From 1b930fc27df2089de2f5cf9d41d7a64c56587a87 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Mon, 18 Apr 2016 23:26:27 +0900 Subject: drop OpenSSL 0.9.6/0.9.7 support --- ext/openssl/extconf.rb | 79 ++------- ext/openssl/openssl_missing.c | 361 +++-------------------------------------- ext/openssl/openssl_missing.h | 256 ++++------------------------- ext/openssl/ossl.c | 4 +- ext/openssl/ossl.h | 15 +- ext/openssl/ossl_asn1.c | 71 ++------ ext/openssl/ossl_cipher.c | 8 - ext/openssl/ossl_engine.c | 18 +- ext/openssl/ossl_ocsp.c | 2 +- ext/openssl/ossl_ocsp.h | 2 +- ext/openssl/ossl_pkcs7.c | 24 ++- ext/openssl/ossl_pkey.c | 4 +- ext/openssl/ossl_pkey.h | 3 - ext/openssl/ossl_pkey_dh.c | 11 +- ext/openssl/ossl_pkey_dsa.c | 20 +-- ext/openssl/ossl_pkey_ec.c | 2 +- ext/openssl/ossl_pkey_rsa.c | 6 - ext/openssl/ossl_ssl.c | 24 ++- ext/openssl/ossl_ssl_session.c | 2 +- ext/openssl/ossl_x509.c | 10 -- ext/openssl/ossl_x509attr.c | 8 - ext/openssl/ossl_x509ext.c | 13 -- ext/openssl/ossl_x509store.c | 29 ---- 23 files changed, 129 insertions(+), 843 deletions(-) (limited to 'ext/openssl') diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 87138512dd..511d7b18d3 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -51,8 +51,9 @@ unless result end end -unless have_header("openssl/conf_api.h") - raise "OpenSSL 0.9.6 or later required." +unless checking_for("OpenSSL version is 0.9.8 or later") { + try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h") } + raise "OpenSSL 0.9.8 or later required." end unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h") raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')" @@ -63,11 +64,6 @@ def have_func_or_macro(name, header) have_macro(name, [header]) && $defs.push("-DHAVE_#{name.upcase}") end -def have_funcish(name) - have_func(name) || - have_macro(name, [header]) && $defs.push("-DHAVE_#{name.upcase}") -end - Logging::message "=== Checking for OpenSSL features... ===\n" # OpenSSL compile options have_func("SSLv2_method") # removed in 1.1.0 @@ -75,66 +71,15 @@ have_func("SSLv3_method") have_func("TLSv1_1_method") # added in 1.0.1 have_func("TLSv1_2_method") # added in 1.0.1 have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS") -have_func("EC_KEY_new") && $defs.push("-DHAVE_SUPPORT_EC") -# HMAC can't be disabled -have_func("ENGINE_new") && $defs.push("-DHAVE_SUPPORT_ENGINE") - -# added in 0.9.6a-0.9.7 -have_func("OPENSSL_cleanse") -have_func("ERR_peek_last_error") -have_func("CONF_get1_default_config_file") -have_func("ASN1_put_eoc") -have_func("OBJ_NAME_do_all_sorted") -have_func("PEM_def_callback") -have_func("BN_rand_range") -have_func("BN_pseudo_rand_range") -have_func("BN_nnmod") -have_func("BN_mod_add") -have_func("BN_mod_sub") -have_func("BN_mod_sqr") -have_func("EVP_MD_CTX_init") -have_func("EVP_MD_CTX_create") -have_func("EVP_MD_CTX_destroy") -have_func("EVP_CIPHER_CTX_set_padding") -have_func("EVP_DigestInit_ex") -have_func("EVP_DigestFinal_ex") -have_func("EVP_CipherInit_ex") -have_func("EVP_CipherFinal_ex") -have_func("HMAC_Init_ex") -have_func("HMAC_CTX_init") -have_func("HMAC_CTX_cleanup") -have_func("X509_CRL_set_nextUpdate") -have_func("X509_CRL_add0_revoked") -have_func("X509_CRL_set_issuer_name") -have_func("X509_CRL_set_version") -have_func("X509_CRL_sort") -have_func("X509_REVOKED_set_serialNumber") -have_func("X509V3_set_nconf") -have_func("X509V3_EXT_nconf_nid") - -have_func("ENGINE_add") -have_func("ENGINE_get_digest") -have_func("ENGINE_get_cipher") # ENGINE_load_xx is deprecated in OpenSSL 1.1.0 and become a macro engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni} engines.each { |name| have_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } -have_header("openssl/ocsp.h") - -# added in -0.9.8 -have_func("BN_GENCB_call") && $defs.push("-DHAVE_BN_GENCB") -have_func("BN_is_prime_ex") -have_func("BN_is_prime_fasttest_ex") -have_func("BN_generate_prime_ex") +# added in 0.9.8X have_func("EVP_CIPHER_CTX_new") have_func("EVP_CIPHER_CTX_free") -have_func("DH_generate_parameters_ex") -have_func("DSA_generate_parameters_ex") -have_func("RSA_generate_key_ex") -have_func("SSL_SESSION_get_id") -have_func("SSL_CTX_set_tmp_ecdh_callback") # removed in 1.1.0 -have_func("OCSP_SINGLERESP_delete_ext") +have_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h") # added in 1.0.0 have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") # check if CRYPTO_THREADID exists @@ -152,8 +97,10 @@ have_func("SSL_CTX_set_next_proto_select_cb") have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION") # added in 1.0.2 +have_func("CRYPTO_memcmp") have_func("EC_curve_nist2nid") have_func("X509_STORE_CTX_get0_store") +have_func("X509_REVOKED_dup") have_func("SSL_CTX_set_alpn_select_cb") have_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h") have_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h") # removed in 1.1.0 @@ -161,6 +108,7 @@ have_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h") # added in 1.1.0 have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API") +have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL") have_func("BN_GENCB_new") have_func("BN_GENCB_free") have_func("BN_GENCB_get_arg") @@ -178,21 +126,20 @@ have_func("X509_REVOKED_get0_revocationDate") have_func("X509_STORE_CTX_get0_untrusted") have_func("X509_STORE_CTX_get0_cert") have_func("X509_STORE_CTX_get0_chain") - -# doesn't exist on any version of OpenSSL -have_func("X509_STORE_get_ex_data") -have_func("X509_STORE_set_ex_data") - have_func("TLS_method") # renamed from SSLv23_method have_func("SSL_CTX_get_ciphers") have_func("SSL_CTX_get_security_level") +have_func("SSL_CTX_set_tmp_ecdh_callback") # removed have_func("OCSP_SINGLERESP_get0_id") have_struct_member("EVP_PKEY", "type", "openssl/evp.h") # removed - # LibreSSL support have_func("RAND_egd") # removed +# doesn't exist on any version of OpenSSL +have_func("X509_STORE_get_ex_data") +have_func("X509_STORE_set_ex_data") + Logging::message "=== Checking done. ===\n" create_header diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 1f3100e653..8c4079993e 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -12,296 +12,14 @@ #include RUBY_EXTCONF_H #include "openssl_missing.h" -/* OPENSSL_NO_EVP is not supported */ #include #include #include - -/* added in -0.9.7 */ -#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE) -#define OPENSSL_CONF "openssl.cnf" -char * -CONF_get1_default_config_file(void) -{ - char *file; - int len; - - file = getenv("OPENSSL_CONF"); - if (file) return BUF_strdup(file); - len = strlen(X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - len++; -#endif - len += strlen(OPENSSL_CONF); - file = OPENSSL_malloc(len + 1); - if (!file) return NULL; - strcpy(file,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(file,"/"); -#endif - strcat(file,OPENSSL_CONF); - - return file; -} -#endif - -#if !defined(HAVE_ASN1_PUT_EOC) -int -ASN1_put_eoc(unsigned char **pp) -{ - unsigned char *p = *pp; - *p++ = 0; - *p++ = 0; - *pp = p; - return 2; -} -#endif - -#if !defined(HAVE_PEM_DEF_CALLBACK) -#define OSSL_PASS_MIN_LENGTH 4 -int -PEM_def_callback(char *buf, int num, int w, void *key) -{ - int i,j; - const char *prompt; - - if (key) { - i = strlen(key); - i = (i > num) ? num : i; - memcpy(buf, key, i); - return i; - } - - prompt = EVP_get_pw_prompt(); - if (prompt == NULL) prompt = "Enter PEM pass phrase:"; - for (;;) { - i = EVP_read_pw_string(buf, num, prompt, w); - if (i != 0) { - memset(buf, 0, (unsigned int)num); - return(-1); - } - j = strlen(buf); - if (j < OSSL_PASS_MIN_LENGTH) { - fprintf(stderr, - "phrase is too short, needs to be at least %d chars\n", - OSSL_PASS_MIN_LENGTH); - } - else break; - } - return j; -} -#endif - -#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE) -static int -bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) -{ - int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; - int n; - - if (range->neg || BN_is_zero(range)) return 0; - - n = BN_num_bits(range); - - if (n == 1) { - if (!BN_zero(r)) return 0; - } else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { - do { - if (!bn_rand(r, n + 1, -1, 0)) return 0; - if (BN_cmp(r ,range) >= 0) { - if (!BN_sub(r, r, range)) return 0; - if (BN_cmp(r, range) >= 0) - if (!BN_sub(r, r, range)) return 0; - } - } while (BN_cmp(r, range) >= 0); - } else { - do { - if (!bn_rand(r, n, -1, 0)) return 0; - } while (BN_cmp(r, range) >= 0); - } - - return 1; -} -#endif - -#if !defined(HAVE_BN_RAND_RANGE) -int -BN_rand_range(BIGNUM *r, const BIGNUM *range) -{ - return bn_rand_range(0, r, range); -} -#endif - -#if !defined(HAVE_BN_PSEUDO_RAND_RANGE) -int -BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) -{ - return bn_rand_range(1, r, range); -} -#endif - -#if !defined(HAVE_BN_NNMOD) -int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -{ - if (!BN_mod(r,m,d,ctx)) return 0; - if (!r->neg) return 1; - return (d->neg ? BN_sub : BN_add)(r, r, d); -} -#endif - -#if !defined(HAVE_BN_MOD_ADD) -int -BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) -{ - if (!BN_add(r, a, b)) return 0; - return BN_nnmod(r, r, m, ctx); -} -#endif - -#if !defined(HAVE_BN_MOD_SUB) -int -BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) -{ - if (!BN_sub(r, a, b)) return 0; - return BN_nnmod(r, r, m, ctx); -} -#endif - -#if !defined(HAVE_BN_MOD_SQR) -int -BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) -{ - if (!BN_sqr(r, (BIGNUM*)a, ctx)) return 0; - return BN_mod(r, r, m, ctx); -} -#endif - -#if !defined(HAVE_HMAC_INIT_EX) -int -HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, - const EVP_MD *md, void *impl) -{ - if (impl) - rb_bug("impl not supported"); - return HMAC_Init(ctx, key, key_len, md); -} -#endif - -#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE) -int -X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) -{ - ASN1_TIME *in = M_ASN1_TIME_dup(tm); - if (!in) - return 0; - x->crl->nextUpdate = in; - return 1; -} -#endif - -#if !defined(HAVE_X509_CRL_ADD0_REVOKED) -static int -OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b) -{ - return(ASN1_STRING_cmp( - (ASN1_STRING *)(*a)->serialNumber, - (ASN1_STRING *)(*b)->serialNumber)); -} - -int -X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) -{ - X509_CRL_INFO *inf; - - inf = crl->crl; - if (!inf->revoked) - inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp); - if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) - return 0; - return 1; -} -#endif - -#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) -int -X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) -{ - if (x == NULL || x->crl == NULL) return 0; - return X509_NAME_set(&x->crl->issuer, name); -} -#endif - -#if !defined(HAVE_X509_CRL_SET_VERSION) -int -X509_CRL_set_version(X509_CRL *x, long version) -{ - if (x == NULL || x->crl == NULL) return 0; - if (x->crl->version == NULL) { - x->crl->version = M_ASN1_INTEGER_new(); - if (x->crl->version == NULL) return 0; - } - return ASN1_INTEGER_set(x->crl->version, version); -} -#endif - -#if !defined(HAVE_X509_CRL_SORT) -int -X509_CRL_sort(X509_CRL *c) -{ - int i; - X509_REVOKED *r; - /* sort the data so it will be written in serial - * number order */ - sk_X509_REVOKED_sort(c->crl->revoked); - for (i=0; icrl->revoked); i++) { - r=sk_X509_REVOKED_value(c->crl->revoked, i); - r->sequence=i; - } - return 1; -} -#endif - -#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER) -int -X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) -{ - ASN1_INTEGER *in = x->serialNumber; - if (in != serial) - return ASN1_STRING_copy(in, serial); - return 1; -} -#endif - -/*** added in 0.9.8 ***/ -#if !defined(HAVE_BN_IS_PRIME_EX) -int BN_is_prime_ex(const BIGNUM *bn, int checks, BN_CTX *ctx, BN_GENCB *cb) -{ - if (cb) - rb_bug("not supported"); - return BN_is_prime(bn, checks, NULL, ctx, NULL); -} -#endif - -#if !defined(HAVE_BN_IS_PRIME_FASTTEST_EX) -int BN_is_prime_fasttestex(const BIGNUM *bn, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb) -{ - if (cb) - rb_bug("not supported"); - return BN_is_prime_fasttest(bn, checks, NULL, ctx, NULL, do_trial_division); -} -#endif - -#if !defined(HAVE_BN_GENERATE_PRIME_EX) -int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) -{ - if (cb) - rb_bug("not supported"); - return BN_generate_prime(ret, bits, safe, add, rem, NULL, NULL); -} +#if !defined(OPENSSL_NO_ENGINE) +# include #endif +/*** added in 0.9.8X ***/ #if !defined(HAVE_EVP_CIPHER_CTX_NEW) EVP_CIPHER_CTX * EVP_CIPHER_CTX_new(void) @@ -323,21 +41,8 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) } #endif -#if !defined(HAVE_SSL_SESSION_GET_ID) -const unsigned char * -SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) -{ - if (len) - *len = s->session_id_length; - return s->session_id; -} -#endif - /*** added in 1.0.0 ***/ #if !defined(HAVE_EVP_CIPHER_CTX_COPY) -#if defined(HAVE_ENGINE_ADD) -# include -#endif /* * this function does not exist in OpenSSL yet... or ever?. * a future version may break this function. @@ -348,7 +53,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { memcpy(out, in, sizeof(EVP_CIPHER_CTX)); -#if defined(HAVE_ENGINE_ADD) +#if !defined(OPENSSL_NO_ENGINE) if (in->engine) ENGINE_add(out->engine); if (in->cipher_data) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); @@ -374,8 +79,28 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) #endif /*** added in 1.0.1 ***/ + /*** added in 1.0.2 ***/ -#if defined(HAVE_SUPPORT_EC) +#if !defined(HAVE_CRYPTO_MEMCMP) +/* added in 1.0.1d */ +int +CRYPTO_memcmp(const volatile void * volatile in_a, + const volatile void * volatile in_b, + size_t len) +{ + size_t i; + const volatile unsigned char *a = in_a; + const volatile unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; +} +#endif + +#if !defined(OPENSSL_NO_EC) #if !defined(HAVE_EC_CURVE_NIST2NID) static struct { const char *name; @@ -428,37 +153,16 @@ HMAC_CTX_new(void) void HMAC_CTX_free(HMAC_CTX *ctx) { -#if defined(HAVE_HMAC_CTX_CLEANUP) HMAC_CTX_cleanup(ctx); -#else /* 0.9.6 */ - EVP_MD_CTX_cleanup(&ctx->i_ctx); - EVP_MD_CTX_cleanup(&ctx->o_ctx); - EVP_MD_CTX_cleanup(&ctx->md_ctx); -#endif OPENSSL_free(ctx); } #endif #if !defined(HAVE_HMAC_CTX_RESET) -#if !defined(HAVE_EVP_MD_CTX_INIT) -#include /* memcpy() */ -static void -EVP_MD_CTX_init(EVP_MD_CTX *ctx) -{ - memset(ctx, 0, sizeof(EVP_MD_CTX)); -} -#endif - int HMAC_CTX_reset(HMAC_CTX *ctx) { -#if defined(HAVE_HMAC_CTX_INIT) HMAC_CTX_init(ctx); -#else /* 0.9.6 */ - EVP_MD_CTX_init(&ctx->i_ctx); - EVP_MD_CTX_init(&ctx->o_ctx); - EVP_MD_CTX_init(&ctx->md_ctx); -#endif return 0; } #endif @@ -467,15 +171,7 @@ HMAC_CTX_reset(HMAC_CTX *ctx) EVP_MD_CTX * EVP_MD_CTX_new(void) { -#if defined(HAVE_EVP_MD_CTX_CREATE) return EVP_MD_CTX_create(); -#else /* 0.9.6 */ - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)); - if (!ctx) - return NULL; - memset(ctx, 0, sizeof(EVP_MD_CTX)); - return ctx; -#endif } #endif @@ -483,14 +179,7 @@ EVP_MD_CTX_new(void) void EVP_MD_CTX_free(EVP_MD_CTX *ctx) { -#if defined(HAVE_EVP_MD_CTX_DESTROY) EVP_MD_CTX_destroy(ctx); -#else /* 0.9.6 */ - /* EVP_MD_CTX_cleanup(ctx); */ - /* FIXME!!! */ - memset(ctx, 0, sizeof(EVP_MD_CTX)); - OPENSSL_free(ctx); -#endif } #endif diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 57966230e8..348f10b947 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -17,205 +17,7 @@ extern "C" { #endif -/* added in -0.9.7 */ -/* These functions are not included in headers of OPENSSL <= 0.9.6b */ -#ifndef TYPEDEF_D2I_OF -typedef char *d2i_of_void(void **, const unsigned char **, long); -#endif -#ifndef TYPEDEF_I2D_OF -typedef int i2d_of_void(void *, unsigned char **); -#endif - -#if !defined(PEM_read_bio_DSAPublicKey) -# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u)) -#endif - -#if !defined(PEM_write_bio_DSAPublicKey) -# define PEM_write_bio_DSAPublicKey(bp,x) \ - PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\ - PEM_STRING_DSA_PUBLIC,\ - (bp),(char *)(x), NULL, NULL, 0, NULL, NULL) -#endif - -#if !defined(DSAPrivateKey_dup) -# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \ - (d2i_of_void *)d2i_DSAPrivateKey,(char *)(dsa)) -#endif - -#if !defined(DSAPublicKey_dup) -# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \ - (d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa)) -#endif - -#if !defined(X509_REVOKED_dup) -# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \ - (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev)) -#endif - -#if !defined(PKCS7_SIGNER_INFO_dup) -# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \ - (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)(si)) -#endif - -#if !defined(PKCS7_RECIP_INFO_dup) -# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \ - (d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri)) -#endif - - -#if !defined(EVP_CIPHER_name) -# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -#endif - -#if !defined(EVP_MD_name) -# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e)) -#endif - -#if !defined(PKCS7_is_detached) -# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) -#endif - -#if !defined(PKCS7_type_is_encrypted) -# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -#endif - -/* start: checked by extconf.rb */ -#if !defined(HAVE_OPENSSL_CLEANSE) -#define OPENSSL_cleanse(p, l) memset((p), 0, (l)) -#endif - -#if !defined(HAVE_ERR_PEEK_LAST_ERROR) -#endif - -#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE) -char *CONF_get1_default_config_file(void); -#endif - -#if !defined(HAVE_ASN1_PUT_EOC) -int ASN1_put_eoc(unsigned char **pp); -#endif - -#if !defined(HAVE_OBJ_NAME_DO_ALL_SORTED) -#endif - -#if !defined(HAVE_PEM_DEF_CALLBACK) -int PEM_def_callback(char *buf, int num, int w, void *key); -#endif - -#if !defined(HAVE_BN_RAND_RANGE) -int BN_rand_range(BIGNUM *r, const BIGNUM *range); -#endif - -#if !defined(HAVE_BN_PSEUDO_RAND_RANGE) -int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range); -#endif - -#if !defined(HAVE_BN_NNMOD) -int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); -#endif - -#if !defined(HAVE_BN_MOD_ADD) -int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); -#endif - -#if !defined(HAVE_BN_MOD_SUB) -int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); -#endif - -#if !defined(HAVE_BN_MOD_SQR) -int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -#endif - -#if !defined(HAVE_MD_CTX_INIT) -#endif - -#if !defined(HAVE_MD_CTX_CREATE) -#endif - -#if !defined(HAVE_MD_CTX_DESTROY) -#endif - -#if !defined(HAVE_EVP_CIPHER_CTX_SET_PADDING) -#endif - -#if !defined(HAVE_EVP_DIGESTINIT_EX) -# define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit((ctx), (md)) -#endif - -#if !defined(HAVE_EVP_DIGESTFINAL_EX) -# define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal((ctx), (buf), (len)) -#endif - -#if !defined(HAVE_EVP_CIPHERINIT_EX) -# define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit((ctx), (type), (key), (iv), (enc)) -#endif - -#if !defined(HAVE_EVP_CIPHERFINAL_EX) -# define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl)) -#endif - -#if !defined(HAVE_HMAC_INIT_EX) -int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, void *impl); -#endif - -#if !defined(HAVE_HMAC_CTX_INIT) -#endif - -#if !defined(HAVE_HMAC_CTX_CLEANUP) -#endif - -#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE) -int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); -#endif - -#if !defined(HAVE_X509_CRL_ADD0_REVOKED) -int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); -#endif - -#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) -int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -#endif - -#if !defined(HAVE_X509_CRL_SET_VERSION) -int X509_CRL_set_version(X509_CRL *x, long version); -#endif - -#if !defined(HAVE_X509_CRL_SORT) -int X509_CRL_sort(X509_CRL *c); -#endif - -#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER) -int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); -#endif - -#if !defined(HAVE_X509V3_SET_NCONF) -#endif - -#if !defined(HAVE_X509V3_EXT_NCONF_NID) -#endif - -/* ENGINE related API can't be polyfilled */ - - -/*** added in 0.9.8 ***/ -#if !defined(HAVE_BN_GENCB) -/* implementation in openssl_missing.c will fail if cb is set */ -typedef struct ossl_pseudo_bn_gencb_struct BN_GENCB; -#endif - -#if !defined(HAVE_BN_IS_PRIME_EX) -int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); -#endif - -#if !defined(HAVE_BN_IS_PRIME_FASTTEST_EX) -int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); -#endif - -#if !defined(HAVE_BN_GENERATE_PRIME_EX) -int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb); -#endif - +/*** added in 0.9.8X ***/ #if !defined(HAVE_EVP_CIPHER_CTX_NEW) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); #endif @@ -224,26 +26,11 @@ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); #endif -#if !defined(HAVE_DH_GENERATE_PARAMETERS_EX) -#endif - -#if !defined(HAVE_DSA_GENERATE_PARAMETERS_EX) +#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS) +# define SSL_CTX_clear_options(ctx, op) do \ + (ctx)->options &= ~(op); while (0) #endif -#if !defined(HAVE_RSA_GENERATE_KEY_EX) -#endif - -#if !defined(HAVE_SSL_SESSION_GET_ID) -const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); -#endif - -#if !defined(HAVE_SSL_CTX_SET_TMP_ECDH_CALLBACK) -#endif - -#if !defined(HAVE_OCSP_SINGLERESP_DELETE_EXT) -# define OCSP_SINGLERESP_delete_ext(s, loc) \ - sk_X509_EXTENSION_delete((s)->singleExtensions, (loc)) -#endif /*** added in 1.0.0 ***/ #if !defined(HAVE_CRYPTO_THREADID_PTR) @@ -283,7 +70,13 @@ void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); #endif /*** added in 1.0.2 ***/ -#if defined(HAVE_SUPPORT_EC) +#if !defined(HAVE_CRYPTO_MEMCMP) +int CRYPTO_memcmp(const volatile void * volatile in_a, + const volatile void * volatile in_b, + size_t len); +#endif + +#if !defined(OPENSSL_NO_EC) #if !defined(HAVE_EC_CURVE_NIST2NID) int EC_curve_nist2nid(const char *str); #endif @@ -293,6 +86,11 @@ int EC_curve_nist2nid(const char *str); # define X509_STORE_CTX_get0_store(x) ((x)->ctx) #endif +#if !defined(HAVE_X509_REVOKED_DUP) +# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \ + (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev)) +#endif + #if !defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) #endif @@ -306,7 +104,6 @@ int EC_curve_nist2nid(const char *str); #endif /*** added in 1.1.0 ***/ -#if defined(HAVE_BN_GENCB) #if !defined(HAVE_BN_GENCB_NEW) # define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB))) #endif @@ -318,7 +115,6 @@ int EC_curve_nist2nid(const char *str); #if !defined(HAVE_BN_GENCB_GET_ARG) # define BN_GENCB_get_arg(cb) (cb)->arg #endif -#endif #if !defined(HAVE_HMAC_CTX_NEW) HMAC_CTX *HMAC_CTX_new(void); @@ -416,14 +212,9 @@ static inline STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { re # define OCSP_SINGLERESP_get0_id(s) (s)->certId #endif -#if defined(HAVE_EVP_PKEY_TYPE) /* is not opaque */ +#if defined(HAVE_EVP_PKEY_TYPE) /* and !HAVE_OPAQUE_OPENSSL */ +#if !defined(OPENSSL_NO_RSA) static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { return pkey->pkey.rsa; } -static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; } -# if defined(HAVE_SUPPORT_EC) -static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; } -# endif -static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; } - static inline void RSA_get0_key(RSA *rsa, BIGNUM **n, BIGNUM **e, BIGNUM **d) { if (n) *n = rsa->n; if (e) *e = rsa->e; @@ -452,7 +243,10 @@ static inline int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGN BN_free(rsa->dmq1); rsa->dmq1 = dmq1; BN_free(rsa->iqmp); rsa->iqmp = iqmp; return 1; } +#endif /* RSA */ +#if !defined(OPENSSL_NO_DSA) +static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { return pkey->pkey.dsa; } static inline void DSA_get0_key(DSA *dsa, BIGNUM **pub_key, BIGNUM **priv_key) { if (pub_key) *pub_key = dsa->pub_key; if (priv_key) *priv_key = dsa->priv_key; } @@ -471,7 +265,10 @@ static inline int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) { BN_free(dsa->q); dsa->q = q; BN_free(dsa->g); dsa->g = g; return 1; } +#endif /* DSA */ +#if !defined(OPENSSL_NO_DH) +static inline DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) { return pkey->pkey.dh; } static inline ENGINE *DH_get0_engine(DH *dh) { return dh->engine; } static inline void DH_get0_key(DH *dh, BIGNUM **pub_key, BIGNUM **priv_key) { if (pub_key) *pub_key = dh->pub_key; @@ -491,6 +288,11 @@ static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { BN_free(dh->q); dh->q = q; BN_free(dh->g); dh->g = g; return 1; } +#endif /* DH */ + +#if !defined(OPENSSL_NO_EC) +static inline EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { return pkey->pkey.ec; } +#endif #endif #if defined(__cplusplus) diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 63ac8f4fbd..9cbe4f4510 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -462,7 +462,7 @@ ossl_fips_mode_set(VALUE self, VALUE enabled) #endif } -#ifndef HAVE_OPENSSL_110_THREADING_API +#if !defined(HAVE_OPENSSL_110_THREADING_API) /** * Stores locks needed for OpenSSL thread safety */ @@ -1150,7 +1150,7 @@ Init_openssl(void) */ ossl_s_to_der = rb_intern("to_der"); -#ifndef HAVE_OPENSSL_110_THREADING_API +#if !defined(HAVE_OPENSSL_110_THREADING_API) Init_ossl_locks(); #endif diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index e8271e9d64..a719ea99ee 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -31,11 +31,6 @@ extern "C" { #include #include -/* - * Check the OpenSSL version - * The only supported are: - * OpenSSL >= 0.9.7 - */ #include #ifdef HAVE_ASSERT_H @@ -46,7 +41,6 @@ extern "C" { #if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER) # include -# define OSSL_NO_CONF_API 1 # if !defined(OPENSSL_SYS_WIN32) # define OPENSSL_SYS_WIN32 1 # endif @@ -66,13 +60,10 @@ extern "C" { #if !defined(_WIN32) # include #endif -#undef X509_NAME -#undef PKCS7_SIGNER_INFO -#if defined(HAVE_SUPPORT_ENGINE) +#if !defined(OPENSSL_NO_ENGINE) # include #endif -#if defined(HAVE_OPENSSL_OCSP_H) -# define OSSL_OCSP_ENABLED +#if !defined(OPENSSL_NO_OCSP) # include #endif @@ -118,7 +109,7 @@ extern VALUE eOSSLError; * Compatibility */ #if OPENSSL_VERSION_NUMBER >= 0x10000000L -#define STACK _STACK +//define STACK _STACK #endif /* diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 9df4eee1d4..717e1cc7cd 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -211,19 +211,6 @@ static ID sIMPLICIT, sEXPLICIT; static ID sUNIVERSAL, sAPPLICATION, sCONTEXT_SPECIFIC, sPRIVATE; static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINFINITE_LENGTH, sivUNUSED_BITS; -/* - * We need to implement these for backward compatibility - * reasons, behavior of ASN1_put_object and ASN1_object_size - * for infinite length values is different in OpenSSL <= 0.9.7 - */ -#if OPENSSL_VERSION_NUMBER < 0x00908000L -#define ossl_asn1_object_size(cons, len, tag) (cons) == 2 ? (len) + ASN1_object_size((cons), 0, (tag)) : ASN1_object_size((cons), (len), (tag)) -#define ossl_asn1_put_object(pp, cons, len, tag, xc) (cons) == 2 ? ASN1_put_object((pp), (cons), 0, (tag), (xc)) : ASN1_put_object((pp), (cons), (len), (tag), (xc)) -#else -#define ossl_asn1_object_size(cons, len, tag) ASN1_object_size((cons), (len), (tag)) -#define ossl_asn1_put_object(pp, cons, len, tag, xc) ASN1_put_object((pp), (cons), (len), (tag), (xc)) -#endif - /* * Ruby to ASN1 converters */ @@ -233,11 +220,7 @@ obj_to_asn1bool(VALUE obj) if (NIL_P(obj)) ossl_raise(rb_eTypeError, "Can't convert nil into Boolean"); -#if OPENSSL_VERSION_NUMBER < 0x00907000L - return RTEST(obj) ? 0xff : 0x100; -#else return RTEST(obj) ? 0xff : 0x0; -#endif } static ASN1_INTEGER* @@ -779,11 +762,11 @@ ossl_asn1data_to_der(VALUE self) if (inf_length == Qtrue) { is_cons = 2; } - if((length = ossl_asn1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0) + if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0) ossl_raise(eASN1Error, NULL); der = rb_str_new(0, length); p = (unsigned char *)RSTRING_PTR(der); - ossl_asn1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class); + ASN1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class); memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value)); p += RSTRING_LEN(value); ossl_str_adjust(der, p); @@ -1185,30 +1168,6 @@ ossl_asn1eoc_initialize(VALUE self) { return self; } -static int -ossl_i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp) -{ -#if OPENSSL_VERSION_NUMBER < 0x00907000L - if(!a) return 0; - if(a->type == V_ASN1_BOOLEAN) - return i2d_ASN1_BOOLEAN(a->value.boolean, pp); -#endif - return i2d_ASN1_TYPE(a, pp); -} - -static void -ossl_ASN1_TYPE_free(ASN1_TYPE *a) -{ -#if OPENSSL_VERSION_NUMBER < 0x00907000L - if(!a) return; - if(a->type == V_ASN1_BOOLEAN){ - OPENSSL_free(a); - return; - } -#endif - ASN1_TYPE_free(a); -} - /* * call-seq: * asn1.to_der => DER-encoded String @@ -1229,22 +1188,22 @@ ossl_asn1prim_to_der(VALUE self) explicit = ossl_asn1_is_explicit(self); asn1 = ossl_asn1_get_asn1type(self); - len = ossl_asn1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn); + len = ASN1_object_size(1, i2d_ASN1_TYPE(asn1, NULL), tn); if(!(buf = OPENSSL_malloc(len))){ - ossl_ASN1_TYPE_free(asn1); + ASN1_TYPE_free(asn1); ossl_raise(eASN1Error, "cannot alloc buffer"); } p = buf; if (tc == V_ASN1_UNIVERSAL) { - ossl_i2d_ASN1_TYPE(asn1, &p); + i2d_ASN1_TYPE(asn1, &p); } else if (explicit) { - ossl_asn1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc); - ossl_i2d_ASN1_TYPE(asn1, &p); + ASN1_put_object(&p, 1, i2d_ASN1_TYPE(asn1, NULL), tn, tc); + i2d_ASN1_TYPE(asn1, &p); } else { - ossl_i2d_ASN1_TYPE(asn1, &p); + i2d_ASN1_TYPE(asn1, &p); *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED); } - ossl_ASN1_TYPE_free(asn1); + ASN1_TYPE_free(asn1); reallen = p - buf; assert(reallen <= len); str = ossl_buf2str((char *)buf, rb_long2int(reallen)); /* buf will be free in ossl_buf2str */ @@ -1310,19 +1269,19 @@ ossl_asn1cons_to_der(VALUE self) explicit = ossl_asn1_is_explicit(self); value = join_der(ossl_asn1_get_value(self)); - seq_len = ossl_asn1_object_size(constructed, RSTRING_LENINT(value), tag); - length = ossl_asn1_object_size(constructed, seq_len, tn); + seq_len = ASN1_object_size(constructed, RSTRING_LENINT(value), tag); + length = ASN1_object_size(constructed, seq_len, tn); str = rb_str_new(0, length); p = (unsigned char *)RSTRING_PTR(str); if(tc == V_ASN1_UNIVERSAL) - ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc); + ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc); else{ if(explicit){ - ossl_asn1_put_object(&p, constructed, seq_len, tn, tc); - ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL); + ASN1_put_object(&p, constructed, seq_len, tn, tc); + ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL); } else{ - ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc); + ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc); } } memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value)); diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index c9fcb6bdbd..56478a2133 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -154,7 +154,6 @@ ossl_cipher_copy(VALUE self, VALUE other) return self; } -#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED static void* add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary) { @@ -180,9 +179,6 @@ ossl_s_ciphers(VALUE self) return ary; } -#else -#define ossl_s_ciphers rb_f_notimplement -#endif /* * call-seq: @@ -713,7 +709,6 @@ ossl_cipher_set_key_length(VALUE self, VALUE key_length) return key_length; } -#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING) /* * call-seq: * cipher.padding = integer -> integer @@ -735,9 +730,6 @@ ossl_cipher_set_padding(VALUE self, VALUE padding) ossl_raise(eCipherError, NULL); return padding; } -#else -#define ossl_cipher_set_padding rb_f_notimplement -#endif #define CIPHER_0ARG_INT(func) \ static VALUE \ diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index 01418e65c5..513179b3ab 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -9,7 +9,7 @@ */ #include "ossl.h" -#if defined(HAVE_SUPPORT_ENGINE) +#if !defined(OPENSSL_NO_ENGINE) #define NewEngine(klass) \ TypedData_Wrap_Struct((klass), &ossl_engine_type, 0) @@ -279,7 +279,6 @@ ossl_engine_finish(VALUE self) return Qnil; } -#if defined(HAVE_ENGINE_GET_CIPHER) /* Document-method: OpenSSL::Engine#cipher * * call-seq: @@ -314,11 +313,7 @@ ossl_engine_get_cipher(VALUE self, VALUE name) return ossl_cipher_new(ciph); } -#else -#define ossl_engine_get_cipher rb_f_notimplement -#endif -#if defined(HAVE_ENGINE_GET_DIGEST) /* Document-method: OpenSSL::Engine#digest * * call-seq: @@ -353,9 +348,6 @@ ossl_engine_get_digest(VALUE self, VALUE name) return ossl_digest_new(md); } -#else -#define ossl_engine_get_digest rb_f_notimplement -#endif /* Document-method: OpenSSL::Engine#load_private_key * @@ -379,11 +371,7 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self) sid = NIL_P(id) ? NULL : StringValuePtr(id); sdata = NIL_P(data) ? NULL : StringValuePtr(data); GetEngine(self, e); -#if OPENSSL_VERSION_NUMBER < 0x00907000L - pkey = ENGINE_load_private_key(e, sid, sdata); -#else pkey = ENGINE_load_private_key(e, sid, NULL, sdata); -#endif if (!pkey) ossl_raise(eEngineError, NULL); obj = ossl_pkey_new(pkey); OSSL_PKEY_SET_PRIVATE(obj); @@ -413,11 +401,7 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self) sid = NIL_P(id) ? NULL : StringValuePtr(id); sdata = NIL_P(data) ? NULL : StringValuePtr(data); GetEngine(self, e); -#if OPENSSL_VERSION_NUMBER < 0x00907000L - pkey = ENGINE_load_public_key(e, sid, sdata); -#else pkey = ENGINE_load_public_key(e, sid, NULL, sdata); -#endif if (!pkey) ossl_raise(eEngineError, NULL); return ossl_pkey_new(pkey); diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 9c8e59e2a8..6d1ccdcb2d 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -10,7 +10,7 @@ */ #include "ossl.h" -#if defined(OSSL_OCSP_ENABLED) +#if !defined(OPENSSL_NO_OCSP) #define NewOCSPReq(klass) \ TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0) diff --git a/ext/openssl/ossl_ocsp.h b/ext/openssl/ossl_ocsp.h index c5064fbc85..21e2c99a2e 100644 --- a/ext/openssl/ossl_ocsp.h +++ b/ext/openssl/ossl_ocsp.h @@ -11,7 +11,7 @@ #if !defined(_OSSL_OCSP_H_) #define _OSSL_OCSP_H_ -#if defined(OSSL_OCSP_ENABLED) +#if !defined(OPENSSL_NO_OCSP) extern VALUE mOCSP; extern VALUE cOPCSReq; extern VALUE cOPCSRes; diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index 9ca3abd764..0fd374268e 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -127,6 +127,22 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = { * Public * (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM) */ +static PKCS7_SIGNER_INFO * +ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si) +{ + return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, + (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, + (char *)(si)); +} + +static PKCS7_RECIP_INFO * +ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si) +{ + return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, + (d2i_of_void *)d2i_PKCS7_RECIP_INFO, + (char *)(si)); +} + static VALUE ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si) { @@ -134,7 +150,7 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si) VALUE obj; obj = NewPKCS7si(cPKCS7Signer); - pkcs7 = p7si ? PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new(); + pkcs7 = p7si ? ossl_PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new(); if (!pkcs7) ossl_raise(ePKCS7Error, NULL); SetPKCS7si(obj, pkcs7); @@ -147,7 +163,7 @@ DupPKCS7SignerPtr(VALUE obj) PKCS7_SIGNER_INFO *p7si, *pkcs7; SafeGetPKCS7si(obj, p7si); - if (!(pkcs7 = PKCS7_SIGNER_INFO_dup(p7si))) { + if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) { ossl_raise(ePKCS7Error, NULL); } @@ -161,7 +177,7 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri) VALUE obj; obj = NewPKCS7ri(cPKCS7Recipient); - pkcs7 = p7ri ? PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new(); + pkcs7 = p7ri ? ossl_PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new(); if (!pkcs7) ossl_raise(ePKCS7Error, NULL); SetPKCS7ri(obj, pkcs7); @@ -174,7 +190,7 @@ DupPKCS7RecipientPtr(VALUE obj) PKCS7_RECIP_INFO *p7ri, *pkcs7; SafeGetPKCS7ri(obj, p7ri); - if (!(pkcs7 = PKCS7_RECIP_INFO_dup(p7ri))) { + if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) { ossl_raise(ePKCS7Error, NULL); } diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 2e69be2acd..6fed80bda2 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -32,7 +32,6 @@ ossl_generate_cb(int p, int n, void *arg) rb_yield(ary); } -#if HAVE_BN_GENCB /* OpenSSL 2nd version of GN generation callback */ int ossl_generate_cb_2(int p, int n, BN_GENCB *cb) @@ -66,7 +65,6 @@ ossl_generate_cb_stop(void *ptr) struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr; arg->stop = 1; } -#endif static void ossl_evp_pkey_free(void *ptr) @@ -104,7 +102,7 @@ ossl_pkey_new(EVP_PKEY *pkey) case EVP_PKEY_DH: return ossl_dh_new(pkey); #endif -#if defined(HAVE_SUPPORT_EC) +#if !defined(OPENSSL_NO_EC) case EVP_PKEY_EC: return ossl_ec_new(pkey); #endif diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h index 6eb51a76bd..a1517bfca4 100644 --- a/ext/openssl/ossl_pkey.h +++ b/ext/openssl/ossl_pkey.h @@ -41,8 +41,6 @@ extern const rb_data_type_t ossl_evp_pkey_type; } while (0) void ossl_generate_cb(int, int, void *); -#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX) -#if HAVE_BN_GENCB struct ossl_generate_cb_arg { int yield; int stop; @@ -50,7 +48,6 @@ struct ossl_generate_cb_arg { }; int ossl_generate_cb_2(int p, int n, BN_GENCB *cb); void ossl_generate_cb_stop(void *ptr); -#endif VALUE ossl_pkey_new(EVP_PKEY *); VALUE ossl_pkey_new_from_file(VALUE); diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index a53ad2d3cc..783d681a10 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -73,7 +73,6 @@ ossl_dh_new(EVP_PKEY *pkey) /* * Private */ -#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB struct dh_blocking_gen_arg { DH *dh; int size; @@ -89,12 +88,10 @@ dh_blocking_gen(void *arg) gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb); return 0; } -#endif static DH * dh_generate(int size, int gen) { -#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB struct ossl_generate_cb_arg cb_arg; struct dh_blocking_gen_arg gen_arg; DH *dh = DH_new(); @@ -128,12 +125,6 @@ dh_generate(int size, int gen) if (cb_arg.state) rb_jump_tag(cb_arg.state); return 0; } -#else - DH *dh; - - dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); - if (!dh) return 0; -#endif if (!DH_generate_key(dh)) { DH_free(dh); @@ -276,7 +267,7 @@ ossl_dh_is_private(VALUE self) dh = EVP_PKEY_get0_DH(pkey); DH_get0_key(dh, NULL, &priv_key); -#if defined(HAVE_SUPPORT_ENGINE) +#if !defined(OPENSSL_NO_ENGINE) return (priv_key || DH_get0_engine(dh)) ? Qtrue : Qfalse; #else return priv_key ? Qtrue : Qfalse; diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 0213843ee7..01d372b421 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -81,7 +81,6 @@ ossl_dsa_new(EVP_PKEY *pkey) /* * Private */ -#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB struct dsa_blocking_gen_arg { DSA *dsa; int size; @@ -100,12 +99,10 @@ dsa_blocking_gen(void *arg) gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb); return 0; } -#endif static DSA * dsa_generate(int size) { -#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB struct ossl_generate_cb_arg cb_arg; struct dsa_blocking_gen_arg gen_arg; DSA *dsa = DSA_new(); @@ -148,19 +145,6 @@ dsa_generate(int size) if (cb_arg.state) rb_jump_tag(cb_arg.state); return 0; } -#else - DSA *dsa; - unsigned char seed[20]; - int seed_len = 20, counter; - unsigned long h; - - if (RAND_bytes(seed, seed_len) <= 0) { - return 0; - } - dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h, - rb_block_given_p() ? ossl_generate_cb : NULL, NULL); - if(!dsa) return 0; -#endif if (!DSA_generate_key(dsa)) { DSA_free(dsa); @@ -250,6 +234,8 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self) } if (!dsa) { OSSL_BIO_reset(in); +#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ + (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u)) dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL); } BIO_free(in); @@ -453,6 +439,8 @@ ossl_dsa_to_text(VALUE self) return str; } +# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \ + (d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa)) /* * call-seq: * dsa.public_key -> aDSA diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index e7b9c68b9b..09121a0846 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -4,7 +4,7 @@ #include "ossl.h" -#if defined(HAVE_SUPPORT_EC) +#if !defined(OPENSSL_NO_EC) typedef struct { EC_GROUP *group; diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 5182fc3a32..0f72b1f7f3 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -83,7 +83,6 @@ ossl_rsa_new(EVP_PKEY *pkey) /* * Private */ -#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB struct rsa_blocking_gen_arg { RSA *rsa; BIGNUM *e; @@ -99,12 +98,10 @@ rsa_blocking_gen(void *arg) gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb); return 0; } -#endif static RSA * rsa_generate(int size, unsigned long exp) { -#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB int i; struct ossl_generate_cb_arg cb_arg; struct rsa_blocking_gen_arg gen_arg; @@ -152,9 +149,6 @@ rsa_generate(int size, unsigned long exp) } return rsa; -#else - return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL); -#endif } /* diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 48a790b8d0..218910e003 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -90,26 +90,22 @@ static const struct { OSSL_SSL_METHOD_ENTRY(TLSv1), OSSL_SSL_METHOD_ENTRY(TLSv1_server), OSSL_SSL_METHOD_ENTRY(TLSv1_client), -#if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \ - defined(HAVE_TLSV1_2_CLIENT_METHOD) +#if defined(HAVE_TLSV1_2_METHOD) OSSL_SSL_METHOD_ENTRY(TLSv1_2), OSSL_SSL_METHOD_ENTRY(TLSv1_2_server), OSSL_SSL_METHOD_ENTRY(TLSv1_2_client), #endif -#if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \ - defined(HAVE_TLSV1_1_CLIENT_METHOD) +#if defined(HAVE_TLSV1_1_METHOD) OSSL_SSL_METHOD_ENTRY(TLSv1_1), OSSL_SSL_METHOD_ENTRY(TLSv1_1_server), OSSL_SSL_METHOD_ENTRY(TLSv1_1_client), #endif -#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \ - defined(HAVE_SSLV2_CLIENT_METHOD) +#if defined(HAVE_SSLV2_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv2), OSSL_SSL_METHOD_ENTRY(SSLv2_server), OSSL_SSL_METHOD_ENTRY(SSLv2_client), #endif -#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \ - defined(HAVE_SSLV3_CLIENT_METHOD) +#if defined(HAVE_SSLV3_METHOD) OSSL_SSL_METHOD_ENTRY(SSLv3), OSSL_SSL_METHOD_ENTRY(SSLv3_server), OSSL_SSL_METHOD_ENTRY(SSLv3_client), @@ -945,7 +941,8 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v) * call-seq: * ctx.security_level => 0, .., 5 * - * The security level for this context (new in OpenSSL 1.1.0). + * The security level for this context. This is new in OpenSSL 1.1.0 and + * always returns 0 if using older OpenSSL. */ static VALUE ossl_sslctx_get_security_level(VALUE self) @@ -972,7 +969,8 @@ ossl_sslctx_get_security_level(VALUE self) * ctx.security_level = 0 * ctx.security_level = 5 * - * Sets the security level for this context (new in OpenSSL 1.1.0). + * Sets the security level for this context. This is new in OpenSSL 1.1.0 and + * no-op if using older OpenSSL. */ static VALUE ossl_sslctx_set_security_level(VALUE self, VALUE v) @@ -992,7 +990,7 @@ ossl_sslctx_set_security_level(VALUE self, VALUE v) return v; } -#if defined(HAVE_SUPPORT_EC) +#if !defined(OPENSSL_NO_EC) /* * call-seq: * ctx.set_elliptic_curves("curve1:curve2:curve3") -> self @@ -1695,7 +1693,7 @@ ossl_ssl_stop(VALUE self) ossl_ssl_shutdown(ssl); //SSL_free(ssl); } - DATA_PTR(self) = NULL; +// DATA_PTR(self) = NULL; return Qnil; } @@ -2294,7 +2292,7 @@ Init_ossl_ssl(void) rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1); rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0); rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1); -#if defined(HAVE_SUPPORT_EC) +#if !defined(OPENSSL_NO_EC) rb_define_method(cSSLContext, "set_elliptic_curves", ossl_sslctx_set_elliptic_curves, 1); #endif diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index 4dbe53e32b..eed0c22197 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -82,7 +82,7 @@ xSSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) unsigned int b_len; const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len); -#if !defined(HAVE_SSL_SESSION_GET_ID) /* 1.0.2 or older */ +#if !defined(HAVE_OPAQUE_OPENSSL) if (a->ssl_version != b->ssl_version) return 1; #endif diff --git a/ext/openssl/ossl_x509.c b/ext/openssl/ossl_x509.c index 2fd14566cd..cf62b53e28 100644 --- a/ext/openssl/ossl_x509.c +++ b/ext/openssl/ossl_x509.c @@ -63,12 +63,8 @@ Init_ossl_x509(void) DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN); DefX509Const(V_ERR_APPLICATION_VERIFICATION); -#if defined(X509_V_FLAG_CRL_CHECK) DefX509Const(V_FLAG_CRL_CHECK); -#endif -#if defined(X509_V_FLAG_CRL_CHECK_ALL) DefX509Const(V_FLAG_CRL_CHECK_ALL); -#endif DefX509Const(PURPOSE_SSL_CLIENT); DefX509Const(PURPOSE_SSL_SERVER); @@ -77,21 +73,15 @@ Init_ossl_x509(void) DefX509Const(PURPOSE_SMIME_ENCRYPT); DefX509Const(PURPOSE_CRL_SIGN); DefX509Const(PURPOSE_ANY); -#if defined(X509_PURPOSE_OCSP_HELPER) DefX509Const(PURPOSE_OCSP_HELPER); -#endif DefX509Const(TRUST_COMPAT); DefX509Const(TRUST_SSL_CLIENT); DefX509Const(TRUST_SSL_SERVER); DefX509Const(TRUST_EMAIL); DefX509Const(TRUST_OBJECT_SIGN); -#if defined(X509_TRUST_OCSP_SIGN) DefX509Const(TRUST_OCSP_SIGN); -#endif -#if defined(X509_TRUST_OCSP_REQUEST) DefX509Const(TRUST_OCSP_REQUEST); -#endif DefX509Default(CERT_AREA, cert_area); DefX509Default(CERT_DIR, cert_dir); diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index 6f4429ecde..70f86e2d64 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -178,14 +178,6 @@ ossl_x509attr_get_oid(VALUE self) return ret; } -/*#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) -# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single) -# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1) -#else -# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set) -# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0) -#endif*/ - /* * call-seq: * attr.value = asn1 => asn1 diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index c16fa92148..15e0c1f875 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -188,7 +188,6 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl) return crl; } -#ifdef HAVE_X509V3_SET_NCONF static VALUE ossl_x509extfactory_set_config(VALUE self, VALUE config) { @@ -202,9 +201,6 @@ ossl_x509extfactory_set_config(VALUE self, VALUE config) return config; } -#else -#define ossl_x509extfactory_set_config rb_f_notimplement -#endif static VALUE ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) @@ -243,12 +239,8 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) X509_EXTENSION *ext; VALUE oid, value, critical, valstr, obj; int nid; -#ifdef HAVE_X509V3_EXT_NCONF_NID VALUE rconf; CONF *conf; -#else - static LHASH *empty_lhash; -#endif rb_scan_args(argc, argv, "21", &oid, &value, &critical); StringValue(oid); @@ -262,14 +254,9 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) rb_str_append(valstr, value); GetX509ExtFactory(self, ctx); obj = NewX509Ext(cX509Ext); -#ifdef HAVE_X509V3_EXT_NCONF_NID rconf = rb_iv_get(self, "@config"); conf = NIL_P(rconf) ? NULL : GetConfigPtr(rconf); ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr)); -#else - if (!empty_lhash) empty_lhash = lh_new(NULL, NULL); - ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr)); -#endif if (!ext){ ossl_raise(eX509ExtError, "%s = %s", RSTRING_PTR(oid), RSTRING_PTR(value)); diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index a62e79c184..c795841a92 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -153,12 +153,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) X509_STORE_set_verify_cb(store, ossl_verify_cb); ossl_x509store_set_vfy_cb(self, Qnil); -#if (OPENSSL_VERSION_NUMBER < 0x00907000L) - rb_iv_set(self, "@flags", INT2FIX(0)); - rb_iv_set(self, "@purpose", INT2FIX(0)); - rb_iv_set(self, "@trust", INT2FIX(0)); -#endif - /* last verification status */ rb_iv_set(self, "@error", Qnil); rb_iv_set(self, "@error_string", Qnil); @@ -171,15 +165,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509store_set_flags(VALUE self, VALUE flags) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; long f = NUM2LONG(flags); GetX509Store(self, store); X509_STORE_set_flags(store, f); -#else - rb_iv_set(self, "@flags", flags); -#endif return flags; } @@ -187,15 +177,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags) static VALUE ossl_x509store_set_purpose(VALUE self, VALUE purpose) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; int p = NUM2INT(purpose); GetX509Store(self, store); X509_STORE_set_purpose(store, p); -#else - rb_iv_set(self, "@purpose", purpose); -#endif return purpose; } @@ -203,15 +189,11 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose) static VALUE ossl_x509store_set_trust(VALUE self, VALUE trust) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; int t = NUM2INT(trust); GetX509Store(self, store); X509_STORE_set_trust(store, t); -#else - rb_iv_set(self, "@trust", trust); -#endif return trust; } @@ -441,17 +423,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) SafeGetX509Store(store, x509st); if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain); -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ sk_X509_pop_free(x509s, X509_free); ossl_raise(eX509StoreError, NULL); } -#else - X509_STORE_CTX_init(ctx, x509st, x509, x509s); - ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags")); - ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose")); - ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust")); -#endif if (!NIL_P(t = rb_iv_get(store, "@time"))) ossl_x509stctx_set_time(self, t); rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); @@ -556,7 +531,6 @@ ossl_x509stctx_get_curr_cert(VALUE self) static VALUE ossl_x509stctx_get_curr_crl(VALUE self) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE_CTX *ctx; X509_CRL *crl; @@ -565,9 +539,6 @@ ossl_x509stctx_get_curr_crl(VALUE self) if(!crl) return Qnil; return ossl_x509crl_new(crl); -#else - return Qnil; -#endif } static VALUE -- cgit v1.2.3