From a211b32180b1ab0532f6978c32e907fe1c0c218a Mon Sep 17 00:00:00 2001 From: Alan Wu Date: Sun, 26 Jun 2022 21:34:42 -0400 Subject: [PATCH] [ruby/openssl] Check for OpenSSL functions in headers While building with a custom build of OpenSSL, I noticed in mkmf.log that all the feature detection checks are done using a program lacking an OpenSSL header include. `mkmf` retries using a fallback program when this fails, but that means all the `have_func` calls compile twice when compiling once should suffice. Example log without this commit: have_func: checking for X509_STORE_CTX_get0_cert()... -------------------- yes DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ... conftest.c:14:57: error: use of undeclared identifier 'X509_STORE_CTX_get0_cert' int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; } ^ 1 error generated. checked program was: /* begin */ 1: #include "ruby.h" 2: 3: /*top*/ 4: extern int t(void); 5: int main(int argc, char **argv) 6: { 7: if (argc > 1000000) { 8: int (* volatile tp)(void)=(int (*)(void))&t; 9: printf("%d", (*tp)()); 10: } 11: 12: return !!argv[argc]; 13: } 14: int t(void) { void ((*volatile p)()); p = (void ((*)()))X509_STORE_CTX_get0_cert; return !p; } /* end */ DYLD_FALLBACK_LIBRARY_PATH=.:../.. "clang -o conftest ... checked program was: /* begin */ 1: #include "ruby.h" 2: 3: /*top*/ 4: extern int t(void); 5: int main(int argc, char **argv) 6: { 7: if (argc > 1000000) { 8: int (* volatile tp)(void)=(int (*)(void))&t; 9: printf("%d", (*tp)()); 10: } 11: 12: return !!argv[argc]; 13: } 14: extern void X509_STORE_CTX_get0_cert(); 15: int t(void) { X509_STORE_CTX_get0_cert(); return 0; } /* end */ The second compilation succeeds. Specify the header for each checked function. https://github.com/ruby/openssl/commit/34ae7d92d0 --- ext/openssl/extconf.rb | 97 ++++++++++++++++++++++-------------------- 1 file changed, 51 insertions(+), 46 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index cc2b1f8ba2..4a9ae5598d 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -120,8 +120,13 @@ if is_libressl && ($mswin || $mingw) end Logging::message "=== Checking for OpenSSL features... ===\n" +evp_h = "openssl/evp.h".freeze +x509_h = "openssl/x509.h".freeze +ts_h = "openssl/ts.h".freeze +ssl_h = "openssl/ssl.h".freeze + # compile options -have_func("RAND_egd") +have_func("RAND_egd", "openssl/rand.h") engines = %w{dynamic 4758cca aep atalla chil cswift nuron sureware ubsec padlock capi gmp gost cryptodev} engines.each { |name| @@ -132,56 +137,56 @@ engines.each { |name| if !have_struct_member("SSL", "ctx", "openssl/ssl.h") || is_libressl $defs.push("-DHAVE_OPAQUE_OPENSSL") end -have_func("EVP_MD_CTX_new") -have_func("EVP_MD_CTX_free") -have_func("EVP_MD_CTX_pkey_ctx") -have_func("X509_STORE_get_ex_data") -have_func("X509_STORE_set_ex_data") -have_func("X509_STORE_get_ex_new_index") -have_func("X509_CRL_get0_signature") -have_func("X509_REQ_get0_signature") -have_func("X509_REVOKED_get0_serialNumber") -have_func("X509_REVOKED_get0_revocationDate") -have_func("X509_get0_tbs_sigalg") -have_func("X509_STORE_CTX_get0_untrusted") -have_func("X509_STORE_CTX_get0_cert") -have_func("X509_STORE_CTX_get0_chain") -have_func("OCSP_SINGLERESP_get0_id") -have_func("SSL_CTX_get_ciphers") -have_func("X509_up_ref") -have_func("X509_CRL_up_ref") -have_func("X509_STORE_up_ref") -have_func("SSL_SESSION_up_ref") -have_func("EVP_PKEY_up_ref") -have_func("SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h") -have_func("SSL_CTX_get_security_level") -have_func("X509_get0_notBefore") -have_func("SSL_SESSION_get_protocol_version") -have_func("TS_STATUS_INFO_get0_status") -have_func("TS_STATUS_INFO_get0_text") -have_func("TS_STATUS_INFO_get0_failure_info") -have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h") -have_func("TS_VERIFY_CTX_set_store") -have_func("TS_VERIFY_CTX_add_flags") -have_func("TS_RESP_CTX_set_time_cb") -have_func("EVP_PBE_scrypt") -have_func("SSL_CTX_set_post_handshake_auth") +have_func("EVP_MD_CTX_new", evp_h) +have_func("EVP_MD_CTX_free", evp_h) +have_func("EVP_MD_CTX_pkey_ctx", evp_h) +have_func("X509_STORE_get_ex_data", x509_h) +have_func("X509_STORE_set_ex_data", x509_h) +have_func("X509_STORE_get_ex_new_index", x509_h) +have_func("X509_CRL_get0_signature", x509_h) +have_func("X509_REQ_get0_signature", x509_h) +have_func("X509_REVOKED_get0_serialNumber", x509_h) +have_func("X509_REVOKED_get0_revocationDate", x509_h) +have_func("X509_get0_tbs_sigalg", x509_h) +have_func("X509_STORE_CTX_get0_untrusted", x509_h) +have_func("X509_STORE_CTX_get0_cert", x509_h) +have_func("X509_STORE_CTX_get0_chain", x509_h) +have_func("OCSP_SINGLERESP_get0_id", "openssl/ocsp.h") +have_func("SSL_CTX_get_ciphers", ssl_h) +have_func("X509_up_ref", x509_h) +have_func("X509_CRL_up_ref", x509_h) +have_func("X509_STORE_up_ref", x509_h) +have_func("SSL_SESSION_up_ref", ssl_h) +have_func("EVP_PKEY_up_ref", evp_h) +have_func("SSL_CTX_set_min_proto_version(NULL, 0)", ssl_h) +have_func("SSL_CTX_get_security_level", ssl_h) +have_func("X509_get0_notBefore", x509_h) +have_func("SSL_SESSION_get_protocol_version", ssl_h) +have_func("TS_STATUS_INFO_get0_status", ts_h) +have_func("TS_STATUS_INFO_get0_text", ts_h) +have_func("TS_STATUS_INFO_get0_failure_info", ts_h) +have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", ts_h) +have_func("TS_VERIFY_CTX_set_store", ts_h) +have_func("TS_VERIFY_CTX_add_flags", ts_h) +have_func("TS_RESP_CTX_set_time_cb", ts_h) +have_func("EVP_PBE_scrypt", evp_h) +have_func("SSL_CTX_set_post_handshake_auth", ssl_h) # added in 1.1.1 -have_func("EVP_PKEY_check") -have_func("SSL_CTX_set_ciphersuites") +have_func("EVP_PKEY_check", evp_h) +have_func("SSL_CTX_set_ciphersuites", ssl_h) # added in 3.0.0 openssl_3 = -have_func("SSL_set0_tmp_dh_pkey") -have_func("ERR_get_error_all") -have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h") -have_func("SSL_CTX_load_verify_file") -have_func("BN_check_prime") -have_func("EVP_MD_CTX_get0_md") -have_func("EVP_MD_CTX_get_pkey_ctx") -have_func("EVP_PKEY_eq") -have_func("EVP_PKEY_dup") +have_func("SSL_set0_tmp_dh_pkey", ssl_h) +have_func("ERR_get_error_all", "openssl/err.h") +have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", ts_h) +have_func("SSL_CTX_load_verify_file", ssl_h) +have_func("BN_check_prime", "openssl/bn.h") +have_func("EVP_MD_CTX_get0_md", evp_h) +have_func("EVP_MD_CTX_get_pkey_ctx", evp_h) +have_func("EVP_PKEY_eq", evp_h) +have_func("EVP_PKEY_dup", evp_h) Logging::message "=== Checking done. ===\n"