[ruby/openssl] digest, hmac, ts, x509: use IO.binread in examples where appropriate

IO.read may mangle line separator, which will corrupt binary data including DER-encoded X.509 certificates and such. Fixes: https://github.com/ruby/openssl/issues/243 https://github.com/ruby/openssl/commit/93213b2730
Merged: https://github.com/ruby/ruby/pull/4275
2022-11-09 12:17:21 -05:00 · 2020-05-13 18:15:08 +09:00 · 2020-05-13 18:15:08 +09:00 · 15863069c9 · 2021-03-16 20:38:50 +09:00
commit 15863069c9
parent 9d3ffe09c4
4 changed files with 18 additions and 18 deletions
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@ -372,15 +372,15 @@ Init_ossl_digest(void)
     *
     * === Hashing a file
     *
-     *   data = File.read('document')
+     *   data = File.binread('document')
     *   sha256 = OpenSSL::Digest.new('SHA256')
     *   digest = sha256.digest(data)
     *
     * === Hashing several pieces of data at once
     *
-     *   data1 = File.read('file1')
-     *   data2 = File.read('file2')
-     *   data3 = File.read('file3')
+     *   data1 = File.binread('file1')
+     *   data2 = File.binread('file2')
+     *   data3 = File.binread('file3')
     *   sha256 = OpenSSL::Digest.new('SHA256')
     *   sha256 << data1
     *   sha256 << data2
@ -389,11 +389,11 @@ Init_ossl_digest(void)
     *
     * === Reuse a Digest instance
     *
-     *   data1 = File.read('file1')
+     *   data1 = File.binread('file1')
     *   sha256 = OpenSSL::Digest.new('SHA256')
     *   digest1 = sha256.digest(data1)
     *
-     *   data2 = File.read('file2')
+     *   data2 = File.binread('file2')
     *   sha256.reset
     *   digest2 = sha256.digest(data2)
     *
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@ -350,8 +350,8 @@ Init_ossl_hmac(void)
     *
     * === HMAC-SHA256 using incremental interface
     *
-     *   data1 = File.read("file1")
-     *   data2 = File.read("file2")
+     *   data1 = File.binread("file1")
+     *   data2 = File.binread("file2")
     *   key = "key"
     *   digest = OpenSSL::Digest.new('SHA256')
     *   hmac = OpenSSL::HMAC.new(key, digest)
--- a/ext/openssl/ossl_ts.c
+++ b/ext/openssl/ossl_ts.c
@ -1280,7 +1280,7 @@ Init_ossl_ts(void)
     * ===Create a Response:
     *      #Assumes ts.p12 is a PKCS#12-compatible file with a private key
     *      #and a certificate that has an extended key usage of 'timeStamping'
-     *      p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd')
+     *      p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
     *      md = OpenSSL::Digest.new('SHA1')
     *      hash = md.digest(data) #some binary data to be timestamped
     *      req = OpenSSL::Timestamp::Request.new
@ -1295,16 +1295,16 @@ Init_ossl_ts(void)
     *
     * ===Verify a timestamp response:
     *      #Assume we have a timestamp token in a file called ts.der
-     *      ts = OpenSSL::Timestamp::Response.new(File.open('ts.der', 'rb')
+     *      ts = OpenSSL::Timestamp::Response.new(File.binread('ts.der'))
     *      #Assume we have the Request for this token in a file called req.der
-     *      req = OpenSSL::Timestamp::Request.new(File.open('req.der', 'rb')
+     *      req = OpenSSL::Timestamp::Request.new(File.binread('req.der'))
     *      # Assume the associated root CA certificate is contained in a
     *      # DER-encoded file named root.cer
-     *      root = OpenSSL::X509::Certificate.new(File.open('root.cer', 'rb')
+     *      root = OpenSSL::X509::Certificate.new(File.binread('root.cer'))
     *      # get the necessary intermediate certificates, available in
     *      # DER-encoded form in inter1.cer and inter2.cer
-     *      inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb')
-     *      inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb')
+     *      inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
+     *      inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
     *      ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails
     *
     */
@ -1437,9 +1437,9 @@ Init_ossl_ts(void)
     * timestamping certificate.
     *
     *      req = OpenSSL::Timestamp::Request.new(raw_bytes)
-     *      p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd')
-     *      inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb')
-     *      inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb')
+     *      p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
+     *      inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
+     *      inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
     *      fac = OpenSSL::Timestamp::Factory.new
     *      fac.gen_time = Time.now
     *      fac.serial_number = 1
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@ -730,7 +730,7 @@ Init_ossl_x509cert(void)
     * Certificate is capable of handling DER-encoded certificates and
     * certificates encoded in OpenSSL's PEM format.
     *
-     *   raw = File.read "cert.cer" # DER- or PEM-encoded
+     *   raw = File.binread "cert.cer" # DER- or PEM-encoded
     *   certificate = OpenSSL::X509::Certificate.new raw
     *
     * === Saving a certificate to a file