Attachment #498654 for bug #614760

Lines 1010-1019 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl.c (+8 lines)
1010	*/	1010	*/
1011	/* CRYPTO_malloc_init(); */	1011	/* CRYPTO_malloc_init(); */
1012	/* ENGINE_load_builtin_engines(); */	1012	/* ENGINE_load_builtin_engines(); */
		1013	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		1014	OPENSSL_init_ssl(0, NULL);
		1015	#else
1013	OpenSSL_add_ssl_algorithms();	1016	OpenSSL_add_ssl_algorithms();
1014	OpenSSL_add_all_algorithms();	1017	OpenSSL_add_all_algorithms();
1015	ERR_load_crypto_strings();	1018	ERR_load_crypto_strings();
1016	SSL_load_error_strings();	1019	SSL_load_error_strings();
		1020	#endif
1017		1021
1018	/*	1022	/*
1019	* FIXME:	1023	* FIXME:
Lines 1048-1054 Link Here
1048	/*	1052	/*
1049	* Version of OpenSSL the ruby OpenSSL extension is running with	1053	* Version of OpenSSL the ruby OpenSSL extension is running with
1050	*/	1054	*/
		1055	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		1056	rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
		1057	#else
1051	rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));	1058	rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
		1059	#endif
1052		1060
1053	/*	1061	/*
1054	* Version number of OpenSSL the ruby OpenSSL extension was built with	1062	* Version number of OpenSSL the ruby OpenSSL extension was built with

Lines 35-40 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl.h (+7 lines)
35	#if !defined(OPENSSL_NO_OCSP)	35	#if !defined(OPENSSL_NO_OCSP)
36	# include <openssl/ocsp.h>	36	# include <openssl/ocsp.h>
37	#endif	37	#endif
		38	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		39	# include <openssl/bn.h>
		40	# include <openssl/rsa.h>
		41	# include <openssl/dsa.h>
		42	# include <openssl/evp.h>
		43	# include <openssl/dh.h>
		44	#endif
38		45
39	/*	46	/*
40	* Common Module	47	* Common Module

Lines 513-519 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_cipher.c (+28 lines)
513	GetCipher(self, ctx);	513	GetCipher(self, ctx);
514		514
515	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)	515	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
		516	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		517	if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
		518	#else
516	if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)	519	if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
		520	#endif
517	iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);	521	iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
518	#endif	522	#endif
519	if (!iv_len)	523	if (!iv_len)
Lines 542-548 Link Here
542	GetCipher(self, ctx);	546	GetCipher(self, ctx);
543		547
544	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)	548	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
		549	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		550	return (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
		551	#else
545	return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;	552	return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
		553	#endif
546	#else	554	#else
547	return Qfalse;	555	return Qfalse;
548	#endif	556	#endif
Lines 617-623 Link Here
617		625
618	GetCipher(self, ctx);	626	GetCipher(self, ctx);
619		627
		628	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		629	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
		630	#else
620	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	631	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
		632	#endif
621	ossl_raise(eCipherError, "authentication tag not supported by this cipher");	633	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
622		634
623	ret = rb_str_new(NULL, tag_len);	635	ret = rb_str_new(NULL, tag_len);
Lines 654-660 Link Here
654	tag_len = RSTRING_LENINT(vtag);	666	tag_len = RSTRING_LENINT(vtag);
655		667
656	GetCipher(self, ctx);	668	GetCipher(self, ctx);
		669	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		670	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
		671	#else
657	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	672	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
		673	#endif
658	ossl_raise(eCipherError, "authentication tag not supported by this cipher");	674	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
659		675
660	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))	676	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
Lines 681-687 Link Here
681	EVP_CIPHER_CTX *ctx;	697	EVP_CIPHER_CTX *ctx;
682		698
683	GetCipher(self, ctx);	699	GetCipher(self, ctx);
		700	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		701	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
		702	#else
684	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	703	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
		704	#endif
685	ossl_raise(eCipherError, "AEAD not supported by this cipher");	705	ossl_raise(eCipherError, "AEAD not supported by this cipher");
686		706
687	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))	707	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
Lines 708-714 Link Here
708	EVP_CIPHER_CTX *ctx;	728	EVP_CIPHER_CTX *ctx;
709		729
710	GetCipher(self, ctx);	730	GetCipher(self, ctx);
		731	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		732	if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
		733	#else
711	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))	734	if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
		735	#endif
712	ossl_raise(eCipherError, "cipher does not support AEAD");	736	ossl_raise(eCipherError, "cipher does not support AEAD");
713		737
714	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))	738	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
Lines 807-813 Link Here
807		831
808	GetCipher(self, ctx);	832	GetCipher(self, ctx);
809	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)	833	#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
		834	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		835	if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
		836	#else
810	if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)	837	if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
		838	#endif
811	len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);	839	len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
812	#endif	840	#endif
813	if (!len)	841	if (!len)

Lines 50-55 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_engine.c (+32 lines)
50	/*	50	/*
51	* Private	51	* Private
52	*/	52	*/
		53	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		54	#define OSSL_ENGINE_LOAD_IF_MATCH(x) \
		55	do{\
		56	if(!strcmp(#x, RSTRING_PTR(name))){\
		57	OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL); \
		58	return Qtrue;\
		59	}\
		60	}while(0)
		61	#else
53	#define OSSL_ENGINE_LOAD_IF_MATCH(x) \	62	#define OSSL_ENGINE_LOAD_IF_MATCH(x) \
54	do{\	63	do{\
55	if(!strcmp(#x, RSTRING_PTR(name))){\	64	if(!strcmp(#x, RSTRING_PTR(name))){\
Lines 57-62 Link Here
57	return Qtrue;\	66	return Qtrue;\
58	}\	67	}\
59	}while(0)	68	}while(0)
		69	#endif
60		70
61	static void	71	static void
62	ossl_engine_free(void *engine)	72	ossl_engine_free(void *engine)
Lines 99-106 Link Here
99	StringValueCStr(name);	109	StringValueCStr(name);
100	#ifndef OPENSSL_NO_STATIC_ENGINE	110	#ifndef OPENSSL_NO_STATIC_ENGINE
101	#if HAVE_ENGINE_LOAD_DYNAMIC	111	#if HAVE_ENGINE_LOAD_DYNAMIC
		112	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		113	OSSL_ENGINE_LOAD_IF_MATCH(DYNAMIC);
		114	#else
102	OSSL_ENGINE_LOAD_IF_MATCH(dynamic);	115	OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
103	#endif	116	#endif
		117	#endif
104	#if HAVE_ENGINE_LOAD_4758CCA	118	#if HAVE_ENGINE_LOAD_4758CCA
105	OSSL_ENGINE_LOAD_IF_MATCH(4758cca);	119	OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
106	#endif	120	#endif
Lines 126-136 Link Here
126	OSSL_ENGINE_LOAD_IF_MATCH(ubsec);	140	OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
127	#endif	141	#endif
128	#if HAVE_ENGINE_LOAD_PADLOCK	142	#if HAVE_ENGINE_LOAD_PADLOCK
		143	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		144	OSSL_ENGINE_LOAD_IF_MATCH(PADLOCK);
		145	#else
129	OSSL_ENGINE_LOAD_IF_MATCH(padlock);	146	OSSL_ENGINE_LOAD_IF_MATCH(padlock);
130	#endif	147	#endif
		148	#endif
131	#if HAVE_ENGINE_LOAD_CAPI	149	#if HAVE_ENGINE_LOAD_CAPI
		150	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		151	OSSL_ENGINE_LOAD_IF_MATCH(CAPI);
		152	#else
132	OSSL_ENGINE_LOAD_IF_MATCH(capi);	153	OSSL_ENGINE_LOAD_IF_MATCH(capi);
133	#endif	154	#endif
		155	#endif
134	#if HAVE_ENGINE_LOAD_GMP	156	#if HAVE_ENGINE_LOAD_GMP
135	OSSL_ENGINE_LOAD_IF_MATCH(gmp);	157	OSSL_ENGINE_LOAD_IF_MATCH(gmp);
136	#endif	158	#endif
Lines 138-145 Link Here
138	OSSL_ENGINE_LOAD_IF_MATCH(gost);	160	OSSL_ENGINE_LOAD_IF_MATCH(gost);
139	#endif	161	#endif
140	#if HAVE_ENGINE_LOAD_CRYPTODEV	162	#if HAVE_ENGINE_LOAD_CRYPTODEV
		163	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		164	OSSL_ENGINE_LOAD_IF_MATCH(CRYPTODEV);
		165	#else
141	OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);	166	OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);
142	#endif	167	#endif
		168	#endif
143	#if HAVE_ENGINE_LOAD_AESNI	169	#if HAVE_ENGINE_LOAD_AESNI
144	OSSL_ENGINE_LOAD_IF_MATCH(aesni);	170	OSSL_ENGINE_LOAD_IF_MATCH(aesni);
145	#endif	171	#endif
Lines 147-153 Link Here
147	#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO	173	#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
148	OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);	174	OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
149	#endif	175	#endif
		176	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		177	OSSL_ENGINE_LOAD_IF_MATCH(OPENSSL);
		178	#else
150	OSSL_ENGINE_LOAD_IF_MATCH(openssl);	179	OSSL_ENGINE_LOAD_IF_MATCH(openssl);
		180	#endif
151	rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);	181	rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
152	return Qnil;	182	return Qnil;
153	#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */	183	#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
Lines 165-171 Link Here
165	static VALUE	195	static VALUE
166	ossl_engine_s_cleanup(VALUE self)	196	ossl_engine_s_cleanup(VALUE self)
167	{	197	{
		198	#if defined(LIBRESSL_VERSION_NUMBER) \|\| (OPENSSL_VERSION_NUMBER < 0x10100000L)
168	ENGINE_cleanup();	199	ENGINE_cleanup();
		200	#endif
169	return Qnil;	201	return Qnil;
170	}	202	}
171		203

Lines 478-484 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_x509cert.c (+8 lines)
478		478
479	GetX509(self, x509);	479	GetX509(self, x509);
480	asn1time = ossl_x509_time_adjust(NULL, time);	480	asn1time = ossl_x509_time_adjust(NULL, time);
		481	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		482	if (!X509_set1_notBefore(x509, asn1time)) {
		483	#else
481	if (!X509_set_notBefore(x509, asn1time)) {	484	if (!X509_set_notBefore(x509, asn1time)) {
		485	#endif
482	ASN1_TIME_free(asn1time);	486	ASN1_TIME_free(asn1time);
483	ossl_raise(eX509CertError, "X509_set_notBefore");	487	ossl_raise(eX509CertError, "X509_set_notBefore");
484	}	488	}
Lines 517-523 Link Here
517		521
518	GetX509(self, x509);	522	GetX509(self, x509);
519	asn1time = ossl_x509_time_adjust(NULL, time);	523	asn1time = ossl_x509_time_adjust(NULL, time);
		524	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		525	if (!X509_set1_notAfter(x509, asn1time)) {
		526	#else
520	if (!X509_set_notAfter(x509, asn1time)) {	527	if (!X509_set_notAfter(x509, asn1time)) {
		528	#endif
521	ASN1_TIME_free(asn1time);	529	ASN1_TIME_free(asn1time);
522	ossl_raise(eX509CertError, "X509_set_notAfter");	530	ossl_raise(eX509CertError, "X509_set_notAfter");
523	}	531	}

Lines 237-243 Link Here

(-)ruby-2.4.2-orig/ext/openssl/ossl_x509crl.c (+8 lines)
237		237
238	GetX509CRL(self, crl);	238	GetX509CRL(self, crl);
239	asn1time = ossl_x509_time_adjust(NULL, time);	239	asn1time = ossl_x509_time_adjust(NULL, time);
		240	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		241	if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
		242	#else
240	if (!X509_CRL_set_lastUpdate(crl, asn1time)) {	243	if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
		244	#endif
241	ASN1_TIME_free(asn1time);	245	ASN1_TIME_free(asn1time);
242	ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");	246	ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
243	}	247	}
Lines 264-270 Link Here
264		268
265	GetX509CRL(self, crl);	269	GetX509CRL(self, crl);
266	asn1time = ossl_x509_time_adjust(NULL, time);	270	asn1time = ossl_x509_time_adjust(NULL, time);
		271	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
		272	if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
		273	#else
267	if (!X509_CRL_set_nextUpdate(crl, asn1time)) {	274	if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
		275	#endif
268	ASN1_TIME_free(asn1time);	276	ASN1_TIME_free(asn1time);
269	ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");	277	ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
270	}	278	}

Return to bug 614760