aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ext/openssl/extconf.rb79
-rw-r--r--ext/openssl/openssl_missing.c361
-rw-r--r--ext/openssl/openssl_missing.h256
-rw-r--r--ext/openssl/ossl.c4
-rw-r--r--ext/openssl/ossl.h15
-rw-r--r--ext/openssl/ossl_asn1.c71
-rw-r--r--ext/openssl/ossl_cipher.c8
-rw-r--r--ext/openssl/ossl_engine.c18
-rw-r--r--ext/openssl/ossl_ocsp.c2
-rw-r--r--ext/openssl/ossl_ocsp.h2
-rw-r--r--ext/openssl/ossl_pkcs7.c24
-rw-r--r--ext/openssl/ossl_pkey.c4
-rw-r--r--ext/openssl/ossl_pkey.h3
-rw-r--r--ext/openssl/ossl_pkey_dh.c11
-rw-r--r--ext/openssl/ossl_pkey_dsa.c20
-rw-r--r--ext/openssl/ossl_pkey_ec.c2
-rw-r--r--ext/openssl/ossl_pkey_rsa.c6
-rw-r--r--ext/openssl/ossl_ssl.c24
-rw-r--r--ext/openssl/ossl_ssl_session.c2
-rw-r--r--ext/openssl/ossl_x509.c10
-rw-r--r--ext/openssl/ossl_x509attr.c8
-rw-r--r--ext/openssl/ossl_x509ext.c13
-rw-r--r--ext/openssl/ossl_x509store.c29
23 files changed, 129 insertions, 843 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 87138512dd..511d7b18d3 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -51,8 +51,9 @@ unless result
end
end
-unless have_header("openssl/conf_api.h")
- raise "OpenSSL 0.9.6 or later required."
+unless checking_for("OpenSSL version is 0.9.8 or later") {
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h") }
+ raise "OpenSSL 0.9.8 or later required."
end
unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
@@ -63,11 +64,6 @@ def have_func_or_macro(name, header)
have_macro(name, [header]) && $defs.push("-DHAVE_#{name.upcase}")
end
-def have_funcish(name)
- have_func(name) ||
- have_macro(name, [header]) && $defs.push("-DHAVE_#{name.upcase}")
-end
-
Logging::message "=== Checking for OpenSSL features... ===\n"
# OpenSSL compile options
have_func("SSLv2_method") # removed in 1.1.0
@@ -75,66 +71,15 @@ have_func("SSLv3_method")
have_func("TLSv1_1_method") # added in 1.0.1
have_func("TLSv1_2_method") # added in 1.0.1
have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS")
-have_func("EC_KEY_new") && $defs.push("-DHAVE_SUPPORT_EC")
-# HMAC can't be disabled
-have_func("ENGINE_new") && $defs.push("-DHAVE_SUPPORT_ENGINE")
-
-# added in 0.9.6a-0.9.7
-have_func("OPENSSL_cleanse")
-have_func("ERR_peek_last_error")
-have_func("CONF_get1_default_config_file")
-have_func("ASN1_put_eoc")
-have_func("OBJ_NAME_do_all_sorted")
-have_func("PEM_def_callback")
-have_func("BN_rand_range")
-have_func("BN_pseudo_rand_range")
-have_func("BN_nnmod")
-have_func("BN_mod_add")
-have_func("BN_mod_sub")
-have_func("BN_mod_sqr")
-have_func("EVP_MD_CTX_init")
-have_func("EVP_MD_CTX_create")
-have_func("EVP_MD_CTX_destroy")
-have_func("EVP_CIPHER_CTX_set_padding")
-have_func("EVP_DigestInit_ex")
-have_func("EVP_DigestFinal_ex")
-have_func("EVP_CipherInit_ex")
-have_func("EVP_CipherFinal_ex")
-have_func("HMAC_Init_ex")
-have_func("HMAC_CTX_init")
-have_func("HMAC_CTX_cleanup")
-have_func("X509_CRL_set_nextUpdate")
-have_func("X509_CRL_add0_revoked")
-have_func("X509_CRL_set_issuer_name")
-have_func("X509_CRL_set_version")
-have_func("X509_CRL_sort")
-have_func("X509_REVOKED_set_serialNumber")
-have_func("X509V3_set_nconf")
-have_func("X509V3_EXT_nconf_nid")
-
-have_func("ENGINE_add")
-have_func("ENGINE_get_digest")
-have_func("ENGINE_get_cipher")
# ENGINE_load_xx is deprecated in OpenSSL 1.1.0 and become a macro
engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
engines.each { |name| have_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") }
-have_header("openssl/ocsp.h")
-
-# added in -0.9.8
-have_func("BN_GENCB_call") && $defs.push("-DHAVE_BN_GENCB")
-have_func("BN_is_prime_ex")
-have_func("BN_is_prime_fasttest_ex")
-have_func("BN_generate_prime_ex")
+# added in 0.9.8X
have_func("EVP_CIPHER_CTX_new")
have_func("EVP_CIPHER_CTX_free")
-have_func("DH_generate_parameters_ex")
-have_func("DSA_generate_parameters_ex")
-have_func("RSA_generate_key_ex")
-have_func("SSL_SESSION_get_id")
-have_func("SSL_CTX_set_tmp_ecdh_callback") # removed in 1.1.0
-have_func("OCSP_SINGLERESP_delete_ext")
+have_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
# added in 1.0.0
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") # check if CRYPTO_THREADID exists
@@ -152,8 +97,10 @@ have_func("SSL_CTX_set_next_proto_select_cb")
have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
# added in 1.0.2
+have_func("CRYPTO_memcmp")
have_func("EC_curve_nist2nid")
have_func("X509_STORE_CTX_get0_store")
+have_func("X509_REVOKED_dup")
have_func("SSL_CTX_set_alpn_select_cb")
have_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
have_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h") # removed in 1.1.0
@@ -161,6 +108,7 @@ have_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
# added in 1.1.0
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
+have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
have_func("BN_GENCB_new")
have_func("BN_GENCB_free")
have_func("BN_GENCB_get_arg")
@@ -178,21 +126,20 @@ have_func("X509_REVOKED_get0_revocationDate")
have_func("X509_STORE_CTX_get0_untrusted")
have_func("X509_STORE_CTX_get0_cert")
have_func("X509_STORE_CTX_get0_chain")
-
-# doesn't exist on any version of OpenSSL
-have_func("X509_STORE_get_ex_data")
-have_func("X509_STORE_set_ex_data")
-
have_func("TLS_method") # renamed from SSLv23_method
have_func("SSL_CTX_get_ciphers")
have_func("SSL_CTX_get_security_level")
+have_func("SSL_CTX_set_tmp_ecdh_callback") # removed
have_func("OCSP_SINGLERESP_get0_id")
have_struct_member("EVP_PKEY", "type", "openssl/evp.h") # removed
-
# LibreSSL support
have_func("RAND_egd") # removed
+# doesn't exist on any version of OpenSSL
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+
Logging::message "=== Checking done. ===\n"
create_header
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 1f3100e653..8c4079993e 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -12,296 +12,14 @@
#include RUBY_EXTCONF_H
#include "openssl_missing.h"
-/* OPENSSL_NO_EVP is not supported */
#include <openssl/evp.h>
#include <openssl/ssl.h>
#include <openssl/asn1.h>
-
-/* added in -0.9.7 */
-#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
-#define OPENSSL_CONF "openssl.cnf"
-char *
-CONF_get1_default_config_file(void)
-{
- char *file;
- int len;
-
- file = getenv("OPENSSL_CONF");
- if (file) return BUF_strdup(file);
- len = strlen(X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
- len++;
-#endif
- len += strlen(OPENSSL_CONF);
- file = OPENSSL_malloc(len + 1);
- if (!file) return NULL;
- strcpy(file,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
- strcat(file,"/");
-#endif
- strcat(file,OPENSSL_CONF);
-
- return file;
-}
-#endif
-
-#if !defined(HAVE_ASN1_PUT_EOC)
-int
-ASN1_put_eoc(unsigned char **pp)
-{
- unsigned char *p = *pp;
- *p++ = 0;
- *p++ = 0;
- *pp = p;
- return 2;
-}
-#endif
-
-#if !defined(HAVE_PEM_DEF_CALLBACK)
-#define OSSL_PASS_MIN_LENGTH 4
-int
-PEM_def_callback(char *buf, int num, int w, void *key)
-{
- int i,j;
- const char *prompt;
-
- if (key) {
- i = strlen(key);
- i = (i > num) ? num : i;
- memcpy(buf, key, i);
- return i;
- }
-
- prompt = EVP_get_pw_prompt();
- if (prompt == NULL) prompt = "Enter PEM pass phrase:";
- for (;;) {
- i = EVP_read_pw_string(buf, num, prompt, w);
- if (i != 0) {
- memset(buf, 0, (unsigned int)num);
- return(-1);
- }
- j = strlen(buf);
- if (j < OSSL_PASS_MIN_LENGTH) {
- fprintf(stderr,
- "phrase is too short, needs to be at least %d chars\n",
- OSSL_PASS_MIN_LENGTH);
- }
- else break;
- }
- return j;
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-static int
-bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
-{
- int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
- int n;
-
- if (range->neg || BN_is_zero(range)) return 0;
-
- n = BN_num_bits(range);
-
- if (n == 1) {
- if (!BN_zero(r)) return 0;
- } else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
- do {
- if (!bn_rand(r, n + 1, -1, 0)) return 0;
- if (BN_cmp(r ,range) >= 0) {
- if (!BN_sub(r, r, range)) return 0;
- if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range)) return 0;
- }
- } while (BN_cmp(r, range) >= 0);
- } else {
- do {
- if (!bn_rand(r, n, -1, 0)) return 0;
- } while (BN_cmp(r, range) >= 0);
- }
-
- return 1;
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int
-BN_rand_range(BIGNUM *r, const BIGNUM *range)
-{
- return bn_rand_range(0, r, range);
-}
-#endif
-
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int
-BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
-{
- return bn_rand_range(1, r, range);
-}
-#endif
-
-#if !defined(HAVE_BN_NNMOD)
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-{
- if (!BN_mod(r,m,d,ctx)) return 0;
- if (!r->neg) return 1;
- return (d->neg ? BN_sub : BN_add)(r, r, d);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD)
-int
-BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_add(r, a, b)) return 0;
- return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_SUB)
-int
-BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_sub(r, a, b)) return 0;
- return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_SQR)
-int
-BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_sqr(r, (BIGNUM*)a, ctx)) return 0;
- return BN_mod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_HMAC_INIT_EX)
-int
-HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
- const EVP_MD *md, void *impl)
-{
- if (impl)
- rb_bug("impl not supported");
- return HMAC_Init(ctx, key, key_len, md);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE)
-int
-X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
-{
- ASN1_TIME *in = M_ASN1_TIME_dup(tm);
- if (!in)
- return 0;
- x->crl->nextUpdate = in;
- return 1;
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
-static int
-OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
-{
- return(ASN1_STRING_cmp(
- (ASN1_STRING *)(*a)->serialNumber,
- (ASN1_STRING *)(*b)->serialNumber));
-}
-
-int
-X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
-{
- X509_CRL_INFO *inf;
-
- inf = crl->crl;
- if (!inf->revoked)
- inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
- if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev))
- return 0;
- return 1;
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
-int
-X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
-{
- if (x == NULL || x->crl == NULL) return 0;
- return X509_NAME_set(&x->crl->issuer, name);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_VERSION)
-int
-X509_CRL_set_version(X509_CRL *x, long version)
-{
- if (x == NULL || x->crl == NULL) return 0;
- if (x->crl->version == NULL) {
- x->crl->version = M_ASN1_INTEGER_new();
- if (x->crl->version == NULL) return 0;
- }
- return ASN1_INTEGER_set(x->crl->version, version);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SORT)
-int
-X509_CRL_sort(X509_CRL *c)
-{
- int i;
- X509_REVOKED *r;
- /* sort the data so it will be written in serial
- * number order */
- sk_X509_REVOKED_sort(c->crl->revoked);
- for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) {
- r=sk_X509_REVOKED_value(c->crl->revoked, i);
- r->sequence=i;
- }
- return 1;
-}
-#endif
-
-#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER)
-int
-X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
-{
- ASN1_INTEGER *in = x->serialNumber;
- if (in != serial)
- return ASN1_STRING_copy(in, serial);
- return 1;
-}
-#endif
-
-/*** added in 0.9.8 ***/
-#if !defined(HAVE_BN_IS_PRIME_EX)
-int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, BN_GENCB *cb)
-{
- if (cb)
- rb_bug("not supported");
- return BN_is_prime(bn, checks, NULL, ctx, NULL);
-}
-#endif
-
-#if !defined(HAVE_BN_IS_PRIME_FASTTEST_EX)
-int BN_is_prime_fasttestex(const BIGNUM *bn, int checks, BN_CTX *ctx,
- int do_trial_division, BN_GENCB *cb)
-{
- if (cb)
- rb_bug("not supported");
- return BN_is_prime_fasttest(bn, checks, NULL, ctx, NULL, do_trial_division);
-}
-#endif
-
-#if !defined(HAVE_BN_GENERATE_PRIME_EX)
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
-{
- if (cb)
- rb_bug("not supported");
- return BN_generate_prime(ret, bits, safe, add, rem, NULL, NULL);
-}
+#if !defined(OPENSSL_NO_ENGINE)
+# include <openssl/engine.h>
#endif
+/*** added in 0.9.8X ***/
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
EVP_CIPHER_CTX *
EVP_CIPHER_CTX_new(void)
@@ -323,21 +41,8 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
}
#endif
-#if !defined(HAVE_SSL_SESSION_GET_ID)
-const unsigned char *
-SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
-{
- if (len)
- *len = s->session_id_length;
- return s->session_id;
-}
-#endif
-
/*** added in 1.0.0 ***/
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-#if defined(HAVE_ENGINE_ADD)
-# include <openssl/engine.h>
-#endif
/*
* this function does not exist in OpenSSL yet... or ever?.
* a future version may break this function.
@@ -348,7 +53,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
-#if defined(HAVE_ENGINE_ADD)
+#if !defined(OPENSSL_NO_ENGINE)
if (in->engine) ENGINE_add(out->engine);
if (in->cipher_data) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
@@ -374,8 +79,28 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
#endif
/*** added in 1.0.1 ***/
+
/*** added in 1.0.2 ***/
-#if defined(HAVE_SUPPORT_EC)
+#if !defined(HAVE_CRYPTO_MEMCMP)
+/* added in 1.0.1d */
+int
+CRYPTO_memcmp(const volatile void * volatile in_a,
+ const volatile void * volatile in_b,
+ size_t len)
+{
+ size_t i;
+ const volatile unsigned char *a = in_a;
+ const volatile unsigned char *b = in_b;
+ unsigned char x = 0;
+
+ for (i = 0; i < len; i++)
+ x |= a[i] ^ b[i];
+
+ return x;
+}
+#endif
+
+#if !defined(OPENSSL_NO_EC)
#if !defined(HAVE_EC_CURVE_NIST2NID)
static struct {
const char *name;
@@ -428,37 +153,16 @@ HMAC_CTX_new(void)
void
HMAC_CTX_free(HMAC_CTX *ctx)
{
-#if defined(HAVE_HMAC_CTX_CLEANUP)
HMAC_CTX_cleanup(ctx);
-#else /* 0.9.6 */
- EVP_MD_CTX_cleanup(&ctx->i_ctx);
- EVP_MD_CTX_cleanup(&ctx->o_ctx);
- EVP_MD_CTX_cleanup(&ctx->md_ctx);
-#endif
OPENSSL_free(ctx);
}
#endif
#if !defined(HAVE_HMAC_CTX_RESET)
-#if !defined(HAVE_EVP_MD_CTX_INIT)
-#include <string.h> /* memcpy() */
-static void
-EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-{
- memset(ctx, 0, sizeof(EVP_MD_CTX));
-}
-#endif
-
int
HMAC_CTX_reset(HMAC_CTX *ctx)
{
-#if defined(HAVE_HMAC_CTX_INIT)
HMAC_CTX_init(ctx);
-#else /* 0.9.6 */
- EVP_MD_CTX_init(&ctx->i_ctx);
- EVP_MD_CTX_init(&ctx->o_ctx);
- EVP_MD_CTX_init(&ctx->md_ctx);
-#endif
return 0;
}
#endif
@@ -467,15 +171,7 @@ HMAC_CTX_reset(HMAC_CTX *ctx)
EVP_MD_CTX *
EVP_MD_CTX_new(void)
{
-#if defined(HAVE_EVP_MD_CTX_CREATE)
return EVP_MD_CTX_create();
-#else /* 0.9.6 */
- EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
- if (!ctx)
- return NULL;
- memset(ctx, 0, sizeof(EVP_MD_CTX));
- return ctx;
-#endif
}
#endif
@@ -483,14 +179,7 @@ EVP_MD_CTX_new(void)
void
EVP_MD_CTX_free(EVP_MD_CTX *ctx)
{
-#if defined(HAVE_EVP_MD_CTX_DESTROY)
EVP_MD_CTX_destroy(ctx);
-#else /* 0.9.6 */
- /* EVP_MD_CTX_cleanup(ctx); */
- /* FIXME!!! */
- memset(ctx, 0, sizeof(EVP_MD_CTX));
- OPENSSL_free(ctx);
-#endif
}
#endif
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 57966230e8..348f10b947 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -17,205 +17,7 @@
extern "C" {
#endif
-/* added in -0.9.7 */
-/* These functions are not included in headers of OPENSSL <= 0.9.6b */
-#ifndef TYPEDEF_D2I_OF
-typedef char *d2i_of_void(void **, const unsigned char **, long);
-#endif
-#ifndef TYPEDEF_I2D_OF
-typedef int i2d_of_void(void *, unsigned char **);
-#endif
-
-#if !defined(PEM_read_bio_DSAPublicKey)
-# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
- (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u))
-#endif
-
-#if !defined(PEM_write_bio_DSAPublicKey)
-# define PEM_write_bio_DSAPublicKey(bp,x) \
- PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\
- PEM_STRING_DSA_PUBLIC,\
- (bp),(char *)(x), NULL, NULL, 0, NULL, NULL)
-#endif
-
-#if !defined(DSAPrivateKey_dup)
-# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \
- (d2i_of_void *)d2i_DSAPrivateKey,(char *)(dsa))
-#endif
-
-#if !defined(DSAPublicKey_dup)
-# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
- (d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa))
-#endif
-
-#if !defined(X509_REVOKED_dup)
-# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
- (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
-#endif
-
-#if !defined(PKCS7_SIGNER_INFO_dup)
-# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \
- (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)(si))
-#endif
-
-#if !defined(PKCS7_RECIP_INFO_dup)
-# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \
- (d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri))
-#endif
-
-
-#if !defined(EVP_CIPHER_name)
-# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
-#endif
-
-#if !defined(EVP_MD_name)
-# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
-#endif
-
-#if !defined(PKCS7_is_detached)
-# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-#endif
-
-#if !defined(PKCS7_type_is_encrypted)
-# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-#endif
-
-/* start: checked by extconf.rb */
-#if !defined(HAVE_OPENSSL_CLEANSE)
-#define OPENSSL_cleanse(p, l) memset((p), 0, (l))
-#endif
-
-#if !defined(HAVE_ERR_PEEK_LAST_ERROR)
-#endif
-
-#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
-char *CONF_get1_default_config_file(void);
-#endif
-
-#if !defined(HAVE_ASN1_PUT_EOC)
-int ASN1_put_eoc(unsigned char **pp);
-#endif
-
-#if !defined(HAVE_OBJ_NAME_DO_ALL_SORTED)
-#endif
-
-#if !defined(HAVE_PEM_DEF_CALLBACK)
-int PEM_def_callback(char *buf, int num, int w, void *key);
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int BN_rand_range(BIGNUM *r, const BIGNUM *range);
-#endif
-
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range);
-#endif
-
-#if !defined(HAVE_BN_NNMOD)
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD)
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_MOD_SUB)
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_MOD_SQR)
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_MD_CTX_INIT)
-#endif
-
-#if !defined(HAVE_MD_CTX_CREATE)
-#endif
-
-#if !defined(HAVE_MD_CTX_DESTROY)
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
-#endif
-
-#if !defined(HAVE_EVP_DIGESTINIT_EX)
-# define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit((ctx), (md))
-#endif
-
-#if !defined(HAVE_EVP_DIGESTFINAL_EX)
-# define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal((ctx), (buf), (len))
-#endif
-
-#if !defined(HAVE_EVP_CIPHERINIT_EX)
-# define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit((ctx), (type), (key), (iv), (enc))
-#endif
-
-#if !defined(HAVE_EVP_CIPHERFINAL_EX)
-# define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl))
-#endif
-
-#if !defined(HAVE_HMAC_INIT_EX)
-int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, void *impl);
-#endif
-
-#if !defined(HAVE_HMAC_CTX_INIT)
-#endif
-
-#if !defined(HAVE_HMAC_CTX_CLEANUP)
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE)
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
-#endif
-
-#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_VERSION)
-int X509_CRL_set_version(X509_CRL *x, long version);
-#endif
-
-#if !defined(HAVE_X509_CRL_SORT)
-int X509_CRL_sort(X509_CRL *c);
-#endif
-
-#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER)
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
-#endif
-
-#if !defined(HAVE_X509V3_SET_NCONF)
-#endif
-
-#if !defined(HAVE_X509V3_EXT_NCONF_NID)
-#endif
-
-/* ENGINE related API can't be polyfilled */
-
-
-/*** added in 0.9.8 ***/
-#if !defined(HAVE_BN_GENCB)
-/* implementation in openssl_missing.c will fail if cb is set */
-typedef struct ossl_pseudo_bn_gencb_struct BN_GENCB;
-#endif
-
-#if !defined(HAVE_BN_IS_PRIME_EX)
-int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-#endif
-
-#if !defined(HAVE_BN_IS_PRIME_FASTTEST_EX)
-int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb);
-#endif
-
-#if !defined(HAVE_BN_GENERATE_PRIME_EX)
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb);
-#endif
-
+/*** added in 0.9.8X ***/
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
#endif
@@ -224,26 +26,11 @@ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
#endif
-#if !defined(HAVE_DH_GENERATE_PARAMETERS_EX)
-#endif
-
-#if !defined(HAVE_DSA_GENERATE_PARAMETERS_EX)
+#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS)
+# define SSL_CTX_clear_options(ctx, op) do \
+ (ctx)->options &= ~(op); while (0)
#endif
-#if !defined(HAVE_RSA_GENERATE_KEY_EX)
-#endif
-
-#if !defined(HAVE_SSL_SESSION_GET_ID)
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
-#endif
-
-#if !defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK)
-#endif
-
-#if !defined(HAVE_OCSP_SINGLERESP_DELETE_EXT)
-# define OCSP_SINGLERESP_delete_ext(s, loc) \
- sk_X509_EXTENSION_delete((s)->singleExtensions, (loc))
-#endif
/*** added in 1.0.0 ***/
#if !defined(HAVE_CRYPTO_THREADID_PTR)
@@ -283,7 +70,13 @@ void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
#endif
/*** added in 1.0.2 ***/
-#if defined(HAVE_SUPPORT_EC)
+#if !defined(HAVE_CRYPTO_MEMCMP)
+int CRYPTO_memcmp(const volatile void * volatile in_a,
+ const volatile void * volatile in_b,
+ size_t len);
+#endif
+
+#if !defined(OPENSSL_NO_EC)
#if !defined(HAVE_EC_CURVE_NIST2NID)
int EC_curve_nist2nid(const char *str);
#endif
@@ -293,6 +86,11 @@ int EC_curve_nist2nid(const char *str);
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
#endif
+#if !defined(HAVE_X509_REVOKED_DUP)
+# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
+ (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
+#endif
+
#if !defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB)
#endif
@@ -306,7 +104,6 @@ int EC_curve_nist2nid(const char *str);
#endif
/*** added in 1.1.0 ***/
-#if defined(HAVE_BN_GENCB)
#if !defined(HAVE_BN_GENCB_NEW)
# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
#endif
@@ -318,7 +115,6 @@ int EC_curve_nist2nid(const char *str);
#if !defined(HAVE_BN_GENCB_GET_ARG)
# define BN_GENCB_get_arg(cb) (cb)->arg
#endif
-#endif
#if !defined(HAVE_HMAC_CTX_NEW)
HMAC_CTX *HMAC_CTX_new(void);
@@ -416,14 +212,9 @@ static inline STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { re
# define OCSP_SINGLERESP_get0_id(s) (s)->certId
#endif
-#if defined(HAVE_EVP_PKEY_TYPE) /* is not opaque */
+#if defined(HAVE_EVP_PKEY_TYPE) /* and !HAVE_OPAQUE_OPENSSL */
+#if !defined(OPENSSL_NO_RSA)
static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { return pkey->pkey.rsa; }
-static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; }
-# if defined(HAVE_SUPPORT_EC)
-static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; }
-# endif
-static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; }
-
static inline void RSA_get0_key(RSA *rsa, BIGNUM **n, BIGNUM **e, BIGNUM **d) {
if (n) *n = rsa->n;
if (e) *e = rsa->e;
@@ -452,7 +243,10 @@ static inline int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGN
BN_free(rsa->dmq1); rsa->dmq1 = dmq1;
BN_free(rsa->iqmp); rsa->iqmp = iqmp;
return 1; }
+#endif /* RSA */
+#if !defined(OPENSSL_NO_DSA)
+static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; }
static inline void DSA_get0_key(DSA *dsa, BIGNUM **pub_key, BIGNUM **priv_key) {
if (pub_key) *pub_key = dsa->pub_key;
if (priv_key) *priv_key = dsa->priv_key; }
@@ -471,7 +265,10 @@ static inline int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
BN_free(dsa->q); dsa->q = q;
BN_free(dsa->g); dsa->g = g;
return 1; }
+#endif /* DSA */
+#if !defined(OPENSSL_NO_DH)
+static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; }
static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; }
static inline void DH_get0_key(DH *dh, BIGNUM **pub_key, BIGNUM **priv_key) {
if (pub_key) *pub_key = dh->pub_key;
@@ -491,6 +288,11 @@ static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
BN_free(dh->q); dh->q = q;
BN_free(dh->g); dh->g = g;
return 1; }
+#endif /* DH */
+
+#if !defined(OPENSSL_NO_EC)
+static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; }
+#endif
#endif
#if defined(__cplusplus)
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 63ac8f4fbd..9cbe4f4510 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -462,7 +462,7 @@ ossl_fips_mode_set(VALUE self, VALUE enabled)
#endif
}
-#ifndef HAVE_OPENSSL_110_THREADING_API
+#if !defined(HAVE_OPENSSL_110_THREADING_API)
/**
* Stores locks needed for OpenSSL thread safety
*/
@@ -1150,7 +1150,7 @@ Init_openssl(void)
*/
ossl_s_to_der = rb_intern("to_der");
-#ifndef HAVE_OPENSSL_110_THREADING_API
+#if !defined(HAVE_OPENSSL_110_THREADING_API)
Init_ossl_locks();
#endif
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index e8271e9d64..a719ea99ee 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -31,11 +31,6 @@ extern "C" {
#include <ruby/io.h>
#include <ruby/thread.h>
-/*
- * Check the OpenSSL version
- * The only supported are:
- * OpenSSL >= 0.9.7
- */
#include <openssl/opensslv.h>
#ifdef HAVE_ASSERT_H
@@ -46,7 +41,6 @@ extern "C" {
#if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER)
# include <openssl/e_os2.h>
-# define OSSL_NO_CONF_API 1
# if !defined(OPENSSL_SYS_WIN32)
# define OPENSSL_SYS_WIN32 1
# endif
@@ -66,13 +60,10 @@ extern "C" {
#if !defined(_WIN32)
# include <openssl/crypto.h>
#endif
-#undef X509_NAME
-#undef PKCS7_SIGNER_INFO
-#if defined(HAVE_SUPPORT_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif
-#if defined(HAVE_OPENSSL_OCSP_H)
-# define OSSL_OCSP_ENABLED
+#if !defined(OPENSSL_NO_OCSP)
# include <openssl/ocsp.h>
#endif
@@ -118,7 +109,7 @@ extern VALUE eOSSLError;
* Compatibility
*/
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-#define STACK _STACK
+//define STACK _STACK
#endif
/*
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 9df4eee1d4..717e1cc7cd 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -212,19 +212,6 @@ static ID sUNIVERSAL, sAPPLICATION, sCONTEXT_SPECIFIC, sPRIVATE;
static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINFINITE_LENGTH, sivUNUSED_BITS;
/*
- * We need to implement these for backward compatibility
- * reasons, behavior of ASN1_put_object and ASN1_object_size
- * for infinite length values is different in OpenSSL <= 0.9.7
- */
-#if OPENSSL_VERSION_NUMBER < 0x00908000L
-#define ossl_asn1_object_size(cons, len, tag) (cons) == 2 ? (len) + ASN1_object_size((cons), 0, (tag)) : ASN1_object_size((cons), (len), (tag))
-#define ossl_asn1_put_object(pp, cons, len, tag, xc) (cons) == 2 ? ASN1_put_object((pp), (cons), 0, (tag), (xc)) : ASN1_put_object((pp), (cons), (len), (tag), (xc))
-#else
-#define ossl_asn1_object_size(cons, len, tag) ASN1_object_size((cons), (len), (tag))
-#define ossl_asn1_put_object(pp, cons, len, tag, xc) ASN1_put_object((pp), (cons), (len), (tag), (xc))
-#endif
-
-/*
* Ruby to ASN1 converters
*/
static ASN1_BOOLEAN
@@ -233,11 +220,7 @@ obj_to_asn1bool(VALUE obj)
if (NIL_P(obj))
ossl_raise(rb_eTypeError, "Can't convert nil into Boolean");
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- return RTEST(obj) ? 0xff : 0x100;
-#else
return RTEST(obj) ? 0xff : 0x0;
-#endif
}
static ASN1_INTEGER*
@@ -779,11 +762,11 @@ ossl_asn1data_to_der(VALUE self)
if (inf_length == Qtrue) {
is_cons = 2;
}
- if((length = ossl_asn1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
+ if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
ossl_raise(eASN1Error, NULL);
der = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(der);
- ossl_asn1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
+ ASN1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));
p += RSTRING_LEN(value);
ossl_str_adjust(der, p);
@@ -1185,30 +1168,6 @@ ossl_asn1eoc_initialize(VALUE self) {
return self;
}
-static int
-ossl_i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
-{
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- if(!a) return 0;
- if(a->type == V_ASN1_BOOLEAN)
- return i2d_ASN1_BOOLEAN(a->value.boolean, pp);
-#endif
- return i2d_ASN1_TYPE(a, pp);
-}
-
-static void
-ossl_ASN1_TYPE_free(ASN1_TYPE *a)
-{
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- if(!a) return;
- if(a->type == V_ASN1_BOOLEAN){
- OPENSSL_free(a);
- return;
- }
-#endif
- ASN1_TYPE_free(a);
-}
-
/*
* call-seq:
* asn1.to_der => DER-encoded String
@@ -1229,22 +1188,22 @@ ossl_asn1prim_to_der(VALUE self)
explicit = ossl_asn1_is_explicit(self);
asn1 = ossl_asn1_get_asn1type(self);
- len = ossl_asn1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn);
+ len = ASN1_object_size(1, i2d_ASN1_TYPE(asn1, NULL), tn);
if(!(buf = OPENSSL_malloc(len))){
- ossl_ASN1_TYPE_free(asn1);
+ ASN1_TYPE_free(asn1);
ossl_raise(eASN1Error, "cannot alloc buffer");
}
p = buf;
if (tc == V_ASN1_UNIVERSAL) {
- ossl_i2d_ASN1_TYPE(asn1, &p);
+ i2d_ASN1_TYPE(asn1, &p);
} else if (explicit) {
- ossl_asn1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc);
- ossl_i2d_ASN1_TYPE(asn1, &p);
+ ASN1_put_object(&p, 1, i2d_ASN1_TYPE(asn1, NULL), tn, tc);
+ i2d_ASN1_TYPE(asn1, &p);
} else {
- ossl_i2d_ASN1_TYPE(asn1, &p);
+ i2d_ASN1_TYPE(asn1, &p);
*buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED);
}
- ossl_ASN1_TYPE_free(asn1);
+ ASN1_TYPE_free(asn1);
reallen = p - buf;
assert(reallen <= len);
str = ossl_buf2str((char *)buf, rb_long2int(reallen)); /* buf will be free in ossl_buf2str */
@@ -1310,19 +1269,19 @@ ossl_asn1cons_to_der(VALUE self)
explicit = ossl_asn1_is_explicit(self);
value = join_der(ossl_asn1_get_value(self));
- seq_len = ossl_asn1_object_size(constructed, RSTRING_LENINT(value), tag);
- length = ossl_asn1_object_size(constructed, seq_len, tn);
+ seq_len = ASN1_object_size(constructed, RSTRING_LENINT(value), tag);
+ length = ASN1_object_size(constructed, seq_len, tn);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);
if(tc == V_ASN1_UNIVERSAL)
- ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
+ ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
else{
if(explicit){
- ossl_asn1_put_object(&p, constructed, seq_len, tn, tc);
- ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
+ ASN1_put_object(&p, constructed, seq_len, tn, tc);
+ ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
}
else{
- ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
+ ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
}
}
memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index c9fcb6bdbd..56478a2133 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -154,7 +154,6 @@ ossl_cipher_copy(VALUE self, VALUE other)
return self;
}
-#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
static void*
add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
{
@@ -180,9 +179,6 @@ ossl_s_ciphers(VALUE self)
return ary;
}
-#else
-#define ossl_s_ciphers rb_f_notimplement
-#endif
/*
* call-seq:
@@ -713,7 +709,6 @@ ossl_cipher_set_key_length(VALUE self, VALUE key_length)
return key_length;
}
-#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
/*
* call-seq:
* cipher.padding = integer -> integer
@@ -735,9 +730,6 @@ ossl_cipher_set_padding(VALUE self, VALUE padding)
ossl_raise(eCipherError, NULL);
return padding;
}
-#else
-#define ossl_cipher_set_padding rb_f_notimplement
-#endif
#define CIPHER_0ARG_INT(func) \
static VALUE \
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
index 01418e65c5..513179b3ab 100644
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@@ -9,7 +9,7 @@
*/
#include "ossl.h"
-#if defined(HAVE_SUPPORT_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE)
#define NewEngine(klass) \
TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
@@ -279,7 +279,6 @@ ossl_engine_finish(VALUE self)
return Qnil;
}
-#if defined(HAVE_ENGINE_GET_CIPHER)
/* Document-method: OpenSSL::Engine#cipher
*
* call-seq:
@@ -314,11 +313,7 @@ ossl_engine_get_cipher(VALUE self, VALUE name)
return ossl_cipher_new(ciph);
}
-#else
-#define ossl_engine_get_cipher rb_f_notimplement
-#endif
-#if defined(HAVE_ENGINE_GET_DIGEST)
/* Document-method: OpenSSL::Engine#digest
*
* call-seq:
@@ -353,9 +348,6 @@ ossl_engine_get_digest(VALUE self, VALUE name)
return ossl_digest_new(md);
}
-#else
-#define ossl_engine_get_digest rb_f_notimplement
-#endif
/* Document-method: OpenSSL::Engine#load_private_key
*
@@ -379,11 +371,7 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self)
sid = NIL_P(id) ? NULL : StringValuePtr(id);
sdata = NIL_P(data) ? NULL : StringValuePtr(data);
GetEngine(self, e);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- pkey = ENGINE_load_private_key(e, sid, sdata);
-#else
pkey = ENGINE_load_private_key(e, sid, NULL, sdata);
-#endif
if (!pkey) ossl_raise(eEngineError, NULL);
obj = ossl_pkey_new(pkey);
OSSL_PKEY_SET_PRIVATE(obj);
@@ -413,11 +401,7 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
sid = NIL_P(id) ? NULL : StringValuePtr(id);
sdata = NIL_P(data) ? NULL : StringValuePtr(data);
GetEngine(self, e);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- pkey = ENGINE_load_public_key(e, sid, sdata);
-#else
pkey = ENGINE_load_public_key(e, sid, NULL, sdata);
-#endif
if (!pkey) ossl_raise(eEngineError, NULL);
return ossl_pkey_new(pkey);
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index 9c8e59e2a8..6d1ccdcb2d 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -10,7 +10,7 @@
*/
#include "ossl.h"
-#if defined(OSSL_OCSP_ENABLED)
+#if !defined(OPENSSL_NO_OCSP)
#define NewOCSPReq(klass) \
TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0)
diff --git a/ext/openssl/ossl_ocsp.h b/ext/openssl/ossl_ocsp.h
index c5064fbc85..21e2c99a2e 100644
--- a/ext/openssl/ossl_ocsp.h
+++ b/ext/openssl/ossl_ocsp.h
@@ -11,7 +11,7 @@
#if !defined(_OSSL_OCSP_H_)
#define _OSSL_OCSP_H_
-#if defined(OSSL_OCSP_ENABLED)
+#if !defined(OPENSSL_NO_OCSP)
extern VALUE mOCSP;
extern VALUE cOPCSReq;
extern VALUE cOPCSRes;
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 9ca3abd764..0fd374268e 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -127,6 +127,22 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = {
* Public
* (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM)
*/
+static PKCS7_SIGNER_INFO *
+ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si)
+{
+ return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
+ (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
+ (char *)(si));
+}
+
+static PKCS7_RECIP_INFO *
+ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si)
+{
+ return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
+ (d2i_of_void *)d2i_PKCS7_RECIP_INFO,
+ (char *)(si));
+}
+
static VALUE
ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
{
@@ -134,7 +150,7 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
VALUE obj;
obj = NewPKCS7si(cPKCS7Signer);
- pkcs7 = p7si ? PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
+ pkcs7 = p7si ? ossl_PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
SetPKCS7si(obj, pkcs7);
@@ -147,7 +163,7 @@ DupPKCS7SignerPtr(VALUE obj)
PKCS7_SIGNER_INFO *p7si, *pkcs7;
SafeGetPKCS7si(obj, p7si);
- if (!(pkcs7 = PKCS7_SIGNER_INFO_dup(p7si))) {
+ if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
ossl_raise(ePKCS7Error, NULL);
}
@@ -161,7 +177,7 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
VALUE obj;
obj = NewPKCS7ri(cPKCS7Recipient);
- pkcs7 = p7ri ? PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
+ pkcs7 = p7ri ? ossl_PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
SetPKCS7ri(obj, pkcs7);
@@ -174,7 +190,7 @@ DupPKCS7RecipientPtr(VALUE obj)
PKCS7_RECIP_INFO *p7ri, *pkcs7;
SafeGetPKCS7ri(obj, p7ri);
- if (!(pkcs7 = PKCS7_RECIP_INFO_dup(p7ri))) {
+ if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
ossl_raise(ePKCS7Error, NULL);
}
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 2e69be2acd..6fed80bda2 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -32,7 +32,6 @@ ossl_generate_cb(int p, int n, void *arg)
rb_yield(ary);
}
-#if HAVE_BN_GENCB
/* OpenSSL 2nd version of GN generation callback */
int
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
@@ -66,7 +65,6 @@ ossl_generate_cb_stop(void *ptr)
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
arg->stop = 1;
}
-#endif
static void
ossl_evp_pkey_free(void *ptr)
@@ -104,7 +102,7 @@ ossl_pkey_new(EVP_PKEY *pkey)
case EVP_PKEY_DH:
return ossl_dh_new(pkey);
#endif
-#if defined(HAVE_SUPPORT_EC)
+#if !defined(OPENSSL_NO_EC)
case EVP_PKEY_EC:
return ossl_ec_new(pkey);
#endif
diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h
index 6eb51a76bd..a1517bfca4 100644
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@@ -41,8 +41,6 @@ extern const rb_data_type_t ossl_evp_pkey_type;
} while (0)
void ossl_generate_cb(int, int, void *);
-#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX)
-#if HAVE_BN_GENCB
struct ossl_generate_cb_arg {
int yield;
int stop;
@@ -50,7 +48,6 @@ struct ossl_generate_cb_arg {
};
int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
void ossl_generate_cb_stop(void *ptr);
-#endif
VALUE ossl_pkey_new(EVP_PKEY *);
VALUE ossl_pkey_new_from_file(VALUE);
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index a53ad2d3cc..783d681a10 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -73,7 +73,6 @@ ossl_dh_new(EVP_PKEY *pkey)
/*
* Private
*/
-#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct dh_blocking_gen_arg {
DH *dh;
int size;
@@ -89,12 +88,10 @@ dh_blocking_gen(void *arg)
gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb);
return 0;
}
-#endif
static DH *
dh_generate(int size, int gen)
{
-#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct ossl_generate_cb_arg cb_arg;
struct dh_blocking_gen_arg gen_arg;
DH *dh = DH_new();
@@ -128,12 +125,6 @@ dh_generate(int size, int gen)
if (cb_arg.state) rb_jump_tag(cb_arg.state);
return 0;
}
-#else
- DH *dh;
-
- dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
- if (!dh) return 0;
-#endif
if (!DH_generate_key(dh)) {
DH_free(dh);
@@ -276,7 +267,7 @@ ossl_dh_is_private(VALUE self)
dh = EVP_PKEY_get0_DH(pkey);
DH_get0_key(dh, NULL, &priv_key);
-#if defined(HAVE_SUPPORT_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE)
return (priv_key || DH_get0_engine(dh)) ? Qtrue : Qfalse;
#else
return priv_key ? Qtrue : Qfalse;
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index 0213843ee7..01d372b421 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -81,7 +81,6 @@ ossl_dsa_new(EVP_PKEY *pkey)
/*
* Private
*/
-#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct dsa_blocking_gen_arg {
DSA *dsa;
int size;
@@ -100,12 +99,10 @@ dsa_blocking_gen(void *arg)
gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb);
return 0;
}
-#endif
static DSA *
dsa_generate(int size)
{
-#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct ossl_generate_cb_arg cb_arg;
struct dsa_blocking_gen_arg gen_arg;
DSA *dsa = DSA_new();
@@ -148,19 +145,6 @@ dsa_generate(int size)
if (cb_arg.state) rb_jump_tag(cb_arg.state);
return 0;
}
-#else
- DSA *dsa;
- unsigned char seed[20];
- int seed_len = 20, counter;
- unsigned long h;
-
- if (RAND_bytes(seed, seed_len) <= 0) {
- return 0;
- }
- dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h,
- rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
- if(!dsa) return 0;
-#endif
if (!DSA_generate_key(dsa)) {
DSA_free(dsa);
@@ -250,6 +234,8 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
}
if (!dsa) {
OSSL_BIO_reset(in);
+#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+ (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u))
dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL);
}
BIO_free(in);
@@ -453,6 +439,8 @@ ossl_dsa_to_text(VALUE self)
return str;
}
+# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
+ (d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa))
/*
* call-seq:
* dsa.public_key -> aDSA
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index e7b9c68b9b..09121a0846 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -4,7 +4,7 @@
#include "ossl.h"
-#if defined(HAVE_SUPPORT_EC)
+#if !defined(OPENSSL_NO_EC)
typedef struct {
EC_GROUP *group;
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 5182fc3a32..0f72b1f7f3 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -83,7 +83,6 @@ ossl_rsa_new(EVP_PKEY *pkey)
/*
* Private
*/
-#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
struct rsa_blocking_gen_arg {
RSA *rsa;
BIGNUM *e;
@@ -99,12 +98,10 @@ rsa_blocking_gen(void *arg)
gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb);
return 0;
}
-#endif
static RSA *
rsa_generate(int size, unsigned long exp)
{
-#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
int i;
struct ossl_generate_cb_arg cb_arg;
struct rsa_blocking_gen_arg gen_arg;
@@ -152,9 +149,6 @@ rsa_generate(int size, unsigned long exp)
}
return rsa;
-#else
- return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
-#endif
}
/*
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 48a790b8d0..218910e003 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -90,26 +90,22 @@ static const struct {
OSSL_SSL_METHOD_ENTRY(TLSv1),
OSSL_SSL_METHOD_ENTRY(TLSv1_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_client),
-#if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \
- defined(HAVE_TLSV1_2_CLIENT_METHOD)
+#if defined(HAVE_TLSV1_2_METHOD)
OSSL_SSL_METHOD_ENTRY(TLSv1_2),
OSSL_SSL_METHOD_ENTRY(TLSv1_2_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_2_client),
#endif
-#if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \
- defined(HAVE_TLSV1_1_CLIENT_METHOD)
+#if defined(HAVE_TLSV1_1_METHOD)
OSSL_SSL_METHOD_ENTRY(TLSv1_1),
OSSL_SSL_METHOD_ENTRY(TLSv1_1_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_1_client),
#endif
-#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
- defined(HAVE_SSLV2_CLIENT_METHOD)
+#if defined(HAVE_SSLV2_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv2),
OSSL_SSL_METHOD_ENTRY(SSLv2_server),
OSSL_SSL_METHOD_ENTRY(SSLv2_client),
#endif
-#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
- defined(HAVE_SSLV3_CLIENT_METHOD)
+#if defined(HAVE_SSLV3_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv3),
OSSL_SSL_METHOD_ENTRY(SSLv3_server),
OSSL_SSL_METHOD_ENTRY(SSLv3_client),
@@ -945,7 +941,8 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
* call-seq:
* ctx.security_level => 0, .., 5
*
- * The security level for this context (new in OpenSSL 1.1.0).
+ * The security level for this context. This is new in OpenSSL 1.1.0 and
+ * always returns 0 if using older OpenSSL.
*/
static VALUE
ossl_sslctx_get_security_level(VALUE self)
@@ -972,7 +969,8 @@ ossl_sslctx_get_security_level(VALUE self)
* ctx.security_level = 0
* ctx.security_level = 5
*
- * Sets the security level for this context (new in OpenSSL 1.1.0).
+ * Sets the security level for this context. This is new in OpenSSL 1.1.0 and
+ * no-op if using older OpenSSL.
*/
static VALUE
ossl_sslctx_set_security_level(VALUE self, VALUE v)
@@ -992,7 +990,7 @@ ossl_sslctx_set_security_level(VALUE self, VALUE v)
return v;
}
-#if defined(HAVE_SUPPORT_EC)
+#if !defined(OPENSSL_NO_EC)
/*
* call-seq:
* ctx.set_elliptic_curves("curve1:curve2:curve3") -> self
@@ -1695,7 +1693,7 @@ ossl_ssl_stop(VALUE self)
ossl_ssl_shutdown(ssl);
//SSL_free(ssl);
}
- DATA_PTR(self) = NULL;
+// DATA_PTR(self) = NULL;
return Qnil;
}
@@ -2294,7 +2292,7 @@ Init_ossl_ssl(void)
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0);
rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
-#if defined(HAVE_SUPPORT_EC)
+#if !defined(OPENSSL_NO_EC)
rb_define_method(cSSLContext, "set_elliptic_curves", ossl_sslctx_set_elliptic_curves, 1);
#endif
diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c
index 4dbe53e32b..eed0c22197 100644
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@@ -82,7 +82,7 @@ xSSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
unsigned int b_len;
const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
-#if !defined(HAVE_SSL_SESSION_GET_ID) /* 1.0.2 or older */
+#if !defined(HAVE_OPAQUE_OPENSSL)
if (a->ssl_version != b->ssl_version)
return 1;
#endif
diff --git a/ext/openssl/ossl_x509.c b/ext/openssl/ossl_x509.c
index 2fd14566cd..cf62b53e28 100644
--- a/ext/openssl/ossl_x509.c
+++ b/ext/openssl/ossl_x509.c
@@ -63,12 +63,8 @@ Init_ossl_x509(void)
DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
DefX509Const(V_ERR_APPLICATION_VERIFICATION);
-#if defined(X509_V_FLAG_CRL_CHECK)
DefX509Const(V_FLAG_CRL_CHECK);
-#endif
-#if defined(X509_V_FLAG_CRL_CHECK_ALL)
DefX509Const(V_FLAG_CRL_CHECK_ALL);
-#endif
DefX509Const(PURPOSE_SSL_CLIENT);
DefX509Const(PURPOSE_SSL_SERVER);
@@ -77,21 +73,15 @@ Init_ossl_x509(void)
DefX509Const(PURPOSE_SMIME_ENCRYPT);
DefX509Const(PURPOSE_CRL_SIGN);
DefX509Const(PURPOSE_ANY);
-#if defined(X509_PURPOSE_OCSP_HELPER)
DefX509Const(PURPOSE_OCSP_HELPER);
-#endif
DefX509Const(TRUST_COMPAT);
DefX509Const(TRUST_SSL_CLIENT);
DefX509Const(TRUST_SSL_SERVER);
DefX509Const(TRUST_EMAIL);
DefX509Const(TRUST_OBJECT_SIGN);
-#if defined(X509_TRUST_OCSP_SIGN)
DefX509Const(TRUST_OCSP_SIGN);
-#endif
-#if defined(X509_TRUST_OCSP_REQUEST)
DefX509Const(TRUST_OCSP_REQUEST);
-#endif
DefX509Default(CERT_AREA, cert_area);
DefX509Default(CERT_DIR, cert_dir);
diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
index 6f4429ecde..70f86e2d64 100644
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@@ -178,14 +178,6 @@ ossl_x509attr_get_oid(VALUE self)
return ret;
}
-/*#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE)
-# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single)
-# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
-#else
-# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set)
-# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
-#endif*/
-
/*
* call-seq:
* attr.value = asn1 => asn1
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
index c16fa92148..15e0c1f875 100644
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@@ -188,7 +188,6 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
return crl;
}
-#ifdef HAVE_X509V3_SET_NCONF
static VALUE
ossl_x509extfactory_set_config(VALUE self, VALUE config)
{
@@ -202,9 +201,6 @@ ossl_x509extfactory_set_config(VALUE self, VALUE config)
return config;
}
-#else
-#define ossl_x509extfactory_set_config rb_f_notimplement
-#endif
static VALUE
ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
@@ -243,12 +239,8 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
X509_EXTENSION *ext;
VALUE oid, value, critical, valstr, obj;
int nid;
-#ifdef HAVE_X509V3_EXT_NCONF_NID
VALUE rconf;
CONF *conf;
-#else
- static LHASH *empty_lhash;
-#endif
rb_scan_args(argc, argv, "21", &oid, &value, &critical);
StringValue(oid);
@@ -262,14 +254,9 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
rb_str_append(valstr, value);
GetX509ExtFactory(self, ctx);
obj = NewX509Ext(cX509Ext);
-#ifdef HAVE_X509V3_EXT_NCONF_NID
rconf = rb_iv_get(self, "@config");
conf = NIL_P(rconf) ? NULL : GetConfigPtr(rconf);
ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
-#else
- if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
- ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
-#endif
if (!ext){
ossl_raise(eX509ExtError, "%s = %s",
RSTRING_PTR(oid), RSTRING_PTR(value));
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index a62e79c184..c795841a92 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -153,12 +153,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
X509_STORE_set_verify_cb(store, ossl_verify_cb);
ossl_x509store_set_vfy_cb(self, Qnil);
-#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
- rb_iv_set(self, "@flags", INT2FIX(0));
- rb_iv_set(self, "@purpose", INT2FIX(0));
- rb_iv_set(self, "@trust", INT2FIX(0));
-#endif
-
/* last verification status */
rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil);
@@ -171,15 +165,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
static VALUE
ossl_x509store_set_flags(VALUE self, VALUE flags)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
long f = NUM2LONG(flags);
GetX509Store(self, store);
X509_STORE_set_flags(store, f);
-#else
- rb_iv_set(self, "@flags", flags);
-#endif
return flags;
}
@@ -187,15 +177,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
static VALUE
ossl_x509store_set_purpose(VALUE self, VALUE purpose)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
int p = NUM2INT(purpose);
GetX509Store(self, store);
X509_STORE_set_purpose(store, p);
-#else
- rb_iv_set(self, "@purpose", purpose);
-#endif
return purpose;
}
@@ -203,15 +189,11 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
static VALUE
ossl_x509store_set_trust(VALUE self, VALUE trust)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
int t = NUM2INT(trust);
GetX509Store(self, store);
X509_STORE_set_trust(store, t);
-#else
- rb_iv_set(self, "@trust", trust);
-#endif
return trust;
}
@@ -441,17 +423,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
SafeGetX509Store(store, x509st);
if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
sk_X509_pop_free(x509s, X509_free);
ossl_raise(eX509StoreError, NULL);
}
-#else
- X509_STORE_CTX_init(ctx, x509st, x509, x509s);
- ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
- ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
- ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
-#endif
if (!NIL_P(t = rb_iv_get(store, "@time")))
ossl_x509stctx_set_time(self, t);
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
@@ -556,7 +531,6 @@ ossl_x509stctx_get_curr_cert(VALUE self)
static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE_CTX *ctx;
X509_CRL *crl;
@@ -565,9 +539,6 @@ ossl_x509stctx_get_curr_crl(VALUE self)
if(!crl) return Qnil;
return ossl_x509crl_new(crl);
-#else
- return Qnil;
-#endif
}
static VALUE