Bug #13935 » 0001-openssl-import-v2.0.6.patch
| ext/openssl/History.md | ||
|---|---|---|
|
Version 2.0.6
|
||
|
=============
|
||
|
Bug fixes
|
||
|
---------
|
||
|
* The session_remove_cb set to an OpenSSL::SSL::SSLContext is no longer called
|
||
|
during GC.
|
||
|
* A possible deadlock in OpenSSL::SSL::SSLSocket#sysread is fixed.
|
||
|
[[GitHub #139]](https://github.com/ruby/openssl/pull/139)
|
||
|
* OpenSSL::BN#hash could return an unnormalized fixnum value on Windows.
|
||
|
[[Bug #13877]](https://bugs.ruby-lang.org/issues/13877)
|
||
|
* OpenSSL::SSL::SSLSocket#sysread and #sysread_nonblock set the length of the
|
||
|
destination buffer String to 0 on error.
|
||
|
[[GitHub #153]](https://github.com/ruby/openssl/pull/153)
|
||
|
* Possible deadlock is fixed. This happened only when built with older versions
|
||
|
of OpenSSL (before 1.1.0) or LibreSSL.
|
||
|
[[GitHub #155]](https://github.com/ruby/openssl/pull/155)
|
||
|
Version 2.0.5
|
||
|
=============
|
||
| ext/openssl/lib/openssl/buffering.rb | ||
|---|---|---|
|
# when the peer requests a new TLS/SSL handshake. See openssl the FAQ for
|
||
|
# more details. http://www.openssl.org/support/faq.html
|
||
|
#
|
||
|
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
|
# By specifying `exception: false`, the options hash allows you to indicate
|
||
|
# that read_nonblock should not raise an IO::Wait*able exception, but
|
||
|
# return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
|
||
|
# it will return +nil+ instead of raising EOFError.
|
||
|
# return the symbol :wait_writable or :wait_readable instead.
|
||
|
def read_nonblock(maxlen, buf=nil, exception: true)
|
||
|
if maxlen == 0
|
||
| ... | ... | |
|
# is when the peer requests a new TLS/SSL handshake. See the openssl FAQ
|
||
|
# for more details. http://www.openssl.org/support/faq.html
|
||
|
#
|
||
|
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
|
# By specifying `exception: false`, the options hash allows you to indicate
|
||
|
# that write_nonblock should not raise an IO::Wait*able exception, but
|
||
|
# return the symbol +:wait_writable+ or +:wait_readable+ instead.
|
||
|
# return the symbol :wait_writable or :wait_readable instead.
|
||
|
def write_nonblock(s, exception: true)
|
||
|
flush
|
||
| ext/openssl/openssl.gemspec | ||
|---|---|---|
|
# -*- encoding: utf-8 -*-
|
||
|
# stub: openssl 2.0.5 ruby lib
|
||
|
# stub: openssl 2.0.6 ruby lib
|
||
|
# stub: ext/openssl/extconf.rb
|
||
|
Gem::Specification.new do |s|
|
||
|
s.name = "openssl".freeze
|
||
|
s.version = "2.0.5"
|
||
|
s.version = "2.0.6"
|
||
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
||
|
s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata=
|
||
|
s.require_paths = ["lib".freeze]
|
||
|
s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
|
||
|
s.date = "2017-08-08"
|
||
|
s.date = "2017-09-24"
|
||
|
s.description = "It wraps the OpenSSL library.".freeze
|
||
|
s.email = ["ruby-core@ruby-lang.org".freeze]
|
||
|
s.extensions = ["ext/openssl/extconf.rb".freeze]
|
||
| ... | ... | |
|
s.licenses = ["Ruby".freeze]
|
||
|
s.rdoc_options = ["--main".freeze, "README.md".freeze]
|
||
|
s.required_ruby_version = Gem::Requirement.new(">= 2.3.0".freeze)
|
||
|
s.rubygems_version = "2.6.12".freeze
|
||
|
s.rubygems_version = "2.6.13".freeze
|
||
|
s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography.".freeze
|
||
|
if s.respond_to? :specification_version then
|
||
| ext/openssl/ossl.c | ||
|---|---|---|
|
#endif
|
||
|
}
|
||
|
#if defined(OSSL_DEBUG)
|
||
|
#if !defined(LIBRESSL_VERSION_NUMBER) && \
|
||
|
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_NO_CRYPTO_MDEBUG) || \
|
||
|
defined(CRYPTO_malloc_debug_init))
|
||
|
/*
|
||
|
* call-seq:
|
||
|
* OpenSSL.mem_check_start -> nil
|
||
|
*
|
||
|
* Calls CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON). Starts tracking memory
|
||
|
* allocations. See also OpenSSL.print_mem_leaks.
|
||
|
*
|
||
|
* This is available only when built with a capable OpenSSL and --enable-debug
|
||
|
* configure option.
|
||
|
*/
|
||
|
static VALUE
|
||
|
mem_check_start(VALUE self)
|
||
|
{
|
||
|
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||
|
return Qnil;
|
||
|
}
|
||
|
/*
|
||
|
* call-seq:
|
||
|
* OpenSSL.print_mem_leaks -> true | false
|
||
|
*
|
||
|
* For debugging the Ruby/OpenSSL library. Calls CRYPTO_mem_leaks_fp(stderr).
|
||
|
* Prints detected memory leaks to standard error. This cleans the global state
|
||
|
* up thus you cannot use any methods of the library after calling this.
|
||
|
*
|
||
|
* Returns true if leaks detected, false otherwise.
|
||
|
*
|
||
|
* This is available only when built with a capable OpenSSL and --enable-debug
|
||
|
* configure option.
|
||
|
*
|
||
|
* === Example
|
||
|
* OpenSSL.mem_check_start
|
||
|
* NOT_GCED = OpenSSL::PKey::RSA.new(256)
|
||
|
*
|
||
|
* END {
|
||
|
* GC.start
|
||
|
* OpenSSL.print_mem_leaks # will print the leakage
|
||
|
* }
|
||
|
*/
|
||
|
static VALUE
|
||
|
print_mem_leaks(VALUE self)
|
||
|
{
|
||
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||
|
int ret;
|
||
|
#endif
|
||
|
BN_CTX_free(ossl_bn_ctx);
|
||
|
ossl_bn_ctx = NULL;
|
||
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||
|
ret = CRYPTO_mem_leaks_fp(stderr);
|
||
|
if (ret < 0)
|
||
|
ossl_raise(eOSSLError, "CRYPTO_mem_leaks_fp");
|
||
|
return ret ? Qfalse : Qtrue;
|
||
|
#else
|
||
|
CRYPTO_mem_leaks_fp(stderr);
|
||
|
return Qnil;
|
||
|
#endif
|
||
|
}
|
||
|
#endif
|
||
|
#endif
|
||
|
#if !defined(HAVE_OPENSSL_110_THREADING_API)
|
||
|
/**
|
||
|
* Stores locks needed for OpenSSL thread safety
|
||
|
*/
|
||
|
static rb_nativethread_lock_t *ossl_locks;
|
||
|
struct CRYPTO_dynlock_value {
|
||
|
rb_nativethread_lock_t lock;
|
||
|
rb_nativethread_id_t owner;
|
||
|
size_t count;
|
||
|
};
|
||
|
static void
|
||
|
ossl_lock_unlock(int mode, rb_nativethread_lock_t *lock)
|
||
|
ossl_lock_init(struct CRYPTO_dynlock_value *l)
|
||
|
{
|
||
|
if (mode & CRYPTO_LOCK) {
|
||
|
rb_nativethread_lock_lock(lock);
|
||
|
} else {
|
||
|
rb_nativethread_lock_unlock(lock);
|
||
|
}
|
||
|
rb_nativethread_lock_initialize(&l->lock);
|
||
|
l->count = 0;
|
||
|
}
|
||
|
static void
|
||
|
ossl_lock_callback(int mode, int type, const char *file, int line)
|
||
|
ossl_lock_unlock(int mode, struct CRYPTO_dynlock_value *l)
|
||
|
{
|
||
|
ossl_lock_unlock(mode, &ossl_locks[type]);
|
||
|
if (mode & CRYPTO_LOCK) {
|
||
|
/* TODO: rb_nativethread_id_t is not necessarily compared with ==. */
|
||
|
rb_nativethread_id_t tid = rb_nativethread_self();
|
||
|
if (l->count && l->owner == tid) {
|
||
|
l->count++;
|
||
|
return;
|
||
|
}
|
||
|
rb_nativethread_lock_lock(&l->lock);
|
||
|
l->owner = tid;
|
||
|
l->count = 1;
|
||
|
} else {
|
||
|
if (!--l->count)
|
||
|
rb_nativethread_lock_unlock(&l->lock);
|
||
|
}
|
||
|
}
|
||
|
struct CRYPTO_dynlock_value {
|
||
|
rb_nativethread_lock_t lock;
|
||
|
};
|
||
|
static struct CRYPTO_dynlock_value *
|
||
|
ossl_dyn_create_callback(const char *file, int line)
|
||
|
{
|
||
|
struct CRYPTO_dynlock_value *dynlock = (struct CRYPTO_dynlock_value *)OPENSSL_malloc((int)sizeof(struct CRYPTO_dynlock_value));
|
||
|
rb_nativethread_lock_initialize(&dynlock->lock);
|
||
|
/* Do not use xmalloc() here, since it may raise NoMemoryError */
|
||
|
struct CRYPTO_dynlock_value *dynlock =
|
||
|
OPENSSL_malloc(sizeof(struct CRYPTO_dynlock_value));
|
||
|
if (dynlock)
|
||
|
ossl_lock_init(dynlock);
|
||
|
return dynlock;
|
||
|
}
|
||
|
static void
|
||
|
ossl_dyn_lock_callback(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)
|
||
|
{
|
||
|
ossl_lock_unlock(mode, &l->lock);
|
||
|
ossl_lock_unlock(mode, l);
|
||
|
}
|
||
|
static void
|
||
| ... | ... | |
|
}
|
||
|
#endif
|
||
|
static struct CRYPTO_dynlock_value *ossl_locks;
|
||
|
static void
|
||
|
ossl_lock_callback(int mode, int type, const char *file, int line)
|
||
|
{
|
||
|
ossl_lock_unlock(mode, &ossl_locks[type]);
|
||
|
}
|
||
|
static void Init_ossl_locks(void)
|
||
|
{
|
||
|
int i;
|
||
|
int num_locks = CRYPTO_num_locks();
|
||
|
if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) {
|
||
|
rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks);
|
||
|
}
|
||
|
ossl_locks = (rb_nativethread_lock_t *) OPENSSL_malloc(num_locks * (int)sizeof(rb_nativethread_lock_t));
|
||
|
if (!ossl_locks) {
|
||
|
rb_raise(rb_eNoMemError, "CRYPTO_num_locks() is too big: %d", num_locks);
|
||
|
}
|
||
|
for (i = 0; i < num_locks; i++) {
|
||
|
rb_nativethread_lock_initialize(&ossl_locks[i]);
|
||
|
}
|
||
|
ossl_locks = ALLOC_N(struct CRYPTO_dynlock_value, num_locks);
|
||
|
for (i = 0; i < num_locks; i++)
|
||
|
ossl_lock_init(&ossl_locks[i]);
|
||
|
#ifdef HAVE_CRYPTO_THREADID_PTR
|
||
|
CRYPTO_THREADID_set_callback(ossl_threadid_func);
|
||
| ... | ... | |
|
Init_ossl_ocsp();
|
||
|
Init_ossl_engine();
|
||
|
Init_ossl_asn1();
|
||
|
}
|
||
|
#if defined(OSSL_DEBUG)
|
||
|
/*
|
||
|
* Check if all symbols are OK with 'make LDSHARED=gcc all'
|
||
|
*/
|
||
|
int
|
||
|
main(int argc, char *argv[])
|
||
|
{
|
||
|
return 0;
|
||
|
/*
|
||
|
* For debugging Ruby/OpenSSL. Enable only when built with --enable-debug
|
||
|
*/
|
||
|
#if !defined(LIBRESSL_VERSION_NUMBER) && \
|
||
|
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_NO_CRYPTO_MDEBUG) || \
|
||
|
defined(CRYPTO_malloc_debug_init))
|
||
|
rb_define_module_function(mOSSL, "mem_check_start", mem_check_start, 0);
|
||
|
rb_define_module_function(mOSSL, "print_mem_leaks", print_mem_leaks, 0);
|
||
|
#if defined(CRYPTO_malloc_debug_init) /* <= 1.0.2 */
|
||
|
CRYPTO_malloc_debug_init();
|
||
|
#endif
|
||
|
#if defined(V_CRYPTO_MDEBUG_ALL) /* <= 1.0.2 */
|
||
|
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
|
||
|
#endif
|
||
|
#if OPENSSL_VERSION_NUMBER < 0x10100000 /* <= 1.0.2 */
|
||
|
{
|
||
|
int i;
|
||
|
/*
|
||
|
* See crypto/ex_data.c; call def_get_class() immediately to avoid
|
||
|
* allocations. 15 is the maximum number that is used as the class index
|
||
|
* in OpenSSL 1.0.2.
|
||
|
*/
|
||
|
for (i = 0; i <= 15; i++) {
|
||
|
if (CRYPTO_get_ex_new_index(i, 0, (void *)"ossl-mdebug-dummy", 0, 0, 0) < 0)
|
||
|
rb_raise(rb_eRuntimeError, "CRYPTO_get_ex_new_index for "
|
||
|
"class index %d failed", i);
|
||
|
}
|
||
|
}
|
||
|
#endif
|
||
|
#endif
|
||
|
#endif
|
||
|
}
|
||
|
#endif /* OSSL_DEBUG */
|
||
| ext/openssl/ossl_cipher.c | ||
|---|---|---|
|
* call-seq:
|
||
|
* cipher.auth_tag = string -> string
|
||
|
*
|
||
|
* Sets the authentication tag to verify the contents of the
|
||
|
* ciphertext. The tag must be set after calling Cipher#decrypt,
|
||
|
* Cipher#key= and Cipher#iv=, but before assigning the associated
|
||
|
* authenticated data using Cipher#auth_data= and of course, before
|
||
|
* decrypting any of the ciphertext. After all decryption is
|
||
|
* performed, the tag is verified automatically in the call to
|
||
|
* Cipher#final.
|
||
|
* Sets the authentication tag to verify the integrity of the ciphertext.
|
||
|
* This can be called only when the cipher supports AE. The tag must be set
|
||
|
* after calling Cipher#decrypt, Cipher#key= and Cipher#iv=, but before
|
||
|
* calling Cipher#final. After all decryption is performed, the tag is
|
||
|
* verified automatically in the call to Cipher#final.
|
||
|
*
|
||
|
* For OCB mode, the tag length must be supplied with #auth_tag_len=
|
||
|
* beforehand.
|
||
| ext/openssl/ossl_ssl.c | ||
|---|---|---|
|
void *ptr;
|
||
|
int state = 0;
|
||
|
/*
|
||
|
* This callback is also called for all sessions in the internal store
|
||
|
* when SSL_CTX_free() is called.
|
||
|
*/
|
||
|
if (rb_during_gc())
|
||
|
return;
|
||
|
OSSL_Debug("SSL SESSION remove callback entered");
|
||
|
if ((ptr = SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_ptr_idx)) == NULL)
|
||
| ... | ... | |
|
* retry
|
||
|
* end
|
||
|
*
|
||
|
* By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
|
* By specifying `exception: false`, the options hash allows you to indicate
|
||
|
* that connect_nonblock should not raise an IO::WaitReadable or
|
||
|
* IO::WaitWritable exception, but return the symbol +:wait_readable+ or
|
||
|
* +:wait_writable+ instead.
|
||
|
* IO::WaitWritable exception, but return the symbol :wait_readable or
|
||
|
* :wait_writable instead.
|
||
|
*/
|
||
|
static VALUE
|
||
|
ossl_ssl_connect_nonblock(int argc, VALUE *argv, VALUE self)
|
||
| ... | ... | |
|
* retry
|
||
|
* end
|
||
|
*
|
||
|
* By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
|
* By specifying `exception: false`, the options hash allows you to indicate
|
||
|
* that accept_nonblock should not raise an IO::WaitReadable or
|
||
|
* IO::WaitWritable exception, but return the symbol +:wait_readable+ or
|
||
|
* +:wait_writable+ instead.
|
||
|
* IO::WaitWritable exception, but return the symbol :wait_readable or
|
||
|
* :wait_writable instead.
|
||
|
*/
|
||
|
static VALUE
|
||
|
ossl_ssl_accept_nonblock(int argc, VALUE *argv, VALUE self)
|
||
| ... | ... | |
|
}
|
||
|
ilen = NUM2INT(len);
|
||
|
if(NIL_P(str)) str = rb_str_new(0, ilen);
|
||
|
else{
|
||
|
StringValue(str);
|
||
|
rb_str_modify(str);
|
||
|
rb_str_resize(str, ilen);
|
||
|
if (NIL_P(str))
|
||
|
str = rb_str_new(0, ilen);
|
||
|
else {
|
||
|
StringValue(str);
|
||
|
if (RSTRING_LEN(str) >= ilen)
|
||
|
rb_str_modify(str);
|
||
|
else
|
||
|
rb_str_modify_expand(str, ilen - RSTRING_LEN(str));
|
||
|
}
|
||
|
if(ilen == 0) return str;
|
||
|
OBJ_TAINT(str);
|
||
|
rb_str_set_len(str, 0);
|
||
|
if (ilen == 0)
|
||
|
return str;
|
||
|
GetSSL(self, ssl);
|
||
|
io = rb_attr_get(self, id_i_io);
|
||
|
GetOpenFile(io, fptr);
|
||
|
if (ssl_started(ssl)) {
|
||
|
if(!nonblock && SSL_pending(ssl) <= 0)
|
||
|
rb_thread_wait_fd(FPTR_TO_FD(fptr));
|
||
|
for (;;){
|
||
|
nread = SSL_read(ssl, RSTRING_PTR(str), RSTRING_LENINT(str));
|
||
|
nread = SSL_read(ssl, RSTRING_PTR(str), ilen);
|
||
|
switch(ssl_get_error(ssl, nread)){
|
||
|
case SSL_ERROR_NONE:
|
||
|
goto end;
|
||
| ... | ... | |
|
end:
|
||
|
rb_str_set_len(str, nread);
|
||
|
OBJ_TAINT(str);
|
||
|
return str;
|
||
|
}
|
||
| ext/openssl/ossl_version.h | ||
|---|---|---|
|
#if !defined(_OSSL_VERSION_H_)
|
||
|
#define _OSSL_VERSION_H_
|
||
|
#define OSSL_VERSION "2.0.5"
|
||
|
#define OSSL_VERSION "2.0.6"
|
||
|
#endif /* _OSSL_VERSION_H_ */
|
||
| ext/openssl/ruby_missing.h | ||
|---|---|---|
|
#define FPTR_TO_FD(fptr) ((fptr)->fd)
|
||
|
/* Ruby 2.4 */
|
||
|
#ifndef RB_INTEGER_TYPE_P
|
||
|
/* for Ruby 2.3 compatibility */
|
||
|
#define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
|
||
|
# define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
|
||
|
#endif
|
||
|
/* Ruby 2.5 */
|
||
|
#ifndef ST2FIX
|
||
|
# define RB_ST2FIX(h) LONG2FIX((long)(h))
|
||
|
# define ST2FIX(h) RB_ST2FIX(h)
|
||
|
#endif
|
||
|
#endif /* _OSSL_RUBY_MISSING_H_ */
|
||
| test/openssl/fixtures/pkey/dh1024.pem | ||
|---|---|---|
|
-----BEGIN DH PARAMETERS-----
|
||
|
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
|
||
|
pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
|
||
|
AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
|
||
|
-----END DH PARAMETERS-----
|
||
| test/openssl/fixtures/pkey/dsa1024.pem | ||
|---|---|---|
|
-----BEGIN DSA PRIVATE KEY-----
|
||
|
MIIBugIBAAKBgQCH9aAoXvWWThIjkA6D+nI1F9ksF9iDq594rkiGNOT9sPDOdB+n
|
||
|
D+qeeeeloRlj19ymCSADPI0ZLRgkchkAEnY2RnqnhHOjVf/roGgRbW+iQDMbQ9wa
|
||
|
/pvc6/fAbsu1goE1hBYjm98/sZEeXavj8tR56IXnjF1b6Nx0+sgeUKFKEQIVAMiz
|
||
|
4BJUFeTtddyM4uadBM7HKLPRAoGAZdLBSYNGiij7vAjesF5mGUKTIgPd+JKuBEDx
|
||
|
OaBclsgfdoyoF/TMOkIty+PVlYD+//Vl2xnoUEIRaMXHwHfm0r2xUX++oeRaSScg
|
||
|
YizJdUxe5jvBuBszGPRc/mGpb9YvP0sB+FL1KmuxYmdODfCe51zl8uM/CVhouJ3w
|
||
|
DjmRGscCgYAuFlfC7p+e8huCKydfcv/beftqjewiOPpQ3u5uI6KPCtCJPpDhs3+4
|
||
|
IihH2cPsAlqwGF4tlibW1+/z/OZ1AZinPK3y7b2jSJASEaPeEltVzB92hcd1khk2
|
||
|
jTYcmSsV4VddplOPK9czytR/GbbibxsrhhgZUbd8LPbvIgaiadJ1PgIUBnJ/5vN2
|
||
|
CVArsEzlPUCbohPvZnE=
|
||
|
-----END DSA PRIVATE KEY-----
|
||
| test/openssl/fixtures/pkey/dsa256.pem | ||
|---|---|---|
|
-----BEGIN DSA PRIVATE KEY-----
|
||
|
MIH3AgEAAkEAhk2libbY2a8y2Pt21+YPYGZeW6wzaW2yfj5oiClXro9XMR7XWLkE
|
||
|
9B7XxLNFCS2gmCCdMsMW1HulaHtLFQmB2wIVAM43JZrcgpu6ajZ01VkLc93gu/Ed
|
||
|
AkAOhujZrrKV5CzBKutKLb0GVyVWmdC7InoNSMZEeGU72rT96IjM59YzoqmD0pGM
|
||
|
3I1o4cGqg1D1DfM1rQlnN1eSAkBq6xXfEDwJ1mLNxF6q8Zm/ugFYWR5xcX/3wFiT
|
||
|
b4+EjHP/DbNh9Vm5wcfnDBJ1zKvrMEf2xqngYdrV/3CiGJeKAhRvL57QvJZcQGvn
|
||
|
ISNX5cMzFHRW3Q==
|
||
|
-----END DSA PRIVATE KEY-----
|
||
| test/openssl/fixtures/pkey/dsa512.pem | ||
|---|---|---|
|
-----BEGIN DSA PRIVATE KEY-----
|
||
|
MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok
|
||
|
RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D
|
||
|
AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR
|
||
|
S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++
|
||
|
Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
|
||
|
55jreJD3Se3slps=
|
||
|
-----END DSA PRIVATE KEY-----
|
||
| test/openssl/fixtures/pkey/p256.pem | ||
|---|---|---|
|
-----BEGIN EC PRIVATE KEY-----
|
||
|
MHcCAQEEIID49FDqcf1O1eO8saTgG70UbXQw9Fqwseliit2aWhH1oAoGCCqGSM49
|
||
|
AwEHoUQDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7lSZ/ArK41eGy5wAzU/0G51Xtt
|
||
|
CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
|
||
|
-----END EC PRIVATE KEY-----
|
||
| test/openssl/fixtures/pkey/rsa1024.pem | ||
|---|---|---|
|
-----BEGIN RSA PRIVATE KEY-----
|
||
|
MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
|
||
|
aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
|
||
|
Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
|
||
|
AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
|
||
|
maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
|
||
|
gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
|
||
|
74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
|
||
|
JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
|
||
|
sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
|
||
|
8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
|
||
|
wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
|
||
|
qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
|
||
|
dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
|
||
|
-----END RSA PRIVATE KEY-----
|
||
| test/openssl/fixtures/pkey/rsa2048.pem | ||
|---|---|---|
|
-----BEGIN RSA PRIVATE KEY-----
|
||
|
MIIEpAIBAAKCAQEAuV9ht9J7k4NBs38jOXvvTKY9gW8nLICSno5EETR1cuF7i4pN
|
||
|
s9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enenfzq/t/e/1IRW0wkJUJUFQign
|
||
|
4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWmqbjs07JbuS4QQGGXLc+Su96D
|
||
|
kYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v68JkRFIhdGlb6JL8fllf/A/bl
|
||
|
NwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX9KZYcU00mOX+fdxOSnGqS/8J
|
||
|
DRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wIDAQABAoIBAAzsamqfYQAqwXTb
|
||
|
I0CJtGg6msUgU7HVkOM+9d3hM2L791oGHV6xBAdpXW2H8LgvZHJ8eOeSghR8+dgq
|
||
|
PIqAffo4x1Oma+FOg3A0fb0evyiACyrOk+EcBdbBeLo/LcvahBtqnDfiUMQTpy6V
|
||
|
seSoFCwuN91TSCeGIsDpRjbG1vxZgtx+uI+oH5+ytqJOmfCksRDCkMglGkzyfcl0
|
||
|
Xc5CUhIJ0my53xijEUQl19rtWdMnNnnkdbG8PT3LZlOta5Do86BElzUYka0C6dUc
|
||
|
VsBDQ0Nup0P6rEQgy7tephHoRlUGTYamsajGJaAo1F3IQVIrRSuagi7+YpSpCqsW
|
||
|
wORqorkCgYEA7RdX6MDVrbw7LePnhyuaqTiMK+055/R1TqhB1JvvxJ1CXk2rDL6G
|
||
|
0TLHQ7oGofd5LYiemg4ZVtWdJe43BPZlVgT6lvL/iGo8JnrncB9Da6L7nrq/+Rvj
|
||
|
XGjf1qODCK+LmreZWEsaLPURIoR/Ewwxb9J2zd0CaMjeTwafJo1CZvcCgYEAyCgb
|
||
|
aqoWvUecX8VvARfuA593Lsi50t4MEArnOXXcd1RnXoZWhbx5rgO8/ATKfXr0BK/n
|
||
|
h2GF9PfKzHFm/4V6e82OL7gu/kLy2u9bXN74vOvWFL5NOrOKPM7Kg+9I131kNYOw
|
||
|
Ivnr/VtHE5s0dY7JChYWE1F3vArrOw3T00a4CXUCgYEA0SqY+dS2LvIzW4cHCe9k
|
||
|
IQqsT0yYm5TFsUEr4sA3xcPfe4cV8sZb9k/QEGYb1+SWWZ+AHPV3UW5fl8kTbSNb
|
||
|
v4ng8i8rVVQ0ANbJO9e5CUrepein2MPL0AkOATR8M7t7dGGpvYV0cFk8ZrFx0oId
|
||
|
U0PgYDotF/iueBWlbsOM430CgYEAqYI95dFyPI5/AiSkY5queeb8+mQH62sdcCCr
|
||
|
vd/w/CZA/K5sbAo4SoTj8dLk4evU6HtIa0DOP63y071eaxvRpTNqLUOgmLh+D6gS
|
||
|
Cc7TfLuFrD+WDBatBd5jZ+SoHccVrLR/4L8jeodo5FPW05A+9gnKXEXsTxY4LOUC
|
||
|
9bS4e1kCgYAqVXZh63JsMwoaxCYmQ66eJojKa47VNrOeIZDZvd2BPVf30glBOT41
|
||
|
gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15LcPAj59cD6S6rWnAxO8NFK7HQG
|
||
|
4Jxg3JNNf8ErQoCHb1B3oVdXJkmbJkARoDpBKmTCgKtP8ADYLmVPQw==
|
||
|
-----END RSA PRIVATE KEY-----
|
||
| test/openssl/test_asn1.rb | ||
|---|---|---|
|
# frozen_string_literal: false
|
||
|
require_relative 'utils'
|
||
|
if defined?(OpenSSL::TestUtils)
|
||
|
class OpenSSL::TestASN1 < OpenSSL::TestCase
|
||
|
def test_decode
|
||
|
subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
|
||
|
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
|
key = Fixtures.pkey("rsa1024")
|
||
|
now = Time.at(Time.now.to_i) # suppress usec
|
||
|
s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf
|
||
|
exts = [
|
||
| ... | ... | |
|
end
|
||
|
assert_equal(:UNIVERSAL, asn1.tag_class)
|
||
|
end
|
||
|
end
|
||
|
end if defined?(OpenSSL::TestUtils)
|
||
|
end
|
||
| test/openssl/test_bn.rb | ||
|---|---|---|
|
assert_equal(false, bn1.eql?(bn3))
|
||
|
assert_equal(bn1.hash, bn2.hash)
|
||
|
assert_not_equal(bn3.hash, bn1.hash)
|
||
|
assert_instance_of(String, bn1.hash.to_s)
|
||
|
end
|
||
|
end
|
||
| test/openssl/test_buffering.rb | ||
|---|---|---|
|
# frozen_string_literal: false
|
||
|
require_relative 'utils'
|
||
|
require 'stringio'
|
||
|
class OpenSSL::TestBuffering < OpenSSL::TestCase
|
||
|
if defined?(OpenSSL::TestUtils)
|
||
|
class OpenSSL::TestBuffering < OpenSSL::TestCase
|
||
|
class IO
|
||
|
include OpenSSL::Buffering
|
||
| ... | ... | |
|
end
|
||
|
assert_equal([97, 98, 99], res)
|
||
|
end
|
||
|
end
|
||
|
end if defined?(OpenSSL::TestUtils)
|
||
|
end
|
||
| test/openssl/test_config.rb | ||
|---|---|---|
|
# frozen_string_literal: false
|
||
|
require_relative 'utils'
|
||
|
if defined?(OpenSSL::TestUtils)
|
||
|
class OpenSSL::TestConfig < OpenSSL::TestCase
|
||
|
def setup
|
||
|
super
|
||
| ... | ... | |
|
def test_value
|
||
|
# suppress deprecation warnings
|
||
|
OpenSSL::TestUtils.silent do
|
||
|
EnvUtil.suppress_warning do
|
||
|
assert_equal('CA_default', @it.value('ca', 'default_ca'))
|
||
|
assert_equal(nil, @it.value('ca', 'no such key'))
|
||
|
assert_equal(nil, @it.value('no such section', 'no such key'))
|
||
| ... | ... | |
|
end
|
||
|
def test_value_ENV
|
||
|
OpenSSL::TestUtils.silent do
|
||
|
EnvUtil.suppress_warning do
|
||
|
key = ENV.keys.first
|
||
|
assert_not_nil(key) # make sure we have at least one ENV var.
|
||
|
assert_equal(ENV[key], @it.value('ENV', key))
|
||
| ... | ... | |
|
end
|
||
|
def test_section
|
||
|
OpenSSL::TestUtils.silent do
|
||
|
EnvUtil.suppress_warning do
|
||
|
assert_equal({'HOME' => '.'}, @it.section('default'))
|
||
|
assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it.section('CA_default'))
|
||
|
assert_equal({}, @it.section('no_such_section'))
|
||
| ... | ... | |
|
@it['newsection'] = {'a' => 'b'}
|
||
|
assert_not_equal(@it.sections.sort, c.sections.sort)
|
||
|
end
|
||
|
end if defined?(OpenSSL::TestUtils)
|
||
|
end
|
||
|
end
|
||
| test/openssl/test_digest.rb | ||
|---|---|---|
|
end
|
||
|
def test_digest_constants
|
||
|
algs = %w(MD4 MD5 RIPEMD160 SHA1)
|
||
|
if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000
|
||
|
algs = %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
|
||
|
if !libressl? && !openssl?(1, 1, 0)
|
||
|
algs += %w(DSS1 SHA)
|
||
|
end
|
||
|
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
|
||
|
algs += %w(SHA224 SHA256 SHA384 SHA512)
|
||
|
end
|
||
|
algs.each do |alg|
|
||
|
assert_not_nil(OpenSSL::Digest.new(alg))
|
||
|
klass = OpenSSL::Digest.const_get(alg)
|
||
| ... | ... | |
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA1"))
|
||
|
end
|
||
|
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
|
||
|
def encode16(str)
|
||
|
str.unpack("H*").first
|
||
|
end
|
||
|
def encode16(str)
|
||
|
str.unpack("H*").first
|
||
|
end
|
||
|
def test_098_features
|
||
|
sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
|
||
|
sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
|
||
|
sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
|
||
|
sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
|
||
|
assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
|
||
|
assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
|
||
|
assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
|
||
|
assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
|
||
|
assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
|
||
|
assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
|
||
|
assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
|
||
|
assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
|
||
|
end
|
||
|
def test_sha2
|
||
|
sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
|
||
|
sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
|
||
|
sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
|
||
|
sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
|
||
|
assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
|
||
|
assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
|
||
|
assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
|
||
|
assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
|
||
|
assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
|
||
|
assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
|
||
|
assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
|
||
|
assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
|
||
|
end
|
||
|
def test_digest_by_oid_and_name_sha2
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA224"))
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA256"))
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA384"))
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA512"))
|
||
|
end
|
||
|
def test_digest_by_oid_and_name_sha2
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA224"))
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA256"))
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA384"))
|
||
|
check_digest(OpenSSL::ASN1::ObjectId.new("SHA512"))
|
||
|
end
|
||
|
def test_openssl_digest
|
||
| ... | ... | |
|
d = OpenSSL::Digest.new(oid.oid)
|
||
|
assert_not_nil(d)
|
||
|
end
|
||
|
def libressl?
|
||
|
OpenSSL::OPENSSL_VERSION.include?('LibreSSL')
|
||
|
end
|
||
|
def version_since(verary)
|
||
|
(OpenSSL::OPENSSL_LIBRARY_VERSION.scan(/\d+/).map(&:to_i) <=> verary) != -1
|
||
|
end
|
||
|
end
|
||
|
end
|
||
| test/openssl/test_engine.rb | ||
|---|---|---|
|
# frozen_string_literal: false
|
||
|
require_relative 'utils'
|
||
|
class OpenSSL::TestEngine < OpenSSL::TestCase
|
||
|
if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine)
|
||
|
class OpenSSL::TestEngine < OpenSSL::TestCase
|
||
|
def test_engines_free # [ruby-dev:44173]
|
||
|
with_openssl <<-'end;'
|
||
|
OpenSSL::Engine.load("openssl")
|
||
| ... | ... | |
|
end
|
||
|
def test_openssl_engine_cipher_rc4
|
||
|
with_openssl <<-'end;'
|
||
|
begin
|
||
|
engine = get_engine
|
||
|
algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e)
|
||
|
data = "a" * 1000
|
||
|
key = OpenSSL::Random.random_bytes(16)
|
||
|
# suppress message from openssl Engine's RC4 cipher [ruby-core:41026]
|
||
|
err_back = $stderr.dup
|
||
|
$stderr.reopen(IO::NULL)
|
||
|
encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
|
||
|
decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
|
||
|
assert_equal(data, decrypted)
|
||
|
ensure
|
||
|
if err_back
|
||
|
$stderr.reopen(err_back)
|
||
|
err_back.close
|
||
|
end
|
||
|
end
|
||
|
begin
|
||
|
OpenSSL::Cipher.new("rc4")
|
||
|
rescue OpenSSL::Cipher::CipherError
|
||
|
pend "RC4 is not supported"
|
||
|
end
|
||
|
with_openssl(<<-'end;', ignore_stderr: true)
|
||
|
engine = get_engine
|
||
|
algo = "RC4"
|
||
|
data = "a" * 1000
|
||
|
key = OpenSSL::Random.random_bytes(16)
|
||
|
encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
|
||
|
decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
|
||
|
assert_equal(data, decrypted)
|
||
|
end;
|
||
|
end
|
||
|
private
|
||
|
# this is required because OpenSSL::Engine methods change global state
|
||
|
def with_openssl(code)
|
||
|
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
|
||
|
def with_openssl(code, **opts)
|
||
|
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;", **opts)
|
||
|
require #{__FILE__.dump}
|
||
|
include OpenSSL::TestEngine::Utils
|
||
|
#{code}
|
||
| ... | ... | |
|
cipher.update(data) + cipher.final
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine)
|
||
|
end
|
||
| test/openssl/test_hmac.rb | ||
|---|---|---|
|
# frozen_string_literal: false
|
||
|
require_relative 'utils'
|
||
|
if defined?(OpenSSL::TestUtils)
|
||
|
class OpenSSL::TestHMAC < OpenSSL::TestCase
|
||
|
def test_hmac
|
||
|
# RFC 2202 2. Test Cases for HMAC-MD5
|
||
| ... | ... | |
|
second = h1.update("test").hexdigest
|
||
|
assert_equal first, second
|
||
|
end
|
||
|
end if defined?(OpenSSL::TestUtils)
|
||
|
end
|
||
|
end
|
||
| test/openssl/test_ns_spki.rb | ||
|---|---|---|
|
end
|
||
|
def test_build_data
|
||
|
key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
|
key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
||
|
key1 = Fixtures.pkey("rsa1024")
|
||
|
key2 = Fixtures.pkey("rsa2048")
|
||
|
spki = OpenSSL::Netscape::SPKI.new
|
||
|
spki.challenge = "RandomString"
|
||
|
spki.public_key = key1.public_key
|
||
| test/openssl/test_ocsp.rb | ||
|---|---|---|
|
# @cert2 @ocsp_cert
|
||
|
ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
|
||
|
@ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
|
@ca_key = Fixtures.pkey("rsa1024")
|
||
|
ca_exts = [
|
||
|
["basicConstraints", "CA:TRUE", true],
|
||
|
["keyUsage", "cRLSign,keyCertSign", true],
|
||
| ... | ... | |
|
ca_subj, @ca_key, 1, ca_exts, nil, nil)
|
||
|
cert_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA2")
|
||
|
@cert_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
|
@cert_key = Fixtures.pkey("rsa1024")
|
||
|
cert_exts = [
|
||
|
["basicConstraints", "CA:TRUE", true],
|
||
|
["keyUsage", "cRLSign,keyCertSign", true],
|
||
| ... | ... | |
|
cert_subj, @cert_key, 5, cert_exts, @ca_cert, @ca_key)
|
||
|
cert2_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
|
||
|
@cert2_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
|
@cert2_key = Fixtures.pkey("rsa1024")
|
||
|
cert2_exts = [
|
||
|
]
|
||
|
@cert2 = OpenSSL::TestUtils.issue_cert(
|
||
|
cert2_subj, @cert2_key, 10, cert2_exts, @cert, @cert_key)
|
||
|
ocsp_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCAOCSP")
|
||
|
@ocsp_key = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
||
|
@ocsp_key = Fixtures.pkey("rsa2048")
|
||
|
ocsp_exts = [
|
||
|
["extendedKeyUsage", "OCSPSigning", true],
|
||
|
]
|
||
| ... | ... | |
|
assert_equal true, req.verify([@cert], store, OpenSSL::OCSP::NOINTERN)
|
||
|
ret = req.verify([@cert], store)
|
||
|
if ret || OpenSSL::OPENSSL_VERSION =~ /OpenSSL/ && OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000
|
||
|
if ret || openssl?(1, 0, 2) || libressl?(2, 4, 2)
|
||
|
assert_equal true, ret
|
||
|
else
|
||
|
# RT2560; OCSP_request_verify() does not find signer cert from 'certs' when
|
||
| test/openssl/test_pair.rb | ||
|---|---|---|
|
# frozen_string_literal: false
|
||
|
require_relative 'utils'
|
||
|
require_relative 'ut_eof'
|
||
|
if defined?(OpenSSL::TestUtils)
|
||
|
require 'socket'
|
||
|
require_relative 'ut_eof'
|
||
|
module OpenSSL::SSLPairM
|
||
|
def server
|
||
|
host = "127.0.0.1"
|
||
|
port = 0
|
||
|
ctx = OpenSSL::SSL::SSLContext.new()
|
||
|
ctx.ciphers = "ADH"
|
||
|
ctx.security_level = 0
|
||
|
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
|
||
|
tcps = create_tcp_server(host, port)
|
||
|
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
|
||
|
return ssls
|
||
|
def setup
|
||
|
svr_dn = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
|
||
|
ee_exts = [
|
||
|
["keyUsage", "keyEncipherment,digitalSignature", true],
|
||
|
]
|
||
|
@svr_key = OpenSSL::TestUtils::Fixtures.pkey("rsa1024")
|
||
|
@svr_cert = issue_cert(svr_dn, @svr_key, 1, ee_exts, nil, nil)
|
||
|
end
|
||
|
def client(port)
|
||
|
def ssl_pair
|
||
|
host = "127.0.0.1"
|
||
|
ctx = OpenSSL::SSL::SSLContext.new()
|
||
|
ctx.ciphers = "ADH"
|
||
|
ctx.security_level = 0
|
||
|
s = create_tcp_client(host, port)
|
||
|
ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
|
||
|
ssl.connect
|
||
|
ssl.sync_close = true
|
||
|
ssl
|
||
|
end
|
||
|
tcps = create_tcp_server(host, 0)
|
||
|
port = tcps.connect_address.ip_port
|
||
|
def ssl_pair
|
||
|
ssls = server
|
||
|
th = Thread.new {
|
||
|
sctx = OpenSSL::SSL::SSLContext.new
|
||
|
sctx.cert = @svr_cert
|
||
|
sctx.key = @svr_key
|
||
|
sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
|
||
|
sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
|
||
|
ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx)
|
||
|
ns = ssls.accept
|
||
|
ssls.close
|
||
|
ns
|
||
|
}
|
||
|
port = ssls.to_io.local_address.ip_port
|
||
|
c = client(port)
|
||
|
tcpc = create_tcp_client(host, port)
|
||
|
c = OpenSSL::SSL::SSLSocket.new(tcpc)
|
||
|
c.connect
|
||
|
s = th.value
|
||
|
if block_given?
|
||
|
begin
|
||
|
yield c, s
|
||
|
ensure
|
||
|
c.close unless c.closed?
|
||
|
s.close unless s.closed?
|
||
|
end
|
||
|
else
|
||
|
return c, s
|
||
|
end
|
||
|
yield c, s
|
||
|
ensure
|
||
|
if th&.alive?
|
||
|
th.kill
|
||
|
th.join
|
||
|
end
|
||
|
tcpc&.close
|
||
|
tcps&.close
|
||
|
s&.close
|
||
|
end
|
||
|
end
|
||
| ... | ... | |
|
module OpenSSL::TestEOF1M
|
||
|
def open_file(content)
|
||
|
s1, s2 = ssl_pair
|
||
|
th = Thread.new { s2 << content; s2.close }
|
||
|
yield s1
|
||
|
ensure
|
||
|
th.join if th
|
||
|
s1.close
|
||
|
ssl_pair { |s1, s2|
|
||
|
begin
|
||
|
th = Thread.new { s2 << content; s2.close }
|
||
|
yield s1
|
||
|
ensure
|
||
|
th&.join
|
||
|
end
|
||
|
}
|
||
|
end
|
||
|
end
|
||
|
module OpenSSL::TestEOF2M
|
||
|
def open_file(content)
|
||
|
s1, s2 = ssl_pair
|
||
|
th = Thread.new { s1 << content; s1.close }
|
||
|
yield s2
|
||
|
ensure
|
||
|
th.join if th
|
||
|
s2.close
|
||
|
ssl_pair { |s1, s2|
|
||
|
begin
|
||
|
th = Thread.new { s1 << content; s1.close }
|
||
|
yield s2
|
||
|
ensure
|
||
|
th&.join
|
||
|
end
|
||
|
}
|
||
|
end
|
||
|
end
|
||
| ... | ... | |
|
}
|
||
|
end
|
||
|
def test_multibyte_read_write
|
||
|
# German a umlaut
|
||
|
auml = [%w{ C3 A4 }.join('')].pack('H*')
|
||
|
auml.force_encoding(Encoding::UTF_8)
|
||
|
bsize = auml.bytesize
|
||
|
ssl_pair { |s1, s2|
|
||
|
assert_equal bsize, s1.write(auml)
|
||
|
read = s2.read(bsize)
|
||
|
assert_equal Encoding::ASCII_8BIT, read.encoding
|
||
|
assert_equal bsize, read.bytesize
|
||
|
assert_equal auml, read.force_encoding(Encoding::UTF_8)
|
||
|
s1.puts(auml)
|
||
|
read = s2.gets
|
||
|
assert_equal Encoding::ASCII_8BIT, read.encoding
|
||
|
assert_equal bsize + 1, read.bytesize
|
||
|
assert_equal auml + "\n", read.force_encoding(Encoding::UTF_8)
|
||
|
}
|
||
|
end
|
||
|
def test_read_nonblock
|
||
|
ssl_pair {|s1, s2|
|
||
|
err = nil
|
||
| ... | ... | |
|
assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10) }
|
||
|
assert_equal("def\n", ret)
|
||
|
s1.close
|
||
|
sleep 0.1
|
||
|
IO.select([s2])
|
||
|
assert_raise(EOFError) { s2.read_nonblock(10) }
|
||
|
}
|
||
|
end
|
||
| ... | ... | |
|
assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10, exception: false) }
|
||
|
assert_equal("def\n", ret)
|
||
|
s1.close
|
||
|
sleep 0.1
|
||
|
IO.select([s2])
|
||
|
assert_equal(nil, s2.read_nonblock(10, exception: false))
|
||
|
}
|
||
|
end
|
||
|
def write_nonblock(socket, meth, str)
|
||
|
ret = socket.send(meth, str)
|
||
|
ret.is_a?(Symbol) ? 0 : ret
|
||
|
end
|
||
|
def test_read_with_outbuf
|
||
|
ssl_pair { |s1, s2|
|
||
|
s1.write("abc\n")
|
||
|
buf = ""
|
||
|
ret = s2.read(2, buf)
|
||
|
assert_same ret, buf
|
||
|
assert_equal "ab", ret
|
||
|
buf = "garbage"
|
||
|
ret = s2.read(2, buf)
|
||
|
assert_same ret, buf
|
||
|
assert_equal "c\n", ret
|
||
|
buf = "garbage"
|
||
|
assert_equal :wait_readable, s2.read_nonblock(100, buf, exception: false)
|
||
|
assert_equal "", buf
|
||
|
def write_nonblock_no_ex(socket, str)
|
||
|
ret = socket.write_nonblock str, exception: false
|
||
|
ret.is_a?(Symbol) ? 0 : ret
|
||
|
s1.close
|
||
|
buf = "garbage"
|
||
|
assert_equal nil, s2.read(100, buf)
|
||
|
assert_equal "", buf
|
||
|
}
|
||
|
end
|
||
|
def test_write_nonblock
|
||
|
ssl_pair {|s1, s2|
|
||
|
n = 0
|
||
|
begin
|
||
|
n += write_nonblock s1, :write_nonblock, "a" * 100000
|
||
|
n += write_nonblock s1, :write_nonblock, "b" * 100000
|
||
|
n += write_nonblock s1, :write_nonblock, "c" * 100000
|
||
|
n += write_nonblock s1, :write_nonblock, "d" * 100000
|
||
|
n += write_nonblock s1, :write_nonblock, "e" * 100000
|
||
|
n += write_nonblock s1, :write_nonblock, "f" * 100000
|
||
|
rescue IO::WaitWritable
|
||
|
assert_equal 3, s1.write_nonblock("foo")
|
||
|
assert_equal "foo", s2.read(3)
|
||
|
data = "x" * 16384
|
||
|
written = 0
|
||
|
while true
|
||
|
begin
|
||
|
written += s1.write_nonblock(data)
|
||
|
rescue IO::WaitWritable, IO::WaitReadable
|
||
|
break
|
||
|
end
|
||
|
end
|
||
|
s1.close
|
||
|
assert_equal(n, s2.read.length)
|
||
|
assert written > 0
|
||
|
assert_equal written, s2.read(written).bytesize
|
||
|
}
|
||
|
end
|
||
|
def test_write_nonblock_no_exceptions
|
||
|
ssl_pair {|s1, s2|
|
||
|
n = 0
|
||
|
n += write_nonblock_no_ex s1, "a" * 100000
|
||
|
n += write_nonblock_no_ex s1, "b" * 100000
|
||
|
n += write_nonblock_no_ex s1, "c" * 100000
|
||
|
n += write_nonblock_no_ex s1, "d" * 100000
|
||
|
n += write_nonblock_no_ex s1, "e" * 100000
|
||
|
n += write_nonblock_no_ex s1, "f" * 100000
|
||
|
s1.close
|
||
|
assert_equal(n, s2.read.length)
|
||
|
assert_equal 3, s1.write_nonblock("foo", exception: false)
|
||
|
assert_equal "foo", s2.read(3)
|
||
|
data = "x" * 16384
|
||
|
written = 0
|
||
|
while true
|
||
|
case ret = s1.write_nonblock(data, exception: false)
|
||
|
when :wait_readable, :wait_writable
|
||
|
break
|
||
|
else
|
||
|
written += ret
|
||
|
end
|
||
|
end
|
||
|
assert written > 0
|
||
|
assert_equal written, s2.read(written).bytesize
|
||
|
}
|
||
|
end
|
||
| ... | ... | |
|
def test_connect_accept_nonblock_no_exception
|
||
|
ctx2 = OpenSSL::SSL::SSLContext.new
|
||
|
ctx2.ciphers = "ADH"
|
||
|
ctx2.security_level = 0
|
||
|
ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
|
||
|
ctx2.cert = @svr_cert
|
||
|
ctx2.key = @svr_key
|
||
|
ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
|
||
|
sock1, sock2 = tcp_pair
|
||
| ... | ... | |
|
assert_equal :wait_readable, accepted
|
||
|
ctx1 = OpenSSL::SSL::SSLContext.new
|
||
|
ctx1.ciphers = "ADH"
|
||
|
ctx1.security_level = 0
|
||
|
s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
|
||
|
th = Thread.new do
|
||
|
rets = []
|
||
| ... | ... | |
|
def test_connect_accept_nonblock
|
||
|
ctx = OpenSSL::SSL::SSLContext.new()
|
||
|
ctx.ciphers = "ADH"
|
||
|
ctx.security_level = 0
|
||
|
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
|
||
|
ctx.cert = @svr_cert
|
||
|
ctx.key = @svr_key
|
||
|
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
|
||
|
sock1, sock2 = tcp_pair
|
||
| ... | ... | |
|
sleep 0.1
|
||
|
ctx = OpenSSL::SSL::SSLContext.new()
|
||
|
ctx.ciphers = "ADH"
|
||
|
ctx.security_level = 0
|
||
|
s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx)
|
||
|
begin
|
||
|
sleep 0.2
|
||
| test/openssl/test_pkcs12.rb | ||
|---|---|---|
|
module OpenSSL
|
||
|
class TestPKCS12 < OpenSSL::TestCase
|
||
|
include OpenSSL::TestUtils
|
||
|
def setup
|
||
|
super
|
||
|
ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
|
||
| ... | ... | |
|
["subjectKeyIdentifier","hash",false],
|
||
|
["authorityKeyIdentifier","keyid:always",false],
|
||
|
]
|
||
|
@cacert = issue_cert(ca, TEST_KEY_RSA2048, 1, ca_exts, nil, nil)
|
||
|
@cacert = issue_cert(ca, Fixtures.pkey("rsa2048"), 1, ca_exts, nil, nil)
|
||
|
inter_ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Intermediate CA")
|
||
|
inter_ca_key = OpenSSL::PKey.read <<-_EOS_
|
||
| ... | ... | |
|
Li8JsX5yIiuVYaBg/6ha3tOg4TCa5K/3r3tVliRZ2Es=
|
||
|
-----END RSA PRIVATE KEY-----
|
||
|
_EOS_
|
||
|
@inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, ca_exts, @cacert, TEST_KEY_RSA2048)
|
||
|
@inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, ca_exts, @cacert, Fixtures.pkey("rsa2048"))
|
||
|
exts = [
|
||
|
["keyUsage","digitalSignature",true],
|
||
|
["subjectKeyIdentifier","hash",false],
|
||
|
]
|
||
|
ee = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby PKCS12 Test Certificate")
|
||
|
@mycert = issue_cert(ee, TEST_KEY_RSA1024, 3, exts, @inter_cacert, inter_ca_key)
|
||
|
@mykey = Fixtures.pkey("rsa1024")
|
||
|
@mycert = issue_cert(ee, @mykey, 3, exts, @inter_cacert, inter_ca_key)
|
||
|
end
|
||
|
def test_create
|
||
|
pkcs12 = OpenSSL::PKCS12.create(
|
||
|
"omg",
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert
|
||
|
)
|
||
|
assert_equal @mycert, pkcs12.certificate
|
||
|
assert_equal TEST_KEY_RSA1024, pkcs12.key
|
||
|
assert_equal @mycert.to_der, pkcs12.certificate.to_der
|
||
|
assert_equal @mykey.to_der, pkcs12.key.to_der
|
||
|
assert_nil pkcs12.ca_certs
|
||
|
end
|
||
| ... | ... | |
|
pkcs12 = OpenSSL::PKCS12.create(
|
||
|
nil,
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert
|
||
|
)
|
||
|
assert_equal @mycert, pkcs12.certificate
|
||
|
assert_equal TEST_KEY_RSA1024, pkcs12.key
|
||
|
assert_equal @mycert.to_der, pkcs12.certificate.to_der
|
||
|
assert_equal @mykey.to_der, pkcs12.key.to_der
|
||
|
assert_nil pkcs12.ca_certs
|
||
|
decoded = OpenSSL::PKCS12.new(pkcs12.to_der)
|
||
| ... | ... | |
|
pkcs12 = OpenSSL::PKCS12.create(
|
||
|
"omg",
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert,
|
||
|
chain
|
||
|
)
|
||
| ... | ... | |
|
pkcs12 = OpenSSL::PKCS12.create(
|
||
|
passwd,
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert,
|
||
|
chain
|
||
|
)
|
||
| ... | ... | |
|
assert_include_cert @cacert, decoded.ca_certs
|
||
|
assert_include_cert @inter_cacert, decoded.ca_certs
|
||
|
assert_cert @mycert, decoded.certificate
|
||
|
assert_equal TEST_KEY_RSA1024.to_der, decoded.key.to_der
|
||
|
assert_equal @mykey.to_der, decoded.key.to_der
|
||
|
end
|
||
|
def test_create_with_bad_nid
|
||
| ... | ... | |
|
OpenSSL::PKCS12.create(
|
||
|
"omg",
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert,
|
||
|
[],
|
||
|
"foo"
|
||
| ... | ... | |
|
OpenSSL::PKCS12.create(
|
||
|
"omg",
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert,
|
||
|
[],
|
||
|
nil,
|
||
| ... | ... | |
|
OpenSSL::PKCS12.create(
|
||
|
"omg",
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert,
|
||
|
[],
|
||
|
nil,
|
||
| ... | ... | |
|
OpenSSL::PKCS12.create(
|
||
|
"omg",
|
||
|
"hello",
|
||
|
TEST_KEY_RSA1024,
|
||
|
@mykey,
|
||
|
@mycert,
|
||
|
[],
|
||
|
nil,
|
||
| ... | ... | |
|
OpenSSL::PKCS12.create(
|
||
|
"omg",
|
||
|
"hello",
|
||