ruby.git/test/openssl/test_cipher.rb, branch v3_4_9 The Ruby Programming Language [ruby/openssl] cipher: make output buffer String independent 2024-12-21T18:33:03+00:00 Kazuki Yamaguchi k@rhe.jp 2024-12-10T14:06:00+00:00 637f019f1f7611ba41f761a1b17e4228661d0a5b OpenSSL::Cipher#update accepts a String as the second argument to be used as the output buffer. The buffer must be directly writable, in other words, it must not be frozen and not a shared string. rb_str_resize() does not make the String independent if the String already has the intended length. Use the rb_str_modify() family instead to check it. Fixes: https://bugs.ruby-lang.org/issues/20937 https://github.com/ruby/openssl/commit/1de3b80a46 
OpenSSL::Cipher#update accepts a String as the second argument to be
used as the output buffer. The buffer must be directly writable, in
other words, it must not be frozen and not a shared string.

rb_str_resize() does not make the String independent if the String
already has the intended length. Use the rb_str_modify() family instead
to check it.

Fixes: https://bugs.ruby-lang.org/issues/20937

https://github.com/ruby/openssl/commit/1de3b80a46
[ruby/openssl] cipher: fix buffer overflow in Cipher#update 2024-05-02T07:26:11+00:00 Kazuki Yamaguchi k@rhe.jp 2024-02-05T12:54:32+00:00 eb6f0000a4b752803ff7431d24d1a0a535a4387e OpenSSL::Cipher#update currently allocates the output buffer with size (input data length)+(the block size of the cipher). This is insufficient for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers. They have a block size of 8 bytes, but the output may be up to 15 bytes larger than the input. Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output buffer size, instead. OpenSSL doesn't provide a generic way to tell the maximum required buffer size for ciphers, but this is large enough for all algorithms implemented in current versions of OpenSSL. Fixes: https://bugs.ruby-lang.org/issues/20236 https://github.com/ruby/openssl/commit/3035559f54 
OpenSSL::Cipher#update currently allocates the output buffer with size
(input data length)+(the block size of the cipher). This is insufficient
for the id-aes{128,192,256}-wrap-pad (AES keywrap with padding) ciphers.
They have a block size of 8 bytes, but the output may be up to 15 bytes
larger than the input.

Use (input data length)+EVP_MAX_BLOCK_LENGTH (== 32) as the output
buffer size, instead. OpenSSL doesn't provide a generic way to tell the
maximum required buffer size for ciphers, but this is large enough for
all algorithms implemented in current versions of OpenSSL.

Fixes: https://bugs.ruby-lang.org/issues/20236

https://github.com/ruby/openssl/commit/3035559f54
[ruby/openssl] Use openssl? instead of OpenSSL::OPENSSL_VERSION_NUMBER. 2023-08-16T05:48:42+00:00 Jun Aruga jaruga@redhat.com 2023-08-14T15:13:22+00:00 8ca0d53fd09b2032d990b0ab92ec63f408861dbc Update the `openssl?` method by adding status argument. Note the format is below. * OpenSSL 3: 0xMNN00PP0 (major minor 00 patch 0) * OpenSSL 1: 0xMNNFFPPS (major minor fix patch status) See <https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_VERSION_NUMBER.html> for details. https://github.com/ruby/openssl/commit/db8deaacd3 
Update the `openssl?` method by adding status argument.

Note the format is below.

* OpenSSL 3: 0xMNN00PP0 (major minor 00 patch 0)
* OpenSSL 1: 0xMNNFFPPS (major minor fix patch status)

See <https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_VERSION_NUMBER.html>
for details.

https://github.com/ruby/openssl/commit/db8deaacd3
[ruby/openssl] Allow empty string to OpenSSL::Cipher#update 2022-12-13T09:07:41+00:00 Yusuke Nakamura yusuke1994525@gmail.com 2022-11-23T12:05:49+00:00 d4dce27d894f4889f29d779c94ba2d30c231f9f8 For some reasons, plaintext may be empty string. ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8 https://github.com/ruby/openssl/commit/953592a29e 
For some reasons, plaintext may be empty string.

ref https://www.rfc-editor.org/rfc/rfc9001.html#section-5.8

https://github.com/ruby/openssl/commit/953592a29e
[ruby/openssl] cipher: update test_ciphers 2021-12-20T14:42:02+00:00 Kazuki Yamaguchi k@rhe.jp 2021-10-24T08:50:18+00:00 cfcdd2b4bd6c2420ecc93a8f77e553b53595b7ef Do not attempt to actually use all algorithms. Not all algorithms listed in OpenSSL::Cipher.ciphers are always available. https://github.com/ruby/openssl/commit/91d04f991f 
Do not attempt to actually use all algorithms. Not all algorithms listed
in OpenSSL::Cipher.ciphers are always available.

https://github.com/ruby/openssl/commit/91d04f991f
test/openssl/test_cipher: skip AES-CCM tests on OpenSSL <= 1.1.1b 2021-03-16T13:30:18+00:00 Kazuki Yamaguchi k@rhe.jp 2021-03-16T13:05:04+00:00 44d67128a827c65d1a3867c5d8fd190d10aa1dd2 AES CCM mode in OpenSSL <= 1.1.1b was overly strict in the parameters assignment order. This has been relaxed by OpenSSL 1.1.1c. https://github.com/openssl/openssl/commit/b48e3be947ddc5da6b5a86db8341081c72b9a4ee The test case is failing on Ubuntu 18.04 because it still uses the initial 1.1.1 release and has the issue: http://rubyci.s3.amazonaws.com/graviton2/ruby-master/log/20210316T120003Z.fail.html.gz 
AES CCM mode in OpenSSL <= 1.1.1b was overly strict in the parameters
assignment order. This has been relaxed by OpenSSL 1.1.1c.

https://github.com/openssl/openssl/commit/b48e3be947ddc5da6b5a86db8341081c72b9a4ee

The test case is failing on Ubuntu 18.04 because it still uses the
initial 1.1.1 release and has the issue:

http://rubyci.s3.amazonaws.com/graviton2/ruby-master/log/20210316T120003Z.fail.html.gz
[ruby/openssl] User lower case cipher names for maximum compatibility 2021-03-16T10:16:11+00:00 Bart de Water bartdewater@gmail.com 2020-07-07T16:59:11+00:00 da6341b70942cf448888471f66dfde2cf614f052 We ran into some Linux-based systems not accepting the upper case variant https://github.com/ruby/openssl/commit/7bc49121d5 
We ran into some Linux-based systems not accepting the upper case variant

https://github.com/ruby/openssl/commit/7bc49121d5
[ruby/openssl] Define Cipher #ccm_data_len= for CCM mode ciphers 2021-03-16T10:16:10+00:00 Spencer McIntyre zeroSteiner@gmail.com 2020-03-30T18:42:53+00:00 4d8bce227c85ef4d1f8b794a8c96a7b23e4cf357 Allow specifying just length to #update CCM mode ciphers need to specify the total plaintext or ciphertext length to EVP_CipherUpdate. Update the link to the tests file Define Cipher#ccm_data_len= for CCM mode ciphers Add a unit test for CCM mode Also check CCM is authenticated when testing https://github.com/ruby/openssl/commit/bb3816953b 
Allow specifying just length to #update

CCM mode ciphers need to specify the total plaintext or ciphertext
length to EVP_CipherUpdate.

Update the link to the tests file

Define Cipher#ccm_data_len= for CCM mode ciphers

Add a unit test for CCM mode

Also check CCM is authenticated when testing

https://github.com/ruby/openssl/commit/bb3816953b
[ruby/openssl] Look up cipher by name instead of constant 2020-05-13T06:47:51+00:00 Bart de Water bartdewater@gmail.com 2020-04-19T20:14:34+00:00 c85789f9b2882bc95364c5da182a24aa72ca52cc https://github.com/ruby/openssl/commit/b08ae7e73d 
https://github.com/ruby/openssl/commit/b08ae7e73d
[ruby/openssl] Look up digest by name instead of constant 2020-05-13T06:47:51+00:00 Bart de Water bartdewater@gmail.com 2020-04-19T15:14:36+00:00 0b2c70eaa1e8e41fcb6332b22b084dabb81e637c https://github.com/ruby/openssl/commit/b28fb2f05c 
https://github.com/ruby/openssl/commit/b28fb2f05c