Date: Wed, 26 May 2010 21:17:10 -0400 (EDT) From: "Philip M. Gollucci" <pgollucci@p6m7g8.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: stas@FreeBSD.org Subject: ports/147111: [PATCH] lang/ruby: support security/openssl Message-ID: <201005270117.o4R1HApS061595@frieza.p6m7g8.net> Resent-Message-ID: <201005270120.o4R1K3Ju098122@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 147111 >Category: ports >Synopsis: [PATCH] lang/ruby: support security/openssl >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu May 27 01:20:03 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Philip M. Gollucci >Release: FreeBSD 9.0-CURRENT amd64 >Organization: RideCharge Inc / TaxiMagic >Environment: System: FreeBSD frieza.p6m7g8.net 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Mon Apr 26 16:20:00 EDT 2010 >Description: Shamelessly stolen from lang/ruby18 Added file(s): - files/patch-openssl_missing.c - files/patch-openssl_missing.h - files/patch-ssl1.0-compat Port maintainer (stas@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.99 >How-To-Repeat: >Fix: --- ruby-1.9.1.376_1,1.patch begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/lang/ruby19/Makefile,v retrieving revision 1.6 diff -u -u -r1.6 Makefile --- Makefile 16 Feb 2010 00:08:17 -0000 1.6 +++ Makefile 26 May 2010 07:28:23 -0000 @@ -25,7 +25,6 @@ CONFIGURE_ARGS= ${RUBY_CONFIGURE_ARGS} \ --enable-shared \ --enable-pthread \ - --with-openssl-include=${OPENSSLINC} \ --with-ruby-version=minor \ --with-sitedir="${PREFIX}/lib/ruby/site_ruby" \ --with-vendordir="${PREFIX}/lib/ruby/vendor_ruby" Index: files/patch-openssl_missing.c =================================================================== RCS file: files/patch-openssl_missing.c diff -N files/patch-openssl_missing.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-openssl_missing.c 26 May 2010 07:27:46 -0000 @@ -0,0 +1,28 @@ +--- ext/openssl/openssl_missing.c.orig 2008-05-19 05:00:52.000000000 +0200 ++++ ext/openssl/openssl_missing.c 2010-04-06 14:20:20.000000000 +0200 +@@ -22,7 +22,7 @@ + #include "openssl_missing.h" + + #if !defined(HAVE_HMAC_CTX_COPY) +-void ++int + HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) + { + if (!out || !in) return; +@@ -31,6 +31,7 @@ + EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx); + EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx); + EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx); ++ return 0; + } + #endif /* HAVE_HMAC_CTX_COPY */ + #endif /* NO_HMAC */ +@@ -117,7 +118,7 @@ + * tested on 0.9.7d. + */ + int +-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in) ++EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) + { + memcpy(out, in, sizeof(EVP_CIPHER_CTX)); + Index: files/patch-openssl_missing.h =================================================================== RCS file: files/patch-openssl_missing.h diff -N files/patch-openssl_missing.h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-openssl_missing.h 26 May 2010 07:27:46 -0000 @@ -0,0 +1,20 @@ +--- ext/openssl/openssl_missing.h.orig 2008-08-04 06:44:17.000000000 +0200 ++++ ext/openssl/openssl_missing.h 2010-04-06 14:00:55.000000000 +0200 +@@ -65,7 +65,7 @@ + #endif + + #if !defined(HAVE_HMAC_CTX_COPY) +-void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); ++int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); + #endif + + #if !defined(HAVE_HMAC_CTX_CLEANUP) +@@ -89,7 +89,7 @@ + #endif + + #if !defined(HAVE_EVP_CIPHER_CTX_COPY) +-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); ++int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); + #endif + + #if !defined(HAVE_EVP_DIGESTINIT_EX) Index: files/patch-ssl1.0-compat =================================================================== RCS file: files/patch-ssl1.0-compat diff -N files/patch-ssl1.0-compat --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-ssl1.0-compat 26 May 2010 07:27:51 -0000 @@ -0,0 +1,207 @@ +commit 76526d091f1caeebf65667b8299eac12d63a36ca +Author: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> +Date: Fri Jan 15 21:53:20 2010 +0900 + + OpenSSL + +diff --git a/ext/openssl/ossl.c ext/openssl/ossl.c +index d4a2dc1..85ba654 100644 +--- a/ext/openssl/ossl.c ++++ ext/openssl/ossl.c +@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary) + + #define OSSL_IMPL_SK2ARY(name, type) \ + VALUE \ +-ossl_##name##_sk2ary(STACK *sk) \ ++ossl_##name##_sk2ary(STACK_OF(type) *sk) \ + { \ + type *t; \ + int i, num; \ +@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk) \ + OSSL_Debug("empty sk!"); \ + return Qnil; \ + } \ +- num = sk_num(sk); \ ++ num = sk_##type##_num(sk); \ + if (num < 0) { \ + OSSL_Debug("items in sk < -1???"); \ + return rb_ary_new(); \ +@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk) \ + ary = rb_ary_new2(num); \ + \ + for (i=0; i<num; i++) { \ +- t = (type *)sk_value(sk, i); \ ++ t = sk_##type##_value(sk, i); \ + rb_ary_push(ary, ossl_##name##_new(t)); \ + } \ + return ary; \ +diff --git a/ext/openssl/ossl.h ext/openssl/ossl.h +index 9ac1525..4bb18d5 100644 +--- a/ext/openssl/ossl.h ++++ ext/openssl/ossl.h +@@ -104,6 +104,13 @@ extern VALUE eOSSLError; + } while (0) + + /* ++ * Compatibility ++ */ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#define STACK _STACK ++#endif ++ ++/* + * String to HEXString conversion + */ + int string2hex(const unsigned char *, int, char **, int *); +diff --git a/ext/openssl/ossl_pkcs7.c ext/openssl/ossl_pkcs7.c +index fe1ef7c..b0cc656 100644 +--- a/ext/openssl/ossl_pkcs7.c ++++ ext/openssl/ossl_pkcs7.c +@@ -572,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert) + return self; + } + +-static STACK * +-pkcs7_get_certs_or_crls(VALUE self, int want_certs) ++static STACK_OF(X509) * ++pkcs7_get_certs(VALUE self) + { + PKCS7 *pkcs7; + STACK_OF(X509) *certs; +- STACK_OF(X509_CRL) *crls; + int i; + + GetPKCS7(self, pkcs7); +@@ -585,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs) + switch(i){ + case NID_pkcs7_signed: + certs = pkcs7->d.sign->cert; +- crls = pkcs7->d.sign->crl; + break; + case NID_pkcs7_signedAndEnveloped: + certs = pkcs7->d.signed_and_enveloped->cert; ++ break; ++ default: ++ certs = NULL; ++ } ++ ++ return certs; ++} ++ ++static STACK_OF(X509_CRL) * ++pkcs7_get_crls(VALUE self) ++{ ++ PKCS7 *pkcs7; ++ STACK_OF(X509_CRL) *crls; ++ int i; ++ ++ GetPKCS7(self, pkcs7); ++ i = OBJ_obj2nid(pkcs7->type); ++ switch(i){ ++ case NID_pkcs7_signed: ++ crls = pkcs7->d.sign->crl; ++ break; ++ case NID_pkcs7_signedAndEnveloped: + crls = pkcs7->d.signed_and_enveloped->crl; + break; + default: +- certs = crls = NULL; ++ crls = NULL; + } + +- return want_certs ? certs : crls; ++ return crls; + } + + static VALUE +@@ -610,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary) + STACK_OF(X509) *certs; + X509 *cert; + +- certs = pkcs7_get_certs_or_crls(self, 1); ++ certs = pkcs7_get_certs(self); + while((cert = sk_X509_pop(certs))) X509_free(cert); + rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self); + +@@ -620,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary) + static VALUE + ossl_pkcs7_get_certificates(VALUE self) + { +- return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1)); ++ return ossl_x509_sk2ary(pkcs7_get_certs(self)); + } + + static VALUE +@@ -650,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary) + STACK_OF(X509_CRL) *crls; + X509_CRL *crl; + +- crls = pkcs7_get_certs_or_crls(self, 0); ++ crls = pkcs7_get_crls(self); + while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl); + rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self); + +@@ -660,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary) + static VALUE + ossl_pkcs7_get_crls(VALUE self) + { +- return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0)); ++ return ossl_x509crl_sk2ary(pkcs7_get_crls(self)); + } + + static VALUE +diff --git a/ext/openssl/ossl_ssl.c ext/openssl/ossl_ssl.c +index 97c5583..fe6e74f 100644 +--- a/ext/openssl/ossl_ssl.c ++++ ext/openssl/ossl_ssl.c +@@ -1403,10 +1403,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self) + } + chain = SSL_get_peer_cert_chain(ssl); + if(!chain) return Qnil; +- num = sk_num(chain); ++ num = sk_X509_num(chain); + ary = rb_ary_new2(num); + for (i = 0; i < num; i++){ +- cert = (X509*)sk_value(chain, i); ++ cert = sk_X509_value(chain, i); + rb_ary_push(ary, ossl_x509_new(cert)); + } + +diff --git a/ext/openssl/ossl_x509attr.c ext/openssl/ossl_x509attr.c +index 1f817cd..2a4c481 100644 +--- a/ext/openssl/ossl_x509attr.c ++++ ext/openssl/ossl_x509attr.c +@@ -218,8 +218,9 @@ ossl_x509attr_get_value(VALUE self) + ossl_str_adjust(str, p); + } + else{ +- length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL, +- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); ++ length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, ++ (unsigned char **) NULL, i2d_ASN1_TYPE, ++ V_ASN1_SET, V_ASN1_UNIVERSAL, 0); + str = rb_str_new(0, length); + p = (unsigned char *)RSTRING_PTR(str); + i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p, +diff --git a/ext/openssl/ossl_x509crl.c ext/openssl/ossl_x509crl.c +index 1be9640..818fdba 100644 +--- a/ext/openssl/ossl_x509crl.c ++++ ext/openssl/ossl_x509crl.c +@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self) + VALUE ary, revoked; + + GetX509CRL(self, crl); +- num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl)); ++ num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); + if (num < 0) { + OSSL_Debug("num < 0???"); + return rb_ary_new(); +@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self) + ary = rb_ary_new2(num); + for(i=0; i<num; i++) { + /* NO DUP - don't free! */ +- rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i); ++ rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); + revoked = ossl_x509revoked_new(rev); + rb_ary_push(ary, revoked); + } --- ruby-1.9.1.376_1,1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005270117.o4R1HApS061595>