openssl 3.3.3 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +3 -0
- data/History.md +81 -12
- data/README.md +12 -11
- data/ext/openssl/extconf.rb +29 -72
- data/ext/openssl/openssl_missing.h +0 -233
- data/ext/openssl/ossl.c +279 -300
- data/ext/openssl/ossl.h +13 -9
- data/ext/openssl/ossl_asn1.c +610 -423
- data/ext/openssl/ossl_asn1.h +15 -1
- data/ext/openssl/ossl_bio.c +3 -3
- data/ext/openssl/ossl_bn.c +286 -291
- data/ext/openssl/ossl_cipher.c +252 -203
- data/ext/openssl/ossl_cipher.h +10 -1
- data/ext/openssl/ossl_config.c +1 -6
- data/ext/openssl/ossl_digest.c +74 -43
- data/ext/openssl/ossl_digest.h +9 -1
- data/ext/openssl/ossl_engine.c +39 -103
- data/ext/openssl/ossl_hmac.c +30 -36
- data/ext/openssl/ossl_kdf.c +42 -53
- data/ext/openssl/ossl_ns_spki.c +27 -32
- data/ext/openssl/ossl_ocsp.c +209 -236
- data/ext/openssl/ossl_pkcs12.c +26 -26
- data/ext/openssl/ossl_pkcs7.c +176 -146
- data/ext/openssl/ossl_pkey.c +102 -158
- data/ext/openssl/ossl_pkey.h +99 -99
- data/ext/openssl/ossl_pkey_dh.c +31 -68
- data/ext/openssl/ossl_pkey_dsa.c +15 -54
- data/ext/openssl/ossl_pkey_ec.c +179 -237
- data/ext/openssl/ossl_pkey_rsa.c +56 -103
- data/ext/openssl/ossl_provider.c +0 -5
- data/ext/openssl/ossl_rand.c +7 -14
- data/ext/openssl/ossl_ssl.c +478 -353
- data/ext/openssl/ossl_ssl.h +8 -8
- data/ext/openssl/ossl_ssl_session.c +93 -97
- data/ext/openssl/ossl_ts.c +79 -125
- data/ext/openssl/ossl_x509.c +9 -28
- data/ext/openssl/ossl_x509.h +6 -6
- data/ext/openssl/ossl_x509attr.c +35 -57
- data/ext/openssl/ossl_x509cert.c +73 -104
- data/ext/openssl/ossl_x509crl.c +80 -91
- data/ext/openssl/ossl_x509ext.c +45 -75
- data/ext/openssl/ossl_x509name.c +64 -91
- data/ext/openssl/ossl_x509req.c +57 -64
- data/ext/openssl/ossl_x509revoked.c +29 -44
- data/ext/openssl/ossl_x509store.c +41 -57
- data/lib/openssl/buffering.rb +30 -24
- data/lib/openssl/digest.rb +1 -1
- data/lib/openssl/pkey.rb +71 -49
- data/lib/openssl/ssl.rb +12 -79
- data/lib/openssl/version.rb +2 -1
- data/lib/openssl/x509.rb +9 -0
- data/lib/openssl.rb +9 -6
- metadata +2 -4
- data/ext/openssl/openssl_missing.c +0 -41
- data/lib/openssl/asn1.rb +0 -188
data/ext/openssl/ossl_ocsp.c
CHANGED
|
@@ -84,7 +84,7 @@ ossl_ocsp_request_free(void *ptr)
|
|
|
84
84
|
static const rb_data_type_t ossl_ocsp_request_type = {
|
|
85
85
|
"OpenSSL/OCSP/REQUEST",
|
|
86
86
|
{
|
|
87
|
-
|
|
87
|
+
0, ossl_ocsp_request_free,
|
|
88
88
|
},
|
|
89
89
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
90
90
|
};
|
|
@@ -98,7 +98,7 @@ ossl_ocsp_response_free(void *ptr)
|
|
|
98
98
|
static const rb_data_type_t ossl_ocsp_response_type = {
|
|
99
99
|
"OpenSSL/OCSP/RESPONSE",
|
|
100
100
|
{
|
|
101
|
-
|
|
101
|
+
0, ossl_ocsp_response_free,
|
|
102
102
|
},
|
|
103
103
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
104
104
|
};
|
|
@@ -112,7 +112,7 @@ ossl_ocsp_basicresp_free(void *ptr)
|
|
|
112
112
|
static const rb_data_type_t ossl_ocsp_basicresp_type = {
|
|
113
113
|
"OpenSSL/OCSP/BASICRESP",
|
|
114
114
|
{
|
|
115
|
-
|
|
115
|
+
0, ossl_ocsp_basicresp_free,
|
|
116
116
|
},
|
|
117
117
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
118
118
|
};
|
|
@@ -126,7 +126,7 @@ ossl_ocsp_singleresp_free(void *ptr)
|
|
|
126
126
|
static const rb_data_type_t ossl_ocsp_singleresp_type = {
|
|
127
127
|
"OpenSSL/OCSP/SINGLERESP",
|
|
128
128
|
{
|
|
129
|
-
|
|
129
|
+
0, ossl_ocsp_singleresp_free,
|
|
130
130
|
},
|
|
131
131
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
132
132
|
};
|
|
@@ -140,7 +140,7 @@ ossl_ocsp_certid_free(void *ptr)
|
|
|
140
140
|
static const rb_data_type_t ossl_ocsp_certid_type = {
|
|
141
141
|
"OpenSSL/OCSP/CERTID",
|
|
142
142
|
{
|
|
143
|
-
|
|
143
|
+
0, ossl_ocsp_certid_free,
|
|
144
144
|
},
|
|
145
145
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
|
|
146
146
|
};
|
|
@@ -149,10 +149,14 @@ static const rb_data_type_t ossl_ocsp_certid_type = {
|
|
|
149
149
|
* Public
|
|
150
150
|
*/
|
|
151
151
|
static VALUE
|
|
152
|
-
|
|
152
|
+
ossl_ocspcid_new(const OCSP_CERTID *cid)
|
|
153
153
|
{
|
|
154
154
|
VALUE obj = NewOCSPCertId(cOCSPCertId);
|
|
155
|
-
|
|
155
|
+
/* OpenSSL 1.1.1 takes a non-const pointer */
|
|
156
|
+
OCSP_CERTID *cid_new = OCSP_CERTID_dup((OCSP_CERTID *)cid);
|
|
157
|
+
if (!cid_new)
|
|
158
|
+
ossl_raise(eOCSPError, "OCSP_CERTID_dup");
|
|
159
|
+
SetOCSPCertId(obj, cid_new);
|
|
156
160
|
return obj;
|
|
157
161
|
}
|
|
158
162
|
|
|
@@ -167,12 +171,13 @@ ossl_ocspreq_alloc(VALUE klass)
|
|
|
167
171
|
|
|
168
172
|
obj = NewOCSPReq(klass);
|
|
169
173
|
if (!(req = OCSP_REQUEST_new()))
|
|
170
|
-
|
|
174
|
+
ossl_raise(eOCSPError, NULL);
|
|
171
175
|
SetOCSPReq(obj, req);
|
|
172
176
|
|
|
173
177
|
return obj;
|
|
174
178
|
}
|
|
175
179
|
|
|
180
|
+
/* :nodoc: */
|
|
176
181
|
static VALUE
|
|
177
182
|
ossl_ocspreq_initialize_copy(VALUE self, VALUE other)
|
|
178
183
|
{
|
|
@@ -184,7 +189,7 @@ ossl_ocspreq_initialize_copy(VALUE self, VALUE other)
|
|
|
184
189
|
|
|
185
190
|
req_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_REQUEST), req);
|
|
186
191
|
if (!req_new)
|
|
187
|
-
|
|
192
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
188
193
|
|
|
189
194
|
SetOCSPReq(self, req_new);
|
|
190
195
|
OCSP_REQUEST_free(req_old);
|
|
@@ -210,15 +215,15 @@ ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
210
215
|
|
|
211
216
|
rb_scan_args(argc, argv, "01", &arg);
|
|
212
217
|
if(!NIL_P(arg)){
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
218
|
+
GetOCSPReq(self, req);
|
|
219
|
+
arg = ossl_to_der_if_possible(arg);
|
|
220
|
+
StringValue(arg);
|
|
221
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
222
|
+
req_new = d2i_OCSP_REQUEST(NULL, &p, RSTRING_LEN(arg));
|
|
223
|
+
if (!req_new)
|
|
224
|
+
ossl_raise(eOCSPError, "d2i_OCSP_REQUEST");
|
|
225
|
+
SetOCSPReq(self, req_new);
|
|
226
|
+
OCSP_REQUEST_free(req);
|
|
222
227
|
}
|
|
223
228
|
|
|
224
229
|
return self;
|
|
@@ -244,13 +249,13 @@ ossl_ocspreq_add_nonce(int argc, VALUE *argv, VALUE self)
|
|
|
244
249
|
|
|
245
250
|
rb_scan_args(argc, argv, "01", &val);
|
|
246
251
|
if(NIL_P(val)) {
|
|
247
|
-
|
|
248
|
-
|
|
252
|
+
GetOCSPReq(self, req);
|
|
253
|
+
ret = OCSP_request_add1_nonce(req, NULL, -1);
|
|
249
254
|
}
|
|
250
255
|
else{
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
256
|
+
StringValue(val);
|
|
257
|
+
GetOCSPReq(self, req);
|
|
258
|
+
ret = OCSP_request_add1_nonce(req, (unsigned char *)RSTRING_PTR(val), RSTRING_LENINT(val));
|
|
254
259
|
}
|
|
255
260
|
if(!ret) ossl_raise(eOCSPError, NULL);
|
|
256
261
|
|
|
@@ -307,10 +312,10 @@ ossl_ocspreq_add_certid(VALUE self, VALUE certid)
|
|
|
307
312
|
GetOCSPCertId(certid, id);
|
|
308
313
|
|
|
309
314
|
if (!(id_new = OCSP_CERTID_dup(id)))
|
|
310
|
-
|
|
315
|
+
ossl_raise(eOCSPError, "OCSP_CERTID_dup");
|
|
311
316
|
if (!OCSP_request_add0_id(req, id_new)) {
|
|
312
|
-
|
|
313
|
-
|
|
317
|
+
OCSP_CERTID_free(id_new);
|
|
318
|
+
ossl_raise(eOCSPError, "OCSP_request_add0_id");
|
|
314
319
|
}
|
|
315
320
|
|
|
316
321
|
return self;
|
|
@@ -327,21 +332,19 @@ static VALUE
|
|
|
327
332
|
ossl_ocspreq_get_certid(VALUE self)
|
|
328
333
|
{
|
|
329
334
|
OCSP_REQUEST *req;
|
|
330
|
-
OCSP_ONEREQ *one;
|
|
331
|
-
OCSP_CERTID *id;
|
|
332
|
-
VALUE ary, tmp;
|
|
333
|
-
int i, count;
|
|
334
335
|
|
|
335
336
|
GetOCSPReq(self, req);
|
|
336
|
-
count = OCSP_request_onereq_count(req);
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
337
|
+
int count = OCSP_request_onereq_count(req);
|
|
338
|
+
if (count < 0)
|
|
339
|
+
ossl_raise(eOCSPError, "OCSP_request_onereq_count");
|
|
340
|
+
if (count == 0)
|
|
341
|
+
return Qnil;
|
|
342
|
+
|
|
343
|
+
VALUE ary = rb_ary_new_capa(count);
|
|
344
|
+
for (int i = 0; i < count; i++) {
|
|
345
|
+
OCSP_ONEREQ *one = OCSP_request_onereq_get0(req, i);
|
|
346
|
+
OCSP_CERTID *cid = OCSP_onereq_get0_id(one);
|
|
347
|
+
rb_ary_push(ary, ossl_ocspcid_new(cid));
|
|
345
348
|
}
|
|
346
349
|
|
|
347
350
|
return ary;
|
|
@@ -366,7 +369,7 @@ ossl_ocspreq_get_certid(VALUE self)
|
|
|
366
369
|
static VALUE
|
|
367
370
|
ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
|
|
368
371
|
{
|
|
369
|
-
VALUE signer_cert, signer_key, certs, flags, digest;
|
|
372
|
+
VALUE signer_cert, signer_key, certs, flags, digest, md_holder;
|
|
370
373
|
OCSP_REQUEST *req;
|
|
371
374
|
X509 *signer;
|
|
372
375
|
EVP_PKEY *key;
|
|
@@ -380,19 +383,17 @@ ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
|
|
|
380
383
|
signer = GetX509CertPtr(signer_cert);
|
|
381
384
|
key = GetPrivPKeyPtr(signer_key);
|
|
382
385
|
if (!NIL_P(flags))
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
md = NULL;
|
|
386
|
-
else
|
|
387
|
-
md = ossl_evp_get_digestbyname(digest);
|
|
386
|
+
flg = NUM2INT(flags);
|
|
387
|
+
md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
|
|
388
388
|
if (NIL_P(certs))
|
|
389
|
-
|
|
389
|
+
flg |= OCSP_NOCERTS;
|
|
390
390
|
else
|
|
391
|
-
|
|
391
|
+
x509s = ossl_x509_ary2sk(certs);
|
|
392
392
|
|
|
393
393
|
ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
|
|
394
394
|
sk_X509_pop_free(x509s, X509_free);
|
|
395
|
-
if (!ret)
|
|
395
|
+
if (!ret)
|
|
396
|
+
ossl_raise(eOCSPError, "OCSP_request_sign");
|
|
396
397
|
|
|
397
398
|
return self;
|
|
398
399
|
}
|
|
@@ -426,7 +427,7 @@ ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self)
|
|
|
426
427
|
result = OCSP_request_verify(req, x509s, x509st, flg);
|
|
427
428
|
sk_X509_pop_free(x509s, X509_free);
|
|
428
429
|
if (result <= 0)
|
|
429
|
-
|
|
430
|
+
ossl_clear_error();
|
|
430
431
|
|
|
431
432
|
return result > 0 ? Qtrue : Qfalse;
|
|
432
433
|
}
|
|
@@ -445,11 +446,11 @@ ossl_ocspreq_to_der(VALUE self)
|
|
|
445
446
|
|
|
446
447
|
GetOCSPReq(self, req);
|
|
447
448
|
if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0)
|
|
448
|
-
|
|
449
|
+
ossl_raise(eOCSPError, NULL);
|
|
449
450
|
str = rb_str_new(0, len);
|
|
450
451
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
451
452
|
if(i2d_OCSP_REQUEST(req, &p) <= 0)
|
|
452
|
-
|
|
453
|
+
ossl_raise(eOCSPError, NULL);
|
|
453
454
|
ossl_str_adjust(str, p);
|
|
454
455
|
|
|
455
456
|
return str;
|
|
@@ -493,7 +494,7 @@ ossl_ocspres_s_create(VALUE klass, VALUE status, VALUE basic_resp)
|
|
|
493
494
|
else GetOCSPBasicRes(basic_resp, bs); /* NO NEED TO DUP */
|
|
494
495
|
obj = NewOCSPRes(klass);
|
|
495
496
|
if(!(res = OCSP_response_create(st, bs)))
|
|
496
|
-
|
|
497
|
+
ossl_raise(eOCSPError, NULL);
|
|
497
498
|
SetOCSPRes(obj, res);
|
|
498
499
|
|
|
499
500
|
return obj;
|
|
@@ -507,12 +508,13 @@ ossl_ocspres_alloc(VALUE klass)
|
|
|
507
508
|
|
|
508
509
|
obj = NewOCSPRes(klass);
|
|
509
510
|
if(!(res = OCSP_RESPONSE_new()))
|
|
510
|
-
|
|
511
|
+
ossl_raise(eOCSPError, NULL);
|
|
511
512
|
SetOCSPRes(obj, res);
|
|
512
513
|
|
|
513
514
|
return obj;
|
|
514
515
|
}
|
|
515
516
|
|
|
517
|
+
/* :nodoc: */
|
|
516
518
|
static VALUE
|
|
517
519
|
ossl_ocspres_initialize_copy(VALUE self, VALUE other)
|
|
518
520
|
{
|
|
@@ -524,7 +526,7 @@ ossl_ocspres_initialize_copy(VALUE self, VALUE other)
|
|
|
524
526
|
|
|
525
527
|
res_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_RESPONSE), res);
|
|
526
528
|
if (!res_new)
|
|
527
|
-
|
|
529
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
528
530
|
|
|
529
531
|
SetOCSPRes(self, res_new);
|
|
530
532
|
OCSP_RESPONSE_free(res_old);
|
|
@@ -550,15 +552,15 @@ ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
550
552
|
|
|
551
553
|
rb_scan_args(argc, argv, "01", &arg);
|
|
552
554
|
if(!NIL_P(arg)){
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
555
|
+
GetOCSPRes(self, res);
|
|
556
|
+
arg = ossl_to_der_if_possible(arg);
|
|
557
|
+
StringValue(arg);
|
|
558
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
559
|
+
res_new = d2i_OCSP_RESPONSE(NULL, &p, RSTRING_LEN(arg));
|
|
560
|
+
if (!res_new)
|
|
561
|
+
ossl_raise(eOCSPError, "d2i_OCSP_RESPONSE");
|
|
562
|
+
SetOCSPRes(self, res_new);
|
|
563
|
+
OCSP_RESPONSE_free(res);
|
|
562
564
|
}
|
|
563
565
|
|
|
564
566
|
return self;
|
|
@@ -619,7 +621,7 @@ ossl_ocspres_get_basic(VALUE self)
|
|
|
619
621
|
GetOCSPRes(self, res);
|
|
620
622
|
ret = NewOCSPBasicRes(cOCSPBasicRes);
|
|
621
623
|
if(!(bs = OCSP_response_get1_basic(res)))
|
|
622
|
-
|
|
624
|
+
return Qnil;
|
|
623
625
|
SetOCSPBasicRes(ret, bs);
|
|
624
626
|
|
|
625
627
|
return ret;
|
|
@@ -642,11 +644,11 @@ ossl_ocspres_to_der(VALUE self)
|
|
|
642
644
|
|
|
643
645
|
GetOCSPRes(self, res);
|
|
644
646
|
if((len = i2d_OCSP_RESPONSE(res, NULL)) <= 0)
|
|
645
|
-
|
|
647
|
+
ossl_raise(eOCSPError, NULL);
|
|
646
648
|
str = rb_str_new(0, len);
|
|
647
649
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
648
650
|
if(i2d_OCSP_RESPONSE(res, &p) <= 0)
|
|
649
|
-
|
|
651
|
+
ossl_raise(eOCSPError, NULL);
|
|
650
652
|
ossl_str_adjust(str, p);
|
|
651
653
|
|
|
652
654
|
return str;
|
|
@@ -663,12 +665,13 @@ ossl_ocspbres_alloc(VALUE klass)
|
|
|
663
665
|
|
|
664
666
|
obj = NewOCSPBasicRes(klass);
|
|
665
667
|
if(!(bs = OCSP_BASICRESP_new()))
|
|
666
|
-
|
|
668
|
+
ossl_raise(eOCSPError, NULL);
|
|
667
669
|
SetOCSPBasicRes(obj, bs);
|
|
668
670
|
|
|
669
671
|
return obj;
|
|
670
672
|
}
|
|
671
673
|
|
|
674
|
+
/* :nodoc: */
|
|
672
675
|
static VALUE
|
|
673
676
|
ossl_ocspbres_initialize_copy(VALUE self, VALUE other)
|
|
674
677
|
{
|
|
@@ -680,7 +683,7 @@ ossl_ocspbres_initialize_copy(VALUE self, VALUE other)
|
|
|
680
683
|
|
|
681
684
|
bs_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs);
|
|
682
685
|
if (!bs_new)
|
|
683
|
-
|
|
686
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
684
687
|
|
|
685
688
|
SetOCSPBasicRes(self, bs_new);
|
|
686
689
|
OCSP_BASICRESP_free(bs_old);
|
|
@@ -705,15 +708,15 @@ ossl_ocspbres_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
705
708
|
|
|
706
709
|
rb_scan_args(argc, argv, "01", &arg);
|
|
707
710
|
if (!NIL_P(arg)) {
|
|
708
|
-
|
|
709
|
-
|
|
710
|
-
|
|
711
|
-
|
|
712
|
-
|
|
713
|
-
|
|
714
|
-
|
|
715
|
-
|
|
716
|
-
|
|
711
|
+
GetOCSPBasicRes(self, res);
|
|
712
|
+
arg = ossl_to_der_if_possible(arg);
|
|
713
|
+
StringValue(arg);
|
|
714
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
715
|
+
res_new = d2i_OCSP_BASICRESP(NULL, &p, RSTRING_LEN(arg));
|
|
716
|
+
if (!res_new)
|
|
717
|
+
ossl_raise(eOCSPError, "d2i_OCSP_BASICRESP");
|
|
718
|
+
SetOCSPBasicRes(self, res_new);
|
|
719
|
+
OCSP_BASICRESP_free(res);
|
|
717
720
|
}
|
|
718
721
|
|
|
719
722
|
return self;
|
|
@@ -758,13 +761,13 @@ ossl_ocspbres_add_nonce(int argc, VALUE *argv, VALUE self)
|
|
|
758
761
|
|
|
759
762
|
rb_scan_args(argc, argv, "01", &val);
|
|
760
763
|
if(NIL_P(val)) {
|
|
761
|
-
|
|
762
|
-
|
|
764
|
+
GetOCSPBasicRes(self, bs);
|
|
765
|
+
ret = OCSP_basic_add1_nonce(bs, NULL, -1);
|
|
763
766
|
}
|
|
764
767
|
else{
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
+
StringValue(val);
|
|
769
|
+
GetOCSPBasicRes(self, bs);
|
|
770
|
+
ret = OCSP_basic_add1_nonce(bs, (unsigned char *)RSTRING_PTR(val), RSTRING_LENINT(val));
|
|
768
771
|
}
|
|
769
772
|
if(!ret) ossl_raise(eOCSPError, NULL);
|
|
770
773
|
|
|
@@ -777,12 +780,12 @@ add_status_convert_time(VALUE obj)
|
|
|
777
780
|
ASN1_TIME *time;
|
|
778
781
|
|
|
779
782
|
if (RB_INTEGER_TYPE_P(obj))
|
|
780
|
-
|
|
783
|
+
time = X509_gmtime_adj(NULL, NUM2INT(obj));
|
|
781
784
|
else
|
|
782
|
-
|
|
785
|
+
time = ossl_x509_time_adjust(NULL, obj);
|
|
783
786
|
|
|
784
787
|
if (!time)
|
|
785
|
-
|
|
788
|
+
ossl_raise(eOCSPError, NULL);
|
|
786
789
|
|
|
787
790
|
return (VALUE)time;
|
|
788
791
|
}
|
|
@@ -816,8 +819,8 @@ add_status_convert_time(VALUE obj)
|
|
|
816
819
|
*/
|
|
817
820
|
static VALUE
|
|
818
821
|
ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
|
|
819
|
-
|
|
820
|
-
|
|
822
|
+
VALUE reason, VALUE revtime,
|
|
823
|
+
VALUE thisupd, VALUE nextupd, VALUE ext)
|
|
821
824
|
{
|
|
822
825
|
OCSP_BASICRESP *bs;
|
|
823
826
|
OCSP_SINGLERESP *single;
|
|
@@ -831,16 +834,16 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
|
|
|
831
834
|
GetOCSPCertId(cid, id);
|
|
832
835
|
st = NUM2INT(status);
|
|
833
836
|
if (!NIL_P(ext)) { /* All ext's members must be X509::Extension */
|
|
834
|
-
|
|
835
|
-
|
|
836
|
-
|
|
837
|
+
ext = rb_check_array_type(ext);
|
|
838
|
+
for (i = 0; i < RARRAY_LEN(ext); i++)
|
|
839
|
+
OSSL_Check_Kind(RARRAY_AREF(ext, i), cX509Ext);
|
|
837
840
|
}
|
|
838
841
|
|
|
839
842
|
if (st == V_OCSP_CERTSTATUS_REVOKED) {
|
|
840
|
-
|
|
841
|
-
|
|
842
|
-
|
|
843
|
-
|
|
843
|
+
rsn = NUM2INT(reason);
|
|
844
|
+
tmp = rb_protect(add_status_convert_time, revtime, &rstatus);
|
|
845
|
+
if (rstatus) goto err;
|
|
846
|
+
rev = (ASN1_TIME *)tmp;
|
|
844
847
|
}
|
|
845
848
|
|
|
846
849
|
tmp = rb_protect(add_status_convert_time, thisupd, &rstatus);
|
|
@@ -848,29 +851,29 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
|
|
|
848
851
|
ths = (ASN1_TIME *)tmp;
|
|
849
852
|
|
|
850
853
|
if (!NIL_P(nextupd)) {
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
|
|
854
|
+
tmp = rb_protect(add_status_convert_time, nextupd, &rstatus);
|
|
855
|
+
if (rstatus) goto err;
|
|
856
|
+
nxt = (ASN1_TIME *)tmp;
|
|
854
857
|
}
|
|
855
858
|
|
|
856
859
|
if(!(single = OCSP_basic_add1_status(bs, id, st, rsn, rev, ths, nxt))){
|
|
857
|
-
|
|
858
|
-
|
|
860
|
+
error = 1;
|
|
861
|
+
goto err;
|
|
859
862
|
}
|
|
860
863
|
|
|
861
864
|
if(!NIL_P(ext)){
|
|
862
|
-
|
|
863
|
-
|
|
864
|
-
|
|
865
|
-
|
|
866
|
-
|
|
867
|
-
|
|
868
|
-
|
|
869
|
-
|
|
870
|
-
|
|
865
|
+
X509_EXTENSION *x509ext;
|
|
866
|
+
|
|
867
|
+
for(i = 0; i < RARRAY_LEN(ext); i++){
|
|
868
|
+
x509ext = GetX509ExtPtr(RARRAY_AREF(ext, i));
|
|
869
|
+
if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
|
|
870
|
+
error = 1;
|
|
871
|
+
goto err;
|
|
872
|
+
}
|
|
873
|
+
}
|
|
871
874
|
}
|
|
872
875
|
|
|
873
|
-
|
|
876
|
+
err:
|
|
874
877
|
ASN1_TIME_free(ths);
|
|
875
878
|
ASN1_TIME_free(nxt);
|
|
876
879
|
ASN1_TIME_free(rev);
|
|
@@ -896,47 +899,40 @@ static VALUE
|
|
|
896
899
|
ossl_ocspbres_get_status(VALUE self)
|
|
897
900
|
{
|
|
898
901
|
OCSP_BASICRESP *bs;
|
|
899
|
-
OCSP_SINGLERESP *single;
|
|
900
|
-
OCSP_CERTID *cid;
|
|
901
|
-
ASN1_TIME *revtime, *thisupd, *nextupd;
|
|
902
|
-
int status, reason;
|
|
903
|
-
VALUE ret, ary, ext;
|
|
904
|
-
int count, ext_count, i, j;
|
|
905
902
|
|
|
906
903
|
GetOCSPBasicRes(self, bs);
|
|
907
|
-
ret = rb_ary_new();
|
|
908
|
-
count = OCSP_resp_count(bs);
|
|
909
|
-
for(i = 0; i < count; i++){
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
|
|
914
|
-
|
|
915
|
-
|
|
916
|
-
|
|
917
|
-
|
|
918
|
-
|
|
919
|
-
|
|
920
|
-
|
|
921
|
-
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
|
|
928
|
-
|
|
929
|
-
|
|
930
|
-
|
|
931
|
-
|
|
932
|
-
|
|
933
|
-
rb_ary_push(ret, ary);
|
|
904
|
+
VALUE ret = rb_ary_new();
|
|
905
|
+
int count = OCSP_resp_count(bs);
|
|
906
|
+
for (int i = 0; i < count; i++) {
|
|
907
|
+
OCSP_SINGLERESP *single = OCSP_resp_get0(bs, i);
|
|
908
|
+
ASN1_TIME *revtime, *thisupd, *nextupd;
|
|
909
|
+
int reason;
|
|
910
|
+
|
|
911
|
+
int status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd);
|
|
912
|
+
if (status < 0)
|
|
913
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
914
|
+
|
|
915
|
+
VALUE ary = rb_ary_new();
|
|
916
|
+
rb_ary_push(ary, ossl_ocspcid_new(OCSP_SINGLERESP_get0_id(single)));
|
|
917
|
+
rb_ary_push(ary, INT2NUM(status));
|
|
918
|
+
rb_ary_push(ary, INT2NUM(reason));
|
|
919
|
+
rb_ary_push(ary, revtime ? asn1time_to_time(revtime) : Qnil);
|
|
920
|
+
rb_ary_push(ary, thisupd ? asn1time_to_time(thisupd) : Qnil);
|
|
921
|
+
rb_ary_push(ary, nextupd ? asn1time_to_time(nextupd) : Qnil);
|
|
922
|
+
VALUE ext = rb_ary_new();
|
|
923
|
+
int ext_count = OCSP_SINGLERESP_get_ext_count(single);
|
|
924
|
+
for (int j = 0; j < ext_count; j++) {
|
|
925
|
+
X509_EXTENSION *x509ext = OCSP_SINGLERESP_get_ext(single, j);
|
|
926
|
+
rb_ary_push(ext, ossl_x509ext_new(x509ext));
|
|
927
|
+
}
|
|
928
|
+
rb_ary_push(ary, ext);
|
|
929
|
+
rb_ary_push(ret, ary);
|
|
934
930
|
}
|
|
935
931
|
|
|
936
932
|
return ret;
|
|
937
933
|
}
|
|
938
934
|
|
|
939
|
-
static VALUE ossl_ocspsres_new(OCSP_SINGLERESP *);
|
|
935
|
+
static VALUE ossl_ocspsres_new(const OCSP_SINGLERESP *);
|
|
940
936
|
|
|
941
937
|
/*
|
|
942
938
|
* call-seq:
|
|
@@ -954,17 +950,10 @@ ossl_ocspbres_get_responses(VALUE self)
|
|
|
954
950
|
|
|
955
951
|
GetOCSPBasicRes(self, bs);
|
|
956
952
|
count = OCSP_resp_count(bs);
|
|
957
|
-
ret =
|
|
953
|
+
ret = rb_ary_new_capa(count);
|
|
958
954
|
|
|
959
955
|
for (i = 0; i < count; i++) {
|
|
960
|
-
|
|
961
|
-
|
|
962
|
-
sres = OCSP_resp_get0(bs, i);
|
|
963
|
-
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
|
|
964
|
-
if (!sres_new)
|
|
965
|
-
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
966
|
-
|
|
967
|
-
rb_ary_push(ret, ossl_ocspsres_new(sres_new));
|
|
956
|
+
rb_ary_push(ret, ossl_ocspsres_new(OCSP_resp_get0(bs, i)));
|
|
968
957
|
}
|
|
969
958
|
|
|
970
959
|
return ret;
|
|
@@ -982,7 +971,6 @@ static VALUE
|
|
|
982
971
|
ossl_ocspbres_find_response(VALUE self, VALUE target)
|
|
983
972
|
{
|
|
984
973
|
OCSP_BASICRESP *bs;
|
|
985
|
-
OCSP_SINGLERESP *sres, *sres_new;
|
|
986
974
|
OCSP_CERTID *id;
|
|
987
975
|
int n;
|
|
988
976
|
|
|
@@ -990,14 +978,8 @@ ossl_ocspbres_find_response(VALUE self, VALUE target)
|
|
|
990
978
|
GetOCSPBasicRes(self, bs);
|
|
991
979
|
|
|
992
980
|
if ((n = OCSP_resp_find(bs, id, -1)) == -1)
|
|
993
|
-
|
|
994
|
-
|
|
995
|
-
sres = OCSP_resp_get0(bs, n);
|
|
996
|
-
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
|
|
997
|
-
if (!sres_new)
|
|
998
|
-
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
999
|
-
|
|
1000
|
-
return ossl_ocspsres_new(sres_new);
|
|
981
|
+
return Qnil;
|
|
982
|
+
return ossl_ocspsres_new(OCSP_resp_get0(bs, n));
|
|
1001
983
|
}
|
|
1002
984
|
|
|
1003
985
|
/*
|
|
@@ -1016,7 +998,7 @@ ossl_ocspbres_find_response(VALUE self, VALUE target)
|
|
|
1016
998
|
static VALUE
|
|
1017
999
|
ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
|
|
1018
1000
|
{
|
|
1019
|
-
VALUE signer_cert, signer_key, certs, flags, digest;
|
|
1001
|
+
VALUE signer_cert, signer_key, certs, flags, digest, md_holder;
|
|
1020
1002
|
OCSP_BASICRESP *bs;
|
|
1021
1003
|
X509 *signer;
|
|
1022
1004
|
EVP_PKEY *key;
|
|
@@ -1030,19 +1012,17 @@ ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
|
|
|
1030
1012
|
signer = GetX509CertPtr(signer_cert);
|
|
1031
1013
|
key = GetPrivPKeyPtr(signer_key);
|
|
1032
1014
|
if (!NIL_P(flags))
|
|
1033
|
-
|
|
1034
|
-
|
|
1035
|
-
md = NULL;
|
|
1036
|
-
else
|
|
1037
|
-
md = ossl_evp_get_digestbyname(digest);
|
|
1015
|
+
flg = NUM2INT(flags);
|
|
1016
|
+
md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
|
|
1038
1017
|
if (NIL_P(certs))
|
|
1039
|
-
|
|
1018
|
+
flg |= OCSP_NOCERTS;
|
|
1040
1019
|
else
|
|
1041
|
-
|
|
1020
|
+
x509s = ossl_x509_ary2sk(certs);
|
|
1042
1021
|
|
|
1043
1022
|
ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
|
|
1044
1023
|
sk_X509_pop_free(x509s, X509_free);
|
|
1045
|
-
if (!ret)
|
|
1024
|
+
if (!ret)
|
|
1025
|
+
ossl_raise(eOCSPError, "OCSP_basic_sign");
|
|
1046
1026
|
|
|
1047
1027
|
return self;
|
|
1048
1028
|
}
|
|
@@ -1071,7 +1051,7 @@ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
|
|
|
1071
1051
|
result = OCSP_basic_verify(bs, x509s, x509st, flg);
|
|
1072
1052
|
sk_X509_pop_free(x509s, X509_free);
|
|
1073
1053
|
if (result <= 0)
|
|
1074
|
-
|
|
1054
|
+
ossl_clear_error();
|
|
1075
1055
|
|
|
1076
1056
|
return result > 0 ? Qtrue : Qfalse;
|
|
1077
1057
|
}
|
|
@@ -1092,11 +1072,11 @@ ossl_ocspbres_to_der(VALUE self)
|
|
|
1092
1072
|
|
|
1093
1073
|
GetOCSPBasicRes(self, res);
|
|
1094
1074
|
if ((len = i2d_OCSP_BASICRESP(res, NULL)) <= 0)
|
|
1095
|
-
|
|
1075
|
+
ossl_raise(eOCSPError, NULL);
|
|
1096
1076
|
str = rb_str_new(0, len);
|
|
1097
1077
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
1098
1078
|
if (i2d_OCSP_BASICRESP(res, &p) <= 0)
|
|
1099
|
-
|
|
1079
|
+
ossl_raise(eOCSPError, NULL);
|
|
1100
1080
|
ossl_str_adjust(str, p);
|
|
1101
1081
|
|
|
1102
1082
|
return str;
|
|
@@ -1106,12 +1086,18 @@ ossl_ocspbres_to_der(VALUE self)
|
|
|
1106
1086
|
* OCSP::SingleResponse
|
|
1107
1087
|
*/
|
|
1108
1088
|
static VALUE
|
|
1109
|
-
ossl_ocspsres_new(OCSP_SINGLERESP *sres)
|
|
1089
|
+
ossl_ocspsres_new(const OCSP_SINGLERESP *sres)
|
|
1110
1090
|
{
|
|
1111
1091
|
VALUE obj;
|
|
1092
|
+
OCSP_SINGLERESP *sres_new;
|
|
1112
1093
|
|
|
1113
1094
|
obj = NewOCSPSingleRes(cOCSPSingleRes);
|
|
1114
|
-
|
|
1095
|
+
/* OpenSSL 1.1.1 takes a non-const pointer */
|
|
1096
|
+
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP),
|
|
1097
|
+
(OCSP_SINGLERESP *)sres);
|
|
1098
|
+
if (!sres_new)
|
|
1099
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
1100
|
+
SetOCSPSingleRes(obj, sres_new);
|
|
1115
1101
|
|
|
1116
1102
|
return obj;
|
|
1117
1103
|
}
|
|
@@ -1124,7 +1110,7 @@ ossl_ocspsres_alloc(VALUE klass)
|
|
|
1124
1110
|
|
|
1125
1111
|
obj = NewOCSPSingleRes(klass);
|
|
1126
1112
|
if (!(sres = OCSP_SINGLERESP_new()))
|
|
1127
|
-
|
|
1113
|
+
ossl_raise(eOCSPError, NULL);
|
|
1128
1114
|
SetOCSPSingleRes(obj, sres);
|
|
1129
1115
|
|
|
1130
1116
|
return obj;
|
|
@@ -1149,13 +1135,14 @@ ossl_ocspsres_initialize(VALUE self, VALUE arg)
|
|
|
1149
1135
|
p = (unsigned char*)RSTRING_PTR(arg);
|
|
1150
1136
|
res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg));
|
|
1151
1137
|
if (!res_new)
|
|
1152
|
-
|
|
1138
|
+
ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP");
|
|
1153
1139
|
SetOCSPSingleRes(self, res_new);
|
|
1154
1140
|
OCSP_SINGLERESP_free(res);
|
|
1155
1141
|
|
|
1156
1142
|
return self;
|
|
1157
1143
|
}
|
|
1158
1144
|
|
|
1145
|
+
/* :nodoc: */
|
|
1159
1146
|
static VALUE
|
|
1160
1147
|
ossl_ocspsres_initialize_copy(VALUE self, VALUE other)
|
|
1161
1148
|
{
|
|
@@ -1167,7 +1154,7 @@ ossl_ocspsres_initialize_copy(VALUE self, VALUE other)
|
|
|
1167
1154
|
|
|
1168
1155
|
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
|
|
1169
1156
|
if (!sres_new)
|
|
1170
|
-
|
|
1157
|
+
ossl_raise(eOCSPError, "ASN1_item_dup");
|
|
1171
1158
|
|
|
1172
1159
|
SetOCSPSingleRes(self, sres_new);
|
|
1173
1160
|
OCSP_SINGLERESP_free(sres_old);
|
|
@@ -1206,15 +1193,15 @@ ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self)
|
|
|
1206
1193
|
GetOCSPSingleRes(self, sres);
|
|
1207
1194
|
status = OCSP_single_get0_status(sres, NULL, NULL, &this_update, &next_update);
|
|
1208
1195
|
if (status < 0)
|
|
1209
|
-
|
|
1196
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1210
1197
|
|
|
1211
1198
|
ret = OCSP_check_validity(this_update, next_update, nsec, maxsec);
|
|
1212
1199
|
|
|
1213
1200
|
if (ret)
|
|
1214
|
-
|
|
1201
|
+
return Qtrue;
|
|
1215
1202
|
else {
|
|
1216
|
-
|
|
1217
|
-
|
|
1203
|
+
ossl_clear_error();
|
|
1204
|
+
return Qfalse;
|
|
1218
1205
|
}
|
|
1219
1206
|
}
|
|
1220
1207
|
|
|
@@ -1228,12 +1215,9 @@ static VALUE
|
|
|
1228
1215
|
ossl_ocspsres_get_certid(VALUE self)
|
|
1229
1216
|
{
|
|
1230
1217
|
OCSP_SINGLERESP *sres;
|
|
1231
|
-
OCSP_CERTID *id;
|
|
1232
1218
|
|
|
1233
1219
|
GetOCSPSingleRes(self, sres);
|
|
1234
|
-
|
|
1235
|
-
|
|
1236
|
-
return ossl_ocspcertid_new(id);
|
|
1220
|
+
return ossl_ocspcid_new(OCSP_SINGLERESP_get0_id(sres));
|
|
1237
1221
|
}
|
|
1238
1222
|
|
|
1239
1223
|
/*
|
|
@@ -1259,7 +1243,7 @@ ossl_ocspsres_get_cert_status(VALUE self)
|
|
|
1259
1243
|
GetOCSPSingleRes(self, sres);
|
|
1260
1244
|
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, NULL);
|
|
1261
1245
|
if (status < 0)
|
|
1262
|
-
|
|
1246
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1263
1247
|
|
|
1264
1248
|
return INT2NUM(status);
|
|
1265
1249
|
}
|
|
@@ -1278,9 +1262,9 @@ ossl_ocspsres_get_this_update(VALUE self)
|
|
|
1278
1262
|
GetOCSPSingleRes(self, sres);
|
|
1279
1263
|
status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL);
|
|
1280
1264
|
if (status < 0)
|
|
1281
|
-
|
|
1265
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1282
1266
|
if (!time)
|
|
1283
|
-
|
|
1267
|
+
return Qnil;
|
|
1284
1268
|
|
|
1285
1269
|
return asn1time_to_time(time);
|
|
1286
1270
|
}
|
|
@@ -1299,9 +1283,9 @@ ossl_ocspsres_get_next_update(VALUE self)
|
|
|
1299
1283
|
GetOCSPSingleRes(self, sres);
|
|
1300
1284
|
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time);
|
|
1301
1285
|
if (status < 0)
|
|
1302
|
-
|
|
1286
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1303
1287
|
if (!time)
|
|
1304
|
-
|
|
1288
|
+
return Qnil;
|
|
1305
1289
|
|
|
1306
1290
|
return asn1time_to_time(time);
|
|
1307
1291
|
}
|
|
@@ -1320,11 +1304,11 @@ ossl_ocspsres_get_revocation_time(VALUE self)
|
|
|
1320
1304
|
GetOCSPSingleRes(self, sres);
|
|
1321
1305
|
status = OCSP_single_get0_status(sres, NULL, &time, NULL, NULL);
|
|
1322
1306
|
if (status < 0)
|
|
1323
|
-
|
|
1307
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1324
1308
|
if (status != V_OCSP_CERTSTATUS_REVOKED)
|
|
1325
|
-
|
|
1309
|
+
ossl_raise(eOCSPError, "certificate is not revoked");
|
|
1326
1310
|
if (!time)
|
|
1327
|
-
|
|
1311
|
+
return Qnil;
|
|
1328
1312
|
|
|
1329
1313
|
return asn1time_to_time(time);
|
|
1330
1314
|
}
|
|
@@ -1342,9 +1326,9 @@ ossl_ocspsres_get_revocation_reason(VALUE self)
|
|
|
1342
1326
|
GetOCSPSingleRes(self, sres);
|
|
1343
1327
|
status = OCSP_single_get0_status(sres, &reason, NULL, NULL, NULL);
|
|
1344
1328
|
if (status < 0)
|
|
1345
|
-
|
|
1329
|
+
ossl_raise(eOCSPError, "OCSP_single_get0_status");
|
|
1346
1330
|
if (status != V_OCSP_CERTSTATUS_REVOKED)
|
|
1347
|
-
|
|
1331
|
+
ossl_raise(eOCSPError, "certificate is not revoked");
|
|
1348
1332
|
|
|
1349
1333
|
return INT2NUM(reason);
|
|
1350
1334
|
}
|
|
@@ -1357,6 +1341,7 @@ static VALUE
|
|
|
1357
1341
|
ossl_ocspsres_get_extensions(VALUE self)
|
|
1358
1342
|
{
|
|
1359
1343
|
OCSP_SINGLERESP *sres;
|
|
1344
|
+
X509_EXTENSION *ext;
|
|
1360
1345
|
int count, i;
|
|
1361
1346
|
VALUE ary;
|
|
1362
1347
|
|
|
@@ -1365,8 +1350,8 @@ ossl_ocspsres_get_extensions(VALUE self)
|
|
|
1365
1350
|
count = OCSP_SINGLERESP_get_ext_count(sres);
|
|
1366
1351
|
ary = rb_ary_new2(count);
|
|
1367
1352
|
for (i = 0; i < count; i++) {
|
|
1368
|
-
|
|
1369
|
-
|
|
1353
|
+
ext = OCSP_SINGLERESP_get_ext(sres, i);
|
|
1354
|
+
rb_ary_push(ary, ossl_x509ext_new(ext)); /* will dup */
|
|
1370
1355
|
}
|
|
1371
1356
|
|
|
1372
1357
|
return ary;
|
|
@@ -1388,11 +1373,11 @@ ossl_ocspsres_to_der(VALUE self)
|
|
|
1388
1373
|
|
|
1389
1374
|
GetOCSPSingleRes(self, sres);
|
|
1390
1375
|
if ((len = i2d_OCSP_SINGLERESP(sres, NULL)) <= 0)
|
|
1391
|
-
|
|
1376
|
+
ossl_raise(eOCSPError, NULL);
|
|
1392
1377
|
str = rb_str_new(0, len);
|
|
1393
1378
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
1394
1379
|
if (i2d_OCSP_SINGLERESP(sres, &p) <= 0)
|
|
1395
|
-
|
|
1380
|
+
ossl_raise(eOCSPError, NULL);
|
|
1396
1381
|
ossl_str_adjust(str, p);
|
|
1397
1382
|
|
|
1398
1383
|
return str;
|
|
@@ -1410,12 +1395,13 @@ ossl_ocspcid_alloc(VALUE klass)
|
|
|
1410
1395
|
|
|
1411
1396
|
obj = NewOCSPCertId(klass);
|
|
1412
1397
|
if(!(id = OCSP_CERTID_new()))
|
|
1413
|
-
|
|
1398
|
+
ossl_raise(eOCSPError, NULL);
|
|
1414
1399
|
SetOCSPCertId(obj, id);
|
|
1415
1400
|
|
|
1416
1401
|
return obj;
|
|
1417
1402
|
}
|
|
1418
1403
|
|
|
1404
|
+
/* :nodoc: */
|
|
1419
1405
|
static VALUE
|
|
1420
1406
|
ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
|
|
1421
1407
|
{
|
|
@@ -1427,7 +1413,7 @@ ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
|
|
|
1427
1413
|
|
|
1428
1414
|
cid_new = OCSP_CERTID_dup(cid);
|
|
1429
1415
|
if (!cid_new)
|
|
1430
|
-
|
|
1416
|
+
ossl_raise(eOCSPError, "OCSP_CERTID_dup");
|
|
1431
1417
|
|
|
1432
1418
|
SetOCSPCertId(self, cid_new);
|
|
1433
1419
|
OCSP_CERTID_free(cid_old);
|
|
@@ -1457,27 +1443,28 @@ ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
|
|
|
1457
1443
|
|
|
1458
1444
|
GetOCSPCertId(self, id);
|
|
1459
1445
|
if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
|
|
1460
|
-
|
|
1461
|
-
|
|
1462
|
-
|
|
1463
|
-
|
|
1464
|
-
|
|
1465
|
-
|
|
1466
|
-
|
|
1467
|
-
|
|
1468
|
-
|
|
1446
|
+
VALUE arg;
|
|
1447
|
+
const unsigned char *p;
|
|
1448
|
+
|
|
1449
|
+
arg = ossl_to_der_if_possible(subject);
|
|
1450
|
+
StringValue(arg);
|
|
1451
|
+
p = (unsigned char *)RSTRING_PTR(arg);
|
|
1452
|
+
newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
|
|
1453
|
+
if (!newid)
|
|
1454
|
+
ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
|
|
1469
1455
|
}
|
|
1470
1456
|
else {
|
|
1471
|
-
|
|
1472
|
-
|
|
1457
|
+
X509 *x509s, *x509i;
|
|
1458
|
+
const EVP_MD *md;
|
|
1459
|
+
VALUE md_holder;
|
|
1473
1460
|
|
|
1474
|
-
|
|
1475
|
-
|
|
1476
|
-
|
|
1461
|
+
x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
|
|
1462
|
+
x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
|
|
1463
|
+
md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
|
|
1477
1464
|
|
|
1478
|
-
|
|
1479
|
-
|
|
1480
|
-
|
|
1465
|
+
newid = OCSP_cert_to_id(md, x509s, x509i);
|
|
1466
|
+
if (!newid)
|
|
1467
|
+
ossl_raise(eOCSPError, "OCSP_cert_to_id");
|
|
1481
1468
|
}
|
|
1482
1469
|
|
|
1483
1470
|
SetOCSPCertId(self, newid);
|
|
@@ -1606,19 +1593,10 @@ ossl_ocspcid_get_hash_algorithm(VALUE self)
|
|
|
1606
1593
|
{
|
|
1607
1594
|
OCSP_CERTID *id;
|
|
1608
1595
|
ASN1_OBJECT *oid;
|
|
1609
|
-
BIO *out;
|
|
1610
1596
|
|
|
1611
1597
|
GetOCSPCertId(self, id);
|
|
1612
1598
|
OCSP_id_get0_info(NULL, &oid, NULL, NULL, id);
|
|
1613
|
-
|
|
1614
|
-
if (!(out = BIO_new(BIO_s_mem())))
|
|
1615
|
-
ossl_raise(eOCSPError, "BIO_new");
|
|
1616
|
-
|
|
1617
|
-
if (!i2a_ASN1_OBJECT(out, oid)) {
|
|
1618
|
-
BIO_free(out);
|
|
1619
|
-
ossl_raise(eOCSPError, "i2a_ASN1_OBJECT");
|
|
1620
|
-
}
|
|
1621
|
-
return ossl_membio2str(out);
|
|
1599
|
+
return ossl_asn1obj_to_string_long_name(oid);
|
|
1622
1600
|
}
|
|
1623
1601
|
|
|
1624
1602
|
/*
|
|
@@ -1637,11 +1615,11 @@ ossl_ocspcid_to_der(VALUE self)
|
|
|
1637
1615
|
|
|
1638
1616
|
GetOCSPCertId(self, id);
|
|
1639
1617
|
if ((len = i2d_OCSP_CERTID(id, NULL)) <= 0)
|
|
1640
|
-
|
|
1618
|
+
ossl_raise(eOCSPError, NULL);
|
|
1641
1619
|
str = rb_str_new(0, len);
|
|
1642
1620
|
p = (unsigned char *)RSTRING_PTR(str);
|
|
1643
1621
|
if (i2d_OCSP_CERTID(id, &p) <= 0)
|
|
1644
|
-
|
|
1622
|
+
ossl_raise(eOCSPError, NULL);
|
|
1645
1623
|
ossl_str_adjust(str, p);
|
|
1646
1624
|
|
|
1647
1625
|
return str;
|
|
@@ -1650,11 +1628,6 @@ ossl_ocspcid_to_der(VALUE self)
|
|
|
1650
1628
|
void
|
|
1651
1629
|
Init_ossl_ocsp(void)
|
|
1652
1630
|
{
|
|
1653
|
-
#if 0
|
|
1654
|
-
mOSSL = rb_define_module("OpenSSL");
|
|
1655
|
-
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
|
1656
|
-
#endif
|
|
1657
|
-
|
|
1658
1631
|
/*
|
|
1659
1632
|
* OpenSSL::OCSP implements Online Certificate Status Protocol requests
|
|
1660
1633
|
* and responses.
|