ruby-changes:23950
From: emboss <ko1@a...>
Date: Sun, 10 Jun 2012 10:23:32 +0900 (JST)
Subject: [ruby-changes:23950] emboss:r36001 (trunk): * ext/openssl/ossl.c
emboss 2012-06-10 10:23:21 +0900 (Sun, 10 Jun 2012) New Revision: 36001 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=36001 Log: * ext/openssl/ossl.c ext/openssl/ossl_pkey_rsa.c ext/openssl/ossl_pkey_dsa.c ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less than four characters long, as OpenSSL itself does not allow this. Issue found by Eric Hodel. * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, following the PKey interface contract. * test/openssl/test_pkey_dsa.rb test/openssl/test_pkey_rsa.rb test/openssl/test_pkey_ec.rb: Add tests that assert correct behaviour when dealing with passwords that are less than four characters long. [ruby-core: 42281][ruby-trunk - Bug #5951] Modified files: trunk/ChangeLog trunk/ext/openssl/ossl.h trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/test/openssl/test_pkey_dsa.rb trunk/test/openssl/test_pkey_ec.rb trunk/test/openssl/test_pkey_rsa.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 36000) +++ ChangeLog (revision 36001) @@ -1,3 +1,20 @@ +Sun Jun 10 10:21:37 2012 Martin Bosslet <Martin.Bosslet@g...> + + * ext/openssl/ossl.c + ext/openssl/ossl_pkey_rsa.c + ext/openssl/ossl_pkey_dsa.c + ext/openssl/ossl_pkey_ec.c: Forbid export passwords that are less + than four characters long, as OpenSSL itself does not allow this. + Issue found by Eric Hodel. + * ext/openssl/ossl_pkey_ec.c: Add export as an alias of to_pem, + following the PKey interface contract. + * test/openssl/test_pkey_dsa.rb + test/openssl/test_pkey_rsa.rb + test/openssl/test_pkey_ec.rb: Add tests that assert correct + behaviour when dealing with passwords that are less than four + characters long. + [ruby-core: 42281][ruby-trunk - Bug #5951] + Sun Jun 10 10:14:26 2012 Tanaka Akira <akr@f...> * process.c (rb_f_exec): use rb_exec_arg_prepare. Index: ext/openssl/ossl_pkey_dsa.c =================================================================== --- ext/openssl/ossl_pkey_dsa.c (revision 36000) +++ ext/openssl/ossl_pkey_dsa.c (revision 36001) @@ -318,7 +318,10 @@ if (!NIL_P(cipher)) { ciph = GetCipherPtr(cipher); if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); + StringValue(pass); + if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + passwd = RSTRING_PTR(pass); } } if (!(out = BIO_new(BIO_s_mem()))) { Index: ext/openssl/ossl_pkey_rsa.c =================================================================== --- ext/openssl/ossl_pkey_rsa.c (revision 36000) +++ ext/openssl/ossl_pkey_rsa.c (revision 36001) @@ -314,7 +314,10 @@ if (!NIL_P(cipher)) { ciph = GetCipherPtr(cipher); if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); + StringValue(pass); + if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + passwd = RSTRING_PTR(pass); } } if (!(out = BIO_new(BIO_s_mem()))) { Index: ext/openssl/ossl_pkey_ec.c =================================================================== --- ext/openssl/ossl_pkey_ec.c (revision 36000) +++ ext/openssl/ossl_pkey_ec.c (revision 36001) @@ -493,7 +493,10 @@ if (!NIL_P(ciph)) { cipher = GetCipherPtr(ciph); if (!NIL_P(pass)) { - password = StringValuePtr(pass); + StringValue(pass); + if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + password = RSTRING_PTR(pass); } } else { @@ -530,8 +533,8 @@ /* * call-seq: - * key.to_pem => String - * key.to_pem(cipher, pass_phrase) => String + * key.export => String + * key.export(cipher, pass_phrase) => String * * Outputs the EC key in PEM encoding. If +cipher+ and +pass_phrase+ are * given they will be used to encrypt the key. +cipher+ must be an @@ -540,7 +543,7 @@ * text. * */ -static VALUE ossl_ec_key_to_pem(int argc, VALUE *argv, VALUE self) +static VALUE ossl_ec_key_export(int argc, VALUE *argv, VALUE self) { VALUE cipher, passwd; rb_scan_args(argc, argv, "02", &cipher, &passwd); @@ -1533,7 +1536,8 @@ rb_define_method(cEC, "dsa_verify_asn1", ossl_ec_key_dsa_verify_asn1, 2); /* do_sign/do_verify */ - rb_define_method(cEC, "to_pem", ossl_ec_key_to_pem, -1); + rb_define_method(cEC, "export", ossl_ec_key_export, -1); + rb_define_alias(cEC, "to_pem", "export"); rb_define_method(cEC, "to_der", ossl_ec_key_to_der, 0); rb_define_method(cEC, "to_text", ossl_ec_key_to_text, 0); Index: ext/openssl/ossl.h =================================================================== --- ext/openssl/ossl.h (revision 36000) +++ ext/openssl/ossl.h (revision 36001) @@ -74,6 +74,11 @@ # include <openssl/ocsp.h> #endif +/* OpenSSL requires passwords for PEM-encoded files to be at least four + * characters long + */ +#define OSSL_MIN_PWD_LEN 4 + /* * Common Module */ Index: test/openssl/test_pkey_ec.rb =================================================================== --- test/openssl/test_pkey_ec.rb (revision 36000) +++ test/openssl/test_pkey_ec.rb (revision 36001) @@ -175,6 +175,15 @@ assert_equal([], OpenSSL.errors) end + def test_export_password_length + key = OpenSSL::TestUtils::TEST_KEY_EC_P256V1 + assert_raise(OpenSSL::OpenSSLError) do + key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec') + end + pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr') + assert(pem) + end + # test Group: asn1_flag, point_conversion end Index: test/openssl/test_pkey_dsa.rb =================================================================== --- test/openssl/test_pkey_dsa.rb (revision 36000) +++ test/openssl/test_pkey_dsa.rb (revision 36001) @@ -218,6 +218,15 @@ assert_equal([], OpenSSL.errors) end + def test_export_password_length + key = OpenSSL::TestUtils::TEST_KEY_DSA256 + assert_raise(OpenSSL::OpenSSLError) do + key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec') + end + pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr') + assert(pem) + end + private def check_sign_verify(digest) Index: test/openssl/test_pkey_rsa.rb =================================================================== --- test/openssl/test_pkey_rsa.rb (revision 36000) +++ test/openssl/test_pkey_rsa.rb (revision 36001) @@ -244,6 +244,15 @@ assert_equal([], OpenSSL.errors) end + def test_export_password_length + key = OpenSSL::TestUtils::TEST_KEY_RSA1024 + assert_raise(OpenSSL::OpenSSLError) do + key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'sec') + end + pem = key.export(OpenSSL::Cipher.new('AES-128-CBC'), 'secr') + assert(pem) + end + private def check_PUBKEY(asn1, key) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/