summaryrefslogtreecommitdiff
path: root/test/openssl
diff options
context:
space:
mode:
authorrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2017-09-24 16:26:22 +0000
committerrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2017-09-24 16:26:22 +0000
commitfdd01b5356cca8da76ee32270969588dfdf9340c (patch)
treeeb0d6c1a2db76e67f146af950c3180dad15487f9 /test/openssl
parent444d0910056ce7f770b81f1bd50bbcbec85c3f37 (diff)
openssl: import e72d960db262
Sync with master branch of ruby/openssl.git to import changes in v2.1.0.beta1..v2.0.6. The commit log since v2.1.0.beta1 which was imported by r59734 can be found at: https://github.com/ruby/openssl/compare/v2.1.0.beta1...e72d960db262 ---------------------------------------------------------------- Kazuki Yamaguchi (16): test/test_pair: fix test_write_nonblock{,_no_exceptions} x509name: fix a typo in docs test/test_fips: skip if setting FIPS mode fails test/test_asn1: fix possible failure in test_utctime test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel test/test_pair: disable compression test/test_ssl: skip tmp_ecdh_callback test for LibreSSL >= 2.6.1 test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1 tool/ruby-openssl-docker: update test/test_pair: replace sleep with IO.select ssl: prevent SSLSocket#sysread* from leaking uninitialized data ossl.c: use struct CRYPTO_dynlock_value for non-dynamic locks ossl.c: make legacy locking callbacks reentrant test/test_engine: suppress stderr test/test_engine: check if RC4 is supported Ruby/OpenSSL 2.0.6 SHIBATA Hiroshi (1): To use upstream url of github nobu (1): ruby.h: unnormalized Fixnum value git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60013 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/openssl')
-rw-r--r--test/openssl/test_engine.rb36
-rw-r--r--test/openssl/test_pair.rb28
-rw-r--r--test/openssl/test_ssl.rb7
3 files changed, 49 insertions, 22 deletions
diff --git a/test/openssl/test_engine.rb b/test/openssl/test_engine.rb
index 4f3973a7c6..bb1123d516 100644
--- a/test/openssl/test_engine.rb
+++ b/test/openssl/test_engine.rb
@@ -52,32 +52,28 @@ class OpenSSL::TestEngine < OpenSSL::TestCase
end
def test_openssl_engine_cipher_rc4
- with_openssl <<-'end;'
- begin
- engine = get_engine
- algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e)
- data = "a" * 1000
- key = OpenSSL::Random.random_bytes(16)
- # suppress message from openssl Engine's RC4 cipher [ruby-core:41026]
- err_back = $stderr.dup
- $stderr.reopen(IO::NULL)
- encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
- decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
- assert_equal(data, decrypted)
- ensure
- if err_back
- $stderr.reopen(err_back)
- err_back.close
- end
- end
+ begin
+ OpenSSL::Cipher.new("rc4")
+ rescue OpenSSL::Cipher::CipherError
+ pend "RC4 is not supported"
+ end
+
+ with_openssl(<<-'end;', ignore_stderr: true)
+ engine = get_engine
+ algo = "RC4"
+ data = "a" * 1000
+ key = OpenSSL::Random.random_bytes(16)
+ encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
+ decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
+ assert_equal(data, decrypted)
end;
end
private
# this is required because OpenSSL::Engine methods change global state
- def with_openssl(code)
- assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
+ def with_openssl(code, **opts)
+ assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;", **opts)
require #{__FILE__.dump}
include OpenSSL::TestEngine::Utils
#{code}
diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
index 0d9ad0b8d0..55b62321b8 100644
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@@ -218,7 +218,7 @@ module OpenSSL::TestPairM
assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10) }
assert_equal("def\n", ret)
s1.close
- sleep 0.1
+ IO.select([s2])
assert_raise(EOFError) { s2.read_nonblock(10) }
}
end
@@ -234,11 +234,35 @@ module OpenSSL::TestPairM
assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10, exception: false) }
assert_equal("def\n", ret)
s1.close
- sleep 0.1
+ IO.select([s2])
assert_equal(nil, s2.read_nonblock(10, exception: false))
}
end
+ def test_read_with_outbuf
+ ssl_pair { |s1, s2|
+ s1.write("abc\n")
+ buf = ""
+ ret = s2.read(2, buf)
+ assert_same ret, buf
+ assert_equal "ab", ret
+
+ buf = "garbage"
+ ret = s2.read(2, buf)
+ assert_same ret, buf
+ assert_equal "c\n", ret
+
+ buf = "garbage"
+ assert_equal :wait_readable, s2.read_nonblock(100, buf, exception: false)
+ assert_equal "", buf
+
+ s1.close
+ buf = "garbage"
+ assert_equal nil, s2.read(100, buf)
+ assert_equal "", buf
+ }
+ end
+
def test_write_nonblock
ssl_pair {|s1, s2|
assert_equal 3, s1.write_nonblock("foo")
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index d60f031b99..ab6382d78f 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -1042,6 +1042,7 @@ end
pend "TLS 1.2 is not supported" unless tls12_supported?
pend "NPN is not supported" unless \
OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+ pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)
advertised = ["http/1.1", "spdy/2"]
ctx_proc = proc { |ctx| ctx.npn_protocols = advertised }
@@ -1062,6 +1063,7 @@ end
pend "TLS 1.2 is not supported" unless tls12_supported?
pend "NPN is not supported" unless \
OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+ pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)
advertised = Object.new
def advertised.each
@@ -1086,6 +1088,7 @@ end
pend "TLS 1.2 is not supported" unless tls12_supported?
pend "NPN is not supported" unless \
OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+ pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)
ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["http/1.1"] }
start_server_version(:TLSv1_2, ctx_proc) { |port|
@@ -1099,6 +1102,7 @@ end
pend "TLS 1.2 is not supported" unless tls12_supported?
pend "NPN is not supported" unless \
OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+ pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)
ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["a" * 256] }
start_server_version(:TLSv1_2, ctx_proc) { |port|
@@ -1112,6 +1116,7 @@ end
pend "TLS 1.2 is not supported" unless tls12_supported?
pend "NPN is not supported" unless \
OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+ pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)
ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["http/1.1"] }
start_server_version(:TLSv1_2, ctx_proc) { |port|
@@ -1242,6 +1247,8 @@ end
pend "EC is disabled" unless defined?(OpenSSL::PKey::EC)
pend "tmp_ecdh_callback is not supported" unless \
OpenSSL::SSL::SSLContext.method_defined?(:tmp_ecdh_callback)
+ pend "LibreSSL 2.6 has broken SSL_CTX_set_tmp_ecdh_callback()" \
+ if libressl?(2, 6, 1)
EnvUtil.suppress_warning do # tmp_ecdh_callback is deprecated (2016-05)
called = false