summaryrefslogtreecommitdiff
path: root/test/openssl/test_pkey_dsa.rb
AgeCommit message (Collapse)Author
2016-05-20openssl: improve handling of password for encrypted PEMrhe
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the argument to String with StringValue() and validate the length is in 4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers. (ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we used to pass the password to PEM_def_callback() directly but it was problematic. It is not NUL character safe. And surprisingly, it silently truncates the password to 1024 bytes. [GH ruby/openssl#51] * ext/openssl/ossl.h: Add function prototype declaration of newly added ossl_pem_passwd_value(). * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use ossl_pem_passwd_value() to validate the password String. * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export): ditto. * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize, ossl_ec_key_to_string): ditto. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export): ditto. * test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18openssl: clear OpenSSL error queue before return to Rubyrhe
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16Add frozen_string_literal: false for all filesnaruse
When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-13test/openssl: skip old OpenSSLnobu
* test/openssl/utils.rb (OpenSSL::TestUtils): ignore out-of-date OpenSSL before 1.0. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10* ext/openssl/ossl.cemboss
ext/openssl/ossl_pkey_rsa.c ext/openssl/ossl_pkey_dsa.c ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less than four characters long, as OpenSSL itself does not allow this. Issue found by Eric Hodel. * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, following the PKey interface contract. * test/openssl/test_pkey_dsa.rb test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_ec.rb: Add tests that assert correct behaviour when dealing with passwords that are less than four characters long. [ruby-core: 42281][ruby-trunk - Bug #5951] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-09-01* Release GVL while OpenSSL's public key generation.nahi
t = Thread.new { print "."; sleep 0.1 } key = OpenSSL::PKey::RSA.new(2048) #=> Thread t works in parallel with public key generation if OS/machine allows it. This works with OpenSSL >= 0.9.8. From this version, it has new public key generation function which allows us to interrupt the execution while pkey generation iterations. * ext/openssl/extconf.rb: Check existence of OpenSSL's new public key generation function. (DH_generate_parameters_ex, DSA_generate_parameters_ex and RSA_generate_key_ex. * ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2, ossl_generate_cb_stop): Added new callback function for OpenSSL pkey generation which handles Thread interruption by Ruby. ossl_generate_cb_stop is the unblock function(ubf) for Ruby which sets a stop flag. New pkey generation callback ossl_generate_cb_2 checks the stop flag at each iterations of OpenSSL and interrupts pkey generation when the flag is set. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call rb_thread_blocking_region with the above unblock function to release GVL while pkey generation. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): ditto. * test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DERemboss
fallback scenarios. * ext/openssl/ossl_pkey_dsa.c * ext/openssl/ossl_x509req.c * ext/openssl/ossl_pkey_rsa.c * ext/openssl/ossl_pkey_ec.c * ext/openssl/ossl_ssl_session.c * ext/openssl/ossl_x509crl.c * ext/openssl/ossl_pkey.c * ext/openssl/ossl_pkey_dh.c * ext/openssl/ossl_x509cert.c * ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset. * ext/openssl/ossl_ssl.c * ext/openssl/ossl_cipher.c * ext/openssl/ossl_pkey_ec.c * ext/openssl/ossl_pkcs12.c * ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by ossl_raise. This automatically flushes OpenSSL's error queue. * ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing fails. * test/openssl/test_pkey_ec.rb * test/openssl/test_pkey_dsa.rb * test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is empty. * test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in test_new. [ Ruby 1.9 - Bug #4885 ] [ruby-core:37134] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12* ext/openssl/ossl_pkey.c: added PKey.read module function that allowemboss
reading arbitrary public/private keys from DER-/PEM-encoded File or string instances. * ext/openssl/ossl_pkey_dh.c: improved documentation. * test/openssl/utils.rb: added EC test key. * test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from OpenSSL::TestUtils. * test/openssl/test_pkey_ec.rb: Created test file for EC tests. Test PKey.read. [Ruby 1.9 - Feature #4424] [ruby-core:35330] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12* test/openssl/test_pkey_dsa.rb: Test for DSA#syssign/sysverify.emboss
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32032 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-05-21* test/openssl/test_pkey_dsa.rb: Add tests for sign/verify.emboss
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31678 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-05-14Sat May 14 12:00:54 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>emboss
* test/openssl/test_pkey_dsa.rb: Add basic tests and tests that ensure new public key PEM encoding behavior and ensure backward compatibility. [Ruby 1.9 - Bug #4422] [ruby-core:35328] * test/openssl/test_pkey_rsa.rb: Remove line with 'puts'. previous revision: 31561 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-22 14:48:40 +0000