diff options
| author | Chellygel <chelsea.winfree@gmail.com> | 2015-03-23 18:33:53 -0500 |
|---|---|---|
| committer | Chellygel <chelsea.winfree@gmail.com> | 2015-03-23 18:33:53 -0500 |
| commit | 646a24fbd2c42a81b95ba9543d7b0790ac6d1c1d (patch) | |
| tree | 0c63f931dd5d9d6b84d0143322b4b687a43d8b2e | |
| parent | 80fa2a291ef391e7c52d035e444af85877789c15 (diff) | |
| download | cryptography-646a24fbd2c42a81b95ba9543d7b0790ac6d1c1d.tar.gz cryptography-646a24fbd2c42a81b95ba9543d7b0790ac6d1c1d.tar.bz2 cryptography-646a24fbd2c42a81b95ba9543d7b0790ac6d1c1d.zip | |
Moved OpenSSL engine into standalone c and h files
References #1301
| -rw-r--r-- | MANIFEST.in | 1 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/osrandom_engine.py | 198 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.c | 167 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.h | 6 |
4 files changed, 184 insertions, 188 deletions
diff --git a/MANIFEST.in b/MANIFEST.in index b7e6559f..8dbd0dc2 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -8,6 +8,7 @@ include README.rst recursive-include docs * recursive-include src/cryptography/hazmat/primitives/src *.c *.h +recursive-include src/cryptography/hazmat/bindings/openssl/src *.c *.h prune docs/_build recursive-include tests *.py recursive-exclude vectors * diff --git a/src/cryptography/hazmat/bindings/openssl/osrandom_engine.py b/src/cryptography/hazmat/bindings/openssl/osrandom_engine.py index 1b6c88ab..5970d326 100644 --- a/src/cryptography/hazmat/bindings/openssl/osrandom_engine.py +++ b/src/cryptography/hazmat/bindings/openssl/osrandom_engine.py @@ -4,14 +4,12 @@ from __future__ import absolute_import, division, print_function -INCLUDES = """ -#ifdef _WIN32 -#include <Wincrypt.h> -#else -#include <fcntl.h> -#include <unistd.h> -#endif -""" +import os + +with open(os.path.join( + os.path.dirname(__file__), "src/osrandom_engine.h") +) as f: + INCLUDES = f.read() TYPES = """ static const char *const Cryptography_osrandom_engine_name; @@ -25,185 +23,9 @@ int Cryptography_add_osrandom_engine(void); MACROS = """ """ -WIN32_CUSTOMIZATIONS = """ -static HCRYPTPROV hCryptProv = 0; - -static int osrandom_init(ENGINE *e) { - if (hCryptProv > 0) { - return 1; - } - if (CryptAcquireContext(&hCryptProv, NULL, NULL, - PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - return 1; - } else { - return 0; - } -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - if (hCryptProv == 0) { - return 0; - } - - if (!CryptGenRandom(hCryptProv, (DWORD)size, buffer)) { - ERR_put_error( - ERR_LIB_RAND, 0, ERR_R_RAND_LIB, "osrandom_engine.py", 0 - ); - return 0; - } - return 1; -} - -static int osrandom_finish(ENGINE *e) { - if (CryptReleaseContext(hCryptProv, 0)) { - hCryptProv = 0; - return 1; - } else { - return 0; - } -} - -static int osrandom_rand_status(void) { - if (hCryptProv == 0) { - return 0; - } else { - return 1; - } -} -""" - -POSIX_CUSTOMIZATIONS = """ -static int urandom_fd = -1; - -static int osrandom_finish(ENGINE *e); - -static int osrandom_init(ENGINE *e) { - if (urandom_fd > -1) { - return 1; - } - urandom_fd = open("/dev/urandom", O_RDONLY); - if (urandom_fd > -1) { - int flags = fcntl(urandom_fd, F_GETFD); - if (flags == -1) { - osrandom_finish(e); - return 0; - } else if (fcntl(urandom_fd, F_SETFD, flags | FD_CLOEXEC) == -1) { - osrandom_finish(e); - return 0; - } - return 1; - } else { - return 0; - } -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - ssize_t n; - while (size > 0) { - do { - n = read(urandom_fd, buffer, (size_t)size); - } while (n < 0 && errno == EINTR); - if (n <= 0) { - ERR_put_error( - ERR_LIB_RAND, 0, ERR_R_RAND_LIB, "osrandom_engine.py", 0 - ); - return 0; - } - buffer += n; - size -= n; - } - return 1; -} - -static int osrandom_finish(ENGINE *e) { - int n; - do { - n = close(urandom_fd); - } while (n < 0 && errno == EINTR); - urandom_fd = -1; - if (n < 0) { - return 0; - } else { - return 1; - } -} - -static int osrandom_rand_status(void) { - if (urandom_fd == -1) { - return 0; - } else { - return 1; - } -} -""" - -CUSTOMIZATIONS = """ -static const char *Cryptography_osrandom_engine_id = "osrandom"; -static const char *Cryptography_osrandom_engine_name = "osrandom_engine"; - -#if defined(_WIN32) -%(WIN32_CUSTOMIZATIONS)s -#else -%(POSIX_CUSTOMIZATIONS)s -#endif - -/* This replicates the behavior of the OpenSSL FIPS RNG, which returns a - -1 in the event that there is an error when calling RAND_pseudo_bytes. */ -static int osrandom_pseudo_rand_bytes(unsigned char *buffer, int size) { - int res = osrandom_rand_bytes(buffer, size); - if (res == 0) { - return -1; - } else { - return res; - } -} - -static RAND_METHOD osrandom_rand = { - NULL, - osrandom_rand_bytes, - NULL, - NULL, - osrandom_pseudo_rand_bytes, - osrandom_rand_status, -}; - -/* Returns 1 if successfully added, 2 if engine has previously been added, - and 0 for error. */ -int Cryptography_add_osrandom_engine(void) { - ENGINE *e; - e = ENGINE_by_id(Cryptography_osrandom_engine_id); - if (e != NULL) { - ENGINE_free(e); - return 2; - } else { - ERR_clear_error(); - } - - e = ENGINE_new(); - if (e == NULL) { - return 0; - } - if(!ENGINE_set_id(e, Cryptography_osrandom_engine_id) || - !ENGINE_set_name(e, Cryptography_osrandom_engine_name) || - !ENGINE_set_RAND(e, &osrandom_rand) || - !ENGINE_set_init_function(e, osrandom_init) || - !ENGINE_set_finish_function(e, osrandom_finish)) { - ENGINE_free(e); - return 0; - } - if (!ENGINE_add(e)) { - ENGINE_free(e); - return 0; - } - if (!ENGINE_free(e)) { - return 0; - } - - return 1; -} -""" % { - "WIN32_CUSTOMIZATIONS": WIN32_CUSTOMIZATIONS, - "POSIX_CUSTOMIZATIONS": POSIX_CUSTOMIZATIONS, -} +with open(os.path.join( + os.path.dirname(__file__), "src/osrandom_engine.c") +) as f: + CUSTOMIZATIONS = f.read() CONDITIONAL_NAMES = {} diff --git a/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.c b/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.c new file mode 100644 index 00000000..1219622e --- /dev/null +++ b/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.c @@ -0,0 +1,167 @@ +static const char *Cryptography_osrandom_engine_id = "osrandom"; +static const char *Cryptography_osrandom_engine_name = "osrandom_engine"; + +#if defined(_WIN32) +static HCRYPTPROV hCryptProv = 0; + +static int osrandom_init(ENGINE *e) { + if (hCryptProv > 0) { + return 1; + } + if (CryptAcquireContext(&hCryptProv, NULL, NULL, + PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { + return 1; + } else { + return 0; + } +} + +static int osrandom_rand_bytes(unsigned char *buffer, int size) { + if (hCryptProv == 0) { + return 0; + } + + if (!CryptGenRandom(hCryptProv, (DWORD)size, buffer)) { + ERR_put_error( + ERR_LIB_RAND, 0, ERR_R_RAND_LIB, "osrandom_engine.py", 0 + ); + return 0; + } + return 1; +} + +static int osrandom_finish(ENGINE *e) { + if (CryptReleaseContext(hCryptProv, 0)) { + hCryptProv = 0; + return 1; + } else { + return 0; + } +} + +static int osrandom_rand_status(void) { + if (hCryptProv == 0) { + return 0; + } else { + return 1; + } +} +#else +static int urandom_fd = -1; + +static int osrandom_finish(ENGINE *e); + +static int osrandom_init(ENGINE *e) { + if (urandom_fd > -1) { + return 1; + } + urandom_fd = open("/dev/urandom", O_RDONLY); + if (urandom_fd > -1) { + int flags = fcntl(urandom_fd, F_GETFD); + if (flags == -1) { + osrandom_finish(e); + return 0; + } else if (fcntl(urandom_fd, F_SETFD, flags | FD_CLOEXEC) == -1) { + osrandom_finish(e); + return 0; + } + return 1; + } else { + return 0; + } +} + +static int osrandom_rand_bytes(unsigned char *buffer, int size) { + ssize_t n; + while (size > 0) { + do { + n = read(urandom_fd, buffer, (size_t)size); + } while (n < 0 && errno == EINTR); + if (n <= 0) { + ERR_put_error( + ERR_LIB_RAND, 0, ERR_R_RAND_LIB, "osrandom_engine.py", 0 + ); + return 0; + } + buffer += n; + size -= n; + } + return 1; +} + +static int osrandom_finish(ENGINE *e) { + int n; + do { + n = close(urandom_fd); + } while (n < 0 && errno == EINTR); + urandom_fd = -1; + if (n < 0) { + return 0; + } else { + return 1; + } +} + +static int osrandom_rand_status(void) { + if (urandom_fd == -1) { + return 0; + } else { + return 1; + } +} +#endif + +/* This replicates the behavior of the OpenSSL FIPS RNG, which returns a + -1 in the event that there is an error when calling RAND_pseudo_bytes. */ +static int osrandom_pseudo_rand_bytes(unsigned char *buffer, int size) { + int res = osrandom_rand_bytes(buffer, size); + if (res == 0) { + return -1; + } else { + return res; + } +} + +static RAND_METHOD osrandom_rand = { + NULL, + osrandom_rand_bytes, + NULL, + NULL, + osrandom_pseudo_rand_bytes, + osrandom_rand_status, +}; + +/* Returns 1 if successfully added, 2 if engine has previously been added, + and 0 for error. */ +int Cryptography_add_osrandom_engine(void) { + ENGINE *e; + e = ENGINE_by_id(Cryptography_osrandom_engine_id); + if (e != NULL) { + ENGINE_free(e); + return 2; + } else { + ERR_clear_error(); + } + + e = ENGINE_new(); + if (e == NULL) { + return 0; + } + if(!ENGINE_set_id(e, Cryptography_osrandom_engine_id) || + !ENGINE_set_name(e, Cryptography_osrandom_engine_name) || + !ENGINE_set_RAND(e, &osrandom_rand) || + !ENGINE_set_init_function(e, osrandom_init) || + !ENGINE_set_finish_function(e, osrandom_finish)) { + ENGINE_free(e); + return 0; + } + if (!ENGINE_add(e)) { + ENGINE_free(e); + return 0; + } + if (!ENGINE_free(e)) { + return 0; + } + + return 1; +}
\ No newline at end of file diff --git a/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.h b/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.h new file mode 100644 index 00000000..81fcb4f2 --- /dev/null +++ b/src/cryptography/hazmat/bindings/openssl/src/osrandom_engine.h @@ -0,0 +1,6 @@ +#ifdef _WIN32 +#include <Wincrypt.h> +#else +#include <fcntl.h> +#include <unistd.h> +#endif
\ No newline at end of file |