summaryrefslogtreecommitdiff
path: root/test/openssl/test_pkey_ec.rb
AgeCommit message (Collapse)Author
2023-09-21[ruby/openssl] Fix test_pkey_ec.rb on FIPS.Jun Aruga
https://github.com/ruby/openssl/commit/d07183f639
2023-09-06[ruby/openssl] test/openssl/test_pkey_ec.rb: refactor tests for ↵Kazuki Yamaguchi
EC.builtin_curves Check that OpenSSL::PKey::EC.builtin_curves returns an array in the expected format. Similarly to OpenSSL::Cipher.ciphers, OpenSSL::PKey::EC.builtin_curves returns a list of known named curves rather than actually usable ones. https://github.com/ruby/openssl/issues/671 found that the list may include unapproved (and thus unusable) curves when the FIPS module is loaded. https://github.com/ruby/openssl/commit/c53cbabe00
2023-09-06[ruby/openssl] Prefer String#unpack1Mau Magnaguagno
(https://github.com/ruby/openssl/pull/586) String#unpack1 avoids the intermediate array created by String#unpack for single elements, while also making a call to Array#first/[0] unnecessary. https://github.com/ruby/openssl/commit/8eb0715a42
2022-12-23[ruby/openssl] pkey/ec: check private key validity with OpenSSL 3Joe Truba
The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1 and 3.0 so that it no longer validates the private key. Instead, private keys can be validated through EVP_PKEY_private_check and EVP_PKEY_pairwise_check. [ky: simplified condition to use either EVP_PKEY_check() or EVP_PKEY_public_check().] https://github.com/ruby/openssl/commit/e38a63ab3d
2022-12-13[ruby/openssl] Use SHA256 instead of SHA1 where needed in tests.Jarek Prokop
Systems such as RHEL 9 are moving away from SHA1 disabling it completely in default configuration. https://github.com/ruby/openssl/commit/32648da2f6
2022-10-17[ruby/openssl] pkey/ec: check existence of public key component before exportingKazuki Yamaguchi
i2d_PUBKEY_bio() against an EC_KEY without the public key component trggers a null dereference. This is a regression introduced by commit https://github.com/ruby/openssl/commit/56f0d34d63fb ("pkey: refactor #export/#to_pem and #to_der", 2017-06-14). Fixes https://github.com/ruby/openssl/pull/527#issuecomment-1220504524 Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1221554057 https://github.com/ruby/openssl/commit/f6ee0fa4de
2022-10-17[ruby/openssl] pkey: restore support for decoding "openssl ecparam -genkey" ↵Kazuki Yamaguchi
output Scan through the input for a private key, then fallback to generic decoder. OpenSSL 3.0's OSSL_DECODER supports encoded key parameters. The PEM header "-----BEGIN EC PARAMETERS-----" is used by one of such encoding formats. While this is useful for OpenSSL::PKey::PKey, an edge case has been discovered. The openssl CLI command line "openssl ecparam -genkey" prints two PEM blocks in a row, one for EC parameters and another for the private key. Feeding the whole output into OSSL_DECODER results in only the first PEM block, the key parameters, being decoded. Previously, ruby/openssl did not support decoding key parameters and it would decode the private key PEM block instead. While the new behavior is technically correct, "openssl ecparam -genkey" is so widely used that ruby/openssl does not want to break existing applications. Fixes https://github.com/ruby/openssl/pull/535 https://github.com/ruby/openssl/commit/d486c82833
2021-12-20[ruby/openssl] pkey: deprecate PKey#set_* methodsKazuki Yamaguchi
OpenSSL 3.0 made EVP_PKEY immutable. This means we can only have a const pointer of the low level struct and the following methods can no longer be provided when linked against OpenSSL 3.0: - OpenSSL::PKey::RSA#set_key - OpenSSL::PKey::RSA#set_factors - OpenSSL::PKey::RSA#set_crt_params - OpenSSL::PKey::DSA#set_pqg - OpenSSL::PKey::DSA#set_key - OpenSSL::PKey::DH#set_pqg - OpenSSL::PKey::DH#set_key - OpenSSL::PKey::EC#group= - OpenSSL::PKey::EC#private_key= - OpenSSL::PKey::EC#public_key= There is no direct replacement for this functionality at the moment. I plan to introduce a wrapper around EVP_PKEY_fromdata(), which takes all key components at once to construct an EVP_PKEY. https://github.com/ruby/openssl/commit/6848d2d969
2021-12-20[ruby/openssl] pkey/ec: deprecate OpenSSL::PKey::EC#generate_key!Kazuki Yamaguchi
OpenSSL::PKey::EC#generate_key! will not work on OpenSSL 3.0 because keys are made immutable. Users should use OpenSSL::PKey.generate_key instead. https://github.com/ruby/openssl/commit/5e2e66cce8
2021-10-23[ruby/openssl] test/openssl/test_ssl: assume ECC supportKazuki Yamaguchi
Disabling ECC support of OpenSSL is impractical nowadays. We still try to have the C extension compile on no-ec builds (as well as no-dh or no-engine, etc.) as long as we can, but keeping test cases for such an extreme scenario is not worth the effort. https://github.com/ruby/openssl/commit/2cd01d4676
2021-10-23[ruby/openssl] test/openssl/utils: remove dup_public helper methodKazuki Yamaguchi
It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not work with OpenSSL 3.0. The same can easily be achieved using PKey#public_to_der regardless of the key kind. https://github.com/ruby/openssl/commit/7b66eaa2db
2021-07-18[ruby/openssl] pkey: implement PKey#sign_raw, #verify_raw, and #verify_recoverKazuki Yamaguchi
Add a variant of PKey#sign and #verify that do not hash the data automatically. Sometimes the caller has the hashed data only, but not the plaintext to be signed. In that case, users would have to use the low-level API such as RSA#private_encrypt or #public_decrypt directly. OpenSSL 1.0.0 and later supports EVP_PKEY_sign() and EVP_PKEY_verify() which provide the same functionality as part of the EVP API. This patch adds wrappers for them. https://github.com/ruby/openssl/commit/16cca4e0c4
2021-03-16[ruby/openssl] pkey/ec: deprecate OpenSSL::PKey::EC::Point#mul(ary, ary [, bn])Kazuki Yamaguchi
Deprecate it for future removal. However, I do not expect any application is affected by this. The other form of calling it, PKey::EC::Point#mul(bn [, bn]) remains untouched. PKey::EC::Point#mul calls EC_POINTs_mul(3) when multiple BNs are given as an array. LibreSSL 2.8.0 released on 2018-08 removed the feature and OpenSSL 3.0 which is planned to be released in 2020 will also deprecate the function as there is no real use-case. https://github.com/ruby/openssl/commit/812de4253d Notes: Merged: https://github.com/ruby/ruby/pull/4275
2021-03-16[ruby/openssl] pkey: add PKey::PKey#deriveKazuki Yamaguchi
Add OpenSSL::PKey::PKey#derive as the wrapper for EVP_PKEY_CTX_derive(). This is useful for pkey types that we don't have dedicated classes, such as X25519. https://github.com/ruby/openssl/commit/28f0059bea Notes: Merged: https://github.com/ruby/ruby/pull/4275
2020-05-13[ruby/openssl] Add Marshal support to PKey objectsBart de Water
https://github.com/ruby/openssl/commit/c4374ff041
2020-02-16Guard for OpenSSL::PKey::EC::Group::Error with unsupported platformsHiroshi SHIBATA
2020-02-16Import openssl-2.2.0 (#2693)Hiroshi SHIBATA
Import the master branch of ruby/openssl for preparing to release openssl-2.2.0 Notes: Merged-By: hsbt <hsbt@ruby-lang.org>
2019-06-06Skip one assertion for OpenSSL::PKey::EC::Point#mul on LibreSSLJeremy Evans
LibreSSL 2.8.0+ does not support multiple elements in the first argument.
2017-12-14openssl: import v2.1.0rhe
Import Ruby/OpenSSL 2.1.0. Commits since v2.1.0.beta2 can be found at: https://github.com/ruby/openssl/compare/v2.1.0.beta2...v2.1.0 ---------------------------------------------------------------- Kazuki Yamaguchi (8): test/test_ssl: prevent changing default internal encoding ssl: remove a misleading comment pkey/ec: rearrange PKey::EC::Point#initialize ssl: remove unreachable code asn1: fix docs pkey/ec: add support for octet string encoding of EC point Ruby/OpenSSL 2.0.7 Ruby/OpenSSL 2.1.0 eregon (1): Fix test-all tests to avoid creating report_on_exception warnings git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61235 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-03openssl: import v2.1.0.beta1rhe
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5 (imported by r59567) can be found at: https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1 ---------------------------------------------------------------- Antonio Terceiro (1): test/test_ssl: explicitly accept TLS 1.1 in corresponding test Colby Swandale (1): document using secure protocol to fetch git master in Bundler Colton Jenkins (1): Add fips_mode_get to return fips_mode Kazuki Yamaguchi (85): Start preparing for 2.1.0 Remove support for OpenSSL 0.9.8 and 1.0.0 bn: refine tests bn: implement unary {plus,minus} operators for OpenSSL::BN bn: implement OpenSSL::BN#negative? Don't define main() when built with --enable-debug test: let OpenSSL::TestCase include OpenSSL::TestUtils test: prepare test PKey instances on demand Add OpenSSL.print_mem_leaks Enable OSSL_MDEBUG on CI builds ssl: move default DH parameters from OpenSSL::PKey::DH Make exceptions with the same format regardless of OpenSSL.debug ssl: show reason of 'certificate verify error' in exception message ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384 ssl: do not confuse different ex_data index registries ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object Fix RDoc markup ssl: suppress compiler warning ext/openssl/deprecation.rb: remove broken-apple-openssl extconf.rb: print informative message if OpenSSL can't be found Rakefile: compile the extension before test kdf: introduce OpenSSL::KDF module ossl.h: add NUM2UINT64T() macro kdf: add scrypt Expand rb_define_copy_func() macro Expand FPTR_TO_FD() macro Remove SafeGet*() macros cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname() digest: rename GetDigestPtr() to ossl_evp_get_digestbyname() Add ossl_str_new(), an exception-safe rb_str_new() bio: simplify ossl_membio2str() using ossl_str_new() Remove unused functions and macros Drop support for LibreSSL 2.3 ocsp: add OpenSSL::OCSP::Request#signed? asn1: infinite length -> indefinite length asn1: rearrange tests ssl: remove a needless NULL check in SSL::SSLContext#ciphers ssl: return nil in SSL::SSLSocket#cipher if session is not started asn1: remove an unnecessary function prototype asn1: require tag information when instantiating generic type asn1: initialize 'unused_bits' attribute of BitString with 0 asn1: check for illegal 'unused_bits' value of BitString asn1: disallow NULL to be passed to asn1time_to_time() asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid asn1: allow constructed encoding with definite length form asn1: prohibit indefinite length form for primitive encoding asn1: allow tag number to be >= 32 for universal tag class asn1: use ossl_asn1_tag() asn1: clean up OpenSSL::ASN1::Constructive#to_der asn1: harmonize OpenSSL::ASN1::*#to_der asn1: prevent EOC octets from being in the middle of the content asn1: do not treat EOC octets as part of content octets x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry ssl: do not call session_remove_cb during GC Backport "Merge branch 'topic/test-memory-leak'" to maint cipher: update the documentation for Cipher#auth_tag= Rakefile: let sync:to_ruby know about test/openssl/fixtures test: fix formatting test/utils: remove OpenSSL::TestUtils.silent test/utils: add SSLTestCase#tls12_supported? test/utils: have start_server yield only the port number test/utils: do not set ecdh_curves in start_server test/utils: let server_loop close socket test/utils: improve error handling in start_server test/utils: add OpenSSL::TestUtils.openssl? and .libressl? test/utils: do not use DSA certificates in SSL tests test/test_ssl: remove test_invalid_shutdown_by_gc test/test_ssl: move test_multibyte_read_write to test_pair test/test_ssl_session: rearrange tests test/test_pair, test/test_ssl: fix for TLS 1.3 ssl: remove useless call to rb_thread_wait_fd() ssl: fix NPN support ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private ssl: use 2048-bit group in the default tmp_dh_cb ssl: ensure that SSL option flags are non-negative ssl: update OpenSSL::SSL::OP_* flags ssl: prefer TLS_method() over SSLv23_method() ssl: add SSLContext#min_version= and #max_version= ssl: rework SSLContext#ssl_version= test/test_x509name: change script encoding to ASCII-8BIT x509name: refactor OpenSSL::X509::Name#to_s x509name: add OpenSSL::X509::Name#to_utf8 x509name: add OpenSSL::X509::Name#inspect x509name: update regexp in OpenSSL::X509::Name.parse Ruby/OpenSSL 2.1.0.beta1 Marcus Stollsteimer (1): Fix rdoc for core Integer class nobu (4): [DOC] {read,write}_nonblock with exception: false [DOC] keyword argument _exception_ [DOC] mark up literals Revert r57690 except for read_nonblock git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-03-01openssl: avoid segfault during running tests on Ubuntu trustyrhe
Import the commit 6693a549d673 ("test/test_pkey_ec: do not use dummy 0 order", 2017-02-03) from upstream. Hopefully this will fix the segfault on RubyCI icc16-x64: http://rubyci.org/logs/rubyci.s3.amazonaws.com/icc-x64/ruby-trunk/log/20170301T050002Z.fail.html.gz git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-11-30openssl: import v2.0.0rhe
Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-08-29import Ruby/OpenSSL 2.0.0.beta.1rhe
* NEWS, {ext,test,sample}/openssl: Import Ruby/OpenSSL 2.0.0.beta.1. ext/openssl is now converted into a default gem. The full commit history since r55538 can be found at: https://github.com/ruby/openssl/compare/08e1881f5663...v2.0.0.beta.1 [Feature #9612] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-19openssl: implement initialize_copy method for PKey classesrhe
* ext/openssl/ossl_pkey_dh.c, ext/openssl/ossl_pkey_dsa.c, ext/openssl/ossl_pkey_ec.c, ext/openssl/ossl_pkey_rsa.c: Implement initialize_copy method for OpenSSL::PKey::*. [ruby-core:75504] [Bug #12381] * test/openssl/test_pkey_dh.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_ec.rb, test/openssl/test_pkey_rsa.rb: Test they actually copy the OpenSSL objects, and modifications to cloned object don't affect the original object. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-18openssl: avoid test crash on Ubuntu 16.04rhe
* test/openssl/test_pkey_ec.rb (setup): Don't call EC#generate_key! for Oakley-* curves. This causes an odd error on Ubuntu 16.04 with openssl 1.0.2g-1ubuntu4.1. begin OpenSSL::PKey::EC.new("Oakley-EC2N-4").generate_key rescue p $! end OpenSSL::PKey::RSA.new(512) This sometimes causes: #<OpenSSL::PKey::ECError: EC_KEY_generate_key: pairwise test failed> fips.c(139): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE [ruby-dev:49670] [Bug #12504] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55444 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-07openssl: adjust tests for OpenSSL 1.1.0rhe
This fixes `make test-all TESTS=openssl` with OpenSSL master. * test/openssl/test_x509name.rb: Don't register OID for 'emailAddress' and 'serialNumber'. A recent change in OpenSSL made OBJ_create() reject an already existing OID. They were needed to run tests with OpenSSL 0.9.6 which is now unsupported. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=52832e470f5fe8c222249ae5b539aeb3c74cdb25 [ruby-core:75225] [Feature #12324] * test/openssl/test_ssl_session.rb (test_server_session): Duplicate SSL::Session before re-adding to the session store. OpenSSL 1.1.0 starts rejecting SSL_SESSION once removed by SSL_CTX_remove_session(). https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c2d4fee2547650102cd16d23f8125b76112ae75 * test/openssl/test_pkey_ec.rb (setup): Remove X25519 from @keys. X25519 is new in OpenSSL 1.1.0 but this is for key agreement and not for signing. * test/openssl/test_pair.rb, test/openssl/test_ssl.rb, test/openssl/utils.rb: Set security level to 0 when using aNULL cipher suites. * test/openssl/utils.rb: Use 1024 bits DSA key for client certificates. * test/openssl/test_engine.rb: Run each test in separate process. We can no longer cleanup engines explicitly as ENGINE_cleanup() was removed. https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6d4fb1d59e61aacefa25edc4fe5acfe1ac93f743 * ext/openssl/ossl_engine.c (ossl_engine_s_cleanup): Add a note to the RDoc for Engine.cleanup. * ext/openssl/lib/openssl/digest.rb: Don't define constants for DSS, DSS1 and SHA(-0) when using with OpenSSL 1.1.0. They are removed. * test/openssl/test_digest.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_pkey_dsa.rb, test/openssl/test_ssl.rb, test/openssl/test_x509cert.rb, test/openssl/test_x509req.rb: Don't test unsupported hash functions. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55314 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-24openssl: add EC.generaterhe
* ext/openssl/ossl_pkey_ec.c (ec_key_new_from_group): Create a new EC_KEY on given EC group. Extracted from ossl_ec_key_initialize(). (ossl_ec_key_s_generate): Added. Create a new EC instance and generate a random private and public key. (ossl_ec_key_initialize): Use ec_key_new_from_group(). (Init_ossl_ec): Define the new method EC.generate. This change is for consistency with other PKey types. [ruby-core:45541] [Bug #6567] * test/openssl/test_pkey_ec.rb: Test that EC.generate works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-24openssl: rename EC#generate_key to EC#generate_key!rhe
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_generate_key): Fix up RDoc. (Init_ossl_ec): Rename EC#generate_key to EC#generate_key!. Make the old name an alias of #generate_key!. This change is for consistency with other PKey types. [ruby-core:45541] [Bug #6567] * test/openssl/test_pkey_ec.rb: Use EC#generate_key! instead of EC#generate_key. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55151 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-21openssl: add OpenSSL::PKey::EC#private? and #public?rhe
* ext/openssl/ossl_pkey_ec.c: rename PKey::EC#private_key? and #public_key? to #private? and #public? for consistency with other PKey types. Old names remain as alias. [ruby-core:45541] [Bug #6567] * test/openssl/test_pkey_ec.rb (test_check_key): check private? and public? works correctly. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-20openssl: improve handling of password for encrypted PEMrhe
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the argument to String with StringValue() and validate the length is in 4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers. (ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we used to pass the password to PEM_def_callback() directly but it was problematic. It is not NUL character safe. And surprisingly, it silently truncates the password to 1024 bytes. [GH ruby/openssl#51] * ext/openssl/ossl.h: Add function prototype declaration of newly added ossl_pem_passwd_value(). * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use ossl_pem_passwd_value() to validate the password String. * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export): ditto. * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize, ossl_ec_key_to_string): ditto. * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export): ditto. * test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18openssl: fix test failure due to the previous commitrhe
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): My previous commit r55059 was broken. I should have been more careful. Sorry. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18openssl: fix test failure of OpenSSL::TestEC#test_ec_point_mulrhe
* test/openssl/test_pkey_ec.rb (test_ec_point_mul): CentOS 7 patches OpenSSL to reject curves defined over a small field. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55059 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18openssl: clear OpenSSL error queue before return to Rubyrhe
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-18ext/openssl: refactor OpenSSL::PKey::EC::Point#mulrhe
* ext/openssl/ossl_pkey_ec.c (ossl_ec_point_mul): Validate the arguments before passing to EC_POINT(s)_mul(). Add description of this method. [ruby-core:65152] [Bug #10268] * test/openssl/test_pkey_ec.rb (test_ec_point_mul): Test that OpenSSL::PKey::EC::Point#mul works. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55048 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2015-12-16Add frozen_string_literal: false for all filesnaruse
When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-12-13* test/openssl/test_pkey_ec.rb: ignored tests with old OpenSSL.hsbt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48828 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-07-07* test/openssl/test_pkey_ec.rb: Skip tests for "Oakley" curves asemboss
they are not suitable for ECDSA. [ruby-core:54881] [Bug #8384] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41829 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-07-05* ext/openssl/ossl_pkey_ec.c: Ensure compatibility to builds ofemboss
OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not defined. * test/openssl/test_pkey_ec.rb: Iterate over built-in curves (and assert their non-emptiness!) instead of hard-coding them, as this may cause problems with respect to the different availability of individual curves in individual OpenSSL builds. [ruby-core:54881] [Bug #8384] Thanks to Vit Ondruch for providing the patch! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-08-21remove trainling spaces.nobu
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10* ext/openssl/ossl_pkey_ec.cemboss
test/openssl/test_pkey_ec.rb: Add support for EC_POINT_mul. Patch provided by Sambasiva Suda. Thanks! [ruby-core:44408][ruby-trunk - Feature #6310] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-06-10* ext/openssl/ossl.cemboss
ext/openssl/ossl_pkey_rsa.c ext/openssl/ossl_pkey_dsa.c ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less than four characters long, as OpenSSL itself does not allow this. Issue found by Eric Hodel. * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, following the PKey interface contract. * test/openssl/test_pkey_dsa.rb test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_ec.rb: Add tests that assert correct behaviour when dealing with passwords that are less than four characters long. [ruby-core: 42281][ruby-trunk - Bug #5951] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-22* ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DERemboss
fallback scenarios. * ext/openssl/ossl_pkey_dsa.c * ext/openssl/ossl_x509req.c * ext/openssl/ossl_pkey_rsa.c * ext/openssl/ossl_pkey_ec.c * ext/openssl/ossl_ssl_session.c * ext/openssl/ossl_x509crl.c * ext/openssl/ossl_pkey.c * ext/openssl/ossl_pkey_dh.c * ext/openssl/ossl_x509cert.c * ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset. * ext/openssl/ossl_ssl.c * ext/openssl/ossl_cipher.c * ext/openssl/ossl_pkey_ec.c * ext/openssl/ossl_pkcs12.c * ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by ossl_raise. This automatically flushes OpenSSL's error queue. * ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing fails. * test/openssl/test_pkey_ec.rb * test/openssl/test_pkey_dsa.rb * test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is empty. * test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in test_new. [ Ruby 1.9 - Bug #4885 ] [ruby-core:37134] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-13* test/openssl/test_ec.rbemboss
test/openssl/test_pkey_ec.rb: merge both files into test_pkey_ec.rb. Removed redundant group instantiation from PKey tests. * test/openssl/utils.rb: only create TEST_PKEY_EC_P256V1 if EC is defined. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32058 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2011-06-12* ext/openssl/ossl_pkey.c: added PKey.read module function that allowemboss
reading arbitrary public/private keys from DER-/PEM-encoded File or string instances. * ext/openssl/ossl_pkey_dh.c: improved documentation. * test/openssl/utils.rb: added EC test key. * test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from OpenSSL::TestUtils. * test/openssl/test_pkey_ec.rb: Created test file for EC tests. Test PKey.read. [Ruby 1.9 - Feature #4424] [ruby-core:35330] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e