static struct CRYPTO_dynlock_value *
ossl_dyn_create_callback(const char *file, int line)
{
/* Do not use xmalloc() here, since it may raise NoMemoryError */
struct CRYPTO_dynlock_value *dynlock =
OPENSSL_malloc(sizeof(struct CRYPTO_dynlock_value));
if (dynlock)
ossl_lock_init(dynlock);
return dynlock;
}
static void Init_ossl_locks(void)
{
int i;
int num_locks = CRYPTO_num_locks();
ossl_locks = ALLOC_N(struct CRYPTO_dynlock_value, num_locks);
for (i = 0; i < num_locks; i++)
ossl_lock_init(&ossl_locks[i]);
CRYPTO_THREADID_set_callback(ossl_threadid_func);
CRYPTO_set_locking_callback(ossl_lock_callback);
CRYPTO_set_dynlock_create_callback(ossl_dyn_create_callback);
CRYPTO_set_dynlock_lock_callback(ossl_dyn_lock_callback);
CRYPTO_set_dynlock_destroy_callback(ossl_dyn_destroy_callback);
}
static void
ossl_init_locks(void)
{
unsigned ii, nlocks;
if (CRYPTO_get_locking_callback() != NULL) {
/* Someone already set the callback before us. Don't destroy it! */
return;
}
nlocks = CRYPTO_num_locks();
ossl_locks = malloc(sizeof(*ossl_locks) * nlocks);
for (ii = 0; ii < nlocks; ii++) {
ossl_lock_init(ossl_locks + ii);
}
CRYPTO_set_locking_callback(ossl_lockfn);
}
void
Init_ossl_ssl()
{
int i;
VALUE ary;
#if 0 /* let rdoc know about mOSSL */
mOSSL = rb_define_module("OpenSSL");
#endif
ID_callback_state = rb_intern("@callback_state");
ossl_ssl_ex_vcb_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_vcb_idx",0,0,0);
ossl_ssl_ex_store_p = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_store_p",0,0,0);
ossl_ssl_ex_ptr_idx = SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_ptr_idx",0,0,0);
ossl_ssl_ex_client_cert_cb_idx =
SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_client_cert_cb_idx",0,0,0);
ossl_ssl_ex_tmp_dh_callback_idx =
SSL_get_ex_new_index(0,(void *)"ossl_ssl_ex_tmp_dh_callback_idx",0,0,0);
mSSL = rb_define_module_under(mOSSL, "SSL");
eSSLError = rb_define_class_under(mSSL, "SSLError", eOSSLError);
Init_ossl_ssl_session();
/* class SSLContext
*
* The following attributes are available but don't show up in rdoc.
* All attributes must be set before calling SSLSocket.new(io, ctx).
* * ssl_version, cert, key, client_ca, ca_file, ca_path, timeout,
* * verify_mode, verify_depth client_cert_cb, tmp_dh_callback,
* * session_id_context, session_add_cb, session_new_cb, session_remove_cb
*/
cSSLContext = rb_define_class_under(mSSL, "SSLContext", rb_cObject);
rb_objc_define_method(*(VALUE *)cSSLContext, "alloc", ossl_sslctx_s_alloc, 0);
for(i = 0; i < numberof(ossl_sslctx_attrs); i++)
rb_attr(cSSLContext, rb_intern(ossl_sslctx_attrs[i]), 1, 1, Qfalse);
rb_define_alias(cSSLContext, "ssl_timeout", "timeout");
rb_define_alias(cSSLContext, "ssl_timeout=", "timeout=");
rb_objc_define_method(cSSLContext, "initialize", ossl_sslctx_initialize, -1);
rb_objc_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1);
rb_objc_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_objc_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
rb_objc_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);
rb_define_const(cSSLContext, "SESSION_CACHE_OFF", LONG2FIX(SSL_SESS_CACHE_OFF));
rb_define_const(cSSLContext, "SESSION_CACHE_CLIENT", LONG2FIX(SSL_SESS_CACHE_CLIENT)); /* doesn't actually do anything in 0.9.8e */
rb_define_const(cSSLContext, "SESSION_CACHE_SERVER", LONG2FIX(SSL_SESS_CACHE_SERVER));
rb_define_const(cSSLContext, "SESSION_CACHE_BOTH", LONG2FIX(SSL_SESS_CACHE_BOTH)); /* no different than CACHE_SERVER in 0.9.8e */
rb_define_const(cSSLContext, "SESSION_CACHE_NO_AUTO_CLEAR", LONG2FIX(SSL_SESS_CACHE_NO_AUTO_CLEAR));
rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL_LOOKUP", LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP));
rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL_STORE", LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_STORE));
rb_define_const(cSSLContext, "SESSION_CACHE_NO_INTERNAL", LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL));
rb_objc_define_method(cSSLContext, "session_add", ossl_sslctx_session_add, 1);
rb_objc_define_method(cSSLContext, "session_remove", ossl_sslctx_session_remove, 1);
rb_objc_define_method(cSSLContext, "session_cache_mode", ossl_sslctx_get_session_cache_mode, 0);
rb_objc_define_method(cSSLContext, "session_cache_mode=", ossl_sslctx_set_session_cache_mode, 1);
rb_objc_define_method(cSSLContext, "session_cache_size", ossl_sslctx_get_session_cache_size, 0);
rb_objc_define_method(cSSLContext, "session_cache_size=", ossl_sslctx_set_session_cache_size, 1);
rb_objc_define_method(cSSLContext, "session_cache_stats", ossl_sslctx_get_session_cache_stats, 0);
rb_objc_define_method(cSSLContext, "flush_sessions", ossl_sslctx_flush_sessions, -1);
ary = rb_ary_new2(numberof(ossl_ssl_method_tab));
for (i = 0; i < numberof(ossl_ssl_method_tab); i++) {
rb_ary_push(ary, ID2SYM(rb_intern(ossl_ssl_method_tab[i].name)));
}
rb_obj_freeze(ary);
/* holds a list of available SSL/TLS methods */
rb_define_const(cSSLContext, "METHODS", ary);
/* class SSLSocket
*
* The following attributes are available but don't show up in rdoc.
* * io, context, sync_close
*
*/
cSSLSocket = rb_define_class_under(mSSL, "SSLSocket", rb_cObject);
rb_objc_define_method(*(VALUE *)cSSLSocket, "alloc", ossl_ssl_s_alloc, 0);
for(i = 0; i < numberof(ossl_ssl_attr_readers); i++)
rb_attr(cSSLSocket, rb_intern(ossl_ssl_attr_readers[i]), 1, 0, Qfalse);
for(i = 0; i < numberof(ossl_ssl_attrs); i++)
rb_attr(cSSLSocket, rb_intern(ossl_ssl_attrs[i]), 1, 1, Qfalse);
rb_define_alias(cSSLSocket, "to_io", "io");
rb_objc_define_method(cSSLSocket, "initialize", ossl_ssl_initialize, -1);
rb_objc_define_method(cSSLSocket, "connect", ossl_ssl_connect, 0);
rb_objc_define_method(cSSLSocket, "connect_nonblock", ossl_ssl_connect_nonblock, 0);
rb_objc_define_method(cSSLSocket, "accept", ossl_ssl_accept, 0);
rb_objc_define_method(cSSLSocket, "accept_nonblock", ossl_ssl_accept_nonblock, 0);
rb_objc_define_method(cSSLSocket, "sysread", ossl_ssl_read, -1);
rb_objc_define_private_method(cSSLSocket, "sysread_nonblock", ossl_ssl_read_nonblock, -1);
rb_objc_define_method(cSSLSocket, "syswrite", ossl_ssl_write, 1);
rb_objc_define_private_method(cSSLSocket, "syswrite_nonblock", ossl_ssl_write_nonblock, 1);
rb_objc_define_method(cSSLSocket, "sysclose", ossl_ssl_close, 0);
rb_objc_define_method(cSSLSocket, "cert", ossl_ssl_get_cert, 0);
rb_objc_define_method(cSSLSocket, "peer_cert", ossl_ssl_get_peer_cert, 0);
rb_objc_define_method(cSSLSocket, "peer_cert_chain", ossl_ssl_get_peer_cert_chain, 0);
rb_objc_define_method(cSSLSocket, "cipher", ossl_ssl_get_cipher, 0);
rb_objc_define_method(cSSLSocket, "state", ossl_ssl_get_state, 0);
rb_objc_define_method(cSSLSocket, "pending", ossl_ssl_pending, 0);
rb_objc_define_method(cSSLSocket, "session_reused?", ossl_ssl_session_reused, 0);
rb_objc_define_method(cSSLSocket, "session=", ossl_ssl_set_session, 1);
rb_objc_define_method(cSSLSocket, "verify_result", ossl_ssl_get_verify_result, 0);
#define ossl_ssl_def_const(x) rb_define_const(mSSL, #x, INT2NUM(SSL_##x))
ossl_ssl_def_const(VERIFY_NONE);
ossl_ssl_def_const(VERIFY_PEER);
ossl_ssl_def_const(VERIFY_FAIL_IF_NO_PEER_CERT);
ossl_ssl_def_const(VERIFY_CLIENT_ONCE);
/* Introduce constants included in OP_ALL. These constants are mostly for
* unset some bits in OP_ALL such as;
* ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS
*/
ossl_ssl_def_const(OP_MICROSOFT_SESS_ID_BUG);
ossl_ssl_def_const(OP_NETSCAPE_CHALLENGE_BUG);
ossl_ssl_def_const(OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
ossl_ssl_def_const(OP_SSLREF2_REUSE_CERT_TYPE_BUG);
ossl_ssl_def_const(OP_MICROSOFT_BIG_SSLV3_BUFFER);
ossl_ssl_def_const(OP_MSIE_SSLV2_RSA_PADDING);
ossl_ssl_def_const(OP_SSLEAY_080_CLIENT_DH_BUG);
ossl_ssl_def_const(OP_TLS_D5_BUG);
ossl_ssl_def_const(OP_TLS_BLOCK_PADDING_BUG);
ossl_ssl_def_const(OP_DONT_INSERT_EMPTY_FRAGMENTS);
ossl_ssl_def_const(OP_ALL);
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
ossl_ssl_def_const(OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
ossl_ssl_def_const(OP_SINGLE_ECDH_USE);
#endif
ossl_ssl_def_const(OP_SINGLE_DH_USE);
ossl_ssl_def_const(OP_EPHEMERAL_RSA);
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
ossl_ssl_def_const(OP_CIPHER_SERVER_PREFERENCE);
#endif
ossl_ssl_def_const(OP_TLS_ROLLBACK_BUG);
ossl_ssl_def_const(OP_NO_SSLv2);
ossl_ssl_def_const(OP_NO_SSLv3);
ossl_ssl_def_const(OP_NO_TLSv1);
#if defined(SSL_OP_NO_TICKET)
ossl_ssl_def_const(OP_NO_TICKET);
#endif
ossl_ssl_def_const(OP_PKCS1_CHECK_1);
ossl_ssl_def_const(OP_PKCS1_CHECK_2);
ossl_ssl_def_const(OP_NETSCAPE_CA_DN_BUG);
ossl_ssl_def_const(OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
ossl_lock_init();
}
