From 384e12804a987ce1d0dcf64a009f2dd82a679509 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Tue, 17 May 2016 14:10:07 +0900 Subject: ext/openssl: small cleanups Including the following changes. * Remove function prototype: - ossl_call_verify_cb_proc() - ossl_x509_ary2sk0() - Init_openssl() * Remove macro definition: - OSSL_Check_Instance() - OSSL_Check_Same_Class() * Use OSSL_MIN_PWD_LEN instead of magic number 4 --- ext/openssl/ossl.c | 8 +++++--- ext/openssl/ossl.h | 34 +++++++++++++--------------------- ext/openssl/ossl_pkey_dsa.c | 3 ++- ext/openssl/ossl_pkey_ec.c | 3 ++- ext/openssl/ossl_pkey_rsa.c | 3 ++- 5 files changed, 24 insertions(+), 27 deletions(-) diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index d03dfa7ad0..71ef09bc9f 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -136,6 +136,8 @@ ossl_buf2str(char *buf, int len) VALUE str; int status = 0; + /* This is needed because rb_str_new() may raise. In that case, we can't + * free buf. */ str = rb_protect((VALUE(*)_((VALUE)))ossl_str_new, len, &status); if(!NIL_P(str)) memcpy(RSTRING_PTR(str), buf, len); OPENSSL_free(buf); @@ -181,8 +183,8 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd) return -1; } len = RSTRING_LENINT(pass); - if (len < 4) { /* 4 is OpenSSL hardcoded limit */ - rb_warning("password must be longer than 4 bytes"); + if (len < OSSL_MIN_PWD_LEN) { + rb_warning("password must be longer than %d bytes", OSSL_MIN_PWD_LEN); continue; } if (len > max_len) { @@ -200,7 +202,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd) */ int ossl_verify_cb_idx; -VALUE +static VALUE ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args) { return rb_funcall(args->proc, rb_intern("call"), 2, diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h index 3be01b0cb6..ea9f3be50d 100644 --- a/ext/openssl/ossl.h +++ b/ext/openssl/ossl.h @@ -97,21 +97,8 @@ extern VALUE eOSSLError; */ #define OSSL_Check_Kind(obj, klass) do {\ if (!rb_obj_is_kind_of((obj), (klass))) {\ - ossl_raise(rb_eTypeError, "wrong argument (%"PRIsVALUE")! (Expected kind of %"PRIsVALUE")",\ - rb_obj_class(obj), (klass));\ - }\ -} while (0) - -#define OSSL_Check_Instance(obj, klass) do {\ - if (!rb_obj_is_instance_of((obj), (klass))) {\ - ossl_raise(rb_eTypeError, "wrong argument (%"PRIsVALUE")! (Expected instance of %"PRIsVALUE")",\ - rb_obj_class(obj), (klass));\ - }\ -} while (0) - -#define OSSL_Check_Same_Class(obj1, obj2) do {\ - if (!rb_obj_is_instance_of((obj1), rb_obj_class(obj2))) {\ - ossl_raise(rb_eTypeError, "wrong argument type");\ + rb_raise(rb_eTypeError, "wrong argument (%"PRIsVALUE")! (Expected kind of %"PRIsVALUE")",\ + rb_obj_class(obj), (klass));\ }\ } while (0) @@ -130,13 +117,19 @@ int string2hex(const unsigned char *, int, char **, int *); /* * Data Conversion */ -STACK_OF(X509) *ossl_x509_ary2sk0(VALUE); +/* Convert STACK_OF(xx) <-> Array */ STACK_OF(X509) *ossl_x509_ary2sk(VALUE); STACK_OF(X509) *ossl_protect_x509_ary2sk(VALUE,int*); VALUE ossl_x509_sk2ary(STACK_OF(X509) *certs); VALUE ossl_x509crl_sk2ary(STACK_OF(X509_CRL) *crl); VALUE ossl_x509name_sk2ary(STACK_OF(X509_NAME) *names); +/* Create a new String and copy buf into it. buf will be freed. */ VALUE ossl_buf2str(char *buf, int len); +/* Adjust String length. We call OpenSSL's i2d_ functions with NULL buffer first + * to estimate the length, and we allocate a String and then call these + * functions with pointer of +p+. However the estimated length can be inaccurate. + * OpenSSL increments +p+ to point just after the data written. See the manpage + * of i2d_X509 for details */ #define ossl_str_adjust(str, p) \ do{\ long len = RSTRING_LEN(str);\ @@ -154,8 +147,10 @@ int ossl_pem_passwd_cb(char *, int, int, void *); * Clear BIO* with this in PEM/DER fallback scenarios to avoid decoding * errors piling up in OpenSSL::Errors */ -#define OSSL_BIO_reset(bio) (void)BIO_reset((bio)); \ - ERR_clear_error(); +#define OSSL_BIO_reset(bio) do { \ + (void)BIO_reset((bio)); \ + ERR_clear_error(); \ +} while (0) /* * ERRor messages @@ -175,7 +170,6 @@ struct ossl_verify_cb_args { VALUE store_ctx; }; -VALUE ossl_call_verify_cb_proc(struct ossl_verify_cb_args *); int ossl_verify_cb(int, X509_STORE_CTX *); /* @@ -239,8 +233,6 @@ void ossl_debug(const char *, ...); #include "ossl_x509.h" #include "ossl_engine.h" -void Init_openssl(void); - #if defined(__cplusplus) } #endif diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c index 04900cc649..2ff8f7896e 100644 --- a/ext/openssl/ossl_pkey_dsa.c +++ b/ext/openssl/ossl_pkey_dsa.c @@ -323,7 +323,8 @@ ossl_dsa_export(int argc, VALUE *argv, VALUE self) if (!NIL_P(pass)) { StringValue(pass); if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) - ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at " + "least %d characters long", OSSL_MIN_PWD_LEN); passwd = RSTRING_PTR(pass); } } diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index c93e3cfb99..19a7617e4a 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -499,7 +499,8 @@ static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int forma if (!NIL_P(pass)) { StringValue(pass); if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) - ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at " + "least %d characters long", OSSL_MIN_PWD_LEN); password = RSTRING_PTR(pass); } } diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c index 20b993abb8..270b2b1882 100644 --- a/ext/openssl/ossl_pkey_rsa.c +++ b/ext/openssl/ossl_pkey_rsa.c @@ -318,7 +318,8 @@ ossl_rsa_export(int argc, VALUE *argv, VALUE self) if (!NIL_P(pass)) { StringValue(pass); if (RSTRING_LENINT(pass) < OSSL_MIN_PWD_LEN) - ossl_raise(eOSSLError, "OpenSSL requires passwords to be at least four characters long"); + ossl_raise(eOSSLError, "OpenSSL requires passwords to be at " + "least %d characters long", OSSL_MIN_PWD_LEN); passwd = RSTRING_PTR(pass); } } -- cgit v1.2.3