From d37bbbcdfbbba46b7fe0af6a0630d1e05d21375b Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 5 May 2016 15:54:24 +0900
Subject: ext/openssl: BIGNUM and BN_GENCB is made opaque

---
 ext/openssl/extconf.rb        |  3 +++
 ext/openssl/openssl_missing.h | 12 ++++++++++++
 ext/openssl/ossl_bn.c         | 13 ++++---------
 ext/openssl/ossl_pkey.c       |  2 +-
 ext/openssl/ossl_pkey_dh.c    | 13 +++++++++----
 ext/openssl/ossl_pkey_dsa.c   | 14 ++++++++++----
 ext/openssl/ossl_pkey_rsa.c   | 13 ++++++++-----
 7 files changed, 47 insertions(+), 23 deletions(-)

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index a8fb2a7875..40cadb5795 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -103,6 +103,9 @@ OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
 
 # added in 1.1.0
 have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
+have_func("BN_GENCB_new")
+have_func("BN_GENCB_free")
+have_func("BN_GENCB_get_arg")
 have_func("EVP_MD_CTX_new")
 have_func("EVP_MD_CTX_free")
 have_func("HMAC_CTX_new")
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 2242eee05a..4daef149c4 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -48,6 +48,18 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * vol
 #endif
 
 /* added in 1.1.0 */
+#if !defined(HAVE_BN_GENCB_NEW)
+#  define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
+#endif
+
+#if !defined(HAVE_BN_GENCB_FREE)
+#  define BN_GENCB_free(cb) OPENSSL_free(cb)
+#endif
+
+#if !defined(HAVE_BN_GENCB_GET_ARG)
+#  define BN_GENCB_get_arg(cb) (cb)->arg
+#endif
+
 #if !defined(HAVE_EVP_MD_CTX_NEW)
 #  define EVP_MD_CTX_new EVP_MD_CTX_create
 #endif
diff --git a/ext/openssl/ossl_bn.c b/ext/openssl/ossl_bn.c
index 1be7737e83..9591b7f22c 100644
--- a/ext/openssl/ossl_bn.c
+++ b/ext/openssl/ossl_bn.c
@@ -37,17 +37,12 @@ ossl_bn_free(void *ptr)
     BN_clear_free(ptr);
 }
 
-static size_t
-ossl_bn_size(const void *ptr)
-{
-    return sizeof(BIGNUM);
-}
-
 static const rb_data_type_t ossl_bn_type = {
     "OpenSSL/BN",
-    {0, ossl_bn_free, ossl_bn_size,},
-    0, 0,
-    RUBY_TYPED_FREE_IMMEDIATELY,
+    {
+	0, ossl_bn_free,
+    },
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
 };
 
 /*
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index b236ef34cb..514d6de83d 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -27,7 +27,7 @@ ossl_generate_cb_2(int p, int n, BN_GENCB *cb)
     struct ossl_generate_cb_arg *arg;
     int state;
 
-    arg = (struct ossl_generate_cb_arg *)cb->arg;
+    arg = (struct ossl_generate_cb_arg *)BN_GENCB_get_arg(cb);
     if (arg->yield) {
 	ary = rb_ary_new2(2);
 	rb_ary_store(ary, 0, INT2NUM(p));
diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
index 0683a78f69..8704d96611 100644
--- a/ext/openssl/ossl_pkey_dh.c
+++ b/ext/openssl/ossl_pkey_dh.c
@@ -101,21 +101,25 @@ dh_blocking_gen(void *arg)
 static DH *
 dh_generate(int size, int gen)
 {
-    BN_GENCB cb;
     struct ossl_generate_cb_arg cb_arg;
     struct dh_blocking_gen_arg gen_arg;
     DH *dh = DH_new();
+    BN_GENCB *cb = BN_GENCB_new();
 
-    if (!dh) return 0;
+    if (!dh || !cb) {
+	if (dh) DH_free(dh);
+	if (cb) BN_GENCB_free(cb);
+	return 0;
+    }
 
     memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
     if (rb_block_given_p())
 	cb_arg.yield = 1;
-    BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+    BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
     gen_arg.dh = dh;
     gen_arg.size = size;
     gen_arg.gen = gen;
-    gen_arg.cb = &cb;
+    gen_arg.cb = cb;
     if (cb_arg.yield == 1) {
 	/* we cannot release GVL when callback proc is supplied */
 	dh_blocking_gen(&gen_arg);
@@ -124,6 +128,7 @@ dh_generate(int size, int gen)
 	rb_thread_call_without_gvl(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
     }
 
+    BN_GENCB_free(cb);
     if (!gen_arg.result) {
 	DH_free(dh);
 	if (cb_arg.state) rb_jump_tag(cb_arg.state);
diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
index a3f112274b..f18760c4e2 100644
--- a/ext/openssl/ossl_pkey_dsa.c
+++ b/ext/openssl/ossl_pkey_dsa.c
@@ -98,15 +98,19 @@ dsa_blocking_gen(void *arg)
 static DSA *
 dsa_generate(int size)
 {
-    BN_GENCB cb;
     struct ossl_generate_cb_arg cb_arg;
     struct dsa_blocking_gen_arg gen_arg;
     DSA *dsa = DSA_new();
+    BN_GENCB *cb = BN_GENCB_new();
     unsigned char seed[20];
     int seed_len = 20, counter;
     unsigned long h;
 
-    if (!dsa) return 0;
+    if (!dsa || !cb) {
+	if (dsa) DSA_free(dsa);
+	if (cb) BN_GENCB_free(cb);
+	return 0;
+    }
     if (RAND_bytes(seed, seed_len) <= 0) {
 	DSA_free(dsa);
 	return 0;
@@ -115,14 +119,14 @@ dsa_generate(int size)
     memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
     if (rb_block_given_p())
 	cb_arg.yield = 1;
-    BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+    BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
     gen_arg.dsa = dsa;
     gen_arg.size = size;
     gen_arg.seed = seed;
     gen_arg.seed_len = seed_len;
     gen_arg.counter = &counter;
     gen_arg.h = &h;
-    gen_arg.cb = &cb;
+    gen_arg.cb = cb;
     if (cb_arg.yield == 1) {
 	/* we cannot release GVL when callback proc is supplied */
 	dsa_blocking_gen(&gen_arg);
@@ -130,6 +134,8 @@ dsa_generate(int size)
 	/* there's a chance to unblock */
 	rb_thread_call_without_gvl(dsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
     }
+
+    BN_GENCB_free(cb);
     if (!gen_arg.result) {
 	DSA_free(dsa);
 	if (cb_arg.state) rb_jump_tag(cb_arg.state);
diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
index 52bab79245..3686d34361 100644
--- a/ext/openssl/ossl_pkey_rsa.c
+++ b/ext/openssl/ossl_pkey_rsa.c
@@ -97,15 +97,16 @@ static RSA *
 rsa_generate(int size, unsigned long exp)
 {
     int i;
-    BN_GENCB cb;
     struct ossl_generate_cb_arg cb_arg;
     struct rsa_blocking_gen_arg gen_arg;
     RSA *rsa = RSA_new();
     BIGNUM *e = BN_new();
+    BN_GENCB *cb = BN_GENCB_new();
 
-    if (!rsa || !e) {
-	if (e) BN_free(e);
+    if (!rsa || !e || !cb) {
 	if (rsa) RSA_free(rsa);
+	if (e) BN_free(e);
+	if (cb) BN_GENCB_free(cb);
 	return 0;
     }
     for (i = 0; i < (int)sizeof(exp) * 8; ++i) {
@@ -121,11 +122,11 @@ rsa_generate(int size, unsigned long exp)
     memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
     if (rb_block_given_p())
 	cb_arg.yield = 1;
-    BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+    BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
     gen_arg.rsa = rsa;
     gen_arg.e = e;
     gen_arg.size = size;
-    gen_arg.cb = &cb;
+    gen_arg.cb = cb;
     if (cb_arg.yield == 1) {
 	/* we cannot release GVL when callback proc is supplied */
 	rsa_blocking_gen(&gen_arg);
@@ -133,6 +134,8 @@ rsa_generate(int size, unsigned long exp)
 	/* there's a chance to unblock */
 	rb_thread_call_without_gvl(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
     }
+
+    BN_GENCB_free(cb);
     if (!gen_arg.result) {
 	BN_free(e);
 	RSA_free(rsa);
-- 
cgit v1.2.3