diff options
| author | Rob Austein <sra@hactrn.net> | 2008-04-22 21:11:04 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2008-04-22 21:11:04 +0000 |
| commit | 4d8602a0b807855e60a8155d6a8ec3f70bd2eb78 (patch) | |
| tree | e140998059d9970483c4c1043a9de68b6af0865a | |
| parent | 6d6c57a44146af102748e179c72595ef8a2bb8be (diff) | |
Add CRL support to CMS.sign(), reorder CMS.sign() arguments.
svn path=/pow/POW-0.7/POW.c; revision=1693
| -rw-r--r-- | pow/POW-0.7/POW.c | 42 | ||||
| -rw-r--r-- | rpkid/test-pow-cms.py | 12 |
2 files changed, 43 insertions, 11 deletions
diff --git a/pow/POW-0.7/POW.c b/pow/POW-0.7/POW.c index ecb07be2..6053ae9e 100644 --- a/pow/POW-0.7/POW.c +++ b/pow/POW-0.7/POW.c @@ -6726,9 +6726,10 @@ static char CMS_object_sign__doc__[] = " <name>sign</name>\n" " <parameter>signcert</parameter>\n" " <parameter>key</parameter>\n" -" <parameter>certs</parameter>\n" " <parameter>data</parameter>\n" " <optional>\n" +" <parameter>certs</parameter>\n" +" <parameter>crls</parameter>\n" " <parameter>eContentType</parameter>\n" " <parameter>flags</parameter>\n" " </optional>\n" @@ -6747,21 +6748,24 @@ CMS_object_sign(cms_object *self, PyObject *args) { asymmetric_object *signkey = NULL; x509_object *signcert = NULL; - PyObject *x509_sequence = NULL; + x509_crl_object *crlobj = NULL; + PyObject *x509_sequence = Py_None, *crl_sequence = Py_None; STACK_OF(X509) *x509_stack = NULL; EVP_PKEY *pkey = NULL; char *buf = NULL, *oid = NULL; - int i, len; + int i, n, len; unsigned flags = 0; BIO *bio = NULL; CMS_ContentInfo *cms = NULL; ASN1_OBJECT *econtent_type = NULL; + X509_CRL *crl = NULL; - if (!PyArg_ParseTuple(args, "O!O!Os#|sI", + if (!PyArg_ParseTuple(args, "O!O!s#|OOsI", &x509type, &signcert, &asymmetrictype, &signkey, - &x509_sequence, &buf, &len, + &x509_sequence, + &crl_sequence, &oid, &flags)) goto error; @@ -6800,6 +6804,31 @@ CMS_object_sign(cms_object *self, PyObject *args) if ( !CMS_add1_signer(cms, signcert->x509, pkey, EVP_sha256(), flags)) { set_openssl_pyerror( "could not sign CMS message" ); goto error; } + if (crl_sequence != Py_None) { + + if (!PyTuple_Check(crl_sequence) && !PyList_Check(crl_sequence)) + { PyErr_SetString( PyExc_TypeError, "inapropriate type" ); goto error; } + + n = PySequence_Size( crl_sequence ); + + for (i = 0; i < n; i++) { + if ( !(crlobj = (x509_crl_object *) PySequence_GetItem(crl_sequence, i))) + goto error; + + if (!X_X509_crl_Check(crlobj)) + { PyErr_SetString( PyExc_TypeError, "inappropriate type" ); goto error; } + + if ( !(crl = X509_CRL_dup(crlobj->crl))) + { PyErr_SetString( PyExc_TypeError, "couldn't clone CRL" ); goto error; } + + if (!CMS_add0_crl(self->cms, crl)) + { set_openssl_pyerror( "could not add CRL to CMS" ); goto error; } + + Py_DECREF(crlobj); + crlobj = NULL; + } + } + if ( !CMS_final(cms, bio, NULL, flags)) { set_openssl_pyerror( "could not finalize CMS signatures" ); goto error; } @@ -6832,6 +6861,9 @@ error: if (econtent_type) ASN1_OBJECT_free(econtent_type); + if (crlobj) + Py_XDECREF(crlobj); + return NULL; } diff --git a/rpkid/test-pow-cms.py b/rpkid/test-pow-cms.py index d9d62294..f4196f73 100644 --- a/rpkid/test-pow-cms.py +++ b/rpkid/test-pow-cms.py @@ -41,12 +41,12 @@ oid = "1.2.840.113549.1.9.16.1.24" plaintext = "Wombats Are Us" -for args in ((ee, key, [ca], plaintext, oid), - (ee, key, [ca], plaintext, oid, POW.CMS_NOATTR), - (ee, key, [ca], plaintext, oid, POW.CMS_NOCERTS), - (ee, key, [], plaintext, oid), - (ee, key, [], plaintext, oid, POW.CMS_NOATTR), - (ee, key, [], plaintext, oid, POW.CMS_NOCERTS)): +for args in ((ee, key, plaintext, [ca], (), oid), + (ee, key, plaintext, [ca], (), oid, POW.CMS_NOATTR), + (ee, key, plaintext, [ca], (), oid, POW.CMS_NOCERTS), + (ee, key, plaintext, [], (), oid), + (ee, key, plaintext, [], (), oid, POW.CMS_NOATTR), + (ee, key, plaintext, [], (), oid, POW.CMS_NOCERTS)): print "Testing", repr(args) |