aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--h/rpki/sk_manifest.h2
-rw-r--r--h/rpki/sk_roa.h2
-rw-r--r--rpkid/ext/POW.c706
-rw-r--r--rpkid/rpki/x509.py93
4 files changed, 624 insertions, 179 deletions
diff --git a/h/rpki/sk_manifest.h b/h/rpki/sk_manifest.h
index 01bcb15f..ead7cbe4 100644
--- a/h/rpki/sk_manifest.h
+++ b/h/rpki/sk_manifest.h
@@ -1,6 +1,6 @@
/*
* Automatically generated, do not edit.
- * Generator $Id: defstack.awk 3985 2011-09-15 00:04:23Z sra $
+ * Generator $Id: defstack.py 4725 2012-09-19 21:28:34Z sra $
*/
#ifndef __RPKI_MANIFEST_H__DEFSTACK_H__
diff --git a/h/rpki/sk_roa.h b/h/rpki/sk_roa.h
index 6232b5a8..cb5c5e17 100644
--- a/h/rpki/sk_roa.h
+++ b/h/rpki/sk_roa.h
@@ -1,6 +1,6 @@
/*
* Automatically generated, do not edit.
- * Generator $Id: defstack.awk 3985 2011-09-15 00:04:23Z sra $
+ * Generator $Id: defstack.py 4725 2012-09-19 21:28:34Z sra $
*/
#ifndef __RPKI_ROA_H__DEFSTACK_H__
diff --git a/rpkid/ext/POW.c b/rpkid/ext/POW.c
index b0a4dea6..7ab7b0b4 100644
--- a/rpkid/ext/POW.c
+++ b/rpkid/ext/POW.c
@@ -303,9 +303,15 @@ typedef struct {
*/
#if 0
-#define KVETCH(_msg_) write(2, _msg_ "\n", sizeof(_msg_))
+#define KVETCH(_msg_) write(2, _msg_ "\n", sizeof(_msg_))
#else
-#define KVETCH(_msg_)
+#define KVETCH(_msg_) ((void) 0)
+#endif
+
+#if 0
+#define ENTERING(_name_) KVETCH("Entering " #_name_ "()")
+#else
+#define ENTERING(_name_) ((void) 0)
#endif
/*
@@ -903,6 +909,23 @@ create_missing_nids(void)
return 1;
}
+static PyObject *
+ASN1_OBJECT_to_PyString(const ASN1_OBJECT *oid)
+{
+ PyObject *result = NULL;
+ char buf[512];
+
+ ENTERING(ASN1_OBJECT_to_PyString);
+
+ if (OBJ_obj2txt(buf, sizeof(buf), oid, 1) <= 0)
+ lose_openssl_error("Couldn't translate OID");
+
+ result = PyString_FromString(buf);
+
+ error:
+ return result;
+}
+
/*
@@ -1289,6 +1312,8 @@ x509_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
x509_object *self;
+ ENTERING(x509_object_new);
+
if ((self = (x509_object *) type->tp_alloc(type, 0)) != NULL &&
(self->x509 = X509_new()) != NULL)
return (PyObject *) self;
@@ -1297,17 +1322,25 @@ x509_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+x509_object_dealloc(x509_object *self)
+{
+ ENTERING(x509_object_dealloc);
+ X509_free(self->x509);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
x509_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
x509_object *self = NULL;
+ ENTERING(x509_object_pem_read_helper);
+
if ((self = (x509_object *) x509_object_new(type, NULL, NULL)) == NULL)
goto error;
- X509_free(self->x509);
-
- if ((self->x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_X509(bio, &self->x509, NULL, NULL))
lose_openssl_error("Couldn't load PEM encoded certificate");
return (PyObject *) self;
@@ -1323,6 +1356,8 @@ x509_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
x509_object *self;
+ ENTERING(x509_object_der_read_helper);
+
if ((self = (x509_object *) x509_object_new(type, NULL, NULL)) == NULL)
goto error;
@@ -1343,6 +1378,7 @@ static char x509_object_pem_read__doc__[] =
static PyObject *
x509_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_pem_read);
return read_from_string_helper(x509_object_pem_read_helper, type, args);
}
@@ -1353,6 +1389,7 @@ static char x509_object_pem_read_file__doc__[] =
static PyObject *
x509_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_pem_read_file);
return read_from_file_helper(x509_object_pem_read_helper, type, args);
}
@@ -1363,6 +1400,7 @@ static char x509_object_der_read__doc__[] =
static PyObject *
x509_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_der_read);
return read_from_string_helper(x509_object_der_read_helper, type, args);
}
@@ -1373,6 +1411,7 @@ static char x509_object_der_read_file__doc__[] =
static PyObject *
x509_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(x509_object_der_read_file);
return read_from_file_helper(x509_object_der_read_helper, type, args);
}
@@ -1386,6 +1425,8 @@ x509_object_pem_write(x509_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(x509_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -1409,6 +1450,8 @@ x509_object_der_write(x509_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(x509_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -1432,6 +1475,8 @@ x509_object_get_public_key(x509_object *self)
PyTypeObject *type = &POW_Asymmetric_Type;
asymmetric_object *asym = NULL;
+ ENTERING(x509_object_get_public_key);
+
if ((asym = (asymmetric_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -1456,6 +1501,8 @@ x509_object_set_public_key(x509_object *self, PyObject *args)
{
asymmetric_object *asym;
+ ENTERING(x509_object_set_public_key);
+
if (!PyArg_ParseTuple(args, "O!", &POW_Asymmetric_Type, &asym))
goto error;
@@ -1494,6 +1541,8 @@ x509_object_sign(x509_object *self, PyObject *args)
int digest_type = SHA256_DIGEST;
const EVP_MD *digest_method = NULL;
+ ENTERING(x509_object_sign);
+
if (!PyArg_ParseTuple(args, "O!|i", &POW_Asymmetric_Type, &asym, &digest_type))
goto error;
@@ -1516,6 +1565,7 @@ static char x509_object_get_version__doc__[] =
static PyObject *
x509_object_get_version(x509_object *self)
{
+ ENTERING(x509_object_get_version);
return Py_BuildValue("l", X509_get_version(self->x509));
}
@@ -1529,6 +1579,8 @@ x509_object_set_version(x509_object *self, PyObject *args)
{
long version = 0;
+ ENTERING(x509_object_set_version);
+
if (!PyArg_ParseTuple(args, "l", &version))
goto error;
@@ -1549,6 +1601,7 @@ static char x509_object_get_serial__doc__[] =
static PyObject *
x509_object_get_serial(x509_object *self)
{
+ ENTERING(x509_object_get_serial);
return Py_BuildValue("N", ASN1_INTEGER_to_PyLong(X509_get_serialNumber(self->x509)));
}
@@ -1563,6 +1616,8 @@ x509_object_set_serial(x509_object *self, PyObject *args)
ASN1_INTEGER *a_serial = NULL;
PyObject *p_serial = NULL;
+ ENTERING(x509_object_set_serial);
+
if (!PyArg_ParseTuple(args, "O", &p_serial) ||
(a_serial = PyLong_to_ASN1_INTEGER(p_serial)) == NULL)
goto error;
@@ -1606,6 +1661,8 @@ x509_object_get_issuer(x509_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(x509_object_get_issuer);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -1628,6 +1685,8 @@ x509_object_get_subject(x509_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(x509_object_get_subject);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -1650,6 +1709,8 @@ x509_object_set_subject(x509_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(x509_object_set_subject);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -1683,6 +1744,8 @@ x509_object_set_issuer(x509_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(x509_object_set_issuer);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -1715,6 +1778,7 @@ static char x509_object_get_not_before__doc__[] =
static PyObject *
x509_object_get_not_before (x509_object *self)
{
+ ENTERING(x509_object_get_not_before);
return ASN1_TIME_to_Python(X509_get_notBefore(self->x509));
}
@@ -1729,6 +1793,7 @@ static char x509_object_get_not_after__doc__[] =
static PyObject *
x509_object_get_not_after (x509_object *self)
{
+ ENTERING(x509_object_get_not_after);
return ASN1_TIME_to_Python(X509_get_notAfter(self->x509));
}
@@ -1747,6 +1812,8 @@ x509_object_set_not_after (x509_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(x509_object_set_not_after);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -1779,6 +1846,8 @@ x509_object_set_not_before (x509_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(x509_object_set_not_before);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -1825,6 +1894,8 @@ x509_object_add_extension(x509_object *self, PyObject *args)
ASN1_OCTET_STRING *octetString = NULL;
X509_EXTENSION *ext = NULL;
+ ENTERING(x509_object_add_extension);
+
if (!PyArg_ParseTuple(args, "sOs#", &name, &critical, &buf, &len))
goto error;
@@ -1864,6 +1935,8 @@ x509_object_clear_extensions(x509_object *self)
{
X509_EXTENSION *ext;
+ ENTERING(x509_object_clear_extensions);
+
while ((ext = X509_delete_ext(self->x509, 0)) != NULL)
X509_EXTENSION_free(ext);
@@ -1877,6 +1950,7 @@ static char x509_object_count_extensions__doc__[] =
static PyObject *
x509_object_count_extensions(x509_object *self)
{
+ ENTERING(x509_object_count_extensions);
return Py_BuildValue("i", X509_get_ext_count(self->x509));
}
@@ -1895,6 +1969,8 @@ x509_object_get_extension(x509_object *self, PyObject *args)
char oid[512];
int slot = 0;
+ ENTERING(x509_object_get_extension);
+
if (!PyArg_ParseTuple(args, "i", &slot))
goto error;
@@ -1921,6 +1997,8 @@ static char x509_object_get_ski__doc__[] =
static PyObject *
x509_object_get_ski(x509_object *self, PyObject *args)
{
+ ENTERING(x509_object_get_ski);
+
(void) X509_check_ca(self->x509); /* Calls x509v3_cache_extensions() */
if (self->x509->skid == NULL)
@@ -1943,6 +2021,8 @@ x509_object_set_ski(x509_object *self, PyObject *args)
const unsigned char *buf = NULL;
int len, ok = 0;
+ ENTERING(x509_object_set_ski);
+
if (!PyArg_ParseTuple(args, "s#", &buf, &len))
goto error;
@@ -1978,6 +2058,8 @@ static char x509_object_get_aki__doc__[] =
static PyObject *
x509_object_get_aki(x509_object *self, PyObject *args)
{
+ ENTERING(x509_object_get_aki);
+
(void) X509_check_ca(self->x509); /* Calls x509v3_cache_extensions() */
if (self->x509->akid == NULL || self->x509->akid->keyid == NULL)
@@ -2001,6 +2083,8 @@ x509_object_set_aki(x509_object *self, PyObject *args)
const unsigned char *buf = NULL;
int len, ok = 0;
+ ENTERING(x509_object_set_aki);
+
if (!PyArg_ParseTuple(args, "s#", &buf, &len))
goto error;
@@ -2042,6 +2126,8 @@ x509_object_get_key_usage(x509_object *self)
PyObject *result = NULL;
PyObject *token = NULL;
+ ENTERING(x509_object_get_key_usage);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_key_usage, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2091,6 +2177,8 @@ x509_object_set_key_usage(x509_object *self, PyObject *args)
const char *t;
int ok = 0;
+ ENTERING(x509_object_set_key_usage);
+
if ((ext = ASN1_BIT_STRING_new()) == NULL)
lose_no_memory();
@@ -2157,6 +2245,8 @@ x509_object_get_rfc3779(x509_object *self)
IPAddrBlocks *addr = NULL;
int i, j;
+ ENTERING(x509_object_get_rfc3779);
+
if ((asid = X509_get_ext_d2i(self->x509, NID_sbgp_autonomousSysNum, NULL, NULL)) != NULL) {
switch (asid->asnum->type) {
@@ -2326,6 +2416,8 @@ x509_object_set_rfc3779(x509_object *self, PyObject *args, PyObject *kwds)
ipaddress_object *addr_b = NULL;
ipaddress_object *addr_e = NULL;
+ ENTERING(x509_object_set_rfc3779);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "|OOO", kwlist, &asn_arg, &ipv4_arg, &ipv6_arg))
goto error;
@@ -2480,6 +2572,8 @@ x509_object_get_basic_constraints(x509_object *self)
BASIC_CONSTRAINTS *ext = NULL;
PyObject *result;
+ ENTERING(x509_object_get_basic_constraints);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_basic_constraints, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2517,6 +2611,8 @@ x509_object_set_basic_constraints(x509_object *self, PyObject *args)
long pathlen = -1;
int ok = 0;
+ ENTERING(x509_object_set_basic_constraints);
+
if (!PyArg_ParseTuple(args, "O|OO", &is_ca, &pathlen_obj, &critical))
goto error;
@@ -2572,6 +2668,8 @@ x509_object_get_sia(x509_object *self)
PyObject *obj;
int i, nid;
+ ENTERING(x509_object_get_sia);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_sinfo_access, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2668,6 +2766,8 @@ x509_object_set_sia(x509_object *self, PyObject *args)
Py_ssize_t urilen;
char *uri;
+ ENTERING(x509_object_set_sia);
+
if (!PyArg_ParseTuple(args, "OOO", &caRepository, &rpkiManifest, &signedObject))
goto error;
@@ -2755,6 +2855,8 @@ x509_object_get_aia(x509_object *self)
PyObject *obj;
int i, n = 0;
+ ENTERING(x509_object_get_aia);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_info_access, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -2807,6 +2909,8 @@ x509_object_set_aia(x509_object *self, PyObject *args)
Py_ssize_t urilen;
char *uri;
+ ENTERING(x509_object_set_aia);
+
if (!PyArg_ParseTuple(args, "O", &caIssuers))
goto error;
@@ -2879,6 +2983,8 @@ x509_object_get_crldp(x509_object *self)
PyObject *obj;
int i, n = 0;
+ ENTERING(x509_object_get_crldp);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_crl_distribution_points, NULL, NULL)) == NULL ||
(dp = sk_DIST_POINT_value(ext, 0)) == NULL ||
dp->distpoint == NULL ||
@@ -2933,6 +3039,8 @@ x509_object_set_crldp(x509_object *self, PyObject *args)
char *uri;
int ok = 0;
+ ENTERING(x509_object_set_crldp);
+
if (!PyArg_ParseTuple(args, "O", &fullNames))
goto error;
@@ -3008,6 +3116,8 @@ x509_object_get_certificate_policies(x509_object *self)
PyObject *obj;
int i;
+ ENTERING(x509_object_get_certificate_policies);
+
if ((ext = X509_get_ext_d2i(self->x509, NID_certificate_policies, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -3016,12 +3126,8 @@ x509_object_get_certificate_policies(x509_object *self)
for (i = 0; i < sk_POLICYINFO_num(ext); i++) {
POLICYINFO *p = sk_POLICYINFO_value(ext, i);
- char oid[512];
- if (OBJ_obj2txt(oid, sizeof(oid), p->policyid, 1) <= 0)
- lose_openssl_error("Couldn't translate OID");
-
- if ((obj = PyString_FromString(oid)) == NULL)
+ if ((obj = ASN1_OBJECT_to_PyString(p->policyid)) == NULL)
goto error;
PyTuple_SET_ITEM(result, i, obj);
@@ -3052,6 +3158,8 @@ x509_object_set_certificate_policies(x509_object *self, PyObject *args)
const char *oid;
int ok = 0;
+ ENTERING(x509_object_set_certificate_policies);
+
if (!PyArg_ParseTuple(args, "O", &policies))
goto error;
@@ -3114,6 +3222,8 @@ x509_object_pprint(x509_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(x509_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -3175,13 +3285,6 @@ static struct PyMethodDef x509_object_methods[] = {
{NULL}
};
-static void
-x509_object_dealloc(x509_object *self)
-{
- X509_free(self->x509);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_X509_Type__doc__[] =
"This class represents an X.509 certificate.\n"
"\n"
@@ -3241,6 +3344,8 @@ x509_store_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
x509_store_object *self = NULL;
+ ENTERING(x509_store_object_new);
+
if ((self = (x509_store_object *) type->tp_alloc(type, 0)) != NULL &&
(self->store = X509_STORE_new()) != NULL)
return (PyObject *) self;
@@ -3249,6 +3354,14 @@ x509_store_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+x509_store_object_dealloc(x509_store_object *self)
+{
+ ENTERING(x509_store_object_dealloc);
+ X509_STORE_free(self->store);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
#if ENABLE_X509_CERTIFICATE_SIGNATURE_AND_VERIFICATION
#warning Check X509_verify_cert options
/*
@@ -3289,7 +3402,6 @@ x509_store_object_verify(x509_store_object *self, PyObject *args)
return PyBool_FromLong(ok);
error:
-
return NULL;
}
@@ -3320,9 +3432,7 @@ x509_store_object_verify_chain(x509_store_object *self, PyObject *args)
goto error;
X509_STORE_CTX_init(&ctx, self->store, x509->x509, x509_stack);
-
ok = X509_verify_cert(&ctx) == 1;
-
X509_STORE_CTX_cleanup(&ctx);
sk_X509_free(x509_stack);
@@ -3371,11 +3481,8 @@ x509_store_object_verify_detailed(x509_store_object *self, PyObject *args)
goto error;
X509_STORE_CTX_init(&ctx, self->store, x509->x509, x509_stack);
-
ok = X509_verify_cert(&ctx) == 1;
-
result = Py_BuildValue("(iii)", ok, ctx.error, ctx.error_depth);
-
X509_STORE_CTX_cleanup(&ctx);
error: /* fall through */
@@ -3400,6 +3507,8 @@ x509_store_object_add_trust(x509_store_object *self, PyObject *args)
{
x509_object *x509 = NULL;
+ ENTERING(x509_store_object_add_trust);
+
if (!PyArg_ParseTuple(args, "O!", &POW_X509_Type, &x509))
goto error;
@@ -3423,6 +3532,8 @@ x509_store_object_add_crl(x509_store_object *self, PyObject *args)
{
crl_object *crl = NULL;
+ ENTERING(x509_store_object_add_crl);
+
if (!PyArg_ParseTuple(args, "O!", &POW_CRL_Type, &crl))
goto error;
@@ -3446,13 +3557,6 @@ static struct PyMethodDef x509_store_object_methods[] = {
{NULL}
};
-static void
-x509_store_object_dealloc(x509_store_object *self)
-{
- X509_STORE_free(self->store);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_X509Store_Type__doc__[] =
"This class provides basic access to the OpenSSL certificate store\n"
"mechanism used in X.509 and CMS verification.\n"
@@ -3513,6 +3617,8 @@ crl_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
crl_object *self = NULL;
+ ENTERING(crl_object_new);
+
if ((self = (crl_object *) type->tp_alloc(type, 0)) != NULL &&
(self->crl = X509_CRL_new()) != NULL)
return (PyObject *) self;
@@ -3521,17 +3627,25 @@ crl_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+crl_object_dealloc(crl_object *self)
+{
+ ENTERING(crl_object_dealloc);
+ X509_CRL_free(self->crl);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
crl_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
crl_object *self;
+ ENTERING(crl_object_pem_read_helper);
+
if ((self = (crl_object *) crl_object_new(type, NULL, NULL)) == NULL)
goto error;
- X509_CRL_free(self->crl);
-
- if ((self->crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_X509_CRL(bio, &self->crl, NULL, NULL))
lose_openssl_error("Couldn't PEM encoded load CRL");
return (PyObject *) self;
@@ -3546,6 +3660,8 @@ crl_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
crl_object *self;
+ ENTERING(crl_object_der_read_helper);
+
if ((self = (crl_object *) crl_object_new(type, NULL, NULL)) == NULL)
goto error;
@@ -3566,6 +3682,7 @@ static char crl_object_pem_read__doc__[] =
static PyObject *
crl_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_pem_read);
return read_from_string_helper(crl_object_pem_read_helper, type, args);
}
@@ -3576,6 +3693,7 @@ static char crl_object_pem_read_file__doc__[] =
static PyObject *
crl_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_pem_read_file);
return read_from_file_helper(crl_object_pem_read_helper, type, args);
}
@@ -3586,6 +3704,7 @@ static char crl_object_der_read__doc__[] =
static PyObject *
crl_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_der_read);
return read_from_string_helper(crl_object_der_read_helper, type, args);
}
@@ -3596,6 +3715,7 @@ static char crl_object_der_read_file__doc__[] =
static PyObject *
crl_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(crl_object_der_read_file);
return read_from_file_helper(crl_object_der_read_helper, type, args);
}
@@ -3606,6 +3726,7 @@ static char crl_object_get_version__doc__[] =
static PyObject *
crl_object_get_version(crl_object *self)
{
+ ENTERING(crl_object_get_version);
return Py_BuildValue("l", X509_CRL_get_version(self->crl));
}
@@ -3620,6 +3741,8 @@ crl_object_set_version(crl_object *self, PyObject *args)
{
long version = 0;
+ ENTERING(crl_object_set_version);
+
if (!PyArg_ParseTuple(args, "i", &version))
goto error;
@@ -3643,6 +3766,8 @@ crl_object_get_issuer(crl_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(crl_object_get_issuer);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -3663,6 +3788,8 @@ crl_object_set_issuer(crl_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(crl_object_set_issuer);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -3705,6 +3832,8 @@ crl_object_set_this_update (crl_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(crl_object_set_this_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -3733,6 +3862,7 @@ static char crl_object_get_this_update__doc__[] =
static PyObject *
crl_object_get_this_update (crl_object *self)
{
+ ENTERING(crl_object_get_this_update);
return ASN1_TIME_to_Python(X509_CRL_get_lastUpdate(self->crl)); /* sic */
}
@@ -3751,6 +3881,8 @@ crl_object_set_next_update (crl_object *self, PyObject *args)
char *s = NULL;
ASN1_TIME *t = NULL;
+ ENTERING(crl_object_set_next_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -3779,6 +3911,7 @@ static char crl_object_get_next_update__doc__[] =
static PyObject *
crl_object_get_next_update (crl_object *self)
{
+ ENTERING(crl_object_get_next_update);
return ASN1_TIME_to_Python(X509_CRL_get_nextUpdate(self->crl));
}
@@ -3804,6 +3937,8 @@ crl_object_add_revocations(crl_object *self, PyObject *args)
int ok = 0;
char *c_date;
+ ENTERING(crl_object_add_revocations);
+
if (!PyArg_ParseTuple(args, "O", &iterable) ||
(iterator = PyObject_GetIter(iterable)) == NULL)
goto error;
@@ -3872,6 +4007,8 @@ crl_object_get_revoked(crl_object *self)
PyObject *date = NULL;
int i;
+ ENTERING(crl_object_get_revoked);
+
if ((revoked = X509_CRL_get_REVOKED(self->crl)) == NULL)
lose("Inexplicable NULL revocation list pointer");
@@ -3917,6 +4054,8 @@ crl_object_add_extension(crl_object *self, PyObject *args)
ASN1_OCTET_STRING *octetString = NULL;
X509_EXTENSION *ext = NULL;
+ ENTERING(crl_object_add_extension);
+
if (!PyArg_ParseTuple(args, "sOs#", &name, &critical, &buf, &len))
goto error;
@@ -3956,6 +4095,8 @@ crl_object_clear_extensions(crl_object *self)
{
X509_EXTENSION *ext;
+ ENTERING(crl_object_clear_extensions);
+
while ((ext = X509_CRL_delete_ext(self->crl, 0)) != NULL)
X509_EXTENSION_free(ext);
@@ -3969,6 +4110,7 @@ static char crl_object_count_extensions__doc__[] =
static PyObject *
crl_object_count_extensions(crl_object *self)
{
+ ENTERING(crl_object_count_extensions);
return Py_BuildValue("i", X509_CRL_get_ext_count(self->crl));
}
@@ -3987,6 +4129,8 @@ crl_object_get_extension(crl_object *self, PyObject *args)
char oid[512];
int slot = 0;
+ ENTERING(crl_object_get_extension);
+
if (!PyArg_ParseTuple(args, "i", &slot))
goto error;
@@ -4031,6 +4175,8 @@ crl_object_sign(crl_object *self, PyObject *args)
int digest_type = SHA256_DIGEST;
const EVP_MD *digest_method = NULL;
+ ENTERING(crl_object_sign);
+
if (!PyArg_ParseTuple(args, "O!|i", &POW_Asymmetric_Type, &asym, &digest_type))
goto error;
@@ -4059,6 +4205,8 @@ crl_object_verify(crl_object *self, PyObject *args)
{
asymmetric_object *asym;
+ ENTERING(crl_object_verify);
+
if (!PyArg_ParseTuple(args, "O!", &POW_Asymmetric_Type, &asym))
goto error;
@@ -4078,6 +4226,8 @@ crl_object_pem_write(crl_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(crl_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4101,6 +4251,8 @@ crl_object_der_write(crl_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(crl_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4127,6 +4279,8 @@ crl_object_get_aki(crl_object *self, PyObject *args)
int empty = (ext == NULL || ext->keyid == NULL);
PyObject *result = NULL;
+ ENTERING(crl_object_get_aki);
+
if (!empty)
result = Py_BuildValue("s#", ASN1_STRING_data(ext->keyid), ASN1_STRING_length(ext->keyid));
@@ -4151,6 +4305,8 @@ crl_object_set_aki(crl_object *self, PyObject *args)
const unsigned char *buf = NULL;
int len, ok = 0;
+ ENTERING(crl_object_set_aki);
+
if (!PyArg_ParseTuple(args, "s#", &buf, &len))
goto error;
@@ -4184,6 +4340,8 @@ crl_object_get_crl_number(crl_object *self)
ASN1_INTEGER *ext = X509_CRL_get_ext_d2i(self->crl, NID_crl_number, NULL, NULL);
PyObject *result = NULL;
+ ENTERING(crl_object_get_crl_number);
+
if (ext == NULL)
Py_RETURN_NONE;
@@ -4204,6 +4362,8 @@ crl_object_set_crl_number(crl_object *self, PyObject *args)
ASN1_INTEGER *ext = NULL;
PyObject *crl_number = NULL;
+ ENTERING(crl_object_set_crl_number);
+
if (!PyArg_ParseTuple(args, "O", &crl_number) ||
(ext = PyLong_to_ASN1_INTEGER(crl_number)) == NULL)
goto error;
@@ -4229,6 +4389,8 @@ crl_object_pprint(crl_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(crl_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4273,13 +4435,6 @@ static struct PyMethodDef crl_object_methods[] = {
{NULL}
};
-static void
-crl_object_dealloc(crl_object *self)
-{
- X509_CRL_free(self->crl);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_CRL_Type__doc__[] =
"This class provides access to OpenSSL X509 CRL management facilities.\n"
;
@@ -4337,6 +4492,8 @@ asymmetric_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_new);
+
if ((self = (asymmetric_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -4358,6 +4515,8 @@ asymmetric_object_init(asymmetric_object *self, PyObject *args, PyObject *kwds)
EVP_PKEY_CTX *ctx = NULL;
int ok = 0;
+ ENTERING(asymmetric_object_init);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "|ii", kwlist, &cipher_type, &key_size))
goto error;
@@ -4397,15 +4556,25 @@ asymmetric_object_init(asymmetric_object *self, PyObject *args, PyObject *kwds)
return -1;
}
+static void
+asymmetric_object_dealloc(asymmetric_object *self)
+{
+ ENTERING(asymmetric_object_dealloc);
+ EVP_PKEY_free(self->pkey);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
asymmetric_object_pem_read_private_helper(PyTypeObject *type, BIO *bio, char *pass)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_pem_read_private_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, pass)) == NULL)
+ if (!PEM_read_bio_PrivateKey(bio, &self->pkey, NULL, pass))
lose_openssl_error("Couldn't load private key");
return (PyObject *) self;
@@ -4436,6 +4605,8 @@ asymmetric_object_pem_read_private(PyTypeObject *type, PyObject *args)
BIO *bio = NULL;
int len = 0;
+ ENTERING(asymmetric_object_pem_read_private);
+
if (!PyArg_ParseTuple(args, "s#|s", &src, &len, &pass))
goto error;
@@ -4462,6 +4633,8 @@ asymmetric_object_pem_read_private_file(PyTypeObject *type, PyObject *args)
char *pass = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_pem_read_private_file);
+
if (!PyArg_ParseTuple(args, "s|s", &filename, &pass))
goto error;
@@ -4480,10 +4653,12 @@ asymmetric_object_der_read_private_helper(PyTypeObject *type, BIO *bio)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_der_read_private_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(&POW_Asymmetric_Type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = d2i_PrivateKey_bio(bio, NULL)) == NULL)
+ if (!d2i_PrivateKey_bio(bio, &self->pkey))
lose_openssl_error("Couldn't load private key");
return (PyObject *) self;
@@ -4501,6 +4676,7 @@ static char asymmetric_object_der_read_private__doc__[] =
static PyObject *
asymmetric_object_der_read_private(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_private);
return read_from_string_helper(asymmetric_object_der_read_private_helper, type, args);
}
@@ -4511,6 +4687,7 @@ static char asymmetric_object_der_read_private_file__doc__[] =
static PyObject *
asymmetric_object_der_read_private_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_private_file);
return read_from_file_helper(asymmetric_object_der_read_private_helper, type, args);
}
@@ -4519,10 +4696,12 @@ asymmetric_object_pem_read_public_helper(PyTypeObject *type, BIO *bio)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_pem_read_public_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(&POW_Asymmetric_Type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_PUBKEY(bio, &self->pkey, NULL, NULL))
lose_openssl_error("Couldn't load public key");
return (PyObject *) self;
@@ -4537,10 +4716,12 @@ asymmetric_object_der_read_public_helper(PyTypeObject *type, BIO *bio)
{
asymmetric_object *self = NULL;
+ ENTERING(asymmetric_object_der_read_public_helper);
+
if ((self = (asymmetric_object *) asymmetric_object_new(&POW_Asymmetric_Type, NULL, NULL)) == NULL)
goto error;
- if ((self->pkey = d2i_PUBKEY_bio(bio, NULL)) == NULL)
+ if (!d2i_PUBKEY_bio(bio, &self->pkey))
lose_openssl_error("Couldn't load public key");
return (PyObject *) self;
@@ -4558,6 +4739,7 @@ static char asymmetric_object_pem_read_public__doc__[] =
static PyObject *
asymmetric_object_pem_read_public(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_pem_read_public);
return read_from_string_helper(asymmetric_object_pem_read_public_helper, type, args);
}
@@ -4568,6 +4750,7 @@ static char asymmetric_object_pem_read_public_file__doc__[] =
static PyObject *
asymmetric_object_pem_read_public_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_pem_read_public_file);
return read_from_file_helper(asymmetric_object_pem_read_public_helper, type, args);
}
@@ -4578,6 +4761,7 @@ static char asymmetric_object_der_read_public__doc__[] =
static PyObject *
asymmetric_object_der_read_public(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_public);
return read_from_string_helper(asymmetric_object_der_read_public_helper, type, args);
}
@@ -4588,6 +4772,7 @@ static char asymmetric_object_der_read_public_file__doc__[] =
static PyObject *
asymmetric_object_der_read_public_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(asymmetric_object_der_read_public_file);
return read_from_file_helper(asymmetric_object_der_read_public_helper, type, args);
}
@@ -4607,6 +4792,8 @@ asymmetric_object_pem_write_private(asymmetric_object *self, PyObject *args)
const EVP_CIPHER *evp_method = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_pem_write_private);
+
if (!PyArg_ParseTuple(args, "|s", &passphrase))
goto error;
@@ -4636,6 +4823,8 @@ asymmetric_object_pem_write_public(asymmetric_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_pem_write_public);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4659,6 +4848,8 @@ asymmetric_object_der_write_private(asymmetric_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_der_write_private);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4682,6 +4873,8 @@ asymmetric_object_der_write_public(asymmetric_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(asymmetric_object_der_write_public);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -4720,6 +4913,8 @@ asymmetric_object_sign(asymmetric_object *self, PyObject *args)
EVP_PKEY_CTX *ctx = NULL;
PyObject *result = NULL;
+ ENTERING(asymmetric_object_sign);
+
if (!PyArg_ParseTuple(args, "s#i", &digest_text, &digest_len, &digest_type))
goto error;
@@ -4782,6 +4977,8 @@ asymmetric_object_verify(asymmetric_object *self, PyObject *args)
EVP_PKEY_CTX *ctx = NULL;
int ok = 0, result;
+ ENTERING(asymmetric_object_verify);
+
if (!PyArg_ParseTuple(args, "s#s#i",
&signed_text, &signed_len,
&digest_text, &digest_len,
@@ -4826,13 +5023,6 @@ static struct PyMethodDef asymmetric_object_methods[] = {
{NULL}
};
-static void
-asymmetric_object_dealloc(asymmetric_object *self)
-{
- EVP_PKEY_free(self->pkey);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_Asymmetric_Type__doc__[] =
"This class provides basic access to RSA signature and verification.\n"
"\n"
@@ -4892,6 +5082,8 @@ digest_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
digest_object *self = NULL;
+ ENTERING(digest_object_new);
+
if ((self = (digest_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -4910,6 +5102,8 @@ digest_object_init(digest_object *self, PyObject *args, PyObject *kwds)
const EVP_MD *digest_method = NULL;
int digest_type = 0;
+ ENTERING(digest_object_init);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", kwlist, &digest_type))
goto error;
@@ -4926,6 +5120,14 @@ digest_object_init(digest_object *self, PyObject *args, PyObject *kwds)
return -1;
}
+static void
+digest_object_dealloc(digest_object *self)
+{
+ ENTERING(digest_object_dealloc);
+ EVP_MD_CTX_cleanup(&self->digest_ctx);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static char digest_object_update__doc__[] =
"This method adds data to a digest.\n"
"\n"
@@ -4938,6 +5140,8 @@ digest_object_update(digest_object *self, PyObject *args)
char *data = NULL;
int len = 0;
+ ENTERING(digest_object_update);
+
if (!PyArg_ParseTuple(args, "s#", &data, &len))
goto error;
@@ -4959,6 +5163,8 @@ digest_object_copy(digest_object *self, PyObject *args)
{
digest_object *new = NULL;
+ ENTERING(digest_object_copy);
+
if ((new = (digest_object *) digest_object_new(&POW_Digest_Type, NULL, NULL)) == NULL)
goto error;
@@ -4992,6 +5198,8 @@ digest_object_digest(digest_object *self)
EVP_MD_CTX ctx;
unsigned digest_len = 0;
+ ENTERING(digest_object_digest);
+
if (!EVP_MD_CTX_copy(&ctx, &self->digest_ctx))
lose_openssl_error("Couldn't copy digest");
@@ -5012,13 +5220,6 @@ static struct PyMethodDef digest_object_methods[] = {
{NULL}
};
-static void
-digest_object_dealloc(digest_object *self)
-{
- EVP_MD_CTX_cleanup(&self->digest_ctx);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_Digest_Type__doc__[] =
"This class provides access to the digest functionality of OpenSSL.\n"
"It emulates the digest modules in the Python Standard Library, but\n"
@@ -5088,6 +5289,8 @@ cms_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
cms_object *self;
+ ENTERING(cms_object_new);
+
if ((self = (cms_object *) type->tp_alloc(type, 0)) != NULL)
return (PyObject *) self;
@@ -5095,15 +5298,25 @@ cms_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+cms_object_dealloc(cms_object *self)
+{
+ ENTERING(cms_object_dealloc);
+ CMS_ContentInfo_free(self->cms);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
cms_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
cms_object *self;
+ ENTERING(cms_object_pem_read_helper);
+
if ((self = (cms_object *) type->tp_new(type, NULL, NULL)) == NULL)
goto error;
- if ((self->cms = PEM_read_bio_CMS(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_CMS(bio, &self->cms, NULL, NULL))
lose_openssl_error("Couldn't load PEM encoded CMS message");
return (PyObject *) self;
@@ -5118,12 +5331,11 @@ cms_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
cms_object *self;
+ ENTERING(cms_object_der_read_helper);
+
if ((self = (cms_object *) type->tp_new(type, NULL, NULL)) == NULL)
goto error;
- if ((self->cms = CMS_ContentInfo_new()) == NULL)
- lose_no_memory();
-
if (!d2i_CMS_bio(bio, &self->cms))
lose_openssl_error("Couldn't load DER encoded CMS message");
@@ -5141,6 +5353,7 @@ static char cms_object_pem_read__doc__[] =
static PyObject *
cms_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_pem_read);
return read_from_string_helper(cms_object_pem_read_helper, type, args);
}
@@ -5151,6 +5364,7 @@ static char cms_object_pem_read_file__doc__[] =
static PyObject *
cms_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_pem_read_file);
return read_from_file_helper(cms_object_pem_read_helper, type, args);
}
@@ -5161,6 +5375,7 @@ static char cms_object_der_read__doc__[] =
static PyObject *
cms_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_der_read);
return read_from_string_helper(cms_object_der_read_helper, type, args);
}
@@ -5171,6 +5386,7 @@ static char cms_object_der_read_file__doc__[] =
static PyObject *
cms_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(cms_object_der_read_file);
return read_from_file_helper(cms_object_der_read_helper, type, args);
}
@@ -5184,6 +5400,8 @@ cms_object_pem_write(cms_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(cms_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -5207,6 +5425,8 @@ cms_object_der_write(cms_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(cms_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -5236,6 +5456,8 @@ cms_object_sign_helper(cms_object *self,
CMS_ContentInfo *cms = NULL;
ASN1_OBJECT *econtent_type = NULL;
+ ENTERING(cms_object_sign_helper);
+
assert_no_unhandled_openssl_errors();
flags &= CMS_NOCERTS | CMS_NOATTR;
@@ -5354,6 +5576,8 @@ cms_object_sign(cms_object *self, PyObject *args)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(cms_object_sign);
+
if (!PyArg_ParseTuple(args, "O!O!s#|OOsI",
&POW_X509_Type, &signcert,
&POW_Asymmetric_Type, &signkey,
@@ -5371,8 +5595,13 @@ cms_object_sign(cms_object *self, PyObject *args)
assert_no_unhandled_openssl_errors();
- ok = cms_object_sign_helper(self, bio, signcert, signkey,
- x509_sequence, crl_sequence, oid, flags);
+ if (!cms_object_sign_helper(self, bio, signcert, signkey,
+ x509_sequence, crl_sequence, oid, flags))
+ lose_openssl_error("Couldn't sign CMS object");
+
+ assert_no_unhandled_openssl_errors();
+
+ ok = 1;
error:
BIO_free(bio);
@@ -5395,6 +5624,8 @@ cms_object_verify_helper(cms_object *self, PyObject *args, PyObject *kwds)
unsigned flags = 0, ok = 0;
BIO *bio = NULL;
+ ENTERING(cms_object_verify_helper);
+
if (!PyArg_ParseTupleAndKeywords(args, kwds, "O!|OI", kwlist, &POW_X509Store_Type, &store, &certs_sequence, &flags))
goto error;
@@ -5454,6 +5685,8 @@ cms_object_verify(cms_object *self, PyObject *args, PyObject *kwds)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(cms_object_verify);
+
if ((bio = cms_object_verify_helper(self, args, kwds)) != NULL)
result = BIO_to_PyString_helper(bio);
@@ -5470,17 +5703,15 @@ cms_object_eContentType(cms_object *self)
{
const ASN1_OBJECT *oid = NULL;
PyObject *result = NULL;
- char buf[512];
+
+ ENTERING(cms_object_eContentType);
if ((oid = CMS_get0_eContentType(self->cms)) == NULL)
lose_openssl_error("Couldn't extract eContentType from CMS message");
- if (OBJ_obj2txt(buf, sizeof(buf), oid, 1) <= 0)
- lose("Couldn't translate OID");
-
assert_no_unhandled_openssl_errors();
- result = Py_BuildValue("s", buf);
+ result = ASN1_OBJECT_to_PyString(oid);
error:
return result;
@@ -5500,6 +5731,8 @@ cms_object_signingTime(cms_object *self)
ASN1_TYPE *so = NULL;
int i;
+ ENTERING(cms_object_signingTime);
+
if ((sis = CMS_get0_SignerInfos(self->cms)) == NULL)
lose_openssl_error("Couldn't extract signerInfos from CMS message[1]");
@@ -5548,6 +5781,8 @@ cms_object_pprint(cms_object *self)
BIO *bio = NULL;
PyObject *result = NULL;
+ ENTERING(cms_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -5564,13 +5799,15 @@ cms_object_pprint(cms_object *self)
static PyObject *
cms_object_helper_get_cert(void *cert)
{
- x509_object *obj = (x509_object *) x509_object_new(&POW_X509_Type, NULL, NULL);
+ x509_object *obj;
- if (obj) {
- X509_free(obj->x509);
- obj->x509 = cert;
- }
+ ENTERING(cms_object_helper_get_cert);
+ if ((obj = (x509_object *) x509_object_new(&POW_X509_Type, NULL, NULL)) == NULL)
+ return NULL;
+
+ X509_free(obj->x509);
+ obj->x509 = cert;
return (PyObject *) obj;
}
@@ -5586,6 +5823,8 @@ cms_object_certs(cms_object *self)
STACK_OF(X509) *certs = NULL;
PyObject *result = NULL;
+ ENTERING(cms_object_certs);
+
if ((certs = CMS_get1_certs(self->cms)) != NULL)
result = stack_to_tuple_helper(CHECKED_PTR_OF(STACK_OF(X509), certs),
cms_object_helper_get_cert);
@@ -5602,13 +5841,15 @@ cms_object_certs(cms_object *self)
static PyObject *
cms_object_helper_get_crl(void *crl)
{
- crl_object *obj = (crl_object *) crl_object_new(&POW_CRL_Type, NULL, NULL);
+ crl_object *obj;
- if (obj) {
- X509_CRL_free(obj->crl);
- obj->crl = crl;
- }
+ ENTERING(cms_object_helper_get_crl);
+
+ if ((obj = (crl_object *) crl_object_new(&POW_CRL_Type, NULL, NULL)) == NULL)
+ return NULL;
+ X509_CRL_free(obj->crl);
+ obj->crl = crl;
return (PyObject *) obj;
}
@@ -5623,6 +5864,8 @@ cms_object_crls(cms_object *self)
STACK_OF(X509_CRL) *crls = NULL;
PyObject *result = NULL;
+ ENTERING(cms_object_crls);
+
if ((crls = CMS_get1_crls(self->cms)) != NULL)
result = stack_to_tuple_helper(CHECKED_PTR_OF(STACK_OF(X509_CRL), crls),
cms_object_helper_get_crl);
@@ -5653,13 +5896,6 @@ static struct PyMethodDef cms_object_methods[] = {
{NULL}
};
-static void
-cms_object_dealloc(cms_object *self)
-{
- CMS_ContentInfo_free(self->cms);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_CMS_Type__doc__[] =
"This class provides basic access OpenSSL's CMS functionality.\n"
"At present this only handes signed objects, as those are the\n"
@@ -5719,6 +5955,8 @@ manifest_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
manifest_object *self = NULL;
+ ENTERING(manifest_object_new);
+
if ((self = (manifest_object *) cms_object_new(type, args, kwds)) != NULL &&
(self->manifest = Manifest_new()) != NULL)
return (PyObject *) self;
@@ -5727,6 +5965,14 @@ manifest_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+manifest_object_dealloc(manifest_object *self)
+{
+ ENTERING(manifest_object_dealloc);
+ Manifest_free(self->manifest);
+ cms_object_dealloc(&self->cms);
+}
+
static char manifest_object_verify__doc__[] =
"Needs doc.\n"
;
@@ -5737,12 +5983,11 @@ manifest_object_verify(manifest_object *self, PyObject *args, PyObject *kwds)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(manifest_object_verify);
+
if ((bio = cms_object_verify_helper(&self->cms, args, kwds)) == NULL)
goto error;
- Manifest_free(self->manifest);
- self->manifest = NULL;
-
if (!ASN1_item_d2i_bio(ASN1_ITEM_rptr(Manifest), bio, &self->manifest))
lose_openssl_error("Couldn't decode manifest");
@@ -5762,6 +6007,8 @@ manifest_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
manifest_object *self;
+ ENTERING(manifest_object_der_read_helper);
+
if ((self = (manifest_object *) cms_object_der_read_helper(type, bio)) != NULL)
self->manifest = NULL;
@@ -5775,14 +6022,28 @@ static char manifest_object_der_read__doc__[] =
static PyObject *
manifest_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(manifest_object_der_read);
return read_from_string_helper(manifest_object_der_read_helper, type, args);
}
+static char manifest_object_der_read_file__doc__[] =
+ "Class method to read a DER-encoded manifest object from a file.\n"
+ ;
+
+static PyObject *
+manifest_object_der_read_file(PyTypeObject *type, PyObject *args)
+{
+ ENTERING(manifest_object_der_read_file);
+ return read_from_file_helper(manifest_object_der_read_helper, type, args);
+}
+
static PyObject *
manifest_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
manifest_object *self;
+ ENTERING(manifest_object_pem_read_helper);
+
if ((self = (manifest_object *) cms_object_pem_read_helper(type, bio)) != NULL)
self->manifest = NULL;
@@ -5796,6 +6057,7 @@ static char manifest_object_pem_read__doc__[] =
static PyObject *
manifest_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(manifest_object_pem_read);
return read_from_string_helper(manifest_object_pem_read_helper, type, args);
}
@@ -5806,19 +6068,10 @@ static char manifest_object_pem_read_file__doc__[] =
static PyObject *
manifest_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(manifest_object_pem_read_file);
return read_from_file_helper(manifest_object_pem_read_helper, type, args);
}
-static char manifest_object_der_read_file__doc__[] =
- "Class method to read a DER-encoded manifest object from a file.\n"
- ;
-
-static PyObject *
-manifest_object_der_read_file(PyTypeObject *type, PyObject *args)
-{
- return read_from_file_helper(manifest_object_der_read_helper, type, args);
-}
-
static char manifest_object_get_version__doc__[] =
"This method returns the version number of this manifest.\n"
;
@@ -5826,6 +6079,8 @@ static char manifest_object_get_version__doc__[] =
static PyObject *
manifest_object_get_version(manifest_object *self)
{
+ ENTERING(manifest_object_get_version);
+
if (self->manifest == NULL)
lose_not_verified("Can't report version of unverified manifest");
@@ -5853,6 +6108,8 @@ manifest_object_set_version(manifest_object *self, PyObject *args)
{
int version = 0;
+ ENTERING(manifest_object_set_version);
+
if (!PyArg_ParseTuple(args, "|i", &version))
goto error;
@@ -5878,6 +6135,8 @@ static char manifest_object_get_manifest_number__doc__[] =
static PyObject *
manifest_object_get_manifest_number(manifest_object *self)
{
+ ENTERING(manifest_object_get_manifest_number);
+
if (self->manifest == NULL)
lose_not_verified("Can't get manifestNumber of unverified manifest");
@@ -5900,6 +6159,8 @@ manifest_object_set_manifest_number(manifest_object *self, PyObject *args)
PyObject *zero = NULL;
int ok = 0;
+ ENTERING(manifest_object_set_manifest_number);
+
if (!PyArg_ParseTuple(args, "O", &manifestNumber))
goto error;
@@ -5945,6 +6206,8 @@ manifest_object_set_this_update (manifest_object *self, PyObject *args)
ASN1_TIME *t = NULL;
char *s = NULL;
+ ENTERING(manifest_object_set_this_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -5971,6 +6234,8 @@ static char manifest_object_get_this_update__doc__[] =
static PyObject *
manifest_object_get_this_update (manifest_object *self)
{
+ ENTERING(manifest_object_get_this_update);
+
if (self->manifest == NULL)
lose_not_verified("Can't get thisUpdate value of unverified manifest");
@@ -5993,6 +6258,8 @@ manifest_object_set_next_update (manifest_object *self, PyObject *args)
ASN1_TIME *t = NULL;
char *s = NULL;
+ ENTERING(manifest_object_set_next_update);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -6019,6 +6286,8 @@ static char manifest_object_get_next_update__doc__[] =
static PyObject *
manifest_object_get_next_update (manifest_object *self)
{
+ ENTERING(manifest_object_get_next_update);
+
if (self->manifest == NULL)
lose_not_verified("Can't extract nextUpdate value of unverified manifest");
@@ -6036,15 +6305,13 @@ static PyObject *
manifest_object_get_algorithm(manifest_object *self)
{
PyObject *result = NULL;
- char oid[512];
+
+ ENTERING(manifest_object_get_algorithm);
if (self->manifest == NULL)
lose_not_verified("Can't extract algorithm OID of unverified manifest");
- if (OBJ_obj2txt(oid, sizeof(oid), self->manifest->fileHashAlg, 1) <= 0)
- lose("Couldn't translate OID");
-
- result = Py_BuildValue("s", oid);
+ result = ASN1_OBJECT_to_PyString(self->manifest->fileHashAlg);
error:
return result;
@@ -6060,6 +6327,8 @@ manifest_object_set_algorithm(manifest_object *self, PyObject *args)
ASN1_OBJECT *oid = NULL;
const char *s = NULL;
+ ENTERING(manifest_object_set_algorithm);
+
if (!PyArg_ParseTuple(args, "s", &s))
goto error;
@@ -6098,6 +6367,8 @@ manifest_object_add_files(manifest_object *self, PyObject *args)
char *hash = NULL;
int filelen, hashlen, ok = 0;
+ ENTERING(manifest_object_add_files);
+
if (self->manifest == NULL)
lose_not_verified("Can't add files to unverified manifest");
@@ -6146,6 +6417,8 @@ manifest_object_get_files(manifest_object *self)
PyObject *item = NULL;
int i;
+ ENTERING(manifest_object_get_files);
+
if (self->manifest == NULL)
lose_not_verified("Can't get files from unverified manifest");
@@ -6179,7 +6452,6 @@ static char manifest_object_sign__doc__[] =
"Needs doc.\n"
;
-
static PyObject *
manifest_object_sign(manifest_object *self, PyObject *args)
{
@@ -6193,6 +6465,8 @@ manifest_object_sign(manifest_object *self, PyObject *args)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(manifest_object_sign);
+
if (!PyArg_ParseTuple(args, "O!O!s#|OOsI",
&POW_X509_Type, &signcert,
&POW_Asymmetric_Type, &signkey,
@@ -6209,12 +6483,17 @@ manifest_object_sign(manifest_object *self, PyObject *args)
assert_no_unhandled_openssl_errors();
if (!ASN1_item_i2d_bio(ASN1_ITEM_rptr(Manifest), bio, self->manifest))
- lose_openssl_error("Unable to write manifest");
+ lose_openssl_error("Couldn't encode manifest");
+
+ assert_no_unhandled_openssl_errors();
+
+ if (!cms_object_sign_helper(&self->cms, bio, signcert, signkey,
+ x509_sequence, crl_sequence, oid, flags))
+ lose_openssl_error("Couldn't sign manifest");
assert_no_unhandled_openssl_errors();
- ok = cms_object_sign_helper(&self->cms, bio, signcert, signkey,
- x509_sequence, crl_sequence, oid, flags);
+ ok = 1;
error:
BIO_free(bio);
@@ -6247,13 +6526,6 @@ static struct PyMethodDef manifest_object_methods[] = {
{NULL}
};
-static void
-manifest_object_dealloc(manifest_object *self)
-{
- Manifest_free(self->manifest);
- self->cms.ob_type->tp_free((PyObject*) self);
-}
-
static char POW_Manifest_Type__doc__[] =
"This class provides access to RPKI manifest payload.\n"
;
@@ -6311,6 +6583,8 @@ roa_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
roa_object *self = NULL;
+ ENTERING(roa_object_new);
+
if ((self = (roa_object *) cms_object_new(type, args, kwds)) != NULL &&
(self->roa = ROA_new()) != NULL)
return (PyObject *) self;
@@ -6319,6 +6593,14 @@ roa_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+roa_object_dealloc(roa_object *self)
+{
+ ENTERING(roa_object_dealloc);
+ ROA_free(self->roa);
+ cms_object_dealloc(&self->cms);
+}
+
static char roa_object_verify__doc__[] =
"Needs doc. For now, see CMS.verify().\n"
;
@@ -6329,11 +6611,10 @@ roa_object_verify(roa_object *self, PyObject *args, PyObject *kwds)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(roa_object_verify);
+
if ((bio = cms_object_verify_helper(&self->cms, args, kwds)) == NULL)
goto error;
-
- ROA_free(self->roa);
- self->roa = NULL;
if (!ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), bio, &self->roa))
lose_openssl_error("Couldn't decode ROA");
@@ -6354,6 +6635,8 @@ roa_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
roa_object *self;
+ ENTERING(roa_object_pem_read_helper);
+
if ((self = (roa_object *) cms_object_pem_read_helper(type, bio)) != NULL)
self->roa = NULL;
@@ -6365,6 +6648,8 @@ roa_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
roa_object *self;
+ ENTERING(roa_object_der_read_helper);
+
if ((self = (roa_object *) cms_object_der_read_helper(type, bio)) != NULL)
self->roa = NULL;
@@ -6378,6 +6663,7 @@ static char roa_object_pem_read__doc__[] =
static PyObject *
roa_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_pem_read);
return read_from_string_helper(roa_object_pem_read_helper, type, args);
}
@@ -6388,6 +6674,7 @@ static char roa_object_pem_read_file__doc__[] =
static PyObject *
roa_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_pem_read_file);
return read_from_file_helper(roa_object_pem_read_helper, type, args);
}
@@ -6398,6 +6685,7 @@ static char roa_object_der_read__doc__[] =
static PyObject *
roa_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_der_read);
return read_from_string_helper(roa_object_der_read_helper, type, args);
}
@@ -6408,6 +6696,7 @@ static char roa_object_der_read_file__doc__[] =
static PyObject *
roa_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(roa_object_der_read_file);
return read_from_file_helper(roa_object_der_read_helper, type, args);
}
@@ -6418,6 +6707,8 @@ static char roa_object_get_version__doc__[] =
static PyObject *
roa_object_get_version(roa_object *self)
{
+ ENTERING(roa_object_get_version);
+
if (self->roa == NULL)
lose_not_verified("Can't get version of unverified ROA");
@@ -6445,6 +6736,8 @@ roa_object_set_version(roa_object *self, PyObject *args)
{
int version = 0;
+ ENTERING(roa_object_set_version);
+
if (self->roa == NULL)
lose_not_verified("Can't set version of unverified ROA");
@@ -6470,6 +6763,8 @@ static char roa_object_get_asid__doc__[] =
static PyObject *
roa_object_get_asid(roa_object *self)
{
+ ENTERING(roa_object_get_asid);
+
if (self->roa == NULL)
lose_not_verified("Can't get ASN of unverified ROA");
@@ -6492,6 +6787,8 @@ roa_object_set_asid(roa_object *self, PyObject *args)
PyObject *zero = NULL;
int ok = 0;
+ ENTERING(roa_object_set_asid);
+
if (self->roa == NULL)
lose_not_verified("Can't set ASN of unverified ROA");
@@ -6542,6 +6839,8 @@ roa_object_get_prefixes(roa_object *self)
ipaddress_object *addr = NULL;
int i, j;
+ ENTERING(roa_object_get_prefixes);
+
if (self->roa == NULL)
lose_not_verified("Can't get prefixes from unverified ROA");
@@ -6645,6 +6944,8 @@ roa_object_set_prefixes(roa_object *self, PyObject *args, PyObject *kwds)
PyObject *item = NULL;
int afi, ok = 0;
+ ENTERING(roa_object_set_prefixes);
+
if (self->roa == NULL)
lose_not_verified("Can't set prefixes of unverified ROA");
@@ -6778,6 +7079,8 @@ roa_object_sign(roa_object *self, PyObject *args)
BIO *bio = NULL;
int ok = 0;
+ ENTERING(roa_object_sign);
+
if (!PyArg_ParseTuple(args, "O!O!s#|OOsI",
&POW_X509_Type, &signcert,
&POW_Asymmetric_Type, &signkey,
@@ -6794,12 +7097,17 @@ roa_object_sign(roa_object *self, PyObject *args)
assert_no_unhandled_openssl_errors();
if (!ASN1_item_i2d_bio(ASN1_ITEM_rptr(ROA), bio, self->roa))
- lose_openssl_error("Unable to write ROA");
+ lose_openssl_error("Couldn't encode ROA");
assert_no_unhandled_openssl_errors();
- ok = cms_object_sign_helper(&self->cms, bio, signcert, signkey,
- x509_sequence, crl_sequence, oid, flags);
+ if (!cms_object_sign_helper(&self->cms, bio, signcert, signkey,
+ x509_sequence, crl_sequence, oid, flags))
+ lose_openssl_error("Couldn't sign ROA");
+
+ assert_no_unhandled_openssl_errors();
+
+ ok = 1;
error:
BIO_free(bio);
@@ -6826,13 +7134,6 @@ static struct PyMethodDef roa_object_methods[] = {
{NULL}
};
-static void
-roa_object_dealloc(roa_object *self)
-{
- ROA_free(self->roa);
- self->cms.ob_type->tp_free((PyObject*) self);
-}
-
static char POW_ROA_Type__doc__[] =
"This class provides access to RPKI roa payload.\n"
;
@@ -6890,6 +7191,8 @@ pkcs10_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
{
pkcs10_object *self;
+ ENTERING(pkcs10_object_new);
+
if ((self = (pkcs10_object *) type->tp_alloc(type, 0)) != NULL &&
(self->pkcs10 = X509_REQ_new()) != NULL &&
(self->exts = sk_X509_EXTENSION_new_null()) != NULL)
@@ -6899,24 +7202,37 @@ pkcs10_object_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
return NULL;
}
+static void
+pkcs10_object_dealloc(pkcs10_object *self)
+{
+ ENTERING(pkcs10_object_dealloc);
+ X509_REQ_free(self->pkcs10);
+ sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
+ self->ob_type->tp_free((PyObject*) self);
+}
+
static PyObject *
pkcs10_object_pem_read_helper(PyTypeObject *type, BIO *bio)
{
pkcs10_object *self = NULL;
+ ENTERING(pkcs10_object_pem_read_helper);
+
+ assert_no_unhandled_openssl_errors();
+
if ((self = (pkcs10_object *) pkcs10_object_new(type, NULL, NULL)) == NULL)
goto error;
- X509_REQ_free(self->pkcs10);
- sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
- self->pkcs10 = NULL;
- self->exts = NULL;
+ assert_no_unhandled_openssl_errors();
- if ((self->pkcs10 = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL)) == NULL)
+ if (!PEM_read_bio_X509_REQ(bio, &self->pkcs10, NULL, NULL))
lose_openssl_error("Couldn't load PEM encoded PKCS#10 request");
+ sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
self->exts = X509_REQ_get_extensions(self->pkcs10);
+ assert_no_unhandled_openssl_errors();
+
return (PyObject *) self;
error:
@@ -6930,17 +7246,23 @@ pkcs10_object_der_read_helper(PyTypeObject *type, BIO *bio)
{
pkcs10_object *self;
+ ENTERING(pkcs10_object_der_read_helper);
+
+ assert_no_unhandled_openssl_errors();
+
if ((self = (pkcs10_object *) pkcs10_object_new(type, NULL, NULL)) == NULL)
goto error;
- sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
- self->exts = NULL;
+ assert_no_unhandled_openssl_errors();
if (!d2i_X509_REQ_bio(bio, &self->pkcs10))
lose_openssl_error("Couldn't load DER encoded PKCS#10 request");
+ sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
self->exts = X509_REQ_get_extensions(self->pkcs10);
+ assert_no_unhandled_openssl_errors();
+
return (PyObject *) self;
error:
@@ -6955,6 +7277,7 @@ static char pkcs10_object_pem_read__doc__[] =
static PyObject *
pkcs10_object_pem_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_pem_read);
return read_from_string_helper(pkcs10_object_pem_read_helper, type, args);
}
@@ -6965,6 +7288,7 @@ static char pkcs10_object_pem_read_file__doc__[] =
static PyObject *
pkcs10_object_pem_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_pem_read_file);
return read_from_file_helper(pkcs10_object_pem_read_helper, type, args);
}
@@ -6975,6 +7299,7 @@ static char pkcs10_object_der_read__doc__[] =
static PyObject *
pkcs10_object_der_read(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_der_read);
return read_from_string_helper(pkcs10_object_der_read_helper, type, args);
}
@@ -6985,6 +7310,7 @@ static char pkcs10_object_der_read_file__doc__[] =
static PyObject *
pkcs10_object_der_read_file(PyTypeObject *type, PyObject *args)
{
+ ENTERING(pkcs10_object_der_read_file);
return read_from_file_helper(pkcs10_object_der_read_helper, type, args);
}
@@ -6998,6 +7324,8 @@ pkcs10_object_pem_write(pkcs10_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(pkcs10_object_pem_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -7021,6 +7349,8 @@ pkcs10_object_der_write(pkcs10_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(pkcs10_object_der_write);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -7044,6 +7374,8 @@ pkcs10_object_get_public_key(pkcs10_object *self)
PyTypeObject *type = &POW_Asymmetric_Type;
asymmetric_object *asym = NULL;
+ ENTERING(pkcs10_object_get_public_key);
+
if ((asym = (asymmetric_object *) type->tp_alloc(type, 0)) == NULL)
goto error;
@@ -7068,6 +7400,8 @@ pkcs10_object_set_public_key(pkcs10_object *self, PyObject *args)
{
asymmetric_object *asym;
+ ENTERING(pkcs10_object_set_public_key);
+
if (!PyArg_ParseTuple(args, "O!", &POW_Asymmetric_Type, &asym))
goto error;
@@ -7106,6 +7440,8 @@ pkcs10_object_sign(pkcs10_object *self, PyObject *args)
int loc, digest_type = SHA256_DIGEST;
const EVP_MD *digest_method = NULL;
+ ENTERING(pkcs10_object_sign);
+
if (!PyArg_ParseTuple(args, "O!|i", &POW_Asymmetric_Type, &asym, &digest_type))
goto error;
@@ -7138,6 +7474,8 @@ pkcs10_object_verify(pkcs10_object *self)
EVP_PKEY *pkey = NULL;
int status;
+ ENTERING(pkcs10_object_verify);
+
if ((pkey = X509_REQ_get_pubkey(self->pkcs10)) == NULL)
lose_openssl_error("Couldn't extract public key from PKCS#10 for verification");
@@ -7159,6 +7497,7 @@ static char pkcs10_object_get_version__doc__[] =
static PyObject *
pkcs10_object_get_version(pkcs10_object *self)
{
+ ENTERING(pkcs10_object_get_version);
return Py_BuildValue("l", X509_REQ_get_version(self->pkcs10));
}
@@ -7173,6 +7512,8 @@ pkcs10_object_set_version(pkcs10_object *self, PyObject *args)
{
long version = 0;
+ ENTERING(pkcs10_object_set_version);
+
if (!PyArg_ParseTuple(args, "|l", &version))
goto error;
@@ -7201,6 +7542,8 @@ pkcs10_object_get_subject(pkcs10_object *self, PyObject *args)
PyObject *result = NULL;
int format = OIDNAME_FORMAT;
+ ENTERING(pkcs10_object_get_subject);
+
if (!PyArg_ParseTuple(args, "|i", &format))
goto error;
@@ -7223,6 +7566,8 @@ pkcs10_object_set_subject(pkcs10_object *self, PyObject *args)
PyObject *name_sequence = NULL;
X509_NAME *name = NULL;
+ ENTERING(pkcs10_object_set_subject);
+
if (!PyArg_ParseTuple(args, "O", &name_sequence))
goto error;
@@ -7259,6 +7604,8 @@ pkcs10_object_get_key_usage(pkcs10_object *self)
PyObject *result = NULL;
PyObject *token = NULL;
+ ENTERING(pkcs10_object_get_key_usage);
+
if ((ext = X509V3_get_d2i(self->exts, NID_key_usage, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -7308,6 +7655,8 @@ pkcs10_object_set_key_usage(pkcs10_object *self, PyObject *args)
const char *t;
int ok = 0;
+ ENTERING(pkcs10_object_set_key_usage);
+
if ((ext = ASN1_BIT_STRING_new()) == NULL)
lose_no_memory();
@@ -7367,6 +7716,8 @@ pkcs10_object_get_basic_constraints(pkcs10_object *self)
BASIC_CONSTRAINTS *ext = NULL;
PyObject *result;
+ ENTERING(pkcs10_object_get_basic_constraints);
+
if ((ext = X509V3_get_d2i(self->exts, NID_basic_constraints, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -7404,6 +7755,8 @@ pkcs10_object_set_basic_constraints(pkcs10_object *self, PyObject *args)
long pathlen = -1;
int ok = 0;
+ ENTERING(pkcs10_object_set_basic_constraints);
+
if (!PyArg_ParseTuple(args, "O|OO", &is_ca, &pathlen_obj, &critical))
goto error;
@@ -7459,6 +7812,8 @@ pkcs10_object_get_sia(pkcs10_object *self)
PyObject *obj;
int i, nid;
+ ENTERING(pkcs10_object_get_sia);
+
if ((ext = X509V3_get_d2i(self->exts, NID_sinfo_access, NULL, NULL)) == NULL)
Py_RETURN_NONE;
@@ -7555,6 +7910,8 @@ pkcs10_object_set_sia(pkcs10_object *self, PyObject *args)
Py_ssize_t urilen;
char *uri;
+ ENTERING(pkcs10_object_set_sia);
+
if (!PyArg_ParseTuple(args, "OOO", &caRepository, &rpkiManifest, &signedObject))
goto error;
@@ -7625,6 +7982,57 @@ pkcs10_object_set_sia(pkcs10_object *self, PyObject *args)
return NULL;
}
+static char pkcs10_object_get_signature_algorithm__doc__[] =
+ "Extract signature algorithm OID from this request.\n"
+ ;
+
+static PyObject *
+pkcs10_object_get_signature_algorithm(pkcs10_object *self)
+{
+ ASN1_OBJECT *oid = NULL;
+
+ ENTERING(pkcs10_object_get_signature_algorithm);
+
+ X509_ALGOR_get0(&oid, NULL, NULL, self->pkcs10->sig_alg);
+
+ return ASN1_OBJECT_to_PyString(oid);
+}
+
+static char pkcs10_object_get_extension_oids__doc__[] =
+ "Get the set of extension OIDs used in this request. This is mostly\n"
+ "useful for enforcing restrictions on what extensions are allowed to be\n"
+ "present, to conform with a profile.\n"
+ ;
+
+static PyObject *
+pkcs10_object_get_extension_oids(pkcs10_object *self)
+{
+ PyObject *result = NULL;
+ PyObject *oid = NULL;
+ int i;
+
+ ENTERING(pkcs10_object_get_extension_oids);
+
+ if ((result = PyFrozenSet_New(NULL)) == NULL)
+ goto error;
+
+ for (i = 0; i < sk_X509_EXTENSION_num(self->exts); i++) {
+ X509_EXTENSION *ext = sk_X509_EXTENSION_value(self->exts, i);
+ if ((oid = ASN1_OBJECT_to_PyString(ext->object)) == NULL ||
+ PySet_Add(result, oid) < 0)
+ goto error;
+ Py_XDECREF(oid);
+ oid = NULL;
+ }
+
+ return result;
+
+ error:
+ Py_XDECREF(result);
+ Py_XDECREF(oid);
+ return NULL;
+}
+
/*
* May want EKU handlers eventually, skip for now.
*/
@@ -7639,6 +8047,8 @@ pkcs10_object_pprint(pkcs10_object *self)
PyObject *result = NULL;
BIO *bio = NULL;
+ ENTERING(pkcs10_object_pprint);
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
lose_no_memory();
@@ -7670,6 +8080,8 @@ static struct PyMethodDef pkcs10_object_methods[] = {
Define_Method(setBasicConstraints, pkcs10_object_set_basic_constraints, METH_VARARGS),
Define_Method(getSIA, pkcs10_object_get_sia, METH_NOARGS),
Define_Method(setSIA, pkcs10_object_set_sia, METH_VARARGS),
+ Define_Method(getSignatureAlgorithm, pkcs10_object_get_signature_algorithm, METH_NOARGS),
+ Define_Method(getExtensionOIDs, pkcs10_object_get_extension_oids, METH_NOARGS),
Define_Class_Method(pemRead, pkcs10_object_pem_read, METH_VARARGS),
Define_Class_Method(pemReadFile, pkcs10_object_pem_read_file, METH_VARARGS),
Define_Class_Method(derRead, pkcs10_object_der_read, METH_VARARGS),
@@ -7677,14 +8089,6 @@ static struct PyMethodDef pkcs10_object_methods[] = {
{NULL}
};
-static void
-pkcs10_object_dealloc(pkcs10_object *self)
-{
- X509_REQ_free(self->pkcs10);
- sk_X509_EXTENSION_pop_free(self->exts, X509_EXTENSION_free);
- self->ob_type->tp_free((PyObject*) self);
-}
-
static char POW_PKCS10_Type__doc__[] =
"This class represents a PKCS#10 request.\n"
"\n"
@@ -7733,9 +8137,6 @@ static PyTypeObject POW_PKCS10_Type = {
pkcs10_object_new, /* tp_new */
};
-
-
-
/*
@@ -7759,6 +8160,8 @@ pow_module_add_object(PyObject *self, PyObject *args)
{
char *oid = NULL, *sn = NULL, *ln = NULL;
+ ENTERING(pow_module_add_object);
+
if (!PyArg_ParseTuple(args, "sss", &oid, &sn, &ln))
goto error;
@@ -7783,6 +8186,8 @@ pow_module_get_error(PyObject *self)
unsigned long error = ERR_get_error();
char buf[256];
+ ENTERING(pow_module_get_error);
+
if (!error)
Py_RETURN_NONE;
@@ -7797,6 +8202,7 @@ static char pow_module_clear_error__doc__[] =
static PyObject *
pow_module_clear_error(PyObject *self)
{
+ ENTERING(pow_module_clear_error);
ERR_clear_error();
Py_RETURN_NONE;
}
@@ -7814,6 +8220,8 @@ pow_module_seed(PyObject *self, PyObject *args)
char *data = NULL;
int datalen = 0;
+ ENTERING(pow_module_seed);
+
if (!PyArg_ParseTuple(args, "s#", &data, &datalen))
goto error;
@@ -7842,6 +8250,8 @@ pow_module_add(PyObject *self, PyObject *args)
int datalen = 0;
double entropy = 0;
+ ENTERING(pow_module_add);
+
if (!PyArg_ParseTuple(args, "s#d", &data, &datalen, &entropy))
goto error;
@@ -7865,6 +8275,8 @@ pow_module_write_random_file(PyObject *self, PyObject *args)
{
char *filename = NULL;
+ ENTERING(pow_module_write_random_file);
+
if (!PyArg_ParseTuple(args, "s", &filename))
goto error;
@@ -7890,6 +8302,8 @@ pow_module_read_random_file(PyObject *self, PyObject *args)
char *file = NULL;
int len = -1;
+ ENTERING(pow_module_read_random_file);
+
if (!PyArg_ParseTuple(args, "s|i", &file, &len))
goto error;
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index c65fbb72..4cd4a5c2 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -596,7 +596,7 @@ class X509(DER_object):
"""
Extract the public key from this certificate.
"""
- return RSApublic(DER = self.get_POWpkix().tbs.subjectPublicKeyInfo.toString())
+ return RSApublic(POW = self.get_POW().getPublicKey())
def get_SKI(self):
"""
@@ -632,7 +632,7 @@ class X509(DER_object):
resources = resources,
is_ca = is_ca,
aki = self.get_SKI(),
- issuer_name = self.get_POWpkix().getSubject())
+ issuer_name = self.getSubject())
@classmethod
@@ -658,7 +658,7 @@ class X509(DER_object):
resources = resources,
is_ca = True,
aki = ski,
- issuer_name = (((rpki.oids.name2oid["commonName"], ("printableString", cn)),),))
+ issuer_name = X501DN.from_cn(cn))
@staticmethod
@@ -679,7 +679,7 @@ class X509(DER_object):
cert = rpki.POW.pkix.Certificate()
cert.setVersion(2)
cert.setSerial(serial)
- cert.setIssuer(issuer_name)
+ cert.setIssuer(issuer_name.get_POWpkix())
cert.setSubject((((rpki.oids.name2oid["commonName"], ("printableString", cn)),),))
cert.setNotBefore(now.toASN1tuple())
cert.setNotAfter(notAfter.toASN1tuple())
@@ -839,7 +839,6 @@ class X509(DER_object):
"""
return self.getNotBefore()
-
class PKCS10(DER_object):
"""
Class to hold a PKCS #10 request.
@@ -847,7 +846,20 @@ class PKCS10(DER_object):
formats = ("DER", "POW", "POWpkix")
pem_converter = PEM_converter("CERTIFICATE REQUEST")
-
+
+ ## @var expected_ca_keyUsage
+ # KeyUsage extension flags expected for CA requests.
+
+ expected_ca_keyUsage = frozenset(("keyCertSign", "cRLSign"))
+
+ ## @var allowed_extensions
+ # Extensions allowed by RPKI profile.
+
+ allowed_extensions = frozenset(rpki.oids.safe_name2dotted(name)
+ for name in ("basicConstraints",
+ "keyUsage",
+ "subjectInfoAccess"))
+
def get_DER(self):
"""
Get the DER value of this certification request.
@@ -892,7 +904,7 @@ class PKCS10(DER_object):
"""
Extract the public key from this certification request.
"""
- return RSApublic(DER = self.get_POWpkix().certificationRequestInfo.subjectPublicKeyInfo.toString())
+ return RSApublic(POW = self.get_POW().getPublicKey())
def check_valid_rpki(self):
"""
@@ -909,44 +921,63 @@ class PKCS10(DER_object):
RPKI profile only allows EKU for EE certificates.
"""
- if not self.get_POWpkix().verify():
+ if not self.get_POW().verify():
raise rpki.exceptions.BadPKCS10, "Signature check failed"
- if self.get_POWpkix().certificationRequestInfo.version.get() != 0:
- raise rpki.exceptions.BadPKCS10, \
- "Bad version number %s" % self.get_POWpkix().certificationRequestInfo.version
+ ver = self.get_POW().getVersion()
- if rpki.oids.oid2name.get(self.get_POWpkix().signatureAlgorithm.algorithm.get()) != "sha256WithRSAEncryption":
- raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % self.get_POWpkix().signatureAlgorithm
+ if ver != 0:
+ raise rpki.exceptions.BadPKCS10, "Bad version number %s" % ver
- exts = dict((rpki.oids.oid2name.get(oid, oid), value)
- for (oid, critical, value) in self.get_POWpkix().getExtensions())
+ alg = rpki.oids.safe_dotted2name(self.get_POW().getSignatureAlgorithm())
- if any(oid not in ("basicConstraints", "keyUsage", "subjectInfoAccess") for oid in exts):
- raise rpki.exceptions.BadExtension, "Forbidden extension(s) in certificate request"
+ if alg != "sha256WithRSAEncryption":
+ raise rpki.exceptions.BadPKCS10, "Bad signature algorithm %s" % alg
- if "basicConstraints" not in exts or not exts["basicConstraints"][0]:
+ bc = self.get_POW().getBasicConstraints()
+
+ if bc is None or not bc[0]:
raise rpki.exceptions.BadPKCS10, "Request for EE certificate not allowed here"
- if exts["basicConstraints"][1] is not None:
+ if bc[1] is not None:
raise rpki.exceptions.BadPKCS10, "basicConstraints must not specify Path Length"
- if "keyUsage" in exts and (not exts["keyUsage"][5] or not exts["keyUsage"][6]):
- raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints"
+ ku = self.get_POW().getKeyUsage()
- sias = dict((rpki.oids.oid2name.get(oid, oid), value[1])
- for oid, value in exts.get("subjectInfoAccess", ())
- if value[0] == "uri" and value[1].startswith("rsync://"))
+ if ku is not None and self.expected_ca_keyUsage != ku:
+ raise rpki.exceptions.BadPKCS10, "keyUsage doesn't match basicConstraints: %r" % ku
- for oid in ("id-ad-caRepository", "id-ad-rpkiManifest"):
- if oid not in sias:
- raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA %s" % oid
+ if any(oid not in self.allowed_extensions
+ for oid in self.get_POW().getExtensionOIDs()):
+ raise rpki.exceptions.BadExtension, "Forbidden extension(s) in certificate request"
+
+ sias = self.get_POW().getSIA()
+
+ if sias is None:
+ raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA extension"
+
+ caRepository, rpkiManifest, signedObject = sias
+
+ if signedObject:
+ raise rpki.exceptions.BadPKCS10, "CA certificate request has SIA id-ad-signedObject"
+
+ if not caRepository:
+ raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA id-ad-caRepository"
+
+ if not any(uri.startswith("rsync://") for uri in caRepository):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-caRepository contains no rsync URIs"
+
+ if not rpkiManifest:
+ raise rpki.exceptions.BadPKCS10, "Certificate request is missing SIA id-ad-rpkiManifest"
+
+ if not any(uri.startswith("rsync://") for uri in rpkiManifest):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-rpkiManifest contains no rsync URIs"
- if not sias["id-ad-caRepository"].endswith("/"):
- raise rpki.exceptions.BadPKCS10, "Certificate request id-ad-caRepository does not end with slash: %r" % sias["id-ad-caRepository"]
+ if any(uri.startswith("rsync://") and not uri.endswith("/") for uri in caRepository):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-caRepository does not end with slash"
- if sias["id-ad-rpkiManifest"].endswith("/"):
- raise rpki.exceptions.BadPKCS10, "Certificate request id-ad-rpkiManifest ends with slash: %r" % sias["id-ad-rpkiManifest"]
+ if any(uri.startswith("rsync://") and uri.endswith("/") for uri in rpkiManifest):
+ raise rpki.exceptions.BadPKCS10, "Certificate request SIA id-ad-rpkiManifest ends with slash"
@classmethod
def create_ca(cls, keypair, sia = None):
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 07:44:26 +0000