ruby
diff --git a/‎.travis.yml‎
Lines changed: 0 additions & 1 deletion b/‎.travis.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎History.md‎
Lines changed: 3 additions & 1 deletion b/‎History.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎ext/openssl/extconf.rb‎
Lines changed: 7 additions & 43 deletions b/‎ext/openssl/extconf.rb‎
Lines changed: 7 additions & 43 deletions
diff --git a/‎ext/openssl/openssl_missing.c‎
Lines changed: 0 additions & 67 deletions b/‎ext/openssl/openssl_missing.c‎
Lines changed: 0 additions & 67 deletions
diff --git a/‎ext/openssl/openssl_missing.h‎
Lines changed: 1 addition & 48 deletions b/‎ext/openssl/openssl_missing.h‎
Lines changed: 1 addition & 48 deletions
diff --git a/‎ext/openssl/ossl.c‎
Lines changed: 0 additions & 12 deletions b/‎ext/openssl/ossl.c‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎ext/openssl/ossl_asn1.c‎
Lines changed: 0 additions & 18 deletions b/‎ext/openssl/ossl_asn1.c‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎ext/openssl/ossl_asn1.h‎
Lines changed: 0 additions & 4 deletions b/‎ext/openssl/ossl_asn1.h‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎ext/openssl/ossl_cipher.c‎
Lines changed: 0 additions & 16 deletions b/‎ext/openssl/ossl_cipher.c‎
Lines changed: 0 additions & 16 deletions
@@ -17,7 +17,6 @@ script:
 matrix:
  fast_finish: true
  include:
- - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.0 OSSL_MDEBUG=1
  - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.1 OSSL_MDEBUG=1
  - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.0.2 OSSL_MDEBUG=1
  - env: RUBY_VERSION=ruby-2.3 OPENSSL_VERSION=openssl-1.1.0 OSSL_MDEBUG=1
 
@@ -4,10 +4,12 @@ Version 2.1.0
 Compatibility notes
 -------------------
 
+* Support for OpenSSL version 0.9.8 and 1.0.0 is completely removed.
+
 Supported platforms
 -------------------
 
-* OpenSSL 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0
+* OpenSSL 1.0.1, 1.0.2, 1.1.0
 * LibreSSL 2.3, 2.4, 2.5
 * Ruby 2.3, 2.4
 
 
@@ -47,61 +47,25 @@
  end
 end
 
-result = checking_for("OpenSSL version is 0.9.8 or later") {
- try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
-}
-unless result
- raise "OpenSSL 0.9.8 or later required."
-end
-
-unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
- raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
+unless checking_for("OpenSSL version is 1.0.1 or later") {
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
+ raise "OpenSSL >= 1.0.1 or LibreSSL is required"
 end
 
 Logging::message "=== Checking for OpenSSL features... ===\n"
 # compile options
 
-# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
-# exist even if compiled with no-ssl2 or no-ssl3-method.
-unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
- have_func("SSLv2_method")
-end
-unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
- have_func("SSLv3_method")
-end
-have_func("TLSv1_1_method")
-have_func("TLSv1_2_method")
+# SSLv2 and SSLv3 may be removed in future versions of OpenSSL, and even macros
+# like OPENSSL_NO_SSL2 may not be defined.
+have_func("SSLv2_method")
+have_func("SSLv3_method")
 have_func("RAND_egd")
 engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
  cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
 engines.each { |name|
  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
 }
 
-# added in 0.9.8X
-have_func("EVP_CIPHER_CTX_new")
-have_func("EVP_CIPHER_CTX_free")
-OpenSSL.check_func_or_macro("SSL_CTX_clear_options", "openssl/ssl.h")
-
-# added in 1.0.0
-have_func("ASN1_TIME_adj")
-have_func("EVP_CIPHER_CTX_copy")
-have_func("EVP_PKEY_base_id")
-have_func("HMAC_CTX_copy")
-have_func("PKCS5_PBKDF2_HMAC")
-have_func("X509_NAME_hash_old")
-have_func("X509_STORE_CTX_get0_current_crl")
-have_func("X509_STORE_set_verify_cb")
-have_func("i2d_ASN1_SET_ANY")
-have_func("SSL_SESSION_cmp") # removed
-OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
-have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
-have_func("EVP_PKEY_get0")
-
-# added in 1.0.1
-have_func("SSL_CTX_set_next_proto_select_cb")
-have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
-
 # added in 1.0.2
 have_func("EC_curve_nist2nid")
 have_func("X509_REVOKED_dup")
 
@@ -20,73 +20,6 @@
 
 #include "openssl_missing.h"
 
-/* added in 0.9.8X */
-#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
-EVP_CIPHER_CTX *
-ossl_EVP_CIPHER_CTX_new(void)
-{
- EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
- if (!ctx)
-return NULL;
- EVP_CIPHER_CTX_init(ctx);
- return ctx;
-}
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
-void
-ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-{
- if (ctx) {
-EVP_CIPHER_CTX_cleanup(ctx);
-OPENSSL_free(ctx);
- }
-}
-#endif
-
-/* added in 1.0.0 */
-#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-/*
- * this function does not exist in OpenSSL yet... or ever?.
- * a future version may break this function.
- * tested on 0.9.7d.
- */
-int
-ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
-{
- memcpy(out, in, sizeof(EVP_CIPHER_CTX));
-
-#if !defined(OPENSSL_NO_ENGINE)
- if (in->engine) ENGINE_add(out->engine);
- if (in->cipher_data) {
-out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
-memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
- }
-#endif
-
- return 1;
-}
-#endif
-
-#if !defined(OPENSSL_NO_HMAC)
-#if !defined(HAVE_HMAC_CTX_COPY)
-int
-ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
-{
- if (!out || !in)
-return 0;
-
- memcpy(out, in, sizeof(HMAC_CTX));
-
- EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
- EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
- EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
-
- return 1;
-}
-#endif /* HAVE_HMAC_CTX_COPY */
-#endif /* NO_HMAC */
-
 /* added in 1.0.2 */
 #if !defined(OPENSSL_NO_EC)
 #if !defined(HAVE_EC_CURVE_NIST2NID)
 
@@ -12,53 +12,6 @@
 
 #include "ruby/config.h"
 
-/* added in 0.9.8X */
-#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
-EVP_CIPHER_CTX *ossl_EVP_CIPHER_CTX_new(void);
-# define EVP_CIPHER_CTX_new ossl_EVP_CIPHER_CTX_new
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
-void ossl_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
-# define EVP_CIPHER_CTX_free ossl_EVP_CIPHER_CTX_free
-#endif
-
-#if !defined(HAVE_SSL_CTX_CLEAR_OPTIONS)
-# define SSL_CTX_clear_options(ctx, op) ((ctx)->options &= ~(op))
-#endif
-
-/* added in 1.0.0 */
-#if !defined(HAVE_EVP_PKEY_BASE_ID)
-# define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type)
-#endif
-
-#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
-int ossl_EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *, const EVP_CIPHER_CTX *);
-# define EVP_CIPHER_CTX_copy ossl_EVP_CIPHER_CTX_copy
-#endif
-
-#if !defined(HAVE_HMAC_CTX_COPY)
-int ossl_HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
-# define HMAC_CTX_copy ossl_HMAC_CTX_copy
-#endif
-
-#if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL)
-# define X509_STORE_CTX_get0_current_crl(x) ((x)->current_crl)
-#endif
-
-#if !defined(HAVE_X509_STORE_SET_VERIFY_CB)
-# define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func
-#endif
-
-#if !defined(HAVE_I2D_ASN1_SET_ANY)
-# define i2d_ASN1_SET_ANY(sk, x) i2d_ASN1_SET_OF_ASN1_TYPE((sk), (x), \
-i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0)
-#endif
-
-#if !defined(HAVE_EVP_PKEY_GET0)
-# define EVP_PKEY_get0(pk) (pk->pkey.ptr)
-#endif
-
 /* added in 1.0.2 */
 #if !defined(OPENSSL_NO_EC)
 #if !defined(HAVE_EC_CURVE_NIST2NID)
@@ -245,7 +198,7 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
 #undef IMPL_KEY_ACCESSOR3
 #endif /* HAVE_OPAQUE_OPENSSL */
 
-#if defined(HAVE_AUTHENTICATED_ENCRYPTION) && !defined(EVP_CTRL_AEAD_GET_TAG)
+#if !defined(EVP_CTRL_AEAD_GET_TAG)
 # define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
 # define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
 # define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
 
@@ -473,19 +473,11 @@ ossl_dyn_destroy_callback(struct CRYPTO_dynlock_value *l, const char *file, int
  OPENSSL_free(l);
 }
 
-#ifdef HAVE_CRYPTO_THREADID_PTR
 static void ossl_threadid_func(CRYPTO_THREADID *id)
 {
  /* register native thread id */
  CRYPTO_THREADID_set_pointer(id, (void *)rb_nativethread_self());
 }
-#else
-static unsigned long ossl_thread_id(void)
-{
- /* before OpenSSL 1.0, this is 'unsigned long' */
- return (unsigned long)rb_nativethread_self();
-}
-#endif
 
 static void Init_ossl_locks(void)
 {
@@ -503,11 +495,7 @@ static void Init_ossl_locks(void)
 rb_nativethread_lock_initialize(&ossl_locks[i]);
  }
 
-#ifdef HAVE_CRYPTO_THREADID_PTR
  CRYPTO_THREADID_set_callback(ossl_threadid_func);
-#else
- CRYPTO_set_id_callback(ossl_thread_id);
-#endif
  CRYPTO_set_locking_callback(ossl_lock_callback);
  CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback);
  CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback);
 
@@ -72,7 +72,6 @@ asn1time_to_time(const ASN1_TIME *time)
  return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
 }
 
-#if defined(HAVE_ASN1_TIME_ADJ)
 void
 ossl_time_split(VALUE time, time_t *sec, int *days)
 {
@@ -88,13 +87,6 @@ ossl_time_split(VALUE time, time_t *sec, int *days)
 *sec = NUM2TIMET(rb_funcall(num, rb_intern("%"), 1, INT2FIX(86400)));
  }
 }
-#else
-time_t
-time_to_time_t(VALUE time)
-{
- return (time_t)NUM2TIMET(rb_Integer(time));
-}
-#endif
 
 /*
  * STRING conversion
@@ -269,15 +261,10 @@ obj_to_asn1utime(VALUE time)
  time_t sec;
  ASN1_UTCTIME *t;
 
-#if defined(HAVE_ASN1_TIME_ADJ)
  int off_days;
 
  ossl_time_split(time, &sec, &off_days);
  if (!(t = ASN1_UTCTIME_adj(NULL, sec, off_days, 0)))
-#else
- sec = time_to_time_t(time);
- if (!(t = ASN1_UTCTIME_set(NULL, sec)))
-#endif
 ossl_raise(eASN1Error, NULL);
 
  return t;
@@ -289,15 +276,10 @@ obj_to_asn1gtime(VALUE time)
  time_t sec;
  ASN1_GENERALIZEDTIME *t;
 
-#if defined(HAVE_ASN1_TIME_ADJ)
  int off_days;
 
  ossl_time_split(time, &sec, &off_days);
  if (!(t = ASN1_GENERALIZEDTIME_adj(NULL, sec, off_days, 0)))
-#else
- sec = time_to_time_t(time);
- if (!(t = ASN1_GENERALIZEDTIME_set(NULL, sec)))
-#endif
 ossl_raise(eASN1Error, NULL);
 
  return t;
 
@@ -14,15 +14,11 @@
  * ASN1_DATE conversions
  */
 VALUE asn1time_to_time(const ASN1_TIME *);
-#if defined(HAVE_ASN1_TIME_ADJ)
 /* Splits VALUE to seconds and offset days. VALUE is typically a Time or an
  * Integer. This is used when updating ASN1_*TIME with ASN1_TIME_adj() or
  * X509_time_adj_ex(). We can't use ASN1_TIME_set() and X509_time_adj() because
  * they have the Year 2038 issue on sizeof(time_t) == 4 environment */
 void ossl_time_split(VALUE, time_t *, int *);
-#else
-time_t time_to_time_t(VALUE);
-#endif
 
 /*
  * ASN1_STRING conversions
 
@@ -512,10 +512,8 @@ ossl_cipher_set_iv(VALUE self, VALUE iv)
  StringValue(iv);
  GetCipher(self, ctx);
 
-#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
  if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
 iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
-#endif
  if (!iv_len)
 iv_len = EVP_CIPHER_CTX_iv_length(ctx);
  if (RSTRING_LEN(iv) != iv_len)
@@ -541,14 +539,9 @@ ossl_cipher_is_authenticated(VALUE self)
 
  GetCipher(self, ctx);
 
-#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
  return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
-#else
- return Qfalse;
-#endif
 }
 
-#ifdef HAVE_AUTHENTICATED_ENCRYPTION
 /*
  * call-seq:
  * cipher.auth_data = string -> string
@@ -722,13 +715,6 @@ ossl_cipher_set_iv_length(VALUE self, VALUE iv_length)
 
  return iv_length;
 }
-#else
-#define ossl_cipher_set_auth_data rb_f_notimplement
-#define ossl_cipher_get_auth_tag rb_f_notimplement
-#define ossl_cipher_set_auth_tag rb_f_notimplement
-#define ossl_cipher_set_auth_tag_len rb_f_notimplement
-#define ossl_cipher_set_iv_length rb_f_notimplement
-#endif
 
 /*
  * call-seq:
@@ -806,10 +792,8 @@ ossl_cipher_iv_length(VALUE self)
  int len = 0;
 
  GetCipher(self, ctx);
-#if defined(HAVE_AUTHENTICATED_ENCRYPTION)
  if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
 len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
-#endif
  if (!len)
 len = EVP_CIPHER_CTX_iv_length(ctx);
Original file line number	Diff line number	Diff line change
`@@ -473,19 +473,11 @@ ossl_dyn_destroy_callback(struct CRYPTO_dynlock_value l, const char file, int`
`473`	`473`	`OPENSSL_free(l);`
`474`	`474`	`}`
`475`	`475`
`476`		`-#ifdef HAVE_CRYPTO_THREADID_PTR`
`477`	`476`	`static void ossl_threadid_func(CRYPTO_THREADID *id)`
`478`	`477`	`{`
`479`	`478`	`/* register native thread id */`
`480`	`479`	`CRYPTO_THREADID_set_pointer(id, (void *)rb_nativethread_self());`
`481`	`480`	`}`
`482`		`-#else`
`483`		`-static unsigned long ossl_thread_id(void)`
`484`		`-{`
`485`		`- /* before OpenSSL 1.0, this is 'unsigned long' */`
`486`		`- return (unsigned long)rb_nativethread_self();`
`487`		`-}`
`488`		`-#endif`
`489`	`481`
`490`	`482`	`static void Init_ossl_locks(void)`
`491`	`483`	`{`
`@@ -503,11 +495,7 @@ static void Init_ossl_locks(void)`
`503`	`495`	`rb_nativethread_lock_initialize(&ossl_locks[i]);`
`504`	`496`	`}`
`505`	`497`
`506`		`-#ifdef HAVE_CRYPTO_THREADID_PTR`
`507`	`498`	`CRYPTO_THREADID_set_callback(ossl_threadid_func);`
`508`		`-#else`
`509`		`- CRYPTO_set_id_callback(ossl_thread_id);`
`510`		`-#endif`
`511`	`499`	`CRYPTO_set_locking_callback(ossl_lock_callback);`
`512`	`500`	`CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback);`
`513`	`501`	`CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback);`