Bug #5548
closedOpenSSL::Engine can't load some old engines/new engines
Description
Current ext/openssl is missing a check for ENGINE_load_dynamic(),
and doesn't have checks/functions for new engines.
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 8d8cee3..8f13121 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -118,6 +118,8 @@ if have_header("openssl/engine.h")
have_func("ENGINE_get_digest")
have_func("ENGINE_get_cipher")
have_func("ENGINE_cleanup")
+
- have_func("ENGINE_load_dynamic")
have_func("ENGINE_load_4758cca")
have_func("ENGINE_load_aep")
have_func("ENGINE_load_atalla")
@@ -126,6 +128,12 @@ if have_header("openssl/engine.h")
have_func("ENGINE_load_nuron")
have_func("ENGINE_load_sureware")
have_func("ENGINE_load_ubsec") - have_func("ENGINE_load_padlock")
- have_func("ENGINE_load_capi")
- have_func("ENGINE_load_gmp")
- have_func("ENGINE_load_gost")
- have_func("ENGINE_load_cryptodev")
- have_func("ENGINE_load_aesni")
end
have_func("DH_generate_parameters_ex")
have_func("DSA_generate_parameters_ex")
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
index 79f51b8..829680c 100644
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@@ -64,29 +64,47 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
#if HAVE_ENGINE_LOAD_DYNAMIC
OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
#endif
-#if HAVE_ENGINE_LOAD_CSWIFT
- OSSL_ENGINE_LOAD_IF_MATCH(cswift);
+#if HAVE_ENGINE_LOAD_4758CCA
- OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
#endif
-#if HAVE_ENGINE_LOAD_CHIL
- OSSL_ENGINE_LOAD_IF_MATCH(chil);
+#if HAVE_ENGINE_LOAD_AEP
- OSSL_ENGINE_LOAD_IF_MATCH(aep);
#endif
#if HAVE_ENGINE_LOAD_ATALLA
OSSL_ENGINE_LOAD_IF_MATCH(atalla);
#endif
+#if HAVE_ENGINE_LOAD_CHIL - OSSL_ENGINE_LOAD_IF_MATCH(chil);
+#endif
+#if HAVE_ENGINE_LOAD_CSWIFT - OSSL_ENGINE_LOAD_IF_MATCH(cswift);
+#endif
#if HAVE_ENGINE_LOAD_NURON
OSSL_ENGINE_LOAD_IF_MATCH(nuron);
#endif
+#if HAVE_ENGINE_LOAD_SUREWARE - OSSL_ENGINE_LOAD_IF_MATCH(sureware);
+#endif
#if HAVE_ENGINE_LOAD_UBSEC
OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
#endif
-#if HAVE_ENGINE_LOAD_AEP
- OSSL_ENGINE_LOAD_IF_MATCH(aep);
+#if HAVE_ENGINE_LOAD_PADLOCK
- OSSL_ENGINE_LOAD_IF_MATCH(padlock);
#endif
-#if HAVE_ENGINE_LOAD_SUREWARE
- OSSL_ENGINE_LOAD_IF_MATCH(sureware);
+#if HAVE_ENGINE_LOAD_CAPI
- OSSL_ENGINE_LOAD_IF_MATCH(capi);
#endif
-#if HAVE_ENGINE_LOAD_4758CCA
- OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
+#if HAVE_ENGINE_LOAD_GMP
- OSSL_ENGINE_LOAD_IF_MATCH(gmp);
+#endif
+#if HAVE_ENGINE_LOAD_GOST - OSSL_ENGINE_LOAD_IF_MATCH(gost);
+#endif
+#if HAVE_ENGINE_LOAD_CRYPTODEV - OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);
+#endif
+#if HAVE_ENGINE_LOAD_AESNI - OSSL_ENGINE_LOAD_IF_MATCH(aesni);
#endif
#endif
#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
Updated by Anonymous over 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r33631.
Yui, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
- ext/openssl/extconf.rb:
- ext/openssl/ossl_engine.c: add some missing OpenSSL engines.
Thanks, Yui Naruse, for providing the patch!
[Bug #5548] [ruby-core:40670]
Updated by MartinBosslet (Martin Bosslet) over 12 years ago
One remaining question: where did you find ENGINE_load_aesni? I can't find it in my 1.0.0d sources...
Updated by naruse (Yui NARUSE) over 12 years ago
Martin Bosslet wrote:
One remaining question: where did you find ENGINE_load_aesni? I can't find it in my 1.0.0d sources...
I used a bundled openssl with NetBSD current.
But it seems removed in openssl CVS Head.
http://cvs.openssl.org/rlog?f=openssl/crypto/engine/eng_aesni.c
Updated by MartinBosslet (Martin Bosslet) over 12 years ago
Yui NARUSE wrote:
I used a bundled openssl with NetBSD current.
But it seems removed in openssl CVS Head.
http://cvs.openssl.org/rlog?f=openssl/crypto/engine/eng_aesni.c
I see, they integrated support directly with EVP now. Thanks for the link!
For now, I think it's OK to support it. Maybe users with older OpenSSL versions
would want to use it.