Add .extractWithoutVerifying() methods to CMS and derived classes.

This is just a more readable and slightly more efficient (no X509Store object required) idiom for what some code was already doing using the .verify() methods with flag settings to disable verification. Big warnings not to do this with unverified data, but programs intended to post-process data which has already been verified shouldn't have to be unreadable just to rub the programmer's nose in the verification API. svn path=/trunk/; revision=5788
author: Rob Austein <sra@hactrn.net> 2014-04-12 14:51:17 +0000
committer: Rob Austein <sra@hactrn.net> 2014-04-12 14:51:17 +0000
commit: 3e01ffe0e5238b627a052cc83f045e767a0de826 (patch)
tree: 0c5761a33ba2561f6e142fb1faa5c687099aeb5b
parent: 7ca4c3eaac0a159d6daa39db781f4622ed0fbc24 (diff)
1 files changed, 161 insertions, 43 deletions
diff --git a/ext/POW.c b/ext/POW.c
index c14e154a..174d4a23 100644
--- a/ext/POW.c
+++ b/ext/POW.c
@@ -6597,6 +6597,35 @@ cms_object_sign(cms_object *self, PyObject *args)
     return NULL;
 }
 
+#define DONT_VERIFY_ANYTHING    \
+  (CMS_NOCRL |                  \
+   CMS_NO_SIGNER_CERT_VERIFY |  \
+   CMS_NO_ATTR_VERIFY |         \
+   CMS_NO_CONTENT_VERIFY)
+
+static BIO *
+cms_object_extract_without_verifying_helper(cms_object *self)
+{
+  BIO *bio = NULL;
+  int ok = 0;
+
+  ENTERING(cms_object_extract_without_verifying_helper);
+
+  if ((bio = BIO_new(BIO_s_mem())) == NULL)
+    lose_no_memory();
+
+  if (CMS_verify(self->cms, NULL, NULL, NULL, bio, DONT_VERIFY_ANYTHING) <= 0)
+    lose_openssl_error("Couldn't parse CMS message");
+
+  return bio;
+
+ error:
+  BIO_free(bio);
+  return NULL;
+}
+
+#undef DONT_VERIFY_ANYTHING
+
 static BIO *
 cms_object_verify_helper(cms_object *self, PyObject *args, PyObject *kwds)
 {
@@ -6678,6 +6707,27 @@ cms_object_verify(cms_object *self, PyObject *args, PyObject *kwds)
   return result;
 }
 
+static char cms_object_extract_without_verifying__doc__[] =
+  "Extract content from a CMS object without attempting CMS verification.\n"
+  "\n"
+  "NEVER USE THIS METHOD ON AN UNVERIFIED CMS OBJECT!\n"
+  ;
+
+static PyObject *
+cms_object_extract_without_verifying(cms_object *self)
+{
+  PyObject *result = NULL;
+  BIO *bio = NULL;
+
+  ENTERING(cms_object_extract_without_verifying);
+
+  if ((bio = cms_object_extract_without_verifying_helper(self)) != NULL)
+    result = BIO_to_PyString_helper(bio);
+
+  BIO_free(bio);
+  return result;
+}
+
 static char cms_object_eContentType__doc__[] =
   "Return the eContentType OID of this CMS message.\n"
   ;
@@ -6834,19 +6884,20 @@ cms_object_crls(cms_object *self)
 }
 
 static struct PyMethodDef cms_object_methods[] = {
-  Define_Method(pemWrite,               cms_object_pem_write,           METH_NOARGS),
-  Define_Method(derWrite,               cms_object_der_write,           METH_NOARGS),
-  Define_Method(sign,                   cms_object_sign,                METH_VARARGS),
-  Define_Method(verify,                 cms_object_verify,              METH_KEYWORDS),
-  Define_Method(eContentType,           cms_object_eContentType,        METH_NOARGS),
-  Define_Method(signingTime,            cms_object_signingTime,         METH_NOARGS),
-  Define_Method(pprint,                 cms_object_pprint,              METH_NOARGS),
-  Define_Method(certs,                  cms_object_certs,               METH_NOARGS),
-  Define_Method(crls,                   cms_object_crls,                METH_NOARGS),
-  Define_Class_Method(pemRead,          cms_object_pem_read,            METH_VARARGS),
-  Define_Class_Method(pemReadFile,      cms_object_pem_read_file,       METH_VARARGS),
-  Define_Class_Method(derRead,          cms_object_der_read,            METH_VARARGS),
-  Define_Class_Method(derReadFile,      cms_object_der_read_file,       METH_VARARGS),
+  Define_Method(pemWrite,                       cms_object_pem_write,                   METH_NOARGS),
+  Define_Method(derWrite,                       cms_object_der_write,                   METH_NOARGS),
+  Define_Method(sign,                           cms_object_sign,                        METH_VARARGS),
+  Define_Method(verify,                         cms_object_verify,                      METH_KEYWORDS),
+  Define_Method(extractWithoutVerifying,        cms_object_extract_without_verifying,   METH_NOARGS),
+  Define_Method(eContentType,                   cms_object_eContentType,                METH_NOARGS),
+  Define_Method(signingTime,                    cms_object_signingTime,                 METH_NOARGS),
+  Define_Method(pprint,                         cms_object_pprint,                      METH_NOARGS),
+  Define_Method(certs,                          cms_object_certs,                       METH_NOARGS),
+  Define_Method(crls,                           cms_object_crls,                        METH_NOARGS),
+  Define_Class_Method(pemRead,                  cms_object_pem_read,                    METH_VARARGS),
+  Define_Class_Method(pemReadFile,              cms_object_pem_read_file,               METH_VARARGS),
+  Define_Class_Method(derRead,                  cms_object_der_read,                    METH_VARARGS),
+  Define_Class_Method(derReadFile,              cms_object_der_read_file,               METH_VARARGS),
   {NULL}
 };
 
@@ -6955,6 +7006,38 @@ manifest_object_verify(manifest_object *self, PyObject *args, PyObject *kwds)
     return NULL;
 }
 
+static char manifest_object_extract_without_verifying__doc__[] =
+  "Extract manifest payload from CMS wrapper without attempting CMS verification.\n"
+  "\n"
+  "NEVER USE THIS METHOD ON AN UNVERIFIED MANIFEST!\n"
+  ;
+
+static PyObject *
+manifest_object_extract_without_verifying(manifest_object *self)
+{
+  PyObject *result = NULL;
+  BIO *bio = NULL;
+  int ok = 0;
+
+  ENTERING(manifest_object_extract_without_verifying);
+
+  if ((bio = cms_object_extract_without_verifying_helper(&self->cms)) != NULL)
+    result = BIO_to_PyString_helper(bio);
+
+  if (!ASN1_item_d2i_bio(ASN1_ITEM_rptr(Manifest), bio, &self->manifest))
+    lose_openssl_error("Couldn't decode manifest");
+
+  ok = 1;
+
+ error:
+  BIO_free(bio);
+
+  if (ok)
+    Py_RETURN_NONE;
+  else
+    return NULL;
+}
+
 static PyObject *
 manifest_object_der_read_helper(PyTypeObject *type, BIO *bio)
 {
@@ -7469,24 +7552,25 @@ manifest_object_sign(manifest_object *self, PyObject *args)
 }
 
 static struct PyMethodDef manifest_object_methods[] = {
-  Define_Method(getVersion,             manifest_object_get_version,            METH_NOARGS),
-  Define_Method(setVersion,             manifest_object_set_version,            METH_VARARGS),
-  Define_Method(getManifestNumber,      manifest_object_get_manifest_number,    METH_NOARGS),
-  Define_Method(setManifestNumber,      manifest_object_set_manifest_number,    METH_VARARGS),
-  Define_Method(getThisUpdate,          manifest_object_get_this_update,        METH_NOARGS),
-  Define_Method(setThisUpdate,          manifest_object_set_this_update,        METH_VARARGS),
-  Define_Method(getNextUpdate,          manifest_object_get_next_update,        METH_NOARGS),
-  Define_Method(setNextUpdate,          manifest_object_set_next_update,        METH_VARARGS),
-  Define_Method(getAlgorithm,           manifest_object_get_algorithm,          METH_NOARGS),
-  Define_Method(setAlgorithm,           manifest_object_set_algorithm,          METH_VARARGS),
-  Define_Method(getFiles,               manifest_object_get_files,              METH_NOARGS),
-  Define_Method(addFiles,               manifest_object_add_files,              METH_VARARGS),
-  Define_Method(sign,                   manifest_object_sign,                   METH_VARARGS),
-  Define_Method(verify,                 manifest_object_verify,                 METH_KEYWORDS),
-  Define_Class_Method(pemRead,          manifest_object_pem_read,               METH_VARARGS),
-  Define_Class_Method(pemReadFile,      manifest_object_pem_read_file,          METH_VARARGS),
-  Define_Class_Method(derRead,          manifest_object_der_read,               METH_VARARGS),
-  Define_Class_Method(derReadFile,      manifest_object_der_read_file,          METH_VARARGS),
+  Define_Method(getVersion,			manifest_object_get_version,                    METH_NOARGS),
+  Define_Method(setVersion,			manifest_object_set_version,                    METH_VARARGS),
+  Define_Method(getManifestNumber,		manifest_object_get_manifest_number,            METH_NOARGS),
+  Define_Method(setManifestNumber,		manifest_object_set_manifest_number,            METH_VARARGS),
+  Define_Method(getThisUpdate,			manifest_object_get_this_update,                METH_NOARGS),
+  Define_Method(setThisUpdate,			manifest_object_set_this_update,                METH_VARARGS),
+  Define_Method(getNextUpdate,			manifest_object_get_next_update,                METH_NOARGS),
+  Define_Method(setNextUpdate,			manifest_object_set_next_update,                METH_VARARGS),
+  Define_Method(getAlgorithm,			manifest_object_get_algorithm,                  METH_NOARGS),
+  Define_Method(setAlgorithm,			manifest_object_set_algorithm,                  METH_VARARGS),
+  Define_Method(getFiles,			manifest_object_get_files,                      METH_NOARGS),
+  Define_Method(addFiles,			manifest_object_add_files,                      METH_VARARGS),
+  Define_Method(sign,				manifest_object_sign,                           METH_VARARGS),
+  Define_Method(verify,				manifest_object_verify,                         METH_KEYWORDS),
+  Define_Method(extractWithoutVerifying,	manifest_object_extract_without_verifying,      METH_NOARGS),
+  Define_Class_Method(pemRead,			manifest_object_pem_read,                       METH_VARARGS),
+  Define_Class_Method(pemReadFile,		manifest_object_pem_read_file,                  METH_VARARGS),
+  Define_Class_Method(derRead,			manifest_object_der_read,                       METH_VARARGS),
+  Define_Class_Method(derReadFile,		manifest_object_der_read_file,                  METH_VARARGS),
   {NULL}
 };
 
@@ -7595,6 +7679,39 @@ roa_object_verify(roa_object *self, PyObject *args, PyObject *kwds)
     return NULL;
 }
 
+
+static char roa_object_extract_without_verifying__doc__[] =
+  "Extract ROA payload from CMS wrapper without attempting CMS verification.\n"
+  "\n"
+  "NEVER USE THIS METHOD ON AN UNVERIFIED ROA!\n"
+  ;
+
+static PyObject *
+roa_object_extract_without_verifying(roa_object *self)
+{
+  PyObject *result = NULL;
+  BIO *bio = NULL;
+  int ok = 0;
+
+  ENTERING(roa_object_extract_without_verifying);
+
+  if ((bio = cms_object_extract_without_verifying_helper(&self->cms)) != NULL)
+    result = BIO_to_PyString_helper(bio);
+
+  if (!ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), bio, &self->roa))
+    lose_openssl_error("Couldn't decode ROA");
+
+  ok = 1;
+
+ error:
+  BIO_free(bio);
+
+  if (ok)
+    Py_RETURN_NONE;
+  else
+    return NULL;
+}
+
 static PyObject *
 roa_object_pem_read_helper(PyTypeObject *type, BIO *bio)
 {
@@ -8101,18 +8218,19 @@ roa_object_sign(roa_object *self, PyObject *args)
 }
 
 static struct PyMethodDef roa_object_methods[] = {
-  Define_Method(getVersion,             roa_object_get_version,         METH_NOARGS),
-  Define_Method(setVersion,             roa_object_set_version,         METH_VARARGS),
-  Define_Method(getASID,                roa_object_get_asid,            METH_NOARGS),
-  Define_Method(setASID,                roa_object_set_asid,            METH_VARARGS),
-  Define_Method(getPrefixes,            roa_object_get_prefixes,        METH_NOARGS),
-  Define_Method(setPrefixes,            roa_object_set_prefixes,        METH_KEYWORDS),
-  Define_Method(sign,                   roa_object_sign,                METH_VARARGS),
-  Define_Method(verify,                 roa_object_verify,              METH_KEYWORDS),
-  Define_Class_Method(pemRead,          roa_object_pem_read,            METH_VARARGS),
-  Define_Class_Method(pemReadFile,      roa_object_pem_read_file,       METH_VARARGS),
-  Define_Class_Method(derRead,          roa_object_der_read,            METH_VARARGS),
-  Define_Class_Method(derReadFile,      roa_object_der_read_file,       METH_VARARGS),
+  Define_Method(getVersion,                     roa_object_get_version,                 METH_NOARGS),
+  Define_Method(setVersion,                     roa_object_set_version,                 METH_VARARGS),
+  Define_Method(getASID,                        roa_object_get_asid,                    METH_NOARGS),
+  Define_Method(setASID,                        roa_object_set_asid,                    METH_VARARGS),
+  Define_Method(getPrefixes,                    roa_object_get_prefixes,                METH_NOARGS),
+  Define_Method(setPrefixes,                    roa_object_set_prefixes,                METH_KEYWORDS),
+  Define_Method(sign,                           roa_object_sign,                        METH_VARARGS),
+  Define_Method(verify,                         roa_object_verify,                      METH_KEYWORDS),
+  Define_Method(extractWithoutVerifying,        roa_object_extract_without_verifying,   METH_NOARGS),
+  Define_Class_Method(pemRead,                  roa_object_pem_read,                    METH_VARARGS),
+  Define_Class_Method(pemReadFile,              roa_object_pem_read_file,               METH_VARARGS),
+  Define_Class_Method(derRead,                  roa_object_der_read,                    METH_VARARGS),
+  Define_Class_Method(derReadFile,              roa_object_der_read_file,               METH_VARARGS),
   {NULL}
 };
author	Rob Austein <sra@hactrn.net>	2014-04-12 14:51:17 +0000
committer	Rob Austein <sra@hactrn.net>	2014-04-12 14:51:17 +0000
commit	3e01ffe0e5238b627a052cc83f045e767a0de826 (patch)
tree	0c5761a33ba2561f6e142fb1faa5c687099aeb5b
parent	7ca4c3eaac0a159d6daa39db781f4622ed0fbc24 (diff)