openssl 3.3.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +85 -0
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +30 -69
- data/ext/openssl/openssl_missing.h +0 -206
- data/ext/openssl/ossl.c +280 -301
- data/ext/openssl/ossl.h +15 -10
- data/ext/openssl/ossl_asn1.c +598 -406
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +252 -203
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +31 -37
- data/ext/openssl/ossl_ocsp.c +214 -241
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +175 -145
- data/ext/openssl/ossl_pkey.c +162 -178
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +31 -68
- data/ext/openssl/ossl_pkey_dsa.c +15 -54
- data/ext/openssl/ossl_pkey_ec.c +179 -237
- data/ext/openssl/ossl_pkey_rsa.c +56 -103
- data/ext/openssl/ossl_provider.c +0 -7
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +478 -353
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +81 -127
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509attr.c +33 -54
- data/ext/openssl/ossl_x509cert.c +69 -100
- data/ext/openssl/ossl_x509crl.c +78 -89
- data/ext/openssl/ossl_x509ext.c +45 -66
- data/ext/openssl/ossl_x509name.c +63 -88
- data/ext/openssl/ossl_x509req.c +55 -62
- data/ext/openssl/ossl_x509revoked.c +27 -41
- data/ext/openssl/ossl_x509store.c +38 -56
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +1 -3
- data/ext/openssl/openssl_missing.c +0 -40
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_ocsp.c
CHANGED
|
@@ -84,7 +84,7 @@ ossl_ocsp_request_free(void *ptr)
|
|
|
84
84
|
static const rb_data_type_t ossl_ocsp_request_type = {
|
|
85
85
|
"OpenSSL/OCSP/REQUEST",
|
|
86
86
|
{
|
|
87
|
-
|
|
87
|
+
0, ossl_ocsp_request_free,
|
|
88
88
|
},
|
|
89
89
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
90
90
|
};
|
|
@@ -98,7 +98,7 @@ ossl_ocsp_response_free(void *ptr)
|
|
|
98
98
|
static const rb_data_type_t ossl_ocsp_response_type = {
|
|
99
99
|
"OpenSSL/OCSP/RESPONSE",
|
|
100
100
|
{
|
|
101
|
-
|
|
101
|
+
0, ossl_ocsp_response_free,
|
|
102
102
|
},
|
|
103
103
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
104
104
|
};
|
|
@@ -112,7 +112,7 @@ ossl_ocsp_basicresp_free(void *ptr)
|
|
|
112
112
|
static const rb_data_type_t ossl_ocsp_basicresp_type = {
|
|
113
113
|
"OpenSSL/OCSP/BASICRESP",
|
|
114
114
|
{
|
|
115
|
-
|
|
115
|
+
0, ossl_ocsp_basicresp_free,
|
|
116
116
|
},
|
|
117
117
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
118
118
|
};
|
|
@@ -126,7 +126,7 @@ ossl_ocsp_singleresp_free(void *ptr)
|
|
|
126
126
|
static const rb_data_type_t ossl_ocsp_singleresp_type = {
|
|
127
127
|
"OpenSSL/OCSP/SINGLERESP",
|
|
128
128
|
{
|
|
129
|
-
|
|
129
|
+
0, ossl_ocsp_singleresp_free,
|
|
130
130
|
},
|
|
131
131
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
132
132
|
};
|
|
@@ -140,7 +140,7 @@ ossl_ocsp_certid_free(void *ptr)
|
|
|
140
140
|
static const rb_data_type_t ossl_ocsp_certid_type = {
|
|
141
141
|
"OpenSSL/OCSP/CERTID",
|
|
142
142
|
{
|
|
143
|
-
|
|
143
|
+
0, ossl_ocsp_certid_free,
|
|
144
144
|
},
|
|
145
145
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
146
146
|
};
|
|
@@ -149,10 +149,14 @@ static const rb_data_type_t ossl_ocsp_certid_type = {
|
|
|
149
149
|
* Public
|
|
150
150
|
*/
|
|
151
151
|
static VALUE
|
|
152
|
-
|
|
152
|
+
ossl_ocspcid_new(const OCSP_CERTID *cid)
|
|
153
153
|
{
|
|
154
154
|
VALUE obj = NewOCSPCertId(cOCSPCertId);
|
|
155
|
-
|
|
155
|
+
/* OpenSSL 1.1.1 takes a non-const pointer */
|
|
156
|
+
OCSP_CERTID *cid_new = OCSP_CERTID_dup((OCSP_CERTID *)cid);
|
|
157
|
+
if (!cid_new)
|
|
158
|
+
ossl_raise(eOCSPError, "OCSP_CERTID_dup");
|
|
159
|
+
SetOCSPCertId(obj, cid_new);
|
|
156
160
|
return obj;
|
|
157
161
|
}
|
|
158
162
|
|
|
@@ -167,12 +171,13 @@ ossl_ocspreq_alloc(VALUE klass)
|
|
|
167
171
|
|
|
168
172
|
obj = NewOCSPReq(klass);
|
|
169
173
|
if (!(req = OCSP_REQUEST_new()))
|
|
170
|
-
|
|
174
|
+
ossl_raise(eOCSPError, NULL);
|
|
171
175
|
SetOCSPReq(obj, req);
|
|
172
176
|
|
|
173
177
|
return obj;
|
|
174
178
|
}
|
|
175
179
|
|
|
180
|
+
/* :nodoc: */
|
|
176
181
|
static VALUE
|
|
177
182
|
ossl_ocspreq_initialize_copy(VALUE self, VALUE other)
|
|
178
183
|
{
|
|
@@ -184,7 +189,7 @@ ossl_ocspreq_initialize_copy(VALUE self, VALUE other)
|
|
|
184
189
|
|
|
185
190
|
req_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_REQUEST), req);
|
|
186
191
|
if (!req_new)
|
|
187
|
-
|
|
192
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
188
193
|
|
|
189
194
|
SetOCSPReq(self, req_new);
|
|
190
195
|
OCSP_REQUEST_free(req_old);
|
|
@@ -210,15 +215,15 @@ ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
210
215
|
|
|
211
216
|
rb_scan_args(argc, argv, "01", &arg);
|
|
212
217
|
if(!NIL_P(arg)){
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
218
|
+
GetOCSPReq(self, req);
|
|
219
|
+
arg = ossl_to_der_if_possible(arg);
|
|
220
|
+
StringValue(arg);
|
|
221
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
222
|
+
req_new = d2i_OCSP_REQUEST(NULL, &p, RSTRING_LEN(arg));
|
|
223
|
+
if (!req_new)
|
|
224
|
+
ossl_raise(eOCSPError, "d2i_OCSP_REQUEST");
|
|
225
|
+
SetOCSPReq(self, req_new);
|
|
226
|
+
OCSP_REQUEST_free(req);
|
|
222
227
|
}
|
|
223
228
|
|
|
224
229
|
return self;
|
|
@@ -244,13 +249,13 @@ ossl_ocspreq_add_nonce(int argc, VALUE *argv, VALUE self)
|
|
|
244
249
|
|
|
245
250
|
rb_scan_args(argc, argv, "01", &val);
|
|
246
251
|
if(NIL_P(val)) {
|
|
247
|
-
|
|
248
|
-
|
|
252
|
+
GetOCSPReq(self, req);
|
|
253
|
+
ret = OCSP_request_add1_nonce(req, NULL, -1);
|
|
249
254
|
}
|
|
250
255
|
else{
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
256
|
+
StringValue(val);
|
|
257
|
+
GetOCSPReq(self, req);
|
|
258
|
+
ret = OCSP_request_add1_nonce(req, (unsigned char *)RSTRING_PTR(val), RSTRING_LENINT(val));
|
|
254
259
|
}
|
|
255
260
|
if(!ret) ossl_raise(eOCSPError, NULL);
|
|
256
261
|
|
|
@@ -307,10 +312,10 @@ ossl_ocspreq_add_certid(VALUE self, VALUE certid)
|
|
|
307
312
|
GetOCSPCertId(certid, id);
|
|
308
313
|
|
|
309
314
|
if (!(id_new = OCSP_CERTID_dup(id)))
|
|
310
|
-
|
|
315
|
+
ossl_raise(eOCSPError, "OCSP_CERTID_dup");
|
|
311
316
|
if (!OCSP_request_add0_id(req, id_new)) {
|
|
312
|
-
|
|
313
|
-
|
|
317
|
+
OCSP_CERTID_free(id_new);
|
|
318
|
+
ossl_raise(eOCSPError, "OCSP_request_add0_id");
|
|
314
319
|
}
|
|
315
320
|
|
|
316
321
|
return self;
|
|
@@ -327,21 +332,19 @@ static VALUE
|
|
|
327
332
|
ossl_ocspreq_get_certid(VALUE self)
|
|
328
333
|
{
|
|
329
334
|
OCSP_REQUEST *req;
|
|
330
|
-
OCSP_ONEREQ *one;
|
|
331
|
-
OCSP_CERTID *id;
|
|
332
|
-
VALUE ary, tmp;
|
|
333
|
-
int i, count;
|
|
334
335
|
|
|
335
336
|
GetOCSPReq(self, req);
|
|
336
|
-
count = OCSP_request_onereq_count(req);
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
337
|
+
int count = OCSP_request_onereq_count(req);
|
|
338
|
+
if (count < 0)
|
|
339
|
+
ossl_raise(eOCSPError, "OCSP_request_onereq_count");
|
|
340
|
+
if (count == 0)
|
|
341
|
+
return Qnil;
|
|
342
|
+
|
|
343
|
+
VALUE ary = rb_ary_new_capa(count);
|
|
344
|
+
for (int i = 0; i < count; i++) {
|
|
345
|
+
OCSP_ONEREQ *one = OCSP_request_onereq_get0(req, i);
|
|
346
|
+
OCSP_CERTID *cid = OCSP_onereq_get0_id(one);
|
|
347
|
+
rb_ary_push(ary, ossl_ocspcid_new(cid));
|
|
345
348
|
}
|
|
346
349
|
|
|
347
350
|
return ary;
|
|
@@ -366,7 +369,7 @@ ossl_ocspreq_get_certid(VALUE self)
|
|
|
366
369
|
static VALUE
|
|
367
370
|
ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
|
|
368
371
|
{
|
|
369
|
-
VALUE signer_cert, signer_key, certs, flags, digest;
|
|
372
|
+
VALUE signer_cert, signer_key, certs, flags, digest, md_holder;
|
|
370
373
|
OCSP_REQUEST *req;
|
|
371
374
|
X509 *signer;
|
|
372
375
|
EVP_PKEY *key;
|
|
@@ -380,19 +383,17 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
|
|
|
380
383
|
signer = GetX509CertPtr(signer_cert);
|
|
381
384
|
key = GetPrivPKeyPtr(signer_key);
|
|
382
385
|
if (!NIL_P(flags))
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
md = NULL;
|
|
386
|
-
else
|
|
387
|
-
md = ossl_evp_get_digestbyname(digest);
|
|
386
|
+
flg = NUM2INT(flags);
|
|
387
|
+
md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
|
|
388
388
|
if (NIL_P(certs))
|
|
389
|
-
|
|
389
|
+
flg |= OCSP_NOCERTS;
|
|
390
390
|
else
|
|
391
|
-
|
|
391
|
+
x509s = ossl_x509_ary2sk(certs);
|
|
392
392
|
|
|
393
393
|
ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
|
|
394
394
|
sk_X509_pop_free(x509s, X509_free);
|
|
395
|
-
if (!ret)
|
|
395
|
+
if (!ret)
|
|
396
|
+
ossl_raise(eOCSPError, "OCSP_request_sign");
|
|
396
397
|
|
|
397
398
|
return self;
|
|
398
399
|
}
|
|
@@ -426,7 +427,7 @@ ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self)
|
|
|
426
427
|
result = OCSP_request_verify(req, x509s, x509st, flg);
|
|
427
428
|
sk_X509_pop_free(x509s, X509_free);
|
|
428
429
|
if (result <= 0)
|
|
429
|
-
|
|
430
|
+
ossl_clear_error();
|
|
430
431
|
|
|
431
432
|
return result > 0 ? Qtrue : Qfalse;
|
|
432
433
|
}
|
|
@@ -445,11 +446,11 @@ ossl_ocspreq_to_der(VALUE self)
|
|
|
445
446
|
|
|
446
447
|
GetOCSPReq(self, req);
|
|
447
448
|
if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0)
|
|
448
|
-
|
|
449
|
+
ossl_raise(eOCSPError, NULL);
|
|
449
450
|
str = rb_str_new(0, len);
|
|
450
451
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
451
452
|
if(i2d_OCSP_REQUEST(req, &p) <= 0)
|
|
452
|
-
|
|
453
|
+
ossl_raise(eOCSPError, NULL);
|
|
453
454
|
ossl_str_adjust(str, p);
|
|
454
455
|
|
|
455
456
|
return str;
|
|
@@ -493,7 +494,7 @@ ossl_ocspres_s_create(VALUE klass, VALUE status, VALUE basic_resp)
|
|
|
493
494
|
else GetOCSPBasicRes(basic_resp, bs); /* NO NEED TO DUP */
|
|
494
495
|
obj = NewOCSPRes(klass);
|
|
495
496
|
if(!(res = OCSP_response_create(st, bs)))
|
|
496
|
-
|
|
497
|
+
ossl_raise(eOCSPError, NULL);
|
|
497
498
|
SetOCSPRes(obj, res);
|
|
498
499
|
|
|
499
500
|
return obj;
|
|
@@ -507,12 +508,13 @@ ossl_ocspres_alloc(VALUE klass)
|
|
|
507
508
|
|
|
508
509
|
obj = NewOCSPRes(klass);
|
|
509
510
|
if(!(res = OCSP_RESPONSE_new()))
|
|
510
|
-
|
|
511
|
+
ossl_raise(eOCSPError, NULL);
|
|
511
512
|
SetOCSPRes(obj, res);
|
|
512
513
|
|
|
513
514
|
return obj;
|
|
514
515
|
}
|
|
515
516
|
|
|
517
|
+
/* :nodoc: */
|
|
516
518
|
static VALUE
|
|
517
519
|
ossl_ocspres_initialize_copy(VALUE self, VALUE other)
|
|
518
520
|
{
|
|
@@ -524,7 +526,7 @@ ossl_ocspres_initialize_copy(VALUE self, VALUE other)
|
|
|
524
526
|
|
|
525
527
|
res_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_RESPONSE), res);
|
|
526
528
|
if (!res_new)
|
|
527
|
-
|
|
529
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
528
530
|
|
|
529
531
|
SetOCSPRes(self, res_new);
|
|
530
532
|
OCSP_RESPONSE_free(res_old);
|
|
@@ -550,15 +552,15 @@ ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
550
552
|
|
|
551
553
|
rb_scan_args(argc, argv, "01", &arg);
|
|
552
554
|
if(!NIL_P(arg)){
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
555
|
+
GetOCSPRes(self, res);
|
|
556
|
+
arg = ossl_to_der_if_possible(arg);
|
|
557
|
+
StringValue(arg);
|
|
558
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
559
|
+
res_new = d2i_OCSP_RESPONSE(NULL, &p, RSTRING_LEN(arg));
|
|
560
|
+
if (!res_new)
|
|
561
|
+
ossl_raise(eOCSPError, "d2i_OCSP_RESPONSE");
|
|
562
|
+
SetOCSPRes(self, res_new);
|
|
563
|
+
OCSP_RESPONSE_free(res);
|
|
562
564
|
}
|
|
563
565
|
|
|
564
566
|
return self;
|
|
@@ -619,7 +621,7 @@ ossl_ocspres_get_basic(VALUE self)
|
|
|
619
621
|
GetOCSPRes(self, res);
|
|
620
622
|
ret = NewOCSPBasicRes(cOCSPBasicRes);
|
|
621
623
|
if(!(bs = OCSP_response_get1_basic(res)))
|
|
622
|
-
|
|
624
|
+
return Qnil;
|
|
623
625
|
SetOCSPBasicRes(ret, bs);
|
|
624
626
|
|
|
625
627
|
return ret;
|
|
@@ -642,11 +644,11 @@ ossl_ocspres_to_der(VALUE self)
|
|
|
642
644
|
|
|
643
645
|
GetOCSPRes(self, res);
|
|
644
646
|
if((len = i2d_OCSP_RESPONSE(res, NULL)) <= 0)
|
|
645
|
-
|
|
647
|
+
ossl_raise(eOCSPError, NULL);
|
|
646
648
|
str = rb_str_new(0, len);
|
|
647
649
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
648
650
|
if(i2d_OCSP_RESPONSE(res, &p) <= 0)
|
|
649
|
-
|
|
651
|
+
ossl_raise(eOCSPError, NULL);
|
|
650
652
|
ossl_str_adjust(str, p);
|
|
651
653
|
|
|
652
654
|
return str;
|
|
@@ -663,12 +665,13 @@ ossl_ocspbres_alloc(VALUE klass)
|
|
|
663
665
|
|
|
664
666
|
obj = NewOCSPBasicRes(klass);
|
|
665
667
|
if(!(bs = OCSP_BASICRESP_new()))
|
|
666
|
-
|
|
668
|
+
ossl_raise(eOCSPError, NULL);
|
|
667
669
|
SetOCSPBasicRes(obj, bs);
|
|
668
670
|
|
|
669
671
|
return obj;
|
|
670
672
|
}
|
|
671
673
|
|
|
674
|
+
/* :nodoc: */
|
|
672
675
|
static VALUE
|
|
673
676
|
ossl_ocspbres_initialize_copy(VALUE self, VALUE other)
|
|
674
677
|
{
|
|
@@ -680,7 +683,7 @@ ossl_ocspbres_initialize_copy(VALUE self, VALUE other)
|
|
|
680
683
|
|
|
681
684
|
bs_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs);
|
|
682
685
|
if (!bs_new)
|
|
683
|
-
|
|
686
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
684
687
|
|
|
685
688
|
SetOCSPBasicRes(self, bs_new);
|
|
686
689
|
OCSP_BASICRESP_free(bs_old);
|
|
@@ -705,15 +708,15 @@ ossl_ocspbres_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
705
708
|
|
|
706
709
|
rb_scan_args(argc, argv, "01", &arg);
|
|
707
710
|
if (!NIL_P(arg)) {
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
711
|
+
GetOCSPBasicRes(self, res);
|
|
712
|
+
arg = ossl_to_der_if_possible(arg);
|
|
713
|
+
StringValue(arg);
|
|
714
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
715
|
+
res_new = d2i_OCSP_BASICRESP(NULL, &p, RSTRING_LEN(arg));
|
|
716
|
+
if (!res_new)
|
|
717
|
+
ossl_raise(eOCSPError, "d2i_OCSP_BASICRESP");
|
|
718
|
+
SetOCSPBasicRes(self, res_new);
|
|
719
|
+
OCSP_BASICRESP_free(res);
|
|
717
720
|
}
|
|
718
721
|
|
|
719
722
|
return self;
|
|
@@ -758,13 +761,13 @@ ossl_ocspbres_add_nonce(int argc, VALUE *argv, VALUE self)
|
|
|
758
761
|
|
|
759
762
|
rb_scan_args(argc, argv, "01", &val);
|
|
760
763
|
if(NIL_P(val)) {
|
|
761
|
-
|
|
762
|
-
|
|
764
|
+
GetOCSPBasicRes(self, bs);
|
|
765
|
+
ret = OCSP_basic_add1_nonce(bs, NULL, -1);
|
|
763
766
|
}
|
|
764
767
|
else{
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
+
StringValue(val);
|
|
769
|
+
GetOCSPBasicRes(self, bs);
|
|
770
|
+
ret = OCSP_basic_add1_nonce(bs, (unsigned char *)RSTRING_PTR(val), RSTRING_LENINT(val));
|
|
768
771
|
}
|
|
769
772
|
if(!ret) ossl_raise(eOCSPError, NULL);
|
|
770
773
|
|
|
@@ -777,12 +780,12 @@ add_status_convert_time(VALUE obj)
|
|
|
777
780
|
ASN1_TIME *time;
|
|
778
781
|
|
|
779
782
|
if (RB_INTEGER_TYPE_P(obj))
|
|
780
|
-
|
|
783
|
+
time = X509_gmtime_adj(NULL, NUM2INT(obj));
|
|
781
784
|
else
|
|
782
|
-
|
|
785
|
+
time = ossl_x509_time_adjust(NULL, obj);
|
|
783
786
|
|
|
784
787
|
if (!time)
|
|
785
|
-
|
|
788
|
+
ossl_raise(eOCSPError, NULL);
|
|
786
789
|
|
|
787
790
|
return (VALUE)time;
|
|
788
791
|
}
|
|
@@ -816,8 +819,8 @@ add_status_convert_time(VALUE obj)
|
|
|
816
819
|
*/
|
|
817
820
|
static VALUE
|
|
818
821
|
ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
|
|
819
|
-
|
|
820
|
-
|
|
822
|
+
VALUE reason, VALUE revtime,
|
|
823
|
+
VALUE thisupd, VALUE nextupd, VALUE ext)
|
|
821
824
|
{
|
|
822
825
|
OCSP_BASICRESP *bs;
|
|
823
826
|
OCSP_SINGLERESP *single;
|
|
@@ -831,16 +834,16 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
|
|
|
831
834
|
GetOCSPCertId(cid, id);
|
|
832
835
|
st = NUM2INT(status);
|
|
833
836
|
if (!NIL_P(ext)) { /* All ext's members must be X509::Extension */
|
|
834
|
-
|
|
835
|
-
|
|
836
|
-
|
|
837
|
+
ext = rb_check_array_type(ext);
|
|
838
|
+
for (i = 0; i < RARRAY_LEN(ext); i++)
|
|
839
|
+
OSSL_Check_Kind(RARRAY_AREF(ext, i), cX509Ext);
|
|
837
840
|
}
|
|
838
841
|
|
|
839
842
|
if (st == V_OCSP_CERTSTATUS_REVOKED) {
|
|
840
|
-
|
|
841
|
-
|
|
842
|
-
|
|
843
|
-
|
|
843
|
+
rsn = NUM2INT(reason);
|
|
844
|
+
tmp = rb_protect(add_status_convert_time, revtime, &rstatus);
|
|
845
|
+
if (rstatus) goto err;
|
|
846
|
+
rev = (ASN1_TIME *)tmp;
|
|
844
847
|
}
|
|
845
848
|
|
|
846
849
|
tmp = rb_protect(add_status_convert_time, thisupd, &rstatus);
|
|
@@ -848,29 +851,29 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
|
|
|
848
851
|
ths = (ASN1_TIME *)tmp;
|
|
849
852
|
|
|
850
853
|
if (!NIL_P(nextupd)) {
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
|
|
854
|
+
tmp = rb_protect(add_status_convert_time, nextupd, &rstatus);
|
|
855
|
+
if (rstatus) goto err;
|
|
856
|
+
nxt = (ASN1_TIME *)tmp;
|
|
854
857
|
}
|
|
855
858
|
|
|
856
859
|
if(!(single = OCSP_basic_add1_status(bs, id, st, rsn, rev, ths, nxt))){
|
|
857
|
-
|
|
858
|
-
|
|
860
|
+
error = 1;
|
|
861
|
+
goto err;
|
|
859
862
|
}
|
|
860
863
|
|
|
861
864
|
if(!NIL_P(ext)){
|
|
862
|
-
|
|
863
|
-
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
867
|
-
|
|
868
|
-
|
|
869
|
-
|
|
870
|
-
|
|
865
|
+
X509_EXTENSION *x509ext;
|
|
866
|
+
|
|
867
|
+
for(i = 0; i < RARRAY_LEN(ext); i++){
|
|
868
|
+
x509ext = GetX509ExtPtr(RARRAY_AREF(ext, i));
|
|
869
|
+
if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
|
|
870
|
+
error = 1;
|
|
871
|
+
goto err;
|
|
872
|
+
}
|
|
873
|
+
}
|
|
871
874
|
}
|
|
872
875
|
|
|
873
|
-
|
|
876
|
+
err:
|
|
874
877
|
ASN1_TIME_free(ths);
|
|
875
878
|
ASN1_TIME_free(nxt);
|
|
876
879
|
ASN1_TIME_free(rev);
|
|
@@ -896,48 +899,40 @@ static VALUE
|
|
|
896
899
|
ossl_ocspbres_get_status(VALUE self)
|
|
897
900
|
{
|
|
898
901
|
OCSP_BASICRESP *bs;
|
|
899
|
-
OCSP_SINGLERESP *single;
|
|
900
|
-
OCSP_CERTID *cid;
|
|
901
|
-
ASN1_TIME *revtime, *thisupd, *nextupd;
|
|
902
|
-
int status, reason;
|
|
903
|
-
X509_EXTENSION *x509ext;
|
|
904
|
-
VALUE ret, ary, ext;
|
|
905
|
-
int count, ext_count, i, j;
|
|
906
902
|
|
|
907
903
|
GetOCSPBasicRes(self, bs);
|
|
908
|
-
ret = rb_ary_new();
|
|
909
|
-
count = OCSP_resp_count(bs);
|
|
910
|
-
for(i = 0; i < count; i++){
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
|
|
914
|
-
|
|
915
|
-
|
|
916
|
-
|
|
917
|
-
|
|
918
|
-
|
|
919
|
-
|
|
920
|
-
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
|
|
928
|
-
|
|
929
|
-
|
|
930
|
-
|
|
931
|
-
|
|
932
|
-
|
|
933
|
-
|
|
934
|
-
rb_ary_push(ret, ary);
|
|
904
|
+
VALUE ret = rb_ary_new();
|
|
905
|
+
int count = OCSP_resp_count(bs);
|
|
906
|
+
for (int i = 0; i < count; i++) {
|
|
907
|
+
OCSP_SINGLERESP *single = OCSP_resp_get0(bs, i);
|
|
908
|
+
ASN1_TIME *revtime, *thisupd, *nextupd;
|
|
909
|
+
int reason;
|
|
910
|
+
|
|
911
|
+
int status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd);
|
|
912
|
+
if (status < 0)
|
|
913
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
914
|
+
|
|
915
|
+
VALUE ary = rb_ary_new();
|
|
916
|
+
rb_ary_push(ary, ossl_ocspcid_new(OCSP_SINGLERESP_get0_id(single)));
|
|
917
|
+
rb_ary_push(ary, INT2NUM(status));
|
|
918
|
+
rb_ary_push(ary, INT2NUM(reason));
|
|
919
|
+
rb_ary_push(ary, revtime ? asn1time_to_time(revtime) : Qnil);
|
|
920
|
+
rb_ary_push(ary, thisupd ? asn1time_to_time(thisupd) : Qnil);
|
|
921
|
+
rb_ary_push(ary, nextupd ? asn1time_to_time(nextupd) : Qnil);
|
|
922
|
+
VALUE ext = rb_ary_new();
|
|
923
|
+
int ext_count = OCSP_SINGLERESP_get_ext_count(single);
|
|
924
|
+
for (int j = 0; j < ext_count; j++) {
|
|
925
|
+
X509_EXTENSION *x509ext = OCSP_SINGLERESP_get_ext(single, j);
|
|
926
|
+
rb_ary_push(ext, ossl_x509ext_new(x509ext));
|
|
927
|
+
}
|
|
928
|
+
rb_ary_push(ary, ext);
|
|
929
|
+
rb_ary_push(ret, ary);
|
|
935
930
|
}
|
|
936
931
|
|
|
937
932
|
return ret;
|
|
938
933
|
}
|
|
939
934
|
|
|
940
|
-
static VALUE ossl_ocspsres_new(OCSP_SINGLERESP *);
|
|
935
|
+
static VALUE ossl_ocspsres_new(const OCSP_SINGLERESP *);
|
|
941
936
|
|
|
942
937
|
/*
|
|
943
938
|
* call-seq:
|
|
@@ -955,17 +950,10 @@ ossl_ocspbres_get_responses(VALUE self)
|
|
|
955
950
|
|
|
956
951
|
GetOCSPBasicRes(self, bs);
|
|
957
952
|
count = OCSP_resp_count(bs);
|
|
958
|
-
ret =
|
|
953
|
+
ret = rb_ary_new_capa(count);
|
|
959
954
|
|
|
960
955
|
for (i = 0; i < count; i++) {
|
|
961
|
-
|
|
962
|
-
|
|
963
|
-
sres = OCSP_resp_get0(bs, i);
|
|
964
|
-
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
|
|
965
|
-
if (!sres_new)
|
|
966
|
-
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
967
|
-
|
|
968
|
-
rb_ary_push(ret, ossl_ocspsres_new(sres_new));
|
|
956
|
+
rb_ary_push(ret, ossl_ocspsres_new(OCSP_resp_get0(bs, i)));
|
|
969
957
|
}
|
|
970
958
|
|
|
971
959
|
return ret;
|
|
@@ -983,7 +971,6 @@ static VALUE
|
|
|
983
971
|
ossl_ocspbres_find_response(VALUE self, VALUE target)
|
|
984
972
|
{
|
|
985
973
|
OCSP_BASICRESP *bs;
|
|
986
|
-
OCSP_SINGLERESP *sres, *sres_new;
|
|
987
974
|
OCSP_CERTID *id;
|
|
988
975
|
int n;
|
|
989
976
|
|
|
@@ -991,14 +978,8 @@ ossl_ocspbres_find_response(VALUE self, VALUE target)
|
|
|
991
978
|
GetOCSPBasicRes(self, bs);
|
|
992
979
|
|
|
993
980
|
if ((n = OCSP_resp_find(bs, id, -1)) == -1)
|
|
994
|
-
|
|
995
|
-
|
|
996
|
-
sres = OCSP_resp_get0(bs, n);
|
|
997
|
-
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
|
|
998
|
-
if (!sres_new)
|
|
999
|
-
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
1000
|
-
|
|
1001
|
-
return ossl_ocspsres_new(sres_new);
|
|
981
|
+
return Qnil;
|
|
982
|
+
return ossl_ocspsres_new(OCSP_resp_get0(bs, n));
|
|
1002
983
|
}
|
|
1003
984
|
|
|
1004
985
|
/*
|
|
@@ -1017,7 +998,7 @@ ossl_ocspbres_find_response(VALUE self, VALUE target)
|
|
|
1017
998
|
static VALUE
|
|
1018
999
|
ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
|
|
1019
1000
|
{
|
|
1020
|
-
VALUE signer_cert, signer_key, certs, flags, digest;
|
|
1001
|
+
VALUE signer_cert, signer_key, certs, flags, digest, md_holder;
|
|
1021
1002
|
OCSP_BASICRESP *bs;
|
|
1022
1003
|
X509 *signer;
|
|
1023
1004
|
EVP_PKEY *key;
|
|
@@ -1031,19 +1012,17 @@ ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
|
|
|
1031
1012
|
signer = GetX509CertPtr(signer_cert);
|
|
1032
1013
|
key = GetPrivPKeyPtr(signer_key);
|
|
1033
1014
|
if (!NIL_P(flags))
|
|
1034
|
-
|
|
1035
|
-
|
|
1036
|
-
md = NULL;
|
|
1037
|
-
else
|
|
1038
|
-
md = ossl_evp_get_digestbyname(digest);
|
|
1015
|
+
flg = NUM2INT(flags);
|
|
1016
|
+
md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
|
|
1039
1017
|
if (NIL_P(certs))
|
|
1040
|
-
|
|
1018
|
+
flg |= OCSP_NOCERTS;
|
|
1041
1019
|
else
|
|
1042
|
-
|
|
1020
|
+
x509s = ossl_x509_ary2sk(certs);
|
|
1043
1021
|
|
|
1044
1022
|
ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
|
|
1045
1023
|
sk_X509_pop_free(x509s, X509_free);
|
|
1046
|
-
if (!ret)
|
|
1024
|
+
if (!ret)
|
|
1025
|
+
ossl_raise(eOCSPError, "OCSP_basic_sign");
|
|
1047
1026
|
|
|
1048
1027
|
return self;
|
|
1049
1028
|
}
|
|
@@ -1072,7 +1051,7 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
|
|
|
1072
1051
|
result = OCSP_basic_verify(bs, x509s, x509st, flg);
|
|
1073
1052
|
sk_X509_pop_free(x509s, X509_free);
|
|
1074
1053
|
if (result <= 0)
|
|
1075
|
-
|
|
1054
|
+
ossl_clear_error();
|
|
1076
1055
|
|
|
1077
1056
|
return result > 0 ? Qtrue : Qfalse;
|
|
1078
1057
|
}
|
|
@@ -1093,11 +1072,11 @@ ossl_ocspbres_to_der(VALUE self)
|
|
|
1093
1072
|
|
|
1094
1073
|
GetOCSPBasicRes(self, res);
|
|
1095
1074
|
if ((len = i2d_OCSP_BASICRESP(res, NULL)) <= 0)
|
|
1096
|
-
|
|
1075
|
+
ossl_raise(eOCSPError, NULL);
|
|
1097
1076
|
str = rb_str_new(0, len);
|
|
1098
1077
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
1099
1078
|
if (i2d_OCSP_BASICRESP(res, &p) <= 0)
|
|
1100
|
-
|
|
1079
|
+
ossl_raise(eOCSPError, NULL);
|
|
1101
1080
|
ossl_str_adjust(str, p);
|
|
1102
1081
|
|
|
1103
1082
|
return str;
|
|
@@ -1107,12 +1086,18 @@ ossl_ocspbres_to_der(VALUE self)
|
|
|
1107
1086
|
* OCSP::SingleResponse
|
|
1108
1087
|
*/
|
|
1109
1088
|
static VALUE
|
|
1110
|
-
ossl_ocspsres_new(OCSP_SINGLERESP *sres)
|
|
1089
|
+
ossl_ocspsres_new(const OCSP_SINGLERESP *sres)
|
|
1111
1090
|
{
|
|
1112
1091
|
VALUE obj;
|
|
1092
|
+
OCSP_SINGLERESP *sres_new;
|
|
1113
1093
|
|
|
1114
1094
|
obj = NewOCSPSingleRes(cOCSPSingleRes);
|
|
1115
|
-
|
|
1095
|
+
/* OpenSSL 1.1.1 takes a non-const pointer */
|
|
1096
|
+
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP),
|
|
1097
|
+
(OCSP_SINGLERESP *)sres);
|
|
1098
|
+
if (!sres_new)
|
|
1099
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
1100
|
+
SetOCSPSingleRes(obj, sres_new);
|
|
1116
1101
|
|
|
1117
1102
|
return obj;
|
|
1118
1103
|
}
|
|
@@ -1125,7 +1110,7 @@ ossl_ocspsres_alloc(VALUE klass)
|
|
|
1125
1110
|
|
|
1126
1111
|
obj = NewOCSPSingleRes(klass);
|
|
1127
1112
|
if (!(sres = OCSP_SINGLERESP_new()))
|
|
1128
|
-
|
|
1113
|
+
ossl_raise(eOCSPError, NULL);
|
|
1129
1114
|
SetOCSPSingleRes(obj, sres);
|
|
1130
1115
|
|
|
1131
1116
|
return obj;
|
|
@@ -1150,13 +1135,14 @@ ossl_ocspsres_initialize(VALUE self, VALUE arg)
|
|
|
1150
1135
|
p = (unsigned char*)RSTRING_PTR(arg);
|
|
1151
1136
|
res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg));
|
|
1152
1137
|
if (!res_new)
|
|
1153
|
-
|
|
1138
|
+
ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP");
|
|
1154
1139
|
SetOCSPSingleRes(self, res_new);
|
|
1155
1140
|
OCSP_SINGLERESP_free(res);
|
|
1156
1141
|
|
|
1157
1142
|
return self;
|
|
1158
1143
|
}
|
|
1159
1144
|
|
|
1145
|
+
/* :nodoc: */
|
|
1160
1146
|
static VALUE
|
|
1161
1147
|
ossl_ocspsres_initialize_copy(VALUE self, VALUE other)
|
|
1162
1148
|
{
|
|
@@ -1168,7 +1154,7 @@ ossl_ocspsres_initialize_copy(VALUE self, VALUE other)
|
|
|
1168
1154
|
|
|
1169
1155
|
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
|
|
1170
1156
|
if (!sres_new)
|
|
1171
|
-
|
|
1157
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
1172
1158
|
|
|
1173
1159
|
SetOCSPSingleRes(self, sres_new);
|
|
1174
1160
|
OCSP_SINGLERESP_free(sres_old);
|
|
@@ -1207,15 +1193,15 @@ ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self)
|
|
|
1207
1193
|
GetOCSPSingleRes(self, sres);
|
|
1208
1194
|
status = OCSP_single_get0_status(sres, NULL, NULL, &this_update, &next_update);
|
|
1209
1195
|
if (status < 0)
|
|
1210
|
-
|
|
1196
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1211
1197
|
|
|
1212
1198
|
ret = OCSP_check_validity(this_update, next_update, nsec, maxsec);
|
|
1213
1199
|
|
|
1214
1200
|
if (ret)
|
|
1215
|
-
|
|
1201
|
+
return Qtrue;
|
|
1216
1202
|
else {
|
|
1217
|
-
|
|
1218
|
-
|
|
1203
|
+
ossl_clear_error();
|
|
1204
|
+
return Qfalse;
|
|
1219
1205
|
}
|
|
1220
1206
|
}
|
|
1221
1207
|
|
|
@@ -1229,12 +1215,9 @@ static VALUE
|
|
|
1229
1215
|
ossl_ocspsres_get_certid(VALUE self)
|
|
1230
1216
|
{
|
|
1231
1217
|
OCSP_SINGLERESP *sres;
|
|
1232
|
-
OCSP_CERTID *id;
|
|
1233
1218
|
|
|
1234
1219
|
GetOCSPSingleRes(self, sres);
|
|
1235
|
-
|
|
1236
|
-
|
|
1237
|
-
return ossl_ocspcertid_new(id);
|
|
1220
|
+
return ossl_ocspcid_new(OCSP_SINGLERESP_get0_id(sres));
|
|
1238
1221
|
}
|
|
1239
1222
|
|
|
1240
1223
|
/*
|
|
@@ -1260,7 +1243,7 @@ ossl_ocspsres_get_cert_status(VALUE self)
|
|
|
1260
1243
|
GetOCSPSingleRes(self, sres);
|
|
1261
1244
|
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, NULL);
|
|
1262
1245
|
if (status < 0)
|
|
1263
|
-
|
|
1246
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1264
1247
|
|
|
1265
1248
|
return INT2NUM(status);
|
|
1266
1249
|
}
|
|
@@ -1279,9 +1262,9 @@ ossl_ocspsres_get_this_update(VALUE self)
|
|
|
1279
1262
|
GetOCSPSingleRes(self, sres);
|
|
1280
1263
|
status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL);
|
|
1281
1264
|
if (status < 0)
|
|
1282
|
-
|
|
1265
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1283
1266
|
if (!time)
|
|
1284
|
-
|
|
1267
|
+
return Qnil;
|
|
1285
1268
|
|
|
1286
1269
|
return asn1time_to_time(time);
|
|
1287
1270
|
}
|
|
@@ -1300,9 +1283,9 @@ ossl_ocspsres_get_next_update(VALUE self)
|
|
|
1300
1283
|
GetOCSPSingleRes(self, sres);
|
|
1301
1284
|
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time);
|
|
1302
1285
|
if (status < 0)
|
|
1303
|
-
|
|
1286
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1304
1287
|
if (!time)
|
|
1305
|
-
|
|
1288
|
+
return Qnil;
|
|
1306
1289
|
|
|
1307
1290
|
return asn1time_to_time(time);
|
|
1308
1291
|
}
|
|
@@ -1321,11 +1304,11 @@ ossl_ocspsres_get_revocation_time(VALUE self)
|
|
|
1321
1304
|
GetOCSPSingleRes(self, sres);
|
|
1322
1305
|
status = OCSP_single_get0_status(sres, NULL, &time, NULL, NULL);
|
|
1323
1306
|
if (status < 0)
|
|
1324
|
-
|
|
1307
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1325
1308
|
if (status != V_OCSP_CERTSTATUS_REVOKED)
|
|
1326
|
-
|
|
1309
|
+
ossl_raise(eOCSPError, "certificate is not revoked");
|
|
1327
1310
|
if (!time)
|
|
1328
|
-
|
|
1311
|
+
return Qnil;
|
|
1329
1312
|
|
|
1330
1313
|
return asn1time_to_time(time);
|
|
1331
1314
|
}
|
|
@@ -1343,9 +1326,9 @@ ossl_ocspsres_get_revocation_reason(VALUE self)
|
|
|
1343
1326
|
GetOCSPSingleRes(self, sres);
|
|
1344
1327
|
status = OCSP_single_get0_status(sres, &reason, NULL, NULL, NULL);
|
|
1345
1328
|
if (status < 0)
|
|
1346
|
-
|
|
1329
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1347
1330
|
if (status != V_OCSP_CERTSTATUS_REVOKED)
|
|
1348
|
-
|
|
1331
|
+
ossl_raise(eOCSPError, "certificate is not revoked");
|
|
1349
1332
|
|
|
1350
1333
|
return INT2NUM(reason);
|
|
1351
1334
|
}
|
|
@@ -1367,8 +1350,8 @@ ossl_ocspsres_get_extensions(VALUE self)
|
|
|
1367
1350
|
count = OCSP_SINGLERESP_get_ext_count(sres);
|
|
1368
1351
|
ary = rb_ary_new2(count);
|
|
1369
1352
|
for (i = 0; i < count; i++) {
|
|
1370
|
-
|
|
1371
|
-
|
|
1353
|
+
ext = OCSP_SINGLERESP_get_ext(sres, i);
|
|
1354
|
+
rb_ary_push(ary, ossl_x509ext_new(ext)); /* will dup */
|
|
1372
1355
|
}
|
|
1373
1356
|
|
|
1374
1357
|
return ary;
|
|
@@ -1390,11 +1373,11 @@ ossl_ocspsres_to_der(VALUE self)
|
|
|
1390
1373
|
|
|
1391
1374
|
GetOCSPSingleRes(self, sres);
|
|
1392
1375
|
if ((len = i2d_OCSP_SINGLERESP(sres, NULL)) <= 0)
|
|
1393
|
-
|
|
1376
|
+
ossl_raise(eOCSPError, NULL);
|
|
1394
1377
|
str = rb_str_new(0, len);
|
|
1395
1378
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
1396
1379
|
if (i2d_OCSP_SINGLERESP(sres, &p) <= 0)
|
|
1397
|
-
|
|
1380
|
+
ossl_raise(eOCSPError, NULL);
|
|
1398
1381
|
ossl_str_adjust(str, p);
|
|
1399
1382
|
|
|
1400
1383
|
return str;
|
|
@@ -1412,12 +1395,13 @@ ossl_ocspcid_alloc(VALUE klass)
|
|
|
1412
1395
|
|
|
1413
1396
|
obj = NewOCSPCertId(klass);
|
|
1414
1397
|
if(!(id = OCSP_CERTID_new()))
|
|
1415
|
-
|
|
1398
|
+
ossl_raise(eOCSPError, NULL);
|
|
1416
1399
|
SetOCSPCertId(obj, id);
|
|
1417
1400
|
|
|
1418
1401
|
return obj;
|
|
1419
1402
|
}
|
|
1420
1403
|
|
|
1404
|
+
/* :nodoc: */
|
|
1421
1405
|
static VALUE
|
|
1422
1406
|
ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
|
|
1423
1407
|
{
|
|
@@ -1429,7 +1413,7 @@ ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
|
|
|
1429
1413
|
|
|
1430
1414
|
cid_new = OCSP_CERTID_dup(cid);
|
|
1431
1415
|
if (!cid_new)
|
|
1432
|
-
|
|
1416
|
+
ossl_raise(eOCSPError, "OCSP_CERTID_dup");
|
|
1433
1417
|
|
|
1434
1418
|
SetOCSPCertId(self, cid_new);
|
|
1435
1419
|
OCSP_CERTID_free(cid_old);
|
|
@@ -1459,27 +1443,28 @@ ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
1459
1443
|
|
|
1460
1444
|
GetOCSPCertId(self, id);
|
|
1461
1445
|
if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
|
|
1462
|
-
|
|
1463
|
-
|
|
1464
|
-
|
|
1465
|
-
|
|
1466
|
-
|
|
1467
|
-
|
|
1468
|
-
|
|
1469
|
-
|
|
1470
|
-
|
|
1446
|
+
VALUE arg;
|
|
1447
|
+
const unsigned char *p;
|
|
1448
|
+
|
|
1449
|
+
arg = ossl_to_der_if_possible(subject);
|
|
1450
|
+
StringValue(arg);
|
|
1451
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
1452
|
+
newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
|
|
1453
|
+
if (!newid)
|
|
1454
|
+
ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
|
|
1471
1455
|
}
|
|
1472
1456
|
else {
|
|
1473
|
-
|
|
1474
|
-
|
|
1457
|
+
X509 *x509s, *x509i;
|
|
1458
|
+
const EVP_MD *md;
|
|
1459
|
+
VALUE md_holder;
|
|
1475
1460
|
|
|
1476
|
-
|
|
1477
|
-
|
|
1478
|
-
|
|
1461
|
+
x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
|
|
1462
|
+
x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
|
|
1463
|
+
md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
|
|
1479
1464
|
|
|
1480
|
-
|
|
1481
|
-
|
|
1482
|
-
|
|
1465
|
+
newid = OCSP_cert_to_id(md, x509s, x509i);
|
|
1466
|
+
if (!newid)
|
|
1467
|
+
ossl_raise(eOCSPError, "OCSP_cert_to_id");
|
|
1483
1468
|
}
|
|
1484
1469
|
|
|
1485
1470
|
SetOCSPCertId(self, newid);
|
|
@@ -1565,8 +1550,9 @@ ossl_ocspcid_get_issuer_name_hash(VALUE self)
|
|
|
1565
1550
|
GetOCSPCertId(self, id);
|
|
1566
1551
|
OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id);
|
|
1567
1552
|
|
|
1568
|
-
ret = rb_str_new(NULL, name_hash
|
|
1569
|
-
ossl_bin2hex(name_hash
|
|
1553
|
+
ret = rb_str_new(NULL, ASN1_STRING_length(name_hash) * 2);
|
|
1554
|
+
ossl_bin2hex(ASN1_STRING_get0_data(name_hash), RSTRING_PTR(ret),
|
|
1555
|
+
ASN1_STRING_length(name_hash));
|
|
1570
1556
|
|
|
1571
1557
|
return ret;
|
|
1572
1558
|
}
|
|
@@ -1588,8 +1574,9 @@ ossl_ocspcid_get_issuer_key_hash(VALUE self)
|
|
|
1588
1574
|
GetOCSPCertId(self, id);
|
|
1589
1575
|
OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id);
|
|
1590
1576
|
|
|
1591
|
-
ret = rb_str_new(NULL, key_hash
|
|
1592
|
-
ossl_bin2hex(key_hash
|
|
1577
|
+
ret = rb_str_new(NULL, ASN1_STRING_length(key_hash) * 2);
|
|
1578
|
+
ossl_bin2hex(ASN1_STRING_get0_data(key_hash), RSTRING_PTR(ret),
|
|
1579
|
+
ASN1_STRING_length(key_hash));
|
|
1593
1580
|
|
|
1594
1581
|
return ret;
|
|
1595
1582
|
}
|
|
@@ -1606,19 +1593,10 @@ ossl_ocspcid_get_hash_algorithm(VALUE self)
|
|
|
1606
1593
|
{
|
|
1607
1594
|
OCSP_CERTID *id;
|
|
1608
1595
|
ASN1_OBJECT *oid;
|
|
1609
|
-
BIO *out;
|
|
1610
1596
|
|
|
1611
1597
|
GetOCSPCertId(self, id);
|
|
1612
1598
|
OCSP_id_get0_info(NULL, &oid, NULL, NULL, id);
|
|
1613
|
-
|
|
1614
|
-
if (!(out = BIO_new(BIO_s_mem())))
|
|
1615
|
-
ossl_raise(eOCSPError, "BIO_new");
|
|
1616
|
-
|
|
1617
|
-
if (!i2a_ASN1_OBJECT(out, oid)) {
|
|
1618
|
-
BIO_free(out);
|
|
1619
|
-
ossl_raise(eOCSPError, "i2a_ASN1_OBJECT");
|
|
1620
|
-
}
|
|
1621
|
-
return ossl_membio2str(out);
|
|
1599
|
+
return ossl_asn1obj_to_string_long_name(oid);
|
|
1622
1600
|
}
|
|
1623
1601
|
|
|
1624
1602
|
/*
|
|
@@ -1637,11 +1615,11 @@ ossl_ocspcid_to_der(VALUE self)
|
|
|
1637
1615
|
|
|
1638
1616
|
GetOCSPCertId(self, id);
|
|
1639
1617
|
if ((len = i2d_OCSP_CERTID(id, NULL)) <= 0)
|
|
1640
|
-
|
|
1618
|
+
ossl_raise(eOCSPError, NULL);
|
|
1641
1619
|
str = rb_str_new(0, len);
|
|
1642
1620
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
1643
1621
|
if (i2d_OCSP_CERTID(id, &p) <= 0)
|
|
1644
|
-
|
|
1622
|
+
ossl_raise(eOCSPError, NULL);
|
|
1645
1623
|
ossl_str_adjust(str, p);
|
|
1646
1624
|
|
|
1647
1625
|
return str;
|
|
@@ -1650,11 +1628,6 @@ ossl_ocspcid_to_der(VALUE self)
|
|
|
1650
1628
|
void
|
|
1651
1629
|
Init_ossl_ocsp(void)
|
|
1652
1630
|
{
|
|
1653
|
-
#if 0
|
|
1654
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
1655
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
1656
|
-
#endif
|
|
1657
|
-
|
|
1658
1631
|
/*
|
|
1659
1632
|
* OpenSSL::OCSP implements Online Certificate Status Protocol requests
|
|
1660
1633
|
* and responses.
|