From 28668bc5743897e403ecd688fad25ceebd8b5f3f Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Wed, 27 Apr 2016 15:13:12 +0900 Subject: ext/openssl: fix ex_data handling for X509_STORE X509_STORE_get_ex_new_index() is required in addition to X509_STORE_CTX_get_ex_new_index() because they are independent. --- ext/openssl/extconf.rb | 1 - ext/openssl/openssl_missing.c | 14 -------------- ext/openssl/openssl_missing.h | 11 ++++++----- ext/openssl/ossl.c | 11 +++++++---- ext/openssl/ossl.h | 3 ++- ext/openssl/ossl_ssl.c | 2 +- ext/openssl/ossl_x509store.c | 4 ++-- 7 files changed, 18 insertions(+), 28 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index c225ef35bd..60e3553d2f 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -122,7 +122,6 @@ have_func("HMAC_CTX_free") have_func("HMAC_CTX_reset") have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarations") # deprecated have_func("X509_STORE_get_ex_data") -have_func("X509_STORE_set_ex_data") have_func("X509_CRL_get0_signature") have_func("X509_REQ_get0_signature") have_func("X509_REVOKED_get0_serialNumber") diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index b62d58d444..f213888999 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -166,20 +166,6 @@ HMAC_CTX_reset(HMAC_CTX *ctx) } #endif -#if !defined(HAVE_X509_STORE_SET_EX_DATA) -int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data) -{ - return CRYPTO_set_ex_data(&str->ex_data, idx, data); -} -#endif - -#if !defined(HAVE_X509_STORE_GET_EX_DATA) -void *X509_STORE_get_ex_data(X509_STORE *str, int idx) -{ - return CRYPTO_get_ex_data(&str->ex_data, idx); -} -#endif - #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index a23f7d87ea..7d736189ea 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -108,11 +108,12 @@ int HMAC_CTX_reset(HMAC_CTX *ctx); #endif #if !defined(HAVE_X509_STORE_GET_EX_DATA) -void *X509_STORE_get_ex_data(X509_STORE *str, int idx); -#endif - -#if !defined(HAVE_X509_STORE_SET_EX_DATA) -int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); +# define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +# define X509_STORE_get_ex_data(x, idx) \ + CRYPTO_get_ex_data(&(x)->ex_data, idx) +# define X509_STORE_set_ex_data(x, idx, data) \ + CRYPTO_set_ex_data(&(x)->ex_data, idx, data) #endif #if !defined(HAVE_X509_CRL_GET0_SIGNATURE) diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index c1582155fa..4a7bbad491 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -198,7 +198,8 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd) /* * Verify callback */ -int ossl_verify_cb_idx; +int ossl_store_ctx_ex_verify_cb_idx; +int ossl_store_ex_verify_cb_idx; VALUE ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args) @@ -214,9 +215,9 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx) struct ossl_verify_cb_args args; int state = 0; - proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_verify_cb_idx); + proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx); if (!proc) - proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_verify_cb_idx); + proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx); if (!proc) return ok; if (!NIL_P(proc)) { @@ -1128,8 +1129,10 @@ Init_openssl(void) /* * Verify callback Proc index for ext-data */ - if ((ossl_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_verify_cb_idx", 0, 0, 0)) < 0) + if ((ossl_store_ctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_store_ctx_ex_verify_cb_idx", 0, 0, 0)) < 0) ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index"); + if ((ossl_store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"ossl_store_ex_verify_cb_idx", 0, 0, 0)) < 0) + ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index"); /* * Init debug core diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index b40b214987..8c5802ad19 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -148,7 +148,8 @@ VALUE ossl_exc_new(VALUE, const char *, ...); /* * Verify callback */ -extern int ossl_verify_cb_idx; +extern int ossl_store_ctx_ex_verify_cb_idx; +extern int ossl_store_ex_verify_cb_idx; struct ossl_verify_cb_args { VALUE proc; diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index cfde8d7281..f50a3e33cf 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -317,7 +317,7 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_vcb_idx); - X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, (void*)cb); + X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx, (void*)cb); return ossl_verify_cb(preverify_ok, ctx); } diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c index 18279ee190..47eca6e929 100644 --- a/ext/openssl/ossl_x509store.c +++ b/ext/openssl/ossl_x509store.c @@ -130,7 +130,7 @@ ossl_x509store_set_vfy_cb(VALUE self, VALUE cb) X509_STORE *store; GetX509Store(self, store); - X509_STORE_set_ex_data(store, ossl_verify_cb_idx, (void*)cb); + X509_STORE_set_ex_data(store, ossl_store_ex_verify_cb_idx, (void*)cb); rb_iv_set(self, "@verify_callback", cb); return cb; @@ -445,7 +445,7 @@ ossl_x509stctx_verify(VALUE self) int result; GetX509StCtx(self, ctx); - X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, + X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx, (void*)rb_iv_get(self, "@verify_callback")); result = X509_verify_cert(ctx); -- cgit v1.2.3