| Age | Commit message (Collapse) | Author |
|---|
|
test_ctx_client_session_cb_tls13_exception
In the test case, the client raises an exception in the session_new_cb
and may not cleanly close the connection. Let's ignore exceptions raised
at the server side.
Fixes: https://github.com/ruby/openssl/issues/828
https://github.com/ruby/openssl/commit/210ba0334a
Notes:
Merged: https://github.com/ruby/ruby/pull/12421
|
|
OpenSSL::Cipher#update accepts a String as the second argument to be
used as the output buffer. The buffer must be directly writable, in
other words, it must not be frozen and not a shared string.
rb_str_resize() does not make the String independent if the String
already has the intended length. Use the rb_str_modify() family instead
to check it.
Fixes: https://bugs.ruby-lang.org/issues/20937
https://github.com/ruby/openssl/commit/1de3b80a46
Notes:
Merged: https://github.com/ruby/ruby/pull/12421
|
|
Add a binding for PKCS12_set_mac() to set MAC parameters and
(re-)calculate MAC for the content.
This allows generating PKCS #12 with consistent MAC parameters with
different OpenSSL versions. OpenSSL 3.0 changed the default hash
function used for HMAC and the KDF from SHA-1 to SHA-256.
Fixes: https://github.com/ruby/openssl/issues/772
https://github.com/ruby/openssl/commit/f5ed2a74b6
Notes:
Merged: https://github.com/ruby/ruby/pull/12421
|
|
Apply SSL options set in DEFAULT_PARAMS without clearing existing
options.
It currently clears options in order to avoid setting one of the
options included in OpenSSL::SSL::OP_ALL unless explicitly specified,
namely OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. Now that
OpenSSL::SSL::OP_ALL has been removed from SSLContext#initialize, it is
no longer necessary.
https://github.com/ruby/openssl/commit/77c3db2d65
|
|
Respect the SSL options set by default by SSL_CTX() and by the
system-wide OpenSSL configuration file.
OpenSSL::SSL::SSLContext#initialize currently adds OpenSSL::SSL::OP_ALL
on top of the default SSL options. Let's stop doing it.
OpenSSL::SSL::OP_ALL is a set of options that changes OpenSSL's behavior
to workaround various TLS implementation bugs. Using it is considered
usually safe, but is not completely harmless.
https://github.com/ruby/openssl/commit/00bec0d905
|
|
https://github.com/ruby/openssl/commit/654cb22e21
|
|
https://github.com/ruby/openssl/commit/50599513cf
|
|
#syswrite
Check the ID_callback_state ivar after SSL_read() or SSL_write()
returns, similar to what ossl_start_ssl() does.
Previously, callbacks that can raise a Ruby exception were only called
from ossl_start_ssl(). This has changed in OpenSSL 1.1.1. Particularly,
the session_new_cb will be called whenever a client receives a
NewSessionTicket message, which can happen at any time during a TLS 1.3
connection.
https://github.com/ruby/openssl/commit/aac9ce1304
|
|
Allow CRLs to be signed using Ed25519 private keys by passing a nil digest.
https://github.com/ruby/openssl/commit/b62375bcde
|
|
Allow requests to be signed using Ed25519 private keys by passing a nil digest.
This is similar to commit https://github.com/ruby/openssl/commit/b0fc10009120 when signing certs.
Calling PKey#public_key is deprecated and does not work for Ed25519. The same
can be accomplished by passing the private key.
https://github.com/ruby/openssl/commit/d96090320d
|
|
test_pkey wasn't checking for libressl as is done elsewhere.
Note the libressl version check is different when testing pkey, because
PKey#sign relies on EVP_PKey_sign, whereas signing an X509 cert/request/crl
relies on ASN1_item_sign.
https://github.com/ruby/openssl/commit/f1db5c88a2
|
|
Compare by the dotted decimal notation rather than the NID.
OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.
The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.
Fixes: https://github.com/ruby/openssl/issues/791
|
|
The implementation of OpenSSL::X509::Certificate#crl_uris makes the
assumption that each DistributionPoint in the CRL distribution points
extension contains a single general name of type URI. This is not
guaranteed by RFC 5280. A DistributionPoint may contain zero or more
than one URIs.
Let's include all URIs found in the extension. If only non-URI pointers
are found, return nil.
Fixes: https://github.com/ruby/openssl/issues/775
https://github.com/ruby/openssl/commit/71f4fef2fa
|
|
test_extesion is testing too many features at once and is hard to
navigate. Let's split each chunk apart for more clarity.
https://github.com/ruby/openssl/commit/461cfcb070
|
|
https://github.com/ruby/openssl/commit/d3c8e661e8
|
|
Require that users explicitly specify the desired algorithm. In my
opinion, we are not in a position to specify the default cipher.
When OpenSSL::PKCS7.encrypt is given only two arguments, it uses
"RC2-40-CBC" as the symmetric cipher algorithm. 40-bit RC2 is a US
export-grade cipher and considered insecure.
Although this is technically a breaking change, the impact should be
minimal. Even when OpenSSL is compiled with RC2 support and the macro
OPENSSL_NO_RC2 is not defined, it will not actually work on modern
systems because RC2 is part of the legacy provider.
https://github.com/ruby/openssl/commit/439f456bfa
|
|
https://github.com/ruby/openssl/commit/7bdbc52100
|
|
* test_sign_verify
I created the signature text (`signature_encoded.txt`), that is used as a
text to create the `signature0` in the `test_sign_verify` by the following
steps with the `openssl` CLI on FIPS module.
```
$ OPENSSL_DIR="${HOME}/.local/openssl-3.4.0-dev-fips-debug-3c6e114959"
$ export OPENSSL_CONF="${OPENSSL_DIR}/ssl/openssl_fips.cnf"
$ echo -n "Sign me!" > data.txt
$ "${OPENSSL_DIR}/bin/openssl" dgst -sha256 -sign test/openssl/fixtures/pkey/rsa2048.pem data.txt > signature.txt
$ cat signature.txt | base64 > signature_encoded.txt
```
https://github.com/ruby/openssl/commit/091f3eb421
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/11490
|
|
This commit fixes the following failure on OpenSSL master FIPS case.
```
1) Failure: test_ed25519_not_approved_on_fips(OpenSSL::TestPKey): OpenSSL::PKey::PKeyError expected but nothing was raised.
/home/runner/work/openssl/openssl/vendor/bundle/ruby/3.0.0/gems/test-unit-ruby-core-1.0.6/lib/core_assertions.rb:462:in `assert_raise'
/home/runner/work/openssl/openssl/test/openssl/test_pkey.rb:174:in `test_ed25519_not_approved_on_fips'
171: MC4CAQAwBQYDK2VwBCIEIEzNCJso/5banbbDRuwRTg9bijGfNaumJNqM9u1PuKb7
172: -----END PRIVATE KEY-----
173: EOF
=> 174: assert_raise(OpenSSL::PKey::PKeyError) do
175: OpenSSL::PKey.read(priv_pem)
176: end
177: end
```
Because FIPS compliance is a continually moving target. According to the [1],
FIPS 140-3 *currently* allows ED25519. The ED25519 is allowed again with the
latest OpenSSL FIPS by the commit [2], while it is not allowed in OpenSSL stable
version 3.x FIPS.
Remove this test because we want to keep our tests stable.
[1] https://github.com/openssl/openssl/discussions/22054
[2] https://github.com/openssl/openssl/commit/5f04124aab4a477d4e58149d8f04871ff7e5ea4b
https://github.com/ruby/openssl/commit/d43904b834
|
|
DSA kengen is not FIPS-approved. The `EVP_PKEY_paramgen` in the
`OpenSSL::PKey.generate_parameters("DSA")` raises a DSA error in FIPS by the
following commit. Split the test for DSA.
https://github.com/openssl/openssl/commit/49a35f0#diff-605396c063194975af8ce31399d42690ab18186b422fb5012101cc9132660fe1R611-R614
https://github.com/ruby/openssl/commit/5ca6eb4eca
|
|
OpenSSL running in the FIPS mode will stop supporting DSA key
generation and signature generation due to a FIPS 140-3 requirement.
Although it appears that FIPS 186-5 still allows signature
verification in some cases, there would be little point in writing such
a specific test case.
DSA will still be tested if OpenSSL is not running in the FIPS mode.
test_generate_on_non_fips is merged to test_generate again.
https://github.com/ruby/openssl/commit/3651884fd2
|
|
OpenSSL::ASN1 is being rewritten in Ruby. To make it easier, let's
remove dependency to the instance variables and the internal-use
function ossl_asn1_get_asn1type() outside OpenSSL::ASN1.
This also fixes the insufficient validation of the passed value with
its tagging.
https://github.com/ruby/openssl/commit/35a157462e
|
|
Companion to getbyte but raise EOFError
Similar to https://github.com/ruby/openssl/pull/438
https://github.com/ruby/openssl/commit/c40f70711a
|
|
(https://github.com/ruby/openssl/pull/761)
In order to sign certificates with Ed25519 keys, NULL must be passed
as md to X509_sign. This NULL is then passed
(via ASN1_item_sign_ex) as type to EVP_DigestSignInit. The
documentation[1] of EVP_DigestSignInit states that type must be NULL
for various key types, including Ed25519.
[1]: https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
https://github.com/ruby/openssl/commit/b0fc100091
|
|
Ref https://github.com/ruby/openssl/issues/519
This makes verifying embedded certificate transparency signatures
significantly easier, as otherwise the alternative was manipulating the
ASN1 sequence, as in
https://github.com/segiddins/sigstore-cosign-verify/pull/2/commits/656d992fa816613fd9936f53ce30972c2f2f4957
https://github.com/ruby/openssl/commit/99128bea5d
|
|
maciter
This test was accidentally passing the value 2048 into the keytype
parameter of PKCS12_create, not the mac_iter parameter (because it had
one too many `nil`s in the call). This value is invalid, and will make
OpenSSL perform an out-of-bounds read which is caught when compiling
with ASAN.
This commit fixes the tests, and also adds some validation to
PKCS12.create to make sure any keytype passed is actually valid. Since
there only two valid keytype constants, and the whole feature is an
export-grade crypto era thing only ever supported by old MSIE, it seems
far more likely that code in the whild is using keytype similarly by
mistake rather than as intended. So this validation might catch that.
https://github.com/ruby/openssl/commit/47028686d2
|
|
https://github.com/ruby/openssl/commit/71cd1e3f5c
|
|
To be consistent with regular Ruby IOs:
```ruby
r, _ = IO.pipe
buf = "garbage".b
r.read_nonblock(10, buf, exception: false) # => :wait_readable
p buf # => "garbage"
```
Ref: https://github.com/redis-rb/redis-client/commit/98b8944460a11f8508217bda71cfc10cb2190d4d
https://github.com/ruby/openssl/commit/08452993d6
|
|
PKCS7.read_smime
[pkuzco: expanded the fix for other content types]
[ky: adjusted formatting and the exception type]
https://github.com/ruby/openssl/commit/07eceb7f63
Co-authored-by: pkuzco <[email protected]>
Co-authored-by: Kazuki Yamaguchi <[email protected]>
|
|
Fixes [Bug #19974]
[pkuzco: expanded the fix for other content types]
[ky: adjusted formatting and the exception type]
https://github.com/ruby/openssl/commit/27e11f2d1d
Co-authored-by: pkuzco <[email protected]>
Co-authored-by: Kazuki Yamaguchi <[email protected]>
|
|
OpenSSL::Cipher#update currently allocates the output buffer with size
(input data length)+(the block size of the cipher). This is insufficient
for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers.
They have a block size of 8 bytes, but the output may be up to 15 bytes
larger than the input.
Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output
buffer size, instead. OpenSSL doesn't provide a generic way to tell the
maximum required buffer size for ciphers, but this is large enough for
all algorithms implemented in current versions of OpenSSL.
Fixes: https://bugs.ruby-lang.org/issues/20236
https://github.com/ruby/openssl/commit/3035559f54
|
|
https://github.com/ruby/openssl/commit/911a31335f
|
|
https://github.com/ruby/openssl/commit/08dd3c73b7
|
|
https://github.com/ruby/openssl/commit/c99d24cee9
|
|
RFC 2986, section 4.1 only defines version 1 for CSRs. This version
is encoded as a 0. Starting with OpenSSL 3.3, setting the CSR version
to anything but 1 fails.
Do not attempt to generate a CSR with invalid version (which now fails)
and invalidate the CSR in test_sign_and_verify_rsa_sha1 by changing its
subject rather than using an invalid version.
This commit fixes the following error.
```
2) Error: test_version(OpenSSL::TestX509Request): OpenSSL::X509::RequestError:
X509_REQ_set_version: passed invalid argument
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `version='
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:18:in `issue_csr'
/home/runner/work/openssl/openssl/test/openssl/test_x509req.rb:43:in
`test_version'
40: req = OpenSSL::X509::Request.new(req.to_der)
41: assert_equal(0, req.version)
42:
=> 43: req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
44: assert_equal(1, req.version)
45: req = OpenSSL::X509::Request.new(req.to_der)
46: assert_equal(1, req.version)
```
https://github.com/ruby/openssl/commit/c06fdeb091
|
|
We use the following site for that now:
* https://tools.ietf.org/ or http
* https://datatracker.ietf.org or http
Today, IETF said the official site of RFC is www.rfc-editor.org.
FYI: https://authors.ietf.org/en/references-in-rfcxml
I replaced them to www.rfc-editor.org.
|
|
Note that I created the `dsa2048.pem` and signature text
(`signature_encoded.txt`), that is used as a text to create the `signature0` in
the `test_sign_verify` by the following steps with the `openssl` CLI on FIPS
module.
```
$ OPENSSL_DIR="${HOME}/.local/openssl-3.3.0-dev-fips-debug-1f03d33ef5"
$ export OPENSSL_CONF="${OPENSSL_DIR}/ssl/openssl_fips.cnf"
$ "${OPENSSL_DIR}/bin/openssl" dsaparam -out dsaparam2048.pem 2048
$ "${OPENSSL_DIR}/bin/openssl" gendsa -out dsa2048.pem dsaparam2048.pem
$ echo -n "Sign me!" > data.txt
$ "${OPENSSL_DIR}/bin/openssl" dgst -sha256 -sign dsa2048.pem data.txt > signature.txt
$ cat signature.txt | base64 > signature_encoded.txt
```
Skip the `test_DSAPrivateKey_encrypted` on FIPS because AES-128-CBC, the
password based encryption used in the PEM format uses MD5 for deriving the
encryption key from the password, and MD5 is not FIPS-approved.
See also the comment on the `test/openssl/utils.rb#omit_on_fips`.
https://github.com/ruby/openssl/commit/4bdcb419a9
|
|
In some cases such as OpenSSL package in FreeBSD[1], the legacy provider is not
installed intentionally. So, we omit a test depending the legacy provider if the
legacy provider is not loadable.
For the test_openssl_provider_names test, we use base provider[2] instead of
legacy provider, because we would expect the base provider is always loadable
in OpenSSL 3 for now.
* [1] https://www.freshports.org/security/openssl/
* [2] https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers
https://github.com/ruby/openssl/commit/7223da7730
|
|
This reverts commit https://github.com/ruby/openssl/commit/9b7543d58869.
The case not providing the legacy provider can happen not only in FreeBSD but
also in other platforms. The fix is addressed in the next commit.
https://github.com/ruby/openssl/commit/8c26fc26a1
|
|
without second.
This commit fixes the following errors in the tests.
Because the OpenSSL project changed the code to make the time string format
without second invalid. So, we drop the assertions.
```
1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime'
430: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
431: # LibreSSL 3.6.0 requires the seconds element
432: return if libressl?
=> 433: decode_test B(%w{ 18 0D }) + "201612081934Z".b,
434: OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
435: # not implemented
436: # decode_test B(%w{ 18 13 }) + "https://github.com/ruby/openssl/commit/201612081934+0930".b,
2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime'
408: end
409: # Seconds is omitted. LibreSSL 3.6.0 requires it
410: return if libressl?
=> 411: decode_test B(%w{ 17 0B }) + "1609082343Z".b,
412: OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
413: # not implemented
414: # decode_test B(%w{ 17 11 }) + "https://github.com/ruby/openssl/commit/500908234339+0930".b,
```
https://github.com/ruby/openssl/commit/2e826d5715
|
|
d95d3484a90a985b971ef4c55762847d92b6c81a
|
|
It failed with recent update of FreeBSD
https://rubyci.s3.amazonaws.com/freebsd13/ruby-master/log/20240207T023002Z.fail.html.gz
|
|
Fixes: https://github.com/ruby/openssl/issues/695
https://github.com/ruby/openssl/commit/95281fe4a9
|
|
(https://github.com/ruby/openssl/pull/714)
* Add support for IO#timeout.
https://github.com/ruby/openssl/commit/3bbf5178a9
|
|
https://github.com/ruby/openssl/commit/8aa3849cff
|
|
We use dh2048_ffdhe2048.pem file (DH 2048 bits) instead of dh1024.pem file in
both non-FIPS and FIPS cases. Because the following command fails to generate
the pem file with 1024 bits. And the OpenSSL FIPS 140-2 security policy
document explains the DH public keys are allowed from 2048 bits.[1]
```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
dhparam -out dh1024.pem 1024
Generating DH parameters, 1024 bit long safe prime
dhparam: Generating DH key parameters failed
```
The dh2048_ffdhe2048.pem file was created by the following command with the
OpenSSL FIPS configuration file. The logic to generate the DH pem file is
different between non-FIPS and FIPS cases. In FIPS, it seems that the command
always returns the text defined as ffdhe2048 in the FFDHE groups in RFC 7919
unlike non-FIPS.[2]
As the generated pem file is a normal and valid PKCS#3-style group parameter, we
use the file for the non-FIPS case too.
```
$ OPENSSL_CONF=/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/ssl/openssl_fips.cnf \
/home/jaruga/.local/openssl-3.3.0-dev-fips-debug-1aa08644ec/bin/openssl \
dhparam -out dh2048_ffdhe2048.pem 2048
```
Note that the hard-coded PEM-encoded string in the `test_DHparams` is
intentional to avoid modifying the content unintentionally.
* [1] https://www.openssl.org/source/ - OpenSSL 3.0.8 FIPS 140-2 security
policy document page 25, Table 10 – Public Keys - DH Public
- DH (2048/3072/4096/6144/8192) public key agreement key
* [2] RFC7919 - Appendix A.1: ffdhe2048
https://www.rfc-editor.org/rfc/rfc7919#appendix-A.1
|
|
|
|
Where `assert_match` converts string matcher argument to regexp first
with escaping, `assert_include` does the same thing simpler.
https://github.com/ruby/openssl/commit/81007e0a49
|
|
https://github.com/ruby/openssl/commit/9a6e24daaf
|
