1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openssl: import fixes from upstream

Browse Source 
Import the following two commits from upstream:

  commit 72126d6c8b88abd69c3565fc3bbbd5ed1e401611
  Author: Kazuki Yamaguchi <k@rhe.jp>
  Date:   Thu Dec 1 22:27:03 2016 +0900

      pkey: check existence of EVP_PKEY_get0()

      EVP_PKEY_get0() did not exist in early OpenSSL 0.9.8 series. So define
      ourselves if needed.

  commit 94a1c4e0c5705ad1e9a4ca08cacaa6cba8b1e6f5
  Author: Kazuki Yamaguchi <k@rhe.jp>
  Date:   Thu Dec 1 22:13:22 2016 +0900

      test/test_cipher: fix test with OpenSSL 1.0.1 before 1.0.1d

      Set the authentication tag before the AAD when decrypting.

      Before OpenSSL commit 96f7fafa2431 ("Don't require tag before ciphertext
      in AESGCM mode", 2012-10-16, at OpenSSL_1_0_1-stable branch, included in
      OpenSSL 1.0.1d), the authentication tag must be set before any calls of
      EVP_CipherUpdate().

They should fix build on CentOS 5 and Ubuntu 12.04 respectively.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
rhe 2016-12-01 04:42:10 +00:00
parent 671c929f0a
commit 95dbfe0dfc
3 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ext/openssl/extconf.rb
View File

@ -95,6 +95,7 @@ have_func("i2d_ASN1_SET_ANY")
have_func("SSL_SESSION_cmp") # removed have_func("SSL_SESSION_cmp") # removed
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h") OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
have_func("EVP_PKEY_get0")
# added in 1.0.1 # added in 1.0.1
have_func("SSL_CTX_set_next_proto_select_cb") have_func("SSL_CTX_set_next_proto_select_cb")

4
ext/openssl/openssl_missing.h
View File

@ -47,6 +47,10 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0) i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0)
#endif #endif
#if !defined(HAVE_EVP_PKEY_GET0)
# define EVP_PKEY_get0(pk) (pk->pkey.ptr)
#endif
/* added in 1.0.2 */ /* added in 1.0.2 */
#if !defined(OPENSSL_NO_EC) #if !defined(OPENSSL_NO_EC)
#if !defined(HAVE_EC_CURVE_NIST2NID) #if !defined(HAVE_EC_CURVE_NIST2NID)

16
test/openssl/test_cipher.rb
View File

@ -192,32 +192,32 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad) cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad)
assert_equal ct, cipher.update(pt) << cipher.final assert_equal ct, cipher.update(pt) << cipher.final
assert_equal tag, cipher.auth_tag assert_equal tag, cipher.auth_tag
cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag) cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad)
assert_equal pt, cipher.update(ct) << cipher.final assert_equal pt, cipher.update(ct) << cipher.final
# truncated tag is accepted # truncated tag is accepted
cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad) cipher = new_encryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad)
assert_equal ct, cipher.update(pt) << cipher.final assert_equal ct, cipher.update(pt) << cipher.final
assert_equal tag[0, 8], cipher.auth_tag(8) assert_equal tag[0, 8], cipher.auth_tag(8)
cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag[0, 8]) cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag[0, 8], auth_data: aad)
assert_equal pt, cipher.update(ct) << cipher.final assert_equal pt, cipher.update(ct) << cipher.final
# wrong tag is rejected # wrong tag is rejected
tag2 = tag.dup tag2 = tag.dup
tag2.setbyte(-1, (tag2.getbyte(-1) + 1) & 0xff) tag2.setbyte(-1, (tag2.getbyte(-1) + 1) & 0xff)
cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag2) cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag2, auth_data: aad)
cipher.update(ct) cipher.update(ct)
assert_raise(OpenSSL::Cipher::CipherError) { cipher.final } assert_raise(OpenSSL::Cipher::CipherError) { cipher.final }
# wrong aad is rejected # wrong aad is rejected
aad2 = aad[0..-2] << aad[-1].succ aad2 = aad[0..-2] << aad[-1].succ
cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad2, auth_tag: tag) cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad2)
cipher.update(ct) cipher.update(ct)
assert_raise(OpenSSL::Cipher::CipherError) { cipher.final } assert_raise(OpenSSL::Cipher::CipherError) { cipher.final }
# wrong ciphertext is rejected # wrong ciphertext is rejected
ct2 = ct[0..-2] << ct[-1].succ ct2 = ct[0..-2] << ct[-1].succ
cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_data: aad, auth_tag: tag) cipher = new_decryptor("aes-128-gcm", key: key, iv: iv, auth_tag: tag, auth_data: aad)
cipher.update(ct2) cipher.update(ct2)
assert_raise(OpenSSL::Cipher::CipherError) { cipher.final } assert_raise(OpenSSL::Cipher::CipherError) { cipher.final }
end if has_cipher?("aes-128-gcm") end if has_cipher?("aes-128-gcm")
@ -241,7 +241,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
cipher = new_encryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_data: aad) cipher = new_encryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_data: aad)
assert_equal ct, cipher.update(pt) << cipher.final assert_equal ct, cipher.update(pt) << cipher.final
assert_equal tag, cipher.auth_tag assert_equal tag, cipher.auth_tag
cipher = new_decryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_data: aad, auth_tag: tag) cipher = new_decryptor("aes-128-gcm", key: key, iv_len: 8, iv: iv, auth_tag: tag, auth_data: aad)
assert_equal pt, cipher.update(ct) << cipher.final assert_equal pt, cipher.update(ct) << cipher.final
end if has_cipher?("aes-128-gcm") end if has_cipher?("aes-128-gcm")
@ -257,7 +257,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
cipher = new_encryptor("aes-128-ocb", key: key, iv: iv, auth_data: aad) cipher = new_encryptor("aes-128-ocb", key: key, iv: iv, auth_data: aad)
assert_equal ct, cipher.update(pt) << cipher.final assert_equal ct, cipher.update(pt) << cipher.final
assert_equal tag, cipher.auth_tag assert_equal tag, cipher.auth_tag
cipher = new_decryptor("aes-128-ocb", key: key, iv: iv, auth_data: aad, auth_tag: tag) cipher = new_decryptor("aes-128-ocb", key: key, iv: iv, auth_tag: tag, auth_data: aad)
assert_equal pt, cipher.update(ct) << cipher.final assert_equal pt, cipher.update(ct) << cipher.final
# RFC 7253 Appendix A; with 96 bits tag length # RFC 7253 Appendix A; with 96 bits tag length
@ -274,7 +274,7 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
cipher = new_encryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_data: aad) cipher = new_encryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_data: aad)
assert_equal ct, cipher.update(pt) << cipher.final assert_equal ct, cipher.update(pt) << cipher.final
assert_equal tag, cipher.auth_tag assert_equal tag, cipher.auth_tag
cipher = new_decryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_data: aad, auth_tag: tag) cipher = new_decryptor("aes-128-ocb", auth_tag_len: 12, key: key, iv: iv, auth_tag: tag, auth_data: aad)
assert_equal pt, cipher.update(ct) << cipher.final assert_equal pt, cipher.update(ct) << cipher.final
end if has_cipher?("aes-128-ocb") end if has_cipher?("aes-128-ocb")