aeris
/
cryptcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Clean patch

new-scoring
aeris 3 years ago
parent
33e84e4762
commit
678bc82238
5 changed files with 67 additions and 65 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      patches/ruby/01_tmp_key.patch
  2. 22
      patches/ruby/02_set_ecdh_curves.patch
  3. 6
      patches/ruby/03_fallback_scsv.patch
  4. 30
      patches/ruby/04_multiple_certs.patch
  5. 68
      patches/ruby/05_resolv_rr_length.patch.disabled

6
patches/ruby/01_tmp_key.patch
View File

@ -11,10 +11,10 @@ index 0b7fa2a..76487f7 100644
have_func("ENGINE_add")
have_func("ENGINE_load_builtin_engines")
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 7a0eb4e..dc35d5a 100644
index cd35ee3..9167959 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1911,6 +1911,25 @@ ossl_ssl_alpn_protocol(VALUE self)
@@ -1920,6 +1920,25 @@ ossl_ssl_alpn_protocol(VALUE self)
return rb_str_new((const char *) out, outlen);
}
# endif
@ -40,7 +40,7 @@ index 7a0eb4e..dc35d5a 100644
#endif /* !defined(OPENSSL_NO_SOCK) */
void
@@ -2305,6 +2324,9 @@ Init_ossl_ssl(void)
@@ -2314,6 +2333,9 @@ Init_ossl_ssl(void)
rb_define_method(cSSLSocket, "session=", ossl_ssl_set_session, 1);
rb_define_method(cSSLSocket, "verify_result", ossl_ssl_get_verify_result, 0);
rb_define_method(cSSLSocket, "client_ca", ossl_ssl_get_client_ca_list, 0);

22
patches/ruby/02_set_ecdh_curves.patch
View File

@ -87,7 +87,7 @@ index 955579c..6e2f5b5 100644
void HMAC_CTX_cleanup(HMAC_CTX *ctx);
#endif
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index dc35d5a..cc17a0c 100644
index 9167959..8bd198a 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -161,6 +161,18 @@ ossl_sslctx_s_alloc(VALUE klass)
@ -109,7 +109,7 @@ index dc35d5a..cc17a0c 100644
return obj;
}
@@ -711,19 +723,33 @@ ossl_sslctx_setup(VALUE self)
@@ -718,19 +730,33 @@ ossl_sslctx_setup(VALUE self)
#endif
#if !defined(OPENSSL_NO_EC)
@ -153,7 +153,7 @@ index dc35d5a..cc17a0c 100644
store = GetX509StorePtr(val); /* NO NEED TO DUP */
SSL_CTX_set_cert_store(ctx, store);
SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1);
@@ -731,7 +757,7 @@ ossl_sslctx_setup(VALUE self)
@@ -738,7 +764,7 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_extra_cert(self);
if(!NIL_P(val)){
@ -162,7 +162,7 @@ index dc35d5a..cc17a0c 100644
}
/* private key may be bundled in certificate file. */
@@ -755,22 +781,21 @@ ossl_sslctx_setup(VALUE self)
@@ -762,22 +788,21 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_client_ca(self);
if(!NIL_P(val)){
@ -198,7 +198,7 @@ index dc35d5a..cc17a0c 100644
}
val = ossl_sslctx_get_ca_file(self);
@@ -778,15 +803,15 @@ ossl_sslctx_setup(VALUE self)
@@ -785,15 +810,15 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_ca_path(self);
ca_path = NIL_P(val) ? NULL : StringValuePtr(val);
if(ca_file || ca_path){
@ -217,7 +217,7 @@ index dc35d5a..cc17a0c 100644
val = ossl_sslctx_get_timeout(self);
if(!NIL_P(val)) SSL_CTX_set_timeout(ctx, NUM2LONG(val));
@@ -797,26 +822,26 @@ ossl_sslctx_setup(VALUE self)
@@ -804,26 +829,26 @@ ossl_sslctx_setup(VALUE self)
#ifdef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB
val = rb_iv_get(self, "@npn_protocols");
if (!NIL_P(val)) {
@ -254,7 +254,7 @@ index dc35d5a..cc17a0c 100644
}
#endif
@@ -824,31 +849,31 @@ ossl_sslctx_setup(VALUE self)
@@ -831,31 +856,31 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_sess_id_ctx(self);
if (!NIL_P(val)){
@ -298,7 +298,7 @@ index dc35d5a..cc17a0c 100644
}
#endif
@@ -953,6 +978,87 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
@@ -960,6 +985,87 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return v;
}
@ -386,7 +386,7 @@ index dc35d5a..cc17a0c 100644
/*
* call-seq:
* ctx.session_add(session) -> true | false
@@ -2075,6 +2181,7 @@ Init_ossl_ssl(void)
@@ -2084,6 +2190,7 @@ Init_ossl_ssl(void)
*/
rb_attr(cSSLContext, rb_intern("client_cert_cb"), 1, 1, Qfalse);
@ -394,7 +394,7 @@ index dc35d5a..cc17a0c 100644
/*
* A callback invoked when ECDH parameters are required.
*
@@ -2082,10 +2189,11 @@ Init_ossl_ssl(void)
@@ -2091,10 +2198,11 @@ Init_ossl_ssl(void)
* flag indicating the use of an export cipher and the keylength
* required.
*
@ -408,7 +408,7 @@ index dc35d5a..cc17a0c 100644
/*
* Sets the context in which a session can be reused. This allows
@@ -2221,6 +2329,7 @@ Init_ossl_ssl(void)
@@ -2230,6 +2338,7 @@ Init_ossl_ssl(void)
rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1);
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);

6
patches/ruby/03_fallback_scsv.patch
View File

@ -31,10 +31,10 @@ index 9893757..bcb167e 100644
##
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index cc17a0c..9f7ee0b 100644
index 8bd198a..184c864 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -978,6 +978,31 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
@@ -985,6 +985,31 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return v;
}
@ -66,7 +66,7 @@ index cc17a0c..9f7ee0b 100644
#if !defined(OPENSSL_NO_EC)
/*
* call-seq:
@@ -2330,6 +2355,7 @@ Init_ossl_ssl(void)
@@ -2339,6 +2364,7 @@ Init_ossl_ssl(void)
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);

30
patches/ruby/04_multiple_certs.patch
View File

@ -1,11 +1,11 @@
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index bcb167e..5f688db 100644
index bcb167e..cd82e6d 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -70,7 +70,7 @@ class SSLContext
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
- INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
+ INIT_VARS = ["client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
@ -20,7 +20,7 @@ index bcb167e..5f688db 100644
INIT_VARS.each { |v| instance_variable_set v, nil }
self.options = self.options | OpenSSL::SSL::OP_ALL
return unless version
@@ -131,6 +132,22 @@ def set_params(params={})
@@ -131,6 +133,22 @@ def set_params(params={})
end
return params
end
@ -41,16 +41,16 @@ index bcb167e..5f688db 100644
+ self.keys.first
+ end
end
module SocketForwarder
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 9f7ee0b..9437793 100644
index 184c864..8f08918 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -36,8 +36,8 @@ VALUE cSSLSocket;
static VALUE eSSLErrorWaitReadable;
static VALUE eSSLErrorWaitWritable;
-#define ossl_sslctx_set_cert(o,v) rb_iv_set((o),"@cert",(v))
-#define ossl_sslctx_set_key(o,v) rb_iv_set((o),"@key",(v))
+#define ossl_sslctx_set_certs(o,v) rb_iv_set((o),"@certs",(v))
@ -61,7 +61,7 @@ index 9f7ee0b..9437793 100644
@@ -50,8 +50,8 @@ static VALUE eSSLErrorWaitWritable;
#define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v))
#define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v))
-#define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert")
-#define ossl_sslctx_get_key(o) rb_iv_get((o),"@key")
+#define ossl_sslctx_get_certs(o) rb_iv_get((o),"@certs")
@ -69,19 +69,19 @@ index 9f7ee0b..9437793 100644
#define ossl_sslctx_get_client_ca(o) rb_iv_get((o),"@client_ca")
#define ossl_sslctx_get_ca_file(o) rb_iv_get((o),"@ca_file")
#define ossl_sslctx_get_ca_path(o) rb_iv_get((o),"@ca_path")
@@ -713,7 +713,8 @@ ossl_sslctx_setup(VALUE self)
@@ -720,7 +720,8 @@ ossl_sslctx_setup(VALUE self)
char *ca_path = NULL, *ca_file = NULL;
int verify_mode;
long i;
- VALUE val;
+ VALUE val, val2;
+ int cert_defined = 0, key_defined = 0;
if(OBJ_FROZEN(self)) return Qnil;
GetSSLCTX(self, ctx);
@@ -761,19 +762,39 @@ ossl_sslctx_setup(VALUE self)
@@ -768,19 +769,39 @@ ossl_sslctx_setup(VALUE self)
}
/* private key may be bundled in certificate file. */
- val = ossl_sslctx_get_cert(self);
- cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */
@ -130,22 +130,22 @@ index 9f7ee0b..9437793 100644
if (!SSL_CTX_check_private_key(ctx)) {
ossl_raise(eSSLError, "SSL_CTX_check_private_key");
}
@@ -2128,14 +2149,14 @@ Init_ossl_ssl(void)
@@ -2137,14 +2158,14 @@ Init_ossl_ssl(void)
rb_define_alloc_func(cSSLContext, ossl_sslctx_s_alloc);
/*
- * Context certificate
+ * Context certificates
*/
- rb_attr(cSSLContext, rb_intern("cert"), 1, 1, Qfalse);
+ rb_attr(cSSLContext, rb_intern("certs"), 1, 1, Qfalse);
/*
- * Context private key
+ * Context private keys
*/
- rb_attr(cSSLContext, rb_intern("key"), 1, 1, Qfalse);
+ rb_attr(cSSLContext, rb_intern("keys"), 1, 1, Qfalse);
/*
* A certificate or Array of certificates that will be sent to the client.

68
patches/ruby/05_resolv_rr_length.patch.disabled
View File

@ -1,6 +1,8 @@
--- a/lib/resolv.rb 2017-10-29 13:02:49.280729153 +0100
+++ b/lib/resolv.rb 2017-10-29 13:02:37.340717366 +0100
@@ -1644,7 +1641,7 @@
diff --git a/lib/resolv.rb b/lib/resolv.rb
index c977584..93afebb 100644
--- a/lib/resolv.rb
+++ b/lib/resolv.rb
@@ -1677,7 +1677,7 @@ def get_rr
name = self.get_name
type, klass, ttl = self.get_unpack('nnN')
typeclass = Resource.get_class(type, klass)
@ -9,127 +11,127 @@
res.instance_variable_set :@ttl, ttl
return name, ttl, res
end
@@ -1659,7 +1656,7 @@
@@ -1692,7 +1692,7 @@ def encode_rdata(msg) # :nodoc:
raise EncodeError.new("#{self.class} is query.")
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, len) # :nodoc:
raise DecodeError.new("#{self.class} is query.")
end
end
@@ -1680,7 +1677,7 @@
@@ -1713,7 +1713,7 @@ def encode_rdata(msg) # :nodoc:
raise NotImplementedError.new
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, len) # :nodoc:
raise NotImplementedError.new
end
@@ -1737,7 +1734,7 @@
@@ -1770,7 +1770,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(data)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(msg.get_bytes)
end
@@ -1772,7 +1769,7 @@
@@ -1805,7 +1805,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@name)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(msg.get_name)
end
end
@@ -1860,7 +1857,7 @@
@@ -1893,7 +1893,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_pack('NNNNN', @serial, @refresh, @retry, @expire, @minimum)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
mname = msg.get_name
rname = msg.get_name
serial, refresh, retry_, expire, minimum = msg.get_unpack('NNNNN')
@@ -1906,7 +1903,7 @@
@@ -1939,7 +1939,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_string(@os)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
cpu = msg.get_string
os = msg.get_string
return self.new(cpu, os)
@@ -1940,7 +1937,7 @@
@@ -1973,7 +1973,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@emailbx)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
rmailbx = msg.get_string
emailbx = msg.get_string
return self.new(rmailbx, emailbx)
@@ -1978,7 +1975,7 @@
@@ -2011,7 +2011,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@exchange)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
preference, = msg.get_unpack('n')
exchange = msg.get_name
return self.new(preference, exchange)
@@ -2012,7 +2009,7 @@
@@ -2045,7 +2045,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_string_list(@strings)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
strings = msg.get_string_list
return self.new(*strings)
end
@@ -2089,7 +2086,7 @@
@@ -2122,7 +2122,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@altitude.altitude)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
version = msg.get_bytes(1)
ssize = msg.get_bytes(1)
hprecision = msg.get_bytes(1)
@@ -2159,7 +2156,7 @@
@@ -2192,7 +2192,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@address.address)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(IPv4.new(msg.get_bytes(4)))
end
end
@@ -2204,7 +2201,7 @@
@@ -2237,7 +2237,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@bitmap)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
address = IPv4.new(msg.get_bytes(4))
protocol, = msg.get_unpack("n")
bitmap = msg.get_bytes
@@ -2236,7 +2233,7 @@
@@ -2269,7 +2269,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_bytes(@address.address)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
return self.new(IPv6.new(msg.get_bytes(16)))
end
end
@@ -2306,7 +2303,7 @@
@@ -2339,7 +2339,7 @@ def encode_rdata(msg) # :nodoc:
msg.put_name(@target)
end
- def self.decode_rdata(msg) # :nodoc:
+ def self.decode_rdata(msg, _) # :nodoc:
priority, = msg.get_unpack("n")

Write Preview
Loading…
Cancel
Save