Attachment #498616 for bug #614760




     */
    /* CRYPTO_malloc_init(); */
    /* ENGINE_load_builtin_engines(); */

    OPENSSL_init_ssl(0, NULL);
    ERR_load_crypto_strings();
    SSL_load_error_strings();

    /*
     * FIXME:

    /*
     * Version of OpenSSL the ruby OpenSSL extension is running with
     */
    rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));

    /*
     * Version number of OpenSSL the ruby OpenSSL extension was built with

Lines 35-40 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl.h (+5 lines)
35	#if !defined(OPENSSL_NO_OCSP)	35	#if !defined(OPENSSL_NO_OCSP)
36	# include <openssl/ocsp.h>	36	# include <openssl/ocsp.h>
37	#endif	37	#endif
		38	#include <openssl/bn.h>
		39	#include <openssl/rsa.h>
		40	#include <openssl/dsa.h>
		41	#include <openssl/evp.h>
		42	#include <openssl/dh.h>
38		43
39	/*	44	/*
40	* Common Module	45	* Common Module




    GetCipher(self, ctx);

#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
      iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
#endif
    if (!iv_len)
	iv_len = EVP_CIPHER_CTX_iv_length(ctx);

    GetCipher(self, ctx);

#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
    return (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
#else
    return Qfalse;
#endif


    GetCipher(self, ctx);

    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
	ossl_raise(eCipherError, "authentication tag not supported by this cipher");

    ret = rb_str_new(NULL, tag_len);

    tag_len = RSTRING_LENINT(vtag);

    GetCipher(self, ctx);
    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
	ossl_raise(eCipherError, "authentication tag not supported by this cipher");

    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))

    EVP_CIPHER_CTX *ctx;

    GetCipher(self, ctx);
    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
	ossl_raise(eCipherError, "AEAD not supported by this cipher");

    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))

    EVP_CIPHER_CTX *ctx;

    GetCipher(self, ctx);
    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
	ossl_raise(eCipherError, "cipher does not support AEAD");

    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))


    GetCipher(self, ctx);
#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
	len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
#endif
    if (!len)




#define OSSL_ENGINE_LOAD_IF_MATCH(x) \
do{\
  if(!strcmp(#x, RSTRING_PTR(name))){\
    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL); \
    return Qtrue;\
  }\
}while(0)

    StringValueCStr(name);
#ifndef OPENSSL_NO_STATIC_ENGINE
#if HAVE_ENGINE_LOAD_DYNAMIC
    OSSL_ENGINE_LOAD_IF_MATCH(DYNAMIC);
#endif
#if HAVE_ENGINE_LOAD_4758CCA
    OSSL_ENGINE_LOAD_IF_MATCH(4758cca);

    OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
#endif
#if HAVE_ENGINE_LOAD_PADLOCK
    OSSL_ENGINE_LOAD_IF_MATCH(PADLOCK);
#endif
#if HAVE_ENGINE_LOAD_CAPI
    OSSL_ENGINE_LOAD_IF_MATCH(CAPI);
#endif
#if HAVE_ENGINE_LOAD_GMP
    OSSL_ENGINE_LOAD_IF_MATCH(gmp);

    OSSL_ENGINE_LOAD_IF_MATCH(gost);
#endif
#if HAVE_ENGINE_LOAD_CRYPTODEV
    OSSL_ENGINE_LOAD_IF_MATCH(CRYPTODEV);
#endif
#if HAVE_ENGINE_LOAD_AESNI
    OSSL_ENGINE_LOAD_IF_MATCH(aesni);

#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
    OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
#endif
    OSSL_ENGINE_LOAD_IF_MATCH(OPENSSL);
    rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
    return Qnil;
#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */

static VALUE
ossl_engine_s_cleanup(VALUE self)
{
    ENGINE_cleanup();
    return Qnil;
}


Lines 478-484 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_x509cert.c (-2 / +2 lines)
478		478
479	GetX509(self, x509);	479	GetX509(self, x509);
480	asn1time = ossl_x509_time_adjust(NULL, time);	480	asn1time = ossl_x509_time_adjust(NULL, time);
481	if (!X509_set_notBefore(x509, asn1time)) {	481	if (!X509_set1_notBefore(x509, asn1time)) {
482	ASN1_TIME_free(asn1time);	482	ASN1_TIME_free(asn1time);
483	ossl_raise(eX509CertError, "X509_set_notBefore");	483	ossl_raise(eX509CertError, "X509_set_notBefore");
484	}	484	}
Lines 517-523 Link Here
517		517
518	GetX509(self, x509);	518	GetX509(self, x509);
519	asn1time = ossl_x509_time_adjust(NULL, time);	519	asn1time = ossl_x509_time_adjust(NULL, time);
520	if (!X509_set_notAfter(x509, asn1time)) {	520	if (!X509_set1_notAfter(x509, asn1time)) {
521	ASN1_TIME_free(asn1time);	521	ASN1_TIME_free(asn1time);
522	ossl_raise(eX509CertError, "X509_set_notAfter");	522	ossl_raise(eX509CertError, "X509_set_notAfter");
523	}	523	}

Lines 237-243 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_x509crl.c (-2 / +2 lines)
237		237
238	GetX509CRL(self, crl);	238	GetX509CRL(self, crl);
239	asn1time = ossl_x509_time_adjust(NULL, time);	239	asn1time = ossl_x509_time_adjust(NULL, time);
240	if (!X509_CRL_set_lastUpdate(crl, asn1time)) {	240	if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
241	ASN1_TIME_free(asn1time);	241	ASN1_TIME_free(asn1time);
242	ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");	242	ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
243	}	243	}
Lines 264-270 Link Here
264		264
265	GetX509CRL(self, crl);	265	GetX509CRL(self, crl);
266	asn1time = ossl_x509_time_adjust(NULL, time);	266	asn1time = ossl_x509_time_adjust(NULL, time);
267	if (!X509_CRL_set_nextUpdate(crl, asn1time)) {	267	if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
268	ASN1_TIME_free(asn1time);	268	ASN1_TIME_free(asn1time);
269	ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");	269	ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
270	}	270	}

Return to bug 614760

Lines 1010-1019 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl.c (-5 / +3 lines)
1010	*/	1010	*/
1011	/* CRYPTO_malloc_init(); */	1011	/* CRYPTO_malloc_init(); */
1012	/* ENGINE_load_builtin_engines(); */	1012	/* ENGINE_load_builtin_engines(); */
1013	OpenSSL_add_ssl_algorithms();	1013
1014	OpenSSL_add_all_algorithms();	1014	OPENSSL_init_ssl(0, NULL);
1015	ERR_load_crypto_strings();
1016	SSL_load_error_strings();
1017		1015
1018	/*	1016	/*
1019	* FIXME:	1017	* FIXME:
Lines 1048-1054 Link Here
1048	/*	1046	/*
1049	* Version of OpenSSL the ruby OpenSSL extension is running with	1047	* Version of OpenSSL the ruby OpenSSL extension is running with
1050	*/	1048	*/
1051	rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));	1049	rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
1052		1050
1053	/*	1051	/*
1054	* Version number of OpenSSL the ruby OpenSSL extension was built with	1052	* Version number of OpenSSL the ruby OpenSSL extension was built with

Lines 513-520 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_cipher.c (-8 / +8 lines)
513	GetCipher(self, ctx);	513	GetCipher(self, ctx);
514		514
515	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)	515	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
516	if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)	516	if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
517	iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);	517	iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
518	#endif	518	#endif
519	if (!iv_len)	519	if (!iv_len)
520	iv_len = EVP_CIPHER_CTX_iv_length(ctx);	520	iv_len = EVP_CIPHER_CTX_iv_length(ctx);
Lines 542-548 Link Here
542	GetCipher(self, ctx);	542	GetCipher(self, ctx);
543		543
544	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)	544	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
545	return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;	545	return (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
546	#else	546	#else
547	return Qfalse;	547	return Qfalse;
548	#endif	548	#endif
Lines 617-623 Link Here
617		617
618	GetCipher(self, ctx);	618	GetCipher(self, ctx);
619		619
620	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	620	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
621	ossl_raise(eCipherError, "authentication tag not supported by this cipher");	621	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
622		622
623	ret = rb_str_new(NULL, tag_len);	623	ret = rb_str_new(NULL, tag_len);
Lines 654-660 Link Here
654	tag_len = RSTRING_LENINT(vtag);	654	tag_len = RSTRING_LENINT(vtag);
655		655
656	GetCipher(self, ctx);	656	GetCipher(self, ctx);
657	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	657	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
658	ossl_raise(eCipherError, "authentication tag not supported by this cipher");	658	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
659		659
660	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))	660	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
Lines 681-687 Link Here
681	EVP_CIPHER_CTX *ctx;	681	EVP_CIPHER_CTX *ctx;
682		682
683	GetCipher(self, ctx);	683	GetCipher(self, ctx);
684	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	684	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
685	ossl_raise(eCipherError, "AEAD not supported by this cipher");	685	ossl_raise(eCipherError, "AEAD not supported by this cipher");
686		686
687	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))	687	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
Lines 708-714 Link Here
708	EVP_CIPHER_CTX *ctx;	708	EVP_CIPHER_CTX *ctx;
709		709
710	GetCipher(self, ctx);	710	GetCipher(self, ctx);
711	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	711	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
712	ossl_raise(eCipherError, "cipher does not support AEAD");	712	ossl_raise(eCipherError, "cipher does not support AEAD");
713		713
714	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))	714	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
Lines 807-813 Link Here
807		807
808	GetCipher(self, ctx);	808	GetCipher(self, ctx);
809	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)	809	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
810	if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)	810	if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
811	len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);	811	len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
812	#endif	812	#endif
813	if (!len)	813	if (!len)

Lines 53-59 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_engine.c (-7 / +6 lines)
53	#define OSSL_ENGINE_LOAD_IF_MATCH(x) \	53	#define OSSL_ENGINE_LOAD_IF_MATCH(x) \
54	do{\	54	do{\
55	if(!strcmp(#x, RSTRING_PTR(name))){\	55	if(!strcmp(#x, RSTRING_PTR(name))){\
56	ENGINE_load_##x();\	56	OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL); \
57	return Qtrue;\	57	return Qtrue;\
58	}\	58	}\
59	}while(0)	59	}while(0)
Lines 99-105 Link Here
99	StringValueCStr(name);	99	StringValueCStr(name);
100	#ifndef OPENSSL_NO_STATIC_ENGINE	100	#ifndef OPENSSL_NO_STATIC_ENGINE
101	#if HAVE_ENGINE_LOAD_DYNAMIC	101	#if HAVE_ENGINE_LOAD_DYNAMIC
102	OSSL_ENGINE_LOAD_IF_MATCH(dynamic);	102	OSSL_ENGINE_LOAD_IF_MATCH(DYNAMIC);
103	#endif	103	#endif
104	#if HAVE_ENGINE_LOAD_4758CCA	104	#if HAVE_ENGINE_LOAD_4758CCA
105	OSSL_ENGINE_LOAD_IF_MATCH(4758cca);	105	OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
Lines 126-135 Link Here
126	OSSL_ENGINE_LOAD_IF_MATCH(ubsec);	126	OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
127	#endif	127	#endif
128	#if HAVE_ENGINE_LOAD_PADLOCK	128	#if HAVE_ENGINE_LOAD_PADLOCK
129	OSSL_ENGINE_LOAD_IF_MATCH(padlock);	129	OSSL_ENGINE_LOAD_IF_MATCH(PADLOCK);
130	#endif	130	#endif
131	#if HAVE_ENGINE_LOAD_CAPI	131	#if HAVE_ENGINE_LOAD_CAPI
132	OSSL_ENGINE_LOAD_IF_MATCH(capi);	132	OSSL_ENGINE_LOAD_IF_MATCH(CAPI);
133	#endif	133	#endif
134	#if HAVE_ENGINE_LOAD_GMP	134	#if HAVE_ENGINE_LOAD_GMP
135	OSSL_ENGINE_LOAD_IF_MATCH(gmp);	135	OSSL_ENGINE_LOAD_IF_MATCH(gmp);
Lines 138-144 Link Here
138	OSSL_ENGINE_LOAD_IF_MATCH(gost);	138	OSSL_ENGINE_LOAD_IF_MATCH(gost);
139	#endif	139	#endif
140	#if HAVE_ENGINE_LOAD_CRYPTODEV	140	#if HAVE_ENGINE_LOAD_CRYPTODEV
141	OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);	141	OSSL_ENGINE_LOAD_IF_MATCH(CRYPTODEV);
142	#endif	142	#endif
143	#if HAVE_ENGINE_LOAD_AESNI	143	#if HAVE_ENGINE_LOAD_AESNI
144	OSSL_ENGINE_LOAD_IF_MATCH(aesni);	144	OSSL_ENGINE_LOAD_IF_MATCH(aesni);
Lines 147-153 Link Here
147	#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO	147	#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
148	OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);	148	OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
149	#endif	149	#endif
150	OSSL_ENGINE_LOAD_IF_MATCH(openssl);	150	OSSL_ENGINE_LOAD_IF_MATCH(OPENSSL);
151	rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);	151	rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
152	return Qnil;	152	return Qnil;
153	#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */	153	#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
Lines 165-171 Link Here
165	static VALUE	165	static VALUE
166	ossl_engine_s_cleanup(VALUE self)	166	ossl_engine_s_cleanup(VALUE self)
167	{	167	{
168	ENGINE_cleanup();
169	return Qnil;	168	return Qnil;
170	}	169	}
171		170