From e605469019f038a01f385ee65a886a2057fd24f8 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 27 Apr 2016 13:43:58 +0900 Subject: ext/openssl: make ENGINE.cleanup no-op if using OpenSSL 1.1.0 --- ext/openssl/extconf.rb | 3 +- ext/openssl/ossl_engine.c | 4 ++ test/openssl/test_engine.rb | 113 ++++++++++++++++++++++++++------------------ 3 files changed, 72 insertions(+), 48 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index b2a09675e4..6f312220a6 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -112,7 +112,7 @@ have_func("EVP_MD_CTX_free") have_func("HMAC_CTX_new") have_func("HMAC_CTX_free") have_func("HMAC_CTX_reset") -have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations") +have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations") # deprecated have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") have_func("X509_CRL_get0_signature") @@ -131,6 +131,7 @@ have_func("SSL_CTX_get_ciphers") have_func_like("SSL_CTX_set_min_proto_version", "openssl/ssl.h") have_func("SSL_SESSION_up_ref") have_func("EVP_PKEY_up_ref") +have_func("ENGINE_cleanup") # removed Logging::message "=== Checking done. ===\n" diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index 06c2867c2f..2553b30d8b 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -160,12 +160,16 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass) * It is only necessary to run cleanup when engines are loaded via * OpenSSL::Engine.load. However, running cleanup before exit is recommended. * + * If you are using OpenSSL 1.1.0 or newer, this method is no-op. + * * See also, https://www.openssl.org/docs/crypto/engine.html */ static VALUE ossl_engine_s_cleanup(VALUE self) { +#if defined(HAVE_ENGINE_CLEANUP) ENGINE_cleanup(); +#endif return Qnil; } diff --git a/test/openssl/test_engine.rb b/test/openssl/test_engine.rb index 3521de6396..439391de19 100644 --- a/test/openssl/test_engine.rb +++ b/test/openssl/test_engine.rb @@ -3,74 +3,93 @@ require_relative 'utils' class OpenSSL::TestEngine < Test::Unit::TestCase - def teardown - OpenSSL::Engine.cleanup # [ruby-core:40669] - assert_equal(0, OpenSSL::Engine.engines.size) - end - def test_engines_free # [ruby-dev:44173] - OpenSSL::Engine.load("openssl") - OpenSSL::Engine.engines - OpenSSL::Engine.engines + with_openssl <<-'end;' + OpenSSL::Engine.load("openssl") + OpenSSL::Engine.engines + OpenSSL::Engine.engines + end; end def test_openssl_engine_builtin - engine = OpenSSL::Engine.load("openssl") - assert_equal(true, engine) - assert_equal(1, OpenSSL::Engine.engines.size) + with_openssl <<-'end;' + engine = OpenSSL::Engine.load("openssl") + assert_equal(true, engine) + assert_equal(1, OpenSSL::Engine.engines.size) + end; end def test_openssl_engine_by_id_string - engine = get_engine - assert_not_nil(engine) - assert_equal(1, OpenSSL::Engine.engines.size) + with_openssl <<-'end;' + engine = get_engine + assert_not_nil(engine) + assert_equal(1, OpenSSL::Engine.engines.size) + end; end def test_openssl_engine_id_name_inspect - engine = get_engine - assert_equal("openssl", engine.id) - assert_not_nil(engine.name) - assert_not_nil(engine.inspect) + with_openssl <<-'end;' + engine = get_engine + assert_equal("openssl", engine.id) + assert_not_nil(engine.name) + assert_not_nil(engine.inspect) + end; end def test_openssl_engine_digest_sha1 - engine = get_engine - digest = engine.digest("SHA1") - assert_not_nil(digest) - data = "test" - assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data)) + with_openssl <<-'end;' + engine = get_engine + digest = engine.digest("SHA1") + assert_not_nil(digest) + data = "test" + assert_equal(OpenSSL::Digest::SHA1.digest(data), digest.digest(data)) + end; end def test_openssl_engine_cipher_rc4 - engine = get_engine - algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e) - data = "a" * 1000 - key = OpenSSL::Random.random_bytes(16) - # suppress message from openssl Engine's RC4 cipher [ruby-core:41026] - err_back = $stderr.dup - $stderr.reopen(IO::NULL) - encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } - decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } - assert_equal(data, decrypted) - ensure - if err_back - $stderr.reopen(err_back) - err_back.close - end + with_openssl <<-'end;' + begin + engine = get_engine + algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e) + data = "a" * 1000 + key = OpenSSL::Random.random_bytes(16) + # suppress message from openssl Engine's RC4 cipher [ruby-core:41026] + err_back = $stderr.dup + $stderr.reopen(IO::NULL) + encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) } + decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) } + assert_equal(data, decrypted) + ensure + if err_back + $stderr.reopen(err_back) + err_back.close + end + end + end; end private - def get_engine - OpenSSL::Engine.by_id("openssl") + # this is required because OpenSSL::Engine methods change global state + def with_openssl(code) + assert_separately(["-ropenssl"], <<~"end;") + require #{__FILE__.dump} + include OpenSSL::TestEngine::Utils + #{code} + end; end - def crypt_data(data, key, mode) - cipher = yield - cipher.send mode - cipher.key = key - cipher.update(data) + cipher.final - end + module Utils + def get_engine + OpenSSL::Engine.by_id("openssl") + end -end if defined?(OpenSSL::TestUtils) + def crypt_data(data, key, mode) + cipher = yield + cipher.send mode + cipher.key = key + cipher.update(data) + cipher.final + end + end +end if defined?(OpenSSL::TestUtils) && defined?(OpenSSL::Engine) -- cgit v1.2.3