fixing 0.9.7 build

9 files changed, 38 insertions, 34 deletions

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 5482523146..87138512dd 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -69,6 +69,16 @@ def have_funcish(name)
 end
 
 Logging::message "=== Checking for OpenSSL features... ===\n"
+# OpenSSL compile options
+have_func("SSLv2_method") # removed in 1.1.0
+have_func("SSLv3_method")
+have_func("TLSv1_1_method") # added in 1.0.1
+have_func("TLSv1_2_method") # added in 1.0.1
+have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS")
+have_func("EC_KEY_new") && $defs.push("-DHAVE_SUPPORT_EC")
+# HMAC can't be disabled
+have_func("ENGINE_new") && $defs.push("-DHAVE_SUPPORT_ENGINE")
+
 # added in 0.9.6a-0.9.7
 have_func("OPENSSL_cleanse")
 have_func("ERR_peek_last_error")
@@ -102,7 +112,6 @@ have_func("X509_REVOKED_set_serialNumber")
 have_func("X509V3_set_nconf")
 have_func("X509V3_EXT_nconf_nid")
 
-have_header("openssl/engine.h")
 have_func("ENGINE_add")
 have_func("ENGINE_get_digest")
 have_func("ENGINE_get_cipher")
@@ -114,6 +123,7 @@ engines.each { |name| have_func_or_macro("ENGINE_load_#{name}", "openssl/engine.
 have_header("openssl/ocsp.h")
 
 # added in -0.9.8
+have_func("BN_GENCB_call") && $defs.push("-DHAVE_BN_GENCB")
 have_func("BN_is_prime_ex")
 have_func("BN_is_prime_fasttest_ex")
 have_func("BN_generate_prime_ex")
@@ -179,12 +189,6 @@ have_func("SSL_CTX_get_security_level")
 have_func("OCSP_SINGLERESP_get0_id")
 have_struct_member("EVP_PKEY", "type", "openssl/evp.h") # removed
 
-# depending on OpenSSL configuration
-have_func("SSLv2_method") # removed in 1.1.0
-have_func("SSLv3_method")
-have_func("TLSv1_1_method") # added in 1.0.1
-have_func("TLSv1_2_method") # added in 1.0.1
-have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS")
 
 # LibreSSL support
 have_func("RAND_egd") # removed
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 05d596f3d2..1f3100e653 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -176,8 +176,6 @@ BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
 }
 #endif
 
-#if !defined(OPENSSL_NO_HMAC)
-#include <openssl/hmac.h>
 #if !defined(HAVE_HMAC_INIT_EX)
 int
 HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
@@ -188,7 +186,6 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
     return HMAC_Init(ctx, key, key_len, md);
 }
 #endif
-#endif
 
 #if !defined(HAVE_X509_CRL_SET_NEXTUPDATE)
 int
@@ -277,7 +274,7 @@ X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
 
 /*** added in 0.9.8 ***/
 #if !defined(HAVE_BN_IS_PRIME_EX)
-int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, void *cb)
+int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, BN_GENCB *cb)
 {
     if (cb)
 	rb_bug("not supported");
@@ -287,7 +284,7 @@ int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, void *cb)
 
 #if !defined(HAVE_BN_IS_PRIME_FASTTEST_EX)
 int BN_is_prime_fasttestex(const BIGNUM *bn, int checks, BN_CTX *ctx,
-	int do_trial_division, void *cb)
+	int do_trial_division, BN_GENCB *cb)
 {
     if (cb)
 	rb_bug("not supported");
@@ -301,7 +298,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
 {
     if (cb)
 	rb_bug("not supported");
-    return BN_generate_prime(ret, bits, safe, add, rem, NULL);
+    return BN_generate_prime(ret, bits, safe, add, rem, NULL, NULL);
 }
 #endif
 
@@ -363,8 +360,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
 }
 #endif
 
-#if !defined(OPENSSL_NO_HMAC)
-#include <openssl/hmac.h>
 #if !defined(HAVE_HMAC_CTX_COPY)
 void
 HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
@@ -377,10 +372,10 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
     EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
 }
 #endif
-#endif
 
 /*** added in 1.0.1 ***/
 /*** added in 1.0.2 ***/
+#if defined(HAVE_SUPPORT_EC)
 #if !defined(HAVE_EC_CURVE_NIST2NID)
 static struct {
     const char *name;
@@ -414,10 +409,9 @@ EC_curve_nist2nid(const char *name)
     return NID_undef;
 }
 #endif
+#endif
 
 /*** added in 1.1.0 ***/
-#if !defined(OPENSSL_NO_HMAC)
-#include <openssl/hmac.h>
 #if !defined(HAVE_HMAC_CTX_NEW)
 HMAC_CTX *
 HMAC_CTX_new(void)
@@ -468,7 +462,6 @@ HMAC_CTX_reset(HMAC_CTX *ctx)
     return 0;
 }
 #endif
-#endif
 
 #if !defined(HAVE_EVP_MD_CTX_NEW)
 EVP_MD_CTX *
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 692053fc0e..57966230e8 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -11,6 +11,7 @@
 #define _OSSL_OPENSSL_MISSING_H_
 
 #include <openssl/ssl.h>
+#include <openssl/hmac.h>
 
 #if defined(__cplusplus)
 extern "C" {
@@ -154,7 +155,6 @@ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
 #  define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl))
 #endif
 
-#if !defined(OPENSSL_NO_HMAC)
 #if !defined(HAVE_HMAC_INIT_EX)
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, void *impl);
 #endif
@@ -164,7 +164,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md,
 
 #if !defined(HAVE_HMAC_CTX_CLEANUP)
 #endif
-#endif
 
 #if !defined(HAVE_X509_CRL_SET_NEXTUPDATE)
 int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
@@ -200,7 +199,11 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
 
 
 /*** added in 0.9.8 ***/
-#if defined(HAVE_BN_GENCB)
+#if !defined(HAVE_BN_GENCB)
+/* implementation in openssl_missing.c will fail if cb is set */
+typedef struct ossl_pseudo_bn_gencb_struct BN_GENCB;
+#endif
+
 #if !defined(HAVE_BN_IS_PRIME_EX)
 int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
 #endif
@@ -212,7 +215,6 @@ int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, int do_tr
 #if !defined(HAVE_BN_GENERATE_PRIME_EX)
 int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb);
 #endif
-#endif
 
 #if !defined(HAVE_EVP_CIPHER_CTX_NEW)
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
@@ -232,7 +234,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
 #endif
 
 #if !defined(HAVE_SSL_SESSION_GET_ID)
-int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
 #endif
 
 #if !defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
@@ -281,9 +283,11 @@ void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
 #endif
 
 /*** added in 1.0.2 ***/
+#if defined(HAVE_SUPPORT_EC)
 #if !defined(HAVE_EC_CURVE_NIST2NID)
 int EC_curve_nist2nid(const char *str);
 #endif
+#endif
 
 #if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
 #  define X509_STORE_CTX_get0_store(x) ((x)->ctx)
@@ -415,7 +419,9 @@ static inline STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { re
 #if defined(HAVE_EVP_PKEY_TYPE) /* is not opaque */
 static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { return pkey->pkey.rsa; }
 static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; }
+# if defined(HAVE_SUPPORT_EC)
 static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; }
+# endif
 static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; }
 
 static inline void RSA_get0_key(RSA *rsa, BIGNUM **n, BIGNUM **e, BIGNUM **d) {
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index ea5eb076d0..e8271e9d64 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -68,8 +68,7 @@ extern "C" {
 #endif
 #undef X509_NAME
 #undef PKCS7_SIGNER_INFO
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHERINIT_EX)
-#  define OSSL_ENGINE_ENABLED
+#if defined(HAVE_SUPPORT_ENGINE)
 #  include <openssl/engine.h>
 #endif
 #if defined(HAVE_OPENSSL_OCSP_H)
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
index 87ca013c38..01418e65c5 100644
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@@ -9,7 +9,7 @@
  */
 #include "ossl.h"
 
-#if defined(OSSL_ENGINE_ENABLED)
+#if defined(HAVE_SUPPORT_ENGINE)
 
 #define NewEngine(klass) \
     TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index df39985aa8..2e69be2acd 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -104,7 +104,7 @@ ossl_pkey_new(EVP_PKEY *pkey)
     case EVP_PKEY_DH:
 	return ossl_dh_new(pkey);
 #endif
-#if !defined(OPENSSL_NO_EC) && (OPENSSL_VERSION_NUMBER >= 0x0090802fL)
+#if defined(HAVE_SUPPORT_EC)
     case EVP_PKEY_EC:
 	return ossl_ec_new(pkey);
 #endif
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 08e340eb15..a53ad2d3cc 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -276,7 +276,7 @@ ossl_dh_is_private(VALUE self)
     dh = EVP_PKEY_get0_DH(pkey);
     DH_get0_key(dh, NULL, &priv_key);
 
-#ifdef OSSL_ENGINE_ENABLED
+#if defined(HAVE_SUPPORT_ENGINE)
     return (priv_key || DH_get0_engine(dh)) ? Qtrue : Qfalse;
 #else
     return priv_key ? Qtrue : Qfalse;
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 8218e714e3..e7b9c68b9b 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -4,7 +4,7 @@
 
 #include "ossl.h"
 
-#if !defined(OPENSSL_NO_EC) && (OPENSSL_VERSION_NUMBER >= 0x0090802fL)
+#if defined(HAVE_SUPPORT_EC)
 
 typedef struct {
 	EC_GROUP *group;
@@ -1698,8 +1698,8 @@ void Init_ossl_ec(void)
     no_copy(cEC_POINT);
 }
 
-#else /* defined NO_EC */
+#else /* SUPPORT_EC */
 void Init_ossl_ec(void)
 {
 }
-#endif /* NO_EC */
+#endif /* !SUPPORT_EC */
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 724c61c8d7..48a790b8d0 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -992,7 +992,7 @@ ossl_sslctx_set_security_level(VALUE self, VALUE v)
     return v;
 }
 
-#ifndef OPENSSL_NO_EC
+#if defined(HAVE_SUPPORT_EC)
 /*
  * call-seq:
  *    ctx.set_elliptic_curves("curve1:curve2:curve3") -> self
@@ -1033,7 +1033,7 @@ ossl_sslctx_set_elliptic_curves(VALUE self, VALUE str)
 
     return self;
 }
-#endif
+#endif /* HAVE_SUPPORT_EC */
 
 /*
  *  call-seq:
@@ -2294,7 +2294,9 @@ Init_ossl_ssl(void)
     rb_define_method(cSSLContext, "ciphers=",    ossl_sslctx_set_ciphers, 1);
     rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0);
     rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
+#if defined(HAVE_SUPPORT_EC)
     rb_define_method(cSSLContext, "set_elliptic_curves", ossl_sslctx_set_elliptic_curves, 1);
+#endif
 
     rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);