ruby-changes:43213
From: rhe <ko1@a...>
Date: Mon, 6 Jun 2016 00:35:19 +0900 (JST)
Subject: [ruby-changes:43213] rhe:r55287 (trunk): openssl: adapt to OpenSSL 1.1.0 opaque structs
rhe 2016-06-06 00:35:12 +0900 (Mon, 06 Jun 2016) New Revision: 55287 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55287 Log: openssl: adapt to OpenSSL 1.1.0 opaque structs * ext/openssl/extconf.rb: Check existence of accessor functions that don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its structures opaque and requires use of these accessor functions. [ruby-core:75225] [Feature #12324] * ext/openssl/openssl_missing.[ch]: Implement them if missing. * ext/openssl/ossl*.c: Use these accessor functions. * test/openssl/test_hmac.rb: Add missing test for HMAC#reset. Modified files: trunk/ChangeLog trunk/ext/openssl/extconf.rb trunk/ext/openssl/openssl_missing.c trunk/ext/openssl/openssl_missing.h trunk/ext/openssl/ossl.c trunk/ext/openssl/ossl_bn.c trunk/ext/openssl/ossl_cipher.c trunk/ext/openssl/ossl_hmac.c trunk/ext/openssl/ossl_ocsp.c trunk/ext/openssl/ossl_pkey.c trunk/ext/openssl/ossl_pkey_dh.c trunk/ext/openssl/ossl_pkey_dsa.c trunk/ext/openssl/ossl_pkey_rsa.c trunk/ext/openssl/ossl_ssl.c trunk/ext/openssl/ossl_ssl_session.c trunk/ext/openssl/ossl_x509attr.c trunk/ext/openssl/ossl_x509cert.c trunk/ext/openssl/ossl_x509crl.c trunk/ext/openssl/ossl_x509name.c trunk/ext/openssl/ossl_x509req.c trunk/ext/openssl/ossl_x509revoked.c trunk/ext/openssl/ossl_x509store.c trunk/test/openssl/test_hmac.rb Index: test/openssl/test_hmac.rb =================================================================== --- test/openssl/test_hmac.rb (revision 55286) +++ test/openssl/test_hmac.rb (revision 55287) @@ -36,4 +36,11 @@ class OpenSSL::TestHMAC < OpenSSL::TestC https://github.com/ruby/ruby/blob/trunk/test/openssl/test_hmac.rb#L36 result = hmac.update(data).hexdigest assert_equal "a13984b929a07912e4e21c5720876a8e150d6f67f854437206e7f86547248396", result end + + def test_reset_keep_key + first = @h1.update("test").hexdigest + @h2.reset + second = @h2.update("test").hexdigest + assert_equal first, second + end end if defined?(OpenSSL::TestUtils) Index: ChangeLog =================================================================== --- ChangeLog (revision 55286) +++ ChangeLog (revision 55287) @@ -1,3 +1,16 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Mon Jun 6 00:34:16 2016 Kazuki Yamaguchi <k@r...> + + * ext/openssl/extconf.rb: Check existence of accessor functions that + don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its + structures opaque and requires use of these accessor functions. + [ruby-core:75225] [Feature #12324] + + * ext/openssl/openssl_missing.[ch]: Implement them if missing. + + * ext/openssl/ossl*.c: Use these accessor functions. + + * test/openssl/test_hmac.rb: Add missing test for HMAC#reset. + Mon Jun 6 00:00:13 2016 Kazuki Yamaguchi <k@r...> * ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and Index: ext/openssl/ossl_pkey_rsa.c =================================================================== --- ext/openssl/ossl_pkey_rsa.c (revision 55286) +++ ext/openssl/ossl_pkey_rsa.c (revision 55287) @@ -114,35 +114,36 @@ static RSA * https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L114 rsa_generate(int size, unsigned long exp) { int i; - BN_GENCB cb; - struct ossl_generate_cb_arg cb_arg; + struct ossl_generate_cb_arg cb_arg = { 0 }; struct rsa_blocking_gen_arg gen_arg; RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); + BN_GENCB *cb = BN_GENCB_new(); - if (!rsa || !e) { - if (e) BN_free(e); - if (rsa) RSA_free(rsa); - return 0; + if (!rsa || !e || !cb) { + RSA_free(rsa); + BN_free(e); + BN_GENCB_free(cb); + return NULL; } for (i = 0; i < (int)sizeof(exp) * 8; ++i) { if (exp & (1UL << i)) { if (BN_set_bit(e, i) == 0) { BN_free(e); RSA_free(rsa); - return 0; + BN_GENCB_free(cb); + return NULL; } } } - memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); if (rb_block_given_p()) cb_arg.yield = 1; - BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg); gen_arg.rsa = rsa; gen_arg.e = e; gen_arg.size = size; - gen_arg.cb = &cb; + gen_arg.cb = cb; if (cb_arg.yield == 1) { /* we cannot release GVL when callback proc is supplied */ rsa_blocking_gen(&gen_arg); @@ -150,18 +151,19 @@ rsa_generate(int size, unsigned long exp https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L151 /* there's a chance to unblock */ rb_thread_call_without_gvl(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); } + + BN_GENCB_free(cb); + BN_free(e); if (!gen_arg.result) { - BN_free(e); RSA_free(rsa); if (cb_arg.state) { /* must clear OpenSSL error stack */ ossl_clear_error(); rb_jump_tag(cb_arg.state); } - return 0; + return NULL; } - BN_free(e); return rsa; } Index: ext/openssl/ossl_pkey_dh.c =================================================================== --- ext/openssl/ossl_pkey_dh.c (revision 55286) +++ ext/openssl/ossl_pkey_dh.c (revision 55287) @@ -97,21 +97,24 @@ dh_blocking_gen(void *arg) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L97 static DH * dh_generate(int size, int gen) { - BN_GENCB cb; - struct ossl_generate_cb_arg cb_arg; + struct ossl_generate_cb_arg cb_arg = { 0 }; struct dh_blocking_gen_arg gen_arg; DH *dh = DH_new(); + BN_GENCB *cb = BN_GENCB_new(); - if (!dh) return 0; + if (!dh || !cb) { + DH_free(dh); + BN_GENCB_free(cb); + return NULL; + } - memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg)); if (rb_block_given_p()) cb_arg.yield = 1; - BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg); + BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg); gen_arg.dh = dh; gen_arg.size = size; gen_arg.gen = gen; - gen_arg.cb = &cb; + gen_arg.cb = cb; if (cb_arg.yield == 1) { /* we cannot release GVL when callback proc is supplied */ dh_blocking_gen(&gen_arg); @@ -120,6 +123,7 @@ dh_generate(int size, int gen) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L123 rb_thread_call_without_gvl(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg); } + BN_GENCB_free(cb); if (!gen_arg.result) { DH_free(dh); if (cb_arg.state) { @@ -127,12 +131,12 @@ dh_generate(int size, int gen) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L131 ossl_clear_error(); rb_jump_tag(cb_arg.state); } - return 0; + return NULL; } if (!DH_generate_key(dh)) { DH_free(dh); - return 0; + return NULL; } return dh; Index: ext/openssl/ossl_x509revoked.c =================================================================== --- ext/openssl/ossl_x509revoked.c (revision 55286) +++ ext/openssl/ossl_x509revoked.c (revision 55287) @@ -116,16 +116,18 @@ ossl_x509revoked_get_serial(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L116 GetX509Rev(self, rev); - return asn1integer_to_num(rev->serialNumber); + return asn1integer_to_num(X509_REVOKED_get0_serialNumber(rev)); } static VALUE ossl_x509revoked_set_serial(VALUE self, VALUE num) { X509_REVOKED *rev; + ASN1_INTEGER *ai; GetX509Rev(self, rev); - rev->serialNumber = num_to_asn1integer(num, rev->serialNumber); + ai = X509_REVOKED_get0_serialNumber(rev); + X509_REVOKED_set_serialNumber(rev, num_to_asn1integer(num, ai)); return num; } @@ -137,7 +139,7 @@ ossl_x509revoked_get_time(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L139 GetX509Rev(self, rev); - return asn1time_to_time(rev->revocationDate); + return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev)); } static VALUE @@ -146,7 +148,7 @@ ossl_x509revoked_set_time(VALUE self, VA https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L148 X509_REVOKED *rev; GetX509Rev(self, rev); - if (!ossl_x509_time_adjust(rev->revocationDate, time)) + if (!ossl_x509_time_adjust(X509_REVOKED_get0_revocationDate(rev), time)) ossl_raise(eX509RevError, NULL); return time; @@ -193,8 +195,8 @@ ossl_x509revoked_set_extensions(VALUE se https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L195 OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext); } GetX509Rev(self, rev); - sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free); - rev->extensions = NULL; + while ((ext = X509_REVOKED_delete_ext(rev, 0))) + X509_EXTENSION_free(ext); for (i=0; i<RARRAY_LEN(ary); i++) { item = RARRAY_AREF(ary, i); ext = DupX509ExtPtr(item); Index: ext/openssl/extconf.rb =================================================================== --- ext/openssl/extconf.rb (revision 55286) +++ ext/openssl/extconf.rb (revision 55287) @@ -84,6 +84,10 @@ engines.each { |name| https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L84 OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } +# added in 0.9.8X +have_func("EVP_CIPHER_CTX_new") +have_func("EVP_CIPHER_CTX_free") + # added in 1.0.0 have_func("ASN1_TIME_adj") have_func("EVP_CIPHER_CTX_copy") @@ -91,6 +95,9 @@ have_func("EVP_PKEY_base_id") https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L95 have_func("HMAC_CTX_copy") have_func("PKCS5_PBKDF2_HMAC") have_func("X509_NAME_hash_old") +have_func("X509_STORE_CTX_get0_current_crl") +have_func("X509_STORE_set_verify_cb") +have_func("i2d_ASN1_SET_ANY") have_func("SSL_SESSION_cmp") # removed OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h") have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h") @@ -102,6 +109,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['ope https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L109 # added in 1.0.2 have_func("EC_curve_nist2nid") have_func("X509_REVOKED_dup") +have_func("X509_STORE_CTX_get0_store") have_func("SSL_CTX_set_alpn_select_cb") OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h") OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h") @@ -109,9 +117,27 @@ OpenSSL.check_func_or_macro("SSL_get_ser https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L117 # added in 1.1.0 have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API") +have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL") +have_func("BN_GENCB_new") +have_func("BN_GENCB_free") +have_func("BN_GENCB_get_arg") +have_func("EVP_MD_CTX_new") +have_func("EVP_MD_CTX_free") +have_func("HMAC_CTX_new") +have_func("HMAC_CTX_free") OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") +have_func("X509_CRL_get0_signature") +have_func("X509_REQ_get0_signature") +have_func("X509_REVOKED_get0_serialNumber") +have_func("X509_REVOKED_get0_revocationDate") +have_func("X509_get0_tbs_sigalg") +have_func("X509_STORE_CTX_get0_untrusted") +have_func("X509_STORE_CTX_get0_cert") +have_func("X509_STORE_CTX_get0_chain") +have_func("OCSP_SINGLERESP_get0_id") +have_func("SSL_CTX_get_ciphers") have_func("X509_up_ref") have_func("X509_CRL_up_ref") have_func("X509_STORE_up_ref") Index: ext/openssl/ossl_bn.c =================================================================== --- ext/openssl/ossl_bn.c (revision 55286) +++ ext/openssl/ossl_bn.c (revision 55287) @@ -37,17 +37,12 @@ ossl_bn_free(void *ptr) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L37 BN_clear_free(ptr); } -static size_t -ossl_bn_size(const void *ptr) -{ - return sizeof(BIGNUM); -} - static const rb_data_type_t ossl_bn_type = { "OpenSSL/BN", - {0, ossl_bn_free, ossl_bn_size,}, - 0, 0, - RUBY_TYPED_FREE_IMMEDIATELY, + { + 0, ossl_bn_free, + }, + 0, 0, RUBY_TYPED_FREE_IMMEDIATELY, }; /* Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c (revision 55286) +++ ext/openssl/ossl_ssl.c (revision 55287) @@ -922,7 +922,7 @@ ossl_sslctx_get_ciphers(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L922 rb_warning("SSL_CTX is not initialized."); return Qnil; } - ciphers = ctx->cipher_list; + ciphers = SSL_CTX_get_ciphers(ctx); if (!ciphers) return rb_ary_new(); Index: ext/openssl/ossl_x509name.c =================================================================== --- ext/openssl/ossl_x509name.c (revision 55286) +++ ext/openssl/ossl_x509name.c (revision 55287) @@ -282,6 +282,7 @@ ossl_x509name_to_a(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509name.c#L282 char long_name[512]; const char *short_name; VALUE ary, vname, ret; + ASN1_STRING *value; GetX509Name(self, name); entries = X509_NAME_entry_count(name); @@ -294,7 +295,8 @@ ossl_x509name_to_a(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509name.c#L295 if (!(entry = X509_NAME_get_entry(name, i))) { ossl_raise(eX509NameError, NULL); } - if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) { + if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), + X509_NAME_ENTRY_get_object(entry))) { ossl_raise(eX509NameError, NULL); } nid = OBJ_ln2nid(long_name); @@ -304,10 +306,11 @@ ossl_x509name_to_a(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509name.c#L306 short_name = OBJ_nid2sn(nid); vname = rb_str_new2(short_name); /*do not free*/ } + value = X509_NAME_ENTRY_get_data(entry); ary = rb_ary_new3(3, vname, - rb_str_new((const char *)entry->value->data, entry->value->length), - INT2FIX(entry->value->type)); + rb_str_new((const char *)value->data, value->length), + INT2FIX(value->type)); rb_ary_push(ret, ary); } return ret; Index: ext/openssl/ossl_pkey.c =================================================================== --- ext/openssl/ossl_pkey.c (revision 55286) +++ ext/openssl/ossl_pkey.c (revision 55287) @@ -27,7 +27,7 @@ ossl_generate_cb_2(int p, int n, BN_GENC https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L27 struct ossl_generate_cb_arg *arg; int state; - arg = (struct ossl_generate_cb_arg *)cb->arg; + arg = (struct ossl_generate_cb_arg *)BN_GENCB_get_arg(cb); if (arg->yield) { ary = rb_ary_new2(2); rb_ary_store(ary, 0, INT2NUM(p)); @@ -265,21 +265,26 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L265 ossl_pkey_sign(VALUE self, VALUE digest, VALUE data) { EVP_PKEY *pkey; - EVP_MD_CTX ctx; + const EVP_MD *md; + EVP_MD_CTX *ctx; unsigned int buf_len; VALUE str; int result; - if (rb_funcallv(self, id_private_q, 0, NULL) != Qtrue) { + if (rb_funcallv(self, id_private_q, 0, NULL) != Qtrue) ossl_raise(rb_eArgError, "Private key is needed."); - } GetPKey(self, pkey); - EVP_SignInit(&ctx, GetDigestPtr(digest)); + md = GetDigestPtr(digest); StringValue(data); - EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data)); str = rb_str_new(0, EVP_PKEY_size(pkey)+16); - result = EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey); - EVP_MD_CTX_cleanup(&ctx); + + ctx = EVP_MD_CTX_new(); + if (!ctx) + ossl_raise(ePKeyError, "EVP_MD_CTX_new"); + EVP_SignInit(ctx, md); + EVP_SignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)); + result = EVP_SignFinal(ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey); + EVP_MD_CTX_free(ctx); if (!result) ossl_raise(ePKeyError, NULL); assert((long)buf_len <= RSTRING_LEN(str)); @@ -313,16 +318,22 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L318 ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data) { EVP_PKEY *pkey; - EVP_MD_CTX ctx; + const EVP_MD *md; + EVP_MD_CTX *ctx; int result; GetPKey(self, pkey); + md = GetDigestPtr(digest); StringValue(sig); StringValue(data); - EVP_VerifyInit(&ctx, GetDigestPtr(digest)); - EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data)); - result = EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey); - EVP_MD_CTX_cleanup(&ctx); + + ctx = EVP_MD_CTX_new(); + if (!ctx) + ossl_raise(ePKeyError, "EVP_MD_CTX_new"); + EVP_VerifyInit(ctx, md); + EVP_VerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)); + result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey); + EVP_MD_CTX_free(ctx); switch (result) { case 0: return Qfalse; Index: ext/openssl/openssl_missing.c =================================================================== --- ext/openssl/openssl_missing.c (revision 55286) +++ ext/openssl/openssl_missing.c (revision 55287) @@ -20,6 +20,30 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L20 #include "openssl_missing.h" +/* added in 0.9.8X */ +#if !defined(HAVE_EVP_CIPHER_CTX_NEW) +EVP_CIPHER_CTX * +EVP_CIPHER_CTX_new(void) +{ + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)); + if (!ctx) + return NULL; + EVP_CIPHER_CTX_init(ctx); + return ctx; +} +#endif + +#if !defined(HAVE_EVP_CIPHER_CTX_FREE) +void +EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +{ + if (ctx) { + EVP_CIPHER_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +} +#endif + /* added in 1.0.0 */ #if !defined(HAVE_EVP_CIPHER_CTX_COPY) /* @@ -46,15 +70,19 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L70 #if !defined(OPENSSL_NO_HMAC) #if !defined(HAVE_HMAC_CTX_COPY) -void +int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) { - if (!out || !in) return; + if (!out || !in) + return 0; + memcpy(out, in, sizeof(HMAC_CTX)); EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx); EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx); EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx); + + return 1; } #endif /* HAVE_HMAC_CTX_COPY */ #endif /* NO_HMAC */ @@ -95,3 +123,49 @@ EC_curve_nist2nid(const char *name) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L123 } #endif #endif + +/*** added in 1.1.0 ***/ +#if !defined(HAVE_HMAC_CTX_NEW) +HMAC_CTX * +HMAC_CTX_new(void) +{ + HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); + if (!ctx) + return NULL; + HMAC_CTX_init(ctx); + return ctx; +} +#endif + +#if !defined(HAVE_HMAC_CTX_FREE) +void +HMAC_CTX_free(HMAC_CTX *ctx) +{ + if (ctx) { + HMAC_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +} +#endif + +#if !defined(HAVE_X509_CRL_GET0_SIGNATURE) +void +X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl) +{ + if (psig != NULL) + *psig = crl->signature; + if (palg != NULL) + *palg = crl->sig_alg; +} +#endif + +#if !defined(HAVE_X509_REQ_GET0_SIGNATURE) +void +X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req) +{ + if (psig != NULL) + *psig = req->signature; + if (palg != NULL) + *palg = req->sig_alg; +} +#endif Index: ext/openssl/ossl_x509req.c =================================================================== --- ext/openssl/ossl_x509req.c (revision 55286) +++ ext/openssl/ossl_x509req.c (revision 55287) @@ -302,6 +302,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509req.c#L302 ossl_x509req_get_signature_algorithm(VALUE self) { X509_REQ *req; + X509_ALGOR *alg; BIO *out; BUF_MEM *buf; VALUE str; @@ -311,7 +312,8 @@ ossl_x509req_get_signature_algorithm(VAL https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509req.c#L312 if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eX509ReqError, NULL); } - if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) { + X509_REQ_get0_signature(NULL, &alg, req); + if (!i2a_ASN1_OBJECT(out, alg->algorithm)) { BIO_free(out); ossl_raise(eX509ReqError, NULL); } @@ -426,8 +428,8 @@ ossl_x509req_set_attributes(VALUE self, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509req.c#L428 OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr); } GetX509Req(self, req); - sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free); - req->req_info->attributes = NULL; + while ((attr = X509_REQ_delete_attr(req, 0))) + X509_ATTRIBUTE_free(attr); for (i=0;i<RARRAY_LEN(ary); i++) { item = RARRAY_AREF(ary, i); attr = DupX509AttrPtr(item); Index: ext/openssl/ossl.c =================================================================== --- ext/openssl/ossl.c (revision 55286) +++ ext/openssl/ossl.c (revision 55287) @@ -258,7 +258,7 @@ ossl_verify_cb(int ok, X509_STORE_CTX *c https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L258 proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx); if (!proc) - proc = (VALUE)X509_STORE_get_ex_data(ctx->ctx, ossl_store_ex_verify_cb_idx); + proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx); if (!proc) return ok; if (!NI (... truncated) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/