summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorgotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-06-30 10:48:43 +0000
committergotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2004-06-30 10:48:43 +0000
commit22ab58c03c6beee7c0b6e508a97c07f77334423b (patch)
treefb8b661215f78c9efb71ca86d4cff4a0de75f8ef
parentba0756ca01443f13e1122499719f300c4e92acae (diff)
* ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex, EVP_DigestFinal_ex and EVP_DigestInit_ex. * ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function. * ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex, EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for OpenSSL 0.9.6. * ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize, ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt, ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key, ossl_cipher_set_iv): replace all EVP_CipherInit and EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex. and EVP_CIPHER_CTX_init should only be called once. * ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for EVP_CIPHER_CTX_set_padding. * ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated. * ext/openssl/ossl_digest.c: replace all EVP_DigestInit and EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex. and EVP_MD_CTX_init should only be called once. * ext/openssl/ossl_digest.c (digest_final): should call EVP_MD_CTX_cleanup to avoid memory leak. * ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc. * ext/openssl/ossl_hmac.c (hmac_final): should call HMAC_CTX_cleanup to avoid memory leak. * test/openssl/test_cipher.rb, test/openssl/test_digest.rb, test/openssl/test_hmac.rb: new file. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog40
-rw-r--r--MANIFEST3
-rw-r--r--ext/openssl/extconf.rb48
-rw-r--r--ext/openssl/openssl_missing.c23
-rw-r--r--ext/openssl/openssl_missing.h32
-rw-r--r--ext/openssl/ossl_cipher.c53
-rw-r--r--ext/openssl/ossl_digest.c11
-rw-r--r--ext/openssl/ossl_hmac.c10
-rw-r--r--test/openssl/test_cipher.rb62
-rw-r--r--test/openssl/test_digest.rb65
-rw-r--r--test/openssl/test_hmac.rb34
11 files changed, 316 insertions, 65 deletions
diff --git a/ChangeLog b/ChangeLog
index 73cc8a4a25..ff3a1dd003 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,43 @@
+Wed Jun 30 19:48:09 2004 GOTOU Yuuzou <gotoyuzo@notwork.org>
+
+ * ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add,
+ EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex,
+ EVP_DigestFinal_ex and EVP_DigestInit_ex.
+
+ * ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function.
+
+ * ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex,
+ EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for
+ OpenSSL 0.9.6.
+
+ * ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize,
+ ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt,
+ ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key,
+ ossl_cipher_set_iv): replace all EVP_CipherInit and
+ EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex.
+ and EVP_CIPHER_CTX_init should only be called once.
+
+ * ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for
+ EVP_CIPHER_CTX_set_padding.
+
+ * ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated.
+
+ * ext/openssl/ossl_digest.c: replace all EVP_DigestInit and
+ EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex.
+ and EVP_MD_CTX_init should only be called once.
+
+ * ext/openssl/ossl_digest.c (digest_final): should call
+ EVP_MD_CTX_cleanup to avoid memory leak.
+
+ * ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init
+ into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc.
+
+ * ext/openssl/ossl_hmac.c (hmac_final): should call
+ HMAC_CTX_cleanup to avoid memory leak.
+
+ * test/openssl/test_cipher.rb, test/openssl/test_digest.rb,
+ test/openssl/test_hmac.rb: new file.
+
Wed Jun 30 16:59:39 Hirokazu Yamamoto <ocean@m2.ccsnet.ne.jp>
* test/ruby/test_file.rb (test_fnmatch): some tests for File.fnmatch
diff --git a/MANIFEST b/MANIFEST
index eb6339d90a..9a985025f4 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -805,6 +805,9 @@ test/logger/test_logger.rb
test/monitor/test_monitor.rb
test/net/http/test_httpheader.rb
test/openssl/ssl_server.rb
+test/openssl/test_cipher.rb
+test/openssl/test_digest.rb
+test/openssl/test_hmac.rb
test/openssl/test_ssl.rb
test/openssl/test_x509cert.rb
test/openssl/test_x509crl.rb
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 47fa722cf0..d587116c82 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -62,40 +62,54 @@ unless have_header("openssl/conf_api.h")
end
message "=== Checking for OpenSSL features... ===\n"
-have_func("HMAC_CTX_copy")
-have_func("X509_STORE_get_ex_data")
-have_func("X509_STORE_set_ex_data")
-have_func("EVP_MD_CTX_create")
+have_func("BN_mod_add")
+have_func("BN_mod_sqr")
+have_func("BN_mod_sub")
+have_func("BN_pseudo_rand_range")
+have_func("BN_rand_range")
+have_func("CONF_get1_default_config_file")
+have_func("EVP_CIPHER_CTX_copy")
+have_func("EVP_CIPHER_CTX_set_padding")
+have_func("EVP_CipherFinal_ex")
+have_func("EVP_CipherInit_ex")
+have_func("EVP_DigestFinal_ex")
+have_func("EVP_DigestInit_ex")
have_func("EVP_MD_CTX_cleanup")
+have_func("EVP_MD_CTX_create")
have_func("EVP_MD_CTX_destroy")
-have_func("PEM_def_callback")
have_func("EVP_MD_CTX_init")
-have_func("HMAC_CTX_init")
have_func("HMAC_CTX_cleanup")
-have_func("X509_CRL_set_version")
+have_func("HMAC_CTX_copy")
+have_func("HMAC_CTX_init")
+have_func("PEM_def_callback")
+have_func("X509V3_set_nconf")
+have_func("X509_CRL_add0_revoked")
have_func("X509_CRL_set_issuer_name")
+have_func("X509_CRL_set_version")
have_func("X509_CRL_sort")
-have_func("X509_CRL_add0_revoked")
-have_func("CONF_get1_default_config_file")
-have_func("BN_mod_sqr")
-have_func("BN_mod_add")
-have_func("BN_mod_sub")
-have_func("BN_rand_range")
-have_func("BN_pseudo_rand_range")
-have_func("CONF_get1_default_config_file")
-have_func("X509V3_set_nconf")
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n")
$defs.push("-DHAVE_VA_ARGS_MACRO")
end
if have_header("openssl/engine.h")
+ have_func("ENGINE_add")
have_func("ENGINE_load_builtin_engines")
have_func("ENGINE_load_openbsd_dev_crypto")
have_func("ENGINE_get_digest")
have_func("ENGINE_get_cipher")
have_func("ENGINE_cleanup")
end
-have_header("openssl/ocsp.h")
+if try_compile(<<SRC)
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# error "OpenSSL version is less than 0.9.7."
+#endif
+SRC
+ have_header("openssl/ocsp.h")
+end
have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
+have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
message "=== Checking done. ===\n"
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 0c0be5fc1f..dfa5f90012 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -105,6 +105,29 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx)
}
#endif
+#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+/*
+ * this function does not exist in OpenSSL yet... or ever?.
+ * a future version may break this function.
+ * tested on 0.9.7d.
+ */
+int
+EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
+{
+ memcpy(out, in, sizeof(EVP_CIPHER_CTX));
+
+#if defined(HAVE_ENGINE_ADD) && defined(HAVE_ST_ENGINE)
+ if (in->engine) ENGINE_add(out->engine);
+ if (in->cipher_data) {
+ out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+ memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+ }
+#endif
+
+ return 1;
+}
+#endif
+
#if !defined(HAVE_X509_CRL_SET_VERSION)
int
X509_CRL_set_version(X509_CRL *x, long version)
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 7a755f79b5..2a082f3fe0 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -56,13 +56,33 @@ extern "C" {
(char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri)
#endif
+void HMAC_CTX_init(HMAC_CTX *ctx);
int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
-void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+
EVP_MD_CTX *EVP_MD_CTX_create(void);
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
+#endif
+
+#if !defined(HAVE_EVP_DIGESTINIT_EX)
+# define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit(ctx, md)
+#endif
+#if !defined(HAVE_EVP_DIGESTFINAL_EX)
+# define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal(ctx, buf, len)
+#endif
+
+#if !defined(HAVE_EVP_CIPHERINIT_EX)
+# define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit(ctx, type, key, iv, enc)
+#endif
+#if !defined(HAVE_EVP_CIPHERFINAL_EX)
+# define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal(ctx, outm, outl)
+#endif
+
#if !defined(EVP_CIPHER_name)
# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
#endif
@@ -71,9 +91,9 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
#endif
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-void HMAC_CTX_init(HMAC_CTX *ctx);
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+#if !defined(HAVE_EVP_HMAC_INIT_EX)
+# define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init(ctx, key, len, digest)
+#endif
#if !defined(PKCS7_is_detached)
# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
@@ -83,6 +103,8 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
#endif
+void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
+int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
int X509_CRL_set_version(X509_CRL *x, long version);
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
int X509_CRL_sort(X509_CRL *c);
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 93b3f6ccf9..209ebca604 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -54,7 +54,7 @@ ossl_cipher_new(const EVP_CIPHER *cipher)
ret = ossl_cipher_alloc(cCipher);
GetCipher(ret, ctx);
EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1)
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
return ret;
@@ -79,6 +79,7 @@ ossl_cipher_alloc(VALUE klass)
VALUE obj;
MakeCipher(obj, klass, ctx);
+ EVP_CIPHER_CTX_init(ctx);
return obj;
}
@@ -97,9 +98,8 @@ ossl_cipher_initialize(VALUE self, VALUE str)
if (!(cipher = EVP_get_cipherbyname(name))) {
ossl_raise(rb_eRuntimeError, "Unsupported cipher algorithm (%s).", name);
}
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1)
- ossl_raise(eCipherError, NULL);
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
+ ossl_raise(eCipherError, NULL);
return self;
}
@@ -113,8 +113,8 @@ ossl_cipher_copy(VALUE self, VALUE other)
GetCipher(self, ctx1);
SafeGetCipher(other, ctx2);
-
- memcpy(ctx1, ctx2, sizeof(EVP_CIPHER_CTX));
+ if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1)
+ ossl_raise(eCipherError, NULL);
return self;
}
@@ -125,7 +125,7 @@ ossl_cipher_reset(VALUE self)
EVP_CIPHER_CTX *ctx;
GetCipher(self, ctx);
- if (EVP_CipherInit(ctx, NULL, NULL, NULL, -1) != 1)
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
return self;
@@ -166,7 +166,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
}
}
- if (EVP_CipherInit(ctx, NULL, NULL, NULL, 1) != 1) {
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 1) != 1) {
ossl_raise(eCipherError, NULL);
}
@@ -175,7 +175,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self)
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
- if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) {
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) {
ossl_raise(eCipherError, NULL);
}
}
@@ -211,7 +211,7 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
}
}
- if (EVP_CipherInit(ctx, NULL, NULL, NULL, 0) != 1) {
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 0) != 1) {
ossl_raise(eCipherError, NULL);
}
@@ -220,7 +220,7 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self)
EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL);
- if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) {
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) {
ossl_raise(eCipherError, NULL);
}
}
@@ -259,7 +259,7 @@ ossl_cipher_final(VALUE self)
GetCipher(self, ctx);
str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx));
- if (!EVP_CipherFinal(ctx, RSTRING(str)->ptr, &out_len))
+ if (!EVP_CipherFinal_ex(ctx, RSTRING(str)->ptr, &out_len))
ossl_raise(eCipherError, NULL);
assert(out_len <= RSTRING(str)->len);
RSTRING(str)->len = out_len;
@@ -289,7 +289,7 @@ ossl_cipher_set_key(VALUE self, VALUE key)
if (RSTRING(key)->len < EVP_CIPHER_CTX_key_length(ctx))
ossl_raise(eCipherError, "key length too short");
- if (EVP_CipherInit(ctx, NULL, RSTRING(key)->ptr, NULL, -1) != 1)
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, RSTRING(key)->ptr, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
return key;
@@ -306,8 +306,8 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
if (RSTRING(iv)->len < EVP_CIPHER_CTX_iv_length(ctx))
ossl_raise(eCipherError, "iv length too short");
- if (EVP_CipherInit(ctx, NULL, NULL, RSTRING(iv)->ptr, -1) != 1)
- ossl_raise(eCipherError, NULL);
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, RSTRING(iv)->ptr, -1) != 1)
+ ossl_raise(eCipherError, NULL);
return iv;
}
@@ -315,13 +315,12 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
static VALUE
ossl_cipher_set_padding(VALUE self, VALUE padding)
{
-#if defined(HAVE_ST_FLAGS)
+#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
EVP_CIPHER_CTX *ctx;
GetCipher(self, ctx);
-
if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1)
- ossl_raise(eCipherError, NULL);
+ ossl_raise(eCipherError, NULL);
#else
rb_notimplement();
#endif
@@ -351,32 +350,18 @@ Init_ossl_cipher(void)
cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject);
rb_define_alloc_func(cCipher, ossl_cipher_alloc);
- rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
-
rb_define_copy_func(cCipher, ossl_cipher_copy);
-
+ rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1);
rb_define_method(cCipher, "reset", ossl_cipher_reset, 0);
-
rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1);
rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1);
rb_define_method(cCipher, "update", ossl_cipher_update, 1);
- rb_define_alias(cCipher, "<<", "update");
rb_define_method(cCipher, "final", ossl_cipher_final, 0);
-
rb_define_method(cCipher, "name", ossl_cipher_name, 0);
-
rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1);
rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0);
-/*
- * TODO
- * int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
- */
rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1);
rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0);
-
rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0);
-
rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1);
-
-} /* Init_ossl_cipher */
-
+}
diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
index b117ddd30d..8ad9f01dc4 100644
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@@ -52,7 +52,7 @@ ossl_digest_new(const EVP_MD *md)
ret = ossl_digest_alloc(cDigest);
GetDigest(ret, ctx);
EVP_MD_CTX_init(ctx);
- EVP_DigestInit(ctx, md);
+ EVP_DigestInit_ex(ctx, md, NULL);
return ret;
}
@@ -69,6 +69,7 @@ ossl_digest_alloc(VALUE klass)
ctx = EVP_MD_CTX_create();
if (ctx == NULL)
ossl_raise(rb_eRuntimeError, "EVP_MD_CTX_create() failed");
+ EVP_MD_CTX_init(ctx);
obj = Data_Wrap_Struct(klass, 0, EVP_MD_CTX_destroy, ctx);
return obj;
@@ -94,8 +95,7 @@ ossl_digest_initialize(int argc, VALUE *argv, VALUE self)
if (!md) {
ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name);
}
- EVP_MD_CTX_init(ctx);
- EVP_DigestInit(ctx, md);
+ EVP_DigestInit_ex(ctx, md, NULL);
if (!NIL_P(data)) return ossl_digest_update(self, data);
return self;
@@ -124,7 +124,7 @@ ossl_digest_reset(VALUE self)
EVP_MD_CTX *ctx;
GetDigest(self, ctx);
- EVP_DigestInit(ctx, EVP_MD_CTX_md(ctx));
+ EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL);
return self;
}
@@ -150,9 +150,10 @@ digest_final(EVP_MD_CTX *ctx, char **buf, int *buf_len)
ossl_raise(eDigestError, NULL);
}
if (!(*buf = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) {
+ EVP_MD_CTX_cleanup(&final);
ossl_raise(eDigestError, "Cannot allocate mem for digest");
}
- EVP_DigestFinal(&final, *buf, buf_len);
+ EVP_DigestFinal_ex(&final, *buf, buf_len);
EVP_MD_CTX_cleanup(&final);
}
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
index 0b4d8d9b54..fb3d0a6a8f 100644
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@@ -41,8 +41,8 @@ VALUE eHMACError;
static void
ossl_hmac_free(HMAC_CTX *ctx)
{
- HMAC_CTX_cleanup(ctx);
- free(ctx);
+ HMAC_CTX_cleanup(ctx);
+ free(ctx);
}
static VALUE
@@ -52,6 +52,7 @@ ossl_hmac_alloc(VALUE klass)
VALUE obj;
MakeHMAC(obj, klass, ctx);
+ HMAC_CTX_init(ctx);
return obj;
}
@@ -63,8 +64,8 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
GetHMAC(self, ctx);
StringValue(key);
- HMAC_CTX_init(ctx);
- HMAC_Init(ctx, RSTRING(key)->ptr, RSTRING(key)->len, GetDigestPtr(digest));
+ HMAC_Init_ex(ctx, RSTRING(key)->ptr, RSTRING(key)->len,
+ GetDigestPtr(digest), NULL);
return self;
}
@@ -107,6 +108,7 @@ hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len)
ossl_raise(eHMACError, NULL);
}
if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) {
+ HMAC_CTX_cleanup(&final);
OSSL_Debug("Allocating %d mem", HMAC_size(&final));
ossl_raise(eHMACError, "Cannot allocate memory for hmac");
}
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
new file mode 100644
index 0000000000..8711e46aa2
--- /dev/null
+++ b/test/openssl/test_cipher.rb
@@ -0,0 +1,62 @@
+begin
+ require "openssl"
+rescue LoadError
+end
+require "test/unit"
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestCipher < Test::Unit::TestCase
+ def setup
+ @c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
+ @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
+ @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+ @iv = @key
+ @hexkey = "0000000000000000000000000000000000000000000000"
+ @hexiv = "0000000000000000"
+ @data = "DATA"
+ end
+
+ def teardown
+ @c1 = @c2 = nil
+ end
+
+ def test_crypt
+ s1 = @c1.encrypt(@key, @iv).update(@data) + @c1.final
+ s2 = @c2.encrypt(@key, @iv).update(@data) + @c2.final
+ assert_equal(s1, s2, "encrypt")
+ assert_equal(@data, @c1.decrypt(@key, @iv).update(s2)+@c1.final, "decrypt")
+ assert_equal(@data, @c2.decrypt(@key, @iv).update(s1)+@c2.final, "decrypt")
+ end
+
+ def test_info
+ assert_equal("DES-EDE3-CBC", @c1.name, "name")
+ assert_equal("DES-EDE3-CBC", @c2.name, "name")
+ assert_kind_of(Fixnum, @c1.key_len, "key_len")
+ assert_kind_of(Fixnum, @c1.iv_len, "iv_len")
+ end
+
+ def test_dup
+ assert_equal(@c1.name, @c1.dup.name, "dup")
+ assert_equal(@c1.name, @c1.clone.name, "clone")
+ @c1.encrypt
+ @c1.key = @key
+ @c1.iv = @iv
+ tmpc = @c1.dup
+ s1 = @c1.update(@data) + @c1.final
+ s2 = tmpc.update(@data) + tmpc.final
+ assert_equal(s1, s2, "encrypt dup")
+ end
+
+ def test_reset
+ @c1.encrypt
+ @c1.key = @key
+ @c1.iv = @iv
+ s1 = @c1.update(@data) + @c1.final
+ @c1.reset
+ s2 = @c1.update(@data) + @c1.final
+ assert_equal(s1, s2, "encrypt reset")
+ end
+end
+
+end
diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb
new file mode 100644
index 0000000000..b169b802a8
--- /dev/null
+++ b/test/openssl/test_digest.rb
@@ -0,0 +1,65 @@
+begin
+ require "openssl"
+rescue LoadError
+end
+require "digest/md5"
+require "test/unit"
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestDigest < Test::Unit::TestCase
+ def setup
+ @d1 = OpenSSL::Digest::Digest::new("MD5")
+ @d2 = OpenSSL::Digest::MD5.new
+ @md = Digest::MD5.new
+ @data = "DATA"
+ end
+
+ def teardown
+ @d1 = @d2 = @md = nil
+ end
+
+ def test_digest
+ assert_equal(@md.digest, @d1.digest)
+ assert_equal(@md.hexdigest, @d1.hexdigest)
+ @d1 << @data
+ @d2 << @data
+ @md << @data
+ assert_equal(@md.digest, @d1.digest)
+ assert_equal(@md.hexdigest, @d1.hexdigest)
+ assert_equal(@d1.digest, @d2.digest)
+ assert_equal(@d1.hexdigest, @d2.hexdigest)
+ assert_equal(@md.digest, OpenSSL::Digest::MD5.digest(@data))
+ assert_equal(@md.hexdigest, OpenSSL::Digest::MD5.hexdigest(@data))
+ end
+
+ def test_eql
+ assert(@d1 == @d2, "==")
+ d = @d1.clone
+ assert(d == @d1, "clone")
+ end
+
+ def test_info
+ assert_equal("MD5", @d1.name, "name")
+ assert_equal("MD5", @d2.name, "name")
+ assert_equal(16, @d1.size, "size")
+ end
+
+ def test_dup
+ @d1.update(@data)
+ assert_equal(@d1.name, @d1.dup.name, "dup")
+ assert_equal(@d1.name, @d1.clone.name, "clone")
+ assert_equal(@d1.digest, @d1.clone.digest, "clone .digest")
+ end
+
+ def test_reset
+ @d1.update(@data)
+ dig1 = @d1.digest
+ @d1.reset
+ @d1.update(@data)
+ dig2 = @d1.digest
+ assert_equal(dig1, dig2, "reset")
+ end
+end
+
+end
diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb
new file mode 100644
index 0000000000..2f8d6bba20
--- /dev/null
+++ b/test/openssl/test_hmac.rb
@@ -0,0 +1,34 @@
+begin
+ require "openssl"
+rescue LoadError
+end
+require "test/unit"
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestHMAC < Test::Unit::TestCase
+ def setup
+ @digest = OpenSSL::Digest::MD5.new
+ @key = "KEY"
+ @data = "DATA"
+ @h1 = OpenSSL::HMAC.new(@key, @digest)
+ @h2 = OpenSSL::HMAC.new(@key, @digest)
+ end
+
+ def teardown
+ end
+
+ def test_hmac
+ @h1.update(@data)
+ assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest")
+ assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest")
+ end
+
+ def test_dup
+ @h1.update(@data)
+ h = @h1.dup
+ assert_equal(@h1.digest, h.digest, "dup digest")
+ end
+end
+
+end