mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* ext/openssl/ossl.c
ext/openssl/ossl_pkey_rsa.c ext/openssl/ossl_pkey_dsa.c ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less than four characters long, as OpenSSL itself does not allow this. Issue found by Eric Hodel. * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, following the PKey interface contract. * test/openssl/test_pkey_dsa.rb test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_ec.rb: Add tests that assert correct behaviour when dealing with passwords that are less than four characters long. [ruby-core: 42281][ruby-trunk - Bug #5951] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
8fcdb757a5
commit
5bd7899b98
8 changed files with 66 additions and 7 deletions
17
ChangeLog
17
ChangeLog
|
@ -1,3 +1,20 @@
|
|||
Sun Jun 10 10:21:37 2012 Martin Bosslet <Martin.Bosslet@googlemail.com>
|
||||
|
||||
* ext/openssl/ossl.c
|
||||
ext/openssl/ossl_pkey_rsa.c
|
||||
ext/openssl/ossl_pkey_dsa.c
|
||||
ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less
|
||||
than four characters long, as OpenSSL itself does not allow this.
|
||||
Issue found by Eric Hodel.
|
||||
* ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem,
|
||||
following the PKey interface contract.
|
||||
* test/openssl/test_pkey_dsa.rb
|
||||
test/openssl/test_pkey_rsa.rb
|
||||
test/openssl/test_pkey_ec.rb: Add tests that assert correct
|
||||
behaviour when dealing with passwords that are less than four
|
||||
characters long.
|
||||
[ruby-core: 42281][ruby-trunk - Bug #5951]
|
||||
|
||||
Sun Jun 10 10:14:26 2012 Tanaka Akira <akr@fsij.org>
|
||||
|
||||
* process.c (rb_f_exec): use rb_exec_arg_prepare.
|
||||
|
|
|
@ -74,6 +74,11 @@ extern "C" {
|
|||
# include <openssl/ocsp.h>
|
||||
#endif
|
||||
|
||||
/* OpenSSL requires passwords for PEM-encoded files to be at least four
|
||||
* characters long
|
||||
*/
|
||||
#define OSSL_MIN_PWD_LEN 4
|
||||
|
||||
/*
|
||||
* Common Module
|
||||
*/
|
||||
|
|
|
@ -318,7 +318,10 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self)
|
|||
if (!NIL_P(cipher)) {
|
||||
ciph = GetCipherPtr(cipher);
|
||||
if (!NIL_P(pass)) {
|
||||
passwd = StringValuePtr(pass);
|
||||
StringValue(pass);
|
||||
if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
|
||||
ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
|
||||
passwd = RSTRING_PTR(pass);
|
||||
}
|
||||
}
|
||||
if (!(out = BIO_new(BIO_s_mem()))) {
|
||||
|
|
|
@ -493,7 +493,10 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
|
|||
if (!NIL_P(ciph)) {
|
||||
cipher = GetCipherPtr(ciph);
|
||||
if (!NIL_P(pass)) {
|
||||
password = StringValuePtr(pass);
|
||||
StringValue(pass);
|
||||
if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
|
||||
ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
|
||||
password = RSTRING_PTR(pass);
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
@ -530,8 +533,8 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
|
|||
|
||||
/*
|
||||
* call-seq:
|
||||
* key.to_pem => String
|
||||
* key.to_pem(cipher, pass_phrase) => String
|
||||
* key.export => String
|
||||
* key.export(cipher, pass_phrase) => String
|
||||
*
|
||||
* Outputs the EC key in PEM encoding. If +cipher+ and +pass_phrase+ are
|
||||
* given they will be used to encrypt the key. +cipher+ must be an
|
||||
|
@ -540,7 +543,7 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
|
|||
* text.
|
||||
*
|
||||
*/
|
||||
static VALUE ossl_ec_key_to_pem(int argc, VALUE *argv, VALUE self)
|
||||
static VALUE ossl_ec_key_export(int argc, VALUE *argv, VALUE self)
|
||||
{
|
||||
VALUE cipher, passwd;
|
||||
rb_scan_args(argc, argv, "02", &cipher, &passwd);
|
||||
|
@ -1533,7 +1536,8 @@ void Init_ossl_ec()
|
|||
rb_define_method(cEC, "dsa_verify_asn1", ossl_ec_key_dsa_verify_asn1, 2);
|
||||
/* do_sign/do_verify */
|
||||
|
||||
rb_define_method(cEC, "to_pem", ossl_ec_key_to_pem, -1);
|
||||
rb_define_method(cEC, "export", ossl_ec_key_export, -1);
|
||||
rb_define_alias(cEC, "to_pem", "export");
|
||||
rb_define_method(cEC, "to_der", ossl_ec_key_to_der, 0);
|
||||
rb_define_method(cEC, "to_text", ossl_ec_key_to_text, 0);
|
||||
|
||||
|
|
|
@ -314,7 +314,10 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self)
|
|||
if (!NIL_P(cipher)) {
|
||||
ciph = GetCipherPtr(cipher);
|
||||
if (!NIL_P(pass)) {
|
||||
passwd = StringValuePtr(pass);
|
||||
StringValue(pass);
|
||||
if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN)
|
||||
ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long");
|
||||
passwd = RSTRING_PTR(pass);
|
||||
}
|
||||
}
|
||||
if (!(out = BIO_new(BIO_s_mem()))) {
|
||||
|
|
|
@ -218,6 +218,15 @@ YNMbNw==
|
|||
assert_equal([], OpenSSL.errors)
|
||||
end
|
||||
|
||||
def test_export_password_length
|
||||
key = OpenSSL::TestUtils::TEST_KEY_DSA256
|
||||
assert_raise(OpenSSL::OpenSSLError) do
|
||||
key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec')
|
||||
end
|
||||
pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr')
|
||||
assert(pem)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def check_sign_verify(digest)
|
||||
|
|
|
@ -175,6 +175,15 @@ class OpenSSL::TestEC < Test::Unit::TestCase
|
|||
assert_equal([], OpenSSL.errors)
|
||||
end
|
||||
|
||||
def test_export_password_length
|
||||
key = OpenSSL::TestUtils::TEST_KEY_EC_P256V1
|
||||
assert_raise(OpenSSL::OpenSSLError) do
|
||||
key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec')
|
||||
end
|
||||
pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr')
|
||||
assert(pem)
|
||||
end
|
||||
|
||||
# test Group: asn1_flag, point_conversion
|
||||
|
||||
end
|
||||
|
|
|
@ -244,6 +244,15 @@ AwEAAQ==
|
|||
assert_equal([], OpenSSL.errors)
|
||||
end
|
||||
|
||||
def test_export_password_length
|
||||
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||||
assert_raise(OpenSSL::OpenSSLError) do
|
||||
key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec')
|
||||
end
|
||||
pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr')
|
||||
assert(pem)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def check_PUBKEY(asn1, key)
|
||||
|
|
Loading…
Reference in a new issue