From 35f8edeedc0e42d040e2b5823a300aaa2e3ff13f Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 20 Apr 2016 01:16:45 +0900 Subject: ext/openssl: always use our implementation of SSL_SESSION_cmp() Implement CRYPTO_memcmp() if it is not available. Always use our SSL_SESSION_cmp() (renamed to ossl_SSL_SESSION_cmp()). SSL_SESSION_cmp() was removed in OpenSSL 1.0.0 and we have used a reimplemented one. However our implementation is better than the original (it uses CRYPTO_memcmp() instead of plain memcmp). --- ext/openssl/extconf.rb | 2 +- ext/openssl/openssl_missing.c | 18 ++++++++++++++++++ ext/openssl/openssl_missing.h | 4 ++++ ext/openssl/ossl_ssl_session.c | 7 +++---- 4 files changed, 26 insertions(+), 5 deletions(-) (limited to 'ext') diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index aa1e8254c1..a910fa286c 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -95,8 +95,8 @@ have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") have_func("OBJ_NAME_do_all_sorted") have_func("SSL_SESSION_get_id") -have_func("SSL_SESSION_cmp") have_func("OPENSSL_cleanse") +have_func("CRYPTO_memcmp") have_func("SSLv2_method") have_func("SSLv2_server_method") have_func("SSLv2_client_method") diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index bd8eef5ea9..f9db04fe97 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -352,3 +352,21 @@ ASN1_put_eoc(unsigned char **pp) return 2; } #endif + +#if !defined(HAVE_CRYPTO_MEMCMP) +int +CRYPTO_memcmp(const volatile void * volatile in_a, + const volatile void * volatile in_b, + size_t len) +{ + size_t i; + const volatile unsigned char *a = in_a; + const volatile unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; +} +#endif diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 6cf45a0d82..8271f3ef2e 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -144,6 +144,10 @@ int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); int X509_CRL_set_version(X509_CRL *x, long version); #endif +#if !defined(HAVE_CRYPTO_MEMCMP) +int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len); +#endif + #if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); #endif diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index e1bbc6fb54..2c21d6ad84 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -73,8 +73,8 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1) return self; } -#if HAVE_SSL_SESSION_CMP == 0 -int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) +/* SSL_SESSION_cmp() was removed without a replacement in 1.0.0 */ +static int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { if (a->ssl_version != b->ssl_version || a->session_id_length != b->session_id_length) @@ -85,7 +85,6 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) return CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length); #endif } -#endif /* * call-seq: @@ -99,7 +98,7 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2) GetSSLSession(val1, ctx1); SafeGetSSLSession(val2, ctx2); - switch (SSL_SESSION_cmp(ctx1, ctx2)) { + switch (ossl_SSL_SESSION_cmp(ctx1, ctx2)) { case 0: return Qtrue; default: return Qfalse; } -- cgit v1.2.3