2012-11-27 00:58:52 +00:00
|
|
|
# -*- coding: us-ascii -*-
|
2015-12-16 05:31:54 +00:00
|
|
|
# frozen_string_literal: false
|
2003-07-23 16:12:24 +00:00
|
|
|
=begin
|
|
|
|
|
= Info
|
|
|
|
|
'OpenSSL for Ruby 2' project
|
|
|
|
|
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
|
|
|
|
All rights reserved.
|
|
|
|
|
|
|
|
|
|
= Licence
|
2015-04-20 03:55:09 +00:00
|
|
|
This program is licensed under the same licence as Ruby.
|
2003-07-23 16:12:24 +00:00
|
|
|
(See the file 'LICENCE'.)
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
|
|
require "mkmf"
|
2012-11-27 00:58:52 +00:00
|
|
|
require File.expand_path('../deprecation', __FILE__)
|
2003-07-23 16:12:24 +00:00
|
|
|
|
2003-07-24 02:10:04 +00:00
|
|
|
dir_config("openssl")
|
2003-07-27 12:19:18 +00:00
|
|
|
dir_config("kerberos")
|
2003-07-23 16:12:24 +00:00
|
|
|
|
2012-05-18 19:51:58 +00:00
|
|
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
2003-07-23 16:12:24 +00:00
|
|
|
|
2016-05-25 08:50:03 +00:00
|
|
|
# Add -Werror=deprecated-declarations to $warnflags if available
|
|
|
|
|
OpenSSL.deprecated_warning_flag
|
|
|
|
|
|
2003-07-23 16:12:24 +00:00
|
|
|
##
|
2011-10-26 23:43:04 +00:00
|
|
|
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
|
2003-07-23 16:12:24 +00:00
|
|
|
# To turn it on, use: --with-debug or --enable-debug
|
|
|
|
|
#
|
|
|
|
|
if with_config("debug") or enable_config("debug")
|
2016-05-25 08:50:03 +00:00
|
|
|
$defs.push("-DOSSL_DEBUG")
|
2011-10-26 23:43:04 +00:00
|
|
|
end
|
2003-07-23 16:12:24 +00:00
|
|
|
|
2012-05-18 19:51:58 +00:00
|
|
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
2003-07-24 17:58:56 +00:00
|
|
|
have_library("nsl", "t_open")
|
|
|
|
|
have_library("socket", "socket")
|
2003-09-17 09:05:02 +00:00
|
|
|
have_header("assert.h")
|
2003-07-23 16:12:24 +00:00
|
|
|
|
2012-05-18 19:51:58 +00:00
|
|
|
Logging::message "=== Checking for required stuff... ===\n"
|
2003-07-27 12:19:18 +00:00
|
|
|
if $mingw
|
|
|
|
|
have_library("wsock32")
|
|
|
|
|
have_library("gdi32")
|
|
|
|
|
end
|
2010-12-10 17:24:30 +00:00
|
|
|
|
|
|
|
|
result = pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
|
|
|
unless result
|
|
|
|
|
result = have_header("openssl/ssl.h")
|
2016-06-09 06:03:55 +00:00
|
|
|
result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "CRYPTO_malloc")}
|
|
|
|
|
result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_new")}
|
2010-12-10 17:24:30 +00:00
|
|
|
unless result
|
2012-05-18 19:51:58 +00:00
|
|
|
Logging::message "=== Checking for required stuff failed. ===\n"
|
|
|
|
|
Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
2003-07-24 17:58:56 +00:00
|
|
|
exit 1
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-05-25 08:50:03 +00:00
|
|
|
result = checking_for("OpenSSL version is 0.9.8 or later") {
|
|
|
|
|
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
|
|
|
|
|
}
|
|
|
|
|
unless result
|
|
|
|
|
raise "OpenSSL 0.9.8 or later required."
|
2004-01-19 17:55:18 +00:00
|
|
|
end
|
2016-05-25 08:50:03 +00:00
|
|
|
|
2012-04-30 21:03:38 +00:00
|
|
|
unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
|
2012-05-18 06:24:34 +00:00
|
|
|
raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
|
2012-04-22 12:39:55 +00:00
|
|
|
end
|
2004-01-19 17:55:18 +00:00
|
|
|
|
2012-05-18 19:51:58 +00:00
|
|
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
2016-05-25 08:50:03 +00:00
|
|
|
# compile options
|
|
|
|
|
|
|
|
|
|
# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
|
|
|
|
|
# exist even if compiled with no-ssl2 or no-ssl3-method.
|
|
|
|
|
unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
|
2016-05-09 00:05:33 +00:00
|
|
|
have_func("SSLv2_method")
|
|
|
|
|
end
|
2016-05-25 08:50:03 +00:00
|
|
|
unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
|
2016-05-09 00:05:33 +00:00
|
|
|
have_func("SSLv3_method")
|
|
|
|
|
end
|
2012-05-06 22:26:08 +00:00
|
|
|
have_func("TLSv1_1_method")
|
|
|
|
|
have_func("TLSv1_2_method")
|
2016-05-25 08:50:03 +00:00
|
|
|
have_func("RAND_egd")
|
|
|
|
|
engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
|
|
|
|
|
cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
|
|
|
|
|
engines.each { |name|
|
|
|
|
|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-05 15:35:12 +00:00
|
|
|
# added in 0.9.8X
|
|
|
|
|
have_func("EVP_CIPHER_CTX_new")
|
|
|
|
|
have_func("EVP_CIPHER_CTX_free")
|
|
|
|
|
|
2016-05-25 08:50:03 +00:00
|
|
|
# added in 1.0.0
|
2016-06-01 12:41:15 +00:00
|
|
|
have_func("ASN1_TIME_adj")
|
2016-05-25 08:50:03 +00:00
|
|
|
have_func("EVP_CIPHER_CTX_copy")
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 15:00:47 +00:00
|
|
|
have_func("EVP_PKEY_base_id")
|
2016-05-25 08:50:03 +00:00
|
|
|
have_func("HMAC_CTX_copy")
|
|
|
|
|
have_func("PKCS5_PBKDF2_HMAC")
|
|
|
|
|
have_func("X509_NAME_hash_old")
|
2016-06-05 15:35:12 +00:00
|
|
|
have_func("X509_STORE_CTX_get0_current_crl")
|
|
|
|
|
have_func("X509_STORE_set_verify_cb")
|
|
|
|
|
have_func("i2d_ASN1_SET_ANY")
|
2016-05-25 08:50:03 +00:00
|
|
|
have_func("SSL_SESSION_cmp") # removed
|
|
|
|
|
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
|
2013-07-23 14:19:51 +00:00
|
|
|
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
|
2016-05-25 08:50:03 +00:00
|
|
|
|
|
|
|
|
# added in 1.0.1
|
|
|
|
|
have_func("SSL_CTX_set_next_proto_select_cb")
|
2012-12-20 07:42:56 +00:00
|
|
|
have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
|
2003-07-23 16:12:24 +00:00
|
|
|
|
2016-05-25 08:50:03 +00:00
|
|
|
# added in 1.0.2
|
2016-05-30 09:30:38 +00:00
|
|
|
have_func("EC_curve_nist2nid")
|
2016-05-25 08:50:03 +00:00
|
|
|
have_func("X509_REVOKED_dup")
|
2016-06-05 15:35:12 +00:00
|
|
|
have_func("X509_STORE_CTX_get0_store")
|
2016-05-25 08:50:03 +00:00
|
|
|
have_func("SSL_CTX_set_alpn_select_cb")
|
2016-05-30 09:30:38 +00:00
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
|
|
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
|
2016-05-25 08:50:03 +00:00
|
|
|
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
|
2016-06-05 16:36:39 +00:00
|
|
|
have_func("SSL_is_server")
|
2016-05-25 08:50:03 +00:00
|
|
|
|
|
|
|
|
# added in 1.1.0
|
2016-06-05 12:46:05 +00:00
|
|
|
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
|
2016-06-05 15:35:12 +00:00
|
|
|
have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
|
|
|
|
|
have_func("BN_GENCB_new")
|
|
|
|
|
have_func("BN_GENCB_free")
|
|
|
|
|
have_func("BN_GENCB_get_arg")
|
|
|
|
|
have_func("EVP_MD_CTX_new")
|
|
|
|
|
have_func("EVP_MD_CTX_free")
|
|
|
|
|
have_func("HMAC_CTX_new")
|
|
|
|
|
have_func("HMAC_CTX_free")
|
2016-06-05 12:38:34 +00:00
|
|
|
OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
|
2016-05-25 08:50:03 +00:00
|
|
|
have_func("X509_STORE_get_ex_data")
|
|
|
|
|
have_func("X509_STORE_set_ex_data")
|
2016-06-05 15:35:12 +00:00
|
|
|
have_func("X509_CRL_get0_signature")
|
|
|
|
|
have_func("X509_REQ_get0_signature")
|
|
|
|
|
have_func("X509_REVOKED_get0_serialNumber")
|
|
|
|
|
have_func("X509_REVOKED_get0_revocationDate")
|
|
|
|
|
have_func("X509_get0_tbs_sigalg")
|
|
|
|
|
have_func("X509_STORE_CTX_get0_untrusted")
|
|
|
|
|
have_func("X509_STORE_CTX_get0_cert")
|
|
|
|
|
have_func("X509_STORE_CTX_get0_chain")
|
|
|
|
|
have_func("OCSP_SINGLERESP_get0_id")
|
|
|
|
|
have_func("SSL_CTX_get_ciphers")
|
2016-06-05 12:46:05 +00:00
|
|
|
have_func("X509_up_ref")
|
|
|
|
|
have_func("X509_CRL_up_ref")
|
|
|
|
|
have_func("X509_STORE_up_ref")
|
|
|
|
|
have_func("SSL_SESSION_up_ref")
|
|
|
|
|
have_func("EVP_PKEY_up_ref")
|
2016-05-30 09:30:38 +00:00
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
|
2016-06-07 05:57:25 +00:00
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
|
2016-06-07 07:52:24 +00:00
|
|
|
have_func("SSL_CTX_get_security_level")
|
2016-05-25 08:50:03 +00:00
|
|
|
|
2012-05-18 19:51:58 +00:00
|
|
|
Logging::message "=== Checking done. ===\n"
|
2006-06-02 10:03:16 +00:00
|
|
|
|
|
|
|
|
create_header
|
2013-10-28 06:32:24 +00:00
|
|
|
create_makefile("openssl") {|conf|
|
|
|
|
|
conf << "THREAD_MODEL = #{CONFIG["THREAD_MODEL"]}\n"
|
|
|
|
|
}
|
2012-05-18 19:51:58 +00:00
|
|
|
Logging::message "Done.\n"
|