[前][次][番号順一覧][スレッド一覧]

ruby-changes:44880

From: rhe <ko1@a...>
Date: Thu, 1 Dec 2016 13:42:15 +0900 (JST)
Subject: [ruby-changes:44880] rhe:r56953 (trunk): openssl: import fixes from upstream

rhe	2016-12-01 13:42:10 +0900 (Thu, 01 Dec 2016)

  New Revision: 56953

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=56953

  Log:
    openssl: import fixes from upstream
    
    Import the following two commits from upstream:
    
      commit 72126d6c8b88abd69c3565fc3bbbd5ed1e401611
      Author: Kazuki Yamaguchi <k@r...>
      Date:   Thu Dec 1 22:27:03 2016 +0900
    
          pkey: check existence of EVP_PKEY_get0()
    
          EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define
          ourselves if needed.
    
      commit 94a1c4e0c5705ad1e9a4ca08cacaa6cba8b1e6f5
      Author: Kazuki Yamaguchi <k@r...>
      Date:   Thu Dec 1 22:13:22 2016 +0900
    
          test/test_cipher: fix test with OpenSSL 1.0.1 before 1.0.1d
    
          Set the authentication tag before the AAD when decrypting.
    
          Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext
          in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in
          OpenSSL 1.0.1d), the authentication tag must be set before any calls of
          EVP_CipherUpdate().
    
    They should fix build on CentOS 5 and Ubuntu 12.04 respectively.

  Modified files:
    trunk/ext/openssl/extconf.rb
    trunk/ext/openssl/openssl_missing.h
    trunk/test/openssl/test_cipher.rb
Index: ext/openssl/extconf.rb
===================================================================
--- ext/openssl/extconf.rb	(revision 56952)
+++ ext/openssl/extconf.rb	(revision 56953)
@@ -95,6 +95,7 @@ have_func("i2d_ASN1_SET_ANY") https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L95
 have_func("SSL_SESSION_cmp") # removed
 OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
 have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
+have_func("EVP_PKEY_get0")
 
 # added in 1.0.1
 have_func("SSL_CTX_set_next_proto_select_cb")
Index: ext/openssl/openssl_missing.h
===================================================================
--- ext/openssl/openssl_missing.h	(revision 56952)
+++ ext/openssl/openssl_missing.h	(revision 56953)
@@ -47,6 +47,10 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CT https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L47
 		i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0)
 #endif
 
+#if !defined(HAVE_EVP_PKEY_GET0)
+#  define EVP_PKEY_get0(pk) (pk->pkey.ptr)
+#endif
+
 /* added in 1.0.2 */
 #if !defined(OPENSSL_NO_EC)
 #if !defined(HAVE_EC_CURVE_NIST2NID)
Index: test/openssl/test_cipher.rb
===================================================================
--- test/openssl/test_cipher.rb	(revision 56952)
+++ test/openssl/test_cipher.rb	(revision 56953)
@@ -192,32 +192,32 @@ class OpenSSL::TestCipher < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L192
     cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad)
     assert_equal ct, cipher.update(pt) << cipher.final
     assert_equal tag, cipher.auth_tag
-    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag)
+    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad)
     assert_equal pt, cipher.update(ct) << cipher.final
 
     # truncated tag is accepted
     cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad)
     assert_equal ct, cipher.update(pt) << cipher.final
     assert_equal tag[0, 8], cipher.auth_tag(8)
-    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag[0, 8])
+    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag[0, 8], auth_data: aad)
     assert_equal pt, cipher.update(ct) << cipher.final
 
     # wrong tag is rejected
     tag2 = tag.dup
     tag2.setbyte(-1, (tag2.getbyte(-1) + 1) & 0xff)
-    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag2)
+    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag2, auth_data: aad)
     cipher.update(ct)
     assert_raise(OpenSSL::Cipher::CipherError) { cipher.final }
 
     # wrong aad is rejected
     aad2 = aad[0..-2] << aad[-1].succ
-    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad2, auth_tag: tag)
+    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad2)
     cipher.update(ct)
     assert_raise(OpenSSL::Cipher::CipherError) { cipher.final }
 
     # wrong ciphertext is rejected
     ct2 = ct[0..-2] << ct[-1].succ
-    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag)
+    cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad)
     cipher.update(ct2)
     assert_raise(OpenSSL::Cipher::CipherError) { cipher.final }
   end if has_cipher?("aes-128-gcm")
@@ -241,7 +241,7 @@ class OpenSSL::TestCipher < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L241
     cipher = new_encryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_data: aad)
     assert_equal ct, cipher.update(pt) << cipher.final
     assert_equal tag, cipher.auth_tag
-    cipher = new_decryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_data: aad, auth_tag: tag)
+    cipher = new_decryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_tag: tag, auth_data: aad)
     assert_equal pt, cipher.update(ct) << cipher.final
   end if has_cipher?("aes-128-gcm")
 
@@ -257,7 +257,7 @@ class OpenSSL::TestCipher < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L257
     cipher = new_encryptor("aes-128-ocb", key: key, iv: iv, auth_data: aad)
     assert_equal ct, cipher.update(pt) << cipher.final
     assert_equal tag, cipher.auth_tag
-    cipher = new_decryptor("aes-128-ocb", key: key, iv: iv, auth_data: aad, auth_tag: tag)
+    cipher = new_decryptor("aes-128-ocb", key: key, iv: iv, auth_tag: tag, auth_data: aad)
     assert_equal pt, cipher.update(ct) << cipher.final
 
     # RFC 7253 Appendix A; with 96 bits tag length
@@ -274,7 +274,7 @@ class OpenSSL::TestCipher < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L274
     cipher = new_encryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_data: aad)
     assert_equal ct, cipher.update(pt) << cipher.final
     assert_equal tag, cipher.auth_tag
-    cipher = new_decryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_data: aad, auth_tag: tag)
+    cipher = new_decryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_tag: tag, auth_data: aad)
     assert_equal pt, cipher.update(ct) << cipher.final
 
   end if has_cipher?("aes-128-ocb")

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]