From ffd0820ab317542f8780aac475da590a4bdbc7a8 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Tue, 24 Sep 2019 20:59:12 -0700
Subject: Deprecate taint/trust and related methods, and make the methods
 no-ops

This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
---
 ext/openssl/ossl_rand.c      | 8 ++++++++
 ext/openssl/ossl_x509store.c | 2 ++
 2 files changed, 10 insertions(+)

(limited to 'ext/openssl')

diff --git a/ext/openssl/ossl_rand.c b/ext/openssl/ossl_rand.c
index 4a4f9dd5bf..c95857060a 100644
--- a/ext/openssl/ossl_rand.c
+++ b/ext/openssl/ossl_rand.c
@@ -67,6 +67,8 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy)
 static VALUE
 ossl_rand_load_file(VALUE self, VALUE filename)
 {
+    rb_check_safe_obj(filename);
+
     if(!RAND_load_file(StringValueCStr(filename), -1)) {
 	ossl_raise(eRandomError, NULL);
     }
@@ -84,6 +86,8 @@ ossl_rand_load_file(VALUE self, VALUE filename)
 static VALUE
 ossl_rand_write_file(VALUE self, VALUE filename)
 {
+    rb_check_safe_obj(filename);
+
     if (RAND_write_file(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
@@ -160,6 +164,8 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE len)
 static VALUE
 ossl_rand_egd(VALUE self, VALUE filename)
 {
+    rb_check_safe_obj(filename);
+
     if (RAND_egd(StringValueCStr(filename)) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
@@ -180,6 +186,8 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len)
 {
     int n = NUM2INT(len);
 
+    rb_check_safe_obj(filename);
+
     if (RAND_egd_bytes(StringValueCStr(filename), n) == -1) {
 	ossl_raise(eRandomError, NULL);
     }
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index 61543d44f6..2909eeda17 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -304,6 +304,7 @@ ossl_x509store_add_file(VALUE self, VALUE file)
     char *path = NULL;
 
     if(file != Qnil){
+	rb_check_safe_obj(file);
 	path = StringValueCStr(file);
     }
     GetX509Store(self, store);
@@ -339,6 +340,7 @@ ossl_x509store_add_path(VALUE self, VALUE dir)
     char *path = NULL;
 
     if(dir != Qnil){
+	rb_check_safe_obj(dir);
 	path = StringValueCStr(dir);
     }
     GetX509Store(self, store);
-- 
cgit v1.2.3