openssl: import e72d960db262

Sync with master branch of ruby/openssl.git to import changes in v2.1.0.beta1..v2.0.6. The commit log since v2.1.0.beta1 which was imported by r59734 can be found at: https://github.com/ruby/openssl/compare/v2.1.0.beta1...e72d960db262 ---------------------------------------------------------------- Kazuki Yamaguchi (16): test/test_pair: fix test_write_nonblock{,_no_exceptions} x509name: fix a typo in docs test/test_fips: skip if setting FIPS mode fails test/test_asn1: fix possible failure in test_utctime test/test_ssl: suppress warning in test_alpn_protocol_selection_cancel test/test_pair: disable compression test/test_ssl: skip tmp_ecdh_callback test for LibreSSL >= 2.6.1 test/test_ssl: do not run NPN tests for LibreSSL >= 2.6.1 tool/ruby-openssl-docker: update test/test_pair: replace sleep with IO.select ssl: prevent SSLSocket#sysread* from leaking uninitialized data ossl.c: use struct CRYPTO_dynlock_value for non-dynamic locks ossl.c: make legacy locking callbacks reentrant test/test_engine: suppress stderr test/test_engine: check if RC4 is supported Ruby/OpenSSL 2.0.6 SHIBATA Hiroshi (1): To use upstream url of github nobu (1): ruby.h: unnormalized Fixnum value git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60013 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-08-23 04:55:21 +02:00 · 2017-09-24 16:26:22 +00:00 · 2017-09-24 16:26:22 +00:00 · fdd01b5356
commit fdd01b5356
parent 444d091005
9 changed files with 138 additions and 67 deletions
--- a/test/openssl/test_engine.rb
+++ b/test/openssl/test_engine.rb
@ -52,32 +52,28 @@ class OpenSSL::TestEngine < OpenSSL::TestCase
  end

  def test_openssl_engine_cipher_rc4
-    with_openssl <<-'end;'
-      begin
-        engine = get_engine
-        algo = "RC4" #AES is not supported by openssl Engine (<=1.0.0e)
-        data = "a" * 1000
-        key = OpenSSL::Random.random_bytes(16)
-        # suppress message from openssl Engine's RC4 cipher [ruby-core:41026]
-        err_back = $stderr.dup
-        $stderr.reopen(IO::NULL)
-        encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
-        decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
-        assert_equal(data, decrypted)
-      ensure
-        if err_back
-          $stderr.reopen(err_back)
-          err_back.close
-        end
-      end
+    begin
+      OpenSSL::Cipher.new("rc4")
+    rescue OpenSSL::Cipher::CipherError
+      pend "RC4 is not supported"
+    end
+
+    with_openssl(<<-'end;', ignore_stderr: true)
+      engine = get_engine
+      algo = "RC4"
+      data = "a" * 1000
+      key = OpenSSL::Random.random_bytes(16)
+      encrypted = crypt_data(data, key, :encrypt) { engine.cipher(algo) }
+      decrypted = crypt_data(encrypted, key, :decrypt) { OpenSSL::Cipher.new(algo) }
+      assert_equal(data, decrypted)
    end;
  end

  private

  # this is required because OpenSSL::Engine methods change global state
-  def with_openssl(code)
-    assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
+  def with_openssl(code, **opts)
+    assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;", **opts)
      require #{__FILE__.dump}
      include OpenSSL::TestEngine::Utils
      #{code}
--- a/test/openssl/test_pair.rb
+++ b/test/openssl/test_pair.rb
@ -218,7 +218,7 @@ module OpenSSL::TestPairM
      assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10) }
      assert_equal("def\n", ret)
      s1.close
-      sleep 0.1
+      IO.select([s2])
      assert_raise(EOFError) { s2.read_nonblock(10) }
    }
  end
@ -234,11 +234,35 @@ module OpenSSL::TestPairM
      assert_nothing_raised("[ruby-core:20298]") { ret = s2.read_nonblock(10, exception: false) }
      assert_equal("def\n", ret)
      s1.close
-      sleep 0.1
+      IO.select([s2])
      assert_equal(nil, s2.read_nonblock(10, exception: false))
    }
  end

+  def test_read_with_outbuf
+    ssl_pair { |s1, s2|
+      s1.write("abc\n")
+      buf = ""
+      ret = s2.read(2, buf)
+      assert_same ret, buf
+      assert_equal "ab", ret
+
+      buf = "garbage"
+      ret = s2.read(2, buf)
+      assert_same ret, buf
+      assert_equal "c\n", ret
+
+      buf = "garbage"
+      assert_equal :wait_readable, s2.read_nonblock(100, buf, exception: false)
+      assert_equal "", buf
+
+      s1.close
+      buf = "garbage"
+      assert_equal nil, s2.read(100, buf)
+      assert_equal "", buf
+    }
+  end
+
  def test_write_nonblock
    ssl_pair {|s1, s2|
      assert_equal 3, s1.write_nonblock("foo")
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@ -1042,6 +1042,7 @@ end
    pend "TLS 1.2 is not supported" unless tls12_supported?
    pend "NPN is not supported" unless \
      OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+    pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)

    advertised = ["http/1.1", "spdy/2"]
    ctx_proc = proc { |ctx| ctx.npn_protocols = advertised }
@ -1062,6 +1063,7 @@ end
    pend "TLS 1.2 is not supported" unless tls12_supported?
    pend "NPN is not supported" unless \
      OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+    pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)

    advertised = Object.new
    def advertised.each
@ -1086,6 +1088,7 @@ end
    pend "TLS 1.2 is not supported" unless tls12_supported?
    pend "NPN is not supported" unless \
      OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+    pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)

    ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["http/1.1"] }
    start_server_version(:TLSv1_2, ctx_proc) { |port|
@ -1099,6 +1102,7 @@ end
    pend "TLS 1.2 is not supported" unless tls12_supported?
    pend "NPN is not supported" unless \
      OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+    pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)

    ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["a" * 256] }
    start_server_version(:TLSv1_2, ctx_proc) { |port|
@ -1112,6 +1116,7 @@ end
    pend "TLS 1.2 is not supported" unless tls12_supported?
    pend "NPN is not supported" unless \
      OpenSSL::SSL::SSLContext.method_defined?(:npn_select_cb)
+    pend "LibreSSL 2.6 has broken NPN functions" if libressl?(2, 6, 1)

    ctx_proc = Proc.new { |ctx| ctx.npn_protocols = ["http/1.1"] }
    start_server_version(:TLSv1_2, ctx_proc) { |port|
@ -1242,6 +1247,8 @@ end
    pend "EC is disabled" unless defined?(OpenSSL::PKey::EC)
    pend "tmp_ecdh_callback is not supported" unless \
      OpenSSL::SSL::SSLContext.method_defined?(:tmp_ecdh_callback)
+    pend "LibreSSL 2.6 has broken SSL_CTX_set_tmp_ecdh_callback()" \
+      if libressl?(2, 6, 1)

    EnvUtil.suppress_warning do # tmp_ecdh_callback is deprecated (2016-05)
      called = false