From 312de7a9ca97398994cb25b22242e4e348820f2a Mon Sep 17 00:00:00 2001 From: usa Date: Tue, 31 Jul 2018 13:54:40 +0000 Subject: backport openssl v2.0.8 [Backport #14754] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@64146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/History.md | 14 ++++++++++++++ ext/openssl/extconf.rb | 5 ++++- ext/openssl/openssl.gemspec | 10 +++++----- ext/openssl/ossl_cipher.c | 2 ++ ext/openssl/ossl_version.h | 2 +- test/openssl/test_cipher.rb | 3 +++ test/openssl/test_pkey_rsa.rb | 9 ++++++++- test/openssl/test_ssl_session.rb | 14 +++++++++----- test/openssl/utils.rb | 12 ++++++++++++ version.h | 6 +++--- 10 files changed, 61 insertions(+), 16 deletions(-) diff --git a/ext/openssl/History.md b/ext/openssl/History.md index 9cc60caaf8..db7d98e2a4 100644 --- a/ext/openssl/History.md +++ b/ext/openssl/History.md @@ -1,3 +1,17 @@ +Version 2.0.8 +============= + +Bug fixes +--------- + +* OpenSSL::Cipher#pkcs5_keyivgen raises an error when a negative iteration + count is given. + [[GitHub #184]](https://github.com/ruby/openssl/pull/184) +* Fixed build with LibreSSL 2.7. + [[GitHub #192]](https://github.com/ruby/openssl/issues/192) + [[GitHub #193]](https://github.com/ruby/openssl/pull/193) + + Version 2.0.7 ============= diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 75da65cde3..998d91049c 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -157,8 +157,11 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h") have_func("SSL_is_server") # added in 1.1.0 +if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || + try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h") + $defs.push("-DHAVE_OPAQUE_OPENSSL") +end have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API") -have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL") have_func("BN_GENCB_new") have_func("BN_GENCB_free") have_func("BN_GENCB_get_arg") diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec index 67041dc1f2..0e0e1512c1 100644 --- a/ext/openssl/openssl.gemspec +++ b/ext/openssl/openssl.gemspec @@ -1,26 +1,26 @@ # -*- encoding: utf-8 -*- -# stub: openssl 2.0.7 ruby lib +# stub: openssl 2.0.8 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.0.7" + s.version = "2.0.8" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.metadata = { "msys2_mingw_dependencies" => "openssl" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2017-12-14" + s.date = "2018-05-12" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@ruby-lang.org".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] - s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "README.md".freeze, "History.md".freeze] + s.extra_rdoc_files = ["CONTRIBUTING.md".freeze, "History.md".freeze, "README.md".freeze] s.files = ["BSDL".freeze, "CONTRIBUTING.md".freeze, "History.md".freeze, "LICENSE.txt".freeze, "README.md".freeze, "ext/openssl/deprecation.rb".freeze, "ext/openssl/extconf.rb".freeze, "ext/openssl/openssl_missing.c".freeze, "ext/openssl/openssl_missing.h".freeze, "ext/openssl/ossl.c".freeze, "ext/openssl/ossl.h".freeze, "ext/openssl/ossl_asn1.c".freeze, "ext/openssl/ossl_asn1.h".freeze, "ext/openssl/ossl_bio.c".freeze, "ext/openssl/ossl_bio.h".freeze, "ext/openssl/ossl_bn.c".freeze, "ext/openssl/ossl_bn.h".freeze, "ext/openssl/ossl_cipher.c".freeze, "ext/openssl/ossl_cipher.h".freeze, "ext/openssl/ossl_config.c".freeze, "ext/openssl/ossl_config.h".freeze, "ext/openssl/ossl_digest.c".freeze, "ext/openssl/ossl_digest.h".freeze, "ext/openssl/ossl_engine.c".freeze, "ext/openssl/ossl_engine.h".freeze, "ext/openssl/ossl_hmac.c".freeze, "ext/openssl/ossl_hmac.h".freeze, "ext/openssl/ossl_ns_spki.c".freeze, "ext/openssl/ossl_ns_spki.h".freeze, "ext/openssl/ossl_ocsp.c".freeze, "ext/openssl/ossl_ocsp.h".freeze, "ext/openssl/ossl_pkcs12.c".freeze, "ext/openssl/ossl_pkcs12.h".freeze, "ext/openssl/ossl_pkcs5.c".freeze, "ext/openssl/ossl_pkcs5.h".freeze, "ext/openssl/ossl_pkcs7.c".freeze, "ext/openssl/ossl_pkcs7.h".freeze, "ext/openssl/ossl_pkey.c".freeze, "ext/openssl/ossl_pkey.h".freeze, "ext/openssl/ossl_pkey_dh.c".freeze, "ext/openssl/ossl_pkey_dsa.c".freeze, "ext/openssl/ossl_pkey_ec.c".freeze, "ext/openssl/ossl_pkey_rsa.c".freeze, "ext/openssl/ossl_rand.c".freeze, "ext/openssl/ossl_rand.h".freeze, "ext/openssl/ossl_ssl.c".freeze, "ext/openssl/ossl_ssl.h".freeze, "ext/openssl/ossl_ssl_session.c".freeze, "ext/openssl/ossl_version.h".freeze, "ext/openssl/ossl_x509.c".freeze, "ext/openssl/ossl_x509.h".freeze, "ext/openssl/ossl_x509attr.c".freeze, "ext/openssl/ossl_x509cert.c".freeze, "ext/openssl/ossl_x509crl.c".freeze, "ext/openssl/ossl_x509ext.c".freeze, "ext/openssl/ossl_x509name.c".freeze, "ext/openssl/ossl_x509req.c".freeze, "ext/openssl/ossl_x509revoked.c".freeze, "ext/openssl/ossl_x509store.c".freeze, "ext/openssl/ruby_missing.h".freeze, "lib/openssl.rb".freeze, "lib/openssl/bn.rb".freeze, "lib/openssl/buffering.rb".freeze, "lib/openssl/cipher.rb".freeze, "lib/openssl/config.rb".freeze, "lib/openssl/digest.rb".freeze, "lib/openssl/pkey.rb".freeze, "lib/openssl/ssl.rb".freeze, "lib/openssl/x509.rb".freeze] s.homepage = "https://www.ruby-lang.org/".freeze s.licenses = ["Ruby".freeze] s.rdoc_options = ["--main".freeze, "README.md".freeze] s.required_ruby_version = Gem::Requirement.new(">= 2.3.0".freeze) - s.rubygems_version = "2.7.3".freeze + s.rubygems_version = "2.7.6".freeze s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography.".freeze if s.respond_to? :specification_version then diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 740f04b27e..9e71c81703 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -321,6 +321,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) salt = (unsigned char *)RSTRING_PTR(vsalt); } iter = NIL_P(viter) ? 2048 : NUM2INT(viter); + if (iter <= 0) + rb_raise(rb_eArgError, "iterations must be a positive integer"); digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest); GetCipher(self, ctx); EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt, diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h index 56dfe1d785..a4b99e80e3 100644 --- a/ext/openssl/ossl_version.h +++ b/ext/openssl/ossl_version.h @@ -10,6 +10,6 @@ #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.0.7" +#define OSSL_VERSION "2.0.8" #endif /* _OSSL_VERSION_H_ */ diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 48149d4178..732b4fdd9b 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -44,6 +44,9 @@ class OpenSSL::TestCipher < OpenSSL::TestCase s2 = cipher.update(pt) << cipher.final assert_equal s1, s2 + + cipher2 = OpenSSL::Cipher.new("DES-EDE3-CBC").encrypt + assert_raise(ArgumentError) { cipher2.pkcs5_keyivgen(pass, salt, -1, "MD5") } end def test_info diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb index c120556339..b4393e68ce 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -60,6 +60,13 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase end end + def test_generate + key = OpenSSL::PKey::RSA.generate(512, 17) + assert_equal 512, key.n.num_bits + assert_equal 17, key.e + assert_not_nil key.d + end + def test_new_break assert_nil(OpenSSL::PKey::RSA.new(1024) { break }) assert_raise(RuntimeError) do @@ -256,7 +263,7 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase end def test_dup - key = OpenSSL::PKey::RSA.generate(256, 17) + key = Fixtures.pkey("rsa1024") key2 = key.dup assert_equal key.params, key2.params key2.set_key(key2.n, 3, key2.d) diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb index af8c65b17f..6db0c2d196 100644 --- a/test/openssl/test_ssl_session.rb +++ b/test/openssl/test_ssl_session.rb @@ -198,7 +198,9 @@ __EOS__ first_session = nil 10.times do |i| connections = i - server_connect_with_session(port, nil, first_session) { |ssl| + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 + server_connect_with_session(port, cctx, first_session) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets first_session ||= ssl.session @@ -257,6 +259,8 @@ __EOS__ connections = nil called = {} + cctx = OpenSSL::SSL::SSLContext.new + cctx.ssl_version = :TLSv1_2 sctx = nil ctx_proc = Proc.new { |ctx| sctx = ctx @@ -292,7 +296,7 @@ __EOS__ } start_server(ctx_proc: ctx_proc) do |port| connections = 0 - sess0 = server_connect_with_session(port, nil, nil) { |ssl| + sess0 = server_connect_with_session(port, cctx, nil) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session @@ -307,7 +311,7 @@ __EOS__ # Internal cache hit connections = 1 - server_connect_with_session(port, nil, sess0.dup) { |ssl| + server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal true, ssl.session_reused? ssl.session @@ -328,7 +332,7 @@ __EOS__ # External cache hit connections = 2 - sess2 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess2 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets if !ssl.session_reused? && openssl?(1, 1, 0) && !openssl?(1, 1, 0, 7) # OpenSSL >= 1.1.0, < 1.1.0g @@ -355,7 +359,7 @@ __EOS__ # Cache miss connections = 3 - sess3 = server_connect_with_session(port, nil, sess0.dup) { |ssl| + sess3 = server_connect_with_session(port, cctx, sess0.dup) { |ssl| ssl.puts("abc"); assert_equal "abc\n", ssl.gets assert_equal false, ssl.session_reused? ssl.session diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb index 4331d8bd8d..b7ddd8916d 100644 --- a/test/openssl/utils.rb +++ b/test/openssl/utils.rb @@ -216,6 +216,10 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase threads = [] begin server_thread = Thread.new do + if Thread.method_defined?(:report_on_exception=) # Ruby >= 2.4 + Thread.current.report_on_exception = false + end + begin loop do begin @@ -229,6 +233,10 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase end th = Thread.new do + if Thread.method_defined?(:report_on_exception=) + Thread.current.report_on_exception = false + end + begin server_proc.call(ctx, ssl) ensure @@ -244,6 +252,10 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase end client_thread = Thread.new do + if Thread.method_defined?(:report_on_exception=) + Thread.current.report_on_exception = false + end + begin block.call(port) ensure diff --git a/version.h b/version.h index 2b86d38890..19c4bf2d90 100644 --- a/version.h +++ b/version.h @@ -1,10 +1,10 @@ #define RUBY_VERSION "2.4.5" -#define RUBY_RELEASE_DATE "2018-07-30" -#define RUBY_PATCHLEVEL 311 +#define RUBY_RELEASE_DATE "2018-07-31" +#define RUBY_PATCHLEVEL 312 #define RUBY_RELEASE_YEAR 2018 #define RUBY_RELEASE_MONTH 7 -#define RUBY_RELEASE_DAY 30 +#define RUBY_RELEASE_DAY 31 #include "ruby/version.h" -- cgit v1.2.3