archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-23 21:14:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
ruby/ext/openssl/openssl_missing.c
rhe f26f358930 openssl: add SSLContext#ecdh_curves= 
* ext/openssl/ossl_ssl.c (ossl_sslctx_s_alloc): Enable the automatic
  curve selection for ECDH by calling SSL_CTX_set_ecdh_auto(). With
  this a TLS server automatically selects a curve which both the client
  and the server support to use in ECDH. This changes the default
  behavior but users can still disable ECDH by excluding 'ECDH' cipher
  suites from the cipher list (with SSLContext#ciphers=). This commit
  also deprecate #tmp_ecdh_callback=. It was added in Ruby 2.3.0. It
  wraps SSL_CTX_set_tmp_ecdh_callback() which will be removed in OpenSSL
  1.1.0. Its callback receives two values 'is_export' and 'keylength'
  but both are completely useless for determining a curve to use in
  ECDH. The automatic curve selection was introduced to replace this.

  (ossl_sslctx_setup): Deprecate SSLContext#tmp_ecdh_callback=. Emit a
  warning if this is in use.

  (ossl_sslctx_set_ecdh_curves): Add SSLContext#ecdh_curves=. Wrap
  SSL_CTX_set1_curves_list(). If it is not available, this falls back
  to SSL_CTX_set_tmp_ecdh().

  (Init_ossl_ssl): Define SSLContext#ecdh_curves=.

* ext/openssl/extconf.rb: Check the existence of EC_curve_nist2nid(),
  SSL_CTX_set1_curves_list(), SSL_CTX_set_ecdh_auto() and
  SSL_CTX_set_tmp_ecdh_callback().

* ext/openssl/openssl_missing.[ch]: Implement EC_curve_nist2nid() if
  missing.

* test/openssl/test_pair.rb (test_ecdh_callback): Use
  EnvUtil.suppress_warning to suppress deprecated warning.

  (test_ecdh_curves): Test that SSLContext#ecdh_curves= works.

* test/openssl/utils.rb (start_server): Use SSLContext#ecdh_curves=.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55214 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2016-05-30 09:30:38 +00:00

97 lines
2.2 KiB
C
Raw Blame History

/*
* 'OpenSSL for Ruby' project
* Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
* All rights reserved.
*/
/*
* This program is licensed under the same licence as Ruby.
* (See the file 'LICENCE'.)
*/
#include RUBY_EXTCONF_H
#include <string.h> /* memcpy() */
#if !defined(OPENSSL_NO_ENGINE)
# include <openssl/engine.h>
#endif
#if !defined(OPENSSL_NO_HMAC)
# include <openssl/hmac.h>
#endif
#include <openssl/x509_vfy.h>
#include "openssl_missing.h"
/* added in 1.0.0 */
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
/*
* this function does not exist in OpenSSL yet... or ever?.
* a future version may break this function.
* tested on 0.9.7d.
*/
int
EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
{
memcpy(out, in, sizeof(EVP_CIPHER_CTX));
#if !defined(OPENSSL_NO_ENGINE)
if (in->engine) ENGINE_add(out->engine);
if (in->cipher_data) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
}
#endif
return 1;
}
#endif
#if !defined(OPENSSL_NO_HMAC)
#if !defined(HAVE_HMAC_CTX_COPY)
void
HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
if (!out || !in) return;
memcpy(out, in, sizeof(HMAC_CTX));
EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
}
#endif /* HAVE_HMAC_CTX_COPY */
#endif /* NO_HMAC */
/* added in 1.0.2 */
#if !defined(OPENSSL_NO_EC)
#if !defined(HAVE_EC_CURVE_NIST2NID)
static struct {
const char *name;
int nid;
} nist_curves[] = {
{"B-163", NID_sect163r2},
{"B-233", NID_sect233r1},
{"B-283", NID_sect283r1},
{"B-409", NID_sect409r1},
{"B-571", NID_sect571r1},
{"K-163", NID_sect163k1},
{"K-233", NID_sect233k1},
{"K-283", NID_sect283k1},
{"K-409", NID_sect409k1},
{"K-571", NID_sect571k1},
{"P-192", NID_X9_62_prime192v1},
{"P-224", NID_secp224r1},
{"P-256", NID_X9_62_prime256v1},
{"P-384", NID_secp384r1},
{"P-521", NID_secp521r1}
};
int
EC_curve_nist2nid(const char *name)
{
size_t i;
for (i = 0; i < (sizeof(nist_curves) / sizeof(nist_curves[0])); i++) {
if (!strcmp(nist_curves[i].name, name))
return nist_curves[i].nid;
}
return NID_undef;
}
#endif
#endif
Reference in a new issue View git blame Copy permalink