github
/
ruby
зеркало из https://github.com/github/ruby.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

openssl: drop OpenSSL 0.9.6/0.9.7 support 

* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
rhe 2016-05-25 08:50:03 +00:00
Родитель 0766b8af2a
Коммит cf2792d591
32 изменённых файлов: 183 добавлений и 884 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
ChangeLog
Просмотреть файл

@ -1,3 +1,7 @@
Wed May 25 17:45:15 2016 Kazuki Yamaguchi <k@rhe.jp>
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
Wed May 25 17:43:30 2016 Kazuki Yamaguchi <k@rhe.jp>
* ext/openssl/openssl_missing.h, ext/openssl/ossl.h: Remove

8
ext/openssl/deprecation.rb
Просмотреть файл

@ -16,7 +16,11 @@ module OpenSSL
end
def self.check_func(func, header)
have_func(func, header, deprecated_warning_flag) and
have_header(header, nil, deprecated_warning_flag)
have_func(func, header, deprecated_warning_flag)
end
def self.check_func_or_macro(func, header)
check_func(func, header) or
have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
end
end

134
ext/openssl/extconf.rb
Просмотреть файл

@ -19,12 +19,15 @@ dir_config("kerberos")
Logging::message "=== OpenSSL for Ruby configurator ===\n"
# Add -Werror=deprecated-declarations to $warnflags if available
OpenSSL.deprecated_warning_flag
##
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
# To turn it on, use: --with-debug or --enable-debug
#
if with_config("debug") or enable_config("debug")
$defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
$defs.push("-DOSSL_DEBUG")
end
Logging::message "=== Checking for system dependent stuff... ===\n"
@ -39,7 +42,6 @@ if $mingw
end
result = pkg_config("openssl") && have_header("openssl/ssl.h")
unless result
result = have_header("openssl/ssl.h")
result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
@ -51,111 +53,59 @@ unless result
end
end
unless have_header("openssl/conf_api.h")
raise "OpenSSL 0.9.6 or later required."
result = checking_for("OpenSSL version is 0.9.8 or later") {
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
}
unless result
raise "OpenSSL 0.9.8 or later required."
end
unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
end
Logging::message "=== Checking for OpenSSL features... ===\n"
have_func("ERR_peek_last_error")
have_func("ASN1_put_eoc")
have_func("BN_mod_add")
have_func("BN_mod_sqr")
have_func("BN_mod_sub")
have_func("BN_pseudo_rand_range")
have_func("BN_rand_range")
have_func("CONF_get1_default_config_file")
have_func("EVP_CIPHER_CTX_copy")
have_func("EVP_CIPHER_CTX_set_padding")
have_func("EVP_CipherFinal_ex")
have_func("EVP_CipherInit_ex")
have_func("EVP_DigestFinal_ex")
have_func("EVP_DigestInit_ex")
have_func("EVP_MD_CTX_cleanup")
have_func("EVP_MD_CTX_create")
have_func("EVP_MD_CTX_destroy")
have_func("EVP_MD_CTX_init")
have_func("HMAC_CTX_cleanup")
have_func("HMAC_CTX_copy")
have_func("HMAC_CTX_init")
have_func("PEM_def_callback")
have_func("PKCS5_PBKDF2_HMAC")
have_func("PKCS5_PBKDF2_HMAC_SHA1")
have_func("RAND_egd")
have_func("X509V3_set_nconf")
have_func("X509V3_EXT_nconf_nid")
have_func("X509_CRL_add0_revoked")
have_func("X509_CRL_set_issuer_name")
have_func("X509_CRL_set_version")
have_func("X509_CRL_sort")
have_func("X509_NAME_hash_old")
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
have_func("OBJ_NAME_do_all_sorted")
have_func("SSL_SESSION_get_id")
have_func("SSL_SESSION_cmp")
have_func("OPENSSL_cleanse")
unless have_macro("OPENSSL_NO_SSL2","openssl/opensslconf.h")
# compile options
# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
# exist even if compiled with no-ssl2 or no-ssl3-method.
unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
have_func("SSLv2_method")
have_func("SSLv2_server_method")
have_func("SSLv2_client_method")
end
unless have_macro("OPENSSL_NO_SSL3_METHOD","openssl/opensslconf.h")
unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
have_func("SSLv3_method")
have_func("SSLv3_server_method")
have_func("SSLv3_client_method")
end
have_func("TLSv1_1_method")
have_func("TLSv1_1_server_method")
have_func("TLSv1_1_client_method")
have_func("TLSv1_2_method")
have_func("TLSv1_2_server_method")
have_func("TLSv1_2_client_method")
have_func("SSL_CTX_set_alpn_select_cb")
have_func("SSL_CTX_set_next_proto_select_cb")
have_macro("SSL_get_server_tmp_key", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_GET_SERVER_TMP_KEY")
unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
end
if have_header("openssl/engine.h")
have_func("ENGINE_add")
have_func("ENGINE_load_builtin_engines")
have_func("ENGINE_load_openbsd_dev_crypto")
have_func("ENGINE_get_digest")
have_func("ENGINE_get_cipher")
have_func("ENGINE_cleanup")
have_func("ENGINE_load_dynamic")
have_func("ENGINE_load_4758cca")
have_func("ENGINE_load_aep")
have_func("ENGINE_load_atalla")
have_func("ENGINE_load_chil")
have_func("ENGINE_load_cswift")
have_func("ENGINE_load_nuron")
have_func("ENGINE_load_sureware")
have_func("ENGINE_load_ubsec")
have_func("ENGINE_load_padlock")
have_func("ENGINE_load_capi")
have_func("ENGINE_load_gmp")
have_func("ENGINE_load_gost")
have_func("ENGINE_load_cryptodev")
have_func("ENGINE_load_aesni")
end
have_func("DH_generate_parameters_ex")
have_func("DSA_generate_parameters_ex")
have_func("RSA_generate_key_ex")
if checking_for('OpenSSL version is 0.9.7 or later') {
try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h')
}
have_header("openssl/ocsp.h")
end
have_func("RAND_egd")
engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
engines.each { |name|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
}
# added in 1.0.0
have_func("EVP_CIPHER_CTX_copy")
have_func("HMAC_CTX_copy")
have_func("PKCS5_PBKDF2_HMAC")
have_func("X509_NAME_hash_old")
have_func("SSL_SESSION_cmp") # removed
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
# added in 1.0.1
have_func("SSL_CTX_set_next_proto_select_cb")
have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
# added in 1.0.2
have_func("X509_REVOKED_dup")
have_func("SSL_CTX_set_alpn_select_cb")
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
# added in 1.1.0
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
Logging::message "=== Checking done. ===\n"
create_header

9
ext/openssl/lib/openssl/ssl.rb
Просмотреть файл

@ -56,19 +56,16 @@ module OpenSSL
}.join(":"),
:options => -> {
opts = OpenSSL::SSL::OP_ALL
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
opts |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
opts
}.call
}
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
DEFAULT_CERT_STORE.set_default_paths
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",

340
ext/openssl/openssl_missing.c
Просмотреть файл

@ -9,17 +9,42 @@
*/
#include RUBY_EXTCONF_H
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
#include <string.h> /* memcpy() */
#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif
#if !defined(OPENSSL_NO_HMAC)
# include <openssl/hmac.h>
#endif
#include <openssl/x509_vfy.h>
#if !defined(OPENSSL_NO_HMAC)
#include <string.h> /* memcpy() */
#include <openssl/hmac.h>
#include "openssl_missing.h"
/* added in 1.0.0 */
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
/*
* this function does not exist in OpenSSL yet... or ever?.
* a future version may break this function.
* tested on 0.9.7d.
*/
int
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
#if !defined(OPENSSL_NO_ENGINE)
if (in->engine) ENGINE_add(out->engine);
if (in->cipher_data) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
}
#endif
return 1;
}
#endif
#if !defined(OPENSSL_NO_HMAC)
#if !defined(HAVE_HMAC_CTX_COPY)
void
HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
@ -33,308 +58,3 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
}
#endif /* HAVE_HMAC_CTX_COPY */
#endif /* NO_HMAC */
#if !defined(HAVE_EVP_MD_CTX_CREATE)
EVP_MD_CTX *
EVP_MD_CTX_create(void)
{
EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
if (!ctx) return NULL;
memset(ctx, 0, sizeof(EVP_MD_CTX));
return ctx;
}
#endif
#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
int
EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
{
/* FIXME!!! */
memset(ctx, 0, sizeof(EVP_MD_CTX));
return 1;
}
#endif
#if !defined(HAVE_EVP_MD_CTX_DESTROY)
void
EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
{
EVP_MD_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
#endif
#if !defined(HAVE_EVP_MD_CTX_INIT)
void
EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
memset(ctx, 0, sizeof(EVP_MD_CTX));
}
#endif
#if !defined(HAVE_HMAC_CTX_INIT)
void
HMAC_CTX_init(HMAC_CTX *ctx)
{
EVP_MD_CTX_init(&ctx->i_ctx);
EVP_MD_CTX_init(&ctx->o_ctx);
EVP_MD_CTX_init(&ctx->md_ctx);
}
#endif
#if !defined(HAVE_HMAC_CTX_CLEANUP)
void
HMAC_CTX_cleanup(HMAC_CTX *ctx)
{
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx);
memset(ctx, 0, sizeof(HMAC_CTX));
}
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
/*
* this function does not exist in OpenSSL yet... or ever?.
* a future version may break this function.
* tested on 0.9.7d.
*/
int
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
if (in->engine) ENGINE_add(out->engine);
if (in->cipher_data) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
}
#endif
return 1;
}
#endif
#if !defined(HAVE_X509_CRL_SET_VERSION)
int
X509_CRL_set_version(X509_CRL *x, long version)
{
if (x == NULL || x->crl == NULL) return 0;
if (x->crl->version == NULL) {
x->crl->version = M_ASN1_INTEGER_new();
if (x->crl->version == NULL) return 0;
}
return ASN1_INTEGER_set(x->crl->version, version);
}
#endif
#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
int
X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
{
if (x == NULL || x->crl == NULL) return 0;
return X509_NAME_set(&x->crl->issuer, name);
}
#endif
#if !defined(HAVE_X509_CRL_SORT)
int
X509_CRL_sort(X509_CRL *c)
{
int i;
X509_REVOKED *r;
/* sort the data so it will be written in serial
* number order */
sk_X509_REVOKED_sort(c->crl->revoked);
for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) {
r=sk_X509_REVOKED_value(c->crl->revoked, i);
r->sequence=i;
}
return 1;
}
#endif
#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
static int
OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
{
return(ASN1_STRING_cmp(
(ASN1_STRING *)(*a)->serialNumber,
(ASN1_STRING *)(*b)->serialNumber));
}
int
X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
{
X509_CRL_INFO *inf;
inf = crl->crl;
if (!inf->revoked)
inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev))
return 0;
return 1;
}
#endif
#if !defined(HAVE_BN_MOD_SQR)
int
BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
{
if (!BN_sqr(r, (BIGNUM*)a, ctx)) return 0;
return BN_mod(r, r, m, ctx);
}
#endif
#if !defined(HAVE_BN_MOD_ADD) || !defined(HAVE_BN_MOD_SUB)
int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
{
if (!BN_mod(r,m,d,ctx)) return 0;
if (!r->neg) return 1;
return (d->neg ? BN_sub : BN_add)(r, r, d);
}
#endif
#if !defined(HAVE_BN_MOD_ADD)
int
BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
{
if (!BN_add(r, a, b)) return 0;
return BN_nnmod(r, r, m, ctx);
}
#endif
#if !defined(HAVE_BN_MOD_SUB)
int
BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
{
if (!BN_sub(r, a, b)) return 0;
return BN_nnmod(r, r, m, ctx);
}
#endif
#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE)
static int
bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
{
int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
int n;
if (range->neg || BN_is_zero(range)) return 0;
n = BN_num_bits(range);
if (n == 1) {
if (!BN_zero(r)) return 0;
} else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
do {
if (!bn_rand(r, n + 1, -1, 0)) return 0;
if (BN_cmp(r ,range) >= 0) {
if (!BN_sub(r, r, range)) return 0;
if (BN_cmp(r, range) >= 0)
if (!BN_sub(r, r, range)) return 0;
}
} while (BN_cmp(r, range) >= 0);
} else {
do {
if (!bn_rand(r, n, -1, 0)) return 0;
} while (BN_cmp(r, range) >= 0);
}
return 1;
}
#endif
#if !defined(HAVE_BN_RAND_RANGE)
int
BN_rand_range(BIGNUM *r, BIGNUM *range)
{
return bn_rand_range(0, r, range);
}
#endif
#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
int
BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
{
return bn_rand_range(1, r, range);
}
#endif
#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
#define OPENSSL_CONF "openssl.cnf"
char *
CONF_get1_default_config_file(void)
{
char *file;
int len;
file = getenv("OPENSSL_CONF");
if (file) return BUF_strdup(file);
len = strlen(X509_get_default_cert_area());
#ifndef OPENSSL_SYS_VMS
len++;
#endif
len += strlen(OPENSSL_CONF);
file = OPENSSL_malloc(len + 1);
if (!file) return NULL;
strcpy(file,X509_get_default_cert_area());
#ifndef OPENSSL_SYS_VMS
strcat(file,"/");
#endif
strcat(file,OPENSSL_CONF);
return file;
}
#endif
#if !defined(HAVE_PEM_DEF_CALLBACK)
#define OSSL_PASS_MIN_LENGTH 4
int
PEM_def_callback(char *buf, int num, int w, void *key)
{
int i,j;
const char *prompt;
if (key) {
i = strlen(key);
i = (i > num) ? num : i;
memcpy(buf, key, i);
return i;
}
prompt = EVP_get_pw_prompt();
if (prompt == NULL) prompt = "Enter PEM pass phrase:";
for (;;) {
i = EVP_read_pw_string(buf, num, prompt, w);
if (i != 0) {
memset(buf, 0, (unsigned int)num);
return(-1);
}
j = strlen(buf);
if (j < OSSL_PASS_MIN_LENGTH) {
fprintf(stderr,
"phrase is too short, needs to be at least %d chars\n",
OSSL_PASS_MIN_LENGTH);
}
else break;
}
return j;
}
#endif
#if !defined(HAVE_ASN1_PUT_EOC)
int
ASN1_put_eoc(unsigned char **pp)
{
unsigned char *p = *pp;
*p++ = 0;
*p++ = 0;
*pp = p;
return 2;
}
#endif

166
ext/openssl/openssl_missing.h
Просмотреть файл

@ -10,124 +10,22 @@
#if !defined(_OSSL_OPENSSL_MISSING_H_)
#define _OSSL_OPENSSL_MISSING_H_
#ifndef TYPEDEF_D2I_OF
typedef char *d2i_of_void();
#endif
#ifndef TYPEDEF_I2D_OF
typedef int i2d_of_void();
#endif
/*
* These functions are not included in headers of OPENSSL <= 0.9.6b
*/
#if !defined(PEM_read_bio_DSAPublicKey)
# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
(d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u))
#endif
#if !defined(PEM_write_bio_DSAPublicKey)
# define PEM_write_bio_DSAPublicKey(bp,x) \
PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\
PEM_STRING_DSA_PUBLIC,\
(bp),(char *)(x), NULL, NULL, 0, NULL, NULL)
#endif
#if !defined(DSAPrivateKey_dup)
# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \
(d2i_of_void *)d2i_DSAPrivateKey,(char *)(dsa))
#endif
#if !defined(DSAPublicKey_dup)
# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
(d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa))
#endif
#if !defined(X509_REVOKED_dup)
# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
#endif
#if !defined(PKCS7_SIGNER_INFO_dup)
# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \
(d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)(si))
#endif
#if !defined(PKCS7_RECIP_INFO_dup)
# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \
(d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri))
#endif
#if !defined(HAVE_HMAC_CTX_INIT)
void HMAC_CTX_init(HMAC_CTX *ctx);
/* added in 1.0.0 */
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
#endif
#if !defined(HAVE_HMAC_CTX_COPY)
void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
#endif
#if !defined(HAVE_HMAC_CTX_CLEANUP)
void HMAC_CTX_cleanup(HMAC_CTX *ctx);
#endif
#if !defined(HAVE_EVP_MD_CTX_CREATE)
EVP_MD_CTX *EVP_MD_CTX_create(void);
#endif
#if !defined(HAVE_EVP_MD_CTX_INIT)
void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
#endif
#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
#endif
#if !defined(HAVE_EVP_MD_CTX_DESTROY)
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
#endif
#if !defined(HAVE_EVP_DIGESTINIT_EX)
# define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit((ctx), (md))
#endif
#if !defined(HAVE_EVP_DIGESTFINAL_EX)
# define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal((ctx), (buf), (len))
#endif
#if !defined(HAVE_EVP_CIPHERINIT_EX)
# define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit((ctx), (type), (key), (iv), (enc))
#endif
#if !defined(HAVE_EVP_CIPHERFINAL_EX)
# define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl))
#endif
#if !defined(EVP_CIPHER_name)
# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
#endif
#if !defined(EVP_MD_name)
# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
#endif
#if !defined(HAVE_EVP_HMAC_INIT_EX)
# define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init((ctx), (key), (len), (digest))
#endif
#if !defined(PKCS7_is_detached)
# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
#endif
#if !defined(PKCS7_type_is_encrypted)
# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
#endif
#if !defined(HAVE_OPENSSL_CLEANSE)
#define OPENSSL_cleanse(p, l) memset((p), 0, (l))
/* added in 1.0.2 */
#if !defined(HAVE_X509_REVOKED_DUP)
# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
#endif
/* added in 1.1.0 */
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
# define X509_STORE_get_ex_data(x, idx) \
CRYPTO_get_ex_data(&(x)->ex_data, (idx))
@ -141,52 +39,4 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
(newf), (dupf), (freef))
#endif
#if !defined(HAVE_X509_CRL_SET_VERSION)
int X509_CRL_set_version(X509_CRL *x, long version);
#endif
#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
#endif
#if !defined(HAVE_X509_CRL_SORT)
int X509_CRL_sort(X509_CRL *c);
#endif
#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
#endif
#if !defined(HAVE_BN_MOD_SQR)
int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
#endif
#if !defined(HAVE_BN_MOD_ADD)
int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
#endif
#if !defined(HAVE_BN_MOD_SUB)
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
#endif
#if !defined(HAVE_BN_RAND_RANGE)
int BN_rand_range(BIGNUM *r, BIGNUM *range);
#endif
#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
#endif
#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
char *CONF_get1_default_config_file(void);
#endif
#if !defined(HAVE_PEM_DEF_CALLBACK)
int PEM_def_callback(char *buf, int num, int w, void *key);
#endif
#if !defined(HAVE_ASN1_PUT_EOC)
int ASN1_put_eoc(unsigned char **pp);
#endif
#endif /* _OSSL_OPENSSL_MISSING_H_ */

4
ext/openssl/ossl.c
Просмотреть файл

@ -339,11 +339,7 @@ ossl_make_error(VALUE exc, const char *fmt, va_list args)
const char *msg;
long e;
#ifdef HAVE_ERR_PEEK_LAST_ERROR
e = ERR_peek_last_error();
#else
e = ERR_peek_error();
#endif
if (fmt) {
str = rb_vsprintf(fmt, args);
}

21
ext/openssl/ossl.h
Просмотреть файл

@ -27,11 +27,6 @@
#include <ruby/io.h>
#include <ruby/thread.h>
/*
* Check the OpenSSL version
* The only supported are:
* OpenSSL >= 0.9.7
*/
#include <openssl/opensslv.h>
#ifdef HAVE_ASSERT_H
@ -42,7 +37,6 @@
#if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER)
# include <openssl/e_os2.h>
# define OSSL_NO_CONF_API 1
# if !defined(OPENSSL_SYS_WIN32)
# define OPENSSL_SYS_WIN32 1
# endif
@ -62,14 +56,10 @@
#if !defined(_WIN32)
# include <openssl/crypto.h>
#endif
#undef X509_NAME
#undef PKCS7_SIGNER_INFO
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
# define OSSL_ENGINE_ENABLED
#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif
#if defined(HAVE_OPENSSL_OCSP_H)
# define OSSL_OCSP_ENABLED
#if !defined(OPENSSL_NO_OCSP)
# include <openssl/ocsp.h>
#endif
@ -106,13 +96,6 @@ extern VALUE eOSSLError;
}\
} while (0)
/*
* Compatibility
*/
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#define STACK _STACK
#endif
/*
* String to HEXString conversion
*/

71
ext/openssl/ossl_asn1.c
Просмотреть файл

@ -211,19 +211,6 @@ static ID sIMPLICIT, sEXPLICIT;
static ID sUNIVERSAL, sAPPLICATION, sCONTEXT_SPECIFIC, sPRIVATE;
static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINFINITE_LENGTH, sivUNUSED_BITS;
/*
* We need to implement these for backward compatibility
* reasons, behavior of ASN1_put_object and ASN1_object_size
* for infinite length values is different in OpenSSL <= 0.9.7
*/
#if OPENSSL_VERSION_NUMBER < 0x00908000L
#define ossl_asn1_object_size(cons, len, tag) (cons) == 2 ? (len) + ASN1_object_size((cons), 0, (tag)) : ASN1_object_size((cons), (len), (tag))
#define ossl_asn1_put_object(pp, cons, len, tag, xc) (cons) == 2 ? ASN1_put_object((pp), (cons), 0, (tag), (xc)) : ASN1_put_object((pp), (cons), (len), (tag), (xc))
#else
#define ossl_asn1_object_size(cons, len, tag) ASN1_object_size((cons), (len), (tag))
#define ossl_asn1_put_object(pp, cons, len, tag, xc) ASN1_put_object((pp), (cons), (len), (tag), (xc))
#endif
/*
* Ruby to ASN1 converters
*/
@ -233,11 +220,7 @@ obj_to_asn1bool(VALUE obj)
if (NIL_P(obj))
ossl_raise(rb_eTypeError, "Can't convert nil into Boolean");
#if OPENSSL_VERSION_NUMBER < 0x00907000L
return RTEST(obj) ? 0xff : 0x100;
#else
return RTEST(obj) ? 0xff : 0x0;
#endif
}
static ASN1_INTEGER*
@ -778,11 +761,11 @@ ossl_asn1data_to_der(VALUE self)
if (inf_length == Qtrue) {
is_cons = 2;
}
if((length = ossl_asn1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
ossl_raise(eASN1Error, NULL);
der = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(der);
ossl_asn1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
ASN1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));
p += RSTRING_LEN(value);
ossl_str_adjust(der, p);
@ -1184,30 +1167,6 @@ ossl_asn1eoc_initialize(VALUE self) {
return self;
}
static int
ossl_i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
{
#if OPENSSL_VERSION_NUMBER < 0x00907000L
if(!a) return 0;
if(a->type == V_ASN1_BOOLEAN)
return i2d_ASN1_BOOLEAN(a->value.boolean, pp);
#endif
return i2d_ASN1_TYPE(a, pp);
}
static void
ossl_ASN1_TYPE_free(ASN1_TYPE *a)
{
#if OPENSSL_VERSION_NUMBER < 0x00907000L
if(!a) return;
if(a->type == V_ASN1_BOOLEAN){
OPENSSL_free(a);
return;
}
#endif
ASN1_TYPE_free(a);
}
/*
* call-seq:
* asn1.to_der => DER-encoded String
@ -1228,22 +1187,22 @@ ossl_asn1prim_to_der(VALUE self)
explicit = ossl_asn1_is_explicit(self);
asn1 = ossl_asn1_get_asn1type(self);
len = ossl_asn1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn);
len = ASN1_object_size(1, i2d_ASN1_TYPE(asn1, NULL), tn);
if(!(buf = OPENSSL_malloc(len))){
ossl_ASN1_TYPE_free(asn1);
ASN1_TYPE_free(asn1);
ossl_raise(eASN1Error, "cannot alloc buffer");
}
p = buf;
if (tc == V_ASN1_UNIVERSAL) {
ossl_i2d_ASN1_TYPE(asn1, &p);
i2d_ASN1_TYPE(asn1, &p);
} else if (explicit) {
ossl_asn1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc);
ossl_i2d_ASN1_TYPE(asn1, &p);
ASN1_put_object(&p, 1, i2d_ASN1_TYPE(asn1, NULL), tn, tc);
i2d_ASN1_TYPE(asn1, &p);
} else {
ossl_i2d_ASN1_TYPE(asn1, &p);
i2d_ASN1_TYPE(asn1, &p);
*buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED);
}
ossl_ASN1_TYPE_free(asn1);
ASN1_TYPE_free(asn1);
reallen = p - buf;
assert(reallen <= len);
str = ossl_buf2str((char *)buf, rb_long2int(reallen)); /* buf will be free in ossl_buf2str */
@ -1309,19 +1268,19 @@ ossl_asn1cons_to_der(VALUE self)
explicit = ossl_asn1_is_explicit(self);
value = join_der(ossl_asn1_get_value(self));
seq_len = ossl_asn1_object_size(constructed, RSTRING_LENINT(value), tag);
length = ossl_asn1_object_size(constructed, seq_len, tn);
seq_len = ASN1_object_size(constructed, RSTRING_LENINT(value), tag);
length = ASN1_object_size(constructed, seq_len, tn);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);
if(tc == V_ASN1_UNIVERSAL)
ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
else{
if(explicit){
ossl_asn1_put_object(&p, constructed, seq_len, tn, tc);
ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
ASN1_put_object(&p, constructed, seq_len, tn, tc);
ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
}
else{
ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
}
}
memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));

10
ext/openssl/ossl_cipher.c
Просмотреть файл

@ -158,16 +158,13 @@ ossl_cipher_copy(VALUE self, VALUE other)
return self;
}
#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
static void*
add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
{
rb_ary_push(ary, rb_str_new2(name->name));
return NULL;
}
#endif
#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
/*
* call-seq:
* OpenSSL::Cipher.ciphers -> array[string...]
@ -186,9 +183,6 @@ ossl_s_ciphers(VALUE self)
return ary;
}
#else
#define ossl_s_ciphers rb_f_notimplement
#endif
/*
* call-seq:
@ -723,7 +717,6 @@ ossl_cipher_set_key_length(VALUE self, VALUE key_length)
return key_length;
}
#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
/*
* call-seq:
* cipher.padding = integer -> integer
@ -745,9 +738,6 @@ ossl_cipher_set_padding(VALUE self, VALUE padding)
ossl_raise(eCipherError, NULL);
return padding;
}
#else
#define ossl_cipher_set_padding rb_f_notimplement
#endif
#define CIPHER_0ARG_INT(func) \
static VALUE \

24
ext/openssl/ossl_engine.c
Просмотреть файл

@ -9,7 +9,7 @@
*/
#include "ossl.h"
#if defined(OSSL_ENGINE_ENABLED)
#if !defined(OPENSSL_NO_ENGINE)
#define NewEngine(klass) \
TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
@ -165,9 +165,7 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
static VALUE
ossl_engine_s_cleanup(VALUE self)
{
#if defined(HAVE_ENGINE_CLEANUP)
ENGINE_cleanup();
#endif
return Qnil;
}
@ -296,7 +294,6 @@ ossl_engine_finish(VALUE self)
return Qnil;
}
#if defined(HAVE_ENGINE_GET_CIPHER)
/* Document-method: OpenSSL::Engine#cipher
*
* call-seq:
@ -329,11 +326,7 @@ ossl_engine_get_cipher(VALUE self, VALUE name)
return ossl_cipher_new(ciph);
}
#else
#define ossl_engine_get_cipher rb_f_notimplement
#endif
#if defined(HAVE_ENGINE_GET_DIGEST)
/* Document-method: OpenSSL::Engine#digest
*
* call-seq:
@ -366,9 +359,6 @@ ossl_engine_get_digest(VALUE self, VALUE name)
return ossl_digest_new(md);
}
#else
#define ossl_engine_get_digest rb_f_notimplement
#endif
/* Document-method: OpenSSL::Engine#load_private_key
*
@ -392,11 +382,7 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self)
sid = NIL_P(id) ? NULL : StringValueCStr(id);
sdata = NIL_P(data) ? NULL : StringValueCStr(data);
GetEngine(self, e);
#if OPENSSL_VERSION_NUMBER < 0x00907000L
pkey = ENGINE_load_private_key(e, sid, sdata);
#else
pkey = ENGINE_load_private_key(e, sid, NULL, sdata);
#endif
if (!pkey) ossl_raise(eEngineError, NULL);
obj = ossl_pkey_new(pkey);
OSSL_PKEY_SET_PRIVATE(obj);
@ -426,11 +412,7 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
sid = NIL_P(id) ? NULL : StringValueCStr(id);
sdata = NIL_P(data) ? NULL : StringValueCStr(data);
GetEngine(self, e);
#if OPENSSL_VERSION_NUMBER < 0x00907000L
pkey = ENGINE_load_public_key(e, sid, sdata);
#else
pkey = ENGINE_load_public_key(e, sid, NULL, sdata);
#endif
if (!pkey) ossl_raise(eEngineError, NULL);
return ossl_pkey_new(pkey);
@ -579,12 +561,8 @@ Init_ossl_engine(void)
#ifdef ENGINE_METHOD_BN_MOD_EXP_CRT
DefEngineConst(METHOD_BN_MOD_EXP_CRT);
#endif
#ifdef ENGINE_METHOD_CIPHERS
DefEngineConst(METHOD_CIPHERS);
#endif
#ifdef ENGINE_METHOD_DIGESTS
DefEngineConst(METHOD_DIGESTS);
#endif
DefEngineConst(METHOD_ALL);
DefEngineConst(METHOD_NONE);
}

4
ext/openssl/ossl_ocsp.c
Просмотреть файл

@ -10,7 +10,7 @@
*/
#include "ossl.h"
#if defined(OSSL_OCSP_ENABLED)
#if !defined(OPENSSL_NO_OCSP)
#define NewOCSPReq(klass) \
TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0)
@ -1250,7 +1250,7 @@ Init_ossl_ocsp(void)
rb_define_const(mOCSP, "V_RESPID_KEY", INT2NUM(V_OCSP_RESPID_KEY));
}
#else /* ! OSSL_OCSP_ENABLED */
#else
void
Init_ossl_ocsp(void)
{

2
ext/openssl/ossl_ocsp.h
Просмотреть файл

@ -11,7 +11,7 @@
#if !defined(_OSSL_OCSP_H_)
#define _OSSL_OCSP_H_
#if defined(OSSL_OCSP_ENABLED)
#if !defined(OPENSSL_NO_OCSP)
extern VALUE mOCSP;
extern VALUE cOPCSReq;
extern VALUE cOPCSRes;

4
ext/openssl/ossl_pkcs5.c
Просмотреть файл

@ -48,7 +48,6 @@ ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE key
#endif
#ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1
/*
* call-seq:
* PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen) => string
@ -81,9 +80,6 @@ ossl_pkcs5_pbkdf2_hmac_sha1(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALU
return str;
}
#else
#define ossl_pkcs5_pbkdf2_hmac_sha1 rb_f_notimplement
#endif
void
Init_ossl_pkcs5(void)

24
ext/openssl/ossl_pkcs7.c
Просмотреть файл

@ -127,6 +127,22 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = {
* Public
* (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM)
*/
static PKCS7_SIGNER_INFO *
ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si)
{
return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
(d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
(char *)si);
}
static PKCS7_RECIP_INFO *
ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si)
{
return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
(d2i_of_void *)d2i_PKCS7_RECIP_INFO,
(char *)si);
}
static VALUE
ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
{
@ -134,7 +150,7 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
VALUE obj;
obj = NewPKCS7si(cPKCS7Signer);
pkcs7 = p7si ? PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
pkcs7 = p7si ? ossl_PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
SetPKCS7si(obj, pkcs7);
@ -147,7 +163,7 @@ DupPKCS7SignerPtr(VALUE obj)
PKCS7_SIGNER_INFO *p7si, *pkcs7;
SafeGetPKCS7si(obj, p7si);
if (!(pkcs7 = PKCS7_SIGNER_INFO_dup(p7si))) {
if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
ossl_raise(ePKCS7Error, NULL);
}
@ -161,7 +177,7 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
VALUE obj;
obj = NewPKCS7ri(cPKCS7Recipient);
pkcs7 = p7ri ? PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
pkcs7 = p7ri ? ossl_PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
SetPKCS7ri(obj, pkcs7);
@ -174,7 +190,7 @@ DupPKCS7RecipientPtr(VALUE obj)
PKCS7_RECIP_INFO *p7ri, *pkcs7;
SafeGetPKCS7ri(obj, p7ri);
if (!(pkcs7 = PKCS7_RECIP_INFO_dup(p7ri))) {
if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
ossl_raise(ePKCS7Error, NULL);
}

15
ext/openssl/ossl_pkey.c
Просмотреть файл

@ -20,20 +20,6 @@ ID id_private_q;
/*
* callback for generating keys
*/
void
ossl_generate_cb(int p, int n, void *arg)
{
VALUE ary;
ary = rb_ary_new2(2);
rb_ary_store(ary, 0, INT2NUM(p));
rb_ary_store(ary, 1, INT2NUM(n));
rb_yield(ary);
}
#if HAVE_BN_GENCB
/* OpenSSL 2nd version of GN generation callback */
int
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
{
@ -66,7 +52,6 @@ ossl_generate_cb_stop(void *ptr)
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
arg->stop = 1;
}
#endif
static void
ossl_evp_pkey_free(void *ptr)

4
ext/openssl/ossl_pkey.h
Просмотреть файл

@ -40,9 +40,6 @@ extern const rb_data_type_t ossl_evp_pkey_type;
GetPKey((obj), (pkey)); \
} while (0)
void ossl_generate_cb(int, int, void *);
#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX)
#if HAVE_BN_GENCB
struct ossl_generate_cb_arg {
int yield;
int stop;
@ -50,7 +47,6 @@ struct ossl_generate_cb_arg {
};
int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
void ossl_generate_cb_stop(void *ptr);
#endif
VALUE ossl_pkey_new(EVP_PKEY *);
VALUE ossl_pkey_new_from_file(VALUE);

11
ext/openssl/ossl_pkey_dh.c
Просмотреть файл

@ -20,7 +20,7 @@
#define DH_HAS_PRIVATE(dh) ((dh)->priv_key)
#ifdef OSSL_ENGINE_ENABLED
#if !defined(OPENSSL_NO_ENGINE)
# define DH_PRIVATE(dh) (DH_HAS_PRIVATE(dh) || (dh)->engine)
#else
# define DH_PRIVATE(dh) DH_HAS_PRIVATE(dh)
@ -82,7 +82,6 @@ ossl_dh_new(EVP_PKEY *pkey)
/*
* Private
*/
#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct dh_blocking_gen_arg {
DH *dh;
int size;
@ -98,12 +97,10 @@ dh_blocking_gen(void *arg)
gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb);
return 0;
}
#endif
static DH *
dh_generate(int size, int gen)
{
#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
BN_GENCB cb;
struct ossl_generate_cb_arg cb_arg;
struct dh_blocking_gen_arg gen_arg;
@ -136,12 +133,6 @@ dh_generate(int size, int gen)
}
return 0;
}
#else
DH *dh;
dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
if (!dh) return 0;
#endif
if (!DH_generate_key(dh)) {
DH_free(dh);

22
ext/openssl/ossl_pkey_dsa.c
Просмотреть файл

@ -76,7 +76,6 @@ ossl_dsa_new(EVP_PKEY *pkey)
/*
* Private
*/
#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct dsa_blocking_gen_arg {
DSA *dsa;
int size;
@ -95,12 +94,10 @@ dsa_blocking_gen(void *arg)
gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb);
return 0;
}
#endif
static DSA *
dsa_generate(int size)
{
#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
BN_GENCB cb;
struct ossl_generate_cb_arg cb_arg;
struct dsa_blocking_gen_arg gen_arg;
@ -145,19 +142,6 @@ dsa_generate(int size)
}
return 0;
}
#else
DSA *dsa;
unsigned char seed[20];
int seed_len = 20, counter;
unsigned long h;
if (RAND_bytes(seed, seed_len) <= 0) {
return 0;
}
dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h,
rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
if(!dsa) return 0;
#endif
if (!DSA_generate_key(dsa)) {
DSA_free(dsa);
@ -246,7 +230,10 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
}
if (!dsa) {
OSSL_BIO_reset(in);
#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
(d2i_of_void *)d2i_DSAPublicKey, PEM_STRING_DSA_PUBLIC, (bp), (void **)(x), (cb), (u))
dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL);
#undef PEM_read_bio_DSAPublicKey
}
BIO_free(in);
if (!dsa) {
@ -460,7 +447,10 @@ ossl_dsa_to_public_key(VALUE self)
GetPKeyDSA(self, pkey);
/* err check performed by dsa_instance */
#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \
(i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa))
dsa = DSAPublicKey_dup(pkey->pkey.dsa);
#undef DSAPublicKey_dup
obj = dsa_instance(CLASS_OF(self), dsa);
if (obj == Qfalse) {
DSA_free(dsa);

2
ext/openssl/ossl_pkey_ec.c
Просмотреть файл

@ -1658,9 +1658,7 @@ void Init_ossl_ec(void)
ID_compressed = rb_intern("compressed");
ID_hybrid = rb_intern("hybrid");
#ifdef OPENSSL_EC_NAMED_CURVE
rb_define_const(cEC, "NAMED_CURVE", ULONG2NUM(OPENSSL_EC_NAMED_CURVE));
#endif
rb_define_singleton_method(cEC, "builtin_curves", ossl_s_builtin_curves, 0);

6
ext/openssl/ossl_pkey_rsa.c
Просмотреть файл

@ -77,7 +77,6 @@ ossl_rsa_new(EVP_PKEY *pkey)
/*
* Private
*/
#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
struct rsa_blocking_gen_arg {
RSA *rsa;
BIGNUM *e;
@ -93,12 +92,10 @@ rsa_blocking_gen(void *arg)
gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb);
return 0;
}
#endif
static RSA *
rsa_generate(int size, unsigned long exp)
{
#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
int i;
BN_GENCB cb;
struct ossl_generate_cb_arg cb_arg;
@ -149,9 +146,6 @@ rsa_generate(int size, unsigned long exp)
BN_free(e);
return rsa;
#else
return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
#endif
}
/*

20
ext/openssl/ossl_ssl.c
Просмотреть файл

@ -90,26 +90,22 @@ static const struct {
OSSL_SSL_METHOD_ENTRY(TLSv1),
OSSL_SSL_METHOD_ENTRY(TLSv1_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_client),
#if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \
defined(HAVE_TLSV1_2_CLIENT_METHOD)
#if defined(HAVE_TLSV1_2_METHOD)
OSSL_SSL_METHOD_ENTRY(TLSv1_2),
OSSL_SSL_METHOD_ENTRY(TLSv1_2_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_2_client),
#endif
#if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \
defined(HAVE_TLSV1_1_CLIENT_METHOD)
#if defined(HAVE_TLSV1_1_METHOD)
OSSL_SSL_METHOD_ENTRY(TLSv1_1),
OSSL_SSL_METHOD_ENTRY(TLSv1_1_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_1_client),
#endif
#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
defined(HAVE_SSLV2_CLIENT_METHOD)
#if defined(HAVE_SSLV2_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv2),
OSSL_SSL_METHOD_ENTRY(SSLv2_server),
OSSL_SSL_METHOD_ENTRY(SSLv2_client),
#endif
#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
defined(HAVE_SSLV3_CLIENT_METHOD)
#if defined(HAVE_SSLV3_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv3),
OSSL_SSL_METHOD_ENTRY(SSLv3_server),
OSSL_SSL_METHOD_ENTRY(SSLv3_client),
@ -2347,25 +2343,17 @@ Init_ossl_ssl(void)
ossl_ssl_def_const(OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
ossl_ssl_def_const(OP_SSLREF2_REUSE_CERT_TYPE_BUG);
ossl_ssl_def_const(OP_MICROSOFT_BIG_SSLV3_BUFFER);
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
ossl_ssl_def_const(OP_MSIE_SSLV2_RSA_PADDING);
#endif
ossl_ssl_def_const(OP_SSLEAY_080_CLIENT_DH_BUG);
ossl_ssl_def_const(OP_TLS_D5_BUG);
ossl_ssl_def_const(OP_TLS_BLOCK_PADDING_BUG);
ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS);
ossl_ssl_def_const(OP_ALL);
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
ossl_ssl_def_const(OP_SINGLE_ECDH_USE);
#endif
ossl_ssl_def_const(OP_SINGLE_DH_USE);
ossl_ssl_def_const(OP_EPHEMERAL_RSA);
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
ossl_ssl_def_const(OP_CIPHER_SERVER_PREFERENCE);
#endif
ossl_ssl_def_const(OP_TLS_ROLLBACK_BUG);
ossl_ssl_def_const(OP_NO_SSLv2);
ossl_ssl_def_const(OP_NO_SSLv3);

7
ext/openssl/ossl_ssl_session.c
Просмотреть файл

@ -186,7 +186,6 @@ static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
return ossl_ssl_session_get_timeout(self);
}
#ifdef HAVE_SSL_SESSION_GET_ID
/*
* call-seq:
* session.id -> aString
@ -205,7 +204,6 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
return rb_str_new((const char *) p, i);
}
#endif
/*
* call-seq:
@ -316,12 +314,7 @@ void Init_ossl_ssl_session(void)
rb_define_method(cSSLSession, "time=", ossl_ssl_session_set_time, 1);
rb_define_method(cSSLSession, "timeout", ossl_ssl_session_get_timeout, 0);
rb_define_method(cSSLSession, "timeout=", ossl_ssl_session_set_timeout, 1);
#ifdef HAVE_SSL_SESSION_GET_ID
rb_define_method(cSSLSession, "id", ossl_ssl_session_get_id, 0);
#else
rb_undef_method(cSSLSession, "id");
#endif
rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0);
rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0);
rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0);

10
ext/openssl/ossl_x509.c
Просмотреть файл

@ -63,12 +63,8 @@ Init_ossl_x509(void)
DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
DefX509Const(V_ERR_APPLICATION_VERIFICATION);
#if defined(X509_V_FLAG_CRL_CHECK)
DefX509Const(V_FLAG_CRL_CHECK);
#endif
#if defined(X509_V_FLAG_CRL_CHECK_ALL)
DefX509Const(V_FLAG_CRL_CHECK_ALL);
#endif
DefX509Const(PURPOSE_SSL_CLIENT);
DefX509Const(PURPOSE_SSL_SERVER);
@ -77,21 +73,15 @@ Init_ossl_x509(void)
DefX509Const(PURPOSE_SMIME_ENCRYPT);
DefX509Const(PURPOSE_CRL_SIGN);
DefX509Const(PURPOSE_ANY);
#if defined(X509_PURPOSE_OCSP_HELPER)
DefX509Const(PURPOSE_OCSP_HELPER);
#endif
DefX509Const(TRUST_COMPAT);
DefX509Const(TRUST_SSL_CLIENT);
DefX509Const(TRUST_SSL_SERVER);
DefX509Const(TRUST_EMAIL);
DefX509Const(TRUST_OBJECT_SIGN);
#if defined(X509_TRUST_OCSP_SIGN)
DefX509Const(TRUST_OCSP_SIGN);
#endif
#if defined(X509_TRUST_OCSP_REQUEST)
DefX509Const(TRUST_OCSP_REQUEST);
#endif
DefX509Default(CERT_AREA, cert_area);
DefX509Default(CERT_DIR, cert_dir);

14
ext/openssl/ossl_x509attr.c
Просмотреть файл

@ -178,14 +178,6 @@ ossl_x509attr_get_oid(VALUE self)
return ret;
}
#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single)
# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
#else
# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set)
# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
#endif
/*
* call-seq:
* attr.value = asn1 => asn1
@ -205,10 +197,10 @@ ossl_x509attr_set_value(VALUE self, VALUE value)
}
GetX509Attr(self, attr);
if(attr->value.set){
if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single);
if(attr->single) ASN1_TYPE_free(attr->value.single);
else sk_ASN1_TYPE_free(attr->value.set);
}
OSSL_X509ATTR_SET_SINGLE(attr);
attr->single = 1;
attr->value.single = a1type;
return value;
@ -228,7 +220,7 @@ ossl_x509attr_get_value(VALUE self)
GetX509Attr(self, attr);
if(attr->value.ptr == NULL) return Qnil;
if(OSSL_X509ATTR_IS_SINGLE(attr)){
if(attr->single){
length = i2d_ASN1_TYPE(attr->value.single, NULL);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);

13
ext/openssl/ossl_x509ext.c
Просмотреть файл

@ -188,7 +188,6 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
return crl;
}
#ifdef HAVE_X509V3_SET_NCONF
static VALUE
ossl_x509extfactory_set_config(VALUE self, VALUE config)
{
@ -202,9 +201,6 @@ ossl_x509extfactory_set_config(VALUE self, VALUE config)
return config;
}
#else
#define ossl_x509extfactory_set_config rb_f_notimplement
#endif
static VALUE
ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
@ -243,12 +239,8 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
X509_EXTENSION *ext;
VALUE oid, value, critical, valstr, obj;
int nid;
#ifdef HAVE_X509V3_EXT_NCONF_NID
VALUE rconf;
CONF *conf;
#else
static LHASH *empty_lhash;
#endif
rb_scan_args(argc, argv, "21", &oid, &value, &critical);
StringValueCStr(oid);
@ -265,14 +257,9 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
GetX509ExtFactory(self, ctx);
obj = NewX509Ext(cX509Ext);
#ifdef HAVE_X509V3_EXT_NCONF_NID
rconf = rb_iv_get(self, "@config");
conf = NIL_P(rconf) ? NULL : GetConfigPtr(rconf);
ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
#else
if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
#endif
if (!ext){
ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
}

29
ext/openssl/ossl_x509store.c
Просмотреть файл

@ -153,12 +153,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
ossl_x509store_set_vfy_cb(self, Qnil);
#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
rb_iv_set(self, "@flags", INT2FIX(0));
rb_iv_set(self, "@purpose", INT2FIX(0));
rb_iv_set(self, "@trust", INT2FIX(0));
#endif
/* last verification status */
rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil);
@ -171,15 +165,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
static VALUE
ossl_x509store_set_flags(VALUE self, VALUE flags)
{
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
long f = NUM2LONG(flags);
GetX509Store(self, store);
X509_STORE_set_flags(store, f);
#else
rb_iv_set(self, "@flags", flags);
#endif
return flags;
}
@ -187,15 +177,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
static VALUE
ossl_x509store_set_purpose(VALUE self, VALUE purpose)
{
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
int p = NUM2INT(purpose);
GetX509Store(self, store);
X509_STORE_set_purpose(store, p);
#else
rb_iv_set(self, "@purpose", purpose);
#endif
return purpose;
}
@ -203,15 +189,11 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
static VALUE
ossl_x509store_set_trust(VALUE self, VALUE trust)
{
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
int t = NUM2INT(trust);
GetX509Store(self, store);
X509_STORE_set_trust(store, t);
#else
rb_iv_set(self, "@trust", trust);
#endif
return trust;
}
@ -441,17 +423,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
SafeGetX509Store(store, x509st);
if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
sk_X509_pop_free(x509s, X509_free);
ossl_raise(eX509StoreError, NULL);
}
#else
X509_STORE_CTX_init(ctx, x509st, x509, x509s);
ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
#endif
if (!NIL_P(t = rb_iv_get(store, "@time")))
ossl_x509stctx_set_time(self, t);
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
@ -562,16 +537,12 @@ ossl_x509stctx_get_curr_cert(VALUE self)
static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE_CTX *ctx;
GetX509StCtx(self, ctx);
if(!ctx->current_crl) return Qnil;
return ossl_x509crl_new(ctx->current_crl);
#else
return Qnil;
#endif
}
static VALUE

60
test/openssl/test_cipher.rb
Просмотреть файл

@ -114,40 +114,38 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
end
end if has_cipher?('aes-128-ctr')
if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
def test_ciphers
OpenSSL::Cipher.ciphers.each{|name|
next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
begin
assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
rescue OpenSSL::Cipher::CipherError => e
next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
raise
end
}
end
def test_ciphers
OpenSSL::Cipher.ciphers.each{|name|
next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
begin
assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
rescue OpenSSL::Cipher::CipherError => e
next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
raise
end
}
end
def test_AES
pt = File.read(__FILE__)
%w(ECB CBC CFB OFB).each{|mode|
c1 = OpenSSL::Cipher::AES256.new(mode)
c1.encrypt
c1.pkcs5_keyivgen("passwd")
ct = c1.update(pt) + c1.final
def test_AES
pt = File.read(__FILE__)
%w(ECB CBC CFB OFB).each{|mode|
c1 = OpenSSL::Cipher::AES256.new(mode)
c1.encrypt
c1.pkcs5_keyivgen("passwd")
ct = c1.update(pt) + c1.final
c2 = OpenSSL::Cipher::AES256.new(mode)
c2.decrypt
c2.pkcs5_keyivgen("passwd")
assert_equal(pt, c2.update(ct) + c2.final)
}
end
c2 = OpenSSL::Cipher::AES256.new(mode)
c2.decrypt
c2.pkcs5_keyivgen("passwd")
assert_equal(pt, c2.update(ct) + c2.final)
}
end
def test_AES_crush
500.times do
assert_nothing_raised("[Bug #2768]") do
# it caused OpenSSL SEGV by uninitialized key
OpenSSL::Cipher::AES128.new("ECB").update "." * 17
end
def test_AES_crush
500.times do
assert_nothing_raised("[Bug #2768]") do
# it caused OpenSSL SEGV by uninitialized key
OpenSSL::Cipher::AES128.new("ECB").update "." * 17
end
end
end

6
test/openssl/test_pkcs7.rb
Просмотреть файл

@ -123,12 +123,6 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
end
def test_enveloped
if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
# PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
# http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
return
end
certs = [@ee1_cert, @ee2_cert]
cipher = OpenSSL::Cipher::AES.new("128-CBC")
data = "aaaaa\nbbbbb\nccccc\n"

6
test/openssl/test_ssl.rb
Просмотреть файл

@ -869,10 +869,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port|
2.times do |i|
ctx = OpenSSL::SSL::SSLContext.new
if defined?(OpenSSL::SSL::OP_NO_TICKET)
# disable RFC4507 support
ctx.options = OpenSSL::SSL::OP_NO_TICKET
end
# disable RFC4507 support
ctx.options = OpenSSL::SSL::OP_NO_TICKET
server_connect(port, ctx) { |ssl|
ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com'
str = "x" * 100 + "\n"

15
test/openssl/test_ssl_session.rb
Просмотреть файл

@ -61,9 +61,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
# SSL_SESSION_time keeps long value so we can't keep nsec fragment.
session.time = t1 = Time.now.to_i
assert_equal(Time.at(t1), session.time)
if session.respond_to?(:id)
assert_not_nil(session.id)
end
assert_not_nil(session.id)
pem = session.to_pem
assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem)
assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem)
@ -170,10 +168,7 @@ __EOS__
session = ssl.session
if last_session
assert(ssl.session_reused?)
if session.respond_to?(:id)
assert_equal(session.id, last_session.id)
end
assert_equal(session.id, last_session.id)
assert_equal(session.to_pem, last_session.to_pem)
assert_equal(session.to_der, last_session.to_der)
# Older version of OpenSSL may not be consistent. Look up which versions later.
@ -246,10 +241,8 @@ __EOS__
10.times do |i|
sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new
if defined?(OpenSSL::SSL::OP_NO_TICKET)
# disable RFC4507 support
ctx.options = OpenSSL::SSL::OP_NO_TICKET
end
# disable RFC4507 support
ctx.options = OpenSSL::SSL::OP_NO_TICKET
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.sync_close = true
ssl.session = first_session if first_session

2
test/openssl/test_x509store.rb
Просмотреть файл

@ -148,8 +148,6 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ee1_cert)))
assert_equal(OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID, store.error)
return unless defined?(OpenSSL::X509::V_FLAG_CRL_CHECK)
store = OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_ANY
store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK