From 32a08adbca588aaae2ed4cf9ca92af224517a8ed Mon Sep 17 00:00:00 2001 From: Tim Kelsey Date: Mon, 15 Dec 2014 16:48:49 +0000 Subject: Adding more cffi bindings to openssl backend. - specifically adding items relating to X509 certificates. --- src/cryptography/hazmat/bindings/openssl/asn1.py | 5 +++++ src/cryptography/hazmat/bindings/openssl/evp.py | 8 ++++++++ src/cryptography/hazmat/bindings/openssl/nid.py | 11 +++++++++++ src/cryptography/hazmat/bindings/openssl/x509.py | 4 ++++ src/cryptography/hazmat/bindings/openssl/x509name.py | 4 +++- 5 files changed, 31 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/asn1.py b/src/cryptography/hazmat/bindings/openssl/asn1.py index a73dc325..7c4a752c 100644 --- a/src/cryptography/hazmat/bindings/openssl/asn1.py +++ b/src/cryptography/hazmat/bindings/openssl/asn1.py @@ -99,7 +99,12 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *, ASN1_GENERALIZEDTIME **); /* ASN1 UTCTIME */ +ASN1_UTCTIME *ASN1_UTCTIME_new(void); +void ASN1_UTCTIME_free(ASN1_UTCTIME *); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *, time_t); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *, time_t); +int ASN1_UTCTIME_check(ASN1_UTCTIME *); +int ASN1_UTCTIME_print(BIO * , ASN1_UTCTIME *); /* ASN1 GENERALIZEDTIME */ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *, const char *); diff --git a/src/cryptography/hazmat/bindings/openssl/evp.py b/src/cryptography/hazmat/bindings/openssl/evp.py index 29590579..f79be981 100644 --- a/src/cryptography/hazmat/bindings/openssl/evp.py +++ b/src/cryptography/hazmat/bindings/openssl/evp.py @@ -91,6 +91,8 @@ int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, EVP_PKEY *); const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_ripemd160(void); int PKCS5_PBKDF2_HMAC_SHA1(const char *, int, const unsigned char *, int, int, int, unsigned char *); @@ -220,6 +222,12 @@ EC_KEY *(*EVP_PKEY_get1_EC_KEY)(EVP_PKEY *) = NULL; int (*EVP_PKEY_set1_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; #endif +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +#endif """ CONDITIONAL_NAMES = { diff --git a/src/cryptography/hazmat/bindings/openssl/nid.py b/src/cryptography/hazmat/bindings/openssl/nid.py index 8d83c1e1..a025d3b4 100644 --- a/src/cryptography/hazmat/bindings/openssl/nid.py +++ b/src/cryptography/hazmat/bindings/openssl/nid.py @@ -201,6 +201,17 @@ static const int NID_any_policy; static const int NID_policy_mappings; static const int NID_target_information; static const int NID_no_rev_avail; + +static const int NID_commonName; +static const int NID_countryName; +static const int NID_localityName; +static const int NID_stateOrProvinceName; +static const int NID_organizationName; +static const int NID_organizationalUnitName; +static const int NID_serialNumber; +static const int NID_surname; +static const int NID_givenName; +static const int NID_pkcs9_emailAddress; """ FUNCTIONS = """ diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py index a6e1cb63..dd5e08ad 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509.py +++ b/src/cryptography/hazmat/bindings/openssl/x509.py @@ -113,6 +113,8 @@ X509 *X509_dup(X509 *); int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); int X509_set_version(X509 *, long); +int X509_set_notBefore(X509 *, ASN1_UTCTIME *); +int X509_set_notAfter(X509 *, ASN1_UTCTIME *); EVP_PKEY *X509_get_pubkey(X509 *); int X509_set_pubkey(X509 *, EVP_PKEY *); @@ -140,6 +142,8 @@ int X509_EXTENSION_get_critical(X509_EXTENSION *); ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *); void X509_EXTENSION_free(X509_EXTENSION *); +int i2d_X509(X509 *, unsigned char **); + int X509_REQ_set_version(X509_REQ *, long); X509_REQ *X509_REQ_new(void); void X509_REQ_free(X509_REQ *); diff --git a/src/cryptography/hazmat/bindings/openssl/x509name.py b/src/cryptography/hazmat/bindings/openssl/x509name.py index 9863c195..bda92eb7 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509name.py +++ b/src/cryptography/hazmat/bindings/openssl/x509name.py @@ -20,6 +20,9 @@ typedef ... Cryptography_STACK_OF_X509_NAME; """ FUNCTIONS = """ +X509_NAME *X509_NAME_new(void); +void X509_NAME_free(X509_NAME *); + int X509_NAME_entry_count(X509_NAME *); X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *, int); ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *); @@ -37,7 +40,6 @@ int X509_NAME_get_index_by_NID(X509_NAME *, int, int); int X509_NAME_cmp(const X509_NAME *, const X509_NAME *); char *X509_NAME_oneline(X509_NAME *, char *, int); X509_NAME *X509_NAME_dup(X509_NAME *); -void X509_NAME_free(X509_NAME *); """ MACROS = """ -- cgit v1.2.3 From adaa14b9b505b12c8cf4fd865bcc866c081ff918 Mon Sep 17 00:00:00 2001 From: Tim Kelsey Date: Wed, 17 Dec 2014 14:09:09 +0000 Subject: Making EVP_sha* bindings none conditional. - these were added in OpenSSL 0.9.8, a supported version. --- src/cryptography/hazmat/bindings/openssl/evp.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/evp.py b/src/cryptography/hazmat/bindings/openssl/evp.py index f79be981..f00c2f0d 100644 --- a/src/cryptography/hazmat/bindings/openssl/evp.py +++ b/src/cryptography/hazmat/bindings/openssl/evp.py @@ -93,6 +93,10 @@ int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, const EVP_MD *EVP_md5(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_ripemd160(void); +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); int PKCS5_PBKDF2_HMAC_SHA1(const char *, int, const unsigned char *, int, int, int, unsigned char *); @@ -221,13 +225,6 @@ int (*EVP_PKEY_assign_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; EC_KEY *(*EVP_PKEY_get1_EC_KEY)(EVP_PKEY *) = NULL; int (*EVP_PKEY_set1_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; #endif - -#if OPENSSL_VERSION_NUMBER >= 0x0090800fL -const EVP_MD *EVP_sha224(void); -const EVP_MD *EVP_sha256(void); -const EVP_MD *EVP_sha384(void); -const EVP_MD *EVP_sha512(void); -#endif """ CONDITIONAL_NAMES = { -- cgit v1.2.3 From 4ba7cf62324079c57f792443ef7dcfeaac565d62 Mon Sep 17 00:00:00 2001 From: Tim Kelsey Date: Wed, 17 Dec 2014 14:35:04 +0000 Subject: Moving things about to prevent compiler warnings with newer OpenSSL - some of these bindings changed to const in various newer OpenSSL versions. Moving them to macros section to acccount for this --- src/cryptography/hazmat/bindings/openssl/asn1.py | 4 ++-- src/cryptography/hazmat/bindings/openssl/x509.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/asn1.py b/src/cryptography/hazmat/bindings/openssl/asn1.py index 7c4a752c..e3631237 100644 --- a/src/cryptography/hazmat/bindings/openssl/asn1.py +++ b/src/cryptography/hazmat/bindings/openssl/asn1.py @@ -103,8 +103,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_new(void); void ASN1_UTCTIME_free(ASN1_UTCTIME *); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *, time_t); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *, time_t); -int ASN1_UTCTIME_check(ASN1_UTCTIME *); -int ASN1_UTCTIME_print(BIO * , ASN1_UTCTIME *); /* ASN1 GENERALIZEDTIME */ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *, const char *); @@ -128,6 +126,7 @@ const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *); int ASN1_STRING_length(ASN1_STRING *); ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *); int ASN1_STRING_cmp(ASN1_STRING *, ASN1_STRING *); +int ASN1_UTCTIME_print(BIO *, ASN1_UTCTIME *); ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *); int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *, ASN1_OCTET_STRING *); @@ -141,6 +140,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *); /* These isn't a macro the arg is const on openssl 1.0.2+ */ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *); +int ASN1_UTCTIME_check(ASN1_UTCTIME *); /* Not a macro, const on openssl 1.0 */ int ASN1_STRING_set_default_mask_asc(char *); diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py index dd5e08ad..f51b0e59 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509.py +++ b/src/cryptography/hazmat/bindings/openssl/x509.py @@ -113,8 +113,6 @@ X509 *X509_dup(X509 *); int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); int X509_set_version(X509 *, long); -int X509_set_notBefore(X509 *, ASN1_UTCTIME *); -int X509_set_notAfter(X509 *, ASN1_UTCTIME *); EVP_PKEY *X509_get_pubkey(X509 *); int X509_set_pubkey(X509 *, EVP_PKEY *); @@ -261,6 +259,8 @@ int i2d_DSAPrivateKey(DSA *, unsigned char **); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); +int X509_set_notBefore(X509 *, ASN1_UTCTIME *); +int X509_set_notAfter(X509 *, ASN1_UTCTIME *); /* These use STACK_OF(X509_EXTENSION) in 0.9.8e. Once we drop support for RHEL/CentOS 5 we should move these back to FUNCTIONS. */ -- cgit v1.2.3