Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

merge revision(s) 26836:26859,26861,27921:

	* ext/openssl/ossl_ssl_session.c
	  (ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by
	  backporting. (see [ruby-dev:40573])  use long in according to
	  OpenSSL API. (SSL_SESSION_{get,set}_time{,out})
	* ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper
	  for X509_NAME_hash_old in OpenSSL 1.0.0.
	* test/openssl/test_x509name.rb (test_hash): make test pass with
	  OpenSSL 1.0.0.
	* test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5.
	  * PKey::PKey#verify raises an exception when a given PKey does not
	    match with signature.
	  * PKey::DSA#sign accepts SHA1, SHA256 other than DSS1.
	* backport the commit from trunk:
	  Sun Feb 28 11:49:35 2010  NARUSE, Yui  <naruse@ruby-lang.org>
	* openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0.
	  patched by Jeroen van Meeuwen at [ruby-core:25210]
	  fixed by Nobuyoshi Nakada [ruby-core:25238],
	  Hongli Lai [ruby-core:27417],
	  and Motohiro KOSAKI [ruby-core:28063]
	* ext/openssl/ossl_ssl.c (ossl_ssl_method_tab),
	  (ossl_ssl_cipher_to_ary): constified.
	* ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls):
	  split pkcs7_get_certs_or_crls.
	* test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
	  truncated with ec_key.group.order.size after openssl 0.9.8m for
	  FIPS 186-3 compliance.
	  WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
	  openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
	  OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
	  false when you pass dgst longer than expected (no truncation
	  performed).
	* ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
	* ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098
	  macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m.
	  OpenSSL 1.0.0beta5 has a slightly different definiton so it could
	  be a temporal workaround for 0.9.8 and 1.0.0 dual support.
	* ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function
	  definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0
	  (0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1)
	* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use
	  SSL_SESSION_cmp and implement equality func by ousrself.  See the
	  comment.
	* ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0.
	* ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which
	  exists.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8_7@28367 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
commit 502078ceffc0fbeceee6e3fd4780a8185c50b197 1 parent 98ff1cd
@shyouhei shyouhei authored
View
75 ChangeLog
@@ -1,3 +1,78 @@
+Mon Jun 21 18:12:15 2010 NAKAMURA Usaku <usa@ruby-lang.org>
+
+ * ext/openssl/extconf.rb: check some functions added at OpenSSL 1.0.0.
+
+ * ext/openssl/ossl_engine.c (ossl_engine_s_load): use engines which
+ exists.
+
+Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+
+ * ext/openssl/ossl_config.c: defined own IMPLEMENT_LHASH_DOALL_ARG_FN_098
+ macro according to IMPLEMENT_LHASH_DOALL_ARG_FN in OpenSSL 0.9.8m.
+ OpenSSL 1.0.0beta5 has a slightly different definiton so it could
+ be a temporal workaround for 0.9.8 and 1.0.0 dual support.
+
+ * ext/openssl/ossl_pkcs5.c (ossl_pkcs5_pbkdf2_hmac): follows function
+ definition in OpenSSL 1.0.0beta5. PKCS5_PBKDF2_HMAC is from 1.0.0
+ (0.9.8 only has PKCS5_PBKDF2_HMAC_SHA1)
+
+ * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_eq): do not use
+ SSL_SESSION_cmp and implement equality func by ousrself. See the
+ comment.
+
+Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+
+ * ext/openssl/ossl_ssl_session.c
+ (ossl_ssl_session_{get,set}_time{,out}): fixed a bug introduced by
+ backporting. (see [ruby-dev:40573]) use long in according to
+ OpenSSL API. (SSL_SESSION_{get,set}_time{,out})
+
+Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+
+ * ext/openssl/ossl_x509name.c: added X509::Name#hash_old as a wrapper
+ for X509_NAME_hash_old in OpenSSL 1.0.0.
+
+ * test/openssl/test_x509name.rb (test_hash): make test pass with
+ OpenSSL 1.0.0.
+
+Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+
+ * test/openssl/test_x509*: make tests pass with OpenSSL 1.0.0b5.
+ * PKey::PKey#verify raises an exception when a given PKey does not
+ match with signature.
+ * PKey::DSA#sign accepts SHA1, SHA256 other than DSS1.
+
+Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+
+ * backport the commit from trunk:
+ Sun Feb 28 11:49:35 2010 NARUSE, Yui <naruse@ruby-lang.org>
+
+ * openssl/ossl.c (OSSL_IMPL_SK2ARY): for OpenSSL 1.0.
+ patched by Jeroen van Meeuwen at [ruby-core:25210]
+ fixed by Nobuyoshi Nakada [ruby-core:25238],
+ Hongli Lai [ruby-core:27417],
+ and Motohiro KOSAKI [ruby-core:28063]
+
+ * ext/openssl/ossl_ssl.c (ossl_ssl_method_tab),
+ (ossl_ssl_cipher_to_ary): constified.
+
+ * ext/openssl/ossl_pkcs7.c (pkcs7_get_certs, pkcs7_get_crls):
+ split pkcs7_get_certs_or_crls.
+
+Mon Jun 21 18:12:15 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org>
+
+ * test/openssl/test_ec.rb: added test_dsa_sign_asn1_FIPS186_3. dgst is
+ truncated with ec_key.group.order.size after openssl 0.9.8m for
+ FIPS 186-3 compliance.
+
+ WARNING: ruby-openssl aims to wrap an OpenSSL so when you're using
+ openssl 0.9.8l or earlier version, EC.dsa_sign_asn1 raises
+ OpenSSL::PKey::ECError as before and EC.dsa_verify_asn1 just returns
+ false when you pass dgst longer than expected (no truncation
+ performed).
+
+ * ext/openssl/ossl_pkey_ec.c: rdoc typo fixed.
+
Wed Jun 16 16:01:42 2010 Tanaka Akira <akr@fsij.org>
* lib/pathname.rb (Pathname#sub): suppress a warning.
View
9 ext/openssl/extconf.rb
@@ -91,6 +91,7 @@
have_func("X509_CRL_set_issuer_name")
have_func("X509_CRL_set_version")
have_func("X509_CRL_sort")
+have_func("X509_NAME_hash_old")
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
have_func("OBJ_NAME_do_all_sorted")
@@ -106,6 +107,14 @@
have_func("ENGINE_get_digest")
have_func("ENGINE_get_cipher")
have_func("ENGINE_cleanup")
+ have_func("ENGINE_load_4758cca")
+ have_func("ENGINE_load_aep")
+ have_func("ENGINE_load_atalla")
+ have_func("ENGINE_load_chil")
+ have_func("ENGINE_load_cswift")
+ have_func("ENGINE_load_nuron")
+ have_func("ENGINE_load_sureware")
+ have_func("ENGINE_load_ubsec")
end
if try_compile(<<SRC)
#include <openssl/opensslv.h>
View
6 ext/openssl/ossl.c
@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
#define OSSL_IMPL_SK2ARY(name, type) \
VALUE \
-ossl_##name##_sk2ary(STACK *sk) \
+ossl_##name##_sk2ary(STACK_OF(type) *sk) \
{ \
type *t; \
int i, num; \
@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk) \
OSSL_Debug("empty sk!"); \
return Qnil; \
} \
- num = sk_num(sk); \
+ num = sk_##type##_num(sk); \
if (num < 0) { \
OSSL_Debug("items in sk < -1???"); \
return rb_ary_new(); \
@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk) \
ary = rb_ary_new2(num); \
\
for (i=0; i<num; i++) { \
- t = (type *)sk_value(sk, i); \
+ t = sk_##type##_value(sk, i); \
rb_ary_push(ary, ossl_##name##_new(t)); \
} \
return ary; \
View
7 ext/openssl/ossl.h
@@ -108,6 +108,13 @@ extern VALUE eOSSLError;
} while (0)
/*
+ * Compatibility
+ */
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#define STACK _STACK
+#endif
+
+/*
* String to HEXString conversion
*/
int string2hex(char *, int, char **, int *);
View
12 ext/openssl/ossl_config.c
@@ -313,6 +313,12 @@ ossl_config_get_section_old(VALUE self, VALUE section)
}
#ifdef IMPLEMENT_LHASH_DOALL_ARG_FN
+#define IMPLEMENT_LHASH_DOALL_ARG_FN_098(f_name,o_type,a_type) \
+ void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+ o_type a = (o_type)arg1; \
+ a_type b = (a_type)arg2; \
+ f_name(a,b); }
+
static void
get_conf_section(CONF_VALUE *cv, VALUE ary)
{
@@ -320,7 +326,7 @@ get_conf_section(CONF_VALUE *cv, VALUE ary)
rb_ary_push(ary, rb_str_new2(cv->section));
}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE)
+static IMPLEMENT_LHASH_DOALL_ARG_FN_098(get_conf_section, CONF_VALUE*, VALUE)
static VALUE
ossl_config_get_sections(VALUE self)
@@ -358,7 +364,7 @@ dump_conf_value(CONF_VALUE *cv, VALUE str)
rb_str_cat2(str, "\n");
}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE)
+static IMPLEMENT_LHASH_DOALL_ARG_FN_098(dump_conf_value, CONF_VALUE*, VALUE)
static VALUE
dump_conf(CONF *conf)
@@ -402,7 +408,7 @@ each_conf_value(CONF_VALUE *cv, void* dummy)
}
}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*)
+static IMPLEMENT_LHASH_DOALL_ARG_FN_098(each_conf_value, CONF_VALUE*, void*)
static VALUE
ossl_config_each(VALUE self)
View
18 ext/openssl/ossl_engine.c
@@ -61,16 +61,34 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
}
StringValue(name);
#ifndef OPENSSL_NO_STATIC_ENGINE
+#if HAVE_ENGINE_LOAD_DYNAMIC
OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
+#endif
+#if HAVE_ENGINE_LOAD_CSWIFT
OSSL_ENGINE_LOAD_IF_MATCH(cswift);
+#endif
+#if HAVE_ENGINE_LOAD_CHIL
OSSL_ENGINE_LOAD_IF_MATCH(chil);
+#endif
+#if HAVE_ENGINE_LOAD_ATALLA
OSSL_ENGINE_LOAD_IF_MATCH(atalla);
+#endif
+#if HAVE_ENGINE_LOAD_NURON
OSSL_ENGINE_LOAD_IF_MATCH(nuron);
+#endif
+#if HAVE_ENGINE_LOAD_UBSEC
OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
+#endif
+#if HAVE_ENGINE_LOAD_AEP
OSSL_ENGINE_LOAD_IF_MATCH(aep);
+#endif
+#if HAVE_ENGINE_LOAD_SUREWARE
OSSL_ENGINE_LOAD_IF_MATCH(sureware);
+#endif
+#if HAVE_ENGINE_LOAD_4758CCA
OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
#endif
+#endif
#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
#endif
View
7 ext/openssl/ossl_pkcs5.c
@@ -29,14 +29,17 @@ ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE key
VALUE str;
const EVP_MD *md;
int len = NUM2INT(keylen);
+ unsigned char* salt_p;
+ unsigned char* str_p;
StringValue(pass);
StringValue(salt);
md = GetDigestPtr(digest);
-
str = rb_str_new(0, len);
+ salt_p = (unsigned char*)RSTRING_PTR(salt);
+ str_p = (unsigned char*)RSTRING_PTR(str);
- if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), md, len, RSTRING_PTR(str)) != 1)
+ if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), salt_p, RSTRING_LEN(salt), NUM2INT(iter), md, len, str_p) != 1)
ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC");
return str;
View
40 ext/openssl/ossl_pkcs7.c
@@ -570,12 +570,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
return self;
}
-static STACK *
-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
+static STACK_OF(X509) *
+pkcs7_get_certs(VALUE self)
{
PKCS7 *pkcs7;
STACK_OF(X509) *certs;
- STACK_OF(X509_CRL) *crls;
int i;
GetPKCS7(self, pkcs7);
@@ -583,17 +582,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs)
switch(i){
case NID_pkcs7_signed:
certs = pkcs7->d.sign->cert;
- crls = pkcs7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
certs = pkcs7->d.signed_and_enveloped->cert;
+ break;
+ default:
+ certs = NULL;
+ }
+
+ return certs;
+}
+
+static STACK_OF(X509_CRL) *
+pkcs7_get_crls(VALUE self)
+{
+ PKCS7 *pkcs7;
+ STACK_OF(X509_CRL) *crls;
+ int i;
+
+ GetPKCS7(self, pkcs7);
+ i = OBJ_obj2nid(pkcs7->type);
+ switch(i){
+ case NID_pkcs7_signed:
+ crls = pkcs7->d.sign->crl;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
crls = pkcs7->d.signed_and_enveloped->crl;
break;
default:
- certs = crls = NULL;
+ crls = NULL;
}
- return want_certs ? certs : crls;
+ return crls;
}
static VALUE
@@ -608,7 +628,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
STACK_OF(X509) *certs;
X509 *cert;
- certs = pkcs7_get_certs_or_crls(self, 1);
+ certs = pkcs7_get_certs(self);
while((cert = sk_X509_pop(certs))) X509_free(cert);
rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
@@ -618,7 +638,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
static VALUE
ossl_pkcs7_get_certificates(VALUE self)
{
- return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
+ return ossl_x509_sk2ary(pkcs7_get_certs(self));
}
static VALUE
@@ -648,7 +668,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
STACK_OF(X509_CRL) *crls;
X509_CRL *crl;
- crls = pkcs7_get_certs_or_crls(self, 0);
+ crls = pkcs7_get_crls(self);
while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
@@ -658,7 +678,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
static VALUE
ossl_pkcs7_get_crls(VALUE self)
{
- return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
+ return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
}
static VALUE
View
2  ext/openssl/ossl_pkey_ec.c
@@ -681,7 +681,7 @@ static VALUE ossl_ec_key_dsa_sign_asn1(VALUE self, VALUE data)
/*
* call-seq:
- * key.dsa_verify(data, sig) => true or false
+ * key.dsa_verify_asn1(data, sig) => true or false
*
* See the OpenSSL documentation for ECDSA_verify()
*/
View
4 ext/openssl/ossl_ssl.c
@@ -1196,10 +1196,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
}
chain = SSL_get_peer_cert_chain(ssl);
if(!chain) return Qnil;
- num = sk_num(chain);
+ num = sk_X509_num(chain);
ary = rb_ary_new2(num);
for (i = 0; i < num; i++){
- cert = (X509*)sk_value(chain, i);
+ cert = sk_X509_value(chain, i);
rb_ary_push(ary, ossl_x509_new(cert));
}
View
15 ext/openssl/ossl_ssl_session.c
@@ -86,9 +86,18 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
GetSSLSession(val1, ctx1);
SafeGetSSLSession(val2, ctx2);
- switch (SSL_SESSION_cmp(ctx1, ctx2)) {
- case 0: return Qtrue;
- default: return Qfalse;
+ /*
+ * OpenSSL 1.0.0betas do not have non-static SSL_SESSION_cmp.
+ * ssl_session_cmp (was SSL_SESSION_cmp in 0.9.8) is for lhash
+ * comparing so we should not depend on it. Just compare sessions
+ * by version and id.
+ */
+ if ((ctx1->ssl_version == ctx2->ssl_version) &&
+ (ctx1->session_id_length == ctx2->session_id_length) &&
+ (memcmp(ctx1->session_id, ctx2->session_id, ctx1->session_id_length) == 0)) {
+ return Qtrue;
+ } else {
+ return Qfalse;
}
}
View
5 ext/openssl/ossl_x509attr.c
@@ -217,8 +217,9 @@ ossl_x509attr_get_value(VALUE self)
ossl_str_adjust(str, p);
}
else{
- length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL,
- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
+ length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
+ (unsigned char **) NULL, i2d_ASN1_TYPE,
+ V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
str = rb_str_new(0, length);
p = RSTRING_PTR(str);
i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
View
4 ext/openssl/ossl_x509crl.c
@@ -262,7 +262,7 @@ ossl_x509crl_get_revoked(VALUE self)
VALUE ary, revoked;
GetX509CRL(self, crl);
- num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
+ num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
if (num < 0) {
OSSL_Debug("num < 0???");
return rb_ary_new();
@@ -270,7 +270,7 @@ ossl_x509crl_get_revoked(VALUE self)
ary = rb_ary_new2(num);
for(i=0; i<num; i++) {
/* NO DUP - don't free! */
- rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
+ rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
revoked = ossl_x509revoked_new(rev);
rb_ary_push(ary, revoked);
}
View
24 ext/openssl/ossl_x509name.c
@@ -306,6 +306,27 @@ ossl_x509name_hash(VALUE self)
return ULONG2NUM(hash);
}
+#ifdef HAVE_X509_NAME_HASH_OLD
+/*
+ * call-seq:
+ * name.hash_old => integer
+ *
+ * hash_old returns MD5 based hash used in OpenSSL 0.9.X.
+ */
+static VALUE
+ossl_x509name_hash_old(VALUE self)
+{
+ X509_NAME *name;
+ unsigned long hash;
+
+ GetX509Name(self, name);
+
+ hash = X509_NAME_hash_old(name);
+
+ return ULONG2NUM(hash);
+}
+#endif
+
/*
* call-seq:
* name.to_der => string
@@ -351,6 +372,9 @@ Init_ossl_x509name()
rb_define_alias(cX509Name, "<=>", "cmp");
rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1);
rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0);
+#ifdef HAVE_X509_NAME_HASH_OLD
+ rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0);
+#endif
rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0);
utf8str = INT2NUM(V_ASN1_UTF8STRING);
View
4 test/openssl/test_ec.rb
@@ -87,9 +87,7 @@ def test_set_keys
def test_dsa_sign_verify
for key in @keys
sig = key.dsa_sign_asn1(@data1)
- assert_equal(key.dsa_verify_asn1(@data1, sig), true)
-
- assert_raises(OpenSSL::PKey::ECError) { key.dsa_sign_asn1(@data2) }
+ assert(key.dsa_verify_asn1(@data1, sig))
end
end
View
39 test/openssl/test_x509cert.rb
@@ -129,13 +129,31 @@ def test_extension
end
+ def test_sign_and_verify_wrong_key_type
+ cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::DSS1.new)
+ begin
+ assert_equal(false, cert_rsa.verify(@dsa256))
+ rescue OpenSSL::X509::CertificateError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+
+ begin
+ assert_equal(false, cert_dsa.verify(@rsa1024))
+ rescue OpenSSL::X509::CertificateError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+ end
+
def test_sign_and_verify
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new)
assert_equal(false, cert.verify(@rsa1024))
assert_equal(true, cert.verify(@rsa2048))
- assert_equal(false, cert.verify(@dsa256))
- assert_equal(false, cert.verify(@dsa512))
cert.serial = 2
assert_equal(false, cert.verify(@rsa2048))
@@ -143,33 +161,22 @@ def test_sign_and_verify
nil, nil, OpenSSL::Digest::MD5.new)
assert_equal(false, cert.verify(@rsa1024))
assert_equal(true, cert.verify(@rsa2048))
- assert_equal(false, cert.verify(@dsa256))
- assert_equal(false, cert.verify(@dsa512))
cert.subject = @ee1
assert_equal(false, cert.verify(@rsa2048))
cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::DSS1.new)
- assert_equal(false, cert.verify(@rsa1024))
- assert_equal(false, cert.verify(@rsa2048))
assert_equal(false, cert.verify(@dsa256))
assert_equal(true, cert.verify(@dsa512))
cert.not_after = Time.now
assert_equal(false, cert.verify(@dsa512))
+ end
+ def test_dsig_algorithm_mismatch
assert_raises(OpenSSL::X509::CertificateError){
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::DSS1.new)
}
- assert_raises(OpenSSL::X509::CertificateError){
- cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
- nil, nil, OpenSSL::Digest::MD5.new)
- }
- assert_raises(OpenSSL::X509::CertificateError){
- cert = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
- nil, nil, OpenSSL::Digest::SHA1.new)
- }
+ end
end
end
-
-end
View
28 test/openssl/test_x509crl.rb
@@ -190,6 +190,30 @@ def test_crlnumber
assert_match((2**100).to_s, crl.extensions[0].value)
end
+ def test_sign_and_verify_wrong_key_type
+ cert_rsa = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::SHA1.new)
+ crl_rsa = issue_crl([], 1, Time.now, Time.now+1600, [],
+ cert_rsa, @rsa2048, OpenSSL::Digest::SHA1.new)
+ cert_dsa = issue_cert(@ca, @dsa512, 1, Time.now, Time.now+3600, [],
+ nil, nil, OpenSSL::Digest::DSS1.new)
+ crl_dsa = issue_crl([], 1, Time.now, Time.now+1600, [],
+ cert_dsa, @dsa512, OpenSSL::Digest::DSS1.new)
+ begin
+ assert_equal(false, crl_rsa.verify(@dsa256))
+ rescue OpenSSL::X509::CRLError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+
+ begin
+ assert_equal(false, crl_dsa.verify(@rsa1024))
+ rescue OpenSSL::X509::CRLError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+ end
+
def test_sign_and_verify
cert = issue_cert(@ca, @rsa2048, 1, Time.now, Time.now+3600, [],
nil, nil, OpenSSL::Digest::SHA1.new)
@@ -197,8 +221,6 @@ def test_sign_and_verify
cert, @rsa2048, OpenSSL::Digest::SHA1.new)
assert_equal(false, crl.verify(@rsa1024))
assert_equal(true, crl.verify(@rsa2048))
- assert_equal(false, crl.verify(@dsa256))
- assert_equal(false, crl.verify(@dsa512))
crl.version = 0
assert_equal(false, crl.verify(@rsa2048))
@@ -206,8 +228,6 @@ def test_sign_and_verify
nil, nil, OpenSSL::Digest::DSS1.new)
crl = issue_crl([], 1, Time.now, Time.now+1600, [],
cert, @dsa512, OpenSSL::Digest::DSS1.new)
- assert_equal(false, crl.verify(@rsa1024))
- assert_equal(false, crl.verify(@rsa2048))
assert_equal(false, crl.verify(@dsa256))
assert_equal(true, crl.verify(@dsa512))
crl.version = 0
View
38 test/openssl/test_x509req.rb
@@ -103,37 +103,51 @@ def test_attr
assert_equal(exts, get_ext_req(attrs[1].value))
end
+ def test_sign_and_verify_wrong_key_type
+ req_rsa = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
+ req_dsa = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
+ begin
+ assert_equal(false, req_rsa.verify(@dsa256))
+ rescue OpenSSL::X509::RequestError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+
+ begin
+ assert_equal(false, req_dsa.verify(@rsa1024))
+ rescue OpenSSL::X509::RequestError => e
+ # OpenSSL 1.0.0 added checks for pkey OID
+ assert_equal('wrong public key type', e.message)
+ end
+ end
+
def test_sign_and_verify
req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::SHA1.new)
assert_equal(true, req.verify(@rsa1024))
assert_equal(false, req.verify(@rsa2048))
- assert_equal(false, req.verify(@dsa256))
- assert_equal(false, req.verify(@dsa512))
req.version = 1
assert_equal(false, req.verify(@rsa1024))
req = issue_csr(0, @dn, @rsa2048, OpenSSL::Digest::MD5.new)
assert_equal(false, req.verify(@rsa1024))
assert_equal(true, req.verify(@rsa2048))
- assert_equal(false, req.verify(@dsa256))
- assert_equal(false, req.verify(@dsa512))
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBar")
assert_equal(false, req.verify(@rsa2048))
req = issue_csr(0, @dn, @dsa512, OpenSSL::Digest::DSS1.new)
- assert_equal(false, req.verify(@rsa1024))
- assert_equal(false, req.verify(@rsa2048))
assert_equal(false, req.verify(@dsa256))
assert_equal(true, req.verify(@dsa512))
req.public_key = @rsa1024.public_key
assert_equal(false, req.verify(@dsa512))
+ end
- assert_raise(OpenSSL::X509::RequestError){
- issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new) }
- assert_raise(OpenSSL::X509::RequestError){
- issue_csr(0, @dn, @dsa512, OpenSSL::Digest::SHA1.new) }
- assert_raise(OpenSSL::X509::RequestError){
- issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new) }
+ def test_dsig_algorithm_mismatch
+ assert_raise(OpenSSL::X509::RequestError) do
+ issue_csr(0, @dn, @rsa1024, OpenSSL::Digest::DSS1.new)
+ end
+ assert_raise(OpenSSL::X509::RequestError) do
+ issue_csr(0, @dn, @dsa512, OpenSSL::Digest::MD5.new)
+ end
end
end
View
8 version.h
@@ -1,15 +1,15 @@
#define RUBY_VERSION "1.8.7"
-#define RUBY_RELEASE_DATE "2010-06-16"
+#define RUBY_RELEASE_DATE "2010-06-21"
#define RUBY_VERSION_CODE 187
-#define RUBY_RELEASE_CODE 20100616
-#define RUBY_PATCHLEVEL 296
+#define RUBY_RELEASE_CODE 20100621
+#define RUBY_PATCHLEVEL 297
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 8
#define RUBY_VERSION_TEENY 7
#define RUBY_RELEASE_YEAR 2010
#define RUBY_RELEASE_MONTH 6
-#define RUBY_RELEASE_DAY 16
+#define RUBY_RELEASE_DAY 21
#ifdef RUBY_EXTERN
RUBY_EXTERN const char ruby_version[];
Please sign in to comment.
Something went wrong with that request. Please try again.