aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2019-02-25 13:32:05 +0800
committerAlex Gaynor <alex.gaynor@gmail.com>2019-02-25 00:32:05 -0500
commit76c784340c3851f402abc38dff8fa5f008cdc4d4 (patch)
treeb08f245978f3ec2e5ffa8b1ace388944500c8650 /src
parent01a517919ce16cc9dd75db9d02dae00a4cc390bb (diff)
downloadcryptography-76c784340c3851f402abc38dff8fa5f008cdc4d4.tar.gz
cryptography-76c784340c3851f402abc38dff8fa5f008cdc4d4.tar.bz2
cryptography-76c784340c3851f402abc38dff8fa5f008cdc4d4.zip
support NO_ENGINE (#4763)
* support OPENSSL_NO_ENGINE * support some new openssl config args * sigh
Diffstat (limited to 'src')
-rw-r--r--src/_cffi_src/openssl/engine.py68
-rw-r--r--src/_cffi_src/openssl/ssl.py1
-rw-r--r--src/cryptography/hazmat/backends/openssl/backend.py17
-rw-r--r--src/cryptography/hazmat/bindings/openssl/_conditional.py42
-rw-r--r--src/cryptography/hazmat/bindings/openssl/binding.py5
5 files changed, 122 insertions, 11 deletions
diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py
index c255bbbc..8996f0c8 100644
--- a/src/_cffi_src/openssl/engine.py
+++ b/src/_cffi_src/openssl/engine.py
@@ -27,6 +27,7 @@ typedef ... UI_METHOD;
static const unsigned int ENGINE_METHOD_RAND;
static const int ENGINE_R_CONFLICTING_ENGINE_ID;
+static const long Cryptography_HAS_ENGINE;
"""
FUNCTIONS = """
@@ -69,4 +70,71 @@ void ENGINE_cleanup(void);
"""
CUSTOMIZATIONS = """
+#ifdef OPENSSL_NO_ENGINE
+static const long Cryptography_HAS_ENGINE = 0;
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+typedef void *ENGINE_CTRL_FUNC_PTR;
+typedef void *ENGINE_LOAD_KEY_PTR;
+typedef void *ENGINE_CIPHERS_PTR;
+typedef void *ENGINE_DIGESTS_PTR;
+typedef struct ENGINE_CMD_DEFN_st {
+ unsigned int cmd_num;
+ const char *cmd_name;
+ const char *cmd_desc;
+ unsigned int cmd_flags;
+} ENGINE_CMD_DEFN;
+
+/* This section is so osrandom_engine.c can successfully compile even
+ when engine support is disabled */
+#define ENGINE_CMD_BASE 0
+#define ENGINE_CMD_FLAG_NO_INPUT 0
+#define ENGINE_F_ENGINE_CTRL 0
+#define ENGINE_R_INVALID_ARGUMENT 0
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 0
+int (*ENGINE_set_cmd_defns)(ENGINE *, const ENGINE_CMD_DEFN *) = NULL;
+
+static const unsigned int ENGINE_METHOD_RAND = 0;
+static const int ENGINE_R_CONFLICTING_ENGINE_ID = 0;
+
+ENGINE *(*ENGINE_get_first)(void) = NULL;
+ENGINE *(*ENGINE_get_last)(void) = NULL;
+int (*ENGINE_add)(ENGINE *) = NULL;
+int (*ENGINE_remove)(ENGINE *) = NULL;
+ENGINE *(*ENGINE_by_id)(const char *) = NULL;
+int (*ENGINE_init)(ENGINE *) = NULL;
+int (*ENGINE_finish)(ENGINE *) = NULL;
+void (*ENGINE_load_builtin_engines)(void) = NULL;
+ENGINE *(*ENGINE_get_default_RAND)(void) = NULL;
+int (*ENGINE_set_default_RAND)(ENGINE *) = NULL;
+int (*ENGINE_register_RAND)(ENGINE *) = NULL;
+void (*ENGINE_unregister_RAND)(ENGINE *) = NULL;
+void (*ENGINE_register_all_RAND)(void) = NULL;
+int (*ENGINE_ctrl)(ENGINE *, int, long, void *, void (*)(void)) = NULL;
+int (*ENGINE_ctrl_cmd)(ENGINE *, const char *, long, void *,
+ void (*)(void), int) = NULL;
+int (*ENGINE_ctrl_cmd_string)(ENGINE *, const char *, const char *,
+ int) = NULL;
+
+ENGINE *(*ENGINE_new)(void) = NULL;
+int (*ENGINE_free)(ENGINE *) = NULL;
+int (*ENGINE_up_ref)(ENGINE *) = NULL;
+int (*ENGINE_set_id)(ENGINE *, const char *) = NULL;
+int (*ENGINE_set_name)(ENGINE *, const char *) = NULL;
+int (*ENGINE_set_RAND)(ENGINE *, const RAND_METHOD *) = NULL;
+int (*ENGINE_set_destroy_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
+int (*ENGINE_set_init_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
+int (*ENGINE_set_finish_function)(ENGINE *, ENGINE_GEN_INT_FUNC_PTR) = NULL;
+int (*ENGINE_set_ctrl_function)(ENGINE *, ENGINE_CTRL_FUNC_PTR) = NULL;
+const char *(*ENGINE_get_id)(const ENGINE *) = NULL;
+const char *(*ENGINE_get_name)(const ENGINE *) = NULL;
+const RAND_METHOD *(*ENGINE_get_RAND)(const ENGINE *) = NULL;
+
+void (*ENGINE_add_conf_module)(void) = NULL;
+/* these became macros in 1.1.0 */
+void (*ENGINE_load_openssl)(void) = NULL;
+void (*ENGINE_load_dynamic)(void) = NULL;
+void (*ENGINE_cleanup)(void) = NULL;
+#else
+static const long Cryptography_HAS_ENGINE = 1;
+#endif
"""
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 2218095c..92fd1e3e 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -334,7 +334,6 @@ int SSL_SESSION_print(BIO *, const SSL_SESSION *);
const COMP_METHOD *SSL_get_current_compression(SSL *);
const COMP_METHOD *SSL_get_current_expansion(SSL *);
const char *SSL_COMP_get_name(const COMP_METHOD *);
-int SSL_CTX_set_client_cert_engine(SSL_CTX *, ENGINE *);
unsigned long SSL_set_mode(SSL *, unsigned long);
unsigned long SSL_get_mode(SSL *);
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 73491726..d7bba224 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -150,14 +150,15 @@ class Backend(object):
self.openssl_assert(res == 1)
def activate_osrandom_engine(self):
- # Unregister and free the current engine.
- self.activate_builtin_random()
- with self._get_osurandom_engine() as e:
- # Set the engine as the default RAND provider.
- res = self._lib.ENGINE_set_default_RAND(e)
- self.openssl_assert(res == 1)
- # Reset the RNG to use the new engine.
- self._lib.RAND_cleanup()
+ if self._lib.Cryptography_HAS_ENGINE:
+ # Unregister and free the current engine.
+ self.activate_builtin_random()
+ with self._get_osurandom_engine() as e:
+ # Set the engine as the default RAND provider.
+ res = self._lib.ENGINE_set_default_RAND(e)
+ self.openssl_assert(res == 1)
+ # Reset the RNG to use the new engine.
+ self._lib.RAND_cleanup()
def osrandom_engine_implementation(self):
buf = self._ffi.new("char[]", 64)
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index c0238dcc..3fecfe59 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -341,6 +341,47 @@ def cryptography_has_evp_r_memory_limit_exceeded():
]
+def cryptography_has_engine():
+ return [
+ "ENGINE_get_first",
+ "ENGINE_get_last",
+ "ENGINE_add",
+ "ENGINE_remove",
+ "ENGINE_by_id",
+ "ENGINE_init",
+ "ENGINE_finish",
+ "ENGINE_load_builtin_engines",
+ "ENGINE_get_default_RAND",
+ "ENGINE_set_default_RAND",
+ "ENGINE_register_RAND",
+ "ENGINE_unregister_RAND",
+ "ENGINE_register_all_RAND",
+ "ENGINE_ctrl",
+ "ENGINE_ctrl_cmd",
+ "ENGINE_ctrl_cmd_string",
+ "ENGINE_new",
+ "ENGINE_free",
+ "ENGINE_up_ref",
+ "ENGINE_set_id",
+ "ENGINE_set_name",
+ "ENGINE_set_RAND",
+ "ENGINE_set_destroy_function",
+ "ENGINE_set_init_function",
+ "ENGINE_set_finish_function",
+ "ENGINE_set_ctrl_function",
+ "ENGINE_get_id",
+ "ENGINE_get_name",
+ "ENGINE_get_RAND",
+ "ENGINE_add_conf_module",
+ "ENGINE_load_openssl",
+ "ENGINE_load_dynamic",
+ "ENGINE_cleanup",
+ "ENGINE_METHOD_RAND",
+ "ENGINE_R_CONFLICTING_ENGINE_ID",
+ "Cryptography_add_osrandom_engine",
+ ]
+
+
# This is a mapping of
# {condition: function-returning-names-dependent-on-that-condition} so we can
# loop over them and delete unsupported names at runtime. It will be removed
@@ -412,4 +453,5 @@ CONDITIONAL_NAMES = {
"Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED": (
cryptography_has_evp_r_memory_limit_exceeded
),
+ "Cryptography_HAS_ENGINE": cryptography_has_engine,
}
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index c937afd4..ca4e33fa 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -115,8 +115,9 @@ class Binding(object):
# reliably clear the error queue. Once we clear it here we will
# error on any subsequent unexpected item in the stack.
cls.lib.ERR_clear_error()
- result = cls.lib.Cryptography_add_osrandom_engine()
- _openssl_assert(cls.lib, result in (1, 2))
+ if cls.lib.Cryptography_HAS_ENGINE:
+ result = cls.lib.Cryptography_add_osrandom_engine()
+ _openssl_assert(cls.lib, result in (1, 2))
@classmethod
def _ensure_ffi_initialized(cls):