1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

openssl: import v2.0.1

Import Ruby/OpenSSL 2.0.1. The full commit history since 2.0.0 (imported
at r56946) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.0...v2.0.1

This release contains only bug fixes. Note, the first two commits since
v2.0.0 are already imported at r56953 to make Travis and RubyCI green.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57041 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
rhe 2016-12-10 08:12:02 +00:00
parent 8e1293730e
commit 0c83666c6c
25 changed files with 81 additions and 78 deletions

View file

@ -1,15 +1,15 @@
# -*- encoding: utf-8 -*- # -*- encoding: utf-8 -*-
# stub: openssl 2.0.0 ruby lib # stub: openssl 2.0.1 ruby lib
# stub: ext/openssl/extconf.rb # stub: ext/openssl/extconf.rb
Gem::Specification.new do |s| Gem::Specification.new do |s|
s.name = "openssl".freeze s.name = "openssl".freeze
s.version = "2.0.0" s.version = "2.0.1"
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib".freeze] s.require_paths = ["lib".freeze]
s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
s.date = "2016-11-30" s.date = "2016-12-10"
s.description = "It wraps the OpenSSL library.".freeze s.description = "It wraps the OpenSSL library.".freeze
s.email = ["ruby-core@ruby-lang.org".freeze] s.email = ["ruby-core@ruby-lang.org".freeze]
s.extensions = ["ext/openssl/extconf.rb".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze]

View file

@ -47,9 +47,15 @@ asn1time_to_time(const ASN1_TIME *time)
} }
break; break;
case V_ASN1_GENERALIZEDTIME: case V_ASN1_GENERALIZEDTIME:
if (sscanf((const char *)time->data, "%4d%2d%2d%2d%2d%2dZ", &tm.tm_year, &tm.tm_mon, count = sscanf((const char *)time->data, "%4d%2d%2d%2d%2d%2dZ",
&tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) { &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min,
ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format" ); &tm.tm_sec);
if (count == 5) {
tm.tm_sec = 0;
}
else if (count != 6) {
ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format: \"%s\"",
time->data);
} }
break; break;
default: default:

View file

@ -120,30 +120,34 @@ integer_to_bnptr(VALUE obj, BIGNUM *orig)
return bn; return bn;
} }
static BIGNUM * static VALUE
try_convert_to_bnptr(VALUE obj) try_convert_to_bn(VALUE obj)
{ {
BIGNUM *bn = NULL; BIGNUM *bn;
VALUE newobj; VALUE newobj = Qnil;
if (rb_obj_is_kind_of(obj, cBN)) { if (rb_obj_is_kind_of(obj, cBN))
GetBN(obj, bn); return obj;
} if (RB_INTEGER_TYPE_P(obj)) {
else if (RB_INTEGER_TYPE_P(obj)) {
newobj = NewBN(cBN); /* Handle potencial mem leaks */ newobj = NewBN(cBN); /* Handle potencial mem leaks */
bn = integer_to_bnptr(obj, NULL); bn = integer_to_bnptr(obj, NULL);
SetBN(newobj, bn); SetBN(newobj, bn);
} }
return bn; return newobj;
} }
BIGNUM * BIGNUM *
GetBNPtr(VALUE obj) ossl_bn_value_ptr(volatile VALUE *ptr)
{ {
BIGNUM *bn = try_convert_to_bnptr(obj); VALUE tmp;
if (!bn) BIGNUM *bn;
tmp = try_convert_to_bn(*ptr);
if (NIL_P(tmp))
ossl_raise(rb_eTypeError, "Cannot convert into OpenSSL::BN"); ossl_raise(rb_eTypeError, "Cannot convert into OpenSSL::BN");
GetBN(tmp, bn);
*ptr = tmp;
return bn; return bn;
} }
@ -893,10 +897,12 @@ ossl_bn_eq(VALUE self, VALUE other)
BIGNUM *bn1, *bn2; BIGNUM *bn1, *bn2;
GetBN(self, bn1); GetBN(self, bn1);
/* BNPtr may raise, so we can't use here */ other = try_convert_to_bn(other);
bn2 = try_convert_to_bnptr(other); if (NIL_P(other))
return Qfalse;
GetBN(other, bn2);
if (bn2 && !BN_cmp(bn1, bn2)) { if (!BN_cmp(bn1, bn2)) {
return Qtrue; return Qtrue;
} }
return Qfalse; return Qfalse;

View file

@ -15,8 +15,10 @@ extern VALUE eBNError;
extern BN_CTX *ossl_bn_ctx; extern BN_CTX *ossl_bn_ctx;
#define GetBNPtr(obj) ossl_bn_value_ptr(&(obj))
VALUE ossl_bn_new(const BIGNUM *); VALUE ossl_bn_new(const BIGNUM *);
BIGNUM *GetBNPtr(VALUE); BIGNUM *ossl_bn_value_ptr(volatile VALUE *);
void Init_ossl_bn(void); void Init_ossl_bn(void);

View file

@ -287,7 +287,7 @@ ossl_engine_finish(VALUE self)
* This returns an OpenSSL::Cipher by +name+, if it is available in this * This returns an OpenSSL::Cipher by +name+, if it is available in this
* engine. * engine.
* *
* A EngineError will be raised if the cipher is unavailable. * An EngineError will be raised if the cipher is unavailable.
* *
* e = OpenSSL::Engine.by_id("openssl") * e = OpenSSL::Engine.by_id("openssl")
* => #<OpenSSL::Engine id="openssl" name="Software engine support"> * => #<OpenSSL::Engine id="openssl" name="Software engine support">

View file

@ -1635,7 +1635,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
* points | self | arg2[0] | arg2[1] | ... * points | self | arg2[0] | arg2[1] | ...
*/ */
long i, num; long i, num;
VALUE tmp_p, tmp_b; VALUE bns_tmp, tmp_p, tmp_b;
const EC_POINT **points; const EC_POINT **points;
const BIGNUM **bignums; const BIGNUM **bignums;
@ -1645,9 +1645,13 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
ossl_raise(rb_eArgError, "bns must be 1 longer than points; see the documentation"); ossl_raise(rb_eArgError, "bns must be 1 longer than points; see the documentation");
num = RARRAY_LEN(arg1); num = RARRAY_LEN(arg1);
bns_tmp = rb_ary_tmp_new(num);
bignums = ALLOCV_N(const BIGNUM *, tmp_b, num); bignums = ALLOCV_N(const BIGNUM *, tmp_b, num);
for (i = 0; i < num; i++) for (i = 0; i < num; i++) {
bignums[i] = GetBNPtr(RARRAY_AREF(arg1, i)); VALUE item = RARRAY_AREF(arg1, i);
bignums[i] = GetBNPtr(item);
rb_ary_push(bns_tmp, item);
}
points = ALLOCV_N(const EC_POINT *, tmp_p, num); points = ALLOCV_N(const EC_POINT *, tmp_p, num);
points[0] = point_self; /* self */ points[0] = point_self; /* self */

View file

@ -32,7 +32,8 @@ VALUE cSSLSocket;
static VALUE eSSLErrorWaitReadable; static VALUE eSSLErrorWaitReadable;
static VALUE eSSLErrorWaitWritable; static VALUE eSSLErrorWaitWritable;
static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback; static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback,
id_npn_protocols_encoded;
static VALUE sym_exception, sym_wait_readable, sym_wait_writable; static VALUE sym_exception, sym_wait_readable, sym_wait_writable;
static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode, static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode,
@ -892,6 +893,7 @@ ossl_sslctx_setup(VALUE self)
val = rb_attr_get(self, id_i_npn_protocols); val = rb_attr_get(self, id_i_npn_protocols);
if (!NIL_P(val)) { if (!NIL_P(val)) {
VALUE encoded = ssl_encode_npn_protocols(val); VALUE encoded = ssl_encode_npn_protocols(val);
rb_ivar_set(self, id_npn_protocols_encoded, encoded);
SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)encoded); SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)encoded);
OSSL_Debug("SSL NPN advertise callback added"); OSSL_Debug("SSL NPN advertise callback added");
} }
@ -2712,6 +2714,7 @@ Init_ossl_ssl(void)
id_tmp_dh_callback = rb_intern("tmp_dh_callback"); id_tmp_dh_callback = rb_intern("tmp_dh_callback");
id_tmp_ecdh_callback = rb_intern("tmp_ecdh_callback"); id_tmp_ecdh_callback = rb_intern("tmp_ecdh_callback");
id_npn_protocols_encoded = rb_intern("npn_protocols_encoded");
#define DefIVarID(name) do \ #define DefIVarID(name) do \
id_i_##name = rb_intern("@"#name); while (0) id_i_##name = rb_intern("@"#name); while (0)

View file

@ -10,6 +10,6 @@
#if !defined(_OSSL_VERSION_H_) #if !defined(_OSSL_VERSION_H_)
#define _OSSL_VERSION_H_ #define _OSSL_VERSION_H_
#define OSSL_VERSION "2.0.0" #define OSSL_VERSION "2.0.1"
#endif /* _OSSL_VERSION_H_ */ #endif /* _OSSL_VERSION_H_ */

View file

@ -275,6 +275,14 @@ rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoombwYBRIUChGCYV0GnJcan2Zm
assert_equal 2 ** 31, OpenSSL::ASN1.decode(encoded).value.to_i assert_equal 2 ** 31, OpenSSL::ASN1.decode(encoded).value.to_i
end end
def test_decode_generalisedtime
expected = Time.at 1481225640
assert_equal expected, OpenSSL::ASN1.decode("\x18\x0D201612081934Z").value
expected += 29
assert_equal expected, OpenSSL::ASN1.decode("\x18\x0F20161208193429Z").value
end
def test_decode_enumerated def test_decode_enumerated
encoded = OpenSSL::ASN1.Enumerated(0).to_der encoded = OpenSSL::ASN1.Enumerated(0).to_der
assert_equal "\x0a\x01\x00".b, encoded assert_equal "\x0a\x01\x00".b, encoded

View file

@ -37,6 +37,7 @@ class OpenSSL::TestBuffering < OpenSSL::TestCase
end end
def setup def setup
super
@io = IO.new @io = IO.new
end end

View file

@ -3,6 +3,7 @@ require_relative 'utils'
class OpenSSL::TestConfig < OpenSSL::TestCase class OpenSSL::TestConfig < OpenSSL::TestCase
def setup def setup
super
file = Tempfile.open("openssl.cnf") file = Tempfile.open("openssl.cnf")
file << <<__EOD__ file << <<__EOD__
HOME = . HOME = .

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestDigest < OpenSSL::TestCase class OpenSSL::TestDigest < OpenSSL::TestCase
def setup def setup
super
@d1 = OpenSSL::Digest.new("MD5") @d1 = OpenSSL::Digest.new("MD5")
@d2 = OpenSSL::Digest::MD5.new @d2 = OpenSSL::Digest::MD5.new
end end

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestNSSPI < OpenSSL::TestCase class OpenSSL::TestNSSPI < OpenSSL::TestCase
def setup def setup
super
# This request data is adopt from the specification of # This request data is adopt from the specification of
# "Netscape Extensions for User Key Generation". # "Netscape Extensions for User Key Generation".
# -- http://wp.netscape.com/eng/security/comm4-keygen.html # -- http://wp.netscape.com/eng/security/comm4-keygen.html

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestOCSP < OpenSSL::TestCase class OpenSSL::TestOCSP < OpenSSL::TestCase
def setup def setup
super
# @ca_cert # @ca_cert
# | # |
# @cert # @cert

View file

@ -295,7 +295,7 @@ module OpenSSL::TestPairM
# fill up a socket so we hit EAGAIN # fill up a socket so we hit EAGAIN
written = String.new written = String.new
n = 0 n = 0
buf = 'a' * 11 buf = 'a' * 4099
case ret = s1.write_nonblock(buf, exception: false) case ret = s1.write_nonblock(buf, exception: false)
when :wait_readable then break when :wait_readable then break
when :wait_writable then break when :wait_writable then break

View file

@ -8,6 +8,7 @@ module OpenSSL
include OpenSSL::TestUtils include OpenSSL::TestUtils
def setup def setup
super
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
ca_exts = [ ca_exts = [
["basicConstraints","CA:TRUE",true], ["basicConstraints","CA:TRUE",true],

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestPKCS7 < OpenSSL::TestCase class OpenSSL::TestPKCS7 < OpenSSL::TestCase
def setup def setup
super
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")

View file

@ -1,49 +0,0 @@
# frozen_string_literal: false
require_relative "utils"
if defined?(OpenSSL::TestUtils)
class OpenSSL::TestPKey < OpenSSL::PKeyTestCase
PKEYS = {
OpenSSL::PKey::RSA => {
key: OpenSSL::TestUtils::TEST_KEY_RSA1024,
digest: OpenSSL::Digest::SHA1,
},
OpenSSL::PKey::DSA => {
key: OpenSSL::TestUtils::TEST_KEY_DSA512,
digest: OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST,
},
}
if defined?(OpenSSL::PKey::EC)
PKEYS[OpenSSL::PKey::EC] = {
key: OpenSSL::TestUtils::TEST_KEY_EC_P256V1,
digest: OpenSSL::Digest::SHA1,
}
end
def test_sign_verify
data = "Sign me!"
invalid_data = "Sign me?"
PKEYS.each do |klass, prop|
key = prop[:key]
pub_key = dup_public(prop[:key])
digest = prop[:digest].new
signature = key.sign(digest, data)
assert_equal(true, pub_key.verify(digest, signature, data))
assert_equal(false, pub_key.verify(digest, signature, invalid_data))
# digest state is irrelevant
digest << "unya"
assert_equal(true, pub_key.verify(digest, signature, data))
assert_equal(false, pub_key.verify(digest, signature, invalid_data))
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000
digest = OpenSSL::Digest::SHA256.new
signature = key.sign(digest, data)
assert_equal(true, pub_key.verify(digest, signature, data))
assert_equal(false, pub_key.verify(digest, signature, invalid_data))
end
end
end
end
end

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestX509Certificate < OpenSSL::TestCase class OpenSSL::TestX509Certificate < OpenSSL::TestCase
def setup def setup
super
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestX509CRL < OpenSSL::TestCase class OpenSSL::TestX509CRL < OpenSSL::TestCase
def setup def setup
super
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestX509Extension < OpenSSL::TestCase class OpenSSL::TestX509Extension < OpenSSL::TestCase
def setup def setup
super
@basic_constraints_value = OpenSSL::ASN1::Sequence([ @basic_constraints_value = OpenSSL::ASN1::Sequence([
OpenSSL::ASN1::Boolean(true), # CA OpenSSL::ASN1::Boolean(true), # CA
OpenSSL::ASN1::Integer(2) # pathlen OpenSSL::ASN1::Integer(2) # pathlen

View file

@ -6,6 +6,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestX509Name < OpenSSL::TestCase class OpenSSL::TestX509Name < OpenSSL::TestCase
def setup def setup
super
@obj_type_tmpl = Hash.new(OpenSSL::ASN1::PRINTABLESTRING) @obj_type_tmpl = Hash.new(OpenSSL::ASN1::PRINTABLESTRING)
@obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE) @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE)
end end

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestX509Request < OpenSSL::TestCase class OpenSSL::TestX509Request < OpenSSL::TestCase
def setup def setup
super
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256

View file

@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils)
class OpenSSL::TestX509Store < OpenSSL::TestCase class OpenSSL::TestX509Store < OpenSSL::TestCase
def setup def setup
super
@rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024
@rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048
@dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256

View file

@ -201,7 +201,16 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
end end
class OpenSSL::TestCase < Test::Unit::TestCase class OpenSSL::TestCase < Test::Unit::TestCase
def setup
if ENV["OSSL_GC_STRESS"] == "1"
GC.stress = true
end
end
def teardown def teardown
if ENV["OSSL_GC_STRESS"] == "1"
GC.stress = false
end
# OpenSSL error stack must be empty # OpenSSL error stack must be empty
assert_equal([], OpenSSL.errors) assert_equal([], OpenSSL.errors)
end end
@ -212,6 +221,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
ITERATIONS = ($0 == __FILE__) ? 100 : 10 ITERATIONS = ($0 == __FILE__) ? 100 : 10
def setup def setup
super
@ca_key = OpenSSL::TestUtils::TEST_KEY_RSA2048 @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA2048
@svr_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 @svr_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
@cli_key = OpenSSL::TestUtils::TEST_KEY_DSA1024 @cli_key = OpenSSL::TestUtils::TEST_KEY_DSA1024