From d89b8333c5bf7b319f0ab774951dfa53993ebdc1 Mon Sep 17 00:00:00 2001 From: matz Date: Wed, 15 Dec 2004 01:54:40 +0000 Subject: * ext/openssl/ossl_digest.c (ossl_digest_initialize): [ruby-dev:25198] * lib/cgi/session.rb (CGI::Session::initialize): generate new session if given session_id does not exist. [ruby-list:40368] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7556 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_bn.c | 22 +++++++++------------- ext/openssl/ossl_cipher.c | 19 +++++++++++-------- ext/openssl/ossl_config.c | 14 +++++++++----- ext/openssl/ossl_digest.c | 10 +++++----- ext/openssl/ossl_engine.c | 3 ++- ext/openssl/ossl_hmac.c | 4 ++-- ext/openssl/ossl_ns_spki.c | 2 +- ext/openssl/ossl_ocsp.c | 32 ++++++++++++++++++-------------- ext/openssl/ossl_pkcs7.c | 17 ++++++++--------- ext/openssl/ossl_ssl.c | 20 +++++++++----------- ext/openssl/ossl_x509attr.c | 4 ++-- ext/openssl/ossl_x509cert.c | 15 +++++++-------- ext/openssl/ossl_x509crl.c | 12 +++++------- ext/openssl/ossl_x509ext.c | 7 ++++--- ext/openssl/ossl_x509name.c | 31 +++++++++++++++++-------------- ext/openssl/ossl_x509req.c | 6 +++--- ext/openssl/ossl_x509revoked.c | 4 ++-- ext/openssl/ossl_x509store.c | 20 +++++++++++++------- 18 files changed, 127 insertions(+), 115 deletions(-) (limited to 'ext/openssl') diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index c3a371a008..47a607e60f 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -107,11 +107,11 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) VALUE str, bs; int base = 10; - GetBN(self, bn); - if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) { base = NUM2INT(bs); } + StringValue(str); + GetBN(self, bn); if (RTEST(rb_obj_is_kind_of(str, cBN))) { BIGNUM *other; @@ -121,8 +121,6 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) } return self; } - str = rb_String(str); - StringValue(str); switch (base) { case 0: @@ -159,11 +157,10 @@ ossl_bn_to_s(int argc, VALUE *argv, VALUE self) int base = 10, len; char *buf; - GetBN(self, bn); - if (rb_scan_args(argc, argv, "01", &bs) == 1) { base = NUM2INT(bs); } + GetBN(self, bn); switch (base) { case 0: len = BN_bn2mpi(bn, NULL); @@ -380,11 +377,12 @@ BIGNUM_BIT(mask_bits); static VALUE ossl_bn_is_bit_set(VALUE self, VALUE bit) { + int b; BIGNUM *bn; + b = NUM2INT(bit); GetBN(self, bn); - - if (BN_is_bit_set(bn, NUM2INT(bit))) { + if (BN_is_bit_set(bn, b)) { return Qtrue; } return Qfalse; @@ -397,8 +395,8 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit) BIGNUM *bn, *result; \ int b; \ VALUE obj; \ - GetBN(self, bn); \ b = NUM2INT(bits); \ + GetBN(self, bn); \ if (!(result = BN_new())) { \ ossl_raise(eBNError, NULL); \ } \ @@ -550,11 +548,10 @@ ossl_bn_is_prime(int argc, VALUE *argv, VALUE self) VALUE vchecks; int checks = BN_prime_checks; - GetBN(self, bn); - if (rb_scan_args(argc, argv, "01", &vchecks) == 0) { checks = NUM2INT(vchecks); } + GetBN(self, bn); switch (BN_is_prime(bn, checks, NULL, ossl_bn_ctx, NULL)) { case 1: return Qtrue; @@ -574,13 +571,12 @@ ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) VALUE vchecks, vtrivdiv; int checks = BN_prime_checks, do_trial_division = 1; - GetBN(self, bn); - rb_scan_args(argc, argv, "02", &vchecks, &vtrivdiv); if (!NIL_P(vchecks)) { checks = NUM2INT(vchecks); } + GetBN(self, bn); /* handle true/false */ if (vtrivdiv == Qfalse) { do_trial_division = 0; diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 98468e0f28..11edd9a32f 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -91,10 +91,8 @@ ossl_cipher_initialize(VALUE self, VALUE str) const EVP_CIPHER *cipher; char *name; - GetCipher(self, ctx); - name = StringValuePtr(str); - + GetCipher(self, ctx); if (!(cipher = EVP_get_cipherbyname(name))) { ossl_raise(rb_eRuntimeError, "Unsupported cipher algorithm (%s).", name); } @@ -139,7 +137,6 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode) unsigned char iv[EVP_MAX_IV_LENGTH], *p_iv = NULL; VALUE pass, init_v; - GetCipher(self, ctx); if(rb_scan_args(argc, argv, "02", &pass, &init_v) > 0){ /* * oops. this code mistakes salt for IV. @@ -147,6 +144,7 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode) * keeping this behaviour for backward compatibility. */ StringValue(pass); + GetCipher(self, ctx); if (NIL_P(init_v)) memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv)); else{ char *cname = rb_class2name(rb_obj_class(self)); @@ -164,6 +162,9 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode) p_key = key; p_iv = iv; } + else { + GetCipher(self, ctx); + } if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) { ossl_raise(eCipherError, NULL); } @@ -192,7 +193,6 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH], *salt = NULL; int iter; - GetCipher(self, ctx); rb_scan_args(argc, argv, "13", &vpass, &vsalt, &viter, &vdigest); StringValue(vpass); if(!NIL_P(vsalt)){ @@ -203,6 +203,7 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) } iter = NIL_P(viter) ? 2048 : NUM2INT(viter); digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest); + GetCipher(self, ctx); EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt, RSTRING(vpass)->ptr, RSTRING(vpass)->len, iter, key, iv); if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) @@ -221,10 +222,10 @@ ossl_cipher_update(VALUE self, VALUE data) int in_len, out_len; VALUE str; - GetCipher(self, ctx); StringValue(data); in = RSTRING(data)->ptr; in_len = RSTRING(data)->len; + GetCipher(self, ctx); str = rb_str_new(0, in_len+EVP_CIPHER_CTX_block_size(ctx)); if (!EVP_CipherUpdate(ctx, RSTRING(str)->ptr, &out_len, in, in_len)) ossl_raise(eCipherError, NULL); @@ -311,9 +312,10 @@ static VALUE ossl_cipher_set_key_length(VALUE self, VALUE key_length) { EVP_CIPHER_CTX *ctx; + int len = NUM2INT(key_length); GetCipher(self, ctx); - if (EVP_CIPHER_CTX_set_key_length(ctx, NUM2INT(key_length)) != 1) + if (EVP_CIPHER_CTX_set_key_length(ctx, len) != 1) ossl_raise(eCipherError, NULL); return key_length; @@ -324,9 +326,10 @@ ossl_cipher_set_padding(VALUE self, VALUE padding) { #if defined(HAVE_EVP_CIPHER_CTX_SET_PADDING) EVP_CIPHER_CTX *ctx; + int pad = NUM2INT(padding); GetCipher(self, ctx); - if (EVP_CIPHER_CTX_set_padding(ctx, NUM2INT(padding)) != 1) + if (EVP_CIPHER_CTX_set_padding(ctx, pad) != 1) ossl_raise(eCipherError, NULL); #else rb_notimplement(); diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c index 37abff508b..ef89fdfe0d 100644 --- a/ext/openssl/ossl_config.c +++ b/ext/openssl/ossl_config.c @@ -119,8 +119,8 @@ ossl_config_copy(VALUE self, VALUE other) VALUE str; CONF *conf; - GetConfig(other, conf); str = rb_funcall(self, rb_intern("to_s"), 0); + GetConfig(other, conf); parse_config(str, conf); return self; @@ -134,11 +134,11 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self) char *filename; VALUE path; - GetConfig(self, conf); rb_scan_args(argc, argv, "01", &path); if(!NIL_P(path)){ SafeStringValue(path); filename = StringValuePtr(path); + GetConfig(self, conf); if (!NCONF_load(conf, filename, &eline)){ if (eline <= 0) ossl_raise(eConfigError, "wrong config file %s", filename); @@ -149,7 +149,10 @@ ossl_config_initialize(int argc, VALUE *argv, VALUE self) #ifdef OSSL_NO_CONF_API else rb_raise(rb_eArgError, "wrong number of arguments (0 for 1)"); #else - else _CONF_new_data(conf); + else { + GetConfig(self, conf); + _CONF_new_data(conf); + } #endif return self; @@ -164,10 +167,10 @@ ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) CONF *conf; CONF_VALUE *sv, *cv; - GetConfig(self, conf); StringValue(section); StringValue(name); StringValue(value); + GetConfig(self, conf); if(!(sv = _CONF_get_section(conf, RSTRING(section)->ptr))){ if(!(sv = _CONF_new_section(conf, RSTRING(section)->ptr))){ ossl_raise(eConfigError, NULL); @@ -195,9 +198,9 @@ ossl_config_get_value(VALUE self, VALUE section, VALUE name) CONF *conf; char *str; - GetConfig(self, conf); StringValue(section); StringValue(name); + GetConfig(self, conf); str = NCONF_get_string(conf, RSTRING(section)->ptr, RSTRING(name)->ptr); if(!str){ ERR_clear_error(); @@ -261,6 +264,7 @@ ossl_config_get_section(VALUE self, VALUE section) VALUE hash; hash = rb_hash_new(); + StringValue(section); GetConfig(self, conf); if (!(sk = NCONF_get_section(conf, StringValuePtr(section)))) { ERR_clear_error(); diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c index 8ad9f01dc4..d22f022442 100644 --- a/ext/openssl/ossl_digest.c +++ b/ext/openssl/ossl_digest.c @@ -85,16 +85,16 @@ ossl_digest_initialize(int argc, VALUE *argv, VALUE self) char *name; VALUE type, data; - GetDigest(self, ctx); - rb_scan_args(argc, argv, "11", &type, &data); - name = StringValuePtr(type); + StringValue(type); if (!NIL_P(data)) StringValue(data); + name = StringValuePtr(type); md = EVP_get_digestbyname(name); if (!md) { ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name); } + GetDigest(self, ctx); EVP_DigestInit_ex(ctx, md, NULL); if (!NIL_P(data)) return ossl_digest_update(self, data); @@ -134,8 +134,8 @@ ossl_digest_update(VALUE self, VALUE data) { EVP_MD_CTX *ctx; - GetDigest(self, ctx); StringValue(data); + GetDigest(self, ctx); EVP_DigestUpdate(ctx, RSTRING(data)->ptr, RSTRING(data)->len); return self; @@ -218,13 +218,13 @@ ossl_digest_equal(VALUE self, VALUE other) EVP_MD_CTX *ctx; VALUE str1, str2; - GetDigest(self, ctx); if (rb_obj_is_kind_of(other, cDigest) == Qtrue) { str2 = ossl_digest_digest(other); } else { StringValue(other); str2 = other; } + GetDigest(self, ctx); if (RSTRING(str2)->len == EVP_MD_CTX_size(ctx)) { str1 = ossl_digest_digest(self); } else { diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index 91025941b9..71ab373223 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -253,9 +253,10 @@ static VALUE ossl_engine_set_default(VALUE self, VALUE flag) { ENGINE *e; + int f = NUM2INT(flag); GetEngine(self, e); - ENGINE_set_default(e, NUM2INT(flag)); + ENGINE_set_default(e, f); return Qtrue; } diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index fb3d0a6a8f..ca5917518f 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -62,8 +62,8 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) { HMAC_CTX *ctx; - GetHMAC(self, ctx); StringValue(key); + GetHMAC(self, ctx); HMAC_Init_ex(ctx, RSTRING(key)->ptr, RSTRING(key)->len, GetDigestPtr(digest), NULL); @@ -92,8 +92,8 @@ ossl_hmac_update(VALUE self, VALUE data) { HMAC_CTX *ctx; - GetHMAC(self, ctx); StringValue(data); + GetHMAC(self, ctx); HMAC_Update(ctx, RSTRING(data)->ptr, RSTRING(data)->len); return self; diff --git a/ext/openssl/ossl_ns_spki.c b/ext/openssl/ossl_ns_spki.c index 9aed773edc..37fd88e3ba 100644 --- a/ext/openssl/ossl_ns_spki.c +++ b/ext/openssl/ossl_ns_spki.c @@ -172,9 +172,9 @@ ossl_spki_sign(VALUE self, VALUE key, VALUE digest) EVP_PKEY *pkey; const EVP_MD *md; - GetSPKI(self, spki); pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ md = GetDigestPtr(digest); + GetSPKI(self, spki); if (!NETSCAPE_SPKI_sign(spki, pkey, md)) { ossl_raise(eSPKIError, NULL); } diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index d1f1b84127..f88f749941 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -127,11 +127,13 @@ ossl_ocspreq_add_nonce(int argc, VALUE *argv, VALUE self) int ret; rb_scan_args(argc, argv, "01", &val); - GetOCSPReq(self, req); - if(NIL_P(val)) + if(NIL_P(val)) { + GetOCSPReq(self, req); ret = OCSP_request_add1_nonce(req, NULL, -1); + } else{ StringValue(val); + GetOCSPReq(self, req); ret = OCSP_request_add1_nonce(req, RSTRING(val)->ptr, RSTRING(val)->len); } if(!ret) ossl_raise(eOCSPError, NULL); @@ -214,7 +216,6 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) int ret; rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags); - GetOCSPReq(self, req); signer = GetX509CertPtr(signer_cert); key = GetPrivPKeyPtr(signer_key); flg = NIL_P(flags) ? 0 : NUM2INT(flags); @@ -223,6 +224,7 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) flags |= OCSP_NOCERTS; } else x509s = ossl_x509_ary2sk(certs); + GetOCSPReq(self, req); ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg); sk_X509_pop_free(x509s, X509_free); if(!ret) ossl_raise(eOCSPError, NULL); @@ -240,10 +242,10 @@ ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self) int flg, result; rb_scan_args(argc, argv, "21", &certs, &store, &flags); - GetOCSPReq(self, req); x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : INT2NUM(flags); x509s = ossl_x509_ary2sk(certs); + GetOCSPReq(self, req); result = OCSP_request_verify(req, x509s, x509st, flg); sk_X509_pop_free(x509s, X509_free); if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL)); @@ -259,12 +261,11 @@ ossl_ocspreq_to_der(VALUE self) unsigned char *p; long len; - GetOCSPReq(self, req); - if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); p = RSTRING(str)->ptr; + GetOCSPReq(self, req); if(i2d_OCSP_REQUEST(req, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); @@ -281,10 +282,11 @@ ossl_ocspres_s_create(VALUE klass, VALUE status, VALUE basic_resp) OCSP_BASICRESP *bs; OCSP_RESPONSE *res; VALUE obj; + int st = NUM2INT(status); if(NIL_P(basic_resp)) bs = NULL; else GetOCSPBasicRes(basic_resp, bs); /* NO NEED TO DUP */ - if(!(res = OCSP_response_create(NUM2INT(status), bs))) + if(!(res = OCSP_response_create(st, bs))) ossl_raise(eOCSPError, NULL); WrapOCSPRes(klass, obj, res); @@ -426,12 +428,14 @@ ossl_ocspbres_add_nonce(int argc, VALUE *argv, VALUE self) VALUE val; int ret; - GetOCSPBasicRes(self, bs); rb_scan_args(argc, argv, "01", &val); - if(NIL_P(val)) + if(NIL_P(val)) { + GetOCSPBasicRes(self, bs); ret = OCSP_basic_add1_nonce(bs, NULL, -1); + } else{ StringValue(val); + GetOCSPBasicRes(self, bs); ret = OCSP_basic_add1_nonce(bs, RSTRING(val)->ptr, RSTRING(val)->len); } if(!ret) ossl_raise(eOCSPError, NULL); @@ -452,8 +456,6 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, int error, i, rstatus = 0; VALUE tmp; - GetOCSPBasicRes(self, bs); - SafeGetOCSPCertId(cid, id); st = NUM2INT(status); rsn = NIL_P(status) ? 0 : NUM2INT(reason); if(!NIL_P(ext)){ @@ -477,6 +479,8 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, if(rstatus) goto err; nxt = X509_gmtime_adj(NULL, NUM2INT(tmp)); + GetOCSPBasicRes(self, bs); + SafeGetOCSPCertId(cid, id); if(!(single = OCSP_basic_add1_status(bs, id, st, rsn, rev, ths, nxt))){ error = 1; goto err; @@ -564,7 +568,6 @@ ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self) int ret; rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags); - GetOCSPBasicRes(self, bs); signer = GetX509CertPtr(signer_cert); key = GetPrivPKeyPtr(signer_key); flg = NIL_P(flags) ? 0 : NUM2INT(flags); @@ -575,6 +578,7 @@ ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self) else{ x509s = ossl_x509_ary2sk(certs); } + GetOCSPBasicRes(self, bs); ret = OCSP_basic_sign(bs, signer, key, EVP_sha1(), x509s, flg); sk_X509_pop_free(x509s, X509_free); if(!ret) ossl_raise(eOCSPError, NULL); @@ -592,10 +596,10 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self) int flg, result; rb_scan_args(argc, argv, "21", &certs, &store, &flags); - GetOCSPBasicRes(self, bs); x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : INT2NUM(flags); x509s = ossl_x509_ary2sk(certs); + GetOCSPBasicRes(self, bs); result = OCSP_basic_verify(bs, x509s, x509st, flg); sk_X509_pop_free(x509s, X509_free); if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL)); @@ -625,11 +629,11 @@ ossl_ocspcid_initialize(VALUE self, VALUE subject, VALUE issuer) OCSP_CERTID *id, *newid; X509 *x509s, *x509i; - GetOCSPCertId(self, id); x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */ x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */ if(!(newid = OCSP_cert_to_id(NULL, x509s, x509i))) ossl_raise(eOCSPError, NULL); + GetOCSPCertId(self, id); OCSP_CERTID_free(id); RDATA(self)->data = newid; diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index 57825e8bb1..8d4b1f206e 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -122,9 +122,9 @@ ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass) int flg; rb_scan_args(argc, argv, "12", &pkcs7, &data, &flags); - SafeGetPKCS7(pkcs7, p7); flg = NIL_P(flags) ? 0 : NUM2INT(flags); if(NIL_P(data)) data = ossl_pkcs7_get_data(pkcs7); + SafeGetPKCS7(pkcs7, p7); if(!NIL_P(data) && PKCS7_is_detached(p7)) flg |= PKCS7_DETACHED; in = NIL_P(data) ? NULL : ossl_obj2bio(data); @@ -400,8 +400,8 @@ ossl_pkcs7_add_signer(VALUE self, VALUE signer) PKCS7 *pkcs7; PKCS7_SIGNER_INFO *p7si; - GetPKCS7(self, pkcs7); p7si = DupPKCS7SignerPtr(signer); /* NEED TO DUP */ + GetPKCS7(self, pkcs7); if (!PKCS7_add_signer(pkcs7, p7si)) { PKCS7_SIGNER_INFO_free(p7si); ossl_raise(ePKCS7Error, "Could not add signer."); @@ -447,7 +447,6 @@ ossl_pkcs7_add_recipient(VALUE self, VALUE cert) PKCS7_RECIP_INFO *ri; X509 *x509; - GetPKCS7(self, pkcs7); x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ if (!(ri = PKCS7_RECIP_INFO_new())) { ossl_raise(ePKCS7Error, NULL); @@ -456,6 +455,7 @@ ossl_pkcs7_add_recipient(VALUE self, VALUE cert) PKCS7_RECIP_INFO_free(ri); ossl_raise(ePKCS7Error, NULL); } + GetPKCS7(self, pkcs7); if (!PKCS7_add_recipient_info(pkcs7, ri)) { PKCS7_RECIP_INFO_free(ri); ossl_raise(ePKCS7Error, NULL); @@ -582,9 +582,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self) VALUE data; const char *msg; - GetPKCS7(self, p7); rb_scan_args(argc, argv, "22", &certs, &store, &indata, &flags); - x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : NUM2INT(flags); if(NIL_P(indata)) indata = ossl_pkcs7_get_data(self); in = NIL_P(indata) ? NULL : ossl_obj2bio(indata); @@ -596,6 +594,8 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self) rb_jump_tag(status); } } + x509st = GetX509StorePtr(store); + GetPKCS7(self, p7); if(!(out = BIO_new(BIO_s_mem()))){ BIO_free(in); sk_X509_pop_free(x509s, X509_free); @@ -624,10 +624,10 @@ ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self) VALUE str; rb_scan_args(argc, argv, "21", &pkey, &cert, &flags); - GetPKCS7(self, p7); key = GetPrivPKeyPtr(pkey); /* NO NEED TO DUP */ x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ flg = NIL_P(flags) ? 0 : NUM2INT(flags); + GetPKCS7(self, p7); if(!(out = BIO_new(BIO_s_mem()))) ossl_raise(ePKCS7Error, NULL); if(!PKCS7_decrypt(p7, key, x509, out, flg)){ @@ -647,13 +647,12 @@ ossl_pkcs7_add_data(VALUE self, VALUE data) char buf[4096]; int len; - in = out = NULL; + in = ossl_obj2bio(data); GetPKCS7(self, pkcs7); if(PKCS7_type_is_signed(pkcs7)){ if(!PKCS7_content_new(pkcs7, NID_pkcs7_data)) ossl_raise(ePKCS7Error, NULL); } - in = ossl_obj2bio(data); if(!(out = PKCS7_dataInit(pkcs7, NULL))) goto err; for(;;){ if((len = BIO_read(in, buf, sizeof(buf))) <= 0) @@ -739,10 +738,10 @@ ossl_pkcs7si_initialize(VALUE self, VALUE cert, VALUE key, VALUE digest) X509 *x509; const EVP_MD *md; - GetPKCS7si(self, p7si); pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ md = GetDigestPtr(digest); + GetPKCS7si(self, p7si); if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey, (EVP_MD*)md))) { ossl_raise(ePKCS7Error, NULL); } diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 4d8a64fc11..c73a160a94 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -119,8 +119,6 @@ ossl_sslctx_initialize(int argc, VALUE *argv, VALUE self) int i; char *s; - Data_Get_Struct(self, SSL_CTX, ctx); - for(i = 0; i < numberof(ossl_sslctx_attrs); i++){ char buf[32]; snprintf(buf, sizeof(buf), "@%s", ossl_sslctx_attrs[i]); @@ -142,6 +140,7 @@ ossl_sslctx_initialize(int argc, VALUE *argv, VALUE self) if (!method) { ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s); } + Data_Get_Struct(self, SSL_CTX, ctx); if (SSL_CTX_set_ssl_version(ctx, method) != 1) { ossl_raise(eSSLError, "SSL_CTX_set_ssl_version:"); } @@ -325,12 +324,6 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v) int i; rb_check_frozen(self); - Data_Get_Struct(self, SSL_CTX, ctx); - if(!ctx){ - ossl_raise(eSSLError, "SSL_CTX is not initialized."); - return Qnil; - } - if (TYPE(v) == T_ARRAY) { str = rb_str_new2(NULL); for (i = 0; i < RARRAY(v)->len; i++) { @@ -345,6 +338,11 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v) StringValue(str); } + Data_Get_Struct(self, SSL_CTX, ctx); + if(!ctx){ + ossl_raise(eSSLError, "SSL_CTX is not initialized."); + return Qnil; + } if (!SSL_CTX_set_cipher_list(ctx, RSTRING(str)->ptr)) { ossl_raise(eSSLError, "SSL_CTX_set_ciphers:"); } @@ -491,8 +489,6 @@ ossl_ssl_read(int argc, VALUE *argv, VALUE self) VALUE len, str; OpenFile *fptr; - Data_Get_Struct(self, SSL, ssl); - GetOpenFile(ossl_ssl_get_io(self), fptr); rb_scan_args(argc, argv, "11", &len, &str); ilen = NUM2INT(len); if(NIL_P(str)) str = rb_str_new(0, ilen); @@ -503,6 +499,8 @@ ossl_ssl_read(int argc, VALUE *argv, VALUE self) } if(ilen == 0) return str; + Data_Get_Struct(self, SSL, ssl); + GetOpenFile(ossl_ssl_get_io(self), fptr); if (ssl) { if(SSL_pending(ssl) <= 0) rb_thread_wait_fd(fileno(fptr->f)); @@ -546,8 +544,8 @@ ossl_ssl_write(VALUE self, VALUE str) int nwrite = 0; FILE *fp; - Data_Get_Struct(self, SSL, ssl); StringValue(str); + Data_Get_Struct(self, SSL, ssl); if (ssl) { for (;;){ diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index f03302d352..7b88e294a9 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -115,11 +115,11 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid) ASN1_OBJECT *obj; char *s; - GetX509Attr(self, attr); s = StringValuePtr(oid); obj = OBJ_txt2obj(s, 0); if(!obj) obj = OBJ_txt2obj(s, 1); if(!obj) ossl_raise(eX509AttrError, NULL); + GetX509Attr(self, attr); X509_ATTRIBUTE_set1_object(attr, obj); return oid; @@ -162,13 +162,13 @@ ossl_x509attr_set_value(VALUE self, VALUE value) X509_ATTRIBUTE *attr; ASN1_TYPE *a1type; - GetX509Attr(self, attr); if(!(a1type = ossl_asn1_get_asn1type(value))) ossl_raise(eASN1Error, "could not get ASN1_TYPE"); if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){ ASN1_TYPE_free(a1type); ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value."); } + GetX509Attr(self, attr); if(attr->value.set){ if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single); else sk_ASN1_TYPE_free(attr->value.set); diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 443a2ba4c3..fc587a31f3 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -268,10 +268,10 @@ ossl_x509_set_version(VALUE self, VALUE version) X509 *x509; long ver; - GetX509(self, x509); if ((ver = NUM2LONG(version)) < 0) { ossl_raise(eX509CertError, "version must be >= 0!"); } + GetX509(self, x509); if (!X509_set_version(x509, ver)) { ossl_raise(eX509CertError, NULL); } @@ -310,7 +310,6 @@ ossl_x509_get_signature_algorithm(VALUE self) VALUE str; GetX509(self, x509); - out = BIO_new(BIO_s_mem()); if (!out) ossl_raise(eX509CertError, NULL); @@ -397,8 +396,8 @@ ossl_x509_set_not_before(VALUE self, VALUE time) X509 *x509; time_t sec; - GetX509(self, x509); sec = time_to_time_t(time); + GetX509(self, x509); if (!X509_time_adj(X509_get_notBefore(x509), 0, &sec)) { ossl_raise(eX509CertError, NULL); } @@ -426,8 +425,8 @@ ossl_x509_set_not_after(VALUE self, VALUE time) X509 *x509; time_t sec; - GetX509(self, x509); sec = time_to_time_t(time); + GetX509(self, x509); if (!X509_time_adj(X509_get_notAfter(x509), 0, &sec)) { ossl_raise(eX509CertError, NULL); } @@ -469,9 +468,9 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest) EVP_PKEY *pkey; const EVP_MD *md; - GetX509(self, x509); pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ md = GetDigestPtr(digest); + GetX509(self, x509); if (!X509_sign(x509, pkey, md)) { ossl_raise(eX509CertError, NULL); } @@ -489,8 +488,8 @@ ossl_x509_verify(VALUE self, VALUE key) EVP_PKEY *pkey; int i; - GetX509(self, x509); pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ + GetX509(self, x509); if ((i = X509_verify(x509, pkey)) < 0) { ossl_raise(eX509CertError, NULL); } @@ -510,9 +509,9 @@ ossl_x509_check_private_key(VALUE self, VALUE key) X509 *x509; EVP_PKEY *pkey; - GetX509(self, x509); /* not needed private key, but should be */ pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + GetX509(self, x509); if (!X509_check_private_key(x509, pkey)) { OSSL_Warning("Check private key:%s", OSSL_ErrMsg()); return Qfalse; @@ -556,12 +555,12 @@ ossl_x509_set_extensions(VALUE self, VALUE ary) X509_EXTENSION *ext; int i; - GetX509(self, x509); Check_Type(ary, T_ARRAY); /* All ary's members should be X509Extension */ for (i=0; ilen; i++) { OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); } + GetX509(self, x509); sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); x509->cert_info->extensions = NULL; for (i=0; ilen; i++) { diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index a7746aa2b3..0dc22416e7 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -146,11 +146,10 @@ ossl_x509crl_set_version(VALUE self, VALUE version) X509_CRL *crl; long ver; - GetX509CRL(self, crl); - if ((ver = NUM2LONG(version)) < 0) { ossl_raise(eX509CRLError, "version must be >= 0!"); } + GetX509CRL(self, crl); if (!X509_CRL_set_version(crl, ver)) { ossl_raise(eX509CRLError, NULL); } @@ -167,7 +166,6 @@ ossl_x509crl_get_signature_algorithm(VALUE self) VALUE str; GetX509CRL(self, crl); - if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eX509CRLError, NULL); } @@ -220,8 +218,8 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time) X509_CRL *crl; time_t sec; - GetX509CRL(self, crl); sec = time_to_time_t(time); + GetX509CRL(self, crl); if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) { ossl_raise(eX509CRLError, NULL); } @@ -245,8 +243,8 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time) X509_CRL *crl; time_t sec; - GetX509CRL(self, crl); sec = time_to_time_t(time); + GetX509CRL(self, crl); /* This must be some thinko in OpenSSL */ if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){ ossl_raise(eX509CRLError, NULL); @@ -287,12 +285,12 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) X509_REVOKED *rev; int i; - GetX509CRL(self, crl); Check_Type(ary, T_ARRAY); /* All ary members should be X509 Revoked */ for (i=0; ilen; i++) { OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Rev); } + GetX509CRL(self, crl); sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); crl->crl->revoked = NULL; for (i=0; ilen; i++) { @@ -461,12 +459,12 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary) X509_EXTENSION *ext; int i; - GetX509CRL(self, crl); Check_Type(ary, T_ARRAY); /* All ary members should be X509 Extensions */ for (i=0; ilen; i++) { OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); } + GetX509CRL(self, crl); sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free); crl->crl->extensions = NULL; for (i=0; ilen; i++) { diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index 57e005489a..8ba555d3e0 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -215,7 +215,6 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) VALUE oid, value, critical, valstr, obj; int nid; - GetX509ExtFactory(self, ctx); rb_scan_args(argc, argv, "21", &oid, &value, &critical); StringValue(oid); StringValue(value); @@ -226,6 +225,7 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) if(!nid) ossl_raise(eX509ExtError, "unknown OID `%s'", RSTRING(oid)->ptr); valstr = rb_str_new2(RTEST(critical) ? "critical," : ""); rb_str_append(valstr, value); + GetX509ExtFactory(self, ctx); ext = X509V3_EXT_conf_nid(NULL, ctx, nid, RSTRING(valstr)->ptr); if (!ext){ ossl_raise(eX509ExtError, "%s = %s", @@ -284,11 +284,11 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid) ASN1_OBJECT *obj; char *s; - GetX509Ext(self, ext); s = StringValuePtr(oid); obj = OBJ_txt2obj(s, 0); if(!obj) obj = OBJ_txt2obj(s, 1); if(!obj) ossl_raise(eX509ExtError, NULL); + GetX509Ext(self, ext); X509_EXTENSION_set_object(ext, obj); return oid; @@ -301,7 +301,6 @@ ossl_x509ext_set_value(VALUE self, VALUE data) ASN1_OCTET_STRING *asn1s; char *s; - GetX509Ext(self, ext); data = ossl_to_der_if_possible(data); StringValue(data); if(!(s = OPENSSL_malloc(RSTRING(data)->len))) @@ -316,6 +315,7 @@ ossl_x509ext_set_value(VALUE self, VALUE data) ASN1_OCTET_STRING_free(asn1s); ossl_raise(eX509ExtError, NULL); } + GetX509Ext(self, ext); X509_EXTENSION_set_data(ext, asn1s); return data; @@ -376,6 +376,7 @@ static VALUE ossl_x509ext_get_critical(VALUE obj) { X509_EXTENSION *ext; + GetX509Ext(obj, ext); return X509_EXTENSION_get_critical(ext) ? Qtrue : Qfalse; } diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index b198157504..4a077af2d5 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -119,19 +119,22 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self) if (rb_scan_args(argc, argv, "02", &arg, &template) == 0) { return self; } - else if (rb_obj_is_kind_of(arg, rb_cArray) == Qtrue){ - VALUE args; - if(NIL_P(template)) template = OBJECT_TYPE_TEMPLATE; - args = rb_ary_new3(2, self, template); - rb_iterate(rb_each, arg, ossl_x509name_init_i, args); - } - else{ - unsigned char *p; - VALUE str = ossl_to_der_if_possible(arg); - StringValue(str); - p = RSTRING(str)->ptr; - if(!d2i_X509_NAME((X509_NAME**)&DATA_PTR(self), &p, RSTRING(str)->len)){ - ossl_raise(eX509NameError, NULL); + else { + VALUE tmp = rb_check_array_type(arg); + if (!NIL_P(tmp)) { + VALUE args; + if(NIL_P(template)) template = OBJECT_TYPE_TEMPLATE; + args = rb_ary_new3(2, self, template); + rb_iterate(rb_each, tmp, ossl_x509name_init_i, args); + } + else{ + unsigned char *p; + VALUE str = ossl_to_der_if_possible(arg); + StringValue(str); + p = RSTRING(str)->ptr; + if(!d2i_X509_NAME((X509_NAME**)&DATA_PTR(self), &p, RSTRING(str)->len)){ + ossl_raise(eX509NameError, NULL); + } } } @@ -182,13 +185,13 @@ ossl_x509name_to_a(VALUE self) const char *short_name; VALUE ary, ret; - GetX509Name(self, name); entries = X509_NAME_entry_count(name); if (entries < 0) { OSSL_Debug("name entries < 0!"); return rb_ary_new(); } ret = rb_ary_new2(entries); + GetX509Name(self, name); for (i=0; i= 0!"); } + GetX509Req(self, req); if (!X509_REQ_set_version(req, ver)) { ossl_raise(eX509ReqError, NULL); } @@ -400,13 +400,13 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary) X509_REQ *req; X509_ATTRIBUTE *attr; int i; - VALUE item; + VALUE tmp, item; - GetX509Req(self, req); Check_Type(ary, T_ARRAY); for (i=0;ilen; i++) { OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Attr); } + GetX509Req(self, req); sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free); req->req_info->attributes = NULL; for (i=0;ilen; i++) { diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 30ce75207f..3ccac8d26a 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -129,8 +129,8 @@ ossl_x509revoked_set_time(VALUE self, VALUE time) X509_REVOKED *rev; time_t sec; - GetX509Rev(self, rev); sec = time_to_time_t(time); + GetX509Rev(self, rev); if (!X509_time_adj(rev->revocationDate, 0, &sec)) { ossl_raise(eX509RevError, NULL); } @@ -174,11 +174,11 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary) int i; VALUE item; - GetX509Rev(self, rev); Check_Type(ary, T_ARRAY); for (i=0; ilen; i++) { OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); } + GetX509Rev(self, rev); sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); rev->extensions = NULL; for (i=0; ilen; i++) { diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 4c5f0624a9..45d4aee6c9 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -146,9 +146,10 @@ ossl_x509store_set_flags(VALUE self, VALUE flags) { #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; + long f = NUM2LONG(flags); GetX509Store(self, store); - X509_STORE_set_flags(store, NUM2LONG(flags)); + X509_STORE_set_flags(store, f); #else rb_iv_set(self, "@flags", flags); #endif @@ -161,9 +162,10 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose) { #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; + long p = NUM2LONG(purpose); GetX509Store(self, store); - X509_STORE_set_purpose(store, NUM2LONG(purpose)); + X509_STORE_set_purpose(store, p); #else rb_iv_set(self, "@purpose", purpose); #endif @@ -176,9 +178,10 @@ ossl_x509store_set_trust(VALUE self, VALUE trust) { #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) X509_STORE *store; + long t = NUM2LONG(trust); GetX509Store(self, store); - X509_STORE_set_trust(store, NUM2LONG(trust)); + X509_STORE_set_trust(store, t); #else rb_iv_set(self, "@trust", trust); #endif @@ -338,8 +341,8 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) X509 *x509 = NULL; STACK_OF(X509) *x509s = NULL; - GetX509StCtx(self, ctx); rb_scan_args(argc, argv, "12", &store, &cert, &chain); + GetX509StCtx(self, ctx); SafeGetX509Store(store, x509st); if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain); @@ -483,9 +486,10 @@ static VALUE ossl_x509stctx_set_flags(VALUE self, VALUE flags) { X509_STORE_CTX *store; + long f = NUM2LONG(flags); GetX509StCtx(self, store); - X509_STORE_CTX_set_flags(store, NUM2LONG(flags)); + X509_STORE_CTX_set_flags(store, f); return flags; } @@ -494,9 +498,10 @@ static VALUE ossl_x509stctx_set_purpose(VALUE self, VALUE purpose) { X509_STORE_CTX *store; + long p = NUM2LONG(purpose); GetX509StCtx(self, store); - X509_STORE_CTX_set_purpose(store, NUM2LONG(purpose)); + X509_STORE_CTX_set_purpose(store, p); return purpose; } @@ -505,9 +510,10 @@ static VALUE ossl_x509stctx_set_trust(VALUE self, VALUE trust) { X509_STORE_CTX *store; + long t = NUM2LONG(trust); GetX509StCtx(self, store); - X509_STORE_CTX_set_trust(store, NUM2LONG(trust)); + X509_STORE_CTX_set_trust(store, t); return trust; } -- cgit v1.2.3