diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-10 22:42:10 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-21 00:46:34 +0900 |
commit | f01fe6cd88fc3198568467496fe1a1e66828f70b (patch) | |
tree | 6c39000601cc5d89b70d8c778c968262c2e60157 | |
parent | 79ff2cf3e55e6052161ab019f77aa2efbe45509a (diff) | |
download | ruby-f01fe6cd88fc3198568467496fe1a1e66828f70b.tar.gz |
wip
-rw-r--r-- | ext/openssl/extconf.rb | 31 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.c | 98 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 60 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl.h | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_cipher.c | 3 | ||||
-rw-r--r-- | ext/openssl/ossl_hmac.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 2 | ||||
-rw-r--r-- | test/openssl/test_cipher.rb | 1 | ||||
-rw-r--r-- | test/openssl/test_digest.rb | 7 | ||||
-rw-r--r-- | test/openssl/test_pair.rb | 7 | ||||
-rw-r--r-- | test/openssl/test_pkey_dsa.rb | 4 | ||||
-rw-r--r-- | test/openssl/test_pkey_ec.rb | 1 | ||||
-rw-r--r-- | test/openssl/test_ssl.rb | 2 | ||||
-rw-r--r-- | test/openssl/test_x509cert.rb | 2 | ||||
-rw-r--r-- | test/openssl/test_x509req.rb | 2 |
16 files changed, 93 insertions, 132 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index cf00db9a41..c231e7f206 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -149,21 +149,21 @@ if have_header("openssl/engine.h") have_func("ENGINE_get_digest") have_func("ENGINE_get_cipher") have_func("ENGINE_cleanup") - have_func("ENGINE_load_dynamic") - have_func("ENGINE_load_4758cca") - have_func("ENGINE_load_aep") - have_func("ENGINE_load_atalla") - have_func("ENGINE_load_chil") - have_func("ENGINE_load_cswift") - have_func("ENGINE_load_nuron") - have_func("ENGINE_load_sureware") - have_func("ENGINE_load_ubsec") - have_func("ENGINE_load_padlock") - have_func("ENGINE_load_capi") - have_func("ENGINE_load_gmp") - have_func("ENGINE_load_gost") - have_func("ENGINE_load_cryptodev") - have_func("ENGINE_load_aesni") + have_func_or_macro("ENGINE_load_dynamic", "openssl/engine.h") + have_func_or_macro("ENGINE_load_4758cca", "openssl/engine.h") + have_func_or_macro("ENGINE_load_aep", "openssl/engine.h") + have_func_or_macro("ENGINE_load_atalla", "openssl/engine.h") + have_func_or_macro("ENGINE_load_chil", "openssl/engine.h") + have_func_or_macro("ENGINE_load_cswift", "openssl/engine.h") + have_func_or_macro("ENGINE_load_nuron", "openssl/engine.h") + have_func_or_macro("ENGINE_load_sureware", "openssl/engine.h") + have_func_or_macro("ENGINE_load_ubsec", "openssl/engine.h") + have_func_or_macro("ENGINE_load_padlock", "openssl/engine.h") + have_func_or_macro("ENGINE_load_capi", "openssl/engine.h") + have_func_or_macro("ENGINE_load_gmp", "openssl/engine.h") + have_func_or_macro("ENGINE_load_gost", "openssl/engine.h") + have_func_or_macro("ENGINE_load_cryptodev", "openssl/engine.h") + have_func_or_macro("ENGINE_load_aesni", "openssl/engine.h") end have_func("DH_generate_parameters_ex") have_func("DSA_generate_parameters_ex") @@ -179,6 +179,7 @@ end have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h") have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h") +have_struct_member("EVP_PKEY", "type", "openssl/evp.h") have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS") have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION") have_func("CRYPTO_lock") # removed in OpenSSL 1.1 diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 9b19ca9d41..115f63b2d7 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -81,6 +81,7 @@ HMAC_CTX_reset(HMAC_CTX *ctx) EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); #endif + return 0; } #endif @@ -196,9 +197,9 @@ void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) { if (psig != NULL) - *psig = &crl->signature; + *psig = crl->signature; if (palg != NULL) - *palg = &crl->sig_alg; + *palg = crl->sig_alg; } #endif @@ -207,25 +208,9 @@ void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req) { if (psig != NULL) - *psig = &req->signature; + *psig = req->signature; if (palg != NULL) - *palg = &req->sig_alg; -} -#endif - -#if !defined(HAVE_X509_GET0_TBS_SIGALG) -X509_ALGOR * -X509_get0_tbs_sigalg(X509 *x) -{ - return x->cert_info->signature; -} -#endif - -#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER) -ASN1_INTEGER * -X509_REVOKED_get0_serialNumber(X509_REVOKED *x) -{ - return &x->serialNumber; + *palg = req->sig_alg; } #endif @@ -240,14 +225,6 @@ X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) } #endif -#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE) -ASN1_TIME * -X509_REVOKED_get0_revocationDate(X509_REVOKED *x) -{ - return x->revocationDate; -} -#endif - /* EVP_MD */ #include <openssl/evp.h> @@ -330,50 +307,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in) } #endif -#if !defined(HAVE_EVP_PKEY_ID) /* 1.1.0 */ -int -EVP_PKEY_id(const EVP_PKEY *pkey) -{ - return pkey->type; -} - -RSA * -EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_RSA) - return NULL; - return pkey->pkey.rsa; -} - -DSA * -EVP_PKEY_get0_DSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DSA) - return NULL; - return pkey->pkey.dsa; -} - -#if !defined(OPENSSL_NO_EC) -EC_KEY * -EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_EC) - return NULL; - return pkey->pkey.ec; -} -#endif - -#if !defined(OPENSSL_NO_DH) -DH * -EVP_PKEY_get0_DH(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DH) - return NULL; - return pkey->pkey.dh; -} -#endif -#endif - /* BIGNUM */ #if !defined(HAVE_BN_MOD_SQR) int @@ -488,27 +421,6 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, } #endif -#if !defined(HAVE_BN_GENCB_NEW) -/* BN_GENCB_{new,free,get_arg} are new in 1.1.0 */ -BN_GENCB * -BN_GENCB_new(void) -{ - return (BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)); -} - -void -BN_GENCB_free(BN_GENCB *cb) -{ - OPENSSL_free(cb); -} - -void * -BN_GENCB_get_arg(BN_GENCB *cb) -{ - return cb->arg; -} -#endif - #if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE) #define OPENSSL_CONF "openssl.cnf" char * diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index a1167a2f41..1afdbed8dd 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -73,7 +73,7 @@ HMAC_CTX *HMAC_CTX_new(void); #endif #if !defined(HAVE_HMAC_CTX_FREE) -HMAC_CTX *HMAC_CTX_free(void); +void HMAC_CTX_free(HMAC_CTX *ctx); #endif #if !defined(HAVE_HMAC_CTX_COPY) @@ -178,12 +178,6 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range); int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range); #endif -#if !defined(HAVE_BN_GENCB_NEW) -BN_GENCB *BN_GENCB_new(void); -void BN_GENCB_free(BN_GENCB *cb); -void *BN_GENCB_get_arg(BN_GENCB *cb); -#endif - #if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE) char *CONF_get1_default_config_file(void); #endif @@ -251,15 +245,63 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509) # define X509_CRL_up_ref(x) \ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_CRL); +# define X509_STORE_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_STORE); # define SSL_SESSION_up_ref(x) \ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_SSL_SESSION); # define EVP_PKEY_up_ref(x) \ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY); #endif -#if defined(__cplusplus) -} +/* EVP_PKEY */ +#if !defined(HAVE_EVP_PKEY_ID) +# define EVP_PKEY_id(pkey) (pkey->type) +#endif + +#if defined(HAVE_EVP_PKEY_TYPE) /* is not opaque */ +# define EVP_PKEY_get0_RSA(p) (p->pkey.rsa) +# define EVP_PKEY_get0_DSA(p) (p->pkey.dsa) +# define EVP_PKEY_get0_EC_KEY(p) (p->pkey.ec) +# define EVP_PKEY_get0_DH(p) (p->pkey.dh) #endif +/* HMAC */ +#if !defined(HAVE_HMAC_CTX_RESET) +int HMAC_CTX_reset(HMAC_CTX *ctx); +#endif +#if !defined(HAVE_HMAC_INIT_EX) +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, void *impl); +#endif + +#if !defined(HAVE_HMAC_CTX_NEW) +HMAC_CTX *HMAC_CTX_new(void); +#endif + +/* BN_GENCB */ +#if !defined(HAVE_BN_GENCB_NEW) +# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB))) +# define BN_GENCB_free(cb) OPENSSL_free(cb) +# define BN_GENCB_get_arg(cb) cb->arg +#endif + +/* X509 */ +#if !defined(HAVE_X509_GET0_TBS_SIGALG) +# define X509_get0_tbs_sigalg(x) (x->cert_info->signature) +#endif + +#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER) +# define X509_REVOKED_get0_serialNumber(x) (x->serialNumber) +#endif + +#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE) +# define X509_REVOKED_get0_revocationDate(x) (x->revocationDate) +#endif + + + + +#if defined(__cplusplus) +} +#endif #endif /* _OSSL_OPENSSL_MISSING_H_ */ diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 770a08cfd3..b6f85477dd 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -1070,6 +1070,7 @@ Init_openssl(void) ERR_load_crypto_strings(); SSL_load_error_strings(); + /* * FIXME: * On unload do: diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 91d9d035a8..ea5eb076d0 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -68,7 +68,7 @@ extern "C" { #endif #undef X509_NAME #undef PKCS7_SIGNER_INFO -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE) +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHERINIT_EX) # define OSSL_ENGINE_ENABLED # include <openssl/engine.h> #endif diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index e4b9a022d2..a812f0ccba 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -113,9 +113,8 @@ ossl_cipher_initialize(VALUE self, VALUE str) } ctx = EVP_CIPHER_CTX_new(); - if (!ctx) { + if (!ctx) ossl_raise(rb_eRuntimeError, "EVP_CIPHER_CTX_new() failed"); - } RTYPEDDATA_DATA(self) = ctx; if (!(cipher = EVP_get_cipherbyname(name))) { ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name); diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index 8febeb7c3f..703ea6505c 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -166,7 +166,7 @@ hmac_final(HMAC_CTX *ctx, unsigned char **buf, unsigned int *buf_len) HMAC_CTX_copy(final, ctx); if (!(*buf = OPENSSL_malloc(HMAC_size(final)))) { HMAC_CTX_free(final); - OSSL_Debug("Allocating %"PRIuSIZE" mem", HMAC_size(final)); + OSSL_Debug("Allocating %"PRIuSIZE" mem", (size_t)HMAC_size(final)); ossl_raise(eHMACError, "Cannot allocate memory for hmac"); } HMAC_Final(final, *buf, buf_len); diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index bb6fe14d87..900bd81b04 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -98,7 +98,7 @@ DupX509StorePtr(VALUE obj) X509_STORE *store; SafeGetX509Store(obj, store); - CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); + X509_STORE_up_ref(store); return store; } diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index dae069e43c..6a6c9bf0fd 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -105,6 +105,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase def test_ciphers OpenSSL::Cipher.ciphers.each{|name| next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name + next if /ChaCha/i =~ name begin assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name)) rescue OpenSSL::Cipher::CipherError => e diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb index 8b724a03a9..579377fa23 100644 --- a/test/openssl/test_digest.rb +++ b/test/openssl/test_digest.rb @@ -58,9 +58,10 @@ class OpenSSL::TestDigest < Test::Unit::TestCase end def test_digest_constants - algs = %w(DSS1 MD4 MD5 RIPEMD160 SHA1) - if !libressl? || !version_since([2,3]) - algs += %w(SHA) + algs = %w(MD4 MD5 RIPEMD160 SHA1) + if libressl? && !version_since([2,3]) || + OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 + algs += %w(DSS1 SHA) end if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000 algs += %w(SHA224 SHA256 SHA384 SHA512) diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb index 06c34442b7..1a45afc085 100644 --- a/test/openssl/test_pair.rb +++ b/test/openssl/test_pair.rb @@ -11,7 +11,7 @@ module OpenSSL::SSLPairM host = "127.0.0.1" port = 0 ctx = OpenSSL::SSL::SSLContext.new() - ctx.ciphers = "ADH" + ctx.ciphers = "DH" ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::TEST_KEY_DH1024 } tcps = create_tcp_server(host, port) ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) @@ -21,7 +21,7 @@ module OpenSSL::SSLPairM def client(port) host = "127.0.0.1" ctx = OpenSSL::SSL::SSLContext.new() - ctx.ciphers = "ADH" + ctx.ciphers = "DH" s = create_tcp_client(host, port) ssl = OpenSSL::SSL::SSLSocket.new(s, ctx) ssl.connect @@ -49,6 +49,9 @@ module OpenSSL::SSLPairM else return c, s end + rescue =>x + STDERR.puts x.inspect + STDERR.puts x.backtrace ensure if th&.alive? th.kill diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb index eb3e4f1c65..f452317dc3 100644 --- a/test/openssl/test_pkey_dsa.rb +++ b/test/openssl/test_pkey_dsa.rb @@ -40,7 +40,7 @@ class OpenSSL::TestPKeyDSA < Test::Unit::TestCase def test_sign_verify check_sign_verify(OpenSSL::Digest::DSS1.new) - end + end if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 # OpenSSL 1.1.0 removed DSS1 if (OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000) def test_sign_verify_sha1 @@ -62,7 +62,7 @@ end digest1 << 'Change state of digest1' assert(key.verify(digest1, sig, data)) assert(key.verify(digest2, sig, data)) - end + end if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 # OpenSSL 1.1.0 removed DSS1 def test_read_DSA_PUBKEY p = 7188211954100152441468596248707152960171255279130004340103875772401008316444412091945435731597638374542374929457672178957081124632837356913990200866056699 diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index fe128fd455..bfed06185a 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -13,6 +13,7 @@ class OpenSSL::TestEC < Test::Unit::TestCase OpenSSL::PKey::EC.builtin_curves.each do |curve, comment| next if curve.start_with?("Oakley") # Oakley curves are not suitable for ECDSA + next if /x25519/i =~ curve # ignore X25519 group = OpenSSL::PKey::EC::Group.new(curve) key = OpenSSL::PKey::EC.new(group) diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb index 6e9078dace..2c3bf464fd 100644 --- a/test/openssl/test_ssl.rb +++ b/test/openssl/test_ssl.rb @@ -814,7 +814,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase hostname = 'example.org' ctx2 = OpenSSL::SSL::SSLContext.new - ctx2.ciphers = "DH" + #ctx2.ciphers = "DH" ctx2.servername_cb = lambda do |args| cb_socket = args[0] lambda_called = args[1] diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index 72cb9e6095..adf637dccd 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -171,7 +171,7 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) rescue OpenSSL::X509::CertificateError - end + end if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 # OpenSSL 1.1.0 removed DSS1 def test_sign_and_verify_dsa_md5 assert_raise(OpenSSL::X509::CertificateError){ diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb index f1bf18465f..24d62de09a 100644 --- a/test/openssl/test_x509req.rb +++ b/test/openssl/test_x509req.rb @@ -140,7 +140,7 @@ class OpenSSL::TestX509Request < Test::Unit::TestCase assert_equal(false, req.verify(@rsa1024)) rescue OpenSSL::X509::RequestError skip - end + end if OpenSSL::OPENSSL_VERSION_NUMBER < 0x10100000 # OpenSSL 1.1.0 removed DSS1 def test_sign_and_verify_dsa_md5 assert_raise(OpenSSL::X509::RequestError){ |