summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
Diffstat (limited to 'ext')
-rw-r--r--ext/openssl/extconf.rb26
-rw-r--r--ext/openssl/openssl_missing.c78
-rw-r--r--ext/openssl/openssl_missing.h96
-rw-r--r--ext/openssl/ossl.c2
-rw-r--r--ext/openssl/ossl_bn.c13
-rw-r--r--ext/openssl/ossl_cipher.c35
-rw-r--r--ext/openssl/ossl_hmac.c47
-rw-r--r--ext/openssl/ossl_ocsp.c10
-rw-r--r--ext/openssl/ossl_pkey.c37
-rw-r--r--ext/openssl/ossl_pkey_dh.c20
-rw-r--r--ext/openssl/ossl_pkey_dsa.c24
-rw-r--r--ext/openssl/ossl_pkey_rsa.c28
-rw-r--r--ext/openssl/ossl_ssl.c2
-rw-r--r--ext/openssl/ossl_ssl_session.c17
-rw-r--r--ext/openssl/ossl_x509attr.c81
-rw-r--r--ext/openssl/ossl_x509cert.c10
-rw-r--r--ext/openssl/ossl_x509crl.c27
-rw-r--r--ext/openssl/ossl_x509name.c9
-rw-r--r--ext/openssl/ossl_x509req.c8
-rw-r--r--ext/openssl/ossl_x509revoked.c14
-rw-r--r--ext/openssl/ossl_x509store.c22
21 files changed, 436 insertions, 170 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index d72517eb574..8c5dd969d13 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -84,6 +84,10 @@ engines.each { |name|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
}
+# added in 0.9.8X
+have_func("EVP_CIPHER_CTX_new")
+have_func("EVP_CIPHER_CTX_free")
+
# added in 1.0.0
have_func("ASN1_TIME_adj")
have_func("EVP_CIPHER_CTX_copy")
@@ -91,6 +95,9 @@ have_func("EVP_PKEY_base_id")
have_func("HMAC_CTX_copy")
have_func("PKCS5_PBKDF2_HMAC")
have_func("X509_NAME_hash_old")
+have_func("X509_STORE_CTX_get0_current_crl")
+have_func("X509_STORE_set_verify_cb")
+have_func("i2d_ASN1_SET_ANY")
have_func("SSL_SESSION_cmp") # removed
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
@@ -102,6 +109,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTH
# added in 1.0.2
have_func("EC_curve_nist2nid")
have_func("X509_REVOKED_dup")
+have_func("X509_STORE_CTX_get0_store")
have_func("SSL_CTX_set_alpn_select_cb")
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
@@ -109,9 +117,27 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
# added in 1.1.0
have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
+have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
+have_func("BN_GENCB_new")
+have_func("BN_GENCB_free")
+have_func("BN_GENCB_get_arg")
+have_func("EVP_MD_CTX_new")
+have_func("EVP_MD_CTX_free")
+have_func("HMAC_CTX_new")
+have_func("HMAC_CTX_free")
OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
+have_func("X509_CRL_get0_signature")
+have_func("X509_REQ_get0_signature")
+have_func("X509_REVOKED_get0_serialNumber")
+have_func("X509_REVOKED_get0_revocationDate")
+have_func("X509_get0_tbs_sigalg")
+have_func("X509_STORE_CTX_get0_untrusted")
+have_func("X509_STORE_CTX_get0_cert")
+have_func("X509_STORE_CTX_get0_chain")
+have_func("OCSP_SINGLERESP_get0_id")
+have_func("SSL_CTX_get_ciphers")
have_func("X509_up_ref")
have_func("X509_CRL_up_ref")
have_func("X509_STORE_up_ref")
diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index 796d8aa082d..cb22647c862 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -20,6 +20,30 @@
#include "openssl_missing.h"
+/* added in 0.9.8X */
+#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
+EVP_CIPHER_CTX *
+EVP_CIPHER_CTX_new(void)
+{
+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
+ if (!ctx)
+ return NULL;
+ EVP_CIPHER_CTX_init(ctx);
+ return ctx;
+}
+#endif
+
+#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
+void
+EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+ if (ctx) {
+ EVP_CIPHER_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+#endif
+
/* added in 1.0.0 */
#if !defined(HAVE_EVP_CIPHER_CTX_COPY)
/*
@@ -46,15 +70,19 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
#if !defined(OPENSSL_NO_HMAC)
#if !defined(HAVE_HMAC_CTX_COPY)
-void
+int
HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
{
- if (!out || !in) return;
+ if (!out || !in)
+ return 0;
+
memcpy(out, in, sizeof(HMAC_CTX));
EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
+
+ return 1;
}
#endif /* HAVE_HMAC_CTX_COPY */
#endif /* NO_HMAC */
@@ -95,3 +123,49 @@ EC_curve_nist2nid(const char *name)
}
#endif
#endif
+
+/*** added in 1.1.0 ***/
+#if !defined(HAVE_HMAC_CTX_NEW)
+HMAC_CTX *
+HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
+ if (!ctx)
+ return NULL;
+ HMAC_CTX_init(ctx);
+ return ctx;
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_FREE)
+void
+HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx) {
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
+void
+X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl)
+{
+ if (psig != NULL)
+ *psig = crl->signature;
+ if (palg != NULL)
+ *palg = crl->sig_alg;
+}
+#endif
+
+#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
+void
+X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req)
+{
+ if (psig != NULL)
+ *psig = req->signature;
+ if (palg != NULL)
+ *palg = req->sig_alg;
+}
+#endif
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 22f16bf02f1..ddd07b906cd 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -10,6 +10,15 @@
#if !defined(_OSSL_OPENSSL_MISSING_H_)
#define _OSSL_OPENSSL_MISSING_H_
+/* added in 0.9.8X */
+#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+#endif
+
+#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
+#endif
+
/* added in 1.0.0 */
#if !defined(HAVE_EVP_PKEY_BASE_ID)
# define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type)
@@ -20,7 +29,20 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
#endif
#if !defined(HAVE_HMAC_CTX_COPY)
-void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+#endif
+
+#if !defined(HAVE_X509_STORE_CTX_GET0_CURRENT_CRL)
+# define X509_STORE_CTX_get0_current_crl(x) ((x)->current_crl)
+#endif
+
+#if !defined(HAVE_X509_STORE_SET_VERIFY_CB)
+# define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func
+#endif
+
+#if !defined(HAVE_I2D_ASN1_SET_ANY)
+# define i2d_ASN1_SET_ANY(sk, x) i2d_ASN1_SET_OF_ASN1_TYPE((sk), (x), \
+ i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0)
#endif
/* added in 1.0.2 */
@@ -35,7 +57,39 @@ int EC_curve_nist2nid(const char *);
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
#endif
+#if !defined(HAVE_X509_STORE_CTX_GET0_STORE)
+# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
+#endif
+
/* added in 1.1.0 */
+#if !defined(HAVE_BN_GENCB_NEW)
+# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
+#endif
+
+#if !defined(HAVE_BN_GENCB_FREE)
+# define BN_GENCB_free(cb) OPENSSL_free(cb)
+#endif
+
+#if !defined(HAVE_BN_GENCB_GET_ARG)
+# define BN_GENCB_get_arg(cb) (cb)->arg
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_NEW)
+# define EVP_MD_CTX_new EVP_MD_CTX_create
+#endif
+
+#if !defined(HAVE_EVP_MD_CTX_FREE)
+# define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
+#if !defined(HAVE_HMAC_CTX_NEW)
+HMAC_CTX *HMAC_CTX_new(void);
+#endif
+
+#if !defined(HAVE_HMAC_CTX_FREE)
+void HMAC_CTX_free(HMAC_CTX *ctx);
+#endif
+
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
# define X509_STORE_get_ex_data(x, idx) \
CRYPTO_get_ex_data(&(x)->ex_data, (idx))
@@ -49,6 +103,46 @@ int EC_curve_nist2nid(const char *);
(newf), (dupf), (freef))
#endif
+#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl);
+#endif
+
+#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
+void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req);
+#endif
+
+#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER)
+# define X509_REVOKED_get0_serialNumber(x) ((x)->serialNumber)
+#endif
+
+#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE)
+# define X509_REVOKED_get0_revocationDate(x) ((x)->revocationDate)
+#endif
+
+#if !defined(HAVE_X509_GET0_TBS_SIGALG)
+# define X509_get0_tbs_sigalg(x) ((x)->cert_info->signature)
+#endif
+
+#if !defined(HAVE_X509_STORE_CTX_GET0_UNTRUSTED)
+# define X509_STORE_CTX_get0_untrusted(x) ((x)->untrusted)
+#endif
+
+#if !defined(HAVE_X509_STORE_CTX_GET0_CERT)
+# define X509_STORE_CTX_get0_cert(x) ((x)->cert)
+#endif
+
+#if !defined(HAVE_X509_STORE_CTX_GET0_CHAIN)
+# define X509_STORE_CTX_get0_chain(ctx) X509_STORE_CTX_get_chain(ctx)
+#endif
+
+#if !defined(HAVE_OCSP_SINGLERESP_GET0_ID)
+# define OCSP_SINGLERESP_get0_id(s) ((s)->certId)
+#endif
+
+#if !defined(HAVE_SSL_CTX_GET_CIPHERS)
+# define SSL_CTX_get_ciphers(ctx) ((ctx)->cipher_list)
+#endif
+
#if !defined(HAVE_X509_UP_REF)
# define X509_up_ref(x) \
CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509)
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 9f92b92893b..83baa7b63c7 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -258,7 +258,7 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx)
proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx);
if (!proc)
- proc = (VALUE)X509_STORE_get_ex_data(ctx->ctx, ossl_store_ex_verify_cb_idx);
+ proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx);
if (!proc)
return ok;
if (!NIL_P(proc)) {
diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c
index 4398ad8ad87..6a0a21eb834 100644
--- a/ext/openssl/ossl_bn.c
+++ b/ext/openssl/ossl_bn.c
@@ -37,17 +37,12 @@ ossl_bn_free(void *ptr)
BN_clear_free(ptr);
}
-static size_t
-ossl_bn_size(const void *ptr)
-{
- return sizeof(BIGNUM);
-}
-
static const rb_data_type_t ossl_bn_type = {
"OpenSSL/BN",
- {0, ossl_bn_free, ossl_bn_size,},
- 0, 0,
- RUBY_TYPED_FREE_IMMEDIATELY,
+ {
+ 0, ossl_bn_free,
+ },
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
};
/*
diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c
index d56b3411e7b..54e363faa20 100644
--- a/ext/openssl/ossl_cipher.c
+++ b/ext/openssl/ossl_cipher.c
@@ -11,10 +11,12 @@
#define NewCipher(klass) \
TypedData_Wrap_Struct((klass), &ossl_cipher_type, 0)
-#define MakeCipher(obj, klass, ctx) \
- (obj) = TypedData_Make_Struct((klass), EVP_CIPHER_CTX, &ossl_cipher_type, (ctx))
-#define AllocCipher(obj, ctx) \
- (DATA_PTR(obj) = (ctx) = ZALLOC(EVP_CIPHER_CTX))
+#define AllocCipher(obj, ctx) do { \
+ (ctx) = EVP_CIPHER_CTX_new(); \
+ if (!(ctx)) \
+ ossl_raise(rb_eRuntimeError, NULL); \
+ RTYPEDDATA_DATA(obj) = (ctx); \
+} while (0)
#define GetCipherInit(obj, ctx) do { \
TypedData_Get_Struct((obj), EVP_CIPHER_CTX, &ossl_cipher_type, (ctx)); \
} while (0)
@@ -37,13 +39,13 @@ VALUE eCipherError;
static VALUE ossl_cipher_alloc(VALUE klass);
static void ossl_cipher_free(void *ptr);
-static size_t ossl_cipher_memsize(const void *ptr);
static const rb_data_type_t ossl_cipher_type = {
"OpenSSL/Cipher",
- {0, ossl_cipher_free, ossl_cipher_memsize,},
- 0, 0,
- RUBY_TYPED_FREE_IMMEDIATELY,
+ {
+ 0, ossl_cipher_free,
+ },
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
};
/*
@@ -67,7 +69,6 @@ ossl_cipher_new(const EVP_CIPHER *cipher)
ret = ossl_cipher_alloc(cCipher);
AllocCipher(ret, ctx);
- EVP_CIPHER_CTX_init(ctx);
if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
@@ -87,13 +88,6 @@ ossl_cipher_free(void *ptr)
}
}
-static size_t
-ossl_cipher_memsize(const void *ptr)
-{
- const EVP_CIPHER_CTX *ctx = ptr;
- return sizeof(*ctx);
-}
-
static VALUE
ossl_cipher_alloc(VALUE klass)
{
@@ -114,7 +108,7 @@ ossl_cipher_initialize(VALUE self, VALUE str)
EVP_CIPHER_CTX *ctx;
const EVP_CIPHER *cipher;
char *name;
- unsigned char key[EVP_MAX_KEY_LENGTH];
+ unsigned char dummy_key[EVP_MAX_KEY_LENGTH] = { 0 };
name = StringValueCStr(str);
GetCipherInit(self, ctx);
@@ -122,18 +116,19 @@ ossl_cipher_initialize(VALUE self, VALUE str)
ossl_raise(rb_eRuntimeError, "Cipher already inititalized!");
}
AllocCipher(self, ctx);
- EVP_CIPHER_CTX_init(ctx);
if (!(cipher = EVP_get_cipherbyname(name))) {
ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%"PRIsVALUE")", str);
}
/*
+ * EVP_CipherInit_ex() allows to specify NULL to key and IV, however some
+ * ciphers don't handle well (OpenSSL's bug). [Bug #2768]
+ *
* The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
* uninitialized key, but other EVPs (such as AES) does not allow it.
* Calling EVP_CipherUpdate() without initializing key causes SEGV so we
* set the data filled with "\0" as the key by default.
*/
- memset(key, 0, EVP_MAX_KEY_LENGTH);
- if (EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, -1) != 1)
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, dummy_key, NULL, -1) != 1)
ossl_raise(eCipherError, NULL);
return self;
diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c
index 5513cb20de6..bb4b57846ee 100644
--- a/ext/openssl/ossl_hmac.c
+++ b/ext/openssl/ossl_hmac.c
@@ -11,8 +11,8 @@
#include "ossl.h"
-#define MakeHMAC(obj, klass, ctx) \
- (obj) = TypedData_Make_Struct((klass), HMAC_CTX, &ossl_hmac_type, (ctx))
+#define NewHMAC(klass) \
+ TypedData_Wrap_Struct((klass), &ossl_hmac_type, 0)
#define GetHMAC(obj, ctx) do { \
TypedData_Get_Struct((obj), HMAC_CTX, &ossl_hmac_type, (ctx)); \
if (!(ctx)) { \
@@ -40,8 +40,7 @@ VALUE eHMACError;
static void
ossl_hmac_free(void *ctx)
{
- HMAC_CTX_cleanup(ctx);
- ruby_xfree(ctx);
+ HMAC_CTX_free(ctx);
}
static const rb_data_type_t ossl_hmac_type = {
@@ -55,11 +54,14 @@ static const rb_data_type_t ossl_hmac_type = {
static VALUE
ossl_hmac_alloc(VALUE klass)
{
- HMAC_CTX *ctx;
VALUE obj;
+ HMAC_CTX *ctx;
- MakeHMAC(obj, klass, ctx);
- HMAC_CTX_init(ctx);
+ obj = NewHMAC(klass);
+ ctx = HMAC_CTX_new();
+ if (!ctx)
+ ossl_raise(eHMACError, NULL);
+ RTYPEDDATA_DATA(obj) = ctx;
return obj;
}
@@ -107,8 +109,8 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
StringValue(key);
GetHMAC(self, ctx);
- HMAC_Init(ctx, RSTRING_PTR(key), RSTRING_LENINT(key),
- GetDigestPtr(digest));
+ HMAC_Init_ex(ctx, RSTRING_PTR(key), RSTRING_LENINT(key),
+ GetDigestPtr(digest), NULL);
return self;
}
@@ -124,7 +126,8 @@ ossl_hmac_copy(VALUE self, VALUE other)
GetHMAC(self, ctx1);
SafeGetHMAC(other, ctx2);
- HMAC_CTX_copy(ctx1, ctx2);
+ if (!HMAC_CTX_copy(ctx1, ctx2))
+ ossl_raise(eHMACError, "HMAC_CTX_copy");
return self;
}
@@ -161,16 +164,24 @@ ossl_hmac_update(VALUE self, VALUE data)
static void
hmac_final(HMAC_CTX *ctx, unsigned char **buf, unsigned int *buf_len)
{
- HMAC_CTX final;
+ HMAC_CTX *final;
+
+ final = HMAC_CTX_new();
+ if (!final)
+ ossl_raise(eHMACError, "HMAC_CTX_new");
+
+ if (!HMAC_CTX_copy(final, ctx)) {
+ HMAC_CTX_free(final);
+ ossl_raise(eHMACError, "HMAC_CTX_copy");
+ }
- HMAC_CTX_copy(&final, ctx);
- if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) {
- HMAC_CTX_cleanup(&final);
- OSSL_Debug("Allocating %d mem", HMAC_size(&final));
+ if (!(*buf = OPENSSL_malloc(HMAC_size(final)))) {
+ HMAC_CTX_free(final);
+ OSSL_Debug("Allocating %d mem", (int)HMAC_size(final));
ossl_raise(eHMACError, "Cannot allocate memory for hmac");
}
- HMAC_Final(&final, *buf, buf_len);
- HMAC_CTX_cleanup(&final);
+ HMAC_Final(final, *buf, buf_len);
+ HMAC_CTX_free(final);
}
/*
@@ -256,7 +267,7 @@ ossl_hmac_reset(VALUE self)
HMAC_CTX *ctx;
GetHMAC(self, ctx);
- HMAC_Init(ctx, NULL, 0, NULL);
+ HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
return self;
}
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index 9f44bc202be..ae15d93bfa2 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -708,8 +708,8 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
if(!NIL_P(ext)){
X509_EXTENSION *x509ext;
- sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free);
- single->singleExtensions = NULL;
+ while ((x509ext = OCSP_SINGLERESP_delete_ext(single, 0)))
+ X509_EXTENSION_free(x509ext);
for(i = 0; i < RARRAY_LEN(ext); i++){
x509ext = DupX509ExtPtr(RARRAY_AREF(ext, i));
if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
@@ -764,7 +764,7 @@ ossl_ocspbres_get_status(VALUE self)
status = OCSP_single_get0_status(single, &reason, &revtime,
&thisupd, &nextupd);
if(status < 0) continue;
- if(!(cid = OCSP_CERTID_dup(single->certId)))
+ if(!(cid = OCSP_CERTID_dup(OCSP_SINGLERESP_get0_id(single))))
ossl_raise(eOCSPError, NULL);
ary = rb_ary_new();
rb_ary_push(ary, ossl_ocspcertid_new(cid));
@@ -963,10 +963,12 @@ static VALUE
ossl_ocspcid_get_serial(VALUE self)
{
OCSP_CERTID *id;
+ ASN1_INTEGER *serial;
GetOCSPCertId(self, id);
+ OCSP_id_get0_info(NULL, NULL, NULL, &serial, id);
- return asn1integer_to_num(id->serialNumber);
+ return asn1integer_to_num(serial);
}
void
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index c59a3646546..4ae8e14e3e6 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -27,7 +27,7 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
struct ossl_generate_cb_arg *arg;
int state;
- arg = (struct ossl_generate_cb_arg *)cb->arg;
+ arg = (struct ossl_generate_cb_arg *)BN_GENCB_get_arg(cb);
if (arg->yield) {
ary = rb_ary_new2(2);
rb_ary_store(ary, 0, INT2NUM(p));
@@ -265,21 +265,26 @@ static VALUE
ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
{
EVP_PKEY *pkey;
- EVP_MD_CTX ctx;
+ const EVP_MD *md;
+ EVP_MD_CTX *ctx;
unsigned int buf_len;
VALUE str;
int result;
- if (rb_funcallv(self, id_private_q, 0, NULL) != Qtrue) {
+ if (rb_funcallv(self, id_private_q, 0, NULL) != Qtrue)
ossl_raise(rb_eArgError, "Private key is needed.");
- }
GetPKey(self, pkey);
- EVP_SignInit(&ctx, GetDigestPtr(digest));
+ md = GetDigestPtr(digest);
StringValue(data);
- EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
str = rb_str_new(0, EVP_PKEY_size(pkey)+16);
- result = EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey);
- EVP_MD_CTX_cleanup(&ctx);
+
+ ctx = EVP_MD_CTX_new();
+ if (!ctx)
+ ossl_raise(ePKeyError, "EVP_MD_CTX_new");
+ EVP_SignInit(ctx, md);
+ EVP_SignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data));
+ result = EVP_SignFinal(ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey);
+ EVP_MD_CTX_free(ctx);
if (!result)
ossl_raise(ePKeyError, NULL);
assert((long)buf_len <= RSTRING_LEN(str));
@@ -313,16 +318,22 @@ static VALUE
ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
{
EVP_PKEY *pkey;
- EVP_MD_CTX ctx;
+ const EVP_MD *md;
+ EVP_MD_CTX *ctx;
int result;
GetPKey(self, pkey);
+ md = GetDigestPtr(digest);
StringValue(sig);
StringValue(data);
- EVP_VerifyInit(&ctx, GetDigestPtr(digest));
- EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
- result = EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey);
- EVP_MD_CTX_cleanup(&ctx);
+
+ ctx = EVP_MD_CTX_new();
+ if (!ctx)
+ ossl_raise(ePKeyError, "EVP_MD_CTX_new");
+ EVP_VerifyInit(ctx, md);
+ EVP_VerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data));
+ result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey);
+ EVP_MD_CTX_free(ctx);
switch (result) {
case 0:
return Qfalse;
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 9fdc48a98e6..74402fb95e8 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -97,21 +97,24 @@ dh_blocking_gen(void *arg)
static DH *
dh_generate(int size, int gen)
{
- BN_GENCB cb;
- struct ossl_generate_cb_arg cb_arg;
+ struct ossl_generate_cb_arg cb_arg = { 0 };
struct dh_blocking_gen_arg gen_arg;
DH *dh = DH_new();
+ BN_GENCB *cb = BN_GENCB_new();
- if (!dh) return 0;
+ if (!dh || !cb) {
+ DH_free(dh);
+ BN_GENCB_free(cb);
+ return NULL;
+ }
- memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
if (rb_block_given_p())
cb_arg.yield = 1;
- BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+ BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
gen_arg.dh = dh;
gen_arg.size = size;
gen_arg.gen = gen;
- gen_arg.cb = &cb;
+ gen_arg.cb = cb;
if (cb_arg.yield == 1) {
/* we cannot release GVL when callback proc is supplied */
dh_blocking_gen(&gen_arg);
@@ -120,6 +123,7 @@ dh_generate(int size, int gen)
rb_thread_call_without_gvl(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
}
+ BN_GENCB_free(cb);
if (!gen_arg.result) {
DH_free(dh);
if (cb_arg.state) {
@@ -127,12 +131,12 @@ dh_generate(int size, int gen)
ossl_clear_error();
rb_jump_tag(cb_arg.state);
}
- return 0;
+ return NULL;
}
if (!DH_generate_key(dh)) {
DH_free(dh);
- return 0;
+ return NULL;
}
return dh;
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index a30eba85d78..28246790532 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -114,31 +114,33 @@ dsa_blocking_gen(void *arg)
static DSA *
dsa_generate(int size)
{
- BN_GENCB cb;
- struct ossl_generate_cb_arg cb_arg;
+ struct ossl_generate_cb_arg cb_arg = { 0 };
struct dsa_blocking_gen_arg gen_arg;
DSA *dsa = DSA_new();
+ BN_GENCB *cb = BN_GENCB_new();
unsigned char seed[20];
int seed_len = 20, counter;
unsigned long h;
- if (!dsa) return 0;
- if (RAND_bytes(seed, seed_len) <= 0) {
+ if (RAND_bytes(seed, seed_len) <= 0)
+ return NULL;
+
+ if (!dsa || !cb) {
DSA_free(dsa);
- return 0;
+ BN_GENCB_free(cb);
+ return NULL;
}
- memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
if (rb_block_given_p())
cb_arg.yield = 1;
- BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+ BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
gen_arg.dsa = dsa;
gen_arg.size = size;
gen_arg.seed = seed;
gen_arg.seed_len = seed_len;
gen_arg.counter = &counter;
gen_arg.h = &h;
- gen_arg.cb = &cb;
+ gen_arg.cb = cb;
if (cb_arg.yield == 1) {
/* we cannot release GVL when callback proc is supplied */
dsa_blocking_gen(&gen_arg);
@@ -146,6 +148,8 @@ dsa_generate(int size)
/* there's a chance to unblock */
rb_thread_call_without_gvl(dsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
}
+
+ BN_GENCB_free(cb);
if (!gen_arg.result) {
DSA_free(dsa);
if (cb_arg.state) {
@@ -156,12 +160,12 @@ dsa_generate(int size)
ossl_clear_error();
rb_jump_tag(cb_arg.state);
}
- return 0;
+ return NULL;
}
if (!DSA_generate_key(dsa)) {
DSA_free(dsa);
- return 0;
+ return NULL;
}
return dsa;
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 5d9bcb96be2..1ee45d0f17c 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -114,35 +114,36 @@ static RSA *
rsa_generate(int size, unsigned long exp)
{
int i;
- BN_GENCB cb;
- struct ossl_generate_cb_arg cb_arg;
+ struct ossl_generate_cb_arg cb_arg = { 0 };
struct rsa_blocking_gen_arg gen_arg;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
+ BN_GENCB *cb = BN_GENCB_new();
- if (!rsa || !e) {
- if (e) BN_free(e);
- if (rsa) RSA_free(rsa);
- return 0;
+ if (!rsa || !e || !cb) {
+ RSA_free(rsa);
+ BN_free(e);
+ BN_GENCB_free(cb);
+ return NULL;
}
for (i = 0; i < (int)sizeof(exp) * 8; ++i) {
if (exp & (1UL << i)) {
if (BN_set_bit(e, i) == 0) {
BN_free(e);
RSA_free(rsa);
- return 0;
+ BN_GENCB_free(cb);
+ return NULL;
}
}
}
- memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
if (rb_block_given_p())
cb_arg.yield = 1;
- BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+ BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
gen_arg.rsa = rsa;
gen_arg.e = e;
gen_arg.size = size;
- gen_arg.cb = &cb;
+ gen_arg.cb = cb;
if (cb_arg.yield == 1) {
/* we cannot release GVL when callback proc is supplied */
rsa_blocking_gen(&gen_arg);
@@ -150,18 +151,19 @@ rsa_generate(int size, unsigned long exp)
/* there's a chance to unblock */
rb_thread_call_without_gvl(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
}
+
+ BN_GENCB_free(cb);
+ BN_free(e);
if (!gen_arg.result) {
- BN_free(e);
RSA_free(rsa);
if (cb_arg.state) {
/* must clear OpenSSL error stack */
ossl_clear_error();
rb_jump_tag(cb_arg.state);
}
- return 0;
+ return NULL;
}
- BN_free(e);
return rsa;
}
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index fd1ad746b90..4aca99fb6d8 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -922,7 +922,7 @@ ossl_sslctx_get_ciphers(VALUE self)
rb_warning("SSL_CTX is not initialized.");
return Qnil;
}
- ciphers = ctx->cipher_list;
+ ciphers = SSL_CTX_get_ciphers(ctx);
if (!ciphers)
return rb_ary_new();
diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c
index 1b6df55c00a..4836891d73e 100644
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@@ -76,13 +76,22 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
#if HAVE_SSL_SESSION_CMP == 0
int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
{
- if (a->ssl_version != b->ssl_version ||
- a->session_id_length != b->session_id_length)
+ unsigned int a_len;
+ const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len);
+ unsigned int b_len;
+ const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len);
+
+#if !defined(HAVE_OPAQUE_OPENSSL) /* missing SSL_SESSION_get_ssl_version() ? */
+ if (a->ssl_version != b->ssl_version)
+ return 1;
+#endif
+ if (a_len != b_len)
return 1;
+
#if defined(_WIN32)
- return memcmp(a->session_id, b->session_id, a->session_id_length);
+ return memcmp(a_sid, b_sid, a_len);
#else
- return CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length);
+ return CRYPTO_memcmp(a_sid, b_sid, a_len);
#endif
}
#endif
diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c
index 7cd3fe6dfd8..78ce236d96f 100644
--- a/ext/openssl/ossl_x509attr.c
+++ b/ext/openssl/ossl_x509attr.c
@@ -186,22 +186,37 @@ static VALUE
ossl_x509attr_set_value(VALUE self, VALUE value)
{
X509_ATTRIBUTE *attr;
- ASN1_TYPE *a1type;
+ VALUE asn1_value;
+ int i, asn1_tag;
OSSL_Check_Kind(value, cASN1Data);
- if(!(a1type = ossl_asn1_get_asn1type(value)))
- ossl_raise(eASN1Error, "could not get ASN1_TYPE");
- if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){
- ASN1_TYPE_free(a1type);
- ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value.");
- }
+ asn1_tag = NUM2INT(rb_attr_get(value, rb_intern("@tag")));
+ asn1_value = rb_attr_get(value, rb_intern("@value"));
+ if (asn1_tag != V_ASN1_SET)
+ ossl_raise(eASN1Error, "argument must be ASN1::Set");
+ if (!RB_TYPE_P(asn1_value, T_ARRAY))
+ ossl_raise(eASN1Error, "ASN1::Set has non-array value");
+
GetX509Attr(self, attr);
- if(attr->value.set){
- if(attr->single) ASN1_TYPE_free(attr->value.single);
- else sk_ASN1_TYPE_free(attr->value.set);
+ if (X509_ATTRIBUTE_count(attr)) { /* populated, reset first */
+ ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
+ X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, 0, NULL, -1);
+ if (!new_attr)
+ ossl_raise(eX509AttrError, NULL);
+ SetX509Attr(self, new_attr);
+ X509_ATTRIBUTE_free(attr);
+ attr = new_attr;
+ }
+
+ for (i = 0; i < RARRAY_LEN(asn1_value); i++) {
+ ASN1_TYPE *a1type = ossl_asn1_get_asn1type(RARRAY_AREF(asn1_value, i));
+ if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type),
+ a1type->value.ptr, -1)) {
+ ASN1_TYPE_free(a1type);
+ ossl_raise(eX509AttrError, NULL);
+ }
+ ASN1_TYPE_free(a1type);
}
- attr->single = 1;
- attr->value.single = a1type;
return value;
}
@@ -214,32 +229,34 @@ static VALUE
ossl_x509attr_get_value(VALUE self)
{
X509_ATTRIBUTE *attr;
- VALUE str, asn1;
- long length;
+ STACK_OF(ASN1_TYPE) *sk;
+ VALUE str;
+ int i, count, len;
unsigned char *p;
GetX509Attr(self, attr);
- if(attr->value.ptr == NULL) return Qnil;
- if(attr->single){
- length = i2d_ASN1_TYPE(attr->value.single, NULL);
- str = rb_str_new(0, length);
- p = (unsigned char *)RSTRING_PTR(str);
- i2d_ASN1_TYPE(attr->value.single, &p);
- ossl_str_adjust(str, p);
+ /* there is no X509_ATTRIBUTE_get0_set() :( */
+ if (!(sk = sk_ASN1_TYPE_new_null()))
+ ossl_raise(eX509AttrError, "sk_new");
+
+ count = X509_ATTRIBUTE_count(attr);
+ for (i = 0; i < count; i++)
+ sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
+
+ if ((len = i2d_ASN1_SET_ANY(sk, NULL)) <= 0) {
+ sk_ASN1_TYPE_free(sk);
+ ossl_raise(eX509AttrError, NULL);
}
- else{
- length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
- (unsigned char **) NULL, i2d_ASN1_TYPE,
- V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
- str = rb_str_new(0, length);
- p = (unsigned char *)RSTRING_PTR(str);
- i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
- ossl_str_adjust(str, p);
+ str = rb_str_new(0, len);
+ p = (unsigned char *)RSTRING_PTR(str);
+ if (i2d_ASN1_SET_ANY(sk, &p) <= 0) {
+ sk_ASN1_TYPE_free(sk);
+ ossl_raise(eX509AttrError, NULL);
}
- asn1 = rb_funcall(mASN1, rb_intern("decode"), 1, str);
+ ossl_str_adjust(str, p);
+ sk_ASN1_TYPE_free(sk);
- return asn1;
+ return rb_funcall(mASN1, rb_intern("decode"), 1, str);
}
/*
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index ca73a15e3ab..a7e37960e5d 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -349,9 +349,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
X509 *x509;
GetX509(self, x509);
-
- x509->cert_info->serialNumber =
- num_to_asn1integer(num, X509_get_serialNumber(x509));
+ X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));
return num;
}
@@ -371,7 +369,7 @@ ossl_x509_get_signature_algorithm(VALUE self)
out = BIO_new(BIO_s_mem());
if (!out) ossl_raise(eX509CertError, NULL);
- if (!i2a_ASN1_OBJECT(out, x509->cert_info->signature->algorithm)) {
+ if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) {
BIO_free(out);
ossl_raise(eX509CertError, NULL);
}
@@ -666,8 +664,8 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509(self, x509);
- sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free);
- x509->cert_info->extensions = NULL;
+ while ((ext = X509_delete_ext(x509, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index 3dd94a19f95..2cbe4f941f2 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -180,6 +180,7 @@ static VALUE
ossl_x509crl_get_signature_algorithm(VALUE self)
{
X509_CRL *crl;
+ X509_ALGOR *alg;
BIO *out;
BUF_MEM *buf;
VALUE str;
@@ -188,7 +189,8 @@ ossl_x509crl_get_signature_algorithm(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eX509CRLError, NULL);
}
- if (!i2a_ASN1_OBJECT(out, crl->sig_alg->algorithm)) {
+ X509_CRL_get0_signature(NULL, &alg, crl);
+ if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
BIO_free(out);
ossl_raise(eX509CRLError, NULL);
}
@@ -237,7 +239,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
X509_CRL *crl;
GetX509CRL(self, crl);
- if (!ossl_x509_time_adjust(crl->crl->lastUpdate, time))
+ if (!ossl_x509_time_adjust(X509_CRL_get_lastUpdate(crl), time))
ossl_raise(eX509CRLError, NULL);
return time;
@@ -257,11 +259,21 @@ static VALUE
ossl_x509crl_set_next_update(VALUE self, VALUE time)
{
X509_CRL *crl;
+ ASN1_TIME *orig, *new;
GetX509CRL(self, crl);
- /* crl->crl->nextUpdate may be NULL at this time */
- if (!(crl->crl->nextUpdate = ossl_x509_time_adjust(crl->crl->nextUpdate, time)))
+ /* orig may be NULL at this time; in this case a new ASN1_TIME is created */
+ orig = X509_CRL_get_nextUpdate(crl);
+ new = ossl_x509_time_adjust(orig, time);
+
+ if (!X509_CRL_set_nextUpdate(crl, new)) {
+ if (!orig)
+ ASN1_TIME_free(new);
ossl_raise(eX509CRLError, NULL);
+ }
+ /* X509_CRL_set_nextUpdate() dups when orig != new */
+ if (!orig)
+ ASN1_TIME_free(new);
return time;
}
@@ -304,8 +316,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
}
GetX509CRL(self, crl);
- sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free);
- crl->crl->revoked = NULL;
+ sk_X509_REVOKED_pop_free(X509_CRL_get_REVOKED(crl), X509_REVOKED_free);
for (i=0; i<RARRAY_LEN(ary); i++) {
rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
@@ -478,8 +489,8 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509CRL(self, crl);
- sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
- crl->crl->extensions = NULL;
+ while ((ext = X509_CRL_delete_ext(crl, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index a0e28e29ec4..ff307c06264 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -282,6 +282,7 @@ ossl_x509name_to_a(VALUE self)
char long_name[512];
const char *short_name;
VALUE ary, vname, ret;
+ ASN1_STRING *value;
GetX509Name(self, name);
entries = X509_NAME_entry_count(name);
@@ -294,7 +295,8 @@ ossl_x509name_to_a(VALUE self)
if (!(entry = X509_NAME_get_entry(name, i))) {
ossl_raise(eX509NameError, NULL);
}
- if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) {
+ if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name),
+ X509_NAME_ENTRY_get_object(entry))) {
ossl_raise(eX509NameError, NULL);
}
nid = OBJ_ln2nid(long_name);
@@ -304,10 +306,11 @@ ossl_x509name_to_a(VALUE self)
short_name = OBJ_nid2sn(nid);
vname = rb_str_new2(short_name); /*do not free*/
}
+ value = X509_NAME_ENTRY_get_data(entry);
ary = rb_ary_new3(3,
vname,
- rb_str_new((const char *)entry->value->data, entry->value->length),
- INT2FIX(entry->value->type));
+ rb_str_new((const char *)value->data, value->length),
+ INT2FIX(value->type));
rb_ary_push(ret, ary);
}
return ret;
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index c1cdca5fbe1..9025d4fe285 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -302,6 +302,7 @@ static VALUE
ossl_x509req_get_signature_algorithm(VALUE self)
{
X509_REQ *req;
+ X509_ALGOR *alg;
BIO *out;
BUF_MEM *buf;
VALUE str;
@@ -311,7 +312,8 @@ ossl_x509req_get_signature_algorithm(VALUE self)
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eX509ReqError, NULL);
}
- if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) {
+ X509_REQ_get0_signature(NULL, &alg, req);
+ if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
BIO_free(out);
ossl_raise(eX509ReqError, NULL);
}
@@ -426,8 +428,8 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
}
GetX509Req(self, req);
- sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
- req->req_info->attributes = NULL;
+ while ((attr = X509_REQ_delete_attr(req, 0)))
+ X509_ATTRIBUTE_free(attr);
for (i=0;i<RARRAY_LEN(ary); i++) {
item = RARRAY_AREF(ary, i);
attr = DupX509AttrPtr(item);
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c
index fc1a7d13375..067bec8cd41 100644
--- a/ext/openssl/ossl_x509revoked.c
+++ b/ext/openssl/ossl_x509revoked.c
@@ -116,16 +116,18 @@ ossl_x509revoked_get_serial(VALUE self)
GetX509Rev(self, rev);
- return asn1integer_to_num(rev->serialNumber);
+ return asn1integer_to_num(X509_REVOKED_get0_serialNumber(rev));
}
static VALUE
ossl_x509revoked_set_serial(VALUE self, VALUE num)
{
X509_REVOKED *rev;
+ ASN1_INTEGER *ai;
GetX509Rev(self, rev);
- rev->serialNumber = num_to_asn1integer(num, rev->serialNumber);
+ ai = X509_REVOKED_get0_serialNumber(rev);
+ X509_REVOKED_set_serialNumber(rev, num_to_asn1integer(num, ai));
return num;
}
@@ -137,7 +139,7 @@ ossl_x509revoked_get_time(VALUE self)
GetX509Rev(self, rev);
- return asn1time_to_time(rev->revocationDate);
+ return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev));
}
static VALUE
@@ -146,7 +148,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time)
X509_REVOKED *rev;
GetX509Rev(self, rev);
- if (!ossl_x509_time_adjust(rev->revocationDate, time))
+ if (!ossl_x509_time_adjust(X509_REVOKED_get0_revocationDate(rev), time))
ossl_raise(eX509RevError, NULL);
return time;
@@ -193,8 +195,8 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
}
GetX509Rev(self, rev);
- sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
- rev->extensions = NULL;
+ while ((ext = X509_REVOKED_delete_ext(rev, 0)))
+ X509_EXTENSION_free(ext);
for (i=0; i<RARRAY_LEN(ary); i++) {
item = RARRAY_AREF(ary, i);
ext = DupX509ExtPtr(item);
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index a98c182c5a9..26426d18322 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -149,8 +149,11 @@ ossl_x509store_initialize(int argc, VALUE *argv, VALUE self)
/* BUG: This method takes any number of arguments but appears to ignore them. */
GetX509Store(self, store);
+#if !defined(HAVE_OPAQUE_OPENSSL)
+ /* [Bug #405] [Bug #1678] [Bug #3000]; already fixed? */
store->ex_data.sk = NULL;
- X509_STORE_set_verify_cb_func(store, ossl_verify_cb);
+#endif
+ X509_STORE_set_verify_cb(store, ossl_verify_cb);
ossl_x509store_set_vfy_cb(self, Qnil);
/* last verification status */
@@ -382,10 +385,10 @@ static void
ossl_x509stctx_free(void *ptr)
{
X509_STORE_CTX *ctx = ptr;
- if(ctx->untrusted)
- sk_X509_pop_free(ctx->untrusted, X509_free);
- if(ctx->cert)
- X509_free(ctx->cert);
+ if (X509_STORE_CTX_get0_untrusted(ctx))
+ sk_X509_pop_free(X509_STORE_CTX_get0_untrusted(ctx), X509_free);
+ if (X509_STORE_CTX_get0_cert(ctx))
+ X509_free(X509_STORE_CTX_get0_cert(ctx));
X509_STORE_CTX_free(ctx);
}
@@ -465,7 +468,7 @@ ossl_x509stctx_get_chain(VALUE self)
VALUE ary;
GetX509StCtx(self, ctx);
- if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){
+ if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){
return Qnil;
}
if((num = sk_X509_num(chain)) < 0){
@@ -538,11 +541,14 @@ static VALUE
ossl_x509stctx_get_curr_crl(VALUE self)
{
X509_STORE_CTX *ctx;
+ X509_CRL *crl;
GetX509StCtx(self, ctx);
- if(!ctx->current_crl) return Qnil;
+ crl = X509_STORE_CTX_get0_current_crl(ctx);
+ if (!crl)
+ return Qnil;
- return ossl_x509crl_new(ctx->current_crl);
+ return ossl_x509crl_new(crl);
}
static VALUE