ruby.git/ext/openssl, branch ruby_2_2 The Ruby Programming Language asn1: fix out-of-bounds read in decoding constructed objects 2017-09-14T11:41:59+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-09-14T11:41:59+00:00 5450329ad1778d72f117b68e5edb97ae1bf4d438 * OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the correct available length to ossl_asn1_decode() when decoding the inner components of a constructed object. This can cause out-of-bounds read if a crafted input given. Reference: https://hackerone.com/reports/170316 https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59903 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of
  out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the
  correct available length to ossl_asn1_decode() when decoding the
  inner components of a constructed object. This can cause
  out-of-bounds read if a crafted input given.

Reference: https://hackerone.com/reports/170316
https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59903 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 53064: [Backport #11810] 2016-11-15T06:33:36+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-11-15T06:33:36+00:00 30238f96081e47178237e58f5229850514858fd3 * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing protocol list. The protocol list from OpenSSL is not null-terminated. patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing
	  protocol list.
	  The protocol list from OpenSSL is not null-terminated.
	  patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 55074: [Backport #12868] 2016-11-11T22:36:50+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-11-11T22:36:50+00:00 a240b37c74876507f8ed8d0cd122bf4b42825bb3 * ext/openssl/ossl.c (Init_openssl): register an ex_data index for X509_STORE and X509_STORE_CTX respectively. Since they don't share the ex_data index registry, we can't use the same index. (ossl_verify_cb): use the the correct index. * ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto. * ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto. (ossl_x509stctx_verify): ditto. * ext/openssl/ossl.h (void ossl_clear_error): add extern declarations of ossl_store_{ctx_,}ex_verify_cb_idx. * ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and X509_STORE_get_ex_data. * ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data, X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56727 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl.c (Init_openssl): register an ex_data index for
	  X509_STORE and X509_STORE_CTX respectively. Since they don't share
	  the ex_data index registry, we can't use the same index.
	  (ossl_verify_cb): use the the correct index.

	* ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.

	* ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
	  (ossl_x509stctx_verify): ditto.

	* ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
	  of ossl_store_{ctx_,}ex_verify_cb_idx.

	* ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
	  X509_STORE_get_ex_data.

	* ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
	  X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56727 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 55822: [Backport #12660] 2016-09-30T15:03:15+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-09-30T15:03:15+00:00 c880452b7cdb1132a86974f621deb49388aad1fb * ext/openssl/ossl_ssl.c (ossl_ssl_write_internal): avoid undefined behavior * test/openssl/test_pair.rb (test_write_zero): new test [ruby-core:76751] [Bug #12660] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_ssl.c (ossl_ssl_write_internal):
	  avoid undefined behavior

	* test/openssl/test_pair.rb (test_write_zero): new test
	  [ruby-core:76751] [Bug #12660]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 55047: [Backport #12441] 2016-08-16T11:55:03+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-08-16T11:55:03+00:00 a1af71552fbeb839939cb66a04aff9a1e4a46db2 * ext/openssl/ossl_bn.c (try_convert_to_bnptr): Extracted from GetBNPtr(). This doesn't raise exception but returns NULL on error. (GetBNPtr): Raise TypeError if conversion fails. (ossl_bn_eq): Implement BN#==. (ossl_bn_eql): #eql? should not raise TypeError even if the argument is not compatible with BN. (ossl_bn_hash): Implement BN#hash. * ext/openssl/ossl_bn.c (Init_ossl_bn): Define #== and #hash. * test/openssl/test_bn.rb: Test BN#eql?, #== and #hash git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55937 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_bn.c (try_convert_to_bnptr): Extracted from
	  GetBNPtr(). This doesn't raise exception but returns NULL on error.
	  (GetBNPtr): Raise TypeError if conversion fails.
	  (ossl_bn_eq): Implement BN#==.
	  (ossl_bn_eql): #eql? should not raise TypeError even if the argument
	  is not compatible with BN.
	  (ossl_bn_hash): Implement BN#hash.

	* ext/openssl/ossl_bn.c (Init_ossl_bn): Define #== and #hash.

	* test/openssl/test_bn.rb: Test BN#eql?, #== and #hash


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55937 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 55175: [Backport #12428] 2016-08-16T11:33:35+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-08-16T11:33:35+00:00 ef62988ecce58edc1ffbd6aa70ffd328a03b0923 * ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH has 'p' (the prime) before calling DH_size(). We can create a DH with no parameter but DH_size() does not check and dereferences NULL. [ruby-core:75720] [Bug #12428] * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does not check dsa->q. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt, ossl_rsa_public_decrypt, ossl_rsa_private_encrypt, ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55935 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_pkey_dh.c (ossl_dh_compute_key): Check that the DH
	  has 'p' (the prime) before calling DH_size(). We can create a DH with
	  no parameter but DH_size() does not check and dereferences NULL.
	  [ruby-core:75720] [Bug #12428]

	* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_sign): Ditto. DSA_size() does
	  not check dsa->q.

	* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_public_encrypt,
	  ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
	  ossl_rsa_private_decrypt): Ditto. RSA_size() does not check rsa->n.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@55935 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 49576: [Backport #12288] 2016-04-22T07:37:36+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-04-22T07:37:36+00:00 dadc253d7e016c497867ab9e6ec2e0ae8d77285e * ext/openssl/extconf.rb: check RAND_edg to support libressl. * ext/openssl/ossl_rand.c (ossl_rand_egd): define only if RAND_edg is available. [Fix GH-829] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54688 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/extconf.rb: check RAND_edg to support libressl.

	* ext/openssl/ossl_rand.c (ossl_rand_egd): define only if RAND_edg
	  is available.  [Fix GH-829]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54688 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 54258: [Backport #12182] 2016-03-29T20:36:59+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-03-29T20:36:59+00:00 6ee7fcf3097d82ee134f8a7a549d7244ac0a0a26 * ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb function rather than OPENSSL_NPN_NEGOTIATED macro. it exists even if it is disabled by OpenSSL configuration. [ruby-core:74384] [Bug #12182] * ext/openssl/ossl_ssl.c: update #ifdef(s) as above. * test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54428 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/extconf.rb: check SSL_CTX_set_next_proto_select_cb
	  function rather than OPENSSL_NPN_NEGOTIATED macro. it exists
	  even if it is disabled by OpenSSL configuration.
	  [ruby-core:74384] [Bug #12182]

	* ext/openssl/ossl_ssl.c: update #ifdef(s) as above.

	* test/openssl/test_ssl.rb: skip NPN tests if NPN is disabled.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54428 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 54097: [Backport #12069] 2016-03-28T16:20:43+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-03-28T16:20:43+00:00 1d3af7a3fcc4a0c5ad684d8cb6dfb4835f24275e * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): document as MT-unsafe [ruby-core:73803] [Bug #12069] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54332 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): document as MT-unsafe
	  [ruby-core:73803] [Bug #12069]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54332 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 51016,53329: [Backport #11885] 2016-03-08T20:27:01+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-03-08T20:27:01+00:00 83d705f6a06eef70f9eb219ba7f187555f00ede8 * ext/openssl/ossl_ssl.c (ossl_ssl_read_internal): do not process kwargs in blocking mode * test/openssl/test_ssl.rb: test sysread * io.c (io_getpartial): remove unused kwarg from template * test/ruby/test_io.rb (test_readpartial_bad_args): new [Bug #11885] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54045 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	* ext/openssl/ossl_ssl.c (ossl_ssl_read_internal):
	  do not process kwargs in blocking mode

	* test/openssl/test_ssl.rb: test sysread

	* io.c (io_getpartial): remove unused kwarg from template

	* test/ruby/test_io.rb (test_readpartial_bad_args): new
	  [Bug #11885]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54045 b2dd03c8-39d4-4d8f-98ff-823fe69b080e