[ruby-cvs:62250] rhe:r55087 (trunk): openssl: improve handling of password for encrypted PEM

rhe at ruby-lang.org rhe at ruby-lang.org
Sat May 21 00:05:25 JST 2016


rhe	2016-05-21 00:05:25 +0900 (Sat, 21 May 2016)

  New Revision: 55087

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55087

  Log:
    openssl: improve handling of password for encrypted PEM
    
    * ext/openssl/ossl.c (ossl_pem_passwd_value): Added. Convert the
      argument to String with StringValue() and validate the length is in
      4..PEM_BUFSIZE. PEM_BUFSIZE is a macro defined in OpenSSL headers.
      (ossl_pem_passwd_cb): When reading/writing encrypted PEM format, we
      used to pass the password to PEM_def_callback() directly but it was
      problematic. It is not NUL character safe. And surprisingly, it
      silently truncates the password to 1024 bytes.  [GH ruby/openssl#51]
    
    * ext/openssl/ossl.h: Add function prototype declaration of newly
      added ossl_pem_passwd_value().
    
    * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_data): Use
      ossl_pem_passwd_value() to validate the password String.
    
    * ext/openssl/ossl_pkey_dsa.c (ossl_dsa_initialize, ossl_dsa_export):
      ditto.
    
    * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize,
      ossl_ec_key_to_string): ditto.
    
    * ext/openssl/ossl_pkey_rsa.c (ossl_rsa_initialize, ossl_rsa_export):
      ditto.
    
    * test/openssl/test_pkey_{dsa,ec,rsa}.rb: test this.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl.c
    trunk/ext/openssl/ossl.h
    trunk/ext/openssl/ossl_pkey.c
    trunk/ext/openssl/ossl_pkey_dsa.c
    trunk/ext/openssl/ossl_pkey_ec.c
    trunk/ext/openssl/ossl_pkey_rsa.c
    trunk/test/openssl/test_pkey_dsa.rb
    trunk/test/openssl/test_pkey_ec.rb
    trunk/test/openssl/test_pkey_rsa.rb


More information about the ruby-cvs mailing list