diff options
author | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-09-03 01:14:26 +0000 |
---|---|---|
committer | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-09-03 01:14:26 +0000 |
commit | e29819df6e6a644bbfadbdc706a472c413015286 (patch) | |
tree | 33b5dcd1ab6b1d96a922f1e5e48d3f7032ad8124 /ext | |
parent | 9b6f66c74f367bbce13dc19bcc5e4d037ed290bf (diff) | |
download | ruby-e29819df6e6a644bbfadbdc706a472c413015286.tar.gz |
* ext/openssl/extconf.rb: Detect OpenSSL_FIPS macro
ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to
indicate whether OpenSSL runs in FIPS mode.
test/openssl/test_pkey_dh.rb: Generate 256 bit keys for
non-FIPS installations to improve test performance (e.g. for
rubyci).
test/openssl/utils.rb: Replace DSS1 as certificate signature
digest with SHA1 for FIPS installations when using DSA by
introducing TestUtils::DSA_SIGNATURE_DIGEST.
test/openssl/test_x509cert.rb:
test/openssl/test_x509crl.rb:
test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST
NEWS: Introduce OpenSSL::OPENSSL_FIPS
These changes allow running the OpenSSL tests in FIPS mode
while keeping a high performance for non-FIPS installations.
Introduction of OpenSSL::OPENSSL_FIPS allows for applications
to react to special requirements when using OpenSSL in FIPS mode.
[Feature #6946] [ruby-core:47345]
- Diese und die folgenden Zeilen werden ignoriert --
M ext/openssl/extconf.rb
M ext/openssl/ossl.c
M NEWS
M ChangeLog
M test/openssl/utils.rb
M test/openssl/test_x509crl.rb
M test/openssl/test_x509req.rb
M test/openssl/test_x509cert.rb
M test/openssl/test_pkey_dh.rb
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/extconf.rb | 3 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 10 |
2 files changed, 12 insertions, 1 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 91caa529ad..8ac7f7cabd 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -108,7 +108,7 @@ have_func("TLSv1_1_client_method") have_func("TLSv1_2_method") have_func("TLSv1_2_server_method") have_func("TLSv1_2_client_method") -have_func("OPENSSL_NPN_NEGOTIATED", ['openssl/ssl.h']) +have_macro("OPENSSL_NPN_NEGOTIATED", ['openssl/ssl.h']) && $defs.push("-DHAVE_OPENSSL_NPN_NEGOTIATED") unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h']) have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME") end @@ -146,6 +146,7 @@ end have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h") have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h") have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h") +have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS") Logging::message "=== Checking done. ===\n" diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index da7d08ad49..ebd2b5d13a 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -936,6 +936,7 @@ Init_openssl() * Version of OpenSSL the ruby OpenSSL extension was built with */ rb_define_const(mOSSL, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT)); + /* * Version number of OpenSSL the ruby OpenSSL extension was built with * (base 16) @@ -943,6 +944,15 @@ Init_openssl() rb_define_const(mOSSL, "OPENSSL_VERSION_NUMBER", INT2NUM(OPENSSL_VERSION_NUMBER)); /* + * Boolean indicating whether OpenSSL runs in FIPS mode or not + */ +#ifdef HAVE_OPENSSL_FIPS + rb_define_const(mOSSL, "OPENSSL_FIPS", Qtrue); +#else + rb_define_const(mOSSL, "OPENSSL_FIPS", Qfalse); +#endif + + /* * Generic error, * common for all classes under OpenSSL module */ |