diff options
| author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-24 23:58:49 +0000 |
|---|---|---|
| committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-05-24 23:58:49 +0000 |
| commit | ffdcd1a4dc9ad1ea4d2a320461746dbe50fb5527 (patch) | |
| tree | 71d2e5c72823771aa5f78fb800b51e6ac80edbf0 | |
| parent | 8dbacbfefcdf44400f50fc1768317cd514fe20bd (diff) | |
merge revision(s) 26835:
* ext/openssl: backport fixes in 1.9.
* r25019 by marcandre
* ossl_ocsp.c (ossl_ocspres_to_der): Bug fix in Response#to_def.
Patch by Chris Chandler [ruby-core:18411]
* r25017 by marcandre
* ossl_config.c (ossl_config_add_value_m,
ossl_config_set_section): Check if frozen (or untrusted for
$SECURE >= 4) [ruby-core:18377]
* r22925 by nobu
* ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks.
[ruby-core:22860]
* ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a
warning.
* ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may
be larger than long.
* ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time),
(ossl_ssl_session_get_timeout): use TIMET2NUM() to convert
time_t.
* r22924 by nobu
* ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): should use
OPENSSL_free instead of free. a patch from Charlie Savage at
[ruby-core:22858].
* r22918 by akr
* ext/openssl: suppress warnings.
* ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for
variadic macro.
* r22666 by akr
* ext/openssl/lib/openssl/buffering.rb: define Buffering module
under OpenSSL. [ruby-dev:37906]
* r22440 by nobu
* ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): OCSP_basic_verify
returns positive value on success, not non-zero.
[ruby-core:21762]
* r22378 by akr
* ext/openssl: avoid cyclic require.
* ext/openssl/lib/openssl/ssl-internal.rb: renamed from ssl.rb
* ext/openssl/lib/openssl/x509-internal.rb: renamed from x509.rb.
[ruby-dev:38018]
* r22101 by nobu
* ext/openssl/ossl_cipher.c (add_cipher_name_to_ary): used
conditionally.
* r21510 by akr
* ext/openssl/ossl.c (ossl_raise): abolish a warning.
* r21208 by akr
* ext/openssl/ossl_digest.c (GetDigestPtr): use StringValueCStr
instead of STR2CSTR.
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto.
(ossl_ec_group_initialize): ditto.
* r19420 by mame
* ext/openssl/ossl_pkey_ec.c (ossl_ec_key_to_string): comment out
fragments of unused code.
* r18975 by nobu
* ext/openssl/ossl_ocsp.c (ossl_ocspres_initialize): fix for
initialization of r18168.
* r18971 by nobu
* ext/openssl/ossl_config.c (Init_ossl_config): removed C99ism.
* r18944 by matz
* ext/openssl/ossl_config.c (Init_ossl_config): memory leak fixed.
a patch <shinichiro.hamaji at gmail.com> in [ruby-dev:35880].
* ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): ditto.
* r18917 by nobu
* ext/openssl/ossl_x509attr.c (ossl_x509attr_initialize): fix for
initialization of r18168.
* ext/openssl/ossl_ocsp.c (ossl_ocspreq_initialize): ditto.
* ext/openssl/ossl_x509name.c (ossl_x509name_initialize): ditto.
* r18283 by nobu
* ext/openssl/ossl_asn1.c (ossl_asn1_get_asn1type): suppress
warnings on platforms which int size differs from pointer size.
* r18181 by nobu
* ext/openssl/openssl_missing.h (d2i_of_void): define for older
versions. [ruby-dev:35637]
* r18168 by nobu
* ext/openssl: suppress warnings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@28004 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
29 files changed, 617 insertions, 461 deletions
@@ -1,3 +1,108 @@ +Tue May 25 08:42:42 2010 NAKAMURA, Hiroshi <nahi@ruby-lang.org> + + * ext/openssl: backport fixes in 1.9. + + * r25019 by marcandre + * ossl_ocsp.c (ossl_ocspres_to_der): Bug fix in Response#to_def. + Patch by Chris Chandler [ruby-core:18411] + + * r25017 by marcandre + * ossl_config.c (ossl_config_add_value_m, + ossl_config_set_section): Check if frozen (or untrusted for + $SECURE >= 4) [ruby-core:18377] + + * r22925 by nobu + * ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks. + [ruby-core:22860] + + * ext/openssl/ossl_engine.c (ossl_engine_s_by_id): suppress a + warning. + + * ext/openssl/ossl_ssl.c (ossl_sslctx_flush_sessions): time_t may + be larger than long. + + * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_get_time), + (ossl_ssl_session_get_timeout): use TIMET2NUM() to convert + time_t. + + * r22924 by nobu + * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): should use + OPENSSL_free instead of free. a patch from Charlie Savage at + [ruby-core:22858]. + + * r22918 by akr + * ext/openssl: suppress warnings. + + * ext/openssl/ossl.h (OSSL_Debug): don't use gcc extention for + variadic macro. + + * r22666 by akr + * ext/openssl/lib/openssl/buffering.rb: define Buffering module + under OpenSSL. [ruby-dev:37906] + + * r22440 by nobu + * ext/openssl/ossl_ocsp.c (ossl_ocspbres_verify): OCSP_basic_verify + returns positive value on success, not non-zero. + [ruby-core:21762] + + * r22378 by akr + * ext/openssl: avoid cyclic require. + + * ext/openssl/lib/openssl/ssl-internal.rb: renamed from ssl.rb + + * ext/openssl/lib/openssl/x509-internal.rb: renamed from x509.rb. + [ruby-dev:38018] + + * r22101 by nobu + * ext/openssl/ossl_cipher.c (add_cipher_name_to_ary): used + conditionally. + + * r21510 by akr + * ext/openssl/ossl.c (ossl_raise): abolish a warning. + + * r21208 by akr + * ext/openssl/ossl_digest.c (GetDigestPtr): use StringValueCStr + instead of STR2CSTR. + + * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_initialize): ditto. + (ossl_ec_group_initialize): ditto. + + * r19420 by mame + * ext/openssl/ossl_pkey_ec.c (ossl_ec_key_to_string): comment out + fragments of unused code. + + * r18975 by nobu + * ext/openssl/ossl_ocsp.c (ossl_ocspres_initialize): fix for + initialization of r18168. + + * r18971 by nobu + * ext/openssl/ossl_config.c (Init_ossl_config): removed C99ism. + + * r18944 by matz + * ext/openssl/ossl_config.c (Init_ossl_config): memory leak fixed. + a patch <shinichiro.hamaji at gmail.com> in [ruby-dev:35880]. + + * ext/openssl/ossl_x509ext.c (ossl_x509ext_set_value): ditto. + + * r18917 by nobu + * ext/openssl/ossl_x509attr.c (ossl_x509attr_initialize): fix for + initialization of r18168. + + * ext/openssl/ossl_ocsp.c (ossl_ocspreq_initialize): ditto. + + * ext/openssl/ossl_x509name.c (ossl_x509name_initialize): ditto. + + * r18283 by nobu + * ext/openssl/ossl_asn1.c (ossl_asn1_get_asn1type): suppress + warnings on platforms which int size differs from pointer size. + + * r18181 by nobu + * ext/openssl/openssl_missing.h (d2i_of_void): define for older + versions. [ruby-dev:35637] + + * r18168 by nobu + * ext/openssl: suppress warnings. + Sat May 22 22:31:36 2010 Tanaka Akira <akr@fsij.org> * lib/resolv.rb: fix [ruby-core:28320] reported by Paul Clegg. diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 02e06b7149..63ec7f2054 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -96,7 +96,7 @@ have_func("X509_STORE_set_ex_data") have_func("OBJ_NAME_do_all_sorted") have_func("SSL_SESSION_get_id") have_func("OPENSSL_cleanse") -if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n") +if try_compile("#define FOO(...) foo(__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n") $defs.push("-DHAVE_VA_ARGS_MACRO") end if have_header("openssl/engine.h") diff --git a/ext/openssl/lib/openssl.rb b/ext/openssl/lib/openssl.rb index f10985ed2c..3e66cdb406 100644 --- a/ext/openssl/lib/openssl.rb +++ b/ext/openssl/lib/openssl.rb @@ -20,6 +20,6 @@ require 'openssl/bn' require 'openssl/cipher' require 'openssl/digest' require 'openssl/pkcs7' -require 'openssl/ssl' -require 'openssl/x509' +require 'openssl/ssl-internal' +require 'openssl/x509-internal' diff --git a/ext/openssl/lib/openssl/buffering.rb b/ext/openssl/lib/openssl/buffering.rb index 761a017487..c83b92b79e 100644 --- a/ext/openssl/lib/openssl/buffering.rb +++ b/ext/openssl/lib/openssl/buffering.rb @@ -14,6 +14,7 @@ $Id$ =end +module OpenSSL module Buffering include Enumerable attr_accessor :sync @@ -237,3 +238,4 @@ module Buffering sysclose end end +end diff --git a/ext/openssl/lib/openssl/digest.rb b/ext/openssl/lib/openssl/digest.rb index 4810f0121b..e603c41de4 100644 --- a/ext/openssl/lib/openssl/digest.rb +++ b/ext/openssl/lib/openssl/digest.rb @@ -40,7 +40,7 @@ module OpenSSL super(name, data.first) } } - singleton = (class <<klass; self; end) + singleton = (class << klass; self; end) singleton.class_eval{ define_method(:digest){|data| Digest.digest(name, data) } define_method(:hexdigest){|data| Digest.hexdigest(name, data) } diff --git a/ext/openssl/lib/openssl/ssl-internal.rb b/ext/openssl/lib/openssl/ssl-internal.rb new file mode 100644 index 0000000000..abf0e8dfe3 --- /dev/null +++ b/ext/openssl/lib/openssl/ssl-internal.rb @@ -0,0 +1,179 @@ +=begin += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +require "openssl/buffering" +require "fcntl" + +module OpenSSL + module SSL + class SSLContext + DEFAULT_PARAMS = { + :ssl_version => "SSLv23", + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", + :options => OpenSSL::SSL::OP_ALL, + } + + DEFAULT_CERT_STORE = OpenSSL::X509::Store.new + DEFAULT_CERT_STORE.set_default_paths + if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) + DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL + end + + def set_params(params={}) + params = DEFAULT_PARAMS.merge(params) + # ssl_version need to be set at first. + self.ssl_version = params.delete(:ssl_version) + params.each{|name, value| self.__send__("#{name}=", value) } + if self.verify_mode != OpenSSL::SSL::VERIFY_NONE + unless self.ca_file or self.ca_path or self.cert_store + self.cert_store = DEFAULT_CERT_STORE + end + end + return params + end + end + + module SocketForwarder + def addr + to_io.addr + end + + def peeraddr + to_io.peeraddr + end + + def setsockopt(level, optname, optval) + to_io.setsockopt(level, optname, optval) + end + + def getsockopt(level, optname) + to_io.getsockopt(level, optname) + end + + def fcntl(*args) + to_io.fcntl(*args) + end + + def closed? + to_io.closed? + end + + def do_not_reverse_lookup=(flag) + to_io.do_not_reverse_lookup = flag + end + end + + module Nonblock + def initialize(*args) + flag = File::NONBLOCK + flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL) + @io.fcntl(Fcntl::F_SETFL, flag) + super + end + end + + def verify_certificate_identity(cert, hostname) + should_verify_common_name = true + cert.extensions.each{|ext| + next if ext.oid != "subjectAltName" + ext.value.split(/,\s+/).each{|general_name| + if /\ADNS:(.*)/ =~ general_name + should_verify_common_name = false + reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + elsif /\AIP Address:(.*)/ =~ general_name + should_verify_common_name = false + return true if $1 == hostname + end + } + } + if should_verify_common_name + cert.subject.to_a.each{|oid, value| + if oid == "CN" + reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + end + } + end + return false + end + module_function :verify_certificate_identity + + class SSLSocket + include Buffering + include SocketForwarder + include Nonblock + + def post_connection_check(hostname) + unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname) + raise SSLError, "hostname was not match with the server certificate" + end + return true + end + + def session + SSL::Session.new(self) + rescue SSL::Session::SessionError + nil + end + end + + class SSLServer + include SocketForwarder + attr_accessor :start_immediately + + def initialize(svr, ctx) + @svr = svr + @ctx = ctx + unless ctx.session_id_context + session_id = OpenSSL::Digest::MD5.hexdigest($0) + @ctx.session_id_context = session_id + end + @start_immediately = true + end + + def to_io + @svr + end + + def listen(backlog=5) + @svr.listen(backlog) + end + + def shutdown(how=Socket::SHUT_RDWR) + @svr.shutdown(how) + end + + def accept + sock = @svr.accept + begin + ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) + ssl.sync_close = true + ssl.accept if @start_immediately + ssl + rescue SSLError => ex + sock.close + raise ex + end + end + + def close + @svr.close + end + end + end +end diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index f722cb0c45..3f17f5aa29 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -1,179 +1 @@ -=begin -= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for SSL - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -require "openssl" -require "openssl/buffering" -require "fcntl" - -module OpenSSL - module SSL - class SSLContext - DEFAULT_PARAMS = { - :ssl_version => "SSLv23", - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", - :options => OpenSSL::SSL::OP_ALL, - } - - DEFAULT_CERT_STORE = OpenSSL::X509::Store.new - DEFAULT_CERT_STORE.set_default_paths - if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) - DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL - end - - def set_params(params={}) - params = DEFAULT_PARAMS.merge(params) - self.ssl_version = params.delete(:ssl_version) - params.each{|name, value| self.__send__("#{name}=", value) } - if self.verify_mode != OpenSSL::SSL::VERIFY_NONE - unless self.ca_file or self.ca_path or self.cert_store - self.cert_store = DEFAULT_CERT_STORE - end - end - return params - end - end - - module SocketForwarder - def addr - to_io.addr - end - - def peeraddr - to_io.peeraddr - end - - def setsockopt(level, optname, optval) - to_io.setsockopt(level, optname, optval) - end - - def getsockopt(level, optname) - to_io.getsockopt(level, optname) - end - - def fcntl(*args) - to_io.fcntl(*args) - end - - def closed? - to_io.closed? - end - - def do_not_reverse_lookup=(flag) - to_io.do_not_reverse_lookup = flag - end - end - - module Nonblock - def initialize(*args) - flag = File::NONBLOCK - flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL) - @io.fcntl(Fcntl::F_SETFL, flag) - super - end - end - - def verify_certificate_identity(cert, hostname) - should_verify_common_name = true - cert.extensions.each{|ext| - next if ext.oid != "subjectAltName" - ext.value.split(/,\s+/).each{|general_name| - if /\ADNS:(.*)/ =~ general_name - should_verify_common_name = false - reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - elsif /\AIP Address:(.*)/ =~ general_name - should_verify_common_name = false - return true if $1 == hostname - end - } - } - if should_verify_common_name - cert.subject.to_a.each{|oid, value| - if oid == "CN" - reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - end - } - end - return false - end - module_function :verify_certificate_identity - - class SSLSocket - include Buffering - include SocketForwarder - include Nonblock - - def post_connection_check(hostname) - unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname) - raise SSLError, "hostname was not match with the server certificate" - end - return true - end - - def session - SSL::Session.new(self) - rescue SSL::Session::SessionError - nil - end - end - - class SSLServer - include SocketForwarder - attr_accessor :start_immediately - - def initialize(svr, ctx) - @svr = svr - @ctx = ctx - unless ctx.session_id_context - session_id = OpenSSL::Digest::MD5.hexdigest($0) - @ctx.session_id_context = session_id - end - @start_immediately = true - end - - def to_io - @svr - end - - def listen(backlog=5) - @svr.listen(backlog) - end - - def shutdown(how=Socket::SHUT_RDWR) - @svr.shutdown(how) - end - - def accept - sock = @svr.accept - begin - ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) - ssl.sync_close = true - ssl.accept if @start_immediately - ssl - rescue SSLError => ex - sock.close - raise ex - end - end - - def close - @svr.close - end - end - end -end +require 'openssl' diff --git a/ext/openssl/lib/openssl/x509-internal.rb b/ext/openssl/lib/openssl/x509-internal.rb new file mode 100644 index 0000000000..6aff4ca10d --- /dev/null +++ b/ext/openssl/lib/openssl/x509-internal.rb @@ -0,0 +1,153 @@ +=begin += $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses + += Info + 'OpenSSL for Ruby 2' project + Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +module OpenSSL + module X509 + class ExtensionFactory + def create_extension(*arg) + if arg.size > 1 + create_ext(*arg) + else + send("create_ext_from_"+arg[0].class.name.downcase, arg[0]) + end + end + + def create_ext_from_array(ary) + raise ExtensionError, "unexpected array form" if ary.size > 3 + create_ext(ary[0], ary[1], ary[2]) + end + + def create_ext_from_string(str) # "oid = critical, value" + oid, value = str.split(/=/, 2) + oid.strip! + value.strip! + create_ext(oid, value) + end + + def create_ext_from_hash(hash) + create_ext(hash["oid"], hash["value"], hash["critical"]) + end + end + + class Extension + def to_s # "oid = critical, value" + str = self.oid + str << " = " + str << "critical, " if self.critical? + str << self.value.gsub(/\n/, ", ") + end + + def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} + {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?} + end + + def to_a + [ self.oid, self.value, self.critical? ] + end + end + + class Name + module RFC2253DN + Special = ',=+<>#;' + HexChar = /[0-9a-fA-F]/ + HexPair = /#{HexChar}#{HexChar}/ + HexString = /#{HexPair}+/ + Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/ + StringChar = /[^#{Special}\\"]/ + QuoteChar = /[^\\"]/ + AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/ + AttributeValue = / + (?!["#])((?:#{StringChar}|#{Pair})*)| + \#(#{HexString})| + "((?:#{QuoteChar}|#{Pair})*)" + /x + TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/ + + module_function + + def expand_pair(str) + return nil unless str + return str.gsub(Pair){ + pair = $& + case pair.size + when 2 then pair[1,1] + when 3 then Integer("0x#{pair[1,2]}").chr + else raise OpenSSL::X509::NameError, "invalid pair: #{str}" + end + } + end + + def expand_hexstring(str) + return nil unless str + der = str.gsub(HexPair){$&.to_i(16).chr } + a1 = OpenSSL::ASN1.decode(der) + return a1.value, a1.tag + end + + def expand_value(str1, str2, str3) + value = expand_pair(str1) + value, tag = expand_hexstring(str2) unless value + value = expand_pair(str3) unless value + return value, tag + end + + def scan(dn) + str = dn + ary = [] + while true + if md = TypeAndValue.match(str) + matched = md.to_s + remain = md.post_match + type = md[1] + value, tag = expand_value(md[2], md[3], md[4]) rescue nil + if value + type_and_value = [type, value] + type_and_value.push(tag) if tag + ary.unshift(type_and_value) + if remain.length > 2 && remain[0] == ?, + str = remain[1..-1] + next + elsif remain.length > 2 && remain[0] == ?+ + raise OpenSSL::X509::NameError, + "multi-valued RDN is not supported: #{dn}" + elsif remain.empty? + break + end + end + end + msg_dn = dn[0, dn.length - str.length] + " =>" + str + raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}" + end + return ary + end + end + + class <<self + def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE) + ary = OpenSSL::X509::Name::RFC2253DN.scan(str) + self.new(ary, template) + end + + def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE) + ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) } + self.new(ary, template) + end + + alias parse parse_openssl + end + end + end +end diff --git a/ext/openssl/lib/openssl/x509.rb b/ext/openssl/lib/openssl/x509.rb index e711bda39c..3f17f5aa29 100644 --- a/ext/openssl/lib/openssl/x509.rb +++ b/ext/openssl/lib/openssl/x509.rb @@ -1,154 +1 @@ -=begin -= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos <m.rokos@sh.cvut.cz> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ -=end - -require "openssl" - -module OpenSSL - module X509 - class ExtensionFactory - def create_extension(*arg) - if arg.size > 1 - create_ext(*arg) - else - send("create_ext_from_"+arg[0].class.name.downcase, arg[0]) - end - end - - def create_ext_from_array(ary) - raise ExtensionError, "unexpected array form" if ary.size > 3 - create_ext(ary[0], ary[1], ary[2]) - end - - def create_ext_from_string(str) # "oid = critical, value" - oid, value = str.split(/=/, 2) - oid.strip! - value.strip! - create_ext(oid, value) - end - - def create_ext_from_hash(hash) - create_ext(hash["oid"], hash["value"], hash["critical"]) - end - end - - class Extension - def to_s # "oid = critical, value" - str = self.oid - str << " = " - str << "critical, " if self.critical? - str << self.value.gsub(/\n/, ", ") - end - - def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} - {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?} - end - - def to_a - [ self.oid, self.value, self.critical? ] - end - end - - class Name - module RFC2253DN - Special = ',=+<>#;' - HexChar = /[0-9a-fA-F]/ - HexPair = /#{HexChar}#{HexChar}/ - HexString = /#{HexPair}+/ - Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/ - StringChar = /[^#{Special}\\"]/ - QuoteChar = /[^\\"]/ - AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/ - AttributeValue = / - (?!["#])((?:#{StringChar}|#{Pair})*)| - \#(#{HexString})| - "((?:#{QuoteChar}|#{Pair})*)" - /x - TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/ - - module_function - - def expand_pair(str) - return nil unless str - return str.gsub(Pair){|pair| - case pair.size - when 2 then pair[1,1] - when 3 then Integer("0x#{pair[1,2]}").chr - else raise OpenSSL::X509::NameError, "invalid pair: #{str}" - end - } - end - - def expand_hexstring(str) - return nil unless str - der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr } - a1 = OpenSSL::ASN1.decode(der) - return a1.value, a1.tag - end - - def expand_value(str1, str2, str3) - value = expand_pair(str1) - value, tag = expand_hexstring(str2) unless value - value = expand_pair(str3) unless value - return value, tag - end - - def scan(dn) - str = dn - ary = [] - while true - if md = TypeAndValue.match(str) - matched = md.to_s - remain = md.post_match - type = md[1] - value, tag = expand_value(md[2], md[3], md[4]) rescue nil - if value - type_and_value = [type, value] - type_and_value.push(tag) if tag - ary.unshift(type_and_value) - if remain.length > 2 && remain[0] == ?, - str = remain[1..-1] - next - elsif remain.length > 2 && remain[0] == ?+ - raise OpenSSL::X509::NameError, - "multi-valued RDN is not supported: #{dn}" - elsif remain.empty? - break - end - end - end - msg_dn = dn[0, dn.length - str.length] + " =>" + str - raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}" - end - return ary - end - end - - class <<self - def parse_rfc2253(str, template=OBJECT_TYPE_TEMPLATE) - ary = OpenSSL::X509::Name::RFC2253DN.scan(str) - self.new(ary, template) - end - - def parse_openssl(str, template=OBJECT_TYPE_TEMPLATE) - ary = str.scan(/\s*([^\/,]+)\s*/).collect{|i| i[0].split("=", 2) } - self.new(ary, template) - end - - alias parse parse_openssl - end - end - end -end +require 'openssl' diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 5a71f73c64..db1630530e 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -18,6 +18,9 @@ extern "C" { #ifndef TYPEDEF_D2I_OF typedef char *d2i_of_void(); #endif +#ifndef TYPEDEF_I2D_OF +typedef int i2d_of_void(); +#endif /* * These functions are not included in headers of OPENSSL <= 0.9.6b @@ -30,33 +33,33 @@ typedef char *d2i_of_void(); #if !defined(PEM_write_bio_DSAPublicKey) # define PEM_write_bio_DSAPublicKey(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\ + PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\ PEM_STRING_DSA_PUBLIC,\ bp,(char *)x, NULL, NULL, 0, NULL, NULL) #endif #if !defined(DSAPrivateKey_dup) -# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \ +# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \ (char *(*)())d2i_DSAPrivateKey,(char *)dsa) #endif #if !defined(DSAPublicKey_dup) -# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \ +# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \ (char *(*)())d2i_DSAPublicKey,(char *)dsa) #endif #if !defined(X509_REVOKED_dup) -# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \ +# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \ (char *(*)())d2i_X509_REVOKED, (char *)rev) #endif #if !defined(PKCS7_SIGNER_INFO_dup) -# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \ +# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \ (char *(*)())d2i_PKCS7_SIGNER_INFO, (char *)si) #endif #if !defined(PKCS7_RECIP_INFO_dup) -# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \ +# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \ (char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri) #endif diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 53f476fd65..fd9429b170 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -272,10 +272,9 @@ ossl_to_der_if_possible(VALUE obj) /* * Errors */ -void -ossl_raise(VALUE exc, const char *fmt, ...) +static VALUE +ossl_make_error(VALUE exc, const char *fmt, va_list args) { - va_list args; char buf[BUFSIZ]; const char *msg; long e; @@ -287,17 +286,14 @@ ossl_raise(VALUE exc, const char *fmt, ...) e = ERR_peek_error(); #endif if (fmt) { - va_start(args, fmt); len = vsnprintf(buf, BUFSIZ, fmt, args); - va_end(args); } if (len < BUFSIZ && e) { if (dOSSL == Qtrue) /* FULL INFO */ msg = ERR_error_string(e, NULL); else msg = ERR_reason_error_string(e); - fmt = len ? ": %s" : "%s"; - len += snprintf(buf+len, BUFSIZ-len, fmt, msg); + len += snprintf(buf+len, BUFSIZ-len, "%s%s", (len ? ": " : ""), msg); } if (dOSSL == Qtrue){ /* show all errors on the stack */ while ((e = ERR_get_error()) != 0){ @@ -307,7 +303,29 @@ ossl_raise(VALUE exc, const char *fmt, ...) ERR_clear_error(); if(len > BUFSIZ) len = strlen(buf); - rb_exc_raise(rb_exc_new(exc, buf, len)); + return rb_exc_new(exc, buf, len); +} + +void +ossl_raise(VALUE exc, const char *fmt, ...) +{ + va_list args; + VALUE err; + va_start(args, fmt); + err = ossl_make_error(exc, fmt, args); + va_end(args); + rb_exc_raise(err); +} + +VALUE +ossl_exc_new(VALUE exc, const char *fmt, ...) +{ + va_list args; + VALUE err; + va_start(args, fmt); + err = ossl_make_error(exc, fmt, args); + va_end(args); + return err; } /* diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 3cc30ae2e8..31fd7d7c1b 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -139,6 +139,7 @@ int ossl_pem_passwd_cb(char *, int, int, void *); */ #define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error()) NORETURN(void ossl_raise(VALUE, const char *, ...)); +VALUE ossl_exc_new(VALUE, const char *, ...); /* * Verify callback @@ -167,10 +168,10 @@ VALUE ossl_to_der_if_possible(VALUE); extern VALUE dOSSL; #if defined(HAVE_VA_ARGS_MACRO) -#define OSSL_Debug(fmt, ...) do { \ +#define OSSL_Debug(...) do { \ if (dOSSL == Qtrue) { \ fprintf(stderr, "OSSL_DEBUG: "); \ - fprintf(stderr, fmt, ##__VA_ARGS__); \ + fprintf(stderr, __VA_ARGS__); \ fprintf(stderr, " [%s:%d]\n", __FILE__, __LINE__); \ } \ } while (0) diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 8ceea95021..6b19d95d02 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -306,14 +306,14 @@ obj_to_asn1derstr(VALUE obj) static VALUE decode_bool(unsigned char* der, int length) { - int bool; + int val; unsigned char *p; p = der; - if((bool = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0) + if((val = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0) ossl_raise(eASN1Error, NULL); - return bool ? Qtrue : Qfalse; + return val ? Qtrue : Qfalse; } static VALUE @@ -339,7 +339,7 @@ static VALUE decode_bstr(unsigned char* der, int length, long *unused_bits) { ASN1_BIT_STRING *bstr; - unsigned char *p, *buf; + const unsigned char *p; long len; VALUE ret; @@ -347,16 +347,11 @@ decode_bstr(unsigned char* der, int length, long *unused_bits) if(!(bstr = d2i_ASN1_BIT_STRING(NULL, &p, length))) ossl_raise(eASN1Error, NULL); len = bstr->length; - if(!(buf = OPENSSL_malloc(len))){ - ASN1_BIT_STRING_free(bstr); - ossl_raise(eASN1Error, NULL); - } *unused_bits = 0; if(bstr->flags & ASN1_STRING_FLAG_BITS_LEFT) *unused_bits = bstr->flags & 0x07; - memcpy(buf, bstr->data, len); + ret = rb_str_new((const char *)bstr->data, len); ASN1_BIT_STRING_free(bstr); - ret = ossl_buf2str(buf, len); return ret; } @@ -500,7 +495,7 @@ ossl_asn1_get_asn1type(VALUE obj) value = ossl_asn1_get_value(obj); switch(tag){ case V_ASN1_BOOLEAN: - ptr = (void*)obj_to_asn1bool(value); + ptr = (void*)(VALUE)obj_to_asn1bool(value); free_func = NULL; break; case V_ASN1_INTEGER: /* FALLTHROUGH */ @@ -925,7 +920,7 @@ ossl_asn1prim_to_der(VALUE self) { ASN1_TYPE *asn1; int tn, tc, explicit; - long length, reallen; + long len, reallen; unsigned char *buf, *p; VALUE str; @@ -934,26 +929,24 @@ ossl_asn1prim_to_der(VALUE self) explicit = ossl_asn1_is_explicit(self); asn1 = ossl_asn1_get_asn1type(self); - length = ASN1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn); - if(!(buf = OPENSSL_malloc(length))){ + len = ASN1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn); + if(!(buf = OPENSSL_malloc(len))){ ossl_ASN1_TYPE_free(asn1); ossl_raise(eASN1Error, "cannot alloc buffer"); } p = buf; - if(tc == V_ASN1_UNIVERSAL) ossl_i2d_ASN1_TYPE(asn1, &p); - else{ - if(explicit){ - ASN1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc); - ossl_i2d_ASN1_TYPE(asn1, &p); - } - else{ - ossl_i2d_ASN1_TYPE(asn1, &p); - *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED); - } + if (tc == V_ASN1_UNIVERSAL) { + ossl_i2d_ASN1_TYPE(asn1, &p); + } else if (explicit) { + ASN1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc); + ossl_i2d_ASN1_TYPE(asn1, &p); + } else { + ossl_i2d_ASN1_TYPE(asn1, &p); + *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED); } ossl_ASN1_TYPE_free(asn1); reallen = p - buf; - assert(reallen <= length); + assert(reallen <= len); str = ossl_buf2str(buf, reallen); /* buf will be free in ossl_buf2str */ return str; diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index 6856476261..6e7c4b628a 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -151,7 +151,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) } break; default: - ossl_raise(rb_eArgError, "illegal radix %d", base); + ossl_raise(rb_eArgError, "invalid radix %d", base); } return self; } @@ -203,7 +203,7 @@ ossl_bn_to_s(int argc, VALUE *argv, VALUE self) str = ossl_buf2str(buf, strlen(buf)); break; default: - ossl_raise(rb_eArgError, "illegal radix %d", base); + ossl_raise(rb_eArgError, "invalid radix %d", base); } return str; @@ -272,9 +272,9 @@ ossl_bn_coerce(VALUE self, VALUE other) } \ return Qfalse; \ } -BIGNUM_BOOL1(is_zero); -BIGNUM_BOOL1(is_one); -BIGNUM_BOOL1(is_odd); +BIGNUM_BOOL1(is_zero) +BIGNUM_BOOL1(is_one) +BIGNUM_BOOL1(is_odd) #define BIGNUM_1c(func) \ /* \ @@ -298,7 +298,7 @@ BIGNUM_BOOL1(is_odd); WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_1c(sqr); +BIGNUM_1c(sqr) #define BIGNUM_2(func) \ /* \ @@ -322,8 +322,8 @@ BIGNUM_1c(sqr); WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_2(add); -BIGNUM_2(sub); +BIGNUM_2(add) +BIGNUM_2(sub) #define BIGNUM_2c(func) \ /* \ @@ -347,12 +347,12 @@ BIGNUM_2(sub); WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_2c(mul); -BIGNUM_2c(mod); -BIGNUM_2c(exp); -BIGNUM_2c(gcd); -BIGNUM_2c(mod_sqr); -BIGNUM_2c(mod_inverse); +BIGNUM_2c(mul) +BIGNUM_2c(mod) +BIGNUM_2c(exp) +BIGNUM_2c(gcd) +BIGNUM_2c(mod_sqr) +BIGNUM_2c(mod_inverse) /* * call-seq: @@ -407,10 +407,10 @@ ossl_bn_div(VALUE self, VALUE other) WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_3c(mod_add); -BIGNUM_3c(mod_sub); -BIGNUM_3c(mod_mul); -BIGNUM_3c(mod_exp); +BIGNUM_3c(mod_add) +BIGNUM_3c(mod_sub) +BIGNUM_3c(mod_mul) +BIGNUM_3c(mod_exp) #define BIGNUM_BIT(func) \ /* \ @@ -428,9 +428,9 @@ BIGNUM_3c(mod_exp); } \ return self; \ } -BIGNUM_BIT(set_bit); -BIGNUM_BIT(clear_bit); -BIGNUM_BIT(mask_bits); +BIGNUM_BIT(set_bit) +BIGNUM_BIT(clear_bit) +BIGNUM_BIT(mask_bits) /* * call-seq: @@ -474,8 +474,8 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit) WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_SHIFT(lshift); -BIGNUM_SHIFT(rshift); +BIGNUM_SHIFT(lshift) +BIGNUM_SHIFT(rshift) #define BIGNUM_SELF_SHIFT(func) \ /* \ @@ -494,8 +494,8 @@ BIGNUM_SHIFT(rshift); ossl_raise(eBNError, NULL); \ return self; \ } -BIGNUM_SELF_SHIFT(lshift); -BIGNUM_SELF_SHIFT(rshift); +BIGNUM_SELF_SHIFT(lshift) +BIGNUM_SELF_SHIFT(rshift) #define BIGNUM_RAND(func) \ /* \ @@ -528,8 +528,8 @@ BIGNUM_SELF_SHIFT(rshift); WrapBN(klass, obj, result); \ return obj; \ } -BIGNUM_RAND(rand); -BIGNUM_RAND(pseudo_rand); +BIGNUM_RAND(rand) +BIGNUM_RAND(pseudo_rand) #define BIGNUM_RAND_RANGE(func) \ /* \ @@ -552,8 +552,8 @@ BIGNUM_RAND(pseudo_rand); WrapBN(klass, obj, result); \ return obj; \ } -BIGNUM_RAND_RANGE(rand); -BIGNUM_RAND_RANGE(pseudo_rand); +BIGNUM_RAND_RANGE(rand) +BIGNUM_RAND_RANGE(pseudo_rand) /* * call-seq: @@ -608,8 +608,8 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) GetBN(self, bn); \ return INT2FIX(BN_##func(bn)); \ } -BIGNUM_NUM(num_bytes); -BIGNUM_NUM(num_bits); +BIGNUM_NUM(num_bytes) +BIGNUM_NUM(num_bits) static VALUE ossl_bn_copy(VALUE self, VALUE other) @@ -642,8 +642,8 @@ ossl_bn_copy(VALUE self, VALUE other) GetBN(self, bn1); \ return INT2FIX(BN_##func(bn1, bn2)); \ } -BIGNUM_CMP(cmp); -BIGNUM_CMP(ucmp); +BIGNUM_CMP(cmp) +BIGNUM_CMP(ucmp) static VALUE ossl_bn_eql(VALUE self, VALUE other) diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index b680dc6e64..a2a052ca6b 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -67,7 +67,7 @@ ossl_cipher_free(EVP_CIPHER_CTX *ctx) { if (ctx) { EVP_CIPHER_CTX_cleanup(ctx); - free(ctx); + ruby_xfree(ctx); } } @@ -124,12 +124,14 @@ ossl_cipher_copy(VALUE self, VALUE other) return self; } +#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED static void* add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary) { rb_ary_push(ary, rb_str_new2(name->name)); return NULL; } +#endif /* * call-seq: diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index 10c865e9bb..606edfc3ad 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -158,14 +158,6 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self) return self; } -static void -rb_ossl_config_modify_check(VALUE config) -{ - if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); - if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); -} - static VALUE ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) { @@ -175,7 +167,6 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) CONF *conf; CONF_VALUE *sv, *cv; - rb_ossl_config_modify_check(self); StringValue(section); StringValue(name); StringValue(value); @@ -201,6 +192,25 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) #endif } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + +static VALUE +ossl_config_add_value_m(VALUE self, VALUE section, VALUE name, VALUE value) +{ +#if defined(OSSL_NO_CONF_API) + rb_notimplement(); +#else + rb_ossl_config_modify_check(self); + return ossl_config_add_value(self, section, name, value); +#endif +} + static VALUE ossl_config_get_value(VALUE self, VALUE section, VALUE name) { @@ -310,7 +320,7 @@ get_conf_section(CONF_VALUE *cv, VALUE ary) rb_ary_push(ary, rb_str_new2(cv->section)); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE); +static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE) static VALUE ossl_config_get_sections(VALUE self) @@ -348,7 +358,7 @@ dump_conf_value(CONF_VALUE *cv, VALUE str) rb_str_cat2(str, "\n"); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE); +static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE) static VALUE dump_conf(CONF *conf) @@ -392,13 +402,15 @@ each_conf_value(CONF_VALUE *cv, void* dummy) } } -static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*); +static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*) static VALUE ossl_config_each(VALUE self) { CONF *conf; + RETURN_ENUMERATOR(self, 0, 0); + GetConfig(self, conf); lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(each_conf_value), (void*)NULL); @@ -448,11 +460,14 @@ ossl_config_inspect(VALUE self) void Init_ossl_config() { + char *default_config_file; eConfigError = rb_define_class_under(mOSSL, "ConfigError", eOSSLError); cConfig = rb_define_class_under(mOSSL, "Config", rb_cObject); + default_config_file = CONF_get1_default_config_file(); rb_define_const(cConfig, "DEFAULT_CONFIG_FILE", - rb_str_new2(CONF_get1_default_config_file())); + rb_str_new2(default_config_file)); + OPENSSL_free(default_config_file); rb_include_module(cConfig, rb_mEnumerable); rb_define_singleton_method(cConfig, "parse", ossl_config_s_parse, 1); rb_define_alias(CLASS_OF(cConfig), "load", "new"); @@ -461,7 +476,7 @@ Init_ossl_config() rb_define_method(cConfig, "initialize", ossl_config_initialize, -1); rb_define_method(cConfig, "get_value", ossl_config_get_value, 2); rb_define_method(cConfig, "value", ossl_config_get_value_old, -1); - rb_define_method(cConfig, "add_value", ossl_config_add_value, 3); + rb_define_method(cConfig, "add_value", ossl_config_add_value_m, 3); rb_define_method(cConfig, "[]", ossl_config_get_section, 1); rb_define_method(cConfig, "section", ossl_config_get_section_old, 1); rb_define_method(cConfig, "[]=", ossl_config_set_section, 2); diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index cd835d1237..c0eb180019 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -119,7 +119,7 @@ ossl_engine_s_by_id(VALUE klass, VALUE id) if(!ENGINE_init(e)) ossl_raise(eEngineError, NULL); ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK, - 0, NULL, (void(*)())ossl_pem_passwd_cb); + 0, NULL, (void(*)(void))ossl_pem_passwd_cb); ERR_clear_error(); return obj; diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index ef77d6c427..f8098bb9c3 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -42,7 +42,7 @@ static void ossl_hmac_free(HMAC_CTX *ctx) { HMAC_CTX_cleanup(ctx); - free(ctx); + ruby_xfree(ctx); } static VALUE diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 6365f08134..a6618ffede 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -378,7 +378,7 @@ ossl_ocspres_to_der(VALUE self) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); p = RSTRING_PTR(str); - if(i2d_OCSP_RESPONSE(res, NULL) <= 0) + if(i2d_OCSP_RESPONSE(res, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index b295cfc25e..8f68189881 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -177,7 +177,7 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) str = rb_str_new(0, EVP_PKEY_size(pkey)+16); if (!EVP_SignFinal(&ctx, RSTRING_PTR(str), &buf_len, pkey)) ossl_raise(ePKeyError, NULL); - assert(buf_len <= RSTRING_LEN(str)); + assert((long)buf_len <= RSTRING_LEN(str)); rb_str_set_len(str, buf_len); return str; diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index 02c3d99ed8..3412305a5e 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -415,10 +415,10 @@ ossl_dh_compute_key(VALUE self, VALUE pub) return str; } -OSSL_PKEY_BN(dh, p); -OSSL_PKEY_BN(dh, g); -OSSL_PKEY_BN(dh, pub_key); -OSSL_PKEY_BN(dh, priv_key); +OSSL_PKEY_BN(dh, p) +OSSL_PKEY_BN(dh, g) +OSSL_PKEY_BN(dh, pub_key) +OSSL_PKEY_BN(dh, priv_key) /* * -----BEGIN DH PARAMETERS----- diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index d9c7fcbe78..a1f1397787 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -432,11 +432,11 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) return Qfalse; } -OSSL_PKEY_BN(dsa, p); -OSSL_PKEY_BN(dsa, q); -OSSL_PKEY_BN(dsa, g); -OSSL_PKEY_BN(dsa, pub_key); -OSSL_PKEY_BN(dsa, priv_key); +OSSL_PKEY_BN(dsa, p) +OSSL_PKEY_BN(dsa, q) +OSSL_PKEY_BN(dsa, g) +OSSL_PKEY_BN(dsa, pub_key) +OSSL_PKEY_BN(dsa, priv_key) /* * INIT diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index 210054121d..f02fcd831d 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -463,8 +463,10 @@ static VALUE ossl_ec_key_to_string(VALUE self, int format) BIO *out; int i = -1; int private = 0; +#if 0 /* unused now */ EVP_CIPHER *cipher = NULL; char *password = NULL; +#endif VALUE str; Require_EC_KEY(self, ec); @@ -484,13 +486,18 @@ static VALUE ossl_ec_key_to_string(VALUE self, int format) switch(format) { case EXPORT_PEM: if (private) { +#if 0 /* unused now */ if (cipher || password) /* BUG: finish cipher/password key export */ rb_notimplement(); i = PEM_write_bio_ECPrivateKey(out, ec, cipher, NULL, 0, NULL, password); +#endif + i = PEM_write_bio_ECPrivateKey(out, ec, NULL, NULL, 0, NULL, NULL); } else { +#if 0 /* unused now */ if (cipher || password) rb_raise(rb_eArgError, "encryption is not supported when exporting this key type"); +#endif i = PEM_write_bio_EC_PUBKEY(out, ec); } @@ -498,13 +505,17 @@ static VALUE ossl_ec_key_to_string(VALUE self, int format) break; case EXPORT_DER: if (private) { +#if 0 /* unused now */ if (cipher || password) rb_raise(rb_eArgError, "encryption is not supported when exporting this key type"); +#endif i = i2d_ECPrivateKey_bio(out, ec); } else { +#if 0 /* unused now */ if (cipher || password) rb_raise(rb_eArgError, "encryption is not supported when exporting this key type"); +#endif i = i2d_EC_PUBKEY_bio(out, ec); } @@ -695,7 +706,7 @@ static void ossl_ec_group_free(ossl_ec_group *ec_group) { if (!ec_group->dont_free && ec_group->group) EC_GROUP_clear_free(ec_group->group); - free(ec_group); + ruby_xfree(ec_group); } static VALUE ossl_ec_group_alloc(VALUE klass) @@ -1201,7 +1212,7 @@ static void ossl_ec_point_free(ossl_ec_point *ec_point) { if (!ec_point->dont_free && ec_point->point) EC_POINT_clear_free(ec_point->point); - free(ec_point); + ruby_xfree(ec_point); } static VALUE ossl_ec_point_alloc(VALUE klass) diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 9ac69e7ded..320bbf5207 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -519,14 +519,14 @@ ossl_rsa_blinding_off(VALUE self) } */ -OSSL_PKEY_BN(rsa, n); -OSSL_PKEY_BN(rsa, e); -OSSL_PKEY_BN(rsa, d); -OSSL_PKEY_BN(rsa, p); -OSSL_PKEY_BN(rsa, q); -OSSL_PKEY_BN(rsa, dmp1); -OSSL_PKEY_BN(rsa, dmq1); -OSSL_PKEY_BN(rsa, iqmp); +OSSL_PKEY_BN(rsa, n) +OSSL_PKEY_BN(rsa, e) +OSSL_PKEY_BN(rsa, d) +OSSL_PKEY_BN(rsa, p) +OSSL_PKEY_BN(rsa, q) +OSSL_PKEY_BN(rsa, dmp1) +OSSL_PKEY_BN(rsa, dmq1) +OSSL_PKEY_BN(rsa, iqmp) /* * INIT diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 01b86fec27..fb3cf5c2ad 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -829,7 +829,7 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self) rb_raise(rb_eArgError, "arg must be Time or nil"); } - SSL_CTX_flush_sessions(ctx, tm); + SSL_CTX_flush_sessions(ctx, (long)tm); return self; } diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c index 63c2bbb87a..96c4c94b91 100644 --- a/ext/openssl/ossl_ssl_session.c +++ b/ext/openssl/ossl_ssl_session.c @@ -109,7 +109,7 @@ static VALUE ossl_ssl_session_get_time(VALUE self) if (t == 0) return Qnil; - return rb_funcall(rb_cTime, rb_intern("at"), 1, LONG2NUM(t)); + return rb_funcall(rb_cTime, rb_intern("at"), 1, TIMET2NUM(t)); } /* @@ -128,14 +128,14 @@ static VALUE ossl_ssl_session_get_timeout(VALUE self) t = SSL_SESSION_get_timeout(ctx); - return ULONG2NUM(t); + return TIMET2NUM(t); } #define SSLSESSION_SET_TIME(func) \ static VALUE ossl_ssl_session_set_##func(VALUE self, VALUE time_v) \ { \ SSL_SESSION *ctx; \ - time_t t; \ + unsigned long t; \ \ GetSSLSession(self, ctx); \ \ diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index aa9366f901..591ae953bb 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -198,6 +198,7 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) ossl_x509extfactory_set_subject_req(self, subject_req); if (!NIL_P(crl)) ossl_x509extfactory_set_crl(self, crl); + rb_iv_set(self, "@config", Qnil); return self; } @@ -323,14 +324,15 @@ ossl_x509ext_set_value(VALUE self, VALUE data) ossl_raise(eX509ExtError, "malloc error"); memcpy(s, RSTRING_PTR(data), RSTRING_LEN(data)); if(!(asn1s = ASN1_OCTET_STRING_new())){ - free(s); + OPENSSL_free(s); ossl_raise(eX509ExtError, NULL); } if(!M_ASN1_OCTET_STRING_set(asn1s, s, RSTRING_LEN(data))){ - free(s); + OPENSSL_free(s); ASN1_OCTET_STRING_free(asn1s); ossl_raise(eX509ExtError, NULL); } + OPENSSL_free(s); GetX509Ext(self, ext); X509_EXTENSION_set_data(ext, asn1s); diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index b4434d2a34..220dc069af 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -137,9 +137,12 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self) else{ unsigned char *p; VALUE str = ossl_to_der_if_possible(arg); + X509_NAME *x; StringValue(str); - p = RSTRING_PTR(str); - if(!d2i_X509_NAME((X509_NAME**)&DATA_PTR(self), &p, RSTRING_LEN(str))){ + p = (unsigned char *)RSTRING_PTR(str); + x = d2i_X509_NAME(&name, &p, RSTRING_LEN(str)); + DATA_PTR(self) = name; + if(!x){ ossl_raise(eX509NameError, NULL); } } @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.7" -#define RUBY_RELEASE_DATE "2010-05-22" +#define RUBY_RELEASE_DATE "2010-05-25" #define RUBY_VERSION_CODE 187 -#define RUBY_RELEASE_CODE 20100522 -#define RUBY_PATCHLEVEL 265 +#define RUBY_RELEASE_CODE 20100525 +#define RUBY_PATCHLEVEL 266 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 7 #define RUBY_RELEASE_YEAR 2010 #define RUBY_RELEASE_MONTH 5 -#define RUBY_RELEASE_DAY 22 +#define RUBY_RELEASE_DAY 25 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; |