diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-12-05 10:50:12 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-12-05 10:50:12 +0900 |
commit | fa75748466aea1838206ddeee9310522712073e7 (patch) | |
tree | d0174c0dbd848c819a9d92725e6d84fcdadf63ad | |
parent | 72126d6c8b88abd69c3565fc3bbbd5ed1e401611 (diff) | |
parent | 6ee4b285036ea0deb13d318fe0a5025e46987cef (diff) | |
download | ruby-openssl-fa75748466aea1838206ddeee9310522712073e7.tar.gz |
Merge branch 'topic/under-gc-stress' into maint
* topic/under-gc-stress:
test: run test cases under GC.stress if OSSL_GC_STRESS is specified
test/test_pair: make TestPairM#test_write_nonblock_retry faster
test: call super from each test case's 'setup' method
ssl: prevent encoded NPN advertised protocol list from being GCed
bn: keep reference to temporary OpenSSL::BN object created by GetBNPtr()
-rw-r--r-- | ext/openssl/ossl_bn.c | 36 | ||||
-rw-r--r-- | ext/openssl/ossl_bn.h | 4 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 10 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 5 | ||||
-rw-r--r-- | test/test_buffering.rb | 1 | ||||
-rw-r--r-- | test/test_config.rb | 1 | ||||
-rw-r--r-- | test/test_digest.rb | 1 | ||||
-rw-r--r-- | test/test_ns_spki.rb | 1 | ||||
-rw-r--r-- | test/test_ocsp.rb | 1 | ||||
-rw-r--r-- | test/test_pair.rb | 2 | ||||
-rw-r--r-- | test/test_pkcs12.rb | 1 | ||||
-rw-r--r-- | test/test_pkcs7.rb | 1 | ||||
-rw-r--r-- | test/test_x509cert.rb | 1 | ||||
-rw-r--r-- | test/test_x509crl.rb | 1 | ||||
-rw-r--r-- | test/test_x509ext.rb | 1 | ||||
-rw-r--r-- | test/test_x509name.rb | 1 | ||||
-rw-r--r-- | test/test_x509req.rb | 1 | ||||
-rw-r--r-- | test/test_x509store.rb | 1 | ||||
-rw-r--r-- | test/utils.rb | 10 |
19 files changed, 59 insertions, 21 deletions
diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index eaf62543..4e371cb2 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -120,30 +120,34 @@ integer_to_bnptr(VALUE obj, BIGNUM *orig) return bn; } -static BIGNUM * -try_convert_to_bnptr(VALUE obj) +static VALUE +try_convert_to_bn(VALUE obj) { - BIGNUM *bn = NULL; - VALUE newobj; + BIGNUM *bn; + VALUE newobj = Qnil; - if (rb_obj_is_kind_of(obj, cBN)) { - GetBN(obj, bn); - } - else if (RB_INTEGER_TYPE_P(obj)) { + if (rb_obj_is_kind_of(obj, cBN)) + return obj; + if (RB_INTEGER_TYPE_P(obj)) { newobj = NewBN(cBN); /* Handle potencial mem leaks */ bn = integer_to_bnptr(obj, NULL); SetBN(newobj, bn); } - return bn; + return newobj; } BIGNUM * -GetBNPtr(VALUE obj) +ossl_bn_value_ptr(volatile VALUE *ptr) { - BIGNUM *bn = try_convert_to_bnptr(obj); - if (!bn) + VALUE tmp; + BIGNUM *bn; + + tmp = try_convert_to_bn(*ptr); + if (NIL_P(tmp)) ossl_raise(rb_eTypeError, "Cannot convert into OpenSSL::BN"); + GetBN(tmp, bn); + *ptr = tmp; return bn; } @@ -893,10 +897,12 @@ ossl_bn_eq(VALUE self, VALUE other) BIGNUM *bn1, *bn2; GetBN(self, bn1); - /* BNPtr may raise, so we can't use here */ - bn2 = try_convert_to_bnptr(other); + other = try_convert_to_bn(other); + if (NIL_P(other)) + return Qfalse; + GetBN(other, bn2); - if (bn2 && !BN_cmp(bn1, bn2)) { + if (!BN_cmp(bn1, bn2)) { return Qtrue; } return Qfalse; diff --git a/ext/openssl/ossl_bn.h b/ext/openssl/ossl_bn.h index 4cd9d060..a19ba194 100644 --- a/ext/openssl/ossl_bn.h +++ b/ext/openssl/ossl_bn.h @@ -15,8 +15,10 @@ extern VALUE eBNError; extern BN_CTX *ossl_bn_ctx; +#define GetBNPtr(obj) ossl_bn_value_ptr(&(obj)) + VALUE ossl_bn_new(const BIGNUM *); -BIGNUM *GetBNPtr(VALUE); +BIGNUM *ossl_bn_value_ptr(volatile VALUE *); void Init_ossl_bn(void); diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 5191c0f4..fc3f034a 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -1635,7 +1635,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self) * points | self | arg2[0] | arg2[1] | ... */ long i, num; - VALUE tmp_p, tmp_b; + VALUE bns_tmp, tmp_p, tmp_b; const EC_POINT **points; const BIGNUM **bignums; @@ -1645,9 +1645,13 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self) ossl_raise(rb_eArgError, "bns must be 1 longer than points; see the documentation"); num = RARRAY_LEN(arg1); + bns_tmp = rb_ary_tmp_new(num); bignums = ALLOCV_N(const BIGNUM *, tmp_b, num); - for (i = 0; i < num; i++) - bignums[i] = GetBNPtr(RARRAY_AREF(arg1, i)); + for (i = 0; i < num; i++) { + VALUE item = RARRAY_AREF(arg1, i); + bignums[i] = GetBNPtr(item); + rb_ary_push(bns_tmp, item); + } points = ALLOCV_N(const EC_POINT *, tmp_p, num); points[0] = point_self; /* self */ diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 609ffdc6..eef7dbec 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -32,7 +32,8 @@ VALUE cSSLSocket; static VALUE eSSLErrorWaitReadable; static VALUE eSSLErrorWaitWritable; -static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback; +static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback, + id_npn_protocols_encoded; static VALUE sym_exception, sym_wait_readable, sym_wait_writable; static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode, @@ -892,6 +893,7 @@ ossl_sslctx_setup(VALUE self) val = rb_attr_get(self, id_i_npn_protocols); if (!NIL_P(val)) { VALUE encoded = ssl_encode_npn_protocols(val); + rb_ivar_set(self, id_npn_protocols_encoded, encoded); SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)encoded); OSSL_Debug("SSL NPN advertise callback added"); } @@ -2712,6 +2714,7 @@ Init_ossl_ssl(void) id_tmp_dh_callback = rb_intern("tmp_dh_callback"); id_tmp_ecdh_callback = rb_intern("tmp_ecdh_callback"); + id_npn_protocols_encoded = rb_intern("npn_protocols_encoded"); #define DefIVarID(name) do \ id_i_##name = rb_intern("@"#name); while (0) diff --git a/test/test_buffering.rb b/test/test_buffering.rb index 1f42cd3c..f85353fc 100644 --- a/test/test_buffering.rb +++ b/test/test_buffering.rb @@ -37,6 +37,7 @@ class OpenSSL::TestBuffering < OpenSSL::TestCase end def setup + super @io = IO.new end diff --git a/test/test_config.rb b/test/test_config.rb index 3e2e1273..786bce9d 100644 --- a/test/test_config.rb +++ b/test/test_config.rb @@ -3,6 +3,7 @@ require_relative 'utils' class OpenSSL::TestConfig < OpenSSL::TestCase def setup + super file = Tempfile.open("openssl.cnf") file << <<__EOD__ HOME = . diff --git a/test/test_digest.rb b/test/test_digest.rb index 028889c1..9891d99a 100644 --- a/test/test_digest.rb +++ b/test/test_digest.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestDigest < OpenSSL::TestCase def setup + super @d1 = OpenSSL::Digest.new("MD5") @d2 = OpenSSL::Digest::MD5.new end diff --git a/test/test_ns_spki.rb b/test/test_ns_spki.rb index 4740c0b2..ac34613f 100644 --- a/test/test_ns_spki.rb +++ b/test/test_ns_spki.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestNSSPI < OpenSSL::TestCase def setup + super # This request data is adopt from the specification of # "Netscape Extensions for User Key Generation". # -- http://wp.netscape.com/eng/security/comm4-keygen.html diff --git a/test/test_ocsp.rb b/test/test_ocsp.rb index 82d83d56..8881f25d 100644 --- a/test/test_ocsp.rb +++ b/test/test_ocsp.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestOCSP < OpenSSL::TestCase def setup + super # @ca_cert # | # @cert diff --git a/test/test_pair.rb b/test/test_pair.rb index ad65327d..9a5205f8 100644 --- a/test/test_pair.rb +++ b/test/test_pair.rb @@ -295,7 +295,7 @@ module OpenSSL::TestPairM # fill up a socket so we hit EAGAIN written = String.new n = 0 - buf = 'a' * 11 + buf = 'a' * 4099 case ret = s1.write_nonblock(buf, exception: false) when :wait_readable then break when :wait_writable then break diff --git a/test/test_pkcs12.rb b/test/test_pkcs12.rb index 8c9147a9..403718b9 100644 --- a/test/test_pkcs12.rb +++ b/test/test_pkcs12.rb @@ -8,6 +8,7 @@ module OpenSSL include OpenSSL::TestUtils def setup + super ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") ca_exts = [ ["basicConstraints","CA:TRUE",true], diff --git a/test/test_pkcs7.rb b/test/test_pkcs7.rb index b7b75202..48d59997 100644 --- a/test/test_pkcs7.rb +++ b/test/test_pkcs7.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestPKCS7 < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") diff --git a/test/test_x509cert.rb b/test/test_x509cert.rb index fb757c44..0cfe4402 100644 --- a/test/test_x509cert.rb +++ b/test/test_x509cert.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Certificate < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 diff --git a/test/test_x509crl.rb b/test/test_x509crl.rb index f61de971..44dfffc9 100644 --- a/test/test_x509crl.rb +++ b/test/test_x509crl.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509CRL < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 diff --git a/test/test_x509ext.rb b/test/test_x509ext.rb index 79713c0f..58f03168 100644 --- a/test/test_x509ext.rb +++ b/test/test_x509ext.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Extension < OpenSSL::TestCase def setup + super @basic_constraints_value = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Boolean(true), # CA OpenSSL::ASN1::Integer(2) # pathlen diff --git a/test/test_x509name.rb b/test/test_x509name.rb index 78da4df1..b30a02e6 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -6,6 +6,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Name < OpenSSL::TestCase def setup + super @obj_type_tmpl = Hash.new(OpenSSL::ASN1::PRINTABLESTRING) @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE) end diff --git a/test/test_x509req.rb b/test/test_x509req.rb index 086ccfbd..585dda1b 100644 --- a/test/test_x509req.rb +++ b/test/test_x509req.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Request < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 diff --git a/test/test_x509store.rb b/test/test_x509store.rb index 6ca80c86..af0d8b28 100644 --- a/test/test_x509store.rb +++ b/test/test_x509store.rb @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) class OpenSSL::TestX509Store < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 diff --git a/test/utils.rb b/test/utils.rb index 43ecd79e..bbc9c7ef 100644 --- a/test/utils.rb +++ b/test/utils.rb @@ -201,7 +201,16 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC end class OpenSSL::TestCase < Test::Unit::TestCase + def setup + if ENV["OSSL_GC_STRESS"] == "1" + GC.stress = true + end + end + def teardown + if ENV["OSSL_GC_STRESS"] == "1" + GC.stress = false + end # OpenSSL error stack must be empty assert_equal([], OpenSSL.errors) end @@ -212,6 +221,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC ITERATIONS = ($0 == __FILE__) ? 100 : 10 def setup + super @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA2048 @svr_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 @cli_key = OpenSSL::TestUtils::TEST_KEY_DSA1024 |