From eadc2eeb2137ac5716089654594b91055647f28f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 12:52:51 -0600 Subject: Start binding some stuff for ECDHE in pyOpenSSL. --- cryptography/hazmat/bindings/openssl/binding.py | 1 + cryptography/hazmat/bindings/openssl/ec.py | 31 +++++++++++++++++++++++++ cryptography/hazmat/bindings/openssl/ssl.py | 2 ++ 3 files changed, 34 insertions(+) create mode 100644 cryptography/hazmat/bindings/openssl/ec.py diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py index 8a4e1dd3..88299d14 100644 --- a/cryptography/hazmat/bindings/openssl/binding.py +++ b/cryptography/hazmat/bindings/openssl/binding.py @@ -48,6 +48,7 @@ class Binding(object): "crypto", "dh", "dsa", + "ec", "engine", "err", "evp", diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py new file mode 100644 index 00000000..7532a85e --- /dev/null +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +""" + +TYPES = """ +typdef ... EC_KEY; +""" + +FUNCTIONS = """ +EC_KEY *EC_KEY_new_by_curve_name(int); +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" + +CONDITIONAL_NAMES = {} diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index d0d5ae2d..ffc30963 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -77,6 +77,7 @@ static const int SSL_OP_NO_QUERY_MTU; static const int SSL_OP_COOKIE_EXCHANGE; static const int SSL_OP_NO_TICKET; static const int SSL_OP_ALL; +static const int SSL_OP_SINGLE_ECDH_USE; static const int SSL_VERIFY_PEER; static const int SSL_VERIFY_FAIL_IF_NO_PEER_CERT; static const int SSL_VERIFY_CLIENT_ONCE; @@ -231,6 +232,7 @@ long SSL_CTX_get_mode(SSL_CTX *); long SSL_CTX_set_session_cache_mode(SSL_CTX *, long); long SSL_CTX_get_session_cache_mode(SSL_CTX *); long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *); +long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *); long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); /*- These aren't macros these functions are all const X on openssl > 1.0.x -*/ -- cgit v1.2.3 From f2c5bfa982914237f930ba67daf2f29cebdcf4ad Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 12:55:35 -0600 Subject: oops --- cryptography/hazmat/bindings/openssl/ec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 7532a85e..24539477 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -15,7 +15,7 @@ INCLUDES = """ """ TYPES = """ -typdef ... EC_KEY; +typedef ... EC_KEY; """ FUNCTIONS = """ -- cgit v1.2.3 From 162eead0c6848b8aedf326a89b1ef76c510d3096 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 17:04:05 -0600 Subject: Allow these to not be defined because lololol fedora/centos --- cryptography/hazmat/bindings/openssl/ec.py | 12 +++++++++++- cryptography/hazmat/bindings/openssl/ssl.py | 8 ++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 24539477..9720a60b 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -26,6 +26,16 @@ MACROS = """ """ CUSTOMIZATIONS = """ +#ifdef OPENSSL_NO_EC +static const long Cryptography_HAS_EC = 0; +#else +static const long Cryptography_HAS_EC = 1; +EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_EC": [ + "EC_KEY_new_by_curve_name", + ] +} diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index ffc30963..cd872d18 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -347,6 +347,10 @@ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; #endif + +#ifdef OPENSSL_NO_EC +long (*SSL_CTX_set_tmp_ecdh)(SSL_CTX *, EC_KEY *) = NULL; +#endif """ CONDITIONAL_NAMES = { @@ -387,4 +391,8 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [ "SSL_OP_MSIE_SSLV2_RSA_PADDING", ], + + "Cryptography_HAS_EC": [ + "EC_KEY_new_by_curve_name", + ] } -- cgit v1.2.3 From d63149471b054de94090e3eb503f010ecc5569bc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 17:27:02 -0600 Subject: reversed --- cryptography/hazmat/bindings/openssl/ec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 9720a60b..3acb77e2 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -28,9 +28,9 @@ MACROS = """ CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_EC static const long Cryptography_HAS_EC = 0; +EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; #else static const long Cryptography_HAS_EC = 1; -EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; #endif """ -- cgit v1.2.3 From 3e5e6863c498791f0a74df1875b8ec92a473acdc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 17:59:08 -0600 Subject: Added forgotten decl --- cryptography/hazmat/bindings/openssl/ec.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 3acb77e2..cbb03360 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -15,6 +15,8 @@ INCLUDES = """ """ TYPES = """ +static const int Cryptography_HAS_EC; + typedef ... EC_KEY; """ -- cgit v1.2.3