rubysl-openssl 2.10 → 2.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/ext/rubysl/openssl/deprecation.rb +7 -3
- data/ext/rubysl/openssl/extconf.rb +148 -103
- data/ext/rubysl/openssl/openssl_missing.c +94 -275
- data/ext/rubysl/openssl/openssl_missing.h +167 -98
- data/ext/rubysl/openssl/ossl.c +266 -212
- data/ext/rubysl/openssl/ossl.h +27 -89
- data/ext/rubysl/openssl/ossl_asn1.c +157 -221
- data/ext/rubysl/openssl/ossl_asn1.h +11 -3
- data/ext/rubysl/openssl/ossl_bio.c +10 -40
- data/ext/rubysl/openssl/ossl_bio.h +1 -2
- data/ext/rubysl/openssl/ossl_bn.c +144 -100
- data/ext/rubysl/openssl/ossl_bn.h +3 -1
- data/ext/rubysl/openssl/ossl_cipher.c +270 -195
- data/ext/rubysl/openssl/ossl_config.c +7 -1
- data/ext/rubysl/openssl/ossl_config.h +0 -1
- data/ext/rubysl/openssl/ossl_digest.c +40 -29
- data/ext/rubysl/openssl/ossl_engine.c +23 -62
- data/ext/rubysl/openssl/ossl_hmac.c +82 -55
- data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
- data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
- data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
- data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
- data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
- data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
- data/ext/rubysl/openssl/ossl_pkey.c +151 -99
- data/ext/rubysl/openssl/ossl_pkey.h +123 -29
- data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
- data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
- data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
- data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
- data/ext/rubysl/openssl/ossl_rand.c +25 -21
- data/ext/rubysl/openssl/ossl_ssl.c +795 -413
- data/ext/rubysl/openssl/ossl_ssl.h +3 -0
- data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
- data/ext/rubysl/openssl/ossl_version.h +1 -1
- data/ext/rubysl/openssl/ossl_x509.c +92 -8
- data/ext/rubysl/openssl/ossl_x509.h +14 -5
- data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
- data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
- data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
- data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
- data/ext/rubysl/openssl/ossl_x509name.c +68 -45
- data/ext/rubysl/openssl/ossl_x509req.c +32 -38
- data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
- data/ext/rubysl/openssl/ossl_x509store.c +309 -104
- data/ext/rubysl/openssl/ruby_missing.h +8 -6
- data/lib/openssl/buffering.rb +11 -5
- data/lib/openssl/cipher.rb +23 -15
- data/lib/openssl/digest.rb +7 -10
- data/lib/openssl/pkey.rb +15 -8
- data/lib/openssl/ssl.rb +81 -105
- data/lib/rubysl/openssl.rb +1 -4
- data/lib/rubysl/openssl/version.rb +1 -1
- metadata +3 -4
@@ -15,6 +15,13 @@
|
|
15
15
|
*/
|
16
16
|
extern VALUE mX509;
|
17
17
|
|
18
|
+
/*
|
19
|
+
* Converts the VALUE into Integer and set it to the ASN1_TIME. This is a
|
20
|
+
* wrapper for X509_time_adj_ex() so passing NULL creates a new ASN1_TIME.
|
21
|
+
* Note that the caller must check the NULL return.
|
22
|
+
*/
|
23
|
+
ASN1_TIME *ossl_x509_time_adjust(ASN1_TIME *, VALUE);
|
24
|
+
|
18
25
|
void Init_ossl_x509(void);
|
19
26
|
|
20
27
|
/*
|
@@ -24,7 +31,7 @@ extern VALUE cX509Attr;
|
|
24
31
|
extern VALUE eX509AttrError;
|
25
32
|
|
26
33
|
VALUE ossl_x509attr_new(X509_ATTRIBUTE *);
|
27
|
-
X509_ATTRIBUTE *
|
34
|
+
X509_ATTRIBUTE *GetX509AttrPtr(VALUE);
|
28
35
|
void Init_ossl_x509attr(void);
|
29
36
|
|
30
37
|
/*
|
@@ -59,7 +66,6 @@ extern VALUE eX509ExtError;
|
|
59
66
|
|
60
67
|
VALUE ossl_x509ext_new(X509_EXTENSION *);
|
61
68
|
X509_EXTENSION *GetX509ExtPtr(VALUE);
|
62
|
-
X509_EXTENSION *DupX509ExtPtr(VALUE);
|
63
69
|
void Init_ossl_x509ext(void);
|
64
70
|
|
65
71
|
/*
|
@@ -104,10 +110,13 @@ VALUE ossl_x509store_new(X509_STORE *);
|
|
104
110
|
X509_STORE *GetX509StorePtr(VALUE);
|
105
111
|
X509_STORE *DupX509StorePtr(VALUE);
|
106
112
|
|
107
|
-
VALUE ossl_x509stctx_new(X509_STORE_CTX *);
|
108
|
-
VALUE ossl_x509stctx_clear_ptr(VALUE);
|
109
113
|
X509_STORE_CTX *GetX509StCtxtPtr(VALUE);
|
110
|
-
|
111
114
|
void Init_ossl_x509store(void);
|
112
115
|
|
116
|
+
/*
|
117
|
+
* Calls the verify callback Proc (the first parameter) with given pre-verify
|
118
|
+
* result and the X509_STORE_CTX.
|
119
|
+
*/
|
120
|
+
int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *);
|
121
|
+
|
113
122
|
#endif /* _OSSL_X509_H_ */
|
@@ -127,6 +127,25 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
|
|
127
127
|
return self;
|
128
128
|
}
|
129
129
|
|
130
|
+
static VALUE
|
131
|
+
ossl_x509attr_initialize_copy(VALUE self, VALUE other)
|
132
|
+
{
|
133
|
+
X509_ATTRIBUTE *attr, *attr_other, *attr_new;
|
134
|
+
|
135
|
+
rb_check_frozen(self);
|
136
|
+
GetX509Attr(self, attr);
|
137
|
+
SafeGetX509Attr(other, attr_other);
|
138
|
+
|
139
|
+
attr_new = X509_ATTRIBUTE_dup(attr_other);
|
140
|
+
if (!attr_new)
|
141
|
+
ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
|
142
|
+
|
143
|
+
SetX509Attr(self, attr_new);
|
144
|
+
X509_ATTRIBUTE_free(attr);
|
145
|
+
|
146
|
+
return self;
|
147
|
+
}
|
148
|
+
|
130
149
|
/*
|
131
150
|
* call-seq:
|
132
151
|
* attr.oid = string => string
|
@@ -178,14 +197,6 @@ ossl_x509attr_get_oid(VALUE self)
|
|
178
197
|
return ret;
|
179
198
|
}
|
180
199
|
|
181
|
-
#if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
|
182
|
-
# define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single)
|
183
|
-
# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
|
184
|
-
#else
|
185
|
-
# define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set)
|
186
|
-
# define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
|
187
|
-
#endif
|
188
|
-
|
189
200
|
/*
|
190
201
|
* call-seq:
|
191
202
|
* attr.value = asn1 => asn1
|
@@ -194,21 +205,37 @@ static VALUE
|
|
194
205
|
ossl_x509attr_set_value(VALUE self, VALUE value)
|
195
206
|
{
|
196
207
|
X509_ATTRIBUTE *attr;
|
197
|
-
|
208
|
+
VALUE asn1_value;
|
209
|
+
int i, asn1_tag;
|
210
|
+
|
211
|
+
OSSL_Check_Kind(value, cASN1Data);
|
212
|
+
asn1_tag = NUM2INT(rb_attr_get(value, rb_intern("@tag")));
|
213
|
+
asn1_value = rb_attr_get(value, rb_intern("@value"));
|
214
|
+
if (asn1_tag != V_ASN1_SET)
|
215
|
+
ossl_raise(eASN1Error, "argument must be ASN1::Set");
|
216
|
+
if (!RB_TYPE_P(asn1_value, T_ARRAY))
|
217
|
+
ossl_raise(eASN1Error, "ASN1::Set has non-array value");
|
198
218
|
|
199
|
-
if(!(a1type = ossl_asn1_get_asn1type(value)))
|
200
|
-
ossl_raise(eASN1Error, "could not get ASN1_TYPE");
|
201
|
-
if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){
|
202
|
-
ASN1_TYPE_free(a1type);
|
203
|
-
ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value.");
|
204
|
-
}
|
205
219
|
GetX509Attr(self, attr);
|
206
|
-
if(attr
|
207
|
-
|
208
|
-
|
220
|
+
if (X509_ATTRIBUTE_count(attr)) { /* populated, reset first */
|
221
|
+
ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
|
222
|
+
X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, 0, NULL, -1);
|
223
|
+
if (!new_attr)
|
224
|
+
ossl_raise(eX509AttrError, NULL);
|
225
|
+
SetX509Attr(self, new_attr);
|
226
|
+
X509_ATTRIBUTE_free(attr);
|
227
|
+
attr = new_attr;
|
228
|
+
}
|
229
|
+
|
230
|
+
for (i = 0; i < RARRAY_LEN(asn1_value); i++) {
|
231
|
+
ASN1_TYPE *a1type = ossl_asn1_get_asn1type(RARRAY_AREF(asn1_value, i));
|
232
|
+
if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type),
|
233
|
+
a1type->value.ptr, -1)) {
|
234
|
+
ASN1_TYPE_free(a1type);
|
235
|
+
ossl_raise(eX509AttrError, NULL);
|
236
|
+
}
|
237
|
+
ASN1_TYPE_free(a1type);
|
209
238
|
}
|
210
|
-
OSSL_X509ATTR_SET_SINGLE(attr);
|
211
|
-
attr->value.single = a1type;
|
212
239
|
|
213
240
|
return value;
|
214
241
|
}
|
@@ -221,32 +248,34 @@ static VALUE
|
|
221
248
|
ossl_x509attr_get_value(VALUE self)
|
222
249
|
{
|
223
250
|
X509_ATTRIBUTE *attr;
|
224
|
-
|
225
|
-
|
251
|
+
STACK_OF(ASN1_TYPE) *sk;
|
252
|
+
VALUE str;
|
253
|
+
int i, count, len;
|
226
254
|
unsigned char *p;
|
227
255
|
|
228
256
|
GetX509Attr(self, attr);
|
229
|
-
|
230
|
-
if(
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
257
|
+
/* there is no X509_ATTRIBUTE_get0_set() :( */
|
258
|
+
if (!(sk = sk_ASN1_TYPE_new_null()))
|
259
|
+
ossl_raise(eX509AttrError, "sk_new");
|
260
|
+
|
261
|
+
count = X509_ATTRIBUTE_count(attr);
|
262
|
+
for (i = 0; i < count; i++)
|
263
|
+
sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
|
264
|
+
|
265
|
+
if ((len = i2d_ASN1_SET_ANY(sk, NULL)) <= 0) {
|
266
|
+
sk_ASN1_TYPE_free(sk);
|
267
|
+
ossl_raise(eX509AttrError, NULL);
|
236
268
|
}
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
p = (unsigned char *)RSTRING_PTR(str);
|
243
|
-
i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
|
244
|
-
i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
|
245
|
-
ossl_str_adjust(str, p);
|
269
|
+
str = rb_str_new(0, len);
|
270
|
+
p = (unsigned char *)RSTRING_PTR(str);
|
271
|
+
if (i2d_ASN1_SET_ANY(sk, &p) <= 0) {
|
272
|
+
sk_ASN1_TYPE_free(sk);
|
273
|
+
ossl_raise(eX509AttrError, NULL);
|
246
274
|
}
|
247
|
-
|
275
|
+
ossl_str_adjust(str, p);
|
276
|
+
sk_ASN1_TYPE_free(sk);
|
248
277
|
|
249
|
-
return
|
278
|
+
return rb_funcall(mASN1, rb_intern("decode"), 1, str);
|
250
279
|
}
|
251
280
|
|
252
281
|
/*
|
@@ -268,7 +297,7 @@ ossl_x509attr_to_der(VALUE self)
|
|
268
297
|
p = (unsigned char *)RSTRING_PTR(str);
|
269
298
|
if(i2d_X509_ATTRIBUTE(attr, &p) <= 0)
|
270
299
|
ossl_raise(eX509AttrError, NULL);
|
271
|
-
|
300
|
+
ossl_str_adjust(str, p);
|
272
301
|
|
273
302
|
return str;
|
274
303
|
}
|
@@ -279,11 +308,18 @@ ossl_x509attr_to_der(VALUE self)
|
|
279
308
|
void
|
280
309
|
Init_ossl_x509attr(void)
|
281
310
|
{
|
311
|
+
#if 0
|
312
|
+
mOSSL = rb_define_module("OpenSSL");
|
313
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
314
|
+
mX509 = rb_define_module_under(mOSSL, "X509");
|
315
|
+
#endif
|
316
|
+
|
282
317
|
eX509AttrError = rb_define_class_under(mX509, "AttributeError", eOSSLError);
|
283
318
|
|
284
319
|
cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject);
|
285
320
|
rb_define_alloc_func(cX509Attr, ossl_x509attr_alloc);
|
286
321
|
rb_define_method(cX509Attr, "initialize", ossl_x509attr_initialize, -1);
|
322
|
+
rb_define_copy_func(cX509Attr, ossl_x509attr_initialize_copy);
|
287
323
|
rb_define_method(cX509Attr, "oid=", ossl_x509attr_set_oid, 1);
|
288
324
|
rb_define_method(cX509Attr, "oid", ossl_x509attr_get_oid, 0);
|
289
325
|
rb_define_method(cX509Attr, "value=", ossl_x509attr_set_value, 1);
|
@@ -78,9 +78,9 @@ ossl_x509_new_from_file(VALUE filename)
|
|
78
78
|
FILE *fp;
|
79
79
|
VALUE obj;
|
80
80
|
|
81
|
-
|
81
|
+
rb_check_safe_obj(filename);
|
82
82
|
obj = NewX509(cX509Cert);
|
83
|
-
if (!(fp = fopen(
|
83
|
+
if (!(fp = fopen(StringValueCStr(filename), "r"))) {
|
84
84
|
ossl_raise(eX509CertError, "%s", strerror(errno));
|
85
85
|
}
|
86
86
|
rb_fd_fix_cloexec(fileno(fp));
|
@@ -122,7 +122,7 @@ DupX509CertPtr(VALUE obj)
|
|
122
122
|
|
123
123
|
SafeGetX509(obj, x509);
|
124
124
|
|
125
|
-
|
125
|
+
X509_up_ref(x509);
|
126
126
|
|
127
127
|
return x509;
|
128
128
|
}
|
@@ -161,7 +161,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
|
|
161
161
|
return self;
|
162
162
|
}
|
163
163
|
arg = ossl_to_der_if_possible(arg);
|
164
|
-
in = ossl_obj2bio(arg);
|
164
|
+
in = ossl_obj2bio(&arg);
|
165
165
|
x509 = PEM_read_bio_X509(in, &x, NULL, NULL);
|
166
166
|
DATA_PTR(self) = x;
|
167
167
|
if (!x509) {
|
@@ -349,9 +349,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
|
|
349
349
|
X509 *x509;
|
350
350
|
|
351
351
|
GetX509(self, x509);
|
352
|
-
|
353
|
-
x509->cert_info->serialNumber =
|
354
|
-
num_to_asn1integer(num, X509_get_serialNumber(x509));
|
352
|
+
X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));
|
355
353
|
|
356
354
|
return num;
|
357
355
|
}
|
@@ -371,7 +369,7 @@ ossl_x509_get_signature_algorithm(VALUE self)
|
|
371
369
|
out = BIO_new(BIO_s_mem());
|
372
370
|
if (!out) ossl_raise(eX509CertError, NULL);
|
373
371
|
|
374
|
-
if (!i2a_ASN1_OBJECT(out, x509->
|
372
|
+
if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) {
|
375
373
|
BIO_free(out);
|
376
374
|
ossl_raise(eX509CertError, NULL);
|
377
375
|
}
|
@@ -458,10 +456,10 @@ static VALUE
|
|
458
456
|
ossl_x509_get_not_before(VALUE self)
|
459
457
|
{
|
460
458
|
X509 *x509;
|
461
|
-
|
459
|
+
const ASN1_TIME *asn1time;
|
462
460
|
|
463
461
|
GetX509(self, x509);
|
464
|
-
if (!(asn1time =
|
462
|
+
if (!(asn1time = X509_get0_notBefore(x509))) {
|
465
463
|
ossl_raise(eX509CertError, NULL);
|
466
464
|
}
|
467
465
|
|
@@ -476,13 +474,15 @@ static VALUE
|
|
476
474
|
ossl_x509_set_not_before(VALUE self, VALUE time)
|
477
475
|
{
|
478
476
|
X509 *x509;
|
479
|
-
|
477
|
+
ASN1_TIME *asn1time;
|
480
478
|
|
481
|
-
sec = time_to_time_t(time);
|
482
479
|
GetX509(self, x509);
|
483
|
-
|
484
|
-
|
480
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
481
|
+
if (!X509_set_notBefore(x509, asn1time)) {
|
482
|
+
ASN1_TIME_free(asn1time);
|
483
|
+
ossl_raise(eX509CertError, "X509_set_notBefore");
|
485
484
|
}
|
485
|
+
ASN1_TIME_free(asn1time);
|
486
486
|
|
487
487
|
return time;
|
488
488
|
}
|
@@ -495,10 +495,10 @@ static VALUE
|
|
495
495
|
ossl_x509_get_not_after(VALUE self)
|
496
496
|
{
|
497
497
|
X509 *x509;
|
498
|
-
ASN1_TIME *asn1time;
|
498
|
+
const ASN1_TIME *asn1time;
|
499
499
|
|
500
500
|
GetX509(self, x509);
|
501
|
-
if (!(asn1time =
|
501
|
+
if (!(asn1time = X509_get0_notAfter(x509))) {
|
502
502
|
ossl_raise(eX509CertError, NULL);
|
503
503
|
}
|
504
504
|
|
@@ -513,13 +513,15 @@ static VALUE
|
|
513
513
|
ossl_x509_set_not_after(VALUE self, VALUE time)
|
514
514
|
{
|
515
515
|
X509 *x509;
|
516
|
-
|
516
|
+
ASN1_TIME *asn1time;
|
517
517
|
|
518
|
-
sec = time_to_time_t(time);
|
519
518
|
GetX509(self, x509);
|
520
|
-
|
521
|
-
|
519
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
520
|
+
if (!X509_set_notAfter(x509, asn1time)) {
|
521
|
+
ASN1_TIME_free(asn1time);
|
522
|
+
ossl_raise(eX509CertError, "X509_set_notAfter");
|
522
523
|
}
|
524
|
+
ASN1_TIME_free(asn1time);
|
523
525
|
|
524
526
|
return time;
|
525
527
|
}
|
@@ -544,18 +546,19 @@ ossl_x509_get_public_key(VALUE self)
|
|
544
546
|
|
545
547
|
/*
|
546
548
|
* call-seq:
|
547
|
-
* cert.public_key = key
|
549
|
+
* cert.public_key = key
|
548
550
|
*/
|
549
551
|
static VALUE
|
550
552
|
ossl_x509_set_public_key(VALUE self, VALUE key)
|
551
553
|
{
|
552
554
|
X509 *x509;
|
555
|
+
EVP_PKEY *pkey;
|
553
556
|
|
554
557
|
GetX509(self, x509);
|
555
|
-
|
556
|
-
|
557
|
-
|
558
|
-
|
558
|
+
pkey = GetPKeyPtr(key);
|
559
|
+
ossl_pkey_check_public_key(pkey);
|
560
|
+
if (!X509_set_pubkey(x509, pkey))
|
561
|
+
ossl_raise(eX509CertError, "X509_set_pubkey");
|
559
562
|
return key;
|
560
563
|
}
|
561
564
|
|
@@ -591,18 +594,19 @@ ossl_x509_verify(VALUE self, VALUE key)
|
|
591
594
|
{
|
592
595
|
X509 *x509;
|
593
596
|
EVP_PKEY *pkey;
|
594
|
-
int i;
|
595
597
|
|
596
|
-
pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
|
597
598
|
GetX509(self, x509);
|
598
|
-
|
599
|
-
|
600
|
-
|
601
|
-
|
599
|
+
pkey = GetPKeyPtr(key);
|
600
|
+
ossl_pkey_check_public_key(pkey);
|
601
|
+
switch (X509_verify(x509, pkey)) {
|
602
|
+
case 1:
|
602
603
|
return Qtrue;
|
604
|
+
case 0:
|
605
|
+
ossl_clear_error();
|
606
|
+
return Qfalse;
|
607
|
+
default:
|
608
|
+
ossl_raise(eX509CertError, NULL);
|
603
609
|
}
|
604
|
-
|
605
|
-
return Qfalse;
|
606
610
|
}
|
607
611
|
|
608
612
|
/*
|
@@ -621,7 +625,7 @@ ossl_x509_check_private_key(VALUE self, VALUE key)
|
|
621
625
|
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
|
622
626
|
GetX509(self, x509);
|
623
627
|
if (!X509_check_private_key(x509, pkey)) {
|
624
|
-
|
628
|
+
ossl_clear_error();
|
625
629
|
return Qfalse;
|
626
630
|
}
|
627
631
|
|
@@ -671,16 +675,13 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
|
|
671
675
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
672
676
|
}
|
673
677
|
GetX509(self, x509);
|
674
|
-
|
675
|
-
|
678
|
+
while ((ext = X509_delete_ext(x509, 0)))
|
679
|
+
X509_EXTENSION_free(ext);
|
676
680
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
677
|
-
ext =
|
678
|
-
|
679
|
-
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
|
680
|
-
X509_EXTENSION_free(ext);
|
681
|
+
ext = GetX509ExtPtr(RARRAY_AREF(ary, i));
|
682
|
+
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */
|
681
683
|
ossl_raise(eX509CertError, NULL);
|
682
684
|
}
|
683
|
-
X509_EXTENSION_free(ext);
|
684
685
|
}
|
685
686
|
|
686
687
|
return ary;
|
@@ -697,12 +698,10 @@ ossl_x509_add_extension(VALUE self, VALUE extension)
|
|
697
698
|
X509_EXTENSION *ext;
|
698
699
|
|
699
700
|
GetX509(self, x509);
|
700
|
-
ext =
|
701
|
+
ext = GetX509ExtPtr(extension);
|
701
702
|
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
|
702
|
-
X509_EXTENSION_free(ext);
|
703
703
|
ossl_raise(eX509CertError, NULL);
|
704
704
|
}
|
705
|
-
X509_EXTENSION_free(ext);
|
706
705
|
|
707
706
|
return extension;
|
708
707
|
}
|
@@ -727,9 +726,9 @@ ossl_x509_inspect(VALUE self)
|
|
727
726
|
void
|
728
727
|
Init_ossl_x509cert(void)
|
729
728
|
{
|
730
|
-
|
731
729
|
#if 0
|
732
|
-
mOSSL = rb_define_module("OpenSSL");
|
730
|
+
mOSSL = rb_define_module("OpenSSL");
|
731
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
733
732
|
mX509 = rb_define_module_under(mOSSL, "X509");
|
734
733
|
#endif
|
735
734
|
|
@@ -67,7 +67,7 @@ DupX509CRLPtr(VALUE obj)
|
|
67
67
|
X509_CRL *crl;
|
68
68
|
|
69
69
|
SafeGetX509CRL(obj, crl);
|
70
|
-
|
70
|
+
X509_CRL_up_ref(crl);
|
71
71
|
|
72
72
|
return crl;
|
73
73
|
}
|
@@ -115,7 +115,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
|
|
115
115
|
return self;
|
116
116
|
}
|
117
117
|
arg = ossl_to_der_if_possible(arg);
|
118
|
-
in = ossl_obj2bio(arg);
|
118
|
+
in = ossl_obj2bio(&arg);
|
119
119
|
crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
|
120
120
|
DATA_PTR(self) = x;
|
121
121
|
if (!crl) {
|
@@ -180,22 +180,20 @@ static VALUE
|
|
180
180
|
ossl_x509crl_get_signature_algorithm(VALUE self)
|
181
181
|
{
|
182
182
|
X509_CRL *crl;
|
183
|
+
const X509_ALGOR *alg;
|
183
184
|
BIO *out;
|
184
|
-
BUF_MEM *buf;
|
185
|
-
VALUE str;
|
186
185
|
|
187
186
|
GetX509CRL(self, crl);
|
188
187
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
189
188
|
ossl_raise(eX509CRLError, NULL);
|
190
189
|
}
|
191
|
-
|
190
|
+
X509_CRL_get0_signature(crl, NULL, &alg);
|
191
|
+
if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
|
192
192
|
BIO_free(out);
|
193
193
|
ossl_raise(eX509CRLError, NULL);
|
194
194
|
}
|
195
|
-
|
196
|
-
|
197
|
-
BIO_free(out);
|
198
|
-
return str;
|
195
|
+
|
196
|
+
return ossl_membio2str(out);
|
199
197
|
}
|
200
198
|
|
201
199
|
static VALUE
|
@@ -228,20 +226,22 @@ ossl_x509crl_get_last_update(VALUE self)
|
|
228
226
|
|
229
227
|
GetX509CRL(self, crl);
|
230
228
|
|
231
|
-
return asn1time_to_time(
|
229
|
+
return asn1time_to_time(X509_CRL_get0_lastUpdate(crl));
|
232
230
|
}
|
233
231
|
|
234
232
|
static VALUE
|
235
233
|
ossl_x509crl_set_last_update(VALUE self, VALUE time)
|
236
234
|
{
|
237
235
|
X509_CRL *crl;
|
238
|
-
|
236
|
+
ASN1_TIME *asn1time;
|
239
237
|
|
240
|
-
sec = time_to_time_t(time);
|
241
238
|
GetX509CRL(self, crl);
|
242
|
-
|
243
|
-
|
239
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
240
|
+
if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
|
241
|
+
ASN1_TIME_free(asn1time);
|
242
|
+
ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
|
244
243
|
}
|
244
|
+
ASN1_TIME_free(asn1time);
|
245
245
|
|
246
246
|
return time;
|
247
247
|
}
|
@@ -253,21 +253,22 @@ ossl_x509crl_get_next_update(VALUE self)
|
|
253
253
|
|
254
254
|
GetX509CRL(self, crl);
|
255
255
|
|
256
|
-
return asn1time_to_time(
|
256
|
+
return asn1time_to_time(X509_CRL_get0_nextUpdate(crl));
|
257
257
|
}
|
258
258
|
|
259
259
|
static VALUE
|
260
260
|
ossl_x509crl_set_next_update(VALUE self, VALUE time)
|
261
261
|
{
|
262
262
|
X509_CRL *crl;
|
263
|
-
|
263
|
+
ASN1_TIME *asn1time;
|
264
264
|
|
265
|
-
sec = time_to_time_t(time);
|
266
265
|
GetX509CRL(self, crl);
|
267
|
-
|
268
|
-
if (!(crl
|
269
|
-
|
266
|
+
asn1time = ossl_x509_time_adjust(NULL, time);
|
267
|
+
if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
|
268
|
+
ASN1_TIME_free(asn1time);
|
269
|
+
ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
|
270
270
|
}
|
271
|
+
ASN1_TIME_free(asn1time);
|
271
272
|
|
272
273
|
return time;
|
273
274
|
}
|
@@ -302,6 +303,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
|
|
302
303
|
{
|
303
304
|
X509_CRL *crl;
|
304
305
|
X509_REVOKED *rev;
|
306
|
+
STACK_OF(X509_REVOKED) *sk;
|
305
307
|
long i;
|
306
308
|
|
307
309
|
Check_Type(ary, T_ARRAY);
|
@@ -310,8 +312,10 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
|
|
310
312
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
|
311
313
|
}
|
312
314
|
GetX509CRL(self, crl);
|
313
|
-
|
314
|
-
|
315
|
+
if ((sk = X509_CRL_get_REVOKED(crl))) {
|
316
|
+
while ((rev = sk_X509_REVOKED_pop(sk)))
|
317
|
+
X509_REVOKED_free(rev);
|
318
|
+
}
|
315
319
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
316
320
|
rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
|
317
321
|
if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
|
@@ -362,17 +366,20 @@ static VALUE
|
|
362
366
|
ossl_x509crl_verify(VALUE self, VALUE key)
|
363
367
|
{
|
364
368
|
X509_CRL *crl;
|
365
|
-
|
369
|
+
EVP_PKEY *pkey;
|
366
370
|
|
367
371
|
GetX509CRL(self, crl);
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
+
pkey = GetPKeyPtr(key);
|
373
|
+
ossl_pkey_check_public_key(pkey);
|
374
|
+
switch (X509_CRL_verify(crl, pkey)) {
|
375
|
+
case 1:
|
372
376
|
return Qtrue;
|
377
|
+
case 0:
|
378
|
+
ossl_clear_error();
|
379
|
+
return Qfalse;
|
380
|
+
default:
|
381
|
+
ossl_raise(eX509CRLError, NULL);
|
373
382
|
}
|
374
|
-
|
375
|
-
return Qfalse;
|
376
383
|
}
|
377
384
|
|
378
385
|
static VALUE
|
@@ -380,8 +387,6 @@ ossl_x509crl_to_der(VALUE self)
|
|
380
387
|
{
|
381
388
|
X509_CRL *crl;
|
382
389
|
BIO *out;
|
383
|
-
BUF_MEM *buf;
|
384
|
-
VALUE str;
|
385
390
|
|
386
391
|
GetX509CRL(self, crl);
|
387
392
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
@@ -391,11 +396,8 @@ ossl_x509crl_to_der(VALUE self)
|
|
391
396
|
BIO_free(out);
|
392
397
|
ossl_raise(eX509CRLError, NULL);
|
393
398
|
}
|
394
|
-
BIO_get_mem_ptr(out, &buf);
|
395
|
-
str = rb_str_new(buf->data, buf->length);
|
396
|
-
BIO_free(out);
|
397
399
|
|
398
|
-
return
|
400
|
+
return ossl_membio2str(out);
|
399
401
|
}
|
400
402
|
|
401
403
|
static VALUE
|
@@ -403,8 +405,6 @@ ossl_x509crl_to_pem(VALUE self)
|
|
403
405
|
{
|
404
406
|
X509_CRL *crl;
|
405
407
|
BIO *out;
|
406
|
-
BUF_MEM *buf;
|
407
|
-
VALUE str;
|
408
408
|
|
409
409
|
GetX509CRL(self, crl);
|
410
410
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
@@ -414,11 +414,8 @@ ossl_x509crl_to_pem(VALUE self)
|
|
414
414
|
BIO_free(out);
|
415
415
|
ossl_raise(eX509CRLError, NULL);
|
416
416
|
}
|
417
|
-
BIO_get_mem_ptr(out, &buf);
|
418
|
-
str = rb_str_new(buf->data, buf->length);
|
419
|
-
BIO_free(out);
|
420
417
|
|
421
|
-
return
|
418
|
+
return ossl_membio2str(out);
|
422
419
|
}
|
423
420
|
|
424
421
|
static VALUE
|
@@ -426,8 +423,6 @@ ossl_x509crl_to_text(VALUE self)
|
|
426
423
|
{
|
427
424
|
X509_CRL *crl;
|
428
425
|
BIO *out;
|
429
|
-
BUF_MEM *buf;
|
430
|
-
VALUE str;
|
431
426
|
|
432
427
|
GetX509CRL(self, crl);
|
433
428
|
if (!(out = BIO_new(BIO_s_mem()))) {
|
@@ -437,11 +432,8 @@ ossl_x509crl_to_text(VALUE self)
|
|
437
432
|
BIO_free(out);
|
438
433
|
ossl_raise(eX509CRLError, NULL);
|
439
434
|
}
|
440
|
-
BIO_get_mem_ptr(out, &buf);
|
441
|
-
str = rb_str_new(buf->data, buf->length);
|
442
|
-
BIO_free(out);
|
443
435
|
|
444
|
-
return
|
436
|
+
return ossl_membio2str(out);
|
445
437
|
}
|
446
438
|
|
447
439
|
/*
|
@@ -486,15 +478,13 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
|
|
486
478
|
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
|
487
479
|
}
|
488
480
|
GetX509CRL(self, crl);
|
489
|
-
|
490
|
-
|
481
|
+
while ((ext = X509_CRL_delete_ext(crl, 0)))
|
482
|
+
X509_EXTENSION_free(ext);
|
491
483
|
for (i=0; i<RARRAY_LEN(ary); i++) {
|
492
|
-
ext =
|
493
|
-
if(!X509_CRL_add_ext(crl, ext, -1)) {
|
494
|
-
X509_EXTENSION_free(ext);
|
484
|
+
ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
|
485
|
+
if (!X509_CRL_add_ext(crl, ext, -1)) {
|
495
486
|
ossl_raise(eX509CRLError, NULL);
|
496
487
|
}
|
497
|
-
X509_EXTENSION_free(ext);
|
498
488
|
}
|
499
489
|
|
500
490
|
return ary;
|
@@ -507,12 +497,10 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
|
|
507
497
|
X509_EXTENSION *ext;
|
508
498
|
|
509
499
|
GetX509CRL(self, crl);
|
510
|
-
ext =
|
511
|
-
if (!X509_CRL_add_ext(crl, ext, -1)) {
|
512
|
-
X509_EXTENSION_free(ext);
|
500
|
+
ext = GetX509ExtPtr(extension);
|
501
|
+
if (!X509_CRL_add_ext(crl, ext, -1)) {
|
513
502
|
ossl_raise(eX509CRLError, NULL);
|
514
503
|
}
|
515
|
-
X509_EXTENSION_free(ext);
|
516
504
|
|
517
505
|
return extension;
|
518
506
|
}
|
@@ -523,6 +511,12 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
|
|
523
511
|
void
|
524
512
|
Init_ossl_x509crl(void)
|
525
513
|
{
|
514
|
+
#if 0
|
515
|
+
mOSSL = rb_define_module("OpenSSL");
|
516
|
+
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
|
517
|
+
mX509 = rb_define_module_under(mOSSL, "X509");
|
518
|
+
#endif
|
519
|
+
|
526
520
|
eX509CRLError = rb_define_class_under(mX509, "CRLError", eOSSLError);
|
527
521
|
|
528
522
|
cX509CRL = rb_define_class_under(mX509, "CRL", rb_cObject);
|