From 79ff2cf3e55e6052161ab019f77aa2efbe45509a Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Sun, 10 Apr 2016 17:25:07 +0900 Subject: compiled on OpenSSL 1.1.0 --- ext/openssl/extconf.rb | 8 +- ext/openssl/openssl_missing.c | 446 +++++++++++++++++++++-------------------- ext/openssl/openssl_missing.h | 70 ++++--- ext/openssl/ossl_hmac.c | 18 +- ext/openssl/ossl_ssl.c | 8 +- ext/openssl/ossl_x509cert.c | 10 +- ext/openssl/ossl_x509crl.c | 18 +- ext/openssl/ossl_x509ext.c | 2 +- ext/openssl/ossl_x509req.c | 4 +- ext/openssl/ossl_x509revoked.c | 8 +- 10 files changed, 323 insertions(+), 269 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index cb12bf04bb..cf00db9a41 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -66,7 +66,6 @@ end Logging::message "=== Checking for OpenSSL features... ===\n" have_func("ERR_peek_last_error") have_func("ASN1_put_eoc") -have_func("OCSP_id_get0_info") have_func("BN_mod_add") have_func("BN_mod_sqr") have_func("BN_mod_sub") @@ -108,10 +107,14 @@ have_func("X509_CRL_add0_revoked") have_func("X509_CRL_set_issuer_name") have_func("X509_CRL_set_version") have_func("X509_CRL_sort") +have_func("X509_CRL_set_nextUpdate") # for 0.9.6 have_func("X509_CRL_get0_signature") have_func("X509_REQ_get0_signature") +have_func("X509_get0_tbs_sigalg") have_func("X509_REVOKED_get0_serialNumber") have_func("X509_REVOKED_set_serialNumber") +have_func("X509_REVOKED_get0_revocationDate") +have_func("X509_REVOKED_set_nextUpdate") have_func("X509_NAME_hash_old") have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") @@ -169,6 +172,9 @@ if checking_for('OpenSSL version is 0.9.7 or later') { try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h') } have_header("openssl/ocsp.h") + have_func("OCSP_id_get0_info") + have_func("OCSP_SINGLERESP_delete_ext") + have_func("OCSP_SINGLERESP_get0_id") end have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h") diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c index 2c953dd53b..9b19ca9d41 100644 --- a/ext/openssl/openssl_missing.c +++ b/ext/openssl/openssl_missing.c @@ -9,11 +9,29 @@ */ #include RUBY_EXTCONF_H +#include + #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_EVP_CIPHER_CTX_ENGINE) # include #endif #include +/*** 0.9.6 compatibility ***/ +#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE) +int +X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) +{ + ASN1_TIME *in = M_ASN1_TIME_dup(tm); + if (!in) + return 0; + x->crl->nextUpdate = in; + return 1; +} +#endif + +/*** 0.9.6 compatibility end ***/ + +/* HMAC */ #if !defined(OPENSSL_NO_HMAC) #include /* memcpy() */ #include @@ -32,56 +50,8 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx); } #endif /* HAVE_HMAC_CTX_COPY */ -#endif /* NO_HMAC */ - -#if !defined(HAVE_X509_STORE_SET_EX_DATA) -int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data) -{ - return CRYPTO_set_ex_data(&str->ex_data, idx, data); -} -#endif - -#if !defined(HAVE_X509_STORE_GET_EX_DATA) -void *X509_STORE_get_ex_data(X509_STORE *str, int idx) -{ - return CRYPTO_get_ex_data(&str->ex_data, idx); -} -#endif - -#if !defined(HAVE_EVP_MD_CTX_NEW) -/* new in 1.1.0 */ -EVP_MD_CTX * -EVP_MD_CTX_new(void) -{ -#if defined(HAVE_EVP_MD_CTX_CREATE) - return EVP_MD_CTX_create(); -#else /* 0.9.6 */ - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)); - if (!ctx) - return NULL; - memset(ctx, 0, sizeof(EVP_MD_CTX)); - return ctx; -#endif -} -#endif - -#if !defined(HAVE_EVP_MD_CTX_FREE) -/* new in 1.1.0 */ -void -EVP_MD_CTX_free(EVP_MD_CTX *ctx) -{ -#if defined(HAVE_EVP_MD_CTX_DESTROY) - EVP_MD_CTX_destroy(ctx); -#else /* 0.9.6 */ - /* EVP_MD_CTX_cleanup(ctx); */ - /* FIXME!!! */ - memset(ctx, 0, sizeof(EVP_MD_CTX)); - OPENSSL_free(ctx); -#endif -} -#endif -#if defined(HAVE_HMAC_INIT_EX) +#if !defined(HAVE_HMAC_INIT_EX) int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, void *impl) @@ -141,50 +111,21 @@ HMAC_CTX_free(HMAC_CTX *ctx) OPENSSL_free(ctx); } #endif +#endif /* NO_HMAC */ -#if !defined(HAVE_EVP_CIPHER_CTX_NEW) -/* new in 1.1.0 */ -EVP_CIPHER_CTX * -EVP_CIPHER_CTX_new(void) -{ - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)); - if (!ctx) - return NULL; - EVP_CIPHER_CTX_init(ctx); - return ctx; -} -#endif -#if !defined(HAVE_EVP_MD_CTX_FREE) -/* new in 1.1.0 */ -void -EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +/* X509 */ +#if !defined(HAVE_X509_STORE_SET_EX_DATA) +int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data) { - EVP_CIPHER_CTX_cleanup(ctx); /* 0.9.6 also has */ - OPENSSL_free(ctx); + return CRYPTO_set_ex_data(&str->ex_data, idx, data); } #endif -#if !defined(HAVE_EVP_CIPHER_CTX_COPY) -/* - * this function does not exist in OpenSSL yet... or ever?. - * a future version may break this function. - * tested on 0.9.7d. - */ -int -EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in) +#if !defined(HAVE_X509_STORE_GET_EX_DATA) +void *X509_STORE_get_ex_data(X509_STORE *str, int idx) { - memcpy(out, in, sizeof(EVP_CIPHER_CTX)); - -#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE) - if (in->engine) ENGINE_add(out->engine); - if (in->cipher_data) { - out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); - memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); - } -#endif - - return 1; + return CRYPTO_get_ex_data(&str->ex_data, idx); } #endif @@ -250,6 +191,190 @@ X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) } #endif +#if !defined(HAVE_X509_CRL_GET0_SIGNATURE) +void +X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) +{ + if (psig != NULL) + *psig = &crl->signature; + if (palg != NULL) + *palg = &crl->sig_alg; +} +#endif + +#if !defined(HAVE_X509_REQ_GET0_SIGNATURE) +void +X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req) +{ + if (psig != NULL) + *psig = &req->signature; + if (palg != NULL) + *palg = &req->sig_alg; +} +#endif + +#if !defined(HAVE_X509_GET0_TBS_SIGALG) +X509_ALGOR * +X509_get0_tbs_sigalg(X509 *x) +{ + return x->cert_info->signature; +} +#endif + +#if !defined(HAVE_X509_REVOKED_GET0_SERIALNUMBER) +ASN1_INTEGER * +X509_REVOKED_get0_serialNumber(X509_REVOKED *x) +{ + return &x->serialNumber; +} +#endif + +#if !defined(HAVE_X509_REVOKED_SET_SERIALNUMBER) +int +X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) +{ + ASN1_INTEGER *in = x->serialNumber; + if (in != serial) + return ASN1_STRING_copy(in, serial); + return 1; +} +#endif + +#if !defined(HAVE_X509_REVOKED_GET0_REVOCATIONDATE) +ASN1_TIME * +X509_REVOKED_get0_revocationDate(X509_REVOKED *x) +{ + return x->revocationDate; +} +#endif + + +/* EVP_MD */ +#include +#if !defined(HAVE_EVP_MD_CTX_NEW) +/* new in 1.1.0 */ +EVP_MD_CTX * +EVP_MD_CTX_new(void) +{ +#if defined(HAVE_EVP_MD_CTX_CREATE) + return EVP_MD_CTX_create(); +#else /* 0.9.6 */ + EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)); + if (!ctx) + return NULL; + memset(ctx, 0, sizeof(EVP_MD_CTX)); + return ctx; +#endif +} +#endif + +#if !defined(HAVE_EVP_MD_CTX_FREE) +/* new in 1.1.0 */ +void +EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ +#if defined(HAVE_EVP_MD_CTX_DESTROY) + EVP_MD_CTX_destroy(ctx); +#else /* 0.9.6 */ + /* EVP_MD_CTX_cleanup(ctx); */ + /* FIXME!!! */ + memset(ctx, 0, sizeof(EVP_MD_CTX)); + OPENSSL_free(ctx); +#endif +} +#endif + +#if !defined(HAVE_EVP_CIPHER_CTX_NEW) +/* new in 1.1.0 */ +EVP_CIPHER_CTX * +EVP_CIPHER_CTX_new(void) +{ + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)); + if (!ctx) + return NULL; + EVP_CIPHER_CTX_init(ctx); + return ctx; +} +#endif + +#if !defined(HAVE_EVP_MD_CTX_FREE) +/* new in 1.1.0 */ +void +EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +{ + EVP_CIPHER_CTX_cleanup(ctx); /* 0.9.6 also has */ + OPENSSL_free(ctx); +} +#endif + +#if !defined(HAVE_EVP_CIPHER_CTX_COPY) +/* + * this function does not exist in OpenSSL yet... or ever?. + * a future version may break this function. + * tested on 0.9.7d. + */ +int +EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in) +{ + memcpy(out, in, sizeof(EVP_CIPHER_CTX)); + +#if defined(HAVE_ENGINE_ADD) && defined(HAVE_EVP_CIPHER_CTX_ENGINE) + if (in->engine) ENGINE_add(out->engine); + if (in->cipher_data) { + out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); + memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); + } +#endif + + return 1; +} +#endif + +#if !defined(HAVE_EVP_PKEY_ID) /* 1.1.0 */ +int +EVP_PKEY_id(const EVP_PKEY *pkey) +{ + return pkey->type; +} + +RSA * +EVP_PKEY_get0_RSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) + return NULL; + return pkey->pkey.rsa; +} + +DSA * +EVP_PKEY_get0_DSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DSA) + return NULL; + return pkey->pkey.dsa; +} + +#if !defined(OPENSSL_NO_EC) +EC_KEY * +EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_EC) + return NULL; + return pkey->pkey.ec; +} +#endif + +#if !defined(OPENSSL_NO_DH) +DH * +EVP_PKEY_get0_DH(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DH) + return NULL; + return pkey->pkey.dh; +} +#endif +#endif + +/* BIGNUM */ #if !defined(HAVE_BN_MOD_SQR) int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) @@ -446,6 +571,9 @@ PEM_def_callback(char *buf, int num, int w, void *key) } #endif + +/* ASN.1 */ +#include #if !defined(HAVE_ASN1_PUT_EOC) int ASN1_put_eoc(unsigned char **pp) @@ -458,6 +586,9 @@ ASN1_put_eoc(unsigned char **pp) } #endif +/* OCSP */ +#if defined(HAVE_OPENSSL_OCSP_H) +#include #if !defined(HAVE_OCSP_ID_GET0_INFO) int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, @@ -471,67 +602,11 @@ OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, return 1; } #endif +#endif /* HAVE_OPENSSL_OCSP_H */ -#if !defined(HAVE_OCSP_SINGLERESP_DELETE_EXT) -X509_EXTENSION * -OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *s, int loc) -{ - return sk_X509_EXTENSION_delete(s->singleExtensions, loc); -} -#endif - -#if !defined(HAVE_OCSP_SINGLEREST_GET0_ID) -OCSP_CERTID * -OCSP_SINGLERESP_get0_id(OCSP_SINGLERESP *single) -{ - return single->certId; -} -#endif - -#if !defined(HAVE_EVP_PKEY_id) /* 1.1.0 */ -int -EVP_PKEY_id(const EVP_PKEY *pkey) -{ - return pkey->type; -} - -RSA * -EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_RSA) - return NULL; - return pkey->pkey.rsa; -} - -DSA * -EVP_PKEY_get0_DSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DSA) - return NULL; - return pkey->pkey.dsa; -} - -#if !defined(OPENSSL_NO_EC) -EC_KEY * -EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_EC) - return NULL; - return pkey->pkey.ec; -} -#endif - -#if !defined(OPENSSL_NO_DH) -DH * -EVP_PKEY_get0_DH(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DH) - return NULL; - return pkey->pkey.dh; -} -#endif -#endif +/* SSL */ +#include #if !defined(HAVE_SSL_SESSION_GET_ID) const unsigned char * SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) @@ -547,84 +622,21 @@ int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { unsigned int a_len; - unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len); + const unsigned char *a_sid = SSL_SESSION_get_id(a, &a_len); unsigned int b_len; - unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len); + const unsigned char *b_sid = SSL_SESSION_get_id(b, &b_len); - if (a->ssl_version != b->ssl_version || a_len != b_len) +#if !defined(HAVE_SSL_SESSION_GET_ID) /* 1.0.2 or older */ + if (a->ssl_version != b->ssl_version) return 1; +#endif + if (a_len != b_len) + return 1; + #if defined(_WIN32) return memcmp(a_sid, b_sid, a_len); #else return CRYPTO_memcmp(a_sid, b_sid, a_len); #endif } -#endif - -#if !defined(HAVE_X509_UP_REF) -void -X509_up_ref(X509 *x509) -{ - CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); -} - -void -X509_CRL_up_ref(X509_CRL *crl) -{ - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); -} - -void -SSL_SESSION_up_ref(SSL_SESSION *sess) -{ - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); -} - -void -EVP_PKEY_up_ref(EVP_PKEY *pkey) -{ - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); -} -#endif - -#if !defined(X509_CRL_GET0_SIGNATURE) -void -X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) -{ - if (psig != NULL) - *psig = &crl->signature; - if (palg != NULL) - *palg = &crl->sig_alg; -} -#endif - -#if !defined(X509_REQ_GET0_SIGNATURE) -void -X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ req) -{ - if (psig != NULL) - *psig = &req->signature; - if (palg != NULL) - *palg = &ret->sig_alg; -} -#endif - -#if !defined(X509_REVOKED_GET0_SERIALNUMBER) -ASN1_INTEGER * -X509_REVOKED_get0_serialNumber(X509_REVOKED *x) -{ - return &x->serialNumber; -} -#endif - -#if !defined(X509_REVOKED_SET_SERIALNUMBER) -int -X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) -{ - ASN1_INTEGER *in = x->serialNumber; - if (in != serial) - return ASN1_STRING_copy(in, serial); - return 1; -} -#endif - +#endif /* SSL */ diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index f5d7622d4b..a1167a2f41 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -62,6 +62,12 @@ typedef int i2d_of_void(); (d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)(ri)) #endif +#if !defined(HAVE_X509_CRL_SET_NEXTUPDATE) +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +#endif + + + #if !defined(HAVE_HMAC_CTX_NEW) HMAC_CTX *HMAC_CTX_new(void); #endif @@ -116,10 +122,6 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); # define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e)) #endif -#if !defined(HAVE_EVP_HMAC_INIT_EX) -# define HMAC_Init_ex(ctx, key, len, digest, engine) HMAC_Init((ctx), (key), (len), (digest)) -#endif - #if !defined(PKCS7_is_detached) # define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) #endif @@ -194,29 +196,10 @@ int PEM_def_callback(char *buf, int num, int w, void *key); int ASN1_put_eoc(unsigned char **pp); #endif -#if !defined(HAVE_OCSP_ID_GET0_INFO) -int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - ASN1_OCTET_STRING **pikeyHash, - ASN1_INTEGER **pserial, OCSP_CERTID *cid); -#endif - #if !defined(HAVE_EVP_PKEY_id) int EVP_PKEY_id(const EVP_PKEY *pkey); #endif -#if !defined(HAVE_SSL_SESSION_GET_ID) -int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); -#endif - -#if !defined(HAVE_SSL_SESSION_CMP) -int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); -#endif - -#if !defined(HAVE_X509_UP_REF) -void X509_up_ref(X509 *x509); -void X509_CRL_up_ref(X509_CRL *crl); -#endif - #if !defined(X509_CRL_GET0_SIGNATURE) void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl); #endif @@ -233,6 +216,47 @@ ASN1_INTEGER *X509_REVOKED_get0_serialNumber(X509_REVOKED *x); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); #endif +/*** new in 1.1.0 ***/ +/* OCSP */ +#if defined(HAVE_OPENSSL_OCSP_H) +#if !defined(HAVE_OCSP_ID_GET0_INFO) +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); +#endif + +#if !defined(HAVE_OCSP_SINGLERESP_DELETE_EXT) /* for 0.9.6 */ +# define OCSP_SINGLERESP_delete_ext(s, loc) \ + sk_X509_EXTENSION_delete((s)->singleExtensions, (loc)) +#endif + +#if !defined(HAVE_OCSP_SINGLERESP_GET0_ID) +# define OCSP_SINGLERESP_get0_id(s) (s)->certId +#endif +#endif /* HAVE_OPENSSL_OCSP_H */ + +/* SSL */ +#include +#if !defined(HAVE_SSL_SESSION_GET_ID) +int SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); +#endif + +#if !defined(HAVE_SSL_SESSION_CMP) +int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); +#endif + +/* reference counter */ +#if !defined(HAVE_X509_UP_REF) +# define X509_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509) +# define X509_CRL_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_CRL); +# define SSL_SESSION_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_SSL_SESSION); +# define EVP_PKEY_up_ref(x) \ + CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY); +#endif + #if defined(__cplusplus) } #endif diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c index c2aa50bbdc..8febeb7c3f 100644 --- a/ext/openssl/ossl_hmac.c +++ b/ext/openssl/ossl_hmac.c @@ -159,16 +159,18 @@ ossl_hmac_update(VALUE self, VALUE data) static void hmac_final(HMAC_CTX *ctx, unsigned char **buf, unsigned int *buf_len) { - HMAC_CTX final; - - HMAC_CTX_copy(&final, ctx); - if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) { - HMAC_CTX_cleanup(&final); - OSSL_Debug("Allocating %d mem", HMAC_size(&final)); + HMAC_CTX *final = HMAC_CTX_new(); + if (!final) + ossl_raise(eHMACError, "HMAC_CTX_new() failed"); + + HMAC_CTX_copy(final, ctx); + if (!(*buf = OPENSSL_malloc(HMAC_size(final)))) { + HMAC_CTX_free(final); + OSSL_Debug("Allocating %"PRIuSIZE" mem", HMAC_size(final)); ossl_raise(eHMACError, "Cannot allocate memory for hmac"); } - HMAC_Final(&final, *buf, buf_len); - HMAC_CTX_cleanup(&final); + HMAC_Final(final, *buf, buf_len); + HMAC_CTX_free(final); } /* diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index a1dd863e7f..d95f3be5cc 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -333,7 +333,11 @@ ossl_call_session_get_cb(VALUE ary) /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */ static SSL_SESSION * +#if OPENSSL_VERSION_NUMBER < 0x10100000L ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) +#else +ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy) +#endif { VALUE ary, ssl_obj, ret_obj; SSL_SESSION *sess; @@ -866,7 +870,7 @@ ossl_sslctx_setup(VALUE self) } static VALUE -ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher) +ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher) { VALUE ary; int bits, alg_bits; @@ -893,7 +897,7 @@ ossl_sslctx_get_ciphers(VALUE self) SSL_CTX *ctx; SSL *temp_ssl; STACK_OF(SSL_CIPHER) *ciphers; - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; VALUE ary; int i, num; diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index db8ba02375..2371c9b49e 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -350,8 +350,8 @@ ossl_x509_set_serial(VALUE self, VALUE num) GetX509(self, x509); - x509->cert_info->serialNumber = - num_to_asn1integer(num, X509_get_serialNumber(x509)); + X509_set_serialNumber(x509, + num_to_asn1integer(num, X509_get_serialNumber(x509))); return num; } @@ -371,7 +371,7 @@ ossl_x509_get_signature_algorithm(VALUE self) out = BIO_new(BIO_s_mem()); if (!out) ossl_raise(eX509CertError, NULL); - if (!i2a_ASN1_OBJECT(out, x509->cert_info->signature->algorithm)) { + if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) { BIO_free(out); ossl_raise(eX509CertError, NULL); } @@ -671,8 +671,8 @@ ossl_x509_set_extensions(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509(self, x509); - sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free); - x509->cert_info->extensions = NULL; + while ((ext = X509_delete_ext(x509, 0))) + X509_EXTENSION_free(ext); for (i=0; icrl->lastUpdate, 0, &sec)) { + if (!X509_time_adj(X509_CRL_get_lastUpdate(crl), 0, &sec)) { ossl_raise(eX509CRLError, NULL); } @@ -263,13 +263,17 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time) { X509_CRL *crl; time_t sec; + ASN1_TIME *tm; sec = time_to_time_t(time); GetX509CRL(self, crl); /* This must be some thinko in OpenSSL */ - if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){ + tm = X509_time_adj(X509_CRL_get_nextUpdate(crl), 0, &sec); + if (!X509_CRL_set_nextUpdate(crl, tm)) { + ASN1_TIME_free(tm); ossl_raise(eX509CRLError, NULL); } + ASN1_TIME_free(tm); return time; } @@ -304,6 +308,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) { X509_CRL *crl; X509_REVOKED *rev; + STACK_OF(X509_REVOKED) *rev_stack; long i; Check_Type(ary, T_ARRAY); @@ -312,8 +317,9 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev); } GetX509CRL(self, crl); - sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free); - crl->crl->revoked = NULL; + rev_stack = X509_CRL_get_REVOKED(crl); + while ((rev = sk_X509_REVOKED_delete(rev_stack, 0))) + X509_REVOKED_free(rev); for (i=0; icrl->extensions, X509_EXTENSION_free); - crl->crl->extensions = NULL; + while ((ext = X509_CRL_delete_ext(crl, 0))) + X509_EXTENSION_free(ext); for (i=0; ireq_info->attributes, X509_ATTRIBUTE_free); - req->req_info->attributes = NULL; + while ((attr = X509_REQ_delete_attr(req, 0))) + X509_ATTRIBUTE_free(attr); for (i=0;irevocationDate); + return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev)); } static VALUE @@ -150,7 +150,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time) sec = time_to_time_t(time); GetX509Rev(self, rev); - if (!X509_time_adj(rev->revocationDate, 0, &sec)) { + if (!X509_time_adj(X509_REVOKED_get0_revocationDate(rev), 0, &sec)) { ossl_raise(eX509RevError, NULL); } @@ -198,8 +198,8 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary) OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509Rev(self, rev); - sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); - rev->extensions = NULL; + while ((ext = X509_REVOKED_delete_ext(rev, 0))) + X509_EXTENSION_free(ext); for (i=0; i