ruby-changes:43464
From: rhe <ko1@a...>
Date: Wed, 29 Jun 2016 22:21:58 +0900 (JST)
Subject: [ruby-changes:43464] rhe:r55538 (trunk): openssl: fix for OpenSSL 1.0.0t
rhe 2016-06-29 22:21:54 +0900 (Wed, 29 Jun 2016) New Revision: 55538 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55538 Log: openssl: fix for OpenSSL 1.0.0t * ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does not work well with OpenSSL 1.0.0t. So avoid it. Modified files: trunk/ChangeLog trunk/ext/openssl/ossl_ocsp.c Index: ext/openssl/ossl_ocsp.c =================================================================== --- ext/openssl/ossl_ocsp.c (revision 55537) +++ ext/openssl/ossl_ocsp.c (revision 55538) @@ -225,17 +225,20 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L225 ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; + OCSP_REQUEST *req, *req_new; const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if(!NIL_P(arg)){ - OCSP_REQUEST *req; GetOCSPReq(self, req); arg = ossl_to_der_if_possible(arg); StringValue(arg); p = (unsigned char *)RSTRING_PTR(arg); - if (!d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg))) - ossl_raise(eOCSPError, "cannot load DER encoded request"); + req_new = d2i_OCSP_REQUEST(NULL, &p, RSTRING_LEN(arg)); + if (!req_new) + ossl_raise(eOCSPError, "d2i_OCSP_REQUEST"); + SetOCSPReq(self, req_new); + OCSP_REQUEST_free(req); } return self; @@ -536,17 +539,20 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L539 ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; + OCSP_RESPONSE *res, *res_new; const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if(!NIL_P(arg)){ - OCSP_RESPONSE *res; GetOCSPRes(self, res); arg = ossl_to_der_if_possible(arg); StringValue(arg); p = (unsigned char *)RSTRING_PTR(arg); - if (!d2i_OCSP_RESPONSE(&res, &p, RSTRING_LEN(arg))) - ossl_raise(eOCSPError, "cannot load DER encoded response"); + res_new = d2i_OCSP_RESPONSE(NULL, &p, RSTRING_LEN(arg)); + if (!res_new) + ossl_raise(eOCSPError, "d2i_OCSP_RESPONSE"); + SetOCSPRes(self, res_new); + OCSP_RESPONSE_free(res); } return self; @@ -688,17 +694,20 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L694 ossl_ocspbres_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; + OCSP_BASICRESP *res, *res_new; const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if (!NIL_P(arg)) { - OCSP_BASICRESP *res; GetOCSPBasicRes(self, res); arg = ossl_to_der_if_possible(arg); StringValue(arg); p = (unsigned char *)RSTRING_PTR(arg); - if (!d2i_OCSP_BASICRESP(&res, &p, RSTRING_LEN(arg))) + res_new = d2i_OCSP_BASICRESP(NULL, &p, RSTRING_LEN(arg)); + if (!res_new) ossl_raise(eOCSPError, "d2i_OCSP_BASICRESP"); + SetOCSPBasicRes(self, res_new); + OCSP_BASICRESP_free(res); } return self; @@ -1127,7 +1136,7 @@ ossl_ocspsres_alloc(VALUE klass) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1136 static VALUE ossl_ocspsres_initialize(VALUE self, VALUE arg) { - OCSP_SINGLERESP *res; + OCSP_SINGLERESP *res, *res_new; const unsigned char *p; arg = ossl_to_der_if_possible(arg); @@ -1135,8 +1144,11 @@ ossl_ocspsres_initialize(VALUE self, VAL https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1144 GetOCSPSingleRes(self, res); p = (unsigned char*)RSTRING_PTR(arg); - if (!d2i_OCSP_SINGLERESP(&res, &p, RSTRING_LEN(arg))) + res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg)); + if (!res_new) ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP"); + SetOCSPSingleRes(self, res_new); + OCSP_SINGLERESP_free(res); return self; } @@ -1432,9 +1444,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1444 ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self) { OCSP_CERTID *id, *newid; - X509 *x509s, *x509i; VALUE subject, issuer, digest; - const EVP_MD *md; GetOCSPCertId(self, id); if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) { @@ -1444,25 +1454,25 @@ ossl_ocspcid_initialize(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1454 arg = ossl_to_der_if_possible(subject); StringValue(arg); p = (unsigned char *)RSTRING_PTR(arg); - if (!d2i_OCSP_CERTID(&id, &p, RSTRING_LEN(arg))) + newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg)); + if (!newid) ossl_raise(eOCSPError, "d2i_OCSP_CERTID"); - - return self; } + else { + X509 *x509s, *x509i; + const EVP_MD *md; - x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */ - x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */ + x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */ + x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */ + md = !NIL_P(digest) ? GetDigestPtr(digest) : NULL; - if (!NIL_P(digest)) { - md = GetDigestPtr(digest); newid = OCSP_cert_to_id(md, x509s, x509i); - } else { - newid = OCSP_cert_to_id(NULL, x509s, x509i); + if (!newid) + ossl_raise(eOCSPError, "OCSP_cert_to_id"); } - if(!newid) - ossl_raise(eOCSPError, NULL); - OCSP_CERTID_free(id); + SetOCSPCertId(self, newid); + OCSP_CERTID_free(id); return self; } Index: ChangeLog =================================================================== --- ChangeLog (revision 55537) +++ ChangeLog (revision 55538) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Wed Jun 29 22:21:38 2016 Kazuki Yamaguchi <k@r...> + + * ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does + not work well with OpenSSL 1.0.0t. So avoid it. + Wed Jun 29 15:18:28 2016 NARUSE, Yui <naruse@r...> * insns.def (opt_succ): optimize like r55515. (but this argument is -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/