Merge branch 'maint-2.0' into maint

* maint-2.0:
  Ruby/OpenSSL 2.0.8
  test/test_ssl_session: set client protocol version explicitly
  test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
  extconf.rb: fix build with LibreSSL 2.7.0
  cipher: validate iterations argument for Cipher#pkcs5_keyivgen
  test/utils: disable Thread's report_on_exception in start_server

2 files changed, 6 insertions, 1 deletions

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 5212903b..4242f044 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -122,8 +122,11 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
 have_func("SSL_is_server")
 
 # added in 1.1.0
+if !have_struct_member("SSL", "ctx", "openssl/ssl.h") ||
+    try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h")
+  $defs.push("-DHAVE_OPAQUE_OPENSSL")
+end
 have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
-have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
 have_func("BN_GENCB_new")
 have_func("BN_GENCB_free")
 have_func("BN_GENCB_get_arg")
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 3038a766..0840c84a 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -317,6 +317,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self)
 	salt = (unsigned char *)RSTRING_PTR(vsalt);
     }
     iter = NIL_P(viter) ? 2048 : NUM2INT(viter);
+    if (iter <= 0)
+	rb_raise(rb_eArgError, "iterations must be a positive integer");
     digest = NIL_P(vdigest) ? EVP_md5() : ossl_evp_get_digestbyname(vdigest);
     GetCipher(self, ctx);
     EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt,