From dce91f0b2923daf60a6fdfd811eb5b3d81ac7c88 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 23 Jul 2015 20:31:12 +0100 Subject: Support encoding KeyUsage into certificate signing requests --- src/_cffi_src/openssl/asn1.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py index 5f8ca697..96eff7d3 100644 --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py @@ -125,7 +125,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *, int, int); """ MACROS = """ +ASN1_BIT_STRING *ASN1_BIT_STRING_new(void); void ASN1_BIT_STRING_free(ASN1_BIT_STRING *); +int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *, unsigned char **); /* This is not a macro, but is const on some versions of OpenSSL */ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *, int); ASN1_TIME *M_ASN1_TIME_dup(void *); -- cgit v1.2.3 From 0b8f327f59b5a890f2d2ad9101391a0b818e186a Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 23 Jul 2015 21:46:21 +0100 Subject: Support encoding ExtendedKeyUsage into certificate signing requests --- src/_cffi_src/openssl/x509.py | 2 ++ src/_cffi_src/openssl/x509v3.py | 3 +++ 2 files changed, 5 insertions(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index 6bd117b0..bdcc1719 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -325,6 +325,8 @@ int i2o_ECPublicKey(EC_KEY *, unsigned char **); int sk_ASN1_OBJECT_num(Cryptography_STACK_OF_ASN1_OBJECT *); ASN1_OBJECT *sk_ASN1_OBJECT_value(Cryptography_STACK_OF_ASN1_OBJECT *, int); void sk_ASN1_OBJECT_free(Cryptography_STACK_OF_ASN1_OBJECT *); +Cryptography_STACK_OF_ASN1_OBJECT *sk_ASN1_OBJECT_new_null(void); +int sk_ASN1_OBJECT_push(Cryptography_STACK_OF_ASN1_OBJECT *, ASN1_OBJECT *); """ CUSTOMIZATIONS = """ diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py index 8e42b65d..148cd64b 100644 --- a/src/_cffi_src/openssl/x509v3.py +++ b/src/_cffi_src/openssl/x509v3.py @@ -33,6 +33,7 @@ typedef ... Cryptography_STACK_OF_POLICYQUALINFO; typedef ... Cryptography_STACK_OF_POLICYINFO; typedef ... Cryptography_STACK_OF_ASN1_INTEGER; typedef ... Cryptography_STACK_OF_GENERAL_SUBTREE; +typedef ... EXTENDED_KEY_USAGE; typedef struct { X509 *issuer_cert; @@ -200,6 +201,8 @@ void *X509V3_set_ctx_nodb(X509V3_CTX *); int i2d_GENERAL_NAMES(GENERAL_NAMES *, unsigned char **); +int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *, unsigned char **); + int sk_GENERAL_NAME_num(struct stack_st_GENERAL_NAME *); int sk_GENERAL_NAME_push(struct stack_st_GENERAL_NAME *, GENERAL_NAME *); GENERAL_NAME *sk_GENERAL_NAME_value(struct stack_st_GENERAL_NAME *, int); -- cgit v1.2.3 From a34c0e858d1d5d0cb8bfc550841f476d926dce1c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 24 Jul 2015 16:05:59 +0100 Subject: bindings for CRL encoding --- src/_cffi_src/openssl/x509v3.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py index 148cd64b..cb31ba1e 100644 --- a/src/_cffi_src/openssl/x509v3.py +++ b/src/_cffi_src/openssl/x509v3.py @@ -223,9 +223,11 @@ X509_EXTENSION *X509V3_EXT_conf_nid(Cryptography_LHASH_OF_CONF_VALUE *, const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *); const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int); +Cryptography_STACK_OF_DIST_POINT *sk_DIST_POINT_new_null(void); void sk_DIST_POINT_free(Cryptography_STACK_OF_DIST_POINT *); int sk_DIST_POINT_num(Cryptography_STACK_OF_DIST_POINT *); DIST_POINT *sk_DIST_POINT_value(Cryptography_STACK_OF_DIST_POINT *, int); +int sk_DIST_POINT_push(Cryptography_STACK_OF_DIST_POINT *, DIST_POINT *); void sk_POLICYINFO_free(Cryptography_STACK_OF_POLICYINFO *); int sk_POLICYINFO_num(Cryptography_STACK_OF_POLICYINFO *); @@ -249,6 +251,11 @@ int sk_ASN1_INTEGER_num(Cryptography_STACK_OF_ASN1_INTEGER *); ASN1_INTEGER *sk_ASN1_INTEGER_value(Cryptography_STACK_OF_ASN1_INTEGER *, int); X509_EXTENSION *X509V3_EXT_i2d(int, int, void *); + +DIST_POINT *DIST_POINT_new(void); +void DIST_POINT_free(DIST_POINT *); + +int i2d_CRL_DIST_POINTS(Cryptography_STACK_OF_DIST_POINT *, unsigned char **); """ CUSTOMIZATIONS = """ -- cgit v1.2.3 From eaac67b1bc25799102488f4a3338e9403ddde9d0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 24 Jul 2015 20:15:33 +0100 Subject: let's also add the binding to make a new GENERAL_SUBTREE stack --- src/_cffi_src/openssl/x509v3.py | 1 + 1 file changed, 1 insertion(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py index cb31ba1e..d0a57349 100644 --- a/src/_cffi_src/openssl/x509v3.py +++ b/src/_cffi_src/openssl/x509v3.py @@ -238,6 +238,7 @@ int sk_POLICYQUALINFO_num(Cryptography_STACK_OF_POLICYQUALINFO *); POLICYQUALINFO *sk_POLICYQUALINFO_value(Cryptography_STACK_OF_POLICYQUALINFO *, int); +Cryptography_STACK_OF_GENERAL_SUBTREE *sk_GENERAL_SUBTREE_new_null(void); void sk_GENERAL_SUBTREE_free(Cryptography_STACK_OF_GENERAL_SUBTREE *); int sk_GENERAL_SUBTREE_num(Cryptography_STACK_OF_GENERAL_SUBTREE *); GENERAL_SUBTREE *sk_GENERAL_SUBTREE_value( -- cgit v1.2.3 From 6608b7e98e6669404c981ad981c277767998f129 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 24 Jul 2015 21:52:17 +0100 Subject: remove windows link type, update docs --- src/_cffi_src/build_openssl.py | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index dac3e4d8..6a5bf2da 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -4,7 +4,6 @@ from __future__ import absolute_import, division, print_function -import os import sys from _cffi_src.utils import build_ffi_for_binding, extra_link_args @@ -19,20 +18,8 @@ def _get_openssl_libraries(platform): # (http://marc.info/?l=openssl-users&m=135361825921871) return ["ssl", "crypto"] else: - link_type = os.environ.get("PYCA_WINDOWS_LINK_TYPE", "static") - return _get_openssl_windows_libraries(link_type) - - -def _get_openssl_windows_libraries(link_type): - if link_type == "dynamic": - return ["libeay32", "ssleay32", "advapi32"] - elif link_type == "static" or link_type == "": - return ["libeay32mt", "ssleay32mt", "advapi32", + return ["libeay32", "ssleay32", "advapi32", "crypt32", "gdi32", "user32", "ws2_32"] - else: - raise ValueError( - "PYCA_WINDOWS_LINK_TYPE must be 'static' or 'dynamic'" - ) _OSX_PRE_INCLUDE = """ -- cgit v1.2.3 From 4e4a9ba524efe4963961c62c6da915a834ca185c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 25 Jul 2015 18:49:35 +0100 Subject: handle RSA key too small and consume errors on CSR signature failure --- src/_cffi_src/openssl/err.py | 1 + 1 file changed, 1 insertion(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index eebf19ba..73ce4e3c 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -230,6 +230,7 @@ static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY; static const int RSA_R_BLOCK_TYPE_IS_NOT_01; static const int RSA_R_BLOCK_TYPE_IS_NOT_02; static const int RSA_R_PKCS_DECODING_ERROR; +static const int RSA_F_RSA_SIGN; """ FUNCTIONS = """ -- cgit v1.2.3 From b314a2359f9a6eb06afd5125f1176de30f1ef0fc Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 26 Jul 2015 22:30:12 +0100 Subject: add many bindings we'll need to encode a certificate policies extension --- src/_cffi_src/openssl/x509v3.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py index d0a57349..a61ad321 100644 --- a/src/_cffi_src/openssl/x509v3.py +++ b/src/_cffi_src/openssl/x509v3.py @@ -232,11 +232,31 @@ int sk_DIST_POINT_push(Cryptography_STACK_OF_DIST_POINT *, DIST_POINT *); void sk_POLICYINFO_free(Cryptography_STACK_OF_POLICYINFO *); int sk_POLICYINFO_num(Cryptography_STACK_OF_POLICYINFO *); POLICYINFO *sk_POLICYINFO_value(Cryptography_STACK_OF_POLICYINFO *, int); +int sk_POLICYINFO_push(Cryptography_STACK_OF_POLICYINFO *, POLICYINFO *); +Cryptography_STACK_OF_POLICYINFO *sk_POLICYINFO_new_null(void); + +POLICYINFO *POLICYINFO_new(void); +void POLICYINFO_free(POLICYINFO *); + +POLICYQUALINFO *POLICYQUALINFO_new(void); +void POLICYQUALINFO_free(POLICYQUALINFO *); + +NOTICEREF *NOTICEREF_new(void); +void NOTICEREF_free(NOTICEREF *); + +USERNOTICE *USERNOTICE_new(void); +void USERNOTICE_free(USERNOTICE *); + +int i2d_CERTIFICATEPOLICIES(Cryptography_STACK_OF_POLICYINFO *, + unsigned char **); void sk_POLICYQUALINFO_free(Cryptography_STACK_OF_POLICYQUALINFO *); int sk_POLICYQUALINFO_num(Cryptography_STACK_OF_POLICYQUALINFO *); POLICYQUALINFO *sk_POLICYQUALINFO_value(Cryptography_STACK_OF_POLICYQUALINFO *, int); +int sk_POLICYQUALINFO_push(Cryptography_STACK_OF_POLICYQUALINFO *, + POLICYQUALINFO *); +Cryptography_STACK_OF_POLICYQUALINFO *sk_POLICYQUALINFO_new_null(void); Cryptography_STACK_OF_GENERAL_SUBTREE *sk_GENERAL_SUBTREE_new_null(void); void sk_GENERAL_SUBTREE_free(Cryptography_STACK_OF_GENERAL_SUBTREE *); @@ -250,6 +270,7 @@ int sk_GENERAL_SUBTREE_push(Cryptography_STACK_OF_GENERAL_SUBTREE *, void sk_ASN1_INTEGER_free(Cryptography_STACK_OF_ASN1_INTEGER *); int sk_ASN1_INTEGER_num(Cryptography_STACK_OF_ASN1_INTEGER *); ASN1_INTEGER *sk_ASN1_INTEGER_value(Cryptography_STACK_OF_ASN1_INTEGER *, int); +int sk_ASN1_INTEGER_push(Cryptography_STACK_OF_ASN1_INTEGER *, ASN1_INTEGER *); X509_EXTENSION *X509V3_EXT_i2d(int, int, void *); -- cgit v1.2.3