Merge pull request #2809 from reaperhulk/110-patch-28

add 5 accessor functions that exist in 1.1.0 to help opaque x509 structs
author: Alex Gaynor <alex.gaynor@gmail.com> 2016-03-13 19:54:34 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-03-13 19:54:34 -0400
commit: 76252fca16dccc2add21c985d4d9d883ed55f1c9 (patch)
tree: 7db49af186a5fa9a2afe138f65070fe7b4389bea
parent: ed07bbb44fba8dc36b16c74a115ce58c0d63ade9 (diff)
parent: 03200124da98b78edb2b31d96989bb35dbab6f8c (diff)
download: cryptography-76252fca16dccc2add21c985d4d9d883ed55f1c9.tar.gz
cryptography-76252fca16dccc2add21c985d4d9d883ed55f1c9.tar.bz2
cryptography-76252fca16dccc2add21c985d4d9d883ed55f1c9.zip
2 files changed, 82 insertions, 10 deletions
diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 2fe3a1bf..b0ff9844 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -353,6 +353,15 @@ ASN1_OBJECT *sk_ASN1_OBJECT_value(Cryptography_STACK_OF_ASN1_OBJECT *, int);
 void sk_ASN1_OBJECT_free(Cryptography_STACK_OF_ASN1_OBJECT *);
 Cryptography_STACK_OF_ASN1_OBJECT *sk_ASN1_OBJECT_new_null(void);
 int sk_ASN1_OBJECT_push(Cryptography_STACK_OF_ASN1_OBJECT *, ASN1_OBJECT *);
+
+/* these functions were added in 1.1.0 */
+ASN1_INTEGER *X509_REVOKED_get0_serialNumber(X509_REVOKED *);
+ASN1_TIME *X509_REVOKED_get0_revocationDate(X509_REVOKED *);
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             X509_CRL *crl);
+int i2d_re_X509_REQ_tbs(X509_REQ *, unsigned char **);
+int i2d_re_X509_CRL_tbs(X509_CRL *, unsigned char **);
+void X509_REQ_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509_REQ *);
 """
 
 CUSTOMIZATIONS = """
@@ -409,4 +418,43 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) {
     return ASN1_item_dup(ASN1_ITEM_rptr(X509_REVOKED), rev);
 }
 
+/* Added in 1.1.0 but we need it in all versions now due to the great
+   opaquing. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+/* from x509/x509_req.c */
+void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             X509_REQ *req)
+{
+    if (psig != NULL)
+        *psig = req->signature;
+    if (palg != NULL)
+        *palg = req->sig_alg;
+}
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+    req->req_info->enc.modified = 1;
+    return i2d_X509_REQ_INFO(req->req_info, pp);
+}
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
+    crl->crl->enc.modified = 1;
+    return i2d_X509_CRL_INFO(crl->crl, pp);
+}
+
+void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             X509_CRL *crl)
+{
+    if (psig != NULL)
+        *psig = crl->signature;
+    if (palg != NULL)
+        *palg = crl->sig_alg;
+}
+ASN1_TIME *X509_REVOKED_get0_revocationDate(X509_REVOKED *x)
+{
+    return x->revocationDate;
+}
+ASN1_INTEGER *X509_REVOKED_get0_serialNumber(X509_REVOKED *x)
+{
+    return x->serialNumber;
+}
+#endif
 """
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index ced3e6f1..71a2fb78 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -162,14 +162,20 @@ class _RevokedCertificate(object):
 
     @property
     def serial_number(self):
-        asn1_int = self._x509_revoked.serialNumber
+        asn1_int = self._backend._lib.X509_REVOKED_get0_serialNumber(
+            self._x509_revoked
+        )
         self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL)
         return _asn1_integer_to_int(self._backend, asn1_int)
 
     @property
     def revocation_date(self):
         return _parse_asn1_time(
-            self._backend, self._x509_revoked.revocationDate)
+            self._backend,
+            self._backend._lib.X509_REVOKED_get0_revocationDate(
+                self._x509_revoked
+            )
+        )
 
     @property
     def extensions(self):
@@ -207,7 +213,12 @@ class _CertificateRevocationList(object):
 
     @property
     def signature_hash_algorithm(self):
-        oid = _obj2txt(self._backend, self._x509_crl.sig_alg.algorithm)
+        alg = self._backend._ffi.new("X509_ALGOR **")
+        self._backend._lib.X509_CRL_get0_signature(
+            self._backend._ffi.NULL, alg, self._x509_crl
+        )
+        self._backend.openssl_assert(alg[0] != self._backend._ffi.NULL)
+        oid = _obj2txt(self._backend, alg[0].algorithm)
         try:
             return x509._SIG_OIDS_TO_HASH[oid]
         except KeyError:
@@ -235,13 +246,17 @@ class _CertificateRevocationList(object):
 
     @property
     def signature(self):
-        return _asn1_string_to_bytes(self._backend, self._x509_crl.signature)
+        sig = self._backend._ffi.new("ASN1_BIT_STRING **")
+        self._backend._lib.X509_CRL_get0_signature(
+            sig, self._backend._ffi.NULL, self._x509_crl
+        )
+        self._backend.openssl_assert(sig[0] != self._backend._ffi.NULL)
+        return _asn1_string_to_bytes(self._backend, sig[0])
 
     @property
     def tbs_certlist_bytes(self):
         pp = self._backend._ffi.new("unsigned char **")
-        # the X509_CRL_INFO struct holds the tbsCertList data
-        res = self._backend._lib.i2d_X509_CRL_INFO(self._x509_crl.crl, pp)
+        res = self._backend._lib.i2d_re_X509_CRL_tbs(self._x509_crl, pp)
         self._backend.openssl_assert(res > 0)
         pp = self._backend._ffi.gc(
             pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
@@ -330,7 +345,12 @@ class _CertificateSigningRequest(object):
 
     @property
     def signature_hash_algorithm(self):
-        oid = _obj2txt(self._backend, self._x509_req.sig_alg.algorithm)
+        alg = self._backend._ffi.new("X509_ALGOR **")
+        self._backend._lib.X509_REQ_get0_signature(
+            self._backend._ffi.NULL, alg, self._x509_req
+        )
+        self._backend.openssl_assert(alg[0] != self._backend._ffi.NULL)
+        oid = _obj2txt(self._backend, alg[0].algorithm)
         try:
             return x509._SIG_OIDS_TO_HASH[oid]
         except KeyError:
@@ -360,8 +380,7 @@ class _CertificateSigningRequest(object):
     @property
     def tbs_certrequest_bytes(self):
         pp = self._backend._ffi.new("unsigned char **")
-        # the X509_REQ_INFO struct holds the CertificateRequestInfo data
-        res = self._backend._lib.i2d_X509_REQ_INFO(self._x509_req.req_info, pp)
+        res = self._backend._lib.i2d_re_X509_REQ_tbs(self._x509_req, pp)
         self._backend.openssl_assert(res > 0)
         pp = self._backend._ffi.gc(
             pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
@@ -370,7 +389,12 @@ class _CertificateSigningRequest(object):
 
     @property
     def signature(self):
-        return _asn1_string_to_bytes(self._backend, self._x509_req.signature)
+        sig = self._backend._ffi.new("ASN1_BIT_STRING **")
+        self._backend._lib.X509_REQ_get0_signature(
+            sig, self._backend._ffi.NULL, self._x509_req
+        )
+        self._backend.openssl_assert(sig[0] != self._backend._ffi.NULL)
+        return _asn1_string_to_bytes(self._backend, sig[0])
 
     @property
     def is_signature_valid(self):
author	Alex Gaynor <alex.gaynor@gmail.com>	2016-03-13 19:54:34 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-03-13 19:54:34 -0400
commit	76252fca16dccc2add21c985d4d9d883ed55f1c9 (patch)
tree	7db49af186a5fa9a2afe138f65070fe7b4389bea
parent	ed07bbb44fba8dc36b16c74a115ce58c0d63ade9 (diff)
parent	03200124da98b78edb2b31d96989bb35dbab6f8c (diff)
download	cryptography-76252fca16dccc2add21c985d4d9d883ed55f1c9.tar.gz cryptography-76252fca16dccc2add21c985d4d9d883ed55f1c9.tar.bz2 cryptography-76252fca16dccc2add21c985d4d9d883ed55f1c9.zip