Call ossl_pkey_check_public_key() to ensure that
EVP_PKEY_missing_parameters() passes. This check should be cheap.
DSA#{to_der,to_pem,export,to_s} and PKey#{public_to_der,public_to_pem}
cause a segfault if the receiver is an empty DSA instance with no
parameters set.
Fixes <https://github.com/ruby/openssl/issues/845>.
5aeed935e5
In OpenSSL 3.4, TS_VERIFY_CTX_set_certs() and TS_VERIFY_CTX_set_store()
are deprecated in favor of the new functions with "set0" in the names.
The new functions have a slightly different behavior. They will free the
previous value automatically. Increment the reference counter of
X509_STORE before setting it to TS_VERIFY_CTX, and do not try to
manually unset it.
We avoided doing this to work around a bug that was present in older
versions of OpenSSL, which has now been fixed in OpenSSL 1.0.2 by commit
bff9ce4db3.
ce37f7d93a
The returned Hash from these methods contain 0 in place of a missing
parameter in the key, for example:
pkey = OpenSSL::PKey.read(OpenSSL::PKey::RSA.new(2048).public_to_pem)
pp pkey.params
#=>
# {"n"=>#<OpenSSL::BN 2869346734[...snip]>,
# "e"=>#<OpenSSL::BN 65537>,
# "d"=>#<OpenSSL::BN 0>,
# "p"=>#<OpenSSL::BN 0>,
# "q"=>#<OpenSSL::BN 0>,
# "dmp1"=>#<OpenSSL::BN 0>,
# "dmq1"=>#<OpenSSL::BN 0>,
# "iqmp"=>#<OpenSSL::BN 0>}
Let's use nil instead, which is more appropriate for indicating a
missing value.
f247ec3dec
Move the definitions to lib/openssl/pkey.rb. They need not to be in the
extension and can be implemented using existing methods.
This reduces direct usage of the now-deprecated OpenSSL APIs around the
low-level structs such as DH, DSA, or RSA.
c14178f387
Commit 3bbf5178a9 made blocking methods on SSLSocket follow the
IO#timeout= value. The commit changed io_wait_readable() to potentially
raise an exception without unlocking the String.
The String is currently locked for the entire duration of a #sysread
method call. This does not seem to be necessary, as SSL_read() does not
require that the same buffer is specified when retrying. Locking the
String during each SSL_read() call should be sufficient.
8f791d73f5
While the struct is currently still public in OpenSSL, there has been
an accessor since OpenSSL 0.9.8h. It would be nice if this accessor
could be used so that the struct can be made opaque at some point in
the future.
812aeab2f5
Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and
it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2.
Distributions that shipped with OpenSSL 1.1.0 include:
- Debian 9 (EOL 2022-06)
- Ubuntu 18.04 LTS (EOL 2023-04)
ba83abe920
The dir_config was introduced by Ruby trunk r4181. Since support for
Kerberos cipher suites has been removed in OpenSSL 1.1.0, it is no
longer necessary.
Although ruby/openssl did not directly depend on the MIT Kerberos
library, it was an optional transitive dependency. Unless it was
disabled by a compile-time option, the OpenSSL headers would try to
include <krb5.h>.
78d028c332
Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12.
Most distributions that shipped with OpenSSL 1.0.2 have also reached
EOL, or provide a newer version in the package repository:
- RHEL 7 (EOL 2024-06)
- Ubuntu 16.04 LTS (EOL 2021-04)
- Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via
the openssl11{,-devel} package)
38ec6fd50e
[Bug #20972]
The `rb_str_new_freeze` was added in https://github.com/ruby/openssl/issues/452
to better handle concurrent use of a Socket, but SSL sockets can't be used
concurrently AFAIK, so we might as well just error cleanly.
By using `rb_str_locktmp` we can ensure attempts at concurrent write
will raise an error, be we avoid causing a copy of the bytes.
We also use the newer `String#append_as_bytes` method when available
to save on some more copies.
0d8c17aa85
Co-Authored-By: luke.gru@gmail.com
OpenSSL::Digest#finish overrides Digest::Instance#finish and is called
from the Digest::Class framework in the digest library. This method is
not supposed to take any arguments, as suggested by the RDoc comment for
Digest::Instance#finish.
It is a private method and not exposed to users. Let's remove it.
This optional parameter exists since r15602 in Ruby trunk, the commit
which converted OpenSSL::Digest to a subclass of Digest::Class.
dcb2a4f30b
OpenSSL::Cipher#update accepts a String as the second argument to be
used as the output buffer. The buffer must be directly writable, in
other words, it must not be frozen and not a shared string.
rb_str_resize() does not make the String independent if the String
already has the intended length. Use the rb_str_modify() family instead
to check it.
Fixes: https://bugs.ruby-lang.org/issues/209371de3b80a46
Add a binding for PKCS12_set_mac() to set MAC parameters and
(re-)calculate MAC for the content.
This allows generating PKCS #12 with consistent MAC parameters with
different OpenSSL versions. OpenSSL 3.0 changed the default hash
function used for HMAC and the KDF from SHA-1 to SHA-256.
Fixes: https://github.com/ruby/openssl/issues/772f5ed2a74b6
Apply SSL options set in DEFAULT_PARAMS without clearing existing
options.
It currently clears options in order to avoid setting one of the
options included in OpenSSL::SSL::OP_ALL unless explicitly specified,
namely OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. Now that
OpenSSL::SSL::OP_ALL has been removed from SSLContext#initialize, it is
no longer necessary.
77c3db2d65
Respect the SSL options set by default by SSL_CTX() and by the
system-wide OpenSSL configuration file.
OpenSSL::SSL::SSLContext#initialize currently adds OpenSSL::SSL::OP_ALL
on top of the default SSL options. Let's stop doing it.
OpenSSL::SSL::OP_ALL is a set of options that changes OpenSSL's behavior
to workaround various TLS implementation bugs. Using it is considered
usually safe, but is not completely harmless.
00bec0d905
get_asn1obj() is used by several methods in OpenSSL::Timestamp to get
the string representation of an OID. On an error, such as memory
allocation failure, it can raise OpenSSL::X509::AttributeError. It
should be OpenSSL::Timestamp::TimestampError instead.
a424aad1df
Internals of OpenSSL::PKCS7 should be kept within ossl_pkcs7.c.
Add a new ossl_pkcs7_new() function for duplicating and wrapping an
OpenSSL PKCS7 object in OpenSSL::PKCS7. This follows the convention
used by other ossl_*_new() functions.
b5f79f771e
Follow-up commit 0789643d73 (openssl: clear OpenSSL error
queue before return to Ruby, 2016-05-18). It should raise
OpenSSL::X509::StoreError instead of OpenSSL::X509::CertificateError.
0201f23ad6
It should raise OpenSSL::Netscape::SPKIError instead of
OpenSSL::X509::CertificateError.
No test cases covered this because it only occurs in exceptional
cases, such as memory allocation failure.
527b6101d1
Fix a copy-and-paste error introduced in commit 74f6c61756 (pkey:
allocate EVP_PKEY on #initialize, 2021-04-12).
It should raise OpenSSL::PKey::ECError instead of
OpenSSL::PKey::DSAError.
b1f6a04abf
Check the ID_callback_state ivar after SSL_read() or SSL_write()
returns, similar to what ossl_start_ssl() does.
Previously, callbacks that can raise a Ruby exception were only called
from ossl_start_ssl(). This has changed in OpenSSL 1.1.1. Particularly,
the session_new_cb will be called whenever a client receives a
NewSessionTicket message, which can happen at any time during a TLS 1.3
connection.
aac9ce1304
ssl_servername_cb() is a callback function called from OpenSSL and Ruby
exceptions must not be raised from it. Allocate the Array within
rb_protect().
3a2bf74d35
Allow requests to be signed using Ed25519 private keys by passing a nil digest.
This is similar to commit b0fc100091 when signing certs.
Calling PKey#public_key is deprecated and does not work for Ed25519. The same
can be accomplished by passing the private key.
d96090320d
Compare by the dotted decimal notation rather than the NID.
OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.
The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.
Fixes: https://github.com/ruby/openssl/issues/791
The implementation of OpenSSL::X509::Certificate#crl_uris makes the
assumption that each DistributionPoint in the CRL distribution points
extension contains a single general name of type URI. This is not
guaranteed by RFC 5280. A DistributionPoint may contain zero or more
than one URIs.
Let's include all URIs found in the extension. If only non-URI pointers
are found, return nil.
Fixes: https://github.com/ruby/openssl/issues/77571f4fef2fa
Require that users explicitly specify the desired algorithm. In my
opinion, we are not in a position to specify the default cipher.
When OpenSSL::PKCS7.encrypt is given only two arguments, it uses
"RC2-40-CBC" as the symmetric cipher algorithm. 40-bit RC2 is a US
export-grade cipher and considered insecure.
Although this is technically a breaking change, the impact should be
minimal. Even when OpenSSL is compiled with RC2 support and the macro
OPENSSL_NO_RC2 is not defined, it will not actually work on modern
systems because RC2 is part of the legacy provider.
439f456bfa
The SSL ex_data index is used for storing the verify_callback Proc. The
only user of it, ossl_ssl_verify_callback(), can find the callback by
looking at the SSLContext object which is always known.
3a3d6e258b
