diff options
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/extconf.rb | 3 | ||||
-rw-r--r-- | ext/openssl/openssl_missing.c | 99 | ||||
-rw-r--r-- | ext/openssl/ossl.c | 1 | ||||
-rw-r--r-- | ext/openssl/ossl_bn.c | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_cipher.c | 5 | ||||
-rw-r--r-- | ext/openssl/ossl_hmac.c | 7 | ||||
-rw-r--r-- | ext/openssl/ossl_ocsp.c | 7 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey.c | 4 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey.h | 18 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_dh.c | 42 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_dsa.c | 52 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_ec.c | 6 | ||||
-rw-r--r-- | ext/openssl/ossl_pkey_rsa.c | 70 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 42 | ||||
-rw-r--r-- | ext/openssl/ossl_x509attr.c | 2 |
15 files changed, 235 insertions, 125 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 4c9ba35169..cb12bf04bb 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -95,6 +95,8 @@ have_func("HMAC_CTX_new") have_func("HMAC_CTX_init") # for 0.9.6 have_func("HMAC_CTX_free") have_func("HMAC_CTX_cleanup") # for 0.9.6 +have_func("HMAC_CTX_reset") +have_func("HMAC_Init_ex") have_func("HMAC_CTX_copy") have_func("PEM_def_callback") have_func("PKCS5_PBKDF2_HMAC") @@ -132,6 +134,7 @@ have_func("TLSv1_2_server_method") have_func("TLSv1_2_client_method") have_func("SSL_CTX_set_alpn_select_cb") have_func("SSL_CTX_set_next_proto_select_cb") +have_func("SSL_CTX_set_tmp_ecdh_callback") # workaround: 1.1.0 removed this have_macro("SSL_get_server_tmp_key", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_GET_SERVER_TMP_KEY") unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h']) have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME") diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index ac7202ee4a..2c953dd53b 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -81,7 +81,18 @@ EVP_MD_CTX_free(EVP_MD_CTX *ctx) } #endif -#if !defined(HAVE_HMAC_CTX_NEW) +#if defined(HAVE_HMAC_INIT_EX) +int +HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, + const EVP_MD *md, void *impl) +{ + if (impl) + rb_bug("impl not supported"); + return HMAC_Init(ctx, key, key_len, md); +} +#endif + +#if !defined(HAVE_HMAC_CTX_RESET) #if !defined(HAVE_EVP_MD_CTX_INIT) static void EVP_MD_CTX_init(EVP_MD_CTX *ctx) @@ -90,13 +101,9 @@ EVP_MD_CTX_init(EVP_MD_CTX *ctx) } #endif -/* new in 1.1.0 */ -HMAC_CTX * -HMAC_CTX_new(void) +int +HMAC_CTX_reset(HMAC_CTX *ctx) { - HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); - if (!ctx) - return NULL; #if defined(HAVE_HMAC_CTX_INIT) HMAC_CTX_init(ctx); #else /* 0.9.6 */ @@ -104,6 +111,18 @@ HMAC_CTX_new(void) EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); #endif +} +#endif + +#if !defined(HAVE_HMAC_CTX_NEW) +/* new in 1.1.0 */ +HMAC_CTX * +HMAC_CTX_new(void) +{ + HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); + HMAC_CTX_reset(ctx); + if (!ctx) + return NULL; return ctx; } #endif @@ -453,12 +472,64 @@ OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, } #endif -#if !defined(HAVE_EVP_PKEY_id) +#if !defined(HAVE_OCSP_SINGLERESP_DELETE_EXT) +X509_EXTENSION * +OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *s, int loc) +{ + return sk_X509_EXTENSION_delete(s->singleExtensions, loc); +} +#endif + +#if !defined(HAVE_OCSP_SINGLEREST_GET0_ID) +OCSP_CERTID * +OCSP_SINGLERESP_get0_id(OCSP_SINGLERESP *single) +{ + return single->certId; +} +#endif + +#if !defined(HAVE_EVP_PKEY_id) /* 1.1.0 */ int EVP_PKEY_id(const EVP_PKEY *pkey) { return pkey->type; } + +RSA * +EVP_PKEY_get0_RSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) + return NULL; + return pkey->pkey.rsa; +} + +DSA * +EVP_PKEY_get0_DSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DSA) + return NULL; + return pkey->pkey.dsa; +} + +#if !defined(OPENSSL_NO_EC) +EC_KEY * +EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_EC) + return NULL; + return pkey->pkey.ec; +} +#endif + +#if !defined(OPENSSL_NO_DH) +DH * +EVP_PKEY_get0_DH(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DH) + return NULL; + return pkey->pkey.dh; +} +#endif #endif #if !defined(HAVE_SSL_SESSION_GET_ID) @@ -502,6 +573,18 @@ X509_CRL_up_ref(X509_CRL *crl) { CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); } + +void +SSL_SESSION_up_ref(SSL_SESSION *sess) +{ + CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); +} + +void +EVP_PKEY_up_ref(EVP_PKEY *pkey) +{ + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); +} #endif #if !defined(X509_CRL_GET0_SIGNATURE) diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 2337f2b756..770a08cfd3 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -7,7 +7,6 @@ * This program is licensed under the same licence as Ruby. * (See the file 'LICENCE'.) */ -#define OPENSSL_MIN_API 0x20000000L #include "ossl.h" #include <stdarg.h> /* for ossl_raise */ /* diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c index 682870b0c1..92d7bf6f5c 100644 --- a/ext/openssl/ossl_bn.c +++ b/ext/openssl/ossl_bn.c @@ -761,7 +761,7 @@ ossl_bn_s_generate_prime(int argc, VALUE *argv, VALUE klass) if (!(result = BN_new())) { ossl_raise(eBNError, NULL); } - if (!BN_generate_prime_ex(result, num, safe, add, rem, NULL, NULL)) { + if (!BN_generate_prime_ex(result, num, safe, add, rem, NULL)) { BN_free(result); ossl_raise(eBNError, NULL); } diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index e9808fb996..e4b9a022d2 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -143,7 +143,10 @@ ossl_cipher_copy(VALUE self, VALUE other) GetCipherInit(self, ctx1); if (!ctx1) { - AllocCipher(self, ctx1); + ctx1 = EVP_CIPHER_CTX_new(); + if (!ctx1) + ossl_raise(rb_eRuntimeError, "EVP_CIPHER_CTX_new() failed"); + RTYPEDDATA_DATA(self) = ctx1; } SafeGetCipher(other, ctx2); if (EVP_CIPHER_CTX_copy(ctx1, ctx2) != 1) diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index db911bb9cd..c2aa50bbdc 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -104,8 +104,9 @@ ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest) StringValue(key); GetHMAC(self, ctx); - HMAC_Init(ctx, RSTRING_PTR(key), RSTRING_LENINT(key), - GetDigestPtr(digest)); + HMAC_CTX_reset(ctx); + HMAC_Init_ex(ctx, RSTRING_PTR(key), RSTRING_LENINT(key), + GetDigestPtr(digest), NULL); return self; } @@ -253,7 +254,7 @@ ossl_hmac_reset(VALUE self) HMAC_CTX *ctx; GetHMAC(self, ctx); - HMAC_Init(ctx, NULL, 0, NULL); + HMAC_CTX_reset(ctx); return self; } diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c index d92d708724..9c8e59e2a8 100644 --- a/ext/openssl/ossl_ocsp.c +++ b/ext/openssl/ossl_ocsp.c @@ -708,8 +708,9 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, if(!NIL_P(ext)){ X509_EXTENSION *x509ext; - sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free); - single->singleExtensions = NULL; + while ((x509ext = OCSP_SINGLERESP_delete_ext(single, 0))) { + X509_EXTENSION_free(x509ext); + } for(i = 0; i < RARRAY_LEN(ext); i++){ x509ext = DupX509ExtPtr(RARRAY_AREF(ext, i)); if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){ @@ -764,7 +765,7 @@ ossl_ocspbres_get_status(VALUE self) status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd); if(status < 0) continue; - if(!(cid = OCSP_CERTID_dup(single->certId))) + if(!(cid = OCSP_CERTID_dup(OCSP_SINGLERESP_get0_id(single)))) ossl_raise(eOCSPError, NULL); ary = rb_ary_new(); rb_ary_push(ary, ossl_ocspcertid_new(cid)); diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 8ead9cc472..d428673b39 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -212,7 +212,7 @@ DupPKeyPtr(VALUE obj) EVP_PKEY *pkey; SafeGetPKey(obj, pkey); - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pkey); return pkey; } @@ -226,7 +226,7 @@ DupPrivPKeyPtr(VALUE obj) ossl_raise(rb_eArgError, "Private key is needed."); } SafeGetPKey(obj, pkey); - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pkey); return pkey; } diff --git a/ext/openssl/ossl_pkey.h b/ext/openssl/ossl_pkey.h index 7288d5af7f..e682de900f 100644 --- a/ext/openssl/ossl_pkey.h +++ b/ext/openssl/ossl_pkey.h @@ -100,7 +100,7 @@ VALUE ossl_ec_new(EVP_PKEY *); void Init_ossl_ec(void); -#define OSSL_PKEY_BN(keytype, name) \ +#define OSSL_PKEY_BN(keytype, type, name) \ /* \ * call-seq: \ * key.##name -> aBN \ @@ -111,7 +111,7 @@ static VALUE ossl_##keytype##_get_##name(VALUE self) \ BIGNUM *bn; \ \ GetPKey(self, pkey); \ - bn = pkey->pkey.keytype->name; \ + bn = EVP_PKEY_get0_##type(pkey)->name; \ if (bn == NULL) \ return Qnil; \ return ossl_bn_new(bn); \ @@ -124,20 +124,22 @@ static VALUE ossl_##keytype##_set_##name(VALUE self, VALUE bignum) \ { \ EVP_PKEY *pkey; \ BIGNUM *bn; \ + type *obj; \ \ GetPKey(self, pkey); \ + obj = EVP_PKEY_get0_##type(pkey); \ if (NIL_P(bignum)) { \ - BN_clear_free(pkey->pkey.keytype->name); \ - pkey->pkey.keytype->name = NULL; \ + BN_clear_free(obj->name); \ + obj->name = NULL; \ return Qnil; \ } \ \ bn = GetBNPtr(bignum); \ - if (pkey->pkey.keytype->name == NULL) \ - pkey->pkey.keytype->name = BN_new(); \ - if (pkey->pkey.keytype->name == NULL) \ + if (obj->name == NULL) \ + obj->name = BN_new(); \ + if (obj->name == NULL) \ ossl_raise(eBNError, NULL); \ - if (BN_copy(pkey->pkey.keytype->name, bn) == NULL) \ + if (BN_copy(obj->name, bn) == NULL) \ ossl_raise(eBNError, NULL); \ return bignum; \ } diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c index fb9ba36971..96aa80b39e 100644 --- a/ext/openssl/ossl_pkey_dh.c +++ b/ext/openssl/ossl_pkey_dh.c @@ -13,7 +13,7 @@ #define GetPKeyDH(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_DH) { /* PARANOIA? */ \ + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_DH) { /* PARANOIA? */ \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A DH!") ; \ } \ } while (0) @@ -110,7 +110,7 @@ dh_generate(int size, int gen) BN_GENCB *cb = BN_GENCB_new(); if (!dh || !cb) { - if (dh) DH_free(e); + if (dh) DH_free(dh); if (cb) BN_GENCB_free(cb); return 0; } @@ -262,7 +262,7 @@ ossl_dh_is_public(VALUE self) GetPKeyDH(self, pkey); - return (pkey->pkey.dh->pub_key) ? Qtrue : Qfalse; + return EVP_PKEY_get0_DH(pkey)->pub_key ? Qtrue : Qfalse; } /* @@ -279,7 +279,7 @@ ossl_dh_is_private(VALUE self) GetPKeyDH(self, pkey); - return (DH_PRIVATE(pkey->pkey.dh)) ? Qtrue : Qfalse; + return DH_PRIVATE(EVP_PKEY_get0_DH(pkey)) ? Qtrue : Qfalse; } /* @@ -303,7 +303,7 @@ ossl_dh_export(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDHError, NULL); } - if (!PEM_write_bio_DHparams(out, pkey->pkey.dh)) { + if (!PEM_write_bio_DHparams(out, EVP_PKEY_get0_DH(pkey))) { BIO_free(out); ossl_raise(eDHError, NULL); } @@ -330,11 +330,11 @@ ossl_dh_to_der(VALUE self) VALUE str; GetPKeyDH(self, pkey); - if((len = i2d_DHparams(pkey->pkey.dh, NULL)) <= 0) + if((len = i2d_DHparams(EVP_PKEY_get0_DH(pkey), NULL)) <= 0) ossl_raise(eDHError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); - if(i2d_DHparams(pkey->pkey.dh, &p) < 0) + if(i2d_DHparams(EVP_PKEY_get0_DH(pkey), &p) < 0) ossl_raise(eDHError, NULL); ossl_str_adjust(str, p); @@ -354,15 +354,17 @@ ossl_dh_get_params(VALUE self) { EVP_PKEY *pkey; VALUE hash; + DH *dh; GetPKeyDH(self, pkey); hash = rb_hash_new(); - rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dh->p)); - rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dh->g)); - rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dh->pub_key)); - rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dh->priv_key)); + dh = EVP_PKEY_get0_DH(pkey); + rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(dh->p)); + rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(dh->g)); + rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(dh->pub_key)); + rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(dh->priv_key)); return hash; } @@ -386,7 +388,7 @@ ossl_dh_to_text(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDHError, NULL); } - if (!DHparams_print(out, pkey->pkey.dh)) { + if (!DHparams_print(out, EVP_PKEY_get0_DH(pkey))) { BIO_free(out); ossl_raise(eDHError, NULL); } @@ -424,7 +426,7 @@ ossl_dh_to_public_key(VALUE self) VALUE obj; GetPKeyDH(self, pkey); - dh = DHparams_dup(pkey->pkey.dh); /* err check perfomed by dh_instance */ + dh = DHparams_dup(EVP_PKEY_get0_DH(pkey)); /* err check perfomed by dh_instance */ obj = dh_instance(CLASS_OF(self), dh); if (obj == Qfalse) { DH_free(dh); @@ -450,7 +452,7 @@ ossl_dh_check_params(VALUE self) int codes; GetPKeyDH(self, pkey); - dh = pkey->pkey.dh; + dh = EVP_PKEY_get0_DH(pkey); if (!DH_check(dh, &codes)) { return Qfalse; @@ -482,7 +484,7 @@ ossl_dh_generate_key(VALUE self) EVP_PKEY *pkey; GetPKeyDH(self, pkey); - dh = pkey->pkey.dh; + dh = EVP_PKEY_get0_DH(pkey); if (!DH_generate_key(dh)) ossl_raise(eDHError, "Failed to generate key"); @@ -510,7 +512,7 @@ ossl_dh_compute_key(VALUE self, VALUE pub) int len; GetPKeyDH(self, pkey); - dh = pkey->pkey.dh; + dh = EVP_PKEY_get0_DH(pkey); pub_key = GetBNPtr(pub); len = DH_size(dh); str = rb_str_new(0, len); @@ -522,10 +524,10 @@ ossl_dh_compute_key(VALUE self, VALUE pub) return str; } -OSSL_PKEY_BN(dh, p) -OSSL_PKEY_BN(dh, g) -OSSL_PKEY_BN(dh, pub_key) -OSSL_PKEY_BN(dh, priv_key) +OSSL_PKEY_BN(dh, DH, p) +OSSL_PKEY_BN(dh, DH, g) +OSSL_PKEY_BN(dh, DH, pub_key) +OSSL_PKEY_BN(dh, DH, priv_key) /* * INIT diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 2e6a734024..160391a2b0 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -13,7 +13,7 @@ #define GetPKeyDSA(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_DSA) { /* PARANOIA? */ \ + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_DSA) { /* PARANOIA? */ \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \ } \ } while (0) @@ -104,7 +104,7 @@ dsa_generate(int size) struct ossl_generate_cb_arg cb_arg; struct dsa_blocking_gen_arg gen_arg; DSA *dsa = DSA_new(); - BN_GENCB *cb = BN_GENCB_new();; + BN_GENCB *cb = BN_GENCB_new(); unsigned char seed[20]; int seed_len = 20, counter; unsigned long h; @@ -275,7 +275,7 @@ ossl_dsa_is_public(VALUE self) GetPKeyDSA(self, pkey); - return (pkey->pkey.dsa->pub_key) ? Qtrue : Qfalse; + return (EVP_PKEY_get0_DSA(pkey)->pub_key) ? Qtrue : Qfalse; } /* @@ -292,7 +292,7 @@ ossl_dsa_is_private(VALUE self) GetPKeyDSA(self, pkey); - return (DSA_PRIVATE(self, pkey->pkey.dsa)) ? Qtrue : Qfalse; + return (DSA_PRIVATE(self, EVP_PKEY_get0_DSA(pkey))) ? Qtrue : Qfalse; } /* @@ -335,14 +335,14 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDSAError, NULL); } - if (DSA_HAS_PRIVATE(pkey->pkey.dsa)) { - if (!PEM_write_bio_DSAPrivateKey(out, pkey->pkey.dsa, ciph, + if (DSA_HAS_PRIVATE(EVP_PKEY_get0_DSA(pkey))) { + if (!PEM_write_bio_DSAPrivateKey(out, EVP_PKEY_get0_DSA(pkey), ciph, NULL, 0, ossl_pem_passwd_cb, passwd)){ BIO_free(out); ossl_raise(eDSAError, NULL); } } else { - if (!PEM_write_bio_DSA_PUBKEY(out, pkey->pkey.dsa)) { + if (!PEM_write_bio_DSA_PUBKEY(out, EVP_PKEY_get0_DSA(pkey))) { BIO_free(out); ossl_raise(eDSAError, NULL); } @@ -369,15 +369,15 @@ ossl_dsa_to_der(VALUE self) VALUE str; GetPKeyDSA(self, pkey); - if(DSA_HAS_PRIVATE(pkey->pkey.dsa)) + if(DSA_HAS_PRIVATE(EVP_PKEY_get0_DSA(pkey))) i2d_func = (int(*)_((DSA*,unsigned char**)))i2d_DSAPrivateKey; else i2d_func = i2d_DSA_PUBKEY; - if((len = i2d_func(pkey->pkey.dsa, NULL)) <= 0) + if((len = i2d_func(EVP_PKEY_get0_DSA(pkey), NULL)) <= 0) ossl_raise(eDSAError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(pkey->pkey.dsa, &p) < 0) + if(i2d_func(EVP_PKEY_get0_DSA(pkey), &p) < 0) ossl_raise(eDSAError, NULL); ossl_str_adjust(str, p); @@ -402,11 +402,11 @@ ossl_dsa_get_params(VALUE self) hash = rb_hash_new(); - rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dsa->p)); - rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.dsa->q)); - rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dsa->g)); - rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dsa->pub_key)); - rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dsa->priv_key)); + rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(EVP_PKEY_get0_DSA(pkey)->p)); + rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(EVP_PKEY_get0_DSA(pkey)->q)); + rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(EVP_PKEY_get0_DSA(pkey)->g)); + rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(EVP_PKEY_get0_DSA(pkey)->pub_key)); + rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(EVP_PKEY_get0_DSA(pkey)->priv_key)); return hash; } @@ -430,7 +430,7 @@ ossl_dsa_to_text(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eDSAError, NULL); } - if (!DSA_print(out, pkey->pkey.dsa, 0)) { /* offset = 0 */ + if (!DSA_print(out, EVP_PKEY_get0_DSA(pkey), 0)) { /* offset = 0 */ BIO_free(out); ossl_raise(eDSAError, NULL); } @@ -465,7 +465,7 @@ ossl_dsa_to_public_key(VALUE self) GetPKeyDSA(self, pkey); /* err check performed by dsa_instance */ - dsa = DSAPublicKey_dup(pkey->pkey.dsa); + dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey)); obj = dsa_instance(CLASS_OF(self), dsa); if (obj == Qfalse) { DSA_free(dsa); @@ -474,7 +474,7 @@ ossl_dsa_to_public_key(VALUE self) return obj; } -#define ossl_dsa_buf_size(pkey) (DSA_size((pkey)->pkey.dsa)+16) +#define ossl_dsa_buf_size(pkey) (DSA_size(EVP_PKEY_get0_DSA(pkey))+16) /* * call-seq: @@ -504,13 +504,13 @@ ossl_dsa_sign(VALUE self, VALUE data) GetPKeyDSA(self, pkey); StringValue(data); - if (!DSA_PRIVATE(self, pkey->pkey.dsa)) { + if (!DSA_PRIVATE(self, EVP_PKEY_get0_DSA(pkey))) { ossl_raise(eDSAError, "Private DSA key needed!"); } str = rb_str_new(0, ossl_dsa_buf_size(pkey)); if (!DSA_sign(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data), (unsigned char *)RSTRING_PTR(str), - &buf_len, pkey->pkey.dsa)) { /* type is ignored (0) */ + &buf_len, EVP_PKEY_get0_DSA(pkey))) { /* type is ignored (0) */ ossl_raise(eDSAError, NULL); } rb_str_set_len(str, buf_len); @@ -548,7 +548,7 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) StringValue(sig); /* type is ignored (0) */ ret = DSA_verify(0, (unsigned char *)RSTRING_PTR(digest), RSTRING_LENINT(digest), - (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey->pkey.dsa); + (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), EVP_PKEY_get0_DSA(pkey)); if (ret < 0) { ossl_raise(eDSAError, NULL); } @@ -559,11 +559,11 @@ ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig) return Qfalse; } -OSSL_PKEY_BN(dsa, p) -OSSL_PKEY_BN(dsa, q) -OSSL_PKEY_BN(dsa, g) -OSSL_PKEY_BN(dsa, pub_key) -OSSL_PKEY_BN(dsa, priv_key) +OSSL_PKEY_BN(dsa, DSA, p) +OSSL_PKEY_BN(dsa, DSA, q) +OSSL_PKEY_BN(dsa, DSA, g) +OSSL_PKEY_BN(dsa, DSA, pub_key) +OSSL_PKEY_BN(dsa, DSA, priv_key) /* * INIT diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index e723a38e06..3cb21d214b 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -25,7 +25,7 @@ static const rb_data_type_t ossl_ec_point_type; #define GetPKeyEC(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_EC) { \ + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) { \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A EC PKEY!"); \ } \ } while (0) @@ -38,7 +38,7 @@ static const rb_data_type_t ossl_ec_point_type; #define Get_EC_KEY(obj, key) do { \ EVP_PKEY *pkey; \ GetPKeyEC((obj), pkey); \ - (key) = pkey->pkey.ec; \ + (key) = EVP_PKEY_get0_EC_KEY(pkey); \ } while(0) #define Require_EC_KEY(obj, key) do { \ @@ -171,7 +171,7 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self) char *passwd = NULL; GetPKey(self, pkey); - if (pkey->pkey.ec) + if (EVP_PKEY_get0_EC_KEY(pkey)) ossl_raise(eECError, "EC_KEY already initialized"); rb_scan_args(argc, argv, "02", &arg, &pass); diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 50e06535a7..3e54c9ed4a 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -13,7 +13,7 @@ #define GetPKeyRSA(obj, pkey) do { \ GetPKey((obj), (pkey)); \ - if (EVP_PKEY_type((pkey)->type) != EVP_PKEY_RSA) { /* PARANOIA? */ \ + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_RSA) { /* PARANOIA? */ \ ossl_raise(rb_eRuntimeError, "THIS IS NOT A RSA!") ; \ } \ } while (0) @@ -288,7 +288,7 @@ ossl_rsa_is_private(VALUE self) GetPKeyRSA(self, pkey); - return (RSA_PRIVATE(self, pkey->pkey.rsa)) ? Qtrue : Qfalse; + return (RSA_PRIVATE(self, EVP_PKEY_get0_RSA(pkey))) ? Qtrue : Qfalse; } /* @@ -326,14 +326,14 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eRSAError, NULL); } - if (RSA_HAS_PRIVATE(pkey->pkey.rsa)) { - if (!PEM_write_bio_RSAPrivateKey(out, pkey->pkey.rsa, ciph, + if (RSA_HAS_PRIVATE(EVP_PKEY_get0_RSA(pkey))) { + if (!PEM_write_bio_RSAPrivateKey(out, EVP_PKEY_get0_RSA(pkey), ciph, NULL, 0, ossl_pem_passwd_cb, passwd)) { BIO_free(out); ossl_raise(eRSAError, NULL); } } else { - if (!PEM_write_bio_RSA_PUBKEY(out, pkey->pkey.rsa)) { + if (!PEM_write_bio_RSA_PUBKEY(out, EVP_PKEY_get0_RSA(pkey))) { BIO_free(out); ossl_raise(eRSAError, NULL); } @@ -359,22 +359,22 @@ ossl_rsa_to_der(VALUE self) VALUE str; GetPKeyRSA(self, pkey); - if(RSA_HAS_PRIVATE(pkey->pkey.rsa)) + if(RSA_HAS_PRIVATE(EVP_PKEY_get0_RSA(pkey))) i2d_func = i2d_RSAPrivateKey; else i2d_func = (int (*)(const RSA*, unsigned char**))i2d_RSA_PUBKEY; - if((len = i2d_func(pkey->pkey.rsa, NULL)) <= 0) + if((len = i2d_func(EVP_PKEY_get0_RSA(pkey), NULL)) <= 0) ossl_raise(eRSAError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(pkey->pkey.rsa, &p) < 0) + if(i2d_func(EVP_PKEY_get0_RSA(pkey), &p) < 0) ossl_raise(eRSAError, NULL); ossl_str_adjust(str, p); return str; } -#define ossl_rsa_buf_size(pkey) (RSA_size((pkey)->pkey.rsa)+16) +#define ossl_rsa_buf_size(pkey) (RSA_size(EVP_PKEY_get0_RSA(pkey))+16) /* * call-seq: @@ -397,7 +397,7 @@ ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -426,7 +426,7 @@ ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -450,7 +450,7 @@ ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self) VALUE str, buffer, padding; GetPKeyRSA(self, pkey); - if (!RSA_PRIVATE(self, pkey->pkey.rsa)) { + if (!RSA_PRIVATE(self, EVP_PKEY_get0_RSA(pkey))) { ossl_raise(eRSAError, "private key needed."); } rb_scan_args(argc, argv, "11", &buffer, &padding); @@ -458,7 +458,7 @@ ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -482,7 +482,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) VALUE str, buffer, padding; GetPKeyRSA(self, pkey); - if (!RSA_PRIVATE(self, pkey->pkey.rsa)) { + if (!RSA_PRIVATE(self, EVP_PKEY_get0_RSA(pkey))) { ossl_raise(eRSAError, "private key needed."); } rb_scan_args(argc, argv, "11", &buffer, &padding); @@ -490,7 +490,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, + (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey), pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -519,14 +519,14 @@ ossl_rsa_get_params(VALUE self) hash = rb_hash_new(); - rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(pkey->pkey.rsa->n)); - rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(pkey->pkey.rsa->e)); - rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(pkey->pkey.rsa->d)); - rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.rsa->p)); - rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.rsa->q)); - rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(pkey->pkey.rsa->dmp1)); - rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(pkey->pkey.rsa->dmq1)); - rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(pkey->pkey.rsa->iqmp)); + rb_hash_aset(hash, rb_str_new2("n"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->n)); + rb_hash_aset(hash, rb_str_new2("e"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->e)); + rb_hash_aset(hash, rb_str_new2("d"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->d)); + rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->p)); + rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->q)); + rb_hash_aset(hash, rb_str_new2("dmp1"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->dmp1)); + rb_hash_aset(hash, rb_str_new2("dmq1"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->dmq1)); + rb_hash_aset(hash, rb_str_new2("iqmp"), ossl_bn_new(EVP_PKEY_get0_RSA(pkey)->iqmp)); return hash; } @@ -552,7 +552,7 @@ ossl_rsa_to_text(VALUE self) if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eRSAError, NULL); } - if (!RSA_print(out, pkey->pkey.rsa, 0)) { /* offset = 0 */ + if (!RSA_print(out, EVP_PKEY_get0_RSA(pkey), 0)) { /* offset = 0 */ BIO_free(out); ossl_raise(eRSAError, NULL); } @@ -576,7 +576,7 @@ ossl_rsa_to_public_key(VALUE self) GetPKeyRSA(self, pkey); /* err check performed by rsa_instance */ - rsa = RSAPublicKey_dup(pkey->pkey.rsa); + rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey)); obj = rsa_instance(CLASS_OF(self), rsa); if (obj == Qfalse) { RSA_free(rsa); @@ -595,7 +595,7 @@ ossl_rsa_blinding_on(VALUE self) GetPKeyRSA(self, pkey); - if (RSA_blinding_on(pkey->pkey.rsa, ossl_bn_ctx) != 1) { + if (RSA_blinding_on(EVP_PKEY_get0_RSA(pkey), ossl_bn_ctx) != 1) { ossl_raise(eRSAError, NULL); } return self; @@ -607,20 +607,20 @@ ossl_rsa_blinding_off(VALUE self) EVP_PKEY *pkey; GetPKeyRSA(self, pkey); - RSA_blinding_off(pkey->pkey.rsa); + RSA_blinding_off(EVP_PKEY_get0_RSA(pkey)); return self; } */ -OSSL_PKEY_BN(rsa, n) -OSSL_PKEY_BN(rsa, e) -OSSL_PKEY_BN(rsa, d) -OSSL_PKEY_BN(rsa, p) -OSSL_PKEY_BN(rsa, q) -OSSL_PKEY_BN(rsa, dmp1) -OSSL_PKEY_BN(rsa, dmq1) -OSSL_PKEY_BN(rsa, iqmp) +OSSL_PKEY_BN(rsa, RSA, n) +OSSL_PKEY_BN(rsa, RSA, e) +OSSL_PKEY_BN(rsa, RSA, d) +OSSL_PKEY_BN(rsa, RSA, p) +OSSL_PKEY_BN(rsa, RSA, q) +OSSL_PKEY_BN(rsa, RSA, dmp1) +OSSL_PKEY_BN(rsa, RSA, dmq1) +OSSL_PKEY_BN(rsa, RSA, iqmp) /* * INIT diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 96c7990046..a1dd863e7f 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -82,6 +82,8 @@ static VALUE sym_exception, sym_wait_readable, sym_wait_writable; /* * SSLContext class */ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" static const struct { const char *name; SSL_METHOD *(*func)(void); @@ -119,6 +121,7 @@ static const struct { OSSL_SSL_METHOD_ENTRY(SSLv23_client), #undef OSSL_SSL_METHOD_ENTRY }; +#pragma GCC diagnostic pop static int ossl_ssl_ex_vcb_idx; static int ossl_ssl_ex_store_p; @@ -128,8 +131,10 @@ static void ossl_sslctx_free(void *ptr) { SSL_CTX *ctx = ptr; +#if !defined(HAVE_X509_UP_REF) /* upto 1.0.2 */ if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1) ctx->cert_store = NULL; +#endif SSL_CTX_free(ctx); } @@ -244,7 +249,7 @@ ossl_call_tmp_dh_callback(VALUE args) if (NIL_P(cb)) return Qfalse; dh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(dh); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse; + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_DH) return Qfalse; return dh; } @@ -262,11 +267,11 @@ ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength) if (!RTEST(dh)) return NULL; ossl_ssl_set_tmp_dh(rb_ssl, dh); - return GetPKeyPtr(dh)->pkey.dh; + return EVP_PKEY_get0_DH(GetPKeyPtr(dh)); } #endif /* OPENSSL_NO_DH */ -#if !defined(OPENSSL_NO_EC) +#if defined(SSL_CTX_SET_TMP_ECDH_CALLBACK) static VALUE ossl_call_tmp_ecdh_callback(VALUE args) { @@ -278,7 +283,7 @@ ossl_call_tmp_ecdh_callback(VALUE args) if (NIL_P(cb)) return Qfalse; ecdh = rb_apply(cb, rb_intern("call"), args); pkey = GetPKeyPtr(ecdh); - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return Qfalse; + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) return Qfalse; return ecdh; } @@ -296,7 +301,7 @@ ossl_tmp_ecdh_callback(SSL *ssl, int is_export, int keylength) if (!RTEST(ecdh)) return NULL; ossl_ssl_set_tmp_ecdh(rb_ssl, ecdh); - return GetPKeyPtr(ecdh)->pkey.ec; + return EVP_PKEY_get0_EC_KEY(GetPKeyPtr(ecdh)); } #endif @@ -385,7 +390,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess) return 1; ssl_obj = (VALUE)ptr; sess_obj = rb_obj_alloc(cSSLSession); - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(sess); DATA_PTR(sess_obj) = sess; ary = rb_ary_new2(2); @@ -434,7 +439,7 @@ ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess) return; sslctx_obj = (VALUE)ptr; sess_obj = rb_obj_alloc(cSSLSession); - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(sess); DATA_PTR(sess_obj) = sess; ary = rb_ary_new2(2); @@ -642,7 +647,7 @@ ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, c static void ssl_info_cb(const SSL *ssl, int where, int val) { - int state = SSL_state(ssl); + int state = SSL_get_state(ssl); if ((where & SSL_CB_HANDSHAKE_START) && (state & SSL_ST_ACCEPT)) { @@ -711,7 +716,7 @@ ossl_sslctx_setup(VALUE self) SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback); #endif -#if !defined(OPENSSL_NO_EC) +#if defined(SSL_CTX_SET_TMP_ECDH_CALLBACK) if (RTEST(ossl_sslctx_get_tmp_ecdh_cb(self))){ SSL_CTX_set_tmp_ecdh_callback(ctx, ossl_tmp_ecdh_callback); } @@ -719,15 +724,19 @@ ossl_sslctx_setup(VALUE self) val = ossl_sslctx_get_cert_store(self); if(!NIL_P(val)){ + store = GetX509StorePtr(val); /* NO NEED TO DUP */ +#if defined(HAVE_X509_UP_REF) /* from 1.1.0 */ + X509_STORE_up_ref(store); +#else /* - * WORKAROUND: + * WORKAROUND (- 1.0.2): * X509_STORE can count references, but * X509_STORE_free() doesn't care it. * So we won't increment it but mark it by ex_data. */ - store = GetX509StorePtr(val); /* NO NEED TO DUP */ - SSL_CTX_set_cert_store(ctx, store); SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1); +#endif + SSL_CTX_set_cert_store(ctx, store); } val = ossl_sslctx_get_extra_cert(self); @@ -882,6 +891,7 @@ static VALUE ossl_sslctx_get_ciphers(VALUE self) { SSL_CTX *ctx; + SSL *temp_ssl; STACK_OF(SSL_CIPHER) *ciphers; SSL_CIPHER *cipher; VALUE ary; @@ -892,7 +902,13 @@ ossl_sslctx_get_ciphers(VALUE self) rb_warning("SSL_CTX is not initialized."); return Qnil; } - ciphers = ctx->cipher_list; + /* SSL_CTX was made opaque so we can't access ctx->cipher_list directly :( */ + temp_ssl = SSL_new(ctx); + if (!temp_ssl) + ossl_raise(eSSLError, "SSL_new() failed"); + + ciphers = SSL_get_ciphers(temp_ssl); + SSL_free(temp_ssl); if (!ciphers) return rb_ary_new(); diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index 8f51436fd6..6f4429ecde 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -218,7 +218,7 @@ ossl_x509attr_set_value(VALUE self, VALUE value) attr = new_attr; } - if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value)) { + if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value.ptr, -1)) { ASN1_TYPE_free(a1type); ossl_raise(eX509AttrError, "X509_ATTRIBUTE_set1_data() failed"); } |