From 4c72db591159f36ffeee23ad1e4722b1c266fb80 Mon Sep 17 00:00:00 2001 From: HoneyryderChuck Date: Tue, 12 Nov 2024 15:58:46 +0000 Subject: [PATCH] make cert/crl/name/attr/revoked/ext/extfactory shareable when frozen --- ext/openssl/ossl_x509attr.c | 6 +++++- ext/openssl/ossl_x509cert.c | 13 ++++++++++++- ext/openssl/ossl_x509crl.c | 10 +++++++++- ext/openssl/ossl_x509ext.c | 13 +++++++++++-- ext/openssl/ossl_x509name.c | 4 +++- ext/openssl/ossl_x509revoked.c | 6 +++++- 6 files changed, 45 insertions(+), 7 deletions(-) diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c index 967fe89f0..bcb28d131 100644 --- a/ext/openssl/ossl_x509attr.c +++ b/ext/openssl/ossl_x509attr.c @@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509attr_type = { { 0, ossl_x509attr_free, }, - 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED, + 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE, }; /* @@ -105,6 +105,7 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self) X509_ATTRIBUTE *attr, *x; const unsigned char *p; + rb_check_frozen(self); GetX509Attr(self, attr); if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){ oid = ossl_to_der_if_possible(oid); @@ -153,6 +154,7 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid) ASN1_OBJECT *obj; char *s; + rb_check_frozen(self); GetX509Attr(self, attr); s = StringValueCStr(oid); obj = OBJ_txt2obj(s, 0); @@ -201,6 +203,8 @@ static VALUE ossl_x509attr_set_value(VALUE self, VALUE value) { X509_ATTRIBUTE *attr; + + rb_check_frozen(self); GetX509Attr(self, attr); OSSL_Check_Kind(value, cASN1Data); diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 846dd0701..f4daf1845 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509_type = { { 0, ossl_x509_free, }, - 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED, + 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE, }; /* @@ -279,6 +279,7 @@ ossl_x509_set_version(VALUE self, VALUE version) X509 *x509; long ver; + rb_check_frozen(self); if ((ver = NUM2LONG(version)) < 0) { ossl_raise(eX509CertError, "version must be >= 0!"); } @@ -313,6 +314,7 @@ ossl_x509_set_serial(VALUE self, VALUE num) { X509 *x509; + rb_check_frozen(self); GetX509(self, x509); X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509))); @@ -370,6 +372,7 @@ ossl_x509_set_subject(VALUE self, VALUE subject) { X509 *x509; + rb_check_frozen(self); GetX509(self, x509); if (!X509_set_subject_name(x509, GetX509NamePtr(subject))) { /* DUPs name */ ossl_raise(eX509CertError, NULL); @@ -405,6 +408,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer) { X509 *x509; + rb_check_frozen(self); GetX509(self, x509); if (!X509_set_issuer_name(x509, GetX509NamePtr(issuer))) { /* DUPs name */ ossl_raise(eX509CertError, NULL); @@ -441,6 +445,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time) X509 *x509; ASN1_TIME *asn1time; + rb_check_frozen(self); GetX509(self, x509); asn1time = ossl_x509_time_adjust(NULL, time); if (!X509_set1_notBefore(x509, asn1time)) { @@ -480,6 +485,7 @@ ossl_x509_set_not_after(VALUE self, VALUE time) X509 *x509; ASN1_TIME *asn1time; + rb_check_frozen(self); GetX509(self, x509); asn1time = ossl_x509_time_adjust(NULL, time); if (!X509_set1_notAfter(x509, asn1time)) { @@ -519,6 +525,7 @@ ossl_x509_set_public_key(VALUE self, VALUE key) X509 *x509; EVP_PKEY *pkey; + rb_check_frozen(self); GetX509(self, x509); pkey = GetPKeyPtr(key); ossl_pkey_check_public_key(pkey); @@ -538,6 +545,7 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest) EVP_PKEY *pkey; const EVP_MD *md; + rb_check_frozen(self); pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ if (NIL_P(digest)) { md = NULL; /* needed for some key types, e.g. Ed25519 */ @@ -641,6 +649,7 @@ ossl_x509_set_extensions(VALUE self, VALUE ary) long i; Check_Type(ary, T_ARRAY); + rb_check_frozen(self); /* All ary's members should be X509Extension */ for (i=0; i= 0!"); } @@ -199,6 +200,7 @@ ossl_x509crl_set_issuer(VALUE self, VALUE issuer) { X509_CRL *crl; + rb_check_frozen(self); GetX509CRL(self, crl); if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */ @@ -227,6 +229,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time) X509_CRL *crl; ASN1_TIME *asn1time; + rb_check_frozen(self); GetX509CRL(self, crl); asn1time = ossl_x509_time_adjust(NULL, time); if (!X509_CRL_set1_lastUpdate(crl, asn1time)) { @@ -302,6 +305,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary) STACK_OF(X509_REVOKED) *sk; long i; + rb_check_frozen(self); Check_Type(ary, T_ARRAY); /* All ary members should be X509 Revoked */ for (i=0; iissuer_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */ @@ -140,6 +141,7 @@ ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert) { X509V3_CTX *ctx; + rb_check_frozen(self); GetX509ExtFactory(self, ctx); rb_iv_set(self, "@subject_certificate", cert); ctx->subject_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */ @@ -152,6 +154,7 @@ ossl_x509extfactory_set_subject_req(VALUE self, VALUE req) { X509V3_CTX *ctx; + rb_check_frozen(self); GetX509ExtFactory(self, ctx); rb_iv_set(self, "@subject_request", req); ctx->subject_req = GetX509ReqPtr(req); /* NO DUP NEEDED */ @@ -164,6 +167,7 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl) { X509V3_CTX *ctx; + rb_check_frozen(self); GetX509ExtFactory(self, ctx); rb_iv_set(self, "@crl", crl); ctx->crl = GetX509CRLPtr(crl); /* NO DUP NEEDED */ @@ -181,6 +185,7 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self) rb_scan_args(argc, argv, "04", &issuer_cert, &subject_cert, &subject_req, &crl); + rb_check_frozen(self); if (!NIL_P(issuer_cert)) ossl_x509extfactory_set_issuer_cert(self, issuer_cert); if (!NIL_P(subject_cert)) @@ -281,6 +286,7 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self) const unsigned char *p; X509_EXTENSION *ext, *x; + rb_check_frozen(self); GetX509Ext(self, ext); if(rb_scan_args(argc, argv, "12", &oid, &value, &critical) == 1){ oid = ossl_to_der_if_possible(oid); @@ -324,6 +330,7 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid) X509_EXTENSION *ext; ASN1_OBJECT *obj; + rb_check_frozen(self); GetX509Ext(self, ext); obj = OBJ_txt2obj(StringValueCStr(oid), 0); if (!obj) @@ -343,6 +350,7 @@ ossl_x509ext_set_value(VALUE self, VALUE data) X509_EXTENSION *ext; ASN1_OCTET_STRING *asn1s; + rb_check_frozen(self); GetX509Ext(self, ext); data = ossl_to_der_if_possible(data); StringValue(data); @@ -361,6 +369,7 @@ ossl_x509ext_set_critical(VALUE self, VALUE flag) { X509_EXTENSION *ext; + rb_check_frozen(self); GetX509Ext(self, ext); X509_EXTENSION_set_critical(ext, RTEST(flag) ? 1 : 0); diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index 5060be92c..5e6b13c45 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -46,7 +46,7 @@ static const rb_data_type_t ossl_x509name_type = { { 0, ossl_x509name_free, }, - 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED, + 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE }; /* @@ -148,6 +148,7 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self) X509_NAME *name; VALUE arg, template; + rb_check_frozen(self); GetX509Name(self, name); if (rb_scan_args(argc, argv, "02", &arg, &template) == 0) { return self; @@ -229,6 +230,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self) kwargs_ids[1] = rb_intern_const("set"); } rb_scan_args(argc, argv, "21:", &oid, &value, &type, &opts); + rb_check_frozen(self); rb_get_kwargs(opts, kwargs_ids, 0, 2, kwargs); oid_name = StringValueCStr(oid); StringValue(value); diff --git a/ext/openssl/ossl_x509revoked.c b/ext/openssl/ossl_x509revoked.c index 5b82470c8..6bd3ffd29 100644 --- a/ext/openssl/ossl_x509revoked.c +++ b/ext/openssl/ossl_x509revoked.c @@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509rev_type = { { 0, ossl_x509rev_free, }, - 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED, + 0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE, }; /* @@ -140,6 +140,7 @@ ossl_x509revoked_set_serial(VALUE self, VALUE num) X509_REVOKED *rev; ASN1_INTEGER *asn1int; + rb_check_frozen(self); GetX509Rev(self, rev); asn1int = num_to_asn1integer(num, NULL); if (!X509_REVOKED_set_serialNumber(rev, asn1int)) { @@ -171,6 +172,7 @@ ossl_x509revoked_set_time(VALUE self, VALUE time) X509_REVOKED *rev; ASN1_TIME *asn1time; + rb_check_frozen(self); GetX509Rev(self, rev); asn1time = ossl_x509_time_adjust(NULL, time); if (!X509_REVOKED_set_revocationDate(rev, asn1time)) { @@ -219,6 +221,7 @@ ossl_x509revoked_set_extensions(VALUE self, VALUE ary) VALUE item; Check_Type(ary, T_ARRAY); + rb_check_frozen(self); for (i=0; i