diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 01:53:27 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-26 02:12:37 +0900 |
commit | bb170849428dab1463a8e6ec6109beb0d9da0058 (patch) | |
tree | 310d1b4d1e6082ddfc0bdf11ae44a673e2c56c26 | |
parent | a3311831a1b16beea04cd716769def7bd9887bd3 (diff) | |
download | ruby-openssl-bb170849428dab1463a8e6ec6109beb0d9da0058.tar.gz |
Adapt to OpenSSL changes after the 1.1.0-pre6
Fix compiler errors and warnings. The order of parameters of
X509_{CRL,REQ}_get0_signature() has been changed, and certificate and
CRL time accessors have been reorganized: *_get_* functions are
deprecated and replaced by *_get0_* that return a const pointer.
-rw-r--r-- | ext/openssl/extconf.rb | 1 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.c | 6 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.h | 11 | ||||
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 4 | ||||
-rw-r--r-- | ext/openssl/ossl_x509cert.c | 26 | ||||
-rw-r--r-- | ext/openssl/ossl_x509crl.c | 35 | ||||
-rw-r--r-- | ext/openssl/ossl_x509req.c | 4 | ||||
-rw-r--r-- | ext/openssl/ossl_x509revoked.c | 19 |
8 files changed, 67 insertions, 39 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index ad92a287..bf784286 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -147,6 +147,7 @@ have_func("EVP_PKEY_up_ref") OpenSSL.check_func_or_macro("SSL_CTX_set_tmp_ecdh_callback", "openssl/ssl.h") # removed OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h") have_func("SSL_CTX_get_security_level") +have_func("X509_get0_notBefore") Logging::message "=== Checking done. ===\n" diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index cb22647c..cc13b7a3 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -150,7 +150,8 @@ HMAC_CTX_free(HMAC_CTX *ctx) #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) void -X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) +X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) { if (psig != NULL) *psig = crl->signature; @@ -161,7 +162,8 @@ X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl #if !defined(HAVE_X509_REQ_GET0_SIGNATURE) void -X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req) +X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) { if (psig != NULL) *psig = req->signature; diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index d2fdce16..897d6235 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -110,11 +110,11 @@ void HMAC_CTX_free(HMAC_CTX *ctx); #endif #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) -void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, const X509_ALGOR **); #endif #if !defined(HAVE_X509_REQ_GET0_SIGNATURE) -void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req); +void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, const X509_ALGOR **); #endif #if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER) @@ -234,4 +234,11 @@ IMPL_PKEY_GETTER(EC_KEY, ec) # define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN #endif +#if !defined(HAVE_X509_GET0_NOTBEFORE) +# define X509_get0_notBefore(x) X509_get_notBefore(x) +# define X509_get0_notAfter(x) X509_get_notAfter(x) +# define X509_CRL_get0_lastUpdate(x) X509_CRL_get_lastUpdate(x) +# define X509_CRL_get0_nextUpdate(x) X509_CRL_get_nextUpdate(x) +#endif + #endif /* _OSSL_OPENSSL_MISSING_H_ */ diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index 6fa71be5..fc6ba503 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -914,7 +914,7 @@ ossl_ocspbres_get_status(VALUE self) status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd); if(status < 0) continue; - if(!(cid = OCSP_CERTID_dup(OCSP_SINGLERESP_get0_id(single)))) + if(!(cid = OCSP_CERTID_dup((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(single)))) /* FIXME */ ossl_raise(eOCSPError, NULL); ary = rb_ary_new(); rb_ary_push(ary, ossl_ocspcertid_new(cid)); @@ -1279,7 +1279,7 @@ ossl_ocspsres_get_certid(VALUE self) OCSP_CERTID *id; GetOCSPSingleRes(self, sres); - id = OCSP_CERTID_dup(OCSP_SINGLERESP_get0_id(sres)); + id = OCSP_CERTID_dup((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sres)); /* FIXME */ return ossl_ocspcertid_new(id); } diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 6ddb2303..ad1126d4 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -456,10 +456,10 @@ static VALUE ossl_x509_get_not_before(VALUE self) { X509 *x509; - ASN1_UTCTIME *asn1time; + const ASN1_TIME *asn1time; GetX509(self, x509); - if (!(asn1time = X509_get_notBefore(x509))) { /* NO DUP - don't free! */ + if (!(asn1time = X509_get0_notBefore(x509))) { ossl_raise(eX509CertError, NULL); } @@ -474,10 +474,15 @@ static VALUE ossl_x509_set_not_before(VALUE self, VALUE time) { X509 *x509; + ASN1_TIME *asn1time; GetX509(self, x509); - if (!ossl_x509_time_adjust(X509_get_notBefore(x509), time)) - ossl_raise(eX509CertError, NULL); + asn1time = ossl_x509_time_adjust(NULL, time); + if (!X509_set_notBefore(x509, asn1time)) { + ASN1_TIME_free(asn1time); + ossl_raise(eX509CertError, "X509_set_notBefore"); + } + ASN1_TIME_free(asn1time); return time; } @@ -490,10 +495,10 @@ static VALUE ossl_x509_get_not_after(VALUE self) { X509 *x509; - ASN1_TIME *asn1time; + const ASN1_TIME *asn1time; GetX509(self, x509); - if (!(asn1time = X509_get_notAfter(x509))) { /* NO DUP - don't free! */ + if (!(asn1time = X509_get0_notAfter(x509))) { ossl_raise(eX509CertError, NULL); } @@ -508,10 +513,15 @@ static VALUE ossl_x509_set_not_after(VALUE self, VALUE time) { X509 *x509; + ASN1_TIME *asn1time; GetX509(self, x509); - if (!ossl_x509_time_adjust(X509_get_notAfter(x509), time)) - ossl_raise(eX509CertError, NULL); + asn1time = ossl_x509_time_adjust(NULL, time); + if (!X509_set_notAfter(x509, asn1time)) { + ASN1_TIME_free(asn1time); + ossl_raise(eX509CertError, "X509_set_notAfter"); + } + ASN1_TIME_free(asn1time); return time; } diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index 454c0440..0ff5d2f8 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -180,7 +180,7 @@ static VALUE ossl_x509crl_get_signature_algorithm(VALUE self) { X509_CRL *crl; - X509_ALGOR *alg; + const X509_ALGOR *alg; BIO *out; BUF_MEM *buf; VALUE str; @@ -189,7 +189,7 @@ ossl_x509crl_get_signature_algorithm(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eX509CRLError, NULL); } - X509_CRL_get0_signature(NULL, &alg, crl); + X509_CRL_get0_signature(crl, NULL, &alg); if (!i2a_ASN1_OBJECT(out, alg->algorithm)) { BIO_free(out); ossl_raise(eX509CRLError, NULL); @@ -230,17 +230,22 @@ ossl_x509crl_get_last_update(VALUE self) GetX509CRL(self, crl); - return asn1time_to_time(X509_CRL_get_lastUpdate(crl)); + return asn1time_to_time(X509_CRL_get0_lastUpdate(crl)); } static VALUE ossl_x509crl_set_last_update(VALUE self, VALUE time) { X509_CRL *crl; + ASN1_TIME *asn1time; GetX509CRL(self, crl); - if (!ossl_x509_time_adjust(X509_CRL_get_lastUpdate(crl), time)) - ossl_raise(eX509CRLError, NULL); + asn1time = ossl_x509_time_adjust(NULL, time); + if (!X509_CRL_set_lastUpdate(crl, asn1time)) { + ASN1_TIME_free(asn1time); + ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate"); + } + ASN1_TIME_free(asn1time); return time; } @@ -252,28 +257,22 @@ ossl_x509crl_get_next_update(VALUE self) GetX509CRL(self, crl); - return asn1time_to_time(X509_CRL_get_nextUpdate(crl)); + return asn1time_to_time(X509_CRL_get0_nextUpdate(crl)); } static VALUE ossl_x509crl_set_next_update(VALUE self, VALUE time) { X509_CRL *crl; - ASN1_TIME *orig, *new; + ASN1_TIME *asn1time; GetX509CRL(self, crl); - /* orig may be NULL at this time; in this case a new ASN1_TIME is created */ - orig = X509_CRL_get_nextUpdate(crl); - new = ossl_x509_time_adjust(orig, time); - - if (!X509_CRL_set_nextUpdate(crl, new)) { - if (!orig) - ASN1_TIME_free(new); - ossl_raise(eX509CRLError, NULL); + asn1time = ossl_x509_time_adjust(NULL, time); + if (!X509_CRL_set_nextUpdate(crl, asn1time)) { + ASN1_TIME_free(asn1time); + ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate"); } - /* X509_CRL_set_nextUpdate() dups when orig != new */ - if (!orig) - ASN1_TIME_free(new); + ASN1_TIME_free(asn1time); return time; } diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index 11cff733..d2619971 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -302,7 +302,7 @@ static VALUE ossl_x509req_get_signature_algorithm(VALUE self) { X509_REQ *req; - X509_ALGOR *alg; + const X509_ALGOR *alg; BIO *out; BUF_MEM *buf; VALUE str; @@ -312,7 +312,7 @@ ossl_x509req_get_signature_algorithm(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eX509ReqError, NULL); } - X509_REQ_get0_signature(NULL, &alg, req); + X509_REQ_get0_signature(req, NULL, &alg); if (!i2a_ASN1_OBJECT(out, alg->algorithm)) { BIO_free(out); ossl_raise(eX509ReqError, NULL); diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index e5d59db2..7960ea34 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -142,11 +142,15 @@ static VALUE ossl_x509revoked_set_serial(VALUE self, VALUE num) { X509_REVOKED *rev; - ASN1_INTEGER *ai; + ASN1_INTEGER *asn1int; GetX509Rev(self, rev); - ai = X509_REVOKED_get0_serialNumber(rev); - X509_REVOKED_set_serialNumber(rev, num_to_asn1integer(num, ai)); + asn1int = num_to_asn1integer(num, NULL); + if (!X509_REVOKED_set_serialNumber(rev, asn1int)) { + ASN1_INTEGER_free(asn1int); + ossl_raise(eX509RevError, "X509_REVOKED_set_serialNumber"); + } + ASN1_INTEGER_free(asn1int); return num; } @@ -165,10 +169,15 @@ static VALUE ossl_x509revoked_set_time(VALUE self, VALUE time) { X509_REVOKED *rev; + ASN1_TIME *asn1time; GetX509Rev(self, rev); - if (!ossl_x509_time_adjust(X509_REVOKED_get0_revocationDate(rev), time)) - ossl_raise(eX509RevError, NULL); + asn1time = ossl_x509_time_adjust(NULL, time); + if (!X509_REVOKED_set_revocationDate(rev, asn1time)) { + ASN1_TIME_free(asn1time); + ossl_raise(eX509RevError, "X509_REVOKED_set_revocationDate"); + } + ASN1_TIME_free(asn1time); return time; } |