diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-20 01:16:45 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-27 23:07:40 +0900 |
| commit | 35f8edeedc0e42d040e2b5823a300aaa2e3ff13f (patch) | |
| tree | bc24606db97e14a1fb7fdc46b01c802e4043d6a3 | |
| parent | 4a4a6f8999594a056ad03451646143016ec9a5d1 (diff) | |
| download | ruby-35f8edeedc0e42d040e2b5823a300aaa2e3ff13f.tar.gz | |
ext/openssl: always use our implementation of SSL_SESSION_cmp()
Implement CRYPTO_memcmp() if it is not available.
Always use our SSL_SESSION_cmp() (renamed to ossl_SSL_SESSION_cmp()).
SSL_SESSION_cmp() was removed in OpenSSL 1.0.0 and we have used a
reimplemented one. However our implementation is better than the
original (it uses CRYPTO_memcmp() instead of plain memcmp).
| -rw-r--r-- | ext/openssl/extconf.rb | 2 | ||||
| -rw-r--r-- | ext/openssl/openssl_missing.c | 18 | ||||
| -rw-r--r-- | ext/openssl/openssl_missing.h | 4 | ||||
| -rw-r--r-- | ext/openssl/ossl_ssl_session.c | 7 |
4 files changed, 26 insertions, 5 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index aa1e8254c1..a910fa286c 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -95,8 +95,8 @@ have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") have_func("OBJ_NAME_do_all_sorted") have_func("SSL_SESSION_get_id") -have_func("SSL_SESSION_cmp") have_func("OPENSSL_cleanse") +have_func("CRYPTO_memcmp") have_func("SSLv2_method") have_func("SSLv2_server_method") have_func("SSLv2_client_method") diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index bd8eef5ea9..f9db04fe97 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -352,3 +352,21 @@ ASN1_put_eoc(unsigned char **pp) return 2; } #endif + +#if !defined(HAVE_CRYPTO_MEMCMP) +int +CRYPTO_memcmp(const volatile void * volatile in_a, + const volatile void * volatile in_b, + size_t len) +{ + size_t i; + const volatile unsigned char *a = in_a; + const volatile unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; +} +#endif diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 6cf45a0d82..8271f3ef2e 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -144,6 +144,10 @@ int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); int X509_CRL_set_version(X509_CRL *x, long version); #endif +#if !defined(HAVE_CRYPTO_MEMCMP) +int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len); +#endif + #if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); #endif diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index e1bbc6fb54..2c21d6ad84 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -73,8 +73,8 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1) return self; } -#if HAVE_SSL_SESSION_CMP == 0 -int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) +/* SSL_SESSION_cmp() was removed without a replacement in 1.0.0 */ +static int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version || a->session_id_length != b->session_id_length) @@ -85,7 +85,6 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) return CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length); #endif } -#endif /* * call-seq: @@ -99,7 +98,7 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2) GetSSLSession(val1, ctx1); SafeGetSSLSession(val2, ctx2); - switch (SSL_SESSION_cmp(ctx1, ctx2)) { + switch (ossl_SSL_SESSION_cmp(ctx1, ctx2)) { case 0: return Qtrue; default: return Qfalse; } |