diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2018-05-12 15:49:42 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2018-05-12 15:49:42 +0900 |
commit | a72989b72380a4cf5ba3f821969f072f0e71b1d4 (patch) | |
tree | 339b5ec8cf0d4b64499de1cdd963e5cff102466e | |
parent | b8b8f74e95854a8db793d8189952a51e5af53dea (diff) | |
parent | 1f90516e32ecd755d592002585e97cb78752eae2 (diff) | |
download | ruby-openssl-a72989b72380a4cf5ba3f821969f072f0e71b1d4.tar.gz |
Merge branch 'maint-2.0' into maint
* maint-2.0:
Ruby/OpenSSL 2.0.8
test/test_ssl_session: set client protocol version explicitly
test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
extconf.rb: fix build with LibreSSL 2.7.0
cipher: validate iterations argument for Cipher#pkcs5_keyivgen
test/utils: disable Thread's report_on_exception in start_server
-rw-r--r-- | History.md | 14 | ||||
-rw-r--r-- | ext/openssl/extconf.rb | 5 | ||||
-rw-r--r-- | ext/openssl/ossl_cipher.c | 2 | ||||
-rw-r--r-- | test/test_cipher.rb | 3 | ||||
-rw-r--r-- | test/test_pkey_rsa.rb | 9 | ||||
-rw-r--r-- | test/test_ssl_session.rb | 14 | ||||
-rw-r--r-- | test/utils.rb | 12 |
7 files changed, 52 insertions, 7 deletions
@@ -55,6 +55,20 @@ Notable changes [[GitHub #177]](https://github.com/ruby/openssl/pull/177) +Version 2.0.8 +============= + +Bug fixes +--------- + +* OpenSSL::Cipher#pkcs5_keyivgen raises an error when a negative iteration + count is given. + [[GitHub #184]](https://github.com/ruby/openssl/pull/184) +* Fixed build with LibreSSL 2.7. + [[GitHub #192]](https://github.com/ruby/openssl/issues/192) + [[GitHub #193]](https://github.com/ruby/openssl/pull/193) + + Version 2.0.7 ============= diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 5212903b..4242f044 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -122,8 +122,11 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h") have_func("SSL_is_server") # added in 1.1.0 +if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || + try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h") + $defs.push("-DHAVE_OPAQUE_OPENSSL") +end have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API") -have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL") have_func("BN_GENCB_new") have_func("BN_GENCB_free") have_func("BN_GENCB_get_arg") diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 3038a766..0840c84a 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -317,6 +317,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) salt = (unsigned char *)RSTRING_PTR(vsalt); } iter = NIL_P(viter) ? 2048 : NUM2INT(viter); + if (iter <= 0) + rb_raise(rb_eArgError, "iterations must be a positive integer"); digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_get_digestbyname(vdigest); GetCipher(self, ctx); EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt, diff --git a/test/test_cipher.rb b/test/test_cipher.rb index 56061741..d83fa4ec 100644 --- a/test/test_cipher.rb +++ b/test/test_cipher.rb @@ -44,6 +44,9 @@ class OpenSSL::TestCipher < OpenSSL::TestCase s2 = cipher.update(pt) << cipher.final assert_equal s1, s2 + + cipher2 = OpenSSL::Cipher.new("DES-EDE3-CBC").encrypt + assert_raise(ArgumentError) { cipher2.pkcs5_keyivgen(pass, salt, -1, "MD5") } end def test_info diff --git a/test/test_pkey_rsa.rb b/test/test_pkey_rsa.rb index d9bea1a6..ef02717d 100644 --- a/test/test_pkey_rsa.rb +++ b/test/test_pkey_rsa.rb @@ -60,6 +60,13 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase end end + def test_generate + key = OpenSSL::PKey::RSA.generate(512, 17) + assert_equal 512, key.n.num_bits + assert_equal 17, key.e + assert_not_nil key.d + end + def test_new_break assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) assert_raise(RuntimeError) do @@ -289,7 +296,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase end def test_dup - key = OpenSSL::PKey::RSA.generate(256, 17) + key = Fixtures.pkey("rsa1024") key2 = key.dup assert_equal key.params, key2.params key2.set_key(key2.n, 3, key2.d) diff --git a/test/test_ssl_session.rb b/test/test_ssl_session.rb index 2cb46cd2..7b0f9aca 100644 --- a/test/test_ssl_session.rb +++ b/test/test_ssl_session.rb @@ -198,7 +198,9 @@ __EOS__ first_session = nil 10.times do |i| connections = i - server_connect_with_session(port, nil, first_session) { |ssl| + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 + server_connect_with_session(port, cctx, first_session) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets first_session ||= ssl.session @@ -257,6 +259,8 @@ __EOS__ connections = nil called = {} + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 sctx = nil ctx_proc = Proc.new { |ctx| sctx = ctx @@ -292,7 +296,7 @@ __EOS__ } start_server(ctx_proc: ctx_proc) do |port| connections = 0 - sess0 = server_connect_with_session(port, nil, nil) { |ssl| + sess0 = server_connect_with_session(port, cctx, nil) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session @@ -307,7 +311,7 @@ __EOS__ # Internal cache hit connections = 1 - server_connect_with_session(port, nil, sess0.dup) { |ssl| + server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal true, ssl.session_reused? ssl.session @@ -328,7 +332,7 @@ __EOS__ # External cache hit connections = 2 - sess2 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess2 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets if !ssl.session_reused? && openssl?(1, 1, 0) && !openssl?(1, 1, 0, 7) # OpenSSL >= 1.1.0, < 1.1.0g @@ -355,7 +359,7 @@ __EOS__ # Cache miss connections = 3 - sess3 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess3 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session diff --git a/test/utils.rb b/test/utils.rb index a3599490..6318246d 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -214,6 +214,10 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase threads = [] begin server_thread = Thread.new do + if Thread.method_defined?(:report_on_exception=) # Ruby >= 2.4 + Thread.current.report_on_exception = false + end + begin loop do begin @@ -227,6 +231,10 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase end th = Thread.new do + if Thread.method_defined?(:report_on_exception=) + Thread.current.report_on_exception = false + end + begin server_proc.call(ctx, ssl) ensure @@ -242,6 +250,10 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase end client_thread = Thread.new do + if Thread.method_defined?(:report_on_exception=) + Thread.current.report_on_exception = false + end + begin block.call(port) ensure |