Skip to content

Commit

Permalink
make cert/crl/ext/extfactory shareable when frozen
Browse files Browse the repository at this point in the history
  • Loading branch information
HoneyryderChuck committed Dec 2, 2024
1 parent 0759018 commit 6c1013d
Show file tree
Hide file tree
Showing 7 changed files with 104 additions and 10 deletions.
8 changes: 6 additions & 2 deletions ext/openssl/ossl_x509attr.c
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
X509_ATTRIBUTE *attr, *x;
const unsigned char *p;

rb_check_frozen(self);
GetX509Attr(self, attr);
if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){
oid = ossl_to_der_if_possible(oid);
Expand All @@ -128,7 +129,6 @@ ossl_x509attr_initialize_copy(VALUE self, VALUE other)
{
X509_ATTRIBUTE *attr, *attr_other, *attr_new;

rb_check_frozen(self);
GetX509Attr(self, attr);
GetX509Attr(other, attr_other);

Expand All @@ -153,6 +153,7 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid)
ASN1_OBJECT *obj;
char *s;

rb_check_frozen(self);
GetX509Attr(self, attr);
s = StringValueCStr(oid);
obj = OBJ_txt2obj(s, 0);
Expand Down Expand Up @@ -201,9 +202,12 @@ static VALUE
ossl_x509attr_set_value(VALUE self, VALUE value)
{
X509_ATTRIBUTE *attr;
GetX509Attr(self, attr);

rb_check_frozen(self);

OSSL_Check_Kind(value, cASN1Data);
GetX509Attr(self, attr);

VALUE der = ossl_to_der(value);
const unsigned char *p = (const unsigned char *)RSTRING_PTR(der);
STACK_OF(ASN1_TYPE) *sk = d2i_ASN1_SET_ANY(NULL, &p, RSTRING_LEN(der));
Expand Down
13 changes: 12 additions & 1 deletion ext/openssl/ossl_x509cert.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509_type = {
{
0, ossl_x509_free,
},
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
};

/*
Expand Down Expand Up @@ -279,6 +279,7 @@ ossl_x509_set_version(VALUE self, VALUE version)
X509 *x509;
long ver;

rb_check_frozen(self);
if ((ver = NUM2LONG(version)) < 0) {
ossl_raise(eX509CertError, "version must be >= 0!");
}
Expand Down Expand Up @@ -313,6 +314,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
{
X509 *x509;

rb_check_frozen(self);
GetX509(self, x509);
X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));

Expand Down Expand Up @@ -370,6 +372,7 @@ ossl_x509_set_subject(VALUE self, VALUE subject)
{
X509 *x509;

rb_check_frozen(self);
GetX509(self, x509);
if (!X509_set_subject_name(x509, GetX509NamePtr(subject))) { /* DUPs name */
ossl_raise(eX509CertError, NULL);
Expand Down Expand Up @@ -405,6 +408,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer)
{
X509 *x509;

rb_check_frozen(self);
GetX509(self, x509);
if (!X509_set_issuer_name(x509, GetX509NamePtr(issuer))) { /* DUPs name */
ossl_raise(eX509CertError, NULL);
Expand Down Expand Up @@ -441,6 +445,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time)
X509 *x509;
ASN1_TIME *asn1time;

rb_check_frozen(self);
GetX509(self, x509);
asn1time = ossl_x509_time_adjust(NULL, time);
if (!X509_set1_notBefore(x509, asn1time)) {
Expand Down Expand Up @@ -480,6 +485,7 @@ ossl_x509_set_not_after(VALUE self, VALUE time)
X509 *x509;
ASN1_TIME *asn1time;

rb_check_frozen(self);
GetX509(self, x509);
asn1time = ossl_x509_time_adjust(NULL, time);
if (!X509_set1_notAfter(x509, asn1time)) {
Expand Down Expand Up @@ -519,6 +525,7 @@ ossl_x509_set_public_key(VALUE self, VALUE key)
X509 *x509;
EVP_PKEY *pkey;

rb_check_frozen(self);
GetX509(self, x509);
pkey = GetPKeyPtr(key);
ossl_pkey_check_public_key(pkey);
Expand All @@ -538,6 +545,7 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
EVP_PKEY *pkey;
const EVP_MD *md;

rb_check_frozen(self);
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
if (NIL_P(digest)) {
md = NULL; /* needed for some key types, e.g. Ed25519 */
Expand Down Expand Up @@ -641,6 +649,7 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
long i;

Check_Type(ary, T_ARRAY);
rb_check_frozen(self);
/* All ary's members should be X509Extension */
for (i=0; i<RARRAY_LEN(ary); i++) {
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
Expand Down Expand Up @@ -668,6 +677,7 @@ ossl_x509_add_extension(VALUE self, VALUE extension)
X509 *x509;
X509_EXTENSION *ext;

rb_check_frozen(self);
GetX509(self, x509);
ext = GetX509ExtPtr(extension);
if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
Expand Down Expand Up @@ -727,6 +737,7 @@ ossl_x509_tbs_bytes(VALUE self)
unsigned char *p0;
VALUE str;

rb_check_frozen(self);
GetX509(self, x509);
len = i2d_re_X509_tbs(x509, NULL);
if (len <= 0) {
Expand Down
10 changes: 9 additions & 1 deletion ext/openssl/ossl_x509crl.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509crl_type = {
{
0, ossl_x509crl_free,
},
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
};

/*
Expand Down Expand Up @@ -153,6 +153,7 @@ ossl_x509crl_set_version(VALUE self, VALUE version)
X509_CRL *crl;
long ver;

rb_check_frozen(self);
if ((ver = NUM2LONG(version)) < 0) {
ossl_raise(eX509CRLError, "version must be >= 0!");
}
Expand Down Expand Up @@ -199,6 +200,7 @@ ossl_x509crl_set_issuer(VALUE self, VALUE issuer)
{
X509_CRL *crl;

rb_check_frozen(self);
GetX509CRL(self, crl);

if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */
Expand Down Expand Up @@ -227,6 +229,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
X509_CRL *crl;
ASN1_TIME *asn1time;

rb_check_frozen(self);
GetX509CRL(self, crl);
asn1time = ossl_x509_time_adjust(NULL, time);
if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
Expand Down Expand Up @@ -302,6 +305,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
STACK_OF(X509_REVOKED) *sk;
long i;

rb_check_frozen(self);
Check_Type(ary, T_ARRAY);
/* All ary members should be X509 Revoked */
for (i=0; i<RARRAY_LEN(ary); i++) {
Expand Down Expand Up @@ -330,6 +334,7 @@ ossl_x509crl_add_revoked(VALUE self, VALUE revoked)
X509_CRL *crl;
X509_REVOKED *rev;

rb_check_frozen(self);
GetX509CRL(self, crl);
rev = DupX509RevokedPtr(revoked);
if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
Expand All @@ -348,6 +353,7 @@ ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest)
EVP_PKEY *pkey;
const EVP_MD *md;

rb_check_frozen(self);
GetX509CRL(self, crl);
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
if (NIL_P(digest)) {
Expand Down Expand Up @@ -473,6 +479,7 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
long i;

Check_Type(ary, T_ARRAY);
rb_check_frozen(self);
/* All ary members should be X509 Extensions */
for (i=0; i<RARRAY_LEN(ary); i++) {
OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
Expand All @@ -496,6 +503,7 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
X509_CRL *crl;
X509_EXTENSION *ext;

rb_check_frozen(self);
GetX509CRL(self, crl);
ext = GetX509ExtPtr(extension);
if (!X509_CRL_add_ext(crl, ext, -1)) {
Expand Down
37 changes: 35 additions & 2 deletions ext/openssl/ossl_x509ext.c
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ static const rb_data_type_t ossl_x509ext_type = {
{
0, ossl_x509ext_free,
},
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
};

/*
Expand Down Expand Up @@ -108,7 +108,7 @@ static const rb_data_type_t ossl_x509extfactory_type = {
{
0, ossl_x509extfactory_free,
},
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
};

static VALUE
Expand Down Expand Up @@ -181,6 +181,7 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)

rb_scan_args(argc, argv, "04",
&issuer_cert, &subject_cert, &subject_req, &crl);
rb_check_frozen(self);
if (!NIL_P(issuer_cert))
ossl_x509extfactory_set_issuer_cert(self, issuer_cert);
if (!NIL_P(subject_cert))
Expand Down Expand Up @@ -281,6 +282,7 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
const unsigned char *p;
X509_EXTENSION *ext, *x;

rb_check_frozen(self);
GetX509Ext(self, ext);
if(rb_scan_args(argc, argv, "12", &oid, &value, &critical) == 1){
oid = ossl_to_der_if_possible(oid);
Expand Down Expand Up @@ -318,12 +320,17 @@ ossl_x509ext_initialize_copy(VALUE self, VALUE other)
return self;
}

/*
* call-seq:
* extension.oid = string => string
*/
static VALUE
ossl_x509ext_set_oid(VALUE self, VALUE oid)
{
X509_EXTENSION *ext;
ASN1_OBJECT *obj;

rb_check_frozen(self);
GetX509Ext(self, ext);
obj = OBJ_txt2obj(StringValueCStr(oid), 0);
if (!obj)
Expand All @@ -337,12 +344,17 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid)
return oid;
}

/*
* call-seq:
* extension.value = string => string
*/
static VALUE
ossl_x509ext_set_value(VALUE self, VALUE data)
{
X509_EXTENSION *ext;
ASN1_OCTET_STRING *asn1s;

rb_check_frozen(self);
GetX509Ext(self, ext);
data = ossl_to_der_if_possible(data);
StringValue(data);
Expand All @@ -356,17 +368,26 @@ ossl_x509ext_set_value(VALUE self, VALUE data)
return data;
}

/*
* call-seq:
* extension.critical = bool => bool
*/
static VALUE
ossl_x509ext_set_critical(VALUE self, VALUE flag)
{
X509_EXTENSION *ext;

rb_check_frozen(self);
GetX509Ext(self, ext);
X509_EXTENSION_set_critical(ext, RTEST(flag) ? 1 : 0);

return flag;
}

/*
* call-seq:
* extension.oid => string
*/
static VALUE
ossl_x509ext_get_oid(VALUE obj)
{
Expand All @@ -390,6 +411,10 @@ ossl_x509ext_get_oid(VALUE obj)
return ret;
}

/*
* call-seq:
* extension.value => string
*/
static VALUE
ossl_x509ext_get_value(VALUE obj)
{
Expand Down Expand Up @@ -420,6 +445,10 @@ ossl_x509ext_get_value_der(VALUE obj)
return rb_str_new((const char *)value->data, value->length);
}

/*
* call-seq:
* extension.critical = bool
*/
static VALUE
ossl_x509ext_get_critical(VALUE obj)
{
Expand All @@ -429,6 +458,10 @@ ossl_x509ext_get_critical(VALUE obj)
return X509_EXTENSION_get_critical(ext) ? Qtrue : Qfalse;
}

/*
* call-seq:
* extension.to_der => string
*/
static VALUE
ossl_x509ext_to_der(VALUE obj)
{
Expand Down
4 changes: 3 additions & 1 deletion ext/openssl/ossl_x509name.c
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ static const rb_data_type_t ossl_x509name_type = {
{
0, ossl_x509name_free,
},
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED
};

/*
Expand Down Expand Up @@ -148,6 +148,7 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
X509_NAME *name;
VALUE arg, template;

rb_check_frozen(self);
GetX509Name(self, name);
if (rb_scan_args(argc, argv, "02", &arg, &template) == 0) {
return self;
Expand Down Expand Up @@ -229,6 +230,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
kwargs_ids[1] = rb_intern_const("set");
}
rb_scan_args(argc, argv, "21:", &oid, &value, &type, &opts);
rb_check_frozen(self);
rb_get_kwargs(opts, kwargs_ids, 0, 2, kwargs);
oid_name = StringValueCStr(oid);
StringValue(value);
Expand Down
Loading

0 comments on commit 6c1013d

Please sign in to comment.