ruby-changes:43088
From: rhe <ko1@a...>
Date: Wed, 25 May 2016 17:50:10 +0900 (JST)
Subject: [ruby-changes:43088] rhe:r55162 (trunk): openssl: drop OpenSSL 0.9.6/0.9.7 support
rhe 2016-05-25 17:50:03 +0900 (Wed, 25 May 2016) New Revision: 55162 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55162 Log: openssl: drop OpenSSL 0.9.6/0.9.7 support * ext/openssl, test/openssl: Drop OpenSSL < 0.9.8 support. Modified files: trunk/ChangeLog trunk/ext/openssl/deprecation.rb trunk/ext/openssl/extconf.rb trunk/ext/openssl/lib/openssl/ssl.rb trunk/ext/openssl/openssl_missing.c trunk/ext/openssl/openssl_missing.h trunk/ext/openssl/ossl.c trunk/ext/openssl/ossl.h trunk/ext/openssl/ossl_asn1.c trunk/ext/openssl/ossl_cipher.c trunk/ext/openssl/ossl_engine.c trunk/ext/openssl/ossl_ocsp.c trunk/ext/openssl/ossl_ocsp.h trunk/ext/openssl/ossl_pkcs5.c trunk/ext/openssl/ossl_pkcs7.c trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_pkey.h trunk/ext/openssl/ossl_pkey_dh.c trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_ec.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/ext/openssl/ossl_ssl.c trunk/ext/openssl/ossl_ssl_session.c trunk/ext/openssl/ossl_x509.c trunk/ext/openssl/ossl_x509attr.c trunk/ext/openssl/ossl_x509ext.c trunk/ext/openssl/ossl_x509store.c trunk/test/openssl/test_cipher.rb trunk/test/openssl/test_pkcs7.rb trunk/test/openssl/test_ssl.rb trunk/test/openssl/test_ssl_session.rb trunk/test/openssl/test_x509store.rb Index: test/openssl/test_ssl.rb =================================================================== --- test/openssl/test_ssl.rb (revision 55161) +++ test/openssl/test_ssl.rb (revision 55162) @@ -869,10 +869,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl.rb#L869 start_server(OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc, :server_proc => server_proc) do |server, port| 2.times do |i| ctx = OpenSSL::SSL::SSLContext.new - if defined?(OpenSSL::SSL::OP_NO_TICKET) - # disable RFC4507 support - ctx.options = OpenSSL::SSL::OP_NO_TICKET - end + # disable RFC4507 support + ctx.options = OpenSSL::SSL::OP_NO_TICKET server_connect(port, ctx) { |ssl| ssl.hostname = (i & 1 == 0) ? 'foo.example.com' : 'bar.example.com' str = "x" * 100 + "\n" Index: test/openssl/test_ssl_session.rb =================================================================== --- test/openssl/test_ssl_session.rb (revision 55161) +++ test/openssl/test_ssl_session.rb (revision 55162) @@ -61,9 +61,7 @@ tddwpBAEDjcwMzA5NTYzMTU1MzAwpQMCARM= https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl_session.rb#L61 # SSL_SESSION_time keeps long value so we can't keep nsec fragment. session.time = t1 = Time.now.to_i assert_equal(Time.at(t1), session.time) - if session.respond_to?(:id) - assert_not_nil(session.id) - end + assert_not_nil(session.id) pem = session.to_pem assert_match(/\A-----BEGIN SSL SESSION PARAMETERS-----/, pem) assert_match(/-----END SSL SESSION PARAMETERS-----\Z/, pem) @@ -170,10 +168,7 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl_session.rb#L168 session = ssl.session if last_session assert(ssl.session_reused?) - - if session.respond_to?(:id) - assert_equal(session.id, last_session.id) - end + assert_equal(session.id, last_session.id) assert_equal(session.to_pem, last_session.to_pem) assert_equal(session.to_der, last_session.to_der) # Older version of OpenSSL may not be consistent. Look up which versions later. @@ -246,10 +241,8 @@ __EOS__ https://github.com/ruby/ruby/blob/trunk/test/openssl/test_ssl_session.rb#L241 10.times do |i| sock = TCPSocket.new("127.0.0.1", port) ctx = OpenSSL::SSL::SSLContext.new - if defined?(OpenSSL::SSL::OP_NO_TICKET) - # disable RFC4507 support - ctx.options = OpenSSL::SSL::OP_NO_TICKET - end + # disable RFC4507 support + ctx.options = OpenSSL::SSL::OP_NO_TICKET ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) ssl.sync_close = true ssl.session = first_session if first_session Index: test/openssl/test_cipher.rb =================================================================== --- test/openssl/test_cipher.rb (revision 55161) +++ test/openssl/test_cipher.rb (revision 55162) @@ -114,40 +114,38 @@ class OpenSSL::TestCipher < OpenSSL::Tes https://github.com/ruby/ruby/blob/trunk/test/openssl/test_cipher.rb#L114 end end if has_cipher?('aes-128-ctr') - if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000 - def test_ciphers - OpenSSL::Cipher.ciphers.each{|name| - next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name - begin - assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name)) - rescue OpenSSL::Cipher::CipherError => e - next if /wrap/ =~ name and e.message == 'wrap mode not allowed' - raise - end - } - end + def test_ciphers + OpenSSL::Cipher.ciphers.each{|name| + next if /netbsd/ =~ RUBY_PLATFORM && /idea|rc5/i =~ name + begin + assert_kind_of(OpenSSL::Cipher::Cipher, OpenSSL::Cipher::Cipher.new(name)) + rescue OpenSSL::Cipher::CipherError => e + next if /wrap/ =~ name and e.message == 'wrap mode not allowed' + raise + end + } + end - def test_AES - pt = File.read(__FILE__) - %w(ECB CBC CFB OFB).each{|mode| - c1 = OpenSSL::Cipher::AES256.new(mode) - c1.encrypt - c1.pkcs5_keyivgen("passwd") - ct = c1.update(pt) + c1.final + def test_AES + pt = File.read(__FILE__) + %w(ECB CBC CFB OFB).each{|mode| + c1 = OpenSSL::Cipher::AES256.new(mode) + c1.encrypt + c1.pkcs5_keyivgen("passwd") + ct = c1.update(pt) + c1.final - c2 = OpenSSL::Cipher::AES256.new(mode) - c2.decrypt - c2.pkcs5_keyivgen("passwd") - assert_equal(pt, c2.update(ct) + c2.final) - } - end + c2 = OpenSSL::Cipher::AES256.new(mode) + c2.decrypt + c2.pkcs5_keyivgen("passwd") + assert_equal(pt, c2.update(ct) + c2.final) + } + end - def test_AES_crush - 500.times do - assert_nothing_raised("[Bug #2768]") do - # it caused OpenSSL SEGV by uninitialized key - OpenSSL::Cipher::AES128.new("ECB").update "." * 17 - end + def test_AES_crush + 500.times do + assert_nothing_raised("[Bug #2768]") do + # it caused OpenSSL SEGV by uninitialized key + OpenSSL::Cipher::AES128.new("ECB").update "." * 17 end end end Index: test/openssl/test_x509store.rb =================================================================== --- test/openssl/test_x509store.rb (revision 55161) +++ test/openssl/test_x509store.rb (revision 55162) @@ -148,8 +148,6 @@ class OpenSSL::TestX509Store < OpenSSL:: https://github.com/ruby/ruby/blob/trunk/test/openssl/test_x509store.rb#L148 assert_equal(false, store.verify(OpenSSL::X509::Certificate.new(ee1_cert))) assert_equal(OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID, store.error) - return unless defined?(OpenSSL::X509::V_FLAG_CRL_CHECK) - store = OpenSSL::X509::Store.new store.purpose = OpenSSL::X509::PURPOSE_ANY store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK Index: test/openssl/test_pkcs7.rb =================================================================== --- test/openssl/test_pkcs7.rb (revision 55161) +++ test/openssl/test_pkcs7.rb (revision 55162) @@ -123,12 +123,6 @@ class OpenSSL::TestPKCS7 < OpenSSL::Test https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkcs7.rb#L123 end def test_enveloped - if OpenSSL::OPENSSL_VERSION_NUMBER <= 0x0090704f - # PKCS7_encrypt() of OpenSSL-0.9.7d goes to SEGV. - # http://www.mail-archive.com/openssl-dev@o.../msg17376.html - return - end - certs = [@ee1_cert, @ee2_cert] cipher = OpenSSL::Cipher::AES.new("128-CBC") data = "aaaaa\nbbbbb\nccccc\n" Index: ext/openssl/openssl_missing.h =================================================================== --- ext/openssl/openssl_missing.h (revision 55161) +++ ext/openssl/openssl_missing.h (revision 55162) @@ -10,124 +10,22 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L10 #if !defined(_OSSL_OPENSSL_MISSING_H_) #define _OSSL_OPENSSL_MISSING_H_ -#ifndef TYPEDEF_D2I_OF -typedef char *d2i_of_void(); -#endif -#ifndef TYPEDEF_I2D_OF -typedef int i2d_of_void(); -#endif - -/* - * These functions are not included in headers of OPENSSL <= 0.9.6b - */ - -#if !defined(PEM_read_bio_DSAPublicKey) -# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u)) -#endif - -#if !defined(PEM_write_bio_DSAPublicKey) -# define PEM_write_bio_DSAPublicKey(bp,x) \ - PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\ - PEM_STRING_DSA_PUBLIC,\ - (bp),(char *)(x), NULL, NULL, 0, NULL, NULL) -#endif - -#if !defined(DSAPrivateKey_dup) -# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \ - (d2i_of_void *)d2i_DSAPrivateKey,(char *)(dsa)) -#endif - -#if !defined(DSAPublicKey_dup) -# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \ - (d2i_of_void *)d2i_DSAPublicKey,(char *)(dsa)) -#endif - -#if !defined(X509_REVOKED_dup) -# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \ - (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev)) -#endif - -#if !defined(PKCS7_SIGNER_INFO_dup) -# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \ - (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)(si)) -#endif - -#if !defined(PKCS7_RECIP_INFO_dup) -# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \ - (d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri)) -#endif - -#if !defined(HAVE_HMAC_CTX_INIT) -void HMAC_CTX_init(HMAC_CTX *ctx); +/* added in 1.0.0 */ +#if !defined(HAVE_EVP_CIPHER_CTX_COPY) +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); #endif #if !defined(HAVE_HMAC_CTX_COPY) void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); #endif -#if !defined(HAVE_HMAC_CTX_CLEANUP) -void HMAC_CTX_cleanup(HMAC_CTX *ctx); -#endif - -#if !defined(HAVE_EVP_MD_CTX_CREATE) -EVP_MD_CTX *EVP_MD_CTX_create(void); -#endif - -#if !defined(HAVE_EVP_MD_CTX_INIT) -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -#endif - -#if !defined(HAVE_EVP_MD_CTX_CLEANUP) -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); -#endif - -#if !defined(HAVE_EVP_MD_CTX_DESTROY) -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -#endif - -#if !defined(HAVE_EVP_CIPHER_CTX_COPY) -int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); -#endif - -#if !defined(HAVE_EVP_DIGESTINIT_EX) -# define EVP_DigestInit_ex(ctx, md, engine) EVP_DigestInit((ctx), (md)) -#endif -#if !defined(HAVE_EVP_DIGESTFINAL_EX) -# define EVP_DigestFinal_ex(ctx, buf, len) EVP_DigestFinal((ctx), (buf), (len)) -#endif - -#if !defined(HAVE_EVP_CIPHERINIT_EX) -# define EVP_CipherInit_ex(ctx, type, impl, key, iv, enc) EVP_CipherInit((ctx), (type), (key), (iv), (enc)) -#endif -#if !defined(HAVE_EVP_CIPHERFINAL_EX) -# define EVP_CipherFinal_ex(ctx, outm, outl) EVP_CipherFinal((ctx), (outm), (outl)) -#endif - -#if !defined(EVP_CIPHER_name) -# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -#endif - -#if !defined(EVP_MD_name) -# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e)) -#endif - -#if !defined(HAVE_EVP_HMAC_INIT_EX) -# define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init((ctx), (key), (len), (digest)) -#endif - -#if !defined(PKCS7_is_detached) -# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) -#endif - -#if !defined(PKCS7_type_is_encrypted) -# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -#endif - -#if !defined(HAVE_OPENSSL_CLEANSE) -#define OPENSSL_cleanse(p, l) memset((p), 0, (l)) +/* added in 1.0.2 */ +#if !defined(HAVE_X509_REVOKED_DUP) +# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \ + (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev)) #endif +/* added in 1.1.0 */ #if !defined(HAVE_X509_STORE_GET_EX_DATA) # define X509_STORE_get_ex_data(x, idx) \ CRYPTO_get_ex_data(&(x)->ex_data, (idx)) @@ -141,52 +39,4 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX * https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L39 (newf), (dupf), (freef)) #endif -#if !defined(HAVE_X509_CRL_SET_VERSION) -int X509_CRL_set_version(X509_CRL *x, long version); -#endif - -#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) -int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -#endif - -#if !defined(HAVE_X509_CRL_SORT) -int X509_CRL_sort(X509_CRL *c); -#endif - -#if !defined(HAVE_X509_CRL_ADD0_REVOKED) -int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); -#endif - -#if !defined(HAVE_BN_MOD_SQR) -int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -#endif - -#if !defined(HAVE_BN_MOD_ADD) -int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); -#endif - -#if !defined(HAVE_BN_MOD_SUB) -int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); -#endif - -#if !defined(HAVE_BN_RAND_RANGE) -int BN_rand_range(BIGNUM *r, BIGNUM *range); -#endif - -#if !defined(HAVE_BN_PSEUDO_RAND_RANGE) -int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range); -#endif - -#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE) -char *CONF_get1_default_config_file(void); -#endif - -#if !defined(HAVE_PEM_DEF_CALLBACK) -int PEM_def_callback(char *buf, int num, int w, void *key); -#endif - -#if !defined(HAVE_ASN1_PUT_EOC) -int ASN1_put_eoc(unsigned char **pp); -#endif - #endif /* _OSSL_OPENSSL_MISSING_H_ */ Index: ext/openssl/ossl_x509store.c =================================================================== --- ext/openssl/ossl_x509store.c (revision 55161) +++ ext/openssl/ossl_x509store.c (revision 55162) @@ -153,12 +153,6 @@ ossl_x509store_initialize(int argc, VALU https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509store.c#L153 X509_STORE_set_verify_cb_func(store, ossl_verify_cb); ossl_x509store_set_vfy_cb(self, Qnil); -#if (OPENSSL_VERSION_NUMBER < 0x00907000L) - rb_iv_set(self, "@flags", INT2FIX(0)); - rb_iv_set(self, "@purpose", INT2FIX(0)); - rb_iv_set(self, "@trust", INT2FIX(0)); -#endif - /* last verification status */ rb_iv_set(self, "@error", Qnil); rb_iv_set(self, "@error_string", Qnil); @@ -171,15 +165,11 @@ ossl_x509store_initialize(int argc, VALU https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509store.c#L165 static VALUE ossl_x509store_set_flags(VALUE self, VALUE flags) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; long f = NUM2LONG(flags); GetX509Store(self, store); X509_STORE_set_flags(store, f); -#else - rb_iv_set(self, "@flags", flags); -#endif return flags; } @@ -187,15 +177,11 @@ ossl_x509store_set_flags(VALUE self, VAL https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509store.c#L177 static VALUE ossl_x509store_set_purpose(VALUE self, VALUE purpose) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; int p = NUM2INT(purpose); GetX509Store(self, store); X509_STORE_set_purpose(store, p); -#else - rb_iv_set(self, "@purpose", purpose); -#endif return purpose; } @@ -203,15 +189,11 @@ ossl_x509store_set_purpose(VALUE self, V https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509store.c#L189 static VALUE ossl_x509store_set_trust(VALUE self, VALUE trust) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; int t = NUM2INT(trust); GetX509Store(self, store); X509_STORE_set_trust(store, t); -#else - rb_iv_set(self, "@trust", trust); -#endif return trust; } @@ -441,17 +423,10 @@ ossl_x509stctx_initialize(int argc, VALU https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509store.c#L423 SafeGetX509Store(store, x509st); if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain); -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ sk_X509_pop_free(x509s, X509_free); ossl_raise(eX509StoreError, NULL); } -#else - X509_STORE_CTX_init(ctx, x509st, x509, x509s); - ossl_x509stctx_set_flags(self, rb_iv_get(store, "@flags")); - ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose")); - ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust")); -#endif if (!NIL_P(t = rb_iv_get(store, "@time"))) ossl_x509stctx_set_time(self, t); rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); @@ -562,16 +537,12 @@ ossl_x509stctx_get_curr_cert(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509store.c#L537 static VALUE ossl_x509stctx_get_curr_crl(VALUE self) { -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); if(!ctx->current_crl) return Qnil; return ossl_x509crl_new(ctx->current_crl); -#else - return Qnil; -#endif } static VALUE Index: ext/openssl/ossl.h =================================================================== --- ext/openssl/ossl.h (revision 55161) +++ ext/openssl/ossl.h (revision 55162) @@ -27,11 +27,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.h#L27 #include <ruby/io.h> #include <ruby/thread.h> -/* - * Check the OpenSSL version - * The only supported are: - * OpenSSL >= 0.9.7 - */ #include <openssl/opensslv.h> #ifdef HAVE_ASSERT_H @@ -42,7 +37,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.h#L37 #if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER) # include <openssl/e_os2.h> -# define OSSL_NO_CONF_API 1 # if !defined(OPENSSL_SYS_WIN32) # define OPENSSL_SYS_WIN32 1 # endif @@ -62,14 +56,10 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.h#L56 #if !defined(_WIN32) # include <openssl/crypto.h> #endif -#undef X509_NAME -#undef PKCS7_SIGNER_INFO -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE) -# define OSSL_ENGINE_ENABLED +#if !defined(OPENSSL_NO_ENGINE) # include <openssl/engine.h> #endif -#if defined(HAVE_OPENSSL_OCSP_H) -# define OSSL_OCSP_ENABLED +#if !defined(OPENSSL_NO_OCSP) # include <openssl/ocsp.h> #endif @@ -107,13 +97,6 @@ extern VALUE eOSSLError; https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.h#L97 } while (0) /* - * Compatibility - */ -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -#define STACK _STACK -#endif - -/* * String to HEXString conversion */ int string2hex(const unsigned char *, int, char **, int *); Index: ext/openssl/ossl_pkey_dsa.c =================================================================== --- ext/openssl/ossl_pkey_dsa.c (revision 55161) +++ ext/openssl/ossl_pkey_dsa.c (revision 55162) @@ -76,7 +76,6 @@ ossl_dsa_new(EVP_PKEY *pkey) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dsa.c#L76 /* * Private */ -#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB struct dsa_blocking_gen_arg { DSA *dsa; int size; @@ -95,12 +94,10 @@ dsa_blocking_gen(void *arg) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dsa.c#L94 gen->result = DSA_generate_parameters_ex(gen->dsa, gen->size, gen->seed, gen->seed_len, gen->counter, gen->h, gen->cb); return 0; } -#endif static DSA * dsa_generate(int size) { -#if defined(HAVE_DSA_GENERATE_PARAMETERS_EX) && HAVE_BN_GENCB BN_GENCB cb; struct ossl_generate_cb_arg cb_arg; struct dsa_blocking_gen_arg gen_arg; @@ -145,19 +142,6 @@ dsa_generate(int size) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dsa.c#L142 } return 0; } -#else - DSA *dsa; - unsigned char seed[20]; - int seed_len = 20, counter; - unsigned long h; - - if (RAND_bytes(seed, seed_len) <= 0) { - return 0; - } - dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h, - rb_block_given_p() ? ossl_generate_cb : NULL, NULL); - if(!dsa) return 0; -#endif if (!DSA_generate_key(dsa)) { DSA_free(dsa); @@ -246,7 +230,10 @@ ossl_dsa_initialize(int argc, VALUE *arg https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dsa.c#L230 } if (!dsa) { OSSL_BIO_reset(in); +#define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ + (d2i_of_void *)d2i_DSAPublicKey, PEM_STRING_DSA_PUBLIC, (bp), (void **)(x), (cb), (u)) dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL); +#undef PEM_read_bio_DSAPublicKey } BIO_free(in); if (!dsa) { @@ -460,7 +447,10 @@ ossl_dsa_to_public_key(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dsa.c#L447 GetPKeyDSA(self, pkey); /* err check performed by dsa_instance */ +#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \ + (i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAP (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/