aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-10 17:25:07 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-04-21 00:46:34 +0900
commit79ff2cf3e55e6052161ab019f77aa2efbe45509a (patch)
tree33aed62e3c20e4e11c77176e0d2d47a3da408c21
parent2283a4774304f528fd56b7be32c37a8f8b6e463e (diff)
downloadruby-79ff2cf3e55e6052161ab019f77aa2efbe45509a.tar.gz
compiled on OpenSSL 1.1.0
-rw-r--r--ext/openssl/extconf.rb8
-rw-r--r--ext/openssl/openssl_missing.c446
-rw-r--r--ext/openssl/openssl_missing.h70
-rw-r--r--ext/openssl/ossl_hmac.c18
-rw-r--r--ext/openssl/ossl_ssl.c8
-rw-r--r--ext/openssl/ossl_x509cert.c10
-rw-r--r--ext/openssl/ossl_x509crl.c18
-rw-r--r--ext/openssl/ossl_x509ext.c2
-rw-r--r--ext/openssl/ossl_x509req.c4
-rw-r--r--ext/openssl/ossl_x509revoked.c8
10 files changed, 323 insertions, 269 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index cb12bf04bb..cf00db9a41 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -66,7 +66,6 @@ end
Logging::message "=== Checking for OpenSSL features... ===\n"
have_func("ERR_peek_last_error")
have_func("ASN1_put_eoc")
-have_func("OCSP_id_get0_info")
have_func("BN_mod_add")
have_func("BN_mod_sqr")
have_func("BN_mod_sub")
@@ -108,10 +107,14 @@ have_func("X509_CRL_add0_revoked")
have_func("X509_CRL_set_issuer_name")
have_func("X509_CRL_set_version")
have_func("X509_CRL_sort")
+have_func("X509_CRL_set_nextUpdate") # for 0.9.6
have_func("X509_CRL_get0_signature")
have_func("X509_REQ_get0_signature")
+have_func("X509_get0_tbs_sigalg")
have_func("X509_REVOKED_get0_serialNumber")
have_func("X509_REVOKED_set_serialNumber")
+have_func("X509_REVOKED_get0_revocationDate")
+have_func("X509_REVOKED_set_nextUpdate")
have_func("X509_NAME_hash_old")
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
@@ -169,6 +172,9 @@ if checking_for('OpenSSL version is 0.9.7 or later') {
try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h')
}
have_header("openssl/ocsp.h")
+ have_func("OCSP_id_get0_info")
+ have_func("OCSP_SINGLERESP_delete_ext")
+ have_func("OCSP_SINGLERESP_get0_id")
end
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 2c953dd53b..9b19ca9d41 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -9,11 +9,29 @@
*/
#include RUBY_EXTCONF_H
+#include <ruby.h>
+
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
# include <openssl/engine.h>
#endif
#include <openssl/x509_vfy.h>
+/*** 0.9.6 compatibility ***/
+#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE)
+int
+X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+ ASN1_TIME *in = M_ASN1_TIME_dup(tm);
+ if (!in)
+ return 0;
+ x->crl->nextUpdate = in;
+ return 1;
+}
+#endif
+
+/*** 0.9.6 compatibility end ***/
+
+/* HMAC */
#if !defined(OPENSSL_NO_HMAC)
#include <string.h> /* memcpy() */
#include <openssl/hmac.h>
@@ -32,56 +50,8 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
}
#endif /* HAVE_HMAC_CTX_COPY */
-#endif /* NO_HMAC */
-
-#if !defined(HAVE_X509_STORE_SET_EX_DATA)
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data)
-{
- return CRYPTO_set_ex_data(&str->ex_data, idx, data);
-}
-#endif
-
-#if !defined(HAVE_X509_STORE_GET_EX_DATA)
-void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
-{
- return CRYPTO_get_ex_data(&str->ex_data, idx);
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_NEW)
-/* new in 1.1.0 */
-EVP_MD_CTX *
-EVP_MD_CTX_new(void)
-{
-#if defined(HAVE_EVP_MD_CTX_CREATE)
- return EVP_MD_CTX_create();
-#else /* 0.9.6 */
- EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
- if (!ctx)
- return NULL;
- memset(ctx, 0, sizeof(EVP_MD_CTX));
- return ctx;
-#endif
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_FREE)
-/* new in 1.1.0 */
-void
-EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-{
-#if defined(HAVE_EVP_MD_CTX_DESTROY)
- EVP_MD_CTX_destroy(ctx);
-#else /* 0.9.6 */
- /* EVP_MD_CTX_cleanup(ctx); */
- /* FIXME!!! */
- memset(ctx, 0, sizeof(EVP_MD_CTX));
- OPENSSL_free(ctx);
-#endif
-}
-#endif
-#if defined(HAVE_HMAC_INIT_EX)
+#if !defined(HAVE_HMAC_INIT_EX)
int
HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md, void *impl)
@@ -141,50 +111,21 @@ HMAC_CTX_free(HMAC_CTX *ctx)
OPENSSL_free(ctx);
}
#endif
+#endif /* NO_HMAC */
-#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
-/* new in 1.1.0 */
-EVP_CIPHER_CTX *
-EVP_CIPHER_CTX_new(void)
-{
- EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
- if (!ctx)
- return NULL;
- EVP_CIPHER_CTX_init(ctx);
- return ctx;
-}
-#endif
-#if !defined(HAVE_EVP_MD_CTX_FREE)
-/* new in 1.1.0 */
-void
-EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+/* X509 */
+#if !defined(HAVE_X509_STORE_SET_EX_DATA)
+int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data)
{
- EVP_CIPHER_CTX_cleanup(ctx); /* 0.9.6 also has */
- OPENSSL_free(ctx);
+ return CRYPTO_set_ex_data(&str->ex_data, idx, data);
}
#endif
-#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-/*
- * this function does not exist in OpenSSL yet... or ever?.
- * a future version may break this function.
- * tested on 0.9.7d.
- */
-int
-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
+#if !defined(HAVE_X509_STORE_GET_EX_DATA)
+void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
{
- memcpy(out, in, sizeof(EVP_CIPHER_CTX));
-
-#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
- if (in->engine) ENGINE_add(out->engine);
- if (in->cipher_data) {
- out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
- memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
- }
-#endif
-
- return 1;
+ return CRYPTO_get_ex_data(&str->ex_data, idx);
}
#endif
@@ -250,6 +191,190 @@ X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
}
#endif
+#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
+void
+X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl)
+{
+ if (psig != NULL)
+ *psig = &crl->signature;
+ if (palg != NULL)
+ *palg = &crl->sig_alg;
+}
+#endif
+
+#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
+void
+X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req)
+{
+ if (psig != NULL)
+ *psig = &req->signature;
+ if (palg != NULL)
+ *palg = &req->sig_alg;
+}
+#endif
+
+#if !defined(HAVE_X509_GET0_TBS_SIGALG)
+X509_ALGOR *
+X509_get0_tbs_sigalg(X509 *x)
+{
+ return x->cert_info->signature;
+}
+#endif
+
+#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER)
+ASN1_INTEGER *
+X509_REVOKED_get0_serialNumber(X509_REVOKED *x)
+{
+ return &x->serialNumber;
+}
+#endif
+
+#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER)
+int
+X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+{
+ ASN1_INTEGER *in = x->serialNumber;
+ if (in != serial)
+ return ASN1_STRING_copy(in, serial);
+ return 1;
+}
+#endif
+
+#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE)
+ASN1_TIME *
+X509_REVOKED_get0_revocationDate(X509_REVOKED *x)
+{
+ return x->revocationDate;
+}
+#endif
+
+
+/* EVP_MD */
+#include <openssl/evp.h>
+#if !defined(HAVE_EVP_MD_CTX_NEW)
+/* new in 1.1.0 */
+EVP_MD_CTX *
+EVP_MD_CTX_new(void)
+{
+#if defined(HAVE_EVP_MD_CTX_CREATE)
+ return EVP_MD_CTX_create();
+#else /* 0.9.6 */
+ EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
+ if (!ctx)
+ return NULL;
+ memset(ctx, 0, sizeof(EVP_MD_CTX));
+ return ctx;
+#endif
+}
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_FREE)
+/* new in 1.1.0 */
+void
+EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+#if defined(HAVE_EVP_MD_CTX_DESTROY)
+ EVP_MD_CTX_destroy(ctx);
+#else /* 0.9.6 */
+ /* EVP_MD_CTX_cleanup(ctx); */
+ /* FIXME!!! */
+ memset(ctx, 0, sizeof(EVP_MD_CTX));
+ OPENSSL_free(ctx);
+#endif
+}
+#endif
+
+#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
+/* new in 1.1.0 */
+EVP_CIPHER_CTX *
+EVP_CIPHER_CTX_new(void)
+{
+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
+ if (!ctx)
+ return NULL;
+ EVP_CIPHER_CTX_init(ctx);
+ return ctx;
+}
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_FREE)
+/* new in 1.1.0 */
+void
+EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+ EVP_CIPHER_CTX_cleanup(ctx); /* 0.9.6 also has */
+ OPENSSL_free(ctx);
+}
+#endif
+
+#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+/*
+ * this function does not exist in OpenSSL yet... or ever?.
+ * a future version may break this function.
+ * tested on 0.9.7d.
+ */
+int
+EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
+{
+ memcpy(out, in, sizeof(EVP_CIPHER_CTX));
+
+#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
+ if (in->engine) ENGINE_add(out->engine);
+ if (in->cipher_data) {
+ out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+ memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+ }
+#endif
+
+ return 1;
+}
+#endif
+
+#if !defined(HAVE_EVP_PKEY_ID) /* 1.1.0 */
+int
+EVP_PKEY_id(const EVP_PKEY *pkey)
+{
+ return pkey->type;
+}
+
+RSA *
+EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_RSA)
+ return NULL;
+ return pkey->pkey.rsa;
+}
+
+DSA *
+EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_DSA)
+ return NULL;
+ return pkey->pkey.dsa;
+}
+
+#if !defined(OPENSSL_NO_EC)
+EC_KEY *
+EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_EC)
+ return NULL;
+ return pkey->pkey.ec;
+}
+#endif
+
+#if !defined(OPENSSL_NO_DH)
+DH *
+EVP_PKEY_get0_DH(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_DH)
+ return NULL;
+ return pkey->pkey.dh;
+}
+#endif
+#endif
+
+/* BIGNUM */
#if !defined(HAVE_BN_MOD_SQR)
int
BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
@@ -446,6 +571,9 @@ PEM_def_callback(char *buf, int num, int w, void *key)
}
#endif
+
+/* ASN.1 */
+#include <openssl/asn1.h>
#if !defined(HAVE_ASN1_PUT_EOC)
int
ASN1_put_eoc(unsigned char **pp)
@@ -458,6 +586,9 @@ ASN1_put_eoc(unsigned char **pp)
}
#endif
+/* OCSP */
+#if defined(HAVE_OPENSSL_OCSP_H)
+#include <openssl/ocsp.h>
#if !defined(HAVE_OCSP_ID_GET0_INFO)
int
OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
@@ -471,67 +602,11 @@ OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
return 1;
}
#endif
+#endif /* HAVE_OPENSSL_OCSP_H */
-#if !defined(HAVE_OCSP_SINGLERESP_DELETE_EXT)
-X509_EXTENSION *
-OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *s, int loc)
-{
- return sk_X509_EXTENSION_delete(s->singleExtensions, loc);
-}
-#endif
-
-#if !defined(HAVE_OCSP_SINGLEREST_GET0_ID)
-OCSP_CERTID *
-OCSP_SINGLERESP_get0_id(OCSP_SINGLERESP *single)
-{
- return single->certId;
-}
-#endif
-
-#if !defined(HAVE_EVP_PKEY_id) /* 1.1.0 */
-int
-EVP_PKEY_id(const EVP_PKEY *pkey)
-{
- return pkey->type;
-}
-
-RSA *
-EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-{
- if (pkey->type != EVP_PKEY_RSA)
- return NULL;
- return pkey->pkey.rsa;
-}
-
-DSA *
-EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
-{
- if (pkey->type != EVP_PKEY_DSA)
- return NULL;
- return pkey->pkey.dsa;
-}
-
-#if !defined(OPENSSL_NO_EC)
-EC_KEY *
-EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
-{
- if (pkey->type != EVP_PKEY_EC)
- return NULL;
- return pkey->pkey.ec;
-}
-#endif
-
-#if !defined(OPENSSL_NO_DH)
-DH *
-EVP_PKEY_get0_DH(EVP_PKEY *pkey)
-{
- if (pkey->type != EVP_PKEY_DH)
- return NULL;
- return pkey->pkey.dh;
-}
-#endif
-#endif
+/* SSL */
+#include <openssl/ssl.h>
#if !defined(HAVE_SSL_SESSION_GET_ID)
const unsigned char *
SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
@@ -547,84 +622,21 @@ int
SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
{
unsigned int a_len;
- unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
+ const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
unsigned int b_len;
- unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
+ const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
- if (a->ssl_version != b->ssl_version || a_len != b_len)
+#if !defined(HAVE_SSL_SESSION_GET_ID) /* 1.0.2 or older */
+ if (a->ssl_version != b->ssl_version)
return 1;
+#endif
+ if (a_len != b_len)
+ return 1;
+
#if defined(_WIN32)
return memcmp(a_sid, b_sid, a_len);
#else
return CRYPTO_memcmp(a_sid, b_sid, a_len);
#endif
}
-#endif
-
-#if !defined(HAVE_X509_UP_REF)
-void
-X509_up_ref(X509 *x509)
-{
- CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
-}
-
-void
-X509_CRL_up_ref(X509_CRL *crl)
-{
- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
-}
-
-void
-SSL_SESSION_up_ref(SSL_SESSION *sess)
-{
- CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
-}
-
-void
-EVP_PKEY_up_ref(EVP_PKEY *pkey)
-{
- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-}
-#endif
-
-#if !defined(X509_CRL_GET0_SIGNATURE)
-void
-X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl)
-{
- if (psig != NULL)
- *psig = &crl->signature;
- if (palg != NULL)
- *palg = &crl->sig_alg;
-}
-#endif
-
-#if !defined(X509_REQ_GET0_SIGNATURE)
-void
-X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ req)
-{
- if (psig != NULL)
- *psig = &req->signature;
- if (palg != NULL)
- *palg = &ret->sig_alg;
-}
-#endif
-
-#if !defined(X509_REVOKED_GET0_SERIALNUMBER)
-ASN1_INTEGER *
-X509_REVOKED_get0_serialNumber(X509_REVOKED *x)
-{
- return &x->serialNumber;
-}
-#endif
-
-#if !defined(X509_REVOKED_SET_SERIALNUMBER)
-int
-X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
-{
- ASN1_INTEGER *in = x->serialNumber;
- if (in != serial)
- return ASN1_STRING_copy(in, serial);
- return 1;
-}
-#endif
-
+#endif /* SSL */
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index f5d7622d4b..a1167a2f41 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -62,6 +62,12 @@ typedef int i2d_of_void();
(d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri))
#endif
+#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE)
+int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+#endif
+
+
+
#if !defined(HAVE_HMAC_CTX_NEW)
HMAC_CTX *HMAC_CTX_new(void);
#endif
@@ -116,10 +122,6 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
#endif
-#if !defined(HAVE_EVP_HMAC_INIT_EX)
-# define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init((ctx), (key), (len), (digest))
-#endif
-
#if !defined(PKCS7_is_detached)
# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
#endif
@@ -194,29 +196,10 @@ int PEM_def_callback(char *buf, int num, int w, void *key);
int ASN1_put_eoc(unsigned char **pp);
#endif
-#if !defined(HAVE_OCSP_ID_GET0_INFO)
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
- ASN1_OCTET_STRING **pikeyHash,
- ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-#endif
-
#if !defined(HAVE_EVP_PKEY_id)
int EVP_PKEY_id(const EVP_PKEY *pkey);
#endif
-#if !defined(HAVE_SSL_SESSION_GET_ID)
-int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
-#endif
-
-#if !defined(HAVE_SSL_SESSION_CMP)
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
-#endif
-
-#if !defined(HAVE_X509_UP_REF)
-void X509_up_ref(X509 *x509);
-void X509_CRL_up_ref(X509_CRL *crl);
-#endif
-
#if !defined(X509_CRL_GET0_SIGNATURE)
void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl);
#endif
@@ -233,6 +216,47 @@ ASN1_INTEGER *X509_REVOKED_get0_serialNumber(X509_REVOKED *x);
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
#endif
+/*** new in 1.1.0 ***/
+/* OCSP */
+#if defined(HAVE_OPENSSL_OCSP_H)
+#if !defined(HAVE_OCSP_ID_GET0_INFO)
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+ ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+#endif
+
+#if !defined(HAVE_OCSP_SINGLERESP_DELETE_EXT) /* for 0.9.6 */
+# define OCSP_SINGLERESP_delete_ext(s, loc) \
+ sk_X509_EXTENSION_delete((s)->singleExtensions, (loc))
+#endif
+
+#if !defined(HAVE_OCSP_SINGLERESP_GET0_ID)
+# define OCSP_SINGLERESP_get0_id(s) (s)->certId
+#endif
+#endif /* HAVE_OPENSSL_OCSP_H */
+
+/* SSL */
+#include <openssl/ssl.h>
+#if !defined(HAVE_SSL_SESSION_GET_ID)
+int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
+#endif
+
+#if !defined(HAVE_SSL_SESSION_CMP)
+int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
+#endif
+
+/* reference counter */
+#if !defined(HAVE_X509_UP_REF)
+# define X509_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509)
+# define X509_CRL_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_CRL);
+# define SSL_SESSION_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_SSL_SESSION);
+# define EVP_PKEY_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#endif
+
#if defined(__cplusplus)
}
#endif
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
index c2aa50bbdc..8febeb7c3f 100644
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@@ -159,16 +159,18 @@ ossl_hmac_update(VALUE self, VALUE data)
static void
hmac_final(HMAC_CTX *ctx, unsigned char **buf, unsigned int *buf_len)
{
- HMAC_CTX final;
-
- HMAC_CTX_copy(&final, ctx);
- if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) {
- HMAC_CTX_cleanup(&final);
- OSSL_Debug("Allocating %d mem", HMAC_size(&final));
+ HMAC_CTX *final = HMAC_CTX_new();
+ if (!final)
+ ossl_raise(eHMACError, "HMAC_CTX_new() failed");
+
+ HMAC_CTX_copy(final, ctx);
+ if (!(*buf = OPENSSL_malloc(HMAC_size(final)))) {
+ HMAC_CTX_free(final);
+ OSSL_Debug("Allocating %"PRIuSIZE" mem", HMAC_size(final));
ossl_raise(eHMACError, "Cannot allocate memory for hmac");
}
- HMAC_Final(&final, *buf, buf_len);
- HMAC_CTX_cleanup(&final);
+ HMAC_Final(final, *buf, buf_len);
+ HMAC_CTX_free(final);
}
/*
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index a1dd863e7f..d95f3be5cc 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -333,7 +333,11 @@ ossl_call_session_get_cb(VALUE ary)
/* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
static SSL_SESSION *
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy)
+#else
+ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy)
+#endif
{
VALUE ary, ssl_obj, ret_obj;
SSL_SESSION *sess;
@@ -866,7 +870,7 @@ ossl_sslctx_setup(VALUE self)
}
static VALUE
-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
+ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher)
{
VALUE ary;
int bits, alg_bits;
@@ -893,7 +897,7 @@ ossl_sslctx_get_ciphers(VALUE self)
SSL_CTX *ctx;
SSL *temp_ssl;
STACK_OF(SSL_CIPHER) *ciphers;
- SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
VALUE ary;
int i, num;
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index db8ba02375..2371c9b49e 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -350,8 +350,8 @@ ossl_x509_set_serial(VALUE self, VALUE num)
GetX509(self, x509);
- x509->cert_info->serialNumber =
- num_to_asn1integer(num, X509_get_serialNumber(x509));
+ X509_set_serialNumber(x509,
+ num_to_asn1integer(num, X509_get_serialNumber(x509)));
return num;
}
@@ -371,7 +371,7 @@ ossl_x509_get_signature_algorithm(VALUE self)
out = BIO_new(BIO_s_mem());
if (!out) ossl_raise(eX509CertError, NULL);
- if (!i2a_ASN1_OBJECT(out, x509->cert_info->signature->algorithm)) {
+ if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) {
BIO_free(out);
ossl_raise(eX509CertError, NULL);
}
@@ -671,8 +671,8 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509(self, x509);
- sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free);
- x509->cert_info->extensions = NULL;
+ while ((ext = X509_delete_ext(x509, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index 9ad98430ab..9d836a3f1e 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -241,7 +241,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
sec = time_to_time_t(time);
GetX509CRL(self, crl);
- if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) {
+ if (!X509_time_adj(X509_CRL_get_lastUpdate(crl), 0, &sec)) {
ossl_raise(eX509CRLError, NULL);
}
@@ -263,13 +263,17 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time)
{
X509_CRL *crl;
time_t sec;
+ ASN1_TIME *tm;
sec = time_to_time_t(time);
GetX509CRL(self, crl);
/* This must be some thinko in OpenSSL */
- if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){
+ tm = X509_time_adj(X509_CRL_get_nextUpdate(crl), 0, &sec);
+ if (!X509_CRL_set_nextUpdate(crl, tm)) {
+ ASN1_TIME_free(tm);
ossl_raise(eX509CRLError, NULL);
}
+ ASN1_TIME_free(tm);
return time;
}
@@ -304,6 +308,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
{
X509_CRL *crl;
X509_REVOKED *rev;
+ STACK_OF(X509_REVOKED) *rev_stack;
long i;
Check_Type(ary, T_ARRAY);
@@ -312,8 +317,9 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
}
GetX509CRL(self, crl);
- sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free);
- crl->crl->revoked = NULL;
+ rev_stack = X509_CRL_get_REVOKED(crl);
+ while ((rev = sk_X509_REVOKED_delete(rev_stack, 0)))
+ X509_REVOKED_free(rev);
for (i=0; i<RARRAY_LEN(ary); i++) {
rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
@@ -486,8 +492,8 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509CRL(self, crl);
- sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
- crl->crl->extensions = NULL;
+ while ((ext = X509_CRL_delete_ext(crl, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
index 25a6827253..c16fa92148 100644
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@@ -367,7 +367,7 @@ ossl_x509ext_set_value(VALUE self, VALUE data)
OPENSSL_free(s);
ossl_raise(eX509ExtError, NULL);
}
- if(!M_ASN1_OCTET_STRING_set(asn1s, s, RSTRING_LENINT(data))){
+ if(!ASN1_OCTET_STRING_set(asn1s, (unsigned char *)s, RSTRING_LENINT(data))){
OPENSSL_free(s);
ASN1_OCTET_STRING_free(asn1s);
ossl_raise(eX509ExtError, NULL);
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index 516ee3009f..0fe856e312 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -428,8 +428,8 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
}
GetX509Req(self, req);
- sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
- req->req_info->attributes = NULL;
+ while ((attr = X509_REQ_delete_attr(req, 0)))
+ X509_ATTRIBUTE_free(attr);
for (i=0;i<RARRAY_LEN(ary); i++) {
item = RARRAY_AREF(ary, i);
attr = DupX509AttrPtr(item);
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c
index 0236738a7c..6c1834e88d 100644
--- a/ext/openssl/ossl_x509revoked.c
+++ b/ext/openssl/ossl_x509revoked.c
@@ -139,7 +139,7 @@ ossl_x509revoked_get_time(VALUE self)
GetX509Rev(self, rev);
- return asn1time_to_time(rev->revocationDate);
+ return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev));
}
static VALUE
@@ -150,7 +150,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time)
sec = time_to_time_t(time);
GetX509Rev(self, rev);
- if (!X509_time_adj(rev->revocationDate, 0, &sec)) {
+ if (!X509_time_adj(X509_REVOKED_get0_revocationDate(rev), 0, &sec)) {
ossl_raise(eX509RevError, NULL);
}
@@ -198,8 +198,8 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509Rev(self, rev);
- sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
- rev->extensions = NULL;
+ while ((ext = X509_REVOKED_delete_ext(rev, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
item = RARRAY_AREF(ary, i);
ext = DupX509ExtPtr(item);