aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2012-10-05 00:37:57 +0000
committerRob Austein <sra@hactrn.net>2012-10-05 00:37:57 +0000
commit607e3e6a04e66a8213b00652bd8e27d2ab865296 (patch)
tree306fb091de65d8dbf047257a334f532b54320030
parentd7bf6c64779f6410c24041663b0f55a134a98db9 (diff)
Convert another chunk of Python code to use new POW classes. Clean up
PEM and OID code in POW. Add ENTER() macro to make it easier to track down things like borked reference counts. svn path=/branches/tk274/; revision=4756
Diffstat
-rw-r--r--h/rpki/sk_manifest.h2
-rw-r--r--h/rpki/sk_roa.h2
-rw-r--r--rpkid/ext/POW.c706
-rw-r--r--rpkid/rpki/x509.py93
4 files changed, 624 insertions, 179 deletions
diff --git a/h/rpki/sk_manifest.h b/h/rpki/sk_manifest.h
index 01bcb15f..ead7cbe4 100644
--- a/h/rpki/sk_manifest.h
+++ b/h/rpki/sk_manifest.h
@@ -1,6 +1,6 @@
/*
* Automatically generated, do not edit.
- * Generator $Id: defstack.awk 3985 2011-09-15 00:04:23Z sra $
+ * Generator $Id: defstack.py 4725 2012-09-19 21:28:34Z sra $
*/
#ifndef __RPKI_MANIFEST_H__DEFSTACK_H__
diff --git a/h/rpki/sk_roa.h b/h/rpki/sk_roa.h
index 6232b5a8..cb5c5e17 100644
--- a/h/rpki/sk_roa.h
+++ b/h/rpki/sk_roa.h
@@ -1,6 +1,6 @@
/*
* Automatically generated, do not edit.
- * Generator $Id: defstack.awk 3985 2011-09-15 00:04:23Z sra $
+ * Generator $Id: defstack.py 4725 2012-09-19 21:28:34Z sra $
*/
#ifndef __RPKI_ROA_H__DEFSTACK_H__
diff --git a/rpkid/ext/POW.c b/rpkid/ext/POW.c
index b0a4dea6..7ab7b0b4 100644
--- a/rpkid/ext/POW.c
+++ b/rpkid/ext/POW.c
@@ -303,9 +303,15 @@ typedef struct {
*/
#if 0
-#define KVETCH(_msg_) write(2, _msg_ "\n", sizeof(_msg_))
+#define KVETCH(_msg_) write(2, _msg_ "\n", sizeof(_msg_))
#else
-#define KVETCH(_msg_)
+#define KVETCH(_msg_) ((void) 0)
+#endif
+
+#if 0
+#define ENTERING(_name_) KVETCH("Entering " #_name_ "()")
+#else
+#define ENTERING(_name_) ((void) 0)
#endif
/*
@@ -903,6 +909,23 @@ create_missing_nids(void)
return 1;
}
+static PyObject *
+ASN1_OBJECT_to_PyString(const ASN1_OBJECT *oid)
+{
+ PyObject *result = NULL;
+ char buf[512];
+
+ ENTERING(ASN1_OBJECT_to_PyString);
+
+ if (OBJ_obj2txt(buf, sizeof(buf), oid, 1) <= 0)
+ lose_openssl_error("Couldn't translate OID");
+
+ result = PyString_FromString(buf);
+
+ error:
+ return result;
+}
+
/*
@@ -1289,6 +1312,8 @@ x509_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
x509_object *self;
+ ENTERING(x509_object_new);
+
if ((self = (x509_object *) type->tp_alloc(type, 0)) != NULL &&
(self->x509 = X509_new()) != NULL)
return (PyObject *) self;
@@ -1297,17 +1322,25 @@ x509_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+x509_object_dealloc(x509_object *self)
+{
+ ENTERING(x509_object_dealloc);
+ X509_free(self->x509);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
x509_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
x509_object *self = NULL;
+ ENTERING(x509_object_pem_read_helper);
+
if ((self = (x509_object *) x509_object_new(type, NULL, NULL)) == NULL)
goto error;
- X509_free(self->x509);
-
- if ((self->x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_X509(bio, &self->x509, NULL, NULL))
lose_openssl_error("Couldn't load PEM encoded certificate");
return (PyObject *) self;
@@ -1323,6 +1356,8 @@ x509_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
x509_object *self;
+ ENTERING(x509_object_der_read_helper);
+
if ((self = (x509_object *) x509_object_new(type, NULL, NULL)) == NULL)
goto error;
@@ -1343,6 +1378,7 @@ static char x509_object_pem_read__doc__[] =
static PyObject *
x509_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_pem_read);
return read_from_string_helper(x509_object_pem_read_helper, type, args);
}
@@ -1353,6 +1389,7 @@ static char x509_object_pem_read_file__doc__[] =
static PyObject *
x509_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_pem_read_file);
return read_from_file_helper(x509_object_pem_read_helper, type, args);
}
@@ -1363,6 +1400,7 @@ static char x509_object_der_read__doc__[] =
static PyObject *
x509_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_der_read);
return read_from_string_helper(x509_object_der_read_helper, type, args);
}
@@ -1373,6 +1411,7 @@ static char x509_object_der_read_file__doc__[] =
static PyObject *
x509_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_der_read_file);
return read_from_file_helper(x509_object_der_read_helper, type, args);
}
@@ -1386,6 +1425,8 @@ x509_object_pem_write(x509_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(x509_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -1409,6 +1450,8 @@ x509_object_der_write(x509_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(x509_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -1432,6 +1475,8 @@ x509_object_get_public_key(x509_object *self)
PyTypeObject *type = &POW_Asymmetric_Type;
asymmetric_object *asym = NULL;
+ ENTERING(x509_object_get_public_key);
+
if ((asym = (asymmetric_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -1456,6 +1501,8 @@ x509_object_set_public_key(x509_object *self, PyObject *args)
{
asymmetric_object *asym;
+ ENTERING(x509_object_set_public_key);
+
if (!PyArg_ParseTuple(args, "O!", &POW_Asymmetric_Type, &asym))
goto error;
@@ -1494,6 +1541,8 @@ x509_object_sign(x509_object *self, PyObject *args)
int digest_type = SHA256_DIGEST;
const EVP_MD *digest_method = NULL;
+ ENTERING(x509_object_sign);
+
if (!PyArg_ParseTuple(args, "O!|i", &POW_Asymmetric_Type, &asym, &digest_type))
goto error;
@@ -1516,6 +1565,7 @@ static char x509_object_get_version__doc__[] =
static PyObject *
x509_object_get_version(x509_object *self)
{
+ ENTERING(x509_object_get_version);
return Py_BuildValue("l", X509_get_version(self->x509));
}
@@ -1529,6 +1579,8 @@ x509_object_set_version(x509_object *self, PyObject *args)
{
long version = 0;
+ ENTERING(x509_object_set_version);
+
if (!PyArg_ParseTuple(args, "l", &version))
goto error;
@@ -1549,6 +1601,7 @@ static char x509_object_get_serial__doc__[] =
static PyObject *
x509_object_get_serial(x509_object *self)
{
+ ENTERING(x509_object_get_serial);
return Py_BuildValue("N", ASN1_INTEGER_to_PyLong(X509_get_serialNumber(self->x509)));
}
@@ -1563,6 +1616,8 @@ x509_object_set_serial(x509_object *self, PyObject *args)
ASN1_INTEGER *a_serial = NULL;
PyObject *p_serial = NULL;
+ ENTERING(x509_object_set_serial);
+
if (!PyArg_ParseTuple(args, "O", &p_serial) ||
(a_serial = PyLong_to_ASN1_INTEGER(p_serial)) == NULL)
goto error;
@@ -1606,6 +1661,8 @@ x509_object_get_issuer(x509_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(x509_object_get_issuer);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -1628,6 +1685,8 @@ x509_object_get_subject(x509_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(x509_object_get_subject);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -1650,6 +1709,8 @@ x509_object_set_subject(x509_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(x509_object_set_subject);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -1683,6 +1744,8 @@ x509_object_set_issuer(x509_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(x509_object_set_issuer);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -1715,6 +1778,7 @@ static char x509_object_get_not_before__doc__[] =
static PyObject *
x509_object_get_not_before (x509_object *self)
{
+ ENTERING(x509_object_get_not_before);
return ASN1_TIME_to_Python(X509_get_notBefore(self->x509));
}
@@ -1729,6 +1793,7 @@ static char x509_object_get_not_after__doc__[] =
static PyObject *
x509_object_get_not_after (x509_object *self)
{
+ ENTERING(x509_object_get_not_after);
return ASN1_TIME_to_Python(X509_get_notAfter(self->x509));
}
@@ -1747,6 +1812,8 @@ x509_object_set_not_after (x509_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(x509_object_set_not_after);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -1779,6 +1846,8 @@ x509_object_set_not_before (x509_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(x509_object_set_not_before);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -1825,6 +1894,8 @@ x509_object_add_extension(x509_object *self, PyObject *args)
ASN1_OCTET_STRING *octetString = NULL;
X509_EXTENSION *ext = NULL;
+ ENTERING(x509_object_add_extension);
+
if (!PyArg_ParseTuple(args, "sOs#", &name, &critical, &buf, &len))
goto error;
@@ -1864,6 +1935,8 @@ x509_object_clear_extensions(x509_object *self)
{
X509_EXTENSION *ext;
+ ENTERING(x509_object_clear_extensions);
+
while ((ext = X509_delete_ext(self->x509, 0)) != NULL)
X509_EXTENSION_free(ext);
@@ -1877,6 +1950,7 @@ static char x509_object_count_extensions__doc__[] =
static PyObject *
x509_object_count_extensions(x509_object *self)
{
+ ENTERING(x509_object_count_extensions);
return Py_BuildValue("i", X509_get_ext_count(self->x509));
}
@@ -1895,6 +1969,8 @@ x509_object_get_extension(x509_object *self, PyObject *args)
char oid[512];
int slot = 0;
+ ENTERING(x509_object_get_extension);
+
if (!PyArg_ParseTuple(args, "i", &slot))
goto error;
@@ -1921,6 +1997,8 @@ static char x509_object_get_ski__doc__[] =
static PyObject *
x509_object_get_ski(x509_object *self, PyObject *args)
{
+ ENTERING(x509_object_get_ski);
+
(void) X509_check_ca(self->x509); /* Calls x509v3_cache_extensions() */
if (self->x509->skid == NULL)
@@ -1943,6 +2021,8 @@ x509_object_set_ski(x509_object *self, PyObject *args)
const unsigned char *buf = NULL;
int len, ok = 0;
+ ENTERING(x509_object_set_ski);
+
if (!PyArg_ParseTuple(args, "s#", &buf, &len))
goto error;
@@ -1978,6 +2058,8 @@ static char x509_object_get_aki__doc__[] =
static PyObject *
x509_object_get_aki(x509_object *self, PyObject *args)
{
+ ENTERING(x509_object_get_aki);
+
(void) X509_check_ca(self->x509); /* Calls x509v3_cache_extensions() */
if (self->x509->akid == NULL || self->x509->akid->keyid == NULL)
@@ -2001,6 +2083,8 @@ x509_object_set_aki(x509_object *self, PyObject *args)
const unsigned char *buf = NULL;
int len, ok = 0;
+ ENTERING(x509_object_set_aki);
+
if (!PyArg_ParseTuple(args, "s#", &buf, &len))
goto error;
@@ -2042,6 +2126,8 @@ x509_object_get_key_usage(x509_object *self)
PyObject *result = NULL;
PyObject *token = NULL;
+ ENTERING(x509_object_get_key_usage);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_key_usage, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2091,6 +2177,8 @@ x509_object_set_key_usage(x509_object *self, PyObject *args)
const char *t;
int ok = 0;
+ ENTERING(x509_object_set_key_usage);
+
if ((ext = ASN1_BIT_STRING_new()) == NULL)
lose_no_memory();
@@ -2157,6 +2245,8 @@ x509_object_get_rfc3779(x509_object *self)
IPAddrBlocks *addr = NULL;
int i, j;
+ ENTERING(x509_object_get_rfc3779);
+
if ((asid = X509_get_ext_d2i(self->x509, NID_sbgp_autonomousSysNum, NULL, NULL)) != NULL) {
switch (asid->asnum->type) {
@@ -2326,6 +2416,8 @@ x509_object_set_rfc3779(x509_object *self, PyObject *args, PyObject *kwds)
ipaddress_object *addr_b = NULL;
ipaddress_object *addr_e = NULL;
+ ENTERING(x509_object_set_rfc3779);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "|OOO", kwlist, &asn_arg, &ipv4_arg, &ipv6_arg))
goto error;
@@ -2480,6 +2572,8 @@ x509_object_get_basic_constraints(x509_object *self)
BASIC_CONSTRAINTS *ext = NULL;
PyObject *result;
+ ENTERING(x509_object_get_basic_constraints);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_basic_constraints, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2517,6 +2611,8 @@ x509_object_set_basic_constraints(x509_object *self, PyObject *args)
long pathlen = -1;
int ok = 0;
+ ENTERING(x509_object_set_basic_constraints);
+
if (!PyArg_ParseTuple(args, "O|OO", &is_ca, &pathlen_obj, &critical))
goto error;
@@ -2572,6 +2668,8 @@ x509_object_get_sia(x509_object *self)
PyObject *obj;
int i, nid;
+ ENTERING(x509_object_get_sia);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_sinfo_access, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2668,6 +2766,8 @@ x509_object_set_sia(x509_object *self, PyObject *args)
Py_ssize_t urilen;
char *uri;
+ ENTERING(x509_object_set_sia);
+
if (!PyArg_ParseTuple(args, "OOO", &caRepository, &rpkiManifest, &signedObject))
goto error;
@@ -2755,6 +2855,8 @@ x509_object_get_aia(x509_object *self)
PyObject *obj;
int i, n = 0;
+ ENTERING(x509_object_get_aia);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_info_access, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2807,6 +2909,8 @@ x509_object_set_aia(x509_object *self, PyObject *args)
Py_ssize_t urilen;
char *uri;
+ ENTERING(x509_object_set_aia);
+
if (!PyArg_ParseTuple(args, "O", &caIssuers))
goto error;
@@ -2879,6 +2983,8 @@ x509_object_get_crldp(x509_object *self)
PyObject *obj;
int i, n = 0;
+ ENTERING(x509_object_get_crldp);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_crl_distribution_points, NULL, NULL)) == NULL ||
(dp = sk_DIST_POINT_value(ext, 0)) == NULL ||
dp->distpoint == NULL ||
@@ -2933,6 +3039,8 @@ x509_object_set_crldp(x509_object *self, PyObject *args)
char *uri;
int ok = 0;
+ ENTERING(x509_object_set_crldp);
+
if (!PyArg_ParseTuple(args, "O", &fullNames))
goto error;
@@ -3008,6 +3116,8 @@ x509_object_get_certificate_policies(x509_object *self)
PyObject *obj;
int i;
+ ENTERING(x509_object_get_certificate_policies);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_certificate_policies, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -3016,12 +3126,8 @@ x509_object_get_certificate_policies(x509_object *self)
for (i = 0; i < sk_POLICYINFO_num(ext); i++) {
POLICYINFO *p = sk_POLICYINFO_value(ext, i);
- char oid[512];
- if (OBJ_obj2txt(oid, sizeof(oid), p->policyid, 1) <= 0)
- lose_openssl_error("Couldn't translate OID");
-
- if ((obj = PyString_FromString(oid)) == NULL)
+ if ((obj = ASN1_OBJECT_to_PyString(p->policyid)) == NULL)
goto error;
PyTuple_SET_ITEM(result, i, obj);
@@ -3052,6 +3158,8 @@ x509_object_set_certificate_policies(x509_object *self, PyObject *args)
const char *oid;
int ok = 0;
+ ENTERING(x509_object_set_certificate_policies);
+
if (!PyArg_ParseTuple(args, "O", &policies))
goto error;
@@ -3114,6 +3222,8 @@ x509_object_pprint(x509_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(x509_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -3175,13 +3285,6 @@ static struct PyMethodDef x509_object_methods[] = {
{NULL}
};
-static void
-x509_object_dealloc(x509_object *self)
-{
- X509_free(self->x509);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_X509_Type__doc__[] =
"This class represents an X.509 certificate.\n"
"\n"
@@ -3241,6 +3344,8 @@ x509_store_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
x509_store_object *self = NULL;
+ ENTERING(x509_store_object_new);
+
if ((self = (x509_store_object *) type->tp_alloc(type, 0)) != NULL &&
(self->store = X509_STORE_new()) != NULL)
return (PyObject *) self;
@@ -3249,6 +3354,14 @@ x509_store_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+x509_store_object_dealloc(x509_store_object *self)
+{
+ ENTERING(x509_store_object_dealloc);
+ X509_STORE_free(self->store);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
#if ENABLE_X509_CERTIFICATE_SIGNATURE_AND_VERIFICATION
#warning Check X509_verify_cert options
/*
@@ -3289,7 +3402,6 @@ x509_store_object_verify(x509_store_object *self, PyObject *args)
return PyBool_FromLong(ok);
error:
-
return NULL;
}
@@ -3320,9 +3432,7 @@ x509_store_object_verify_chain(x509_store_object *self, PyObject *args)
goto error;
X509_STORE_CTX_init(&ctx, self->store, x509->x509, x509_stack);
-
ok = X509_verify_cert(&ctx) == 1;
-
X509_STORE_CTX_cleanup(&ctx);
sk_X509_free(x509_stack);
@@ -3371,11 +3481,8 @@ x509_store_object_verify_detailed(x509_store_object *self, PyObject *args)
goto error;
X509_STORE_CTX_init(&ctx, self->store, x509->x509, x509_stack);
-
ok = X509_verify_cert(&ctx) == 1;
-
result = Py_BuildValue("(iii)", ok, ctx.error, ctx.error_depth);
-
X509_STORE_CTX_cleanup(&ctx);
error: /* fall through */
@@ -3400,6 +3507,8 @@ x509_store_object_add_trust(x509_store_object *self, PyObject *args)
{
x509_object *x509 = NULL;
+ ENTERING(x509_store_object_add_trust);
+
if (!PyArg_ParseTuple(args, "O!", &POW_X509_Type, &x509))
goto error;
@@ -3423,6 +3532,8 @@ x509_store_object_add_crl(x509_store_object *self, PyObject *args)
{
crl_object *crl = NULL;
+ ENTERING(x509_store_object_add_crl);
+
if (!PyArg_ParseTuple(args, "O!", &POW_CRL_Type, &crl))
goto error;
@@ -3446,13 +3557,6 @@ static struct PyMethodDef x509_store_object_methods[] = {
{NULL}
};
-static void
-x509_store_object_dealloc(x509_store_object *self)
-{
- X509_STORE_free(self->store);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_X509Store_Type__doc__[] =
"This class provides basic access to the OpenSSL certificate store\n"
"mechanism used in X.509 and CMS verification.\n"
@@ -3513,6 +3617,8 @@ crl_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
crl_object *self = NULL;
+ ENTERING(crl_object_new);
+
if ((self = (crl_object *) type->tp_alloc(type, 0)) != NULL &&
(self->crl = X509_CRL_new()) != NULL)
return (PyObject *) self;
@@ -3521,17 +3627,25 @@ crl_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+crl_object_dealloc(crl_object *self)
+{
+ ENTERING(crl_object_dealloc);
+ X509_CRL_free(self->crl);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
crl_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
crl_object *self;
+ ENTERING(crl_object_pem_read_helper);
+
if ((self = (crl_object *) crl_object_new(type, NULL, NULL)) == NULL)
goto error;
- X509_CRL_free(self->crl);
-
- if ((self->crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_X509_CRL(bio, &self->crl, NULL, NULL))
lose_openssl_error("Couldn't PEM encoded load CRL");
return (PyObject *) self;
@@ -3546,6 +3660,8 @@ crl_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
crl_object *self;
+ ENTERING(crl_object_der_read_helper);
+
if ((self = (crl_object *) crl_object_new(type, NULL, NULL)) == NULL)
goto error;
@@ -3566,6 +3682,7 @@ static char crl_object_pem_read__doc__[] =
static PyObject *
crl_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_pem_read);
return read_from_string_helper(crl_object_pem_read_helper, type, args);
}
@@ -3576,6 +3693,7 @@ static char crl_object_pem_read_file__doc__[] =
static PyObject *
crl_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_pem_read_file);
return read_from_file_helper(crl_object_pem_read_helper, type, args);
}
@@ -3586,6 +3704,7 @@ static char crl_object_der_read__doc__[] =
static PyObject *
crl_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_der_read);
return read_from_string_helper(crl_object_der_read_helper, type, args);
}
@@ -3596,6 +3715,7 @@ static char crl_object_der_read_file__doc__[] =
static PyObject *
crl_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_der_read_file);
return read_from_file_helper(crl_object_der_read_helper, type, args);
}
@@ -3606,6 +3726,7 @@ static char crl_object_get_version__doc__[] =
static PyObject *
crl_object_get_version(crl_object *self)
{
+ ENTERING(crl_object_get_version);
return Py_BuildValue("l", X509_CRL_get_version(self->crl));
}
@@ -3620,6 +3741,8 @@ crl_object_set_version(crl_object *self, PyObject *args)
{
long version = 0;
+ ENTERING(crl_object_set_version);
+
if (!PyArg_ParseTuple(args, "i", &version))
goto error;
@@ -3643,6 +3766,8 @@ crl_object_get_issuer(crl_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(crl_object_get_issuer);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -3663,6 +3788,8 @@ crl_object_set_issuer(crl_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(crl_object_set_issuer);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -3705,6 +3832,8 @@ crl_object_set_this_update (crl_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(crl_object_set_this_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -3733,6 +3862,7 @@ static char crl_object_get_this_update__doc__[] =
static PyObject *
crl_object_get_this_update (crl_object *self)
{
+ ENTERING(crl_object_get_this_update);
return ASN1_TIME_to_Python(X509_CRL_get_lastUpdate(self->crl)); /* sic */
}
@@ -3751,6 +3881,8 @@ crl_object_set_next_update (crl_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(crl_object_set_next_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -3779,6 +3911,7 @@ static char crl_object_get_next_update__doc__[] =
static PyObject *
crl_object_get_next_update (crl_object *self)
{
+ ENTERING(crl_object_get_next_update);
return ASN1_TIME_to_Python(X509_CRL_get_nextUpdate(self->crl));
}
@@ -3804,6 +3937,8 @@ crl_object_add_revocations(crl_object *self, PyObject *args)
int ok = 0;
char *c_date;
+ ENTERING(crl_object_add_revocations);
+
if (!PyArg_ParseTuple(args, "O", &iterable) ||
(iterator = PyObject_GetIter(iterable)) == NULL)
goto error;
@@ -3872,6 +4007,8 @@ crl_object_get_revoked(crl_object *self)
PyObject *date = NULL;
int i;
+ ENTERING(crl_object_get_revoked);
+
if ((revoked = X509_CRL_get_REVOKED(self->crl)) == NULL)
lose("Inexplicable NULL revocation list pointer");
@@ -3917,6 +4054,8 @@ crl_object_add_extension(crl_object *self, PyObject *args)
ASN1_OCTET_STRING *octetString = NULL;
X509_EXTENSION *ext = NULL;
+ ENTERING(crl_object_add_extension);
+
if (!PyArg_ParseTuple(args, "sOs#", &name, &critical, &buf, &len))
goto error;
@@ -3956,6 +4095,8 @@ crl_object_clear_extensions(crl_object *self)
{
X509_EXTENSION *ext;
+ ENTERING(crl_object_clear_extensions);
+
while ((ext = X509_CRL_delete_ext(self->crl, 0)) != NULL)
X509_EXTENSION_free(ext);
@@ -3969,6 +4110,7 @@ static char crl_object_count_extensions__doc__[] =
static PyObject *
crl_object_count_extensions(crl_object *self)
{
+ ENTERING(crl_object_count_extensions);
return Py_BuildValue("i", X509_CRL_get_ext_count(self->crl));
}
@@ -3987,6 +4129,8 @@ crl_object_get_extension(crl_object *self, PyObject *args)
char oid[512];
int slot = 0;
+ ENTERING(crl_object_get_extension);
+
if (!PyArg_ParseTuple(args, "i", &slot))
goto error;
@@ -4031,6 +4175,8 @@ crl_object_sign(crl_object *self, PyObject *args)
int digest_type = SHA256_DIGEST;
const EVP_MD *digest_method = NULL;
+ ENTERING(crl_object_sign);
+
if (!PyArg_ParseTuple(args, "O!|i", &POW_Asymmetric_Type, &asym, &digest_type))
goto error;
@@ -4059,6 +4205,8 @@ crl_object_verify(crl_object *self, PyObject *args)
{
asymmetric_object *asym;
+ ENTERING(crl_object_verify);
+
if (!PyArg_ParseTuple(args, "O!", &POW_Asymmetric_Type, &asym))
goto error;
@@ -4078,6 +4226,8 @@ crl_object_pem_write(crl_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(crl_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4101,6 +4251,8 @@ crl_object_der_write(crl_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(crl_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4127,6 +4279,8 @@ crl_object_get_aki(crl_object *self, PyObject *args)
int empty = (ext == NULL || ext->keyid == NULL);
PyObject *result = NULL;
+ ENTERING(crl_object_get_aki);
+
if (!empty)
result = Py_BuildValue("s#", ASN1_STRING_data(ext->keyid), ASN1_STRING_length(ext->keyid));
@@ -4151,6 +4305,8 @@ crl_object_set_aki(crl_object *self, PyObject *args)
const unsigned char *buf = NULL;
int len, ok = 0;
+ ENTERING(crl_object_set_aki);
+
if (!PyArg_ParseTuple(args, "s#", &buf, &len))
goto error;
@@ -4184,6 +4340,8 @@ crl_object_get_crl_number(crl_object *self)
ASN1_INTEGER *ext = X509_CRL_get_ext_d2i(self->crl, NID_crl_number, NULL, NULL);
PyObject *result = NULL;
+ ENTERING(crl_object_get_crl_number);
+
if (ext == NULL)
Py_RETURN_NONE;
@@ -4204,6 +4362,8 @@ crl_object_set_crl_number(crl_object *self, PyObject *args)
ASN1_INTEGER *ext = NULL;
PyObject *crl_number = NULL;
+ ENTERING(crl_object_set_crl_number);
+
if (!PyArg_ParseTuple(args, "O", &crl_number) ||
(ext = PyLong_to_ASN1_INTEGER(crl_number)) == NULL)
goto error;
@@ -4229,6 +4389,8 @@ crl_object_pprint(crl_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(crl_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4273,13 +4435,6 @@ static struct PyMethodDef crl_object_methods[] = {
{NULL}
};
-static void
-crl_object_dealloc(crl_object *self)
-{
- X509_CRL_free(self->crl);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_CRL_Type__doc__[] =
"This class provides access to OpenSSL X509 CRL management facilities.\n"
;
@@ -4337,6 +4492,8 @@ asymmetric_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_new);
+
if ((self = (asymmetric_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -4358,6 +4515,8 @@ asymmetric_object_init(asymmetric_object *self, PyObject *args, PyObject *kwds)
EVP_PKEY_CTX *ctx = NULL;
int ok = 0;
+ ENTERING(asymmetric_object_init);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "|ii", kwlist, &cipher_type, &key_size))
goto error;
@@ -4397,15 +4556,25 @@ asymmetric_object_init(asymmetric_object *self, PyObject *args, PyObject *kwds)
return -1;
}
+static void
+asymmetric_object_dealloc(asymmetric_object *self)
+{
+ ENTERING(asymmetric_object_dealloc);
+ EVP_PKEY_free(self->pkey);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
asymmetric_object_pem_read_private_helper(PyTypeObject *type, BIO *bio, char *pass)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_pem_read_private_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, pass)) == NULL)
+ if (!PEM_read_bio_PrivateKey(bio, &self->pkey, NULL, pass))
lose_openssl_error("Couldn't load private key");
return (PyObject *) self;
@@ -4436,6 +4605,8 @@ asymmetric_object_pem_read_private(PyTypeObject *type, PyObject *args)
BIO *bio = NULL;
int len = 0;
+ ENTERING(asymmetric_object_pem_read_private);
+
if (!PyArg_ParseTuple(args, "s#|s", &src, &len, &pass))
goto error;
@@ -4462,6 +4633,8 @@ asymmetric_object_pem_read_private_file(PyTypeObject *type, PyObject *args)
char *pass = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_pem_read_private_file);
+
if (!PyArg_ParseTuple(args, "s|s", &filename, &pass))
goto error;
@@ -4480,10 +4653,12 @@ asymmetric_object_der_read_private_helper(PyTypeObject *type, BIO *bio)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_der_read_private_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(&POW_Asymmetric_Type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = d2i_PrivateKey_bio(bio, NULL)) == NULL)
+ if (!d2i_PrivateKey_bio(bio, &self->pkey))
lose_openssl_error("Couldn't load private key");
return (PyObject *) self;
@@ -4501,6 +4676,7 @@ static char asymmetric_object_der_read_private__doc__[] =
static PyObject *
asymmetric_object_der_read_private(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_private);
return read_from_string_helper(asymmetric_object_der_read_private_helper, type, args);
}
@@ -4511,6 +4687,7 @@ static char asymmetric_object_der_read_private_file__doc__[] =
static PyObject *
asymmetric_object_der_read_private_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_private_file);
return read_from_file_helper(asymmetric_object_der_read_private_helper, type, args);
}
@@ -4519,10 +4696,12 @@ asymmetric_object_pem_read_public_helper(PyTypeObject *type, BIO *bio)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_pem_read_public_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(&POW_Asymmetric_Type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_PUBKEY(bio, &self->pkey, NULL, NULL))
lose_openssl_error("Couldn't load public key");
return (PyObject *) self;
@@ -4537,10 +4716,12 @@ asymmetric_object_der_read_public_helper(PyTypeObject *type, BIO *bio)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_der_read_public_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(&POW_Asymmetric_Type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = d2i_PUBKEY_bio(bio, NULL)) == NULL)
+ if (!d2i_PUBKEY_bio(bio, &self->pkey))
lose_openssl_error("Couldn't load public key");
return (PyObject *) self;
@@ -4558,6 +4739,7 @@ static char asymmetric_object_pem_read_public__doc__[] =
static PyObject *
asymmetric_object_pem_read_public(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_pem_read_public);
return read_from_string_helper(asymmetric_object_pem_read_public_helper, type, args);
}
@@ -4568,6 +4750,7 @@ static char asymmetric_object_pem_read_public_file__doc__[] =
static PyObject *
asymmetric_object_pem_read_public_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_pem_read_public_file);
return read_from_file_helper(asymmetric_object_pem_read_public_helper, type, args);
}
@@ -4578,6 +4761,7 @@ static char asymmetric_object_der_read_public__doc__[] =
static PyObject *
asymmetric_object_der_read_public(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_public);
return read_from_string_helper(asymmetric_object_der_read_public_helper, type, args);
}
@@ -4588,6 +4772,7 @@ static char asymmetric_object_der_read_public_file__doc__[] =
static PyObject *
asymmetric_object_der_read_public_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_public_file);
return read_from_file_helper(asymmetric_object_der_read_public_helper, type, args);
}
@@ -4607,6 +4792,8 @@ asymmetric_object_pem_write_private(asymmetric_object *self, PyObject *args)
const EVP_CIPHER *evp_method = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_pem_write_private);
+
if (!PyArg_ParseTuple(args, "|s", &passphrase))
goto error;
@@ -4636,6 +4823,8 @@ asymmetric_object_pem_write_public(asymmetric_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_pem_write_public);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4659,6 +4848,8 @@ asymmetric_object_der_write_private(asymmetric_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_der_write_private);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4682,6 +4873,8 @@ asymmetric_object_der_write_public(asymmetric_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_der_write_public);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4720,6 +4913,8 @@ asymmetric_object_sign(asymmetric_object *self, PyObject *args)
EVP_PKEY_CTX *ctx = NULL;
PyObject *result = NULL;
+ ENTERING(asymmetric_object_sign);
+
if (!PyArg_ParseTuple(args, "s#i", &digest_text, &digest_len, &digest_type))
goto error;
@@ -4782,6 +4977,8 @@ asymmetric_object_verify(asymmetric_object *self, PyObject *args)
EVP_PKEY_CTX *ctx = NULL;
int ok = 0, result;
+ ENTERING(asymmetric_object_verify);
+
if (!PyArg_ParseTuple(args, "s#s#i",
&signed_text, &signed_len,
&digest_text, &digest_len,
@@ -4826,13 +5023,6 @@ static struct PyMethodDef asymmetric_object_methods[] = {
{NULL}
};
-static void
-asymmetric_object_dealloc(asymmetric_object *self)
-{
- EVP_PKEY_free(self->pkey);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_Asymmetric_Type__doc__[] =
"This class provides basic access to RSA signature and verification.\n"
"\n"
@@ -4892,6 +5082,8 @@ digest_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
digest_object *self = NULL;
+ ENTERING(digest_object_new);
+
if ((self = (digest_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -4910,6 +5102,8 @@ digest_object_init(digest_object *self, PyObject *args, PyObject *kwds)
const EVP_MD *digest_method = NULL;
int digest_type = 0;
+ ENTERING(digest_object_init);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", kwlist, &digest_type))
goto error;
@@ -4926,6 +5120,14 @@ digest_object_init(digest_object *self, PyObject *args, PyObject *kwds)
return -1;
}
+static void
+digest_object_dealloc(digest_object *self)
+{
+ ENTERING(digest_object_dealloc);
+ EVP_MD_CTX_cleanup(&self->digest_ctx);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static char digest_object_update__doc__[] =
"This method adds data to a digest.\n"
"\n"
@@ -4938,6 +5140,8 @@ digest_object_update(digest_object *self, PyObject *args)
char *data = NULL;
int len = 0;
+ ENTERING(digest_object_update);
+
if (!PyArg_ParseTuple(args, "s#", &data, &len))
goto error;
@@ -4959,6 +5163,8 @@ digest_object_copy(digest_object *self, PyObject *args)
{
digest_object *new = NULL;
+ ENTERING(digest_object_copy);
+
if ((new = (digest_object *) digest_object_new(&POW_Digest_Type, NULL, NULL)) == NULL)
goto error;
@@ -4992,6 +5198,8 @@ digest_object_digest(digest_object *self)
EVP_MD_CTX ctx;
unsigned digest_len = 0;
+ ENTERING(digest_object_digest);
+
if (!EVP_MD_CTX_copy(&ctx, &self->digest_ctx))
lose_openssl_error("Couldn't copy digest");
@@ -5012,13 +5220,6 @@ static struct PyMethodDef digest_object_methods[] = {
{NULL}
};
-static void
-digest_object_dealloc(digest_object *self)
-{
- EVP_MD_CTX_cleanup(&self->digest_ctx);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_Digest_Type__doc__[] =
"This class provides access to the digest functionality of OpenSSL.\n"
"It emulates the digest modules in the Python Standard Library, but\n"
@@ -5088,6 +5289,8 @@ cms_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
cms_object *self;
+ ENTERING(cms_object_new);
+
if ((self = (cms_object *) type->tp_alloc(type, 0)) != NULL)
return (PyObject *) self;
@@ -5095,15 +5298,25 @@ cms_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+cms_object_dealloc(cms_object *self)
+{
+ ENTERING(cms_object_dealloc);
+ CMS_ContentInfo_free(self->cms);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
cms_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
cms_object *self;
+ ENTERING(cms_object_pem_read_helper);
+
if ((self = (cms_object *) type->tp_new(type, NULL, NULL)) == NULL)
goto error;
- if ((self->cms = PEM_read_bio_CMS(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_CMS(bio, &self->cms, NULL, NULL))
lose_openssl_error("Couldn't load PEM encoded CMS message");
return (PyObject *) self;
@@ -5118,12 +5331,11 @@ cms_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
cms_object *self;
+ ENTERING(cms_object_der_read_helper);
+
if ((self = (cms_object *) type->tp_new(type, NULL, NULL)) == NULL)
goto error;
- if ((self->cms = CMS_ContentInfo_new()) == NULL)
- lose_no_memory();
-
if (!d2i_CMS_bio(bio, &self->cms))
lose_openssl_error("Couldn't load DER encoded CMS message");
@@ -5141,6 +5353,7 @@ static char cms_object_pem_read__doc__[] =
static PyObject *
cms_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_pem_read);
return read_from_string_helper(cms_object_pem_read_helper, type, args);
}
@@ -5151,6 +5364,7 @@ static char cms_object_pem_read_file__doc__[] =
static PyObject *
cms_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_pem_read_file);
return read_from_file_helper(cms_object_pem_read_helper, type, args);
}
@@ -5161,6 +5375,7 @@ static char cms_object_der_read__doc__[] =
static PyObject *
cms_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_der_read);
return read_from_string_helper(cms_object_der_read_helper, type, args);
}
@@ -5171,6 +5386,7 @@ static char cms_object_der_read_file__doc__[] =
static PyObject *
cms_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_der_read_file);
return read_from_file_helper(cms_object_der_read_helper, type, args);
}
@@ -5184,6 +5400,8 @@ cms_object_pem_write(cms_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(cms_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -5207,6 +5425,8 @@ cms_object_der_write(cms_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(cms_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -5236,6 +5456,8 @@ cms_object_sign_helper(cms_object *self,
CMS_ContentInfo *cms = NULL;
ASN1_OBJECT *econtent_type = NULL;
+ ENTERING(cms_object_sign_helper);
+
assert_no_unhandled_openssl_errors();
flags &= CMS_NOCERTS | CMS_NOATTR;
@@ -5354,6 +5576,8 @@ cms_object_sign(cms_object *self, PyObject *args)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(cms_object_sign);
+
if (!PyArg_ParseTuple(args, "O!O!s#|OOsI",
&POW_X509_Type, &signcert,
&POW_Asymmetric_Type, &signkey,
@@ -5371,8 +5595,13 @@ cms_object_sign(cms_object *self, PyObject *args)
assert_no_unhandled_openssl_errors();
- ok = cms_object_sign_helper(self, bio, signcert, signkey,
- x509_sequence, crl_sequence, oid, flags);
+ if (!cms_object_sign_helper(self, bio, signcert, signkey,
+ x509_sequence, crl_sequence, oid, flags))
+ lose_openssl_error("Couldn't sign CMS object");
+
+ assert_no_unhandled_openssl_errors();
+
+ ok = 1;
error:
BIO_free(bio);
@@ -5395,6 +5624,8 @@ cms_object_verify_helper(cms_object *self, PyObject *args, PyObject *kwds)
unsigned flags = 0, ok = 0;
BIO *bio = NULL;
+ ENTERING(cms_object_verify_helper);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "O!|OI", kwlist, &POW_X509Store_Type, &store, &certs_sequence, &flags))
goto error;
@@ -5454,6 +5685,8 @@ cms_object_verify(cms_object *self, PyObject *args, PyObject *kwds)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(cms_object_verify);
+
if ((bio = cms_object_verify_helper(self, args, kwds)) != NULL)
result = BIO_to_PyString_helper(bio);
@@ -5470,17 +5703,15 @@ cms_object_eContentType(cms_object *self)
{
const ASN1_OBJECT *oid = NULL;
PyObject *result = NULL;
- char buf[512];
+
+ ENTERING(cms_object_eContentType);
if ((oid = CMS_get0_eContentType(self->cms)) == NULL)
lose_openssl_error("Couldn't extract eContentType from CMS message");
- if (OBJ_obj2txt(buf, sizeof(buf), oid, 1) <= 0)
- lose("Couldn't translate OID");
-
assert_no_unhandled_openssl_errors();
- result = Py_BuildValue("s", buf);
+ result = ASN1_OBJECT_to_PyString(oid);
error:
return result;
@@ -5500,6 +5731,8 @@ cms_object_signingTime(cms_object *self)
ASN1_TYPE *so = NULL;
int i;
+ ENTERING(cms_object_signingTime);
+
if ((sis = CMS_get0_SignerInfos(self->cms)) == NULL)
lose_openssl_error("Couldn't extract signerInfos from CMS message[1]");
@@ -5548,6 +5781,8 @@ cms_object_pprint(cms_object *self)
BIO *bio = NULL;
PyObject *result = NULL;
+ ENTERING(cms_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -5564,13 +5799,15 @@ cms_object_pprint(cms_object *self)
static PyObject *
cms_object_helper_get_cert(void *cert)
{
- x509_object *obj = (x509_object *) x509_object_new(&POW_X509_Type, NULL, NULL);
+ x509_object *obj;
- if (obj) {
- X509_free(obj->x509);
- obj->x509 = cert;
- }
+ ENTERING(cms_object_helper_get_cert);
+ if ((obj = (x509_object *) x509_object_new(&POW_X509_Type, NULL, NULL)) == NULL)
+ return NULL;
+
+ X509_free(obj->x509);
+ obj->x509 = cert;
return (PyObject *) obj;
}
@@ -5586,6 +5823,8 @@ cms_object_certs(cms_object *self)
STACK_OF(X509) *certs = NULL;
PyObject *result = NULL;
+ ENTERING(cms_object_certs);
+
if ((certs = CMS_get1_certs(self->cms)) != NULL)
result = stack_to_tuple_helper(CHECKED_PTR_OF(STACK_OF(X509), certs),
cms_object_helper_get_cert);
@@ -5602,13 +5841,15 @@ cms_object_certs(cms_object *self)
static PyObject *
cms_object_helper_get_crl(void *crl)
{
- crl_object *obj = (crl_object *) crl_object_new(&POW_CRL_Type, NULL, NULL);
+ crl_object *obj;
- if (obj) {
- X509_CRL_free(obj->crl);
- obj->crl = crl;
- }
+ ENTERING(cms_object_helper_get_crl);
+
+ if ((obj = (crl_object *) crl_object_new(&POW_CRL_Type, NULL, NULL)) == NULL)
+ return NULL;
+ X509_CRL_free(obj->crl);
+ obj->crl = crl;
return (PyObject *) obj;
}
@@ -5623,6 +5864,8 @@ cms_object_crls(cms_object *self)
STACK_OF(X509_CRL) *crls = NULL;
PyObject *result = NULL;
+ ENTERING(cms_object_crls);
+
if ((crls = CMS_get1_crls(self->cms)) != NULL)
result = stack_to_tuple_helper(CHECKED_PTR_OF(STACK_OF(X509_CRL), crls),
cms_object_helper_get_crl);
@@ -5653,13 +5896,6 @@ static struct PyMethodDef cms_object_methods[] = {
{NULL}
};
-static void
-cms_object_dealloc(cms_object *self)
-{
- CMS_ContentInfo_free(self->cms);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_CMS_Type__doc__[] =
"This class provides basic access OpenSSL's CMS functionality.\n"
"At present this only handes signed objects, as those are the\n"
@@ -5719,6 +5955,8 @@ manifest_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
manifest_object *self = NULL;
+ ENTERING(manifest_object_new);
+
if ((self = (manifest_object *) cms_object_new(type, args, kwds)) != NULL &&
(self->manifest = Manifest_new()) != NULL)
return (PyObject *) self;
@@ -5727,6 +5965,14 @@ manifest_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+manifest_object_dealloc(manifest_object *self)
+{
+ ENTERING(manifest_object_dealloc);
+ Manifest_free(self->manifest);
+ cms_object_dealloc(&self->cms);
+}
+
static char manifest_object_verify__doc__[] =
"Needs doc.\n"
;
@@ -5737,12 +5983,11 @@ manifest_object_verify(manifest_object *self, PyObject *args, PyObject *kwds)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(manifest_object_verify);
+
if ((bio = cms_object_verify_helper(&self->cms, args, kwds)) == NULL)
goto error;
- Manifest_free(self->manifest);
- self->manifest = NULL;
-
if (!ASN1_item_d2i_bio(ASN1_ITEM_rptr(Manifest), bio, &self->manifest))
lose_openssl_error("Couldn't decode manifest");
@@ -5762,6 +6007,8 @@ manifest_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
manifest_object *self;
+ ENTERING(manifest_object_der_read_helper);
+
if ((self = (manifest_object *) cms_object_der_read_helper(type, bio)) != NULL)
self->manifest = NULL;
@@ -5775,14 +6022,28 @@ static char manifest_object_der_read__doc__[] =
static PyObject *
manifest_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(manifest_object_der_read);
return read_from_string_helper(manifest_object_der_read_helper, type, args);
}
+static char manifest_object_der_read_file__doc__[] =
+ "Class method to read a DER-encoded manifest object from a file.\n"
+ ;
+
+static PyObject *
+manifest_object_der_read_file(PyTypeObject *type, PyObject *args)
+{
+ ENTERING(manifest_object_der_read_file);
+ return read_from_file_helper(manifest_object_der_read_helper, type, args);
+}
+
static PyObject *
manifest_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
manifest_object *self;
+ ENTERING(manifest_object_pem_read_helper);
+
if ((self = (manifest_object *) cms_object_pem_read_helper(type, bio)) != NULL)
self->manifest = NULL;
@@ -5796,6 +6057,7 @@ static char manifest_object_pem_read__doc__[] =
static PyObject *
manifest_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(manifest_object_pem_read);
return read_from_string_helper(manifest_object_pem_read_helper, type, args);
}
@@ -5806,19 +6068,10 @@ static char manifest_object_pem_read_file__doc__[] =
static PyObject *
manifest_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(manifest_object_pem_read_file);
return read_from_file_helper(manifest_object_pem_read_helper, type, args);
}
-static char manifest_object_der_read_file__doc__[] =
- "Class method to read a DER-encoded manifest object from a file.\n"
- ;
-
-static PyObject *
-manifest_object_der_read_file(PyTypeObject *type, PyObject *args)
-{
- return read_from_file_helper(manifest_object_der_read_helper, type, args);
-}
-
static char manifest_object_get_version__doc__[] =
"This method returns the version number of this manifest.\n"
;
@@ -5826,6 +6079,8 @@ static char manifest_object_get_version__doc__[] =
static PyObject *
manifest_object_get_version(manifest_object *self)
{
+ ENTERING(manifest_object_get_version);
+
if (self->manifest == NULL)
lose_not_verified("Can't report version of unverified manifest");
@@ -5853,6 +6108,8 @@ manifest_object_set_version(manifest_object *self, PyObject *args)
{
int version = 0;
+ ENTERING(manifest_object_set_version);
+
if (!PyArg_ParseTuple(args, "|i", &version))
goto error;
@@ -5878,6 +6135,8 @@ static char manifest_object_get_manifest_number__doc__[] =
static PyObject *
manifest_object_get_manifest_number(manifest_object *self)
{
+ ENTERING(manifest_object_get_manifest_number);
+
if (self->manifest == NULL)
lose_not_verified("Can't get manifestNumber of unverified manifest");
@@ -5900,6 +6159,8 @@ manifest_object_set_manifest_number(manifest_object *self, PyObject *args)
PyObject *zero = NULL;
int ok = 0;
+ ENTERING(manifest_object_set_manifest_number);
+
if (!PyArg_ParseTuple(args, "O", &manifestNumber))
goto error;
@@ -5945,6 +6206,8 @@ manifest_object_set_this_update (manifest_object *self, PyObject *args)
ASN1_TIME *t = NULL;
char *s = NULL;
+ ENTERING(manifest_object_set_this_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -5971,6 +6234,8 @@ static char manifest_object_get_this_update__doc__[] =
static PyObject *
manifest_object_get_this_update (manifest_object *self)
{
+ ENTERING(manifest_object_get_this_update);
+
if (self->manifest == NULL)
lose_not_verified("Can't get thisUpdate value of unverified manifest");
@@ -5993,6 +6258,8 @@ manifest_object_set_next_update (manifest_object *self, PyObject *args)
ASN1_TIME *t = NULL;
char *s = NULL;
+ ENTERING(manifest_object_set_next_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -6019,6 +6286,8 @@ static char manifest_object_get_next_update__doc__[] =
static PyObject *
manifest_object_get_next_update (manifest_object *self)
{
+ ENTERING(manifest_object_get_next_update);
+
if (self->manifest == NULL)
lose_not_verified("Can't extract nextUpdate value of unverified manifest");
@@ -6036,15 +6305,13 @@ static PyObject *
manifest_object_get_algorithm(manifest_object *self)
{
PyObject *result = NULL;
- char oid[512];
+
+ ENTERING(manifest_object_get_algorithm);
if (self->manifest == NULL)
lose_not_verified("Can't extract algorithm OID of unverified manifest");
- if (OBJ_obj2txt(oid, sizeof(oid), self->manifest->fileHashAlg, 1) <= 0)
- lose("Couldn't translate OID");
-
- result = Py_BuildValue("s", oid);
+ result = ASN1_OBJECT_to_PyString(self->manifest->fileHashAlg);
error:
return result;
@@ -6060,6 +6327,8 @@ manifest_object_set_algorithm(manifest_object *self, PyObject *args)
ASN1_OBJECT *oid = NULL;
const char *s = NULL;
+ ENTERING(manifest_object_set_algorithm);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -6098,6 +6367,8 @@ manifest_object_add_files(manifest_object *self, PyObject *args)
char *hash = NULL;
int filelen, hashlen, ok = 0;
+ ENTERING(manifest_object_add_files);
+
if (self->manifest == NULL)
lose_not_verified("Can't add files to unverified manifest");
@@ -6146,6 +6417,8 @@ manifest_object_get_files(manifest_object *self)
PyObject *item = NULL;
int i;
+ ENTERING(manifest_object_get_files);
+
if (self->manifest == NULL)
lose_not_verified("Can't get files from unverified manifest");
@@ -6179,7 +6452,6 @@ static char manifest_object_sign__doc__[] =
"Needs doc.\n"
;
-
static PyObject *
manifest_object_sign(manifest_object *self, PyObject *args)
{
@@ -6193,6 +6465,8 @@ manifest_object_sign(manifest_object *self, PyObject *args)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(manifest_object_sign);
+
if (!PyArg_ParseTuple(args, "O!O!s#|OOsI",
&POW_X509_Type, &signcert,
&POW_Asymmetric_Type, &signkey,
@@ -6209,12 +6483,17 @@ manifest_object_sign(manifest_object *self, PyObject *args)
assert_no_unhandled_openssl_errors();
if (!ASN1_item_i2d_bio(ASN1_ITEM_rptr(Manifest), bio, self->manifest))
- lose_openssl_error("Unable to write manifest");
+ lose_openssl_error("Couldn't encode manifest");
+
+ assert_no_unhandled_openssl_errors();
+
+ if (!cms_object_sign_helper(&self->cms, bio, signcert, signkey,
+ x509_sequence, crl_sequence, oid, flags))
+ lose_openssl_error("Couldn't sign manifest");
assert_no_unhandled_openssl_errors();
- ok = cms_object_sign_helper(&self->cms, bio, signcert, signkey,
- x509_sequence, crl_sequence, oid, flags);
+ ok = 1;
error:
BIO_free(bio);
@@ -6247,13 +6526,6 @@ static struct PyMethodDef manifest_object_methods[] = {
{NULL}
};
-static void
-manifest_object_dealloc(manifest_object *self)
-{
- Manifest_free(self->manifest);
- self->cms.ob_type->tp_free((PyObject*) self);
-}
-
static char POW_Manifest_Type__doc__[] =
"This class provides access to RPKI manifest payload.\n"
;
@@ -6311,6 +6583,8 @@ roa_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
roa_object *self = NULL;
+ ENTERING(roa_object_new);
+
if ((self = (roa_object *) cms_object_new(type, args, kwds)) != NULL &&
(self->roa = ROA_new()) != NULL)
return (PyObject *) self;
@@ -6319,6 +6593,14 @@ roa_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+roa_object_dealloc(roa_object *self)
+{
+ ENTERING(roa_object_dealloc);
+ ROA_free(self->roa);
+ cms_object_dealloc(&self->cms);
+}
+
static char roa_object_verify__doc__[] =
"Needs doc. For now, see CMS.verify().\n"
;
@@ -6329,11 +6611,10 @@ roa_object_verify(roa_object *self, PyObject *args, PyObject *kwds)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(roa_object_verify);
+
if ((bio = cms_object_verify_helper(&self->cms, args, kwds)) == NULL)
goto error;
-
- ROA_free(self->roa);
- self->roa = NULL;
if (!ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), bio, &self->roa))
lose_openssl_error("Couldn't decode ROA");
@@ -6354,6 +6635,8 @@ roa_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
roa_object *self;
+ ENTERING(roa_object_pem_read_helper);
+
if ((self = (roa_object *) cms_object_pem_read_helper(type, bio)) != NULL)
self->roa = NULL;
@@ -6365,6 +6648,8 @@ roa_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
roa_object *self;
+ ENTERING(roa_object_der_read_helper);
+
if ((self = (roa_object *) cms_object_der_read_helper(type, bio)) != NULL)
self->roa = NULL;
@@ -6378,6 +6663,7 @@ static char roa_object_pem_read__doc__[] =
static PyObject *
roa_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_pem_read);
return read_from_string_helper(roa_object_pem_read_helper, type, args);
}
@@ -6388,6 +6674,7 @@ static char roa_object_pem_read_file__doc__[] =
static PyObject *
roa_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_pem_read_file);
return read_from_file_helper(roa_object_pem_read_helper, type, args);
}
@@ -6398,6 +6685,7 @@ static char roa_object_der_read__doc__[] =
static PyObject *
roa_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_der_read);
return read_from_string_helper(roa_object_der_read_helper, type, args);
}
@@ -6408,6 +6696,7 @@ static char roa_object_der_read_file__doc__[] =
static PyObject *
roa_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_der_read_file);
return read_from_file_helper(roa_object_der_read_helper, type, args);
}
@@ -6418,6 +6707,8 @@ static char roa_object_get_version__doc__[] =
static PyObject *
roa_object_get_version(roa_object *self)
{
+ ENTERING(roa_object_get_version);
+
if (self->roa == NULL)
lose_not_verified("Can't get version of unverified ROA");
@@ -6445,6 +6736,8 @@ roa_object_set_version(roa_object *self, PyObject *args)
{
int version = 0;
+ ENTERING(roa_object_set_version);
+
if (self->roa == NULL)
lose_not_verified("Can't set version of unverified ROA");
@@ -6470,6 +6763,8 @@ static char roa_object_get_asid__doc__[] =
static PyObject *
roa_object_get_asid(roa_object *self)
{
+ ENTERING(roa_object_get_asid);
+
if (self->roa == NULL)
lose_not_verified("Can't get ASN of unverified ROA");
@@ -6492,6 +6787,8 @@ roa_object_set_asid(roa_object *self, PyObject *args)
PyObject *zero = NULL;
int ok = 0;
+ ENTERING(roa_object_set_asid);
+
if (self->roa == NULL)
lose_not_verified("Can't set ASN of unverified ROA");
@@ -6542,6 +6839,8 @@ roa_object_get_prefixes(roa_object *self)
ipaddress_object *addr = NULL;
int i, j;
+ ENTERING(roa_object_get_prefixes);
+
if (self->roa == NULL)
lose_not_verified("Can't get prefixes from unverified ROA");
@@ -6645,6 +6944,8 @@ roa_object_set_prefixes(roa_object *self, PyObject *args, PyObject *kwds)
PyObject *item = NULL;
int afi, ok = 0;
+ ENTERING(roa_object_set_prefixes);
+
if (self->roa == NULL)
lose_not_verified("Can't set prefixes of unverified ROA");
@@ -6778,6 +7079,8 @@ roa_object_sign(roa_object *self, PyObject *args)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(roa_object_sign);
+
if (!PyArg_ParseTuple(args, "O!O!s#|OOsI",
&POW_X509_Type, &signcert,
&POW_Asymmetric_Type, &signkey,
@@ -6794,12 +7097,17 @@ roa_object_sign(roa_object *self, PyObject *args)
assert_no_unhandled_openssl_errors();
if (!ASN1_item_i2d_bio(ASN1_ITEM_rptr(ROA), bio, self->roa))
- lose_openssl_error("Unable to write ROA");
+ lose_openssl_error("Couldn't encode ROA");
assert_no_unhandled_openssl_errors();
- ok = cms_object_sign_helper(&self->cms, bio, signcert, signkey,
- x509_sequence, crl_sequence, oid, flags);
+ if (!cms_object_sign_helper(&self->cms, bio, signcert, signkey,
+ x509_sequence, crl_sequence, oid, flags))
+ lose_openssl_error("Couldn't sign ROA");
+
+ assert_no_unhandled_openssl_errors();
+
+ ok = 1;
error:
BIO_free(bio);
@@ -6826,13 +7134,6 @@ static struct PyMethodDef roa_object_methods[] = {
{NULL}
};
-static void
-roa_object_dealloc(roa_object *self)
-{
- ROA_free(self->roa);
- self->cms.ob_type->tp_free((PyObject*) self);
-}
-
static char POW_ROA_Type__doc__[] =
"This class provides access to RPKI roa payload.\n"
;
@@ -6890,6 +7191,8 @@ pkcs10_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
pkcs10_object *self;
+ ENTERING(pkcs10_object_new);
+
if ((self = (pkcs10_object *) type->tp_alloc(type, 0)) != NULL &&
(self->pkcs10 = X509_REQ_new()) != NULL &&
(self->exts = sk_X509_EXTENSION_new_null()) != NULL)
@@ -6899,24 +7202,37 @@ pkcs10_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+pkcs10_object_dealloc(pkcs10_object *self)
+{
+ ENTERING(pkcs10_object_dealloc);
+ X509_REQ_free(self->pkcs10);
+ sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
pkcs10_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
pkcs10_object *self = NULL;
+ ENTERING(pkcs10_object_pem_read_helper);
+
+ assert_no_unhandled_openssl_errors();
+
if ((self = (pkcs10_object *) pkcs10_object_new(type, NULL, NULL)) == NULL)
goto error;
- X509_REQ_free(self->pkcs10);
- sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
- self->pkcs10 = NULL;
- self->exts = NULL;
+ assert_no_unhandled_openssl_errors();
- if ((self->pkcs10 = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_X509_REQ(bio, &self->pkcs10, NULL, NULL))
lose_openssl_error("Couldn't load PEM encoded PKCS#10 request");
+ sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
self->exts = X509_REQ_get_extensions(self->pkcs10);
+ assert_no_unhandled_openssl_errors();
+
return (PyObject *) self;
error:
@@ -6930,17 +7246,23 @@ pkcs10_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
pkcs10_object *self;
+ ENTERING(pkcs10_object_der_read_helper);
+
+ assert_no_unhandled_openssl_errors();
+
if ((self = (pkcs10_object *) pkcs10_object_new(type, NULL, NULL)) == NULL)
goto error;
- sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
- self->exts = NULL;
+ assert_no_unhandled_openssl_errors();
if (!d2i_X509_REQ_bio(bio, &self->pkcs10))
lose_openssl_error("Couldn't load DER encoded PKCS#10 request");
+ sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
self->exts = X509_REQ_get_extensions(self->pkcs10);
+ assert_no_unhandled_openssl_errors();
+
return (PyObject *) self;
error:
@@ -6955,6 +7277,7 @@ static char pkcs10_object_pem_read__doc__[] =
static PyObject *
pkcs10_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_pem_read);
return read_from_string_helper(pkcs10_object_pem_read_helper, type, args);
}
@@ -6965,6 +7288,7 @@ static char pkcs10_object_pem_read_file__doc__[] =
static PyObject *
pkcs10_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_pem_read_file);
return read_from_file_helper(pkcs10_object_pem_read_helper, type, args);
}
@@ -6975,6 +7299,7 @@ static char pkcs10_object_der_read__doc__[] =
static PyObject *
pkcs10_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_der_read);
return read_from_string_helper(pkcs10_object_der_read_helper, type, args);
}
@@ -6985,6 +7310,7 @@ static char pkcs10_object_der_read_file__doc__[] =
static PyObject *
pkcs10_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_der_read_file);
return read_from_file_helper(pkcs10_object_der_read_helper, type, args);
}
@@ -6998,6 +7324,8 @@ pkcs10_object_pem_write(pkcs10_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(pkcs10_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -7021,6 +7349,8 @@ pkcs10_object_der_write(pkcs10_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(pkcs10_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -7044,6 +7374,8 @@ pkcs10_object_get_public_key(pkcs10_object *self)
PyTypeObject *type = &POW_Asymmetric_Type;
asymmetric_object *asym = NULL;
+ ENTERING(pkcs10_object_get_public_key);
+
if ((asym = (asymmetric_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -7068,6 +7400,8 @@ pkcs10_object_set_public_key(pkcs10_object *self, PyObject *args)
{
asymmetric_object *asym;
+ ENTERING(pkcs10_object_set_public_key);
+
if (!PyArg_ParseTuple(args, "O!", &POW_Asymmetric_Type, &asym))
goto error;
@@ -7106,6 +7440,8 @@ pkcs10_object_sign(pkcs10_object *self, PyObject *args)
int loc, digest_type = SHA256_DIGEST;
const EVP_MD *digest_method = NULL;
+ ENTERING(pkcs10_object_sign);
+
if (!PyArg_ParseTuple(args, "O!|i", &POW_Asymmetric_Type, &asym, &digest_type))
goto error;
@@ -7138,6 +7474,8 @@ pkcs10_object_verify(pkcs10_object *self)
EVP_PKEY *pkey = NULL;
int status;
+ ENTERING(pkcs10_object_verify);
+
if ((pkey = X509_REQ_get_pubkey(self->pkcs10)) == NULL)
lose_openssl_error("Couldn't extract public key from PKCS#10 for verification");
@@ -7159,6 +7497,7 @@ static char pkcs10_object_get_version__doc__[] =
static PyObject *
pkcs10_object_get_version(pkcs10_object *self)
{
+ ENTERING(pkcs10_object_get_version);
return Py_BuildValue("l", X509_REQ_get_version(self->pkcs10));
}
@@ -7173,6 +7512,8 @@ pkcs10_object_set_version(pkcs10_object *self, PyObject *args)
{
long version = 0;
+ ENTERING(pkcs10_object_set_version);
+
if (!PyArg_ParseTuple(args, "|l", &version))
goto error;
@@ -7201,6 +7542,8 @@ pkcs10_object_get_subject(pkcs10_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(pkcs10_object_get_subject);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -7223,6 +7566,8 @@ pkcs10_object_set_subject(pkcs10_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(pkcs10_object_set_subject);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -7259,6 +7604,8 @@ pkcs10_object_get_key_usage(pkcs10_object *self)
PyObject *result = NULL;
PyObject *token = NULL;
+ ENTERING(pkcs10_object_get_key_usage);
+
if ((ext = X509V3_get_d2i(self->exts, NID_key_usage, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -7308,6 +7655,8 @@ pkcs10_object_set_key_usage(pkcs10_object *self, PyObject *args)
const char *t;
int ok = 0;
+ ENTERING(pkcs10_object_set_key_usage);
+
if ((ext = ASN1_BIT_STRING_new()) == NULL)
lose_no_memory();
@@ -7367,6 +7716,8 @@ pkcs10_object_get_basic_constraints(pkcs10_object *self)
BASIC_CONSTRAINTS *ext = NULL;
PyObject *result;
+ ENTERING(pkcs10_object_get_basic_constraints);
+
if ((ext = X509V3_get_d2i(self->exts, NID_basic_constraints, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -7404,6 +7755,8 @@ pkcs10_object_set_basic_constraints(pkcs10_object *self, PyObject *args)
long pathlen = -1;
int ok = 0;
+ ENTERING(pkcs10_object_set_basic_constraints);
+
if (!PyArg_ParseTuple(args, "O|OO", &is_ca, &pathlen_obj, &critical))
goto error;
@@ -7459,6 +7812,8 @@ pkcs10_object_get_sia(pkcs10_object *self)
PyObject *obj;
int i, nid;
+ ENTERING(pkcs10_object_get_sia);
+
if ((ext = X509V3_get_d2i(self->exts, NID_sinfo_access, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -7555,6 +7910,8 @@ pkcs10_object_set_sia(pkcs10_object *self, PyObject *args)
Py_ssize_t urilen;
char *uri;
+ ENTERING(pkcs10_object_set_sia);
+
if (!PyArg_ParseTuple(args, "OOO", &caRepository, &rpkiManifest, &signedObject))
goto error;
@@ -7625,6 +7982,57 @@ pkcs10_object_set_sia(pkcs10_object *self, PyObject *args)
return NULL;
}
+static char pkcs10_object_get_signature_algorithm__doc__[] =
+ "Extract signature algorithm OID from this request.\n"
+ ;
+
+static PyObject *
+pkcs10_object_get_signature_algorithm(pkcs10_object *self)
+{
+ ASN1_OBJECT *oid = NULL;
+
+ ENTERING(pkcs10_object_get_signature_algorithm);
+
+ X509_ALGOR_get0(&oid, NULL, NULL, self->pkcs10->sig_alg);
+
+ return ASN1_OBJECT_to_PyString(oid);
+}
+
+static char pkcs10_object_get_extension_oids__doc__[] =
+ "Get the set of extension OIDs used in this request. This is mostly\n"
+ "useful for enforcing restrictions on what extensions are allowed to be\n"
+ "present, to conform with a profile.\n"
+ ;
+
+static PyObject *
+pkcs10_object_get_extension_oids(pkcs10_object *self)
+{
+ PyObject *result = NULL;
+ PyObject *oid = NULL;
+ int i;
+
+ ENTERING(pkcs10_object_get_extension_oids);
+
+ if ((result = PyFrozenSet_New(NULL)) == NULL)
+ goto error;
+
+ for (i = 0; i < sk_X509_EXTENSION_num(self->exts); i++) {
+ X509_EXTENSION *ext = sk_X509_EXTENSION_value(self->exts, i);
+ if ((oid = ASN1_OBJECT_to_PyString(ext->object)) == NULL ||
+ PySet_Add(result, oid) < 0)
+ goto error;
+ Py_XDECREF(oid);
+ oid = NULL;
+ }
+
+ return result;
+
+ error:
+ Py_XDECREF(result);
+ Py_XDECREF(oid);
+ return NULL;
+}
+
/*
* May want EKU handlers eventually, skip for now.
*/
@@ -7639,6 +8047,8 @@ pkcs10_object_pprint(pkcs10_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(pkcs10_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -7670,6 +8080,8 @@ static struct PyMethodDef pkcs10_object_methods[] = {
Define_Method(setBasicConstraints, pkcs10_object_set_basic_constraints, METH_VARARGS),
Define_Method(getSIA, pkcs10_object_get_sia, METH_NOARGS),
Define_Method(setSIA, pkcs10_object_set_sia, METH_VARARGS),
+ Define_Method(getSignatureAlgorithm, pkcs10_object_get_signature_algorithm, METH_NOARGS),
+ Define_Method(getExtensionOIDs, pkcs10_object_get_extension_oids, METH_NOARGS),
Define_Class_Method(pemRead, pkcs10_object_pem_read, METH_VARARGS),
Define_Class_Method(pemReadFile, pkcs10_object_pem_read_file, METH_VARARGS),
Define_Class_Method(derRead, pkcs10_object_der_read, METH_VARARGS),
@@ -7677,14 +8089,6 @@ static struct PyMethodDef pkcs10_object_methods[] = {
{NULL}
};
-static void
-pkcs10_object_dealloc(pkcs10_object *self)
-{
- X509_REQ_free(self->pkcs10);
- sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_PKCS10_Type__doc__[] =
"This class represents a PKCS#10 request.\n"
"\n"
@@ -7733,9 +8137,6 @@ static PyTypeObject POW_PKCS10_Type = {
pkcs10_object_new, /* tp_new */
};
-
-
-
/*
@@ -7759,6 +8160,8 @@ pow_module_add_object(PyObject *self, PyObject *args)
{
char *oid = NULL, *sn = NULL, *ln = NULL;
+ ENTERING(pow_module_add_object);
+
if (!PyArg_ParseTuple(args, "sss", &oid, &sn, &ln))
goto error;
@@ -7783,6 +8186,8 @@ pow_module_get_error(PyObject *self)
unsigned long error = ERR_get_error();
char buf[256];
+ ENTERING(pow_module_get_error);
+
if (!error)
Py_RETURN_NONE;
@@ -7797,6 +8202,7 @@ static char pow_module_clear_error__doc__[] =
static PyObject *
pow_module_clear_error(PyObject *self)
{
+ ENTERING(pow_module_clear_error);
ERR_clear_error();
Py_RETURN_NONE;
}
@@ -7814,6 +8220,8 @@ pow_module_seed(PyObject *self, PyObject *args)
char *data = NULL;
int datalen = 0;
+ ENTERING(pow_module_seed);
+
if (!PyArg_ParseTuple(args, "s#", &data, &datalen))
goto error;
@@ -7842,6 +8250,8 @@ pow_module_add(PyObject *self, PyObject *args)
int datalen = 0;
double entropy = 0;
+ ENTERING(pow_module_add);
+
if (!PyArg_ParseTuple(args, "s#d", &data, &datalen, &entropy))
goto error;
@@ -7865,6 +8275,8 @@ pow_module_write_random_file(PyObject *self, PyObject *args)
{
char *filename = NULL;
+ ENTERING(pow_module_write_random_file);
+
if (!PyArg_ParseTuple(args, "s", &filename))
goto error;
@@ -7890,6 +8302,8 @@ pow_module_read_random_file(PyObject *self, PyObject *args)
char *file = NULL;
int len = -1;
+ ENTERING(pow_module_read_random_file);
+
if (!PyArg_ParseTuple(args, "s|i", &file, &len))
goto error;
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index c65fbb72..4cd4a5c2 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -596,7 +596,7 @@ class X509(DER_object):
"""
Extract the public key from this certificate.
"""
- return RSApublic(DER = self.get_POWpkix().tbs.subjectPublicKeyInfo.toString())
+ return RSApublic(POW = self.get_POW().getPublicKey())
def get_SKI(self):
"""
@@ -632,7 +632,7 @@ class X509(DER_object):
resources = resources,
is_ca = is_ca,
aki = self.get_SKI(),
- issuer_name = self.get_POWpkix().getSubject())
+ issuer_name = self.getSubject())
@classmethod
@@ -658,7 +658,7 @@ class X509(DER_object):
resources = resources,
is_ca = True,
aki = ski,
- issuer_name = (((rpki.oids.name2oid["commonName"], ("printableString", cn)),),))
+ issuer_name = X501DN.from_cn(cn))
@staticmethod
@@ -679,7 +679,7 @@ class X509(DER_object):
cert = rpki.POW.pkix.Certificate()
cert.setVersion(2)
cert.setSerial(serial)
- cert.setIssuer(issuer_name)
+ cert.setIssuer(issuer_name.get_POWpkix())
cert.setSubject((((rpki.oids.name2oid["commonName"], ("printableString", cn)),),))
cert.setNotBefore(now.toASN1tuple())
cert.setNotAfter(notAfter.toASN1tuple())
@@ -839,7 +839,6 @@ class X509(DER_object):
"""
return self.getNotBefore()
-
class PKCS10(DER_object):
"""
Class to hold a PKCS #10 request.
@@ -847,7 +846,20 @@ class PKCS10(DER_object):
formats = ("DER", "POW", "POWpkix")
pem_converter = PEM_converter("CERTIFICATE REQUEST")
-
+
+ ## @var expected_ca_keyUsage
+ # KeyUsage extension flags expected for CA requests.
+
+ expected_ca_keyUsage = frozenset(("keyCertSign", "cRLSign"))
+
+ ## @var allowed_extensions
+ # Extensions allowed by RPKI profile.
+
+ allowed_extensions = frozenset(rpki.oids.safe_name2dotted(name)
+ for name in ("basicConstraints",
+ "keyUsage",
+ "subjectInfoAccess"))
+
def get_DER(self):
"""
Get the DER value of this certification request.
@@ -892,7 +904,7 @@ class PKCS10(DER_object):
"""
Extract the public key from this certification request.
"""
- return RSApublic(DER = self.get_POWpkix().certificationRequestInfo.subjectPublicKeyInfo.toString())
+ return RSApublic(POW = self.get_POW().getPublicKey())
def check_valid_rpki(self):
"""
@@ -909,44 +921,63 @@ class PKCS10(DER_object):
RPKI profile only allows EKU for EE certificates.
"""
- if not self.get_POWpkix().verify():
+ if not self.get_POW().verify():
raise rpki.exceptions.BadPKCS10, "Signature check failed"
- if self.get_POWpkix().certificationRequestInfo.version.get() != 0:
- raise rpki.exceptions.BadPKCS10, \
- "Bad version number %s" % self.get_POWpkix().certificationRequestInfo.version
+ ver = self.get_POW().getVersion()
- if rpki.oids.oid2name.get(self.get_POWpkix().signatureAlgorithm.algorithm.get()) != "sha256WithRSAEncryption":
- raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % self.get_POWpkix().signatureAlgorithm
+ if ver != 0:
+ raise rpki.exceptions.BadPKCS10, "Bad version number %s" % ver
- exts = dict((rpki.oids.oid2name.get(oid, oid), value)
- for (oid, critical, value) in self.get_POWpkix().getExtensions())
+ alg = rpki.oids.safe_dotted2name(self.get_POW().getSignatureAlgorithm())
- if any(oid not in ("basicConstraints", "keyUsage", "subjectInfoAccess") for oid in exts):
- raise rpki.exceptions.BadExtension, "Forbidden extension(s) in certificate request"
+ if alg != "sha256WithRSAEncryption":
+ raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % alg
- if "basicConstraints" not in exts or not exts["basicConstraints"][0]:
+ bc = self.get_POW().getBasicConstraints()
+
+ if bc is None or not bc[0]:
raise rpki.exceptions.BadPKCS10, "Request for EE certificate not allowed here"
- if exts["basicConstraints"][1] is not None:
+ if bc[1] is not None:
raise rpki.exceptions.BadPKCS10, "basicConstraints must not specify Path Length"
- if "keyUsage" in exts and (not exts["keyUsage"][5] or not exts["keyUsage"][6]):
- raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints"
+ ku = self.get_POW().getKeyUsage()
- sias = dict((rpki.oids.oid2name.get(oid, oid), value[1])
- for oid, value in exts.get("subjectInfoAccess", ())
- if value[0] == "uri" and value[1].startswith("rsync://"))
+ if ku is not None and self.expected_ca_keyUsage != ku:
+ raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints: %r" % ku
- for oid in ("id-ad-caRepository", "id-ad-rpkiManifest"):
- if oid not in sias:
- raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA %s" % oid
+ if any(oid not in self.allowed_extensions
+ for oid in self.get_POW().getExtensionOIDs()):
+ raise rpki.exceptions.BadExtension, "Forbidden extension(s) in certificate request"
+
+ sias = self.get_POW().getSIA()
+
+ if sias is None:
+ raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA extension"
+
+ caRepository, rpkiManifest, signedObject = sias
+
+ if signedObject:
+ raise rpki.exceptions.BadPKCS10, "CA certificate request has SIA id-ad-signedObject"
+
+ if not caRepository:
+ raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA id-ad-caRepository"
+
+ if not any(uri.startswith("rsync://") for uri in caRepository):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-caRepository contains no rsync URIs"
+
+ if not rpkiManifest:
+ raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA id-ad-rpkiManifest"
+
+ if not any(uri.startswith("rsync://") for uri in rpkiManifest):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-rpkiManifest contains no rsync URIs"
- if not sias["id-ad-caRepository"].endswith("/"):
- raise rpki.exceptions.BadPKCS10, "Certificate request id-ad-caRepository does not end with slash: %r" % sias["id-ad-caRepository"]
+ if any(uri.startswith("rsync://") and not uri.endswith("/") for uri in caRepository):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-caRepository does not end with slash"
- if sias["id-ad-rpkiManifest"].endswith("/"):
- raise rpki.exceptions.BadPKCS10, "Certificate request id-ad-rpkiManifest ends with slash: %r" % sias["id-ad-rpkiManifest"]
+ if any(uri.startswith("rsync://") and uri.endswith("/") for uri in rpkiManifest):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-rpkiManifest ends with slash"
@classmethod
def create_ca(cls, keypair, sia = None):
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 07:42:06 +0000