From 55bd2bf440fb5566c0c708a142977189d3a8fcce Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Wed, 16 Jun 2021 12:33:55 -0500 Subject: [PATCH] minissl.c - Use Random.bytes if available (#2642) Co-authored-by: Ekin Dursun Co-authored-by: Ekin Dursun --- ext/puma_http11/extconf.rb | 8 ++++++++ ext/puma_http11/mini_ssl.c | 13 ++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/ext/puma_http11/extconf.rb b/ext/puma_http11/extconf.rb index ce71ae7cc6..2ceb644d99 100644 --- a/ext/puma_http11/extconf.rb +++ b/ext/puma_http11/extconf.rb @@ -25,6 +25,14 @@ have_func "X509_STORE_up_ref" have_func("SSL_CTX_set_ecdh_auto(NULL, 0)", "openssl/ssl.h") + + # Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0 + if Random.respond_to?(:bytes) + $defs.push("-DHAVE_RANDOM_BYTES") + puts "checking for Random.bytes... yes" + else + puts "checking for Random.bytes... no" + end end end diff --git a/ext/puma_http11/mini_ssl.c b/ext/puma_http11/mini_ssl.c index 380d541bef..04bd1462df 100644 --- a/ext/puma_http11/mini_ssl.c +++ b/ext/puma_http11/mini_ssl.c @@ -310,9 +310,16 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) { SSL_CTX_set_verify(ctx, NUM2INT(verify_mode), engine_verify_callback); } - session_id_bytes = rb_funcall(rb_const_get(rb_cRandom, rb_intern_const("DEFAULT")), - rb_intern_const("bytes"), - 1, ULL2NUM(SSL_MAX_SSL_SESSION_ID_LENGTH)); + // Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0 + session_id_bytes = rb_funcall( +#ifdef HAVE_RANDOM_BYTES + rb_cRandom, +#else + rb_const_get(rb_cRandom, rb_intern_const("DEFAULT")), +#endif + rb_intern_const("bytes"), + 1, ULL2NUM(SSL_MAX_SSL_SESSION_ID_LENGTH)); + SSL_CTX_set_session_id_context(ctx, (unsigned char *) RSTRING_PTR(session_id_bytes), SSL_MAX_SSL_SESSION_ID_LENGTH);