openssl 2.0.0.beta.2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0fb175be42485b5b6a9a5ded1672a24812be75b4
-  data.tar.gz: 07d6597617677e14278d06045f922735881e465e
+  metadata.gz: 03d318590b847c8c1c1b994254b8e2487107bf31
+  data.tar.gz: 67dee2b7da3246aa429b2a35ec3fc44c93a7cc8f
 SHA512:
-  metadata.gz: c9e75e005f17b9b69cf7d7db1d0aa344e65ec31f543f76fc8c0f99a0535f393bf1807a0301f186f68a08269390099b4d753aa51ed214cef8278d4d6756100d51
-  data.tar.gz: b18c7445fff8461ef0fa7da91e20c7e7545b0cc228b2746dfb98d7f9d0ae8838271b38f264ff84eb78c93f7b579be4ce46b6307890434712a1a0dcf5e9981c87
+  metadata.gz: 2797a1a1a48b1ddd8181f668a4bbda6efa4362f20a8aaf05b8e9e14e403f25bc98eeec8a4749c98756ce88da465b21c5494432dcebcdbd52437805209f376b1d
+  data.tar.gz: e49508cdc45afcc6c564b4de70f1029b163c2660a583b06059f524b1a67e1295171bc253c2172d0ae7e77ac59d44a7b9edebc7415e135b5838120bca3dba3f05

data/CONTRIBUTING.md

@@ -44,7 +44,7 @@ Test cases are located under the
 You can run it with the following three commands:
 
 ```
-$ gem install rake-compiler test-unit
+$ rake install_dependencies # installs rake-compiler, test-unit, ...
 $ rake compile
 $ rake test
 ```

data/History.md

@@ -17,7 +17,7 @@ Supported platforms
 
 * OpenSSL 1.0.0, 1.0.1, 1.0.2, 1.1.0
 * OpenSSL < 0.9.8 is no longer supported.
-* LibreSSL 2.1, 2.2, 2.3, 2.4
+* LibreSSL 2.3, 2.4, 2.5
 * Ruby 2.3, 2.4
 
 Notable changes
@@ -70,6 +70,9 @@ Notable changes
     linked with the EC key. Modifications to the EC::Group have no effect on the
     key. [[GH ruby/openssl#71]](https://github.com/ruby/openssl/pull/71)
 
+  - OpenSSL::PKey::EC::Point#to_bn allows specifying the point conversion form
+    by the optional argument.
+
 * OpenSSL::SSL
 
   - OpenSSL::SSL::SSLSocket#tmp_key is added. A client can call it after the

data/README.md

@@ -1,6 +1,7 @@
-# OpenSSL
+# OpenSSL for Ruby
 
 [![Build Status](https://travis-ci.org/ruby/openssl.svg?branch=master)](https://travis-ci.org/ruby/openssl)
+[![Build status](https://ci.appveyor.com/api/projects/status/b8djtmwo7l26f88y/branch/master?svg=true)](https://ci.appveyor.com/project/ruby/openssl/branch/master)
 
 OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
 OpenSSL library.
@@ -48,14 +49,9 @@ gem "openssl"
 require "openssl"
 ```
 
-See the documentation on OpenSSL for more usage,
-and the official [OpenSSL library](http://www.openssl.org/).
+## Documentation
 
-## Getting Started
-
-1. `$ gem install rake-compiler test-unit`
-2. `$ rake compile`
-3. `$ rake test`
+See https://ruby.github.io/openssl/.
 
 ## Contributing
 

data/ext/openssl/extconf.rb

@@ -33,14 +33,8 @@ end
 Logging::message "=== Checking for system dependent stuff... ===\n"
 have_library("nsl", "t_open")
 have_library("socket", "socket")
-have_header("assert.h")
 
 Logging::message "=== Checking for required stuff... ===\n"
-if $mingw
-  have_library("wsock32")
-  have_library("gdi32")
-end
-
 result = pkg_config("openssl") && have_header("openssl/ssl.h")
 unless result
   result = have_header("openssl/ssl.h")

data/ext/openssl/ossl.c

@@ -149,7 +149,7 @@ ossl_pem_passwd_value(VALUE pass)
     /* PEM_BUFSIZE is currently used as the second argument of pem_password_cb,
      * that is +max_len+ of ossl_pem_passwd_cb() */
     if (RSTRING_LEN(pass) > PEM_BUFSIZE)
-	ossl_raise(eOSSLError, "password must be shorter than %d bytes", PEM_BUFSIZE);
+	ossl_raise(eOSSLError, "password must not be longer than %d bytes", PEM_BUFSIZE);
 
     return pass;
 }
@@ -168,7 +168,8 @@ ossl_pem_passwd_cb0(VALUE flag)
 int
 ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
 {
-    int len, status;
+    long len;
+    int status;
     VALUE rflag, pass = (VALUE)pwd_;
 
     if (RTEST(pass)) {
@@ -176,7 +177,7 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
 	 * work because it does not allow NUL characters and truncates to 1024
 	 * bytes silently if the input is over 1024 bytes */
 	if (RB_TYPE_P(pass, T_STRING)) {
-	    len = RSTRING_LENINT(pass);
+	    len = RSTRING_LEN(pass);
 	    if (len >= OSSL_MIN_PWD_LEN && len <= max_len) {
 		memcpy(buf, RSTRING_PTR(pass), len);
 		return len;
@@ -203,78 +204,19 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd_)
 	    rb_set_errinfo(Qnil);
 	    return -1;
 	}
-	len = RSTRING_LENINT(pass);
+	len = RSTRING_LEN(pass);
 	if (len < OSSL_MIN_PWD_LEN) {
 	    rb_warning("password must be at least %d bytes", OSSL_MIN_PWD_LEN);
 	    continue;
 	}
 	if (len > max_len) {
-	    rb_warning("password must be shorter than %d bytes", max_len);
+	    rb_warning("password must not be longer than %d bytes", max_len);
 	    continue;
 	}
 	memcpy(buf, RSTRING_PTR(pass), len);
 	break;
     }
-    return len;
-}
-
-/*
- * Verify callback
- */
-int ossl_store_ctx_ex_verify_cb_idx;
-int ossl_store_ex_verify_cb_idx;
-
-struct ossl_verify_cb_args {
-    VALUE proc;
-    VALUE preverify_ok;
-    VALUE store_ctx;
-};
-
-static VALUE
-ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args)
-{
-    return rb_funcall(args->proc, rb_intern("call"), 2,
-		      args->preverify_ok, args->store_ctx);
-}
-
-int
-ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
-{
-    VALUE rctx, ret;
-    struct ossl_verify_cb_args args;
-    int state;
-
-    if (NIL_P(proc))
-	return ok;
-
-    ret = Qfalse;
-    rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state);
-    if (state) {
-	rb_set_errinfo(Qnil);
-	rb_warn("StoreContext initialization failure");
-    }
-    else {
-	args.proc = proc;
-	args.preverify_ok = ok ? Qtrue : Qfalse;
-	args.store_ctx = rctx;
-	ret = rb_protect((VALUE(*)(VALUE))ossl_call_verify_cb_proc, (VALUE)&args, &state);
-	if (state) {
-	    rb_set_errinfo(Qnil);
-	    rb_warn("exception in verify_callback is ignored");
-	}
-	ossl_x509stctx_clear_ptr(rctx);
-    }
-    if (ret == Qtrue) {
-	X509_STORE_CTX_set_error(ctx, X509_V_OK);
-	ok = 1;
-    }
-    else {
-	if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
-	    X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
-	ok = 0;
-    }
-
-    return ok;
+    return (int)len;
 }
 
 /*
@@ -355,27 +297,32 @@ ossl_raise(VALUE exc, const char *fmt, ...)
     rb_exc_raise(err);
 }
 
-VALUE
-ossl_exc_new(VALUE exc, const char *fmt, ...)
-{
-    va_list args;
-    VALUE err;
-    va_start(args, fmt);
-    err = ossl_make_error(exc, fmt, args);
-    va_end(args);
-    return err;
-}
-
 void
 ossl_clear_error(void)
 {
     if (dOSSL == Qtrue) {
-	long e;
-	while ((e = ERR_get_error())) {
-	    rb_warn("error on stack: %s", ERR_error_string(e, NULL));
+	unsigned long e;
+	const char *file, *data, *errstr;
+	int line, flags;
+
+	while ((e = ERR_get_error_line_data(&file, &line, &data, &flags))) {
+	    errstr = ERR_error_string(e, NULL);
+	    if (!errstr)
+		errstr = "(null)";
+
+	    if (flags & ERR_TXT_STRING) {
+		if (!data)
+		    data = "(null)";
+		rb_warn("error on stack: %s (%s)", errstr, data);
+	    }
+	    else {
+		rb_warn("error on stack: %s", errstr);
+	    }
 	}
     }
-    ERR_clear_error();
+    else {
+	ERR_clear_error();
+    }
 }
 
 /*
@@ -1151,14 +1098,6 @@ Init_openssl(void)
     rb_define_module_function(mOSSL, "debug=", ossl_debug_set, 1);
     rb_define_module_function(mOSSL, "errors", ossl_get_errors, 0);
 
-    /*
-     * Verify callback Proc index for ext-data
-     */
-    if ((ossl_store_ctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_store_ctx_ex_verify_cb_idx", 0, 0, 0)) < 0)
-        ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index");
-    if ((ossl_store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"ossl_store_ex_verify_cb_idx", 0, 0, 0)) < 0)
-        ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index");
-
     /*
      * Get ID of to_der
      */

data/ext/openssl/ossl.h

@@ -12,37 +12,12 @@
 
 #include RUBY_EXTCONF_H
 
-#if 0
-  mOSSL = rb_define_module("OpenSSL");
-  mX509 = rb_define_module_under(mOSSL, "X509");
-#endif
-
-/*
-* OpenSSL has defined RFILE and Ruby has defined RFILE - so undef it!
-*/
-#if defined(RFILE) /*&& !defined(OSSL_DEBUG)*/
-#  undef RFILE
-#endif
+#include <assert.h>
+#include <errno.h>
 #include <ruby.h>
 #include <ruby/io.h>
 #include <ruby/thread.h>
-
 #include <openssl/opensslv.h>
-
-#ifdef HAVE_ASSERT_H
-#  include <assert.h>
-#else
-#  define assert(condition)
-#endif
-
-#if defined(_WIN32) && !defined(LIBRESSL_VERSION_NUMBER)
-#  include <openssl/e_os2.h>
-#  if !defined(OPENSSL_SYS_WIN32)
-#    define OPENSSL_SYS_WIN32 1
-#  endif
-#  include <winsock2.h>
-#endif
-#include <errno.h>
 #include <openssl/err.h>
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
@@ -53,9 +28,7 @@
 #include <openssl/rand.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
-#if !defined(_WIN32)
-#  include <openssl/crypto.h>
-#endif
+#include <openssl/crypto.h>
 #if !defined(OPENSSL_NO_ENGINE)
 #  include <openssl/engine.h>
 #endif
@@ -144,18 +117,9 @@ int ossl_pem_passwd_cb(char *, int, int, void *);
  */
 #define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error())
 NORETURN(void ossl_raise(VALUE, const char *, ...));
-VALUE ossl_exc_new(VALUE, const char *, ...);
 /* Clear OpenSSL error queue. If dOSSL is set, rb_warn() them. */
 void ossl_clear_error(void);
 
-/*
- * Verify callback
- */
-extern int ossl_store_ctx_ex_verify_cb_idx;
-extern int ossl_store_ex_verify_cb_idx;
-
-int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *);
-
 /*
  * String to DER String
  */

data/ext/openssl/ossl_asn1.c

@@ -9,15 +9,6 @@
  */
 #include "ossl.h"
 
-#if defined(HAVE_SYS_TIME_H)
-#  include <sys/time.h>
-#elif !defined(NT) && !defined(_WIN32)
-struct timeval {
-    long tv_sec;	/* seconds */
-    long tv_usec;	/* and microseconds */
-};
-#endif
-
 static VALUE join_der(VALUE enumerable);
 static VALUE ossl_asn1_decode0(unsigned char **pp, long length, long *offset,
 			       int depth, int yield, long *num_read);
@@ -110,16 +101,11 @@ asn1str_to_str(const ASN1_STRING *str)
 
 /*
  * ASN1_INTEGER conversions
- * TODO: Make a decision what's the right way to do this.
  */
-#define DO_IT_VIA_RUBY 0
 VALUE
 asn1integer_to_num(const ASN1_INTEGER *ai)
 {
     BIGNUM *bn;
-#if DO_IT_VIA_RUBY
-    char *txt;
-#endif
     VALUE num;
 
     if (!ai) {
@@ -133,43 +119,12 @@ asn1integer_to_num(const ASN1_INTEGER *ai)
 
     if (!bn)
 	ossl_raise(eOSSLError, NULL);
-#if DO_IT_VIA_RUBY
-    if (!(txt = BN_bn2dec(bn))) {
-	BN_free(bn);
-	ossl_raise(eOSSLError, NULL);
-    }
-    num = rb_cstr_to_inum(txt, 10, Qtrue);
-    OPENSSL_free(txt);
-#else
     num = ossl_bn_new(bn);
-#endif
     BN_free(bn);
 
     return num;
 }
 
-#if DO_IT_VIA_RUBY
-ASN1_INTEGER *
-num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
-{
-    BIGNUM *bn = NULL;
-
-    if (RTEST(rb_obj_is_kind_of(obj, cBN))) {
-	bn = GetBNPtr(obj);
-    } else {
-	obj = rb_String(obj);
-	if (!BN_dec2bn(&bn, StringValueCStr(obj))) {
-	    ossl_raise(eOSSLError, NULL);
-	}
-    }
-    if (!(ai = BN_to_ASN1_INTEGER(bn, ai))) {
-	BN_free(bn);
-	ossl_raise(eOSSLError, NULL);
-    }
-    BN_free(bn);
-    return ai;
-}
-#else
 ASN1_INTEGER *
 num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
 {
@@ -185,7 +140,6 @@ num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
 
     return ai;
 }
-#endif
 
 /********/
 /*
@@ -225,9 +179,10 @@ VALUE cASN1ObjectId;                          /* OBJECT IDENTIFIER */
 VALUE cASN1UTCTime, cASN1GeneralizedTime;     /* TIME              */
 VALUE cASN1Sequence, cASN1Set;                /* CONSTRUCTIVE      */
 
-static ID sIMPLICIT, sEXPLICIT;
-static ID sUNIVERSAL, sAPPLICATION, sCONTEXT_SPECIFIC, sPRIVATE;
+static VALUE sym_IMPLICIT, sym_EXPLICIT;
+static VALUE sym_UNIVERSAL, sym_APPLICATION, sym_CONTEXT_SPECIFIC, sym_PRIVATE;
 static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINFINITE_LENGTH, sivUNUSED_BITS;
+static ID id_each;
 
 /*
  * Ruby to ASN1 converters
@@ -364,13 +319,12 @@ decode_bool(unsigned char* der, long length)
 {
     const unsigned char *p = der;
 
-    assert(length == 3);
-    if (*p++ != 1)
-	ossl_raise(eASN1Error, "not a boolean");
-    if (*p++ != 1)
-	ossl_raise(eASN1Error, "length is not 1");
+    if (length != 3)
+	ossl_raise(eASN1Error, "invalid length for BOOLEAN");
+    if (p[0] != 1 || p[1] != 1)
+	ossl_raise(eASN1Error, "invalid BOOLEAN");
 
-    return *p ? Qtrue : Qfalse;
+    return p[2] ? Qtrue : Qfalse;
 }
 
 static VALUE
@@ -632,17 +586,14 @@ ossl_asn1_default_tag(VALUE obj)
     VALUE tmp_class, tag;
 
     tmp_class = CLASS_OF(obj);
-    while (tmp_class) {
+    while (!NIL_P(tmp_class)) {
 	tag = rb_hash_lookup(class_tag_map, tmp_class);
-	if (tag != Qnil) {
-       	    return NUM2INT(tag);
-      	}
-    	tmp_class = rb_class_superclass(tmp_class);
+	if (tag != Qnil)
+	    return NUM2INT(tag);
+	tmp_class = rb_class_superclass(tmp_class);
     }
     ossl_raise(eASN1Error, "universal tag for %"PRIsVALUE" not found",
 	       rb_obj_class(obj));
-
-    return -1; /* dummy */
 }
 
 static int
@@ -661,59 +612,45 @@ static int
 ossl_asn1_is_explicit(VALUE obj)
 {
     VALUE s;
-    int ret = -1;
 
     s = ossl_asn1_get_tagging(obj);
-    if(NIL_P(s)) return 0;
-    else if(SYMBOL_P(s)){
-	if (SYM2ID(s) == sIMPLICIT)
-	    ret = 0;
-	else if (SYM2ID(s) == sEXPLICIT)
-	    ret = 1;
-    }
-    if(ret < 0){
+    if (NIL_P(s) || s == sym_IMPLICIT)
+	return 0;
+    else if (s == sym_EXPLICIT)
+	return 1;
+    else
 	ossl_raise(eASN1Error, "invalid tag default");
-    }
-
-    return ret;
 }
 
 static int
 ossl_asn1_tag_class(VALUE obj)
 {
     VALUE s;
-    int ret = -1;
 
     s = ossl_asn1_get_tag_class(obj);
-    if(NIL_P(s)) ret = V_ASN1_UNIVERSAL;
-    else if(SYMBOL_P(s)){
-	if (SYM2ID(s) == sUNIVERSAL)
-	    ret = V_ASN1_UNIVERSAL;
-	else if (SYM2ID(s) == sAPPLICATION)
-	    ret = V_ASN1_APPLICATION;
-	else if (SYM2ID(s) == sCONTEXT_SPECIFIC)
-	    ret = V_ASN1_CONTEXT_SPECIFIC;
-	else if (SYM2ID(s) == sPRIVATE)
-	    ret = V_ASN1_PRIVATE;
-    }
-    if(ret < 0){
+    if (NIL_P(s) || s == sym_UNIVERSAL)
+	return V_ASN1_UNIVERSAL;
+    else if (s == sym_APPLICATION)
+	return V_ASN1_APPLICATION;
+    else if (s == sym_CONTEXT_SPECIFIC)
+	return V_ASN1_CONTEXT_SPECIFIC;
+    else if (s == sym_PRIVATE)
+	return V_ASN1_PRIVATE;
+    else
 	ossl_raise(eASN1Error, "invalid tag class");
-    }
-
-    return ret;
 }
 
 static VALUE
 ossl_asn1_class2sym(int tc)
 {
     if((tc & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-	return ID2SYM(sPRIVATE);
+	return sym_PRIVATE;
     else if((tc & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-	return ID2SYM(sCONTEXT_SPECIFIC);
+	return sym_CONTEXT_SPECIFIC;
     else if((tc & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-	return ID2SYM(sAPPLICATION);
+	return sym_APPLICATION;
     else
-	return ID2SYM(sUNIVERSAL);
+	return sym_UNIVERSAL;
 }
 
 /*
@@ -737,7 +674,7 @@ ossl_asn1data_initialize(VALUE self, VALUE value, VALUE tag, VALUE tag_class)
 {
     if(!SYMBOL_P(tag_class))
 	ossl_raise(eASN1Error, "invalid tag class");
-    if((SYM2ID(tag_class) == sUNIVERSAL) && NUM2INT(tag) > 31)
+    if (tag_class == sym_UNIVERSAL && NUM2INT(tag) > 31)
 	ossl_raise(eASN1Error, "tag number for Universal too large");
     ossl_asn1_set_tag(self, tag);
     ossl_asn1_set_value(self, value);
@@ -760,7 +697,7 @@ static VALUE
 join_der(VALUE enumerable)
 {
     VALUE str = rb_str_new(0, 0);
-    rb_block_call(enumerable, rb_intern("each"), 0, 0, join_der_i, str);
+    rb_block_call(enumerable, id_each, 0, 0, join_der_i, str);
     return str;
 }
 
@@ -816,7 +753,7 @@ int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
 
     p = *pp;
 
-    if(tc == sUNIVERSAL && tag < ossl_asn1_info_size) {
+    if(tc == sym_UNIVERSAL && tag < ossl_asn1_info_size) {
 	switch(tag){
 	case V_ASN1_EOC:
 	    value = decode_eoc(p, hlen+length);
@@ -858,13 +795,14 @@ int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
     *pp += hlen + length;
     *num_read = hlen + length;
 
-    if (tc == sUNIVERSAL && tag < ossl_asn1_info_size && ossl_asn1_info[tag].klass) {
+    if (tc == sym_UNIVERSAL &&
+	tag < ossl_asn1_info_size && ossl_asn1_info[tag].klass) {
 	VALUE klass = *ossl_asn1_info[tag].klass;
 	VALUE args[4];
 	args[0] = value;
 	args[1] = INT2NUM(tag);
 	args[2] = Qnil;
-	args[3] = ID2SYM(tc);
+	args[3] = tc;
 	asn1data = rb_obj_alloc(klass);
 	ossl_asn1_initialize(4, args, asn1data);
 	if(tag == V_ASN1_BIT_STRING){
@@ -873,7 +811,7 @@ int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
     }
     else {
 	asn1data = rb_obj_alloc(cASN1Data);
-	ossl_asn1data_initialize(asn1data, value, INT2NUM(tag), ID2SYM(tc));
+	ossl_asn1data_initialize(asn1data, value, INT2NUM(tag), tc);
     }
 
     return asn1data;
@@ -886,28 +824,27 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
 {
     VALUE value, asn1data, ary;
     int infinite;
-    long off = *offset;
+    long available_len, off = *offset;
 
     infinite = (j == 0x21);
     ary = rb_ary_new();
 
-    while (length > 0 || infinite) {
+    available_len = infinite ? max_len : length;
+    while (available_len > 0) {
 	long inner_read = 0;
-	value = ossl_asn1_decode0(pp, max_len, &off, depth + 1, yield, &inner_read);
+	value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read);
 	*num_read += inner_read;
-	max_len -= inner_read;
+	available_len -= inner_read;
 	rb_ary_push(ary, value);
-	if (length > 0)
-	    length -= inner_read;
 
 	if (infinite &&
 	    NUM2INT(ossl_asn1_get_tag(value)) == V_ASN1_EOC &&
-	    SYM2ID(ossl_asn1_get_tag_class(value)) == sUNIVERSAL) {
+	    ossl_asn1_get_tag_class(value) == sym_UNIVERSAL) {
 	    break;
 	}
     }
 
-    if (tc == sUNIVERSAL) {
+    if (tc == sym_UNIVERSAL) {
 	VALUE args[4];
 	int not_sequence_or_set;
 
@@ -929,12 +866,12 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
 	args[0] = ary;
 	args[1] = INT2NUM(tag);
 	args[2] = Qnil;
-	args[3] = ID2SYM(tc);
+	args[3] = tc;
 	ossl_asn1_initialize(4, args, asn1data);
     }
     else {
 	asn1data = rb_obj_alloc(cASN1Data);
-	ossl_asn1data_initialize(asn1data, ary, INT2NUM(tag), ID2SYM(tc));
+	ossl_asn1data_initialize(asn1data, ary, INT2NUM(tag), tc);
     }
 
     if (infinite)
@@ -964,13 +901,13 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth,
     if(j & 0x80) ossl_raise(eASN1Error, NULL);
     if(len > length) ossl_raise(eASN1Error, "value is too short");
     if((tc & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-	tag_class = sPRIVATE;
+	tag_class = sym_PRIVATE;
     else if((tc & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-	tag_class = sCONTEXT_SPECIFIC;
+	tag_class = sym_CONTEXT_SPECIFIC;
     else if((tc & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-	tag_class = sAPPLICATION;
+	tag_class = sym_APPLICATION;
     else
-	tag_class = sUNIVERSAL;
+	tag_class = sym_UNIVERSAL;
 
     hlen = p - start;
 
@@ -989,7 +926,7 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth,
     if(j & V_ASN1_CONSTRUCTED) {
 	*pp += hlen;
 	off += hlen;
-	asn1data = int_ossl_asn1_decode0_cons(pp, length, len, &off, depth, yield, j, tag, tag_class, &inner_read);
+	asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read);
 	inner_read += hlen;
     }
     else {
@@ -1162,19 +1099,19 @@ ossl_asn1_initialize(int argc, VALUE *argv, VALUE self)
 	    ossl_raise(eASN1Error, "invalid tagging method");
 	if(NIL_P(tag_class)) {
 	    if (NIL_P(tagging))
-		tag_class = ID2SYM(sUNIVERSAL);
+		tag_class = sym_UNIVERSAL;
 	    else
-		tag_class = ID2SYM(sCONTEXT_SPECIFIC);
+		tag_class = sym_CONTEXT_SPECIFIC;
 	}
 	if(!SYMBOL_P(tag_class))
 	    ossl_raise(eASN1Error, "invalid tag class");
-	if(!NIL_P(tagging) && SYM2ID(tagging) == sIMPLICIT && NUM2INT(tag) > 31)
+	if (tagging == sym_IMPLICIT && NUM2INT(tag) > 31)
 	    ossl_raise(eASN1Error, "tag number for Universal too large");
     }
     else{
 	tag = INT2NUM(ossl_asn1_default_tag(self));
 	tagging = Qnil;
-	tag_class = ID2SYM(sUNIVERSAL);
+	tag_class = sym_UNIVERSAL;
     }
     ossl_asn1_set_tag(self, tag);
     ossl_asn1_set_value(self, value);
@@ -1190,7 +1127,7 @@ ossl_asn1eoc_initialize(VALUE self) {
     VALUE tag, tagging, tag_class, value;
     tag = INT2NUM(ossl_asn1_default_tag(self));
     tagging = Qnil;
-    tag_class = ID2SYM(sUNIVERSAL);
+    tag_class = sym_UNIVERSAL;
     value = rb_str_new("", 0);
     ossl_asn1_set_tag(self, tag);
     ossl_asn1_set_value(self, value);
@@ -1264,8 +1201,8 @@ ossl_asn1cons_to_der(VALUE self)
     if (inf_length == Qtrue) {
 	VALUE ary, example;
 	constructed = 2;
-	if (CLASS_OF(self) == cASN1Sequence ||
-	    CLASS_OF(self) == cASN1Set) {
+	if (rb_obj_class(self) == cASN1Sequence ||
+	    rb_obj_class(self) == cASN1Set) {
 	    tag = ossl_asn1_default_tag(self);
 	}
 	else { /* must be a constructive encoding of a primitive value */
@@ -1294,7 +1231,7 @@ ossl_asn1cons_to_der(VALUE self)
 	}
     }
     else {
-	if (CLASS_OF(self) == cASN1Constructive)
+	if (rb_obj_class(self) == cASN1Constructive)
 	    ossl_raise(eASN1Error, "Constructive shall only be used with infinite length");
 	tag = ossl_asn1_default_tag(self);
     }
@@ -1348,7 +1285,8 @@ ossl_asn1cons_to_der(VALUE self)
 static VALUE
 ossl_asn1cons_each(VALUE self)
 {
-    rb_ary_each(ossl_asn1_get_value(self));
+    rb_funcall(ossl_asn1_get_value(self), id_each, 0);
+
     return self;
 }
 
@@ -1476,12 +1414,12 @@ Init_ossl_asn1(void)
     eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
 #endif
 
-    sUNIVERSAL = rb_intern("UNIVERSAL");
-    sCONTEXT_SPECIFIC = rb_intern("CONTEXT_SPECIFIC");
-    sAPPLICATION = rb_intern("APPLICATION");
-    sPRIVATE = rb_intern("PRIVATE");
-    sEXPLICIT = rb_intern("EXPLICIT");
-    sIMPLICIT = rb_intern("IMPLICIT");
+    sym_UNIVERSAL = ID2SYM(rb_intern_const("UNIVERSAL"));
+    sym_CONTEXT_SPECIFIC = ID2SYM(rb_intern_const("CONTEXT_SPECIFIC"));
+    sym_APPLICATION = ID2SYM(rb_intern_const("APPLICATION"));
+    sym_PRIVATE = ID2SYM(rb_intern_const("PRIVATE"));
+    sym_EXPLICIT = ID2SYM(rb_intern_const("EXPLICIT"));
+    sym_IMPLICIT = ID2SYM(rb_intern_const("IMPLICIT"));
 
     sivVALUE = rb_intern("@value");
     sivTAG = rb_intern("@tag");
@@ -1989,4 +1927,6 @@ do{\
     rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
     rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
     rb_global_variable(&class_tag_map);
+
+    id_each = rb_intern_const("each");
 }