Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Ruby 2.0.0-p247 - OpenSSL Patch for CentOS 6.5
require_gcc
install_package "ruby-enterprise-1.8.7-2012.02" "file:///tmp/build/ruby-enterprise-openssl-1.8.7-2012.02.tar.gz" ree_installer
diff -r -u ruby-2.0.0-p247/ChangeLog ruby-2.0.0-p247-openssl/ChangeLog
--- ruby-2.0.0-p247/ChangeLog 2013-06-27 04:11:11.000000000 -0700
+++ ruby-2.0.0-p247-openssl/ChangeLog 2013-12-20 11:16:02.578020480 -0800
@@ -1,3 +1,16 @@
+Sat Jul 6 07:37:43 2013 Martin Bosslet <Martin.Bosslet@gmail.com>
+
+ * ext/openssl/ossl_pkey_ec.c: Ensure compatibility to builds of
+ OpenSSL with OPENSSL_NO_EC2M defined, but OPENSSL_NO_EC not
+ defined.
+ * test/openssl/test_pkey_ec.rb: Iterate over built-in curves
+ (and assert their non-emptiness!) instead of hard-coding them, as
+ this may cause problems with respect to the different availability
+ of individual curves in individual OpenSSL builds.
+ [ruby-core:54881] [Bug #8384]
+
+ Thanks to Vit Ondruch for providing the patch!
+
Thu Jun 27 20:10:56 2013 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
* ext/openssl/lib/openssl/ssl.rb (verify_certificate_identity): fix
diff -r -u ruby-2.0.0-p247/ext/openssl/ossl_pkey_ec.c ruby-2.0.0-p247-openssl/ext/openssl/ossl_pkey_ec.c
--- ruby-2.0.0-p247/ext/openssl/ossl_pkey_ec.c 2012-07-10 20:46:37.000000000 -0700
+++ ruby-2.0.0-p247-openssl/ext/openssl/ossl_pkey_ec.c 2013-12-20 11:14:56.466943014 -0800
@@ -762,8 +762,10 @@
method = EC_GFp_mont_method();
} else if (id == s_GFp_nist) {
method = EC_GFp_nist_method();
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m_simple) {
method = EC_GF2m_simple_method();
+#endif
}
if (method) {
@@ -817,8 +819,10 @@
if (id == s_GFp) {
new_curve = EC_GROUP_new_curve_GFp;
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m) {
new_curve = EC_GROUP_new_curve_GF2m;
+#endif
} else {
ossl_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m");
}
diff -r -u ruby-2.0.0-p247/test/openssl/test_pkey_ec.rb ruby-2.0.0-p247-openssl/test/openssl/test_pkey_ec.rb
--- ruby-2.0.0-p247/test/openssl/test_pkey_ec.rb 2012-08-20 21:50:18.000000000 -0700
+++ ruby-2.0.0-p247-openssl/test/openssl/test_pkey_ec.rb 2013-12-20 11:20:35.694966642 -0800
@@ -7,28 +7,28 @@
@data1 = 'foo'
@data2 = 'bar' * 1000 # data too long for DSA sig
- @group1 = OpenSSL::PKey::EC::Group.new('secp112r1')
- @group2 = OpenSSL::PKey::EC::Group.new('sect163k1')
- @group3 = OpenSSL::PKey::EC::Group.new('prime256v1')
-
- @key1 = OpenSSL::PKey::EC.new
- @key1.group = @group1
- @key1.generate_key
+ @groups = []
+ @keys = []
- @key2 = OpenSSL::PKey::EC.new(@group2.curve_name)
- @key2.generate_key
+ OpenSSL::PKey::EC.builtin_curves.each do |curve, comment|
+ group = OpenSSL::PKey::EC::Group.new(curve)
- @key3 = OpenSSL::PKey::EC.new(@group3)
- @key3.generate_key
+ key = OpenSSL::PKey::EC.new(group)
+ key.generate_key
- @groups = [@group1, @group2, @group3]
- @keys = [@key1, @key2, @key3]
+ @groups << group
+ @keys << key
+ end
end
def compare_keys(k1, k2)
assert_equal(k1.to_pem, k2.to_pem)
end
+ def test_builtin_curves
+ assert(!OpenSSL::PKey::EC.builtin_curves.empty?)
+ end
+
def test_curve_names
@groups.each_with_index do |group, idx|
key = @keys[idx]
install_package "openssl-1.0.1e" "https://www.openssl.org/source/openssl-1.0.1e.tar.gz#66bf6f10f060d561929de96f9dfe5b8c" mac_openssl --if has_broken_mac_openssl
install_package "ruby-2.0.0-p247" "file:///tmp/build-tmp/ruby-2.0.0-p247-openssl.tar.gz" standard verify_openssl
diff -ur ruby-enterprise-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c ruby-enterprise-openssl-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c
--- ruby-enterprise-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c 2012-02-19 06:09:11.000000000 -0800
+++ ruby-enterprise-openssl-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c 2014-01-03 16:37:11.077561351 -0800
@@ -757,8 +757,10 @@
method = EC_GFp_mont_method();
} else if (id == s_GFp_nist) {
method = EC_GFp_nist_method();
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m_simple) {
method = EC_GF2m_simple_method();
+#endif
}
if (method) {
@@ -811,8 +813,10 @@
if (id == s_GFp) {
new_curve = EC_GROUP_new_curve_GFp;
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m) {
new_curve = EC_GROUP_new_curve_GF2m;
+#endif
} else {
rb_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m");
}
@spkane

This comment has been minimized.

Copy link
Owner Author

@spkane spkane commented Dec 20, 2013

See patch here: https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/41808/diff
How to Patch Ruby with RBENV: http://philippe.bourgau.net/how-to-install-a-patched-ruby-interpreter-wit/

And my notes for 2.0.0-p247:
rm ~/.rbenv/cache/* -rf
mkdir /tmp/build
cp ruby-build-2.0.0-p247 /tmp/build/ #original would be found in ~/.rbenv/plugins/ruby-build/share/ruby-build
cp ruby-2.0.0-p247-openssl-el65.patch /tmp/build/
cd /tmp/build
wget http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p247.tar.gz
tar -xvzf ruby-2.0.0-p247.tar.gz
cd ruby-2.0.0-p247
patch -p1 < ../ruby-2.0.0-p247-openssl-el65.patch
cd ..
tar -cvzf ruby-2.0.0-p247-openssl.tar.gz ruby-2.0.0-p247 #NOTE: The directory name MUST match the original directory name
rbenv install /tmp/build/2.0.0-p247
rbenv rehash

@spkane

This comment has been minimized.

Copy link
Owner Author

@spkane spkane commented Jan 4, 2014

And my notes for ree-1.8.7-2012.02:
rm ~/.rbenv/cache/* -rf
mkdir /tmp/build
cp ree-1.8.7-2012.02 /tmp/build/ #original would be found in ~/.rbenv/plugins/ruby-build/share/ruby-build
cp ruby-enterprise-1.8.7-2012.02-openssl-el65.patch /tmp/build/
cd /tmp/build
wget http://rubyenterpriseedition.googlecode.com/files/ruby-enterprise-1.8.7-2012.02.tar.gz
tar -xvzf ruby-enterprise-1.8.7-2012.02.tar.gz
cd ruby-enterprise-1.8.7-2012.02
patch -p1 < ../ruby-enterprise-1.8.7-2012.02-openssl-el65.patch
cd ..
tar -cvzf ruby-enterprise-openssl-1.8.7-2012.02.tar.gz ruby-enterprise-1.8.7-2012.02 #NOTE: The directory name MUST match the original directory name
rbenv install /tmp/build/ree-1.8.7-2012.02
rbenv rehash

@rajerino

This comment has been minimized.

Copy link

@rajerino rajerino commented Feb 13, 2014

Hi,
I applied this patch to ruby-unzipped-dir/ext/openssl/ossl_pkey_ec.c when installing ruby-1.9.3p194 on CentOS 6.5 after getting the following error when making:

compiling ossl_pkey_ec.c
ossl_pkey_ec.c: In function ‘ossl_ec_group_initialize’:
ossl_pkey_ec.c:761: warning: implicit declaration of function ‘EC_GF2m_simple_method’
ossl_pkey_ec.c:761: warning: assignment makes pointer from integer without a cast
ossl_pkey_ec.c:816: error: ‘EC_GROUP_new_curve_GF2m’ undeclared (first use in this function)
ossl_pkey_ec.c:816: error: (Each undeclared identifier is reported only once
ossl_pkey_ec.c:816: error: for each function it appears in.)
make[2]: *** [ossl_pkey_ec.o] Error 1
make[2]: Leaving directory `/root/ruby-1.9.3-p194/ext/openssl'
make[1]: *** [ext/openssl/all] Error 2
make[1]: Leaving directory `/root/ruby-1.9.3-p194'
make: *** [build-ext] Error 2

Thanks, it suffices for my build!

@davidnewhall

This comment has been minimized.

Copy link

@davidnewhall davidnewhall commented Aug 8, 2014

I tested the 1.8.7 patch, built against the latest openssl-1.0.1e-16 and it works great. Thanks!!

rajerino, this doesn't patch 1.9.x. It's only for 2.0.0 and 1.8.7. You can probably manually fix your build based on what's in the patch. Looks similar to the 1.8.7 patch here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.