diff options
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/evp.py | 44 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/rsa.py | 24 | ||||
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/ssl.py | 1 | ||||
| -rw-r--r-- | docs/installation.rst | 12 | ||||
| -rw-r--r-- | docs/spelling_wordlist.txt | 12 |
5 files changed, 82 insertions, 11 deletions
diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py index c7cc154f..02776490 100644 --- a/cryptography/hazmat/bindings/openssl/evp.py +++ b/cryptography/hazmat/bindings/openssl/evp.py @@ -32,6 +32,7 @@ typedef struct evp_pkey_st { int type; ...; } EVP_PKEY; +typedef ... EVP_PKEY_CTX; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; static const int EVP_MAX_MD_SIZE; @@ -41,6 +42,7 @@ static const int EVP_CTRL_GCM_SET_TAG; static const int Cryptography_HAS_GCM; static const int Cryptography_HAS_PBKDF2_HMAC; +static const int Cryptography_HAS_PKEY_CTX; """ FUNCTIONS = """ @@ -99,6 +101,9 @@ const EVP_MD *EVP_md5(void); int PKCS5_PBKDF2_HMAC_SHA1(const char *, int, const unsigned char *, int, int, int, unsigned char *); + +int EVP_PKEY_set1_RSA(EVP_PKEY *, struct rsa_st *); +int EVP_PKEY_set1_DSA(EVP_PKEY *, struct dsa_st *); """ MACROS = """ @@ -110,6 +115,20 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); int PKCS5_PBKDF2_HMAC(const char *, int, const unsigned char *, int, int, const EVP_MD *, int, unsigned char *); + +int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *, const EVP_MD *); + +// not macros but must be in this section since they're not available in 0.9.8 +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int, ENGINE *); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *); +int EVP_PKEY_sign_init(EVP_PKEY_CTX *); +int EVP_PKEY_sign(EVP_PKEY_CTX *, unsigned char *, size_t *, + const unsigned char *, size_t); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *); +int EVP_PKEY_verify(EVP_PKEY_CTX *, const unsigned char *, size_t, + const unsigned char *, size_t); """ CUSTOMIZATIONS = """ @@ -123,10 +142,24 @@ const long EVP_CTRL_GCM_SET_IVLEN = -1; #endif #if OPENSSL_VERSION_NUMBER >= 0x10000000 const long Cryptography_HAS_PBKDF2_HMAC = 1; +const long Cryptography_HAS_PKEY_CTX = 1; #else const long Cryptography_HAS_PBKDF2_HMAC = 0; int (*PKCS5_PBKDF2_HMAC)(const char *, int, const unsigned char *, int, int, const EVP_MD *, int, unsigned char *) = NULL; +const long Cryptography_HAS_PKEY_CTX = 0; +typedef void EVP_PKEY_CTX; +int (*EVP_PKEY_CTX_set_signature_md)(EVP_PKEY_CTX *, const EVP_MD *) = NULL; +int (*EVP_PKEY_sign_init)(EVP_PKEY_CTX *) = NULL; +int (*EVP_PKEY_sign)(EVP_PKEY_CTX *, unsigned char *, size_t *, + const unsigned char *, size_t) = NULL; +int (*EVP_PKEY_verify_init)(EVP_PKEY_CTX *) = NULL; +int (*EVP_PKEY_verify)(EVP_PKEY_CTX *, const unsigned char *, size_t, + const unsigned char *, size_t) = NULL; +EVP_PKEY_CTX *(*EVP_PKEY_CTX_new)(EVP_PKEY *, ENGINE *) = NULL; +EVP_PKEY_CTX *(*EVP_PKEY_CTX_new_id)(int, ENGINE *) = NULL; +EVP_PKEY_CTX *(*EVP_PKEY_CTX_dup)(EVP_PKEY_CTX *) = NULL; +void (*EVP_PKEY_CTX_free)(EVP_PKEY_CTX *) = NULL; #endif """ @@ -138,5 +171,16 @@ CONDITIONAL_NAMES = { ], "Cryptography_HAS_PBKDF2_HMAC": [ "PKCS5_PBKDF2_HMAC" + ], + "Cryptography_HAS_PKEY_CTX": [ + "EVP_PKEY_CTX_new", + "EVP_PKEY_CTX_new_id", + "EVP_PKEY_CTX_dup", + "EVP_PKEY_CTX_free", + "EVP_PKEY_sign", + "EVP_PKEY_sign_init", + "EVP_PKEY_verify", + "EVP_PKEY_verify_init", + "EVP_PKEY_CTX_set_signature_md", ] } diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py index a44ca4a6..b6f7d04c 100644 --- a/cryptography/hazmat/bindings/openssl/rsa.py +++ b/cryptography/hazmat/bindings/openssl/rsa.py @@ -43,6 +43,8 @@ int RSA_size(const RSA *); int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); int RSA_check_key(const RSA *); RSA *RSAPublicKey_dup(RSA *); +int RSA_blinding_on(RSA *, BN_CTX *); +void RSA_blinding_off(RSA *); int RSA_public_encrypt(int, const unsigned char *, unsigned char *, RSA *, int); int RSA_private_encrypt(int, const unsigned char *, unsigned char *, @@ -52,12 +54,32 @@ int RSA_public_decrypt(int, const unsigned char *, unsigned char *, int RSA_private_decrypt(int, const unsigned char *, unsigned char *, RSA *, int); int RSA_print(BIO *, const RSA *, int); +int RSA_verify_PKCS1_PSS(RSA *, const unsigned char *, const EVP_MD *, + const unsigned char *, int); +int RSA_padding_add_PKCS1_PSS(RSA *, unsigned char *, const unsigned char *, + const EVP_MD *, int); +int RSA_padding_add_PKCS1_OAEP(unsigned char *, int, const unsigned char *, + int, const unsigned char *, int); +int RSA_padding_check_PKCS1_OAEP(unsigned char *, int, const unsigned char *, + int, int, const unsigned char *, int); """ MACROS = """ +int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *, int); +int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *, int); """ CUSTOMIZATIONS = """ +#if OPENSSL_VERSION_NUMBER < 0x10000000 +// see evp.py for the definition of Cryptography_HAS_PKEY_CTX +int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL; +int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL; +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_PKEY_CTX": [ + "EVP_PKEY_CTX_set_rsa_padding", + "EVP_PKEY_CTX_set_rsa_pss_saltlen", + ] +} diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index 6c5795bd..038ea54b 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -117,6 +117,7 @@ static const int SSL_MODE_AUTO_RETRY; static const int SSL3_RANDOM_SIZE; typedef ... X509_STORE_CTX; static const int X509_V_OK; +static const int X509_V_ERR_APPLICATION_VERIFICATION; typedef ... SSL_METHOD; typedef ... SSL_CTX; diff --git a/docs/installation.rst b/docs/installation.rst index f9c3574d..63555abc 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -29,16 +29,20 @@ Building cryptography on Linux compiler, headers for Python (if you're not using ``pypy``), and headers for the OpenSSL and ``libffi`` libraries available on your system. -Debian and Ubuntu systems -~~~~~~~~~~~~~~~~~~~~~~~~~ - -For Debian and Ubuntu, the following command line will ensure the required +For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: .. code-block:: console $ sudo apt-get install build-essential libssl-dev libffi-dev python-dev +For Fedora and RHEL-derivatives, the following command will ensure that the +required dependencies are installed: + +.. code-block:: console + + $ sudo yum install gcc libffi-devel python-devel openssl-devel + You should now be able to build and install cryptography with the usual .. code-block:: console diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index b258420f..14b0b773 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -1,6 +1,9 @@ backend backends +Backends +Blowfish boolean +Changelog ciphertext committer committers @@ -10,7 +13,9 @@ cryptographically decrypt decrypted decrypting +Docstrings fernet +Fernet hazmat indistinguishability introspectability @@ -19,13 +24,8 @@ iOS pickleable plaintext pseudorandom +Schneier testability unencrypted unpadded unpadding -Backends -Blowfish -Changelog -Docstrings -Fernet -Schneier |