diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-08-24 00:30:00 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-28 11:45:13 +0900 |
commit | 4c18c159b9df516324496fce09e8e5049d5be3fa (patch) | |
tree | 7d8d481d775f038485b350cfa3e5b2e129ee3de7 /ext/openssl | |
parent | 8295165b3f5c7dac67149edc9e1ff8118a68a7ac (diff) | |
download | ruby-openssl-4c18c159b9df516324496fce09e8e5049d5be3fa.tar.gz |
Move verify_callback stuff to ossl_x509store.c
Accordingly, unused functions ossl_x509stctx_new() and
ossl_x509stctx_clear_ptr() are now removed.
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl.c | 67 | ||||
-rw-r--r-- | ext/openssl/ossl.h | 8 | ||||
-rw-r--r-- | ext/openssl/ossl_x509.h | 9 | ||||
-rw-r--r-- | ext/openssl/ossl_x509store.c | 108 |
4 files changed, 89 insertions, 103 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 8ef41385..8269599f 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -220,65 +220,6 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_) } /* - * Verify callback - */ -int ossl_store_ctx_ex_verify_cb_idx; -int ossl_store_ex_verify_cb_idx; - -struct ossl_verify_cb_args { - VALUE proc; - VALUE preverify_ok; - VALUE store_ctx; -}; - -static VALUE -ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args) -{ - return rb_funcall(args->proc, rb_intern("call"), 2, - args->preverify_ok, args->store_ctx); -} - -int -ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx) -{ - VALUE rctx, ret; - struct ossl_verify_cb_args args; - int state; - - if (NIL_P(proc)) - return ok; - - ret = Qfalse; - rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state); - if (state) { - rb_set_errinfo(Qnil); - rb_warn("StoreContext initialization failure"); - } - else { - args.proc = proc; - args.preverify_ok = ok ? Qtrue : Qfalse; - args.store_ctx = rctx; - ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state); - if (state) { - rb_set_errinfo(Qnil); - rb_warn("exception in verify_callback is ignored"); - } - ossl_x509stctx_clear_ptr(rctx); - } - if (ret == Qtrue) { - X509_STORE_CTX_set_error(ctx, X509_V_OK); - ok = 1; - } - else { - if (X509_STORE_CTX_get_error(ctx) == X509_V_OK) - X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); - ok = 0; - } - - return ok; -} - -/* * main module */ VALUE mOSSL; @@ -1158,14 +1099,6 @@ Init_openssl(void) rb_define_module_function(mOSSL, "errors", ossl_get_errors, 0); /* - * Verify callback Proc index for ext-data - */ - if ((ossl_store_ctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_store_ctx_ex_verify_cb_idx", 0, 0, 0)) < 0) - ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index"); - if ((ossl_store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"ossl_store_ex_verify_cb_idx", 0, 0, 0)) < 0) - ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index"); - - /* * Get ID of to_der */ ossl_s_to_der = rb_intern("to_der"); diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index ad30cbf9..78eddd09 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -121,14 +121,6 @@ NORETURN(void ossl_raise(VALUE, const char *, ...)); void ossl_clear_error(void); /* - * Verify callback - */ -extern int ossl_store_ctx_ex_verify_cb_idx; -extern int ossl_store_ex_verify_cb_idx; - -int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *); - -/* * String to DER String */ extern ID ossl_s_to_der; diff --git a/ext/openssl/ossl_x509.h b/ext/openssl/ossl_x509.h index c26da738..a60f7c3d 100644 --- a/ext/openssl/ossl_x509.h +++ b/ext/openssl/ossl_x509.h @@ -110,10 +110,13 @@ VALUE ossl_x509store_new(X509_STORE *); X509_STORE *GetX509StorePtr(VALUE); X509_STORE *DupX509StorePtr(VALUE); -VALUE ossl_x509stctx_new(X509_STORE_CTX *); -VALUE ossl_x509stctx_clear_ptr(VALUE); X509_STORE_CTX *GetX509StCtxtPtr(VALUE); - void Init_ossl_x509store(void); +/* + * Calls the verify callback Proc (the first parameter) with given pre-verify + * result and the X509_STORE_CTX. + */ +int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *); + #endif /* _OSSL_X509_H_ */ diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 75f8238b..eb81e0d4 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -48,6 +48,65 @@ } while (0) /* + * Verify callback stuff + */ +static int stctx_ex_verify_cb_idx, store_ex_verify_cb_idx; +static VALUE ossl_x509stctx_new(X509_STORE_CTX *); + +struct ossl_verify_cb_args { + VALUE proc; + VALUE preverify_ok; + VALUE store_ctx; +}; + +static VALUE +call_verify_cb_proc(struct ossl_verify_cb_args *args) +{ + return rb_funcall(args->proc, rb_intern("call"), 2, + args->preverify_ok, args->store_ctx); +} + +int +ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx) +{ + VALUE rctx, ret; + struct ossl_verify_cb_args args; + int state; + + if (NIL_P(proc)) + return ok; + + ret = Qfalse; + rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state); + if (state) { + rb_set_errinfo(Qnil); + rb_warn("StoreContext initialization failure"); + } + else { + args.proc = proc; + args.preverify_ok = ok ? Qtrue : Qfalse; + args.store_ctx = rctx; + ret = rb_protect((VALUE(*)(VALUE))call_verify_cb_proc, (VALUE)&args, &state); + if (state) { + rb_set_errinfo(Qnil); + rb_warn("exception in verify_callback is ignored"); + } + RTYPEDDATA_DATA(rctx) = NULL; + } + if (ret == Qtrue) { + X509_STORE_CTX_set_error(ctx, X509_V_OK); + ok = 1; + } + else { + if (X509_STORE_CTX_get_error(ctx) == X509_V_OK) + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); + ok = 0; + } + + return ok; +} + +/* * Classes */ VALUE cX509Store; @@ -111,9 +170,10 @@ x509store_verify_cb(int ok, X509_STORE_CTX *ctx) { VALUE proc; - proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx); + proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx); if (!proc) - proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx); + proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), + store_ex_verify_cb_idx); if (!proc) return ok; @@ -144,7 +204,7 @@ ossl_x509store_set_vfy_cb(VALUE self, VALUE cb) X509_STORE *store; GetX509Store(self, store); - X509_STORE_set_ex_data(store, ossl_store_ex_verify_cb_idx, (void *)cb); + X509_STORE_set_ex_data(store, store_ex_verify_cb_idx, (void *)cb); rb_iv_set(self, "@verify_callback", cb); return cb; @@ -432,27 +492,6 @@ static const rb_data_type_t ossl_x509stctx_type = { 0, 0, RUBY_TYPED_FREE_IMMEDIATELY, }; - -VALUE -ossl_x509stctx_new(X509_STORE_CTX *ctx) -{ - VALUE obj; - - obj = NewX509StCtx(cX509StoreContext); - SetX509StCtx(obj, ctx); - - return obj; -} - -VALUE -ossl_x509stctx_clear_ptr(VALUE obj) -{ - OSSL_Check_Kind(obj, cX509StoreContext); - RDATA(obj)->data = NULL; - - return obj; -} - /* * Private functions */ @@ -482,6 +521,17 @@ ossl_x509stctx_alloc(VALUE klass) return obj; } +static VALUE +ossl_x509stctx_new(X509_STORE_CTX *ctx) +{ + VALUE obj; + + obj = NewX509StCtx(cX509StoreContext); + SetX509StCtx(obj, ctx); + + return obj; +} + static VALUE ossl_x509stctx_set_flags(VALUE, VALUE); static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE); static VALUE ossl_x509stctx_set_trust(VALUE, VALUE); @@ -527,7 +577,7 @@ ossl_x509stctx_verify(VALUE self) X509_STORE_CTX *ctx; GetX509StCtx(self, ctx); - X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx, + X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx, (void *)rb_iv_get(self, "@verify_callback")); switch (X509_verify_cert(ctx)) { @@ -747,6 +797,14 @@ Init_ossl_x509store(void) mX509 = rb_define_module_under(mOSSL, "X509"); #endif + /* Register ext_data slot for verify callback Proc */ + stctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"stctx_ex_verify_cb_idx", 0, 0, 0); + if (stctx_ex_verify_cb_idx < 0) + ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index"); + store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"store_ex_verify_cb_idx", 0, 0, 0); + if (store_ex_verify_cb_idx < 0) + ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index"); + eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError); /* Document-class: OpenSSL::X509::Store |