diff options
| author | Michal Rokos <m.rokos@sh.cvut.cz> | 2001-12-21 20:10:12 +0000 |
|---|---|---|
| committer | Michal Rokos <m.rokos@sh.cvut.cz> | 2001-12-21 20:10:12 +0000 |
| commit | 91d3b685dcd805ced1453c551ad315eb3173eab1 (patch) | |
| tree | c0ed09824800e654855d9224b9b9d398523b3f44 | |
| parent | b248d91eda8ce439e8d3565438c5ca9bc7c07e9d (diff) | |
| download | ruby-openssl-history-91d3b685dcd805ced1453c551ad315eb3173eab1.tar.gz | |
* Memory checking
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | openssl_missing.c | 5 | ||||
| -rw-r--r-- | ossl.c | 26 | ||||
| -rw-r--r-- | ossl.h | 24 | ||||
| -rw-r--r-- | ossl_bn.c | 102 | ||||
| -rw-r--r-- | ossl_cipher.c | 11 | ||||
| -rw-r--r-- | ossl_config.c | 4 | ||||
| -rw-r--r-- | ossl_digest.c | 26 | ||||
| -rw-r--r-- | ossl_hmac.c | 10 | ||||
| -rw-r--r-- | ossl_ns_spki.c | 10 | ||||
| -rw-r--r-- | ossl_pkcs7.c | 31 | ||||
| -rw-r--r-- | ossl_pkey.c | 2 | ||||
| -rw-r--r-- | ossl_pkey_dsa.c | 56 | ||||
| -rw-r--r-- | ossl_pkey_rsa.c | 73 | ||||
| -rw-r--r-- | ossl_rand.c | 5 | ||||
| -rw-r--r-- | ossl_ssl.c | 6 | ||||
| -rw-r--r-- | ossl_x509.c | 63 | ||||
| -rw-r--r-- | ossl_x509attr.c | 35 | ||||
| -rw-r--r-- | ossl_x509crl.c | 21 | ||||
| -rw-r--r-- | ossl_x509ext.c | 37 | ||||
| -rw-r--r-- | ossl_x509name.c | 33 | ||||
| -rw-r--r-- | ossl_x509req.c | 60 | ||||
| -rw-r--r-- | ossl_x509revoked.c | 47 | ||||
| -rw-r--r-- | ossl_x509store.c | 24 |
24 files changed, 486 insertions, 230 deletions
@@ -4,11 +4,14 @@ Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> All rights reserved. $Log$ +Revision 1.13 2001/12/21 20:10:12 majkl + * Memory checking + Revision 1.12 2001/12/21 19:21:35 gotoyuzo * fixed unusual usage of ## preprocessing token sequence. Revision 1.11 2001/12/13 18:08:58 majkl - * added bn methods (thanks to UNKNOWN <oss-ruby@technorama.net> + * added bn methods (thanks to UNKNOWN <oss-ruby@technorama.net>) * simplify ossl_digest sources Revision 1.10 2001/11/29 13:17:24 majkl diff --git a/openssl_missing.c b/openssl_missing.c index 577e1e0..41ff5fe 100644 --- a/openssl_missing.c +++ b/openssl_missing.c @@ -8,11 +8,12 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ +#ifndef NO_HMAC + #include <openssl/hmac.h> #include "openssl_missing.h" /* to hmac.[ch] */ -#ifndef NO_HMAC int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) { @@ -20,10 +21,10 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) /* HMACerr(HMAC_CTX_COPY,HMAC_R_INPUT_NOT_INITIALIZED); */ return 0; } - memcpy(out, in, sizeof(HMAC_CTX)); return 1; } + #endif @@ -11,6 +11,9 @@ #include <openssl/err.h> #include "ossl.h" +/* + * Check Types + */ void ossl_check_type(VALUE obj, VALUE klass) { if (rb_obj_is_kind_of(obj, klass) == Qfalse) { @@ -20,24 +23,7 @@ void ossl_check_type(VALUE obj, VALUE klass) } /* - * Debug prints -#ifdef OSSL_DEBUG -inline char *ossl_error() { - char *ret = NULL, *err = NULL; - int ret_len = 0; - - err = ERR_error_string(ERR_get_error(), NULL); - ret_len = strlen(err)+strlen(__FILE__)+(sizeof(__LINE__)*3)+5; - ret = malloc(ret_len+1); - if (snprintf(ret, ret_len, "%s [%s:%d]", err, __FILE__, __LINE__) > ret_len) { - rb_bug("BUFFER OVERFLOW IN ossl_error()); - } - - return ret; -} -#else -#define ossl_error() ERR_error_string(ERR_get_error(), NULL) -#endif + * Error messages */ char *ossl_error(void) { @@ -46,6 +32,7 @@ char *ossl_error(void) /* * On Windows platform there is no strptime function + * implementation in strptime.c */ #ifndef HAVE_STRPTIME char *strptime(char *buf, char *fmt, struct tm *tm); @@ -88,7 +75,8 @@ VALUE mPKCS7; /* * OSSL library init */ -void Init_openssl() +void +Init_openssl() { OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); @@ -137,7 +137,8 @@ void Init_ossl_digest(VALUE); /* * X509 */ -VALUE ossl_x509_new2(X509 *); +VALUE ossl_x509_new_null(void); +VALUE ossl_x509_new(X509 *); VALUE ossl_x509_new_from_file(VALUE); X509 *ossl_x509_get_X509(VALUE); void Init_ossl_x509(VALUE); @@ -151,42 +152,47 @@ void Init_ossl_x509crl(VALUE); /* * X509Name */ -VALUE ossl_x509name_new2(X509_NAME *); +VALUE ossl_x509name_new_null(void); +VALUE ossl_x509name_new(X509_NAME *); X509_NAME *ossl_x509name_get_X509_NAME(VALUE); void Init_ossl_x509name(VALUE); /* * X509Request */ -VALUE ossl_x509req_new2(X509_REQ *); +VALUE ossl_x509req_new_null(void); +VALUE ossl_x509req_new(X509_REQ *); X509_REQ *ossl_x509req_get_X509_REQ(VALUE); void Init_ossl_x509req(VALUE); /* * X509Revoked */ -VALUE ossl_x509revoked_new2(X509_REVOKED *); +VALUE ossl_x509revoked_new_null(void); +VALUE ossl_x509revoked_new(X509_REVOKED *); X509_REVOKED *ossl_x509revoked_get_X509_REVOKED(VALUE); void Init_ossl_x509revoked(VALUE); /* * X509Store */ -VALUE ossl_x509store_new2(X509_STORE_CTX *); +VALUE ossl_x509store_new(X509_STORE_CTX *); X509_STORE *ossl_x509store_get_X509_STORE(VALUE); void Init_ossl_x509store(VALUE); /* * X509Extension */ -VALUE ossl_x509ext_new2(X509_EXTENSION *); +VALUE ossl_x509ext_new_null(void); +VALUE ossl_x509ext_new(X509_EXTENSION *); X509_EXTENSION *ossl_x509ext_get_X509_EXTENSION(VALUE); void Init_ossl_x509ext(VALUE); /* * X509Attribute */ -VALUE ossl_x509attr_new2(X509_ATTRIBUTE *); +VALUE ossl_x509attr_new_null(void); +VALUE ossl_x509attr_new(X509_ATTRIBUTE *); X509_ATTRIBUTE *ossl_x509attr_get_X509_ATTRIBUTE(VALUE); void Init_ossl_x509attr(VALUE); @@ -218,19 +224,23 @@ void Init_ossl_pkey(VALUE); /* * RSA */ +#ifndef NO_RSA VALUE ossl_rsa_new_null(); VALUE ossl_rsa_new(RSA *); RSA *ossl_rsa_get_RSA(VALUE); EVP_PKEY *ossl_rsa_get_EVP_PKEY(VALUE); +#endif void Init_ossl_rsa(VALUE, VALUE, VALUE); /* * DSA */ +#ifndef NO_DSA VALUE ossl_dsa_new_null(); VALUE ossl_dsa_new(DSA *); DSA *ossl_dsa_get_DSA(VALUE); EVP_PKEY *ossl_dsa_get_EVP_PKEY(VALUE); +#endif void Init_ossl_dsa(VALUE, VALUE, VALUE); /* @@ -1,7 +1,7 @@ /* * $Id$ * 'OpenSSL for Ruby' project - * Copyright (C) 2001 <oss-ruby@technorama.net> + * Copyright (C) 2001 UNKNOWN <oss-ruby@technorama.net> * All rights reserved. */ /* @@ -14,6 +14,7 @@ #define MakeBN(obj, bnp) {\ obj = Data_Make_Struct(cBN, ossl_bn, 0, ossl_bn_free, bnp);\ } + #define GetBN_unsafe(obj, bnp) Data_Get_Struct(obj, ossl_bn, bnp) #define GetBN(obj, bnp) {\ GetBN_unsafe(obj, bnp);\ @@ -84,6 +85,7 @@ ossl_bn_get_BIGNUM(VALUE obj) ossl_bn *bnp = NULL; BIGNUM *bn = NULL; + OSSL_Check_Type(obj, cBN); GetBN(obj, bnp); if (!(bn = BN_dup(bnp->bignum))) { @@ -96,6 +98,19 @@ ossl_bn_get_BIGNUM(VALUE obj) /* * Private */ +VALUE +ossl_bn_new_nodup(BIGNUM *bn) +{ + ossl_bn *bnp = NULL; + VALUE obj; + + MakeBN(obj, bnp); + + bnp->bignum = bn; + + return obj; +} + static VALUE ossl_bn_s_new(int argc, VALUE *argv, VALUE klass) { @@ -145,7 +160,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) str = number; break; default: - rb_raise(eBNError, "unsupported argument (%s)", rb_class2name(CLASS_OF(number))); + rb_raise(rb_eTypeError, "unsupported argument (%s)", rb_class2name(CLASS_OF(number))); } if (!BN_dec2bn(&bn, RSTRING(str)->ptr)) { @@ -199,7 +214,6 @@ BIGNUM_BOOL1(is_odd); ossl_bn *bnp = NULL; \ BIGNUM *result = NULL; \ BN_CTX ctx; \ - VALUE obj; \ \ GetBN(self, bnp); \ \ @@ -207,13 +221,12 @@ BIGNUM_BOOL1(is_odd); rb_raise(eBNError, "%s", ossl_error()); \ \ BN_CTX_init(&ctx); \ - if (BN_##func(result, bnp->bignum, &ctx) != 1) \ + if (BN_##func(result, bnp->bignum, &ctx) != 1) { \ + BN_free(result); \ rb_raise(eBNError, "%s", ossl_error()); \ + } \ \ - obj = ossl_bn_new(result); \ - BN_free(result); \ - \ - return obj; \ + return ossl_bn_new_nodup(result); \ } BIGNUM_1c(sqr); @@ -224,7 +237,6 @@ BIGNUM_1c(sqr); ossl_bn *bn1p = NULL; \ ossl_bn *bn2p = NULL; \ BIGNUM *result = NULL; \ - VALUE obj; \ \ GetBN(self, bn1p); \ \ @@ -234,25 +246,23 @@ BIGNUM_1c(sqr); if (!(result = BN_new())) \ rb_raise(eBNError, "%s", ossl_error()); \ \ - if (BN_##func(result, bn1p->bignum, bn2p->bignum) != 1) \ + if (BN_##func(result, bn1p->bignum, bn2p->bignum) != 1) { \ + BN_free(result); \ rb_raise(eBNError, "%s", ossl_error()); \ + } \ \ - obj = ossl_bn_new(result); \ - BN_free(result); \ - \ - return obj; \ + return ossl_bn_new_nodup(result); \ } BIGNUM_2(add); BIGNUM_2(sub); #define BIGNUM_2c(func) \ static VALUE \ - ossl_bn_##func(VALUE self, VALUE other) \ + ossl_bn_##func(VALUE self, VALUE other) \ { \ ossl_bn *bn1p = NULL, *bn2p = NULL; \ BIGNUM *result = NULL; \ BN_CTX ctx; \ - VALUE obj; \ \ GetBN(self, bn1p); \ \ @@ -263,13 +273,12 @@ BIGNUM_2(sub); rb_raise(eBNError, "%s", ossl_error()); \ \ BN_CTX_init(&ctx); \ - if (BN_##func(result, bn1p->bignum, bn2p->bignum, &ctx) != 1) \ + if (BN_##func(result, bn1p->bignum, bn2p->bignum, &ctx) != 1) { \ + BN_free(result); \ rb_raise(eBNError, "%s", ossl_error()); \ + } \ \ - obj = ossl_bn_new(result); \ - BN_free(result); \ - \ - return obj; \ + return ossl_bn_new_nodup(result); \ } BIGNUM_2c(mul); BIGNUM_2c(mod); @@ -289,17 +298,22 @@ ossl_bn_div(VALUE self, VALUE other) OSSL_Check_Type(other, cBN); GetBN(other, bn2p); - if ((r1 = BN_new()) == NULL || (r2 = BN_new()) == NULL) + if (!(r1 = BN_new())) rb_raise(eBNError, "%s", ossl_error()); + if (!(r2 = BN_new())) { + BN_free(r1); + rb_raise(eBNError, "%s", ossl_error()); + } BN_CTX_init(&ctx); - if (BN_div(r1, r2, bn1p->bignum, bn2p->bignum, &ctx) != 1) + if (BN_div(r1, r2, bn1p->bignum, bn2p->bignum, &ctx) != 1) { + BN_free(r1); + BN_free(r2); rb_raise(eBNError, "%s", ossl_error()); + } - obj1 = ossl_bn_new(r1); - BN_free(r1); - obj2 = ossl_bn_new(r2); - BN_free(r2); + obj1 = ossl_bn_new_nodup(r1); + obj2 = ossl_bn_new_nodup(r2); return rb_ary_new3(2, obj1, obj2); } @@ -310,7 +324,6 @@ ossl_bn_mod_inverse(VALUE self, VALUE other) ossl_bn *bn1p = NULL, *bn2p = NULL; BIGNUM *result = NULL; BN_CTX ctx; - VALUE obj; GetBN(self, bn1p); @@ -321,23 +334,21 @@ ossl_bn_mod_inverse(VALUE self, VALUE other) rb_raise(eBNError, "%s", ossl_error()); BN_CTX_init(&ctx); - if (BN_mod_inverse(result, bn1p->bignum, bn2p->bignum, &ctx) == NULL) + if (BN_mod_inverse(result, bn1p->bignum, bn2p->bignum, &ctx) == NULL) { + BN_free(result); rb_raise(eBNError, "%s", ossl_error()); + } - obj = ossl_bn_new(result); - BN_free(result); - - return obj; + return ossl_bn_new_nodup(result); } #define BIGNUM_3c(func) \ static VALUE \ - ossl_bn_##func(VALUE self, VALUE other1, VALUE other2) \ + ossl_bn_##func(VALUE self, VALUE other1, VALUE other2) \ { \ ossl_bn *bn1p = NULL, *bn2p = NULL, *bn3p = NULL; \ BIGNUM *result = NULL; \ BN_CTX ctx; \ - VALUE obj; \ \ GetBN(self, bn1p); \ \ @@ -350,13 +361,12 @@ ossl_bn_mod_inverse(VALUE self, VALUE other) rb_raise(eBNError, "%s", ossl_error()); \ \ BN_CTX_init(&ctx); \ - if (BN_##func(result, bn1p->bignum, bn2p->bignum, bn3p->bignum, &ctx) != 1) \ + if (BN_##func(result, bn1p->bignum, bn2p->bignum, bn3p->bignum, &ctx) != 1) { \ + BN_free(result); \ rb_raise(eBNError, "%s", ossl_error()); \ + } \ \ - obj = ossl_bn_new(result); \ - BN_free(result); \ - \ - return obj; \ + return ossl_bn_new_nodup(result); \ } BIGNUM_3c(mod_mul); BIGNUM_3c(mod_exp); @@ -405,24 +415,22 @@ ossl_bn_mask_bits(VALUE self, VALUE bit) #define BIGNUM_SHIFT(func) \ static VALUE \ - ossl_bn_##func(VALUE self, VALUE bits) \ + ossl_bn_##func(VALUE self, VALUE bits) \ { \ ossl_bn *bnp = NULL; \ BIGNUM *result = NULL; \ - VALUE obj; \ \ GetBN(self, bnp); \ \ if (!(result = BN_new())) \ rb_raise(eBNError, "%s", ossl_error()); \ \ - if (BN_##func(result, bnp->bignum, NUM2INT(bits)) != 1) \ + if (BN_##func(result, bnp->bignum, NUM2INT(bits)) != 1) { \ + BN_free(result); \ rb_raise(eBNError, "%s", ossl_error()); \ + } \ \ - obj = ossl_bn_new(result); \ - BN_free(result); \ - \ - return obj; \ + return ossl_bn_new_nodup(result); \ } BIGNUM_SHIFT(lshift); BIGNUM_SHIFT(rshift); diff --git a/ossl_cipher.c b/ossl_cipher.c index 882149c..0c28d34 100644 --- a/ossl_cipher.c +++ b/ossl_cipher.c @@ -58,6 +58,7 @@ ossl_cipher_free(ossl_cipher *ciphp) { if (ciphp) { if (ciphp->ctx) OPENSSL_free(ciphp->ctx); + ciphp->ctx = NULL; free(ciphp); } } @@ -70,6 +71,8 @@ ossl_cipher_get_NID(VALUE obj) { ossl_cipher *ciphp = NULL; + OSSL_Check_Type(obj, cCipher); + GetCipher(obj, ciphp); return ciphp->nid; /*EVP_CIPHER_CTX_nid(ciphp->ctx);*/ @@ -80,6 +83,8 @@ ossl_cipher_get_EVP_CIPHER(VALUE obj) { ossl_cipher *ciphp = NULL; + OSSL_Check_Type(obj, cCipher); + GetCipher(obj, ciphp); return EVP_get_cipherbynid(ciphp->nid); /*EVP_CIPHER_CTX_cipher(ciphp->ctx);*/ @@ -120,6 +125,7 @@ ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) rb_scan_args(argc, argv, "11", &pass, &init_v); Check_SafeStr(pass); + if (NIL_P(init_v)) { /* * TODO: @@ -174,7 +180,9 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self) EVP_CIPHER_CTX_init(ciphp->ctx); cipher = EVP_get_cipherbynid(ciphp->nid); + /*if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0); /* cipher = CIPHER_INFO */ + EVP_BytesToKey(cipher, EVP_md5(), iv, RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); if (!EVP_DecryptInit(ciphp->ctx, cipher, key, iv)) { @@ -193,6 +201,7 @@ ossl_cipher_update(VALUE self, VALUE data) VALUE str; GetCipher(self, ciphp); + Check_SafeStr(data); in = RSTRING(data)->ptr; in_len = RSTRING(data)->len; @@ -201,6 +210,7 @@ ossl_cipher_update(VALUE self, VALUE data) rb_raise(eCipherError, "%s", ossl_error()); } if (!EVP_CipherUpdate(ciphp->ctx, out, &out_len, in, in_len)) { + OPENSSL_free(out); rb_raise(eCipherError, "%s", ossl_error()); } @@ -225,6 +235,7 @@ ossl_cipher_cipher(VALUE self) rb_raise(eCipherError, "%s", ossl_error()); } if (!EVP_CipherFinal(ciphp->ctx, out, &out_len)) { + OPENSSL_free(out); rb_raise(eCipherError, "%s", ossl_error()); } str = rb_str_new(out, out_len); diff --git a/ossl_config.c b/ossl_config.c index 6713a93..50f6ed0 100644 --- a/ossl_config.c +++ b/ossl_config.c @@ -43,8 +43,8 @@ static void ossl_config_free(ossl_config *configp) { if (configp) { - if (configp->config) - CONF_free(configp->config); + if (configp->config) CONF_free(configp->config); + configp->config = NULL; free(configp); } } diff --git a/ossl_digest.c b/ossl_digest.c index d744d39..f2013c6 100644 --- a/ossl_digest.c +++ b/ossl_digest.c @@ -34,6 +34,7 @@ ossl_digest_free(ossl_digest *digestp) { if (digestp) { if (digestp->md) OPENSSL_free(digestp->md); + digestp->md = NULL; free(digestp); } } @@ -46,6 +47,8 @@ ossl_digest_get_NID(VALUE obj) { ossl_digest *digestp = NULL; + OSSL_Check_Type(obj, cDigest); + GetDigest(obj, digestp); return EVP_MD_CTX_type(digestp->md); /*== digestp->md->digest->type*/ @@ -56,6 +59,8 @@ ossl_digest_get_EVP_MD(VALUE obj) { ossl_digest *digestp = NULL; + OSSL_Check_Type(obj, cDigest); + GetDigest(obj, digestp); return EVP_MD_CTX_md(digestp->md); /*== digestp->md->digest*/ @@ -107,13 +112,13 @@ ossl_digest_digest(VALUE self) rb_raise(eDigestError, "%s", ossl_error()); } - if (!(digest_txt = malloc(EVP_MD_CTX_size(&final)))) { + if (!(digest_txt = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) { rb_raise(eDigestError, "Cannot allocate memory for digest"); } EVP_DigestFinal(&final, digest_txt, &digest_len); digest = rb_str_new(digest_txt, digest_len); - free(digest_txt); + OPENSSL_free(digest_txt); return digest; } @@ -137,12 +142,13 @@ ossl_digest_hexdigest(VALUE self) rb_raise(eDigestError, "%s", ossl_error()); } - if (!(digest_txt = malloc(EVP_MD_CTX_size(&final)))) { + if (!(digest_txt = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) { rb_raise(eDigestError, "Cannot allocate memory for digest"); } EVP_DigestFinal(&final, digest_txt, &digest_len); - if (!(hexdigest_txt = malloc(2*digest_len+1))) { + if (!(hexdigest_txt = OPENSSL_malloc(2*digest_len+1))) { + OPENSSL_free(digest_txt); rb_raise(eDigestError, "Memory alloc error"); } for (i = 0; i < digest_len; i++) { @@ -151,8 +157,8 @@ ossl_digest_hexdigest(VALUE self) } hexdigest_txt[i + i] = '\0'; hexdigest = rb_str_new(hexdigest_txt, 2*digest_len); - free(digest_txt); - free(hexdigest_txt); + OPENSSL_free(digest_txt); + OPENSSL_free(hexdigest_txt); return hexdigest; } @@ -175,15 +181,15 @@ ossl_digest_hexdigest(VALUE self) rb_raise(eDigestError, "%s", ossl_error()); } - if (!(digest_txt = malloc(EVP_MD_CTX_size(&final)))) { + if (!(digest_txt = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) { rb_raise(eDigestError, "Cannot allocate memory for digest"); } EVP_DigestFinal(&final, digest_txt, &digest_len); hexdigest_txt = hex_to_string(digest_txt, digest_len); hexdigest = rb_str_new2(hexdigest_txt); - free(digest_txt); - free(hexdigest_txt); + OPENSSL_free(digest_txt); + OPENSSL_free(hexdigest_txt); return hexdigest; } @@ -264,7 +270,7 @@ Init_ossl_digest(VALUE module) * automation for classes creation and initialize method binding */ #define DefDigest(name, func) \ - c##name = rb_define_class_under(module, #name, cDigest); \ + c##name = rb_define_class_under(module, #name, cDigest); \ rb_define_method(c##name, "initialize", ossl_##func##_initialize, -1) /* diff --git a/ossl_hmac.c b/ossl_hmac.c index b56beb8..c69c7e7 100644 --- a/ossl_hmac.c +++ b/ossl_hmac.c @@ -34,8 +34,8 @@ static void ossl_hmac_free(ossl_hmac *hmacp) { if (hmacp) { - if (hmacp->hmac) - OPENSSL_free(hmacp->hmac); + if (hmacp->hmac) OPENSSL_free(hmacp->hmac); + hmacp->hmac = NULL; free(hmacp); } } @@ -179,13 +179,13 @@ Init_hmac(VALUE module) rb_define_alias(cHMAC, "to_str", "hexhmac"); } -#else +#else /* NO_HMAC is defined */ void Init_hmac(VALUE module) { - rb_warning("HMAC will NOT be avaible: OpenSSL is compiled without HMAC"); + rb_warning("HMAC will NOT be avaible: OpenSSL is compiled without HMAC."); } -#endif +#endif /* NO_HMAC */ diff --git a/ossl_ns_spki.c b/ossl_ns_spki.c index 1f5a533..fed52b3 100644 --- a/ossl_ns_spki.c +++ b/ossl_ns_spki.c @@ -33,6 +33,7 @@ ossl_spki_free(ossl_spki *spkip) { if(spkip) { if(spkip->spki) NETSCAPE_SPKI_free(spkip->spki); + spkip->spki = NULL; free(spkip); } } @@ -78,9 +79,9 @@ ossl_spki_initialize(int argc, VALUE *argv, VALUE self) default: rb_raise(rb_eTypeError, "unsupported type"); } - if (!spki) { + if (!spki) rb_raise(eSPKIError, "%s", ossl_error()); - } + spkip->spki = spki; return self; @@ -99,7 +100,10 @@ ossl_spki_to_pem(VALUE self) rb_raise(eSPKIError, "%s", ossl_error()); } - return rb_str_new2(data); + str = rb_str_new2(data); + OPENSSL_free(data); + + return str; } static VALUE diff --git a/ossl_pkcs7.c b/ossl_pkcs7.c index 5ce9d47..c57eb42 100644 --- a/ossl_pkcs7.c +++ b/ossl_pkcs7.c @@ -28,8 +28,6 @@ if (!p7sip->signer) rb_raise(ePKCS7Error, "not initialized!");\ } -#define DefPKCS7Const(x) rb_define_const(mPKCS7, #x, INT2FIX(x)) - /* * Constants */ @@ -63,9 +61,8 @@ static void ossl_pkcs7_free(ossl_pkcs7 *pkcs7p) { if (pkcs7p) { - if (pkcs7p->pkcs7) { - PKCS7_free(pkcs7p->pkcs7); - } + if (pkcs7p->pkcs7) PKCS7_free(pkcs7p->pkcs7); + pkcs7p->pkcs7 = NULL; free(pkcs7p); } } @@ -74,9 +71,8 @@ static void ossl_pkcs7si_free(ossl_pkcs7si *p7sip) { if (p7sip) { - if (p7sip->signer) { - PKCS7_SIGNER_INFO_free(p7sip->signer); - } + if (p7sip->signer) PKCS7_SIGNER_INFO_free(p7sip->signer); + p7sip->signer = NULL; free(p7sip); } } @@ -123,6 +119,8 @@ ossl_pkcs7si_get_PKCS7_SIGNER_INFO(VALUE obj) ossl_pkcs7si *p7sip = NULL; PKCS7_SIGNER_INFO *si = NULL; + OSSL_Check_Type(obj, cPKCS7SignerInfo); + GetPKCS7si(obj, p7sip); if (!(si = PKCS7_SIGNER_INFO_dup(p7sip->signer))) { @@ -162,6 +160,7 @@ static VALUE ossl_pkcs7_s_sign(VALUE klass, VALUE key, VALUE cert, VALUE data) rb_raise(ePKCS7Error, "%s", ossl_error()); } if (!(p7 = PKCS7_sign(x509, pkey, NULL, bio, 0))) { + BIO_free(bio); rb_raise(ePKCS7Error, "%s", ossl_error()); } BIO_free(bio); @@ -182,6 +181,7 @@ ossl_pkcs7_s_new(int argc, VALUE *argv, VALUE klass) MakePKCS7(obj, pkcs7p); rb_obj_call_init(obj, argc, argv); + return obj; } @@ -203,7 +203,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self) rb_raise(ePKCS7Error, "%s", ossl_error()); } if(!PKCS7_set_type(p7, FIX2INT(arg1))) { - /*PKCS7_free(p7);*/ + PKCS7_free(p7); rb_raise(ePKCS7Error, "%s", ossl_error()); } break; @@ -213,6 +213,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self) rb_raise(ePKCS7Error, "%s", ossl_error()); } if (!(p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL))) { + BIO_free(in); rb_raise(ePKCS7Error, "%s", ossl_error()); } BIO_free(in); @@ -322,10 +323,12 @@ ossl_pkcs7_add_recipient(VALUE self, VALUE cert) rb_raise(ePKCS7Error, "%s", ossl_error()); } if (!PKCS7_RECIP_INFO_set(ri, ossl_x509_get_X509(cert))) { + PKCS7_RECIP_INFO_free(ri); rb_raise(ePKCS7Error, "%s", ossl_error()); } if (!PKCS7_add_recipient_info(p7p->pkcs7, ri)) { + PKCS7_RECIP_INFO_free(ri); rb_raise(ePKCS7Error, "%s", ossl_error()); } @@ -388,6 +391,7 @@ ossl_pkcs7_add_data(int argc, VALUE *argv, VALUE self) rb_raise(ePKCS7Error, "%s", ossl_error()); } if ((i = BIO_write(bio, RSTRING(data)->ptr, RSTRING(data)->len)) != RSTRING(data)->len) { + BIO_free(bio); rb_raise(ePKCS7Error, "BIO_wrote %d, but should be %d!", i, RSTRING(data)->len); } if (!PKCS7_dataFinal(p7p->pkcs7, bio)) { @@ -436,15 +440,15 @@ ossl_pkcs7_data_verify(VALUE self, VALUE x509store, VALUE detached) } else { bio = PKCS7_dataInit(p7p->pkcs7, NULL); } - if (!bio) { + if (!bio) rb_raise(ePKCS7Error, "%s", ossl_error()); - } /* We have to 'read' from bio to calculate digests etc. */ for (;;) { i = BIO_read(bio, buf, sizeof(buf)); if (i <= 0) break; } + /*BIO_free(bio);*/ sk = PKCS7_get_signer_info(p7p->pkcs7); if (!sk) { @@ -573,6 +577,7 @@ ossl_pkcs7si_initialize(int argc, VALUE *argv, VALUE self) rb_raise(ePKCS7Error, "%s", ossl_error()); } if (!(PKCS7_SIGNER_INFO_set(si, x509, pkey, md))) { + PKCS7_SIGNER_INFO_free(si); rb_raise(ePKCS7Error, "%s", ossl_error()); } p7sip->signer = si; @@ -587,7 +592,7 @@ ossl_pkcs7si_get_name(VALUE self) GetPKCS7si(self, p7sip); - return ossl_x509name_new2(p7sip->signer->issuer_and_serial->issuer); + return ossl_x509name_new(p7sip->signer->issuer_and_serial->issuer); } static VALUE @@ -643,6 +648,8 @@ Init_pkcs7(VALUE mPKCS7) rb_define_method(cPKCS7, "decode_data", ossl_pkcs7_data_decode, 2); rb_define_method(cPKCS7, "to_pem", ossl_pkcs7_to_pem, 0); +#define DefPKCS7Const(x) rb_define_const(mPKCS7, #x, INT2FIX(x)) + DefPKCS7Const(SIGNED); DefPKCS7Const(ENVELOPED); DefPKCS7Const(SIGNED_ENVELOPED); diff --git a/ossl_pkey.c b/ossl_pkey.c index c7a2119..91005d8 100644 --- a/ossl_pkey.c +++ b/ossl_pkey.c @@ -81,6 +81,8 @@ ossl_pkey_get_EVP_PKEY(VALUE obj) { ossl_pkey *pkeyp = NULL; + OSSL_Check_Type(obj, cPKey); + GetPKey(obj, pkeyp); return pkeyp->get_EVP_PKEY(obj); diff --git a/ossl_pkey_dsa.c b/ossl_pkey_dsa.c index 115932f..370be8a 100644 --- a/ossl_pkey_dsa.c +++ b/ossl_pkey_dsa.c @@ -8,6 +8,8 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ +#ifndef NO_DSA + #include "ossl.h" #include "ossl_pkey.h" @@ -58,9 +60,9 @@ ossl_dsa_new_null() MakeDSA(obj, dsap); - if (!(dsap->dsa = DSA_new())) { + if (!(dsap->dsa = DSA_new())) rb_raise(eDSAError, "%s", ossl_error()); - } + return obj; } @@ -76,9 +78,9 @@ ossl_dsa_new(DSA *dsa) MakeDSA(obj, dsap); dsap->dsa = (DSA_PRIVATE(dsa)) ? DSAPrivateKey_dup(dsa) : DSAPublicKey_dup(dsa); - if (!dsap->dsa) { + + if (!dsap->dsa) rb_raise(eDSAError, "%s", ossl_error()); - } return obj; } @@ -89,12 +91,13 @@ ossl_dsa_get_DSA(VALUE obj) ossl_dsa *dsap = NULL; DSA *dsa = NULL; + OSSL_Check_Type(obj, cDSA); + GetDSA(obj, dsap); dsa = (DSA_PRIVATE(dsap->dsa)) ? DSAPrivateKey_dup(dsap->dsa) : DSAPublicKey_dup(dsap->dsa); - if (!dsa) { + if (!dsa) rb_raise(eDSAError, "%s", ossl_error()); - } return dsa; } @@ -105,6 +108,8 @@ ossl_dsa_get_EVP_PKEY(VALUE obj) DSA *dsa = NULL; EVP_PKEY *pkey = NULL; + OSSL_Check_Type(obj, cDSA); + dsa = ossl_dsa_get_DSA(obj); if (!(pkey = EVP_PKEY_new())) { @@ -132,6 +137,7 @@ ossl_dsa_s_new(int argc, VALUE *argv, VALUE klass) MakeDSA(obj, dsap); rb_obj_call_init(obj, argc, argv); + return obj; } @@ -178,10 +184,12 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self) } if (rb_block_given_p()) cb = ossl_dsa_generate_cb; + if (!(dsa = DSA_generate_parameters(FIX2INT(buffer), seed, seed_len, &counter, &h, cb, NULL))) { /* arg to cb = NULL */ rb_raise(eDSAError, "%s", ossl_error()); } if (!DSA_generate_key(dsa)) { + DSA_free(dsa); rb_raise(eDSAError, "%s", ossl_error()); } break; @@ -269,10 +277,12 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self) if (DSA_PRIVATE(dsap->dsa)) { if (!PEM_write_bio_DSAPrivateKey(out, dsap->dsa, ciph, NULL, 0, NULL, pass)) { + BIO_free(out); rb_raise(eDSAError, "%s", ossl_error()); } } else { if (!PEM_write_bio_DSAPublicKey(out, dsap->dsa)) { + BIO_free(out); rb_raise(eDSAError, "%s", ossl_error()); } } @@ -296,29 +306,33 @@ ossl_dsa_to_der(VALUE self) GetDSA(self, dsap); dsa = (DSA_PRIVATE(dsap->dsa)) ? DSAPrivateKey_dup(dsap->dsa):DSAPublicKey_dup(dsap->dsa); - if (!dsa) { + + if (!dsa) rb_raise(eDSAError, "%s", ossl_error()); - } + if (!(pkey = EVP_PKEY_new())) { DSA_free(dsa); rb_raise(eDSAError, "%s", ossl_error()); } if (!EVP_PKEY_assign_DSA(pkey, dsap->dsa)) { - DSA_free(dsa); + /*DSA_free(dsa);*/ EVP_PKEY_free(pkey); rb_raise(eDSAError, "%s", ossl_error()); } if (!(key = X509_PUBKEY_new())) { + /*DSA_free(dsa);*/ EVP_PKEY_free(pkey); rb_raise(eDSAError, "%s", ossl_error()); } if (!X509_PUBKEY_set(&key, pkey)) { - EVP_PKEY_free(pkey); + /*DSA_free(dsa);*/ + /* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */ X509_PUBKEY_free(key); rb_raise(eDSAError, "%s", ossl_error()); } str = rb_str_new(key->public_key->data, key->public_key->length); + /*DSA_free(dsa);*/ /* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */ X509_PUBKEY_free(key); @@ -344,6 +358,7 @@ ossl_dsa_to_str(VALUE self) rb_raise(eDSAError, "%s", ossl_error()); } if (!DSA_print(out, dsap->dsa, 0)) { //offset = 0 + BIO_free(out); rb_raise(eDSAError, "%s", ossl_error()); } BIO_get_mem_ptr(out, &buf); @@ -393,6 +408,7 @@ ossl_dsa_sign(VALUE self, VALUE data) } if (!DSA_sign(0, RSTRING(data)->ptr, RSTRING(data)->len, sig, &sig_len, dsap->dsa)) { /*type = 0*/ + OPENSSL_free(sig); rb_raise(eDSAError, "%s", ossl_error()); } @@ -413,13 +429,13 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) Check_SafeStr(sig); ret = DSA_verify(0, RSTRING(digest)->ptr, RSTRING(digest)->len, RSTRING(sig)->ptr, RSTRING(sig)->len, dsap->dsa); /*type = 0*/ + + if (ret < 0) + rb_raise(eDSAError, "%s", ossl_error()); + if (ret == 1) return Qtrue; - else if (ret == 0) - return Qfalse; - - rb_raise(eDSAError, "%s", ossl_error()); - return Qnil; + return Qfalse; } /* @@ -444,3 +460,13 @@ Init_ossl_dsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError) rb_define_method(cDSA, "verify_digest", ossl_dsa_verify, 2); } +#else /* defined NO_DSA */ + +void +Init_ossl_dsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError) +{ + rb_warning("DSA keys will NOT be avaible: OpenSSL is compiled without DSA support."); +} + +#endif /* NO_DSA */ + diff --git a/ossl_pkey_rsa.c b/ossl_pkey_rsa.c index ce26e40..f5e75c5 100644 --- a/ossl_pkey_rsa.c +++ b/ossl_pkey_rsa.c @@ -8,6 +8,8 @@ * This program is licenced under the same licence as Ruby. * (See the file 'LICENCE'.) */ +#ifndef NO_RSA + #include "ossl.h" #include "ossl_pkey.h" @@ -58,9 +60,9 @@ ossl_rsa_new_null() MakeRSA(obj, rsap); - if (!(rsap->rsa = RSA_new())) { + if (!(rsap->rsa = RSA_new())) rb_raise(eRSAError, "%s", ossl_error()); - } + return obj; } @@ -76,9 +78,9 @@ ossl_rsa_new(RSA *rsa) MakeRSA(obj, rsap); rsap->rsa = (RSA_PRIVATE(rsa)) ? RSAPrivateKey_dup(rsa) : RSAPublicKey_dup(rsa); - if (!rsap->rsa) { + + if (!rsap->rsa) rb_raise(eRSAError, "%s", ossl_error()); - } return obj; } @@ -89,12 +91,14 @@ ossl_rsa_get_RSA(VALUE obj) ossl_rsa *rsap = NULL; RSA *rsa = NULL; + OSSL_Check_Type(obj, cRSA); + GetRSA(obj, rsap); rsa = (RSA_PRIVATE(rsap->rsa)) ? RSAPrivateKey_dup(rsap->rsa) : RSAPublicKey_dup(rsap->rsa); - if (!rsa) { + + if (!rsa) rb_raise(eRSAError, "%s", ossl_error()); - } return rsa; } @@ -105,6 +109,8 @@ ossl_rsa_get_EVP_PKEY(VALUE obj) RSA *rsa = NULL; EVP_PKEY *pkey = NULL; + OSSL_Check_Type(obj, cRSA); + rsa = ossl_rsa_get_RSA(obj); if (!(pkey = EVP_PKEY_new())) { @@ -132,6 +138,7 @@ ossl_rsa_s_new(int argc, VALUE *argv, VALUE klass) MakeRSA(obj, rsap); rb_obj_call_init(obj, argc, argv); + return obj; } @@ -262,10 +269,12 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self) if (RSA_PRIVATE(rsap->rsa)) { if (!PEM_write_bio_RSAPrivateKey(out, rsap->rsa, ciph, NULL, 0, NULL, pass)) { + BIO_free(out); rb_raise(eRSAError, "%s", ossl_error()); } } else { if (!PEM_write_bio_RSAPublicKey(out, rsap->rsa)) { + BIO_free(out); rb_raise(eRSAError, "%s", ossl_error()); } } @@ -290,15 +299,15 @@ ossl_rsa_public_encrypt(VALUE self, VALUE buffer) Check_Type(buffer, T_STRING); size = RSA_size(rsap->rsa); - if (!(enc_text = malloc(size + 16))) { + if (!(enc_text = OPENSSL_malloc(size + 16))) { rb_raise(eRSAError, "Memory alloc error"); } if ((len = RSA_public_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, enc_text, rsap->rsa, RSA_PKCS1_PADDING)) < 0) { - free(enc_text); + OPENSSL_free(enc_text); rb_raise(eRSAError, "%s", ossl_error()); } enc = rb_str_new(enc_text, len); - free(enc_text); + OPENSSL_free(enc_text); return enc; } @@ -316,15 +325,15 @@ ossl_rsa_public_decrypt(VALUE self, VALUE buffer) Check_Type(buffer, T_STRING); size = RSA_size(rsap->rsa); - if (!(txt = malloc(size + 16))) { + if (!(txt = OPENSSL_malloc(size + 16))) { rb_raise(eRSAError, "Memory alloc error"); } if ((len = RSA_public_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, txt, rsap->rsa, RSA_PKCS1_PADDING)) < 0) { - free(txt); + OPENSSL_free(txt); rb_raise(eRSAError, "%s", ossl_error()); } text = rb_str_new(txt, len); - free(txt); + OPENSSL_free(txt); return text; } @@ -342,19 +351,20 @@ ossl_rsa_private_encrypt(VALUE self, VALUE buffer) if (!RSA_PRIVATE(rsap->rsa)) { rb_raise(eRSAError, "This key is PUBLIC only!"); } + Check_Type(buffer, T_STRING); size = RSA_size(rsap->rsa); - if (!(enc_text = malloc(size + 16))) { + if (!(enc_text = OPENSSL_malloc(size + 16))) { rb_raise(eRSAError, "Memory alloc error"); } if ((len = RSA_private_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, enc_text, rsap->rsa, RSA_PKCS1_PADDING)) < 0) { - free(enc_text); + OPENSSL_free(enc_text); rb_raise(eRSAError, "%s", ossl_error()); } enc = rb_str_new(enc_text, len); - free(enc_text); + OPENSSL_free(enc_text); return enc; } @@ -376,15 +386,15 @@ ossl_rsa_private_decrypt(VALUE self, VALUE buffer) size = RSA_size(rsap->rsa); - if (!(txt = malloc(size + 16))) { + if (!(txt = OPENSSL_malloc(size + 16))) { rb_raise(eRSAError, "Memory alloc error"); } if ((len = RSA_private_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, txt, rsap->rsa, RSA_PKCS1_PADDING)) < 0) { - free(txt); + OPENSSL_free(txt); rb_raise(eRSAError, "%s", ossl_error()); } text = rb_str_new(txt, len); - free(txt); + OPENSSL_free(txt); return text; } @@ -407,6 +417,7 @@ ossl_rsa_get_n(VALUE self) rb_raise(eRSAError, "%s", ossl_error()); } if (!BN_print(out, rsap->rsa->n)) { + BIO_free(out); rb_raise(eRSAError, "%s", ossl_error()); } BIO_get_mem_ptr(out, &buf); @@ -429,29 +440,33 @@ ossl_rsa_to_der(VALUE self) GetRSA(self, rsap); rsa = (RSA_PRIVATE(rsap->rsa)) ? RSAPrivateKey_dup(rsap->rsa):RSAPublicKey_dup(rsap->rsa); - if (!rsa) { + + if (!rsa) rb_raise(eRSAError, "%s", ossl_error()); - } + if (!(pkey = EVP_PKEY_new())) { RSA_free(rsa); rb_raise(eRSAError, "%s", ossl_error()); } if (!EVP_PKEY_assign_RSA(pkey, rsap->rsa)) { - RSA_free(rsa); + /*RSA_free(rsa);*/ EVP_PKEY_free(pkey); rb_raise(eRSAError, "%s", ossl_error()); } if (!(key = X509_PUBKEY_new())) { + /*RSA_free(rsa);*/ EVP_PKEY_free(pkey); rb_raise(eRSAError, "%s", ossl_error()); } if (!X509_PUBKEY_set(&key, pkey)) { - EVP_PKEY_free(pkey); + /*RSA_free(rsa);*/ + /* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */ X509_PUBKEY_free(key); rb_raise(eRSAError, "%s", ossl_error()); } str = rb_str_new(key->public_key->data, key->public_key->length); + /*RSA_free(rsa);*/ /* EVP_PKEY_free(pkey) = this does X509_PUBKEY_free!! */ X509_PUBKEY_free(key); @@ -477,6 +492,7 @@ ossl_rsa_to_str(VALUE self) rb_raise(eRSAError, "%s", ossl_error()); } if (!RSA_print(out, rsap->rsa, 0)) { //offset = 0 + BIO_free(out); rb_raise(eRSAError, "%s", ossl_error()); } BIO_get_mem_ptr(out, &buf); @@ -550,7 +566,8 @@ ossl_rsa_verify(VALUE self, VALUE digest, VALUE text) /* * INIT */ -void Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError) +void +Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError) { eRSAError = rb_define_class_under(mPKey, "RSAError", ePKeyError); @@ -577,3 +594,13 @@ void Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError) */ } +#else /* defined NO_RSA */ + +void +Init_ossl_rsa(VALUE mPKey, VALUE cPKey, VALUE ePKeyError) +{ + rb_warning("RSA keys will NOT be avaible: OpenSSL is compiled without RSA support."); +} + +#endif /* NO_RSA */ + diff --git a/ossl_rand.c b/ossl_rand.c index caf7262..424a918 100644 --- a/ossl_rand.c +++ b/ossl_rand.c @@ -32,6 +32,7 @@ ossl_rand_seed(VALUE self, VALUE str) { Check_SafeStr(str); RAND_seed(RSTRING(str)->ptr, RSTRING(str)->len); + return str; } @@ -70,6 +71,7 @@ ossl_rand_bytes(VALUE self, VALUE len) } if (!RAND_bytes(buffer, FIX2INT(len))) { + OPENSSL_free(buffer); rb_raise(eRandomError, "%s", ossl_error()); } @@ -82,7 +84,8 @@ ossl_rand_bytes(VALUE self, VALUE len) /* * INIT */ -void Init_ossl_rand(VALUE mOSSL) +void +Init_ossl_rand(VALUE mOSSL) { rb_define_method(mOSSL, "seed", ossl_rand_seed, 1); rb_define_method(mOSSL, "load_random_file", ossl_rand_load_file, 1); @@ -141,7 +141,7 @@ static int ssl_verify_callback(int ok, X509_STORE_CTX *ctx) VALUE x509stc, args, ret; if (!NIL_P(ssl_verify_callback_proc)) { - x509stc = ossl_x509store_new2(ctx); + x509stc = ossl_x509store_new(ctx); rb_funcall(x509stc, rb_intern("protect"), 0, NULL); args = rb_ary_new2(3); rb_ary_store(args, 0, ssl_verify_callback_proc); @@ -399,7 +399,7 @@ ssl_get_certificate(self) if((cert = SSL_get_certificate(p->ssl)) == NULL) return Qnil; - return ossl_x509_new2(cert); + return ossl_x509_new(cert); } static VALUE @@ -417,7 +417,7 @@ ssl_get_peer_certificate(self) if((cert = SSL_get_peer_certificate(p->ssl)) == NULL) return Qnil; - return ossl_x509_new2(cert); + return ossl_x509_new(cert); } static VALUE diff --git a/ossl_x509.c b/ossl_x509.c index ab08a80..85e6b33 100644 --- a/ossl_x509.c +++ b/ossl_x509.c @@ -45,11 +45,28 @@ ossl_x509_free(ossl_x509 *x509p) /* * public functions */ -VALUE -ossl_x509_new2(X509 *x509) +VALUE +ossl_x509_new_null(void) +{ + ossl_x509 *x509p = NULL; + VALUE obj; + + MakeX509(obj, x509p); + + if (!(x509p->x509 = X509_new())) + rb_raise(eX509CertificateError, "%s", ossl_error()); + + return obj; +} + +VALUE +ossl_x509_new(X509 *x509) { ossl_x509 *x509p = NULL; VALUE obj; + + if (!x509) + return ossl_x509_new_null(); MakeX509(obj, x509p); @@ -70,6 +87,7 @@ ossl_x509_new_from_file(VALUE filename) VALUE obj; MakeX509(obj, x509p); + path = RSTRING(filename)->ptr; if ((fp = fopen(path, "r")) == NULL) rb_raise(eX509CertificateError, "%s", strerror(errno)); @@ -85,12 +103,15 @@ ossl_x509_new_from_file(VALUE filename) } X509 * -ossl_x509_get_X509(VALUE self) +ossl_x509_get_X509(VALUE obj) { ossl_x509 *x509p = NULL; X509 *x509 = NULL; - GetX509(self, x509p); + OSSL_Check_Type(obj, cX509Certificate); + + GetX509(obj, x509p); + if (!(x509 = X509_dup(x509p->x509))) { rb_raise(eX509CertificateError, "%s", ossl_error()); } @@ -108,7 +129,9 @@ ossl_x509_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509(obj, x509p); + rb_obj_call_init(obj, argc, argv); + return obj; } @@ -138,9 +161,9 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self) default: rb_raise(rb_eTypeError, "unsupported type"); } - if (!x509) { + + if (!x509) rb_raise(eX509CertificateError, "%s", ossl_error()); - } x509p->x509 = x509; @@ -195,7 +218,7 @@ ossl_x509_to_pem(VALUE self) return str; } -static VALUE +static VALUE ossl_x509_to_str(VALUE self) { ossl_x509 *x509p = NULL; @@ -234,7 +257,7 @@ ossl_x509_to_req(VALUE self) rb_raise(eX509CertificateError, "%s", ossl_error()); } - return ossl_x509req_new2(req); + return ossl_x509req_new(req); } */ @@ -322,7 +345,7 @@ ossl_x509_get_subject(VALUE self) rb_raise(eX509CertificateError, "%s", ossl_error()); } - return ossl_x509name_new2(name); + return ossl_x509name_new(name); } static VALUE @@ -356,7 +379,7 @@ ossl_x509_get_issuer(VALUE self) rb_raise(eX509CertificateError, "%s", ossl_error()); } - return ossl_x509name_new2(name); + return ossl_x509name_new(name); } static VALUE @@ -369,6 +392,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer) OSSL_Check_Type(issuer, cX509Name); name = ossl_x509name_get_X509_NAME(issuer); + if (!X509_set_issuer_name(x509p->x509, name)) { rb_raise(eX509CertificateError, "%s", ossl_error()); } @@ -406,11 +430,12 @@ ossl_x509_set_not_before(VALUE self, VALUE time) if (!FIXNUM_P(sec)) rb_raise(eX509CertificateError, "wierd time"); + if ((intsec = FIX2INT(sec)) < 0) rb_raise(eX509CertificateError, "time < 0???"); - if (!ASN1_UTCTIME_set(X509_get_notBefore(x509p->x509), intsec)) { + + if (!ASN1_UTCTIME_set(X509_get_notBefore(x509p->x509), intsec)) rb_raise(eX509CertificateError, "%s", ossl_error()); - } return time; } @@ -444,11 +469,12 @@ ossl_x509_set_not_after(VALUE self, VALUE time) if (!FIXNUM_P(sec)) rb_raise(eX509CertificateError, "wierd time"); + if ((intsec = FIX2INT(sec)) < 0) rb_raise(eX509CertificateError, "time < 0??"); - if (!ASN1_UTCTIME_set(X509_get_notAfter(x509p->x509), FIX2INT(sec))) { + + if (!ASN1_UTCTIME_set(X509_get_notAfter(x509p->x509), FIX2INT(sec))) rb_raise(eX509CertificateError, "%s", ossl_error()); - } return time; } @@ -583,12 +609,14 @@ ossl_x509_get_extensions(VALUE self) count = X509_get_ext_count(x509p->x509); - if (count > 0) ary = rb_ary_new2(count); - else return rb_ary_new(); + if (count > 0) + ary = rb_ary_new2(count); + else + return rb_ary_new(); for (i=0; i<count; i++) { ext = X509_get_ext(x509p->x509, i); - rb_ary_push(ary, ossl_x509ext_new2(ext)); + rb_ary_push(ary, ossl_x509ext_new(ext)); } return ary; @@ -632,6 +660,7 @@ ossl_x509_add_extension(VALUE self, VALUE ext) GetX509(self, x509p); OSSL_Check_Type(ext, cX509Extension); + if (!X509_add_ext(x509p->x509, ossl_x509ext_get_X509_EXTENSION(ext), -1)) { rb_raise(eX509CertificateError, "%s", ossl_error()); } diff --git a/ossl_x509attr.c b/ossl_x509attr.c index a73e281..a80b4ad 100644 --- a/ossl_x509attr.c +++ b/ossl_x509attr.c @@ -47,13 +47,30 @@ ossl_x509attr_free(ossl_x509attr *attrp) * public */ VALUE -ossl_x509attr_new2(X509_ATTRIBUTE *attr) +ossl_x509attr_new_null(void) { ossl_x509attr *attrp = NULL; VALUE obj; MakeX509Attr(obj, attrp); + if (!(attrp->attribute = X509_ATTRIBUTE_new())) + rb_raise(eX509AttributeError, "%s", ossl_error()); + + return obj; +} + +VALUE +ossl_x509attr_new(X509_ATTRIBUTE *attr) +{ + ossl_x509attr *attrp = NULL; + VALUE obj; + + if (!attr) + return ossl_x509attr_new_null(); + + MakeX509Attr(obj, attrp); + if (!(attrp->attribute = X509_ATTRIBUTE_dup(attr))) { rb_raise(eX509AttributeError, "%s", ossl_error()); } @@ -62,16 +79,18 @@ ossl_x509attr_new2(X509_ATTRIBUTE *attr) } X509_ATTRIBUTE * -ossl_x509attr_get_X509_ATTRIBUTE(VALUE self) +ossl_x509attr_get_X509_ATTRIBUTE(VALUE obj) { ossl_x509attr *attrp = NULL; X509_ATTRIBUTE *attr = NULL; - GetX509Attr(self, attrp); + OSSL_Check_Type(obj, cX509Attribute); + + GetX509Attr(obj, attrp); - if (!(attr = X509_ATTRIBUTE_dup(attrp->attribute))) { + if (!(attr = X509_ATTRIBUTE_dup(attrp->attribute))) rb_raise(eX509AttributeError, "%s", ossl_error()); - } + return attr; } @@ -85,7 +104,9 @@ ossl_x509attr_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509Attr(obj, attrp); + rb_obj_call_init(obj, argc, argv); + return obj; } @@ -146,9 +167,9 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self) default: rb_raise(rb_eTypeError, "unsupported type"); } - if (!attr) { + if (!attr) rb_raise(eX509AttributeError, "%s", ossl_error()); - } + attrp->attribute = attr; return self; diff --git a/ossl_x509crl.c b/ossl_x509crl.c index 5448b5d..4025b1c 100644 --- a/ossl_x509crl.c +++ b/ossl_x509crl.c @@ -51,6 +51,8 @@ ossl_x509crl_get_X509_CRL(VALUE obj) ossl_x509crl *crlp = NULL; X509_CRL *crl = NULL; + OSSL_Check_Type(obj, cX509CRL); + GetX509CRL(obj, crlp); if (!(crl = X509_CRL_dup(crlp->crl))) { @@ -70,6 +72,7 @@ ossl_x509crl_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509CRL(obj, crlp); + rb_obj_call_init(obj, argc, argv); return obj; @@ -96,14 +99,13 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) rb_raise(eX509CRLError, "%s", ossl_error()); } crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); - /*BIO_free(in);*/ + BIO_free(in); break; default: rb_raise(rb_eTypeError, "unsupported type"); } - if (!crl) { + if (!crl) rb_raise(eX509CRLError, "%s", ossl_error()); - } crlp->crl = crl; @@ -152,7 +154,7 @@ ossl_x509crl_get_issuer(VALUE self) GetX509CRL(self, crlp); - return ossl_x509name_new2(crlp->crl->crl->issuer); + return ossl_x509name_new(crlp->crl->crl->issuer); } static VALUE @@ -197,6 +199,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time) if (!FIXNUM_P(sec)) rb_raise(eX509CRLError, "wierd time"); + if (!ASN1_UTCTIME_set(crlp->crl->crl->lastUpdate, FIX2INT(sec))) { rb_raise(eX509CRLError, "%s", ossl_error()); } @@ -227,6 +230,7 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time) if (!FIXNUM_P(sec)) rb_raise(eX509CRLError, "wierd time"); + if (!ASN1_UTCTIME_set(crlp->crl->crl->nextUpdate, FIX2INT(sec))) { rb_raise(eX509CRLError, "%s", ossl_error()); } @@ -249,8 +253,9 @@ ossl_x509crl_get_revoked(VALUE self) return rb_ary_new(); ary = rb_ary_new2(num); + for(i=0; i<num; i++) { - rb_ary_push(ary, ossl_x509revoked_new2((X509_REVOKED *)sk_X509_CRL_value(crlp->crl->crl->revoked, i))); + rb_ary_push(ary, ossl_x509revoked_new((X509_REVOKED *)sk_X509_CRL_value(crlp->crl->crl->revoked, i))); } return ary; @@ -345,6 +350,7 @@ ossl_x509crl_verify(VALUE self, VALUE key) OSSL_Check_Type(key, cPKey); pkey = ossl_pkey_get_EVP_PKEY(key); + result = X509_CRL_verify(crlp->crl, pkey); EVP_PKEY_free(pkey); @@ -416,11 +422,12 @@ ossl_x509crl_get_extensions(VALUE self) if (count > 0) ary = rb_ary_new2(count); - else return rb_ary_new(); + else + return rb_ary_new(); for (i=0; i<count; i++) { ext = X509_CRL_get_ext(crlp->crl, i); - rb_ary_push(ary, ossl_x509ext_new2(ext)); + rb_ary_push(ary, ossl_x509ext_new(ext)); } return ary; diff --git a/ossl_x509ext.c b/ossl_x509ext.c index 952358f..644697e 100644 --- a/ossl_x509ext.c +++ b/ossl_x509ext.c @@ -67,17 +67,32 @@ ossl_x509extfactory_free(ossl_x509extfactory *extfactoryp) * Public */ VALUE -ossl_x509ext_new2(X509_EXTENSION *ext) +ossl_x509ext_new_null(void) { ossl_x509ext *extp = NULL; - X509_EXTENSION *new = NULL; VALUE obj; MakeX509Ext(obj, extp); - if (!(new = X509_EXTENSION_dup(ext))) { + + if (!(extp->extension = X509_EXTENSION_new())) + rb_raise(eX509ExtensionError, "%s", ossl_error()); + + return obj; +} + +VALUE +ossl_x509ext_new(X509_EXTENSION *ext) +{ + ossl_x509ext *extp = NULL; + VALUE obj; + + if (!ext) + return ossl_x509ext_new_null(); + + MakeX509Ext(obj, extp); + + if (!(extp->extension = X509_EXTENSION_dup(ext))) rb_raise(eX509ExtensionError, "%s", ossl_error()); - } - extp->extension = new; return obj; } @@ -87,7 +102,10 @@ ossl_x509ext_get_X509_EXTENSION(VALUE obj) { ossl_x509ext *extp = NULL; + OSSL_Check_Type(obj, cX509Extension); + GetX509Ext(obj, extp); + return X509_EXTENSION_dup(extp->extension); } @@ -104,6 +122,7 @@ ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509ExtFactory(obj, extfactoryp); + rb_obj_call_init(obj, argc, argv); return obj; @@ -322,12 +341,16 @@ ossl_x509ext_to_str(VALUE obj) * User defined user format */ nid = OBJ_obj2nid(X509_EXTENSION_get_object(extp->extension)); + BIO_printf(out, "OID=%s, VALUE=", (nid == NID_undef)?"UNKNOWN":OBJ_nid2sn(nid)); /*OBJ_nid2ln(nid)*/ + if (!X509V3_EXT_print(out, extp->extension, 0, 0)) { + BIO_free(out); rb_raise(eX509ExtensionError, "%s", ossl_error()); } critical = X509_EXTENSION_get_critical(extp->extension); BIO_printf(out,", critical = %s\n", (critical)?"yes":"no"); + BIO_get_mem_ptr(out, &buf); str = rb_str_new(buf->data, buf->length); BIO_free(out); @@ -355,6 +378,7 @@ ossl_x509ext_to_a(VALUE obj) rb_raise(eX509ExtensionError, "%s", ossl_error()); } if (!X509V3_EXT_print(out, extp->extension, 0, 0)) { + BIO_free(out); rb_raise(eX509ExtensionError, "%s", ossl_error()); } BIO_get_mem_ptr(out, &buf); @@ -373,7 +397,8 @@ ossl_x509ext_to_a(VALUE obj) /* * INIT */ -void Init_ossl_x509ext(VALUE module) +void +Init_ossl_x509ext(VALUE module) { eX509ExtensionError = rb_define_class_under(module, "ExtensionError", rb_eStandardError); diff --git a/ossl_x509name.c b/ossl_x509name.c index b992ba4..452faf9 100644 --- a/ossl_x509name.c +++ b/ossl_x509name.c @@ -47,17 +47,32 @@ ossl_x509name_free(ossl_x509name *namep) * Public */ VALUE -ossl_x509name_new2(X509_NAME *name) +ossl_x509name_new_null(void) { ossl_x509name *namep = NULL; - X509_NAME *new = NULL; VALUE obj; MakeX509Name(obj, namep); - if (!(new = X509_NAME_dup(name))) { + + if (!(namep->name = X509_NAME_new())) + rb_raise(eX509NameError, "%s", ossl_error()); + + return obj; +} + +VALUE +ossl_x509name_new(X509_NAME *name) +{ + ossl_x509name *namep = NULL; + VALUE obj; + + if (!name) + return ossl_x509name_new_null(); + + MakeX509Name(obj, namep); + + if (!(namep->name = X509_NAME_dup(name))) rb_raise(eX509NameError, "%s", ossl_error()); - } - namep->name = new; return obj; } @@ -67,6 +82,8 @@ ossl_x509name_get_X509_NAME(VALUE obj) { ossl_x509name *namep = NULL; + OSSL_Check_Type(obj, cX509Name); + GetX509Name(obj, namep); return X509_NAME_dup(namep->name); @@ -82,6 +99,7 @@ ossl_x509name_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509Name(obj, namep); + rb_obj_call_init(obj, argc, argv); return obj; @@ -125,6 +143,7 @@ ary_to_x509name(VALUE ary) } key = RARRAY(item)->ptr[0]; value = RARRAY(item)->ptr[1]; + if (TYPE(key) != T_STRING || TYPE(value) != T_STRING) { rb_raise(eX509NameError, "unsupported structure"); } @@ -203,9 +222,9 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self) default: rb_raise(rb_eTypeError, "unsupported type"); } - if (!name) { + if (!name) rb_raise(eX509NameError, "%s", ossl_error()); - } + namep->name = name; return self; diff --git a/ossl_x509req.c b/ossl_x509req.c index 55d1e83..6f8c2fa 100644 --- a/ossl_x509req.c +++ b/ossl_x509req.c @@ -47,30 +47,49 @@ ossl_x509req_free(ossl_x509req *reqp) * Public functions */ VALUE -ossl_x509req_new2(X509_REQ *req) +ossl_x509req_new_null(void) { ossl_x509req *reqp = NULL; VALUE self; MakeX509Req(self, reqp); - if (!(reqp->request = X509_REQ_dup(req))) { + + if (!(reqp->request = X509_REQ_new())) + rb_raise(eX509RequestError, "%s", ossl_error()); + + return self; +} + +VALUE +ossl_x509req_new(X509_REQ *req) +{ + ossl_x509req *reqp = NULL; + VALUE self; + + if (!req) + return ossl_x509req_new_null(); + + MakeX509Req(self, reqp); + + if (!(reqp->request = X509_REQ_dup(req))) rb_raise(eX509RequestError, "%s", ossl_error()); - } return self; } X509_REQ * -ossl_x509req_get_X509_REQ(VALUE self) +ossl_x509req_get_X509_REQ(VALUE obj) { ossl_x509req *reqp = NULL; X509_REQ *req = NULL; - GetX509Req(self, reqp); + OSSL_Check_Type(obj, cX509Request); - if (!(req = X509_REQ_dup(reqp->request))) { + GetX509Req(obj, reqp); + + if (!(req = X509_REQ_dup(reqp->request))) rb_raise(eX509RequestError, "%s", ossl_error()); - } + return req; } @@ -84,6 +103,7 @@ ossl_x509req_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509Req(obj, reqp); + rb_obj_call_init(obj, argc, argv); return obj; @@ -115,9 +135,9 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) default: rb_raise(rb_eTypeError, "unsupported type"); } - if (!req) { + if (!req) rb_raise(eX509RequestError, "%s", ossl_error()); - } + reqp->request = req; return self; @@ -186,7 +206,7 @@ ossl_x509req_to_x509(VALUE self, VALUE days, VALUE key) rb_raise(eX509RequestError, "%s", ossl_error()); } - return ossl_x509req_new2(x509); + return ossl_x509req_new(x509); } */ @@ -233,7 +253,7 @@ ossl_x509req_get_subject(VALUE self) if (!(name = X509_REQ_get_subject_name(reqp->request))) { rb_raise(eX509RequestError, "%s", ossl_error()); } - subject = ossl_x509name_new2(name); + subject = ossl_x509name_new(name); /*X509_NAME_free(name);*/ return subject; @@ -253,6 +273,7 @@ ossl_x509req_set_subject(VALUE self, VALUE subject) if (!X509_REQ_set_subject_name(reqp->request, name)) { rb_raise(eX509RequestError, "%s", ossl_error()); } + /*X509_NAME_free(name);*/ return subject; } @@ -339,9 +360,10 @@ ossl_x509req_verify(VALUE self, VALUE key) i = X509_REQ_verify(reqp->request, pkey); EVP_PKEY_free(pkey); - if (i < 0) { + if (i < 0) rb_raise(eX509RequestError, "%s", ossl_error()); - } else if (i > 0) + + if (i > 0) return Qtrue; return Qfalse; @@ -359,12 +381,14 @@ ossl_x509req_get_attributes(VALUE self) count = X509_REQ_get_attr_count(reqp->request); - if(count > 0) ary = rb_ary_new2(count); - else return rb_ary_new(); + if(count > 0) + ary = rb_ary_new2(count); + else + return rb_ary_new(); for (i=0; i<count; i++) { attr = X509_REQ_get_attr(reqp->request, i); - rb_ary_push(ary, ossl_x509attr_new2(attr)); + rb_ary_push(ary, ossl_x509attr_new(attr)); } return ary; @@ -387,8 +411,11 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary) for (i=0;i<RARRAY(ary)->len; i++) { item = RARRAY(ary)->ptr[i]; + OSSL_Check_Type(item, cX509Attribute); + attr = ossl_x509attr_get_X509_ATTRIBUTE(item); + if (!X509_REQ_add1_attr(reqp->request, attr)) { rb_raise(eX509RequestError, "%s", ossl_error()); } @@ -407,6 +434,7 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr) GetX509Req(self, reqp); OSSL_Check_Type(attr, cX509Attribute); + if (!X509_REQ_add1_attr(reqp->request, ossl_x509attr_get_X509_ATTRIBUTE(attr))) { rb_raise(eX509RequestError, "%s", ossl_error()); } diff --git a/ossl_x509revoked.c b/ossl_x509revoked.c index b77c8b6..441047a 100644 --- a/ossl_x509revoked.c +++ b/ossl_x509revoked.c @@ -46,28 +46,44 @@ ossl_x509revoked_free(ossl_x509revoked *revp) * PUBLIC */ VALUE -ossl_x509revoked_new2(X509_REVOKED *rev) +ossl_x509revoked_new_null(void) { ossl_x509revoked *revp = NULL; - X509_REVOKED *new = NULL; VALUE obj; + + MakeX509Revoked(obj, revp); - if (!(new = X509_REVOKED_dup(rev))) { + if (!(revp->revoked = X509_REVOKED_new())) rb_raise(eX509RevokedError, "%s", ossl_error()); - } + + return obj; +} + +VALUE +ossl_x509revoked_new(X509_REVOKED *rev) +{ + ossl_x509revoked *revp = NULL; + VALUE obj; + + if (!rev) + return ossl_x509revoked_new_null(); MakeX509Revoked(obj, revp); - revp->revoked = new; + + if (!(revp->revoked = X509_REVOKED_dup(rev))) + rb_raise(eX509RevokedError, "%s", ossl_error()); return obj; } X509_REVOKED * -ossl_x509revoked_get_X509_REVOKED(VALUE self) +ossl_x509revoked_get_X509_REVOKED(VALUE obj) { ossl_x509revoked *revp = NULL; - GetX509Revoked(self, revp); + OSSL_Check_Type(obj, cX509Revoked); + + GetX509Revoked(obj, revp); return X509_REVOKED_dup(revp->revoked); } @@ -82,6 +98,7 @@ ossl_x509revoked_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509Revoked(obj, revp); + rb_obj_call_init(obj, argc, argv); return obj; @@ -147,10 +164,12 @@ ossl_x509revoked_set_time(VALUE obj, VALUE time) GetX509Revoked(obj, revp); OSSL_Check_Type(time, rb_cTime); + sec = rb_funcall(time, rb_intern("to_i"), 0, NULL); if (!FIXNUM_P(sec)) rb_raise(eX509RevokedError, "wierd time"); + if (!ASN1_UTCTIME_set(revp->revoked->revocationDate, FIX2INT(sec))) { rb_raise(eX509RevokedError, "%s", ossl_error()); } @@ -172,12 +191,14 @@ ossl_x509revoked_get_extensions(VALUE self) count = X509_REVOKED_get_ext_count(revp->revoked); - if (count > 0) ary = rb_ary_new2(count); - else return rb_ary_new(); + if (count > 0) + ary = rb_ary_new2(count); + else + return rb_ary_new(); for (i=0; i<count; i++) { ext = X509_REVOKED_get_ext(revp->revoked, i); - rb_ary_push(ary, ossl_x509ext_new2(ext)); + rb_ary_push(ary, ossl_x509ext_new(ext)); } return ary; @@ -203,8 +224,11 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary) for (i=0; i<RARRAY(ary)->len; i++) { item = RARRAY(ary)->ptr[i]; + OSSL_Check_Type(item, cX509Extension); + ext = ossl_x509ext_get_X509_EXTENSION(item); + if(!X509_REVOKED_add_ext(revp->revoked, ext, -1)) { rb_raise(eX509RevokedError, "%s", ossl_error()); } @@ -221,6 +245,7 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext) GetX509Revoked(self, revp); OSSL_Check_Type(ext, cX509Extension); + if(!X509_REVOKED_add_ext(revp->revoked, ossl_x509ext_get_X509_EXTENSION(ext), -1)) { rb_raise(eX509RevokedError, "%s", ossl_error()); } @@ -231,7 +256,7 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext) /* * INIT */ -void +void Init_ossl_x509revoked(VALUE module) { eX509RevokedError = rb_define_class_under(module, "RevokedError", rb_eStandardError); diff --git a/ossl_x509store.c b/ossl_x509store.c index ddd2c52..e6ac2e3 100644 --- a/ossl_x509store.c +++ b/ossl_x509store.c @@ -20,8 +20,6 @@ if (!storep->store) rb_raise(eX509StoreError, "not initialized!");\ } -#define DefX509StoreConst(x) rb_define_const(cX509Store, #x, INT2FIX(X509_V_ERR_##x)) - /* * Classes */ @@ -58,10 +56,9 @@ ossl_x509store_free(ossl_x509store *storep) * Public functions */ VALUE -ossl_x509store_new2(X509_STORE_CTX *ctx) +ossl_x509store_new(X509_STORE_CTX *ctx) { ossl_x509store *storep = NULL; - X509_STORE_CTX *ctx2 = NULL; VALUE obj; MakeX509Store(obj, storep); @@ -86,6 +83,8 @@ ossl_x509store_get_X509_STORE(VALUE obj) { ossl_x509store *storep = NULL; + OSSL_Check_Type(obj, cX509Store); + GetX509Store(obj, storep); storep->protect = 1; /* we gave out internal pointer without DUP - don't free this one */ @@ -146,7 +145,8 @@ ossl_session_db_set(void *key, VALUE data) item->next = NULL; if (last) last->next = item; - else db_root = item; + else + db_root = item; rb_thread_critical = 0; return data; @@ -162,6 +162,7 @@ ossl_x509store_s_new(int argc, VALUE *argv, VALUE klass) VALUE obj; MakeX509Store(obj, storep); + rb_obj_call_init(obj, argc, argv); return obj; @@ -204,6 +205,7 @@ ossl_x509store_add_trusted(VALUE self, VALUE cert) x509 = ossl_x509_get_X509(cert); if (!X509_STORE_add_cert(storep->store->ctx, x509)) { + X509_free(x509); rb_raise(eX509StoreError, "%s", ossl_error()); } X509_free(x509); @@ -235,7 +237,7 @@ ossl_x509store_get_chain(obj) ary = rb_ary_new2(num); for(i=0; i<num; i++) { x509 = sk_X509_value(ctx.chain, i); - cert = ossl_x509_new2(x509); + cert = ossl_x509_new(x509); rb_ary_push(ary, cert); } @@ -252,9 +254,11 @@ ossl_x509store_add_crl(VALUE self, VALUE crlst) GetX509Store(self, storep); OSSL_Check_Type(crlst, cX509CRL); + crl = ossl_x509crl_get_X509_CRL(crlst); if (!X509_STORE_add_crl(storep->store->ctx, crl)) { + X509_CRL_free(crl); rb_raise(eX509StoreError, "%s", ossl_error()); } X509_CRL_free(crl); @@ -326,8 +330,8 @@ ossl_x509store_verify_cb(int ok, X509_STORE_CTX *ctx) proc = ossl_session_db_get((void *)ctx->ctx); if (!NIL_P(proc)) { - store_ctx = ossl_x509store_new2(ctx); - rb_funcall(store_ctx, rb_intern("protect"), 0, NULL); /* called default by ossl_..new2 */ + store_ctx = ossl_x509store_new(ctx); + rb_funcall(store_ctx, rb_intern("protect"), 0, NULL); /* called default by ossl_..new */ args = rb_ary_new2(3); rb_ary_store(args, 0, proc); rb_ary_store(args, 1, ok ? Qtrue : Qfalse); @@ -398,7 +402,7 @@ ossl_x509store_get_cert(VALUE self) GetX509Store(self, storep); - return ossl_x509_new2(X509_STORE_CTX_get_current_cert(storep->store)); + return ossl_x509_new(X509_STORE_CTX_get_current_cert(storep->store)); } static VALUE @@ -495,6 +499,8 @@ Init_ossl_x509store(VALUE module) rb_define_method(cX509Store, "set_default_paths", ossl_x509store_set_default_paths, 0); rb_define_method(cX509Store, "load_locations", ossl_x509store_load_locations, 1); +#define DefX509StoreConst(x) rb_define_const(cX509Store, #x, INT2FIX(X509_V_ERR_##x)) + DefX509StoreConst(UNABLE_TO_GET_ISSUER_CERT); DefX509StoreConst(UNABLE_TO_GET_CRL); DefX509StoreConst(UNABLE_TO_DECRYPT_CERT_SIGNATURE); |