aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-27 13:43:58 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-04-27 23:07:42 +0900
commite605469019f038a01f385ee65a886a2057fd24f8 (patch)
tree2df432c3a35c66d426175a029d09e3b99768ad87
parent70f1019cbfbe7a65e2195dc7512ce108868fe1fd (diff)
downloadruby-e605469019f038a01f385ee65a886a2057fd24f8.tar.gz
ext/openssl: make ENGINE.cleanup no-op if using OpenSSL 1.1.0
-rw-r--r--ext/openssl/extconf.rb3
-rw-r--r--ext/openssl/ossl_engine.c4
-rw-r--r--test/openssl/test_engine.rb113
3 files changed, 72 insertions, 48 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index b2a09675e4..6f312220a6 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -112,7 +112,7 @@ have_func("EVP_MD_CTX_free")
have_func("HMAC_CTX_new")
have_func("HMAC_CTX_free")
have_func("HMAC_CTX_reset")
-have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations")
+have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations") # deprecated
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
have_func("X509_CRL_get0_signature")
@@ -131,6 +131,7 @@ have_func("SSL_CTX_get_ciphers")
have_func_like("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
have_func("SSL_SESSION_up_ref")
have_func("EVP_PKEY_up_ref")
+have_func("ENGINE_cleanup") # removed
Logging::message "=== Checking done. ===\n"
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
index 06c2867c2f..2553b30d8b 100644
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@@ -160,12 +160,16 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
* It is only necessary to run cleanup when engines are loaded via
* OpenSSL::Engine.load. However, running cleanup before exit is recommended.
*
+ * If you are using OpenSSL 1.1.0 or newer, this method is no-op.
+ *
* See also, https://www.openssl.org/docs/crypto/engine.html
*/
static VALUE
ossl_engine_s_cleanup(VALUE self)
{
+#if defined(HAVE_ENGINE_CLEANUP)
ENGINE_cleanup();
+#endif
return Qnil;
}
diff --git a/test/openssl/test_engine.rb b/test/openssl/test_engine.rb
index 3521de6396..439391de19 100644
--- a/test/openssl/test_engine.rb
+++ b/test/openssl/test_engine.rb
@@ -3,74 +3,93 @@ require_relative 'utils'
class OpenSSL::TestEngine < Test::Unit::TestCase
- def teardown
- OpenSSL::Engine.cleanup # [ruby-core:40669]
- assert_equal(0, OpenSSL::Engine.engines.size)
- end
-
def test_engines_free # [ruby-dev:44173]
- OpenSSL::Engine.load("openssl")
- OpenSSL::Engine.engines
- OpenSSL::Engine.engines
+ with_openssl <<-'end;'
+ OpenSSL::Engine.load("openssl")
+ OpenSSL::Engine.engines
+ OpenSSL::Engine.engines
+ end;
end
def test_openssl_engine_builtin
- engine = OpenSSL::Engine.load("openssl")
- assert_equal(true, engine)
- assert_equal(1, OpenSSL::Engine.engines.size)
+ with_openssl <<-'end;'
+ engine = OpenSSL::Engine.load("openssl")
+ assert_equal(true, engine)
+ assert_equal(1, OpenSSL::Engine.engines.size)
+ end;
end
def test_openssl_engine_by_id_string
- engine = get_engine
- assert_not_nil(engine)
- assert_equal(1, OpenSSL::Engine.engines.size)
+ with_openssl <<-'end;'
+ engine = get_engine
+ assert_not_nil(engine)
+ assert_equal(1, OpenSSL::Engine.engines.size)
+ end;
end
def test_openssl_engine_id_name_inspect
- engine = get_engine
- assert_equal("openssl", engine.id)
- assert_not_nil(engine.name)
- assert_not_nil(engine.inspect)
+ with_openssl <<-'end;'
+ engine = get_engine
+ assert_equal("openssl", engine.id)
+ assert_not_nil(engine.name)
+ assert_not_nil(engine.inspect)
+ end;
end
def test_openssl_engine_digest_sha1
- engine = get_engine
- digest = engine.digest("SHA1")
- assert_not_nil(digest)
- data = "test"
- assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data))
+ with_openssl <<-'end;'
+ engine = get_engine
+ digest = engine.digest("SHA1")
+ assert_not_nil(digest)
+ data = "test"
+ assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data))
+ end;
end
def test_openssl_engine_cipher_rc4
- engine = get_engine
- algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e)
- data = "a" * 1000
- key = OpenSSL::Random.random_bytes(16)
- # suppress message from openssl Engine's RC4 cipher [ruby-core:41026]
- err_back = $stderr.dup
- $stderr.reopen(IO::NULL)
- encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
- decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
- assert_equal(data, decrypted)
- ensure
- if err_back
- $stderr.reopen(err_back)
- err_back.close
- end
+ with_openssl <<-'end;'
+ begin
+ engine = get_engine
+ algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e)
+ data = "a" * 1000
+ key = OpenSSL::Random.random_bytes(16)
+ # suppress message from openssl Engine's RC4 cipher [ruby-core:41026]
+ err_back = $stderr.dup
+ $stderr.reopen(IO::NULL)
+ encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
+ decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
+ assert_equal(data, decrypted)
+ ensure
+ if err_back
+ $stderr.reopen(err_back)
+ err_back.close
+ end
+ end
+ end;
end
private
- def get_engine
- OpenSSL::Engine.by_id("openssl")
+ # this is required because OpenSSL::Engine methods change global state
+ def with_openssl(code)
+ assert_separately(["-ropenssl"], <<~"end;")
+ require #{__FILE__.dump}
+ include OpenSSL::TestEngine::Utils
+ #{code}
+ end;
end
- def crypt_data(data, key, mode)
- cipher = yield
- cipher.send mode
- cipher.key = key
- cipher.update(data) + cipher.final
- end
+ module Utils
+ def get_engine
+ OpenSSL::Engine.by_id("openssl")
+ end
-end if defined?(OpenSSL::TestUtils)
+ def crypt_data(data, key, mode)
+ cipher = yield
+ cipher.send mode
+ cipher.key = key
+ cipher.update(data) + cipher.final
+ end
+ end
+end if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine)