Project

General

Profile

Bug #12324 ยป interdiff-v1-v2.patch

rhenium (Kazuki Yamaguchi), 05/05/2016 09:56 AM

View differences:

ext/openssl/deprecation.rb
16 16
  end
17 17

  
18 18
  def self.check_func(func, header)
19
    have_func(func, header, deprecated_warning_flag) and
20
      have_header(header, nil, deprecated_warning_flag)
19
    have_func(func, header, deprecated_warning_flag)
20
  end
21

  
22
  def self.check_func_or_macro(func, header)
23
    check_func(func, header) or
24
      have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
21 25
  end
22 26
end
ext/openssl/extconf.rb
19 19

  
20 20
Logging::message "=== OpenSSL for Ruby configurator ===\n"
21 21

  
22
# Add -Werror=deprecated-declarations to $warnflags if available
23
OpenSSL.deprecated_warning_flag
24

  
22 25
##
23 26
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
24 27
# To turn it on, use: --with-debug or --enable-debug
25 28
#
26 29
if with_config("debug") or enable_config("debug")
27
  $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
30
  $defs.push("-DOSSL_DEBUG")
28 31
end
29 32

  
30 33
Logging::message "=== Checking for system dependent stuff... ===\n"
......
39 42
end
40 43

  
41 44
result = pkg_config("openssl") && have_header("openssl/ssl.h")
42

  
43 45
unless result
44 46
  result = have_header("openssl/ssl.h")
45 47
  result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
......
51 53
  end
52 54
end
53 55

  
54
unless checking_for("OpenSSL version is 0.9.8 or later") {
55
    try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h") }
56
result = checking_for("OpenSSL version is 0.9.8 or later") {
57
  try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
58
}
59
unless result
56 60
  raise "OpenSSL 0.9.8 or later is required."
57 61
end
62

  
58 63
unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
59 64
  raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
60 65
end
61 66

  
62 67
Logging::message "=== Checking for OpenSSL features... ===\n"
63
def have_func_like(name, header)
64
  have_func(name, [header]) ||
65
    have_macro(name, [header]) && $defs.push("-DHAVE_#{name.upcase}")
66
end
67

  
68 68
# compile options
69 69
have_func("SSLv2_method")
70 70
have_func("SSLv3_method")
71 71
have_func("TLSv1_1_method")
72 72
have_func("TLSv1_2_method")
73 73
have_func("RAND_egd")
74
# ENGINE_load_xx is deprecated in OpenSSL 1.1.0 and become a macro
75 74
engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
76 75
             cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
77 76
engines.each { |name|
78
  have_func_like("ENGINE_load_#{name}", "openssl/engine.h")
77
  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
79 78
}
80 79

  
81 80
# added in 0.9.8X
82 81
have_func("EVP_CIPHER_CTX_new")
83 82
have_func("EVP_CIPHER_CTX_free")
84
have_func_like("SSL_CTX_clear_options", "openssl/ssl.h")
83
OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
85 84

  
86 85
# added in 1.0.0
87 86
have_func("EVP_CIPHER_CTX_copy")
......
91 90
have_func("X509_NAME_hash_old")
92 91
have_func("X509_STORE_CTX_get0_current_crl")
93 92
have_func("X509_STORE_set_verify_cb")
94
have_func_like("SSL_set_tlsext_host_name", "openssl/ssl.h")
93
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
95 94
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
96 95

  
97 96
# added in 1.0.1
......
105 104
have_func("X509_STORE_CTX_get0_store")
106 105
have_func("SSL_is_server");
107 106
have_func("SSL_CTX_set_alpn_select_cb")
108
have_func_like("SSL_CTX_set1_curves_list", "openssl/ssl.h")
109
have_func_like("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
110
have_func_like("SSL_get_server_tmp_key", "openssl/ssl.h")
107
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
108
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
109
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
111 110

  
112 111
# added in 1.1.0
113 112
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
......
120 119
have_func("HMAC_CTX_new")
121 120
have_func("HMAC_CTX_free")
122 121
have_func("HMAC_CTX_reset")
123
have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations") # deprecated
122
OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
124 123
have_func("X509_STORE_get_ex_data")
124
have_func("X509_STORE_set_ex_data")
125 125
have_func("X509_CRL_get0_signature")
126 126
have_func("X509_REQ_get0_signature")
127 127
have_func("X509_REVOKED_get0_serialNumber")
......
135 135
have_func("X509_CRL_up_ref")
136 136
have_func("X509_STORE_up_ref")
137 137
have_func("SSL_CTX_get_ciphers")
138
have_func("SSL_CTX_get_security_level")
139
have_func_like("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
140
have_func_like("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
141 138
have_func("SSL_SESSION_up_ref")
142 139
have_func("EVP_PKEY_up_ref")
143
have_func("ENGINE_cleanup") # removed
140
have_func("SSL_CTX_get_security_level")
141
OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
142
OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
144 143

  
145 144
Logging::message "=== Checking done. ===\n"
146 145

  
ext/openssl/openssl_missing.c
18 18

  
19 19
#include "openssl_missing.h"
20 20

  
21
/*** added in 0.9.8X ***/
21
/* added in 0.9.8X */
22 22
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
23 23
EVP_CIPHER_CTX *
24 24
EVP_CIPHER_CTX_new(void)
......
40 40
}
41 41
#endif
42 42

  
43
/*** added in 1.0.0 ***/
43
/* added in 1.0.0 */
44 44
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
45 45
/*
46 46
 * this function does not exist in OpenSSL yet... or ever?.
......
68 68
int
69 69
HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
70 70
{
71
    if (!out || !in)
72
	return 0;
73

  
71 74
    memcpy(out, in, sizeof(HMAC_CTX));
72 75

  
73 76
    EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
......
76 79

  
77 80
    return 1;
78 81
}
79
#endif
80

  
81
/*** added in 1.0.1 ***/
82
#endif /* HAVE_HMAC_CTX_COPY */
82 83

  
83
/*** added in 1.0.2 ***/
84
/* added in 1.0.2 */
84 85
#if !defined(HAVE_CRYPTO_MEMCMP)
85 86
int
86 87
CRYPTO_memcmp(const volatile void * volatile in_a,
ext/openssl/openssl_missing.h
10 10
#if !defined(_OSSL_OPENSSL_MISSING_H_)
11 11
#define _OSSL_OPENSSL_MISSING_H_
12 12

  
13
#if defined(__cplusplus)
14
extern "C" {
15
#endif
16

  
17
/*** added in 0.9.8X ***/
13
/* added in 0.9.8X */
18 14
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
19 15
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
20 16
#endif
......
28 24
	(ctx)->options &= ~(op); while (0)
29 25
#endif
30 26

  
31
/*** added in 1.0.0 ***/
27
/* added in 1.0.0 */
32 28
#if !defined(HAVE_EVP_PKEY_BASE_ID)
33 29
#  define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type)
34 30
#endif
......
49 45
#  define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func
50 46
#endif
51 47

  
52
/*** added in 1.0.1 ***/
53
/*** added in 1.0.2 ***/
48
/* added in 1.0.2 */
54 49
#if !defined(HAVE_CRYPTO_MEMCMP)
55 50
int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
56 51
#endif
......
74 69
#  define SSL_is_server(s) ((s)->server)
75 70
#endif
76 71

  
77
/*** added in 1.1.0 ***/
72
/* added in 1.1.0 */
78 73
#if !defined(HAVE_BN_GENCB_NEW)
79 74
#  define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
80 75
#endif
......
108 103
#endif
109 104

  
110 105
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
111
#  define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
112
	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
113 106
#  define X509_STORE_get_ex_data(x, idx) \
114 107
	CRYPTO_get_ex_data(&(x)->ex_data, idx)
108
#endif
109

  
110
#if !defined(HAVE_X509_STORE_SET_EX_DATA)
115 111
#  define X509_STORE_set_ex_data(x, idx, data) \
116 112
	CRYPTO_set_ex_data(&(x)->ex_data, idx, data)
113
#  define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
114
	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
117 115
#endif
118 116

  
119 117
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
......
264 262
#endif
265 263
#endif
266 264

  
267
#if defined(__cplusplus)
268
}
269
#endif
270

  
271 265
#endif /* _OSSL_OPENSSL_MISSING_H_ */
ext/openssl/ossl.h
12 12

  
13 13
#include RUBY_EXTCONF_H
14 14

  
15
#if defined(__cplusplus)
16
extern "C" {
17
#endif
18

  
19 15
#if 0
20 16
  mOSSL = rb_define_module("OpenSSL");
21 17
  mX509 = rb_define_module_under(mOSSL, "X509");
......
57 53
#include <openssl/rand.h>
58 54
#include <openssl/conf.h>
59 55
#include <openssl/conf_api.h>
60
#include <openssl/ocsp.h>
56
#if !defined(OPENSSL_NO_OCSP)
57
#  include <openssl/ocsp.h>
58
#endif
61 59
#if !defined(_WIN32)
62 60
#  include <openssl/crypto.h>
63 61
#endif
......
223 221

  
224 222
void Init_openssl(void);
225 223

  
226
#if defined(__cplusplus)
227
}
228
#endif
229

  
230 224
#endif /* _OSSL_H_ */
ext/openssl/ossl_engine.c
160 160
 * It is only necessary to run cleanup when engines are loaded via
161 161
 * OpenSSL::Engine.load. However, running cleanup before exit is recommended.
162 162
 *
163
 * If you are using OpenSSL 1.1.0 or newer, this method is no-op.
163
 * Note that this method is no-op if using OpenSSL 1.1.0 or newer.
164 164
 *
165 165
 * See also, https://www.openssl.org/docs/crypto/engine.html
166 166
 */
167 167
static VALUE
168 168
ossl_engine_s_cleanup(VALUE self)
169 169
{
170
#if defined(HAVE_ENGINE_CLEANUP)
171 170
    ENGINE_cleanup();
172
#endif
173 171
    return Qnil;
174 172
}
175 173

  
ext/openssl/ossl_ocsp.c
10 10
 */
11 11
#include "ossl.h"
12 12

  
13
#if !defined(OPENSSL_NO_OCSP)
14

  
13 15
#define NewOCSPReq(klass) \
14 16
    TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0)
15 17
#define SetOCSPReq(obj, req) do { \
......
1249 1251
    /* The responder ID is based on the public key. */
1250 1252
    rb_define_const(mOCSP, "V_RESPID_KEY", INT2NUM(V_OCSP_RESPID_KEY));
1251 1253
}
1254

  
1255
#else
1256
void
1257
Init_ossl_ocsp(void)
1258
{
1259
}
1260
#endif
ext/openssl/ossl_ssl.c
84 84
 */
85 85
static const struct {
86 86
    const char *name;
87
    const SSL_METHOD *(*func)(void);
87
    SSL_METHOD *(*func)(void); /* FIXME: constify when dropping 0.9.8 */
88 88
    int version;
89 89
} ossl_ssl_method_tab[] = {
90 90
#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)
91 91
/* OpenSSL 1.1.0; version specific method is deprecated */
92 92
#define OSSL_SSL_METHOD_ENTRY(name, version) \
93
    { #name,          TLS_method, version }, \
94
    { #name"_server", TLS_server_method, version }, \
95
    { #name"_client", TLS_client_method, version }
93
    { #name,          (SSL_METHOD *(*)(void))TLS_method, version }, \
94
    { #name"_server", (SSL_METHOD *(*)(void))TLS_server_method, version }, \
95
    { #name"_client", (SSL_METHOD *(*)(void))TLS_client_method, version }
96 96
#else
97 97
#define OSSL_SSL_METHOD_ENTRY(name, version) \
98
    { #name,          name##_method, version }, \
99
    { #name"_server", name##_server_method, version }, \
100
    { #name"_client", name##_client_method, version }
98
    { #name,          (SSL_METHOD *(*)(void))name##_method, version }, \
99
    { #name"_server", (SSL_METHOD *(*)(void))name##_server_method, version }, \
100
    { #name"_client", (SSL_METHOD *(*)(void))name##_client_method, version }
101 101
#endif
102 102
#if defined(HAVE_SSLV2_METHOD)
103 103
    OSSL_SSL_METHOD_ENTRY(SSLv2, SSL2_VERSION),
......
184 184
    s = StringValueCStr(m);
185 185
    for (i = 0; i < numberof(ossl_ssl_method_tab); i++) {
186 186
        if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) {
187
            SSL_METHOD *method = (SSL_METHOD *)ossl_ssl_method_tab[i].func();
187
            SSL_METHOD *method = ossl_ssl_method_tab[i].func();
188 188
#if defined(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)
189 189
	    int version = ossl_ssl_method_tab[i].version;
190 190
#endif
......
1019 1019
 *    ctx.security_level = 0
1020 1020
 *    ctx.security_level = 5
1021 1021
 *
1022
 * Sets the security level for this context. This is new in OpenSSL 1.1.0 and
1023
 * no-op if using older OpenSSL.
1022
 * Sets the security level for this context. This is new in OpenSSL 1.1.0.
1023
 * If using older OpenSSL, setting a value other than 0 raises
1024
 * NotImplementedError.
1025
 *
1026
 * See the manpage of SSL_CTX_set_security_level(3) for details.
1024 1027
 */
1025 1028
static VALUE
1026 1029
ossl_sslctx_set_security_level(VALUE self, VALUE v)
......
1035 1038

  
1036 1039
#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL)
1037 1040
    SSL_CTX_set_security_level(ctx, NUM2INT(v));
1041
#else
1042
    if (NUM2INT(v) != 0)
1043
	ossl_raise(rb_eNotImpError, "setting security level != 0 is not "
1044
		   "supported in this version of OpenSSL");
1038 1045
#endif
1039 1046

  
1040 1047
    return v;