diff options
author | Heikki Toivonen <heikki@heikkitoivonen.net> | 2009-07-24 05:31:24 +0000 |
---|---|---|
committer | Heikki Toivonen <heikki@heikkitoivonen.net> | 2009-07-24 05:31:24 +0000 |
commit | d92ab90ea7b68de46360b4466ca9d5e83dd4f910 (patch) | |
tree | 72f0bf13efc3c5e6eb756a612928e88cc06c92c9 | |
parent | ef624f253c52e8d81e7f6766fec19dac6c7d5d0e (diff) | |
download | m2crypto-d92ab90ea7b68de46360b4466ca9d5e83dd4f910.tar.gz |
Bug 11693, ASN1_INTEGERs can now be larger than fits in an int, for example to support X509 certificates with large serial numbers, patch by Mikhail Vorozhtsov and testcase by Barry G.
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@694 2715db39-9adf-0310-9c64-84f055769b4b
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | SWIG/_asn1.i | 98 | ||||
-rw-r--r-- | tests/long_serial_cert.pem | 17 | ||||
-rw-r--r-- | tests/test_x509.py | 9 | ||||
-rw-r--r-- | tests/thawte.pem | 25 |
5 files changed, 148 insertions, 4 deletions
@@ -28,6 +28,9 @@ - Added support for RSASSA-PSS signing and verifying, by Chris Collis - Added support for disabling padding when using RSA encryption, by Chris Collis +- ASN1_INTEGERs can now be larger than fits in an int, for example to support + X509 certificates with large serial numbers, + patch by Mikhail Vorozhtsov and testcase by Barry G. - Reverted a change done in 0.17 to m2urllib2 which changed urls to include host when it should stay as it was - httpslib no longer uses urllib; instead it uses urlparse for url parsing diff --git a/SWIG/_asn1.i b/SWIG/_asn1.i index b611638..ff2cb81 100644 --- a/SWIG/_asn1.i +++ b/SWIG/_asn1.i @@ -81,10 +81,6 @@ extern int ASN1_UTCTIME_print(BIO *, ASN1_UTCTIME *); extern ASN1_INTEGER *ASN1_INTEGER_new( void ); %rename(asn1_integer_free) ASN1_INTEGER_free; extern void ASN1_INTEGER_free( ASN1_INTEGER *); -%rename(asn1_integer_get) ASN1_INTEGER_get; -extern long ASN1_INTEGER_get(ASN1_INTEGER *); -%rename(asn1_integer_set) ASN1_INTEGER_set; -extern int ASN1_INTEGER_set(ASN1_INTEGER *, long); %rename(asn1_integer_cmp) ASN1_INTEGER_cmp; extern int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *); @@ -108,4 +104,98 @@ int asn1_utctime_type_check(ASN1_UTCTIME *ASN1_UTCTIME) { return 1; } +PyObject *asn1_integer_get(ASN1_INTEGER *asn1) { + BIGNUM *bn; + PyObject *ret; + char *hex; + + if (asn1->length <= (int) sizeof(long)) + return PyInt_FromLong(ASN1_INTEGER_get(asn1)); + + bn = ASN1_INTEGER_to_BN(asn1, NULL); + + if (!bn){ + PyErr_SetString( + PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error())); + return NULL; + } + + hex = BN_bn2hex(bn); + + if (!hex){ + PyErr_SetString( + PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error())); + BN_free(bn); + return NULL; + } + + BN_free(bn); + + ret = PyLong_FromString(hex, NULL, 16); + + OPENSSL_free(hex); + + return ret; +} + +int asn1_integer_set(ASN1_INTEGER *asn1, PyObject *value) { + BIGNUM *bn = NULL; + PyObject *fmt, *args, *hex; + + if (PyInt_Check(value)) + return ASN1_INTEGER_set(asn1, PyInt_AS_LONG(value)); + + if (!PyLong_Check(value)){ + PyErr_SetString(PyExc_TypeError, "expected int or long"); + return 0; + } + + fmt = PyString_FromString("%x"); + + if (!fmt) + return 0; + + args = PyTuple_New(1); + + if (!args){ + Py_DECREF(fmt); + PyErr_SetString(PyExc_RuntimeError, "PyTuple_New() failed"); + return 0; + } + + Py_INCREF(value); + PyTuple_SET_ITEM(args, 0, value); + hex = PyString_Format(fmt, args); + + if (!hex){ + PyErr_SetString(PyExc_RuntimeError, "PyString_Format() failed"); + Py_DECREF(fmt); + Py_DECREF(args); + return 0; + } + + Py_DECREF(fmt); + Py_DECREF(args); + + if (BN_hex2bn(&bn, PyString_AsString(hex)) <= 0){ + PyErr_SetString( + PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error())); + Py_DECREF(hex); + return 0; + } + + Py_DECREF(hex); + + if (!BN_to_ASN1_INTEGER(bn, asn1)){ + PyErr_SetString( + PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error())); + BN_free(bn); + return 0; + } + + BN_free(bn); + + return 1; +} + %} diff --git a/tests/long_serial_cert.pem b/tests/long_serial_cert.pem new file mode 100644 index 0000000..20ccac4 --- /dev/null +++ b/tests/long_serial_cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAhmgAwIBAgIJAPR7mEmILgX6MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMDkwNjE5MTkzNjIyWhcNMDkwNzE5MTkzNjIyWjBF +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDRb/jlXLidgXQGsOLoFbh4JAvC+BgufR7jn93KPybI0oo8VXFUqr2eFuLDcPiE +gpWIMrLwq9f0US/M/yXQdsH08L2xe+aaiNl+j+o4VsPhXfnvFvAtFRs+JqCR3VfI +vVePwov31+/28PmF1kOxr9SmSzvSPnN3SqSC0GDAmhWNYwIDAQABo4GnMIGkMB0G +A1UdDgQWBBR3SQBG5X/vH18obsb2aaBxhU/+HjB1BgNVHSMEbjBsgBR3SQBG5X/v +H18obsb2aaBxhU/+HqFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt +U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAPR7mEmI +LgX6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAoyvUPgjkwPAgiqiU +4cD1tZdcxIzkk22U02cTjJtAPnIYwqwwDpFltApvRbp8MNiPqXbBt0tchj/Ovu4D +JiDTMaizVOZ+XmiC68uNTZ4nvEwHvVdKmudNVTZDdFr/a6BErAeTknlMCihN3v6M +POx8a1iz8Y/wJ8YA74vMPORKlKc= +-----END CERTIFICATE----- diff --git a/tests/test_x509.py b/tests/test_x509.py index 49df9c4..aefe450 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -439,6 +439,15 @@ class X509TestCase(unittest.TestCase): self.assertRaises(X509.X509Error, X509.load_request_string, 'Hello') self.assertRaises(X509.X509Error, X509.load_request_der_string, 'Hello') self.assertRaises(X509.X509Error, X509.load_crl, 'tests/alltests.py') + + def test_long_serial(self): + from M2Crypto import X509 + cert = X509.load_cert('tests/long_serial_cert.pem') + self.assertEquals(cert.get_serial_number(), 17616841808974579194) + + cert = X509.load_cert('tests/thawte.pem') + self.assertEquals(cert.get_serial_number(), 127614157056681299805556476275995414779) + class X509_StackTestCase(unittest.TestCase): diff --git a/tests/thawte.pem b/tests/thawte.pem new file mode 100644 index 0000000..34af29e --- /dev/null +++ b/tests/thawte.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB
+rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
+BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa
+Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
+LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
+MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm
+gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
+YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
+b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
+9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
+zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
+OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA
+2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW
+oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c
+KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
+m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
+MdRAGmI0Nj81Aa6sY6A=
+-----END CERTIFICATE-----
|