From c2329831fbd2f45a14234a7edafee5ed912e58ab Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 29 Jun 2016 13:21:54 +0000
Subject: openssl: fix for OpenSSL 1.0.0t

* ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does
  not work well with OpenSSL 1.0.0t. So avoid it.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/openssl/ossl_ocsp.c | 58 +++++++++++++++++++++++++++++--------------------
 1 file changed, 34 insertions(+), 24 deletions(-)

(limited to 'ext')

diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index bb5eb5a869..c0f2dfefb3 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -225,17 +225,20 @@ static VALUE
 ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
+    OCSP_REQUEST *req, *req_new;
     const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if(!NIL_P(arg)){
-	OCSP_REQUEST *req;
 	GetOCSPReq(self, req);
 	arg = ossl_to_der_if_possible(arg);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg)))
-	    ossl_raise(eOCSPError, "cannot load DER encoded request");
+	req_new = d2i_OCSP_REQUEST(NULL, &p, RSTRING_LEN(arg));
+	if (!req_new)
+	    ossl_raise(eOCSPError, "d2i_OCSP_REQUEST");
+	SetOCSPReq(self, req_new);
+	OCSP_REQUEST_free(req);
     }
 
     return self;
@@ -536,17 +539,20 @@ static VALUE
 ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
+    OCSP_RESPONSE *res, *res_new;
     const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if(!NIL_P(arg)){
-	OCSP_RESPONSE *res;
 	GetOCSPRes(self, res);
 	arg = ossl_to_der_if_possible(arg);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_RESPONSE(&res, &p, RSTRING_LEN(arg)))
-	    ossl_raise(eOCSPError, "cannot load DER encoded response");
+	res_new = d2i_OCSP_RESPONSE(NULL, &p, RSTRING_LEN(arg));
+	if (!res_new)
+	    ossl_raise(eOCSPError, "d2i_OCSP_RESPONSE");
+	SetOCSPRes(self, res_new);
+	OCSP_RESPONSE_free(res);
     }
 
     return self;
@@ -688,17 +694,20 @@ static VALUE
 ossl_ocspbres_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
+    OCSP_BASICRESP *res, *res_new;
     const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if (!NIL_P(arg)) {
-	OCSP_BASICRESP *res;
 	GetOCSPBasicRes(self, res);
 	arg = ossl_to_der_if_possible(arg);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_BASICRESP(&res, &p, RSTRING_LEN(arg)))
+	res_new = d2i_OCSP_BASICRESP(NULL, &p, RSTRING_LEN(arg));
+	if (!res_new)
 	    ossl_raise(eOCSPError, "d2i_OCSP_BASICRESP");
+	SetOCSPBasicRes(self, res_new);
+	OCSP_BASICRESP_free(res);
     }
 
     return self;
@@ -1127,7 +1136,7 @@ ossl_ocspsres_alloc(VALUE klass)
 static VALUE
 ossl_ocspsres_initialize(VALUE self, VALUE arg)
 {
-    OCSP_SINGLERESP *res;
+    OCSP_SINGLERESP *res, *res_new;
     const unsigned char *p;
 
     arg = ossl_to_der_if_possible(arg);
@@ -1135,8 +1144,11 @@ ossl_ocspsres_initialize(VALUE self, VALUE arg)
     GetOCSPSingleRes(self, res);
 
     p = (unsigned char*)RSTRING_PTR(arg);
-    if (!d2i_OCSP_SINGLERESP(&res, &p, RSTRING_LEN(arg)))
+    res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg));
+    if (!res_new)
 	ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP");
+    SetOCSPSingleRes(self, res_new);
+    OCSP_SINGLERESP_free(res);
 
     return self;
 }
@@ -1432,9 +1444,7 @@ static VALUE
 ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
 {
     OCSP_CERTID *id, *newid;
-    X509 *x509s, *x509i;
     VALUE subject, issuer, digest;
-    const EVP_MD *md;
 
     GetOCSPCertId(self, id);
     if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
@@ -1444,25 +1454,25 @@ ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
 	arg = ossl_to_der_if_possible(subject);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_CERTID(&id, &p, RSTRING_LEN(arg)))
+	newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
+	if (!newid)
 	    ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
-
-	return self;
     }
+    else {
+	X509 *x509s, *x509i;
+	const EVP_MD *md;
 
-    x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
-    x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
+	x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
+	x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
+	md = !NIL_P(digest) ? GetDigestPtr(digest) : NULL;
 
-    if (!NIL_P(digest)) {
-	md = GetDigestPtr(digest);
 	newid = OCSP_cert_to_id(md, x509s, x509i);
-    } else {
-	newid = OCSP_cert_to_id(NULL, x509s, x509i);
+	if (!newid)
+	    ossl_raise(eOCSPError, "OCSP_cert_to_id");
     }
-    if(!newid)
-	ossl_raise(eOCSPError, NULL);
-    OCSP_CERTID_free(id);
+
     SetOCSPCertId(self, newid);
+    OCSP_CERTID_free(id);
 
     return self;
 }
-- 
cgit v1.2.3