openssl 2.1.0.beta1 → 2.1.0.beta2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of openssl might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 4cc6326c79cf145b9fb1f5a44a7b55a455ae0980
4
- data.tar.gz: 6a7dfe45eb2335413661a03fe31b883890052b78
2
+ SHA256:
3
+ metadata.gz: 4dea8ca704a58adc4312acd244662598b72371fb69228c123b0adf64fdca4e42
4
+ data.tar.gz: e45d8324405378f31a70fc2b56d580279b4fd765531d8569955eb0b4de06d604
5
5
  SHA512:
6
- metadata.gz: 621847e9bf167872c49c12c6adea64b4516b74818377808918ff7cb1a032381f88e1c5b3d3679da80ee7a1c89d4848c620c2876436e41af82ed9a15330a57fdd
7
- data.tar.gz: 352c40ced871126e88f96ef339a7c455e974794ef98688527a9fddcc4e0e6c6e6297bd0591dbd74c185bee19bdc7500a16f50b8c6c17fd08fe09584d14b9b94f
6
+ metadata.gz: b42ba538068f938ae0f5301e202ca7aabc0cfbb78d8f66b06898dc248afd96e84944a8578159aed34f4a90d7d3e0f92cca4afd65ca311034ff48ec26e01c993a
7
+ data.tar.gz: 2ca3439c2e39e598716df0bfc657b60a024abedc0a937f6120760008ae159363cb3d03d067ce15eba7745b8462cf9b2cf2d43b5a6a2b000a87e06ba176fb894f
data/History.md CHANGED
@@ -1,18 +1,21 @@
1
- Version 2.1.0.beta1
1
+ Version 2.1.0.beta2
2
2
  ===================
3
3
 
4
4
  Notable changes
5
5
  ---------------
6
6
 
7
- * Support for OpenSSL versions before 1.0.1 is removed.
7
+ * Support for OpenSSL versions before 1.0.1 and LibreSSL versions before 2.5
8
+ is removed.
8
9
  [[GitHub #86]](https://github.com/ruby/openssl/pull/86)
9
10
  * OpenSSL::BN#negative?, #+@, and #-@ are added.
10
11
  * OpenSSL::SSL::SSLSocket#connect raises a more informative exception when
11
12
  certificate verification fails.
12
13
  [[GitHub #99]](https://github.com/ruby/openssl/pull/99)
13
- * OpenSSL::KDF module is newly added. Support for scrypt is added.
14
+ * OpenSSL::KDF module is newly added. In addition to PBKDF2-HMAC that has moved
15
+ from OpenSSL::PKCS5, scrypt and HKDF are supported.
14
16
  [[GitHub #109]](https://github.com/ruby/openssl/pull/109)
15
- * OpenSSL.fips_mode is added. We have had the setter, but not the getter.
17
+ [[GitHub #173]](https://github.com/ruby/openssl/pull/173)
18
+ * OpenSSL.fips_mode is added. We had the setter, but not the getter.
16
19
  [[GitHub #125]](https://github.com/ruby/openssl/pull/125)
17
20
  * OpenSSL::OCSP::Request#signed? is added.
18
21
  * OpenSSL::ASN1 handles the indefinite length form better. OpenSSL::ASN1.decode
@@ -22,11 +25,51 @@ Notable changes
22
25
  * OpenSSL::X509::Name#add_entry now accepts two additional keyword arguments
23
26
  'loc' and 'set'.
24
27
  [[GitHub #94]](https://github.com/ruby/openssl/issues/94)
25
- * OpenSSL::SSL::SSLContext#min_version= and #max_version= are added.
28
+ * OpenSSL::SSL::SSLContext#min_version= and #max_version= are added to replace
29
+ #ssl_version= that was built on top of the deprecated OpenSSL C API. Use of
30
+ that method and the constant OpenSSL::SSL::SSLContext::METHODS is now
31
+ deprecated.
26
32
  [[GitHub #142]](https://github.com/ruby/openssl/pull/142)
27
33
  * OpenSSL::X509::Name#to_utf8 is added.
28
34
  [[GitHub #26]](https://github.com/ruby/openssl/issues/26)
29
35
  [[GitHub #143]](https://github.com/ruby/openssl/pull/143)
36
+ * OpenSSL::X509::{Extension,Attribute,Certificate,CRL,Revoked,Request} can be
37
+ compared with == operator.
38
+ [[GitHub #161]](https://github.com/ruby/openssl/pull/161)
39
+ * TLS Fallback Signaling Cipher Suite Value (SCSV) support is added.
40
+ [[GitHub #165]](https://github.com/ruby/openssl/pull/165)
41
+ * Build failure with OpenSSL 1.1 built with no-deprecated is fixed.
42
+ [[GitHub #160]](https://github.com/ruby/openssl/pull/160)
43
+ * OpenSSL::Buffering#write accepts an arbitrary number of arguments.
44
+ [[Feature #9323]](https://bugs.ruby-lang.org/issues/9323)
45
+ [[GitHub #162]](https://github.com/ruby/openssl/pull/162)
46
+ * OpenSSL::PKey::RSA#sign_pss and #verify_pss are added. They perform RSA-PSS
47
+ signature and verification.
48
+ [[GitHub #75]](https://github.com/ruby/openssl/issues/75)
49
+ [[GitHub #76]](https://github.com/ruby/openssl/pull/76)
50
+ [[GitHub #169]](https://github.com/ruby/openssl/pull/169)
51
+ * OpenSSL::SSL::SSLContext#add_certificate is added.
52
+ [[GitHub #167]](https://github.com/ruby/openssl/pull/167)
53
+
54
+
55
+ Version 2.0.6
56
+ =============
57
+
58
+ Bug fixes
59
+ ---------
60
+
61
+ * The session_remove_cb set to an OpenSSL::SSL::SSLContext is no longer called
62
+ during GC.
63
+ * A possible deadlock in OpenSSL::SSL::SSLSocket#sysread is fixed.
64
+ [[GitHub #139]](https://github.com/ruby/openssl/pull/139)
65
+ * OpenSSL::BN#hash could return an unnormalized fixnum value on Windows.
66
+ [[Bug #13877]](https://bugs.ruby-lang.org/issues/13877)
67
+ * OpenSSL::SSL::SSLSocket#sysread and #sysread_nonblock set the length of the
68
+ destination buffer String to 0 on error.
69
+ [[GitHub #153]](https://github.com/ruby/openssl/pull/153)
70
+ * Possible deadlock is fixed. This happened only when built with older versions
71
+ of OpenSSL (before 1.1.0) or LibreSSL.
72
+ [[GitHub #155]](https://github.com/ruby/openssl/pull/155)
30
73
 
31
74
 
32
75
  Version 2.0.5
@@ -181,7 +224,7 @@ Notable changes
181
224
  - A new option 'verify_hostname' is added to OpenSSL::SSL::SSLContext. When it
182
225
  is enabled, and the SNI hostname is also set, the hostname verification on
183
226
  the server certificate is automatically performed. It is now enabled by
184
- OpenSSL::SSL::Context#set_params.
227
+ OpenSSL::SSL::SSLContext#set_params.
185
228
  [[GH ruby/openssl#60]](https://github.com/ruby/openssl/pull/60)
186
229
 
187
230
  Removals
@@ -209,6 +209,10 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
209
209
  # define X509_get0_notAfter(x) X509_get_notAfter(x)
210
210
  # define X509_CRL_get0_lastUpdate(x) X509_CRL_get_lastUpdate(x)
211
211
  # define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x)
212
+ # define X509_set1_notBefore(x, t) X509_set_notBefore(x, t)
213
+ # define X509_set1_notAfter(x, t) X509_set_notAfter(x, t)
214
+ # define X509_CRL_set1_lastUpdate(x, t) X509_CRL_set_lastUpdate(x, t)
215
+ # define X509_CRL_set1_nextUpdate(x, t) X509_CRL_set_nextUpdate(x, t)
212
216
  #endif
213
217
 
214
218
  #if !defined(HAVE_SSL_SESSION_GET_PROTOCOL_VERSION)
@@ -517,40 +517,53 @@ print_mem_leaks(VALUE self)
517
517
  /**
518
518
  * Stores locks needed for OpenSSL thread safety
519
519
  */
520
- static rb_nativethread_lock_t *ossl_locks;
520
+ struct CRYPTO_dynlock_value {
521
+ rb_nativethread_lock_t lock;
522
+ rb_nativethread_id_t owner;
523
+ size_t count;
524
+ };
521
525
 
522
526
  static void
523
- ossl_lock_unlock(int mode, rb_nativethread_lock_t *lock)
527
+ ossl_lock_init(struct CRYPTO_dynlock_value *l)
524
528
  {
525
- if (mode & CRYPTO_LOCK) {
526
- rb_nativethread_lock_lock(lock);
527
- } else {
528
- rb_nativethread_lock_unlock(lock);
529
- }
529
+ rb_nativethread_lock_initialize(&l->lock);
530
+ l->count = 0;
530
531
  }
531
532
 
532
533
  static void
533
- ossl_lock_callback(int mode, int type, const char *file, int line)
534
+ ossl_lock_unlock(int mode, struct CRYPTO_dynlock_value *l)
534
535
  {
535
- ossl_lock_unlock(mode, &ossl_locks[type]);
536
+ if (mode & CRYPTO_LOCK) {
537
+ /* TODO: rb_nativethread_id_t is not necessarily compared with ==. */
538
+ rb_nativethread_id_t tid = rb_nativethread_self();
539
+ if (l->count && l->owner == tid) {
540
+ l->count++;
541
+ return;
542
+ }
543
+ rb_nativethread_lock_lock(&l->lock);
544
+ l->owner = tid;
545
+ l->count = 1;
546
+ } else {
547
+ if (!--l->count)
548
+ rb_nativethread_lock_unlock(&l->lock);
549
+ }
536
550
  }
537
551
 
538
- struct CRYPTO_dynlock_value {
539
- rb_nativethread_lock_t lock;
540
- };
541
-
542
552
  static struct CRYPTO_dynlock_value *
543
553
  ossl_dyn_create_callback(const char *file, int line)
544
554
  {
545
- struct CRYPTO_dynlock_value *dynlock = (struct CRYPTO_dynlock_value *)OPENSSL_malloc((int)sizeof(struct CRYPTO_dynlock_value));
546
- rb_nativethread_lock_initialize(&dynlock->lock);
555
+ /* Do not use xmalloc() here, since it may raise NoMemoryError */
556
+ struct CRYPTO_dynlock_value *dynlock =
557
+ OPENSSL_malloc(sizeof(struct CRYPTO_dynlock_value));
558
+ if (dynlock)
559
+ ossl_lock_init(dynlock);
547
560
  return dynlock;
548
561
  }
549
562
 
550
563
  static void
551
564
  ossl_dyn_lock_callback(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)
552
565
  {
553
- ossl_lock_unlock(mode, &l->lock);
566
+ ossl_lock_unlock(mode, l);
554
567
  }
555
568
 
556
569
  static void
@@ -566,21 +579,22 @@ static void ossl_threadid_func(CRYPTO_THREADID *id)
566
579
  CRYPTO_THREADID_set_pointer(id, (void *)rb_nativethread_self());
567
580
  }
568
581
 
582
+ static struct CRYPTO_dynlock_value *ossl_locks;
583
+
584
+ static void
585
+ ossl_lock_callback(int mode, int type, const char *file, int line)
586
+ {
587
+ ossl_lock_unlock(mode, &ossl_locks[type]);
588
+ }
589
+
569
590
  static void Init_ossl_locks(void)
570
591
  {
571
592
  int i;
572
593
  int num_locks = CRYPTO_num_locks();
573
594
 
574
- if ((unsigned)num_locks >= INT_MAX / (int)sizeof(VALUE)) {
575
- rb_raise(rb_eRuntimeError, "CRYPTO_num_locks() is too big: %d", num_locks);
576
- }
577
- ossl_locks = (rb_nativethread_lock_t *) OPENSSL_malloc(num_locks * (int)sizeof(rb_nativethread_lock_t));
578
- if (!ossl_locks) {
579
- rb_raise(rb_eNoMemError, "CRYPTO_num_locks() is too big: %d", num_locks);
580
- }
581
- for (i = 0; i < num_locks; i++) {
582
- rb_nativethread_lock_initialize(&ossl_locks[i]);
583
- }
595
+ ossl_locks = ALLOC_N(struct CRYPTO_dynlock_value, num_locks);
596
+ for (i = 0; i < num_locks; i++)
597
+ ossl_lock_init(&ossl_locks[i]);
584
598
 
585
599
  CRYPTO_THREADID_set_callback(ossl_threadid_func);
586
600
  CRYPTO_set_locking_callback(ossl_lock_callback);
@@ -1095,25 +1109,14 @@ Init_openssl(void)
1095
1109
  /*
1096
1110
  * Init all digests, ciphers
1097
1111
  */
1098
- /* CRYPTO_malloc_init(); */
1099
- /* ENGINE_load_builtin_engines(); */
1112
+ #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
1113
+ if (!OPENSSL_init_ssl(0, NULL))
1114
+ rb_raise(rb_eRuntimeError, "OPENSSL_init_ssl");
1115
+ #else
1100
1116
  OpenSSL_add_ssl_algorithms();
1101
1117
  OpenSSL_add_all_algorithms();
1102
1118
  ERR_load_crypto_strings();
1103
1119
  SSL_load_error_strings();
1104
-
1105
- /*
1106
- * FIXME:
1107
- * On unload do:
1108
- */
1109
- #if 0
1110
- CONF_modules_unload(1);
1111
- destroy_ui_method();
1112
- EVP_cleanup();
1113
- ENGINE_cleanup();
1114
- CRYPTO_cleanup_all_ex_data();
1115
- ERR_remove_state(0);
1116
- ERR_free_strings();
1117
1120
  #endif
1118
1121
 
1119
1122
  /*
@@ -1135,7 +1138,11 @@ Init_openssl(void)
1135
1138
  /*
1136
1139
  * Version of OpenSSL the ruby OpenSSL extension is running with
1137
1140
  */
1141
+ #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
1142
+ rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
1143
+ #else
1138
1144
  rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
1145
+ #endif
1139
1146
 
1140
1147
  /*
1141
1148
  * Version number of OpenSSL the ruby OpenSSL extension was built with
@@ -35,6 +35,11 @@
35
35
  #if !defined(OPENSSL_NO_OCSP)
36
36
  # include <openssl/ocsp.h>
37
37
  #endif
38
+ #include <openssl/bn.h>
39
+ #include <openssl/rsa.h>
40
+ #include <openssl/dsa.h>
41
+ #include <openssl/evp.h>
42
+ #include <openssl/dh.h>
38
43
 
39
44
  /*
40
45
  * Common Module
@@ -979,20 +979,20 @@ static VALUE
979
979
  ossl_bn_hash(VALUE self)
980
980
  {
981
981
  BIGNUM *bn;
982
- VALUE hash;
982
+ VALUE tmp, hash;
983
983
  unsigned char *buf;
984
984
  int len;
985
985
 
986
986
  GetBN(self, bn);
987
987
  len = BN_num_bytes(bn);
988
- buf = xmalloc(len);
988
+ buf = ALLOCV(tmp, len);
989
989
  if (BN_bn2bin(bn, buf) != len) {
990
- xfree(buf);
991
- ossl_raise(eBNError, NULL);
990
+ ALLOCV_END(tmp);
991
+ ossl_raise(eBNError, "BN_bn2bin");
992
992
  }
993
993
 
994
- hash = INT2FIX(rb_memhash(buf, len));
995
- xfree(buf);
994
+ hash = ST2FIX(rb_memhash(buf, len));
995
+ ALLOCV_END(tmp);
996
996
 
997
997
  return hash;
998
998
  }
@@ -508,7 +508,7 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
508
508
  StringValue(iv);
509
509
  GetCipher(self, ctx);
510
510
 
511
- if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
511
+ if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
512
512
  iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
513
513
  if (!iv_len)
514
514
  iv_len = EVP_CIPHER_CTX_iv_length(ctx);
@@ -535,7 +535,7 @@ ossl_cipher_is_authenticated(VALUE self)
535
535
 
536
536
  GetCipher(self, ctx);
537
537
 
538
- return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
538
+ return (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
539
539
  }
540
540
 
541
541
  /*
@@ -569,6 +569,8 @@ ossl_cipher_set_auth_data(VALUE self, VALUE data)
569
569
  in_len = RSTRING_LEN(data);
570
570
 
571
571
  GetCipher(self, ctx);
572
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
573
+ ossl_raise(eCipherError, "AEAD not supported by this cipher");
572
574
 
573
575
  if (!ossl_cipher_update_long(ctx, NULL, &out_len, in, in_len))
574
576
  ossl_raise(eCipherError, "couldn't set additional authenticated data");
@@ -606,7 +608,7 @@ ossl_cipher_get_auth_tag(int argc, VALUE *argv, VALUE self)
606
608
 
607
609
  GetCipher(self, ctx);
608
610
 
609
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
611
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
610
612
  ossl_raise(eCipherError, "authentication tag not supported by this cipher");
611
613
 
612
614
  ret = rb_str_new(NULL, tag_len);
@@ -641,7 +643,7 @@ ossl_cipher_set_auth_tag(VALUE self, VALUE vtag)
641
643
  tag_len = RSTRING_LENINT(vtag);
642
644
 
643
645
  GetCipher(self, ctx);
644
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
646
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
645
647
  ossl_raise(eCipherError, "authentication tag not supported by this cipher");
646
648
 
647
649
  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
@@ -668,7 +670,7 @@ ossl_cipher_set_auth_tag_len(VALUE self, VALUE vlen)
668
670
  EVP_CIPHER_CTX *ctx;
669
671
 
670
672
  GetCipher(self, ctx);
671
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
673
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
672
674
  ossl_raise(eCipherError, "AEAD not supported by this cipher");
673
675
 
674
676
  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
@@ -695,7 +697,7 @@ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
695
697
  EVP_CIPHER_CTX *ctx;
696
698
 
697
699
  GetCipher(self, ctx);
698
- if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
700
+ if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
699
701
  ossl_raise(eCipherError, "cipher does not support AEAD");
700
702
 
701
703
  if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
@@ -786,7 +788,7 @@ ossl_cipher_iv_length(VALUE self)
786
788
  int len = 0;
787
789
 
788
790
  GetCipher(self, ctx);
789
- if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
791
+ if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
790
792
  len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
791
793
  if (!len)
792
794
  len = EVP_CIPHER_CTX_iv_length(ctx);
@@ -46,13 +46,25 @@ VALUE eEngineError;
46
46
  /*
47
47
  * Private
48
48
  */
49
- #define OSSL_ENGINE_LOAD_IF_MATCH(x) \
49
+ #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
50
+ #define OSSL_ENGINE_LOAD_IF_MATCH(engine_name, x) \
50
51
  do{\
51
- if(!strcmp(#x, RSTRING_PTR(name))){\
52
- ENGINE_load_##x();\
52
+ if(!strcmp(#engine_name, RSTRING_PTR(name))){\
53
+ if (OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL))\
54
+ return Qtrue;\
55
+ else\
56
+ ossl_raise(eEngineError, "OPENSSL_init_crypto"); \
57
+ }\
58
+ }while(0)
59
+ #else
60
+ #define OSSL_ENGINE_LOAD_IF_MATCH(engine_name, x) \
61
+ do{\
62
+ if(!strcmp(#engine_name, RSTRING_PTR(name))){\
63
+ ENGINE_load_##engine_name();\
53
64
  return Qtrue;\
54
65
  }\
55
66
  }while(0)
67
+ #endif
56
68
 
57
69
  static void
58
70
  ossl_engine_free(void *engine)
@@ -94,55 +106,55 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
94
106
  StringValueCStr(name);
95
107
  #ifndef OPENSSL_NO_STATIC_ENGINE
96
108
  #if HAVE_ENGINE_LOAD_DYNAMIC
97
- OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
109
+ OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC);
98
110
  #endif
99
111
  #if HAVE_ENGINE_LOAD_4758CCA
100
- OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
112
+ OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA);
101
113
  #endif
102
114
  #if HAVE_ENGINE_LOAD_AEP
103
- OSSL_ENGINE_LOAD_IF_MATCH(aep);
115
+ OSSL_ENGINE_LOAD_IF_MATCH(aep, AEP);
104
116
  #endif
105
117
  #if HAVE_ENGINE_LOAD_ATALLA
106
- OSSL_ENGINE_LOAD_IF_MATCH(atalla);
118
+ OSSL_ENGINE_LOAD_IF_MATCH(atalla, ATALLA);
107
119
  #endif
108
120
  #if HAVE_ENGINE_LOAD_CHIL
109
- OSSL_ENGINE_LOAD_IF_MATCH(chil);
121
+ OSSL_ENGINE_LOAD_IF_MATCH(chil, CHIL);
110
122
  #endif
111
123
  #if HAVE_ENGINE_LOAD_CSWIFT
112
- OSSL_ENGINE_LOAD_IF_MATCH(cswift);
124
+ OSSL_ENGINE_LOAD_IF_MATCH(cswift, CSWIFT);
113
125
  #endif
114
126
  #if HAVE_ENGINE_LOAD_NURON
115
- OSSL_ENGINE_LOAD_IF_MATCH(nuron);
127
+ OSSL_ENGINE_LOAD_IF_MATCH(nuron, NURON);
116
128
  #endif
117
129
  #if HAVE_ENGINE_LOAD_SUREWARE
118
- OSSL_ENGINE_LOAD_IF_MATCH(sureware);
130
+ OSSL_ENGINE_LOAD_IF_MATCH(sureware, SUREWARE);
119
131
  #endif
120
132
  #if HAVE_ENGINE_LOAD_UBSEC
121
- OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
133
+ OSSL_ENGINE_LOAD_IF_MATCH(ubsec, UBSEC);
122
134
  #endif
123
135
  #if HAVE_ENGINE_LOAD_PADLOCK
124
- OSSL_ENGINE_LOAD_IF_MATCH(padlock);
136
+ OSSL_ENGINE_LOAD_IF_MATCH(padlock, PADLOCK);
125
137
  #endif
126
138
  #if HAVE_ENGINE_LOAD_CAPI
127
- OSSL_ENGINE_LOAD_IF_MATCH(capi);
139
+ OSSL_ENGINE_LOAD_IF_MATCH(capi, CAPI);
128
140
  #endif
129
141
  #if HAVE_ENGINE_LOAD_GMP
130
- OSSL_ENGINE_LOAD_IF_MATCH(gmp);
142
+ OSSL_ENGINE_LOAD_IF_MATCH(gmp, GMP);
131
143
  #endif
132
144
  #if HAVE_ENGINE_LOAD_GOST
133
- OSSL_ENGINE_LOAD_IF_MATCH(gost);
145
+ OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST);
134
146
  #endif
135
147
  #if HAVE_ENGINE_LOAD_CRYPTODEV
136
- OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);
148
+ OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV);
137
149
  #endif
138
150
  #if HAVE_ENGINE_LOAD_AESNI
139
- OSSL_ENGINE_LOAD_IF_MATCH(aesni);
151
+ OSSL_ENGINE_LOAD_IF_MATCH(aesni, AESNI);
140
152
  #endif
141
153
  #endif
142
154
  #ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
143
- OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
155
+ OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto, OPENBSD_DEV_CRYPTO);
144
156
  #endif
145
- OSSL_ENGINE_LOAD_IF_MATCH(openssl);
157
+ OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL);
146
158
  rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
147
159
  return Qnil;
148
160
  #endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
@@ -160,7 +172,9 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
160
172
  static VALUE
161
173
  ossl_engine_s_cleanup(VALUE self)
162
174
  {
175
+ #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000
163
176
  ENGINE_cleanup();
177
+ #endif
164
178
  return Qnil;
165
179
  }
166
180