diff options
Diffstat (limited to 'cryptography/hazmat/bindings/openssl')
23 files changed, 190 insertions, 34 deletions
diff --git a/cryptography/hazmat/bindings/openssl/asn1.py b/cryptography/hazmat/bindings/openssl/asn1.py index 5bd72e9a..719a523c 100644 --- a/cryptography/hazmat/bindings/openssl/asn1.py +++ b/cryptography/hazmat/bindings/openssl/asn1.py @@ -119,3 +119,6 @@ long ASN1_INTEGER_get(ASN1_INTEGER *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/backend.py b/cryptography/hazmat/bindings/openssl/backend.py index fc73dd39..0c3d22d5 100644 --- a/cryptography/hazmat/bindings/openssl/backend.py +++ b/cryptography/hazmat/bindings/openssl/backend.py @@ -18,11 +18,14 @@ import sys import cffi +from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import interfaces -from cryptography.hazmat.primitives.block.ciphers import ( +from cryptography.hazmat.primitives.ciphers.algorithms import ( AES, Blowfish, Camellia, CAST5, TripleDES, ) -from cryptography.hazmat.primitives.block.modes import CBC, CTR, ECB, OFB, CFB +from cryptography.hazmat.primitives.ciphers.modes import ( + CBC, CTR, ECB, OFB, CFB +) class Backend(object): @@ -54,29 +57,45 @@ class Backend(object): "x509v3", ] + ffi = None + lib = None + def __init__(self): - self.ffi = cffi.FFI() + self._ensure_ffi_initialized() + + self.ciphers = Ciphers(self) + self.hashes = Hashes(self) + self.hmacs = HMACs(self) + + @classmethod + def _ensure_ffi_initialized(cls): + if cls.ffi is not None and cls.lib is not None: + return + + ffi = cffi.FFI() includes = [] functions = [] macros = [] - for name in self._modules: + customizations = [] + for name in cls._modules: module_name = "cryptography.hazmat.bindings.openssl." + name __import__(module_name) module = sys.modules[module_name] - self.ffi.cdef(module.TYPES) + ffi.cdef(module.TYPES) macros.append(module.MACROS) functions.append(module.FUNCTIONS) includes.append(module.INCLUDES) + customizations.append(module.CUSTOMIZATIONS) # loop over the functions & macros after declaring all the types # so we can set interdependent types in different files and still # have them all defined before we parse the funcs & macros for func in functions: - self.ffi.cdef(func) + ffi.cdef(func) for macro in macros: - self.ffi.cdef(macro) + ffi.cdef(macro) # We include functions here so that if we got any of their definitions # wrong, the underlying C compiler will explode. In C you are allowed @@ -86,17 +105,15 @@ class Backend(object): # is legal, but the following will fail to compile: # int foo(int); # int foo(short); - self.lib = self.ffi.verify( - source="\n".join(includes + functions), + lib = ffi.verify( + source="\n".join(includes + functions + customizations), libraries=["crypto", "ssl"], ) - self.lib.OpenSSL_add_all_algorithms() - self.lib.SSL_load_error_strings() - - self.ciphers = Ciphers(self) - self.hashes = Hashes(self) - self.hmacs = HMACs(self) + cls.ffi = ffi + cls.lib = lib + cls.lib.OpenSSL_add_all_algorithms() + cls.lib.SSL_load_error_strings() def openssl_version_text(self): """ @@ -128,10 +145,15 @@ class _CipherContext(object): ctx = self._backend.ffi.gc(ctx, self._backend.lib.EVP_CIPHER_CTX_free) registry = self._backend.ciphers._cipher_registry - evp_cipher = registry[type(cipher), type(mode)]( - self._backend, cipher, mode - ) - assert evp_cipher != self._backend.ffi.NULL + try: + adapter = registry[type(cipher), type(mode)] + except KeyError: + raise UnsupportedAlgorithm + + evp_cipher = adapter(self._backend, cipher, mode) + if evp_cipher == self._backend.ffi.NULL: + raise UnsupportedAlgorithm + if isinstance(mode, interfaces.ModeWithInitializationVector): iv_nonce = mode.initialization_vector elif isinstance(mode, interfaces.ModeWithNonce): @@ -297,19 +319,20 @@ class HMACs(object): evp_md = self._backend.lib.EVP_get_digestbyname( hash_cls.name.encode('ascii')) assert evp_md != self._backend.ffi.NULL - res = self._backend.lib.HMAC_Init_ex(ctx, key, len(key), evp_md, - self._backend.ffi.NULL) + res = self._backend.lib.Cryptography_HMAC_Init_ex( + ctx, key, len(key), evp_md, self._backend.ffi.NULL + ) assert res != 0 return ctx def update_ctx(self, ctx, data): - res = self._backend.lib.HMAC_Update(ctx, data, len(data)) + res = self._backend.lib.Cryptography_HMAC_Update(ctx, data, len(data)) assert res != 0 def finalize_ctx(self, ctx, digest_size): buf = self._backend.ffi.new("unsigned char[]", digest_size) buflen = self._backend.ffi.new("unsigned int *", digest_size) - res = self._backend.lib.HMAC_Final(ctx, buf, buflen) + res = self._backend.lib.Cryptography_HMAC_Final(ctx, buf, buflen) assert res != 0 self._backend.lib.HMAC_CTX_cleanup(ctx) return self._backend.ffi.buffer(buf)[:digest_size] @@ -319,7 +342,7 @@ class HMACs(object): self._backend.lib.HMAC_CTX_init(copied_ctx) copied_ctx = self._backend.ffi.gc(copied_ctx, self._backend.lib.HMAC_CTX_cleanup) - res = self._backend.lib.HMAC_CTX_copy(copied_ctx, ctx) + res = self._backend.lib.Cryptography_HMAC_CTX_copy(copied_ctx, ctx) assert res != 0 return copied_ctx diff --git a/cryptography/hazmat/bindings/openssl/bignum.py b/cryptography/hazmat/bindings/openssl/bignum.py index 72d467c3..fcfadff1 100644 --- a/cryptography/hazmat/bindings/openssl/bignum.py +++ b/cryptography/hazmat/bindings/openssl/bignum.py @@ -32,3 +32,6 @@ int BN_hex2bn(BIGNUM **, const char *); MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/bio.py b/cryptography/hazmat/bindings/openssl/bio.py index 88be788f..c23dd0d8 100644 --- a/cryptography/hazmat/bindings/openssl/bio.py +++ b/cryptography/hazmat/bindings/openssl/bio.py @@ -168,3 +168,6 @@ long BIO_set_buffer_read_data(BIO *, void *, long); #define BIO_TYPE_BASE64 ... #define BIO_TYPE_FILTER ... """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/conf.py b/cryptography/hazmat/bindings/openssl/conf.py index 85c7a210..4846252c 100644 --- a/cryptography/hazmat/bindings/openssl/conf.py +++ b/cryptography/hazmat/bindings/openssl/conf.py @@ -24,3 +24,6 @@ FUNCTIONS = """ MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/crypto.py b/cryptography/hazmat/bindings/openssl/crypto.py index 501fb5a1..773d9b14 100644 --- a/cryptography/hazmat/bindings/openssl/crypto.py +++ b/cryptography/hazmat/bindings/openssl/crypto.py @@ -35,3 +35,6 @@ void CRYPTO_malloc_debug_init(); #define CRYPTO_MEM_CHECK_ENABLE ... #define CRYPTO_MEM_CHECK_DISABLE ... """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py index ac130054..b8fbf368 100644 --- a/cryptography/hazmat/bindings/openssl/dh.py +++ b/cryptography/hazmat/bindings/openssl/dh.py @@ -26,3 +26,6 @@ void DH_free(DH *); MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py index 2fa67b87..e6c369a6 100644 --- a/cryptography/hazmat/bindings/openssl/dsa.py +++ b/cryptography/hazmat/bindings/openssl/dsa.py @@ -28,3 +28,6 @@ void DSA_free(DSA *); MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/engine.py b/cryptography/hazmat/bindings/openssl/engine.py index b3ec3125..b76befce 100644 --- a/cryptography/hazmat/bindings/openssl/engine.py +++ b/cryptography/hazmat/bindings/openssl/engine.py @@ -50,3 +50,6 @@ MACROS = """ #define ENGINE_METHOD_ALL ... #define ENGINE_METHOD_NONE ... """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 39ae315c..6a36dee0 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -57,3 +57,6 @@ int ERR_GET_FUNC(unsigned long); int ERR_GET_REASON(unsigned long); int ERR_FATAL_ERROR(unsigned long); """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py index 4d0fb7fc..da54f89d 100644 --- a/cryptography/hazmat/bindings/openssl/evp.py +++ b/cryptography/hazmat/bindings/openssl/evp.py @@ -29,9 +29,9 @@ typedef struct evp_pkey_st { } EVP_PKEY; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; -static const int EVP_CTRL_GCM_SET_IVLEN; -static const int EVP_CTRL_GCM_GET_TAG; -static const int EVP_CTRL_GCM_SET_TAG; +static const int Cryptography_EVP_CTRL_GCM_SET_IVLEN; +static const int Cryptography_EVP_CTRL_GCM_GET_TAG; +static const int Cryptography_EVP_CTRL_GCM_SET_TAG; """ FUNCTIONS = """ @@ -95,3 +95,15 @@ int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); """ + +CUSTOMIZATIONS = """ +#ifdef EVP_CTRL_GCM_SET_TAG +const int Cryptography_EVP_CTRL_GCM_GET_TAG = EVP_CTRL_GCM_GET_TAG; +const int Cryptography_EVP_CTRL_GCM_SET_TAG = EVP_CTRL_GCM_SET_TAG; +const int Cryptography_EVP_CTRL_GCM_SET_IVLEN = EVP_CTRL_GCM_SET_IVLEN; +#else +const int Cryptography_EVP_CTRL_GCM_GET_TAG = -1; +const int Cryptography_EVP_CTRL_GCM_SET_TAG = -1; +const int Cryptography_EVP_CTRL_GCM_SET_IVLEN = -1; +#endif +""" diff --git a/cryptography/hazmat/bindings/openssl/hmac.py b/cryptography/hazmat/bindings/openssl/hmac.py index e97ac35e..10e67141 100644 --- a/cryptography/hazmat/bindings/openssl/hmac.py +++ b/cryptography/hazmat/bindings/openssl/hmac.py @@ -22,11 +22,69 @@ typedef struct { ...; } HMAC_CTX; FUNCTIONS = """ void HMAC_CTX_init(HMAC_CTX *); void HMAC_CTX_cleanup(HMAC_CTX *); -int HMAC_Init_ex(HMAC_CTX *, const void *, int, const EVP_MD *, ENGINE *); -int HMAC_Update(HMAC_CTX *, const unsigned char *, size_t); -int HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *); -int HMAC_CTX_copy(HMAC_CTX *, HMAC_CTX *); + +int Cryptography_HMAC_Init_ex(HMAC_CTX *, const void *, int, const EVP_MD *, + ENGINE *); +int Cryptography_HMAC_Update(HMAC_CTX *, const unsigned char *, size_t); +int Cryptography_HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *); +int Cryptography_HMAC_CTX_copy(HMAC_CTX *, HMAC_CTX *); """ MACROS = """ """ + +CUSTOMIZATIONS = """ +int Cryptography_HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, + const EVP_MD *md, ENGINE *impl) { +#if OPENSSL_VERSION_NUMBER >= 0x010000000 + return HMAC_Init_ex(ctx, key, key_len, md, impl); +#else + HMAC_Init_ex(ctx, key, key_len, md, impl); + return 1; +#endif +} + +int Cryptography_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, + size_t data_len) { +#if OPENSSL_VERSION_NUMBER >= 0x010000000 + return HMAC_Update(ctx, data, data_len); +#else + HMAC_Update(ctx, data, data_len); + return 1; +#endif +} + +int Cryptography_HMAC_Final(HMAC_CTX *ctx, unsigned char *digest, + unsigned int *digest_len) { +#if OPENSSL_VERSION_NUMBER >= 0x010000000 + return HMAC_Final(ctx, digest, digest_len); +#else + HMAC_Final(ctx, digest, digest_len); + return 1; +#endif +} + +int Cryptography_HMAC_CTX_copy(HMAC_CTX *dst_ctx, HMAC_CTX *src_ctx) { +#if OPENSSL_VERSION_NUMBER >= 0x010000000 + return HMAC_CTX_copy(dst_ctx, src_ctx); +#else + HMAC_CTX_init(dst_ctx); + if (!EVP_MD_CTX_copy_ex(&dst_ctx->i_ctx, &src_ctx->i_ctx)) { + goto err; + } + if (!EVP_MD_CTX_copy_ex(&dst_ctx->o_ctx, &src_ctx->o_ctx)) { + goto err; + } + if (!EVP_MD_CTX_copy_ex(&dst_ctx->md_ctx, &src_ctx->md_ctx)) { + goto err; + } + memcpy(dst_ctx->key, src_ctx->key, HMAC_MAX_MD_CBLOCK); + dst_ctx->key_length = src_ctx->key_length; + dst_ctx->md = src_ctx->md; + return 1; + + err: + return 0; +#endif +} +""" diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py index 0f5b0003..9816dde4 100644 --- a/cryptography/hazmat/bindings/openssl/nid.py +++ b/cryptography/hazmat/bindings/openssl/nid.py @@ -39,6 +39,11 @@ static const int NID_crl_reason; static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC; """ -FUNCTIONS = "" +FUNCTIONS = """ +""" + +MACROS = """ +""" -MACROS = "" +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/opensslv.py b/cryptography/hazmat/bindings/openssl/opensslv.py index d1a1b3e6..d463776c 100644 --- a/cryptography/hazmat/bindings/openssl/opensslv.py +++ b/cryptography/hazmat/bindings/openssl/opensslv.py @@ -24,3 +24,6 @@ FUNCTIONS = """ MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/pem.py b/cryptography/hazmat/bindings/openssl/pem.py index 8c8f736d..00f0dc36 100644 --- a/cryptography/hazmat/bindings/openssl/pem.py +++ b/cryptography/hazmat/bindings/openssl/pem.py @@ -41,4 +41,8 @@ PKCS7 *PEM_read_bio_PKCS7(BIO *, PKCS7 **, pem_password_cb *, void *); DH *PEM_read_bio_DHparams(BIO *, DH **, pem_password_cb *, void *); """ -MACROS = "" +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/pkcs12.py b/cryptography/hazmat/bindings/openssl/pkcs12.py index 5c002b93..d91d100f 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs12.py +++ b/cryptography/hazmat/bindings/openssl/pkcs12.py @@ -32,3 +32,6 @@ int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **, PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *, struct stack_st_X509 *, int, int, int, int, int); """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/pkcs7.py b/cryptography/hazmat/bindings/openssl/pkcs7.py index 752bfa00..60ea3c52 100644 --- a/cryptography/hazmat/bindings/openssl/pkcs7.py +++ b/cryptography/hazmat/bindings/openssl/pkcs7.py @@ -32,3 +32,6 @@ int PKCS7_type_is_enveloped(PKCS7 *); int PKCS7_type_is_signedAndEnveloped(PKCS7 *); int PKCS7_type_is_data(PKCS7 *); """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/rand.py b/cryptography/hazmat/bindings/openssl/rand.py index e4f6be23..848ee05a 100644 --- a/cryptography/hazmat/bindings/openssl/rand.py +++ b/cryptography/hazmat/bindings/openssl/rand.py @@ -35,3 +35,6 @@ int RAND_pseudo_bytes(unsigned char *, int); MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py index c8bf1cc0..21ed5d67 100644 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ b/cryptography/hazmat/bindings/openssl/rsa.py @@ -29,3 +29,6 @@ int RSA_check_key(const RSA *); MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index 8aca86e4..58a64f0b 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -24,3 +24,6 @@ void SSL_load_error_strings(); MACROS = """ """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py index 9a51a6d0..b2ee672e 100644 --- a/cryptography/hazmat/bindings/openssl/x509.py +++ b/cryptography/hazmat/bindings/openssl/x509.py @@ -185,3 +185,6 @@ X509_REVOKED *sk_X509_REVOKED_value(struct x509_revoked_st *, int); int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *); int X509_CRL_set_nextUpdate(X509_CRL *, const ASN1_TIME *); """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/x509name.py b/cryptography/hazmat/bindings/openssl/x509name.py index bd7abe2d..896f0ae4 100644 --- a/cryptography/hazmat/bindings/openssl/x509name.py +++ b/cryptography/hazmat/bindings/openssl/x509name.py @@ -46,3 +46,6 @@ int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *); X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int); void sk_X509_NAME_free(struct stack_st_X509_NAME *); """ + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/bindings/openssl/x509v3.py b/cryptography/hazmat/bindings/openssl/x509v3.py index 413bde5f..bc26236c 100644 --- a/cryptography/hazmat/bindings/openssl/x509v3.py +++ b/cryptography/hazmat/bindings/openssl/x509v3.py @@ -92,3 +92,6 @@ GENERAL_NAME *sk_GENERAL_NAME_value(struct stack_st_GENERAL_NAME *, int); const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *); const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int); """ + +CUSTOMIZATIONS = """ +""" |