1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

[ruby/openssl] digest, hmac, ts, x509: use IO.binread in examples where appropriate

IO.read may mangle line separator, which will corrupt binary data
including DER-encoded X.509 certificates and such.

Fixes: https://github.com/ruby/openssl/issues/243

https://github.com/ruby/openssl/commit/93213b2730
This commit is contained in:
Kazuki Yamaguchi 2020-05-13 18:15:08 +09:00
parent 9d3ffe09c4
commit 15863069c9
Notes: git 2021-03-16 20:38:50 +09:00
4 changed files with 18 additions and 18 deletions

View file

@ -372,15 +372,15 @@ Init_ossl_digest(void)
* *
* === Hashing a file * === Hashing a file
* *
* data = File.read('document') * data = File.binread('document')
* sha256 = OpenSSL::Digest.new('SHA256') * sha256 = OpenSSL::Digest.new('SHA256')
* digest = sha256.digest(data) * digest = sha256.digest(data)
* *
* === Hashing several pieces of data at once * === Hashing several pieces of data at once
* *
* data1 = File.read('file1') * data1 = File.binread('file1')
* data2 = File.read('file2') * data2 = File.binread('file2')
* data3 = File.read('file3') * data3 = File.binread('file3')
* sha256 = OpenSSL::Digest.new('SHA256') * sha256 = OpenSSL::Digest.new('SHA256')
* sha256 << data1 * sha256 << data1
* sha256 << data2 * sha256 << data2
@ -389,11 +389,11 @@ Init_ossl_digest(void)
* *
* === Reuse a Digest instance * === Reuse a Digest instance
* *
* data1 = File.read('file1') * data1 = File.binread('file1')
* sha256 = OpenSSL::Digest.new('SHA256') * sha256 = OpenSSL::Digest.new('SHA256')
* digest1 = sha256.digest(data1) * digest1 = sha256.digest(data1)
* *
* data2 = File.read('file2') * data2 = File.binread('file2')
* sha256.reset * sha256.reset
* digest2 = sha256.digest(data2) * digest2 = sha256.digest(data2)
* *

View file

@ -350,8 +350,8 @@ Init_ossl_hmac(void)
* *
* === HMAC-SHA256 using incremental interface * === HMAC-SHA256 using incremental interface
* *
* data1 = File.read("file1") * data1 = File.binread("file1")
* data2 = File.read("file2") * data2 = File.binread("file2")
* key = "key" * key = "key"
* digest = OpenSSL::Digest.new('SHA256') * digest = OpenSSL::Digest.new('SHA256')
* hmac = OpenSSL::HMAC.new(key, digest) * hmac = OpenSSL::HMAC.new(key, digest)

View file

@ -1280,7 +1280,7 @@ Init_ossl_ts(void)
* ===Create a Response: * ===Create a Response:
* #Assumes ts.p12 is a PKCS#12-compatible file with a private key * #Assumes ts.p12 is a PKCS#12-compatible file with a private key
* #and a certificate that has an extended key usage of 'timeStamping' * #and a certificate that has an extended key usage of 'timeStamping'
* p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd') * p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
* md = OpenSSL::Digest.new('SHA1') * md = OpenSSL::Digest.new('SHA1')
* hash = md.digest(data) #some binary data to be timestamped * hash = md.digest(data) #some binary data to be timestamped
* req = OpenSSL::Timestamp::Request.new * req = OpenSSL::Timestamp::Request.new
@ -1295,16 +1295,16 @@ Init_ossl_ts(void)
* *
* ===Verify a timestamp response: * ===Verify a timestamp response:
* #Assume we have a timestamp token in a file called ts.der * #Assume we have a timestamp token in a file called ts.der
* ts = OpenSSL::Timestamp::Response.new(File.open('ts.der', 'rb') * ts = OpenSSL::Timestamp::Response.new(File.binread('ts.der'))
* #Assume we have the Request for this token in a file called req.der * #Assume we have the Request for this token in a file called req.der
* req = OpenSSL::Timestamp::Request.new(File.open('req.der', 'rb') * req = OpenSSL::Timestamp::Request.new(File.binread('req.der'))
* # Assume the associated root CA certificate is contained in a * # Assume the associated root CA certificate is contained in a
* # DER-encoded file named root.cer * # DER-encoded file named root.cer
* root = OpenSSL::X509::Certificate.new(File.open('root.cer', 'rb') * root = OpenSSL::X509::Certificate.new(File.binread('root.cer'))
* # get the necessary intermediate certificates, available in * # get the necessary intermediate certificates, available in
* # DER-encoded form in inter1.cer and inter2.cer * # DER-encoded form in inter1.cer and inter2.cer
* inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb') * inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
* inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb') * inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
* ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails * ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails
* *
*/ */
@ -1437,9 +1437,9 @@ Init_ossl_ts(void)
* timestamping certificate. * timestamping certificate.
* *
* req = OpenSSL::Timestamp::Request.new(raw_bytes) * req = OpenSSL::Timestamp::Request.new(raw_bytes)
* p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd') * p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
* inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb') * inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
* inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb') * inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
* fac = OpenSSL::Timestamp::Factory.new * fac = OpenSSL::Timestamp::Factory.new
* fac.gen_time = Time.now * fac.gen_time = Time.now
* fac.serial_number = 1 * fac.serial_number = 1

View file

@ -730,7 +730,7 @@ Init_ossl_x509cert(void)
* Certificate is capable of handling DER-encoded certificates and * Certificate is capable of handling DER-encoded certificates and
* certificates encoded in OpenSSL's PEM format. * certificates encoded in OpenSSL's PEM format.
* *
* raw = File.read "cert.cer" # DER- or PEM-encoded * raw = File.binread "cert.cer" # DER- or PEM-encoded
* certificate = OpenSSL::X509::Certificate.new raw * certificate = OpenSSL::X509::Certificate.new raw
* *
* === Saving a certificate to a file * === Saving a certificate to a file