Project

General

Profile

Bug #12324 ยป interdiff-v2-v3.patch

rhenium (Kazuki Yamaguchi), 05/14/2016 11:20 AM

View differences:

ext/openssl/extconf.rb
66 66

  
67 67
Logging::message "=== Checking for OpenSSL features... ===\n"
68 68
# compile options
69
have_func("SSLv2_method")
70
have_func("SSLv3_method")
69

  
70
# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
71
# exist even if compiled with no-ssl2 or no-ssl3-method.
72
unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
73
  have_func("SSLv2_method")
74
end
75
unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
76
  have_func("SSLv3_method")
77
end
71 78
have_func("TLSv1_1_method")
72 79
have_func("TLSv1_2_method")
73 80
have_func("RAND_egd")
......
90 97
have_func("X509_NAME_hash_old")
91 98
have_func("X509_STORE_CTX_get0_current_crl")
92 99
have_func("X509_STORE_set_verify_cb")
100
have_func("i2d_ASN1_SET_ANY")
93 101
OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
94 102
have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
95 103

  
......
102 110
have_func("EC_curve_nist2nid")
103 111
have_func("X509_REVOKED_dup")
104 112
have_func("X509_STORE_CTX_get0_store")
105
have_func("SSL_is_server");
113
have_func("SSL_is_server")
106 114
have_func("SSL_CTX_set_alpn_select_cb")
107 115
OpenSSL.check_func_or_macro("SSL_CTX_set1_curves_list", "openssl/ssl.h")
108 116
OpenSSL.check_func_or_macro("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
ext/openssl/openssl_missing.h
45 45
#  define X509_STORE_set_verify_cb X509_STORE_set_verify_cb_func
46 46
#endif
47 47

  
48
#if !defined(HAVE_I2D_ASN1_SET_ANY)
49
#  define i2d_ASN1_SET_ANY(sk, x) i2d_ASN1_SET_OF_ASN1_TYPE((sk), (x), \
50
		i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0)
51
#endif
52

  
48 53
/* added in 1.0.2 */
49 54
#if !defined(HAVE_CRYPTO_MEMCMP)
50 55
int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
ext/openssl/ossl_pkey_dh.c
327 327
ossl_dh_to_der(VALUE self)
328 328
{
329 329
    EVP_PKEY *pkey;
330
    DH *dh;
330 331
    unsigned char *p;
331 332
    long len;
332 333
    VALUE str;
333 334

  
334 335
    GetPKeyDH(self, pkey);
335
    if((len = i2d_DHparams(EVP_PKEY_get0_DH(pkey), NULL)) <= 0)
336
    dh = EVP_PKEY_get0_DH(pkey);
337
    if((len = i2d_DHparams(dh, NULL)) <= 0)
336 338
	ossl_raise(eDHError, NULL);
337 339
    str = rb_str_new(0, len);
338 340
    p = (unsigned char *)RSTRING_PTR(str);
339
    if(i2d_DHparams(EVP_PKEY_get0_DH(pkey), &p) < 0)
341
    if(i2d_DHparams(dh, &p) < 0)
340 342
	ossl_raise(eDHError, NULL);
341 343
    ossl_str_adjust(str, p);
342 344

  
ext/openssl/ossl_pkey_dsa.c
325 325
ossl_dsa_export(int argc, VALUE *argv, VALUE self)
326 326
{
327 327
    EVP_PKEY *pkey;
328
    DSA *dsa;
328 329
    BIO *out;
329 330
    const EVP_CIPHER *ciph = NULL;
330 331
    char *passwd = NULL;
......
344 345
    if (!(out = BIO_new(BIO_s_mem()))) {
345 346
	ossl_raise(eDSAError, NULL);
346 347
    }
347
    if (dsa_has_private(EVP_PKEY_get0_DSA(pkey))) {
348
	if (!PEM_write_bio_DSAPrivateKey(out, EVP_PKEY_get0_DSA(pkey), ciph,
349
					 NULL, 0, ossl_pem_passwd_cb, passwd)){
348
    dsa = EVP_PKEY_get0_DSA(pkey);
349
    if (dsa_has_private(dsa)) {
350
	if (!PEM_write_bio_DSAPrivateKey(out, dsa, ciph, NULL, 0,
351
					 ossl_pem_passwd_cb, passwd)){
350 352
	    BIO_free(out);
351 353
	    ossl_raise(eDSAError, NULL);
352 354
	}
353 355
    } else {
354
	if (!PEM_write_bio_DSA_PUBKEY(out, EVP_PKEY_get0_DSA(pkey))) {
356
	if (!PEM_write_bio_DSA_PUBKEY(out, dsa)) {
355 357
	    BIO_free(out);
356 358
	    ossl_raise(eDSAError, NULL);
357 359
	}
......
372 374
ossl_dsa_to_der(VALUE self)
373 375
{
374 376
    EVP_PKEY *pkey;
377
    DSA *dsa;
375 378
    int (*i2d_func)_((DSA*, unsigned char**));
376 379
    unsigned char *p;
377 380
    long len;
378 381
    VALUE str;
379 382

  
380 383
    GetPKeyDSA(self, pkey);
381
    if(dsa_has_private(EVP_PKEY_get0_DSA(pkey)))
384
    dsa = EVP_PKEY_get0_DSA(pkey);
385
    if(dsa_has_private(dsa))
382 386
	i2d_func = (int(*)_((DSA*,unsigned char**)))i2d_DSAPrivateKey;
383 387
    else
384 388
	i2d_func = i2d_DSA_PUBKEY;
385
    if((len = i2d_func(EVP_PKEY_get0_DSA(pkey), NULL)) <= 0)
389
    if((len = i2d_func(dsa, NULL)) <= 0)
386 390
	ossl_raise(eDSAError, NULL);
387 391
    str = rb_str_new(0, len);
388 392
    p = (unsigned char *)RSTRING_PTR(str);
389
    if(i2d_func(EVP_PKEY_get0_DSA(pkey), &p) < 0)
393
    if(i2d_func(dsa, &p) < 0)
390 394
	ossl_raise(eDSAError, NULL);
391 395
    ossl_str_adjust(str, p);
392 396

  
ext/openssl/ossl_pkey_rsa.c
320 320
ossl_rsa_export(int argc, VALUE *argv, VALUE self)
321 321
{
322 322
    EVP_PKEY *pkey;
323
    RSA *rsa;
323 324
    BIO *out;
324 325
    const EVP_CIPHER *ciph = NULL;
325 326
    char *passwd = NULL;
......
341 342
    if (!(out = BIO_new(BIO_s_mem()))) {
342 343
	ossl_raise(eRSAError, NULL);
343 344
    }
344
    if (rsa_has_private(EVP_PKEY_get0_RSA(pkey))) {
345
	if (!PEM_write_bio_RSAPrivateKey(out, EVP_PKEY_get0_RSA(pkey), ciph,
346
					 NULL, 0, ossl_pem_passwd_cb, passwd)) {
345
    rsa = EVP_PKEY_get0_RSA(pkey);
346
    if (rsa_has_private(rsa)) {
347
	if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0,
348
					 ossl_pem_passwd_cb, passwd)) {
347 349
	    BIO_free(out);
348 350
	    ossl_raise(eRSAError, NULL);
349 351
	}
350 352
    } else {
351
	if (!PEM_write_bio_RSA_PUBKEY(out, EVP_PKEY_get0_RSA(pkey))) {
353
	if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) {
352 354
	    BIO_free(out);
353 355
	    ossl_raise(eRSAError, NULL);
354 356
	}
......
368 370
ossl_rsa_to_der(VALUE self)
369 371
{
370 372
    EVP_PKEY *pkey;
373
    RSA *rsa;
371 374
    int (*i2d_func)_((const RSA*, unsigned char**));
372 375
    unsigned char *p;
373 376
    long len;
374 377
    VALUE str;
375 378

  
376 379
    GetPKeyRSA(self, pkey);
377
    if(rsa_has_private(EVP_PKEY_get0_RSA(pkey)))
380
    rsa = EVP_PKEY_get0_RSA(pkey);
381
    if(rsa_has_private(rsa))
378 382
	i2d_func = i2d_RSAPrivateKey;
379 383
    else
380 384
	i2d_func = (int (*)(const RSA*, unsigned char**))i2d_RSA_PUBKEY;
381
    if((len = i2d_func(EVP_PKEY_get0_RSA(pkey), NULL)) <= 0)
385
    if((len = i2d_func(rsa, NULL)) <= 0)
382 386
	ossl_raise(eRSAError, NULL);
383 387
    str = rb_str_new(0, len);
384 388
    p = (unsigned char *)RSTRING_PTR(str);
385
    if(i2d_func(EVP_PKEY_get0_RSA(pkey), &p) < 0)
389
    if(i2d_func(rsa, &p) < 0)
386 390
	ossl_raise(eRSAError, NULL);
387 391
    ossl_str_adjust(str, p);
388 392

  
389 393
    return str;
390 394
}
391 395

  
392
#define ossl_rsa_buf_size(pkey) (RSA_size(EVP_PKEY_get0_RSA(pkey))+16)
396
#define ossl_rsa_buf_size(rsa) (RSA_size(rsa)+16)
393 397

  
394 398
/*
395 399
 * call-seq:
......
403 407
ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self)
404 408
{
405 409
    EVP_PKEY *pkey;
410
    RSA *rsa;
406 411
    int buf_len, pad;
407 412
    VALUE str, buffer, padding;
408 413

  
409 414
    GetPKeyRSA(self, pkey);
415
    rsa = EVP_PKEY_get0_RSA(pkey);
410 416
    rb_scan_args(argc, argv, "11", &buffer, &padding);
411 417
    pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
412 418
    StringValue(buffer);
413
    str = rb_str_new(0, ossl_rsa_buf_size(pkey));
419
    str = rb_str_new(0, ossl_rsa_buf_size(rsa));
414 420
    buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
415
				 (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
416
				 pad);
421
				 (unsigned char *)RSTRING_PTR(str), rsa, pad);
417 422
    if (buf_len < 0) ossl_raise(eRSAError, NULL);
418 423
    rb_str_set_len(str, buf_len);
419 424

  
......
432 437
ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self)
433 438
{
434 439
    EVP_PKEY *pkey;
440
    RSA *rsa;
435 441
    int buf_len, pad;
436 442
    VALUE str, buffer, padding;
437 443

  
438 444
    GetPKeyRSA(self, pkey);
445
    rsa = EVP_PKEY_get0_RSA(pkey);
439 446
    rb_scan_args(argc, argv, "11", &buffer, &padding);
440 447
    pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
441 448
    StringValue(buffer);
442
    str = rb_str_new(0, ossl_rsa_buf_size(pkey));
449
    str = rb_str_new(0, ossl_rsa_buf_size(rsa));
443 450
    buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
444
				 (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
445
				 pad);
451
				 (unsigned char *)RSTRING_PTR(str), rsa, pad);
446 452
    if (buf_len < 0) ossl_raise(eRSAError, NULL);
447 453
    rb_str_set_len(str, buf_len);
448 454

  
......
461 467
ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self)
462 468
{
463 469
    EVP_PKEY *pkey;
470
    RSA *rsa;
464 471
    int buf_len, pad;
465 472
    VALUE str, buffer, padding;
466 473

  
467 474
    GetPKeyRSA(self, pkey);
475
    rsa = EVP_PKEY_get0_RSA(pkey);
468 476
    if (!rsa_is_private(self, EVP_PKEY_get0_RSA(pkey))) {
469 477
	ossl_raise(eRSAError, "private key needed.");
470 478
    }
471 479
    rb_scan_args(argc, argv, "11", &buffer, &padding);
472 480
    pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
473 481
    StringValue(buffer);
474
    str = rb_str_new(0, ossl_rsa_buf_size(pkey));
482
    str = rb_str_new(0, ossl_rsa_buf_size(rsa));
475 483
    buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
476
				  (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
477
				  pad);
484
				  (unsigned char *)RSTRING_PTR(str), rsa, pad);
478 485
    if (buf_len < 0) ossl_raise(eRSAError, NULL);
479 486
    rb_str_set_len(str, buf_len);
480 487

  
......
493 500
ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
494 501
{
495 502
    EVP_PKEY *pkey;
503
    RSA *rsa;
496 504
    int buf_len, pad;
497 505
    VALUE str, buffer, padding;
498 506

  
499 507
    GetPKeyRSA(self, pkey);
500
    if (!rsa_is_private(self, EVP_PKEY_get0_RSA(pkey))) {
508
    rsa = EVP_PKEY_get0_RSA(pkey);
509
    if (!rsa_is_private(self, rsa)) {
501 510
	ossl_raise(eRSAError, "private key needed.");
502 511
    }
503 512
    rb_scan_args(argc, argv, "11", &buffer, &padding);
504 513
    pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding);
505 514
    StringValue(buffer);
506
    str = rb_str_new(0, ossl_rsa_buf_size(pkey));
515
    str = rb_str_new(0, ossl_rsa_buf_size(rsa));
507 516
    buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer),
508
				  (unsigned char *)RSTRING_PTR(str), EVP_PKEY_get0_RSA(pkey),
509
				  pad);
517
				  (unsigned char *)RSTRING_PTR(str), rsa, pad);
510 518
    if (buf_len < 0) ossl_raise(eRSAError, NULL);
511 519
    rb_str_set_len(str, buf_len);
512 520

  
ext/openssl/ossl_x509attr.c
186 186
ossl_x509attr_set_value(VALUE self, VALUE value)
187 187
{
188 188
    X509_ATTRIBUTE *attr;
189
    ASN1_TYPE *a1type;
189
    VALUE asn1_value;
190
    int i, asn1_tag;
191

  
192
    OSSL_Check_Kind(value, cASN1Data);
193
    asn1_value = rb_attr_get(value, rb_intern("@value"));
194
    asn1_tag = NUM2INT(rb_attr_get(value, rb_intern("@tag")));
195
    if (asn1_tag != V_ASN1_SET)
196
	ossl_raise(eASN1Error, "argument must be a SET");
197
    if (!rb_obj_is_kind_of(asn1_value, rb_cArray))
198
	ossl_raise(eASN1Error, "ASN1::Set has non-array value (bug)");
190 199

  
191
    if(!(a1type = ossl_asn1_get_asn1type(value)))
192
	ossl_raise(eASN1Error, "could not get ASN1_TYPE");
193
    if(ASN1_TYPE_get(a1type) == V_ASN1_SEQUENCE){
194
	ASN1_TYPE_free(a1type);
195
	ossl_raise(eASN1Error, "couldn't set SEQUENCE for attribute value.");
196
    }
197 200
    GetX509Attr(self, attr);
198 201
    if (X509_ATTRIBUTE_count(attr)) {
199 202
	/* populated, reset first */
200 203
	ASN1_OBJECT *obj = X509_ATTRIBUTE_get0_object(attr);
201 204
	X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_new();
202
	if (!new_attr) {
203
	    ASN1_TYPE_free(a1type);
205
	if (!new_attr)
204 206
	    ossl_raise(eX509AttrError, NULL);
205
	}
206 207
	SetX509Attr(self, new_attr);
207 208
	X509_ATTRIBUTE_set1_object(new_attr, obj);
208 209
	X509_ATTRIBUTE_free(attr);
209 210
	attr = new_attr;
210 211
    }
211
    if (!X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value.ptr, -1)) {
212

  
213
    for (i = 0; i < RARRAY_LEN(asn1_value); i++) {
214
	int ret;
215
	ASN1_TYPE *a1type = ossl_asn1_get_asn1type(RARRAY_AREF(asn1_value, i));
216
	ret = X509_ATTRIBUTE_set1_data(attr, ASN1_TYPE_get(a1type), a1type->value.ptr, -1);
212 217
	ASN1_TYPE_free(a1type);
213
	ossl_raise(eX509AttrError, NULL);
218
	if (!ret)
219
	    ossl_raise(eX509AttrError, NULL);
214 220
    }
215
    ASN1_TYPE_free(a1type);
216 221

  
217 222
    return value;
218 223
}
......
226 231
{
227 232
    X509_ATTRIBUTE *attr;
228 233
    VALUE str;
229
    long length;
230 234
    unsigned char *p;
231
    int count;
235
    STACK_OF(ASN1_TYPE) *sk;
236
    int i, count;
237

  
238
    /* there is no X509_ATTRIBUTE_get0_set() function.. */
239
    sk = sk_ASN1_TYPE_new_null();
240
    if (!sk)
241
	ossl_raise(eX509AttrError, "sk_new() failed");
232 242

  
233 243
    GetX509Attr(self, attr);
234 244
    count = X509_ATTRIBUTE_count(attr);
235
    if (!count) return Qnil;
236
    if (count == 1) {
237
	ASN1_TYPE *a1type = X509_ATTRIBUTE_get0_type(attr, 0);
238
	length = i2d_ASN1_TYPE(a1type, NULL);
239
	str = rb_str_new(0, length);
240
	p = (unsigned char *)RSTRING_PTR(str);
241
	i2d_ASN1_TYPE(a1type, &p);
242
    }
243
    else {
244
#if defined(i2d_ASN1_SET_OF_ASN1_TYPE)
245
	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
246
		(unsigned char **)NULL, i2d_ASN1_TYPE,
247
		V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
248
	str = rb_str_new(0, length);
249
	p = (unsigned char *)RSTRING_PTR(str);
250
	i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
251
		&p, i2d_ASN1_TYPE,
252
		V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
253
#else
254
	STACK_OF(ASN1_TYPE) *sk = sk_ASN1_TYPE_new_null();
255
	int i;
256

  
257
	if (!sk) ossl_raise(eX509AttrError, "sk_new() failed");
258
	for (i = 0; i < count; i++)
259
	    sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
260
	length = i2d_ASN1_SET_ANY(sk, NULL);
261
	str = rb_str_new(0, length);
262
	p = (unsigned char *)RSTRING_PTR(str);
263
	i2d_ASN1_SET_ANY(sk, &p);
264
	sk_ASN1_TYPE_free(sk);
265
#endif
266
    }
245
    for (i = 0; i < count; i++)
246
	sk_ASN1_TYPE_push(sk, X509_ATTRIBUTE_get0_type(attr, i));
247

  
248
    str = rb_str_new(0, i2d_ASN1_SET_ANY(sk, NULL));
249
    p = (unsigned char *)RSTRING_PTR(str);
250
    i2d_ASN1_SET_ANY(sk, &p);
267 251
    ossl_str_adjust(str, p);
268 252

  
253
    sk_ASN1_TYPE_free(sk);
254

  
269 255
    return rb_funcall(mASN1, rb_intern("decode"), 1, str);
270 256
}
271 257

  
......
288 274
    p = (unsigned char *)RSTRING_PTR(str);
289 275
    if(i2d_X509_ATTRIBUTE(attr, &p) <= 0)
290 276
	ossl_raise(eX509AttrError, NULL);
291
    rb_str_set_len(str, p - (unsigned char*)RSTRING_PTR(str));
277
    ossl_str_adjust(str, p);
292 278

  
293 279
    return str;
294 280
}
test/openssl/test_x509attr.rb
1
# frozen_string_literal: false
2
require_relative "utils"
3

  
4
if defined?(OpenSSL::TestUtils)
5

  
6
class OpenSSL::TestX509Attribute < Test::Unit::TestCase
7
  def test_new
8
    ef = OpenSSL::X509::ExtensionFactory.new
9
    val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([
10
      ef.create_extension("keyUsage", "keyCertSign", true)
11
    ])])
12
    attr = OpenSSL::X509::Attribute.new("extReq", val)
13
    assert_equal("extReq", attr.oid)
14
    assert_equal(val.to_der, attr.value.to_der)
15
  end
16

  
17
  def test_from_der
18
    # oid: challengePassword, values: Set[UTF8String<"abc123">]
19
    test_der = "\x30\x15\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x07\x31\x08" \
20
      "\x0c\x06\x61\x62\x63\x31\x32\x33".b
21
    attr = OpenSSL::X509::Attribute.new(test_der)
22
    assert_equal(test_der, attr.to_der)
23
    assert_equal("challengePassword", attr.oid)
24
    assert_equal("abc123", attr.value.value[0].value)
25
  end
26

  
27
  def test_to_der
28
    ef = OpenSSL::X509::ExtensionFactory.new
29
    val = OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([
30
      ef.create_extension("keyUsage", "keyCertSign", true)
31
    ])])
32
    attr = OpenSSL::X509::Attribute.new("extReq", val)
33
    expected = OpenSSL::ASN1::Sequence.new([
34
      OpenSSL::ASN1::ObjectId.new("extReq"),
35
      val
36
    ])
37
    assert_equal(expected.to_der, attr.to_der)
38
  end
39

  
40
  def test_invalid_value
41
    assert_raise(TypeError) {
42
      OpenSSL::X509::Attribute.new("challengePassword", "1234")
43
    }
44
  end
45
end
46

  
47
end