openssl 3.3.3 → 4.0.0

data/ext/openssl/ossl_x509crl.c

@@ -13,14 +13,14 @@
     TypedData_Wrap_Struct((klass), &ossl_x509crl_type, 0)
 #define SetX509CRL(obj, crl) do { \
     if (!(crl)) { \
-	ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
     } \
     RTYPEDDATA_DATA(obj) = (crl); \
 } while (0)
 #define GetX509CRL(obj, crl) do { \
     TypedData_Get_Struct((obj), X509_CRL, &ossl_x509crl_type, (crl)); \
     if (!(crl)) { \
-	ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "CRL wasn't initialized!"); \
     } \
 } while (0)
 
@@ -39,7 +39,7 @@ ossl_x509crl_free(void *ptr)
 static const rb_data_type_t ossl_x509crl_type = {
     "OpenSSL/X509/CRL",
     {
-	0, ossl_x509crl_free,
+        0, ossl_x509crl_free,
     },
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
 };
@@ -58,15 +58,15 @@ GetX509CRLPtr(VALUE obj)
 }
 
 VALUE
-ossl_x509crl_new(const X509_CRL *crl)
+ossl_x509crl_new(X509_CRL *crl)
 {
     X509_CRL *tmp;
     VALUE obj;
 
     obj = NewX509CRL(cX509CRL);
-    /* OpenSSL 1.1.1 takes a non-const pointer */
-    tmp = crl ? X509_CRL_dup((X509_CRL *)crl) : X509_CRL_new();
-    if(!tmp) ossl_raise(eX509CRLError, NULL);
+    tmp = X509_CRL_dup(crl);
+    if (!tmp)
+        ossl_raise(eX509CRLError, "X509_CRL_dup");
     SetX509CRL(obj, tmp);
 
     return obj;
@@ -83,7 +83,7 @@ ossl_x509crl_alloc(VALUE klass)
 
     obj = NewX509CRL(klass);
     if (!(crl = X509_CRL_new())) {
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
     SetX509CRL(obj, crl);
 
@@ -99,7 +99,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
 
     rb_check_frozen(self);
     if (rb_scan_args(argc, argv, "01", &arg) == 0) {
-	return self;
+        return self;
     }
     arg = ossl_to_der_if_possible(arg);
     in = ossl_obj2bio(&arg);
@@ -118,6 +118,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
 
+/* :nodoc: */
 static VALUE
 ossl_x509crl_copy(VALUE self, VALUE other)
 {
@@ -128,7 +129,7 @@ ossl_x509crl_copy(VALUE self, VALUE other)
     GetX509CRL(self, a);
     GetX509CRL(other, b);
     if (!(crl = X509_CRL_dup(b))) {
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
     X509_CRL_free(a);
     DATA_PTR(self) = crl;
@@ -155,34 +156,36 @@ ossl_x509crl_set_version(VALUE self, VALUE version)
     long ver;
 
     if ((ver = NUM2LONG(version)) < 0) {
-	ossl_raise(eX509CRLError, "version must be >= 0!");
+        ossl_raise(eX509CRLError, "version must be >= 0!");
     }
     GetX509CRL(self, crl);
     if (!X509_CRL_set_version(crl, ver)) {
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
 
     return version;
 }
 
+/*
+ * call-seq:
+ *    crl.signature_algorithm -> string
+ *
+ * Returns the signature algorithm used to sign this CRL.
+ *
+ * Returns the long name of the signature algorithm, or the dotted decimal
+ * notation if \OpenSSL does not define a long name for it.
+ */
 static VALUE
 ossl_x509crl_get_signature_algorithm(VALUE self)
 {
     X509_CRL *crl;
     const X509_ALGOR *alg;
-    BIO *out;
+    const ASN1_OBJECT *obj;
 
     GetX509CRL(self, crl);
-    if (!(out = BIO_new(BIO_s_mem()))) {
-	ossl_raise(eX509CRLError, NULL);
-    }
     X509_CRL_get0_signature(crl, NULL, &alg);
-    if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
-	BIO_free(out);
-	ossl_raise(eX509CRLError, NULL);
-    }
-
-    return ossl_membio2str(out);
+    X509_ALGOR_get0(&obj, NULL, NULL, alg);
+    return ossl_asn1obj_to_string_long_name(obj);
 }
 
 static VALUE
@@ -203,7 +206,7 @@ ossl_x509crl_set_issuer(VALUE self, VALUE issuer)
     GetX509CRL(self, crl);
 
     if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
     return issuer;
 }
@@ -217,7 +220,7 @@ ossl_x509crl_get_last_update(VALUE self)
     GetX509CRL(self, crl);
     time = X509_CRL_get0_lastUpdate(crl);
     if (!time)
-	return Qnil;
+        return Qnil;
 
     return asn1time_to_time(time);
 }
@@ -231,8 +234,8 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
-	ASN1_TIME_free(asn1time);
-	ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
+        ASN1_TIME_free(asn1time);
+        ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
     }
     ASN1_TIME_free(asn1time);
 
@@ -248,7 +251,7 @@ ossl_x509crl_get_next_update(VALUE self)
     GetX509CRL(self, crl);
     time = X509_CRL_get0_nextUpdate(crl);
     if (!time)
-	return Qnil;
+        return Qnil;
 
     return asn1time_to_time(time);
 }
@@ -262,8 +265,8 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time)
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
-	ASN1_TIME_free(asn1time);
-	ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
+        ASN1_TIME_free(asn1time);
+        ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
     }
     ASN1_TIME_free(asn1time);
 
@@ -275,21 +278,19 @@ ossl_x509crl_get_revoked(VALUE self)
 {
     X509_CRL *crl;
     int i, num;
-    const X509_REVOKED *rev;
-    VALUE ary, revoked;
+    STACK_OF(X509_REVOKED) *sk;
+    VALUE ary;
 
     GetX509CRL(self, crl);
-    num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
-    if (num < 0) {
-	OSSL_Debug("num < 0???");
-	return rb_ary_new();
-    }
-    ary = rb_ary_new2(num);
+    sk = X509_CRL_get_REVOKED(crl);
+    if (!sk)
+        return rb_ary_new();
+
+    num = sk_X509_REVOKED_num(sk);
+    ary = rb_ary_new_capa(num);
     for(i=0; i<num; i++) {
-	/* NO DUP - don't free! */
-	rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-	revoked = ossl_x509revoked_new(rev);
-	rb_ary_push(ary, revoked);
+        X509_REVOKED *rev = sk_X509_REVOKED_value(sk, i);
+        rb_ary_push(ary, ossl_x509revoked_new(rev));
     }
 
     return ary;
@@ -306,19 +307,19 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Revoked */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
+        OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
     }
     GetX509CRL(self, crl);
     if ((sk = X509_CRL_get_REVOKED(crl))) {
-	while ((rev = sk_X509_REVOKED_pop(sk)))
-	    X509_REVOKED_free(rev);
+        while ((rev = sk_X509_REVOKED_pop(sk)))
+            X509_REVOKED_free(rev);
     }
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
-	if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
-	    X509_REVOKED_free(rev);
-	    ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
-	}
+        rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
+        if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
+            X509_REVOKED_free(rev);
+            ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
+        }
     }
     X509_CRL_sort(crl);
 
@@ -334,8 +335,8 @@ ossl_x509crl_add_revoked(VALUE self, VALUE revoked)
     GetX509CRL(self, crl);
     rev = DupX509RevokedPtr(revoked);
     if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
-	X509_REVOKED_free(rev);
-	ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
+        X509_REVOKED_free(rev);
+        ossl_raise(eX509CRLError, "X509_CRL_add0_revoked");
     }
     X509_CRL_sort(crl);
 
@@ -348,17 +349,14 @@ ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest)
     X509_CRL *crl;
     EVP_PKEY *pkey;
     const EVP_MD *md;
+    VALUE md_holder;
 
     GetX509CRL(self, crl);
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
-    if (NIL_P(digest)) {
-	md = NULL; /* needed for some key types, e.g. Ed25519 */
-    } else {
-	md = ossl_evp_get_digestbyname(digest);
-    }
-    if (!X509_CRL_sign(crl, pkey, md)) {
-	ossl_raise(eX509CRLError, NULL);
-    }
+    /* NULL needed for some key types, e.g. Ed25519 */
+    md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);
+    if (!X509_CRL_sign(crl, pkey, md))
+        ossl_raise(eX509CRLError, "X509_CRL_sign");
 
     return self;
 }
@@ -374,12 +372,12 @@ ossl_x509crl_verify(VALUE self, VALUE key)
     ossl_pkey_check_public_key(pkey);
     switch (X509_CRL_verify(crl, pkey)) {
       case 1:
-	return Qtrue;
+        return Qtrue;
       case 0:
-	ossl_clear_error();
-	return Qfalse;
+        ossl_clear_error();
+        return Qfalse;
       default:
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
 }
 
@@ -391,11 +389,11 @@ ossl_x509crl_to_der(VALUE self)
 
     GetX509CRL(self, crl);
     if (!(out = BIO_new(BIO_s_mem()))) {
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
     if (!i2d_X509_CRL_bio(out, crl)) {
-	BIO_free(out);
-	ossl_raise(eX509CRLError, NULL);
+        BIO_free(out);
+        ossl_raise(eX509CRLError, NULL);
     }
 
     return ossl_membio2str(out);
@@ -409,11 +407,11 @@ ossl_x509crl_to_pem(VALUE self)
 
     GetX509CRL(self, crl);
     if (!(out = BIO_new(BIO_s_mem()))) {
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
     if (!PEM_write_bio_X509_CRL(out, crl)) {
-	BIO_free(out);
-	ossl_raise(eX509CRLError, NULL);
+        BIO_free(out);
+        ossl_raise(eX509CRLError, NULL);
     }
 
     return ossl_membio2str(out);
@@ -427,11 +425,11 @@ ossl_x509crl_to_text(VALUE self)
 
     GetX509CRL(self, crl);
     if (!(out = BIO_new(BIO_s_mem()))) {
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
     if (!X509_CRL_print(out, crl)) {
-	BIO_free(out);
-	ossl_raise(eX509CRLError, NULL);
+        BIO_free(out);
+        ossl_raise(eX509CRLError, NULL);
     }
 
     return ossl_membio2str(out);
@@ -445,18 +443,15 @@ ossl_x509crl_get_extensions(VALUE self)
 {
     X509_CRL *crl;
     int count, i;
+    X509_EXTENSION *ext;
     VALUE ary;
 
     GetX509CRL(self, crl);
     count = X509_CRL_get_ext_count(crl);
-    if (count < 0) {
-	OSSL_Debug("count < 0???");
-	return rb_ary_new();
-    }
-    ary = rb_ary_new2(count);
+    ary = rb_ary_new_capa(count);
     for (i=0; i<count; i++) {
-	const X509_EXTENSION *ext = X509_CRL_get_ext(crl, i);
-	rb_ary_push(ary, ossl_x509ext_new(ext));
+        ext = X509_CRL_get_ext(crl, i); /* NO DUP - don't free! */
+        rb_ary_push(ary, ossl_x509ext_new(ext));
     }
 
     return ary;
@@ -475,16 +470,16 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Extensions */
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
+        OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509CRL(self, crl);
     for (i = X509_CRL_get_ext_count(crl); i > 0; i--)
         X509_EXTENSION_free(X509_CRL_delete_ext(crl, 0));
     for (i=0; i<RARRAY_LEN(ary); i++) {
-	ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
-	if (!X509_CRL_add_ext(crl, ext, -1)) {
-	    ossl_raise(eX509CRLError, "X509_CRL_add_ext");
-	}
+        ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
+        if (!X509_CRL_add_ext(crl, ext, -1)) {
+            ossl_raise(eX509CRLError, "X509_CRL_add_ext");
+        }
     }
 
     return ary;
@@ -499,7 +494,7 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
     GetX509CRL(self, crl);
     ext = GetX509ExtPtr(extension);
     if (!X509_CRL_add_ext(crl, ext, -1)) {
-	ossl_raise(eX509CRLError, NULL);
+        ossl_raise(eX509CRLError, NULL);
     }
 
     return extension;
@@ -511,12 +506,6 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
 void
 Init_ossl_x509crl(void)
 {
-#if 0
-    mOSSL = rb_define_module("OpenSSL");
-    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
-    mX509 = rb_define_module_under(mOSSL, "X509");
-#endif
-
     eX509CRLError = rb_define_class_under(mX509, "CRLError", eOSSLError);
 
     cX509CRL = rb_define_class_under(mX509, "CRL", rb_cObject);

data/ext/openssl/ossl_x509ext.c

@@ -13,14 +13,14 @@
     TypedData_Wrap_Struct((klass), &ossl_x509ext_type, 0)
 #define SetX509Ext(obj, ext) do { \
     if (!(ext)) { \
-	ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \
     } \
     RTYPEDDATA_DATA(obj) = (ext); \
 } while (0)
 #define GetX509Ext(obj, ext) do { \
     TypedData_Get_Struct((obj), X509_EXTENSION, &ossl_x509ext_type, (ext)); \
     if (!(ext)) { \
-	ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "EXT wasn't initialized!"); \
     } \
 } while (0)
 #define MakeX509ExtFactory(klass, obj, ctx) do { \
@@ -33,7 +33,7 @@
 #define GetX509ExtFactory(obj, ctx) do { \
     TypedData_Get_Struct((obj), X509V3_CTX, &ossl_x509extfactory_type, (ctx)); \
     if (!(ctx)) { \
-	ossl_raise(rb_eRuntimeError, "CTX wasn't initialized!"); \
+        ossl_raise(rb_eRuntimeError, "CTX wasn't initialized!"); \
     } \
 } while (0)
 
@@ -53,7 +53,7 @@ ossl_x509ext_free(void *ptr)
 static const rb_data_type_t ossl_x509ext_type = {
     "OpenSSL/X509/EXTENSION",
     {
-	0, ossl_x509ext_free,
+        0, ossl_x509ext_free,
     },
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
 };
@@ -62,21 +62,15 @@ static const rb_data_type_t ossl_x509ext_type = {
  * Public
  */
 VALUE
-ossl_x509ext_new(const X509_EXTENSION *ext)
+ossl_x509ext_new(X509_EXTENSION *ext)
 {
     X509_EXTENSION *new;
     VALUE obj;
 
     obj = NewX509Ext(cX509Ext);
-    if (!ext) {
-	new = X509_EXTENSION_new();
-    } else {
-	/* OpenSSL 1.1.1 takes a non-const pointer */
-	new = X509_EXTENSION_dup((X509_EXTENSION *)ext);
-    }
-    if (!new) {
-	ossl_raise(eX509ExtError, NULL);
-    }
+    new = X509_EXTENSION_dup(ext);
+    if (!new)
+        ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
     SetX509Ext(obj, new);
 
     return obj;
@@ -107,7 +101,7 @@ ossl_x509extfactory_free(void *ctx)
 static const rb_data_type_t ossl_x509extfactory_type = {
     "OpenSSL/X509/EXTENSION/Factory",
     {
-	0, ossl_x509extfactory_free,
+        0, ossl_x509extfactory_free,
     },
     0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
 };
@@ -181,15 +175,15 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
     /*GetX509ExtFactory(self, ctx);*/
 
     rb_scan_args(argc, argv, "04",
-		 &issuer_cert, &subject_cert, &subject_req, &crl);
+                 &issuer_cert, &subject_cert, &subject_req, &crl);
     if (!NIL_P(issuer_cert))
-	ossl_x509extfactory_set_issuer_cert(self, issuer_cert);
+        ossl_x509extfactory_set_issuer_cert(self, issuer_cert);
     if (!NIL_P(subject_cert))
-	ossl_x509extfactory_set_subject_cert(self, subject_cert);
+        ossl_x509extfactory_set_subject_cert(self, subject_cert);
     if (!NIL_P(subject_req))
-	ossl_x509extfactory_set_subject_req(self, subject_req);
+        ossl_x509extfactory_set_subject_req(self, subject_req);
     if (!NIL_P(crl))
-	ossl_x509extfactory_set_crl(self, crl);
+        ossl_x509extfactory_set_crl(self, crl);
 
     return self;
 }
@@ -219,7 +213,7 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
     oid_cstr = StringValueCStr(oid);
     nid = OBJ_ln2nid(oid_cstr);
     if (nid != NID_undef)
-      oid_cstr = OBJ_nid2sn(nid);
+        oid_cstr = OBJ_nid2sn(nid);
 
     valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
     rb_str_append(valstr, value);
@@ -231,14 +225,10 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
     conf = NIL_P(rconf) ? NULL : GetConfig(rconf);
     X509V3_set_nconf(ctx, conf);
 
-#if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_IS_LIBRESSL
     ext = X509V3_EXT_nconf(conf, ctx, oid_cstr, RSTRING_PTR(valstr));
-#else
-    ext = X509V3_EXT_nconf(conf, ctx, (char *)oid_cstr, RSTRING_PTR(valstr));
-#endif
     X509V3_set_ctx_nodb(ctx);
     if (!ext){
-	ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
+        ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
     }
     SetX509Ext(obj, ext);
 
@@ -256,7 +246,7 @@ ossl_x509ext_alloc(VALUE klass)
 
     obj = NewX509Ext(klass);
     if(!(ext = X509_EXTENSION_new())){
-	ossl_raise(eX509ExtError, NULL);
+        ossl_raise(eX509ExtError, NULL);
     }
     SetX509Ext(obj, ext);
 
@@ -284,14 +274,14 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
 
     GetX509Ext(self, ext);
     if(rb_scan_args(argc, argv, "12", &oid, &value, &critical) == 1){
-	oid = ossl_to_der_if_possible(oid);
-	StringValue(oid);
-	p = (unsigned char *)RSTRING_PTR(oid);
-	x = d2i_X509_EXTENSION(&ext, &p, RSTRING_LEN(oid));
-	DATA_PTR(self) = ext;
-	if(!x)
-	    ossl_raise(eX509ExtError, NULL);
-	return self;
+        oid = ossl_to_der_if_possible(oid);
+        StringValue(oid);
+        p = (unsigned char *)RSTRING_PTR(oid);
+        x = d2i_X509_EXTENSION(&ext, &p, RSTRING_LEN(oid));
+        DATA_PTR(self) = ext;
+        if(!x)
+            ossl_raise(eX509ExtError, NULL);
+        return self;
     }
     rb_funcall(self, rb_intern("oid="), 1, oid);
     rb_funcall(self, rb_intern("value="), 1, value);
@@ -300,6 +290,7 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
     return self;
 }
 
+/* :nodoc: */
 static VALUE
 ossl_x509ext_initialize_copy(VALUE self, VALUE other)
 {
@@ -311,7 +302,7 @@ ossl_x509ext_initialize_copy(VALUE self, VALUE other)
 
     ext_new = X509_EXTENSION_dup(ext_other);
     if (!ext_new)
-	ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
+        ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
 
     SetX509Ext(self, ext_new);
     X509_EXTENSION_free(ext);
@@ -328,10 +319,10 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid)
     GetX509Ext(self, ext);
     obj = OBJ_txt2obj(StringValueCStr(oid), 0);
     if (!obj)
-	ossl_raise(eX509ExtError, "OBJ_txt2obj");
+        ossl_raise(eX509ExtError, "OBJ_txt2obj");
     if (!X509_EXTENSION_set_object(ext, obj)) {
-	ASN1_OBJECT_free(obj);
-	ossl_raise(eX509ExtError, "X509_EXTENSION_set_object");
+        ASN1_OBJECT_free(obj);
+        ossl_raise(eX509ExtError, "X509_EXTENSION_set_object");
     }
     ASN1_OBJECT_free(obj);
 
@@ -347,20 +338,12 @@ ossl_x509ext_set_value(VALUE self, VALUE data)
     GetX509Ext(self, ext);
     data = ossl_to_der_if_possible(data);
     StringValue(data);
+    asn1s = X509_EXTENSION_get_data(ext);
 
-    asn1s = ASN1_OCTET_STRING_new();
-    if (!asn1s)
-        ossl_raise(eX509ExtError, "ASN1_OCTET_STRING_new");
     if (!ASN1_OCTET_STRING_set(asn1s, (unsigned char *)RSTRING_PTR(data),
                                RSTRING_LENINT(data))) {
-        ASN1_OCTET_STRING_free(asn1s);
         ossl_raise(eX509ExtError, "ASN1_OCTET_STRING_set");
     }
-    if (!X509_EXTENSION_set_data(ext, asn1s)) {
-        ASN1_OCTET_STRING_free(asn1s);
-        ossl_raise(eX509ExtError, "X509_EXTENSION_set_data");
-    }
-    ASN1_OCTET_STRING_free(asn1s);
 
     return data;
 }
@@ -376,27 +359,20 @@ ossl_x509ext_set_critical(VALUE self, VALUE flag)
     return flag;
 }
 
+/*
+ * call-seq:
+ *    ext.oid -> string
+ *
+ * Returns the OID of the extension. Returns the short name or the dotted
+ * decimal notation.
+ */
 static VALUE
 ossl_x509ext_get_oid(VALUE obj)
 {
     X509_EXTENSION *ext;
-    const ASN1_OBJECT *extobj;
-    BIO *out;
-    VALUE ret;
-    int nid;
 
     GetX509Ext(obj, ext);
-    extobj = X509_EXTENSION_get_object(ext);
-    if ((nid = OBJ_obj2nid(extobj)) != NID_undef)
-	ret = rb_str_new2(OBJ_nid2sn(nid));
-    else{
-	if (!(out = BIO_new(BIO_s_mem())))
-	    ossl_raise(eX509ExtError, NULL);
-	i2a_ASN1_OBJECT(out, (ASN1_OBJECT *)extobj);
-	ret = ossl_membio2str(out);
-    }
-
-    return ret;
+    return ossl_asn1obj_to_string(X509_EXTENSION_get_object(ext));
 }
 
 static VALUE
@@ -408,9 +384,9 @@ ossl_x509ext_get_value(VALUE obj)
 
     GetX509Ext(obj, ext);
     if (!(out = BIO_new(BIO_s_mem())))
-	ossl_raise(eX509ExtError, NULL);
+        ossl_raise(eX509ExtError, NULL);
     if (!X509V3_EXT_print(out, ext, 0, 0))
-	ASN1_STRING_print(out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
+        ASN1_STRING_print(out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
     ret = ossl_membio2str(out);
 
     return ret;
@@ -420,11 +396,11 @@ static VALUE
 ossl_x509ext_get_value_der(VALUE obj)
 {
     X509_EXTENSION *ext;
-    const ASN1_OCTET_STRING *value;
+    ASN1_OCTET_STRING *value;
 
     GetX509Ext(obj, ext);
     if ((value = X509_EXTENSION_get_data(ext)) == NULL)
-	ossl_raise(eX509ExtError, NULL);
+        ossl_raise(eX509ExtError, NULL);
 
     return asn1str_to_str(value);
 }
@@ -448,11 +424,11 @@ ossl_x509ext_to_der(VALUE obj)
 
     GetX509Ext(obj, ext);
     if((len = i2d_X509_EXTENSION(ext, NULL)) <= 0)
-	ossl_raise(eX509ExtError, NULL);
+        ossl_raise(eX509ExtError, NULL);
     str = rb_str_new(0, len);
     p = (unsigned char *)RSTRING_PTR(str);
     if(i2d_X509_EXTENSION(ext, &p) < 0)
-	ossl_raise(eX509ExtError, NULL);
+        ossl_raise(eX509ExtError, NULL);
     ossl_str_adjust(str, p);
 
     return str;
@@ -465,12 +441,6 @@ void
 Init_ossl_x509ext(void)
 {
 #undef rb_intern
-#if 0
-    mOSSL = rb_define_module("OpenSSL");
-    eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
-    mX509 = rb_define_module_under(mOSSL, "X509");
-#endif
-
     eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError);
 
     cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject);