Skip to content

Instantly share code, notes, and snippets.

@alexanderk23

alexanderk23/ruby-2.4.0-openssl-enable-gost.patch

Last active March 24, 2017 13:19
Show Gist options
  • Save alexanderk23/6d1fc79c9a3285c5682924d36f39adf5 to your computer and use it in GitHub Desktop.
Save alexanderk23/6d1fc79c9a3285c5682924d36f39adf5 to your computer and use it in GitHub Desktop.
Download ZIP
Enable OpenSSL GOST support in Ruby 2.4.0 (based on https://gist.github.com/Envek/82be109c58a0a565d382)
Raw
ruby-2.4.0-openssl-enable-gost.patch
--- ext/openssl/ossl.c
+++ ext/openssl/ossl.c
@@ -1022,6 +1022,7 @@
*/
/* CRYPTO_malloc_init(); */
/* ENGINE_load_builtin_engines(); */
+ OPENSSL_config(NULL); /* Makes Ruby respect system OpenSSL config */
OpenSSL_add_ssl_algorithms();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
--- ext/openssl/ossl_pkey.c
+++ ext/openssl/ossl_pkey.c
@@ -93,6 +93,7 @@
return ossl_dh_new(pkey);
#endif
#if !defined(OPENSSL_NO_EC) && (OPENSSL_VERSION_NUMBER >= 0x0090802fL)
+ case NID_id_GostR3410_2001:
case EVP_PKEY_EC:
return ossl_ec_new(pkey);
#endif
--- ext/openssl/ossl_pkey_ec.c
+++ ext/openssl/ossl_pkey_ec.c
@@ -14,7 +14,7 @@
#define GetPKeyEC(obj, pkey) do { \
GetPKey((obj), (pkey)); \
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { \
+ if ((EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) && (EVP_PKEY_base_id(pkey) != NID_id_GostR3410_2001)) { \
ossl_raise(rb_eRuntimeError, "THIS IS NOT A EC PKEY!"); \
} \
} while (0)
@@ -104,7 +104,7 @@
obj = ec_instance(cEC, EC_KEY_new());
} else {
obj = NewPKey(cEC);
- if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
+ if ((EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) && (EVP_PKEY_base_id(pkey) != NID_id_GostR3410_2001)) {
ossl_raise(rb_eTypeError, "Not a EC key!");
}
SetPKey(obj, pkey);
--- ext/openssl/lib/openssl/ssl.rb
+++ ext/openssl/lib/openssl/ssl.rb
@@ -33,6 +33,8 @@
OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
DEFAULT_PARAMS.merge!(
ciphers: %w{
+ GOST2001-GOST89-GOST89
+ GOST94-GOST89-GOST89
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
@alexanderk23
Copy link
Author

alexanderk23 commented Mar 20, 2017
edited
Loading 

rvm install 2.4.0-gost --patch ruby-2.4.0-openssl-enable-gost.patch%0

@alexanderk23
Copy link
Author 

cp ~/.rbenv/plugins/ruby-build/share/ruby-build/{2.4.0,2.4.0-gost}
rbenv install 2.4.0-gost --patch < ruby-2.4.0-openssl-enable-gost.patch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment