rubysl-openssl 2.10 → 2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. checksums.yaml +5 -5
  2. data/ext/rubysl/openssl/deprecation.rb +7 -3
  3. data/ext/rubysl/openssl/extconf.rb +148 -103
  4. data/ext/rubysl/openssl/openssl_missing.c +94 -275
  5. data/ext/rubysl/openssl/openssl_missing.h +167 -98
  6. data/ext/rubysl/openssl/ossl.c +266 -212
  7. data/ext/rubysl/openssl/ossl.h +27 -89
  8. data/ext/rubysl/openssl/ossl_asn1.c +157 -221
  9. data/ext/rubysl/openssl/ossl_asn1.h +11 -3
  10. data/ext/rubysl/openssl/ossl_bio.c +10 -40
  11. data/ext/rubysl/openssl/ossl_bio.h +1 -2
  12. data/ext/rubysl/openssl/ossl_bn.c +144 -100
  13. data/ext/rubysl/openssl/ossl_bn.h +3 -1
  14. data/ext/rubysl/openssl/ossl_cipher.c +270 -195
  15. data/ext/rubysl/openssl/ossl_config.c +7 -1
  16. data/ext/rubysl/openssl/ossl_config.h +0 -1
  17. data/ext/rubysl/openssl/ossl_digest.c +40 -29
  18. data/ext/rubysl/openssl/ossl_engine.c +23 -62
  19. data/ext/rubysl/openssl/ossl_hmac.c +82 -55
  20. data/ext/rubysl/openssl/ossl_ns_spki.c +22 -22
  21. data/ext/rubysl/openssl/ossl_ocsp.c +894 -144
  22. data/ext/rubysl/openssl/ossl_ocsp.h +1 -1
  23. data/ext/rubysl/openssl/ossl_pkcs12.c +47 -19
  24. data/ext/rubysl/openssl/ossl_pkcs5.c +7 -15
  25. data/ext/rubysl/openssl/ossl_pkcs7.c +38 -15
  26. data/ext/rubysl/openssl/ossl_pkey.c +151 -99
  27. data/ext/rubysl/openssl/ossl_pkey.h +123 -29
  28. data/ext/rubysl/openssl/ossl_pkey_dh.c +143 -92
  29. data/ext/rubysl/openssl/ossl_pkey_dsa.c +149 -104
  30. data/ext/rubysl/openssl/ossl_pkey_ec.c +646 -524
  31. data/ext/rubysl/openssl/ossl_pkey_rsa.c +180 -121
  32. data/ext/rubysl/openssl/ossl_rand.c +25 -21
  33. data/ext/rubysl/openssl/ossl_ssl.c +795 -413
  34. data/ext/rubysl/openssl/ossl_ssl.h +3 -0
  35. data/ext/rubysl/openssl/ossl_ssl_session.c +83 -77
  36. data/ext/rubysl/openssl/ossl_version.h +1 -1
  37. data/ext/rubysl/openssl/ossl_x509.c +92 -8
  38. data/ext/rubysl/openssl/ossl_x509.h +14 -5
  39. data/ext/rubysl/openssl/ossl_x509attr.c +77 -41
  40. data/ext/rubysl/openssl/ossl_x509cert.c +45 -46
  41. data/ext/rubysl/openssl/ossl_x509crl.c +51 -57
  42. data/ext/rubysl/openssl/ossl_x509ext.c +39 -33
  43. data/ext/rubysl/openssl/ossl_x509name.c +68 -45
  44. data/ext/rubysl/openssl/ossl_x509req.c +32 -38
  45. data/ext/rubysl/openssl/ossl_x509revoked.c +43 -9
  46. data/ext/rubysl/openssl/ossl_x509store.c +309 -104
  47. data/ext/rubysl/openssl/ruby_missing.h +8 -6
  48. data/lib/openssl/buffering.rb +11 -5
  49. data/lib/openssl/cipher.rb +23 -15
  50. data/lib/openssl/digest.rb +7 -10
  51. data/lib/openssl/pkey.rb +15 -8
  52. data/lib/openssl/ssl.rb +81 -105
  53. data/lib/rubysl/openssl.rb +1 -4
  54. data/lib/rubysl/openssl/version.rb +1 -1
  55. metadata +3 -4
@@ -95,19 +95,6 @@ GetX509ExtPtr(VALUE obj)
95
95
  return ext;
96
96
  }
97
97
 
98
- X509_EXTENSION *
99
- DupX509ExtPtr(VALUE obj)
100
- {
101
- X509_EXTENSION *ext, *new;
102
-
103
- SafeGetX509Ext(obj, ext);
104
- if (!(new = X509_EXTENSION_dup(ext))) {
105
- ossl_raise(eX509ExtError, NULL);
106
- }
107
-
108
- return new;
109
- }
110
-
111
98
  /*
112
99
  * Private
113
100
  */
@@ -211,12 +198,11 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
211
198
  }
212
199
 
213
200
  /*
214
- * Array to X509_EXTENSION
215
- * Structure:
216
- * ["ln", "value", bool_critical] or
217
- * ["sn", "value", bool_critical] or
218
- * ["ln", "critical,value"] or the same for sn
219
- * ["ln", "value"] => not critical
201
+ * call-seq:
202
+ * ef.create_ext(ln_or_sn, "value", critical = false) -> X509::Extension
203
+ * ef.create_ext(ln_or_sn, "critical,value") -> X509::Extension
204
+ *
205
+ * Creates a new X509::Extension with passed values. See also x509v3_config(5).
220
206
  */
221
207
  static VALUE
222
208
  ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
@@ -225,39 +211,32 @@ ossl_x509extfactory_create_ext(int argc, VALUE *argv, VALUE self)
225
211
  X509_EXTENSION *ext;
226
212
  VALUE oid, value, critical, valstr, obj;
227
213
  int nid;
228
- #ifdef HAVE_X509V3_EXT_NCONF_NID
229
214
  VALUE rconf;
230
215
  CONF *conf;
231
- #else
232
- static LHASH *empty_lhash;
233
- #endif
234
216
 
235
217
  rb_scan_args(argc, argv, "21", &oid, &value, &critical);
236
- StringValue(oid);
218
+ StringValueCStr(oid);
237
219
  StringValue(value);
238
220
  if(NIL_P(critical)) critical = Qfalse;
239
221
 
240
222
  nid = OBJ_ln2nid(RSTRING_PTR(oid));
241
223
  if(!nid) nid = OBJ_sn2nid(RSTRING_PTR(oid));
242
- if(!nid) ossl_raise(eX509ExtError, "unknown OID `%s'", RSTRING_PTR(oid));
224
+ if(!nid) ossl_raise(eX509ExtError, "unknown OID `%"PRIsVALUE"'", oid);
225
+
243
226
  valstr = rb_str_new2(RTEST(critical) ? "critical," : "");
244
227
  rb_str_append(valstr, value);
228
+ StringValueCStr(valstr);
229
+
245
230
  GetX509ExtFactory(self, ctx);
246
231
  obj = NewX509Ext(cX509Ext);
247
- #ifdef HAVE_X509V3_EXT_NCONF_NID
248
232
  rconf = rb_iv_get(self, "@config");
249
233
  conf = NIL_P(rconf) ? NULL : DupConfigPtr(rconf);
250
234
  X509V3_set_nconf(ctx, conf);
251
235
  ext = X509V3_EXT_nconf_nid(conf, ctx, nid, RSTRING_PTR(valstr));
252
236
  X509V3_set_ctx_nodb(ctx);
253
237
  NCONF_free(conf);
254
- #else
255
- if (!empty_lhash) empty_lhash = lh_new(NULL, NULL);
256
- ext = X509V3_EXT_conf_nid(empty_lhash, ctx, nid, RSTRING_PTR(valstr));
257
- #endif
258
238
  if (!ext){
259
- ossl_raise(eX509ExtError, "%s = %s",
260
- RSTRING_PTR(oid), RSTRING_PTR(value));
239
+ ossl_raise(eX509ExtError, "%"PRIsVALUE" = %"PRIsVALUE, oid, valstr);
261
240
  }
262
241
  SetX509Ext(obj, ext);
263
242
 
@@ -319,6 +298,25 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
319
298
  return self;
320
299
  }
321
300
 
301
+ static VALUE
302
+ ossl_x509ext_initialize_copy(VALUE self, VALUE other)
303
+ {
304
+ X509_EXTENSION *ext, *ext_other, *ext_new;
305
+
306
+ rb_check_frozen(self);
307
+ GetX509Ext(self, ext);
308
+ SafeGetX509Ext(other, ext_other);
309
+
310
+ ext_new = X509_EXTENSION_dup(ext_other);
311
+ if (!ext_new)
312
+ ossl_raise(eX509ExtError, "X509_EXTENSION_dup");
313
+
314
+ SetX509Ext(self, ext_new);
315
+ X509_EXTENSION_free(ext);
316
+
317
+ return self;
318
+ }
319
+
322
320
  static VALUE
323
321
  ossl_x509ext_set_oid(VALUE self, VALUE oid)
324
322
  {
@@ -402,7 +400,7 @@ ossl_x509ext_get_value(VALUE obj)
402
400
  if (!(out = BIO_new(BIO_s_mem())))
403
401
  ossl_raise(eX509ExtError, NULL);
404
402
  if (!X509V3_EXT_print(out, ext, 0, 0))
405
- M_ASN1_OCTET_STRING_print(out, ext->value);
403
+ ASN1_STRING_print(out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
406
404
  ret = ossl_membio2str(out);
407
405
 
408
406
  return ret;
@@ -443,6 +441,13 @@ ossl_x509ext_to_der(VALUE obj)
443
441
  void
444
442
  Init_ossl_x509ext(void)
445
443
  {
444
+ #undef rb_intern
445
+ #if 0
446
+ mOSSL = rb_define_module("OpenSSL");
447
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
448
+ mX509 = rb_define_module_under(mOSSL, "X509");
449
+ #endif
450
+
446
451
  eX509ExtError = rb_define_class_under(mX509, "ExtensionError", eOSSLError);
447
452
 
448
453
  cX509ExtFactory = rb_define_class_under(mX509, "ExtensionFactory", rb_cObject);
@@ -465,6 +470,7 @@ Init_ossl_x509ext(void)
465
470
  cX509Ext = rb_define_class_under(mX509, "Extension", rb_cObject);
466
471
  rb_define_alloc_func(cX509Ext, ossl_x509ext_alloc);
467
472
  rb_define_method(cX509Ext, "initialize", ossl_x509ext_initialize, -1);
473
+ rb_define_copy_func(cX509Ext, ossl_x509ext_initialize_copy);
468
474
  rb_define_method(cX509Ext, "oid=", ossl_x509ext_set_oid, 1);
469
475
  rb_define_method(cX509Ext, "value=", ossl_x509ext_set_value, 1);
470
476
  rb_define_method(cX509Ext, "critical=", ossl_x509ext_set_critical, 1);
@@ -181,6 +181,25 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
181
181
  return self;
182
182
  }
183
183
 
184
+ static VALUE
185
+ ossl_x509name_initialize_copy(VALUE self, VALUE other)
186
+ {
187
+ X509_NAME *name, *name_other, *name_new;
188
+
189
+ rb_check_frozen(self);
190
+ GetX509Name(self, name);
191
+ SafeGetX509Name(other, name_other);
192
+
193
+ name_new = X509_NAME_dup(name_other);
194
+ if (!name_new)
195
+ ossl_raise(eX509NameError, "X509_NAME_dup");
196
+
197
+ SetX509Name(self, name_new);
198
+ X509_NAME_free(name);
199
+
200
+ return self;
201
+ }
202
+
184
203
  /*
185
204
  * call-seq:
186
205
  * name.add_entry(oid, value [, type]) => self
@@ -220,14 +239,31 @@ ossl_x509name_to_s_old(VALUE self)
220
239
  {
221
240
  X509_NAME *name;
222
241
  char *buf;
223
- VALUE str;
224
242
 
225
243
  GetX509Name(self, name);
226
244
  buf = X509_NAME_oneline(name, NULL, 0);
227
- str = rb_str_new2(buf);
228
- OPENSSL_free(buf);
245
+ if (!buf)
246
+ ossl_raise(eX509NameError, "X509_NAME_oneline");
247
+ return ossl_buf2str(buf, rb_long2int(strlen(buf)));
248
+ }
229
249
 
230
- return str;
250
+ static VALUE
251
+ x509name_print(VALUE self, unsigned long iflag)
252
+ {
253
+ X509_NAME *name;
254
+ BIO *out;
255
+ int ret;
256
+
257
+ GetX509Name(self, name);
258
+ out = BIO_new(BIO_s_mem());
259
+ if (!out)
260
+ ossl_raise(eX509NameError, NULL);
261
+ ret = X509_NAME_print_ex(out, name, 0, iflag);
262
+ if (ret < 0 || iflag == XN_FLAG_COMPAT && ret == 0) {
263
+ BIO_free(out);
264
+ ossl_raise(eX509NameError, "X509_NAME_print_ex");
265
+ }
266
+ return ossl_membio2str(out);
231
267
  }
232
268
 
233
269
  /*
@@ -245,25 +281,12 @@ ossl_x509name_to_s_old(VALUE self)
245
281
  static VALUE
246
282
  ossl_x509name_to_s(int argc, VALUE *argv, VALUE self)
247
283
  {
248
- X509_NAME *name;
249
- VALUE flag, str;
250
- BIO *out;
251
- unsigned long iflag;
252
-
253
- rb_scan_args(argc, argv, "01", &flag);
254
- if (NIL_P(flag))
284
+ rb_check_arity(argc, 0, 1);
285
+ /* name.to_s(nil) was allowed */
286
+ if (!argc || NIL_P(argv[0]))
255
287
  return ossl_x509name_to_s_old(self);
256
- else iflag = NUM2ULONG(flag);
257
- if (!(out = BIO_new(BIO_s_mem())))
258
- ossl_raise(eX509NameError, NULL);
259
- GetX509Name(self, name);
260
- if (!X509_NAME_print_ex(out, name, 0, iflag)){
261
- BIO_free(out);
262
- ossl_raise(eX509NameError, NULL);
263
- }
264
- str = ossl_membio2str(out);
265
-
266
- return str;
288
+ else
289
+ return x509name_print(self, NUM2ULONG(argv[0]));
267
290
  }
268
291
 
269
292
  /*
@@ -282,6 +305,7 @@ ossl_x509name_to_a(VALUE self)
282
305
  char long_name[512];
283
306
  const char *short_name;
284
307
  VALUE ary, vname, ret;
308
+ ASN1_STRING *value;
285
309
 
286
310
  GetX509Name(self, name);
287
311
  entries = X509_NAME_entry_count(name);
@@ -294,7 +318,8 @@ ossl_x509name_to_a(VALUE self)
294
318
  if (!(entry = X509_NAME_get_entry(name, i))) {
295
319
  ossl_raise(eX509NameError, NULL);
296
320
  }
297
- if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) {
321
+ if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name),
322
+ X509_NAME_ENTRY_get_object(entry))) {
298
323
  ossl_raise(eX509NameError, NULL);
299
324
  }
300
325
  nid = OBJ_ln2nid(long_name);
@@ -304,10 +329,8 @@ ossl_x509name_to_a(VALUE self)
304
329
  short_name = OBJ_nid2sn(nid);
305
330
  vname = rb_str_new2(short_name); /*do not free*/
306
331
  }
307
- ary = rb_ary_new3(3,
308
- vname,
309
- rb_str_new((const char *)entry->value->data, entry->value->length),
310
- INT2FIX(entry->value->type));
332
+ value = X509_NAME_ENTRY_get_data(entry);
333
+ ary = rb_ary_new3(3, vname, asn1str_to_str(value), INT2NUM(value->type));
311
334
  rb_ary_push(ret, ary);
312
335
  }
313
336
  return ret;
@@ -339,7 +362,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
339
362
 
340
363
  result = ossl_x509name_cmp0(self, other);
341
364
  if (result < 0) return INT2FIX(-1);
342
- if (result > 1) return INT2FIX(1);
365
+ if (result > 0) return INT2FIX(1);
343
366
 
344
367
  return INT2FIX(0);
345
368
  }
@@ -353,12 +376,10 @@ ossl_x509name_cmp(VALUE self, VALUE other)
353
376
  static VALUE
354
377
  ossl_x509name_eql(VALUE self, VALUE other)
355
378
  {
356
- int result;
379
+ if (!rb_obj_is_kind_of(other, cX509Name))
380
+ return Qfalse;
357
381
 
358
- if(CLASS_OF(other) != cX509Name) return Qfalse;
359
- result = ossl_x509name_cmp0(self, other);
360
-
361
- return (result == 0) ? Qtrue : Qfalse;
382
+ return ossl_x509name_cmp0(self, other) == 0 ? Qtrue : Qfalse;
362
383
  }
363
384
 
364
385
  /*
@@ -445,8 +466,15 @@ ossl_x509name_to_der(VALUE self)
445
466
  void
446
467
  Init_ossl_x509name(void)
447
468
  {
469
+ #undef rb_intern
448
470
  VALUE utf8str, ptrstr, ia5str, hash;
449
471
 
472
+ #if 0
473
+ mOSSL = rb_define_module("OpenSSL");
474
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
475
+ mX509 = rb_define_module_under(mOSSL, "X509");
476
+ #endif
477
+
450
478
  id_aref = rb_intern("[]");
451
479
  eX509NameError = rb_define_class_under(mX509, "NameError", eOSSLError);
452
480
  cX509Name = rb_define_class_under(mX509, "Name", rb_cObject);
@@ -455,6 +483,7 @@ Init_ossl_x509name(void)
455
483
 
456
484
  rb_define_alloc_func(cX509Name, ossl_x509name_alloc);
457
485
  rb_define_method(cX509Name, "initialize", ossl_x509name_initialize, -1);
486
+ rb_define_copy_func(cX509Name, ossl_x509name_initialize_copy);
458
487
  rb_define_method(cX509Name, "add_entry", ossl_x509name_add_entry, -1);
459
488
  rb_define_method(cX509Name, "to_s", ossl_x509name_to_s, -1);
460
489
  rb_define_method(cX509Name, "to_a", ossl_x509name_to_a, 0);
@@ -471,8 +500,7 @@ Init_ossl_x509name(void)
471
500
  ptrstr = INT2NUM(V_ASN1_PRINTABLESTRING);
472
501
  ia5str = INT2NUM(V_ASN1_IA5STRING);
473
502
 
474
- /* Document-const: DEFAULT_OBJECT_TYPE
475
- *
503
+ /*
476
504
  * The default object type for name entries.
477
505
  */
478
506
  rb_define_const(cX509Name, "DEFAULT_OBJECT_TYPE", utf8str);
@@ -486,14 +514,12 @@ Init_ossl_x509name(void)
486
514
  rb_hash_aset(hash, rb_str_new2("domainComponent"), ia5str);
487
515
  rb_hash_aset(hash, rb_str_new2("emailAddress"), ia5str);
488
516
 
489
- /* Document-const: OBJECT_TYPE_TEMPLATE
490
- *
517
+ /*
491
518
  * The default object type template for name entries.
492
519
  */
493
520
  rb_define_const(cX509Name, "OBJECT_TYPE_TEMPLATE", hash);
494
521
 
495
- /* Document-const: COMPAT
496
- *
522
+ /*
497
523
  * A flag for #to_s.
498
524
  *
499
525
  * Breaks the name returned into multiple lines if longer than 80
@@ -501,24 +527,21 @@ Init_ossl_x509name(void)
501
527
  */
502
528
  rb_define_const(cX509Name, "COMPAT", ULONG2NUM(XN_FLAG_COMPAT));
503
529
 
504
- /* Document-const: RFC2253
505
- *
530
+ /*
506
531
  * A flag for #to_s.
507
532
  *
508
533
  * Returns an RFC2253 format name.
509
534
  */
510
535
  rb_define_const(cX509Name, "RFC2253", ULONG2NUM(XN_FLAG_RFC2253));
511
536
 
512
- /* Document-const: ONELINE
513
- *
537
+ /*
514
538
  * A flag for #to_s.
515
539
  *
516
540
  * Returns a more readable format than RFC2253.
517
541
  */
518
542
  rb_define_const(cX509Name, "ONELINE", ULONG2NUM(XN_FLAG_ONELINE));
519
543
 
520
- /* Document-const: MULTILINE
521
- *
544
+ /*
522
545
  * A flag for #to_s.
523
546
  *
524
547
  * Returns a multiline format.
@@ -123,7 +123,7 @@ ossl_x509req_initialize(int argc, VALUE *argv, VALUE self)
123
123
  return self;
124
124
  }
125
125
  arg = ossl_to_der_if_possible(arg);
126
- in = ossl_obj2bio(arg);
126
+ in = ossl_obj2bio(&arg);
127
127
  req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL);
128
128
  DATA_PTR(self) = x;
129
129
  if (!req) {
@@ -160,8 +160,6 @@ ossl_x509req_to_pem(VALUE self)
160
160
  {
161
161
  X509_REQ *req;
162
162
  BIO *out;
163
- BUF_MEM *buf;
164
- VALUE str;
165
163
 
166
164
  GetX509Req(self, req);
167
165
  if (!(out = BIO_new(BIO_s_mem()))) {
@@ -171,11 +169,8 @@ ossl_x509req_to_pem(VALUE self)
171
169
  BIO_free(out);
172
170
  ossl_raise(eX509ReqError, NULL);
173
171
  }
174
- BIO_get_mem_ptr(out, &buf);
175
- str = rb_str_new(buf->data, buf->length);
176
- BIO_free(out);
177
172
 
178
- return str;
173
+ return ossl_membio2str(out);
179
174
  }
180
175
 
181
176
  static VALUE
@@ -203,8 +198,6 @@ ossl_x509req_to_text(VALUE self)
203
198
  {
204
199
  X509_REQ *req;
205
200
  BIO *out;
206
- BUF_MEM *buf;
207
- VALUE str;
208
201
 
209
202
  GetX509Req(self, req);
210
203
  if (!(out = BIO_new(BIO_s_mem()))) {
@@ -214,11 +207,8 @@ ossl_x509req_to_text(VALUE self)
214
207
  BIO_free(out);
215
208
  ossl_raise(eX509ReqError, NULL);
216
209
  }
217
- BIO_get_mem_ptr(out, &buf);
218
- str = rb_str_new(buf->data, buf->length);
219
- BIO_free(out);
220
210
 
221
- return str;
211
+ return ossl_membio2str(out);
222
212
  }
223
213
 
224
214
  #if 0
@@ -250,7 +240,7 @@ ossl_x509req_get_version(VALUE self)
250
240
  GetX509Req(self, req);
251
241
  version = X509_REQ_get_version(req);
252
242
 
253
- return LONG2FIX(version);
243
+ return LONG2NUM(version);
254
244
  }
255
245
 
256
246
  static VALUE
@@ -259,12 +249,12 @@ ossl_x509req_set_version(VALUE self, VALUE version)
259
249
  X509_REQ *req;
260
250
  long ver;
261
251
 
262
- if ((ver = FIX2LONG(version)) < 0) {
252
+ if ((ver = NUM2LONG(version)) < 0) {
263
253
  ossl_raise(eX509ReqError, "version must be >= 0!");
264
254
  }
265
255
  GetX509Req(self, req);
266
256
  if (!X509_REQ_set_version(req, ver)) {
267
- ossl_raise(eX509ReqError, NULL);
257
+ ossl_raise(eX509ReqError, "X509_REQ_set_version");
268
258
  }
269
259
 
270
260
  return version;
@@ -302,23 +292,21 @@ static VALUE
302
292
  ossl_x509req_get_signature_algorithm(VALUE self)
303
293
  {
304
294
  X509_REQ *req;
295
+ const X509_ALGOR *alg;
305
296
  BIO *out;
306
- BUF_MEM *buf;
307
- VALUE str;
308
297
 
309
298
  GetX509Req(self, req);
310
299
 
311
300
  if (!(out = BIO_new(BIO_s_mem()))) {
312
301
  ossl_raise(eX509ReqError, NULL);
313
302
  }
314
- if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) {
303
+ X509_REQ_get0_signature(req, NULL, &alg);
304
+ if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
315
305
  BIO_free(out);
316
306
  ossl_raise(eX509ReqError, NULL);
317
307
  }
318
- BIO_get_mem_ptr(out, &buf);
319
- str = rb_str_new(buf->data, buf->length);
320
- BIO_free(out);
321
- return str;
308
+
309
+ return ossl_membio2str(out);
322
310
  }
323
311
 
324
312
  static VALUE
@@ -342,11 +330,10 @@ ossl_x509req_set_public_key(VALUE self, VALUE key)
342
330
  EVP_PKEY *pkey;
343
331
 
344
332
  GetX509Req(self, req);
345
- pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
346
- if (!X509_REQ_set_pubkey(req, pkey)) {
347
- ossl_raise(eX509ReqError, NULL);
348
- }
349
-
333
+ pkey = GetPKeyPtr(key);
334
+ ossl_pkey_check_public_key(pkey);
335
+ if (!X509_REQ_set_pubkey(req, pkey))
336
+ ossl_raise(eX509ReqError, "X509_REQ_set_pubkey");
350
337
  return key;
351
338
  }
352
339
 
@@ -375,18 +362,19 @@ ossl_x509req_verify(VALUE self, VALUE key)
375
362
  {
376
363
  X509_REQ *req;
377
364
  EVP_PKEY *pkey;
378
- int i;
379
365
 
380
366
  GetX509Req(self, req);
381
- pkey = GetPKeyPtr(key); /* NO NEED TO DUP */
382
- if ((i = X509_REQ_verify(req, pkey)) < 0) {
383
- ossl_raise(eX509ReqError, NULL);
384
- }
385
- if (i > 0) {
367
+ pkey = GetPKeyPtr(key);
368
+ ossl_pkey_check_public_key(pkey);
369
+ switch (X509_REQ_verify(req, pkey)) {
370
+ case 1:
386
371
  return Qtrue;
372
+ case 0:
373
+ ossl_clear_error();
374
+ return Qfalse;
375
+ default:
376
+ ossl_raise(eX509ReqError, NULL);
387
377
  }
388
-
389
- return Qfalse;
390
378
  }
391
379
 
392
380
  static VALUE
@@ -426,8 +414,8 @@ ossl_x509req_set_attributes(VALUE self, VALUE ary)
426
414
  OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
427
415
  }
428
416
  GetX509Req(self, req);
429
- sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
430
- req->req_info->attributes = NULL;
417
+ while ((attr = X509_REQ_delete_attr(req, 0)))
418
+ X509_ATTRIBUTE_free(attr);
431
419
  for (i=0;i<RARRAY_LEN(ary); i++) {
432
420
  item = RARRAY_AREF(ary, i);
433
421
  attr = GetX509AttrPtr(item);
@@ -457,6 +445,12 @@ ossl_x509req_add_attribute(VALUE self, VALUE attr)
457
445
  void
458
446
  Init_ossl_x509req(void)
459
447
  {
448
+ #if 0
449
+ mOSSL = rb_define_module("OpenSSL");
450
+ eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
451
+ mX509 = rb_define_module_under(mOSSL, "X509");
452
+ #endif
453
+
460
454
  eX509ReqError = rb_define_class_under(mX509, "RequestError", eOSSLError);
461
455
 
462
456
  cX509Req = rb_define_class_under(mX509, "Request", rb_cObject);