openssl 3.2.1 → 3.3.0

data/ext/openssl/ossl_asn1.c

@@ -5,13 +5,12 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
 static VALUE ossl_asn1_decode0(unsigned char **pp, long length, long *offset,
 			       int depth, int yield, long *num_read);
-static VALUE ossl_asn1_initialize(int argc, VALUE *argv, VALUE self);
 
 /*
  * DATE conversion
@@ -158,38 +157,33 @@ asn1integer_to_num_i(VALUE arg)
 #define ossl_asn1_get_tag_class(o)       rb_attr_get((o),sivTAG_CLASS)
 #define ossl_asn1_get_indefinite_length(o) rb_attr_get((o),sivINDEFINITE_LENGTH)
 
-#define ossl_asn1_set_value(o,v)           rb_ivar_set((o),sivVALUE,(v))
-#define ossl_asn1_set_tag(o,v)             rb_ivar_set((o),sivTAG,(v))
-#define ossl_asn1_set_tagging(o,v)         rb_ivar_set((o),sivTAGGING,(v))
-#define ossl_asn1_set_tag_class(o,v)       rb_ivar_set((o),sivTAG_CLASS,(v))
 #define ossl_asn1_set_indefinite_length(o,v) rb_ivar_set((o),sivINDEFINITE_LENGTH,(v))
 
 VALUE mASN1;
 VALUE eASN1Error;
 
 VALUE cASN1Data;
-VALUE cASN1Primitive;
-VALUE cASN1Constructive;
-
-VALUE cASN1EndOfContent;
-VALUE cASN1Boolean;                           /* BOOLEAN           */
-VALUE cASN1Integer, cASN1Enumerated;          /* INTEGER           */
-VALUE cASN1BitString;                         /* BIT STRING        */
-VALUE cASN1OctetString, cASN1UTF8String;      /* STRINGs           */
-VALUE cASN1NumericString, cASN1PrintableString;
-VALUE cASN1T61String, cASN1VideotexString;
-VALUE cASN1IA5String, cASN1GraphicString;
-VALUE cASN1ISO64String, cASN1GeneralString;
-VALUE cASN1UniversalString, cASN1BMPString;
-VALUE cASN1Null;                              /* NULL              */
-VALUE cASN1ObjectId;                          /* OBJECT IDENTIFIER */
-VALUE cASN1UTCTime, cASN1GeneralizedTime;     /* TIME              */
-VALUE cASN1Sequence, cASN1Set;                /* CONSTRUCTIVE      */
+static VALUE cASN1Primitive;
+static VALUE cASN1Constructive;
+
+static VALUE cASN1EndOfContent;
+static VALUE cASN1Boolean;                           /* BOOLEAN           */
+static VALUE cASN1Integer, cASN1Enumerated;          /* INTEGER           */
+static VALUE cASN1BitString;                         /* BIT STRING        */
+static VALUE cASN1OctetString, cASN1UTF8String;      /* STRINGs           */
+static VALUE cASN1NumericString, cASN1PrintableString;
+static VALUE cASN1T61String, cASN1VideotexString;
+static VALUE cASN1IA5String, cASN1GraphicString;
+static VALUE cASN1ISO64String, cASN1GeneralString;
+static VALUE cASN1UniversalString, cASN1BMPString;
+static VALUE cASN1Null;                              /* NULL              */
+static VALUE cASN1ObjectId;                          /* OBJECT IDENTIFIER */
+static VALUE cASN1UTCTime, cASN1GeneralizedTime;     /* TIME              */
+static VALUE cASN1Sequence, cASN1Set;                /* CONSTRUCTIVE      */
 
 static VALUE sym_IMPLICIT, sym_EXPLICIT;
 static VALUE sym_UNIVERSAL, sym_APPLICATION, sym_CONTEXT_SPECIFIC, sym_PRIVATE;
 static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINDEFINITE_LENGTH, sivUNUSED_BITS;
-static ID id_each;
 
 /*
  * Ruby to ASN1 converters
@@ -503,7 +497,7 @@ static VALUE class_tag_map;
 
 static int ossl_asn1_default_tag(VALUE obj);
 
-ASN1_TYPE*
+static ASN1_TYPE *
 ossl_asn1_get_asn1type(VALUE obj)
 {
     ASN1_TYPE *ret;
@@ -638,35 +632,6 @@ ossl_asn1_class2sym(int tc)
 	return sym_UNIVERSAL;
 }
 
-/*
- * call-seq:
- *    OpenSSL::ASN1::ASN1Data.new(value, tag, tag_class) => ASN1Data
- *
- * _value_: Please have a look at Constructive and Primitive to see how Ruby
- * types are mapped to ASN.1 types and vice versa.
- *
- * _tag_: An Integer indicating the tag number.
- *
- * _tag_class_: A Symbol indicating the tag class. Please cf. ASN1 for
- * possible values.
- *
- * == Example
- *   asn1_int = OpenSSL::ASN1Data.new(42, 2, :UNIVERSAL) # => Same as OpenSSL::ASN1::Integer.new(42)
- *   tagged_int = OpenSSL::ASN1Data.new(42, 0, :CONTEXT_SPECIFIC) # implicitly 0-tagged INTEGER
- */
-static VALUE
-ossl_asn1data_initialize(VALUE self, VALUE value, VALUE tag, VALUE tag_class)
-{
-    if(!SYMBOL_P(tag_class))
-	ossl_raise(eASN1Error, "invalid tag class");
-    ossl_asn1_set_tag(self, tag);
-    ossl_asn1_set_value(self, value);
-    ossl_asn1_set_tag_class(self, tag_class);
-    ossl_asn1_set_indefinite_length(self, Qfalse);
-
-    return self;
-}
-
 static VALUE
 to_der_internal(VALUE self, int constructed, int indef_len, VALUE body)
 {
@@ -795,20 +760,19 @@ int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
     if (tc == sym_UNIVERSAL &&
 	tag < ossl_asn1_info_size && ossl_asn1_info[tag].klass) {
 	VALUE klass = *ossl_asn1_info[tag].klass;
-	VALUE args[4];
-	args[0] = value;
-	args[1] = INT2NUM(tag);
-	args[2] = Qnil;
-	args[3] = tc;
-	asn1data = rb_obj_alloc(klass);
-	ossl_asn1_initialize(4, args, asn1data);
+	if (tag == V_ASN1_EOC)
+	    asn1data = rb_funcall(cASN1EndOfContent, rb_intern("new"), 0);
+	else {
+	    VALUE args[4] = { value, INT2NUM(tag), Qnil, tc };
+	    asn1data = rb_funcallv_public(klass, rb_intern("new"), 4, args);
+	}
 	if(tag == V_ASN1_BIT_STRING){
 	    rb_ivar_set(asn1data, sivUNUSED_BITS, LONG2NUM(flag));
 	}
     }
     else {
-	asn1data = rb_obj_alloc(cASN1Data);
-	ossl_asn1data_initialize(asn1data, value, INT2NUM(tag), tc);
+        VALUE args[3] = { value, INT2NUM(tag), tc };
+        asn1data = rb_funcallv_public(cASN1Data, rb_intern("new"), 3, args);
     }
 
     return asn1data;
@@ -842,20 +806,20 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
     }
 
     if (tc == sym_UNIVERSAL) {
-	VALUE args[4];
-	if (tag == V_ASN1_SEQUENCE || tag == V_ASN1_SET)
-	    asn1data = rb_obj_alloc(*ossl_asn1_info[tag].klass);
-	else
-	    asn1data = rb_obj_alloc(cASN1Constructive);
-	args[0] = ary;
-	args[1] = INT2NUM(tag);
-	args[2] = Qnil;
-	args[3] = tc;
-	ossl_asn1_initialize(4, args, asn1data);
+        if (tag == V_ASN1_SEQUENCE) {
+            VALUE args[4] = { ary, INT2NUM(tag), Qnil, tc };
+            asn1data = rb_funcallv_public(cASN1Sequence, rb_intern("new"), 4, args);
+        } else if (tag == V_ASN1_SET) {
+            VALUE args[4] = { ary, INT2NUM(tag), Qnil, tc };
+            asn1data = rb_funcallv_public(cASN1Set, rb_intern("new"), 4, args);
+        } else {
+            VALUE args[4] = { ary, INT2NUM(tag), Qnil, tc };
+            asn1data = rb_funcallv_public(cASN1Constructive, rb_intern("new"), 4, args);
+        }
     }
     else {
-	asn1data = rb_obj_alloc(cASN1Data);
-	ossl_asn1data_initialize(asn1data, ary, INT2NUM(tag), tc);
+        VALUE args[3] = {ary, INT2NUM(tag), tc};
+        asn1data = rb_funcallv_public(cASN1Data, rb_intern("new"), 3, args);
     }
 
     if (indefinite)
@@ -1048,83 +1012,6 @@ ossl_asn1_decode_all(VALUE self, VALUE obj)
     return ary;
 }
 
-/*
- * call-seq:
- *    OpenSSL::ASN1::Primitive.new(value [, tag, tagging, tag_class ]) => Primitive
- *
- * _value_: is mandatory.
- *
- * _tag_: optional, may be specified for tagged values. If no _tag_ is
- * specified, the UNIVERSAL tag corresponding to the Primitive sub-class
- * is used by default.
- *
- * _tagging_: may be used as an encoding hint to encode a value either
- * explicitly or implicitly, see ASN1 for possible values.
- *
- * _tag_class_: if _tag_ and _tagging_ are +nil+ then this is set to
- * +:UNIVERSAL+ by default. If either _tag_ or _tagging_ are set then
- * +:CONTEXT_SPECIFIC+ is used as the default. For possible values please
- * cf. ASN1.
- *
- * == Example
- *   int = OpenSSL::ASN1::Integer.new(42)
- *   zero_tagged_int = OpenSSL::ASN1::Integer.new(42, 0, :IMPLICIT)
- *   private_explicit_zero_tagged_int = OpenSSL::ASN1::Integer.new(42, 0, :EXPLICIT, :PRIVATE)
- */
-static VALUE
-ossl_asn1_initialize(int argc, VALUE *argv, VALUE self)
-{
-    VALUE value, tag, tagging, tag_class;
-    int default_tag;
-
-    rb_scan_args(argc, argv, "13", &value, &tag, &tagging, &tag_class);
-    default_tag = ossl_asn1_default_tag(self);
-
-    if (default_tag == -1 || argc > 1) {
-	if(NIL_P(tag))
-	    ossl_raise(eASN1Error, "must specify tag number");
-	if(!NIL_P(tagging) && !SYMBOL_P(tagging))
-	    ossl_raise(eASN1Error, "invalid tagging method");
-	if(NIL_P(tag_class)) {
-	    if (NIL_P(tagging))
-		tag_class = sym_UNIVERSAL;
-	    else
-		tag_class = sym_CONTEXT_SPECIFIC;
-	}
-	if(!SYMBOL_P(tag_class))
-	    ossl_raise(eASN1Error, "invalid tag class");
-    }
-    else{
-	tag = INT2NUM(default_tag);
-	tagging = Qnil;
-	tag_class = sym_UNIVERSAL;
-    }
-    ossl_asn1_set_tag(self, tag);
-    ossl_asn1_set_value(self, value);
-    ossl_asn1_set_tagging(self, tagging);
-    ossl_asn1_set_tag_class(self, tag_class);
-    ossl_asn1_set_indefinite_length(self, Qfalse);
-    if (default_tag == V_ASN1_BIT_STRING)
-	rb_ivar_set(self, sivUNUSED_BITS, INT2FIX(0));
-
-    return self;
-}
-
-static VALUE
-ossl_asn1eoc_initialize(VALUE self) {
-    VALUE tag, tagging, tag_class, value;
-    tag = INT2FIX(0);
-    tagging = Qnil;
-    tag_class = sym_UNIVERSAL;
-    value = rb_str_new("", 0);
-    ossl_asn1_set_tag(self, tag);
-    ossl_asn1_set_value(self, value);
-    ossl_asn1_set_tagging(self, tagging);
-    ossl_asn1_set_tag_class(self, tag_class);
-    ossl_asn1_set_indefinite_length(self, Qfalse);
-    return self;
-}
-
 static VALUE
 ossl_asn1eoc_to_der(VALUE self)
 {
@@ -1163,9 +1050,12 @@ ossl_asn1prim_to_der(VALUE self)
 	rb_jump_tag(state);
     }
     p0 = p1 = (unsigned char *)RSTRING_PTR(str);
-    i2d_ASN1_TYPE(asn1, &p0);
+    if (i2d_ASN1_TYPE(asn1, &p0) < 0) {
+        ASN1_TYPE_free(asn1);
+        ossl_raise(eASN1Error, "i2d_ASN1_TYPE");
+    }
     ASN1_TYPE_free(asn1);
-    assert(p0 - p1 == alllen);
+    ossl_str_adjust(str, p0);
 
     /* Strip header since to_der_internal() wants only the payload */
     j = ASN1_get_object((const unsigned char **)&p1, &bodylen, &tag, &tc, alllen);
@@ -1213,27 +1103,6 @@ ossl_asn1cons_to_der(VALUE self)
     return to_der_internal(self, 1, indef_len, str);
 }
 
-/*
- * call-seq:
- *    asn1_ary.each { |asn1| block } => asn1_ary
- *
- * Calls the given block once for each element in self, passing that element
- * as parameter _asn1_. If no block is given, an enumerator is returned
- * instead.
- *
- * == Example
- *   asn1_ary.each do |asn1|
- *     puts asn1
- *   end
- */
-static VALUE
-ossl_asn1cons_each(VALUE self)
-{
-    rb_block_call(ossl_asn1_get_value(self), id_each, 0, 0, 0, 0);
-
-    return self;
-}
-
 /*
  * call-seq:
  *    OpenSSL::ASN1::ObjectId.register(object_id, short_name, long_name)
@@ -1363,7 +1232,7 @@ ossl_asn1obj_eq(VALUE self, VALUE other)
 
 #define OSSL_ASN1_IMPL_FACTORY_METHOD(klass) \
 static VALUE ossl_asn1_##klass(int argc, VALUE *argv, VALUE self)\
-{ return rb_funcall3(cASN1##klass, rb_intern("new"), argc, argv); }
+{ return rb_funcallv_public(cASN1##klass, rb_intern("new"), argc, argv); }
 
 OSSL_ASN1_IMPL_FACTORY_METHOD(Boolean)
 OSSL_ASN1_IMPL_FACTORY_METHOD(Integer)
@@ -1649,42 +1518,6 @@ Init_ossl_asn1(void)
      *   puts int2.value # => 1
      */
     cASN1Data = rb_define_class_under(mASN1, "ASN1Data", rb_cObject);
-    /*
-     * Carries the value of a ASN.1 type.
-     * Please confer Constructive and Primitive for the mappings between
-     * ASN.1 data types and Ruby classes.
-     */
-    rb_attr(cASN1Data, rb_intern("value"), 1, 1, 0);
-    /*
-     * An Integer representing the tag number of this ASN1Data. Never +nil+.
-     */
-    rb_attr(cASN1Data, rb_intern("tag"), 1, 1, 0);
-    /*
-     * A Symbol representing the tag class of this ASN1Data. Never +nil+.
-     * See ASN1Data for possible values.
-     */
-    rb_attr(cASN1Data, rb_intern("tag_class"), 1, 1, 0);
-    /*
-     * Never +nil+. A boolean value indicating whether the encoding uses
-     * indefinite length (in the case of parsing) or whether an indefinite
-     * length form shall be used (in the encoding case).
-     * In DER, every value uses definite length form. But in scenarios where
-     * large amounts of data need to be transferred it might be desirable to
-     * have some kind of streaming support available.
-     * For example, huge OCTET STRINGs are preferably sent in smaller-sized
-     * chunks, each at a time.
-     * This is possible in BER by setting the length bytes of an encoding
-     * to zero and by this indicating that the following value will be
-     * sent in chunks. Indefinite length encodings are always constructed.
-     * The end of such a stream of chunks is indicated by sending a EOC
-     * (End of Content) tag. SETs and SEQUENCEs may use an indefinite length
-     * encoding, but also primitive types such as e.g. OCTET STRINGS or
-     * BIT STRINGS may leverage this functionality (cf. ITU-T X.690).
-     */
-    rb_attr(cASN1Data, rb_intern("indefinite_length"), 1, 1, 0);
-    rb_define_alias(cASN1Data, "infinite_length", "indefinite_length");
-    rb_define_alias(cASN1Data, "infinite_length=", "indefinite_length=");
-    rb_define_method(cASN1Data, "initialize", ossl_asn1data_initialize, 3);
     rb_define_method(cASN1Data, "to_der", ossl_asn1data_to_der, 0);
 
     /* Document-class: OpenSSL::ASN1::Primitive
@@ -1752,16 +1585,6 @@ Init_ossl_asn1(void)
      *   prim_zero_tagged_explicit = <class>.new(value, 0, :EXPLICIT)
      */
     cASN1Primitive = rb_define_class_under(mASN1, "Primitive", cASN1Data);
-    /*
-     * May be used as a hint for encoding a value either implicitly or
-     * explicitly by setting it either to +:IMPLICIT+ or to +:EXPLICIT+.
-     * _tagging_ is not set when a ASN.1 structure is parsed using
-     * OpenSSL::ASN1.decode.
-     */
-    rb_attr(cASN1Primitive, rb_intern("tagging"), 1, 1, Qtrue);
-    rb_undef_method(cASN1Primitive, "indefinite_length=");
-    rb_undef_method(cASN1Primitive, "infinite_length=");
-    rb_define_method(cASN1Primitive, "initialize", ossl_asn1_initialize, -1);
     rb_define_method(cASN1Primitive, "to_der", ossl_asn1prim_to_der, 0);
 
     /* Document-class: OpenSSL::ASN1::Constructive
@@ -1792,17 +1615,7 @@ Init_ossl_asn1(void)
      *   set = OpenSSL::ASN1::Set.new( [ int, str ] )
      */
     cASN1Constructive = rb_define_class_under(mASN1,"Constructive", cASN1Data);
-    rb_include_module(cASN1Constructive, rb_mEnumerable);
-    /*
-     * May be used as a hint for encoding a value either implicitly or
-     * explicitly by setting it either to +:IMPLICIT+ or to +:EXPLICIT+.
-     * _tagging_ is not set when a ASN.1 structure is parsed using
-     * OpenSSL::ASN1.decode.
-     */
-    rb_attr(cASN1Constructive, rb_intern("tagging"), 1, 1, Qtrue);
-    rb_define_method(cASN1Constructive, "initialize", ossl_asn1_initialize, -1);
     rb_define_method(cASN1Constructive, "to_der", ossl_asn1cons_to_der, 0);
-    rb_define_method(cASN1Constructive, "each", ossl_asn1cons_each, 0);
 
 #define OSSL_ASN1_DEFINE_CLASS(name, super) \
 do{\
@@ -1851,13 +1664,10 @@ do{\
     rb_define_alias(cASN1ObjectId, "short_name", "sn");
     rb_define_alias(cASN1ObjectId, "long_name", "ln");
     rb_define_method(cASN1ObjectId, "==", ossl_asn1obj_eq, 1);
-    rb_attr(cASN1BitString, rb_intern("unused_bits"), 1, 1, 0);
 
-    rb_define_method(cASN1EndOfContent, "initialize", ossl_asn1eoc_initialize, 0);
     rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
 
     class_tag_map = rb_hash_new();
-    rb_gc_register_mark_object(class_tag_map);
     rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
     rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
     rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
@@ -1881,6 +1691,5 @@ do{\
     rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
     rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
     rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
-
-    id_each = rb_intern_const("each");
+    rb_define_const(mASN1, "CLASS_TAG_MAP", class_tag_map);
 }

data/ext/openssl/ossl_asn1.h

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_ASN1_H_)
 #define _OSSL_ASN1_H_
@@ -38,24 +38,6 @@ extern VALUE mASN1;
 extern VALUE eASN1Error;
 
 extern VALUE cASN1Data;
-extern VALUE cASN1Primitive;
-extern VALUE cASN1Constructive;
-
-extern VALUE cASN1Boolean;                           /* BOOLEAN           */
-extern VALUE cASN1Integer, cASN1Enumerated;          /* INTEGER           */
-extern VALUE cASN1BitString;                         /* BIT STRING        */
-extern VALUE cASN1OctetString, cASN1UTF8String;      /* STRINGs           */
-extern VALUE cASN1NumericString, cASN1PrintableString;
-extern VALUE cASN1T61String, cASN1VideotexString;
-extern VALUE cASN1IA5String, cASN1GraphicString;
-extern VALUE cASN1ISO64String, cASN1GeneralString;
-extern VALUE cASN1UniversalString, cASN1BMPString;
-extern VALUE cASN1Null;                              /* NULL              */
-extern VALUE cASN1ObjectId;                          /* OBJECT IDENTIFIER */
-extern VALUE cASN1UTCTime, cASN1GeneralizedTime;     /* TIME              */
-extern VALUE cASN1Sequence, cASN1Set;                /* CONSTRUCTIVE      */
-
-ASN1_TYPE *ossl_asn1_get_asn1type(VALUE);
 
 void Init_ossl_asn1(void);
 

data/ext/openssl/ossl_bio.c

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 

data/ext/openssl/ossl_bio.h

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_BIO_H_)
 #define _OSSL_BIO_H_

data/ext/openssl/ossl_bn.c

@@ -5,15 +5,11 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 /* modified by Michal Rokos <m.rokos@sh.cvut.cz> */
 #include "ossl.h"
 
-#ifdef HAVE_RB_EXT_RACTOR_SAFE
-#include <ruby/ractor.h>
-#endif
-
 #define NewBN(klass) \
   TypedData_Wrap_Struct((klass), &ossl_bn_type, 0)
 #define SetBN(obj, bn) do { \
@@ -41,7 +37,7 @@ static const rb_data_type_t ossl_bn_type = {
     {
 	0, ossl_bn_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -53,7 +49,7 @@ VALUE cBN;
  *
  * Generic Error for all of OpenSSL::BN (big num)
  */
-VALUE eBNError;
+static VALUE eBNError;
 
 /*
  * Public
@@ -156,19 +152,19 @@ ossl_bn_value_ptr(volatile VALUE *ptr)
  */
 
 #ifdef HAVE_RB_EXT_RACTOR_SAFE
-void
+static void
 ossl_bn_ctx_free(void *ptr)
 {
     BN_CTX *ctx = (BN_CTX *)ptr;
     BN_CTX_free(ctx);
 }
 
-struct rb_ractor_local_storage_type ossl_bn_ctx_key_type = {
+static struct rb_ractor_local_storage_type ossl_bn_ctx_key_type = {
     NULL, // mark
     ossl_bn_ctx_free,
 };
 
-rb_ractor_local_key_t ossl_bn_ctx_key;
+static rb_ractor_local_key_t ossl_bn_ctx_key;
 
 BN_CTX *
 ossl_bn_ctx_get(void)
@@ -244,7 +240,7 @@ ossl_bn_alloc(VALUE klass)
  *     number.
  *   - +10+ - Decimal number representation, with a leading '-' for a negative
  *     number.
- *   - +16+ - Hexadeciaml number representation, with a leading '-' for a
+ *   - +16+ - Hexadecimal number representation, with a leading '-' for a
  *     negative number.
  */
 static VALUE
@@ -263,6 +259,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
         ossl_raise(rb_eArgError, "invalid argument");
     }
 
+    rb_check_frozen(self);
     if (RB_INTEGER_TYPE_P(str)) {
 	GetBN(self, bn);
 	integer_to_bnptr(str, bn);
@@ -326,7 +323,7 @@ ossl_bn_initialize(int argc, VALUE *argv, VALUE self)
  *     the bignum is ignored.
  *   - +10+ - Decimal number representation, with a leading '-' for a negative
  *     bignum.
- *   - +16+ - Hexadeciaml number representation, with a leading '-' for a
+ *   - +16+ - Hexadecimal number representation, with a leading '-' for a
  *     negative bignum.
  */
 static VALUE
@@ -693,6 +690,7 @@ BIGNUM_3c(mod_exp)
     ossl_bn_##func(VALUE self, VALUE bit)		\
     {							\
 	BIGNUM *bn;					\
+	rb_check_frozen(self);				\
 	GetBN(self, bn);				\
 	if (BN_##func(bn, NUM2INT(bit)) <= 0) {		\
 	    ossl_raise(eBNError, NULL);			\
@@ -782,6 +780,7 @@ BIGNUM_SHIFT(rshift)
     {							\
 	BIGNUM *bn;					\
 	int b;						\
+	rb_check_frozen(self);				\
 	b = NUM2INT(bits);				\
 	GetBN(self, bn);				\
 	if (BN_##func(bn, bn, b) <= 0)			\
@@ -1191,6 +1190,7 @@ ossl_bn_set_flags(VALUE self, VALUE arg)
     BIGNUM *bn;
     GetBN(self, bn);
 
+    rb_check_frozen(self);
     BN_set_flags(bn, NUM2INT(arg));
     return Qnil;
 }

data/ext/openssl/ossl_bn.h

@@ -5,13 +5,12 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_BN_H_)
 #define _OSSL_BN_H_
 
 extern VALUE cBN;
-extern VALUE eBNError;
 
 BN_CTX *ossl_bn_ctx_get(void);
 #define ossl_bn_ctx ossl_bn_ctx_get()

data/ext/openssl/ossl_cipher.c

@@ -5,7 +5,7 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #include "ossl.h"
 
@@ -30,8 +30,8 @@
 /*
  * Classes
  */
-VALUE cCipher;
-VALUE eCipherError;
+static VALUE cCipher;
+static VALUE eCipherError;
 static ID id_auth_tag_len, id_key_set;
 
 static VALUE ossl_cipher_alloc(VALUE klass);
@@ -457,8 +457,8 @@ ossl_cipher_final(VALUE self)
  *  call-seq:
  *     cipher.name -> string
  *
- *  Returns the name of the cipher which may differ slightly from the original
- *  name provided.
+ *  Returns the short name of the cipher which may differ slightly from the
+ *  original name provided.
  */
 static VALUE
 ossl_cipher_name(VALUE self)

data/ext/openssl/ossl_cipher.h

@@ -5,14 +5,11 @@
  */
 /*
  * This program is licensed under the same licence as Ruby.
- * (See the file 'LICENCE'.)
+ * (See the file 'COPYING'.)
  */
 #if !defined(_OSSL_CIPHER_H_)
 #define _OSSL_CIPHER_H_
 
-extern VALUE cCipher;
-extern VALUE eCipherError;
-
 const EVP_CIPHER *ossl_evp_get_cipherbyname(VALUE);
 VALUE ossl_cipher_new(const EVP_CIPHER *);
 void Init_ossl_cipher(void);