| Age | Commit message (Collapse) | Author |
|---|
|
https://github.com/ruby/openssl/commit/27a9a92309
|
|
https://github.com/ruby/openssl/commit/11bd2efb2a
|
|
|
|
Before, passing the wrong number of arguments (e.g., 2) to
OpenSSL::PKey::EC::Group.new raised a generic "wrong number of
arguments"
error.
This change updates it to show the actual argument count and the
expected
options (1 or 4), making debugging easier for the user.
Example:
ArgumentError: wrong number of arguments (given 2, expected 1 or 4)
I hope it helps!
https://github.com/ruby/openssl/commit/783c99e6c7
|
|
Commit https://github.com/ruby/openssl/commit/1de3b80a46c2 (cipher: make output buffer String independent,
2024-12-10) ensures the output buffer String has sufficient capacity,
bu the length can be shorter. The assert() is simply incorrect and
should be removed.
Also remove a similar assert() in Cipher#final. While not incorrect, it
is not useful either.
https://github.com/ruby/openssl/commit/0ce6ab97dd
|
|
When d2i_PKCS7_bio() and PEM_read_bio_PKCS7() fail to decode the input,
OpenSSL::PKCS7.new currently raises ArgumentError. The usual practice
in ruby/openssl where an error originates from the underlying OpenSSL
library is to raise OpenSSL::OpenSSLError.
Raise OpenSSL::PKCS7::PKCS7Error instead for consistency with
OpenSSL::PKCS7.read_smime and all other existing #initialize methods
that handle DER/PEM-encoded inputs.
https://github.com/ruby/openssl/commit/67a608ce53
|
|
An OpenSSL function sometimes puts more than one error entry into the
thread-local OpenSSL error queue. Currently, we use the highest-level
entry for generating the exception message and discard the rest.
Let ossl_make_error() capture all current OpenSSL error queue contents
into OpenSSL::OpenSSLError#errors and extend
OpenSSL::OpenSSLError#detailed_message to include the information.
An example:
$ ruby -Ilib -ropenssl -e'OpenSSL::X509::ExtensionFactory.new.create_ext("a", "b")'
-e:1:in 'OpenSSL::X509::ExtensionFactory#create_ext': a = b: error in extension (name=a, value=b) (OpenSSL::X509::ExtensionError)
OpenSSL error queue reported 2 errors:
error:11000082:X509 V3 routines:do_ext_nconf:unknown extension name
error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension (name=a, value=b)
from -e:1:in '<main>'
https://github.com/ruby/openssl/commit/d28f7a9a13
|
|
In a newly allocated OpenSSL X509 object, the notBefore and notAfter
fields contain an ASN1_STRING object with type V_ASN1_UNDEF rather than
an ASN1_TIME.
Commit https://github.com/ruby/openssl/commit/73484f67949a made asn1time_to_time() stricter and it now raises
an exception if the argument is not an ASN1_TIME. Previously, it would
print a verbose-mode warning and return nil.
OpenSSL::X509::Certificate#inspect should work even when the certificate
is invalid. Let's handle this.
https://github.com/ruby/openssl/commit/18c283f2b6
|
|
The current logic relies on sscanf() and error checks are almost
entirely missing. It also assumes that ASN1_STRING contents are NUL
terminated, which is undocumented and not guaranteed for all valid
ASN1_TIME objects.
Switch to using ASN1_TIME_to_tm() added in OpenSSL 1.1.1. It is also
supported by LibreSSL and AWS-LC.
In the long term, we may want to replace ASN1_TIME_to_tm() with a
hand-rolled decoder, since the function is intended for a specific
use-case. It is too permissive for strict DER, yet still does not
support all valid DER inputs and silently drops information such as
fractional seconds. However, it handles everything that the current
sscanf() code could handle.
https://github.com/ruby/openssl/commit/73484f6794
|
|
ruby/openssl exposes OIDs to Ruby as strings in many places, but the
conversion logic has been duplicated and the behavior is inconsistent.
There are mainly two patterns:
- Returns the short name associated with the OID/NID, or the dotted
decimal notation if it is unknown to OpenSSL.
- Returns the long name, or the dotted decimal notation.
These patterns are implemented using different OpenSSL APIs and that
caused subtle differences. Add helper functions ossl_asn1obj_to_string()
and ossl_asn1obj_to_string_long_name() to unify the logic.
Also, document the current behaviors where it is not yet done. The
inconsistency was likely unintentional, but since it dates back to the
original implementations, standardizing it now would cause more issues
than it resolves.
https://github.com/ruby/openssl/commit/2ea36c21a4
|
|
curves
EC_GROUP_get_curve_name() returns NID_undef when OpenSSL does not
recognize the curve and there is no associated OID.
Handle this case explicitly and return nil instead of the string
"UNDEF", which should not be exposed outside the extension.
https://github.com/ruby/openssl/commit/2c16821c07
|
|
RHEL 9.7 ships OpenSSL 3.5.1 with ML-DSA support, but it is disabled
for TLS by default, according to the system configuration file:
/etc/crypto-policies/back-ends/opensslcnf.config
Specify SSLContext#sigalgs to override the default list.
https://github.com/ruby/openssl/commit/fac3a26748
|
|
This commit updates the Ruby version in the error message to follow the commit in Ruby master branch.
https://github.com/ruby/ruby/commit/6d81969b475262aba251e99b518181bdf7c5a523
https://github.com/ruby/openssl/commit/5a50a4d793
|
|
Remove the following subclasses of OpenSSL::PKey::PKeyError and make
them aliases of it.
- OpenSSL::PKey::DHError
- OpenSSL::PKey::DSAError
- OpenSSL::PKey::ECError
- OpenSSL::PKey::RSAError
Historically, methods defined on OpenSSL::PKey and OpenSSL::PKey::PKey
raise OpenSSL::PKey::PKeyError, while methods on the subclasses raise
their respective exception classes. However, this distinction is not
particularly useful since all those exception classes represent the
same kind of errors from the underlying EVP_PKEY API.
I think this convention comes from the fact that OpenSSL::PKey::{DH,
DSA,RSA} originally wrapped the corresponding OpenSSL structs DH, DSA,
and RSA, before they were unified to wrap EVP_PKEY, way back in 2002.
OpenSSL::PKey::EC::Group::Error and OpenSSL::PKey::EC::Point::Error
are out of scope of this change, as they are not subclasses of
OpenSSL::PKey::PKeyError and do not represent errors from the EVP_PKEY
API.
https://github.com/ruby/openssl/commit/e74ff3e272
|
|
Likewise, use EVP_MD_fetch() if it is available.
This adds support for AES-GCM-SIV with OpenSSL 3.2 or later.
https://github.com/ruby/openssl/commit/0e565a215e
|
|
With the introduction of OpenSSL 3 providers, newly implemented
algorithms do not necessarily have a corresponding NID assigned. To use
such an algorithm, it has to be "fetched" from providers using the new
EVP_*_fetch() functions.
For digest algorithms, we have to use EVP_MD_fetch() instead of the
existing EVP_get_digestbyname(). However, it is not a drop-in
replacement because:
- EVP_MD_fetch() does not support all algorithm name aliases recognized
by EVP_get_digestbyname().
- Both return an EVP_MD, but the one returned by EVP_MD_fetch() is
sometimes reference counted and the user has to explicitly release
it with EVP_MD_free().
So, keep using EVP_get_digestbyname() for all OpenSSL versions for now,
and fall back to EVP_MD_fetch() if it fails. In the latter case, prepare
a T_DATA object to manage the fetched EVP_MD's lifetime.
https://github.com/ruby/openssl/commit/9fc2179403
|
|
Raise OpenSSL::Cipher::CipherError instead of ArgumentError or
RuntimeError for consistency.
https://github.com/ruby/openssl/commit/78601c9c34
|
|
We generally raise OpenSSL::OpenSSLError or its subclass for errors
originating from the OpenSSL library, which may include extra details
appended by ossl_raise().
https://github.com/ruby/openssl/commit/9427a05ce5
|
|
Use explicit strings instead of relying on OpenSSL::ASN1::ObjectId
methods. It is reduced to just SHA-256 because testing other algorithms
does not improve test coverage for ruby/openssl.
https://github.com/ruby/openssl/commit/dcfd2e7b97
|
|
Previous commits removed all usages of those small keys.
https://github.com/ruby/openssl/commit/f9d87d7912
|
|
Use generic keys whenever possible.
https://github.com/ruby/openssl/commit/73d6a25360
|
|
Use generic keys whenever possible.
https://github.com/ruby/openssl/commit/90d6af60b9
|
|
Use generic keys whenever possible.
https://github.com/ruby/openssl/commit/cc4d40525c
|
|
Use generic keys whenever possible.
https://github.com/ruby/openssl/commit/ef4fa5e9b4
|
|
Use generic keys whenever possible.
https://github.com/ruby/openssl/commit/689fc271b1
|
|
Replace fixed-sized RSA keys with the generic rsa-{1,2,3}.pem keys.
Those test cases do not depend on specific keys or key sizes, and just
need several different keys.
Replace DSA keys with EC keys so that we can run more tests in the FIPS
mode, which do not seem to support DSA anymore.
Also, clean up duplicate test cases using very small keys or obsolete
hash functions.
rake test_fips no longer skips those test cases.
https://github.com/ruby/openssl/commit/3f3105429a
|
|
Freeze OpenSSL::SSL::SSLContext::DEFAULT_PARAMS so that it becomes
Ractor-shareable.
Also, prepare a new OpenSSL::X509::Store in Ractor-local storage, if
called from a non-main Ractor. OpenSSL::X509::Store currently is not a
shareable object.
https://github.com/ruby/openssl/commit/3d5271327c
|
|
Rely on OpenSSL's builtin DH parameters for TLS 1.2 and earlier instead
of providing a default SSLContext#tmp_dh_callback proc.
SSL_CTX_set_dh_auto() has been available since OpenSSL 1.1.0.
The parameters can still be overridden by specifying
SSLContext#tmp_dh_callback or #tmp_dh, as confirmed by existing tests.
SSLContext#tmp_dh_callback depends on a deprecated OpenSSL feature. We
also prefer not to hard-code parameters, which is a maintenance burden.
This change also improves Ractor compatibility by removing the
unshareable proc.
https://github.com/ruby/openssl/commit/9cfec9bf5e
|
|
Update the test case to explicitly load both the "default" and the
"legacy" providers.
Currently, the "default" provider as a side effect by the
OpenSSL::PKey::DH.new call in lib/openssl/ssl.rb. It will be cleaned up
in a following patch.
https://github.com/ruby/openssl/commit/013db02fb2
|
|
- Generate smaller parameters in test_new_generate. Generating 2048-bit
parameters is slow and sometimes takes a few minutes on GitHub-hosted
CI runners. Also test the DH.generate alias, not just DH.new.
- Simplify test_new_break to just check exceptions raised in the block
because it is redundant.
- Remove unnecessary OpenSSL::PKey::DH#public_key calls.
- Update bare "assert" with more appropriate methods.
https://github.com/ruby/openssl/commit/8bc7442310
|
|
OpenSSL 3.0
Raise ArgumentError if this is attempted when the extension is compiled
with OpenSSL 3.0 or later. The form will be fully removed when we drop
support for OpenSSL 1.1.1.
When OpenSSL::PKey::{DH,DSA,EC,RSA}.new is called without any arguments,
it sets up an empty corresponding low-level struct and wraps it in an
EVP_PKEY. This is useful when the user later fills the missing fields
using low-level setter methods such as OpenSSL::PKey::RSA#set_key.
Such setter methods are not compatible with OpenSSL 3.0 or later, where
EVP_PKEY is immutable once created. This means that the ability to
create an empty instance is useless.
https://github.com/ruby/openssl/commit/affd569f78
|
|
test_post_connect_check_with_anon_ciphers:
test_tmp_dh_callback:
test_tmp_dh:
DH missing the q value on unknown named parameters (ciphers) is not
FIPS-approved, according to the FIPS-186-4 APPENDIX B: Key Pair Generation -
B.1.1 Key Pair Generation Using Extra Random Bits, the inputs p, q, and g are
required. However, TLS doesn't send q.
https://csrc.nist.gov/pubs/fips/186-4/final
OpenSSL has a special workaround to recover the missing "q" value for known
named parameters, which is the reason why other tests that use the default
parameters in `lib/openssl/ssl.rb` are working.
Note that the test_post_connect_check_with_anon_ciphers test got the following error on
`OpenSSL.debug = true` in FIPS.
```
/home/jaruga/var/git/ruby/openssl/lib/openssl/ssl.rb:551: warning: error on stack: error:0A0C0103:SSL routines:tls_construct_server_key_exchange:internal error
```
test_get_ephemeral_key:
kRSA (PKCS1-v1_5 padding) is not allowed in FIPS according to the
NIST SP 800-131A Rev. 2 - 6 Key Agreement and Key Transport Using RSA -
Table 5: Approval Status for the RSA-based Key Agreement and Key Transport
Schemes - PKCS1-v1_5 padding - Disallowed after 2023
https://csrc.nist.gov/pubs/sp/800/131/a/r2/final
Note that the test_get_ephemeral_key test got the following error on
`OpenSSL.debug = true` in FIPS.
```
test/openssl/test_ssl.rb:2326: warning: error on stack: error:1C8000A8:Provider routines:rsa_encrypt:invalid padding mode
```
https://github.com/ruby/openssl/commit/ac3559e51e
|
|
failures
(https://github.com/ruby/openssl/pull/939)
* Add AuthTagError exception for AEAD authentication failures
- Add OpenSSL::Cipher::AuthTagError as a subclass of CipherError
- Raise AuthTagError specifically for AEAD cipher authentication tag verification failures
- Enhanced error messages: 'AEAD authentication tag verification failed' for auth failures
- Precise detection: Only EVP_CipherFinal_ex failures in AEAD ciphers raise AuthTagError
- All other errors (key setup, IV setup, update failures, etc.) still raise CipherError
- Comprehensive test coverage for GCM/CCM modes and error inheritance
- Fully backwards compatible: AuthTagError < CipherError
https://github.com/ruby/openssl/commit/9663b09040
|
|
OSSL_DECODER"
This reverts commit https://github.com/ruby/openssl/commit/5347880c6eb0 and
https://github.com/ruby/openssl/commit/985ba27d6339.
These commits attempted to stop processing after the first relevant PEM
block, whether it is successful or not, when the input contains multiple
keys.
It turned out that it cannot be reliably determined using the
OSSL_DECODER API. There is an edge case where OSSL_DECODER_from_bio()
reports "unsupported" even though the input actually contains an error:
https://redirect.github.com/ruby/openssl/pull/931#discussion_r2347813807
Revert the changes for now and keep the existing behavior, as partial
support does not seem worth the added complexity.
https://github.com/ruby/openssl/commit/319cd4952a
|
|
Continue processing only when OSSL_DECODER_from_bio() returns the error
code ERR_R_UNSUPPORTED. Otherwise, raise an exception without retrying
decoding the input in another format.
This fixes another case where OpenSSL::PKey.read prompts for a
passphrase multiple times when the input contains multiple
passphrase-protected PEM blocks and the first one cannot be decoded.
I am not entirely sure if the error code ERR_R_UNSUPPORTED is considered
part of the public interface of OpenSSL, but this seems to be the only
option available and is the approach used internally by the
PEM_read_bio_*() functions.
Fixes https://github.com/ruby/openssl/issues/927
https://github.com/ruby/openssl/commit/985ba27d63
|
|
Specify OSSL_DECODER_CTX_set_pem_password_cb() only when we expect a
passphrase-protected private key.
OSSL_DECODER appears to try to decrypt every PEM block in the input even
when the PEM header does not match the requested selection. This can
cause repeated prompts for a passphrase in a single OpenSSL::PKey.read
call.
https://github.com/ruby/openssl/commit/933503f49f
|
|
Add tests covering edge cases in the current behavior to prevent
accidental regressions. The next patches will update the OpenSSL 3.x
path.
https://github.com/ruby/openssl/commit/468f8ceea2
|
|
In OpenSSL's master branch, importing/loading a key in the FIPS mode
automatically performs a pair-wise consistency check. This breaks tests
for OpenSSL::PKey::EC#check_key and DH#params_ok? as they use
deliberately invalid keys. These methods would not be useful in the
FIPS mode anyway.
Fixes https://github.com/ruby/openssl/issues/926
https://github.com/ruby/openssl/commit/25ad8f4bdb
|
|
Add a simple test case that creates an enveloped-data structure without
using the shorthand method, and fix two issues preventing this from
working correctly.
First, OpenSSL::PKey::PKCS7#add_recipient currently inserts an
incomplete PKCS7_RECIP_INFO object into the PKCS7 object. When
duplicating an unfinalized PKCS7_RECIP_INFO, the internal X509 reference
must also be copied, as it is later used by #add_data to fill the rest.
A similar issue with #add_signer was fixed in commit https://github.com/ruby/openssl/commit/20ca7a27a86e
(pkcs7: keep private key when duplicating PKCS7_SIGNER_INFO,
2021-03-24).
Second, #add_data calls PKCS7_dataFinal(), which for enveloped-data
appears to require the BIO to be flushed explicitly with BIO_flush().
Without this, the last block of the encrypted data would be missing.
https://github.com/ruby/openssl/commit/9595ecf643
|
|
Only call PKCS7_get_detached() if the PKCS7 object is a signed-data.
This is only useful for the content type, and leaves an error entry if
called on a PKCS7 object with a different content type.
https://github.com/ruby/openssl/commit/8997f6d5e6
|
|
This includes:
- Update test keys to the generic rsa-{1,2,3}.pem.
- Add omissions for enveloped-data tests so that the rest can be
tested in the FIPS mode.
- Add tests for PKCS7#error_string and #data.
- Check more error paths.
- Various style fixes.
https://github.com/ruby/openssl/commit/58f0022de3
|
|
Commit https://github.com/ruby/openssl/commit/ef277083ba76 overlooked a caller of ossl_x509_new() with NULL
argument. OpenSSL::X509::StoreContext#current_cert may not have a
certificate to return if StoreContext#verify has not been called.
https://github.com/ruby/openssl/commit/4149b43890
|
|
The key files were created by the following commands.
```
$ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \
-algorithm mldsa65 \
-out mldsa65-1.pem
$ ${HOME}/.local/openssl-3.6.0-dev-fips-debug-8253b58d60/bin/openssl genpkey \
-algorithm mldsa65 \
-out mldsa65-2.pem
```
PQC algorithms, ML-KEM (FIPS 203) and ML-DSA (FIPS 204) used in the PQC tests
are supported on OpenSSL 3.5 or later.
https://openssl-library.org/post/2025-04-08-openssl-35-final-release/
https://github.com/ruby/openssl/commit/f3bb316018
|
|
These methods are useful to test post-quantum cryptography (PQC) cases.
https://github.com/ruby/openssl/commit/434ef74452
|
|
https://github.com/ruby/openssl/commit/dbfcc44b37
|
|
Use OpenSSL::TestCase instead of OpenSSL::SSLTestCase.
Prefer assert_true and assert_false over the bare assert and refute.
OpenSSL.fixed_length_secure_compare and OpenSSL.secure_compare will
only return true or false, and it should be checked.
https://github.com/ruby/openssl/commit/3d9938ed40
|
|
Update GitHub Actions workflows to set OSSL_TEST_ALL=1.
Exclude a few slow tests that are not critical for local development,
unless OSSL_TEST_ALL=1 is set. The bindings code paths are still reached
by other tests with smaller inputs, and failures in those would likely
indicate an issue in OpenSSL rather than in the bindings.
Newly excluded tests include generating large DSA keys and measuring
CRYPTO_memcmp() timing. These tests currently take nearly half of the
total runtime.
https://github.com/ruby/openssl/commit/382eca2aec
|
|
ASN.1 UTCTime uses two-digit years. While X.680 does not specify how to
map them as far as I can tell, X.509/PKIX uses this type to represent
dates between year 1950-2049.
OpenSSL::ASN1.decode has used 1969-2068 since the initial
implementation. Given that ASN1::UTCTime#to_der relies on OpenSSL
ASN1_UTCTIME type, which assumes the 1950-2049 range, this was likely
unintentional.
Use the range 1950-2049 consistently, and fix decoding of X.509
certificates with dates in 1950-1968.
https://github.com/ruby/openssl/commit/b8b38e1438
|
|
TLS 1.3 renamed the "elliptic_curves" extension to "supported_groups"
to reflect that it now covers more than just ECDH groups. OpenSSL 1.1.1
followed this change by renaming the corresponding API from
SSL_CTX_set1_curves_list() to SSL_CTX_set1_groups_list().
Update ruby/openssl to use the new name, too. The current method name
SSLContext#ecdh_curves= is retained as an alias for #group=.
https://github.com/ruby/openssl/commit/59e98604e0
|
|
Algorithms implemented only in OpenSSL 3 providers may not have a
corresponding NID. The *_ex() variants have been added in OpenSSL 3.0
to handle such algorithms, by taking algorithm names as a string.
https://github.com/ruby/openssl/commit/e730e457cc
|
