ruby-changes:44968
From: rhe <ko1@a...>
Date: Sat, 10 Dec 2016 17:12:08 +0900 (JST)
Subject: [ruby-changes:44968] rhe:r57041 (trunk): openssl: import v2.0.1
rhe 2016-12-10 17:12:02 +0900 (Sat, 10 Dec 2016) New Revision: 57041 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57041 Log: openssl: import v2.0.1 Import Ruby/OpenSSL 2.0.1. The full commit history since 2.0.0 (imported at r56946) can be found at: https://github.com/ruby/openssl/compare/v2.0.0...v2.0.1 This release contains only bug fixes. Note, the first two commits since v2.0.0 are already imported at r56953 to make Travis and RubyCI green. Removed files: trunk/test/openssl/test_pkey.rb Modified files: trunk/ext/openssl/openssl.gemspec trunk/ext/openssl/ossl_asn1.c trunk/ext/openssl/ossl_bn.c trunk/ext/openssl/ossl_bn.h trunk/ext/openssl/ossl_engine.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_ssl.c trunk/ext/openssl/ossl_version.h trunk/test/openssl/test_asn1.rb trunk/test/openssl/test_buffering.rb trunk/test/openssl/test_config.rb trunk/test/openssl/test_digest.rb trunk/test/openssl/test_ns_spki.rb trunk/test/openssl/test_ocsp.rb trunk/test/openssl/test_pair.rb trunk/test/openssl/test_pkcs12.rb trunk/test/openssl/test_pkcs7.rb trunk/test/openssl/test_x509cert.rb trunk/test/openssl/test_x509crl.rb trunk/test/openssl/test_x509ext.rb trunk/test/openssl/test_x509name.rb trunk/test/openssl/test_x509req.rb trunk/test/openssl/test_x509store.rb trunk/test/openssl/utils.rb Index: ext/openssl/ossl_pkey_ec.c =================================================================== --- ext/openssl/ossl_pkey_ec.c (revision 57040) +++ ext/openssl/ossl_pkey_ec.c (revision 57041) @@ -1635,7 +1635,7 @@ static VALUE ossl_ec_point_mul(int argc, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L1635 * points | self | arg2[0] | arg2[1] | ... */ long i, num; - VALUE tmp_p, tmp_b; + VALUE bns_tmp, tmp_p, tmp_b; const EC_POINT **points; const BIGNUM **bignums; @@ -1645,9 +1645,13 @@ static VALUE ossl_ec_point_mul(int argc, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L1645 ossl_raise(rb_eArgError, "bns must be 1 longer than points; see the documentation"); num = RARRAY_LEN(arg1); + bns_tmp = rb_ary_tmp_new(num); bignums = ALLOCV_N(const BIGNUM *, tmp_b, num); - for (i = 0; i < num; i++) - bignums[i] = GetBNPtr(RARRAY_AREF(arg1, i)); + for (i = 0; i < num; i++) { + VALUE item = RARRAY_AREF(arg1, i); + bignums[i] = GetBNPtr(item); + rb_ary_push(bns_tmp, item); + } points = ALLOCV_N(const EC_POINT *, tmp_p, num); points[0] = point_self; /* self */ Index: ext/openssl/ossl_engine.c =================================================================== --- ext/openssl/ossl_engine.c (revision 57040) +++ ext/openssl/ossl_engine.c (revision 57041) @@ -287,7 +287,7 @@ ossl_engine_finish(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_engine.c#L287 * This returns an OpenSSL::Cipher by +name+, if it is available in this * engine. * - * A EngineError will be raised if the cipher is unavailable. + * An EngineError will be raised if the cipher is unavailable. * * e = OpenSSL::Engine.by_id("openssl") * => #<OpenSSL::Engine id="openssl" name="Software engine support"> Index: ext/openssl/openssl.gemspec =================================================================== --- ext/openssl/openssl.gemspec (revision 57040) +++ ext/openssl/openssl.gemspec (revision 57041) @@ -1,15 +1,15 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl.gemspec#L1 # -*- encoding: utf-8 -*- -# stub: openssl 2.0.0 ruby lib +# stub: openssl 2.0.1 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.0.0" + s.version = "2.0.1" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2016-11-30" + s.date = "2016-12-10" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@r...".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] Index: ext/openssl/ossl_version.h =================================================================== --- ext/openssl/ossl_version.h (revision 57040) +++ ext/openssl/ossl_version.h (revision 57041) @@ -10,6 +10,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_version.h#L10 #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.0.0" +#define OSSL_VERSION "2.0.1" #endif /* _OSSL_VERSION_H_ */ Index: ext/openssl/ossl_bn.c =================================================================== --- ext/openssl/ossl_bn.c (revision 57040) +++ ext/openssl/ossl_bn.c (revision 57041) @@ -120,30 +120,34 @@ integer_to_bnptr(VALUE obj, BIGNUM *orig https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L120 return bn; } -static BIGNUM * -try_convert_to_bnptr(VALUE obj) +static VALUE +try_convert_to_bn(VALUE obj) { - BIGNUM *bn = NULL; - VALUE newobj; + BIGNUM *bn; + VALUE newobj = Qnil; - if (rb_obj_is_kind_of(obj, cBN)) { - GetBN(obj, bn); - } - else if (RB_INTEGER_TYPE_P(obj)) { + if (rb_obj_is_kind_of(obj, cBN)) + return obj; + if (RB_INTEGER_TYPE_P(obj)) { newobj = NewBN(cBN); /* Handle potencial mem leaks */ bn = integer_to_bnptr(obj, NULL); SetBN(newobj, bn); } - return bn; + return newobj; } BIGNUM * -GetBNPtr(VALUE obj) +ossl_bn_value_ptr(volatile VALUE *ptr) { - BIGNUM *bn = try_convert_to_bnptr(obj); - if (!bn) + VALUE tmp; + BIGNUM *bn; + + tmp = try_convert_to_bn(*ptr); + if (NIL_P(tmp)) ossl_raise(rb_eTypeError, "Cannot convert into OpenSSL::BN"); + GetBN(tmp, bn); + *ptr = tmp; return bn; } @@ -893,10 +897,12 @@ ossl_bn_eq(VALUE self, VALUE other) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L897 BIGNUM *bn1, *bn2; GetBN(self, bn1); - /* BNPtr may raise, so we can't use here */ - bn2 = try_convert_to_bnptr(other); + other = try_convert_to_bn(other); + if (NIL_P(other)) + return Qfalse; + GetBN(other, bn2); - if (bn2 && !BN_cmp(bn1, bn2)) { + if (!BN_cmp(bn1, bn2)) { return Qtrue; } return Qfalse; Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 57040) +++ ext/openssl/ossl_ssl.c (revision 57041) @@ -32,7 +32,8 @@ VALUE cSSLSocket; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L32 static VALUE eSSLErrorWaitReadable; static VALUE eSSLErrorWaitWritable; -static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback; +static ID ID_callback_state, id_tmp_dh_callback, id_tmp_ecdh_callback, + id_npn_protocols_encoded; static VALUE sym_exception, sym_wait_readable, sym_wait_writable; static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode, @@ -892,6 +893,7 @@ ossl_sslctx_setup(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L893 val = rb_attr_get(self, id_i_npn_protocols); if (!NIL_P(val)) { VALUE encoded = ssl_encode_npn_protocols(val); + rb_ivar_set(self, id_npn_protocols_encoded, encoded); SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *)encoded); OSSL_Debug("SSL NPN advertise callback added"); } @@ -2712,6 +2714,7 @@ Init_ossl_ssl(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L2714 id_tmp_dh_callback = rb_intern("tmp_dh_callback"); id_tmp_ecdh_callback = rb_intern("tmp_ecdh_callback"); + id_npn_protocols_encoded = rb_intern("npn_protocols_encoded"); #define DefIVarID(name) do \ id_i_##name = rb_intern("@"#name); while (0) Index: ext/openssl/ossl_asn1.c =================================================================== --- ext/openssl/ossl_asn1.c (revision 57040) +++ ext/openssl/ossl_asn1.c (revision 57041) @@ -47,9 +47,15 @@ asn1time_to_time(const ASN1_TIME *time) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_asn1.c#L47 } break; case V_ASN1_GENERALIZEDTIME: - if (sscanf((const char *)time->data, "%4d%2d%2d%2d%2d%2dZ", &tm.tm_year, &tm.tm_mon, - &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) { - ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format" ); + count = sscanf((const char *)time->data, "%4d%2d%2d%2d%2d%2dZ", + &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, + &tm.tm_sec); + if (count == 5) { + tm.tm_sec = 0; + } + else if (count != 6) { + ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format: \"%s\"", + time->data); } break; default: Index: ext/openssl/ossl_bn.h =================================================================== --- ext/openssl/ossl_bn.h (revision 57040) +++ ext/openssl/ossl_bn.h (revision 57041) @@ -15,8 +15,10 @@ extern VALUE eBNError; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.h#L15 extern BN_CTX *ossl_bn_ctx; +#define GetBNPtr(obj) ossl_bn_value_ptr(&(obj)) + VALUE ossl_bn_new(const BIGNUM *); -BIGNUM *GetBNPtr(VALUE); +BIGNUM *ossl_bn_value_ptr(volatile VALUE *); void Init_ossl_bn(void); Index: test/openssl/test_pkey.rb =================================================================== --- test/openssl/test_pkey.rb (revision 57040) +++ test/openssl/test_pkey.rb (revision 57041) @@ -1,49 +0,0 @@ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey.rb#L0 -# frozen_string_literal: false -require_relative "utils" - -if defined?(OpenSSL::TestUtils) - -class OpenSSL::TestPKey < OpenSSL::PKeyTestCase - PKEYS = { - OpenSSL::PKey::RSA => { - key: OpenSSL::TestUtils::TEST_KEY_RSA1024, - digest: OpenSSL::Digest::SHA1, - }, - OpenSSL::PKey::DSA => { - key: OpenSSL::TestUtils::TEST_KEY_DSA512, - digest: OpenSSL::TestUtils::DSA_SIGNATURE_DIGEST, - }, - } - if defined?(OpenSSL::PKey::EC) - PKEYS[OpenSSL::PKey::EC] = { - key: OpenSSL::TestUtils::TEST_KEY_EC_P256V1, - digest: OpenSSL::Digest::SHA1, - } - end - - def test_sign_verify - data = "Sign me!" - invalid_data = "Sign me?" - PKEYS.each do |klass, prop| - key = prop[:key] - pub_key = dup_public(prop[:key]) - digest = prop[:digest].new - signature = key.sign(digest, data) - assert_equal(true, pub_key.verify(digest, signature, data)) - assert_equal(false, pub_key.verify(digest, signature, invalid_data)) - # digest state is irrelevant - digest << "unya" - assert_equal(true, pub_key.verify(digest, signature, data)) - assert_equal(false, pub_key.verify(digest, signature, invalid_data)) - - if OpenSSL::OPENSSL_VERSION_NUMBER > 0x10000000 - digest = OpenSSL::Digest::SHA256.new - signature = key.sign(digest, data) - assert_equal(true, pub_key.verify(digest, signature, data)) - assert_equal(false, pub_key.verify(digest, signature, invalid_data)) - end - end - end -end - -end Index: test/openssl/test_x509req.rb =================================================================== --- test/openssl/test_x509req.rb (revision 57040) +++ test/openssl/test_x509req.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509req.rb#L5 class OpenSSL::TestX509Request < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 Index: test/openssl/test_digest.rb =================================================================== --- test/openssl/test_digest.rb (revision 57040) +++ test/openssl/test_digest.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_digest.rb#L5 class OpenSSL::TestDigest < OpenSSL::TestCase def setup + super @d1 = OpenSSL::Digest.new("MD5") @d2 = OpenSSL::Digest::MD5.new end Index: test/openssl/test_x509store.rb =================================================================== --- test/openssl/test_x509store.rb (revision 57040) +++ test/openssl/test_x509store.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509store.rb#L5 class OpenSSL::TestX509Store < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 Index: test/openssl/test_x509cert.rb =================================================================== --- test/openssl/test_x509cert.rb (revision 57040) +++ test/openssl/test_x509cert.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509cert.rb#L5 class OpenSSL::TestX509Certificate < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 Index: test/openssl/test_x509ext.rb =================================================================== --- test/openssl/test_x509ext.rb (revision 57040) +++ test/openssl/test_x509ext.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509ext.rb#L5 class OpenSSL::TestX509Extension < OpenSSL::TestCase def setup + super @basic_constraints_value = OpenSSL::ASN1::Sequence([ OpenSSL::ASN1::Boolean(true), # CA OpenSSL::ASN1::Integer(2) # pathlen Index: test/openssl/test_pkcs7.rb =================================================================== --- test/openssl/test_pkcs7.rb (revision 57040) +++ test/openssl/test_pkcs7.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkcs7.rb#L5 class OpenSSL::TestPKCS7 < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") Index: test/openssl/test_pair.rb =================================================================== --- test/openssl/test_pair.rb (revision 57040) +++ test/openssl/test_pair.rb (revision 57041) @@ -295,7 +295,7 @@ module OpenSSL::TestPairM https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pair.rb#L295 # fill up a socket so we hit EAGAIN written = String.new n = 0 - buf = 'a' * 11 + buf = 'a' * 4099 case ret = s1.write_nonblock(buf, exception: false) when :wait_readable then break when :wait_writable then break Index: test/openssl/utils.rb =================================================================== --- test/openssl/utils.rb (revision 57040) +++ test/openssl/utils.rb (revision 57041) @@ -201,7 +201,16 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L201 end class OpenSSL::TestCase < Test::Unit::TestCase + def setup + if ENV["OSSL_GC_STRESS"] == "1" + GC.stress = true + end + end + def teardown + if ENV["OSSL_GC_STRESS"] == "1" + GC.stress = false + end # OpenSSL error stack must be empty assert_equal([], OpenSSL.errors) end @@ -212,6 +221,7 @@ AQjjxMXhwULlmuR/K+WwlaZPiLIBYalLAZQ7ZbOP https://github.com/ruby/ruby/blob/trunk/test/openssl/utils.rb#L221 ITERATIONS = ($0 == __FILE__) ? 100 : 10 def setup + super @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA2048 @svr_key = OpenSSL::TestUtils::TEST_KEY_RSA1024 @cli_key = OpenSSL::TestUtils::TEST_KEY_DSA1024 Index: test/openssl/test_asn1.rb =================================================================== --- test/openssl/test_asn1.rb (revision 57040) +++ test/openssl/test_asn1.rb (revision 57041) @@ -275,6 +275,14 @@ rEzBQ0F9dUyqQ9gyRg8KHhDfv9HzT1d/rnUZMkoo https://github.com/ruby/ruby/blob/trunk/test/openssl/test_asn1.rb#L275 assert_equal 2 ** 31, OpenSSL::ASN1.decode(encoded).value.to_i end + def test_decode_generalisedtime + expected = Time.at 1481225640 + assert_equal expected, OpenSSL::ASN1.decode("\x18\x0D201612081934Z").value + + expected += 29 + assert_equal expected, OpenSSL::ASN1.decode("\x18\x0F20161208193429Z").value + end + def test_decode_enumerated encoded = OpenSSL::ASN1.Enumerated(0).to_der assert_equal "\x0a\x01\x00".b, encoded Index: test/openssl/test_pkcs12.rb =================================================================== --- test/openssl/test_pkcs12.rb (revision 57040) +++ test/openssl/test_pkcs12.rb (revision 57041) @@ -8,6 +8,7 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkcs12.rb#L8 include OpenSSL::TestUtils def setup + super ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") ca_exts = [ ["basicConstraints","CA:TRUE",true], Index: test/openssl/test_ocsp.rb =================================================================== --- test/openssl/test_ocsp.rb (revision 57040) +++ test/openssl/test_ocsp.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ocsp.rb#L5 class OpenSSL::TestOCSP < OpenSSL::TestCase def setup + super # @ca_cert # | # @cert Index: test/openssl/test_config.rb =================================================================== --- test/openssl/test_config.rb (revision 57040) +++ test/openssl/test_config.rb (revision 57041) @@ -3,6 +3,7 @@ require_relative 'utils' https://github.com/ruby/ruby/blob/trunk/test/openssl/test_config.rb#L3 class OpenSSL::TestConfig < OpenSSL::TestCase def setup + super file = Tempfile.open("openssl.cnf") file << <<__EOD__ HOME = . Index: test/openssl/test_ns_spki.rb =================================================================== --- test/openssl/test_ns_spki.rb (revision 57040) +++ test/openssl/test_ns_spki.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ns_spki.rb#L5 class OpenSSL::TestNSSPI < OpenSSL::TestCase def setup + super # This request data is adopt from the specification of # "Netscape Extensions for User Key Generation". # -- http://wp.netscape.com/eng/security/comm4-keygen.html Index: test/openssl/test_x509crl.rb =================================================================== --- test/openssl/test_x509crl.rb (revision 57040) +++ test/openssl/test_x509crl.rb (revision 57041) @@ -5,6 +5,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509crl.rb#L5 class OpenSSL::TestX509CRL < OpenSSL::TestCase def setup + super @rsa1024 = OpenSSL::TestUtils::TEST_KEY_RSA1024 @rsa2048 = OpenSSL::TestUtils::TEST_KEY_RSA2048 @dsa256 = OpenSSL::TestUtils::TEST_KEY_DSA256 Index: test/openssl/test_x509name.rb =================================================================== --- test/openssl/test_x509name.rb (revision 57040) +++ test/openssl/test_x509name.rb (revision 57041) @@ -6,6 +6,7 @@ if defined?(OpenSSL::TestUtils) https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509name.rb#L6 class OpenSSL::TestX509Name < OpenSSL::TestCase def setup + super @obj_type_tmpl = Hash.new(OpenSSL::ASN1::PRINTABLESTRING) @obj_type_tmpl.update(OpenSSL::X509::Name::OBJECT_TYPE_TEMPLATE) end Index: test/openssl/test_buffering.rb =================================================================== --- test/openssl/test_buffering.rb (revision 57040) +++ test/openssl/test_buffering.rb (revision 57041) @@ -37,6 +37,7 @@ class OpenSSL::TestBuffering < OpenSSL:: https://github.com/ruby/ruby/blob/trunk/test/openssl/test_buffering.rb#L37 end def setup + super @io = IO.new end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/