openssl: import v2.0.2

Import Ruby/OpenSSL 2.0.2. This release contains only bugfixes. The full
commit log since 2.0.1 (imported at r57041) can be found at:

  https://github.com/ruby/openssl/compare/v2.0.1...v2.0.2

----------------------------------------------------------------
Kazuki Yamaguchi (5):
      ssl: check for SSL_CTX_clear_options()
      Rename functions in openssl_missing.c
      ssl: use SSL_SESSION_get_protocol_version()
      pkey: allow instantiating OpenSSL::PKey::PKey with unsupported key type
      Ruby/OpenSSL 2.0.2

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ext/openssl/extconf.rb

@@ -81,6 +81,7 @@ engines.each { |name|
 # added in 0.9.8X
 have_func("EVP_CIPHER_CTX_new")
 have_func("EVP_CIPHER_CTX_free")
+OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
 
 # added in 1.0.0
 have_func("ASN1_TIME_adj")
@@ -143,6 +144,7 @@ OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") #
 OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
 have_func("SSL_CTX_get_security_level")
 have_func("X509_get0_notBefore")
+have_func("SSL_SESSION_get_protocol_version")
 
 Logging::message "=== Checking done. ===\n"
 

ext/openssl/openssl.gemspec

@@ -1,15 +1,15 @@
 # -*- encoding: utf-8 -*-
-# stub: openssl 2.0.1 ruby lib
+# stub: openssl 2.0.2 ruby lib
 # stub: ext/openssl/extconf.rb
 
 Gem::Specification.new do |s|
   s.name = "openssl".freeze
-  s.version = "2.0.1"
+  s.version = "2.0.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
-  s.date = "2016-12-10"
+  s.date = "2016-12-22"
   s.description = "It wraps the OpenSSL library.".freeze
   s.email = ["ruby-core@ruby-lang.org".freeze]
   s.extensions = ["ext/openssl/extconf.rb".freeze]

ext/openssl/openssl_missing.c

@@ -23,7 +23,7 @@
 /* added in 0.9.8X */
 #if !defined(HAVE_EVP_CIPHER_CTX_NEW)
 EVP_CIPHER_CTX *
-EVP_CIPHER_CTX_new(void)
+ossl_EVP_CIPHER_CTX_new(void)
 {
     EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
     if (!ctx)
@@ -35,7 +35,7 @@ EVP_CIPHER_CTX_new(void)
 
 #if !defined(HAVE_EVP_CIPHER_CTX_FREE)
 void
-EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 {
     if (ctx) {
 	EVP_CIPHER_CTX_cleanup(ctx);
@@ -52,7 +52,7 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
  * tested on 0.9.7d.
  */
 int
-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
 {
     memcpy(out, in, sizeof(EVP_CIPHER_CTX));
 
@@ -71,7 +71,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
 #if !defined(OPENSSL_NO_HMAC)
 #if !defined(HAVE_HMAC_CTX_COPY)
 int
-HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
+ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
 {
     if (!out || !in)
 	return 0;
@@ -112,7 +112,7 @@ static struct {
 };
 
 int
-EC_curve_nist2nid(const char *name)
+ossl_EC_curve_nist2nid(const char *name)
 {
     size_t i;
     for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
@@ -127,7 +127,7 @@ EC_curve_nist2nid(const char *name)
 /*** added in 1.1.0 ***/
 #if !defined(HAVE_HMAC_CTX_NEW)
 HMAC_CTX *
-HMAC_CTX_new(void)
+ossl_HMAC_CTX_new(void)
 {
     HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
     if (!ctx)
@@ -139,7 +139,7 @@ HMAC_CTX_new(void)
 
 #if !defined(HAVE_HMAC_CTX_FREE)
 void
-HMAC_CTX_free(HMAC_CTX *ctx)
+ossl_HMAC_CTX_free(HMAC_CTX *ctx)
 {
     if (ctx) {
 	HMAC_CTX_cleanup(ctx);
@@ -150,8 +150,8 @@ HMAC_CTX_free(HMAC_CTX *ctx)
 
 #if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
 void
-X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
-			const X509_ALGOR **palg)
+ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+			     const X509_ALGOR **palg)
 {
     if (psig != NULL)
 	*psig = crl->signature;
@@ -162,8 +162,8 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
 
 #if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
 void
-X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
-			const X509_ALGOR **palg)
+ossl_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+			     const X509_ALGOR **palg)
 {
     if (psig != NULL)
 	*psig = req->signature;

ext/openssl/openssl_missing.h

@@ -14,11 +14,17 @@
 
 /* added in 0.9.8X */
 #if !defined(HAVE_EVP_CIPHER_CTX_NEW)
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+EVP_CIPHER_CTX *ossl_EVP_CIPHER_CTX_new(void);
+#  define EVP_CIPHER_CTX_new ossl_EVP_CIPHER_CTX_new
 #endif
 
 #if !defined(HAVE_EVP_CIPHER_CTX_FREE)
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
+void ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
+#  define EVP_CIPHER_CTX_free ossl_EVP_CIPHER_CTX_free
+#endif
+
+#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS)
+#  define SSL_CTX_clear_options(ctx, op) ((ctx)->options &= ~(op))
 #endif
 
 /* added in 1.0.0 */
@@ -27,11 +33,13 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
 #endif
 
 #if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
+int ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *, const EVP_CIPHER_CTX *);
+#  define EVP_CIPHER_CTX_copy ossl_EVP_CIPHER_CTX_copy
 #endif
 
 #if !defined(HAVE_HMAC_CTX_COPY)
-int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+int ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+#  define HMAC_CTX_copy ossl_HMAC_CTX_copy
 #endif
 
 #if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL)
@@ -54,7 +62,8 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
 /* added in 1.0.2 */
 #if !defined(OPENSSL_NO_EC)
 #if !defined(HAVE_EC_CURVE_NIST2NID)
-int EC_curve_nist2nid(const char *);
+int ossl_EC_curve_nist2nid(const char *);
+#  define EC_curve_nist2nid ossl_EC_curve_nist2nid
 #endif
 #endif
 
@@ -93,11 +102,13 @@ int EC_curve_nist2nid(const char *);
 #endif
 
 #if !defined(HAVE_HMAC_CTX_NEW)
-HMAC_CTX *HMAC_CTX_new(void);
+HMAC_CTX *ossl_HMAC_CTX_new(void);
+#  define HMAC_CTX_new ossl_HMAC_CTX_new
 #endif
 
 #if !defined(HAVE_HMAC_CTX_FREE)
-void HMAC_CTX_free(HMAC_CTX *ctx);
+void ossl_HMAC_CTX_free(HMAC_CTX *);
+#  define HMAC_CTX_free ossl_HMAC_CTX_free
 #endif
 
 #if !defined(HAVE_X509_STORE_GET_EX_DATA)
@@ -114,11 +125,13 @@ void HMAC_CTX_free(HMAC_CTX *ctx);
 #endif
 
 #if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
-void X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+void ossl_X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+#  define X509_CRL_get0_signature ossl_X509_CRL_get0_signature
 #endif
 
 #if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
-void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+#  define X509_REQ_get0_signature ossl_X509_REQ_get0_signature
 #endif
 
 #if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER)
@@ -245,4 +258,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
 #  define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x)
 #endif
 
+#if !defined(HAVE_SSL_SESSION_GET_PROTOCOL_VERSION)
+#  define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version)
+#endif
+
 #endif /* _OSSL_OPENSSL_MISSING_H_ */

ext/openssl/ossl_pkey.c

@@ -73,10 +73,13 @@ const rb_data_type_t ossl_evp_pkey_type = {
 static VALUE
 pkey_new0(EVP_PKEY *pkey)
 {
-    if (!pkey)
-	ossl_raise(ePKeyError, "cannot make new key from NULL");
+    VALUE obj;
+    int type;
 
-    switch (EVP_PKEY_base_id(pkey)) {
+    if (!pkey || (type = EVP_PKEY_base_id(pkey)) == EVP_PKEY_NONE)
+	ossl_raise(rb_eRuntimeError, "pkey is empty");
+
+    switch (type) {
 #if !defined(OPENSSL_NO_RSA)
     case EVP_PKEY_RSA:
 	return ossl_rsa_new(pkey);
@@ -94,7 +97,9 @@ pkey_new0(EVP_PKEY *pkey)
 	return ossl_ec_new(pkey);
 #endif
     default:
-	ossl_raise(ePKeyError, "unsupported key type");
+	obj = NewPKey(cPKey);
+	SetPKey(obj, pkey);
+	return obj;
     }
 }
 
@@ -260,7 +265,7 @@ static VALUE
 ossl_pkey_initialize(VALUE self)
 {
     if (rb_obj_is_instance_of(self, cPKey)) {
-	ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class.");
+	ossl_raise(rb_eTypeError, "OpenSSL::PKey::PKey can't be instantiated directly");
     }
     return self;
 }

ext/openssl/ossl_ssl_session.c

@@ -93,23 +93,22 @@ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
     return self;
 }
 
-#if HAVE_SSL_SESSION_CMP == 0
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
+#if !defined(HAVE_SSL_SESSION_CMP)
+int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
 {
     unsigned int a_len;
     const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
     unsigned int b_len;
     const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
 
-#if !defined(HAVE_OPAQUE_OPENSSL) /* missing SSL_SESSION_get_ssl_version() ? */
-    if (a->ssl_version != b->ssl_version)
+    if (SSL_SESSION_get_protocol_version(a) != SSL_SESSION_get_protocol_version(b))
 	return 1;
-#endif
     if (a_len != b_len)
 	return 1;
 
     return CRYPTO_memcmp(a_sid, b_sid, a_len);
 }
+#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b)
 #endif
 
 /*

ext/openssl/ossl_version.h

@@ -10,6 +10,6 @@
 #if !defined(_OSSL_VERSION_H_)
 #define _OSSL_VERSION_H_
 
-#define OSSL_VERSION "2.0.1"
+#define OSSL_VERSION "2.0.2"
 
 #endif /* _OSSL_VERSION_H_ */