Project

General

Profile

Feature #11552 ยป ruby-changes.patch

tshirley (Tim Shirley), 09/25/2015 08:04 PM

View differences:

ext/openssl/ossl_ocsp.c (working copy)
314 314

  
315 315
/*
316 316
 * call-seq:
317
 *   request.sign(signer_cert, signer_key)                      -> self
318
 *   request.sign(signer_cert, signer_key, certificates)        -> self
319
 *   request.sign(signer_cert, signer_key, certificates, flags) -> self
317
 *   request.sign(signer_cert, signer_key)                               -> self
318
 *   request.sign(signer_cert, signer_key, certificates)                 -> self
319
 *   request.sign(signer_cert, signer_key, certificates, flags)          -> self
320
 *   request.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
320 321
 *
321 322
 * Signs this OCSP request using +signer_cert+ and +signer_key+.
322 323
 * +certificates+ is an optional Array of certificates that may be included in
......
326 327
static VALUE
327 328
ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
328 329
{
329
    VALUE signer_cert, signer_key, certs, flags;
330
    VALUE signer_cert, signer_key, certs, flags, md_type;
330 331
    OCSP_REQUEST *req;
331 332
    X509 *signer;
332 333
    EVP_PKEY *key;
333 334
    STACK_OF(X509) *x509s;
334 335
    unsigned long flg;
336
    const EVP_MD *md;
335 337
    int ret;
336 338

  
337
    rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
339
    rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
338 340
    signer = GetX509CertPtr(signer_cert);
339 341
    key = GetPrivPKeyPtr(signer_key);
340 342
    flg = NIL_P(flags) ? 0 : NUM2INT(flags);
......
343 345
	flags |= OCSP_NOCERTS;
344 346
    }
345 347
    else x509s = ossl_x509_ary2sk(certs);
348
    if(NIL_P(md_type)) md = EVP_sha1();
349
    else md = GetDigestPtr(md_type);
350
    
346 351
    GetOCSPReq(self, req);
347
    ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg);
352
    ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
348 353
    sk_X509_pop_free(x509s, X509_free);
349 354
    if(!ret) ossl_raise(eOCSPError, NULL);
350 355

  
......
791 796
 *   basic_response.sign(signer_cert, signer_key) -> self
792 797
 *   basic_response.sign(signer_cert, signer_key, certificates) -> self
793 798
 *   basic_response.sign(signer_cert, signer_key, certificates, flags) -> self
799
 *   basic_response.sign(signer_cert, signer_key, certificates, flags, md_type) -> self
794 800
 *
795 801
 * Signs this response using the +signer_cert+ and +signer_key+.  Additional
796 802
 * +certificates+ may be added to the signature along with a set of +flags+.
......
799 805
static VALUE
800 806
ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
801 807
{
802
    VALUE signer_cert, signer_key, certs, flags;
808
    VALUE signer_cert, signer_key, certs, flags, md_type;
803 809
    OCSP_BASICRESP *bs;
804 810
    X509 *signer;
805 811
    EVP_PKEY *key;
806 812
    STACK_OF(X509) *x509s;
807 813
    unsigned long flg;
814
    const EVP_MD *md;
808 815
    int ret;
809 816

  
810
    rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
817
    rb_scan_args(argc, argv, "23", &signer_cert, &signer_key, &certs, &flags, &md_type);
811 818
    signer = GetX509CertPtr(signer_cert);
812 819
    key = GetPrivPKeyPtr(signer_key);
813 820
    flg = NIL_P(flags) ? 0 : NUM2INT(flags);
......
818 825
    else{
819 826
	x509s = ossl_x509_ary2sk(certs);
820 827
    }
828
    if(NIL_P(md_type)) md = EVP_sha1();
829
    else md = GetDigestPtr(md_type);
821 830
    GetOCSPBasicRes(self, bs);
822
    ret = OCSP_basic_sign(bs, signer, key, EVP_sha1(), x509s, flg);
831
    ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
823 832
    sk_X509_pop_free(x509s, X509_free);
824 833
    if(!ret) ossl_raise(eOCSPError, NULL);
825 834

  
test/openssl/test_ocsp.rb (working copy)
5 5
class OpenSSL::TestOCSP < Test::Unit::TestCase
6 6
  def setup
7 7
    ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
8
    ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
8
    @ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
9 9
    ca_serial = 0xabcabcabcabc
10 10

  
11 11
    subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
......
16 16
    dgst = OpenSSL::Digest::SHA1.new
17 17

  
18 18
    @ca_cert = OpenSSL::TestUtils.issue_cert(
19
       ca_subj, ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
19
       ca_subj, @ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
20 20
    @cert = OpenSSL::TestUtils.issue_cert(
21 21
       subj, @key, serial, now, now+3600, [], @ca_cert, nil, dgst)
22 22
  end
......
42 42
    # in current implementation not same instance of certificate id, but should contain same data
43 43
    assert_equal cid.serial, request.certid.first.serial
44 44
  end
45

  
46
  def test_new_ocsp_request_with_digest
47
    request = OpenSSL::OCSP::Request.new
48
    cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
49
    request.add_certid(cid)
50
    request.sign(@cert, @key, [@cert], nil, OpenSSL::Digest::SHA256.new)
51
    assert_kind_of OpenSSL::OCSP::Request, request
52
    # in current implementation not same instance of certificate id, but should contain same data
53
    assert_equal cid.serial, request.certid.first.serial
54
  end
55

  
56
  def test_basic_response_sign
57
    basic_response = OpenSSL::OCSP::BasicResponse.new
58
    basic_response.sign(@ca_cert, @ca_key)
59
    assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
60
  end
61

  
62
  def test_basic_response_sign_with_digest
63
    basic_response = OpenSSL::OCSP::BasicResponse.new
64
    basic_response.sign(@ca_cert, @ca_key, nil, nil, OpenSSL::Digest::SHA256.new)
65
    assert_kind_of OpenSSL::OCSP::BasicResponse, basic_response
66
  end
45 67
end
46 68

  
47 69
end