diff options
Diffstat (limited to 'ext/openssl')
-rw-r--r-- | ext/openssl/ossl.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_asn1.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_bn.c | 85 | ||||
-rw-r--r-- | ext/openssl/ossl_engine.c | 28 | ||||
-rw-r--r-- | ext/openssl/ossl_pkcs7.c | 81 |
5 files changed, 117 insertions, 81 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index cb084cd9..358b3b29 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -1135,7 +1135,7 @@ ossl_crypto_fixed_length_secure_compare(VALUE dummy, VALUE str1, VALUE str2) void Init_openssl(void) { -#if HAVE_RB_EXT_RACTOR_SAFE +#ifdef HAVE_RB_EXT_RACTOR_SAFE rb_ext_ractor_safe(true); #endif diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c index 9eb1826f..b4b28532 100644 --- a/ext/openssl/ossl_asn1.c +++ b/ext/openssl/ossl_asn1.c @@ -1510,7 +1510,7 @@ Init_ossl_asn1(void) * * An Array that stores the name of a given tag number. These names are * the same as the name of the tag constant that is additionally defined, - * e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2. + * e.g. +UNIVERSAL_TAG_NAME[2] = "INTEGER"+ and +OpenSSL::ASN1::INTEGER = 2+. * * == Example usage * diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index bec37299..02530789 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -10,7 +10,7 @@ /* modified by Michal Rokos <m.rokos@sh.cvut.cz> */ #include "ossl.h" -#if HAVE_RB_EXT_RACTOR_SAFE +#ifdef HAVE_RB_EXT_RACTOR_SAFE #include <ruby/ractor.h> #endif @@ -155,7 +155,7 @@ ossl_bn_value_ptr(volatile VALUE *ptr) * Private */ -#if HAVE_RB_EXT_RACTOR_SAFE +#ifdef HAVE_RB_EXT_RACTOR_SAFE void ossl_bn_ctx_free(void *ptr) { @@ -223,12 +223,29 @@ ossl_bn_alloc(VALUE klass) /* * call-seq: - * OpenSSL::BN.new(bn) => aBN - * OpenSSL::BN.new(integer) => aBN - * OpenSSL::BN.new(string) => aBN - * OpenSSL::BN.new(string, 0 | 2 | 10 | 16) => aBN + * OpenSSL::BN.new(bn) -> aBN + * OpenSSL::BN.new(integer) -> aBN + * OpenSSL::BN.new(string, base = 10) -> aBN + * + * Construct a new \OpenSSL BIGNUM object. + * + * If +bn+ is an Integer or OpenSSL::BN, a new instance of OpenSSL::BN + * representing the same value is returned. See also Integer#to_bn for the + * short-hand. * - * Construct a new OpenSSL BIGNUM object. + * If a String is given, the content will be parsed according to +base+. + * + * +string+:: + * The string to be parsed. + * +base+:: + * The format. Must be one of the following: + * - +0+ - MPI format. See the man page BN_mpi2bn(3) for details. + * - +2+ - Variable-length and big-endian binary encoding of a positive + * number. + * - +10+ - Decimal number representation, with a leading '-' for a negative + * number. + * - +16+ - Hexadeciaml number representation, with a leading '-' for a + * negative number. */ static VALUE ossl_bn_initialize(int argc, VALUE *argv, VALUE self) @@ -296,16 +313,21 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self) /* * call-seq: - * bn.to_s => string - * bn.to_s(base) => string + * bn.to_s(base = 10) -> string * - * === Parameters - * * _base_ - Integer - * Valid values: - * * 0 - MPI - * * 2 - binary - * * 10 - the default - * * 16 - hex + * Returns the string representation of the bignum. + * + * BN.new can parse the encoded string to convert back into an OpenSSL::BN. + * + * +base+:: + * The format. Must be one of the following: + * - +0+ - MPI format. See the man page BN_bn2mpi(3) for details. + * - +2+ - Variable-length and big-endian binary encoding. The sign of + * the bignum is ignored. + * - +10+ - Decimal number representation, with a leading '-' for a negative + * bignum. + * - +16+ - Hexadeciaml number representation, with a leading '-' for a + * negative bignum. */ static VALUE ossl_bn_to_s(int argc, VALUE *argv, VALUE self) @@ -936,7 +958,17 @@ ossl_bn_copy(VALUE self, VALUE other) static VALUE ossl_bn_uplus(VALUE self) { - return self; + VALUE obj; + BIGNUM *bn1, *bn2; + + GetBN(self, bn1); + obj = NewBN(cBN); + bn2 = BN_dup(bn1); + if (!bn2) + ossl_raise(eBNError, "BN_dup"); + SetBN(obj, bn2); + + return obj; } /* @@ -960,6 +992,24 @@ ossl_bn_uminus(VALUE self) return obj; } +/* + * call-seq: + * bn.abs -> aBN + */ +static VALUE +ossl_bn_abs(VALUE self) +{ + BIGNUM *bn1; + + GetBN(self, bn1); + if (BN_is_negative(bn1)) { + return ossl_bn_uminus(self); + } + else { + return ossl_bn_uplus(self); + } +} + #define BIGNUM_CMP(func) \ static VALUE \ ossl_bn_##func(VALUE self, VALUE other) \ @@ -1176,6 +1226,7 @@ Init_ossl_bn(void) rb_define_method(cBN, "+@", ossl_bn_uplus, 0); rb_define_method(cBN, "-@", ossl_bn_uminus, 0); + rb_define_method(cBN, "abs", ossl_bn_abs, 0); rb_define_method(cBN, "+", ossl_bn_add, 1); rb_define_method(cBN, "-", ossl_bn_sub, 1); diff --git a/ext/openssl/ossl_engine.c b/ext/openssl/ossl_engine.c index 90546934..661a1368 100644 --- a/ext/openssl/ossl_engine.c +++ b/ext/openssl/ossl_engine.c @@ -101,48 +101,48 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass) return Qtrue; } StringValueCStr(name); -#if HAVE_ENGINE_LOAD_DYNAMIC +#ifdef HAVE_ENGINE_LOAD_DYNAMIC OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC); #endif #ifndef OPENSSL_NO_STATIC_ENGINE -#if HAVE_ENGINE_LOAD_4758CCA +#ifdef HAVE_ENGINE_LOAD_4758CCA OSSL_ENGINE_LOAD_IF_MATCH(4758cca, 4758CCA); #endif -#if HAVE_ENGINE_LOAD_AEP +#ifdef HAVE_ENGINE_LOAD_AEP OSSL_ENGINE_LOAD_IF_MATCH(aep, AEP); #endif -#if HAVE_ENGINE_LOAD_ATALLA +#ifdef HAVE_ENGINE_LOAD_ATALLA OSSL_ENGINE_LOAD_IF_MATCH(atalla, ATALLA); #endif -#if HAVE_ENGINE_LOAD_CHIL +#ifdef HAVE_ENGINE_LOAD_CHIL OSSL_ENGINE_LOAD_IF_MATCH(chil, CHIL); #endif -#if HAVE_ENGINE_LOAD_CSWIFT +#ifdef HAVE_ENGINE_LOAD_CSWIFT OSSL_ENGINE_LOAD_IF_MATCH(cswift, CSWIFT); #endif -#if HAVE_ENGINE_LOAD_NURON +#ifdef HAVE_ENGINE_LOAD_NURON OSSL_ENGINE_LOAD_IF_MATCH(nuron, NURON); #endif -#if HAVE_ENGINE_LOAD_SUREWARE +#ifdef HAVE_ENGINE_LOAD_SUREWARE OSSL_ENGINE_LOAD_IF_MATCH(sureware, SUREWARE); #endif -#if HAVE_ENGINE_LOAD_UBSEC +#ifdef HAVE_ENGINE_LOAD_UBSEC OSSL_ENGINE_LOAD_IF_MATCH(ubsec, UBSEC); #endif -#if HAVE_ENGINE_LOAD_PADLOCK +#ifdef HAVE_ENGINE_LOAD_PADLOCK OSSL_ENGINE_LOAD_IF_MATCH(padlock, PADLOCK); #endif -#if HAVE_ENGINE_LOAD_CAPI +#ifdef HAVE_ENGINE_LOAD_CAPI OSSL_ENGINE_LOAD_IF_MATCH(capi, CAPI); #endif -#if HAVE_ENGINE_LOAD_GMP +#ifdef HAVE_ENGINE_LOAD_GMP OSSL_ENGINE_LOAD_IF_MATCH(gmp, GMP); #endif -#if HAVE_ENGINE_LOAD_GOST +#ifdef HAVE_ENGINE_LOAD_GOST OSSL_ENGINE_LOAD_IF_MATCH(gost, GOST); #endif #endif -#if HAVE_ENGINE_LOAD_CRYPTODEV +#ifdef HAVE_ENGINE_LOAD_CRYPTODEV OSSL_ENGINE_LOAD_IF_MATCH(cryptodev, CRYPTODEV); #endif OSSL_ENGINE_LOAD_IF_MATCH(openssl, OPENSSL); diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c index ea8e92d1..0bcc76a9 100644 --- a/ext/openssl/ossl_pkcs7.c +++ b/ext/openssl/ossl_pkcs7.c @@ -101,19 +101,24 @@ static const rb_data_type_t ossl_pkcs7_recip_info_type = { * (MADE PRIVATE UNTIL SOMEBODY WILL NEED THEM) */ static PKCS7_SIGNER_INFO * -ossl_PKCS7_SIGNER_INFO_dup(const PKCS7_SIGNER_INFO *si) +ossl_PKCS7_SIGNER_INFO_dup(PKCS7_SIGNER_INFO *si) { - return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, - (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, - (char *)si); + PKCS7_SIGNER_INFO *si_new = ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, + (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, + si); + if (si_new && si->pkey) { + EVP_PKEY_up_ref(si->pkey); + si_new->pkey = si->pkey; + } + return si_new; } static PKCS7_RECIP_INFO * -ossl_PKCS7_RECIP_INFO_dup(const PKCS7_RECIP_INFO *si) +ossl_PKCS7_RECIP_INFO_dup(PKCS7_RECIP_INFO *si) { - return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, - (d2i_of_void *)d2i_PKCS7_RECIP_INFO, - (char *)si); + return ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, + (d2i_of_void *)d2i_PKCS7_RECIP_INFO, + si); } static VALUE @@ -130,19 +135,6 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si) return obj; } -static PKCS7_SIGNER_INFO * -DupPKCS7SignerPtr(VALUE obj) -{ - PKCS7_SIGNER_INFO *p7si, *pkcs7; - - GetPKCS7si(obj, p7si); - if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) { - ossl_raise(ePKCS7Error, NULL); - } - - return pkcs7; -} - static VALUE ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri) { @@ -157,19 +149,6 @@ ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri) return obj; } -static PKCS7_RECIP_INFO * -DupPKCS7RecipientPtr(VALUE obj) -{ - PKCS7_RECIP_INFO *p7ri, *pkcs7; - - GetPKCS7ri(obj, p7ri); - if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) { - ossl_raise(ePKCS7Error, NULL); - } - - return pkcs7; -} - /* * call-seq: * PKCS7.read_smime(string) => pkcs7 @@ -521,17 +500,18 @@ static VALUE ossl_pkcs7_add_signer(VALUE self, VALUE signer) { PKCS7 *pkcs7; - PKCS7_SIGNER_INFO *p7si; + PKCS7_SIGNER_INFO *si, *si_new; - p7si = DupPKCS7SignerPtr(signer); /* NEED TO DUP */ GetPKCS7(self, pkcs7); - if (!PKCS7_add_signer(pkcs7, p7si)) { - PKCS7_SIGNER_INFO_free(p7si); - ossl_raise(ePKCS7Error, "Could not add signer."); - } - if (PKCS7_type_is_signed(pkcs7)){ - PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType, - V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); + GetPKCS7si(signer, si); + + si_new = ossl_PKCS7_SIGNER_INFO_dup(si); + if (!si_new) + ossl_raise(ePKCS7Error, "PKCS7_SIGNER_INFO_dup"); + + if (PKCS7_add_signer(pkcs7, si_new) != 1) { + PKCS7_SIGNER_INFO_free(si_new); + ossl_raise(ePKCS7Error, "PKCS7_add_signer"); } return self; @@ -567,13 +547,18 @@ static VALUE ossl_pkcs7_add_recipient(VALUE self, VALUE recip) { PKCS7 *pkcs7; - PKCS7_RECIP_INFO *ri; + PKCS7_RECIP_INFO *ri, *ri_new; - ri = DupPKCS7RecipientPtr(recip); /* NEED TO DUP */ GetPKCS7(self, pkcs7); - if (!PKCS7_add_recipient_info(pkcs7, ri)) { - PKCS7_RECIP_INFO_free(ri); - ossl_raise(ePKCS7Error, "Could not add recipient."); + GetPKCS7ri(recip, ri); + + ri_new = ossl_PKCS7_RECIP_INFO_dup(ri); + if (!ri_new) + ossl_raise(ePKCS7Error, "PKCS7_RECIP_INFO_dup"); + + if (PKCS7_add_recipient_info(pkcs7, ri_new) != 1) { + PKCS7_RECIP_INFO_free(ri_new); + ossl_raise(ePKCS7Error, "PKCS7_add_recipient_info"); } return self; |