Bug #13935 » 0001-openssl-import-v2.0.7.patch
ext/openssl/History.md | ||
---|---|---|
Version 2.0.7
|
||
=============
|
||
Bug fixes
|
||
---------
|
||
* OpenSSL::Cipher#auth_data= could segfault if called against a non-AEAD cipher.
|
||
[[Bug #14024]](https://bugs.ruby-lang.org/issues/14024)
|
||
* OpenSSL::X509::Certificate#public_key= (and similar methods) could segfault
|
||
when an instance of OpenSSL::PKey::PKey with no public key components is
|
||
passed.
|
||
[[Bug #14087]](https://bugs.ruby-lang.org/issues/14087)
|
||
[[GitHub #168]](https://github.com/ruby/openssl/pull/168)
|
||
Version 2.0.6
|
||
=============
|
||
Bug fixes
|
||
---------
|
||
* The session_remove_cb set to an OpenSSL::SSL::SSLContext is no longer called
|
||
during GC.
|
||
* A possible deadlock in OpenSSL::SSL::SSLSocket#sysread is fixed.
|
||
[[GitHub #139]](https://github.com/ruby/openssl/pull/139)
|
||
* OpenSSL::BN#hash could return an unnormalized fixnum value on Windows.
|
||
[[Bug #13877]](https://bugs.ruby-lang.org/issues/13877)
|
||
* OpenSSL::SSL::SSLSocket#sysread and #sysread_nonblock set the length of the
|
||
destination buffer String to 0 on error.
|
||
[[GitHub #153]](https://github.com/ruby/openssl/pull/153)
|
||
* Possible deadlock is fixed. This happened only when built with older versions
|
||
of OpenSSL (before 1.1.0) or LibreSSL.
|
||
[[GitHub #155]](https://github.com/ruby/openssl/pull/155)
|
||
Version 2.0.5
|
||
=============
|
||
... | ... | |
- A new option 'verify_hostname' is added to OpenSSL::SSL::SSLContext. When it
|
||
is enabled, and the SNI hostname is also set, the hostname verification on
|
||
the server certificate is automatically performed. It is now enabled by
|
||
OpenSSL::SSL::Context#set_params.
|
||
OpenSSL::SSL::SSLContext#set_params.
|
||
[[GH ruby/openssl#60]](https://github.com/ruby/openssl/pull/60)
|
||
Removals
|
ext/openssl/lib/openssl/buffering.rb | ||
---|---|---|
# when the peer requests a new TLS/SSL handshake. See openssl the FAQ for
|
||
# more details. http://www.openssl.org/support/faq.html
|
||
#
|
||
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
# By specifying `exception: false`, the options hash allows you to indicate
|
||
# that read_nonblock should not raise an IO::Wait*able exception, but
|
||
# return the symbol +:wait_writable+ or +:wait_readable+ instead. At EOF,
|
||
# it will return +nil+ instead of raising EOFError.
|
||
# return the symbol :wait_writable or :wait_readable instead.
|
||
def read_nonblock(maxlen, buf=nil, exception: true)
|
||
if maxlen == 0
|
||
... | ... | |
# is when the peer requests a new TLS/SSL handshake. See the openssl FAQ
|
||
# for more details. http://www.openssl.org/support/faq.html
|
||
#
|
||
# By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
# By specifying `exception: false`, the options hash allows you to indicate
|
||
# that write_nonblock should not raise an IO::Wait*able exception, but
|
||
# return the symbol +:wait_writable+ or +:wait_readable+ instead.
|
||
# return the symbol :wait_writable or :wait_readable instead.
|
||
def write_nonblock(s, exception: true)
|
||
flush
|
ext/openssl/openssl.gemspec | ||
---|---|---|
# -*- encoding: utf-8 -*-
|
||
# stub: openssl 2.0.5 ruby lib
|
||
# stub: openssl 2.0.7 ruby lib
|
||
# stub: ext/openssl/extconf.rb
|
||
Gem::Specification.new do |s|
|
||
s.name = "openssl".freeze
|
||
s.version = "2.0.5"
|
||
s.version = "2.0.7"
|
||
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
||
s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata=
|
||
s.require_paths = ["lib".freeze]
|
||
s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
|
||
s.date = "2017-08-08"
|
||
s.date = "2017-12-14"
|
||
s.description = "It wraps the OpenSSL library.".freeze
|
||
s.email = ["ruby-core@ruby-lang.org".freeze]
|
||
s.extensions = ["ext/openssl/extconf.rb".freeze]
|
||
... | ... | |
s.licenses = ["Ruby".freeze]
|
||
s.rdoc_options = ["--main".freeze, "README.md".freeze]
|
||
s.required_ruby_version = Gem::Requirement.new(">= 2.3.0".freeze)
|
||
s.rubygems_version = "2.6.12".freeze
|
||
s.rubygems_version = "2.7.3".freeze
|
||
s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography.".freeze
|
||
if s.respond_to? :specification_version then
|
ext/openssl/ossl.c | ||
---|---|---|
#endif
|
||
}
|
||
#if defined(OSSL_DEBUG)
|
||
#if !defined(LIBRESSL_VERSION_NUMBER) && \
|
||
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_NO_CRYPTO_MDEBUG) || \
|
||
defined(CRYPTO_malloc_debug_init))
|
||
/*
|
||
* call-seq:
|
||
* OpenSSL.mem_check_start -> nil
|
||
*
|
||
* Calls CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON). Starts tracking memory
|
||
* allocations. See also OpenSSL.print_mem_leaks.
|
||
*
|
||
* This is available only when built with a capable OpenSSL and --enable-debug
|
||
* configure option.
|
||
*/
|
||
static VALUE
|
||
mem_check_start(VALUE self)
|
||
{
|
||
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
|
||
return Qnil;
|
||
}
|
||
/*
|
||
* call-seq:
|
||
* OpenSSL.print_mem_leaks -> true | false
|
||
*
|
||
* For debugging the Ruby/OpenSSL library. Calls CRYPTO_mem_leaks_fp(stderr).
|
||
* Prints detected memory leaks to standard error. This cleans the global state
|
||
* up thus you cannot use any methods of the library after calling this.
|
||
*
|
||
* Returns true if leaks detected, false otherwise.
|
||
*
|
||
* This is available only when built with a capable OpenSSL and --enable-debug
|
||
* configure option.
|
||
*
|
||
* === Example
|
||
* OpenSSL.mem_check_start
|
||
* NOT_GCED = OpenSSL::PKey::RSA.new(256)
|
||
*
|
||
* END {
|
||
* GC.start
|
||
* OpenSSL.print_mem_leaks # will print the leakage
|
||
* }
|
||
*/
|
||
static VALUE
|
||
print_mem_leaks(VALUE self)
|
||
{
|
||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||
int ret;
|
||
#endif
|
||
BN_CTX_free(ossl_bn_ctx);
|
||
ossl_bn_ctx = NULL;
|
||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||
ret = CRYPTO_mem_leaks_fp(stderr);
|
||
if (ret < 0)
|
||
ossl_raise(eOSSLError, "CRYPTO_mem_leaks_fp");
|
||
return ret ? Qfalse : Qtrue;
|
||
#else
|
||
CRYPTO_mem_leaks_fp(stderr);
|
||
return Qnil;
|
||
#endif
|
||
}
|
||
#endif
|
||
#endif
|
||
#if !defined(HAVE_OPENSSL_110_THREADING_API)
|
||
/**
|
||
* Stores locks needed for OpenSSL thread safety
|
||
*/
|
||
static rb_nativethread_lock_t *ossl_locks;
|
||
struct CRYPTO_dynlock_value {
|
||
rb_nativethread_lock_t lock;
|
||
rb_nativethread_id_t owner;
|
||
size_t count;
|
||
};
|
||
static void
|
||
ossl_lock_unlock(int mode, rb_nativethread_lock_t *lock)
|
||
ossl_lock_init(struct CRYPTO_dynlock_value *l)
|
||
{
|
||
if (mode & CRYPTO_LOCK) {
|
||
rb_nativethread_lock_lock(lock);
|
||
} else {
|
||
rb_nativethread_lock_unlock(lock);
|
||
}
|
||
rb_nativethread_lock_initialize(&l->lock);
|
||
l->count = 0;
|
||
}
|
||
static void
|
||
ossl_lock_callback(int mode, int type, const char *file, int line)
|
||
ossl_lock_unlock(int mode, struct CRYPTO_dynlock_value *l)
|
||
{
|
||
ossl_lock_unlock(mode, &ossl_locks[type]);
|
||
if (mode & CRYPTO_LOCK) {
|
||
/* TODO: rb_nativethread_id_t is not necessarily compared with ==. */
|
||
rb_nativethread_id_t tid = rb_nativethread_self();
|
||
if (l->count && l->owner == tid) {
|
||
l->count++;
|
||
return;
|
||
}
|
||
rb_nativethread_lock_lock(&l->lock);
|
||
l->owner = tid;
|
||
l->count = 1;
|
||
} else {
|
||
if (!--l->count)
|
||
rb_nativethread_lock_unlock(&l->lock);
|
||
}
|
||
}
|
||
struct CRYPTO_dynlock_value {
|
||
rb_nativethread_lock_t lock;
|
||
};
|
||
static struct CRYPTO_dynlock_value *
|
||
ossl_dyn_create_callback(const char *file, int line)
|
||
{
|
||
struct CRYPTO_dynlock_value *dynlock = (struct CRYPTO_dynlock_value *)OPENSSL_malloc((int)sizeof(struct CRYPTO_dynlock_value));
|
||
rb_nativethread_lock_initialize(&dynlock->lock);
|
||
/* Do not use xmalloc() here, since it may raise NoMemoryError */
|
||
struct CRYPTO_dynlock_value *dynlock =
|
||
OPENSSL_malloc(sizeof(struct CRYPTO_dynlock_value));
|
||
if (dynlock)
|
||
ossl_lock_init(dynlock);
|
||
return dynlock;
|
||
}
|
||
static void
|
||
ossl_dyn_lock_callback(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)
|
||
{
|
||
ossl_lock_unlock(mode, &l->lock);
|
||
ossl_lock_unlock(mode, l);
|
||
}
|
||
static void
|
||
... | ... | |
}
|
||
#endif
|
||
static struct CRYPTO_dynlock_value *ossl_locks;
|
||
static void
|
||
ossl_lock_callback(int mode, int type, const char *file, int line)
|
||
{
|
||
ossl_lock_unlock(mode, &ossl_locks[type]);
|
||
}
|
||
static void Init_ossl_locks(void)
|
||
{
|
||
int i;
|
||
int num_locks = CRYPTO_num_locks();
|
||
if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) {
|
||
rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks);
|
||
}
|
||
ossl_locks = (rb_nativethread_lock_t *) OPENSSL_malloc(num_locks * (int)sizeof(rb_nativethread_lock_t));
|
||
if (!ossl_locks) {
|
||
rb_raise(rb_eNoMemError, "CRYPTO_num_locks() is too big: %d", num_locks);
|
||
}
|
||
for (i = 0; i < num_locks; i++) {
|
||
rb_nativethread_lock_initialize(&ossl_locks[i]);
|
||
}
|
||
ossl_locks = ALLOC_N(struct CRYPTO_dynlock_value, num_locks);
|
||
for (i = 0; i < num_locks; i++)
|
||
ossl_lock_init(&ossl_locks[i]);
|
||
#ifdef HAVE_CRYPTO_THREADID_PTR
|
||
CRYPTO_THREADID_set_callback(ossl_threadid_func);
|
||
... | ... | |
Init_ossl_ocsp();
|
||
Init_ossl_engine();
|
||
Init_ossl_asn1();
|
||
}
|
||
#if defined(OSSL_DEBUG)
|
||
/*
|
||
* Check if all symbols are OK with 'make LDSHARED=gcc all'
|
||
*/
|
||
int
|
||
main(int argc, char *argv[])
|
||
{
|
||
return 0;
|
||
/*
|
||
* For debugging Ruby/OpenSSL. Enable only when built with --enable-debug
|
||
*/
|
||
#if !defined(LIBRESSL_VERSION_NUMBER) && \
|
||
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_NO_CRYPTO_MDEBUG) || \
|
||
defined(CRYPTO_malloc_debug_init))
|
||
rb_define_module_function(mOSSL, "mem_check_start", mem_check_start, 0);
|
||
rb_define_module_function(mOSSL, "print_mem_leaks", print_mem_leaks, 0);
|
||
#if defined(CRYPTO_malloc_debug_init) /* <= 1.0.2 */
|
||
CRYPTO_malloc_debug_init();
|
||
#endif
|
||
#if defined(V_CRYPTO_MDEBUG_ALL) /* <= 1.0.2 */
|
||
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
|
||
#endif
|
||
#if OPENSSL_VERSION_NUMBER < 0x10100000 /* <= 1.0.2 */
|
||
{
|
||
int i;
|
||
/*
|
||
* See crypto/ex_data.c; call def_get_class() immediately to avoid
|
||
* allocations. 15 is the maximum number that is used as the class index
|
||
* in OpenSSL 1.0.2.
|
||
*/
|
||
for (i = 0; i <= 15; i++) {
|
||
if (CRYPTO_get_ex_new_index(i, 0, (void *)"ossl-mdebug-dummy", 0, 0, 0) < 0)
|
||
rb_raise(rb_eRuntimeError, "CRYPTO_get_ex_new_index for "
|
||
"class index %d failed", i);
|
||
}
|
||
}
|
||
#endif
|
||
#endif
|
||
#endif
|
||
}
|
||
#endif /* OSSL_DEBUG */
|
ext/openssl/ossl_asn1.c | ||
---|---|---|
* == Primitive sub-classes and their mapping to Ruby classes
|
||
* * OpenSSL::ASN1::EndOfContent <=> +value+ is always +nil+
|
||
* * OpenSSL::ASN1::Boolean <=> +value+ is a +Boolean+
|
||
* * OpenSSL::ASN1::Integer <=> +value+ is a +Number+
|
||
* * OpenSSL::ASN1::Integer <=> +value+ is an OpenSSL::BN
|
||
* * OpenSSL::ASN1::BitString <=> +value+ is a +String+
|
||
* * OpenSSL::ASN1::OctetString <=> +value+ is a +String+
|
||
* * OpenSSL::ASN1::Null <=> +value+ is always +nil+
|
||
* * OpenSSL::ASN1::Object <=> +value+ is a +String+
|
||
* * OpenSSL::ASN1::Enumerated <=> +value+ is a +Number+
|
||
* * OpenSSL::ASN1::Enumerated <=> +value+ is an OpenSSL::BN
|
||
* * OpenSSL::ASN1::UTF8String <=> +value+ is a +String+
|
||
* * OpenSSL::ASN1::NumericString <=> +value+ is a +String+
|
||
* * OpenSSL::ASN1::PrintableString <=> +value+ is a +String+
|
ext/openssl/ossl_cipher.c | ||
---|---|---|
in_len = RSTRING_LEN(data);
|
||
GetCipher(self, ctx);
|
||
if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
||
ossl_raise(eCipherError, "AEAD not supported by this cipher");
|
||
if (!ossl_cipher_update_long(ctx, NULL, &out_len, in, in_len))
|
||
ossl_raise(eCipherError, "couldn't set additional authenticated data");
|
||
... | ... | |
* call-seq:
|
||
* cipher.auth_tag = string -> string
|
||
*
|
||
* Sets the authentication tag to verify the contents of the
|
||
* ciphertext. The tag must be set after calling Cipher#decrypt,
|
||
* Cipher#key= and Cipher#iv=, but before assigning the associated
|
||
* authenticated data using Cipher#auth_data= and of course, before
|
||
* decrypting any of the ciphertext. After all decryption is
|
||
* performed, the tag is verified automatically in the call to
|
||
* Cipher#final.
|
||
* Sets the authentication tag to verify the integrity of the ciphertext.
|
||
* This can be called only when the cipher supports AE. The tag must be set
|
||
* after calling Cipher#decrypt, Cipher#key= and Cipher#iv=, but before
|
||
* calling Cipher#final. After all decryption is performed, the tag is
|
||
* verified automatically in the call to Cipher#final.
|
||
*
|
||
* For OCB mode, the tag length must be supplied with #auth_tag_len=
|
||
* beforehand.
|
ext/openssl/ossl_ns_spki.c | ||
---|---|---|
ossl_spki_set_public_key(VALUE self, VALUE key)
|
||
{
|
||
NETSCAPE_SPKI *spki;
|
||
EVP_PKEY *pkey;
|
||
GetSPKI(self, spki);
|
||
if (!NETSCAPE_SPKI_set_pubkey(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */
|
||
ossl_raise(eSPKIError, NULL);
|
||
}
|
||
pkey = GetPKeyPtr(key);
|
||
ossl_pkey_check_public_key(pkey);
|
||
if (!NETSCAPE_SPKI_set_pubkey(spki, pkey))
|
||
ossl_raise(eSPKIError, "NETSCAPE_SPKI_set_pubkey");
|
||
return key;
|
||
}
|
||
... | ... | |
ossl_spki_verify(VALUE self, VALUE key)
|
||
{
|
||
NETSCAPE_SPKI *spki;
|
||
EVP_PKEY *pkey;
|
||
GetSPKI(self, spki);
|
||
switch (NETSCAPE_SPKI_verify(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */
|
||
case 0:
|
||
pkey = GetPKeyPtr(key);
|
||
ossl_pkey_check_public_key(pkey);
|
||
switch (NETSCAPE_SPKI_verify(spki, pkey)) {
|
||
case 0:
|
||
ossl_clear_error();
|
||
return Qfalse;
|
||
case 1:
|
||
case 1:
|
||
return Qtrue;
|
||
default:
|
||
ossl_raise(eSPKIError, NULL);
|
||
default:
|
||
ossl_raise(eSPKIError, "NETSCAPE_SPKI_verify");
|
||
}
|
||
return Qnil; /* dummy */
|
||
}
|
||
/* Document-class: OpenSSL::Netscape::SPKI
|
ext/openssl/ossl_pkey.c | ||
---|---|---|
return ossl_pkey_new(pkey);
|
||
}
|
||
static void
|
||
pkey_check_public_key(EVP_PKEY *pkey)
|
||
void
|
||
ossl_pkey_check_public_key(const EVP_PKEY *pkey)
|
||
{
|
||
void *ptr;
|
||
const BIGNUM *n, *e, *pubkey;
|
||
... | ... | |
if (EVP_PKEY_missing_parameters(pkey))
|
||
ossl_raise(ePKeyError, "parameters missing");
|
||
ptr = EVP_PKEY_get0(pkey);
|
||
/* OpenSSL < 1.1.0 takes non-const pointer */
|
||
ptr = EVP_PKEY_get0((EVP_PKEY *)pkey);
|
||
switch (EVP_PKEY_base_id(pkey)) {
|
||
case EVP_PKEY_RSA:
|
||
RSA_get0_key(ptr, &n, &e, NULL);
|
||
... | ... | |
int siglen, result;
|
||
GetPKey(self, pkey);
|
||
pkey_check_public_key(pkey);
|
||
ossl_pkey_check_public_key(pkey);
|
||
md = GetDigestPtr(digest);
|
||
StringValue(sig);
|
||
siglen = RSTRING_LENINT(sig);
|
ext/openssl/ossl_pkey.h | ||
---|---|---|
void ossl_generate_cb_stop(void *ptr);
|
||
VALUE ossl_pkey_new(EVP_PKEY *);
|
||
void ossl_pkey_check_public_key(const EVP_PKEY *);
|
||
EVP_PKEY *GetPKeyPtr(VALUE);
|
||
EVP_PKEY *DupPKeyPtr(VALUE);
|
||
EVP_PKEY *GetPrivPKeyPtr(VALUE);
|
ext/openssl/ossl_ssl.c | ||
---|---|---|
void *ptr;
|
||
int state = 0;
|
||
/*
|
||
* This callback is also called for all sessions in the internal store
|
||
* when SSL_CTX_free() is called.
|
||
*/
|
||
if (rb_during_gc())
|
||
return;
|
||
OSSL_Debug("SSL SESSION remove callback entered");
|
||
if ((ptr = SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_ptr_idx)) == NULL)
|
||
... | ... | |
int i, num;
|
||
GetSSLCTX(self, ctx);
|
||
if(!ctx){
|
||
rb_warning("SSL_CTX is not initialized.");
|
||
return Qnil;
|
||
}
|
||
ciphers = SSL_CTX_get_ciphers(ctx);
|
||
if (!ciphers)
|
||
return rb_ary_new();
|
||
... | ... | |
}
|
||
GetSSLCTX(self, ctx);
|
||
if(!ctx){
|
||
ossl_raise(eSSLError, "SSL_CTX is not initialized.");
|
||
return Qnil;
|
||
}
|
||
if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) {
|
||
ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
|
||
}
|
||
... | ... | |
* retry
|
||
* end
|
||
*
|
||
* By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
* By specifying `exception: false`, the options hash allows you to indicate
|
||
* that connect_nonblock should not raise an IO::WaitReadable or
|
||
* IO::WaitWritable exception, but return the symbol +:wait_readable+ or
|
||
* +:wait_writable+ instead.
|
||
* IO::WaitWritable exception, but return the symbol :wait_readable or
|
||
* :wait_writable instead.
|
||
*/
|
||
static VALUE
|
||
ossl_ssl_connect_nonblock(int argc, VALUE *argv, VALUE self)
|
||
... | ... | |
* retry
|
||
* end
|
||
*
|
||
* By specifying a keyword argument _exception_ to +false+, you can indicate
|
||
* By specifying `exception: false`, the options hash allows you to indicate
|
||
* that accept_nonblock should not raise an IO::WaitReadable or
|
||
* IO::WaitWritable exception, but return the symbol +:wait_readable+ or
|
||
* +:wait_writable+ instead.
|
||
* IO::WaitWritable exception, but return the symbol :wait_readable or
|
||
* :wait_writable instead.
|
||
*/
|
||
static VALUE
|
||
ossl_ssl_accept_nonblock(int argc, VALUE *argv, VALUE self)
|
||
... | ... | |
}
|
||
ilen = NUM2INT(len);
|
||
if(NIL_P(str)) str = rb_str_new(0, ilen);
|
||
else{
|
||
StringValue(str);
|
||
rb_str_modify(str);
|
||
rb_str_resize(str, ilen);
|
||
if (NIL_P(str))
|
||
str = rb_str_new(0, ilen);
|
||
else {
|
||
StringValue(str);
|
||
if (RSTRING_LEN(str) >= ilen)
|
||
rb_str_modify(str);
|
||
else
|
||
rb_str_modify_expand(str, ilen - RSTRING_LEN(str));
|
||
}
|
||
if(ilen == 0) return str;
|
||
OBJ_TAINT(str);
|
||
rb_str_set_len(str, 0);
|
||
if (ilen == 0)
|
||
return str;
|
||
GetSSL(self, ssl);
|
||
io = rb_attr_get(self, id_i_io);
|
||
GetOpenFile(io, fptr);
|
||
if (ssl_started(ssl)) {
|
||
if(!nonblock && SSL_pending(ssl) <= 0)
|
||
rb_thread_wait_fd(FPTR_TO_FD(fptr));
|
||
for (;;){
|
||
nread = SSL_read(ssl, RSTRING_PTR(str), RSTRING_LENINT(str));
|
||
nread = SSL_read(ssl, RSTRING_PTR(str), ilen);
|
||
switch(ssl_get_error(ssl, nread)){
|
||
case SSL_ERROR_NONE:
|
||
goto end;
|
||
... | ... | |
end:
|
||
rb_str_set_len(str, nread);
|
||
OBJ_TAINT(str);
|
||
return str;
|
||
}
|
||
... | ... | |
* A callback invoked when a session is removed from the internal cache.
|
||
*
|
||
* The callback is invoked with an SSLContext and a Session.
|
||
*
|
||
* IMPORTANT NOTE: It is currently not possible to use this safely in a
|
||
* multi-threaded application. The callback is called inside a global lock
|
||
* and it can randomly cause deadlock on Ruby thread switching.
|
||
*/
|
||
rb_attr(cSSLContext, rb_intern("session_remove_cb"), 1, 1, Qfalse);
|
||
ext/openssl/ossl_version.h | ||
---|---|---|
#if !defined(_OSSL_VERSION_H_)
|
||
#define _OSSL_VERSION_H_
|
||
#define OSSL_VERSION "2.0.5"
|
||
#define OSSL_VERSION "2.0.7"
|
||
#endif /* _OSSL_VERSION_H_ */
|
ext/openssl/ossl_x509cert.c | ||
---|---|---|
/*
|
||
* call-seq:
|
||
* cert.public_key = key => key
|
||
* cert.public_key = key
|
||
*/
|
||
static VALUE
|
||
ossl_x509_set_public_key(VALUE self, VALUE key)
|
||
{
|
||
X509 *x509;
|
||
EVP_PKEY *pkey;
|
||
GetX509(self, x509);
|
||
if (!X509_set_pubkey(x509, GetPKeyPtr(key))) { /* DUPs pkey */
|
||
ossl_raise(eX509CertError, NULL);
|
||
}
|
||
pkey = GetPKeyPtr(key);
|
||
ossl_pkey_check_public_key(pkey);
|
||
if (!X509_set_pubkey(x509, pkey))
|
||
ossl_raise(eX509CertError, "X509_set_pubkey");
|
||
return key;
|
||
}
|
||
... | ... | |
X509 *x509;
|
||
EVP_PKEY *pkey;
|
||
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
|
||
GetX509(self, x509);
|
||
pkey = GetPKeyPtr(key);
|
||
ossl_pkey_check_public_key(pkey);
|
||
switch (X509_verify(x509, pkey)) {
|
||
case 1:
|
||
return Qtrue;
|
ext/openssl/ossl_x509crl.c | ||
---|---|---|
ossl_x509crl_verify(VALUE self, VALUE key)
|
||
{
|
||
X509_CRL *crl;
|
||
EVP_PKEY *pkey;
|
||
GetX509CRL(self, crl);
|
||
switch (X509_CRL_verify(crl, GetPKeyPtr(key))) {
|
||
pkey = GetPKeyPtr(key);
|
||
ossl_pkey_check_public_key(pkey);
|
||
switch (X509_CRL_verify(crl, pkey)) {
|
||
case 1:
|
||
return Qtrue;
|
||
case 0:
|
ext/openssl/ossl_x509req.c | ||
---|---|---|
EVP_PKEY *pkey;
|
||
GetX509Req(self, req);
|
||
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
|
||
if (!X509_REQ_set_pubkey(req, pkey)) {
|
||
ossl_raise(eX509ReqError, NULL);
|
||
}
|
||
pkey = GetPKeyPtr(key);
|
||
ossl_pkey_check_public_key(pkey);
|
||
if (!X509_REQ_set_pubkey(req, pkey))
|
||
ossl_raise(eX509ReqError, "X509_REQ_set_pubkey");
|
||
return key;
|
||
}
|
||
... | ... | |
EVP_PKEY *pkey;
|
||
GetX509Req(self, req);
|
||
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
|
||
pkey = GetPKeyPtr(key);
|
||
ossl_pkey_check_public_key(pkey);
|
||
switch (X509_REQ_verify(req, pkey)) {
|
||
case 1:
|
||
return Qtrue;
|
ext/openssl/ruby_missing.h | ||
---|---|---|
#define FPTR_TO_FD(fptr) ((fptr)->fd)
|
||
/* Ruby 2.4 */
|
||
#ifndef RB_INTEGER_TYPE_P
|
||
/* for Ruby 2.3 compatibility */
|
||
#define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
|
||
# define RB_INTEGER_TYPE_P(obj) (RB_FIXNUM_P(obj) || RB_TYPE_P(obj, T_BIGNUM))
|
||
#endif
|
||
/* Ruby 2.5 */
|
||
#ifndef ST2FIX
|
||
# define RB_ST2FIX(h) LONG2FIX((long)(h))
|
||
# define ST2FIX(h) RB_ST2FIX(h)
|
||
#endif
|
||
#endif /* _OSSL_RUBY_MISSING_H_ */
|
test/openssl/fixtures/pkey/dh1024.pem | ||
---|---|---|
-----BEGIN DH PARAMETERS-----
|
||
MIGHAoGBAKnKQ8MNK6nYZzLrrcuTsLxuiJGXoOO5gT+tljOTbHBuiktdMTITzIY0
|
||
pFxIvjG05D7HoBZQfrR0c92NGWPkAiCkhQKB8JCbPVzwNLDy6DZ0pmofDKrEsYHG
|
||
AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC
|
||
-----END DH PARAMETERS-----
|
test/openssl/fixtures/pkey/dsa1024.pem | ||
---|---|---|
-----BEGIN DSA PRIVATE KEY-----
|
||
MIIBugIBAAKBgQCH9aAoXvWWThIjkA6D+nI1F9ksF9iDq594rkiGNOT9sPDOdB+n
|
||
D+qeeeeloRlj19ymCSADPI0ZLRgkchkAEnY2RnqnhHOjVf/roGgRbW+iQDMbQ9wa
|
||
/pvc6/fAbsu1goE1hBYjm98/sZEeXavj8tR56IXnjF1b6Nx0+sgeUKFKEQIVAMiz
|
||
4BJUFeTtddyM4uadBM7HKLPRAoGAZdLBSYNGiij7vAjesF5mGUKTIgPd+JKuBEDx
|
||
OaBclsgfdoyoF/TMOkIty+PVlYD+//Vl2xnoUEIRaMXHwHfm0r2xUX++oeRaSScg
|
||
YizJdUxe5jvBuBszGPRc/mGpb9YvP0sB+FL1KmuxYmdODfCe51zl8uM/CVhouJ3w
|
||
DjmRGscCgYAuFlfC7p+e8huCKydfcv/beftqjewiOPpQ3u5uI6KPCtCJPpDhs3+4
|
||
IihH2cPsAlqwGF4tlibW1+/z/OZ1AZinPK3y7b2jSJASEaPeEltVzB92hcd1khk2
|
||
jTYcmSsV4VddplOPK9czytR/GbbibxsrhhgZUbd8LPbvIgaiadJ1PgIUBnJ/5vN2
|
||
CVArsEzlPUCbohPvZnE=
|
||
-----END DSA PRIVATE KEY-----
|
test/openssl/fixtures/pkey/dsa256.pem | ||
---|---|---|
-----BEGIN DSA PRIVATE KEY-----
|
||
MIH3AgEAAkEAhk2libbY2a8y2Pt21+YPYGZeW6wzaW2yfj5oiClXro9XMR7XWLkE
|
||
9B7XxLNFCS2gmCCdMsMW1HulaHtLFQmB2wIVAM43JZrcgpu6ajZ01VkLc93gu/Ed
|
||
AkAOhujZrrKV5CzBKutKLb0GVyVWmdC7InoNSMZEeGU72rT96IjM59YzoqmD0pGM
|
||
3I1o4cGqg1D1DfM1rQlnN1eSAkBq6xXfEDwJ1mLNxF6q8Zm/ugFYWR5xcX/3wFiT
|
||
b4+EjHP/DbNh9Vm5wcfnDBJ1zKvrMEf2xqngYdrV/3CiGJeKAhRvL57QvJZcQGvn
|
||
ISNX5cMzFHRW3Q==
|
||
-----END DSA PRIVATE KEY-----
|
test/openssl/fixtures/pkey/dsa512.pem | ||
---|---|---|
-----BEGIN DSA PRIVATE KEY-----
|
||
MIH4AgEAAkEA5lB4GvEwjrsMlGDqGsxrbqeFRh6o9OWt6FgTYiEEHaOYhkIxv0Ok
|
||
RZPDNwOG997mDjBnvDJ1i56OmS3MbTnovwIVAJgub/aDrSDB4DZGH7UyarcaGy6D
|
||
AkB9HdFw/3td8K4l1FZHv7TCZeJ3ZLb7dF3TWoGUP003RCqoji3/lHdKoVdTQNuR
|
||
S/m6DlCwhjRjiQ/lBRgCLCcaAkEAjN891JBjzpMj4bWgsACmMggFf57DS0Ti+5++
|
||
Q1VB8qkJN7rA7/2HrCR3gTsWNb1YhAsnFsoeRscC+LxXoXi9OAIUBG98h4tilg6S
|
||
55jreJD3Se3slps=
|
||
-----END DSA PRIVATE KEY-----
|
test/openssl/fixtures/pkey/p256.pem | ||
---|---|---|
-----BEGIN EC PRIVATE KEY-----
|
||
MHcCAQEEIID49FDqcf1O1eO8saTgG70UbXQw9Fqwseliit2aWhH1oAoGCCqGSM49
|
||
AwEHoUQDQgAEFglk2c+oVUIKQ64eZG9bhLNPWB7lSZ/ArK41eGy5wAzU/0G51Xtt
|
||
CeBUl+MahZtn9fO1JKdF4qJmS39dXnpENg==
|
||
-----END EC PRIVATE KEY-----
|
test/openssl/fixtures/pkey/rsa1024.pem | ||
---|---|---|
-----BEGIN RSA PRIVATE KEY-----
|
||
MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
|
||
aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
|
||
Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
|
||
AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
|
||
maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
|
||
gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
|
||
74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
|
||
JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
|
||
sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
|
||
8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
|
||
wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
|
||
qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
|
||
dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
|
||
-----END RSA PRIVATE KEY-----
|
test/openssl/fixtures/pkey/rsa2048.pem | ||
---|---|---|
-----BEGIN RSA PRIVATE KEY-----
|
||
MIIEpAIBAAKCAQEAuV9ht9J7k4NBs38jOXvvTKY9gW8nLICSno5EETR1cuF7i4pN
|
||
s9I1QJGAFAX0BEO4KbzXmuOvfCpD3CU+Slp1enenfzq/t/e/1IRW0wkJUJUFQign
|
||
4CtrkJL+P07yx18UjyPlBXb81ApEmAB5mrJVSrWmqbjs07JbuS4QQGGXLc+Su96D
|
||
kYKmSNVjBiLxVVSpyZfAY3hD37d60uG+X8xdW5v68JkRFIhdGlb6JL8fllf/A/bl
|
||
NwdJOhVr9mESHhwGjwfSeTDPfd8ZLE027E5lyAVX9KZYcU00mOX+fdxOSnGqS/8J
|
||
DRh0EPHDL15RcJjV2J6vZjPb0rOYGDoMcH+94wIDAQABAoIBAAzsamqfYQAqwXTb
|
||
I0CJtGg6msUgU7HVkOM+9d3hM2L791oGHV6xBAdpXW2H8LgvZHJ8eOeSghR8+dgq
|
||
PIqAffo4x1Oma+FOg3A0fb0evyiACyrOk+EcBdbBeLo/LcvahBtqnDfiUMQTpy6V
|
||
seSoFCwuN91TSCeGIsDpRjbG1vxZgtx+uI+oH5+ytqJOmfCksRDCkMglGkzyfcl0
|
||
Xc5CUhIJ0my53xijEUQl19rtWdMnNnnkdbG8PT3LZlOta5Do86BElzUYka0C6dUc
|
||
VsBDQ0Nup0P6rEQgy7tephHoRlUGTYamsajGJaAo1F3IQVIrRSuagi7+YpSpCqsW
|
||
wORqorkCgYEA7RdX6MDVrbw7LePnhyuaqTiMK+055/R1TqhB1JvvxJ1CXk2rDL6G
|
||
0TLHQ7oGofd5LYiemg4ZVtWdJe43BPZlVgT6lvL/iGo8JnrncB9Da6L7nrq/+Rvj
|
||
XGjf1qODCK+LmreZWEsaLPURIoR/Ewwxb9J2zd0CaMjeTwafJo1CZvcCgYEAyCgb
|
||
aqoWvUecX8VvARfuA593Lsi50t4MEArnOXXcd1RnXoZWhbx5rgO8/ATKfXr0BK/n
|
||
h2GF9PfKzHFm/4V6e82OL7gu/kLy2u9bXN74vOvWFL5NOrOKPM7Kg+9I131kNYOw
|
||
Ivnr/VtHE5s0dY7JChYWE1F3vArrOw3T00a4CXUCgYEA0SqY+dS2LvIzW4cHCe9k
|
||
IQqsT0yYm5TFsUEr4sA3xcPfe4cV8sZb9k/QEGYb1+SWWZ+AHPV3UW5fl8kTbSNb
|
||
v4ng8i8rVVQ0ANbJO9e5CUrepein2MPL0AkOATR8M7t7dGGpvYV0cFk8ZrFx0oId
|
||
U0PgYDotF/iueBWlbsOM430CgYEAqYI95dFyPI5/AiSkY5queeb8+mQH62sdcCCr
|
||
vd/w/CZA/K5sbAo4SoTj8dLk4evU6HtIa0DOP63y071eaxvRpTNqLUOgmLh+D6gS
|
||
Cc7TfLuFrD+WDBatBd5jZ+SoHccVrLR/4L8jeodo5FPW05A+9gnKXEXsTxY4LOUC
|
||
9bS4e1kCgYAqVXZh63JsMwoaxCYmQ66eJojKa47VNrOeIZDZvd2BPVf30glBOT41
|
||
gBoDG3WMPZoQj9pb7uMcrnvs4APj2FIhMU8U15LcPAj59cD6S6rWnAxO8NFK7HQG
|
||
4Jxg3JNNf8ErQoCHb1B3oVdXJkmbJkARoDpBKmTCgKtP8ADYLmVPQw==
|
||
-----END RSA PRIVATE KEY-----
|
test/openssl/test_asn1.rb | ||
---|---|---|
# frozen_string_literal: false
|
||
require_relative 'utils'
|
||
if defined?(OpenSSL::TestUtils)
|
||
class OpenSSL::TestASN1 < OpenSSL::TestCase
|
||
def test_decode
|
||
subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
|
||
key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
key = Fixtures.pkey("rsa1024")
|
||
now = Time.at(Time.now.to_i) # suppress usec
|
||
s = 0xdeadbeafdeadbeafdeadbeafdeadbeaf
|
||
exts = [
|
||
... | ... | |
end
|
||
assert_equal(:UNIVERSAL, asn1.tag_class)
|
||
end
|
||
end
|
||
end if defined?(OpenSSL::TestUtils)
|
||
end
|
test/openssl/test_bn.rb | ||
---|---|---|
assert_equal(false, bn1.eql?(bn3))
|
||
assert_equal(bn1.hash, bn2.hash)
|
||
assert_not_equal(bn3.hash, bn1.hash)
|
||
assert_instance_of(String, bn1.hash.to_s)
|
||
end
|
||
end
|
||
test/openssl/test_buffering.rb | ||
---|---|---|
# frozen_string_literal: false
|
||
require_relative 'utils'
|
||
require 'stringio'
|
||
class OpenSSL::TestBuffering < OpenSSL::TestCase
|
||
if defined?(OpenSSL::TestUtils)
|
||
class OpenSSL::TestBuffering < OpenSSL::TestCase
|
||
class IO
|
||
include OpenSSL::Buffering
|
||
... | ... | |
end
|
||
assert_equal([97, 98, 99], res)
|
||
end
|
||
end
|
||
end if defined?(OpenSSL::TestUtils)
|
||
end
|
test/openssl/test_cipher.rb | ||
---|---|---|
assert_equal tag1, tag2
|
||
end if has_cipher?("aes-128-gcm")
|
||
def test_non_aead_cipher_set_auth_data
|
||
assert_raise(OpenSSL::Cipher::CipherError) {
|
||
cipher = OpenSSL::Cipher.new("aes-128-cfb").encrypt
|
||
cipher.auth_data = "123"
|
||
}
|
||
end if has_cipher?("aes-128-gcm")
|
||
private
|
||
def new_encryptor(algo, **kwargs)
|
test/openssl/test_config.rb | ||
---|---|---|
# frozen_string_literal: false
|
||
require_relative 'utils'
|
||
if defined?(OpenSSL::TestUtils)
|
||
class OpenSSL::TestConfig < OpenSSL::TestCase
|
||
def setup
|
||
super
|
||
... | ... | |
def test_value
|
||
# suppress deprecation warnings
|
||
OpenSSL::TestUtils.silent do
|
||
EnvUtil.suppress_warning do
|
||
assert_equal('CA_default', @it.value('ca', 'default_ca'))
|
||
assert_equal(nil, @it.value('ca', 'no such key'))
|
||
assert_equal(nil, @it.value('no such section', 'no such key'))
|
||
... | ... | |
end
|
||
def test_value_ENV
|
||
OpenSSL::TestUtils.silent do
|
||
EnvUtil.suppress_warning do
|
||
key = ENV.keys.first
|
||
assert_not_nil(key) # make sure we have at least one ENV var.
|
||
assert_equal(ENV[key], @it.value('ENV', key))
|
||
... | ... | |
end
|
||
def test_section
|
||
OpenSSL::TestUtils.silent do
|
||
EnvUtil.suppress_warning do
|
||
assert_equal({'HOME' => '.'}, @it.section('default'))
|
||
assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it.section('CA_default'))
|
||
assert_equal({}, @it.section('no_such_section'))
|
||
... | ... | |
@it['newsection'] = {'a' => 'b'}
|
||
assert_not_equal(@it.sections.sort, c.sections.sort)
|
||
end
|
||
end if defined?(OpenSSL::TestUtils)
|
||
end
|
||
end
|
test/openssl/test_digest.rb | ||
---|---|---|
end
|
||
def test_digest_constants
|
||
algs = %w(MD4 MD5 RIPEMD160 SHA1)
|
||
if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000
|
||
algs = %w(MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512)
|
||
if !libressl? && !openssl?(1, 1, 0)
|
||
algs += %w(DSS1 SHA)
|
||
end
|
||
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
|
||
algs += %w(SHA224 SHA256 SHA384 SHA512)
|
||
end
|
||
algs.each do |alg|
|
||
assert_not_nil(OpenSSL::Digest.new(alg))
|
||
klass = OpenSSL::Digest.const_get(alg)
|
||
... | ... | |
check_digest(OpenSSL::ASN1::ObjectId.new("SHA1"))
|
||
end
|
||
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
|
||
def encode16(str)
|
||
str.unpack("H*").first
|
||
end
|
||
def encode16(str)
|
||
str.unpack("H*").first
|
||
end
|
||
def test_098_features
|
||
sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
|
||
sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
|
||
sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
|
||
sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
|
||
assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
|
||
assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
|
||
assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
|
||
assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
|
||
assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
|
||
assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
|
||
assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
|
||
assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
|
||
end
|
||
def test_sha2
|
||
sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
|
||
sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
|
||
sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
|
||
sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
|
||
assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
|
||
assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
|
||
assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
|
||
assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
|
||
assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
|
||
assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
|
||
assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
|
||
assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
|
||
end
|
||
def test_digest_by_oid_and_name_sha2
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA224"))
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA256"))
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA384"))
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA512"))
|
||
end
|
||
def test_digest_by_oid_and_name_sha2
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA224"))
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA256"))
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA384"))
|
||
check_digest(OpenSSL::ASN1::ObjectId.new("SHA512"))
|
||
end
|
||
def test_openssl_digest
|
||
... | ... | |
d = OpenSSL::Digest.new(oid.oid)
|
||
assert_not_nil(d)
|
||
end
|
||
def libressl?
|
||
OpenSSL::OPENSSL_VERSION.include?('LibreSSL')
|
||
end
|
||
def version_since(verary)
|
||
(OpenSSL::OPENSSL_LIBRARY_VERSION.scan(/\d+/).map(&:to_i) <=> verary) != -1
|
||
end
|
||
end
|
||
end
|
test/openssl/test_engine.rb | ||
---|---|---|
# frozen_string_literal: false
|
||
require_relative 'utils'
|
||
class OpenSSL::TestEngine < OpenSSL::TestCase
|
||
if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine)
|
||
class OpenSSL::TestEngine < OpenSSL::TestCase
|
||
def test_engines_free # [ruby-dev:44173]
|
||
with_openssl <<-'end;'
|
||
OpenSSL::Engine.load("openssl")
|
||
... | ... | |
end
|
||
def test_openssl_engine_cipher_rc4
|
||
with_openssl <<-'end;'
|
||
begin
|
||
engine = get_engine
|
||
algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e)
|
||
data = "a" * 1000
|
||
key = OpenSSL::Random.random_bytes(16)
|
||
# suppress message from openssl Engine's RC4 cipher [ruby-core:41026]
|
||
err_back = $stderr.dup
|
||
$stderr.reopen(IO::NULL)
|
||
encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
|
||
decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
|
||
assert_equal(data, decrypted)
|
||
ensure
|
||
if err_back
|
||
$stderr.reopen(err_back)
|
||
err_back.close
|
||
end
|
||
end
|
||
begin
|
||
OpenSSL::Cipher.new("rc4")
|
||
rescue OpenSSL::Cipher::CipherError
|
||
pend "RC4 is not supported"
|
||
end
|
||
with_openssl(<<-'end;', ignore_stderr: true)
|
||
engine = get_engine
|
||
algo = "RC4"
|
||
data = "a" * 1000
|
||
key = OpenSSL::Random.random_bytes(16)
|
||
encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
|
||
decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
|
||
assert_equal(data, decrypted)
|
||
end;
|
||
end
|
||
private
|
||
# this is required because OpenSSL::Engine methods change global state
|
||
def with_openssl(code)
|
||
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
|
||
def with_openssl(code, **opts)
|
||
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;", **opts)
|
||
require #{__FILE__.dump}
|
||
include OpenSSL::TestEngine::Utils
|
||
#{code}
|
||
... | ... | |
cipher.update(data) + cipher.final
|
||
end
|
||
end
|
||
end
|
||
end if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine)
|
||
end
|
test/openssl/test_hmac.rb | ||
---|---|---|
# frozen_string_literal: false
|
||
require_relative 'utils'
|
||
if defined?(OpenSSL::TestUtils)
|
||
class OpenSSL::TestHMAC < OpenSSL::TestCase
|
||
def test_hmac
|
||
# RFC 2202 2. Test Cases for HMAC-MD5
|
||
... | ... | |
second = h1.update("test").hexdigest
|
||
assert_equal first, second
|
||
end
|
||
end if defined?(OpenSSL::TestUtils)
|
||
end
|
||
end
|
test/openssl/test_ns_spki.rb | ||
---|---|---|
end
|
||
def test_build_data
|
||
key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
||
key1 = Fixtures.pkey("rsa1024")
|
||
key2 = Fixtures.pkey("rsa2048")
|
||
spki = OpenSSL::Netscape::SPKI.new
|
||
spki.challenge = "RandomString"
|
||
spki.public_key = key1.public_key
|
test/openssl/test_ocsp.rb | ||
---|---|---|
# @cert2 @ocsp_cert
|
||
ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
|
||
@ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
@ca_key = Fixtures.pkey("rsa1024")
|
||
ca_exts = [
|
||
["basicConstraints", "CA:TRUE", true],
|
||
["keyUsage", "cRLSign,keyCertSign", true],
|
||
... | ... | |
ca_subj, @ca_key, 1, ca_exts, nil, nil)
|
||
cert_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA2")
|
||
@cert_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
@cert_key = Fixtures.pkey("rsa1024")
|
||
cert_exts = [
|
||
["basicConstraints", "CA:TRUE", true],
|
||
["keyUsage", "cRLSign,keyCertSign", true],
|
||
... | ... | |
cert_subj, @cert_key, 5, cert_exts, @ca_cert, @ca_key)
|
||
cert2_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
|
||
@cert2_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
|
||
@cert2_key = Fixtures.pkey("rsa1024")
|
||
cert2_exts = [
|
||
]
|
||
@cert2 = OpenSSL::TestUtils.issue_cert(
|
||
cert2_subj, @cert2_key, 10, cert2_exts, @cert, @cert_key)
|
||
ocsp_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCAOCSP")
|
||
@ocsp_key = OpenSSL::TestUtils::TEST_KEY_RSA2048
|
||
@ocsp_key = Fixtures.pkey("rsa2048")
|
||
ocsp_exts = [
|
||
["extendedKeyUsage", "OCSPSigning", true],
|
||
]
|
||
... | ... | |
assert_equal true, req.verify([@cert], store, OpenSSL::OCSP::NOINTERN)
|
||
ret = req.verify([@cert], store)
|
||
if ret || OpenSSL::OPENSSL_VERSION =~ /OpenSSL/ && OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10002000
|
||
if ret || openssl?(1, 0, 2) || libressl?(2, 4, 2)
|
||
assert_equal true, ret
|
||
else
|
||
# RT2560; OCSP_request_verify() does not find signer cert from 'certs' when
|
test/openssl/test_pair.rb | ||
---|---|---|
# frozen_string_literal: false
|
||
require_relative 'utils'
|
||
require_relative 'ut_eof'
|
||
if defined?(OpenSSL::TestUtils)
|
||
require 'socket'
|
||
require_relative 'ut_eof'
|
||
module OpenSSL::SSLPairM
|
||
def server
|
||
host = "127.0.0.1"
|
||
port = 0
|
||
ctx = OpenSSL::SSL::SSLContext.new()
|
||
ctx.ciphers = "ADH"
|
||
ctx.security_level = 0
|
||
ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 }
|
||
tcps = create_tcp_server(host, port)
|
||
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
|
||
return ssls
|
||
def setup
|
||
svr_dn = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
|
||
ee_exts = [
|
||
["keyUsage", "keyEncipherment,digitalSignature", true],
|
||
]
|
||
@svr_key = OpenSSL::TestUtils::Fixtures.pkey("rsa1024")
|
||
@svr_cert = issue_cert(svr_dn, @svr_key, 1, ee_exts, nil, nil)
|
||
end
|
||
def client(port)
|
||
def ssl_pair
|
||
host = "127.0.0.1"
|
||
ctx = OpenSSL::SSL::SSLContext.new()
|
||
ctx.ciphers = "ADH"
|
||
ctx.security_level = 0
|
||
s = create_tcp_client(host, port)
|
||
ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
|
||
ssl.connect
|
||
ssl.sync_close = true
|
||
ssl
|
||
end
|
||
tcps = create_tcp_server(host, 0)
|
||
port = tcps.connect_address.ip_port
|
||
def ssl_pair
|
||
ssls = server
|
||
th = Thread.new {
|
||
sctx = OpenSSL::SSL::SSLContext.new
|
||
sctx.cert = @svr_cert
|
||
sctx.key = @svr_key
|
||
sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
|
||
sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
|
||
ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx)
|
||
ns = ssls.accept
|
||
ssls.close
|
||
ns
|
||
}
|
||
port = ssls.to_io.local_address.ip_port
|
||
c = client(port)
|
||
tcpc = create_tcp_client(host, port)
|
||
c = OpenSSL::SSL::SSLSocket.new(tcpc)
|
||
c.connect
|
||
s = th.value
|
||
if block_given?
|
||
begin
|
||
yield c, s
|
||
ensure
|
||
c.close unless c.closed?
|
||
s.close unless s.closed?
|
||
end
|
||
else
|
||
return c, s
|
||
end
|
||
yield c, s
|
||
ensure
|
||
if th&.alive?
|
||
th.kill
|
||
th.join
|
||
end
|
||
tcpc&.close
|
||
tcps&.close
|
||
s&.close
|
||
end
|
||
end
|
||
... | ... | |
module OpenSSL::TestEOF1M
|
||
def open_file(content)
|
||
s1, s2 = ssl_pair
|
||
th = Thread.new { s2 << content; s2.close }
|
||
yield s1
|
||
ensure
|
||
th.join if th
|
||
s1.close
|
||
ssl_pair { |s1, s2|
|
||
begin
|
||
th = Thread.new { s2 << content; s2.close }
|
||
yield s1
|
||
ensure
|
||
th&.join
|
||
end
|
||
}
|
||
end
|
||
end
|
||
module OpenSSL::TestEOF2M
|
||
def open_file(content)
|
||
s1, s2 = ssl_pair
|
||
th = Thread.new { s1 << content; s1.close }
|
||
yield s2
|
||
ensure
|
||
th.join if th
|
||
s2.close
|
||
ssl_pair { |s1, s2|
|
||
begin
|
||
th = Thread.new { s1 << content; s1.close }
|
||
yield s2
|
||
ensure
|
||
th&.join
|
||
end
|
||
}
|
||
end
|
||
end
|
||
... | ... | |
}
|
||
end
|
||
def test_multibyte_read_write
|
||
# German a umlaut
|
||
auml = [%w{ C3 A4 }.join('')].pack('H*')
|
||
auml.force_encoding(Encoding::UTF_8)
|
||
bsize = auml.bytesize
|
||