Skip to content

Commit

Permalink
asn1: fix ObjectId#==
Browse files Browse the repository at this point in the history
Compare by the dotted decimal notation rather than the NID.

OpenSSL::ASN1::ObjectId can store OIDs that are not registered in
OpenSSL's internal table. NID is not defined for such an OID, but it is
not an error.

The == method also should not raise TypeError if the other object is
not an instance of OpenSSL::ASN1::ObjectId.

Fixes: ruby/openssl#791
  • Loading branch information
rhenium authored and hsbt committed Nov 14, 2024
1 parent e9d1e85 commit f1ac754
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 29 deletions.
43 changes: 19 additions & 24 deletions ext/openssl/ossl_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -1167,30 +1167,6 @@ ossl_asn1obj_get_ln(VALUE self)
return ret;
}

/*
* call-seq:
* oid == other_oid => true or false
*
* Returns +true+ if _other_oid_ is the same as _oid_
*/
static VALUE
ossl_asn1obj_eq(VALUE self, VALUE other)
{
VALUE valSelf, valOther;
int nidSelf, nidOther;

valSelf = ossl_asn1_get_value(self);
valOther = ossl_asn1_get_value(other);

if ((nidSelf = OBJ_txt2nid(StringValueCStr(valSelf))) == NID_undef)
ossl_raise(eASN1Error, "OBJ_txt2nid");

if ((nidOther = OBJ_txt2nid(StringValueCStr(valOther))) == NID_undef)
ossl_raise(eASN1Error, "OBJ_txt2nid");

return nidSelf == nidOther ? Qtrue : Qfalse;
}

static VALUE
asn1obj_get_oid_i(VALUE vobj)
{
Expand Down Expand Up @@ -1235,6 +1211,25 @@ ossl_asn1obj_get_oid(VALUE self)
return str;
}

/*
* call-seq:
* oid == other_oid => true or false
*
* Returns +true+ if _other_oid_ is the same as _oid_.
*/
static VALUE
ossl_asn1obj_eq(VALUE self, VALUE other)
{
VALUE oid1, oid2;

if (!rb_obj_is_kind_of(other, cASN1ObjectId))
return Qfalse;

oid1 = ossl_asn1obj_get_oid(self);
oid2 = ossl_asn1obj_get_oid(other);
return rb_str_equal(oid1, oid2);
}

#define OSSL_ASN1_IMPL_FACTORY_METHOD(klass) \
static VALUE ossl_asn1_##klass(int argc, VALUE *argv, VALUE self)\
{ return rb_funcallv_public(cASN1##klass, rb_intern("new"), argc, argv); }
Expand Down
17 changes: 12 additions & 5 deletions test/openssl/test_asn1.rb
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,9 @@ def test_object_identifier
oid = (0...100).to_a.join(".").b
obj = OpenSSL::ASN1::ObjectId.new(oid)
assert_equal oid, obj.oid
end

def test_object_identifier_equality
aki = [
OpenSSL::ASN1::ObjectId.new("authorityKeyIdentifier"),
OpenSSL::ASN1::ObjectId.new("X509v3 Authority Key Identifier"),
Expand All @@ -341,17 +343,22 @@ def test_object_identifier

aki.each do |a|
aki.each do |b|
assert a == b
assert_equal true, a == b
end

ski.each do |b|
refute a == b
assert_equal false, a == b
end
end

assert_raise(TypeError) {
OpenSSL::ASN1::ObjectId.new("authorityKeyIdentifier") == nil
}
obj1 = OpenSSL::ASN1::ObjectId.new("1.2.34.56789.10")
obj2 = OpenSSL::ASN1::ObjectId.new("1.2.34.56789.10")
obj3 = OpenSSL::ASN1::ObjectId.new("1.2.34.56789.11")
omit "OID 1.2.34.56789.10 is registered" if obj1.sn
assert_equal true, obj1 == obj2
assert_equal false, obj1 == obj3

assert_equal false, OpenSSL::ASN1::ObjectId.new("authorityKeyIdentifier") == nil
end

def test_sequence
Expand Down

0 comments on commit f1ac754

Please sign in to comment.