diff -ruN ../pyOpenSSL-0.8/setup.py ./setup.py --- ../pyOpenSSL-0.8/setup.py 2008-09-22 02:36:54.000000000 +0200 +++ ./setup.py 2009-03-29 19:53:40.000000000 +0200 @@ -37,13 +37,13 @@ 'src/crypto/x509store.c', 'src/crypto/x509req.c', 'src/crypto/x509ext.c', 'src/crypto/pkcs7.c', 'src/crypto/pkcs12.c', 'src/crypto/netscape_spki.c', - 'src/util.c'] + 'src/util.c', 'src/crypto/crl.c'] crypto_dep = ['src/crypto/crypto.h', 'src/crypto/x509.h', 'src/crypto/x509name.h', 'src/crypto/pkey.h', 'src/crypto/x509store.h', 'src/crypto/x509req.h', 'src/crypto/x509ext.h', 'src/crypto/pkcs7.h', 'src/crypto/pkcs12.h', 'src/crypto/netscape_spki.h', - 'src/util.h'] + 'src/util.h', 'src/crypto/crl.h'] rand_src = ['src/rand/rand.c', 'src/util.c'] rand_dep = ['src/util.h'] ssl_src = ['src/ssl/connection.c', 'src/ssl/context.c', 'src/ssl/ssl.c', diff -ruN ../pyOpenSSL-0.8/src/crypto/crl.c ./src/crypto/crl.c --- ../pyOpenSSL-0.8/src/crypto/crl.c 1970-01-01 01:00:00.000000000 +0100 +++ ./src/crypto/crl.c 2009-03-29 19:53:40.000000000 +0200 @@ -0,0 +1,237 @@ +#include +#define crypto_MODULE +#include "crypto.h" + +static char *CVSid = "@(#) $Id$"; + +static void crypto_CRL_dealloc(crypto_CRLObj *self); + +static const char *crl_reasons[] = { + /* CRL reason strings */ + "unspecified", + "keyCompromise", + "CACompromise", + "affiliationChanged", + "superseded", + "cessationOfOperation", + "certificateHold", + "removeFromCRL", + /* Additional pseudo reasons */ + "holdInstruction", + "keyTime", + "CAkeyTime" +}; + +#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *)) + +int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str) +{ + char *tmp = NULL; + char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; + int reason_code = -1; + int ret = 0; + unsigned int i; + ASN1_OBJECT *hold = NULL; + ASN1_GENERALIZEDTIME *comp_time = NULL; + tmp = BUF_strdup(str); + + p = strchr(tmp, ','); + rtime_str = tmp; + if (p) { + *p = '\0'; + p++; + reason_str = p; + p = strchr(p, ','); + if (p) { + *p = '\0'; + arg_str = p + 1; + } + } + if (prevtm) { + *prevtm = ASN1_UTCTIME_new(); + if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) + goto err; + } + if (reason_str) { + for (i = 0; i < NUM_REASONS; i++) { + if(!strcasecmp(reason_str, crl_reasons[i])) { + reason_code = i; + break; + } + } + if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) + goto err; + + if (reason_code == 7) + reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; + else if (reason_code == 8) { + if (!arg_str) + goto err; + reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD; + hold = OBJ_txt2obj(arg_str, 0); + + if (!hold) + goto err; + if (phold) *phold = hold; + } + else if ((reason_code == 9) || (reason_code == 10)) { + if (!arg_str) + goto err; + comp_time = ASN1_GENERALIZEDTIME_new(); + if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) + goto err; + if (reason_code == 9) + reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE; + else + reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE; + } + } + + if (preason) *preason = reason_code; + if (pinvtm) *pinvtm = comp_time; + else ASN1_GENERALIZEDTIME_free(comp_time); + + ret = 1; + + err: + if (tmp) OPENSSL_free(tmp); + if (!phold) ASN1_OBJECT_free(hold); + if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); + + return ret; +} +int make_revoked(X509_REVOKED *rev, const char *str) +{ + char *tmp = NULL; + int reason_code = -1; + int i, ret = 0; + ASN1_OBJECT *hold = NULL; + ASN1_GENERALIZEDTIME *comp_time = NULL; + ASN1_ENUMERATED *rtmp = NULL; + + ASN1_TIME *revDate = NULL; + + i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str); + + if (i == 0) + goto err; + + if (rev && !X509_REVOKED_set_revocationDate(rev, revDate)) + goto err; + + if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) { + rtmp = ASN1_ENUMERATED_new(); + if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code)) + goto err; + if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0)) + goto err; + } + + if (rev && comp_time) { + if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0)) + goto err; + } + if (rev && hold) { + if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0)) + goto err; + } + + if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS) + ret = 2; + else ret = 1; + err: + if (tmp) OPENSSL_free(tmp); + ASN1_OBJECT_free(hold); + ASN1_GENERALIZEDTIME_free(comp_time); + ASN1_ENUMERATED_free(rtmp); + ASN1_TIME_free(revDate); + + return ret; +} + +static char crypto_CRL_make_revoked_doc[] = ""; +static PyObject * +crypto_CRL_make_revoked(crypto_CRLObj *self, PyObject *args) +{ + char *t, *id; + X509_REVOKED *r; + BIGNUM *serial=NULL; + ASN1_INTEGER *tmpser; + + if (!PyArg_ParseTuple(args, "ss:make_revoked", &t, &id)) + return NULL; + + r = X509_REVOKED_new(); + make_revoked(r, t); + if (!BN_hex2bn(&serial, id)) + return 0; + tmpser = BN_to_ASN1_INTEGER(serial, NULL); + BN_free(serial); + serial = NULL; + X509_REVOKED_set_serialNumber(r, tmpser); + ASN1_INTEGER_free(tmpser); + + X509_CRL_add0_revoked(self->crl,r); + + Py_INCREF(Py_None); + return Py_None; +} + +crypto_CRLObj * +crypto_CRL_New(X509_CRL *crl) +{ + crypto_CRLObj *self; + + self = PyObject_New(crypto_CRLObj, &crypto_CRL_Type); + self->crl = crl; + return self; +} + + +/* + * ADD_METHOD(name) expands to a correct PyMethodDef declaration + * { 'name', (PyCFunction)crypto_PKCS12_name, METH_VARARGS, crypto_PKCS12_name_doc } + * for convenience + */ +#define ADD_METHOD(name) \ + { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS, crypto_CRL_##name##_doc } +static PyMethodDef crypto_CRL_methods[] = +{ + ADD_METHOD(make_revoked), + { NULL, NULL } +}; +#undef ADD_METHOD + + +static PyObject * +crypto_CRL_getattr(crypto_CRLObj *self, char *name) +{ + return Py_FindMethod(crypto_CRL_methods, (PyObject *)self, name); +} + +static void +crypto_CRL_dealloc(crypto_CRLObj *self) +{ + PyObject_Del(self); +} + +PyTypeObject crypto_CRL_Type = { + PyObject_HEAD_INIT(NULL) + 0, + "CRL", + sizeof(crypto_CRLObj), + 0, + (destructor)crypto_CRL_dealloc, + NULL, /* print */ + (getattrfunc)crypto_CRL_getattr, +}; + +int +init_crypto_crl(PyObject *dict) +{ + crypto_CRL_Type.ob_type = &PyType_Type; + Py_INCREF(&crypto_CRL_Type); + PyDict_SetItemString(dict, "CRLType", (PyObject *)&crypto_CRL_Type); + return 1; +} + diff -ruN ../pyOpenSSL-0.8/src/crypto/crl.h ./src/crypto/crl.h --- ../pyOpenSSL-0.8/src/crypto/crl.h 1970-01-01 01:00:00.000000000 +0100 +++ ./src/crypto/crl.h 2009-03-29 19:53:40.000000000 +0200 @@ -0,0 +1,17 @@ +#ifndef PyOpenSSL_crypto_CRL_H_ +#define PyOpenSSL_crypto_CRL_H_ + +#include + +extern int init_crypto_crl (PyObject *); + +extern PyTypeObject crypto_CRL_Type; + +#define crypto_CRL_Check(v) ((v)->ob_type == &crypto_CRL_Type) + +typedef struct { + PyObject_HEAD + X509_CRL *crl; +} crypto_CRLObj; + +#endif diff -ruN ../pyOpenSSL-0.8/src/crypto/crypto.c ./src/crypto/crypto.c --- ../pyOpenSSL-0.8/src/crypto/crypto.c 2009-03-29 19:56:15.000000000 +0200 +++ ./src/crypto/crypto.c 2009-03-29 19:54:16.000000000 +0200 @@ -539,6 +539,47 @@ return buffer; } +static char crypto_dump_crl_doc[] = ""; + +static PyObject * +crypto_dump_crl(PyObject *spam, PyObject *args) +{ + int ret, buf_len; + char *temp; + BIO *bio; + PyObject *buffer; + crypto_CRLObj *in_crl; + crypto_PKeyObj *key; + ASN1_TIME *tmptm; + crypto_X509Obj *x509; + + if (!PyArg_ParseTuple(args, "O!O!O!:dump_crl", + &crypto_CRL_Type, &in_crl, &crypto_X509_Type, &x509, &crypto_PKey_Type, &key)) + return NULL; + + bio=BIO_new(BIO_s_mem()); + + tmptm = ASN1_TIME_new(); + if (!tmptm) + return 0; + X509_gmtime_adj(tmptm,0); + X509_CRL_set_lastUpdate(in_crl->crl, tmptm); + X509_gmtime_adj(tmptm,(100*24)*60*60); + X509_CRL_set_nextUpdate(in_crl->crl, tmptm); + ASN1_TIME_free(tmptm); + X509_CRL_set_issuer_name(in_crl->crl, X509_get_subject_name(x509->x509)); + X509_CRL_sign(in_crl->crl, key->pkey, EVP_md5()); + if (!(ret = PEM_write_bio_X509_CRL(bio, in_crl->crl))) { + BIO_free(bio); + return NULL; + } + buf_len = BIO_get_mem_data(bio, &temp); + buffer = PyString_FromStringAndSize(temp, buf_len); + X509_CRL_free(in_crl->crl); + BIO_free(bio); + return buffer; +} + static char crypto_load_pkcs7_data_doc[] = "\n\ Load pkcs7 data from a buffer\n\ \n\ @@ -628,6 +669,7 @@ } + static char crypto_X509_doc[] = "\n\ The factory function inserted in the module dictionary to create X509\n\ objects\n\ @@ -662,6 +704,22 @@ return (PyObject *)self; } + +static char crypto_CRL_doc[] = ""; + +static PyObject * +crypto_CRL(PyObject *spam, PyObject *args) +{ + crypto_CRLObj *self; + + if (!PyArg_ParseTuple(args, ":CRL")) + return NULL; + + self = crypto_CRL_New(X509_CRL_new()); + + return (PyObject *)self; +} + static char crypto_X509Name_doc[] = "\n\ The factory function inserted in the module dictionary as a copy\n\ constructor for X509Name objects.\n\ @@ -814,6 +872,7 @@ { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc }, { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc }, { "dump_pkcs12", (PyCFunction)crypto_dump_pkcs12, METH_VARARGS, crypto_dump_pkcs12_doc }, + { "dump_crl", (PyCFunction)crypto_dump_crl, METH_VARARGS, crypto_dump_crl_doc }, /* Factory functions */ { "X509", (PyCFunction)crypto_X509, METH_VARARGS, crypto_X509_doc }, { "PKCS12", (PyCFunction)crypto_PKCS12, METH_VARARGS, crypto_PKCS12_doc }, @@ -822,6 +881,7 @@ { "PKey", (PyCFunction)crypto_PKey, METH_VARARGS, crypto_PKey_doc }, { "X509Extension", (PyCFunction)crypto_X509Extension, METH_VARARGS, crypto_X509Extension_doc }, { "NetscapeSPKI", (PyCFunction)crypto_NetscapeSPKI, METH_VARARGS, crypto_NetscapeSPKI_doc }, + { "CRL", (PyCFunction)crypto_CRL, METH_VARARGS, crypto_CRL_doc }, { "X509_verify_cert_error_string", (PyCFunction)crypto_X509_verify_cert_error_string, METH_VARARGS, crypto_X509_verify_cert_error_string_doc }, { NULL, NULL } }; @@ -961,7 +1021,8 @@ goto error; if (!init_crypto_netscape_spki(dict)) goto error; - + if (!init_crypto_crl(dict)) + goto error; error: ; } diff -ruN ../pyOpenSSL-0.8/src/crypto/crypto.h ./src/crypto/crypto.h --- ../pyOpenSSL-0.8/src/crypto/crypto.h 2009-03-29 19:56:12.000000000 +0200 +++ ./src/crypto/crypto.h 2009-03-29 19:53:40.000000000 +0200 @@ -23,8 +23,30 @@ #include "x509ext.h" #include "pkcs7.h" #include "pkcs12.h" +#include "crl.h" #include "../util.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +int make_revoked(X509_REVOKED *rev, const char *str); + extern PyObject *crypto_Error; #ifdef exception_from_error_queue @@ -74,6 +96,10 @@ #define crypto_PKCS12_New_RETURN crypto_PKCS12Obj * #define crypto_PKCS12_New_PROTO (PKCS12 *, char *) +#define crypto_CRL_New_NUM 10 +#define crypto_CRL_New_RETURN crypto_CRLObj * +#define crypto_CRL_New_PROTO (X509_CRL *) + #ifdef crypto_MODULE extern crypto_X509_New_RETURN crypto_X509_New crypto_X509_New_PROTO;