[前][次][番号順一覧][スレッド一覧]

ruby-changes:43213

From: rhe <ko1@a...>
Date: Mon, 6 Jun 2016 00:35:19 +0900 (JST)
Subject: [ruby-changes:43213] rhe:r55287 (trunk): openssl: adapt to OpenSSL 1.1.0 opaque structs

rhe	2016-06-06 00:35:12 +0900 (Mon, 06 Jun 2016)

  New Revision: 55287

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55287

  Log:
    openssl: adapt to OpenSSL 1.1.0 opaque structs
    
    * ext/openssl/extconf.rb: Check existence of accessor functions that
      don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its
      structures opaque and requires use of these accessor functions.
      [ruby-core:75225] [Feature #12324]
    
    * ext/openssl/openssl_missing.[ch]: Implement them if missing.
    
    * ext/openssl/ossl*.c: Use these accessor functions.
    
    * test/openssl/test_hmac.rb: Add missing test for HMAC#reset.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/extconf.rb
    trunk/ext/openssl/openssl_missing.c
    trunk/ext/openssl/openssl_missing.h
    trunk/ext/openssl/ossl.c
    trunk/ext/openssl/ossl_bn.c
    trunk/ext/openssl/ossl_cipher.c
    trunk/ext/openssl/ossl_hmac.c
    trunk/ext/openssl/ossl_ocsp.c
    trunk/ext/openssl/ossl_pkey.c
    trunk/ext/openssl/ossl_pkey_dh.c
    trunk/ext/openssl/ossl_pkey_dsa.c
    trunk/ext/openssl/ossl_pkey_rsa.c
    trunk/ext/openssl/ossl_ssl.c
    trunk/ext/openssl/ossl_ssl_session.c
    trunk/ext/openssl/ossl_x509attr.c
    trunk/ext/openssl/ossl_x509cert.c
    trunk/ext/openssl/ossl_x509crl.c
    trunk/ext/openssl/ossl_x509name.c
    trunk/ext/openssl/ossl_x509req.c
    trunk/ext/openssl/ossl_x509revoked.c
    trunk/ext/openssl/ossl_x509store.c
    trunk/test/openssl/test_hmac.rb
Index: test/openssl/test_hmac.rb
===================================================================
--- test/openssl/test_hmac.rb	(revision 55286)
+++ test/openssl/test_hmac.rb	(revision 55287)
@@ -36,4 +36,11 @@ class OpenSSL::TestHMAC < OpenSSL::TestC https://github.com/ruby/ruby/blob/trunk/test/openssl/test_hmac.rb#L36
     result = hmac.update(data).hexdigest
     assert_equal "a13984b929a07912e4e21c5720876a8e150d6f67f854437206e7f86547248396", result
   end
+
+  def test_reset_keep_key
+    first = @h1.update("test").hexdigest
+    @h2.reset
+    second = @h2.update("test").hexdigest
+    assert_equal first, second
+  end
 end if defined?(OpenSSL::TestUtils)
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 55286)
+++ ChangeLog	(revision 55287)
@@ -1,3 +1,16 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Mon Jun  6 00:34:16 2016  Kazuki Yamaguchi  <k@r...>
+
+	* ext/openssl/extconf.rb: Check existence of accessor functions that
+	  don't exist in OpenSSL 0.9.8. OpenSSL 1.1.0 made most of its
+	  structures opaque and requires use of these accessor functions.
+	  [ruby-core:75225] [Feature #12324]
+
+	* ext/openssl/openssl_missing.[ch]: Implement them if missing.
+
+	* ext/openssl/ossl*.c: Use these accessor functions.
+
+	* test/openssl/test_hmac.rb: Add missing test for HMAC#reset.
+
 Mon Jun  6 00:00:13 2016  Kazuki Yamaguchi  <k@r...>
 
 	* ext/openssl/openssl_missing.[ch]: Implement EVP_PKEY_get0_*() and
Index: ext/openssl/ossl_pkey_rsa.c
===================================================================
--- ext/openssl/ossl_pkey_rsa.c	(revision 55286)
+++ ext/openssl/ossl_pkey_rsa.c	(revision 55287)
@@ -114,35 +114,36 @@ static RSA * https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L114
 rsa_generate(int size, unsigned long exp)
 {
     int i;
-    BN_GENCB cb;
-    struct ossl_generate_cb_arg cb_arg;
+    struct ossl_generate_cb_arg cb_arg = { 0 };
     struct rsa_blocking_gen_arg gen_arg;
     RSA *rsa = RSA_new();
     BIGNUM *e = BN_new();
+    BN_GENCB *cb = BN_GENCB_new();
 
-    if (!rsa || !e) {
-	if (e) BN_free(e);
-	if (rsa) RSA_free(rsa);
-	return 0;
+    if (!rsa || !e || !cb) {
+	RSA_free(rsa);
+	BN_free(e);
+	BN_GENCB_free(cb);
+	return NULL;
     }
     for (i = 0; i < (int)sizeof(exp) * 8; ++i) {
 	if (exp & (1UL << i)) {
 	    if (BN_set_bit(e, i) == 0) {
 		BN_free(e);
 		RSA_free(rsa);
-		return 0;
+		BN_GENCB_free(cb);
+		return NULL;
 	    }
 	}
     }
 
-    memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
     if (rb_block_given_p())
 	cb_arg.yield = 1;
-    BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+    BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
     gen_arg.rsa = rsa;
     gen_arg.e = e;
     gen_arg.size = size;
-    gen_arg.cb = &cb;
+    gen_arg.cb = cb;
     if (cb_arg.yield == 1) {
 	/* we cannot release GVL when callback proc is supplied */
 	rsa_blocking_gen(&gen_arg);
@@ -150,18 +151,19 @@ rsa_generate(int size, unsigned long exp https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_rsa.c#L151
 	/* there's a chance to unblock */
 	rb_thread_call_without_gvl(rsa_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
     }
+
+    BN_GENCB_free(cb);
+    BN_free(e);
     if (!gen_arg.result) {
-	BN_free(e);
 	RSA_free(rsa);
 	if (cb_arg.state) {
 	    /* must clear OpenSSL error stack */
 	    ossl_clear_error();
 	    rb_jump_tag(cb_arg.state);
 	}
-	return 0;
+	return NULL;
     }
 
-    BN_free(e);
     return rsa;
 }
 
Index: ext/openssl/ossl_pkey_dh.c
===================================================================
--- ext/openssl/ossl_pkey_dh.c	(revision 55286)
+++ ext/openssl/ossl_pkey_dh.c	(revision 55287)
@@ -97,21 +97,24 @@ dh_blocking_gen(void *arg) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L97
 static DH *
 dh_generate(int size, int gen)
 {
-    BN_GENCB cb;
-    struct ossl_generate_cb_arg cb_arg;
+    struct ossl_generate_cb_arg cb_arg = { 0 };
     struct dh_blocking_gen_arg gen_arg;
     DH *dh = DH_new();
+    BN_GENCB *cb = BN_GENCB_new();
 
-    if (!dh) return 0;
+    if (!dh || !cb) {
+	DH_free(dh);
+	BN_GENCB_free(cb);
+	return NULL;
+    }
 
-    memset(&cb_arg, 0, sizeof(struct ossl_generate_cb_arg));
     if (rb_block_given_p())
 	cb_arg.yield = 1;
-    BN_GENCB_set(&cb, ossl_generate_cb_2, &cb_arg);
+    BN_GENCB_set(cb, ossl_generate_cb_2, &cb_arg);
     gen_arg.dh = dh;
     gen_arg.size = size;
     gen_arg.gen = gen;
-    gen_arg.cb = &cb;
+    gen_arg.cb = cb;
     if (cb_arg.yield == 1) {
 	/* we cannot release GVL when callback proc is supplied */
 	dh_blocking_gen(&gen_arg);
@@ -120,6 +123,7 @@ dh_generate(int size, int gen) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L123
 	rb_thread_call_without_gvl(dh_blocking_gen, &gen_arg, ossl_generate_cb_stop, &cb_arg);
     }
 
+    BN_GENCB_free(cb);
     if (!gen_arg.result) {
 	DH_free(dh);
 	if (cb_arg.state) {
@@ -127,12 +131,12 @@ dh_generate(int size, int gen) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_dh.c#L131
 	    ossl_clear_error();
 	    rb_jump_tag(cb_arg.state);
 	}
-	return 0;
+	return NULL;
     }
 
     if (!DH_generate_key(dh)) {
         DH_free(dh);
-        return 0;
+        return NULL;
     }
 
     return dh;
Index: ext/openssl/ossl_x509revoked.c
===================================================================
--- ext/openssl/ossl_x509revoked.c	(revision 55286)
+++ ext/openssl/ossl_x509revoked.c	(revision 55287)
@@ -116,16 +116,18 @@ ossl_x509revoked_get_serial(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L116
 
     GetX509Rev(self, rev);
 
-    return asn1integer_to_num(rev->serialNumber);
+    return asn1integer_to_num(X509_REVOKED_get0_serialNumber(rev));
 }
 
 static VALUE
 ossl_x509revoked_set_serial(VALUE self, VALUE num)
 {
     X509_REVOKED *rev;
+    ASN1_INTEGER *ai;
 
     GetX509Rev(self, rev);
-    rev->serialNumber = num_to_asn1integer(num, rev->serialNumber);
+    ai = X509_REVOKED_get0_serialNumber(rev);
+    X509_REVOKED_set_serialNumber(rev, num_to_asn1integer(num, ai));
 
     return num;
 }
@@ -137,7 +139,7 @@ ossl_x509revoked_get_time(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L139
 
     GetX509Rev(self, rev);
 
-    return asn1time_to_time(rev->revocationDate);
+    return asn1time_to_time(X509_REVOKED_get0_revocationDate(rev));
 }
 
 static VALUE
@@ -146,7 +148,7 @@ ossl_x509revoked_set_time(VALUE self, VA https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L148
     X509_REVOKED *rev;
 
     GetX509Rev(self, rev);
-    if (!ossl_x509_time_adjust(rev->revocationDate, time))
+    if (!ossl_x509_time_adjust(X509_REVOKED_get0_revocationDate(rev), time))
 	ossl_raise(eX509RevError, NULL);
 
     return time;
@@ -193,8 +195,8 @@ ossl_x509revoked_set_extensions(VALUE se https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509revoked.c#L195
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509Rev(self, rev);
-    sk_X509_EXTENSION_pop_free(rev->extensions, X509_EXTENSION_free);
-    rev->extensions = NULL;
+    while ((ext = X509_REVOKED_delete_ext(rev, 0)))
+	X509_EXTENSION_free(ext);
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	item = RARRAY_AREF(ary, i);
 	ext = DupX509ExtPtr(item);
Index: ext/openssl/extconf.rb
===================================================================
--- ext/openssl/extconf.rb	(revision 55286)
+++ ext/openssl/extconf.rb	(revision 55287)
@@ -84,6 +84,10 @@ engines.each { |name| https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L84
   OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
 }
 
+# added in 0.9.8X
+have_func("EVP_CIPHER_CTX_new")
+have_func("EVP_CIPHER_CTX_free")
+
 # added in 1.0.0
 have_func("ASN1_TIME_adj")
 have_func("EVP_CIPHER_CTX_copy")
@@ -91,6 +95,9 @@ have_func("EVP_PKEY_base_id") https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L95
 have_func("HMAC_CTX_copy")
 have_func("PKCS5_PBKDF2_HMAC")
 have_func("X509_NAME_hash_old")
+have_func("X509_STORE_CTX_get0_current_crl")
+have_func("X509_STORE_set_verify_cb")
+have_func("i2d_ASN1_SET_ANY")
 have_func("SSL_SESSION_cmp") # removed
 OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
 have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
@@ -102,6 +109,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['ope https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L109
 # added in 1.0.2
 have_func("EC_curve_nist2nid")
 have_func("X509_REVOKED_dup")
+have_func("X509_STORE_CTX_get0_store")
 have_func("SSL_CTX_set_alpn_select_cb")
 OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
 OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
@@ -109,9 +117,27 @@ OpenSSL.check_func_or_macro("SSL_get_ser https://github.com/ruby/ruby/blob/trunk/ext/openssl/extconf.rb#L117
 
 # added in 1.1.0
 have_func("CRYPTO_lock") || $defs.push("-DHAVE_OPENSSL_110_THREADING_API")
+have_struct_member("SSL", "ctx", "openssl/ssl.h") || $defs.push("-DHAVE_OPAQUE_OPENSSL")
+have_func("BN_GENCB_new")
+have_func("BN_GENCB_free")
+have_func("BN_GENCB_get_arg")
+have_func("EVP_MD_CTX_new")
+have_func("EVP_MD_CTX_free")
+have_func("HMAC_CTX_new")
+have_func("HMAC_CTX_free")
 OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
 have_func("X509_STORE_get_ex_data")
 have_func("X509_STORE_set_ex_data")
+have_func("X509_CRL_get0_signature")
+have_func("X509_REQ_get0_signature")
+have_func("X509_REVOKED_get0_serialNumber")
+have_func("X509_REVOKED_get0_revocationDate")
+have_func("X509_get0_tbs_sigalg")
+have_func("X509_STORE_CTX_get0_untrusted")
+have_func("X509_STORE_CTX_get0_cert")
+have_func("X509_STORE_CTX_get0_chain")
+have_func("OCSP_SINGLERESP_get0_id")
+have_func("SSL_CTX_get_ciphers")
 have_func("X509_up_ref")
 have_func("X509_CRL_up_ref")
 have_func("X509_STORE_up_ref")
Index: ext/openssl/ossl_bn.c
===================================================================
--- ext/openssl/ossl_bn.c	(revision 55286)
+++ ext/openssl/ossl_bn.c	(revision 55287)
@@ -37,17 +37,12 @@ ossl_bn_free(void *ptr) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_bn.c#L37
     BN_clear_free(ptr);
 }
 
-static size_t
-ossl_bn_size(const void *ptr)
-{
-    return sizeof(BIGNUM);
-}
-
 static const rb_data_type_t ossl_bn_type = {
     "OpenSSL/BN",
-    {0, ossl_bn_free, ossl_bn_size,},
-    0, 0,
-    RUBY_TYPED_FREE_IMMEDIATELY,
+    {
+	0, ossl_bn_free,
+    },
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
 };
 
 /*
Index: ext/openssl/ossl_ssl.c
===================================================================
--- ext/openssl/ossl_ssl.c	(revision 55286)
+++ ext/openssl/ossl_ssl.c	(revision 55287)
@@ -922,7 +922,7 @@ ossl_sslctx_get_ciphers(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L922
         rb_warning("SSL_CTX is not initialized.");
         return Qnil;
     }
-    ciphers = ctx->cipher_list;
+    ciphers = SSL_CTX_get_ciphers(ctx);
 
     if (!ciphers)
         return rb_ary_new();
Index: ext/openssl/ossl_x509name.c
===================================================================
--- ext/openssl/ossl_x509name.c	(revision 55286)
+++ ext/openssl/ossl_x509name.c	(revision 55287)
@@ -282,6 +282,7 @@ ossl_x509name_to_a(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509name.c#L282
     char long_name[512];
     const char *short_name;
     VALUE ary, vname, ret;
+    ASN1_STRING *value;
 
     GetX509Name(self, name);
     entries = X509_NAME_entry_count(name);
@@ -294,7 +295,8 @@ ossl_x509name_to_a(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509name.c#L295
 	if (!(entry = X509_NAME_get_entry(name, i))) {
 	    ossl_raise(eX509NameError, NULL);
 	}
-	if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name), entry->object)) {
+	if (!i2t_ASN1_OBJECT(long_name, sizeof(long_name),
+			     X509_NAME_ENTRY_get_object(entry))) {
 	    ossl_raise(eX509NameError, NULL);
 	}
 	nid = OBJ_ln2nid(long_name);
@@ -304,10 +306,11 @@ ossl_x509name_to_a(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509name.c#L306
 	    short_name = OBJ_nid2sn(nid);
 	    vname = rb_str_new2(short_name); /*do not free*/
 	}
+	value = X509_NAME_ENTRY_get_data(entry);
 	ary = rb_ary_new3(3,
 			  vname,
-        		  rb_str_new((const char *)entry->value->data, entry->value->length),
-        		  INT2FIX(entry->value->type));
+			  rb_str_new((const char *)value->data, value->length),
+			  INT2FIX(value->type));
 	rb_ary_push(ret, ary);
     }
     return ret;
Index: ext/openssl/ossl_pkey.c
===================================================================
--- ext/openssl/ossl_pkey.c	(revision 55286)
+++ ext/openssl/ossl_pkey.c	(revision 55287)
@@ -27,7 +27,7 @@ ossl_generate_cb_2(int p, int n, BN_GENC https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L27
     struct ossl_generate_cb_arg *arg;
     int state;
 
-    arg = (struct ossl_generate_cb_arg *)cb->arg;
+    arg = (struct ossl_generate_cb_arg *)BN_GENCB_get_arg(cb);
     if (arg->yield) {
 	ary = rb_ary_new2(2);
 	rb_ary_store(ary, 0, INT2NUM(p));
@@ -265,21 +265,26 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L265
 ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
 {
     EVP_PKEY *pkey;
-    EVP_MD_CTX ctx;
+    const EVP_MD *md;
+    EVP_MD_CTX *ctx;
     unsigned int buf_len;
     VALUE str;
     int result;
 
-    if (rb_funcallv(self, id_private_q, 0, NULL) != Qtrue) {
+    if (rb_funcallv(self, id_private_q, 0, NULL) != Qtrue)
 	ossl_raise(rb_eArgError, "Private key is needed.");
-    }
     GetPKey(self, pkey);
-    EVP_SignInit(&ctx, GetDigestPtr(digest));
+    md = GetDigestPtr(digest);
     StringValue(data);
-    EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
     str = rb_str_new(0, EVP_PKEY_size(pkey)+16);
-    result = EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey);
-    EVP_MD_CTX_cleanup(&ctx);
+
+    ctx = EVP_MD_CTX_new();
+    if (!ctx)
+	ossl_raise(ePKeyError, "EVP_MD_CTX_new");
+    EVP_SignInit(ctx, md);
+    EVP_SignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data));
+    result = EVP_SignFinal(ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey);
+    EVP_MD_CTX_free(ctx);
     if (!result)
 	ossl_raise(ePKeyError, NULL);
     assert((long)buf_len <= RSTRING_LEN(str));
@@ -313,16 +318,22 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey.c#L318
 ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
 {
     EVP_PKEY *pkey;
-    EVP_MD_CTX ctx;
+    const EVP_MD *md;
+    EVP_MD_CTX *ctx;
     int result;
 
     GetPKey(self, pkey);
+    md = GetDigestPtr(digest);
     StringValue(sig);
     StringValue(data);
-    EVP_VerifyInit(&ctx, GetDigestPtr(digest));
-    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
-    result = EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey);
-    EVP_MD_CTX_cleanup(&ctx);
+
+    ctx = EVP_MD_CTX_new();
+    if (!ctx)
+	ossl_raise(ePKeyError, "EVP_MD_CTX_new");
+    EVP_VerifyInit(ctx, md);
+    EVP_VerifyUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data));
+    result = EVP_VerifyFinal(ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey);
+    EVP_MD_CTX_free(ctx);
     switch (result) {
     case 0:
 	return Qfalse;
Index: ext/openssl/openssl_missing.c
===================================================================
--- ext/openssl/openssl_missing.c	(revision 55286)
+++ ext/openssl/openssl_missing.c	(revision 55287)
@@ -20,6 +20,30 @@ https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L20
 
 #include "openssl_missing.h"
 
+/* added in 0.9.8X */
+#if !defined(HAVE_EVP_CIPHER_CTX_NEW)
+EVP_CIPHER_CTX *
+EVP_CIPHER_CTX_new(void)
+{
+    EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
+    if (!ctx)
+	return NULL;
+    EVP_CIPHER_CTX_init(ctx);
+    return ctx;
+}
+#endif
+
+#if !defined(HAVE_EVP_CIPHER_CTX_FREE)
+void
+EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+    if (ctx) {
+	EVP_CIPHER_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+    }
+}
+#endif
+
 /* added in 1.0.0 */
 #if !defined(HAVE_EVP_CIPHER_CTX_COPY)
 /*
@@ -46,15 +70,19 @@ EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L70
 
 #if !defined(OPENSSL_NO_HMAC)
 #if !defined(HAVE_HMAC_CTX_COPY)
-void
+int
 HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
 {
-    if (!out || !in) return;
+    if (!out || !in)
+	return 0;
+
     memcpy(out, in, sizeof(HMAC_CTX));
 
     EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
     EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
     EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
+
+    return 1;
 }
 #endif /* HAVE_HMAC_CTX_COPY */
 #endif /* NO_HMAC */
@@ -95,3 +123,49 @@ EC_curve_nist2nid(const char *name) https://github.com/ruby/ruby/blob/trunk/ext/openssl/openssl_missing.c#L123
 }
 #endif
 #endif
+
+/*** added in 1.1.0 ***/
+#if !defined(HAVE_HMAC_CTX_NEW)
+HMAC_CTX *
+HMAC_CTX_new(void)
+{
+    HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
+    if (!ctx)
+	return NULL;
+    HMAC_CTX_init(ctx);
+    return ctx;
+}
+#endif
+
+#if !defined(HAVE_HMAC_CTX_FREE)
+void
+HMAC_CTX_free(HMAC_CTX *ctx)
+{
+    if (ctx) {
+	HMAC_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+    }
+}
+#endif
+
+#if !defined(HAVE_X509_CRL_GET0_SIGNATURE)
+void
+X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_CRL *crl)
+{
+    if (psig != NULL)
+	*psig = crl->signature;
+    if (palg != NULL)
+	*palg = crl->sig_alg;
+}
+#endif
+
+#if !defined(HAVE_X509_REQ_GET0_SIGNATURE)
+void
+X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, X509_REQ *req)
+{
+    if (psig != NULL)
+	*psig = req->signature;
+    if (palg != NULL)
+	*palg = req->sig_alg;
+}
+#endif
Index: ext/openssl/ossl_x509req.c
===================================================================
--- ext/openssl/ossl_x509req.c	(revision 55286)
+++ ext/openssl/ossl_x509req.c	(revision 55287)
@@ -302,6 +302,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509req.c#L302
 ossl_x509req_get_signature_algorithm(VALUE self)
 {
     X509_REQ *req;
+    X509_ALGOR *alg;
     BIO *out;
     BUF_MEM *buf;
     VALUE str;
@@ -311,7 +312,8 @@ ossl_x509req_get_signature_algorithm(VAL https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509req.c#L312
     if (!(out = BIO_new(BIO_s_mem()))) {
 	ossl_raise(eX509ReqError, NULL);
     }
-    if (!i2a_ASN1_OBJECT(out, req->sig_alg->algorithm)) {
+    X509_REQ_get0_signature(NULL, &alg, req);
+    if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
 	BIO_free(out);
 	ossl_raise(eX509ReqError, NULL);
     }
@@ -426,8 +428,8 @@ ossl_x509req_set_attributes(VALUE self, https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_x509req.c#L428
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Attr);
     }
     GetX509Req(self, req);
-    sk_X509_ATTRIBUTE_pop_free(req->req_info->attributes, X509_ATTRIBUTE_free);
-    req->req_info->attributes = NULL;
+    while ((attr = X509_REQ_delete_attr(req, 0)))
+	X509_ATTRIBUTE_free(attr);
     for (i=0;i<RARRAY_LEN(ary); i++) {
 	item = RARRAY_AREF(ary, i);
 	attr = DupX509AttrPtr(item);
Index: ext/openssl/ossl.c
===================================================================
--- ext/openssl/ossl.c	(revision 55286)
+++ ext/openssl/ossl.c	(revision 55287)
@@ -258,7 +258,7 @@ ossl_verify_cb(int ok, X509_STORE_CTX *c https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L258
 
     proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx);
     if (!proc)
-	proc = (VALUE)X509_STORE_get_ex_data(ctx->ctx, ossl_store_ex_verify_cb_idx);
+	proc = (VALUE)X509_STORE_get_ex_data(X509_STORE_CTX_get0_store(ctx), ossl_store_ex_verify_cb_idx);
     if (!proc)
 	return ok;
     if (!NI (... truncated)

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]