Bug 11693, ASN1_INTEGERs can now be larger than fits in an int, for example to support X509 certificates with large serial numbers, patch by Mikhail Vorozhtsov and testcase by Barry G.

git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@694 2715db39-9adf-0310-9c64-84f055769b4b

5 files changed, 148 insertions, 4 deletions

diff --git a/CHANGES b/CHANGES
index fb83855..8042a32 100644
--- a/CHANGES
+++ b/CHANGES
@@ -28,6 +28,9 @@
 - Added support for RSASSA-PSS signing and verifying, by Chris Collis
 - Added support for disabling padding when using RSA encryption,
   by Chris Collis
+- ASN1_INTEGERs can now be larger than fits in an int, for example to support
+  X509 certificates with large serial numbers, 
+  patch by Mikhail Vorozhtsov and testcase by Barry G.
 - Reverted a change done in 0.17 to m2urllib2 which changed urls to include
   host when it should stay as it was
 - httpslib no longer uses urllib; instead it uses urlparse for url parsing
diff --git a/SWIG/_asn1.i b/SWIG/_asn1.i
index b611638..ff2cb81 100644
--- a/SWIG/_asn1.i
+++ b/SWIG/_asn1.i
@@ -81,10 +81,6 @@ extern int ASN1_UTCTIME_print(BIO *, ASN1_UTCTIME *);
 extern ASN1_INTEGER *ASN1_INTEGER_new( void );
 %rename(asn1_integer_free) ASN1_INTEGER_free;
 extern void ASN1_INTEGER_free( ASN1_INTEGER *);
-%rename(asn1_integer_get) ASN1_INTEGER_get;
-extern long ASN1_INTEGER_get(ASN1_INTEGER *);
-%rename(asn1_integer_set) ASN1_INTEGER_set;
-extern int ASN1_INTEGER_set(ASN1_INTEGER *, long);
 %rename(asn1_integer_cmp) ASN1_INTEGER_cmp;
 extern int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *);
 
@@ -108,4 +104,98 @@ int asn1_utctime_type_check(ASN1_UTCTIME *ASN1_UTCTIME) {
     return 1;
 }
 
+PyObject *asn1_integer_get(ASN1_INTEGER *asn1) {
+    BIGNUM *bn;
+    PyObject *ret;
+    char *hex;
+
+    if (asn1->length <= (int) sizeof(long))
+        return PyInt_FromLong(ASN1_INTEGER_get(asn1));
+
+    bn = ASN1_INTEGER_to_BN(asn1, NULL);
+
+    if (!bn){
+        PyErr_SetString(
+          PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error()));
+        return NULL;
+    }
+
+    hex = BN_bn2hex(bn);
+
+    if (!hex){
+        PyErr_SetString(
+          PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error()));
+        BN_free(bn);
+        return NULL;
+    }
+
+    BN_free(bn);
+
+    ret = PyLong_FromString(hex, NULL, 16);
+
+    OPENSSL_free(hex);
+
+    return ret;
+}
+
+int asn1_integer_set(ASN1_INTEGER *asn1, PyObject *value) {
+    BIGNUM *bn = NULL;
+    PyObject *fmt, *args, *hex;
+
+    if (PyInt_Check(value))
+        return ASN1_INTEGER_set(asn1, PyInt_AS_LONG(value));
+
+    if (!PyLong_Check(value)){
+        PyErr_SetString(PyExc_TypeError, "expected int or long");
+        return 0;
+    }
+
+    fmt = PyString_FromString("%x");
+
+    if (!fmt)
+        return 0;
+
+    args = PyTuple_New(1);
+
+    if (!args){
+        Py_DECREF(fmt);
+        PyErr_SetString(PyExc_RuntimeError, "PyTuple_New() failed");
+        return 0;
+    }
+
+    Py_INCREF(value);
+    PyTuple_SET_ITEM(args, 0, value);
+    hex = PyString_Format(fmt, args);
+
+    if (!hex){
+        PyErr_SetString(PyExc_RuntimeError, "PyString_Format() failed");
+        Py_DECREF(fmt);
+        Py_DECREF(args);
+        return 0;
+    }
+
+    Py_DECREF(fmt);
+    Py_DECREF(args);
+
+    if (BN_hex2bn(&bn, PyString_AsString(hex)) <= 0){
+        PyErr_SetString(
+          PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error()));
+        Py_DECREF(hex);
+        return 0;
+    }
+
+    Py_DECREF(hex);
+
+    if (!BN_to_ASN1_INTEGER(bn, asn1)){
+        PyErr_SetString(
+          PyExc_RuntimeError, ERR_reason_error_string(ERR_get_error()));
+        BN_free(bn); 
+        return 0;
+    }
+
+    BN_free(bn);
+
+    return 1;
+}
+
 %}
diff --git a/tests/long_serial_cert.pem b/tests/long_serial_cert.pem
new file mode 100644
index 0000000..20ccac4
--- /dev/null
+++ b/tests/long_serial_cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAhmgAwIBAgIJAPR7mEmILgX6MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMDkwNjE5MTkzNjIyWhcNMDkwNzE5MTkzNjIyWjBF
+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDRb/jlXLidgXQGsOLoFbh4JAvC+BgufR7jn93KPybI0oo8VXFUqr2eFuLDcPiE
+gpWIMrLwq9f0US/M/yXQdsH08L2xe+aaiNl+j+o4VsPhXfnvFvAtFRs+JqCR3VfI
+vVePwov31+/28PmF1kOxr9SmSzvSPnN3SqSC0GDAmhWNYwIDAQABo4GnMIGkMB0G
+A1UdDgQWBBR3SQBG5X/vH18obsb2aaBxhU/+HjB1BgNVHSMEbjBsgBR3SQBG5X/v
+H18obsb2aaBxhU/+HqFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAPR7mEmI
+LgX6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAoyvUPgjkwPAgiqiU
+4cD1tZdcxIzkk22U02cTjJtAPnIYwqwwDpFltApvRbp8MNiPqXbBt0tchj/Ovu4D
+JiDTMaizVOZ+XmiC68uNTZ4nvEwHvVdKmudNVTZDdFr/a6BErAeTknlMCihN3v6M
+POx8a1iz8Y/wJ8YA74vMPORKlKc=
+-----END CERTIFICATE-----
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 49df9c4..aefe450 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -439,6 +439,15 @@ class X509TestCase(unittest.TestCase):
         self.assertRaises(X509.X509Error, X509.load_request_string, 'Hello')
         self.assertRaises(X509.X509Error, X509.load_request_der_string, 'Hello')
         self.assertRaises(X509.X509Error, X509.load_crl, 'tests/alltests.py')
+        
+    def test_long_serial(self):
+        from M2Crypto import X509
+        cert = X509.load_cert('tests/long_serial_cert.pem')
+        self.assertEquals(cert.get_serial_number(), 17616841808974579194)
+
+        cert = X509.load_cert('tests/thawte.pem')
+        self.assertEquals(cert.get_serial_number(), 127614157056681299805556476275995414779)
+
 
 class X509_StackTestCase(unittest.TestCase):
     
diff --git a/tests/thawte.pem b/tests/thawte.pem
new file mode 100644
index 0000000..34af29e
--- /dev/null
+++ b/tests/thawte.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----

+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB

+rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf

+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw

+MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV

+BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa

+Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl

+LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u

+MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl

+ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz

+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm

+gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8

+YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf

+b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9

+9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S

+zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk

+OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV

+HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA

+2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW

+oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu

+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c

+KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM

+m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu

+MdRAGmI0Nj81Aa6sY6A=

+-----END CERTIFICATE-----