From 22ab58c03c6beee7c0b6e508a97c07f77334423b Mon Sep 17 00:00:00 2001 From: gotoyuzo Date: Wed, 30 Jun 2004 10:48:43 +0000 Subject: * ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add, EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex, EVP_DigestFinal_ex and EVP_DigestInit_ex. * ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function. * ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex, EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for OpenSSL 0.9.6. * ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize, ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt, ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key, ossl_cipher_set_iv): replace all EVP_CipherInit and EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex. and EVP_CIPHER_CTX_init should only be called once. * ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for EVP_CIPHER_CTX_set_padding. * ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated. * ext/openssl/ossl_digest.c: replace all EVP_DigestInit and EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex. and EVP_MD_CTX_init should only be called once. * ext/openssl/ossl_digest.c (digest_final): should call EVP_MD_CTX_cleanup to avoid memory leak. * ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc. * ext/openssl/ossl_hmac.c (hmac_final): should call HMAC_CTX_cleanup to avoid memory leak. * test/openssl/test_cipher.rb, test/openssl/test_digest.rb, test/openssl/test_hmac.rb: new file. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@6548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 40 ++++++++++++++++++++++++++ MANIFEST | 3 ++ ext/openssl/extconf.rb | 48 +++++++++++++++++++++----------- ext/openssl/openssl_missing.c | 23 +++++++++++++++ ext/openssl/openssl_missing.h | 32 +++++++++++++++++---- ext/openssl/ossl_cipher.c | 53 +++++++++++++---------------------- ext/openssl/ossl_digest.c | 11 ++++---- ext/openssl/ossl_hmac.c | 10 ++++--- test/openssl/test_cipher.rb | 62 +++++++++++++++++++++++++++++++++++++++++ test/openssl/test_digest.rb | 65 +++++++++++++++++++++++++++++++++++++++++++ test/openssl/test_hmac.rb | 34 ++++++++++++++++++++++ 11 files changed, 316 insertions(+), 65 deletions(-) create mode 100644 test/openssl/test_cipher.rb create mode 100644 test/openssl/test_digest.rb create mode 100644 test/openssl/test_hmac.rb diff --git a/ChangeLog b/ChangeLog index 73cc8a4a25..ff3a1dd003 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,43 @@ +Wed Jun 30 19:48:09 2004 GOTOU Yuuzou + + * ext/openssl/extconf.rb: check for EVP_CIPHER_CTX_copy, ENGINE_add, + EVP_CIPHER_CTX_set_padding, EVP_CipherFinal_ex, EVP_CipherInit_ex, + EVP_DigestFinal_ex and EVP_DigestInit_ex. + + * ext/openssl/openssl_missing.c (EVP_CIPHER_CTX_copy): new function. + + * ext/openssl/openssl_missing.h (EVP_DigestInit_ex, EVP_DigestFinal_ex, + EVP_CipherInit_ex, EVP_CipherFinal_ex, HMAC_Init_ex): new macro for + OpenSSL 0.9.6. + + * ext/openssl/ossl_cipher.c (ossl_cipher_alloc, ossl_cipher_initialize, + ossl_cipher_copy, ossl_cipher_reset, ossl_cipher_encrypt, + ossl_cipher_decrypt, ossl_cipher_final, ossl_cipher_set_key, + ossl_cipher_set_iv): replace all EVP_CipherInit and + EVP_CipherFinal into EVP_CipherInit_ex and EVP_CipherFinal_ex. + and EVP_CIPHER_CTX_init should only be called once. + + * ext/openssl/ossl_cipher.c (ossl_cipher_set_padding): check for + EVP_CIPHER_CTX_set_padding. + + * ext/openssl/ossl_cipher.c (Init_ossl_cipher): Cipher#<< is deprecated. + + * ext/openssl/ossl_digest.c: replace all EVP_DigestInit and + EVP_DigestFinal into EVP_DigestInit_ex and EVP_DigestFinal_ex. + and EVP_MD_CTX_init should only be called once. + + * ext/openssl/ossl_digest.c (digest_final): should call + EVP_MD_CTX_cleanup to avoid memory leak. + + * ext/openssl/ossl_hmac.c (ossl_hmac_initialize): repalce HMAC_init + into HMAC_init_ex. and HMAC_CTX_init is moved to ossl_hmac_alloc. + + * ext/openssl/ossl_hmac.c (hmac_final): should call + HMAC_CTX_cleanup to avoid memory leak. + + * test/openssl/test_cipher.rb, test/openssl/test_digest.rb, + test/openssl/test_hmac.rb: new file. + Wed Jun 30 16:59:39 Hirokazu Yamamoto * test/ruby/test_file.rb (test_fnmatch): some tests for File.fnmatch diff --git a/MANIFEST b/MANIFEST index eb6339d90a..9a985025f4 100644 --- a/MANIFEST +++ b/MANIFEST @@ -805,6 +805,9 @@ test/logger/test_logger.rb test/monitor/test_monitor.rb test/net/http/test_httpheader.rb test/openssl/ssl_server.rb +test/openssl/test_cipher.rb +test/openssl/test_digest.rb +test/openssl/test_hmac.rb test/openssl/test_ssl.rb test/openssl/test_x509cert.rb test/openssl/test_x509crl.rb diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 47fa722cf0..d587116c82 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -62,40 +62,54 @@ unless have_header("openssl/conf_api.h") end message "=== Checking for OpenSSL features... ===\n" -have_func("HMAC_CTX_copy") -have_func("X509_STORE_get_ex_data") -have_func("X509_STORE_set_ex_data") -have_func("EVP_MD_CTX_create") +have_func("BN_mod_add") +have_func("BN_mod_sqr") +have_func("BN_mod_sub") +have_func("BN_pseudo_rand_range") +have_func("BN_rand_range") +have_func("CONF_get1_default_config_file") +have_func("EVP_CIPHER_CTX_copy") +have_func("EVP_CIPHER_CTX_set_padding") +have_func("EVP_CipherFinal_ex") +have_func("EVP_CipherInit_ex") +have_func("EVP_DigestFinal_ex") +have_func("EVP_DigestInit_ex") have_func("EVP_MD_CTX_cleanup") +have_func("EVP_MD_CTX_create") have_func("EVP_MD_CTX_destroy") -have_func("PEM_def_callback") have_func("EVP_MD_CTX_init") -have_func("HMAC_CTX_init") have_func("HMAC_CTX_cleanup") -have_func("X509_CRL_set_version") +have_func("HMAC_CTX_copy") +have_func("HMAC_CTX_init") +have_func("PEM_def_callback") +have_func("X509V3_set_nconf") +have_func("X509_CRL_add0_revoked") have_func("X509_CRL_set_issuer_name") +have_func("X509_CRL_set_version") have_func("X509_CRL_sort") -have_func("X509_CRL_add0_revoked") -have_func("CONF_get1_default_config_file") -have_func("BN_mod_sqr") -have_func("BN_mod_add") -have_func("BN_mod_sub") -have_func("BN_rand_range") -have_func("BN_pseudo_rand_range") -have_func("CONF_get1_default_config_file") -have_func("X509V3_set_nconf") +have_func("X509_STORE_get_ex_data") +have_func("X509_STORE_set_ex_data") if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n") $defs.push("-DHAVE_VA_ARGS_MACRO") end if have_header("openssl/engine.h") + have_func("ENGINE_add") have_func("ENGINE_load_builtin_engines") have_func("ENGINE_load_openbsd_dev_crypto") have_func("ENGINE_get_digest") have_func("ENGINE_get_cipher") have_func("ENGINE_cleanup") end -have_header("openssl/ocsp.h") +if try_compile(< +#if OPENSSL_VERSION_NUMBER < 0x00907000L +# error "OpenSSL version is less than 0.9.7." +#endif +SRC + have_header("openssl/ocsp.h") +end have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h") +have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h") have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h") message "=== Checking done. ===\n" diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 0c0be5fc1f..dfa5f90012 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -105,6 +105,29 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx) } #endif +#if !defined(HAVE_EVP_CIPHER_CTX_COPY) +/* + * this function does not exist in OpenSSL yet... or ever?. + * a future version may break this function. + * tested on 0.9.7d. + */ +int +EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in) +{ + memcpy(out, in, sizeof(EVP_CIPHER_CTX)); + +#if defined(HAVE_ENGINE_ADD) && defined(HAVE_ST_ENGINE) + if (in->engine) ENGINE_add(out->engine); + if (in->cipher_data) { + out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); + memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); + } +#endif + + return 1; +} +#endif + #if !defined(HAVE_X509_CRL_SET_VERSION) int X509_CRL_set_version(X509_CRL *x, long version) diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 7a755f79b5..2a082f3fe0 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -56,13 +56,33 @@ extern "C" { (char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri) #endif +void HMAC_CTX_init(HMAC_CTX *ctx); int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); -void *X509_STORE_get_ex_data(X509_STORE *str, int idx); -int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); +void HMAC_CTX_cleanup(HMAC_CTX *ctx); + EVP_MD_CTX *EVP_MD_CTX_create(void); +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +#if !defined(HAVE_EVP_CIPHER_CTX_COPY) +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); +#endif + +#if !defined(HAVE_EVP_DIGESTINIT_EX) +# define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit(ctx, md) +#endif +#if !defined(HAVE_EVP_DIGESTFINAL_EX) +# define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal(ctx, buf, len) +#endif + +#if !defined(HAVE_EVP_CIPHERINIT_EX) +# define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit(ctx, type, key, iv, enc) +#endif +#if !defined(HAVE_EVP_CIPHERFINAL_EX) +# define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal(ctx, outm, outl) +#endif + #if !defined(EVP_CIPHER_name) # define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) #endif @@ -71,9 +91,9 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); # define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e)) #endif -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -void HMAC_CTX_init(HMAC_CTX *ctx); -void HMAC_CTX_cleanup(HMAC_CTX *ctx); +#if !defined(HAVE_EVP_HMAC_INIT_EX) +# define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init(ctx, key, len, digest) +#endif #if !defined(PKCS7_is_detached) # define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) @@ -83,6 +103,8 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx); # define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) #endif +void *X509_STORE_get_ex_data(X509_STORE *str, int idx); +int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); int X509_CRL_set_version(X509_CRL *x, long version); int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); int X509_CRL_sort(X509_CRL *c); diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 93b3f6ccf9..209ebca604 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -54,7 +54,7 @@ ossl_cipher_new(const EVP_CIPHER *cipher) ret = ossl_cipher_alloc(cCipher); GetCipher(ret, ctx); EVP_CIPHER_CTX_init(ctx); - if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return ret; @@ -79,6 +79,7 @@ ossl_cipher_alloc(VALUE klass) VALUE obj; MakeCipher(obj, klass, ctx); + EVP_CIPHER_CTX_init(ctx); return obj; } @@ -97,9 +98,8 @@ ossl_cipher_initialize(VALUE self, VALUE str) if (!(cipher = EVP_get_cipherbyname(name))) { ossl_raise(rb_eRuntimeError, "Unsupported cipher algorithm (%s).", name); } - EVP_CIPHER_CTX_init(ctx); - if (EVP_CipherInit(ctx, cipher, NULL, NULL, -1) != 1) - ossl_raise(eCipherError, NULL); + if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1) + ossl_raise(eCipherError, NULL); return self; } @@ -113,8 +113,8 @@ ossl_cipher_copy(VALUE self, VALUE other) GetCipher(self, ctx1); SafeGetCipher(other, ctx2); - - memcpy(ctx1, ctx2, sizeof(EVP_CIPHER_CTX)); + if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1) + ossl_raise(eCipherError, NULL); return self; } @@ -125,7 +125,7 @@ ossl_cipher_reset(VALUE self) EVP_CIPHER_CTX *ctx; GetCipher(self, ctx); - if (EVP_CipherInit(ctx, NULL, NULL, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return self; @@ -166,7 +166,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) } } - if (EVP_CipherInit(ctx, NULL, NULL, NULL, 1) != 1) { + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 1) != 1) { ossl_raise(eCipherError, NULL); } @@ -175,7 +175,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv, RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); - if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) { + if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) { ossl_raise(eCipherError, NULL); } } @@ -211,7 +211,7 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self) } } - if (EVP_CipherInit(ctx, NULL, NULL, NULL, 0) != 1) { + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, 0) != 1) { ossl_raise(eCipherError, NULL); } @@ -220,7 +220,7 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self) EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv, RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); - if (EVP_CipherInit(ctx, NULL, key, iv, -1) != 1) { + if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) { ossl_raise(eCipherError, NULL); } } @@ -259,7 +259,7 @@ ossl_cipher_final(VALUE self) GetCipher(self, ctx); str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx)); - if (!EVP_CipherFinal(ctx, RSTRING(str)->ptr, &out_len)) + if (!EVP_CipherFinal_ex(ctx, RSTRING(str)->ptr, &out_len)) ossl_raise(eCipherError, NULL); assert(out_len <= RSTRING(str)->len); RSTRING(str)->len = out_len; @@ -289,7 +289,7 @@ ossl_cipher_set_key(VALUE self, VALUE key) if (RSTRING(key)->len < EVP_CIPHER_CTX_key_length(ctx)) ossl_raise(eCipherError, "key length too short"); - if (EVP_CipherInit(ctx, NULL, RSTRING(key)->ptr, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, NULL, NULL, RSTRING(key)->ptr, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return key; @@ -306,8 +306,8 @@ ossl_cipher_set_iv(VALUE self, VALUE iv) if (RSTRING(iv)->len < EVP_CIPHER_CTX_iv_length(ctx)) ossl_raise(eCipherError, "iv length too short"); - if (EVP_CipherInit(ctx, NULL, NULL, RSTRING(iv)->ptr, -1) != 1) - ossl_raise(eCipherError, NULL); + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, RSTRING(iv)->ptr, -1) != 1) + ossl_raise(eCipherError, NULL); return iv; } @@ -315,13 +315,12 @@ ossl_cipher_set_iv(VALUE self, VALUE iv) static VALUE ossl_cipher_set_padding(VALUE self, VALUE padding) { -#if defined(HAVE_ST_FLAGS) +#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING) EVP_CIPHER_CTX *ctx; GetCipher(self, ctx); - if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1) - ossl_raise(eCipherError, NULL); + ossl_raise(eCipherError, NULL); #else rb_notimplement(); #endif @@ -351,32 +350,18 @@ Init_ossl_cipher(void) cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject); rb_define_alloc_func(cCipher, ossl_cipher_alloc); - rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1); - rb_define_copy_func(cCipher, ossl_cipher_copy); - + rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1); rb_define_method(cCipher, "reset", ossl_cipher_reset, 0); - rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1); rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1); rb_define_method(cCipher, "update", ossl_cipher_update, 1); - rb_define_alias(cCipher, "<<", "update"); rb_define_method(cCipher, "final", ossl_cipher_final, 0); - rb_define_method(cCipher, "name", ossl_cipher_name, 0); - rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1); rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0); -/* - * TODO - * int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); - */ rb_define_method(cCipher, "iv=", ossl_cipher_set_iv, 1); rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0); - rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0); - rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1); - -} /* Init_ossl_cipher */ - +} diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index b117ddd30d..8ad9f01dc4 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -52,7 +52,7 @@ ossl_digest_new(const EVP_MD *md) ret = ossl_digest_alloc(cDigest); GetDigest(ret, ctx); EVP_MD_CTX_init(ctx); - EVP_DigestInit(ctx, md); + EVP_DigestInit_ex(ctx, md, NULL); return ret; } @@ -69,6 +69,7 @@ ossl_digest_alloc(VALUE klass) ctx = EVP_MD_CTX_create(); if (ctx == NULL) ossl_raise(rb_eRuntimeError, "EVP_MD_CTX_create() failed"); + EVP_MD_CTX_init(ctx); obj = Data_Wrap_Struct(klass, 0, EVP_MD_CTX_destroy, ctx); return obj; @@ -94,8 +95,7 @@ ossl_digest_initialize(int argc, VALUE *argv, VALUE self) if (!md) { ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name); } - EVP_MD_CTX_init(ctx); - EVP_DigestInit(ctx, md); + EVP_DigestInit_ex(ctx, md, NULL); if (!NIL_P(data)) return ossl_digest_update(self, data); return self; @@ -124,7 +124,7 @@ ossl_digest_reset(VALUE self) EVP_MD_CTX *ctx; GetDigest(self, ctx); - EVP_DigestInit(ctx, EVP_MD_CTX_md(ctx)); + EVP_DigestInit_ex(ctx, EVP_MD_CTX_md(ctx), NULL); return self; } @@ -150,9 +150,10 @@ digest_final(EVP_MD_CTX *ctx, char **buf, int *buf_len) ossl_raise(eDigestError, NULL); } if (!(*buf = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) { + EVP_MD_CTX_cleanup(&final); ossl_raise(eDigestError, "Cannot allocate mem for digest"); } - EVP_DigestFinal(&final, *buf, buf_len); + EVP_DigestFinal_ex(&final, *buf, buf_len); EVP_MD_CTX_cleanup(&final); } diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index 0b4d8d9b54..fb3d0a6a8f 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -41,8 +41,8 @@ VALUE eHMACError; static void ossl_hmac_free(HMAC_CTX *ctx) { - HMAC_CTX_cleanup(ctx); - free(ctx); + HMAC_CTX_cleanup(ctx); + free(ctx); } static VALUE @@ -52,6 +52,7 @@ ossl_hmac_alloc(VALUE klass) VALUE obj; MakeHMAC(obj, klass, ctx); + HMAC_CTX_init(ctx); return obj; } @@ -63,8 +64,8 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) GetHMAC(self, ctx); StringValue(key); - HMAC_CTX_init(ctx); - HMAC_Init(ctx, RSTRING(key)->ptr, RSTRING(key)->len, GetDigestPtr(digest)); + HMAC_Init_ex(ctx, RSTRING(key)->ptr, RSTRING(key)->len, + GetDigestPtr(digest), NULL); return self; } @@ -107,6 +108,7 @@ hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len) ossl_raise(eHMACError, NULL); } if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) { + HMAC_CTX_cleanup(&final); OSSL_Debug("Allocating %d mem", HMAC_size(&final)); ossl_raise(eHMACError, "Cannot allocate memory for hmac"); } diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb new file mode 100644 index 0000000000..8711e46aa2 --- /dev/null +++ b/test/openssl/test_cipher.rb @@ -0,0 +1,62 @@ +begin + require "openssl" +rescue LoadError +end +require "test/unit" + +if defined?(OpenSSL) + +class OpenSSL::TestCipher < Test::Unit::TestCase + def setup + @c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC") + @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC") + @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + @iv = @key + @hexkey = "0000000000000000000000000000000000000000000000" + @hexiv = "0000000000000000" + @data = "DATA" + end + + def teardown + @c1 = @c2 = nil + end + + def test_crypt + s1 = @c1.encrypt(@key, @iv).update(@data) + @c1.final + s2 = @c2.encrypt(@key, @iv).update(@data) + @c2.final + assert_equal(s1, s2, "encrypt") + assert_equal(@data, @c1.decrypt(@key, @iv).update(s2)+@c1.final, "decrypt") + assert_equal(@data, @c2.decrypt(@key, @iv).update(s1)+@c2.final, "decrypt") + end + + def test_info + assert_equal("DES-EDE3-CBC", @c1.name, "name") + assert_equal("DES-EDE3-CBC", @c2.name, "name") + assert_kind_of(Fixnum, @c1.key_len, "key_len") + assert_kind_of(Fixnum, @c1.iv_len, "iv_len") + end + + def test_dup + assert_equal(@c1.name, @c1.dup.name, "dup") + assert_equal(@c1.name, @c1.clone.name, "clone") + @c1.encrypt + @c1.key = @key + @c1.iv = @iv + tmpc = @c1.dup + s1 = @c1.update(@data) + @c1.final + s2 = tmpc.update(@data) + tmpc.final + assert_equal(s1, s2, "encrypt dup") + end + + def test_reset + @c1.encrypt + @c1.key = @key + @c1.iv = @iv + s1 = @c1.update(@data) + @c1.final + @c1.reset + s2 = @c1.update(@data) + @c1.final + assert_equal(s1, s2, "encrypt reset") + end +end + +end diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb new file mode 100644 index 0000000000..b169b802a8 --- /dev/null +++ b/test/openssl/test_digest.rb @@ -0,0 +1,65 @@ +begin + require "openssl" +rescue LoadError +end +require "digest/md5" +require "test/unit" + +if defined?(OpenSSL) + +class OpenSSL::TestDigest < Test::Unit::TestCase + def setup + @d1 = OpenSSL::Digest::Digest::new("MD5") + @d2 = OpenSSL::Digest::MD5.new + @md = Digest::MD5.new + @data = "DATA" + end + + def teardown + @d1 = @d2 = @md = nil + end + + def test_digest + assert_equal(@md.digest, @d1.digest) + assert_equal(@md.hexdigest, @d1.hexdigest) + @d1 << @data + @d2 << @data + @md << @data + assert_equal(@md.digest, @d1.digest) + assert_equal(@md.hexdigest, @d1.hexdigest) + assert_equal(@d1.digest, @d2.digest) + assert_equal(@d1.hexdigest, @d2.hexdigest) + assert_equal(@md.digest, OpenSSL::Digest::MD5.digest(@data)) + assert_equal(@md.hexdigest, OpenSSL::Digest::MD5.hexdigest(@data)) + end + + def test_eql + assert(@d1 == @d2, "==") + d = @d1.clone + assert(d == @d1, "clone") + end + + def test_info + assert_equal("MD5", @d1.name, "name") + assert_equal("MD5", @d2.name, "name") + assert_equal(16, @d1.size, "size") + end + + def test_dup + @d1.update(@data) + assert_equal(@d1.name, @d1.dup.name, "dup") + assert_equal(@d1.name, @d1.clone.name, "clone") + assert_equal(@d1.digest, @d1.clone.digest, "clone .digest") + end + + def test_reset + @d1.update(@data) + dig1 = @d1.digest + @d1.reset + @d1.update(@data) + dig2 = @d1.digest + assert_equal(dig1, dig2, "reset") + end +end + +end diff --git a/test/openssl/test_hmac.rb b/test/openssl/test_hmac.rb new file mode 100644 index 0000000000..2f8d6bba20 --- /dev/null +++ b/test/openssl/test_hmac.rb @@ -0,0 +1,34 @@ +begin + require "openssl" +rescue LoadError +end +require "test/unit" + +if defined?(OpenSSL) + +class OpenSSL::TestHMAC < Test::Unit::TestCase + def setup + @digest = OpenSSL::Digest::MD5.new + @key = "KEY" + @data = "DATA" + @h1 = OpenSSL::HMAC.new(@key, @digest) + @h2 = OpenSSL::HMAC.new(@key, @digest) + end + + def teardown + end + + def test_hmac + @h1.update(@data) + assert_equal(OpenSSL::HMAC.digest(@digest, @key, @data), @h1.digest, "digest") + assert_equal(OpenSSL::HMAC.hexdigest(@digest, @key, @data), @h1.hexdigest, "hexdigest") + end + + def test_dup + @h1.update(@data) + h = @h1.dup + assert_equal(@h1.digest, h.digest, "dup digest") + end +end + +end -- cgit v1.2.3