summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-05-25 08:50:03 +0000
committerrhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-05-25 08:50:03 +0000
commitcf2792d59191424ee7875b5cc96fe31facce2471 (patch)
tree9a364fd7aab34a08b49427759776060aa4b3afbf
parent0766b8af2a3348acbce1b8b6ccf9a5e68f29fb8b (diff)
openssl: drop OpenSSL 0.9.6/0.9.7 support
* ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55162 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog4
-rw-r--r--ext/openssl/deprecation.rb8
-rw-r--r--ext/openssl/extconf.rb134
-rw-r--r--ext/openssl/lib/openssl/ssl.rb9
-rw-r--r--ext/openssl/openssl_missing.c318
-rw-r--r--ext/openssl/openssl_missing.h166
-rw-r--r--ext/openssl/ossl.c4
-rw-r--r--ext/openssl/ossl.h21
-rw-r--r--ext/openssl/ossl_asn1.c71
-rw-r--r--ext/openssl/ossl_cipher.c10
-rw-r--r--ext/openssl/ossl_engine.c24
-rw-r--r--ext/openssl/ossl_ocsp.c4
-rw-r--r--ext/openssl/ossl_ocsp.h2
-rw-r--r--ext/openssl/ossl_pkcs5.c4
-rw-r--r--ext/openssl/ossl_pkcs7.c24
-rw-r--r--ext/openssl/ossl_pkey.c15
-rw-r--r--ext/openssl/ossl_pkey.h4
-rw-r--r--ext/openssl/ossl_pkey_dh.c11
-rw-r--r--ext/openssl/ossl_pkey_dsa.c22
-rw-r--r--ext/openssl/ossl_pkey_ec.c2
-rw-r--r--ext/openssl/ossl_pkey_rsa.c6
-rw-r--r--ext/openssl/ossl_ssl.c20
-rw-r--r--ext/openssl/ossl_ssl_session.c7
-rw-r--r--ext/openssl/ossl_x509.c10
-rw-r--r--ext/openssl/ossl_x509attr.c14
-rw-r--r--ext/openssl/ossl_x509ext.c13
-rw-r--r--ext/openssl/ossl_x509store.c29
-rw-r--r--test/openssl/test_cipher.rb62
-rw-r--r--test/openssl/test_pkcs7.rb6
-rw-r--r--test/openssl/test_ssl.rb6
-rw-r--r--test/openssl/test_ssl_session.rb15
-rw-r--r--test/openssl/test_x509store.rb2
32 files changed, 173 insertions, 874 deletions
diff --git a/ChangeLog b/ChangeLog
index aa1da0ffc5..d06c00c651 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed May 25 17:45:15 2016 Kazuki Yamaguchi <k@rhe.jp>
+
+ * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support.
+
Wed May 25 17:43:30 2016 Kazuki Yamaguchi <k@rhe.jp>
* ext/openssl/openssl_missing.h, ext/openssl/ossl.h: Remove
diff --git a/ext/openssl/deprecation.rb b/ext/openssl/deprecation.rb
index d77353678a..7dfc87c1c6 100644
--- a/ext/openssl/deprecation.rb
+++ b/ext/openssl/deprecation.rb
@@ -16,7 +16,11 @@ module OpenSSL
end
def self.check_func(func, header)
- have_func(func, header, deprecated_warning_flag) and
- have_header(header, nil, deprecated_warning_flag)
+ have_func(func, header, deprecated_warning_flag)
+ end
+
+ def self.check_func_or_macro(func, header)
+ check_func(func, header) or
+ have_macro(func, header) && $defs.push("-DHAVE_#{func.upcase}")
end
end
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 39543f30b5..14daae9786 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -19,12 +19,15 @@ dir_config("kerberos")
Logging::message "=== OpenSSL for Ruby configurator ===\n"
+# Add -Werror=deprecated-declarations to $warnflags if available
+OpenSSL.deprecated_warning_flag
+
##
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
# To turn it on, use: --with-debug or --enable-debug
#
if with_config("debug") or enable_config("debug")
- $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
+ $defs.push("-DOSSL_DEBUG")
end
Logging::message "=== Checking for system dependent stuff... ===\n"
@@ -39,7 +42,6 @@ if $mingw
end
result = pkg_config("openssl") && have_header("openssl/ssl.h")
-
unless result
result = have_header("openssl/ssl.h")
result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
@@ -51,111 +53,59 @@ unless result
end
end
-unless have_header("openssl/conf_api.h")
- raise "OpenSSL 0.9.6 or later required."
+result = checking_for("OpenSSL version is 0.9.8 or later") {
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
+}
+unless result
+ raise "OpenSSL 0.9.8 or later required."
end
+
unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
end
Logging::message "=== Checking for OpenSSL features... ===\n"
-have_func("ERR_peek_last_error")
-have_func("ASN1_put_eoc")
-have_func("BN_mod_add")
-have_func("BN_mod_sqr")
-have_func("BN_mod_sub")
-have_func("BN_pseudo_rand_range")
-have_func("BN_rand_range")
-have_func("CONF_get1_default_config_file")
-have_func("EVP_CIPHER_CTX_copy")
-have_func("EVP_CIPHER_CTX_set_padding")
-have_func("EVP_CipherFinal_ex")
-have_func("EVP_CipherInit_ex")
-have_func("EVP_DigestFinal_ex")
-have_func("EVP_DigestInit_ex")
-have_func("EVP_MD_CTX_cleanup")
-have_func("EVP_MD_CTX_create")
-have_func("EVP_MD_CTX_destroy")
-have_func("EVP_MD_CTX_init")
-have_func("HMAC_CTX_cleanup")
-have_func("HMAC_CTX_copy")
-have_func("HMAC_CTX_init")
-have_func("PEM_def_callback")
-have_func("PKCS5_PBKDF2_HMAC")
-have_func("PKCS5_PBKDF2_HMAC_SHA1")
-have_func("RAND_egd")
-have_func("X509V3_set_nconf")
-have_func("X509V3_EXT_nconf_nid")
-have_func("X509_CRL_add0_revoked")
-have_func("X509_CRL_set_issuer_name")
-have_func("X509_CRL_set_version")
-have_func("X509_CRL_sort")
-have_func("X509_NAME_hash_old")
-have_func("X509_STORE_get_ex_data")
-have_func("X509_STORE_set_ex_data")
-have_func("OBJ_NAME_do_all_sorted")
-have_func("SSL_SESSION_get_id")
-have_func("SSL_SESSION_cmp")
-have_func("OPENSSL_cleanse")
-unless have_macro("OPENSSL_NO_SSL2","openssl/opensslconf.h")
+# compile options
+
+# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
+# exist even if compiled with no-ssl2 or no-ssl3-method.
+unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
have_func("SSLv2_method")
- have_func("SSLv2_server_method")
- have_func("SSLv2_client_method")
end
-unless have_macro("OPENSSL_NO_SSL3_METHOD","openssl/opensslconf.h")
+unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
have_func("SSLv3_method")
- have_func("SSLv3_server_method")
- have_func("SSLv3_client_method")
end
have_func("TLSv1_1_method")
-have_func("TLSv1_1_server_method")
-have_func("TLSv1_1_client_method")
have_func("TLSv1_2_method")
-have_func("TLSv1_2_server_method")
-have_func("TLSv1_2_client_method")
-have_func("SSL_CTX_set_alpn_select_cb")
-have_func("SSL_CTX_set_next_proto_select_cb")
-have_macro("SSL_get_server_tmp_key", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_GET_SERVER_TMP_KEY")
-unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
- have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
-end
-if have_header("openssl/engine.h")
- have_func("ENGINE_add")
- have_func("ENGINE_load_builtin_engines")
- have_func("ENGINE_load_openbsd_dev_crypto")
- have_func("ENGINE_get_digest")
- have_func("ENGINE_get_cipher")
- have_func("ENGINE_cleanup")
- have_func("ENGINE_load_dynamic")
- have_func("ENGINE_load_4758cca")
- have_func("ENGINE_load_aep")
- have_func("ENGINE_load_atalla")
- have_func("ENGINE_load_chil")
- have_func("ENGINE_load_cswift")
- have_func("ENGINE_load_nuron")
- have_func("ENGINE_load_sureware")
- have_func("ENGINE_load_ubsec")
- have_func("ENGINE_load_padlock")
- have_func("ENGINE_load_capi")
- have_func("ENGINE_load_gmp")
- have_func("ENGINE_load_gost")
- have_func("ENGINE_load_cryptodev")
- have_func("ENGINE_load_aesni")
-end
-have_func("DH_generate_parameters_ex")
-have_func("DSA_generate_parameters_ex")
-have_func("RSA_generate_key_ex")
-if checking_for('OpenSSL version is 0.9.7 or later') {
- try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h')
- }
- have_header("openssl/ocsp.h")
-end
+have_func("RAND_egd")
+engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
+ cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
+engines.each { |name|
+ OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
+}
+
+# added in 1.0.0
+have_func("EVP_CIPHER_CTX_copy")
+have_func("HMAC_CTX_copy")
+have_func("PKCS5_PBKDF2_HMAC")
+have_func("X509_NAME_hash_old")
+have_func("SSL_SESSION_cmp") # removed
+OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
-have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
-have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
-have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
+
+# added in 1.0.1
+have_func("SSL_CTX_set_next_proto_select_cb")
have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
+# added in 1.0.2
+have_func("X509_REVOKED_dup")
+have_func("SSL_CTX_set_alpn_select_cb")
+OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
+
+# added in 1.1.0
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+
Logging::message "=== Checking done. ===\n"
create_header
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index 9893757011..a921379abf 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -56,19 +56,16 @@ module OpenSSL
}.join(":"),
:options => -> {
opts = OpenSSL::SSL::OP_ALL
- opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+ opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
- opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
- opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
+ opts |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
opts
}.call
}
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
DEFAULT_CERT_STORE.set_default_paths
- if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
- end
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 31f2d0a5f9..7b00ae4d8c 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -9,93 +9,18 @@
*/
#include RUBY_EXTCONF_H
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
+#include <string.h> /* memcpy() */
+#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif
-#include <openssl/x509_vfy.h>
-
#if !defined(OPENSSL_NO_HMAC)
-#include <string.h> /* memcpy() */
-#include <openssl/hmac.h>
-
-#include "openssl_missing.h"
-
-#if !defined(HAVE_HMAC_CTX_COPY)
-void
-HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
-{
- if (!out || !in) return;
- memcpy(out, in, sizeof(HMAC_CTX));
-
- EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
- EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
- EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
-}
-#endif /* HAVE_HMAC_CTX_COPY */
-#endif /* NO_HMAC */
-
-#if !defined(HAVE_EVP_MD_CTX_CREATE)
-EVP_MD_CTX *
-EVP_MD_CTX_create(void)
-{
- EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
- if (!ctx) return NULL;
-
- memset(ctx, 0, sizeof(EVP_MD_CTX));
-
- return ctx;
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
-int
-EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
-{
- /* FIXME!!! */
- memset(ctx, 0, sizeof(EVP_MD_CTX));
-
- return 1;
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_DESTROY)
-void
-EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-{
- EVP_MD_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
-}
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_INIT)
-void
-EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-{
- memset(ctx, 0, sizeof(EVP_MD_CTX));
-}
-#endif
-
-#if !defined(HAVE_HMAC_CTX_INIT)
-void
-HMAC_CTX_init(HMAC_CTX *ctx)
-{
- EVP_MD_CTX_init(&ctx->i_ctx);
- EVP_MD_CTX_init(&ctx->o_ctx);
- EVP_MD_CTX_init(&ctx->md_ctx);
-}
+# include <openssl/hmac.h>
#endif
+#include <openssl/x509_vfy.h>
-#if !defined(HAVE_HMAC_CTX_CLEANUP)
-void
-HMAC_CTX_cleanup(HMAC_CTX *ctx)
-{
- EVP_MD_CTX_cleanup(&ctx->i_ctx);
- EVP_MD_CTX_cleanup(&ctx->o_ctx);
- EVP_MD_CTX_cleanup(&ctx->md_ctx);
- memset(ctx, 0, sizeof(HMAC_CTX));
-}
-#endif
+#include "openssl_missing.h"
+/* added in 1.0.0 */
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
/*
* this function does not exist in OpenSSL yet... or ever?.
@@ -103,11 +28,11 @@ HMAC_CTX_cleanup(HMAC_CTX *ctx)
* tested on 0.9.7d.
*/
int
-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
+EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
-#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE)
if (in->engine) ENGINE_add(out->engine);
if (in->cipher_data) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
@@ -119,222 +44,17 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
}
#endif
-#if !defined(HAVE_X509_CRL_SET_VERSION)
-int
-X509_CRL_set_version(X509_CRL *x, long version)
-{
- if (x == NULL || x->crl == NULL) return 0;
- if (x->crl->version == NULL) {
- x->crl->version = M_ASN1_INTEGER_new();
- if (x->crl->version == NULL) return 0;
- }
- return ASN1_INTEGER_set(x->crl->version, version);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
-int
-X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
-{
- if (x == NULL || x->crl == NULL) return 0;
- return X509_NAME_set(&x->crl->issuer, name);
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_SORT)
-int
-X509_CRL_sort(X509_CRL *c)
-{
- int i;
- X509_REVOKED *r;
- /* sort the data so it will be written in serial
- * number order */
- sk_X509_REVOKED_sort(c->crl->revoked);
- for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++) {
- r=sk_X509_REVOKED_value(c->crl->revoked, i);
- r->sequence=i;
- }
- return 1;
-}
-#endif
-
-#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
-static int
-OSSL_X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
-{
- return(ASN1_STRING_cmp(
- (ASN1_STRING *)(*a)->serialNumber,
- (ASN1_STRING *)(*b)->serialNumber));
-}
-
-int
-X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
-{
- X509_CRL_INFO *inf;
-
- inf = crl->crl;
- if (!inf->revoked)
- inf->revoked = sk_X509_REVOKED_new(OSSL_X509_REVOKED_cmp);
- if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev))
- return 0;
- return 1;
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_SQR)
-int
-BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_sqr(r, (BIGNUM*)a, ctx)) return 0;
- return BN_mod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD) || !defined(HAVE_BN_MOD_SUB)
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-{
- if (!BN_mod(r,m,d,ctx)) return 0;
- if (!r->neg) return 1;
- return (d->neg ? BN_sub : BN_add)(r, r, d);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD)
-int
-BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_add(r, a, b)) return 0;
- return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_MOD_SUB)
-int
-BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-{
- if (!BN_sub(r, a, b)) return 0;
- return BN_nnmod(r, r, m, ctx);
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE) || !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-static int
-bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
-{
- int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
- int n;
-
- if (range->neg || BN_is_zero(range)) return 0;
-
- n = BN_num_bits(range);
-
- if (n == 1) {
- if (!BN_zero(r)) return 0;
- } else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
- do {
- if (!bn_rand(r, n + 1, -1, 0)) return 0;
- if (BN_cmp(r ,range) >= 0) {
- if (!BN_sub(r, r, range)) return 0;
- if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range)) return 0;
- }
- } while (BN_cmp(r, range) >= 0);
- } else {
- do {
- if (!bn_rand(r, n, -1, 0)) return 0;
- } while (BN_cmp(r, range) >= 0);
- }
-
- return 1;
-}
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int
-BN_rand_range(BIGNUM *r, BIGNUM *range)
-{
- return bn_rand_range(0, r, range);
-}
-#endif
-
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int
-BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
-{
- return bn_rand_range(1, r, range);
-}
-#endif
-
-#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
-#define OPENSSL_CONF "openssl.cnf"
-char *
-CONF_get1_default_config_file(void)
-{
- char *file;
- int len;
-
- file = getenv("OPENSSL_CONF");
- if (file) return BUF_strdup(file);
- len = strlen(X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
- len++;
-#endif
- len += strlen(OPENSSL_CONF);
- file = OPENSSL_malloc(len + 1);
- if (!file) return NULL;
- strcpy(file,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
- strcat(file,"/");
-#endif
- strcat(file,OPENSSL_CONF);
-
- return file;
-}
-#endif
-
-#if !defined(HAVE_PEM_DEF_CALLBACK)
-#define OSSL_PASS_MIN_LENGTH 4
-int
-PEM_def_callback(char *buf, int num, int w, void *key)
+#if !defined(OPENSSL_NO_HMAC)
+#if !defined(HAVE_HMAC_CTX_COPY)
+void
+HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
- int i,j;
- const char *prompt;
-
- if (key) {
- i = strlen(key);
- i = (i > num) ? num : i;
- memcpy(buf, key, i);
- return i;
- }
-
- prompt = EVP_get_pw_prompt();
- if (prompt == NULL) prompt = "Enter PEM pass phrase:";
- for (;;) {
- i = EVP_read_pw_string(buf, num, prompt, w);
- if (i != 0) {
- memset(buf, 0, (unsigned int)num);
- return(-1);
- }
- j = strlen(buf);
- if (j < OSSL_PASS_MIN_LENGTH) {
- fprintf(stderr,
- "phrase is too short, needs to be at least %d chars\n",
- OSSL_PASS_MIN_LENGTH);
- }
- else break;
- }
- return j;
-}
-#endif
+ if (!out || !in) return;
+ memcpy(out, in, sizeof(HMAC_CTX));
-#if !defined(HAVE_ASN1_PUT_EOC)
-int
-ASN1_put_eoc(unsigned char **pp)
-{
- unsigned char *p = *pp;
- *p++ = 0;
- *p++ = 0;
- *pp = p;
- return 2;
+ EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
+ EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
+ EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
}
-#endif
+#endif /* HAVE_HMAC_CTX_COPY */
+#endif /* NO_HMAC */
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index b5bfd31eea..0f82a180ef 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -10,124 +10,22 @@
#if !defined(_OSSL_OPENSSL_MISSING_H_)
#define _OSSL_OPENSSL_MISSING_H_
-#ifndef TYPEDEF_D2I_OF
-typedef char *d2i_of_void();
-#endif
-#ifndef TYPEDEF_I2D_OF
-typedef int i2d_of_void();
-#endif
-
-/*
- * These functions are not included in headers of OPENSSL <= 0.9.6b
- */
-
-#if !defined(PEM_read_bio_DSAPublicKey)
-# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
- (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u))
-#endif
-
-#if !defined(PEM_write_bio_DSAPublicKey)
-# define PEM_write_bio_DSAPublicKey(bp,x) \
- PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\
- PEM_STRING_DSA_PUBLIC,\
- (bp),(char *)(x), NULL, NULL, 0, NULL, NULL)
-#endif
-
-#if !defined(DSAPrivateKey_dup)
-# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \
- (d2i_of_void *)d2i_DSAPrivateKey,(char *)(dsa))
-#endif
-
-#if !defined(DSAPublicKey_dup)
-# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \
- (d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa))
-#endif
-
-#if !defined(X509_REVOKED_dup)
-# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
- (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
-#endif
-
-#if !defined(PKCS7_SIGNER_INFO_dup)
-# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \
- (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)(si))
-#endif
-
-#if !defined(PKCS7_RECIP_INFO_dup)
-# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \
- (d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri))
-#endif
-
-#if !defined(HAVE_HMAC_CTX_INIT)
-void HMAC_CTX_init(HMAC_CTX *ctx);
+/* added in 1.0.0 */
+#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
#endif
#if !defined(HAVE_HMAC_CTX_COPY)
void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
#endif
-#if !defined(HAVE_HMAC_CTX_CLEANUP)
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_CREATE)
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_INIT)
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_CLEANUP)
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-#endif
-
-#if !defined(HAVE_EVP_MD_CTX_DESTROY)
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
-#endif
-
-#if !defined(HAVE_EVP_DIGESTINIT_EX)
-# define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit((ctx), (md))
-#endif
-#if !defined(HAVE_EVP_DIGESTFINAL_EX)
-# define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal((ctx), (buf), (len))
-#endif
-
-#if !defined(HAVE_EVP_CIPHERINIT_EX)
-# define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit((ctx), (type), (key), (iv), (enc))
-#endif
-#if !defined(HAVE_EVP_CIPHERFINAL_EX)
-# define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl))
-#endif
-
-#if !defined(EVP_CIPHER_name)
-# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
-#endif
-
-#if !defined(EVP_MD_name)
-# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e))
-#endif
-
-#if !defined(HAVE_EVP_HMAC_INIT_EX)
-# define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init((ctx), (key), (len), (digest))
-#endif
-
-#if !defined(PKCS7_is_detached)
-# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-#endif
-
-#if !defined(PKCS7_type_is_encrypted)
-# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-#endif
-
-#if !defined(HAVE_OPENSSL_CLEANSE)
-#define OPENSSL_cleanse(p, l) memset((p), 0, (l))
+/* added in 1.0.2 */
+#if !defined(HAVE_X509_REVOKED_DUP)
+# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \
+ (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
#endif
+/* added in 1.1.0 */
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
# define X509_STORE_get_ex_data(x, idx) \
CRYPTO_get_ex_data(&(x)->ex_data, (idx))
@@ -141,52 +39,4 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
(newf), (dupf), (freef))
#endif
-#if !defined(HAVE_X509_CRL_SET_VERSION)
-int X509_CRL_set_version(X509_CRL *x, long version);
-#endif
-
-#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME)
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-#endif
-
-#if !defined(HAVE_X509_CRL_SORT)
-int X509_CRL_sort(X509_CRL *c);
-#endif
-
-#if !defined(HAVE_X509_CRL_ADD0_REVOKED)
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-#endif
-
-#if !defined(HAVE_BN_MOD_SQR)
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_MOD_ADD)
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_MOD_SUB)
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-#endif
-
-#if !defined(HAVE_BN_RAND_RANGE)
-int BN_rand_range(BIGNUM *r, BIGNUM *range);
-#endif
-
-#if !defined(HAVE_BN_PSEUDO_RAND_RANGE)
-int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range);
-#endif
-
-#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE)
-char *CONF_get1_default_config_file(void);
-#endif
-
-#if !defined(HAVE_PEM_DEF_CALLBACK)
-int PEM_def_callback(char *buf, int num, int w, void *key);
-#endif
-
-#if !defined(HAVE_ASN1_PUT_EOC)
-int ASN1_put_eoc(unsigned char **pp);
-#endif
-
#endif /* _OSSL_OPENSSL_MISSING_H_ */
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index c06a579ce3..3654b1e851 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -339,11 +339,7 @@ ossl_make_error(VALUE exc, const char *fmt, va_list args)
const char *msg;
long e;
-#ifdef HAVE_ERR_PEEK_LAST_ERROR
e = ERR_peek_last_error();
-#else
- e = ERR_peek_error();
-#endif
if (fmt) {
str = rb_vsprintf(fmt, args);
}
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index 4a538e9b12..2317fa8b5e 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -27,11 +27,6 @@
#include <ruby/io.h>
#include <ruby/thread.h>
-/*
- * Check the OpenSSL version
- * The only supported are:
- * OpenSSL >= 0.9.7
- */
#include <openssl/opensslv.h>
#ifdef HAVE_ASSERT_H
@@ -42,7 +37,6 @@
#if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER)
# include <openssl/e_os2.h>
-# define OSSL_NO_CONF_API 1
# if !defined(OPENSSL_SYS_WIN32)
# define OPENSSL_SYS_WIN32 1
# endif
@@ -62,14 +56,10 @@
#if !defined(_WIN32)
# include <openssl/crypto.h>
#endif
-#undef X509_NAME
-#undef PKCS7_SIGNER_INFO
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE)
-# define OSSL_ENGINE_ENABLED
+#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif
-#if defined(HAVE_OPENSSL_OCSP_H)
-# define OSSL_OCSP_ENABLED
+#if !defined(OPENSSL_NO_OCSP)
# include <openssl/ocsp.h>
#endif
@@ -107,13 +97,6 @@ extern VALUE eOSSLError;
} while (0)
/*
- * Compatibility
- */
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-#define STACK _STACK
-#endif
-
-/*
* String to HEXString conversion
*/
int string2hex(const unsigned char *, int, char **, int *);
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index cae6176cca..e77adbf9f8 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -212,19 +212,6 @@ static ID sUNIVERSAL, sAPPLICATION, sCONTEXT_SPECIFIC, sPRIVATE;
static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINFINITE_LENGTH, sivUNUSED_BITS;
/*
- * We need to implement these for backward compatibility
- * reasons, behavior of ASN1_put_object and ASN1_object_size
- * for infinite length values is different in OpenSSL <= 0.9.7
- */
-#if OPENSSL_VERSION_NUMBER < 0x00908000L
-#define ossl_asn1_object_size(cons, len, tag) (cons) == 2 ? (len) + ASN1_object_size((cons), 0, (tag)) : ASN1_object_size((cons), (len), (tag))
-#define ossl_asn1_put_object(pp, cons, len, tag, xc) (cons) == 2 ? ASN1_put_object((pp), (cons), 0, (tag), (xc)) : ASN1_put_object((pp), (cons), (len), (tag), (xc))
-#else
-#define ossl_asn1_object_size(cons, len, tag) ASN1_object_size((cons), (len), (tag))
-#define ossl_asn1_put_object(pp, cons, len, tag, xc) ASN1_put_object((pp), (cons), (len), (tag), (xc))
-#endif
-
-/*
* Ruby to ASN1 converters
*/
static ASN1_BOOLEAN
@@ -233,11 +220,7 @@ obj_to_asn1bool(VALUE obj)
if (NIL_P(obj))
ossl_raise(rb_eTypeError, "Can't convert nil into Boolean");
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- return RTEST(obj) ? 0xff : 0x100;
-#else
return RTEST(obj) ? 0xff : 0x0;
-#endif
}
static ASN1_INTEGER*
@@ -778,11 +761,11 @@ ossl_asn1data_to_der(VALUE self)
if (inf_length == Qtrue) {
is_cons = 2;
}
- if((length = ossl_asn1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
+ if((length = ASN1_object_size(is_cons, RSTRING_LENINT(value), tag)) <= 0)
ossl_raise(eASN1Error, NULL);
der = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(der);
- ossl_asn1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
+ ASN1_put_object(&p, is_cons, RSTRING_LENINT(value), tag, tag_class);
memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));
p += RSTRING_LEN(value);
ossl_str_adjust(der, p);
@@ -1184,30 +1167,6 @@ ossl_asn1eoc_initialize(VALUE self) {
return self;
}
-static int
-ossl_i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **pp)
-{
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- if(!a) return 0;
- if(a->type == V_ASN1_BOOLEAN)
- return i2d_ASN1_BOOLEAN(a->value.boolean, pp);
-#endif
- return i2d_ASN1_TYPE(a, pp);
-}
-
-static void
-ossl_ASN1_TYPE_free(ASN1_TYPE *a)
-{
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- if(!a) return;
- if(a->type == V_ASN1_BOOLEAN){
- OPENSSL_free(a);
- return;
- }
-#endif
- ASN1_TYPE_free(a);
-}
-
/*
* call-seq:
* asn1.to_der => DER-encoded String
@@ -1228,22 +1187,22 @@ ossl_asn1prim_to_der(VALUE self)
explicit = ossl_asn1_is_explicit(self);
asn1 = ossl_asn1_get_asn1type(self);
- len = ossl_asn1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn);
+ len = ASN1_object_size(1, i2d_ASN1_TYPE(asn1, NULL), tn);
if(!(buf = OPENSSL_malloc(len))){
- ossl_ASN1_TYPE_free(asn1);
+ ASN1_TYPE_free(asn1);
ossl_raise(eASN1Error, "cannot alloc buffer");
}
p = buf;
if (tc == V_ASN1_UNIVERSAL) {
- ossl_i2d_ASN1_TYPE(asn1, &p);
+ i2d_ASN1_TYPE(asn1, &p);
} else if (explicit) {
- ossl_asn1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc);
- ossl_i2d_ASN1_TYPE(asn1, &p);
+ ASN1_put_object(&p, 1, i2d_ASN1_TYPE(asn1, NULL), tn, tc);
+ i2d_ASN1_TYPE(asn1, &p);
} else {
- ossl_i2d_ASN1_TYPE(asn1, &p);
+ i2d_ASN1_TYPE(asn1, &p);
*buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED);
}
- ossl_ASN1_TYPE_free(asn1);
+ ASN1_TYPE_free(asn1);
reallen = p - buf;
assert(reallen <= len);
str = ossl_buf2str((char *)buf, rb_long2int(reallen)); /* buf will be free in ossl_buf2str */
@@ -1309,19 +1268,19 @@ ossl_asn1cons_to_der(VALUE self)
explicit = ossl_asn1_is_explicit(self);
value = join_der(ossl_asn1_get_value(self));
- seq_len = ossl_asn1_object_size(constructed, RSTRING_LENINT(value), tag);
- length = ossl_asn1_object_size(constructed, seq_len, tn);
+ seq_len = ASN1_object_size(constructed, RSTRING_LENINT(value), tag);
+ length = ASN1_object_size(constructed, seq_len, tn);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);
if(tc == V_ASN1_UNIVERSAL)
- ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
+ ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
else{
if(explicit){
- ossl_asn1_put_object(&p, constructed, seq_len, tn, tc);
- ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
+ ASN1_put_object(&p, constructed, seq_len, tn, tc);
+ ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tag, V_ASN1_UNIVERSAL);
}
else{
- ossl_asn1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
+ ASN1_put_object(&p, constructed, RSTRING_LENINT(value), tn, tc);
}
}
memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value));
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index 43a8effa64..d56b3411e7 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -158,16 +158,13 @@ ossl_cipher_copy(VALUE self, VALUE other)
return self;
}
-#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
static void*
add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary)
{
rb_ary_push(ary, rb_str_new2(name->name));
return NULL;
}
-#endif
-#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED
/*
* call-seq:
* OpenSSL::Cipher.ciphers -> array[string...]
@@ -186,9 +183,6 @@ ossl_s_ciphers(VALUE self)
return ary;
}
-#else
-#define ossl_s_ciphers rb_f_notimplement
-#endif
/*
* call-seq:
@@ -723,7 +717,6 @@ ossl_cipher_set_key_length(VALUE self, VALUE key_length)
return key_length;
}
-#if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING)
/*
* call-seq:
* cipher.padding = integer -> integer
@@ -745,9 +738,6 @@ ossl_cipher_set_padding(VALUE self, VALUE padding)
ossl_raise(eCipherError, NULL);
return padding;
}
-#else
-#define ossl_cipher_set_padding rb_f_notimplement
-#endif
#define CIPHER_0ARG_INT(func) \
static VALUE \
diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c
index 48847e67ef..f84b1cfff1 100644
--- a/ext/openssl/ossl_engine.c
+++ b/ext/openssl/ossl_engine.c
@@ -9,7 +9,7 @@
*/
#include "ossl.h"
-#if defined(OSSL_ENGINE_ENABLED)
+#if !defined(OPENSSL_NO_ENGINE)
#define NewEngine(klass) \
TypedData_Wrap_Struct((klass), &ossl_engine_type, 0)
@@ -165,9 +165,7 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
static VALUE
ossl_engine_s_cleanup(VALUE self)
{
-#if defined(HAVE_ENGINE_CLEANUP)
ENGINE_cleanup();
-#endif
return Qnil;
}
@@ -296,7 +294,6 @@ ossl_engine_finish(VALUE self)
return Qnil;
}
-#if defined(HAVE_ENGINE_GET_CIPHER)
/* Document-method: OpenSSL::Engine#cipher
*
* call-seq:
@@ -329,11 +326,7 @@ ossl_engine_get_cipher(VALUE self, VALUE name)
return ossl_cipher_new(ciph);
}
-#else
-#define ossl_engine_get_cipher rb_f_notimplement
-#endif
-#if defined(HAVE_ENGINE_GET_DIGEST)
/* Document-method: OpenSSL::Engine#digest
*
* call-seq:
@@ -366,9 +359,6 @@ ossl_engine_get_digest(VALUE self, VALUE name)
return ossl_digest_new(md);
}
-#else
-#define ossl_engine_get_digest rb_f_notimplement
-#endif
/* Document-method: OpenSSL::Engine#load_private_key
*
@@ -392,11 +382,7 @@ ossl_engine_load_privkey(int argc, VALUE *argv, VALUE self)
sid = NIL_P(id) ? NULL : StringValueCStr(id);
sdata = NIL_P(data) ? NULL : StringValueCStr(data);
GetEngine(self, e);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- pkey = ENGINE_load_private_key(e, sid, sdata);
-#else
pkey = ENGINE_load_private_key(e, sid, NULL, sdata);
-#endif
if (!pkey) ossl_raise(eEngineError, NULL);
obj = ossl_pkey_new(pkey);
OSSL_PKEY_SET_PRIVATE(obj);
@@ -426,11 +412,7 @@ ossl_engine_load_pubkey(int argc, VALUE *argv, VALUE self)
sid = NIL_P(id) ? NULL : StringValueCStr(id);
sdata = NIL_P(data) ? NULL : StringValueCStr(data);
GetEngine(self, e);
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
- pkey = ENGINE_load_public_key(e, sid, sdata);
-#else
pkey = ENGINE_load_public_key(e, sid, NULL, sdata);
-#endif
if (!pkey) ossl_raise(eEngineError, NULL);
return ossl_pkey_new(pkey);
@@ -579,12 +561,8 @@ Init_ossl_engine(void)
#ifdef ENGINE_METHOD_BN_MOD_EXP_CRT
DefEngineConst(METHOD_BN_MOD_EXP_CRT);
#endif
-#ifdef ENGINE_METHOD_CIPHERS
DefEngineConst(METHOD_CIPHERS);
-#endif
-#ifdef ENGINE_METHOD_DIGESTS
DefEngineConst(METHOD_DIGESTS);
-#endif
DefEngineConst(METHOD_ALL);
DefEngineConst(METHOD_NONE);
}
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index 02b67429e6..9f44bc202b 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -10,7 +10,7 @@
*/
#include "ossl.h"
-#if defined(OSSL_OCSP_ENABLED)
+#if !defined(OPENSSL_NO_OCSP)
#define NewOCSPReq(klass) \
TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0)
@@ -1250,7 +1250,7 @@ Init_ossl_ocsp(void)
rb_define_const(mOCSP, "V_RESPID_KEY", INT2NUM(V_OCSP_RESPID_KEY));
}
-#else /* ! OSSL_OCSP_ENABLED */
+#else
void
Init_ossl_ocsp(void)
{
diff --git a/ext/openssl/ossl_ocsp.h b/ext/openssl/ossl_ocsp.h
index c5064fbc85..21e2c99a2e 100644
--- a/ext/openssl/ossl_ocsp.h
+++ b/ext/openssl/ossl_ocsp.h
@@ -11,7 +11,7 @@
#if !defined(_OSSL_OCSP_H_)
#define _OSSL_OCSP_H_
-#if defined(OSSL_OCSP_ENABLED)
+#if !defined(OPENSSL_NO_OCSP)
extern VALUE mOCSP;
extern VALUE cOPCSReq;
extern VALUE cOPCSRes;
diff --git a/ext/openssl/ossl_pkcs5.c b/ext/openssl/ossl_pkcs5.c
index 73d989e164..56ed65fb9d 100644
--- a/ext/openssl/ossl_pkcs5.c
+++ b/ext/openssl/ossl_pkcs5.c
@@ -48,7 +48,6 @@ ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALUE key
#endif
-#ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1
/*
* call-seq:
* PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen) => string
@@ -81,9 +80,6 @@ ossl_pkcs5_pbkdf2_hmac_sha1(VALUE self, VALUE pass, VALUE salt, VALUE iter, VALU
return str;
}
-#else
-#define ossl_pkcs5_pbkdf2_hmac_sha1 rb_f_notimplement
-#endif
void
Init_ossl_pkcs5(void)
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index 10332d9e6b..5b7c07de2c 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -127,6 +127,22 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = {
* Public
* (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM)
*/
+static PKCS7_SIGNER_INFO *
+ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si)
+{
+ return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
+ (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
+ (char *)si);
+}
+
+static PKCS7_RECIP_INFO *
+ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si)
+{
+ return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
+ (d2i_of_void *)d2i_PKCS7_RECIP_INFO,
+ (char *)si);
+}
+
static VALUE
ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
{
@@ -134,7 +150,7 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
VALUE obj;
obj = NewPKCS7si(cPKCS7Signer);
- pkcs7 = p7si ? PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
+ pkcs7 = p7si ? ossl_PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
SetPKCS7si(obj, pkcs7);
@@ -147,7 +163,7 @@ DupPKCS7SignerPtr(VALUE obj)
PKCS7_SIGNER_INFO *p7si, *pkcs7;
SafeGetPKCS7si(obj, p7si);
- if (!(pkcs7 = PKCS7_SIGNER_INFO_dup(p7si))) {
+ if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
ossl_raise(ePKCS7Error, NULL);
}
@@ -161,7 +177,7 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
VALUE obj;
obj = NewPKCS7ri(cPKCS7Recipient);
- pkcs7 = p7ri ? PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
+ pkcs7 = p7ri ? ossl_PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
if (!pkcs7) ossl_raise(ePKCS7Error, NULL);
SetPKCS7ri(obj, pkcs7);
@@ -174,7 +190,7 @@ DupPKCS7RecipientPtr(VALUE obj)
PKCS7_RECIP_INFO *p7ri, *pkcs7;
SafeGetPKCS7ri(obj, p7ri);
- if (!(pkcs7 = PKCS7_RECIP_INFO_dup(p7ri))) {
+ if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
ossl_raise(ePKCS7Error, NULL);
}
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index fea90d7a23..e4ae549f83 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -20,20 +20,6 @@ ID id_private_q;
/*
* callback for generating keys
*/
-void
-ossl_generate_cb(int p, int n, void *arg)
-{
- VALUE ary;
-
- ary = rb_ary_new2(2);
- rb_ary_store(ary, 0, INT2NUM(p));
- rb_ary_store(ary, 1, INT2NUM(n));
-
- rb_yield(ary);
-}
-
-#if HAVE_BN_GENCB
-/* OpenSSL 2nd version of GN generation callback */
int
ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
{
@@ -66,7 +52,6 @@ ossl_generate_cb_stop(void *ptr)
struct ossl_generate_cb_arg *arg = (struct ossl_generate_cb_arg *)ptr;
arg->stop = 1;
}
-#endif
static void
ossl_evp_pkey_free(void *ptr)
diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h
index 7288d5af7f..b806d63e15 100644
--- a/ext/openssl/ossl_pkey.h
+++ b/ext/openssl/ossl_pkey.h
@@ -40,9 +40,6 @@ extern const rb_data_type_t ossl_evp_pkey_type;
GetPKey((obj), (pkey)); \
} while (0)
-void ossl_generate_cb(int, int, void *);
-#define HAVE_BN_GENCB defined(HAVE_RSA_GENERATE_KEY_EX) || defined(HAVE_DH_GENERATE_PARAMETERS_EX) || defined(HAVE_DSA_GENERATE_PARAMETERS_EX)
-#if HAVE_BN_GENCB
struct ossl_generate_cb_arg {
int yield;
int stop;
@@ -50,7 +47,6 @@ struct ossl_generate_cb_arg {
};
int ossl_generate_cb_2(int p, int n, BN_GENCB *cb);
void ossl_generate_cb_stop(void *ptr);
-#endif
VALUE ossl_pkey_new(EVP_PKEY *);
VALUE ossl_pkey_new_from_file(VALUE);
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 19c517fd3c..fd2b80497d 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -20,7 +20,7 @@
#define DH_HAS_PRIVATE(dh) ((dh)->priv_key)
-#ifdef OSSL_ENGINE_ENABLED
+#if !defined(OPENSSL_NO_ENGINE)
# define DH_PRIVATE(dh) (DH_HAS_PRIVATE(dh) || (dh)->engine)
#else
# define DH_PRIVATE(dh) DH_HAS_PRIVATE(dh)
@@ -82,7 +82,6 @@ ossl_dh_new(EVP_PKEY *pkey)
/*
* Private
*/
-#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct dh_blocking_gen_arg {
DH *dh;
int size;
@@ -98,12 +97,10 @@ dh_blocking_gen(void *arg)
gen->result = DH_generate_parameters_ex(gen->dh, gen->size, gen->gen, gen->cb);
return 0;
}
-#endif
static DH *
dh_generate(int size, int gen)
{
-#if defined(HAVE_DH_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
BN_GENCB cb;
struct ossl_generate_cb_arg cb_arg;
struct dh_blocking_gen_arg gen_arg;
@@ -136,12 +133,6 @@ dh_generate(int size, int gen)
}
return 0;
}
-#else
- DH *dh;
-
- dh = DH_generate_parameters(size, gen, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
- if (!dh) return 0;
-#endif
if (!DH_generate_key(dh)) {
DH_free(dh);
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index 281d3a00c9..2903380964 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -76,7 +76,6 @@ ossl_dsa_new(EVP_PKEY *pkey)
/*
* Private
*/
-#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
struct dsa_blocking_gen_arg {
DSA *dsa;
int size;
@@ -95,12 +94,10 @@ dsa_blocking_gen(void *arg)
gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb);
return 0;
}
-#endif
static DSA *
dsa_generate(int size)
{
-#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB
BN_GENCB cb;
struct ossl_generate_cb_arg cb_arg;
struct dsa_blocking_gen_arg gen_arg;
@@ -145,19 +142,6 @@ dsa_generate(int size)
}
return 0;
}
-#else
- DSA *dsa;
- unsigned char seed[20];
- int seed_len = 20, counter;
- unsigned long h;
-
- if (RAND_bytes(seed, seed_len) <= 0) {
- return 0;
- }
- dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h,
- rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
- if(!dsa) return 0;
-#endif
if (!DSA_generate_key(dsa)) {
DSA_free(dsa);
@@ -246,7 +230,10 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
}
if (!dsa) {
OSSL_BIO_reset(in);
+#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+ (d2i_of_void *)d2i_DSAPublicKey, PEM_STRING_DSA_PUBLIC, (bp), (void **)(x), (cb), (u))
dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL);
+#undef PEM_read_bio_DSAPublicKey
}
BIO_free(in);
if (!dsa) {
@@ -460,7 +447,10 @@ ossl_dsa_to_public_key(VALUE self)
GetPKeyDSA(self, pkey);
/* err check performed by dsa_instance */
+#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \
+ (i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa))
dsa = DSAPublicKey_dup(pkey->pkey.dsa);
+#undef DSAPublicKey_dup
obj = dsa_instance(CLASS_OF(self), dsa);
if (obj == Qfalse) {
DSA_free(dsa);
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 9210ae48ab..958e710541 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -1658,9 +1658,7 @@ void Init_ossl_ec(void)
ID_compressed = rb_intern("compressed");
ID_hybrid = rb_intern("hybrid");
-#ifdef OPENSSL_EC_NAMED_CURVE
rb_define_const(cEC, "NAMED_CURVE", ULONG2NUM(OPENSSL_EC_NAMED_CURVE));
-#endif
rb_define_singleton_method(cEC, "builtin_curves", ossl_s_builtin_curves, 0);
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 5219dbedff..9cb50893c8 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -77,7 +77,6 @@ ossl_rsa_new(EVP_PKEY *pkey)
/*
* Private
*/
-#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
struct rsa_blocking_gen_arg {
RSA *rsa;
BIGNUM *e;
@@ -93,12 +92,10 @@ rsa_blocking_gen(void *arg)
gen->result = RSA_generate_key_ex(gen->rsa, gen->size, gen->e, gen->cb);
return 0;
}
-#endif
static RSA *
rsa_generate(int size, unsigned long exp)
{
-#if defined(HAVE_RSA_GENERATE_KEY_EX) && HAVE_BN_GENCB
int i;
BN_GENCB cb;
struct ossl_generate_cb_arg cb_arg;
@@ -149,9 +146,6 @@ rsa_generate(int size, unsigned long exp)
BN_free(e);
return rsa;
-#else
- return RSA_generate_key(size, exp, rb_block_given_p() ? ossl_generate_cb : NULL, NULL);
-#endif
}
/*
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index cf23f5c14e..c31a32f30e 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -90,26 +90,22 @@ static const struct {
OSSL_SSL_METHOD_ENTRY(TLSv1),
OSSL_SSL_METHOD_ENTRY(TLSv1_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_client),
-#if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \
- defined(HAVE_TLSV1_2_CLIENT_METHOD)
+#if defined(HAVE_TLSV1_2_METHOD)
OSSL_SSL_METHOD_ENTRY(TLSv1_2),
OSSL_SSL_METHOD_ENTRY(TLSv1_2_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_2_client),
#endif
-#if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \
- defined(HAVE_TLSV1_1_CLIENT_METHOD)
+#if defined(HAVE_TLSV1_1_METHOD)
OSSL_SSL_METHOD_ENTRY(TLSv1_1),
OSSL_SSL_METHOD_ENTRY(TLSv1_1_server),
OSSL_SSL_METHOD_ENTRY(TLSv1_1_client),
#endif
-#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
- defined(HAVE_SSLV2_CLIENT_METHOD)
+#if defined(HAVE_SSLV2_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv2),
OSSL_SSL_METHOD_ENTRY(SSLv2_server),
OSSL_SSL_METHOD_ENTRY(SSLv2_client),
#endif
-#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \
- defined(HAVE_SSLV3_CLIENT_METHOD)
+#if defined(HAVE_SSLV3_METHOD)
OSSL_SSL_METHOD_ENTRY(SSLv3),
OSSL_SSL_METHOD_ENTRY(SSLv3_server),
OSSL_SSL_METHOD_ENTRY(SSLv3_client),
@@ -2347,25 +2343,17 @@ Init_ossl_ssl(void)
ossl_ssl_def_const(OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
ossl_ssl_def_const(OP_SSLREF2_REUSE_CERT_TYPE_BUG);
ossl_ssl_def_const(OP_MICROSOFT_BIG_SSLV3_BUFFER);
-#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
ossl_ssl_def_const(OP_MSIE_SSLV2_RSA_PADDING);
-#endif
ossl_ssl_def_const(OP_SSLEAY_080_CLIENT_DH_BUG);
ossl_ssl_def_const(OP_TLS_D5_BUG);
ossl_ssl_def_const(OP_TLS_BLOCK_PADDING_BUG);
ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS);
ossl_ssl_def_const(OP_ALL);
-#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-#endif
-#if defined(SSL_OP_SINGLE_ECDH_USE)
ossl_ssl_def_const(OP_SINGLE_ECDH_USE);
-#endif
ossl_ssl_def_const(OP_SINGLE_DH_USE);
ossl_ssl_def_const(OP_EPHEMERAL_RSA);
-#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
ossl_ssl_def_const(OP_CIPHER_SERVER_PREFERENCE);
-#endif
ossl_ssl_def_const(OP_TLS_ROLLBACK_BUG);
ossl_ssl_def_const(OP_NO_SSLv2);
ossl_ssl_def_const(OP_NO_SSLv3);
diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c
index e1bbc6fb54..d40906061c 100644
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@@ -186,7 +186,6 @@ static VALUE ossl_ssl_session_set_timeout(VALUE self, VALUE time_v)
return ossl_ssl_session_get_timeout(self);
}
-#ifdef HAVE_SSL_SESSION_GET_ID
/*
* call-seq:
* session.id -> aString
@@ -205,7 +204,6 @@ static VALUE ossl_ssl_session_get_id(VALUE self)
return rb_str_new((const char *) p, i);
}
-#endif
/*
* call-seq:
@@ -316,12 +314,7 @@ void Init_ossl_ssl_session(void)
rb_define_method(cSSLSession, "time=", ossl_ssl_session_set_time, 1);
rb_define_method(cSSLSession, "timeout", ossl_ssl_session_get_timeout, 0);
rb_define_method(cSSLSession, "timeout=", ossl_ssl_session_set_timeout, 1);
-
-#ifdef HAVE_SSL_SESSION_GET_ID
rb_define_method(cSSLSession, "id", ossl_ssl_session_get_id, 0);
-#else
- rb_undef_method(cSSLSession, "id");
-#endif
rb_define_method(cSSLSession, "to_der", ossl_ssl_session_to_der, 0);
rb_define_method(cSSLSession, "to_pem", ossl_ssl_session_to_pem, 0);
rb_define_method(cSSLSession, "to_text", ossl_ssl_session_to_text, 0);
diff --git a/ext/openssl/ossl_x509.c b/ext/openssl/ossl_x509.c
index 2fd14566cd..cf62b53e28 100644
--- a/ext/openssl/ossl_x509.c
+++ b/ext/openssl/ossl_x509.c
@@ -63,12 +63,8 @@ Init_ossl_x509(void)
DefX509Const(V_ERR_KEYUSAGE_NO_CERTSIGN);
DefX509Const(V_ERR_APPLICATION_VERIFICATION);
-#if defined(X509_V_FLAG_CRL_CHECK)
DefX509Const(V_FLAG_CRL_CHECK);
-#endif
-#if defined(X509_V_FLAG_CRL_CHECK_ALL)
DefX509Const(V_FLAG_CRL_CHECK_ALL);
-#endif
DefX509Const(PURPOSE_SSL_CLIENT);
DefX509Const(PURPOSE_SSL_SERVER);
@@ -77,21 +73,15 @@ Init_ossl_x509(void)
DefX509Const(PURPOSE_SMIME_ENCRYPT);
DefX509Const(PURPOSE_CRL_SIGN);
DefX509Const(PURPOSE_ANY);
-#if defined(X509_PURPOSE_OCSP_HELPER)
DefX509Const(PURPOSE_OCSP_HELPER);
-#endif
DefX509Const(TRUST_COMPAT);
DefX509Const(TRUST_SSL_CLIENT);
DefX509Const(TRUST_SSL_SERVER);
DefX509Const(TRUST_EMAIL);
DefX509Const(TRUST_OBJECT_SIGN);
-#if defined(X509_TRUST_OCSP_SIGN)
DefX509Const(TRUST_OCSP_SIGN);
-#endif
-#if defined(X509_TRUST_OCSP_REQUEST)
DefX509Const(TRUST_OCSP_REQUEST);
-#endif
DefX509Default(CERT_AREA, cert_area);
DefX509Default(CERT_DIR, cert_dir);
diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
index 970a91eb85..7cd3fe6dfd 100644
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@@ -178,14 +178,6 @@ ossl_x509attr_get_oid(VALUE self)
return ret;
}
-#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
-# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single)
-# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
-#else
-# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set)
-# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
-#endif
-
/*
* call-seq:
* attr.value = asn1 => asn1
@@ -205,10 +197,10 @@ ossl_x509attr_set_value(VALUE self, VALUE value)
}
GetX509Attr(self, attr);
if(attr->value.set){
- if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single);
+ if(attr->single) ASN1_TYPE_free(attr->value.single);
else sk_ASN1_TYPE_free(attr->value.set);
}
- OSSL_X509ATTR_SET_SINGLE(attr);
+ attr->single = 1;
attr->value.single = a1type;
return value;
@@ -228,7 +220,7 @@ ossl_x509attr_get_value(VALUE self)
GetX509Attr(self, attr);
if(attr->value.ptr == NULL) return Qnil;
- if(OSSL_X509ATTR_IS_SINGLE(attr)){
+ if(attr->single){
length = i2d_ASN1_TYPE(attr->value.single, NULL);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
index e67da4ba38..e5817543c5 100644
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@@ -188,7 +188,6 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
return crl;
}
-#ifdef HAVE_X509V3_SET_NCONF
static VALUE
ossl_x509extfactory_set_config(VALUE self, VALUE config)
{
@@ -202,9 +201,6 @@ ossl_x509extfactory_set_config(VALUE self, VALUE config)
return config;
}
-#else
-#define ossl_x509extfactory_set_config rb_f_notimplement
-#endif
static VALUE
ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
@@ -243,12 +239,8 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
X509_EXTENSION *ext;
VALUE oid, value, critical, valstr, obj;
int nid;
-#ifdef HAVE_X509V3_EXT_NCONF_NID
VALUE rconf;
CONF *conf;
-#else
- static LHASH *empty_lhash;
-#endif
rb_scan_args(argc, argv, "21", &oid, &value, &critical);
StringValueCStr(oid);
@@ -265,14 +257,9 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
GetX509ExtFactory(self, ctx);
obj = NewX509Ext(cX509Ext);
-#ifdef HAVE_X509V3_EXT_NCONF_NID
rconf = rb_iv_get(self, "@config");
conf = NIL_P(rconf) ? NULL : GetConfigPtr(rconf);
ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
-#else
- if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
- ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
-#endif
if (!ext){
ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
}
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index f3501e531a..767e30be4a 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -153,12 +153,6 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
ossl_x509store_set_vfy_cb(self, Qnil);
-#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
- rb_iv_set(self, "@flags", INT2FIX(0));
- rb_iv_set(self, "@purpose", INT2FIX(0));
- rb_iv_set(self, "@trust", INT2FIX(0));
-#endif
-
/* last verification status */
rb_iv_set(self, "@error", Qnil);
rb_iv_set(self, "@error_string", Qnil);
@@ -171,15 +165,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
static VALUE
ossl_x509store_set_flags(VALUE self, VALUE flags)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
long f = NUM2LONG(flags);
GetX509Store(self, store);
X509_STORE_set_flags(store, f);
-#else
- rb_iv_set(self, "@flags", flags);
-#endif
return flags;
}
@@ -187,15 +177,11 @@ ossl_x509store_set_flags(VALUE self, VALUE flags)
static VALUE
ossl_x509store_set_purpose(VALUE self, VALUE purpose)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
int p = NUM2INT(purpose);
GetX509Store(self, store);
X509_STORE_set_purpose(store, p);
-#else
- rb_iv_set(self, "@purpose", purpose);
-#endif
return purpose;
}
@@ -203,15 +189,11 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose)
static VALUE
ossl_x509store_set_trust(VALUE self, VALUE trust)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE *store;
int t = NUM2INT(trust);
GetX509Store(self, store);
X509_STORE_set_trust(store, t);
-#else
- rb_iv_set(self, "@trust", trust);
-#endif
return trust;
}
@@ -441,17 +423,10 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self)
SafeGetX509Store(store, x509st);
if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */
if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain);
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){
sk_X509_pop_free(x509s, X509_free);
ossl_raise(eX509StoreError, NULL);
}
-#else
- X509_STORE_CTX_init(ctx, x509st, x509, x509s);
- ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags"));
- ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose"));
- ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust"));
-#endif
if (!NIL_P(t = rb_iv_get(store, "@time")))
ossl_x509stctx_set_time(self, t);
rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback"));
@@ -562,16 +537,12 @@ ossl_x509stctx_get_curr_cert(VALUE self)
static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
X509_STORE_CTX *ctx;
GetX509StCtx(self, ctx);
if(!ctx->current_crl) return Qnil;
return ossl_x509crl_new(ctx->current_crl);
-#else
- return Qnil;
-#endif
}
static VALUE
diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb
index aec33fdd1a..ec14f46714 100644
--- a/test/openssl/test_cipher.rb
+++ b/test/openssl/test_cipher.rb
@@ -114,40 +114,38 @@ class OpenSSL::TestCipher < OpenSSL::TestCase
end
end if has_cipher?('aes-128-ctr')
- if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
- def test_ciphers
- OpenSSL::Cipher.ciphers.each{|name|
- next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
- begin
- assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
- rescue OpenSSL::Cipher::CipherError => e
- next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
- raise
- end
- }
- end
+ def test_ciphers
+ OpenSSL::Cipher.ciphers.each{|name|
+ next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name
+ begin
+ assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name))
+ rescue OpenSSL::Cipher::CipherError => e
+ next if /wrap/ =~ name and e.message == 'wrap mode not allowed'
+ raise
+ end
+ }
+ end
- def test_AES
- pt = File.read(__FILE__)
- %w(ECB CBC CFB OFB).each{|mode|
- c1 = OpenSSL::Cipher::AES256.new(mode)
- c1.encrypt
- c1.pkcs5_keyivgen("passwd")
- ct = c1.update(pt) + c1.final
-
- c2 = OpenSSL::Cipher::AES256.new(mode)
- c2.decrypt
- c2.pkcs5_keyivgen("passwd")
- assert_equal(pt, c2.update(ct) + c2.final)
- }
- end
+ def test_AES
+ pt = File.read(__FILE__)
+ %w(ECB CBC CFB OFB).each{|mode|
+ c1 = OpenSSL::Cipher::AES256.new(mode)
+ c1.encrypt
+ c1.pkcs5_keyivgen("passwd")
+ ct = c1.update(pt) + c1.final
+
+ c2 = OpenSSL::Cipher::AES256.new(mode)
+ c2.decrypt
+ c2.pkcs5_keyivgen("passwd")
+ assert_equal(pt, c2.update(ct) + c2.final)
+ }
+ end
- def test_AES_crush
- 500.times do
- assert_nothing_raised("[Bug #2768]") do
- # it caused OpenSSL SEGV by uninitialized key
- OpenSSL::Cipher::AES128.new("ECB").update "." * 17
- end
+ def test_AES_crush
+ 500.times do
+ assert_nothing_raised("[Bug #2768]") do
+ # it caused OpenSSL SEGV by uninitialized key
+ OpenSSL::Cipher::AES128.new("ECB").update "." * 17
end
end
end
diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
index dfe4c6ca82..def4910ccd 100644
--- a/test/openssl/test_pkcs7.rb
+++ b/test/openssl/test_pkcs7.rb
@@ -123,12 +123,6 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
end
def test_enveloped
- if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f
- # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV.
- # http://www.mail-archive.com/openssl-dev@openssl.org/msg17376.html
- return
- end
-
certs = [@ee1_cert, @ee2_cert]
cipher = OpenSSL::Cipher::AES.new("128-CBC")
data = "aaaaa\nbbbbb\nccccc\n"
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index d7b996d662..9a717a4256 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -869,10 +869,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port|
2.times do |i|
ctx = OpenSSL::SSL::SSLContext.new
- if defined?(OpenSSL::SSL::OP_NO_TICKET)
- # disable RFC4507 support
- ctx.options = OpenSSL::SSL::OP_NO_TICKET
- end
+ # disable RFC4507 support
+ ctx.options = OpenSSL::SSL::OP_NO_TICKET
server_connect(port, ctx) { |ssl|
ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com'
str = "x" * 100 + "\n"
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index ee1a907fcb..cdcab02f95 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -61,9 +61,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM=
# SSL_SESSION_time keeps long value so we can't keep nsec fragment.
session.time = t1 = Time.now.to_i
assert_equal(Time.at(t1), session.time)
- if session.respond_to?(:id)
- assert_not_nil(session.id)
- end
+ assert_not_nil(session.id)
pem = session.to_pem
assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem)
assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem)
@@ -170,10 +168,7 @@ __EOS__
session = ssl.session
if last_session
assert(ssl.session_reused?)
-
- if session.respond_to?(:id)
- assert_equal(session.id, last_session.id)
- end
+ assert_equal(session.id, last_session.id)
assert_equal(session.to_pem, last_session.to_pem)
assert_equal(session.to_der, last_session.to_der)
# Older version of OpenSSL may not be consistent. Look up which versions later.
@@ -246,10 +241,8 @@ __EOS__
10.times do |i|
sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new
- if defined?(OpenSSL::SSL::OP_NO_TICKET)
- # disable RFC4507 support
- ctx.options = OpenSSL::SSL::OP_NO_TICKET
- end
+ # disable RFC4507 support
+ ctx.options = OpenSSL::SSL::OP_NO_TICKET
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.sync_close = true
ssl.session = first_session if first_session
diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
index 6a443a7cf1..8dee1679f6 100644
--- a/test/openssl/test_x509store.rb
+++ b/test/openssl/test_x509store.rb
@@ -148,8 +148,6 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ee1_cert)))
assert_equal(OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID, store.error)
- return unless defined?(OpenSSL::X509::V_FLAG_CRL_CHECK)
-
store = OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_ANY
store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK