aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2017-08-08 18:37:31 +0900
committerKazuki Yamaguchi <k@rhe.jp>2017-08-08 18:39:38 +0900
commit3ed3fc5dde962615fcf42d0cfa4feba6cb8af9d5 (patch)
treef40255ea6be7f6c060f4de1a4c2d999ab716453c /ext/openssl
parentd4ded26d4507b36c7364f68635c0c00f37f740ba (diff)
parentdf37b7a22eb0c70ddba4722630662b4c1e73b009 (diff)
downloadruby-openssl-3ed3fc5dde962615fcf42d0cfa4feba6cb8af9d5.tar.gz
Merge branch 'maint'
* maint: Ruby/OpenSSL 2.0.5 ssl: fix compile error with OpenSSL 1.0.0 ssl: remove unsupported TLS versions from SSLContext::METHODS Add msys2 library dependency tag in gem metadata ossl_pem_passwd_cb: handle nil from the block explicitly ossl_pem_passwd_cb: do not check for taintedness ossl_pem_passwd_cb: relax passphrase length constraint appveyor.yml: test against Ruby 2.4 Rakefile: install_dependencies: install only when needed bio: do not use the FILE BIO method in ossl_obj2bio() bio: prevent possible GC issue in ossl_obj2bio() test/test_ssl: allow 3DES cipher suites in test_sslctx_set_params
Diffstat (limited to 'ext/openssl')
-rw-r--r--ext/openssl/ossl.c26
-rw-r--r--ext/openssl/ossl_bio.c37
-rw-r--r--ext/openssl/ossl_bio.h2
-rw-r--r--ext/openssl/ossl_config.c2
-rw-r--r--ext/openssl/ossl_pkcs12.c2
-rw-r--r--ext/openssl/ossl_pkcs7.c14
-rw-r--r--ext/openssl/ossl_pkey.c2
-rw-r--r--ext/openssl/ossl_pkey_dh.c2
-rw-r--r--ext/openssl/ossl_pkey_dsa.c2
-rw-r--r--ext/openssl/ossl_pkey_ec.c6
-rw-r--r--ext/openssl/ossl_pkey_rsa.c2
-rw-r--r--ext/openssl/ossl_ssl_session.c2
-rw-r--r--ext/openssl/ossl_x509cert.c2
-rw-r--r--ext/openssl/ossl_x509crl.c2
-rw-r--r--ext/openssl/ossl_x509req.c2
15 files changed, 37 insertions, 68 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 542f1422..6ec5e91c 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -147,13 +147,6 @@ ossl_bin2hex(unsigned char *in, char *out, size_t inlen)
/*
* our default PEM callback
*/
-
-/*
- * OpenSSL requires passwords for PEM-encoded files to be at least four
- * characters long. See crypto/pem/pem_lib.c (as of 1.0.2h)
- */
-#define OSSL_MIN_PWD_LEN 4
-
VALUE
ossl_pem_passwd_value(VALUE pass)
{
@@ -162,8 +155,6 @@ ossl_pem_passwd_value(VALUE pass)
StringValue(pass);
- if (RSTRING_LEN(pass) < OSSL_MIN_PWD_LEN)
- ossl_raise(eOSSLError, "password must be at least %d bytes", OSSL_MIN_PWD_LEN);
/* PEM_BUFSIZE is currently used as the second argument of pem_password_cb,
* that is +max_len+ of ossl_pem_passwd_cb() */
if (RSTRING_LEN(pass) > PEM_BUFSIZE)
@@ -175,11 +166,10 @@ ossl_pem_passwd_value(VALUE pass)
static VALUE
ossl_pem_passwd_cb0(VALUE flag)
{
- VALUE pass;
-
- pass = rb_yield(flag);
- SafeStringValue(pass);
-
+ VALUE pass = rb_yield(flag);
+ if (NIL_P(pass))
+ return Qnil;
+ StringValue(pass);
return pass;
}
@@ -196,7 +186,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
* bytes silently if the input is over 1024 bytes */
if (RB_TYPE_P(pass, T_STRING)) {
len = RSTRING_LEN(pass);
- if (len >= OSSL_MIN_PWD_LEN && len <= max_len) {
+ if (len <= max_len) {
memcpy(buf, RSTRING_PTR(pass), len);
return (int)len;
}
@@ -222,11 +212,9 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
rb_set_errinfo(Qnil);
return -1;
}
+ if (NIL_P(pass))
+ return -1;
len = RSTRING_LEN(pass);
- if (len < OSSL_MIN_PWD_LEN) {
- rb_warning("password must be at least %d bytes", OSSL_MIN_PWD_LEN);
- continue;
- }
if (len > max_len) {
rb_warning("password must not be longer than %d bytes", max_len);
continue;
diff --git a/ext/openssl/ossl_bio.c b/ext/openssl/ossl_bio.c
index 5f3f65a5..42833d90 100644
--- a/ext/openssl/ossl_bio.c
+++ b/ext/openssl/ossl_bio.c
@@ -10,37 +10,18 @@
#include "ossl.h"
BIO *
-ossl_obj2bio(VALUE obj)
+ossl_obj2bio(volatile VALUE *pobj)
{
+ VALUE obj = *pobj;
BIO *bio;
- if (RB_TYPE_P(obj, T_FILE)) {
- rb_io_t *fptr;
- FILE *fp;
- int fd;
-
- GetOpenFile(obj, fptr);
- rb_io_check_readable(fptr);
- if ((fd = rb_cloexec_dup(fptr->fd)) < 0){
- rb_sys_fail(0);
- }
- rb_update_max_fd(fd);
- if (!(fp = fdopen(fd, "r"))){
- int e = errno;
- close(fd);
- rb_syserr_fail(e, 0);
- }
- if (!(bio = BIO_new_fp(fp, BIO_CLOSE))){
- fclose(fp);
- ossl_raise(eOSSLError, NULL);
- }
- }
- else {
- StringValue(obj);
- bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj));
- if (!bio) ossl_raise(eOSSLError, NULL);
- }
-
+ if (RB_TYPE_P(obj, T_FILE))
+ obj = rb_funcallv(obj, rb_intern("read"), 0, NULL);
+ StringValue(obj);
+ bio = BIO_new_mem_buf(RSTRING_PTR(obj), RSTRING_LENINT(obj));
+ if (!bio)
+ ossl_raise(eOSSLError, "BIO_new_mem_buf");
+ *pobj = obj;
return bio;
}
diff --git a/ext/openssl/ossl_bio.h b/ext/openssl/ossl_bio.h
index 1b8020cb..da68c5e5 100644
--- a/ext/openssl/ossl_bio.h
+++ b/ext/openssl/ossl_bio.h
@@ -10,7 +10,7 @@
#if !defined(_OSSL_BIO_H_)
#define _OSSL_BIO_H_
-BIO *ossl_obj2bio(VALUE);
+BIO *ossl_obj2bio(volatile VALUE *);
VALUE ossl_membio2str(BIO*);
#endif
diff --git a/ext/openssl/ossl_config.c b/ext/openssl/ossl_config.c
index ebf6ae2a..28392e20 100644
--- a/ext/openssl/ossl_config.c
+++ b/ext/openssl/ossl_config.c
@@ -41,7 +41,7 @@ DupConfigPtr(VALUE obj)
OSSL_Check_Kind(obj, cConfig);
str = rb_funcall(obj, rb_intern("to_s"), 0);
- bio = ossl_obj2bio(str);
+ bio = ossl_obj2bio(&str);
conf = NCONF_new(NULL);
if(!conf){
BIO_free(bio);
diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c
index af032bfe..ddb7d939 100644
--- a/ext/openssl/ossl_pkcs12.c
+++ b/ext/openssl/ossl_pkcs12.c
@@ -173,7 +173,7 @@ ossl_pkcs12_initialize(int argc, VALUE *argv, VALUE self)
if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) return self;
passphrase = NIL_P(pass) ? NULL : StringValueCStr(pass);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
d2i_PKCS12_bio(in, &pkcs);
DATA_PTR(self) = pkcs;
BIO_free(in);
diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c
index e41fb1f0..6395fa6f 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ b/ext/openssl/ossl_pkcs7.c
@@ -197,7 +197,7 @@ ossl_pkcs7_s_read_smime(VALUE klass, VALUE arg)
VALUE ret, data;
ret = NewPKCS7(cPKCS7);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
out = NULL;
pkcs7 = SMIME_read_PKCS7(in, &out);
BIO_free(in);
@@ -229,7 +229,7 @@ ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass)
GetPKCS7(pkcs7, p7);
if(!NIL_P(data) && PKCS7_is_detached(p7))
flg |= PKCS7_DETACHED;
- in = NIL_P(data) ? NULL : ossl_obj2bio(data);
+ in = NIL_P(data) ? NULL : ossl_obj2bio(&data);
if(!(out = BIO_new(BIO_s_mem()))){
BIO_free(in);
ossl_raise(ePKCS7Error, NULL);
@@ -266,7 +266,7 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
ret = NewPKCS7(cPKCS7);
- in = ossl_obj2bio(data);
+ in = ossl_obj2bio(&data);
if(NIL_P(certs)) x509s = NULL;
else{
x509s = ossl_protect_x509_ary2sk(certs, &status);
@@ -322,7 +322,7 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
else ciph = ossl_evp_get_cipherbyname(cipher);
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
ret = NewPKCS7(cPKCS7);
- in = ossl_obj2bio(data);
+ in = ossl_obj2bio(&data);
x509s = ossl_protect_x509_ary2sk(certs, &status);
if(status){
BIO_free(in);
@@ -373,7 +373,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
if(rb_scan_args(argc, argv, "01", &arg) == 0)
return self;
arg = ossl_to_der_if_possible(arg);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL);
if (!p7) {
OSSL_BIO_reset(in);
@@ -765,7 +765,7 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
x509st = GetX509StorePtr(store);
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
if(NIL_P(indata)) indata = ossl_pkcs7_get_data(self);
- in = NIL_P(indata) ? NULL : ossl_obj2bio(indata);
+ in = NIL_P(indata) ? NULL : ossl_obj2bio(&indata);
if(NIL_P(certs)) x509s = NULL;
else{
x509s = ossl_protect_x509_ary2sk(certs, &status);
@@ -832,7 +832,7 @@ ossl_pkcs7_add_data(VALUE self, VALUE data)
if(!PKCS7_content_new(pkcs7, NID_pkcs7_data))
ossl_raise(ePKCS7Error, NULL);
}
- in = ossl_obj2bio(data);
+ in = ossl_obj2bio(&data);
if(!(out = PKCS7_dataInit(pkcs7, NULL))) goto err;
for(;;){
if((len = BIO_read(in, buf, sizeof(buf))) <= 0)
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 4b7e4828..23e21154 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -144,7 +144,7 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
rb_scan_args(argc, argv, "11", &data, &pass);
pass = ossl_pem_passwd_value(pass);
- bio = ossl_obj2bio(data);
+ bio = ossl_obj2bio(&data);
if (!(pkey = d2i_PrivateKey_bio(bio, NULL))) {
OSSL_BIO_reset(bio);
if (!(pkey = PEM_read_bio_PrivateKey(bio, NULL, ossl_pem_passwd_cb, (void *)pass))) {
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index fea7c56b..31f3b8e7 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -222,7 +222,7 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
}
else {
arg = ossl_to_der_if_possible(arg);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
if (!dh){
OSSL_BIO_reset(in);
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index f6b3563d..56cc9dd4 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -229,7 +229,7 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
else {
pass = ossl_pem_passwd_value(pass);
arg = ossl_to_der_if_possible(arg);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
if (!dsa) {
OSSL_BIO_reset(in);
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index d1515306..9c406931 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -205,7 +205,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
BIO *in;
pass = ossl_pem_passwd_value(pass);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
ec = PEM_read_bio_ECPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
if (!ec) {
@@ -763,7 +763,7 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
if ((group = EC_GROUP_dup(arg1_group)) == NULL)
ossl_raise(eEC_GROUP, "EC_GROUP_dup");
} else {
- BIO *in = ossl_obj2bio(arg1);
+ BIO *in = ossl_obj2bio(&arg1);
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
if (!group) {
@@ -1369,7 +1369,7 @@ static VALUE ossl_ec_point_initialize(int argc, VALUE *argv, VALUE self)
point = EC_POINT_bn2point(group, bn, NULL, ossl_bn_ctx);
} else {
- BIO *in = ossl_obj2bio(arg1);
+ BIO *in = ossl_obj2bio(&arg1);
/* BUG: finish me */
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 5122a77e..26397bd0 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -236,7 +236,7 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
else {
pass = ossl_pem_passwd_value(pass);
arg = ossl_to_der_if_possible(arg);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass);
if (!rsa) {
OSSL_BIO_reset(in);
diff --git a/ext/openssl/ossl_ssl_session.c b/ext/openssl/ossl_ssl_session.c
index ba4310a3..55140873 100644
--- a/ext/openssl/ossl_ssl_session.c
+++ b/ext/openssl/ossl_ssl_session.c
@@ -49,7 +49,7 @@ static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1)
if ((ctx = SSL_get1_session(ssl)) == NULL)
ossl_raise(eSSLSession, "no session available");
} else {
- BIO *in = ossl_obj2bio(arg1);
+ BIO *in = ossl_obj2bio(&arg1);
ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index 53c646cf..003a9c19 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -123,7 +123,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
return self;
}
arg = ossl_to_der_if_possible(arg);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
x509 = PEM_read_bio_X509(in, &x, NULL, NULL);
DATA_PTR(self) = x;
if (!x509) {
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index d6b588fc..5ecd7ea0 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -100,7 +100,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
return self;
}
arg = ossl_to_der_if_possible(arg);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
DATA_PTR(self) = x;
if (!crl) {
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index 8214fdc5..9f20dba3 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -86,7 +86,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self)
return self;
}
arg = ossl_to_der_if_possible(arg);
- in = ossl_obj2bio(arg);
+ in = ossl_obj2bio(&arg);
req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL);
DATA_PTR(self) = x;
if (!req) {