Граф коммитов

24 Коммитов

Автор SHA1 Сообщение Дата
rhe 3acda398d5 openssl: avoid segfault during running tests on Ubuntu trusty
Import the commit 6693a549d673 ("test/test_pkey_ec: do not use dummy 0
order", 2017-02-03) from upstream. Hopefully this will fix the segfault
on RubyCI icc16-x64:

  http://rubyci.org/logs/rubyci.s3.amazonaws.com/icc-x64/ruby-trunk/log/20170301T050002Z.fail.html.gz

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-03-01 10:15:55 +00:00
rhe aab0d67a1f openssl: import v2.0.0
Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2
(imported at r56098) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30 14:41:46 +00:00
rhe c9dc0164b8 import Ruby/OpenSSL 2.0.0.beta.1
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1.
  ext/openssl is now converted into a default gem. The full commit
  history since r55538 can be found at:
  https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1
  [Feature #9612]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29 05:47:09 +00:00
rhe be1baf4a9a openssl: implement initialize_copy method for PKey classes
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c,
  ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement
  initialize_copy method for OpenSSL::PKey::*.
  [ruby-core:75504] [Bug #12381]

* test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb,
  test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they
  actually copy the OpenSSL objects, and modifications to cloned object
  don't affect the original object.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19 09:29:59 +00:00
rhe c2158dd55e openssl: avoid test crash on Ubuntu 16.04
* test/openssl/test_pkey_ec.rb (setup): Don't call EC#generate_key! for
  Oakley-* curves. This causes an odd error on Ubuntu 16.04 with openssl
  1.0.2g-1ubuntu4.1.

    begin
      OpenSSL::PKey::EC.new("Oakley-EC2N-4").generate_key
    rescue
      p $!
    end
    OpenSSL::PKey::RSA.new(512)

  This sometimes causes:

    #<OpenSSL::PKey::ECError: EC_KEY_generate_key: pairwise test failed>
    fips.c(139): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE

  [ruby-dev:49670] [Bug #12504]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55444 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-18 09:10:19 +00:00
rhe b257af8859 openssl: adjust tests for OpenSSL 1.1.0
This fixes `make test-all TESTS=openssl` with OpenSSL master.

* test/openssl/test_x509name.rb: Don't register OID for 'emailAddress'
  and 'serialNumber'. A recent change in OpenSSL made OBJ_create()
  reject an already existing OID. They were needed to run tests with
  OpenSSL 0.9.6 which is now unsupported.
  https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25
  [ruby-core:75225] [Feature #12324]

* test/openssl/test_ssl_session.rb (test_server_session): Duplicate
  SSL::Session before re-adding to the session store. OpenSSL 1.1.0
  starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session().
  https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75

* test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519
  is new in OpenSSL 1.1.0 but this is for key agreement and not for
  signing.

* test/openssl/test_pair.rb, test/openssl/test_ssl.rb,
  test/openssl/utils.rb: Set security level to 0 when using aNULL cipher
  suites.

* test/openssl/utils.rb: Use 1024 bits DSA key for client certificates.

* test/openssl/test_engine.rb: Run each test in separate process.
  We can no longer cleanup engines explicitly as ENGINE_cleanup() was
  removed.
  https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743

* ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the
  RDoc for Engine.cleanup.

* ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS,
  DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed.

* test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb,
  test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb,
  test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't
  test unsupported hash functions.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-07 12:20:46 +00:00
rhe 85500b6634 openssl: add EC.generate
* ext/openssl/ossl_pkey_ec.c (ec_key_new_from_group): Create a new
  EC_KEY on given EC group. Extracted from ossl_ec_key_initialize().
  (ossl_ec_key_s_generate): Added. Create a new EC instance and
  generate a random private and public key.
  (ossl_ec_key_initialize): Use ec_key_new_from_group().
  (Init_ossl_ec): Define the new method EC.generate. This change is
  for consistency with other PKey types.  [ruby-core:45541] [Bug #6567]

* test/openssl/test_pkey_ec.rb: Test that EC.generate works.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-24 16:30:15 +00:00
rhe 8cbd74a362 openssl: rename EC#generate_key to EC#generate_key!
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_generate_key): Fix up RDoc.
  (Init_ossl_ec): Rename EC#generate_key to EC#generate_key!. Make the
  old name an alias of #generate_key!. This change is for consistency
  with other PKey types.  [ruby-core:45541] [Bug #6567]

* test/openssl/test_pkey_ec.rb: Use EC#generate_key! instead of
  EC#generate_key.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55151 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-24 16:27:11 +00:00
rhe 7c971e61f0 openssl: add OpenSSL::PKey::EC#private? and #public?
* ext/openssl/ossl_pkey_ec.c: rename PKey::EC#private_key? and
  #public_key? to #private? and #public? for consistency with other
  PKey types. Old names remain as alias.  [ruby-core:45541] [Bug #6567]

* test/openssl/test_pkey_ec.rb (test_check_key): check private? and
  public? works correctly.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-21 05:30:48 +00:00
rhe f52ab6e494 openssl: improve handling of password for encrypted PEM
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the
  argument to String with StringValue() and validate the length is in
  4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers.
  (ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we
  used to pass the password to PEM_def_callback() directly but it was
  problematic. It is not NUL character safe. And surprisingly, it
  silently truncates the password to 1024 bytes.  [GH ruby/openssl#51]

* ext/openssl/ossl.h: Add function prototype declaration of newly
  added ossl_pem_passwd_value().

* ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use
  ossl_pem_passwd_value() to validate the password String.

* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export):
  ditto.

* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize,
  ossl_ec_key_to_string): ditto.

* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export):
  ditto.

* test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-20 15:05:25 +00:00
rhe 898aeb8779 openssl: fix test failure due to the previous commit
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): My previous commit
  r55059 was broken. I should have been more careful. Sorry.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18 10:07:38 +00:00
rhe 1d1efeeafa openssl: fix test failure of OpenSSL::TestEC#test_ec_point_mul
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): CentOS 7 patches
OpenSSL to reject curves defined over a small field.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55059 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18 08:52:37 +00:00
rhe c8cb26252a openssl: clear OpenSSL error queue before return to Ruby
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
  family may put errors on 0 return (0 means verification failure).
  Clear OpenSSL error queue before return to Ruby. Since the queue is
  thread global, remaining errors in the queue can cause an unexpected
  error in the next OpenSSL operation.  [ruby-core:48284] [Bug #7215]

* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.

* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.

* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.

* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
  queue before re-raising exception.

* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.

* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.

* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.

* test/openssl: check that OpenSSL.errors is empty every time after
  running a test case.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18 04:07:47 +00:00
rhe 01801f2afd ext/openssl: refactor OpenSSL::PKey::EC::Point#mul
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the
  arguments before passing to EC_POINT(s)_mul(). Add description of this
  method.  [ruby-core:65152] [Bug #10268]

* test/openssl/test_pkey_ec.rb (test_ec_point_mul): Test that
  OpenSSL::PKey::EC::Point#mul works.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55048 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18 02:55:46 +00:00
naruse 3e92b635fb Add frozen_string_literal: false for all files
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16 05:07:31 +00:00
hsbt 6447d061f5 * test/openssl/test_pkey_ec.rb: ignored tests with old OpenSSL.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48828 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-13 09:33:33 +00:00
emboss ed92ae818f * test/openssl/test_pkey_ec.rb: Skip tests for "Oakley" curves as
they are not suitable for ECDSA.
  [ruby-core:54881] [Bug #8384]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41829 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-07-07 23:30:42 +00:00
emboss 0d58bb5598 * ext/openssl/ossl_pkey_ec.c: Ensure compatibility to builds of
OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not
  defined.
* test/openssl/test_pkey_ec.rb: Iterate over built-in curves
  (and assert their non-emptiness!) instead of hard-coding them, as
  this may cause problems with respect to the different availability
  of individual curves in individual OpenSSL builds.
  [ruby-core:54881] [Bug #8384]

  Thanks to Vit Ondruch for providing the patch!


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-07-05 22:46:42 +00:00
nobu d059d718b5 remove trainling spaces.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-08-21 04:50:18 +00:00
emboss 3ffd8a918f * ext/openssl/ossl_pkey_ec.c
test/openssl/test_pkey_ec.rb: Add support for EC_POINT_mul.
  Patch provided by Sambasiva Suda. Thanks!
  [ruby-core:44408][ruby-trunk - Feature #6310]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10 02:38:40 +00:00
emboss 5bd7899b98 * ext/openssl/ossl.c
ext/openssl/ossl_pkey_rsa.c
  ext/openssl/ossl_pkey_dsa.c
  ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less
  than four characters long, as OpenSSL itself does not allow this.
  Issue found by Eric Hodel.
* ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem,
  following the PKey interface contract.
* test/openssl/test_pkey_dsa.rb
  test/openssl/test_pkey_rsa.rb
  test/openssl/test_pkey_ec.rb: Add tests that assert correct
  behaviour when dealing with passwords that are less than four
  characters long.
  [ruby-core: 42281][ruby-trunk - Bug #5951]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10 01:23:21 +00:00
emboss 26cb830df9 * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER
fallback scenarios.

* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.

* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
  ossl_raise. This automatically flushes OpenSSL's error queue.

* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
  fails.

* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
  empty.

* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
  test_new.
  [ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22 08:41:08 +00:00
emboss 839614309d * test/openssl/test_ec.rb
test/openssl/test_pkey_ec.rb: merge both files into test_pkey_ec.rb.
  Removed redundant group instantiation from PKey tests.
* test/openssl/utils.rb: only create TEST_PKEY_EC_P256V1 if EC is
  defined.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32058 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-13 11:56:04 +00:00
emboss bbb3cfb12b * ext/openssl/ossl_pkey.c: added PKey.read module function that allow
reading arbitrary public/private keys from DER-/PEM-encoded File or
  string instances.
* ext/openssl/ossl_pkey_dh.c: improved documentation.
* test/openssl/utils.rb: added EC test key.
* test/openssl/test_pkey_rsa.rb
  test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from 
  OpenSSL::TestUtils.
* test/openssl/test_pkey_ec.rb: Created test file for EC tests.
  Test PKey.read.
  [Ruby 1.9 - Feature #4424] [ruby-core:35330]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12 20:39:38 +00:00