aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-20 01:16:45 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-04-27 23:07:40 +0900
commit35f8edeedc0e42d040e2b5823a300aaa2e3ff13f (patch)
treebc24606db97e14a1fb7fdc46b01c802e4043d6a3
parent4a4a6f8999594a056ad03451646143016ec9a5d1 (diff)
downloadruby-35f8edeedc0e42d040e2b5823a300aaa2e3ff13f.tar.gz
ext/openssl: always use our implementation of SSL_SESSION_cmp()
Implement CRYPTO_memcmp() if it is not available. Always use our SSL_SESSION_cmp() (renamed to ossl_SSL_SESSION_cmp()). SSL_SESSION_cmp() was removed in OpenSSL 1.0.0 and we have used a reimplemented one. However our implementation is better than the original (it uses CRYPTO_memcmp() instead of plain memcmp).
-rw-r--r--ext/openssl/extconf.rb2
-rw-r--r--ext/openssl/openssl_missing.c18
-rw-r--r--ext/openssl/openssl_missing.h4
-rw-r--r--ext/openssl/ossl_ssl_session.c7
4 files changed, 26 insertions, 5 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index aa1e825..a910fa2 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -95,8 +95,8 @@ have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
have_func("OBJ_NAME_do_all_sorted")
have_func("SSL_SESSION_get_id")
-have_func("SSL_SESSION_cmp")
have_func("OPENSSL_cleanse")
+have_func("CRYPTO_memcmp")
have_func("SSLv2_method")
have_func("SSLv2_server_method")
have_func("SSLv2_client_method")
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index bd8eef5..f9db04f 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -352,3 +352,21 @@ ASN1_put_eoc(unsigned char **pp)
return 2;
}
#endif
+
+#if !defined(HAVE_CRYPTO_MEMCMP)
+int
+CRYPTO_memcmp(const volatile void * volatile in_a,
+ const volatile void * volatile in_b,
+ size_t len)
+{
+ size_t i;
+ const volatile unsigned char *a = in_a;
+ const volatile unsigned char *b = in_b;
+ unsigned char x = 0;
+
+ for (i = 0; i < len; i++)
+ x |= a[i] ^ b[i];
+
+ return x;
+}
+#endif
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 6cf45a0..8271f3e 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -144,6 +144,10 @@ int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
int X509_CRL_set_version(X509_CRL *x, long version);
#endif
+#if !defined(HAVE_CRYPTO_MEMCMP)
+int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
+#endif
+
#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
#endif
diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c
index e1bbc6f..2c21d6a 100644
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@@ -73,8 +73,8 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
return self;
}
-#if HAVE_SSL_SESSION_CMP == 0
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
+/* SSL_SESSION_cmp() was removed without a replacement in 1.0.0 */
+static int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
{
if (a->ssl_version != b->ssl_version ||
a->session_id_length != b->session_id_length)
@@ -85,7 +85,6 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
return CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length);
#endif
}
-#endif
/*
* call-seq:
@@ -99,7 +98,7 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
GetSSLSession(val1, ctx1);
SafeGetSSLSession(val2, ctx2);
- switch (SSL_SESSION_cmp(ctx1, ctx2)) {
+ switch (ossl_SSL_SESSION_cmp(ctx1, ctx2)) {
case 0: return Qtrue;
default: return Qfalse;
}