rubysl-openssl 2.10 → 2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +5 -5
  2. data/ext/rubysl/openssl/deprecation.rb +7 -3
  3. data/ext/rubysl/openssl/extconf.rb +148 -103
  4. data/ext/rubysl/openssl/openssl_missing.c +94 -275
  5. data/ext/rubysl/openssl/openssl_missing.h +167 -98
  6. data/ext/rubysl/openssl/ossl.c +266 -212
  7. data/ext/rubysl/openssl/ossl.h +27 -89
  8. data/ext/rubysl/openssl/ossl_asn1.c +157 -221
  9. data/ext/rubysl/openssl/ossl_asn1.h +11 -3
  10. data/ext/rubysl/openssl/ossl_bio.c +10 -40
  11. data/ext/rubysl/openssl/ossl_bio.h +1 -2
  12. data/ext/rubysl/openssl/ossl_bn.c +144 -100
  13. data/ext/rubysl/openssl/ossl_bn.h +3 -1
  14. data/ext/rubysl/openssl/ossl_cipher.c +270 -195
  15. data/ext/rubysl/openssl/ossl_config.c +7 -1
  16. data/ext/rubysl/openssl/ossl_config.h +0 -1
  17. data/ext/rubysl/openssl/ossl_digest.c +40 -29
  18. data/ext/rubysl/openssl/ossl_engine.c +23 -62
  19. data/ext/rubysl/openssl/ossl_hmac.c +82 -55
  20. data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
  21. data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
  22. data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
  23. data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
  24. data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
  25. data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
  26. data/ext/rubysl/openssl/ossl_pkey.c +151 -99
  27. data/ext/rubysl/openssl/ossl_pkey.h +123 -29
  28. data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
  29. data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
  30. data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
  31. data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
  32. data/ext/rubysl/openssl/ossl_rand.c +25 -21
  33. data/ext/rubysl/openssl/ossl_ssl.c +795 -413
  34. data/ext/rubysl/openssl/ossl_ssl.h +3 -0
  35. data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
  36. data/ext/rubysl/openssl/ossl_version.h +1 -1
  37. data/ext/rubysl/openssl/ossl_x509.c +92 -8
  38. data/ext/rubysl/openssl/ossl_x509.h +14 -5
  39. data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
  40. data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
  41. data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
  42. data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
  43. data/ext/rubysl/openssl/ossl_x509name.c +68 -45
  44. data/ext/rubysl/openssl/ossl_x509req.c +32 -38
  45. data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
  46. data/ext/rubysl/openssl/ossl_x509store.c +309 -104
  47. data/ext/rubysl/openssl/ruby_missing.h +8 -6
  48. data/lib/openssl/buffering.rb +11 -5
  49. data/lib/openssl/cipher.rb +23 -15
  50. data/lib/openssl/digest.rb +7 -10
  51. data/lib/openssl/pkey.rb +15 -8
  52. data/lib/openssl/ssl.rb +81 -105
  53. data/lib/rubysl/openssl.rb +1 -4
  54. data/lib/rubysl/openssl/version.rb +1 -1
  55. metadata +3 -4
@@ -15,6 +15,13 @@
15
15
  */
16
16
  extern VALUE mX509;
17
17
 
18
+ /*
19
+ * Converts the VALUE into Integer and set it to the ASN1_TIME. This is a
20
+ * wrapper for X509_time_adj_ex() so passing NULL creates a new ASN1_TIME.
21
+ * Note that the caller must check the NULL return.
22
+ */
23
+ ASN1_TIME *ossl_x509_time_adjust(ASN1_TIME *, VALUE);
24
+
18
25
  void Init_ossl_x509(void);
19
26
 
20
27
  /*
@@ -24,7 +31,7 @@ extern VALUE cX509Attr;
24
31
  extern VALUE eX509AttrError;
25
32
 
26
33
  VALUE ossl_x509attr_new(X509_ATTRIBUTE *);
27
- X509_ATTRIBUTE *DupX509AttrPtr(VALUE);
34
+ X509_ATTRIBUTE *GetX509AttrPtr(VALUE);
28
35
  void Init_ossl_x509attr(void);
29
36
 
30
37
  /*
@@ -59,7 +66,6 @@ extern VALUE eX509ExtError;
59
66
 
60
67
  VALUE ossl_x509ext_new(X509_EXTENSION *);
61
68
  X509_EXTENSION *GetX509ExtPtr(VALUE);
62
- X509_EXTENSION *DupX509ExtPtr(VALUE);
63
69
  void Init_ossl_x509ext(void);
64
70
 
65
71
  /*
@@ -104,10 +110,13 @@ VALUE ossl_x509store_new(X509_STORE *);
104
110
  X509_STORE *GetX509StorePtr(VALUE);
105
111
  X509_STORE *DupX509StorePtr(VALUE);
106
112
 
107
- VALUE ossl_x509stctx_new(X509_STORE_CTX *);
108
- VALUE ossl_x509stctx_clear_ptr(VALUE);
109
113
  X509_STORE_CTX *GetX509StCtxtPtr(VALUE);
110
-
111
114
  void Init_ossl_x509store(void);
112
115
 
116
+ /*
117
+ * Calls the verify callback Proc (the first parameter) with given pre-verify
118
+ * result and the X509_STORE_CTX.
119
+ */
120
+ int ossl_verify_cb_call(VALUE, int, X509_STORE_CTX *);
121
+
113
122
  #endif /* _OSSL_X509_H_ */
@@ -127,6 +127,25 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
127
127
  return self;
128
128
  }
129
129
 
130
+ static VALUE
131
+ ossl_x509attr_initialize_copy(VALUE self, VALUE other)
132
+ {
133
+ X509_ATTRIBUTE *attr, *attr_other, *attr_new;
134
+
135
+ rb_check_frozen(self);
136
+ GetX509Attr(self, attr);
137
+ SafeGetX509Attr(other, attr_other);
138
+
139
+ attr_new = X509_ATTRIBUTE_dup(attr_other);
140
+ if (!attr_new)
141
+ ossl_raise(eX509AttrError, "X509_ATTRIBUTE_dup");
142
+
143
+ SetX509Attr(self, attr_new);
144
+ X509_ATTRIBUTE_free(attr);
145
+
146
+ return self;
147
+ }
148
+
130
149
  /*
131
150
  * call-seq:
132
151
  * attr.oid = string => string
@@ -178,14 +197,6 @@ ossl_x509attr_get_oid(VALUE self)
178
197
  return ret;
179
198
  }
180
199
 
181
- #if defined(HAVE_ST_X509_ATTRIBUTE_SINGLE) || defined(HAVE_ST_SINGLE)
182
- # define OSSL_X509ATTR_IS_SINGLE(attr) ((attr)->single)
183
- # define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->single = 1)
184
- #else
185
- # define OSSL_X509ATTR_IS_SINGLE(attr) (!(attr)->value.set)
186
- # define OSSL_X509ATTR_SET_SINGLE(attr) ((attr)->value.set = 0)
187
- #endif
188
-
189
200
  /*
190
201
  * call-seq:
191
202
  * attr.value = asn1 => asn1
@@ -194,21 +205,37 @@ static VALUE
194
205
  ossl_x509attr_set_value(VALUE self, VALUE value)
195
206
  {
196
207
  X509_ATTRIBUTE *attr;
197
- ASN1_TYPE *a1type;
208
+ VALUE asn1_value;
209
+ int i, asn1_tag;
210
+
211
+ OSSL_Check_Kind(value, cASN1Data);
212
+ asn1_tag = NUM2INT(rb_attr_get(value, rb_intern("@tag")));
213
+ asn1_value = rb_attr_get(value, rb_intern("@value"));
214
+ if (asn1_tag != V_ASN1_SET)
215
+ ossl_raise(eASN1Error, "argument must be ASN1::Set");
216
+ if (!RB_TYPE_P(asn1_value, T_ARRAY))
217
+ ossl_raise(eASN1Error, "ASN1::Set has non-array value");
198
218
 
199
- if(!(a1type = ossl_asn1_get_asn1type(value)))
200
- ossl_raise(eASN1Error, "could not get ASN1_TYPE");
201
- if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){
202
- ASN1_TYPE_free(a1type);
203
- ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value.");
204
- }
205
219
  GetX509Attr(self, attr);
206
- if(attr->value.set){
207
- if(OSSL_X509ATTR_IS_SINGLE(attr)) ASN1_TYPE_free(attr->value.single);
208
- else sk_ASN1_TYPE_free(attr->value.set);
220
+ if (X509_ATTRIBUTE_count(attr)) { /* populated, reset first */
221
+ ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
222
+ X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, 0, NULL, -1);
223
+ if (!new_attr)
224
+ ossl_raise(eX509AttrError, NULL);
225
+ SetX509Attr(self, new_attr);
226
+ X509_ATTRIBUTE_free(attr);
227
+ attr = new_attr;
228
+ }
229
+
230
+ for (i = 0; i < RARRAY_LEN(asn1_value); i++) {
231
+ ASN1_TYPE *a1type = ossl_asn1_get_asn1type(RARRAY_AREF(asn1_value, i));
232
+ if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type),
233
+ a1type->value.ptr, -1)) {
234
+ ASN1_TYPE_free(a1type);
235
+ ossl_raise(eX509AttrError, NULL);
236
+ }
237
+ ASN1_TYPE_free(a1type);
209
238
  }
210
- OSSL_X509ATTR_SET_SINGLE(attr);
211
- attr->value.single = a1type;
212
239
 
213
240
  return value;
214
241
  }
@@ -221,32 +248,34 @@ static VALUE
221
248
  ossl_x509attr_get_value(VALUE self)
222
249
  {
223
250
  X509_ATTRIBUTE *attr;
224
- VALUE str, asn1;
225
- long length;
251
+ STACK_OF(ASN1_TYPE) *sk;
252
+ VALUE str;
253
+ int i, count, len;
226
254
  unsigned char *p;
227
255
 
228
256
  GetX509Attr(self, attr);
229
- if(attr->value.ptr == NULL) return Qnil;
230
- if(OSSL_X509ATTR_IS_SINGLE(attr)){
231
- length = i2d_ASN1_TYPE(attr->value.single, NULL);
232
- str = rb_str_new(0, length);
233
- p = (unsigned char *)RSTRING_PTR(str);
234
- i2d_ASN1_TYPE(attr->value.single, &p);
235
- ossl_str_adjust(str, p);
257
+ /* there is no X509_ATTRIBUTE_get0_set() :( */
258
+ if (!(sk = sk_ASN1_TYPE_new_null()))
259
+ ossl_raise(eX509AttrError, "sk_new");
260
+
261
+ count = X509_ATTRIBUTE_count(attr);
262
+ for (i = 0; i < count; i++)
263
+ sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
264
+
265
+ if ((len = i2d_ASN1_SET_ANY(sk, NULL)) <= 0) {
266
+ sk_ASN1_TYPE_free(sk);
267
+ ossl_raise(eX509AttrError, NULL);
236
268
  }
237
- else{
238
- length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
239
- (unsigned char **) NULL, i2d_ASN1_TYPE,
240
- V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
241
- str = rb_str_new(0, length);
242
- p = (unsigned char *)RSTRING_PTR(str);
243
- i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
244
- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
245
- ossl_str_adjust(str, p);
269
+ str = rb_str_new(0, len);
270
+ p = (unsigned char *)RSTRING_PTR(str);
271
+ if (i2d_ASN1_SET_ANY(sk, &p) <= 0) {
272
+ sk_ASN1_TYPE_free(sk);
273
+ ossl_raise(eX509AttrError, NULL);
246
274
  }
247
- asn1 = rb_funcall(mASN1, rb_intern("decode"), 1, str);
275
+ ossl_str_adjust(str, p);
276
+ sk_ASN1_TYPE_free(sk);
248
277
 
249
- return asn1;
278
+ return rb_funcall(mASN1, rb_intern("decode"), 1, str);
250
279
  }
251
280
 
252
281
  /*
@@ -268,7 +297,7 @@ ossl_x509attr_to_der(VALUE self)
268
297
  p = (unsigned char *)RSTRING_PTR(str);
269
298
  if(i2d_X509_ATTRIBUTE(attr, &p) <= 0)
270
299
  ossl_raise(eX509AttrError, NULL);
271
- rb_str_set_len(str, p - (unsigned char*)RSTRING_PTR(str));
300
+ ossl_str_adjust(str, p);
272
301
 
273
302
  return str;
274
303
  }
@@ -279,11 +308,18 @@ ossl_x509attr_to_der(VALUE self)
279
308
  void
280
309
  Init_ossl_x509attr(void)
281
310
  {
311
+ #if 0
312
+ mOSSL = rb_define_module("OpenSSL");
313
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
314
+ mX509 = rb_define_module_under(mOSSL, "X509");
315
+ #endif
316
+
282
317
  eX509AttrError = rb_define_class_under(mX509, "AttributeError", eOSSLError);
283
318
 
284
319
  cX509Attr = rb_define_class_under(mX509, "Attribute", rb_cObject);
285
320
  rb_define_alloc_func(cX509Attr, ossl_x509attr_alloc);
286
321
  rb_define_method(cX509Attr, "initialize", ossl_x509attr_initialize, -1);
322
+ rb_define_copy_func(cX509Attr, ossl_x509attr_initialize_copy);
287
323
  rb_define_method(cX509Attr, "oid=", ossl_x509attr_set_oid, 1);
288
324
  rb_define_method(cX509Attr, "oid", ossl_x509attr_get_oid, 0);
289
325
  rb_define_method(cX509Attr, "value=", ossl_x509attr_set_value, 1);
@@ -78,9 +78,9 @@ ossl_x509_new_from_file(VALUE filename)
78
78
  FILE *fp;
79
79
  VALUE obj;
80
80
 
81
- SafeStringValue(filename);
81
+ rb_check_safe_obj(filename);
82
82
  obj = NewX509(cX509Cert);
83
- if (!(fp = fopen(RSTRING_PTR(filename), "r"))) {
83
+ if (!(fp = fopen(StringValueCStr(filename), "r"))) {
84
84
  ossl_raise(eX509CertError, "%s", strerror(errno));
85
85
  }
86
86
  rb_fd_fix_cloexec(fileno(fp));
@@ -122,7 +122,7 @@ DupX509CertPtr(VALUE obj)
122
122
 
123
123
  SafeGetX509(obj, x509);
124
124
 
125
- CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
125
+ X509_up_ref(x509);
126
126
 
127
127
  return x509;
128
128
  }
@@ -161,7 +161,7 @@ ossl_x509_initialize(int argc, VALUE *argv, VALUE self)
161
161
  return self;
162
162
  }
163
163
  arg = ossl_to_der_if_possible(arg);
164
- in = ossl_obj2bio(arg);
164
+ in = ossl_obj2bio(&arg);
165
165
  x509 = PEM_read_bio_X509(in, &x, NULL, NULL);
166
166
  DATA_PTR(self) = x;
167
167
  if (!x509) {
@@ -349,9 +349,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
349
349
  X509 *x509;
350
350
 
351
351
  GetX509(self, x509);
352
-
353
- x509->cert_info->serialNumber =
354
- num_to_asn1integer(num, X509_get_serialNumber(x509));
352
+ X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));
355
353
 
356
354
  return num;
357
355
  }
@@ -371,7 +369,7 @@ ossl_x509_get_signature_algorithm(VALUE self)
371
369
  out = BIO_new(BIO_s_mem());
372
370
  if (!out) ossl_raise(eX509CertError, NULL);
373
371
 
374
- if (!i2a_ASN1_OBJECT(out, x509->cert_info->signature->algorithm)) {
372
+ if (!i2a_ASN1_OBJECT(out, X509_get0_tbs_sigalg(x509)->algorithm)) {
375
373
  BIO_free(out);
376
374
  ossl_raise(eX509CertError, NULL);
377
375
  }
@@ -458,10 +456,10 @@ static VALUE
458
456
  ossl_x509_get_not_before(VALUE self)
459
457
  {
460
458
  X509 *x509;
461
- ASN1_UTCTIME *asn1time;
459
+ const ASN1_TIME *asn1time;
462
460
 
463
461
  GetX509(self, x509);
464
- if (!(asn1time = X509_get_notBefore(x509))) { /* NO DUP - don't free! */
462
+ if (!(asn1time = X509_get0_notBefore(x509))) {
465
463
  ossl_raise(eX509CertError, NULL);
466
464
  }
467
465
 
@@ -476,13 +474,15 @@ static VALUE
476
474
  ossl_x509_set_not_before(VALUE self, VALUE time)
477
475
  {
478
476
  X509 *x509;
479
- time_t sec;
477
+ ASN1_TIME *asn1time;
480
478
 
481
- sec = time_to_time_t(time);
482
479
  GetX509(self, x509);
483
- if (!X509_time_adj(X509_get_notBefore(x509), 0, &sec)) {
484
- ossl_raise(eX509CertError, NULL);
480
+ asn1time = ossl_x509_time_adjust(NULL, time);
481
+ if (!X509_set_notBefore(x509, asn1time)) {
482
+ ASN1_TIME_free(asn1time);
483
+ ossl_raise(eX509CertError, "X509_set_notBefore");
485
484
  }
485
+ ASN1_TIME_free(asn1time);
486
486
 
487
487
  return time;
488
488
  }
@@ -495,10 +495,10 @@ static VALUE
495
495
  ossl_x509_get_not_after(VALUE self)
496
496
  {
497
497
  X509 *x509;
498
- ASN1_TIME *asn1time;
498
+ const ASN1_TIME *asn1time;
499
499
 
500
500
  GetX509(self, x509);
501
- if (!(asn1time = X509_get_notAfter(x509))) { /* NO DUP - don't free! */
501
+ if (!(asn1time = X509_get0_notAfter(x509))) {
502
502
  ossl_raise(eX509CertError, NULL);
503
503
  }
504
504
 
@@ -513,13 +513,15 @@ static VALUE
513
513
  ossl_x509_set_not_after(VALUE self, VALUE time)
514
514
  {
515
515
  X509 *x509;
516
- time_t sec;
516
+ ASN1_TIME *asn1time;
517
517
 
518
- sec = time_to_time_t(time);
519
518
  GetX509(self, x509);
520
- if (!X509_time_adj(X509_get_notAfter(x509), 0, &sec)) {
521
- ossl_raise(eX509CertError, NULL);
519
+ asn1time = ossl_x509_time_adjust(NULL, time);
520
+ if (!X509_set_notAfter(x509, asn1time)) {
521
+ ASN1_TIME_free(asn1time);
522
+ ossl_raise(eX509CertError, "X509_set_notAfter");
522
523
  }
524
+ ASN1_TIME_free(asn1time);
523
525
 
524
526
  return time;
525
527
  }
@@ -544,18 +546,19 @@ ossl_x509_get_public_key(VALUE self)
544
546
 
545
547
  /*
546
548
  * call-seq:
547
- * cert.public_key = key => key
549
+ * cert.public_key = key
548
550
  */
549
551
  static VALUE
550
552
  ossl_x509_set_public_key(VALUE self, VALUE key)
551
553
  {
552
554
  X509 *x509;
555
+ EVP_PKEY *pkey;
553
556
 
554
557
  GetX509(self, x509);
555
- if (!X509_set_pubkey(x509, GetPKeyPtr(key))) { /* DUPs pkey */
556
- ossl_raise(eX509CertError, NULL);
557
- }
558
-
558
+ pkey = GetPKeyPtr(key);
559
+ ossl_pkey_check_public_key(pkey);
560
+ if (!X509_set_pubkey(x509, pkey))
561
+ ossl_raise(eX509CertError, "X509_set_pubkey");
559
562
  return key;
560
563
  }
561
564
 
@@ -591,18 +594,19 @@ ossl_x509_verify(VALUE self, VALUE key)
591
594
  {
592
595
  X509 *x509;
593
596
  EVP_PKEY *pkey;
594
- int i;
595
597
 
596
- pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
597
598
  GetX509(self, x509);
598
- if ((i = X509_verify(x509, pkey)) < 0) {
599
- ossl_raise(eX509CertError, NULL);
600
- }
601
- if (i > 0) {
599
+ pkey = GetPKeyPtr(key);
600
+ ossl_pkey_check_public_key(pkey);
601
+ switch (X509_verify(x509, pkey)) {
602
+ case 1:
602
603
  return Qtrue;
604
+ case 0:
605
+ ossl_clear_error();
606
+ return Qfalse;
607
+ default:
608
+ ossl_raise(eX509CertError, NULL);
603
609
  }
604
-
605
- return Qfalse;
606
610
  }
607
611
 
608
612
  /*
@@ -621,7 +625,7 @@ ossl_x509_check_private_key(VALUE self, VALUE key)
621
625
  pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
622
626
  GetX509(self, x509);
623
627
  if (!X509_check_private_key(x509, pkey)) {
624
- OSSL_Warning("Check private key:%s", OSSL_ErrMsg());
628
+ ossl_clear_error();
625
629
  return Qfalse;
626
630
  }
627
631
 
@@ -671,16 +675,13 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
671
675
  OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
672
676
  }
673
677
  GetX509(self, x509);
674
- sk_X509_EXTENSION_pop_free(x509->cert_info->extensions, X509_EXTENSION_free);
675
- x509->cert_info->extensions = NULL;
678
+ while ((ext = X509_delete_ext(x509, 0)))
679
+ X509_EXTENSION_free(ext);
676
680
  for (i=0; i<RARRAY_LEN(ary); i++) {
677
- ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
678
-
679
- if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
680
- X509_EXTENSION_free(ext);
681
+ ext = GetX509ExtPtr(RARRAY_AREF(ary, i));
682
+ if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext */
681
683
  ossl_raise(eX509CertError, NULL);
682
684
  }
683
- X509_EXTENSION_free(ext);
684
685
  }
685
686
 
686
687
  return ary;
@@ -697,12 +698,10 @@ ossl_x509_add_extension(VALUE self, VALUE extension)
697
698
  X509_EXTENSION *ext;
698
699
 
699
700
  GetX509(self, x509);
700
- ext = DupX509ExtPtr(extension);
701
+ ext = GetX509ExtPtr(extension);
701
702
  if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
702
- X509_EXTENSION_free(ext);
703
703
  ossl_raise(eX509CertError, NULL);
704
704
  }
705
- X509_EXTENSION_free(ext);
706
705
 
707
706
  return extension;
708
707
  }
@@ -727,9 +726,9 @@ ossl_x509_inspect(VALUE self)
727
726
  void
728
727
  Init_ossl_x509cert(void)
729
728
  {
730
-
731
729
  #if 0
732
- mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
730
+ mOSSL = rb_define_module("OpenSSL");
731
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
733
732
  mX509 = rb_define_module_under(mOSSL, "X509");
734
733
  #endif
735
734
 
@@ -67,7 +67,7 @@ DupX509CRLPtr(VALUE obj)
67
67
  X509_CRL *crl;
68
68
 
69
69
  SafeGetX509CRL(obj, crl);
70
- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
70
+ X509_CRL_up_ref(crl);
71
71
 
72
72
  return crl;
73
73
  }
@@ -115,7 +115,7 @@ ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self)
115
115
  return self;
116
116
  }
117
117
  arg = ossl_to_der_if_possible(arg);
118
- in = ossl_obj2bio(arg);
118
+ in = ossl_obj2bio(&arg);
119
119
  crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL);
120
120
  DATA_PTR(self) = x;
121
121
  if (!crl) {
@@ -180,22 +180,20 @@ static VALUE
180
180
  ossl_x509crl_get_signature_algorithm(VALUE self)
181
181
  {
182
182
  X509_CRL *crl;
183
+ const X509_ALGOR *alg;
183
184
  BIO *out;
184
- BUF_MEM *buf;
185
- VALUE str;
186
185
 
187
186
  GetX509CRL(self, crl);
188
187
  if (!(out = BIO_new(BIO_s_mem()))) {
189
188
  ossl_raise(eX509CRLError, NULL);
190
189
  }
191
- if (!i2a_ASN1_OBJECT(out, crl->sig_alg->algorithm)) {
190
+ X509_CRL_get0_signature(crl, NULL, &alg);
191
+ if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
192
192
  BIO_free(out);
193
193
  ossl_raise(eX509CRLError, NULL);
194
194
  }
195
- BIO_get_mem_ptr(out, &buf);
196
- str = rb_str_new(buf->data, buf->length);
197
- BIO_free(out);
198
- return str;
195
+
196
+ return ossl_membio2str(out);
199
197
  }
200
198
 
201
199
  static VALUE
@@ -228,20 +226,22 @@ ossl_x509crl_get_last_update(VALUE self)
228
226
 
229
227
  GetX509CRL(self, crl);
230
228
 
231
- return asn1time_to_time(X509_CRL_get_lastUpdate(crl));
229
+ return asn1time_to_time(X509_CRL_get0_lastUpdate(crl));
232
230
  }
233
231
 
234
232
  static VALUE
235
233
  ossl_x509crl_set_last_update(VALUE self, VALUE time)
236
234
  {
237
235
  X509_CRL *crl;
238
- time_t sec;
236
+ ASN1_TIME *asn1time;
239
237
 
240
- sec = time_to_time_t(time);
241
238
  GetX509CRL(self, crl);
242
- if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) {
243
- ossl_raise(eX509CRLError, NULL);
239
+ asn1time = ossl_x509_time_adjust(NULL, time);
240
+ if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
241
+ ASN1_TIME_free(asn1time);
242
+ ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
244
243
  }
244
+ ASN1_TIME_free(asn1time);
245
245
 
246
246
  return time;
247
247
  }
@@ -253,21 +253,22 @@ ossl_x509crl_get_next_update(VALUE self)
253
253
 
254
254
  GetX509CRL(self, crl);
255
255
 
256
- return asn1time_to_time(X509_CRL_get_nextUpdate(crl));
256
+ return asn1time_to_time(X509_CRL_get0_nextUpdate(crl));
257
257
  }
258
258
 
259
259
  static VALUE
260
260
  ossl_x509crl_set_next_update(VALUE self, VALUE time)
261
261
  {
262
262
  X509_CRL *crl;
263
- time_t sec;
263
+ ASN1_TIME *asn1time;
264
264
 
265
- sec = time_to_time_t(time);
266
265
  GetX509CRL(self, crl);
267
- /* This must be some thinko in OpenSSL */
268
- if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){
269
- ossl_raise(eX509CRLError, NULL);
266
+ asn1time = ossl_x509_time_adjust(NULL, time);
267
+ if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
268
+ ASN1_TIME_free(asn1time);
269
+ ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
270
270
  }
271
+ ASN1_TIME_free(asn1time);
271
272
 
272
273
  return time;
273
274
  }
@@ -302,6 +303,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
302
303
  {
303
304
  X509_CRL *crl;
304
305
  X509_REVOKED *rev;
306
+ STACK_OF(X509_REVOKED) *sk;
305
307
  long i;
306
308
 
307
309
  Check_Type(ary, T_ARRAY);
@@ -310,8 +312,10 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
310
312
  OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
311
313
  }
312
314
  GetX509CRL(self, crl);
313
- sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free);
314
- crl->crl->revoked = NULL;
315
+ if ((sk = X509_CRL_get_REVOKED(crl))) {
316
+ while ((rev = sk_X509_REVOKED_pop(sk)))
317
+ X509_REVOKED_free(rev);
318
+ }
315
319
  for (i=0; i<RARRAY_LEN(ary); i++) {
316
320
  rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
317
321
  if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
@@ -362,17 +366,20 @@ static VALUE
362
366
  ossl_x509crl_verify(VALUE self, VALUE key)
363
367
  {
364
368
  X509_CRL *crl;
365
- int ret;
369
+ EVP_PKEY *pkey;
366
370
 
367
371
  GetX509CRL(self, crl);
368
- if ((ret = X509_CRL_verify(crl, GetPKeyPtr(key))) < 0) {
369
- ossl_raise(eX509CRLError, NULL);
370
- }
371
- if (ret == 1) {
372
+ pkey = GetPKeyPtr(key);
373
+ ossl_pkey_check_public_key(pkey);
374
+ switch (X509_CRL_verify(crl, pkey)) {
375
+ case 1:
372
376
  return Qtrue;
377
+ case 0:
378
+ ossl_clear_error();
379
+ return Qfalse;
380
+ default:
381
+ ossl_raise(eX509CRLError, NULL);
373
382
  }
374
-
375
- return Qfalse;
376
383
  }
377
384
 
378
385
  static VALUE
@@ -380,8 +387,6 @@ ossl_x509crl_to_der(VALUE self)
380
387
  {
381
388
  X509_CRL *crl;
382
389
  BIO *out;
383
- BUF_MEM *buf;
384
- VALUE str;
385
390
 
386
391
  GetX509CRL(self, crl);
387
392
  if (!(out = BIO_new(BIO_s_mem()))) {
@@ -391,11 +396,8 @@ ossl_x509crl_to_der(VALUE self)
391
396
  BIO_free(out);
392
397
  ossl_raise(eX509CRLError, NULL);
393
398
  }
394
- BIO_get_mem_ptr(out, &buf);
395
- str = rb_str_new(buf->data, buf->length);
396
- BIO_free(out);
397
399
 
398
- return str;
400
+ return ossl_membio2str(out);
399
401
  }
400
402
 
401
403
  static VALUE
@@ -403,8 +405,6 @@ ossl_x509crl_to_pem(VALUE self)
403
405
  {
404
406
  X509_CRL *crl;
405
407
  BIO *out;
406
- BUF_MEM *buf;
407
- VALUE str;
408
408
 
409
409
  GetX509CRL(self, crl);
410
410
  if (!(out = BIO_new(BIO_s_mem()))) {
@@ -414,11 +414,8 @@ ossl_x509crl_to_pem(VALUE self)
414
414
  BIO_free(out);
415
415
  ossl_raise(eX509CRLError, NULL);
416
416
  }
417
- BIO_get_mem_ptr(out, &buf);
418
- str = rb_str_new(buf->data, buf->length);
419
- BIO_free(out);
420
417
 
421
- return str;
418
+ return ossl_membio2str(out);
422
419
  }
423
420
 
424
421
  static VALUE
@@ -426,8 +423,6 @@ ossl_x509crl_to_text(VALUE self)
426
423
  {
427
424
  X509_CRL *crl;
428
425
  BIO *out;
429
- BUF_MEM *buf;
430
- VALUE str;
431
426
 
432
427
  GetX509CRL(self, crl);
433
428
  if (!(out = BIO_new(BIO_s_mem()))) {
@@ -437,11 +432,8 @@ ossl_x509crl_to_text(VALUE self)
437
432
  BIO_free(out);
438
433
  ossl_raise(eX509CRLError, NULL);
439
434
  }
440
- BIO_get_mem_ptr(out, &buf);
441
- str = rb_str_new(buf->data, buf->length);
442
- BIO_free(out);
443
435
 
444
- return str;
436
+ return ossl_membio2str(out);
445
437
  }
446
438
 
447
439
  /*
@@ -486,15 +478,13 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
486
478
  OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
487
479
  }
488
480
  GetX509CRL(self, crl);
489
- sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
490
- crl->crl->extensions = NULL;
481
+ while ((ext = X509_CRL_delete_ext(crl, 0)))
482
+ X509_EXTENSION_free(ext);
491
483
  for (i=0; i<RARRAY_LEN(ary); i++) {
492
- ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
493
- if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
494
- X509_EXTENSION_free(ext);
484
+ ext = GetX509ExtPtr(RARRAY_AREF(ary, i)); /* NO NEED TO DUP */
485
+ if (!X509_CRL_add_ext(crl, ext, -1)) {
495
486
  ossl_raise(eX509CRLError, NULL);
496
487
  }
497
- X509_EXTENSION_free(ext);
498
488
  }
499
489
 
500
490
  return ary;
@@ -507,12 +497,10 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
507
497
  X509_EXTENSION *ext;
508
498
 
509
499
  GetX509CRL(self, crl);
510
- ext = DupX509ExtPtr(extension);
511
- if (!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */
512
- X509_EXTENSION_free(ext);
500
+ ext = GetX509ExtPtr(extension);
501
+ if (!X509_CRL_add_ext(crl, ext, -1)) {
513
502
  ossl_raise(eX509CRLError, NULL);
514
503
  }
515
- X509_EXTENSION_free(ext);
516
504
 
517
505
  return extension;
518
506
  }
@@ -523,6 +511,12 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
523
511
  void
524
512
  Init_ossl_x509crl(void)
525
513
  {
514
+ #if 0
515
+ mOSSL = rb_define_module("OpenSSL");
516
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
517
+ mX509 = rb_define_module_under(mOSSL, "X509");
518
+ #endif
519
+
526
520
  eX509CRLError = rb_define_class_under(mX509, "CRLError", eOSSLError);
527
521
 
528
522
  cX509CRL = rb_define_class_under(mX509, "CRL", rb_cObject);