diff options
-rw-r--r-- | ext/openssl/extconf.rb | 1 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 4 | ||||
-rw-r--r-- | test/openssl/test_cipher.rb | 16 |
3 files changed, 13 insertions, 8 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index a812e59dc4..60132b352f 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -95,6 +95,7 @@ have_func("i2d_ASN1_SET_ANY") have_func("SSL_SESSION_cmp") # removed OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h") have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") +have_func("EVP_PKEY_get0") # added in 1.0.1 have_func("SSL_CTX_set_next_proto_select_cb") diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 897d6235b0..df27b1a858 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -47,6 +47,10 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0) #endif +#if !defined(HAVE_EVP_PKEY_GET0) +# define EVP_PKEY_get0(pk) (pk->pkey.ptr) +#endif + /* added in 1.0.2 */ #if !defined(OPENSSL_NO_EC) #if !defined(HAVE_EC_CURVE_NIST2NID) diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 8954cb666c..ad0e87b441 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -192,32 +192,32 @@ class OpenSSL::TestCipher < OpenSSL::TestCase cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad) assert_equal ct, cipher.update(pt) << cipher.final assert_equal tag, cipher.auth_tag - cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag) + cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad) assert_equal pt, cipher.update(ct) << cipher.final # truncated tag is accepted cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad) assert_equal ct, cipher.update(pt) << cipher.final assert_equal tag[0, 8], cipher.auth_tag(8) - cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag[0, 8]) + cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag[0, 8], auth_data: aad) assert_equal pt, cipher.update(ct) << cipher.final # wrong tag is rejected tag2 = tag.dup tag2.setbyte(-1, (tag2.getbyte(-1) + 1) & 0xff) - cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag2) + cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag2, auth_data: aad) cipher.update(ct) assert_raise(OpenSSL::Cipher::CipherError) { cipher.final } # wrong aad is rejected aad2 = aad[0..-2] << aad[-1].succ - cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad2, auth_tag: tag) + cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad2) cipher.update(ct) assert_raise(OpenSSL::Cipher::CipherError) { cipher.final } # wrong ciphertext is rejected ct2 = ct[0..-2] << ct[-1].succ - cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag) + cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad) cipher.update(ct2) assert_raise(OpenSSL::Cipher::CipherError) { cipher.final } end if has_cipher?("aes-128-gcm") @@ -241,7 +241,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase cipher = new_encryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_data: aad) assert_equal ct, cipher.update(pt) << cipher.final assert_equal tag, cipher.auth_tag - cipher = new_decryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_data: aad, auth_tag: tag) + cipher = new_decryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_tag: tag, auth_data: aad) assert_equal pt, cipher.update(ct) << cipher.final end if has_cipher?("aes-128-gcm") @@ -257,7 +257,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase cipher = new_encryptor("aes-128-ocb", key: key, iv: iv, auth_data: aad) assert_equal ct, cipher.update(pt) << cipher.final assert_equal tag, cipher.auth_tag - cipher = new_decryptor("aes-128-ocb", key: key, iv: iv, auth_data: aad, auth_tag: tag) + cipher = new_decryptor("aes-128-ocb", key: key, iv: iv, auth_tag: tag, auth_data: aad) assert_equal pt, cipher.update(ct) << cipher.final # RFC 7253 Appendix A; with 96 bits tag length @@ -274,7 +274,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase cipher = new_encryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_data: aad) assert_equal ct, cipher.update(pt) << cipher.final assert_equal tag, cipher.auth_tag - cipher = new_decryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_data: aad, auth_tag: tag) + cipher = new_decryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_tag: tag, auth_data: aad) assert_equal pt, cipher.update(ct) << cipher.final end if has_cipher?("aes-128-ocb") |