From 346f5f52206c478e9f5d444c8f1697fef7be58b2 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 20 Apr 2016 01:16:45 +0900 Subject: ext/openssl: always use our implementation of SSL_SESSION_cmp() Implement CRYPTO_memcmp() in openssl_missing.c if it is not provided. Rename our SSL_SESSION_cmp() to ossl_SSL_SESSION_cmp(). --- ext/openssl/extconf.rb | 2 +- ext/openssl/openssl_missing.c | 18 ++++++++++++++++++ ext/openssl/openssl_missing.h | 4 ++++ ext/openssl/ossl_ssl_session.c | 7 +++---- 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index aa1e8254c1..a910fa286c 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -95,8 +95,8 @@ have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") have_func("OBJ_NAME_do_all_sorted") have_func("SSL_SESSION_get_id") -have_func("SSL_SESSION_cmp") have_func("OPENSSL_cleanse") +have_func("CRYPTO_memcmp") have_func("SSLv2_method") have_func("SSLv2_server_method") have_func("SSLv2_client_method") diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 31f2d0a5f9..5981f19443 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -338,3 +338,21 @@ ASN1_put_eoc(unsigned char **pp) return 2; } #endif + +#if !defined(HAVE_CRYPTO_MEMCMP) +int +CRYPTO_memcmp(const volatile void * volatile in_a, + const volatile void * volatile in_b, + size_t len) +{ + size_t i; + const volatile unsigned char *a = in_a; + const volatile unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; +} +#endif diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 7067f7d750..bf5be463cf 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -148,6 +148,10 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); int X509_CRL_set_version(X509_CRL *x, long version); #endif +#if !defined(HAVE_CRYPTO_MEMCMP) +int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len); +#endif + #if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); #endif diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index e1bbc6fb54..2c21d6ad84 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -73,8 +73,8 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1) return self; } -#if HAVE_SSL_SESSION_CMP == 0 -int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) +/* SSL_SESSION_cmp() was removed without a replacement in 1.0.0 */ +static int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version || a->session_id_length != b->session_id_length) @@ -85,7 +85,6 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) return CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length); #endif } -#endif /* * call-seq: @@ -99,7 +98,7 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2) GetSSLSession(val1, ctx1); SafeGetSSLSession(val2, ctx2); - switch (SSL_SESSION_cmp(ctx1, ctx2)) { + switch (ossl_SSL_SESSION_cmp(ctx1, ctx2)) { case 0: return Qtrue; default: return Qfalse; } -- cgit v1.2.3