From b7458f20ffeb9cd0cd2514d86ecd9b25b4f2cb9b Mon Sep 17 00:00:00 2001 From: rhe Date: Thu, 22 Dec 2016 01:43:41 +0000 Subject: [PATCH] openssl: import v2.0.2 Import Ruby/OpenSSL 2.0.2. This release contains only bugfixes. The full commit log since 2.0.1 (imported at r57041) can be found at: https://github.com/ruby/openssl/compare/v2.0.1...v2.0.2 ---------------------------------------------------------------- Kazuki Yamaguchi (5): ssl: check for SSL_CTX_clear_options() Rename functions in openssl_missing.c ssl: use SSL_SESSION_get_protocol_version() pkey: allow instantiating OpenSSL::PKey::PKey with unsupported key type Ruby/OpenSSL 2.0.2 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57146 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/extconf.rb | 2 ++ ext/openssl/openssl.gemspec | 6 +++--- ext/openssl/openssl_missing.c | 22 ++++++++++----------- ext/openssl/openssl_missing.h | 35 +++++++++++++++++++++++++--------- ext/openssl/ossl_pkey.c | 15 ++++++++++----- ext/openssl/ossl_ssl_session.c | 9 ++++----- ext/openssl/ossl_version.h | 2 +- 7 files changed, 57 insertions(+), 34 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 60132b352f..7033b0e20d 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -81,6 +81,7 @@ engines.each { |name| # added in 0.9.8X have_func("EVP_CIPHER_CTX_new") have_func("EVP_CIPHER_CTX_free") +OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h") # added in 1.0.0 have_func("ASN1_TIME_adj") @@ -143,6 +144,7 @@ OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h") have_func("SSL_CTX_get_security_level") have_func("X509_get0_notBefore") +have_func("SSL_SESSION_get_protocol_version") Logging::message "=== Checking done. ===\n" diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec index e8fd20f94e..b5ad826e82 100644 --- a/ext/openssl/openssl.gemspec +++ b/ext/openssl/openssl.gemspec @@ -1,15 +1,15 @@ # -*- encoding: utf-8 -*- -# stub: openssl 2.0.1 ruby lib +# stub: openssl 2.0.2 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.0.1" + s.version = "2.0.2" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2016-12-10" + s.date = "2016-12-22" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@ruby-lang.org".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index cc13b7a3a5..94ce85aff4 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -23,7 +23,7 @@ /* added in 0.9.8X */ #if !defined(HAVE_EVP_CIPHER_CTX_NEW) EVP_CIPHER_CTX * -EVP_CIPHER_CTX_new(void) +ossl_EVP_CIPHER_CTX_new(void) { EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)); if (!ctx) @@ -35,7 +35,7 @@ EVP_CIPHER_CTX_new(void) #if !defined(HAVE_EVP_CIPHER_CTX_FREE) void -EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { if (ctx) { EVP_CIPHER_CTX_cleanup(ctx); @@ -52,7 +52,7 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) * tested on 0.9.7d. */ int -EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) +ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { memcpy(out, in, sizeof(EVP_CIPHER_CTX)); @@ -71,7 +71,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) #if !defined(OPENSSL_NO_HMAC) #if !defined(HAVE_HMAC_CTX_COPY) int -HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) +ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) { if (!out || !in) return 0; @@ -112,7 +112,7 @@ static struct { }; int -EC_curve_nist2nid(const char *name) +ossl_EC_curve_nist2nid(const char *name) { size_t i; for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) { @@ -127,7 +127,7 @@ EC_curve_nist2nid(const char *name) /*** added in 1.1.0 ***/ #if !defined(HAVE_HMAC_CTX_NEW) HMAC_CTX * -HMAC_CTX_new(void) +ossl_HMAC_CTX_new(void) { HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); if (!ctx) @@ -139,7 +139,7 @@ HMAC_CTX_new(void) #if !defined(HAVE_HMAC_CTX_FREE) void -HMAC_CTX_free(HMAC_CTX *ctx) +ossl_HMAC_CTX_free(HMAC_CTX *ctx) { if (ctx) { HMAC_CTX_cleanup(ctx); @@ -150,8 +150,8 @@ HMAC_CTX_free(HMAC_CTX *ctx) #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) void -X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) +ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) { if (psig != NULL) *psig = crl->signature; @@ -162,8 +162,8 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, #if !defined(HAVE_X509_REQ_GET0_SIGNATURE) void -X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) +ossl_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) { if (psig != NULL) *psig = req->signature; diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index df27b1a858..3d11aec2d2 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -14,11 +14,17 @@ /* added in 0.9.8X */ #if !defined(HAVE_EVP_CIPHER_CTX_NEW) -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +EVP_CIPHER_CTX *ossl_EVP_CIPHER_CTX_new(void); +# define EVP_CIPHER_CTX_new ossl_EVP_CIPHER_CTX_new #endif #if !defined(HAVE_EVP_CIPHER_CTX_FREE) -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); +void ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); +# define EVP_CIPHER_CTX_free ossl_EVP_CIPHER_CTX_free +#endif + +#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS) +# define SSL_CTX_clear_options(ctx, op) ((ctx)->options &= ~(op)) #endif /* added in 1.0.0 */ @@ -27,11 +33,13 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); #endif #if !defined(HAVE_EVP_CIPHER_CTX_COPY) -int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +int ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *, const EVP_CIPHER_CTX *); +# define EVP_CIPHER_CTX_copy ossl_EVP_CIPHER_CTX_copy #endif #if !defined(HAVE_HMAC_CTX_COPY) -int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); +int ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); +# define HMAC_CTX_copy ossl_HMAC_CTX_copy #endif #if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL) @@ -54,7 +62,8 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); /* added in 1.0.2 */ #if !defined(OPENSSL_NO_EC) #if !defined(HAVE_EC_CURVE_NIST2NID) -int EC_curve_nist2nid(const char *); +int ossl_EC_curve_nist2nid(const char *); +# define EC_curve_nist2nid ossl_EC_curve_nist2nid #endif #endif @@ -93,11 +102,13 @@ int EC_curve_nist2nid(const char *); #endif #if !defined(HAVE_HMAC_CTX_NEW) -HMAC_CTX *HMAC_CTX_new(void); +HMAC_CTX *ossl_HMAC_CTX_new(void); +# define HMAC_CTX_new ossl_HMAC_CTX_new #endif #if !defined(HAVE_HMAC_CTX_FREE) -void HMAC_CTX_free(HMAC_CTX *ctx); +void ossl_HMAC_CTX_free(HMAC_CTX *); +# define HMAC_CTX_free ossl_HMAC_CTX_free #endif #if !defined(HAVE_X509_STORE_GET_EX_DATA) @@ -114,11 +125,13 @@ void HMAC_CTX_free(HMAC_CTX *ctx); #endif #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) -void X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **); +void ossl_X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **); +# define X509_CRL_get0_signature ossl_X509_CRL_get0_signature #endif #if !defined(HAVE_X509_REQ_GET0_SIGNATURE) -void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **); +void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **); +# define X509_REQ_get0_signature ossl_X509_REQ_get0_signature #endif #if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER) @@ -245,4 +258,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec) # define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x) #endif +#if !defined(HAVE_SSL_SESSION_GET_PROTOCOL_VERSION) +# define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version) +#endif + #endif /* _OSSL_OPENSSL_MISSING_H_ */ diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 9e6c615781..6ab1b6184f 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -73,10 +73,13 @@ const rb_data_type_t ossl_evp_pkey_type = { static VALUE pkey_new0(EVP_PKEY *pkey) { - if (!pkey) - ossl_raise(ePKeyError, "cannot make new key from NULL"); + VALUE obj; + int type; - switch (EVP_PKEY_base_id(pkey)) { + if (!pkey || (type = EVP_PKEY_base_id(pkey)) == EVP_PKEY_NONE) + ossl_raise(rb_eRuntimeError, "pkey is empty"); + + switch (type) { #if !defined(OPENSSL_NO_RSA) case EVP_PKEY_RSA: return ossl_rsa_new(pkey); @@ -94,7 +97,9 @@ pkey_new0(EVP_PKEY *pkey) return ossl_ec_new(pkey); #endif default: - ossl_raise(ePKeyError, "unsupported key type"); + obj = NewPKey(cPKey); + SetPKey(obj, pkey); + return obj; } } @@ -260,7 +265,7 @@ static VALUE ossl_pkey_initialize(VALUE self) { if (rb_obj_is_instance_of(self, cPKey)) { - ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class."); + ossl_raise(rb_eTypeError, "OpenSSL::PKey::PKey can't be instantiated directly"); } return self; } diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index 7abb8671f8..1b602a6cd7 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -93,23 +93,22 @@ ossl_ssl_session_initialize_copy(VALUE self, VALUE other) return self; } -#if HAVE_SSL_SESSION_CMP == 0 -int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) +#if !defined(HAVE_SSL_SESSION_CMP) +int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { unsigned int a_len; const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len); unsigned int b_len; const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len); -#if !defined(HAVE_OPAQUE_OPENSSL) /* missing SSL_SESSION_get_ssl_version() ? */ - if (a->ssl_version != b->ssl_version) + if (SSL_SESSION_get_protocol_version(a) != SSL_SESSION_get_protocol_version(b)) return 1; -#endif if (a_len != b_len) return 1; return CRYPTO_memcmp(a_sid, b_sid, a_len); } +#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b) #endif /* diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h index 2566b67a50..d1bd7bc4bb 100644 --- a/ext/openssl/ossl_version.h +++ b/ext/openssl/ossl_version.h @@ -10,6 +10,6 @@ #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.0.1" +#define OSSL_VERSION "2.0.2" #endif /* _OSSL_VERSION_H_ */