041 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-10 08:12:02 +00:00
rhe 95dbfe0dfc openssl: import fixes from upstream
Import the following two commits from upstream:

  commit 72126d6c8b88abd69c3565fc3bbbd5ed1e401611
  Author: Kazuki Yamaguchi <k@rhe.jp>
  Date:   Thu Dec 1 22:27:03 2016 +0900

      pkey: check existence of EVP_PKEY_get0()

      EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define
      ourselves if needed.

  commit 94a1c4e0c5705ad1e9a4ca08cacaa6cba8b1e6f5
  Author: Kazuki Yamaguchi <k@rhe.jp>
  Date:   Thu Dec 1 22:13:22 2016 +0900

      test/test_cipher: fix test with OpenSSL 1.0.1 before 1.0.1d

      Set the authentication tag before the AAD when decrypting.

      Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext
      in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in
      OpenSSL 1.0.1d), the authentication tag must be set before any calls of
      EVP_CipherUpdate().

They should fix build on CentOS 5 and Ubuntu 12.04 respectively.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-12-01 04:42:10 +00:00
rhe aab0d67a1f openssl: import v2.0.0
Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2
(imported at r56098) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30 14:41:46 +00:00
nobu 34ac59c81e openssl/ut_eof.rb: rename TestEOF
* test/openssl/ut_eof.rb (OpenSSL::TestEOF): move TestEOF module
  under OpenSSL to get rid of conflict with test/ruby/ut_eof.rb.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56578 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-05 07:10:05 +00:00
rhe 014da9124a openssl: really fix test failure on Ubuntu 16.04
* test/openssl/test_ssl.rb (test_ctx_options): Fix test failure on
  Ubuntu 16.04. The fix in r56147 was incomplete. This is a cherry-pick
  of the commit b039f3e268c2 at ruby/openssl.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56178 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-17 10:19:25 +00:00
rhe b4d0e5a4fb openssl: workaround for Ubuntu's patched OpenSSL
* test/openssl/test_ssl.rb (test_ctx_options): Add a workaround for
  patched OpenSSL to fix the Ruby CI failure on Ubuntu 16.04.
  http://rubyci.s3.amazonaws.com/ubuntu/ruby-trunk/log/20160913T033003Z.fail.html.gz
  This commit is a cherry-pick of the following commit at ruby/openssl:
  f9c04779a8

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56147 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-13 05:59:53 +00:00
rhe a128c0d33f openssl: import v2.0.0.beta.2
* {ext,test}/openssl: Import Ruby/OpenSSL 2.0.0.beta.2. The full commit
  history since v2.0.0.beta.1 can be found at:
  https://github.com/ruby/openssl/compare/v2.0.0.beta.1...v2.0.0.beta.2

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-09-08 01:09:19 +00:00
rhe c9dc0164b8 import Ruby/OpenSSL 2.0.0.beta.1
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1.
  ext/openssl is now converted into a default gem. The full commit
  history since r55538 can be found at:
  https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1
  [Feature #9612]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 05:47:09 +00:00
normal 7513d54659 openssl: avoid undefined behavior on empty SSL_write
SSL_write(3ssl) manpage has this in the WARNINGS section:

       When calling SSL_write() with num=0 bytes to be sent the
       behaviour is undefined.

And indeed, the new test case demonstrates failures when
empty strings are used.  So, match the behavior of IO#write,
IO#write_nonblock, and IO#syswrite by returning zero, as the
OpenSSL::SSL::SSLSocket API already closely mimics the IO one.

* ext/openssl/ossl_ssl.c (ossl_ssl_write_internal):
  avoid undefined behavior
* test/openssl/test_pair.rb (test_write_zero): new test
  [ruby-core:76751] [Bug #12660]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55822 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-06 21:50:10 +00:00
nobu e7440de279 test: use assert_include
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55757 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-07-26 13:02:33 +00:00
nobu 38f6fe64aa Refine assertion
* test/openssl/test_ocsp.rb: assert_in_delta for better message.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55503 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-25 02:32:06 +00:00
rhe 5ff2e41845 openssl: ignore test failure caused by LibreSSL bug
* test/openssl/test_ocsp.rb: Ignore errors caused by bugs that exist in
  LibreSSL >= 2.3.1.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55502 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-25 01:08:15 +00:00
rhe 102815b046 openssl: add OpenSSL::OCSP::SingleResponse
* ext/openssl/ossl_ocsp.c: Add OCSP::SingleResponse that represents an
  OCSP SingleResponse structure. Also add two new methods #responses
  and #find_response to OCSP::BasicResponse. A BasicResponse has one or
  more SingleResponse. We have OCSP::BasicResponse#status that returns
  them as an array of arrays, each containing the content of a
  SingleResponse, but this is not useful. When validating an OCSP
  response, we need to look into the each SingleResponse and check their
  validity but it is not simple. For example, when validating for a
  certificate 'cert', the code would be like:

    # certid_target is an OpenSSL::OCSP::CertificateId for cert
    basic = res.basic
    result = basic.status.any? do |ary|
      ary[0].cmp(certid_target) &&
        ary[4] <= Time.now && (!ary[5] || Time.now <= ary[5])
    end

  Adding OCSP::SingleResponse at the same time allows exposing
  OCSP_check_validity(). With this, the code above can be rewritten as:

    basic = res.basic
    single = basic.find_response(certid_target)
    result = single.check_validity

* test/openssl/test_ocsp.rb: Test this.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55457 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 12:26:27 +00:00
rhe f31f1f1adf openssl: implement initialize_copy for OpenSSL::OCSP::*
* ext/openssl/ossl_ocsp.c: Implement OCSP::{CertificateId,Request,
  BasicResponse,Response}#initialize_copy.
  [ruby-core:75504] [Bug #12381]

* test/openssl/test_ocsp.rb: Test them.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55455 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 09:42:29 +00:00
rhe be1baf4a9a openssl: implement initialize_copy method for PKey classes
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c,
  ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement
  initialize_copy method for OpenSSL::PKey::*.
  [ruby-core:75504] [Bug #12381]

* test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb,
  test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they
  actually copy the OpenSSL objects, and modifications to cloned object
  don't affect the original object.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 09:29:59 +00:00
rhe c2158dd55e openssl: avoid test crash on Ubuntu 16.04
* test/openssl/test_pkey_ec.rb (setup): Don't call EC#generate_key! for
  Oakley-* curves. This causes an odd error on Ubuntu 16.04 with openssl
  1.0.2g-1ubuntu4.1.

    begin
      OpenSSL::PKey::EC.new("Oakley-EC2N-4").generate_key
    rescue
      p $!
    end
    OpenSSL::PKey::RSA.new(512)

  This sometimes causes:

    #<OpenSSL::PKey::ECError: EC_KEY_generate_key: pairwise test failed>
    fips.c(139): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE

  [ruby-dev:49670] [Bug #12504]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55444 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-18 09:10:19 +00:00
rhe 2851f19f49 openssl: allow specifying hash algorithm in OCSP::*#sign
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_sign, ossl_ocspbres_sign): Allow
  specifying hash algorithm used in signing. They are hard coded to use
  SHA-1.
  Based on a patch provided by Tim Shirley <tidoublemy@gmail.com>.
  [ruby-core:70915] [Feature #11552] [GH ruby/openssl#28]

* test/openssl/test_ocsp.rb: Test sign-verify works.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-15 10:52:37 +00:00
rhe 0a97832e6a openssl: add some accessor methods for OCSP::CertificateId
* ext/openssl/ossl_ocsp.c (ossl_ocspcid_get_issuer_name_hash,
  ossl_ocspcid_get_issuer_key_hash, ossl_ocspcid_get_hash_algorithm):
  Add accessor methods OCSP::CertificateId#issuer_name_hash,
  #issuer_key_hash, #hash_algorithm.
  Based on a patch provided by Paul Kehrer <paul.l.kehrer@gmail.com>.
  [ruby-core:48062] [Feature #7181]

* test/openssl/test_ocsp.rb: Test these new methods.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 13:12:20 +00:00
rhe 40799e5ef9 openssl: add missing #to_der to OCSP::{CertificateId,BasicResponse}
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_to_der, ossl_ocspcid_to_der):
  Implement #to_der methods for OCSP::BasicResponse and
  OCSP::CertificateId.

  (ossl_ocspreq_initialize, ossl_ocspres_initialize): Use GetOCSP*()
  instead of raw DATA_PTR().

  (ossl_ocspbres_initialize, ossl_ocspcid_initialize): Allow
  initializing from DER string.

  (Init_ossl_ocsp): Define new #to_der methods.

* test/openssl/test_ocsp.rb: Test these changes. Also add missing tests
  for OCSP::{Response,Request}#to_der.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-14 12:40:55 +00:00
rhe aefb79c24f openssl: avoid test failure in test_engine.rb
* test/openssl/test_engine.rb (test_openssl_engine_builtin,
  test_openssl_engine_by_id_string): Skip test if 'openssl' engine is
  already loaded. And test the number increased by Engine.load{_by_id,},
  not the total count of loaded engines. Previously, we called
  OpenSSL::Engine.cleanup every time running a test case, but we no
  longer can do it.
  [ruby-core:75225] [Feature #12324]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55387 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-12 04:48:10 +00:00
rhe f9843bc4dc openssl: use ASN1_ENUMERATED_to_BN() if needed
* ext/openssl/ossl_asn1.c (asn1integer_to_num): Use
  ASN1_ENUMERATED_to_BN() to convert an ASN1_ENUMERATED to a BN.
  Starting from OpenSSL 1.1.0, ASN1_INTEGER_to_BN() rejects
  non-ASN1_INTEGER objects. The format of INTEGER and ENUMERATED are
  almost identical so they behaved in the same way in OpenSSL <= 1.0.2.
  [ruby-core:75225] [Feature #12324]

* test/openssl/test_asn1.rb (test_decode_enumerated): Test that it
  works.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55344 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-09 12:42:08 +00:00
rhe dd05607f9a openssl: fix build with OPENSSL_NO_EC
* ext/openssl/ossl_ssl.c: Add define guards for OPENSSL_NO_EC.
  SSL_CTX_set_ecdh_auto() is defined even when ECDH is disabled in
  OpenSSL's configuration. This fixes r55214.

* test/openssl/test_pair.rb (test_ecdh_curves): Skip if the OpenSSL does
  not support ECDH.

* test/openssl/utils.rb (start_server): Ignore error in
  SSLContext#ecdh_curves=.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55342 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-09 10:46:46 +00:00