From 46fcbdb251593f5f49dc89a9958e6dd6371799a9 Mon Sep 17 00:00:00 2001
From: adfoster-r7 <alandavid_foster@rapid7.com>
Date: Tue, 19 Jul 2022 17:24:53 +0100
Subject: [PATCH 1/2] Run Ubuntu 22.04 in test matrix

---
 .github/workflows/verify.yml | 31 +++++++++++++++++++++++++++----
 README.md                    |  1 -
 lib/ruby_smb/signing.rb      |  8 +++++---
 spec/spec_helper.rb          | 14 ++++++--------
 spec/support/openssl.conf    | 14 ++++++++++++++
 5 files changed, 52 insertions(+), 16 deletions(-)
 create mode 100644 spec/support/openssl.conf

diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
index e84878891..f1f634d2c 100644
--- a/.github/workflows/verify.yml
+++ b/.github/workflows/verify.yml
@@ -1,5 +1,21 @@
 name: Verify
 
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  actions: none
+  checks: none
+  contents: none
+  deployments: none
+  id-token: none
+  issues: none
+  discussions: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
 on:
   push:
     branches:
@@ -10,7 +26,7 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-18.04
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 40
 
     strategy:
@@ -19,15 +35,22 @@ jobs:
         ruby:
           - 2.6
           - 2.7
-          - 3.0.3
-          - 3.1.1
+          - 3.0
+          - 3.1
+        os:
+          - ubuntu-18.04
+          - ubuntu-22.04
+        exclude:
+          - { os: ubuntu-22.04, ruby: 2.6 }
+          - { os: ubuntu-22.04, ruby: 2.7 }
+          - { os: ubuntu-22.04, ruby: 3.0 }
         test_cmd:
           - bundle exec rspec
 
     env:
       RAILS_ENV: test
 
-    name: Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
diff --git a/README.md b/README.md
index b5f76c364..c0e40a7c4 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,6 @@
 # RubySMB
 
 [![Code Climate](https://codeclimate.com/github/rapid7/ruby_smb.png)](https://codeclimate.com/github/rapid7/ruby_smb)
-[![Coverage Status](https://coveralls.io/repos/github/rapid7/ruby_smb/badge.svg?branch=master)](https://coveralls.io/github/rapid7/ruby_smb?branch=master)
 
 This is a native Ruby implementation of the SMB Protocol Family. It currently supports:
 
diff --git a/lib/ruby_smb/signing.rb b/lib/ruby_smb/signing.rb
index 9c0d737b0..b46a8a302 100644
--- a/lib/ruby_smb/signing.rb
+++ b/lib/ruby_smb/signing.rb
@@ -12,8 +12,8 @@ module Signing
     # @param [RubySMB::GenericPacket] packet The packet to sign.
     # @return [RubySMB::GenericPacket] the signed packet
     def smb1_sign(packet)
-      packet = Signing::smb1_sign(packet, @session_key, @sequence_counter)
-      @sequence_counter += 1
+      packet = Signing::smb1_sign(packet, session_key, sequence_counter)
+      self.sequence_counter += 1
 
       packet
     end
@@ -41,7 +41,7 @@ def self.smb1_sign(packet, session_key, sequence_counter)
     # @param [RubySMB::GenericPacket] packet The packet to sign.
     # @return [RubySMB::GenericPacket] the signed packet
     def smb2_sign(packet)
-      Signing::smb2_sign(packet, @session_key)
+      Signing::smb2_sign(packet, session_key)
     end
 
     # Take an SMB2 packet and sign it. This version is a module function that
@@ -51,6 +51,8 @@ def smb2_sign(packet)
     # @param [String] session_key The key to use for signing.
     # @return [RubySMB::GenericPacket] the signed packet
     def self.smb2_sign(packet, session_key)
+      return packet if session_key.nil? || session_key == ''
+
       packet.smb2_header.flags.signed = 1
       packet.smb2_header.signature = "\x00" * 16
       hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), session_key, packet.to_binary_s)
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 8bc4bd002..d47b79e83 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,18 +1,16 @@
+# Enable legacy providers
+ENV['OPENSSL_CONF'] = File.expand_path(
+  File.join(File.dirname(__FILE__), 'support', 'openssl.conf')
+)
+
 require 'simplecov'
 
 SimpleCov.start unless SimpleCov.running
 SimpleCov.add_filter '/spec/'
 
-require 'coveralls'
 require 'ruby_smb'
 
-if ENV['CI'] == 'true'
-  # don't generate local report as it is inaccessible on travis-ci, which is
-  # why coveralls is being used.
-  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
-else
-  SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter
-end
+SimpleCov.formatter = SimpleCov::Formatter::HTMLFormatter
 
 Dir['./spec/support/**/*.rb'].sort.each { |f| require f }
 
diff --git a/spec/support/openssl.conf b/spec/support/openssl.conf
new file mode 100644
index 000000000..adfa225f6
--- /dev/null
+++ b/spec/support/openssl.conf
@@ -0,0 +1,14 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1

From 9e2be81b87f1cf93ac40f4c9b4cf7030abc6458e Mon Sep 17 00:00:00 2001
From: adfoster-r7 <alandavid_foster@rapid7.com>
Date: Tue, 2 Aug 2022 20:42:09 +0100
Subject: [PATCH 2/2] Continue signing as before; Potentially the previous
 logic was required for Samba servers

---
 lib/ruby_smb/signing.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/ruby_smb/signing.rb b/lib/ruby_smb/signing.rb
index b46a8a302..176d1b2d3 100644
--- a/lib/ruby_smb/signing.rb
+++ b/lib/ruby_smb/signing.rb
@@ -12,8 +12,8 @@ module Signing
     # @param [RubySMB::GenericPacket] packet The packet to sign.
     # @return [RubySMB::GenericPacket] the signed packet
     def smb1_sign(packet)
-      packet = Signing::smb1_sign(packet, session_key, sequence_counter)
-      self.sequence_counter += 1
+      packet = Signing::smb1_sign(packet, @session_key, @sequence_counter)
+      @sequence_counter += 1
 
       packet
     end
@@ -41,7 +41,7 @@ def self.smb1_sign(packet, session_key, sequence_counter)
     # @param [RubySMB::GenericPacket] packet The packet to sign.
     # @return [RubySMB::GenericPacket] the signed packet
     def smb2_sign(packet)
-      Signing::smb2_sign(packet, session_key)
+      Signing::smb2_sign(packet, @session_key)
     end
 
     # Take an SMB2 packet and sign it. This version is a module function that
@@ -51,10 +51,10 @@ def smb2_sign(packet)
     # @param [String] session_key The key to use for signing.
     # @return [RubySMB::GenericPacket] the signed packet
     def self.smb2_sign(packet, session_key)
-      return packet if session_key.nil? || session_key == ''
-
       packet.smb2_header.flags.signed = 1
       packet.smb2_header.signature = "\x00" * 16
+      # OpenSSL 3 raises exceptions if the session key is an empty string
+      session_key = session_key == '' ? ("\x00" * 16).b : session_key
       hmac = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), session_key, packet.to_binary_s)
       packet.smb2_header.signature = hmac[0, 16]