5 files changed, 166 insertions, 5 deletions

diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py
index 609a33bf..e04507ca 100644
--- a/cryptography/hazmat/bindings/openssl/dsa.py
+++ b/cryptography/hazmat/bindings/openssl/dsa.py
@@ -39,6 +39,8 @@ void DSA_free(DSA *);
 """
 
 MACROS = """
+int DSA_generate_parameters_ex(DSA *, int, unsigned char *, int,
+                               int *, unsigned long *, BN_GENCB *);
 """
 
 CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py
index 39403ff2..4a42960c 100644
--- a/cryptography/hazmat/bindings/openssl/ec.py
+++ b/cryptography/hazmat/bindings/openssl/ec.py
@@ -23,7 +23,31 @@ TYPES = """
 static const int Cryptography_HAS_EC;
 
 typedef ... EC_KEY;
+typedef struct {
+    int nid;
+    const char *comment;
+} EC_builtin_curve;
 
+static const int NID_X9_62_c2pnb163v1;
+static const int NID_X9_62_c2pnb163v2;
+static const int NID_X9_62_c2pnb163v3;
+static const int NID_X9_62_c2pnb176v1;
+static const int NID_X9_62_c2tnb191v1;
+static const int NID_X9_62_c2tnb191v2;
+static const int NID_X9_62_c2tnb191v3;
+static const int NID_X9_62_c2onb191v4;
+static const int NID_X9_62_c2onb191v5;
+static const int NID_X9_62_c2pnb208w1;
+static const int NID_X9_62_c2tnb239v1;
+static const int NID_X9_62_c2tnb239v2;
+static const int NID_X9_62_c2tnb239v3;
+static const int NID_X9_62_c2onb239v4;
+static const int NID_X9_62_c2onb239v5;
+static const int NID_X9_62_c2pnb272w1;
+static const int NID_X9_62_c2pnb304w1;
+static const int NID_X9_62_c2tnb359v1;
+static const int NID_X9_62_c2pnb368w1;
+static const int NID_X9_62_c2tnb431r1;
 static const int NID_X9_62_prime192v1;
 static const int NID_X9_62_prime192v2;
 static const int NID_X9_62_prime192v3;
@@ -31,6 +55,122 @@ static const int NID_X9_62_prime239v1;
 static const int NID_X9_62_prime239v2;
 static const int NID_X9_62_prime239v3;
 static const int NID_X9_62_prime256v1;
+static const int NID_secp112r1;
+static const int NID_secp112r2;
+static const int NID_secp128r1;
+static const int NID_secp128r2;
+static const int NID_secp160k1;
+static const int NID_secp160r1;
+static const int NID_secp160r2;
+static const int NID_sect163k1;
+static const int NID_sect163r1;
+static const int NID_sect163r2;
+static const int NID_secp192k1;
+static const int NID_secp224k1;
+static const int NID_secp224r1;
+static const int NID_secp256k1;
+static const int NID_secp384r1;
+static const int NID_secp521r1;
+static const int NID_sect113r1;
+static const int NID_sect113r2;
+static const int NID_sect131r1;
+static const int NID_sect131r2;
+static const int NID_sect193r1;
+static const int NID_sect193r2;
+static const int NID_sect233k1;
+static const int NID_sect233r1;
+static const int NID_sect239k1;
+static const int NID_sect283k1;
+static const int NID_sect283r1;
+static const int NID_sect409k1;
+static const int NID_sect409r1;
+static const int NID_sect571k1;
+static const int NID_sect571r1;
+static const int NID_wap_wsg_idm_ecid_wtls1;
+static const int NID_wap_wsg_idm_ecid_wtls3;
+static const int NID_wap_wsg_idm_ecid_wtls4;
+static const int NID_wap_wsg_idm_ecid_wtls5;
+static const int NID_wap_wsg_idm_ecid_wtls6;
+static const int NID_wap_wsg_idm_ecid_wtls7;
+static const int NID_wap_wsg_idm_ecid_wtls8;
+static const int NID_wap_wsg_idm_ecid_wtls9;
+static const int NID_wap_wsg_idm_ecid_wtls10;
+static const int NID_wap_wsg_idm_ecid_wtls11;
+static const int NID_wap_wsg_idm_ecid_wtls12;
+static const int NID_ipsec3;
+static const int NID_ipsec4;
+static const char *const SN_X9_62_c2pnb163v1;
+static const char *const SN_X9_62_c2pnb163v2;
+static const char *const SN_X9_62_c2pnb163v3;
+static const char *const SN_X9_62_c2pnb176v1;
+static const char *const SN_X9_62_c2tnb191v1;
+static const char *const SN_X9_62_c2tnb191v2;
+static const char *const SN_X9_62_c2tnb191v3;
+static const char *const SN_X9_62_c2onb191v4;
+static const char *const SN_X9_62_c2onb191v5;
+static const char *const SN_X9_62_c2pnb208w1;
+static const char *const SN_X9_62_c2tnb239v1;
+static const char *const SN_X9_62_c2tnb239v2;
+static const char *const SN_X9_62_c2tnb239v3;
+static const char *const SN_X9_62_c2onb239v4;
+static const char *const SN_X9_62_c2onb239v5;
+static const char *const SN_X9_62_c2pnb272w1;
+static const char *const SN_X9_62_c2pnb304w1;
+static const char *const SN_X9_62_c2tnb359v1;
+static const char *const SN_X9_62_c2pnb368w1;
+static const char *const SN_X9_62_c2tnb431r1;
+static const char *const SN_X9_62_prime192v1;
+static const char *const SN_X9_62_prime192v2;
+static const char *const SN_X9_62_prime192v3;
+static const char *const SN_X9_62_prime239v1;
+static const char *const SN_X9_62_prime239v2;
+static const char *const SN_X9_62_prime239v3;
+static const char *const SN_X9_62_prime256v1;
+static const char *const SN_secp112r1;
+static const char *const SN_secp112r2;
+static const char *const SN_secp128r1;
+static const char *const SN_secp128r2;
+static const char *const SN_secp160k1;
+static const char *const SN_secp160r1;
+static const char *const SN_secp160r2;
+static const char *const SN_sect163k1;
+static const char *const SN_sect163r1;
+static const char *const SN_sect163r2;
+static const char *const SN_secp192k1;
+static const char *const SN_secp224k1;
+static const char *const SN_secp224r1;
+static const char *const SN_secp256k1;
+static const char *const SN_secp384r1;
+static const char *const SN_secp521r1;
+static const char *const SN_sect113r1;
+static const char *const SN_sect113r2;
+static const char *const SN_sect131r1;
+static const char *const SN_sect131r2;
+static const char *const SN_sect193r1;
+static const char *const SN_sect193r2;
+static const char *const SN_sect233k1;
+static const char *const SN_sect233r1;
+static const char *const SN_sect239k1;
+static const char *const SN_sect283k1;
+static const char *const SN_sect283r1;
+static const char *const SN_sect409k1;
+static const char *const SN_sect409r1;
+static const char *const SN_sect571k1;
+static const char *const SN_sect571r1;
+static const char *const SN_wap_wsg_idm_ecid_wtls1;
+static const char *const SN_wap_wsg_idm_ecid_wtls3;
+static const char *const SN_wap_wsg_idm_ecid_wtls4;
+static const char *const SN_wap_wsg_idm_ecid_wtls5;
+static const char *const SN_wap_wsg_idm_ecid_wtls6;
+static const char *const SN_wap_wsg_idm_ecid_wtls7;
+static const char *const SN_wap_wsg_idm_ecid_wtls8;
+static const char *const SN_wap_wsg_idm_ecid_wtls9;
+static const char *const SN_wap_wsg_idm_ecid_wtls10;
+static const char *const SN_wap_wsg_idm_ecid_wtls11;
+static const char *const SN_wap_wsg_idm_ecid_wtls12;
+static const char *const SN_ipsec3;
+static const char *const SN_ipsec4;
+
 """
 
 FUNCTIONS = """
@@ -39,14 +179,22 @@ FUNCTIONS = """
 MACROS = """
 EC_KEY *EC_KEY_new_by_curve_name(int);
 void EC_KEY_free(EC_KEY *);
+
+size_t EC_get_builtin_curves(EC_builtin_curve *, size_t);
+
 """
 
 CUSTOMIZATIONS = """
 #ifdef OPENSSL_NO_EC
 static const long Cryptography_HAS_EC = 0;
 typedef void EC_KEY;
+typedef struct {
+    int nid;
+    const char *comment;
+} EC_builtin_curve;
 EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL;
 void (*EC_KEY_free)(EC_KEY *) = NULL;
+size_t (*EC_get_builtin_curves)(EC_builtin_curve *, size_t) = NULL;
 #else
 static const long Cryptography_HAS_EC = 1;
 #endif
@@ -56,5 +204,6 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_EC": [
         "EC_KEY_new_by_curve_name",
         "EC_KEY_free",
+        "EC_get_builtin_curves",
     ],
 }
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index ddb60ef7..f2058ad8 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -151,7 +151,6 @@ static const int EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED;
 static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH;
 static const int EVP_R_DECODE_ERROR;
 static const int EVP_R_DIFFERENT_KEY_TYPES;
-static const int EVP_R_DISABLED_FOR_FIPS;
 static const int EVP_R_ENCODE_ERROR;
 static const int EVP_R_INITIALIZATION_ERROR;
 static const int EVP_R_INPUT_NOT_INITIALIZED;
@@ -266,7 +265,7 @@ static const long Cryptography_HAS_REMOVE_THREAD_STATE = 1;
 #else
 static const long Cryptography_HAS_REMOVE_THREAD_STATE = 0;
 typedef uint32_t CRYPTO_THREADID;
-void (*ERR_remove_thread_state)(const CRYPTO_THREADID *);
+void (*ERR_remove_thread_state)(const CRYPTO_THREADID *) = NULL;
 #endif
 """
 
diff --git a/cryptography/hazmat/bindings/openssl/hmac.py b/cryptography/hazmat/bindings/openssl/hmac.py
index 5f9e0945..4b81c9df 100644
--- a/cryptography/hazmat/bindings/openssl/hmac.py
+++ b/cryptography/hazmat/bindings/openssl/hmac.py
@@ -55,11 +55,11 @@ int Cryptography_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
 }
 
 int Cryptography_HMAC_Final(HMAC_CTX *ctx, unsigned char *digest,
-    unsigned int *digest_len) {
+    unsigned int *outlen) {
 #if OPENSSL_VERSION_NUMBER >= 0x010000000
-    return HMAC_Final(ctx, digest, digest_len);
+    return HMAC_Final(ctx, digest, outlen);
 #else
-    HMAC_Final(ctx, digest, digest_len);
+    HMAC_Final(ctx, digest, outlen);
     return 1;
 #endif
 }
diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py
index 359305c6..f895cd02 100644
--- a/cryptography/hazmat/bindings/openssl/rsa.py
+++ b/cryptography/hazmat/bindings/openssl/rsa.py
@@ -37,6 +37,7 @@ static const int RSA_PKCS1_PSS_PADDING;
 static const int RSA_F4;
 
 static const int Cryptography_HAS_PSS_PADDING;
+static const int Cryptography_HAS_MGF1_MD;
 """
 
 FUNCTIONS = """
@@ -70,6 +71,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *, int, const unsigned char *,
 MACROS = """
 int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *, int);
 int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *, int);
+int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *, EVP_MD *);
 """
 
 CUSTOMIZATIONS = """
@@ -82,6 +84,12 @@ int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL;
 int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL;
 static const long RSA_PKCS1_PSS_PADDING = 0;
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x1000100f
+static const long Cryptography_HAS_MGF1_MD = 1;
+#else
+static const long Cryptography_HAS_MGF1_MD = 0;
+int (*EVP_PKEY_CTX_set_rsa_mgf1_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL;
+#endif
 """
 
 CONDITIONAL_NAMES = {
@@ -92,4 +100,7 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_PSS_PADDING": [
         "RSA_PKCS1_PSS_PADDING",
     ],
+    "Cryptography_HAS_MGF1_MD": [
+        "EVP_PKEY_CTX_set_rsa_mgf1_md",
+    ],
 }