If SSL_CTX_add_extra_chain_cert() fails, the refcount of x509 must be
handled by the caller. This should only occur due to a malloc failure
inside the function.
80bcf727dc
OpenSSL::Cipher#encrypt and #decrypt have long supported a hidden
feature to derive a key and an IV from the String argument, but in an
inappropriate way.
This feature is undocumented, untested, and has been deprecated since
commit 0dc43217b1 on 2004-06-30,
which started printing a non-verbose warning. More than 20 years later,
it must be safe to remove it entirely.
The deprecated usage:
# `password` is a String, `iv` is either a String or nil
cipher = OpenSSL::Cipher.new("aes-256-cbc")
cipher.encrypt(password, iv)
p cipher.update("data") << cipher.final
was equivalent to:
cipher = OpenSSL::Cipher.new("aes-256-cbc")
cipher.encrypt
iv ||= "OpenSSL for Ruby rulez!"
key = ((cipher.key_len + 15) / 16).times.inject([""]) { |ary, _|
ary << OpenSSL::Digest.digest("MD5", ary.last + password + iv[0, 8].ljust(8, "\0"))
}.join
cipher.key = key[...cipher.key_len]
cipher.iv = iv[...cipher.iv_len].ljust(cipher.iv_len, "\0")
p cipher.update("data") << cipher.final
e46d992ea1
EOC octets are required at the end of contents of a constructed encoding
that uses the indefinite length form. This cannot be assumed from the
end of the input. Raise an exception when necessary.
bc20c13a7c
Correctly pass the new object assigned by StringValue() to
ossl_ssl_write_internal_safe().
This is a follow-up to commit 0d8c17aa85 (Reduce
OpenSSL::Buffering#do_write overhead, 2024-12-21).
3ff096196a
These functions wrap X509v3_get_ext_count(). The implementation can
never return a negative number, and this behavior is documented in the
man page.
5164725855
Always use explicit NULL checks before interacting with STACK_OF(*).
Even though most OpenSSL functions named sk_*() do not crash if we pass
NULL as the receiver object, depending on this behavior would be a bad
idea.
Checks for a negative number return from sk_*_num() are removed. This
can only happen when the stack is NULL.
ossl_*_sk2ary() must no longer be called with NULL.
84cffd4f77
CI Changes
1. I've split the original patch up to make it easier to digest, but
that forces my hand to turn off testing in the AWS-LC CI for the time
being. However, do let me know if you would prefer to review the test
adjustments in the same PR and I can remove the temporary CI workaround.
2. AWS-LC has a few no-op functions and we use -Wdeprecated-declarations
to alert the consuming application of these. I've leveraged the
skip-warnings CI option so that the build doesn't fail.
Build Adjustments
1. AWS-LC FIPS mode is decided at compile time. This is different from
OpenSSL's togglable FIPS switch, so I've adjusted the build to account
for this.
2. AWS-LC does not support for the two KEY_SIG or KEY_EX flags that were
only ever supported by old MSIE.
3. AWS-LC has no current support for post handshake authentication in
TLS 1.3.
4. EC_GROUP structures for named curves in AWS-LC are constant, static,
and immutable by default. This means that the EC_GROUP_set_* functions
are essentially no-ops due to the immutability of the structure. We've
introduced a new API for consumers that depend on the OpenSSL's default
mutability of the EC_GROUP structure called
EC_GROUP_new_by_curve_name_mutable. Since Ruby has a bit of
functionality that's dependent on the mutability of these structures,
I've made the corresponding adjustments to allow things to work as
expected.
e53ec5a101
The method has two forms, each corresponding to EC_POINT_mul() and
EC_POINTs_mul(). The latter form does not work with any OpenSSL or
LibreSSL versions that are still supported by upstream.
The latter form has an extremely confusing behavior, too, and using it
would print a deprecation warning since commit 812de4253d in 2020,
which went to 3.0.0. Let's remove it.
7343d3c559
Make these methods simple wrappers around
SSL_CTX_set_{min,max}_proto_version().
When we introduced these methods in commit 18603949d3 [1], which went
to v2.1.0, we added a private method to SSLContext that set both the
minimum and maximum protocol versions at the same time. This was to
allow emulating the behavior using SSL options on older OpenSSL versions
that lack SSL_CTX_set_{min,max}_proto_version(). Since we no longer
support OpenSSL 1.0.2, the related code has already been removed.
In OpenSSL 1.1.1 or later, setting the minimum or maximum version to 0
is not equivalent to leaving it unset. Similar to SSL options, which we
avoid overwriting as of commit 00bec0d905 and commit 77c3db2d65 [2],
a system-wide configuration file may define a default protocol version
bounds. Setting the minimum version should not unset the maximum
version, and vice versa.
[1] https://github.com/ruby/openssl/pull/142
[2] https://github.com/ruby/openssl/pull/7675766386321
Call ossl_pkey_check_public_key() to ensure that
EVP_PKEY_missing_parameters() passes. This check should be cheap.
DSA#{to_der,to_pem,export,to_s} and PKey#{public_to_der,public_to_pem}
cause a segfault if the receiver is an empty DSA instance with no
parameters set.
Fixes <https://github.com/ruby/openssl/issues/845>.
5aeed935e5
In OpenSSL 3.4, TS_VERIFY_CTX_set_certs() and TS_VERIFY_CTX_set_store()
are deprecated in favor of the new functions with "set0" in the names.
The new functions have a slightly different behavior. They will free the
previous value automatically. Increment the reference counter of
X509_STORE before setting it to TS_VERIFY_CTX, and do not try to
manually unset it.
We avoided doing this to work around a bug that was present in older
versions of OpenSSL, which has now been fixed in OpenSSL 1.0.2 by commit
bff9ce4db3.
ce37f7d93a
The returned Hash from these methods contain 0 in place of a missing
parameter in the key, for example:
pkey = OpenSSL::PKey.read(OpenSSL::PKey::RSA.new(2048).public_to_pem)
pp pkey.params
#=>
# {"n"=>#<OpenSSL::BN 2869346734[...snip]>,
# "e"=>#<OpenSSL::BN 65537>,
# "d"=>#<OpenSSL::BN 0>,
# "p"=>#<OpenSSL::BN 0>,
# "q"=>#<OpenSSL::BN 0>,
# "dmp1"=>#<OpenSSL::BN 0>,
# "dmq1"=>#<OpenSSL::BN 0>,
# "iqmp"=>#<OpenSSL::BN 0>}
Let's use nil instead, which is more appropriate for indicating a
missing value.
f247ec3dec
Move the definitions to lib/openssl/pkey.rb. They need not to be in the
extension and can be implemented using existing methods.
This reduces direct usage of the now-deprecated OpenSSL APIs around the
low-level structs such as DH, DSA, or RSA.
c14178f387
Commit 3bbf5178a9 made blocking methods on SSLSocket follow the
IO#timeout= value. The commit changed io_wait_readable() to potentially
raise an exception without unlocking the String.
The String is currently locked for the entire duration of a #sysread
method call. This does not seem to be necessary, as SSL_read() does not
require that the same buffer is specified when retrying. Locking the
String during each SSL_read() call should be sufficient.
8f791d73f5
While the struct is currently still public in OpenSSL, there has been
an accessor since OpenSSL 0.9.8h. It would be nice if this accessor
could be used so that the struct can be made opaque at some point in
the future.
812aeab2f5
Drop support for OpenSSL 1.1.0. OpenSSL 1.1.0 was a non-LTS release and
it has reached upstream EOL in 2019-12 along with OpenSSL 1.0.2.
Distributions that shipped with OpenSSL 1.1.0 include:
- Debian 9 (EOL 2022-06)
- Ubuntu 18.04 LTS (EOL 2023-04)
ba83abe920
The dir_config was introduced by Ruby trunk r4181. Since support for
Kerberos cipher suites has been removed in OpenSSL 1.1.0, it is no
longer necessary.
Although ruby/openssl did not directly depend on the MIT Kerberos
library, it was an optional transitive dependency. Unless it was
disabled by a compile-time option, the OpenSSL headers would try to
include <krb5.h>.
78d028c332
Drop support for OpenSSL 1.0.2. It has reached upstream EOL in 2019-12.
Most distributions that shipped with OpenSSL 1.0.2 have also reached
EOL, or provide a newer version in the package repository:
- RHEL 7 (EOL 2024-06)
- Ubuntu 16.04 LTS (EOL 2021-04)
- Amazon Linux 2 (EOL 2026-06, but OpenSSL 1.1.1 can be installed via
the openssl11{,-devel} package)
38ec6fd50e
[Bug #20972]
The `rb_str_new_freeze` was added in https://github.com/ruby/openssl/issues/452
to better handle concurrent use of a Socket, but SSL sockets can't be used
concurrently AFAIK, so we might as well just error cleanly.
By using `rb_str_locktmp` we can ensure attempts at concurrent write
will raise an error, be we avoid causing a copy of the bytes.
We also use the newer `String#append_as_bytes` method when available
to save on some more copies.
0d8c17aa85
Co-Authored-By: luke.gru@gmail.com
OpenSSL::Digest#finish overrides Digest::Instance#finish and is called
from the Digest::Class framework in the digest library. This method is
not supposed to take any arguments, as suggested by the RDoc comment for
Digest::Instance#finish.
It is a private method and not exposed to users. Let's remove it.
This optional parameter exists since r15602 in Ruby trunk, the commit
which converted OpenSSL::Digest to a subclass of Digest::Class.
dcb2a4f30b
OpenSSL::Cipher#update accepts a String as the second argument to be
used as the output buffer. The buffer must be directly writable, in
other words, it must not be frozen and not a shared string.
rb_str_resize() does not make the String independent if the String
already has the intended length. Use the rb_str_modify() family instead
to check it.
Fixes: https://bugs.ruby-lang.org/issues/209371de3b80a46
Add a binding for PKCS12_set_mac() to set MAC parameters and
(re-)calculate MAC for the content.
This allows generating PKCS #12 with consistent MAC parameters with
different OpenSSL versions. OpenSSL 3.0 changed the default hash
function used for HMAC and the KDF from SHA-1 to SHA-256.
Fixes: https://github.com/ruby/openssl/issues/772f5ed2a74b6
Apply SSL options set in DEFAULT_PARAMS without clearing existing
options.
It currently clears options in order to avoid setting one of the
options included in OpenSSL::SSL::OP_ALL unless explicitly specified,
namely OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. Now that
OpenSSL::SSL::OP_ALL has been removed from SSLContext#initialize, it is
no longer necessary.
77c3db2d65
Respect the SSL options set by default by SSL_CTX() and by the
system-wide OpenSSL configuration file.
OpenSSL::SSL::SSLContext#initialize currently adds OpenSSL::SSL::OP_ALL
on top of the default SSL options. Let's stop doing it.
OpenSSL::SSL::OP_ALL is a set of options that changes OpenSSL's behavior
to workaround various TLS implementation bugs. Using it is considered
usually safe, but is not completely harmless.
00bec0d905
get_asn1obj() is used by several methods in OpenSSL::Timestamp to get
the string representation of an OID. On an error, such as memory
allocation failure, it can raise OpenSSL::X509::AttributeError. It
should be OpenSSL::Timestamp::TimestampError instead.
a424aad1df
Internals of OpenSSL::PKCS7 should be kept within ossl_pkcs7.c.
Add a new ossl_pkcs7_new() function for duplicating and wrapping an
OpenSSL PKCS7 object in OpenSSL::PKCS7. This follows the convention
used by other ossl_*_new() functions.
b5f79f771e
Follow-up commit 0789643d73 (openssl: clear OpenSSL error
queue before return to Ruby, 2016-05-18). It should raise
OpenSSL::X509::StoreError instead of OpenSSL::X509::CertificateError.
0201f23ad6
It should raise OpenSSL::Netscape::SPKIError instead of
OpenSSL::X509::CertificateError.
No test cases covered this because it only occurs in exceptional
cases, such as memory allocation failure.
527b6101d1
Fix a copy-and-paste error introduced in commit 74f6c61756 (pkey:
allocate EVP_PKEY on #initialize, 2021-04-12).
It should raise OpenSSL::PKey::ECError instead of
OpenSSL::PKey::DSAError.
b1f6a04abf
Check the ID_callback_state ivar after SSL_read() or SSL_write()
returns, similar to what ossl_start_ssl() does.
Previously, callbacks that can raise a Ruby exception were only called
from ossl_start_ssl(). This has changed in OpenSSL 1.1.1. Particularly,
the session_new_cb will be called whenever a client receives a
NewSessionTicket message, which can happen at any time during a TLS 1.3
connection.
aac9ce1304
ssl_servername_cb() is a callback function called from OpenSSL and Ruby
exceptions must not be raised from it. Allocate the Array within
rb_protect().
3a2bf74d35
Allow requests to be signed using Ed25519 private keys by passing a nil digest.
This is similar to commit b0fc100091 when signing certs.
Calling PKey#public_key is deprecated and does not work for Ed25519. The same
can be accomplished by passing the private key.
d96090320d
Compare by the dotted decimal notation rather than the NID.
OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.
The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.
Fixes: https://github.com/ruby/openssl/issues/791
