Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / d7d812775cc8e5348ef4788f3953dd35ebc554e2 / . / OpenSSL / crypto / crl.c
blob: 3f56d8350feea380c8f37636e240823cd240796f [file] [log] [blame]
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]1#include <Python.h>
2#define crypto_MODULE
3#include "crypto.h"
4
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]5static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]6 X509_REVOKED *dupe = NULL;
7
8 dupe = X509_REVOKED_new();
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]9 if (dupe == NULL) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]10 return NULL;
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]11 }
12 if (orig->serialNumber) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]13 dupe->serialNumber = M_ASN1_INTEGER_dup(orig->serialNumber);
14 }
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]15 if (orig->revocationDate) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]16 dupe->revocationDate = M_ASN1_INTEGER_dup(orig->revocationDate);
17 }
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]18 if (orig->extensions) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]19 STACK_OF(X509_EXTENSION) *sk = NULL;
20 X509_EXTENSION * ext;
21 int j;
22
23 sk = sk_X509_EXTENSION_new_null();
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]24 for (j = 0; j < sk_X509_EXTENSION_num(orig->extensions); j++) {
25 ext = sk_X509_EXTENSION_value(orig->extensions, j);
26 ext = X509_EXTENSION_dup(ext);
27 sk_X509_EXTENSION_push(sk, ext);
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]28 }
29 dupe->extensions = sk;
30 }
31 dupe->sequence = orig->sequence;
32 return dupe;
33}
34
35static char crypto_CRL_get_revoked_doc[] = "\n\
36Return revoked portion of the CRL structure (by value\n\
37not reference).\n\
38\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame]39:return: A tuple of Revoked objects.\n\
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]40";
41static PyObject *
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]42crypto_CRL_get_revoked(crypto_CRLObj *self, PyObject *args) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]43 int j, num_rev;
44 X509_REVOKED *r = NULL;
45 PyObject *obj = NULL, *rev_obj;
46
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]47 if (!PyArg_ParseTuple(args, ":get_revoked")) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]48 return NULL;
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]49 }
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]50
51 num_rev = sk_X509_REVOKED_num(self->crl->crl->revoked);
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]52 if (num_rev < 0) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]53 Py_INCREF(Py_None);
54 return Py_None;
55 }
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]56 if ((obj = PyTuple_New(num_rev)) == NULL) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]57 return NULL;
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]58 }
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]59
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]60 for (j = 0; j < num_rev; j++) {
61 r = sk_X509_REVOKED_value(self->crl->crl->revoked, j);
62 r = X509_REVOKED_dup(r);
63 if (r == NULL ) {
64 goto error;
65 }
66 rev_obj = (PyObject *) crypto_Revoked_New(r);
67 if (rev_obj == NULL) {
68 goto error;
69 }
70 r = NULL; /* it's now owned by rev_obj */
71 PyTuple_SET_ITEM(obj, j, rev_obj);
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]72 }
73 return obj;
74
75 error:
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]76 if (r) {
77 X509_REVOKED_free(r);
78 }
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]79 Py_XDECREF(obj);
80 return NULL;
81}
82
83static char crypto_CRL_add_revoked_doc[] = "\n\
84Add a revoked (by value not reference) to the CRL structure\n\
85\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame]86:param cert: The new revoked.\n\
Jonathan Ballet648875f2011-07-16 14:14:58 +0900[diff] [blame]87:type cert: :class:`X509`\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame]88:return: None\n\
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]89";
90static PyObject *
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]91crypto_CRL_add_revoked(crypto_CRLObj *self, PyObject *args, PyObject *keywds) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]92 crypto_RevokedObj * rev_obj = NULL;
93 static char *kwlist[] = {"revoked", NULL};
94 X509_REVOKED * dup;
95
96 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!:add_revoked",
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]97 kwlist, &crypto_Revoked_Type, &rev_obj)) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]98 return NULL;
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]99 }
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]100
101 dup = X509_REVOKED_dup( rev_obj->revoked );
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]102 if (dup == NULL) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]103 return NULL;
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]104 }
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]105 X509_CRL_add0_revoked(self->crl, dup);
106
107 Py_INCREF(Py_None);
108 return Py_None;
109}
110
111static char crypto_CRL_export_doc[] = "\n\
Jean-Paul Calderone58887472010-01-30 13:12:35 -0500[diff] [blame]112export(cert, key[, type[, days]]) -> export a CRL as a string\n\
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]113\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame]114:param cert: Used to sign CRL.\n\
Jonathan Ballet648875f2011-07-16 14:14:58 +0900[diff] [blame]115:type cert: :class:`X509`\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame]116:param key: Used to sign CRL.\n\
Jonathan Ballet648875f2011-07-16 14:14:58 +0900[diff] [blame]117:type key: :class:`PKey`\n\
118:param type: The export format, either :py:data:`FILETYPE_PEM`, :py:data:`FILETYPE_ASN1`, or :py:data:`FILETYPE_TEXT`.\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame]119:param days: The number of days until the next update of this CRL.\n\
Jonathan Ballet648875f2011-07-16 14:14:58 +0900[diff] [blame]120:type days: :py:data:`int`\n\
121:return: :py:data:`str`\n\
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]122";
123static PyObject *
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]124crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) {
125 int ret, buf_len, type = X509_FILETYPE_PEM, days = 100;
126 char *temp;
127 BIO *bio;
128 PyObject *buffer;
129 crypto_PKeyObj *key;
130 ASN1_TIME *tmptm;
131 crypto_X509Obj *x509;
132 static char *kwlist[] = {"cert", "key", "type", "days", NULL};
Jean-Paul Calderonec7293bc2011-09-13 15:24:38 -0400[diff] [blame]133
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]134 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
Jean-Paul Calderonec7293bc2011-09-13 15:24:38 -0400[diff] [blame]135 &crypto_X509_Type, &x509,
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]136 &crypto_PKey_Type, &key, &type, &days)) {
137 return NULL;
138 }
Jean-Paul Calderonec7293bc2011-09-13 15:24:38 -0400[diff] [blame]139
Jean-Paul Calderone7e8dab02012-03-09 15:25:48 -0800[diff] [blame]140
141#if OPENSSL_VERSION_NUMBER >= 0x01000000L
142 /* Older versions of OpenSSL had no problem with trying to export using an
143 * uninitialized key. Newer versions segfault, instead. We can only check
144 * on the new versions, though, because the old versions don't even have the
145 * field that the segfault is triggered by.
Jean-Paul Calderone3f79cea2012-03-09 14:56:35 -0800[diff] [blame]146 */
147 if (!key->pkey->ameth) {
148 PyErr_SetString(
149 crypto_Error, "Cannot export with an unitialized key");
150 return NULL;
151 }
Jean-Paul Calderone7e8dab02012-03-09 15:25:48 -0800[diff] [blame]152#endif
Jean-Paul Calderone3f79cea2012-03-09 14:56:35 -0800[diff] [blame]153
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]154 bio = BIO_new(BIO_s_mem());
155 tmptm = ASN1_TIME_new();
156 if (!tmptm) {
157 return 0;
158 }
159 X509_gmtime_adj(tmptm,0);
160 X509_CRL_set_lastUpdate(self->crl, tmptm);
161 X509_gmtime_adj(tmptm,days*24*60*60);
162 X509_CRL_set_nextUpdate(self->crl, tmptm);
163 ASN1_TIME_free(tmptm);
164 X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
Jean-Paul Calderonec7293bc2011-09-13 15:24:38 -0400[diff] [blame]165
166 if (!X509_CRL_sign(self->crl, key->pkey, EVP_md5())) {
167 exception_from_error_queue(crypto_Error);
168 BIO_free(bio);
169 return NULL;
170 }
171
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]172 switch (type) {
173 case X509_FILETYPE_PEM:
174 ret = PEM_write_bio_X509_CRL(bio, self->crl);
175 break;
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]176
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]177 case X509_FILETYPE_ASN1:
178 ret = (int) i2d_X509_CRL_bio(bio, self->crl);
179 break;
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]180
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]181 case X509_FILETYPE_TEXT:
182 ret = X509_CRL_print(bio, self->crl);
183 break;
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]184
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]185 default:
186 PyErr_SetString(
187 PyExc_ValueError,
188 "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]189 return NULL;
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]190 }
191 if (!ret) {
192 exception_from_error_queue(crypto_Error);
193 BIO_free(bio);
194 return NULL;
195 }
196 buf_len = BIO_get_mem_data(bio, &temp);
Jean-Paul Calderone2f6c66f2010-08-11 19:53:43 -0400[diff] [blame]197 buffer = PyBytes_FromStringAndSize(temp, buf_len);
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]198 BIO_free(bio);
199 return buffer;
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]200}
201
202crypto_CRLObj *
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]203crypto_CRL_New(X509_CRL *crl) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]204 crypto_CRLObj *self;
205
206 self = PyObject_New(crypto_CRLObj, &crypto_CRL_Type);
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]207 if (self == NULL) {
208 return NULL;
209 }
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]210 self->crl = crl;
211 return self;
212}
213
214/*
215 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
216 * { 'name', (PyCFunction)crypto_CRL_name, METH_VARARGS, crypto_CRL_name_doc }
217 * for convenience
218 */
219#define ADD_METHOD(name) \
220 { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS, crypto_CRL_##name##_doc }
221#define ADD_KW_METHOD(name) \
222 { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS | METH_KEYWORDS, crypto_CRL_##name##_doc }
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]223static PyMethodDef crypto_CRL_methods[] = {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]224 ADD_KW_METHOD(add_revoked),
225 ADD_METHOD(get_revoked),
226 ADD_KW_METHOD(export),
227 { NULL, NULL }
228};
229#undef ADD_METHOD
230
231
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]232static void
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]233crypto_CRL_dealloc(crypto_CRLObj *self) {
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]234 X509_CRL_free(self->crl);
235 self->crl = NULL;
236
237 PyObject_Del(self);
238}
239
240static char crypto_CRL_doc[] = "\n\
241CRL() -> CRL instance\n\
242\n\
243Create a new empty CRL object.\n\
244\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame]245:returns: The CRL object\n\
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]246";
247
248static PyObject* crypto_CRL_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
Jean-Paul Calderonec5c21602010-05-24 17:52:20 -0400[diff] [blame]249 if (!PyArg_ParseTuple(args, ":CRL")) {
250 return NULL;
251 }
252
253 return (PyObject *)crypto_CRL_New(X509_CRL_new());
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]254}
255
256PyTypeObject crypto_CRL_Type = {
Jean-Paul Calderone3fe7f672010-08-11 23:55:10 -0400[diff] [blame]257 PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]258 "CRL",
259 sizeof(crypto_CRLObj),
260 0,
261 (destructor)crypto_CRL_dealloc,
262 NULL, /* print */
Jean-Paul Calderone2f6c66f2010-08-11 19:53:43 -0400[diff] [blame]263 NULL, /* getattr */
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]264 NULL, /* setattr */
265 NULL, /* compare */
266 NULL, /* repr */
267 NULL, /* as_number */
268 NULL, /* as_sequence */
269 NULL, /* as_mapping */
270 NULL, /* hash */
271 NULL, /* call */
272 NULL, /* str */
273 NULL, /* getattro */
274 NULL, /* setattro */
275 NULL, /* as_buffer */
276 Py_TPFLAGS_DEFAULT,
277 crypto_CRL_doc, /* doc */
278 NULL, /* traverse */
279 NULL, /* clear */
280 NULL, /* tp_richcompare */
281 0, /* tp_weaklistoffset */
282 NULL, /* tp_iter */
283 NULL, /* tp_iternext */
284 crypto_CRL_methods, /* tp_methods */
285 NULL, /* tp_members */
286 NULL, /* tp_getset */
287 NULL, /* tp_base */
288 NULL, /* tp_dict */
289 NULL, /* tp_descr_get */
290 NULL, /* tp_descr_set */
291 0, /* tp_dictoffset */
292 NULL, /* tp_init */
293 NULL, /* tp_alloc */
294 crypto_CRL_new, /* tp_new */
295};
296
297int init_crypto_crl(PyObject *module) {
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]298 if (PyType_Ready(&crypto_CRL_Type) < 0) {
299 return 0;
300 }
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]301
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]302 /* PyModule_AddObject steals a reference.
303 */
304 Py_INCREF((PyObject *)&crypto_CRL_Type);
305 if (PyModule_AddObject(module, "CRL", (PyObject *)&crypto_CRL_Type) != 0) {
306 return 0;
307 }
308 return 1;
Rick Dean536ba022009-07-24 23:57:27 -0500[diff] [blame]309}