From e0bf4c6884a6e3f92998fa34a13ec4a15a464516 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 18 May 2016 01:06:14 +0900 Subject: openssl: clear OpenSSL error queue before return to Ruby * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() family may put errors on 0 return (0 means verification failure). Clear OpenSSL error queue before return to Ruby. Since the queue is thread global, remaining errors in the queue can cause an unexpected error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error queue before re-raising exception. * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. * test/openssl: check that OpenSSL.errors is empty every time after running a test case. --- ChangeLog | 26 ++++++++++++++++++++++++++ ext/openssl/ossl_pkey_dh.c | 6 +++++- ext/openssl/ossl_pkey_dsa.c | 9 ++++++++- ext/openssl/ossl_pkey_rsa.c | 6 +++++- ext/openssl/ossl_ssl.c | 7 +++++-- ext/openssl/ossl_x509cert.c | 15 ++++++++------- ext/openssl/ossl_x509crl.c | 14 +++++++------- ext/openssl/ossl_x509req.c | 14 +++++++------- ext/openssl/ossl_x509store.c | 16 +++++++++++----- test/openssl/test_asn1.rb | 2 +- test/openssl/test_bn.rb | 2 +- test/openssl/test_buffering.rb | 2 +- test/openssl/test_cipher.rb | 3 ++- test/openssl/test_config.rb | 3 ++- test/openssl/test_digest.rb | 3 ++- test/openssl/test_engine.rb | 3 ++- test/openssl/test_fips.rb | 2 +- test/openssl/test_hmac.rb | 5 +---- test/openssl/test_ns_spki.rb | 2 +- test/openssl/test_ocsp.rb | 2 +- test/openssl/test_pair.rb | 12 ++++++------ test/openssl/test_pkcs12.rb | 2 +- test/openssl/test_pkcs5.rb | 2 +- test/openssl/test_pkcs7.rb | 2 +- test/openssl/test_pkey_dh.rb | 2 +- test/openssl/test_pkey_dsa.rb | 12 +----------- test/openssl/test_pkey_ec.rb | 7 +------ test/openssl/test_pkey_rsa.rb | 11 +---------- test/openssl/test_random.rb | 2 +- test/openssl/test_x509cert.rb | 5 +---- test/openssl/test_x509crl.rb | 5 +---- test/openssl/test_x509ext.rb | 5 +---- test/openssl/test_x509name.rb | 5 +---- test/openssl/test_x509req.rb | 2 +- test/openssl/test_x509store.rb | 5 +---- test/openssl/utils.rb | 12 ++++++++---- 36 files changed, 125 insertions(+), 108 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0940f98926..5663cf3774 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,29 @@ +Wed May 18 13:03:07 2016 Kazuki Yamaguchi + + * ext/openssl/ossl_x509cert.c (ossl_x509_verify): X509_verify() + family may put errors on 0 return (0 means verification failure). + Clear OpenSSL error queue before return to Ruby. Since the queue is + thread global, remaining errors in the queue can cause an unexpected + error in the next OpenSSL operation. [ruby-core:48284] [Bug #7215] + + * ext/openssl/ossl_x509crl.c (ossl_x509crl_verify): ditto. + + * ext/openssl/ossl_x509req.c (ossl_x509req_verify): ditto. + + * ext/openssl/ossl_x509store.c (ossl_x509stctx_verify): ditto. + + * ext/openssl/ossl_pkey_dh.c (dh_generate): clear the OpenSSL error + queue before re-raising exception. + + * ext/openssl/ossl_pkey_dsa.c (dsa_generate): ditto. + + * ext/openssl/ossl_pkey_rsa.c (rsa_generate): ditto. + + * ext/openssl/ossl_ssl.c (ossl_start_ssl): ditto. + + * test/openssl: check that OpenSSL.errors is empty every time after + running a test case. + Wed May 18 12:07:42 2016 Kazuki Yamaguchi * ext/openssl/ossl.c (ossl_clear_error): Extracted from diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 2f79bfb2f6..19c517fd3c 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -129,7 +129,11 @@ dh_generate(int size, int gen) if (!gen_arg.result) { DH_free(dh); - if (cb_arg.state) rb_jump_tag(cb_arg.state); + if (cb_arg.state) { + /* Clear OpenSSL error queue before re-raising. */ + ossl_clear_error(); + rb_jump_tag(cb_arg.state); + } return 0; } #else diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 2e42a0cef5..4c0c3f1bd7 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -135,7 +135,14 @@ dsa_generate(int size) } if (!gen_arg.result) { DSA_free(dsa); - if (cb_arg.state) rb_jump_tag(cb_arg.state); + if (cb_arg.state) { + /* Clear OpenSSL error queue before re-raising. By the way, the + * documentation of DSA_generate_parameters_ex() says the error code + * can be obtained by ERR_get_error(), but the default + * implementation, dsa_builtin_paramgen() doesn't put any error... */ + ossl_clear_error(); + rb_jump_tag(cb_arg.state); + } return 0; } #else diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 20b993abb8..6ad9f3eda5 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -139,7 +139,11 @@ rsa_generate(int size, unsigned long exp) if (!gen_arg.result) { BN_free(e); RSA_free(rsa); - if (cb_arg.state) rb_jump_tag(cb_arg.state); + if (cb_arg.state) { + /* must clear OpenSSL error stack */ + ossl_clear_error(); + rb_jump_tag(cb_arg.state); + } return 0; } diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 10797109fd..938e36f18a 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -1288,8 +1288,11 @@ ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, VALUE opts) ret = func(ssl); cb_state = rb_ivar_get(self, ID_callback_state); - if (!NIL_P(cb_state)) - rb_jump_tag(NUM2INT(cb_state)); + if (!NIL_P(cb_state)) { + /* must cleanup OpenSSL error stack before re-raising */ + ossl_clear_error(); + rb_jump_tag(NUM2INT(cb_state)); + } if (ret > 0) break; diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 4dafae17b9..226704efc6 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -591,18 +591,19 @@ ossl_x509_verify(VALUE self, VALUE key) { X509 *x509; EVP_PKEY *pkey; - int i; pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ GetX509(self, x509); - if ((i = X509_verify(x509, pkey)) < 0) { - ossl_raise(eX509CertError, NULL); - } - if (i > 0) { + + switch (X509_verify(x509, pkey)) { + case 1: return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CertError, NULL); } - - return Qfalse; } /* diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index f64712efcd..a660cccebc 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -360,17 +360,17 @@ static VALUE ossl_x509crl_verify(VALUE self, VALUE key) { X509_CRL *crl; - int ret; GetX509CRL(self, crl); - if ((ret = X509_CRL_verify(crl, GetPKeyPtr(key))) < 0) { - ossl_raise(eX509CRLError, NULL); - } - if (ret == 1) { + switch (X509_CRL_verify(crl, GetPKeyPtr(key))) { + case 1: return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CRLError, NULL); } - - return Qfalse; } static VALUE diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index e5ce088a15..c1cdca5fbe 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -375,18 +375,18 @@ ossl_x509req_verify(VALUE self, VALUE key) { X509_REQ *req; EVP_PKEY *pkey; - int i; GetX509Req(self, req); pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ - if ((i = X509_REQ_verify(req, pkey)) < 0) { - ossl_raise(eX509ReqError, NULL); - } - if (i > 0) { + switch (X509_REQ_verify(req, pkey)) { + case 1: return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509ReqError, NULL); } - - return Qfalse; } static VALUE diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index bb6fe14d87..aca25b150c 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -464,14 +464,20 @@ static VALUE ossl_x509stctx_verify(VALUE self) { X509_STORE_CTX *ctx; - int result; GetX509StCtx(self, ctx); X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, - (void*)rb_iv_get(self, "@verify_callback")); - result = X509_verify_cert(ctx); - - return result ? Qtrue : Qfalse; + (void *)rb_iv_get(self, "@verify_callback")); + + switch (X509_verify_cert(ctx)) { + case 1: + return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CertError, NULL); + } } static VALUE diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb index fd2118d808..9db9ec510b 100644 --- a/test/openssl/test_asn1.rb +++ b/test/openssl/test_asn1.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestASN1 < Test::Unit::TestCase +class OpenSSL::TestASN1 < OpenSSL::TestCase def test_decode subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA") key = OpenSSL::TestUtils::TEST_KEY_RSA1024 diff --git a/test/openssl/test_bn.rb b/test/openssl/test_bn.rb index 415bd74c79..37ba5e5595 100644 --- a/test/openssl/test_bn.rb +++ b/test/openssl/test_bn.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestBN < Test::Unit::TestCase +class OpenSSL::TestBN < OpenSSL::TestCase def test_new_str e1 = OpenSSL::BN.new(999.to_s(16), 16) # OpenSSL::BN.new(str, 16) must be most stable e2 = OpenSSL::BN.new((2**107-1).to_s(16), 16) diff --git a/test/openssl/test_buffering.rb b/test/openssl/test_buffering.rb index 1f552c935b..1f42cd3c31 100644 --- a/test/openssl/test_buffering.rb +++ b/test/openssl/test_buffering.rb @@ -2,7 +2,7 @@ require_relative 'utils' require 'stringio' -class OpenSSL::TestBuffering < Test::Unit::TestCase +class OpenSSL::TestBuffering < OpenSSL::TestCase class IO include OpenSSL::Buffering diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 32f0d118f4..dab64aa5a1 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestCipher < Test::Unit::TestCase +class OpenSSL::TestCipher < OpenSSL::TestCase class << self @@ -34,6 +34,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase end def teardown + super @c1 = @c2 = nil end diff --git a/test/openssl/test_config.rb b/test/openssl/test_config.rb index 1a5dfe62e8..bedd1d047c 100644 --- a/test/openssl/test_config.rb +++ b/test/openssl/test_config.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestConfig < Test::Unit::TestCase +class OpenSSL::TestConfig < OpenSSL::TestCase def setup file = Tempfile.open("openssl.cnf") file << <<__EOD__ @@ -18,6 +18,7 @@ __EOD__ end def teardown + super @tmpfile.close! end diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb index 8b724a03a9..ba3e974bc6 100644 --- a/test/openssl/test_digest.rb +++ b/test/openssl/test_digest.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestDigest < Test::Unit::TestCase +class OpenSSL::TestDigest < OpenSSL::TestCase def setup @d1 = OpenSSL::Digest.new("MD5") @d2 = OpenSSL::Digest::MD5.new @@ -12,6 +12,7 @@ class OpenSSL::TestDigest < Test::Unit::TestCase end def teardown + super @d1 = @d2 = @md = nil end diff --git a/test/openssl/test_engine.rb b/test/openssl/test_engine.rb index 3521de6396..9a0da34070 100644 --- a/test/openssl/test_engine.rb +++ b/test/openssl/test_engine.rb @@ -1,9 +1,10 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestEngine < Test::Unit::TestCase +class OpenSSL::TestEngine < OpenSSL::TestCase def teardown + super OpenSSL::Engine.cleanup # [ruby-core:40669] assert_equal(0, OpenSSL::Engine.engines.size) end diff --git a/test/openssl/test_fips.rb b/test/openssl/test_fips.rb index 33769c9388..534dade02b 100644 --- a/test/openssl/test_fips.rb +++ b/test/openssl/test_fips.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestFIPS < Test::Unit::TestCase +class OpenSSL::TestFIPS < OpenSSL::TestCase def test_fips_mode_is_reentrant OpenSSL.fips_mode = false diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb index 135d26f02c..3c90a5de02 100644 --- a/test/openssl/test_hmac.rb +++ b/test/openssl/test_hmac.rb @@ -3,7 +3,7 @@ require_relative 'utils' -class OpenSSL::TestHMAC < Test::Unit::TestCase +class OpenSSL::TestHMAC < OpenSSL::TestCase def setup @digest = OpenSSL::Digest::MD5 @key = "KEY" @@ -12,9 +12,6 @@ class OpenSSL::TestHMAC < Test::Unit::TestCase @h2 = OpenSSL::HMAC.new(@key, "MD5") end - def teardown - end - def test_hmac @h1.update(@data) @h2.update(@data) diff --git a/test/openssl/test_ns_spki.rb b/test/openssl/test_ns_spki.rb index 4f6e6f59e7..4740c0b29e 100644 --- a/test/openssl/test_ns_spki.rb +++ b/test/openssl/test_ns_spki.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestNSSPI < Test::Unit::TestCase +class OpenSSL::TestNSSPI < OpenSSL::TestCase def setup # This request data is adopt from the specification of # "Netscape Extensions for User Key Generation". diff --git a/test/openssl/test_ocsp.rb b/test/openssl/test_ocsp.rb index 1a969fd767..d04b421615 100644 --- a/test/openssl/test_ocsp.rb +++ b/test/openssl/test_ocsp.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestOCSP < Test::Unit::TestCase +class OpenSSL::TestOCSP < OpenSSL::TestCase def setup ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA") ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb index 06c34442b7..38b33a4622 100644 --- a/test/openssl/test_pair.rb +++ b/test/openssl/test_pair.rb @@ -517,36 +517,36 @@ module OpenSSL::TestPairM end end -class OpenSSL::TestEOF1 < Test::Unit::TestCase +class OpenSSL::TestEOF1 < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPair include OpenSSL::TestEOF1M end -class OpenSSL::TestEOF1LowlevelSocket < Test::Unit::TestCase +class OpenSSL::TestEOF1LowlevelSocket < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPairLowlevelSocket include OpenSSL::TestEOF1M end -class OpenSSL::TestEOF2 < Test::Unit::TestCase +class OpenSSL::TestEOF2 < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPair include OpenSSL::TestEOF2M end -class OpenSSL::TestEOF2LowlevelSocket < Test::Unit::TestCase +class OpenSSL::TestEOF2LowlevelSocket < OpenSSL::TestCase include TestEOF include OpenSSL::SSLPairLowlevelSocket include OpenSSL::TestEOF2M end -class OpenSSL::TestPair < Test::Unit::TestCase +class OpenSSL::TestPair < OpenSSL::TestCase include OpenSSL::SSLPair include OpenSSL::TestPairM end -class OpenSSL::TestPairLowlevelSocket < Test::Unit::TestCase +class OpenSSL::TestPairLowlevelSocket < OpenSSL::TestCase include OpenSSL::SSLPairLowlevelSocket include OpenSSL::TestPairM end diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb index ba07d76789..61fb447473 100644 --- a/test/openssl/test_pkcs12.rb +++ b/test/openssl/test_pkcs12.rb @@ -4,7 +4,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) module OpenSSL - class TestPKCS12 < Test::Unit::TestCase + class TestPKCS12 < OpenSSL::TestCase include OpenSSL::TestUtils def setup diff --git a/test/openssl/test_pkcs5.rb b/test/openssl/test_pkcs5.rb index f38fd716b7..ad8132c263 100644 --- a/test/openssl/test_pkcs5.rb +++ b/test/openssl/test_pkcs5.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false require_relative 'utils' -class OpenSSL::TestPKCS5 < Test::Unit::TestCase +class OpenSSL::TestPKCS5 < OpenSSL::TestCase def test_pbkdf2_hmac_sha1_rfc6070_c_1_len_20 p ="password" diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb index ce99db50b1..dfe4c6ca82 100644 --- a/test/openssl/test_pkcs7.rb +++ b/test/openssl/test_pkcs7.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKCS7 < Test::Unit::TestCase +class OpenSSL::TestPKCS7 < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb index a0eca53c48..afd7a3187c 100644 --- a/test/openssl/test_pkey_dh.rb +++ b/test/openssl/test_pkey_dh.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKeyDH < Test::Unit::TestCase +class OpenSSL::TestPKeyDH < OpenSSL::TestCase NEW_KEYLEN = 256 diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb index eb3e4f1c65..2c0e1fc24f 100644 --- a/test/openssl/test_pkey_dsa.rb +++ b/test/openssl/test_pkey_dsa.rb @@ -4,7 +4,7 @@ require 'base64' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKeyDSA < Test::Unit::TestCase +class OpenSSL::TestPKeyDSA < OpenSSL::TestCase def test_private key = OpenSSL::PKey::DSA.new(256) assert(key.private?) @@ -20,7 +20,6 @@ class OpenSSL::TestPKeyDSA < Test::Unit::TestCase key = OpenSSL::PKey::DSA.new 256 pem = key.public_key.to_pem OpenSSL::PKey::DSA.new pem - assert_equal([], OpenSSL.errors) end def test_new_break @@ -84,7 +83,6 @@ end assert_equal(g, key.g) assert_equal(y, key.pub_key) assert_equal(nil, key.priv_key) - assert_equal([], OpenSSL.errors) end def test_read_DSAPublicKey_pem @@ -109,7 +107,6 @@ fWLOqqkzFeRrYMDzUpl36XktY6Yq8EJYlW9pCMmBVNy/dQ== assert_equal(g, key.g) assert_equal(y, key.pub_key) assert_equal(nil, key.priv_key) - assert_equal([], OpenSSL.errors) end def test_read_DSA_PUBKEY_pem @@ -135,7 +132,6 @@ YNMbNw== assert_equal(g, key.g) assert_equal(y, key.pub_key) assert_equal(nil, key.priv_key) - assert_equal([], OpenSSL.errors) end def test_export_format_is_DSA_PUBKEY_pem @@ -165,7 +161,6 @@ YNMbNw== pub_key = OpenSSL::ASN1.decode(seq[1].value) assert_equal(OpenSSL::ASN1::INTEGER, pub_key.tag) assert_equal(key.pub_key, pub_key.value) - assert_equal([], OpenSSL.errors) end def test_read_private_key_der @@ -174,7 +169,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(der) assert(key2.private?) assert_equal(der, key2.to_der) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem @@ -183,7 +177,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(pem) assert(key2.private?) assert_equal(pem, key2.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_public_key_der @@ -192,7 +185,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(der) assert(!key2.private?) assert_equal(der, key2.to_der) - assert_equal([], OpenSSL.errors) end def test_read_public_key_pem @@ -201,7 +193,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(pem) assert(!key2.private?) assert_equal(pem, key2.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw @@ -216,7 +207,6 @@ YNMbNw== key2 = OpenSSL::PKey.read(pem, 'secret') assert(key2.private?) #omit pem equality check, will be different due to cipher iv - assert_equal([], OpenSSL.errors) end def test_export_password_length diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index d3edcc47b4..c530ee06b0 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::PKey::EC) -class OpenSSL::TestEC < Test::Unit::TestCase +class OpenSSL::TestEC < OpenSSL::TestCase def setup @data1 = 'foo' @data2 = 'bar' * 1000 # data too long for DSA sig @@ -131,7 +131,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec2 = OpenSSL::PKey.read(der) assert(ec2.private_key?) assert_equal(der, ec2.to_der) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem @@ -140,7 +139,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec2 = OpenSSL::PKey.read(pem) assert(ec2.private_key?) assert_equal(pem, ec2.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_public_key_der @@ -151,7 +149,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec3 = OpenSSL::PKey.read(der) assert(!ec3.private_key?) assert_equal(der, ec3.to_der) - assert_equal([], OpenSSL.errors) end def test_read_public_key_pem @@ -162,7 +159,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec3 = OpenSSL::PKey.read(pem) assert(!ec3.private_key?) assert_equal(pem, ec3.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw @@ -177,7 +173,6 @@ class OpenSSL::TestEC < Test::Unit::TestCase ec2 = OpenSSL::PKey.read(pem, 'secret') assert(ec2.private_key?) #omit pem equality check, will be different due to cipher iv - assert_equal([], OpenSSL.errors) end def test_export_password_length diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index 165b1ec98e..54fce2f59e 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -4,7 +4,7 @@ require 'base64' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestPKeyRSA < Test::Unit::TestCase +class OpenSSL::TestPKeyRSA < OpenSSL::TestCase def test_padding key = OpenSSL::PKey::RSA.new(512, 3) @@ -180,7 +180,6 @@ AudJR1JobbIbDJrQu6AXnWh5k/YtAgMBAAE= assert_equal(nil, key.d) assert_equal(nil, key.p) assert_equal(nil, key.q) - assert_equal([], OpenSSL.errors) end def test_read_RSA_PUBKEY_pem @@ -201,7 +200,6 @@ AwEAAQ== assert_equal(nil, key.d) assert_equal(nil, key.p) assert_equal(nil, key.q) - assert_equal([], OpenSSL.errors) end def test_export_format_is_RSA_PUBKEY @@ -223,7 +221,6 @@ AwEAAQ== key = OpenSSL::PKey.read(der) assert(key.private?) assert_equal(der, key.to_der) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem @@ -231,7 +228,6 @@ AwEAAQ== key = OpenSSL::PKey.read(pem) assert(key.private?) assert_equal(pem, key.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_public_key_der @@ -239,7 +235,6 @@ AwEAAQ== key = OpenSSL::PKey.read(der) assert(!key.private?) assert_equal(der, key.to_der) - assert_equal([], OpenSSL.errors) end def test_read_public_key_pem @@ -247,7 +242,6 @@ AwEAAQ== key = OpenSSL::PKey.read(pem) assert(!key.private?) assert_equal(pem, key.to_pem) - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw @@ -261,7 +255,6 @@ AwEAAQ== key = OpenSSL::PKey.read(pem, 'secret') assert(key.private?) #omit pem equality check, will be different due to cipher iv - assert_equal([], OpenSSL.errors) end def test_read_private_key_pem_pw_exception @@ -272,7 +265,6 @@ AwEAAQ== raise RuntimeError end end - assert_equal([], OpenSSL.errors) end def test_export_password_length @@ -306,7 +298,6 @@ AwEAAQ== assert_equal(key.n, pub_key.value[0].value) assert_equal(OpenSSL::ASN1::INTEGER, pub_key.value[1].tag) assert_equal(key.e, pub_key.value[1].value) - assert_equal([], OpenSSL.errors) end end diff --git a/test/openssl/test_random.rb b/test/openssl/test_random.rb index 8c69d5431c..defa09dd75 100644 --- a/test/openssl/test_random.rb +++ b/test/openssl/test_random.rb @@ -4,7 +4,7 @@ begin rescue LoadError end -class OpenSSL::TestRandom < Test::Unit::TestCase +class OpenSSL::TestRandom < OpenSSL::TestCase def test_random_bytes assert_equal("", OpenSSL::Random.random_bytes(0)) assert_equal(12, OpenSSL::Random.random_bytes(12).bytesize) diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb index 72cb9e6095..ae7a0f0855 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Certificate < Test::Unit::TestCase +class OpenSSL::TestX509Certificate < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @@ -14,9 +14,6 @@ class OpenSSL::TestX509Certificate < Test::Unit::TestCase @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") end - def teardown - end - def issue_cert(*args) OpenSSL::TestUtils.issue_cert(*args) end diff --git a/test/openssl/test_x509crl.rb b/test/openssl/test_x509crl.rb index 7994ddeaf9..fd66c97588 100644 --- a/test/openssl/test_x509crl.rb +++ b/test/openssl/test_x509crl.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509CRL < Test::Unit::TestCase +class OpenSSL::TestX509CRL < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @@ -14,9 +14,6 @@ class OpenSSL::TestX509CRL < Test::Unit::TestCase @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") end - def teardown - end - def issue_crl(*args) OpenSSL::TestUtils.issue_crl(*args) end diff --git a/test/openssl/test_x509ext.rb b/test/openssl/test_x509ext.rb index e6d49bb679..99e2eda5b3 100644 --- a/test/openssl/test_x509ext.rb +++ b/test/openssl/test_x509ext.rb @@ -3,7 +3,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Extension < Test::Unit::TestCase +class OpenSSL::TestX509Extension < OpenSSL::TestCase def setup @basic_constraints_value = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Boolean(true), # CA @@ -16,9 +16,6 @@ class OpenSSL::TestX509Extension < Test::Unit::TestCase ]) end - def teardown - end - def test_new ext = OpenSSL::X509::Extension.new(@basic_constraints.to_der) assert_equal("basicConstraints", ext.oid) diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb index 56e79879cf..d26174efdf 100644 --- a/test/openssl/test_x509name.rb +++ b/test/openssl/test_x509name.rb @@ -4,7 +4,7 @@ require_relative 'utils' if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Name < Test::Unit::TestCase +class OpenSSL::TestX509Name < OpenSSL::TestCase OpenSSL::ASN1::ObjectId.register( "1.2.840.113549.1.9.1", "emailAddress", "emailAddress") OpenSSL::ASN1::ObjectId.register( @@ -15,9 +15,6 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE) end - def teardown - end - def test_s_new dn = [ ["C", "JP"], ["O", "example"], ["CN", "www.example.jp"] ] name = OpenSSL::X509::Name.new(dn) diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb index f1bf18465f..7ceff5839b 100644 --- a/test/openssl/test_x509req.rb +++ b/test/openssl/test_x509req.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Request < Test::Unit::TestCase +class OpenSSL::TestX509Request < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb index 9964cc8fc4..6a443a7cf1 100644 --- a/test/openssl/test_x509store.rb +++ b/test/openssl/test_x509store.rb @@ -3,7 +3,7 @@ require_relative "utils" if defined?(OpenSSL::TestUtils) -class OpenSSL::TestX509Store < Test::Unit::TestCase +class OpenSSL::TestX509Store < OpenSSL::TestCase def setup @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @@ -15,9 +15,6 @@ class OpenSSL::TestX509Store < Test::Unit::TestCase @ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") end - def teardown - end - def test_nosegv_on_cleanup cert = OpenSSL::X509::Certificate.new store = OpenSSL::X509::Store.new diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index 6909854cad..450250169b 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -181,7 +181,14 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC end end - class OpenSSL::SSLTestCase < Test::Unit::TestCase + class OpenSSL::TestCase < Test::Unit::TestCase + def teardown + # OpenSSL error stack must be empty + assert_equal([], OpenSSL.errors) + end + end + + class OpenSSL::SSLTestCase < OpenSSL::TestCase RUBY = EnvUtil.rubybin ITERATIONS = ($0 == __FILE__) ? 100 : 10 @@ -206,9 +213,6 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOPeVkJ8ePao0eLAgEC @server = nil end - def teardown - end - def issue_cert(*arg) OpenSSL::TestUtils.issue_cert(*arg) end -- cgit v1.2.3