You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
340 lines
12 KiB
340 lines
12 KiB
From 7af808153dd34a980e027a04d4490ae38019b3ed Mon Sep 17 00:00:00 2001
|
|
From: Mark Wright <gienah@gentoo.org>
|
|
Date: Sun, 15 Oct 2017 01:24:12 +1100
|
|
Subject: [PATCH] Fix build failure against OpenSSL 1.1 built with
|
|
no-deprecated Thanks rhenium for the code review and fixes.
|
|
|
|
---
|
|
ext/openssl/openssl_missing.h | 4 +++
|
|
ext/openssl/ossl.c | 23 ++++++---------
|
|
ext/openssl/ossl.h | 5 ++++
|
|
ext/openssl/ossl_cipher.c | 14 ++++-----
|
|
ext/openssl/ossl_engine.c | 54 ++++++++++++++++++++++-------------
|
|
ext/openssl/ossl_ssl.c | 2 +-
|
|
ext/openssl/ossl_x509cert.c | 4 +--
|
|
ext/openssl/ossl_x509crl.c | 4 +--
|
|
8 files changed, 63 insertions(+), 47 deletions(-)
|
|
|
|
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
|
|
index cc31f6ac..debd25ad 100644
|
|
--- a/ext/openssl/openssl_missing.h
|
|
+++ b/ext/openssl/openssl_missing.h
|
|
@@ -209,6 +209,10 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
# define X509_get0_notAfter(x) X509_get_notAfter(x)
|
|
# define X509_CRL_get0_lastUpdate(x) X509_CRL_get_lastUpdate(x)
|
|
# define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x)
|
|
+# define X509_set1_notBefore(x, t) X509_set_notBefore(x, t)
|
|
+# define X509_set1_notAfter(x, t) X509_set_notAfter(x, t)
|
|
+# define X509_CRL_set1_lastUpdate(x, t) X509_CRL_set_lastUpdate(x, t)
|
|
+# define X509_CRL_set1_nextUpdate(x, t) X509_CRL_set_nextUpdate(x, t)
|
|
#endif
|
|
|
|
#if !defined(HAVE_SSL_SESSION_GET_PROTOCOL_VERSION)
|
|
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
|
|
index 93ecc7d4..245385e7 100644
|
|
--- a/ext/openssl/ossl.c
|
|
+++ b/ext/openssl/ossl.c
|
|
@@ -1109,25 +1109,14 @@ Init_openssl(void)
|
|
/*
|
|
* Init all digests, ciphers
|
|
*/
|
|
- /* CRYPTO_malloc_init(); */
|
|
- /* ENGINE_load_builtin_engines(); */
|
|
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
|
|
+ if (!OPENSSL_init_ssl(0, NULL))
|
|
+ rb_raise(rb_eRuntimeError, "OPENSSL_init_ssl");
|
|
+#else
|
|
OpenSSL_add_ssl_algorithms();
|
|
OpenSSL_add_all_algorithms();
|
|
ERR_load_crypto_strings();
|
|
SSL_load_error_strings();
|
|
-
|
|
- /*
|
|
- * FIXME:
|
|
- * On unload do:
|
|
- */
|
|
-#if 0
|
|
- CONF_modules_unload(1);
|
|
- destroy_ui_method();
|
|
- EVP_cleanup();
|
|
- ENGINE_cleanup();
|
|
- CRYPTO_cleanup_all_ex_data();
|
|
- ERR_remove_state(0);
|
|
- ERR_free_strings();
|
|
#endif
|
|
|
|
/*
|
|
@@ -1149,7 +1138,11 @@ Init_openssl(void)
|
|
/*
|
|
* Version of OpenSSL the ruby OpenSSL extension is running with
|
|
*/
|
|
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
|
|
+ rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
|
|
+#else
|
|
rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
|
|
+#endif
|
|
|
|
/*
|
|
* Version number of OpenSSL the ruby OpenSSL extension was built with
|
|
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
|
|
index f08889b2..5a15839c 100644
|
|
--- a/ext/openssl/ossl.h
|
|
+++ b/ext/openssl/ossl.h
|
|
@@ -35,6 +35,11 @@
|
|
#if !defined(OPENSSL_NO_OCSP)
|
|
# include <openssl/ocsp.h>
|
|
#endif
|
|
+#include <openssl/bn.h>
|
|
+#include <openssl/rsa.h>
|
|
+#include <openssl/dsa.h>
|
|
+#include <openssl/evp.h>
|
|
+#include <openssl/dh.h>
|
|
|
|
/*
|
|
* Common Module
|
|
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
|
|
index bfa76c1a..e6179733 100644
|
|
--- a/ext/openssl/ossl_cipher.c
|
|
+++ b/ext/openssl/ossl_cipher.c
|
|
@@ -508,9 +508,9 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
|
|
StringValue(iv);
|
|
GetCipher(self, ctx);
|
|
|
|
#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
|
|
- if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
+ if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
|
|
#endif
|
|
if (!iv_len)
|
|
iv_len = EVP_CIPHER_CTX_iv_length(ctx);
|
|
@@ -535,7 +535,7 @@ ossl_cipher_is_authenticated(VALUE self)
|
|
|
|
GetCipher(self, ctx);
|
|
|
|
#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
|
|
- return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
|
|
+ return (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
|
|
#else
|
|
return Qfalse;
|
|
#endif
|
|
@@ -606,7 +606,7 @@ ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
|
|
|
|
GetCipher(self, ctx);
|
|
|
|
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
|
|
|
|
ret = rb_str_new(NULL, tag_len);
|
|
@@ -641,7 +641,7 @@ ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
|
|
tag_len = RSTRING_LENINT(vtag);
|
|
|
|
GetCipher(self, ctx);
|
|
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
ossl_raise(eCipherError, "authentication tag not supported by this cipher");
|
|
|
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
|
|
@@ -668,7 +668,7 @@ ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
|
|
EVP_CIPHER_CTX *ctx;
|
|
|
|
GetCipher(self, ctx);
|
|
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
ossl_raise(eCipherError, "AEAD not supported by this cipher");
|
|
|
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
|
|
@@ -695,7 +695,7 @@ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
|
|
EVP_CIPHER_CTX *ctx;
|
|
|
|
GetCipher(self, ctx);
|
|
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
|
|
ossl_raise(eCipherError, "cipher does not support AEAD");
|
|
|
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
|
|
@@ -786,9 +786,9 @@ ossl_cipher_iv_length(VALUE self)
|
|
int len = 0;
|
|
|
|
GetCipher(self, ctx);
|
|
#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
|
|
- if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
+ if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
|
len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
|
|
#endif
|
|
if (!len)
|
|
len = EVP_CIPHER_CTX_iv_length(ctx);
|
|
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
|
|
index d69b5dca..5ca0d4ca 100644
|
|
--- a/ext/openssl/ossl_engine.c
|
|
+++ b/ext/openssl/ossl_engine.c
|
|
@@ -46,13 +46,25 @@ VALUE eEngineError;
|
|
/*
|
|
* Private
|
|
*/
|
|
-#define OSSL_ENGINE_LOAD_IF_MATCH(x) \
|
|
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
|
|
+#define OSSL_ENGINE_LOAD_IF_MATCH(engine_name, x) \
|
|
do{\
|
|
- if(!strcmp(#x, RSTRING_PTR(name))){\
|
|
- ENGINE_load_##x();\
|
|
+ if(!strcmp(#engine_name, RSTRING_PTR(name))){\
|
|
+ if (OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL))\
|
|
+ return Qtrue;\
|
|
+ else\
|
|
+ ossl_raise(eEngineError, "OPENSSL_init_crypto"); \
|
|
+ }\
|
|
+}while(0)
|
|
+#else
|
|
+#define OSSL_ENGINE_LOAD_IF_MATCH(engine_name, x) \
|
|
+do{\
|
|
+ if(!strcmp(#engine_name, RSTRING_PTR(name))){\
|
|
+ ENGINE_load_##engine_name();\
|
|
return Qtrue;\
|
|
}\
|
|
}while(0)
|
|
+#endif
|
|
|
|
static void
|
|
ossl_engine_free(void *engine)
|
|
@@ -94,55 +106,55 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
|
|
StringValueCStr(name);
|
|
#ifndef OPENSSL_NO_STATIC_ENGINE
|
|
#if HAVE_ENGINE_LOAD_DYNAMIC
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_4758CCA
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_AEP
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(aep);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(aep, AEP);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_ATALLA
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(atalla);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(atalla, ATALLA);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_CHIL
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(chil);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(chil, CHIL);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_CSWIFT
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(cswift);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(cswift, CSWIFT);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_NURON
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(nuron);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(nuron, NURON);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_SUREWARE
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(sureware);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(sureware, SUREWARE);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_UBSEC
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(ubsec, UBSEC);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_PADLOCK
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(padlock);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(padlock, PADLOCK);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_CAPI
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(capi);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(capi, CAPI);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_GMP
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(gmp);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(gmp, GMP);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_GOST
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(gost);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_CRYPTODEV
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV);
|
|
#endif
|
|
#if HAVE_ENGINE_LOAD_AESNI
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(aesni);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(aesni, AESNI);
|
|
#endif
|
|
#endif
|
|
#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto, OPENBSD_DEV_CRYPTO);
|
|
#endif
|
|
- OSSL_ENGINE_LOAD_IF_MATCH(openssl);
|
|
+ OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL);
|
|
rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
|
|
return Qnil;
|
|
#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
|
|
@@ -160,7 +172,9 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
|
|
static VALUE
|
|
ossl_engine_s_cleanup(VALUE self)
|
|
{
|
|
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
|
|
ENGINE_cleanup();
|
|
+#endif
|
|
return Qnil;
|
|
}
|
|
|
|
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
|
|
index 8e3c0c42..d32a299c 100644
|
|
--- a/ext/openssl/ossl_ssl.c
|
|
+++ b/ext/openssl/ossl_ssl.c
|
|
@@ -379,7 +379,7 @@ ossl_call_session_get_cb(VALUE ary)
|
|
|
|
/* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
|
|
static SSL_SESSION *
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
|
|
ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy)
|
|
#else
|
|
ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy)
|
|
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
|
|
index cf82a53d..8d16b9b7 100644
|
|
--- a/ext/openssl/ossl_x509cert.c
|
|
+++ b/ext/openssl/ossl_x509cert.c
|
|
@@ -440,7 +440,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time)
|
|
|
|
GetX509(self, x509);
|
|
asn1time = ossl_x509_time_adjust(NULL, time);
|
|
- if (!X509_set_notBefore(x509, asn1time)) {
|
|
+ if (!X509_set1_notBefore(x509, asn1time)) {
|
|
ASN1_TIME_free(asn1time);
|
|
ossl_raise(eX509CertError, "X509_set_notBefore");
|
|
}
|
|
@@ -479,7 +479,7 @@ ossl_x509_set_not_after(VALUE self, VALUE time)
|
|
|
|
GetX509(self, x509);
|
|
asn1time = ossl_x509_time_adjust(NULL, time);
|
|
- if (!X509_set_notAfter(x509, asn1time)) {
|
|
+ if (!X509_set1_notAfter(x509, asn1time)) {
|
|
ASN1_TIME_free(asn1time);
|
|
ossl_raise(eX509CertError, "X509_set_notAfter");
|
|
}
|
|
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
|
|
index 5ecd7ea0..45cf7fb4 100644
|
|
--- a/ext/openssl/ossl_x509crl.c
|
|
+++ b/ext/openssl/ossl_x509crl.c
|
|
@@ -226,7 +226,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
|
|
|
|
GetX509CRL(self, crl);
|
|
asn1time = ossl_x509_time_adjust(NULL, time);
|
|
- if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
|
|
+ if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
|
|
ASN1_TIME_free(asn1time);
|
|
ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
|
|
}
|
|
@@ -257,7 +257,7 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time)
|
|
|
|
GetX509CRL(self, crl);
|
|
asn1time = ossl_x509_time_adjust(NULL, time);
|
|
- if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
|
|
+ if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
|
|
ASN1_TIME_free(asn1time);
|
|
ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
|
|
}
|