diff options
author | Zachary Scott <e@zzak.io> | 2015-11-13 11:02:30 +0900 |
---|---|---|
committer | Zachary Scott <e@zzak.io> | 2015-11-13 11:10:06 +0900 |
commit | cc36e11b6621281e2f3e700a1b38327adcff2b71 (patch) | |
tree | 07ff07acd6797c66a3c599a90c840206e5c81791 /ext | |
parent | 908a62cc0cff25f1861fcb69b70e10a31590e3d2 (diff) | |
download | ruby-openssl-cc36e11b6621281e2f3e700a1b38327adcff2b71.tar.gz |
Merge trunk upstream
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 8 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 64 | ||||
-rw-r--r-- | ext/openssl/ossl_x509cert.c | 6 | ||||
-rw-r--r-- | ext/openssl/ossl_x509crl.c | 12 | ||||
-rw-r--r-- | ext/openssl/ossl_x509req.c | 6 | ||||
-rw-r--r-- | ext/openssl/ossl_x509revoked.c | 6 |
6 files changed, 54 insertions, 48 deletions
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index af32d99e..02b67429 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -671,9 +671,9 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, OCSP_BASICRESP *bs; OCSP_SINGLERESP *single; OCSP_CERTID *id; - int st, rsn; ASN1_TIME *ths, *nxt, *rev; - int error, i, rstatus = 0; + int st, rsn, error, rstatus = 0; + long i; VALUE tmp; st = NUM2INT(status); @@ -682,7 +682,7 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, /* All ary's members should be X509Extension */ Check_Type(ext, T_ARRAY); for (i = 0; i < RARRAY_LEN(ext); i++) - OSSL_Check_Kind(RARRAY_PTR(ext)[i], cX509Ext); + OSSL_Check_Kind(RARRAY_AREF(ext, i), cX509Ext); } error = 0; @@ -711,7 +711,7 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free); single->singleExtensions = NULL; for(i = 0; i < RARRAY_LEN(ext); i++){ - x509ext = DupX509ExtPtr(RARRAY_PTR(ext)[i]); + x509ext = DupX509ExtPtr(RARRAY_AREF(ext, i)); if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){ X509_EXTENSION_free(x509ext); error = 1; diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 3e6e1646..09d8dd24 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -581,53 +581,58 @@ ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, } static int -ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen) { - int i = 0; - VALUE sslctx_obj, cb, protocols, selected; - - sslctx_obj = (VALUE) arg; - cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); - protocols = rb_ary_new(); + VALUE selected; + long len; + unsigned char l; + VALUE protocols = rb_ary_new(); /* The format is len_1|proto_1|...|len_n|proto_n\0 */ - while (in[i]) { - VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]); + while ((l = *in++) != '\0') { + VALUE protocol; + if (l > inlen) { + ossl_raise(eSSLError, "Invalid protocol name list"); + } + protocol = rb_str_new((const char *)in, l); rb_ary_push(protocols, protocol); - i += in[i] + 1; + in += l; + inlen -= l; } selected = rb_funcall(cb, rb_intern("call"), 1, protocols); StringValue(selected); - *out = (unsigned char *) StringValuePtr(selected); - *outlen = RSTRING_LENINT(selected); + len = RSTRING_LEN(selected); + if (len < 1 || len >= 256) { + ossl_raise(eSSLError, "Selected protocol name must have length 1..255"); + } + *out = (unsigned char *)RSTRING_PTR(selected); + *outlen = (unsigned char)len; return SSL_TLSEXT_ERR_OK; } +static int +ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) +{ + VALUE sslctx_obj, cb; + + sslctx_obj = (VALUE) arg; + cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); + + return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen); +} + #ifdef HAVE_SSL_CTX_SET_ALPN_SELECT_CB static int ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) { - int i = 0; - VALUE sslctx_obj, cb, protocols, selected; + VALUE sslctx_obj, cb; sslctx_obj = (VALUE) arg; cb = rb_iv_get(sslctx_obj, "@alpn_select_cb"); - protocols = rb_ary_new(); - - /* The format is len_1|proto_1|...|len_n|proto_n\0 */ - while (in[i]) { - VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]); - rb_ary_push(protocols, protocol); - i += in[i] + 1; - } - selected = rb_funcall(cb, rb_intern("call"), 1, protocols); - *out = (unsigned char *) StringValuePtr(selected); - *outlen = RSTRING_LENINT(selected); - - return SSL_TLSEXT_ERR_OK; + return ssl_npn_select_cb_common(cb, out, outlen, in, inlen); } #endif @@ -696,7 +701,8 @@ ossl_sslctx_setup(VALUE self) X509_STORE *store; EVP_PKEY *key = NULL; char *ca_path = NULL, *ca_file = NULL; - int i, verify_mode; + int verify_mode; + long i; VALUE val; if(OBJ_FROZEN(self)) return Qnil; @@ -753,7 +759,7 @@ ossl_sslctx_setup(VALUE self) if(!NIL_P(val)){ if (RB_TYPE_P(val, T_ARRAY)) { for(i = 0; i < RARRAY_LEN(val); i++){ - client_ca = GetX509CertPtr(RARRAY_PTR(val)[i]); + client_ca = GetX509CertPtr(RARRAY_AREF(val, i)); if (!SSL_CTX_add_client_CA(ctx, client_ca)){ /* Copies X509_NAME => FREE it. */ ossl_raise(eSSLError, "SSL_CTX_add_client_CA"); diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index b1d57bf3..4dafae17 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -663,18 +663,18 @@ ossl_x509_set_extensions(VALUE self, VALUE ary) { X509 *x509; X509_EXTENSION *ext; - int i; + long i; Check_Type(ary, T_ARRAY); /* All ary's members should be X509Extension */ for (i=0; i<RARRAY_LEN(ary); i++) { - OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext); + OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509(self, x509); sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); x509->cert_info->extensions = NULL; for (i=0; i<RARRAY_LEN(ary); i++) { - ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]); + ext = DupX509ExtPtr(RARRAY_AREF(ary, i)); if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */ X509_EXTENSION_free(ext); diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index 7293fce5..f64712ef 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -302,18 +302,18 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) { X509_CRL *crl; X509_REVOKED *rev; - int i; + long i; Check_Type(ary, T_ARRAY); /* All ary members should be X509 Revoked */ for (i=0; i<RARRAY_LEN(ary); i++) { - OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Rev); + OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev); } GetX509CRL(self, crl); sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); crl->crl->revoked = NULL; for (i=0; i<RARRAY_LEN(ary); i++) { - rev = DupX509RevokedPtr(RARRAY_PTR(ary)[i]); + rev = DupX509RevokedPtr(RARRAY_AREF(ary, i)); if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */ ossl_raise(eX509CRLError, NULL); } @@ -476,18 +476,18 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary) { X509_CRL *crl; X509_EXTENSION *ext; - int i; + long i; Check_Type(ary, T_ARRAY); /* All ary members should be X509 Extensions */ for (i=0; i<RARRAY_LEN(ary); i++) { - OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext); + OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509CRL(self, crl); sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free); crl->crl->extensions = NULL; for (i=0; i<RARRAY_LEN(ary); i++) { - ext = DupX509ExtPtr(RARRAY_PTR(ary)[i]); + ext = DupX509ExtPtr(RARRAY_AREF(ary, i)); if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */ X509_EXTENSION_free(ext); ossl_raise(eX509CRLError, NULL); diff --git a/ext/openssl/ossl_x509req.c b/ext/openssl/ossl_x509req.c index 05d7ef99..e5ce088a 100644 --- a/ext/openssl/ossl_x509req.c +++ b/ext/openssl/ossl_x509req.c @@ -418,18 +418,18 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary) { X509_REQ *req; X509_ATTRIBUTE *attr; - int i; + long i; VALUE item; Check_Type(ary, T_ARRAY); for (i=0;i<RARRAY_LEN(ary); i++) { - OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Attr); + OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr); } GetX509Req(self, req); sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free); req->req_info->attributes = NULL; for (i=0;i<RARRAY_LEN(ary); i++) { - item = RARRAY_PTR(ary)[i]; + item = RARRAY_AREF(ary, i); attr = DupX509AttrPtr(item); if (!X509_REQ_add1_attr(req, attr)) { ossl_raise(eX509ReqError, NULL); diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 0a949e76..46250e12 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -188,18 +188,18 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary) { X509_REVOKED *rev; X509_EXTENSION *ext; - int i; + long i; VALUE item; Check_Type(ary, T_ARRAY); for (i=0; i<RARRAY_LEN(ary); i++) { - OSSL_Check_Kind(RARRAY_PTR(ary)[i], cX509Ext); + OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509Rev(self, rev); sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); rev->extensions = NULL; for (i=0; i<RARRAY_LEN(ary); i++) { - item = RARRAY_PTR(ary)[i]; + item = RARRAY_AREF(ary, i); ext = DupX509ExtPtr(item); if(!X509_REVOKED_add_ext(rev, ext, -1)) { ossl_raise(eX509RevError, NULL); |