From 8bb519b11cacd65b6043e5cde007f0765049d283 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Mon, 2 Jul 2018 21:28:57 +0900
Subject: pkey: resume key generation after interrupt

Key/parameter generation (OpenSSL::PKey::*.{new,generate}) immediately
aborts when it is done with GVL released (in other words, no block is
given) and the thread is interrupted (e.g., by a signal) during the
operation.

Have ossl_generate_cb_2() acquire GVL and call rb_thread_check_ints()
if needed to process the pending interrupt rather than abort the
operation completely by returning 0.

Reference: https://bugs.ruby-lang.org/issues/14882
---
 ext/openssl/ossl_pkey.c | 28 +++++++++++++++++++++++++---
 ext/openssl/ossl_pkey.h |  2 +-
 2 files changed, 26 insertions(+), 4 deletions(-)

(limited to 'ext/openssl')

diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index aad3e2e4..962964ee 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -20,6 +20,21 @@ static ID id_private_q;
 /*
  * callback for generating keys
  */
+static VALUE
+call_check_ints0(VALUE arg)
+{
+    rb_thread_check_ints();
+    return Qnil;
+}
+
+static void *
+call_check_ints(void *arg)
+{
+    int state;
+    rb_protect(call_check_ints0, Qnil, &state);
+    return (void *)(VALUE)state;
+}
+
 int
 ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
 {
@@ -38,11 +53,18 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
 	*/
 	rb_protect(rb_yield, ary, &state);
 	if (state) {
-	    arg->stop = 1;
 	    arg->state = state;
+	    return 0;
+	}
+    }
+    if (arg->interrupted) {
+	arg->interrupted = 0;
+	state = (int)(VALUE)rb_thread_call_with_gvl(call_check_ints, NULL);
+	if (state) {
+	    arg->state = state;
+	    return 0;
 	}
     }
-    if (arg->stop) return 0;
     return 1;
 }
 
@@ -50,7 +72,7 @@ void
 ossl_generate_cb_stop(void *ptr)
 {
     struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
-    arg->stop = 1;
+    arg->interrupted = 1;
 }
 
 static void
diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h
index a0b49744..5c8ccc0f 100644
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@@ -41,7 +41,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
 
 struct ossl_generate_cb_arg {
     int yield;
-    int stop;
+    int interrupted;
     int state;
 };
 int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
-- 
cgit v1.2.3


From 0e63f932579aa0f9b88e0e6bc45383ab0a1140b9 Mon Sep 17 00:00:00 2001
From: nobu <nobu@ruby-lang.org>
Date: Fri, 16 Feb 2018 08:39:48 +0000
Subject: no ID cache in Init functions

Init functions are called only once, cache is useless.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r62429
---
 ext/openssl/ossl.c           | 1 +
 ext/openssl/ossl_asn1.c      | 1 +
 ext/openssl/ossl_pkcs12.c    | 1 +
 ext/openssl/ossl_pkcs7.c     | 1 +
 ext/openssl/ossl_pkey.c      | 1 +
 ext/openssl/ossl_pkey_ec.c   | 1 +
 ext/openssl/ossl_x509ext.c   | 1 +
 ext/openssl/ossl_x509name.c  | 1 +
 ext/openssl/ossl_x509store.c | 1 +
 9 files changed, 9 insertions(+)

(limited to 'ext/openssl')

diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 88bb8f21..9776f61d 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -1078,6 +1078,7 @@ static void Init_ossl_locks(void)
 void
 Init_openssl(void)
 {
+#undef rb_intern
     /*
      * Init timezone info
      */
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 02255973..9053643e 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1412,6 +1412,7 @@ OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
 void
 Init_ossl_asn1(void)
 {
+#undef rb_intern
     VALUE ary;
     int i;
 
diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c
index 8502a6de..c90a7237 100644
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@@ -237,6 +237,7 @@ ossl_pkcs12_to_der(VALUE self)
 void
 Init_ossl_pkcs12(void)
 {
+#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 40cc5f23..c18dff14 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -1054,6 +1054,7 @@ ossl_pkcs7ri_get_enc_key(VALUE self)
 void
 Init_ossl_pkcs7(void)
 {
+#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index aad3e2e4..cae7b475 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -389,6 +389,7 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
 void
 Init_ossl_pkey(void)
 {
+#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 5262d3b2..201b7dff 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -1676,6 +1676,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
 
 void Init_ossl_ec(void)
 {
+#undef rb_intern
 #if 0
     mPKey = rb_define_module_under(mOSSL, "PKey");
     cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject);
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
index b92b0786..a6184d32 100644
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@@ -441,6 +441,7 @@ ossl_x509ext_to_der(VALUE obj)
 void
 Init_ossl_x509ext(void)
 {
+#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index ac98c1b9..e3e39e71 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -462,6 +462,7 @@ ossl_x509name_to_der(VALUE self)
 void
 Init_ossl_x509name(void)
 {
+#undef rb_intern
     VALUE utf8str, ptrstr, ia5str, hash;
 
 #if 0
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 4becc8e3..3cddcc49 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -800,6 +800,7 @@ ossl_x509stctx_set_time(VALUE self, VALUE time)
 void
 Init_ossl_x509store(void)
 {
+#undef rb_intern
 #if 0
     mOSSL = rb_define_module("OpenSSL");
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
-- 
cgit v1.2.3


From 97252d227414b08faf16d1f11f295475fadafbec Mon Sep 17 00:00:00 2001
From: nobu <nobu@ruby-lang.org>
Date: Fri, 2 Mar 2018 04:36:14 +0000
Subject: search winsock libraries explicitly

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62628 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r62628
---
 ext/openssl/extconf.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ext/openssl')

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 998d9104..22b4dc86 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -40,6 +40,7 @@ result = pkg_config("openssl") && have_header("openssl/ssl.h")
 def find_openssl_library
   if $mswin || $mingw
     # required for static OpenSSL libraries
+    have_library("ws2_32")
     have_library("gdi32") # OpenSSL <= 1.0.2 (for RAND_screen())
     have_library("crypt32")
   end
-- 
cgit v1.2.3


From 46436d075afc091d76a6666ea8aeb0ac8a4fa2a3 Mon Sep 17 00:00:00 2001
From: nobu <nobu@ruby-lang.org>
Date: Fri, 2 Mar 2018 14:45:28 +0000
Subject: openssl: search winsock

* ext/openssl/extconf.rb: on Windows search winsock library
  always, regardless pkg-config.  direct use of winsock is not
  region of OpenSSL.  [ruby-core:85895] [Bug #14568]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62637 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r62637
---
 ext/openssl/extconf.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'ext/openssl')

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 22b4dc86..e741b5a7 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -33,6 +33,9 @@ end
 Logging::message "=== Checking for system dependent stuff... ===\n"
 have_library("nsl", "t_open")
 have_library("socket", "socket")
+if $mswin || $mingw
+  have_library("ws2_32")
+end
 
 Logging::message "=== Checking for required stuff... ===\n"
 result = pkg_config("openssl") && have_header("openssl/ssl.h")
@@ -40,7 +43,6 @@ result = pkg_config("openssl") && have_header("openssl/ssl.h")
 def find_openssl_library
   if $mswin || $mingw
     # required for static OpenSSL libraries
-    have_library("ws2_32")
     have_library("gdi32") # OpenSSL <= 1.0.2 (for RAND_screen())
     have_library("crypt32")
   end
-- 
cgit v1.2.3


From a597d2bc91ae263d67971f7a6a3051db91c23ba3 Mon Sep 17 00:00:00 2001
From: nobu <nobu@ruby-lang.org>
Date: Sun, 17 Jun 2018 10:17:39 +0000
Subject: openssl_missing.h: constified

* ext/openssl/openssl_missing.h (IMPL_KEY_ACCESSOR{2,3}):
  constified obj argument getters.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63684 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r63684
---
 ext/openssl/openssl_missing.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/openssl')

diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 3d11aec2..3c2bce9c 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -196,7 +196,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
 static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
 	return pkey->pkey._name; }
 #define IMPL_KEY_ACCESSOR2(_type, _group, a1, a2, _fail_cond) \
-static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
+static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2) { \
 	if (a1) *a1 = obj->a1; \
 	if (a2) *a2 = obj->a2; } \
 static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
@@ -205,7 +205,7 @@ static inline int _type##_set0_##_group(_type *obj, BIGNUM *a1, BIGNUM *a2) { \
 	BN_clear_free(obj->a2); obj->a2 = a2; \
 	return 1; }
 #define IMPL_KEY_ACCESSOR3(_type, _group, a1, a2, a3, _fail_cond) \
-static inline void _type##_get0_##_group(_type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
+static inline void _type##_get0_##_group(const _type *obj, const BIGNUM **a1, const BIGNUM **a2, const BIGNUM **a3) { \
 	if (a1) *a1 = obj->a1; \
 	if (a2) *a2 = obj->a2; \
 	if (a3) *a3 = obj->a3; } \
-- 
cgit v1.2.3


From e092ed92cb04980318c229b811d01c346ee44cfb Mon Sep 17 00:00:00 2001
From: nobu <nobu@ruby-lang.org>
Date: Sun, 29 Jul 2018 08:13:05 +0000
Subject: reduce LibreSSL warnings

* ext/openssl/extconf.rb: LibreSSL headers emit "overriding WinCrypt
  defines" warnings if wincrypt.h has been included (except for
  x509.h) on Windows.  get rid of including the header by defining
  NOCRYPT macro.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64101 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Sync-with-trunk: r64101
---
 ext/openssl/extconf.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ext/openssl')

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index e741b5a7..b5252f12 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -125,6 +125,10 @@ engines.each { |name|
   OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
 }
 
+if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER")
+  $defs.push("-DNOCRYPT")
+end
+
 # added in 0.9.8X
 have_func("EVP_CIPHER_CTX_new")
 have_func("EVP_CIPHER_CTX_free")
-- 
cgit v1.2.3