diff options
| -rw-r--r-- | AUTHORS.rst | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/bio.py | 1 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/err.py | 22 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/pem.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 38 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 9 |
6 files changed, 74 insertions, 0 deletions
diff --git a/AUTHORS.rst b/AUTHORS.rst index eaadd528..8e95ca34 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -27,3 +27,5 @@ PGP key fingerprints are enclosed in parentheses. * Jiangge Zhang <tonyseek@gmail.com> (BBEC 782B 015F 71B1 5FF7 EACA 1A8C AA98 255F 5000) * Major Hayden <major@mhtx.net> (1BF9 9264 9596 0033 698C 252B 7370 51E0 C101 1FB1) * Phoebe Queen <foibey@gmail.com> (10D4 7741 AB65 50F4 B264 3888 DA40 201A 072B C1FA) +* Google Inc. +* Amaury Forgeot d'Arc <amauryfa@google.com> diff --git a/src/_cffi_src/openssl/bio.py b/src/_cffi_src/openssl/bio.py index df9b1b48..7e71dab1 100644 --- a/src/_cffi_src/openssl/bio.py +++ b/src/_cffi_src/openssl/bio.py @@ -158,6 +158,7 @@ long BIO_set_read_buffer_size(BIO *, long); long BIO_set_write_buffer_size(BIO *, long); long BIO_set_buffer_size(BIO *, long); long BIO_set_buffer_read_data(BIO *, void *, long); +long BIO_set_nbio(BIO *, long); /* The following was a macro in 0.9.8e. Once we drop support for RHEL/CentOS 5 we should move this back to FUNCTIONS. */ diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index d0211c34..4c7870aa 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -13,6 +13,7 @@ static const int Cryptography_HAS_REMOVE_THREAD_STATE; static const int Cryptography_HAS_098H_ERROR_CODES; static const int Cryptography_HAS_098C_CAMELLIA_CODES; static const int Cryptography_HAS_EC_CODES; +static const int Cryptography_HAS_TLSEXT_ERROR_CODES; static const int Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR; struct ERR_string_data_st { @@ -28,6 +29,8 @@ static const int ERR_LIB_PEM; static const int ERR_LIB_ASN1; static const int ERR_LIB_RSA; static const int ERR_LIB_PKCS12; +static const int ERR_LIB_SSL; +static const int ERR_LIB_X509; static const int ASN1_F_ASN1_ENUMERATED_TO_BN; static const int ASN1_F_ASN1_EX_C2I; @@ -224,6 +227,15 @@ static const int RSA_R_BLOCK_TYPE_IS_NOT_02; static const int RSA_R_PKCS_DECODING_ERROR; static const int RSA_R_OAEP_DECODING_ERROR; static const int RSA_F_RSA_SIGN; + +static const int SSL_TLSEXT_ERR_OK; +static const int SSL_TLSEXT_ERR_ALERT_WARNING; +static const int SSL_TLSEXT_ERR_ALERT_FATAL; +static const int SSL_TLSEXT_ERR_NOACK; + +static const int SSL_AD_INTERNAL_ERROR; +static const int SSL_AD_ACCESS_DENIED; +static const int SSL_AD_HANDSHAKE_FAILURE; """ FUNCTIONS = """ @@ -319,6 +331,16 @@ static const int EC_R_UNKNOWN_GROUP = 0; static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME = 0; #endif +#ifdef SSL_TLSEXT_ERR_OK +static const int Cryptography_HAS_TLSEXT_ERROR_CODES = 1; +#else +static const int Cryptography_HAS_TLSEXT_ERROR_CODES = 0; +static const int SSL_TLSEXT_ERR_OK = 0; +static const int SSL_TLSEXT_ERR_ALERT_WARNING = 0; +static const int SSL_TLSEXT_ERR_ALERT_FATAL = 0; +static const int SSL_TLSEXT_ERR_NOACK = 0; +#endif + #ifdef RSA_R_PKCS_DECODING_ERROR static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 1; #else diff --git a/src/_cffi_src/openssl/pem.py b/src/_cffi_src/openssl/pem.py index 4eb6bb45..99881dd7 100644 --- a/src/_cffi_src/openssl/pem.py +++ b/src/_cffi_src/openssl/pem.py @@ -46,6 +46,8 @@ X509_CRL *PEM_read_bio_X509_CRL(BIO *, X509_CRL **, pem_password_cb *, void *); int PEM_write_bio_X509_CRL(BIO *, X509_CRL *); +X509 *PEM_read_bio_X509_AUX(BIO *, X509 **, pem_password_cb *, void *); + PKCS7 *PEM_read_bio_PKCS7(BIO *, PKCS7 **, pem_password_cb *, void *); int PEM_write_bio_PKCS7(BIO *, PKCS7 *); diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index b3bc9ca2..8569661e 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -24,6 +24,7 @@ static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP; static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE; static const long Cryptography_HAS_GET_SERVER_TMP_KEY; static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE; +static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -53,6 +54,7 @@ static const long SSL_ERROR_ZERO_RETURN; static const long SSL_ERROR_WANT_READ; static const long SSL_ERROR_WANT_WRITE; static const long SSL_ERROR_WANT_X509_LOOKUP; +static const long SSL_ERROR_WANT_CONNECT; static const long SSL_ERROR_SYSCALL; static const long SSL_ERROR_SSL; static const long SSL_SENT_SHUTDOWN; @@ -177,6 +179,9 @@ void (*SSL_get_info_callback(const SSL *))(const SSL *, int, int); SSL *SSL_new(SSL_CTX *); void SSL_free(SSL *); int SSL_set_fd(SSL *, int); +SSL_CTX *SSL_get_SSL_CTX(const SSL *); +BIO *SSL_get_rbio(const SSL *); +BIO *SSL_get_wbio(const SSL *); void SSL_set_bio(SSL *, BIO *, BIO *); void SSL_set_connect_state(SSL *); void SSL_set_accept_state(SSL *); @@ -287,6 +292,10 @@ unsigned long SSL_get_mode(SSL *); unsigned long SSL_set_options(SSL *, unsigned long); unsigned long SSL_get_options(SSL *); +void SSL_set_app_data(SSL *, char *); +char * SSL_get_app_data(SSL *); +void SSL_set_read_ahead(SSL *, int); + int SSL_want_read(const SSL *); int SSL_want_write(const SSL *); @@ -296,6 +305,7 @@ long SSL_get_secure_renegotiation_support(SSL *); /* Defined as unsigned long because SSL_OP_ALL is greater than signed 32-bit and Windows defines long as 32-bit. */ unsigned long SSL_CTX_set_options(SSL_CTX *, unsigned long); +unsigned long SSL_CTX_clear_options(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_options(SSL_CTX *); unsigned long SSL_CTX_set_mode(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_mode(SSL_CTX *); @@ -356,6 +366,8 @@ void SSL_set_tlsext_host_name(SSL *, char *); void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, int (*)(const SSL *, int *, void *)); +void SSL_CTX_set_tlsext_servername_arg( + SSL_CTX *, void *); /* These were added in OpenSSL 0.9.8h, but since version testing in OpenSSL is fraught with peril thanks to OS distributions we check some constants @@ -435,6 +447,19 @@ size_t SSL_SESSION_get_master_key(const SSL_SESSION *, unsigned char *, size_t); size_t SSL_get_client_random(const SSL *, unsigned char *, size_t); size_t SSL_get_server_random(const SSL *, unsigned char *, size_t); + +long SSL_CTX_sess_number(SSL_CTX *); +long SSL_CTX_sess_connect(SSL_CTX *); +long SSL_CTX_sess_connect_good(SSL_CTX *); +long SSL_CTX_sess_connect_renegotiate(SSL_CTX *); +long SSL_CTX_sess_accept(SSL_CTX *); +long SSL_CTX_sess_accept_good(SSL_CTX *); +long SSL_CTX_sess_accept_renegotiate(SSL_CTX *); +long SSL_CTX_sess_hits(SSL_CTX *); +long SSL_CTX_sess_cb_hits(SSL_CTX *); +long SSL_CTX_sess_misses(SSL_CTX *); +long SSL_CTX_sess_timeouts(SSL_CTX *); +long SSL_CTX_sess_cache_full(SSL_CTX *); """ CUSTOMIZATIONS = """ @@ -545,6 +570,8 @@ const char* (*SSL_get_servername)(const SSL *, const int) = NULL; void (*SSL_CTX_set_tlsext_servername_callback)( SSL_CTX *, int (*)(const SSL *, int *, void *)) = NULL; +void (*SSL_CTX_set_tlsext_servername_arg)( + SSL_CTX *, void *) = NULL; #endif #ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB @@ -734,6 +761,17 @@ static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE = 0; static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE = 1; #endif +/* SSL_CTX_clear_options() and SSL_clear_options() were first added in + * OpenSSL 0.9.8m but do not appear in some 0.9.9-dev versions such the + * 0.9.9 from "May 2008" that NetBSD 5.0 uses. */ +#if OPENSSL_VERSION_NUMBER >= 0x009080dfL && \ + OPENSSL_VERSION_NUMBER != 0x00909000L +static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 1; +#else +unsigned long (*SSL_CTX_clear_options)(SSL_CTX *, unsigned long) = NULL; +static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 0; +#endif + /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were removed */ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 5a69af5e..6851b97f 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -204,6 +204,12 @@ CONDITIONAL_NAMES = { "EC_R_UNKNOWN_GROUP", "EC_F_EC_GROUP_NEW_BY_CURVE_NAME" ], + "Cryptography_HAS_TLSEXT_ERROR_CODES": [ + "SSL_TLSEXT_ERR_OK", + "SSL_TLSEXT_ERR_ALERT_WARNING", + "SSL_TLSEXT_ERR_ALERT_FATAL", + "SSL_TLSEXT_ERR_NOACK", + ], "Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR": [ "RSA_R_PKCS_DECODING_ERROR" ], @@ -351,6 +357,9 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE": [ "SSL_CTX_set_client_cert_engine", ], + "Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS": [ + "SSL_CTX_clear_options", + ], "Cryptography_HAS_102_VERIFICATION_ERROR_CODES": [ 'X509_V_ERR_SUITE_B_INVALID_VERSION', 'X509_V_ERR_SUITE_B_INVALID_ALGORITHM', |