aeris
/
cryptcheck
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Clean patch

new-scoring
aeris 1 month ago
parent
33e84e4762
commit
678bc82238
5 changed files with 67 additions and 65 deletions
Split View Show Diff Stats
  1. 3
    3
      patches/ruby/01_tmp_key.patch
  2. 11
    11
      patches/ruby/02_set_ecdh_curves.patch
  3. 3
    3
      patches/ruby/03_fallback_scsv.patch
  4. 15
    15
      patches/ruby/04_multiple_certs.patch
  5. 35
    33
      patches/ruby/05_resolv_rr_length.patch.disabled

+ 3
- 3
patches/ruby/01_tmp_key.patch View File

@@ -11,10 +11,10 @@ index 0b7fa2a..76487f7 100644
have_func("ENGINE_add")
have_func("ENGINE_load_builtin_engines")
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 7a0eb4e..dc35d5a 100644
index cd35ee3..9167959 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1911,6 +1911,25 @@ ossl_ssl_alpn_protocol(VALUE self)
@@ -1920,6 +1920,25 @@ ossl_ssl_alpn_protocol(VALUE self)
return rb_str_new((const char *) out, outlen);
}
# endif
@@ -40,7 +40,7 @@ index 7a0eb4e..dc35d5a 100644
#endif /* !defined(OPENSSL_NO_SOCK) */
void
@@ -2305,6 +2324,9 @@ Init_ossl_ssl(void)
@@ -2314,6 +2333,9 @@ Init_ossl_ssl(void)
rb_define_method(cSSLSocket, "session=", ossl_ssl_set_session, 1);
rb_define_method(cSSLSocket, "verify_result", ossl_ssl_get_verify_result, 0);
rb_define_method(cSSLSocket, "client_ca", ossl_ssl_get_client_ca_list, 0);

+ 11
- 11
patches/ruby/02_set_ecdh_curves.patch View File

@@ -87,7 +87,7 @@ index 955579c..6e2f5b5 100644
void HMAC_CTX_cleanup(HMAC_CTX *ctx);
#endif
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index dc35d5a..cc17a0c 100644
index 9167959..8bd198a 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -161,6 +161,18 @@ ossl_sslctx_s_alloc(VALUE klass)
@@ -109,7 +109,7 @@ index dc35d5a..cc17a0c 100644
return obj;
}
@@ -711,19 +723,33 @@ ossl_sslctx_setup(VALUE self)
@@ -718,19 +730,33 @@ ossl_sslctx_setup(VALUE self)
#endif
#if !defined(OPENSSL_NO_EC)
@@ -153,7 +153,7 @@ index dc35d5a..cc17a0c 100644
store = GetX509StorePtr(val); /* NO NEED TO DUP */
SSL_CTX_set_cert_store(ctx, store);
SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1);
@@ -731,7 +757,7 @@ ossl_sslctx_setup(VALUE self)
@@ -738,7 +764,7 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_extra_cert(self);
if(!NIL_P(val)){
@@ -162,7 +162,7 @@ index dc35d5a..cc17a0c 100644
}
/* private key may be bundled in certificate file. */
@@ -755,22 +781,21 @@ ossl_sslctx_setup(VALUE self)
@@ -762,22 +788,21 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_client_ca(self);
if(!NIL_P(val)){
@@ -198,7 +198,7 @@ index dc35d5a..cc17a0c 100644
}
val = ossl_sslctx_get_ca_file(self);
@@ -778,15 +803,15 @@ ossl_sslctx_setup(VALUE self)
@@ -785,15 +810,15 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_ca_path(self);
ca_path = NIL_P(val) ? NULL : StringValuePtr(val);
if(ca_file || ca_path){
@@ -217,7 +217,7 @@ index dc35d5a..cc17a0c 100644
val = ossl_sslctx_get_timeout(self);
if(!NIL_P(val)) SSL_CTX_set_timeout(ctx, NUM2LONG(val));
@@ -797,26 +822,26 @@ ossl_sslctx_setup(VALUE self)
@@ -804,26 +829,26 @@ ossl_sslctx_setup(VALUE self)
#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
val = rb_iv_get(self, "@npn_protocols");
if (!NIL_P(val)) {
@@ -254,7 +254,7 @@ index dc35d5a..cc17a0c 100644
}
#endif
@@ -824,31 +849,31 @@ ossl_sslctx_setup(VALUE self)
@@ -831,31 +856,31 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_sess_id_ctx(self);
if (!NIL_P(val)){
@@ -298,7 +298,7 @@ index dc35d5a..cc17a0c 100644
}
#endif
@@ -953,6 +978,87 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
@@ -960,6 +985,87 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return v;
}
@@ -386,7 +386,7 @@ index dc35d5a..cc17a0c 100644
/*
* call-seq:
* ctx.session_add(session) -> true | false
@@ -2075,6 +2181,7 @@ Init_ossl_ssl(void)
@@ -2084,6 +2190,7 @@ Init_ossl_ssl(void)
*/
rb_attr(cSSLContext, rb_intern("client_cert_cb"), 1, 1, Qfalse);
@@ -394,7 +394,7 @@ index dc35d5a..cc17a0c 100644
/*
* A callback invoked when ECDH parameters are required.
*
@@ -2082,10 +2189,11 @@ Init_ossl_ssl(void)
@@ -2091,10 +2198,11 @@ Init_ossl_ssl(void)
* flag indicating the use of an export cipher and the keylength
* required.
*
@@ -408,7 +408,7 @@ index dc35d5a..cc17a0c 100644
/*
* Sets the context in which a session can be reused. This allows
@@ -2221,6 +2329,7 @@ Init_ossl_ssl(void)
@@ -2230,6 +2338,7 @@ Init_ossl_ssl(void)
rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1);
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);

+ 3
- 3
patches/ruby/03_fallback_scsv.patch View File

@@ -31,10 +31,10 @@ index 9893757..bcb167e 100644
##
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index cc17a0c..9f7ee0b 100644
index 8bd198a..184c864 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -978,6 +978,31 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
@@ -985,6 +985,31 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return v;
}
@@ -66,7 +66,7 @@ index cc17a0c..9f7ee0b 100644
#if !defined(OPENSSL_NO_EC)
/*
* call-seq:
@@ -2330,6 +2355,7 @@ Init_ossl_ssl(void)
@@ -2339,6 +2364,7 @@ Init_ossl_ssl(void)
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);

+ 15
- 15
patches/ruby/04_multiple_certs.patch View File

@@ -1,11 +1,11 @@
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index bcb167e..5f688db 100644
index bcb167e..cd82e6d 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -70,7 +70,7 @@ class SSLContext
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
- INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
+ INIT_VARS = ["client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
@@ -20,7 +20,7 @@ index bcb167e..5f688db 100644
INIT_VARS.each { |v| instance_variable_set v, nil }
self.options = self.options | OpenSSL::SSL::OP_ALL
return unless version
@@ -131,6 +132,22 @@ def set_params(params={})
@@ -131,6 +133,22 @@ def set_params(params={})
end
return params
end
@@ -41,16 +41,16 @@ index bcb167e..5f688db 100644
+ self.keys.first
+ end
end
module SocketForwarder
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 9f7ee0b..9437793 100644
index 184c864..8f08918 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -36,8 +36,8 @@ VALUE cSSLSocket;
static VALUE eSSLErrorWaitReadable;
static VALUE eSSLErrorWaitWritable;
-#define ossl_sslctx_set_cert(o,v) rb_iv_set((o),"@cert",(v))
-#define ossl_sslctx_set_key(o,v) rb_iv_set((o),"@key",(v))
+#define ossl_sslctx_set_certs(o,v) rb_iv_set((o),"@certs",(v))
@@ -61,7 +61,7 @@ index 9f7ee0b..9437793 100644
@@ -50,8 +50,8 @@ static VALUE eSSLErrorWaitWritable;
#define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v))
#define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v))
-#define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert")
-#define ossl_sslctx_get_key(o) rb_iv_get((o),"@key")
+#define ossl_sslctx_get_certs(o) rb_iv_get((o),"@certs")
@@ -69,19 +69,19 @@ index 9f7ee0b..9437793 100644
#define ossl_sslctx_get_client_ca(o) rb_iv_get((o),"@client_ca")
#define ossl_sslctx_get_ca_file(o) rb_iv_get((o),"@ca_file")
#define ossl_sslctx_get_ca_path(o) rb_iv_get((o),"@ca_path")
@@ -713,7 +713,8 @@ ossl_sslctx_setup(VALUE self)
@@ -720,7 +720,8 @@ ossl_sslctx_setup(VALUE self)
char *ca_path = NULL, *ca_file = NULL;
int verify_mode;
long i;
- VALUE val;
+ VALUE val, val2;
+ int cert_defined = 0, key_defined = 0;
if(OBJ_FROZEN(self)) return Qnil;
GetSSLCTX(self, ctx);
@@ -761,19 +762,39 @@ ossl_sslctx_setup(VALUE self)
@@ -768,19 +769,39 @@ ossl_sslctx_setup(VALUE self)
}
/* private key may be bundled in certificate file. */
- val = ossl_sslctx_get_cert(self);
- cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */
@@ -130,22 +130,22 @@ index 9f7ee0b..9437793 100644
if (!SSL_CTX_check_private_key(ctx)) {
ossl_raise(eSSLError, "SSL_CTX_check_private_key");
}
@@ -2128,14 +2149,14 @@ Init_ossl_ssl(void)
@@ -2137,14 +2158,14 @@ Init_ossl_ssl(void)
rb_define_alloc_func(cSSLContext, ossl_sslctx_s_alloc);
/*
- * Context certificate
+ * Context certificates
*/
- rb_attr(cSSLContext, rb_intern("cert"), 1, 1, Qfalse);
+ rb_attr(cSSLContext, rb_intern("certs"), 1, 1, Qfalse);
/*
- * Context private key
+ * Context private keys
*/
- rb_attr(cSSLContext, rb_intern("key"), 1, 1, Qfalse);
+ rb_attr(cSSLContext, rb_intern("keys"), 1, 1, Qfalse);
/*
* A certificate or Array of certificates that will be sent to the client.

+ 35
- 33
patches/ruby/05_resolv_rr_length.patch.disabled View File

@@ -1,6 +1,8 @@
--- a/lib/resolv.rb 2017-10-29 13:02:49.280729153 +0100
+++ b/lib/resolv.rb 2017-10-29 13:02:37.340717366 +0100
@@ -1644,7 +1641,7 @@
diff --git a/lib/resolv.rb b/lib/resolv.rb
index c977584..93afebb 100644
--- a/lib/resolv.rb
+++ b/lib/resolv.rb
@@ -1677,7 +1677,7 @@ def get_rr
name = self.get_name
type, klass, ttl = self.get_unpack('nnN')
typeclass = Resource.get_class(type, klass)
@@ -9,127 +11,127 @@
res.instance_variable_set :@ttl, ttl
return name, ttl, res
end
@@ -1659,7 +1656,7 @@
@@ -1692,7 +1692,7 @@ def encode_rdata(msg) # :nodoc:
raise EncodeError.new("#{self.class} is query.")
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, len) # :nodoc:
raise DecodeError.new("#{self.class} is query.")
end
end
@@ -1680,7 +1677,7 @@
@@ -1713,7 +1713,7 @@ def encode_rdata(msg) # :nodoc:
raise NotImplementedError.new
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, len) # :nodoc:
raise NotImplementedError.new
end
@@ -1737,7 +1734,7 @@
@@ -1770,7 +1770,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(data)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(msg.get_bytes)
end
@@ -1772,7 +1769,7 @@
@@ -1805,7 +1805,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@name)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(msg.get_name)
end
end
@@ -1860,7 +1857,7 @@
@@ -1893,7 +1893,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_pack('NNNNN', @serial, @refresh, @retry, @expire, @minimum)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
mname = msg.get_name
rname = msg.get_name
serial, refresh, retry_, expire, minimum = msg.get_unpack('NNNNN')
@@ -1906,7 +1903,7 @@
@@ -1939,7 +1939,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_string(@os)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
cpu = msg.get_string
os = msg.get_string
return self.new(cpu, os)
@@ -1940,7 +1937,7 @@
@@ -1973,7 +1973,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@emailbx)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
rmailbx = msg.get_string
emailbx = msg.get_string
return self.new(rmailbx, emailbx)
@@ -1978,7 +1975,7 @@
@@ -2011,7 +2011,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@exchange)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
preference, = msg.get_unpack('n')
exchange = msg.get_name
return self.new(preference, exchange)
@@ -2012,7 +2009,7 @@
@@ -2045,7 +2045,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_string_list(@strings)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
strings = msg.get_string_list
return self.new(*strings)
end
@@ -2089,7 +2086,7 @@
@@ -2122,7 +2122,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@altitude.altitude)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
version = msg.get_bytes(1)
ssize = msg.get_bytes(1)
hprecision = msg.get_bytes(1)
@@ -2159,7 +2156,7 @@
@@ -2192,7 +2192,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@address.address)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(IPv4.new(msg.get_bytes(4)))
end
end
@@ -2204,7 +2201,7 @@
@@ -2237,7 +2237,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@bitmap)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
address = IPv4.new(msg.get_bytes(4))
protocol, = msg.get_unpack("n")
bitmap = msg.get_bytes
@@ -2236,7 +2233,7 @@
@@ -2269,7 +2269,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@address.address)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(IPv6.new(msg.get_bytes(16)))
end
end
@@ -2306,7 +2303,7 @@
@@ -2339,7 +2339,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@target)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
priority, = msg.get_unpack("n")

Write Preview
Loading…
Cancel
Save