openssl 2.0.0.beta.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of openssl might be problematic. Click here for more details.

Files changed (71) hide show
  1. checksums.yaml +7 -0
  2. data/BSDL +22 -0
  3. data/CONTRIBUTING.md +130 -0
  4. data/History.md +118 -0
  5. data/LICENSE.txt +56 -0
  6. data/README.md +70 -0
  7. data/ext/openssl/deprecation.rb +26 -0
  8. data/ext/openssl/extconf.rb +158 -0
  9. data/ext/openssl/openssl_missing.c +173 -0
  10. data/ext/openssl/openssl_missing.h +244 -0
  11. data/ext/openssl/ossl.c +1201 -0
  12. data/ext/openssl/ossl.h +222 -0
  13. data/ext/openssl/ossl_asn1.c +1992 -0
  14. data/ext/openssl/ossl_asn1.h +66 -0
  15. data/ext/openssl/ossl_bio.c +87 -0
  16. data/ext/openssl/ossl_bio.h +19 -0
  17. data/ext/openssl/ossl_bn.c +1153 -0
  18. data/ext/openssl/ossl_bn.h +23 -0
  19. data/ext/openssl/ossl_cipher.c +1085 -0
  20. data/ext/openssl/ossl_cipher.h +20 -0
  21. data/ext/openssl/ossl_config.c +89 -0
  22. data/ext/openssl/ossl_config.h +19 -0
  23. data/ext/openssl/ossl_digest.c +453 -0
  24. data/ext/openssl/ossl_digest.h +20 -0
  25. data/ext/openssl/ossl_engine.c +580 -0
  26. data/ext/openssl/ossl_engine.h +19 -0
  27. data/ext/openssl/ossl_hmac.c +398 -0
  28. data/ext/openssl/ossl_hmac.h +18 -0
  29. data/ext/openssl/ossl_ns_spki.c +406 -0
  30. data/ext/openssl/ossl_ns_spki.h +19 -0
  31. data/ext/openssl/ossl_ocsp.c +2013 -0
  32. data/ext/openssl/ossl_ocsp.h +23 -0
  33. data/ext/openssl/ossl_pkcs12.c +259 -0
  34. data/ext/openssl/ossl_pkcs12.h +13 -0
  35. data/ext/openssl/ossl_pkcs5.c +180 -0
  36. data/ext/openssl/ossl_pkcs5.h +6 -0
  37. data/ext/openssl/ossl_pkcs7.c +1125 -0
  38. data/ext/openssl/ossl_pkcs7.h +20 -0
  39. data/ext/openssl/ossl_pkey.c +435 -0
  40. data/ext/openssl/ossl_pkey.h +245 -0
  41. data/ext/openssl/ossl_pkey_dh.c +650 -0
  42. data/ext/openssl/ossl_pkey_dsa.c +672 -0
  43. data/ext/openssl/ossl_pkey_ec.c +1899 -0
  44. data/ext/openssl/ossl_pkey_rsa.c +768 -0
  45. data/ext/openssl/ossl_rand.c +238 -0
  46. data/ext/openssl/ossl_rand.h +18 -0
  47. data/ext/openssl/ossl_ssl.c +2679 -0
  48. data/ext/openssl/ossl_ssl.h +41 -0
  49. data/ext/openssl/ossl_ssl_session.c +352 -0
  50. data/ext/openssl/ossl_version.h +15 -0
  51. data/ext/openssl/ossl_x509.c +186 -0
  52. data/ext/openssl/ossl_x509.h +119 -0
  53. data/ext/openssl/ossl_x509attr.c +328 -0
  54. data/ext/openssl/ossl_x509cert.c +860 -0
  55. data/ext/openssl/ossl_x509crl.c +565 -0
  56. data/ext/openssl/ossl_x509ext.c +480 -0
  57. data/ext/openssl/ossl_x509name.c +547 -0
  58. data/ext/openssl/ossl_x509req.c +492 -0
  59. data/ext/openssl/ossl_x509revoked.c +279 -0
  60. data/ext/openssl/ossl_x509store.c +846 -0
  61. data/ext/openssl/ruby_missing.h +32 -0
  62. data/lib/openssl.rb +21 -0
  63. data/lib/openssl/bn.rb +39 -0
  64. data/lib/openssl/buffering.rb +451 -0
  65. data/lib/openssl/cipher.rb +67 -0
  66. data/lib/openssl/config.rb +473 -0
  67. data/lib/openssl/digest.rb +78 -0
  68. data/lib/openssl/pkey.rb +44 -0
  69. data/lib/openssl/ssl.rb +416 -0
  70. data/lib/openssl/x509.rb +176 -0
  71. metadata +178 -0
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: d174a9df67d20906bf3a603a2b482e3af32c697d
4
+ data.tar.gz: a0f9b0afe67208eaf57cbadfdd9bde7bcbcfa0b9
5
+ SHA512:
6
+ metadata.gz: 11f0885002e471acd940354b95c43cab740b00c2768323c3348f860127f8d78fce9e13a7bd9ee0d78968789c6b1c240b0711332701740a7691893139f48406f2
7
+ data.tar.gz: 4355528336295a916266ba7c82ac7c3a4cbdc9d9bb155f3944ead1f3c962eca00f263646bff70f75c30d0ef065ed1022f4ca0c6273ee9f29c9820f083a2fdb9f
data/BSDL ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
2
+
3
+ Redistribution and use in source and binary forms, with or without
4
+ modification, are permitted provided that the following conditions
5
+ are met:
6
+ 1. Redistributions of source code must retain the above copyright
7
+ notice, this list of conditions and the following disclaimer.
8
+ 2. Redistributions in binary form must reproduce the above copyright
9
+ notice, this list of conditions and the following disclaimer in the
10
+ documentation and/or other materials provided with the distribution.
11
+
12
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
13
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
14
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
15
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
16
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
18
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
19
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
20
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
21
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
22
+ SUCH DAMAGE.
@@ -0,0 +1,130 @@
1
+ # Contributing to Ruby OpenSSL
2
+
3
+ Thank you for your interest in contributing to Ruby OpenSSL!
4
+
5
+ This documentation provides an overview how you can contribute.
6
+
7
+ ## Bugs and feature requests
8
+
9
+ Bugs and feature requests are tracked on [GitHub].
10
+
11
+ If you think you found a bug, file a ticket on GitHub. Please DO NOT report
12
+ security issues here, there is a separate procedure which is described on
13
+ ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
14
+
15
+ When reporting a bug, please make sure you include the version of Ruby, the
16
+ version of openssl gem, the version of the OpenSSL library, along with a sample
17
+ file that illustrates the problem or link to repository or gem that is
18
+ associated with the bug.
19
+
20
+ There is a number of unresolved issues and feature requests for openssl that
21
+ need review. Before submitting a new ticket, it is recommended to check
22
+ [known issues] and [bugs.ruby-lang.org], the previous issue tracker.
23
+
24
+ ## Submitting patches
25
+
26
+ Patches are also very welcome!
27
+
28
+ Please submit a [pull request] with your changes.
29
+
30
+ Make sure that your branch does:
31
+
32
+ * Have good commit messages
33
+ * Follow Ruby's coding style ([DeveloperHowTo])
34
+ * Pass the test suite successfully (see "Testing")
35
+ * Add an entry to [History.md] if necessary
36
+
37
+ ## Testing
38
+
39
+ We have a test suite!
40
+
41
+ Test cases are located under the
42
+ [`test/`](https://github.com/ruby/openssl/tree/master/test) directory.
43
+
44
+ You can run it with the following three commands:
45
+
46
+ ```
47
+ $ gem install rake-compiler test-unit
48
+ $ rake compile
49
+ $ rake test
50
+ ```
51
+
52
+ ### Docker
53
+
54
+ You can also use Docker Compose to run tests. It can be used to check that your
55
+ changes work correctly with various supported versions of Ruby and OpenSSL.
56
+
57
+ First, you need to install [Docker](https://www.docker.com/products/docker) and
58
+ [Docker Compose](https://www.docker.com/products/docker-compose) on your
59
+ computer.
60
+
61
+ If you're on MacOS or Windows, we recommended to use the official [Docker
62
+ Toolbox](https://www.docker.com/products/docker-toolbox). On Linux, follow the
63
+ instructions for your package manager. For further information, please check
64
+ the [official documentation](https://docs.docker.com/).
65
+
66
+ Once you have Docker and Docker Compose, running the following commands will
67
+ build the container and execute the openssl tests. In this example, we will use
68
+ Ruby version 2.3 with OpenSSL version 1.0.2.
69
+
70
+ ```
71
+ $ docker-compose build
72
+ $ export RUBY_VERSION=ruby-2.3
73
+ $ export OPENSSL_VERSION=openssl-1.0.2
74
+ $ docker-compose run test
75
+
76
+ # You may want an interactive shell for dubugging
77
+ $ docker-compose run debug
78
+ ```
79
+
80
+ All possible values for `RUBY_VERSION` and `OPENSSL_VERSION` can be found in
81
+ [`.travis.yml`](https://github.com/ruby/openssl/tree/master/.travis.yml).
82
+
83
+ **NOTE**: these commands must be run from the openssl repository root, in order
84
+ to use the
85
+ [`docker-compose.yml`](https://github.com/ruby/openssl/blob/master/docker-compose.yml)
86
+ file we have provided.
87
+
88
+ This Docker image is built using the
89
+ [Dockerfile](https://github.com/ruby/openssl/tree/master/tool/ruby-openssl-docker)
90
+ provided in the repository.
91
+
92
+
93
+ ## Relation with Ruby source tree
94
+
95
+ After Ruby 2.3, `ext/openssl` was converted into a "default gem", a library
96
+ which ships with standard Ruby builds but can be upgraded via RubyGems. This
97
+ means the development of this gem has migrated to a [separate
98
+ repository][GitHub] and will be released independently.
99
+
100
+ The version included in the Ruby source tree (trunk branch) is synchronized with
101
+ the latest release.
102
+
103
+ ## Release policy
104
+
105
+ Bug fixes (including security fixes) will be made only for the version series
106
+ included in a stable Ruby release.
107
+
108
+ ## Security
109
+
110
+ If you discovered a security issue, please send us in private, using the
111
+ security issue handling procedure for Ruby core.
112
+
113
+ You can either use [HackerOne] or send an email to security@ruby-lang.org.
114
+
115
+ Please see [Security] page on ruby-lang.org website for details.
116
+
117
+ Reported problems will be published after a fix is released.
118
+
119
+ _Thanks for your contributions!_
120
+
121
+ _\- The Ruby OpenSSL team_
122
+
123
+ [GitHub]: https://github.com/ruby/openssl
124
+ [known issues]: https://github.com/ruby/openssl/issues
125
+ [bugs.ruby-lang.org]: https://bugs.ruby-lang.org/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%3D&v%5Bassigned_to_id%5D%5B%5D=7150&f%5B%5D=&c%5B%5D=project&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=subject&c%5B%5D=assigned_to&c%5B%5D=updated_on&group_by=&t%5B%5D=
126
+ [DeveloperHowTo]: https://bugs.ruby-lang.org/projects/ruby/wiki/DeveloperHowto
127
+ [HackerOne]: https://hackerone.com/ruby
128
+ [Security]: https://www.ruby-lang.org/en/security/
129
+ [pull request]: https://github.com/ruby/openssl/compare
130
+ [History.md]: https://github.com/ruby/openssl/tree/master/History.md
@@ -0,0 +1,118 @@
1
+ Version 2.0.0
2
+ =============
3
+
4
+ This is the first release of openssl gem, formerly a standard library of Ruby,
5
+ ext/openssl. This is the successor of the version included in Ruby 2.3.
6
+
7
+ Compatibility notes
8
+ -------------------
9
+
10
+ * Support for OpenSSL version 0.9.6 and 0.9.7 is completely removed. openssl gem
11
+ still works with OpenSSL 0.9.8, but users are strongly encouraged to upgrade
12
+ to at least 1.0.1, as OpenSSL < 1.0.1 will not receive any security fixes from
13
+ the OpenSSL development team.
14
+
15
+ Supported platforms
16
+ -------------------
17
+
18
+ * OpenSSL 1.0.0, 1.0.1, 1.0.2, 1.1.0
19
+ * OpenSSL < 0.9.8 is no longer supported.
20
+ * LibreSSL 2.1, 2.2, 2.3, 2.4
21
+ * Ruby 2.3, 2.4
22
+
23
+ Notable changes
24
+ ---------------
25
+
26
+ * Add support for OpenSSL 1.1.0. [Feature #12324]
27
+ * Add support for LibreSSL
28
+
29
+ * OpenSSL::Cipher
30
+
31
+ - OpenSSL::Cipher#key= and #iv= reject too long inputs. They used to truncate
32
+ silently. [Bug #12561]
33
+
34
+ - OpenSSL::Cipher#iv_len= is added. It allows changing IV (nonce) length if
35
+ using AEAD ciphers.
36
+ [Bug #8667] [Bug #10420] [GH ruby/ruby#569] [GH ruby/openssl#58]
37
+
38
+ - OpenSSL::Cipher#auth_tag_len= is added. This sets the authentication tag
39
+ length to be generated by an AEAD cipher.
40
+
41
+ * OpenSSL::OCSP
42
+
43
+ - Accessor methods are added to OpenSSL::OCSP::CertificateId. [Feature #7181]
44
+
45
+ - OpenSSL::OCSP::Request and BasicResponse can be signed with non-SHA-1 hash
46
+ algorithm. [Feature #11552]
47
+
48
+ - OpenSSL::OCSP::CertificateId and BasicResponse can be encoded into DER.
49
+
50
+ - A new class OpenSSL::OCSP::SingleResponse is added for convenience.
51
+
52
+ - OpenSSL::OCSP::BasicResponse#add_status accepts absolute times. They used to
53
+ accept only relative seconds from the current time.
54
+
55
+ * OpenSSL::PKey::EC follows the general PKey interface. [Bug #6567]
56
+
57
+ * OpenSSL::PKey.read raises OpenSSL::PKey::PKeyError instead of ArgumentError
58
+ for consistency with OpenSSL::PKey::{DH,DSA,RSA,EC}#new.
59
+ [Bug #11774] [GH ruby/openssl#55]
60
+
61
+ * OpenSSL::SSL
62
+
63
+ - OpenSSL::SSL::SSLSocket#tmp_key is added. A client can call it after the
64
+ connection is established to retrieve the ephemeral key. [GH ruby/ruby#1318]
65
+
66
+ - The automatic ephemeral ECDH curve selection is enabled by default when
67
+ built with OpenSSL >= 1.0.2 or LibreSSL.
68
+
69
+ - OpenSSL::SSL::SSLContext#security_level= is added. You can set the "security
70
+ level" of the SSL context. This is effective only when built with OpenSSL
71
+ 1.1.0.
72
+
73
+ - A new option 'verify_hostname' is added to OpenSSL::SSL::SSLContext. When it
74
+ is enabled, and the SNI hostname is also set, the hostname verification on
75
+ the server certificate is automatically performed. It is now enabled by
76
+ OpenSSL::SSL::Context#set_params. [GH ruby/openssl#60]
77
+
78
+ Removals
79
+ --------
80
+
81
+ * OpenSSL::Engine
82
+
83
+ - OpenSSL::Engine.cleanup does nothing when built with OpenSSL 1.1.0.
84
+
85
+ * OpenSSL::SSL
86
+
87
+ - OpenSSL::PKey::DH::DEFAULT_512 is removed. Hence servers no longer use
88
+ 512-bit DH group by default. It is considered too weak nowadays.
89
+ [Bug #11968] [GH ruby/ruby#1196]
90
+
91
+ - RC4 cipher suites are removed from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.
92
+ RC4 is now considered to be weak. [GH ruby/openssl#50]
93
+
94
+ Deprecations
95
+ ------------
96
+
97
+ * OpenSSL::PKey
98
+
99
+ - OpenSSL::PKey::RSA#n=, #e=, #d=, #p=, #q=, #dmp1=, #dmq1=, #iqmp=,
100
+ OpenSSL::PKey::DSA#p=, #q=, #g=, #priv_key=, #pub_key=,
101
+ OpenSSL::PKey::DH#p=, #g=, #priv_key= and #pub_key= are deprecated. They are
102
+ disabled when built with OpenSSL 1.1.0, due to its API change. Instead,
103
+ OpenSSL::PKey::RSA#set_key, #set_factors, #set_crt_params,
104
+ OpenSSL::PKey::DSA#set_pqg, #set_key, OpenSSL::PKey::DH#set_pqg and #set_key
105
+ are added.
106
+
107
+ * OpenSSL::Random
108
+
109
+ - OpenSSL::Random.pseudo_bytes is deprecated, and not defined when built with
110
+ OpenSSL 1.1.0. Use OpenSSL::Random.random_bytes instead.
111
+
112
+ * OpenSSL::SSL
113
+
114
+ - OpenSSL::SSL::SSLContext#tmp_ecdh_callback is deprecated, as the underlying
115
+ API SSL_CTX_set_tmp_ecdh_callback() is removed in OpenSSL 1.1.0. It was
116
+ first added in Ruby 2.3.0. To specify the curve to be used in ephemeral
117
+ ECDH, use OpenSSL::SSL::SSLContext#ecdh_curves=. The automatic curve
118
+ selection is also now enabled by default when built with a capable OpenSSL.
@@ -0,0 +1,56 @@
1
+ Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>.
2
+ You can redistribute it and/or modify it under either the terms of the
3
+ 2-clause BSDL (see the file BSDL), or the conditions below:
4
+
5
+ 1. You may make and give away verbatim copies of the source form of the
6
+ software without restriction, provided that you duplicate all of the
7
+ original copyright notices and associated disclaimers.
8
+
9
+ 2. You may modify your copy of the software in any way, provided that
10
+ you do at least ONE of the following:
11
+
12
+ a) place your modifications in the Public Domain or otherwise
13
+ make them Freely Available, such as by posting said
14
+ modifications to Usenet or an equivalent medium, or by allowing
15
+ the author to include your modifications in the software.
16
+
17
+ b) use the modified software only within your corporation or
18
+ organization.
19
+
20
+ c) give non-standard binaries non-standard names, with
21
+ instructions on where to get the original software distribution.
22
+
23
+ d) make other distribution arrangements with the author.
24
+
25
+ 3. You may distribute the software in object code or binary form,
26
+ provided that you do at least ONE of the following:
27
+
28
+ a) distribute the binaries and library files of the software,
29
+ together with instructions (in the manual page or equivalent)
30
+ on where to get the original distribution.
31
+
32
+ b) accompany the distribution with the machine-readable source of
33
+ the software.
34
+
35
+ c) give non-standard binaries non-standard names, with
36
+ instructions on where to get the original software distribution.
37
+
38
+ d) make other distribution arrangements with the author.
39
+
40
+ 4. You may modify and include the part of the software into any other
41
+ software (possibly commercial). But some files in the distribution
42
+ are not written by the author, so that they are not under these terms.
43
+
44
+ For the list of those files and their copying conditions, see the
45
+ file LEGAL.
46
+
47
+ 5. The scripts and library files supplied as input to or produced as
48
+ output from the software do not automatically fall under the
49
+ copyright of the software, but belong to whomever generated them,
50
+ and may be sold commercially, and may be aggregated with this
51
+ software.
52
+
53
+ 6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
54
+ IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
55
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56
+ PURPOSE.
@@ -0,0 +1,70 @@
1
+ # OpenSSL
2
+
3
+ [![Build Status](https://travis-ci.org/ruby/openssl.svg?branch=master)](https://travis-ci.org/ruby/openssl)
4
+
5
+ OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
6
+ OpenSSL library.
7
+
8
+ ## Installation
9
+
10
+ The openssl gem is available at [rubygems.org](https://rubygems.org/gems/openssl).
11
+ You can install with:
12
+
13
+ ```
14
+ gem install openssl
15
+ ```
16
+
17
+ You may need to specify the path where OpenSSL is installed.
18
+
19
+ ```
20
+ gem install openssl -- --with-openssl-dir=/opt/openssl
21
+ ```
22
+
23
+ Alternatively, you can install the gem with `bundler`:
24
+
25
+ ```ruby
26
+ # Gemfile
27
+ gem 'openssl'
28
+ # or specify git master
29
+ gem 'openssl', github: 'ruby/openssl'
30
+ ```
31
+
32
+ After doing `bundle install`, you should have the gem installed in your bundle.
33
+
34
+ ## Usage
35
+
36
+ Once installed, you can require "openssl" in your application.
37
+
38
+ ```ruby
39
+ require "openssl"
40
+ ```
41
+
42
+ **NOTE**: If you are using Ruby 2.3 (and not Bundler), you **must** activate
43
+ the gem version of openssl, otherwise the default gem packaged with the Ruby
44
+ installation will be used:
45
+
46
+ ```ruby
47
+ gem "openssl"
48
+ require "openssl"
49
+ ```
50
+
51
+ See the documentation on OpenSSL for more usage,
52
+ and the official [OpenSSL library](http://www.openssl.org/).
53
+
54
+ ## Getting Started
55
+
56
+ 1. `$ gem install rake-compiler test-unit`
57
+ 2. `$ rake compile`
58
+ 3. `$ rake test`
59
+
60
+ ## Contributing
61
+
62
+ Please read our [CONTRIBUTING.md] for instructions.
63
+
64
+ ## Security
65
+
66
+ Security issues should be reported to ruby-core by following the process
67
+ described on ["Security at ruby-lang.org"](https://www.ruby-lang.org/en/security/).
68
+
69
+
70
+ [CONTRIBUTING.md]: https://github.com/ruby/openssl/tree/master/CONTRIBUTING.md
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: false
2
+ module OpenSSL
3
+ def self.deprecated_warning_flag
4
+ unless flag = (@deprecated_warning_flag ||= nil)
5
+ if try_compile("", flag = "-Werror=deprecated-declarations")
6
+ if with_config("broken-apple-openssl")
7
+ flag = "-Wno-deprecated-declarations"
8
+ end
9
+ $warnflags << " #{flag}"
10
+ else
11
+ flag = ""
12
+ end
13
+ @deprecated_warning_flag = flag
14
+ end
15
+ flag
16
+ end
17
+
18
+ def self.check_func(func, header)
19
+ have_func(func, header, deprecated_warning_flag)
20
+ end
21
+
22
+ def self.check_func_or_macro(func, header)
23
+ check_func(func, header) or
24
+ have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
25
+ end
26
+ end
@@ -0,0 +1,158 @@
1
+ # -*- coding: us-ascii -*-
2
+ # frozen_string_literal: false
3
+ =begin
4
+ = Info
5
+ 'OpenSSL for Ruby 2' project
6
+ Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
7
+ All rights reserved.
8
+
9
+ = Licence
10
+ This program is licensed under the same licence as Ruby.
11
+ (See the file 'LICENCE'.)
12
+ =end
13
+
14
+ require "mkmf"
15
+ require File.expand_path('../deprecation', __FILE__)
16
+
17
+ dir_config("openssl")
18
+ dir_config("kerberos")
19
+
20
+ Logging::message "=== OpenSSL for Ruby configurator ===\n"
21
+
22
+ # Add -Werror=deprecated-declarations to $warnflags if available
23
+ OpenSSL.deprecated_warning_flag
24
+
25
+ ##
26
+ # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
27
+ # To turn it on, use: --with-debug or --enable-debug
28
+ #
29
+ if with_config("debug") or enable_config("debug")
30
+ $defs.push("-DOSSL_DEBUG")
31
+ end
32
+
33
+ Logging::message "=== Checking for system dependent stuff... ===\n"
34
+ have_library("nsl", "t_open")
35
+ have_library("socket", "socket")
36
+ have_header("assert.h")
37
+
38
+ Logging::message "=== Checking for required stuff... ===\n"
39
+ if $mingw
40
+ have_library("wsock32")
41
+ have_library("gdi32")
42
+ end
43
+
44
+ result = pkg_config("openssl") && have_header("openssl/ssl.h")
45
+ unless result
46
+ result = have_header("openssl/ssl.h")
47
+ result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "CRYPTO_malloc")}
48
+ result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_new")}
49
+ unless result
50
+ Logging::message "=== Checking for required stuff failed. ===\n"
51
+ Logging::message "Makefile wasn't created. Fix the errors above.\n"
52
+ exit 1
53
+ end
54
+ end
55
+
56
+ result = checking_for("OpenSSL version is 0.9.8 or later") {
57
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
58
+ }
59
+ unless result
60
+ raise "OpenSSL 0.9.8 or later required."
61
+ end
62
+
63
+ unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
64
+ raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
65
+ end
66
+
67
+ Logging::message "=== Checking for OpenSSL features... ===\n"
68
+ # compile options
69
+
70
+ # check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
71
+ # exist even if compiled with no-ssl2 or no-ssl3-method.
72
+ unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
73
+ have_func("SSLv2_method")
74
+ end
75
+ unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
76
+ have_func("SSLv3_method")
77
+ end
78
+ have_func("TLSv1_1_method")
79
+ have_func("TLSv1_2_method")
80
+ have_func("RAND_egd")
81
+ engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
82
+ cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
83
+ engines.each { |name|
84
+ OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
85
+ }
86
+
87
+ # added in 0.9.8X
88
+ have_func("EVP_CIPHER_CTX_new")
89
+ have_func("EVP_CIPHER_CTX_free")
90
+
91
+ # added in 1.0.0
92
+ have_func("ASN1_TIME_adj")
93
+ have_func("EVP_CIPHER_CTX_copy")
94
+ have_func("EVP_PKEY_base_id")
95
+ have_func("HMAC_CTX_copy")
96
+ have_func("PKCS5_PBKDF2_HMAC")
97
+ have_func("X509_NAME_hash_old")
98
+ have_func("X509_STORE_CTX_get0_current_crl")
99
+ have_func("X509_STORE_set_verify_cb")
100
+ have_func("i2d_ASN1_SET_ANY")
101
+ have_func("SSL_SESSION_cmp") # removed
102
+ OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
103
+ have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
104
+
105
+ # added in 1.0.1
106
+ have_func("SSL_CTX_set_next_proto_select_cb")
107
+ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
108
+
109
+ # added in 1.0.2
110
+ have_func("EC_curve_nist2nid")
111
+ have_func("X509_REVOKED_dup")
112
+ have_func("X509_STORE_CTX_get0_store")
113
+ have_func("SSL_CTX_set_alpn_select_cb")
114
+ OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
115
+ OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
116
+ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
117
+ have_func("SSL_is_server")
118
+
119
+ # added in 1.1.0
120
+ have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
121
+ have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
122
+ have_func("BN_GENCB_new")
123
+ have_func("BN_GENCB_free")
124
+ have_func("BN_GENCB_get_arg")
125
+ have_func("EVP_MD_CTX_new")
126
+ have_func("EVP_MD_CTX_free")
127
+ have_func("HMAC_CTX_new")
128
+ have_func("HMAC_CTX_free")
129
+ OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
130
+ have_func("X509_STORE_get_ex_data")
131
+ have_func("X509_STORE_set_ex_data")
132
+ have_func("X509_CRL_get0_signature")
133
+ have_func("X509_REQ_get0_signature")
134
+ have_func("X509_REVOKED_get0_serialNumber")
135
+ have_func("X509_REVOKED_get0_revocationDate")
136
+ have_func("X509_get0_tbs_sigalg")
137
+ have_func("X509_STORE_CTX_get0_untrusted")
138
+ have_func("X509_STORE_CTX_get0_cert")
139
+ have_func("X509_STORE_CTX_get0_chain")
140
+ have_func("OCSP_SINGLERESP_get0_id")
141
+ have_func("SSL_CTX_get_ciphers")
142
+ have_func("X509_up_ref")
143
+ have_func("X509_CRL_up_ref")
144
+ have_func("X509_STORE_up_ref")
145
+ have_func("SSL_SESSION_up_ref")
146
+ have_func("EVP_PKEY_up_ref")
147
+ OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
148
+ OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
149
+ have_func("SSL_CTX_get_security_level")
150
+ have_func("X509_get0_notBefore")
151
+
152
+ Logging::message "=== Checking done. ===\n"
153
+
154
+ create_header
155
+ create_makefile("openssl") {|conf|
156
+ conf << "THREAD_MODEL = #{CONFIG["THREAD_MODEL"]}\n"
157
+ }
158
+ Logging::message "Done.\n"