rubysl-openssl 2.10 → 2.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/ext/rubysl/openssl/deprecation.rb +7 -3
- data/ext/rubysl/openssl/extconf.rb +148 -103
- data/ext/rubysl/openssl/openssl_missing.c +94 -275
- data/ext/rubysl/openssl/openssl_missing.h +167 -98
- data/ext/rubysl/openssl/ossl.c +266 -212
- data/ext/rubysl/openssl/ossl.h +27 -89
- data/ext/rubysl/openssl/ossl_asn1.c +157 -221
- data/ext/rubysl/openssl/ossl_asn1.h +11 -3
- data/ext/rubysl/openssl/ossl_bio.c +10 -40
- data/ext/rubysl/openssl/ossl_bio.h +1 -2
- data/ext/rubysl/openssl/ossl_bn.c +144 -100
- data/ext/rubysl/openssl/ossl_bn.h +3 -1
- data/ext/rubysl/openssl/ossl_cipher.c +270 -195
- data/ext/rubysl/openssl/ossl_config.c +7 -1
- data/ext/rubysl/openssl/ossl_config.h +0 -1
- data/ext/rubysl/openssl/ossl_digest.c +40 -29
- data/ext/rubysl/openssl/ossl_engine.c +23 -62
- data/ext/rubysl/openssl/ossl_hmac.c +82 -55
- data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
- data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
- data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
- data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
- data/ext/rubysl/openssl/ossl_pkey.c +151 -99
- data/ext/rubysl/openssl/ossl_pkey.h +123 -29
- data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
- data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
- data/ext/rubysl/openssl/ossl_rand.c +25 -21
- data/ext/rubysl/openssl/ossl_ssl.c +795 -413
- data/ext/rubysl/openssl/ossl_ssl.h +3 -0
- data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
- data/ext/rubysl/openssl/ossl_version.h +1 -1
- data/ext/rubysl/openssl/ossl_x509.c +92 -8
- data/ext/rubysl/openssl/ossl_x509.h +14 -5
- data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
- data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
- data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
- data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
- data/ext/rubysl/openssl/ossl_x509name.c +68 -45
- data/ext/rubysl/openssl/ossl_x509req.c +32 -38
- data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
- data/ext/rubysl/openssl/ossl_x509store.c +309 -104
- data/ext/rubysl/openssl/ruby_missing.h +8 -6
- data/lib/openssl/buffering.rb +11 -5
- data/lib/openssl/cipher.rb +23 -15
- data/lib/openssl/digest.rb +7 -10
- data/lib/openssl/pkey.rb +15 -8
- data/lib/openssl/ssl.rb +81 -105
- data/lib/rubysl/openssl.rb +1 -4
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +3 -4
@@ -15,6 +15,13 @@
|
|
15
15
|
*/
|
16
16
|
extern VALUE mX509;
|
17
17
|
|
18
|
+
/*
|
19
|
+
* Converts the VALUE into Integer and set it to the ASN1_TIME. This is a
|
20
|
+
* wrapper for X509_time_adj_ex() so passing NULL creates a new ASN1_TIME.
|
21
|
+
* Note that the caller must check the NULL return.
|
22
|
+
*/
|
23
|
+
ASN1_TIME *ossl_x509_time_adjust(ASN1_TIME *, VALUE);
|
24
|
+
|
18
25
|
void Init_ossl_x509(void);
|
19
26
|
|
20
27
|
/*
|
@@ -24,7 +31,7 @@ extern VALUE cX509Attr;
|
|
24
31
|
extern VALUE eX509AttrError;
|
25
32
|
|
26
33
|
VALUE ossl_x509attr_new(X509_ATTRIBUTE *);
|
27
|
-
X509_ATTRIBUTE *
|
34
|
+
X509_ATTRIBUTE *GetX509AttrPtr(VALUE);
|
28
35
|
void Init_ossl_x509attr(void);
|
29
36
|
|
30
37
|
/*
|
@@ -59,7 +66,6 @@ extern VALUE eX509ExtError;
|
|
59
66
|
|
60
67
|
VALUE ossl_x509ext_new(X509_EXTENSION *);
|
61
68
|
X509_EXTENSION *GetX509ExtPtr(VALUE);
|
62
|
-
X509_EXTENSION *DupX509ExtPtr(VALUE);
|
63
69
|
void Init_ossl_x509ext(void);
|
64
70
|
|
65
71
|
/*
|
@@ -104,10 +110,13 @@ VALUE ossl_x509store_new(X509_STORE *);
|
|
104
110
|
X509_STORE *GetX509StorePtr(VALUE);
|
105
111
|
X509_STORE *DupX509StorePtr(VALUE);
|
106
112
|
|
107
|
-
VALUE ossl_x509stctx_new(X509_STORE_CTX *);
|
108
|
-
VALUE ossl_x509stctx_clear_ptr(VALUE);
|
109
113
|
X509_STORE_CTX *GetX509StCtxtPtr(VALUE);
|
110
|
-
|
111
114
|
void Init_ossl_x509store(void);
|
112
115
|
|
116
|
+
/*
|
117
|
+
* Calls the verify callback Proc (the first parameter) with given pre-verify
|
118
|
+
* result and the X509_STORE_CTX.
|
119
|
+
*/
|
120
|
+
int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *);
|
121
|
+
|
113
122
|
#endif /* _OSSL_X509_H_ */
|
@@ -127,6 +127,25 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
|
|
127
127
|
return self;
|
128
128
|
}
|
129
129
|
|
130
|
+
static VALUE
|
131
|
+
ossl_x509attr_initialize_copy(VALUE self, VALUE other)
|
132
|
+
{
|
133
|
+
X509_ATTRIBUTE *attr, *attr_other, *attr_new;
|
134
|
+
|
135
|
+
rb_check_frozen(self);
|
136
|
+
GetX509Attr(self, attr);
|
137
|
+
SafeGetX509Attr(other, attr_other);
|
138
|
+
|
139
|
+
attr_new = X509_ATTRIBUTE_dup(attr_other);
|
140
|
+
if (!attr_new)
|
141
|
+
ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
|
142
|
+
|
143
|
+
SetX509Attr(self, attr_new);
|
144
|
+
X509_ATTRIBUTE_free(attr);
|
145
|
+
|
146
|
+
return self;
|
147
|
+
}
|
148
|
+
|
130
149
|
/*
|
131
150
|
* call-seq:
|
132
151
|
* attr.oid = string => string
|
@@ -178,14 +197,6 @@ ossl_x509attr_get_oid(VALUE self)
|
|
178
197
|
return ret;
|
179
198
|
}
|
180
199
|
|
181
|
-
#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
|
182
|
-
# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single)
|
183
|
-
# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
|
184
|
-
#else
|
185
|
-
# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set)
|
186
|
-
# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
|
187
|
-
#endif
|
188
|
-
|
189
200
|
/*
|
190
201
|
* call-seq:
|
191
202
|
* attr.value = asn1 => asn1
|
@@ -194,21 +205,37 @@ static VALUE
|
|
194
205
|
ossl_x509attr_set_value(VALUE self, VALUE value)
|
195
206
|
{
|
196
207
|
X509_ATTRIBUTE *attr;
|
197
|
-
|
208
|
+
VALUE asn1_value;
|
209
|
+
int i, asn1_tag;
|
210
|
+
|
211
|
+
OSSL_Check_Kind(value, cASN1Data);
|
212
|
+
asn1_tag = NUM2INT(rb_attr_get(value, rb_intern("@tag")));
|
213
|
+
asn1_value = rb_attr_get(value, rb_intern("@value"));
|
214
|
+
if (asn1_tag != V_ASN1_SET)
|
215
|
+
ossl_raise(eASN1Error, "argument must be ASN1::Set");
|
216
|
+
if (!RB_TYPE_P(asn1_value, T_ARRAY))
|
217
|
+
ossl_raise(eASN1Error, "ASN1::Set has non-array value");
|
198
218
|
|
199
|
-
if(!(a1type = ossl_asn1_get_asn1type(value)))
|
200
|
-
ossl_raise(eASN1Error, "could not get ASN1_TYPE");
|
201
|
-
if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){
|
202
|
-
ASN1_TYPE_free(a1type);
|
203
|
-
ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value.");
|
204
|
-
}
|
205
219
|
GetX509Attr(self, attr);
|
206
|
-
if(attr
|
207
|
-
|
208
|
-
|
220
|
+
if (X509_ATTRIBUTE_count(attr)) { /* populated, reset first */
|
221
|
+
ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
|
222
|
+
X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, 0, NULL, -1);
|
223
|
+
if (!new_attr)
|
224
|
+
ossl_raise(eX509AttrError, NULL);
|
225
|
+
SetX509Attr(self, new_attr);
|
226
|
+
X509_ATTRIBUTE_free(attr);
|
227
|
+
attr = new_attr;
|
228
|
+
}
|
229
|
+
|
230
|
+
for (i = 0; i < RARRAY_LEN(asn1_value); i++) {
|
231
|
+
ASN1_TYPE *a1type = ossl_asn1_get_asn1type(RARRAY_AREF(asn1_value, i));
|
232
|
+
if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type),
|
233
|
+
a1type->value.ptr, -1)) {
|
234
|
+
ASN1_TYPE_free(a1type);
|
235
|
+
ossl_raise(eX509AttrError, NULL);
|
236
|
+
}
|
237
|
+
ASN1_TYPE_free(a1type);
|
209
238
|
}
|
210
|
-
OSSL_X509ATTR_SET_SINGLE(attr);
|
211
|
-
attr->value.single = a1type;
|
212
239
|
|
213
240
|
return value;
|
214
241
|
}
|
@@ -221,32 +248,34 @@ static VALUE
|
|
221
248
|
ossl_x509attr_get_value(VALUE self)
|
222
249
|
{
|
223
250
|
X509_ATTRIBUTE *attr;
|
224
|
-
|
225
|
-
|
251
|
+
STACK_OF(ASN1_TYPE) *sk;
|
252
|
+
VALUE str;
|
253
|
+
int i, count, len;
|
226
254
|
unsigned char *p;
|
227
255
|
|
228
256
|
GetX509Attr(self, attr);
|
229
|
-
|
230
|
-
if(
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
257
|
+
/* there is no X509_ATTRIBUTE_get0_set() :( */
|
258
|
+
if (!(sk = sk_ASN1_TYPE_new_null()))
|
259
|
+
ossl_raise(eX509AttrError, "sk_new");
|
260
|
+
|
261
|
+
count = X509_ATTRIBUTE_count(attr);
|
262
|
+
for (i = 0; i < count; i++)
|
263
|
+
sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
|
264
|
+
|
265
|
+
if ((len = i2d_ASN1_SET_ANY(sk, NULL)) <= 0) {
|
266
|
+
sk_ASN1_TYPE_free(sk);
|
267
|
+
ossl_raise(eX509AttrError, NULL);
|
236
268
|
}
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
p = (unsigned char *)RSTRING_PTR(str);
|
243
|
-
i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
|
244
|
-
i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
|
245
|
-
ossl_str_adjust(str, p);
|
269
|
+
str = rb_str_new(0, len);
|
270
|
+
p = (unsigned char *)RSTRING_PTR(str);
|
271
|
+
if (i2d_ASN1_SET_ANY(sk, &p) <= 0) {
|
272
|
+
sk_ASN1_TYPE_free(sk);
|
273
|
+
ossl_raise(eX509AttrError, NULL);
|
246
274
|
}
|
247
|
-
|
275
|
+
ossl_str_adjust(str, p);
|
276
|
+
sk_ASN1_TYPE_free(sk);
|
248
277
|
|
249
|
-
return
|
278
|
+
return rb_funcall(mASN1, rb_intern("decode"), 1, str);
|
250
279
|
}
|
251
280
|
|
252
281
|
/*
|
@@ -268,7 +297,7 @@ ossl_x509attr_to_der(VALUE self)
|
|
268
297
|
p = (unsigned char *)RSTRING_PTR(str);
|
269
298
|
if(i2d_X509_ATTRIBUTE(attr, &p) <= 0)
|
270
299
|
ossl_raise(eX509AttrError, NULL);
|
271
|
-
|
300
|
+
ossl_str_adjust(str, p);
|
272
301
|
|
273
302
|
return str;
|
274
303
|
}
|
@@ -279,11 +308,18 @@ ossl_x509attr_to_der(VALUE self)
|
|
279
308
|
void
|
280
309
|
Init_ossl_x509attr(void)
|
281
310
|
{
|
311
|
+
#if 0
|
312
|
+
mOSSL = rb_define_module("OpenSSL");
|
313
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
314
|
+
mX509 = rb_define_module_under(mOSSL, "X509");
|
315
|
+
#endif
|
316
|
+
|
282
317
|
eX509AttrError = rb_define_class_under(mX509, "AttributeError", eOSSLError);
|
283
318
|
|
284
319
|
cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject);
|
285
320
|
rb_define_alloc_func(cX509Attr, ossl_x509attr_alloc);
|
286
321
|
rb_define_method(cX509Attr, "initialize", ossl_x509attr_initialize, -1);
|
322
|
+
rb_define_copy_func(cX509Attr, ossl_x509attr_initialize_copy);
|
287
323
|
rb_define_method(cX509Attr, "oid=", ossl_x509attr_set_oid, 1);
|
288
324
|
rb_define_method(cX509Attr, "oid", ossl_x509attr_get_oid, 0);
|
289
325
|
rb_define_method(cX509Attr, "value=", ossl_x509attr_set_value, 1);
|
@@ -78,9 +78,9 @@ ossl_x509_new_from_file(VALUE filename)
|
|
78
78
|
FILE *fp;
|
79
79
|
VALUE obj;
|
80
80
|
|
81
|
-
|
81
|
+
rb_check_safe_obj(filename);
|
82
82
|
obj = NewX509(cX509Cert);
|
83
|
-
if (!(fp = fopen(
|
83
|
+
if (!(fp = fopen(StringValueCStr(filename), "r"))) {
|
84
84
|
ossl_raise(eX509CertError, "%s", strerror(errno));
|
85
85
|
}
|
86
86
|
rb_fd_fix_cloexec(fileno(fp));
|
@@ -122,7 +122,7 @@ DupX509CertPtr(VALUE obj)
|
|
122
122
|
|
123
123
|
SafeGetX509(obj, x509);
|
124
124
|
|
125
|
-
|
125
|
+
X509_up_ref(x509);
|
126
126
|
|
127
127
|
return x509;
|
128
128
|
}
|
@@ -161,7 +161,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
|
|
161
161
|
return self;
|
162
162
|
}
|
163
163
|
arg = ossl_to_der_if_possible(arg);
|
164
|
-
in = ossl_obj2bio(arg);
|
164
|
+
in = ossl_obj2bio(&arg);
|
165
165
|
x509 = PEM_read_bio_X509(in, &x, NULL, NULL);
|
166
166
|
DATA_PTR(self) = x;
|
167
167
|
if (!x509) {
|
@@ -349,9 +349,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
|
|
349
349
|
X509 *x509;
|
350
350
|
|
351
351
|
GetX509(self, x509);
|
352
|
-
|
353
|
-
x509->cert_info->serialNumber =
|
354
|
-
num_to_asn1integer(num, X509_get_serialNumber(x509));
|
352
|
+
X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));
|
355
353
|
|
356
354
|
return num;
|
357
355
|
}
|
@@ -371,7 +369,7 @@ ossl_x509_get_signature_algorithm(VALUE self)
|
|
371
369
|
out = BIO_new(BIO_s_mem());
|
372
370
|
if (!out) ossl_raise(eX509CertError, NULL);
|
373
371
|
|
374
|
-
if (!i2a_ASN1_OBJECT(out, x509->
|
372
|
+
if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) {
|
375
373
|
BIO_free(out);
|
376
374
|
ossl_raise(eX509CertError, NULL);
|
377
375
|
}
|
@@ -458,10 +456,10 @@ static VALUE
|
|
458
456
|
ossl_x509_get_not_before(VALUE self)
|
459
457
|
{
|
460
458
|
X509 *x509;
|
461
|
-
|
459
|
+
const ASN1_TIME *asn1time;
|
462
460
|
|
463
461
|
GetX509(self, x509);
|
464
|
-
if (!(asn1time =
|
462
|
+
if (!(asn1time = X509_get0_notBefore(x509))) {
|
465
463
|
ossl_raise(eX509CertError, NULL);
|
466
464
|
}
|
467
465
|
|
@@ -476,13 +474,15 @@ static VALUE
|
|
476
474
|
ossl_x509_set_not_before(VALUE self, VALUE time)
|
477
475
|
{
|
478
476
|
X509 *x509;
|
479
|
-
|
477
|
+
ASN1_TIME *asn1time;
|
480
478
|
|
481
|
-
sec = time_to_time_t(time);
|
482
479
|
GetX509(self, x509);
|
483
|
-
|
484
|
-
|
480
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
481
|
+
if (!X509_set_notBefore(x509, asn1time)) {
|
482
|
+
ASN1_TIME_free(asn1time);
|
483
|
+
ossl_raise(eX509CertError, "X509_set_notBefore");
|
485
484
|
}
|
485
|
+
ASN1_TIME_free(asn1time);
|
486
486
|
|
487
487
|
return time;
|
488
488
|
}
|
@@ -495,10 +495,10 @@ static VALUE
|
|
495
495
|
ossl_x509_get_not_after(VALUE self)
|
496
496
|
{
|
497
497
|
X509 *x509;
|
498
|
-
ASN1_TIME *asn1time;
|
498
|
+
const ASN1_TIME *asn1time;
|
499
499
|
|
500
500
|
GetX509(self, x509);
|
501
|
-
if (!(asn1time =
|
501
|
+
if (!(asn1time = X509_get0_notAfter(x509))) {
|
502
502
|
ossl_raise(eX509CertError, NULL);
|
503
503
|
}
|
504
504
|
|
@@ -513,13 +513,15 @@ static VALUE
|
|
513
513
|
ossl_x509_set_not_after(VALUE self, VALUE time)
|
514
514
|
{
|
515
515
|
X509 *x509;
|
516
|
-
|
516
|
+
ASN1_TIME *asn1time;
|
517
517
|
|
518
|
-
sec = time_to_time_t(time);
|
519
518
|
GetX509(self, x509);
|
520
|
-
|
521
|
-
|
519
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
520
|
+
if (!X509_set_notAfter(x509, asn1time)) {
|
521
|
+
ASN1_TIME_free(asn1time);
|
522
|
+
ossl_raise(eX509CertError, "X509_set_notAfter");
|
522
523
|
}
|
524
|
+
ASN1_TIME_free(asn1time);
|
523
525
|
|
524
526
|
return time;
|
525
527
|
}
|
@@ -544,18 +546,19 @@ ossl_x509_get_public_key(VALUE self)
|
|
544
546
|
|
545
547
|
/*
|
546
548
|
* call-seq:
|
547
|
-
* cert.public_key = key
|
549
|
+
* cert.public_key = key
|
548
550
|
*/
|
549
551
|
static VALUE
|
550
552
|
ossl_x509_set_public_key(VALUE self, VALUE key)
|
551
553
|
{
|
552
554
|
X509 *x509;
|
555
|
+
EVP_PKEY *pkey;
|
553
556
|
|
554
557
|
GetX509(self, x509);
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
|
558
|
+
pkey = GetPKeyPtr(key);
|
559
|
+
ossl_pkey_check_public_key(pkey);
|
560
|
+
if (!X509_set_pubkey(x509, pkey))
|
561
|
+
ossl_raise(eX509CertError, "X509_set_pubkey");
|
559
562
|
return key;
|
560
563
|
}
|
561
564
|
|
@@ -591,18 +594,19 @@ ossl_x509_verify(VALUE self, VALUE key)
|
|
591
594
|
{
|
592
595
|
X509 *x509;
|
593
596
|
EVP_PKEY *pkey;
|
594
|
-
int i;
|
595
597
|
|
596
|
-
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
|
597
598
|
GetX509(self, x509);
|
598
|
-
|
599
|
-
|
600
|
-
|
601
|
-
|
599
|
+
pkey = GetPKeyPtr(key);
|
600
|
+
ossl_pkey_check_public_key(pkey);
|
601
|
+
switch (X509_verify(x509, pkey)) {
|
602
|
+
case 1:
|
602
603
|
return Qtrue;
|
604
|
+
case 0:
|
605
|
+
ossl_clear_error();
|
606
|
+
return Qfalse;
|
607
|
+
default:
|
608
|
+
ossl_raise(eX509CertError, NULL);
|
603
609
|
}
|
604
|
-
|
605
|
-
return Qfalse;
|
606
610
|
}
|
607
611
|
|
608
612
|
/*
|
@@ -621,7 +625,7 @@ ossl_x509_check_private_key(VALUE self, VALUE key)
|
|
621
625
|
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
|
622
626
|
GetX509(self, x509);
|
623
627
|
if (!X509_check_private_key(x509, pkey)) {
|
624
|
-
|
628
|
+
ossl_clear_error();
|
625
629
|
return Qfalse;
|
626
630
|
}
|
627
631
|
|
@@ -671,16 +675,13 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
|
|
671
675
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
672
676
|
}
|
673
677
|
GetX509(self, x509);
|
674
|
-
|
675
|
-
|
678
|
+
while ((ext = X509_delete_ext(x509, 0)))
|
679
|
+
X509_EXTENSION_free(ext);
|
676
680
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
677
|
-
ext =
|
678
|
-
|
679
|
-
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
|
680
|
-
X509_EXTENSION_free(ext);
|
681
|
+
ext = GetX509ExtPtr(RARRAY_AREF(ary, i));
|
682
|
+
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */
|
681
683
|
ossl_raise(eX509CertError, NULL);
|
682
684
|
}
|
683
|
-
X509_EXTENSION_free(ext);
|
684
685
|
}
|
685
686
|
|
686
687
|
return ary;
|
@@ -697,12 +698,10 @@ ossl_x509_add_extension(VALUE self, VALUE extension)
|
|
697
698
|
X509_EXTENSION *ext;
|
698
699
|
|
699
700
|
GetX509(self, x509);
|
700
|
-
ext =
|
701
|
+
ext = GetX509ExtPtr(extension);
|
701
702
|
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
|
702
|
-
X509_EXTENSION_free(ext);
|
703
703
|
ossl_raise(eX509CertError, NULL);
|
704
704
|
}
|
705
|
-
X509_EXTENSION_free(ext);
|
706
705
|
|
707
706
|
return extension;
|
708
707
|
}
|
@@ -727,9 +726,9 @@ ossl_x509_inspect(VALUE self)
|
|
727
726
|
void
|
728
727
|
Init_ossl_x509cert(void)
|
729
728
|
{
|
730
|
-
|
731
729
|
#if 0
|
732
|
-
mOSSL = rb_define_module("OpenSSL");
|
730
|
+
mOSSL = rb_define_module("OpenSSL");
|
731
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
733
732
|
mX509 = rb_define_module_under(mOSSL, "X509");
|
734
733
|
#endif
|
735
734
|
|
@@ -67,7 +67,7 @@ DupX509CRLPtr(VALUE obj)
|
|
67
67
|
X509_CRL *crl;
|
68
68
|
|
69
69
|
SafeGetX509CRL(obj, crl);
|
70
|
-
|
70
|
+
X509_CRL_up_ref(crl);
|
71
71
|
|
72
72
|
return crl;
|
73
73
|
}
|
@@ -115,7 +115,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
|
|
115
115
|
return self;
|
116
116
|
}
|
117
117
|
arg = ossl_to_der_if_possible(arg);
|
118
|
-
in = ossl_obj2bio(arg);
|
118
|
+
in = ossl_obj2bio(&arg);
|
119
119
|
crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
|
120
120
|
DATA_PTR(self) = x;
|
121
121
|
if (!crl) {
|
@@ -180,22 +180,20 @@ static VALUE
|
|
180
180
|
ossl_x509crl_get_signature_algorithm(VALUE self)
|
181
181
|
{
|
182
182
|
X509_CRL *crl;
|
183
|
+
const X509_ALGOR *alg;
|
183
184
|
BIO *out;
|
184
|
-
BUF_MEM *buf;
|
185
|
-
VALUE str;
|
186
185
|
|
187
186
|
GetX509CRL(self, crl);
|
188
187
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
189
188
|
ossl_raise(eX509CRLError, NULL);
|
190
189
|
}
|
191
|
-
|
190
|
+
X509_CRL_get0_signature(crl, NULL, &alg);
|
191
|
+
if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
|
192
192
|
BIO_free(out);
|
193
193
|
ossl_raise(eX509CRLError, NULL);
|
194
194
|
}
|
195
|
-
|
196
|
-
|
197
|
-
BIO_free(out);
|
198
|
-
return str;
|
195
|
+
|
196
|
+
return ossl_membio2str(out);
|
199
197
|
}
|
200
198
|
|
201
199
|
static VALUE
|
@@ -228,20 +226,22 @@ ossl_x509crl_get_last_update(VALUE self)
|
|
228
226
|
|
229
227
|
GetX509CRL(self, crl);
|
230
228
|
|
231
|
-
return asn1time_to_time(
|
229
|
+
return asn1time_to_time(X509_CRL_get0_lastUpdate(crl));
|
232
230
|
}
|
233
231
|
|
234
232
|
static VALUE
|
235
233
|
ossl_x509crl_set_last_update(VALUE self, VALUE time)
|
236
234
|
{
|
237
235
|
X509_CRL *crl;
|
238
|
-
|
236
|
+
ASN1_TIME *asn1time;
|
239
237
|
|
240
|
-
sec = time_to_time_t(time);
|
241
238
|
GetX509CRL(self, crl);
|
242
|
-
|
243
|
-
|
239
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
240
|
+
if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
|
241
|
+
ASN1_TIME_free(asn1time);
|
242
|
+
ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
|
244
243
|
}
|
244
|
+
ASN1_TIME_free(asn1time);
|
245
245
|
|
246
246
|
return time;
|
247
247
|
}
|
@@ -253,21 +253,22 @@ ossl_x509crl_get_next_update(VALUE self)
|
|
253
253
|
|
254
254
|
GetX509CRL(self, crl);
|
255
255
|
|
256
|
-
return asn1time_to_time(
|
256
|
+
return asn1time_to_time(X509_CRL_get0_nextUpdate(crl));
|
257
257
|
}
|
258
258
|
|
259
259
|
static VALUE
|
260
260
|
ossl_x509crl_set_next_update(VALUE self, VALUE time)
|
261
261
|
{
|
262
262
|
X509_CRL *crl;
|
263
|
-
|
263
|
+
ASN1_TIME *asn1time;
|
264
264
|
|
265
|
-
sec = time_to_time_t(time);
|
266
265
|
GetX509CRL(self, crl);
|
267
|
-
|
268
|
-
if (!(crl
|
269
|
-
|
266
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
267
|
+
if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
|
268
|
+
ASN1_TIME_free(asn1time);
|
269
|
+
ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
|
270
270
|
}
|
271
|
+
ASN1_TIME_free(asn1time);
|
271
272
|
|
272
273
|
return time;
|
273
274
|
}
|
@@ -302,6 +303,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
|
|
302
303
|
{
|
303
304
|
X509_CRL *crl;
|
304
305
|
X509_REVOKED *rev;
|
306
|
+
STACK_OF(X509_REVOKED) *sk;
|
305
307
|
long i;
|
306
308
|
|
307
309
|
Check_Type(ary, T_ARRAY);
|
@@ -310,8 +312,10 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
|
|
310
312
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
|
311
313
|
}
|
312
314
|
GetX509CRL(self, crl);
|
313
|
-
|
314
|
-
|
315
|
+
if ((sk = X509_CRL_get_REVOKED(crl))) {
|
316
|
+
while ((rev = sk_X509_REVOKED_pop(sk)))
|
317
|
+
X509_REVOKED_free(rev);
|
318
|
+
}
|
315
319
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
316
320
|
rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
|
317
321
|
if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
|
@@ -362,17 +366,20 @@ static VALUE
|
|
362
366
|
ossl_x509crl_verify(VALUE self, VALUE key)
|
363
367
|
{
|
364
368
|
X509_CRL *crl;
|
365
|
-
|
369
|
+
EVP_PKEY *pkey;
|
366
370
|
|
367
371
|
GetX509CRL(self, crl);
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
+
pkey = GetPKeyPtr(key);
|
373
|
+
ossl_pkey_check_public_key(pkey);
|
374
|
+
switch (X509_CRL_verify(crl, pkey)) {
|
375
|
+
case 1:
|
372
376
|
return Qtrue;
|
377
|
+
case 0:
|
378
|
+
ossl_clear_error();
|
379
|
+
return Qfalse;
|
380
|
+
default:
|
381
|
+
ossl_raise(eX509CRLError, NULL);
|
373
382
|
}
|
374
|
-
|
375
|
-
return Qfalse;
|
376
383
|
}
|
377
384
|
|
378
385
|
static VALUE
|
@@ -380,8 +387,6 @@ ossl_x509crl_to_der(VALUE self)
|
|
380
387
|
{
|
381
388
|
X509_CRL *crl;
|
382
389
|
BIO *out;
|
383
|
-
BUF_MEM *buf;
|
384
|
-
VALUE str;
|
385
390
|
|
386
391
|
GetX509CRL(self, crl);
|
387
392
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
@@ -391,11 +396,8 @@ ossl_x509crl_to_der(VALUE self)
|
|
391
396
|
BIO_free(out);
|
392
397
|
ossl_raise(eX509CRLError, NULL);
|
393
398
|
}
|
394
|
-
BIO_get_mem_ptr(out, &buf);
|
395
|
-
str = rb_str_new(buf->data, buf->length);
|
396
|
-
BIO_free(out);
|
397
399
|
|
398
|
-
return
|
400
|
+
return ossl_membio2str(out);
|
399
401
|
}
|
400
402
|
|
401
403
|
static VALUE
|
@@ -403,8 +405,6 @@ ossl_x509crl_to_pem(VALUE self)
|
|
403
405
|
{
|
404
406
|
X509_CRL *crl;
|
405
407
|
BIO *out;
|
406
|
-
BUF_MEM *buf;
|
407
|
-
VALUE str;
|
408
408
|
|
409
409
|
GetX509CRL(self, crl);
|
410
410
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
@@ -414,11 +414,8 @@ ossl_x509crl_to_pem(VALUE self)
|
|
414
414
|
BIO_free(out);
|
415
415
|
ossl_raise(eX509CRLError, NULL);
|
416
416
|
}
|
417
|
-
BIO_get_mem_ptr(out, &buf);
|
418
|
-
str = rb_str_new(buf->data, buf->length);
|
419
|
-
BIO_free(out);
|
420
417
|
|
421
|
-
return
|
418
|
+
return ossl_membio2str(out);
|
422
419
|
}
|
423
420
|
|
424
421
|
static VALUE
|
@@ -426,8 +423,6 @@ ossl_x509crl_to_text(VALUE self)
|
|
426
423
|
{
|
427
424
|
X509_CRL *crl;
|
428
425
|
BIO *out;
|
429
|
-
BUF_MEM *buf;
|
430
|
-
VALUE str;
|
431
426
|
|
432
427
|
GetX509CRL(self, crl);
|
433
428
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
@@ -437,11 +432,8 @@ ossl_x509crl_to_text(VALUE self)
|
|
437
432
|
BIO_free(out);
|
438
433
|
ossl_raise(eX509CRLError, NULL);
|
439
434
|
}
|
440
|
-
BIO_get_mem_ptr(out, &buf);
|
441
|
-
str = rb_str_new(buf->data, buf->length);
|
442
|
-
BIO_free(out);
|
443
435
|
|
444
|
-
return
|
436
|
+
return ossl_membio2str(out);
|
445
437
|
}
|
446
438
|
|
447
439
|
/*
|
@@ -486,15 +478,13 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
|
|
486
478
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
487
479
|
}
|
488
480
|
GetX509CRL(self, crl);
|
489
|
-
|
490
|
-
|
481
|
+
while ((ext = X509_CRL_delete_ext(crl, 0)))
|
482
|
+
X509_EXTENSION_free(ext);
|
491
483
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
492
|
-
ext =
|
493
|
-
if(!X509_CRL_add_ext(crl, ext, -1)) {
|
494
|
-
X509_EXTENSION_free(ext);
|
484
|
+
ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
|
485
|
+
if (!X509_CRL_add_ext(crl, ext, -1)) {
|
495
486
|
ossl_raise(eX509CRLError, NULL);
|
496
487
|
}
|
497
|
-
X509_EXTENSION_free(ext);
|
498
488
|
}
|
499
489
|
|
500
490
|
return ary;
|
@@ -507,12 +497,10 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
|
|
507
497
|
X509_EXTENSION *ext;
|
508
498
|
|
509
499
|
GetX509CRL(self, crl);
|
510
|
-
ext =
|
511
|
-
if (!X509_CRL_add_ext(crl, ext, -1)) {
|
512
|
-
X509_EXTENSION_free(ext);
|
500
|
+
ext = GetX509ExtPtr(extension);
|
501
|
+
if (!X509_CRL_add_ext(crl, ext, -1)) {
|
513
502
|
ossl_raise(eX509CRLError, NULL);
|
514
503
|
}
|
515
|
-
X509_EXTENSION_free(ext);
|
516
504
|
|
517
505
|
return extension;
|
518
506
|
}
|
@@ -523,6 +511,12 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
|
|
523
511
|
void
|
524
512
|
Init_ossl_x509crl(void)
|
525
513
|
{
|
514
|
+
#if 0
|
515
|
+
mOSSL = rb_define_module("OpenSSL");
|
516
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
517
|
+
mX509 = rb_define_module_under(mOSSL, "X509");
|
518
|
+
#endif
|
519
|
+
|
526
520
|
eX509CRLError = rb_define_class_under(mX509, "CRLError", eOSSLError);
|
527
521
|
|
528
522
|
cX509CRL = rb_define_class_under(mX509, "CRL", rb_cObject);
|