From 0c1e707d0072df557020d3936cca666ab00fd79c Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Mon, 18 Apr 2016 19:35:09 +0900 Subject: fixing 0.9.7 build --- ext/openssl/extconf.rb | 18 +++++++++++------- ext/openssl/openssl_missing.c | 17 +++++------------ ext/openssl/openssl_missing.h | 16 +++++++++++----- ext/openssl/ossl.h | 3 +-- ext/openssl/ossl_engine.c | 2 +- ext/openssl/ossl_pkey.c | 2 +- ext/openssl/ossl_pkey_dh.c | 2 +- ext/openssl/ossl_pkey_ec.c | 6 +++--- ext/openssl/ossl_ssl.c | 6 ++++-- 9 files changed, 38 insertions(+), 34 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 5482523146..87138512dd 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -69,6 +69,16 @@ def have_funcish(name) end Logging::message "=== Checking for OpenSSL features... ===\n" +# OpenSSL compile options +have_func("SSLv2_method") # removed in 1.1.0 +have_func("SSLv3_method") +have_func("TLSv1_1_method") # added in 1.0.1 +have_func("TLSv1_2_method") # added in 1.0.1 +have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS") +have_func("EC_KEY_new") && $defs.push("-DHAVE_SUPPORT_EC") +# HMAC can't be disabled +have_func("ENGINE_new") && $defs.push("-DHAVE_SUPPORT_ENGINE") + # added in 0.9.6a-0.9.7 have_func("OPENSSL_cleanse") have_func("ERR_peek_last_error") @@ -102,7 +112,6 @@ have_func("X509_REVOKED_set_serialNumber") have_func("X509V3_set_nconf") have_func("X509V3_EXT_nconf_nid") -have_header("openssl/engine.h") have_func("ENGINE_add") have_func("ENGINE_get_digest") have_func("ENGINE_get_cipher") @@ -114,6 +123,7 @@ engines.each { |name| have_func_or_macro("ENGINE_load_#{name}", "openssl/engine. have_header("openssl/ocsp.h") # added in -0.9.8 +have_func("BN_GENCB_call") && $defs.push("-DHAVE_BN_GENCB") have_func("BN_is_prime_ex") have_func("BN_is_prime_fasttest_ex") have_func("BN_generate_prime_ex") @@ -179,12 +189,6 @@ have_func("SSL_CTX_get_security_level") have_func("OCSP_SINGLERESP_get0_id") have_struct_member("EVP_PKEY", "type", "openssl/evp.h") # removed -# depending on OpenSSL configuration -have_func("SSLv2_method") # removed in 1.1.0 -have_func("SSLv3_method") -have_func("TLSv1_1_method") # added in 1.0.1 -have_func("TLSv1_2_method") # added in 1.0.1 -have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS") # LibreSSL support have_func("RAND_egd") # removed diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 05d596f3d2..1f3100e653 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -176,8 +176,6 @@ BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) } #endif -#if !defined(OPENSSL_NO_HMAC) -#include #if !defined(HAVE_HMAC_INIT_EX) int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, @@ -188,7 +186,6 @@ HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, return HMAC_Init(ctx, key, key_len, md); } #endif -#endif #if !defined(HAVE_X509_CRL_SET_NEXTUPDATE) int @@ -277,7 +274,7 @@ X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) /*** added in 0.9.8 ***/ #if !defined(HAVE_BN_IS_PRIME_EX) -int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, void *cb) +int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, BN_GENCB *cb) { if (cb) rb_bug("not supported"); @@ -287,7 +284,7 @@ int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, void *cb) #if !defined(HAVE_BN_IS_PRIME_FASTTEST_EX) int BN_is_prime_fasttestex(const BIGNUM *bn, int checks, BN_CTX *ctx, - int do_trial_division, void *cb) + int do_trial_division, BN_GENCB *cb) { if (cb) rb_bug("not supported"); @@ -301,7 +298,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, { if (cb) rb_bug("not supported"); - return BN_generate_prime(ret, bits, safe, add, rem, NULL); + return BN_generate_prime(ret, bits, safe, add, rem, NULL, NULL); } #endif @@ -363,8 +360,6 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } #endif -#if !defined(OPENSSL_NO_HMAC) -#include #if !defined(HAVE_HMAC_CTX_COPY) void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) @@ -377,10 +372,10 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx); } #endif -#endif /*** added in 1.0.1 ***/ /*** added in 1.0.2 ***/ +#if defined(HAVE_SUPPORT_EC) #if !defined(HAVE_EC_CURVE_NIST2NID) static struct { const char *name; @@ -414,10 +409,9 @@ EC_curve_nist2nid(const char *name) return NID_undef; } #endif +#endif /*** added in 1.1.0 ***/ -#if !defined(OPENSSL_NO_HMAC) -#include #if !defined(HAVE_HMAC_CTX_NEW) HMAC_CTX * HMAC_CTX_new(void) @@ -468,7 +462,6 @@ HMAC_CTX_reset(HMAC_CTX *ctx) return 0; } #endif -#endif #if !defined(HAVE_EVP_MD_CTX_NEW) EVP_MD_CTX * diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 692053fc0e..57966230e8 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -11,6 +11,7 @@ #define _OSSL_OPENSSL_MISSING_H_ #include +#include #if defined(__cplusplus) extern "C" { @@ -154,7 +155,6 @@ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); # define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl)) #endif -#if !defined(OPENSSL_NO_HMAC) #if !defined(HAVE_HMAC_INIT_EX) int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, void *impl); #endif @@ -164,7 +164,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, #if !defined(HAVE_HMAC_CTX_CLEANUP) #endif -#endif #if !defined(HAVE_X509_CRL_SET_NEXTUPDATE) int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); @@ -200,7 +199,11 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); /*** added in 0.9.8 ***/ -#if defined(HAVE_BN_GENCB) +#if !defined(HAVE_BN_GENCB) +/* implementation in openssl_missing.c will fail if cb is set */ +typedef struct ossl_pseudo_bn_gencb_struct BN_GENCB; +#endif + #if !defined(HAVE_BN_IS_PRIME_EX) int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); #endif @@ -212,7 +215,6 @@ int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, int do_tr #if !defined(HAVE_BN_GENERATE_PRIME_EX) int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); #endif -#endif #if !defined(HAVE_EVP_CIPHER_CTX_NEW) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); @@ -232,7 +234,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); #endif #if !defined(HAVE_SSL_SESSION_GET_ID) -int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); #endif #if !defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) @@ -281,9 +283,11 @@ void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); #endif /*** added in 1.0.2 ***/ +#if defined(HAVE_SUPPORT_EC) #if !defined(HAVE_EC_CURVE_NIST2NID) int EC_curve_nist2nid(const char *str); #endif +#endif #if !defined(HAVE_X509_STORE_CTX_GET0_STORE) # define X509_STORE_CTX_get0_store(x) ((x)->ctx) @@ -415,7 +419,9 @@ static inline STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { re #if defined(HAVE_EVP_PKEY_TYPE) /* is not opaque */ static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { return pkey->pkey.rsa; } static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; } +# if defined(HAVE_SUPPORT_EC) static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; } +# endif static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; } static inline void RSA_get0_key(RSA *rsa, BIGNUM **n, BIGNUM **e, BIGNUM **d) { diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index ea5eb076d0..e8271e9d64 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -68,8 +68,7 @@ extern "C" { #endif #undef X509_NAME #undef PKCS7_SIGNER_INFO -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHERINIT_EX) -# define OSSL_ENGINE_ENABLED +#if defined(HAVE_SUPPORT_ENGINE) # include #endif #if defined(HAVE_OPENSSL_OCSP_H) diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index 87ca013c38..01418e65c5 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -9,7 +9,7 @@ */ #include "ossl.h" -#if defined(OSSL_ENGINE_ENABLED) +#if defined(HAVE_SUPPORT_ENGINE) #define NewEngine(klass) \ TypedData_Wrap_Struct((klass), &ossl_engine_type, 0) diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index df39985aa8..2e69be2acd 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -104,7 +104,7 @@ ossl_pkey_new(EVP_PKEY *pkey) case EVP_PKEY_DH: return ossl_dh_new(pkey); #endif -#if !defined(OPENSSL_NO_EC) && (OPENSSL_VERSION_NUMBER >= 0x0090802fL) +#if defined(HAVE_SUPPORT_EC) case EVP_PKEY_EC: return ossl_ec_new(pkey); #endif diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 08e340eb15..a53ad2d3cc 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -276,7 +276,7 @@ ossl_dh_is_private(VALUE self) dh = EVP_PKEY_get0_DH(pkey); DH_get0_key(dh, NULL, &priv_key); -#ifdef OSSL_ENGINE_ENABLED +#if defined(HAVE_SUPPORT_ENGINE) return (priv_key || DH_get0_engine(dh)) ? Qtrue : Qfalse; #else return priv_key ? Qtrue : Qfalse; diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 8218e714e3..e7b9c68b9b 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -4,7 +4,7 @@ #include "ossl.h" -#if !defined(OPENSSL_NO_EC) && (OPENSSL_VERSION_NUMBER >= 0x0090802fL) +#if defined(HAVE_SUPPORT_EC) typedef struct { EC_GROUP *group; @@ -1698,8 +1698,8 @@ void Init_ossl_ec(void) no_copy(cEC_POINT); } -#else /* defined NO_EC */ +#else /* SUPPORT_EC */ void Init_ossl_ec(void) { } -#endif /* NO_EC */ +#endif /* !SUPPORT_EC */ diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 724c61c8d7..48a790b8d0 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -992,7 +992,7 @@ ossl_sslctx_set_security_level(VALUE self, VALUE v) return v; } -#ifndef OPENSSL_NO_EC +#if defined(HAVE_SUPPORT_EC) /* * call-seq: * ctx.set_elliptic_curves("curve1:curve2:curve3") -> self @@ -1033,7 +1033,7 @@ ossl_sslctx_set_elliptic_curves(VALUE self, VALUE str) return self; } -#endif +#endif /* HAVE_SUPPORT_EC */ /* * call-seq: @@ -2294,7 +2294,9 @@ Init_ossl_ssl(void) rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1); rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0); rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1); +#if defined(HAVE_SUPPORT_EC) rb_define_method(cSSLContext, "set_elliptic_curves", ossl_sslctx_set_elliptic_curves, 1); +#endif rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0); -- cgit v1.2.3