Project

General

Profile

Bug #12324 » interdiff-v1-v2.patch

rhenium (Kazuki Yamaguchi), 05/05/2016 09:56 AM

View differences:

ext/openssl/deprecation.rb
end
def self.check_func(func, header)
have_func(func, header, deprecated_warning_flag) and
have_header(header, nil, deprecated_warning_flag)
have_func(func, header, deprecated_warning_flag)
end
def self.check_func_or_macro(func, header)
check_func(func, header) or
have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
end
end
ext/openssl/extconf.rb
Logging::message "=== OpenSSL for Ruby configurator ===\n"
# Add -Werror=deprecated-declarations to $warnflags if available
OpenSSL.deprecated_warning_flag
##
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
# To turn it on, use: --with-debug or --enable-debug
#
if with_config("debug") or enable_config("debug")
$defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
$defs.push("-DOSSL_DEBUG")
end
Logging::message "=== Checking for system dependent stuff... ===\n"
......
end
result = pkg_config("openssl") && have_header("openssl/ssl.h")
unless result
result = have_header("openssl/ssl.h")
result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
......
end
end
unless checking_for("OpenSSL version is 0.9.8 or later") {
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h") }
result = checking_for("OpenSSL version is 0.9.8 or later") {
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
}
unless result
raise "OpenSSL 0.9.8 or later is required."
end
unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
end
Logging::message "=== Checking for OpenSSL features... ===\n"
def have_func_like(name, header)
have_func(name, [header]) ||
have_macro(name, [header]) && $defs.push("-DHAVE_#{name.upcase}")
end
# compile options
have_func("SSLv2_method")
have_func("SSLv3_method")
have_func("TLSv1_1_method")
have_func("TLSv1_2_method")
have_func("RAND_egd")
# ENGINE_load_xx is deprecated in OpenSSL 1.1.0 and become a macro
engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
engines.each { |name|
have_func_like("ENGINE_load_#{name}", "openssl/engine.h")
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
}
# added in 0.9.8X
have_func("EVP_CIPHER_CTX_new")
have_func("EVP_CIPHER_CTX_free")
have_func_like("SSL_CTX_clear_options", "openssl/ssl.h")
OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
# added in 1.0.0
have_func("EVP_CIPHER_CTX_copy")
......
have_func("X509_NAME_hash_old")
have_func("X509_STORE_CTX_get0_current_crl")
have_func("X509_STORE_set_verify_cb")
have_func_like("SSL_set_tlsext_host_name", "openssl/ssl.h")
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
# added in 1.0.1
......
have_func("X509_STORE_CTX_get0_store")
have_func("SSL_is_server");
have_func("SSL_CTX_set_alpn_select_cb")
have_func_like("SSL_CTX_set1_curves_list", "openssl/ssl.h")
have_func_like("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
have_func_like("SSL_get_server_tmp_key", "openssl/ssl.h")
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
# added in 1.1.0
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
......
have_func("HMAC_CTX_new")
have_func("HMAC_CTX_free")
have_func("HMAC_CTX_reset")
have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations") # deprecated
OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
have_func("X509_CRL_get0_signature")
have_func("X509_REQ_get0_signature")
have_func("X509_REVOKED_get0_serialNumber")
......
have_func("X509_CRL_up_ref")
have_func("X509_STORE_up_ref")
have_func("SSL_CTX_get_ciphers")
have_func("SSL_CTX_get_security_level")
have_func_like("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
have_func_like("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
have_func("SSL_SESSION_up_ref")
have_func("EVP_PKEY_up_ref")
have_func("ENGINE_cleanup") # removed
have_func("SSL_CTX_get_security_level")
OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
Logging::message "=== Checking done. ===\n"
ext/openssl/openssl_missing.c
#include "openssl_missing.h"
/*** added in 0.9.8X ***/
/* added in 0.9.8X */
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
EVP_CIPHER_CTX *
EVP_CIPHER_CTX_new(void)
......
}
#endif
/*** added in 1.0.0 ***/
/* added in 1.0.0 */
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
/*
* this function does not exist in OpenSSL yet... or ever?.
......
int
HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
if (!out || !in)
return 0;
memcpy(out, in, sizeof(HMAC_CTX));
EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
......
return 1;
}
#endif
/*** added in 1.0.1 ***/
#endif /* HAVE_HMAC_CTX_COPY */
/*** added in 1.0.2 ***/
/* added in 1.0.2 */
#if !defined(HAVE_CRYPTO_MEMCMP)
int
CRYPTO_memcmp(const volatile void * volatile in_a,
ext/openssl/openssl_missing.h
#if !defined(_OSSL_OPENSSL_MISSING_H_)
#define _OSSL_OPENSSL_MISSING_H_
#if defined(__cplusplus)
extern "C" {
#endif
/*** added in 0.9.8X ***/
/* added in 0.9.8X */
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
#endif
......
(ctx)->options &= ~(op); while (0)
#endif
/*** added in 1.0.0 ***/
/* added in 1.0.0 */
#if !defined(HAVE_EVP_PKEY_BASE_ID)
# define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type)
#endif
......
# define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func
#endif
/*** added in 1.0.1 ***/
/*** added in 1.0.2 ***/
/* added in 1.0.2 */
#if !defined(HAVE_CRYPTO_MEMCMP)
int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
#endif
......
# define SSL_is_server(s) ((s)->server)
#endif
/*** added in 1.1.0 ***/
/* added in 1.1.0 */
#if !defined(HAVE_BN_GENCB_NEW)
# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
#endif
......
#endif
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
# define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
# define X509_STORE_get_ex_data(x, idx) \
CRYPTO_get_ex_data(&(x)->ex_data, idx)
#endif
#if !defined(HAVE_X509_STORE_SET_EX_DATA)
# define X509_STORE_set_ex_data(x, idx, data) \
CRYPTO_set_ex_data(&(x)->ex_data, idx, data)
# define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
#endif
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
......
#endif
#endif
#if defined(__cplusplus)
}
#endif
#endif /* _OSSL_OPENSSL_MISSING_H_ */
ext/openssl/ossl.h
#include RUBY_EXTCONF_H
#if defined(__cplusplus)
extern "C" {
#endif
#if 0
mOSSL = rb_define_module("OpenSSL");
mX509 = rb_define_module_under(mOSSL, "X509");
......
#include <openssl/rand.h>
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include <openssl/ocsp.h>
#if !defined(OPENSSL_NO_OCSP)
# include <openssl/ocsp.h>
#endif
#if !defined(_WIN32)
# include <openssl/crypto.h>
#endif
......
void Init_openssl(void);
#if defined(__cplusplus)
}
#endif
#endif /* _OSSL_H_ */
ext/openssl/ossl_engine.c
* It is only necessary to run cleanup when engines are loaded via
* OpenSSL::Engine.load. However, running cleanup before exit is recommended.
*
* If you are using OpenSSL 1.1.0 or newer, this method is no-op.
* Note that this method is no-op if using OpenSSL 1.1.0 or newer.
*
* See also, https://www.openssl.org/docs/crypto/engine.html
*/
static VALUE
ossl_engine_s_cleanup(VALUE self)
{
#if defined(HAVE_ENGINE_CLEANUP)
ENGINE_cleanup();
#endif
return Qnil;
}
ext/openssl/ossl_ocsp.c
*/
#include "ossl.h"
#if !defined(OPENSSL_NO_OCSP)
#define NewOCSPReq(klass) \
TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0)
#define SetOCSPReq(obj, req) do { \
......
/* The responder ID is based on the public key. */
rb_define_const(mOCSP, "V_RESPID_KEY", INT2NUM(V_OCSP_RESPID_KEY));
}
#else
void
Init_ossl_ocsp(void)
{
}
#endif
ext/openssl/ossl_ssl.c
*/
static const struct {
const char *name;
const SSL_METHOD *(*func)(void);
SSL_METHOD *(*func)(void); /* FIXME: constify when dropping 0.9.8 */
int version;
} ossl_ssl_method_tab[] = {
#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)
/* OpenSSL 1.1.0; version specific method is deprecated */
#define OSSL_SSL_METHOD_ENTRY(name, version) \
{ #name, TLS_method, version }, \
{ #name"_server", TLS_server_method, version }, \
{ #name"_client", TLS_client_method, version }
{ #name, (SSL_METHOD *(*)(void))TLS_method, version }, \
{ #name"_server", (SSL_METHOD *(*)(void))TLS_server_method, version }, \
{ #name"_client", (SSL_METHOD *(*)(void))TLS_client_method, version }
#else
#define OSSL_SSL_METHOD_ENTRY(name, version) \
{ #name, name##_method, version }, \
{ #name"_server", name##_server_method, version }, \
{ #name"_client", name##_client_method, version }
{ #name, (SSL_METHOD *(*)(void))name##_method, version }, \
{ #name"_server", (SSL_METHOD *(*)(void))name##_server_method, version }, \
{ #name"_client", (SSL_METHOD *(*)(void))name##_client_method, version }
#endif
#if defined(HAVE_SSLV2_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv2, SSL2_VERSION),
......
s = StringValueCStr(m);
for (i = 0; i < numberof(ossl_ssl_method_tab); i++) {
if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) {
SSL_METHOD *method = (SSL_METHOD *)ossl_ssl_method_tab[i].func();
SSL_METHOD *method = ossl_ssl_method_tab[i].func();
#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)
int version = ossl_ssl_method_tab[i].version;
#endif
......
* ctx.security_level = 0
* ctx.security_level = 5
*
* Sets the security level for this context. This is new in OpenSSL 1.1.0 and
* no-op if using older OpenSSL.
* Sets the security level for this context. This is new in OpenSSL 1.1.0.
* If using older OpenSSL, setting a value other than 0 raises
* NotImplementedError.
*
* See the manpage of SSL_CTX_set_security_level(3) for details.
*/
static VALUE
ossl_sslctx_set_security_level(VALUE self, VALUE v)
......
#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL)
SSL_CTX_set_security_level(ctx, NUM2INT(v));
#else
if (NUM2INT(v) != 0)
ossl_raise(rb_eNotImpError, "setting security level != 0 is not "
"supported in this version of OpenSSL");
#endif
return v;
(3-3/5)