diff options
author | Alan Wu <XrXr@users.noreply.github.com> | 2022-06-26 21:34:42 -0400 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2022-10-17 16:35:33 +0900 |
commit | a211b32180b1ab0532f6978c32e907fe1c0c218a (patch) | |
tree | 20bd0e38362edd1fdc8aa352baa3a4da8b62bcde /ext/openssl/extconf.rb | |
parent | 63234edf6791e787f8ea4d439df431dcc2f0f527 (diff) |
[ruby/openssl] Check for OpenSSL functions in headers
While building with a custom build of OpenSSL, I noticed in mkmf.log
that all the feature detection checks are done using a program lacking
an OpenSSL header include. `mkmf` retries using a fallback program when
this fails, but that means all the `have_func` calls compile twice when
compiling once should suffice. Example log without this commit:
have_func: checking for X509_STORE_CTX_get0_cert()... -------------------- yes
DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ...
conftest.c:14:57: error: use of undeclared identifier 'X509_STORE_CTX_get0_cert'
int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; }
^
1 error generated.
checked program was:
/* begin */
1: #include "ruby.h"
2:
3: /*top*/
4: extern int t(void);
5: int main(int argc, char **argv)
6: {
7: if (argc > 1000000) {
8: int (* volatile tp)(void)=(int (*)(void))&t;
9: printf("%d", (*tp)());
10: }
11:
12: return !!argv[argc];
13: }
14: int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; }
/* end */
DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ...
checked program was:
/* begin */
1: #include "ruby.h"
2:
3: /*top*/
4: extern int t(void);
5: int main(int argc, char **argv)
6: {
7: if (argc > 1000000) {
8: int (* volatile tp)(void)=(int (*)(void))&t;
9: printf("%d", (*tp)());
10: }
11:
12: return !!argv[argc];
13: }
14: extern void X509_STORE_CTX_get0_cert();
15: int t(void) { X509_STORE_CTX_get0_cert(); return 0; }
/* end */
The second compilation succeeds.
Specify the header for each checked function.
https://github.com/ruby/openssl/commit/34ae7d92d0
Diffstat (limited to 'ext/openssl/extconf.rb')
-rw-r--r-- | ext/openssl/extconf.rb | 97 |
1 files changed, 51 insertions, 46 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index cc2b1f8ba2..4a9ae5598d 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -120,8 +120,13 @@ if is_libressl && ($mswin || $mingw) end Logging::message "=== Checking for OpenSSL features... ===\n" +evp_h = "openssl/evp.h".freeze +x509_h = "openssl/x509.h".freeze +ts_h = "openssl/ts.h".freeze +ssl_h = "openssl/ssl.h".freeze + # compile options -have_func("RAND_egd") +have_func("RAND_egd", "openssl/rand.h") engines = %w{dynamic 4758cca aep atalla chil cswift nuron sureware ubsec padlock capi gmp gost cryptodev} engines.each { |name| @@ -132,56 +137,56 @@ engines.each { |name| if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl $defs.push("-DHAVE_OPAQUE_OPENSSL") end -have_func("EVP_MD_CTX_new") -have_func("EVP_MD_CTX_free") -have_func("EVP_MD_CTX_pkey_ctx") -have_func("X509_STORE_get_ex_data") -have_func("X509_STORE_set_ex_data") -have_func("X509_STORE_get_ex_new_index") -have_func("X509_CRL_get0_signature") -have_func("X509_REQ_get0_signature") -have_func("X509_REVOKED_get0_serialNumber") -have_func("X509_REVOKED_get0_revocationDate") -have_func("X509_get0_tbs_sigalg") -have_func("X509_STORE_CTX_get0_untrusted") -have_func("X509_STORE_CTX_get0_cert") -have_func("X509_STORE_CTX_get0_chain") -have_func("OCSP_SINGLERESP_get0_id") -have_func("SSL_CTX_get_ciphers") -have_func("X509_up_ref") -have_func("X509_CRL_up_ref") -have_func("X509_STORE_up_ref") -have_func("SSL_SESSION_up_ref") -have_func("EVP_PKEY_up_ref") -have_func("SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h") -have_func("SSL_CTX_get_security_level") -have_func("X509_get0_notBefore") -have_func("SSL_SESSION_get_protocol_version") -have_func("TS_STATUS_INFO_get0_status") -have_func("TS_STATUS_INFO_get0_text") -have_func("TS_STATUS_INFO_get0_failure_info") -have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h") -have_func("TS_VERIFY_CTX_set_store") -have_func("TS_VERIFY_CTX_add_flags") -have_func("TS_RESP_CTX_set_time_cb") -have_func("EVP_PBE_scrypt") -have_func("SSL_CTX_set_post_handshake_auth") +have_func("EVP_MD_CTX_new", evp_h) +have_func("EVP_MD_CTX_free", evp_h) +have_func("EVP_MD_CTX_pkey_ctx", evp_h) +have_func("X509_STORE_get_ex_data", x509_h) +have_func("X509_STORE_set_ex_data", x509_h) +have_func("X509_STORE_get_ex_new_index", x509_h) +have_func("X509_CRL_get0_signature", x509_h) +have_func("X509_REQ_get0_signature", x509_h) +have_func("X509_REVOKED_get0_serialNumber", x509_h) +have_func("X509_REVOKED_get0_revocationDate", x509_h) +have_func("X509_get0_tbs_sigalg", x509_h) +have_func("X509_STORE_CTX_get0_untrusted", x509_h) +have_func("X509_STORE_CTX_get0_cert", x509_h) +have_func("X509_STORE_CTX_get0_chain", x509_h) +have_func("OCSP_SINGLERESP_get0_id", "openssl/ocsp.h") +have_func("SSL_CTX_get_ciphers", ssl_h) +have_func("X509_up_ref", x509_h) +have_func("X509_CRL_up_ref", x509_h) +have_func("X509_STORE_up_ref", x509_h) +have_func("SSL_SESSION_up_ref", ssl_h) +have_func("EVP_PKEY_up_ref", evp_h) +have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h) +have_func("SSL_CTX_get_security_level", ssl_h) +have_func("X509_get0_notBefore", x509_h) +have_func("SSL_SESSION_get_protocol_version", ssl_h) +have_func("TS_STATUS_INFO_get0_status", ts_h) +have_func("TS_STATUS_INFO_get0_text", ts_h) +have_func("TS_STATUS_INFO_get0_failure_info", ts_h) +have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h) +have_func("TS_VERIFY_CTX_set_store", ts_h) +have_func("TS_VERIFY_CTX_add_flags", ts_h) +have_func("TS_RESP_CTX_set_time_cb", ts_h) +have_func("EVP_PBE_scrypt", evp_h) +have_func("SSL_CTX_set_post_handshake_auth", ssl_h) # added in 1.1.1 -have_func("EVP_PKEY_check") -have_func("SSL_CTX_set_ciphersuites") +have_func("EVP_PKEY_check", evp_h) +have_func("SSL_CTX_set_ciphersuites", ssl_h) # added in 3.0.0 openssl_3 = -have_func("SSL_set0_tmp_dh_pkey") -have_func("ERR_get_error_all") -have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h") -have_func("SSL_CTX_load_verify_file") -have_func("BN_check_prime") -have_func("EVP_MD_CTX_get0_md") -have_func("EVP_MD_CTX_get_pkey_ctx") -have_func("EVP_PKEY_eq") -have_func("EVP_PKEY_dup") +have_func("SSL_set0_tmp_dh_pkey", ssl_h) +have_func("ERR_get_error_all", "openssl/err.h") +have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h) +have_func("SSL_CTX_load_verify_file", ssl_h) +have_func("BN_check_prime", "openssl/bn.h") +have_func("EVP_MD_CTX_get0_md", evp_h) +have_func("EVP_MD_CTX_get_pkey_ctx", evp_h) +have_func("EVP_PKEY_eq", evp_h) +have_func("EVP_PKEY_dup", evp_h) Logging::message "=== Checking done. ===\n" |