kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER

Browse source 
fallback scenarios.

* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.

* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
  ossl_raise. This automatically flushes OpenSSL's error queue.

* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
  fails.

* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
  empty.

* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
  test_new.
  [ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32199 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
emboss 2011-06-22 08:41:08 +00:00
parent 41c517d132
commit 26cb830df9
18 changed files with 121 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
ChangeLog
View file

@ -1,3 +1,38 @@
Wed Jun 22 17:37:49 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER
fallback scenarios.
* ext/openssl/ossl_pkey_dsa.c
* ext/openssl/ossl_x509req.c
* ext/openssl/ossl_pkey_rsa.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_ssl_session.c
* ext/openssl/ossl_x509crl.c
* ext/openssl/ossl_pkey.c
* ext/openssl/ossl_pkey_dh.c
* ext/openssl/ossl_x509cert.c
* ext/openssl/ossl_pkcs7.c: Use OSSL_BIO_reset.
* ext/openssl/ossl_ssl.c
* ext/openssl/ossl_cipher.c
* ext/openssl/ossl_pkey_ec.c
* ext/openssl/ossl_pkcs12.c
* ext/openssl/ossl_ssl_session.c: Replace rb_raise occurences by
ossl_raise. This automatically flushes OpenSSL's error queue.
* ext/openssl/ossl_pkcs7.c: Raise error if DER fallback for parsing
fails.
* test/openssl/test_pkey_ec.rb
* test/openssl/test_pkey_dsa.rb
* test/openssl/test_pkey_rsa.rb: Add assertions that OpenSSL.errors is
empty.
* test/openssl/test_pkey_rsa.rb: Remove initial OpenSSL.errors call in
test_new.
[ Ruby 1.9 - Bug #4885 ] [ruby-core:37134]
Wed Jun 22 15:01:24 2011 Martin Bosslet <Martin.Bosslet@googlemail.com> Wed Jun 22 15:01:24 2011 Martin Bosslet <Martin.Bosslet@googlemail.com>
* ext/openssl/ossl_ssl.c: Use SSL_MODE_RELEASE_BUFFERS if available. * ext/openssl/ossl_ssl.c: Use SSL_MODE_RELEASE_BUFFERS if available.

7
ext/openssl/ossl.h
View file

@ -137,6 +137,13 @@ do{\
*/ */
int ossl_pem_passwd_cb(char *, int, int, void *); int ossl_pem_passwd_cb(char *, int, int, void *);
/*
* Clear BIO* with this in PEM/DER fallback scenarios to avoid decoding
* errors piling up in OpenSSL::Errors
*/
#define OSSL_BIO_reset(bio) (void)BIO_reset((bio)); \
ERR_clear_error();
/* /*
* ERRor messages * ERRor messages
*/ */

4
ext/openssl/ossl_cipher.c
View file

@ -293,7 +293,7 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
if(!NIL_P(vsalt)){ if(!NIL_P(vsalt)){
StringValue(vsalt); StringValue(vsalt);
if(RSTRING_LEN(vsalt) != PKCS5_SALT_LEN) if(RSTRING_LEN(vsalt) != PKCS5_SALT_LEN)
rb_raise(eCipherError, "salt must be an 8-octet string"); ossl_raise(eCipherError, "salt must be an 8-octet string");
salt = (unsigned char *)RSTRING_PTR(vsalt); salt = (unsigned char *)RSTRING_PTR(vsalt);
} }
iter = NIL_P(viter) ? 2048 : NUM2INT(viter); iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
@ -331,7 +331,7 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self)
StringValue(data); StringValue(data);
in = (unsigned char *)RSTRING_PTR(data); in = (unsigned char *)RSTRING_PTR(data);
if ((in_len = RSTRING_LENINT(data)) == 0) if ((in_len = RSTRING_LENINT(data)) == 0)
rb_raise(rb_eArgError, "data must not be empty"); ossl_raise(rb_eArgError, "data must not be empty");
GetCipher(self, ctx); GetCipher(self, ctx);
out_len = in_len+EVP_CIPHER_CTX_block_size(ctx); out_len = in_len+EVP_CIPHER_CTX_block_size(ctx);

4
ext/openssl/ossl_pkcs12.c
View file

@ -91,11 +91,11 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
/* TODO: make a VALUE to nid function */ /* TODO: make a VALUE to nid function */
if (!NIL_P(key_nid)) { if (!NIL_P(key_nid)) {
if ((nkey = OBJ_txt2nid(StringValuePtr(key_nid))) == NID_undef) if ((nkey = OBJ_txt2nid(StringValuePtr(key_nid))) == NID_undef)
rb_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(key_nid)); ossl_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(key_nid));
} }
if (!NIL_P(cert_nid)) { if (!NIL_P(cert_nid)) {
if ((ncert = OBJ_txt2nid(StringValuePtr(cert_nid))) == NID_undef) if ((ncert = OBJ_txt2nid(StringValuePtr(cert_nid))) == NID_undef)
rb_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(cert_nid)); ossl_raise(rb_eArgError, "Unknown PBE algorithm %s", StringValuePtr(cert_nid));
} }
if (!NIL_P(key_iter)) if (!NIL_P(key_iter))
kiter = NUM2INT(key_iter); kiter = NUM2INT(key_iter);

4
ext/openssl/ossl_pkcs7.c
View file

@ -320,8 +320,10 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL); p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL);
DATA_PTR(self) = pkcs; DATA_PTR(self) = pkcs;
if (!p7) { if (!p7) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
p7 = d2i_PKCS7_bio(in, &pkcs); p7 = d2i_PKCS7_bio(in, &pkcs);
if (!p7)
ossl_raise(rb_eArgError, "Could not parse the PKCS7");
DATA_PTR(self) = pkcs; DATA_PTR(self) = pkcs;
} }
BIO_free(in); BIO_free(in);

9
ext/openssl/ossl_pkey.c
View file

@ -18,9 +18,6 @@ VALUE cPKey;
VALUE ePKeyError; VALUE ePKeyError;
ID id_private_q; ID id_private_q;
#define reset_bio(b) (void)BIO_reset((b)); \
(void)ERR_get_error();
/* /*
* callback for generating keys * callback for generating keys
*/ */
@ -114,14 +111,14 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
bio = ossl_obj2bio(data); bio = ossl_obj2bio(data);
if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) { if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) {
reset_bio(bio); OSSL_BIO_reset(bio);
if (!NIL_P(pass)) { if (!NIL_P(pass)) {
passwd = StringValuePtr(pass); passwd = StringValuePtr(pass);
} }
if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, passwd))) { if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, passwd))) {
reset_bio(bio); OSSL_BIO_reset(bio);
if (!(pkey = d2i_PUBKEY_bio(bio, NULL))) { if (!(pkey = d2i_PUBKEY_bio(bio, NULL))) {
reset_bio(bio); OSSL_BIO_reset(bio);
if (!NIL_P(pass)) { if (!NIL_P(pass)) {
passwd = StringValuePtr(pass); passwd = StringValuePtr(pass);
} }

4
ext/openssl/ossl_pkey_dh.c
View file

@ -180,13 +180,11 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
in = ossl_obj2bio(arg); in = ossl_obj2bio(arg);
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
if (!dh){ if (!dh){
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
dh = d2i_DHparams_bio(in, NULL); dh = d2i_DHparams_bio(in, NULL);
} }
BIO_free(in); BIO_free(in);
if (!dh) { if (!dh) {
(void)ERR_get_error();
ossl_raise(eDHError, NULL); ossl_raise(eDHError, NULL);
} }
} }

14
ext/openssl/ossl_pkey_dsa.c
View file

@ -166,28 +166,24 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
in = ossl_obj2bio(arg); in = ossl_obj2bio(arg);
dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd); dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd);
if (!dsa) { if (!dsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
dsa = PEM_read_bio_DSA_PUBKEY(in, NULL, NULL, NULL); dsa = PEM_read_bio_DSA_PUBKEY(in, NULL, NULL, NULL);
} }
if (!dsa) { if (!dsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
dsa = d2i_DSAPrivateKey_bio(in, NULL); dsa = d2i_DSAPrivateKey_bio(in, NULL);
} }
if (!dsa) { if (!dsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
dsa = d2i_DSA_PUBKEY_bio(in, NULL); dsa = d2i_DSA_PUBKEY_bio(in, NULL);
} }
if (!dsa) { if (!dsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL); dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL);
} }
BIO_free(in); BIO_free(in);
if (!dsa) { if (!dsa) {
(void)ERR_get_error(); ERR_clear_error();
ossl_raise(eDSAError, "Neither PUB key nor PRIV key:"); ossl_raise(eDSAError, "Neither PUB key nor PRIV key:");
} }
} }

54
ext/openssl/ossl_pkey_ec.c
View file

@ -42,7 +42,7 @@ typedef struct {
#define Require_EC_KEY(obj, key) do { \ #define Require_EC_KEY(obj, key) do { \
Get_EC_KEY((obj), (key)); \ Get_EC_KEY((obj), (key)); \
if ((key) == NULL) \ if ((key) == NULL) \
rb_raise(eECError, "EC_KEY is not initialized"); \ ossl_raise(eECError, "EC_KEY is not initialized"); \
} while(0) } while(0)
#define SafeRequire_EC_KEY(obj, key) do { \ #define SafeRequire_EC_KEY(obj, key) do { \
@ -54,14 +54,14 @@ typedef struct {
ossl_ec_group *ec_group; \ ossl_ec_group *ec_group; \
Data_Get_Struct((obj), ossl_ec_group, ec_group); \ Data_Get_Struct((obj), ossl_ec_group, ec_group); \
if (ec_group == NULL) \ if (ec_group == NULL) \
rb_raise(eEC_GROUP, "missing ossl_ec_group structure"); \ ossl_raise(eEC_GROUP, "missing ossl_ec_group structure"); \
(g) = ec_group->group; \ (g) = ec_group->group; \
} while(0) } while(0)
#define Require_EC_GROUP(obj, group) do { \ #define Require_EC_GROUP(obj, group) do { \
Get_EC_GROUP((obj), (group)); \ Get_EC_GROUP((obj), (group)); \
if ((group) == NULL) \ if ((group) == NULL) \
rb_raise(eEC_GROUP, "EC_GROUP is not initialized"); \ ossl_raise(eEC_GROUP, "EC_GROUP is not initialized"); \
} while(0) } while(0)
#define SafeRequire_EC_GROUP(obj, group) do { \ #define SafeRequire_EC_GROUP(obj, group) do { \
@ -73,14 +73,14 @@ typedef struct {
ossl_ec_point *ec_point; \ ossl_ec_point *ec_point; \
Data_Get_Struct((obj), ossl_ec_point, ec_point); \ Data_Get_Struct((obj), ossl_ec_point, ec_point); \
if (ec_point == NULL) \ if (ec_point == NULL) \
rb_raise(eEC_POINT, "missing ossl_ec_point structure"); \ ossl_raise(eEC_POINT, "missing ossl_ec_point structure"); \
(p) = ec_point->point; \ (p) = ec_point->point; \
} while(0) } while(0)
#define Require_EC_POINT(obj, point) do { \ #define Require_EC_POINT(obj, point) do { \
Get_EC_POINT((obj), (point)); \ Get_EC_POINT((obj), (point)); \
if ((point) == NULL) \ if ((point) == NULL) \
rb_raise(eEC_POINT, "EC_POINT is not initialized"); \ ossl_raise(eEC_POINT, "EC_POINT is not initialized"); \
} while(0) } while(0)
#define SafeRequire_EC_POINT(obj, point) do { \ #define SafeRequire_EC_POINT(obj, point) do { \
@ -168,7 +168,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
GetPKey(self, pkey); GetPKey(self, pkey);
if (pkey->pkey.ec) if (pkey->pkey.ec)
rb_raise(eECError, "EC_KEY already initialized"); ossl_raise(eECError, "EC_KEY already initialized");
rb_scan_args(argc, argv, "02", &arg, &pass); rb_scan_args(argc, argv, "02", &arg, &pass);
@ -191,18 +191,15 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
} }
ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd); ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd);
if (!ec) { if (!ec) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
ec = PEM_read_bio_EC_PUBKEY(in, NULL, ossl_pem_passwd_cb, passwd); ec = PEM_read_bio_EC_PUBKEY(in, NULL, ossl_pem_passwd_cb, passwd);
} }
if (!ec) { if (!ec) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
ec = d2i_ECPrivateKey_bio(in, NULL); ec = d2i_ECPrivateKey_bio(in, NULL);
} }
if (!ec) { if (!ec) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
ec = d2i_EC_PUBKEY_bio(in, NULL); ec = d2i_EC_PUBKEY_bio(in, NULL);
} }
@ -478,7 +475,7 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
Require_EC_KEY(self, ec); Require_EC_KEY(self, ec);
if (EC_KEY_get0_public_key(ec) == NULL) if (EC_KEY_get0_public_key(ec) == NULL)
rb_raise(eECError, "can't export - no public key set"); ossl_raise(eECError, "can't export - no public key set");
if (EC_KEY_check_key(ec) != 1) if (EC_KEY_check_key(ec) != 1)
ossl_raise(eECError, "can't export - EC_KEY_check_key failed"); ossl_raise(eECError, "can't export - EC_KEY_check_key failed");
@ -518,7 +515,7 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma
break; break;
default: default:
BIO_free(out); BIO_free(out);
rb_raise(rb_eRuntimeError, "unknown format (internal error)"); ossl_raise(rb_eRuntimeError, "unknown format (internal error)");
} }
if (i != 1) { if (i != 1) {
@ -746,7 +743,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
Data_Get_Struct(self, ossl_ec_group, ec_group); Data_Get_Struct(self, ossl_ec_group, ec_group);
if (ec_group->group != NULL) if (ec_group->group != NULL)
rb_raise(rb_eRuntimeError, "EC_GROUP is already initialized"); ossl_raise(rb_eRuntimeError, "EC_GROUP is already initialized");
switch (rb_scan_args(argc, argv, "13", &arg1, &arg2, &arg3, &arg4)) { switch (rb_scan_args(argc, argv, "13", &arg1, &arg2, &arg3, &arg4)) {
case 1: case 1:
@ -768,7 +765,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
if ((group = EC_GROUP_new(method)) == NULL) if ((group = EC_GROUP_new(method)) == NULL)
ossl_raise(eEC_GROUP, "EC_GROUP_new"); ossl_raise(eEC_GROUP, "EC_GROUP_new");
} else { } else {
rb_raise(rb_eArgError, "unknown symbol, must be :GFp_simple, :GFp_mont, :GFp_nist or :GF2m_simple"); ossl_raise(rb_eArgError, "unknown symbol, must be :GFp_simple, :GFp_mont, :GFp_nist or :GF2m_simple");
} }
} else if (rb_obj_is_kind_of(arg1, cEC_GROUP)) { } else if (rb_obj_is_kind_of(arg1, cEC_GROUP)) {
const EC_GROUP *arg1_group; const EC_GROUP *arg1_group;
@ -781,7 +778,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
if (!group) { if (!group) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
group = d2i_ECPKParameters_bio(in, NULL); group = d2i_ECPKParameters_bio(in, NULL);
} }
@ -791,6 +788,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
const char *name = StringValueCStr(arg1); const char *name = StringValueCStr(arg1);
int nid = OBJ_sn2nid(name); int nid = OBJ_sn2nid(name);
(void)ERR_get_error();
if (nid == NID_undef) if (nid == NID_undef)
ossl_raise(eEC_GROUP, "unknown curve name (%s)", name); ossl_raise(eEC_GROUP, "unknown curve name (%s)", name);
@ -817,18 +815,18 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
} else if (id == s_GF2m) { } else if (id == s_GF2m) {
new_curve = EC_GROUP_new_curve_GF2m; new_curve = EC_GROUP_new_curve_GF2m;
} else { } else {
rb_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m"); ossl_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m");
} }
if ((group = new_curve(p, a, b, ossl_bn_ctx)) == NULL) if ((group = new_curve(p, a, b, ossl_bn_ctx)) == NULL)
ossl_raise(eEC_GROUP, "EC_GROUP_new_by_GF*"); ossl_raise(eEC_GROUP, "EC_GROUP_new_by_GF*");
} else { } else {
rb_raise(rb_eArgError, "unknown argument, must be :GFp or :GF2m"); ossl_raise(rb_eArgError, "unknown argument, must be :GFp or :GF2m");
} }
break; break;
default: default:
rb_raise(rb_eArgError, "wrong number of arguments"); ossl_raise(rb_eArgError, "wrong number of arguments");
} }
if (group == NULL) if (group == NULL)
@ -1044,7 +1042,7 @@ static VALUE ossl_ec_group_get_point_conversion_form(VALUE self)
case POINT_CONVERSION_UNCOMPRESSED: ret = ID_uncompressed; break; case POINT_CONVERSION_UNCOMPRESSED: ret = ID_uncompressed; break;
case POINT_CONVERSION_COMPRESSED: ret = ID_compressed; break; case POINT_CONVERSION_COMPRESSED: ret = ID_compressed; break;
case POINT_CONVERSION_HYBRID: ret = ID_hybrid; break; case POINT_CONVERSION_HYBRID: ret = ID_hybrid; break;
default: rb_raise(eEC_GROUP, "unsupported point conversion form: %d, this module should be updated", form); default: ossl_raise(eEC_GROUP, "unsupported point conversion form: %d, this module should be updated", form);
} }
return ID2SYM(ret); return ID2SYM(ret);
@ -1070,7 +1068,7 @@ static VALUE ossl_ec_group_set_point_conversion_form(VALUE self, VALUE form_v)
} else if (form_id == ID_hybrid) { } else if (form_id == ID_hybrid) {
form = POINT_CONVERSION_HYBRID; form = POINT_CONVERSION_HYBRID;
} else { } else {
rb_raise(rb_eArgError, "form must be :compressed, :uncompressed, or :hybrid"); ossl_raise(rb_eArgError, "form must be :compressed, :uncompressed, or :hybrid");
} }
EC_GROUP_set_point_conversion_form(group, form); EC_GROUP_set_point_conversion_form(group, form);
@ -1153,7 +1151,7 @@ static VALUE ossl_ec_group_to_string(VALUE self, int format)
break; break;
default: default:
BIO_free(out); BIO_free(out);
rb_raise(rb_eRuntimeError, "unknown format (internal error)"); ossl_raise(rb_eRuntimeError, "unknown format (internal error)");
} }
if (i != 1) { if (i != 1) {
@ -1246,7 +1244,7 @@ static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self)
Data_Get_Struct(self, ossl_ec_point, ec_point); Data_Get_Struct(self, ossl_ec_point, ec_point);
if (ec_point->point) if (ec_point->point)
rb_raise(eEC_POINT, "EC_POINT already initialized"); ossl_raise(eEC_POINT, "EC_POINT already initialized");
switch (rb_scan_args(argc, argv, "11", &arg1, &arg2)) { switch (rb_scan_args(argc, argv, "11", &arg1, &arg2)) {
case 1: case 1:
@ -1264,13 +1262,13 @@ static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self)
point = EC_POINT_new(group); point = EC_POINT_new(group);
} else { } else {
rb_raise(eEC_POINT, "wrong argument type: must be OpenSSL::PKey::EC::Point or OpenSSL::Pkey::EC::Group"); ossl_raise(eEC_POINT, "wrong argument type: must be OpenSSL::PKey::EC::Point or OpenSSL::Pkey::EC::Group");
} }
break; break;
case 2: case 2:
if (!rb_obj_is_kind_of(arg1, cEC_GROUP)) if (!rb_obj_is_kind_of(arg1, cEC_GROUP))
rb_raise(rb_eArgError, "1st argument must be OpenSSL::PKey::EC::Group"); ossl_raise(rb_eArgError, "1st argument must be OpenSSL::PKey::EC::Group");
group_v = arg1; group_v = arg1;
SafeRequire_EC_GROUP(group_v, group); SafeRequire_EC_GROUP(group_v, group);
@ -1291,14 +1289,14 @@ static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self)
} }
break; break;
default: default:
rb_raise(rb_eArgError, "wrong number of arguments"); ossl_raise(rb_eArgError, "wrong number of arguments");
} }
if (point == NULL) if (point == NULL)
ossl_raise(eEC_POINT, NULL); ossl_raise(eEC_POINT, NULL);
if (NIL_P(group_v)) if (NIL_P(group_v))
rb_raise(rb_eRuntimeError, "missing group (internal error)"); ossl_raise(rb_eRuntimeError, "missing group (internal error)");
ec_point->point = point; ec_point->point = point;

16
ext/openssl/ossl_pkey_rsa.c
View file

@ -157,33 +157,27 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
in = ossl_obj2bio(arg); in = ossl_obj2bio(arg);
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd); rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd);
if (!rsa) { if (!rsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL); rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL);
} }
if (!rsa) { if (!rsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
rsa = d2i_RSAPrivateKey_bio(in, NULL); rsa = d2i_RSAPrivateKey_bio(in, NULL);
} }
if (!rsa) { if (!rsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
rsa = d2i_RSA_PUBKEY_bio(in, NULL); rsa = d2i_RSA_PUBKEY_bio(in, NULL);
} }
if (!rsa) { if (!rsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
} }
if (!rsa) { if (!rsa) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
(void)ERR_get_error();
rsa = d2i_RSAPublicKey_bio(in, NULL); rsa = d2i_RSAPublicKey_bio(in, NULL);
} }
BIO_free(in); BIO_free(in);
if (!rsa) { if (!rsa) {
(void)ERR_get_error();
ossl_raise(eRSAError, "Neither PUB key nor PRIV key:"); ossl_raise(eRSAError, "Neither PUB key nor PRIV key:");
} }
} }

4
ext/openssl/ossl_ssl.c
View file

@ -493,7 +493,7 @@ ossl_call_servername_cb(VALUE ary)
Data_Get_Struct(ret_obj, SSL_CTX, ctx2); Data_Get_Struct(ret_obj, SSL_CTX, ctx2);
SSL_set_SSL_CTX(ssl, ctx2); SSL_set_SSL_CTX(ssl, ctx2);
} else if (!NIL_P(ret_obj)) { } else if (!NIL_P(ret_obj)) {
rb_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil"); ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil");
} }
return ret_obj; return ret_obj;
@ -952,7 +952,7 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self)
} else if (rb_obj_is_instance_of(arg1, rb_cTime)) { } else if (rb_obj_is_instance_of(arg1, rb_cTime)) {
tm = NUM2LONG(rb_funcall(arg1, rb_intern("to_i"), 0)); tm = NUM2LONG(rb_funcall(arg1, rb_intern("to_i"), 0));
} else { } else {
rb_raise(rb_eArgError, "arg must be Time or nil"); ossl_raise(rb_eArgError, "arg must be Time or nil");
} }
SSL_CTX_flush_sessions(ctx, (long)tm); SSL_CTX_flush_sessions(ctx, (long)tm);

4
ext/openssl/ossl_ssl_session.c
View file

@ -53,7 +53,7 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
if (!ctx) { if (!ctx) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
ctx = d2i_SSL_SESSION_bio(in, NULL); ctx = d2i_SSL_SESSION_bio(in, NULL);
} }
@ -152,7 +152,7 @@ static VALUE ossl_ssl_session_get_timeout(VALUE self)
} else if (FIXNUM_P(time_v)) { \ } else if (FIXNUM_P(time_v)) { \
; \ ; \
} else { \ } else { \
rb_raise(rb_eArgError, "unknown type"); \ ossl_raise(rb_eArgError, "unknown type"); \
} \ } \
\ \
t = NUM2ULONG(time_v); \ t = NUM2ULONG(time_v); \

3
ext/openssl/ossl_x509cert.c
View file

@ -71,6 +71,7 @@ ossl_x509_new_from_file(VALUE filename)
* prepare for DER... * prepare for DER...
#if !defined(OPENSSL_NO_FP_API) #if !defined(OPENSSL_NO_FP_API)
if (!x509) { if (!x509) {
(void)ERR_get_error();
rewind(fp); rewind(fp);
x509 = d2i_X509_fp(fp, NULL); x509 = d2i_X509_fp(fp, NULL);
@ -146,7 +147,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
x509 = PEM_read_bio_X509(in, &x, NULL, NULL); x509 = PEM_read_bio_X509(in, &x, NULL, NULL);
DATA_PTR(self) = x; DATA_PTR(self) = x;
if (!x509) { if (!x509) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
x509 = d2i_X509_bio(in, &x); x509 = d2i_X509_bio(in, &x);
DATA_PTR(self) = x; DATA_PTR(self) = x;
} }

2
ext/openssl/ossl_x509crl.c
View file

@ -102,7 +102,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL); crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
DATA_PTR(self) = x; DATA_PTR(self) = x;
if (!crl) { if (!crl) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
crl = d2i_X509_CRL_bio(in, &x); crl = d2i_X509_CRL_bio(in, &x);
DATA_PTR(self) = x; DATA_PTR(self) = x;
} }

2
ext/openssl/ossl_x509req.c
View file

@ -110,7 +110,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self)
req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL); req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL);
DATA_PTR(self) = x; DATA_PTR(self) = x;
if (!req) { if (!req) {
(void)BIO_reset(in); OSSL_BIO_reset(in);
req = d2i_X509_REQ_bio(in, &x); req = d2i_X509_REQ_bio(in, &x);
DATA_PTR(self) = x; DATA_PTR(self) = x;
} }

9
test/openssl/test_pkey_dsa.rb
View file

@ -76,6 +76,7 @@ end
assert_equal(g, key.g) assert_equal(g, key.g)
assert_equal(y, key.pub_key) assert_equal(y, key.pub_key)
assert_equal(nil, key.priv_key) assert_equal(nil, key.priv_key)
assert_equal([], OpenSSL.errors)
end end
def test_read_DSAPublicKey_pem def test_read_DSAPublicKey_pem
@ -100,6 +101,7 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ==
assert_equal(g, key.g) assert_equal(g, key.g)
assert_equal(y, key.pub_key) assert_equal(y, key.pub_key)
assert_equal(nil, key.priv_key) assert_equal(nil, key.priv_key)
assert_equal([], OpenSSL.errors)
end end
def test_read_DSA_PUBKEY_pem def test_read_DSA_PUBKEY_pem
@ -125,6 +127,7 @@ YNMbNw==
assert_equal(g, key.g) assert_equal(g, key.g)
assert_equal(y, key.pub_key) assert_equal(y, key.pub_key)
assert_equal(nil, key.priv_key) assert_equal(nil, key.priv_key)
assert_equal([], OpenSSL.errors)
end end
def test_export_format_is_DSA_PUBKEY_pem def test_export_format_is_DSA_PUBKEY_pem
@ -154,6 +157,7 @@ YNMbNw==
pub_key = OpenSSL::ASN1.decode(seq[1].value) pub_key = OpenSSL::ASN1.decode(seq[1].value)
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag) assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag)
assert_equal(key.pub_key, pub_key.value) assert_equal(key.pub_key, pub_key.value)
assert_equal([], OpenSSL.errors)
end end
def test_read_private_key_der def test_read_private_key_der
@ -162,6 +166,7 @@ YNMbNw==
key2 = OpenSSL::PKey.read(der) key2 = OpenSSL::PKey.read(der)
assert(key2.private?) assert(key2.private?)
assert_equal(der, key2.to_der) assert_equal(der, key2.to_der)
assert_equal([], OpenSSL.errors)
end end
def test_read_private_key_pem def test_read_private_key_pem
@ -170,6 +175,7 @@ YNMbNw==
key2 = OpenSSL::PKey.read(pem) key2 = OpenSSL::PKey.read(pem)
assert(key2.private?) assert(key2.private?)
assert_equal(pem, key2.to_pem) assert_equal(pem, key2.to_pem)
assert_equal([], OpenSSL.errors)
end end
def test_read_public_key_der def test_read_public_key_der
@ -178,6 +184,7 @@ YNMbNw==
key2 = OpenSSL::PKey.read(der) key2 = OpenSSL::PKey.read(der)
assert(!key2.private?) assert(!key2.private?)
assert_equal(der, key2.to_der) assert_equal(der, key2.to_der)
assert_equal([], OpenSSL.errors)
end end
def test_read_public_key_pem def test_read_public_key_pem
@ -186,6 +193,7 @@ YNMbNw==
key2 = OpenSSL::PKey.read(pem) key2 = OpenSSL::PKey.read(pem)
assert(!key2.private?) assert(!key2.private?)
assert_equal(pem, key2.to_pem) assert_equal(pem, key2.to_pem)
assert_equal([], OpenSSL.errors)
end end
def test_read_private_key_pem_pw def test_read_private_key_pem_pw
@ -200,6 +208,7 @@ YNMbNw==
key2 = OpenSSL::PKey.read(pem, 'secret') key2 = OpenSSL::PKey.read(pem, 'secret')
assert(key2.private?) assert(key2.private?)
#omit pem equality check, will be different due to cipher iv #omit pem equality check, will be different due to cipher iv
assert_equal([], OpenSSL.errors)
end end
private private

5
test/openssl/test_pkey_ec.rb
View file

@ -126,6 +126,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec2 = OpenSSL::PKey.read(der) ec2 = OpenSSL::PKey.read(der)
assert(ec2.private_key?) assert(ec2.private_key?)
assert_equal(der, ec2.to_der) assert_equal(der, ec2.to_der)
assert_equal([], OpenSSL.errors)
end end
def test_read_private_key_pem def test_read_private_key_pem
@ -134,6 +135,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec2 = OpenSSL::PKey.read(pem) ec2 = OpenSSL::PKey.read(pem)
assert(ec2.private_key?) assert(ec2.private_key?)
assert_equal(pem, ec2.to_pem) assert_equal(pem, ec2.to_pem)
assert_equal([], OpenSSL.errors)
end end
def test_read_public_key_der def test_read_public_key_der
@ -144,6 +146,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec3 = OpenSSL::PKey.read(der) ec3 = OpenSSL::PKey.read(der)
assert(!ec3.private_key?) assert(!ec3.private_key?)
assert_equal(der, ec3.to_der) assert_equal(der, ec3.to_der)
assert_equal([], OpenSSL.errors)
end end
def test_read_public_key_pem def test_read_public_key_pem
@ -154,6 +157,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec3 = OpenSSL::PKey.read(pem) ec3 = OpenSSL::PKey.read(pem)
assert(!ec3.private_key?) assert(!ec3.private_key?)
assert_equal(pem, ec3.to_pem) assert_equal(pem, ec3.to_pem)
assert_equal([], OpenSSL.errors)
end end
def test_read_private_key_pem_pw def test_read_private_key_pem_pw
@ -168,6 +172,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase
ec2 = OpenSSL::PKey.read(pem, 'secret') ec2 = OpenSSL::PKey.read(pem, 'secret')
assert(ec2.private_key?) assert(ec2.private_key?)
#omit pem equality check, will be different due to cipher iv #omit pem equality check, will be different due to cipher iv
assert_equal([], OpenSSL.errors)
end end
# test Group: asn1_flag, point_conversion # test Group: asn1_flag, point_conversion

11
test/openssl/test_pkey_rsa.rb
View file

@ -42,7 +42,6 @@ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
end end
def test_new def test_new
OpenSSL.errors
key = OpenSSL::PKey::RSA.new 512 key = OpenSSL::PKey::RSA.new 512
pem = key.public_key.to_pem pem = key.public_key.to_pem
OpenSSL::PKey::RSA.new pem OpenSSL::PKey::RSA.new pem
@ -92,6 +91,7 @@ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
assert_equal(nil, key.d) assert_equal(nil, key.d)
assert_equal(nil, key.p) assert_equal(nil, key.p)
assert_equal(nil, key.q) assert_equal(nil, key.q)
assert_equal([], OpenSSL.errors)
end end
def test_read_RSA_PUBKEY def test_read_RSA_PUBKEY
@ -110,6 +110,7 @@ class OpenSSL::TestPKeyRSA < Test::Unit::TestCase
assert_equal(nil, key.d) assert_equal(nil, key.d)
assert_equal(nil, key.p) assert_equal(nil, key.p)
assert_equal(nil, key.q) assert_equal(nil, key.q)
assert_equal([], OpenSSL.errors)
end end
def test_read_RSAPublicKey_pem def test_read_RSAPublicKey_pem
@ -129,6 +130,7 @@ AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE=
assert_equal(nil, key.d) assert_equal(nil, key.d)
assert_equal(nil, key.p) assert_equal(nil, key.p)
assert_equal(nil, key.q) assert_equal(nil, key.q)
assert_equal([], OpenSSL.errors)
end end
def test_read_RSA_PUBKEY_pem def test_read_RSA_PUBKEY_pem
@ -149,6 +151,7 @@ AwEAAQ==
assert_equal(nil, key.d) assert_equal(nil, key.d)
assert_equal(nil, key.p) assert_equal(nil, key.p)
assert_equal(nil, key.q) assert_equal(nil, key.q)
assert_equal([], OpenSSL.errors)
end end
def test_export_format_is_RSA_PUBKEY def test_export_format_is_RSA_PUBKEY
@ -170,6 +173,7 @@ AwEAAQ==
key = OpenSSL::PKey.read(der) key = OpenSSL::PKey.read(der)
assert(key.private?) assert(key.private?)
assert_equal(der, key.to_der) assert_equal(der, key.to_der)
assert_equal([], OpenSSL.errors)
end end
def test_read_private_key_pem def test_read_private_key_pem
@ -177,6 +181,7 @@ AwEAAQ==
key = OpenSSL::PKey.read(pem) key = OpenSSL::PKey.read(pem)
assert(key.private?) assert(key.private?)
assert_equal(pem, key.to_pem) assert_equal(pem, key.to_pem)
assert_equal([], OpenSSL.errors)
end end
def test_read_public_key_der def test_read_public_key_der
@ -184,6 +189,7 @@ AwEAAQ==
key = OpenSSL::PKey.read(der) key = OpenSSL::PKey.read(der)
assert(!key.private?) assert(!key.private?)
assert_equal(der, key.to_der) assert_equal(der, key.to_der)
assert_equal([], OpenSSL.errors)
end end
def test_read_public_key_pem def test_read_public_key_pem
@ -191,6 +197,7 @@ AwEAAQ==
key = OpenSSL::PKey.read(pem) key = OpenSSL::PKey.read(pem)
assert(!key.private?) assert(!key.private?)
assert_equal(pem, key.to_pem) assert_equal(pem, key.to_pem)
assert_equal([], OpenSSL.errors)
end end
def test_read_private_key_pem_pw def test_read_private_key_pem_pw
@ -204,6 +211,7 @@ AwEAAQ==
key = OpenSSL::PKey.read(pem, 'secret') key = OpenSSL::PKey.read(pem, 'secret')
assert(key.private?) assert(key.private?)
#omit pem equality check, will be different due to cipher iv #omit pem equality check, will be different due to cipher iv
assert_equal([], OpenSSL.errors)
end end
private private
@ -228,6 +236,7 @@ AwEAAQ==
assert_equal(key.n, pub_key.value[0].value) assert_equal(key.n, pub_key.value[0].value)
assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag) assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag)
assert_equal(key.e, pub_key.value[1].value) assert_equal(key.e, pub_key.value[1].value)
assert_equal([], OpenSSL.errors)
end end
end end