Merge trunk upstream

author: Zachary Scott <e@zzak.io> 2015-11-13 11:02:30 +0900
committer: Zachary Scott <e@zzak.io> 2015-11-13 11:10:06 +0900
commit: cc36e11b6621281e2f3e700a1b38327adcff2b71 (patch)
tree: 07ff07acd6797c66a3c599a90c840206e5c81791 /ext/openssl
parent: 908a62cc0cff25f1861fcb69b70e10a31590e3d2 (diff)
download: ruby-openssl-cc36e11b6621281e2f3e700a1b38327adcff2b71.tar.gz
6 files changed, 54 insertions, 48 deletions
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index af32d99e..02b67429 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -671,9 +671,9 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
     OCSP_BASICRESP *bs;
     OCSP_SINGLERESP *single;
     OCSP_CERTID *id;
-    int st, rsn;
     ASN1_TIME *ths, *nxt, *rev;
-    int error, i, rstatus = 0;
+    int st, rsn, error, rstatus = 0;
+    long i;
     VALUE tmp;
 
     st = NUM2INT(status);
@@ -682,7 +682,7 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
 	/* All ary's members should be X509Extension */
 	Check_Type(ext, T_ARRAY);
 	for (i = 0; i < RARRAY_LEN(ext); i++)
-	    OSSL_Check_Kind(RARRAY_PTR(ext)[i], cX509Ext);
+	    OSSL_Check_Kind(RARRAY_AREF(ext, i), cX509Ext);
     }
 
     error = 0;
@@ -711,7 +711,7 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
 	sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free);
 	single->singleExtensions = NULL;
 	for(i = 0; i < RARRAY_LEN(ext); i++){
-	    x509ext = DupX509ExtPtr(RARRAY_PTR(ext)[i]);
+	    x509ext = DupX509ExtPtr(RARRAY_AREF(ext, i));
 	    if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
 		X509_EXTENSION_free(x509ext);
 		error = 1;
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 3e6e1646..09d8dd24 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -581,53 +581,58 @@ ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen,
 }
 
 static int
-ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen)
 {
-    int i = 0;
-    VALUE sslctx_obj, cb, protocols, selected;
-
-    sslctx_obj = (VALUE) arg;
-    cb = rb_iv_get(sslctx_obj, "@npn_select_cb");
-    protocols = rb_ary_new();
+    VALUE selected;
+    long len;
+    unsigned char l;
+    VALUE protocols = rb_ary_new();
 
     /* The format is len_1|proto_1|...|len_n|proto_n\0 */
-    while (in[i]) {
-	VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]);
+    while ((l = *in++) != '\0') {
+	VALUE protocol;
+	if (l > inlen) {
+	    ossl_raise(eSSLError, "Invalid protocol name list");
+	}
+	protocol = rb_str_new((const char *)in, l);
 	rb_ary_push(protocols, protocol);
-	i += in[i] + 1;
+	in += l;
+	inlen -= l;
     }
 
     selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
     StringValue(selected);
-    *out = (unsigned char *) StringValuePtr(selected);
-    *outlen = RSTRING_LENINT(selected);
+    len = RSTRING_LEN(selected);
+    if (len < 1 || len >= 256) {
+	ossl_raise(eSSLError, "Selected protocol name must have length 1..255");
+    }
+    *out = (unsigned char *)RSTRING_PTR(selected);
+    *outlen = (unsigned char)len;
 
     return SSL_TLSEXT_ERR_OK;
 }
 
+static int
+ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
+{
+    VALUE sslctx_obj, cb;
+
+    sslctx_obj = (VALUE) arg;
+    cb = rb_iv_get(sslctx_obj, "@npn_select_cb");
+
+    return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen);
+}
+
 #ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
 static int
 ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
 {
-    int i = 0;
-    VALUE sslctx_obj, cb, protocols, selected;
+    VALUE sslctx_obj, cb;
 
     sslctx_obj = (VALUE) arg;
     cb = rb_iv_get(sslctx_obj, "@alpn_select_cb");
-    protocols = rb_ary_new();
-
-    /* The format is len_1|proto_1|...|len_n|proto_n\0 */
-    while (in[i]) {
-	VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]);
-	rb_ary_push(protocols, protocol);
-	i += in[i] + 1;
-    }
 
-    selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
-    *out = (unsigned char *) StringValuePtr(selected);
-    *outlen = RSTRING_LENINT(selected);
-
-    return SSL_TLSEXT_ERR_OK;
+    return ssl_npn_select_cb_common(cb, out, outlen, in, inlen);
 }
 #endif
 
@@ -696,7 +701,8 @@ ossl_sslctx_setup(VALUE self)
     X509_STORE *store;
     EVP_PKEY *key = NULL;
     char *ca_path = NULL, *ca_file = NULL;
-    int i, verify_mode;
+    int verify_mode;
+    long i;
     VALUE val;
 
     if(OBJ_FROZEN(self)) return Qnil;
@@ -753,7 +759,7 @@ ossl_sslctx_setup(VALUE self)
     if(!NIL_P(val)){
 	if (RB_TYPE_P(val, T_ARRAY)) {
 	    for(i = 0; i < RARRAY_LEN(val); i++){
-		client_ca = GetX509CertPtr(RARRAY_PTR(val)[i]);
+		client_ca = GetX509CertPtr(RARRAY_AREF(val, i));
         	if (!SSL_CTX_add_client_CA(ctx, client_ca)){
 		    /* Copies X509_NAME => FREE it. */
         	    ossl_raise(eSSLError, "SSL_CTX_add_client_CA");
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index b1d57bf3..4dafae17 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -663,18 +663,18 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
 {
     X509 *x509;
     X509_EXTENSION *ext;
-    int i;
+    long i;
 
     Check_Type(ary, T_ARRAY);
     /* All ary's members should be X509Extension */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
+	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509(self, x509);
     sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free);
     x509->cert_info->extensions = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]);
+	ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
 
 	if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
 	    X509_EXTENSION_free(ext);
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index 7293fce5..f64712ef 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -302,18 +302,18 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
 {
     X509_CRL *crl;
     X509_REVOKED *rev;
-    int i;
+    long i;
 
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Revoked */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Rev);
+	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
     }
     GetX509CRL(self, crl);
     sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free);
     crl->crl->revoked = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	rev = DupX509RevokedPtr(RARRAY_PTR(ary)[i]);
+	rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
 	if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
 	    ossl_raise(eX509CRLError, NULL);
 	}
@@ -476,18 +476,18 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
 {
     X509_CRL *crl;
     X509_EXTENSION *ext;
-    int i;
+    long i;
 
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Extensions */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
+	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509CRL(self, crl);
     sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
     crl->crl->extensions = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]);
+	ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
 	if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
 	    X509_EXTENSION_free(ext);
 	    ossl_raise(eX509CRLError, NULL);
diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c
index 05d7ef99..e5ce088a 100644
--- a/ext/openssl/ossl_x509req.c
+++ b/ext/openssl/ossl_x509req.c
@@ -418,18 +418,18 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
 {
     X509_REQ *req;
     X509_ATTRIBUTE *attr;
-    int i;
+    long i;
     VALUE item;
 
     Check_Type(ary, T_ARRAY);
     for (i=0;i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Attr);
+	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
     }
     GetX509Req(self, req);
     sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
     req->req_info->attributes = NULL;
     for (i=0;i<RARRAY_LEN(ary); i++) {
-	item = RARRAY_PTR(ary)[i];
+	item = RARRAY_AREF(ary, i);
 	attr = DupX509AttrPtr(item);
 	if (!X509_REQ_add1_attr(req, attr)) {
 	    ossl_raise(eX509ReqError, NULL);
diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c
index 0a949e76..46250e12 100644
--- a/ext/openssl/ossl_x509revoked.c
+++ b/ext/openssl/ossl_x509revoked.c
@@ -188,18 +188,18 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
 {
     X509_REVOKED *rev;
     X509_EXTENSION *ext;
-    int i;
+    long i;
     VALUE item;
 
     Check_Type(ary, T_ARRAY);
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext);
+	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509Rev(self, rev);
     sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
     rev->extensions = NULL;
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	item = RARRAY_PTR(ary)[i];
+	item = RARRAY_AREF(ary, i);
 	ext = DupX509ExtPtr(item);
 	if(!X509_REVOKED_add_ext(rev, ext, -1)) {
 	    ossl_raise(eX509RevError, NULL);
author	Zachary Scott <e@zzak.io>	2015-11-13 11:02:30 +0900
committer	Zachary Scott <e@zzak.io>	2015-11-13 11:10:06 +0900
commit	cc36e11b6621281e2f3e700a1b38327adcff2b71 (patch)
tree	07ff07acd6797c66a3c599a90c840206e5c81791 /ext/openssl
parent	908a62cc0cff25f1861fcb69b70e10a31590e3d2 (diff)
download	ruby-openssl-cc36e11b6621281e2f3e700a1b38327adcff2b71.tar.gz