diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-10 02:44:58 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-21 00:46:34 +0900 |
| commit | 07cfbe5c1dbd7c7fe98bda4701426c86fc76a8a0 (patch) | |
| tree | c85c2764cb4734a269ba9c094bfa026c87242a35 | |
| parent | 815dc5c450e100ec7b3ed08a0f24f0e74c363c48 (diff) | |
| download | ruby-07cfbe5c1dbd7c7fe98bda4701426c86fc76a8a0.tar.gz | |
wip wip
| -rw-r--r-- | ext/openssl/extconf.rb | 3 | ||||
| -rw-r--r-- | ext/openssl/openssl_missing.c | 25 | ||||
| -rw-r--r-- | ext/openssl/openssl_missing.h | 9 | ||||
| -rw-r--r-- | ext/openssl/ossl_x509attr.c | 50 | ||||
| -rw-r--r-- | ext/openssl/ossl_x509cert.c | 2 | ||||
| -rw-r--r-- | ext/openssl/ossl_x509crl.c | 6 |
6 files changed, 76 insertions, 19 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index a0d12a63bc..a75855ddf7 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -106,9 +106,11 @@ have_func("X509_CRL_add0_revoked") have_func("X509_CRL_set_issuer_name") have_func("X509_CRL_set_version") have_func("X509_CRL_sort") +have_func("X509_CRL_get0_signature") have_func("X509_NAME_hash_old") have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") +have_func("X509_up_ref") have_func("OBJ_NAME_do_all_sorted") have_func("SSL_SESSION_get_id") have_func("SSL_SESSION_cmp") @@ -165,7 +167,6 @@ end have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h") have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h") -have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h") have_macro("OPENSSL_FIPS", ['openssl/opensslconf.h']) && $defs.push("-DHAVE_OPENSSL_FIPS") have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION") have_func("CRYPTO_lock") # removed in OpenSSL 1.1 diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index a053cfb488..145ecfe5da 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -489,3 +489,28 @@ SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) #endif } #endif + +#if !defined(HAVE_X509_UP_REF) +void +X509_up_ref(X509 *x509) +{ + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); +} + +void +X509_CRL_up_ref(X509_CRL *crl) +{ + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); +} +#endif + +#if !defined(X509_CRL_GET0_SIGNATURE) +void +X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) +{ + if (psig != NULL) + *psig = &crl->signature; + if (palg != NULL) + *palg = &crl->sig_alg; +} +#endif diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 90cb6f060a..ef0e301e99 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -212,6 +212,15 @@ int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); #endif +#if !defined(HAVE_X509_UP_REF) +void X509_up_ref(X509 *x509); +void X509_CRL_up_ref(X509_CRL *crl); +#endif + +#if !defined(X509_CRL_GET0_SIGNATURE) +void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl); +#endif + #if defined(__cplusplus) } #endif diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index d0f41c6bb8..8f51436fd6 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -178,13 +178,13 @@ ossl_x509attr_get_oid(VALUE self) return ret; } -#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE) +/*#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) # define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single) # define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1) #else # define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set) # define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0) -#endif +#endif*/ /* * call-seq: @@ -202,13 +202,27 @@ ossl_x509attr_set_value(VALUE self, VALUE value) ASN1_TYPE_free(a1type); ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value."); } + GetX509Attr(self, attr); - if(attr->value.set){ - if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single); - else sk_ASN1_TYPE_free(attr->value.set); + if (X509_ATTRIBUTE_count(attr)) { + ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr); + /* populated, reset first */ + X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_new(); + if (!attr) { + ASN1_TYPE_free(a1type); + ossl_raise(rb_eRuntimeError, "X509_ATTRIBUTE_new() failed"); + } + SetX509Attr(self, new_attr); + X509_ATTRIBUTE_set1_object(new_attr, obj); + X509_ATTRIBUTE_free(attr); + attr = new_attr; } - OSSL_X509ATTR_SET_SINGLE(attr); - attr->value.single = a1type; + + if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value)) { + ASN1_TYPE_free(a1type); + ossl_raise(eX509AttrError, "X509_ATTRIBUTE_set1_data() failed"); + } + ASN1_TYPE_free(a1type); return value; } @@ -224,26 +238,32 @@ ossl_x509attr_get_value(VALUE self) VALUE str, asn1; long length; unsigned char *p; + int count; GetX509Attr(self, attr); - if(attr->value.ptr == NULL) return Qnil; - if(OSSL_X509ATTR_IS_SINGLE(attr)){ - length = i2d_ASN1_TYPE(attr->value.single, NULL); + count = X509_ATTRIBUTE_count(attr); + if (!count) return Qnil; + if (count == 1) { + ASN1_TYPE *a1type = X509_ATTRIBUTE_get0_type(attr, 0); + length = i2d_ASN1_TYPE(a1type, NULL); str = rb_str_new(0, length); p = (unsigned char *)RSTRING_PTR(str); - i2d_ASN1_TYPE(attr->value.single, &p); - ossl_str_adjust(str, p); + i2d_ASN1_TYPE(a1type, &p); } else{ - length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, + /*length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, (unsigned char **) NULL, i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); str = rb_str_new(0, length); p = (unsigned char *)RSTRING_PTR(str); i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p, - i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); - ossl_str_adjust(str, p); + i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);*/ + length = i2d_X509_ATTRIBUTE(attr, NULL); + str = rb_str_new(0, length); + p = (unsigned char *)RSTRING_PTR(str); + i2d_X509_ATTRIBUTE(attr, &p); } + ossl_str_adjust(str, p); asn1 = rb_funcall(mASN1, rb_intern("decode"), 1, str); return asn1; diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 4dafae17b9..db8ba02375 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -122,7 +122,7 @@ DupX509CertPtr(VALUE obj) SafeGetX509(obj, x509); - CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x509); return x509; } diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index f64712efcd..9ad98430ab 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -67,7 +67,7 @@ DupX509CRLPtr(VALUE obj) X509_CRL *crl; SafeGetX509CRL(obj, crl); - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + X509_CRL_up_ref(crl); return crl; } @@ -180,6 +180,7 @@ static VALUE ossl_x509crl_get_signature_algorithm(VALUE self) { X509_CRL *crl; + X509_ALGOR *alg; BIO *out; BUF_MEM *buf; VALUE str; @@ -188,7 +189,8 @@ ossl_x509crl_get_signature_algorithm(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eX509CRLError, NULL); } - if (!i2a_ASN1_OBJECT(out, crl->sig_alg->algorithm)) { + X509_CRL_get0_signature(NULL, &alg, crl); + if (!i2a_ASN1_OBJECT(out, alg->algorithm)) { BIO_free(out); ossl_raise(eX509CRLError, NULL); } |