diff options
author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-09-17 09:05:02 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-09-17 09:05:02 +0000 |
commit | 30103702c367c5cdaa18b6a622f3916cec6c701e (patch) | |
tree | c236089aa9c6b4183729735e221606a9b536d217 /ext/openssl/ossl_x509ext.c | |
parent | 12196ee24fce0e601106036e67526819cac07291 (diff) | |
download | ruby-30103702c367c5cdaa18b6a622f3916cec6c701e.tar.gz |
* ext/openssl: all files are reviewed to simplify and avoid memory leak.
* ext/openssl/extconf.rb: add check for assert.h.
* ext/openssl/ossl.c (ossl_buf2str): new function to convert
C buffer to String and free buffer.
* ext/openssl/ossl.c (ossl_x509_ary2sk): new function to convert
Array of OpenSSL::X509 to STACK_OF(X509) with exception safe.
* ext/openssl/ossl.c (ossl_to_der, ossl_to_der_if_possible): new
functions to convert object to DER string.
* ext/openssl/ossl.h: ditto.
* ext/openssl/ossl_bio.c (ossl_membio2str): new function to convert
BIO to String object and free BIO.
* ext/openssl/ossl_bio.h: ditto.
* ext/openssl/ossl_pkcs7.c (ossl_pkcs7_to_der): add for "to_der".
* ext/openssl/ossl_x509name.c (ossl_x509name_to_der): ditto.
* ext/openssl/ossl_x509ext.c (ossl_x509ext_to_der): ditto.
* ext/openssl/ossl_x509ext.c (create_ext_from_array): removed
and reimplement in openssl/x509.rb.
* ext/openssl/ossl_x509attr.c: reimplemented and disable some
method temporarily. this class doesn't work fine without ASN.1
data support;-) I'll rewrite in near future.
* ext/openssl/lib/openssl/x509.c (X509::Attribute): get rid off
unused code.
* ext/openssl/lib/openssl/x509.c (X509::ExtensionFactory): refine all.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4558 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_x509ext.c')
-rw-r--r-- | ext/openssl/ossl_x509ext.c | 112 |
1 files changed, 48 insertions, 64 deletions
diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c index c1f443df66..495c18049a 100644 --- a/ext/openssl/ossl_x509ext.c +++ b/ext/openssl/ossl_x509ext.c @@ -181,20 +181,17 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) /*GetX509ExtFactory(self, ctx);*/ - rb_scan_args(argc, argv, "04", &issuer_cert, &subject_cert, &subject_req, &crl); - - if (!NIL_P(issuer_cert)) { + rb_scan_args(argc, argv, "04", + &issuer_cert, &subject_cert, &subject_req, &crl); + if (!NIL_P(issuer_cert)) ossl_x509extfactory_set_issuer_cert(self, issuer_cert); - } - if (!NIL_P(subject_cert)) { + if (!NIL_P(subject_cert)) ossl_x509extfactory_set_subject_cert(self, subject_cert); - } - if (!NIL_P(subject_req)) { + if (!NIL_P(subject_req)) ossl_x509extfactory_set_subject_req(self, subject_req); - } - if (!NIL_P(crl)) { + if (!NIL_P(crl)) ossl_x509extfactory_set_crl(self, crl); - } + return self; } @@ -207,46 +204,26 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) * ["ln", "value"] => not critical */ static VALUE -ossl_x509extfactory_create_ext_from_array(VALUE self, VALUE ary) +ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self) { X509V3_CTX *ctx; X509_EXTENSION *ext; + VALUE oid, value, critical, valstr, obj; int nid; - char *value; - VALUE item, obj; GetX509ExtFactory(self, ctx); - Check_Type(ary, T_ARRAY); - if ((RARRAY(ary)->len) < 2 || (RARRAY(ary)->len > 3)) { /*2 or 3 allowed*/ - ossl_raise(eX509ExtError, "unsupported structure"); - } - /* key [0] */ - item = RARRAY(ary)->ptr[0]; - StringValue(item); - if (!(nid = OBJ_ln2nid(RSTRING(item)->ptr))) { - if (!(nid = OBJ_sn2nid(RSTRING(item)->ptr))) { - ossl_raise(eX509ExtError, NULL); - } - } - /* data [1] */ - item = RARRAY(ary)->ptr[1]; - StringValue(item); - /* (optional) critical [2] */ - if (RARRAY(ary)->len == 3 && RARRAY(ary)->ptr[2] == Qtrue) { - if (!(value = OPENSSL_malloc(strlen("critical,") + - (RSTRING(item)->len) + 1))) { - ossl_raise(eX509ExtError, "malloc error"); - } - strcpy(value, "critical,"); - strncat(value, RSTRING(item)->ptr, RSTRING(item)->len); - } else { - value = strdup(StringValuePtr(item)); - } - if (!(ext = X509V3_EXT_conf_nid(NULL, ctx, nid, value))) { - OPENSSL_free(value); - ossl_raise(eX509ExtError, NULL); - } - OPENSSL_free(value); + rb_scan_args(argc, argv, "21", &oid, &value, &critical); + StringValue(oid); + StringValue(value); + if(NIL_P(critical)) critical = Qfalse; + + nid = OBJ_ln2nid(RSTRING(oid)->ptr); + if(!nid) nid = OBJ_sn2nid(RSTRING(oid)->ptr); + if(!nid) ossl_raise(eX509ExtError, NULL); + valstr = rb_str_new2(RTEST(critical) ? "critical," : ""); + rb_str_append(valstr, value); + ext = X509V3_EXT_conf_nid(NULL, ctx, nid, RSTRING(valstr)->ptr); + if (!ext) ossl_raise(eX509ExtError, NULL); WrapX509Ext(cX509Ext, obj, ext); return obj; @@ -273,8 +250,18 @@ static VALUE ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self) { VALUE oid, value, critical; + unsigned char *p; + X509_EXTENSION *ext; - rb_scan_args(argc, argv, "21", &oid, &value, &critical); + if(rb_scan_args(argc, argv, "12", &oid, &value, &critical) == 1){ + /* evaluate oid as a DER string */ + oid = ossl_to_der_if_possible(oid); + GetX509Ext(self, ext); + p = RSTRING(oid)->ptr; + if(!d2i_X509_EXTENSION(&ext, &p, RSTRING(oid)->len)) + ossl_raise(eX509ExtError, NULL); + return self; + } rb_funcall(self, rb_intern("oid="), 1, oid); rb_funcall(self, rb_intern("value="), 1, value); if(argc > 2) rb_funcall(self, rb_intern("critical="), 1, critical); @@ -307,17 +294,17 @@ ossl_x509ext_set_value(VALUE self, VALUE data) char *s; GetX509Ext(self, ext); - StringValue(data); + data = ossl_to_der_if_possible(data); if(!(s = OPENSSL_malloc(RSTRING(data)->len))) ossl_raise(eX509ExtError, "malloc error"); memcpy(s, RSTRING(data)->ptr, RSTRING(data)->len); if(!(asn1s = ASN1_OCTET_STRING_new())){ - free(s); + free(s); ossl_raise(eX509ExtError, NULL); } if(!M_ASN1_OCTET_STRING_set(asn1s, s, RSTRING(data)->len)){ - free(s); - ASN1_OCTET_STRING_free(asn1s); + free(s); + ASN1_OCTET_STRING_free(asn1s); ossl_raise(eX509ExtError, NULL); } X509_EXTENSION_set_data(ext, asn1s); @@ -343,7 +330,7 @@ ossl_x509ext_get_oid(VALUE obj) ASN1_OBJECT *extobj; BIO *out; VALUE ret; - int nid, status = 0; + int nid; GetX509Ext(obj, ext); extobj = X509_EXTENSION_get_object(ext); @@ -353,9 +340,7 @@ ossl_x509ext_get_oid(VALUE obj) if (!(out = BIO_new(BIO_s_mem()))) ossl_raise(eX509ExtError, NULL); i2a_ASN1_OBJECT(out, extobj); - ret = ossl_protect_membio2str(out, &status); - BIO_free(out); - if(status) rb_jump_tag(status); + ret = ossl_membio2str(out); } return ret; @@ -367,16 +352,13 @@ ossl_x509ext_get_value(VALUE obj) X509_EXTENSION *ext; BIO *out; VALUE ret; - int status = 0; GetX509Ext(obj, ext); if (!(out = BIO_new(BIO_s_mem()))) ossl_raise(eX509ExtError, NULL); if (!X509V3_EXT_print(out, ext, 0, 0)) M_ASN1_OCTET_STRING_print(out, ext->value); - ret = ossl_protect_membio2str(out, &status); - BIO_free(out); - if(status) rb_jump_tag(status); + ret = ossl_membio2str(out); return ret; } @@ -394,15 +376,17 @@ ossl_x509ext_to_der(VALUE obj) { X509_EXTENSION *ext; unsigned char *p; - int len; + long len; VALUE str; GetX509Ext(obj, ext); - p = NULL; - if((len = i2d_X509_EXTENSION(ext, &p)) < 0) - ossl_raise(eX509ExtError, NULL); - str = rb_str_new(p, len); - free(p); + if((len = i2d_X509_EXTENSION(ext, NULL)) <= 0) + ossl_raise(eX509ExtError, NULL); + str = rb_str_new(0, len); + p = RSTRING(str)->ptr; + if(i2d_X509_EXTENSION(ext, &p) < 0) + ossl_raise(eX509ExtError, NULL); + ossl_str_adjust(str, p); return str; } @@ -431,7 +415,7 @@ Init_ossl_x509ext() rb_define_method(cX509ExtFactory, "subject_request=", ossl_x509extfactory_set_subject_req, 1); rb_define_method(cX509ExtFactory, "crl=", ossl_x509extfactory_set_crl, 1); rb_define_method(cX509ExtFactory, "config=", ossl_x509extfactory_set_config, 1); - rb_define_method(cX509ExtFactory, "create_ext_from_array", ossl_x509extfactory_create_ext_from_array, 1); + rb_define_method(cX509ExtFactory, "create_ext", ossl_x509extfactory_create_ext, -1); cX509Ext = rb_define_class_under(mX509, "Extension", rb_cObject); rb_define_alloc_func(cX509Ext, ossl_x509ext_alloc); |