[前][次][番号順一覧][スレッド一覧]

ruby-changes:43464

From: rhe <ko1@a...>
Date: Wed, 29 Jun 2016 22:21:58 +0900 (JST)
Subject: [ruby-changes:43464] rhe:r55538 (trunk): openssl: fix for OpenSSL 1.0.0t

rhe	2016-06-29 22:21:54 +0900 (Wed, 29 Jun 2016)

  New Revision: 55538

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55538

  Log:
    openssl: fix for OpenSSL 1.0.0t
    
    * ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does
      not work well with OpenSSL 1.0.0t. So avoid it.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_ocsp.c
Index: ext/openssl/ossl_ocsp.c
===================================================================
--- ext/openssl/ossl_ocsp.c	(revision 55537)
+++ ext/openssl/ossl_ocsp.c	(revision 55538)
@@ -225,17 +225,20 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L225
 ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
+    OCSP_REQUEST *req, *req_new;
     const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if(!NIL_P(arg)){
-	OCSP_REQUEST *req;
 	GetOCSPReq(self, req);
 	arg = ossl_to_der_if_possible(arg);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg)))
-	    ossl_raise(eOCSPError, "cannot load DER encoded request");
+	req_new = d2i_OCSP_REQUEST(NULL, &p, RSTRING_LEN(arg));
+	if (!req_new)
+	    ossl_raise(eOCSPError, "d2i_OCSP_REQUEST");
+	SetOCSPReq(self, req_new);
+	OCSP_REQUEST_free(req);
     }
 
     return self;
@@ -536,17 +539,20 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L539
 ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
+    OCSP_RESPONSE *res, *res_new;
     const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if(!NIL_P(arg)){
-	OCSP_RESPONSE *res;
 	GetOCSPRes(self, res);
 	arg = ossl_to_der_if_possible(arg);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_RESPONSE(&res, &p, RSTRING_LEN(arg)))
-	    ossl_raise(eOCSPError, "cannot load DER encoded response");
+	res_new = d2i_OCSP_RESPONSE(NULL, &p, RSTRING_LEN(arg));
+	if (!res_new)
+	    ossl_raise(eOCSPError, "d2i_OCSP_RESPONSE");
+	SetOCSPRes(self, res_new);
+	OCSP_RESPONSE_free(res);
     }
 
     return self;
@@ -688,17 +694,20 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L694
 ossl_ocspbres_initialize(int argc, VALUE *argv, VALUE self)
 {
     VALUE arg;
+    OCSP_BASICRESP *res, *res_new;
     const unsigned char *p;
 
     rb_scan_args(argc, argv, "01", &arg);
     if (!NIL_P(arg)) {
-	OCSP_BASICRESP *res;
 	GetOCSPBasicRes(self, res);
 	arg = ossl_to_der_if_possible(arg);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_BASICRESP(&res, &p, RSTRING_LEN(arg)))
+	res_new = d2i_OCSP_BASICRESP(NULL, &p, RSTRING_LEN(arg));
+	if (!res_new)
 	    ossl_raise(eOCSPError, "d2i_OCSP_BASICRESP");
+	SetOCSPBasicRes(self, res_new);
+	OCSP_BASICRESP_free(res);
     }
 
     return self;
@@ -1127,7 +1136,7 @@ ossl_ocspsres_alloc(VALUE klass) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1136
 static VALUE
 ossl_ocspsres_initialize(VALUE self, VALUE arg)
 {
-    OCSP_SINGLERESP *res;
+    OCSP_SINGLERESP *res, *res_new;
     const unsigned char *p;
 
     arg = ossl_to_der_if_possible(arg);
@@ -1135,8 +1144,11 @@ ossl_ocspsres_initialize(VALUE self, VAL https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1144
     GetOCSPSingleRes(self, res);
 
     p = (unsigned char*)RSTRING_PTR(arg);
-    if (!d2i_OCSP_SINGLERESP(&res, &p, RSTRING_LEN(arg)))
+    res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg));
+    if (!res_new)
 	ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP");
+    SetOCSPSingleRes(self, res_new);
+    OCSP_SINGLERESP_free(res);
 
     return self;
 }
@@ -1432,9 +1444,7 @@ static VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1444
 ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
 {
     OCSP_CERTID *id, *newid;
-    X509 *x509s, *x509i;
     VALUE subject, issuer, digest;
-    const EVP_MD *md;
 
     GetOCSPCertId(self, id);
     if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
@@ -1444,25 +1454,25 @@ ossl_ocspcid_initialize(int argc, VALUE https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ocsp.c#L1454
 	arg = ossl_to_der_if_possible(subject);
 	StringValue(arg);
 	p = (unsigned char *)RSTRING_PTR(arg);
-	if (!d2i_OCSP_CERTID(&id, &p, RSTRING_LEN(arg)))
+	newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
+	if (!newid)
 	    ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
-
-	return self;
     }
+    else {
+	X509 *x509s, *x509i;
+	const EVP_MD *md;
 
-    x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
-    x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
+	x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
+	x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
+	md = !NIL_P(digest) ? GetDigestPtr(digest) : NULL;
 
-    if (!NIL_P(digest)) {
-	md = GetDigestPtr(digest);
 	newid = OCSP_cert_to_id(md, x509s, x509i);
-    } else {
-	newid = OCSP_cert_to_id(NULL, x509s, x509i);
+	if (!newid)
+	    ossl_raise(eOCSPError, "OCSP_cert_to_id");
     }
-    if(!newid)
-	ossl_raise(eOCSPError, NULL);
-    OCSP_CERTID_free(id);
+
     SetOCSPCertId(self, newid);
+    OCSP_CERTID_free(id);
 
     return self;
 }
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 55537)
+++ ChangeLog	(revision 55538)
@@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed Jun 29 22:21:38 2016  Kazuki Yamaguchi  <k@r...>
+
+	* ext/openssl/ossl_ocsp.c: The "reuse" behavior of d2i_ functions does
+	  not work well with OpenSSL 1.0.0t. So avoid it.
+
 Wed Jun 29 15:18:28 2016  NARUSE, Yui  <naruse@r...>
 
 	* insns.def (opt_succ): optimize like r55515. (but this argument is

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]