make cert/crl/ext/extfactory shareable when frozen

Author: HoneyryderChuck

ext/openssl/ossl_x509attr.c

@@ -105,6 +105,7 @@ ossl_x509attr_initialize(int argc, VALUE *argv, VALUE self)
     X509_ATTRIBUTE *attr, *x;
     const unsigned char *p;
 
+    rb_check_frozen(self);
     GetX509Attr(self, attr);
     if(rb_scan_args(argc, argv, "11", &oid, &value) == 1){
 	oid = ossl_to_der_if_possible(oid);
@@ -153,6 +154,7 @@ ossl_x509attr_set_oid(VALUE self, VALUE oid)
     ASN1_OBJECT *obj;
     char *s;
 
+    rb_check_frozen(self);
     GetX509Attr(self, attr);
     s = StringValueCStr(oid);
     obj = OBJ_txt2obj(s, 0);
@@ -201,9 +203,12 @@ static VALUE
 ossl_x509attr_set_value(VALUE self, VALUE value)
 {
     X509_ATTRIBUTE *attr;
-    GetX509Attr(self, attr);
+
+    rb_check_frozen(self);
 
     OSSL_Check_Kind(value, cASN1Data);
+    GetX509Attr(self, attr);
+
     VALUE der = ossl_to_der(value);
     const unsigned char *p = (const unsigned char *)RSTRING_PTR(der);
     STACK_OF(ASN1_TYPE) *sk = d2i_ASN1_SET_ANY(NULL, &p, RSTRING_LEN(der));

ext/openssl/ossl_x509cert.c

@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509_type = {
     {
 	0, ossl_x509_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -279,6 +279,7 @@ ossl_x509_set_version(VALUE self, VALUE version)
     X509 *x509;
     long ver;
 
+    rb_check_frozen(self);
     if ((ver = NUM2LONG(version)) < 0) {
 	ossl_raise(eX509CertError, "version must be >= 0!");
     }
@@ -313,6 +314,7 @@ ossl_x509_set_serial(VALUE self, VALUE num)
 {
     X509 *x509;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     X509_set_serialNumber(x509, num_to_asn1integer(num, X509_get_serialNumber(x509)));
 
@@ -370,6 +372,7 @@ ossl_x509_set_subject(VALUE self, VALUE subject)
 {
     X509 *x509;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     if (!X509_set_subject_name(x509, GetX509NamePtr(subject))) { /* DUPs name */
 	ossl_raise(eX509CertError, NULL);
@@ -405,6 +408,7 @@ ossl_x509_set_issuer(VALUE self, VALUE issuer)
 {
     X509 *x509;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     if (!X509_set_issuer_name(x509, GetX509NamePtr(issuer))) { /* DUPs name */
 	ossl_raise(eX509CertError, NULL);
@@ -441,6 +445,7 @@ ossl_x509_set_not_before(VALUE self, VALUE time)
     X509 *x509;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_set1_notBefore(x509, asn1time)) {
@@ -480,6 +485,7 @@ ossl_x509_set_not_after(VALUE self, VALUE time)
     X509 *x509;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_set1_notAfter(x509, asn1time)) {
@@ -519,6 +525,7 @@ ossl_x509_set_public_key(VALUE self, VALUE key)
     X509 *x509;
     EVP_PKEY *pkey;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     pkey = GetPKeyPtr(key);
     ossl_pkey_check_public_key(pkey);
@@ -538,6 +545,7 @@ ossl_x509_sign(VALUE self, VALUE key, VALUE digest)
     EVP_PKEY *pkey;
     const EVP_MD *md;
 
+    rb_check_frozen(self);
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
     if (NIL_P(digest)) {
         md = NULL; /* needed for some key types, e.g. Ed25519 */
@@ -641,6 +649,7 @@ ossl_x509_set_extensions(VALUE self, VALUE ary)
     long i;
 
     Check_Type(ary, T_ARRAY);
+    rb_check_frozen(self);
     /* All ary's members should be X509Extension */
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
@@ -668,6 +677,7 @@ ossl_x509_add_extension(VALUE self, VALUE extension)
     X509 *x509;
     X509_EXTENSION *ext;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     ext = GetX509ExtPtr(extension);
     if (!X509_add_ext(x509, ext, -1)) { /* DUPs ext - FREE it */
@@ -727,6 +737,7 @@ ossl_x509_tbs_bytes(VALUE self)
     unsigned char *p0;
     VALUE str;
 
+    rb_check_frozen(self);
     GetX509(self, x509);
     len = i2d_re_X509_tbs(x509, NULL);
     if (len <= 0) {

ext/openssl/ossl_x509crl.c

@@ -41,7 +41,7 @@ static const rb_data_type_t ossl_x509crl_type = {
     {
 	0, ossl_x509crl_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -153,6 +153,7 @@ ossl_x509crl_set_version(VALUE self, VALUE version)
     X509_CRL *crl;
     long ver;
 
+    rb_check_frozen(self);
     if ((ver = NUM2LONG(version)) < 0) {
 	ossl_raise(eX509CRLError, "version must be >= 0!");
     }
@@ -199,6 +200,7 @@ ossl_x509crl_set_issuer(VALUE self, VALUE issuer)
 {
     X509_CRL *crl;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
 
     if (!X509_CRL_set_issuer_name(crl, GetX509NamePtr(issuer))) { /* DUPs name */
@@ -227,6 +229,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
     X509_CRL *crl;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
@@ -258,6 +261,7 @@ ossl_x509crl_set_next_update(VALUE self, VALUE time)
     X509_CRL *crl;
     ASN1_TIME *asn1time;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
     if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
@@ -302,6 +306,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
     STACK_OF(X509_REVOKED) *sk;
     long i;
 
+    rb_check_frozen(self);
     Check_Type(ary, T_ARRAY);
     /* All ary members should be X509 Revoked */
     for (i=0; i<RARRAY_LEN(ary); i++) {
@@ -330,6 +335,7 @@ ossl_x509crl_add_revoked(VALUE self, VALUE revoked)
     X509_CRL *crl;
     X509_REVOKED *rev;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     rev = DupX509RevokedPtr(revoked);
     if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
@@ -348,6 +354,7 @@ ossl_x509crl_sign(VALUE self, VALUE key, VALUE digest)
     EVP_PKEY *pkey;
     const EVP_MD *md;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
     if (NIL_P(digest)) {
@@ -473,6 +480,7 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
     long i;
 
     Check_Type(ary, T_ARRAY);
+    rb_check_frozen(self);
     /* All ary members should be X509 Extensions */
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
@@ -496,6 +504,7 @@ ossl_x509crl_add_extension(VALUE self, VALUE extension)
     X509_CRL *crl;
     X509_EXTENSION *ext;
 
+    rb_check_frozen(self);
     GetX509CRL(self, crl);
     ext = GetX509ExtPtr(extension);
     if (!X509_CRL_add_ext(crl, ext, -1)) {

ext/openssl/ossl_x509ext.c

@@ -55,7 +55,7 @@ static const rb_data_type_t ossl_x509ext_type = {
     {
 	0, ossl_x509ext_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 /*
@@ -108,7 +108,7 @@ static const rb_data_type_t ossl_x509extfactory_type = {
     {
 	0, ossl_x509extfactory_free,
     },
-    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED,
+    0, 0, RUBY_TYPED_FREE_IMMEDIATELY | RUBY_TYPED_WB_PROTECTED | RUBY_TYPED_FROZEN_SHAREABLE,
 };
 
 static VALUE
@@ -128,6 +128,7 @@ ossl_x509extfactory_set_issuer_cert(VALUE self, VALUE cert)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@issuer_certificate", cert);
     ctx->issuer_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */
@@ -140,6 +141,7 @@ ossl_x509extfactory_set_subject_cert(VALUE self, VALUE cert)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@subject_certificate", cert);
     ctx->subject_cert = GetX509CertPtr(cert); /* NO DUP NEEDED */
@@ -152,6 +154,7 @@ ossl_x509extfactory_set_subject_req(VALUE self, VALUE req)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@subject_request", req);
     ctx->subject_req = GetX509ReqPtr(req); /* NO DUP NEEDED */
@@ -164,6 +167,7 @@ ossl_x509extfactory_set_crl(VALUE self, VALUE crl)
 {
     X509V3_CTX *ctx;
 
+    rb_check_frozen(self);
     GetX509ExtFactory(self, ctx);
     rb_iv_set(self, "@crl", crl);
     ctx->crl = GetX509CRLPtr(crl); /* NO DUP NEEDED */
@@ -181,6 +185,7 @@ ossl_x509extfactory_initialize(int argc, VALUE *argv, VALUE self)
 
     rb_scan_args(argc, argv, "04",
 		 &issuer_cert, &subject_cert, &subject_req, &crl);
+    rb_check_frozen(self);
     if (!NIL_P(issuer_cert))
 	ossl_x509extfactory_set_issuer_cert(self, issuer_cert);
     if (!NIL_P(subject_cert))
@@ -281,6 +286,7 @@ ossl_x509ext_initialize(int argc, VALUE *argv, VALUE self)
     const unsigned char *p;
     X509_EXTENSION *ext, *x;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     if(rb_scan_args(argc, argv, "12", &oid, &value, &critical) == 1){
 	oid = ossl_to_der_if_possible(oid);
@@ -318,12 +324,17 @@ ossl_x509ext_initialize_copy(VALUE self, VALUE other)
     return self;
 }
 
+/*
+ * call-seq:
+ *    extension.oid = string
+ */
 static VALUE
 ossl_x509ext_set_oid(VALUE self, VALUE oid)
 {
     X509_EXTENSION *ext;
     ASN1_OBJECT *obj;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     obj = OBJ_txt2obj(StringValueCStr(oid), 0);
     if (!obj)
@@ -337,12 +348,17 @@ ossl_x509ext_set_oid(VALUE self, VALUE oid)
     return oid;
 }
 
+/*
+ * call-seq:
+ *    extension.value = string => string
+ */
 static VALUE
 ossl_x509ext_set_value(VALUE self, VALUE data)
 {
     X509_EXTENSION *ext;
     ASN1_OCTET_STRING *asn1s;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     data = ossl_to_der_if_possible(data);
     StringValue(data);
@@ -356,17 +372,26 @@ ossl_x509ext_set_value(VALUE self, VALUE data)
     return data;
 }
 
+/*
+ * call-seq:
+ *    extension.critical = bool => bool
+ */
 static VALUE
 ossl_x509ext_set_critical(VALUE self, VALUE flag)
 {
     X509_EXTENSION *ext;
 
+    rb_check_frozen(self);
     GetX509Ext(self, ext);
     X509_EXTENSION_set_critical(ext, RTEST(flag) ? 1 : 0);
 
     return flag;
 }
 
+/*
+ * call-seq:
+ *    extension.oid => string
+ */
 static VALUE
 ossl_x509ext_get_oid(VALUE obj)
 {
@@ -390,6 +415,10 @@ ossl_x509ext_get_oid(VALUE obj)
     return ret;
 }
 
+/*
+ * call-seq:
+ *    extension.value => string
+ */
 static VALUE
 ossl_x509ext_get_value(VALUE obj)
 {
@@ -420,6 +449,10 @@ ossl_x509ext_get_value_der(VALUE obj)
     return rb_str_new((const char *)value->data, value->length);
 }
 
+/*
+ * call-seq:
+ *    extension.critical? => bool
+ */
 static VALUE
 ossl_x509ext_get_critical(VALUE obj)
 {
@@ -429,6 +462,10 @@ ossl_x509ext_get_critical(VALUE obj)
     return X509_EXTENSION_get_critical(ext) ? Qtrue : Qfalse;
 }
 
+/*
+ * call-seq:
+ *    extension.to_der => string
+ */
 static VALUE
 ossl_x509ext_to_der(VALUE obj)
 {

ext/openssl/ossl_x509name.c

@@ -148,6 +148,7 @@ ossl_x509name_initialize(int argc, VALUE *argv, VALUE self)
     X509_NAME *name;
     VALUE arg, template;
 
+    rb_check_frozen(self);
     GetX509Name(self, name);
     if (rb_scan_args(argc, argv, "02", &arg, &template) == 0) {
 	return self;
@@ -230,6 +231,7 @@ VALUE ossl_x509name_add_entry(int argc, VALUE *argv, VALUE self)
     }
     rb_scan_args(argc, argv, "21:", &oid, &value, &type, &opts);
     rb_get_kwargs(opts, kwargs_ids, 0, 2, kwargs);
+    rb_check_frozen(self);
     oid_name = StringValueCStr(oid);
     StringValue(value);
     if(NIL_P(type)) type = rb_aref(OBJECT_TYPE_TEMPLATE, oid);