diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2017-09-24 16:59:33 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2017-09-24 16:59:33 +0900 |
commit | e72d960db2623b21ee001b5a7b9d9e6ff55bdf94 (patch) | |
tree | e8ca72f73d8f84498c556b94f2be24e5aa3e8ff8 /test | |
parent | 51ff8162bd454169010eadb8f2ef727402df04db (diff) | |
parent | 14e116554b56b722337b285adfc30481155dd1de (diff) | |
download | ruby-openssl-e72d960db2623b21ee001b5a7b9d9e6ff55bdf94.tar.gz |
Merge branch 'maint'
* maint:
Ruby/OpenSSL 2.0.6
test/test_engine: check if RC4 is supported
test/test_engine: suppress stderr
ossl.c: make legacy locking callbacks reentrant
ossl.c: use struct CRYPTO_dynlock_value for non-dynamic locks
ssl: prevent SSLSocket#sysread* from leaking uninitialized data
test/test_pair: replace sleep with IO.select
tool/ruby-openssl-docker: update
test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1
test/test_ssl: skip tmp_ecdh_callback test for LibreSSL >= 2.6.1
test/test_pair: disable compression
test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel
ruby.h: unnormalized Fixnum value
test/test_pair: fix test_write_nonblock{,_no_exceptions}
Diffstat (limited to 'test')
-rw-r--r-- | test/test_bn.rb | 1 | ||||
-rw-r--r-- | test/test_engine.rb | 36 | ||||
-rw-r--r-- | test/test_pair.rb | 81 | ||||
-rw-r--r-- | test/test_ssl.rb | 8 |
4 files changed, 77 insertions, 49 deletions
diff --git a/test/test_bn.rb b/test/test_bn.rb index 77390286..274afba3 100644 --- a/test/test_bn.rb +++ b/test/test_bn.rb @@ -270,6 +270,7 @@ class OpenSSL::TestBN < OpenSSL::TestCase assert_equal(1, @e1.cmp(-999)) assert_equal(0, @e1.ucmp(999)) assert_equal(0, @e1.ucmp(-999)) + assert_instance_of(String, @e1.hash.to_s) end end diff --git a/test/test_engine.rb b/test/test_engine.rb index 4f3973a7..bb1123d5 100644 --- a/test/test_engine.rb +++ b/test/test_engine.rb @@ -52,32 +52,28 @@ class OpenSSL::TestEngine < OpenSSL::TestCase end def test_openssl_engine_cipher_rc4 - with_openssl <<-'end;' - begin - engine = get_engine - algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e) - data = "a" * 1000 - key = OpenSSL::Random.random_bytes(16) - # suppress message from openssl Engine's RC4 cipher [ruby-core:41026] - err_back = $stderr.dup - $stderr.reopen(IO::NULL) - encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } - decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } - assert_equal(data, decrypted) - ensure - if err_back - $stderr.reopen(err_back) - err_back.close - end - end + begin + OpenSSL::Cipher.new("rc4") + rescue OpenSSL::Cipher::CipherError + pend "RC4 is not supported" + end + + with_openssl(<<-'end;', ignore_stderr: true) + engine = get_engine + algo = "RC4" + data = "a" * 1000 + key = OpenSSL::Random.random_bytes(16) + encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } + decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } + assert_equal(data, decrypted) end; end private # this is required because OpenSSL::Engine methods change global state - def with_openssl(code) - assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;") + def with_openssl(code, **opts) + assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;", **opts) require #{__FILE__.dump} include OpenSSL::TestEngine::Utils #{code} diff --git a/test/test_pair.rb b/test/test_pair.rb index 89cf41a8..55b62321 100644 --- a/test/test_pair.rb +++ b/test/test_pair.rb @@ -24,6 +24,7 @@ module OpenSSL::SSLPairM sctx.cert = @svr_cert sctx.key = @svr_key sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") } + sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx) ns = ssls.accept ssls.close @@ -217,7 +218,7 @@ module OpenSSL::TestPairM assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10) } assert_equal("def\n", ret) s1.close - sleep 0.1 + IO.select([s2]) assert_raise(EOFError) { s2.read_nonblock(10) } } end @@ -233,49 +234,71 @@ module OpenSSL::TestPairM assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10, exception: false) } assert_equal("def\n", ret) s1.close - sleep 0.1 + IO.select([s2]) assert_equal(nil, s2.read_nonblock(10, exception: false)) } end - def write_nonblock(socket, meth, str) - ret = socket.send(meth, str) - ret.is_a?(Symbol) ? 0 : ret - end + def test_read_with_outbuf + ssl_pair { |s1, s2| + s1.write("abc\n") + buf = "" + ret = s2.read(2, buf) + assert_same ret, buf + assert_equal "ab", ret + + buf = "garbage" + ret = s2.read(2, buf) + assert_same ret, buf + assert_equal "c\n", ret - def write_nonblock_no_ex(socket, str) - ret = socket.write_nonblock str, exception: false - ret.is_a?(Symbol) ? 0 : ret + buf = "garbage" + assert_equal :wait_readable, s2.read_nonblock(100, buf, exception: false) + assert_equal "", buf + + s1.close + buf = "garbage" + assert_equal nil, s2.read(100, buf) + assert_equal "", buf + } end def test_write_nonblock ssl_pair {|s1, s2| - n = 0 - begin - n += write_nonblock s1, :write_nonblock, "a" * 100000 - n += write_nonblock s1, :write_nonblock, "b" * 100000 - n += write_nonblock s1, :write_nonblock, "c" * 100000 - n += write_nonblock s1, :write_nonblock, "d" * 100000 - n += write_nonblock s1, :write_nonblock, "e" * 100000 - n += write_nonblock s1, :write_nonblock, "f" * 100000 - rescue IO::WaitWritable + assert_equal 3, s1.write_nonblock("foo") + assert_equal "foo", s2.read(3) + + data = "x" * 16384 + written = 0 + while true + begin + written += s1.write_nonblock(data) + rescue IO::WaitWritable, IO::WaitReadable + break + end end - s1.close - assert_equal(n, s2.read.length) + assert written > 0 + assert_equal written, s2.read(written).bytesize } end def test_write_nonblock_no_exceptions ssl_pair {|s1, s2| - n = 0 - n += write_nonblock_no_ex s1, "a" * 100000 - n += write_nonblock_no_ex s1, "b" * 100000 - n += write_nonblock_no_ex s1, "c" * 100000 - n += write_nonblock_no_ex s1, "d" * 100000 - n += write_nonblock_no_ex s1, "e" * 100000 - n += write_nonblock_no_ex s1, "f" * 100000 - s1.close - assert_equal(n, s2.read.length) + assert_equal 3, s1.write_nonblock("foo", exception: false) + assert_equal "foo", s2.read(3) + + data = "x" * 16384 + written = 0 + while true + case ret = s1.write_nonblock(data, exception: false) + when :wait_readable, :wait_writable + break + else + written += ret + end + end + assert written > 0 + assert_equal written, s2.read(written).bytesize } end diff --git a/test/test_ssl.rb b/test/test_ssl.rb index 3f17ab0d..ab6382d7 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -1015,6 +1015,7 @@ if openssl?(1, 0, 2) || libressl? ctx1 = OpenSSL::SSL::SSLContext.new ctx1.cert = @svr_cert ctx1.key = @svr_key + ctx1.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } ctx1.alpn_select_cb = -> (protocols) { nil } ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) @@ -1041,6 +1042,7 @@ end pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) + pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) advertised = ["http/1.1", "spdy/2"] ctx_proc = proc { |ctx| ctx.npn_protocols = advertised } @@ -1061,6 +1063,7 @@ end pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) + pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) advertised = Object.new def advertised.each @@ -1085,6 +1088,7 @@ end pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) + pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["http/1.1"] } start_server_version(:TLSv1_2, ctx_proc) { |port| @@ -1098,6 +1102,7 @@ end pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) + pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["a" * 256] } start_server_version(:TLSv1_2, ctx_proc) { |port| @@ -1111,6 +1116,7 @@ end pend "TLS 1.2 is not supported" unless tls12_supported? pend "NPN is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb) + pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1) ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["http/1.1"] } start_server_version(:TLSv1_2, ctx_proc) { |port| @@ -1241,6 +1247,8 @@ end pend "EC is disabled" unless defined?(OpenSSL::PKey::EC) pend "tmp_ecdh_callback is not supported" unless \ OpenSSL::SSL::SSLContext.method_defined?(:tmp_ecdh_callback) + pend "LibreSSL 2.6 has broken SSL_CTX_set_tmp_ecdh_callback()" \ + if libressl?(2, 6, 1) EnvUtil.suppress_warning do # tmp_ecdh_callback is deprecated (2016-05) called = false |