2012-11-26 19:58:52 -05:00
|
|
|
# -*- coding: us-ascii -*-
|
2015-12-16 00:31:54 -05:00
|
|
|
# frozen_string_literal: false
|
2003-07-23 12:12:24 -04:00
|
|
|
=begin
|
|
|
|
|
= Info
|
|
|
|
|
'OpenSSL for Ruby 2' project
|
|
|
|
|
Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz>
|
|
|
|
|
All rights reserved.
|
|
|
|
|
|
|
|
|
|
= Licence
|
2015-04-19 23:55:09 -04:00
|
|
|
This program is licensed under the same licence as Ruby.
|
2003-07-23 12:12:24 -04:00
|
|
|
(See the file 'LICENCE'.)
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
|
|
require "mkmf"
|
2012-11-26 19:58:52 -05:00
|
|
|
require File.expand_path('../deprecation', __FILE__)
|
2003-07-23 12:12:24 -04:00
|
|
|
|
2003-07-23 22:10:04 -04:00
|
|
|
dir_config("openssl")
|
2003-07-27 08:19:18 -04:00
|
|
|
dir_config("kerberos")
|
2003-07-23 12:12:24 -04:00
|
|
|
|
2012-05-18 15:51:58 -04:00
|
|
|
Logging::message "=== OpenSSL for Ruby configurator ===\n"
|
2003-07-23 12:12:24 -04:00
|
|
|
|
2016-05-25 04:50:03 -04:00
|
|
|
# Add -Werror=deprecated-declarations to $warnflags if available
|
|
|
|
|
OpenSSL.deprecated_warning_flag
|
|
|
|
|
|
2003-07-23 12:12:24 -04:00
|
|
|
##
|
2011-10-26 19:43:04 -04:00
|
|
|
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
|
2003-07-23 12:12:24 -04:00
|
|
|
# To turn it on, use: --with-debug or --enable-debug
|
|
|
|
|
#
|
|
|
|
|
if with_config("debug") or enable_config("debug")
|
2016-05-25 04:50:03 -04:00
|
|
|
$defs.push("-DOSSL_DEBUG")
|
2011-10-26 19:43:04 -04:00
|
|
|
end
|
2003-07-23 12:12:24 -04:00
|
|
|
|
2012-05-18 15:51:58 -04:00
|
|
|
Logging::message "=== Checking for system dependent stuff... ===\n"
|
2003-07-24 13:58:56 -04:00
|
|
|
have_library("nsl", "t_open")
|
|
|
|
|
have_library("socket", "socket")
|
2003-09-17 05:05:02 -04:00
|
|
|
have_header("assert.h")
|
2003-07-23 12:12:24 -04:00
|
|
|
|
2012-05-18 15:51:58 -04:00
|
|
|
Logging::message "=== Checking for required stuff... ===\n"
|
2003-07-27 08:19:18 -04:00
|
|
|
if $mingw
|
|
|
|
|
have_library("wsock32")
|
|
|
|
|
have_library("gdi32")
|
|
|
|
|
end
|
2010-12-10 12:24:30 -05:00
|
|
|
|
|
|
|
|
result = pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
|
|
|
unless result
|
|
|
|
|
result = have_header("openssl/ssl.h")
|
2016-06-09 02:03:55 -04:00
|
|
|
result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "CRYPTO_malloc")}
|
|
|
|
|
result &&= %w[ssl ssleay32].any? {|lib| have_library(lib, "SSL_new")}
|
2010-12-10 12:24:30 -05:00
|
|
|
unless result
|
2012-05-18 15:51:58 -04:00
|
|
|
Logging::message "=== Checking for required stuff failed. ===\n"
|
|
|
|
|
Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
2003-07-24 13:58:56 -04:00
|
|
|
exit 1
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-05-25 04:50:03 -04:00
|
|
|
result = checking_for("OpenSSL version is 0.9.8 or later") {
|
|
|
|
|
try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
|
|
|
|
|
}
|
|
|
|
|
unless result
|
|
|
|
|
raise "OpenSSL 0.9.8 or later required."
|
2004-01-19 12:55:18 -05:00
|
|
|
end
|
2016-05-25 04:50:03 -04:00
|
|
|
|
2012-04-30 17:03:38 -04:00
|
|
|
unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
|
2012-05-18 02:24:34 -04:00
|
|
|
raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
|
2012-04-22 08:39:55 -04:00
|
|
|
end
|
2004-01-19 12:55:18 -05:00
|
|
|
|
2012-05-18 15:51:58 -04:00
|
|
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
2016-05-25 04:50:03 -04:00
|
|
|
# compile options
|
|
|
|
|
|
|
|
|
|
# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
|
|
|
|
|
# exist even if compiled with no-ssl2 or no-ssl3-method.
|
|
|
|
|
unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
|
2016-05-08 20:05:33 -04:00
|
|
|
have_func("SSLv2_method")
|
|
|
|
|
end
|
2016-05-25 04:50:03 -04:00
|
|
|
unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
|
2016-05-08 20:05:33 -04:00
|
|
|
have_func("SSLv3_method")
|
|
|
|
|
end
|
2012-05-06 18:26:08 -04:00
|
|
|
have_func("TLSv1_1_method")
|
|
|
|
|
have_func("TLSv1_2_method")
|
2016-05-25 04:50:03 -04:00
|
|
|
have_func("RAND_egd")
|
|
|
|
|
engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
|
|
|
|
|
cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
|
|
|
|
|
engines.each { |name|
|
|
|
|
|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-05 11:35:12 -04:00
|
|
|
# added in 0.9.8X
|
|
|
|
|
have_func("EVP_CIPHER_CTX_new")
|
|
|
|
|
have_func("EVP_CIPHER_CTX_free")
|
|
|
|
|
|
2016-05-25 04:50:03 -04:00
|
|
|
# added in 1.0.0
|
2016-06-01 08:41:15 -04:00
|
|
|
have_func("ASN1_TIME_adj")
|
2016-05-25 04:50:03 -04:00
|
|
|
have_func("EVP_CIPHER_CTX_copy")
|
openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs
* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
{RSA,DSA,EC_KEY,DH}_get0_*() functions.
OpenSSL 1.1.0 makes EVP_PKEY/RSA/DSA/DH opaque. We used to provide
setter methods for each parameter of each PKey type, for example
PKey::RSA#e=, but this is no longer possible because the new API
RSA_set0_key() requires the 'n' at the same time. This commit adds
deprecation warning to them and adds PKey::*#set_* methods as direct
wrapper for those new APIs. For example, 'rsa.e = 3' now needs to be
rewritten as 'rsa.set_key(rsa.n, 3, rsa.d)'.
[ruby-core:75225] [Feature #12324]
* ext/openssl/ossl_pkey*.[ch]: Use the new accessor functions. Implement
RSA#set_{key,factors,crt_params}, DSA#set_{key,pqg}, DH#set_{key,pqg}.
Emit a warning with rb_warning() when old setter methods are used.
* test/drb/ut_array_drbssl.rb, test/drb/ut_drb_drbssl.rb,
test/rubygems/test_gem_remote_fetcher.rb: Don't set a priv_key for DH
object that are used in tmp_dh_callback. Generating a new key pair
every time should be fine - actually the private exponent is ignored
in OpenSSL >= 1.0.2f/1.0.1r even if we explicitly set.
https://www.openssl.org/news/secadv/20160128.txt
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55285 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-06-05 11:00:47 -04:00
|
|
|
have_func("EVP_PKEY_base_id")
|
2016-05-25 04:50:03 -04:00
|
|
|
have_func("HMAC_CTX_copy")
|
|
|
|
|
have_func("PKCS5_PBKDF2_HMAC")
|
|
|
|
|
have_func("X509_NAME_hash_old")
|
2016-06-05 11:35:12 -04:00
|
|
|
have_func("X509_STORE_CTX_get0_current_crl")
|
|
|
|
|
have_func("X509_STORE_set_verify_cb")
|
|
|
|
|
have_func("i2d_ASN1_SET_ANY")
|
2016-05-25 04:50:03 -04:00
|
|
|
have_func("SSL_SESSION_cmp") # removed
|
|
|
|
|
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
|
2013-07-23 10:19:51 -04:00
|
|
|
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
|
2016-05-25 04:50:03 -04:00
|
|
|
|
|
|
|
|
# added in 1.0.1
|
|
|
|
|
have_func("SSL_CTX_set_next_proto_select_cb")
|
2012-12-20 02:42:56 -05:00
|
|
|
have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
|
2003-07-23 12:12:24 -04:00
|
|
|
|
2016-05-25 04:50:03 -04:00
|
|
|
# added in 1.0.2
|
2016-05-30 05:30:38 -04:00
|
|
|
have_func("EC_curve_nist2nid")
|
2016-05-25 04:50:03 -04:00
|
|
|
have_func("X509_REVOKED_dup")
|
2016-06-05 11:35:12 -04:00
|
|
|
have_func("X509_STORE_CTX_get0_store")
|
2016-05-25 04:50:03 -04:00
|
|
|
have_func("SSL_CTX_set_alpn_select_cb")
|
2016-05-30 05:30:38 -04:00
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
|
|
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
|
2016-05-25 04:50:03 -04:00
|
|
|
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
|
2016-06-05 12:36:39 -04:00
|
|
|
have_func("SSL_is_server")
|
2016-05-25 04:50:03 -04:00
|
|
|
|
|
|
|
|
# added in 1.1.0
|
2016-06-05 08:46:05 -04:00
|
|
|
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
|
2016-06-05 11:35:12 -04:00
|
|
|
have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
|
|
|
|
|
have_func("BN_GENCB_new")
|
|
|
|
|
have_func("BN_GENCB_free")
|
|
|
|
|
have_func("BN_GENCB_get_arg")
|
|
|
|
|
have_func("EVP_MD_CTX_new")
|
|
|
|
|
have_func("EVP_MD_CTX_free")
|
|
|
|
|
have_func("HMAC_CTX_new")
|
|
|
|
|
have_func("HMAC_CTX_free")
|
2016-06-05 08:38:34 -04:00
|
|
|
OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
|
2016-05-25 04:50:03 -04:00
|
|
|
have_func("X509_STORE_get_ex_data")
|
|
|
|
|
have_func("X509_STORE_set_ex_data")
|
2016-06-05 11:35:12 -04:00
|
|
|
have_func("X509_CRL_get0_signature")
|
|
|
|
|
have_func("X509_REQ_get0_signature")
|
|
|
|
|
have_func("X509_REVOKED_get0_serialNumber")
|
|
|
|
|
have_func("X509_REVOKED_get0_revocationDate")
|
|
|
|
|
have_func("X509_get0_tbs_sigalg")
|
|
|
|
|
have_func("X509_STORE_CTX_get0_untrusted")
|
|
|
|
|
have_func("X509_STORE_CTX_get0_cert")
|
|
|
|
|
have_func("X509_STORE_CTX_get0_chain")
|
|
|
|
|
have_func("OCSP_SINGLERESP_get0_id")
|
|
|
|
|
have_func("SSL_CTX_get_ciphers")
|
2016-06-05 08:46:05 -04:00
|
|
|
have_func("X509_up_ref")
|
|
|
|
|
have_func("X509_CRL_up_ref")
|
|
|
|
|
have_func("X509_STORE_up_ref")
|
|
|
|
|
have_func("SSL_SESSION_up_ref")
|
|
|
|
|
have_func("EVP_PKEY_up_ref")
|
2016-05-30 05:30:38 -04:00
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed
|
2016-06-07 01:57:25 -04:00
|
|
|
OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
|
2016-06-07 03:52:24 -04:00
|
|
|
have_func("SSL_CTX_get_security_level")
|
2016-08-29 01:47:09 -04:00
|
|
|
have_func("X509_get0_notBefore")
|
2016-05-25 04:50:03 -04:00
|
|
|
|
2012-05-18 15:51:58 -04:00
|
|
|
Logging::message "=== Checking done. ===\n"
|
2006-06-02 06:03:16 -04:00
|
|
|
|
|
|
|
|
create_header
|
2013-10-28 02:32:24 -04:00
|
|
|
create_makefile("openssl") {|conf|
|
|
|
|
|
conf << "THREAD_MODEL = #{CONFIG["THREAD_MODEL"]}\n"
|
|
|
|
|
}
|
2012-05-18 15:51:58 -04:00
|
|
|
Logging::message "Done.\n"
|