1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
ruby--ruby/ext/openssl/ossl_asn1.c
rhe 609103dbb5 openssl: import v2.1.0.beta1
Import Ruby/OpenSSL 2.1.0.beta1. The full commit log since v2.0.5
(imported by r59567) can be found at:

	https://github.com/ruby/openssl/compare/v2.0.5...v2.1.0.beta1

----------------------------------------------------------------
Antonio Terceiro (1):
      test/test_ssl: explicitly accept TLS 1.1 in corresponding test

Colby Swandale (1):
      document using secure protocol to fetch git master in Bundler

Colton Jenkins (1):
      Add fips_mode_get to return fips_mode

Kazuki Yamaguchi (85):
      Start preparing for 2.1.0
      Remove support for OpenSSL 0.9.8 and 1.0.0
      bn: refine tests
      bn: implement unary {plus,minus} operators for OpenSSL::BN
      bn: implement OpenSSL::BN#negative?
      Don't define main() when built with --enable-debug
      test: let OpenSSL::TestCase include OpenSSL::TestUtils
      test: prepare test PKey instances on demand
      Add OpenSSL.print_mem_leaks
      Enable OSSL_MDEBUG on CI builds
      ssl: move default DH parameters from OpenSSL::PKey::DH
      Make exceptions with the same format regardless of OpenSSL.debug
      ssl: show reason of 'certificate verify error' in exception message
      ssl: remove OpenSSL::ExtConfig::TLS_DH_anon_WITH_AES_256_GCM_SHA384
      ssl: do not confuse different ex_data index registries
      ssl: assume SSL/SSL_CTX always have a valid reference to the Ruby object
      Fix RDoc markup
      ssl: suppress compiler warning
      ext/openssl/deprecation.rb: remove broken-apple-openssl
      extconf.rb: print informative message if OpenSSL can't be found
      Rakefile: compile the extension before test
      kdf: introduce OpenSSL::KDF module
      ossl.h: add NUM2UINT64T() macro
      kdf: add scrypt
      Expand rb_define_copy_func() macro
      Expand FPTR_TO_FD() macro
      Remove SafeGet*() macros
      cipher: rename GetCipherPtr() to ossl_evp_get_cipherbyname()
      digest: rename GetDigestPtr() to ossl_evp_get_digestbyname()
      Add ossl_str_new(), an exception-safe rb_str_new()
      bio: simplify ossl_membio2str() using ossl_str_new()
      Remove unused functions and macros
      Drop support for LibreSSL 2.3
      ocsp: add OpenSSL::OCSP::Request#signed?
      asn1: infinite length -> indefinite length
      asn1: rearrange tests
      ssl: remove a needless NULL check in SSL::SSLContext#ciphers
      ssl: return nil in SSL::SSLSocket#cipher if session is not started
      asn1: remove an unnecessary function prototype
      asn1: require tag information when instantiating generic type
      asn1: initialize 'unused_bits' attribute of BitString with 0
      asn1: check for illegal 'unused_bits' value of BitString
      asn1: disallow NULL to be passed to asn1time_to_time()
      asn1: avoid truncating OID in OpenSSL::ASN1::ObjectId#oid
      asn1: allow constructed encoding with definite length form
      asn1: prohibit indefinite length form for primitive encoding
      asn1: allow tag number to be >= 32 for universal tag class
      asn1: use ossl_asn1_tag()
      asn1: clean up OpenSSL::ASN1::Constructive#to_der
      asn1: harmonize OpenSSL::ASN1::*#to_der
      asn1: prevent EOC octets from being in the middle of the content
      asn1: do not treat EOC octets as part of content octets
      x509name: add 'loc' and 'set' kwargs to OpenSSL::X509::Name#add_entry
      ssl: do not call session_remove_cb during GC
      Backport "Merge branch 'topic/test-memory-leak'" to maint
      cipher: update the documentation for Cipher#auth_tag=
      Rakefile: let sync:to_ruby know about test/openssl/fixtures
      test: fix formatting
      test/utils: remove OpenSSL::TestUtils.silent
      test/utils: add SSLTestCase#tls12_supported?
      test/utils: have start_server yield only the port number
      test/utils: do not set ecdh_curves in start_server
      test/utils: let server_loop close socket
      test/utils: improve error handling in start_server
      test/utils: add OpenSSL::TestUtils.openssl? and .libressl?
      test/utils: do not use DSA certificates in SSL tests
      test/test_ssl: remove test_invalid_shutdown_by_gc
      test/test_ssl: move test_multibyte_read_write to test_pair
      test/test_ssl_session: rearrange tests
      test/test_pair, test/test_ssl: fix for TLS 1.3
      ssl: remove useless call to rb_thread_wait_fd()
      ssl: fix NPN support
      ssl: mark OpenSSL::SSL::SSLContext::DEFAULT_{1024,2048} as private
      ssl: use 2048-bit group in the default tmp_dh_cb
      ssl: ensure that SSL option flags are non-negative
      ssl: update OpenSSL::SSL::OP_* flags
      ssl: prefer TLS_method() over SSLv23_method()
      ssl: add SSLContext#min_version= and #max_version=
      ssl: rework SSLContext#ssl_version=
      test/test_x509name: change script encoding to ASCII-8BIT
      x509name: refactor OpenSSL::X509::Name#to_s
      x509name: add OpenSSL::X509::Name#to_utf8
      x509name: add OpenSSL::X509::Name#inspect
      x509name: update regexp in OpenSSL::X509::Name.parse
      Ruby/OpenSSL 2.1.0.beta1

Marcus Stollsteimer (1):
      Fix rdoc for core Integer class

nobu (4):
      [DOC] {read,write}_nonblock with exception: false
      [DOC] keyword argument _exception_
      [DOC] mark up literals
      Revert r57690 except for read_nonblock

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59734 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2017-09-03 12:35:27 +00:00

1852 lines
58 KiB
C

/*
* 'OpenSSL for Ruby' team members
* Copyright (C) 2003
* All rights reserved.
*/
/*
* This program is licensed under the same licence as Ruby.
* (See the file 'LICENCE'.)
*/
#include "ossl.h"
static VALUE ossl_asn1_decode0(unsigned char **pp, long length, long *offset,
int depth, int yield, long *num_read);
static VALUE ossl_asn1_initialize(int argc, VALUE *argv, VALUE self);
/*
* DATE conversion
*/
VALUE
asn1time_to_time(const ASN1_TIME *time)
{
struct tm tm;
VALUE argv[6];
int count;
memset(&tm, 0, sizeof(struct tm));
switch (time->type) {
case V_ASN1_UTCTIME:
count = sscanf((const char *)time->data, "%2d%2d%2d%2d%2d%2dZ",
&tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min,
&tm.tm_sec);
if (count == 5) {
tm.tm_sec = 0;
} else if (count != 6) {
ossl_raise(rb_eTypeError, "bad UTCTIME format: \"%s\"",
time->data);
}
if (tm.tm_year < 69) {
tm.tm_year += 2000;
} else {
tm.tm_year += 1900;
}
break;
case V_ASN1_GENERALIZEDTIME:
count = sscanf((const char *)time->data, "%4d%2d%2d%2d%2d%2dZ",
&tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min,
&tm.tm_sec);
if (count == 5) {
tm.tm_sec = 0;
}
else if (count != 6) {
ossl_raise(rb_eTypeError, "bad GENERALIZEDTIME format: \"%s\"",
time->data);
}
break;
default:
rb_warning("unknown time format");
return Qnil;
}
argv[0] = INT2NUM(tm.tm_year);
argv[1] = INT2NUM(tm.tm_mon);
argv[2] = INT2NUM(tm.tm_mday);
argv[3] = INT2NUM(tm.tm_hour);
argv[4] = INT2NUM(tm.tm_min);
argv[5] = INT2NUM(tm.tm_sec);
return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);
}
void
ossl_time_split(VALUE time, time_t *sec, int *days)
{
VALUE num = rb_Integer(time);
if (FIXNUM_P(num)) {
time_t t = FIX2LONG(num);
*sec = t % 86400;
*days = rb_long2int(t / 86400);
}
else {
*days = NUM2INT(rb_funcall(num, rb_intern("/"), 1, INT2FIX(86400)));
*sec = NUM2TIMET(rb_funcall(num, rb_intern("%"), 1, INT2FIX(86400)));
}
}
/*
* STRING conversion
*/
VALUE
asn1str_to_str(const ASN1_STRING *str)
{
return rb_str_new((const char *)str->data, str->length);
}
/*
* ASN1_INTEGER conversions
*/
VALUE
asn1integer_to_num(const ASN1_INTEGER *ai)
{
BIGNUM *bn;
VALUE num;
if (!ai) {
ossl_raise(rb_eTypeError, "ASN1_INTEGER is NULL!");
}
if (ai->type == V_ASN1_ENUMERATED)
/* const_cast: workaround for old OpenSSL */
bn = ASN1_ENUMERATED_to_BN((ASN1_ENUMERATED *)ai, NULL);
else
bn = ASN1_INTEGER_to_BN(ai, NULL);
if (!bn)
ossl_raise(eOSSLError, NULL);
num = ossl_bn_new(bn);
BN_free(bn);
return num;
}
ASN1_INTEGER *
num_to_asn1integer(VALUE obj, ASN1_INTEGER *ai)
{
BIGNUM *bn;
if (NIL_P(obj))
ossl_raise(rb_eTypeError, "Can't convert nil into Integer");
bn = GetBNPtr(obj);
if (!(ai = BN_to_ASN1_INTEGER(bn, ai)))
ossl_raise(eOSSLError, NULL);
return ai;
}
/********/
/*
* ASN1 module
*/
#define ossl_asn1_get_value(o) rb_attr_get((o),sivVALUE)
#define ossl_asn1_get_tag(o) rb_attr_get((o),sivTAG)
#define ossl_asn1_get_tagging(o) rb_attr_get((o),sivTAGGING)
#define ossl_asn1_get_tag_class(o) rb_attr_get((o),sivTAG_CLASS)
#define ossl_asn1_get_indefinite_length(o) rb_attr_get((o),sivINDEFINITE_LENGTH)
#define ossl_asn1_set_value(o,v) rb_ivar_set((o),sivVALUE,(v))
#define ossl_asn1_set_tag(o,v) rb_ivar_set((o),sivTAG,(v))
#define ossl_asn1_set_tagging(o,v) rb_ivar_set((o),sivTAGGING,(v))
#define ossl_asn1_set_tag_class(o,v) rb_ivar_set((o),sivTAG_CLASS,(v))
#define ossl_asn1_set_indefinite_length(o,v) rb_ivar_set((o),sivINDEFINITE_LENGTH,(v))
VALUE mASN1;
VALUE eASN1Error;
VALUE cASN1Data;
VALUE cASN1Primitive;
VALUE cASN1Constructive;
VALUE cASN1EndOfContent;
VALUE cASN1Boolean; /* BOOLEAN */
VALUE cASN1Integer, cASN1Enumerated; /* INTEGER */
VALUE cASN1BitString; /* BIT STRING */
VALUE cASN1OctetString, cASN1UTF8String; /* STRINGs */
VALUE cASN1NumericString, cASN1PrintableString;
VALUE cASN1T61String, cASN1VideotexString;
VALUE cASN1IA5String, cASN1GraphicString;
VALUE cASN1ISO64String, cASN1GeneralString;
VALUE cASN1UniversalString, cASN1BMPString;
VALUE cASN1Null; /* NULL */
VALUE cASN1ObjectId; /* OBJECT IDENTIFIER */
VALUE cASN1UTCTime, cASN1GeneralizedTime; /* TIME */
VALUE cASN1Sequence, cASN1Set; /* CONSTRUCTIVE */
static VALUE sym_IMPLICIT, sym_EXPLICIT;
static VALUE sym_UNIVERSAL, sym_APPLICATION, sym_CONTEXT_SPECIFIC, sym_PRIVATE;
static ID sivVALUE, sivTAG, sivTAG_CLASS, sivTAGGING, sivINDEFINITE_LENGTH, sivUNUSED_BITS;
static ID id_each;
/*
* Ruby to ASN1 converters
*/
static ASN1_BOOLEAN
obj_to_asn1bool(VALUE obj)
{
if (NIL_P(obj))
ossl_raise(rb_eTypeError, "Can't convert nil into Boolean");
return RTEST(obj) ? 0xff : 0x0;
}
static ASN1_INTEGER*
obj_to_asn1int(VALUE obj)
{
return num_to_asn1integer(obj, NULL);
}
static ASN1_BIT_STRING*
obj_to_asn1bstr(VALUE obj, long unused_bits)
{
ASN1_BIT_STRING *bstr;
if (unused_bits < 0 || unused_bits > 7)
ossl_raise(eASN1Error, "unused_bits for a bitstring value must be in "\
"the range 0 to 7");
StringValue(obj);
if(!(bstr = ASN1_BIT_STRING_new()))
ossl_raise(eASN1Error, NULL);
ASN1_BIT_STRING_set(bstr, (unsigned char *)RSTRING_PTR(obj), RSTRING_LENINT(obj));
bstr->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
bstr->flags |= ASN1_STRING_FLAG_BITS_LEFT | unused_bits;
return bstr;
}
static ASN1_STRING*
obj_to_asn1str(VALUE obj)
{
ASN1_STRING *str;
StringValue(obj);
if(!(str = ASN1_STRING_new()))
ossl_raise(eASN1Error, NULL);
ASN1_STRING_set(str, RSTRING_PTR(obj), RSTRING_LENINT(obj));
return str;
}
static ASN1_NULL*
obj_to_asn1null(VALUE obj)
{
ASN1_NULL *null;
if(!NIL_P(obj))
ossl_raise(eASN1Error, "nil expected");
if(!(null = ASN1_NULL_new()))
ossl_raise(eASN1Error, NULL);
return null;
}
static ASN1_OBJECT*
obj_to_asn1obj(VALUE obj)
{
ASN1_OBJECT *a1obj;
StringValueCStr(obj);
a1obj = OBJ_txt2obj(RSTRING_PTR(obj), 0);
if(!a1obj) a1obj = OBJ_txt2obj(RSTRING_PTR(obj), 1);
if(!a1obj) ossl_raise(eASN1Error, "invalid OBJECT ID %"PRIsVALUE, obj);
return a1obj;
}
static ASN1_UTCTIME *
obj_to_asn1utime(VALUE time)
{
time_t sec;
ASN1_UTCTIME *t;
int off_days;
ossl_time_split(time, &sec, &off_days);
if (!(t = ASN1_UTCTIME_adj(NULL, sec, off_days, 0)))
ossl_raise(eASN1Error, NULL);
return t;
}
static ASN1_GENERALIZEDTIME *
obj_to_asn1gtime(VALUE time)
{
time_t sec;
ASN1_GENERALIZEDTIME *t;
int off_days;
ossl_time_split(time, &sec, &off_days);
if (!(t = ASN1_GENERALIZEDTIME_adj(NULL, sec, off_days, 0)))
ossl_raise(eASN1Error, NULL);
return t;
}
static ASN1_STRING*
obj_to_asn1derstr(VALUE obj)
{
ASN1_STRING *a1str;
VALUE str;
str = ossl_to_der(obj);
if(!(a1str = ASN1_STRING_new()))
ossl_raise(eASN1Error, NULL);
ASN1_STRING_set(a1str, RSTRING_PTR(str), RSTRING_LENINT(str));
return a1str;
}
/*
* DER to Ruby converters
*/
static VALUE
decode_bool(unsigned char* der, long length)
{
const unsigned char *p = der;
if (length != 3)
ossl_raise(eASN1Error, "invalid length for BOOLEAN");
if (p[0] != 1 || p[1] != 1)
ossl_raise(eASN1Error, "invalid BOOLEAN");
return p[2] ? Qtrue : Qfalse;
}
static VALUE
decode_int(unsigned char* der, long length)
{
ASN1_INTEGER *ai;
const unsigned char *p;
VALUE ret;
int status = 0;
p = der;
if(!(ai = d2i_ASN1_INTEGER(NULL, &p, length)))
ossl_raise(eASN1Error, NULL);
ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
(VALUE)ai, &status);
ASN1_INTEGER_free(ai);
if(status) rb_jump_tag(status);
return ret;
}
static VALUE
decode_bstr(unsigned char* der, long length, long *unused_bits)
{
ASN1_BIT_STRING *bstr;
const unsigned char *p;
long len;
VALUE ret;
p = der;
if(!(bstr = d2i_ASN1_BIT_STRING(NULL, &p, length)))
ossl_raise(eASN1Error, NULL);
len = bstr->length;
*unused_bits = 0;
if(bstr->flags & ASN1_STRING_FLAG_BITS_LEFT)
*unused_bits = bstr->flags & 0x07;
ret = rb_str_new((const char *)bstr->data, len);
ASN1_BIT_STRING_free(bstr);
return ret;
}
static VALUE
decode_enum(unsigned char* der, long length)
{
ASN1_ENUMERATED *ai;
const unsigned char *p;
VALUE ret;
int status = 0;
p = der;
if(!(ai = d2i_ASN1_ENUMERATED(NULL, &p, length)))
ossl_raise(eASN1Error, NULL);
ret = rb_protect((VALUE (*)(VALUE))asn1integer_to_num,
(VALUE)ai, &status);
ASN1_ENUMERATED_free(ai);
if(status) rb_jump_tag(status);
return ret;
}
static VALUE
decode_null(unsigned char* der, long length)
{
ASN1_NULL *null;
const unsigned char *p;
p = der;
if(!(null = d2i_ASN1_NULL(NULL, &p, length)))
ossl_raise(eASN1Error, NULL);
ASN1_NULL_free(null);
return Qnil;
}
static VALUE
decode_obj(unsigned char* der, long length)
{
ASN1_OBJECT *obj;
const unsigned char *p;
VALUE ret;
int nid;
BIO *bio;
p = der;
if(!(obj = d2i_ASN1_OBJECT(NULL, &p, length)))
ossl_raise(eASN1Error, NULL);
if((nid = OBJ_obj2nid(obj)) != NID_undef){
ASN1_OBJECT_free(obj);
ret = rb_str_new2(OBJ_nid2sn(nid));
}
else{
if(!(bio = BIO_new(BIO_s_mem()))){
ASN1_OBJECT_free(obj);
ossl_raise(eASN1Error, NULL);
}
i2a_ASN1_OBJECT(bio, obj);
ASN1_OBJECT_free(obj);
ret = ossl_membio2str(bio);
}
return ret;
}
static VALUE
decode_time(unsigned char* der, long length)
{
ASN1_TIME *time;
const unsigned char *p;
VALUE ret;
int status = 0;
p = der;
if(!(time = d2i_ASN1_TIME(NULL, &p, length)))
ossl_raise(eASN1Error, NULL);
ret = rb_protect((VALUE (*)(VALUE))asn1time_to_time,
(VALUE)time, &status);
ASN1_TIME_free(time);
if(status) rb_jump_tag(status);
return ret;
}
static VALUE
decode_eoc(unsigned char *der, long length)
{
if (length != 2 || !(der[0] == 0x00 && der[1] == 0x00))
ossl_raise(eASN1Error, NULL);
return rb_str_new("", 0);
}
/********/
typedef struct {
const char *name;
VALUE *klass;
} ossl_asn1_info_t;
static const ossl_asn1_info_t ossl_asn1_info[] = {
{ "EOC", &cASN1EndOfContent, }, /* 0 */
{ "BOOLEAN", &cASN1Boolean, }, /* 1 */
{ "INTEGER", &cASN1Integer, }, /* 2 */
{ "BIT_STRING", &cASN1BitString, }, /* 3 */
{ "OCTET_STRING", &cASN1OctetString, }, /* 4 */
{ "NULL", &cASN1Null, }, /* 5 */
{ "OBJECT", &cASN1ObjectId, }, /* 6 */
{ "OBJECT_DESCRIPTOR", NULL, }, /* 7 */
{ "EXTERNAL", NULL, }, /* 8 */
{ "REAL", NULL, }, /* 9 */
{ "ENUMERATED", &cASN1Enumerated, }, /* 10 */
{ "EMBEDDED_PDV", NULL, }, /* 11 */
{ "UTF8STRING", &cASN1UTF8String, }, /* 12 */
{ "RELATIVE_OID", NULL, }, /* 13 */
{ "[UNIVERSAL 14]", NULL, }, /* 14 */
{ "[UNIVERSAL 15]", NULL, }, /* 15 */
{ "SEQUENCE", &cASN1Sequence, }, /* 16 */
{ "SET", &cASN1Set, }, /* 17 */
{ "NUMERICSTRING", &cASN1NumericString, }, /* 18 */
{ "PRINTABLESTRING", &cASN1PrintableString, }, /* 19 */
{ "T61STRING", &cASN1T61String, }, /* 20 */
{ "VIDEOTEXSTRING", &cASN1VideotexString, }, /* 21 */
{ "IA5STRING", &cASN1IA5String, }, /* 22 */
{ "UTCTIME", &cASN1UTCTime, }, /* 23 */
{ "GENERALIZEDTIME", &cASN1GeneralizedTime, }, /* 24 */
{ "GRAPHICSTRING", &cASN1GraphicString, }, /* 25 */
{ "ISO64STRING", &cASN1ISO64String, }, /* 26 */
{ "GENERALSTRING", &cASN1GeneralString, }, /* 27 */
{ "UNIVERSALSTRING", &cASN1UniversalString, }, /* 28 */
{ "CHARACTER_STRING", NULL, }, /* 29 */
{ "BMPSTRING", &cASN1BMPString, }, /* 30 */
};
enum {ossl_asn1_info_size = (sizeof(ossl_asn1_info)/sizeof(ossl_asn1_info[0]))};
static VALUE class_tag_map;
static int ossl_asn1_default_tag(VALUE obj);
ASN1_TYPE*
ossl_asn1_get_asn1type(VALUE obj)
{
ASN1_TYPE *ret;
VALUE value, rflag;
void *ptr;
void (*free_func)();
int tag;
tag = ossl_asn1_default_tag(obj);
value = ossl_asn1_get_value(obj);
switch(tag){
case V_ASN1_BOOLEAN:
ptr = (void*)(VALUE)obj_to_asn1bool(value);
free_func = NULL;
break;
case V_ASN1_INTEGER: /* FALLTHROUGH */
case V_ASN1_ENUMERATED:
ptr = obj_to_asn1int(value);
free_func = ASN1_INTEGER_free;
break;
case V_ASN1_BIT_STRING:
rflag = rb_attr_get(obj, sivUNUSED_BITS);
ptr = obj_to_asn1bstr(value, NUM2INT(rflag));
free_func = ASN1_BIT_STRING_free;
break;
case V_ASN1_NULL:
ptr = obj_to_asn1null(value);
free_func = ASN1_NULL_free;
break;
case V_ASN1_OCTET_STRING: /* FALLTHROUGH */
case V_ASN1_UTF8STRING: /* FALLTHROUGH */
case V_ASN1_NUMERICSTRING: /* FALLTHROUGH */
case V_ASN1_PRINTABLESTRING: /* FALLTHROUGH */
case V_ASN1_T61STRING: /* FALLTHROUGH */
case V_ASN1_VIDEOTEXSTRING: /* FALLTHROUGH */
case V_ASN1_IA5STRING: /* FALLTHROUGH */
case V_ASN1_GRAPHICSTRING: /* FALLTHROUGH */
case V_ASN1_ISO64STRING: /* FALLTHROUGH */
case V_ASN1_GENERALSTRING: /* FALLTHROUGH */
case V_ASN1_UNIVERSALSTRING: /* FALLTHROUGH */
case V_ASN1_BMPSTRING:
ptr = obj_to_asn1str(value);
free_func = ASN1_STRING_free;
break;
case V_ASN1_OBJECT:
ptr = obj_to_asn1obj(value);
free_func = ASN1_OBJECT_free;
break;
case V_ASN1_UTCTIME:
ptr = obj_to_asn1utime(value);
free_func = ASN1_TIME_free;
break;
case V_ASN1_GENERALIZEDTIME:
ptr = obj_to_asn1gtime(value);
free_func = ASN1_TIME_free;
break;
case V_ASN1_SET: /* FALLTHROUGH */
case V_ASN1_SEQUENCE:
ptr = obj_to_asn1derstr(obj);
free_func = ASN1_STRING_free;
break;
default:
ossl_raise(eASN1Error, "unsupported ASN.1 type");
}
if(!(ret = OPENSSL_malloc(sizeof(ASN1_TYPE)))){
if(free_func) free_func(ptr);
ossl_raise(eASN1Error, "ASN1_TYPE alloc failure");
}
memset(ret, 0, sizeof(ASN1_TYPE));
ASN1_TYPE_set(ret, tag, ptr);
return ret;
}
static int
ossl_asn1_default_tag(VALUE obj)
{
VALUE tmp_class, tag;
tmp_class = CLASS_OF(obj);
while (!NIL_P(tmp_class)) {
tag = rb_hash_lookup(class_tag_map, tmp_class);
if (tag != Qnil)
return NUM2INT(tag);
tmp_class = rb_class_superclass(tmp_class);
}
return -1;
}
static int
ossl_asn1_tag(VALUE obj)
{
VALUE tag;
tag = ossl_asn1_get_tag(obj);
if(NIL_P(tag))
ossl_raise(eASN1Error, "tag number not specified");
return NUM2INT(tag);
}
static int
ossl_asn1_tag_class(VALUE obj)
{
VALUE s;
s = ossl_asn1_get_tag_class(obj);
if (NIL_P(s) || s == sym_UNIVERSAL)
return V_ASN1_UNIVERSAL;
else if (s == sym_APPLICATION)
return V_ASN1_APPLICATION;
else if (s == sym_CONTEXT_SPECIFIC)
return V_ASN1_CONTEXT_SPECIFIC;
else if (s == sym_PRIVATE)
return V_ASN1_PRIVATE;
else
ossl_raise(eASN1Error, "invalid tag class");
}
static VALUE
ossl_asn1_class2sym(int tc)
{
if((tc & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
return sym_PRIVATE;
else if((tc & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
return sym_CONTEXT_SPECIFIC;
else if((tc & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
return sym_APPLICATION;
else
return sym_UNIVERSAL;
}
/*
* call-seq:
* OpenSSL::ASN1::ASN1Data.new(value, tag, tag_class) => ASN1Data
*
* _value_: Please have a look at Constructive and Primitive to see how Ruby
* types are mapped to ASN.1 types and vice versa.
*
* _tag_: An Integer indicating the tag number.
*
* _tag_class_: A Symbol indicating the tag class. Please cf. ASN1 for
* possible values.
*
* == Example
* asn1_int = OpenSSL::ASN1Data.new(42, 2, :UNIVERSAL) # => Same as OpenSSL::ASN1::Integer.new(42)
* tagged_int = OpenSSL::ASN1Data.new(42, 0, :CONTEXT_SPECIFIC) # implicitly 0-tagged INTEGER
*/
static VALUE
ossl_asn1data_initialize(VALUE self, VALUE value, VALUE tag, VALUE tag_class)
{
if(!SYMBOL_P(tag_class))
ossl_raise(eASN1Error, "invalid tag class");
ossl_asn1_set_tag(self, tag);
ossl_asn1_set_value(self, value);
ossl_asn1_set_tag_class(self, tag_class);
ossl_asn1_set_indefinite_length(self, Qfalse);
return self;
}
static VALUE
to_der_internal(VALUE self, int constructed, int indef_len, VALUE body)
{
int encoding = constructed ? indef_len ? 2 : 1 : 0;
int tag_class = ossl_asn1_tag_class(self);
int tag_number = ossl_asn1_tag(self);
int default_tag_number = ossl_asn1_default_tag(self);
int body_length, total_length;
VALUE str;
unsigned char *p;
body_length = RSTRING_LENINT(body);
if (ossl_asn1_get_tagging(self) == sym_EXPLICIT) {
int inner_length, e_encoding = indef_len ? 2 : 1;
if (default_tag_number == -1)
ossl_raise(eASN1Error, "explicit tagging of unknown tag");
inner_length = ASN1_object_size(encoding, body_length, default_tag_number);
total_length = ASN1_object_size(e_encoding, inner_length, tag_number);
str = rb_str_new(NULL, total_length);
p = (unsigned char *)RSTRING_PTR(str);
/* Put explicit tag */
ASN1_put_object(&p, e_encoding, inner_length, tag_number, tag_class);
/* Append inner object */
ASN1_put_object(&p, encoding, body_length, default_tag_number, V_ASN1_UNIVERSAL);
memcpy(p, RSTRING_PTR(body), body_length);
p += body_length;
if (indef_len) {
ASN1_put_eoc(&p); /* For inner object */
ASN1_put_eoc(&p); /* For wrapper object */
}
}
else {
total_length = ASN1_object_size(encoding, body_length, tag_number);
str = rb_str_new(NULL, total_length);
p = (unsigned char *)RSTRING_PTR(str);
ASN1_put_object(&p, encoding, body_length, tag_number, tag_class);
memcpy(p, RSTRING_PTR(body), body_length);
p += body_length;
if (indef_len)
ASN1_put_eoc(&p);
}
assert(p - (unsigned char *)RSTRING_PTR(str) == total_length);
return str;
}
static VALUE ossl_asn1prim_to_der(VALUE);
static VALUE ossl_asn1cons_to_der(VALUE);
/*
* call-seq:
* asn1.to_der => DER-encoded String
*
* Encodes this ASN1Data into a DER-encoded String value. The result is
* DER-encoded except for the possibility of indefinite length forms.
* Indefinite length forms are not allowed in strict DER, so strictly speaking
* the result of such an encoding would be a BER-encoding.
*/
static VALUE
ossl_asn1data_to_der(VALUE self)
{
VALUE value = ossl_asn1_get_value(self);
if (rb_obj_is_kind_of(value, rb_cArray))
return ossl_asn1cons_to_der(self);
else {
if (RTEST(ossl_asn1_get_indefinite_length(self)))
ossl_raise(eASN1Error, "indefinite length form cannot be used " \
"with primitive encoding");
return ossl_asn1prim_to_der(self);
}
}
static VALUE
int_ossl_asn1_decode0_prim(unsigned char **pp, long length, long hlen, int tag,
VALUE tc, long *num_read)
{
VALUE value, asn1data;
unsigned char *p;
long flag = 0;
p = *pp;
if(tc == sym_UNIVERSAL && tag < ossl_asn1_info_size) {
switch(tag){
case V_ASN1_EOC:
value = decode_eoc(p, hlen+length);
break;
case V_ASN1_BOOLEAN:
value = decode_bool(p, hlen+length);
break;
case V_ASN1_INTEGER:
value = decode_int(p, hlen+length);
break;
case V_ASN1_BIT_STRING:
value = decode_bstr(p, hlen+length, &flag);
break;
case V_ASN1_NULL:
value = decode_null(p, hlen+length);
break;
case V_ASN1_ENUMERATED:
value = decode_enum(p, hlen+length);
break;
case V_ASN1_OBJECT:
value = decode_obj(p, hlen+length);
break;
case V_ASN1_UTCTIME: /* FALLTHROUGH */
case V_ASN1_GENERALIZEDTIME:
value = decode_time(p, hlen+length);
break;
default:
/* use original value */
p += hlen;
value = rb_str_new((const char *)p, length);
break;
}
}
else {
p += hlen;
value = rb_str_new((const char *)p, length);
}
*pp += hlen + length;
*num_read = hlen + length;
if (tc == sym_UNIVERSAL &&
tag < ossl_asn1_info_size && ossl_asn1_info[tag].klass) {
VALUE klass = *ossl_asn1_info[tag].klass;
VALUE args[4];
args[0] = value;
args[1] = INT2NUM(tag);
args[2] = Qnil;
args[3] = tc;
asn1data = rb_obj_alloc(klass);
ossl_asn1_initialize(4, args, asn1data);
if(tag == V_ASN1_BIT_STRING){
rb_ivar_set(asn1data, sivUNUSED_BITS, LONG2NUM(flag));
}
}
else {
asn1data = rb_obj_alloc(cASN1Data);
ossl_asn1data_initialize(asn1data, value, INT2NUM(tag), tc);
}
return asn1data;
}
static VALUE
int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length,
long *offset, int depth, int yield, int j,
int tag, VALUE tc, long *num_read)
{
VALUE value, asn1data, ary;
int indefinite;
long available_len, off = *offset;
indefinite = (j == 0x21);
ary = rb_ary_new();
available_len = indefinite ? max_len : length;
while (available_len > 0) {
long inner_read = 0;
value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read);
*num_read += inner_read;
available_len -= inner_read;
if (indefinite &&
ossl_asn1_tag(value) == V_ASN1_EOC &&
ossl_asn1_get_tag_class(value) == sym_UNIVERSAL) {
break;
}
rb_ary_push(ary, value);
}
if (tc == sym_UNIVERSAL) {
VALUE args[4];
if (tag == V_ASN1_SEQUENCE || tag == V_ASN1_SET)
asn1data = rb_obj_alloc(*ossl_asn1_info[tag].klass);
else
asn1data = rb_obj_alloc(cASN1Constructive);
args[0] = ary;
args[1] = INT2NUM(tag);
args[2] = Qnil;
args[3] = tc;
ossl_asn1_initialize(4, args, asn1data);
}
else {
asn1data = rb_obj_alloc(cASN1Data);
ossl_asn1data_initialize(asn1data, ary, INT2NUM(tag), tc);
}
if (indefinite)
ossl_asn1_set_indefinite_length(asn1data, Qtrue);
else
ossl_asn1_set_indefinite_length(asn1data, Qfalse);
*offset = off;
return asn1data;
}
static VALUE
ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth,
int yield, long *num_read)
{
unsigned char *start, *p;
const unsigned char *p0;
long len = 0, inner_read = 0, off = *offset, hlen;
int tag, tc, j;
VALUE asn1data, tag_class;
p = *pp;
start = p;
p0 = p;
j = ASN1_get_object(&p0, &len, &tag, &tc, length);
p = (unsigned char *)p0;
if(j & 0x80) ossl_raise(eASN1Error, NULL);
if(len > length) ossl_raise(eASN1Error, "value is too short");
if((tc & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
tag_class = sym_PRIVATE;
else if((tc & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
tag_class = sym_CONTEXT_SPECIFIC;
else if((tc & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
tag_class = sym_APPLICATION;
else
tag_class = sym_UNIVERSAL;
hlen = p - start;
if(yield) {
VALUE arg = rb_ary_new();
rb_ary_push(arg, LONG2NUM(depth));
rb_ary_push(arg, LONG2NUM(*offset));
rb_ary_push(arg, LONG2NUM(hlen));
rb_ary_push(arg, LONG2NUM(len));
rb_ary_push(arg, (j & V_ASN1_CONSTRUCTED) ? Qtrue : Qfalse);
rb_ary_push(arg, ossl_asn1_class2sym(tc));
rb_ary_push(arg, INT2NUM(tag));
rb_yield(arg);
}
if(j & V_ASN1_CONSTRUCTED) {
*pp += hlen;
off += hlen;
asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read);
inner_read += hlen;
}
else {
if ((j & 0x01) && (len == 0))
ossl_raise(eASN1Error, "indefinite length for primitive value");
asn1data = int_ossl_asn1_decode0_prim(pp, len, hlen, tag, tag_class, &inner_read);
off += hlen + len;
}
if (num_read)
*num_read = inner_read;
if (len != 0 && inner_read != hlen + len) {
ossl_raise(eASN1Error,
"Type mismatch. Bytes read: %ld Bytes available: %ld",
inner_read, hlen + len);
}
*offset = off;
return asn1data;
}
static void
int_ossl_decode_sanity_check(long len, long read, long offset)
{
if (len != 0 && (read != len || offset != len)) {
ossl_raise(eASN1Error,
"Type mismatch. Total bytes read: %ld Bytes available: %ld Offset: %ld",
read, len, offset);
}
}
/*
* call-seq:
* OpenSSL::ASN1.traverse(asn1) -> nil
*
* If a block is given, it prints out each of the elements encountered.
* Block parameters are (in that order):
* * depth: The recursion depth, plus one with each constructed value being encountered (Integer)
* * offset: Current byte offset (Integer)
* * header length: Combined length in bytes of the Tag and Length headers. (Integer)
* * length: The overall remaining length of the entire data (Integer)
* * constructed: Whether this value is constructed or not (Boolean)
* * tag_class: Current tag class (Symbol)
* * tag: The current tag number (Integer)
*
* == Example
* der = File.binread('asn1data.der')
* OpenSSL::ASN1.traverse(der) do | depth, offset, header_len, length, constructed, tag_class, tag|
* puts "Depth: #{depth} Offset: #{offset} Length: #{length}"
* puts "Header length: #{header_len} Tag: #{tag} Tag class: #{tag_class} Constructed: #{constructed}"
* end
*/
static VALUE
ossl_asn1_traverse(VALUE self, VALUE obj)
{
unsigned char *p;
VALUE tmp;
long len, read = 0, offset = 0;
obj = ossl_to_der_if_possible(obj);
tmp = rb_str_new4(StringValue(obj));
p = (unsigned char *)RSTRING_PTR(tmp);
len = RSTRING_LEN(tmp);
ossl_asn1_decode0(&p, len, &offset, 0, 1, &read);
RB_GC_GUARD(tmp);
int_ossl_decode_sanity_check(len, read, offset);
return Qnil;
}
/*
* call-seq:
* OpenSSL::ASN1.decode(der) -> ASN1Data
*
* Decodes a BER- or DER-encoded value and creates an ASN1Data instance. _der_
* may be a String or any object that features a +.to_der+ method transforming
* it into a BER-/DER-encoded String+
*
* == Example
* der = File.binread('asn1data')
* asn1 = OpenSSL::ASN1.decode(der)
*/
static VALUE
ossl_asn1_decode(VALUE self, VALUE obj)
{
VALUE ret;
unsigned char *p;
VALUE tmp;
long len, read = 0, offset = 0;
obj = ossl_to_der_if_possible(obj);
tmp = rb_str_new4(StringValue(obj));
p = (unsigned char *)RSTRING_PTR(tmp);
len = RSTRING_LEN(tmp);
ret = ossl_asn1_decode0(&p, len, &offset, 0, 0, &read);
RB_GC_GUARD(tmp);
int_ossl_decode_sanity_check(len, read, offset);
return ret;
}
/*
* call-seq:
* OpenSSL::ASN1.decode_all(der) -> Array of ASN1Data
*
* Similar to #decode with the difference that #decode expects one
* distinct value represented in _der_. #decode_all on the contrary
* decodes a sequence of sequential BER/DER values lined up in _der_
* and returns them as an array.
*
* == Example
* ders = File.binread('asn1data_seq')
* asn1_ary = OpenSSL::ASN1.decode_all(ders)
*/
static VALUE
ossl_asn1_decode_all(VALUE self, VALUE obj)
{
VALUE ary, val;
unsigned char *p;
long len, tmp_len = 0, read = 0, offset = 0;
VALUE tmp;
obj = ossl_to_der_if_possible(obj);
tmp = rb_str_new4(StringValue(obj));
p = (unsigned char *)RSTRING_PTR(tmp);
len = RSTRING_LEN(tmp);
tmp_len = len;
ary = rb_ary_new();
while (tmp_len > 0) {
long tmp_read = 0;
val = ossl_asn1_decode0(&p, tmp_len, &offset, 0, 0, &tmp_read);
rb_ary_push(ary, val);
read += tmp_read;
tmp_len -= tmp_read;
}
RB_GC_GUARD(tmp);
int_ossl_decode_sanity_check(len, read, offset);
return ary;
}
/*
* call-seq:
* OpenSSL::ASN1::Primitive.new(value [, tag, tagging, tag_class ]) => Primitive
*
* _value_: is mandatory.
*
* _tag_: optional, may be specified for tagged values. If no _tag_ is
* specified, the UNIVERSAL tag corresponding to the Primitive sub-class
* is used by default.
*
* _tagging_: may be used as an encoding hint to encode a value either
* explicitly or implicitly, see ASN1 for possible values.
*
* _tag_class_: if _tag_ and _tagging_ are +nil+ then this is set to
* +:UNIVERSAL+ by default. If either _tag_ or _tagging_ are set then
* +:CONTEXT_SPECIFIC+ is used as the default. For possible values please
* cf. ASN1.
*
* == Example
* int = OpenSSL::ASN1::Integer.new(42)
* zero_tagged_int = OpenSSL::ASN1::Integer.new(42, 0, :IMPLICIT)
* private_explicit_zero_tagged_int = OpenSSL::ASN1::Integer.new(42, 0, :EXPLICIT, :PRIVATE)
*/
static VALUE
ossl_asn1_initialize(int argc, VALUE *argv, VALUE self)
{
VALUE value, tag, tagging, tag_class;
int default_tag;
rb_scan_args(argc, argv, "13", &value, &tag, &tagging, &tag_class);
default_tag = ossl_asn1_default_tag(self);
if (default_tag == -1 || argc > 1) {
if(NIL_P(tag))
ossl_raise(eASN1Error, "must specify tag number");
if(!NIL_P(tagging) && !SYMBOL_P(tagging))
ossl_raise(eASN1Error, "invalid tagging method");
if(NIL_P(tag_class)) {
if (NIL_P(tagging))
tag_class = sym_UNIVERSAL;
else
tag_class = sym_CONTEXT_SPECIFIC;
}
if(!SYMBOL_P(tag_class))
ossl_raise(eASN1Error, "invalid tag class");
}
else{
tag = INT2NUM(default_tag);
tagging = Qnil;
tag_class = sym_UNIVERSAL;
}
ossl_asn1_set_tag(self, tag);
ossl_asn1_set_value(self, value);
ossl_asn1_set_tagging(self, tagging);
ossl_asn1_set_tag_class(self, tag_class);
ossl_asn1_set_indefinite_length(self, Qfalse);
if (default_tag == V_ASN1_BIT_STRING)
rb_ivar_set(self, sivUNUSED_BITS, INT2FIX(0));
return self;
}
static VALUE
ossl_asn1eoc_initialize(VALUE self) {
VALUE tag, tagging, tag_class, value;
tag = INT2FIX(0);
tagging = Qnil;
tag_class = sym_UNIVERSAL;
value = rb_str_new("", 0);
ossl_asn1_set_tag(self, tag);
ossl_asn1_set_value(self, value);
ossl_asn1_set_tagging(self, tagging);
ossl_asn1_set_tag_class(self, tag_class);
ossl_asn1_set_indefinite_length(self, Qfalse);
return self;
}
static VALUE
ossl_asn1eoc_to_der(VALUE self)
{
return rb_str_new("\0\0", 2);
}
/*
* call-seq:
* asn1.to_der => DER-encoded String
*
* See ASN1Data#to_der for details.
*/
static VALUE
ossl_asn1prim_to_der(VALUE self)
{
ASN1_TYPE *asn1;
long alllen, bodylen;
unsigned char *p0, *p1;
int j, tag, tc, state;
VALUE str;
if (ossl_asn1_default_tag(self) == -1) {
str = ossl_asn1_get_value(self);
return to_der_internal(self, 0, 0, StringValue(str));
}
asn1 = ossl_asn1_get_asn1type(self);
alllen = i2d_ASN1_TYPE(asn1, NULL);
if (alllen < 0) {
ASN1_TYPE_free(asn1);
ossl_raise(eASN1Error, "i2d_ASN1_TYPE");
}
str = ossl_str_new(NULL, alllen, &state);
if (state) {
ASN1_TYPE_free(asn1);
rb_jump_tag(state);
}
p0 = p1 = (unsigned char *)RSTRING_PTR(str);
i2d_ASN1_TYPE(asn1, &p0);
ASN1_TYPE_free(asn1);
assert(p0 - p1 == alllen);
/* Strip header since to_der_internal() wants only the payload */
j = ASN1_get_object((const unsigned char **)&p1, &bodylen, &tag, &tc, alllen);
if (j & 0x80)
ossl_raise(eASN1Error, "ASN1_get_object"); /* should not happen */
return to_der_internal(self, 0, 0, rb_str_drop_bytes(str, alllen - bodylen));
}
/*
* call-seq:
* asn1.to_der => DER-encoded String
*
* See ASN1Data#to_der for details.
*/
static VALUE
ossl_asn1cons_to_der(VALUE self)
{
VALUE ary, str;
long i;
int indef_len;
indef_len = RTEST(ossl_asn1_get_indefinite_length(self));
ary = rb_convert_type(ossl_asn1_get_value(self), T_ARRAY, "Array", "to_a");
str = rb_str_new(NULL, 0);
for (i = 0; i < RARRAY_LEN(ary); i++) {
VALUE item = RARRAY_AREF(ary, i);
if (indef_len && rb_obj_is_kind_of(item, cASN1EndOfContent)) {
if (i != RARRAY_LEN(ary) - 1)
ossl_raise(eASN1Error, "illegal EOC octets in value");
/*
* EOC is not really part of the content, but we required to add one
* at the end in the past.
*/
break;
}
item = ossl_to_der_if_possible(item);
StringValue(item);
rb_str_append(str, item);
}
return to_der_internal(self, 1, indef_len, str);
}
/*
* call-seq:
* asn1_ary.each { |asn1| block } => asn1_ary
*
* Calls the given block once for each element in self, passing that element
* as parameter _asn1_. If no block is given, an enumerator is returned
* instead.
*
* == Example
* asn1_ary.each do |asn1|
* puts asn1
* end
*/
static VALUE
ossl_asn1cons_each(VALUE self)
{
rb_block_call(ossl_asn1_get_value(self), id_each, 0, 0, 0, 0);
return self;
}
/*
* call-seq:
* OpenSSL::ASN1::ObjectId.register(object_id, short_name, long_name)
*
* This adds a new ObjectId to the internal tables. Where _object_id_ is the
* numerical form, _short_name_ is the short name, and _long_name_ is the long
* name.
*
* Returns +true+ if successful. Raises an OpenSSL::ASN1::ASN1Error if it fails.
*
*/
static VALUE
ossl_asn1obj_s_register(VALUE self, VALUE oid, VALUE sn, VALUE ln)
{
StringValueCStr(oid);
StringValueCStr(sn);
StringValueCStr(ln);
if(!OBJ_create(RSTRING_PTR(oid), RSTRING_PTR(sn), RSTRING_PTR(ln)))
ossl_raise(eASN1Error, NULL);
return Qtrue;
}
/*
* call-seq:
* oid.sn -> string
* oid.short_name -> string
*
* The short name of the ObjectId, as defined in <openssl/objects.h>.
*/
static VALUE
ossl_asn1obj_get_sn(VALUE self)
{
VALUE val, ret = Qnil;
int nid;
val = ossl_asn1_get_value(self);
if ((nid = OBJ_txt2nid(StringValueCStr(val))) != NID_undef)
ret = rb_str_new2(OBJ_nid2sn(nid));
return ret;
}
/*
* call-seq:
* oid.ln -> string
* oid.long_name -> string
*
* The long name of the ObjectId, as defined in <openssl/objects.h>.
*/
static VALUE
ossl_asn1obj_get_ln(VALUE self)
{
VALUE val, ret = Qnil;
int nid;
val = ossl_asn1_get_value(self);
if ((nid = OBJ_txt2nid(StringValueCStr(val))) != NID_undef)
ret = rb_str_new2(OBJ_nid2ln(nid));
return ret;
}
static VALUE
asn1obj_get_oid_i(VALUE vobj)
{
ASN1_OBJECT *a1obj = (void *)vobj;
VALUE str;
int len;
str = rb_usascii_str_new(NULL, 127);
len = OBJ_obj2txt(RSTRING_PTR(str), RSTRING_LENINT(str), a1obj, 1);
if (len <= 0 || len == INT_MAX)
ossl_raise(eASN1Error, "OBJ_obj2txt");
if (len > RSTRING_LEN(str)) {
/* +1 is for the \0 terminator added by OBJ_obj2txt() */
rb_str_resize(str, len + 1);
len = OBJ_obj2txt(RSTRING_PTR(str), len + 1, a1obj, 1);
if (len <= 0)
ossl_raise(eASN1Error, "OBJ_obj2txt");
}
rb_str_set_len(str, len);
return str;
}
/*
* call-seq:
* oid.oid -> string
*
* Returns a String representing the Object Identifier in the dot notation,
* e.g. "1.2.3.4.5"
*/
static VALUE
ossl_asn1obj_get_oid(VALUE self)
{
VALUE str;
ASN1_OBJECT *a1obj;
int state;
a1obj = obj_to_asn1obj(ossl_asn1_get_value(self));
str = rb_protect(asn1obj_get_oid_i, (VALUE)a1obj, &state);
ASN1_OBJECT_free(a1obj);
if (state)
rb_jump_tag(state);
return str;
}
#define OSSL_ASN1_IMPL_FACTORY_METHOD(klass) \
static VALUE ossl_asn1_##klass(int argc, VALUE *argv, VALUE self)\
{ return rb_funcall3(cASN1##klass, rb_intern("new"), argc, argv); }
OSSL_ASN1_IMPL_FACTORY_METHOD(Boolean)
OSSL_ASN1_IMPL_FACTORY_METHOD(Integer)
OSSL_ASN1_IMPL_FACTORY_METHOD(Enumerated)
OSSL_ASN1_IMPL_FACTORY_METHOD(BitString)
OSSL_ASN1_IMPL_FACTORY_METHOD(OctetString)
OSSL_ASN1_IMPL_FACTORY_METHOD(UTF8String)
OSSL_ASN1_IMPL_FACTORY_METHOD(NumericString)
OSSL_ASN1_IMPL_FACTORY_METHOD(PrintableString)
OSSL_ASN1_IMPL_FACTORY_METHOD(T61String)
OSSL_ASN1_IMPL_FACTORY_METHOD(VideotexString)
OSSL_ASN1_IMPL_FACTORY_METHOD(IA5String)
OSSL_ASN1_IMPL_FACTORY_METHOD(GraphicString)
OSSL_ASN1_IMPL_FACTORY_METHOD(ISO64String)
OSSL_ASN1_IMPL_FACTORY_METHOD(GeneralString)
OSSL_ASN1_IMPL_FACTORY_METHOD(UniversalString)
OSSL_ASN1_IMPL_FACTORY_METHOD(BMPString)
OSSL_ASN1_IMPL_FACTORY_METHOD(Null)
OSSL_ASN1_IMPL_FACTORY_METHOD(ObjectId)
OSSL_ASN1_IMPL_FACTORY_METHOD(UTCTime)
OSSL_ASN1_IMPL_FACTORY_METHOD(GeneralizedTime)
OSSL_ASN1_IMPL_FACTORY_METHOD(Sequence)
OSSL_ASN1_IMPL_FACTORY_METHOD(Set)
OSSL_ASN1_IMPL_FACTORY_METHOD(EndOfContent)
void
Init_ossl_asn1(void)
{
VALUE ary;
int i;
#if 0
mOSSL = rb_define_module("OpenSSL");
eOSSLError = rb_define_class_under(mOSSL, "OpenSSLError", rb_eStandardError);
#endif
sym_UNIVERSAL = ID2SYM(rb_intern_const("UNIVERSAL"));
sym_CONTEXT_SPECIFIC = ID2SYM(rb_intern_const("CONTEXT_SPECIFIC"));
sym_APPLICATION = ID2SYM(rb_intern_const("APPLICATION"));
sym_PRIVATE = ID2SYM(rb_intern_const("PRIVATE"));
sym_EXPLICIT = ID2SYM(rb_intern_const("EXPLICIT"));
sym_IMPLICIT = ID2SYM(rb_intern_const("IMPLICIT"));
sivVALUE = rb_intern("@value");
sivTAG = rb_intern("@tag");
sivTAGGING = rb_intern("@tagging");
sivTAG_CLASS = rb_intern("@tag_class");
sivINDEFINITE_LENGTH = rb_intern("@indefinite_length");
sivUNUSED_BITS = rb_intern("@unused_bits");
/*
* Document-module: OpenSSL::ASN1
*
* Abstract Syntax Notation One (or ASN.1) is a notation syntax to
* describe data structures and is defined in ITU-T X.680. ASN.1 itself
* does not mandate any encoding or parsing rules, but usually ASN.1 data
* structures are encoded using the Distinguished Encoding Rules (DER) or
* less often the Basic Encoding Rules (BER) described in ITU-T X.690. DER
* and BER encodings are binary Tag-Length-Value (TLV) encodings that are
* quite concise compared to other popular data description formats such
* as XML, JSON etc.
* ASN.1 data structures are very common in cryptographic applications,
* e.g. X.509 public key certificates or certificate revocation lists
* (CRLs) are all defined in ASN.1 and DER-encoded. ASN.1, DER and BER are
* the building blocks of applied cryptography.
* The ASN1 module provides the necessary classes that allow generation
* of ASN.1 data structures and the methods to encode them using a DER
* encoding. The decode method allows parsing arbitrary BER-/DER-encoded
* data to a Ruby object that can then be modified and re-encoded at will.
*
* == ASN.1 class hierarchy
*
* The base class representing ASN.1 structures is ASN1Data. ASN1Data offers
* attributes to read and set the _tag_, the _tag_class_ and finally the
* _value_ of a particular ASN.1 item. Upon parsing, any tagged values
* (implicit or explicit) will be represented by ASN1Data instances because
* their "real type" can only be determined using out-of-band information
* from the ASN.1 type declaration. Since this information is normally
* known when encoding a type, all sub-classes of ASN1Data offer an
* additional attribute _tagging_ that allows to encode a value implicitly
* (+:IMPLICIT+) or explicitly (+:EXPLICIT+).
*
* === Constructive
*
* Constructive is, as its name implies, the base class for all
* constructed encodings, i.e. those that consist of several values,
* opposed to "primitive" encodings with just one single value. The value of
* an Constructive is always an Array.
*
* ==== ASN1::Set and ASN1::Sequence
*
* The most common constructive encodings are SETs and SEQUENCEs, which is
* why there are two sub-classes of Constructive representing each of
* them.
*
* === Primitive
*
* This is the super class of all primitive values. Primitive
* itself is not used when parsing ASN.1 data, all values are either
* instances of a corresponding sub-class of Primitive or they are
* instances of ASN1Data if the value was tagged implicitly or explicitly.
* Please cf. Primitive documentation for details on sub-classes and
* their respective mappings of ASN.1 data types to Ruby objects.
*
* == Possible values for _tagging_
*
* When constructing an ASN1Data object the ASN.1 type definition may
* require certain elements to be either implicitly or explicitly tagged.
* This can be achieved by setting the _tagging_ attribute manually for
* sub-classes of ASN1Data. Use the symbol +:IMPLICIT+ for implicit
* tagging and +:EXPLICIT+ if the element requires explicit tagging.
*
* == Possible values for _tag_class_
*
* It is possible to create arbitrary ASN1Data objects that also support
* a PRIVATE or APPLICATION tag class. Possible values for the _tag_class_
* attribute are:
* * +:UNIVERSAL+ (the default for untagged values)
* * +:CONTEXT_SPECIFIC+ (the default for tagged values)
* * +:APPLICATION+
* * +:PRIVATE+
*
* == Tag constants
*
* There is a constant defined for each universal tag:
* * OpenSSL::ASN1::EOC (0)
* * OpenSSL::ASN1::BOOLEAN (1)
* * OpenSSL::ASN1::INTEGER (2)
* * OpenSSL::ASN1::BIT_STRING (3)
* * OpenSSL::ASN1::OCTET_STRING (4)
* * OpenSSL::ASN1::NULL (5)
* * OpenSSL::ASN1::OBJECT (6)
* * OpenSSL::ASN1::ENUMERATED (10)
* * OpenSSL::ASN1::UTF8STRING (12)
* * OpenSSL::ASN1::SEQUENCE (16)
* * OpenSSL::ASN1::SET (17)
* * OpenSSL::ASN1::NUMERICSTRING (18)
* * OpenSSL::ASN1::PRINTABLESTRING (19)
* * OpenSSL::ASN1::T61STRING (20)
* * OpenSSL::ASN1::VIDEOTEXSTRING (21)
* * OpenSSL::ASN1::IA5STRING (22)
* * OpenSSL::ASN1::UTCTIME (23)
* * OpenSSL::ASN1::GENERALIZEDTIME (24)
* * OpenSSL::ASN1::GRAPHICSTRING (25)
* * OpenSSL::ASN1::ISO64STRING (26)
* * OpenSSL::ASN1::GENERALSTRING (27)
* * OpenSSL::ASN1::UNIVERSALSTRING (28)
* * OpenSSL::ASN1::BMPSTRING (30)
*
* == UNIVERSAL_TAG_NAME constant
*
* An Array that stores the name of a given tag number. These names are
* the same as the name of the tag constant that is additionally defined,
* e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2.
*
* == Example usage
*
* === Decoding and viewing a DER-encoded file
* require 'openssl'
* require 'pp'
* der = File.binread('data.der')
* asn1 = OpenSSL::ASN1.decode(der)
* pp der
*
* === Creating an ASN.1 structure and DER-encoding it
* require 'openssl'
* version = OpenSSL::ASN1::Integer.new(1)
* # Explicitly 0-tagged implies context-specific tag class
* serial = OpenSSL::ASN1::Integer.new(12345, 0, :EXPLICIT, :CONTEXT_SPECIFIC)
* name = OpenSSL::ASN1::PrintableString.new('Data 1')
* sequence = OpenSSL::ASN1::Sequence.new( [ version, serial, name ] )
* der = sequence.to_der
*/
mASN1 = rb_define_module_under(mOSSL, "ASN1");
/* Document-class: OpenSSL::ASN1::ASN1Error
*
* Generic error class for all errors raised in ASN1 and any of the
* classes defined in it.
*/
eASN1Error = rb_define_class_under(mASN1, "ASN1Error", eOSSLError);
rb_define_module_function(mASN1, "traverse", ossl_asn1_traverse, 1);
rb_define_module_function(mASN1, "decode", ossl_asn1_decode, 1);
rb_define_module_function(mASN1, "decode_all", ossl_asn1_decode_all, 1);
ary = rb_ary_new();
/*
* Array storing tag names at the tag's index.
*/
rb_define_const(mASN1, "UNIVERSAL_TAG_NAME", ary);
for(i = 0; i < ossl_asn1_info_size; i++){
if(ossl_asn1_info[i].name[0] == '[') continue;
rb_define_const(mASN1, ossl_asn1_info[i].name, INT2NUM(i));
rb_ary_store(ary, i, rb_str_new2(ossl_asn1_info[i].name));
}
/* Document-class: OpenSSL::ASN1::ASN1Data
*
* The top-level class representing any ASN.1 object. When parsed by
* ASN1.decode, tagged values are always represented by an instance
* of ASN1Data.
*
* == The role of ASN1Data for parsing tagged values
*
* When encoding an ASN.1 type it is inherently clear what original
* type (e.g. INTEGER, OCTET STRING etc.) this value has, regardless
* of its tagging.
* But opposed to the time an ASN.1 type is to be encoded, when parsing
* them it is not possible to deduce the "real type" of tagged
* values. This is why tagged values are generally parsed into ASN1Data
* instances, but with a different outcome for implicit and explicit
* tagging.
*
* === Example of a parsed implicitly tagged value
*
* An implicitly 1-tagged INTEGER value will be parsed as an
* ASN1Data with
* * _tag_ equal to 1
* * _tag_class_ equal to +:CONTEXT_SPECIFIC+
* * _value_ equal to a String that carries the raw encoding
* of the INTEGER.
* This implies that a subsequent decoding step is required to
* completely decode implicitly tagged values.
*
* === Example of a parsed explicitly tagged value
*
* An explicitly 1-tagged INTEGER value will be parsed as an
* ASN1Data with
* * _tag_ equal to 1
* * _tag_class_ equal to +:CONTEXT_SPECIFIC+
* * _value_ equal to an Array with one single element, an
* instance of OpenSSL::ASN1::Integer, i.e. the inner element
* is the non-tagged primitive value, and the tagging is represented
* in the outer ASN1Data
*
* == Example - Decoding an implicitly tagged INTEGER
* int = OpenSSL::ASN1::Integer.new(1, 0, :IMPLICIT) # implicit 0-tagged
* seq = OpenSSL::ASN1::Sequence.new( [int] )
* der = seq.to_der
* asn1 = OpenSSL::ASN1.decode(der)
* # pp asn1 => #<OpenSSL::ASN1::Sequence:0x87326e0
* # @indefinite_length=false,
* # @tag=16,
* # @tag_class=:UNIVERSAL,
* # @tagging=nil,
* # @value=
* # [#<OpenSSL::ASN1::ASN1Data:0x87326f4
* # @indefinite_length=false,
* # @tag=0,
* # @tag_class=:CONTEXT_SPECIFIC,
* # @value="\x01">]>
* raw_int = asn1.value[0]
* # manually rewrite tag and tag class to make it an UNIVERSAL value
* raw_int.tag = OpenSSL::ASN1::INTEGER
* raw_int.tag_class = :UNIVERSAL
* int2 = OpenSSL::ASN1.decode(raw_int)
* puts int2.value # => 1
*
* == Example - Decoding an explicitly tagged INTEGER
* int = OpenSSL::ASN1::Integer.new(1, 0, :EXPLICIT) # explicit 0-tagged
* seq = OpenSSL::ASN1::Sequence.new( [int] )
* der = seq.to_der
* asn1 = OpenSSL::ASN1.decode(der)
* # pp asn1 => #<OpenSSL::ASN1::Sequence:0x87326e0
* # @indefinite_length=false,
* # @tag=16,
* # @tag_class=:UNIVERSAL,
* # @tagging=nil,
* # @value=
* # [#<OpenSSL::ASN1::ASN1Data:0x87326f4
* # @indefinite_length=false,
* # @tag=0,
* # @tag_class=:CONTEXT_SPECIFIC,
* # @value=
* # [#<OpenSSL::ASN1::Integer:0x85bf308
* # @indefinite_length=false,
* # @tag=2,
* # @tag_class=:UNIVERSAL
* # @tagging=nil,
* # @value=1>]>]>
* int2 = asn1.value[0].value[0]
* puts int2.value # => 1
*/
cASN1Data = rb_define_class_under(mASN1, "ASN1Data", rb_cObject);
/*
* Carries the value of a ASN.1 type.
* Please confer Constructive and Primitive for the mappings between
* ASN.1 data types and Ruby classes.
*/
rb_attr(cASN1Data, rb_intern("value"), 1, 1, 0);
/*
* An Integer representing the tag number of this ASN1Data. Never +nil+.
*/
rb_attr(cASN1Data, rb_intern("tag"), 1, 1, 0);
/*
* A Symbol representing the tag class of this ASN1Data. Never +nil+.
* See ASN1Data for possible values.
*/
rb_attr(cASN1Data, rb_intern("tag_class"), 1, 1, 0);
/*
* Never +nil+. A boolean value indicating whether the encoding uses
* indefinite length (in the case of parsing) or whether an indefinite
* length form shall be used (in the encoding case).
* In DER, every value uses definite length form. But in scenarios where
* large amounts of data need to be transferred it might be desirable to
* have some kind of streaming support available.
* For example, huge OCTET STRINGs are preferably sent in smaller-sized
* chunks, each at a time.
* This is possible in BER by setting the length bytes of an encoding
* to zero and by this indicating that the following value will be
* sent in chunks. Indefinite length encodings are always constructed.
* The end of such a stream of chunks is indicated by sending a EOC
* (End of Content) tag. SETs and SEQUENCEs may use an indefinite length
* encoding, but also primitive types such as e.g. OCTET STRINGS or
* BIT STRINGS may leverage this functionality (cf. ITU-T X.690).
*/
rb_attr(cASN1Data, rb_intern("indefinite_length"), 1, 1, 0);
rb_define_alias(cASN1Data, "infinite_length", "indefinite_length");
rb_define_alias(cASN1Data, "infinite_length=", "indefinite_length=");
rb_define_method(cASN1Data, "initialize", ossl_asn1data_initialize, 3);
rb_define_method(cASN1Data, "to_der", ossl_asn1data_to_der, 0);
/* Document-class: OpenSSL::ASN1::Primitive
*
* The parent class for all primitive encodings. Attributes are the same as
* for ASN1Data, with the addition of _tagging_.
* Primitive values can never be encoded with indefinite length form, thus
* it is not possible to set the _indefinite_length_ attribute for Primitive
* and its sub-classes.
*
* == Primitive sub-classes and their mapping to Ruby classes
* * OpenSSL::ASN1::EndOfContent <=> _value_ is always +nil+
* * OpenSSL::ASN1::Boolean <=> _value_ is +true+ or +false+
* * OpenSSL::ASN1::Integer <=> _value_ is an Integer
* * OpenSSL::ASN1::BitString <=> _value_ is a String
* * OpenSSL::ASN1::OctetString <=> _value_ is a String
* * OpenSSL::ASN1::Null <=> _value_ is always +nil+
* * OpenSSL::ASN1::Object <=> _value_ is a String
* * OpenSSL::ASN1::Enumerated <=> _value_ is an Integer
* * OpenSSL::ASN1::UTF8String <=> _value_ is a String
* * OpenSSL::ASN1::NumericString <=> _value_ is a String
* * OpenSSL::ASN1::PrintableString <=> _value_ is a String
* * OpenSSL::ASN1::T61String <=> _value_ is a String
* * OpenSSL::ASN1::VideotexString <=> _value_ is a String
* * OpenSSL::ASN1::IA5String <=> _value_ is a String
* * OpenSSL::ASN1::UTCTime <=> _value_ is a Time
* * OpenSSL::ASN1::GeneralizedTime <=> _value_ is a Time
* * OpenSSL::ASN1::GraphicString <=> _value_ is a String
* * OpenSSL::ASN1::ISO64String <=> _value_ is a String
* * OpenSSL::ASN1::GeneralString <=> _value_ is a String
* * OpenSSL::ASN1::UniversalString <=> _value_ is a String
* * OpenSSL::ASN1::BMPString <=> _value_ is a String
*
* == OpenSSL::ASN1::BitString
*
* === Additional attributes
* _unused_bits_: if the underlying BIT STRING's
* length is a multiple of 8 then _unused_bits_ is 0. Otherwise
* _unused_bits_ indicates the number of bits that are to be ignored in
* the final octet of the BitString's _value_.
*
* == OpenSSL::ASN1::ObjectId
*
* NOTE: While OpenSSL::ASN1::ObjectId.new will allocate a new ObjectId,
* it is not typically allocated this way, but rather that are received from
* parsed ASN1 encodings.
*
* === Additional attributes
* * _sn_: the short name as defined in <openssl/objects.h>.
* * _ln_: the long name as defined in <openssl/objects.h>.
* * _oid_: the object identifier as a String, e.g. "1.2.3.4.5"
* * _short_name_: alias for _sn_.
* * _long_name_: alias for _ln_.
*
* == Examples
* With the Exception of OpenSSL::ASN1::EndOfContent, each Primitive class
* constructor takes at least one parameter, the _value_.
*
* === Creating EndOfContent
* eoc = OpenSSL::ASN1::EndOfContent.new
*
* === Creating any other Primitive
* prim = <class>.new(value) # <class> being one of the sub-classes except EndOfContent
* prim_zero_tagged_implicit = <class>.new(value, 0, :IMPLICIT)
* prim_zero_tagged_explicit = <class>.new(value, 0, :EXPLICIT)
*/
cASN1Primitive = rb_define_class_under(mASN1, "Primitive", cASN1Data);
/*
* May be used as a hint for encoding a value either implicitly or
* explicitly by setting it either to +:IMPLICIT+ or to +:EXPLICIT+.
* _tagging_ is not set when a ASN.1 structure is parsed using
* OpenSSL::ASN1.decode.
*/
rb_attr(cASN1Primitive, rb_intern("tagging"), 1, 1, Qtrue);
rb_undef_method(cASN1Primitive, "indefinite_length=");
rb_undef_method(cASN1Primitive, "infinite_length=");
rb_define_method(cASN1Primitive, "initialize", ossl_asn1_initialize, -1);
rb_define_method(cASN1Primitive, "to_der", ossl_asn1prim_to_der, 0);
/* Document-class: OpenSSL::ASN1::Constructive
*
* The parent class for all constructed encodings. The _value_ attribute
* of a Constructive is always an Array. Attributes are the same as
* for ASN1Data, with the addition of _tagging_.
*
* == SET and SEQUENCE
*
* Most constructed encodings come in the form of a SET or a SEQUENCE.
* These encodings are represented by one of the two sub-classes of
* Constructive:
* * OpenSSL::ASN1::Set
* * OpenSSL::ASN1::Sequence
* Please note that tagged sequences and sets are still parsed as
* instances of ASN1Data. Find further details on tagged values
* there.
*
* === Example - constructing a SEQUENCE
* int = OpenSSL::ASN1::Integer.new(1)
* str = OpenSSL::ASN1::PrintableString.new('abc')
* sequence = OpenSSL::ASN1::Sequence.new( [ int, str ] )
*
* === Example - constructing a SET
* int = OpenSSL::ASN1::Integer.new(1)
* str = OpenSSL::ASN1::PrintableString.new('abc')
* set = OpenSSL::ASN1::Set.new( [ int, str ] )
*/
cASN1Constructive = rb_define_class_under(mASN1,"Constructive", cASN1Data);
rb_include_module(cASN1Constructive, rb_mEnumerable);
/*
* May be used as a hint for encoding a value either implicitly or
* explicitly by setting it either to +:IMPLICIT+ or to +:EXPLICIT+.
* _tagging_ is not set when a ASN.1 structure is parsed using
* OpenSSL::ASN1.decode.
*/
rb_attr(cASN1Constructive, rb_intern("tagging"), 1, 1, Qtrue);
rb_define_method(cASN1Constructive, "initialize", ossl_asn1_initialize, -1);
rb_define_method(cASN1Constructive, "to_der", ossl_asn1cons_to_der, 0);
rb_define_method(cASN1Constructive, "each", ossl_asn1cons_each, 0);
#define OSSL_ASN1_DEFINE_CLASS(name, super) \
do{\
cASN1##name = rb_define_class_under(mASN1, #name, cASN1##super);\
rb_define_module_function(mASN1, #name, ossl_asn1_##name, -1);\
}while(0)
OSSL_ASN1_DEFINE_CLASS(Boolean, Primitive);
OSSL_ASN1_DEFINE_CLASS(Integer, Primitive);
OSSL_ASN1_DEFINE_CLASS(Enumerated, Primitive);
OSSL_ASN1_DEFINE_CLASS(BitString, Primitive);
OSSL_ASN1_DEFINE_CLASS(OctetString, Primitive);
OSSL_ASN1_DEFINE_CLASS(UTF8String, Primitive);
OSSL_ASN1_DEFINE_CLASS(NumericString, Primitive);
OSSL_ASN1_DEFINE_CLASS(PrintableString, Primitive);
OSSL_ASN1_DEFINE_CLASS(T61String, Primitive);
OSSL_ASN1_DEFINE_CLASS(VideotexString, Primitive);
OSSL_ASN1_DEFINE_CLASS(IA5String, Primitive);
OSSL_ASN1_DEFINE_CLASS(GraphicString, Primitive);
OSSL_ASN1_DEFINE_CLASS(ISO64String, Primitive);
OSSL_ASN1_DEFINE_CLASS(GeneralString, Primitive);
OSSL_ASN1_DEFINE_CLASS(UniversalString, Primitive);
OSSL_ASN1_DEFINE_CLASS(BMPString, Primitive);
OSSL_ASN1_DEFINE_CLASS(Null, Primitive);
OSSL_ASN1_DEFINE_CLASS(ObjectId, Primitive);
OSSL_ASN1_DEFINE_CLASS(UTCTime, Primitive);
OSSL_ASN1_DEFINE_CLASS(GeneralizedTime, Primitive);
OSSL_ASN1_DEFINE_CLASS(Sequence, Constructive);
OSSL_ASN1_DEFINE_CLASS(Set, Constructive);
OSSL_ASN1_DEFINE_CLASS(EndOfContent, Data);
/* Document-class: OpenSSL::ASN1::ObjectId
*
* Represents the primitive object id for OpenSSL::ASN1
*/
#if 0
cASN1ObjectId = rb_define_class_under(mASN1, "ObjectId", cASN1Primitive); /* let rdoc know */
#endif
rb_define_singleton_method(cASN1ObjectId, "register", ossl_asn1obj_s_register, 3);
rb_define_method(cASN1ObjectId, "sn", ossl_asn1obj_get_sn, 0);
rb_define_method(cASN1ObjectId, "ln", ossl_asn1obj_get_ln, 0);
rb_define_method(cASN1ObjectId, "oid", ossl_asn1obj_get_oid, 0);
rb_define_alias(cASN1ObjectId, "short_name", "sn");
rb_define_alias(cASN1ObjectId, "long_name", "ln");
rb_attr(cASN1BitString, rb_intern("unused_bits"), 1, 1, 0);
rb_define_method(cASN1EndOfContent, "initialize", ossl_asn1eoc_initialize, 0);
rb_define_method(cASN1EndOfContent, "to_der", ossl_asn1eoc_to_der, 0);
class_tag_map = rb_hash_new();
rb_hash_aset(class_tag_map, cASN1EndOfContent, INT2NUM(V_ASN1_EOC));
rb_hash_aset(class_tag_map, cASN1Boolean, INT2NUM(V_ASN1_BOOLEAN));
rb_hash_aset(class_tag_map, cASN1Integer, INT2NUM(V_ASN1_INTEGER));
rb_hash_aset(class_tag_map, cASN1BitString, INT2NUM(V_ASN1_BIT_STRING));
rb_hash_aset(class_tag_map, cASN1OctetString, INT2NUM(V_ASN1_OCTET_STRING));
rb_hash_aset(class_tag_map, cASN1Null, INT2NUM(V_ASN1_NULL));
rb_hash_aset(class_tag_map, cASN1ObjectId, INT2NUM(V_ASN1_OBJECT));
rb_hash_aset(class_tag_map, cASN1Enumerated, INT2NUM(V_ASN1_ENUMERATED));
rb_hash_aset(class_tag_map, cASN1UTF8String, INT2NUM(V_ASN1_UTF8STRING));
rb_hash_aset(class_tag_map, cASN1Sequence, INT2NUM(V_ASN1_SEQUENCE));
rb_hash_aset(class_tag_map, cASN1Set, INT2NUM(V_ASN1_SET));
rb_hash_aset(class_tag_map, cASN1NumericString, INT2NUM(V_ASN1_NUMERICSTRING));
rb_hash_aset(class_tag_map, cASN1PrintableString, INT2NUM(V_ASN1_PRINTABLESTRING));
rb_hash_aset(class_tag_map, cASN1T61String, INT2NUM(V_ASN1_T61STRING));
rb_hash_aset(class_tag_map, cASN1VideotexString, INT2NUM(V_ASN1_VIDEOTEXSTRING));
rb_hash_aset(class_tag_map, cASN1IA5String, INT2NUM(V_ASN1_IA5STRING));
rb_hash_aset(class_tag_map, cASN1UTCTime, INT2NUM(V_ASN1_UTCTIME));
rb_hash_aset(class_tag_map, cASN1GeneralizedTime, INT2NUM(V_ASN1_GENERALIZEDTIME));
rb_hash_aset(class_tag_map, cASN1GraphicString, INT2NUM(V_ASN1_GRAPHICSTRING));
rb_hash_aset(class_tag_map, cASN1ISO64String, INT2NUM(V_ASN1_ISO64STRING));
rb_hash_aset(class_tag_map, cASN1GeneralString, INT2NUM(V_ASN1_GENERALSTRING));
rb_hash_aset(class_tag_map, cASN1UniversalString, INT2NUM(V_ASN1_UNIVERSALSTRING));
rb_hash_aset(class_tag_map, cASN1BMPString, INT2NUM(V_ASN1_BMPSTRING));
rb_global_variable(&class_tag_map);
id_each = rb_intern_const("each");
}