From 15863069c90b1253021981b23d31f154d79f8fe6 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 13 May 2020 18:15:08 +0900 Subject: [PATCH] [ruby/openssl] digest, hmac, ts, x509: use IO.binread in examples where appropriate IO.read may mangle line separator, which will corrupt binary data including DER-encoded X.509 certificates and such. Fixes: https://github.com/ruby/openssl/issues/243 https://github.com/ruby/openssl/commit/93213b2730 --- ext/openssl/ossl_digest.c | 12 ++++++------ ext/openssl/ossl_hmac.c | 4 ++-- ext/openssl/ossl_ts.c | 18 +++++++++--------- ext/openssl/ossl_x509cert.c | 2 +- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index e2157cb02f..d327f718e2 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -372,15 +372,15 @@ Init_ossl_digest(void) * * === Hashing a file * - * data = File.read('document') + * data = File.binread('document') * sha256 = OpenSSL::Digest.new('SHA256') * digest = sha256.digest(data) * * === Hashing several pieces of data at once * - * data1 = File.read('file1') - * data2 = File.read('file2') - * data3 = File.read('file3') + * data1 = File.binread('file1') + * data2 = File.binread('file2') + * data3 = File.binread('file3') * sha256 = OpenSSL::Digest.new('SHA256') * sha256 << data1 * sha256 << data2 @@ -389,11 +389,11 @@ Init_ossl_digest(void) * * === Reuse a Digest instance * - * data1 = File.read('file1') + * data1 = File.binread('file1') * sha256 = OpenSSL::Digest.new('SHA256') * digest1 = sha256.digest(data1) * - * data2 = File.read('file2') + * data2 = File.binread('file2') * sha256.reset * digest2 = sha256.digest(data2) * diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index e831cff519..70e9fb8193 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -350,8 +350,8 @@ Init_ossl_hmac(void) * * === HMAC-SHA256 using incremental interface * - * data1 = File.read("file1") - * data2 = File.read("file2") + * data1 = File.binread("file1") + * data2 = File.binread("file2") * key = "key" * digest = OpenSSL::Digest.new('SHA256') * hmac = OpenSSL::HMAC.new(key, digest) diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c index d3209c3d40..752c61cf8c 100644 --- a/ext/openssl/ossl_ts.c +++ b/ext/openssl/ossl_ts.c @@ -1280,7 +1280,7 @@ Init_ossl_ts(void) * ===Create a Response: * #Assumes ts.p12 is a PKCS#12-compatible file with a private key * #and a certificate that has an extended key usage of 'timeStamping' - * p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd') + * p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd') * md = OpenSSL::Digest.new('SHA1') * hash = md.digest(data) #some binary data to be timestamped * req = OpenSSL::Timestamp::Request.new @@ -1295,16 +1295,16 @@ Init_ossl_ts(void) * * ===Verify a timestamp response: * #Assume we have a timestamp token in a file called ts.der - * ts = OpenSSL::Timestamp::Response.new(File.open('ts.der', 'rb') + * ts = OpenSSL::Timestamp::Response.new(File.binread('ts.der')) * #Assume we have the Request for this token in a file called req.der - * req = OpenSSL::Timestamp::Request.new(File.open('req.der', 'rb') + * req = OpenSSL::Timestamp::Request.new(File.binread('req.der')) * # Assume the associated root CA certificate is contained in a * # DER-encoded file named root.cer - * root = OpenSSL::X509::Certificate.new(File.open('root.cer', 'rb') + * root = OpenSSL::X509::Certificate.new(File.binread('root.cer')) * # get the necessary intermediate certificates, available in * # DER-encoded form in inter1.cer and inter2.cer - * inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb') - * inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb') + * inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer')) + * inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer')) * ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails * */ @@ -1437,9 +1437,9 @@ Init_ossl_ts(void) * timestamping certificate. * * req = OpenSSL::Timestamp::Request.new(raw_bytes) - * p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd') - * inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb') - * inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb') + * p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd') + * inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer')) + * inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer')) * fac = OpenSSL::Timestamp::Factory.new * fac.gen_time = Time.now * fac.serial_number = 1 diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index e3766b1b16..5376bff08d 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -730,7 +730,7 @@ Init_ossl_x509cert(void) * Certificate is capable of handling DER-encoded certificates and * certificates encoded in OpenSSL's PEM format. * - * raw = File.read "cert.cer" # DER- or PEM-encoded + * raw = File.binread "cert.cer" # DER- or PEM-encoded * certificate = OpenSSL::X509::Certificate.new raw * * === Saving a certificate to a file