diff options
-rw-r--r-- | ChangeLog | 21 | ||||
-rw-r--r-- | ToDo | 8 | ||||
-rw-r--r-- | ossl.h | 6 | ||||
-rw-r--r-- | ossl_bn.c | 89 | ||||
-rw-r--r-- | ossl_bn.h | 2 | ||||
-rw-r--r-- | ossl_cipher.c | 13 | ||||
-rw-r--r-- | ossl_config.c | 6 | ||||
-rw-r--r-- | ossl_digest.c | 13 | ||||
-rw-r--r-- | ossl_hmac.c | 13 | ||||
-rw-r--r-- | ossl_ns_spki.c | 6 | ||||
-rw-r--r-- | ossl_pkcs7.c | 28 | ||||
-rw-r--r-- | ossl_pkey.c | 3 | ||||
-rw-r--r-- | ossl_ssl.c | 4 | ||||
-rw-r--r-- | ossl_x509.c | 16 | ||||
-rw-r--r-- | ossl_x509.h | 87 | ||||
-rw-r--r-- | ossl_x509attr.c | 89 | ||||
-rw-r--r-- | ossl_x509cert.c | 372 | ||||
-rw-r--r-- | ossl_x509crl.c | 177 | ||||
-rw-r--r-- | ossl_x509ext.c | 170 | ||||
-rw-r--r-- | ossl_x509name.c | 73 | ||||
-rw-r--r-- | ossl_x509req.c | 266 | ||||
-rw-r--r-- | ossl_x509revoked.c | 149 | ||||
-rw-r--r-- | ossl_x509store.c | 10 |
23 files changed, 859 insertions, 762 deletions
@@ -3,6 +3,27 @@ ChangeLog for ### CHANGE LOG ### +Fri, 7 Jun 2002 14:06:48 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * cipher.c: Checks around GetCipher + * digest.c: Use Make_Struct instead of Wrap_Struct and OPENSSL_malloc + * hmac.c: ditto. + * bn.c: Fixed creating new classes from subclasses (WrapXXX(klass,...)) + * config.c: ditto. + * ns_spki.c: ditto. + * pkcs7.c: ditto. + * x509.h: C-level class rename: new are cX509Attr, cX509Cert, cX509Ext, cX509ExtFactory, cX509Req and Errors are renamed too. + * x509attr.c: ported to Ruby 1.8 interface and fixed new classes creation + * x509cert.c: ditto. + * x509crl.c: ditto. + * x509ext.c: ditto. + * x509name.c: ditto. + * x509req.c: ditto. + * x509revoked.c: ditto. + * x509store.c: ditto. + +Thu, 6 Jun 2002 09:42:00 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> + * pkey.c: Hopefully corrected nasty GC bug (ossl_pkey_get_EVP_PKEY) + Thu, 6 Jun 2002 02:28:25 +0200 -- Michal Rokos <m.rokos@sh.cvut.cz> * ssl.h: NEW (bits from ossl.h) * ossl.h: is now tidy @@ -3,7 +3,7 @@ TODO list for ----------------------------------------------------------------------- OpenSSL:: - * Move all Errors as child of OpenSSLError + [DONE] Move all Errors as child of OpenSSLError * Implement Ruby 1.8 style of creating instances (see StringIO) * Detailed object inspection (ie. all params for RSA) * How to support HW crypto engines? @@ -24,10 +24,10 @@ OpenSSL:: * DON'T FORGET TO ADD SUPPORT FOR BIN, AND MPI BACK! Cipher:: - * Use Factory (Cipher.new("DES_EDE3_CBC"))? + [DONE] Use Factory (Cipher.new("DES_EDE3_CBC"))? Conf:: - * Port it to new (0.9.7) interface + * Port it to new (0.9.7) interface (Already done??) Digest:: [DONE] Use Factory (Digest.new("SHA1"))? [Used exactly like this: OpenSSL::Digest::Digest.new("SHA1")] @@ -36,7 +36,6 @@ OpenSSL:: * Move it to Digest module? PKey:: - * Make it as class? * Factory? RSA#initialize -> PKey.new("RSA")? SSL:: @@ -44,3 +43,4 @@ OpenSSL:: X509:: * Rethink X509::Attribute, and X509::Extension + @@ -62,6 +62,12 @@ extern VALUE mOSSL; extern VALUE eOSSLError; /* + * GetRealClass + * +#define RCLASS_OF(obj) rb_obj_class((obj)) + */ + +/* * CheckTypes */ #define OSSL_Check_Kind(obj, klass) ossl_check_kind(obj, klass) @@ -11,11 +11,11 @@ /* modified by Michal Rokos <m.rokos@sh.cvut.cz> */ #include "ossl.h" -#define WrapBN(obj, bn) do { \ +#define WrapBN(klass, obj, bn) do { \ if (!bn) { \ rb_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ } \ - obj = Data_Wrap_Struct(cBN, 0, BN_clear_free, bn); \ + obj = Data_Wrap_Struct(klass, 0, BN_clear_free, bn); \ } while (0) #define GetBN(obj, bn) do { \ Data_Get_Struct(obj, BIGNUM, bn); \ @@ -37,7 +37,7 @@ VALUE eBNError; /* * NO Public * (MADE PRIVATE UNTIL SOMEBODY WANTS THEM) - */ + * static VALUE ossl_bn_new(BIGNUM *bn) { @@ -49,30 +49,13 @@ ossl_bn_new(BIGNUM *bn) } else { new = BN_dup(bn); } - if (!new) { OSSL_Raise(eBNError, ""); - } - WrapBN(obj, new); + } + WrapBN(cBN, obj, new); return obj; } - -/* - * NOBODY USED THIS - * -BIGNUM * -ossl_bn_get_BIGNUM(VALUE obj) -{ - BIGNUM *bn, *new; - - SafeGetBN(obj, bn); - - if (!(new = BN_dup(bn))) { - OSSL_Raise(eBNError, ""); - } - return new; -} */ /* @@ -87,7 +70,15 @@ static BN_CTX *ossl_bn_ctx; static VALUE ossl_bn_s_allocate(VALUE klass) { - return ossl_bn_new(NULL); + BIGNUM *bn; + VALUE obj; + + if (!(bn = BN_new())) { + OSSL_Raise(eBNError, ""); + } + WrapBN(klass, obj, bn); + + return obj; } static VALUE @@ -102,11 +93,10 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) { base = NUM2INT(bs); } - - if (RTEST(rb_obj_is_instance_of(str, cBN))) { + if (RTEST(rb_obj_is_kind_of(str, cBN))) { BIGNUM *other; - GetBN(str, other); + GetBN(str, other); /* Safe - we checked kind_of? above */ if (!BN_copy(bn, other)) { OSSL_Raise(eBNError, ""); } @@ -114,8 +104,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) StringValue(str); switch (base) { - /* - * MPI: + case 0: if (!BN_mpi2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { OSSL_Raise(eBNError, ""); } @@ -125,7 +114,6 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) OSSL_Raise(eBNError, ""); } break; - */ case 10: if (!BN_dec2bn(&bn, StringValuePtr(str))) { OSSL_Raise(eBNError, ""); @@ -156,10 +144,8 @@ ossl_bn_to_s(int argc, VALUE *argv, VALUE self) if (rb_scan_args(argc, argv, "01", &bs) == 1) { base = NUM2INT(bs); } - switch (base) { - /* - * MPI: { + case 0: { int len = BN_bn2mpi(bn, NULL); if (!(buf = OPENSSL_malloc(len))) { OSSL_Raise(eBNError, "Cannot allocate mem for BN"); @@ -168,6 +154,7 @@ ossl_bn_to_s(int argc, VALUE *argv, VALUE self) OPENSSL_free(buf); OSSL_Raise(eBNError, ""); } + /*buf[len - 1] = '\0';*/ } case 2: { int len = BN_num_bytes(bn); @@ -178,10 +165,9 @@ ossl_bn_to_s(int argc, VALUE *argv, VALUE self) OPENSSL_free(buf); OSSL_Raise(eBNError, ""); } - buf[len - 1] = '\0'; + /*buf[len - 1] = '\0';*/ } break; - */ case 10: if (!(buf = BN_bn2dec(bn))) { OSSL_Raise(eBNError, ""); @@ -234,7 +220,7 @@ BIGNUM_BOOL1(is_odd); BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - WrapBN(obj, result); \ + WrapBN(CLASS_OF(self), obj, result); \ \ return obj; \ } @@ -257,7 +243,7 @@ BIGNUM_1c(sqr); BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - WrapBN(obj, result); \ + WrapBN(CLASS_OF(self), obj, result); \ \ return obj; \ } @@ -281,7 +267,7 @@ BIGNUM_2(sub); BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - WrapBN(obj, result); \ + WrapBN(CLASS_OF(self), obj, result); \ \ return obj; \ } @@ -308,14 +294,13 @@ ossl_bn_div(VALUE self, VALUE other) BN_free(r1); OSSL_Raise(eBNError, ""); } - if (!BN_div(r1, r2, bn1, bn2, ossl_bn_ctx)) { BN_free(r1); BN_free(r2); OSSL_Raise(eBNError, ""); } - WrapBN(obj1, r1); - WrapBN(obj2, r2); + WrapBN(CLASS_OF(self), obj1, r1); + WrapBN(CLASS_OF(self), obj2, r2); return rb_ary_new3(2, obj1, obj2); } @@ -338,7 +323,7 @@ ossl_bn_div(VALUE self, VALUE other) BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - WrapBN(obj, result); \ + WrapBN(CLASS_OF(self), obj, result); \ \ return obj; \ } @@ -393,7 +378,7 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit) BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - WrapBN(obj, result); \ + WrapBN(CLASS_OF(self), obj, result); \ \ return obj; \ } @@ -414,7 +399,7 @@ BIGNUM_SHIFT(rshift); BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - WrapBN(obj, result); \ + WrapBN(klass, obj, result); \ \ return obj; \ } @@ -437,7 +422,7 @@ BIGNUM_RAND(pseudo_rand); BN_free(result); \ OSSL_Raise(eBNError, ""); \ } \ - WrapBN(obj, result); \ + WrapBN(klass, obj, result); \ \ return obj; \ } @@ -463,7 +448,6 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) SafeGetBN(vadd, add); SafeGetBN(vrem, rem); } - if (!(result = BN_new())) { OSSL_Raise(eBNError, ""); } @@ -471,7 +455,7 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) BN_free(result); OSSL_Raise(eBNError, ""); } - WrapBN(obj, result); + WrapBN(klass, obj, result); return obj; } @@ -492,11 +476,17 @@ BIGNUM_NUM(num_bits); static VALUE ossl_bn_dup(VALUE self) { - BIGNUM *bn; - + BIGNUM *bn, *new; + VALUE obj; + GetBN(self, bn); - return ossl_bn_new(bn); + if (!(new = BN_dup(bn))) { + OSSL_Raise(eBNError, ""); + } + WrapBN(CLASS_OF(self), obj, new); + + return obj; } static VALUE @@ -548,7 +538,6 @@ ossl_bn_is_prime(int argc, VALUE *argv, VALUE self) if (rb_scan_args(argc, argv, "01", &vchecks) == 0) { checks = NUM2INT(vchecks); } - switch (BN_is_prime(bn, checks, NULL, ossl_bn_ctx, NULL)) { case 1: return Qtrue; @@ -15,9 +15,7 @@ extern VALUE cBN; extern VALUE eBNError; /* - * Made them private until somebody wants them VALUE ossl_bn_new(BIGNUM *); -BIGNUM *ossl_bn_get_BIGNUM(VALUE); */ void Init_ossl_bn(void); diff --git a/ossl_cipher.c b/ossl_cipher.c index 44e41a7..181d657 100644 --- a/ossl_cipher.c +++ b/ossl_cipher.c @@ -11,7 +11,12 @@ #include "ossl.h" #define MakeCipher(obj, klass, ciphp) obj = Data_Make_Struct(klass, ossl_cipher, 0, ossl_cipher_free, ciphp) -#define GetCipher(obj, ciphp) Data_Get_Struct(obj, ossl_cipher, ciphp) +#define GetCipher(obj, ciphp) do { \ + Data_Get_Struct(obj, ossl_cipher, ciphp); \ + if (!ciphp || !ciphp->cipher) { \ + rb_raise(rb_eRuntimeError, "Cipher not inititalized!"); \ + } \ +} while (0) #define SafeGetCipher(obj, ciphp) do { \ OSSL_Check_Kind(obj, cCipher); \ GetCipher(obj, ciphp); \ @@ -67,12 +72,6 @@ ossl_cipher_s_allocate(VALUE klass) MakeCipher(obj, klass, ciphp); -/* - * NOT NEEDED IF STATIC - if (!(ciphp->ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)))) { - OSSL_Raise(eCipherError, ""); - } - */ ciphp->init = Qfalse; ciphp->cipher = NULL; diff --git a/ossl_config.c b/ossl_config.c index 57b0e97..da9910d 100644 --- a/ossl_config.c +++ b/ossl_config.c @@ -10,11 +10,11 @@ */ #include "ossl.h" -#define WrapConfig(obj, conf) do { \ +#define WrapConfig(klass, obj, conf) do { \ if (!conf) { \ rb_raise(rb_eRuntimeError, "Config wasn't intitialized!"); \ } \ - obj = Data_Wrap_Struct(cConfig, 0, CONF_free, conf); \ + obj = Data_Wrap_Struct(klass, 0, CONF_free, conf); \ } while (0) #define GetConfig(obj, conf) do { \ Data_Get_Struct(obj, LHASH, conf); \ @@ -55,7 +55,7 @@ ossl_config_s_load(int argc, VALUE *argv, VALUE klass) err_line, StringValuePtr(path)); } } - WrapConfig(obj, conf); + WrapConfig(klass, obj, conf); return obj; } diff --git a/ossl_digest.c b/ossl_digest.c index f90e589..1003a0a 100644 --- a/ossl_digest.c +++ b/ossl_digest.c @@ -10,12 +10,8 @@ */ #include "ossl.h" -#define WrapDigest(klass, obj, ctx) do { \ - if (!ctx) { \ - rb_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, CRYPTO_free, ctx); \ -} while (0) +#define MakeDigest(klass, obj, ctx) \ + obj = Data_Make_Struct(klass, EVP_MD_CTX, 0, CRYPTO_free, ctx) #define GetDigest(obj, ctx) do { \ Data_Get_Struct(obj, EVP_MD_CTX, ctx); \ if (!ctx) { \ @@ -56,10 +52,7 @@ ossl_digest_s_allocate(VALUE klass) EVP_MD_CTX *ctx; VALUE obj; - if (!(ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)))) { - OSSL_Raise(eDigestError, "Cannot allocate memory for a digest's CTX"); - } - WrapDigest(klass, obj, ctx); + MakeDigest(klass, obj, ctx); return obj; } diff --git a/ossl_hmac.c b/ossl_hmac.c index a96aafa..d65a1ec 100644 --- a/ossl_hmac.c +++ b/ossl_hmac.c @@ -12,12 +12,8 @@ #include "ossl.h" -#define WrapHMAC(obj, ctx) do { \ - if (!ctx) { \ - rb_raise(rb_eRuntimeError, "HMAC wasn't initialized"); \ - } \ - obj = Data_Wrap_Struct(cHMAC, 0, CRYPTO_free, ctx); \ -} while (0) +#define MakeHMAC(obj, ctx) \ + obj = Data_Make_Struct(cHMAC, HMAC_CTX, 0, CRYPTO_free, ctx) #define GetHMAC(obj, ctx) do { \ Data_Get_Struct(obj, HMAC_CTX, ctx); \ if (!ctx) { \ @@ -44,10 +40,7 @@ ossl_hmac_s_allocate(VALUE klass) HMAC_CTX *ctx; VALUE obj; - if (!(ctx = OPENSSL_malloc(sizeof(HMAC_CTX)))) { - OSSL_Raise(eHMACError, ""); - } - WrapHMAC(obj, ctx); + MakeHMAC(obj, ctx); return obj; } diff --git a/ossl_ns_spki.c b/ossl_ns_spki.c index 4702988..406dc14 100644 --- a/ossl_ns_spki.c +++ b/ossl_ns_spki.c @@ -10,11 +10,11 @@ */ #include "ossl.h" -#define WrapSPKI(obj, spki) do { \ +#define WrapSPKI(klass, obj, spki) do { \ if (!spki) { \ rb_raise(rb_eRuntimeError, "SPKI wasn't initialized!"); \ } \ - obj = Data_Wrap_Struct(cSPKI, 0, NETSCAPE_SPKI_free, spki); \ + obj = Data_Wrap_Struct(klass, 0, NETSCAPE_SPKI_free, spki); \ } while (0) #define GetSPKI(obj, spki) do { \ Data_Get_Struct(obj, NETSCAPE_SPKI, spki); \ @@ -47,7 +47,7 @@ ossl_spki_s_allocate(VALUE klass) OSSL_Raise(eSPKIError, ""); } - WrapSPKI(obj, spki); + WrapSPKI(klass, obj, spki); return obj; } diff --git a/ossl_pkcs7.c b/ossl_pkcs7.c index edcd97a..c35466b 100644 --- a/ossl_pkcs7.c +++ b/ossl_pkcs7.c @@ -10,11 +10,11 @@ */ #include "ossl.h" -#define WrapPKCS7(obj, pkcs7) do { \ +#define WrapPKCS7(klass, obj, pkcs7) do { \ if (!pkcs7) { \ rb_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \ } \ - obj = Data_Wrap_Struct(cPKCS7, 0, PKCS7_free, pkcs7); \ + obj = Data_Wrap_Struct(klass, 0, PKCS7_free, pkcs7); \ } while (0) #define GetPKCS7(obj, pkcs7) do { \ Data_Get_Struct(obj, PKCS7, pkcs7); \ @@ -23,11 +23,11 @@ } \ } while (0) -#define WrapPKCS7si(obj, p7si) do { \ +#define WrapPKCS7si(klass, obj, p7si) do { \ if (!p7si) { \ rb_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \ } \ - obj = Data_Wrap_Struct(cPKCS7SignerInfo, 0, PKCS7_SIGNER_INFO_free, p7si); \ + obj = Data_Wrap_Struct(klass, 0, PKCS7_SIGNER_INFO_free, p7si); \ } while (0) #define GetPKCS7si(obj, p7si) do { \ Data_Get_Struct(obj, PKCS7_SIGNER_INFO, p7si); \ @@ -77,7 +77,7 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si) if (!new) { OSSL_Raise(ePKCS7Error, ""); } - WrapPKCS7si(obj, new); + WrapPKCS7si(cPKCS7SignerInfo, obj, new); return obj; } @@ -109,7 +109,7 @@ static VALUE ossl_pkcs7_s_sign(VALUE klass, VALUE key, VALUE cert, VALUE data) VALUE obj; OSSL_Check_Type(key, cPKey); - OSSL_Check_Type(cert, X509Certificate); + OSSL_Check_Type(cert, X509Cert); StringValue(data); if (rb_funcall(key, id_private_q, 0, NULL) != Qtrue) { @@ -133,7 +133,7 @@ static VALUE ossl_pkcs7_s_sign(VALUE klass, VALUE key, VALUE cert, VALUE data) X509_free(x509); BIO_free(bio); - WrapPKCS7(obj, pkcs7); + WrapPKCS7(cPKC7, obj, pkcs7); return obj; } @@ -148,7 +148,7 @@ ossl_pkcs7_s_allocate(VALUE klass) if (!(pkcs7 = PKCS7_new())) { OSSL_Raise(ePKCS7Error, ""); } - WrapPKCS7(obj, pkcs7); + WrapPKCS7(klass, obj, pkcs7); return obj; } @@ -440,7 +440,7 @@ ossl_pkcs7_data_decode(VALUE self, VALUE key, VALUE cert) rb_raise(ePKCS7Error, "Wrong content type - PKCS7 is not ENVELOPED"); } OSSL_Check_Type(key, cPKey); - OSSL_Check_Type(cert, cX509Certificate); + OSSL_Check_Type(cert, cX509Cert); if (rb_funcall(key, id_private_q, 0, NULL) != Qtrue) { rb_raise(ePKCS7Error, "private key needed!"); @@ -494,9 +494,13 @@ ossl_pkcs7_to_pem(VALUE self) static VALUE ossl_pkcs7si_s_allocate(VALUE klass) { + PKCS7_SIGNER_INFO *p7si; VALUE obj; - - obj = ossl_pkcs7si_new(NULL); + + if (!(p7si = PKCS7_SIGNER_INFO_new())) { + OSSL_Raise(ePKCS7Error, ""); + } + WrapPKCS7si(klass, obj, p7si); return obj; } @@ -512,7 +516,7 @@ ossl_pkcs7si_initialize(VALUE self, VALUE cert, VALUE key, VALUE digest) GetPKCS7si(self, p7si); OSSL_Check_Type(key, cPKey); - OSSL_Check_Type(cert, cX509Certificate); + OSSL_Check_Type(cert, cX509Cert); md = ossl_digest_get_EVP_MD(digest); if (rb_funcall(key, id_private_q, 0, NULL) != Qtrue) { diff --git a/ossl_pkey.c b/ossl_pkey.c index 7d38293..212d74f 100644 --- a/ossl_pkey.c +++ b/ossl_pkey.c @@ -83,6 +83,7 @@ ossl_pkey_get_EVP_PKEY(VALUE obj) obj = ossl_pkey_new(pkey); GetPKey(obj, pkey); + DATA_PTR(obj) = NULL; /* Don't let GC to discard pkey! */ return pkey; } @@ -109,8 +110,6 @@ ossl_pkey_initialize(VALUE self) { if (rb_obj_is_instance_of(self, cPKey)) { rb_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class."); - } else { - rb_warn("PKey#initialize called! Something sucks here..."); } return self; } @@ -294,7 +294,7 @@ ssl_initialize(int argc, VALUE *argv, VALUE self) if (!NIL_P(cert)){ if(TYPE(cert) == T_STRING) ssl_set_cert_file2(self, cert); else{ - OSSL_Check_Type(cert, cX509Certificate); + OSSL_Check_Type(cert, cX509Cert); ssl_set_cert2(self, cert); } } @@ -573,7 +573,7 @@ ssl_get_state(VALUE self) static VALUE ssl_set_cert2(VALUE self, VALUE v) { - if(!NIL_P(v)) OSSL_Check_Type(v, cX509Certificate); + if(!NIL_P(v)) OSSL_Check_Type(v, cX509Cert); ssl_set_cert(self, v); ssl_set_cert_file(self, Qnil); return v; diff --git a/ossl_x509.c b/ossl_x509.c index 63a121c..415008b 100644 --- a/ossl_x509.c +++ b/ossl_x509.c @@ -17,13 +17,13 @@ Init_ossl_x509() { mX509 = rb_define_module_under(mOSSL, "X509"); - Init_ossl_x509attr(mX509); - Init_ossl_x509cert(mX509); - Init_ossl_x509crl(mX509); - Init_ossl_x509ext(mX509); - Init_ossl_x509name(mX509); - Init_ossl_x509req(mX509); - Init_ossl_x509revoked(mX509); - Init_ossl_x509store(mX509); + Init_ossl_x509attr(); + Init_ossl_x509cert(); + Init_ossl_x509crl(); + Init_ossl_x509ext(); + Init_ossl_x509name(); + Init_ossl_x509req(); + Init_ossl_x509revoked(); + Init_ossl_x509store(); } diff --git a/ossl_x509.h b/ossl_x509.h index 6f6f272..e23e3ee 100644 --- a/ossl_x509.h +++ b/ossl_x509.h @@ -11,82 +11,93 @@ #if !defined(_OSSL_X509_H_) #define _OSSL_X509_H_ +/* + * X509 main module + */ extern VALUE mX509; -extern VALUE cX509Certificate; -extern VALUE eX509CertificateError; -extern VALUE cX509Attribute; -extern VALUE eX509AttributeError; -extern VALUE cX509CRL; -extern VALUE eX509CRLError; -extern VALUE cX509Extension; -extern VALUE cX509ExtensionFactory; -extern VALUE eX509ExtensionError; -extern VALUE cX509Name; -extern VALUE eX509NameError; -extern VALUE cX509Request; -extern VALUE eX509RequestError; -extern VALUE cX509Revoked; -extern VALUE eX509RevokedError; -extern VALUE cX509Store; -extern VALUE eX509StoreError; void Init_ossl_x509(void); /* - * X509 + * X509Attr + */ +extern VALUE cX509Attr; +extern VALUE eX509AttrError; + +VALUE ossl_x509attr_new(X509_ATTRIBUTE *); +X509_ATTRIBUTE *ossl_x509attr_get_X509_ATTRIBUTE(VALUE); +void Init_ossl_x509attr(void); + +/* + * X509Cert */ +extern VALUE cX509Cert; +extern VALUE eX509CertError; + VALUE ossl_x509_new(X509 *); VALUE ossl_x509_new_from_file(VALUE); X509 *ossl_x509_get_X509(VALUE); -void Init_ossl_x509cert(VALUE); +void Init_ossl_x509cert(void); /* * X509CRL */ +extern VALUE cX509CRL; +extern VALUE eX509CRLError; + X509_CRL *ossl_x509crl_get_X509_CRL(VALUE); -void Init_ossl_x509crl(VALUE); +void Init_ossl_x509crl(void); + +/* + * X509Extension + */ +extern VALUE cX509Ext; +extern VALUE cX509ExtFactory; +extern VALUE eX509ExtError; + +VALUE ossl_x509ext_new(X509_EXTENSION *); +X509_EXTENSION *ossl_x509ext_get_X509_EXTENSION(VALUE); +void Init_ossl_x509ext(void); /* * X509Name */ +extern VALUE cX509Name; +extern VALUE eX509NameError; + VALUE ossl_x509name_new(X509_NAME *); X509_NAME *ossl_x509name_get_X509_NAME(VALUE); -void Init_ossl_x509name(VALUE); +void Init_ossl_x509name(void); /* * X509Request */ +extern VALUE cX509Req; +extern VALUE eX509ReqError; + VALUE ossl_x509req_new(X509_REQ *); X509_REQ *ossl_x509req_get_X509_REQ(VALUE); -void Init_ossl_x509req(VALUE); +void Init_ossl_x509req(void); /* * X509Revoked */ +extern VALUE cX509Rev; +extern VALUE eX509RevError; + VALUE ossl_x509revoked_new(X509_REVOKED *); X509_REVOKED *ossl_x509revoked_get_X509_REVOKED(VALUE); -void Init_ossl_x509revoked(VALUE); +void Init_ossl_x509revoked(void); /* * X509Store */ +extern VALUE cX509Store; +extern VALUE eX509StoreError; + VALUE ossl_x509store_new(X509_STORE_CTX *); X509_STORE *ossl_x509store_get_X509_STORE(VALUE); -void Init_ossl_x509store(VALUE); - -/* - * X509Extension - */ -VALUE ossl_x509ext_new(X509_EXTENSION *); -X509_EXTENSION *ossl_x509ext_get_X509_EXTENSION(VALUE); -void Init_ossl_x509ext(VALUE); - -/* - * X509Attribute - */ -VALUE ossl_x509attr_new(X509_ATTRIBUTE *); -X509_ATTRIBUTE *ossl_x509attr_get_X509_ATTRIBUTE(VALUE); -void Init_ossl_x509attr(VALUE); +void Init_ossl_x509store(void); #endif /* _OSSL_X509_H_ */ diff --git a/ossl_x509attr.c b/ossl_x509attr.c index 404dd20..21278df 100644 --- a/ossl_x509attr.c +++ b/ossl_x509attr.c @@ -10,32 +10,47 @@ */ #include "ossl.h" -#define WrapX509Attr(obj, attr) obj = Data_Wrap_Struct(cX509Attribute, 0, X509_ATTRIBUTE_free, attr) -#define GetX509Attr(obj, attr) Data_Get_Struct(obj, X509_ATTRIBUTE, attr) +#define WrapX509Attr(klass, obj, attr) do { \ + if (!attr) { \ + rb_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_ATTRIBUTE_free, attr); \ +} while (0) +#define GetX509Attr(obj, attr) do { \ + Data_Get_Struct(obj, X509_ATTRIBUTE, attr); \ + if (!attr) { \ + rb_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \ + } \ +} while (0) +#define SafeGetX509Attr(obj, attr) do { \ + OSSL_Check_Kind(obj, cX509Attr); \ + GetX509Attr(obj, attr); \ +} while (0) /* * Classes */ -VALUE cX509Attribute; -VALUE eX509AttributeError; +VALUE cX509Attr; +VALUE eX509AttrError; /* * Public */ -VALUE +VALUE ossl_x509attr_new(X509_ATTRIBUTE *attr) { - X509_ATTRIBUTE *new = NULL; + X509_ATTRIBUTE *new; VALUE obj; - if (!attr) + if (!attr) { new = X509_ATTRIBUTE_new(); - else new = X509_ATTRIBUTE_dup(attr); - - if (!new) - OSSL_Raise(eX509AttributeError, ""); - - WrapX509Attr(obj, new); + } else { + new = X509_ATTRIBUTE_dup(attr); + } + if (!new) { + OSSL_Raise(eX509AttrError, ""); + } + WrapX509Attr(cX509Attr, obj, new); return obj; } @@ -43,16 +58,13 @@ ossl_x509attr_new(X509_ATTRIBUTE *attr) X509_ATTRIBUTE * ossl_x509attr_get_X509_ATTRIBUTE(VALUE obj) { - X509_ATTRIBUTE *attr = NULL, *new; + X509_ATTRIBUTE *attr, *new; - OSSL_Check_Type(obj, cX509Attribute); - - GetX509Attr(obj, attr); + SafeGetX509Attr(obj, attr); if (!(new = X509_ATTRIBUTE_dup(attr))) { - OSSL_Raise(eX509AttributeError, ""); - } - + OSSL_Raise(eX509AttrError, ""); + } return new; } @@ -62,31 +74,34 @@ ossl_x509attr_get_X509_ATTRIBUTE(VALUE obj) static VALUE ossl_x509attr_s_new_from_array(VALUE klass, VALUE ary) { - X509_ATTRIBUTE *attr = NULL; + X509_ATTRIBUTE *attr; int nid = NID_undef; VALUE item, obj; Check_Type(ary, T_ARRAY); if (RARRAY(ary)->len != 2) { - rb_raise(eX509AttributeError, "unsupported ary structure"); + rb_raise(eX509AttrError, "unsupported ary structure"); } /* key [0] */ item = RARRAY(ary)->ptr[0]; - item = rb_String(item); - if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) - if (!(nid = OBJ_sn2nid(RSTRING(item)->ptr))) - OSSL_Raise(eX509AttributeError, ""); - + StringValue(item); + + if (!(nid = OBJ_ln2nid(StringValuePtr(item)))) { + if (!(nid = OBJ_sn2nid(StringValuePtr(item)))) { + OSSL_Raise(eX509AttrError, ""); + } + } + /* data [1] */ item = RARRAY(ary)->ptr[1]; - item = rb_String(item); - - if (!(attr = X509_ATTRIBUTE_create(nid, MBSTRING_ASC, RSTRING(item)->ptr))) - OSSL_Raise(eX509AttributeError, ""); + StringValuePtr(item); - WrapX509Attr(obj, attr); + if (!(attr = X509_ATTRIBUTE_create(nid, MBSTRING_ASC, StringValuePtr(item)))) { + OSSL_Raise(eX509AttrError, ""); + } + WrapX509Attr(klass, obj, attr); return obj; } @@ -133,15 +148,15 @@ ossl_x509attr_to_a(VALUE self) * X509_ATTRIBUTE init */ void -Init_ossl_x509attr(VALUE module) +Init_ossl_x509attr() { - eX509AttributeError = rb_define_class_under(module, "AttributeError", eOSSLError); + eX509AttrError = rb_define_class_under(mX509, "AttributeError", eOSSLError); - cX509Attribute = rb_define_class_under(module, "Attribute", rb_cObject); - rb_define_singleton_method(cX509Attribute, "new_from_array", ossl_x509attr_s_new_from_array, 1); + cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject); + rb_define_singleton_method(cX509Attr, "new_from_array", ossl_x509attr_s_new_from_array, 1); /* * TODO: - rb_define_method(cX509Attribute, "to_a", ossl_x509attr_to_a, 0); + rb_define_method(cX509Attr, "to_a", ossl_x509attr_to_a, 0); */ } diff --git a/ossl_x509cert.c b/ossl_x509cert.c index 378217e..a18f12b 100644 --- a/ossl_x509cert.c +++ b/ossl_x509cert.c @@ -10,14 +10,28 @@ */ #include "ossl.h" -#define WrapX509(obj, x509) obj = Data_Wrap_Struct(cX509Certificate, 0, X509_free, x509) -#define GetX509(obj, x509) Data_Get_Struct(obj, X509, x509) +#define WrapX509(klass, obj, x509) do { \ + if (!x509) { \ + rb_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_free, x509); \ +} while (0) +#define GetX509(obj, x509) do { \ + Data_Get_Struct(obj, X509, x509); \ + if (!x509) { \ + rb_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \ + } \ +} while (0) +#define SafeGetX509(obj, x509) do { \ + OSSL_Check_Kind(obj, cX509Cert); \ + GetX509(obj, x509); \ +} while (0) /* * Classes */ -VALUE cX509Certificate; -VALUE eX509CertificateError; +VALUE cX509Cert; +VALUE eX509CertError; /* * Public @@ -25,17 +39,18 @@ VALUE eX509CertificateError; VALUE ossl_x509_new(X509 *x509) { - X509 *new = NULL; + X509 *new; VALUE obj; - if (!x509) + if (!x509) { new = X509_new(); - else new = X509_dup(x509); - - if (!new) - OSSL_Raise(eX509CertificateError, ""); - - WrapX509(obj, new); + } else { + new = X509_dup(x509); + } + if (!new) { + OSSL_Raise(eX509CertError, ""); + } + WrapX509(cX509Cert, obj, new); return obj; } @@ -43,26 +58,22 @@ ossl_x509_new(X509 *x509) VALUE ossl_x509_new_from_file(VALUE filename) { - X509 *x509 = NULL; - char *path; + X509 *x509; FILE *fp; VALUE obj; - filename = rb_str_to_str(filename); - Check_SafeStr(filename); - - path = RSTRING(filename)->ptr; + SafeStringValue(filename); - if (!(fp = fopen(path, "r"))) - rb_raise(eX509CertificateError, "%s", strerror(errno)); + if (!(fp = fopen(StringValuePtr(filename), "r"))) + rb_raise(eX509CertError, "%s", strerror(errno)); x509 = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); - if (!x509) - OSSL_Raise(eX509CertificateError, ""); - - WrapX509(obj, x509); + if (!x509) { + OSSL_Raise(eX509CertError, ""); + } + WrapX509(cX509Cert, obj, x509); return obj; } @@ -70,14 +81,12 @@ ossl_x509_new_from_file(VALUE filename) X509 * ossl_x509_get_X509(VALUE obj) { - X509 *x509 = NULL, *new; - - OSSL_Check_Type(obj, cX509Certificate); + X509 *x509, *new; - GetX509(obj, x509); + SafeGetX509(obj, x509); if (!(new = X509_dup(x509))) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } return new; } @@ -86,34 +95,41 @@ ossl_x509_get_X509(VALUE obj) * Private */ static VALUE -ossl_x509_s_new(int argc, VALUE *argv, VALUE klass) +ossl_x509_s_allocate(VALUE klass) { + X509 *x509; VALUE obj; - - obj = ossl_x509_new(NULL); - - rb_obj_call_init(obj, argc, argv); - + + if (!(x509 = X509_new())) { + OSSL_Raise(eX509CertError, ""); + } + WrapX509(klass, obj, x509); + return obj; } static VALUE ossl_x509_initialize(int argc, VALUE *argv, VALUE self) { - BIO *in = NULL; + BIO *in; VALUE buffer; - if (argc == 0) + if (rb_scan_args(argc, argv, "01", &buffer) == 0) { return self; - - buffer = rb_String(argv[0]); + } + StringValue(buffer); if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } + /* + * TODO: + * Check if we could free old X509 + X509_free(DATA_PTR(self)); + */ if (!PEM_read_bio_X509(in, (X509 **)&DATA_PTR(self), NULL, NULL)) { BIO_free(in); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } BIO_free(in); @@ -123,19 +139,19 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509_to_der(VALUE self) { - X509 *x509 = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; + X509 *x509; + BIO *out; + BUF_MEM *buf; VALUE str; GetX509(self, x509); if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } if (!i2d_X509_bio(out, x509)) { BIO_free(out); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } BIO_get_mem_ptr(out, &buf); str = rb_str_new(buf->data, buf->length); @@ -147,19 +163,19 @@ ossl_x509_to_der(VALUE self) static VALUE ossl_x509_to_pem(VALUE self) { - X509 *x509 = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; + X509 *x509; + BIO *out; + BUF_MEM *buf; VALUE str; GetX509(self, x509); if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } if (!PEM_write_bio_X509(out, x509)) { BIO_free(out); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } BIO_get_mem_ptr(out, &buf); str = rb_str_new(buf->data, buf->length); @@ -171,19 +187,19 @@ ossl_x509_to_pem(VALUE self) static VALUE ossl_x509_to_text(VALUE self) { - X509 *x509 = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; + X509 *x509; + BIO *out; + BUF_MEM *buf; VALUE str; GetX509(self, x509); if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } if (!X509_print(out, x509)) { BIO_free(out); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } BIO_get_mem_ptr(out, &buf); str = rb_str_new(buf->data, buf->length); @@ -198,15 +214,14 @@ ossl_x509_to_text(VALUE self) static VALUE ossl_x509_to_req(VALUE self) { - X509 *x509 = NULL; - X509_REQ *req = NULL; + X509 *x509; + X509_REQ *req; GetX509(self, x509); if (!(req = X509_to_X509_REQ(x509, NULL, EVP_md5()))) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } - return ossl_x509req_new(req); } */ @@ -214,69 +229,68 @@ ossl_x509_to_req(VALUE self) static VALUE ossl_x509_get_version(VALUE self) { - X509 *x509 = NULL; - long ver = 0; + X509 *x509; + long ver; GetX509(self, x509); ver = X509_get_version(x509); - return INT2NUM(ver); + return LONG2FIX(ver); } static VALUE ossl_x509_set_version(VALUE self, VALUE version) { - X509 *x509 = NULL; - long ver = 0; + X509 *x509; + long ver; GetX509(self, x509); if ((ver = FIX2LONG(version)) < 0) { - rb_raise(eX509CertificateError, "version must be >= 0!"); + rb_raise(eX509CertError, "version must be >= 0!"); } if (!X509_set_version(x509, ver)) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } - return version; } static VALUE ossl_x509_get_serial(VALUE self) { - X509 *x509 = NULL; - ASN1_INTEGER *asn1int = NULL; - long serial = 0; + X509 *x509; + ASN1_INTEGER *asn1int; + long serial; GetX509(self, x509); if (!(asn1int = X509_get_serialNumber(x509))) { /* NO DUP - don't free */ - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } serial = ASN1_INTEGER_get(asn1int); - return INT2NUM(serial); + return LONG2FIX(serial); } static VALUE ossl_x509_set_serial(VALUE self, VALUE serial) { - X509 *x509 = NULL; - ASN1_INTEGER *asn1int = NULL; + X509 *x509; + ASN1_INTEGER *asn1int; GetX509(self, x509); if (!(asn1int = ASN1_INTEGER_new())) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } if (!ASN1_INTEGER_set(asn1int, FIX2LONG(serial))) { ASN1_INTEGER_free(asn1int); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } if (!X509_set_serialNumber(x509, asn1int)) { /* DUPs asn1int - FREE it */ ASN1_INTEGER_free(asn1int); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } ASN1_INTEGER_free(asn1int); @@ -286,23 +300,22 @@ ossl_x509_set_serial(VALUE self, VALUE serial) static VALUE ossl_x509_get_subject(VALUE self) { - X509 *x509 = NULL; - X509_NAME *name = NULL; + X509 *x509; + X509_NAME *name; GetX509(self, x509); if (!(name = X509_get_subject_name(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } - return ossl_x509name_new(name); } static VALUE ossl_x509_set_subject(VALUE self, VALUE subject) { - X509 *x509 = NULL; - X509_NAME *name = NULL; + X509 *x509; + X509_NAME *name; GetX509(self, x509); @@ -310,7 +323,7 @@ ossl_x509_set_subject(VALUE self, VALUE subject) if (!X509_set_subject_name(x509, name)) { /* DUPs name - FREE it */ X509_NAME_free(name); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } X509_NAME_free(name); @@ -320,23 +333,22 @@ ossl_x509_set_subject(VALUE self, VALUE subject) static VALUE ossl_x509_get_issuer(VALUE self) { - X509 *x509 = NULL; - X509_NAME *name = NULL; + X509 *x509; + X509_NAME *name; GetX509(self, x509); if(!(name = X509_get_issuer_name(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } - return ossl_x509name_new(name); } static VALUE ossl_x509_set_issuer(VALUE self, VALUE issuer) { - X509 *x509 = NULL; - X509_NAME *name = NULL; + X509 *x509; + X509_NAME *name; GetX509(self, x509); @@ -344,7 +356,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer) if (!X509_set_issuer_name(x509, name)) { /* DUPs name - FREE it */ X509_NAME_free(name); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } X509_NAME_free(name); @@ -354,22 +366,21 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer) static VALUE ossl_x509_get_not_before(VALUE self) { - X509 *x509 = NULL; - ASN1_UTCTIME *asn1time = NULL; + X509 *x509; + ASN1_UTCTIME *asn1time; GetX509(self, x509); if (!(asn1time = X509_get_notBefore(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } - return asn1time_to_time(asn1time); } static VALUE ossl_x509_set_not_before(VALUE self, VALUE time) { - X509 *x509 = NULL; + X509 *x509; time_t sec; GetX509(self, x509); @@ -377,7 +388,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time) sec = time_to_time_t(time); if (!ASN1_UTCTIME_set(X509_get_notBefore(x509), sec)) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } return time; } @@ -385,22 +396,21 @@ ossl_x509_set_not_before(VALUE self, VALUE time) static VALUE ossl_x509_get_not_after(VALUE self) { - X509 *x509 = NULL; - ASN1_UTCTIME *asn1time = NULL; + X509 *x509; + ASN1_UTCTIME *asn1time; GetX509(self, x509); if (!(asn1time = X509_get_notAfter(x509))) { /* NO DUP - don't free! */ - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } - return asn1time_to_time(asn1time); } static VALUE ossl_x509_set_not_after(VALUE self, VALUE time) { - X509 *x509 = NULL; + X509 *x509; time_t sec; GetX509(self, x509); @@ -408,7 +418,7 @@ ossl_x509_set_not_after(VALUE self, VALUE time) sec = time_to_time_t(time); if (!ASN1_UTCTIME_set(X509_get_notAfter(x509), sec)) { - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } return time; } @@ -416,62 +426,61 @@ ossl_x509_set_not_after(VALUE self, VALUE time) static VALUE ossl_x509_get_public_key(VALUE self) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - VALUE pub_key; + X509 *x509; + EVP_PKEY *pkey; + VALUE key; GetX509(self, x509); if (!(pkey = X509_get_pubkey(x509))) { /* adds an reference - safe to FREE */ - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } - pub_key = ossl_pkey_new(pkey); + key = ossl_pkey_new(pkey); EVP_PKEY_free(pkey); - return pub_key; + return key; } static VALUE -ossl_x509_set_public_key(VALUE self, VALUE pubk) +ossl_x509_set_public_key(VALUE self, VALUE key) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; + X509 *x509; + EVP_PKEY *pkey; GetX509(self, x509); - pkey = ossl_pkey_get_EVP_PKEY(pubk); + pkey = ossl_pkey_get_EVP_PKEY(key); if (!X509_set_pubkey(x509, pkey)) { /* DUPs pkey - FREE it */ EVP_PKEY_free(pkey); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } EVP_PKEY_free(pkey); - return self; + return key; } static VALUE ossl_x509_sign(VALUE self, VALUE key, VALUE digest) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - const EVP_MD *md = NULL; + X509 *x509; + EVP_PKEY *pkey; + const EVP_MD *md; GetX509(self, x509); - OSSL_Check_Type(key, cPKey); - OSSL_Check_Type(digest, cDigest); + md = ossl_digest_get_EVP_MD(digest); + + OSSL_Check_Kind(key, cPKey); if (rb_funcall(key, rb_intern("private?"), 0, NULL) == Qfalse) { - rb_raise(eX509CertificateError, "PRIVATE key needed to sign X509 Certificate!"); + rb_raise(eX509CertError, "PRIVATE key needed to sign X509 Cert!"); } - pkey = ossl_pkey_get_EVP_PKEY(key); - md = ossl_digest_get_EVP_MD(digest); if (!X509_sign(x509, pkey, md)) { EVP_PKEY_free(pkey); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } EVP_PKEY_free(pkey); @@ -484,9 +493,9 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest) static VALUE ossl_x509_verify(VALUE self, VALUE key) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; - int i = 0; + X509 *x509; + EVP_PKEY *pkey; + int i; GetX509(self, x509); @@ -496,10 +505,10 @@ ossl_x509_verify(VALUE self, VALUE key) EVP_PKEY_free(pkey); if (i < 0) { - OSSL_Raise(eX509CertificateError, ""); - } else if (i > 0) + OSSL_Raise(eX509CertError, ""); + } else if (i > 0) { return Qtrue; - + } return Qfalse; } @@ -509,8 +518,8 @@ ossl_x509_verify(VALUE self, VALUE key) static VALUE ossl_x509_check_private_key(VALUE self, VALUE key) { - X509 *x509 = NULL; - EVP_PKEY *pkey = NULL; + X509 *x509; + EVP_PKEY *pkey; VALUE result; GetX509(self, x509); @@ -520,9 +529,9 @@ ossl_x509_check_private_key(VALUE self, VALUE key) if (!X509_check_private_key(x509, pkey)) { OSSL_Warning("Check private key:"); result = Qfalse; - } else + } else { result = Qtrue; - + } EVP_PKEY_free(pkey); return result; @@ -534,25 +543,24 @@ ossl_x509_check_private_key(VALUE self, VALUE key) static VALUE ossl_x509_get_extensions(VALUE self) { - X509 *x509 = NULL; - int count = 0, i; - X509_EXTENSION *ext = NULL; + X509 *x509; + int count, i; + X509_EXTENSION *ext; VALUE ary; GetX509(self, x509); count = X509_get_ext_count(x509); - if (count > 0) + if (count > 0) { ary = rb_ary_new2(count); - else + } else { return rb_ary_new(); - + } for (i=0; i<count; i++) { ext = X509_get_ext(x509, i); /* NO DUP - don't free! */ rb_ary_push(ary, ossl_x509ext_new(ext)); } - return ary; } @@ -562,15 +570,16 @@ ossl_x509_get_extensions(VALUE self) static VALUE ossl_x509_set_extensions(VALUE self, VALUE ary) { - X509 *x509 = NULL; - X509_EXTENSION *ext = NULL; - int i = 0; + X509 *x509; + X509_EXTENSION *ext; + int i; GetX509(self, x509); Check_Type(ary, T_ARRAY); + for (i=0; i<RARRAY(ary)->len; i++) { /* All ary's members should be X509Extension */ - OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Extension); + OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Ext); } sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); @@ -581,19 +590,18 @@ ossl_x509_set_extensions(VALUE self, VALUE ary) if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ X509_EXTENSION_free(ext); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } X509_EXTENSION_free(ext); } - return ary; } static VALUE ossl_x509_add_extension(VALUE self, VALUE extension) { - X509 *x509 = NULL; - X509_EXTENSION *ext = NULL; + X509 *x509; + X509_EXTENSION *ext; GetX509(self, x509); @@ -601,7 +609,7 @@ ossl_x509_add_extension(VALUE self, VALUE extension) if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ X509_EXTENSION_free(ext); - OSSL_Raise(eX509CertificateError, ""); + OSSL_Raise(eX509CertError, ""); } X509_EXTENSION_free(ext); @@ -612,36 +620,38 @@ ossl_x509_add_extension(VALUE self, VALUE extension) * INIT */ void -Init_ossl_x509cert(VALUE module) +Init_ossl_x509cert() { - eX509CertificateError = rb_define_class_under(module, "CertificateError", eOSSLError); - - cX509Certificate = rb_define_class_under(module, "Certificate", rb_cObject); - rb_define_singleton_method(cX509Certificate, "new", ossl_x509_s_new, -1); - rb_define_method(cX509Certificate, "initialize", ossl_x509_initialize, -1); - rb_define_method(cX509Certificate, "to_der", ossl_x509_to_der, 0); - rb_define_method(cX509Certificate, "to_pem", ossl_x509_to_pem, 0); - rb_define_alias(cX509Certificate, "to_s", "to_pem"); - rb_define_method(cX509Certificate, "to_text", ossl_x509_to_text, 0); - rb_define_method(cX509Certificate, "version", ossl_x509_get_version, 0); - rb_define_method(cX509Certificate, "version=", ossl_x509_set_version, 1); - rb_define_method(cX509Certificate, "serial", ossl_x509_get_serial, 0); - rb_define_method(cX509Certificate, "serial=", ossl_x509_set_serial, 1); - rb_define_method(cX509Certificate, "subject", ossl_x509_get_subject, 0); - rb_define_method(cX509Certificate, "subject=", ossl_x509_set_subject, 1); - rb_define_method(cX509Certificate, "issuer", ossl_x509_get_issuer, 0); - rb_define_method(cX509Certificate, "issuer=", ossl_x509_set_issuer, 1); - rb_define_method(cX509Certificate, "not_before", ossl_x509_get_not_before, 0); - rb_define_method(cX509Certificate, "not_before=", ossl_x509_set_not_before, 1); - rb_define_method(cX509Certificate, "not_after", ossl_x509_get_not_after, 0); - rb_define_method(cX509Certificate, "not_after=", ossl_x509_set_not_after, 1); - rb_define_method(cX509Certificate, "public_key", ossl_x509_get_public_key, 0); - rb_define_method(cX509Certificate, "public_key=", ossl_x509_set_public_key, 1); - rb_define_method(cX509Certificate, "sign", ossl_x509_sign, 2); - rb_define_method(cX509Certificate, "verify", ossl_x509_verify, 1); - rb_define_method(cX509Certificate, "check_private_key", ossl_x509_check_private_key, 1); - rb_define_method(cX509Certificate, "extensions", ossl_x509_get_extensions, 0); - rb_define_method(cX509Certificate, "extensions=", ossl_x509_set_extensions, 1); - rb_define_method(cX509Certificate, "add_extension", ossl_x509_add_extension, 1); + eX509CertError = rb_define_class_under(mX509, "CertificateError", eOSSLError); + + cX509Cert = rb_define_class_under(mX509, "Certificate", rb_cObject); + + rb_define_singleton_method(cX509Cert, "allocate", ossl_x509_s_allocate, 0); + rb_define_method(cX509Cert, "initialize", ossl_x509_initialize, -1); + + rb_define_method(cX509Cert, "to_der", ossl_x509_to_der, 0); + rb_define_method(cX509Cert, "to_pem", ossl_x509_to_pem, 0); + rb_define_alias(cX509Cert, "to_s", "to_pem"); + rb_define_method(cX509Cert, "to_text", ossl_x509_to_text, 0); + rb_define_method(cX509Cert, "version", ossl_x509_get_version, 0); + rb_define_method(cX509Cert, "version=", ossl_x509_set_version, 1); + rb_define_method(cX509Cert, "serial", ossl_x509_get_serial, 0); + rb_define_method(cX509Cert, "serial=", ossl_x509_set_serial, 1); + rb_define_method(cX509Cert, "subject", ossl_x509_get_subject, 0); + rb_define_method(cX509Cert, "subject=", ossl_x509_set_subject, 1); + rb_define_method(cX509Cert, "issuer", ossl_x509_get_issuer, 0); + rb_define_method(cX509Cert, "issuer=", ossl_x509_set_issuer, 1); + rb_define_method(cX509Cert, "not_before", ossl_x509_get_not_before, 0); + rb_define_method(cX509Cert, "not_before=", ossl_x509_set_not_before, 1); + rb_define_method(cX509Cert, "not_after", ossl_x509_get_not_after, 0); + rb_define_method(cX509Cert, "not_after=", ossl_x509_set_not_after, 1); + rb_define_method(cX509Cert, "public_key", ossl_x509_get_public_key, 0); + rb_define_method(cX509Cert, "public_key=", ossl_x509_set_public_key, 1); + rb_define_method(cX509Cert, "sign", ossl_x509_sign, 2); + rb_define_method(cX509Cert, "verify", ossl_x509_verify, 1); + rb_define_method(cX509Cert, "check_private_key", ossl_x509_check_private_key, 1); + rb_define_method(cX509Cert, "extensions", ossl_x509_get_extensions, 0); + rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1); + rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1); } diff --git a/ossl_x509crl.c b/ossl_x509crl.c index accf598..cd8db21 100644 --- a/ossl_x509crl.c +++ b/ossl_x509crl.c @@ -10,8 +10,22 @@ */ #include "ossl.h" -#define WrapX509CRL(obj, crl) obj = Data_Wrap_Struct(cX509CRL, 0, X509_CRL_free, crl) -#define GetX509CRL(obj, crl) Data_Get_Struct(obj, X509_CRL, crl) +#define WrapX509CRL(klass, obj, crl) do { \ + if (!crl) { \ + rb_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_CRL_free, crl); \ +} while (0) +#define GetX509CRL(obj, crl) do { \ + Data_Get_Struct(obj, X509_CRL, crl); \ + if (!crl) { \ + rb_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \ + } \ +} while (0) +#define SafeGetX509CRL(obj, crl) do { \ + OSSL_Check_Kind(obj, cX509CRL); \ + GetX509CRL(obj, crl); \ +} while (0) /* * Classes @@ -25,16 +39,13 @@ VALUE eX509CRLError; X509_CRL * ossl_x509crl_get_X509_CRL(VALUE obj) { - X509_CRL *crl = NULL, *new; + X509_CRL *crl, *new; - OSSL_Check_Type(obj, cX509CRL); - - GetX509CRL(obj, crl); + SafeGetX509CRL(obj, crl); if (!(new = X509_CRL_dup(crl))) { OSSL_Raise(eX509CRLError, ""); } - return new; } @@ -42,19 +53,16 @@ ossl_x509crl_get_X509_CRL(VALUE obj) * PRIVATE */ static VALUE -ossl_x509crl_s_new(int argc, VALUE *argv, VALUE klass) +ossl_x509crl_s_allocate(VALUE klass) { - X509_CRL *crl = NULL; + X509_CRL *crl; VALUE obj; if (!(crl = X509_CRL_new())) { OSSL_Raise(eX509CRLError, ""); } + WrapX509CRL(klass, obj, crl); - WrapX509CRL(obj, crl); - - rb_obj_call_init(obj, argc, argv); - return obj; } @@ -63,15 +71,19 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) { BIO *in = NULL; VALUE buffer; - - if (argc == 0) + + if (rb_scan_args(argc, argv, "01", &buffer) == 0) { return self; + } - buffer = rb_String(argv[0]); - - if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, -1))) { + if (!(in = BIO_new_mem_buf(StringValuePtr(buffer), -1))) { OSSL_Raise(eX509CRLError, ""); } + /* + * TODO: + * Check if we should free CRL + X509_CRL_free(DATA_PTR(self)); + */ if (!PEM_read_bio_X509_CRL(in, (X509_CRL **)&DATA_PTR(self), NULL, NULL)) { BIO_free(in); OSSL_Raise(eX509CRLError, ""); @@ -84,8 +96,8 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509crl_get_version(VALUE self) { - X509_CRL *crl = NULL; - long ver = 0; + X509_CRL *crl; + long ver; GetX509CRL(self, crl); @@ -97,9 +109,9 @@ ossl_x509crl_get_version(VALUE self) static VALUE ossl_x509crl_set_version(VALUE self, VALUE version) { - X509_CRL *crl = NULL; - ASN1_INTEGER *asn1int = NULL; - long ver = 0; + X509_CRL *crl; + ASN1_INTEGER *asn1int; + long ver; GetX509CRL(self, crl); @@ -112,7 +124,6 @@ ossl_x509crl_set_version(VALUE self, VALUE version) if (!ASN1_INTEGER_set(asn1int, ver)) { OSSL_Raise(eX509CRLError, ""); } - ASN1_INTEGER_free(crl->crl->version); crl->crl->version = asn1int; @@ -122,7 +133,7 @@ ossl_x509crl_set_version(VALUE self, VALUE version) static VALUE ossl_x509crl_get_issuer(VALUE self) { - X509_CRL *crl = NULL; + X509_CRL *crl; GetX509CRL(self, crl); @@ -132,12 +143,11 @@ ossl_x509crl_get_issuer(VALUE self) static VALUE ossl_x509crl_set_issuer(VALUE self, VALUE issuer) { - X509_CRL *crl = NULL; - X509_NAME *name = NULL; + X509_CRL *crl; + X509_NAME *name; GetX509CRL(self, crl); - OSSL_Check_Type(issuer, cX509Name); name = ossl_x509name_get_X509_NAME(issuer); if (!X509_NAME_set(&(crl->crl->issuer), name)) { /* DUPs name - FREE it */ @@ -152,7 +162,7 @@ ossl_x509crl_set_issuer(VALUE self, VALUE issuer) static VALUE ossl_x509crl_get_last_update(VALUE self) { - X509_CRL *crl = NULL; + X509_CRL *crl; GetX509CRL(self, crl); @@ -162,7 +172,7 @@ ossl_x509crl_get_last_update(VALUE self) static VALUE ossl_x509crl_set_last_update(VALUE self, VALUE time) { - X509_CRL *crl = NULL; + X509_CRL *crl; time_t sec; GetX509CRL(self, crl); @@ -172,14 +182,13 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time) if (!ASN1_UTCTIME_set(crl->crl->lastUpdate, sec)) { OSSL_Raise(eX509CRLError, ""); } - return time; } static VALUE ossl_x509crl_get_next_update(VALUE self) { - X509_CRL *crl = NULL; + X509_CRL *crl; GetX509CRL(self, crl); @@ -189,7 +198,7 @@ ossl_x509crl_get_next_update(VALUE self) static VALUE ossl_x509crl_set_next_update(VALUE self, VALUE time) { - X509_CRL *crl = NULL; + X509_CRL *crl; time_t sec; GetX509CRL(self, crl); @@ -199,25 +208,25 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time) if (!ASN1_UTCTIME_set(crl->crl->nextUpdate, sec)) { OSSL_Raise(eX509CRLError, ""); } - return time; } static VALUE ossl_x509crl_get_revoked(VALUE self) { - X509_CRL *crl = NULL; - int i, num = 0; - X509_REVOKED *rev = NULL; + X509_CRL *crl; + int i, num; + X509_REVOKED *rev; VALUE ary, revoked; GetX509CRL(self, crl); num = sk_X509_CRL_num(crl->crl->revoked); - if (num < 0) + if (num < 0) { + rb_warning("num < 0???"); return rb_ary_new(); - + } ary = rb_ary_new2(num); for(i=0; i<num; i++) { @@ -225,22 +234,22 @@ ossl_x509crl_get_revoked(VALUE self) revoked = ossl_x509revoked_new(rev); rb_ary_push(ary, revoked); } - return ary; } static VALUE ossl_x509crl_set_revoked(VALUE self, VALUE ary) { - X509_CRL *crl = NULL; - X509_REVOKED *rev = NULL; + X509_CRL *crl; + X509_REVOKED *rev; int i; GetX509CRL(self, crl); Check_Type(ary, T_ARRAY); + for (i=0; i<RARRAY(ary)->len; i++) { /* All ary members should be X509 Revoked */ - OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Revoked); + OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Rev); } sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); @@ -262,12 +271,11 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) static VALUE ossl_x509crl_add_revoked(VALUE self, VALUE revoked) { - X509_CRL *crl = NULL; - X509_REVOKED *rev = NULL; + X509_CRL *crl; + X509_REVOKED *rev; GetX509CRL(self, crl); - OSSL_Check_Type(revoked, cX509Revoked); rev = ossl_x509revoked_get_X509_REVOKED(revoked); if (!sk_X509_CRL_push(crl->crl->revoked, rev)) { /* NO DUP - don't free! */ @@ -281,21 +289,20 @@ ossl_x509crl_add_revoked(VALUE self, VALUE revoked) static VALUE ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest) { - X509_CRL *crl = NULL; - EVP_PKEY *pkey = NULL; - const EVP_MD *md = NULL; + X509_CRL *crl; + EVP_PKEY *pkey; + const EVP_MD *md; GetX509CRL(self, crl); - OSSL_Check_Type(key, cPKey); - OSSL_Check_Type(digest, cDigest); + md = ossl_digest_get_EVP_MD(digest); + + OSSL_Check_Kind(key, cPKey); if (rb_funcall(key, id_private_q, 0, NULL) == Qfalse) { rb_raise(eX509CRLError, "PRIVATE key needed to sign CRL!"); } - pkey = ossl_pkey_get_EVP_PKEY(key); - md = ossl_digest_get_EVP_MD(digest); if (!X509_CRL_sign(crl, pkey, md)) { EVP_PKEY_free(pkey); @@ -309,28 +316,29 @@ ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest) static VALUE ossl_x509crl_verify(VALUE self, VALUE key) { - X509_CRL *crl = NULL; - EVP_PKEY *pkey = NULL; - int result = 0; + X509_CRL *crl; + EVP_PKEY *pkey; + int result; GetX509CRL(self, crl); - OSSL_Check_Type(key, cPKey); pkey = ossl_pkey_get_EVP_PKEY(key); result = X509_CRL_verify(crl, pkey); EVP_PKEY_free(pkey); - if (result == 1) return Qtrue; + if (result == 1) { + return Qtrue; + } return Qfalse; } static VALUE ossl_x509crl_to_pem(VALUE self) { - X509_CRL *crl = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; + X509_CRL *crl; + BIO *out; + BUF_MEM *buf; VALUE str; GetX509CRL(self, crl); @@ -352,9 +360,9 @@ ossl_x509crl_to_pem(VALUE self) static VALUE ossl_x509crl_to_text(VALUE self) { - X509_CRL *crl = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; + X509_CRL *crl; + BIO *out; + BUF_MEM *buf; VALUE str; GetX509CRL(self, crl); @@ -379,25 +387,25 @@ ossl_x509crl_to_text(VALUE self) static VALUE ossl_x509crl_get_extensions(VALUE self) { - X509_CRL *crl = NULL; - int count = 0, i; - X509_EXTENSION *ext = NULL; + X509_CRL *crl; + int count, i; + X509_EXTENSION *ext; VALUE ary; GetX509CRL(self, crl); count = X509_CRL_get_ext_count(crl); - if (count > 0) - ary = rb_ary_new2(count); - else + if (count < 0) { + rb_warning("count < 0???"); return rb_ary_new(); + } + ary = rb_ary_new2(count); for (i=0; i<count; i++) { ext = X509_CRL_get_ext(crl, i); /* NO DUP - don't free! */ rb_ary_push(ary, ossl_x509ext_new(ext)); } - return ary; } @@ -407,17 +415,18 @@ ossl_x509crl_get_extensions(VALUE self) static VALUE ossl_x509crl_set_extensions(VALUE self, VALUE ary) { - X509_CRL *crl = NULL; - X509_EXTENSION *ext = NULL; - int i = 0; + X509_CRL *crl; + X509_EXTENSION *ext; + int i; GetX509CRL(self, crl); Check_Type(ary, T_ARRAY); + for (i=0; i<RARRAY(ary)->len; i++) { /* All ary members should be X509 Extensions */ - OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Extension); + OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); } - + sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free); crl->crl->extensions = NULL; @@ -430,19 +439,17 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary) } X509_EXTENSION_free(ext); } - return ary; } static VALUE ossl_x509crl_add_extension(VALUE self, VALUE extension) { - X509_CRL *crl = NULL; - X509_EXTENSION *ext = NULL; + X509_CRL *crl; + X509_EXTENSION *ext; GetX509CRL(self, crl); - OSSL_Check_Type(extension, cX509Extension); ext = ossl_x509ext_get_X509_EXTENSION(extension); if (!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ @@ -458,13 +465,15 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension) * INIT */ void -Init_ossl_x509crl(VALUE module) +Init_ossl_x509crl() { - eX509CRLError = rb_define_class_under(module, "CRLError", eOSSLError); + eX509CRLError = rb_define_class_under(mX509, "CRLError", eOSSLError); - cX509CRL = rb_define_class_under(module, "CRL", rb_cObject); - rb_define_singleton_method(cX509CRL, "new", ossl_x509crl_s_new, -1); + cX509CRL = rb_define_class_under(mX509, "CRL", rb_cObject); + + rb_define_singleton_method(cX509CRL, "allocate", ossl_x509crl_s_allocate, 0); rb_define_method(cX509CRL, "initialize", ossl_x509crl_initialize, -1); + rb_define_method(cX509CRL, "version", ossl_x509crl_get_version, 0); rb_define_method(cX509CRL, "version=", ossl_x509crl_set_version, 1); rb_define_method(cX509CRL, "issuer", ossl_x509crl_get_issuer, 0); diff --git a/ossl_x509ext.c b/ossl_x509ext.c index 555712a..5bdccbb 100644 --- a/ossl_x509ext.c +++ b/ossl_x509ext.c @@ -10,22 +10,38 @@ */ #include "ossl.h" -#define WrapX509Ext(obj, ext) \ - obj = Data_Wrap_Struct(cX509Extension, 0, X509_EXTENSION_free, ext) -#define GetX509Ext(obj, ext) \ - Data_Get_Struct(obj, X509_EXTENSION, ext) - -#define MakeX509ExtFactory(obj, ctx) \ - obj = Data_Make_Struct(cX509ExtensionFactory, X509V3_CTX, 0, CRYPTO_free, ctx) -#define GetX509ExtFactory(obj, ctx) \ - Data_Get_Struct(obj, X509V3_CTX, ctx) +#define WrapX509Ext(klass, obj, ext) do { \ + if (!ext) { \ + rb_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_EXTENSION_free, ext); \ +} while (0) +#define GetX509Ext(obj, ext) do { \ + Data_Get_Struct(obj, X509_EXTENSION, ext); \ + if (!ext) { \ + rb_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \ + } \ +} while (0) +#define SafeGetX509Ext(obj, ext) do { \ + OSSL_Check_Kind(obj, cX509Ext); \ + GetX509Ext(obj, ext); \ +} while (0) + +#define MakeX509ExtFactory(klass, obj, ctx) \ + obj = Data_Make_Struct(klass, X509V3_CTX, 0, CRYPTO_free, ctx) +#define GetX509ExtFactory(obj, ctx) do { \ + Data_Get_Struct(obj, X509V3_CTX, ctx); \ + if (!ctx) { \ + rb_raise(rb_eRuntimeError, "CTX wasn't initialized!"); \ + } \ +} while (0) /* * Classes */ -VALUE cX509Extension; -VALUE cX509ExtensionFactory; -VALUE eX509ExtensionError; +VALUE cX509Ext; +VALUE cX509ExtFactory; +VALUE eX509ExtError; /* * Public @@ -33,17 +49,18 @@ VALUE eX509ExtensionError; VALUE ossl_x509ext_new(X509_EXTENSION *ext) { - X509_EXTENSION *new = NULL; + X509_EXTENSION *new; VALUE obj; - if (!ext) + if (!ext) { new = X509_EXTENSION_new(); - else new = X509_EXTENSION_dup(ext); - - if (!new) - OSSL_Raise(eX509ExtensionError, ""); - - WrapX509Ext(obj, new); + } else { + new = X509_EXTENSION_dup(ext); + } + if (!new) { + OSSL_Raise(eX509ExtError, ""); + } + WrapX509Ext(cX509Ext, obj, new); return obj; } @@ -51,16 +68,13 @@ ossl_x509ext_new(X509_EXTENSION *ext) X509_EXTENSION * ossl_x509ext_get_X509_EXTENSION(VALUE obj) { - X509_EXTENSION *ext = NULL, *new; + X509_EXTENSION *ext, *new; - OSSL_Check_Type(obj, cX509Extension); - - GetX509Ext(obj, ext); + SafeGetX509Ext(obj, ext); if (!(new = X509_EXTENSION_dup(ext))) { - OSSL_Raise(eX509ExtensionError, ""); + OSSL_Raise(eX509ExtError, ""); } - return new; } @@ -68,17 +82,15 @@ ossl_x509ext_get_X509_EXTENSION(VALUE obj) * Private */ /* - * Extension factory + * Ext factory */ static VALUE -ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass) +ossl_x509extfactory_s_allocate(VALUE klass) { - X509V3_CTX *ctx = NULL; + X509V3_CTX *ctx; VALUE obj; - MakeX509ExtFactory(obj, ctx); - - rb_obj_call_init(obj, argc, argv); + MakeX509ExtFactory(klass, obj, ctx); return obj; } @@ -86,7 +98,7 @@ ossl_x509extfactory_s_new(int argc, VALUE *argv, VALUE klass) static VALUE ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert) { - X509V3_CTX *ctx = NULL; + X509V3_CTX *ctx; GetX509ExtFactory(self, ctx); @@ -98,7 +110,7 @@ ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert) static VALUE ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert) { - X509V3_CTX *ctx = NULL; + X509V3_CTX *ctx; GetX509ExtFactory(self, ctx); @@ -110,7 +122,7 @@ ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert) static VALUE ossl_x509extfactory_set_subject_req(VALUE self, VALUE req) { - X509V3_CTX *ctx = NULL; + X509V3_CTX *ctx; GetX509ExtFactory(self, ctx); @@ -122,7 +134,7 @@ ossl_x509extfactory_set_subject_req(VALUE self, VALUE req) static VALUE ossl_x509extfactory_set_crl(VALUE self, VALUE crl) { - X509V3_CTX *ctx = NULL; + X509V3_CTX *ctx; GetX509ExtFactory(self, ctx); @@ -134,7 +146,7 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl) static VALUE ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) { - /*X509V3_CTX *ctx = NULL;*/ + /*X509V3_CTX *ctx;*/ VALUE issuer_cert, subject_cert, subject_req, crl; /*GetX509ExtFactory(self, ctx);*/ @@ -153,7 +165,6 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) if (!NIL_P(crl)) { ossl_x509extfactory_set_crl(self, crl); } - return self; } @@ -168,10 +179,10 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) { - X509V3_CTX *ctx = NULL; - X509_EXTENSION *ext = NULL; - int nid = NID_undef; - char *value = NULL; + X509V3_CTX *ctx; + X509_EXTENSION *ext; + int nid; + char *value; VALUE item, obj; GetX509ExtFactory(self, ctx); @@ -179,52 +190,53 @@ ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) Check_Type(ary, T_ARRAY); if ((RARRAY(ary)->len) < 2 || (RARRAY(ary)->len > 3)) { /*2 or 3 allowed*/ - rb_raise(eX509ExtensionError, "unsupported structure"); + rb_raise(eX509ExtError, "unsupported structure"); } /* key [0] */ item = RARRAY(ary)->ptr[0]; - item = rb_String(item); - if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) + StringValue(item); + if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) { if (!(nid = OBJ_sn2nid(RSTRING(item)->ptr))) { - OSSL_Raise(eX509ExtensionError, ""); + OSSL_Raise(eX509ExtError, ""); + } } /* data [1] */ item = RARRAY(ary)->ptr[1]; - item = rb_String(item); + StringValue(item); /* (optional) critical [2] */ if (RARRAY(ary)->len == 3 && RARRAY(ary)->ptr[2] == Qtrue) { - if (!(value = malloc(strlen("critical,")+(RSTRING(item)->len)+1))) { - rb_raise(eX509ExtensionError, "malloc error"); + if (!(value = OPENSSL_malloc(strlen("critical,") + (RSTRING(item)->len) + 1))) { + OSSL_Raise(eX509ExtError, "malloc error"); } strcpy(value, "critical,"); strncat(value, RSTRING(item)->ptr, RSTRING(item)->len); - } else - value = strdup(RSTRING(item)->ptr); - + } else { + value = strdup(StringValuePtr(item)); + } if (!(ext = X509V3_EXT_conf_nid(NULL, ctx, nid, value))) { - free(value); - OSSL_Raise(eX509ExtensionError, ""); + OPENSSL_free(value); + OSSL_Raise(eX509ExtError, ""); } - free(value); + OPENSSL_free(value); - WrapX509Ext(obj, ext); + WrapX509Ext(cX509Ext, obj, ext); return obj; } /* - * Extension + * Ext */ static VALUE ossl_x509ext_to_a(VALUE obj) { - X509_EXTENSION *ext = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; - int nid = NID_undef, critical; + X509_EXTENSION *ext; + BIO *out; + BUF_MEM *buf; + int nid, critical; VALUE ary, value; GetX509Ext(obj, ext); @@ -235,11 +247,11 @@ ossl_x509ext_to_a(VALUE obj) rb_ary_push(ary, rb_str_new2(OBJ_nid2sn(nid))); if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509ExtensionError, ""); + OSSL_Raise(eX509ExtError, ""); } if (!X509V3_EXT_print(out, ext, 0, 0)) { BIO_free(out); - OSSL_Raise(eX509ExtensionError, ""); + OSSL_Raise(eX509ExtError, ""); } BIO_get_mem_ptr(out, &buf); value = rb_str_new(buf->data, buf->length); @@ -258,26 +270,28 @@ ossl_x509ext_to_a(VALUE obj) * INIT */ void -Init_ossl_x509ext(VALUE module) +Init_ossl_x509ext() { - eX509ExtensionError = rb_define_class_under(module, "ExtensionError", eOSSLError); + eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError); - cX509ExtensionFactory = rb_define_class_under(module, "ExtensionFactory", rb_cObject); - rb_define_singleton_method(cX509ExtensionFactory, "new", ossl_x509extfactory_s_new, -1); - rb_define_method(cX509ExtensionFactory, "initialize", ossl_x509extfactory_initialize, -1); - rb_define_method(cX509ExtensionFactory, "issuer_certificate=", ossl_x509extfactory_set_issuer_cert, 1); - rb_define_method(cX509ExtensionFactory, "subject_certificate=", ossl_x509extfactory_set_subject_cert, 1); - rb_define_method(cX509ExtensionFactory, "subject_request=", ossl_x509extfactory_set_subject_req, 1); - rb_define_method(cX509ExtensionFactory, "crl=", ossl_x509extfactory_set_crl, 1); - rb_define_method(cX509ExtensionFactory, "create_ext_from_array", ossl_x509extfactory_create_ext_from_array, 1); + cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject); + + rb_define_singleton_method(cX509ExtFactory, "allocate", ossl_x509extfactory_s_allocate, 0); + rb_define_method(cX509ExtFactory, "initialize", ossl_x509extfactory_initialize, -1); + + rb_define_method(cX509ExtFactory, "issuer_certificate=", ossl_x509extfactory_set_issuer_cert, 1); + rb_define_method(cX509ExtFactory, "subject_certificate=", ossl_x509extfactory_set_subject_cert, 1); + rb_define_method(cX509ExtFactory, "subject_request=", ossl_x509extfactory_set_subject_req, 1); + rb_define_method(cX509ExtFactory, "crl=", ossl_x509extfactory_set_crl, 1); + rb_define_method(cX509ExtFactory, "create_ext_from_array", ossl_x509extfactory_create_ext_from_array, 1); - cX509Extension = rb_define_class_under(module, "Extension", rb_cObject); - rb_undef_method(CLASS_OF(cX509Extension), "new"); + cX509Ext = rb_define_class_under(mX509, "Extension", rb_cObject); + rb_undef_method(CLASS_OF(cX509Ext), "new"); /* - rb_define_singleton_method(cX509Extension, "new", ossl_x509ext_s_new, -1); - rb_define_method(cX509Extension, "initialize", ossl_x509ext_initialize, -1); + rb_define_singleton_method(cX509Ext, "new", ossl_x509ext_s_new, -1); + rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1); */ - rb_define_method(cX509Extension, "to_a", ossl_x509ext_to_a, 0); + rb_define_method(cX509Ext, "to_a", ossl_x509ext_to_a, 0); } diff --git a/ossl_x509name.c b/ossl_x509name.c index 89e1ae3..d26fa87 100644 --- a/ossl_x509name.c +++ b/ossl_x509name.c @@ -11,8 +11,22 @@ #include "ossl.h" #include "st.h" /* For st_foreach -- ST_CONTINUE */ -#define WrapX509Name(obj, name) obj = Data_Wrap_Struct(cX509Name, 0, X509_NAME_free, name) -#define GetX509Name(obj, name) Data_Get_Struct(obj, X509_NAME, name) +#define WrapX509Name(klass, obj, name) do { \ + if (!name) { \ + rb_raise(rb_eRuntimeError, "Name wasn't initialized."); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_NAME_free, name); \ +} while (0) +#define GetX509Name(obj, name) do { \ + Data_Get_Struct(obj, X509_NAME, name); \ + if (!name) { \ + rb_raise(rb_eRuntimeError, "Name wasn't initialized."); \ + } \ +} while (0) +#define SafeGetX509Name(obj, name) do { \ + OSSL_Check_Kind(obj, cX509Name); \ + GetX509Name(obj, name); \ +} while (0) /* * Classes @@ -26,17 +40,18 @@ VALUE eX509NameError; VALUE ossl_x509name_new(X509_NAME *name) { - X509_NAME *new = NULL; + X509_NAME *new; VALUE obj; - if (!name) + if (!name) { new = X509_NAME_new(); - else new = X509_NAME_dup(name); - - if (!new) + } else { + new = X509_NAME_dup(name); + } + if (!new) { OSSL_Raise(eX509NameError, ""); - - WrapX509Name(obj, new); + } + WrapX509Name(cX509Name, obj, new); return obj; } @@ -44,16 +59,13 @@ ossl_x509name_new(X509_NAME *name) X509_NAME * ossl_x509name_get_X509_NAME(VALUE obj) { - X509_NAME *name = NULL, *new; + X509_NAME *name, *new; - OSSL_Check_Type(obj, cX509Name); - - GetX509Name(obj, name); + SafeGetX509Name(obj, name); if (!(new = X509_NAME_dup(name))) { OSSL_Raise(eX509NameError, ""); - } - + } return new; } @@ -71,36 +83,35 @@ ossl_x509name_hash_i(VALUE key, VALUE value, X509_NAME *name) key = rb_String(key); value = rb_String(value); - if (!(id = OBJ_ln2nid(RSTRING(key)->ptr))) + if (!(id = OBJ_ln2nid(RSTRING(key)->ptr))) { if (!(id = OBJ_sn2nid(RSTRING(key)->ptr))) { X509_NAME_free(name); OSSL_Raise(eX509NameError, "OBJ_name2nid:"); } - + } type = ASN1_PRINTABLE_type(RSTRING(value)->ptr, -1); if (!X509_NAME_add_entry_by_NID(name, id, type, RSTRING(value)->ptr, RSTRING(value)->len, -1, 0)) { X509_NAME_free(name); OSSL_Raise(eX509NameError, ""); } - return ST_CONTINUE; } static VALUE ossl_x509name_s_new_from_hash(VALUE klass, VALUE hash) { - X509_NAME *name = NULL; + X509_NAME *name; VALUE obj; Check_Type(hash, T_HASH); - if (!(name = X509_NAME_new())) + if (!(name = X509_NAME_new())) { OSSL_Raise(eX509NameError, ""); - + } st_foreach(RHASH(hash)->tbl, ossl_x509name_hash_i, name); - WrapX509Name(obj, name); + WrapX509Name(klass, obj, name); return obj; } @@ -108,11 +119,11 @@ ossl_x509name_s_new_from_hash(VALUE klass, VALUE hash) static VALUE ossl_x509name_to_h(VALUE self) { - X509_NAME *name = NULL; - X509_NAME_ENTRY *entry = NULL; - int i,entries = 0; + X509_NAME *name; + X509_NAME_ENTRY *entry; + int i,entries; char long_name[512]; - const char *short_name = NULL; + const char *short_name; VALUE hash; GetX509Name(self, name); @@ -124,7 +135,7 @@ ossl_x509name_to_h(VALUE self) if (entries < 0) { rb_warning("name entries < 0!"); return hash; - } + } for (i=0; i<entries; i++) { if (!(entry = X509_NAME_get_entry(name, i))) { @@ -137,7 +148,6 @@ ossl_x509name_to_h(VALUE self) rb_hash_aset(hash, rb_str_new2(short_name), rb_str_new(entry->value->data, entry->value->length)); } - return hash; } @@ -145,11 +155,12 @@ ossl_x509name_to_h(VALUE self) * INIT */ void -Init_ossl_x509name(VALUE module) +Init_ossl_x509name() { - eX509NameError = rb_define_class_under(module, "NameError", eOSSLError); + eX509NameError = rb_define_class_under(mX509, "NameError", eOSSLError); - cX509Name = rb_define_class_under(module, "Name", rb_cObject); + cX509Name = rb_define_class_under(mX509, "Name", rb_cObject); + rb_define_singleton_method(cX509Name, "new_from_hash", ossl_x509name_s_new_from_hash, 1); rb_define_method(cX509Name, "to_h", ossl_x509name_to_h, 0); } diff --git a/ossl_x509req.c b/ossl_x509req.c index 7208cd0..ca5e16f 100644 --- a/ossl_x509req.c +++ b/ossl_x509req.c @@ -10,14 +10,28 @@ */ #include "ossl.h" -#define WrapX509Req(obj, req) obj = Data_Wrap_Struct(cX509Request, 0, X509_REQ_free, req) -#define GetX509Req(obj, req) Data_Get_Struct(obj, X509_REQ, req) +#define WrapX509Req(klass, obj, req) do { \ + if (!req) { \ + rb_raise(rb_eRuntimeError, "Req wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_REQ_free, req); \ +} while (0) +#define GetX509Req(obj, req) do { \ + Data_Get_Struct(obj, X509_REQ, req); \ + if (!req) { \ + rb_raise(rb_eRuntimeError, "Req wasn't initialized!"); \ + } \ +} while (0) +#define SafeGetX509Req(obj, req) do { \ + OSSL_Check_Kind(obj, cX509Req); \ + GetX509Req(obj, req); \ +} while (0) /* * Classes */ -VALUE cX509Request; -VALUE eX509RequestError; +VALUE cX509Req; +VALUE eX509ReqError; /* * Public functions @@ -25,34 +39,32 @@ VALUE eX509RequestError; VALUE ossl_x509req_new(X509_REQ *req) { - X509_REQ *new = NULL; - VALUE self; + X509_REQ *new; + VALUE obj; - if (!req) + if (!req) { new = X509_REQ_new(); - else new = X509_REQ_dup(req); - - if (!new) - OSSL_Raise(eX509RequestError, ""); - - WrapX509Req(self, new); + } else { + new = X509_REQ_dup(req); + } + if (!new) { + OSSL_Raise(eX509ReqError, ""); + } + WrapX509Req(cX509Req, obj, new); - return self; + return obj; } X509_REQ * ossl_x509req_get_X509_REQ(VALUE obj) { - X509_REQ *req = NULL, *new; + X509_REQ *req, *new; - OSSL_Check_Type(obj, cX509Request); - - GetX509Req(obj, req); + SafeGetX509Req(obj, req); if (!(new = X509_REQ_dup(req))) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } - return new; } @@ -60,13 +72,15 @@ ossl_x509req_get_X509_REQ(VALUE obj) * Private functions */ static VALUE -ossl_x509req_s_new(int argc, VALUE *argv, VALUE klass) +ossl_x509req_s_allocate(VALUE klass) { + X509_REQ *req; VALUE obj; - - obj = ossl_x509req_new(NULL); - - rb_obj_call_init(obj, argc, argv); + + if (!(req = X509_REQ_new())) { + OSSL_Raise(eX509ReqError, ""); + } + WrapX509Req(klass, obj, req); return obj; } @@ -74,19 +88,23 @@ ossl_x509req_s_new(int argc, VALUE *argv, VALUE klass) static VALUE ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) { - BIO *in = NULL; + BIO *in; VALUE buffer; - if (argc == 0) + if (rb_scan_args(argc, argv, "01", &buffer) == 0) { return self; - - buffer = rb_String(argv[0]); - if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, -1))) { - OSSL_Raise(eX509RequestError, ""); } + if (!(in = BIO_new_mem_buf(StringValuePtr(buffer), -1))) { + OSSL_Raise(eX509ReqError, ""); + } + /* + * TODO: + * Check if we should + X509_REQ_free(DATA_PTR(self)); + */ if (!PEM_read_bio_X509_REQ(in, (X509_REQ **)&DATA_PTR(self), NULL, NULL)) { BIO_free(in); - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } BIO_free(in); @@ -96,19 +114,19 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509req_to_pem(VALUE self) { - X509_REQ *req = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; + X509_REQ *req; + BIO *out; + BUF_MEM *buf; VALUE str; GetX509Req(self, req); if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } if (!PEM_write_bio_X509_REQ(out, req)) { BIO_free(out); - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } BIO_get_mem_ptr(out, &buf); str = rb_str_new(buf->data, buf->length); @@ -120,19 +138,19 @@ ossl_x509req_to_pem(VALUE self) static VALUE ossl_x509req_to_text(VALUE self) { - X509_REQ *req = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; + X509_REQ *req; + BIO *out; + BUF_MEM *buf; VALUE str; GetX509Req(self, req); if (!(out = BIO_new(BIO_s_mem()))) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } if (!X509_REQ_print(out, req)) { BIO_free(out); - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } BIO_get_mem_ptr(out, &buf); str = rb_str_new(buf->data, buf->length); @@ -147,15 +165,14 @@ ossl_x509req_to_text(VALUE self) static VALUE ossl_x509req_to_x509(VALUE self, VALUE days, VALUE key) { - X509_REQ *req = NULL; - X509 *x509 = NULL; + X509_REQ *req; + X509 *x509; GetX509Req(self, req); ... if (!(x509 = X509_REQ_to_X509(req, d, pkey))) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } - return ossl_x509_new(x509); } */ @@ -163,45 +180,44 @@ ossl_x509req_to_x509(VALUE self, VALUE days, VALUE key) static VALUE ossl_x509req_get_version(VALUE self) { - X509_REQ *req = NULL; - long version = 0; + X509_REQ *req; + long version; GetX509Req(self, req); version = X509_REQ_get_version(req); - return INT2NUM(version); + return LONG2FIX(version); } static VALUE ossl_x509req_set_version(VALUE self, VALUE version) { - X509_REQ *req = NULL; - long ver = 0; + X509_REQ *req; + long ver; GetX509Req(self, req); - if ((ver = NUM2INT(version)) < 0) { - rb_raise(eX509RequestError, "version must be >= 0!"); + if ((ver = FIX2LONG(version)) < 0) { + rb_raise(eX509ReqError, "version must be >= 0!"); } if (!X509_REQ_set_version(req, ver)) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } - return version; } static VALUE ossl_x509req_get_subject(VALUE self) { - X509_REQ *req = NULL; - X509_NAME *name = NULL; + X509_REQ *req; + X509_NAME *name; VALUE subject; GetX509Req(self, req); if (!(name = X509_REQ_get_subject_name(req))) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } subject = ossl_x509name_new(name); /*X509_NAME_free(name);*/ @@ -212,15 +228,15 @@ ossl_x509req_get_subject(VALUE self) static VALUE ossl_x509req_set_subject(VALUE self, VALUE subject) { - X509_REQ *req = NULL; - X509_NAME *name = NULL; + X509_REQ *req; + X509_NAME *name; GetX509Req(self, req); name = ossl_x509name_get_X509_NAME(subject); if (!X509_REQ_set_subject_name(req, name)) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } /*X509_NAME_free(name);*/ @@ -230,61 +246,61 @@ ossl_x509req_set_subject(VALUE self, VALUE subject) static VALUE ossl_x509req_get_public_key(VALUE self) { - X509_REQ *req = NULL; - EVP_PKEY *pkey = NULL; - VALUE pub_key; + X509_REQ *req; + EVP_PKEY *pkey; + VALUE key; GetX509Req(self, req); if (!(pkey = X509_REQ_get_pubkey(req))) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } - pub_key = ossl_pkey_new(pkey); + key = ossl_pkey_new(pkey); EVP_PKEY_free(pkey); - return pub_key; + return key; } static VALUE -ossl_x509req_set_public_key(VALUE self, VALUE pubk) +ossl_x509req_set_public_key(VALUE self, VALUE key) { - X509_REQ *req = NULL; - EVP_PKEY *pkey = NULL; + X509_REQ *req; + EVP_PKEY *pkey; GetX509Req(self, req); - pkey = ossl_pkey_get_EVP_PKEY(pubk); + pkey = ossl_pkey_get_EVP_PKEY(key); if (!X509_REQ_set_pubkey(req, pkey)) { EVP_PKEY_free(pkey); - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } EVP_PKEY_free(pkey); - return pubk; + return key; } static VALUE ossl_x509req_sign(VALUE self, VALUE key, VALUE digest) { - X509_REQ *req = NULL; - EVP_PKEY *pkey = NULL; - const EVP_MD *md = NULL; + X509_REQ *req; + EVP_PKEY *pkey; + const EVP_MD *md; GetX509Req(self, req); + + md = ossl_digest_get_EVP_MD(digest); + OSSL_Check_Type(key, cPKey); - OSSL_Check_Type(digest, cDigest); if (rb_funcall(key, id_private_q, 0, NULL) == Qfalse) { - rb_raise(eX509RequestError, "PRIVATE key needed to sign REQ!"); + rb_raise(eX509ReqError, "PRIVATE key needed to sign REQ!"); } - pkey = ossl_pkey_get_EVP_PKEY(key); - md = ossl_digest_get_EVP_MD(digest); if (!X509_REQ_sign(req, pkey, md)) { EVP_PKEY_free(pkey); - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } EVP_PKEY_free(pkey); @@ -297,9 +313,9 @@ ossl_x509req_sign(VALUE self, VALUE key, VALUE digest) static VALUE ossl_x509req_verify(VALUE self, VALUE key) { - X509_REQ *req = NULL; - EVP_PKEY *pkey = NULL; - int i = 0; + X509_REQ *req; + EVP_PKEY *pkey; + int i; GetX509Req(self, req); @@ -308,66 +324,67 @@ ossl_x509req_verify(VALUE self, VALUE key) i = X509_REQ_verify(req, pkey); EVP_PKEY_free(pkey); - if (i < 0) - OSSL_Raise(eX509RequestError, ""); - else if (i > 0) + if (i < 0) { + OSSL_Raise(eX509ReqError, ""); + } else if (i > 0) { return Qtrue; - + } return Qfalse; } static VALUE ossl_x509req_get_attributes(VALUE self) { - X509_REQ *req = NULL; - int count = 0, i; - X509_ATTRIBUTE *attr = NULL; + X509_REQ *req; + int count, i; + X509_ATTRIBUTE *attr; VALUE ary; GetX509Req(self, req); count = X509_REQ_get_attr_count(req); - if (count > 0) - ary = rb_ary_new2(count); - else + if (count < 0) { + rb_warning("count < 0???"); return rb_ary_new(); + } + ary = rb_ary_new2(count); for (i=0; i<count; i++) { attr = X509_REQ_get_attr(req, i); rb_ary_push(ary, ossl_x509attr_new(attr)); } - return ary; } static VALUE ossl_x509req_set_attributes(VALUE self, VALUE ary) { - X509_REQ *req = NULL; - X509_ATTRIBUTE *attr = NULL; - int i = 0; + X509_REQ *req; + X509_ATTRIBUTE *attr; + int i; VALUE item; GetX509Req(self, req); Check_Type(ary, T_ARRAY); + for (i=0;i<RARRAY(ary)->len; i++) { + OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Attr); + } + sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free); req->req_info->attributes = NULL; for (i=0;i<RARRAY(ary)->len; i++) { item = RARRAY(ary)->ptr[i]; - OSSL_Check_Type(item, cX509Attribute); - attr = ossl_x509attr_get_X509_ATTRIBUTE(item); if (!X509_REQ_add1_attr(req, attr)) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } } - return ary; } @@ -378,12 +395,9 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr) GetX509Req(self, req); - OSSL_Check_Type(attr, cX509Attribute); - if (!X509_REQ_add1_attr(req, ossl_x509attr_get_X509_ATTRIBUTE(attr))) { - OSSL_Raise(eX509RequestError, ""); + OSSL_Raise(eX509ReqError, ""); } - return attr; } @@ -391,26 +405,28 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr) * X509_REQUEST init */ void -Init_ossl_x509req(VALUE module) +Init_ossl_x509req() { - eX509RequestError = rb_define_class_under(module, "RequestError", eOSSLError); + eX509ReqError = rb_define_class_under(mX509, "RequestError", eOSSLError); + + cX509Req = rb_define_class_under(mX509, "Request", rb_cObject); + + rb_define_singleton_method(cX509Req, "allocate", ossl_x509req_s_allocate, 0); + rb_define_method(cX509Req, "initialize", ossl_x509req_initialize, -1); - cX509Request = rb_define_class_under(module, "Request", rb_cObject); - rb_define_singleton_method(cX509Request, "new", ossl_x509req_s_new, -1); - rb_define_method(cX509Request, "initialize", ossl_x509req_initialize, -1); - rb_define_method(cX509Request, "to_pem", ossl_x509req_to_pem, 0); - rb_define_alias(cX509Request, "to_s", "to_pem"); - rb_define_method(cX509Request, "to_text", ossl_x509req_to_text, 0); - rb_define_method(cX509Request, "version", ossl_x509req_get_version, 0); - rb_define_method(cX509Request, "version=", ossl_x509req_set_version, 1); - rb_define_method(cX509Request, "subject", ossl_x509req_get_subject, 0); - rb_define_method(cX509Request, "subject=", ossl_x509req_set_subject, 1); - rb_define_method(cX509Request, "public_key", ossl_x509req_get_public_key, 0); - rb_define_method(cX509Request, "public_key=", ossl_x509req_set_public_key, 1); - rb_define_method(cX509Request, "sign", ossl_x509req_sign, 2); - rb_define_method(cX509Request, "verify", ossl_x509req_verify, 1); - rb_define_method(cX509Request, "attributes", ossl_x509req_get_attributes, 0); - rb_define_method(cX509Request, "attributes=", ossl_x509req_set_attributes, 1); - rb_define_method(cX509Request, "add_attribute", ossl_x509req_add_attribute, 1); + rb_define_method(cX509Req, "to_pem", ossl_x509req_to_pem, 0); + rb_define_alias(cX509Req, "to_s", "to_pem"); + rb_define_method(cX509Req, "to_text", ossl_x509req_to_text, 0); + rb_define_method(cX509Req, "version", ossl_x509req_get_version, 0); + rb_define_method(cX509Req, "version=", ossl_x509req_set_version, 1); + rb_define_method(cX509Req, "subject", ossl_x509req_get_subject, 0); + rb_define_method(cX509Req, "subject=", ossl_x509req_set_subject, 1); + rb_define_method(cX509Req, "public_key", ossl_x509req_get_public_key, 0); + rb_define_method(cX509Req, "public_key=", ossl_x509req_set_public_key, 1); + rb_define_method(cX509Req, "sign", ossl_x509req_sign, 2); + rb_define_method(cX509Req, "verify", ossl_x509req_verify, 1); + rb_define_method(cX509Req, "attributes", ossl_x509req_get_attributes, 0); + rb_define_method(cX509Req, "attributes=", ossl_x509req_set_attributes, 1); + rb_define_method(cX509Req, "add_attribute", ossl_x509req_add_attribute, 1); } diff --git a/ossl_x509revoked.c b/ossl_x509revoked.c index eab88c6..164f6df 100644 --- a/ossl_x509revoked.c +++ b/ossl_x509revoked.c @@ -10,14 +10,28 @@ */ #include "ossl.h" -#define WrapX509Revoked(obj, rev) obj = Data_Wrap_Struct(cX509Revoked, 0, X509_REVOKED_free, rev) -#define GetX509Revoked(obj, rev) Data_Get_Struct(obj, X509_REVOKED, rev) +#define WrapX509Rev(klass, obj, rev) do { \ + if (!rev) { \ + rb_raise(rb_eRuntimeError, "REV wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_REVOKED_free, rev); \ +} while (0) +#define GetX509Rev(obj, rev) do { \ + Data_Get_Struct(obj, X509_REVOKED, rev); \ + if (!rev) { \ + rb_raise(rb_eRuntimeError, "REV wasn't initialized!"); \ + } \ +} while (0) +#define SafeGetX509Rev(obj, rev) do { \ + OSSL_Check_Kind(obj, cX509Rev); \ + GetX509Rev(obj, rev); \ +} while (0) /* * Classes */ -VALUE cX509Revoked; -VALUE eX509RevokedError; +VALUE cX509Rev; +VALUE eX509RevError; /* * PUBLIC @@ -25,17 +39,18 @@ VALUE eX509RevokedError; VALUE ossl_x509revoked_new(X509_REVOKED *rev) { - X509_REVOKED *new = NULL; + X509_REVOKED *new; VALUE obj; - if (!rev) + if (!rev) { new = X509_REVOKED_new(); - else new = X509_REVOKED_dup(rev); - - if (!new) - OSSL_Raise(eX509RevokedError, ""); - - WrapX509Revoked(obj, new); + } else { + new = X509_REVOKED_dup(rev); + } + if (!new) { + OSSL_Raise(eX509RevError, ""); + } + WrapX509Rev(cX509Rev, obj, new); return obj; } @@ -43,14 +58,12 @@ ossl_x509revoked_new(X509_REVOKED *rev) X509_REVOKED * ossl_x509revoked_get_X509_REVOKED(VALUE obj) { - X509_REVOKED *rev = NULL, *new; + X509_REVOKED *rev, *new; - OSSL_Check_Type(obj, cX509Revoked); - - GetX509Revoked(obj, rev); + SafeGetX509Rev(obj, rev); if (!(new = X509_REVOKED_dup(rev))) { - OSSL_Raise(eX509RevokedError, ""); + OSSL_Raise(eX509RevError, ""); } return new; } @@ -59,13 +72,15 @@ ossl_x509revoked_get_X509_REVOKED(VALUE obj) * PRIVATE */ static VALUE -ossl_x509revoked_s_new(int argc, VALUE *argv, VALUE klass) +ossl_x509revoked_s_allocate(VALUE klass) { + X509_REVOKED *rev; VALUE obj; - obj = ossl_x509revoked_new(NULL); - - rb_obj_call_init(obj, argc, argv); + if (!(rev = X509_REVOKED_new())) { + OSSL_Raise(eX509RevError, ""); + } + WrapX509Rev(klass, obj, rev); return obj; } @@ -80,9 +95,9 @@ ossl_x509revoked_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509revoked_get_serial(VALUE self) { - X509_REVOKED *rev = NULL; + X509_REVOKED *rev; - GetX509Revoked(self, rev); + GetX509Rev(self, rev); return INT2NUM(ASN1_INTEGER_get(rev->serialNumber)); } @@ -92,21 +107,20 @@ ossl_x509revoked_set_serial(VALUE self, VALUE serial) { X509_REVOKED *rev = NULL; - GetX509Revoked(self, rev); + GetX509Rev(self, rev); if (!ASN1_INTEGER_set(rev->serialNumber, NUM2INT(serial))) { - OSSL_Raise(eX509RevokedError, ""); + OSSL_Raise(eX509RevError, ""); } - return serial; } static VALUE ossl_x509revoked_get_time(VALUE self) { - X509_REVOKED *rev = NULL; + X509_REVOKED *rev; - GetX509Revoked(self, rev); + GetX509Rev(self, rev); return asn1time_to_time(rev->revocationDate); } @@ -114,17 +128,16 @@ ossl_x509revoked_get_time(VALUE self) static VALUE ossl_x509revoked_set_time(VALUE self, VALUE time) { - X509_REVOKED *rev = NULL; + X509_REVOKED *rev; time_t sec; - GetX509Revoked(self, rev); + GetX509Rev(self, rev); sec = time_to_time_t(time); if (!ASN1_UTCTIME_set(rev->revocationDate, sec)) { - OSSL_Raise(eX509RevokedError, ""); + OSSL_Raise(eX509RevError, ""); } - return time; } /* @@ -133,25 +146,25 @@ ossl_x509revoked_set_time(VALUE self, VALUE time) static VALUE ossl_x509revoked_get_extensions(VALUE self) { - X509_REVOKED *rev = NULL; - int count = 0, i; - X509_EXTENSION *ext = NULL; + X509_REVOKED *rev; + int count, i; + X509_EXTENSION *ext; VALUE ary; - GetX509Revoked(self, rev); + GetX509Rev(self, rev); count = X509_REVOKED_get_ext_count(rev); - if (count > 0) - ary = rb_ary_new2(count); - else + if (count < 0) { + rb_warning("count < 0???"); return rb_ary_new(); + } + ary = rb_ary_new2(count); for (i=0; i<count; i++) { ext = X509_REVOKED_get_ext(rev, i); rb_ary_push(ary, ossl_x509ext_new(ext)); } - return ary; } @@ -161,50 +174,44 @@ ossl_x509revoked_get_extensions(VALUE self) static VALUE ossl_x509revoked_set_extensions(VALUE self, VALUE ary) { - X509_REVOKED *rev = NULL; - X509_EXTENSION *ext = NULL; - int i = 0; + X509_REVOKED *rev; + X509_EXTENSION *ext; + int i; VALUE item; - GetX509Revoked(self, rev); + GetX509Rev(self, rev); Check_Type(ary, T_ARRAY); - /* + for (i=0; i<RARRAY(ary)->len; i++) { - OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Extension); + OSSL_Check_Type(RARRAY(ary)->ptr[i], cX509Ext); } - */ + sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); rev->extensions = NULL; for (i=0; i<RARRAY(ary)->len; i++) { item = RARRAY(ary)->ptr[i]; - OSSL_Check_Type(item, cX509Extension); - ext = ossl_x509ext_get_X509_EXTENSION(item); if(!X509_REVOKED_add_ext(rev, ext, -1)) { - OSSL_Raise(eX509RevokedError, ""); + OSSL_Raise(eX509RevError, ""); } } - return ary; } static VALUE ossl_x509revoked_add_extension(VALUE self, VALUE ext) { - X509_REVOKED *rev = NULL; + X509_REVOKED *rev; - GetX509Revoked(self, rev); - - OSSL_Check_Type(ext, cX509Extension); + GetX509Rev(self, rev); if(!X509_REVOKED_add_ext(rev, ossl_x509ext_get_X509_EXTENSION(ext), -1)) { - OSSL_Raise(eX509RevokedError, ""); + OSSL_Raise(eX509RevError, ""); } - return ext; } @@ -212,19 +219,21 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext) * INIT */ void -Init_ossl_x509revoked(VALUE module) +Init_ossl_x509revoked() { - eX509RevokedError = rb_define_class_under(module, "RevokedError", eOSSLError); - - cX509Revoked = rb_define_class_under(module, "Revoked", rb_cObject); - rb_define_singleton_method(cX509Revoked, "new", ossl_x509revoked_s_new, -1); - rb_define_method(cX509Revoked, "initialize", ossl_x509revoked_initialize, -1); - rb_define_method(cX509Revoked, "serial", ossl_x509revoked_get_serial, 0); - rb_define_method(cX509Revoked, "serial=", ossl_x509revoked_set_serial, 1); - rb_define_method(cX509Revoked, "time", ossl_x509revoked_get_time, 0); - rb_define_method(cX509Revoked, "time=", ossl_x509revoked_set_time, 1); - rb_define_method(cX509Revoked, "extensions", ossl_x509revoked_get_extensions, 0); - rb_define_method(cX509Revoked, "extensions=", ossl_x509revoked_set_extensions, 1); - rb_define_method(cX509Revoked, "add_extension", ossl_x509revoked_add_extension, 1); + eX509RevError = rb_define_class_under(mX509, "RevokedError", eOSSLError); + + cX509Rev = rb_define_class_under(mX509, "Revoked", rb_cObject); + + rb_define_singleton_method(cX509Rev, "new", ossl_x509revoked_s_allocate, 0); + rb_define_method(cX509Rev, "initialize", ossl_x509revoked_initialize, -1); + + rb_define_method(cX509Rev, "serial", ossl_x509revoked_get_serial, 0); + rb_define_method(cX509Rev, "serial=", ossl_x509revoked_set_serial, 1); + rb_define_method(cX509Rev, "time", ossl_x509revoked_get_time, 0); + rb_define_method(cX509Rev, "time=", ossl_x509revoked_set_time, 1); + rb_define_method(cX509Rev, "extensions", ossl_x509revoked_get_extensions, 0); + rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1); + rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1); } diff --git a/ossl_x509store.c b/ossl_x509store.c index 00ee0c8..e0714b7 100644 --- a/ossl_x509store.c +++ b/ossl_x509store.c @@ -200,7 +200,7 @@ ossl_x509store_add_trusted(VALUE self, VALUE cert) GetX509Store(self, storep); - OSSL_Check_Type(cert, cX509Certificate); + OSSL_Check_Type(cert, cX509Cert); x509 = ossl_x509_get_X509(cert); if (!X509_STORE_add_cert(storep->store->ctx, x509)) { @@ -323,7 +323,7 @@ ossl_x509store_verify(VALUE self, VALUE cert) GetX509Store(self, storep); - OSSL_Check_Type(cert, cX509Certificate); + OSSL_Check_Type(cert, cX509Cert); x509 = ossl_x509_get_X509(cert); X509_STORE_CTX_set_cert(storep->store, x509); @@ -459,16 +459,16 @@ ossl_x509store_cleanup(VALUE self) * INIT */ void -Init_ossl_x509store(VALUE module) +Init_ossl_x509store() { /* * INIT verify_cb DB */ db_root = NULL; - eX509StoreError = rb_define_class_under(module, "StoreError", eOSSLError); + eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError); - cX509Store = rb_define_class_under(module, "Store", rb_cObject); + cX509Store = rb_define_class_under(mX509, "Store", rb_cObject); rb_define_singleton_method(cX509Store, "new", ossl_x509store_s_new, -1); rb_define_method(cX509Store, "initialize", ossl_x509store_initialize, -1); |