summaryrefslogtreecommitdiff
path: root/ext/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/extconf.rb1
-rw-r--r--ext/openssl/ossl_asn1.c43
-rw-r--r--ext/openssl/ossl_asn1.h8
-rw-r--r--ext/openssl/ossl_x509.c16
-rw-r--r--ext/openssl/ossl_x509.h7
-rw-r--r--ext/openssl/ossl_x509cert.c10
-rw-r--r--ext/openssl/ossl_x509crl.c12
-rw-r--r--ext/openssl/ossl_x509revoked.c5
8 files changed, 75 insertions, 27 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index eeeae448c0e..aa6351d9f8e 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -85,6 +85,7 @@ engines.each { |name|
}
# added in 1.0.0
+have_func("ASN1_TIME_adj")
have_func("EVP_CIPHER_CTX_copy")
have_func("HMAC_CTX_copy")
have_func("PKCS5_PBKDF2_HMAC")
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index 43a3d2d88a7..e43d8147e33 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -75,11 +75,28 @@ asn1time_to_time(ASN1_TIME *time)
return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
}
+#if defined(HAVE_ASN1_TIME_ADJ)
+void
+ossl_time_split(VALUE time, time_t *sec, int *days)
+{
+ VALUE num = rb_Integer(time);
+
+ if (FIXNUM_P(num)) {
+ *days = FIX2LONG(num) / 86400;
+ *sec = FIX2LONG(num) % 86400;
+ }
+ else {
+ *days = NUM2INT(rb_funcall(num, rb_intern("/"), 1, INT2FIX(86400)));
+ *sec = NUM2TIMET(rb_funcall(num, rb_intern("%"), 1, INT2FIX(86400)));
+ }
+}
+#else
time_t
time_to_time_t(VALUE time)
{
return (time_t)NUM2TIMET(rb_Integer(time));
}
+#endif
/*
* STRING conversion
@@ -279,28 +296,42 @@ obj_to_asn1obj(VALUE obj)
return a1obj;
}
-static ASN1_UTCTIME*
+static ASN1_UTCTIME *
obj_to_asn1utime(VALUE time)
{
time_t sec;
ASN1_UTCTIME *t;
+#if defined(HAVE_ASN1_TIME_ADJ)
+ int off_days;
+
+ ossl_time_split(time, &sec, &off_days);
+ if (!(t = ASN1_UTCTIME_adj(NULL, sec, off_days, 0)))
+#else
sec = time_to_time_t(time);
- if(!(t = ASN1_UTCTIME_set(NULL, sec)))
- ossl_raise(eASN1Error, NULL);
+ if (!(t = ASN1_UTCTIME_set(NULL, sec)))
+#endif
+ ossl_raise(eASN1Error, NULL);
return t;
}
-static ASN1_GENERALIZEDTIME*
+static ASN1_GENERALIZEDTIME *
obj_to_asn1gtime(VALUE time)
{
time_t sec;
ASN1_GENERALIZEDTIME *t;
+#if defined(HAVE_ASN1_TIME_ADJ)
+ int off_days;
+
+ ossl_time_split(time, &sec, &off_days);
+ if (!(t = ASN1_GENERALIZEDTIME_adj(NULL, sec, off_days, 0)))
+#else
sec = time_to_time_t(time);
- if(!(t =ASN1_GENERALIZEDTIME_set(NULL, sec)))
- ossl_raise(eASN1Error, NULL);
+ if (!(t = ASN1_GENERALIZEDTIME_set(NULL, sec)))
+#endif
+ ossl_raise(eASN1Error, NULL);
return t;
}
diff --git a/ext/openssl/ossl_asn1.h b/ext/openssl/ossl_asn1.h
index 8250746c794..b1c85a6804c 100644
--- a/ext/openssl/ossl_asn1.h
+++ b/ext/openssl/ossl_asn1.h
@@ -14,7 +14,15 @@
* ASN1_DATE conversions
*/
VALUE asn1time_to_time(ASN1_TIME *);
+#if defined(HAVE_ASN1_TIME_ADJ)
+/* Splits VALUE to seconds and offset days. VALUE is typically a Time or an
+ * Integer. This is used when updating ASN1_*TIME with ASN1_TIME_adj() or
+ * X509_time_adj_ex(). We can't use ASN1_TIME_set() and X509_time_adj() because
+ * they have the Year 2038 issue on sizeof(time_t) == 4 environment */
+void ossl_time_split(VALUE, time_t *, int *);
+#else
time_t time_to_time_t(VALUE);
+#endif
/*
* ASN1_STRING conversions
diff --git a/ext/openssl/ossl_x509.c b/ext/openssl/ossl_x509.c
index cf62b53e289..14f794e8ee2 100644
--- a/ext/openssl/ossl_x509.c
+++ b/ext/openssl/ossl_x509.c
@@ -15,6 +15,22 @@ VALUE mX509;
#define DefX509Default(x,i) \
rb_define_const(mX509, "DEFAULT_" #x, rb_str_new2(X509_get_default_##i()))
+ASN1_TIME *
+ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
+{
+ time_t sec;
+
+#if defined(HAVE_ASN1_TIME_ADJ)
+ int off_days;
+
+ ossl_time_split(time, &sec, &off_days);
+ return X509_time_adj_ex(s, off_days, 0, &sec);
+#else
+ sec = time_to_time_t(time);
+ return X509_time_adj(s, 0, &sec);
+#endif
+}
+
void
Init_ossl_x509(void)
{
diff --git a/ext/openssl/ossl_x509.h b/ext/openssl/ossl_x509.h
index 8e9b2330986..576804858e1 100644
--- a/ext/openssl/ossl_x509.h
+++ b/ext/openssl/ossl_x509.h
@@ -15,6 +15,13 @@
*/
extern VALUE mX509;
+/*
+ * Converts the VALUE into Integer and set it to the ASN1_TIME. This is a
+ * wrapper for X509_time_adj_ex() so passing NULL creates a new ASN1_TIME.
+ * Note that the caller must check the NULL return.
+ */
+ASN1_TIME *ossl_x509_time_adjust(ASN1_TIME *, VALUE);
+
void Init_ossl_x509(void);
/*
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index 34b8aae7cd0..13e738f30f0 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -476,13 +476,10 @@ static VALUE
ossl_x509_set_not_before(VALUE self, VALUE time)
{
X509 *x509;
- time_t sec;
- sec = time_to_time_t(time);
GetX509(self, x509);
- if (!X509_time_adj(X509_get_notBefore(x509), 0, &sec)) {
+ if (!ossl_x509_time_adjust(X509_get_notBefore(x509), time))
ossl_raise(eX509CertError, NULL);
- }
return time;
}
@@ -513,13 +510,10 @@ static VALUE
ossl_x509_set_not_after(VALUE self, VALUE time)
{
X509 *x509;
- time_t sec;
- sec = time_to_time_t(time);
GetX509(self, x509);
- if (!X509_time_adj(X509_get_notAfter(x509), 0, &sec)) {
+ if (!ossl_x509_time_adjust(X509_get_notAfter(x509), time))
ossl_raise(eX509CertError, NULL);
- }
return time;
}
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index a660cccebc9..82fd128f72b 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -235,13 +235,10 @@ static VALUE
ossl_x509crl_set_last_update(VALUE self, VALUE time)
{
X509_CRL *crl;
- time_t sec;
- sec = time_to_time_t(time);
GetX509CRL(self, crl);
- if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) {
+ if (!ossl_x509_time_adjust(crl->crl->lastUpdate, time))
ossl_raise(eX509CRLError, NULL);
- }
return time;
}
@@ -260,14 +257,11 @@ static VALUE
ossl_x509crl_set_next_update(VALUE self, VALUE time)
{
X509_CRL *crl;
- time_t sec;
- sec = time_to_time_t(time);
GetX509CRL(self, crl);
- /* This must be some thinko in OpenSSL */
- if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){
+ /* crl->crl->nextUpdate may be NULL at this time */
+ if (!(crl->crl->nextUpdate = ossl_x509_time_adjust(crl->crl->nextUpdate, time)))
ossl_raise(eX509CRLError, NULL);
- }
return time;
}
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c
index 46250e12257..fc1a7d13375 100644
--- a/ext/openssl/ossl_x509revoked.c
+++ b/ext/openssl/ossl_x509revoked.c
@@ -144,13 +144,10 @@ static VALUE
ossl_x509revoked_set_time(VALUE self, VALUE time)
{
X509_REVOKED *rev;
- time_t sec;
- sec = time_to_time_t(time);
GetX509Rev(self, rev);
- if (!X509_time_adj(rev->revocationDate, 0, &sec)) {
+ if (!ossl_x509_time_adjust(rev->revocationDate, time))
ossl_raise(eX509RevError, NULL);
- }
return time;
}