| Age | Commit message (Collapse) | Author |
|---|
|
* ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the
argument to String with StringValue() and validate the length is in
4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers.
(ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we
used to pass the password to PEM_def_callback() directly but it was
problematic. It is not NUL character safe. And surprisingly, it
silently truncates the password to 1024 bytes. [GH ruby/openssl#51]
* ext/openssl/ossl.h: Add function prototype declaration of newly
added ossl_pem_passwd_value().
* ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use
ossl_pem_passwd_value() to validate the password String.
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export):
ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize,
ossl_ec_key_to_string): ditto.
* ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export):
ditto.
* test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55087 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify()
family may put errors on 0 return (0 means verification failure).
Clear OpenSSL error queue before return to Ruby. Since the queue is
thread global, remaining errors in the queue can cause an unexpected
error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215]
* ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto.
* ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto.
* ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error
queue before re-raising exception.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto.
* test/openssl: check that OpenSSL.errors is empty every time after
running a test case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55051 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/utils.rb (OpenSSL::TestUtils): ignore out-of-date
OpenSSL before 1.0.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
added timeout into testcase for low performance environment.
[Bug #9984][ruby-core:63367]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47362 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
finalizes only a copy of the digest context, the context must be
cleaned up after initialization by EVP_MD_CTX_cleanup() or a
memory leak will occur. [ruby-core:62038] [Bug #9743]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45595 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ext/openssl/ossl_pkey_rsa.c
ext/openssl/ossl_pkey_dsa.c
ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less
than four characters long, as OpenSSL itself does not allow this.
Issue found by Eric Hodel.
* ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem,
following the PKey interface contract.
* test/openssl/test_pkey_dsa.rb
test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_ec.rb: Add tests that assert correct
behaviour when dealing with passwords that are less than four
characters long.
[ruby-core: 42281][ruby-trunk - Bug #5951]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl.c (ossl_pem_passwd_cb0, ossl_verify_cb):
pem_passwd_cb and verify_cb ignores the exception raised in a
callback proc so it should clear $! for subsequent execution.
That's said, both subsequent processes for pem_passwd_cb and
verify_cb raises another exception before leaking $! to Ruby world.
We cannot test this fix in Ruby land.
* test/openssl/test_pkey_rsa.rb
(test_read_private_key_pem_pw_exception): Test for pem_passwd_cb +
exception.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34078 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
exponent value correctly. Awful bug. This bug caused exponent of
generated key to be always '1'. By default, and regardless of e
given as a parameter.
!!! Keys generated by this code (trunk after 2011-09-01) must be
re-generated !!! (ruby_1_9_3 is safe)
* test/openssl/test_pkey_rsa.rb: Add tests for default exponent and
specifying exponent by a parameter.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
t = Thread.new { print "."; sleep 0.1 }
key = OpenSSL::PKey::RSA.new(2048)
#=> Thread t works in parallel with public key generation if
OS/machine allows it.
This works with OpenSSL >= 0.9.8. From this version, it has new
public key generation function which allows us to interrupt the
execution while pkey generation iterations.
* ext/openssl/extconf.rb: Check existence of OpenSSL's new public key
generation function. (DH_generate_parameters_ex,
DSA_generate_parameters_ex and RSA_generate_key_ex.
* ext/openssl/ossl_pkey.{h,c} (ossl_generate_cb_2,
ossl_generate_cb_stop): Added new callback function for OpenSSL pkey
generation which handles Thread interruption by Ruby.
ossl_generate_cb_stop is the unblock function(ubf) for Ruby which
sets a stop flag. New pkey generation callback ossl_generate_cb_2
checks the stop flag at each iterations of OpenSSL and interrupts
pkey generation when the flag is set.
* ext/openssl/ossl_pkey_dsa.c (dsa_generate): Call
rb_thread_blocking_region with the above unblock function to release
GVL while pkey generation.
* ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto.
* ext/openssl/ossl_pkey_dh.c (dh_generate): ditto.
* test/openssl/test_pkey_{dh,dsa,rsa}.rb: Test it.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fallback scenarios.
* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.
* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
ossl_raise. This automatically flushes OpenSSL's error queue.
* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
fails.
* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
empty.
* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
test_new.
[ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32076 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
reading arbitrary public/private keys from DER-/PEM-encoded File or
string instances.
* ext/openssl/ossl_pkey_dh.c: improved documentation.
* test/openssl/utils.rb: added EC test key.
* test/openssl/test_pkey_rsa.rb
test/openssl/test_pkey_dsa.rb: Test PKey.read. Reuse keys from
OpenSSL::TestUtils.
* test/openssl/test_pkey_ec.rb: Created test file for EC tests.
Test PKey.read.
[Ruby 1.9 - Feature #4424] [ruby-core:35330]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32036 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31640 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkey_dsa.rb: Add basic tests and tests that
ensure new public key PEM encoding behavior and ensure backward
compatibility.
[Ruby 1.9 - Bug #4422] [ruby-core:35328]
* test/openssl/test_pkey_rsa.rb: Remove line with 'puts'.
previous revision: 31561
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* test/openssl/test_pkey_rsa.rb: Add tests that ensure new public key
encoding behavior and also ensure backward compatibility.
[Ruby 1.9 - Bug #4421, Bug #4422] [ruby-core:35327,35328]
previous revision: 31559
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31560 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/openssl/ossl_digest.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey.h
* test/openssl/pkey/test_pkey_rsa.rb
Reverted premature commit. Sorry for the noise!
Previous revision: 31555
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* NEWS: Describe altered behaviour for RSA and DSA public key
encoding. [Ruby 1.9 - Bug #4421, Bug #4422]
[ruby-core:35327,35328]
Previous revision: 31553
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31554 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
pop pushed error after each try of reading. fixes #4550
* ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize): ditto.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_initialize): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31244 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30220 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
an instance variable "private" is added to OpenSSL::PKey class.
this ivar is a flag that shows whether there is a private key
in the instance.
* ext/openssl/ossl_engine.c: (ossl_engine_load_privkey): set private
key flag.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ossl_rsa_public_decrypt, ossl_rsa_private_encrypt,
ossl_rsa_private_decrypt): should take an optional argument
to specify padding mode. [ruby-talk:122539]
* ext/openssl/ossl_pkey_rsa.c (Init_ossl_rsa): add new constants
PKCS1_PADDING, SSLV23_PADDING, NO_PADDING and PKCS1_OAEP_PADDING
under OpenSSL::PKey::RSA.
* test/openssl/test_pkey_rsa.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7465 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
