From 1cf43c17514c79b28571d649387c17e4e3dd2810 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 20 Apr 2016 18:02:58 +0900 Subject: ext/openssl: use *_up_ref() functions --- ext/openssl/extconf.rb | 5 +++++ ext/openssl/openssl_missing.h | 25 +++++++++++++++++++++++++ ext/openssl/ossl_pkey.c | 4 ++-- ext/openssl/ossl_ssl.c | 15 ++++++++++----- ext/openssl/ossl_x509cert.c | 2 +- ext/openssl/ossl_x509crl.c | 2 +- ext/openssl/ossl_x509store.c | 2 +- 7 files changed, 45 insertions(+), 10 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 2cdbc0396d..fa89bbcca9 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -110,6 +110,11 @@ have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarati have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") have_func("OCSP_SINGLERESP_get0_id") +have_func("X509_up_ref") +have_func("X509_CRL_up_ref") +have_func("X509_STORE_up_ref") +have_func("SSL_SESSION_up_ref") +have_func("EVP_PKEY_up_ref") have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h") Logging::message "=== Checking done. ===\n" diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 1e4b2aef93..eab3ca65ef 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -85,6 +85,31 @@ int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); # define OCSP_SINGLERESP_get0_id(s) ((s)->certId) #endif +#if !defined(HAVE_X509_UP_REF) +# define X509_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509) +#endif + +#if !defined(HAVE_X509_CRL_UP_REF) +# define X509_CRL_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_CRL); +#endif + +#if !defined(HAVE_X509_STORE_UP_REF) +# define X509_STORE_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_STORE); +#endif + +#if !defined(HAVE_SSL_SESSION_UP_REF) +# define SSL_SESSION_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_SSL_SESSION); +#endif + +#if !defined(HAVE_EVP_PKEY_UP_REF) +# define EVP_PKEY_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY); +#endif + #if defined(__cplusplus) } #endif diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c index 4990ce8e08..4bf36a6ecc 100644 --- a/ext/openssl/ossl_pkey.c +++ b/ext/openssl/ossl_pkey.c @@ -197,7 +197,7 @@ DupPKeyPtr(VALUE obj) EVP_PKEY *pkey; SafeGetPKey(obj, pkey); - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pkey); return pkey; } @@ -211,7 +211,7 @@ DupPrivPKeyPtr(VALUE obj) ossl_raise(rb_eArgError, "Private key is needed."); } SafeGetPKey(obj, pkey); - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pkey); return pkey; } diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 294ba5dfe8..3874543b2f 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -124,8 +124,10 @@ static void ossl_sslctx_free(void *ptr) { SSL_CTX *ctx = ptr; +#if !defined(HAVE_X509_STORE_UP_REF) if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1) ctx->cert_store = NULL; +#endif SSL_CTX_free(ctx); } @@ -381,7 +383,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess) return 1; ssl_obj = (VALUE)ptr; sess_obj = rb_obj_alloc(cSSLSession); - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(sess); DATA_PTR(sess_obj) = sess; ary = rb_ary_new2(2); @@ -430,7 +432,7 @@ ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess) return; sslctx_obj = (VALUE)ptr; sess_obj = rb_obj_alloc(cSSLSession); - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(sess); DATA_PTR(sess_obj) = sess; ary = rb_ary_new2(2); @@ -693,7 +695,6 @@ ossl_sslctx_setup(VALUE self) { SSL_CTX *ctx; X509 *cert = NULL, *client_ca = NULL; - X509_STORE *store; EVP_PKEY *key = NULL; char *ca_path = NULL, *ca_file = NULL; int verify_mode; @@ -715,15 +716,19 @@ ossl_sslctx_setup(VALUE self) val = ossl_sslctx_get_cert_store(self); if(!NIL_P(val)){ + X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */ + SSL_CTX_set_cert_store(ctx, store); +#if !defined(HAVE_X509_STORE_UP_REF) /* * WORKAROUND: * X509_STORE can count references, but * X509_STORE_free() doesn't care it. * So we won't increment it but mark it by ex_data. */ - store = GetX509StorePtr(val); /* NO NEED TO DUP */ - SSL_CTX_set_cert_store(ctx, store); SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1); +#else /* Fixed in OpenSSL 1.1.0 */ + X509_STORE_up_ref(store); +#endif } val = ossl_sslctx_get_extra_cert(self); diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 4dafae17b9..db8ba02375 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -122,7 +122,7 @@ DupX509CertPtr(VALUE obj) SafeGetX509(obj, x509); - CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(x509); return x509; } diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c index f64712efcd..3aa695a5ea 100644 --- a/ext/openssl/ossl_x509crl.c +++ b/ext/openssl/ossl_x509crl.c @@ -67,7 +67,7 @@ DupX509CRLPtr(VALUE obj) X509_CRL *crl; SafeGetX509CRL(obj, crl); - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + X509_CRL_up_ref(crl); return crl; } diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index b09313cc87..c62f2e3084 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -98,7 +98,7 @@ DupX509StorePtr(VALUE obj) X509_STORE *store; SafeGetX509Store(obj, store); - CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); + X509_STORE_up_ref(store); return store; } -- cgit v1.2.3