summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ext/openssl/extconf.rb2
-rw-r--r--ext/openssl/openssl.gemspec6
-rw-r--r--ext/openssl/openssl_missing.c22
-rw-r--r--ext/openssl/openssl_missing.h35
-rw-r--r--ext/openssl/ossl_pkey.c15
-rw-r--r--ext/openssl/ossl_ssl_session.c9
-rw-r--r--ext/openssl/ossl_version.h2
7 files changed, 57 insertions, 34 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 60132b352f8..7033b0e20da 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -81,6 +81,7 @@ engines.each { |name|
# added in 0.9.8X
have_func("EVP_CIPHER_CTX_new")
have_func("EVP_CIPHER_CTX_free")
+OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
# added in 1.0.0
have_func("ASN1_TIME_adj")
@@ -143,6 +144,7 @@ OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") #
OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
have_func("SSL_CTX_get_security_level")
have_func("X509_get0_notBefore")
+have_func("SSL_SESSION_get_protocol_version")
Logging::message "=== Checking done. ===\n"
diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec
index e8fd20f94e7..b5ad826e82b 100644
--- a/ext/openssl/openssl.gemspec
+++ b/ext/openssl/openssl.gemspec
@@ -1,15 +1,15 @@
# -*- encoding: utf-8 -*-
-# stub: openssl 2.0.1 ruby lib
+# stub: openssl 2.0.2 ruby lib
# stub: ext/openssl/extconf.rb
Gem::Specification.new do |s|
s.name = "openssl".freeze
- s.version = "2.0.1"
+ s.version = "2.0.2"
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
s.require_paths = ["lib".freeze]
s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze]
- s.date = "2016-12-10"
+ s.date = "2016-12-22"
s.description = "It wraps the OpenSSL library.".freeze
s.email = ["ruby-core@ruby-lang.org".freeze]
s.extensions = ["ext/openssl/extconf.rb".freeze]
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index cc13b7a3a5e..94ce85aff4f 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -23,7 +23,7 @@
/* added in 0.9.8X */
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
EVP_CIPHER_CTX *
-EVP_CIPHER_CTX_new(void)
+ossl_EVP_CIPHER_CTX_new(void)
{
EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
if (!ctx)
@@ -35,7 +35,7 @@ EVP_CIPHER_CTX_new(void)
#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
void
-EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
{
if (ctx) {
EVP_CIPHER_CTX_cleanup(ctx);
@@ -52,7 +52,7 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
* tested on 0.9.7d.
*/
int
-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
@@ -71,7 +71,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
#if !defined(OPENSSL_NO_HMAC)
#if !defined(HAVE_HMAC_CTX_COPY)
int
-HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
+ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
if (!out || !in)
return 0;
@@ -112,7 +112,7 @@ static struct {
};
int
-EC_curve_nist2nid(const char *name)
+ossl_EC_curve_nist2nid(const char *name)
{
size_t i;
for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
@@ -127,7 +127,7 @@ EC_curve_nist2nid(const char *name)
/*** added in 1.1.0 ***/
#if !defined(HAVE_HMAC_CTX_NEW)
HMAC_CTX *
-HMAC_CTX_new(void)
+ossl_HMAC_CTX_new(void)
{
HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
if (!ctx)
@@ -139,7 +139,7 @@ HMAC_CTX_new(void)
#if !defined(HAVE_HMAC_CTX_FREE)
void
-HMAC_CTX_free(HMAC_CTX *ctx)
+ossl_HMAC_CTX_free(HMAC_CTX *ctx)
{
if (ctx) {
HMAC_CTX_cleanup(ctx);
@@ -150,8 +150,8 @@ HMAC_CTX_free(HMAC_CTX *ctx)
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
void
-X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
- const X509_ALGOR **palg)
+ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg)
{
if (psig != NULL)
*psig = crl->signature;
@@ -162,8 +162,8 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
void
-X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
- const X509_ALGOR **palg)
+ossl_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+ const X509_ALGOR **palg)
{
if (psig != NULL)
*psig = req->signature;
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index df27b1a858c..3d11aec2d2e 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -14,11 +14,17 @@
/* added in 0.9.8X */
#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+EVP_CIPHER_CTX *ossl_EVP_CIPHER_CTX_new(void);
+# define EVP_CIPHER_CTX_new ossl_EVP_CIPHER_CTX_new
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
+void ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
+# define EVP_CIPHER_CTX_free ossl_EVP_CIPHER_CTX_free
+#endif
+
+#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS)
+# define SSL_CTX_clear_options(ctx, op) ((ctx)->options &= ~(op))
#endif
/* added in 1.0.0 */
@@ -27,11 +33,13 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
#endif
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
+int ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *, const EVP_CIPHER_CTX *);
+# define EVP_CIPHER_CTX_copy ossl_EVP_CIPHER_CTX_copy
#endif
#if !defined(HAVE_HMAC_CTX_COPY)
-int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+int ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+# define HMAC_CTX_copy ossl_HMAC_CTX_copy
#endif
#if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL)
@@ -54,7 +62,8 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
/* added in 1.0.2 */
#if !defined(OPENSSL_NO_EC)
#if !defined(HAVE_EC_CURVE_NIST2NID)
-int EC_curve_nist2nid(const char *);
+int ossl_EC_curve_nist2nid(const char *);
+# define EC_curve_nist2nid ossl_EC_curve_nist2nid
#endif
#endif
@@ -93,11 +102,13 @@ int EC_curve_nist2nid(const char *);
#endif
#if !defined(HAVE_HMAC_CTX_NEW)
-HMAC_CTX *HMAC_CTX_new(void);
+HMAC_CTX *ossl_HMAC_CTX_new(void);
+# define HMAC_CTX_new ossl_HMAC_CTX_new
#endif
#if !defined(HAVE_HMAC_CTX_FREE)
-void HMAC_CTX_free(HMAC_CTX *ctx);
+void ossl_HMAC_CTX_free(HMAC_CTX *);
+# define HMAC_CTX_free ossl_HMAC_CTX_free
#endif
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
@@ -114,11 +125,13 @@ void HMAC_CTX_free(HMAC_CTX *ctx);
#endif
#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
-void X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+void ossl_X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+# define X509_CRL_get0_signature ossl_X509_CRL_get0_signature
#endif
#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
-void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **);
+# define X509_REQ_get0_signature ossl_X509_REQ_get0_signature
#endif
#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER)
@@ -245,4 +258,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
# define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x)
#endif
+#if !defined(HAVE_SSL_SESSION_GET_PROTOCOL_VERSION)
+# define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version)
+#endif
+
#endif /* _OSSL_OPENSSL_MISSING_H_ */
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 9e6c6157819..6ab1b6184f9 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -73,10 +73,13 @@ const rb_data_type_t ossl_evp_pkey_type = {
static VALUE
pkey_new0(EVP_PKEY *pkey)
{
- if (!pkey)
- ossl_raise(ePKeyError, "cannot make new key from NULL");
+ VALUE obj;
+ int type;
- switch (EVP_PKEY_base_id(pkey)) {
+ if (!pkey || (type = EVP_PKEY_base_id(pkey)) == EVP_PKEY_NONE)
+ ossl_raise(rb_eRuntimeError, "pkey is empty");
+
+ switch (type) {
#if !defined(OPENSSL_NO_RSA)
case EVP_PKEY_RSA:
return ossl_rsa_new(pkey);
@@ -94,7 +97,9 @@ pkey_new0(EVP_PKEY *pkey)
return ossl_ec_new(pkey);
#endif
default:
- ossl_raise(ePKeyError, "unsupported key type");
+ obj = NewPKey(cPKey);
+ SetPKey(obj, pkey);
+ return obj;
}
}
@@ -260,7 +265,7 @@ static VALUE
ossl_pkey_initialize(VALUE self)
{
if (rb_obj_is_instance_of(self, cPKey)) {
- ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class.");
+ ossl_raise(rb_eTypeError, "OpenSSL::PKey::PKey can't be instantiated directly");
}
return self;
}
diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c
index 7abb8671f84..1b602a6cd74 100644
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@@ -93,23 +93,22 @@ ossl_ssl_session_initialize_copy(VALUE self, VALUE other)
return self;
}
-#if HAVE_SSL_SESSION_CMP == 0
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
+#if !defined(HAVE_SSL_SESSION_CMP)
+int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
{
unsigned int a_len;
const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
unsigned int b_len;
const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
-#if !defined(HAVE_OPAQUE_OPENSSL) /* missing SSL_SESSION_get_ssl_version() ? */
- if (a->ssl_version != b->ssl_version)
+ if (SSL_SESSION_get_protocol_version(a) != SSL_SESSION_get_protocol_version(b))
return 1;
-#endif
if (a_len != b_len)
return 1;
return CRYPTO_memcmp(a_sid, b_sid, a_len);
}
+#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b)
#endif
/*
diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h
index 2566b67a50a..d1bd7bc4bbc 100644
--- a/ext/openssl/ossl_version.h
+++ b/ext/openssl/ossl_version.h
@@ -10,6 +10,6 @@
#if !defined(_OSSL_VERSION_H_)
#define _OSSL_VERSION_H_
-#define OSSL_VERSION "2.0.1"
+#define OSSL_VERSION "2.0.2"
#endif /* _OSSL_VERSION_H_ */