13 #if !defined(OPENSSL_NO_OCSP) 15 #define NewOCSPReq(klass) \ 16 TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0) 17 #define SetOCSPReq(obj, req) do { \ 18 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \ 19 RTYPEDDATA_DATA(obj) = (req); \ 21 #define GetOCSPReq(obj, req) do { \ 22 TypedData_Get_Struct((obj), OCSP_REQUEST, &ossl_ocsp_request_type, (req)); \ 23 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \ 25 #define SafeGetOCSPReq(obj, req) do { \ 26 OSSL_Check_Kind((obj), cOCSPReq); \ 27 GetOCSPReq((obj), (req)); \ 30 #define NewOCSPRes(klass) \ 31 TypedData_Wrap_Struct((klass), &ossl_ocsp_response_type, 0) 32 #define SetOCSPRes(obj, res) do { \ 33 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 34 RTYPEDDATA_DATA(obj) = (res); \ 36 #define GetOCSPRes(obj, res) do { \ 37 TypedData_Get_Struct((obj), OCSP_RESPONSE, &ossl_ocsp_response_type, (res)); \ 38 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 40 #define SafeGetOCSPRes(obj, res) do { \ 41 OSSL_Check_Kind((obj), cOCSPRes); \ 42 GetOCSPRes((obj), (res)); \ 45 #define NewOCSPBasicRes(klass) \ 46 TypedData_Wrap_Struct((klass), &ossl_ocsp_basicresp_type, 0) 47 #define SetOCSPBasicRes(obj, res) do { \ 48 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 49 RTYPEDDATA_DATA(obj) = (res); \ 51 #define GetOCSPBasicRes(obj, res) do { \ 52 TypedData_Get_Struct((obj), OCSP_BASICRESP, &ossl_ocsp_basicresp_type, (res)); \ 53 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 55 #define SafeGetOCSPBasicRes(obj, res) do { \ 56 OSSL_Check_Kind((obj), cOCSPBasicRes); \ 57 GetOCSPBasicRes((obj), (res)); \ 60 #define NewOCSPSingleRes(klass) \ 61 TypedData_Wrap_Struct((klass), &ossl_ocsp_singleresp_type, 0) 62 #define SetOCSPSingleRes(obj, res) do { \ 63 if(!(res)) ossl_raise(rb_eRuntimeError, "SingleResponse wasn't initialized!"); \ 64 RTYPEDDATA_DATA(obj) = (res); \ 66 #define GetOCSPSingleRes(obj, res) do { \ 67 TypedData_Get_Struct((obj), OCSP_SINGLERESP, &ossl_ocsp_singleresp_type, (res)); \ 68 if(!(res)) ossl_raise(rb_eRuntimeError, "SingleResponse wasn't initialized!"); \ 70 #define SafeGetOCSPSingleRes(obj, res) do { \ 71 OSSL_Check_Kind((obj), cOCSPSingleRes); \ 72 GetOCSPSingleRes((obj), (res)); \ 75 #define NewOCSPCertId(klass) \ 76 TypedData_Wrap_Struct((klass), &ossl_ocsp_certid_type, 0) 77 #define SetOCSPCertId(obj, cid) do { \ 78 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \ 79 RTYPEDDATA_DATA(obj) = (cid); \ 81 #define GetOCSPCertId(obj, cid) do { \ 82 TypedData_Get_Struct((obj), OCSP_CERTID, &ossl_ocsp_certid_type, (cid)); \ 83 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \ 85 #define SafeGetOCSPCertId(obj, cid) do { \ 86 OSSL_Check_Kind((obj), cOCSPCertId); \ 87 GetOCSPCertId((obj), (cid)); \ 101 OCSP_REQUEST_free(ptr);
105 "OpenSSL/OCSP/REQUEST",
115 OCSP_RESPONSE_free(ptr);
119 "OpenSSL/OCSP/RESPONSE",
129 OCSP_BASICRESP_free(ptr);
133 "OpenSSL/OCSP/BASICRESP",
143 OCSP_SINGLERESP_free(ptr);
147 "OpenSSL/OCSP/SINGLERESP",
157 OCSP_CERTID_free(ptr);
161 "OpenSSL/OCSP/CERTID",
189 if (!(req = OCSP_REQUEST_new()))
199 OCSP_REQUEST *req, *req_old, *req_new;
205 req_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_REQUEST), req);
210 OCSP_REQUEST_free(req_old);
228 OCSP_REQUEST *req, *req_new;
229 const unsigned char *p;
241 OCSP_REQUEST_free(req);
268 ret = OCSP_request_add1_nonce(req,
NULL, -1);
308 res = OCSP_check_nonce(req, bs);
329 if (!(id_new = OCSP_CERTID_dup(
id)))
331 if (!OCSP_request_add0_id(req, id_new)) {
332 OCSP_CERTID_free(id_new);
356 count = OCSP_request_onereq_count(req);
358 for(i = 0; i <
count; i++){
359 one = OCSP_request_onereq_get0(req, i);
361 if(!(
id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one))))
389 VALUE signer_cert, signer_key, certs, flags, digest;
394 unsigned long flg = 0;
398 rb_scan_args(argc, argv,
"23", &signer_cert, &signer_key, &certs, &flags, &digest);
411 x509s = ossl_x509_ary2sk(certs);
413 ret = OCSP_request_sign(req, signer, key, md, x509s, flg);
414 sk_X509_pop_free(x509s, X509_free);
432 VALUE certs, store, flags;
442 x509s = ossl_x509_ary2sk(certs);
443 result = OCSP_request_verify(req, x509s, x509st, flg);
444 sk_X509_pop_free(x509s, X509_free);
464 if((len = i2d_OCSP_REQUEST(req,
NULL)) <= 0)
468 if(i2d_OCSP_REQUEST(req, &p) <= 0)
496 if(!(res = OCSP_response_create(st, bs)))
510 if(!(res = OCSP_RESPONSE_new()))
520 OCSP_RESPONSE *res, *res_old, *res_new;
526 res_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_RESPONSE), res);
531 OCSP_RESPONSE_free(res_old);
549 OCSP_RESPONSE *res, *res_new;
550 const unsigned char *p;
562 OCSP_RESPONSE_free(res);
582 st = OCSP_response_status(res);
601 st = OCSP_response_status(res);
622 if(!(bs = OCSP_response_get1_basic(res)))
645 if((len = i2d_OCSP_RESPONSE(res,
NULL)) <= 0)
649 if(i2d_OCSP_RESPONSE(res, &p) <= 0)
666 if(!(bs = OCSP_BASICRESP_new()))
676 OCSP_BASICRESP *bs, *bs_old, *bs_new;
682 bs_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs);
687 OCSP_BASICRESP_free(bs_old);
704 OCSP_BASICRESP *res, *res_new;
705 const unsigned char *p;
717 OCSP_BASICRESP_free(res);
740 ret = OCSP_copy_nonce(bs, req);
763 ret = OCSP_basic_add1_nonce(bs,
NULL, -1);
824 OCSP_SINGLERESP *single;
827 int st, rsn = 0, error = 0, rstatus = 0;
840 if (st == V_OCSP_CERTSTATUS_REVOKED) {
843 if (rstatus)
goto err;
844 rev = (ASN1_TIME *)tmp;
848 if (rstatus)
goto err;
849 ths = (ASN1_TIME *)tmp;
851 if (!
NIL_P(nextupd)) {
853 if (rstatus)
goto err;
854 nxt = (ASN1_TIME *)tmp;
857 if(!(single = OCSP_basic_add1_status(bs,
id, st, rsn, rev, ths, nxt))){
863 X509_EXTENSION *x509ext;
867 if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
900 OCSP_SINGLERESP *single;
902 ASN1_TIME *revtime, *thisupd, *nextupd;
904 X509_EXTENSION *x509ext;
906 int count, ext_count, i, j;
910 count = OCSP_resp_count(bs);
911 for(i = 0; i <
count; i++){
912 single = OCSP_resp_get0(bs, i);
913 if(!single)
continue;
915 revtime = thisupd = nextupd =
NULL;
916 status = OCSP_single_get0_status(single, &reason, &revtime,
918 if(status < 0)
continue;
929 ext_count = OCSP_SINGLERESP_get_ext_count(single);
930 for(j = 0; j < ext_count; j++){
931 x509ext = OCSP_SINGLERESP_get_ext(single, j);
958 count = OCSP_resp_count(bs);
961 for (i = 0; i <
count; i++) {
962 OCSP_SINGLERESP *sres, *sres_new;
964 sres = OCSP_resp_get0(bs, i);
965 sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
987 OCSP_SINGLERESP *sres, *sres_new;
994 if ((n = OCSP_resp_find(bs,
id, -1)) == -1)
997 sres = OCSP_resp_get0(bs, n);
998 sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
1021 VALUE signer_cert, signer_key, certs, flags, digest;
1026 unsigned long flg = 0;
1030 rb_scan_args(argc, argv,
"23", &signer_cert, &signer_key, &certs, &flags, &digest);
1041 flg |= OCSP_NOCERTS;
1043 x509s = ossl_x509_ary2sk(certs);
1045 ret = OCSP_basic_sign(bs, signer, key, md, x509s, flg);
1046 sk_X509_pop_free(x509s, X509_free);
1062 VALUE certs, store, flags;
1068 rb_scan_args(argc, argv,
"21", &certs, &store, &flags);
1072 x509s = ossl_x509_ary2sk(certs);
1073 #if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || defined(LIBRESSL_VERSION_NUMBER) 1096 if (!(flg & (OCSP_NOCHAIN | OCSP_NOVERIFY)) &&
1097 sk_X509_num(x509s) && sk_X509_num(bs->certs)) {
1100 bs = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs);
1102 sk_X509_pop_free(x509s, X509_free);
1106 for (i = 0; i < sk_X509_num(x509s); i++) {
1107 if (!OCSP_basic_add1_cert(bs, sk_X509_value(x509s, i))) {
1108 sk_X509_pop_free(x509s, X509_free);
1109 OCSP_BASICRESP_free(bs);
1113 result = OCSP_basic_verify(bs, x509s, x509st, flg);
1114 OCSP_BASICRESP_free(bs);
1117 result = OCSP_basic_verify(bs, x509s, x509st, flg);
1120 result = OCSP_basic_verify(bs, x509s, x509st, flg);
1122 sk_X509_pop_free(x509s, X509_free);
1138 OCSP_BASICRESP *res;
1144 if ((len = i2d_OCSP_BASICRESP(res,
NULL)) <= 0)
1148 if (i2d_OCSP_BASICRESP(res, &p) <= 0)
1172 OCSP_SINGLERESP *sres;
1176 if (!(sres = OCSP_SINGLERESP_new()))
1192 OCSP_SINGLERESP *res, *res_new;
1193 const unsigned char *p;
1204 OCSP_SINGLERESP_free(res);
1212 OCSP_SINGLERESP *sres, *sres_old, *sres_new;
1218 sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
1223 OCSP_SINGLERESP_free(sres_old);
1247 OCSP_SINGLERESP *sres;
1248 ASN1_GENERALIZEDTIME *this_update, *next_update;
1249 VALUE nsec_v, maxsec_v;
1250 int nsec, maxsec, status, ret;
1257 status = OCSP_single_get0_status(sres,
NULL,
NULL, &this_update, &next_update);
1261 ret = OCSP_check_validity(this_update, next_update, nsec, maxsec);
1280 OCSP_SINGLERESP *sres;
1306 OCSP_SINGLERESP *sres;
1324 OCSP_SINGLERESP *sres;
1326 ASN1_GENERALIZEDTIME *time;
1329 status = OCSP_single_get0_status(sres,
NULL,
NULL, &time,
NULL);
1343 OCSP_SINGLERESP *sres;
1345 ASN1_GENERALIZEDTIME *time;
1348 status = OCSP_single_get0_status(sres,
NULL,
NULL,
NULL, &time);
1362 OCSP_SINGLERESP *sres;
1364 ASN1_GENERALIZEDTIME *time;
1367 status = OCSP_single_get0_status(sres,
NULL, &time,
NULL,
NULL);
1370 if (status != V_OCSP_CERTSTATUS_REVOKED)
1383 OCSP_SINGLERESP *sres;
1387 status = OCSP_single_get0_status(sres, &reason,
NULL,
NULL,
NULL);
1390 if (status != V_OCSP_CERTSTATUS_REVOKED)
1403 OCSP_SINGLERESP *sres;
1404 X509_EXTENSION *ext;
1410 count = OCSP_SINGLERESP_get_ext_count(sres);
1412 for (i = 0; i <
count; i++) {
1413 ext = OCSP_SINGLERESP_get_ext(sres, i);
1429 OCSP_SINGLERESP *sres;
1435 if ((len = i2d_OCSP_SINGLERESP(sres,
NULL)) <= 0)
1439 if (i2d_OCSP_SINGLERESP(sres, &p) <= 0)
1457 if(!(
id = OCSP_CERTID_new()))
1467 OCSP_CERTID *cid, *cid_old, *cid_new;
1473 cid_new = OCSP_CERTID_dup(cid);
1478 OCSP_CERTID_free(cid_old);
1499 OCSP_CERTID *
id, *newid;
1500 VALUE subject, issuer, digest;
1503 if (
rb_scan_args(argc, argv,
"12", &subject, &issuer, &digest) == 1) {
1505 const unsigned char *p;
1515 X509 *x509s, *x509i;
1522 newid = OCSP_cert_to_id(md, x509s, x509i);
1528 OCSP_CERTID_free(
id);
1543 OCSP_CERTID *
id, *id2;
1548 result = OCSP_id_cmp(
id, id2);
1564 OCSP_CERTID *
id, *id2;
1569 result = OCSP_id_issuer_cmp(
id, id2);
1585 ASN1_INTEGER *serial;
1604 ASN1_OCTET_STRING *name_hash;
1627 ASN1_OCTET_STRING *key_hash;
1656 if (!(out = BIO_new(BIO_s_mem())))
1659 if (!i2a_ASN1_OBJECT(out, oid)) {
1681 if ((len = i2d_OCSP_CERTID(
id,
NULL)) <= 0)
1685 if (i2d_OCSP_CERTID(
id, &p) <= 0)
static VALUE ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self)
static VALUE ossl_ocspres_status(VALUE self)
static VALUE ossl_ocspreq_check_nonce(VALUE self, VALUE basic_resp)
#define RUBY_TYPED_FREE_IMMEDIATELY
static VALUE ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self)
static VALUE ossl_ocspcid_cmp_issuer(VALUE self, VALUE other)
static VALUE ossl_ocspreq_to_der(VALUE self)
void rb_define_singleton_method(VALUE obj, const char *name, VALUE(*func)(ANYARGS), int argc)
Defines a singleton method for obj.
static VALUE ossl_ocspcid_get_issuer_name_hash(VALUE self)
static const rb_data_type_t ossl_ocsp_request_type
static VALUE ossl_ocspsres_get_this_update(VALUE self)
EVP_PKEY * GetPrivPKeyPtr(VALUE obj)
#define ossl_str_adjust(str, p)
static VALUE ossl_ocspbres_add_nonce(int argc, VALUE *argv, VALUE self)
#define SafeGetOCSPSingleRes(obj, res)
static VALUE ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
static VALUE ossl_ocspres_status_string(VALUE self)
#define SafeGetOCSPCertId(obj, cid)
VALUE rb_ary_push(VALUE ary, VALUE item)
static VALUE ossl_ocspcid_get_serial(VALUE self)
ASN1_TIME * ossl_x509_time_adjust(ASN1_TIME *s, VALUE time)
static VALUE ossl_ocspsres_initialize(VALUE self, VALUE arg)
#define NewOCSPCertId(klass)
VALUE rb_protect(VALUE(*proc)(VALUE), VALUE data, int *state)
VALUE rb_define_class_under(VALUE outer, const char *name, VALUE super)
Defines a class under the namespace of outer.
static void ossl_ocsp_singleresp_free(void *ptr)
static void ossl_ocsp_basicresp_free(void *ptr)
void rb_define_alloc_func(VALUE, rb_alloc_func_t)
static VALUE ossl_ocspbres_get_status(VALUE self)
STACK_OF(X509) *ossl_x509_ary2sk0(VALUE)
static VALUE ossl_ocspsres_get_cert_status(VALUE self)
#define NewOCSPReq(klass)
static const rb_data_type_t ossl_ocsp_response_type
VALUE asn1integer_to_num(const ASN1_INTEGER *ai)
void Init_ossl_ocsp(void)
static VALUE ossl_ocspreq_add_nonce(int argc, VALUE *argv, VALUE self)
#define SafeGetOCSPReq(obj, req)
VALUE ossl_membio2str(BIO *bio)
static VALUE ossl_ocspsres_get_extensions(VALUE self)
static VALUE ossl_ocspcid_get_issuer_key_hash(VALUE self)
static VALUE ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
static VALUE ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
#define SetOCSPBasicRes(obj, res)
static VALUE ossl_ocspbres_find_response(VALUE self, VALUE target)
static VALUE ossl_ocspsres_initialize_copy(VALUE self, VALUE other)
#define rb_define_copy_func(klass, func)
X509 * GetX509CertPtr(VALUE)
#define NewOCSPSingleRes(klass)
VALUE ossl_to_der_if_possible(VALUE obj)
static VALUE ossl_ocspbres_initialize(int argc, VALUE *argv, VALUE self)
#define SetOCSPRes(obj, res)
void ossl_clear_error(void)
static VALUE ossl_ocspcid_to_der(VALUE self)
RUBY_EXTERN VALUE rb_cObject
static VALUE ossl_ocspsres_get_revocation_time(VALUE self)
static VALUE ossl_ocspres_to_der(VALUE self)
const EVP_MD * GetDigestPtr(VALUE obj)
void rb_define_const(VALUE, const char *, VALUE)
static VALUE ossl_ocspcid_alloc(VALUE klass)
static VALUE ossl_ocspsres_to_der(VALUE self)
static VALUE add_status_convert_time(VALUE obj)
VALUE ossl_x509ext_new(X509_EXTENSION *)
static VALUE ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
#define GetOCSPSingleRes(obj, res)
#define SetOCSPCertId(obj, cid)
static void ossl_ocsp_response_free(void *ptr)
static VALUE ossl_ocspbres_to_der(VALUE self)
static VALUE ossl_ocspsres_get_revocation_reason(VALUE self)
static VALUE ossl_ocspsres_get_next_update(VALUE self)
static VALUE ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
int rb_scan_args(int argc, const VALUE *argv, const char *fmt,...)
static VALUE ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
static const rb_data_type_t ossl_ocsp_certid_type
#define NewOCSPBasicRes(klass)
static void ossl_ocsp_request_free(void *ptr)
static VALUE ossl_ocspreq_initialize_copy(VALUE self, VALUE other)
static VALUE ossl_ocspres_get_basic(VALUE self)
static VALUE ossl_ocspsres_new(OCSP_SINGLERESP *)
static VALUE ossl_ocspres_initialize_copy(VALUE self, VALUE other)
void rb_jump_tag(int tag)
#define NewOCSPRes(klass)
static VALUE ossl_ocspreq_alloc(VALUE klass)
X509_STORE * GetX509StorePtr(VALUE)
void ossl_bin2hex(unsigned char *in, char *out, size_t inlen)
#define GetOCSPReq(obj, req)
static VALUE ossl_ocspbres_copy_nonce(VALUE self, VALUE request)
register unsigned int len
VALUE rb_define_module_under(VALUE outer, const char *name)
X509_EXTENSION * GetX509ExtPtr(VALUE)
static VALUE ossl_ocspsres_alloc(VALUE klass)
#define SafeGetOCSPBasicRes(obj, res)
#define SetOCSPSingleRes(obj, res)
static const rb_data_type_t ossl_ocsp_singleresp_type
#define RARRAY_AREF(a, i)
#define GetOCSPBasicRes(obj, res)
#define SafeGetOCSPRes(obj, res)
VALUE rb_check_array_type(VALUE ary)
static VALUE ossl_ocspres_alloc(VALUE klass)
VALUE asn1time_to_time(const ASN1_TIME *time)
#define OSSL_Check_Kind(obj, klass)
static VALUE ossl_ocspsres_get_certid(VALUE self)
static void ossl_ocsp_certid_free(void *ptr)
void ossl_raise(VALUE exc, const char *fmt,...)
static VALUE ossl_ocspreq_get_certid(VALUE self)
#define GetOCSPRes(obj, res)
#define OCSP_SINGLERESP_get0_id(s)
static VALUE ossl_ocspres_s_create(VALUE klass, VALUE status, VALUE basic_resp)
#define GetOCSPCertId(obj, cid)
static const rb_data_type_t ossl_ocsp_basicresp_type
static VALUE ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
#define RSTRING_LENINT(str)
#define rb_check_frozen(obj)
VALUE rb_define_module(const char *name)
#define RB_INTEGER_TYPE_P(obj)
static VALUE ossl_ocspbres_initialize_copy(VALUE self, VALUE other)
static VALUE ossl_ocspbres_alloc(VALUE klass)
void rb_define_method(VALUE klass, const char *name, VALUE(*func)(ANYARGS), int argc)
static VALUE ossl_ocspcid_get_hash_algorithm(VALUE self)
static VALUE ossl_ocspcid_cmp(VALUE self, VALUE other)
#define SetOCSPReq(obj, req)
static VALUE ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status, VALUE reason, VALUE revtime, VALUE thisupd, VALUE nextupd, VALUE ext)
static VALUE ossl_ocspbres_get_responses(VALUE self)
static VALUE ossl_ocspcertid_new(OCSP_CERTID *cid)
static VALUE ossl_ocspreq_add_certid(VALUE self, VALUE certid)
VALUE rb_str_new(const char *, long)