summaryrefslogtreecommitdiff
path: root/ext/openssl
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2020-05-13 18:15:08 +0900
committerKazuki Yamaguchi <k@rhe.jp>2021-03-16 19:16:11 +0900
commit15863069c90b1253021981b23d31f154d79f8fe6 (patch)
tree77448977ab8525b11267d8a7cae6994521e13e74 /ext/openssl
parent9d3ffe09c47a1dfd722693965fbf7dba8571aa88 (diff)
[ruby/openssl] digest, hmac, ts, x509: use IO.binread in examples where appropriate
IO.read may mangle line separator, which will corrupt binary data including DER-encoded X.509 certificates and such. Fixes: https://github.com/ruby/openssl/issues/243 https://github.com/ruby/openssl/commit/93213b2730
Notes
Notes: Merged: https://github.com/ruby/ruby/pull/4275
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/ossl_digest.c12
-rw-r--r--ext/openssl/ossl_hmac.c4
-rw-r--r--ext/openssl/ossl_ts.c18
-rw-r--r--ext/openssl/ossl_x509cert.c2
4 files changed, 18 insertions, 18 deletions
diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
index e2157cb02fa..d327f718e2d 100644
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@@ -372,15 +372,15 @@ Init_ossl_digest(void)
*
* === Hashing a file
*
- * data = File.read('document')
+ * data = File.binread('document')
* sha256 = OpenSSL::Digest.new('SHA256')
* digest = sha256.digest(data)
*
* === Hashing several pieces of data at once
*
- * data1 = File.read('file1')
- * data2 = File.read('file2')
- * data3 = File.read('file3')
+ * data1 = File.binread('file1')
+ * data2 = File.binread('file2')
+ * data3 = File.binread('file3')
* sha256 = OpenSSL::Digest.new('SHA256')
* sha256 << data1
* sha256 << data2
@@ -389,11 +389,11 @@ Init_ossl_digest(void)
*
* === Reuse a Digest instance
*
- * data1 = File.read('file1')
+ * data1 = File.binread('file1')
* sha256 = OpenSSL::Digest.new('SHA256')
* digest1 = sha256.digest(data1)
*
- * data2 = File.read('file2')
+ * data2 = File.binread('file2')
* sha256.reset
* digest2 = sha256.digest(data2)
*
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
index e831cff5196..70e9fb8193c 100644
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@@ -350,8 +350,8 @@ Init_ossl_hmac(void)
*
* === HMAC-SHA256 using incremental interface
*
- * data1 = File.read("file1")
- * data2 = File.read("file2")
+ * data1 = File.binread("file1")
+ * data2 = File.binread("file2")
* key = "key"
* digest = OpenSSL::Digest.new('SHA256')
* hmac = OpenSSL::HMAC.new(key, digest)
diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c
index d3209c3d406..752c61cf8c3 100644
--- a/ext/openssl/ossl_ts.c
+++ b/ext/openssl/ossl_ts.c
@@ -1280,7 +1280,7 @@ Init_ossl_ts(void)
* ===Create a Response:
* #Assumes ts.p12 is a PKCS#12-compatible file with a private key
* #and a certificate that has an extended key usage of 'timeStamping'
- * p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd')
+ * p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
* md = OpenSSL::Digest.new('SHA1')
* hash = md.digest(data) #some binary data to be timestamped
* req = OpenSSL::Timestamp::Request.new
@@ -1295,16 +1295,16 @@ Init_ossl_ts(void)
*
* ===Verify a timestamp response:
* #Assume we have a timestamp token in a file called ts.der
- * ts = OpenSSL::Timestamp::Response.new(File.open('ts.der', 'rb')
+ * ts = OpenSSL::Timestamp::Response.new(File.binread('ts.der'))
* #Assume we have the Request for this token in a file called req.der
- * req = OpenSSL::Timestamp::Request.new(File.open('req.der', 'rb')
+ * req = OpenSSL::Timestamp::Request.new(File.binread('req.der'))
* # Assume the associated root CA certificate is contained in a
* # DER-encoded file named root.cer
- * root = OpenSSL::X509::Certificate.new(File.open('root.cer', 'rb')
+ * root = OpenSSL::X509::Certificate.new(File.binread('root.cer'))
* # get the necessary intermediate certificates, available in
* # DER-encoded form in inter1.cer and inter2.cer
- * inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb')
- * inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb')
+ * inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
+ * inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
* ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails
*
*/
@@ -1437,9 +1437,9 @@ Init_ossl_ts(void)
* timestamping certificate.
*
* req = OpenSSL::Timestamp::Request.new(raw_bytes)
- * p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd')
- * inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb')
- * inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb')
+ * p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
+ * inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
+ * inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
* fac = OpenSSL::Timestamp::Factory.new
* fac.gen_time = Time.now
* fac.serial_number = 1
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index e3766b1b163..5376bff08d2 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -730,7 +730,7 @@ Init_ossl_x509cert(void)
* Certificate is capable of handling DER-encoded certificates and
* certificates encoded in OpenSSL's PEM format.
*
- * raw = File.read "cert.cer" # DER- or PEM-encoded
+ * raw = File.binread "cert.cer" # DER- or PEM-encoded
* certificate = OpenSSL::X509::Certificate.new raw
*
* === Saving a certificate to a file