openssl 3.3.2 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +85 -0
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +30 -69
- data/ext/openssl/openssl_missing.h +0 -206
- data/ext/openssl/ossl.c +280 -301
- data/ext/openssl/ossl.h +15 -10
- data/ext/openssl/ossl_asn1.c +598 -406
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +252 -203
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +31 -37
- data/ext/openssl/ossl_ocsp.c +214 -241
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +175 -145
- data/ext/openssl/ossl_pkey.c +162 -178
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +31 -68
- data/ext/openssl/ossl_pkey_dsa.c +15 -54
- data/ext/openssl/ossl_pkey_ec.c +179 -237
- data/ext/openssl/ossl_pkey_rsa.c +56 -103
- data/ext/openssl/ossl_provider.c +0 -7
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +478 -353
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +81 -127
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509attr.c +33 -54
- data/ext/openssl/ossl_x509cert.c +69 -100
- data/ext/openssl/ossl_x509crl.c +78 -89
- data/ext/openssl/ossl_x509ext.c +45 -66
- data/ext/openssl/ossl_x509name.c +63 -88
- data/ext/openssl/ossl_x509req.c +55 -62
- data/ext/openssl/ossl_x509revoked.c +27 -41
- data/ext/openssl/ossl_x509store.c +38 -56
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +1 -3
- data/ext/openssl/openssl_missing.c +0 -40
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_pkcs7.c
CHANGED
|
@@ -28,14 +28,14 @@
|
|
|
28
28
|
TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0)
|
|
29
29
|
#define SetPKCS7si(obj, p7si) do { \
|
|
30
30
|
if (!(p7si)) { \
|
|
31
|
-
|
|
31
|
+
ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \
|
|
32
32
|
} \
|
|
33
33
|
RTYPEDDATA_DATA(obj) = (p7si); \
|
|
34
34
|
} while (0)
|
|
35
35
|
#define GetPKCS7si(obj, p7si) do { \
|
|
36
36
|
TypedData_Get_Struct((obj), PKCS7_SIGNER_INFO, &ossl_pkcs7_signer_info_type, (p7si)); \
|
|
37
37
|
if (!(p7si)) { \
|
|
38
|
-
|
|
38
|
+
ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \
|
|
39
39
|
} \
|
|
40
40
|
} while (0)
|
|
41
41
|
|
|
@@ -43,14 +43,14 @@
|
|
|
43
43
|
TypedData_Wrap_Struct((klass), &ossl_pkcs7_recip_info_type, 0)
|
|
44
44
|
#define SetPKCS7ri(obj, p7ri) do { \
|
|
45
45
|
if (!(p7ri)) { \
|
|
46
|
-
|
|
46
|
+
ossl_raise(rb_eRuntimeError, "PKCS7ri wasn't initialized."); \
|
|
47
47
|
} \
|
|
48
48
|
RTYPEDDATA_DATA(obj) = (p7ri); \
|
|
49
49
|
} while (0)
|
|
50
50
|
#define GetPKCS7ri(obj, p7ri) do { \
|
|
51
51
|
TypedData_Get_Struct((obj), PKCS7_RECIP_INFO, &ossl_pkcs7_recip_info_type, (p7ri)); \
|
|
52
52
|
if (!(p7ri)) { \
|
|
53
|
-
|
|
53
|
+
ossl_raise(rb_eRuntimeError, "PKCS7ri wasn't initialized."); \
|
|
54
54
|
} \
|
|
55
55
|
} while (0)
|
|
56
56
|
|
|
@@ -68,6 +68,7 @@ static VALUE cPKCS7;
|
|
|
68
68
|
static VALUE cPKCS7Signer;
|
|
69
69
|
static VALUE cPKCS7Recipient;
|
|
70
70
|
static VALUE ePKCS7Error;
|
|
71
|
+
static ID id_md_holder, id_cipher_holder;
|
|
71
72
|
|
|
72
73
|
static void
|
|
73
74
|
ossl_pkcs7_free(void *ptr)
|
|
@@ -78,7 +79,7 @@ ossl_pkcs7_free(void *ptr)
|
|
|
78
79
|
static const rb_data_type_t ossl_pkcs7_type = {
|
|
79
80
|
"OpenSSL/PKCS7",
|
|
80
81
|
{
|
|
81
|
-
|
|
82
|
+
0, ossl_pkcs7_free,
|
|
82
83
|
},
|
|
83
84
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
84
85
|
};
|
|
@@ -106,7 +107,7 @@ ossl_pkcs7_signer_info_free(void *ptr)
|
|
|
106
107
|
static const rb_data_type_t ossl_pkcs7_signer_info_type = {
|
|
107
108
|
"OpenSSL/PKCS7/SIGNER_INFO",
|
|
108
109
|
{
|
|
109
|
-
|
|
110
|
+
0, ossl_pkcs7_signer_info_free,
|
|
110
111
|
},
|
|
111
112
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
112
113
|
};
|
|
@@ -120,7 +121,7 @@ ossl_pkcs7_recip_info_free(void *ptr)
|
|
|
120
121
|
static const rb_data_type_t ossl_pkcs7_recip_info_type = {
|
|
121
122
|
"OpenSSL/PKCS7/RECIP_INFO",
|
|
122
123
|
{
|
|
123
|
-
|
|
124
|
+
0, ossl_pkcs7_recip_info_free,
|
|
124
125
|
},
|
|
125
126
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
126
127
|
};
|
|
@@ -143,23 +144,32 @@ ossl_PKCS7_SIGNER_INFO_dup(PKCS7_SIGNER_INFO *si)
|
|
|
143
144
|
}
|
|
144
145
|
|
|
145
146
|
static PKCS7_RECIP_INFO *
|
|
146
|
-
ossl_PKCS7_RECIP_INFO_dup(PKCS7_RECIP_INFO *
|
|
147
|
+
ossl_PKCS7_RECIP_INFO_dup(PKCS7_RECIP_INFO *ri)
|
|
147
148
|
{
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
149
|
+
PKCS7_RECIP_INFO *ri_new = ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
|
|
150
|
+
(d2i_of_void *)d2i_PKCS7_RECIP_INFO,
|
|
151
|
+
ri);
|
|
152
|
+
if (ri_new && ri->cert) {
|
|
153
|
+
if (!X509_up_ref(ri->cert)) {
|
|
154
|
+
PKCS7_RECIP_INFO_free(ri_new);
|
|
155
|
+
return NULL;
|
|
156
|
+
}
|
|
157
|
+
ri_new->cert = ri->cert;
|
|
158
|
+
}
|
|
159
|
+
return ri_new;
|
|
151
160
|
}
|
|
152
161
|
|
|
153
162
|
static VALUE
|
|
154
163
|
ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
|
|
155
164
|
{
|
|
156
|
-
PKCS7_SIGNER_INFO *
|
|
165
|
+
PKCS7_SIGNER_INFO *p7si_new;
|
|
157
166
|
VALUE obj;
|
|
158
167
|
|
|
159
168
|
obj = NewPKCS7si(cPKCS7Signer);
|
|
160
|
-
|
|
161
|
-
if (!
|
|
162
|
-
|
|
169
|
+
p7si_new = ossl_PKCS7_SIGNER_INFO_dup(p7si);
|
|
170
|
+
if (!p7si_new)
|
|
171
|
+
ossl_raise(ePKCS7Error, "ASN1_dup");
|
|
172
|
+
SetPKCS7si(obj, p7si_new);
|
|
163
173
|
|
|
164
174
|
return obj;
|
|
165
175
|
}
|
|
@@ -167,13 +177,14 @@ ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
|
|
|
167
177
|
static VALUE
|
|
168
178
|
ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
|
|
169
179
|
{
|
|
170
|
-
PKCS7_RECIP_INFO *
|
|
180
|
+
PKCS7_RECIP_INFO *p7ri_new;
|
|
171
181
|
VALUE obj;
|
|
172
182
|
|
|
173
183
|
obj = NewPKCS7ri(cPKCS7Recipient);
|
|
174
|
-
|
|
175
|
-
if (!
|
|
176
|
-
|
|
184
|
+
p7ri_new = ossl_PKCS7_RECIP_INFO_dup(p7ri);
|
|
185
|
+
if (!p7ri_new)
|
|
186
|
+
ossl_raise(ePKCS7Error,"ASN1_dup");
|
|
187
|
+
SetPKCS7ri(obj, p7ri_new);
|
|
177
188
|
|
|
178
189
|
return obj;
|
|
179
190
|
}
|
|
@@ -227,7 +238,7 @@ ossl_pkcs7_s_write_smime(int argc, VALUE *argv, VALUE klass)
|
|
|
227
238
|
if(NIL_P(data)) data = ossl_pkcs7_get_data(pkcs7);
|
|
228
239
|
GetPKCS7(pkcs7, p7);
|
|
229
240
|
if(!NIL_P(data) && PKCS7_is_detached(p7))
|
|
230
|
-
|
|
241
|
+
flg |= PKCS7_DETACHED;
|
|
231
242
|
in = NIL_P(data) ? NULL : ossl_obj2bio(&data);
|
|
232
243
|
if(!(out = BIO_new(BIO_s_mem()))){
|
|
233
244
|
BIO_free(in);
|
|
@@ -268,16 +279,16 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
|
|
|
268
279
|
in = ossl_obj2bio(&data);
|
|
269
280
|
if(NIL_P(certs)) x509s = NULL;
|
|
270
281
|
else{
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
282
|
+
x509s = ossl_protect_x509_ary2sk(certs, &status);
|
|
283
|
+
if(status){
|
|
284
|
+
BIO_free(in);
|
|
285
|
+
rb_jump_tag(status);
|
|
286
|
+
}
|
|
276
287
|
}
|
|
277
288
|
if(!(pkcs7 = PKCS7_sign(x509, pkey, x509s, in, flg))){
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
289
|
+
BIO_free(in);
|
|
290
|
+
sk_X509_pop_free(x509s, X509_free);
|
|
291
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
281
292
|
}
|
|
282
293
|
SetPKCS7(ret, pkcs7);
|
|
283
294
|
ossl_pkcs7_set_data(ret, data);
|
|
@@ -302,7 +313,7 @@ ossl_pkcs7_s_sign(int argc, VALUE *argv, VALUE klass)
|
|
|
302
313
|
static VALUE
|
|
303
314
|
ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
|
|
304
315
|
{
|
|
305
|
-
VALUE certs, data, cipher, flags;
|
|
316
|
+
VALUE certs, data, cipher, flags, cipher_holder;
|
|
306
317
|
STACK_OF(X509) *x509s;
|
|
307
318
|
BIO *in;
|
|
308
319
|
const EVP_CIPHER *ciph;
|
|
@@ -316,23 +327,24 @@ ossl_pkcs7_s_encrypt(int argc, VALUE *argv, VALUE klass)
|
|
|
316
327
|
"cipher must be specified. Before version 3.3, " \
|
|
317
328
|
"the default cipher was RC2-40-CBC.");
|
|
318
329
|
}
|
|
319
|
-
ciph =
|
|
330
|
+
ciph = ossl_evp_cipher_fetch(cipher, &cipher_holder);
|
|
320
331
|
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
|
|
321
332
|
ret = NewPKCS7(cPKCS7);
|
|
322
333
|
in = ossl_obj2bio(&data);
|
|
323
334
|
x509s = ossl_protect_x509_ary2sk(certs, &status);
|
|
324
335
|
if(status){
|
|
325
|
-
|
|
326
|
-
|
|
336
|
+
BIO_free(in);
|
|
337
|
+
rb_jump_tag(status);
|
|
327
338
|
}
|
|
328
|
-
if(!(p7 = PKCS7_encrypt(x509s, in,
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
339
|
+
if (!(p7 = PKCS7_encrypt(x509s, in, ciph, flg))) {
|
|
340
|
+
BIO_free(in);
|
|
341
|
+
sk_X509_pop_free(x509s, X509_free);
|
|
342
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
332
343
|
}
|
|
333
344
|
BIO_free(in);
|
|
334
345
|
SetPKCS7(ret, p7);
|
|
335
346
|
ossl_pkcs7_set_data(ret, data);
|
|
347
|
+
rb_ivar_set(ret, id_cipher_holder, cipher_holder);
|
|
336
348
|
sk_X509_pop_free(x509s, X509_free);
|
|
337
349
|
|
|
338
350
|
return ret;
|
|
@@ -346,7 +358,7 @@ ossl_pkcs7_alloc(VALUE klass)
|
|
|
346
358
|
|
|
347
359
|
obj = NewPKCS7(klass);
|
|
348
360
|
if (!(pkcs7 = PKCS7_new())) {
|
|
349
|
-
|
|
361
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
350
362
|
}
|
|
351
363
|
SetPKCS7(obj, pkcs7);
|
|
352
364
|
|
|
@@ -368,7 +380,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
368
380
|
VALUE arg;
|
|
369
381
|
|
|
370
382
|
if(rb_scan_args(argc, argv, "01", &arg) == 0)
|
|
371
|
-
|
|
383
|
+
return self;
|
|
372
384
|
arg = ossl_to_der_if_possible(arg);
|
|
373
385
|
in = ossl_obj2bio(&arg);
|
|
374
386
|
p7 = d2i_PKCS7_bio(in, NULL);
|
|
@@ -378,10 +390,10 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
378
390
|
}
|
|
379
391
|
BIO_free(in);
|
|
380
392
|
if (!p7)
|
|
381
|
-
ossl_raise(
|
|
393
|
+
ossl_raise(ePKCS7Error, "Could not parse the PKCS7");
|
|
382
394
|
if (!p7->d.ptr) {
|
|
383
395
|
PKCS7_free(p7);
|
|
384
|
-
ossl_raise(
|
|
396
|
+
ossl_raise(ePKCS7Error, "No content in PKCS7");
|
|
385
397
|
}
|
|
386
398
|
|
|
387
399
|
RTYPEDDATA_DATA(self) = p7;
|
|
@@ -392,6 +404,7 @@ ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
392
404
|
return self;
|
|
393
405
|
}
|
|
394
406
|
|
|
407
|
+
/* :nodoc: */
|
|
395
408
|
static VALUE
|
|
396
409
|
ossl_pkcs7_copy(VALUE self, VALUE other)
|
|
397
410
|
{
|
|
@@ -405,7 +418,7 @@ ossl_pkcs7_copy(VALUE self, VALUE other)
|
|
|
405
418
|
|
|
406
419
|
pkcs7 = PKCS7_dup(b);
|
|
407
420
|
if (!pkcs7) {
|
|
408
|
-
|
|
421
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
409
422
|
}
|
|
410
423
|
DATA_PTR(self) = pkcs7;
|
|
411
424
|
PKCS7_free(a);
|
|
@@ -437,13 +450,13 @@ ossl_pkcs7_sym2typeid(VALUE sym)
|
|
|
437
450
|
RSTRING_GETMEM(sym, s, l);
|
|
438
451
|
|
|
439
452
|
for(i = 0; ; i++){
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
453
|
+
if(i == numberof(p7_type_tab))
|
|
454
|
+
ossl_raise(ePKCS7Error, "unknown type \"%"PRIsVALUE"\"", sym);
|
|
455
|
+
if(strlen(p7_type_tab[i].name) != l) continue;
|
|
456
|
+
if(strcmp(p7_type_tab[i].name, s) == 0){
|
|
457
|
+
ret = p7_type_tab[i].nid;
|
|
458
|
+
break;
|
|
459
|
+
}
|
|
447
460
|
}
|
|
448
461
|
|
|
449
462
|
return ret;
|
|
@@ -460,7 +473,7 @@ ossl_pkcs7_set_type(VALUE self, VALUE type)
|
|
|
460
473
|
|
|
461
474
|
GetPKCS7(self, p7);
|
|
462
475
|
if(!PKCS7_set_type(p7, ossl_pkcs7_sym2typeid(type)))
|
|
463
|
-
|
|
476
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
464
477
|
|
|
465
478
|
return type;
|
|
466
479
|
}
|
|
@@ -476,15 +489,15 @@ ossl_pkcs7_get_type(VALUE self)
|
|
|
476
489
|
|
|
477
490
|
GetPKCS7(self, p7);
|
|
478
491
|
if(PKCS7_type_is_signed(p7))
|
|
479
|
-
|
|
492
|
+
return ID2SYM(rb_intern("signed"));
|
|
480
493
|
if(PKCS7_type_is_encrypted(p7))
|
|
481
|
-
|
|
494
|
+
return ID2SYM(rb_intern("encrypted"));
|
|
482
495
|
if(PKCS7_type_is_enveloped(p7))
|
|
483
|
-
|
|
496
|
+
return ID2SYM(rb_intern("enveloped"));
|
|
484
497
|
if(PKCS7_type_is_signedAndEnveloped(p7))
|
|
485
|
-
|
|
498
|
+
return ID2SYM(rb_intern("signedAndEnveloped"));
|
|
486
499
|
if(PKCS7_type_is_data(p7))
|
|
487
|
-
|
|
500
|
+
return ID2SYM(rb_intern("data"));
|
|
488
501
|
return Qnil;
|
|
489
502
|
}
|
|
490
503
|
|
|
@@ -495,9 +508,9 @@ ossl_pkcs7_set_detached(VALUE self, VALUE flag)
|
|
|
495
508
|
|
|
496
509
|
GetPKCS7(self, p7);
|
|
497
510
|
if(flag != Qtrue && flag != Qfalse)
|
|
498
|
-
|
|
511
|
+
ossl_raise(ePKCS7Error, "must specify a boolean");
|
|
499
512
|
if(!PKCS7_set_detached(p7, flag == Qtrue ? 1 : 0))
|
|
500
|
-
|
|
513
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
501
514
|
|
|
502
515
|
return flag;
|
|
503
516
|
}
|
|
@@ -507,6 +520,8 @@ ossl_pkcs7_get_detached(VALUE self)
|
|
|
507
520
|
{
|
|
508
521
|
PKCS7 *p7;
|
|
509
522
|
GetPKCS7(self, p7);
|
|
523
|
+
if (!PKCS7_type_is_signed(p7))
|
|
524
|
+
return Qfalse;
|
|
510
525
|
return PKCS7_get_detached(p7) ? Qtrue : Qfalse;
|
|
511
526
|
}
|
|
512
527
|
|
|
@@ -522,11 +537,14 @@ static VALUE
|
|
|
522
537
|
ossl_pkcs7_set_cipher(VALUE self, VALUE cipher)
|
|
523
538
|
{
|
|
524
539
|
PKCS7 *pkcs7;
|
|
540
|
+
const EVP_CIPHER *ciph;
|
|
541
|
+
VALUE cipher_holder;
|
|
525
542
|
|
|
526
543
|
GetPKCS7(self, pkcs7);
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
544
|
+
ciph = ossl_evp_cipher_fetch(cipher, &cipher_holder);
|
|
545
|
+
if (!PKCS7_set_cipher(pkcs7, ciph))
|
|
546
|
+
ossl_raise(ePKCS7Error, "PKCS7_set_cipher");
|
|
547
|
+
rb_ivar_set(self, id_cipher_holder, cipher_holder);
|
|
530
548
|
|
|
531
549
|
return cipher;
|
|
532
550
|
}
|
|
@@ -557,22 +575,17 @@ ossl_pkcs7_get_signer(VALUE self)
|
|
|
557
575
|
{
|
|
558
576
|
PKCS7 *pkcs7;
|
|
559
577
|
STACK_OF(PKCS7_SIGNER_INFO) *sk;
|
|
560
|
-
PKCS7_SIGNER_INFO *si;
|
|
561
578
|
int num, i;
|
|
562
579
|
VALUE ary;
|
|
563
580
|
|
|
564
581
|
GetPKCS7(self, pkcs7);
|
|
565
|
-
if (!(sk = PKCS7_get_signer_info(pkcs7)))
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
if ((num = sk_PKCS7_SIGNER_INFO_num(sk)) < 0) {
|
|
570
|
-
ossl_raise(ePKCS7Error, "Negative number of signers!");
|
|
571
|
-
}
|
|
572
|
-
ary = rb_ary_new2(num);
|
|
582
|
+
if (!(sk = PKCS7_get_signer_info(pkcs7)))
|
|
583
|
+
return rb_ary_new();
|
|
584
|
+
num = sk_PKCS7_SIGNER_INFO_num(sk);
|
|
585
|
+
ary = rb_ary_new_capa(num);
|
|
573
586
|
for (i=0; i<num; i++) {
|
|
574
|
-
|
|
575
|
-
|
|
587
|
+
PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(sk, i);
|
|
588
|
+
rb_ary_push(ary, ossl_pkcs7si_new(si));
|
|
576
589
|
}
|
|
577
590
|
|
|
578
591
|
return ary;
|
|
@@ -604,24 +617,21 @@ ossl_pkcs7_get_recipient(VALUE self)
|
|
|
604
617
|
{
|
|
605
618
|
PKCS7 *pkcs7;
|
|
606
619
|
STACK_OF(PKCS7_RECIP_INFO) *sk;
|
|
607
|
-
PKCS7_RECIP_INFO *si;
|
|
608
620
|
int num, i;
|
|
609
621
|
VALUE ary;
|
|
610
622
|
|
|
611
623
|
GetPKCS7(self, pkcs7);
|
|
612
624
|
if (PKCS7_type_is_enveloped(pkcs7))
|
|
613
|
-
|
|
625
|
+
sk = pkcs7->d.enveloped->recipientinfo;
|
|
614
626
|
else if (PKCS7_type_is_signedAndEnveloped(pkcs7))
|
|
615
|
-
|
|
627
|
+
sk = pkcs7->d.signed_and_enveloped->recipientinfo;
|
|
616
628
|
else sk = NULL;
|
|
617
629
|
if (!sk) return rb_ary_new();
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
}
|
|
621
|
-
ary = rb_ary_new2(num);
|
|
630
|
+
num = sk_PKCS7_RECIP_INFO_num(sk);
|
|
631
|
+
ary = rb_ary_new_capa(num);
|
|
622
632
|
for (i=0; i<num; i++) {
|
|
623
|
-
|
|
624
|
-
|
|
633
|
+
PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(sk, i);
|
|
634
|
+
rb_ary_push(ary, ossl_pkcs7ri_new(ri));
|
|
625
635
|
}
|
|
626
636
|
|
|
627
637
|
return ary;
|
|
@@ -636,7 +646,7 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
|
|
|
636
646
|
GetPKCS7(self, pkcs7);
|
|
637
647
|
x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
|
|
638
648
|
if (!PKCS7_add_certificate(pkcs7, x509)){
|
|
639
|
-
|
|
649
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
640
650
|
}
|
|
641
651
|
|
|
642
652
|
return self;
|
|
@@ -652,13 +662,13 @@ pkcs7_get_certs(VALUE self)
|
|
|
652
662
|
GetPKCS7(self, pkcs7);
|
|
653
663
|
i = OBJ_obj2nid(pkcs7->type);
|
|
654
664
|
switch(i){
|
|
655
|
-
|
|
665
|
+
case NID_pkcs7_signed:
|
|
656
666
|
certs = pkcs7->d.sign->cert;
|
|
657
667
|
break;
|
|
658
|
-
|
|
668
|
+
case NID_pkcs7_signedAndEnveloped:
|
|
659
669
|
certs = pkcs7->d.signed_and_enveloped->cert;
|
|
660
670
|
break;
|
|
661
|
-
|
|
671
|
+
default:
|
|
662
672
|
certs = NULL;
|
|
663
673
|
}
|
|
664
674
|
|
|
@@ -675,13 +685,13 @@ pkcs7_get_crls(VALUE self)
|
|
|
675
685
|
GetPKCS7(self, pkcs7);
|
|
676
686
|
i = OBJ_obj2nid(pkcs7->type);
|
|
677
687
|
switch(i){
|
|
678
|
-
|
|
688
|
+
case NID_pkcs7_signed:
|
|
679
689
|
crls = pkcs7->d.sign->crl;
|
|
680
690
|
break;
|
|
681
|
-
|
|
691
|
+
case NID_pkcs7_signedAndEnveloped:
|
|
682
692
|
crls = pkcs7->d.signed_and_enveloped->crl;
|
|
683
693
|
break;
|
|
684
|
-
|
|
694
|
+
default:
|
|
685
695
|
crls = NULL;
|
|
686
696
|
}
|
|
687
697
|
|
|
@@ -701,7 +711,10 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
|
|
|
701
711
|
X509 *cert;
|
|
702
712
|
|
|
703
713
|
certs = pkcs7_get_certs(self);
|
|
704
|
-
|
|
714
|
+
if (certs) {
|
|
715
|
+
while ((cert = sk_X509_pop(certs)))
|
|
716
|
+
X509_free(cert);
|
|
717
|
+
}
|
|
705
718
|
rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
|
|
706
719
|
|
|
707
720
|
return ary;
|
|
@@ -710,7 +723,10 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
|
|
|
710
723
|
static VALUE
|
|
711
724
|
ossl_pkcs7_get_certificates(VALUE self)
|
|
712
725
|
{
|
|
713
|
-
|
|
726
|
+
STACK_OF(X509) *certs = pkcs7_get_certs(self);
|
|
727
|
+
if (!certs)
|
|
728
|
+
return Qnil;
|
|
729
|
+
return ossl_x509_sk2ary(certs);
|
|
714
730
|
}
|
|
715
731
|
|
|
716
732
|
static VALUE
|
|
@@ -722,7 +738,7 @@ ossl_pkcs7_add_crl(VALUE self, VALUE crl)
|
|
|
722
738
|
GetPKCS7(self, pkcs7); /* NO DUP needed! */
|
|
723
739
|
x509crl = GetX509CRLPtr(crl);
|
|
724
740
|
if (!PKCS7_add_crl(pkcs7, x509crl)) {
|
|
725
|
-
|
|
741
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
726
742
|
}
|
|
727
743
|
|
|
728
744
|
return self;
|
|
@@ -741,7 +757,10 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
|
|
|
741
757
|
X509_CRL *crl;
|
|
742
758
|
|
|
743
759
|
crls = pkcs7_get_crls(self);
|
|
744
|
-
|
|
760
|
+
if (crls) {
|
|
761
|
+
while ((crl = sk_X509_CRL_pop(crls)))
|
|
762
|
+
X509_CRL_free(crl);
|
|
763
|
+
}
|
|
745
764
|
rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
|
|
746
765
|
|
|
747
766
|
return ary;
|
|
@@ -750,7 +769,10 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
|
|
|
750
769
|
static VALUE
|
|
751
770
|
ossl_pkcs7_get_crls(VALUE self)
|
|
752
771
|
{
|
|
753
|
-
|
|
772
|
+
STACK_OF(X509_CRL) *crls = pkcs7_get_crls(self);
|
|
773
|
+
if (!crls)
|
|
774
|
+
return Qnil;
|
|
775
|
+
return ossl_x509crl_sk2ary(crls);
|
|
754
776
|
}
|
|
755
777
|
|
|
756
778
|
static VALUE
|
|
@@ -763,7 +785,6 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
|
|
|
763
785
|
BIO *in, *out;
|
|
764
786
|
PKCS7 *p7;
|
|
765
787
|
VALUE data;
|
|
766
|
-
const char *msg;
|
|
767
788
|
|
|
768
789
|
GetPKCS7(self, p7);
|
|
769
790
|
rb_scan_args(argc, argv, "22", &certs, &store, &indata, &flags);
|
|
@@ -773,28 +794,30 @@ ossl_pkcs7_verify(int argc, VALUE *argv, VALUE self)
|
|
|
773
794
|
in = NIL_P(indata) ? NULL : ossl_obj2bio(&indata);
|
|
774
795
|
if(NIL_P(certs)) x509s = NULL;
|
|
775
796
|
else{
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
797
|
+
x509s = ossl_protect_x509_ary2sk(certs, &status);
|
|
798
|
+
if(status){
|
|
799
|
+
BIO_free(in);
|
|
800
|
+
rb_jump_tag(status);
|
|
801
|
+
}
|
|
781
802
|
}
|
|
782
803
|
if(!(out = BIO_new(BIO_s_mem()))){
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
804
|
+
BIO_free(in);
|
|
805
|
+
sk_X509_pop_free(x509s, X509_free);
|
|
806
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
786
807
|
}
|
|
787
808
|
ok = PKCS7_verify(p7, x509s, x509st, in, out, flg);
|
|
788
809
|
BIO_free(in);
|
|
789
810
|
sk_X509_pop_free(x509s, X509_free);
|
|
790
|
-
if (ok < 0) ossl_raise(ePKCS7Error, "PKCS7_verify");
|
|
791
|
-
msg = ERR_reason_error_string(ERR_peek_error());
|
|
792
|
-
ossl_pkcs7_set_err_string(self, msg ? rb_str_new2(msg) : Qnil);
|
|
793
|
-
ossl_clear_error();
|
|
794
811
|
data = ossl_membio2str(out);
|
|
795
812
|
ossl_pkcs7_set_data(self, data);
|
|
796
|
-
|
|
797
|
-
|
|
813
|
+
if (ok != 1) {
|
|
814
|
+
const char *msg = ERR_reason_error_string(ERR_peek_error());
|
|
815
|
+
ossl_pkcs7_set_err_string(self, msg ? rb_str_new_cstr(msg) : Qnil);
|
|
816
|
+
ossl_clear_error();
|
|
817
|
+
return Qfalse;
|
|
818
|
+
}
|
|
819
|
+
ossl_pkcs7_set_err_string(self, Qnil);
|
|
820
|
+
return Qtrue;
|
|
798
821
|
}
|
|
799
822
|
|
|
800
823
|
static VALUE
|
|
@@ -814,10 +837,10 @@ ossl_pkcs7_decrypt(int argc, VALUE *argv, VALUE self)
|
|
|
814
837
|
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
|
|
815
838
|
GetPKCS7(self, p7);
|
|
816
839
|
if(!(out = BIO_new(BIO_s_mem())))
|
|
817
|
-
|
|
840
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
818
841
|
if(!PKCS7_decrypt(p7, key, x509, out, flg)){
|
|
819
|
-
|
|
820
|
-
|
|
842
|
+
BIO_free(out);
|
|
843
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
821
844
|
}
|
|
822
845
|
str = ossl_membio2str(out); /* out will be free */
|
|
823
846
|
|
|
@@ -830,30 +853,38 @@ ossl_pkcs7_add_data(VALUE self, VALUE data)
|
|
|
830
853
|
PKCS7 *pkcs7;
|
|
831
854
|
BIO *out, *in;
|
|
832
855
|
char buf[4096];
|
|
833
|
-
int len;
|
|
856
|
+
int len, ret;
|
|
834
857
|
|
|
835
858
|
GetPKCS7(self, pkcs7);
|
|
836
|
-
if(PKCS7_type_is_signed(pkcs7)){
|
|
837
|
-
|
|
838
|
-
|
|
859
|
+
if (PKCS7_type_is_signed(pkcs7)) {
|
|
860
|
+
if (!PKCS7_content_new(pkcs7, NID_pkcs7_data))
|
|
861
|
+
ossl_raise(ePKCS7Error, "PKCS7_content_new");
|
|
839
862
|
}
|
|
840
863
|
in = ossl_obj2bio(&data);
|
|
841
|
-
if(!(out = PKCS7_dataInit(pkcs7, NULL)))
|
|
842
|
-
|
|
843
|
-
|
|
844
|
-
break;
|
|
845
|
-
if(BIO_write(out, buf, len) != len)
|
|
846
|
-
goto err;
|
|
864
|
+
if (!(out = PKCS7_dataInit(pkcs7, NULL))) {
|
|
865
|
+
BIO_free(in);
|
|
866
|
+
ossl_raise(ePKCS7Error, "PKCS7_dataInit");
|
|
847
867
|
}
|
|
848
|
-
|
|
849
|
-
|
|
850
|
-
|
|
851
|
-
|
|
868
|
+
for (;;) {
|
|
869
|
+
if ((len = BIO_read(in, buf, sizeof(buf))) <= 0)
|
|
870
|
+
break;
|
|
871
|
+
if (BIO_write(out, buf, len) != len) {
|
|
872
|
+
BIO_free_all(out);
|
|
873
|
+
BIO_free(in);
|
|
874
|
+
ossl_raise(ePKCS7Error, "BIO_write");
|
|
875
|
+
}
|
|
876
|
+
}
|
|
877
|
+
if (BIO_flush(out) <= 0) {
|
|
878
|
+
BIO_free_all(out);
|
|
879
|
+
BIO_free(in);
|
|
880
|
+
ossl_raise(ePKCS7Error, "BIO_flush");
|
|
881
|
+
}
|
|
882
|
+
ret = PKCS7_dataFinal(pkcs7, out);
|
|
852
883
|
BIO_free_all(out);
|
|
853
884
|
BIO_free(in);
|
|
854
|
-
if(
|
|
855
|
-
|
|
856
|
-
|
|
885
|
+
if (!ret)
|
|
886
|
+
ossl_raise(ePKCS7Error, "PKCS7_dataFinal");
|
|
887
|
+
ossl_pkcs7_set_data(self, Qnil);
|
|
857
888
|
|
|
858
889
|
return data;
|
|
859
890
|
}
|
|
@@ -868,11 +899,11 @@ ossl_pkcs7_to_der(VALUE self)
|
|
|
868
899
|
|
|
869
900
|
GetPKCS7(self, pkcs7);
|
|
870
901
|
if((len = i2d_PKCS7(pkcs7, NULL)) <= 0)
|
|
871
|
-
|
|
902
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
872
903
|
str = rb_str_new(0, len);
|
|
873
904
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
874
905
|
if(i2d_PKCS7(pkcs7, &p) <= 0)
|
|
875
|
-
|
|
906
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
876
907
|
ossl_str_adjust(str, p);
|
|
877
908
|
|
|
878
909
|
return str;
|
|
@@ -906,11 +937,11 @@ ossl_pkcs7_to_pem(VALUE self)
|
|
|
906
937
|
|
|
907
938
|
GetPKCS7(self, pkcs7);
|
|
908
939
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
|
909
|
-
|
|
940
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
910
941
|
}
|
|
911
942
|
if (!PEM_write_bio_PKCS7(out, pkcs7)) {
|
|
912
|
-
|
|
913
|
-
|
|
943
|
+
BIO_free(out);
|
|
944
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
914
945
|
}
|
|
915
946
|
str = ossl_membio2str(out);
|
|
916
947
|
|
|
@@ -928,7 +959,7 @@ ossl_pkcs7si_alloc(VALUE klass)
|
|
|
928
959
|
|
|
929
960
|
obj = NewPKCS7si(klass);
|
|
930
961
|
if (!(p7si = PKCS7_SIGNER_INFO_new())) {
|
|
931
|
-
|
|
962
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
932
963
|
}
|
|
933
964
|
SetPKCS7si(obj, p7si);
|
|
934
965
|
|
|
@@ -942,14 +973,15 @@ ossl_pkcs7si_initialize(VALUE self, VALUE cert, VALUE key, VALUE digest)
|
|
|
942
973
|
EVP_PKEY *pkey;
|
|
943
974
|
X509 *x509;
|
|
944
975
|
const EVP_MD *md;
|
|
976
|
+
VALUE md_holder;
|
|
945
977
|
|
|
946
978
|
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
|
|
947
979
|
x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
|
|
948
|
-
md =
|
|
980
|
+
md = ossl_evp_md_fetch(digest, &md_holder);
|
|
949
981
|
GetPKCS7si(self, p7si);
|
|
950
|
-
if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey,
|
|
951
|
-
|
|
952
|
-
|
|
982
|
+
if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey, md)))
|
|
983
|
+
ossl_raise(ePKCS7Error, "PKCS7_SIGNER_INFO_set");
|
|
984
|
+
rb_ivar_set(self, id_md_holder, md_holder);
|
|
953
985
|
|
|
954
986
|
return self;
|
|
955
987
|
}
|
|
@@ -983,10 +1015,10 @@ ossl_pkcs7si_get_signed_time(VALUE self)
|
|
|
983
1015
|
GetPKCS7si(self, p7si);
|
|
984
1016
|
|
|
985
1017
|
if (!(asn1obj = PKCS7_get_signed_attribute(p7si, NID_pkcs9_signingTime))) {
|
|
986
|
-
|
|
1018
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
987
1019
|
}
|
|
988
1020
|
if (asn1obj->type == V_ASN1_UTCTIME) {
|
|
989
|
-
|
|
1021
|
+
return asn1time_to_time(asn1obj->value.utctime);
|
|
990
1022
|
}
|
|
991
1023
|
/*
|
|
992
1024
|
* OR
|
|
@@ -1008,7 +1040,7 @@ ossl_pkcs7ri_alloc(VALUE klass)
|
|
|
1008
1040
|
|
|
1009
1041
|
obj = NewPKCS7ri(klass);
|
|
1010
1042
|
if (!(p7ri = PKCS7_RECIP_INFO_new())) {
|
|
1011
|
-
|
|
1043
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
1012
1044
|
}
|
|
1013
1045
|
SetPKCS7ri(obj, p7ri);
|
|
1014
1046
|
|
|
@@ -1024,7 +1056,7 @@ ossl_pkcs7ri_initialize(VALUE self, VALUE cert)
|
|
|
1024
1056
|
x509 = GetX509CertPtr(cert); /* NO NEED TO DUP */
|
|
1025
1057
|
GetPKCS7ri(self, p7ri);
|
|
1026
1058
|
if (!PKCS7_RECIP_INFO_set(p7ri, x509)) {
|
|
1027
|
-
|
|
1059
|
+
ossl_raise(ePKCS7Error, NULL);
|
|
1028
1060
|
}
|
|
1029
1061
|
|
|
1030
1062
|
return self;
|
|
@@ -1067,11 +1099,6 @@ void
|
|
|
1067
1099
|
Init_ossl_pkcs7(void)
|
|
1068
1100
|
{
|
|
1069
1101
|
#undef rb_intern
|
|
1070
|
-
#if 0
|
|
1071
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
1072
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
1073
|
-
#endif
|
|
1074
|
-
|
|
1075
1102
|
cPKCS7 = rb_define_class_under(mOSSL, "PKCS7", rb_cObject);
|
|
1076
1103
|
ePKCS7Error = rb_define_class_under(cPKCS7, "PKCS7Error", eOSSLError);
|
|
1077
1104
|
rb_define_singleton_method(cPKCS7, "read_smime", ossl_pkcs7_s_read_smime, 1);
|
|
@@ -1135,4 +1162,7 @@ Init_ossl_pkcs7(void)
|
|
|
1135
1162
|
DefPKCS7Const(BINARY);
|
|
1136
1163
|
DefPKCS7Const(NOATTR);
|
|
1137
1164
|
DefPKCS7Const(NOSMIMECAP);
|
|
1165
|
+
|
|
1166
|
+
id_md_holder = rb_intern_const("EVP_MD_holder");
|
|
1167
|
+
id_cipher_holder = rb_intern_const("EVP_CIPHER_holder");
|
|
1138
1168
|
}
|