diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | openssl_missing.c | 31 | ||||
-rw-r--r-- | ossl.c | 335 | ||||
-rw-r--r-- | ossl.h | 67 | ||||
-rw-r--r-- | ossl_bn.c | 1105 | ||||
-rw-r--r-- | ossl_cipher.c | 376 | ||||
-rw-r--r-- | ossl_config.c | 160 | ||||
-rw-r--r-- | ossl_digest.c | 277 | ||||
-rw-r--r-- | ossl_hmac.c | 195 | ||||
-rw-r--r-- | ossl_ns_spki.c | 249 | ||||
-rw-r--r-- | ossl_pkcs7.c | 760 | ||||
-rw-r--r-- | ossl_pkey.c | 267 | ||||
-rw-r--r-- | ossl_pkey.h | 20 | ||||
-rw-r--r-- | ossl_pkey_dh.c | 341 | ||||
-rw-r--r-- | ossl_pkey_dsa.c | 452 | ||||
-rw-r--r-- | ossl_pkey_rsa.c | 632 | ||||
-rw-r--r-- | ossl_rand.c | 85 | ||||
-rw-r--r-- | ossl_ssl.c | 23 | ||||
-rw-r--r-- | ossl_x509.c | 20 | ||||
-rw-r--r-- | ossl_x509attr.c | 174 | ||||
-rw-r--r-- | ossl_x509cert.c | 720 | ||||
-rw-r--r-- | ossl_x509crl.c | 567 | ||||
-rw-r--r-- | ossl_x509ext.c | 330 | ||||
-rw-r--r-- | ossl_x509name.c | 254 | ||||
-rw-r--r-- | ossl_x509req.c | 484 | ||||
-rw-r--r-- | ossl_x509revoked.c | 235 | ||||
-rw-r--r-- | ossl_x509store.c | 599 |
27 files changed, 4293 insertions, 4471 deletions
@@ -1,3 +1,9 @@ +Tue, 17 Dec 2002 18:59:08 -0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org> + * all files: Indent by 4 spaces, 1 tab has the width of 8 spaces. + +Mon, 9 Dec 2002 20:27:28 -0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org> + * ssl.c: the return value of SSL_read/SSL_write is int (not size_t). + Sun, 10 Nov 2002 23:30:56 +0100 -- Michal Rokos <m.rokos@sh.cvut.cz> * bn.c: enhance BN so you can pass as parameter Ruby's numbers diff --git a/openssl_missing.c b/openssl_missing.c index 28b94c7..ec9f47c 100644 --- a/openssl_missing.c +++ b/openssl_missing.c @@ -17,23 +17,22 @@ int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) { - if (!out || !in) { - /* HMACerr(HMAC_CTX_COPY,HMAC_R_INPUT_NOT_INITIALIZED); */ - return 0; - } - memcpy(out, in, sizeof(HMAC_CTX)); + if (!out || !in) { + /* HMACerr(HMAC_CTX_COPY,HMAC_R_INPUT_NOT_INITIALIZED); */ + return 0; + } + memcpy(out, in, sizeof(HMAC_CTX)); - if (!EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx)) { - return 0; - } - if (!EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx)) { - return 0; - } - if (!EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx)) { - return 0; - } - return 1; + if (!EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx)) { + return 0; + } + if (!EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx)) { + return 0; + } + if (!EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx)) { + return 0; + } + return 1; } #endif /* NO_HMAC */ - @@ -22,8 +22,8 @@ # include <sys/time.h> #elif !defined(NT) struct timeval { - long tv_sec; /* seconds */ - long tv_usec; /* and microseconds */ + long tv_sec; /* seconds */ + long tv_usec; /* and microseconds */ }; #endif @@ -43,28 +43,28 @@ struct timeval { VALUE asn1time_to_time(ASN1_TIME *time) { - struct tm tm; + struct tm tm; - if (!time) { - ossl_raise(rb_eTypeError, "ASN1_TIME is NULL!"); - } - memset(&tm, 0, sizeof(struct tm)); + if (!time) { + ossl_raise(rb_eTypeError, "ASN1_TIME is NULL!"); + } + memset(&tm, 0, sizeof(struct tm)); - switch(time->type) { - case V_ASN1_UTCTIME: - if (!strptime(time->data, "%y%m%d%H%M%SZ", &tm)) { - ossl_raise(rb_eTypeError, "bad UTCTIME format"); - } - break; - case V_ASN1_GENERALIZEDTIME: - if (!strptime(time->data, "%Y%m%d%H%M%SZ", &tm)) { - ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format" ); - } - break; - default: - ossl_raise(rb_eTypeError, "unknown time format"); + switch(time->type) { + case V_ASN1_UTCTIME: + if (!strptime(time->data, "%y%m%d%H%M%SZ", &tm)) { + ossl_raise(rb_eTypeError, "bad UTCTIME format"); + } + break; + case V_ASN1_GENERALIZEDTIME: + if (!strptime(time->data, "%Y%m%d%H%M%SZ", &tm)) { + ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format" ); } - return rb_time_new(mktime(&tm) - timezone, 0); + break; + default: + ossl_raise(rb_eTypeError, "unknown time format"); + } + return rb_time_new(mktime(&tm) - timezone, 0); } /* @@ -75,9 +75,8 @@ extern struct timeval rb_time_timeval(VALUE); time_t time_to_time_t(VALUE time) { - struct timeval t = rb_time_timeval(time); - - return t.tv_sec; + struct timeval t = rb_time_timeval(time); + return t.tv_sec; } /* @@ -87,60 +86,60 @@ time_to_time_t(VALUE time) VALUE asn1integer_to_num(ASN1_INTEGER *ai) { - BIGNUM *bn; - char *txt; - VALUE num; + BIGNUM *bn; + char *txt; + VALUE num; - if (!ai) { - ossl_raise(rb_eTypeError, "ASN1_INTEGER is NULL!"); - } - if (!(bn = ASN1_INTEGER_to_BN(ai, NULL))) { - ossl_raise(eOSSLError, ""); - } + if (!ai) { + ossl_raise(rb_eTypeError, "ASN1_INTEGER is NULL!"); + } + if (!(bn = ASN1_INTEGER_to_BN(ai, NULL))) { + ossl_raise(eOSSLError, ""); + } #if 0 - if (!(txt = BN_bn2dec(bn))) { - BN_free(bn); - ossl_raise(eOSSLError, ""); - } - num = rb_cstr_to_inum(txt, 10, Qtrue); - OPENSSL_free(txt); + if (!(txt = BN_bn2dec(bn))) { + BN_free(bn); + ossl_raise(eOSSLError, ""); + } + num = rb_cstr_to_inum(txt, 10, Qtrue); + OPENSSL_free(txt); #else - num = ossl_bn_new(bn); + num = ossl_bn_new(bn); #endif - BN_free(bn); + BN_free(bn); - return num; + return num; } #if 0 ASN1_INTEGER *num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai) { - BIGNUM *bn = NULL; + BIGNUM *bn = NULL; - if (RTEST(rb_obj_is_kind_of(obj, cBN))) { - bn = GetBNPtr(obj); - } else { - obj = rb_String(obj); - if (!BN_dec2bn(&bn, StringValuePtr(obj))) { - ossl_raise(eOSSLError, ""); - } - } - if (!(ai = BN_to_ASN1_INTEGER(bn, ai))) { - BN_free(bn); - ossl_raise(eOSSLError, ""); + if (RTEST(rb_obj_is_kind_of(obj, cBN))) { + bn = GetBNPtr(obj); + } else { + obj = rb_String(obj); + if (!BN_dec2bn(&bn, StringValuePtr(obj))) { + ossl_raise(eOSSLError, ""); } + } + if (!(ai = BN_to_ASN1_INTEGER(bn, ai))) { BN_free(bn); - return ai; + ossl_raise(eOSSLError, ""); + } + BN_free(bn); + return ai; } #else ASN1_INTEGER *num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai) { - BIGNUM *bn = GetBNPtr(obj); - - if (!(ai = BN_to_ASN1_INTEGER(bn, ai))) { - ossl_raise(eOSSLError, ""); - } - return ai; + BIGNUM *bn = GetBNPtr(obj); + + if (!(ai = BN_to_ASN1_INTEGER(bn, ai))) { + ossl_raise(eOSSLError, ""); + } + return ai; } #endif @@ -150,31 +149,31 @@ ASN1_INTEGER *num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai) int string2hex(char *buf, int buf_len, char **hexbuf, int *hexbuf_len) { - static const char hex[]="0123456789abcdef"; - int i, len = 2 * buf_len; + static const char hex[]="0123456789abcdef"; + int i, len = 2 * buf_len; - if (buf_len < 0 || len < buf_len) { /* PARANOIA? */ - return -1; - } - if (!hexbuf) { /* if no buf, return calculated len */ - if (hexbuf_len) { - *hexbuf_len = len; - } - return len; - } - if (!(*hexbuf = OPENSSL_malloc(len + 1))) { - return -1; - } - for (i = 0; i < buf_len; i++) { - (*hexbuf)[2 * i] = hex[((unsigned char)buf[i]) >> 4]; - (*hexbuf)[2 * i + 1] = hex[buf[i] & 0x0f]; - } - (*hexbuf)[2 * i] = '\0'; - + if (buf_len < 0 || len < buf_len) { /* PARANOIA? */ + return -1; + } + if (!hexbuf) { /* if no buf, return calculated len */ if (hexbuf_len) { - *hexbuf_len = len; + *hexbuf_len = len; } return len; + } + if (!(*hexbuf = OPENSSL_malloc(len + 1))) { + return -1; + } + for (i = 0; i < buf_len; i++) { + (*hexbuf)[2 * i] = hex[((unsigned char)buf[i]) >> 4]; + (*hexbuf)[2 * i + 1] = hex[buf[i] & 0x0f]; + } + (*hexbuf)[2 * i] = '\0'; + + if (hexbuf_len) { + *hexbuf_len = len; + } + return len; } /* @@ -193,24 +192,26 @@ VALUE eOSSLError; void ossl_raise(VALUE exc, const char *fmt, ...) { - va_list args; - char buf[BUFSIZ]; - int len; - long e = ERR_get_error(); + va_list args; + char buf[BUFSIZ]; + int len; + long e = ERR_get_error(); - va_start(args, fmt); - len = vsnprintf(buf, BUFSIZ, fmt, args); - va_end(args); + va_start(args, fmt); + len = vsnprintf(buf, BUFSIZ, fmt, args); + va_end(args); - if (e) { - if (dOSSL == Qtrue) { /* FULL INFO */ - len += snprintf(buf + len, BUFSIZ - len, "%s", ERR_error_string(e, NULL)); - } else { - len += snprintf(buf + len, BUFSIZ - len, "%s", ERR_reason_error_string(e)); - } - ERR_clear_error(); + if (e) { + if (dOSSL == Qtrue) { /* FULL INFO */ + len += snprintf(buf + len, BUFSIZ - len, "%s", + ERR_error_string(e, NULL)); + } else { + len += snprintf(buf + len, BUFSIZ - len, "%s", + ERR_reason_error_string(e)); } - rb_exc_raise(rb_exc_new(exc, buf, len)); + ERR_clear_error(); + } + rb_exc_raise(rb_exc_new(exc, buf, len)); } /* @@ -221,40 +222,40 @@ VALUE dOSSL; #if defined(NT) void ossl_debug(const char *fmt, ...) { - va_list args; + va_list args; - if (dOSSL == Qtrue) { - fprintf(stderr, "OSSL_DEBUG: "); - va_start(args, fmt); - vfprintf(stderr, fmt, args); - va_end(args); - fprintf(stderr, " [CONTEXT N/A]\n"); - } + if (dOSSL == Qtrue) { + fprintf(stderr, "OSSL_DEBUG: "); + va_start(args, fmt); + vfprintf(stderr, fmt, args); + va_end(args); + fprintf(stderr, " [CONTEXT N/A]\n"); + } } #endif static VALUE ossl_debug_get(VALUE self) { - return dOSSL; + return dOSSL; } static VALUE ossl_debug_set(VALUE self, VALUE val) { - VALUE old = dOSSL; - dOSSL = val; + VALUE old = dOSSL; + dOSSL = val; - if (old != dOSSL) { - if (dOSSL == Qtrue) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - fprintf(stderr, "OSSL_DEBUG: IS NOW ON!\n"); - } else if (old == Qtrue) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); - fprintf(stderr, "OSSL_DEBUG: IS NOW OFF!\n"); - } + if (old != dOSSL) { + if (dOSSL == Qtrue) { + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + fprintf(stderr, "OSSL_DEBUG: IS NOW ON!\n"); + } else if (old == Qtrue) { + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); + fprintf(stderr, "OSSL_DEBUG: IS NOW OFF!\n"); } - return val; + } + return val; } /* @@ -263,55 +264,55 @@ ossl_debug_set(VALUE self, VALUE val) void Init_openssl() { - /* - * Init timezone info - */ - tzset(); - - /* - * Init all digests, ciphers - */ - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* - * Init main module - */ - mOSSL = rb_define_module("OpenSSL"); - - /* - * Constants - */ - rb_define_const(mOSSL, "VERSION", rb_str_new2(OSSL_VERSION)); - rb_define_const(mOSSL, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT)); - - /* - * Generic error, - * common for all classes under OpenSSL module - */ - eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); - - /* - * Init debug core - */ - dOSSL = Qfalse; - rb_define_module_function(mOSSL, "debug", ossl_debug_get, 0); - rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1); - - /* - * Init components - */ - Init_ossl_bn(); - Init_ossl_cipher(); - Init_ossl_config(); - Init_ossl_digest(); - Init_ossl_hmac(); - Init_ossl_ns_spki(); - Init_ossl_pkcs7(); - Init_ossl_pkey(); - Init_ossl_rand(); - Init_ossl_ssl(); - Init_ossl_x509(); + /* + * Init timezone info + */ + tzset(); + + /* + * Init all digests, ciphers + */ + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* + * Init main module + */ + mOSSL = rb_define_module("OpenSSL"); + + /* + * Constants + */ + rb_define_const(mOSSL, "VERSION", rb_str_new2(OSSL_VERSION)); + rb_define_const(mOSSL, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT)); + + /* + * Generic error, + * common for all classes under OpenSSL module + */ + eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError); + + /* + * Init debug core + */ + dOSSL = Qfalse; + rb_define_module_function(mOSSL, "debug", ossl_debug_get, 0); + rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1); + + /* + * Init components + */ + Init_ossl_bn(); + Init_ossl_cipher(); + Init_ossl_config(); + Init_ossl_digest(); + Init_ossl_hmac(); + Init_ossl_ns_spki(); + Init_ossl_pkcs7(); + Init_ossl_pkey(); + Init_ossl_rand(); + Init_ossl_ssl(); + Init_ossl_x509(); } #if defined(OSSL_DEBUG) @@ -321,7 +322,7 @@ Init_openssl() int main(int argc, char *argv[], char *env[]) { - return 0; + return 0; } #endif /* OSSL_DEBUG */ @@ -70,21 +70,23 @@ extern VALUE eOSSLError; * CheckTypes */ #define OSSL_Check_Kind(obj, klass) do {\ - if (!rb_obj_is_kind_of(obj, klass)) {\ - ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected kind of %s)", \ - rb_class2name(CLASS_OF(obj)), rb_class2name(klass));\ - }\ + if (!rb_obj_is_kind_of(obj, klass)) {\ + ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected kind of %s)",\ + rb_class2name(CLASS_OF(obj)), rb_class2name(klass));\ + }\ } while (0) + #define OSSL_Check_Instance(obj, klass) do {\ - if (!rb_obj_is_instance_of(obj, klass)) {\ - ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected instance of %s)",\ - rb_class2name(CLASS_OF(obj)), rb_class2name(klass));\ - }\ + if (!rb_obj_is_instance_of(obj, klass)) {\ + ossl_raise(rb_eTypeError, "wrong argument (%s)! (Expected instance of %s)",\ + rb_class2name(CLASS_OF(obj)), rb_class2name(klass));\ + }\ } while (0) + #define OSSL_Check_Same_Class(obj1, obj2) do {\ - if (!rb_obj_is_instance_of(obj1, rb_obj_class(obj2))) {\ - ossl_raise(rb_eTypeError, "wrong argument type");\ - }\ + if (!rb_obj_is_instance_of(obj1, rb_obj_class(obj2))) {\ + ossl_raise(rb_eTypeError, "wrong argument type");\ + }\ } while (0) /* @@ -107,9 +109,7 @@ int string2hex(char *, int, char **, int *); /* * ERRor messages */ -#define OSSL_ErrMsg() \ - ERR_reason_error_string(ERR_get_error()) - +#define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error()) void ossl_raise(VALUE, const char *, ...); /* @@ -117,30 +117,30 @@ void ossl_raise(VALUE, const char *, ...); */ extern VALUE dOSSL; -#if defined(NT) -void ossl_debug(const char *, ...); -# define OSSL_Debug ossl_debug -# define OSSL_Warning rb_warning -# define OSSL_Warn rb_warn -#else /* NT */ -# define OSSL_Debug(fmt, ...) do { \ - if (dOSSL == Qtrue) { \ - fprintf(stderr, "OSSL_DEBUG: "); \ - fprintf(stderr, fmt, ##__VA_ARGS__); \ - fprintf(stderr, " [in %s (%s:%d)]\n", __func__, __FILE__, __LINE__); \ - } \ +#if defined(__GNUC__) || __STDC_VERSION__ >= 199901L +#define OSSL_Debug(fmt, ...) do { \ + if (dOSSL == Qtrue) { \ + fprintf(stderr, "OSSL_DEBUG: "); \ + fprintf(stderr, fmt, ##__VA_ARGS__); \ + fprintf(stderr, " [in %s (%s:%d)]\n", __func__, __FILE__, __LINE__); \ + } \ } while (0) -# define OSSL_Warning(fmt, ...) do { \ - OSSL_Debug(fmt, ##__VA_ARGS__); \ - rb_warning(fmt, ##__VA_ARGS__); \ +#define OSSL_Warning(fmt, ...) do { \ + OSSL_Debug(fmt, ##__VA_ARGS__); \ + rb_warning(fmt, ##__VA_ARGS__); \ } while (0) -# define OSSL_Warn(fmt, ...) do { \ - OSSL_Debug(fmt, ##__VA_ARGS__); \ - rb_warn(fmt, ##__VA_ARGS__); \ +#define OSSL_Warn(fmt, ...) do { \ + OSSL_Debug(fmt, ##__VA_ARGS__); \ + rb_warn(fmt, ##__VA_ARGS__); \ } while (0) -#endif /* NT */ +#else +void ossl_debug(const char *, ...); +#define OSSL_Debug ossl_debug +#define OSSL_Warning rb_warning +#define OSSL_Warn rb_warn +#endif /* __GNUC__ || _STDC_VERSION__ >= 199901L */ /* * Include all parts @@ -164,4 +164,3 @@ void ossl_debug(const char *, ...); #endif #endif /* _OSSL_H_ */ - @@ -12,20 +12,22 @@ #include "ossl.h" #define WrapBN(klass, obj, bn) do { \ - if (!bn) { \ - ossl_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, BN_clear_free, bn); \ + if (!bn) { \ + ossl_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, BN_clear_free, bn); \ } while (0) + #define GetBN(obj, bn) do { \ - Data_Get_Struct(obj, BIGNUM, bn); \ - if (!bn) { \ - ossl_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, BIGNUM, bn); \ + if (!bn) { \ + ossl_raise(rb_eRuntimeError, "BN wasn't initialized!"); \ + } \ } while (0) + #define SafeGetBN(obj, bn) do { \ - OSSL_Check_Kind(obj, cBN); \ - GetBN(obj, bn); \ + OSSL_Check_Kind(obj, cBN); \ + GetBN(obj, bn); \ } while (0) /* @@ -40,42 +42,38 @@ VALUE eBNError; VALUE ossl_bn_new(BIGNUM *bn) { - BIGNUM *new; - VALUE obj; + BIGNUM *newbn; + VALUE obj; - if (!bn) { - new = BN_new(); - } else { - new = BN_dup(bn); - } - if (!new) { - ossl_raise(eBNError, ""); - } - WrapBN(cBN, obj, new); + newbn = bn ? BN_dup(bn) : BN_new(); + if (!newbn) { + ossl_raise(eBNError, ""); + } + WrapBN(cBN, obj, newbn); - return obj; + return obj; } BIGNUM * GetBNPtr(VALUE obj) { - BIGNUM *bn = NULL; - - if (RTEST(rb_obj_is_kind_of(obj, cBN))) { - GetBN(obj, bn); - } else switch (TYPE(obj)) { - case T_FIXNUM: - case T_BIGNUM: - obj = rb_String(obj); - if (!BN_dec2bn(&bn, StringValuePtr(obj))) { - ossl_raise(eBNError, ""); - } - WrapBN(cBN, obj, bn); /* Handle potencial mem leaks */ - break; - default: - ossl_raise(rb_eTypeError, "Cannot convert into OpenSSL::BN"); + BIGNUM *bn = NULL; + + if (RTEST(rb_obj_is_kind_of(obj, cBN))) { + GetBN(obj, bn); + } else switch (TYPE(obj)) { + case T_FIXNUM: + case T_BIGNUM: + obj = rb_String(obj); + if (!BN_dec2bn(&bn, StringValuePtr(obj))) { + ossl_raise(eBNError, ""); } - return bn; + WrapBN(cBN, obj, bn); /* Handle potencial mem leaks */ + break; + default: + ossl_raise(rb_eTypeError, "Cannot convert into OpenSSL::BN"); + } + return bn; } /* @@ -83,255 +81,245 @@ GetBNPtr(VALUE obj) */ /* * BN_CTX - is used in more difficult math. ops - * (Why just 1? Because Ruby itself isn't thread safe, we don't need to care about threads) + * (Why just 1? Because Ruby itself isn't thread safe, + * we don't need to care about threads) */ static BN_CTX *ossl_bn_ctx; static VALUE ossl_bn_s_allocate(VALUE klass) { - BIGNUM *bn; - VALUE obj; + BIGNUM *bn; + VALUE obj; - if (!(bn = BN_new())) { - ossl_raise(eBNError, ""); - } - WrapBN(klass, obj, bn); + if (!(bn = BN_new())) { + ossl_raise(eBNError, ""); + } + WrapBN(klass, obj, bn); - return obj; + return obj; } static VALUE ossl_bn_initialize(int argc, VALUE *argv, VALUE self) { - BIGNUM *bn; - VALUE str, bs; - int base = 10; + BIGNUM *bn; + VALUE str, bs; + int base = 10; - GetBN(self, bn); + GetBN(self, bn); - if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) { - base = NUM2INT(bs); + if (rb_scan_args(argc, argv, "11", &str, &bs) == 2) { + base = NUM2INT(bs); + } + if (RTEST(rb_obj_is_kind_of(str, cBN))) { + BIGNUM *other; + + GetBN(str, other); /* Safe - we checked kind_of? above */ + if (!BN_copy(bn, other)) { + ossl_raise(eBNError, ""); } - if (RTEST(rb_obj_is_kind_of(str, cBN))) { - BIGNUM *other; - - GetBN(str, other); /* Safe - we checked kind_of? above */ - if (!BN_copy(bn, other)) { - ossl_raise(eBNError, ""); - } - return self; + return self; + } + str = rb_String(str); + StringValue(str); + + switch (base) { + case 0: + if (!BN_mpi2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { + ossl_raise(eBNError, ""); } - str = rb_String(str); - StringValue(str); - - switch (base) { - case 0: - if (!BN_mpi2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { - ossl_raise(eBNError, ""); - } - break; - case 2: - if (!BN_bin2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { - ossl_raise(eBNError, ""); - } - break; - case 10: - if (!BN_dec2bn(&bn, RSTRING(str)->ptr)) { - ossl_raise(eBNError, ""); - } - break; - case 16: - if (!BN_hex2bn(&bn, RSTRING(str)->ptr)) { - ossl_raise(eBNError, ""); - } - break; - default: - ossl_raise(rb_eArgError, "illegal radix %d", base); + break; + case 2: + if (!BN_bin2bn(RSTRING(str)->ptr, RSTRING(str)->len, bn)) { + ossl_raise(eBNError, ""); } - return self; + break; + case 10: + if (!BN_dec2bn(&bn, RSTRING(str)->ptr)) { + ossl_raise(eBNError, ""); + } + break; + case 16: + if (!BN_hex2bn(&bn, RSTRING(str)->ptr)) { + ossl_raise(eBNError, ""); + } + break; + default: + ossl_raise(rb_eArgError, "illegal radix %d", base); + } + return self; } static VALUE ossl_bn_to_s(int argc, VALUE *argv, VALUE self) { - BIGNUM *bn; - VALUE str, bs; - int base = 10, len; - char *buf; + BIGNUM *bn; + VALUE str, bs; + int base = 10, len; + char *buf; - GetBN(self, bn); + GetBN(self, bn); - if (rb_scan_args(argc, argv, "01", &bs) == 1) { - base = NUM2INT(bs); + if (rb_scan_args(argc, argv, "01", &bs) == 1) { + base = NUM2INT(bs); + } + switch (base) { + case 0: + len = BN_bn2mpi(bn, NULL); + if (!(buf = OPENSSL_malloc(len))) { + ossl_raise(eBNError, "Cannot allocate mem for BN"); + } + if (BN_bn2mpi(bn, buf) != len) { + OPENSSL_free(buf); + ossl_raise(eBNError, ""); } - switch (base) { - case 0: - len = BN_bn2mpi(bn, NULL); - if (!(buf = OPENSSL_malloc(len))) { - ossl_raise(eBNError, "Cannot allocate mem for BN"); - } - if (BN_bn2mpi(bn, buf) != len) { - OPENSSL_free(buf); - ossl_raise(eBNError, ""); - } - break; - case 2: - len = BN_num_bytes(bn); - if (!(buf = OPENSSL_malloc(len))) { - ossl_raise(eBNError, "Cannot allocate mem for BN"); - } - if (BN_bn2bin(bn, buf) != len) { - OPENSSL_free(buf); - ossl_raise(eBNError, ""); - } - break; - case 10: - if (!(buf = BN_bn2dec(bn))) { - ossl_raise(eBNError, ""); - } - len = strlen(buf); - break; - case 16: - if (!(buf = BN_bn2hex(bn))) { - ossl_raise(eBNError, ""); - } - len = strlen(buf); - break; - default: - ossl_raise(rb_eArgError, "illegal radix %d", base); + break; + case 2: + len = BN_num_bytes(bn); + if (!(buf = OPENSSL_malloc(len))) { + ossl_raise(eBNError, "Cannot allocate mem for BN"); } - str = rb_str_new(buf, len); - OPENSSL_free(buf); - - return str; + if (BN_bn2bin(bn, buf) != len) { + OPENSSL_free(buf); + ossl_raise(eBNError, ""); + } + break; + case 10: + if (!(buf = BN_bn2dec(bn))) { + ossl_raise(eBNError, ""); + } + len = strlen(buf); + break; + case 16: + if (!(buf = BN_bn2hex(bn))) { + ossl_raise(eBNError, ""); + } + len = strlen(buf); + break; + default: + ossl_raise(rb_eArgError, "illegal radix %d", base); + } + str = rb_str_new(buf, len); + OPENSSL_free(buf); + + return str; } static VALUE ossl_bn_to_i(VALUE self) { - BIGNUM *bn; - char *txt; - VALUE num; + BIGNUM *bn; + char *txt; + VALUE num; - GetBN(self, bn); + GetBN(self, bn); - if (!(txt = BN_bn2dec(bn))) { - ossl_raise(eBNError, ""); - } - num = rb_cstr_to_inum(txt, 10, Qtrue); - OPENSSL_free(txt); + if (!(txt = BN_bn2dec(bn))) { + ossl_raise(eBNError, ""); + } + num = rb_cstr_to_inum(txt, 10, Qtrue); + OPENSSL_free(txt); - return num; + return num; } static VALUE ossl_bn_to_bn(VALUE self) { - return self; + return self; } static VALUE ossl_bn_coerce(VALUE self, VALUE other) { - switch(TYPE(other)) { - case T_STRING: - self = ossl_bn_to_s(0, NULL, self); - break; - case T_FIXNUM: - case T_BIGNUM: - self = ossl_bn_to_i(self); - break; - default: - if (!RTEST(rb_obj_is_kind_of(other, cBN))) { - ossl_raise(rb_eTypeError, "Don't know how to coerce"); - } - } - return rb_assoc_new(other, self); + switch(TYPE(other)) { + case T_STRING: + self = ossl_bn_to_s(0, NULL, self); + break; + case T_FIXNUM: + case T_BIGNUM: + self = ossl_bn_to_i(self); + break; + default: + if (!RTEST(rb_obj_is_kind_of(other, cBN))) { + ossl_raise(rb_eTypeError, "Don't know how to coerce"); + } + } + return rb_assoc_new(other, self); } -#define BIGNUM_BOOL1(func) \ - static VALUE \ - ossl_bn_##func(VALUE self) \ - { \ - BIGNUM *bn; \ - \ - GetBN(self, bn); \ - \ - if (BN_##func(bn)) { \ - return Qtrue; \ - } \ - return Qfalse; \ - } +#define BIGNUM_BOOL1(func) \ + static VALUE \ + ossl_bn_##func(VALUE self) \ + { \ + BIGNUM *bn; \ + GetBN(self, bn); \ + if (BN_##func(bn)) { \ + return Qtrue; \ + } \ + return Qfalse; \ + } BIGNUM_BOOL1(is_zero); BIGNUM_BOOL1(is_one); BIGNUM_BOOL1(is_odd); -#define BIGNUM_1c(func) \ - static VALUE \ - ossl_bn_##func(VALUE self) \ - { \ - BIGNUM *bn, *result; \ - VALUE obj; \ - \ - GetBN(self, bn); \ - \ - if (!(result = BN_new())) { \ - ossl_raise(eBNError, ""); \ - } \ - if (!BN_##func(result, bn, ossl_bn_ctx)) { \ - BN_free(result); \ - ossl_raise(eBNError, ""); \ - } \ - WrapBN(CLASS_OF(self), obj, result); \ - \ - return obj; \ - } +#define BIGNUM_1c(func) \ + static VALUE \ + ossl_bn_##func(VALUE self) \ + { \ + BIGNUM *bn, *result; \ + VALUE obj; \ + GetBN(self, bn); \ + if (!(result = BN_new())) { \ + ossl_raise(eBNError, ""); \ + } \ + if (!BN_##func(result, bn, ossl_bn_ctx)) { \ + BN_free(result); \ + ossl_raise(eBNError, ""); \ + } \ + WrapBN(CLASS_OF(self), obj, result); \ + return obj; \ + } BIGNUM_1c(sqr); -#define BIGNUM_2(func) \ - static VALUE \ - ossl_bn_##func(VALUE self, VALUE other) \ - { \ - BIGNUM *bn1, *bn2 = GetBNPtr(other), *result; \ - VALUE obj; \ - \ - GetBN(self, bn1); \ - \ - if (!(result = BN_new())) { \ - ossl_raise(eBNError, ""); \ - } \ - if (!BN_##func(result, bn1, bn2)) { \ - BN_free(result); \ - ossl_raise(eBNError, ""); \ - } \ - WrapBN(CLASS_OF(self), obj, result); \ - \ - return obj; \ - } +#define BIGNUM_2(func) \ + static VALUE \ + ossl_bn_##func(VALUE self, VALUE other) \ + { \ + BIGNUM *bn1, *bn2 = GetBNPtr(other), *result; \ + VALUE obj; \ + GetBN(self, bn1); \ + if (!(result = BN_new())) { \ + ossl_raise(eBNError, ""); \ + } \ + if (!BN_##func(result, bn1, bn2)) { \ + BN_free(result); \ + ossl_raise(eBNError, ""); \ + } \ + WrapBN(CLASS_OF(self), obj, result); \ + return obj; \ + } BIGNUM_2(add); BIGNUM_2(sub); -#define BIGNUM_2c(func) \ - static VALUE \ - ossl_bn_##func(VALUE self, VALUE other) \ - { \ - BIGNUM *bn1, *bn2 = GetBNPtr(other), *result; \ - VALUE obj; \ - \ - GetBN(self, bn1); \ - \ - if (!(result = BN_new())) { \ - ossl_raise(eBNError, ""); \ - } \ - if (!BN_##func(result, bn1, bn2, ossl_bn_ctx)) { \ - BN_free(result); \ - ossl_raise(eBNError, ""); \ - } \ - WrapBN(CLASS_OF(self), obj, result); \ - \ - return obj; \ - } +#define BIGNUM_2c(func) \ + static VALUE \ + ossl_bn_##func(VALUE self, VALUE other) \ + { \ + BIGNUM *bn1, *bn2 = GetBNPtr(other), *result; \ + VALUE obj; \ + GetBN(self, bn1); \ + if (!(result = BN_new())) { \ + ossl_raise(eBNError, ""); \ + } \ + if (!BN_##func(result, bn1, bn2, ossl_bn_ctx)) { \ + BN_free(result); \ + ossl_raise(eBNError, ""); \ + } \ + WrapBN(CLASS_OF(self), obj, result); \ + return obj; \ + } BIGNUM_2c(mul); BIGNUM_2c(mod); BIGNUM_2c(exp); @@ -342,67 +330,63 @@ BIGNUM_2c(mod_inverse); static VALUE ossl_bn_div(VALUE self, VALUE other) { - BIGNUM *bn1, *bn2 = GetBNPtr(other), *r1, *r2; - VALUE obj1, obj2; - - GetBN(self, bn1); - - if (!(r1 = BN_new())) { - ossl_raise(eBNError, ""); - } - if (!(r2 = BN_new())) { - BN_free(r1); - ossl_raise(eBNError, ""); - } - if (!BN_div(r1, r2, bn1, bn2, ossl_bn_ctx)) { - BN_free(r1); - BN_free(r2); - ossl_raise(eBNError, ""); - } - WrapBN(CLASS_OF(self), obj1, r1); - WrapBN(CLASS_OF(self), obj2, r2); - - return rb_ary_new3(2, obj1, obj2); + BIGNUM *bn1, *bn2 = GetBNPtr(other), *r1, *r2; + VALUE obj1, obj2; + + GetBN(self, bn1); + + if (!(r1 = BN_new())) { + ossl_raise(eBNError, ""); + } + if (!(r2 = BN_new())) { + BN_free(r1); + ossl_raise(eBNError, ""); + } + if (!BN_div(r1, r2, bn1, bn2, ossl_bn_ctx)) { + BN_free(r1); + BN_free(r2); + ossl_raise(eBNError, ""); + } + WrapBN(CLASS_OF(self), obj1, r1); + WrapBN(CLASS_OF(self), obj2, r2); + + return rb_ary_new3(2, obj1, obj2); } -#define BIGNUM_3c(func) \ - static VALUE \ - ossl_bn_##func(VALUE self, VALUE other1, VALUE other2) \ - { \ - BIGNUM *bn1, *bn2 = GetBNPtr(other1), *bn3 = GetBNPtr(other2), *result; \ - VALUE obj; \ - \ - GetBN(self, bn1); \ - \ - if (!(result = BN_new())) { \ - ossl_raise(eBNError, ""); \ - } \ - if (!BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx)) { \ - BN_free(result); \ - ossl_raise(eBNError, ""); \ - } \ - WrapBN(CLASS_OF(self), obj, result); \ - \ - return obj; \ - } +#define BIGNUM_3c(func) \ + static VALUE \ + ossl_bn_##func(VALUE self, VALUE other1, VALUE other2) \ + { \ + BIGNUM *bn1, *bn2 = GetBNPtr(other1); \ + BIGNUM *bn3 = GetBNPtr(other2), *result; \ + VALUE obj; \ + GetBN(self, bn1); \ + if (!(result = BN_new())) { \ + ossl_raise(eBNError, ""); \ + } \ + if (!BN_##func(result, bn1, bn2, bn3, ossl_bn_ctx)) { \ + BN_free(result); \ + ossl_raise(eBNError, ""); \ + } \ + WrapBN(CLASS_OF(self), obj, result); \ + return obj; \ + } BIGNUM_3c(mod_add); BIGNUM_3c(mod_sub); BIGNUM_3c(mod_mul); BIGNUM_3c(mod_exp); -#define BIGNUM_BIT(func) \ - static VALUE \ - ossl_bn_##func(VALUE self, VALUE bit) \ - { \ - BIGNUM *bn; \ - \ - GetBN(self, bn); \ - \ - if (!BN_##func(bn, NUM2INT(bit))) { \ - ossl_raise(eBNError, ""); \ - } \ - return self; \ - } +#define BIGNUM_BIT(func) \ + static VALUE \ + ossl_bn_##func(VALUE self, VALUE bit) \ + { \ + BIGNUM *bn; \ + GetBN(self, bn); \ + if (!BN_##func(bn, NUM2INT(bit))) { \ + ossl_raise(eBNError, ""); \ + } \ + return self; \ + } BIGNUM_BIT(set_bit); BIGNUM_BIT(clear_bit); BIGNUM_BIT(mask_bits); @@ -410,232 +394,221 @@ BIGNUM_BIT(mask_bits); static VALUE ossl_bn_is_bit_set(VALUE self, VALUE bit) { - BIGNUM *bn; + BIGNUM *bn; - GetBN(self, bn); + GetBN(self, bn); - if (BN_is_bit_set(bn, NUM2INT(bit))) { - return Qtrue; - } - return Qfalse; + if (BN_is_bit_set(bn, NUM2INT(bit))) { + return Qtrue; + } + return Qfalse; } -#define BIGNUM_SHIFT(func) \ - static VALUE \ - ossl_bn_##func(VALUE self, VALUE bits) \ - { \ - BIGNUM *bn, *result; \ - int b; \ - VALUE obj; \ - \ - GetBN(self, bn); \ - \ - b = NUM2INT(bits); \ - \ - if (!(result = BN_new())) { \ - ossl_raise(eBNError, ""); \ - } \ - if (!BN_##func(result, bn, b)) { \ - BN_free(result); \ - ossl_raise(eBNError, ""); \ - } \ - WrapBN(CLASS_OF(self), obj, result); \ - \ - return obj; \ - } +#define BIGNUM_SHIFT(func) \ + static VALUE \ + ossl_bn_##func(VALUE self, VALUE bits) \ + { \ + BIGNUM *bn, *result; \ + int b; \ + VALUE obj; \ + GetBN(self, bn); \ + b = NUM2INT(bits); \ + if (!(result = BN_new())) { \ + ossl_raise(eBNError, ""); \ + } \ + if (!BN_##func(result, bn, b)) { \ + BN_free(result); \ + ossl_raise(eBNError, ""); \ + } \ + WrapBN(CLASS_OF(self), obj, result); \ + return obj; \ + } BIGNUM_SHIFT(lshift); BIGNUM_SHIFT(rshift); -#define BIGNUM_RAND(func) \ - static VALUE \ - ossl_bn_s_##func(int argc, VALUE *argv, VALUE klass) \ - { \ - BIGNUM *result; \ - int bottom = 0, top = 0, b; \ - VALUE bits, fill, odd, obj; \ - \ - switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) { \ - case 3: \ - bottom = (odd == Qtrue) ? 1 : 0; \ - /* fall through */ \ - case 2: \ - top = FIX2INT(fill); \ - } \ - b = NUM2INT(bits); \ - \ - if (!(result = BN_new())) { \ - ossl_raise(eBNError, ""); \ - } \ - if (!BN_##func(result, b, top, bottom)) { \ - BN_free(result); \ - ossl_raise(eBNError, ""); \ - } \ - WrapBN(klass, obj, result); \ - \ - return obj; \ - } +#define BIGNUM_RAND(func) \ + static VALUE \ + ossl_bn_s_##func(int argc, VALUE *argv, VALUE klass) \ + { \ + BIGNUM *result; \ + int bottom = 0, top = 0, b; \ + VALUE bits, fill, odd, obj; \ + \ + switch (rb_scan_args(argc, argv, "12", &bits, &fill, &odd)) { \ + case 3: \ + bottom = (odd == Qtrue) ? 1 : 0; \ + /* FALLTHROUGH */ \ + case 2: \ + top = FIX2INT(fill); \ + } \ + b = NUM2INT(bits); \ + if (!(result = BN_new())) { \ + ossl_raise(eBNError, ""); \ + } \ + if (!BN_##func(result, b, top, bottom)) { \ + BN_free(result); \ + ossl_raise(eBNError, ""); \ + } \ + WrapBN(klass, obj, result); \ + return obj; \ + } BIGNUM_RAND(rand); BIGNUM_RAND(pseudo_rand); -#define BIGNUM_RAND_RANGE(func) \ - static VALUE \ - ossl_bn_s_##func##_range(VALUE klass, VALUE range) \ - { \ - BIGNUM *bn = GetBNPtr(range), *result; \ - VALUE obj; \ - \ - if (!(result = BN_new())) { \ - ossl_raise(eBNError, ""); \ - } \ - if (!BN_##func##_range(result, bn)) { \ - BN_free(result); \ - ossl_raise(eBNError, ""); \ - } \ - WrapBN(klass, obj, result); \ - \ - return obj; \ - } +#define BIGNUM_RAND_RANGE(func) \ + static VALUE \ + ossl_bn_s_##func##_range(VALUE klass, VALUE range) \ + { \ + BIGNUM *bn = GetBNPtr(range), *result; \ + VALUE obj; \ + if (!(result = BN_new())) { \ + ossl_raise(eBNError, ""); \ + } \ + if (!BN_##func##_range(result, bn)) { \ + BN_free(result); \ + ossl_raise(eBNError, ""); \ + } \ + WrapBN(klass, obj, result); \ + return obj; \ + } BIGNUM_RAND_RANGE(rand); BIGNUM_RAND_RANGE(pseudo_rand); static VALUE ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) { - BIGNUM *add = NULL, *rem = NULL, *result; - int safe = 1, num; - VALUE vnum, vsafe, vadd, vrem, obj; + BIGNUM *add = NULL, *rem = NULL, *result; + int safe = 1, num; + VALUE vnum, vsafe, vadd, vrem, obj; - rb_scan_args(argc, argv, "13", &vnum, &vsafe, &vadd, &vrem); - - num = NUM2INT(vnum); - - if (vsafe == Qfalse) { - safe = 0; - } - if (!NIL_P(vadd)) { - if (NIL_P(vrem)) { - ossl_raise(rb_eArgError, "if ADD is specified, REM must be also given"); - } - add = GetBNPtr(vadd); - rem = GetBNPtr(vrem); - } - if (!(result = BN_new())) { - ossl_raise(eBNError, ""); - } - if (!BN_generate_prime(result, num, safe, add, rem, NULL, NULL)) { - BN_free(result); - ossl_raise(eBNError, ""); - } - WrapBN(klass, obj, result); + rb_scan_args(argc, argv, "13", &vnum, &vsafe, &vadd, &vrem); + num = NUM2INT(vnum); + + if (vsafe == Qfalse) { + safe = 0; + } + if (!NIL_P(vadd)) { + if (NIL_P(vrem)) { + ossl_raise(rb_eArgError, + "if ADD is specified, REM must be also given"); + } + add = GetBNPtr(vadd); + rem = GetBNPtr(vrem); + } + if (!(result = BN_new())) { + ossl_raise(eBNError, ""); + } + if (!BN_generate_prime(result, num, safe, add, rem, NULL, NULL)) { + BN_free(result); + ossl_raise(eBNError, ""); + } + WrapBN(klass, obj, result); + return obj; } -#define BIGNUM_NUM(func) \ - static VALUE \ - ossl_bn_##func(VALUE self) \ - { \ - BIGNUM *bn; \ - \ - GetBN(self, bn); \ - \ - return INT2FIX(BN_##func(bn)); \ - } +#define BIGNUM_NUM(func) \ + static VALUE \ + ossl_bn_##func(VALUE self) \ + { \ + BIGNUM *bn; \ + GetBN(self, bn); \ + return INT2FIX(BN_##func(bn)); \ + } BIGNUM_NUM(num_bytes); BIGNUM_NUM(num_bits); static VALUE ossl_bn_copy(VALUE self, VALUE other) { - BIGNUM *bn1, *bn2; - - rb_check_frozen(self); - - if (self == other) return self; - - GetBN(self, bn1); - bn2 = GetBNPtr(other); - - if (!BN_copy(bn1, bn2)) { - ossl_raise(eBNError, ""); - } - return self; + BIGNUM *bn1, *bn2; + + rb_check_frozen(self); + + if (self == other) return self; + + GetBN(self, bn1); + bn2 = GetBNPtr(other); + + if (!BN_copy(bn1, bn2)) { + ossl_raise(eBNError, ""); + } + return self; } -#define BIGNUM_CMP(func) \ - static VALUE \ - ossl_bn_##func(VALUE self, VALUE other) \ - { \ - BIGNUM *bn1, *bn2 = GetBNPtr(other); \ - \ - GetBN(self, bn1); \ - \ - return INT2FIX(BN_##func(bn1, bn2)); \ - } +#define BIGNUM_CMP(func) \ + static VALUE \ + ossl_bn_##func(VALUE self, VALUE other) \ + { \ + BIGNUM *bn1, *bn2 = GetBNPtr(other); \ + GetBN(self, bn1); \ + return INT2FIX(BN_##func(bn1, bn2)); \ + } BIGNUM_CMP(cmp); BIGNUM_CMP(ucmp); static VALUE ossl_bn_eql(VALUE self, VALUE other) { - if (ossl_bn_cmp(self, other) == INT2FIX(0)) { - return Qtrue; - } - return Qfalse; + if (ossl_bn_cmp(self, other) == INT2FIX(0)) { + return Qtrue; + } + return Qfalse; } static VALUE ossl_bn_is_prime(int argc, VALUE *argv, VALUE self) { - BIGNUM *bn; - VALUE vchecks; - int checks = BN_prime_checks; + BIGNUM *bn; + VALUE vchecks; + int checks = BN_prime_checks; - GetBN(self, bn); + GetBN(self, bn); - if (rb_scan_args(argc, argv, "01", &vchecks) == 0) { - checks = NUM2INT(vchecks); - } - switch (BN_is_prime(bn, checks, NULL, ossl_bn_ctx, NULL)) { - case 1: - return Qtrue; - case 0: - return Qfalse; - default: - ossl_raise(eBNError, ""); - } - /* not reachable */ - return Qnil; + if (rb_scan_args(argc, argv, "01", &vchecks) == 0) { + checks = NUM2INT(vchecks); + } + switch (BN_is_prime(bn, checks, NULL, ossl_bn_ctx, NULL)) { + case 1: + return Qtrue; + case 0: + return Qfalse; + default: + ossl_raise(eBNError, ""); + } + /* not reachable */ + return Qnil; } static VALUE ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) { - BIGNUM *bn; - VALUE vchecks, vtrivdiv; - int checks = BN_prime_checks, do_trial_division = 1; + BIGNUM *bn; + VALUE vchecks, vtrivdiv; + int checks = BN_prime_checks, do_trial_division = 1; - GetBN(self, bn); + GetBN(self, bn); - rb_scan_args(argc, argv, "02", &vchecks, &vtrivdiv); - - if (!NIL_P(vchecks)) { - checks = NUM2INT(vchecks); - } - /* handle true/false */ - if (vtrivdiv == Qfalse) { - do_trial_division = 0; - } - switch (BN_is_prime_fasttest(bn, checks, NULL, ossl_bn_ctx, NULL, do_trial_division)) { - case 1: - return Qtrue; - case 0: - return Qfalse; - default: - ossl_raise(eBNError, ""); - } - /* not reachable */ - return Qnil; + rb_scan_args(argc, argv, "02", &vchecks, &vtrivdiv); + + if (!NIL_P(vchecks)) { + checks = NUM2INT(vchecks); + } + /* handle true/false */ + if (vtrivdiv == Qfalse) { + do_trial_division = 0; + } + switch (BN_is_prime_fasttest(bn, checks, NULL, ossl_bn_ctx, NULL, do_trial_division)) { + case 1: + return Qtrue; + case 0: + return Qfalse; + default: + ossl_raise(eBNError, ""); + } + /* not reachable */ + return Qnil; } /* @@ -645,114 +618,116 @@ ossl_bn_is_prime_fasttest(int argc, VALUE *argv, VALUE self) void Init_ossl_bn() { - if (!(ossl_bn_ctx = BN_CTX_new())) { - ossl_raise(rb_eRuntimeError, "Cannot init BN_CTX"); - } + if (!(ossl_bn_ctx = BN_CTX_new())) { + ossl_raise(rb_eRuntimeError, "Cannot init BN_CTX"); + } - eBNError = rb_define_class_under(mOSSL, "BNError", eOSSLError); + eBNError = rb_define_class_under(mOSSL, "BNError", eOSSLError); - cBN = rb_define_class_under(mOSSL, "BN", rb_cObject); + cBN = rb_define_class_under(mOSSL, "BN", rb_cObject); - rb_define_singleton_method(cBN, "allocate", ossl_bn_s_allocate, 0); - rb_define_method(cBN, "initialize", ossl_bn_initialize, -1); + rb_define_singleton_method(cBN, "allocate", ossl_bn_s_allocate, 0); + rb_define_method(cBN, "initialize", ossl_bn_initialize, -1); - rb_define_method(cBN, "copy", ossl_bn_copy, 1); - rb_define_alias(cBN, "become", "copy"); + rb_define_method(cBN, "copy", ossl_bn_copy, 1); + rb_define_alias(cBN, "become", "copy"); - /* swap (=coerce?) */ - - rb_define_method(cBN, "num_bytes", ossl_bn_num_bytes, 0); - rb_define_method(cBN, "num_bits", ossl_bn_num_bits, 0); - /* num_bits_word */ - - rb_define_method(cBN, "+", ossl_bn_add, 1); - rb_define_method(cBN, "-", ossl_bn_sub, 1); - rb_define_method(cBN, "*", ossl_bn_mul, 1); - rb_define_method(cBN, "sqr", ossl_bn_sqr, 0); - rb_define_method(cBN, "/", ossl_bn_div, 1); - rb_define_method(cBN, "%", ossl_bn_mod, 1); - /* nnmod */ - - rb_define_method(cBN, "mod_add", ossl_bn_mod_add, 2); - rb_define_method(cBN, "mod_sub", ossl_bn_mod_sub, 2); - rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2); - rb_define_method(cBN, "mod_sqr", ossl_bn_mod_sqr, 1); - rb_define_method(cBN, "**", ossl_bn_exp, 1); - rb_define_method(cBN, "mod_exp", ossl_bn_mod_exp, 2); - rb_define_method(cBN, "gcd", ossl_bn_gcd, 1); - - /* add_word - * sub_word - * mul_word - * div_word - * mod_word */ - - rb_define_method(cBN, "cmp", ossl_bn_cmp, 1); - rb_define_alias(cBN, "<=>", "cmp"); - rb_define_method(cBN, "ucmp", ossl_bn_ucmp, 1); - rb_define_method(cBN, "eql?", ossl_bn_eql, 1); - rb_define_alias(cBN, "==", "eql?"); - rb_define_alias(cBN, "===", "eql?"); - rb_define_method(cBN, "zero?", ossl_bn_is_zero, 0); - rb_define_method(cBN, "one?", ossl_bn_is_one, 0); - /* is_word */ - rb_define_method(cBN, "odd?", ossl_bn_is_odd, 0); - - /* zero - * one - * value_one - DON'T IMPL. - * set_word - * get_word */ - - rb_define_singleton_method(cBN, "rand", ossl_bn_s_rand, -1); - rb_define_singleton_method(cBN, "pseudo_rand", ossl_bn_s_pseudo_rand, -1); - rb_define_singleton_method(cBN, "rand_range", ossl_bn_s_rand_range, 1); - rb_define_singleton_method(cBN, "pseudo_rand_range", ossl_bn_s_pseudo_rand_range, 1); - - rb_define_singleton_method(cBN, "generate_prime", ossl_bn_s_generate_prime, -1); - rb_define_method(cBN, "prime?", ossl_bn_is_prime, -1); - - rb_define_method(cBN, "set_bit!", ossl_bn_set_bit, 1); - rb_define_method(cBN, "clear_bit!", ossl_bn_clear_bit, 1); - rb_define_method(cBN, "bit_set?", ossl_bn_is_bit_set, 1); - rb_define_method(cBN, "mask_bits!", ossl_bn_mask_bits, 1); - rb_define_method(cBN, "<<", ossl_bn_lshift, 1); - /* lshift1 - DON'T IMPL. */ - rb_define_method(cBN, ">>", ossl_bn_rshift, 1); - /* rshift1 - DON'T IMPL. */ - - /* bn2bin - * bin2bn - * bn2hex - * bn2dec - * hex2bn - * dec2bn - all these are implemented in ossl_bn_initialize, and ossl_bn_to_s - * print - NOT IMPL. - * print_fp - NOT IMPL. - * bn2mpi - * mpi2bn */ - rb_define_method(cBN, "to_s", ossl_bn_to_s, -1); - rb_define_method(cBN, "to_i", ossl_bn_to_i, 0); - rb_define_alias(cBN, "to_int", "to_i"); - rb_define_method(cBN, "to_bn", ossl_bn_to_bn, 0); - rb_define_method(cBN, "coerce", ossl_bn_coerce, 1); + /* swap (=coerce?) */ + + rb_define_method(cBN, "num_bytes", ossl_bn_num_bytes, 0); + rb_define_method(cBN, "num_bits", ossl_bn_num_bits, 0); + /* num_bits_word */ + + rb_define_method(cBN, "+", ossl_bn_add, 1); + rb_define_method(cBN, "-", ossl_bn_sub, 1); + rb_define_method(cBN, "*", ossl_bn_mul, 1); + rb_define_method(cBN, "sqr", ossl_bn_sqr, 0); + rb_define_method(cBN, "/", ossl_bn_div, 1); + rb_define_method(cBN, "%", ossl_bn_mod, 1); + /* nnmod */ + + rb_define_method(cBN, "mod_add", ossl_bn_mod_add, 2); + rb_define_method(cBN, "mod_sub", ossl_bn_mod_sub, 2); + rb_define_method(cBN, "mod_mul", ossl_bn_mod_mul, 2); + rb_define_method(cBN, "mod_sqr", ossl_bn_mod_sqr, 1); + rb_define_method(cBN, "**", ossl_bn_exp, 1); + rb_define_method(cBN, "mod_exp", ossl_bn_mod_exp, 2); + rb_define_method(cBN, "gcd", ossl_bn_gcd, 1); + + /* add_word + * sub_word + * mul_word + * div_word + * mod_word */ + + rb_define_method(cBN, "cmp", ossl_bn_cmp, 1); + rb_define_alias(cBN, "<=>", "cmp"); + rb_define_method(cBN, "ucmp", ossl_bn_ucmp, 1); + rb_define_method(cBN, "eql?", ossl_bn_eql, 1); + rb_define_alias(cBN, "==", "eql?"); + rb_define_alias(cBN, "===", "eql?"); + rb_define_method(cBN, "zero?", ossl_bn_is_zero, 0); + rb_define_method(cBN, "one?", ossl_bn_is_one, 0); + /* is_word */ + rb_define_method(cBN, "odd?", ossl_bn_is_odd, 0); + + /* zero + * one + * value_one - DON'T IMPL. + * set_word + * get_word */ + + rb_define_singleton_method(cBN, "rand", ossl_bn_s_rand, -1); + rb_define_singleton_method(cBN, "pseudo_rand", ossl_bn_s_pseudo_rand, -1); + rb_define_singleton_method(cBN, "rand_range", ossl_bn_s_rand_range, 1); + rb_define_singleton_method(cBN, "pseudo_rand_range", ossl_bn_s_pseudo_rand_range, 1); + + rb_define_singleton_method(cBN, "generate_prime", ossl_bn_s_generate_prime, -1); + rb_define_method(cBN, "prime?", ossl_bn_is_prime, -1); + + rb_define_method(cBN, "set_bit!", ossl_bn_set_bit, 1); + rb_define_method(cBN, "clear_bit!", ossl_bn_clear_bit, 1); + rb_define_method(cBN, "bit_set?", ossl_bn_is_bit_set, 1); + rb_define_method(cBN, "mask_bits!", ossl_bn_mask_bits, 1); + rb_define_method(cBN, "<<", ossl_bn_lshift, 1); + /* lshift1 - DON'T IMPL. */ + rb_define_method(cBN, ">>", ossl_bn_rshift, 1); + /* rshift1 - DON'T IMPL. */ + + /* + * bn2bin + * bin2bn + * bn2hex + * bn2dec + * hex2bn + * dec2bn - all these are implemented in ossl_bn_initialize, and ossl_bn_to_s + * print - NOT IMPL. + * print_fp - NOT IMPL. + * bn2mpi + * mpi2bn + */ + rb_define_method(cBN, "to_s", ossl_bn_to_s, -1); + rb_define_method(cBN, "to_i", ossl_bn_to_i, 0); + rb_define_alias(cBN, "to_int", "to_i"); + rb_define_method(cBN, "to_bn", ossl_bn_to_bn, 0); + rb_define_method(cBN, "coerce", ossl_bn_coerce, 1); - /* - * TODO: - * But how to: from_bin, from_mpi? PACK? - * to_bin - * to_mpi - */ - - rb_define_method(cBN, "mod_inverse", ossl_bn_mod_inverse, 1); - - /* RECiProcal - * MONTgomery */ - - /* - * TODO: - * Where to belong these? - */ - rb_define_method(cBN, "prime_fasttest?", ossl_bn_is_prime_fasttest, -1); + /* + * TODO: + * But how to: from_bin, from_mpi? PACK? + * to_bin + * to_mpi + */ + + rb_define_method(cBN, "mod_inverse", ossl_bn_mod_inverse, 1); + + /* RECiProcal + * MONTgomery */ + + /* + * TODO: + * Where to belong these? + */ + rb_define_method(cBN, "prime_fasttest?", ossl_bn_is_prime_fasttest, -1); } diff --git a/ossl_cipher.c b/ossl_cipher.c index 51d3938..07834b3 100644 --- a/ossl_cipher.c +++ b/ossl_cipher.c @@ -12,17 +12,17 @@ #define MakeCipher(obj, klass, ciphp) obj = Data_Make_Struct(klass, ossl_cipher, 0, ossl_cipher_free, ciphp) #define GetCipher(obj, ciphp) do { \ - Data_Get_Struct(obj, ossl_cipher, ciphp); \ - if (!ciphp) { \ - ossl_raise(rb_eRuntimeError, "Cipher not inititalized!"); \ - } \ + Data_Get_Struct(obj, ossl_cipher, ciphp); \ + if (!ciphp) { \ + ossl_raise(rb_eRuntimeError, "Cipher not inititalized!"); \ + } \ } while (0) #define SafeGetCipher(obj, ciphp) do { \ - OSSL_Check_Kind(obj, cCipher); \ - GetCipher(obj, ciphp); \ - if (!ciphp->cipher) { \ - ossl_raise(rb_eRuntimeError, "Cipher not inititalized!"); \ - } \ + OSSL_Check_Kind(obj, cCipher); \ + GetCipher(obj, ciphp); \ + if (!ciphp->cipher) { \ + ossl_raise(rb_eRuntimeError, "Cipher not inititalized!"); \ + } \ } while (0) /* @@ -36,19 +36,20 @@ VALUE eCipherError; * Struct */ typedef struct ossl_cipher_st { - int init; /* HACK - not to coredump when calling #update or #final without previous en/decrypt */ - const EVP_CIPHER *cipher; - EVP_CIPHER_CTX ctx; + int init; /* HACK - not to coredump when calling + #update or #final without previous en/decrypt */ + const EVP_CIPHER *cipher; + EVP_CIPHER_CTX ctx; } ossl_cipher; static void ossl_cipher_free(ossl_cipher *ciphp) { - if (ciphp) { - EVP_CIPHER_CTX_cleanup(&ciphp->ctx); - ciphp->cipher = NULL; - free(ciphp); - } + if (ciphp) { + EVP_CIPHER_CTX_cleanup(&ciphp->ctx); + ciphp->cipher = NULL; + free(ciphp); + } } /* @@ -57,11 +58,11 @@ ossl_cipher_free(ossl_cipher *ciphp) const EVP_CIPHER * ossl_cipher_get_EVP_CIPHER(VALUE obj) { - ossl_cipher *ciphp; + ossl_cipher *ciphp; - SafeGetCipher(obj, ciphp); + SafeGetCipher(obj, ciphp); - return ciphp->cipher; /*EVP_CIPHER_CTX_cipher(ciphp->ctx);*/ + return ciphp->cipher; /*EVP_CIPHER_CTX_cipher(ciphp->ctx);*/ } /* @@ -70,219 +71,216 @@ ossl_cipher_get_EVP_CIPHER(VALUE obj) static VALUE ossl_cipher_s_allocate(VALUE klass) { - ossl_cipher *ciphp; - VALUE obj; + ossl_cipher *ciphp; + VALUE obj; - MakeCipher(obj, klass, ciphp); + MakeCipher(obj, klass, ciphp); - ciphp->init = Qfalse; - ciphp->cipher = NULL; + ciphp->init = Qfalse; + ciphp->cipher = NULL; - return obj; + return obj; } static VALUE ossl_cipher_initialize(VALUE self, VALUE str) { - ossl_cipher *ciphp; - char *name; + ossl_cipher *ciphp; + char *name; - GetCipher(self, ciphp); + GetCipher(self, ciphp); - name = StringValuePtr(str); + name = StringValuePtr(str); - if (!(ciphp->cipher = EVP_get_cipherbyname(name))) { - ossl_raise(rb_eRuntimeError, "Unsupported cipher algorithm (%s).", name); - } - return self; + if (!(ciphp->cipher = EVP_get_cipherbyname(name))) { + ossl_raise(rb_eRuntimeError, "Unsupported cipher algorithm (%s).", name); + } + return self; } static VALUE ossl_cipher_become(VALUE self, VALUE other) { - ossl_cipher *ciphp1, *ciphp2; + ossl_cipher *ciphp1, *ciphp2; - rb_check_frozen(self); - - if (self == other) return self; - - GetCipher(self, ciphp1); - SafeGetCipher(other, ciphp2); + rb_check_frozen(self); + if (self == other) return self; - ciphp1->cipher = ciphp2->cipher; + GetCipher(self, ciphp1); + SafeGetCipher(other, ciphp2); + ciphp1->cipher = ciphp2->cipher; - return self; + return self; } static VALUE ossl_cipher_encrypt(int argc, VALUE *argv, VALUE self) { - ossl_cipher *ciphp; - unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; - VALUE pass, init_v; + ossl_cipher *ciphp; + unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; + VALUE pass, init_v; - GetCipher(self, ciphp); + GetCipher(self, ciphp); - rb_scan_args(argc, argv, "11", &pass, &init_v); + rb_scan_args(argc, argv, "11", &pass, &init_v); - StringValue(pass); - - if (NIL_P(init_v)) { - /* - * TODO: - * random IV generation! - */ - memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv)); - /* - RAND_add(data,i,0); where from take data? - if (RAND_pseudo_bytes(iv, 8) < 0) { - ossl_raise(eCipherError, ""); - } - */ - } else { - init_v = rb_obj_as_string(init_v); - if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) { - memset(iv, 0, EVP_MAX_IV_LENGTH); - memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); - } else { - memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv)); - } + StringValue(pass); + + if (NIL_P(init_v)) { + /* + * TODO: + * random IV generation! + */ + memcpy(iv, "OpenSSL for Ruby rulez!", sizeof(iv)); + /* + RAND_add(data,i,0); where from take data? + if (RAND_pseudo_bytes(iv, 8) < 0) { + ossl_raise(eCipherError, ""); + } + */ + } + else { + init_v = rb_obj_as_string(init_v); + if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) { + memset(iv, 0, EVP_MAX_IV_LENGTH); + memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); } - EVP_CIPHER_CTX_init(&ciphp->ctx); - - EVP_BytesToKey(ciphp->cipher, EVP_md5(), iv, RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); - - if (!EVP_EncryptInit(&ciphp->ctx, ciphp->cipher, key, iv)) { - ossl_raise(eCipherError, ""); + else { + memcpy(iv, RSTRING(init_v)->ptr, sizeof(iv)); } - ciphp->init = Qtrue; - - return self; + } + EVP_CIPHER_CTX_init(&ciphp->ctx); + EVP_BytesToKey(ciphp->cipher, EVP_md5(), iv, + RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); + if (!EVP_EncryptInit(&ciphp->ctx, ciphp->cipher, key, iv)) { + ossl_raise(eCipherError, ""); + } + ciphp->init = Qtrue; + + return self; } static VALUE ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self) { - ossl_cipher *ciphp; - unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; - VALUE pass, init_v; - - GetCipher(self, ciphp); - - rb_scan_args(argc, argv, "11", &pass, &init_v); - - StringValue(pass); + ossl_cipher *ciphp; + unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; + VALUE pass, init_v; - if (NIL_P(init_v)) { - /* - * TODO: - * random IV generation! - */ - memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH); - } else { - init_v = rb_obj_as_string(init_v); - if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) { - memset(iv, 0, EVP_MAX_IV_LENGTH); - memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); - } else { - memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH); - } + GetCipher(self, ciphp); + rb_scan_args(argc, argv, "11", &pass, &init_v); + StringValue(pass); + if (NIL_P(init_v)) { + /* + * TODO: + * random IV generation! + */ + memcpy(iv, "OpenSSL for Ruby rulez!", EVP_MAX_IV_LENGTH); + } + else { + init_v = rb_obj_as_string(init_v); + if (EVP_MAX_IV_LENGTH > RSTRING(init_v)->len) { + memset(iv, 0, EVP_MAX_IV_LENGTH); + memcpy(iv, RSTRING(init_v)->ptr, RSTRING(init_v)->len); } - EVP_CIPHER_CTX_init(&ciphp->ctx); - - /*if (!load_iv((unsigned char **)&header,&(ciphp->cipher->iv[0]),8)) return(0); * cipher = CIPHER_INFO */ - - EVP_BytesToKey(ciphp->cipher, EVP_md5(), iv, RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); - - if (!EVP_DecryptInit(&ciphp->ctx, ciphp->cipher, key, iv)) { - ossl_raise(eCipherError, ""); + else { + memcpy(iv, RSTRING(init_v)->ptr, EVP_MAX_IV_LENGTH); } - ciphp->init = Qtrue; - - return self; + } + EVP_CIPHER_CTX_init(&ciphp->ctx); + EVP_BytesToKey(ciphp->cipher, EVP_md5(), iv, + RSTRING(pass)->ptr, RSTRING(pass)->len, 1, key, NULL); + if (!EVP_DecryptInit(&ciphp->ctx, ciphp->cipher, key, iv)) { + ossl_raise(eCipherError, ""); + } + ciphp->init = Qtrue; + + return self; } static VALUE ossl_cipher_update(VALUE self, VALUE data) { - ossl_cipher *ciphp; - char *in, *out; - int in_len, out_len; - VALUE str; - - GetCipher(self, ciphp); - - if (ciphp->init != Qtrue) { - ossl_raise(eCipherError, "Don't call Cipher#update without preceding Cipher#(en|de)crypt."); - } - StringValue(data); - in = RSTRING(data)->ptr; - in_len = RSTRING(data)->len; + ossl_cipher *ciphp; + char *in, *out; + int in_len, out_len; + VALUE str; + + GetCipher(self, ciphp); + + if (ciphp->init != Qtrue) { + ossl_raise(eCipherError, + "Don't call Cipher#update without " + "preceding Cipher#(en|de)crypt."); + } + StringValue(data); + in = RSTRING(data)->ptr; + in_len = RSTRING(data)->len; - if (!(out = OPENSSL_malloc(in_len + EVP_CIPHER_CTX_block_size(&ciphp->ctx)))) { - ossl_raise(eCipherError, ""); - } - if (!EVP_CipherUpdate(&ciphp->ctx, out, &out_len, in, in_len)) { - OPENSSL_free(out); - ossl_raise(eCipherError, ""); - } - str = rb_str_new(out, out_len); + if (!(out = OPENSSL_malloc(in_len+EVP_CIPHER_CTX_block_size(&ciphp->ctx)))){ + ossl_raise(eCipherError, ""); + } + if (!EVP_CipherUpdate(&ciphp->ctx, out, &out_len, in, in_len)) { OPENSSL_free(out); + ossl_raise(eCipherError, ""); + } + str = rb_str_new(out, out_len); + OPENSSL_free(out); - return str; + return str; } static VALUE ossl_cipher_final(VALUE self) { - ossl_cipher *ciphp; - char *out; - int out_len; - VALUE str; + ossl_cipher *ciphp; + char *out; + int out_len; + VALUE str; - GetCipher(self, ciphp); + GetCipher(self, ciphp); - if (ciphp->init != Qtrue) { - ossl_raise(eCipherError, "Don't call Cipher#final without preceding Cipher#(en|de)crypt."); - } - if (!(out = OPENSSL_malloc(EVP_CIPHER_CTX_block_size(&ciphp->ctx)))) { - ossl_raise(eCipherError, ""); - } - if (!EVP_CipherFinal(&ciphp->ctx, out, &out_len)) { - OPENSSL_free(out); - ossl_raise(eCipherError, ""); - } - if (!EVP_CIPHER_CTX_cleanup(&ciphp->ctx)) { - OPENSSL_free(out); - ossl_raise(eCipherError, ""); - } - ciphp->init = Qfalse; - - str = rb_str_new(out, out_len); + if (ciphp->init != Qtrue) { + ossl_raise(eCipherError, + "Don't call Cipher#final without " + "preceding Cipher#(en|de)crypt."); + } + if (!(out = OPENSSL_malloc(EVP_CIPHER_CTX_block_size(&ciphp->ctx)))) { + ossl_raise(eCipherError, ""); + } + if (!EVP_CipherFinal(&ciphp->ctx, out, &out_len)) { + OPENSSL_free(out); + ossl_raise(eCipherError, ""); + } + if (!EVP_CIPHER_CTX_cleanup(&ciphp->ctx)) { OPENSSL_free(out); + ossl_raise(eCipherError, ""); + } + ciphp->init = Qfalse; + + str = rb_str_new(out, out_len); + OPENSSL_free(out); - return str; + return str; } static VALUE ossl_cipher_name(VALUE self) { - ossl_cipher *ciphp; - - GetCipher(self, ciphp); + ossl_cipher *ciphp; - return rb_str_new2(EVP_CIPHER_name(ciphp->cipher)); + GetCipher(self, ciphp); + + return rb_str_new2(EVP_CIPHER_name(ciphp->cipher)); } -#define CIPHER_0ARG_INT(func) \ - static VALUE \ - ossl_cipher_##func(VALUE self) \ - { \ - ossl_cipher *ciphp; \ - \ - GetCipher(self, ciphp); \ - \ - return INT2NUM(EVP_CIPHER_##func(ciphp->cipher)); \ - } +#define CIPHER_0ARG_INT(func) \ + static VALUE \ + ossl_cipher_##func(VALUE self) \ + { \ + ossl_cipher *ciphp; \ + GetCipher(self, ciphp); \ + return INT2NUM(EVP_CIPHER_##func(ciphp->cipher)); \ + } CIPHER_0ARG_INT(key_length) CIPHER_0ARG_INT(iv_length) @@ -292,29 +290,27 @@ CIPHER_0ARG_INT(iv_length) void Init_ossl_cipher(void) { - mCipher = rb_define_module_under(mOSSL, "Cipher"); - - eCipherError = rb_define_class_under(mOSSL, "CipherError", eOSSLError); - - cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject); + mCipher = rb_define_module_under(mOSSL, "Cipher"); + eCipherError = rb_define_class_under(mOSSL, "CipherError", eOSSLError); + cCipher = rb_define_class_under(mCipher, "Cipher", rb_cObject); - rb_define_singleton_method(cCipher, "allocate", ossl_cipher_s_allocate, 0); - rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1); - - rb_define_method(cCipher, "become", ossl_cipher_become, 1); - rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1); - rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1); - rb_define_method(cCipher, "update", ossl_cipher_update, 1); - rb_define_alias(cCipher, "<<", "update"); - rb_define_method(cCipher, "final", ossl_cipher_final, 0); - - rb_define_method(cCipher, "name", ossl_cipher_name, 0); - rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0); + rb_define_singleton_method(cCipher, "allocate", ossl_cipher_s_allocate, 0); + rb_define_method(cCipher, "initialize", ossl_cipher_initialize, 1); + + rb_define_method(cCipher, "become", ossl_cipher_become, 1); + rb_define_method(cCipher, "encrypt", ossl_cipher_encrypt, -1); + rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1); + rb_define_method(cCipher, "update", ossl_cipher_update, 1); + rb_define_alias(cCipher, "<<", "update"); + rb_define_method(cCipher, "final", ossl_cipher_final, 0); + + rb_define_method(cCipher, "name", ossl_cipher_name, 0); + rb_define_method(cCipher, "key_len", ossl_cipher_key_length, 0); /* * TODO * int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); */ - rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0); + rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0); } /* Init_ossl_cipher */ diff --git a/ossl_config.c b/ossl_config.c index d1d92be..ad8b05e 100644 --- a/ossl_config.c +++ b/ossl_config.c @@ -11,16 +11,17 @@ #include "ossl.h" #define WrapConfig(klass, obj, conf) do { \ - if (!conf) { \ - ossl_raise(rb_eRuntimeError, "Config wasn't intitialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, NCONF_free, conf); \ + if (!conf) { \ + ossl_raise(rb_eRuntimeError, "Config wasn't intitialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, NCONF_free, conf); \ } while (0) + #define GetConfig(obj, conf) do { \ - Data_Get_Struct(obj, CONF, conf); \ - if (!conf) { \ - ossl_raise(rb_eRuntimeError, "Config wasn't intitialized!"); \ - } \ + Data_Get_Struct(obj, CONF, conf); \ + if (!conf) { \ + ossl_raise(rb_eRuntimeError, "Config wasn't intitialized!"); \ + } \ } while (0) /* @@ -39,66 +40,65 @@ VALUE eConfigError; static VALUE ossl_config_s_load(int argc, VALUE *argv, VALUE klass) { - CONF *conf; - long err_line; - char *filename; - VALUE path, obj; - - if (rb_scan_args(argc, argv, "01", &path) == 1) { - SafeStringValue(path); - filename = RSTRING(path)->ptr; - } else { - if (!(filename = CONF_get1_default_config_file())) { - ossl_raise(eConfigError, ""); - } + CONF *conf; + long err_line; + char *filename; + VALUE path, obj; + + if (rb_scan_args(argc, argv, "01", &path) == 1) { + SafeStringValue(path); + filename = RSTRING(path)->ptr; + } + else { + if (!(filename = CONF_get1_default_config_file())) { + ossl_raise(eConfigError, ""); } + } /* * FIXME * Does't work for Windows? - if (!(conf = NCONF_new( #if defined(NT) - NCONF_WIN32() + if (!(conf = NCONF_new(NCONF_WIN32()))){ #else - NCONF_default() + if (!(conf = NCONF_new(NCONF_default()))){ #endif - ))) { */ - if (!(conf = NCONF_new(NULL))) { - ossl_raise(eConfigError, ""); - } - OSSL_Debug("Loading file: %s", filename); - - if (!NCONF_load(conf, filename, &err_line)) { - if (err_line <= 0) { - ossl_raise(eConfigError, "wrong config file (%s)", filename); - } else { - ossl_raise(eConfigError, "error on line %ld in config file \"%s\"", \ - err_line, filename); - } - } - WrapConfig(klass, obj, conf); + if (!(conf = NCONF_new(NULL))) { + ossl_raise(eConfigError, ""); + } + OSSL_Debug("Loading file: %s", filename); - return obj; + if (!NCONF_load(conf, filename, &err_line)) { + if (err_line <= 0) { + ossl_raise(eConfigError, "wrong config file (%s)", filename); + } else { + ossl_raise(eConfigError, "error on line %ld in config file \"%s\"", \ + err_line, filename); + } + } + WrapConfig(klass, obj, conf); + + return obj; } static VALUE ossl_config_get_value(int argc, VALUE *argv, VALUE self) { - CONF *conf; - VALUE section, item; - char *sect = NULL, *str; + CONF *conf; + VALUE section, item; + char *sect = NULL, *str; - GetConfig(self, conf); - - if (rb_scan_args(argc, argv, "11", §ion, &item) == 1) { - item = section; - } else if (!NIL_P(section)) { - sect = StringValuePtr(section); - } - if (!(str = NCONF_get_string(conf, sect, StringValuePtr(item)))) { - ossl_raise(eConfigError, ""); - } - return rb_str_new2(str); + GetConfig(self, conf); + + if (rb_scan_args(argc, argv, "11", §ion, &item) == 1) { + item = section; + } else if (!NIL_P(section)) { + sect = StringValuePtr(section); + } + if (!(str = NCONF_get_string(conf, sect, StringValuePtr(item)))) { + ossl_raise(eConfigError, ""); + } + return rb_str_new2(str); } /* @@ -109,28 +109,28 @@ ossl_config_get_value(int argc, VALUE *argv, VALUE self) static VALUE ossl_config_get_section(VALUE self, VALUE section) { - CONF *conf; - STACK_OF(CONF_VALUE) *sk; - CONF_VALUE *entry; - int i, entries; - VALUE hash; + CONF *conf; + STACK_OF(CONF_VALUE) *sk; + CONF_VALUE *entry; + int i, entries; + VALUE hash; - GetConfig(self, conf); - - if (!(sk = NCONF_get_section(conf, StringValuePtr(section)))) { - ossl_raise(eConfigError, ""); - } - hash = rb_hash_new(); + GetConfig(self, conf); - if ((entries = sk_CONF_VALUE_num(sk)) < 0) { - OSSL_Debug("# of items in section is < 0?!?"); - return hash; - } - for (i=0; i<entries; i++) { - entry = sk_CONF_VALUE_value(sk, i); - rb_hash_aset(hash, rb_str_new2(entry->name), rb_str_new2(entry->value)); - } + if (!(sk = NCONF_get_section(conf, StringValuePtr(section)))) { + ossl_raise(eConfigError, ""); + } + hash = rb_hash_new(); + + if ((entries = sk_CONF_VALUE_num(sk)) < 0) { + OSSL_Debug("# of items in section is < 0?!?"); return hash; + } + for (i=0; i<entries; i++) { + entry = sk_CONF_VALUE_value(sk, i); + rb_hash_aset(hash, rb_str_new2(entry->name), rb_str_new2(entry->value)); + } + return hash; } /* @@ -139,15 +139,15 @@ ossl_config_get_section(VALUE self, VALUE section) void Init_ossl_config() { - eConfigError = rb_define_class_under(mOSSL, "ConfigError", eOSSLError); + eConfigError = rb_define_class_under(mOSSL, "ConfigError", eOSSLError); - cConfig = rb_define_class_under(mOSSL, "Config", rb_cObject); + cConfig = rb_define_class_under(mOSSL, "Config", rb_cObject); - rb_define_singleton_method(cConfig, "load", ossl_config_s_load, -1); - rb_define_alias(CLASS_OF(cConfig), "new", "load"); - - rb_define_method(cConfig, "value", ossl_config_get_value, -1); - rb_define_method(cConfig, "section", ossl_config_get_section, 1); - rb_define_alias(cConfig, "[]", "section"); + rb_define_singleton_method(cConfig, "load", ossl_config_s_load, -1); + rb_define_alias(CLASS_OF(cConfig), "new", "load"); + + rb_define_method(cConfig, "value", ossl_config_get_value, -1); + rb_define_method(cConfig, "section", ossl_config_get_section, 1); + rb_define_alias(cConfig, "[]", "section"); } diff --git a/ossl_digest.c b/ossl_digest.c index bac0028..26d6998 100644 --- a/ossl_digest.c +++ b/ossl_digest.c @@ -11,16 +11,16 @@ #include "ossl.h" #define MakeDigest(klass, obj, ctx) \ - obj = Data_Make_Struct(klass, EVP_MD_CTX, 0, CRYPTO_free, ctx) + obj = Data_Make_Struct(klass, EVP_MD_CTX, 0, CRYPTO_free, ctx) #define GetDigest(obj, ctx) do { \ - Data_Get_Struct(obj, EVP_MD_CTX, ctx); \ - if (!ctx) { \ - ossl_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, EVP_MD_CTX, ctx); \ + if (!ctx) { \ + ossl_raise(rb_eRuntimeError, "Digest CTX wasn't initialized!"); \ + } \ } while (0) #define SafeGetDigest(obj, ctx) do { \ - OSSL_Check_Kind(obj, cDigest); \ - GetDigest(obj, ctx); \ + OSSL_Check_Kind(obj, cDigest); \ + GetDigest(obj, ctx); \ } while (0) /* @@ -36,11 +36,11 @@ VALUE eDigestError; const EVP_MD * GetDigestPtr(VALUE obj) { - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctx; - SafeGetDigest(obj, ctx); + SafeGetDigest(obj, ctx); - return EVP_MD_CTX_md(ctx); /*== ctx->digest*/ + return EVP_MD_CTX_md(ctx); /*== ctx->digest*/ } /* @@ -49,183 +49,174 @@ GetDigestPtr(VALUE obj) static VALUE ossl_digest_s_allocate(VALUE klass) { - EVP_MD_CTX *ctx; - VALUE obj; + EVP_MD_CTX *ctx; + VALUE obj; - MakeDigest(klass, obj, ctx); + MakeDigest(klass, obj, ctx); - return obj; + return obj; } static VALUE ossl_digest_initialize(VALUE self, VALUE str) { - EVP_MD_CTX *ctx; - const EVP_MD *md; - char *name; - - GetDigest(self, ctx); - - name = StringValuePtr(str); - - if (!(md = EVP_get_digestbyname(name))) { - ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name); - } - EVP_DigestInit(ctx, md); - - return self; + EVP_MD_CTX *ctx; + const EVP_MD *md; + char *name; + + GetDigest(self, ctx); + name = StringValuePtr(str); + if (!(md = EVP_get_digestbyname(name))) { + ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name); + } + EVP_DigestInit(ctx, md); + + return self; } static VALUE ossl_digest_update(VALUE self, VALUE data) { - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctx; - GetDigest(self, ctx); + GetDigest(self, ctx); + StringValue(data); + EVP_DigestUpdate(ctx, RSTRING(data)->ptr, RSTRING(data)->len); - StringValue(data); - - EVP_DigestUpdate(ctx, RSTRING(data)->ptr, RSTRING(data)->len); - - return self; + return self; } static void digest_final(EVP_MD_CTX *ctx, char **buf, int *buf_len) { - EVP_MD_CTX final; - - if (!EVP_MD_CTX_copy(&final, ctx)) { - ossl_raise(eDigestError, ""); - } - if (!(*buf = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) { - ossl_raise(eDigestError, "Cannot allocate mem for digest"); - } - EVP_DigestFinal(&final, *buf, buf_len); + EVP_MD_CTX final; + + if (!EVP_MD_CTX_copy(&final, ctx)) { + ossl_raise(eDigestError, ""); + } + if (!(*buf = OPENSSL_malloc(EVP_MD_CTX_size(&final)))) { + ossl_raise(eDigestError, "Cannot allocate mem for digest"); + } + EVP_DigestFinal(&final, *buf, buf_len); } static VALUE ossl_digest_digest(VALUE self) { - EVP_MD_CTX *ctx; - char *buf; - int buf_len; - VALUE digest; - - GetDigest(self, ctx); - - digest_final(ctx, &buf, &buf_len); + EVP_MD_CTX *ctx; + char *buf; + int buf_len; + VALUE digest; - digest = rb_str_new(buf, buf_len); - OPENSSL_free(buf); + GetDigest(self, ctx); + digest_final(ctx, &buf, &buf_len); + digest = rb_str_new(buf, buf_len); + OPENSSL_free(buf); - return digest; + return digest; } static VALUE ossl_digest_hexdigest(VALUE self) { - EVP_MD_CTX *ctx; - char *buf, *hexbuf; - int buf_len; - VALUE hexdigest; - - GetDigest(self, ctx); - - digest_final(ctx, &buf, &buf_len); - - if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { - OPENSSL_free(buf); - ossl_raise(eDigestError, "Memory alloc error"); - } - hexdigest = rb_str_new(hexbuf, 2 * buf_len); + EVP_MD_CTX *ctx; + char *buf, *hexbuf; + int buf_len; + VALUE hexdigest; + + GetDigest(self, ctx); + digest_final(ctx, &buf, &buf_len); + if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { OPENSSL_free(buf); - OPENSSL_free(hexbuf); + ossl_raise(eDigestError, "Memory alloc error"); + } + hexdigest = rb_str_new(hexbuf, 2 * buf_len); + OPENSSL_free(buf); + OPENSSL_free(hexbuf); - return hexdigest; + return hexdigest; } static VALUE ossl_digest_s_digest(VALUE klass, VALUE str, VALUE data) { - VALUE obj = rb_class_new_instance(1, &str, klass); + VALUE obj = rb_class_new_instance(1, &str, klass); - ossl_digest_update(obj, data); + ossl_digest_update(obj, data); - return ossl_digest_digest(obj); + return ossl_digest_digest(obj); } static VALUE ossl_digest_s_hexdigest(VALUE klass, VALUE str, VALUE data) { - VALUE obj = rb_class_new_instance(1, &str, klass); + VALUE obj = rb_class_new_instance(1, &str, klass); - ossl_digest_update(obj, data); + ossl_digest_update(obj, data); - return ossl_digest_hexdigest(obj); + return ossl_digest_hexdigest(obj); } static VALUE ossl_digest_clone(VALUE self) { - EVP_MD_CTX *ctx, *other; - VALUE obj; - - GetDigest(self, ctx); - - obj = rb_obj_alloc(CLASS_OF(self)); - - GetDigest(obj, other); - - if (!EVP_MD_CTX_copy(other, ctx)) { - ossl_raise(eDigestError, ""); - } - return obj; + EVP_MD_CTX *ctx, *other; + VALUE obj; + + GetDigest(self, ctx); + obj = rb_obj_alloc(CLASS_OF(self)); + GetDigest(obj, other); + if (!EVP_MD_CTX_copy(other, ctx)) { + ossl_raise(eDigestError, ""); + } + + return obj; } static VALUE ossl_digest_equal(VALUE self, VALUE other) { - EVP_MD_CTX *ctx; - VALUE str1, str2; - - GetDigest(self, ctx); - - if (rb_obj_is_kind_of(other, cDigest) == Qtrue) { - str2 = ossl_digest_digest(other); - } else { - StringValue(other); - str2 = other; - } - if (RSTRING(str2)->len == EVP_MD_CTX_size(ctx)) { - str1 = ossl_digest_digest(self); - } else { - str1 = ossl_digest_hexdigest(self); - } - if (RSTRING(str1)->len == RSTRING(str2)->len && rb_str_cmp(str1, str2) == 0) { - return Qtrue; - } - return Qfalse; + EVP_MD_CTX *ctx; + VALUE str1, str2; + + GetDigest(self, ctx); + if (rb_obj_is_kind_of(other, cDigest) == Qtrue) { + str2 = ossl_digest_digest(other); + } else { + StringValue(other); + str2 = other; + } + if (RSTRING(str2)->len == EVP_MD_CTX_size(ctx)) { + str1 = ossl_digest_digest(self); + } else { + str1 = ossl_digest_hexdigest(self); + } + if (RSTRING(str1)->len == RSTRING(str2)->len + && rb_str_cmp(str1, str2) == 0) { + return Qtrue; + } + + return Qfalse; } static VALUE ossl_digest_name(VALUE self) { - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctx; - GetDigest(self, ctx); + GetDigest(self, ctx); - return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx))); + return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx))); } static VALUE ossl_digest_size(VALUE self) { - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctx; - GetDigest(self, ctx); + GetDigest(self, ctx); - return INT2NUM(EVP_MD_CTX_size(ctx)); + return INT2NUM(EVP_MD_CTX_size(ctx)); } /* @@ -234,32 +225,30 @@ ossl_digest_size(VALUE self) void Init_ossl_digest() { - mDigest = rb_define_module_under(mOSSL, "Digest"); - - eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError); - - cDigest = rb_define_class_under(mDigest, "Digest", rb_cObject); - - rb_define_singleton_method(cDigest, "allocate", ossl_digest_s_allocate, 0); - rb_define_singleton_method(cDigest, "digest", ossl_digest_s_digest, 2); - rb_define_singleton_method(cDigest, "hexdigest", ossl_digest_s_hexdigest, 2); - - rb_define_method(cDigest, "initialize", ossl_digest_initialize, 1); - - rb_define_method(cDigest, "clone", ossl_digest_clone, 0); - - rb_define_method(cDigest, "digest", ossl_digest_digest, 0); - rb_define_method(cDigest, "hexdigest", ossl_digest_hexdigest, 0); - rb_define_alias(cDigest, "inspect", "hexdigest"); - rb_define_alias(cDigest, "to_s", "hexdigest"); - - rb_define_method(cDigest, "update", ossl_digest_update, 1); - rb_define_alias(cDigest, "<<", "update"); - - rb_define_method(cDigest, "==", ossl_digest_equal, 1); - - rb_define_method(cDigest, "name", ossl_digest_name, 0); - rb_define_method(cDigest, "size", ossl_digest_size, 0); - + mDigest = rb_define_module_under(mOSSL, "Digest"); + + eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError); + + cDigest = rb_define_class_under(mDigest, "Digest", rb_cObject); + + rb_define_singleton_method(cDigest, "allocate", ossl_digest_s_allocate, 0); + rb_define_singleton_method(cDigest, "digest", ossl_digest_s_digest, 2); + rb_define_singleton_method(cDigest, "hexdigest", ossl_digest_s_hexdigest, 2); + + rb_define_method(cDigest, "initialize", ossl_digest_initialize, 1); + + rb_define_method(cDigest, "clone", ossl_digest_clone, 0); + + rb_define_method(cDigest, "digest", ossl_digest_digest, 0); + rb_define_method(cDigest, "hexdigest", ossl_digest_hexdigest, 0); + rb_define_alias(cDigest, "inspect", "hexdigest"); + rb_define_alias(cDigest, "to_s", "hexdigest"); + + rb_define_method(cDigest, "update", ossl_digest_update, 1); + rb_define_alias(cDigest, "<<", "update"); + + rb_define_method(cDigest, "==", ossl_digest_equal, 1); + + rb_define_method(cDigest, "name", ossl_digest_name, 0); + rb_define_method(cDigest, "size", ossl_digest_size, 0); } - diff --git a/ossl_hmac.c b/ossl_hmac.c index 8e4875b..53ab786 100644 --- a/ossl_hmac.c +++ b/ossl_hmac.c @@ -13,12 +13,12 @@ #include "ossl.h" #define MakeHMAC(obj, ctx) \ - obj = Data_Make_Struct(cHMAC, HMAC_CTX, 0, CRYPTO_free, ctx) + obj = Data_Make_Struct(cHMAC, HMAC_CTX, 0, CRYPTO_free, ctx) #define GetHMAC(obj, ctx) do { \ - Data_Get_Struct(obj, HMAC_CTX, ctx); \ - if (!ctx) { \ - ossl_raise(rb_eRuntimeError, "HMAC wasn't initialized"); \ - } \ + Data_Get_Struct(obj, HMAC_CTX, ctx); \ + if (!ctx) { \ + ossl_raise(rb_eRuntimeError, "HMAC wasn't initialized"); \ + } \ } while (0) /* @@ -37,133 +37,125 @@ VALUE eHMACError; static VALUE ossl_hmac_s_allocate(VALUE klass) { - HMAC_CTX *ctx; - VALUE obj; + HMAC_CTX *ctx; + VALUE obj; - MakeHMAC(obj, ctx); + MakeHMAC(obj, ctx); - return obj; + return obj; } static VALUE ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) { - HMAC_CTX *ctx; + HMAC_CTX *ctx; - GetHMAC(self, ctx); + GetHMAC(self, ctx); + StringValue(key); + HMAC_CTX_init(ctx); + HMAC_Init(ctx, RSTRING(key)->ptr, RSTRING(key)->len, GetDigestPtr(digest)); - StringValue(key); - - HMAC_CTX_init(ctx); - HMAC_Init(ctx, RSTRING(key)->ptr, RSTRING(key)->len, GetDigestPtr(digest)); - - return self; + return self; } static VALUE ossl_hmac_update(VALUE self, VALUE data) { - HMAC_CTX *ctx; - - GetHMAC(self, ctx); + HMAC_CTX *ctx; - StringValue(data); + GetHMAC(self, ctx); + StringValue(data); + HMAC_Update(ctx, RSTRING(data)->ptr, RSTRING(data)->len); - HMAC_Update(ctx, RSTRING(data)->ptr, RSTRING(data)->len); - - return self; + return self; } static void hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len) { - HMAC_CTX final; - - if (!HMAC_CTX_copy(&final, ctx)) { - ossl_raise(eHMACError, ""); - } - if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) { - OSSL_Debug("Allocating %d mem", HMAC_size(&final)); - ossl_raise(eHMACError, "Cannot allocate memory for hmac"); - } - HMAC_Final(&final, *buf, buf_len); - HMAC_CTX_cleanup(&final); + HMAC_CTX final; + + if (!HMAC_CTX_copy(&final, ctx)) { + ossl_raise(eHMACError, ""); + } + if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) { + OSSL_Debug("Allocating %d mem", HMAC_size(&final)); + ossl_raise(eHMACError, "Cannot allocate memory for hmac"); + } + HMAC_Final(&final, *buf, buf_len); + HMAC_CTX_cleanup(&final); } static VALUE ossl_hmac_digest(VALUE self) { - HMAC_CTX *ctx; - char *buf; - int buf_len; - VALUE digest; - - GetHMAC(self, ctx); - - hmac_final(ctx, &buf, &buf_len); - - digest = rb_str_new(buf, buf_len); - OPENSSL_free(buf); - - return digest; + HMAC_CTX *ctx; + char *buf; + int buf_len; + VALUE digest; + + GetHMAC(self, ctx); + hmac_final(ctx, &buf, &buf_len); + digest = rb_str_new(buf, buf_len); + OPENSSL_free(buf); + + return digest; } static VALUE ossl_hmac_hexdigest(VALUE self) { - HMAC_CTX *ctx; - char *buf, *hexbuf; - int buf_len; - VALUE hexdigest; - - GetHMAC(self, ctx); - - hmac_final(ctx, &buf, &buf_len); - - if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { - OPENSSL_free(buf); - ossl_raise(eHMACError, "Memory alloc error"); - } - hexdigest = rb_str_new(hexbuf, 2 * buf_len); + HMAC_CTX *ctx; + char *buf, *hexbuf; + int buf_len; + VALUE hexdigest; + + GetHMAC(self, ctx); + hmac_final(ctx, &buf, &buf_len); + if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { OPENSSL_free(buf); - OPENSSL_free(hexbuf); + ossl_raise(eHMACError, "Memory alloc error"); + } + hexdigest = rb_str_new(hexbuf, 2 * buf_len); + OPENSSL_free(buf); + OPENSSL_free(hexbuf); - return hexdigest; + return hexdigest; } static VALUE ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data) { - char *buf; - int buf_len; - - StringValue(key); - StringValue(data); + char *buf; + int buf_len; - buf = HMAC(GetDigestPtr(digest), RSTRING(key)->ptr, RSTRING(key)->len, RSTRING(data)->ptr, RSTRING(data)->len, NULL, &buf_len); + StringValue(key); + StringValue(data); + buf = HMAC(GetDigestPtr(digest), RSTRING(key)->ptr, RSTRING(key)->len, + RSTRING(data)->ptr, RSTRING(data)->len, NULL, &buf_len); - return rb_str_new(buf, buf_len); + return rb_str_new(buf, buf_len); } static VALUE ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data) { - char *buf, *hexbuf; - int buf_len; - VALUE hexdigest; - - StringValue(key); - StringValue(data); - - buf = HMAC(GetDigestPtr(digest), RSTRING(key)->ptr, RSTRING(key)->len, RSTRING(data)->ptr, RSTRING(data)->len, NULL, &buf_len); - - if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { - ossl_raise(eHMACError, "Cannot convert buf to hexbuf"); - } - hexdigest = rb_str_new(hexbuf, 2 * buf_len); - OPENSSL_free(hexbuf); - - return hexdigest; + char *buf, *hexbuf; + int buf_len; + VALUE hexdigest; + + StringValue(key); + StringValue(data); + + buf = HMAC(GetDigestPtr(digest), RSTRING(key)->ptr, RSTRING(key)->len, + RSTRING(data)->ptr, RSTRING(data)->len, NULL, &buf_len); + if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { + ossl_raise(eHMACError, "Cannot convert buf to hexbuf"); + } + hexdigest = rb_str_new(hexbuf, 2 * buf_len); + OPENSSL_free(hexbuf); + + return hexdigest; } /* @@ -172,32 +164,29 @@ ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data) void Init_ossl_hmac() { - eHMACError = rb_define_class_under(mOSSL, "HMACError", eOSSLError); + eHMACError = rb_define_class_under(mOSSL, "HMACError", eOSSLError); - cHMAC = rb_define_class_under(mOSSL, "HMAC", rb_cObject); + cHMAC = rb_define_class_under(mOSSL, "HMAC", rb_cObject); - rb_define_singleton_method(cHMAC, "digest", ossl_hmac_s_digest, 3); - rb_define_singleton_method(cHMAC, "hexdigest", ossl_hmac_s_hexdigest, 3); - rb_define_singleton_method(cHMAC, "allocate", ossl_hmac_s_allocate, 0); - rb_define_method(cHMAC, "initialize", ossl_hmac_initialize, 2); + rb_define_singleton_method(cHMAC, "digest", ossl_hmac_s_digest, 3); + rb_define_singleton_method(cHMAC, "hexdigest", ossl_hmac_s_hexdigest, 3); + rb_define_singleton_method(cHMAC, "allocate", ossl_hmac_s_allocate, 0); + rb_define_method(cHMAC, "initialize", ossl_hmac_initialize, 2); - rb_define_method(cHMAC, "update", ossl_hmac_update, 1); - rb_define_alias(cHMAC, "<<", "update"); - rb_define_method(cHMAC, "digest", ossl_hmac_digest, 0); - rb_define_method(cHMAC, "hexdigest", ossl_hmac_hexdigest, 0); - rb_define_alias(cHMAC, "inspect", "hexdigest"); - rb_define_alias(cHMAC, "to_s", "hexdigest"); + rb_define_method(cHMAC, "update", ossl_hmac_update, 1); + rb_define_alias(cHMAC, "<<", "update"); + rb_define_method(cHMAC, "digest", ossl_hmac_digest, 0); + rb_define_method(cHMAC, "hexdigest", ossl_hmac_hexdigest, 0); + rb_define_alias(cHMAC, "inspect", "hexdigest"); + rb_define_alias(cHMAC, "to_s", "hexdigest"); } #else /* NO_HMAC */ # warning >>> OpenSSL is compiled without HMAC support <<< - void Init_ossl_hmac() { - rb_warning("HMAC will NOT be avaible: OpenSSL is compiled without HMAC."); + rb_warning("HMAC will NOT be avaible: OpenSSL is compiled without HMAC."); } - #endif /* NO_HMAC */ - diff --git a/ossl_ns_spki.c b/ossl_ns_spki.c index d357131..00c6762 100644 --- a/ossl_ns_spki.c +++ b/ossl_ns_spki.c @@ -11,16 +11,16 @@ #include "ossl.h" #define WrapSPKI(klass, obj, spki) do { \ - if (!spki) { \ - ossl_raise(rb_eRuntimeError, "SPKI wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, NETSCAPE_SPKI_free, spki); \ + if (!spki) { \ + ossl_raise(rb_eRuntimeError, "SPKI wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, NETSCAPE_SPKI_free, spki); \ } while (0) #define GetSPKI(obj, spki) do { \ - Data_Get_Struct(obj, NETSCAPE_SPKI, spki); \ - if (!spki) { \ - ossl_raise(rb_eRuntimeError, "SPKI wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, NETSCAPE_SPKI, spki); \ + if (!spki) { \ + ossl_raise(rb_eRuntimeError, "SPKI wasn't initialized!"); \ + } \ } while (0) /* @@ -40,149 +40,147 @@ VALUE eSPKIError; static VALUE ossl_spki_s_allocate(VALUE klass) { - NETSCAPE_SPKI *spki; - VALUE obj; + NETSCAPE_SPKI *spki; + VALUE obj; - if (!(spki = NETSCAPE_SPKI_new())) { - ossl_raise(eSPKIError, ""); - } - WrapSPKI(klass, obj, spki); + if (!(spki = NETSCAPE_SPKI_new())) { + ossl_raise(eSPKIError, ""); + } + WrapSPKI(klass, obj, spki); - return obj; + return obj; } static VALUE ossl_spki_initialize(int argc, VALUE *argv, VALUE self) { - NETSCAPE_SPKI *spki; - VALUE buffer; + NETSCAPE_SPKI *spki; + VALUE buffer; - if (rb_scan_args(argc, argv, "01", &buffer) == 0) { - return self; - } - if (!(spki = NETSCAPE_SPKI_b64_decode(StringValuePtr(buffer), -1))) { - ossl_raise(eSPKIError, ""); - } - NETSCAPE_SPKI_free(DATA_PTR(self)); - DATA_PTR(self) = spki; - + if (rb_scan_args(argc, argv, "01", &buffer) == 0) { return self; + } + if (!(spki = NETSCAPE_SPKI_b64_decode(StringValuePtr(buffer), -1))) { + ossl_raise(eSPKIError, ""); + } + NETSCAPE_SPKI_free(DATA_PTR(self)); + DATA_PTR(self) = spki; + + return self; } static VALUE ossl_spki_to_pem(VALUE self) { - NETSCAPE_SPKI *spki; - char *data; - VALUE str; + NETSCAPE_SPKI *spki; + char *data; + VALUE str; - GetSPKI(self, spki); - - if (!(data = NETSCAPE_SPKI_b64_encode(spki))) { - ossl_raise(eSPKIError, ""); - } - str = rb_str_new2(data); - OPENSSL_free(data); - - return str; + GetSPKI(self, spki); + if (!(data = NETSCAPE_SPKI_b64_encode(spki))) { + ossl_raise(eSPKIError, ""); + } + str = rb_str_new2(data); + OPENSSL_free(data); + + return str; } static VALUE ossl_spki_print(VALUE self) { - NETSCAPE_SPKI *spki; - BIO *out; - BUF_MEM *buf; - VALUE str; + NETSCAPE_SPKI *spki; + BIO *out; + BUF_MEM *buf; + VALUE str; - GetSPKI(self, spki); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eSPKIError, ""); - } - if (!NETSCAPE_SPKI_print(out, spki)) { - BIO_free(out); - ossl_raise(eSPKIError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + GetSPKI(self, spki); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eSPKIError, ""); + } + if (!NETSCAPE_SPKI_print(out, spki)) { BIO_free(out); + ossl_raise(eSPKIError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); - return str; + return str; } static VALUE ossl_spki_get_public_key(VALUE self) { - NETSCAPE_SPKI *spki; - EVP_PKEY *pkey; + NETSCAPE_SPKI *spki; + EVP_PKEY *pkey; - GetSPKI(self, spki); - - if (!(pkey = NETSCAPE_SPKI_get_pubkey(spki))) { /* adds an reference */ - ossl_raise(eSPKIError, ""); - } - return ossl_pkey_new(pkey); /* NO DUP - OK */ + GetSPKI(self, spki); + if (!(pkey = NETSCAPE_SPKI_get_pubkey(spki))) { /* adds an reference */ + ossl_raise(eSPKIError, ""); + } + + return ossl_pkey_new(pkey); /* NO DUP - OK */ } static VALUE ossl_spki_set_public_key(VALUE self, VALUE key) { - NETSCAPE_SPKI *spki; + NETSCAPE_SPKI *spki; - GetSPKI(self, spki); - - if (!NETSCAPE_SPKI_set_pubkey(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */ - ossl_raise(eSPKIError, ""); - } - return key; + GetSPKI(self, spki); + if (!NETSCAPE_SPKI_set_pubkey(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */ + ossl_raise(eSPKIError, ""); + } + + return key; } static VALUE ossl_spki_get_challenge(VALUE self) { - NETSCAPE_SPKI *spki; + NETSCAPE_SPKI *spki; - GetSPKI(self, spki); + GetSPKI(self, spki); + if (spki->spkac->challenge->length <= 0) { + OSSL_Debug("Challenge.length <= 0?"); + return rb_str_new2(""); + } - if (spki->spkac->challenge->length <= 0) { - OSSL_Debug("Challenge.length <= 0?"); - return rb_str_new2(""); - } - return rb_str_new(spki->spkac->challenge->data, spki->spkac->challenge->length); + return rb_str_new(spki->spkac->challenge->data, + spki->spkac->challenge->length); } static VALUE ossl_spki_set_challenge(VALUE self, VALUE str) { - NETSCAPE_SPKI *spki; - - GetSPKI(self, spki); - - StringValue(str); - - if (!ASN1_STRING_set(spki->spkac->challenge, RSTRING(str)->ptr, RSTRING(str)->len)) { - ossl_raise(eSPKIError, ""); - } - return str; + NETSCAPE_SPKI *spki; + + GetSPKI(self, spki); + StringValue(str); + if (!ASN1_STRING_set(spki->spkac->challenge, RSTRING(str)->ptr, + RSTRING(str)->len)) { + ossl_raise(eSPKIError, ""); + } + + return str; } static VALUE ossl_spki_sign(VALUE self, VALUE key, VALUE digest) { - NETSCAPE_SPKI *spki; - EVP_PKEY *pkey; - const EVP_MD *md; - - GetSPKI(self, spki); - - pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ - md = GetDigestPtr(digest); - - if (!NETSCAPE_SPKI_sign(spki, pkey, md)) { - ossl_raise(eSPKIError, ""); - } - return self; + NETSCAPE_SPKI *spki; + EVP_PKEY *pkey; + const EVP_MD *md; + + GetSPKI(self, spki); + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + md = GetDigestPtr(digest); + if (!NETSCAPE_SPKI_sign(spki, pkey, md)) { + ossl_raise(eSPKIError, ""); + } + + return self; } /* @@ -191,19 +189,18 @@ ossl_spki_sign(VALUE self, VALUE key, VALUE digest) static VALUE ossl_spki_verify(VALUE self, VALUE key) { - NETSCAPE_SPKI *spki; - - GetSPKI(self, spki); - - switch (NETSCAPE_SPKI_verify(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */ - case 0: - return Qfalse; - case 1: - return Qtrue; - default: - ossl_raise(eSPKIError, ""); - } - return Qnil; /* dummy */ + NETSCAPE_SPKI *spki; + + GetSPKI(self, spki); + switch (NETSCAPE_SPKI_verify(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */ + case 0: + return Qfalse; + case 1: + return Qtrue; + default: + ossl_raise(eSPKIError, ""); + } + return Qnil; /* dummy */ } /* @@ -212,23 +209,23 @@ ossl_spki_verify(VALUE self, VALUE key) void Init_ossl_ns_spki() { - mNetscape = rb_define_module_under(mOSSL, "Netscape"); + mNetscape = rb_define_module_under(mOSSL, "Netscape"); - eSPKIError = rb_define_class_under(mNetscape, "SPKIError", eOSSLError); + eSPKIError = rb_define_class_under(mNetscape, "SPKIError", eOSSLError); - cSPKI = rb_define_class_under(mNetscape, "SPKI", rb_cObject); + cSPKI = rb_define_class_under(mNetscape, "SPKI", rb_cObject); - rb_define_singleton_method(cSPKI, "allocate", ossl_spki_s_allocate, 0); - rb_define_method(cSPKI, "initialize", ossl_spki_initialize, -1); + rb_define_singleton_method(cSPKI, "allocate", ossl_spki_s_allocate, 0); + rb_define_method(cSPKI, "initialize", ossl_spki_initialize, -1); - rb_define_method(cSPKI, "to_pem", ossl_spki_to_pem, 0); - rb_define_alias(cSPKI, "to_s", "to_pem"); - rb_define_method(cSPKI, "to_text", ossl_spki_print, 0); - rb_define_method(cSPKI, "public_key", ossl_spki_get_public_key, 0); - rb_define_method(cSPKI, "public_key=", ossl_spki_set_public_key, 1); - rb_define_method(cSPKI, "sign", ossl_spki_sign, 2); - rb_define_method(cSPKI, "verify", ossl_spki_verify, 1); - rb_define_method(cSPKI, "challenge", ossl_spki_get_challenge, 0); - rb_define_method(cSPKI, "challenge=", ossl_spki_set_challenge, 1); + rb_define_method(cSPKI, "to_pem", ossl_spki_to_pem, 0); + rb_define_alias(cSPKI, "to_s", "to_pem"); + rb_define_method(cSPKI, "to_text", ossl_spki_print, 0); + rb_define_method(cSPKI, "public_key", ossl_spki_get_public_key, 0); + rb_define_method(cSPKI, "public_key=", ossl_spki_set_public_key, 1); + rb_define_method(cSPKI, "sign", ossl_spki_sign, 2); + rb_define_method(cSPKI, "verify", ossl_spki_verify, 1); + rb_define_method(cSPKI, "challenge", ossl_spki_get_challenge, 0); + rb_define_method(cSPKI, "challenge=", ossl_spki_set_challenge, 1); } diff --git a/ossl_pkcs7.c b/ossl_pkcs7.c index 6b83564..ab75a62 100644 --- a/ossl_pkcs7.c +++ b/ossl_pkcs7.c @@ -11,33 +11,32 @@ #include "ossl.h" #define WrapPKCS7(klass, obj, pkcs7) do { \ - if (!pkcs7) { \ - ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \ - } \ - obj = Data_Wrap_Struct(klass, 0, PKCS7_free, pkcs7); \ + if (!pkcs7) { \ + ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \ + } \ + obj = Data_Wrap_Struct(klass, 0, PKCS7_free, pkcs7); \ } while (0) #define GetPKCS7(obj, pkcs7) do { \ - Data_Get_Struct(obj, PKCS7, pkcs7); \ - if (!pkcs7) { \ - ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \ - } \ + Data_Get_Struct(obj, PKCS7, pkcs7); \ + if (!pkcs7) { \ + ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \ + } \ } while (0) - #define WrapPKCS7si(klass, obj, p7si) do { \ - if (!p7si) { \ - ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \ - } \ - obj = Data_Wrap_Struct(klass, 0, PKCS7_SIGNER_INFO_free, p7si); \ + if (!p7si) { \ + ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \ + } \ + obj = Data_Wrap_Struct(klass, 0, PKCS7_SIGNER_INFO_free, p7si); \ } while (0) #define GetPKCS7si(obj, p7si) do { \ - Data_Get_Struct(obj, PKCS7_SIGNER_INFO, p7si); \ - if (!p7si) { \ - ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \ - } \ + Data_Get_Struct(obj, PKCS7_SIGNER_INFO, p7si); \ + if (!p7si) { \ + ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \ + } \ } while (0) #define SafeGetPKCS7si(obj, p7si) do { \ - OSSL_Check_Kind(obj, cPKCS7SignerInfo); \ - GetPKCS7si(obj, p7si); \ + OSSL_Check_Kind(obj, cPKCS7SignerInfo); \ + GetPKCS7si(obj, p7si); \ } while (0) /* @@ -66,387 +65,376 @@ VALUE ePKCS7Error; static VALUE ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si) { - PKCS7_SIGNER_INFO *new; - VALUE obj; - - if (!p7si) { - new = PKCS7_SIGNER_INFO_new(); - } else { - new = PKCS7_SIGNER_INFO_dup(p7si); - } - if (!new) { - ossl_raise(ePKCS7Error, ""); - } - WrapPKCS7si(cPKCS7SignerInfo, obj, new); - - return obj; + PKCS7_SIGNER_INFO *new; + VALUE obj; + + if (!p7si) { + new = PKCS7_SIGNER_INFO_new(); + } + else { + new = PKCS7_SIGNER_INFO_dup(p7si); + } + if (!new) { + ossl_raise(ePKCS7Error, ""); + } + WrapPKCS7si(cPKCS7SignerInfo, obj, new); + + return obj; } static PKCS7_SIGNER_INFO * ossl_pkcs7si_get_PKCS7_SIGNER_INFO(VALUE obj) { - PKCS7_SIGNER_INFO *p7si, *new; + PKCS7_SIGNER_INFO *p7si, *new; - SafeGetPKCS7si(obj, p7si); + SafeGetPKCS7si(obj, p7si); + if (!(new = PKCS7_SIGNER_INFO_dup(p7si))) { + ossl_raise(ePKCS7Error, ""); + } - if (!(new = PKCS7_SIGNER_INFO_dup(p7si))) { - ossl_raise(ePKCS7Error, ""); - } - return new; + return new; } /* * Private */ +#if 0 /* * WORKS WELL, but we can implement this in Ruby space -static VALUE ossl_pkcs7_s_sign(VALUE klass, VALUE key, VALUE cert, VALUE data) + */ +static VALUE +ossl_pkcs7_s_sign(VALUE klass, VALUE key, VALUE cert, VALUE data) { - PKCS7 *pkcs7; - EVP_PKEY *pkey; - X509 *x509; - BIO *bio; - VALUE obj; + PKCS7 *pkcs7; + EVP_PKEY *pkey; + X509 *x509; + BIO *bio; + VALUE obj; - StringValue(data); + StringValue(data); - pkey = GetPrivPKeyPtr(key); * NO NEED TO DUP * - x509 = GetX509CertPtr(cert); * NO NEED TO DUP * + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ - if (!(bio = BIO_new_mem_buf(RSTRING(data)->ptr, RSTRING(data)->len))) { - ossl_raise(ePKCS7Error, ""); - } - if (!(pkcs7 = PKCS7_sign(x509, pkey, NULL, bio, 0))) { - BIO_free(bio); - ossl_raise(ePKCS7Error, ""); - } + if (!(bio = BIO_new_mem_buf(RSTRING(data)->ptr, RSTRING(data)->len))) { + ossl_raise(ePKCS7Error, ""); + } + if (!(pkcs7 = PKCS7_sign(x509, pkey, NULL, bio, 0))) { BIO_free(bio); - - WrapPKCS7(cPKC7, obj, pkcs7); + ossl_raise(ePKCS7Error, ""); + } + BIO_free(bio); + WrapPKCS7(cPKC7, obj, pkcs7); - return obj; + return obj; } - */ +#endif static VALUE ossl_pkcs7_s_allocate(VALUE klass) { - PKCS7 *pkcs7; - VALUE obj; - - if (!(pkcs7 = PKCS7_new())) { - ossl_raise(ePKCS7Error, ""); - } - WrapPKCS7(klass, obj, pkcs7); - - return obj; + PKCS7 *pkcs7; + VALUE obj; + + if (!(pkcs7 = PKCS7_new())) { + ossl_raise(ePKCS7Error, ""); + } + WrapPKCS7(klass, obj, pkcs7); + + return obj; } static VALUE ossl_pkcs7_initialize(VALUE self, VALUE arg) { - PKCS7 *pkcs7; - BIO *in; + PKCS7 *pkcs7; + BIO *in; - switch (TYPE(arg)) { - case T_FIXNUM: - GetPKCS7(self, pkcs7); - - if(!PKCS7_set_type(pkcs7, FIX2INT(arg))) { - ossl_raise(ePKCS7Error, ""); - } - break; - default: - StringValue(arg); - if (!(in = BIO_new_mem_buf(RSTRING(arg)->ptr, RSTRING(arg)->len))) { - ossl_raise(ePKCS7Error, ""); - } - if (!PEM_read_bio_PKCS7(in, (PKCS7 **)&DATA_PTR(self), NULL, NULL)) { - BIO_free(in); - ossl_raise(ePKCS7Error, ""); - } - BIO_free(in); + switch (TYPE(arg)) { + case T_FIXNUM: + GetPKCS7(self, pkcs7); + if(!PKCS7_set_type(pkcs7, FIX2INT(arg))) { + ossl_raise(ePKCS7Error, ""); } - return self; + break; + default: + StringValue(arg); + if (!(in = BIO_new_mem_buf(RSTRING(arg)->ptr, RSTRING(arg)->len))) { + ossl_raise(ePKCS7Error, ""); + } + if (!PEM_read_bio_PKCS7(in, (PKCS7 **)&DATA_PTR(self), NULL, NULL)) { + BIO_free(in); + ossl_raise(ePKCS7Error, ""); + } + BIO_free(in); + } + + return self; } static VALUE ossl_pkcs7_set_cipher(VALUE self, VALUE cipher) { - PKCS7 *pkcs7; + PKCS7 *pkcs7; - GetPKCS7(self, pkcs7); + GetPKCS7(self, pkcs7); + if (!PKCS7_set_cipher(pkcs7, ossl_cipher_get_EVP_CIPHER(cipher))) { + ossl_raise(ePKCS7Error, ""); + } - if (!PKCS7_set_cipher(pkcs7, ossl_cipher_get_EVP_CIPHER(cipher))) { - ossl_raise(ePKCS7Error, ""); - } - return cipher; + return cipher; } static VALUE ossl_pkcs7_add_signer(VALUE self, VALUE signer, VALUE key) { - PKCS7 *pkcs7; - PKCS7_SIGNER_INFO *p7si; - EVP_PKEY *pkey; - - GetPKCS7(self, pkcs7); - - OSSL_Check_Kind(signer, cPKCS7SignerInfo); - - pkey = DupPrivPKeyPtr(key); - p7si = ossl_pkcs7si_get_PKCS7_SIGNER_INFO(signer); /* DUP needed to make PKCS7_add_signer GCsafe */ - p7si->pkey = pkey; - - if (!PKCS7_add_signer(pkcs7, p7si)) { - PKCS7_SIGNER_INFO_free(p7si); - ossl_raise(ePKCS7Error, "Could not add signer."); - } - if (PKCS7_type_is_signed(pkcs7)) { - PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); - } - return self; + PKCS7 *pkcs7; + PKCS7_SIGNER_INFO *p7si; + EVP_PKEY *pkey; + + GetPKCS7(self, pkcs7); + OSSL_Check_Kind(signer, cPKCS7SignerInfo); + pkey = DupPrivPKeyPtr(key); + /* DUP needed to make PKCS7_add_signer GCsafe */ + p7si = ossl_pkcs7si_get_PKCS7_SIGNER_INFO(signer); + p7si->pkey = pkey; + + if (!PKCS7_add_signer(pkcs7, p7si)) { + PKCS7_SIGNER_INFO_free(p7si); + ossl_raise(ePKCS7Error, "Could not add signer."); + } + if (PKCS7_type_is_signed(pkcs7)) { + PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType, + V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); + } + return self; } static VALUE ossl_pkcs7_get_signer(VALUE self) { - PKCS7 *pkcs7; - STACK_OF(PKCS7_SIGNER_INFO) *sk; - PKCS7_SIGNER_INFO *si; - int num, i; - VALUE ary; - - GetPKCS7(self, pkcs7); - - if (!(sk = PKCS7_get_signer_info(pkcs7))) { - OSSL_Debug("OpenSSL::PKCS7#get_signer_info == NULL!"); - return rb_ary_new(); - } - if ((num = sk_PKCS7_SIGNER_INFO_num(sk)) < 0) { - ossl_raise(ePKCS7Error, "Negative number of signers!"); - } - ary = rb_ary_new2(num); - - for (i=0; i<num; i++) { - si = sk_PKCS7_SIGNER_INFO_value(sk, i); - rb_ary_push(ary, ossl_pkcs7si_new(si)); - } - return ary; + PKCS7 *pkcs7; + STACK_OF(PKCS7_SIGNER_INFO) *sk; + PKCS7_SIGNER_INFO *si; + int num, i; + VALUE ary; + + GetPKCS7(self, pkcs7); + if (!(sk = PKCS7_get_signer_info(pkcs7))) { + OSSL_Debug("OpenSSL::PKCS7#get_signer_info == NULL!"); + return rb_ary_new(); + } + if ((num = sk_PKCS7_SIGNER_INFO_num(sk)) < 0) { + ossl_raise(ePKCS7Error, "Negative number of signers!"); + } + ary = rb_ary_new2(num); + + for (i=0; i<num; i++) { + si = sk_PKCS7_SIGNER_INFO_value(sk, i); + rb_ary_push(ary, ossl_pkcs7si_new(si)); + } + return ary; } static VALUE ossl_pkcs7_add_recipient(VALUE self, VALUE cert) { - PKCS7 *pkcs7; - PKCS7_RECIP_INFO *ri; - X509 *x509; - - GetPKCS7(self, pkcs7); - - x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ - - if (!(ri = PKCS7_RECIP_INFO_new())) { - ossl_raise(ePKCS7Error, ""); - } - if (!PKCS7_RECIP_INFO_set(ri, x509)) { - PKCS7_RECIP_INFO_free(ri); - ossl_raise(ePKCS7Error, ""); - } - - if (!PKCS7_add_recipient_info(pkcs7, ri)) { - PKCS7_RECIP_INFO_free(ri); - ossl_raise(ePKCS7Error, ""); - } - return self; + PKCS7 *pkcs7; + PKCS7_RECIP_INFO *ri; + X509 *x509; + + GetPKCS7(self, pkcs7); + x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ + if (!(ri = PKCS7_RECIP_INFO_new())) { + ossl_raise(ePKCS7Error, ""); + } + if (!PKCS7_RECIP_INFO_set(ri, x509)) { + PKCS7_RECIP_INFO_free(ri); + ossl_raise(ePKCS7Error, ""); + } + if (!PKCS7_add_recipient_info(pkcs7, ri)) { + PKCS7_RECIP_INFO_free(ri); + ossl_raise(ePKCS7Error, ""); + } + + return self; } static VALUE ossl_pkcs7_add_certificate(VALUE self, VALUE cert) { - PKCS7 *pkcs7; + PKCS7 *pkcs7; - GetPKCS7(self, pkcs7); + GetPKCS7(self, pkcs7); + if (!PKCS7_add_certificate(pkcs7, GetX509CertPtr(cert))){/* NO NEED TO DUP */ + ossl_raise(ePKCS7Error, ""); + } - if (!PKCS7_add_certificate(pkcs7, GetX509CertPtr(cert))) { /* NO NEED TO DUP */ - ossl_raise(ePKCS7Error, ""); - } - return self; + return self; } static VALUE ossl_pkcs7_add_crl(VALUE self, VALUE crl) { - PKCS7 *pkcs7; + PKCS7 *pkcs7; - GetPKCS7(self, pkcs7); - - if (!PKCS7_add_crl(pkcs7, GetX509CRLPtr(crl))) { /* NO DUP needed! */ - ossl_raise(ePKCS7Error, ""); - } - return self; + GetPKCS7(self, pkcs7); + if (!PKCS7_add_crl(pkcs7, GetX509CRLPtr(crl))) { /* NO DUP needed! */ + ossl_raise(ePKCS7Error, ""); + } + return self; } static VALUE ossl_pkcs7_add_data(int argc, VALUE *argv, VALUE self) { - PKCS7 *pkcs7; - BIO *bio; - int i; - VALUE data, detach; - - GetPKCS7(self, pkcs7); - - rb_scan_args(argc, argv, "11", &data, &detach); - - StringValue(data); - - PKCS7_content_new(pkcs7, NID_pkcs7_data); - - if (detach == Qtrue) { - PKCS7_set_detached(pkcs7, 1); - } - if (!(bio=PKCS7_dataInit(pkcs7, NULL))) { - ossl_raise(ePKCS7Error, ""); - } - if ((i = BIO_write(bio, RSTRING(data)->ptr, RSTRING(data)->len)) != RSTRING(data)->len) { - BIO_free(bio); - ossl_raise(ePKCS7Error, "BIO_wrote %d, but should be %d!", i, RSTRING(data)->len); - } - if (!PKCS7_dataFinal(pkcs7, bio)) { - BIO_free(bio); - ossl_raise(ePKCS7Error, ""); - } + PKCS7 *pkcs7; + BIO *bio; + int i; + VALUE data, detach; + + GetPKCS7(self, pkcs7); + rb_scan_args(argc, argv, "11", &data, &detach); + StringValue(data); + PKCS7_content_new(pkcs7, NID_pkcs7_data); + if (detach == Qtrue) { + PKCS7_set_detached(pkcs7, 1); + } + if (!(bio=PKCS7_dataInit(pkcs7, NULL))) { + ossl_raise(ePKCS7Error, ""); + } + i = BIO_write(bio, RSTRING(data)->ptr, RSTRING(data)->len); + if (i != RSTRING(data)->len) { BIO_free(bio); + ossl_raise(ePKCS7Error, "BIO_wrote %d, but should be %d!", + i, RSTRING(data)->len); + } + if (!PKCS7_dataFinal(pkcs7, bio)) { + BIO_free(bio); + ossl_raise(ePKCS7Error, ""); + } + BIO_free(bio); - return self; + return self; } static VALUE ossl_pkcs7_data_verify(int argc, VALUE *argv, VALUE self) { - PKCS7 *pkcs7; - BIO *bio, *data = NULL; - char buf[1024 * 4]; - int i, result; - STACK_OF(PKCS7_SIGNER_INFO) *sk; - PKCS7_SIGNER_INFO *si; - X509_STORE *store; - X509_STORE_CTX ctx; - VALUE x509store, detached; - - GetPKCS7(self, pkcs7); - - if (!PKCS7_type_is_signed(pkcs7)) { - ossl_raise(ePKCS7Error, "Wrong content type - PKCS7 is not SIGNED"); - } - - rb_scan_args(argc, argv, "11", &x509store, &detached); - - store = ossl_x509store_get_X509_STORE(x509store); - - if (!NIL_P(detached)) { - StringValue(detached); - if (!(data = BIO_new_mem_buf(RSTRING(detached)->ptr, RSTRING(detached)->len))) { - ossl_raise(ePKCS7Error, ""); - } - } - - if (PKCS7_get_detached(pkcs7)) { - if (!data) { - ossl_raise(ePKCS7Error, "PKCS7 is detached, data needed!"); - } - bio = PKCS7_dataInit(pkcs7, data); - } else { - bio = PKCS7_dataInit(pkcs7, NULL); - } - if (!bio) { - if (data) { - BIO_free(data); - } - ossl_raise(ePKCS7Error, ""); - } - - /* We have to 'read' from bio to calculate digests etc. */ - for (;;) { - i = BIO_read(bio, buf, sizeof(buf)); - if (i <= 0) break; - } - /* BIO_free(bio); - shall we? */ - - if (!(sk = PKCS7_get_signer_info(pkcs7))) { - ossl_raise(ePKCS7Error, "NO SIGNATURES ON THIS DATA"); - } - for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++) { - si = sk_PKCS7_SIGNER_INFO_value(sk, i); - result = PKCS7_dataVerify(store, &ctx, bio, pkcs7, si); - - if (result <= 0) { - OSSL_Debug("result < 0! (%s)", OSSL_ErrMsg()); - return Qfalse; - } - - /* Yield signer info */ - if (rb_block_given_p()) { - rb_yield(ossl_pkcs7si_new(si)); - } - } - return Qtrue; + PKCS7 *pkcs7; + BIO *bio, *data = NULL; + char buf[1024 * 4]; + int i, result; + STACK_OF(PKCS7_SIGNER_INFO) *sk; + PKCS7_SIGNER_INFO *si; + X509_STORE *store; + X509_STORE_CTX ctx; + VALUE x509store, detached; + + GetPKCS7(self, pkcs7); + if (!PKCS7_type_is_signed(pkcs7)) { + ossl_raise(ePKCS7Error, "Wrong content type - PKCS7 is not SIGNED"); + } + rb_scan_args(argc, argv, "11", &x509store, &detached); + store = ossl_x509store_get_X509_STORE(x509store); + if (!NIL_P(detached)) { + StringValue(detached); + data = BIO_new_mem_buf(RSTRING(detached)->ptr, RSTRING(detached)->len); + if(!data){ + ossl_raise(ePKCS7Error, ""); + } + } + + if (PKCS7_get_detached(pkcs7)) { + if (!data) { + ossl_raise(ePKCS7Error, "PKCS7 is detached, data needed!"); + } + bio = PKCS7_dataInit(pkcs7, data); + } else { + bio = PKCS7_dataInit(pkcs7, NULL); + } + if (!bio) { + if (data) { + BIO_free(data); + } + ossl_raise(ePKCS7Error, ""); + } + + /* We have to 'read' from bio to calculate digests etc. */ + for (;;) { + i = BIO_read(bio, buf, sizeof(buf)); + if (i <= 0) break; + } + /* BIO_free(bio); - shall we? */ + + if (!(sk = PKCS7_get_signer_info(pkcs7))) { + ossl_raise(ePKCS7Error, "NO SIGNATURES ON THIS DATA"); + } + for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++) { + si = sk_PKCS7_SIGNER_INFO_value(sk, i); + result = PKCS7_dataVerify(store, &ctx, bio, pkcs7, si); + if (result <= 0) { + OSSL_Debug("result < 0! (%s)", OSSL_ErrMsg()); + return Qfalse; + } + /* Yield signer info */ + if (rb_block_given_p()) { + rb_yield(ossl_pkcs7si_new(si)); + } + } + + return Qtrue; } static VALUE ossl_pkcs7_data_decode(VALUE self, VALUE key, VALUE cert) { - PKCS7 *pkcs7; - EVP_PKEY *pkey; - X509 *x509; - BIO *bio; - BUF_MEM *buf; - VALUE str; - - GetPKCS7(self, pkcs7); - - if(!PKCS7_type_is_enveloped(pkcs7)) { - ossl_raise(ePKCS7Error, "Wrong content type - PKCS7 is not ENVELOPED"); - } - pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ - x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ - - if (!(bio = PKCS7_dataDecode(pkcs7, pkey, NULL, x509))) { - X509_free(x509); - ossl_raise(ePKCS7Error, ""); - } + PKCS7 *pkcs7; + EVP_PKEY *pkey; + X509 *x509; + BIO *bio; + BUF_MEM *buf; + VALUE str; + + GetPKCS7(self, pkcs7); + if(!PKCS7_type_is_enveloped(pkcs7)) { + ossl_raise(ePKCS7Error, "Wrong content type - PKCS7 is not ENVELOPED"); + } + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ + if (!(bio = PKCS7_dataDecode(pkcs7, pkey, NULL, x509))) { X509_free(x509); - - BIO_get_mem_ptr(bio, &buf); - str = rb_str_new(buf->data, buf->length); - BIO_free(bio); - - return str; + ossl_raise(ePKCS7Error, ""); + } + X509_free(x509); + BIO_get_mem_ptr(bio, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(bio); + + return str; } static VALUE ossl_pkcs7_to_pem(VALUE self) { - PKCS7 *pkcs7; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetPKCS7(self, pkcs7); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(ePKCS7Error, ""); - } - if (!PEM_write_bio_PKCS7(out, pkcs7)) { - BIO_free(out); - ossl_raise(ePKCS7Error, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + PKCS7 *pkcs7; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetPKCS7(self, pkcs7); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(ePKCS7Error, ""); + } + if (!PEM_write_bio_PKCS7(out, pkcs7)) { BIO_free(out); + ossl_raise(ePKCS7Error, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); - return str; + return str; } /* @@ -455,77 +443,77 @@ ossl_pkcs7_to_pem(VALUE self) static VALUE ossl_pkcs7si_s_allocate(VALUE klass) { - PKCS7_SIGNER_INFO *p7si; - VALUE obj; + PKCS7_SIGNER_INFO *p7si; + VALUE obj; - if (!(p7si = PKCS7_SIGNER_INFO_new())) { - ossl_raise(ePKCS7Error, ""); - } - WrapPKCS7si(klass, obj, p7si); + if (!(p7si = PKCS7_SIGNER_INFO_new())) { + ossl_raise(ePKCS7Error, ""); + } + WrapPKCS7si(klass, obj, p7si); - return obj; + return obj; } static VALUE ossl_pkcs7si_initialize(VALUE self, VALUE cert, VALUE key, VALUE digest) { - PKCS7_SIGNER_INFO *p7si; - EVP_PKEY *pkey; - X509 *x509; - const EVP_MD *md; - - GetPKCS7si(self, p7si); - - pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ - x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ - md = GetDigestPtr(digest); - - if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey, md))) { - ossl_raise(ePKCS7Error, ""); - } - return self; + PKCS7_SIGNER_INFO *p7si; + EVP_PKEY *pkey; + X509 *x509; + const EVP_MD *md; + + GetPKCS7si(self, p7si); + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */ + md = GetDigestPtr(digest); + if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey, md))) { + ossl_raise(ePKCS7Error, ""); + } + + return self; } static VALUE ossl_pkcs7si_get_name(VALUE self) { - PKCS7_SIGNER_INFO *p7si; + PKCS7_SIGNER_INFO *p7si; - GetPKCS7si(self, p7si); + GetPKCS7si(self, p7si); - return ossl_x509name_new(p7si->issuer_and_serial->issuer); + return ossl_x509name_new(p7si->issuer_and_serial->issuer); } static VALUE ossl_pkcs7si_get_serial(VALUE self) { - PKCS7_SIGNER_INFO *p7si; + PKCS7_SIGNER_INFO *p7si; - GetPKCS7si(self, p7si); + GetPKCS7si(self, p7si); - return asn1integer_to_num(p7si->issuer_and_serial->serial); + return asn1integer_to_num(p7si->issuer_and_serial->serial); } static VALUE ossl_pkcs7si_get_signed_time(VALUE self) { - PKCS7_SIGNER_INFO *p7si; - ASN1_TYPE *asn1obj; - - GetPKCS7si(self, p7si); - - if (!(asn1obj = PKCS7_get_signed_attribute(p7si, NID_pkcs9_signingTime))) { - ossl_raise(ePKCS7Error, ""); - } - if (asn1obj->type == V_ASN1_UTCTIME) { - return asn1time_to_time(asn1obj->value.utctime); - } - /* - * OR - * ossl_raise(ePKCS7Error, "..."); - * ? - */ - return Qnil; + PKCS7_SIGNER_INFO *p7si; + ASN1_TYPE *asn1obj; + + GetPKCS7si(self, p7si); + + if (!(asn1obj = PKCS7_get_signed_attribute(p7si, NID_pkcs9_signingTime))) { + ossl_raise(ePKCS7Error, ""); + } + if (asn1obj->type == V_ASN1_UTCTIME) { + return asn1time_to_time(asn1obj->value.utctime); + } + /* + * OR + * ossl_raise(ePKCS7Error, "..."); + * ? + */ + + return Qnil; } /* @@ -534,43 +522,43 @@ ossl_pkcs7si_get_signed_time(VALUE self) void Init_ossl_pkcs7() { - mPKCS7 = rb_define_module_under(mOSSL, "PKCS7"); - - ePKCS7Error = rb_define_class_under(mPKCS7, "PKCS7Error", eOSSLError); - - cPKCS7 = rb_define_class_under(mPKCS7, "PKCS7", rb_cObject); - /* - * WORKS WELL, but we can implement this in Ruby space - * rb_define_singleton_method(cPKCS7, "sign", ossl_pkcs7_s_sign, 3); - */ - rb_define_singleton_method(cPKCS7, "allocate", ossl_pkcs7_s_allocate, 0); - rb_define_method(cPKCS7, "initialize", ossl_pkcs7_initialize, 1); - - rb_define_method(cPKCS7, "add_signer", ossl_pkcs7_add_signer, 2); - rb_define_method(cPKCS7, "signers", ossl_pkcs7_get_signer, 0); - rb_define_method(cPKCS7, "cipher=", ossl_pkcs7_set_cipher, 1); - rb_define_method(cPKCS7, "add_recipient", ossl_pkcs7_add_recipient, 1); - rb_define_method(cPKCS7, "add_certificate", ossl_pkcs7_add_certificate, 1); - rb_define_method(cPKCS7, "add_crl", ossl_pkcs7_add_crl, 1); - rb_define_method(cPKCS7, "add_data", ossl_pkcs7_add_data, -1); - rb_define_method(cPKCS7, "verify_data", ossl_pkcs7_data_verify, -1); - rb_define_method(cPKCS7, "decode_data", ossl_pkcs7_data_decode, 2); - rb_define_method(cPKCS7, "to_pem", ossl_pkcs7_to_pem, 0); - rb_define_alias(cPKCS7, "to_s", "to_pem"); + mPKCS7 = rb_define_module_under(mOSSL, "PKCS7"); + + ePKCS7Error = rb_define_class_under(mPKCS7, "PKCS7Error", eOSSLError); + + cPKCS7 = rb_define_class_under(mPKCS7, "PKCS7", rb_cObject); + /* + * WORKS WELL, but we can implement this in Ruby space + * rb_define_singleton_method(cPKCS7, "sign", ossl_pkcs7_s_sign, 3); + */ + rb_define_singleton_method(cPKCS7, "allocate", ossl_pkcs7_s_allocate, 0); + rb_define_method(cPKCS7, "initialize", ossl_pkcs7_initialize, 1); + + rb_define_method(cPKCS7, "add_signer", ossl_pkcs7_add_signer, 2); + rb_define_method(cPKCS7, "signers", ossl_pkcs7_get_signer, 0); + rb_define_method(cPKCS7, "cipher=", ossl_pkcs7_set_cipher, 1); + rb_define_method(cPKCS7, "add_recipient", ossl_pkcs7_add_recipient, 1); + rb_define_method(cPKCS7, "add_certificate", ossl_pkcs7_add_certificate, 1); + rb_define_method(cPKCS7, "add_crl", ossl_pkcs7_add_crl, 1); + rb_define_method(cPKCS7, "add_data", ossl_pkcs7_add_data, -1); + rb_define_method(cPKCS7, "verify_data", ossl_pkcs7_data_verify, -1); + rb_define_method(cPKCS7, "decode_data", ossl_pkcs7_data_decode, 2); + rb_define_method(cPKCS7, "to_pem", ossl_pkcs7_to_pem, 0); + rb_define_alias(cPKCS7, "to_s", "to_pem"); #define DefPKCS7Const(x) rb_define_const(mPKCS7, #x, INT2FIX(x)) - DefPKCS7Const(SIGNED); - DefPKCS7Const(ENVELOPED); - DefPKCS7Const(SIGNED_ENVELOPED); - - cPKCS7SignerInfo = rb_define_class_under(mPKCS7, "Signer", rb_cObject); + DefPKCS7Const(SIGNED); + DefPKCS7Const(ENVELOPED); + DefPKCS7Const(SIGNED_ENVELOPED); - rb_define_singleton_method(cPKCS7SignerInfo, "allocate", ossl_pkcs7si_s_allocate, 0); - rb_define_method(cPKCS7SignerInfo, "initialize", ossl_pkcs7si_initialize, 3); + cPKCS7SignerInfo = rb_define_class_under(mPKCS7, "Signer", rb_cObject); - rb_define_method(cPKCS7SignerInfo, "name", ossl_pkcs7si_get_name, 0); - rb_define_method(cPKCS7SignerInfo, "serial", ossl_pkcs7si_get_serial, 0); - rb_define_method(cPKCS7SignerInfo, "signed_time", ossl_pkcs7si_get_signed_time, 0); + rb_define_singleton_method(cPKCS7SignerInfo, "allocate", ossl_pkcs7si_s_allocate, 0); + rb_define_method(cPKCS7SignerInfo, "initialize", ossl_pkcs7si_initialize, 3); + + rb_define_method(cPKCS7SignerInfo, "name", ossl_pkcs7si_get_name, 0); + rb_define_method(cPKCS7SignerInfo, "serial", ossl_pkcs7si_get_serial, 0); + rb_define_method(cPKCS7SignerInfo, "signed_time", ossl_pkcs7si_get_signed_time, 0); } diff --git a/ossl_pkey.c b/ossl_pkey.c index 11feede..d3f7cc6 100644 --- a/ossl_pkey.c +++ b/ossl_pkey.c @@ -24,87 +24,85 @@ ID id_private_q; VALUE ossl_pkey_new(EVP_PKEY *pkey) { - if (!pkey) { - ossl_raise(ePKeyError, "Cannot make new key from NULL."); - } - switch (EVP_PKEY_type(pkey->type)) { + if (!pkey) { + ossl_raise(ePKeyError, "Cannot make new key from NULL."); + } + switch (EVP_PKEY_type(pkey->type)) { #if !defined(OPENSSL_NO_RSA) - case EVP_PKEY_RSA: - return ossl_rsa_new(pkey); + case EVP_PKEY_RSA: + return ossl_rsa_new(pkey); #endif #if !defined(OPENSSL_NO_DSA) - case EVP_PKEY_DSA: - return ossl_dsa_new(pkey); + case EVP_PKEY_DSA: + return ossl_dsa_new(pkey); #endif #if !defined(OPENSSL_NO_DH) - case EVP_PKEY_DH: - return ossl_dh_new(pkey); + case EVP_PKEY_DH: + return ossl_dh_new(pkey); #endif - default: - ossl_raise(ePKeyError, "unsupported key type"); - } - return Qnil; /* not reached */ + default: + ossl_raise(ePKeyError, "unsupported key type"); + } + return Qnil; /* not reached */ } VALUE ossl_pkey_new_from_file(VALUE filename) { - FILE *fp; - EVP_PKEY *pkey; - - SafeStringValue(filename); - - if (!(fp = fopen(RSTRING(filename)->ptr, "r"))) { - ossl_raise(ePKeyError, "%s", strerror(errno)); - } - /* - * Will we handle user passwords? - */ - pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); - fclose(fp); - - if (!pkey) { - ossl_raise(ePKeyError, ""); - } - return ossl_pkey_new(pkey); + FILE *fp; + EVP_PKEY *pkey; + + SafeStringValue(filename); + if (!(fp = fopen(RSTRING(filename)->ptr, "r"))) { + ossl_raise(ePKeyError, "%s", strerror(errno)); + } + /* + * Will we handle user passwords? + */ + pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + if (!pkey) { + ossl_raise(ePKeyError, ""); + } + + return ossl_pkey_new(pkey); } EVP_PKEY * GetPKeyPtr(VALUE obj) { - EVP_PKEY *pkey; - - SafeGetPKey(obj, pkey); + EVP_PKEY *pkey; + + SafeGetPKey(obj, pkey); - return pkey; + return pkey; } EVP_PKEY * GetPrivPKeyPtr(VALUE obj) { - EVP_PKEY *pkey; + EVP_PKEY *pkey; - SafeGetPKey(obj, pkey); + SafeGetPKey(obj, pkey); + if (rb_funcall(obj, id_private_q, 0, NULL) != Qtrue) { /* returns Qtrue */ + ossl_raise(rb_eArgError, "Private key is needed."); + } - if (rb_funcall(obj, id_private_q, 0, NULL) != Qtrue) { /* returns Qtrue */ - ossl_raise(rb_eArgError, "Private key is needed."); - } - return pkey; + return pkey; } EVP_PKEY * DupPrivPKeyPtr(VALUE obj) { - EVP_PKEY *pkey; + EVP_PKEY *pkey; - SafeGetPKey(obj, pkey); + SafeGetPKey(obj, pkey); + if (rb_funcall(obj, id_private_q, 0, NULL) != Qtrue) { /* returns Qtrue */ + ossl_raise(rb_eArgError, "Private key is needed."); + } + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - if (rb_funcall(obj, id_private_q, 0, NULL) != Qtrue) { /* returns Qtrue */ - ossl_raise(rb_eArgError, "Private key is needed."); - } - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - - return pkey; + return pkey; } /* @@ -113,105 +111,96 @@ DupPrivPKeyPtr(VALUE obj) static VALUE ossl_pkey_s_allocate(VALUE klass) { - EVP_PKEY *pkey; - VALUE obj; + EVP_PKEY *pkey; + VALUE obj; - if (!(pkey = EVP_PKEY_new())) { - ossl_raise(ePKeyError, ""); - } - WrapPKey(klass, obj, pkey); - - return obj; + if (!(pkey = EVP_PKEY_new())) { + ossl_raise(ePKeyError, ""); + } + WrapPKey(klass, obj, pkey); + + return obj; } static VALUE ossl_pkey_initialize(VALUE self) { - if (rb_obj_is_instance_of(self, cPKey)) { - ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class."); - } - return self; + if (rb_obj_is_instance_of(self, cPKey)) { + ossl_raise(rb_eNotImpError, "OpenSSL::PKey::PKey is an abstract class."); + } + return self; } static VALUE ossl_pkey_to_der(VALUE self) { - EVP_PKEY *pkey; - X509_PUBKEY *key; - VALUE str; - - GetPKey(self, pkey); - - if (!(key = X509_PUBKEY_new())) { - ossl_raise(ePKeyError, ""); - } - if (!X509_PUBKEY_set(&key, pkey)) { - X509_PUBKEY_free(key); - ossl_raise(ePKeyError, ""); - } - str = rb_str_new(key->public_key->data, key->public_key->length); + EVP_PKEY *pkey; + X509_PUBKEY *key; + VALUE str; + + GetPKey(self, pkey); + if (!(key = X509_PUBKEY_new())) { + ossl_raise(ePKeyError, ""); + } + if (!X509_PUBKEY_set(&key, pkey)) { X509_PUBKEY_free(key); + ossl_raise(ePKeyError, ""); + } + str = rb_str_new(key->public_key->data, key->public_key->length); + X509_PUBKEY_free(key); - return str; + return str; } static VALUE ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) { - EVP_PKEY *pkey; - EVP_MD_CTX ctx; - char *buf; - int buf_len; - VALUE str; - - GetPKey(self, pkey); - - if (rb_funcall(self, id_private_q, 0, NULL) != Qtrue) { - ossl_raise(rb_eArgError, "Private key is needed."); - } - EVP_SignInit(&ctx, GetDigestPtr(digest)); - - StringValue(data); - - EVP_SignUpdate(&ctx, RSTRING(data)->ptr, RSTRING(data)->len); - - if (!(buf = OPENSSL_malloc(EVP_PKEY_size(pkey) + 16))) { - ossl_raise(ePKeyError, ""); - } - if (!EVP_SignFinal(&ctx, buf, &buf_len, pkey)) { - OPENSSL_free(buf); - ossl_raise(ePKeyError, ""); - } - str = rb_str_new(buf, buf_len); + EVP_PKEY *pkey; + EVP_MD_CTX ctx; + char *buf; + int buf_len; + VALUE str; + + GetPKey(self, pkey); + if (rb_funcall(self, id_private_q, 0, NULL) != Qtrue) { + ossl_raise(rb_eArgError, "Private key is needed."); + } + EVP_SignInit(&ctx, GetDigestPtr(digest)); + StringValue(data); + EVP_SignUpdate(&ctx, RSTRING(data)->ptr, RSTRING(data)->len); + if (!(buf = OPENSSL_malloc(EVP_PKEY_size(pkey) + 16))) { + ossl_raise(ePKeyError, ""); + } + if (!EVP_SignFinal(&ctx, buf, &buf_len, pkey)) { OPENSSL_free(buf); + ossl_raise(ePKeyError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); - return str; + return str; } static VALUE ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) { - EVP_PKEY *pkey; - EVP_MD_CTX ctx; - - GetPKey(self, pkey); - - EVP_VerifyInit(&ctx, GetDigestPtr(digest)); - - StringValue(sig); - StringValue(data); - - EVP_VerifyUpdate(&ctx, RSTRING(data)->ptr, RSTRING(data)->len); - - switch (EVP_VerifyFinal(&ctx, RSTRING(sig)->ptr, RSTRING(sig)->len, pkey)) { - case 0: - return Qfalse; - case 1: - return Qtrue; - default: - ossl_raise(ePKeyError, ""); - } - return Qnil; /* dummy */ + EVP_PKEY *pkey; + EVP_MD_CTX ctx; + + GetPKey(self, pkey); + EVP_VerifyInit(&ctx, GetDigestPtr(digest)); + StringValue(sig); + StringValue(data); + EVP_VerifyUpdate(&ctx, RSTRING(data)->ptr, RSTRING(data)->len); + switch (EVP_VerifyFinal(&ctx, RSTRING(sig)->ptr, RSTRING(sig)->len, pkey)) { + case 0: + return Qfalse; + case 1: + return Qtrue; + default: + ossl_raise(ePKeyError, ""); + } + return Qnil; /* dummy */ } /* @@ -220,26 +209,26 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) void Init_ossl_pkey() { - mPKey = rb_define_module_under(mOSSL, "PKey"); + mPKey = rb_define_module_under(mOSSL, "PKey"); - ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError); + ePKeyError = rb_define_class_under(mPKey, "PKeyError", eOSSLError); - cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject); + cPKey = rb_define_class_under(mPKey, "PKey", rb_cObject); - rb_define_singleton_method(cPKey, "allocate", ossl_pkey_s_allocate, 0); - rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0); + rb_define_singleton_method(cPKey, "allocate", ossl_pkey_s_allocate, 0); + rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0); - rb_define_method(cPKey, "to_der", ossl_pkey_to_der, 0); - rb_define_method(cPKey, "sign", ossl_pkey_sign, 2); - rb_define_method(cPKey, "verify", ossl_pkey_verify, 3); + rb_define_method(cPKey, "to_der", ossl_pkey_to_der, 0); + rb_define_method(cPKey, "sign", ossl_pkey_sign, 2); + rb_define_method(cPKey, "verify", ossl_pkey_verify, 3); - id_private_q = rb_intern("private?"); + id_private_q = rb_intern("private?"); - /* - * INIT rsa, dsa - */ - Init_ossl_rsa(); - Init_ossl_dsa(); - Init_ossl_dh(); + /* + * INIT rsa, dsa + */ + Init_ossl_rsa(); + Init_ossl_dsa(); + Init_ossl_dh(); } diff --git a/ossl_pkey.h b/ossl_pkey.h index d26ffa3..5fd6f3c 100644 --- a/ossl_pkey.h +++ b/ossl_pkey.h @@ -17,20 +17,20 @@ extern VALUE ePKeyError; extern ID id_private_q; #define WrapPKey(klass, obj, pkey) do { \ - if (!pkey) { \ - rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, EVP_PKEY_free, pkey); \ + if (!pkey) { \ + rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, EVP_PKEY_free, pkey); \ } while (0) #define GetPKey(obj, pkey) do {\ - Data_Get_Struct(obj, EVP_PKEY, pkey);\ - if (!pkey) { \ - rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\ - } \ + Data_Get_Struct(obj, EVP_PKEY, pkey);\ + if (!pkey) { \ + rb_raise(rb_eRuntimeError, "PKEY wasn't initialized!");\ + } \ } while (0) #define SafeGetPKey(obj, pkey) do { \ - OSSL_Check_Kind(obj, cPKey); \ - GetPKey(obj, pkey); \ + OSSL_Check_Kind(obj, cPKey); \ + GetPKey(obj, pkey); \ } while (0) VALUE ossl_pkey_new(EVP_PKEY *); diff --git a/ossl_pkey_dh.c b/ossl_pkey_dh.c index 653ab1b..76d4680 100644 --- a/ossl_pkey_dh.c +++ b/ossl_pkey_dh.c @@ -13,10 +13,10 @@ #include "ossl.h" #define GetPKeyDH(obj, pkey) do { \ - GetPKey(obj, pkey); \ - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { /* PARANOIA? */ \ - ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \ - } \ + GetPKey(obj, pkey); \ + if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { /* PARANOIA? */ \ + ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \ + } \ } while (0) #define DH_PRIVATE(dh) ((dh)->priv_key) @@ -33,41 +33,42 @@ VALUE eDHError; static VALUE dh_instance(VALUE klass, DH *dh) { - EVP_PKEY *pkey; - VALUE obj; + EVP_PKEY *pkey; + VALUE obj; - if (!dh) { - return Qfalse; - } - if (!(pkey = EVP_PKEY_new())) { - return Qfalse; - } - if (!EVP_PKEY_assign_DH(pkey, dh)) { - EVP_PKEY_free(pkey); - return Qfalse; - } - WrapPKey(klass, obj, pkey); - - return obj; + if (!dh) { + return Qfalse; + } + if (!(pkey = EVP_PKEY_new())) { + return Qfalse; + } + if (!EVP_PKEY_assign_DH(pkey, dh)) { + EVP_PKEY_free(pkey); + return Qfalse; + } + WrapPKey(klass, obj, pkey); + + return obj; } VALUE ossl_dh_new(EVP_PKEY *pkey) { - VALUE obj; - - if (!pkey) { - obj = dh_instance(cDH, DH_new()); - } else { - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { - ossl_raise(rb_eTypeError, "Not a DH key!"); - } - WrapPKey(cDH, obj, pkey); - } - if (obj == Qfalse) { - ossl_raise(eDHError, ""); + VALUE obj; + + if (!pkey) { + obj = dh_instance(cDH, DH_new()); + } else { + if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) { + ossl_raise(rb_eTypeError, "Not a DH key!"); } - return obj; + WrapPKey(cDH, obj, pkey); + } + if (obj == Qfalse) { + ossl_raise(eDHError, ""); + } + + return obj; } /* @@ -79,140 +80,137 @@ ossl_dh_new(EVP_PKEY *pkey) static void ossl_dh_generate_cb(int p, int n, void *arg) { - VALUE ary; + VALUE ary; - ary = rb_ary_new2(2); - rb_ary_store(ary, 0, INT2NUM(p)); - rb_ary_store(ary, 1, INT2NUM(n)); - - rb_yield(ary); + ary = rb_ary_new2(2); + rb_ary_store(ary, 0, INT2NUM(p)); + rb_ary_store(ary, 1, INT2NUM(n)); + + rb_yield(ary); } static DH * dh_generate(int size, int gen) { - DH *dh; - void (*cb)(int, int, void *) = NULL; - - if (rb_block_given_p()) { - cb = ossl_dh_generate_cb; - } - if (!(dh = DH_generate_parameters(size, gen, cb, NULL))) { /* arg to cb = NULL */ - return 0; - } - if (!DH_generate_key(dh)) { - DH_free(dh); - return 0; - } - return dh; + DH *dh; + void (*cb)(int, int, void *) = NULL; + + if (rb_block_given_p()) { + cb = ossl_dh_generate_cb; + } + /* arg to cb = NULL */ + if (!(dh = DH_generate_parameters(size, gen, cb, NULL))) { + return 0; + } + if (!DH_generate_key(dh)) { + DH_free(dh); + return 0; + } + + return dh; } static VALUE ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) { - DH *dh ; - int g = 2; - VALUE size, gen, obj; - - if (rb_scan_args(argc, argv, "11", &size, &gen) == 2) { - g = FIX2INT(gen); - } + DH *dh ; + int g = 2; + VALUE size, gen, obj; - dh = dh_generate(FIX2INT(size), g); - obj = dh_instance(klass, dh); - - if (obj == Qfalse) { - DH_free(dh); - ossl_raise(eDHError, ""); - } - return obj; + if (rb_scan_args(argc, argv, "11", &size, &gen) == 2) { + g = FIX2INT(gen); + } + dh = dh_generate(FIX2INT(size), g); + obj = dh_instance(klass, dh); + if (obj == Qfalse) { + DH_free(dh); + ossl_raise(eDHError, ""); + } + + return obj; } static VALUE ossl_dh_initialize(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; - DH *dh; - int g = 2; - BIO *in; - VALUE buffer, gen; - - GetPKeyDH(self, pkey); - - rb_scan_args(argc, argv, "11", &buffer, &gen); - - if (FIXNUM_P(buffer)) { - if (!NIL_P(gen)) { - g = FIX2INT(gen); - } - if (!(dh = dh_generate(FIX2INT(buffer), g))) { - ossl_raise(eDHError, ""); - } - } else { - StringValue(buffer); - - if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { - ossl_raise(eDHError, ""); - } - if (!(dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL))) { - BIO_free(in); - ossl_raise(eDHError, ""); - } - BIO_free(in); + EVP_PKEY *pkey; + DH *dh; + int g = 2; + BIO *in; + VALUE buffer, gen; + + GetPKeyDH(self, pkey); + rb_scan_args(argc, argv, "11", &buffer, &gen); + if (FIXNUM_P(buffer)) { + if (!NIL_P(gen)) { + g = FIX2INT(gen); + } + if (!(dh = dh_generate(FIX2INT(buffer), g))) { + ossl_raise(eDHError, ""); + } + } else { + StringValue(buffer); + in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len); + if (!in){ + ossl_raise(eDHError, ""); } - if (!EVP_PKEY_assign_DH(pkey, dh)) { - DH_free(dh); - ossl_raise(eRSAError, ""); + if (!(dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL))) { + BIO_free(in); + ossl_raise(eDHError, ""); } - return self; + BIO_free(in); + } + if (!EVP_PKEY_assign_DH(pkey, dh)) { + DH_free(dh); + ossl_raise(eRSAError, ""); + } + return self; } static VALUE ossl_dh_is_public(VALUE self) { - EVP_PKEY *pkey; - - GetPKeyDH(self, pkey); - - /* - * Do we need to check dhp->dh->public_pkey? - * return Qtrue; - */ - return (pkey->pkey.dh->pub_key) ? Qtrue : Qfalse; + EVP_PKEY *pkey; + + GetPKeyDH(self, pkey); + /* + * Do we need to check dhp->dh->public_pkey? + * return Qtrue; + */ + return (pkey->pkey.dh->pub_key) ? Qtrue : Qfalse; } static VALUE ossl_dh_is_private(VALUE self) { - EVP_PKEY *pkey; + EVP_PKEY *pkey; - GetPKeyDH(self, pkey); + GetPKeyDH(self, pkey); - return (DH_PRIVATE(pkey->pkey.dh)) ? Qtrue : Qfalse; + return (DH_PRIVATE(pkey->pkey.dh)) ? Qtrue : Qfalse; } static VALUE ossl_dh_export(VALUE self) { - EVP_PKEY *pkey; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetPKeyDH(self, pkey); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eDHError, ""); - } - if (!PEM_write_bio_DHparams(out, pkey->pkey.dh)) { - BIO_free(out); - ossl_raise(eDHError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + EVP_PKEY *pkey; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetPKeyDH(self, pkey); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eDHError, ""); + } + if (!PEM_write_bio_DHparams(out, pkey->pkey.dh)) { BIO_free(out); - - return str; + ossl_raise(eDHError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } /* @@ -223,25 +221,24 @@ ossl_dh_export(VALUE self) static VALUE ossl_dh_to_text(VALUE self) { - EVP_PKEY *pkey; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetPKeyDH(self, pkey); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eDHError, ""); - } - if (!DHparams_print(out, pkey->pkey.dh)) { - BIO_free(out); - ossl_raise(eDHError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + EVP_PKEY *pkey; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetPKeyDH(self, pkey); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eDHError, ""); + } + if (!DHparams_print(out, pkey->pkey.dh)) { BIO_free(out); + ossl_raise(eDHError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); - return str; + return str; } /* @@ -250,20 +247,19 @@ ossl_dh_to_text(VALUE self) static VALUE ossl_dh_to_public_key(VALUE self) { - EVP_PKEY *pkey; - DH *dh; - VALUE obj; + EVP_PKEY *pkey; + DH *dh; + VALUE obj; - GetPKeyDH(self, pkey); - - dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */ - obj = dh_instance(CLASS_OF(self), dh); - - if (obj == Qfalse) { - DH_free(dh); - ossl_raise(eDHError, ""); - } - return obj; + GetPKeyDH(self, pkey); + dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */ + obj = dh_instance(CLASS_OF(self), dh); + if (obj == Qfalse) { + DH_free(dh); + ossl_raise(eDHError, ""); + } + + return obj; } /* @@ -272,29 +268,28 @@ ossl_dh_to_public_key(VALUE self) void Init_ossl_dh() { - eDHError = rb_define_class_under(mPKey, "DHError", ePKeyError); + eDHError = rb_define_class_under(mPKey, "DHError", ePKeyError); - cDH = rb_define_class_under(mPKey, "DH", cPKey); + cDH = rb_define_class_under(mPKey, "DH", cPKey); - rb_define_singleton_method(cDH, "generate", ossl_dh_s_generate, -1); - rb_define_method(cDH, "initialize", ossl_dh_initialize, -1); - - rb_define_method(cDH, "public?", ossl_dh_is_public, 0); - rb_define_method(cDH, "private?", ossl_dh_is_private, 0); - rb_define_method(cDH, "to_text", ossl_dh_to_text, 0); - rb_define_method(cDH, "export", ossl_dh_export, 0); - rb_define_alias(cDH, "to_pem", "export"); - rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0); + rb_define_singleton_method(cDH, "generate", ossl_dh_s_generate, -1); + rb_define_method(cDH, "initialize", ossl_dh_initialize, -1); + + rb_define_method(cDH, "public?", ossl_dh_is_public, 0); + rb_define_method(cDH, "private?", ossl_dh_is_private, 0); + rb_define_method(cDH, "to_text", ossl_dh_to_text, 0); + rb_define_method(cDH, "export", ossl_dh_export, 0); + rb_define_alias(cDH, "to_pem", "export"); + rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0); } #else /* defined NO_DH */ -# warning >>> OpenSSL is compiled without DH support <<< +# warning >>> OpenSSL is compiled without DH support <<< void Init_ossl_dh() { - rb_warning("OpenSSL is compiled without DH support"); + rb_warning("OpenSSL is compiled without DH support"); } - #endif /* NO_DH */ diff --git a/ossl_pkey_dsa.c b/ossl_pkey_dsa.c index 7743eaa..cc41a46 100644 --- a/ossl_pkey_dsa.c +++ b/ossl_pkey_dsa.c @@ -13,10 +13,10 @@ #include "ossl.h" #define GetPKeyDSA(obj, pkey) do { \ - GetPKey(obj, pkey); \ - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) { /* PARANOIA? */ \ - ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \ - } \ + GetPKey(obj, pkey); \ + if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) { /* PARANOIA? */ \ + ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \ + } \ } while (0) #define DSA_PRIVATE(dsa) ((dsa)->priv_key) @@ -33,41 +33,42 @@ VALUE eDSAError; static VALUE dsa_instance(VALUE klass, DSA *dsa) { - EVP_PKEY *pkey; - VALUE obj; + EVP_PKEY *pkey; + VALUE obj; - if (!dsa) { - return Qfalse; - } - if (!(pkey = EVP_PKEY_new())) { - return Qfalse; - } - if (!EVP_PKEY_assign_DSA(pkey, dsa)) { - EVP_PKEY_free(pkey); - return Qfalse; - } - WrapPKey(klass, obj, pkey); - - return obj; + if (!dsa) { + return Qfalse; + } + if (!(pkey = EVP_PKEY_new())) { + return Qfalse; + } + if (!EVP_PKEY_assign_DSA(pkey, dsa)) { + EVP_PKEY_free(pkey); + return Qfalse; + } + WrapPKey(klass, obj, pkey); + + return obj; } VALUE ossl_dsa_new(EVP_PKEY *pkey) { - VALUE obj; - - if (!pkey) { - obj = dsa_instance(cDSA, DSA_new()); - } else { - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) { - ossl_raise(rb_eTypeError, "Not a DSA key!"); - } - WrapPKey(cDSA, obj, pkey); - } - if (obj == Qfalse) { - ossl_raise(eDSAError, ""); + VALUE obj; + + if (!pkey) { + obj = dsa_instance(cDSA, DSA_new()); + } else { + if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) { + ossl_raise(rb_eTypeError, "Not a DSA key!"); } - return obj; + WrapPKey(cDSA, obj, pkey); + } + if (obj == Qfalse) { + ossl_raise(eDSAError, ""); + } + + return obj; } /* @@ -79,161 +80,159 @@ ossl_dsa_new(EVP_PKEY *pkey) static void ossl_dsa_generate_cb(int p, int n, void *arg) { - VALUE ary; + VALUE ary; - ary = rb_ary_new2(2); - rb_ary_store(ary, 0, INT2NUM(p)); - rb_ary_store(ary, 1, INT2NUM(n)); + ary = rb_ary_new2(2); + rb_ary_store(ary, 0, INT2NUM(p)); + rb_ary_store(ary, 1, INT2NUM(n)); - rb_yield(ary); + rb_yield(ary); } static DSA * dsa_generate(int size) { - DSA *dsa; - unsigned char seed[20]; - int seed_len = 20, counter; - unsigned long h; - void (*cb)(int, int, void *) = NULL; - - if (!RAND_bytes(seed, seed_len)) { - return 0; - } - if (rb_block_given_p()) { - cb = ossl_dsa_generate_cb; - } - if (!(dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h, cb, NULL))) { /* arg to cb = NULL */ - return 0; - } - if (!DSA_generate_key(dsa)) { - DSA_free(dsa); - return 0; - } - return dsa; + DSA *dsa; + unsigned char seed[20]; + int seed_len = 20, counter; + unsigned long h; + void (*cb)(int, int, void *) = NULL; + + if (!RAND_bytes(seed, seed_len)) { + return 0; + } + if (rb_block_given_p()) { + cb = ossl_dsa_generate_cb; + } + dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h, cb, NULL); + if(!dsa) { /* arg to cb = NULL */ + return 0; + } + if (!DSA_generate_key(dsa)) { + DSA_free(dsa); + return 0; + } + + return dsa; } static VALUE ossl_dsa_s_generate(VALUE klass, VALUE size) { - DSA *dsa = dsa_generate(FIX2INT(size)); /* err handled by dsa_instance */ - VALUE obj = dsa_instance(klass, dsa); + DSA *dsa = dsa_generate(FIX2INT(size)); /* err handled by dsa_instance */ + VALUE obj = dsa_instance(klass, dsa); - if (obj == Qfalse) { - DSA_free(dsa); - ossl_raise(eDSAError, ""); - } - return obj; + if (obj == Qfalse) { + DSA_free(dsa); + ossl_raise(eDSAError, ""); + } + + return obj; } static VALUE ossl_dsa_initialize(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; - DSA *dsa; - BIO *in; - char *passwd = NULL; - VALUE buffer, pass; - - GetPKey(self, pkey); - - rb_scan_args(argc, argv, "11", &buffer, &pass); + EVP_PKEY *pkey; + DSA *dsa; + BIO *in; + char *passwd = NULL; + VALUE buffer, pass; - if (FIXNUM_P(buffer)) { - if (!(dsa = dsa_generate(FIX2INT(buffer)))) { - ossl_raise(eDSAError, ""); - } - } else { - StringValue(buffer); - - if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); - } - if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { - ossl_raise(eDSAError, ""); - } - if (!(dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL))) { - BIO_reset(in); - - if (!(dsa = PEM_read_bio_DSAPrivateKey(in, NULL, NULL, passwd))) { - BIO_free(in); - ossl_raise(eDSAError, "Neither PUB key nor PRIV key:"); - } - } - BIO_free(in); + GetPKey(self, pkey); + rb_scan_args(argc, argv, "11", &buffer, &pass); + if (FIXNUM_P(buffer)) { + if (!(dsa = dsa_generate(FIX2INT(buffer)))) { + ossl_raise(eDSAError, ""); + } + } else { + StringValue(buffer); + if (!NIL_P(pass)) { + passwd = StringValuePtr(pass); } - if (!EVP_PKEY_assign_DSA(pkey, dsa)) { - DSA_free(dsa); - ossl_raise(eDSAError, ""); + in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len); + if (!in){ + ossl_raise(eDSAError, ""); } - return self; + if (!(dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL))) { + BIO_reset(in); + if (!(dsa = PEM_read_bio_DSAPrivateKey(in, NULL, NULL, passwd))) { + BIO_free(in); + ossl_raise(eDSAError, "Neither PUB key nor PRIV key:"); + } + } + BIO_free(in); + } + if (!EVP_PKEY_assign_DSA(pkey, dsa)) { + DSA_free(dsa); + ossl_raise(eDSAError, ""); + } + + return self; } static VALUE ossl_dsa_is_public(VALUE self) { - EVP_PKEY *pkey; + EVP_PKEY *pkey; - GetPKeyDSA(self, pkey); - - /* - * Do we need to check dsap->dsa->public_pkey? - * return Qtrue; - */ - return (pkey->pkey.dsa->pub_key) ? Qtrue : Qfalse; + GetPKeyDSA(self, pkey); + + /* + * Do we need to check dsap->dsa->public_pkey? + * return Qtrue; + */ + return (pkey->pkey.dsa->pub_key) ? Qtrue : Qfalse; } static VALUE ossl_dsa_is_private(VALUE self) { - EVP_PKEY *pkey; + EVP_PKEY *pkey; - GetPKeyDSA(self, pkey); + GetPKeyDSA(self, pkey); - return (DSA_PRIVATE(pkey->pkey.dsa)) ? Qtrue : Qfalse; + return (DSA_PRIVATE(pkey->pkey.dsa)) ? Qtrue : Qfalse; } static VALUE ossl_dsa_export(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; - BIO *out; - BUF_MEM *buf; - const EVP_CIPHER *ciph = NULL; - char *passwd = NULL; - VALUE cipher, pass, str; - - GetPKeyDSA(self, pkey); - - rb_scan_args(argc, argv, "02", &cipher, &pass); - - if (!NIL_P(cipher)) { - ciph = ossl_cipher_get_EVP_CIPHER(cipher); - - if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); - } + EVP_PKEY *pkey; + BIO *out; + BUF_MEM *buf; + const EVP_CIPHER *ciph = NULL; + char *passwd = NULL; + VALUE cipher, pass, str; + + GetPKeyDSA(self, pkey); + rb_scan_args(argc, argv, "02", &cipher, &pass); + if (!NIL_P(cipher)) { + ciph = ossl_cipher_get_EVP_CIPHER(cipher); + if (!NIL_P(pass)) { + passwd = StringValuePtr(pass); } - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eDSAError, ""); + } + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eDSAError, ""); + } + if (DSA_PRIVATE(pkey->pkey.dsa)) { + if (!PEM_write_bio_DSAPrivateKey(out, pkey->pkey.dsa, ciph, + NULL, 0, NULL, passwd)){ + BIO_free(out); + ossl_raise(eDSAError, ""); } - - if (DSA_PRIVATE(pkey->pkey.dsa)) { - if (!PEM_write_bio_DSAPrivateKey(out, pkey->pkey.dsa, ciph, NULL, 0, NULL, passwd)) { - BIO_free(out); - ossl_raise(eDSAError, ""); - } - } else { - if (!PEM_write_bio_DSAPublicKey(out, pkey->pkey.dsa)) { - BIO_free(out); - ossl_raise(eDSAError, ""); - } + } else { + if (!PEM_write_bio_DSAPublicKey(out, pkey->pkey.dsa)) { + BIO_free(out); + ossl_raise(eDSAError, ""); } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); - BIO_free(out); - - return str; + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } /* @@ -244,25 +243,24 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self) static VALUE ossl_dsa_to_text(VALUE self) { - EVP_PKEY *pkey; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetPKeyDSA(self, pkey); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eDSAError, ""); - } - if (!DSA_print(out, pkey->pkey.dsa, 0)) { //offset = 0 - BIO_free(out); - ossl_raise(eDSAError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + EVP_PKEY *pkey; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetPKeyDSA(self, pkey); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eDSAError, ""); + } + if (!DSA_print(out, pkey->pkey.dsa, 0)) { //offset = 0 BIO_free(out); + ossl_raise(eDSAError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); - return str; + return str; } /* @@ -271,69 +269,68 @@ ossl_dsa_to_text(VALUE self) static VALUE ossl_dsa_to_public_key(VALUE self) { - EVP_PKEY *pkey; - DSA *dsa; - VALUE obj; + EVP_PKEY *pkey; + DSA *dsa; + VALUE obj; - GetPKeyDSA(self, pkey); - - dsa = DSAPublicKey_dup(pkey->pkey.dsa); /* err check performed by dsa_instance */ - obj = dsa_instance(CLASS_OF(self), dsa); - - if (obj == Qfalse) { - DSA_free(dsa); - ossl_raise(eDSAError, ""); - } - return obj; + GetPKeyDSA(self, pkey); + /* err check performed by dsa_instance */ + dsa = DSAPublicKey_dup(pkey->pkey.dsa); + obj = dsa_instance(CLASS_OF(self), dsa); + if (obj == Qfalse) { + DSA_free(dsa); + ossl_raise(eDSAError, ""); + } + return obj; } static VALUE ossl_dsa_sign(VALUE self, VALUE data) { - EVP_PKEY *pkey; - char *buf; - int buf_len; - VALUE str; - - GetPKeyDSA(self, pkey); - - StringValue(data); - - if (!DSA_PRIVATE(pkey->pkey.dsa)) { - ossl_raise(eDSAError, "Private DSA key needed!"); - } - if (!(buf = OPENSSL_malloc(DSA_size(pkey->pkey.dsa) + 16))) { - ossl_raise(eDSAError, ""); - } - if (!DSA_sign(0, RSTRING(data)->ptr, RSTRING(data)->len, buf, &buf_len, pkey->pkey.dsa)) { /* type is ignored (0) */ - OPENSSL_free(buf); - ossl_raise(eDSAError, ""); - } - str = rb_str_new(buf, buf_len); + EVP_PKEY *pkey; + char *buf; + int buf_len; + VALUE str; + + GetPKeyDSA(self, pkey); + StringValue(data); + if (!DSA_PRIVATE(pkey->pkey.dsa)) { + ossl_raise(eDSAError, "Private DSA key needed!"); + } + if (!(buf = OPENSSL_malloc(DSA_size(pkey->pkey.dsa) + 16))) { + ossl_raise(eDSAError, ""); + } + if (!DSA_sign(0, RSTRING(data)->ptr, RSTRING(data)->len, buf, + &buf_len, pkey->pkey.dsa)) { /* type is ignored (0) */ OPENSSL_free(buf); + ossl_raise(eDSAError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); - return str; + return str; } static VALUE ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) { - EVP_PKEY *pkey; - int ret; - - GetPKeyDSA(self, pkey); - - StringValue(digest); - StringValue(sig); - - ret = DSA_verify(0, RSTRING(digest)->ptr, RSTRING(digest)->len, RSTRING(sig)->ptr, RSTRING(sig)->len, pkey->pkey.dsa); /* type is ignored (0) */ - - if (ret < 0) { - ossl_raise(eDSAError, ""); - } else if (ret == 1) { - return Qtrue; - } - return Qfalse; + EVP_PKEY *pkey; + int ret; + + GetPKeyDSA(self, pkey); + StringValue(digest); + StringValue(sig); + /* type is ignored (0) */ + ret = DSA_verify(0, RSTRING(digest)->ptr, RSTRING(digest)->len, + RSTRING(sig)->ptr, RSTRING(sig)->len, pkey->pkey.dsa); + if (ret < 0) { + ossl_raise(eDSAError, ""); + } + else if (ret == 1) { + return Qtrue; + } + + return Qfalse; } /* @@ -342,31 +339,30 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) void Init_ossl_dsa() { - eDSAError = rb_define_class_under(mPKey, "DSAError", ePKeyError); + eDSAError = rb_define_class_under(mPKey, "DSAError", ePKeyError); - cDSA = rb_define_class_under(mPKey, "DSA", cPKey); + cDSA = rb_define_class_under(mPKey, "DSA", cPKey); - rb_define_singleton_method(cDSA, "generate", ossl_dsa_s_generate, 1); - rb_define_method(cDSA, "initialize", ossl_dsa_initialize, -1); - - rb_define_method(cDSA, "public?", ossl_dsa_is_public, 0); - rb_define_method(cDSA, "private?", ossl_dsa_is_private, 0); - rb_define_method(cDSA, "to_text", ossl_dsa_to_text, 0); - rb_define_method(cDSA, "export", ossl_dsa_export, -1); - rb_define_alias(cDSA, "to_pem", "export"); - rb_define_method(cDSA, "public_key", ossl_dsa_to_public_key, 0); - rb_define_method(cDSA, "syssign", ossl_dsa_sign, 1); - rb_define_method(cDSA, "sysverify", ossl_dsa_verify, 2); + rb_define_singleton_method(cDSA, "generate", ossl_dsa_s_generate, 1); + rb_define_method(cDSA, "initialize", ossl_dsa_initialize, -1); + + rb_define_method(cDSA, "public?", ossl_dsa_is_public, 0); + rb_define_method(cDSA, "private?", ossl_dsa_is_private, 0); + rb_define_method(cDSA, "to_text", ossl_dsa_to_text, 0); + rb_define_method(cDSA, "export", ossl_dsa_export, -1); + rb_define_alias(cDSA, "to_pem", "export"); + rb_define_method(cDSA, "public_key", ossl_dsa_to_public_key, 0); + rb_define_method(cDSA, "syssign", ossl_dsa_sign, 1); + rb_define_method(cDSA, "sysverify", ossl_dsa_verify, 2); } #else /* defined NO_DSA */ -# warning >>> OpenSSL is compiled without DSA support <<< +# warning >>> OpenSSL is compiled without DSA support <<< void Init_ossl_dsa() { - rb_warning("OpenSSL is compiled without DSA support"); + rb_warning("OpenSSL is compiled without DSA support"); } #endif /* NO_DSA */ - diff --git a/ossl_pkey_rsa.c b/ossl_pkey_rsa.c index 8eca9d8..f202afe 100644 --- a/ossl_pkey_rsa.c +++ b/ossl_pkey_rsa.c @@ -13,10 +13,10 @@ #include "ossl.h" #define GetPKeyRSA(obj, pkey) do { \ - GetPKey(obj, pkey); \ - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { /* PARANOIA? */ \ - ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \ - } \ + GetPKey(obj, pkey); \ + if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { /* PARANOIA? */ \ + ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \ + } \ } while (0) #define RSA_PRIVATE(rsa) ((rsa)->p && (rsa)->q) @@ -33,41 +33,43 @@ VALUE eRSAError; static VALUE rsa_instance(VALUE klass, RSA *rsa) { - EVP_PKEY *pkey; - VALUE obj; + EVP_PKEY *pkey; + VALUE obj; - if (!rsa) { - return Qfalse; - } - if (!(pkey = EVP_PKEY_new())) { - return Qfalse; - } - if (!EVP_PKEY_assign_RSA(pkey, rsa)) { - EVP_PKEY_free(pkey); - return Qfalse; - } - WrapPKey(klass, obj, pkey); + if (!rsa) { + return Qfalse; + } + if (!(pkey = EVP_PKEY_new())) { + return Qfalse; + } + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { + EVP_PKEY_free(pkey); + return Qfalse; + } + WrapPKey(klass, obj, pkey); - return obj; + return obj; } VALUE ossl_rsa_new(EVP_PKEY *pkey) { - VALUE obj; - - if (!pkey) { - obj = rsa_instance(cRSA, RSA_new()); - } else { - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { - ossl_raise(rb_eTypeError, "Not a RSA key!"); - } - WrapPKey(cRSA, obj, pkey); + VALUE obj; + + if (!pkey) { + obj = rsa_instance(cRSA, RSA_new()); + } + else { + if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { + ossl_raise(rb_eTypeError, "Not a RSA key!"); } - if (obj == Qfalse) { - ossl_raise(eRSAError, ""); - } - return obj; + WrapPKey(cRSA, obj, pkey); + } + if (obj == Qfalse) { + ossl_raise(eRSAError, ""); + } + + return obj; } /* @@ -79,284 +81,287 @@ ossl_rsa_new(EVP_PKEY *pkey) static void ossl_rsa_generate_cb(int p, int n, void *arg) { - VALUE ary; + VALUE ary; - ary = rb_ary_new2(2); - rb_ary_store(ary, 0, INT2NUM(p)); - rb_ary_store(ary, 1, INT2NUM(n)); - - rb_yield(ary); + ary = rb_ary_new2(2); + rb_ary_store(ary, 0, INT2NUM(p)); + rb_ary_store(ary, 1, INT2NUM(n)); + + rb_yield(ary); } static RSA * rsa_generate(int size) { - void (*cb)(int, int, void *) = NULL; + void (*cb)(int, int, void *) = NULL; - if (rb_block_given_p()) { - cb = ossl_rsa_generate_cb; - } - return RSA_generate_key(size, RSA_F4, cb, NULL); + if (rb_block_given_p()) { + cb = ossl_rsa_generate_cb; + } + return RSA_generate_key(size, RSA_F4, cb, NULL); } static VALUE ossl_rsa_s_generate(VALUE klass, VALUE size) { - RSA *rsa = rsa_generate(FIX2INT(size)); /* err handled by rsa_instance */ - VALUE obj = rsa_instance(klass, rsa); + RSA *rsa = rsa_generate(FIX2INT(size)); /* err handled by rsa_instance */ + VALUE obj = rsa_instance(klass, rsa); - if (obj == Qfalse) { - RSA_free(rsa); - ossl_raise(eRSAError, ""); - } - return obj; + if (obj == Qfalse) { + RSA_free(rsa); + ossl_raise(eRSAError, ""); + } + + return obj; } static VALUE ossl_rsa_initialize(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; - RSA *rsa; - BIO *in; - char *passwd = NULL; - VALUE buffer, pass; + EVP_PKEY *pkey; + RSA *rsa; + BIO *in; + char *passwd = NULL; + VALUE buffer, pass; - GetPKey(self, pkey); + GetPKey(self, pkey); - rb_scan_args(argc, argv, "11", &buffer, &pass); - - if (FIXNUM_P(buffer)) { - if (!(rsa = rsa_generate(FIX2INT(buffer)))) { - ossl_raise(eRSAError, ""); - } - } else { - StringValue(buffer); - - if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); - } - if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { - ossl_raise(eRSAError, ""); - } - if (!(rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL))) { - BIO_reset(in); - - if (!(rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL, passwd))) { - BIO_free(in); - ossl_raise(eRSAError, "Neither PUB key nor PRIV key:"); - } - } - BIO_free(in); + rb_scan_args(argc, argv, "11", &buffer, &pass); + + if (FIXNUM_P(buffer)) { + if (!(rsa = rsa_generate(FIX2INT(buffer)))) { + ossl_raise(eRSAError, ""); + } + } + else { + StringValue(buffer); + if (!NIL_P(pass)) { + passwd = StringValuePtr(pass); + } + if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))){ + ossl_raise(eRSAError, ""); } - if (!EVP_PKEY_assign_RSA(pkey, rsa)) { - RSA_free(rsa); - ossl_raise(eRSAError, ""); + if (!(rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL))) { + BIO_reset(in); + + if (!(rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL, passwd))) { + BIO_free(in); + ossl_raise(eRSAError, "Neither PUB key nor PRIV key:"); + } } - return self; + BIO_free(in); + } + if (!EVP_PKEY_assign_RSA(pkey, rsa)) { + RSA_free(rsa); + ossl_raise(eRSAError, ""); + } + + return self; } static VALUE ossl_rsa_is_public(VALUE self) { - EVP_PKEY *pkey; - - GetPKeyRSA(self, pkey); - - /* - * SURPRISE! :-)) - * Every key is public at the same time! - */ - return Qtrue; + EVP_PKEY *pkey; + + GetPKeyRSA(self, pkey); + /* + * SURPRISE! :-)) + * Every key is public at the same time! + */ + return Qtrue; } static VALUE ossl_rsa_is_private(VALUE self) { - EVP_PKEY *pkey; + EVP_PKEY *pkey; - GetPKeyRSA(self, pkey); + GetPKeyRSA(self, pkey); - return (RSA_PRIVATE(pkey->pkey.rsa)) ? Qtrue : Qfalse; + return (RSA_PRIVATE(pkey->pkey.rsa)) ? Qtrue : Qfalse; } static VALUE ossl_rsa_export(int argc, VALUE *argv, VALUE self) { - EVP_PKEY *pkey; - BIO *out; - BUF_MEM *buf; - const EVP_CIPHER *ciph = NULL; - char *passwd = NULL; - VALUE cipher, pass, str; - - GetPKeyRSA(self, pkey); - - rb_scan_args(argc, argv, "02", &cipher, &pass); - - if (!NIL_P(cipher)) { - ciph = ossl_cipher_get_EVP_CIPHER(cipher); - - if (!NIL_P(pass)) { - passwd = StringValuePtr(pass); - } + EVP_PKEY *pkey; + BIO *out; + BUF_MEM *buf; + const EVP_CIPHER *ciph = NULL; + char *passwd = NULL; + VALUE cipher, pass, str; + + GetPKeyRSA(self, pkey); + + rb_scan_args(argc, argv, "02", &cipher, &pass); + + if (!NIL_P(cipher)) { + ciph = ossl_cipher_get_EVP_CIPHER(cipher); + if (!NIL_P(pass)) { + passwd = StringValuePtr(pass); } - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eRSAError, ""); + } + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eRSAError, ""); + } + if (RSA_PRIVATE(pkey->pkey.rsa)) { + if (!PEM_write_bio_RSAPrivateKey(out, pkey->pkey.rsa, ciph, + NULL, 0, NULL, passwd)) { + BIO_free(out); + ossl_raise(eRSAError, ""); } - if (RSA_PRIVATE(pkey->pkey.rsa)) { - if (!PEM_write_bio_RSAPrivateKey(out, pkey->pkey.rsa, ciph, NULL, 0, NULL, passwd)) { - BIO_free(out); - ossl_raise(eRSAError, ""); - } - } else { - if (!PEM_write_bio_RSAPublicKey(out, pkey->pkey.rsa)) { - BIO_free(out); - ossl_raise(eRSAError, ""); - } + } else { + if (!PEM_write_bio_RSAPublicKey(out, pkey->pkey.rsa)) { + BIO_free(out); + ossl_raise(eRSAError, ""); } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); - BIO_free(out); - - return str; + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } static VALUE ossl_rsa_public_encrypt(VALUE self, VALUE buffer) { - EVP_PKEY *pkey; - char *buf; - int buf_len; - VALUE str; + EVP_PKEY *pkey; + char *buf; + int buf_len; + VALUE str; - GetPKeyRSA(self, pkey); + GetPKeyRSA(self, pkey); - StringValue(buffer); + StringValue(buffer); - if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { - ossl_raise(eRSAError, ""); - } - if ((buf_len = RSA_public_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, buf, pkey->pkey.rsa, RSA_PKCS1_PADDING)) < 0) { - OPENSSL_free(buf); - ossl_raise(eRSAError, ""); - } - str = rb_str_new(buf, buf_len); + if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { + ossl_raise(eRSAError, ""); + } + buf_len = RSA_public_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, + buf, pkey->pkey.rsa, RSA_PKCS1_PADDING); + if (buf_len < 0){ OPENSSL_free(buf); + ossl_raise(eRSAError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); - return str; + return str; } static VALUE ossl_rsa_public_decrypt(VALUE self, VALUE buffer) { - EVP_PKEY *pkey; - char *buf; - int buf_len; - VALUE str; - - GetPKeyRSA(self, pkey); - - StringValue(buffer); - - if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { - ossl_raise(eRSAError, ""); - } - if ((buf_len = RSA_public_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, buf, pkey->pkey.rsa, RSA_PKCS1_PADDING)) < 0) { - OPENSSL_free(buf); - ossl_raise(eRSAError, ""); - } - str = rb_str_new(buf, buf_len); + EVP_PKEY *pkey; + char *buf; + int buf_len; + VALUE str; + + GetPKeyRSA(self, pkey); + StringValue(buffer); + if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { + ossl_raise(eRSAError, ""); + } + buf_len = RSA_public_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, + buf, pkey->pkey.rsa, RSA_PKCS1_PADDING); + if(buf_len < 0) { OPENSSL_free(buf); - - return str; + ossl_raise(eRSAError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); + + return str; } static VALUE ossl_rsa_private_encrypt(VALUE self, VALUE buffer) { - EVP_PKEY *pkey; - char *buf; - int buf_len; - VALUE str; + EVP_PKEY *pkey; + char *buf; + int buf_len; + VALUE str; - GetPKeyRSA(self, pkey); - - if (!RSA_PRIVATE(pkey->pkey.rsa)) { - ossl_raise(eRSAError, "PRIVATE key needed for this operation!"); - } - StringValue(buffer); - - if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { - ossl_raise(eRSAError, "Memory alloc error"); - } - if ((buf_len = RSA_private_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, buf, pkey->pkey.rsa, RSA_PKCS1_PADDING)) < 0) { - OPENSSL_free(buf); - ossl_raise(eRSAError, ""); - } - str = rb_str_new(buf, buf_len); + GetPKeyRSA(self, pkey); + if (!RSA_PRIVATE(pkey->pkey.rsa)) { + ossl_raise(eRSAError, "PRIVATE key needed for this operation!"); + } + StringValue(buffer); + if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { + ossl_raise(eRSAError, "Memory alloc error"); + } + buf_len = RSA_private_encrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, + buf, pkey->pkey.rsa, RSA_PKCS1_PADDING); + if (buf_len < 0){ OPENSSL_free(buf); - - return str; + ossl_raise(eRSAError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); + + return str; } static VALUE ossl_rsa_private_decrypt(VALUE self, VALUE buffer) { - EVP_PKEY *pkey; - char *buf; - int buf_len; - VALUE str; - - GetPKeyRSA(self, pkey); - - if (!RSA_PRIVATE(pkey->pkey.rsa)) { - ossl_raise(eRSAError, "Private RSA key needed!"); - } - StringValue(buffer); - - if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { - ossl_raise(eRSAError, "Memory alloc error"); - } - if ((buf_len = RSA_private_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, buf, pkey->pkey.rsa, RSA_PKCS1_PADDING)) < 0) { - OPENSSL_free(buf); - ossl_raise(eRSAError, ""); - } - str = rb_str_new(buf, buf_len); + EVP_PKEY *pkey; + char *buf; + int buf_len; + VALUE str; + + GetPKeyRSA(self, pkey); + if (!RSA_PRIVATE(pkey->pkey.rsa)) { + ossl_raise(eRSAError, "Private RSA key needed!"); + } + StringValue(buffer); + if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { + ossl_raise(eRSAError, "Memory alloc error"); + } + buf_len = RSA_private_decrypt(RSTRING(buffer)->len, RSTRING(buffer)->ptr, + buf, pkey->pkey.rsa, RSA_PKCS1_PADDING); + if(buf_len < 0) { OPENSSL_free(buf); + ossl_raise(eRSAError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); - return str; + return str; } +#if 0 /* * Just sample * (it's not (maybe) wise to show private RSA values) * - if, then implement this via OpenSSL::BN - * + */ static VALUE ossl_rsa_get_n(VALUE self) { - ossl_rsa *rsap = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; - VALUE num; + ossl_rsa *rsap = NULL; + BIO *out = NULL; + BUF_MEM *buf = NULL; + VALUE num; - GetRSA(self, rsap); + GetRSA(self, rsap); - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eRSAError, ""); - } - if (!BN_print(out, rsap->rsa->n)) { - BIO_free(out); - ossl_raise(eRSAError, ""); - } - - BIO_get_mem_ptr(out, &buf); - num = rb_cstr2inum(buf->data, 16); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eRSAError, ""); + } + if (!BN_print(out, rsap->rsa->n)) { BIO_free(out); + ossl_raise(eRSAError, ""); + } + BIO_get_mem_ptr(out, &buf); + num = rb_cstr2inum(buf->data, 16); + BIO_free(out); - return num; + return num; } - */ +#endif /* * Prints all parameters of key to buffer @@ -366,25 +371,24 @@ ossl_rsa_get_n(VALUE self) static VALUE ossl_rsa_to_text(VALUE self) { - EVP_PKEY *pkey; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetPKeyRSA(self, pkey); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eRSAError, ""); - } - if (!RSA_print(out, pkey->pkey.rsa, 0)) { //offset = 0 - BIO_free(out); - ossl_raise(eRSAError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + EVP_PKEY *pkey; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetPKeyRSA(self, pkey); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eRSAError, ""); + } + if (!RSA_print(out, pkey->pkey.rsa, 0)) { //offset = 0 BIO_free(out); + ossl_raise(eRSAError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); - return str; + return str; } /* @@ -393,76 +397,75 @@ ossl_rsa_to_text(VALUE self) static VALUE ossl_rsa_to_public_key(VALUE self) { - EVP_PKEY *pkey; - RSA *rsa; - VALUE obj; - - GetPKeyRSA(self, pkey); - - rsa = RSAPublicKey_dup(pkey->pkey.rsa); /* err check performed by rsa_instance */ - obj = rsa_instance(CLASS_OF(self), rsa); - - if (obj == Qfalse) { - RSA_free(rsa); - ossl_raise(eRSAError, ""); - } - return obj; + EVP_PKEY *pkey; + RSA *rsa; + VALUE obj; + + GetPKeyRSA(self, pkey); + /* err check performed by rsa_instance */ + rsa = RSAPublicKey_dup(pkey->pkey.rsa); + obj = rsa_instance(CLASS_OF(self), rsa); + if (obj == Qfalse) { + RSA_free(rsa); + ossl_raise(eRSAError, ""); + } + return obj; } +#if 0 /* * TODO, FIXME * Find some good way how to specify type * Is NID_md5_sha1 OK for all? (Don't think so.) - * + */ static VALUE ossl_rsa_sign(VALUE self, VALUE data) { - EVP_PKEY *pkey; - char *buf; - int buf_len; - VALUE str; - - GetPKeyRSA(self, pkey); - - StringValue(data); - - if (!RSA_PRIVATE(pkey->pkey.rsa)) { - ossl_raise(eRSAError, "Private RSA key needed!"); - } - if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { - ossl_raise(eRSAError, ""); - } - if (!RSA_sign(0, RSTRING(data)->ptr, RSTRING(data)->len, buf, &buf_len, pkey->pkey.rsa)) { - OPENSSL_free(buf); - ossl_raise(eRSAError, ""); - } - str = rb_str_new(buf, buf_len); + EVP_PKEY *pkey; + char *buf; + int buf_len; + VALUE str; + + GetPKeyRSA(self, pkey); + StringValue(data); + if (!RSA_PRIVATE(pkey->pkey.rsa)) { + ossl_raise(eRSAError, "Private RSA key needed!"); + } + if (!(buf = OPENSSL_malloc(RSA_size(pkey->pkey.rsa) + 16))) { + ossl_raise(eRSAError, ""); + } + if (!RSA_sign(0, RSTRING(data)->ptr, RSTRING(data)->len, buf, + &buf_len, pkey->pkey.rsa)) { OPENSSL_free(buf); - - return str; + ossl_raise(eRSAError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); + + return str; } static VALUE ossl_rsa_verify(VALUE self, VALUE sig, VALUE data) { - EVP_PKEY *pkey; - int ret; - - GetPKeyDSA(self, pkey); - - StringValue(digest); - StringValue(sig); - - ret = RSA_verify(0, RSTRING(digest)->ptr, RSTRING(digest)->len, RSTRING(sig)->ptr, RSTRING(sig)->len, pkey->pkey.rsa); + EVP_PKEY *pkey; + int ret; + + GetPKeyDSA(self, pkey); + StringValue(digest); + StringValue(sig); + ret = RSA_verify(0, RSTRING(digest)->ptr, RSTRING(digest)->len, + RSTRING(sig)->ptr, RSTRING(sig)->len, pkey->pkey.rsa); + if (ret < 0) { + ossl_raise(eRSAError, ""); + } + else if (ret == 1) { + return Qtrue; + } - if (ret < 0) { - ossl_raise(eRSAError, ""); - } else if (ret == 1) { - return Qtrue; - } - return Qfalse; + return Qfalse; } - */ +#endif /* * INIT @@ -470,41 +473,38 @@ ossl_rsa_verify(VALUE self, VALUE sig, VALUE data) void Init_ossl_rsa() { - eRSAError = rb_define_class_under(mPKey, "RSAError", ePKeyError); + eRSAError = rb_define_class_under(mPKey, "RSAError", ePKeyError); - cRSA = rb_define_class_under(mPKey, "RSA", cPKey); + cRSA = rb_define_class_under(mPKey, "RSA", cPKey); - rb_define_singleton_method(cRSA, "generate", ossl_rsa_s_generate, 1); - rb_define_method(cRSA, "initialize", ossl_rsa_initialize, -1); + rb_define_singleton_method(cRSA, "generate", ossl_rsa_s_generate, 1); + rb_define_method(cRSA, "initialize", ossl_rsa_initialize, -1); - rb_define_method(cRSA, "public?", ossl_rsa_is_public, 0); - rb_define_method(cRSA, "private?", ossl_rsa_is_private, 0); - rb_define_method(cRSA, "to_text", ossl_rsa_to_text, 0); - rb_define_method(cRSA, "export", ossl_rsa_export, -1); - rb_define_alias(cRSA, "to_pem", "export"); - rb_define_method(cRSA, "public_key", ossl_rsa_to_public_key, 0); - rb_define_method(cRSA, "public_encrypt", ossl_rsa_public_encrypt, 1); - rb_define_method(cRSA, "public_decrypt", ossl_rsa_public_decrypt, 1); - rb_define_method(cRSA, "private_encrypt", ossl_rsa_private_encrypt, 1); - rb_define_method(cRSA, "private_decrypt", ossl_rsa_private_decrypt, 1); - /*rb_define_method(cRSA, "n", ossl_rsa_get_n, 0);*/ + rb_define_method(cRSA, "public?", ossl_rsa_is_public, 0); + rb_define_method(cRSA, "private?", ossl_rsa_is_private, 0); + rb_define_method(cRSA, "to_text", ossl_rsa_to_text, 0); + rb_define_method(cRSA, "export", ossl_rsa_export, -1); + rb_define_alias(cRSA, "to_pem", "export"); + rb_define_method(cRSA, "public_key", ossl_rsa_to_public_key, 0); + rb_define_method(cRSA, "public_encrypt", ossl_rsa_public_encrypt, 1); + rb_define_method(cRSA, "public_decrypt", ossl_rsa_public_decrypt, 1); + rb_define_method(cRSA, "private_encrypt", ossl_rsa_private_encrypt, 1); + rb_define_method(cRSA, "private_decrypt", ossl_rsa_private_decrypt, 1); + /* rb_define_method(cRSA, "n", ossl_rsa_get_n, 0); */ /* * TODO, FIXME * Find way how to support digest types - * - rb_define_method(cRSA, "syssign", ossl_rsa_sign, 2); - rb_define_method(cRSA, "sysverify", ossl_rsa_verify, 3); + * + rb_define_method(cRSA, "syssign", ossl_rsa_sign, 2); + rb_define_method(cRSA, "sysverify", ossl_rsa_verify, 3); */ } #else /* defined NO_RSA */ -# warning >>> OpenSSL is compiled without RSA support <<< - +# warning >>> OpenSSL is compiled without RSA support <<< void Init_ossl_rsa() { - rb_warning("OpenSSL is compiled without RSA support"); + rb_warning("OpenSSL is compiled without RSA support"); } - #endif /* NO_RSA */ - diff --git a/ossl_rand.c b/ossl_rand.c index 2e17934..47de7d5 100644 --- a/ossl_rand.c +++ b/ossl_rand.c @@ -30,73 +30,72 @@ VALUE eRandomError; static VALUE ossl_rand_seed(VALUE self, VALUE str) { - StringValue(str); - RAND_seed(RSTRING(str)->ptr, RSTRING(str)->len); + StringValue(str); + RAND_seed(RSTRING(str)->ptr, RSTRING(str)->len); - return str; + return str; } static VALUE ossl_rand_load_file(VALUE self, VALUE filename) { - SafeStringValue(filename); + SafeStringValue(filename); - if(!RAND_load_file(RSTRING(filename)->ptr, -1)) { - ossl_raise(eRandomError, ""); - } - return Qtrue; + if(!RAND_load_file(RSTRING(filename)->ptr, -1)) { + ossl_raise(eRandomError, ""); + } + return Qtrue; } static VALUE ossl_rand_write_file(VALUE self, VALUE filename) { - SafeStringValue(filename); - - if (RAND_write_file(RSTRING(filename)->ptr) == -1) { - ossl_raise(eRandomError, ""); - } - return Qtrue; + SafeStringValue(filename); + if (RAND_write_file(RSTRING(filename)->ptr) == -1) { + ossl_raise(eRandomError, ""); + } + return Qtrue; } static VALUE ossl_rand_bytes(VALUE self, VALUE len) { - unsigned char *buffer = NULL; - VALUE str; + unsigned char *buffer = NULL; + VALUE str; - if (!(buffer = OPENSSL_malloc(FIX2INT(len) + 1))) { - ossl_raise(eRandomError, ""); - } - if (!RAND_bytes(buffer, FIX2INT(len))) { - OPENSSL_free(buffer); - ossl_raise(eRandomError, ""); - } - str = rb_str_new(buffer, FIX2INT(len)); + if (!(buffer = OPENSSL_malloc(FIX2INT(len) + 1))) { + ossl_raise(eRandomError, ""); + } + if (!RAND_bytes(buffer, FIX2INT(len))) { OPENSSL_free(buffer); + ossl_raise(eRandomError, ""); + } + str = rb_str_new(buffer, FIX2INT(len)); + OPENSSL_free(buffer); - return str; + return str; } static VALUE ossl_rand_egd(VALUE self, VALUE filename) { - SafeStringValue(filename); + SafeStringValue(filename); - if(!RAND_egd(RSTRING(filename)->ptr)) { - ossl_raise(eRandomError, ""); - } - return Qtrue; + if(!RAND_egd(RSTRING(filename)->ptr)) { + ossl_raise(eRandomError, ""); + } + return Qtrue; } static VALUE ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) { - SafeStringValue(filename); + SafeStringValue(filename); - if (!RAND_egd_bytes(RSTRING(filename)->ptr, FIX2INT(len))) { - ossl_raise(eRandomError, ""); - } - return Qtrue; + if (!RAND_egd_bytes(RSTRING(filename)->ptr, FIX2INT(len))) { + ossl_raise(eRandomError, ""); + } + return Qtrue; } /* @@ -105,15 +104,15 @@ ossl_rand_egd_bytes(VALUE self, VALUE filename, VALUE len) void Init_ossl_rand() { - mRandom = rb_define_module_under(mOSSL, "Random"); + mRandom = rb_define_module_under(mOSSL, "Random"); - eRandomError = rb_define_class_under(mRandom, "RandomError", eOSSLError); + eRandomError = rb_define_class_under(mRandom, "RandomError", eOSSLError); - rb_define_method(mRandom, "seed", ossl_rand_seed, 1); - rb_define_method(mRandom, "load_random_file", ossl_rand_load_file, 1); - rb_define_method(mRandom, "write_random_file", ossl_rand_write_file, 1); - rb_define_method(mRandom, "random_bytes", ossl_rand_bytes, 1); - rb_define_method(mRandom, "egd", ossl_rand_egd, 1); - rb_define_method(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2); + rb_define_method(mRandom, "seed", ossl_rand_seed, 1); + rb_define_method(mRandom, "load_random_file", ossl_rand_load_file, 1); + rb_define_method(mRandom, "write_random_file", ossl_rand_write_file, 1); + rb_define_method(mRandom, "random_bytes", ossl_rand_bytes, 1); + rb_define_method(mRandom, "egd", ossl_rand_egd, 1); + rb_define_method(mRandom, "egd_bytes", ossl_rand_egd_bytes, 2); } @@ -39,6 +39,7 @@ VALUE cSSLSocket; #define ossl_sslctx_set_verify_mode(o,v) rb_iv_set((o),"@verify_mode",(v)) #define ossl_sslctx_set_verify_dep(o,v) rb_iv_set((o),"@verify_depth",(v)) #define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v)) +#define ossl_sslctx_set_fixed(o,v) rb_iv_set((o),"@fixed",(v)) #define ossl_sslctx_get_method(o,v) rb_iv_get((o),"@ssl_method",(v)) #define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert") @@ -52,13 +53,14 @@ VALUE cSSLSocket; #define ossl_sslctx_get_verify_mode(o) rb_iv_get((o),"@verify_mode") #define ossl_sslctx_get_verify_dep(o) rb_iv_get((o),"@verify_depth") #define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback") +#define ossl_sslctx_get_fixed(o) rb_iv_get((o),"@fixed") static VALUE ossl_sslctx_set_cert2(VALUE, VALUE); static VALUE ossl_sslctx_set_cert_file2(VALUE, VALUE); static VALUE ossl_sslctx_set_key2(VALUE, VALUE); static VALUE ossl_sslctx_set_key_file2(VALUE, VALUE); -typedef struct ossl_sslctx_st_t{ +typedef struct ossl_sslctx_st_t { SSL_METHOD *method; SSL_CTX *ctx; } ossl_sslctx_st; @@ -66,6 +68,7 @@ typedef struct ossl_sslctx_st_t{ static char *ossl_sslctx_attrs[] = { "cert", "cert_file", "key", "key_file", "ca_cert", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "verify_callback", "ssl_method", + "fixed", }; #define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method } @@ -123,6 +126,10 @@ ossl_sslctx_initialize(int argc, VALUE *argv, VALUE self) } if(p->method == NULL) rb_raise(rb_eArgError, "unknown SSL method `%s'.", s); + if((p->ctx = SSL_CTX_new(p->method)) == NULL) + ossl_raise(eSSLError, "SSL_CTX_new:"); + SSL_CTX_set_options(p->ctx, SSL_OP_ALL); + ossl_sslctx_set_fixed(self, Qfalse); return self; } @@ -189,13 +196,9 @@ ossl_sslctx_setup(VALUE self) int verify_mode; VALUE val; - Data_Get_Struct(self, ossl_sslctx_st, p); - if(p->ctx) return Qfalse; - - if((p->ctx = SSL_CTX_new(p->method)) == NULL) - ossl_raise(eSSLError, "SSL_CTX_new:"); - SSL_CTX_set_options(p->ctx, SSL_OP_ALL); + if(ossl_sslctx_get_fixed(self)) return Qfalse; + Data_Get_Struct(self, ossl_sslctx_st, p); /* private key may be bundled in certificate file. */ val = ossl_sslctx_get_cert(self); cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */ @@ -243,6 +246,8 @@ ossl_sslctx_setup(VALUE self) val = ossl_sslctx_get_verify_dep(self); if(!NIL_P(val)) SSL_CTX_set_verify_depth(p->ctx, NUM2LONG(val)); + ossl_sslctx_set_fixed(self, Qtrue); + return Qtrue; } @@ -478,7 +483,7 @@ static VALUE ossl_ssl_read(VALUE self, VALUE len) { ossl_ssl_st *p; - size_t ilen, nread = 0; + int ilen, nread = 0; VALUE str; OpenFile *fptr; @@ -516,7 +521,7 @@ static VALUE ossl_ssl_write(VALUE self, VALUE str) { ossl_ssl_st *p; - size_t nwrite = 0; + int nwrite = 0; OpenFile *fptr; FILE *fp; diff --git a/ossl_x509.c b/ossl_x509.c index 415008b..e0a76d5 100644 --- a/ossl_x509.c +++ b/ossl_x509.c @@ -15,15 +15,15 @@ VALUE mX509; void Init_ossl_x509() { - mX509 = rb_define_module_under(mOSSL, "X509"); - - Init_ossl_x509attr(); - Init_ossl_x509cert(); - Init_ossl_x509crl(); - Init_ossl_x509ext(); - Init_ossl_x509name(); - Init_ossl_x509req(); - Init_ossl_x509revoked(); - Init_ossl_x509store(); + mX509 = rb_define_module_under(mOSSL, "X509"); + + Init_ossl_x509attr(); + Init_ossl_x509cert(); + Init_ossl_x509crl(); + Init_ossl_x509ext(); + Init_ossl_x509name(); + Init_ossl_x509req(); + Init_ossl_x509revoked(); + Init_ossl_x509store(); } diff --git a/ossl_x509attr.c b/ossl_x509attr.c index 8e0ae19..98f4a33 100644 --- a/ossl_x509attr.c +++ b/ossl_x509attr.c @@ -11,20 +11,20 @@ #include "ossl.h" #define WrapX509Attr(klass, obj, attr) do { \ - if (!attr) { \ - ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, X509_ATTRIBUTE_free, attr); \ + if (!attr) { \ + ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_ATTRIBUTE_free, attr); \ } while (0) #define GetX509Attr(obj, attr) do { \ - Data_Get_Struct(obj, X509_ATTRIBUTE, attr); \ - if (!attr) { \ - ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, X509_ATTRIBUTE, attr); \ + if (!attr) { \ + ossl_raise(rb_eRuntimeError, "ATTR wasn't initialized!"); \ + } \ } while (0) #define SafeGetX509Attr(obj, attr) do { \ - OSSL_Check_Kind(obj, cX509Attr); \ - GetX509Attr(obj, attr); \ + OSSL_Check_Kind(obj, cX509Attr); \ + GetX509Attr(obj, attr); \ } while (0) /* @@ -39,33 +39,33 @@ VALUE eX509AttrError; VALUE ossl_x509attr_new(X509_ATTRIBUTE *attr) { - X509_ATTRIBUTE *new; - VALUE obj; - - if (!attr) { - new = X509_ATTRIBUTE_new(); - } else { - new = X509_ATTRIBUTE_dup(attr); - } - if (!new) { - ossl_raise(eX509AttrError, ""); - } - WrapX509Attr(cX509Attr, obj, new); - - return obj; + X509_ATTRIBUTE *new; + VALUE obj; + + if (!attr) { + new = X509_ATTRIBUTE_new(); + } else { + new = X509_ATTRIBUTE_dup(attr); + } + if (!new) { + ossl_raise(eX509AttrError, ""); + } + WrapX509Attr(cX509Attr, obj, new); + + return obj; } X509_ATTRIBUTE * ossl_x509attr_get_X509_ATTRIBUTE(VALUE obj) { - X509_ATTRIBUTE *attr, *new; + X509_ATTRIBUTE *attr, *new; - SafeGetX509Attr(obj, attr); + SafeGetX509Attr(obj, attr); + if (!(new = X509_ATTRIBUTE_dup(attr))) { + ossl_raise(eX509AttrError, ""); + } - if (!(new = X509_ATTRIBUTE_dup(attr))) { - ossl_raise(eX509AttrError, ""); - } - return new; + return new; } /* @@ -74,75 +74,66 @@ ossl_x509attr_get_X509_ATTRIBUTE(VALUE obj) static VALUE ossl_x509attr_s_new_from_array(VALUE klass, VALUE ary) { - X509_ATTRIBUTE *attr; - int nid = NID_undef; - VALUE item, obj; - - Check_Type(ary, T_ARRAY); - - if (RARRAY(ary)->len != 2) { - ossl_raise(eX509AttrError, "unsupported ary structure"); - } - - /* key [0] */ - item = RARRAY(ary)->ptr[0]; - StringValue(item); - - if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) { - if (!(nid = OBJ_sn2nid(RSTRING(item)->ptr))) { - ossl_raise(eX509AttrError, ""); - } - } - - /* data [1] */ - item = RARRAY(ary)->ptr[1]; - StringValuePtr(item); - - if (!(attr = X509_ATTRIBUTE_create(nid, MBSTRING_ASC, RSTRING(item)->ptr))) { - ossl_raise(eX509AttrError, ""); + X509_ATTRIBUTE *attr; + int nid = NID_undef; + VALUE item, obj; + + Check_Type(ary, T_ARRAY); + if (RARRAY(ary)->len != 2) { + ossl_raise(eX509AttrError, "unsupported ary structure"); + } + /* key [0] */ + item = RARRAY(ary)->ptr[0]; + StringValue(item); + if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) { + if (!(nid = OBJ_sn2nid(RSTRING(item)->ptr))) { + ossl_raise(eX509AttrError, ""); } - WrapX509Attr(klass, obj, attr); - - return obj; + } + /* data [1] */ + item = RARRAY(ary)->ptr[1]; + StringValuePtr(item); + if (!(attr = X509_ATTRIBUTE_create(nid, MBSTRING_ASC, RSTRING(item)->ptr))) { + ossl_raise(eX509AttrError, ""); + } + WrapX509Attr(klass, obj, attr); + + return obj; } +#if 0 /* * is there any print for attribute? * (NO, but check t_req.c in crypto/asn1) - * + */ static VALUE ossl_x509attr_to_a(VALUE self) { - ossl_x509attr *attrp = NULL; - BIO *out = NULL; - BUF_MEM *buf = NULL; - int nid = NID_undef; - VALUE ary, value; + ossl_x509attr *attrp = NULL; + BIO *out = NULL; + BUF_MEM *buf = NULL; + int nid = NID_undef; + VALUE ary, value; - GetX509Attr(obj, attrp); - - ary = rb_ary_new2(2); - - nid = OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attrp->attribute)); - rb_ary_push(ary, rb_str_new2(OBJ_nid2sn(nid))); - - if (!(out = BIO_new(BIO_s_mem()))) - ossl_raise(eX509ExtensionError, ""); - - if (!X509V3_???_print(out, extp->extension, 0, 0)) { - BIO_free(out); - ossl_raise(eX509ExtensionError, ""); - } - BIO_get_mem_ptr(out, &buf); - value = rb_str_new(buf->data, buf->length); + GetX509Attr(obj, attrp); + ary = rb_ary_new2(2); + nid = OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attrp->attribute)); + rb_ary_push(ary, rb_str_new2(OBJ_nid2sn(nid))); + if (!(out = BIO_new(BIO_s_mem()))) + ossl_raise(eX509ExtensionError, ""); + if (!X509V3_???_print(out, extp->extension, 0, 0)) { BIO_free(out); - - rb_funcall(value, rb_intern("tr!"), 2, rb_str_new2("\n"), rb_str_new2(",")); - rb_ary_push(ary, value); - - return ary; + ossl_raise(eX509ExtensionError, ""); + } + BIO_get_mem_ptr(out, &buf); + value = rb_str_new(buf->data, buf->length); + BIO_free(out); + rb_funcall(value, rb_intern("tr!"), 2, rb_str_new2("\n"), rb_str_new2(",")); + rb_ary_push(ary, value); + + return ary; } - */ +#endif /* * X509_ATTRIBUTE init @@ -150,13 +141,12 @@ ossl_x509attr_to_a(VALUE self) void Init_ossl_x509attr() { - eX509AttrError = rb_define_class_under(mX509, "AttributeError", eOSSLError); + eX509AttrError = rb_define_class_under(mX509, "AttributeError", eOSSLError); - cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject); - rb_define_singleton_method(cX509Attr, "new_from_array", ossl_x509attr_s_new_from_array, 1); + cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject); + rb_define_singleton_method(cX509Attr, "new_from_array", ossl_x509attr_s_new_from_array, 1); /* * TODO: - rb_define_method(cX509Attr, "to_a", ossl_x509attr_to_a, 0); + rb_define_method(cX509Attr, "to_a", ossl_x509attr_to_a, 0); */ } - diff --git a/ossl_x509cert.c b/ossl_x509cert.c index eac14dc..fe039ca 100644 --- a/ossl_x509cert.c +++ b/ossl_x509cert.c @@ -11,20 +11,20 @@ #include "ossl.h" #define WrapX509(klass, obj, x509) do { \ - if (!x509) { \ - ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, X509_free, x509); \ + if (!x509) { \ + ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_free, x509); \ } while (0) #define GetX509(obj, x509) do { \ - Data_Get_Struct(obj, X509, x509); \ - if (!x509) { \ - ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, X509, x509); \ + if (!x509) { \ + ossl_raise(rb_eRuntimeError, "CERT wasn't initialized!"); \ + } \ } while (0) #define SafeGetX509(obj, x509) do { \ - OSSL_Check_Kind(obj, cX509Cert); \ - GetX509(obj, x509); \ + OSSL_Check_Kind(obj, cX509Cert); \ + GetX509(obj, x509); \ } while (0) /* @@ -39,65 +39,63 @@ VALUE eX509CertError; VALUE ossl_x509_new(X509 *x509) { - X509 *new; - VALUE obj; + X509 *new; + VALUE obj; - if (!x509) { - new = X509_new(); - } else { - new = X509_dup(x509); - } - if (!new) { - ossl_raise(eX509CertError, ""); - } - WrapX509(cX509Cert, obj, new); + if (!x509) { + new = X509_new(); + } else { + new = X509_dup(x509); + } + if (!new) { + ossl_raise(eX509CertError, ""); + } + WrapX509(cX509Cert, obj, new); - return obj; + return obj; } VALUE ossl_x509_new_from_file(VALUE filename) { - X509 *x509; - FILE *fp; - VALUE obj; + X509 *x509; + FILE *fp; + VALUE obj; - SafeStringValue(filename); - - if (!(fp = fopen(RSTRING(filename)->ptr, "r"))) { - ossl_raise(eX509CertError, "%s", strerror(errno)); - } - x509 = PEM_read_X509(fp, NULL, NULL, NULL); - fclose(fp); + SafeStringValue(filename); + if (!(fp = fopen(RSTRING(filename)->ptr, "r"))) { + ossl_raise(eX509CertError, "%s", strerror(errno)); + } + x509 = PEM_read_X509(fp, NULL, NULL, NULL); + fclose(fp); + if (!x509) { + ossl_raise(eX509CertError, ""); + } + WrapX509(cX509Cert, obj, x509); - if (!x509) { - ossl_raise(eX509CertError, ""); - } - WrapX509(cX509Cert, obj, x509); - - return obj; + return obj; } X509 * GetX509CertPtr(VALUE obj) { - X509 *x509; + X509 *x509; - SafeGetX509(obj, x509); + SafeGetX509(obj, x509); - return x509; + return x509; } X509 * DupX509CertPtr(VALUE obj) { - X509 *x509; + X509 *x509; - SafeGetX509(obj, x509); + SafeGetX509(obj, x509); - CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); - return x509; + return x509; } /* @@ -106,367 +104,359 @@ DupX509CertPtr(VALUE obj) static VALUE ossl_x509_s_allocate(VALUE klass) { - X509 *x509; - VALUE obj; + X509 *x509; + VALUE obj; - if (!(x509 = X509_new())) { - ossl_raise(eX509CertError, ""); - } - WrapX509(klass, obj, x509); + if (!(x509 = X509_new())) { + ossl_raise(eX509CertError, ""); + } + WrapX509(klass, obj, x509); - return obj; + return obj; } static VALUE ossl_x509_initialize(int argc, VALUE *argv, VALUE self) { - BIO *in; - VALUE buffer; + BIO *in; + VALUE buffer; - if (rb_scan_args(argc, argv, "01", &buffer) == 0) { - /* create just empty X509Cert */ - return self; - } - StringValue(buffer); - - if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { - ossl_raise(eX509CertError, ""); - } - /* - * TODO: - * Check if we could free old X509 - X509_free(DATA_PTR(self)); - */ - if (!PEM_read_bio_X509(in, (X509 **)&DATA_PTR(self), NULL, NULL)) { - BIO_free(in); - ossl_raise(eX509CertError, ""); - } - BIO_free(in); - + if (rb_scan_args(argc, argv, "01", &buffer) == 0) { + /* create just empty X509Cert */ return self; + } + StringValue(buffer); + + if (!(in = BIO_new_mem_buf(RSTRING(buffer)->ptr, RSTRING(buffer)->len))) { + ossl_raise(eX509CertError, ""); + } + /* + * TODO: + * Check if we could free old X509 + X509_free(DATA_PTR(self)); + */ + if (!PEM_read_bio_X509(in, (X509 **)&DATA_PTR(self), NULL, NULL)) { + BIO_free(in); + ossl_raise(eX509CertError, ""); + } + BIO_free(in); + + return self; } static VALUE ossl_x509_become(VALUE self, VALUE other) { - X509 *a, *b, *x509; + X509 *a, *b, *x509; - rb_check_frozen(self); - - if (self == other) return self; + rb_check_frozen(self); + if (self == other) return self; + GetX509(self, a); + SafeGetX509(other, b); + if (!(x509 = X509_dup(b))) { + ossl_raise(eX509CertError, ""); + } + X509_free(a); + DATA_PTR(self) = x509; - GetX509(self, a); - SafeGetX509(other, b); - - if (!(x509 = X509_dup(b))) { - ossl_raise(eX509CertError, ""); - } - X509_free(a); - DATA_PTR(self) = x509; - - return self; + return self; } static VALUE ossl_x509_to_der(VALUE self) { - X509 *x509; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetX509(self, x509); + X509 *x509; + BIO *out; + BUF_MEM *buf; + VALUE str; - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509CertError, ""); - } - if (!i2d_X509_bio(out, x509)) { - BIO_free(out); - ossl_raise(eX509CertError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + GetX509(self, x509); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509CertError, ""); + } + if (!i2d_X509_bio(out, x509)) { BIO_free(out); - - return str; + ossl_raise(eX509CertError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } static VALUE ossl_x509_to_pem(VALUE self) { - X509 *x509; - BIO *out; - BUF_MEM *buf; - VALUE str; + X509 *x509; + BIO *out; + BUF_MEM *buf; + VALUE str; - GetX509(self, x509); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509CertError, ""); - } - if (!PEM_write_bio_X509(out, x509)) { - BIO_free(out); - ossl_raise(eX509CertError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + GetX509(self, x509); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509CertError, ""); + } + if (!PEM_write_bio_X509(out, x509)) { BIO_free(out); - - return str; + ossl_raise(eX509CertError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } static VALUE ossl_x509_to_text(VALUE self) { - X509 *x509; - BIO *out; - BUF_MEM *buf; - VALUE str; + X509 *x509; + BIO *out; + BUF_MEM *buf; + VALUE str; - GetX509(self, x509); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509CertError, ""); - } - if (!X509_print(out, x509)) { - BIO_free(out); - ossl_raise(eX509CertError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + GetX509(self, x509); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509CertError, ""); + } + if (!X509_print(out, x509)) { BIO_free(out); - - return str; + ossl_raise(eX509CertError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } +#if 0 /* * Makes from X509 X509_REQuest - * + */ static VALUE ossl_x509_to_req(VALUE self) { - X509 *x509; - X509_REQ *req; - VALUE obj; - - GetX509(self, x509); - - if (!(req = X509_to_X509_REQ(x509, NULL, EVP_md5()))) { - ossl_raise(eX509CertError, ""); - } - obj = ossl_x509req_new(req); - X509_REQ_free(req); + X509 *x509; + X509_REQ *req; + VALUE obj; + + GetX509(self, x509); + if (!(req = X509_to_X509_REQ(x509, NULL, EVP_md5()))) { + ossl_raise(eX509CertError, ""); + } + obj = ossl_x509req_new(req); + X509_REQ_free(req); - return obj; + return obj; } - */ +#endif static VALUE ossl_x509_get_version(VALUE self) { - X509 *x509; + X509 *x509; - GetX509(self, x509); + GetX509(self, x509); - return LONG2NUM(X509_get_version(x509)); + return LONG2NUM(X509_get_version(x509)); } static VALUE ossl_x509_set_version(VALUE self, VALUE version) { - X509 *x509; - long ver; + X509 *x509; + long ver; - GetX509(self, x509); + GetX509(self, x509); + if ((ver = NUM2LONG(version)) < 0) { + ossl_raise(eX509CertError, "version must be >= 0!"); + } + if (!X509_set_version(x509, ver)) { + ossl_raise(eX509CertError, ""); + } - if ((ver = NUM2LONG(version)) < 0) { - ossl_raise(eX509CertError, "version must be >= 0!"); - } - if (!X509_set_version(x509, ver)) { - ossl_raise(eX509CertError, ""); - } - return version; + return version; } static VALUE ossl_x509_get_serial(VALUE self) { - X509 *x509; + X509 *x509; - GetX509(self, x509); + GetX509(self, x509); - return asn1integer_to_num(X509_get_serialNumber(x509)); + return asn1integer_to_num(X509_get_serialNumber(x509)); } static VALUE ossl_x509_set_serial(VALUE self, VALUE num) { - X509 *x509; + X509 *x509; - GetX509(self, x509); + GetX509(self, x509); - x509->cert_info->serialNumber = num_to_asn1integer(num, X509_get_serialNumber(x509)); + x509->cert_info->serialNumber = + num_to_asn1integer(num, X509_get_serialNumber(x509)); - return num; + return num; } static VALUE ossl_x509_get_subject(VALUE self) { - X509 *x509; - X509_NAME *name; + X509 *x509; + X509_NAME *name; - GetX509(self, x509); + GetX509(self, x509); + if (!(name = X509_get_subject_name(x509))) { /* NO DUP - don't free! */ + ossl_raise(eX509CertError, ""); + } - if (!(name = X509_get_subject_name(x509))) { /* NO DUP - don't free! */ - ossl_raise(eX509CertError, ""); - } - return ossl_x509name_new(name); + return ossl_x509name_new(name); } static VALUE ossl_x509_set_subject(VALUE self, VALUE subject) { - X509 *x509; + X509 *x509; - GetX509(self, x509); + GetX509(self, x509); + if (!X509_set_subject_name(x509, GetX509NamePtr(subject))) { /* DUPs name */ + ossl_raise(eX509CertError, ""); + } - if (!X509_set_subject_name(x509, GetX509NamePtr(subject))) { /* DUPs name */ - ossl_raise(eX509CertError, ""); - } - return subject; + return subject; } static VALUE ossl_x509_get_issuer(VALUE self) { - X509 *x509; - X509_NAME *name; - - GetX509(self, x509); - - if(!(name = X509_get_issuer_name(x509))) { /* NO DUP - don't free! */ - ossl_raise(eX509CertError, ""); - } - return ossl_x509name_new(name); + X509 *x509; + X509_NAME *name; + + GetX509(self, x509); + if(!(name = X509_get_issuer_name(x509))) { /* NO DUP - don't free! */ + ossl_raise(eX509CertError, ""); + } + + return ossl_x509name_new(name); } static VALUE ossl_x509_set_issuer(VALUE self, VALUE issuer) { - X509 *x509; - - GetX509(self, x509); + X509 *x509; - if (!X509_set_issuer_name(x509, GetX509NamePtr(issuer))) { /* DUPs name */ - ossl_raise(eX509CertError, ""); - } - return issuer; + GetX509(self, x509); + if (!X509_set_issuer_name(x509, GetX509NamePtr(issuer))) { /* DUPs name */ + ossl_raise(eX509CertError, ""); + } + + return issuer; } static VALUE ossl_x509_get_not_before(VALUE self) { - X509 *x509; - ASN1_UTCTIME *asn1time; + X509 *x509; + ASN1_UTCTIME *asn1time; - GetX509(self, x509); + GetX509(self, x509); + if (!(asn1time = X509_get_notBefore(x509))) { /* NO DUP - don't free! */ + ossl_raise(eX509CertError, ""); + } - if (!(asn1time = X509_get_notBefore(x509))) { /* NO DUP - don't free! */ - ossl_raise(eX509CertError, ""); - } - return asn1time_to_time(asn1time); + return asn1time_to_time(asn1time); } static VALUE ossl_x509_set_not_before(VALUE self, VALUE time) { - X509 *x509; - time_t sec; + X509 *x509; + time_t sec; - GetX509(self, x509); + GetX509(self, x509); + sec = time_to_time_t(time); + if (!X509_time_adj(X509_get_notBefore(x509), 0, &sec)) { + ossl_raise(eX509CertError, ""); + } - sec = time_to_time_t(time); - - if (!X509_time_adj(X509_get_notBefore(x509), 0, &sec)) { - ossl_raise(eX509CertError, ""); - } - return time; + return time; } static VALUE ossl_x509_get_not_after(VALUE self) { - X509 *x509; - ASN1_TIME *asn1time; + X509 *x509; + ASN1_TIME *asn1time; - GetX509(self, x509); + GetX509(self, x509); + if (!(asn1time = X509_get_notAfter(x509))) { /* NO DUP - don't free! */ + ossl_raise(eX509CertError, ""); + } - if (!(asn1time = X509_get_notAfter(x509))) { /* NO DUP - don't free! */ - ossl_raise(eX509CertError, ""); - } - return asn1time_to_time(asn1time); + return asn1time_to_time(asn1time); } static VALUE ossl_x509_set_not_after(VALUE self, VALUE time) { - X509 *x509; - time_t sec; + X509 *x509; + time_t sec; - GetX509(self, x509); + GetX509(self, x509); + sec = time_to_time_t(time); + if (!X509_time_adj(X509_get_notAfter(x509), 0, &sec)) { + ossl_raise(eX509CertError, ""); + } - sec = time_to_time_t(time); - - if (!X509_time_adj(X509_get_notAfter(x509), 0, &sec)) { - ossl_raise(eX509CertError, ""); - } - return time; + return time; } static VALUE ossl_x509_get_public_key(VALUE self) { - X509 *x509; - EVP_PKEY *pkey; + X509 *x509; + EVP_PKEY *pkey; - GetX509(self, x509); - - if (!(pkey = X509_get_pubkey(x509))) { /* adds an reference */ - ossl_raise(eX509CertError, ""); - } - return ossl_pkey_new(pkey); /* NO DUP - OK */ + GetX509(self, x509); + if (!(pkey = X509_get_pubkey(x509))) { /* adds an reference */ + ossl_raise(eX509CertError, ""); + } + + return ossl_pkey_new(pkey); /* NO DUP - OK */ } static VALUE ossl_x509_set_public_key(VALUE self, VALUE key) { - X509 *x509; + X509 *x509; - GetX509(self, x509); - - if (!X509_set_pubkey(x509, GetPKeyPtr(key))) { /* DUPs pkey */ - ossl_raise(eX509CertError, ""); - } - return key; + GetX509(self, x509); + if (!X509_set_pubkey(x509, GetPKeyPtr(key))) { /* DUPs pkey */ + ossl_raise(eX509CertError, ""); + } + + return key; } static VALUE ossl_x509_sign(VALUE self, VALUE key, VALUE digest) { - X509 *x509; - EVP_PKEY *pkey; - const EVP_MD *md; + X509 *x509; + EVP_PKEY *pkey; + const EVP_MD *md; - GetX509(self, x509); - - pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ - md = GetDigestPtr(digest); - - if (!X509_sign(x509, pkey, md)) { - ossl_raise(eX509CertError, ""); - } - return self; + GetX509(self, x509); + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + md = GetDigestPtr(digest); + if (!X509_sign(x509, pkey, md)) { + ossl_raise(eX509CertError, ""); + } + + return self; } /* @@ -475,21 +465,20 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest) static VALUE ossl_x509_verify(VALUE self, VALUE key) { - X509 *x509; - EVP_PKEY *pkey; - int i; + X509 *x509; + EVP_PKEY *pkey; + int i; - GetX509(self, x509); - - pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ - - if ((i = X509_verify(x509, pkey)) < 0) { - ossl_raise(eX509CertError, ""); - } - if (i > 0) { - return Qtrue; - } - return Qfalse; + GetX509(self, x509); + pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ + if ((i = X509_verify(x509, pkey)) < 0) { + ossl_raise(eX509CertError, ""); + } + if (i > 0) { + return Qtrue; + } + + return Qfalse; } /* @@ -498,19 +487,18 @@ ossl_x509_verify(VALUE self, VALUE key) static VALUE ossl_x509_check_private_key(VALUE self, VALUE key) { - X509 *x509; - EVP_PKEY *pkey; - - GetX509(self, x509); - - /* not needed private key, but should be */ - pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + X509 *x509; + EVP_PKEY *pkey; - if (!X509_check_private_key(x509, pkey)) { - OSSL_Warning("Check private key:%s", OSSL_ErrMsg()); - return Qfalse; - } - return Qtrue; + GetX509(self, x509); + /* not needed private key, but should be */ + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + if (!X509_check_private_key(x509, pkey)) { + OSSL_Warning("Check private key:%s", OSSL_ErrMsg()); + return Qfalse; + } + + return Qtrue; } /* @@ -519,25 +507,23 @@ ossl_x509_check_private_key(VALUE self, VALUE key) static VALUE ossl_x509_get_extensions(VALUE self) { - X509 *x509; - int count, i; - X509_EXTENSION *ext; - VALUE ary; - - GetX509(self, x509); + X509 *x509; + int count, i; + X509_EXTENSION *ext; + VALUE ary; - count = X509_get_ext_count(x509); + GetX509(self, x509); + count = X509_get_ext_count(x509); + if (count < 0) { + return rb_ary_new(); + } + ary = rb_ary_new2(count); + for (i=0; i<count; i++) { + ext = X509_get_ext(x509, i); /* NO DUP - don't free! */ + rb_ary_push(ary, ossl_x509ext_new(ext)); + } - if (count < 0) { - return rb_ary_new(); - } - ary = rb_ary_new2(count); - - for (i=0; i<count; i++) { - ext = X509_get_ext(x509, i); /* NO DUP - don't free! */ - rb_ary_push(ary, ossl_x509ext_new(ext)); - } - return ary; + return ary; } /* @@ -546,50 +532,46 @@ ossl_x509_get_extensions(VALUE self) static VALUE ossl_x509_set_extensions(VALUE self, VALUE ary) { - X509 *x509; - X509_EXTENSION *ext; - int i; - - GetX509(self, x509); - - Check_Type(ary, T_ARRAY); + X509 *x509; + X509_EXTENSION *ext; + int i; + + GetX509(self, x509); + Check_Type(ary, T_ARRAY); + /* All ary's members should be X509Extension */ + for (i=0; i<RARRAY(ary)->len; i++) { + OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); + } + sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); + x509->cert_info->extensions = NULL; + for (i=0; i<RARRAY(ary)->len; i++) { + ext = ossl_x509ext_get_X509_EXTENSION(RARRAY(ary)->ptr[i]); - for (i=0; i<RARRAY(ary)->len; i++) { /* All ary's members should be X509Extension */ - OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); + if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ + X509_EXTENSION_free(ext); + ossl_raise(eX509CertError, ""); } + X509_EXTENSION_free(ext); + } - sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); - x509->cert_info->extensions = NULL; - - for (i=0; i<RARRAY(ary)->len; i++) { - ext = ossl_x509ext_get_X509_EXTENSION(RARRAY(ary)->ptr[i]); - - if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ - X509_EXTENSION_free(ext); - ossl_raise(eX509CertError, ""); - } - X509_EXTENSION_free(ext); - } - return ary; + return ary; } static VALUE ossl_x509_add_extension(VALUE self, VALUE extension) { - X509 *x509; - X509_EXTENSION *ext; - - GetX509(self, x509); - - ext = ossl_x509ext_get_X509_EXTENSION(extension); + X509 *x509; + X509_EXTENSION *ext; - if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ - X509_EXTENSION_free(ext); - ossl_raise(eX509CertError, ""); - } + GetX509(self, x509); + ext = ossl_x509ext_get_X509_EXTENSION(extension); + if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ X509_EXTENSION_free(ext); + ossl_raise(eX509CertError, ""); + } + X509_EXTENSION_free(ext); - return extension; + return extension; } /* @@ -598,37 +580,37 @@ ossl_x509_add_extension(VALUE self, VALUE extension) void Init_ossl_x509cert() { - eX509CertError = rb_define_class_under(mX509, "CertificateError", eOSSLError); - - cX509Cert = rb_define_class_under(mX509, "Certificate", rb_cObject); - - rb_define_singleton_method(cX509Cert, "allocate", ossl_x509_s_allocate, 0); - rb_define_method(cX509Cert, "initialize", ossl_x509_initialize, -1); - - rb_define_method(cX509Cert, "become", ossl_x509_become, 1); - rb_define_method(cX509Cert, "to_der", ossl_x509_to_der, 0); - rb_define_method(cX509Cert, "to_pem", ossl_x509_to_pem, 0); - rb_define_alias(cX509Cert, "to_s", "to_pem"); - rb_define_method(cX509Cert, "to_text", ossl_x509_to_text, 0); - rb_define_method(cX509Cert, "version", ossl_x509_get_version, 0); - rb_define_method(cX509Cert, "version=", ossl_x509_set_version, 1); - rb_define_method(cX509Cert, "serial", ossl_x509_get_serial, 0); - rb_define_method(cX509Cert, "serial=", ossl_x509_set_serial, 1); - rb_define_method(cX509Cert, "subject", ossl_x509_get_subject, 0); - rb_define_method(cX509Cert, "subject=", ossl_x509_set_subject, 1); - rb_define_method(cX509Cert, "issuer", ossl_x509_get_issuer, 0); - rb_define_method(cX509Cert, "issuer=", ossl_x509_set_issuer, 1); - rb_define_method(cX509Cert, "not_before", ossl_x509_get_not_before, 0); - rb_define_method(cX509Cert, "not_before=", ossl_x509_set_not_before, 1); - rb_define_method(cX509Cert, "not_after", ossl_x509_get_not_after, 0); - rb_define_method(cX509Cert, "not_after=", ossl_x509_set_not_after, 1); - rb_define_method(cX509Cert, "public_key", ossl_x509_get_public_key, 0); - rb_define_method(cX509Cert, "public_key=", ossl_x509_set_public_key, 1); - rb_define_method(cX509Cert, "sign", ossl_x509_sign, 2); - rb_define_method(cX509Cert, "verify", ossl_x509_verify, 1); - rb_define_method(cX509Cert, "check_private_key", ossl_x509_check_private_key, 1); - rb_define_method(cX509Cert, "extensions", ossl_x509_get_extensions, 0); - rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1); - rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1); + eX509CertError = rb_define_class_under(mX509, "CertificateError", eOSSLError); + + cX509Cert = rb_define_class_under(mX509, "Certificate", rb_cObject); + + rb_define_singleton_method(cX509Cert, "allocate", ossl_x509_s_allocate, 0); + rb_define_method(cX509Cert, "initialize", ossl_x509_initialize, -1); + + rb_define_method(cX509Cert, "become", ossl_x509_become, 1); + rb_define_method(cX509Cert, "to_der", ossl_x509_to_der, 0); + rb_define_method(cX509Cert, "to_pem", ossl_x509_to_pem, 0); + rb_define_alias(cX509Cert, "to_s", "to_pem"); + rb_define_method(cX509Cert, "to_text", ossl_x509_to_text, 0); + rb_define_method(cX509Cert, "version", ossl_x509_get_version, 0); + rb_define_method(cX509Cert, "version=", ossl_x509_set_version, 1); + rb_define_method(cX509Cert, "serial", ossl_x509_get_serial, 0); + rb_define_method(cX509Cert, "serial=", ossl_x509_set_serial, 1); + rb_define_method(cX509Cert, "subject", ossl_x509_get_subject, 0); + rb_define_method(cX509Cert, "subject=", ossl_x509_set_subject, 1); + rb_define_method(cX509Cert, "issuer", ossl_x509_get_issuer, 0); + rb_define_method(cX509Cert, "issuer=", ossl_x509_set_issuer, 1); + rb_define_method(cX509Cert, "not_before", ossl_x509_get_not_before, 0); + rb_define_method(cX509Cert, "not_before=", ossl_x509_set_not_before, 1); + rb_define_method(cX509Cert, "not_after", ossl_x509_get_not_after, 0); + rb_define_method(cX509Cert, "not_after=", ossl_x509_set_not_after, 1); + rb_define_method(cX509Cert, "public_key", ossl_x509_get_public_key, 0); + rb_define_method(cX509Cert, "public_key=", ossl_x509_set_public_key, 1); + rb_define_method(cX509Cert, "sign", ossl_x509_sign, 2); + rb_define_method(cX509Cert, "verify", ossl_x509_verify, 1); + rb_define_method(cX509Cert, "check_private_key", ossl_x509_check_private_key, 1); + rb_define_method(cX509Cert, "extensions", ossl_x509_get_extensions, 0); + rb_define_method(cX509Cert, "extensions=", ossl_x509_set_extensions, 1); + rb_define_method(cX509Cert, "add_extension", ossl_x509_add_extension, 1); } diff --git a/ossl_x509crl.c b/ossl_x509crl.c index cafc483..caa8ae4 100644 --- a/ossl_x509crl.c +++ b/ossl_x509crl.c @@ -11,20 +11,20 @@ #include "ossl.h" #define WrapX509CRL(klass, obj, crl) do { \ - if (!crl) { \ - ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, X509_CRL_free, crl); \ + if (!crl) { \ + ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_CRL_free, crl); \ } while (0) #define GetX509CRL(obj, crl) do { \ - Data_Get_Struct(obj, X509_CRL, crl); \ - if (!crl) { \ - ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, X509_CRL, crl); \ + if (!crl) { \ + ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \ + } \ } while (0) #define SafeGetX509CRL(obj, crl) do { \ - OSSL_Check_Kind(obj, cX509CRL); \ - GetX509CRL(obj, crl); \ + OSSL_Check_Kind(obj, cX509CRL); \ + GetX509CRL(obj, crl); \ } while (0) /* @@ -39,23 +39,22 @@ VALUE eX509CRLError; X509_CRL * GetX509CRLPtr(VALUE obj) { - X509_CRL *crl; - - SafeGetX509CRL(obj, crl); + X509_CRL *crl; + + SafeGetX509CRL(obj, crl); - return crl; + return crl; } X509_CRL * DupX509CRLPtr(VALUE obj) { - X509_CRL *crl; - - SafeGetX509CRL(obj, crl); + X509_CRL *crl; - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); - - return crl; + SafeGetX509CRL(obj, crl); + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + + return crl; } /* @@ -64,303 +63,292 @@ DupX509CRLPtr(VALUE obj) static VALUE ossl_x509crl_s_allocate(VALUE klass) { - X509_CRL *crl; - VALUE obj; + X509_CRL *crl; + VALUE obj; - if (!(crl = X509_CRL_new())) { - ossl_raise(eX509CRLError, ""); - } - WrapX509CRL(klass, obj, crl); - - return obj; + if (!(crl = X509_CRL_new())) { + ossl_raise(eX509CRLError, ""); + } + WrapX509CRL(klass, obj, crl); + + return obj; } static VALUE ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) { - BIO *in; - VALUE buffer; - - if (rb_scan_args(argc, argv, "01", &buffer) == 0) { - return self; - } - if (!(in = BIO_new_mem_buf(StringValuePtr(buffer), -1))) { - ossl_raise(eX509CRLError, ""); - } - /* - * TODO: - * Check if we should free CRL - X509_CRL_free(DATA_PTR(self)); - */ - if (!PEM_read_bio_X509_CRL(in, (X509_CRL **)&DATA_PTR(self), NULL, NULL)) { - BIO_free(in); - ossl_raise(eX509CRLError, ""); - } - BIO_free(in); - + BIO *in; + VALUE buffer; + + if (rb_scan_args(argc, argv, "01", &buffer) == 0) { return self; + } + if (!(in = BIO_new_mem_buf(StringValuePtr(buffer), -1))) { + ossl_raise(eX509CRLError, ""); + } + /* + * TODO: + * Check if we should free CRL + X509_CRL_free(DATA_PTR(self)); + */ + if (!PEM_read_bio_X509_CRL(in, (X509_CRL **)&DATA_PTR(self), NULL, NULL)) { + BIO_free(in); + ossl_raise(eX509CRLError, ""); + } + BIO_free(in); + + return self; } static VALUE ossl_x509crl_get_version(VALUE self) { - X509_CRL *crl; - long ver; - - GetX509CRL(self, crl); + X509_CRL *crl; + long ver; - ver = X509_CRL_get_version(crl); + GetX509CRL(self, crl); + ver = X509_CRL_get_version(crl); - return LONG2NUM(ver); + return LONG2NUM(ver); } static VALUE ossl_x509crl_set_version(VALUE self, VALUE version) { - X509_CRL *crl; - long ver; - - GetX509CRL(self, crl); + X509_CRL *crl; + long ver; - if ((ver = NUM2LONG(version)) < 0) { - ossl_raise(eX509CRLError, "version must be >= 0!"); - } - if (!X509_CRL_set_version(crl, ver)) { - ossl_raise(eX509CRLError, ""); - } - return version; + GetX509CRL(self, crl); + + if ((ver = NUM2LONG(version)) < 0) { + ossl_raise(eX509CRLError, "version must be >= 0!"); + } + if (!X509_CRL_set_version(crl, ver)) { + ossl_raise(eX509CRLError, ""); + } + + return version; } static VALUE ossl_x509crl_get_issuer(VALUE self) { - X509_CRL *crl; - - GetX509CRL(self, crl); - - return ossl_x509name_new(X509_CRL_get_issuer(crl)); /* NO DUP - don't free */ + X509_CRL *crl; + + GetX509CRL(self, crl); + + return ossl_x509name_new(X509_CRL_get_issuer(crl)); /* NO DUP - don't free */ } static VALUE ossl_x509crl_set_issuer(VALUE self, VALUE issuer) { - X509_CRL *crl; - - GetX509CRL(self, crl); + X509_CRL *crl; - if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */ - ossl_raise(eX509CRLError, ""); - } - return issuer; + GetX509CRL(self, crl); + + if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */ + ossl_raise(eX509CRLError, ""); + } + return issuer; } static VALUE ossl_x509crl_get_last_update(VALUE self) { - X509_CRL *crl; + X509_CRL *crl; - GetX509CRL(self, crl); + GetX509CRL(self, crl); - return asn1time_to_time(X509_CRL_get_lastUpdate(crl)); + return asn1time_to_time(X509_CRL_get_lastUpdate(crl)); } static VALUE ossl_x509crl_set_last_update(VALUE self, VALUE time) { - X509_CRL *crl; - time_t sec; - - GetX509CRL(self, crl); + X509_CRL *crl; + time_t sec; - sec = time_to_time_t(time); - - if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) { - ossl_raise(eX509CRLError, ""); - } - return time; + GetX509CRL(self, crl); + sec = time_to_time_t(time); + if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) { + ossl_raise(eX509CRLError, ""); + } + + return time; } static VALUE ossl_x509crl_get_next_update(VALUE self) { - X509_CRL *crl; + X509_CRL *crl; - GetX509CRL(self, crl); + GetX509CRL(self, crl); - return asn1time_to_time(X509_CRL_get_nextUpdate(crl)); + return asn1time_to_time(X509_CRL_get_nextUpdate(crl)); } static VALUE ossl_x509crl_set_next_update(VALUE self, VALUE time) { - X509_CRL *crl; - time_t sec; + X509_CRL *crl; + time_t sec; - GetX509CRL(self, crl); + GetX509CRL(self, crl); + sec = time_to_time_t(time); + /* This must be some thinko in OpenSSL */ + if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){ + ossl_raise(eX509CRLError, ""); + } - sec = time_to_time_t(time); - - if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))) { /* This must be some thinko in OpenSSL */ - ossl_raise(eX509CRLError, ""); - } - return time; + return time; } static VALUE ossl_x509crl_get_revoked(VALUE self) { - X509_CRL *crl; - int i, num; - X509_REVOKED *rev; - VALUE ary, revoked; - - GetX509CRL(self, crl); - - num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl)); - - if (num < 0) { - OSSL_Debug("num < 0???"); - return rb_ary_new(); - } - ary = rb_ary_new2(num); - - for(i=0; i<num; i++) { - rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i); /* NO DUP - don't free! */ - revoked = ossl_x509revoked_new(rev); - rb_ary_push(ary, revoked); - } - return ary; + X509_CRL *crl; + int i, num; + X509_REVOKED *rev; + VALUE ary, revoked; + + GetX509CRL(self, crl); + num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl)); + if (num < 0) { + OSSL_Debug("num < 0???"); + return rb_ary_new(); + } + ary = rb_ary_new2(num); + for(i=0; i<num; i++) { + /* NO DUP - don't free! */ + rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i); + revoked = ossl_x509revoked_new(rev); + rb_ary_push(ary, revoked); + } + + return ary; } static VALUE ossl_x509crl_set_revoked(VALUE self, VALUE ary) { - X509_CRL *crl; - X509_REVOKED *rev; - int i; - - GetX509CRL(self, crl); - - Check_Type(ary, T_ARRAY); - - for (i=0; i<RARRAY(ary)->len; i++) { /* All ary members should be X509 Revoked */ - OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Rev); + X509_CRL *crl; + X509_REVOKED *rev; + int i; + + GetX509CRL(self, crl); + Check_Type(ary, T_ARRAY); + /* All ary members should be X509 Revoked */ + for (i=0; i<RARRAY(ary)->len; i++) { + OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Rev); + } + sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); + crl->crl->revoked = NULL; + for (i=0; i<RARRAY(ary)->len; i++) { + rev = ossl_x509revoked_get_X509_REVOKED(RARRAY(ary)->ptr[i]); + if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ + ossl_raise(eX509CRLError, ""); } - - sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); - crl->crl->revoked = NULL; - - for (i=0; i<RARRAY(ary)->len; i++) { - rev = ossl_x509revoked_get_X509_REVOKED(RARRAY(ary)->ptr[i]); + } + X509_CRL_sort(crl); - if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ - ossl_raise(eX509CRLError, ""); - } - } - X509_CRL_sort(crl); - - return ary; + return ary; } static VALUE ossl_x509crl_add_revoked(VALUE self, VALUE revoked) { - X509_CRL *crl; - X509_REVOKED *rev; - - GetX509CRL(self, crl); + X509_CRL *crl; + X509_REVOKED *rev; - rev = ossl_x509revoked_get_X509_REVOKED(revoked); + GetX509CRL(self, crl); + rev = ossl_x509revoked_get_X509_REVOKED(revoked); + if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ + ossl_raise(eX509CRLError, ""); + } + X509_CRL_sort(crl); - if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ - ossl_raise(eX509CRLError, ""); - } - X509_CRL_sort(crl); - - return revoked; + return revoked; } static VALUE ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest) { - X509_CRL *crl; - EVP_PKEY *pkey; - const EVP_MD *md; - - GetX509CRL(self, crl); - - pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ - md = GetDigestPtr(digest); - - if (!X509_CRL_sign(crl, pkey, md)) { - ossl_raise(eX509CRLError, ""); - } - return self; + X509_CRL *crl; + EVP_PKEY *pkey; + const EVP_MD *md; + + GetX509CRL(self, crl); + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + md = GetDigestPtr(digest); + if (!X509_CRL_sign(crl, pkey, md)) { + ossl_raise(eX509CRLError, ""); + } + + return self; } static VALUE ossl_x509crl_verify(VALUE self, VALUE key) { - X509_CRL *crl; - int ret; - - GetX509CRL(self, crl); - - if ((ret = X509_CRL_verify(crl, GetPKeyPtr(key))) < 0) { - ossl_raise(eX509CRLError, ""); - } - if (ret == 1) { - return Qtrue; - } - return Qfalse; + X509_CRL *crl; + int ret; + + GetX509CRL(self, crl); + if ((ret = X509_CRL_verify(crl, GetPKeyPtr(key))) < 0) { + ossl_raise(eX509CRLError, ""); + } + if (ret == 1) { + return Qtrue; + } + + return Qfalse; } static VALUE ossl_x509crl_to_pem(VALUE self) { - X509_CRL *crl; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetX509CRL(self, crl); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509CRLError, ""); - } - if (!PEM_write_bio_X509_CRL(out, crl)) { - BIO_free(out); - ossl_raise(eX509CRLError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + X509_CRL *crl; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetX509CRL(self, crl); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509CRLError, ""); + } + if (!PEM_write_bio_X509_CRL(out, crl)) { BIO_free(out); - - return str; + ossl_raise(eX509CRLError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } static VALUE ossl_x509crl_to_text(VALUE self) { - X509_CRL *crl; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetX509CRL(self, crl); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509CRLError, ""); - } - if (!X509_CRL_print(out, crl)) { - BIO_free(out); - ossl_raise(eX509CRLError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + X509_CRL *crl; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetX509CRL(self, crl); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509CRLError, ""); + } + if (!X509_CRL_print(out, crl)) { BIO_free(out); + ossl_raise(eX509CRLError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); - return str; + return str; } /* @@ -369,26 +357,24 @@ ossl_x509crl_to_text(VALUE self) static VALUE ossl_x509crl_get_extensions(VALUE self) { - X509_CRL *crl; - int count, i; - X509_EXTENSION *ext; - VALUE ary; - - GetX509CRL(self, crl); - - count = X509_CRL_get_ext_count(crl); - - if (count < 0) { - OSSL_Debug("count < 0???"); - return rb_ary_new(); - } - ary = rb_ary_new2(count); - - for (i=0; i<count; i++) { - ext = X509_CRL_get_ext(crl, i); /* NO DUP - don't free! */ - rb_ary_push(ary, ossl_x509ext_new(ext)); - } - return ary; + X509_CRL *crl; + int count, i; + X509_EXTENSION *ext; + VALUE ary; + + GetX509CRL(self, crl); + count = X509_CRL_get_ext_count(crl); + if (count < 0) { + OSSL_Debug("count < 0???"); + return rb_ary_new(); + } + ary = rb_ary_new2(count); + for (i=0; i<count; i++) { + ext = X509_CRL_get_ext(crl, i); /* NO DUP - don't free! */ + rb_ary_push(ary, ossl_x509ext_new(ext)); + } + + return ary; } /* @@ -397,50 +383,45 @@ ossl_x509crl_get_extensions(VALUE self) static VALUE ossl_x509crl_set_extensions(VALUE self, VALUE ary) { - X509_CRL *crl; - X509_EXTENSION *ext; - int i; - - GetX509CRL(self, crl); - - Check_Type(ary, T_ARRAY); + X509_CRL *crl; + X509_EXTENSION *ext; + int i; - for (i=0; i<RARRAY(ary)->len; i++) { /* All ary members should be X509 Extensions */ - OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); + GetX509CRL(self, crl); + Check_Type(ary, T_ARRAY); + /* All ary members should be X509 Extensions */ + for (i=0; i<RARRAY(ary)->len; i++) { + OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); + } + sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free); + crl->crl->extensions = NULL; + for (i=0; i<RARRAY(ary)->len; i++) { + ext = ossl_x509ext_get_X509_EXTENSION(RARRAY(ary)->ptr[i]); + if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ + X509_EXTENSION_free(ext); + ossl_raise(eX509CRLError, ""); } - - sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free); - crl->crl->extensions = NULL; - - for (i=0; i<RARRAY(ary)->len; i++) { - ext = ossl_x509ext_get_X509_EXTENSION(RARRAY(ary)->ptr[i]); + X509_EXTENSION_free(ext); + } - if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ - X509_EXTENSION_free(ext); - ossl_raise(eX509CRLError, ""); - } - X509_EXTENSION_free(ext); - } - return ary; + return ary; } static VALUE ossl_x509crl_add_extension(VALUE self, VALUE extension) { - X509_CRL *crl; - X509_EXTENSION *ext; - - GetX509CRL(self, crl); + X509_CRL *crl; + X509_EXTENSION *ext; - ext = ossl_x509ext_get_X509_EXTENSION(extension); - - if (!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ - X509_EXTENSION_free(ext); - ossl_raise(eX509CRLError, ""); - } + GetX509CRL(self, crl); + ext = ossl_x509ext_get_X509_EXTENSION(extension); + if (!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ X509_EXTENSION_free(ext); + ossl_raise(eX509CRLError, ""); + } + X509_EXTENSION_free(ext); - return extension; + return extension; } /* @@ -449,31 +430,31 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension) void Init_ossl_x509crl() { - eX509CRLError = rb_define_class_under(mX509, "CRLError", eOSSLError); + eX509CRLError = rb_define_class_under(mX509, "CRLError", eOSSLError); - cX509CRL = rb_define_class_under(mX509, "CRL", rb_cObject); + cX509CRL = rb_define_class_under(mX509, "CRL", rb_cObject); - rb_define_singleton_method(cX509CRL, "allocate", ossl_x509crl_s_allocate, 0); - rb_define_method(cX509CRL, "initialize", ossl_x509crl_initialize, -1); + rb_define_singleton_method(cX509CRL, "allocate", ossl_x509crl_s_allocate, 0); + rb_define_method(cX509CRL, "initialize", ossl_x509crl_initialize, -1); - rb_define_method(cX509CRL, "version", ossl_x509crl_get_version, 0); - rb_define_method(cX509CRL, "version=", ossl_x509crl_set_version, 1); - rb_define_method(cX509CRL, "issuer", ossl_x509crl_get_issuer, 0); - rb_define_method(cX509CRL, "issuer=", ossl_x509crl_set_issuer, 1); - rb_define_method(cX509CRL, "last_update", ossl_x509crl_get_last_update, 0); - rb_define_method(cX509CRL, "last_update=", ossl_x509crl_set_last_update, 1); - rb_define_method(cX509CRL, "next_update", ossl_x509crl_get_next_update, 0); - rb_define_method(cX509CRL, "next_update=", ossl_x509crl_set_next_update, 1); - rb_define_method(cX509CRL, "revoked", ossl_x509crl_get_revoked, 0); - rb_define_method(cX509CRL, "revoked=", ossl_x509crl_set_revoked, 1); - rb_define_method(cX509CRL, "add_revoked", ossl_x509crl_add_revoked, 1); - rb_define_method(cX509CRL, "sign", ossl_x509crl_sign, 2); - rb_define_method(cX509CRL, "verify", ossl_x509crl_verify, 1); - rb_define_method(cX509CRL, "to_pem", ossl_x509crl_to_pem, 0); - rb_define_alias(cX509CRL, "to_s", "to_pem"); - rb_define_method(cX509CRL, "to_text", ossl_x509crl_to_text, 0); - rb_define_method(cX509CRL, "extensions", ossl_x509crl_get_extensions, 0); - rb_define_method(cX509CRL, "extensions=", ossl_x509crl_set_extensions, 1); - rb_define_method(cX509CRL, "add_extension", ossl_x509crl_add_extension, 1); + rb_define_method(cX509CRL, "version", ossl_x509crl_get_version, 0); + rb_define_method(cX509CRL, "version=", ossl_x509crl_set_version, 1); + rb_define_method(cX509CRL, "issuer", ossl_x509crl_get_issuer, 0); + rb_define_method(cX509CRL, "issuer=", ossl_x509crl_set_issuer, 1); + rb_define_method(cX509CRL, "last_update", ossl_x509crl_get_last_update, 0); + rb_define_method(cX509CRL, "last_update=", ossl_x509crl_set_last_update, 1); + rb_define_method(cX509CRL, "next_update", ossl_x509crl_get_next_update, 0); + rb_define_method(cX509CRL, "next_update=", ossl_x509crl_set_next_update, 1); + rb_define_method(cX509CRL, "revoked", ossl_x509crl_get_revoked, 0); + rb_define_method(cX509CRL, "revoked=", ossl_x509crl_set_revoked, 1); + rb_define_method(cX509CRL, "add_revoked", ossl_x509crl_add_revoked, 1); + rb_define_method(cX509CRL, "sign", ossl_x509crl_sign, 2); + rb_define_method(cX509CRL, "verify", ossl_x509crl_verify, 1); + rb_define_method(cX509CRL, "to_pem", ossl_x509crl_to_pem, 0); + rb_define_alias(cX509CRL, "to_s", "to_pem"); + rb_define_method(cX509CRL, "to_text", ossl_x509crl_to_text, 0); + rb_define_method(cX509CRL, "extensions", ossl_x509crl_get_extensions, 0); + rb_define_method(cX509CRL, "extensions=", ossl_x509crl_set_extensions, 1); + rb_define_method(cX509CRL, "add_extension", ossl_x509crl_add_extension, 1); } diff --git a/ossl_x509ext.c b/ossl_x509ext.c index 8b6d7e1..b81fc40 100644 --- a/ossl_x509ext.c +++ b/ossl_x509ext.c @@ -11,29 +11,29 @@ #include "ossl.h" #define WrapX509Ext(klass, obj, ext) do { \ - if (!ext) { \ - ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, X509_EXTENSION_free, ext); \ + if (!ext) { \ + ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_EXTENSION_free, ext); \ } while (0) #define GetX509Ext(obj, ext) do { \ - Data_Get_Struct(obj, X509_EXTENSION, ext); \ - if (!ext) { \ - ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, X509_EXTENSION, ext); \ + if (!ext) { \ + ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \ + } \ } while (0) #define SafeGetX509Ext(obj, ext) do { \ - OSSL_Check_Kind(obj, cX509Ext); \ - GetX509Ext(obj, ext); \ + OSSL_Check_Kind(obj, cX509Ext); \ + GetX509Ext(obj, ext); \ } while (0) #define MakeX509ExtFactory(klass, obj, ctx) \ - obj = Data_Make_Struct(klass, X509V3_CTX, 0, ossl_x509extfactory_free, ctx) + obj = Data_Make_Struct(klass, X509V3_CTX, 0, ossl_x509extfactory_free, ctx) #define GetX509ExtFactory(obj, ctx) do { \ - Data_Get_Struct(obj, X509V3_CTX, ctx); \ - if (!ctx) { \ - ossl_raise(rb_eRuntimeError, "CTX wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, X509V3_CTX, ctx); \ + if (!ctx) { \ + ossl_raise(rb_eRuntimeError, "CTX wasn't initialized!"); \ + } \ } while (0) /* @@ -49,33 +49,33 @@ VALUE eX509ExtError; VALUE ossl_x509ext_new(X509_EXTENSION *ext) { - X509_EXTENSION *new; - VALUE obj; - - if (!ext) { - new = X509_EXTENSION_new(); - } else { - new = X509_EXTENSION_dup(ext); - } - if (!new) { - ossl_raise(eX509ExtError, ""); - } - WrapX509Ext(cX509Ext, obj, new); + X509_EXTENSION *new; + VALUE obj; + + if (!ext) { + new = X509_EXTENSION_new(); + } else { + new = X509_EXTENSION_dup(ext); + } + if (!new) { + ossl_raise(eX509ExtError, ""); + } + WrapX509Ext(cX509Ext, obj, new); - return obj; + return obj; } X509_EXTENSION * ossl_x509ext_get_X509_EXTENSION(VALUE obj) { - X509_EXTENSION *ext, *new; + X509_EXTENSION *ext, *new; - SafeGetX509Ext(obj, ext); + SafeGetX509Ext(obj, ext); + if (!(new = X509_EXTENSION_dup(ext))) { + ossl_raise(eX509ExtError, ""); + } - if (!(new = X509_EXTENSION_dup(ext))) { - ossl_raise(eX509ExtError, ""); - } - return new; + return new; } /* @@ -87,97 +87,93 @@ ossl_x509ext_get_X509_EXTENSION(VALUE obj) static void ossl_x509extfactory_free(X509V3_CTX *ctx) { - if (ctx) { - if (ctx->issuer_cert) X509_free(ctx->issuer_cert); - if (ctx->subject_cert) X509_free(ctx->subject_cert); - if (ctx->crl) X509_CRL_free(ctx->crl); - if (ctx->subject_req) X509_REQ_free(ctx->subject_req); - OPENSSL_free(ctx); - } + if (ctx) { + if (ctx->issuer_cert) X509_free(ctx->issuer_cert); + if (ctx->subject_cert) X509_free(ctx->subject_cert); + if (ctx->crl) X509_CRL_free(ctx->crl); + if (ctx->subject_req) X509_REQ_free(ctx->subject_req); + OPENSSL_free(ctx); + } } static VALUE ossl_x509extfactory_s_allocate(VALUE klass) { - X509V3_CTX *ctx; - VALUE obj; - - MakeX509ExtFactory(klass, obj, ctx); + X509V3_CTX *ctx; + VALUE obj; + + MakeX509ExtFactory(klass, obj, ctx); - return obj; + return obj; } static VALUE ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert) { - X509V3_CTX *ctx; + X509V3_CTX *ctx; - GetX509ExtFactory(self, ctx); + GetX509ExtFactory(self, ctx); + ctx->issuer_cert = DupX509CertPtr(cert); /* DUP NEEDED */ - ctx->issuer_cert = DupX509CertPtr(cert); /* DUP NEEDED */ - - return cert; + return cert; } static VALUE ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert) { - X509V3_CTX *ctx; - - GetX509ExtFactory(self, ctx); + X509V3_CTX *ctx; - ctx->subject_cert = DupX509CertPtr(cert); /* DUP NEEDED */ + GetX509ExtFactory(self, ctx); + ctx->subject_cert = DupX509CertPtr(cert); /* DUP NEEDED */ - return cert; + return cert; } static VALUE ossl_x509extfactory_set_subject_req(VALUE self, VALUE req) { - X509V3_CTX *ctx; + X509V3_CTX *ctx; - GetX509ExtFactory(self, ctx); + GetX509ExtFactory(self, ctx); + ctx->subject_req = ossl_x509req_get_X509_REQ(req); - ctx->subject_req = ossl_x509req_get_X509_REQ(req); - - return req; + return req; } static VALUE ossl_x509extfactory_set_crl(VALUE self, VALUE crl) { - X509V3_CTX *ctx; - - GetX509ExtFactory(self, ctx); + X509V3_CTX *ctx; - ctx->crl = DupX509CRLPtr(crl); + GetX509ExtFactory(self, ctx); + ctx->crl = DupX509CRLPtr(crl); - return crl; + return crl; } static VALUE ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) { - /*X509V3_CTX *ctx;*/ - VALUE issuer_cert, subject_cert, subject_req, crl; + /*X509V3_CTX *ctx;*/ + VALUE issuer_cert, subject_cert, subject_req, crl; - /*GetX509ExtFactory(self, ctx);*/ - - rb_scan_args(argc, argv, "04", &issuer_cert, &subject_cert, &subject_req, &crl); - - if (!NIL_P(issuer_cert)) { - ossl_x509extfactory_set_issuer_cert(self, issuer_cert); - } - if (!NIL_P(subject_cert)) { - ossl_x509extfactory_set_subject_cert(self, subject_cert); - } - if (!NIL_P(subject_req)) { - ossl_x509extfactory_set_subject_req(self, subject_req); - } - if (!NIL_P(crl)) { - ossl_x509extfactory_set_crl(self, crl); - } - return self; + /*GetX509ExtFactory(self, ctx);*/ + + rb_scan_args(argc, argv, "04", &issuer_cert, &subject_cert, &subject_req, &crl); + + if (!NIL_P(issuer_cert)) { + ossl_x509extfactory_set_issuer_cert(self, issuer_cert); + } + if (!NIL_P(subject_cert)) { + ossl_x509extfactory_set_subject_cert(self, subject_cert); + } + if (!NIL_P(subject_req)) { + ossl_x509extfactory_set_subject_req(self, subject_req); + } + if (!NIL_P(crl)) { + ossl_x509extfactory_set_crl(self, crl); + } + return self; } /* @@ -191,52 +187,47 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) static VALUE ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) { - X509V3_CTX *ctx; - X509_EXTENSION *ext; - int nid; - char *value; - VALUE item, obj; - - GetX509ExtFactory(self, ctx); - - Check_Type(ary, T_ARRAY); - - if ((RARRAY(ary)->len) < 2 || (RARRAY(ary)->len > 3)) { /*2 or 3 allowed*/ - ossl_raise(eX509ExtError, "unsupported structure"); + X509V3_CTX *ctx; + X509_EXTENSION *ext; + int nid; + char *value; + VALUE item, obj; + + GetX509ExtFactory(self, ctx); + Check_Type(ary, T_ARRAY); + if ((RARRAY(ary)->len) < 2 || (RARRAY(ary)->len > 3)) { /*2 or 3 allowed*/ + ossl_raise(eX509ExtError, "unsupported structure"); + } + /* key [0] */ + item = RARRAY(ary)->ptr[0]; + StringValue(item); + if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) { + if (!(nid = OBJ_sn2nid(RSTRING(item)->ptr))) { + ossl_raise(eX509ExtError, ""); } - - /* key [0] */ - item = RARRAY(ary)->ptr[0]; - StringValue(item); - if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) { - if (!(nid = OBJ_sn2nid(RSTRING(item)->ptr))) { - ossl_raise(eX509ExtError, ""); - } - } - - /* data [1] */ - item = RARRAY(ary)->ptr[1]; - StringValue(item); - - /* (optional) critical [2] */ - if (RARRAY(ary)->len == 3 && RARRAY(ary)->ptr[2] == Qtrue) { - if (!(value = OPENSSL_malloc(strlen("critical,") + (RSTRING(item)->len) + 1))) { - ossl_raise(eX509ExtError, "malloc error"); - } - strcpy(value, "critical,"); - strncat(value, RSTRING(item)->ptr, RSTRING(item)->len); - } else { - value = strdup(StringValuePtr(item)); - } - if (!(ext = X509V3_EXT_conf_nid(NULL, ctx, nid, value))) { - OPENSSL_free(value); - ossl_raise(eX509ExtError, ""); + } + /* data [1] */ + item = RARRAY(ary)->ptr[1]; + StringValue(item); + /* (optional) critical [2] */ + if (RARRAY(ary)->len == 3 && RARRAY(ary)->ptr[2] == Qtrue) { + if (!(value = OPENSSL_malloc(strlen("critical,") + + (RSTRING(item)->len) + 1))) { + ossl_raise(eX509ExtError, "malloc error"); } + strcpy(value, "critical,"); + strncat(value, RSTRING(item)->ptr, RSTRING(item)->len); + } else { + value = strdup(StringValuePtr(item)); + } + if (!(ext = X509V3_EXT_conf_nid(NULL, ctx, nid, value))) { OPENSSL_free(value); - - WrapX509Ext(cX509Ext, obj, ext); + ossl_raise(eX509ExtError, ""); + } + OPENSSL_free(value); + WrapX509Ext(cX509Ext, obj, ext); - return obj; + return obj; } /* @@ -245,37 +236,32 @@ ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) static VALUE ossl_x509ext_to_a(VALUE obj) { - X509_EXTENSION *ext; - BIO *out; - BUF_MEM *buf; - int nid, critical; - VALUE ary, value; - - GetX509Ext(obj, ext); - - ary = rb_ary_new2(3); - - nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext)); - rb_ary_push(ary, rb_str_new2(OBJ_nid2sn(nid))); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509ExtError, ""); - } - if (!X509V3_EXT_print(out, ext, 0, 0)) { - BIO_free(out); - ossl_raise(eX509ExtError, ""); - } - BIO_get_mem_ptr(out, &buf); - value = rb_str_new(buf->data, buf->length); + X509_EXTENSION *ext; + BIO *out; + BUF_MEM *buf; + int nid, critical; + VALUE ary, value; + + GetX509Ext(obj, ext); + ary = rb_ary_new2(3); + nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext)); + rb_ary_push(ary, rb_str_new2(OBJ_nid2sn(nid))); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509ExtError, ""); + } + if (!X509V3_EXT_print(out, ext, 0, 0)) { BIO_free(out); - - rb_funcall(value, rb_intern("tr!"), 2, rb_str_new2("\n"), rb_str_new2(",")); - rb_ary_push(ary, value); - - critical = X509_EXTENSION_get_critical(ext); - rb_ary_push(ary, (critical) ? Qtrue : Qfalse); - - return ary; + ossl_raise(eX509ExtError, ""); + } + BIO_get_mem_ptr(out, &buf); + value = rb_str_new(buf->data, buf->length); + BIO_free(out); + rb_funcall(value, rb_intern("tr!"), 2, rb_str_new2("\n"), rb_str_new2(",")); + rb_ary_push(ary, value); + critical = X509_EXTENSION_get_critical(ext); + rb_ary_push(ary, (critical) ? Qtrue : Qfalse); + + return ary; } /* @@ -285,25 +271,25 @@ void Init_ossl_x509ext() { - eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError); - - cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject); + eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError); + + cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject); - rb_define_singleton_method(cX509ExtFactory, "allocate", ossl_x509extfactory_s_allocate, 0); - rb_define_method(cX509ExtFactory, "initialize", ossl_x509extfactory_initialize, -1); + rb_define_singleton_method(cX509ExtFactory, "allocate", ossl_x509extfactory_s_allocate, 0); + rb_define_method(cX509ExtFactory, "initialize", ossl_x509extfactory_initialize, -1); - rb_define_method(cX509ExtFactory, "issuer_certificate=", ossl_x509extfactory_set_issuer_cert, 1); - rb_define_method(cX509ExtFactory, "subject_certificate=", ossl_x509extfactory_set_subject_cert, 1); - rb_define_method(cX509ExtFactory, "subject_request=", ossl_x509extfactory_set_subject_req, 1); - rb_define_method(cX509ExtFactory, "crl=", ossl_x509extfactory_set_crl, 1); - rb_define_method(cX509ExtFactory, "create_ext_from_array", ossl_x509extfactory_create_ext_from_array, 1); + rb_define_method(cX509ExtFactory, "issuer_certificate=", ossl_x509extfactory_set_issuer_cert, 1); + rb_define_method(cX509ExtFactory, "subject_certificate=", ossl_x509extfactory_set_subject_cert, 1); + rb_define_method(cX509ExtFactory, "subject_request=", ossl_x509extfactory_set_subject_req, 1); + rb_define_method(cX509ExtFactory, "crl=", ossl_x509extfactory_set_crl, 1); + rb_define_method(cX509ExtFactory, "create_ext_from_array", ossl_x509extfactory_create_ext_from_array, 1); - cX509Ext = rb_define_class_under(mX509, "Extension", rb_cObject); - rb_undef_method(CLASS_OF(cX509Ext), "new"); + cX509Ext = rb_define_class_under(mX509, "Extension", rb_cObject); + rb_undef_method(CLASS_OF(cX509Ext), "new"); /* - rb_define_singleton_method(cX509Ext, "allocate", ossl_x509ext_s_allocate, 0); - rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1); + rb_define_singleton_method(cX509Ext, "allocate", ossl_x509ext_s_allocate, 0); + rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1); */ - rb_define_method(cX509Ext, "to_a", ossl_x509ext_to_a, 0); + rb_define_method(cX509Ext, "to_a", ossl_x509ext_to_a, 0); } diff --git a/ossl_x509name.c b/ossl_x509name.c index 72ac486..f854aa1 100644 --- a/ossl_x509name.c +++ b/ossl_x509name.c @@ -12,20 +12,20 @@ #include "st.h" /* For st_foreach -- ST_CONTINUE */ #define WrapX509Name(klass, obj, name) do { \ - if (!name) { \ - ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \ - } \ - obj = Data_Wrap_Struct(klass, 0, X509_NAME_free, name); \ + if (!name) { \ + ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_NAME_free, name); \ } while (0) #define GetX509Name(obj, name) do { \ - Data_Get_Struct(obj, X509_NAME, name); \ - if (!name) { \ - ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \ - } \ + Data_Get_Struct(obj, X509_NAME, name); \ + if (!name) { \ + ossl_raise(rb_eRuntimeError, "Name wasn't initialized."); \ + } \ } while (0) #define SafeGetX509Name(obj, name) do { \ - OSSL_Check_Kind(obj, cX509Name); \ - GetX509Name(obj, name); \ + OSSL_Check_Kind(obj, cX509Name); \ + GetX509Name(obj, name); \ } while (0) /* @@ -40,30 +40,30 @@ VALUE eX509NameError; VALUE ossl_x509name_new(X509_NAME *name) { - X509_NAME *new; - VALUE obj; - - if (!name) { - new = X509_NAME_new(); - } else { - new = X509_NAME_dup(name); - } - if (!new) { - ossl_raise(eX509NameError, ""); - } - WrapX509Name(cX509Name, obj, new); - - return obj; + X509_NAME *new; + VALUE obj; + + if (!name) { + new = X509_NAME_new(); + } else { + new = X509_NAME_dup(name); + } + if (!new) { + ossl_raise(eX509NameError, ""); + } + WrapX509Name(cX509Name, obj, new); + + return obj; } X509_NAME * GetX509NamePtr(VALUE obj) { - X509_NAME *name; + X509_NAME *name; - SafeGetX509Name(obj, name); + SafeGetX509Name(obj, name); - return name; + return name; } /* @@ -72,142 +72,130 @@ GetX509NamePtr(VALUE obj) static VALUE ossl_x509name_s_allocate(VALUE klass) { - X509_NAME *name; - VALUE obj; + X509_NAME *name; + VALUE obj; - if (!(name = X509_NAME_new())) { - ossl_raise(eX509NameError, ""); - } - WrapX509Name(klass, obj, name); + if (!(name = X509_NAME_new())) { + ossl_raise(eX509NameError, ""); + } + WrapX509Name(klass, obj, name); - return obj; + return obj; } static VALUE ossl_x509name_initialize(int argc, VALUE *argv, VALUE self) { - X509_NAME *name; - int i, type; - VALUE arg, item, key, value; - - GetX509Name(self, name); + X509_NAME *name; + int i, type; + VALUE arg, item, key, value; - if (rb_scan_args(argc, argv, "01", &arg) == 0) { - return self; + GetX509Name(self, name); + if (rb_scan_args(argc, argv, "01", &arg) == 0) { + return self; + } + Check_Type(arg, T_ARRAY); + for (i=0; i<RARRAY(arg)->len; i++) { + item = RARRAY(arg)->ptr[i]; + Check_Type(item, T_ARRAY); + if (RARRAY(item)->len != 2) { + ossl_raise(rb_eArgError, "Unsupported structure."); } - Check_Type(arg, T_ARRAY); - - for (i=0; i<RARRAY(arg)->len; i++) { - item = RARRAY(arg)->ptr[i]; - - Check_Type(item, T_ARRAY); - - if (RARRAY(item)->len != 2) { - ossl_raise(rb_eArgError, "Unsupported structure."); - } - key = RARRAY(item)->ptr[0]; - value = RARRAY(item)->ptr[1]; - - StringValue(key); - StringValue(value); - - type = ASN1_PRINTABLE_type(RSTRING(value)->ptr, -1); - - if (!X509_NAME_add_entry_by_txt(name, RSTRING(key)->ptr, type, RSTRING(value)->ptr, RSTRING(value)->len, -1, 0)) { - ossl_raise(eX509NameError, ""); - } + key = RARRAY(item)->ptr[0]; + value = RARRAY(item)->ptr[1]; + StringValue(key); + StringValue(value); + type = ASN1_PRINTABLE_type(RSTRING(value)->ptr, -1); + if (!X509_NAME_add_entry_by_txt(name, RSTRING(key)->ptr, type, + RSTRING(value)->ptr, RSTRING(value)->len, -1, 0)) { + ossl_raise(eX509NameError, ""); } - return self; + } + + return self; } static VALUE ossl_x509name_to_s(VALUE self) { - X509_NAME *name; - char *buf; - VALUE str; + X509_NAME *name; + char *buf; + VALUE str; - GetX509Name(self, name); + GetX509Name(self, name); + buf = X509_NAME_oneline(name, NULL, 0); + str = rb_str_new2(buf); + OPENSSL_free(buf); - buf = X509_NAME_oneline(name, NULL, 0); - str = rb_str_new2(buf); - OPENSSL_free(buf); - - return str; + return str; } static VALUE ossl_x509name_to_a(VALUE self) { - X509_NAME *name; - X509_NAME_ENTRY *entry; - int i,entries; - char long_name[512]; - const char *short_name; - VALUE ary; + X509_NAME *name; + X509_NAME_ENTRY *entry; + int i,entries; + char long_name[512]; + const char *short_name; + VALUE ary; - GetX509Name(self, name); - - entries = X509_NAME_entry_count(name); - - if (entries < 0) { - OSSL_Debug("name entries < 0!"); - return rb_ary_new(); + GetX509Name(self, name); + entries = X509_NAME_entry_count(name); + if (entries < 0) { + OSSL_Debug("name entries < 0!"); + return rb_ary_new(); + } + ary = rb_ary_new2(entries); + for (i=0; i<entries; i++) { + if (!(entry = X509_NAME_get_entry(name, i))) { + ossl_raise(eX509NameError, ""); } - ary = rb_ary_new2(entries); - - for (i=0; i<entries; i++) { - if (!(entry = X509_NAME_get_entry(name, i))) { - ossl_raise(eX509NameError, ""); - } - if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) { - ossl_raise(eX509NameError, ""); - } - short_name = OBJ_nid2sn(OBJ_ln2nid(long_name)); - - rb_ary_push(ary, rb_assoc_new(rb_str_new2(short_name), rb_str_new(entry->value->data, entry->value->length))); + if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) { + ossl_raise(eX509NameError, ""); } - return ary; + short_name = OBJ_nid2sn(OBJ_ln2nid(long_name)); + + rb_ary_push(ary, rb_assoc_new(rb_str_new2(short_name), + rb_str_new(entry->value->data, entry->value->length))); + } + return ary; } #if 0 static VALUE ossl_x509name_digest(VALUE self, VALUE digest) { - X509_NAME *name; - const EVP_MD *md; - VALUE str; - - GetX509Name(self, name); - - md = GetDigestPtr(digest); - - ALLOC! - - if (!X509_NAME_digest(name, md, buf, &buf_len)) { - ossl_raise(eX509NameError, ""); - } - str = rb_str_new(buf, buf_len); - OPENSSL_free(buf); + X509_NAME *name; + const EVP_MD *md; + VALUE str; - return str; + GetX509Name(self, name); + md = GetDigestPtr(digest); + /* ALLOC! */ + if (!X509_NAME_digest(name, md, buf, &buf_len)) { + ossl_raise(eX509NameError, ""); + } + str = rb_str_new(buf, buf_len); + OPENSSL_free(buf); + + return str; } #endif static VALUE ossl_x509name_cmp(VALUE self, VALUE other) { - X509_NAME *name1, *name2; - int result; + X509_NAME *name1, *name2; + int result; - GetX509Name(self, name1); - SafeGetX509Name(other, name2); + GetX509Name(self, name1); + SafeGetX509Name(other, name2); + result = X509_NAME_cmp(name1, name2); + if (result < 0) return INT2FIX(-1); + if (result >= 1) return INT2FIX(1); - result = X509_NAME_cmp(name1, name2); - - if (result < 0) return INT2FIX(-1); - if (result >= 1) return INT2FIX(1); - return INT2FIX(0); + return INT2FIX(0); } /* @@ -216,17 +204,17 @@ ossl_x509name_cmp(VALUE self, VALUE other) void Init_ossl_x509name() { - eX509NameError = rb_define_class_under(mX509, "NameError", eOSSLError); + eX509NameError = rb_define_class_under(mX509, "NameError", eOSSLError); - cX509Name = rb_define_class_under(mX509, "Name", rb_cObject); - - rb_define_singleton_method(cX509Name, "allocate", ossl_x509name_s_allocate, 0); - rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1); - - rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0); - rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0); + cX509Name = rb_define_class_under(mX509, "Name", rb_cObject); + + rb_define_singleton_method(cX509Name, "allocate", ossl_x509name_s_allocate, 0); + rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1); + + rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, 0); + rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0); - rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1); - rb_define_alias(cX509Name, "<=>", "cmp"); + rb_define_method(cX509Name, "cmp", ossl_x509name_cmp, 1); + rb_define_alias(cX509Name, "<=>", "cmp"); } diff --git a/ossl_x509req.c b/ossl_x509req.c index 851a1e7..30712e4 100644 --- a/ossl_x509req.c +++ b/ossl_x509req.c @@ -11,20 +11,20 @@ #include "ossl.h" #define WrapX509Req(klass, obj, req) do { \ - if (!req) { \ - ossl_raise(rb_eRuntimeError, "Req wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, X509_REQ_free, req); \ + if (!req) { \ + ossl_raise(rb_eRuntimeError, "Req wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_REQ_free, req); \ } while (0) #define GetX509Req(obj, req) do { \ - Data_Get_Struct(obj, X509_REQ, req); \ - if (!req) { \ - ossl_raise(rb_eRuntimeError, "Req wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, X509_REQ, req); \ + if (!req) { \ + ossl_raise(rb_eRuntimeError, "Req wasn't initialized!"); \ + } \ } while (0) #define SafeGetX509Req(obj, req) do { \ - OSSL_Check_Kind(obj, cX509Req); \ - GetX509Req(obj, req); \ + OSSL_Check_Kind(obj, cX509Req); \ + GetX509Req(obj, req); \ } while (0) /* @@ -39,33 +39,33 @@ VALUE eX509ReqError; VALUE ossl_x509req_new(X509_REQ *req) { - X509_REQ *new; - VALUE obj; - - if (!req) { - new = X509_REQ_new(); - } else { - new = X509_REQ_dup(req); - } - if (!new) { - ossl_raise(eX509ReqError, ""); - } - WrapX509Req(cX509Req, obj, new); - - return obj; + X509_REQ *new; + VALUE obj; + + if (!req) { + new = X509_REQ_new(); + } else { + new = X509_REQ_dup(req); + } + if (!new) { + ossl_raise(eX509ReqError, ""); + } + WrapX509Req(cX509Req, obj, new); + + return obj; } X509_REQ * ossl_x509req_get_X509_REQ(VALUE obj) { - X509_REQ *req, *new; - - SafeGetX509Req(obj, req); - - if (!(new = X509_REQ_dup(req))) { - ossl_raise(eX509ReqError, ""); - } - return new; + X509_REQ *req, *new; + + SafeGetX509Req(obj, req); + if (!(new = X509_REQ_dup(req))) { + ossl_raise(eX509ReqError, ""); + } + + return new; } /* @@ -74,212 +74,210 @@ ossl_x509req_get_X509_REQ(VALUE obj) static VALUE ossl_x509req_s_allocate(VALUE klass) { - X509_REQ *req; - VALUE obj; + X509_REQ *req; + VALUE obj; - if (!(req = X509_REQ_new())) { - ossl_raise(eX509ReqError, ""); - } - WrapX509Req(klass, obj, req); + if (!(req = X509_REQ_new())) { + ossl_raise(eX509ReqError, ""); + } + WrapX509Req(klass, obj, req); - return obj; + return obj; } static VALUE ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) { - BIO *in; - VALUE buffer; + BIO *in; + VALUE buffer; - if (rb_scan_args(argc, argv, "01", &buffer) == 0) { - return self; - } - if (!(in = BIO_new_mem_buf(StringValuePtr(buffer), -1))) { - ossl_raise(eX509ReqError, ""); - } - /* - * TODO: - * Check if we should - X509_REQ_free(DATA_PTR(self)); - */ - if (!PEM_read_bio_X509_REQ(in, (X509_REQ **)&DATA_PTR(self), NULL, NULL)) { - BIO_free(in); - ossl_raise(eX509ReqError, ""); - } + if (rb_scan_args(argc, argv, "01", &buffer) == 0) { + return self; + } + if (!(in = BIO_new_mem_buf(StringValuePtr(buffer), -1))) { + ossl_raise(eX509ReqError, ""); + } + /* + * TODO: + * Check if we should + X509_REQ_free(DATA_PTR(self)); + */ + if (!PEM_read_bio_X509_REQ(in, (X509_REQ **)&DATA_PTR(self), NULL, NULL)) { BIO_free(in); + ossl_raise(eX509ReqError, ""); + } + BIO_free(in); - return self; + return self; } static VALUE ossl_x509req_to_pem(VALUE self) { - X509_REQ *req; - BIO *out; - BUF_MEM *buf; - VALUE str; + X509_REQ *req; + BIO *out; + BUF_MEM *buf; + VALUE str; - GetX509Req(self, req); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509ReqError, ""); - } - if (!PEM_write_bio_X509_REQ(out, req)) { - BIO_free(out); - ossl_raise(eX509ReqError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + GetX509Req(self, req); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509ReqError, ""); + } + if (!PEM_write_bio_X509_REQ(out, req)) { BIO_free(out); - - return str; + ossl_raise(eX509ReqError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } static VALUE ossl_x509req_to_text(VALUE self) { - X509_REQ *req; - BIO *out; - BUF_MEM *buf; - VALUE str; - - GetX509Req(self, req); - - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eX509ReqError, ""); - } - if (!X509_REQ_print(out, req)) { - BIO_free(out); - ossl_raise(eX509ReqError, ""); - } - BIO_get_mem_ptr(out, &buf); - str = rb_str_new(buf->data, buf->length); + X509_REQ *req; + BIO *out; + BUF_MEM *buf; + VALUE str; + + GetX509Req(self, req); + if (!(out = BIO_new(BIO_s_mem()))) { + ossl_raise(eX509ReqError, ""); + } + if (!X509_REQ_print(out, req)) { BIO_free(out); - - return str; + ossl_raise(eX509ReqError, ""); + } + BIO_get_mem_ptr(out, &buf); + str = rb_str_new(buf->data, buf->length); + BIO_free(out); + + return str; } +#if 0 /* * Makes X509 from X509_REQuest - * + */ static VALUE ossl_x509req_to_x509(VALUE self, VALUE days, VALUE key) { - X509_REQ *req; - X509 *x509; + X509_REQ *req; + X509 *x509; - GetX509Req(self, req); - ... - if (!(x509 = X509_REQ_to_X509(req, d, pkey))) { - ossl_raise(eX509ReqError, ""); - } - return ossl_x509_new(x509); + GetX509Req(self, req); + ... + if (!(x509 = X509_REQ_to_X509(req, d, pkey))) { + ossl_raise(eX509ReqError, ""); + } + + return ossl_x509_new(x509); } - */ +#endif static VALUE ossl_x509req_get_version(VALUE self) { - X509_REQ *req; - long version; + X509_REQ *req; + long version; - GetX509Req(self, req); - - version = X509_REQ_get_version(req); + GetX509Req(self, req); + version = X509_REQ_get_version(req); - return LONG2FIX(version); + return LONG2FIX(version); } static VALUE ossl_x509req_set_version(VALUE self, VALUE version) { - X509_REQ *req; - long ver; - - GetX509Req(self, req); - - if ((ver = FIX2LONG(version)) < 0) { - ossl_raise(eX509ReqError, "version must be >= 0!"); - } - if (!X509_REQ_set_version(req, ver)) { - ossl_raise(eX509ReqError, ""); - } - return version; + X509_REQ *req; + long ver; + + GetX509Req(self, req); + if ((ver = FIX2LONG(version)) < 0) { + ossl_raise(eX509ReqError, "version must be >= 0!"); + } + if (!X509_REQ_set_version(req, ver)) { + ossl_raise(eX509ReqError, ""); + } + + return version; } static VALUE ossl_x509req_get_subject(VALUE self) { - X509_REQ *req; - X509_NAME *name; - - GetX509Req(self, req); + X509_REQ *req; + X509_NAME *name; - if (!(name = X509_REQ_get_subject_name(req))) { /* NO DUP - don't free */ - ossl_raise(eX509ReqError, ""); - } - return ossl_x509name_new(name); + GetX509Req(self, req); + if (!(name = X509_REQ_get_subject_name(req))) { /* NO DUP - don't free */ + ossl_raise(eX509ReqError, ""); + } + + return ossl_x509name_new(name); } static VALUE ossl_x509req_set_subject(VALUE self, VALUE subject) { - X509_REQ *req; + X509_REQ *req; - GetX509Req(self, req); + GetX509Req(self, req); + /* DUPs name */ + if (!X509_REQ_set_subject_name(req, GetX509NamePtr(subject))) { + ossl_raise(eX509ReqError, ""); + } - if (!X509_REQ_set_subject_name(req, GetX509NamePtr(subject))) { /* DUPs name */ - ossl_raise(eX509ReqError, ""); - } - return subject; + return subject; } static VALUE ossl_x509req_get_public_key(VALUE self) { - X509_REQ *req; - EVP_PKEY *pkey; + X509_REQ *req; + EVP_PKEY *pkey; - GetX509Req(self, req); - - if (!(pkey = X509_REQ_get_pubkey(req))) { /* adds reference */ - ossl_raise(eX509ReqError, ""); - } - return ossl_pkey_new(pkey); /* NO DUP - OK */ + GetX509Req(self, req); + if (!(pkey = X509_REQ_get_pubkey(req))) { /* adds reference */ + ossl_raise(eX509ReqError, ""); + } + + return ossl_pkey_new(pkey); /* NO DUP - OK */ } static VALUE ossl_x509req_set_public_key(VALUE self, VALUE key) { - X509_REQ *req; - EVP_PKEY *pkey; + X509_REQ *req; + EVP_PKEY *pkey; - GetX509Req(self, req); - - pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ + GetX509Req(self, req); + pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ + if (!X509_REQ_set_pubkey(req, pkey)) { + ossl_raise(eX509ReqError, ""); + } - if (!X509_REQ_set_pubkey(req, pkey)) { - ossl_raise(eX509ReqError, ""); - } - return key; + return key; } static VALUE ossl_x509req_sign(VALUE self, VALUE key, VALUE digest) { - X509_REQ *req; - EVP_PKEY *pkey; - const EVP_MD *md; - - GetX509Req(self, req); - - pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ - md = GetDigestPtr(digest); - - if (!X509_REQ_sign(req, pkey, md)) { - ossl_raise(eX509ReqError, ""); - } - return self; + X509_REQ *req; + EVP_PKEY *pkey; + const EVP_MD *md; + + GetX509Req(self, req); + pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ + md = GetDigestPtr(digest); + if (!X509_REQ_sign(req, pkey, md)) { + ossl_raise(eX509ReqError, ""); + } + + return self; } /* @@ -288,90 +286,82 @@ ossl_x509req_sign(VALUE self, VALUE key, VALUE digest) static VALUE ossl_x509req_verify(VALUE self, VALUE key) { - X509_REQ *req; - EVP_PKEY *pkey; - int i; - - GetX509Req(self, req); - - pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ - - if ((i = X509_REQ_verify(req, pkey)) < 0) { - ossl_raise(eX509ReqError, ""); - } - if (i > 0) { - return Qtrue; - } - return Qfalse; + X509_REQ *req; + EVP_PKEY *pkey; + int i; + + GetX509Req(self, req); + pkey = GetPKeyPtr(key); /* NO NEED TO DUP */ + if ((i = X509_REQ_verify(req, pkey)) < 0) { + ossl_raise(eX509ReqError, ""); + } + if (i > 0) { + return Qtrue; + } + + return Qfalse; } static VALUE ossl_x509req_get_attributes(VALUE self) { - X509_REQ *req; - int count, i; - X509_ATTRIBUTE *attr; - VALUE ary; + X509_REQ *req; + int count, i; + X509_ATTRIBUTE *attr; + VALUE ary; - GetX509Req(self, req); - - count = X509_REQ_get_attr_count(req); - - if (count < 0) { - OSSL_Debug("count < 0???"); - return rb_ary_new(); - } - ary = rb_ary_new2(count); - - for (i=0; i<count; i++) { - attr = X509_REQ_get_attr(req, i); - rb_ary_push(ary, ossl_x509attr_new(attr)); - } - return ary; + GetX509Req(self, req); + + count = X509_REQ_get_attr_count(req); + if (count < 0) { + OSSL_Debug("count < 0???"); + return rb_ary_new(); + } + ary = rb_ary_new2(count); + for (i=0; i<count; i++) { + attr = X509_REQ_get_attr(req, i); + rb_ary_push(ary, ossl_x509attr_new(attr)); + } + + return ary; } static VALUE ossl_x509req_set_attributes(VALUE self, VALUE ary) { - X509_REQ *req; - X509_ATTRIBUTE *attr; - int i; - VALUE item; - - GetX509Req(self, req); - - Check_Type(ary, T_ARRAY); - - for (i=0;i<RARRAY(ary)->len; i++) { - OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Attr); - } - - sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free); - req->req_info->attributes = NULL; - - for (i=0;i<RARRAY(ary)->len; i++) { - item = RARRAY(ary)->ptr[i]; - - attr = ossl_x509attr_get_X509_ATTRIBUTE(item); - - if (!X509_REQ_add1_attr(req, attr)) { - ossl_raise(eX509ReqError, ""); - } + X509_REQ *req; + X509_ATTRIBUTE *attr; + int i; + VALUE item; + + GetX509Req(self, req); + Check_Type(ary, T_ARRAY); + for (i=0;i<RARRAY(ary)->len; i++) { + OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Attr); + } + sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free); + req->req_info->attributes = NULL; + for (i=0;i<RARRAY(ary)->len; i++) { + item = RARRAY(ary)->ptr[i]; + attr = ossl_x509attr_get_X509_ATTRIBUTE(item); + if (!X509_REQ_add1_attr(req, attr)) { + ossl_raise(eX509ReqError, ""); } - return ary; + } + return ary; } static VALUE ossl_x509req_add_attribute(VALUE self, VALUE attr) { - X509_REQ *req; + X509_REQ *req; - GetX509Req(self, req); + GetX509Req(self, req); + if (!X509_REQ_add1_attr(req, ossl_x509attr_get_X509_ATTRIBUTE(attr))) { + ossl_raise(eX509ReqError, ""); + } - if (!X509_REQ_add1_attr(req, ossl_x509attr_get_X509_ATTRIBUTE(attr))) { - ossl_raise(eX509ReqError, ""); - } - return attr; + return attr; } /* @@ -380,26 +370,26 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr) void Init_ossl_x509req() { - eX509ReqError = rb_define_class_under(mX509, "RequestError", eOSSLError); + eX509ReqError = rb_define_class_under(mX509, "RequestError", eOSSLError); - cX509Req = rb_define_class_under(mX509, "Request", rb_cObject); + cX509Req = rb_define_class_under(mX509, "Request", rb_cObject); - rb_define_singleton_method(cX509Req, "allocate", ossl_x509req_s_allocate, 0); - rb_define_method(cX509Req, "initialize", ossl_x509req_initialize, -1); + rb_define_singleton_method(cX509Req, "allocate", ossl_x509req_s_allocate, 0); + rb_define_method(cX509Req, "initialize", ossl_x509req_initialize, -1); - rb_define_method(cX509Req, "to_pem", ossl_x509req_to_pem, 0); - rb_define_alias(cX509Req, "to_s", "to_pem"); - rb_define_method(cX509Req, "to_text", ossl_x509req_to_text, 0); - rb_define_method(cX509Req, "version", ossl_x509req_get_version, 0); - rb_define_method(cX509Req, "version=", ossl_x509req_set_version, 1); - rb_define_method(cX509Req, "subject", ossl_x509req_get_subject, 0); - rb_define_method(cX509Req, "subject=", ossl_x509req_set_subject, 1); - rb_define_method(cX509Req, "public_key", ossl_x509req_get_public_key, 0); - rb_define_method(cX509Req, "public_key=", ossl_x509req_set_public_key, 1); - rb_define_method(cX509Req, "sign", ossl_x509req_sign, 2); - rb_define_method(cX509Req, "verify", ossl_x509req_verify, 1); - rb_define_method(cX509Req, "attributes", ossl_x509req_get_attributes, 0); - rb_define_method(cX509Req, "attributes=", ossl_x509req_set_attributes, 1); - rb_define_method(cX509Req, "add_attribute", ossl_x509req_add_attribute, 1); + rb_define_method(cX509Req, "to_pem", ossl_x509req_to_pem, 0); + rb_define_alias(cX509Req, "to_s", "to_pem"); + rb_define_method(cX509Req, "to_text", ossl_x509req_to_text, 0); + rb_define_method(cX509Req, "version", ossl_x509req_get_version, 0); + rb_define_method(cX509Req, "version=", ossl_x509req_set_version, 1); + rb_define_method(cX509Req, "subject", ossl_x509req_get_subject, 0); + rb_define_method(cX509Req, "subject=", ossl_x509req_set_subject, 1); + rb_define_method(cX509Req, "public_key", ossl_x509req_get_public_key, 0); + rb_define_method(cX509Req, "public_key=", ossl_x509req_set_public_key, 1); + rb_define_method(cX509Req, "sign", ossl_x509req_sign, 2); + rb_define_method(cX509Req, "verify", ossl_x509req_verify, 1); + rb_define_method(cX509Req, "attributes", ossl_x509req_get_attributes, 0); + rb_define_method(cX509Req, "attributes=", ossl_x509req_set_attributes, 1); + rb_define_method(cX509Req, "add_attribute", ossl_x509req_add_attribute, 1); } diff --git a/ossl_x509revoked.c b/ossl_x509revoked.c index 2b05a1b..e0cad2a 100644 --- a/ossl_x509revoked.c +++ b/ossl_x509revoked.c @@ -11,20 +11,20 @@ #include "ossl.h" #define WrapX509Rev(klass, obj, rev) do { \ - if (!rev) { \ - ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \ - } \ - obj = Data_Wrap_Struct(klass, 0, X509_REVOKED_free, rev); \ + if (!rev) { \ + ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \ + } \ + obj = Data_Wrap_Struct(klass, 0, X509_REVOKED_free, rev); \ } while (0) #define GetX509Rev(obj, rev) do { \ - Data_Get_Struct(obj, X509_REVOKED, rev); \ - if (!rev) { \ - ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, X509_REVOKED, rev); \ + if (!rev) { \ + ossl_raise(rb_eRuntimeError, "REV wasn't initialized!"); \ + } \ } while (0) #define SafeGetX509Rev(obj, rev) do { \ - OSSL_Check_Kind(obj, cX509Rev); \ - GetX509Rev(obj, rev); \ + OSSL_Check_Kind(obj, cX509Rev); \ + GetX509Rev(obj, rev); \ } while (0) /* @@ -39,33 +39,33 @@ VALUE eX509RevError; VALUE ossl_x509revoked_new(X509_REVOKED *rev) { - X509_REVOKED *new; - VALUE obj; - - if (!rev) { - new = X509_REVOKED_new(); - } else { - new = X509_REVOKED_dup(rev); - } - if (!new) { - ossl_raise(eX509RevError, ""); - } - WrapX509Rev(cX509Rev, obj, new); - - return obj; + X509_REVOKED *new; + VALUE obj; + + if (!rev) { + new = X509_REVOKED_new(); + } else { + new = X509_REVOKED_dup(rev); + } + if (!new) { + ossl_raise(eX509RevError, ""); + } + WrapX509Rev(cX509Rev, obj, new); + + return obj; } X509_REVOKED * ossl_x509revoked_get_X509_REVOKED(VALUE obj) { - X509_REVOKED *rev, *new; + X509_REVOKED *rev, *new; - SafeGetX509Rev(obj, rev); + SafeGetX509Rev(obj, rev); + if (!(new = X509_REVOKED_dup(rev))) { + ossl_raise(eX509RevError, ""); + } - if (!(new = X509_REVOKED_dup(rev))) { - ossl_raise(eX509RevError, ""); - } - return new; + return new; } /* @@ -74,70 +74,68 @@ ossl_x509revoked_get_X509_REVOKED(VALUE obj) static VALUE ossl_x509revoked_s_allocate(VALUE klass) { - X509_REVOKED *rev; - VALUE obj; + X509_REVOKED *rev; + VALUE obj; - if (!(rev = X509_REVOKED_new())) { - ossl_raise(eX509RevError, ""); - } - WrapX509Rev(klass, obj, rev); + if (!(rev = X509_REVOKED_new())) { + ossl_raise(eX509RevError, ""); + } + WrapX509Rev(klass, obj, rev); - return obj; + return obj; } static VALUE ossl_x509revoked_initialize(int argc, VALUE *argv, VALUE self) { - /* EMPTY */ - return self; + /* EMPTY */ + return self; } static VALUE ossl_x509revoked_get_serial(VALUE self) { - X509_REVOKED *rev; + X509_REVOKED *rev; - GetX509Rev(self, rev); + GetX509Rev(self, rev); - return asn1integer_to_num(rev->serialNumber); + return asn1integer_to_num(rev->serialNumber); } static VALUE ossl_x509revoked_set_serial(VALUE self, VALUE num) { - X509_REVOKED *rev; - - GetX509Rev(self, rev); + X509_REVOKED *rev; - rev->serialNumber = num_to_asn1integer(num, rev->serialNumber); + GetX509Rev(self, rev); + rev->serialNumber = num_to_asn1integer(num, rev->serialNumber); - return num; + return num; } static VALUE ossl_x509revoked_get_time(VALUE self) { - X509_REVOKED *rev; + X509_REVOKED *rev; - GetX509Rev(self, rev); + GetX509Rev(self, rev); - return asn1time_to_time(rev->revocationDate); + return asn1time_to_time(rev->revocationDate); } static VALUE ossl_x509revoked_set_time(VALUE self, VALUE time) { - X509_REVOKED *rev; - time_t sec; + X509_REVOKED *rev; + time_t sec; - GetX509Rev(self, rev); + GetX509Rev(self, rev); + sec = time_to_time_t(time); + if (!X509_time_adj(rev->revocationDate, 0, &sec)) { + ossl_raise(eX509RevError, ""); + } - sec = time_to_time_t(time); - - if (!X509_time_adj(rev->revocationDate, 0, &sec)) { - ossl_raise(eX509RevError, ""); - } - return time; + return time; } /* * Gets X509v3 extensions as array of X509Ext objects @@ -145,26 +143,24 @@ ossl_x509revoked_set_time(VALUE self, VALUE time) static VALUE ossl_x509revoked_get_extensions(VALUE self) { - X509_REVOKED *rev; - int count, i; - X509_EXTENSION *ext; - VALUE ary; - - GetX509Rev(self, rev); - - count = X509_REVOKED_get_ext_count(rev); - - if (count < 0) { - OSSL_Debug("count < 0???"); - return rb_ary_new(); - } - ary = rb_ary_new2(count); - - for (i=0; i<count; i++) { - ext = X509_REVOKED_get_ext(rev, i); - rb_ary_push(ary, ossl_x509ext_new(ext)); - } - return ary; + X509_REVOKED *rev; + int count, i; + X509_EXTENSION *ext; + VALUE ary; + + GetX509Rev(self, rev); + count = X509_REVOKED_get_ext_count(rev); + if (count < 0) { + OSSL_Debug("count < 0???"); + return rb_ary_new(); + } + ary = rb_ary_new2(count); + for (i=0; i<count; i++) { + ext = X509_REVOKED_get_ext(rev, i); + rb_ary_push(ary, ossl_x509ext_new(ext)); + } + + return ary; } /* @@ -173,45 +169,40 @@ ossl_x509revoked_get_extensions(VALUE self) static VALUE ossl_x509revoked_set_extensions(VALUE self, VALUE ary) { - X509_REVOKED *rev; - X509_EXTENSION *ext; - int i; - VALUE item; - - GetX509Rev(self, rev); - - Check_Type(ary, T_ARRAY); - - for (i=0; i<RARRAY(ary)->len; i++) { - OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); + X509_REVOKED *rev; + X509_EXTENSION *ext; + int i; + VALUE item; + + GetX509Rev(self, rev); + Check_Type(ary, T_ARRAY); + for (i=0; i<RARRAY(ary)->len; i++) { + OSSL_Check_Kind(RARRAY(ary)->ptr[i], cX509Ext); + } + sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); + rev->extensions = NULL; + for (i=0; i<RARRAY(ary)->len; i++) { + item = RARRAY(ary)->ptr[i]; + ext = ossl_x509ext_get_X509_EXTENSION(item); + if(!X509_REVOKED_add_ext(rev, ext, -1)) { + ossl_raise(eX509RevError, ""); } - - sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); - rev->extensions = NULL; - - for (i=0; i<RARRAY(ary)->len; i++) { - item = RARRAY(ary)->ptr[i]; - - ext = ossl_x509ext_get_X509_EXTENSION(item); + } - if(!X509_REVOKED_add_ext(rev, ext, -1)) { - ossl_raise(eX509RevError, ""); - } - } - return ary; + return ary; } static VALUE ossl_x509revoked_add_extension(VALUE self, VALUE ext) { - X509_REVOKED *rev; - - GetX509Rev(self, rev); - - if(!X509_REVOKED_add_ext(rev, ossl_x509ext_get_X509_EXTENSION(ext), -1)) { - ossl_raise(eX509RevError, ""); - } - return ext; + X509_REVOKED *rev; + + GetX509Rev(self, rev); + if(!X509_REVOKED_add_ext(rev, ossl_x509ext_get_X509_EXTENSION(ext), -1)) { + ossl_raise(eX509RevError, ""); + } + + return ext; } /* @@ -220,19 +211,19 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext) void Init_ossl_x509revoked() { - eX509RevError = rb_define_class_under(mX509, "RevokedError", eOSSLError); + eX509RevError = rb_define_class_under(mX509, "RevokedError", eOSSLError); - cX509Rev = rb_define_class_under(mX509, "Revoked", rb_cObject); + cX509Rev = rb_define_class_under(mX509, "Revoked", rb_cObject); - rb_define_singleton_method(cX509Rev, "new", ossl_x509revoked_s_allocate, 0); - rb_define_method(cX509Rev, "initialize", ossl_x509revoked_initialize, -1); + rb_define_singleton_method(cX509Rev, "new", ossl_x509revoked_s_allocate, 0); + rb_define_method(cX509Rev, "initialize", ossl_x509revoked_initialize, -1); - rb_define_method(cX509Rev, "serial", ossl_x509revoked_get_serial, 0); - rb_define_method(cX509Rev, "serial=", ossl_x509revoked_set_serial, 1); - rb_define_method(cX509Rev, "time", ossl_x509revoked_get_time, 0); - rb_define_method(cX509Rev, "time=", ossl_x509revoked_set_time, 1); - rb_define_method(cX509Rev, "extensions", ossl_x509revoked_get_extensions, 0); - rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1); - rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1); + rb_define_method(cX509Rev, "serial", ossl_x509revoked_get_serial, 0); + rb_define_method(cX509Rev, "serial=", ossl_x509revoked_set_serial, 1); + rb_define_method(cX509Rev, "time", ossl_x509revoked_get_time, 0); + rb_define_method(cX509Rev, "time=", ossl_x509revoked_set_time, 1); + rb_define_method(cX509Rev, "extensions", ossl_x509revoked_get_extensions, 0); + rb_define_method(cX509Rev, "extensions=", ossl_x509revoked_set_extensions, 1); + rb_define_method(cX509Rev, "add_extension", ossl_x509revoked_add_extension, 1); } diff --git a/ossl_x509store.c b/ossl_x509store.c index bccddf0..14f557e 100644 --- a/ossl_x509store.c +++ b/ossl_x509store.c @@ -12,20 +12,20 @@ #include <rubysig.h> #define MakeX509Store(klass, obj, storep) do { \ - obj = Data_Make_Struct(klass, ossl_x509store, 0, ossl_x509store_free, storep); \ - if (!storep) { \ - ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \ - } \ + obj = Data_Make_Struct(klass, ossl_x509store, 0, ossl_x509store_free, storep); \ + if (!storep) { \ + ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \ + } \ } while (0) #define GetX509Store(obj, storep) do { \ - Data_Get_Struct(obj, ossl_x509store, storep); \ - if (!storep) { \ - ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \ - } \ + Data_Get_Struct(obj, ossl_x509store, storep); \ + if (!storep) { \ + ossl_raise(rb_eRuntimeError, "STORE wasn't initialized!"); \ + } \ } while (0) #define SafeGetX509Store(obj, storep) do { \ - OSSL_Check_Kind(obj, cX509Store); \ - GetX509Store(obj, storep); \ + OSSL_Check_Kind(obj, cX509Store); \ + GetX509Store(obj, storep); \ } while (0) /* @@ -43,20 +43,20 @@ int ossl_x509store_verify_cb(int, X509_STORE_CTX *); * Struct */ typedef struct ossl_x509store_st { - int protect; - X509_STORE_CTX *store; + int protect; + X509_STORE_CTX *store; } ossl_x509store; static void ossl_x509store_free(ossl_x509store *storep) { - if (storep) { - if (storep->store && storep->protect == Qfalse) { - X509_STORE_CTX_free(storep->store); - } - storep->store = NULL; - free(storep); + if (storep) { + if (storep->store && storep->protect == Qfalse) { + X509_STORE_CTX_free(storep->store); } + storep->store = NULL; + free(storep); + } } /* @@ -65,36 +65,35 @@ ossl_x509store_free(ossl_x509store *storep) VALUE ossl_x509store_new(X509_STORE_CTX *ctx) { - ossl_x509store *storep; - VALUE obj; - - MakeX509Store(cX509Store, obj, storep); - - /* - * Is there any way to _dup X509_STORE_CTX? - */ - /* - if (!(ctx2 = X509_STORE_CTX_new())) { - ossl_raise(eX509StoreError, ""); - } - X509_STORE_CTX_init(ctx2, X509_STORE_dup(ctx->ctx), X509_dup(ctx->cert), NULL); - */ - storep->store = ctx; - storep->protect = Qtrue; /* we're using pointer without DUP - don't free this one */ - - return obj; + ossl_x509store *storep; + VALUE obj; + + MakeX509Store(cX509Store, obj, storep); + /* + * Is there any way to _dup X509_STORE_CTX? + */ + /* + if (!(ctx2 = X509_STORE_CTX_new())) { + ossl_raise(eX509StoreError, ""); + } + X509_STORE_CTX_init(ctx2, X509_STORE_dup(ctx->ctx), X509_dup(ctx->cert), NULL); + */ + storep->store = ctx; + storep->protect = Qtrue; /* we're using pointer without DUP - don't free this one */ + + return obj; } X509_STORE * ossl_x509store_get_X509_STORE(VALUE obj) { - ossl_x509store *storep; - - SafeGetX509Store(obj, storep); + ossl_x509store *storep; - storep->protect = Qtrue; /* we gave out internal pointer without DUP - don't free this one */ - - return storep->store->ctx; + SafeGetX509Store(obj, storep); + /* we gave out internal pointer without DUP - don't free this one */ + storep->protect = Qtrue; + + return storep->store->ctx; } /* @@ -103,9 +102,9 @@ ossl_x509store_get_X509_STORE(VALUE obj) * clean entries when garbage collecting */ typedef struct ossl_session_db_st { - void *key; - VALUE data; - struct ossl_session_db_st *next; + void *key; + VALUE data; + struct ossl_session_db_st *next; } ossl_session_db; ossl_session_db *db_root; @@ -113,51 +112,51 @@ ossl_session_db *db_root; static VALUE ossl_session_db_get(void *key) { - ossl_session_db *item = db_root; - - rb_thread_critical = 1; - while (item) { - if (item->key == key) { - rb_thread_critical = 0; - return item->data; - } - item = item->next; + ossl_session_db *item = db_root; + + rb_thread_critical = 1; + while (item) { + if (item->key == key) { + rb_thread_critical = 0; + return item->data; } - rb_thread_critical = 0; - return Qnil; + item = item->next; + } + rb_thread_critical = 0; + + return Qnil; } static VALUE ossl_session_db_set(void *key, VALUE data) { - ossl_session_db *item = db_root, *last = NULL; - - rb_thread_critical = 1; - while (item) { - if (item->key == key) { - item->data = data; - rb_thread_critical = 0; - return data; - } - last = item; - item = last->next; - } - if (!(item = (ossl_session_db *)OPENSSL_malloc(sizeof(ossl_session_db)))) { - rb_thread_critical = 0; - ossl_raise(eX509StoreError, ""); - } - item->key = key; - item->data = data; - item->next = NULL; + ossl_session_db *item = db_root, *last = NULL; - if (last) { - last->next = item; - } else { - db_root = item; + rb_thread_critical = 1; + while (item) { + if (item->key == key) { + item->data = data; + rb_thread_critical = 0; + return data; } + last = item; + item = last->next; + } + if (!(item = (ossl_session_db *)OPENSSL_malloc(sizeof(ossl_session_db)))) { rb_thread_critical = 0; - - return data; + ossl_raise(eX509StoreError, ""); + } + item->key = key; + item->data = data; + item->next = NULL; + if (last) { + last->next = item; + } else { + db_root = item; + } + rb_thread_critical = 0; + + return data; } /* @@ -166,112 +165,108 @@ ossl_session_db_set(void *key, VALUE data) static VALUE ossl_x509store_s_allocate(VALUE klass) { - ossl_x509store *storep; - VALUE obj; + ossl_x509store *storep; + VALUE obj; - MakeX509Store(klass, obj, storep); + MakeX509Store(klass, obj, storep); - return obj; + return obj; } static VALUE ossl_x509store_initialize(int argc, VALUE *argv, VALUE self) { - ossl_x509store *storep; - X509_STORE *store; - - GetX509Store(self, storep); - - if (!(store = X509_STORE_new())) { - ossl_raise(eX509StoreError, ""); - } - if (!(storep->store = X509_STORE_CTX_new())) { - ossl_raise(eX509StoreError, ""); - } - X509_STORE_set_verify_cb_func(store, ossl_x509store_verify_cb); - X509_STORE_CTX_init(storep->store, store, NULL, NULL); - - /* - * instance variable - */ - rb_ivar_set(self, rb_intern("@verify_callback"), Qnil); - - return self; + ossl_x509store *storep; + X509_STORE *store; + + GetX509Store(self, storep); + if (!(store = X509_STORE_new())) { + ossl_raise(eX509StoreError, ""); + } + if (!(storep->store = X509_STORE_CTX_new())) { + ossl_raise(eX509StoreError, ""); + } + X509_STORE_set_verify_cb_func(store, ossl_x509store_verify_cb); + X509_STORE_CTX_init(storep->store, store, NULL, NULL); + + /* + * instance variable + */ + rb_ivar_set(self, rb_intern("@verify_callback"), Qnil); + + return self; } static VALUE ossl_x509store_add_trusted(VALUE self, VALUE cert) { - ossl_x509store *storep; - - GetX509Store(self, storep); + ossl_x509store *storep; - if (!X509_STORE_add_cert(storep->store->ctx, GetX509CertPtr(cert))) { /* NO DUP needed! */ - ossl_raise(eX509StoreError, ""); - } - return cert; + GetX509Store(self, storep); + /* NO DUP needed! */ + if (!X509_STORE_add_cert(storep->store->ctx, GetX509CertPtr(cert))) { + ossl_raise(eX509StoreError, ""); + } + + return cert; } static VALUE ossl_x509store_get_chain(VALUE self) { - ossl_x509store *storep; - X509 *x509; - int i, num; - VALUE ary; - - GetX509Store(self, storep); - - num = sk_X509_num(storep->store->chain); - - if (num < 0) { - OSSL_Debug("certs in chain < 0???"); - return rb_ary_new(); - } - ary = rb_ary_new2(num); - - for(i=0; i<num; i++) { - x509 = sk_X509_value(storep->store->chain, i); - rb_ary_push(ary, ossl_x509_new(x509)); -/* - * TODO - * find out if we can free x509 - X509_free(x509); - */ - } + ossl_x509store *storep; + X509 *x509; + int i, num; + VALUE ary; + + GetX509Store(self, storep); + num = sk_X509_num(storep->store->chain); + if (num < 0) { + OSSL_Debug("certs in chain < 0???"); + return rb_ary_new(); + } + ary = rb_ary_new2(num); + for(i=0; i<num; i++) { + x509 = sk_X509_value(storep->store->chain, i); + rb_ary_push(ary, ossl_x509_new(x509)); + /* + * TODO + * find out if we can free x509 + X509_free(x509); + */ + } - return ary; + return ary; } static VALUE ossl_x509store_add_crl(VALUE self, VALUE crl) { - ossl_x509store *storep; - - GetX509Store(self, storep); - - if (!X509_STORE_add_crl(storep->store->ctx, GetX509CRLPtr(crl))) { /* NO DUP needed */ - ossl_raise(eX509StoreError, ""); - } - - /* - * Check CRL - */ - X509_STORE_CTX_set_flags(storep->store, X509_V_FLAG_CRL_CHECK); - - return crl; + ossl_x509store *storep; + + GetX509Store(self, storep); + /* NO DUP needed */ + if (!X509_STORE_add_crl(storep->store->ctx, GetX509CRLPtr(crl))) { + ossl_raise(eX509StoreError, ""); + } + /* + * Check CRL + */ + X509_STORE_CTX_set_flags(storep->store, X509_V_FLAG_CRL_CHECK); + + return crl; } static VALUE ossl_x509store_call_verify_cb_proc(VALUE args) { - VALUE proc, ok, store_ctx; + VALUE proc, ok, store_ctx; - proc = rb_ary_entry(args, 0); - ok = rb_ary_entry(args, 1); - store_ctx = rb_ary_entry(args, 2); + proc = rb_ary_entry(args, 0); + ok = rb_ary_entry(args, 1); + store_ctx = rb_ary_entry(args, 2); - return rb_funcall(proc, rb_intern("call"), 2, ok, store_ctx); + return rb_funcall(proc, rb_intern("call"), 2, ok, store_ctx); } /* @@ -286,169 +281,165 @@ ossl_x509store_verify_false(VALUE dummy) int ossl_x509store_verify_cb(int ok, X509_STORE_CTX *ctx) { - VALUE proc, store_ctx, args, ret = Qnil; + VALUE proc, store_ctx, args, ret = Qnil; - /* - * Get Proc from verify_cb Database - */ - proc = ossl_session_db_get((void *)ctx->ctx); + /* + * Get Proc from verify_cb Database + */ + proc = ossl_session_db_get((void *)ctx->ctx); - if (!NIL_P(proc)) { - store_ctx = ossl_x509store_new(ctx); - args = rb_ary_new2(3); - rb_ary_store(args, 0, proc); - rb_ary_store(args, 1, ok ? Qtrue : Qfalse); - rb_ary_store(args, 2, store_ctx); - ret = rb_rescue(ossl_x509store_call_verify_cb_proc, args, ossl_x509store_verify_false, Qnil); - - if (ret == Qtrue) { - ok = 1; - X509_STORE_CTX_set_error(ctx, X509_V_OK); - } else { - ok = 0; - if (X509_STORE_CTX_get_error(ctx) == X509_V_OK) { - X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); - } - } + if (!NIL_P(proc)) { + store_ctx = ossl_x509store_new(ctx); + args = rb_ary_new2(3); + rb_ary_store(args, 0, proc); + rb_ary_store(args, 1, ok ? Qtrue : Qfalse); + rb_ary_store(args, 2, store_ctx); + ret = rb_rescue(ossl_x509store_call_verify_cb_proc, args, + ossl_x509store_verify_false, Qnil); + if (ret == Qtrue) { + ok = 1; + X509_STORE_CTX_set_error(ctx, X509_V_OK); + } else { + ok = 0; + if (X509_STORE_CTX_get_error(ctx) == X509_V_OK) { + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); + } } - return ok; + } + return ok; } static VALUE ossl_x509store_verify(VALUE self, VALUE cert) { - ossl_x509store *storep; - int result; - - GetX509Store(self, storep); - - X509_STORE_CTX_set_cert(storep->store, GetX509CertPtr(cert)); /* NO DUP NEEDED. */ - - if ((result = X509_verify_cert(storep->store)) < 0) { - ossl_raise(eX509StoreError, ""); - } - /* - * TODO - * Should we clear chain? - X509_STORE_CTX_cleanup(storep->store); - */ - if (result == 1) { - return Qtrue; - } - return Qfalse; + ossl_x509store *storep; + int result; + + GetX509Store(self, storep); + /* NO DUP NEEDED. */ + X509_STORE_CTX_set_cert(storep->store, GetX509CertPtr(cert)); + if ((result = X509_verify_cert(storep->store)) < 0) { + ossl_raise(eX509StoreError, ""); + } + /* + * TODO + * Should we clear chain? + X509_STORE_CTX_cleanup(storep->store); + */ + if (result == 1) { + return Qtrue; + } + + return Qfalse; } static VALUE ossl_x509store_get_verify_status(VALUE self) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); + GetX509Store(self, storep); - return INT2FIX(X509_STORE_CTX_get_error(storep->store)); + return INT2FIX(X509_STORE_CTX_get_error(storep->store)); } static VALUE ossl_x509store_set_verify_status(VALUE self, VALUE err) { - ossl_x509store *storep; - - GetX509Store(self, storep); + ossl_x509store *storep; - X509_STORE_CTX_set_error(storep->store, FIX2INT(err)); + GetX509Store(self, storep); + X509_STORE_CTX_set_error(storep->store, FIX2INT(err)); - return err; + return err; } static VALUE ossl_x509store_get_verify_message(VALUE self) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); + GetX509Store(self, storep); - return rb_str_new2(X509_verify_cert_error_string(storep->store->error)); + return rb_str_new2(X509_verify_cert_error_string(storep->store->error)); } static VALUE ossl_x509store_get_verify_depth(VALUE self) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); + GetX509Store(self, storep); - return INT2FIX(X509_STORE_CTX_get_error_depth(storep->store)); + return INT2FIX(X509_STORE_CTX_get_error_depth(storep->store)); } static VALUE ossl_x509store_get_cert(VALUE self) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); + GetX509Store(self, storep); - /* - * TODO - * Find out if we can free X509 - */ - return ossl_x509_new(X509_STORE_CTX_get_current_cert(storep->store)); + /* + * TODO + * Find out if we can free X509 + */ + return ossl_x509_new(X509_STORE_CTX_get_current_cert(storep->store)); } static VALUE ossl_x509store_set_default_paths(VALUE self) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); + GetX509Store(self, storep); + if (!X509_STORE_set_default_paths(storep->store->ctx)) { + ossl_raise(eX509StoreError, ""); + } - if (!X509_STORE_set_default_paths(storep->store->ctx)) { - ossl_raise(eX509StoreError, ""); - } - return self; + return self; } static VALUE ossl_x509store_load_locations(VALUE self, VALUE path) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); - - SafeStringValue(path); + GetX509Store(self, storep); + SafeStringValue(path); + if (!X509_STORE_load_locations(storep->store->ctx, NULL, + RSTRING(path)->ptr)) { + ossl_raise(eX509StoreError, ""); + } - if (!X509_STORE_load_locations(storep->store->ctx, NULL, RSTRING(path)->ptr)) { - ossl_raise(eX509StoreError, ""); - } - return self; + return self; } static VALUE ossl_x509store_set_verify_cb(VALUE self, VALUE proc) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); + GetX509Store(self, storep); + /* + * Associate verify_cb with Store in DB + */ + ossl_session_db_set((void *)storep->store->ctx, proc); + rb_ivar_set(self, rb_intern("@verify_callback"), proc); - /* - * Associate verify_cb with Store in DB - */ - ossl_session_db_set((void *)storep->store->ctx, proc); - - rb_ivar_set(self, rb_intern("@verify_callback"), proc); - - return proc; + return proc; } static VALUE ossl_x509store_cleanup(VALUE self) { - ossl_x509store *storep; + ossl_x509store *storep; - GetX509Store(self, storep); + GetX509Store(self, storep); + X509_STORE_CTX_cleanup(storep->store); - X509_STORE_CTX_cleanup(storep->store); - - return self; + return self; } /* @@ -457,69 +448,69 @@ ossl_x509store_cleanup(VALUE self) void Init_ossl_x509store() { - /* - * INIT verify_cb DB - */ - db_root = NULL; - - eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError); + /* + * INIT verify_cb DB + */ + db_root = NULL; + + eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError); - cX509Store = rb_define_class_under(mX509, "Store", rb_cObject); + cX509Store = rb_define_class_under(mX509, "Store", rb_cObject); - rb_define_singleton_method(cX509Store, "allocate", ossl_x509store_s_allocate, 0); - rb_define_method(cX509Store, "initialize", ossl_x509store_initialize, -1); + rb_define_singleton_method(cX509Store, "allocate", ossl_x509store_s_allocate, 0); + rb_define_method(cX509Store, "initialize", ossl_x509store_initialize, -1); - rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse); - rb_define_method(cX509Store, "verify_callback=", ossl_x509store_set_verify_cb, 1); + rb_attr(cX509Store, rb_intern("verify_callback"), 1, 0, Qfalse); + rb_define_method(cX509Store, "verify_callback=", ossl_x509store_set_verify_cb, 1); - rb_define_method(cX509Store, "add_trusted", ossl_x509store_add_trusted, 1); - rb_define_method(cX509Store, "add_crl", ossl_x509store_add_crl, 1); + rb_define_method(cX509Store, "add_trusted", ossl_x509store_add_trusted, 1); + rb_define_method(cX509Store, "add_crl", ossl_x509store_add_crl, 1); - rb_define_method(cX509Store, "verify", ossl_x509store_verify, 1); - rb_define_method(cX509Store, "verify_status", ossl_x509store_get_verify_status, 0); - rb_define_method(cX509Store, "verify_status=", ossl_x509store_set_verify_status, 1); - rb_define_method(cX509Store, "verify_message", ossl_x509store_get_verify_message, 0); - rb_define_method(cX509Store, "verify_depth", ossl_x509store_get_verify_depth, 0); - rb_define_method(cX509Store, "chain", ossl_x509store_get_chain, 0); - rb_define_method(cX509Store, "cert", ossl_x509store_get_cert, 0); - rb_define_method(cX509Store, "set_default_paths", ossl_x509store_set_default_paths, 0); - rb_define_method(cX509Store, "load_locations", ossl_x509store_load_locations, 1); - - rb_define_method(cX509Store, "cleanup!", ossl_x509store_cleanup, 0); + rb_define_method(cX509Store, "verify", ossl_x509store_verify, 1); + rb_define_method(cX509Store, "verify_status", ossl_x509store_get_verify_status, 0); + rb_define_method(cX509Store, "verify_status=", ossl_x509store_set_verify_status, 1); + rb_define_method(cX509Store, "verify_message", ossl_x509store_get_verify_message, 0); + rb_define_method(cX509Store, "verify_depth", ossl_x509store_get_verify_depth, 0); + rb_define_method(cX509Store, "chain", ossl_x509store_get_chain, 0); + rb_define_method(cX509Store, "cert", ossl_x509store_get_cert, 0); + rb_define_method(cX509Store, "set_default_paths", ossl_x509store_set_default_paths, 0); + rb_define_method(cX509Store, "load_locations", ossl_x509store_load_locations, 1); + + rb_define_method(cX509Store, "cleanup!", ossl_x509store_cleanup, 0); #define DefX509StoreConst(x) rb_define_const(cX509Store, #x, INT2FIX(X509_V_ERR_##x)) - DefX509StoreConst(UNABLE_TO_GET_ISSUER_CERT); - DefX509StoreConst(UNABLE_TO_GET_CRL); - DefX509StoreConst(UNABLE_TO_DECRYPT_CERT_SIGNATURE); - DefX509StoreConst(UNABLE_TO_DECRYPT_CRL_SIGNATURE); - DefX509StoreConst(UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY); - DefX509StoreConst(CERT_SIGNATURE_FAILURE); - DefX509StoreConst(CRL_SIGNATURE_FAILURE); - DefX509StoreConst(CERT_NOT_YET_VALID); - DefX509StoreConst(CERT_HAS_EXPIRED); - DefX509StoreConst(CRL_NOT_YET_VALID); - DefX509StoreConst(CRL_HAS_EXPIRED); - DefX509StoreConst(ERROR_IN_CERT_NOT_BEFORE_FIELD); - DefX509StoreConst(ERROR_IN_CERT_NOT_AFTER_FIELD); - DefX509StoreConst(ERROR_IN_CRL_LAST_UPDATE_FIELD); - DefX509StoreConst(ERROR_IN_CRL_NEXT_UPDATE_FIELD); - DefX509StoreConst(OUT_OF_MEM); - DefX509StoreConst(DEPTH_ZERO_SELF_SIGNED_CERT); - DefX509StoreConst(SELF_SIGNED_CERT_IN_CHAIN); - DefX509StoreConst(UNABLE_TO_GET_ISSUER_CERT_LOCALLY); - DefX509StoreConst(UNABLE_TO_VERIFY_LEAF_SIGNATURE); - DefX509StoreConst(CERT_CHAIN_TOO_LONG); - DefX509StoreConst(CERT_REVOKED); - DefX509StoreConst(INVALID_CA); - DefX509StoreConst(PATH_LENGTH_EXCEEDED); - DefX509StoreConst(INVALID_PURPOSE); - DefX509StoreConst(CERT_UNTRUSTED); - DefX509StoreConst(CERT_REJECTED); - DefX509StoreConst(SUBJECT_ISSUER_MISMATCH); - DefX509StoreConst(AKID_SKID_MISMATCH); - DefX509StoreConst(AKID_ISSUER_SERIAL_MISMATCH); - DefX509StoreConst(KEYUSAGE_NO_CERTSIGN); - DefX509StoreConst(APPLICATION_VERIFICATION); + DefX509StoreConst(UNABLE_TO_GET_ISSUER_CERT); + DefX509StoreConst(UNABLE_TO_GET_CRL); + DefX509StoreConst(UNABLE_TO_DECRYPT_CERT_SIGNATURE); + DefX509StoreConst(UNABLE_TO_DECRYPT_CRL_SIGNATURE); + DefX509StoreConst(UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY); + DefX509StoreConst(CERT_SIGNATURE_FAILURE); + DefX509StoreConst(CRL_SIGNATURE_FAILURE); + DefX509StoreConst(CERT_NOT_YET_VALID); + DefX509StoreConst(CERT_HAS_EXPIRED); + DefX509StoreConst(CRL_NOT_YET_VALID); + DefX509StoreConst(CRL_HAS_EXPIRED); + DefX509StoreConst(ERROR_IN_CERT_NOT_BEFORE_FIELD); + DefX509StoreConst(ERROR_IN_CERT_NOT_AFTER_FIELD); + DefX509StoreConst(ERROR_IN_CRL_LAST_UPDATE_FIELD); + DefX509StoreConst(ERROR_IN_CRL_NEXT_UPDATE_FIELD); + DefX509StoreConst(OUT_OF_MEM); + DefX509StoreConst(DEPTH_ZERO_SELF_SIGNED_CERT); + DefX509StoreConst(SELF_SIGNED_CERT_IN_CHAIN); + DefX509StoreConst(UNABLE_TO_GET_ISSUER_CERT_LOCALLY); + DefX509StoreConst(UNABLE_TO_VERIFY_LEAF_SIGNATURE); + DefX509StoreConst(CERT_CHAIN_TOO_LONG); + DefX509StoreConst(CERT_REVOKED); + DefX509StoreConst(INVALID_CA); + DefX509StoreConst(PATH_LENGTH_EXCEEDED); + DefX509StoreConst(INVALID_PURPOSE); + DefX509StoreConst(CERT_UNTRUSTED); + DefX509StoreConst(CERT_REJECTED); + DefX509StoreConst(SUBJECT_ISSUER_MISMATCH); + DefX509StoreConst(AKID_SKID_MISMATCH); + DefX509StoreConst(AKID_ISSUER_SERIAL_MISMATCH); + DefX509StoreConst(KEYUSAGE_NO_CERTSIGN); + DefX509StoreConst(APPLICATION_VERIFICATION); } |