ruby-changes:16384
From: shyouhei <ko1@a...>
Date: Mon, 21 Jun 2010 18:19:22 +0900 (JST)
Subject: [ruby-changes:16384] Ruby:r28367 (ruby_1_8_7): merge revision(s) 26836:26859,26861,27921:
shyouhei 2010-06-21 18:18:59 +0900 (Mon, 21 Jun 2010) New Revision: 28367 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=28367 Log: merge revision(s) 26836:26859,26861,27921: * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by backporting. (see [ruby-dev:40573]) use long in according to OpenSSL API. (SSL_SESSION_{get,set}_time{,out}) * ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper for X509_NAME_hash_old in OpenSSL 1.0.0. * test/openssl/test_x509name.rb (test_hash): make test pass with OpenSSL 1.0.0. * test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5. * PKey::PKey#verify raises an exception when a given PKey does not match with signature. * PKey::DSA#sign accepts SHA1, SHA256 other than DSS1. * backport the commit from trunk: Sun Feb 28 11:49:35 2010 NARUSE, Yui <naruse@r...> * openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0. patched by Jeroen van Meeuwen at [ruby-core:25210] fixed by Nobuyoshi Nakada [ruby-core:25238], Hongli Lai [ruby-core:27417], and Motohiro KOSAKI [ruby-core:28063] * ext/openssl/ossl_ssl.c (ossl_ssl_method_tab), (ossl_ssl_cipher_to_ary): constified. * ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls): split pkcs7_get_certs_or_crls. * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is truncated with ec_key.group.order.size after openssl 0.9.8m for FIPS 186-3 compliance. WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns false when you pass dgst longer than expected (no truncation performed). * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed. * ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098 macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m. OpenSSL 1.0.0beta5 has a slightly different definiton so it could be a temporal workaround for 0.9.8 and 1.0.0 dual support. * ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0 (0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1) * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use SSL_SESSION_cmp and implement equality func by ousrself. See the comment. * ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0. * ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which exists. Modified files: branches/ruby_1_8_7/ChangeLog branches/ruby_1_8_7/ext/openssl/extconf.rb branches/ruby_1_8_7/ext/openssl/ossl.c branches/ruby_1_8_7/ext/openssl/ossl.h branches/ruby_1_8_7/ext/openssl/ossl_config.c branches/ruby_1_8_7/ext/openssl/ossl_engine.c branches/ruby_1_8_7/ext/openssl/ossl_pkcs5.c branches/ruby_1_8_7/ext/openssl/ossl_pkcs7.c branches/ruby_1_8_7/ext/openssl/ossl_pkey_ec.c branches/ruby_1_8_7/ext/openssl/ossl_ssl.c branches/ruby_1_8_7/ext/openssl/ossl_ssl_session.c branches/ruby_1_8_7/ext/openssl/ossl_x509attr.c branches/ruby_1_8_7/ext/openssl/ossl_x509crl.c branches/ruby_1_8_7/ext/openssl/ossl_x509name.c branches/ruby_1_8_7/test/openssl/test_ec.rb branches/ruby_1_8_7/test/openssl/test_x509cert.rb branches/ruby_1_8_7/test/openssl/test_x509crl.rb branches/ruby_1_8_7/test/openssl/test_x509req.rb branches/ruby_1_8_7/version.h Index: ruby_1_8_7/ext/openssl/ossl_x509attr.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_x509attr.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_x509attr.c (revision 28367) @@ -217,8 +217,9 @@ ossl_str_adjust(str, p); } else{ - length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL, - i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); + length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, + (unsigned char **) NULL, i2d_ASN1_TYPE, + V_ASN1_SET, V_ASN1_UNIVERSAL, 0); str = rb_str_new(0, length); p = RSTRING_PTR(str); i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p, Index: ruby_1_8_7/ext/openssl/ossl_ssl.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_ssl.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_ssl.c (revision 28367) @@ -1196,10 +1196,10 @@ } chain = SSL_get_peer_cert_chain(ssl); if(!chain) return Qnil; - num = sk_num(chain); + num = sk_X509_num(chain); ary = rb_ary_new2(num); for (i = 0; i < num; i++){ - cert = (X509*)sk_value(chain, i); + cert = sk_X509_value(chain, i); rb_ary_push(ary, ossl_x509_new(cert)); } Index: ruby_1_8_7/ext/openssl/ossl_engine.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_engine.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_engine.c (revision 28367) @@ -61,16 +61,34 @@ } StringValue(name); #ifndef OPENSSL_NO_STATIC_ENGINE +#if HAVE_ENGINE_LOAD_DYNAMIC OSSL_ENGINE_LOAD_IF_MATCH(dynamic); +#endif +#if HAVE_ENGINE_LOAD_CSWIFT OSSL_ENGINE_LOAD_IF_MATCH(cswift); +#endif +#if HAVE_ENGINE_LOAD_CHIL OSSL_ENGINE_LOAD_IF_MATCH(chil); +#endif +#if HAVE_ENGINE_LOAD_ATALLA OSSL_ENGINE_LOAD_IF_MATCH(atalla); +#endif +#if HAVE_ENGINE_LOAD_NURON OSSL_ENGINE_LOAD_IF_MATCH(nuron); +#endif +#if HAVE_ENGINE_LOAD_UBSEC OSSL_ENGINE_LOAD_IF_MATCH(ubsec); +#endif +#if HAVE_ENGINE_LOAD_AEP OSSL_ENGINE_LOAD_IF_MATCH(aep); +#endif +#if HAVE_ENGINE_LOAD_SUREWARE OSSL_ENGINE_LOAD_IF_MATCH(sureware); +#endif +#if HAVE_ENGINE_LOAD_4758CCA OSSL_ENGINE_LOAD_IF_MATCH(4758cca); #endif +#endif #ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto); #endif Index: ruby_1_8_7/ext/openssl/ossl_config.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_config.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_config.c (revision 28367) @@ -313,6 +313,12 @@ } #ifdef IMPLEMENT_LHASH_DOALL_ARG_FN +#define IMPLEMENT_LHASH_DOALL_ARG_FN_098(f_name,o_type,a_type) \ + void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type a = (o_type)arg1; \ + a_type b = (a_type)arg2; \ + f_name(a,b); } + static void get_conf_section(CONF_VALUE *cv, VALUE ary) { @@ -320,7 +326,7 @@ rb_ary_push(ary, rb_str_new2(cv->section)); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE) +static IMPLEMENT_LHASH_DOALL_ARG_FN_098(get_conf_section, CONF_VALUE*, VALUE) static VALUE ossl_config_get_sections(VALUE self) @@ -358,7 +364,7 @@ rb_str_cat2(str, "\n"); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE) +static IMPLEMENT_LHASH_DOALL_ARG_FN_098(dump_conf_value, CONF_VALUE*, VALUE) static VALUE dump_conf(CONF *conf) @@ -402,7 +408,7 @@ } } -static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*) +static IMPLEMENT_LHASH_DOALL_ARG_FN_098(each_conf_value, CONF_VALUE*, void*) static VALUE ossl_config_each(VALUE self) Index: ruby_1_8_7/ext/openssl/ossl_pkey_ec.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_pkey_ec.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_pkey_ec.c (revision 28367) @@ -681,7 +681,7 @@ /* * call-seq: - * key.dsa_verify(data, sig) => true or false + * key.dsa_verify_asn1(data, sig) => true or false * * See the OpenSSL documentation for ECDSA_verify() */ Index: ruby_1_8_7/ext/openssl/ossl.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl.c (revision 28367) @@ -92,7 +92,7 @@ #define OSSL_IMPL_SK2ARY(name, type) \ VALUE \ -ossl_##name##_sk2ary(STACK *sk) \ +ossl_##name##_sk2ary(STACK_OF(type) *sk) \ { \ type *t; \ int i, num; \ @@ -102,7 +102,7 @@ OSSL_Debug("empty sk!"); \ return Qnil; \ } \ - num = sk_num(sk); \ + num = sk_##type##_num(sk); \ if (num < 0) { \ OSSL_Debug("items in sk < -1???"); \ return rb_ary_new(); \ @@ -110,7 +110,7 @@ ary = rb_ary_new2(num); \ \ for (i=0; i<num; i++) { \ - t = (type *)sk_value(sk, i); \ + t = sk_##type##_value(sk, i); \ rb_ary_push(ary, ossl_##name##_new(t)); \ } \ return ary; \ Index: ruby_1_8_7/ext/openssl/ossl.h =================================================================== --- ruby_1_8_7/ext/openssl/ossl.h (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl.h (revision 28367) @@ -108,6 +108,13 @@ } while (0) /* + * Compatibility + */ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#define STACK _STACK +#endif + +/* * String to HEXString conversion */ int string2hex(char *, int, char **, int *); Index: ruby_1_8_7/ext/openssl/ossl_ssl_session.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_ssl_session.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_ssl_session.c (revision 28367) @@ -86,9 +86,18 @@ GetSSLSession(val1, ctx1); SafeGetSSLSession(val2, ctx2); - switch (SSL_SESSION_cmp(ctx1, ctx2)) { - case 0: return Qtrue; - default: return Qfalse; + /* + * OpenSSL 1.0.0betas do not have non-static SSL_SESSION_cmp. + * ssl_session_cmp (was SSL_SESSION_cmp in 0.9.8) is for lhash + * comparing so we should not depend on it. Just compare sessions + * by version and id. + */ + if ((ctx1->ssl_version == ctx2->ssl_version) && + (ctx1->session_id_length == ctx2->session_id_length) && + (memcmp(ctx1->session_id, ctx2->session_id, ctx1->session_id_length) == 0)) { + return Qtrue; + } else { + return Qfalse; } } Index: ruby_1_8_7/ext/openssl/ossl_x509crl.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_x509crl.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_x509crl.c (revision 28367) @@ -262,7 +262,7 @@ VALUE ary, revoked; GetX509CRL(self, crl); - num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl)); + num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); if (num < 0) { OSSL_Debug("num < 0???"); return rb_ary_new(); @@ -270,7 +270,7 @@ ary = rb_ary_new2(num); for(i=0; i<num; i++) { /* NO DUP - don't free! */ - rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i); + rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); revoked = ossl_x509revoked_new(rev); rb_ary_push(ary, revoked); } Index: ruby_1_8_7/ext/openssl/ossl_x509name.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_x509name.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_x509name.c (revision 28367) @@ -306,8 +306,29 @@ return ULONG2NUM(hash); } +#ifdef HAVE_X509_NAME_HASH_OLD /* * call-seq: + * name.hash_old => integer + * + * hash_old returns MD5 based hash used in OpenSSL 0.9.X. + */ +static VALUE +ossl_x509name_hash_old(VALUE self) +{ + X509_NAME *name; + unsigned long hash; + + GetX509Name(self, name); + + hash = X509_NAME_hash_old(name); + + return ULONG2NUM(hash); +} +#endif + +/* + * call-seq: * name.to_der => string */ static VALUE @@ -351,6 +372,9 @@ rb_define_alias(cX509Name, "<=>", "cmp"); rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1); rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0); +#ifdef HAVE_X509_NAME_HASH_OLD + rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0); +#endif rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0); utf8str = INT2NUM(V_ASN1_UTF8STRING); Index: ruby_1_8_7/ext/openssl/ossl_pkcs5.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_pkcs5.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_pkcs5.c (revision 28367) @@ -29,14 +29,17 @@ VALUE str; const EVP_MD *md; int len = NUM2INT(keylen); + unsigned char* salt_p; + unsigned char* str_p; StringValue(pass); StringValue(salt); md = GetDigestPtr(digest); - str = rb_str_new(0, len); + salt_p = (unsigned char*)RSTRING_PTR(salt); + str_p = (unsigned char*)RSTRING_PTR(str); - if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), md, len, RSTRING_PTR(str)) != 1) + if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), salt_p, RSTRING_LEN(salt), NUM2INT(iter), md, len, str_p) != 1) ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC"); return str; Index: ruby_1_8_7/ext/openssl/ossl_pkcs7.c =================================================================== --- ruby_1_8_7/ext/openssl/ossl_pkcs7.c (revision 28366) +++ ruby_1_8_7/ext/openssl/ossl_pkcs7.c (revision 28367) @@ -570,11 +570,33 @@ return self; } -static STACK * -pkcs7_get_certs_or_crls(VALUE self, int want_certs) +static STACK_OF(X509) * +pkcs7_get_certs(VALUE self) { PKCS7 *pkcs7; STACK_OF(X509) *certs; + int i; + + GetPKCS7(self, pkcs7); + i = OBJ_obj2nid(pkcs7->type); + switch(i){ + case NID_pkcs7_signed: + certs = pkcs7->d.sign->cert; + break; + case NID_pkcs7_signedAndEnveloped: + certs = pkcs7->d.signed_and_enveloped->cert; + break; + default: + certs = NULL; + } + + return certs; +} + +static STACK_OF(X509_CRL) * +pkcs7_get_crls(VALUE self) +{ + PKCS7 *pkcs7; STACK_OF(X509_CRL) *crls; int i; @@ -582,18 +604,16 @@ i = OBJ_obj2nid(pkcs7->type); switch(i){ case NID_pkcs7_signed: - certs = pkcs7->d.sign->cert; crls = pkcs7->d.sign->crl; break; case NID_pkcs7_signedAndEnveloped: - certs = pkcs7->d.signed_and_enveloped->cert; crls = pkcs7->d.signed_and_enveloped->crl; break; default: - certs = crls = NULL; + crls = NULL; } - return want_certs ? certs : crls; + return crls; } static VALUE @@ -608,7 +628,7 @@ STACK_OF(X509) *certs; X509 *cert; - certs = pkcs7_get_certs_or_crls(self, 1); + certs = pkcs7_get_certs(self); while((cert = sk_X509_pop(certs))) X509_free(cert); rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self); @@ -618,7 +638,7 @@ static VALUE ossl_pkcs7_get_certificates(VALUE self) { - return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1)); + return ossl_x509_sk2ary(pkcs7_get_certs(self)); } static VALUE @@ -648,7 +668,7 @@ STACK_OF(X509_CRL) *crls; X509_CRL *crl; - crls = pkcs7_get_certs_or_crls(self, 0); + crls = pkcs7_get_crls(self); while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl); rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self); @@ -658,7 +678,7 @@ static VALUE ossl_pkcs7_get_crls(VALUE self) { - return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0)); + return ossl_x509crl_sk2ary(pkcs7_get_crls(self)); } static VALUE Index: ruby_1_8_7/ext/openssl/extconf.rb =================================================================== --- ruby_1_8_7/ext/openssl/extconf.rb (revision 28366) +++ ruby_1_8_7/ext/openssl/extconf.rb (revision 28367) @@ -91,6 +91,7 @@ have_func("X509_CRL_set_issuer_name") have_func("X509_CRL_set_version") have_func("X509_CRL_sort") +have_func("X509_NAME_hash_old") have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") have_func("OBJ_NAME_do_all_sorted") @@ -106,6 +107,14 @@ have_func("ENGINE_get_digest") have_func("ENGINE_get_cipher") have_func("ENGINE_cleanup") + have_func("ENGINE_load_4758cca") + have_func("ENGINE_load_aep") + have_func("ENGINE_load_atalla") + have_func("ENGINE_load_chil") + have_func("ENGINE_load_cswift") + have_func("ENGINE_load_nuron") + have_func("ENGINE_load_sureware") + have_func("ENGINE_load_ubsec") end if try_compile(<<SRC) #include <openssl/opensslv.h> Index: ruby_1_8_7/ChangeLog =================================================================== --- ruby_1_8_7/ChangeLog (revision 28366) +++ ruby_1_8_7/ChangeLog (revision 28367) @@ -1,3 +1,78 @@ +Mon Jun 21 18:12:15 2010 NAKAMURA Usaku <usa@r...> + + * ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0. + + * ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which + exists. + +Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@r...> + + * ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098 + macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m. + OpenSSL 1.0.0beta5 has a slightly different definiton so it could + be a temporal workaround for 0.9.8 and 1.0.0 dual support. + + * ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function + definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0 + (0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1) + + * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use + SSL_SESSION_cmp and implement equality func by ousrself. See the + comment. + +Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@r...> + + * ext/openssl/ossl_ssl_session.c + (ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by + backporting. (see [ruby-dev:40573]) use long in according to + OpenSSL API. (SSL_SESSION_{get,set}_time{,out}) + +Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@r...> + + * ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper + for X509_NAME_hash_old in OpenSSL 1.0.0. + + * test/openssl/test_x509name.rb (test_hash): make test pass with + OpenSSL 1.0.0. + +Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@r...> + + * test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5. + * PKey::PKey#verify raises an exception when a given PKey does not + match with signature. + * PKey::DSA#sign accepts SHA1, SHA256 other than DSS1. + +Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@r...> + + * backport the commit from trunk: + Sun Feb 28 11:49:35 2010 NARUSE, Yui <naruse@r...> + + * openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0. + patched by Jeroen van Meeuwen at [ruby-core:25210] + fixed by Nobuyoshi Nakada [ruby-core:25238], + Hongli Lai [ruby-core:27417], + and Motohiro KOSAKI [ruby-core:28063] + + * ext/openssl/ossl_ssl.c (ossl_ssl_method_tab), + (ossl_ssl_cipher_to_ary): constified. + + * ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls): + split pkcs7_get_certs_or_crls. + +Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@r...> + + * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is + truncated with ec_key.group.order.size after openssl 0.9.8m for + FIPS 186-3 compliance. + + WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using + openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises + OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns + false when you pass dgst longer than expected (no truncation + performed). + + * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed. + Wed Jun 16 16:01:42 2010 Tanaka Akira <akr@f...> * lib/pathname.rb (Pathname#sub): suppress a warning. Index: ruby_1_8_7/version.h =================================================================== --- ruby_1_8_7/version.h (revision 28366) +++ ruby_1_8_7/version.h (revision 28367) @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.7" -#define RUBY_RELEASE_DATE "2010-06-16" +#define RUBY_RELEASE_DATE "2010-06-21" #define RUBY_VERSION_CODE 187 -#define RUBY_RELEASE_CODE 20100616 -#define RUBY_PATCHLEVEL 296 +#define RUBY_RELEASE_CODE 20100621 +#define RUBY_PATCHLEVEL 297 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 7 #define RUBY_RELEASE_YEAR 2010 #define RUBY_RELEASE_MONTH 6 -#define RUBY_RELEASE_DAY 16 +#define RUBY_RELEASE_DAY 21 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; Index: ruby_1_8_7/test/openssl/test_x509cert.rb =================================================================== --- ruby_1_8_7/test/openssl/test_x509cert.rb (revision 28366) +++ ruby_1_8_7/test/openssl/test_x509cert.rb (revision 28367) @@ -129,13 +129,31 @@ end + def test_sign_and_verify_wrong_key_type + cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::DSS1.new) + begin + assert_equal(false, cert_rsa.verify(@dsa256)) + rescue OpenSSL::X509::CertificateError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + + begin + assert_equal(false, cert_dsa.verify(@rsa1024)) + rescue OpenSSL::X509::CertificateError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + end + def test_sign_and_verify cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], nil, nil, OpenSSL::Digest::SHA1.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(true, cert.verify(@rsa2048)) - assert_equal(false, cert.verify(@dsa256)) - assert_equal(false, cert.verify(@dsa512)) cert.serial = 2 assert_equal(false, cert.verify(@rsa2048)) @@ -143,33 +161,22 @@ nil, nil, OpenSSL::Digest::MD5.new) assert_equal(false, cert.verify(@rsa1024)) assert_equal(true, cert.verify(@rsa2048)) - assert_equal(false, cert.verify(@dsa256)) - assert_equal(false, cert.verify(@dsa512)) cert.subject = @ee1 assert_equal(false, cert.verify(@rsa2048)) cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], nil, nil, OpenSSL::Digest::DSS1.new) - assert_equal(false, cert.verify(@rsa1024)) - assert_equal(false, cert.verify(@rsa2048)) assert_equal(false, cert.verify(@dsa256)) assert_equal(true, cert.verify(@dsa512)) cert.not_after = Time.now assert_equal(false, cert.verify(@dsa512)) + end + def test_dsig_algorithm_mismatch assert_raises(OpenSSL::X509::CertificateError){ cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], nil, nil, OpenSSL::Digest::DSS1.new) } - assert_raises(OpenSSL::X509::CertificateError){ - cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::MD5.new) - } - assert_raises(OpenSSL::X509::CertificateError){ - cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], - nil, nil, OpenSSL::Digest::SHA1.new) - } + end end end - -end Index: ruby_1_8_7/test/openssl/test_ec.rb =================================================================== --- ruby_1_8_7/test/openssl/test_ec.rb (revision 28366) +++ ruby_1_8_7/test/openssl/test_ec.rb (revision 28367) @@ -87,9 +87,7 @@ def test_dsa_sign_verify for key in @keys sig = key.dsa_sign_asn1(@data1) - assert_equal(key.dsa_verify_asn1(@data1, sig), true) - - assert_raises(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) } + assert(key.dsa_verify_asn1(@data1, sig)) end end Index: ruby_1_8_7/test/openssl/test_x509crl.rb =================================================================== --- ruby_1_8_7/test/openssl/test_x509crl.rb (revision 28366) +++ ruby_1_8_7/test/openssl/test_x509crl.rb (revision 28367) @@ -190,6 +190,30 @@ assert_match((2**100).to_s, crl.extensions[0].value) end + def test_sign_and_verify_wrong_key_type + cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::SHA1.new) + crl_rsa = issue_crl([], 1, Time.now, Time.now+1600, [], + cert_rsa, @rsa2048, OpenSSL::Digest::SHA1.new) + cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [], + nil, nil, OpenSSL::Digest::DSS1.new) + crl_dsa = issue_crl([], 1, Time.now, Time.now+1600, [], + cert_dsa, @dsa512, OpenSSL::Digest::DSS1.new) + begin + assert_equal(false, crl_rsa.verify(@dsa256)) + rescue OpenSSL::X509::CRLError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + + begin + assert_equal(false, crl_dsa.verify(@rsa1024)) + rescue OpenSSL::X509::CRLError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + end + def test_sign_and_verify cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [], nil, nil, OpenSSL::Digest::SHA1.new) @@ -197,8 +221,6 @@ cert, @rsa2048, OpenSSL::Digest::SHA1.new) assert_equal(false, crl.verify(@rsa1024)) assert_equal(true, crl.verify(@rsa2048)) - assert_equal(false, crl.verify(@dsa256)) - assert_equal(false, crl.verify(@dsa512)) crl.version = 0 assert_equal(false, crl.verify(@rsa2048)) @@ -206,8 +228,6 @@ nil, nil, OpenSSL::Digest::DSS1.new) crl = issue_crl([], 1, Time.now, Time.now+1600, [], cert, @dsa512, OpenSSL::Digest::DSS1.new) - assert_equal(false, crl.verify(@rsa1024)) - assert_equal(false, crl.verify(@rsa2048)) assert_equal(false, crl.verify(@dsa256)) assert_equal(true, crl.verify(@dsa512)) crl.version = 0 Index: ruby_1_8_7/test/openssl/test_x509req.rb =================================================================== --- ruby_1_8_7/test/openssl/test_x509req.rb (revision 28366) +++ ruby_1_8_7/test/openssl/test_x509req.rb (revision 28367) @@ -103,37 +103,51 @@ assert_equal(exts, get_ext_req(attrs[1].value)) end + def test_sign_and_verify_wrong_key_type + req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new) + req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new) + begin + assert_equal(false, req_rsa.verify(@dsa256)) + rescue OpenSSL::X509::RequestError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + + begin + assert_equal(false, req_dsa.verify(@rsa1024)) + rescue OpenSSL::X509::RequestError => e + # OpenSSL 1.0.0 added checks for pkey OID + assert_equal('wrong public key type', e.message) + end + end + def test_sign_and_verify req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new) assert_equal(true, req.verify(@rsa1024)) assert_equal(false, req.verify(@rsa2048)) - assert_equal(false, req.verify(@dsa256)) - assert_equal(false, req.verify(@dsa512)) req.version = 1 assert_equal(false, req.verify(@rsa1024)) req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new) assert_equal(false, req.verify(@rsa1024)) assert_equal(true, req.verify(@rsa2048)) - assert_equal(false, req.verify(@dsa256)) - assert_equal(false, req.verify(@dsa512)) req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar") assert_equal(false, req.verify(@rsa2048)) req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new) - assert_equal(false, req.verify(@rsa1024)) - assert_equal(false, req.verify(@rsa2048)) assert_equal(false, req.verify(@dsa256)) assert_equal(true, req.verify(@dsa512)) req.public_key = @rsa1024.public_key assert_equal(false, req.verify(@dsa512)) + end - assert_raise(OpenSSL::X509::RequestError){ - issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) } - assert_raise(OpenSSL::X509::RequestError){ - issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) } - assert_raise(OpenSSL::X509::RequestError){ - issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) } + def test_dsig_algorithm_mismatch + assert_raise(OpenSSL::X509::RequestError) do + issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) + end + assert_raise(OpenSSL::X509::RequestError) do + issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) + end end end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/