6 months ago · e47888fdac
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,10 @@
 PWD = $(shell pwd)
 OPENSSL_LIB_VERSION = 1.0.0
 OPENSSL_VERSION = 1.0.2g
 OPENSSL_VERSION = 1.0.2j
 OPENSSL_NAME = openssl-$(OPENSSL_VERSION)
 OPENSSL_DIR = build/$(OPENSSL_NAME)
 RUBY_MAJOR_VERSION = 2.3
 RUBY_VERSION = $(RUBY_MAJOR_VERSION).3
 RUBY_VERSION = $(RUBY_MAJOR_VERSION).8
 RUBY_NAME = ruby-$(RUBY_VERSION)
 RUBY_DIR = build/$(RUBY_NAME)
 RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl
@@ -12,7 +12,7 @@ RBENV_DIR = $(RBENV_ROOT)/versions/$(RUBY_VERSION)-cryptcheck
 RUBY_LIB_DIR = $(RBENV_DIR)/lib/ruby/$(RUBY_MAJOR_VERSION).0
 RBENV_ROOT ?= ~/.rbenv
 export LIBRARY_PATH ?= $(PWD)/lib
 export C_INCLUDE_PATH ?= $(PWD)/$(OPENSSL_DIR)/include
 export C_INCLUDE_PATH ?= $(PWD)/build/openssl/include
 export LD_LIBRARY_PATH ?= $(PWD)/lib

 .SECONDARY:
@@ -22,49 +22,52 @@ all: libs ext

 clean: clean-libs clean-ext
 clean-libs:
 	[ -d $(OPENSSL_DIR) ] \
 		&& find $(OPENSSL_DIR) \( -name "*.o" -o -name "*.so" \) -delete \
 	[ -d "build/openssl/" ] \
 		&& find "build/openssl/" \( -name "*.o" -o -name "*.so" \) -delete \
 		|| true
 	rm -f lib/libcrypto.so* lib/libssl.so* $(OPENSSL_DIR)/Makefile
 	rm -f lib/libcrypto.so* lib/libssl.so* "build/openssl//Makefile"
 clean-ext:
 	[ -d $(RUBY_OPENSSL_EXT_DIR) ] \
 		&& find $(RUBY_OPENSSL_EXT_DIR) \( -name "*.o" -o -name "*.so" \) -delete \
 	[ -d "$(RUBY_OPENSSL_EXT_DIR)" ] \
 		&& find "$(RUBY_OPENSSL_EXT_DIR)" \( -name "*.o" -o -name "*.so" \) -delete \
 		|| true
 	rm -f lib/openssl.so
 mr-proper:
 	rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so build

 build/:
 	mkdir $@
 	mkdir "$@"

 build/chacha-poly.patch: | build/
 	wget https://github.com/cloudflare/sslconfig/raw/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch -O $@
 	wget https://github.com/cloudflare/sslconfig/raw/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch -O "$@"

 build/$(OPENSSL_NAME).tar.gz: | build/
 	wget https://www.openssl.org/source/$(OPENSSL_NAME).tar.gz -O $@
 	wget "https://www.openssl.org/source/$(OPENSSL_NAME).tar.gz" -O "$@"

 build/openssl/: | $(OPENSSL_DIR)/
 	ln -s "$(OPENSSL_NAME)" "build/openssl"

 $(OPENSSL_DIR)/: build/$(OPENSSL_NAME).tar.gz build/chacha-poly.patch
 	tar -C build -xf build/$(OPENSSL_NAME).tar.gz
 	patch -d $(OPENSSL_DIR) -p1 < build/chacha-poly.patch
 	patch -d $(OPENSSL_DIR) -p1 < disable_digest_check.patch
 	tar -C build -xf "build/$(OPENSSL_NAME).tar.gz"
 	patch -d "$(OPENSSL_DIR)" -p1 < build/chacha-poly.patch
 	patch -d "$(OPENSSL_DIR)" -p1 < patches/openssl/00_disable_digest_check.patch

 $(OPENSSL_DIR)/Makefile: | $(OPENSSL_DIR)/
 build/openssl/Makefile: | build/openssl/
 	#cd $(OPENSSL_DIR) && ./Configure enable-ssl2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib enable-rc5 enable-rc2 enable-gost enable-md2 enable-mdc2 enable-shared linux-x86_64
 	#cd $(OPENSSL_DIR) && ./config enable-ssl2 enable-ssl3 enable-md2 enable-rc5 enable-weak-ssl-ciphers shared
 	cd $(OPENSSL_DIR) && ./config enable-ssl2 enable-ssl3 enable-ssl3-method enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared
 	cd build/openssl/ && ./config enable-ssl2 enable-ssl3 enable-ssl3-method enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared

 $(OPENSSL_DIR)/libssl.so \
 $(OPENSSL_DIR)/libcrypto.so: $(OPENSSL_DIR)/Makefile
 	$(MAKE) -C $(OPENSSL_DIR)
 build/openssl/libssl.so \
 build/openssl/libcrypto.so: build/openssl/Makefile
 	$(MAKE) -C build/openssl/

 install-openssl: $(OPENSSL_DIR)/Makefile
 	$(MAKE) -C $(OPENSSL_DIR) install
 install-openssl: build/openssl/Makefile
 	$(MAKE) -C build/openssl/ install

 LIBS = lib/libssl.so lib/libcrypto.so lib/libssl.so.$(OPENSSL_LIB_VERSION) lib/libcrypto.so.$(OPENSSL_LIB_VERSION)
 lib/%.so: $(OPENSSL_DIR)/%.so
 	cp $< $@
 lib/%.so: build/openssl/%.so
 	cp "$<" "$@"
 lib/%.so.$(OPENSSL_LIB_VERSION): lib/%.so
 	ln -fs $(notdir $(subst .$(OPENSSL_LIB_VERSION),,$@)) $@
 	ln -fs "$(notdir $(subst .$(OPENSSL_LIB_VERSION),,$@))" "$@"
 libs: $(LIBS)

 $(RBENV_ROOT)/:
@@ -76,56 +79,53 @@ $(RBENV_ROOT)/plugins/ruby-build/: | $(RBENV_ROOT)/
 $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION): | $(RBENV_ROOT)/plugins/ruby-build/

 build/$(RUBY_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_VERSION)
 	cp $< $@
 	cp "$<" "$@"

 install-rbenv: build/$(RUBY_VERSION)-cryptcheck

 install-rbenv-cryptcheck: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | $(OPENSSL_DIR)/
 	cat tmp_key.patch set_ecdh_curves.patch fallback_scsv.patch multiple_certs.patch | \
 	RUBY_BUILD_CACHE_PATH=$(PWD)/build \
 	RUBY_BUILD_DEFINITIONS=$(PWD)/build \
 	rbenv install -fp $(RUBY_VERSION)-cryptcheck
 	# rbenv sequester $(RUBY_VERSION)-cryptcheck
 	rbenv local $(RUBY_VERSION)-cryptcheck
 install-rbenv-cryptcheck: build/$(RUBY_VERSION)-cryptcheck $(LIBS) | build/openssl/
 	cat patches/ruby/*.patch | \
 	RUBY_BUILD_CACHE_PATH="$(PWD)/build" \
 	RUBY_BUILD_DEFINITIONS="$(PWD)/build" \
 	rbenv install -fp "$(RUBY_VERSION)-cryptcheck"
 	rbenv local "$(RUBY_VERSION)-cryptcheck"
 	gem update --system
 	gem install bundler
 	bundle install --without test development
 	# bundle install --without test development

 $(RUBY_LIB_DIR)/openssl/ssl.rb: $(RUBY_OPENSSL_EXT_DIR)/lib/openssl/ssl.rb
 	cp $< $@
 	cp "$<" "$@"

 $(RUBY_LIB_DIR)/x86_64-linux/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
 	cp $< $@
 	cp "$<" "$@"

 sync-ruby: $(RUBY_LIB_DIR)/openssl/ssl.rb $(RUBY_LIB_DIR)/x86_64-linux/openssl.so

 build/$(RUBY_NAME).tar.xz: | build/
 	wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_NAME).tar.xz -O $@
 	wget "http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_NAME).tar.xz" -O "$@"

 $(RUBY_DIR)/: build/$(RUBY_NAME).tar.xz
 	tar -C build -xf $<
 	patch -d $@ -p1 < tmp_key.patch
 	patch -d $@ -p1 < set_ecdh_curves.patch
 	patch -d $@ -p1 < fallback_scsv.patch
 	patch -d $@ -p1 < multiple_certs.patch
 	tar -C build -xf "$<"
 	for p in patches/ruby/*.patch; do patch -d "$@" -p1 < $i; done

 $(RUBY_OPENSSL_EXT_DIR)/Makefile: libs | $(RUBY_DIR)/
 	cd $(RUBY_OPENSSL_EXT_DIR) && ruby extconf.rb
 	cd "$(RUBY_OPENSSL_EXT_DIR)" && ruby extconf.rb

 $(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(LIBS) $(RUBY_OPENSSL_EXT_DIR)/Makefile
 	top_srcdir=../.. $(MAKE) -C $(RUBY_OPENSSL_EXT_DIR)
 	top_srcdir=../.. $(MAKE) -C "$(RUBY_OPENSSL_EXT_DIR)"

 lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
 	cp $< $@
 	cp "$<" "$@"

 ext: lib/openssl.so

 install-ruby: $(RUBY_DIR)/
 	cd $(RUBY_DIR)/ && ./configure --enable-shared --disable-install-rdoc && make install
 	cd "$(RUBY_DIR)/" && ./configure --enable-shared --disable-install-rdoc && make install

 spec/faketime/libfaketime.so: spec/faketime/faketime.c spec/faketime/faketime.h
 	$(CC) $^ -o $@ -shared -fPIC -ldl -std=c99 -Werror -Wall
 	$(CC) "$^" -o "$@" -shared -fPIC -ldl -std=c99 -Werror -Wall
 lib/libfaketime.so: spec/faketime/libfaketime.so
 	ln -fs ../$< $@
 	ln -fs "../$<" "$@"
 faketime: lib/libfaketime.so

 test-material:
--- a/patches/openssl/00_disable_digest_check.patch
+++ b/patches/openssl/00_disable_digest_check.patch
--- a/patches/ruby/01_tmp_key.patch
+++ b/patches/ruby/01_tmp_key.patch
--- a/patches/ruby/02_set_ecdh_curves.patch
+++ b/patches/ruby/02_set_ecdh_curves.patch
--- a/patches/ruby/03_fallback_scsv.patch
+++ b/patches/ruby/03_fallback_scsv.patch
--- a/patches/ruby/04_multiple_certs.patch
+++ b/patches/ruby/04_multiple_certs.patch
--- a/patches/ruby/05_resolv_rr_length.patch.disabled
+++ b/patches/ruby/05_resolv_rr_length.patch.disabled
@@ -0,0 +1,137 @@
 --- a/lib/resolv.rb	2017-10-29 13:02:49.280729153 +0100
 +++ b/lib/resolv.rb	2017-10-29 13:02:37.340717366 +0100
@@ -1644,7 +1641,7 @@
           name = self.get_name
           type, klass, ttl = self.get_unpack('nnN')
           typeclass = Resource.get_class(type, klass)
 -          res = self.get_length16 { typeclass.decode_rdata self }
 +          res = self.get_length16 { |l| typeclass.decode_rdata self, l }
           res.instance_variable_set :@ttl, ttl
           return name, ttl, res
         end
@@ -1659,7 +1656,7 @@
         raise EncodeError.new("#{self.class} is query.")
       end

 -      def self.decode_rdata(msg) # :nodoc:
 +      def self.decode_rdata(msg, len) # :nodoc:
         raise DecodeError.new("#{self.class} is query.")
       end
     end
@@ -1680,7 +1677,7 @@
         raise NotImplementedError.new
       end

 -      def self.decode_rdata(msg) # :nodoc:
 +      def self.decode_rdata(msg, len) # :nodoc:
         raise NotImplementedError.new
       end

@@ -1737,7 +1734,7 @@
           msg.put_bytes(data)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           return self.new(msg.get_bytes)
         end

@@ -1772,7 +1769,7 @@
           msg.put_name(@name)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           return self.new(msg.get_name)
         end
       end
@@ -1860,7 +1857,7 @@
           msg.put_pack('NNNNN', @serial, @refresh, @retry, @expire, @minimum)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           mname = msg.get_name
           rname = msg.get_name
           serial, refresh, retry_, expire, minimum = msg.get_unpack('NNNNN')
@@ -1906,7 +1903,7 @@
           msg.put_string(@os)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           cpu = msg.get_string
           os = msg.get_string
           return self.new(cpu, os)
@@ -1940,7 +1937,7 @@
           msg.put_name(@emailbx)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           rmailbx = msg.get_string
           emailbx = msg.get_string
           return self.new(rmailbx, emailbx)
@@ -1978,7 +1975,7 @@
           msg.put_name(@exchange)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           preference, = msg.get_unpack('n')
           exchange = msg.get_name
           return self.new(preference, exchange)
@@ -2012,7 +2009,7 @@
           msg.put_string_list(@strings)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           strings = msg.get_string_list
           return self.new(*strings)
         end
@@ -2089,7 +2086,7 @@
           msg.put_bytes(@altitude.altitude)
         end

 -        def self.decode_rdata(msg) # :nodoc:
 +        def self.decode_rdata(msg, _) # :nodoc:
           version    = msg.get_bytes(1)
           ssize      = msg.get_bytes(1)
           hprecision = msg.get_bytes(1)
@@ -2159,7 +2156,7 @@
             msg.put_bytes(@address.address)
           end

 -          def self.decode_rdata(msg) # :nodoc:
 +          def self.decode_rdata(msg, _) # :nodoc:
             return self.new(IPv4.new(msg.get_bytes(4)))
           end
         end
@@ -2204,7 +2201,7 @@
             msg.put_bytes(@bitmap)
           end

 -          def self.decode_rdata(msg) # :nodoc:
 +          def self.decode_rdata(msg, _) # :nodoc:
             address = IPv4.new(msg.get_bytes(4))
             protocol, = msg.get_unpack("n")
             bitmap = msg.get_bytes
@@ -2236,7 +2233,7 @@
             msg.put_bytes(@address.address)
           end

 -          def self.decode_rdata(msg) # :nodoc:
 +          def self.decode_rdata(msg, _) # :nodoc:
             return self.new(IPv6.new(msg.get_bytes(16)))
           end
         end
@@ -2306,7 +2303,7 @@
             msg.put_name(@target)
           end

 -          def self.decode_rdata(msg) # :nodoc:
 +          def self.decode_rdata(msg, _) # :nodoc:
             priority, = msg.get_unpack("n")
             weight,   = msg.get_unpack("n")
             port,     = msg.get_unpack("n")