Superceded
diff --git a/OpenSSL/crypto/crl.c b/OpenSSL/crypto/crl.c
deleted file mode 100644
index 3f56d83..0000000
--- a/OpenSSL/crypto/crl.c
+++ /dev/null
@@ -1,309 +0,0 @@
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
- X509_REVOKED *dupe = NULL;
-
- dupe = X509_REVOKED_new();
- if (dupe == NULL) {
- return NULL;
- }
- if (orig->serialNumber) {
- dupe->serialNumber = M_ASN1_INTEGER_dup(orig->serialNumber);
- }
- if (orig->revocationDate) {
- dupe->revocationDate = M_ASN1_INTEGER_dup(orig->revocationDate);
- }
- if (orig->extensions) {
- STACK_OF(X509_EXTENSION) *sk = NULL;
- X509_EXTENSION * ext;
- int j;
-
- sk = sk_X509_EXTENSION_new_null();
- for (j = 0; j < sk_X509_EXTENSION_num(orig->extensions); j++) {
- ext = sk_X509_EXTENSION_value(orig->extensions, j);
- ext = X509_EXTENSION_dup(ext);
- sk_X509_EXTENSION_push(sk, ext);
- }
- dupe->extensions = sk;
- }
- dupe->sequence = orig->sequence;
- return dupe;
-}
-
-static char crypto_CRL_get_revoked_doc[] = "\n\
-Return revoked portion of the CRL structure (by value\n\
-not reference).\n\
-\n\
-:return: A tuple of Revoked objects.\n\
-";
-static PyObject *
-crypto_CRL_get_revoked(crypto_CRLObj *self, PyObject *args) {
- int j, num_rev;
- X509_REVOKED *r = NULL;
- PyObject *obj = NULL, *rev_obj;
-
- if (!PyArg_ParseTuple(args, ":get_revoked")) {
- return NULL;
- }
-
- num_rev = sk_X509_REVOKED_num(self->crl->crl->revoked);
- if (num_rev < 0) {
- Py_INCREF(Py_None);
- return Py_None;
- }
- if ((obj = PyTuple_New(num_rev)) == NULL) {
- return NULL;
- }
-
- for (j = 0; j < num_rev; j++) {
- r = sk_X509_REVOKED_value(self->crl->crl->revoked, j);
- r = X509_REVOKED_dup(r);
- if (r == NULL ) {
- goto error;
- }
- rev_obj = (PyObject *) crypto_Revoked_New(r);
- if (rev_obj == NULL) {
- goto error;
- }
- r = NULL; /* it's now owned by rev_obj */
- PyTuple_SET_ITEM(obj, j, rev_obj);
- }
- return obj;
-
- error:
- if (r) {
- X509_REVOKED_free(r);
- }
- Py_XDECREF(obj);
- return NULL;
-}
-
-static char crypto_CRL_add_revoked_doc[] = "\n\
-Add a revoked (by value not reference) to the CRL structure\n\
-\n\
-:param cert: The new revoked.\n\
-:type cert: :class:`X509`\n\
-:return: None\n\
-";
-static PyObject *
-crypto_CRL_add_revoked(crypto_CRLObj *self, PyObject *args, PyObject *keywds) {
- crypto_RevokedObj * rev_obj = NULL;
- static char *kwlist[] = {"revoked", NULL};
- X509_REVOKED * dup;
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!:add_revoked",
- kwlist, &crypto_Revoked_Type, &rev_obj)) {
- return NULL;
- }
-
- dup = X509_REVOKED_dup( rev_obj->revoked );
- if (dup == NULL) {
- return NULL;
- }
- X509_CRL_add0_revoked(self->crl, dup);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_CRL_export_doc[] = "\n\
-export(cert, key[, type[, days]]) -> export a CRL as a string\n\
-\n\
-:param cert: Used to sign CRL.\n\
-:type cert: :class:`X509`\n\
-:param key: Used to sign CRL.\n\
-:type key: :class:`PKey`\n\
-:param type: The export format, either :py:data:`FILETYPE_PEM`, :py:data:`FILETYPE_ASN1`, or :py:data:`FILETYPE_TEXT`.\n\
-:param days: The number of days until the next update of this CRL.\n\
-:type days: :py:data:`int`\n\
-:return: :py:data:`str`\n\
-";
-static PyObject *
-crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) {
- int ret, buf_len, type = X509_FILETYPE_PEM, days = 100;
- char *temp;
- BIO *bio;
- PyObject *buffer;
- crypto_PKeyObj *key;
- ASN1_TIME *tmptm;
- crypto_X509Obj *x509;
- static char *kwlist[] = {"cert", "key", "type", "days", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
- &crypto_X509_Type, &x509,
- &crypto_PKey_Type, &key, &type, &days)) {
- return NULL;
- }
-
-
-#if OPENSSL_VERSION_NUMBER >= 0x01000000L
- /* Older versions of OpenSSL had no problem with trying to export using an
- * uninitialized key. Newer versions segfault, instead. We can only check
- * on the new versions, though, because the old versions don't even have the
- * field that the segfault is triggered by.
- */
- if (!key->pkey->ameth) {
- PyErr_SetString(
- crypto_Error, "Cannot export with an unitialized key");
- return NULL;
- }
-#endif
-
- bio = BIO_new(BIO_s_mem());
- tmptm = ASN1_TIME_new();
- if (!tmptm) {
- return 0;
- }
- X509_gmtime_adj(tmptm,0);
- X509_CRL_set_lastUpdate(self->crl, tmptm);
- X509_gmtime_adj(tmptm,days*24*60*60);
- X509_CRL_set_nextUpdate(self->crl, tmptm);
- ASN1_TIME_free(tmptm);
- X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
-
- if (!X509_CRL_sign(self->crl, key->pkey, EVP_md5())) {
- exception_from_error_queue(crypto_Error);
- BIO_free(bio);
- return NULL;
- }
-
- switch (type) {
- case X509_FILETYPE_PEM:
- ret = PEM_write_bio_X509_CRL(bio, self->crl);
- break;
-
- case X509_FILETYPE_ASN1:
- ret = (int) i2d_X509_CRL_bio(bio, self->crl);
- break;
-
- case X509_FILETYPE_TEXT:
- ret = X509_CRL_print(bio, self->crl);
- break;
-
- default:
- PyErr_SetString(
- PyExc_ValueError,
- "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
- return NULL;
- }
- if (!ret) {
- exception_from_error_queue(crypto_Error);
- BIO_free(bio);
- return NULL;
- }
- buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyBytes_FromStringAndSize(temp, buf_len);
- BIO_free(bio);
- return buffer;
-}
-
-crypto_CRLObj *
-crypto_CRL_New(X509_CRL *crl) {
- crypto_CRLObj *self;
-
- self = PyObject_New(crypto_CRLObj, &crypto_CRL_Type);
- if (self == NULL) {
- return NULL;
- }
- self->crl = crl;
- return self;
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_CRL_name, METH_VARARGS, crypto_CRL_name_doc }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS, crypto_CRL_##name##_doc }
-#define ADD_KW_METHOD(name) \
- { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS | METH_KEYWORDS, crypto_CRL_##name##_doc }
-static PyMethodDef crypto_CRL_methods[] = {
- ADD_KW_METHOD(add_revoked),
- ADD_METHOD(get_revoked),
- ADD_KW_METHOD(export),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-
-static void
-crypto_CRL_dealloc(crypto_CRLObj *self) {
- X509_CRL_free(self->crl);
- self->crl = NULL;
-
- PyObject_Del(self);
-}
-
-static char crypto_CRL_doc[] = "\n\
-CRL() -> CRL instance\n\
-\n\
-Create a new empty CRL object.\n\
-\n\
-:returns: The CRL object\n\
-";
-
-static PyObject* crypto_CRL_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- if (!PyArg_ParseTuple(args, ":CRL")) {
- return NULL;
- }
-
- return (PyObject *)crypto_CRL_New(X509_CRL_new());
-}
-
-PyTypeObject crypto_CRL_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "CRL",
- sizeof(crypto_CRLObj),
- 0,
- (destructor)crypto_CRL_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- crypto_CRL_doc, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_CRL_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_CRL_new, /* tp_new */
-};
-
-int init_crypto_crl(PyObject *module) {
- if (PyType_Ready(&crypto_CRL_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_CRL_Type);
- if (PyModule_AddObject(module, "CRL", (PyObject *)&crypto_CRL_Type) != 0) {
- return 0;
- }
- return 1;
-}
diff --git a/OpenSSL/crypto/crl.h b/OpenSSL/crypto/crl.h
deleted file mode 100644
index 87f5048..0000000
--- a/OpenSSL/crypto/crl.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#ifndef PyOpenSSL_crypto_CRL_H_
-#define PyOpenSSL_crypto_CRL_H_
-
-#include <Python.h>
-
-extern int init_crypto_crl (PyObject *);
-
-extern PyTypeObject crypto_CRL_Type;
-
-#define crypto_CRL_Check(v) ((v)->ob_type == &crypto_CRL_Type)
-
-typedef struct {
- PyObject_HEAD
- X509_CRL *crl;
-} crypto_CRLObj;
-
-crypto_CRLObj * crypto_CRL_New(X509_CRL *crl);
-
-#endif
diff --git a/OpenSSL/crypto/crypto.c b/OpenSSL/crypto/crypto.c
deleted file mode 100644
index 78f3ed7..0000000
--- a/OpenSSL/crypto/crypto.c
+++ /dev/null
@@ -1,920 +0,0 @@
-/*
- * crypto.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Keyphrene
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * Main file of crypto sub module.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-#include "pkcs12.h"
-
-static char crypto_doc[] = "\n\
-Main file of crypto sub module.\n\
-See the file RATIONALE for a short explanation of why this module was written.\n\
-";
-
-void **ssl_API;
-
-PyObject *crypto_Error;
-
-int crypto_byte_converter(PyObject *input, void* output) {
- char **message = output;
- if (input == Py_None) {
- *message = NULL;
- } else if (PyBytes_CheckExact(input)) {
- *message = PyBytes_AsString(input);
- } else {
- return 0;
- }
- return 1;
-}
-
-static int
-global_passphrase_callback(char *buf, int len, int rwflag, void *cb_arg)
-{
- PyObject *func, *argv, *ret;
- int nchars;
-
- func = (PyObject *)cb_arg;
- argv = Py_BuildValue("(i)", rwflag);
- if (argv == NULL) {
- return 0;
- }
- ret = PyEval_CallObject(func, argv);
- Py_DECREF(argv);
- if (ret == NULL) {
- return 0;
- }
- if (!PyBytes_Check(ret)) {
- Py_DECREF(ret);
- PyErr_SetString(PyExc_ValueError, "String expected");
- return 0;
- }
- nchars = PyBytes_Size(ret);
- if (nchars > len) {
- Py_DECREF(ret);
- PyErr_SetString(PyExc_ValueError,
- "passphrase returned by callback is too long");
- return 0;
- }
- strncpy(buf, PyBytes_AsString(ret), nchars);
- Py_DECREF(ret);
- return nchars;
-}
-
-static PyObject *
-raise_current_error(void)
-{
- if (PyErr_Occurred()) {
- /*
- * The python exception from callback is more informative than
- * OpenSSL's error.
- */
- flush_error_queue();
- return NULL;
- }
- exception_from_error_queue(crypto_Error);
- return NULL;
-}
-
-static int
-setup_callback(int type, PyObject *pw, pem_password_cb **cb, void **cb_arg) {
- if (pw == NULL) {
- *cb = NULL;
- *cb_arg = NULL;
- return 1;
- }
- if (type != X509_FILETYPE_PEM) {
- PyErr_SetString(PyExc_ValueError,
- "only FILETYPE_PEM key format supports encryption");
- return 0;
- }
- if (PyBytes_Check(pw)) {
- *cb = NULL;
- *cb_arg = PyBytes_AsString(pw);
- } else if (PyCallable_Check(pw)) {
- *cb = global_passphrase_callback;
- *cb_arg = pw;
- } else {
- PyErr_SetString(PyExc_TypeError,
- "Last argument must be string or callable");
- return 0;
- }
- return 1;
-}
-
-static char crypto_load_privatekey_doc[] = "\n\
-Load a private key from a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
-:param buffer: The buffer the key is stored in\n\
-:param passphrase: (optional) if encrypted PEM format, this can be\n\
- either the passphrase to use, or a callback for\n\
- providing the passphrase.\n\
-\n\
-:return: The PKey object\n\
-";
-
-static PyObject *
-crypto_load_privatekey(PyObject *spam, PyObject *args)
-{
- crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
- int type, len;
- char *buffer;
- PyObject *pw = NULL;
- pem_password_cb *cb = NULL;
- void *cb_arg = NULL;
- BIO *bio;
- EVP_PKEY *pkey;
-
- if (!PyArg_ParseTuple(args, "is#|O:load_privatekey",
- &type, &buffer, &len, &pw)) {
- return NULL;
- }
- if (!setup_callback(type, pw, &cb, &cb_arg)) {
- return NULL;
- }
-
- bio = BIO_new_mem_buf(buffer, len);
- if (bio == NULL) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- switch (type) {
- case X509_FILETYPE_PEM:
- pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, cb_arg);
- break;
-
- case X509_FILETYPE_ASN1:
- pkey = d2i_PrivateKey_bio(bio, NULL);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
- BIO_free(bio);
- return NULL;
- }
- BIO_free(bio);
-
- if (pkey == NULL) {
- return raise_current_error();
- }
-
- return (PyObject *)crypto_PKey_New(pkey, 1);
-}
-
-static char crypto_dump_privatekey_doc[] = "\n\
-Dump a private key to a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
-:param pkey: The PKey to dump\n\
-:param cipher: (optional) if encrypted PEM format, the cipher to\n\
- use\n\
-:param passphrase: (optional) if encrypted PEM format, this can be either\n\
- the passphrase to use, or a callback for providing the\n\
- passphrase.\n\
-:return: The buffer with the dumped key in\n\
-:rtype: :py:data:`str`\n\
-";
-
-static PyObject *
-crypto_dump_privatekey(PyObject *spam, PyObject *args)
-{
- int type, ret, buf_len;
- char *temp;
- PyObject *buffer;
- char *cipher_name = NULL;
- const EVP_CIPHER *cipher = NULL;
- PyObject *pw = NULL;
- pem_password_cb *cb = NULL;
- void *cb_arg = NULL;
- BIO *bio;
- RSA *rsa;
- crypto_PKeyObj *pkey;
-
- if (!PyArg_ParseTuple(args, "iO!|sO:dump_privatekey", &type,
- &crypto_PKey_Type, &pkey, &cipher_name, &pw)) {
- return NULL;
- }
- if (cipher_name != NULL && pw == NULL) {
- PyErr_SetString(PyExc_ValueError, "Illegal number of arguments");
- return NULL;
- }
- if (cipher_name != NULL) {
- cipher = EVP_get_cipherbyname(cipher_name);
- if (cipher == NULL) {
- PyErr_SetString(PyExc_ValueError, "Invalid cipher name");
- return NULL;
- }
- if (!setup_callback(type, pw, &cb, &cb_arg)) {
- return NULL;
- }
- }
-
- bio = BIO_new(BIO_s_mem());
- if (bio == NULL) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- switch (type) {
- case X509_FILETYPE_PEM:
- ret = PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_arg);
- break;
-
- case X509_FILETYPE_ASN1:
- ret = i2d_PrivateKey_bio(bio, pkey->pkey);
- break;
-
- case X509_FILETYPE_TEXT:
- rsa = EVP_PKEY_get1_RSA(pkey->pkey);
- if (rsa == NULL) {
- ret = 0;
- break;
- }
- ret = RSA_print(bio, rsa, 0);
- RSA_free(rsa);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
- BIO_free(bio);
- return NULL;
- }
-
- if (ret == 0) {
- BIO_free(bio);
- return raise_current_error();
- }
-
- buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyBytes_FromStringAndSize(temp, buf_len);
- BIO_free(bio);
-
- return buffer;
-}
-
-static char crypto_load_certificate_doc[] = "\n\
-Load a certificate from a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
- buffer - The buffer the certificate is stored in\n\
-:return: The X509 object\n\
-";
-
-static PyObject *
-crypto_load_certificate(PyObject *spam, PyObject *args)
-{
- crypto_X509Obj *crypto_X509_New(X509 *, int);
- int type, len;
- char *buffer;
- BIO *bio;
- X509 *cert;
-
- if (!PyArg_ParseTuple(args, "is#:load_certificate", &type, &buffer, &len))
- return NULL;
-
- bio = BIO_new_mem_buf(buffer, len);
- switch (type)
- {
- case X509_FILETYPE_PEM:
- cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
- break;
-
- case X509_FILETYPE_ASN1:
- cert = d2i_X509_bio(bio, NULL);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
- BIO_free(bio);
- return NULL;
- }
- BIO_free(bio);
-
- if (cert == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- return (PyObject *)crypto_X509_New(cert, 1);
-}
-
-static char crypto_dump_certificate_doc[] = "\n\
-Dump a certificate to a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
-:param cert: The certificate to dump\n\
-:return: The buffer with the dumped certificate in\n\
-";
-
-static PyObject *
-crypto_dump_certificate(PyObject *spam, PyObject *args)
-{
- int type, ret, buf_len;
- char *temp;
- PyObject *buffer;
- BIO *bio;
- crypto_X509Obj *cert;
-
- if (!PyArg_ParseTuple(args, "iO!:dump_certificate", &type,
- &crypto_X509_Type, &cert))
- return NULL;
-
- bio = BIO_new(BIO_s_mem());
- switch (type)
- {
- case X509_FILETYPE_PEM:
- ret = PEM_write_bio_X509(bio, cert->x509);
- break;
-
- case X509_FILETYPE_ASN1:
- ret = i2d_X509_bio(bio, cert->x509);
- break;
-
- case X509_FILETYPE_TEXT:
- ret = X509_print_ex(bio, cert->x509, 0, 0);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
- BIO_free(bio);
- return NULL;
- }
-
- if (ret == 0)
- {
- BIO_free(bio);
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyBytes_FromStringAndSize(temp, buf_len);
- BIO_free(bio);
-
- return buffer;
-}
-
-static char crypto_load_certificate_request_doc[] = "\n\
-Load a certificate request from a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
- buffer - The buffer the certificate request is stored in\n\
-:return: The X509Req object\n\
-";
-
-static PyObject *
-crypto_load_certificate_request(PyObject *spam, PyObject *args)
-{
- crypto_X509ReqObj *crypto_X509Req_New(X509_REQ *, int);
- int type, len;
- char *buffer;
- BIO *bio;
- X509_REQ *req;
-
- if (!PyArg_ParseTuple(args, "is#:load_certificate_request", &type, &buffer, &len))
- return NULL;
-
- bio = BIO_new_mem_buf(buffer, len);
- switch (type)
- {
- case X509_FILETYPE_PEM:
- req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL);
- break;
-
- case X509_FILETYPE_ASN1:
- req = d2i_X509_REQ_bio(bio, NULL);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
- BIO_free(bio);
- return NULL;
- }
- BIO_free(bio);
-
- if (req == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- return (PyObject *)crypto_X509Req_New(req, 1);
-}
-
-static char crypto_dump_certificate_request_doc[] = "\n\
-Dump a certificate request to a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
- req - The certificate request to dump\n\
-:return: The buffer with the dumped certificate request in\n\
-";
-
-static PyObject *
-crypto_dump_certificate_request(PyObject *spam, PyObject *args)
-{
- int type, ret, buf_len;
- char *temp;
- PyObject *buffer;
- BIO *bio;
- crypto_X509ReqObj *req;
-
- if (!PyArg_ParseTuple(args, "iO!:dump_certificate_request", &type,
- &crypto_X509Req_Type, &req))
- return NULL;
-
- bio = BIO_new(BIO_s_mem());
- switch (type)
- {
- case X509_FILETYPE_PEM:
- ret = PEM_write_bio_X509_REQ(bio, req->x509_req);
- break;
-
- case X509_FILETYPE_ASN1:
- ret = i2d_X509_REQ_bio(bio, req->x509_req);
- break;
-
- case X509_FILETYPE_TEXT:
- ret = X509_REQ_print_ex(bio, req->x509_req, 0, 0);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
- BIO_free(bio);
- return NULL;
- }
-
- if (ret == 0)
- {
- BIO_free(bio);
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyBytes_FromStringAndSize(temp, buf_len);
- BIO_free(bio);
-
- return buffer;
-}
-
-static char crypto_load_crl_doc[] = "\n\
-Load a certificate revocation list from a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
-:param buffer: The buffer the CRL is stored in\n\
-\n\
-:return: The PKey object\n\
-";
-
-static PyObject *
-crypto_load_crl(PyObject *spam, PyObject *args) {
- int type, len;
- char *buffer;
- BIO *bio;
- X509_CRL *crl;
-
- if (!PyArg_ParseTuple(args, "is#:load_crl", &type, &buffer, &len)) {
- return NULL;
- }
-
- bio = BIO_new_mem_buf(buffer, len);
- switch (type) {
- case X509_FILETYPE_PEM:
- crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
- break;
-
- case X509_FILETYPE_ASN1:
- crl = d2i_X509_CRL_bio(bio, NULL);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
- BIO_free(bio);
- return NULL;
- }
- BIO_free(bio);
-
- if (crl == NULL) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- return (PyObject *)crypto_CRL_New(crl);
-}
-
-static char crypto_load_pkcs7_data_doc[] = "\n\
-Load pkcs7 data from a buffer\n\
-\n\
-:param type: The file type (one of FILETYPE_PEM or FILETYPE_ASN1)\n\
- buffer - The buffer with the pkcs7 data.\n\
-:return: The PKCS7 object\n\
-";
-
-static PyObject *
-crypto_load_pkcs7_data(PyObject *spam, PyObject *args)
-{
- int type, len;
- char *buffer;
- BIO *bio;
- PKCS7 *pkcs7 = NULL;
-
- if (!PyArg_ParseTuple(args, "is#:load_pkcs7_data", &type, &buffer, &len))
- return NULL;
-
- /*
- * Try to read the pkcs7 data from the bio
- */
- bio = BIO_new_mem_buf(buffer, len);
- switch (type)
- {
- case X509_FILETYPE_PEM:
- pkcs7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL);
- break;
-
- case X509_FILETYPE_ASN1:
- pkcs7 = d2i_PKCS7_bio(bio, NULL);
- break;
-
- default:
- PyErr_SetString(PyExc_ValueError,
- "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
- return NULL;
- }
- BIO_free(bio);
-
- /*
- * Check if we got a PKCS7 structure
- */
- if (pkcs7 == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- return (PyObject *)crypto_PKCS7_New(pkcs7, 1);
-}
-
-static char crypto_load_pkcs12_doc[] = "\n\
-Load a PKCS12 object from a buffer\n\
-\n\
-:param buffer: The buffer the certificate is stored in\n\
- passphrase (Optional) - The password to decrypt the PKCS12 lump\n\
-:returns: The PKCS12 object\n\
-";
-
-static PyObject *
-crypto_load_pkcs12(PyObject *spam, PyObject *args)
-{
- int len;
- char *buffer, *passphrase = NULL;
- BIO *bio;
- PKCS12 *p12;
-
- if (!PyArg_ParseTuple(args, "s#|s:load_pkcs12", &buffer, &len, &passphrase))
- return NULL;
-
- bio = BIO_new_mem_buf(buffer, len);
- if ((p12 = d2i_PKCS12_bio(bio, NULL)) == NULL)
- {
- BIO_free(bio);
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- BIO_free(bio);
-
- return (PyObject *)crypto_PKCS12_New(p12, passphrase);
-}
-
-
-static char crypto_X509_verify_cert_error_string_doc[] = "\n\
-Get X509 verify certificate error string.\n\
-\n\
-:param errnum: The error number.\n\
-:return: Error string as a Python string\n\
-";
-
-static PyObject *
-crypto_X509_verify_cert_error_string(PyObject *spam, PyObject *args)
-{
- int errnum;
- const char *str;
-
- if (!PyArg_ParseTuple(args, "i", &errnum))
- return NULL;
-
- str = X509_verify_cert_error_string(errnum);
- return PyText_FromString(str);
-}
-
-static char crypto_exception_from_error_queue_doc[] = "\n\
-Raise an exception from the current OpenSSL error queue.\n\
-";
-
-static PyObject *
-crypto_exception_from_error_queue(PyObject *spam, PyObject *eggs) {
- exception_from_error_queue(crypto_Error);
- return NULL;
-}
-
-static char crypto_sign_doc[] = "\n\
-Sign data with a digest\n\
-\n\
-:param pkey: Pkey to sign with\n\
-:param data: data to be signed\n\
-:param digest: message digest to use\n\
-:return: signature\n\
-";
-
-static PyObject *
-crypto_sign(PyObject *spam, PyObject *args) {
- PyObject *buffer;
- crypto_PKeyObj *pkey;
- char *data = NULL;
- int data_len;
- char *digest_name;
- int err;
- unsigned int sig_len;
- const EVP_MD *digest;
- EVP_MD_CTX md_ctx;
- unsigned char sig_buf[512];
-
- if (!PyArg_ParseTuple(
- args, "O!" BYTESTRING_FMT "#s:sign", &crypto_PKey_Type,
- &pkey, &data, &data_len, &digest_name)) {
- return NULL;
- }
-
- if ((digest = EVP_get_digestbyname(digest_name)) == NULL) {
- PyErr_SetString(PyExc_ValueError, "No such digest method");
- return NULL;
- }
-
- EVP_SignInit(&md_ctx, digest);
- EVP_SignUpdate(&md_ctx, data, data_len);
- sig_len = sizeof(sig_buf);
- err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey->pkey);
-
- if (err != 1) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- buffer = PyBytes_FromStringAndSize((char*)sig_buf, sig_len);
- return buffer;
-}
-
-static char crypto_verify_doc[] = "\n\
-Verify a signature\n\
-\n\
-:param cert: signing certificate (X509 object)\n\
-:param signature: signature returned by sign function\n\
-:param data: data to be verified\n\
-:param digest: message digest to use\n\
-:return: None if the signature is correct, raise exception otherwise\n\
-";
-
-static PyObject *
-crypto_verify(PyObject *spam, PyObject *args) {
- crypto_X509Obj *cert;
- unsigned char *signature;
- int sig_len;
- char *data, *digest_name;
- int data_len;
- int err;
- const EVP_MD *digest;
- EVP_MD_CTX md_ctx;
- EVP_PKEY *pkey;
-
-#ifdef PY3
- if (!PyArg_ParseTuple(args, "O!" BYTESTRING_FMT "#" BYTESTRING_FMT "#s:verify", &crypto_X509_Type, &cert, &signature, &sig_len, &data, &data_len, &digest_name)) {
-#else
- if (!PyArg_ParseTuple(args, "O!t#s#s:verify", &crypto_X509_Type, &cert, &signature, &sig_len, &data, &data_len, &digest_name)) {
-#endif
- return NULL;
- }
-
- if ((digest = EVP_get_digestbyname(digest_name)) == NULL){
- PyErr_SetString(PyExc_ValueError, "No such digest method");
- return NULL;
- }
-
- pkey = X509_get_pubkey(cert->x509);
- if (pkey == NULL) {
- PyErr_SetString(PyExc_ValueError, "No public key");
- return NULL;
- }
-
- EVP_VerifyInit(&md_ctx, digest);
- EVP_VerifyUpdate(&md_ctx, data, data_len);
- err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey);
- EVP_PKEY_free(pkey);
-
- if (err != 1) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-/* Methods in the OpenSSL.crypto module (i.e. none) */
-static PyMethodDef crypto_methods[] = {
- /* Module functions */
- { "load_privatekey", (PyCFunction)crypto_load_privatekey, METH_VARARGS, crypto_load_privatekey_doc },
- { "dump_privatekey", (PyCFunction)crypto_dump_privatekey, METH_VARARGS, crypto_dump_privatekey_doc },
- { "load_certificate", (PyCFunction)crypto_load_certificate, METH_VARARGS, crypto_load_certificate_doc },
- { "dump_certificate", (PyCFunction)crypto_dump_certificate, METH_VARARGS, crypto_dump_certificate_doc },
- { "load_certificate_request", (PyCFunction)crypto_load_certificate_request, METH_VARARGS, crypto_load_certificate_request_doc },
- { "dump_certificate_request", (PyCFunction)crypto_dump_certificate_request, METH_VARARGS, crypto_dump_certificate_request_doc },
- { "load_crl", (PyCFunction)crypto_load_crl, METH_VARARGS, crypto_load_crl_doc },
- { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc },
- { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc },
- { "sign", (PyCFunction)crypto_sign, METH_VARARGS, crypto_sign_doc },
- { "verify", (PyCFunction)crypto_verify, METH_VARARGS, crypto_verify_doc },
- { "X509_verify_cert_error_string", (PyCFunction)crypto_X509_verify_cert_error_string, METH_VARARGS, crypto_X509_verify_cert_error_string_doc },
- { "_exception_from_error_queue", (PyCFunction)crypto_exception_from_error_queue, METH_NOARGS, crypto_exception_from_error_queue_doc },
- { NULL, NULL }
-};
-
-
-#ifdef WITH_THREAD
-
-#include <pythread.h>
-
-/**
- * This array will store all of the mutexes available to OpenSSL.
- */
-static PyThread_type_lock *mutex_buf = NULL;
-
-
-/**
- * Callback function supplied to OpenSSL to acquire or release a lock.
- *
- */
-static void locking_function(int mode, int n, const char * file, int line) {
- if (mode & CRYPTO_LOCK) {
- PyThread_acquire_lock(mutex_buf[n], WAIT_LOCK);
- } else {
- PyThread_release_lock(mutex_buf[n]);
- }
-}
-
-
-/**
- * Initialize OpenSSL for use from multiple threads.
- *
- * Returns: 0 if initialization fails, 1 otherwise.
- */
-static int init_openssl_threads(void) {
- int i;
-
- mutex_buf = (PyThread_type_lock *)malloc(
- CRYPTO_num_locks() * sizeof(PyThread_type_lock));
- if (!mutex_buf) {
- return 0;
- }
- for (i = 0; i < CRYPTO_num_locks(); ++i) {
- mutex_buf[i] = PyThread_allocate_lock();
- }
- CRYPTO_set_id_callback((unsigned long (*)(void))PyThread_get_thread_ident);
- CRYPTO_set_locking_callback(locking_function);
- return 1;
-}
-
-/* /\** */
-/* * Clean up after OpenSSL thread initialization. */
-/* *\/ */
-/* static int deinit_openssl_threads() { */
-/* int i; */
-
-/* if (!mutex_buf) { */
-/* return 0; */
-/* } */
-/* CRYPTO_set_id_callback(NULL); */
-/* CRYPTO_set_locking_callback(NULL); */
-/* for (i = 0; i < CRYPTO_num_locks(); i++) { */
-/* PyThread_free_lock(mutex_buf[i]); */
-/* } */
-/* free(mutex_buf); */
-/* mutex_buf = NULL; */
-/* return 1; */
-/* } */
-
-#endif
-
-#ifdef PY3
-static struct PyModuleDef cryptomodule = {
- PyModuleDef_HEAD_INIT,
- "xcrypto",
- crypto_doc,
- -1,
- crypto_methods
-};
-#endif
-
-/*
- * Initialize crypto sub module
- *
- * Arguments: None
- * Returns: None
- */
-PyOpenSSL_MODINIT(xcrypto) {
-#ifndef PY3
- static void *crypto_API[crypto_API_pointers];
- PyObject *c_api_object;
-#endif
- PyObject *module;
-
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
-
-#ifdef PY3
- module = PyModule_Create(&cryptomodule);
-#else
- module = Py_InitModule3("xcrypto", crypto_methods, crypto_doc);
-#endif
-
- if (module == NULL) {
- PyOpenSSL_MODRETURN(NULL);
- }
-
-#ifndef PY3
- /* Initialize the C API pointer array */
- crypto_API[crypto_X509_New_NUM] = (void *)crypto_X509_New;
- crypto_API[crypto_X509Name_New_NUM] = (void *)crypto_X509Name_New;
- crypto_API[crypto_X509Req_New_NUM] = (void *)crypto_X509Req_New;
- crypto_API[crypto_X509Store_New_NUM] = (void *)crypto_X509Store_New;
- crypto_API[crypto_PKey_New_NUM] = (void *)crypto_PKey_New;
- crypto_API[crypto_X509Extension_New_NUM] = (void *)crypto_X509Extension_New;
- crypto_API[crypto_PKCS7_New_NUM] = (void *)crypto_PKCS7_New;
- crypto_API[crypto_NetscapeSPKI_New_NUM] = (void *)crypto_NetscapeSPKI_New;
- c_api_object = PyCObject_FromVoidPtr((void *)crypto_API, NULL);
- if (c_api_object != NULL) {
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF(c_api_object);
- PyModule_AddObject(module, "_C_API", c_api_object);
- }
-#endif
-
- crypto_Error = PyErr_NewException("OpenSSL.crypto.Error", NULL, NULL);
- if (crypto_Error == NULL)
- goto error;
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF(crypto_Error);
- if (PyModule_AddObject(module, "Error", crypto_Error) != 0)
- goto error;
-
- PyModule_AddIntConstant(module, "FILETYPE_PEM", X509_FILETYPE_PEM);
- PyModule_AddIntConstant(module, "FILETYPE_ASN1", X509_FILETYPE_ASN1);
- PyModule_AddIntConstant(module, "FILETYPE_TEXT", X509_FILETYPE_TEXT);
-
- PyModule_AddIntConstant(module, "TYPE_RSA", crypto_TYPE_RSA);
- PyModule_AddIntConstant(module, "TYPE_DSA", crypto_TYPE_DSA);
-
-#ifdef WITH_THREAD
- if (!init_openssl_threads())
- goto error;
-#endif
- if (!init_crypto_x509(module))
- goto error;
- if (!init_crypto_x509name(module))
- goto error;
- if (!init_crypto_x509store(module))
- goto error;
- if (!init_crypto_x509req(module))
- goto error;
- if (!init_crypto_pkey(module))
- goto error;
- if (!init_crypto_x509extension(module))
- goto error;
- if (!init_crypto_pkcs7(module))
- goto error;
- if (!init_crypto_pkcs12(module))
- goto error;
- if (!init_crypto_netscape_spki(module))
- goto error;
- if (!init_crypto_crl(module))
- goto error;
- if (!init_crypto_revoked(module))
- goto error;
-
- PyOpenSSL_MODRETURN(module);
-
-error:
- PyOpenSSL_MODRETURN(NULL);
- ;
-}
diff --git a/OpenSSL/crypto/crypto.h b/OpenSSL/crypto/crypto.h
deleted file mode 100644
index d0dba6b..0000000
--- a/OpenSSL/crypto/crypto.h
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * crypto.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Exports from crypto.c.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- *
- */
-#ifndef PyOpenSSL_CRYPTO_H_
-#define PyOpenSSL_CRYPTO_H_
-
-#include <Python.h>
-/* Work around a bug in OpenSSL 1.0.0 which is caused by winsock.h being
- included (from dtls1.h) too late by the OpenSSL header files, overriding
- the fixes (in ossl_typ.h) for symbol clashes caused by this OS header
- file.
-
- In order to have those fixes still take effect, we include winsock.h
- here, prior to including any OpenSSL header files.
-
- */
-#ifdef _WIN32
-# include "winsock.h"
-#endif
-
-#include "x509.h"
-#include "x509name.h"
-#include "netscape_spki.h"
-#include "x509store.h"
-#include "x509req.h"
-#include "pkey.h"
-#include "x509ext.h"
-#include "pkcs7.h"
-#include "pkcs12.h"
-#include "crl.h"
-#include "revoked.h"
-#include "../util.h"
-
-extern PyObject *crypto_Error;
-
-#define crypto_X509_New_NUM 0
-#define crypto_X509_New_RETURN crypto_X509Obj *
-#define crypto_X509_New_PROTO (X509 *, int)
-
-#define crypto_X509Req_New_NUM 1
-#define crypto_X509Req_New_RETURN crypto_X509ReqObj *
-#define crypto_X509Req_New_PROTO (X509_REQ *, int)
-
-#define crypto_X509Store_New_NUM 2
-#define crypto_X509Store_New_RETURN crypto_X509StoreObj *
-#define crypto_X509Store_New_PROTO (X509_STORE *, int)
-
-#define crypto_PKey_New_NUM 3
-#define crypto_PKey_New_RETURN crypto_PKeyObj *
-#define crypto_PKey_New_PROTO (EVP_PKEY *, int)
-
-#define crypto_X509Name_New_NUM 4
-#define crypto_X509Name_New_RETURN crypto_X509NameObj *
-#define crypto_X509Name_New_PROTO (X509_NAME *, int)
-
-#define crypto_X509Extension_New_NUM 5
-#define crypto_X509Extension_New_RETURN crypto_X509ExtensionObj *
-#define crypto_X509Extension_New_PROTO (char *, int, char *, crypto_X509Obj *, crypto_X509Obj *)
-
-#define crypto_PKCS7_New_NUM 6
-#define crypto_PKCS7_New_RETURN crypto_PKCS7Obj *
-#define crypto_PKCS7_New_PROTO (PKCS7 *, int)
-
-#define crypto_NetscapeSPKI_New_NUM 7
-#define crypto_NetscapeSPKI_New_RETURN crypto_NetscapeSPKIObj *
-#define crypto_NetscapeSPKI_New_PROTO (NETSCAPE_SPKI *, int)
-
-#define crypto_API_pointers 8
-
-#if defined(PY3) || defined(crypto_MODULE)
-
-#ifdef _WIN32
-#define EXPORT __declspec(dllexport)
-#else
-#define EXPORT
-#endif
-
-extern EXPORT crypto_X509_New_RETURN crypto_X509_New crypto_X509_New_PROTO;
-extern EXPORT crypto_X509Name_New_RETURN crypto_X509Name_New crypto_X509Name_New_PROTO;
-extern crypto_X509Req_New_RETURN crypto_X509Req_New crypto_X509Req_New_PROTO;
-extern EXPORT crypto_X509Store_New_RETURN crypto_X509Store_New crypto_X509Store_New_PROTO;
-extern crypto_PKey_New_RETURN crypto_PKey_New crypto_PKey_New_PROTO;
-extern crypto_X509Extension_New_RETURN crypto_X509Extension_New crypto_X509Extension_New_PROTO;
-extern crypto_PKCS7_New_RETURN crypto_PKCS7_New crypto_PKCS7_New_PROTO;
-extern crypto_NetscapeSPKI_New_RETURN crypto_NetscapeSPKI_New crypto_NetscapeSPKI_New_PROTO;
-
-int crypto_byte_converter(PyObject *input, void *output);
-
-#else /* crypto_MODULE */
-
-extern void **crypto_API;
-
-#define crypto_X509_New \
- (*(crypto_X509_New_RETURN (*)crypto_X509_New_PROTO) crypto_API[crypto_X509_New_NUM])
-#define crypto_X509Name_New \
- (*(crypto_X509Name_New_RETURN (*)crypto_X509Name_New_PROTO) crypto_API[crypto_X509Name_New_NUM])
-#define crypto_X509Req_New \
- (*(crypto_X509Req_New_RETURN (*)crypto_X509Req_New_PROTO) crypto_API[crypto_X509Req_New_NUM])
-#define crypto_X509Store_New \
- (*(crypto_X509Store_New_RETURN (*)crypto_X509Store_New_PROTO) crypto_API[crypto_X509Store_New_NUM])
-#define crypto_PKey_New \
- (*(crypto_PKey_New_RETURN (*)crypto_PKey_New_PROTO) crypto_API[crypto_PKey_New_NUM])
-#define crypto_X509Extension_New\
- (*(crypto_X509Extension_New_RETURN (*)crypto_X509Extension_New_PROTO) crypto_API[crypto_X509Extension_New_NUM])
-#define crypto_PKCS7_New \
- (*(crypto_PKCS7_New_RETURN (*)crypto_PKCS7_New_PROTO) crypto_API[crypto_PKCS7_New_NUM])
-#define crypto_NetscapeSPKI_New \
- (*(crypto_NetscapeSPKI_New_RETURN (*)crypto_NetscapeSPKI_New_PROTO) crypto_API[crypto_NetscapeSPKI_New_NUM])
-
-#define import_crypto() \
-{ \
- PyObject *crypto_module = PyImport_ImportModule("OpenSSL.xcrypto"); \
- if (crypto_module != NULL) { \
- PyObject *crypto_dict, *crypto_api_object; \
- crypto_dict = PyModule_GetDict(crypto_module); \
- crypto_api_object = PyDict_GetItemString(crypto_dict, "_C_API"); \
- if (crypto_api_object && PyCObject_Check(crypto_api_object)) { \
- crypto_API = (void **)PyCObject_AsVoidPtr(crypto_api_object); \
- } \
- } \
-}
-
-#endif /* crypto_MODULE */
-
-/* Define a new type for emitting text. Hopefully these don't collide with
- * future official OpenSSL constants, but the switch statement of
- * dump_certificate() will alert us if it matters.
- */
-#ifndef X509_FILETYPE_TEXT
-#define X509_FILETYPE_TEXT (58)
-#endif
-
-#endif /* PyOpenSSL_CRYPTO_H_ */
diff --git a/OpenSSL/crypto/netscape_spki.c b/OpenSSL/crypto/netscape_spki.c
deleted file mode 100644
index 8110a24..0000000
--- a/OpenSSL/crypto/netscape_spki.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/*
- * netscape_spki.c
- *
- * Copyright (C) Tollef Fog Heen
- * See LICENSE for details.
- *
- * Netscape SPKI handling, thin wrapper
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-/*
- * Constructor for Nestcape_SPKI, never called by Python code directly
- *
- * Arguments: name - A "real" NetscapeSPKI object
- * dealloc - Boolean value to specify whether the destructor should
- * free the "real" NetscapeSPKI object
- * Returns: The newly created NetscapeSPKI object
- */
-crypto_NetscapeSPKIObj *
-crypto_NetscapeSPKI_New(NETSCAPE_SPKI *name, int dealloc)
-{
- crypto_NetscapeSPKIObj *self;
-
- self = PyObject_New(crypto_NetscapeSPKIObj, &crypto_NetscapeSPKI_Type);
-
- if (self == NULL)
- return NULL;
-
- self->netscape_spki = name;
- self->dealloc = dealloc;
-
- return self;
-}
-
-
-static char crypto_NetscapeSPKI_doc[] = "\n\
-NetscapeSPKI([enc]) -> NetscapeSPKI instance\n\
-\n\
-:param enc: Base64 encoded NetscapeSPKI object.\n\
-:type enc: :py:data:`str`\n\
-:return: The NetscapeSPKI object\n\
-";
-
-static PyObject *
-crypto_NetscapeSPKI_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- char *enc = NULL;
- int enc_len = -1;
- NETSCAPE_SPKI *spki;
-
- if (!PyArg_ParseTuple(args, "|s#:NetscapeSPKI", &enc, &enc_len))
- return NULL;
-
- if (enc_len >= 0)
- spki = NETSCAPE_SPKI_b64_decode(enc, enc_len);
- else
- spki = NETSCAPE_SPKI_new();
- if (spki == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- return (PyObject *)crypto_NetscapeSPKI_New(spki, 1);
-}
-
-
-/*
- * Deallocate the memory used by the NetscapeSPKI object
- *
- * Arguments: self - The NetscapeSPKI object
- * Returns: None
- */
-static void
-crypto_NetscapeSPKI_dealloc(crypto_NetscapeSPKIObj *self)
-{
- /* Sometimes we don't have to dealloc this */
- if (self->dealloc)
- NETSCAPE_SPKI_free(self->netscape_spki);
-
- PyObject_Del(self);
-}
-
-static char crypto_NetscapeSPKI_sign_doc[] = "\n\
-Sign the certificate request using the supplied key and digest\n\
-\n\
-:param pkey: The key to sign with\n\
-:param digest: The message digest to use\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_NetscapeSPKI_sign(crypto_NetscapeSPKIObj *self, PyObject *args)
-{
- crypto_PKeyObj *pkey;
- char *digest_name;
- const EVP_MD *digest;
-
- if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
- &digest_name))
- return NULL;
-
- if (pkey->only_public) {
- PyErr_SetString(PyExc_ValueError, "Key has only public part");
- return NULL;
- }
-
- if (!pkey->initialized) {
- PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
- return NULL;
- }
-
- if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
- {
- PyErr_SetString(PyExc_ValueError, "No such digest method");
- return NULL;
- }
-
- if (!NETSCAPE_SPKI_sign(self->netscape_spki, pkey->pkey, digest))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_NetscapeSPKI_verify_doc[] = "\n\
-Verifies a certificate request using the supplied public key\n\
-\n\
-:param key: a public key\n\
-:return: True if the signature is correct.\n\
-:raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\
- problem verifying the signature.\n\
-";
-
-PyObject *
-crypto_NetscapeSPKI_verify(crypto_NetscapeSPKIObj *self, PyObject *args)
-{
- crypto_PKeyObj *pkey;
- int answer;
-
- if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &pkey)) {
- return NULL;
- }
-
- if ((answer = NETSCAPE_SPKI_verify(self->netscape_spki, pkey->pkey)) <= 0) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- return PyLong_FromLong((long)answer);
-}
-
-static char crypto_NetscapeSPKI_b64_encode_doc[] = "\n\
-Generate a base64 encoded string from an SPKI\n\
-\n\
-:return: The base64 encoded string\n\
-";
-
-PyObject *
-crypto_NetscapeSPKI_b64_encode(crypto_NetscapeSPKIObj *self, PyObject *args)
-{
- char *str;
-
- if (!PyArg_ParseTuple(args, ":b64_encode"))
- return NULL;
-
- str = NETSCAPE_SPKI_b64_encode(self->netscape_spki);
- return PyBytes_FromString(str);
-}
-
-
-static char crypto_NetscapeSPKI_get_pubkey_doc[] = "\n\
-Get the public key of the certificate\n\
-\n\
-:return: The public key\n\
-";
-
-static PyObject *
-crypto_NetscapeSPKI_get_pubkey(crypto_NetscapeSPKIObj *self, PyObject *args)
-{
- crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
- EVP_PKEY *pkey;
- crypto_PKeyObj *py_pkey;
-
- if (!PyArg_ParseTuple(args, ":get_pubkey"))
- return NULL;
-
- if ((pkey = NETSCAPE_SPKI_get_pubkey(self->netscape_spki)) == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- py_pkey = crypto_PKey_New(pkey, 1);
- if (py_pkey != NULL) {
- py_pkey->only_public = 1;
- }
- return (PyObject *)py_pkey;
-}
-
-static char crypto_NetscapeSPKI_set_pubkey_doc[] = "\n\
-Set the public key of the certificate\n\
-\n\
-:param pkey: The public key\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_NetscapeSPKI_set_pubkey(crypto_NetscapeSPKIObj *self, PyObject *args)
-{
- crypto_PKeyObj *pkey;
-
- if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
- return NULL;
-
- if (!NETSCAPE_SPKI_set_pubkey(self->netscape_spki, pkey->pkey))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_NetscapeSPKI_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_NetscapeSPKI_##name, METH_VARARGS, crypto_NetscapeSPKI_##name##_doc }
-static PyMethodDef crypto_NetscapeSPKI_methods[] =
-{
- ADD_METHOD(get_pubkey),
- ADD_METHOD(set_pubkey),
- ADD_METHOD(b64_encode),
- ADD_METHOD(sign),
- ADD_METHOD(verify),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-PyTypeObject crypto_NetscapeSPKI_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "NetscapeSPKI",
- sizeof(crypto_NetscapeSPKIObj),
- 0,
- (destructor)crypto_NetscapeSPKI_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- crypto_NetscapeSPKI_doc, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_NetscapeSPKI_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_NetscapeSPKI_new, /* tp_new */
-};
-
-
-/*
- * Initialize the X509Name part of the crypto module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_netscape_spki(PyObject *module) {
- if (PyType_Ready(&crypto_NetscapeSPKI_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference
- */
- Py_INCREF((PyObject *)&crypto_NetscapeSPKI_Type);
- if (PyModule_AddObject(module, "NetscapeSPKI", (PyObject *)&crypto_NetscapeSPKI_Type) != 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference
- */
- Py_INCREF((PyObject *)&crypto_NetscapeSPKI_Type);
- if (PyModule_AddObject(module, "NetscapeSPKIType", (PyObject *)&crypto_NetscapeSPKI_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
diff --git a/OpenSSL/crypto/netscape_spki.h b/OpenSSL/crypto/netscape_spki.h
deleted file mode 100644
index 2f07307..0000000
--- a/OpenSSL/crypto/netscape_spki.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * netscape_spki.h
- *
- * Copyright (C) Tollef Fog Heen
- * See LICENSE for details.
- *
- * Handle Netscape SPKI (challenge response) certificate requests.
- *
- *
- */
-#ifndef PyOpenSSL_crypto_Netscape_SPKI_H_
-#define PyOpenSSL_crypto_Netscape_SPKI_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-extern int init_crypto_netscape_spki (PyObject *);
-
-extern PyTypeObject crypto_NetscapeSPKI_Type;
-
-#define crypto_NetscapeSPKI_Check(v) ((v)->ob_type == &crypto_NetscapeSPKI_Type)
-
-typedef struct {
- PyObject_HEAD
- NETSCAPE_SPKI *netscape_spki;
- int dealloc;
-} crypto_NetscapeSPKIObj;
-
-
-#endif
diff --git a/OpenSSL/crypto/pkcs12.c b/OpenSSL/crypto/pkcs12.c
deleted file mode 100644
index f8e66a8..0000000
--- a/OpenSSL/crypto/pkcs12.c
+++ /dev/null
@@ -1,580 +0,0 @@
-/*
- * pkcs12.c
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Certificate transport (PKCS12) handling code,
- * mostly thin wrappers around OpenSSL.
- * See the file RATIONALE for a short explanation of why
- * this module was written.
- *
- * Reviewed 2001-07-23
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-/*
- * PKCS12 is a standard exchange format for digital certificates.
- * See e.g. the OpenSSL homepage http://www.openssl.org/ for more information
- */
-
-static void crypto_PKCS12_dealloc(crypto_PKCS12Obj *self);
-static int crypto_PKCS12_clear(crypto_PKCS12Obj *self);
-
-static char crypto_PKCS12_get_certificate_doc[] = "\n\
-Return certificate portion of the PKCS12 structure\n\
-\n\
-:return: X509 object containing the certificate\n\
-";
-static PyObject *
-crypto_PKCS12_get_certificate(crypto_PKCS12Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_certificate"))
- return NULL;
-
- Py_INCREF(self->cert);
- return self->cert;
-}
-
-static char crypto_PKCS12_set_certificate_doc[] = "\n\
-Replace the certificate portion of the PKCS12 structure\n\
-\n\
-:param cert: The new certificate.\n\
-:type cert: :py:class:`X509` or :py:data:`None`\n\
-:return: None\n\
-";
-static PyObject *
-crypto_PKCS12_set_certificate(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
- PyObject *cert = NULL;
- static char *kwlist[] = {"cert", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_certificate",
- kwlist, &cert))
- return NULL;
-
- if (cert != Py_None && ! crypto_X509_Check(cert)) {
- PyErr_SetString(PyExc_TypeError, "cert must be type X509 or None");
- return NULL;
- }
-
- Py_INCREF(cert); /* Make consistent before calling Py_DECREF() */
- Py_DECREF(self->cert);
- self->cert = cert;
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_PKCS12_get_privatekey_doc[] = "\n\
-Return private key portion of the PKCS12 structure\n\
-\n\
-:returns: PKey object containing the private key\n\
-";
-static crypto_PKeyObj *
-crypto_PKCS12_get_privatekey(crypto_PKCS12Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_privatekey"))
- return NULL;
-
- Py_INCREF(self->key);
- return (crypto_PKeyObj *) self->key;
-}
-
-static char crypto_PKCS12_set_privatekey_doc[] = "\n\
-Replace or set the certificate portion of the PKCS12 structure\n\
-\n\
-:param pkey: The new private key.\n\
-:type pkey: :py:class:`PKey`\n\
-:return: None\n\
-";
-static PyObject *
-crypto_PKCS12_set_privatekey(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
- PyObject *pkey = NULL;
- static char *kwlist[] = {"pkey", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_privatekey",
- kwlist, &pkey))
- return NULL;
-
- if (pkey != Py_None && ! crypto_PKey_Check(pkey)) {
- PyErr_SetString(PyExc_TypeError, "pkey must be type X509 or None");
- return NULL;
- }
-
- Py_INCREF(pkey); /* Make consistent before calling Py_DECREF() */
- Py_DECREF(self->key);
- self->key = pkey;
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_PKCS12_get_ca_certificates_doc[] = "\n\
-Return CA certificates within of the PKCS12 object\n\
-\n\
-:return: A newly created tuple containing the CA certificates in the chain,\n\
- if any are present, or None if no CA certificates are present.\n\
-";
-static PyObject *
-crypto_PKCS12_get_ca_certificates(crypto_PKCS12Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_ca_certificates"))
- return NULL;
-
- Py_INCREF(self->cacerts);
- return self->cacerts;
-}
-
-static char crypto_PKCS12_set_ca_certificates_doc[] = "\n\
-Replace or set the CA certificates withing the PKCS12 object.\n\
-\n\
-:param cacerts: The new CA certificates.\n\
-:type cacerts: Iterable of :py:class:`X509` or :py:data:`None`\n\
-:return: None\n\
-";
-static PyObject *
-crypto_PKCS12_set_ca_certificates(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
-{
- PyObject *obj;
- PyObject *cacerts;
- static char *kwlist[] = {"cacerts", NULL};
- int i, len; /* Py_ssize_t for Python 2.5+ */
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_ca_certificates",
- kwlist, &cacerts))
- return NULL;
- if (cacerts == Py_None) {
- Py_INCREF(cacerts);
- } else {
- /* It's iterable */
- cacerts = PySequence_Tuple(cacerts);
- if (cacerts == NULL) {
- return NULL;
- }
- len = PyTuple_Size(cacerts);
-
- /* Check is's a simple list filled only with X509 objects. */
- for (i = 0; i < len; i++) {
- obj = PyTuple_GetItem(cacerts, i);
- if (!crypto_X509_Check(obj)) {
- Py_DECREF(cacerts);
- PyErr_SetString(PyExc_TypeError, "iterable must only contain X509Type");
- return NULL;
- }
- }
- }
-
- Py_DECREF(self->cacerts);
- self->cacerts = cacerts;
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_PKCS12_get_friendlyname_doc[] = "\n\
-Return friendly name portion of the PKCS12 structure\n\
-\n\
-:returns: String containing the friendlyname\n\
-";
-static PyObject *
-crypto_PKCS12_get_friendlyname(crypto_PKCS12Obj *self, PyObject *args) {
- if (!PyArg_ParseTuple(args, ":get_friendlyname"))
- return NULL;
-
- Py_INCREF(self->friendlyname);
- return (PyObject *) self->friendlyname;
-}
-
-static char crypto_PKCS12_set_friendlyname_doc[] = "\n\
-Replace or set the certificate portion of the PKCS12 structure\n\
-\n\
-:param name: The new friendly name.\n\
-:type name: :py:data:`str`\n\
-:return: None\n\
-";
-static PyObject *
-crypto_PKCS12_set_friendlyname(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
- PyObject *name = NULL;
- static char *kwlist[] = {"name", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_friendlyname",
- kwlist, &name))
- return NULL;
-
- if (name != Py_None && ! PyBytes_CheckExact(name)) {
- PyErr_SetString(PyExc_TypeError, "name must be a byte string or None");
- return NULL;
- }
-
- Py_INCREF(name); /* Make consistent before calling Py_DECREF() */
- Py_DECREF(self->friendlyname);
- self->friendlyname = name;
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_PKCS12_export_doc[] = "\n\
-export([passphrase=None][, friendly_name=None][, iter=2048][, maciter=1]\n\
-Dump a PKCS12 object as a string. See also \"man PKCS12_create\".\n\
-\n\
-:param passphrase: used to encrypt the PKCS12\n\
-:type passphrase: :py:data:`str`\n\
-:param iter: How many times to repeat the encryption\n\
-:type iter: :py:data:`int`\n\
-:param maciter: How many times to repeat the MAC\n\
-:type maciter: :py:data:`int`\n\
-:return: The string containing the PKCS12\n\
-";
-static PyObject *
-crypto_PKCS12_export(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
- int i; /* Py_ssize_t for Python 2.5+ */
- PyObject *obj;
- int buf_len;
- PyObject *buffer;
- char *temp, *passphrase = NULL, *friendly_name = NULL;
- BIO *bio;
- PKCS12 *p12;
- EVP_PKEY *pkey = NULL;
- STACK_OF(X509) *cacerts = NULL;
- X509 *x509 = NULL;
- int iter = 0; /* defaults to PKCS12_DEFAULT_ITER */
- int maciter = 0;
- static char *kwlist[] = {"passphrase", "iter", "maciter", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "|zii:export",
- kwlist, &passphrase, &iter, &maciter))
- return NULL;
-
- if (self->key != Py_None) {
- pkey = ((crypto_PKeyObj*) self->key)->pkey;
- }
- if (self->cert != Py_None) {
- x509 = ((crypto_X509Obj*) self->cert)->x509;
- }
- if (self->cacerts != Py_None) {
- cacerts = sk_X509_new_null();
- for (i = 0; i < PyTuple_Size(self->cacerts); i++) { /* For each CA cert */
- obj = PySequence_GetItem(self->cacerts, i);
- /* assert(PyObject_IsInstance(obj, (PyObject *) &crypto_X509_Type )); */
- sk_X509_push(cacerts, (( crypto_X509Obj* ) obj)->x509);
- Py_DECREF(obj);
- }
- }
- if (self->friendlyname != Py_None) {
- friendly_name = PyBytes_AsString(self->friendlyname);
- }
-
- p12 = PKCS12_create(passphrase, friendly_name, pkey, x509, cacerts,
- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- iter, maciter, 0);
- sk_X509_free(cacerts); /* NULL safe. Free just the container. */
- if (p12 == NULL) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- bio = BIO_new(BIO_s_mem());
- i2d_PKCS12_bio(bio, p12);
- buf_len = BIO_get_mem_data(bio, &temp);
- buffer = PyBytes_FromStringAndSize(temp, buf_len);
- BIO_free(bio);
- return buffer;
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_PKCS12_name, METH_VARARGS, crypto_PKCS12_name_doc }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS, crypto_PKCS12_##name##_doc }
-#define ADD_KW_METHOD(name) \
- { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS | METH_KEYWORDS, crypto_PKCS12_##name##_doc }
-static PyMethodDef crypto_PKCS12_methods[] =
-{
- ADD_METHOD(get_certificate),
- ADD_KW_METHOD(set_certificate),
- ADD_METHOD(get_privatekey),
- ADD_KW_METHOD(set_privatekey),
- ADD_METHOD(get_ca_certificates),
- ADD_KW_METHOD(set_ca_certificates),
- ADD_METHOD(get_friendlyname),
- ADD_KW_METHOD(set_friendlyname),
- ADD_KW_METHOD(export),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-/*
- * Constructor for PKCS12 objects, never called by Python code directly.
- * The strategy for this object is to create all the Python objects
- * corresponding to the cert/key/CA certs right away
- *
- * Arguments: p12 - A "real" PKCS12 object or NULL
- * passphrase - Passphrase to use when decrypting the PKCS12 object
- * Returns: The newly created PKCS12 object
- */
-crypto_PKCS12Obj *
-crypto_PKCS12_New(PKCS12 *p12, char *passphrase) {
- crypto_PKCS12Obj *self = NULL;
- PyObject *cacertobj = NULL;
-
- unsigned char *alias_str;
- int alias_len;
-
- X509 *cert = NULL;
- EVP_PKEY *pkey = NULL;
- STACK_OF(X509) *cacerts = NULL;
-
- int i, cacert_count = 0;
-
- /* allocate space for the CA cert stack */
- if((cacerts = sk_X509_new_null()) == NULL) {
- goto error; /* out of memory? */
- }
-
- /* parse the PKCS12 lump */
- if (p12) {
- if (!PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
- /*
- * If PKCS12_parse fails, and it allocated cacerts, it seems to
- * free cacerts, but not re-NULL the pointer. Zounds! Make sure
- * it is re-set to NULL here, else we'll have a double-free below.
- */
- cacerts = NULL;
- exception_from_error_queue(crypto_Error);
- goto error;
- } else {
- /*
- * OpenSSL 1.0.0 sometimes leaves an X509_check_private_key error in
- * the queue for no particular reason. This error isn't interesting
- * to anyone outside this function. It's not even interesting to
- * us. Get rid of it.
- */
- flush_error_queue();
- }
- }
-
- if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {
- goto error;
- }
-
- /* client certificate and friendlyName */
- if (cert == NULL) {
- Py_INCREF(Py_None);
- self->cert = Py_None;
- Py_INCREF(Py_None);
- self->friendlyname = Py_None;
- } else {
- if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
- goto error;
- }
-
- /* Now we need to extract the friendlyName of the PKCS12
- * that was stored by PKCS_parse() in the alias of the
- * certificate. */
- alias_str = X509_alias_get0(cert, &alias_len);
- if (alias_str) {
- self->friendlyname = Py_BuildValue(BYTESTRING_FMT "#", alias_str, alias_len);
- if (!self->friendlyname) {
- /*
- * XXX Untested
- */
- goto error;
- }
- /* success */
- } else {
- Py_INCREF(Py_None);
- self->friendlyname = Py_None;
- }
- }
-
- /* private key */
- if (pkey == NULL) {
- Py_INCREF(Py_None);
- self->key = Py_None;
- } else {
- if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
- goto error;
- }
-
- /* CA certs */
- cacert_count = sk_X509_num(cacerts);
- if (cacert_count <= 0) {
- Py_INCREF(Py_None);
- self->cacerts = Py_None;
- } else {
- if ((self->cacerts = PyTuple_New(cacert_count)) == NULL) {
- goto error;
- }
-
- for (i = 0; i < cacert_count; i++) {
- cert = sk_X509_value(cacerts, i);
- if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
- goto error;
- }
- PyTuple_SET_ITEM(self->cacerts, i, cacertobj);
- }
- }
-
- sk_X509_free(cacerts); /* Don't free the certs, just the container. */
- PyObject_GC_Track(self);
-
- return self;
-
-error:
- sk_X509_free(cacerts); /* NULL safe. Free just the container. */
- if (self) {
- crypto_PKCS12_clear(self);
- PyObject_GC_Del(self);
- }
- return NULL;
-}
-
-static char crypto_PKCS12_doc[] = "\n\
-PKCS12() -> PKCS12 instance\n\
-\n\
-Create a new empty PKCS12 object.\n\
-\n\
-:returns: The PKCS12 object\n\
-";
-static PyObject *
-crypto_PKCS12_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- if (!PyArg_ParseTuple(args, ":PKCS12")) {
- return NULL;
- }
-
- return (PyObject *)crypto_PKCS12_New(NULL, NULL);
-}
-
-/*
- * Call the visitproc on all contained objects.
- *
- * Arguments: self - The PKCS12 object
- * visit - Function to call
- * arg - Extra argument to visit
- * Returns: 0 if all goes well, otherwise the return code from the first
- * call that gave non-zero result.
- */
-static int
-crypto_PKCS12_traverse(crypto_PKCS12Obj *self, visitproc visit, void *arg)
-{
- int ret = 0;
-
- if (ret == 0 && self->cert != NULL)
- ret = visit(self->cert, arg);
- if (ret == 0 && self->key != NULL)
- ret = visit(self->key, arg);
- if (ret == 0 && self->cacerts != NULL)
- ret = visit(self->cacerts, arg);
- if (ret == 0 && self->friendlyname != NULL)
- ret = visit(self->friendlyname, arg);
- return ret;
-}
-
-/*
- * Decref all contained objects and zero the pointers.
- *
- * Arguments: self - The PKCS12 object
- * Returns: Always 0.
- */
-static int
-crypto_PKCS12_clear(crypto_PKCS12Obj *self)
-{
- Py_XDECREF(self->cert);
- self->cert = NULL;
- Py_XDECREF(self->key);
- self->key = NULL;
- Py_XDECREF(self->cacerts);
- self->cacerts = NULL;
- Py_XDECREF(self->friendlyname);
- self->friendlyname = NULL;
- return 0;
-}
-
-/*
- * Deallocate the memory used by the PKCS12 object
- *
- * Arguments: self - The PKCS12 object
- * Returns: None
- */
-static void
-crypto_PKCS12_dealloc(crypto_PKCS12Obj *self)
-{
- PyObject_GC_UnTrack(self);
- crypto_PKCS12_clear(self);
- PyObject_GC_Del(self);
-}
-
-PyTypeObject crypto_PKCS12_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "PKCS12",
- sizeof(crypto_PKCS12Obj),
- 0,
- (destructor)crypto_PKCS12_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
- crypto_PKCS12_doc,
- (traverseproc)crypto_PKCS12_traverse,
- (inquiry)crypto_PKCS12_clear,
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_PKCS12_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_PKCS12_new, /* tp_new */
-};
-
-/*
- * Initialize the PKCS12 part of the crypto sub module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_pkcs12(PyObject *module) {
- if (PyType_Ready(&crypto_PKCS12_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_PKCS12_Type);
- if (PyModule_AddObject(module, "PKCS12", (PyObject *)&crypto_PKCS12_Type) != 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_PKCS12_Type);
- if (PyModule_AddObject(module, "PKCS12Type", (PyObject *)&crypto_PKCS12_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
diff --git a/OpenSSL/crypto/pkcs12.h b/OpenSSL/crypto/pkcs12.h
deleted file mode 100644
index f0de1a8..0000000
--- a/OpenSSL/crypto/pkcs12.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * pkcs12.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export PKCS12 functions and data structure.
- *
- */
-#ifndef PyOpenSSL_crypto_PKCS12_H_
-#define PyOpenSSL_crypto_PKCS12_H_
-
-#include <Python.h>
-#include <openssl/pkcs12.h>
-#include <openssl/asn1.h>
-
-extern int init_crypto_pkcs12 (PyObject *);
-
-extern PyTypeObject crypto_PKCS12_Type;
-
-#define crypto_PKCS12_Check(v) ((v)->ob_type == &crypto_PKCS12_Type)
-
-typedef struct {
- PyObject_HEAD
- /*
- * These either refer to a PyObject* of the appropriate type, or Py_None if
- * they don't have a value. They aren't set to NULL except during
- * finalization.
- */
- PyObject *cert;
- PyObject *key;
- PyObject *cacerts;
- PyObject *friendlyname;
-} crypto_PKCS12Obj;
-
-crypto_PKCS12Obj *
-crypto_PKCS12_New(PKCS12 *p12, char *passphrase);
-
-#endif
diff --git a/OpenSSL/crypto/pkcs7.c b/OpenSSL/crypto/pkcs7.c
deleted file mode 100644
index 24adde8..0000000
--- a/OpenSSL/crypto/pkcs7.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * pkcs7.c
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * PKCS7 handling code, mostly thin wrappers around OpenSSL.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-static char crypto_PKCS7_type_is_signed_doc[] = "\n\
-Check if this NID_pkcs7_signed object\n\
-\n\
-:return: True if the PKCS7 is of type signed\n\
-";
-
-static PyObject *
-crypto_PKCS7_type_is_signed(crypto_PKCS7Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":type_is_signed"))
- return NULL;
-
- if (PKCS7_type_is_signed(self->pkcs7))
- return PyLong_FromLong(1L);
- else
- return PyLong_FromLong(0L);
-}
-
-static char crypto_PKCS7_type_is_enveloped_doc[] = "\n\
-Check if this NID_pkcs7_enveloped object\n\
-\n\
-:returns: True if the PKCS7 is of type enveloped\n\
-";
-
-static PyObject *
-crypto_PKCS7_type_is_enveloped(crypto_PKCS7Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":type_is_enveloped"))
- return NULL;
-
- if (PKCS7_type_is_enveloped(self->pkcs7))
- return PyLong_FromLong(1L);
- else
- return PyLong_FromLong(0L);
-}
-
-static char crypto_PKCS7_type_is_signedAndEnveloped_doc[] = "\n\
-Check if this NID_pkcs7_signedAndEnveloped object\n\
-\n\
-:returns: True if the PKCS7 is of type signedAndEnveloped\n\
-";
-
-static PyObject *
-crypto_PKCS7_type_is_signedAndEnveloped(crypto_PKCS7Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":type_is_signedAndEnveloped"))
- return NULL;
-
- if (PKCS7_type_is_signedAndEnveloped(self->pkcs7))
- return PyLong_FromLong(1L);
- else
- return PyLong_FromLong(0L);
-}
-
-static char crypto_PKCS7_type_is_data_doc[] = "\n\
-Check if this NID_pkcs7_data object\n\
-\n\
-:return: True if the PKCS7 is of type data\n\
-";
-
-static PyObject *
-crypto_PKCS7_type_is_data(crypto_PKCS7Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":type_is_data"))
- return NULL;
-
- if (PKCS7_type_is_data(self->pkcs7))
- return PyLong_FromLong(1L);
- else
- return PyLong_FromLong(0L);
-}
-
-static char crypto_PKCS7_get_type_name_doc[] = "\n\
-Returns the type name of the PKCS7 structure\n\
-\n\
-:return: A string with the typename\n\
-";
-
-static PyObject *
-crypto_PKCS7_get_type_name(crypto_PKCS7Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_type_name"))
- return NULL;
-
- /*
- * return a string with the typename
- */
- return PyBytes_FromString(OBJ_nid2sn(OBJ_obj2nid(self->pkcs7->type)));
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_PKCS7_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_PKCS7_##name, METH_VARARGS, crypto_PKCS7_##name##_doc }
-static PyMethodDef crypto_PKCS7_methods[] =
-{
- ADD_METHOD(type_is_signed),
- ADD_METHOD(type_is_enveloped),
- ADD_METHOD(type_is_signedAndEnveloped),
- ADD_METHOD(type_is_data),
- ADD_METHOD(get_type_name),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-
-/*
- * Constructor for PKCS7 objects, never called by Python code directly
- *
- * Arguments: pkcs7 - A "real" pkcs7 certificate object
- * dealloc - Boolean value to specify whether the destructor should
- * free the "real" pkcs7 object
- * Returns: The newly created pkcs7 object
- */
-crypto_PKCS7Obj *
-crypto_PKCS7_New(PKCS7 *pkcs7, int dealloc)
-{
- crypto_PKCS7Obj *self;
-
- self = PyObject_New(crypto_PKCS7Obj, &crypto_PKCS7_Type);
-
- if (self == NULL)
- return NULL;
-
- self->pkcs7 = pkcs7;
- self->dealloc = dealloc;
-
- return self;
-}
-
-/*
- * Deallocate the memory used by the PKCS7 object
- *
- * Arguments: self - The PKCS7 object
- * Returns: None
- */
-static void
-crypto_PKCS7_dealloc(crypto_PKCS7Obj *self)
-{
- /* Sometimes we don't have to dealloc the "real" PKCS7 pointer ourselves */
- if (self->dealloc)
- PKCS7_free(self->pkcs7);
-
- PyObject_Del(self);
-}
-
-PyTypeObject crypto_PKCS7_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "PKCS7",
- sizeof(crypto_PKCS7Obj),
- 0,
- (destructor)crypto_PKCS7_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- NULL, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_PKCS7_methods, /* tp_methods */
-};
-
-/*
- * Initialize the PKCS7 part of the crypto sub module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_pkcs7(PyObject *module) {
- if (PyType_Ready(&crypto_PKCS7_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_PKCS7_Type);
- if (PyModule_AddObject(module, "PKCS7Type", (PyObject *)&crypto_PKCS7_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
-
diff --git a/OpenSSL/crypto/pkcs7.h b/OpenSSL/crypto/pkcs7.h
deleted file mode 100644
index d8453b2..0000000
--- a/OpenSSL/crypto/pkcs7.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * pkcs7.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export pkcs7 functions and data structure.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-#ifndef PyOpenSSL_crypto_PKCS7_H_
-#define PyOpenSSL_crypto_PKCS7_H_
-
-#include <Python.h>
-#include <openssl/pkcs7.h>
-
-extern int init_crypto_pkcs7 (PyObject *);
-
-extern PyTypeObject crypto_PKCS7_Type;
-
-#define crypto_PKCS7_Check(v) ((v)->ob_type == &crypto_PKCS7_Type)
-
-typedef struct {
- PyObject_HEAD
- PKCS7 *pkcs7;
- int dealloc;
-} crypto_PKCS7Obj;
-
-
-#endif
diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c
deleted file mode 100644
index 69312db..0000000
--- a/OpenSSL/crypto/pkey.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- * pkey.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * Public/rivate key handling code, mostly thin wrappers around OpenSSL.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-/*
- * This is done every time something fails, so turning it into a macro is
- * really nice.
- *
- * Arguments: None
- * Returns: Doesn't return
- */
-#define FAIL() \
-do { \
- exception_from_error_queue(crypto_Error); \
- return NULL; \
-} while (0)
-
-
-static char crypto_PKey_generate_key_doc[] = "\n\
-Generate a key of a given type, with a given number of a bits\n\
-\n\
-:param type: The key type (TYPE_RSA or TYPE_DSA)\n\
-:param bits: The number of bits\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_PKey_generate_key(crypto_PKeyObj *self, PyObject *args)
-{
- int type, bits;
- RSA *rsa;
- DSA *dsa;
-
- if (!PyArg_ParseTuple(args, "ii:generate_key", &type, &bits))
- return NULL;
-
- switch (type)
- {
- case crypto_TYPE_RSA:
- if (bits <= 0) {
- PyErr_SetString(PyExc_ValueError, "Invalid number of bits");
- return NULL;
- }
- Py_BEGIN_ALLOW_THREADS;
- rsa = RSA_generate_key(bits, 0x10001, NULL, NULL);
- Py_END_ALLOW_THREADS;
- if (rsa == NULL) {
- FAIL();
- }
- if (!EVP_PKEY_assign_RSA(self->pkey, rsa)) {
- FAIL();
- }
- break;
-
- case crypto_TYPE_DSA:
- Py_BEGIN_ALLOW_THREADS;
- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
- Py_END_ALLOW_THREADS;
- if (dsa == NULL) {
- FAIL();
- }
- if (!DSA_generate_key(dsa)) {
- FAIL();
- }
- if (!EVP_PKEY_assign_DSA(self->pkey, dsa)) {
- FAIL();
- }
- break;
-
- default:
- PyErr_SetString(crypto_Error, "No such key type");
- return NULL;
-
- }
- self->initialized = 1;
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_PKey_bits_doc[] = "\n\
-Returns the number of bits of the key\n\
-\n\
-:return: The number of bits of the key.\n\
-";
-
-static PyObject *
-crypto_PKey_bits(crypto_PKeyObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":bits"))
- return NULL;
-
- return PyLong_FromLong(EVP_PKEY_bits(self->pkey));
-}
-
-static char crypto_PKey_type_doc[] = "\n\
-Returns the type of the key\n\
-\n\
-:return: The type of the key.\n\
-";
-
-static PyObject *
-crypto_PKey_type(crypto_PKeyObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":type"))
- return NULL;
-
- return PyLong_FromLong(self->pkey->type);
-}
-
-static char crypto_PKey_check_doc[] = "\n\
-";
-
-static PyObject *
-crypto_PKey_check(crypto_PKeyObj *self, PyObject *args) {
- int r;
-
- if (!PyArg_ParseTuple(args, ":check")) {
- return NULL;
- }
-
- if (self->only_public) {
- PyErr_SetString(PyExc_TypeError, "public key only");
- return NULL;
- }
-
- if (self->pkey->type == EVP_PKEY_RSA) {
- RSA *rsa;
- rsa = EVP_PKEY_get1_RSA(self->pkey);
- r = RSA_check_key(rsa);
- if (r == 1) {
- return PyBool_FromLong(1L);
- } else {
- FAIL();
- }
- } else {
- PyErr_SetString(PyExc_TypeError, "key type unsupported");
- return NULL;
- }
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_PKey_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_PKey_##name, METH_VARARGS, crypto_PKey_##name##_doc }
-static PyMethodDef crypto_PKey_methods[] =
-{
- ADD_METHOD(generate_key),
- ADD_METHOD(bits),
- ADD_METHOD(type),
- ADD_METHOD(check),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-
-/*
- * Constructor for PKey objects, never called by Python code directly
- *
- * Arguments: pkey - A "real" EVP_PKEY object
- * dealloc - Boolean value to specify whether the destructor should
- * free the "real" EVP_PKEY object
- * Returns: The newly created PKey object
- */
-crypto_PKeyObj *
-crypto_PKey_New(EVP_PKEY *pkey, int dealloc)
-{
- crypto_PKeyObj *self;
-
- self = PyObject_New(crypto_PKeyObj, &crypto_PKey_Type);
-
- if (self == NULL)
- return NULL;
-
- self->pkey = pkey;
- self->dealloc = dealloc;
- self->only_public = 0;
-
- /*
- * Heuristic. Most call-sites pass an initialized EVP_PKEY. Not
- * necessarily the case that they will, though. That's part of why this is
- * a hack. -exarkun
- */
- self->initialized = 1;
-
- return self;
-}
-
-static char crypto_PKey_doc[] = "\n\
-PKey() -> PKey instance\n\
-\n\
-Create a new PKey object.\n\
-\n\
-:return: The PKey object\n\
-";
-static PyObject*
-crypto_PKey_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- crypto_PKeyObj *self;
-
- if (!PyArg_ParseTuple(args, ":PKey")) {
- return NULL;
- }
-
- self = crypto_PKey_New(EVP_PKEY_new(), 1);
- if (self) {
- self->initialized = 0;
- }
-
- return (PyObject *)self;
-}
-
-
-/*
- * Deallocate the memory used by the PKey object
- *
- * Arguments: self - The PKey object
- * Returns: None
- */
-static void
-crypto_PKey_dealloc(crypto_PKeyObj *self)
-{
- /* Sometimes we don't have to dealloc the "real" EVP_PKEY pointer ourselves */
- if (self->dealloc)
- EVP_PKEY_free(self->pkey);
-
- PyObject_Del(self);
-}
-
-PyTypeObject crypto_PKey_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "OpenSSL.crypto.PKey",
- sizeof(crypto_PKeyObj),
- 0,
- (destructor)crypto_PKey_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- crypto_PKey_doc, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_PKey_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_PKey_new, /* tp_new */
-};
-
-
-/*
- * Initialize the PKey part of the crypto sub module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_pkey(PyObject *module)
-{
- if (PyType_Ready(&crypto_PKey_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_PKey_Type);
- if (PyModule_AddObject(module, "PKey", (PyObject *)&crypto_PKey_Type) != 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_PKey_Type);
- if (PyModule_AddObject(module, "PKeyType", (PyObject *)&crypto_PKey_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
-
diff --git a/OpenSSL/crypto/pkey.h b/OpenSSL/crypto/pkey.h
deleted file mode 100644
index dc5e52e..0000000
--- a/OpenSSL/crypto/pkey.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * pkey.h
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * Export pkey functions and data structure.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-#ifndef PyOpenSSL_crypto_PKEY_H_
-#define PyOpenSSL_crypto_PKEY_H_
-
-extern int init_crypto_pkey (PyObject *);
-
-extern PyTypeObject crypto_PKey_Type;
-
-#define crypto_PKey_Check(v) ((v)->ob_type == &crypto_PKey_Type)
-
-typedef struct {
- PyObject_HEAD
-
- /*
- * A pointer to the underlying OpenSSL structure.
- */
- EVP_PKEY *pkey;
-
- /*
- * A flag indicating the underlying pkey object has no private parts (so it
- * can't sign, for example). This is a bit of a temporary hack.
- * Public-only should be represented as a different type. -exarkun
- */
- int only_public;
-
- /*
- * A flag indicating whether the underlying pkey object has no meaningful
- * data in it whatsoever. This is a temporary hack. It should be
- * impossible to create PKeys in an unusable state. -exarkun
- */
- int initialized;
-
- /*
- * A flag indicating whether pkey will be freed when this object is freed.
- */
- int dealloc;
-} crypto_PKeyObj;
-
-#define crypto_TYPE_RSA EVP_PKEY_RSA
-#define crypto_TYPE_DSA EVP_PKEY_DSA
-
-#endif
diff --git a/OpenSSL/crypto/revoked.c b/OpenSSL/crypto/revoked.c
deleted file mode 100644
index ed183b7..0000000
--- a/OpenSSL/crypto/revoked.c
+++ /dev/null
@@ -1,444 +0,0 @@
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-#ifdef _WIN32
-#define strcasecmp(string1, string2) _stricmp(string1, string2)
-#endif
-
-/* http://www.openssl.org/docs/apps/x509v3_config.html#CRL_distribution_points_ */
-/* which differs from crl_reasons of crypto/x509v3/v3_enum.c that matches */
-/* OCSP_crl_reason_str. We use the latter, just like the command line program. */
-static const char *crl_reasons[] = {
- "unspecified",
- "keyCompromise",
- "CACompromise",
- "affiliationChanged",
- "superseded",
- "cessationOfOperation",
- "certificateHold",
- NULL,
- "removeFromCRL",
-};
-
-#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
-
-static char crypto_Revoked_all_reasons_doc[] = "\n\
-Return a list of all the supported reason strings.\n\
-\n\
-:return: A list of reason strings.\n\
-";
-static PyObject *
-crypto_Revoked_all_reasons(crypto_RevokedObj *self, PyObject *args) {
- PyObject *list, *str;
- int j;
-
- list = PyList_New(0);
- for (j = 0; j < NUM_REASONS; j++) {
- if(crl_reasons[j]) {
- str = PyBytes_FromString(crl_reasons[j]);
- PyList_Append(list, str);
- Py_DECREF(str);
- }
- }
- return list;
-}
-
-static PyObject *
-X509_EXTENSION_value_to_PyString(X509_EXTENSION *ex) {
- BIO *bio = NULL;
- PyObject *str = NULL;
- int str_len;
- char *tmp_str;
-
- /* Create a openssl BIO buffer */
- bio = BIO_new(BIO_s_mem());
- if (bio == NULL) {
- goto err;
- }
-
- /* These are not the droids you are looking for. */
- if (!X509V3_EXT_print(bio, ex, 0, 0)) {
- if (M_ASN1_OCTET_STRING_print(bio, ex->value) == 0) {
- goto err;
- }
- }
-
- /* Convert to a Python string. */
- str_len = BIO_get_mem_data(bio, &tmp_str);
- str = PyBytes_FromStringAndSize(tmp_str, str_len);
-
- /* Cleanup */
- BIO_free(bio);
- return str;
-
- err:
- if (bio) {
- BIO_free(bio);
- }
- if (str) {
- Py_DECREF(str);
- }
- return NULL;
-}
-
-static void
-delete_reason(STACK_OF(X509_EXTENSION) *sk) {
- X509_EXTENSION * ext;
- int j;
-
- for (j = 0; j < sk_X509_EXTENSION_num(sk); j++) {
- ext = sk_X509_EXTENSION_value(sk, j);
- if (OBJ_obj2nid(ext->object) == NID_crl_reason) {
- X509_EXTENSION_free(ext);
- (void) sk_X509_EXTENSION_delete(sk, j);
- break;
- }
- }
-}
-
-static int
-reason_str_to_code(const char * reason_str) {
- int reason_code = -1, j;
- char *spaceless_reason, * sp;
-
- /* Remove spaces so that the responses of
- * get_reason() work in set_reason() */
- if ((spaceless_reason = strdup(reason_str)) == NULL) {
- return -1;
- }
-
- while ((sp = strchr(spaceless_reason, ' '))) {
- memmove(sp, sp+1, strlen(sp));
- }
-
- for (j = 0; j < NUM_REASONS; j++) {
- if(crl_reasons[j] && !strcasecmp(spaceless_reason, crl_reasons[j])) {
- reason_code = j;
- break;
- }
- }
- free(spaceless_reason);
- return reason_code;
-}
-
-
-static char crypto_Revoked_set_reason_doc[] = "\n\
-Set the reason of a Revoked object.\n\
-\n\
-:param reason: The reason string.\n\
-:type reason: :py:data:`str`\n\
-:return: None\n\
-";
-static PyObject *
-crypto_Revoked_set_reason(crypto_RevokedObj *self, PyObject *args, PyObject *keywds) {
- static char *kwlist[] = {"reason", NULL};
- const char *reason_str = NULL;
- int reason_code;
- ASN1_ENUMERATED *rtmp = NULL;
-
- if (!PyArg_ParseTupleAndKeywords(
- args, keywds, "O&:set_reason", kwlist,
- crypto_byte_converter, &reason_str)) {
- return NULL;
- }
-
- if(reason_str == NULL) {
- delete_reason(self->revoked->extensions);
- goto done;
- }
-
- reason_code = reason_str_to_code(reason_str);
- if (reason_code == -1) {
- PyErr_SetString(PyExc_ValueError, "bad reason string");
- return NULL;
- }
-
- rtmp = ASN1_ENUMERATED_new();
- if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code)) {
- goto err;
- }
- delete_reason(self->revoked->extensions);
- if (!X509_REVOKED_add1_ext_i2d(self->revoked, NID_crl_reason, rtmp, 0, 0)) {
- goto err;
- }
-
- done:
- Py_INCREF(Py_None);
- return Py_None;
-
- err:
- exception_from_error_queue(crypto_Error);
- return NULL;
-}
-
-
-static char crypto_Revoked_get_reason_doc[] = "\n\
-Return the reason of a Revoked object.\n\
-\n\
-:return: The reason as a string\n\
-";
-static PyObject *
-crypto_Revoked_get_reason(crypto_RevokedObj *self, PyObject *args) {
- X509_EXTENSION * ext;
- int j;
- STACK_OF(X509_EXTENSION) *sk = NULL;
-
- if (!PyArg_ParseTuple(args, ":get_reason")) {
- return NULL;
- }
-
- sk = self->revoked->extensions;
- for (j = 0; j < sk_X509_EXTENSION_num(sk); j++) {
- ext = sk_X509_EXTENSION_value(sk, j);
- if (OBJ_obj2nid(ext->object) == NID_crl_reason) {
- return X509_EXTENSION_value_to_PyString(ext);
- }
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-
-static char crypto_Revoked_get_rev_date_doc[] = "\n\
-Retrieve the revocation date\n\
-\n\
-:return: A string giving the timestamp, in the format:\n\
-\n\
- YYYYMMDDhhmmssZ\n\
- YYYYMMDDhhmmss+hhmm\n\
- YYYYMMDDhhmmss-hhmm\n\
-";
-
-static PyObject*
-crypto_Revoked_get_rev_date(crypto_RevokedObj *self, PyObject *args) {
- /* returns a borrowed reference. */
- return _get_asn1_time(
- ":get_rev_date", self->revoked->revocationDate, args);
-}
-
-static char crypto_Revoked_set_rev_date_doc[] = "\n\
-Set the revocation timestamp\n\
-\n\
-:param when: A string giving the timestamp, in the format:\n\
-\n\
- YYYYMMDDhhmmssZ\n\
- YYYYMMDDhhmmss+hhmm\n\
- YYYYMMDDhhmmss-hhmm\n\
-\n\
-:return: None\n\
-";
-
-static PyObject*
-crypto_Revoked_set_rev_date(crypto_RevokedObj *self, PyObject *args) {
- return _set_asn1_time(
- BYTESTRING_FMT ":set_rev_date", self->revoked->revocationDate, args);
-}
-
-/* The integer is converted to an upper-case hex string
- * without a '0x' prefix. */
-static PyObject *
-ASN1_INTEGER_to_PyString(ASN1_INTEGER *asn1_int) {
- BIO *bio = NULL;
- PyObject *str = NULL;
- int str_len;
- char *tmp_str;
-
- /* Create a openssl BIO buffer */
- bio = BIO_new(BIO_s_mem());
- if (bio == NULL) {
- goto err;
- }
-
- /* Write the integer to the BIO as a hex string. */
- if (i2a_ASN1_INTEGER(bio, asn1_int) < 0) {
- goto err;
- }
-
- /* Convert to a Python string. */
- str_len = BIO_get_mem_data(bio, &tmp_str);
- str = PyBytes_FromStringAndSize(tmp_str, str_len);
-
- /* Cleanup */
- BIO_free(bio);
- return str;
-
- err:
- if (bio) {
- BIO_free(bio);
- }
- if (str) {
- Py_DECREF(str);
- }
- return NULL;
-}
-
-
-static char crypto_Revoked_get_serial_doc[] = "\n\
-Return the serial number of a Revoked structure\n\
-\n\
-:return: The serial number as a string\n\
-";
-static PyObject *
-crypto_Revoked_get_serial(crypto_RevokedObj *self, PyObject *args) {
- if (!PyArg_ParseTuple(args, ":get_serial")) {
- return NULL;
- }
-
- if (self->revoked->serialNumber == NULL) {
- /* never happens */
- Py_INCREF(Py_None);
- return Py_None;
- } else {
- return ASN1_INTEGER_to_PyString(self->revoked->serialNumber);
- }
-}
-
-static char crypto_Revoked_set_serial_doc[] = "\n\
-Set the serial number of a revoked Revoked structure\n\
-\n\
-:param hex_str: The new serial number.\n\
-:type hex_str: :py:data:`str`\n\
-:return: None\n\
-";
-static PyObject *
-crypto_Revoked_set_serial(crypto_RevokedObj *self, PyObject *args, PyObject *keywds) {
- static char *kwlist[] = {"hex_str", NULL};
- const char *hex_str = NULL;
- BIGNUM *serial = NULL;
- ASN1_INTEGER *tmpser = NULL;
-
- if (!PyArg_ParseTupleAndKeywords(args, keywds, BYTESTRING_FMT ":set_serial",
- kwlist, &hex_str)) {
- return NULL;
- }
-
- if (!BN_hex2bn(&serial, hex_str) ) {
- PyErr_SetString(PyExc_ValueError, "bad hex string");
- return NULL;
- }
-
- tmpser = BN_to_ASN1_INTEGER(serial, NULL);
- BN_free(serial);
- serial = NULL;
- X509_REVOKED_set_serialNumber(self->revoked, tmpser);
- ASN1_INTEGER_free(tmpser);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-
-crypto_RevokedObj *
-crypto_Revoked_New(X509_REVOKED *revoked) {
- crypto_RevokedObj *self;
-
- self = PyObject_New(crypto_RevokedObj, &crypto_Revoked_Type);
- if (self == NULL) {
- return NULL;
- }
- self->revoked = revoked;
- return self;
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_Revoked_name, METH_VARARGS, crypto_Revoked_name_doc }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_Revoked_##name, METH_VARARGS, crypto_Revoked_##name##_doc }
-#define ADD_KW_METHOD(name) \
- { #name, (PyCFunction)crypto_Revoked_##name, METH_VARARGS | METH_KEYWORDS, crypto_Revoked_##name##_doc }
-static PyMethodDef crypto_Revoked_methods[] = {
- ADD_METHOD(all_reasons),
- ADD_METHOD(get_reason),
- ADD_KW_METHOD(set_reason),
- ADD_METHOD(get_rev_date),
- ADD_METHOD(set_rev_date),
- ADD_METHOD(get_serial),
- ADD_KW_METHOD(set_serial),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-
-static void
-crypto_Revoked_dealloc(crypto_RevokedObj *self) {
- X509_REVOKED_free(self->revoked);
- self->revoked = NULL;
-
- PyObject_Del(self);
-}
-
-static char crypto_Revoked_doc[] = "\n\
-Revoked() -> Revoked instance\n\
-\n\
-Create a new empty Revoked object.\n\
-\n\
-:returns: The Revoked object\n\
-";
-
-static PyObject* crypto_Revoked_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- if (!PyArg_ParseTuple(args, ":Revoked")) {
- return NULL;
- }
-
- return (PyObject *)crypto_Revoked_New(X509_REVOKED_new());
-}
-
-PyTypeObject crypto_Revoked_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "Revoked",
- sizeof(crypto_RevokedObj),
- 0,
- (destructor)crypto_Revoked_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- crypto_Revoked_doc, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_Revoked_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_Revoked_new, /* tp_new */
-};
-
-int init_crypto_revoked(PyObject *module) {
- if(PyType_Ready(&crypto_Revoked_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_Revoked_Type);
- if (PyModule_AddObject(module, "Revoked", (PyObject *)&crypto_Revoked_Type) != 0) {
- return 0;
- }
- return 1;
-}
diff --git a/OpenSSL/crypto/revoked.h b/OpenSSL/crypto/revoked.h
deleted file mode 100644
index fb85ac6..0000000
--- a/OpenSSL/crypto/revoked.h
+++ /dev/null
@@ -1,18 +0,0 @@
-#ifndef PyOpenSSL_crypto_REVOKED_H_
-#define PyOpenSSL_crypto_REVOKED_H_
-
-#include <Python.h>
-
-extern PyTypeObject crypto_Revoked_Type;
-
-#define crypto_Revoked_Check(v) ((v)->ob_type == &crypto_Revoked_Type)
-
-typedef struct {
- PyObject_HEAD
- X509_REVOKED *revoked;
-} crypto_RevokedObj;
-
-extern int init_crypto_revoked (PyObject *);
-extern crypto_RevokedObj * crypto_Revoked_New(X509_REVOKED *revoked);
-
-#endif
diff --git a/OpenSSL/crypto/x509.c b/OpenSSL/crypto/x509.c
deleted file mode 100644
index 9a4fe94..0000000
--- a/OpenSSL/crypto/x509.c
+++ /dev/null
@@ -1,932 +0,0 @@
-/*
- * x509.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-#include "x509ext.h"
-
-/*
- * X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
- * http://www.openssl.org/ for more information
- */
-
-static char crypto_X509_get_version_doc[] = "\n\
-Return version number of the certificate\n\
-\n\
-:return: Version number as a Python integer\n\
-";
-
-static PyObject *
-crypto_X509_get_version(crypto_X509Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_version"))
- return NULL;
-
- return PyLong_FromLong((long)X509_get_version(self->x509));
-}
-
-static char crypto_X509_set_version_doc[] = "\n\
-Set version number of the certificate\n\
-\n\
-:param version: The version number\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_set_version(crypto_X509Obj *self, PyObject *args)
-{
- int version;
-
- if (!PyArg_ParseTuple(args, "i:set_version", &version))
- return NULL;
-
- X509_set_version(self->x509, version);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509_get_serial_number_doc[] = "\n\
-Return serial number of the certificate\n\
-\n\
-:return: Serial number as a Python integer\n\
-";
-
-static PyObject *
-crypto_X509_get_serial_number(crypto_X509Obj *self, PyObject *args)
-{
- ASN1_INTEGER *asn1_i;
- BIGNUM *bignum;
- char *hex;
- PyObject *res;
-
- if (!PyArg_ParseTuple(args, ":get_serial_number"))
- return NULL;
-
- asn1_i = X509_get_serialNumber(self->x509);
- bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
- hex = BN_bn2hex(bignum);
- res = PyLong_FromString(hex, NULL, 16);
- BN_free(bignum);
- OPENSSL_free(hex);
- return res;
-}
-
-static char crypto_X509_set_serial_number_doc[] = "\n\
-Set serial number of the certificate\n\
-\n\
-:param serial: The serial number\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_set_serial_number(crypto_X509Obj *self, PyObject *args)
-{
- long small_serial;
- PyObject *serial = NULL;
- PyObject *hex = NULL;
- ASN1_INTEGER *asn1_i = NULL;
- BIGNUM *bignum = NULL;
- char *hexstr;
-
- if (!PyArg_ParseTuple(args, "O:set_serial_number", &serial)) {
- return NULL;
- }
-
- if (!PyOpenSSL_Integer_Check(serial)) {
- PyErr_SetString(
- PyExc_TypeError, "serial number must be integer");
- goto err;
- }
-
- if ((hex = PyOpenSSL_LongToHex(serial)) == NULL) {
- goto err;
- }
-
-#ifdef PY3
- {
- PyObject *hexbytes = PyUnicode_AsASCIIString(hex);
- Py_DECREF(hex);
- hex = hexbytes;
- }
-#endif
-
- /**
- * BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
- * it. If bignum is still NULL after this call, then the return value
- * is actually the result. I hope. -exarkun
- */
- hexstr = PyBytes_AsString(hex);
- if (hexstr[1] == 'x') {
- /* +2 to skip the "0x" */
- hexstr += 2;
- }
- small_serial = BN_hex2bn(&bignum, hexstr);
-
- Py_DECREF(hex);
- hex = NULL;
-
- if (bignum == NULL) {
- if (ASN1_INTEGER_set(X509_get_serialNumber(self->x509), small_serial)) {
- exception_from_error_queue(crypto_Error);
- goto err;
- }
- } else {
- asn1_i = BN_to_ASN1_INTEGER(bignum, NULL);
- BN_free(bignum);
- bignum = NULL;
- if (asn1_i == NULL) {
- exception_from_error_queue(crypto_Error);
- goto err;
- }
- if (!X509_set_serialNumber(self->x509, asn1_i)) {
- exception_from_error_queue(crypto_Error);
- goto err;
- }
- ASN1_INTEGER_free(asn1_i);
- asn1_i = NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-
- err:
- if (hex) {
- Py_DECREF(hex);
- }
- if (bignum) {
- BN_free(bignum);
- }
- if (asn1_i) {
- ASN1_INTEGER_free(asn1_i);
- }
- return NULL;
-}
-
-static char crypto_X509_get_issuer_doc[] = "\n\
-Create an X509Name object for the issuer of the certificate\n\
-\n\
-:return: An X509Name object\n\
-";
-
-static PyObject *
-crypto_X509_get_issuer(crypto_X509Obj *self, PyObject *args)
-{
- crypto_X509NameObj *pyname;
- X509_NAME *name;
-
- if (!PyArg_ParseTuple(args, ":get_issuer"))
- return NULL;
-
- name = X509_get_issuer_name(self->x509);
- pyname = crypto_X509Name_New(name, 0);
- if (pyname != NULL)
- {
- pyname->parent_cert = (PyObject *)self;
- Py_INCREF(self);
- }
- return (PyObject *)pyname;
-}
-
-static char crypto_X509_set_issuer_doc[] = "\n\
-Set the issuer of the certificate\n\
-\n\
-:param issuer: The issuer name\n\
-:type issuer: :py:class:`X509Name`\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_set_issuer(crypto_X509Obj *self, PyObject *args)
-{
- crypto_X509NameObj *issuer;
-
- if (!PyArg_ParseTuple(args, "O!:set_issuer", &crypto_X509Name_Type,
- &issuer))
- return NULL;
-
- if (!X509_set_issuer_name(self->x509, issuer->x509_name))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509_get_subject_doc[] = "\n\
-Create an X509Name object for the subject of the certificate\n\
-\n\
-:return: An X509Name object\n\
-";
-
-static PyObject *
-crypto_X509_get_subject(crypto_X509Obj *self, PyObject *args)
-{
- crypto_X509NameObj *pyname;
- X509_NAME *name;
-
- if (!PyArg_ParseTuple(args, ":get_subject"))
- return NULL;
-
- name = X509_get_subject_name(self->x509);
- pyname = crypto_X509Name_New(name, 0);
- if (pyname != NULL)
- {
- pyname->parent_cert = (PyObject *)self;
- Py_INCREF(self);
- }
- return (PyObject *)pyname;
-}
-
-static char crypto_X509_set_subject_doc[] = "\n\
-Set the subject of the certificate\n\
-\n\
-:param subject: The subject name\n\
-:type subject: :py:class:`X509Name`\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_set_subject(crypto_X509Obj *self, PyObject *args)
-{
- crypto_X509NameObj *subject;
-
- if (!PyArg_ParseTuple(args, "O!:set_subject", &crypto_X509Name_Type,
- &subject))
- return NULL;
-
- if (!X509_set_subject_name(self->x509, subject->x509_name))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509_get_pubkey_doc[] = "\n\
-Get the public key of the certificate\n\
-\n\
-:return: The public key\n\
-";
-
-static PyObject *
-crypto_X509_get_pubkey(crypto_X509Obj *self, PyObject *args)
-{
- crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
- EVP_PKEY *pkey;
- crypto_PKeyObj *py_pkey;
-
- if (!PyArg_ParseTuple(args, ":get_pubkey"))
- return NULL;
-
- if ((pkey = X509_get_pubkey(self->x509)) == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- py_pkey = crypto_PKey_New(pkey, 1);
- if (py_pkey != NULL) {
- py_pkey->only_public = 1;
- }
- return (PyObject *)py_pkey;
-}
-
-static char crypto_X509_set_pubkey_doc[] = "\n\
-Set the public key of the certificate\n\
-\n\
-:param pkey: The public key\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_set_pubkey(crypto_X509Obj *self, PyObject *args)
-{
- crypto_PKeyObj *pkey;
-
- if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
- return NULL;
-
- if (!X509_set_pubkey(self->x509, pkey->pkey))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-PyObject*
-_set_asn1_time(char *format, ASN1_TIME* timestamp, PyObject *args)
-{
- char *when;
-
- if (!PyArg_ParseTuple(args, format, &when))
- return NULL;
-
- if (ASN1_GENERALIZEDTIME_set_string(timestamp, when) == 0) {
- ASN1_GENERALIZEDTIME dummy;
- dummy.type = V_ASN1_GENERALIZEDTIME;
- dummy.length = strlen(when);
- dummy.data = (unsigned char *)when;
- if (!ASN1_GENERALIZEDTIME_check(&dummy)) {
- PyErr_SetString(PyExc_ValueError, "Invalid string");
- } else {
- PyErr_SetString(PyExc_RuntimeError, "Unknown ASN1_GENERALIZEDTIME_set_string failure");
- }
- return NULL;
- }
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509_set_notBefore_doc[] = "\n\
-Set the time stamp for when the certificate starts being valid\n\
-\n\
-:param when: A string giving the timestamp, in the format:\n\
-\n\
- YYYYMMDDhhmmssZ\n\
- YYYYMMDDhhmmss+hhmm\n\
- YYYYMMDDhhmmss-hhmm\n\
-\n\
-:return: None\n\
-";
-
-static PyObject*
-crypto_X509_set_notBefore(crypto_X509Obj *self, PyObject *args)
-{
- return _set_asn1_time(
- BYTESTRING_FMT ":set_notBefore",
- X509_get_notBefore(self->x509), args);
-}
-
-static char crypto_X509_set_notAfter_doc[] = "\n\
-Set the time stamp for when the certificate stops being valid\n\
-\n\
-:param when: A string giving the timestamp, in the format:\n\
-\n\
- YYYYMMDDhhmmssZ\n\
- YYYYMMDDhhmmss+hhmm\n\
- YYYYMMDDhhmmss-hhmm\n\
-\n\
-:return: None\n\
-";
-
-static PyObject*
-crypto_X509_set_notAfter(crypto_X509Obj *self, PyObject *args)
-{
- return _set_asn1_time(
- BYTESTRING_FMT ":set_notAfter",
- X509_get_notAfter(self->x509), args);
-}
-
-PyObject*
-_get_asn1_time(char *format, ASN1_TIME* timestamp, PyObject *args)
-{
- ASN1_GENERALIZEDTIME *gt_timestamp = NULL;
- PyObject *py_timestamp = NULL;
-
- if (!PyArg_ParseTuple(args, format)) {
- return NULL;
- }
-
- /*
- * http://www.columbia.edu/~ariel/ssleay/asn1-time.html
- */
- /*
- * There must be a way to do this without touching timestamp->data
- * directly. -exarkun
- */
- if (timestamp->length == 0) {
- Py_INCREF(Py_None);
- return Py_None;
- } else if (timestamp->type == V_ASN1_GENERALIZEDTIME) {
- return PyBytes_FromString((char *)timestamp->data);
- } else {
- ASN1_TIME_to_generalizedtime(timestamp, >_timestamp);
- if (gt_timestamp == NULL) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- } else {
- py_timestamp = PyBytes_FromString((char *)gt_timestamp->data);
- ASN1_GENERALIZEDTIME_free(gt_timestamp);
- return py_timestamp;
- }
- }
-}
-
-static char crypto_X509_get_notBefore_doc[] = "\n\
-Retrieve the time stamp for when the certificate starts being valid\n\
-\n\
-:return: A string giving the timestamp, in the format::\n\
-\n\
- YYYYMMDDhhmmssZ\n\
- YYYYMMDDhhmmss+hhmm\n\
- YYYYMMDDhhmmss-hhmm\n\
-\n\
- or None if there is no value set.\n\
-";
-
-static PyObject*
-crypto_X509_get_notBefore(crypto_X509Obj *self, PyObject *args)
-{
- /*
- * X509_get_notBefore returns a borrowed reference.
- */
- return _get_asn1_time(
- ":get_notBefore", X509_get_notBefore(self->x509), args);
-}
-
-
-static char crypto_X509_get_notAfter_doc[] = "\n\
-Retrieve the time stamp for when the certificate stops being valid\n\
-\n\
-:return: A string giving the timestamp, in the format::\n\
-\n\
- YYYYMMDDhhmmssZ\n\
- YYYYMMDDhhmmss+hhmm\n\
- YYYYMMDDhhmmss-hhmm\n\
-\n\
- or None if there is no value set.\n\
-";
-
-static PyObject*
-crypto_X509_get_notAfter(crypto_X509Obj *self, PyObject *args)
-{
- /*
- * X509_get_notAfter returns a borrowed reference.
- */
- return _get_asn1_time(
- ":get_notAfter", X509_get_notAfter(self->x509), args);
-}
-
-
-static char crypto_X509_gmtime_adj_notBefore_doc[] = "\n\
-Change the timestamp for when the certificate starts being valid to the current\n\
-time plus an offset.\n \
-\n\
-:param amount: The number of seconds by which to adjust the starting validity\n\
- time.\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_gmtime_adj_notBefore(crypto_X509Obj *self, PyObject *args)
-{
- long amount;
-
- if (!PyArg_ParseTuple(args, "l:gmtime_adj_notBefore", &amount))
- return NULL;
-
- X509_gmtime_adj(X509_get_notBefore(self->x509), amount);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509_gmtime_adj_notAfter_doc[] = "\n\
-Adjust the time stamp for when the certificate stops being valid\n\
-\n\
-:param amount: The number of seconds by which to adjust the ending validity\n\
- time.\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_gmtime_adj_notAfter(crypto_X509Obj *self, PyObject *args)
-{
- long amount;
-
- if (!PyArg_ParseTuple(args, "l:gmtime_adj_notAfter", &amount))
- return NULL;
-
- X509_gmtime_adj(X509_get_notAfter(self->x509), amount);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-
-static char crypto_X509_get_signature_algorithm_doc[] = "\n\
-Retrieve the signature algorithm used in the certificate\n\
-\n\
-:return: A byte string giving the name of the signature algorithm used in\n\
- the certificate.\n\
-:raise ValueError: If the signature algorithm is undefined.\n\
-";
-
-static PyObject *
-crypto_X509_get_signature_algorithm(crypto_X509Obj *self, PyObject *args) {
- ASN1_OBJECT *alg;
- int nid;
-
- if (!PyArg_ParseTuple(args, ":get_signature_algorithm")) {
- return NULL;
- }
-
- alg = self->x509->cert_info->signature->algorithm;
- nid = OBJ_obj2nid(alg);
- if (nid == NID_undef) {
- PyErr_SetString(PyExc_ValueError, "Undefined signature algorithm");
- return NULL;
- }
- return PyBytes_FromString(OBJ_nid2ln(nid));
-}
-
-
-static char crypto_X509_sign_doc[] = "\n\
-Sign the certificate using the supplied key and digest\n\
-\n\
-:param pkey: The key to sign with\n\
-:param digest: The message digest to use\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_sign(crypto_X509Obj *self, PyObject *args)
-{
- crypto_PKeyObj *pkey;
- char *digest_name;
- const EVP_MD *digest;
-
- if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
- &digest_name))
- return NULL;
-
- if (pkey->only_public) {
- PyErr_SetString(PyExc_ValueError, "Key has only public part");
- return NULL;
- }
-
- if (!pkey->initialized) {
- PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
- return NULL;
- }
-
- if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
- {
- PyErr_SetString(PyExc_ValueError, "No such digest method");
- return NULL;
- }
-
- if (!X509_sign(self->x509, pkey->pkey, digest))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509_has_expired_doc[] = "\n\
-Check whether the certificate has expired.\n\
-\n\
-:return: True if the certificate has expired, false otherwise\n\
-";
-
-static PyObject *
-crypto_X509_has_expired(crypto_X509Obj *self, PyObject *args)
-{
- time_t tnow;
-
- if (!PyArg_ParseTuple(args, ":has_expired"))
- return NULL;
-
- tnow = time(NULL);
- if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
- return PyLong_FromLong(1L);
- else
- return PyLong_FromLong(0L);
-}
-
-static char crypto_X509_subject_name_hash_doc[] = "\n\
-Return the hash of the X509 subject.\n\
-\n\
-:return: The hash of the subject\n\
-";
-
-static PyObject *
-crypto_X509_subject_name_hash(crypto_X509Obj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":subject_name_hash"))
- return NULL;
-
- return PyLong_FromLongLong(X509_subject_name_hash(self->x509));
-}
-
-static char crypto_X509_digest_doc[] = "\n\
-Return the digest of the X509 object.\n\
-\n\
-:return: The digest of the object\n\
-";
-
-static PyObject *
-crypto_X509_digest(crypto_X509Obj *self, PyObject *args)
-{
- unsigned char fp[EVP_MAX_MD_SIZE];
- char *tmp;
- char *digest_name;
- unsigned int len,i;
- PyObject *ret;
- const EVP_MD *digest;
-
- if (!PyArg_ParseTuple(args, "s:digest", &digest_name))
- return NULL;
-
- if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
- {
- PyErr_SetString(PyExc_ValueError, "No such digest method");
- return NULL;
- }
-
- if (!X509_digest(self->x509,digest,fp,&len))
- {
- exception_from_error_queue(crypto_Error);
- }
- tmp = malloc(3*len+1);
- memset(tmp, 0, 3*len+1);
- for (i = 0; i < len; i++) {
- sprintf(tmp+i*3,"%02X:",fp[i]);
- }
- tmp[3*len-1] = 0;
- ret = PyBytes_FromStringAndSize(tmp,3*len-1);
- free(tmp);
- return ret;
-}
-
-
-static char crypto_X509_add_extensions_doc[] = "\n\
-Add extensions to the certificate.\n\
-\n\
-:param extensions: a sequence of X509Extension objects\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509_add_extensions(crypto_X509Obj *self, PyObject *args)
-{
- PyObject *extensions, *seq;
- crypto_X509ExtensionObj *ext;
- int nr_of_extensions, i;
-
- if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
- return NULL;
-
- seq = PySequence_Fast(extensions, "Expected a sequence");
- if (seq == NULL)
- return NULL;
-
- nr_of_extensions = PySequence_Fast_GET_SIZE(seq);
-
- for (i = 0; i < nr_of_extensions; i++)
- {
- ext = (crypto_X509ExtensionObj *)PySequence_Fast_GET_ITEM(seq, i);
- if (!crypto_X509Extension_Check(ext))
- {
- Py_DECREF(seq);
- PyErr_SetString(PyExc_ValueError,
- "One of the elements is not an X509Extension");
- return NULL;
- }
- if (!X509_add_ext(self->x509, ext->x509_extension, -1))
- {
- Py_DECREF(seq);
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509_get_extension_count_doc[] = "\n\
-Get the number of extensions on the certificate.\n\
-\n\
-:return: Number of extensions as a Python integer\n\
-";
-
-static PyObject *
-crypto_X509_get_extension_count(crypto_X509Obj *self, PyObject *args) {
- if (!PyArg_ParseTuple(args, ":get_extension_count")) {
- return NULL;
- }
-
- return PyLong_FromLong((long)X509_get_ext_count(self->x509));
-}
-
-static char crypto_X509_get_extension_doc[] = "\n\
-Get a specific extension of the certificate by index.\n\
-\n\
-:param index: The index of the extension to retrieve.\n\
-:return: The X509Extension object at the specified index.\n\
-";
-
-static PyObject *
-crypto_X509_get_extension(crypto_X509Obj *self, PyObject *args) {
- crypto_X509ExtensionObj *extobj;
- int loc;
- X509_EXTENSION *ext;
-
- if (!PyArg_ParseTuple(args, "i:get_extension", &loc)) {
- return NULL;
- }
-
- /* will return NULL if loc is outside the range of extensions,
- not registered as an error*/
- ext = X509_get_ext(self->x509, loc);
- if (!ext) {
- PyErr_SetString(PyExc_IndexError, "extension index out of bounds");
- return NULL; /* Should be reported as an IndexError ? */
- }
-
- extobj = PyObject_New(crypto_X509ExtensionObj, &crypto_X509Extension_Type);
- extobj->x509_extension = X509_EXTENSION_dup(ext);
- extobj->dealloc = 1;
-
- return (PyObject*)extobj;
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_X509_##name, METH_VARARGS, crypto_X509_##name##_doc }
-static PyMethodDef crypto_X509_methods[] =
-{
- ADD_METHOD(get_version),
- ADD_METHOD(set_version),
- ADD_METHOD(get_serial_number),
- ADD_METHOD(set_serial_number),
- ADD_METHOD(get_issuer),
- ADD_METHOD(set_issuer),
- ADD_METHOD(get_subject),
- ADD_METHOD(set_subject),
- ADD_METHOD(get_pubkey),
- ADD_METHOD(set_pubkey),
- ADD_METHOD(get_notBefore),
- ADD_METHOD(set_notBefore),
- ADD_METHOD(get_notAfter),
- ADD_METHOD(set_notAfter),
- ADD_METHOD(gmtime_adj_notBefore),
- ADD_METHOD(gmtime_adj_notAfter),
- ADD_METHOD(get_signature_algorithm),
- ADD_METHOD(sign),
- ADD_METHOD(has_expired),
- ADD_METHOD(subject_name_hash),
- ADD_METHOD(digest),
- ADD_METHOD(add_extensions),
- ADD_METHOD(get_extension),
- ADD_METHOD(get_extension_count),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-
-/*
- * Constructor for X509 objects, never called by Python code directly
- *
- * Arguments: cert - A "real" X509 certificate object
- * dealloc - Boolean value to specify whether the destructor should
- * free the "real" X509 object
- * Returns: The newly created X509 object
- */
-crypto_X509Obj *
-crypto_X509_New(X509 *cert, int dealloc)
-{
- crypto_X509Obj *self;
-
- self = PyObject_New(crypto_X509Obj, &crypto_X509_Type);
-
- if (self == NULL)
- return NULL;
-
- self->x509 = cert;
- self->dealloc = dealloc;
-
- return self;
-}
-
-
-static char crypto_X509_doc[] = "\n\
-A class representing X.509 certificates.\n\
-\n\
-Create a new X509 object.\n\
-\n\
-:returns: The :class:`X509` object\n\
-";
-
-static PyObject *
-crypto_X509_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs)
-{
- if (!PyArg_ParseTuple(args, ":X509")) {
- return NULL;
- }
-
- return (PyObject *)crypto_X509_New(X509_new(), 1);
-}
-
-
-/*
- * Deallocate the memory used by the X509 object
- *
- * Arguments: self - The X509 object
- * Returns: None
- */
-static void
-crypto_X509_dealloc(crypto_X509Obj *self)
-{
- /* Sometimes we don't have to dealloc the "real" X509 pointer ourselves */
- if (self->dealloc)
- X509_free(self->x509);
-
- PyObject_Del(self);
-}
-
-PyTypeObject crypto_X509_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "X509",
- sizeof(crypto_X509Obj),
- 0,
- (destructor)crypto_X509_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- crypto_X509_doc, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_X509_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_X509_new, /* tp_new */
-};
-
-/*
- * Initialize the X509 part of the crypto sub module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_x509(PyObject *module)
-{
- if (PyType_Ready(&crypto_X509_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509_Type);
- if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
- return 0;
- }
-
- Py_INCREF((PyObject *)&crypto_X509_Type);
- if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
-
diff --git a/OpenSSL/crypto/x509.h b/OpenSSL/crypto/x509.h
deleted file mode 100644
index f6cd190..0000000
--- a/OpenSSL/crypto/x509.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * x509.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export x509 functions and data structure.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- *
- */
-#ifndef PyOpenSSL_crypto_X509_H_
-#define PyOpenSSL_crypto_X509_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-extern PyTypeObject crypto_X509_Type;
-
-#define crypto_X509_Check(v) ((v)->ob_type == &crypto_X509_Type)
-
-typedef struct {
- PyObject_HEAD
- X509 *x509;
- int dealloc;
-} crypto_X509Obj;
-
-PyObject* _set_asn1_time(char *format, ASN1_TIME* timestamp, PyObject *args);
-PyObject* _get_asn1_time(char *format, ASN1_TIME* timestamp, PyObject *args);
-extern int init_crypto_x509 (PyObject *);
-
-
-#endif
diff --git a/OpenSSL/crypto/x509ext.c b/OpenSSL/crypto/x509ext.c
deleted file mode 100644
index f8ecb4a..0000000
--- a/OpenSSL/crypto/x509ext.c
+++ /dev/null
@@ -1,409 +0,0 @@
-/*
- * x509ext.c
- *
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * Export X.509 extension functions and data structures.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-static char crypto_X509Extension_get_critical_doc[] = "\n\
-Returns the critical field of the X509Extension\n\
-\n\
-:return: The critical field.\n\
-";
-
-static PyObject *
-crypto_X509Extension_get_critical(crypto_X509ExtensionObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":get_critical"))
- return NULL;
-
- return PyLong_FromLong(X509_EXTENSION_get_critical(self->x509_extension));
-}
-
-static char crypto_X509Extension_get_short_name_doc[] = "\n\
-Returns the short version of the type name of the X509Extension\n\
-\n\
-:return: The short type name.\n\
-";
-
-static PyObject *
-crypto_X509Extension_get_short_name(crypto_X509ExtensionObj *self, PyObject *args) {
- ASN1_OBJECT *obj;
- const char *extname;
-
- if (!PyArg_ParseTuple(args, ":get_short_name")) {
- return NULL;
- }
-
- /* Returns an internal pointer to x509_extension, not a copy */
- obj = X509_EXTENSION_get_object(self->x509_extension);
-
- extname = OBJ_nid2sn(OBJ_obj2nid(obj));
- return PyBytes_FromString(extname);
-}
-
-
-static char crypto_X509Extension_get_data_doc[] = "\n\
-Returns the data of the X509Extension\n\
-\n\
-:return: A :py:data:`str` giving the X509Extension's ASN.1 encoded data.\n\
-";
-
-static PyObject *
-crypto_X509Extension_get_data(crypto_X509ExtensionObj *self, PyObject *args) {
- ASN1_OCTET_STRING *data;
- PyObject *result;
-
- if (!PyArg_ParseTuple(args, ":get_data")) {
- return NULL;
- }
-
- data = X509_EXTENSION_get_data(self->x509_extension);
- result = PyBytes_FromStringAndSize((const char*)data->data, data->length);
- return result;
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_X509Extension_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
-{ #name, (PyCFunction)crypto_X509Extension_##name, METH_VARARGS, crypto_X509Extension_##name##_doc }
-static PyMethodDef crypto_X509Extension_methods[] =
-{
- ADD_METHOD(get_critical),
- ADD_METHOD(get_short_name),
- ADD_METHOD(get_data),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-/*
- * Constructor for X509Extension, never called by Python code directly
- *
- * Arguments: type_name - ???
- * critical - ???
- * value - ???
- * subject - An x509v3 certificate which is the subject for this extension.
- * issuer - An x509v3 certificate which is the issuer for this extension.
- * Returns: The newly created X509Extension object
- */
-crypto_X509ExtensionObj *
-crypto_X509Extension_New(char *type_name, int critical, char *value,
- crypto_X509Obj *subject, crypto_X509Obj *issuer) {
- X509V3_CTX ctx;
- crypto_X509ExtensionObj *self;
- char* value_with_critical = NULL;
-
-
- /*
- * A context is necessary for any extension which uses the r2i conversion
- * method. That is, X509V3_EXT_nconf may segfault if passed a NULL ctx.
- * Start off by initializing most of the fields to NULL.
- */
- X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
-
- /*
- * We have no configuration database - but perhaps we should (some
- * extensions may require it).
- */
- X509V3_set_ctx_nodb(&ctx);
-
- /*
- * Initialize the subject and issuer, if appropriate. ctx is a local, and
- * as far as I can tell none of the X509V3_* APIs invoked here steal any
- * references, so no need to incref subject or issuer.
- */
- if (subject) {
- ctx.subject_cert = subject->x509;
- }
-
- if (issuer) {
- ctx.issuer_cert = issuer->x509;
- }
-
- self = PyObject_New(crypto_X509ExtensionObj, &crypto_X509Extension_Type);
-
- if (self == NULL) {
- goto error;
- }
-
- self->dealloc = 0;
-
- /* There are other OpenSSL APIs which would let us pass in critical
- * separately, but they're harder to use, and since value is already a pile
- * of crappy junk smuggling a ton of utterly important structured data,
- * what's the point of trying to avoid nasty stuff with strings? (However,
- * X509V3_EXT_i2d in particular seems like it would be a better API to
- * invoke. I do not know where to get the ext_struc it desires for its
- * last parameter, though.) */
- value_with_critical = malloc(strlen("critical,") + strlen(value) + 1);
- if (!value_with_critical) {
- goto critical_malloc_error;
- }
-
- if (critical) {
- strcpy(value_with_critical, "critical,");
- strcpy(value_with_critical + strlen("critical,"), value);
- } else {
- strcpy(value_with_critical, value);
- }
-
- self->x509_extension = X509V3_EXT_nconf(
- NULL, &ctx, type_name, value_with_critical);
-
- free(value_with_critical);
-
- if (!self->x509_extension) {
- goto nconf_error;
- }
-
- self->dealloc = 1;
- return self;
-
- nconf_error:
- exception_from_error_queue(crypto_Error);
-
- critical_malloc_error:
- Py_XDECREF(self);
-
- error:
- return NULL;
-
-}
-
-static char crypto_X509Extension_doc[] = "\n\
-X509Extension(typename, critical, value[, subject][, issuer]) -> \n\
- X509Extension instance\n\
-\n\
-:param typename: The name of the extension to create.\n\
-:type typename: :py:data:`str`\n\
-:param critical: A flag indicating whether this is a critical extension.\n\
-:param value: The value of the extension.\n\
-:type value: :py:data:`str`\n\
-:param subject: Optional X509 cert to use as subject.\n\
-:type subject: :py:class:`X509`\n\
-:param issuer: Optional X509 cert to use as issuer.\n\
-:type issuer: :py:class:`X509`\n\
-:return: The X509Extension object\n\
-";
-
-static PyObject *
-crypto_X509Extension_new(PyTypeObject *subtype, PyObject *args,
- PyObject *kwargs) {
- char *type_name, *value;
- int critical = 0;
- crypto_X509Obj * subject = NULL;
- crypto_X509Obj * issuer = NULL;
- static char *kwlist[] = {"type_name", "critical", "value", "subject",
- "issuer", NULL};
-
- if (!PyArg_ParseTupleAndKeywords(
- args, kwargs,
- BYTESTRING_FMT "i" BYTESTRING_FMT "|O!O!:X509Extension",
- kwlist, &type_name, &critical, &value,
- &crypto_X509_Type, &subject,
- &crypto_X509_Type, &issuer )) {
- return NULL;
- }
-
- return (PyObject *)crypto_X509Extension_New(type_name, critical, value,
- subject, issuer);
-}
-
-/*
- * Deallocate the memory used by the X509Extension object
- *
- * Arguments: self - The X509Extension object
- * Returns: None
- */
-static void
-crypto_X509Extension_dealloc(crypto_X509ExtensionObj *self)
-{
- /* Sometimes we don't have to dealloc this */
- if (self->dealloc)
- X509_EXTENSION_free(self->x509_extension);
-
- PyObject_Del(self);
-}
-
-
-/* Special handling of subjectAltName. OpenSSL's builtin formatter,
- * X509V3_EXT_print, mishandles NUL bytes allowing a truncated display that
- * does not accurately reflect what's in the extension.
- */
-int
-crypto_X509Extension_str_subjectAltName(crypto_X509ExtensionObj *self, BIO *bio) {
- GENERAL_NAMES *names;
- const X509V3_EXT_METHOD *method = NULL;
- long i, length, num;
- const unsigned char *p;
-
- method = X509V3_EXT_get(self->x509_extension);
- if (method == NULL) {
- return -1;
- }
-
- p = self->x509_extension->value->data;
- length = self->x509_extension->value->length;
- if (method->it) {
- names = (GENERAL_NAMES*)(ASN1_item_d2i(NULL, &p, length,
- ASN1_ITEM_ptr(method->it)));
- } else {
- names = (GENERAL_NAMES*)(method->d2i(NULL, &p, length));
- }
- if (names == NULL) {
- return -1;
- }
-
- num = sk_GENERAL_NAME_num(names);
- for (i = 0; i < num; i++) {
- GENERAL_NAME *name;
- ASN1_STRING *as;
- name = sk_GENERAL_NAME_value(names, i);
- switch (name->type) {
- case GEN_EMAIL:
- BIO_puts(bio, "email:");
- as = name->d.rfc822Name;
- BIO_write(bio, ASN1_STRING_data(as),
- ASN1_STRING_length(as));
- break;
- case GEN_DNS:
- BIO_puts(bio, "DNS:");
- as = name->d.dNSName;
- BIO_write(bio, ASN1_STRING_data(as),
- ASN1_STRING_length(as));
- break;
- case GEN_URI:
- BIO_puts(bio, "URI:");
- as = name->d.uniformResourceIdentifier;
- BIO_write(bio, ASN1_STRING_data(as),
- ASN1_STRING_length(as));
- break;
- default:
- /* use builtin print for GEN_OTHERNAME, GEN_X400,
- * GEN_EDIPARTY, GEN_DIRNAME, GEN_IPADD and GEN_RID
- */
- GENERAL_NAME_print(bio, name);
- }
- /* trailing ', ' except for last element */
- if (i < (num - 1)) {
- BIO_puts(bio, ", ");
- }
- }
- sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
-
- return 0;
-}
-
-/*
- * Print a nice text representation of the certificate request.
- */
-static PyObject *
-crypto_X509Extension_str(crypto_X509ExtensionObj *self) {
- int str_len;
- char *tmp_str;
- PyObject *str;
- BIO *bio = BIO_new(BIO_s_mem());
-
- if (OBJ_obj2nid(self->x509_extension->object) == NID_subject_alt_name) {
- if (crypto_X509Extension_str_subjectAltName(self, bio) == -1) {
- BIO_free(bio);
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- } else if (!X509V3_EXT_print(bio, self->x509_extension, 0, 0)) {
- BIO_free(bio);
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- str_len = BIO_get_mem_data(bio, &tmp_str);
- str = PyText_FromStringAndSize(tmp_str, str_len);
-
- BIO_free(bio);
-
- return str;
-}
-
-PyTypeObject crypto_X509Extension_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "X509Extension",
- sizeof(crypto_X509ExtensionObj),
- 0,
- (destructor)crypto_X509Extension_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr (setattrfunc)crypto_X509Name_setattr, */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- (reprfunc)crypto_X509Extension_str, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- crypto_X509Extension_doc, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_X509Extension_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_X509Extension_new, /* tp_new */
-};
-
-/*
- * Initialize the X509Extension part of the crypto module
- *
- * Arguments: dict - The crypto module
- * Returns: None
- */
-int
-init_crypto_x509extension(PyObject *module)
-{
- if (PyType_Ready(&crypto_X509Extension_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509Extension_Type);
- if (PyModule_AddObject(module, "X509Extension",
- (PyObject *)&crypto_X509Extension_Type) != 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509Extension_Type);
- if (PyModule_AddObject(module, "X509ExtensionType",
- (PyObject *)&crypto_X509Extension_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
diff --git a/OpenSSL/crypto/x509ext.h b/OpenSSL/crypto/x509ext.h
deleted file mode 100644
index 3ddc716..0000000
--- a/OpenSSL/crypto/x509ext.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * x509ext.h
- *
- * Copyright (C) Awanim
- * See LICENSE for details.
- *
- * Export X.509 extension functions and data structures.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-#ifndef PyOpenSSL_crypto_X509EXTENSION_H_
-#define PyOpenSSL_crypto_X509EXTENSION_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-#include <openssl/x509v3.h>
-
-extern int init_crypto_x509extension (PyObject *);
-
-extern PyTypeObject crypto_X509Extension_Type;
-
-#define crypto_X509Extension_Check(v) ( \
- PyObject_TypeCheck((v), \
- &crypto_X509Extension_Type))
-
-typedef struct {
- PyObject_HEAD
- X509_EXTENSION *x509_extension;
- int dealloc;
-} crypto_X509ExtensionObj;
-
-#endif
-
diff --git a/OpenSSL/crypto/x509name.c b/OpenSSL/crypto/x509name.c
deleted file mode 100644
index 705683e..0000000
--- a/OpenSSL/crypto/x509name.c
+++ /dev/null
@@ -1,555 +0,0 @@
-/*
- * x509name.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * X.509 Name handling, mostly thin wrapping.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-static PyMethodDef crypto_X509Name_methods[4];
-
-/*
- * Constructor for X509Name, never called by Python code directly
- *
- * Arguments: name - A "real" X509_NAME object
- * dealloc - Boolean value to specify whether the destructor should
- * free the "real" X509_NAME object
- * Returns: The newly created X509Name object
- */
-crypto_X509NameObj *
-crypto_X509Name_New(X509_NAME *name, int dealloc)
-{
- crypto_X509NameObj *self;
-
- self = PyObject_GC_New(crypto_X509NameObj, &crypto_X509Name_Type);
-
- if (self == NULL)
- return NULL;
-
- self->x509_name = name;
- self->dealloc = dealloc;
- self->parent_cert = NULL;
-
- PyObject_GC_Track(self);
- return self;
-}
-
-
-static char crypto_X509Name_doc[] = "\n\
-X509Name(name) -> New X509Name object\n\
-\n\
-Create a new X509Name, copying the given X509Name instance.\n\
-\n\
-:param name: An X509Name object to copy\n\
-:return: The X509Name object\n\
-";
-
-static PyObject *
-crypto_X509Name_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs)
-{
- crypto_X509NameObj *name;
-
- if (!PyArg_ParseTuple(args, "O!:X509Name", &crypto_X509Name_Type, &name)) {
- return NULL;
- }
-
- return (PyObject *)crypto_X509Name_New(X509_NAME_dup(name->x509_name), 1);
-}
-
-
-/*
- * Return a name string given a X509_NAME object and a name identifier. Used
- * by the getattr function.
- *
- * Arguments: name - The X509_NAME object
- * nid - The name identifier
- * Returns: The name as a Python string object
- */
-static int
-get_name_by_nid(X509_NAME *name, int nid, char **utf8string)
-{
- int entry_idx;
- X509_NAME_ENTRY *entry;
- ASN1_STRING *data;
- int len;
-
- if ((entry_idx = X509_NAME_get_index_by_NID(name, nid, -1)) == -1)
- {
- return 0;
- }
- entry = X509_NAME_get_entry(name, entry_idx);
- data = X509_NAME_ENTRY_get_data(entry);
- if ((len = ASN1_STRING_to_UTF8((unsigned char **)utf8string, data)) < 0)
- {
- exception_from_error_queue(crypto_Error);
- return -1;
- }
-
- return len;
-}
-
-/*
- * Given a X509_NAME object and a name identifier, set the corresponding
- * attribute to the given string. Used by the setattr function.
- *
- * Arguments: name - The X509_NAME object
- * nid - The name identifier
- * value - The string to set
- * Returns: 0 for success, -1 on failure
- */
-static int
-set_name_by_nid(X509_NAME *name, int nid, char *utf8string)
-{
- X509_NAME_ENTRY *ne;
- int i, entry_count, temp_nid;
-
- /* If there's an old entry for this NID, remove it */
- entry_count = X509_NAME_entry_count(name);
- for (i = 0; i < entry_count; i++)
- {
- ne = X509_NAME_get_entry(name, i);
- temp_nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
- if (temp_nid == nid)
- {
- ne = X509_NAME_delete_entry(name, i);
- X509_NAME_ENTRY_free(ne);
- break;
- }
- }
-
- /* Add the new entry */
- if (!X509_NAME_add_entry_by_NID(name, nid, MBSTRING_UTF8,
- (unsigned char *)utf8string,
- -1, -1, 0))
- {
- exception_from_error_queue(crypto_Error);
- return -1;
- }
- return 0;
-}
-
-
-/*
- * Find attribute. An X509Name object has the following attributes:
- * countryName (alias C), stateOrProvince (alias ST), locality (alias L),
- * organization (alias O), organizationalUnit (alias OU), commonName (alias
- * CN) and more...
- *
- * Arguments: self - The X509Name object
- * name - The attribute name
- * Returns: A Python object for the attribute, or NULL if something went
- * wrong
- */
-static PyObject *
-crypto_X509Name_getattro(crypto_X509NameObj *self, PyObject *nameobj)
-{
- int nid, len;
- char *utf8string;
- char *name;
-#ifdef PY3
- name = PyBytes_AsString(PyUnicode_AsASCIIString(nameobj));
-#else
- name = PyBytes_AsString(nameobj);
-#endif
-
- if ((nid = OBJ_txt2nid(name)) == NID_undef) {
- /*
- * This is a bit weird. OBJ_txt2nid indicated failure, but it seems
- * a lower level function, a2d_ASN1_OBJECT, also feels the need to
- * push something onto the error queue. If we don't clean that up
- * now, someone else will bump into it later and be quite confused.
- * See lp#314814.
- */
- flush_error_queue();
- return PyObject_GenericGetAttr((PyObject*)self, nameobj);
- }
-
- len = get_name_by_nid(self->x509_name, nid, &utf8string);
- if (len < 0)
- return NULL;
- else if (len == 0)
- {
- Py_INCREF(Py_None);
- return Py_None;
- }
- else {
- PyObject* result = PyUnicode_Decode(utf8string, len, "utf-8", NULL);
- OPENSSL_free(utf8string);
- return result;
- }
-}
-
-/*
- * Set attribute
- *
- * Arguments: self - The X509Name object
- * name - The attribute name
- * value - The value to set
- */
-static int
-crypto_X509Name_setattro(crypto_X509NameObj *self, PyObject *nameobj, PyObject *value)
-{
- int nid;
- int result;
- char *buffer;
- char *name;
-
- if (!PyBytes_CheckExact(nameobj) && !PyUnicode_CheckExact(nameobj)) {
- PyErr_Format(PyExc_TypeError,
- "attribute name must be string, not '%.200s'",
- Py_TYPE(nameobj)->tp_name);
- return -1;
- }
-
-#ifdef PY3
- name = PyBytes_AsString(PyUnicode_AsASCIIString(nameobj));
-#else
- name = PyBytes_AsString(nameobj);
-#endif
-
- if ((nid = OBJ_txt2nid(name)) == NID_undef)
- {
- /* Just like the case in the getattr function */
- flush_error_queue();
- PyErr_SetString(PyExc_AttributeError, "No such attribute");
- return -1;
- }
-
- /* Something of a hack to get nice unicode behaviour */
- if (!PyArg_Parse(value, "es:setattr", "utf-8", &buffer))
- return -1;
-
- result = set_name_by_nid(self->x509_name, nid, buffer);
- PyMem_Free(buffer);
- return result;
-}
-
-/*
- * Compare two X509Name structures.
- *
- * Arguments: n - The first X509Name
- * m - The second X509Name
- * Returns: <0 if n < m, 0 if n == m and >0 if n > m
- */
-static PyObject *
-crypto_X509Name_richcompare(PyObject *n, PyObject *m, int op) {
- int result;
-
- if (!crypto_X509Name_Check(n) || !crypto_X509Name_Check(m)) {
- Py_INCREF(Py_NotImplemented);
- return Py_NotImplemented;
- }
-
- result = X509_NAME_cmp(
- ((crypto_X509NameObj*)n)->x509_name,
- ((crypto_X509NameObj*)m)->x509_name);
-
- switch (op) {
- case Py_EQ:
- result = (result == 0);
- break;
-
- case Py_NE:
- result = (result != 0);
- break;
-
- case Py_LT:
- result = (result < 0);
- break;
-
- case Py_LE:
- result = (result <= 0);
- break;
-
- case Py_GT:
- result = (result > 0);
- break;
-
- case Py_GE:
- result = (result >= 0);
- break;
-
- default:
- /* Should be impossible */
- Py_INCREF(Py_NotImplemented);
- return Py_NotImplemented;
- }
-
- if (result) {
- Py_INCREF(Py_True);
- return Py_True;
- } else {
- Py_INCREF(Py_False);
- return Py_False;
- }
-}
-
-/*
- * String representation of an X509Name
- *
- * Arguments: self - The X509Name object
- * Returns: A string representation of the object
- */
-static PyObject *
-crypto_X509Name_repr(crypto_X509NameObj *self)
-{
- char tmpbuf[512] = "";
- char realbuf[512+64];
-
- if (X509_NAME_oneline(self->x509_name, tmpbuf, 512) == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- else
- {
- /* This is safe because tmpbuf is max 512 characters */
- sprintf(realbuf, "<X509Name object '%s'>", tmpbuf);
- return PyText_FromString(realbuf);
- }
-}
-
-static char crypto_X509Name_hash_doc[] = "\n\
-Return the hash value of this name\n\
-\n\
-:return: None\n\
-";
-
-/*
- * First four bytes of the MD5 digest of the DER form of an X509Name.
- *
- * Arguments: self - The X509Name object
- * Returns: An integer giving the hash.
- */
-static PyObject *
-crypto_X509Name_hash(crypto_X509NameObj *self, PyObject* args)
-{
- unsigned long hash;
-
- if (!PyArg_ParseTuple(args, ":hash")) {
- return NULL;
- }
- hash = X509_NAME_hash(self->x509_name);
- return PyLong_FromLong(hash);
-}
-
-static char crypto_X509Name_der_doc[] = "\n\
-Return the DER encoding of this name\n\
-\n\
-:return: None\n\
-";
-
-/*
- * Arguments: self - The X509Name object
- * Returns: The DER form of an X509Name.
- */
-static PyObject *
-crypto_X509Name_der(crypto_X509NameObj *self, PyObject *args)
-{
- if (!PyArg_ParseTuple(args, ":der")) {
- return NULL;
- }
-
- i2d_X509_NAME(self->x509_name, 0);
- return PyBytes_FromStringAndSize(self->x509_name->bytes->data,
- self->x509_name->bytes->length);
-}
-
-
-static char crypto_X509Name_get_components_doc[] = "\n\
-Returns the split-up components of this name.\n\
-\n\
-:return: List of tuples (name, value).\n\
-";
-
-static PyObject *
-crypto_X509Name_get_components(crypto_X509NameObj *self, PyObject *args)
-{
- int n, i;
- X509_NAME *name = self->x509_name;
- PyObject *list;
-
- if (!PyArg_ParseTuple(args, ":get_components"))
- return NULL;
-
- n = X509_NAME_entry_count(name);
- list = PyList_New(n);
- for (i = 0; i < n; i++)
- {
- X509_NAME_ENTRY *ent;
- ASN1_OBJECT *fname;
- ASN1_STRING *fval;
- int nid;
- int l;
- unsigned char *str;
- PyObject *tuple;
-
- ent = X509_NAME_get_entry(name, i);
-
- fname = X509_NAME_ENTRY_get_object(ent);
- fval = X509_NAME_ENTRY_get_data(ent);
-
- l = ASN1_STRING_length(fval);
- str = ASN1_STRING_data(fval);
-
- nid = OBJ_obj2nid(fname);
-
- /* printf("fname is %s len=%d str=%s\n", OBJ_nid2sn(nid), l, str); */
-
- tuple = PyTuple_New(2);
- PyTuple_SetItem(tuple, 0, PyBytes_FromString(OBJ_nid2sn(nid)));
- PyTuple_SetItem(tuple, 1, PyBytes_FromStringAndSize((char *)str, l));
-
- PyList_SetItem(list, i, tuple);
- }
-
- return list;
-}
-
-
-/*
- * Call the visitproc on all contained objects.
- *
- * Arguments: self - The Connection object
- * visit - Function to call
- * arg - Extra argument to visit
- * Returns: 0 if all goes well, otherwise the return code from the first
- * call that gave non-zero result.
- */
-static int
-crypto_X509Name_traverse(crypto_X509NameObj *self, visitproc visit, void *arg)
-{
- int ret = 0;
-
- if (ret == 0 && self->parent_cert != NULL)
- ret = visit(self->parent_cert, arg);
- return ret;
-}
-
-/*
- * Decref all contained objects and zero the pointers.
- *
- * Arguments: self - The Connection object
- * Returns: Always 0.
- */
-static int
-crypto_X509Name_clear(crypto_X509NameObj *self)
-{
- Py_XDECREF(self->parent_cert);
- self->parent_cert = NULL;
- return 0;
-}
-
-/*
- * Deallocate the memory used by the X509Name object
- *
- * Arguments: self - The X509Name object
- * Returns: None
- */
-static void
-crypto_X509Name_dealloc(crypto_X509NameObj *self)
-{
- PyObject_GC_UnTrack(self);
- /* Sometimes we don't have to dealloc this */
- if (self->dealloc)
- X509_NAME_free(self->x509_name);
-
- crypto_X509Name_clear(self);
-
- PyObject_GC_Del(self);
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_X509Name_##name, METH_VARARGS, crypto_X509Name_##name##_doc }
-static PyMethodDef crypto_X509Name_methods[] =
-{
- ADD_METHOD(hash),
- ADD_METHOD(der),
- ADD_METHOD(get_components),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-PyTypeObject crypto_X509Name_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "X509Name",
- sizeof(crypto_X509NameObj),
- 0,
- (destructor)crypto_X509Name_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* reserved */
- (reprfunc)crypto_X509Name_repr,
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- (getattrofunc)crypto_X509Name_getattro, /* getattro */
- (setattrofunc)crypto_X509Name_setattro, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC, /* tp_flags */
- crypto_X509Name_doc, /* tp_doc */
- (traverseproc)crypto_X509Name_traverse, /* tp_traverse */
- (inquiry)crypto_X509Name_clear, /* tp_clear */
- crypto_X509Name_richcompare, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_X509Name_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_X509Name_new, /* tp_new */
-};
-
-/*
- * Initialize the X509Name part of the crypto module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_x509name(PyObject *module)
-{
- if (PyType_Ready(&crypto_X509Name_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509Name_Type);
- if (PyModule_AddObject(module, "X509Name", (PyObject *)&crypto_X509Name_Type) != 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509Name_Type);
- if (PyModule_AddObject(module, "X509NameType", (PyObject *)&crypto_X509Name_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
diff --git a/OpenSSL/crypto/x509name.h b/OpenSSL/crypto/x509name.h
deleted file mode 100644
index bfc7628..0000000
--- a/OpenSSL/crypto/x509name.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * x509name.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export X.509 name functions and data structures.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- * Reviewed 2001-07-23
- *
- */
-#ifndef PyOpenSSL_crypto_X509NAME_H_
-#define PyOpenSSL_crypto_X509NAME_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-extern int init_crypto_x509name (PyObject *);
-
-extern PyTypeObject crypto_X509Name_Type;
-
-#define crypto_X509Name_Check(v) ((v)->ob_type == &crypto_X509Name_Type)
-
-typedef struct {
- PyObject_HEAD
- X509_NAME *x509_name;
- int dealloc;
- PyObject *parent_cert;
-} crypto_X509NameObj;
-
-
-#endif
diff --git a/OpenSSL/crypto/x509req.c b/OpenSSL/crypto/x509req.c
deleted file mode 100644
index a331712..0000000
--- a/OpenSSL/crypto/x509req.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
- * x509req.c
- *
- * Copyright (C) AB Strakt
- * Copyright (C) Jean-Paul Calderone
- * See LICENSE for details.
- *
- * X.509 Request handling, mostly thin wrapping.
- * See the file RATIONALE for a short explanation of why this module was written.
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-
-static char crypto_X509Req_get_subject_doc[] = "\n\
-Create an X509Name object for the subject of the certificate request\n\
-\n\
-:return: An X509Name object\n\
-";
-
-static PyObject *
-crypto_X509Req_get_subject(crypto_X509ReqObj *self, PyObject *args)
-{
- crypto_X509NameObj *crypto_X509Name_New(X509_NAME *, int);
- X509_NAME *name;
- crypto_X509NameObj* pyname;
-
- if (!PyArg_ParseTuple(args, ":get_subject"))
- return NULL;
-
- if ((name = X509_REQ_get_subject_name(self->x509_req)) == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
- if ((pyname = crypto_X509Name_New(name, 0)) != NULL) {
- pyname->parent_cert = (PyObject *)self;
- Py_INCREF(self);
- }
- return (PyObject *)pyname;
-}
-
-static char crypto_X509Req_get_pubkey_doc[] = "\n\
-Get the public key from the certificate request\n\
-\n\
-:return: The public key\n\
-";
-
-static PyObject *
-crypto_X509Req_get_pubkey(crypto_X509ReqObj *self, PyObject *args)
-{
- crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
- EVP_PKEY *pkey;
- crypto_PKeyObj *py_pkey;
-
- if (!PyArg_ParseTuple(args, ":get_pubkey"))
- return NULL;
-
- if ((pkey = X509_REQ_get_pubkey(self->x509_req)) == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- py_pkey = crypto_PKey_New(pkey, 1);
- if (py_pkey != NULL) {
- py_pkey->only_public = 1;
- }
- return (PyObject *)py_pkey;
-}
-
-static char crypto_X509Req_set_pubkey_doc[] = "\n\
-Set the public key of the certificate request\n\
-\n\
-:param pkey: The public key to use\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509Req_set_pubkey(crypto_X509ReqObj *self, PyObject *args)
-{
- crypto_PKeyObj *pkey;
-
- if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
- return NULL;
-
- if (!X509_REQ_set_pubkey(self->x509_req, pkey->pkey))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509Req_sign_doc[] = "\n\
-Sign the certificate request using the supplied key and digest\n\
-\n\
-:param pkey: The key to sign with\n\
-:param digest: The message digest to use\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509Req_sign(crypto_X509ReqObj *self, PyObject *args)
-{
- crypto_PKeyObj *pkey;
- char *digest_name;
- const EVP_MD *digest;
-
- if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
- &digest_name))
- return NULL;
-
- if (pkey->only_public) {
- PyErr_SetString(PyExc_ValueError, "Key has only public part");
- return NULL;
- }
-
- if (!pkey->initialized) {
- PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
- return NULL;
- }
-
- if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
- {
- PyErr_SetString(PyExc_ValueError, "No such digest method");
- return NULL;
- }
-
- if (!X509_REQ_sign(self->x509_req, pkey->pkey, digest))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509Req_verify_doc[] = "\n\
-Verifies a certificate request using the supplied public key\n\
-\n\
-:param key: a public key\n\
-:return: True if the signature is correct.\n\
-:raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\
- problem verifying the signature.\n\
-";
-
-PyObject *
-crypto_X509Req_verify(crypto_X509ReqObj *self, PyObject *args)
-{
- PyObject *obj;
- crypto_PKeyObj *key;
- int answer;
-
- if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj)) {
- return NULL;
- }
-
- key = (crypto_PKeyObj *)obj;
-
- if ((answer = X509_REQ_verify(self->x509_req, key->pkey)) <= 0) {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- return PyLong_FromLong(answer);
-}
-
-static char crypto_X509Req_add_extensions_doc[] = "\n\
-Add extensions to the request.\n\
-\n\
-:param extensions: a sequence of X509Extension objects\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509Req_add_extensions(crypto_X509ReqObj *self, PyObject *args)
-{
- PyObject *extensions;
- crypto_X509ExtensionObj *ext;
- STACK_OF(X509_EXTENSION) *exts;
- int nr_of_extensions, i;
-
- if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
- return NULL;
-
- if (!PySequence_Check(extensions))
- {
- PyErr_SetString(PyExc_TypeError, "Expected a sequence");
- return NULL;
- }
-
- /* Make a STACK_OF(X509_EXTENSION) from sequence */
- if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- /* Put the extensions in a stack */
- nr_of_extensions = PySequence_Length(extensions);
-
- for (i = 0; i < nr_of_extensions; i++)
- {
- ext = (crypto_X509ExtensionObj *)PySequence_GetItem(extensions, i);
- if (!(crypto_X509Extension_Check(ext)))
- {
- PyErr_SetString(PyExc_ValueError,
- "One of the elements is not an X509Extension");
- sk_X509_EXTENSION_free(exts);
- return NULL;
- }
- sk_X509_EXTENSION_push(exts, ext->x509_extension);
- }
-
- if (!X509_REQ_add_extensions(self->x509_req, exts))
- {
- sk_X509_EXTENSION_free(exts);
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- sk_X509_EXTENSION_free(exts);
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509Req_set_version_doc[] = "\n\
-Set the version subfield (RFC 2459, section 4.1.2.1) of the certificate\n\
-request.\n\
-\n\
-:param version: The version number\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509Req_set_version(crypto_X509ReqObj *self, PyObject *args)
-{
- long version;
-
- if (!PyArg_ParseTuple(args, "l:set_version", &version)) {
- return NULL;
- }
-
- if (!X509_REQ_set_version(self->x509_req, version)) {
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-static char crypto_X509Req_get_version_doc[] = "\n\
-Get the version subfield (RFC 2459, section 4.1.2.1) of the certificate\n\
-request.\n\
-\n\
-:return: an integer giving the value of the version subfield\n\
-";
-
-static PyObject *
-crypto_X509Req_get_version(crypto_X509ReqObj *self, PyObject *args)
-{
- long version;
-
- if (!PyArg_ParseTuple(args, ":get_version")) {
- return NULL;
- }
-
- version = X509_REQ_get_version(self->x509_req);
-
- return PyLong_FromLong(version);
-}
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_X509Req_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_X509Req_##name, METH_VARARGS, crypto_X509Req_##name##_doc }
-static PyMethodDef crypto_X509Req_methods[] =
-{
- ADD_METHOD(get_subject),
- ADD_METHOD(get_pubkey),
- ADD_METHOD(set_pubkey),
- ADD_METHOD(sign),
- ADD_METHOD(verify),
- ADD_METHOD(add_extensions),
- ADD_METHOD(set_version),
- ADD_METHOD(get_version),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-
-/*
- * Constructor for X509Req, never called by Python code directly
- *
- * Arguments: name - A "real" X509_REQ object
- * dealloc - Boolean value to specify whether the destructor should
- * free the "real" X509_REQ object
- * Returns: The newly created X509Req object
- */
-crypto_X509ReqObj *
-crypto_X509Req_New(X509_REQ *req, int dealloc)
-{
- crypto_X509ReqObj *self;
-
- self = PyObject_New(crypto_X509ReqObj, &crypto_X509Req_Type);
-
- if (self == NULL)
- return NULL;
-
- self->x509_req = req;
- self->dealloc = dealloc;
-
- return self;
-}
-
-
-static char crypto_X509Req_doc[] = "\n\
-X509Req() -> X509Req instance\n\
-\n\
-Create a new X509Req object.\n\
-\n\
-:return: The X509Req object\n\
-";
-
-static PyObject *
-crypto_X509Req_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
- if (!PyArg_ParseTuple(args, ":X509Req")) {
- return NULL;
- }
-
- return (PyObject *)crypto_X509Req_New(X509_REQ_new(), 1);
-}
-
-
-/*
- * Deallocate the memory used by the X509Req object
- *
- * Arguments: self - The X509Req object
- * Returns: None
- */
-static void
-crypto_X509Req_dealloc(crypto_X509ReqObj *self)
-{
- /* Sometimes we don't have to dealloc this */
- if (self->dealloc)
- X509_REQ_free(self->x509_req);
-
- PyObject_Del(self);
-}
-
-
-PyTypeObject crypto_X509Req_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "X509Req",
- sizeof(crypto_X509ReqObj),
- 0,
- (destructor)crypto_X509Req_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- crypto_X509Req_doc, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_X509Req_methods, /* tp_methods */
- NULL, /* tp_members */
- NULL, /* tp_getset */
- NULL, /* tp_base */
- NULL, /* tp_dict */
- NULL, /* tp_descr_get */
- NULL, /* tp_descr_set */
- 0, /* tp_dictoffset */
- NULL, /* tp_init */
- NULL, /* tp_alloc */
- crypto_X509Req_new, /* tp_new */
-};
-
-
-/*
- * Initialize the X509Req part of the crypto module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_x509req(PyObject *module)
-{
- if (PyType_Ready(&crypto_X509Req_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509Req_Type);
- if (PyModule_AddObject(module, "X509Req", (PyObject *)&crypto_X509Req_Type) != 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509Req_Type);
- if (PyModule_AddObject(module, "X509ReqType", (PyObject *)&crypto_X509Req_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
diff --git a/OpenSSL/crypto/x509req.h b/OpenSSL/crypto/x509req.h
deleted file mode 100644
index 5fe0524..0000000
--- a/OpenSSL/crypto/x509req.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * x509req.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export X509 request functions and data structures.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-#ifndef PyOpenSSL_SSL_X509REQ_H_
-#define PyOpenSSL_SSL_X509REQ_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-extern int init_crypto_x509req (PyObject *);
-
-extern PyTypeObject crypto_X509Req_Type;
-
-#define crypto_X509Req_Check(v) ((v)->ob_type == &crypto_X509Req_Type)
-
-typedef struct {
- PyObject_HEAD
- X509_REQ *x509_req;
- int dealloc;
-} crypto_X509ReqObj;
-
-
-#endif
diff --git a/OpenSSL/crypto/x509store.c b/OpenSSL/crypto/x509store.c
deleted file mode 100644
index a9750ed..0000000
--- a/OpenSSL/crypto/x509store.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * x509store.c
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * X.509 Store handling, mostly thin wrapping.
- * See the file RATIONALE for a short explanation of why this module was written.
- */
-#include <Python.h>
-#define crypto_MODULE
-#include "crypto.h"
-
-static char crypto_X509Store_add_cert_doc[] = "\n\
-Add a certificate\n\
-\n\
-:param cert: The certificate to add\n\
-:return: None\n\
-";
-
-static PyObject *
-crypto_X509Store_add_cert(crypto_X509StoreObj *self, PyObject *args)
-{
- crypto_X509Obj *cert;
-
- if (!PyArg_ParseTuple(args, "O!:add_cert", &crypto_X509_Type, &cert))
- return NULL;
-
- if (!X509_STORE_add_cert(self->x509_store, cert->x509))
- {
- exception_from_error_queue(crypto_Error);
- return NULL;
- }
-
- Py_INCREF(Py_None);
- return Py_None;
-}
-
-
-/*
- * ADD_METHOD(name) expands to a correct PyMethodDef declaration
- * { 'name', (PyCFunction)crypto_X509Store_name, METH_VARARGS }
- * for convenience
- */
-#define ADD_METHOD(name) \
- { #name, (PyCFunction)crypto_X509Store_##name, METH_VARARGS, crypto_X509Store_##name##_doc }
-static PyMethodDef crypto_X509Store_methods[] =
-{
- ADD_METHOD(add_cert),
- { NULL, NULL }
-};
-#undef ADD_METHOD
-
-
-/*
- * Constructor for X509Store, never called by Python code directly
- *
- * Arguments: name - A "real" X509_STORE object
- * dealloc - Boolean value to specify whether the destructor should
- * free the "real" X509_STORE object
- * Returns: The newly created X509Store object
- */
-crypto_X509StoreObj *
-crypto_X509Store_New(X509_STORE *store, int dealloc)
-{
- crypto_X509StoreObj *self;
-
- self = PyObject_New(crypto_X509StoreObj, &crypto_X509Store_Type);
-
- if (self == NULL)
- return NULL;
-
- self->x509_store = store;
- self->dealloc = dealloc;
-
- return self;
-}
-
-/*
- * Deallocate the memory used by the X509Store object
- *
- * Arguments: self - The X509Store object
- * Returns: None
- */
-static void
-crypto_X509Store_dealloc(crypto_X509StoreObj *self)
-{
- /* Sometimes we don't have to dealloc this */
- if (self->dealloc)
- X509_STORE_free(self->x509_store);
-
- PyObject_Del(self);
-}
-
-
-PyTypeObject crypto_X509Store_Type = {
- PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
- "X509Store",
- sizeof(crypto_X509StoreObj),
- 0,
- (destructor)crypto_X509Store_dealloc,
- NULL, /* print */
- NULL, /* getattr */
- NULL, /* setattr */
- NULL, /* compare */
- NULL, /* repr */
- NULL, /* as_number */
- NULL, /* as_sequence */
- NULL, /* as_mapping */
- NULL, /* hash */
- NULL, /* call */
- NULL, /* str */
- NULL, /* getattro */
- NULL, /* setattro */
- NULL, /* as_buffer */
- Py_TPFLAGS_DEFAULT,
- NULL, /* doc */
- NULL, /* traverse */
- NULL, /* clear */
- NULL, /* tp_richcompare */
- 0, /* tp_weaklistoffset */
- NULL, /* tp_iter */
- NULL, /* tp_iternext */
- crypto_X509Store_methods, /* tp_methods */
-};
-
-
-/*
- * Initialize the X509Store part of the crypto module
- *
- * Arguments: module - The crypto module
- * Returns: None
- */
-int
-init_crypto_x509store(PyObject *module)
-{
- if (PyType_Ready(&crypto_X509Store_Type) < 0) {
- return 0;
- }
-
- /* PyModule_AddObject steals a reference.
- */
- Py_INCREF((PyObject *)&crypto_X509Store_Type);
- if (PyModule_AddObject(module, "X509StoreType", (PyObject *)&crypto_X509Store_Type) != 0) {
- return 0;
- }
-
- return 1;
-}
diff --git a/OpenSSL/crypto/x509store.h b/OpenSSL/crypto/x509store.h
deleted file mode 100644
index de3531d..0000000
--- a/OpenSSL/crypto/x509store.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * x509store.h
- *
- * Copyright (C) AB Strakt
- * See LICENSE for details.
- *
- * Export X509 store functions and data structures.
- * See the file RATIONALE for a short explanation of why this module was written.
- *
- */
-#ifndef PyOpenSSL_SSL_X509STORE_H_
-#define PyOpenSSL_SSL_X509STORE_H_
-
-#include <Python.h>
-#include <openssl/ssl.h>
-
-extern int init_crypto_x509store (PyObject *);
-
-extern PyTypeObject crypto_X509Store_Type;
-
-#define crypto_X509Store_Check(v) ((v)->ob_type == &crypto_X509Store_Type)
-
-typedef struct {
- PyObject_HEAD
- X509_STORE *x509_store;
- int dealloc;
-} crypto_X509StoreObj;
-
-
-#endif