make cert/crl/name/attr/revoked/ext/extfactory shareable when frozen

ext/openssl/ossl_x509attr.c

@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509attr_type = {
     {
 	0, ossl_x509attr_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -105,6 +105,7 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
     X509_ATTRIBUTE *attr, *x;
     const unsigned char *p;
 
+    rb_check_frozen(self);
     GetX509Attr(self, attr);
     if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){
 	oid = ossl_to_der_if_possible(oid);
@@ -153,6 +154,7 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid)
     ASN1_OBJECT *obj;
     char *s;
 
+    rb_check_frozen(self);
     GetX509Attr(self, attr);
     s = StringValueCStr(oid);
     obj = OBJ_txt2obj(s, 0);
@@ -201,6 +203,8 @@ static VALUE
 ossl_x509attr_set_value(VALUE self, VALUE value)
 {
     X509_ATTRIBUTE *attr;
+
+    rb_check_frozen(self);
     GetX509Attr(self, attr);
 
     OSSL_Check_Kind(value, cASN1Data);

ext/openssl/ossl_x509cert.c

@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509_type = {
     {
 	0, ossl_x509_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -279,6 +279,7 @@ ossl_x509_set_version(VALUE self, VALUE version)
     X509 *x509;
     long ver;
 
+    rb_check_frozen(self);
     if ((ver = NUM2LONG(version)) < 0) {
 	ossl_raise(eX509CertError, "version must be >= 0!");
     }
@@ -313,6 +314,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
 {
     X509 *x509;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));
 
@@ -370,6 +372,7 @@ ossl_x509_set_subject(VALUE self, VALUE subject)
 {
     X509 *x509;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     if (!X509_set_subject_name(x509, GetX509NamePtr(subject))) { /* DUPs name */
 	ossl_raise(eX509CertError, NULL);
@@ -405,6 +408,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer)
 {
     X509 *x509;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     if (!X509_set_issuer_name(x509, GetX509NamePtr(issuer))) { /* DUPs name */
 	ossl_raise(eX509CertError, NULL);
@@ -441,6 +445,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time)
     X509 *x509;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_set1_notBefore(x509, asn1time)) {
@@ -480,6 +485,7 @@ ossl_x509_set_not_after(VALUE self, VALUE time)
     X509 *x509;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_set1_notAfter(x509, asn1time)) {
@@ -519,6 +525,7 @@ ossl_x509_set_public_key(VALUE self, VALUE key)
     X509 *x509;
     EVP_PKEY *pkey;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     pkey = GetPKeyPtr(key);
     ossl_pkey_check_public_key(pkey);
@@ -538,6 +545,7 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
     EVP_PKEY *pkey;
     const EVP_MD *md;
 
+    rb_check_frozen(self);
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
     if (NIL_P(digest)) {
         md = NULL; /* needed for some key types, e.g. Ed25519 */
@@ -641,6 +649,7 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
     long i;
 
     Check_Type(ary, T_ARRAY);
+    rb_check_frozen(self);
     /* All ary's members should be X509Extension */
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
@@ -668,6 +677,7 @@ ossl_x509_add_extension(VALUE self, VALUE extension)
     X509 *x509;
     X509_EXTENSION *ext;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     ext = GetX509ExtPtr(extension);
     if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
@@ -727,6 +737,7 @@ ossl_x509_tbs_bytes(VALUE self)
     unsigned char *p0;
     VALUE str;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     len = i2d_re_X509_tbs(x509, NULL);
     if (len <= 0) {

ext/openssl/ossl_x509crl.c

@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509crl_type = {
     {
 	0, ossl_x509crl_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -153,6 +153,7 @@ ossl_x509crl_set_version(VALUE self, VALUE version)
     X509_CRL *crl;
     long ver;
 
+    rb_check_frozen(self);
     if ((ver = NUM2LONG(version)) < 0) {
 	ossl_raise(eX509CRLError, "version must be >= 0!");
     }
@@ -199,6 +200,7 @@ ossl_x509crl_set_issuer(VALUE self, VALUE issuer)
 {
     X509_CRL *crl;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
 
     if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */
@@ -227,6 +229,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
     X509_CRL *crl;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
@@ -302,6 +305,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
     STACK_OF(X509_REVOKED) *sk;
     long i;
 
+    rb_check_frozen(self);
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Revoked */
     for (i=0; i<RARRAY_LEN(ary); i++) {
@@ -330,6 +334,7 @@ ossl_x509crl_add_revoked(VALUE self, VALUE revoked)
     X509_CRL *crl;
     X509_REVOKED *rev;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     rev = DupX509RevokedPtr(revoked);
     if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
@@ -469,6 +474,7 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
     long i;
 
     Check_Type(ary, T_ARRAY);
+    rb_check_frozen(self);
     /* All ary members should be X509 Extensions */
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
@@ -492,6 +498,7 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
     X509_CRL *crl;
     X509_EXTENSION *ext;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     ext = GetX509ExtPtr(extension);
     if (!X509_CRL_add_ext(crl, ext, -1)) {

ext/openssl/ossl_x509ext.c

@@ -55,7 +55,7 @@ static const rb_data_type_t ossl_x509ext_type = {
     {
 	0, ossl_x509ext_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -108,7 +108,7 @@ static const rb_data_type_t ossl_x509extfactory_type = {
     {
 	0, ossl_x509extfactory_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 static VALUE
@@ -128,6 +128,7 @@ ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@issuer_certificate", cert);
     ctx->issuer_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */
@@ -140,6 +141,7 @@ ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@subject_certificate", cert);
     ctx->subject_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */
@@ -152,6 +154,7 @@ ossl_x509extfactory_set_subject_req(VALUE self, VALUE req)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@subject_request", req);
     ctx->subject_req = GetX509ReqPtr(req); /* NO DUP NEEDED */
@@ -164,6 +167,7 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@crl", crl);
     ctx->crl = GetX509CRLPtr(crl); /* NO DUP NEEDED */
@@ -181,6 +185,7 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
 
     rb_scan_args(argc, argv, "04",
 		 &issuer_cert, &subject_cert, &subject_req, &crl);
+    rb_check_frozen(self);
     if (!NIL_P(issuer_cert))
 	ossl_x509extfactory_set_issuer_cert(self, issuer_cert);
     if (!NIL_P(subject_cert))
@@ -281,6 +286,7 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
     const unsigned char *p;
     X509_EXTENSION *ext, *x;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     if(rb_scan_args(argc, argv, "12", &oid, &value, &critical) == 1){
 	oid = ossl_to_der_if_possible(oid);
@@ -324,6 +330,7 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid)
     X509_EXTENSION *ext;
     ASN1_OBJECT *obj;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     obj = OBJ_txt2obj(StringValueCStr(oid), 0);
     if (!obj)
@@ -343,6 +350,7 @@ ossl_x509ext_set_value(VALUE self, VALUE data)
     X509_EXTENSION *ext;
     ASN1_OCTET_STRING *asn1s;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     data = ossl_to_der_if_possible(data);
     StringValue(data);
@@ -361,6 +369,7 @@ ossl_x509ext_set_critical(VALUE self, VALUE flag)
 {
     X509_EXTENSION *ext;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     X509_EXTENSION_set_critical(ext, RTEST(flag) ? 1 : 0);
 

ext/openssl/ossl_x509name.c

@@ -46,7 +46,7 @@ static const rb_data_type_t ossl_x509name_type = {
     {
 	0, ossl_x509name_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE
 };
 
 /*
@@ -148,6 +148,7 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
     X509_NAME *name;
     VALUE arg, template;
 
+    rb_check_frozen(self);
     GetX509Name(self, name);
     if (rb_scan_args(argc, argv, "02", &arg, &template) == 0) {
 	return self;
@@ -229,6 +230,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
 	kwargs_ids[1] = rb_intern_const("set");
     }
     rb_scan_args(argc, argv, "21:", &oid, &value, &type, &opts);
+    rb_check_frozen(self);
     rb_get_kwargs(opts, kwargs_ids, 0, 2, kwargs);
     oid_name = StringValueCStr(oid);
     StringValue(value);

ext/openssl/ossl_x509revoked.c

@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509rev_type = {
     {
 	0, ossl_x509rev_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -140,6 +140,7 @@ ossl_x509revoked_set_serial(VALUE self, VALUE num)
     X509_REVOKED *rev;
     ASN1_INTEGER *asn1int;
 
+    rb_check_frozen(self);
     GetX509Rev(self, rev);
     asn1int = num_to_asn1integer(num, NULL);
     if (!X509_REVOKED_set_serialNumber(rev, asn1int)) {
@@ -171,6 +172,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time)
     X509_REVOKED *rev;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509Rev(self, rev);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_REVOKED_set_revocationDate(rev, asn1time)) {
@@ -219,6 +221,7 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary)
     VALUE item;
 
     Check_Type(ary, T_ARRAY);
+    rb_check_frozen(self);
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
@@ -241,6 +244,7 @@ ossl_x509revoked_add_extension(VALUE self, VALUE ext)
 {
     X509_REVOKED *rev;
 
+    rb_check_frozen(self);
     GetX509Rev(self, rev);
     if (!X509_REVOKED_add_ext(rev, GetX509ExtPtr(ext), -1)) {
 	ossl_raise(eX509RevError, NULL);