Project

General

Profile

Actions

Bug #5548

closed

OpenSSL::Engine can't load some old engines/new engines

Added by naruse (Yui NARUSE) over 12 years ago. Updated over 12 years ago.

Status:
Closed
Target version:
-
ruby -v:
ruby 2.0.0dev (2011-11-01 trunk 33605) [i386-netbsdelf5.99.56]
Backport:
[ruby-core:40670]

Description

Current ext/openssl is missing a check for ENGINE_load_dynamic(),
and doesn't have checks/functions for new engines.

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 8d8cee3..8f13121 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -118,6 +118,8 @@ if have_header("openssl/engine.h")
have_func("ENGINE_get_digest")
have_func("ENGINE_get_cipher")
have_func("ENGINE_cleanup")
+

  • have_func("ENGINE_load_dynamic")
    have_func("ENGINE_load_4758cca")
    have_func("ENGINE_load_aep")
    have_func("ENGINE_load_atalla")
    @@ -126,6 +128,12 @@ if have_header("openssl/engine.h")
    have_func("ENGINE_load_nuron")
    have_func("ENGINE_load_sureware")
    have_func("ENGINE_load_ubsec")
  • have_func("ENGINE_load_padlock")
  • have_func("ENGINE_load_capi")
  • have_func("ENGINE_load_gmp")
  • have_func("ENGINE_load_gost")
  • have_func("ENGINE_load_cryptodev")
  • have_func("ENGINE_load_aesni")
    end
    have_func("DH_generate_parameters_ex")
    have_func("DSA_generate_parameters_ex")
    diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
    index 79f51b8..829680c 100644
    --- a/ext/openssl/ossl_engine.c
    +++ b/ext/openssl/ossl_engine.c
    @@ -64,29 +64,47 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
    #if HAVE_ENGINE_LOAD_DYNAMIC
    OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
    #endif
    -#if HAVE_ENGINE_LOAD_CSWIFT
  • OSSL_ENGINE_LOAD_IF_MATCH(cswift);
    +#if HAVE_ENGINE_LOAD_4758CCA
  • OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
    #endif
    -#if HAVE_ENGINE_LOAD_CHIL
  • OSSL_ENGINE_LOAD_IF_MATCH(chil);
    +#if HAVE_ENGINE_LOAD_AEP
  • OSSL_ENGINE_LOAD_IF_MATCH(aep);
    #endif
    #if HAVE_ENGINE_LOAD_ATALLA
    OSSL_ENGINE_LOAD_IF_MATCH(atalla);
    #endif
    +#if HAVE_ENGINE_LOAD_CHIL
  • OSSL_ENGINE_LOAD_IF_MATCH(chil);
    +#endif
    +#if HAVE_ENGINE_LOAD_CSWIFT
  • OSSL_ENGINE_LOAD_IF_MATCH(cswift);
    +#endif
    #if HAVE_ENGINE_LOAD_NURON
    OSSL_ENGINE_LOAD_IF_MATCH(nuron);
    #endif
    +#if HAVE_ENGINE_LOAD_SUREWARE
  • OSSL_ENGINE_LOAD_IF_MATCH(sureware);
    +#endif
    #if HAVE_ENGINE_LOAD_UBSEC
    OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
    #endif
    -#if HAVE_ENGINE_LOAD_AEP
  • OSSL_ENGINE_LOAD_IF_MATCH(aep);
    +#if HAVE_ENGINE_LOAD_PADLOCK
  • OSSL_ENGINE_LOAD_IF_MATCH(padlock);
    #endif
    -#if HAVE_ENGINE_LOAD_SUREWARE
  • OSSL_ENGINE_LOAD_IF_MATCH(sureware);
    +#if HAVE_ENGINE_LOAD_CAPI
  • OSSL_ENGINE_LOAD_IF_MATCH(capi);
    #endif
    -#if HAVE_ENGINE_LOAD_4758CCA
  • OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
    +#if HAVE_ENGINE_LOAD_GMP
  • OSSL_ENGINE_LOAD_IF_MATCH(gmp);
    +#endif
    +#if HAVE_ENGINE_LOAD_GOST
  • OSSL_ENGINE_LOAD_IF_MATCH(gost);
    +#endif
    +#if HAVE_ENGINE_LOAD_CRYPTODEV
  • OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);
    +#endif
    +#if HAVE_ENGINE_LOAD_AESNI
  • OSSL_ENGINE_LOAD_IF_MATCH(aesni);
    #endif
    #endif
    #ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
Actions #1

Updated by Anonymous over 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r33631.
Yui, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • ext/openssl/extconf.rb:
  • ext/openssl/ossl_engine.c: add some missing OpenSSL engines.
    Thanks, Yui Naruse, for providing the patch!
    [Bug #5548] [ruby-core:40670]

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

One remaining question: where did you find ENGINE_load_aesni? I can't find it in my 1.0.0d sources...

Updated by naruse (Yui NARUSE) over 12 years ago

Martin Bosslet wrote:

One remaining question: where did you find ENGINE_load_aesni? I can't find it in my 1.0.0d sources...

I used a bundled openssl with NetBSD current.
But it seems removed in openssl CVS Head.
http://cvs.openssl.org/rlog?f=openssl/crypto/engine/eng_aesni.c

Updated by MartinBosslet (Martin Bosslet) over 12 years ago

Yui NARUSE wrote:

I used a bundled openssl with NetBSD current.
But it seems removed in openssl CVS Head.
http://cvs.openssl.org/rlog?f=openssl/crypto/engine/eng_aesni.c

I see, they integrated support directly with EVP now. Thanks for the link!
For now, I think it's OK to support it. Maybe users with older OpenSSL versions
would want to use it.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0