ruby-changes:45073
From: rhe <ko1@a...>
Date: Thu, 22 Dec 2016 10:43:46 +0900 (JST)
Subject: [ruby-changes:45073] rhe:r57146 (trunk): openssl: import v2.0.2
rhe 2016-12-22 10:43:41 +0900 (Thu, 22 Dec 2016) New Revision: 57146 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57146 Log: openssl: import v2.0.2 Import Ruby/OpenSSL 2.0.2. This release contains only bugfixes. The full commit log since 2.0.1 (imported at r57041) can be found at: https://github.com/ruby/openssl/compare/v2.0.1...v2.0.2 ---------------------------------------------------------------- Kazuki Yamaguchi (5): ssl: check for SSL_CTX_clear_options() Rename functions in openssl_missing.c ssl: use SSL_SESSION_get_protocol_version() pkey: allow instantiating OpenSSL::PKey::PKey with unsupported key type Ruby/OpenSSL 2.0.2 Modified files: trunk/ext/openssl/extconf.rb trunk/ext/openssl/openssl.gemspec trunk/ext/openssl/openssl_missing.c trunk/ext/openssl/openssl_missing.h trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_ssl_session.c trunk/ext/openssl/ossl_version.h Index: ext/openssl/ossl_ssl_session.c =================================================================== --- ext/openssl/ossl_ssl_session.c (revision 57145) +++ ext/openssl/ossl_ssl_session.c (revision 57146) @@ -93,23 +93,22 @@ ossl_ssl_session_initialize_copy(VALUE s https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl_session.c#L93 return self; } -#if HAVE_SSL_SESSION_CMP == 0 -int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b) +#if !defined(HAVE_SSL_SESSION_CMP) +int ossl_SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { unsigned int a_len; const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len); unsigned int b_len; const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len); -#if !defined(HAVE_OPAQUE_OPENSSL) /* missing SSL_SESSION_get_ssl_version() ? */ - if (a->ssl_version != b->ssl_version) + if (SSL_SESSION_get_protocol_version(a) != SSL_SESSION_get_protocol_version(b)) return 1; -#endif if (a_len != b_len) return 1; return CRYPTO_memcmp(a_sid, b_sid, a_len); } +#define SSL_SESSION_cmp(a, b) ossl_SSL_SESSION_cmp(a, b) #endif /* Index: ext/openssl/ossl_pkey.c =================================================================== --- ext/openssl/ossl_pkey.c (revision 57145) +++ ext/openssl/ossl_pkey.c (revision 57146) @@ -73,10 +73,13 @@ const rb_data_type_t ossl_evp_pkey_type https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L73 static VALUE pkey_new0(EVP_PKEY *pkey) { - if (!pkey) - ossl_raise(ePKeyError, "cannot make new key from NULL"); + VALUE obj; + int type; - switch (EVP_PKEY_base_id(pkey)) { + if (!pkey || (type = EVP_PKEY_base_id(pkey)) == EVP_PKEY_NONE) + ossl_raise(rb_eRuntimeError, "pkey is empty"); + + switch (type) { #if !defined(OPENSSL_NO_RSA) case EVP_PKEY_RSA: return ossl_rsa_new(pkey); @@ -94,7 +97,9 @@ pkey_new0(EVP_PKEY *pkey) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L97 return ossl_ec_new(pkey); #endif default: - ossl_raise(ePKeyError, "unsupported key type"); + obj = NewPKey(cPKey); + SetPKey(obj, pkey); + return obj; } } @@ -260,7 +265,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L265 ossl_pkey_initialize(VALUE self) { if (rb_obj_is_instance_of(self, cPKey)) { - ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class."); + ossl_raise(rb_eTypeError, "OpenSSL::PKey::PKey can't be instantiated directly"); } return self; } Index: ext/openssl/openssl_missing.c =================================================================== --- ext/openssl/openssl_missing.c (revision 57145) +++ ext/openssl/openssl_missing.c (revision 57146) @@ -23,7 +23,7 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L23 /* added in 0.9.8X */ #if !defined(HAVE_EVP_CIPHER_CTX_NEW) EVP_CIPHER_CTX * -EVP_CIPHER_CTX_new(void) +ossl_EVP_CIPHER_CTX_new(void) { EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)); if (!ctx) @@ -35,7 +35,7 @@ EVP_CIPHER_CTX_new(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L35 #if !defined(HAVE_EVP_CIPHER_CTX_FREE) void -EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { if (ctx) { EVP_CIPHER_CTX_cleanup(ctx); @@ -52,7 +52,7 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L52 * tested on 0.9.7d. */ int -EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) +ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { memcpy(out, in, sizeof(EVP_CIPHER_CTX)); @@ -71,7 +71,7 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L71 #if !defined(OPENSSL_NO_HMAC) #if !defined(HAVE_HMAC_CTX_COPY) int -HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) +ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) { if (!out || !in) return 0; @@ -112,7 +112,7 @@ static struct { https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L112 }; int -EC_curve_nist2nid(const char *name) +ossl_EC_curve_nist2nid(const char *name) { size_t i; for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) { @@ -127,7 +127,7 @@ EC_curve_nist2nid(const char *name) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L127 /*** added in 1.1.0 ***/ #if !defined(HAVE_HMAC_CTX_NEW) HMAC_CTX * -HMAC_CTX_new(void) +ossl_HMAC_CTX_new(void) { HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); if (!ctx) @@ -139,7 +139,7 @@ HMAC_CTX_new(void) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L139 #if !defined(HAVE_HMAC_CTX_FREE) void -HMAC_CTX_free(HMAC_CTX *ctx) +ossl_HMAC_CTX_free(HMAC_CTX *ctx) { if (ctx) { HMAC_CTX_cleanup(ctx); @@ -150,8 +150,8 @@ HMAC_CTX_free(HMAC_CTX *ctx) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L150 #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) void -X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) +ossl_X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) { if (psig != NULL) *psig = crl->signature; @@ -162,8 +162,8 @@ X509_CRL_get0_signature(const X509_CRL * https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L162 #if !defined(HAVE_X509_REQ_GET0_SIGNATURE) void -X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) +ossl_X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) { if (psig != NULL) *psig = req->signature; Index: ext/openssl/openssl_missing.h =================================================================== --- ext/openssl/openssl_missing.h (revision 57145) +++ ext/openssl/openssl_missing.h (revision 57146) @@ -14,11 +14,17 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L14 /* added in 0.9.8X */ #if !defined(HAVE_EVP_CIPHER_CTX_NEW) -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +EVP_CIPHER_CTX *ossl_EVP_CIPHER_CTX_new(void); +# define EVP_CIPHER_CTX_new ossl_EVP_CIPHER_CTX_new #endif #if !defined(HAVE_EVP_CIPHER_CTX_FREE) -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); +void ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); +# define EVP_CIPHER_CTX_free ossl_EVP_CIPHER_CTX_free +#endif + +#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS) +# define SSL_CTX_clear_options(ctx, op) ((ctx)->options &= ~(op)) #endif /* added in 1.0.0 */ @@ -27,11 +33,13 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L33 #endif #if !defined(HAVE_EVP_CIPHER_CTX_COPY) -int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +int ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *, const EVP_CIPHER_CTX *); +# define EVP_CIPHER_CTX_copy ossl_EVP_CIPHER_CTX_copy #endif #if !defined(HAVE_HMAC_CTX_COPY) -int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); +int ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); +# define HMAC_CTX_copy ossl_HMAC_CTX_copy #endif #if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL) @@ -54,7 +62,8 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CT https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L62 /* added in 1.0.2 */ #if !defined(OPENSSL_NO_EC) #if !defined(HAVE_EC_CURVE_NIST2NID) -int EC_curve_nist2nid(const char *); +int ossl_EC_curve_nist2nid(const char *); +# define EC_curve_nist2nid ossl_EC_curve_nist2nid #endif #endif @@ -93,11 +102,13 @@ int EC_curve_nist2nid(const char *); https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L102 #endif #if !defined(HAVE_HMAC_CTX_NEW) -HMAC_CTX *HMAC_CTX_new(void); +HMAC_CTX *ossl_HMAC_CTX_new(void); +# define HMAC_CTX_new ossl_HMAC_CTX_new #endif #if !defined(HAVE_HMAC_CTX_FREE) -void HMAC_CTX_free(HMAC_CTX *ctx); +void ossl_HMAC_CTX_free(HMAC_CTX *); +# define HMAC_CTX_free ossl_HMAC_CTX_free #endif #if !defined(HAVE_X509_STORE_GET_EX_DATA) @@ -114,11 +125,13 @@ void HMAC_CTX_free(HMAC_CTX *ctx); https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L125 #endif #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) -void X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **); +void ossl_X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **); +# define X509_CRL_get0_signature ossl_X509_CRL_get0_signature #endif #if !defined(HAVE_X509_REQ_GET0_SIGNATURE) -void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **); +void ossl_X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **); +# define X509_REQ_get0_signature ossl_X509_REQ_get0_signature #endif #if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER) @@ -245,4 +258,8 @@ IMPL_PKEY_GETTER(EC_KEY, ec) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.h#L258 # define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x) #endif +#if !defined(HAVE_SSL_SESSION_GET_PROTOCOL_VERSION) +# define SSL_SESSION_get_protocol_version(s) ((s)->ssl_version) +#endif + #endif /* _OSSL_OPENSSL_MISSING_H_ */ Index: ext/openssl/extconf.rb =================================================================== --- ext/openssl/extconf.rb (revision 57145) +++ ext/openssl/extconf.rb (revision 57146) @@ -81,6 +81,7 @@ engines.each { |name| https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L81 # added in 0.9.8X have_func("EVP_CIPHER_CTX_new") have_func("EVP_CIPHER_CTX_free") +OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h") # added in 1.0.0 have_func("ASN1_TIME_adj") @@ -143,6 +144,7 @@ OpenSSL.check_func_or_macro("SSL_CTX_set https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L144 OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h") have_func("SSL_CTX_get_security_level") have_func("X509_get0_notBefore") +have_func("SSL_SESSION_get_protocol_version") Logging::message "=== Checking done. ===\n" Index: ext/openssl/ossl_version.h =================================================================== --- ext/openssl/ossl_version.h (revision 57145) +++ ext/openssl/ossl_version.h (revision 57146) @@ -10,6 +10,6 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_version.h#L10 #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.0.1" +#define OSSL_VERSION "2.0.2" #endif /* _OSSL_VERSION_H_ */ Index: ext/openssl/openssl.gemspec =================================================================== --- ext/openssl/openssl.gemspec (revision 57145) +++ ext/openssl/openssl.gemspec (revision 57146) @@ -1,15 +1,15 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl.gemspec#L1 # -*- encoding: utf-8 -*- -# stub: openssl 2.0.1 ruby lib +# stub: openssl 2.0.2 ruby lib # stub: ext/openssl/extconf.rb Gem::Specification.new do |s| s.name = "openssl".freeze - s.version = "2.0.1" + s.version = "2.0.2" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.require_paths = ["lib".freeze] s.authors = ["Martin Bosslet".freeze, "SHIBATA Hiroshi".freeze, "Zachary Scott".freeze, "Kazuki Yamaguchi".freeze] - s.date = "2016-12-10" + s.date = "2016-12-22" s.description = "It wraps the OpenSSL library.".freeze s.email = ["ruby-core@r...".freeze] s.extensions = ["ext/openssl/extconf.rb".freeze] -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/