openssl 2.0.0.beta.2 → 2.0.0

data/ext/openssl/ossl_ssl_session.c

@@ -108,11 +108,7 @@ int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
     if (a_len != b_len)
 	return 1;
 
-#if defined(_WIN32)
-    return memcmp(a_sid, b_sid, a_len);
-#else
     return CRYPTO_memcmp(a_sid, b_sid, a_len);
-#endif
 }
 #endif
 
@@ -141,19 +137,18 @@ static VALUE ossl_ssl_session_eq(VALUE val1, VALUE val2)
  *
  * Returns the time at which the session was established.
  */
-static VALUE ossl_ssl_session_get_time(VALUE self)
+static VALUE
+ossl_ssl_session_get_time(VALUE self)
 {
-	SSL_SESSION *ctx;
-	time_t t;
-
-	GetSSLSession(self, ctx);
-
-	t = SSL_SESSION_get_time(ctx);
+    SSL_SESSION *ctx;
+    long t;
 
-	if (t == 0)
-		return Qnil;
+    GetSSLSession(self, ctx);
+    t = SSL_SESSION_get_time(ctx);
+    if (t == 0)
+	return Qnil;
 
-	return rb_funcall(rb_cTime, rb_intern("at"), 1, TIMET2NUM(t));
+    return rb_funcall(rb_cTime, rb_intern("at"), 1, LONG2NUM(t));
 }
 
 /*
@@ -164,16 +159,16 @@ static VALUE ossl_ssl_session_get_time(VALUE self)
  * established time.
  *
  */
-static VALUE ossl_ssl_session_get_timeout(VALUE self)
+static VALUE
+ossl_ssl_session_get_timeout(VALUE self)
 {
-	SSL_SESSION *ctx;
-	time_t t;
+    SSL_SESSION *ctx;
+    long t;
 
-	GetSSLSession(self, ctx);
-
-	t = SSL_SESSION_get_timeout(ctx);
+    GetSSLSession(self, ctx);
+    t = SSL_SESSION_get_timeout(ctx);
 
-	return TIMET2NUM(t);
+    return LONG2NUM(t);
 }
 
 /*
@@ -270,9 +265,6 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
 {
 	SSL_SESSION *ctx;
 	BIO *out;
-	BUF_MEM *buf;
-	VALUE str;
-	int i;
 
 	GetSSLSession(self, ctx);
 
@@ -280,16 +272,13 @@ static VALUE ossl_ssl_session_to_pem(VALUE self)
 		ossl_raise(eSSLSession, "BIO_s_mem()");
 	}
 
-	if (!(i=PEM_write_bio_SSL_SESSION(out, ctx))) {
+	if (!PEM_write_bio_SSL_SESSION(out, ctx)) {
 		BIO_free(out);
 		ossl_raise(eSSLSession, "SSL_SESSION_print()");
 	}
 
-	BIO_get_mem_ptr(out, &buf);
-	str = rb_str_new(buf->data, buf->length);
-	BIO_free(out);
 
-	return str;
+	return ossl_membio2str(out);
 }
 
 
@@ -303,8 +292,6 @@ static VALUE ossl_ssl_session_to_text(VALUE self)
 {
 	SSL_SESSION *ctx;
 	BIO *out;
-	BUF_MEM *buf;
-	VALUE str;
 
 	GetSSLSession(self, ctx);
 
@@ -317,11 +304,7 @@ static VALUE ossl_ssl_session_to_text(VALUE self)
 		ossl_raise(eSSLSession, "SSL_SESSION_print()");
 	}
 
-	BIO_get_mem_ptr(out, &buf);
-	str = rb_str_new(buf->data, buf->length);
-	BIO_free(out);
-
-	return str;
+	return ossl_membio2str(out);
 }
 
 

data/ext/openssl/ossl_x509.h

@@ -110,10 +110,13 @@ VALUE ossl_x509store_new(X509_STORE *);
 X509_STORE *GetX509StorePtr(VALUE);
 X509_STORE *DupX509StorePtr(VALUE);
 
-VALUE ossl_x509stctx_new(X509_STORE_CTX *);
-VALUE ossl_x509stctx_clear_ptr(VALUE);
 X509_STORE_CTX *GetX509StCtxtPtr(VALUE);
-
 void Init_ossl_x509store(void);
 
+/*
+ * Calls the verify callback Proc (the first parameter) with given pre-verify
+ * result and the X509_STORE_CTX.
+ */
+int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *);
+
 #endif /* _OSSL_X509_H_ */

data/ext/openssl/ossl_x509cert.c

@@ -624,7 +624,7 @@ ossl_x509_check_private_key(VALUE self, VALUE key)
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
     GetX509(self, x509);
     if (!X509_check_private_key(x509, pkey)) {
-	OSSL_Warning("Check private key:%s", OSSL_ErrMsg());
+	ossl_clear_error();
 	return Qfalse;
     }
 

data/ext/openssl/ossl_x509crl.c

@@ -182,8 +182,6 @@ ossl_x509crl_get_signature_algorithm(VALUE self)
     X509_CRL *crl;
     const X509_ALGOR *alg;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
 
     GetX509CRL(self, crl);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -194,10 +192,8 @@ ossl_x509crl_get_signature_algorithm(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509CRLError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+
+    return ossl_membio2str(out);
 }
 
 static VALUE
@@ -388,8 +384,6 @@ ossl_x509crl_to_der(VALUE self)
 {
     X509_CRL *crl;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
 
     GetX509CRL(self, crl);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -399,11 +393,8 @@ ossl_x509crl_to_der(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509CRLError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
 
-    return str;
+    return ossl_membio2str(out);
 }
 
 static VALUE
@@ -411,8 +402,6 @@ ossl_x509crl_to_pem(VALUE self)
 {
     X509_CRL *crl;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
 
     GetX509CRL(self, crl);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -422,11 +411,8 @@ ossl_x509crl_to_pem(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509CRLError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
 
-    return str;
+    return ossl_membio2str(out);
 }
 
 static VALUE
@@ -434,8 +420,6 @@ ossl_x509crl_to_text(VALUE self)
 {
     X509_CRL *crl;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
 
     GetX509CRL(self, crl);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -445,11 +429,8 @@ ossl_x509crl_to_text(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509CRLError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
 
-    return str;
+    return ossl_membio2str(out);
 }
 
 /*

data/ext/openssl/ossl_x509name.c

@@ -372,12 +372,10 @@ ossl_x509name_cmp(VALUE self, VALUE other)
 static VALUE
 ossl_x509name_eql(VALUE self, VALUE other)
 {
-    int result;
-
-    if(CLASS_OF(other) != cX509Name) return Qfalse;
-    result = ossl_x509name_cmp0(self, other);
+    if (!rb_obj_is_kind_of(other, cX509Name))
+	return Qfalse;
 
-    return (result == 0) ? Qtrue : Qfalse;
+    return ossl_x509name_cmp0(self, other) ? Qtrue : Qfalse;
 }
 
 /*

data/ext/openssl/ossl_x509req.c

@@ -160,8 +160,6 @@ ossl_x509req_to_pem(VALUE self)
 {
     X509_REQ *req;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
 
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -171,11 +169,8 @@ ossl_x509req_to_pem(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
 
-    return str;
+    return ossl_membio2str(out);
 }
 
 static VALUE
@@ -203,8 +198,6 @@ ossl_x509req_to_text(VALUE self)
 {
     X509_REQ *req;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
 
     GetX509Req(self, req);
     if (!(out = BIO_new(BIO_s_mem()))) {
@@ -214,11 +207,8 @@ ossl_x509req_to_text(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
 
-    return str;
+    return ossl_membio2str(out);
 }
 
 #if 0
@@ -304,8 +294,6 @@ ossl_x509req_get_signature_algorithm(VALUE self)
     X509_REQ *req;
     const X509_ALGOR *alg;
     BIO *out;
-    BUF_MEM *buf;
-    VALUE str;
 
     GetX509Req(self, req);
 
@@ -317,10 +305,8 @@ ossl_x509req_get_signature_algorithm(VALUE self)
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
-    BIO_get_mem_ptr(out, &buf);
-    str = rb_str_new(buf->data, buf->length);
-    BIO_free(out);
-    return str;
+
+    return ossl_membio2str(out);
 }
 
 static VALUE

data/ext/openssl/ossl_x509store.c

@@ -47,6 +47,65 @@
     GetX509Store((obj), (ctx)); \
 } while (0)
 
+/*
+ * Verify callback stuff
+ */
+static int stctx_ex_verify_cb_idx, store_ex_verify_cb_idx;
+static VALUE ossl_x509stctx_new(X509_STORE_CTX *);
+
+struct ossl_verify_cb_args {
+    VALUE proc;
+    VALUE preverify_ok;
+    VALUE store_ctx;
+};
+
+static VALUE
+call_verify_cb_proc(struct ossl_verify_cb_args *args)
+{
+    return rb_funcall(args->proc, rb_intern("call"), 2,
+		      args->preverify_ok, args->store_ctx);
+}
+
+int
+ossl_verify_cb_call(VALUE proc, int ok, X509_STORE_CTX *ctx)
+{
+    VALUE rctx, ret;
+    struct ossl_verify_cb_args args;
+    int state;
+
+    if (NIL_P(proc))
+	return ok;
+
+    ret = Qfalse;
+    rctx = rb_protect((VALUE(*)(VALUE))ossl_x509stctx_new, (VALUE)ctx, &state);
+    if (state) {
+	rb_set_errinfo(Qnil);
+	rb_warn("StoreContext initialization failure");
+    }
+    else {
+	args.proc = proc;
+	args.preverify_ok = ok ? Qtrue : Qfalse;
+	args.store_ctx = rctx;
+	ret = rb_protect((VALUE(*)(VALUE))call_verify_cb_proc, (VALUE)&args, &state);
+	if (state) {
+	    rb_set_errinfo(Qnil);
+	    rb_warn("exception in verify_callback is ignored");
+	}
+	RTYPEDDATA_DATA(rctx) = NULL;
+    }
+    if (ret == Qtrue) {
+	X509_STORE_CTX_set_error(ctx, X509_V_OK);
+	ok = 1;
+    }
+    else {
+	if (X509_STORE_CTX_get_error(ctx) == X509_V_OK)
+	    X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED);
+	ok = 0;
+    }
+
+    return ok;
+}
+
 /*
  * Classes
  */
@@ -111,9 +170,10 @@ x509store_verify_cb(int ok, X509_STORE_CTX *ctx)
 {
     VALUE proc;
 
-    proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx);
+    proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, stctx_ex_verify_cb_idx);
     if (!proc)
-	proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx);
+	proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx),
+					     store_ex_verify_cb_idx);
     if (!proc)
 	return ok;
 
@@ -144,7 +204,7 @@ ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
     X509_STORE *store;
 
     GetX509Store(self, store);
-    X509_STORE_set_ex_data(store, ossl_store_ex_verify_cb_idx, (void *)cb);
+    X509_STORE_set_ex_data(store, store_ex_verify_cb_idx, (void *)cb);
     rb_iv_set(self, "@verify_callback", cb);
 
     return cb;
@@ -432,27 +492,6 @@ static const rb_data_type_t ossl_x509stctx_type = {
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
 };
 
-
-VALUE
-ossl_x509stctx_new(X509_STORE_CTX *ctx)
-{
-    VALUE obj;
-
-    obj = NewX509StCtx(cX509StoreContext);
-    SetX509StCtx(obj, ctx);
-
-    return obj;
-}
-
-VALUE
-ossl_x509stctx_clear_ptr(VALUE obj)
-{
-    OSSL_Check_Kind(obj, cX509StoreContext);
-    RDATA(obj)->data = NULL;
-
-    return obj;
-}
-
 /*
  * Private functions
  */
@@ -482,6 +521,17 @@ ossl_x509stctx_alloc(VALUE klass)
     return obj;
 }
 
+static VALUE
+ossl_x509stctx_new(X509_STORE_CTX *ctx)
+{
+    VALUE obj;
+
+    obj = NewX509StCtx(cX509StoreContext);
+    SetX509StCtx(obj, ctx);
+
+    return obj;
+}
+
 static VALUE ossl_x509stctx_set_flags(VALUE, VALUE);
 static VALUE ossl_x509stctx_set_purpose(VALUE, VALUE);
 static VALUE ossl_x509stctx_set_trust(VALUE, VALUE);
@@ -527,7 +577,7 @@ ossl_x509stctx_verify(VALUE self)
     X509_STORE_CTX *ctx;
 
     GetX509StCtx(self, ctx);
-    X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx,
+    X509_STORE_CTX_set_ex_data(ctx, stctx_ex_verify_cb_idx,
 			       (void *)rb_iv_get(self, "@verify_callback"));
 
     switch (X509_verify_cert(ctx)) {
@@ -747,6 +797,14 @@ Init_ossl_x509store(void)
     mX509 = rb_define_module_under(mOSSL, "X509");
 #endif
 
+    /* Register ext_data slot for verify callback Proc */
+    stctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"stctx_ex_verify_cb_idx", 0, 0, 0);
+    if (stctx_ex_verify_cb_idx < 0)
+	ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index");
+    store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"store_ex_verify_cb_idx", 0, 0, 0);
+    if (store_ex_verify_cb_idx < 0)
+	ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index");
+
     eX509StoreError = rb_define_class_under(mX509, "StoreError", eOSSLError);
 
     /* Document-class: OpenSSL::X509::Store