Index: ext/openssl/ossl_pkey_dsa.c =================================================================== --- ext/openssl/ossl_pkey_dsa.c.orig +++ ext/openssl/ossl_pkey_dsa.c @@ -161,19 +161,19 @@ ossl_dsa_initialize(int argc, VALUE *arg in = ossl_obj2bio(arg); dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd); if (!dsa) { - BIO_reset(in); + (void)BIO_reset(in); dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL); } if (!dsa) { - BIO_reset(in); + (void)BIO_reset(in); dsa = PEM_read_bio_DSA_PUBKEY(in, NULL, NULL, NULL); } if (!dsa) { - BIO_reset(in); + (void)BIO_reset(in); dsa = d2i_DSAPrivateKey_bio(in, NULL); } if (!dsa) { - BIO_reset(in); + (void)BIO_reset(in); dsa = d2i_DSA_PUBKEY_bio(in, NULL); } BIO_free(in); @@ -289,7 +289,7 @@ ossl_dsa_to_der(VALUE self) if((len = i2d_func(pkey->pkey.dsa, NULL)) <= 0) ossl_raise(eDSAError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_func(pkey->pkey.dsa, &p) < 0) ossl_raise(eDSAError, NULL); ossl_str_adjust(str, p); @@ -387,7 +387,7 @@ static VALUE ossl_dsa_sign(VALUE self, VALUE data) { EVP_PKEY *pkey; - int buf_len; + unsigned int buf_len; VALUE str; GetPKeyDSA(self, pkey); @@ -396,7 +396,8 @@ ossl_dsa_sign(VALUE self, VALUE data) ossl_raise(eDSAError, "Private DSA key needed!"); } str = rb_str_new(0, ossl_dsa_buf_size(pkey)); - if (!DSA_sign(0, RSTRING_PTR(data), RSTRING_LEN(data), RSTRING_PTR(str), + if (!DSA_sign(0, (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data), + (unsigned char *)RSTRING_PTR(str), &buf_len, pkey->pkey.dsa)) { /* type is ignored (0) */ ossl_raise(eDSAError, NULL); } @@ -420,8 +421,8 @@ ossl_dsa_verify(VALUE self, VALUE digest StringValue(digest); StringValue(sig); /* type is ignored (0) */ - ret = DSA_verify(0, RSTRING_PTR(digest), RSTRING_LEN(digest), - RSTRING_PTR(sig), RSTRING_LEN(sig), pkey->pkey.dsa); + ret = DSA_verify(0, (unsigned char *)RSTRING_PTR(digest), RSTRING_LEN(digest), + (unsigned char *)RSTRING_PTR(sig), RSTRING_LEN(sig), pkey->pkey.dsa); if (ret < 0) { ossl_raise(eDSAError, NULL); } @@ -432,11 +433,11 @@ ossl_dsa_verify(VALUE self, VALUE digest return Qfalse; } -OSSL_PKEY_BN(dsa, p); -OSSL_PKEY_BN(dsa, q); -OSSL_PKEY_BN(dsa, g); -OSSL_PKEY_BN(dsa, pub_key); -OSSL_PKEY_BN(dsa, priv_key); +OSSL_PKEY_BN(dsa, p) +OSSL_PKEY_BN(dsa, q) +OSSL_PKEY_BN(dsa, g) +OSSL_PKEY_BN(dsa, pub_key) +OSSL_PKEY_BN(dsa, priv_key) /* * INIT Index: ext/openssl/ossl_x509attr.c =================================================================== --- ext/openssl/ossl_x509attr.c.orig +++ ext/openssl/ossl_x509attr.c @@ -92,16 +92,17 @@ static VALUE ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self) { VALUE oid, value; - X509_ATTRIBUTE *attr; - unsigned char *p; + X509_ATTRIBUTE *attr, *x; + const unsigned char *p; GetX509Attr(self, attr); if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){ oid = ossl_to_der_if_possible(oid); StringValue(oid); - p = RSTRING_PTR(oid); - if(!d2i_X509_ATTRIBUTE((X509_ATTRIBUTE**)&DATA_PTR(self), - &p, RSTRING_LEN(oid))){ + p = (unsigned char *)RSTRING_PTR(oid); + x = d2i_X509_ATTRIBUTE(&attr, &p, RSTRING_LEN(oid)); + DATA_PTR(self) = attr; + if(!x){ ossl_raise(eX509AttrError, NULL); } return self; @@ -212,15 +213,16 @@ ossl_x509attr_get_value(VALUE self) if(OSSL_X509ATTR_IS_SINGLE(attr)){ length = i2d_ASN1_TYPE(attr->value.single, NULL); str = rb_str_new(0, length); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); i2d_ASN1_TYPE(attr->value.single, &p); ossl_str_adjust(str, p); } else{ - length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL, - i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); + length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, + (unsigned char **) NULL, i2d_ASN1_TYPE, + V_ASN1_SET, V_ASN1_UNIVERSAL, 0); str = rb_str_new(0, length); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p, i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); ossl_str_adjust(str, p); @@ -246,7 +248,7 @@ ossl_x509attr_to_der(VALUE self) if((len = i2d_X509_ATTRIBUTE(attr, NULL)) <= 0) ossl_raise(eX509AttrError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_X509_ATTRIBUTE(attr, &p) <= 0) ossl_raise(eX509AttrError, NULL); rb_str_set_len(str, p - (unsigned char*)RSTRING_PTR(str)); Index: ext/openssl/ossl_ssl.c =================================================================== --- ext/openssl/ossl_ssl.c.orig +++ ext/openssl/ossl_ssl.c @@ -69,6 +69,9 @@ static const char *ossl_sslctx_attrs[] = "verify_callback", "options", "cert_store", "extra_chain_cert", "client_cert_cb", "tmp_dh_callback", "session_id_context", "session_get_cb", "session_new_cb", "session_remove_cb", +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + "servername_cb", +#endif }; #define ossl_ssl_get_io(o) rb_iv_get((o),"@io") @@ -86,7 +89,12 @@ static const char *ossl_sslctx_attrs[] = #define ossl_ssl_set_tmp_dh(o,v) rb_iv_set((o),"@tmp_dh",(v)) static const char *ossl_ssl_attr_readers[] = { "io", "context", }; -static const char *ossl_ssl_attrs[] = { "sync_close", }; +static const char *ossl_ssl_attrs[] = { +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + "hostname", +#endif + "sync_close", +}; ID ID_callback_state; @@ -297,7 +305,7 @@ ossl_ssl_verify_callback(int preverify_o static VALUE ossl_call_session_get_cb(VALUE ary) { - VALUE ssl_obj, sslctx_obj, cb, ret; + VALUE ssl_obj, sslctx_obj, cb; Check_Type(ary, T_ARRAY); ssl_obj = rb_ary_entry(ary, 0); @@ -325,7 +333,7 @@ ossl_sslctx_session_get_cb(SSL *ssl, uns ssl_obj = (VALUE)ptr; ary = rb_ary_new2(2); rb_ary_push(ary, ssl_obj); - rb_ary_push(ary, rb_str_new(buf, len)); + rb_ary_push(ary, rb_str_new((const char *)buf, len)); ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_session_get_cb, ary, &state); if (state) { @@ -344,7 +352,7 @@ ossl_sslctx_session_get_cb(SSL *ssl, uns static VALUE ossl_call_session_new_cb(VALUE ary) { - VALUE ssl_obj, sslctx_obj, cb, ret; + VALUE ssl_obj, sslctx_obj, cb; Check_Type(ary, T_ARRAY); ssl_obj = rb_ary_entry(ary, 0); @@ -387,10 +395,11 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL return RTEST(ret_obj) ? 1 : 0; } +#if 0 /* unused */ static VALUE ossl_call_session_remove_cb(VALUE ary) { - VALUE sslctx_obj, cb, ret; + VALUE sslctx_obj, cb; Check_Type(ary, T_ARRAY); sslctx_obj = rb_ary_entry(ary, 0); @@ -400,6 +409,7 @@ ossl_call_session_remove_cb(VALUE ary) return rb_funcall(cb, rb_intern("call"), 1, ary); } +#endif static void ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess) @@ -446,6 +456,66 @@ ossl_sslctx_add_extra_chain_cert_i(VALUE return i; } +static VALUE ossl_sslctx_setup(VALUE self); + +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME +static VALUE +ossl_call_servername_cb(VALUE ary) +{ + VALUE ssl_obj, sslctx_obj, cb, ret_obj; + + Check_Type(ary, T_ARRAY); + ssl_obj = rb_ary_entry(ary, 0); + + sslctx_obj = rb_iv_get(ssl_obj, "@context"); + if (NIL_P(sslctx_obj)) return Qnil; + cb = rb_iv_get(sslctx_obj, "@servername_cb"); + if (NIL_P(cb)) return Qnil; + + ret_obj = rb_funcall(cb, rb_intern("call"), 1, ary); + if (rb_obj_is_kind_of(ret_obj, cSSLContext)) { + SSL *ssl; + SSL_CTX *ctx2; + + ossl_sslctx_setup(ret_obj); + Data_Get_Struct(ssl_obj, SSL, ssl); + Data_Get_Struct(ret_obj, SSL_CTX, ctx2); + SSL_set_SSL_CTX(ssl, ctx2); + } else if (!NIL_P(ret_obj)) { + rb_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil"); + } + + return ret_obj; +} + +static int +ssl_servername_cb(SSL *ssl, int *ad, void *arg) +{ + VALUE ary, ssl_obj, ret_obj; + void *ptr; + int state = 0; + const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + + if (!servername) + return SSL_TLSEXT_ERR_OK; + + if ((ptr = SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx)) == NULL) + return SSL_TLSEXT_ERR_ALERT_FATAL; + ssl_obj = (VALUE)ptr; + ary = rb_ary_new2(2); + rb_ary_push(ary, ssl_obj); + rb_ary_push(ary, rb_str_new2(servername)); + + ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_servername_cb, ary, &state); + if (state) { + rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state)); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + return SSL_TLSEXT_ERR_OK; +} +#endif + /* * call-seq: * ctx.setup => Qtrue # first time @@ -563,7 +633,7 @@ ossl_sslctx_setup(VALUE self) val = ossl_sslctx_get_sess_id_ctx(self); if (!NIL_P(val)){ StringValue(val); - if (!SSL_CTX_set_session_id_context(ctx, RSTRING_PTR(val), + if (!SSL_CTX_set_session_id_context(ctx, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val))){ ossl_raise(eSSLError, "SSL_CTX_set_session_id_context:"); } @@ -581,6 +651,15 @@ ossl_sslctx_setup(VALUE self) SSL_CTX_sess_set_remove_cb(ctx, ossl_sslctx_session_remove_cb); OSSL_Debug("SSL SESSION remove callback added"); } + +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + val = rb_iv_get(self, "@servername_cb"); + if (!NIL_P(val)) { + SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); + OSSL_Debug("SSL TLSEXT servername callback added"); + } +#endif + return Qtrue; } @@ -815,7 +894,6 @@ ossl_sslctx_flush_sessions(int argc, VAL VALUE arg1; SSL_CTX *ctx; time_t tm = 0; - int cb_state; rb_scan_args(argc, argv, "01", &arg1); @@ -829,7 +907,7 @@ ossl_sslctx_flush_sessions(int argc, VAL rb_raise(rb_eArgError, "arg must be Time or nil"); } - SSL_CTX_flush_sessions(ctx, tm); + SSL_CTX_flush_sessions(ctx, (long)tm); return self; } @@ -887,6 +965,9 @@ ossl_ssl_initialize(int argc, VALUE *arg ossl_ssl_set_ctx(self, ctx); ossl_ssl_set_sync_close(self, Qfalse); ossl_sslctx_setup(ctx); + + rb_iv_set(self, "@hostname", Qnil); + rb_call_super(0, 0); return self; @@ -902,6 +983,10 @@ ossl_ssl_setup(VALUE self) Data_Get_Struct(self, SSL, ssl); if(!ssl){ +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + VALUE hostname = rb_iv_get(self, "@hostname"); +#endif + v_ctx = ossl_ssl_get_ctx(self); Data_Get_Struct(v_ctx, SSL_CTX, ctx); @@ -911,6 +996,12 @@ ossl_ssl_setup(VALUE self) } DATA_PTR(self) = ssl; +#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME + if (!NIL_P(hostname)) { + if (SSL_set_tlsext_host_name(ssl, StringValuePtr(hostname)) != 1) + ossl_raise(eSSLError, "SSL_set_tlsext_host_name:"); + } +#endif io = ossl_ssl_get_io(self); GetOpenFile(io, fptr); rb_io_check_readable(fptr); @@ -947,7 +1038,15 @@ ossl_start_ssl(VALUE self, int (*func)() Data_Get_Struct(self, SSL, ssl); GetOpenFile(ossl_ssl_get_io(self), fptr); for(;;){ - if((ret = func(ssl)) > 0) break; + ret = func(ssl); + + cb_state = rb_ivar_get(self, ID_callback_state); + if (!NIL_P(cb_state)) + rb_jump_tag(NUM2INT(cb_state)); + + if (ret > 0) + break; + switch((ret2 = ssl_get_error(ssl, ret))){ case SSL_ERROR_WANT_WRITE: rb_io_wait_writable(FPTR_TO_FD(fptr)); @@ -963,10 +1062,6 @@ ossl_start_ssl(VALUE self, int (*func)() } } - cb_state = rb_ivar_get(self, ID_callback_state); - if (!NIL_P(cb_state)) - rb_jump_tag(NUM2INT(cb_state)); - return self; } @@ -1196,10 +1291,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self) } chain = SSL_get_peer_cert_chain(ssl); if(!chain) return Qnil; - num = sk_num(chain); + num = sk_X509_num(chain); ary = rb_ary_new2(num); for (i = 0; i < num; i++){ - cert = (X509*)sk_value(chain, i); + cert = sk_X509_value(chain, i); rb_ary_push(ary, ossl_x509_new(cert)); } @@ -1344,13 +1439,13 @@ Init_ossl_ssl() ID_callback_state = rb_intern("@callback_state"); - ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,"ossl_ssl_ex_vcb_idx",0,0,0); - ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,"ossl_ssl_ex_store_p",0,0,0); - ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,"ossl_ssl_ex_ptr_idx",0,0,0); + ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_vcb_idx",0,0,0); + ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_store_p",0,0,0); + ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_ptr_idx",0,0,0); ossl_ssl_ex_client_cert_cb_idx = - SSL_get_ex_new_index(0,"ossl_ssl_ex_client_cert_cb_idx",0,0,0); + SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_client_cert_cb_idx",0,0,0); ossl_ssl_ex_tmp_dh_callback_idx = - SSL_get_ex_new_index(0,"ossl_ssl_ex_tmp_dh_callback_idx",0,0,0); + SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_tmp_dh_callback_idx",0,0,0); mSSL = rb_define_module_under(mOSSL, "SSL"); eSSLError = rb_define_class_under(mSSL, "SSLError", eOSSLError); Index: ext/openssl/ossl_ocsp.c =================================================================== --- ext/openssl/ossl_ocsp.c.orig +++ ext/openssl/ossl_ocsp.c @@ -103,15 +103,17 @@ static VALUE ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; - unsigned char *p; + const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if(!NIL_P(arg)){ + OCSP_REQUEST *req = DATA_PTR(self), *x; arg = ossl_to_der_if_possible(arg); StringValue(arg); p = (unsigned char*)RSTRING_PTR(arg); - if(!d2i_OCSP_REQUEST((OCSP_REQUEST**)&DATA_PTR(self), &p, - RSTRING_LEN(arg))){ + x = d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg)); + DATA_PTR(self) = req; + if(!x){ ossl_raise(eOCSPError, "cannot load DER encoded request"); } } @@ -134,7 +136,7 @@ ossl_ocspreq_add_nonce(int argc, VALUE * else{ StringValue(val); GetOCSPReq(self, req); - ret = OCSP_request_add1_nonce(req, RSTRING_PTR(val), RSTRING_LEN(val)); + ret = OCSP_request_add1_nonce(req, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val)); } if(!ret) ossl_raise(eOCSPError, NULL); @@ -265,7 +267,7 @@ ossl_ocspreq_to_der(VALUE self) if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_OCSP_REQUEST(req, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); @@ -310,15 +312,17 @@ static VALUE ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; - unsigned char *p; + const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if(!NIL_P(arg)){ + OCSP_RESPONSE *res = DATA_PTR(self), *x; arg = ossl_to_der_if_possible(arg); StringValue(arg); - p = RSTRING_PTR(arg); - if(!d2i_OCSP_RESPONSE((OCSP_RESPONSE**)&DATA_PTR(self), &p, - RSTRING_LEN(arg))){ + p = (unsigned char *)RSTRING_PTR(arg); + x = d2i_OCSP_RESPONSE(&res, &p, RSTRING_LEN(arg)); + DATA_PTR(self) = res; + if(!x){ ossl_raise(eOCSPError, "cannot load DER encoded response"); } } @@ -377,8 +381,8 @@ ossl_ocspres_to_der(VALUE self) if((len = i2d_OCSP_RESPONSE(res, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); - if(i2d_OCSP_RESPONSE(res, NULL) <= 0) + p = (unsigned char *)RSTRING_PTR(str); + if(i2d_OCSP_RESPONSE(res, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); @@ -436,7 +440,7 @@ ossl_ocspbres_add_nonce(int argc, VALUE else{ StringValue(val); GetOCSPBasicRes(self, bs); - ret = OCSP_basic_add1_nonce(bs, RSTRING_PTR(val), RSTRING_LEN(val)); + ret = OCSP_basic_add1_nonce(bs, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val)); } if(!ret) ossl_raise(eOCSPError, NULL); Index: ext/openssl/ossl_engine.c =================================================================== --- ext/openssl/ossl_engine.c.orig +++ ext/openssl/ossl_engine.c @@ -119,7 +119,7 @@ ossl_engine_s_by_id(VALUE klass, VALUE i if(!ENGINE_init(e)) ossl_raise(eEngineError, NULL); ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK, - 0, NULL, (void(*)())ossl_pem_passwd_cb); + 0, NULL, (void(*)(void))ossl_pem_passwd_cb); ERR_clear_error(); return obj; @@ -326,7 +326,7 @@ static VALUE ossl_engine_inspect(VALUE self) { VALUE str; - char *cname = rb_class2name(rb_obj_class(self)); + const char *cname = rb_class2name(rb_obj_class(self)); str = rb_str_new2("#<"); rb_str_cat2(str, cname); Index: ext/openssl/ossl_config.c =================================================================== --- ext/openssl/ossl_config.c.orig +++ ext/openssl/ossl_config.c @@ -158,14 +158,6 @@ ossl_config_initialize(int argc, VALUE * return self; } -static void -rb_ossl_config_modify_check(VALUE config) -{ - if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); - if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) - rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); -} - static VALUE ossl_config_add_value(VALUE self, VALUE section, VALUE name, VALUE value) { @@ -175,7 +167,6 @@ ossl_config_add_value(VALUE self, VALUE CONF *conf; CONF_VALUE *sv, *cv; - rb_ossl_config_modify_check(self); StringValue(section); StringValue(name); StringValue(value); @@ -201,6 +192,25 @@ ossl_config_add_value(VALUE self, VALUE #endif } +static void +rb_ossl_config_modify_check(VALUE config) +{ + if (OBJ_FROZEN(config)) rb_error_frozen("OpenSSL::Config"); + if (!OBJ_TAINTED(config) && rb_safe_level() >= 4) + rb_raise(rb_eSecurityError, "Insecure: can't modify OpenSSL config"); +} + +static VALUE +ossl_config_add_value_m(VALUE self, VALUE section, VALUE name, VALUE value) +{ +#if defined(OSSL_NO_CONF_API) + rb_notimplement(); +#else + rb_ossl_config_modify_check(self); + return ossl_config_add_value(self, section, name, value); +#endif +} + static VALUE ossl_config_get_value(VALUE self, VALUE section, VALUE name) { @@ -303,6 +313,12 @@ ossl_config_get_section_old(VALUE self, } #ifdef IMPLEMENT_LHASH_DOALL_ARG_FN +#define IMPLEMENT_LHASH_DOALL_ARG_FN_098(f_name,o_type,a_type) \ + void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type a = (o_type)arg1; \ + a_type b = (a_type)arg2; \ + f_name(a,b); } + static void get_conf_section(CONF_VALUE *cv, VALUE ary) { @@ -310,7 +326,7 @@ get_conf_section(CONF_VALUE *cv, VALUE a rb_ary_push(ary, rb_str_new2(cv->section)); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(get_conf_section, CONF_VALUE*, VALUE); +static IMPLEMENT_LHASH_DOALL_ARG_FN_098(get_conf_section, CONF_VALUE*, VALUE) static VALUE ossl_config_get_sections(VALUE self) @@ -348,7 +364,7 @@ dump_conf_value(CONF_VALUE *cv, VALUE st rb_str_cat2(str, "\n"); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_conf_value, CONF_VALUE*, VALUE); +static IMPLEMENT_LHASH_DOALL_ARG_FN_098(dump_conf_value, CONF_VALUE*, VALUE) static VALUE dump_conf(CONF *conf) @@ -392,13 +408,15 @@ each_conf_value(CONF_VALUE *cv, void* du } } -static IMPLEMENT_LHASH_DOALL_ARG_FN(each_conf_value, CONF_VALUE*, void*); +static IMPLEMENT_LHASH_DOALL_ARG_FN_098(each_conf_value, CONF_VALUE*, void*) static VALUE ossl_config_each(VALUE self) { CONF *conf; + RETURN_ENUMERATOR(self, 0, 0); + GetConfig(self, conf); lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(each_conf_value), (void*)NULL); @@ -431,7 +449,7 @@ static VALUE ossl_config_inspect(VALUE self) { VALUE str, ary = ossl_config_get_sections(self); - char *cname = rb_class2name(rb_obj_class(self)); + const char *cname = rb_class2name(rb_obj_class(self)); str = rb_str_new2("#<"); rb_str_cat2(str, cname); @@ -448,11 +466,14 @@ ossl_config_inspect(VALUE self) void Init_ossl_config() { + char *default_config_file; eConfigError = rb_define_class_under(mOSSL, "ConfigError", eOSSLError); cConfig = rb_define_class_under(mOSSL, "Config", rb_cObject); + default_config_file = CONF_get1_default_config_file(); rb_define_const(cConfig, "DEFAULT_CONFIG_FILE", - rb_str_new2(CONF_get1_default_config_file())); + rb_str_new2(default_config_file)); + OPENSSL_free(default_config_file); rb_include_module(cConfig, rb_mEnumerable); rb_define_singleton_method(cConfig, "parse", ossl_config_s_parse, 1); rb_define_alias(CLASS_OF(cConfig), "load", "new"); @@ -461,7 +482,7 @@ Init_ossl_config() rb_define_method(cConfig, "initialize", ossl_config_initialize, -1); rb_define_method(cConfig, "get_value", ossl_config_get_value, 2); rb_define_method(cConfig, "value", ossl_config_get_value_old, -1); - rb_define_method(cConfig, "add_value", ossl_config_add_value, 3); + rb_define_method(cConfig, "add_value", ossl_config_add_value_m, 3); rb_define_method(cConfig, "[]", ossl_config_get_section, 1); rb_define_method(cConfig, "section", ossl_config_get_section_old, 1); rb_define_method(cConfig, "[]=", ossl_config_set_section, 2); Index: ext/openssl/ossl_hmac.c =================================================================== --- ext/openssl/ossl_hmac.c.orig +++ ext/openssl/ossl_hmac.c @@ -42,7 +42,7 @@ static void ossl_hmac_free(HMAC_CTX *ctx) { HMAC_CTX_cleanup(ctx); - free(ctx); + ruby_xfree(ctx); } static VALUE @@ -103,13 +103,13 @@ ossl_hmac_update(VALUE self, VALUE data) StringValue(data); GetHMAC(self, ctx); - HMAC_Update(ctx, RSTRING_PTR(data), RSTRING_LEN(data)); + HMAC_Update(ctx, (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data)); return self; } static void -hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len) +hmac_final(HMAC_CTX *ctx, unsigned char **buf, unsigned int *buf_len) { HMAC_CTX final; @@ -132,13 +132,13 @@ static VALUE ossl_hmac_digest(VALUE self) { HMAC_CTX *ctx; - char *buf; - int buf_len; + unsigned char *buf; + unsigned int buf_len; VALUE digest; GetHMAC(self, ctx); hmac_final(ctx, &buf, &buf_len); - digest = ossl_buf2str(buf, buf_len); + digest = ossl_buf2str((char *)buf, buf_len); return digest; } @@ -152,8 +152,9 @@ static VALUE ossl_hmac_hexdigest(VALUE self) { HMAC_CTX *ctx; - char *buf, *hexbuf; - int buf_len; + unsigned char *buf; + char *hexbuf; + unsigned int buf_len; VALUE hexdigest; GetHMAC(self, ctx); @@ -192,15 +193,15 @@ ossl_hmac_reset(VALUE self) static VALUE ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data) { - char *buf; - int buf_len; + unsigned char *buf; + unsigned int buf_len; StringValue(key); StringValue(data); buf = HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LEN(key), - RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len); + (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len); - return rb_str_new(buf, buf_len); + return rb_str_new((const char *)buf, buf_len); } /* @@ -211,15 +212,16 @@ ossl_hmac_s_digest(VALUE klass, VALUE di static VALUE ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data) { - char *buf, *hexbuf; - int buf_len; + unsigned char *buf; + char *hexbuf; + unsigned int buf_len; VALUE hexdigest; StringValue(key); StringValue(data); buf = HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LEN(key), - RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len); + (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len); if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { ossl_raise(eHMACError, "Cannot convert buf to hexbuf"); } Index: ext/openssl/ossl_cipher.c =================================================================== --- ext/openssl/ossl_cipher.c.orig +++ ext/openssl/ossl_cipher.c @@ -67,7 +67,7 @@ ossl_cipher_free(EVP_CIPHER_CTX *ctx) { if (ctx) { EVP_CIPHER_CTX_cleanup(ctx); - free(ctx); + ruby_xfree(ctx); } } @@ -124,12 +124,14 @@ ossl_cipher_copy(VALUE self, VALUE other return self; } +#ifdef HAVE_OBJ_NAME_DO_ALL_SORTED static void* add_cipher_name_to_ary(const OBJ_NAME *name, VALUE ary) { rb_ary_push(ary, rb_str_new2(name->name)); return NULL; } +#endif /* * call-seq: @@ -186,7 +188,7 @@ ossl_cipher_init(int argc, VALUE *argv, * We deprecated the arguments for this method, but we decided * keeping this behaviour for backward compatibility. */ - char *cname = rb_class2name(rb_obj_class(self)); + const char *cname = rb_class2name(rb_obj_class(self)); rb_warn("argumtents for %s#encrypt and %s#decrypt were deprecated; " "use %s#pkcs5_keyivgen to derive key and IV", cname, cname, cname); @@ -202,7 +204,7 @@ ossl_cipher_init(int argc, VALUE *argv, else memcpy(iv, RSTRING_PTR(init_v), sizeof(iv)); } EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv, - RSTRING_PTR(pass), RSTRING_LEN(pass), 1, key, NULL); + (unsigned char *)RSTRING_PTR(pass), RSTRING_LEN(pass), 1, key, NULL); p_key = key; p_iv = iv; } @@ -279,13 +281,13 @@ ossl_cipher_pkcs5_keyivgen(int argc, VAL StringValue(vsalt); if(RSTRING_LEN(vsalt) != PKCS5_SALT_LEN) rb_raise(eCipherError, "salt must be an 8-octet string"); - salt = RSTRING_PTR(vsalt); + salt = (unsigned char *)RSTRING_PTR(vsalt); } iter = NIL_P(viter) ? 2048 : NUM2INT(viter); digest = NIL_P(vdigest) ? EVP_md5() : GetDigestPtr(vdigest); GetCipher(self, ctx); EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), digest, salt, - RSTRING_PTR(vpass), RSTRING_LEN(vpass), iter, key, iv); + (unsigned char *)RSTRING_PTR(vpass), RSTRING_LEN(vpass), iter, key, iv); if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, -1) != 1) ossl_raise(eCipherError, NULL); OPENSSL_cleanse(key, sizeof key); @@ -297,26 +299,6 @@ ossl_cipher_pkcs5_keyivgen(int argc, VAL /* * call-seq: - * cipher << data -> string - * - * === Parameters - * +data+ is a nonempty string. - * - * This method is deprecated and not available in 1.9.x or later. - */ -static VALUE -ossl_cipher_update_deprecated(VALUE self, VALUE data) -{ - char *cname; - - cname = rb_class2name(rb_obj_class(self)); - rb_warning("%s#<< is deprecated; use %s#update instead", cname, cname); - return rb_funcall(self, rb_intern("update"), 1, data); -} - - -/* - * call-seq: * cipher.update(data [, buffer]) -> string or buffer * * === Parameters @@ -327,14 +309,14 @@ static VALUE ossl_cipher_update(int argc, VALUE *argv, VALUE self) { EVP_CIPHER_CTX *ctx; - char *in; + unsigned char *in; int in_len, out_len; VALUE data, str; rb_scan_args(argc, argv, "11", &data, &str); StringValue(data); - in = RSTRING_PTR(data); + in = (unsigned char *)RSTRING_PTR(data); if ((in_len = RSTRING_LEN(data)) == 0) rb_raise(rb_eArgError, "data must not be empty"); GetCipher(self, ctx); @@ -347,7 +329,7 @@ ossl_cipher_update(int argc, VALUE *argv rb_str_resize(str, out_len); } - if (!EVP_CipherUpdate(ctx, RSTRING_PTR(str), &out_len, in, in_len)) + if (!EVP_CipherUpdate(ctx, (unsigned char *)RSTRING_PTR(str), &out_len, in, in_len)) ossl_raise(eCipherError, NULL); assert(out_len < RSTRING_LEN(str)); rb_str_set_len(str, out_len); @@ -372,7 +354,7 @@ ossl_cipher_final(VALUE self) GetCipher(self, ctx); str = rb_str_new(0, EVP_CIPHER_CTX_block_size(ctx)); - if (!EVP_CipherFinal_ex(ctx, RSTRING_PTR(str), &out_len)) + if (!EVP_CipherFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), &out_len)) ossl_raise(eCipherError, NULL); assert(out_len <= RSTRING_LEN(str)); rb_str_set_len(str, out_len); @@ -415,7 +397,7 @@ ossl_cipher_set_key(VALUE self, VALUE ke if (RSTRING_LEN(key) < EVP_CIPHER_CTX_key_length(ctx)) ossl_raise(eCipherError, "key length too short"); - if (EVP_CipherInit_ex(ctx, NULL, NULL, RSTRING_PTR(key), NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1) ossl_raise(eCipherError, NULL); return key; @@ -440,7 +422,7 @@ ossl_cipher_set_iv(VALUE self, VALUE iv) if (RSTRING_LEN(iv) < EVP_CIPHER_CTX_iv_length(ctx)) ossl_raise(eCipherError, "iv length too short"); - if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, RSTRING_PTR(iv), -1) != 1) + if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, (unsigned char *)RSTRING_PTR(iv), -1) != 1) ossl_raise(eCipherError, NULL); return iv; @@ -551,9 +533,6 @@ Init_ossl_cipher(void) rb_define_method(cCipher, "decrypt", ossl_cipher_decrypt, -1); rb_define_method(cCipher, "pkcs5_keyivgen", ossl_cipher_pkcs5_keyivgen, -1); rb_define_method(cCipher, "update", ossl_cipher_update, -1); -#if RUBY_VERSION_CODE < 190 - rb_define_method(cCipher, "<<", ossl_cipher_update_deprecated, 1); -#endif rb_define_method(cCipher, "final", ossl_cipher_final, 0); rb_define_method(cCipher, "name", ossl_cipher_name, 0); rb_define_method(cCipher, "key=", ossl_cipher_set_key, 1); Index: ext/openssl/ossl_pkey_rsa.c =================================================================== --- ext/openssl/ossl_pkey_rsa.c.orig +++ ext/openssl/ossl_pkey_rsa.c @@ -151,23 +151,23 @@ ossl_rsa_initialize(int argc, VALUE *arg in = ossl_obj2bio(arg); rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd); if (!rsa) { - BIO_reset(in); + (void)BIO_reset(in); rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); } if (!rsa) { - BIO_reset(in); + (void)BIO_reset(in); rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL); } if (!rsa) { - BIO_reset(in); + (void)BIO_reset(in); rsa = d2i_RSAPrivateKey_bio(in, NULL); } if (!rsa) { - BIO_reset(in); + (void)BIO_reset(in); rsa = d2i_RSAPublicKey_bio(in, NULL); } if (!rsa) { - BIO_reset(in); + (void)BIO_reset(in); rsa = d2i_RSA_PUBKEY_bio(in, NULL); } BIO_free(in); @@ -288,7 +288,7 @@ ossl_rsa_to_der(VALUE self) if((len = i2d_func(pkey->pkey.rsa, NULL)) <= 0) ossl_raise(eRSAError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_func(pkey->pkey.rsa, &p) < 0) ossl_raise(eRSAError, NULL); ossl_str_adjust(str, p); @@ -315,8 +315,8 @@ ossl_rsa_public_encrypt(int argc, VALUE pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); - buf_len = RSA_public_encrypt(RSTRING_LEN(buffer), RSTRING_PTR(buffer), - RSTRING_PTR(str), pkey->pkey.rsa, + buf_len = RSA_public_encrypt(RSTRING_LEN(buffer), (unsigned char *)RSTRING_PTR(buffer), + (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -341,8 +341,8 @@ ossl_rsa_public_decrypt(int argc, VALUE pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); - buf_len = RSA_public_decrypt(RSTRING_LEN(buffer), RSTRING_PTR(buffer), - RSTRING_PTR(str), pkey->pkey.rsa, + buf_len = RSA_public_decrypt(RSTRING_LEN(buffer), (unsigned char *)RSTRING_PTR(buffer), + (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -370,8 +370,8 @@ ossl_rsa_private_encrypt(int argc, VALUE pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); - buf_len = RSA_private_encrypt(RSTRING_LEN(buffer), RSTRING_PTR(buffer), - RSTRING_PTR(str), pkey->pkey.rsa, + buf_len = RSA_private_encrypt(RSTRING_LEN(buffer), (unsigned char *)RSTRING_PTR(buffer), + (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -400,8 +400,8 @@ ossl_rsa_private_decrypt(int argc, VALUE pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); StringValue(buffer); str = rb_str_new(0, ossl_rsa_buf_size(pkey)); - buf_len = RSA_private_decrypt(RSTRING_LEN(buffer), RSTRING_PTR(buffer), - RSTRING_PTR(str), pkey->pkey.rsa, + buf_len = RSA_private_decrypt(RSTRING_LEN(buffer), (unsigned char *)RSTRING_PTR(buffer), + (unsigned char *)RSTRING_PTR(str), pkey->pkey.rsa, pad); if (buf_len < 0) ossl_raise(eRSAError, NULL); rb_str_set_len(str, buf_len); @@ -519,14 +519,14 @@ ossl_rsa_blinding_off(VALUE self) } */ -OSSL_PKEY_BN(rsa, n); -OSSL_PKEY_BN(rsa, e); -OSSL_PKEY_BN(rsa, d); -OSSL_PKEY_BN(rsa, p); -OSSL_PKEY_BN(rsa, q); -OSSL_PKEY_BN(rsa, dmp1); -OSSL_PKEY_BN(rsa, dmq1); -OSSL_PKEY_BN(rsa, iqmp); +OSSL_PKEY_BN(rsa, n) +OSSL_PKEY_BN(rsa, e) +OSSL_PKEY_BN(rsa, d) +OSSL_PKEY_BN(rsa, p) +OSSL_PKEY_BN(rsa, q) +OSSL_PKEY_BN(rsa, dmp1) +OSSL_PKEY_BN(rsa, dmq1) +OSSL_PKEY_BN(rsa, iqmp) /* * INIT Index: ext/openssl/ossl_x509req.c =================================================================== --- ext/openssl/ossl_x509req.c.orig +++ ext/openssl/ossl_x509req.c @@ -99,7 +99,7 @@ static VALUE ossl_x509req_initialize(int argc, VALUE *argv, VALUE self) { BIO *in; - X509_REQ *req; + X509_REQ *req, *x = DATA_PTR(self); VALUE arg; if (rb_scan_args(argc, argv, "01", &arg) == 0) { @@ -107,10 +107,12 @@ ossl_x509req_initialize(int argc, VALUE } arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(arg); - req = PEM_read_bio_X509_REQ(in, (X509_REQ **)&DATA_PTR(self), NULL, NULL); + req = PEM_read_bio_X509_REQ(in, &x, NULL, NULL); + DATA_PTR(self) = x; if (!req) { - BIO_reset(in); - req = d2i_X509_REQ_bio(in, (X509_REQ **)&DATA_PTR(self)); + (void)BIO_reset(in); + req = d2i_X509_REQ_bio(in, &x); + DATA_PTR(self) = x; } BIO_free(in); if (!req) ossl_raise(eX509ReqError, NULL); @@ -171,7 +173,7 @@ ossl_x509req_to_der(VALUE self) if ((len = i2d_X509_REQ(req, NULL)) <= 0) ossl_raise(eX509CertError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if (i2d_X509_REQ(req, &p) <= 0) ossl_raise(eX509ReqError, NULL); ossl_str_adjust(str, p); Index: ext/openssl/ossl_pkey_ec.c =================================================================== --- ext/openssl/ossl_pkey_ec.c.orig +++ ext/openssl/ossl_pkey_ec.c @@ -186,22 +186,22 @@ static VALUE ossl_ec_key_initialize(int ec = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL); if (!ec) { - BIO_reset(in); + (void)BIO_reset(in); ec = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL); } if (!ec) { - BIO_reset(in); + (void)BIO_reset(in); ec = d2i_ECPrivateKey_bio(in, NULL); } if (!ec) { - BIO_reset(in); + (void)BIO_reset(in); ec = d2i_EC_PUBKEY_bio(in, NULL); } BIO_free(in); if (ec == NULL) { - const char *name = STR2CSTR(arg); + const char *name = StringValueCStr(arg); int nid = OBJ_sn2nid(name); if (nid == NID_undef) @@ -463,8 +463,10 @@ static VALUE ossl_ec_key_to_string(VALUE BIO *out; int i = -1; int private = 0; +#if 0 /* unused now */ EVP_CIPHER *cipher = NULL; char *password = NULL; +#endif VALUE str; Require_EC_KEY(self, ec); @@ -484,13 +486,18 @@ static VALUE ossl_ec_key_to_string(VALUE switch(format) { case EXPORT_PEM: if (private) { +#if 0 /* unused now */ if (cipher || password) /* BUG: finish cipher/password key export */ rb_notimplement(); i = PEM_write_bio_ECPrivateKey(out, ec, cipher, NULL, 0, NULL, password); +#endif + i = PEM_write_bio_ECPrivateKey(out, ec, NULL, NULL, 0, NULL, NULL); } else { +#if 0 /* unused now */ if (cipher || password) rb_raise(rb_eArgError, "encryption is not supported when exporting this key type"); +#endif i = PEM_write_bio_EC_PUBKEY(out, ec); } @@ -498,13 +505,17 @@ static VALUE ossl_ec_key_to_string(VALUE break; case EXPORT_DER: if (private) { +#if 0 /* unused now */ if (cipher || password) rb_raise(rb_eArgError, "encryption is not supported when exporting this key type"); +#endif i = i2d_ECPrivateKey_bio(out, ec); } else { +#if 0 /* unused now */ if (cipher || password) rb_raise(rb_eArgError, "encryption is not supported when exporting this key type"); +#endif i = i2d_EC_PUBKEY_bio(out, ec); } @@ -670,7 +681,7 @@ static VALUE ossl_ec_key_dsa_sign_asn1(V /* * call-seq: - * key.dsa_verify(data, sig) => true or false + * key.dsa_verify_asn1(data, sig) => true or false * * See the OpenSSL documentation for ECDSA_verify() */ @@ -695,7 +706,7 @@ static void ossl_ec_group_free(ossl_ec_g { if (!ec_group->dont_free && ec_group->group) EC_GROUP_clear_free(ec_group->group); - free(ec_group); + ruby_xfree(ec_group); } static VALUE ossl_ec_group_alloc(VALUE klass) @@ -767,14 +778,14 @@ static VALUE ossl_ec_group_initialize(in group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); if (!group) { - BIO_reset(in); + (void)BIO_reset(in); group = d2i_ECPKParameters_bio(in, NULL); } BIO_free(in); if (!group) { - const char *name = STR2CSTR(arg1); + const char *name = StringValueCStr(arg1); int nid = OBJ_sn2nid(name); if (nid == NID_undef) @@ -1081,7 +1092,7 @@ static VALUE ossl_ec_group_get_seed(VALU if (seed_len == 0) return Qnil; - return rb_str_new(EC_GROUP_get0_seed(group), seed_len); + return rb_str_new((const char *)EC_GROUP_get0_seed(group), seed_len); } /* call-seq: @@ -1096,7 +1107,7 @@ static VALUE ossl_ec_group_set_seed(VALU Require_EC_GROUP(self, group); StringValue(seed); - if (EC_GROUP_set_seed(group, RSTRING_PTR(seed), RSTRING_LEN(seed)) != RSTRING_LEN(seed)) + if (EC_GROUP_set_seed(group, (unsigned char *)RSTRING_PTR(seed), RSTRING_LEN(seed)) != RSTRING_LEN(seed)) ossl_raise(eEC_GROUP, "EC_GROUP_set_seed"); return seed; @@ -1201,7 +1212,7 @@ static void ossl_ec_point_free(ossl_ec_p { if (!ec_point->dont_free && ec_point->point) EC_POINT_clear_free(ec_point->point); - free(ec_point); + ruby_xfree(ec_point); } static VALUE ossl_ec_point_alloc(VALUE klass) Index: ext/openssl/ossl_digest.c =================================================================== --- ext/openssl/ossl_digest.c.orig +++ ext/openssl/ossl_digest.c @@ -38,7 +38,7 @@ GetDigestPtr(VALUE obj) const EVP_MD *md; if (TYPE(obj) == T_STRING) { - const char *name = STR2CSTR(obj); + const char *name = StringValueCStr(obj); md = EVP_get_digestbyname(name); if (!md) @@ -96,7 +96,6 @@ ossl_digest_initialize(int argc, VALUE * { EVP_MD_CTX *ctx; const EVP_MD *md; - char *name; VALUE type, data; rb_scan_args(argc, argv, "11", &type, &data); @@ -182,7 +181,7 @@ ossl_digest_finish(int argc, VALUE *argv rb_str_resize(str, EVP_MD_CTX_size(ctx)); } - EVP_DigestFinal_ex(ctx, RSTRING_PTR(str), NULL); + EVP_DigestFinal_ex(ctx, (unsigned char *)RSTRING_PTR(str), NULL); return str; } @@ -234,7 +233,6 @@ ossl_digest_block_length(VALUE self) void Init_ossl_digest() { - rb_require("openssl"); rb_require("digest"); #if 0 /* let rdoc know about mOSSL */ Index: ext/openssl/ossl.c =================================================================== --- ext/openssl/ossl.c.orig +++ ext/openssl/ossl.c @@ -15,7 +15,7 @@ * String to HEXString conversion */ int -string2hex(char *buf, int buf_len, char **hexbuf, int *hexbuf_len) +string2hex(const unsigned char *buf, int buf_len, char **hexbuf, int *hexbuf_len) { static const char hex[]="0123456789abcdef"; int i, len = 2 * buf_len; @@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary) #define OSSL_IMPL_SK2ARY(name, type) \ VALUE \ -ossl_##name##_sk2ary(STACK *sk) \ +ossl_##name##_sk2ary(STACK_OF(type) *sk) \ { \ type *t; \ int i, num; \ @@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk) \ OSSL_Debug("empty sk!"); \ return Qnil; \ } \ - num = sk_num(sk); \ + num = sk_##type##_num(sk); \ if (num < 0) { \ OSSL_Debug("items in sk < -1???"); \ return rb_ary_new(); \ @@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk) \ ary = rb_ary_new2(num); \ \ for (i=0; i BUFSIZ) len = strlen(buf); - rb_exc_raise(rb_exc_new(exc, buf, len)); + return rb_exc_new(exc, buf, len); +} + +void +ossl_raise(VALUE exc, const char *fmt, ...) +{ + va_list args; + VALUE err; + va_start(args, fmt); + err = ossl_make_error(exc, fmt, args); + va_end(args); + rb_exc_raise(err); +} + +VALUE +ossl_exc_new(VALUE exc, const char *fmt, ...) +{ + va_list args; + VALUE err; + va_start(args, fmt); + err = ossl_make_error(exc, fmt, args); + va_end(args); + return err; } /* @@ -446,7 +464,7 @@ Init_openssl() /* * Verify callback Proc index for ext-data */ - if ((ossl_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, "ossl_verify_cb_idx", 0, 0, 0)) < 0) + if ((ossl_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_verify_cb_idx", 0, 0, 0)) < 0) ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index"); /* @@ -488,7 +506,7 @@ Init_openssl() * Check if all symbols are OK with 'make LDSHARED=gcc all' */ int -main(int argc, char *argv[], char *env[]) +main(int argc, char *argv[]) { return 0; } Index: ext/openssl/ossl_x509store.c =================================================================== --- ext/openssl/ossl_x509store.c.orig +++ ext/openssl/ossl_x509store.c @@ -212,7 +212,7 @@ ossl_x509store_add_file(VALUE self, VALU char *path = NULL; if(file != Qnil){ - Check_SafeStr(file); + SafeStringValue(file); path = RSTRING_PTR(file); } GetX509Store(self, store); @@ -233,7 +233,7 @@ ossl_x509store_add_path(VALUE self, VALU char *path = NULL; if(dir != Qnil){ - Check_SafeStr(dir); + SafeStringValue(dir); path = RSTRING_PTR(dir); } GetX509Store(self, store); Index: ext/openssl/ossl.h =================================================================== --- ext/openssl/ossl.h.orig +++ ext/openssl/ossl.h @@ -108,9 +108,16 @@ extern VALUE eOSSLError; } while (0) /* + * Compatibility + */ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#define STACK _STACK +#endif + +/* * String to HEXString conversion */ -int string2hex(char *, int, char **, int *); +int string2hex(const unsigned char *, int, char **, int *); /* * Data Conversion @@ -139,6 +146,7 @@ int ossl_pem_passwd_cb(char *, int, int, */ #define OSSL_ErrMsg() ERR_reason_error_string(ERR_get_error()) NORETURN(void ossl_raise(VALUE, const char *, ...)); +VALUE ossl_exc_new(VALUE, const char *, ...); /* * Verify callback @@ -167,10 +175,10 @@ VALUE ossl_to_der_if_possible(VALUE); extern VALUE dOSSL; #if defined(HAVE_VA_ARGS_MACRO) -#define OSSL_Debug(fmt, ...) do { \ +#define OSSL_Debug(...) do { \ if (dOSSL == Qtrue) { \ fprintf(stderr, "OSSL_DEBUG: "); \ - fprintf(stderr, fmt, ##__VA_ARGS__); \ + fprintf(stderr, __VA_ARGS__); \ fprintf(stderr, " [%s:%d]\n", __FILE__, __LINE__); \ } \ } while (0) Index: ext/openssl/lib/openssl/digest.rb =================================================================== --- ext/openssl/lib/openssl/digest.rb.orig +++ ext/openssl/lib/openssl/digest.rb @@ -40,7 +40,7 @@ module OpenSSL super(name, data.first) } } - singleton = (class < + All rights reserved. + += Licence + This program is licenced under the same licence as Ruby. + (See the file 'LICENCE'.) + += Version + $Id$ +=end + +module OpenSSL + module X509 + class ExtensionFactory + def create_extension(*arg) + if arg.size > 1 + create_ext(*arg) + else + send("create_ext_from_"+arg[0].class.name.downcase, arg[0]) + end + end + + def create_ext_from_array(ary) + raise ExtensionError, "unexpected array form" if ary.size > 3 + create_ext(ary[0], ary[1], ary[2]) + end + + def create_ext_from_string(str) # "oid = critical, value" + oid, value = str.split(/=/, 2) + oid.strip! + value.strip! + create_ext(oid, value) + end + + def create_ext_from_hash(hash) + create_ext(hash["oid"], hash["value"], hash["critical"]) + end + end + + class Extension + def to_s # "oid = critical, value" + str = self.oid + str << " = " + str << "critical, " if self.critical? + str << self.value.gsub(/\n/, ", ") + end + + def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} + {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?} + end + + def to_a + [ self.oid, self.value, self.critical? ] + end + end + + class Name + module RFC2253DN + Special = ',=+<>#;' + HexChar = /[0-9a-fA-F]/ + HexPair = /#{HexChar}#{HexChar}/ + HexString = /#{HexPair}+/ + Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/ + StringChar = /[^#{Special}\\"]/ + QuoteChar = /[^\\"]/ + AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/ + AttributeValue = / + (?!["#])((?:#{StringChar}|#{Pair})*)| + \#(#{HexString})| + "((?:#{QuoteChar}|#{Pair})*)" + /x + TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/ + + module_function + + def expand_pair(str) + return nil unless str + return str.gsub(Pair){ + pair = $& + case pair.size + when 2 then pair[1,1] + when 3 then Integer("0x#{pair[1,2]}").chr + else raise OpenSSL::X509::NameError, "invalid pair: #{str}" + end + } + end + + def expand_hexstring(str) + return nil unless str + der = str.gsub(HexPair){$&.to_i(16).chr } + a1 = OpenSSL::ASN1.decode(der) + return a1.value, a1.tag + end + + def expand_value(str1, str2, str3) + value = expand_pair(str1) + value, tag = expand_hexstring(str2) unless value + value = expand_pair(str3) unless value + return value, tag + end + + def scan(dn) + str = dn + ary = [] + while true + if md = TypeAndValue.match(str) + matched = md.to_s + remain = md.post_match + type = md[1] + value, tag = expand_value(md[2], md[3], md[4]) rescue nil + if value + type_and_value = [type, value] + type_and_value.push(tag) if tag + ary.unshift(type_and_value) + if remain.length > 2 && remain[0] == ?, + str = remain[1..-1] + next + elsif remain.length > 2 && remain[0] == ?+ + raise OpenSSL::X509::NameError, + "multi-valued RDN is not supported: #{dn}" + elsif remain.empty? + break + end + end + end + msg_dn = dn[0, dn.length - str.length] + " =>" + str + raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}" + end + return ary + end + end + + class < "SSLv23", - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", - :options => OpenSSL::SSL::OP_ALL, - } - - DEFAULT_CERT_STORE = OpenSSL::X509::Store.new - DEFAULT_CERT_STORE.set_default_paths - if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) - DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL - end - - def set_params(params={}) - params = DEFAULT_PARAMS.merge(params) - self.ssl_version = params.delete(:ssl_version) - params.each{|name, value| self.__send__("#{name}=", value) } - if self.verify_mode != OpenSSL::SSL::VERIFY_NONE - unless self.ca_file or self.ca_path or self.cert_store - self.cert_store = DEFAULT_CERT_STORE - end - end - return params - end - end - - module SocketForwarder - def addr - to_io.addr - end - - def peeraddr - to_io.peeraddr - end - - def setsockopt(level, optname, optval) - to_io.setsockopt(level, optname, optval) - end - - def getsockopt(level, optname) - to_io.getsockopt(level, optname) - end - - def fcntl(*args) - to_io.fcntl(*args) - end - - def closed? - to_io.closed? - end - - def do_not_reverse_lookup=(flag) - to_io.do_not_reverse_lookup = flag - end - end - - module Nonblock - def initialize(*args) - flag = File::NONBLOCK - flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL) - @io.fcntl(Fcntl::F_SETFL, flag) - super - end - end - - def verify_certificate_identity(cert, hostname) - should_verify_common_name = true - cert.extensions.each{|ext| - next if ext.oid != "subjectAltName" - ext.value.split(/,\s+/).each{|general_name| - if /\ADNS:(.*)/ =~ general_name - should_verify_common_name = false - reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - elsif /\AIP Address:(.*)/ =~ general_name - should_verify_common_name = false - return true if $1 == hostname - end - } - } - if should_verify_common_name - cert.subject.to_a.each{|oid, value| - if oid == "CN" - reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") - return true if /\A#{reg}\z/i =~ hostname - end - } - end - return false - end - module_function :verify_certificate_identity - - class SSLSocket - include Buffering - include SocketForwarder - include Nonblock - - def post_connection_check(hostname) - unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname) - raise SSLError, "hostname was not match with the server certificate" - end - return true - end - - def session - SSL::Session.new(self) - rescue SSL::Session::SessionError - nil - end - end - - class SSLServer - include SocketForwarder - attr_accessor :start_immediately - - def initialize(svr, ctx) - @svr = svr - @ctx = ctx - unless ctx.session_id_context - session_id = OpenSSL::Digest::MD5.hexdigest($0) - @ctx.session_id_context = session_id - end - @start_immediately = true - end - - def to_io - @svr - end - - def listen(backlog=5) - @svr.listen(backlog) - end - - def shutdown(how=Socket::SHUT_RDWR) - @svr.shutdown(how) - end - - def accept - sock = @svr.accept - begin - ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) - ssl.sync_close = true - ssl.accept if @start_immediately - ssl - rescue SSLError => ex - sock.close - raise ex - end - end - - def close - @svr.close - end - end - end -end +require 'openssl' Index: ext/openssl/lib/openssl/x509.rb =================================================================== --- ext/openssl/lib/openssl/x509.rb.orig +++ ext/openssl/lib/openssl/x509.rb @@ -1,154 +1 @@ -=begin -= $RCSfile$ -- Ruby-space definitions that completes C-space funcs for X509 and subclasses - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2002 Michal Rokos - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id: x509.rb 11708 2007-02-12 23:01:19Z shyouhei $ -=end - -require "openssl" - -module OpenSSL - module X509 - class ExtensionFactory - def create_extension(*arg) - if arg.size > 1 - create_ext(*arg) - else - send("create_ext_from_"+arg[0].class.name.downcase, arg[0]) - end - end - - def create_ext_from_array(ary) - raise ExtensionError, "unexpected array form" if ary.size > 3 - create_ext(ary[0], ary[1], ary[2]) - end - - def create_ext_from_string(str) # "oid = critical, value" - oid, value = str.split(/=/, 2) - oid.strip! - value.strip! - create_ext(oid, value) - end - - def create_ext_from_hash(hash) - create_ext(hash["oid"], hash["value"], hash["critical"]) - end - end - - class Extension - def to_s # "oid = critical, value" - str = self.oid - str << " = " - str << "critical, " if self.critical? - str << self.value.gsub(/\n/, ", ") - end - - def to_h # {"oid"=>sn|ln, "value"=>value, "critical"=>true|false} - {"oid"=>self.oid,"value"=>self.value,"critical"=>self.critical?} - end - - def to_a - [ self.oid, self.value, self.critical? ] - end - end - - class Name - module RFC2253DN - Special = ',=+<>#;' - HexChar = /[0-9a-fA-F]/ - HexPair = /#{HexChar}#{HexChar}/ - HexString = /#{HexPair}+/ - Pair = /\\(?:[#{Special}]|\\|"|#{HexPair})/ - StringChar = /[^#{Special}\\"]/ - QuoteChar = /[^\\"]/ - AttributeType = /[a-zA-Z][0-9a-zA-Z]*|[0-9]+(?:\.[0-9]+)*/ - AttributeValue = / - (?!["#])((?:#{StringChar}|#{Pair})*)| - \#(#{HexString})| - "((?:#{QuoteChar}|#{Pair})*)" - /x - TypeAndValue = /\A(#{AttributeType})=#{AttributeValue}/ - - module_function - - def expand_pair(str) - return nil unless str - return str.gsub(Pair){|pair| - case pair.size - when 2 then pair[1,1] - when 3 then Integer("0x#{pair[1,2]}").chr - else raise OpenSSL::X509::NameError, "invalid pair: #{str}" - end - } - end - - def expand_hexstring(str) - return nil unless str - der = str.gsub(HexPair){|hex| Integer("0x#{hex}").chr } - a1 = OpenSSL::ASN1.decode(der) - return a1.value, a1.tag - end - - def expand_value(str1, str2, str3) - value = expand_pair(str1) - value, tag = expand_hexstring(str2) unless value - value = expand_pair(str3) unless value - return value, tag - end - - def scan(dn) - str = dn - ary = [] - while true - if md = TypeAndValue.match(str) - matched = md.to_s - remain = md.post_match - type = md[1] - value, tag = expand_value(md[2], md[3], md[4]) rescue nil - if value - type_and_value = [type, value] - type_and_value.push(tag) if tag - ary.unshift(type_and_value) - if remain.length > 2 && remain[0] == ?, - str = remain[1..-1] - next - elsif remain.length > 2 && remain[0] == ?+ - raise OpenSSL::X509::NameError, - "multi-valued RDN is not supported: #{dn}" - elsif remain.empty? - break - end - end - end - msg_dn = dn[0, dn.length - str.length] + " =>" + str - raise OpenSSL::X509::NameError, "malformed RDN: #{msg_dn}" - end - return ary - end - end - - class < "SSLv23", + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", + :options => OpenSSL::SSL::OP_ALL, + } + + DEFAULT_CERT_STORE = OpenSSL::X509::Store.new + DEFAULT_CERT_STORE.set_default_paths + if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) + DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL + end + + def set_params(params={}) + params = DEFAULT_PARAMS.merge(params) + # ssl_version need to be set at first. + self.ssl_version = params.delete(:ssl_version) + params.each{|name, value| self.__send__("#{name}=", value) } + if self.verify_mode != OpenSSL::SSL::VERIFY_NONE + unless self.ca_file or self.ca_path or self.cert_store + self.cert_store = DEFAULT_CERT_STORE + end + end + return params + end + end + + module SocketForwarder + def addr + to_io.addr + end + + def peeraddr + to_io.peeraddr + end + + def setsockopt(level, optname, optval) + to_io.setsockopt(level, optname, optval) + end + + def getsockopt(level, optname) + to_io.getsockopt(level, optname) + end + + def fcntl(*args) + to_io.fcntl(*args) + end + + def closed? + to_io.closed? + end + + def do_not_reverse_lookup=(flag) + to_io.do_not_reverse_lookup = flag + end + end + + module Nonblock + def initialize(*args) + flag = File::NONBLOCK + flag |= @io.fcntl(Fcntl::F_GETFL) if defined?(Fcntl::F_GETFL) + @io.fcntl(Fcntl::F_SETFL, flag) + super + end + end + + def verify_certificate_identity(cert, hostname) + should_verify_common_name = true + cert.extensions.each{|ext| + next if ext.oid != "subjectAltName" + ext.value.split(/,\s+/).each{|general_name| + if /\ADNS:(.*)/ =~ general_name + should_verify_common_name = false + reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + elsif /\AIP Address:(.*)/ =~ general_name + should_verify_common_name = false + return true if $1 == hostname + end + } + } + if should_verify_common_name + cert.subject.to_a.each{|oid, value| + if oid == "CN" + reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + end + } + end + return false + end + module_function :verify_certificate_identity + + class SSLSocket + include Buffering + include SocketForwarder + include Nonblock + + def post_connection_check(hostname) + unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname) + raise SSLError, "hostname was not match with the server certificate" + end + return true + end + + def session + SSL::Session.new(self) + rescue SSL::Session::SessionError + nil + end + end + + class SSLServer + include SocketForwarder + attr_accessor :start_immediately + + def initialize(svr, ctx) + @svr = svr + @ctx = ctx + unless ctx.session_id_context + session_id = OpenSSL::Digest::MD5.hexdigest($0) + @ctx.session_id_context = session_id + end + @start_immediately = true + end + + def to_io + @svr + end + + def listen(backlog=5) + @svr.listen(backlog) + end + + def shutdown(how=Socket::SHUT_RDWR) + @svr.shutdown(how) + end + + def accept + sock = @svr.accept + begin + ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx) + ssl.sync_close = true + ssl.accept if @start_immediately + ssl + rescue SSLError => ex + sock.close + raise ex + end + end + + def close + @svr.close + end + end + end +end Index: ext/openssl/lib/openssl.rb =================================================================== --- ext/openssl/lib/openssl.rb.orig +++ ext/openssl/lib/openssl.rb @@ -20,6 +20,6 @@ require 'openssl/bn' require 'openssl/cipher' require 'openssl/digest' require 'openssl/pkcs7' -require 'openssl/ssl' -require 'openssl/x509' +require 'openssl/ssl-internal' +require 'openssl/x509-internal' Index: ext/openssl/lib/net/telnets.rb =================================================================== --- ext/openssl/lib/net/telnets.rb.orig +++ ext/openssl/lib/net/telnets.rb @@ -145,7 +145,7 @@ module Net end end end # preprocess - + alias waitfor_org waitfor def waitfor(options) @@ -181,7 +181,7 @@ module Net begin c = @rest + @sock.sysread(1024 * 1024) @dumplog.log_dump('<', c) if @options.has_key?("Dump_log") - if @options["Telnetmode"] + if @options["Telnetmode"] pos = 0 catch(:next){ while true @@ -213,11 +213,11 @@ module Net end @log.print(buf) if @options.has_key?("Output_log") line.concat(buf) - yield buf if block_given? + yield buf if block_given? rescue EOFError # End of file reached if line == '' line = nil - yield nil if block_given? + yield nil if block_given? end break end Index: ext/openssl/ossl_bn.c =================================================================== --- ext/openssl/ossl_bn.c.orig +++ ext/openssl/ossl_bn.c @@ -131,12 +131,12 @@ ossl_bn_initialize(int argc, VALUE *argv switch (base) { case 0: - if (!BN_mpi2bn(RSTRING_PTR(str), RSTRING_LEN(str), bn)) { + if (!BN_mpi2bn((unsigned char *)RSTRING_PTR(str), RSTRING_LEN(str), bn)) { ossl_raise(eBNError, NULL); } break; case 2: - if (!BN_bin2bn(RSTRING_PTR(str), RSTRING_LEN(str), bn)) { + if (!BN_bin2bn((unsigned char *)RSTRING_PTR(str), RSTRING_LEN(str), bn)) { ossl_raise(eBNError, NULL); } break; @@ -151,7 +151,7 @@ ossl_bn_initialize(int argc, VALUE *argv } break; default: - ossl_raise(rb_eArgError, "illegal radix %d", base); + ossl_raise(rb_eArgError, "invalid radix %d", base); } return self; } @@ -185,13 +185,13 @@ ossl_bn_to_s(int argc, VALUE *argv, VALU case 0: len = BN_bn2mpi(bn, NULL); str = rb_str_new(0, len); - if (BN_bn2mpi(bn, RSTRING_PTR(str)) != len) + if (BN_bn2mpi(bn, (unsigned char *)RSTRING_PTR(str)) != len) ossl_raise(eBNError, NULL); break; case 2: len = BN_num_bytes(bn); str = rb_str_new(0, len); - if (BN_bn2bin(bn, RSTRING_PTR(str)) != len) + if (BN_bn2bin(bn, (unsigned char *)RSTRING_PTR(str)) != len) ossl_raise(eBNError, NULL); break; case 10: @@ -203,7 +203,7 @@ ossl_bn_to_s(int argc, VALUE *argv, VALU str = ossl_buf2str(buf, strlen(buf)); break; default: - ossl_raise(rb_eArgError, "illegal radix %d", base); + ossl_raise(rb_eArgError, "invalid radix %d", base); } return str; @@ -272,9 +272,9 @@ ossl_bn_coerce(VALUE self, VALUE other) } \ return Qfalse; \ } -BIGNUM_BOOL1(is_zero); -BIGNUM_BOOL1(is_one); -BIGNUM_BOOL1(is_odd); +BIGNUM_BOOL1(is_zero) +BIGNUM_BOOL1(is_one) +BIGNUM_BOOL1(is_odd) #define BIGNUM_1c(func) \ /* \ @@ -298,7 +298,7 @@ BIGNUM_BOOL1(is_odd); WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_1c(sqr); +BIGNUM_1c(sqr) #define BIGNUM_2(func) \ /* \ @@ -322,8 +322,8 @@ BIGNUM_1c(sqr); WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_2(add); -BIGNUM_2(sub); +BIGNUM_2(add) +BIGNUM_2(sub) #define BIGNUM_2c(func) \ /* \ @@ -347,12 +347,12 @@ BIGNUM_2(sub); WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_2c(mul); -BIGNUM_2c(mod); -BIGNUM_2c(exp); -BIGNUM_2c(gcd); -BIGNUM_2c(mod_sqr); -BIGNUM_2c(mod_inverse); +BIGNUM_2c(mul) +BIGNUM_2c(mod) +BIGNUM_2c(exp) +BIGNUM_2c(gcd) +BIGNUM_2c(mod_sqr) +BIGNUM_2c(mod_inverse) /* * call-seq: @@ -407,10 +407,10 @@ ossl_bn_div(VALUE self, VALUE other) WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_3c(mod_add); -BIGNUM_3c(mod_sub); -BIGNUM_3c(mod_mul); -BIGNUM_3c(mod_exp); +BIGNUM_3c(mod_add) +BIGNUM_3c(mod_sub) +BIGNUM_3c(mod_mul) +BIGNUM_3c(mod_exp) #define BIGNUM_BIT(func) \ /* \ @@ -428,9 +428,9 @@ BIGNUM_3c(mod_exp); } \ return self; \ } -BIGNUM_BIT(set_bit); -BIGNUM_BIT(clear_bit); -BIGNUM_BIT(mask_bits); +BIGNUM_BIT(set_bit) +BIGNUM_BIT(clear_bit) +BIGNUM_BIT(mask_bits) /* * call-seq: @@ -474,8 +474,8 @@ ossl_bn_is_bit_set(VALUE self, VALUE bit WrapBN(CLASS_OF(self), obj, result); \ return obj; \ } -BIGNUM_SHIFT(lshift); -BIGNUM_SHIFT(rshift); +BIGNUM_SHIFT(lshift) +BIGNUM_SHIFT(rshift) #define BIGNUM_SELF_SHIFT(func) \ /* \ @@ -494,8 +494,8 @@ BIGNUM_SHIFT(rshift); ossl_raise(eBNError, NULL); \ return self; \ } -BIGNUM_SELF_SHIFT(lshift); -BIGNUM_SELF_SHIFT(rshift); +BIGNUM_SELF_SHIFT(lshift) +BIGNUM_SELF_SHIFT(rshift) #define BIGNUM_RAND(func) \ /* \ @@ -528,8 +528,8 @@ BIGNUM_SELF_SHIFT(rshift); WrapBN(klass, obj, result); \ return obj; \ } -BIGNUM_RAND(rand); -BIGNUM_RAND(pseudo_rand); +BIGNUM_RAND(rand) +BIGNUM_RAND(pseudo_rand) #define BIGNUM_RAND_RANGE(func) \ /* \ @@ -552,8 +552,8 @@ BIGNUM_RAND(pseudo_rand); WrapBN(klass, obj, result); \ return obj; \ } -BIGNUM_RAND_RANGE(rand); -BIGNUM_RAND_RANGE(pseudo_rand); +BIGNUM_RAND_RANGE(rand) +BIGNUM_RAND_RANGE(pseudo_rand) /* * call-seq: @@ -608,8 +608,8 @@ ossl_bn_s_generate_prime(int argc, VALUE GetBN(self, bn); \ return INT2FIX(BN_##func(bn)); \ } -BIGNUM_NUM(num_bytes); -BIGNUM_NUM(num_bits); +BIGNUM_NUM(num_bytes) +BIGNUM_NUM(num_bits) static VALUE ossl_bn_copy(VALUE self, VALUE other) @@ -642,8 +642,8 @@ ossl_bn_copy(VALUE self, VALUE other) GetBN(self, bn1); \ return INT2FIX(BN_##func(bn1, bn2)); \ } -BIGNUM_CMP(cmp); -BIGNUM_CMP(ucmp); +BIGNUM_CMP(cmp) +BIGNUM_CMP(ucmp) static VALUE ossl_bn_eql(VALUE self, VALUE other) Index: ext/openssl/ossl_asn1.c =================================================================== --- ext/openssl/ossl_asn1.c.orig +++ ext/openssl/ossl_asn1.c @@ -33,7 +33,7 @@ asn1time_to_time(ASN1_TIME *time) switch (time->type) { case V_ASN1_UTCTIME: - if (sscanf(time->data, "%2d%2d%2d%2d%2d%2dZ", &tm.tm_year, &tm.tm_mon, + if (sscanf((const char *)time->data, "%2d%2d%2d%2d%2d%2dZ", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) { ossl_raise(rb_eTypeError, "bad UTCTIME format"); } @@ -44,7 +44,7 @@ asn1time_to_time(ASN1_TIME *time) } break; case V_ASN1_GENERALIZEDTIME: - if (sscanf(time->data, "%4d%2d%2d%2d%2d%2dZ", &tm.tm_year, &tm.tm_mon, + if (sscanf((const char *)time->data, "%4d%2d%2d%2d%2d%2dZ", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) { ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format" ); } @@ -80,7 +80,7 @@ time_to_time_t(VALUE time) VALUE asn1str_to_str(ASN1_STRING *str) { - return rb_str_new(str->data, str->length); + return rb_str_new((const char *)str->data, str->length); } /* @@ -214,7 +214,7 @@ obj_to_asn1bstr(VALUE obj, long unused_b StringValue(obj); if(!(bstr = ASN1_BIT_STRING_new())) ossl_raise(eASN1Error, NULL); - ASN1_BIT_STRING_set(bstr, RSTRING_PTR(obj), RSTRING_LEN(obj)); + ASN1_BIT_STRING_set(bstr, (unsigned char *)RSTRING_PTR(obj), RSTRING_LEN(obj)); bstr->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ bstr->flags |= ASN1_STRING_FLAG_BITS_LEFT|(unused_bits&0x07); @@ -306,21 +306,21 @@ obj_to_asn1derstr(VALUE obj) static VALUE decode_bool(unsigned char* der, int length) { - int bool; - unsigned char *p; + int val; + const unsigned char *p; p = der; - if((bool = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0) + if((val = d2i_ASN1_BOOLEAN(NULL, &p, length)) < 0) ossl_raise(eASN1Error, NULL); - return bool ? Qtrue : Qfalse; + return val ? Qtrue : Qfalse; } static VALUE decode_int(unsigned char* der, int length) { ASN1_INTEGER *ai; - unsigned char *p; + const unsigned char *p; VALUE ret; int status = 0; @@ -339,7 +339,7 @@ static VALUE decode_bstr(unsigned char* der, int length, long *unused_bits) { ASN1_BIT_STRING *bstr; - unsigned char *p, *buf; + const unsigned char *p; long len; VALUE ret; @@ -347,16 +347,11 @@ decode_bstr(unsigned char* der, int leng if(!(bstr = d2i_ASN1_BIT_STRING(NULL, &p, length))) ossl_raise(eASN1Error, NULL); len = bstr->length; - if(!(buf = OPENSSL_malloc(len))){ - ASN1_BIT_STRING_free(bstr); - ossl_raise(eASN1Error, NULL); - } *unused_bits = 0; if(bstr->flags & ASN1_STRING_FLAG_BITS_LEFT) *unused_bits = bstr->flags & 0x07; - memcpy(buf, bstr->data, len); + ret = rb_str_new((const char *)bstr->data, len); ASN1_BIT_STRING_free(bstr); - ret = ossl_buf2str(buf, len); return ret; } @@ -365,7 +360,7 @@ static VALUE decode_enum(unsigned char* der, int length) { ASN1_ENUMERATED *ai; - unsigned char *p; + const unsigned char *p; VALUE ret; int status = 0; @@ -384,7 +379,7 @@ static VALUE decode_null(unsigned char* der, int length) { ASN1_NULL *null; - unsigned char *p; + const unsigned char *p; p = der; if(!(null = d2i_ASN1_NULL(NULL, &p, length))) @@ -398,7 +393,7 @@ static VALUE decode_obj(unsigned char* der, int length) { ASN1_OBJECT *obj; - unsigned char *p; + const unsigned char *p; VALUE ret; int nid; BIO *bio; @@ -427,7 +422,7 @@ static VALUE decode_time(unsigned char* der, int length) { ASN1_TIME *time; - unsigned char *p; + const unsigned char *p; VALUE ret; int status = 0; @@ -500,7 +495,7 @@ ossl_asn1_get_asn1type(VALUE obj) value = ossl_asn1_get_value(obj); switch(tag){ case V_ASN1_BOOLEAN: - ptr = (void*)obj_to_asn1bool(value); + ptr = (void*)(VALUE)obj_to_asn1bool(value); free_func = NULL; break; case V_ASN1_INTEGER: /* FALLTHROUGH */ @@ -702,7 +697,7 @@ ossl_asn1data_to_der(VALUE self) if((length = ASN1_object_size(1, RSTRING_LEN(value), tag)) <= 0) ossl_raise(eASN1Error, NULL); der = rb_str_new(0, length); - p = RSTRING_PTR(der); + p = (unsigned char *)RSTRING_PTR(der); ASN1_put_object(&p, is_cons, RSTRING_LEN(value), tag, tag_class); memcpy(p, RSTRING_PTR(value), RSTRING_LEN(value)); p += RSTRING_LEN(value); @@ -716,6 +711,7 @@ ossl_asn1_decode0(unsigned char **pp, lo int once, int yield) { unsigned char *start, *p; + const unsigned char *p0; long len, off = *offset; int hlen, tag, tc, j; VALUE ary, asn1data, value, tag_class; @@ -724,7 +720,9 @@ ossl_asn1_decode0(unsigned char **pp, lo p = *pp; while(length > 0){ start = p; - j = ASN1_get_object(&p, &len, &tag, &tc, length); + p0 = p; + j = ASN1_get_object(&p0, &len, &tag, &tc, length); + p = (unsigned char *)p0; if(j & 0x80) ossl_raise(eASN1Error, NULL); hlen = p - start; if(yield){ @@ -759,7 +757,7 @@ ossl_asn1_decode0(unsigned char **pp, lo else value = ossl_asn1_decode0(&p, len, &off, depth+1, 0, yield); } else{ - value = rb_str_new(p, len); + value = rb_str_new((const char *)p, len); p += len; off += len; } @@ -824,7 +822,7 @@ ossl_asn1_traverse(VALUE self, VALUE obj obj = ossl_to_der_if_possible(obj); tmp = rb_str_new4(StringValue(obj)); - p = RSTRING_PTR(tmp); + p = (unsigned char *)RSTRING_PTR(tmp); ossl_asn1_decode0(&p, RSTRING_LEN(tmp), &offset, 0, 0, 1); return Qnil; @@ -840,7 +838,7 @@ ossl_asn1_decode(VALUE self, VALUE obj) obj = ossl_to_der_if_possible(obj); tmp = rb_str_new4(StringValue(obj)); - p = RSTRING_PTR(tmp); + p = (unsigned char *)RSTRING_PTR(tmp); ary = ossl_asn1_decode0(&p, RSTRING_LEN(tmp), &offset, 0, 1, 0); ret = rb_ary_entry(ary, 0); @@ -857,7 +855,7 @@ ossl_asn1_decode_all(VALUE self, VALUE o obj = ossl_to_der_if_possible(obj); tmp = rb_str_new4(StringValue(obj)); - p = RSTRING_PTR(tmp); + p = (unsigned char *)RSTRING_PTR(tmp); ret = ossl_asn1_decode0(&p, RSTRING_LEN(tmp), &offset, 0, 0, 0); return ret; @@ -925,7 +923,7 @@ ossl_asn1prim_to_der(VALUE self) { ASN1_TYPE *asn1; int tn, tc, explicit; - long length, reallen; + long len, reallen; unsigned char *buf, *p; VALUE str; @@ -934,27 +932,25 @@ ossl_asn1prim_to_der(VALUE self) explicit = ossl_asn1_is_explicit(self); asn1 = ossl_asn1_get_asn1type(self); - length = ASN1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn); - if(!(buf = OPENSSL_malloc(length))){ + len = ASN1_object_size(1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn); + if(!(buf = OPENSSL_malloc(len))){ ossl_ASN1_TYPE_free(asn1); ossl_raise(eASN1Error, "cannot alloc buffer"); } p = buf; - if(tc == V_ASN1_UNIVERSAL) ossl_i2d_ASN1_TYPE(asn1, &p); - else{ - if(explicit){ - ASN1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc); - ossl_i2d_ASN1_TYPE(asn1, &p); - } - else{ - ossl_i2d_ASN1_TYPE(asn1, &p); - *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED); - } + if (tc == V_ASN1_UNIVERSAL) { + ossl_i2d_ASN1_TYPE(asn1, &p); + } else if (explicit) { + ASN1_put_object(&p, 1, ossl_i2d_ASN1_TYPE(asn1, NULL), tn, tc); + ossl_i2d_ASN1_TYPE(asn1, &p); + } else { + ossl_i2d_ASN1_TYPE(asn1, &p); + *buf = tc | tn | (*buf & V_ASN1_CONSTRUCTED); } ossl_ASN1_TYPE_free(asn1); reallen = p - buf; - assert(reallen <= length); - str = ossl_buf2str(buf, reallen); /* buf will be free in ossl_buf2str */ + assert(reallen <= len); + str = ossl_buf2str((char *)buf, reallen); /* buf will be free in ossl_buf2str */ return str; } @@ -976,7 +972,7 @@ ossl_asn1cons_to_der(VALUE self) seq_len = ASN1_object_size(1, RSTRING_LEN(value), tag); length = ASN1_object_size(1, seq_len, tn); str = rb_str_new(0, length); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(tc == V_ASN1_UNIVERSAL) ASN1_put_object(&p, 1, RSTRING_LEN(value), tn, tc); else{ Index: ext/openssl/ossl_pkcs12.c =================================================================== --- ext/openssl/ossl_pkcs12.c.orig +++ ext/openssl/ossl_pkcs12.c @@ -137,15 +137,17 @@ ossl_pkcs12_initialize(int argc, VALUE * X509 *x509; STACK_OF(X509) *x509s = NULL; int st = 0; + PKCS12 *pkcs = DATA_PTR(self); if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) return self; passphrase = NIL_P(pass) ? NULL : StringValuePtr(pass); in = ossl_obj2bio(arg); - d2i_PKCS12_bio(in, (PKCS12 **)&DATA_PTR(self)); + d2i_PKCS12_bio(in, &pkcs); + DATA_PTR(self) = pkcs; BIO_free(in); pkey = cert = ca = Qnil; - if(!PKCS12_parse((PKCS12*)DATA_PTR(self), passphrase, &key, &x509, &x509s)) + if(!PKCS12_parse(pkcs, passphrase, &key, &x509, &x509s)) ossl_raise(ePKCS12Error, "PKCS12_parse"); pkey = rb_protect((VALUE(*)_((VALUE)))ossl_pkey_new, (VALUE)key, &st); /* NO DUP */ @@ -181,7 +183,7 @@ ossl_pkcs12_to_der(VALUE self) if((len = i2d_PKCS12(p12, NULL)) <= 0) ossl_raise(ePKCS12Error, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_PKCS12(p12, &p) <= 0) ossl_raise(ePKCS12Error, NULL); ossl_str_adjust(str, p); Index: ext/openssl/ossl_ssl_session.c =================================================================== --- ext/openssl/ossl_ssl_session.c.orig +++ ext/openssl/ossl_ssl_session.c @@ -36,8 +36,6 @@ static VALUE ossl_ssl_session_alloc(VALU static VALUE ossl_ssl_session_initialize(VALUE self, VALUE arg1) { SSL_SESSION *ctx = NULL; - VALUE obj; - unsigned char *p; if (RDATA(self)->data) ossl_raise(eSSLSession, "SSL Session already initialized"); @@ -55,7 +53,7 @@ static VALUE ossl_ssl_session_initialize ctx = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); if (!ctx) { - BIO_reset(in); + (void)BIO_reset(in); ctx = d2i_SSL_SESSION_bio(in, NULL); } @@ -86,9 +84,18 @@ static VALUE ossl_ssl_session_eq(VALUE v GetSSLSession(val1, ctx1); SafeGetSSLSession(val2, ctx2); - switch (SSL_SESSION_cmp(ctx1, ctx2)) { - case 0: return Qtrue; - default: return Qfalse; + /* + * OpenSSL 1.0.0betas do not have non-static SSL_SESSION_cmp. + * ssl_session_cmp (was SSL_SESSION_cmp in 0.9.8) is for lhash + * comparing so we should not depend on it. Just compare sessions + * by version and id. + */ + if ((ctx1->ssl_version == ctx2->ssl_version) && + (ctx1->session_id_length == ctx2->session_id_length) && + (memcmp(ctx1->session_id, ctx2->session_id, ctx1->session_id_length) == 0)) { + return Qtrue; + } else { + return Qfalse; } } @@ -100,7 +107,7 @@ static VALUE ossl_ssl_session_eq(VALUE v static VALUE ossl_ssl_session_get_time(VALUE self) { SSL_SESSION *ctx; - time_t t; + long t; GetSSLSession(self, ctx); @@ -122,20 +129,20 @@ static VALUE ossl_ssl_session_get_time(V static VALUE ossl_ssl_session_get_timeout(VALUE self) { SSL_SESSION *ctx; - time_t t; + long t; GetSSLSession(self, ctx); t = SSL_SESSION_get_timeout(ctx); - return ULONG2NUM(t); + return LONG2NUM(t); } #define SSLSESSION_SET_TIME(func) \ static VALUE ossl_ssl_session_set_##func(VALUE self, VALUE time_v) \ { \ SSL_SESSION *ctx; \ - time_t t; \ + long t; \ \ GetSSLSession(self, ctx); \ \ @@ -147,7 +154,7 @@ static VALUE ossl_ssl_session_get_timeou rb_raise(rb_eArgError, "unknown type"); \ } \ \ - t = NUM2ULONG(time_v); \ + t = NUM2LONG(time_v); \ \ SSL_SESSION_set_##func(ctx, t); \ \ Index: ext/openssl/ossl_ns_spki.c =================================================================== --- ext/openssl/ossl_ns_spki.c.orig +++ ext/openssl/ossl_ns_spki.c @@ -56,14 +56,14 @@ ossl_spki_initialize(int argc, VALUE *ar { NETSCAPE_SPKI *spki; VALUE buffer; - unsigned char *p; + const unsigned char *p; if (rb_scan_args(argc, argv, "01", &buffer) == 0) { return self; } StringValue(buffer); if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), -1))) { - p = RSTRING_PTR(buffer); + p = (unsigned char *)RSTRING_PTR(buffer); if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING_LEN(buffer)))) { ossl_raise(eSPKIError, NULL); } @@ -87,7 +87,7 @@ ossl_spki_to_der(VALUE self) if ((len = i2d_NETSCAPE_SPKI(spki, NULL)) <= 0) ossl_raise(eX509CertError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if (i2d_NETSCAPE_SPKI(spki, &p) <= 0) ossl_raise(eX509CertError, NULL); ossl_str_adjust(str, p); @@ -172,7 +172,7 @@ ossl_spki_get_challenge(VALUE self) return rb_str_new(0, 0); } - return rb_str_new(spki->spkac->challenge->data, + return rb_str_new((const char *)spki->spkac->challenge->data, spki->spkac->challenge->length); } Index: ext/openssl/ossl_x509crl.c =================================================================== --- ext/openssl/ossl_x509crl.c.orig +++ ext/openssl/ossl_x509crl.c @@ -91,7 +91,7 @@ static VALUE ossl_x509crl_initialize(int argc, VALUE *argv, VALUE self) { BIO *in; - X509_CRL *crl; + X509_CRL *crl, *x = DATA_PTR(self); VALUE arg; if (rb_scan_args(argc, argv, "01", &arg) == 0) { @@ -99,10 +99,12 @@ ossl_x509crl_initialize(int argc, VALUE } arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(arg); - crl = PEM_read_bio_X509_CRL(in, (X509_CRL **)&DATA_PTR(self), NULL, NULL); + crl = PEM_read_bio_X509_CRL(in, &x, NULL, NULL); + DATA_PTR(self) = x; if (!crl) { - BIO_reset(in); - crl = d2i_X509_CRL_bio(in, (X509_CRL **)&DATA_PTR(self)); + (void)BIO_reset(in); + crl = d2i_X509_CRL_bio(in, &x); + DATA_PTR(self) = x; } BIO_free(in); if (!crl) ossl_raise(eX509CRLError, NULL); @@ -262,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self) VALUE ary, revoked; GetX509CRL(self, crl); - num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl)); + num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); if (num < 0) { OSSL_Debug("num < 0???"); return rb_ary_new(); @@ -270,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self) ary = rb_ary_new2(num); for(i=0; ivalue->data, entry->value->length), + rb_str_new((const char *)entry->value->data, entry->value->length), INT2FIX(entry->value->type)); rb_ary_push(ret, ary); } @@ -303,6 +306,27 @@ ossl_x509name_hash(VALUE self) return ULONG2NUM(hash); } +#ifdef HAVE_X509_NAME_HASH_OLD +/* + * call-seq: + * name.hash_old => integer + * + * hash_old returns MD5 based hash used in OpenSSL 0.9.X. + */ +static VALUE +ossl_x509name_hash_old(VALUE self) +{ + X509_NAME *name; + unsigned long hash; + + GetX509Name(self, name); + + hash = X509_NAME_hash_old(name); + + return ULONG2NUM(hash); +} +#endif + /* * call-seq: * name.to_der => string @@ -319,7 +343,7 @@ ossl_x509name_to_der(VALUE self) if((len = i2d_X509_NAME(name, NULL)) <= 0) ossl_raise(eX509NameError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_X509_NAME(name, &p) <= 0) ossl_raise(eX509NameError, NULL); ossl_str_adjust(str, p); @@ -348,6 +372,9 @@ Init_ossl_x509name() rb_define_alias(cX509Name, "<=>", "cmp"); rb_define_method(cX509Name, "eql?", ossl_x509name_eql, 1); rb_define_method(cX509Name, "hash", ossl_x509name_hash, 0); +#ifdef HAVE_X509_NAME_HASH_OLD + rb_define_method(cX509Name, "hash_old", ossl_x509name_hash_old, 0); +#endif rb_define_method(cX509Name, "to_der", ossl_x509name_to_der, 0); utf8str = INT2NUM(V_ASN1_UTF8STRING); Index: ext/openssl/ossl_pkey.c =================================================================== --- ext/openssl/ossl_pkey.c.orig +++ ext/openssl/ossl_pkey.c @@ -164,7 +164,7 @@ ossl_pkey_sign(VALUE self, VALUE digest, { EVP_PKEY *pkey; EVP_MD_CTX ctx; - int buf_len; + unsigned int buf_len; VALUE str; if (rb_funcall(self, id_private_q, 0, NULL) != Qtrue) { @@ -175,9 +175,9 @@ ossl_pkey_sign(VALUE self, VALUE digest, StringValue(data); EVP_SignUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data)); str = rb_str_new(0, EVP_PKEY_size(pkey)+16); - if (!EVP_SignFinal(&ctx, RSTRING_PTR(str), &buf_len, pkey)) + if (!EVP_SignFinal(&ctx, (unsigned char *)RSTRING_PTR(str), &buf_len, pkey)) ossl_raise(ePKeyError, NULL); - assert(buf_len <= RSTRING_LEN(str)); + assert((long)buf_len <= RSTRING_LEN(str)); rb_str_set_len(str, buf_len); return str; @@ -194,7 +194,7 @@ ossl_pkey_verify(VALUE self, VALUE diges StringValue(sig); StringValue(data); EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data)); - switch (EVP_VerifyFinal(&ctx, RSTRING_PTR(sig), RSTRING_LEN(sig), pkey)) { + switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LEN(sig), pkey)) { case 0: return Qfalse; case 1: Index: ext/openssl/openssl_missing.h =================================================================== --- ext/openssl/openssl_missing.h.orig +++ ext/openssl/openssl_missing.h @@ -18,6 +18,9 @@ extern "C" { #ifndef TYPEDEF_D2I_OF typedef char *d2i_of_void(); #endif +#ifndef TYPEDEF_I2D_OF +typedef int i2d_of_void(); +#endif /* * These functions are not included in headers of OPENSSL <= 0.9.6b @@ -25,39 +28,39 @@ typedef char *d2i_of_void(); #if !defined(PEM_read_bio_DSAPublicKey) # define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,(char **)x,cb,u) + (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,bp,(void **)x,cb,u) #endif #if !defined(PEM_write_bio_DSAPublicKey) # define PEM_write_bio_DSAPublicKey(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAPublicKey,\ + PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPublicKey,\ PEM_STRING_DSA_PUBLIC,\ bp,(char *)x, NULL, NULL, 0, NULL, NULL) #endif #if !defined(DSAPrivateKey_dup) -# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPrivateKey, \ - (char *(*)())d2i_DSAPrivateKey,(char *)dsa) +# define DSAPrivateKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPrivateKey, \ + (d2i_of_void *)d2i_DSAPrivateKey,(char *)dsa) #endif #if !defined(DSAPublicKey_dup) -# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((int (*)())i2d_DSAPublicKey, \ - (char *(*)())d2i_DSAPublicKey,(char *)dsa) +# define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup((i2d_of_void *)i2d_DSAPublicKey, \ + (d2i_of_void *)d2i_DSAPublicKey,(char *)dsa) #endif #if !defined(X509_REVOKED_dup) -# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((int (*)())i2d_X509_REVOKED, \ - (char *(*)())d2i_X509_REVOKED, (char *)rev) +# define X509_REVOKED_dup(rev) (X509_REVOKED *)ASN1_dup((i2d_of_void *)i2d_X509_REVOKED, \ + (d2i_of_void *)d2i_X509_REVOKED, (char *)rev) #endif #if !defined(PKCS7_SIGNER_INFO_dup) -# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((int (*)())i2d_PKCS7_SIGNER_INFO, \ - (char *(*)())d2i_PKCS7_SIGNER_INFO, (char *)si) +# define PKCS7_SIGNER_INFO_dup(si) (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO, \ + (d2i_of_void *)d2i_PKCS7_SIGNER_INFO, (char *)si) #endif #if !defined(PKCS7_RECIP_INFO_dup) -# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((int (*)())i2d_PKCS7_RECIP_INFO, \ - (char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri) +# define PKCS7_RECIP_INFO_dup(ri) (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO, \ + (d2i_of_void *)d2i_PKCS7_RECIP_INFO, (char *)ri) #endif #if !defined(HAVE_EVP_MD_CTX_INIT) Index: ext/openssl/ossl_pkey_dh.c =================================================================== --- ext/openssl/ossl_pkey_dh.c.orig +++ ext/openssl/ossl_pkey_dh.c @@ -169,7 +169,7 @@ ossl_dh_initialize(int argc, VALUE *argv in = ossl_obj2bio(arg); dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); if (!dh){ - BIO_reset(in); + (void)BIO_reset(in); dh = d2i_DHparams_bio(in, NULL); } BIO_free(in); @@ -254,7 +254,7 @@ ossl_dh_to_der(VALUE self) if((len = i2d_DHparams(pkey->pkey.dh, NULL)) <= 0) ossl_raise(eDHError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_DHparams(pkey->pkey.dh, &p) < 0) ossl_raise(eDHError, NULL); ossl_str_adjust(str, p); @@ -407,7 +407,7 @@ ossl_dh_compute_key(VALUE self, VALUE pu pub_key = GetBNPtr(pub); len = DH_size(dh); str = rb_str_new(0, len); - if ((len = DH_compute_key(RSTRING_PTR(str), pub_key, dh)) < 0) { + if ((len = DH_compute_key((unsigned char *)RSTRING_PTR(str), pub_key, dh)) < 0) { ossl_raise(eDHError, NULL); } rb_str_set_len(str, len); @@ -415,10 +415,10 @@ ossl_dh_compute_key(VALUE self, VALUE pu return str; } -OSSL_PKEY_BN(dh, p); -OSSL_PKEY_BN(dh, g); -OSSL_PKEY_BN(dh, pub_key); -OSSL_PKEY_BN(dh, priv_key); +OSSL_PKEY_BN(dh, p) +OSSL_PKEY_BN(dh, g) +OSSL_PKEY_BN(dh, pub_key) +OSSL_PKEY_BN(dh, priv_key) /* * -----BEGIN DH PARAMETERS----- Index: ext/openssl/ossl_x509cert.c =================================================================== --- ext/openssl/ossl_x509cert.c.orig +++ ext/openssl/ossl_x509cert.c @@ -134,7 +134,7 @@ static VALUE ossl_x509_initialize(int argc, VALUE *argv, VALUE self) { BIO *in; - X509 *x509; + X509 *x509, *x = DATA_PTR(self); VALUE arg; if (rb_scan_args(argc, argv, "01", &arg) == 0) { @@ -143,10 +143,12 @@ ossl_x509_initialize(int argc, VALUE *ar } arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(arg); - x509 = PEM_read_bio_X509(in, (X509 **)&DATA_PTR(self), NULL, NULL); + x509 = PEM_read_bio_X509(in, &x, NULL, NULL); + DATA_PTR(self) = x; if (!x509) { - BIO_reset(in); - x509 = d2i_X509_bio(in, (X509 **)&DATA_PTR(self)); + (void)BIO_reset(in); + x509 = d2i_X509_bio(in, &x); + DATA_PTR(self) = x; } BIO_free(in); if (!x509) ossl_raise(eX509CertError, NULL); @@ -190,7 +192,7 @@ ossl_x509_to_der(VALUE self) if ((len = i2d_X509(x509, NULL)) <= 0) ossl_raise(eX509CertError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if (i2d_X509(x509, &p) <= 0) ossl_raise(eX509CertError, NULL); ossl_str_adjust(str, p); @@ -690,7 +692,7 @@ static VALUE ossl_x509_inspect(VALUE self) { VALUE str; - char *cname = rb_class2name(rb_obj_class(self)); + const char *cname = rb_class2name(rb_obj_class(self)); str = rb_str_new2("#<"); rb_str_cat2(str, cname); Index: ext/openssl/ossl_rand.c =================================================================== --- ext/openssl/ossl_rand.c.orig +++ ext/openssl/ossl_rand.c @@ -99,7 +99,7 @@ ossl_rand_bytes(VALUE self, VALUE len) int n = NUM2INT(len); str = rb_str_new(0, n); - if (!RAND_bytes(RSTRING_PTR(str), n)) { + if (!RAND_bytes((unsigned char *)RSTRING_PTR(str), n)) { ossl_raise(eRandomError, NULL); } @@ -118,7 +118,7 @@ ossl_rand_pseudo_bytes(VALUE self, VALUE int n = NUM2INT(len); str = rb_str_new(0, n); - if (!RAND_pseudo_bytes(RSTRING_PTR(str), n)) { + if (!RAND_pseudo_bytes((unsigned char *)RSTRING_PTR(str), n)) { ossl_raise(eRandomError, NULL); } Index: ext/openssl/ossl_pkcs5.c =================================================================== --- ext/openssl/ossl_pkcs5.c.orig +++ ext/openssl/ossl_pkcs5.c @@ -29,14 +29,17 @@ ossl_pkcs5_pbkdf2_hmac(VALUE self, VALUE VALUE str; const EVP_MD *md; int len = NUM2INT(keylen); + unsigned char* salt_p; + unsigned char* str_p; StringValue(pass); StringValue(salt); md = GetDigestPtr(digest); - str = rb_str_new(0, len); + salt_p = (unsigned char*)RSTRING_PTR(salt); + str_p = (unsigned char*)RSTRING_PTR(str); - if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), md, len, RSTRING_PTR(str)) != 1) + if (PKCS5_PBKDF2_HMAC(RSTRING_PTR(pass), RSTRING_LEN(pass), salt_p, RSTRING_LEN(salt), NUM2INT(iter), md, len, str_p) != 1) ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC"); return str; @@ -72,7 +75,9 @@ ossl_pkcs5_pbkdf2_hmac_sha1(VALUE self, str = rb_str_new(0, len); - if (PKCS5_PBKDF2_HMAC_SHA1(RSTRING_PTR(pass), RSTRING_LEN(pass), RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), len, RSTRING_PTR(str)) != 1) + if (PKCS5_PBKDF2_HMAC_SHA1(RSTRING_PTR(pass), RSTRING_LEN(pass), + (const unsigned char *)RSTRING_PTR(salt), RSTRING_LEN(salt), NUM2INT(iter), + len, (unsigned char *)RSTRING_PTR(str)) != 1) ossl_raise(ePKCS5, "PKCS5_PBKDF2_HMAC_SHA1"); return str; Index: ext/openssl/ossl_x509ext.c =================================================================== --- ext/openssl/ossl_x509ext.c.orig +++ ext/openssl/ossl_x509ext.c @@ -198,6 +198,7 @@ ossl_x509extfactory_initialize(int argc, ossl_x509extfactory_set_subject_req(self, subject_req); if (!NIL_P(crl)) ossl_x509extfactory_set_crl(self, crl); + rb_iv_set(self, "@config", Qnil); return self; } @@ -273,16 +274,17 @@ static VALUE ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self) { VALUE oid, value, critical; - unsigned char *p; - X509_EXTENSION *ext; + const unsigned char *p; + X509_EXTENSION *ext, *x; GetX509Ext(self, ext); if(rb_scan_args(argc, argv, "12", &oid, &value, &critical) == 1){ oid = ossl_to_der_if_possible(oid); StringValue(oid); - p = RSTRING_PTR(oid); - if(!d2i_X509_EXTENSION((X509_EXTENSION**)&DATA_PTR(self), - &p, RSTRING_LEN(oid))) + p = (unsigned char *)RSTRING_PTR(oid); + x = d2i_X509_EXTENSION(&ext, &p, RSTRING_LEN(oid)); + DATA_PTR(self) = ext; + if(!x) ossl_raise(eX509ExtError, NULL); return self; } @@ -323,14 +325,15 @@ ossl_x509ext_set_value(VALUE self, VALUE ossl_raise(eX509ExtError, "malloc error"); memcpy(s, RSTRING_PTR(data), RSTRING_LEN(data)); if(!(asn1s = ASN1_OCTET_STRING_new())){ - free(s); + OPENSSL_free(s); ossl_raise(eX509ExtError, NULL); } if(!M_ASN1_OCTET_STRING_set(asn1s, s, RSTRING_LEN(data))){ - free(s); + OPENSSL_free(s); ASN1_OCTET_STRING_free(asn1s); ossl_raise(eX509ExtError, NULL); } + OPENSSL_free(s); GetX509Ext(self, ext); X509_EXTENSION_set_data(ext, asn1s); @@ -409,7 +412,7 @@ ossl_x509ext_to_der(VALUE obj) if((len = i2d_X509_EXTENSION(ext, NULL)) <= 0) ossl_raise(eX509ExtError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_X509_EXTENSION(ext, &p) < 0) ossl_raise(eX509ExtError, NULL); ossl_str_adjust(str, p); Index: ext/openssl/ossl_pkcs7.c =================================================================== --- ext/openssl/ossl_pkcs7.c.orig +++ ext/openssl/ossl_pkcs7.c @@ -309,7 +309,7 @@ ossl_pkcs7_alloc(VALUE klass) static VALUE ossl_pkcs7_initialize(int argc, VALUE *argv, VALUE self) { - PKCS7 *p7; + PKCS7 *p7, *pkcs = DATA_PTR(self); BIO *in; VALUE arg; @@ -317,10 +317,12 @@ ossl_pkcs7_initialize(int argc, VALUE *a return self; arg = ossl_to_der_if_possible(arg); in = ossl_obj2bio(arg); - p7 = PEM_read_bio_PKCS7(in, (PKCS7 **)&DATA_PTR(self), NULL, NULL); + p7 = PEM_read_bio_PKCS7(in, &pkcs, NULL, NULL); + DATA_PTR(self) = pkcs; if (!p7) { - BIO_reset(in); - p7 = d2i_PKCS7_bio(in, (PKCS7 **)&DATA_PTR(self)); + (void)BIO_reset(in); + p7 = d2i_PKCS7_bio(in, &pkcs); + DATA_PTR(self) = pkcs; } BIO_free(in); ossl_pkcs7_set_data(self, Qnil); @@ -570,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, V return self; } -static STACK * -pkcs7_get_certs_or_crls(VALUE self, int want_certs) +static STACK_OF(X509) * +pkcs7_get_certs(VALUE self) { PKCS7 *pkcs7; STACK_OF(X509) *certs; - STACK_OF(X509_CRL) *crls; int i; GetPKCS7(self, pkcs7); @@ -583,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int switch(i){ case NID_pkcs7_signed: certs = pkcs7->d.sign->cert; - crls = pkcs7->d.sign->crl; break; case NID_pkcs7_signedAndEnveloped: certs = pkcs7->d.signed_and_enveloped->cert; + break; + default: + certs = NULL; + } + + return certs; +} + +static STACK_OF(X509_CRL) * +pkcs7_get_crls(VALUE self) +{ + PKCS7 *pkcs7; + STACK_OF(X509_CRL) *crls; + int i; + + GetPKCS7(self, pkcs7); + i = OBJ_obj2nid(pkcs7->type); + switch(i){ + case NID_pkcs7_signed: + crls = pkcs7->d.sign->crl; + break; + case NID_pkcs7_signedAndEnveloped: crls = pkcs7->d.signed_and_enveloped->crl; break; default: - certs = crls = NULL; + crls = NULL; } - return want_certs ? certs : crls; + return crls; } static VALUE @@ -608,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, STACK_OF(X509) *certs; X509 *cert; - certs = pkcs7_get_certs_or_crls(self, 1); + certs = pkcs7_get_certs(self); while((cert = sk_X509_pop(certs))) X509_free(cert); rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self); @@ -618,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, static VALUE ossl_pkcs7_get_certificates(VALUE self) { - return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1)); + return ossl_x509_sk2ary(pkcs7_get_certs(self)); } static VALUE @@ -648,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar STACK_OF(X509_CRL) *crls; X509_CRL *crl; - crls = pkcs7_get_certs_or_crls(self, 0); + crls = pkcs7_get_crls(self); while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl); rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self); @@ -658,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ar static VALUE ossl_pkcs7_get_crls(VALUE self) { - return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0)); + return ossl_x509crl_sk2ary(pkcs7_get_crls(self)); } static VALUE @@ -778,7 +800,7 @@ ossl_pkcs7_to_der(VALUE self) if((len = i2d_PKCS7(pkcs7, NULL)) <= 0) ossl_raise(ePKCS7Error, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_PKCS7(pkcs7, &p) <= 0) ossl_raise(ePKCS7Error, NULL); ossl_str_adjust(str, p); Index: ext/openssl/extconf.rb =================================================================== --- ext/openssl/extconf.rb.orig +++ ext/openssl/extconf.rb @@ -91,12 +91,16 @@ have_func("X509_CRL_add0_revoked") have_func("X509_CRL_set_issuer_name") have_func("X509_CRL_set_version") have_func("X509_CRL_sort") +have_func("X509_NAME_hash_old") have_func("X509_STORE_get_ex_data") have_func("X509_STORE_set_ex_data") have_func("OBJ_NAME_do_all_sorted") have_func("SSL_SESSION_get_id") have_func("OPENSSL_cleanse") -if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n") +unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h']) + have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME") +end +if try_compile("#define FOO(...) foo(__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n") $defs.push("-DHAVE_VA_ARGS_MACRO") end if have_header("openssl/engine.h")