Merge pull request #477 from alex/opaque-most-things

Make most things opaque
author: Hynek Schlawack <hs@ox.cx> 2016-06-02 12:06:05 -0700
committer: Hynek Schlawack <hs@ox.cx> 2016-06-02 12:06:05 -0700
commit: 02219d3e1c9843a3c050090caada0f14e7620688 (patch)
tree: 403a9cdd07d908d11d0956539aa9d5f173f5c5aa
parent: 0f11ab36e36073e4cfeb23d476c4e6940671a263 (diff)
parent: dfff8afd844ec993b5ec233b61b578cd69e36b77 (diff)
download: pyopenssl-02219d3e1c9843a3c050090caada0f14e7620688.tar.gz
1 files changed, 20 insertions, 19 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 964420c..7e05ca6 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -18,6 +18,7 @@ from OpenSSL._util import (
     native as _native,
     UNSPECIFIED as _UNSPECIFIED,
     text_to_bytes_and_warn as _text_to_bytes_and_warn,
+    make_assert as _make_assert,
 )
 
 FILETYPE_PEM = _lib.SSL_FILETYPE_PEM
@@ -37,6 +38,7 @@ class Error(Exception):
 
 
 _raise_current_error = partial(_exception_from_error_queue, Error)
+_openssl_assert = _make_assert(Error)
 
 
 def _untested_error(where):
@@ -1773,21 +1775,19 @@ class Revoked(object):
         """
         bio = _new_mem_buf()
 
-        result = _lib.i2a_ASN1_INTEGER(bio, self._revoked.serialNumber)
-        if result < 0:
-            # TODO: This is untested.
-            _raise_current_error()
-
+        asn1_int = _lib.X509_REVOKED_get0_serialNumber(self._revoked)
+        _openssl_assert(asn1_int != _ffi.NULL)
+        result = _lib.i2a_ASN1_INTEGER(bio, asn1_int)
+        _openssl_assert(result >= 0)
         return _bio_to_string(bio)
 
     def _delete_reason(self):
-        stack = self._revoked.extensions
-        for i in range(_lib.sk_X509_EXTENSION_num(stack)):
-            ext = _lib.sk_X509_EXTENSION_value(stack, i)
+        for i in range(_lib.X509_REVOKED_get_ext_count(self._revoked)):
+            ext = _lib.X509_REVOKED_get_ext(self._revoked, i)
             obj = _lib.X509_EXTENSION_get_object(ext)
             if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason:
                 _lib.X509_EXTENSION_free(ext)
-                _lib.sk_X509_EXTENSION_delete(stack, i)
+                _lib.sk_X509_EXTENSION_delete(self._revoked.extensions, i)
                 break
 
     def set_reason(self, reason):
@@ -1845,9 +1845,8 @@ class Revoked(object):
             :py:meth:`all_reasons`, which gives you a list of all supported
             reasons this method might return.
         """
-        extensions = self._revoked.extensions
-        for i in range(_lib.sk_X509_EXTENSION_num(extensions)):
-            ext = _lib.sk_X509_EXTENSION_value(extensions, i)
+        for i in range(_lib.X509_REVOKED_get_ext_count(self._revoked)):
+            ext = _lib.X509_REVOKED_get_ext(self._revoked, i)
             obj = _lib.X509_EXTENSION_get_object(ext)
             if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason:
                 bio = _new_mem_buf()
@@ -1883,7 +1882,8 @@ class Revoked(object):
         :type when: :py:class:`bytes`
         :return: :py:const:`None`
         """
-        return _set_asn1_time(self._revoked.revocationDate, when)
+        dt = _lib.X509_REVOKED_get0_revocationDate(self._revoked)
+        return _set_asn1_time(dt, when)
 
     def get_rev_date(self):
         """
@@ -1892,7 +1892,8 @@ class Revoked(object):
         :return: The timestamp of the revocation, as ASN.1 GENERALIZEDTIME.
         :rtype: :py:class:`bytes`
         """
-        return _get_asn1_time(self._revoked.revocationDate)
+        dt = _lib.X509_REVOKED_get0_revocationDate(self._revoked)
+        return _get_asn1_time(dt)
 
 
 class CRL(object):
@@ -1918,7 +1919,7 @@ class CRL(object):
         :rtype: :py:class:`tuple` of :py:class:`Revocation`
         """
         results = []
-        revoked_stack = self._crl.crl.revoked
+        revoked_stack = _lib.X509_CRL_get_REVOKED(self._crl)
         for i in range(_lib.sk_X509_REVOKED_num(revoked_stack)):
             revoked = _lib.sk_X509_REVOKED_value(revoked_stack, i)
             revoked_copy = _lib.Cryptography_X509_REVOKED_dup(revoked)
@@ -2560,8 +2561,8 @@ def sign(pkey, data, digest):
     if digest_obj == _ffi.NULL:
         raise ValueError("No such digest method")
 
-    md_ctx = _ffi.new("EVP_MD_CTX*")
-    md_ctx = _ffi.gc(md_ctx, _lib.EVP_MD_CTX_cleanup)
+    md_ctx = _lib.Cryptography_EVP_MD_CTX_new()
+    md_ctx = _ffi.gc(md_ctx, _lib.Cryptography_EVP_MD_CTX_free)
 
     _lib.EVP_SignInit(md_ctx, digest_obj)
     _lib.EVP_SignUpdate(md_ctx, data, len(data))
@@ -2602,8 +2603,8 @@ def verify(cert, signature, data, digest):
         _raise_current_error()
     pkey = _ffi.gc(pkey, _lib.EVP_PKEY_free)
 
-    md_ctx = _ffi.new("EVP_MD_CTX*")
-    md_ctx = _ffi.gc(md_ctx, _lib.EVP_MD_CTX_cleanup)
+    md_ctx = _lib.Cryptography_EVP_MD_CTX_new()
+    md_ctx = _ffi.gc(md_ctx, _lib.Cryptography_EVP_MD_CTX_free)
 
     _lib.EVP_VerifyInit(md_ctx, digest_obj)
     _lib.EVP_VerifyUpdate(md_ctx, data, len(data))
author	Hynek Schlawack <hs@ox.cx>	2016-06-02 12:06:05 -0700
committer	Hynek Schlawack <hs@ox.cx>	2016-06-02 12:06:05 -0700
commit	02219d3e1c9843a3c050090caada0f14e7620688 (patch)
tree	403a9cdd07d908d11d0956539aa9d5f173f5c5aa
parent	0f11ab36e36073e4cfeb23d476c4e6940671a263 (diff)
parent	dfff8afd844ec993b5ec233b61b578cd69e36b77 (diff)
download	pyopenssl-02219d3e1c9843a3c050090caada0f14e7620688.tar.gz