openssl 2.2.2 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +32 -44
- data/History.md +99 -13
- data/ext/openssl/extconf.rb +26 -28
- data/ext/openssl/openssl_missing.c +0 -66
- data/ext/openssl/openssl_missing.h +26 -45
- data/ext/openssl/ossl.c +59 -46
- data/ext/openssl/ossl.h +20 -6
- data/ext/openssl/ossl_asn1.c +16 -4
- data/ext/openssl/ossl_bn.c +188 -126
- data/ext/openssl/ossl_cipher.c +11 -11
- data/ext/openssl/ossl_config.c +412 -41
- data/ext/openssl/ossl_config.h +4 -7
- data/ext/openssl/ossl_digest.c +9 -9
- data/ext/openssl/ossl_engine.c +16 -15
- data/ext/openssl/ossl_hmac.c +48 -135
- data/ext/openssl/ossl_kdf.c +8 -0
- data/ext/openssl/ossl_ocsp.c +3 -51
- data/ext/openssl/ossl_pkcs12.c +21 -3
- data/ext/openssl/ossl_pkcs7.c +42 -59
- data/ext/openssl/ossl_pkey.c +1102 -191
- data/ext/openssl/ossl_pkey.h +35 -72
- data/ext/openssl/ossl_pkey_dh.c +124 -334
- data/ext/openssl/ossl_pkey_dsa.c +93 -398
- data/ext/openssl/ossl_pkey_ec.c +126 -318
- data/ext/openssl/ossl_pkey_rsa.c +100 -487
- data/ext/openssl/ossl_ssl.c +256 -355
- data/ext/openssl/ossl_ssl_session.c +24 -29
- data/ext/openssl/ossl_ts.c +35 -20
- data/ext/openssl/ossl_x509.c +0 -6
- data/ext/openssl/ossl_x509cert.c +164 -8
- data/ext/openssl/ossl_x509crl.c +10 -7
- data/ext/openssl/ossl_x509ext.c +1 -2
- data/ext/openssl/ossl_x509name.c +9 -2
- data/ext/openssl/ossl_x509req.c +10 -7
- data/ext/openssl/ossl_x509store.c +154 -70
- data/lib/openssl/buffering.rb +9 -0
- data/lib/openssl/hmac.rb +65 -0
- data/lib/openssl/pkey.rb +417 -0
- data/lib/openssl/ssl.rb +7 -7
- data/lib/openssl/version.rb +1 -1
- data/lib/openssl/x509.rb +22 -0
- data/lib/openssl.rb +0 -1
- metadata +5 -77
- data/ext/openssl/ruby_missing.h +0 -24
- data/lib/openssl/config.rb +0 -501
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d382c0c6e46a7009fa58a8378b052341712f115f73f90c2409fdfa990c5c3a41
|
4
|
+
data.tar.gz: dc54eb994bb6c4de4e425c32702ec551b5c9d1d677062e629cbf162d171a5dec
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8516105c4fb7d40619519c8165d45c602dd6ed65971ad8289ad70e9a7fc89d36c16a801c62ecf7c82e9068f07a3a63df69c3d9faf693796b071c059cdb10f805
|
7
|
+
data.tar.gz: 5c6cc181f035383b724b6bd5d249e36797c5079482e88efa137e9dc74b0b338fd4be7d6d27d7e39a67054429a64d79305a15146c645ee23c97696f1838640c7a
|
data/CONTRIBUTING.md
CHANGED
@@ -12,16 +12,17 @@ If you think you found a bug, file a ticket on GitHub. Please DO NOT report
|
|
12
12
|
security issues here, there is a separate procedure which is described on
|
13
13
|
["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
|
14
14
|
|
15
|
-
When reporting a bug, please make sure you include:
|
16
|
-
|
17
|
-
*
|
18
|
-
*
|
15
|
+
When reporting a bug, please make sure you include:
|
16
|
+
|
17
|
+
* Ruby version (`ruby -v`)
|
18
|
+
* `openssl` gem version (`gem list openssl` and `OpenSSL::VERSION`)
|
19
|
+
* OpenSSL library version (`OpenSSL::OPENSSL_VERSION`)
|
19
20
|
* A sample file that illustrates the problem or link to the repository or
|
20
21
|
gem that is associated with the bug.
|
21
22
|
|
22
23
|
There are a number of unresolved issues and feature requests for openssl that
|
23
24
|
need review. Before submitting a new ticket, it is recommended to check
|
24
|
-
[known issues]
|
25
|
+
[known issues].
|
25
26
|
|
26
27
|
## Submitting patches
|
27
28
|
|
@@ -34,62 +35,50 @@ Make sure that your branch does:
|
|
34
35
|
* Have good commit messages
|
35
36
|
* Follow Ruby's coding style ([DeveloperHowTo])
|
36
37
|
* Pass the test suite successfully (see "Testing")
|
37
|
-
* Add an entry to [History.md] if necessary
|
38
38
|
|
39
39
|
## Testing
|
40
40
|
|
41
41
|
We have a test suite!
|
42
42
|
|
43
43
|
Test cases are located under the
|
44
|
-
[`test
|
44
|
+
[`test/openssl`](https://github.com/ruby/openssl/tree/master/test/openssl)
|
45
|
+
directory.
|
45
46
|
|
46
47
|
You can run it with the following three commands:
|
47
48
|
|
48
49
|
```
|
49
|
-
$
|
50
|
-
$ rake compile
|
51
|
-
$ rake test
|
50
|
+
$ bundle install # installs rake-compiler, test-unit, ...
|
51
|
+
$ bundle exec rake compile
|
52
|
+
$ bundle exec rake test
|
52
53
|
```
|
53
54
|
|
54
|
-
###
|
55
|
-
|
56
|
-
You can also use Docker Compose to run tests. It can be used to check that your
|
57
|
-
changes work correctly with various supported versions of Ruby and OpenSSL.
|
58
|
-
|
59
|
-
First, you need to install [Docker](https://www.docker.com/products/docker) and
|
60
|
-
[Docker Compose](https://www.docker.com/products/docker-compose) on your
|
61
|
-
computer.
|
55
|
+
### With different versions of OpenSSL
|
62
56
|
|
63
|
-
|
64
|
-
|
65
|
-
instructions for your package manager. For further information, please check
|
66
|
-
the [official documentation](https://docs.docker.com/).
|
57
|
+
Ruby OpenSSL supports various versions of OpenSSL library. The test suite needs
|
58
|
+
to pass on all supported combinations.
|
67
59
|
|
68
|
-
|
69
|
-
|
70
|
-
|
60
|
+
Similarly to when installing `openssl` gem via the `gem` command,
|
61
|
+
you can pass a `--with-openssl-dir` argument to `rake compile`
|
62
|
+
to specify the OpenSSL library to build against.
|
71
63
|
|
72
64
|
```
|
73
|
-
$
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
65
|
+
$ ( curl -OL https://ftp.openssl.org/source/openssl-3.0.1.tar.gz &&
|
66
|
+
tar xf openssl-3.0.1.tar.gz &&
|
67
|
+
cd openssl-3.0.1 &&
|
68
|
+
./config --prefix=$HOME/.openssl/openssl-3.0.1 --libdir=lib &&
|
69
|
+
make -j4 &&
|
70
|
+
make install )
|
71
|
+
|
72
|
+
$ # in Ruby/OpenSSL's source directory
|
73
|
+
$ bundle exec rake clean
|
74
|
+
$ bundle exec rake compile -- --with-openssl-dir=$HOME/.openssl/openssl-3.0.1
|
75
|
+
$ bundle exec rake test
|
80
76
|
```
|
81
77
|
|
82
|
-
|
83
|
-
[`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml)
|
84
|
-
|
85
|
-
|
86
|
-
to use the
|
87
|
-
[`docker-compose.yml`](https://github.com/ruby/openssl/blob/master/docker-compose.yml)
|
88
|
-
file we have provided.
|
89
|
-
|
90
|
-
This Docker image is built using the
|
91
|
-
[Dockerfile](https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker)
|
92
|
-
provided in the repository.
|
78
|
+
The GitHub Actions workflow file
|
79
|
+
[`test.yml`](https://github.com/ruby/openssl/tree/master/.github/workflows/test.yml)
|
80
|
+
contains useful information for building OpenSSL/LibreSSL and testing against
|
81
|
+
them.
|
93
82
|
|
94
83
|
|
95
84
|
## Relation with Ruby source tree
|
@@ -124,7 +113,6 @@ _Thanks for your contributions!_
|
|
124
113
|
|
125
114
|
[GitHub]: https://github.com/ruby/openssl
|
126
115
|
[known issues]: https://github.com/ruby/openssl/issues
|
127
|
-
[bugs.ruby-lang.org]: https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=
|
128
116
|
[DeveloperHowTo]: https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto
|
129
117
|
[HackerOne]: https://hackerone.com/ruby
|
130
118
|
[Security]: https://www.ruby-lang.org/en/security/
|
data/History.md
CHANGED
@@ -1,7 +1,103 @@
|
|
1
|
-
Version
|
1
|
+
Version 3.0.0
|
2
2
|
=============
|
3
3
|
|
4
|
-
|
4
|
+
Compatibility notes
|
5
|
+
-------------------
|
6
|
+
|
7
|
+
* OpenSSL 1.0.1 and Ruby 2.3-2.5 are no longer supported.
|
8
|
+
[[GitHub #396]](https://github.com/ruby/openssl/pull/396)
|
9
|
+
[[GitHub #466]](https://github.com/ruby/openssl/pull/466)
|
10
|
+
|
11
|
+
* OpenSSL 3.0 support is added. It is the first major version bump from OpenSSL
|
12
|
+
1.1 and contains incompatible changes that affect Ruby/OpenSSL.
|
13
|
+
Note that OpenSSL 3.0 support is preliminary and not all features are
|
14
|
+
currently available:
|
15
|
+
[[GitHub #369]](https://github.com/ruby/openssl/issues/369)
|
16
|
+
|
17
|
+
- Deprecate the ability to modify `OpenSSL::PKey::PKey` instances. OpenSSL 3.0
|
18
|
+
made EVP_PKEY structure immutable, and hence the following methods are not
|
19
|
+
available when Ruby/OpenSSL is linked against OpenSSL 3.0.
|
20
|
+
[[GitHub #480]](https://github.com/ruby/openssl/pull/480)
|
21
|
+
|
22
|
+
- `OpenSSL::PKey::RSA#set_key`, `#set_factors`, `#set_crt_params`
|
23
|
+
- `OpenSSL::PKey::DSA#set_pqg`, `#set_key`
|
24
|
+
- `OpenSSL::PKey::DH#set_pqg`, `#set_key`, `#generate_key!`
|
25
|
+
- `OpenSSL::PKey::EC#private_key=`, `#public_key=`, `#group=`, `#generate_key!`
|
26
|
+
|
27
|
+
- Deprecate `OpenSSL::Engine`. The ENGINE API has been deprecated in OpenSSL 3.0
|
28
|
+
in favor of the new "provider" concept and will be removed in a future
|
29
|
+
version.
|
30
|
+
[[GitHub #481]](https://github.com/ruby/openssl/pull/481)
|
31
|
+
|
32
|
+
* `OpenSSL::SSL::SSLContext#tmp_ecdh_callback` has been removed. It has been
|
33
|
+
deprecated since v2.0.0 because it is incompatible with modern OpenSSL
|
34
|
+
versions.
|
35
|
+
[[GitHub #394]](https://github.com/ruby/openssl/pull/394)
|
36
|
+
|
37
|
+
* `OpenSSL::SSL::SSLSocket#read` and `#write` now raise `OpenSSL::SSL::SSLError`
|
38
|
+
if called before a TLS connection is established. Historically, they
|
39
|
+
read/wrote unencrypted data to the underlying socket directly in that case.
|
40
|
+
[[GitHub #9]](https://github.com/ruby/openssl/issues/9)
|
41
|
+
[[GitHub #469]](https://github.com/ruby/openssl/pull/469)
|
42
|
+
|
43
|
+
|
44
|
+
Notable changes
|
45
|
+
---------------
|
46
|
+
|
47
|
+
* Enhance OpenSSL::PKey's common interface.
|
48
|
+
[[GitHub #370]](https://github.com/ruby/openssl/issues/370)
|
49
|
+
|
50
|
+
- Key deserialization: Enhance `OpenSSL::PKey.read` to handle PEM encoding of
|
51
|
+
DH parameters, which used to be only deserialized by `OpenSSL::PKey::DH.new`.
|
52
|
+
[[GitHub #328]](https://github.com/ruby/openssl/issues/328)
|
53
|
+
- Key generation: Add `OpenSSL::PKey.generate_parameters` and
|
54
|
+
`OpenSSL::PKey.generate_key`.
|
55
|
+
[[GitHub #329]](https://github.com/ruby/openssl/issues/329)
|
56
|
+
- Public key signing: Enhance `OpenSSL::PKey::PKey#sign` and `#verify` to use
|
57
|
+
the new EVP_DigestSign() family to enable PureEdDSA support on OpenSSL 1.1.1
|
58
|
+
or later. They also now take optional algorithm-specific parameters for more
|
59
|
+
control.
|
60
|
+
[[GitHub #329]](https://github.com/ruby/openssl/issues/329)
|
61
|
+
- Low-level public key signing and verification: Add
|
62
|
+
`OpenSSL::PKey::PKey#sign_raw`, `#verify_raw`, and `#verify_recover`.
|
63
|
+
[[GitHub #382]](https://github.com/ruby/openssl/issues/382)
|
64
|
+
- Public key encryption: Add `OpenSSL::PKey::PKey#encrypt` and `#decrypt`.
|
65
|
+
[[GitHub #382]](https://github.com/ruby/openssl/issues/382)
|
66
|
+
- Key agreement: Add `OpenSSL::PKey::PKey#derive`.
|
67
|
+
[[GitHub #329]](https://github.com/ruby/openssl/issues/329)
|
68
|
+
- Key comparison: Add `OpenSSL::PKey::PKey#compare?` to conveniently check
|
69
|
+
that two keys have common parameters and a public key.
|
70
|
+
[[GitHub #383]](https://github.com/ruby/openssl/issues/383)
|
71
|
+
|
72
|
+
* Add `OpenSSL::BN#set_flags` and `#get_flags`. This can be used in combination
|
73
|
+
with `OpenSSL::BN::CONSTTIME` to force constant-time computation.
|
74
|
+
[[GitHub #417]](https://github.com/ruby/openssl/issues/417)
|
75
|
+
|
76
|
+
* Add `OpenSSL::BN#abs` to get the absolute value of the BIGNUM.
|
77
|
+
[[GitHub #430]](https://github.com/ruby/openssl/issues/430)
|
78
|
+
|
79
|
+
* Add `OpenSSL::SSL::SSLSocket#getbyte`.
|
80
|
+
[[GitHub #438]](https://github.com/ruby/openssl/issues/438)
|
81
|
+
|
82
|
+
* Add `OpenSSL::SSL::SSLContext#tmp_dh=`.
|
83
|
+
[[GitHub #459]](https://github.com/ruby/openssl/pull/459)
|
84
|
+
|
85
|
+
* Add `OpenSSL::X509::Certificate.load` to load a PEM-encoded and concatenated
|
86
|
+
list of X.509 certificates at once.
|
87
|
+
[[GitHub #441]](https://github.com/ruby/openssl/pull/441)
|
88
|
+
|
89
|
+
* Change `OpenSSL::X509::Certificate.new` to attempt to deserialize the given
|
90
|
+
string first as DER encoding first and then as PEM encoding to ensure the
|
91
|
+
round-trip consistency.
|
92
|
+
[[GitHub #442]](https://github.com/ruby/openssl/pull/442)
|
93
|
+
|
94
|
+
* Update various part of the code base to use the modern API. No breaking
|
95
|
+
changes are intended with this. This includes:
|
96
|
+
|
97
|
+
- `OpenSSL::HMAC` uses the EVP API.
|
98
|
+
[[GitHub #371]](https://github.com/ruby/openssl/issues/371)
|
99
|
+
- `OpenSSL::Config` uses native OpenSSL API to parse config files.
|
100
|
+
[[GitHub #342]](https://github.com/ruby/openssl/issues/342)
|
5
101
|
|
6
102
|
|
7
103
|
Version 2.2.1
|
@@ -98,16 +194,6 @@ Notable changes
|
|
98
194
|
[[GitHub #297]](https://github.com/ruby/openssl/pull/297)
|
99
195
|
|
100
196
|
|
101
|
-
Version 2.1.4
|
102
|
-
=============
|
103
|
-
|
104
|
-
Bug fixes
|
105
|
-
---------
|
106
|
-
|
107
|
-
* Do not use pkg-config if --with-openssl-dir option is specified.
|
108
|
-
[[GitHub #486]](https://github.com/ruby/openssl/pull/486)
|
109
|
-
|
110
|
-
|
111
197
|
Version 2.1.3
|
112
198
|
=============
|
113
199
|
|
@@ -129,7 +215,7 @@ Bug fixes
|
|
129
215
|
[[GitHub #453]](https://github.com/ruby/openssl/pull/453)
|
130
216
|
* Fix misuse of input record separator in `OpenSSL::Buffering` where it was
|
131
217
|
for output.
|
132
|
-
* Fix wrong
|
218
|
+
* Fix wrong integer casting in `OpenSSL::PKey::EC#dsa_verify_asn1`.
|
133
219
|
[[GitHub #460]](https://github.com/ruby/openssl/pull/460)
|
134
220
|
* `extconf.rb` explicitly checks that OpenSSL's version number is 1.0.1 or
|
135
221
|
newer but also less than 3.0. Ruby/OpenSSL v2.1.x and v2.2.x will not support
|
data/ext/openssl/extconf.rb
CHANGED
@@ -13,7 +13,7 @@
|
|
13
13
|
|
14
14
|
require "mkmf"
|
15
15
|
|
16
|
-
|
16
|
+
dir_config("openssl")
|
17
17
|
dir_config("kerberos")
|
18
18
|
|
19
19
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
@@ -26,6 +26,8 @@ if with_config("debug") or enable_config("debug")
|
|
26
26
|
$defs.push("-DOSSL_DEBUG")
|
27
27
|
end
|
28
28
|
|
29
|
+
have_func("rb_io_maybe_wait") # Ruby 3.1
|
30
|
+
|
29
31
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
30
32
|
have_library("nsl", "t_open")
|
31
33
|
have_library("socket", "socket")
|
@@ -90,7 +92,7 @@ def find_openssl_library
|
|
90
92
|
end
|
91
93
|
|
92
94
|
Logging::message "=== Checking for required stuff... ===\n"
|
93
|
-
pkg_config_found =
|
95
|
+
pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
|
94
96
|
|
95
97
|
if !pkg_config_found && !find_openssl_library
|
96
98
|
Logging::message "=== Checking for required stuff failed. ===\n"
|
@@ -102,15 +104,14 @@ end
|
|
102
104
|
|
103
105
|
version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
104
106
|
is_libressl = true
|
105
|
-
checking_for("LibreSSL version >=
|
106
|
-
try_static_assert("LIBRESSL_VERSION_NUMBER >=
|
107
|
+
checking_for("LibreSSL version >= 3.1.0") {
|
108
|
+
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x30100000L", "openssl/opensslv.h") }
|
107
109
|
else
|
108
|
-
checking_for("OpenSSL version >= 1.0.
|
109
|
-
try_static_assert("OPENSSL_VERSION_NUMBER >=
|
110
|
-
!try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
|
110
|
+
checking_for("OpenSSL version >= 1.0.2") {
|
111
|
+
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10002000L", "openssl/opensslv.h") }
|
111
112
|
end
|
112
113
|
unless version_ok
|
113
|
-
raise "OpenSSL >= 1.0.
|
114
|
+
raise "OpenSSL >= 1.0.2 or LibreSSL >= 3.1.0 is required"
|
114
115
|
end
|
115
116
|
|
116
117
|
# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
|
@@ -127,29 +128,13 @@ engines.each { |name|
|
|
127
128
|
have_func("ENGINE_load_#{name}()", "openssl/engine.h")
|
128
129
|
}
|
129
130
|
|
130
|
-
# added in 1.0.2
|
131
|
-
have_func("EC_curve_nist2nid")
|
132
|
-
have_func("X509_REVOKED_dup")
|
133
|
-
have_func("X509_STORE_CTX_get0_store")
|
134
|
-
have_func("SSL_CTX_set_alpn_select_cb")
|
135
|
-
have_func("SSL_CTX_set1_curves_list(NULL, NULL)", "openssl/ssl.h")
|
136
|
-
have_func("SSL_CTX_set_ecdh_auto(NULL, 0)", "openssl/ssl.h")
|
137
|
-
have_func("SSL_get_server_tmp_key(NULL, NULL)", "openssl/ssl.h")
|
138
|
-
have_func("SSL_is_server")
|
139
|
-
|
140
131
|
# added in 1.1.0
|
141
|
-
if !have_struct_member("SSL", "ctx", "openssl/ssl.h") ||
|
142
|
-
try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x2070000fL", "openssl/opensslv.h")
|
132
|
+
if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl
|
143
133
|
$defs.push("-DHAVE_OPAQUE_OPENSSL")
|
144
134
|
end
|
145
|
-
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
|
146
|
-
have_func("BN_GENCB_new")
|
147
|
-
have_func("BN_GENCB_free")
|
148
|
-
have_func("BN_GENCB_get_arg")
|
149
135
|
have_func("EVP_MD_CTX_new")
|
150
136
|
have_func("EVP_MD_CTX_free")
|
151
|
-
have_func("
|
152
|
-
have_func("HMAC_CTX_free")
|
137
|
+
have_func("EVP_MD_CTX_pkey_ctx")
|
153
138
|
have_func("X509_STORE_get_ex_data")
|
154
139
|
have_func("X509_STORE_set_ex_data")
|
155
140
|
have_func("X509_STORE_get_ex_new_index")
|
@@ -168,7 +153,6 @@ have_func("X509_CRL_up_ref")
|
|
168
153
|
have_func("X509_STORE_up_ref")
|
169
154
|
have_func("SSL_SESSION_up_ref")
|
170
155
|
have_func("EVP_PKEY_up_ref")
|
171
|
-
have_func("SSL_CTX_set_tmp_ecdh_callback(NULL, NULL)", "openssl/ssl.h") # removed
|
172
156
|
have_func("SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h")
|
173
157
|
have_func("SSL_CTX_get_security_level")
|
174
158
|
have_func("X509_get0_notBefore")
|
@@ -176,13 +160,27 @@ have_func("SSL_SESSION_get_protocol_version")
|
|
176
160
|
have_func("TS_STATUS_INFO_get0_status")
|
177
161
|
have_func("TS_STATUS_INFO_get0_text")
|
178
162
|
have_func("TS_STATUS_INFO_get0_failure_info")
|
179
|
-
have_func("TS_VERIFY_CTS_set_certs")
|
163
|
+
have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
|
180
164
|
have_func("TS_VERIFY_CTX_set_store")
|
181
165
|
have_func("TS_VERIFY_CTX_add_flags")
|
182
166
|
have_func("TS_RESP_CTX_set_time_cb")
|
183
167
|
have_func("EVP_PBE_scrypt")
|
184
168
|
have_func("SSL_CTX_set_post_handshake_auth")
|
185
169
|
|
170
|
+
# added in 1.1.1
|
171
|
+
have_func("EVP_PKEY_check")
|
172
|
+
|
173
|
+
# added in 3.0.0
|
174
|
+
have_func("SSL_set0_tmp_dh_pkey")
|
175
|
+
have_func("ERR_get_error_all")
|
176
|
+
have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
|
177
|
+
have_func("SSL_CTX_load_verify_file")
|
178
|
+
have_func("BN_check_prime")
|
179
|
+
have_func("EVP_MD_CTX_get0_md")
|
180
|
+
have_func("EVP_MD_CTX_get_pkey_ctx")
|
181
|
+
have_func("EVP_PKEY_eq")
|
182
|
+
have_func("EVP_PKEY_dup")
|
183
|
+
|
186
184
|
Logging::message "=== Checking done. ===\n"
|
187
185
|
|
188
186
|
create_header
|
@@ -10,77 +10,11 @@
|
|
10
10
|
#include RUBY_EXTCONF_H
|
11
11
|
|
12
12
|
#include <string.h> /* memcpy() */
|
13
|
-
#if !defined(OPENSSL_NO_ENGINE)
|
14
|
-
# include <openssl/engine.h>
|
15
|
-
#endif
|
16
|
-
#if !defined(OPENSSL_NO_HMAC)
|
17
|
-
# include <openssl/hmac.h>
|
18
|
-
#endif
|
19
13
|
#include <openssl/x509_vfy.h>
|
20
14
|
|
21
15
|
#include "openssl_missing.h"
|
22
16
|
|
23
|
-
/* added in 1.0.2 */
|
24
|
-
#if !defined(OPENSSL_NO_EC)
|
25
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
26
|
-
static struct {
|
27
|
-
const char *name;
|
28
|
-
int nid;
|
29
|
-
} nist_curves[] = {
|
30
|
-
{"B-163", NID_sect163r2},
|
31
|
-
{"B-233", NID_sect233r1},
|
32
|
-
{"B-283", NID_sect283r1},
|
33
|
-
{"B-409", NID_sect409r1},
|
34
|
-
{"B-571", NID_sect571r1},
|
35
|
-
{"K-163", NID_sect163k1},
|
36
|
-
{"K-233", NID_sect233k1},
|
37
|
-
{"K-283", NID_sect283k1},
|
38
|
-
{"K-409", NID_sect409k1},
|
39
|
-
{"K-571", NID_sect571k1},
|
40
|
-
{"P-192", NID_X9_62_prime192v1},
|
41
|
-
{"P-224", NID_secp224r1},
|
42
|
-
{"P-256", NID_X9_62_prime256v1},
|
43
|
-
{"P-384", NID_secp384r1},
|
44
|
-
{"P-521", NID_secp521r1}
|
45
|
-
};
|
46
|
-
|
47
|
-
int
|
48
|
-
ossl_EC_curve_nist2nid(const char *name)
|
49
|
-
{
|
50
|
-
size_t i;
|
51
|
-
for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
|
52
|
-
if (!strcmp(nist_curves[i].name, name))
|
53
|
-
return nist_curves[i].nid;
|
54
|
-
}
|
55
|
-
return NID_undef;
|
56
|
-
}
|
57
|
-
#endif
|
58
|
-
#endif
|
59
|
-
|
60
17
|
/*** added in 1.1.0 ***/
|
61
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
62
|
-
HMAC_CTX *
|
63
|
-
ossl_HMAC_CTX_new(void)
|
64
|
-
{
|
65
|
-
HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
|
66
|
-
if (!ctx)
|
67
|
-
return NULL;
|
68
|
-
HMAC_CTX_init(ctx);
|
69
|
-
return ctx;
|
70
|
-
}
|
71
|
-
#endif
|
72
|
-
|
73
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
74
|
-
void
|
75
|
-
ossl_HMAC_CTX_free(HMAC_CTX *ctx)
|
76
|
-
{
|
77
|
-
if (ctx) {
|
78
|
-
HMAC_CTX_cleanup(ctx);
|
79
|
-
OPENSSL_free(ctx);
|
80
|
-
}
|
81
|
-
}
|
82
|
-
#endif
|
83
|
-
|
84
18
|
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
|
85
19
|
void
|
86
20
|
ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
|
@@ -12,40 +12,7 @@
|
|
12
12
|
|
13
13
|
#include "ruby/config.h"
|
14
14
|
|
15
|
-
/* added in 1.0.2 */
|
16
|
-
#if !defined(OPENSSL_NO_EC)
|
17
|
-
#if !defined(HAVE_EC_CURVE_NIST2NID)
|
18
|
-
int ossl_EC_curve_nist2nid(const char *);
|
19
|
-
# define EC_curve_nist2nid ossl_EC_curve_nist2nid
|
20
|
-
#endif
|
21
|
-
#endif
|
22
|
-
|
23
|
-
#if !defined(HAVE_X509_REVOKED_DUP)
|
24
|
-
# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
|
25
|
-
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
|
26
|
-
#endif
|
27
|
-
|
28
|
-
#if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
|
29
|
-
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
|
30
|
-
#endif
|
31
|
-
|
32
|
-
#if !defined(HAVE_SSL_IS_SERVER)
|
33
|
-
# define SSL_is_server(s) ((s)->server)
|
34
|
-
#endif
|
35
|
-
|
36
15
|
/* added in 1.1.0 */
|
37
|
-
#if !defined(HAVE_BN_GENCB_NEW)
|
38
|
-
# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
|
39
|
-
#endif
|
40
|
-
|
41
|
-
#if !defined(HAVE_BN_GENCB_FREE)
|
42
|
-
# define BN_GENCB_free(cb) OPENSSL_free(cb)
|
43
|
-
#endif
|
44
|
-
|
45
|
-
#if !defined(HAVE_BN_GENCB_GET_ARG)
|
46
|
-
# define BN_GENCB_get_arg(cb) (cb)->arg
|
47
|
-
#endif
|
48
|
-
|
49
16
|
#if !defined(HAVE_EVP_MD_CTX_NEW)
|
50
17
|
# define EVP_MD_CTX_new EVP_MD_CTX_create
|
51
18
|
#endif
|
@@ -54,16 +21,6 @@ int ossl_EC_curve_nist2nid(const char *);
|
|
54
21
|
# define EVP_MD_CTX_free EVP_MD_CTX_destroy
|
55
22
|
#endif
|
56
23
|
|
57
|
-
#if !defined(HAVE_HMAC_CTX_NEW)
|
58
|
-
HMAC_CTX *ossl_HMAC_CTX_new(void);
|
59
|
-
# define HMAC_CTX_new ossl_HMAC_CTX_new
|
60
|
-
#endif
|
61
|
-
|
62
|
-
#if !defined(HAVE_HMAC_CTX_FREE)
|
63
|
-
void ossl_HMAC_CTX_free(HMAC_CTX *);
|
64
|
-
# define HMAC_CTX_free ossl_HMAC_CTX_free
|
65
|
-
#endif
|
66
|
-
|
67
24
|
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
|
68
25
|
# define X509_STORE_get_ex_data(x, idx) \
|
69
26
|
CRYPTO_get_ex_data(&(x)->ex_data, (idx))
|
@@ -147,8 +104,7 @@ void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, co
|
|
147
104
|
CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
148
105
|
#endif
|
149
106
|
|
150
|
-
#if !defined(HAVE_OPAQUE_OPENSSL)
|
151
|
-
(!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
107
|
+
#if !defined(HAVE_OPAQUE_OPENSSL)
|
152
108
|
#define IMPL_PKEY_GETTER(_type, _name) \
|
153
109
|
static inline _type *EVP_PKEY_get0_##_type(EVP_PKEY *pkey) { \
|
154
110
|
return pkey->pkey._name; }
|
@@ -254,4 +210,29 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
|
|
254
210
|
} while (0)
|
255
211
|
#endif
|
256
212
|
|
213
|
+
/* added in 3.0.0 */
|
214
|
+
#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
|
215
|
+
# define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
|
216
|
+
#endif
|
217
|
+
|
218
|
+
#ifndef HAVE_EVP_MD_CTX_GET0_MD
|
219
|
+
# define EVP_MD_CTX_get0_md(ctx) EVP_MD_CTX_md(ctx)
|
220
|
+
#endif
|
221
|
+
|
222
|
+
/*
|
223
|
+
* OpenSSL 1.1.0 added EVP_MD_CTX_pkey_ctx(), and then it was renamed to
|
224
|
+
* EVP_MD_CTX_get_pkey_ctx(x) in OpenSSL 3.0.
|
225
|
+
*/
|
226
|
+
#ifndef HAVE_EVP_MD_CTX_GET_PKEY_CTX
|
227
|
+
# ifdef HAVE_EVP_MD_CTX_PKEY_CTX
|
228
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) EVP_MD_CTX_pkey_ctx(x)
|
229
|
+
# else
|
230
|
+
# define EVP_MD_CTX_get_pkey_ctx(x) (x)->pctx
|
231
|
+
# endif
|
232
|
+
#endif
|
233
|
+
|
234
|
+
#ifndef HAVE_EVP_PKEY_EQ
|
235
|
+
# define EVP_PKEY_eq(a, b) EVP_PKEY_cmp(a, b)
|
236
|
+
#endif
|
237
|
+
|
257
238
|
#endif /* _OSSL_OPENSSL_MISSING_H_ */
|