Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/python/pyopenssl/patches/3_add_if.patch
changeset 7579 8b703bbe2bba
parent 7578 0d6f61408e89
child 7580 d8438d87f127 
--- a/components/python/pyopenssl/patches/3_add_if.patch	Sat Jan 14 13:51:41 2017 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,316 +0,0 @@
-#
-# This patch adds a few more interfaces to OpenSSL functions required for IPS.
-# The additional interfaces are:
-#     pyOpenSSL                     -> OpenSSL
-#      crypto.CRL.verify()              X509_CRL_verify()
-#      crypto.CRL.get_issuer()          X509_CRL_get_issuer()
-#      crypto.CRL.get_next_update()     X509_CRL_get_nextUpdate()
-#      crypto.X509.verify()             X509_verify()
-#      crypto.X509.check_ca()           X509_check_ca()
-#
-# The patch also adds test cases to the pyOpenSSL test suite for the added
-# functions.
-#
---- pyOpenSSL-0.13/OpenSSL/crypto/crl.c	2013-08-26 15:04:14.949389722 -0700
-+++ pyOpenSSL-0.13/OpenSSL/crypto/crl.c	2013-08-26 15:05:00.183031221 -0700
-@@ -180,6 +180,84 @@
-     return buffer;
- }
- 
-+static char crypto_CRL_verify_doc[] = "\n\
-+Verifies the CRL using the supplied public key\n\
-+\n\
-+@param key: a public key\n\
-+@type key: L{PKey}\n\
-+@return: True if the signature is correct.\n\
-+@raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\
-+    problem verifying the signature.\n\
-+";
-+
-+PyObject *
-+crypto_CRL_verify(crypto_CRLObj *self, PyObject *args)
-+{
-+    PyObject *obj;
-+    crypto_PKeyObj *key;
-+    int answer;
-+
-+    if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj)) {
-+        return NULL;
-+    }
-+
-+    key = (crypto_PKeyObj *)obj;
-+
-+    if ((answer = X509_CRL_verify(self->crl, key->pkey)) <= 0) {
-+        exception_from_error_queue(crypto_Error);
-+        return NULL;
-+    }
-+
-+    return PyLong_FromLong(answer);
-+}
-+
-+static char crypto_CRL_get_issuer_doc[] = "\n\
-+Create an X509Name object for the issuer of the certificate\n\
-+\n\
-+@return: An X509Name object\n\
-+";
-+
-+static PyObject *
-+crypto_CRL_get_issuer(crypto_CRLObj *self, PyObject *args)
-+{
-+    crypto_X509NameObj *pyname;
-+    X509_NAME *name;
-+
-+    if (!PyArg_ParseTuple(args, ":get_issuer"))
-+        return NULL;
-+
-+    name = X509_CRL_get_issuer(self->crl);
-+    pyname = crypto_X509Name_New(name, 0);
-+    if (pyname != NULL)
-+    {
-+        pyname->parent_cert = (PyObject *)self;
-+        Py_INCREF(self);
-+    }
-+    return (PyObject *)pyname;
-+}
-+
-+static char crypto_CRL_get_nextUpdate_doc[] = "\n\
-+Retrieve the time stamp for when the CRL gets its next update\n\
-+\n\
-+@return: A string giving the timestamp, in the format:\n\
-+\n\
-+                 YYYYMMDDhhmmssZ\n\
-+                 YYYYMMDDhhmmss+hhmm\n\
-+                 YYYYMMDDhhmmss-hhmm\n\
-+           or None if there is no value set.\n\
-+";
-+
-+static PyObject*
-+crypto_CRL_get_nextUpdate(crypto_CRLObj *self, PyObject *args)
-+{
-+	/*
-+	 * X509_CRL_get_nextUpdate returns a borrowed reference.
-+	 */
-+	return _get_asn1_time(
-+		":get_nextUpdate", X509_CRL_get_nextUpdate(self->crl), args);
-+}
-+
-+
- crypto_CRLObj *
- crypto_CRL_New(X509_CRL *crl) {
-     crypto_CRLObj *self;
-@@ -205,6 +283,9 @@
-     ADD_KW_METHOD(add_revoked),
-     ADD_METHOD(get_revoked),
-     ADD_KW_METHOD(export),
-+    ADD_KW_METHOD(verify),
-+    ADD_KW_METHOD(get_issuer),
-+    ADD_KW_METHOD(get_nextUpdate),
-     { NULL, NULL }
- };
- #undef ADD_METHOD
---- pyOpenSSL-0.13/OpenSSL/crypto/x509.c	2013-08-26 15:04:14.943271276 -0700
-+++ pyOpenSSL-0.13/OpenSSL/crypto/x509.c	2013-08-26 15:05:00.183501160 -0700
-@@ -761,6 +761,57 @@
-     return (PyObject*)extobj;
- }
- 
-+static char crypto_X509_verify_doc[] = "\n\
-+Verifies the certificate using the supplied public key\n\
-+\n\
-+@param key: a public key\n\
-+@type key: L{PKey}\n\
-+@return: True if the signature is correct.\n\
-+@raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\
-+    problem verifying the signature.\n\
-+";
-+
-+PyObject *
-+crypto_X509_verify(crypto_X509Obj *self, PyObject *args)
-+{
-+    PyObject *obj;
-+    crypto_PKeyObj *key;
-+    int answer;
-+
-+    if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj)) {
-+        return NULL;
-+    }
-+
-+    key = (crypto_PKeyObj *)obj;
-+
-+    if ((answer = X509_verify(self->x509, key->pkey)) <= 0) {
-+        exception_from_error_queue(crypto_Error);
-+        return NULL;
-+    }
-+
-+    return PyLong_FromLong(answer);
-+}
-+
-+
-+static char crypto_X509_check_ca_doc[] = "\n\
-+Checks if the certificate is a CA\n\
-+\n\
-+@return: 0 if not a CA, >0 if a CA\n\
-+";
-+
-+PyObject *
-+crypto_X509_check_ca(crypto_X509Obj *self, PyObject *args)
-+{
-+    int answer;
-+
-+    if (!PyArg_ParseTuple(args, ":check_ca"))
-+        return NULL;
-+
-+    answer = X509_check_ca(self->x509);
-+
-+    return PyLong_FromLong(answer);
-+}
-+
- /*
-  * ADD_METHOD(name) expands to a correct PyMethodDef declaration
-  *   {  'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
-@@ -794,6 +845,8 @@
-     ADD_METHOD(add_extensions),
-     ADD_METHOD(get_extension),
-     ADD_METHOD(get_extension_count),
-+    ADD_METHOD(verify),
-+    ADD_METHOD(check_ca),
-     { NULL, NULL }
- };
- #undef ADD_METHOD
---- pyOpenSSL-0.13/OpenSSL/test/test_crypto.py	2013-08-26 15:04:14.951459483 -0700
-+++ pyOpenSSL-0.13/OpenSSL/test/test_crypto.py	2013-08-26 15:14:40.335995703 -0700
-@@ -1090,6 +1090,18 @@
- WpOdIpB8KksUTCzV591Nr1wd
- -----END CERTIFICATE-----
-     """
-+    def setUp(self):
-+        # create new CA
-+        self.ca_key = PKey()
-+        self.ca_key.generate_key(TYPE_RSA, 384)
-+     
-+        self.ca = X509()
-+        self.ca.get_subject().commonName = "Yoda root CA"
-+        self.ca.set_issuer(self.ca.get_subject())
-+        self.ca.set_pubkey(self.ca_key)
-+        self.ca.sign(self.ca_key, "sha1")
-+
-+
-     def signable(self):
-         """
-         Create and return a new L{X509}.
-@@ -1620,6 +1632,51 @@
-         self.assertRaises(ValueError, cert.get_signature_algorithm)
- 
- 
-+    def test_key_verify(self):
-+        """
-+        L{X509.verify} succeeds when passed a valid CA key, raises
-+        L{OpenSSL.crypto.Error} otherwise.
-+        """
-+        key = PKey()
-+        key.generate_key(TYPE_RSA, 384)
-+        req = X509Req()
-+        req.get_subject().commonName = "Master Luke"
-+        req.set_pubkey(key)
-+        req.sign(key, "sha1")
-+        cert = X509()
-+        cert.set_subject(req.get_subject())
-+        cert.set_pubkey(key)
-+        cert.set_issuer(self.ca.get_subject())
-+        cert.sign(self.ca_key, "sha1")
-+
-+        self.assertTrue(cert.verify(self.ca_key))
-+        self.assertRaises(Error, cert.verify, key)
-+
-+
-+    def test_is_ca(self):
-+        """
-+        L{X509.check_ca} returns a value >0 if certificate is a CA, returns 0 
-+        if not.
-+        """
-+        res = self.ca.check_ca()
-+        self.assertTrue(res > 0)
-+
-+        # Try with a non-ca cert
-+        key = PKey()
-+        key.generate_key(TYPE_RSA, 384)
-+        req = X509Req()
-+        req.get_subject().commonName = "Master Luke"
-+        req.set_pubkey(key)
-+        req.sign(key, "sha1")
-+        cert = X509()
-+        cert.set_subject(req.get_subject())
-+        cert.set_pubkey(key)
-+        cert.set_issuer(self.ca.get_subject())
-+        cert.sign(self.ca_key, "sha1")
-+        res = cert.check_ca()
-+        self.assertEqual(res, 0)
-+
-+
- 
- class PKCS12Tests(TestCase):
-     """
-@@ -2521,6 +2578,18 @@
-     cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
-     pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
- 
-+    def setUp(self):
-+        # create new CA
-+        self.ca_key = PKey()
-+        self.ca_key.generate_key(TYPE_RSA, 384)
-+     
-+        self.ca = X509()
-+        self.ca.get_subject().commonName = "Yoda root CA"
-+        self.ca.set_issuer(self.ca.get_subject())
-+        self.ca.set_pubkey(self.ca_key)
-+        self.ca.sign(self.ca_key, "sha1")
-+
-+
-     def test_construction(self):
-         """
-         Confirm we can create L{OpenSSL.crypto.CRL}.  Check
-@@ -2712,6 +2781,44 @@
-         self.assertRaises(Error, load_crl, FILETYPE_PEM, "hello, world")
- 
- 
-+    def test_crl_verify(self):
-+        """
-+        Test that L{OpenSSL.CRL.verify} correctly verifies CRL with the
-+        pubkey of the issuing CA, raises L{OpenSSL.crypto.Error} in case of
-+        bogus key.
-+        """
-+        s = CRL().export(self.ca, self.ca_key)
-+        crl = load_crl(FILETYPE_PEM, s)
-+        res = crl.verify(self.ca_key)
-+        self.assertTrue(res)
-+
-+        boguskey = PKey()
-+        boguskey.generate_key(TYPE_RSA, 384)
-+        self.assertRaises(Error, crl.verify, boguskey)
-+
-+
-+    def test_crl_get_issuer(self):
-+        """
-+        Test that L{OpenSSL.CRL.get_issuer} returns a L{OpenSSL.X509Name} object
-+        with the correct issuer information.
-+         """
-+        s = CRL().export(self.ca, self.ca_key)
-+        crl = load_crl(FILETYPE_PEM, s)
-+        issuer = crl.get_issuer()
-+        self.assertTrue(isinstance(issuer, X509Name))
-+        self.assertTrue(issuer.commonName == self.ca.get_subject().commonName)
-+
-+
-+    def test_crl_get_nextUpdate(self):
-+        """
-+        Test that L{OpenSSL.CRL.get_nextUpdate} returns the correct date and
-+        time of next update.
-+         """
-+        crl = load_crl(FILETYPE_PEM, crlData)
-+        self.assertEqual(crl.get_nextUpdate(), "20120927024152Z")
-+
-+
-+
- class SignVerifyTests(TestCase):
-     """
-     Tests for L{OpenSSL.crypto.sign} and L{OpenSSL.crypto.verify}.
upstream/oracle/userland-gate