ruby-changes:52220
From: nagachika <ko1@a...>
Date: Sat, 18 Aug 2018 11:39:16 +0900 (JST)
Subject: [ruby-changes:52220] nagachika:r64428 (ruby_2_5): merge revision(s) 63406: [Backport #14754]
nagachika 2018-08-18 11:39:09 +0900 (Sat, 18 Aug 2018) New Revision: 64428 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=64428 Log: merge revision(s) 63406: [Backport #14754] openssl: merge changes in v2.1.1 Commits in upstream repository since v2.1.0 can be found at: https://github.com/ruby/openssl/compare/v2.1.0...v2.1.1 ---------------------------------------------------------------- Kazuki Yamaguchi (7): test/utils: disable Thread's report_on_exception in start_server cipher: validate iterations argument for Cipher#pkcs5_keyivgen extconf.rb: fix build with LibreSSL 2.7.0 test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1 test/test_ssl_session: set client protocol version explicitly Ruby/OpenSSL 2.0.8 Ruby/OpenSSL 2.1.1 Modified directories: branches/ruby_2_5/ Modified files: branches/ruby_2_5/ext/openssl/History.md branches/ruby_2_5/ext/openssl/extconf.rb branches/ruby_2_5/ext/openssl/openssl.gemspec branches/ruby_2_5/ext/openssl/ossl_cipher.c branches/ruby_2_5/ext/openssl/ossl_version.h branches/ruby_2_5/test/openssl/test_cipher.rb branches/ruby_2_5/test/openssl/test_pkey_rsa.rb branches/ruby_2_5/test/openssl/test_ssl_session.rb branches/ruby_2_5/version.h Index: ruby_2_5/version.h =================================================================== --- ruby_2_5/version.h (revision 64427) +++ ruby_2_5/version.h (revision 64428) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/version.h#L1 #define RUBY_VERSION "2.5.2" #define RUBY_RELEASE_DATE "2018-08-18" -#define RUBY_PATCHLEVEL 72 +#define RUBY_PATCHLEVEL 73 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 8 Index: ruby_2_5/ext/openssl/History.md =================================================================== --- ruby_2_5/ext/openssl/History.md (revision 64427) +++ ruby_2_5/ext/openssl/History.md (revision 64428) @@ -55,6 +55,20 @@ Notable changes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/History.md#L55 [[GitHub #177]](https://github.com/ruby/openssl/pull/177) +Version 2.0.8 +============= + +Bug fixes +--------- + +* OpenSSL::Cipher#pkcs5_keyivgen raises an error when a negative iteration + count is given. + [[GitHub #184]](https://github.com/ruby/openssl/pull/184) +* Fixed build with LibreSSL 2.7. + [[GitHub #192]](https://github.com/ruby/openssl/issues/192) + [[GitHub #193]](https://github.com/ruby/openssl/pull/193) + + Version 2.0.7 ============= Index: ruby_2_5/ext/openssl/openssl.gemspec =================================================================== --- ruby_2_5/ext/openssl/openssl.gemspec (revision 64427) +++ ruby_2_5/ext/openssl/openssl.gemspec (revision 64428) @@ -1,16 +1,16 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/openssl.gemspec#L1 # -*- encoding: utf-8 -*- -# stub: openssl 2.1.0 ruby lib +# stub: openssl 2.1.1 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.1.0" + s.version = "2.1.1" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2017-12-14" + s.date = "2018-05-12" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@r...".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] @@ -20,7 +20,7 @@ Gem::Specification.new do |s| https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/openssl.gemspec#L20 s.licenses = ["Ruby".freeze] s.rdoc_options = ["--main".freeze, "README.md".freeze] s.required_ruby_version = Gem::Requirement.new(">= 2.3.0".freeze) - s.rubygems_version = "2.7.3".freeze + s.rubygems_version = "2.7.6".freeze s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography.".freeze if s.respond_to? :specification_version then Index: ruby_2_5/ext/openssl/extconf.rb =================================================================== --- ruby_2_5/ext/openssl/extconf.rb (revision 64427) +++ ruby_2_5/ext/openssl/extconf.rb (revision 64428) @@ -122,8 +122,11 @@ OpenSSL.check_func_or_macro("SSL_get_ser https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/extconf.rb#L122 have_func("SSL_is_server") # added in 1.1.0 +if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || + try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h") + $defs.push("-DHAVE_OPAQUE_OPENSSL") +end have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API") -have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL") have_func("BN_GENCB_new") have_func("BN_GENCB_free") have_func("BN_GENCB_get_arg") Index: ruby_2_5/ext/openssl/ossl_version.h =================================================================== --- ruby_2_5/ext/openssl/ossl_version.h (revision 64427) +++ ruby_2_5/ext/openssl/ossl_version.h (revision 64428) @@ -10,6 +10,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_version.h#L10 #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.1.0" +#define OSSL_VERSION "2.1.1" #endif /* _OSSL_VERSION_H_ */ Index: ruby_2_5/ext/openssl/ossl_cipher.c =================================================================== --- ruby_2_5/ext/openssl/ossl_cipher.c (revision 64427) +++ ruby_2_5/ext/openssl/ossl_cipher.c (revision 64428) @@ -317,6 +317,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VAL https://github.com/ruby/ruby/blob/trunk/ruby_2_5/ext/openssl/ossl_cipher.c#L317 salt = (unsigned char *)RSTRING_PTR(vsalt); } iter = NIL_P(viter) ? 2048 : NUM2INT(viter); + if (iter <= 0) + rb_raise(rb_eArgError, "iterations must be a positive integer"); digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_get_digestbyname(vdigest); GetCipher(self, ctx); EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt, Index: ruby_2_5/test/openssl/test_ssl_session.rb =================================================================== --- ruby_2_5/test/openssl/test_ssl_session.rb (revision 64427) +++ ruby_2_5/test/openssl/test_ssl_session.rb (revision 64428) @@ -198,7 +198,9 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl_session.rb#L198 first_session = nil 10.times do |i| connections = i - server_connect_with_session(port, nil, first_session) { |ssl| + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 + server_connect_with_session(port, cctx, first_session) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets first_session ||= ssl.session @@ -257,6 +259,8 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl_session.rb#L259 connections = nil called = {} + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 sctx = nil ctx_proc = Proc.new { |ctx| sctx = ctx @@ -292,7 +296,7 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl_session.rb#L296 } start_server(ctx_proc: ctx_proc) do |port| connections = 0 - sess0 = server_connect_with_session(port, nil, nil) { |ssl| + sess0 = server_connect_with_session(port, cctx, nil) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session @@ -307,7 +311,7 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl_session.rb#L311 # Internal cache hit connections = 1 - server_connect_with_session(port, nil, sess0.dup) { |ssl| + server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal true, ssl.session_reused? ssl.session @@ -328,7 +332,7 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl_session.rb#L332 # External cache hit connections = 2 - sess2 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess2 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets if !ssl.session_reused? && openssl?(1, 1, 0) && !openssl?(1, 1, 0, 7) # OpenSSL >= 1.1.0, < 1.1.0g @@ -355,7 +359,7 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_ssl_session.rb#L359 # Cache miss connections = 3 - sess3 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess3 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session Index: ruby_2_5/test/openssl/test_pkey_rsa.rb =================================================================== --- ruby_2_5/test/openssl/test_pkey_rsa.rb (revision 64427) +++ ruby_2_5/test/openssl/test_pkey_rsa.rb (revision 64428) @@ -60,6 +60,13 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PK https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_pkey_rsa.rb#L60 end end + def test_generate + key = OpenSSL::PKey::RSA.generate(512, 17) + assert_equal 512, key.n.num_bits + assert_equal 17, key.e + assert_not_nil key.d + end + def test_new_break assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) assert_raise(RuntimeError) do @@ -289,7 +296,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PK https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_pkey_rsa.rb#L296 end def test_dup - key = OpenSSL::PKey::RSA.generate(256, 17) + key = Fixtures.pkey("rsa1024") key2 = key.dup assert_equal key.params, key2.params key2.set_key(key2.n, 3, key2.d) Index: ruby_2_5/test/openssl/test_cipher.rb =================================================================== --- ruby_2_5/test/openssl/test_cipher.rb (revision 64427) +++ ruby_2_5/test/openssl/test_cipher.rb (revision 64428) @@ -44,6 +44,9 @@ class OpenSSL::TestCipher < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/ruby_2_5/test/openssl/test_cipher.rb#L44 s2 = cipher.update(pt) << cipher.final assert_equal s1, s2 + + cipher2 = OpenSSL::Cipher.new("DES-EDE3-CBC").encrypt + assert_raise(ArgumentError) { cipher2.pkcs5_keyivgen(pass, salt, -1, "MD5") } end def test_info Index: ruby_2_5 =================================================================== --- ruby_2_5 (revision 64427) +++ ruby_2_5 (revision 64428) Property changes on: ruby_2_5 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /trunk:r63406 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/