ruby-changes:44873
From: rhe <ko1@a...>
Date: Wed, 30 Nov 2016 23:41:56 +0900 (JST)
Subject: [ruby-changes:44873] rhe:r56946 (trunk): openssl: import v2.0.0
rhe 2016-11-30 23:41:46 +0900 (Wed, 30 Nov 2016) New Revision: 56946 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=56946 Log: openssl: import v2.0.0 Import Ruby/OpenSSL 2.0.0. The full commit history since 2.0.0 beta.2 (imported at r56098) can be found at: https://github.com/ruby/openssl/compare/v2.0.0.beta.2...v2.0.0 Added files: trunk/ext/openssl/History.md Modified files: trunk/NEWS trunk/ext/openssl/extconf.rb trunk/ext/openssl/lib/openssl/buffering.rb trunk/ext/openssl/lib/openssl/ssl.rb trunk/ext/openssl/openssl.gemspec trunk/ext/openssl/ossl.c trunk/ext/openssl/ossl.h trunk/ext/openssl/ossl_asn1.c trunk/ext/openssl/ossl_bio.c trunk/ext/openssl/ossl_bn.c trunk/ext/openssl/ossl_cipher.c trunk/ext/openssl/ossl_digest.c trunk/ext/openssl/ossl_engine.c trunk/ext/openssl/ossl_ns_spki.c trunk/ext/openssl/ossl_pkcs7.c trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_pkey.h trunk/ext/openssl/ossl_pkey_dh.c trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/ext/openssl/ossl_ssl.c trunk/ext/openssl/ossl_ssl_session.c trunk/ext/openssl/ossl_x509.h trunk/ext/openssl/ossl_x509cert.c trunk/ext/openssl/ossl_x509crl.c trunk/ext/openssl/ossl_x509name.c trunk/ext/openssl/ossl_x509req.c trunk/ext/openssl/ossl_x509store.c trunk/ext/openssl/ruby_missing.h trunk/test/openssl/test_asn1.rb trunk/test/openssl/test_cipher.rb trunk/test/openssl/test_digest.rb trunk/test/openssl/test_engine.rb trunk/test/openssl/test_hmac.rb trunk/test/openssl/test_ocsp.rb trunk/test/openssl/test_pair.rb trunk/test/openssl/test_pkcs12.rb trunk/test/openssl/test_pkcs7.rb trunk/test/openssl/test_pkey_dsa.rb trunk/test/openssl/test_pkey_ec.rb trunk/test/openssl/test_pkey_rsa.rb trunk/test/openssl/test_ssl.rb trunk/test/openssl/test_x509cert.rb trunk/test/openssl/test_x509crl.rb trunk/test/openssl/test_x509name.rb trunk/test/openssl/test_x509store.rb trunk/test/openssl/utils.rb Index: NEWS =================================================================== --- NEWS (revision 56945) +++ NEWS (revision 56946) @@ -217,9 +217,10 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/NEWS#L217 * OpenSSL - * OpenSSL is extracted as a gem and the upstream has been migrated to - https://github.com/ruby/openssl. OpenSSL still remains as a default gem. - Refer to its History.md for the full release note. [Feature #9612] + * Includes Ruby/OpenSSL 2.0. OpenSSL has been extracted as a Gem and is + maintained at a separate repository now: https://github.com/ruby/openssl. + It still remains as a 'default gem'. [Feature #9612] + Refer to ext/openssl/History.md for the full release note. * optparse Index: test/openssl/test_x509store.rb =================================================================== --- test/openssl/test_x509store.rb (revision 56945) +++ test/openssl/test_x509store.rb (revision 56946) @@ -34,7 +34,9 @@ class OpenSSL::TestX509Store < OpenSSL:: https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509store.rb#L34 end def test_verify - now = Time.at(Time.now.to_i) + # OpenSSL uses time(2) while Time.now uses clock_gettime(CLOCK_REALTIME), + # and there may be difference. + now = Time.now - 3 ca_exts = [ ["basicConstraints","CA:TRUE",true], ["keyUsage","cRLSign,keyCertSign",true], @@ -42,18 +44,15 @@ class OpenSSL::TestX509Store < OpenSSL:: https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509store.rb#L44 ee_exts = [ ["keyUsage","keyEncipherment,digitalSignature",true], ] - ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, ca_exts, - nil, nil, OpenSSL::Digest::SHA1.new) - ca2_cert = issue_cert(@ca2, @rsa1024, 2, now, now+1800, ca_exts, - ca1_cert, @rsa2048, OpenSSL::Digest::SHA1.new) - ee1_cert = issue_cert(@ee1, @dsa256, 10, now, now+1800, ee_exts, - ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new) - ee2_cert = issue_cert(@ee2, @dsa512, 20, now, now+1800, ee_exts, - ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new) - ee3_cert = issue_cert(@ee2, @dsa512, 30, now-100, now-1, ee_exts, - ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new) - ee4_cert = issue_cert(@ee2, @dsa512, 40, now+1000, now+2000, ee_exts, - ca2_cert, @rsa1024, OpenSSL::Digest::SHA1.new) + ca1_cert = issue_cert(@ca1, @rsa2048, 1, ca_exts, nil, nil) + ca2_cert = issue_cert(@ca2, @rsa1024, 2, ca_exts, ca1_cert, @rsa2048, + not_after: now+1800) + ee1_cert = issue_cert(@ee1, @dsa256, 10, ee_exts, ca2_cert, @rsa1024) + ee2_cert = issue_cert(@ee2, @dsa512, 20, ee_exts, ca2_cert, @rsa1024) + ee3_cert = issue_cert(@ee2, @dsa512, 30, ee_exts, ca2_cert, @rsa1024, + not_before: now-100, not_after: now-1) + ee4_cert = issue_cert(@ee2, @dsa512, 40, ee_exts, ca2_cert, @rsa1024, + not_before: now+1000, not_after: now+2000,) revoke_info = [] crl1 = issue_crl(revoke_info, 1, now, now+1800, [], @@ -195,8 +194,7 @@ class OpenSSL::TestX509Store < OpenSSL:: https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509store.rb#L194 def test_set_errors now = Time.now - ca1_cert = issue_cert(@ca1, @rsa2048, 1, now, now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + ca1_cert = issue_cert(@ca1, @rsa2048, 1, [], nil, nil) store = OpenSSL::X509::Store.new store.add_cert(ca1_cert) assert_raise(OpenSSL::X509::StoreError){ Index: test/openssl/test_pkcs7.rb =================================================================== --- test/openssl/test_pkcs7.rb (revision 56945) +++ test/openssl/test_pkcs7.rb (revision 56946) @@ -11,24 +11,20 @@ class OpenSSL::TestPKCS7 < OpenSSL::Test https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkcs7.rb#L11 ee1 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE1") ee2 = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=EE2") - now = Time.now ca_exts = [ ["basicConstraints","CA:TRUE",true], ["keyUsage","keyCertSign, cRLSign",true], ["subjectKeyIdentifier","hash",false], ["authorityKeyIdentifier","keyid:always",false], ] - @ca_cert = issue_cert(ca, @rsa2048, 1, now, now+3600, ca_exts, - nil, nil, OpenSSL::Digest::SHA1.new) + @ca_cert = issue_cert(ca, @rsa2048, 1, ca_exts, nil, nil) ee_exts = [ ["keyUsage","Non Repudiation, Digital Signature, Key Encipherment",true], ["authorityKeyIdentifier","keyid:always",false], ["extendedKeyUsage","clientAuth, emailProtection, codeSigning",false], ] - @ee1_cert = issue_cert(ee1, @rsa1024, 2, now, now+1800, ee_exts, - @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) - @ee2_cert = issue_cert(ee2, @rsa1024, 3, now, now+1800, ee_exts, - @ca_cert, @rsa2048, OpenSSL::Digest::SHA1.new) + @ee1_cert = issue_cert(ee1, @rsa1024, 2, ee_exts, @ca_cert, @rsa2048) + @ee2_cert = issue_cert(ee2, @rsa1024, 3, ee_exts, @ca_cert, @rsa2048) end def issue_cert(*args) Index: test/openssl/test_pair.rb =================================================================== --- test/openssl/test_pair.rb (revision 56945) +++ test/openssl/test_pair.rb (revision 56946) @@ -259,18 +259,12 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L259 def test_write_nonblock_no_exceptions ssl_pair {|s1, s2| n = 0 - begin - n += write_nonblock_no_ex s1, "a" * 100000 - n += write_nonblock_no_ex s1, "b" * 100000 - n += write_nonblock_no_ex s1, "c" * 100000 - n += write_nonblock_no_ex s1, "d" * 100000 - n += write_nonblock_no_ex s1, "e" * 100000 - n += write_nonblock_no_ex s1, "f" * 100000 - rescue OpenSSL::SSL::SSLError => e - # on some platforms (maybe depend on OpenSSL version), writing to - # SSLSocket after SSL_ERROR_WANT_WRITE causes this error. - raise e if n == 0 - end + n += write_nonblock_no_ex s1, "a" * 100000 + n += write_nonblock_no_ex s1, "b" * 100000 + n += write_nonblock_no_ex s1, "c" * 100000 + n += write_nonblock_no_ex s1, "d" * 100000 + n += write_nonblock_no_ex s1, "e" * 100000 + n += write_nonblock_no_ex s1, "f" * 100000 s1.close assert_equal(n, s2.read.length) } Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 56945) +++ test/openssl/test_ssl.rb (revision 56946) @@ -394,14 +394,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L394 } } - now = Time.now exts = [ ["keyUsage","keyEncipherment,digitalSignature",true], ["subjectAltName","DNS:localhost.localdomain",false], ["subjectAltName","IP:127.0.0.1",false], ] - @svr_cert = issue_cert(@svr, @svr_key, 4, now, now+1800, exts, - @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new) + @svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) start_server { |server, port| server_connect(port) { |ssl| assert(ssl.post_connection_check("localhost.localdomain")) @@ -417,13 +415,11 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L415 } } - now = Time.now exts = [ ["keyUsage","keyEncipherment,digitalSignature",true], ["subjectAltName","DNS:*.localdomain",false], ] - @svr_cert = issue_cert(@svr, @svr_key, 5, now, now+1800, exts, - @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new) + @svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key) start_server { |server, port| server_connect(port) { |ssl| assert(ssl.post_connection_check("localhost.localdomain")) @@ -656,7 +652,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L652 ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.hostname = "foo.example.com" ssl.connect - assert_match /^ADH-/, ssl.cipher[0], "the context returned by servername_cb is used" + assert_match (/^ADH-/), ssl.cipher[0], "the context returned by servername_cb is used" assert_predicate ctx3, :frozen? ensure sock.close @@ -667,7 +663,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L663 ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.hostname = "bar.example.com" ssl.connect - assert_not_match /^A(EC)?DH-/, ssl.cipher[0], "the original context is used" + assert_not_match (/^A(EC)?DH-/), ssl.cipher[0], "the original context is used" ensure sock.close end @@ -711,14 +707,12 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L707 def test_verify_hostname_on_connect ctx_proc = proc { |ctx| - now = Time.now exts = [ ["keyUsage", "keyEncipherment,digitalSignature", true], ["subjectAltName", "DNS:a.example.com,DNS:*.b.example.com," \ "DNS:c*.example.com,DNS:d.*.example.com"], ] - ctx.cert = issue_cert(@svr, @svr_key, 4, now, now+1800, exts, - @ca_cert, @ca_key, OpenSSL::Digest::SHA1.new) + ctx.cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key) ctx.key = @svr_key } @@ -1252,6 +1246,18 @@ end https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L1246 sock2.close end + def test_freeze_calls_setup + bug = "[ruby/openssl#85]" + start_server(ignore_listener_error: true) { |server, port| + ctx = OpenSSL::SSL::SSLContext.new + ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER + ctx.freeze + assert_raise(OpenSSL::SSL::SSLError, bug) { + server_connect(port, ctx) + } + } + end + private def start_server_version(version, ctx_proc = nil, Index: test/openssl/test_pkcs12.rb =================================================================== --- test/openssl/test_pkcs12.rb (revision 56945) +++ test/openssl/test_pkcs12.rb (revision 56946) @@ -9,17 +9,13 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkcs12.rb#L9 def setup ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") - - now = Time.now ca_exts = [ ["basicConstraints","CA:TRUE",true], ["keyUsage","keyCertSign, cRLSign",true], ["subjectKeyIdentifier","hash",false], ["authorityKeyIdentifier","keyid:always",false], ] - - @cacert = issue_cert(ca, TEST_KEY_RSA2048, 1, now, now+3600, ca_exts, - nil, nil, OpenSSL::Digest::SHA1.new) + @cacert = issue_cert(ca, TEST_KEY_RSA2048, 1, ca_exts, nil, nil) inter_ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Intermediate CA") inter_ca_key = OpenSSL::PKey.read <<-_EOS_ @@ -39,17 +35,14 @@ FJx7d3f29gkzynCLJDkCQGQZlEZJC4vWmWJGRKJ2 https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkcs12.rb#L35 Li8JsX5yIiuVYaBg/6ha3tOg4TCa5K/3r3tVliRZ2Es= -----END RSA PRIVATE KEY----- _EOS_ - - @inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, now, now+3600, ca_exts, - @cacert, TEST_KEY_RSA2048, OpenSSL::Digest::SHA1.new) + @inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, ca_exts, @cacert, TEST_KEY_RSA2048) exts = [ ["keyUsage","digitalSignature",true], ["subjectKeyIdentifier","hash",false], ] ee = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby PKCS12 Test Certificate") - @mycert = issue_cert(ee, TEST_KEY_RSA1024, 3, now, now+3600, exts, - @inter_cacert, inter_ca_key, OpenSSL::Digest::SHA1.new) + @mycert = issue_cert(ee, TEST_KEY_RSA1024, 3, exts, @inter_cacert, inter_ca_key) end def test_create Index: test/openssl/test_ocsp.rb =================================================================== --- test/openssl/test_ocsp.rb (revision 56945) +++ test/openssl/test_ocsp.rb (revision 56946) @@ -5,9 +5,6 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ocsp.rb#L5 class OpenSSL::TestOCSP < OpenSSL::TestCase def setup - now = Time.at(Time.now.to_i) # suppress usec - dgst = OpenSSL::Digest::SHA1.new - # @ca_cert # | # @cert @@ -21,7 +18,7 @@ class OpenSSL::TestOCSP < OpenSSL::TestC https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ocsp.rb#L18 ["keyUsage", "cRLSign,keyCertSign", true], ] @ca_cert = OpenSSL::TestUtils.issue_cert( - ca_subj, @ca_key, 1, now, now+3600, ca_exts, nil, nil, dgst) + ca_subj, @ca_key, 1, ca_exts, nil, nil) cert_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA2") @cert_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 @@ -30,14 +27,14 @@ class OpenSSL::TestOCSP < OpenSSL::TestC https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ocsp.rb#L27 ["keyUsage", "cRLSign,keyCertSign", true], ] @cert = OpenSSL::TestUtils.issue_cert( - cert_subj, @cert_key, 5, now, now+3600, cert_exts, @ca_cert, @ca_key, dgst) + cert_subj, @cert_key, 5, cert_exts, @ca_cert, @ca_key) cert2_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert") @cert2_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 cert2_exts = [ ] @cert2 = OpenSSL::TestUtils.issue_cert( - cert2_subj, @cert2_key, 10, now, now+3600, cert2_exts, @cert, @cert_key, dgst) + cert2_subj, @cert2_key, 10, cert2_exts, @cert, @cert_key) ocsp_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCAOCSP") @ocsp_key = OpenSSL::TestUtils::TEST_KEY_RSA2048 @@ -45,7 +42,7 @@ class OpenSSL::TestOCSP < OpenSSL::TestC https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ocsp.rb#L42 ["extendedKeyUsage", "OCSPSigning", true], ] @ocsp_cert = OpenSSL::TestUtils.issue_cert( - ocsp_subj, @ocsp_key, 100, now, now+3600, ocsp_exts, @cert, @cert_key, "SHA256") + ocsp_subj, @ocsp_key, 100, ocsp_exts, @cert, @cert_key) end def test_new_certificate_id Index: test/openssl/test_x509crl.rb =================================================================== --- test/openssl/test_x509crl.rb (revision 56945) +++ test/openssl/test_x509crl.rb (revision 56946) @@ -25,8 +25,7 @@ class OpenSSL::TestX509CRL < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509crl.rb#L25 def test_basic now = Time.at(Time.now.to_i) - cert = issue_cert(@ca, @rsa2048, 1, now, now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil) crl = issue_crl([], 1, now, now+1600, [], cert, @rsa2048, OpenSSL::Digest::SHA1.new) assert_equal(1, crl.version) @@ -63,8 +62,7 @@ class OpenSSL::TestX509CRL < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509crl.rb#L62 [4, now, 4], [5, now, 5], ] - cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil) crl = issue_crl(revoke_info, 1, Time.now, Time.now+1600, [], cert, @rsa2048, OpenSSL::Digest::SHA1.new) revoked = crl.revoked @@ -131,8 +129,7 @@ class OpenSSL::TestX509CRL < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509crl.rb#L129 ["issuerAltName", "issuer:copy", false], ] - cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, cert_exts, - nil, nil, OpenSSL::Digest::SHA1.new) + cert = issue_cert(@ca, @rsa2048, 1, cert_exts, nil, nil) crl = issue_crl([], 1, Time.now, Time.now+1600, crl_exts, cert, @rsa2048, OpenSSL::Digest::SHA1.new) exts = crl.extensions @@ -168,8 +165,7 @@ class OpenSSL::TestX509CRL < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509crl.rb#L165 end def test_crlnumber - cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil) crl = issue_crl([], 1, Time.now, Time.now+1600, [], cert, @rsa2048, OpenSSL::Digest::SHA1.new) assert_match(1.to_s, crl.extensions[0].value) @@ -187,8 +183,7 @@ class OpenSSL::TestX509CRL < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509crl.rb#L183 end def test_sign_and_verify - cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) + cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil) crl = issue_crl([], 1, Time.now, Time.now+1600, [], cert, @rsa2048, OpenSSL::Digest::SHA1.new) assert_equal(false, crl.verify(@rsa1024)) @@ -198,8 +193,7 @@ class OpenSSL::TestX509CRL < OpenSSL::Te https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509crl.rb#L193 crl.version = 0 assert_equal(false, crl.verify(@rsa2048)) - cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new) + cert = issue_cert(@ca, @dsa512, 1, [], nil, nil) crl = issue_crl([], 1, Time.now, Time.now+1600, [], cert, @dsa512, OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST.new) assert_equal(false, crl_error_returns_false { crl.verify(@rsa1024) }) Index: test/openssl/test_hmac.rb =================================================================== --- test/openssl/test_hmac.rb (revision 56945) +++ test/openssl/test_hmac.rb (revision 56946) @@ -1,33 +1,26 @@ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_hmac.rb#L1 -# coding: UTF-8 # frozen_string_literal: false - require_relative 'utils' class OpenSSL::TestHMAC < OpenSSL::TestCase - def setup - @digest = OpenSSL::Digest::MD5 - @key = "KEY" - @data = "DATA" - @h1 = OpenSSL::HMAC.new(@key, @digest.new) - @h2 = OpenSSL::HMAC.new(@key, "MD5") - end - def test_hmac - @h1.update(@data) - @h2.update(@data) - assert_equal(@h1.digest, @h2.digest) - - assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest") - assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest") - - assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest") - assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest") + # RFC 2202 2. Test Cases for HMAC-MD5 + hmac = OpenSSL::HMAC.new(["0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"].pack("H*"), "MD5") + hmac.update("Hi There") + assert_equal ["9294727a3638bb1c13f48ef8158bfc9d"].pack("H*"), hmac.digest + assert_equal "9294727a3638bb1c13f48ef8158bfc9d", hmac.hexdigest + + # RFC 4231 4.2. Test Case 1 + hmac = OpenSSL::HMAC.new(["0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"].pack("H*"), "SHA224") + hmac.update("Hi There") + assert_equal ["896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22"].pack("H*"), hmac.digest + assert_equal "896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22", hmac.hexdigest end def test_dup - @h1.update(@data) - h = @h1.dup - assert_equal(@h1.digest, h.digest, "du (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/