From e7d5fdbb7bb2969329070e6f1b35ec49e634f0b3 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 10:06:12 -0500 Subject: bind a few more things necessary for OpenSSL.crypto. Also tweak some existing definitions to be more functional. --- cryptography/hazmat/backends/openssl/asn1.py | 10 +++++- cryptography/hazmat/backends/openssl/backend.py | 1 + cryptography/hazmat/backends/openssl/bignum.py | 9 +++++- cryptography/hazmat/backends/openssl/evp.py | 7 ++++- cryptography/hazmat/backends/openssl/nid.py | 1 + cryptography/hazmat/backends/openssl/objects.py | 41 +++++++++++++++++++++++++ cryptography/hazmat/backends/openssl/rsa.py | 2 ++ 7 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 cryptography/hazmat/backends/openssl/objects.py diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index b56932fa..28ec0631 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -16,7 +16,14 @@ INCLUDES = """ """ TYPES = """ -typedef ... time_t; +/* + * XXX This typedef is wrong. + * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive + * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * < fijal> exarkun: I think you want to declare your value too large (e.g. long) + * < fijal> exarkun: that way you'll never pass garbage + */ +typedef long time_t; typedef int ASN1_BOOLEAN; typedef ... ASN1_INTEGER; @@ -118,6 +125,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *); long ASN1_INTEGER_get(ASN1_INTEGER *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 6cc8275d..3d2fa01f 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -71,6 +71,7 @@ class Backend(object): "evp", "hmac", "nid", + "objects", "opensslv", "pem", "pkcs7", diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index 68d0c3a2..4885d5b4 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -17,7 +17,14 @@ INCLUDES = """ TYPES = """ typedef ... BIGNUM; -typedef ... BN_ULONG; +/* + * XXX This typedef is wrong. + * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive + * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * < fijal> exarkun: I think you want to declare your value too large (e.g. long) + * < fijal> exarkun: that way you'll never pass garbage + */ +typedef unsigned long long BN_ULONG; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py index 7e50a6b3..68bff2b7 100644 --- a/cryptography/hazmat/backends/openssl/evp.py +++ b/cryptography/hazmat/backends/openssl/evp.py @@ -24,7 +24,9 @@ typedef struct { ...; } EVP_CIPHER_CTX; typedef ... EVP_MD; -typedef struct env_md_ctx_st EVP_MD_CTX; +typedef struct env_md_ctx_st { + ...; +} EVP_MD_CTX; typedef struct evp_pkey_st { int type; @@ -32,6 +34,7 @@ typedef struct evp_pkey_st { } EVP_PKEY; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; +static const int EVP_MAX_MD_SIZE; static const int Cryptography_EVP_CTRL_GCM_SET_IVLEN; static const int Cryptography_EVP_CTRL_GCM_GET_TAG; static const int Cryptography_EVP_CTRL_GCM_SET_TAG; @@ -92,6 +95,8 @@ int EVP_VerifyInit(EVP_MD_CTX *, const EVP_MD *); int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t); int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, EVP_PKEY *); + +const EVP_MD *EVP_md5(void); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/nid.py b/cryptography/hazmat/backends/openssl/nid.py index 111f82f9..40aed19f 100644 --- a/cryptography/hazmat/backends/openssl/nid.py +++ b/cryptography/hazmat/backends/openssl/nid.py @@ -37,6 +37,7 @@ static const int NID_ecdsa_with_SHA384; static const int NID_ecdsa_with_SHA512; static const int NID_crl_reason; static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +static const int NID_subject_alt_name; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/backends/openssl/objects.py b/cryptography/hazmat/backends/openssl/objects.py new file mode 100644 index 00000000..b981252b --- /dev/null +++ b/cryptography/hazmat/backends/openssl/objects.py @@ -0,0 +1,41 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +#include +""" + +TYPES = """ +""" + +FUNCTIONS = """ +ASN1_OBJECT * OBJ_nid2obj(int n); +const char * OBJ_nid2ln(int n); +const char * OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +int OBJ_ln2nid(const char *ln); +int OBJ_sn2nid(const char *sn); +int OBJ_txt2nid(const char *s); +ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); +ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); +int OBJ_create(const char *oid,const char *sn,const char *ln); +void OBJ_cleanup(void); +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py index e3a24d0f..f9d9cb59 100644 --- a/cryptography/hazmat/backends/openssl/rsa.py +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -33,6 +33,7 @@ static const int RSA_SSLV23_PADDING; static const int RSA_NO_PADDING; static const int RSA_PKCS1_OAEP_PADDING; static const int RSA_X931_PADDING; +static const int RSA_F4; """ FUNCTIONS = """ @@ -50,6 +51,7 @@ int RSA_public_decrypt(int, const unsigned char *, unsigned char *, RSA *, int); int RSA_private_decrypt(int, const unsigned char *, unsigned char *, RSA *, int); +int RSA_print(BIO *bp, const RSA *r,int offset); """ MACROS = """ -- cgit v1.2.3 From e9ed22aec48fd3d27db6d8c027493b16a61e2ce3 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 11:27:49 -0500 Subject: Define the newly-required CONDITIONAL_NAMES None of these are conditional at the moment. --- cryptography/hazmat/backends/openssl/objects.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/objects.py b/cryptography/hazmat/backends/openssl/objects.py index b981252b..b3a2c2c9 100644 --- a/cryptography/hazmat/backends/openssl/objects.py +++ b/cryptography/hazmat/backends/openssl/objects.py @@ -39,3 +39,5 @@ MACROS = """ CUSTOMIZATIONS = """ """ + +CONDITIONAL_NAMES = {} -- cgit v1.2.3 From 7b136459af582427d7f738a905aa3cfaa5b4c195 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 15:11:16 -0500 Subject: revert the time_t and BN_ULONG fixes --- cryptography/hazmat/backends/openssl/asn1.py | 9 +-------- cryptography/hazmat/backends/openssl/bignum.py | 9 +-------- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index 28ec0631..12e8cb35 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -16,14 +16,7 @@ INCLUDES = """ """ TYPES = """ -/* - * XXX This typedef is wrong. - * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive - * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ - * < fijal> exarkun: I think you want to declare your value too large (e.g. long) - * < fijal> exarkun: that way you'll never pass garbage - */ -typedef long time_t; +typedef ... time_t; typedef int ASN1_BOOLEAN; typedef ... ASN1_INTEGER; diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index 4885d5b4..68d0c3a2 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -17,14 +17,7 @@ INCLUDES = """ TYPES = """ typedef ... BIGNUM; -/* - * XXX This typedef is wrong. - * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive - * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ - * < fijal> exarkun: I think you want to declare your value too large (e.g. long) - * < fijal> exarkun: that way you'll never pass garbage - */ -typedef unsigned long long BN_ULONG; +typedef ... BN_ULONG; """ FUNCTIONS = """ -- cgit v1.2.3 From cf99cc77f863a7254d449ecb5f80a35ad7db11ab Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 15:18:47 -0500 Subject: Switch two types which were declared as opaque but are actually integers to an integer type so they can be passed to functions --- cryptography/hazmat/backends/openssl/asn1.py | 9 ++++++++- cryptography/hazmat/backends/openssl/bignum.py | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index b56932fa..385c5e8c 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -16,7 +16,14 @@ INCLUDES = """ """ TYPES = """ -typedef ... time_t; +/* + * XXX This typedef is wrong. + * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive + * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * < fijal> exarkun: I think you want to declare your value too large (e.g. long) + * < fijal> exarkun: that way you'll never pass garbage + */ +typedef long time_t; typedef int ASN1_BOOLEAN; typedef ... ASN1_INTEGER; diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index 68d0c3a2..4885d5b4 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -17,7 +17,14 @@ INCLUDES = """ TYPES = """ typedef ... BIGNUM; -typedef ... BN_ULONG; +/* + * XXX This typedef is wrong. + * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive + * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * < fijal> exarkun: I think you want to declare your value too large (e.g. long) + * < fijal> exarkun: that way you'll never pass garbage + */ +typedef unsigned long long BN_ULONG; """ FUNCTIONS = """ -- cgit v1.2.3 From 5a8fdf82f396609ccb971d707edddea58f2d3917 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 26 Dec 2013 20:13:45 -0600 Subject: add mark that allows us to do skip tests on backends via decorators --- pytest.ini | 1 + tests/conftest.py | 3 ++- tests/test_utils.py | 33 ++++++++++++++++++++++++++++++++- tests/utils.py | 10 ++++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) diff --git a/pytest.ini b/pytest.ini index 1aeb23fc..36d4edc4 100644 --- a/pytest.ini +++ b/pytest.ini @@ -4,3 +4,4 @@ markers = hmac: this test requires a backend providing HMACBackend cipher: this test requires a backend providing CipherBackend hash: this test requires a backend providing HashBackend + supported: parametrized test requiring only_if and skip_message diff --git a/tests/conftest.py b/tests/conftest.py index e059b630..d8ab5819 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,7 +4,7 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import check_for_iface +from .utils import check_for_iface, supported_by_backend_skip def pytest_generate_tests(metafunc): @@ -19,3 +19,4 @@ def pytest_runtest_setup(item): check_for_iface("hmac", HMACBackend, item) check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) + supported_by_backend_skip(item) diff --git a/tests/test_utils.py b/tests/test_utils.py index a65091ff..b347efd5 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -20,7 +20,8 @@ import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, - load_openssl_vectors, load_hash_vectors, check_for_iface + load_openssl_vectors, load_hash_vectors, check_for_iface, + supported_by_backend_skip ) @@ -41,6 +42,36 @@ def test_check_for_iface(): check_for_iface("fake_name", FakeInterface, item) +def test_supported_by_backend_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: False, "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={"backend": True}) + with pytest.raises(pytest.skip.Exception) as exc_info: + supported_by_backend_skip(item) + assert exc_info.value.args[0] == "Nope" + + +def test_supported_by_backend_no_skip(): + supported = pretend.stub( + kwargs={"only_if": lambda backend: True, "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={"backend": True}) + assert supported_by_backend_skip(item) is None + + +def test_supported_by_backend_skip_no_backend(): + supported = pretend.stub( + kwargs={"only_if": "notalambda", "skip_message": "Nope"} + ) + item = pretend.stub(keywords={"supported": supported}, + funcargs={}) + with pytest.raises(TypeError): + supported_by_backend_skip(item) + + def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 82021a5f..113488d3 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -24,6 +24,16 @@ def check_for_iface(name, iface, item): )) +def supported_by_backend_skip(item): + supported = item.keywords.get("supported") + if supported and "backend" in item.funcargs: + if not supported.kwargs["only_if"](item.funcargs["backend"]): + pytest.skip(supported.kwargs["skip_message"]) + elif supported: + raise TypeError("This mark is only available on methods that take a " + "backend") + + def load_vectors_from_file(filename, loader): base = os.path.join( os.path.dirname(__file__), "hazmat", "primitives", "vectors", -- cgit v1.2.3 From 60fc8da5aad59fd61b891c3538ce61d96e91cbcb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 26 Dec 2013 20:19:34 -0600 Subject: rename the method to be less horribly named --- tests/conftest.py | 4 ++-- tests/test_utils.py | 14 +++++++------- tests/utils.py | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index d8ab5819..0ddc3338 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,7 +4,7 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import check_for_iface, supported_by_backend_skip +from .utils import check_for_iface, check_backend_support def pytest_generate_tests(metafunc): @@ -19,4 +19,4 @@ def pytest_runtest_setup(item): check_for_iface("hmac", HMACBackend, item) check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) - supported_by_backend_skip(item) + check_backend_support(item) diff --git a/tests/test_utils.py b/tests/test_utils.py index b347efd5..32daff70 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -21,7 +21,7 @@ import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, load_openssl_vectors, load_hash_vectors, check_for_iface, - supported_by_backend_skip + check_backend_support ) @@ -42,34 +42,34 @@ def test_check_for_iface(): check_for_iface("fake_name", FakeInterface, item) -def test_supported_by_backend_skip(): +def test_check_backend_support_skip(): supported = pretend.stub( kwargs={"only_if": lambda backend: False, "skip_message": "Nope"} ) item = pretend.stub(keywords={"supported": supported}, funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: - supported_by_backend_skip(item) + check_backend_support(item) assert exc_info.value.args[0] == "Nope" -def test_supported_by_backend_no_skip(): +def test_check_backend_support_no_skip(): supported = pretend.stub( kwargs={"only_if": lambda backend: True, "skip_message": "Nope"} ) item = pretend.stub(keywords={"supported": supported}, funcargs={"backend": True}) - assert supported_by_backend_skip(item) is None + assert check_backend_support(item) is None -def test_supported_by_backend_skip_no_backend(): +def test_check_backend_support_no_backend(): supported = pretend.stub( kwargs={"only_if": "notalambda", "skip_message": "Nope"} ) item = pretend.stub(keywords={"supported": supported}, funcargs={}) with pytest.raises(TypeError): - supported_by_backend_skip(item) + check_backend_support(item) def test_load_nist_vectors(): diff --git a/tests/utils.py b/tests/utils.py index 113488d3..7ae2eb8b 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -24,7 +24,7 @@ def check_for_iface(name, iface, item): )) -def supported_by_backend_skip(item): +def check_backend_support(item): supported = item.keywords.get("supported") if supported and "backend" in item.funcargs: if not supported.kwargs["only_if"](item.funcargs["backend"]): -- cgit v1.2.3 From 783479c6189d788ac2f721b5b017073736c578cb Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 26 Dec 2013 21:08:45 -0600 Subject: refactor all tests to use mark instead of generator skips --- tests/hazmat/primitives/test_3des.py | 42 +++---- tests/hazmat/primitives/test_aes.py | 77 +++++++++---- tests/hazmat/primitives/test_arc4.py | 10 +- tests/hazmat/primitives/test_block.py | 14 +-- tests/hazmat/primitives/test_blowfish.py | 51 +++++--- tests/hazmat/primitives/test_camellia.py | 51 +++++--- tests/hazmat/primitives/test_cast5.py | 10 +- tests/hazmat/primitives/test_hash_vectors.py | 52 +++++---- tests/hazmat/primitives/test_hashes.py | 95 +++++++-------- tests/hazmat/primitives/test_hmac.py | 13 ++- tests/hazmat/primitives/test_hmac_vectors.py | 42 ++++--- tests/hazmat/primitives/test_utils.py | 117 ------------------- tests/hazmat/primitives/utils.py | 166 ++++----------------------- 13 files changed, 290 insertions(+), 450 deletions(-) delete mode 100644 tests/hazmat/primitives/test_utils.py diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index 439ca258..581c47eb 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -28,6 +28,12 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) + ), + skip_message="Does not support TripleDES CBC", +) @pytest.mark.cipher class TestTripleDES_CBC(object): test_KAT = generate_encrypt_test( @@ -42,10 +48,6 @@ class TestTripleDES_CBC(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) - ), - skip_message="Does not support TripleDES CBC", ) test_MMT = generate_encrypt_test( @@ -60,13 +62,15 @@ class TestTripleDES_CBC(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) - ), - skip_message="Does not support TripleDES CBC", ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) + ), + skip_message="Does not support TripleDES OFB", +) @pytest.mark.cipher class TestTripleDES_OFB(object): test_KAT = generate_encrypt_test( @@ -81,10 +85,6 @@ class TestTripleDES_OFB(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) - ), - skip_message="Does not support TripleDES OFB", ) test_MMT = generate_encrypt_test( @@ -99,13 +99,15 @@ class TestTripleDES_OFB(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) - ), - skip_message="Does not support TripleDES OFB", ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) + ), + skip_message="Does not support TripleDES CFB", +) @pytest.mark.cipher class TestTripleDES_CFB(object): test_KAT = generate_encrypt_test( @@ -120,10 +122,6 @@ class TestTripleDES_CFB(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) - ), - skip_message="Does not support TripleDES CFB", ) test_MMT = generate_encrypt_test( @@ -138,8 +136,4 @@ class TestTripleDES_CFB(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) - ), - skip_message="Does not support TripleDES CFB", ) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index e9ef3853..8cba8c66 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -26,8 +26,14 @@ from ...utils import ( ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", +) @pytest.mark.cipher -class TestAES(object): +class TestAES_CBC(object): test_CBC = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "CBC"), @@ -50,12 +56,17 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16) - ), - skip_message="Does not support AES CBC", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.ECB() + ), + skip_message="Does not support AES ECB", +) +@pytest.mark.cipher +class TestAES_ECB(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "ECB"), @@ -78,12 +89,17 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.ECB() - ), - skip_message="Does not support AES ECB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support AES OFB", +) +@pytest.mark.cipher +class TestAES_OFB(object): test_OFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "OFB"), @@ -106,12 +122,17 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16) - ), - skip_message="Does not support AES OFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support AES CFB", +) +@pytest.mark.cipher +class TestAES_CFB(object): test_CFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "AES", "CFB"), @@ -134,24 +155,34 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16) - ), - skip_message="Does not support AES CFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) + ), + skip_message="Does not support AES CTR", +) +@pytest.mark.cipher +class TestAES_CTR(object): test_CTR = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "AES", "CTR"), ["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16) - ), - skip_message="Does not support AES CTR", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", +) +@pytest.mark.cipher +class TestAES_GCM(object): test_GCM = generate_aead_test( load_nist_vectors, os.path.join("ciphers", "AES", "GCM"), @@ -165,8 +196,4 @@ class TestAES(object): ], lambda key: algorithms.AES(key), lambda iv, tag: modes.GCM(iv, tag), - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py index f2e2452c..33f7ff09 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/test_arc4.py @@ -24,6 +24,12 @@ from .utils import generate_stream_encryption_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.ARC4("\x00" * 16), None + ), + skip_message="Does not support ARC4", +) @pytest.mark.cipher class TestARC4(object): test_rfc = generate_stream_encryption_test( @@ -39,8 +45,4 @@ class TestARC4(object): "rfc-6229-256.txt", ], lambda key, **kwargs: algorithms.ARC4(binascii.unhexlify(key)), - only_if=lambda backend: backend.cipher_supported( - algorithms.ARC4("\x00" * 16), None - ), - skip_message="Does not support ARC4", ) diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 22a7c02f..30cf1d60 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -136,21 +136,19 @@ class TestCipherContext(object): decryptor.finalize() +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) + ), + skip_message="Does not support AES GCM", +) @pytest.mark.cipher class TestAEADCipherContext(object): test_aead_exceptions = generate_aead_exception_test( algorithms.AES, modes.GCM, - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) test_aead_tag_exceptions = generate_aead_tag_exception_test( algorithms.AES, modes.GCM, - only_if=lambda backend: backend.cipher_supported( - algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12) - ), - skip_message="Does not support AES GCM", ) diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py index 79ceabe7..18512a6e 100644 --- a/tests/hazmat/primitives/test_blowfish.py +++ b/tests/hazmat/primitives/test_blowfish.py @@ -24,52 +24,69 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.ECB() + ), + skip_message="Does not support Blowfish ECB", +) @pytest.mark.cipher -class TestBlowfish(object): +class TestBlowfish_ECB(object): test_ECB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ecb.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.ECB() - ), - skip_message="Does not support Blowfish ECB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) + ), + skip_message="Does not support Blowfish CBC", +) +@pytest.mark.cipher +class TestBlowfish_CBC(object): test_CBC = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cbc.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8) - ), - skip_message="Does not support Blowfish CBC", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) + ), + skip_message="Does not support Blowfish OFB", +) +@pytest.mark.cipher +class TestBlowfish_OFB(object): test_OFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-ofb.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8) - ), - skip_message="Does not support Blowfish OFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) + ), + skip_message="Does not support Blowfish CFB", +) +@pytest.mark.cipher +class TestBlowfish_CFB(object): test_CFB = generate_encrypt_test( load_nist_vectors, os.path.join("ciphers", "Blowfish"), ["bf-cfb.txt"], lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8) - ), - skip_message="Does not support Blowfish CFB", ) diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index c376220e..7c56f6f9 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -26,8 +26,14 @@ from ...utils import ( ) +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.ECB() + ), + skip_message="Does not support Camellia ECB", +) @pytest.mark.cipher -class TestCamellia(object): +class TestCamellia_ECB(object): test_ECB = generate_encrypt_test( load_cryptrec_vectors, os.path.join("ciphers", "Camellia"), @@ -38,44 +44,55 @@ class TestCamellia(object): ], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.ECB() - ), - skip_message="Does not support Camellia ECB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support Camellia CBC", +) +@pytest.mark.cipher +class TestCamellia_CBC(object): test_CBC = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cbc.txt"], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16) - ), - skip_message="Does not support Camellia CBC", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support Camellia OFB", +) +@pytest.mark.cipher +class TestCamellia_OFB(object): test_OFB = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-ofb.txt"], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16) - ), - skip_message="Does not support Camellia OFB", ) + +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support Camellia CFB", +) +@pytest.mark.cipher +class TestCamellia_CFB(object): test_CFB = generate_encrypt_test( load_openssl_vectors, os.path.join("ciphers", "Camellia"), ["camellia-cfb.txt"], lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), - only_if=lambda backend: backend.cipher_supported( - algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16) - ), - skip_message="Does not support Camellia CFB", ) diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index a4789c65..d65a86b2 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -24,6 +24,12 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.cipher_supported( + algorithms.CAST5("\x00" * 16), modes.ECB() + ), + skip_message="Does not support CAST5 ECB", +) @pytest.mark.cipher class TestCAST5(object): test_ECB = generate_encrypt_test( @@ -32,8 +38,4 @@ class TestCAST5(object): ["cast5-ecb.txt"], lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))), lambda **kwargs: modes.ECB(), - only_if=lambda backend: backend.cipher_supported( - algorithms.CAST5("\x00" * 16), modes.ECB() - ), - skip_message="Does not support CAST5 ECB", ) diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index d9febea9..13ffc3fd 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -23,6 +23,10 @@ from .utils import generate_hash_test, generate_long_string_hash_test from ...utils import load_hash_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) @pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_hash_test( @@ -33,11 +37,13 @@ class TestSHA1(object): "SHA1ShortMsg.rsp", ], hashes.SHA1(), - only_if=lambda backend: backend.hash_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) @pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_hash_test( @@ -48,11 +54,13 @@ class TestSHA224(object): "SHA224ShortMsg.rsp", ], hashes.SHA224(), - only_if=lambda backend: backend.hash_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) @pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_hash_test( @@ -63,11 +71,13 @@ class TestSHA256(object): "SHA256ShortMsg.rsp", ], hashes.SHA256(), - only_if=lambda backend: backend.hash_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) @pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_hash_test( @@ -78,11 +88,13 @@ class TestSHA384(object): "SHA384ShortMsg.rsp", ], hashes.SHA384(), - only_if=lambda backend: backend.hash_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) @pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_hash_test( @@ -93,11 +105,13 @@ class TestSHA512(object): "SHA512ShortMsg.rsp", ], hashes.SHA512(), - only_if=lambda backend: backend.hash_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) @pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_hash_test( @@ -107,18 +121,18 @@ class TestRIPEMD160(object): "ripevectors.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) test_RIPEMD160_long_string = generate_long_string_hash_test( hashes.RIPEMD160(), "52783243c1697bdbe16d37f97f68f08325dc1528", - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + skip_message="Does not support Whirlpool", +) @pytest.mark.hash class TestWhirlpool(object): test_whirlpool = generate_hash_test( @@ -128,8 +142,6 @@ class TestWhirlpool(object): "iso-test-vectors.txt", ], hashes.Whirlpool(), - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) test_whirlpool_long_string = generate_long_string_hash_test( @@ -137,11 +149,13 @@ class TestWhirlpool(object): ("0c99005beb57eff50a7cf005560ddf5d29057fd86b2" "0bfd62deca0f1ccea4af51fc15490eddc47af32bb2b" "66c34ff9ad8c6008ad677f77126953b226e4ed8b01"), - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hash class TestMD5(object): test_md5 = generate_hash_test( @@ -151,6 +165,4 @@ class TestMD5(object): "rfc-1321.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 45faaab2..d52021eb 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -23,7 +23,7 @@ from cryptography import utils from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes, interfaces -from .utils import generate_base_hash_test +from .utils import base_hash_test @utils.register_interface(interfaces.HashAlgorithm) @@ -70,88 +70,73 @@ class TestHashContext(object): @pytest.mark.hash -class TestSHA1(object): - test_SHA1 = generate_base_hash_test( - hashes.SHA1(), - digest_size=20, - block_size=64, +class TestHashes(object): + @pytest.mark.supported( only_if=lambda backend: backend.hash_supported(hashes.SHA1), skip_message="Does not support SHA1", ) + def test_SHA1(self, backend): + base_hash_test(backend, hashes.SHA1(), digest_size=20, block_size=64) - -@pytest.mark.hash -class TestSHA224(object): - test_SHA224 = generate_base_hash_test( - hashes.SHA224(), - digest_size=28, - block_size=64, + @pytest.mark.supported( only_if=lambda backend: backend.hash_supported(hashes.SHA224), skip_message="Does not support SHA224", ) + def test_SHA224(self, backend): + base_hash_test(backend, hashes.SHA224(), digest_size=28, block_size=64) - -@pytest.mark.hash -class TestSHA256(object): - test_SHA256 = generate_base_hash_test( - hashes.SHA256(), - digest_size=32, - block_size=64, + @pytest.mark.supported( only_if=lambda backend: backend.hash_supported(hashes.SHA256), skip_message="Does not support SHA256", ) + def test_SHA256(self, backend): + base_hash_test(backend, hashes.SHA256(), digest_size=32, block_size=64) - -@pytest.mark.hash -class TestSHA384(object): - test_SHA384 = generate_base_hash_test( - hashes.SHA384(), - digest_size=48, - block_size=128, + @pytest.mark.supported( only_if=lambda backend: backend.hash_supported(hashes.SHA384), skip_message="Does not support SHA384", ) + def test_SHA384(self, backend): + base_hash_test(backend, hashes.SHA384(), + digest_size=48, block_size=128) - -@pytest.mark.hash -class TestSHA512(object): - test_SHA512 = generate_base_hash_test( - hashes.SHA512(), - digest_size=64, - block_size=128, + @pytest.mark.supported( only_if=lambda backend: backend.hash_supported(hashes.SHA512), skip_message="Does not support SHA512", ) + def test_SHA512(self, backend): + base_hash_test(backend, hashes.SHA512(), + digest_size=64, block_size=128) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) @pytest.mark.hash class TestRIPEMD160(object): - test_RIPEMD160 = generate_base_hash_test( - hashes.RIPEMD160(), - digest_size=20, - block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", - ) + def test_RIPEMD160(self, backend): + base_hash_test(backend, hashes.RIPEMD160(), + digest_size=20, block_size=64) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), + skip_message="Does not support Whirlpool", +) @pytest.mark.hash class TestWhirlpool(object): - test_Whirlpool = generate_base_hash_test( - hashes.Whirlpool(), - digest_size=64, - block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.Whirlpool), - skip_message="Does not support Whirlpool", - ) + def test_Whirlpool(self, backend): + base_hash_test(backend, hashes.Whirlpool(), + digest_size=64, block_size=64) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hash class TestMD5(object): - test_MD5 = generate_base_hash_test( - hashes.MD5(), - digest_size=16, - block_size=64, - only_if=lambda backend: backend.hash_supported(hashes.MD5), - skip_message="Does not support MD5", - ) + def test_MD5(self, backend): + base_hash_test(backend, hashes.MD5(), + digest_size=16, block_size=64) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 6d8cc27b..c216dd4d 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -13,6 +13,8 @@ from __future__ import absolute_import, division, print_function +import binascii + import pretend import pytest @@ -23,8 +25,6 @@ from cryptography import utils from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes, hmac, interfaces -from .utils import generate_base_hmac_test - @utils.register_interface(interfaces.HashAlgorithm) class UnsupportedDummyHash(object): @@ -33,11 +33,16 @@ class UnsupportedDummyHash(object): @pytest.mark.hmac class TestHMAC(object): - test_copy = generate_base_hmac_test( - hashes.MD5(), + @pytest.mark.supported( only_if=lambda backend: backend.hmac_supported(hashes.MD5), skip_message="Does not support MD5", ) + def test_hmac_copy(self, backend): + key = b"ab" + h = hmac.HMAC(binascii.unhexlify(key), hashes.MD5(), backend=backend) + h_copy = h.copy() + assert h != h_copy + assert h._ctx != h_copy._ctx def test_hmac_reject_unicode(self, backend): h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend) diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index 9bc06a2e..c5644459 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -21,6 +21,10 @@ from .utils import generate_hmac_test from ...utils import load_hash_vectors +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hmac class TestHMAC_MD5(object): test_hmac_md5 = generate_hmac_test( @@ -30,11 +34,13 @@ class TestHMAC_MD5(object): "rfc-2202-md5.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hmac_supported(hashes.MD5), - skip_message="Does not support MD5", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) @pytest.mark.hmac class TestHMAC_SHA1(object): test_hmac_sha1 = generate_hmac_test( @@ -44,11 +50,13 @@ class TestHMAC_SHA1(object): "rfc-2202-sha1.txt", ], hashes.SHA1(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA1), - skip_message="Does not support SHA1", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) @pytest.mark.hmac class TestHMAC_SHA224(object): test_hmac_sha224 = generate_hmac_test( @@ -58,11 +66,13 @@ class TestHMAC_SHA224(object): "rfc-4231-sha224.txt", ], hashes.SHA224(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA224), - skip_message="Does not support SHA224", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) @pytest.mark.hmac class TestHMAC_SHA256(object): test_hmac_sha256 = generate_hmac_test( @@ -72,11 +82,13 @@ class TestHMAC_SHA256(object): "rfc-4231-sha256.txt", ], hashes.SHA256(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA256), - skip_message="Does not support SHA256", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) @pytest.mark.hmac class TestHMAC_SHA384(object): test_hmac_sha384 = generate_hmac_test( @@ -86,11 +98,13 @@ class TestHMAC_SHA384(object): "rfc-4231-sha384.txt", ], hashes.SHA384(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA384), - skip_message="Does not support SHA384", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) @pytest.mark.hmac class TestHMAC_SHA512(object): test_hmac_sha512 = generate_hmac_test( @@ -100,11 +114,13 @@ class TestHMAC_SHA512(object): "rfc-4231-sha512.txt", ], hashes.SHA512(), - only_if=lambda backend: backend.hmac_supported(hashes.SHA512), - skip_message="Does not support SHA512", ) +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), + skip_message="Does not support RIPEMD160", +) @pytest.mark.hmac class TestHMAC_RIPEMD160(object): test_hmac_ripemd160 = generate_hmac_test( @@ -114,6 +130,4 @@ class TestHMAC_RIPEMD160(object): "rfc-2286-ripemd160.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), - skip_message="Does not support RIPEMD160", ) diff --git a/tests/hazmat/primitives/test_utils.py b/tests/hazmat/primitives/test_utils.py deleted file mode 100644 index c39364c7..00000000 --- a/tests/hazmat/primitives/test_utils.py +++ /dev/null @@ -1,117 +0,0 @@ -import pytest - -from .utils import ( - base_hash_test, encrypt_test, hash_test, long_string_hash_test, - base_hmac_test, hmac_test, stream_encryption_test, aead_test, - aead_exception_test, aead_tag_exception_test, -) - - -class TestEncryptTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - encrypt_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADExceptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_exception_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestAEADTagExceptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - aead_tag_exception_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - hash_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestBaseHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - base_hash_test( - None, None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestLongHashTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - long_string_hash_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestHMACTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - hmac_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestBaseHMACTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - base_hmac_test( - None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" - - -class TestStreamEncryptionTest(object): - def test_skips_if_only_if_returns_false(self): - with pytest.raises(pytest.skip.Exception) as exc_info: - stream_encryption_test( - None, None, None, - only_if=lambda backend: False, - skip_message="message!" - ) - assert exc_info.value.args[0] == "message!" diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index e0184777..3c962752 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -22,27 +22,17 @@ def _load_all_params(path, file_names, param_loader): def generate_encrypt_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if, skip_message=None): + mode_factory): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_encryption(self, backend, params): - encrypt_test( - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + encrypt_test(backend, cipher_factory, mode_factory, params) return test_encryption -def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def encrypt_test(backend, cipher_factory, mode_factory, params): plaintext = params["plaintext"] ciphertext = params["ciphertext"] cipher = Cipher( @@ -61,27 +51,17 @@ def encrypt_test(backend, cipher_factory, mode_factory, params, only_if, def generate_aead_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if, skip_message): + mode_factory): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_aead(self, backend, params): - aead_test( - backend, - cipher_factory, - mode_factory, - params, - only_if, - skip_message - ) + aead_test(backend, cipher_factory, mode_factory, params) return test_aead -def aead_test(backend, cipher_factory, mode_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_test(backend, cipher_factory, mode_factory, params): if params.get("pt") is not None: plaintext = params["pt"] ciphertext = params["ct"] @@ -124,26 +104,16 @@ def aead_test(backend, cipher_factory, mode_factory, params, only_if, def generate_stream_encryption_test(param_loader, path, file_names, - cipher_factory, only_if=None, - skip_message=None): + cipher_factory): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_stream_encryption(self, backend, params): - stream_encryption_test( - backend, - cipher_factory, - params, - only_if, - skip_message - ) + stream_encryption_test(backend, cipher_factory, params) return test_stream_encryption -def stream_encryption_test(backend, cipher_factory, params, only_if, - skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def stream_encryption_test(backend, cipher_factory, params): plaintext = params["plaintext"] ciphertext = params["ciphertext"] offset = params["offset"] @@ -161,25 +131,16 @@ def stream_encryption_test(backend, cipher_factory, params, only_if, assert actual_plaintext == binascii.unhexlify(plaintext) -def generate_hash_test(param_loader, path, file_names, hash_cls, - only_if=None, skip_message=None): +def generate_hash_test(param_loader, path, file_names, hash_cls): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_hash(self, backend, params): - hash_test( - backend, - hash_cls, - params, - only_if, - skip_message - ) + hash_test(backend, hash_cls, params) return test_hash -def hash_test(backend, algorithm, params, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def hash_test(backend, algorithm, params): msg = params[0] md = params[1] m = hashes.Hash(algorithm, backend=backend) @@ -188,25 +149,7 @@ def hash_test(backend, algorithm, params, only_if, skip_message): assert m.finalize() == binascii.unhexlify(expected_md) -def generate_base_hash_test(algorithm, digest_size, block_size, - only_if=None, skip_message=None): - def test_base_hash(self, backend): - base_hash_test( - backend, - algorithm, - digest_size, - block_size, - only_if, - skip_message, - ) - return test_base_hash - - -def base_hash_test(backend, algorithm, digest_size, block_size, only_if, - skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) - +def base_hash_test(backend, algorithm, digest_size, block_size): m = hashes.Hash(algorithm, backend=backend) assert m.algorithm.digest_size == digest_size assert m.algorithm.block_size == block_size @@ -221,46 +164,28 @@ def base_hash_test(backend, algorithm, digest_size, block_size, only_if, assert copy.finalize() == m.finalize() -def generate_long_string_hash_test(hash_factory, md, only_if=None, - skip_message=None): +def generate_long_string_hash_test(hash_factory, md): def test_long_string_hash(self, backend): - long_string_hash_test( - backend, - hash_factory, - md, - only_if, - skip_message - ) + long_string_hash_test(backend, hash_factory, md) return test_long_string_hash -def long_string_hash_test(backend, algorithm, md, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def long_string_hash_test(backend, algorithm, md): m = hashes.Hash(algorithm, backend=backend) m.update(b"a" * 1000000) assert m.finalize() == binascii.unhexlify(md.lower().encode("ascii")) -def generate_hmac_test(param_loader, path, file_names, algorithm, - only_if=None, skip_message=None): +def generate_hmac_test(param_loader, path, file_names, algorithm): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) def test_hmac(self, backend, params): - hmac_test( - backend, - algorithm, - params, - only_if, - skip_message - ) + hmac_test(backend, algorithm, params) return test_hmac -def hmac_test(backend, algorithm, params, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) +def hmac_test(backend, algorithm, params): msg = params[0] md = params[1] key = params[2] @@ -269,44 +194,13 @@ def hmac_test(backend, algorithm, params, only_if, skip_message): assert h.finalize() == binascii.unhexlify(md.encode("ascii")) -def generate_base_hmac_test(hash_cls, only_if=None, skip_message=None): - def test_base_hmac(self, backend): - base_hmac_test( - backend, - hash_cls, - only_if, - skip_message, - ) - return test_base_hmac - - -def base_hmac_test(backend, algorithm, only_if, skip_message): - if only_if is not None and not only_if(backend): - pytest.skip(skip_message) - key = b"ab" - h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) - h_copy = h.copy() - assert h != h_copy - assert h._ctx != h_copy._ctx - - -def generate_aead_exception_test(cipher_factory, mode_factory, - only_if, skip_message): +def generate_aead_exception_test(cipher_factory, mode_factory): def test_aead_exception(self, backend): - aead_exception_test( - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) + aead_exception_test(backend, cipher_factory, mode_factory) return test_aead_exception -def aead_exception_test(backend, cipher_factory, mode_factory, - only_if, skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_exception_test(backend, cipher_factory, mode_factory): cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24)), @@ -336,23 +230,13 @@ def aead_exception_test(backend, cipher_factory, mode_factory, decryptor.tag -def generate_aead_tag_exception_test(cipher_factory, mode_factory, - only_if, skip_message): +def generate_aead_tag_exception_test(cipher_factory, mode_factory): def test_aead_tag_exception(self, backend): - aead_tag_exception_test( - backend, - cipher_factory, - mode_factory, - only_if, - skip_message - ) + aead_tag_exception_test(backend, cipher_factory, mode_factory) return test_aead_tag_exception -def aead_tag_exception_test(backend, cipher_factory, mode_factory, - only_if, skip_message): - if not only_if(backend): - pytest.skip(skip_message) +def aead_tag_exception_test(backend, cipher_factory, mode_factory): cipher = Cipher( cipher_factory(binascii.unhexlify(b"0" * 32)), mode_factory(binascii.unhexlify(b"0" * 24)), -- cgit v1.2.3 From c7dfd526f8fa9cbca2b9937f110ac9d3160442dd Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Fri, 27 Dec 2013 13:38:16 -0500 Subject: remove parameter names, fix some spacing --- cryptography/hazmat/backends/openssl/asn1.py | 2 +- cryptography/hazmat/backends/openssl/objects.py | 26 ++++++++++++------------- cryptography/hazmat/backends/openssl/rsa.py | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index ec25c225..07bb32f9 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -118,7 +118,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *); long ASN1_INTEGER_get(ASN1_INTEGER *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); -ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *, ASN1_INTEGER *); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/objects.py b/cryptography/hazmat/backends/openssl/objects.py index b3a2c2c9..aff1c496 100644 --- a/cryptography/hazmat/backends/openssl/objects.py +++ b/cryptography/hazmat/backends/openssl/objects.py @@ -19,19 +19,19 @@ TYPES = """ """ FUNCTIONS = """ -ASN1_OBJECT * OBJ_nid2obj(int n); -const char * OBJ_nid2ln(int n); -const char * OBJ_nid2sn(int n); -int OBJ_obj2nid(const ASN1_OBJECT *o); -int OBJ_ln2nid(const char *ln); -int OBJ_sn2nid(const char *sn); -int OBJ_txt2nid(const char *s); -ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); -int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); -int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); -ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); -int OBJ_create(const char *oid,const char *sn,const char *ln); -void OBJ_cleanup(void); +ASN1_OBJECT * OBJ_nid2obj(int); +const char * OBJ_nid2ln(int); +const char * OBJ_nid2sn(int); +int OBJ_obj2nid(const ASN1_OBJECT *); +int OBJ_ln2nid(const char *); +int OBJ_sn2nid(const char *); +int OBJ_txt2nid(const char *); +ASN1_OBJECT * OBJ_txt2obj(const char *, int); +int OBJ_obj2txt(char *, int, const ASN1_OBJECT *, int); +int OBJ_cmp(const ASN1_OBJECT *, const ASN1_OBJECT *); +ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *); +int OBJ_create(const char *, const char *, const char *); +void OBJ_cleanup(); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py index f9d9cb59..6cee569a 100644 --- a/cryptography/hazmat/backends/openssl/rsa.py +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -51,7 +51,7 @@ int RSA_public_decrypt(int, const unsigned char *, unsigned char *, RSA *, int); int RSA_private_decrypt(int, const unsigned char *, unsigned char *, RSA *, int); -int RSA_print(BIO *bp, const RSA *r,int offset); +int RSA_print(BIO *, const RSA *, int); """ MACROS = """ -- cgit v1.2.3 From 3aa5b942364aec3cd6c281802dab18c04e22b0f1 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Fri, 27 Dec 2013 13:58:42 -0500 Subject: Shorten long lines --- cryptography/hazmat/backends/openssl/asn1.py | 6 +++--- cryptography/hazmat/backends/openssl/bignum.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index e285954a..3d3a8dea 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -18,10 +18,10 @@ INCLUDES = """ TYPES = """ /* * XXX This typedef is wrong. - * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive + * https://bitbucket.org/cffi/cffi/issue/69 * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ - * < fijal> exarkun: I think you want to declare your value too large (e.g. long) - * < fijal> exarkun: that way you'll never pass garbage + * I think you want to declare your value too large (e.g. long) + * that way you'll never pass garbage */ typedef long time_t; diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index 4885d5b4..41c9d1e5 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -19,10 +19,10 @@ TYPES = """ typedef ... BIGNUM; /* * XXX This typedef is wrong. - * https://bitbucket.org/cffi/cffi/issue/69/support-for-using-typedef-with-primitive + * https://bitbucket.org/cffi/cffi/issue/69 * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ - * < fijal> exarkun: I think you want to declare your value too large (e.g. long) - * < fijal> exarkun: that way you'll never pass garbage + * I think you want to declare your value too large (e.g. long) + * that way you'll never pass garbage */ typedef unsigned long long BN_ULONG; """ -- cgit v1.2.3 From 470a116786e692753ef96da2095d72e5383d417d Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Fri, 27 Dec 2013 14:02:45 -0500 Subject: Use uintptr_t to get sufficiently wide storage for these types even on 32 bit Windows. --- cryptography/hazmat/backends/openssl/asn1.py | 2 +- cryptography/hazmat/backends/openssl/bignum.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index 3d3a8dea..e7c18a52 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -23,7 +23,7 @@ TYPES = """ * I think you want to declare your value too large (e.g. long) * that way you'll never pass garbage */ -typedef long time_t; +typedef uintptr_t time_t; typedef int ASN1_BOOLEAN; typedef ... ASN1_INTEGER; diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index 41c9d1e5..a5ba07b1 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -24,7 +24,7 @@ typedef ... BIGNUM; * I think you want to declare your value too large (e.g. long) * that way you'll never pass garbage */ -typedef unsigned long long BN_ULONG; +typedef uintptr_t BN_ULONG; """ FUNCTIONS = """ -- cgit v1.2.3 From c9aeb34db5f0a675f60742ea82d67d92ea75865c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 27 Dec 2013 11:07:42 -0800 Subject: A handful of style fixes in the cffi bindings --- cryptography/hazmat/backends/openssl/evp.py | 2 +- cryptography/hazmat/backends/openssl/objects.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py index d2297a0e..1f8901bf 100644 --- a/cryptography/hazmat/backends/openssl/evp.py +++ b/cryptography/hazmat/backends/openssl/evp.py @@ -96,7 +96,7 @@ int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t); int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, EVP_PKEY *); -const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5(); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/objects.py b/cryptography/hazmat/backends/openssl/objects.py index aff1c496..ad1b8588 100644 --- a/cryptography/hazmat/backends/openssl/objects.py +++ b/cryptography/hazmat/backends/openssl/objects.py @@ -19,17 +19,17 @@ TYPES = """ """ FUNCTIONS = """ -ASN1_OBJECT * OBJ_nid2obj(int); -const char * OBJ_nid2ln(int); -const char * OBJ_nid2sn(int); +ASN1_OBJECT *OBJ_nid2obj(int); +const char *OBJ_nid2ln(int); +const char *OBJ_nid2sn(int); int OBJ_obj2nid(const ASN1_OBJECT *); int OBJ_ln2nid(const char *); int OBJ_sn2nid(const char *); int OBJ_txt2nid(const char *); -ASN1_OBJECT * OBJ_txt2obj(const char *, int); +ASN1_OBJECT *OBJ_txt2obj(const char *, int); int OBJ_obj2txt(char *, int, const ASN1_OBJECT *, int); int OBJ_cmp(const ASN1_OBJECT *, const ASN1_OBJECT *); -ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *); +ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *); int OBJ_create(const char *, const char *, const char *); void OBJ_cleanup(); """ -- cgit v1.2.3 From 2dd6cc89f6822ede162ef402f270493b2263d829 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Fri, 27 Dec 2013 16:50:56 -0500 Subject: expand the explanation for this workaround and switch XXX to TODO --- cryptography/hazmat/backends/openssl/asn1.py | 14 ++++++++++++-- cryptography/hazmat/backends/openssl/bignum.py | 14 ++++++++++++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index e7c18a52..fa336cf3 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -17,9 +17,19 @@ INCLUDES = """ TYPES = """ /* - * XXX This typedef is wrong. - * https://bitbucket.org/cffi/cffi/issue/69 + * TODO: This typedef is wrong. + * + * This is due to limitations of cffi. + * See https://bitbucket.org/cffi/cffi/issue/69 + * + * For another possible work-around (not used here because it involves more + * complicated use of the cffi API which falls outside the general pattern used + * by this package), see * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * + * The work-around used here is to just be sure to declare a type that is at + * least as large as the real type. Maciej explains: + * * I think you want to declare your value too large (e.g. long) * that way you'll never pass garbage */ diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index a5ba07b1..599eadc8 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -18,9 +18,19 @@ INCLUDES = """ TYPES = """ typedef ... BIGNUM; /* - * XXX This typedef is wrong. - * https://bitbucket.org/cffi/cffi/issue/69 + * TODO: This typedef is wrong. + * + * This is due to limitations of cffi. + * See https://bitbucket.org/cffi/cffi/issue/69 + * + * For another possible work-around (not used here because it involves more + * complicated use of the cffi API which falls outside the general pattern used + * by this package), see * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/ + * + * The work-around used here is to just be sure to declare a type that is at + * least as large as the real type. Maciej explains: + * * I think you want to declare your value too large (e.g. long) * that way you'll never pass garbage */ -- cgit v1.2.3 From ec49550b1f29c52164a3f4bca7779e7dc23d397f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 15:51:40 -0600 Subject: change typeerror to valueerror --- tests/test_utils.py | 2 +- tests/utils.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_utils.py b/tests/test_utils.py index 32daff70..c640367e 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -68,7 +68,7 @@ def test_check_backend_support_no_backend(): ) item = pretend.stub(keywords={"supported": supported}, funcargs={}) - with pytest.raises(TypeError): + with pytest.raises(ValueError): check_backend_support(item) diff --git a/tests/utils.py b/tests/utils.py index 7ae2eb8b..beb2ca5d 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -30,8 +30,8 @@ def check_backend_support(item): if not supported.kwargs["only_if"](item.funcargs["backend"]): pytest.skip(supported.kwargs["skip_message"]) elif supported: - raise TypeError("This mark is only available on methods that take a " - "backend") + raise ValueError("This mark is only available on methods that take a " + "backend") def load_vectors_from_file(filename, loader): -- cgit v1.2.3 From 3f54e65894d2cc1d31fd760e78be6b641d180bb3 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Fri, 27 Dec 2013 21:58:05 +0000 Subject: Add myself to AUTHORS --- AUTHORS.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS.rst b/AUTHORS.rst index 0ef9958d..953ca55b 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -10,3 +10,4 @@ PGP key fingerprints are enclosed in parentheses. * Christian Heimes * Paul Kehrer * Jarret Raim +* Alex Stapleton (A1C7 E50B 66DE 39ED C847 9665 8E3C 20D1 9BD9 5C4C) -- cgit v1.2.3 From ccf0d901501245dacc01bec6648f6e1b872d2bf4 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Fri, 27 Dec 2013 22:27:58 +0000 Subject: ASN1_ITEM_ptr always has a const return type --- cryptography/hazmat/backends/openssl/asn1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index a186d592..15991767 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -102,7 +102,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long, MACROS = """ ASN1_TIME *M_ASN1_TIME_dup(void *); -ASN1_ITEM_EXP *ASN1_ITEM_ptr(ASN1_ITEM_EXP *); +const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ -- cgit v1.2.3 From b078d8e1f446a1d2d13453e65e37fbaf4f6b17f2 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 16:33:14 -0600 Subject: re-add some removed generators to simplify patch --- tests/hazmat/primitives/test_hashes.py | 107 +++++++++++++++++++++------------ tests/hazmat/primitives/test_hmac.py | 24 ++++---- tests/hazmat/primitives/utils.py | 20 ++++++ 3 files changed, 101 insertions(+), 50 deletions(-) diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index d52021eb..c907ef61 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -23,7 +23,7 @@ from cryptography import utils from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes, interfaces -from .utils import base_hash_test +from .utils import generate_base_hash_test @utils.register_interface(interfaces.HashAlgorithm) @@ -69,44 +69,69 @@ class TestHashContext(object): hashes.Hash(UnsupportedDummyHash(), backend) +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA1), + skip_message="Does not support SHA1", +) @pytest.mark.hash -class TestHashes(object): - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA1), - skip_message="Does not support SHA1", +class TestSHA1(object): + test_SHA1 = generate_base_hash_test( + hashes.SHA1(), + digest_size=20, + block_size=64, ) - def test_SHA1(self, backend): - base_hash_test(backend, hashes.SHA1(), digest_size=20, block_size=64) - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA224), - skip_message="Does not support SHA224", + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA224), + skip_message="Does not support SHA224", +) +@pytest.mark.hash +class TestSHA224(object): + test_SHA224 = generate_base_hash_test( + hashes.SHA224(), + digest_size=28, + block_size=64, ) - def test_SHA224(self, backend): - base_hash_test(backend, hashes.SHA224(), digest_size=28, block_size=64) - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA256), - skip_message="Does not support SHA256", + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA256), + skip_message="Does not support SHA256", +) +@pytest.mark.hash +class TestSHA256(object): + test_SHA256 = generate_base_hash_test( + hashes.SHA256(), + digest_size=32, + block_size=64, ) - def test_SHA256(self, backend): - base_hash_test(backend, hashes.SHA256(), digest_size=32, block_size=64) - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA384), - skip_message="Does not support SHA384", + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA384), + skip_message="Does not support SHA384", +) +@pytest.mark.hash +class TestSHA384(object): + test_SHA384 = generate_base_hash_test( + hashes.SHA384(), + digest_size=48, + block_size=128, ) - def test_SHA384(self, backend): - base_hash_test(backend, hashes.SHA384(), - digest_size=48, block_size=128) - @pytest.mark.supported( - only_if=lambda backend: backend.hash_supported(hashes.SHA512), - skip_message="Does not support SHA512", + +@pytest.mark.supported( + only_if=lambda backend: backend.hash_supported(hashes.SHA512), + skip_message="Does not support SHA512", +) +@pytest.mark.hash +class TestSHA512(object): + test_SHA512 = generate_base_hash_test( + hashes.SHA512(), + digest_size=64, + block_size=128, ) - def test_SHA512(self, backend): - base_hash_test(backend, hashes.SHA512(), - digest_size=64, block_size=128) @pytest.mark.supported( @@ -115,9 +140,11 @@ class TestHashes(object): ) @pytest.mark.hash class TestRIPEMD160(object): - def test_RIPEMD160(self, backend): - base_hash_test(backend, hashes.RIPEMD160(), - digest_size=20, block_size=64) + test_RIPEMD160 = generate_base_hash_test( + hashes.RIPEMD160(), + digest_size=20, + block_size=64, + ) @pytest.mark.supported( @@ -126,9 +153,11 @@ class TestRIPEMD160(object): ) @pytest.mark.hash class TestWhirlpool(object): - def test_Whirlpool(self, backend): - base_hash_test(backend, hashes.Whirlpool(), - digest_size=64, block_size=64) + test_Whirlpool = generate_base_hash_test( + hashes.Whirlpool(), + digest_size=64, + block_size=64, + ) @pytest.mark.supported( @@ -137,6 +166,8 @@ class TestWhirlpool(object): ) @pytest.mark.hash class TestMD5(object): - def test_MD5(self, backend): - base_hash_test(backend, hashes.MD5(), - digest_size=16, block_size=64) + test_MD5 = generate_base_hash_test( + hashes.MD5(), + digest_size=16, + block_size=64, + ) diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index c216dd4d..924e2167 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -13,8 +13,6 @@ from __future__ import absolute_import, division, print_function -import binascii - import pretend import pytest @@ -25,25 +23,27 @@ from cryptography import utils from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes, hmac, interfaces +from .utils import generate_base_hmac_test + @utils.register_interface(interfaces.HashAlgorithm) class UnsupportedDummyHash(object): name = "unsupported-dummy-hash" +@pytest.mark.supported( + only_if=lambda backend: backend.hmac_supported(hashes.MD5), + skip_message="Does not support MD5", +) @pytest.mark.hmac -class TestHMAC(object): - @pytest.mark.supported( - only_if=lambda backend: backend.hmac_supported(hashes.MD5), - skip_message="Does not support MD5", +class TestHMACCopy(object): + test_copy = generate_base_hmac_test( + hashes.MD5(), ) - def test_hmac_copy(self, backend): - key = b"ab" - h = hmac.HMAC(binascii.unhexlify(key), hashes.MD5(), backend=backend) - h_copy = h.copy() - assert h != h_copy - assert h._ctx != h_copy._ctx + +@pytest.mark.hmac +class TestHMAC(object): def test_hmac_reject_unicode(self, backend): h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend) with pytest.raises(TypeError): diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index 3c962752..cdcf84cb 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -149,6 +149,12 @@ def hash_test(backend, algorithm, params): assert m.finalize() == binascii.unhexlify(expected_md) +def generate_base_hash_test(algorithm, digest_size, block_size): + def test_base_hash(self, backend): + base_hash_test(backend, algorithm, digest_size, block_size) + return test_base_hash + + def base_hash_test(backend, algorithm, digest_size, block_size): m = hashes.Hash(algorithm, backend=backend) assert m.algorithm.digest_size == digest_size @@ -176,6 +182,20 @@ def long_string_hash_test(backend, algorithm, md): assert m.finalize() == binascii.unhexlify(md.lower().encode("ascii")) +def generate_base_hmac_test(hash_cls): + def test_base_hmac(self, backend): + base_hmac_test(backend, hash_cls) + return test_base_hmac + + +def base_hmac_test(backend, algorithm): + key = b"ab" + h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend) + h_copy = h.copy() + assert h != h_copy + assert h._ctx != h_copy._ctx + + def generate_hmac_test(param_loader, path, file_names, algorithm): all_params = _load_all_params(path, file_names, param_loader) -- cgit v1.2.3 From 047dab8e76639ef2682c78b899ee9ba1f7ba28f8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 16:45:52 -0600 Subject: update style guide docs to reflect change to (void) --- docs/contributing.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/contributing.rst b/docs/contributing.rst index 620e1b6a..139f7f3b 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -110,14 +110,14 @@ Don't name parameters: ...; }; -Don't include stray ``void`` parameters: +Include ``void`` if the function takes no arguments: .. code-block:: c // Good - long f(); - // Bad long f(void); + // Bad + long f(); Wrap lines at 80 characters like so: -- cgit v1.2.3 From 01e9886f9bade642512829c21dbfeddcda978e71 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 16:48:07 -0600 Subject: convert all functions without args from () to (void) --- cryptography/hazmat/backends/openssl/asn1.py | 12 +++++----- cryptography/hazmat/backends/openssl/bignum.py | 2 +- cryptography/hazmat/backends/openssl/bio.py | 14 ++++++------ cryptography/hazmat/backends/openssl/crypto.py | 8 +++---- cryptography/hazmat/backends/openssl/dh.py | 2 +- cryptography/hazmat/backends/openssl/engine.py | 10 ++++----- cryptography/hazmat/backends/openssl/err.py | 12 +++++----- cryptography/hazmat/backends/openssl/evp.py | 10 ++++----- cryptography/hazmat/backends/openssl/rand.py | 6 ++--- cryptography/hazmat/backends/openssl/rsa.py | 2 +- cryptography/hazmat/backends/openssl/ssl.py | 28 ++++++++++++------------ cryptography/hazmat/backends/openssl/x509.py | 16 +++++++------- cryptography/hazmat/backends/openssl/x509name.py | 2 +- 13 files changed, 62 insertions(+), 62 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index 6a309ee1..f7e4f07e 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -68,7 +68,7 @@ static const int MBSTRING_UTF8; """ FUNCTIONS = """ -ASN1_OBJECT *ASN1_OBJECT_new(); +ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *); /* ASN1 OBJECT IDENTIFIER */ @@ -76,7 +76,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **, const unsigned char **, long); int i2d_ASN1_OBJECT(ASN1_OBJECT *, unsigned char **); /* ASN1 STRING */ -ASN1_STRING *ASN1_STRING_new(); +ASN1_STRING *ASN1_STRING_new(void); ASN1_STRING *ASN1_STRING_type_new(int); void ASN1_STRING_free(ASN1_STRING *); unsigned char *ASN1_STRING_data(ASN1_STRING *); @@ -85,18 +85,18 @@ int ASN1_STRING_type(ASN1_STRING *); int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *); /* ASN1 OCTET STRING */ -ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(); +ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void); void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *, const unsigned char *, int); /* ASN1 INTEGER */ -ASN1_INTEGER *ASN1_INTEGER_new(); +ASN1_INTEGER *ASN1_INTEGER_new(void); void ASN1_INTEGER_free(ASN1_INTEGER *); int ASN1_INTEGER_set(ASN1_INTEGER *, long); int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *); /* ASN1 TIME */ -ASN1_TIME *ASN1_TIME_new(); +ASN1_TIME *ASN1_TIME_new(void); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *, ASN1_GENERALIZEDTIME **); @@ -109,7 +109,7 @@ void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *); int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *); /* ASN1 ENUMERATED */ -ASN1_ENUMERATED *ASN1_ENUMERATED_new(); +ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); void ASN1_ENUMERATED_free(ASN1_ENUMERATED *); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long); diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py index 599eadc8..59efd171 100644 --- a/cryptography/hazmat/backends/openssl/bignum.py +++ b/cryptography/hazmat/backends/openssl/bignum.py @@ -38,7 +38,7 @@ typedef uintptr_t BN_ULONG; """ FUNCTIONS = """ -BIGNUM *BN_new(); +BIGNUM *BN_new(void); void BN_free(BIGNUM *); int BN_set_word(BIGNUM *, BN_ULONG); diff --git a/cryptography/hazmat/backends/openssl/bio.py b/cryptography/hazmat/backends/openssl/bio.py index d164804f..9af32b71 100644 --- a/cryptography/hazmat/backends/openssl/bio.py +++ b/cryptography/hazmat/backends/openssl/bio.py @@ -63,16 +63,16 @@ BIO *BIO_pop(BIO *); BIO *BIO_next(BIO *); BIO *BIO_find_type(BIO *, int); int BIO_method_type(const BIO *); -BIO_METHOD *BIO_s_mem(); +BIO_METHOD *BIO_s_mem(void); BIO *BIO_new_mem_buf(void *, int); -BIO_METHOD *BIO_s_file(); +BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *, const char *); BIO *BIO_new_fp(FILE *, int); -BIO_METHOD *BIO_s_fd(); +BIO_METHOD *BIO_s_fd(void); BIO *BIO_new_fd(int, int); -BIO_METHOD *BIO_s_socket(); +BIO_METHOD *BIO_s_socket(void); BIO *BIO_new_socket(int, int); -BIO_METHOD *BIO_s_null(); +BIO_METHOD *BIO_s_null(void); long BIO_ctrl(BIO *, int, long, void *); long BIO_callback_ctrl( BIO *, @@ -87,8 +87,8 @@ int BIO_read(BIO *, void *, int); int BIO_gets(BIO *, char *, int); int BIO_write(BIO *, const void *, int); int BIO_puts(BIO *, const char *); -BIO_METHOD *BIO_f_null(); -BIO_METHOD *BIO_f_buffer(); +BIO_METHOD *BIO_f_null(void); +BIO_METHOD *BIO_f_buffer(void); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py index 71d32c52..5e995023 100644 --- a/cryptography/hazmat/backends/openssl/crypto.py +++ b/cryptography/hazmat/backends/openssl/crypto.py @@ -26,17 +26,17 @@ static const int SSLEAY_BUILT_ON; FUNCTIONS = """ void CRYPTO_free(void *); int CRYPTO_mem_ctrl(int); -int CRYPTO_is_mem_check_on(); +int CRYPTO_is_mem_check_on(void); void CRYPTO_mem_leaks(struct bio_st *); -void CRYPTO_cleanup_all_ex_data(); +void CRYPTO_cleanup_all_ex_data(void); void OPENSSL_free(void *); """ MACROS = """ void CRYPTO_add(int *, int, int); -void CRYPTO_malloc_init(); -void CRYPTO_malloc_debug_init(); +void CRYPTO_malloc_init(void); +void CRYPTO_malloc_debug_init(void); #define CRYPTO_MEM_CHECK_ON ... #define CRYPTO_MEM_CHECK_OFF ... diff --git a/cryptography/hazmat/backends/openssl/dh.py b/cryptography/hazmat/backends/openssl/dh.py index 56fa8b46..3c12fbc6 100644 --- a/cryptography/hazmat/backends/openssl/dh.py +++ b/cryptography/hazmat/backends/openssl/dh.py @@ -20,7 +20,7 @@ typedef ... DH; """ FUNCTIONS = """ -DH *DH_new(); +DH *DH_new(void); void DH_free(DH *); """ diff --git a/cryptography/hazmat/backends/openssl/engine.py b/cryptography/hazmat/backends/openssl/engine.py index cc214f84..640ef18c 100644 --- a/cryptography/hazmat/backends/openssl/engine.py +++ b/cryptography/hazmat/backends/openssl/engine.py @@ -20,8 +20,8 @@ typedef ... ENGINE; """ FUNCTIONS = """ -ENGINE *ENGINE_get_first(); -ENGINE *ENGINE_get_last(); +ENGINE *ENGINE_get_first(void); +ENGINE *ENGINE_get_last(void); ENGINE *ENGINE_get_next(ENGINE *); ENGINE *ENGINE_get_prev(ENGINE *); int ENGINE_add(ENGINE *); @@ -30,9 +30,9 @@ ENGINE *ENGINE_by_id(const char *); int ENGINE_init(ENGINE *); int ENGINE_finish(ENGINE *); int ENGINE_free(ENGINE *); -void ENGINE_cleanup(); -void ENGINE_load_dynamic(); -void ENGINE_load_builtin_engines(); +void ENGINE_cleanup(void); +void ENGINE_load_dynamic(void); +void ENGINE_load_builtin_engines(void); int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); int ENGINE_set_default(ENGINE *, unsigned int); int ENGINE_register_complete(ENGINE *); diff --git a/cryptography/hazmat/backends/openssl/err.py b/cryptography/hazmat/backends/openssl/err.py index 2fb8bbe1..6b2a77b1 100644 --- a/cryptography/hazmat/backends/openssl/err.py +++ b/cryptography/hazmat/backends/openssl/err.py @@ -38,8 +38,8 @@ static const int ASN1_R_BAD_PASSWORD_READ; """ FUNCTIONS = """ -void ERR_load_crypto_strings(); -void ERR_free_strings(); +void ERR_load_crypto_strings(void); +void ERR_free_strings(void); char* ERR_error_string(unsigned long, char *); void ERR_error_string_n(unsigned long, char *, size_t); const char* ERR_lib_error_string(unsigned long); @@ -47,9 +47,9 @@ const char* ERR_func_error_string(unsigned long); const char* ERR_reason_error_string(unsigned long); void ERR_print_errors(BIO *); void ERR_print_errors_fp(FILE *); -unsigned long ERR_get_error(); -unsigned long ERR_peek_error(); -unsigned long ERR_peek_last_error(); +unsigned long ERR_get_error(void); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_last_error(void); unsigned long ERR_get_error_line(const char **, int *); unsigned long ERR_peek_error_line(const char **, int *); unsigned long ERR_peek_last_error_line(const char **, int *); @@ -61,7 +61,7 @@ unsigned long ERR_peek_last_error_line_data(const char **, int *, const char **, int *); void ERR_put_error(int, int, int, const char *, int); void ERR_add_error_data(int, ...); -int ERR_get_next_error_library(); +int ERR_get_next_error_library(void); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py index 1f8901bf..f1c061dc 100644 --- a/cryptography/hazmat/backends/openssl/evp.py +++ b/cryptography/hazmat/backends/openssl/evp.py @@ -43,7 +43,7 @@ static const int Cryptography_HAS_GCM; """ FUNCTIONS = """ -void OpenSSL_add_all_algorithms(); +void OpenSSL_add_all_algorithms(void); const EVP_CIPHER *EVP_get_cipherbyname(const char *); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *, @@ -66,11 +66,11 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *); int EVP_CIPHER_block_size(const EVP_CIPHER *); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *); -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); -EVP_MD_CTX *EVP_MD_CTX_create(); +EVP_MD_CTX *EVP_MD_CTX_create(void); int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *); int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t); @@ -81,7 +81,7 @@ const EVP_MD *EVP_get_digestbyname(const char *); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *); int EVP_MD_size(const EVP_MD *); -EVP_PKEY *EVP_PKEY_new(); +EVP_PKEY *EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *); int EVP_PKEY_type(int); int EVP_PKEY_bits(EVP_PKEY *); @@ -96,7 +96,7 @@ int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t); int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, EVP_PKEY *); -const EVP_MD *EVP_md5(); +const EVP_MD *EVP_md5(void); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/rand.py b/cryptography/hazmat/backends/openssl/rand.py index 5ac36cac..0e645fbc 100644 --- a/cryptography/hazmat/backends/openssl/rand.py +++ b/cryptography/hazmat/backends/openssl/rand.py @@ -19,17 +19,17 @@ TYPES = """ """ FUNCTIONS = """ -void ERR_load_RAND_strings(); +void ERR_load_RAND_strings(void); void RAND_seed(const void *, int); void RAND_add(const void *, int, double); -int RAND_status(); +int RAND_status(void); int RAND_egd(const char *); int RAND_egd_bytes(const char *, int); int RAND_query_egd_bytes(const char *, unsigned char *, int); const char *RAND_file_name(char *, size_t); int RAND_load_file(const char *, long); int RAND_write_file(const char *); -void RAND_cleanup(); +void RAND_cleanup(void); int RAND_bytes(unsigned char *, int); int RAND_pseudo_bytes(unsigned char *, int); """ diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py index 6cee569a..a44ca4a6 100644 --- a/cryptography/hazmat/backends/openssl/rsa.py +++ b/cryptography/hazmat/backends/openssl/rsa.py @@ -37,7 +37,7 @@ static const int RSA_F4; """ FUNCTIONS = """ -RSA *RSA_new(); +RSA *RSA_new(void); void RSA_free(RSA *); int RSA_size(const RSA *); int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *); diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index f99c2636..49b142ca 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -132,8 +132,8 @@ static const int TLSEXT_NAMETYPE_host_name; """ FUNCTIONS = """ -void SSL_load_error_strings(); -int SSL_library_init(); +void SSL_load_error_strings(void); +int SSL_library_init(void); /* SSL */ SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); @@ -224,20 +224,20 @@ long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); * available they will be wrapped, but if they are not they won't cause * problems (like link errors). */ -const SSL_METHOD *SSLv2_method(); -const SSL_METHOD *SSLv2_server_method(); -const SSL_METHOD *SSLv2_client_method(); +const SSL_METHOD *SSLv2_method(void); +const SSL_METHOD *SSLv2_server_method(void); +const SSL_METHOD *SSLv2_client_method(void); /* methods */ -const SSL_METHOD *SSLv3_method(); -const SSL_METHOD *SSLv3_server_method(); -const SSL_METHOD *SSLv3_client_method(); -const SSL_METHOD *TLSv1_method(); -const SSL_METHOD *TLSv1_server_method(); -const SSL_METHOD *TLSv1_client_method(); -const SSL_METHOD *SSLv23_method(); -const SSL_METHOD *SSLv23_server_method(); -const SSL_METHOD *SSLv23_client_method(); +const SSL_METHOD *SSLv3_method(void); +const SSL_METHOD *SSLv3_server_method(void); +const SSL_METHOD *SSLv3_client_method(void); +const SSL_METHOD *TLSv1_method(void); +const SSL_METHOD *TLSv1_server_method(void); +const SSL_METHOD *TLSv1_client_method(void); +const SSL_METHOD *SSLv23_method(void); +const SSL_METHOD *SSLv23_server_method(void); +const SSL_METHOD *SSLv23_client_method(void); /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/ SSL_CTX *SSL_CTX_new(const SSL_METHOD *); diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 5cba476e..632efb31 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -66,7 +66,7 @@ typedef ... NETSCAPE_SPKI; """ FUNCTIONS = """ -X509 *X509_new(); +X509 *X509_new(void); void X509_free(X509 *); X509 *X509_dup(X509 *); @@ -101,7 +101,7 @@ ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *); void X509_EXTENSION_free(X509_EXTENSION *); int X509_REQ_set_version(X509_REQ *, long); -X509_REQ *X509_REQ_new(); +X509_REQ *X509_REQ_new(void); void X509_REQ_free(X509_REQ *); int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *); int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *); @@ -113,7 +113,7 @@ int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long); int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *); -X509_REVOKED *X509_REVOKED_new(); +X509_REVOKED *X509_REVOKED_new(void); void X509_REVOKED_free(X509_REVOKED *); int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); @@ -121,7 +121,7 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long); X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **); -X509_CRL *X509_CRL_new(); +X509_CRL *X509_CRL_new(void); void X509_CRL_free(X509_CRL *); int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *); int i2d_X509_CRL_bio(BIO *, X509_CRL *); @@ -134,7 +134,7 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *, EVP_PKEY *, const EVP_MD *); char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *); EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *); int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *, EVP_PKEY *); -NETSCAPE_SPKI *NETSCAPE_SPKI_new(); +NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); void NETSCAPE_SPKI_free(NETSCAPE_SPKI *); /* ASN1 serialization */ @@ -151,7 +151,7 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *); int X509_set_serialNumber(X509 *, ASN1_INTEGER *); /* X509_STORE */ -X509_STORE *X509_STORE_new(); +X509_STORE *X509_STORE_new(void); void X509_STORE_free(X509_STORE *); int X509_STORE_add_cert(X509_STORE *, X509 *); """ @@ -165,13 +165,13 @@ ASN1_TIME *X509_get_notAfter(X509 *); long X509_REQ_get_version(X509_REQ *); X509_NAME *X509_REQ_get_subject_name(X509_REQ *); -struct stack_st_X509 *sk_X509_new_null(); +struct stack_st_X509 *sk_X509_new_null(void); void sk_X509_free(struct stack_st_X509 *); int sk_X509_num(struct stack_st_X509 *); int sk_X509_push(struct stack_st_X509 *, X509 *); X509 *sk_X509_value(struct stack_st_X509 *, int); -X509_EXTENSIONS *sk_X509_EXTENSION_new_null(); +X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void); int sk_X509_EXTENSION_num(X509_EXTENSIONS *); X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int); int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index 4be39b53..0543e387 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -40,7 +40,7 @@ void X509_NAME_free(X509_NAME *); """ MACROS = """ -struct stack_st_X509_NAME *sk_X509_NAME_new_null(); +struct stack_st_X509_NAME *sk_X509_NAME_new_null(void); int sk_X509_NAME_num(struct stack_st_X509_NAME *); int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *); X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int); -- cgit v1.2.3 From 08d72a56f9dd110ac246f2dc4b63a82874a95483 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 16:53:55 -0600 Subject: move macro from functions into macros where it belongs --- cryptography/hazmat/backends/openssl/evp.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py index f1c061dc..c426e52e 100644 --- a/cryptography/hazmat/backends/openssl/evp.py +++ b/cryptography/hazmat/backends/openssl/evp.py @@ -43,8 +43,6 @@ static const int Cryptography_HAS_GCM; """ FUNCTIONS = """ -void OpenSSL_add_all_algorithms(void); - const EVP_CIPHER *EVP_get_cipherbyname(const char *); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *, const unsigned char *, const unsigned char *); @@ -100,6 +98,7 @@ const EVP_MD *EVP_md5(void); """ MACROS = """ +void OpenSSL_add_all_algorithms(void); int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *); int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *); -- cgit v1.2.3 From 1839b19f7ab7795250c662bd2b38fc0bbf1e65a1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 18:50:52 -0600 Subject: a few missed functions in the () -> (void) migration --- cryptography/hazmat/backends/openssl/objects.py | 2 +- cryptography/hazmat/backends/openssl/ssl.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/objects.py b/cryptography/hazmat/backends/openssl/objects.py index ad1b8588..0abc42d6 100644 --- a/cryptography/hazmat/backends/openssl/objects.py +++ b/cryptography/hazmat/backends/openssl/objects.py @@ -31,7 +31,7 @@ int OBJ_obj2txt(char *, int, const ASN1_OBJECT *, int); int OBJ_cmp(const ASN1_OBJECT *, const ASN1_OBJECT *); ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *); int OBJ_create(const char *, const char *, const char *); -void OBJ_cleanup(); +void OBJ_cleanup(void); """ MACROS = """ diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 49b142ca..fb3b17e6 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -255,9 +255,9 @@ void SSL_CTX_set_tlsext_servername_callback( CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_SSL2 static const long Cryptography_HAS_SSL2 = 0; -SSL_METHOD* (*SSLv2_method)() = NULL; -SSL_METHOD* (*SSLv2_client_method)() = NULL; -SSL_METHOD* (*SSLv2_server_method)() = NULL; +SSL_METHOD* (*SSLv2_method)(void) = NULL; +SSL_METHOD* (*SSLv2_client_method)(void) = NULL; +SSL_METHOD* (*SSLv2_server_method)(void) = NULL; #else static const long Cryptography_HAS_SSL2 = 1; #endif -- cgit v1.2.3 From ccd9c0069f6955e8325ec63853e4609241cbea06 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 20:25:06 -0600 Subject: Convert #defines to explicit type declaration for consistency --- cryptography/hazmat/backends/openssl/bio.py | 85 +++++++++++++------------- cryptography/hazmat/backends/openssl/crypto.py | 8 +-- cryptography/hazmat/backends/openssl/engine.py | 22 ++++--- docs/contributing.rst | 17 ++++++ 4 files changed, 76 insertions(+), 56 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/bio.py b/cryptography/hazmat/backends/openssl/bio.py index 9af32b71..264a2410 100644 --- a/cryptography/hazmat/backends/openssl/bio.py +++ b/cryptography/hazmat/backends/openssl/bio.py @@ -50,6 +50,49 @@ struct bio_st { ...; }; typedef ... BUF_MEM; + +static const int BIO_TYPE_MEM; +static const int BIO_TYPE_FILE; +static const int BIO_TYPE_FD; +static const int BIO_TYPE_SOCKET; +static const int BIO_TYPE_CONNECT; +static const int BIO_TYPE_ACCEPT; +static const int BIO_TYPE_NULL; +static const int BIO_CLOSE; +static const int BIO_NOCLOSE; +static const int BIO_TYPE_SOURCE_SINK; +static const int BIO_CTRL_RESET; +static const int BIO_CTRL_EOF; +static const int BIO_CTRL_SET; +static const int BIO_CTRL_SET_CLOSE; +static const int BIO_CTRL_FLUSH; +static const int BIO_CTRL_DUP; +static const int BIO_CTRL_GET_CLOSE; +static const int BIO_CTRL_INFO; +static const int BIO_CTRL_GET; +static const int BIO_CTRL_PENDING; +static const int BIO_CTRL_WPENDING; +static const int BIO_C_FILE_SEEK; +static const int BIO_C_FILE_TELL; +static const int BIO_TYPE_NONE; +static const int BIO_TYPE_PROXY_CLIENT; +static const int BIO_TYPE_PROXY_SERVER; +static const int BIO_TYPE_NBIO_TEST; +static const int BIO_TYPE_BER; +static const int BIO_TYPE_BIO; +static const int BIO_TYPE_DESCRIPTOR; +static const int BIO_FLAGS_READ; +static const int BIO_FLAGS_WRITE; +static const int BIO_FLAGS_IO_SPECIAL; +static const int BIO_FLAGS_RWS; +static const int BIO_FLAGS_SHOULD_RETRY; +static const int BIO_TYPE_NULL_FILTER; +static const int BIO_TYPE_SSL; +static const int BIO_TYPE_MD; +static const int BIO_TYPE_BUFFER; +static const int BIO_TYPE_CIPHER; +static const int BIO_TYPE_BASE64; +static const int BIO_TYPE_FILTER; """ FUNCTIONS = """ @@ -125,48 +168,6 @@ long BIO_set_read_buffer_size(BIO *, long); long BIO_set_write_buffer_size(BIO *, long); long BIO_set_buffer_size(BIO *, long); long BIO_set_buffer_read_data(BIO *, void *, long); -#define BIO_TYPE_MEM ... -#define BIO_TYPE_FILE ... -#define BIO_TYPE_FD ... -#define BIO_TYPE_SOCKET ... -#define BIO_TYPE_CONNECT ... -#define BIO_TYPE_ACCEPT ... -#define BIO_TYPE_NULL ... -#define BIO_CLOSE ... -#define BIO_NOCLOSE ... -#define BIO_TYPE_SOURCE_SINK ... -#define BIO_CTRL_RESET ... -#define BIO_CTRL_EOF ... -#define BIO_CTRL_SET ... -#define BIO_CTRL_SET_CLOSE ... -#define BIO_CTRL_FLUSH ... -#define BIO_CTRL_DUP ... -#define BIO_CTRL_GET_CLOSE ... -#define BIO_CTRL_INFO ... -#define BIO_CTRL_GET ... -#define BIO_CTRL_PENDING ... -#define BIO_CTRL_WPENDING ... -#define BIO_C_FILE_SEEK ... -#define BIO_C_FILE_TELL ... -#define BIO_TYPE_NONE ... -#define BIO_TYPE_PROXY_CLIENT ... -#define BIO_TYPE_PROXY_SERVER ... -#define BIO_TYPE_NBIO_TEST ... -#define BIO_TYPE_BER ... -#define BIO_TYPE_BIO ... -#define BIO_TYPE_DESCRIPTOR ... -#define BIO_FLAGS_READ ... -#define BIO_FLAGS_WRITE ... -#define BIO_FLAGS_IO_SPECIAL ... -#define BIO_FLAGS_RWS ... -#define BIO_FLAGS_SHOULD_RETRY ... -#define BIO_TYPE_NULL_FILTER ... -#define BIO_TYPE_SSL ... -#define BIO_TYPE_MD ... -#define BIO_TYPE_BUFFER ... -#define BIO_TYPE_CIPHER ... -#define BIO_TYPE_BASE64 ... -#define BIO_TYPE_FILTER ... """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py index 5e995023..8749e2e1 100644 --- a/cryptography/hazmat/backends/openssl/crypto.py +++ b/cryptography/hazmat/backends/openssl/crypto.py @@ -21,6 +21,10 @@ static const int SSLEAY_CFLAGS; static const int SSLEAY_PLATFORM; static const int SSLEAY_DIR; static const int SSLEAY_BUILT_ON; +static const int CRYPTO_MEM_CHECK_ON; +static const int CRYPTO_MEM_CHECK_OFF; +static const int CRYPTO_MEM_CHECK_ENABLE; +static const int CRYPTO_MEM_CHECK_DISABLE; """ FUNCTIONS = """ @@ -38,10 +42,6 @@ void CRYPTO_add(int *, int, int); void CRYPTO_malloc_init(void); void CRYPTO_malloc_debug_init(void); -#define CRYPTO_MEM_CHECK_ON ... -#define CRYPTO_MEM_CHECK_OFF ... -#define CRYPTO_MEM_CHECK_ENABLE ... -#define CRYPTO_MEM_CHECK_DISABLE ... """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/engine.py b/cryptography/hazmat/backends/openssl/engine.py index 640ef18c..acd92eee 100644 --- a/cryptography/hazmat/backends/openssl/engine.py +++ b/cryptography/hazmat/backends/openssl/engine.py @@ -17,6 +17,17 @@ INCLUDES = """ TYPES = """ typedef ... ENGINE; + +static const unsigned int ENGINE_METHOD_RSA; +static const unsigned int ENGINE_METHOD_DSA; +static const unsigned int ENGINE_METHOD_RAND; +static const unsigned int ENGINE_METHOD_ECDH; +static const unsigned int ENGINE_METHOD_ECDSA; +static const unsigned int ENGINE_METHOD_CIPHERS; +static const unsigned int ENGINE_METHOD_DIGESTS; +static const unsigned int ENGINE_METHOD_STORE; +static const unsigned int ENGINE_METHOD_ALL; +static const unsigned int ENGINE_METHOD_NONE; """ FUNCTIONS = """ @@ -46,19 +57,10 @@ int ENGINE_set_default_DH(ENGINE *); int ENGINE_set_default_RAND(ENGINE *); int ENGINE_set_default_ciphers(ENGINE *); int ENGINE_set_default_digests(ENGINE *); + """ MACROS = """ -#define ENGINE_METHOD_RSA ... -#define ENGINE_METHOD_DSA ... -#define ENGINE_METHOD_RAND ... -#define ENGINE_METHOD_ECDH ... -#define ENGINE_METHOD_ECDSA ... -#define ENGINE_METHOD_CIPHERS ... -#define ENGINE_METHOD_DIGESTS ... -#define ENGINE_METHOD_STORE ... -#define ENGINE_METHOD_ALL ... -#define ENGINE_METHOD_NONE ... """ CUSTOMIZATIONS = """ diff --git a/docs/contributing.rst b/docs/contributing.rst index 139f7f3b..336d2acb 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -136,6 +136,23 @@ Include a space after commas between parameters: // Bad long f(int,char *) +Values set by #define should be assigned the appropriate type. If you see +this: + +.. code-block:: c + + #define SOME_INTEGER 0x0; + #define SOME_UINTEGER (unsigned int)0x0001; + #define SOME_STRING "hello"; + +...it should be added to the bindings like so: + +.. code-block:: c + + static const int SOME_INTEGER; + static const unsigned int SOME_UINTEGER; + static char *const SOME_STRING; + Documentation ------------- -- cgit v1.2.3 From 745ee07dcf72bee4dab1d807779be6449a81b96f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 27 Dec 2013 20:42:54 -0600 Subject: Fix docs --- docs/contributing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/contributing.rst b/docs/contributing.rst index 336d2acb..63c99530 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -136,7 +136,7 @@ Include a space after commas between parameters: // Bad long f(int,char *) -Values set by #define should be assigned the appropriate type. If you see +Values set by ``#define`` should be assigned the appropriate type. If you see this: .. code-block:: c -- cgit v1.2.3 From b232b627d50f73ae54bcadf46b273a0794d0d8b3 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 08:54:51 -0500 Subject: expose SSLeay and SSLeay_version --- cryptography/hazmat/backends/openssl/crypto.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py index 5e995023..45e265d1 100644 --- a/cryptography/hazmat/backends/openssl/crypto.py +++ b/cryptography/hazmat/backends/openssl/crypto.py @@ -24,6 +24,9 @@ static const int SSLEAY_BUILT_ON; """ FUNCTIONS = """ +unsigned long SSLeay(void); +const char *SSLeay_version(int); + void CRYPTO_free(void *); int CRYPTO_mem_ctrl(int); int CRYPTO_is_mem_check_on(void); -- cgit v1.2.3 From b4b58c37a9b86fc609c5f7b695bd1bd082fd8a77 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 08:55:50 -0500 Subject: add the missing SSL_get_servername prototype (already handled in the existing SNI conditional section) --- cryptography/hazmat/backends/openssl/ssl.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index fb3b17e6..596db05b 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -246,6 +246,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *); /* SNI APIs were introduced in OpenSSL 1.0.0. To continue to support * earlier versions some special handling of these is necessary. */ +const char *SSL_get_servername(const SSL *, const int); void SSL_set_tlsext_host_name(SSL *, char *); void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, -- cgit v1.2.3 From 7c243875f34a47d3c552634a00440c846855c3a2 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 08:56:34 -0500 Subject: expose SSL_get_peer_cert_chain, SSL_get_client_CA_list, and SSL_CTX_set_client_CA_list --- cryptography/hazmat/backends/openssl/ssl.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index fb3b17e6..7a1219b0 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -157,6 +157,13 @@ int SSL_pending(const SSL *); int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); + +/* OpenSSL defines these with STACK_OF(...) instead stack_st_... of but the + * STACK_OF macro does not play well with cffi. + */ +struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *); +struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *s); + int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); @@ -186,6 +193,11 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); +/* See comment above about STACK_OF(...) vs stack_st_... + */ +void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *); + + /* X509_STORE_CTX */ int X509_STORE_CTX_get_error(X509_STORE_CTX *); void X509_STORE_CTX_set_error(X509_STORE_CTX *, int); -- cgit v1.2.3 From db78cfdb6c7f28e57346c44097a9c17c24ecdb2b Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 28 Dec 2013 16:51:14 +0000 Subject: sk_X509_EXTENSION_delete returns X509_EXTENSION* --- cryptography/hazmat/backends/openssl/x509.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 632efb31..ea46256b 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -175,7 +175,7 @@ X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void); int sk_X509_EXTENSION_num(X509_EXTENSIONS *); X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int); int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); -void sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); +X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); void sk_X509_EXTENSION_free(X509_EXTENSIONS *); int sk_X509_REVOKED_num(struct stack_st_X509_REVOKED *); -- cgit v1.2.3 From 9020b4845a8667a2f400a0fb1b5138cb8d51eaca Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 28 Dec 2013 16:28:59 +0000 Subject: String literals are const char*. GCC won't whine with -Wall because so much code isn't const correct but writing to a string literal is undefined. -Wwrite-strings is the warning flag to enable to spot these. --- cryptography/hazmat/backends/openssl/opensslv.py | 2 +- docs/contributing.rst | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/opensslv.py b/cryptography/hazmat/backends/openssl/opensslv.py index 4e110327..397f4ca2 100644 --- a/cryptography/hazmat/backends/openssl/opensslv.py +++ b/cryptography/hazmat/backends/openssl/opensslv.py @@ -17,7 +17,7 @@ INCLUDES = """ TYPES = """ static const int OPENSSL_VERSION_NUMBER; -static char *const OPENSSL_VERSION_TEXT; +static const char *const OPENSSL_VERSION_TEXT; """ FUNCTIONS = """ diff --git a/docs/contributing.rst b/docs/contributing.rst index 63c99530..657c4359 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -141,17 +141,17 @@ this: .. code-block:: c - #define SOME_INTEGER 0x0; - #define SOME_UINTEGER (unsigned int)0x0001; - #define SOME_STRING "hello"; + #define SOME_INTEGER_LITERAL 0x0; + #define SOME_UNSIGNED_INTEGER_LITERAL 0x0001U; + #define SOME_STRING_LITERAL "hello"; ...it should be added to the bindings like so: .. code-block:: c - static const int SOME_INTEGER; - static const unsigned int SOME_UINTEGER; - static char *const SOME_STRING; + static const int SOME_INTEGER_LITERAL; + static const unsigned int SOME_UNSIGNED_INTEGER_LITERAL; + static const char *const SOME_STRING_LITERAL; Documentation ------------- -- cgit v1.2.3 From 6c56e254932021e73aca04d1b1c71fb8ce9a95ea Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:47:43 -0500 Subject: simplify a bit - just try tackling one problem at a time. and add some more typedefs that maybe should help (still broken though) --- cryptography/hazmat/backends/openssl/ssl.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 7a1219b0..071ec503 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -110,6 +110,8 @@ static const int X509_V_OK; typedef ... SSL_METHOD; typedef ... SSL_CTX; +typedef ... Cryptography_STACK_OF_X509; + typedef struct { int master_key_length; unsigned char master_key[...]; @@ -158,11 +160,13 @@ int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); -/* OpenSSL defines these with STACK_OF(...) instead stack_st_... of but the - * STACK_OF macro does not play well with cffi. +/* + * OpenSSL defines these with STACK_OF(...) but the STACK_OF macro does not + * play well with cffi. */ -struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *); -struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *s); + +Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); +// Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); @@ -193,9 +197,10 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); -/* See comment above about STACK_OF(...) vs stack_st_... +/* + * See comment above about STACK_OF(...) vs stack_st_... */ -void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *); +// void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); /* X509_STORE_CTX */ @@ -298,6 +303,11 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; const long SSL_OP_NO_COMPRESSION = 0; #endif + +/* + * Get some simpler definitions for some types used by later prototypes. + */ +typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ CONDITIONAL_NAMES = { -- cgit v1.2.3 From 30f22f1ee19d8ff9df35d2a04b454a8da9af1a89 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:56:08 -0500 Subject: typedef has to come before function prototype that relies on it; only place that can happen is if the typedef is in INCLUDES woops --- cryptography/hazmat/backends/openssl/ssl.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 071ec503..83353e4f 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -13,6 +13,11 @@ INCLUDES = """ #include + +/* + * Get some simpler definitions for some types used by later prototypes. + */ +typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ TYPES = """ @@ -303,11 +308,6 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; const long SSL_OP_NO_COMPRESSION = 0; #endif - -/* - * Get some simpler definitions for some types used by later prototypes. - */ -typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ CONDITIONAL_NAMES = { -- cgit v1.2.3 From f5360499bac470d2d3231f2529bce5bc0a770c76 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:57:42 -0500 Subject: Put back these other functions now that they ought to work. --- cryptography/hazmat/backends/openssl/ssl.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index c3d485b2..e62a45a5 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -18,6 +18,7 @@ INCLUDES = """ * Get some simpler definitions for some types used by later prototypes. */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; +typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ TYPES = """ @@ -171,7 +172,7 @@ X509 *SSL_get_peer_certificate(const SSL *); */ Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); -// Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); +Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); @@ -203,9 +204,9 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); /* - * See comment above about STACK_OF(...) vs stack_st_... + * See comment above about STACK_OF(...) */ -// void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); +void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); /* X509_STORE_CTX */ -- cgit v1.2.3 From f8475f44238c8a7ee0e730e118683d4732d06c76 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:58:10 -0500 Subject: This bit is important as well. --- cryptography/hazmat/backends/openssl/ssl.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index e62a45a5..e4192349 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -117,6 +117,7 @@ typedef ... SSL_METHOD; typedef ... SSL_CTX; typedef ... Cryptography_STACK_OF_X509; +typedef ... Cryptography_STACK_OF_X509_NAME; typedef struct { int master_key_length; -- cgit v1.2.3 From 7db423959e5648bd1ba3bbf3581d56b199de10f2 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 13:04:53 -0500 Subject: move these type definitions to perhaps-more-appropriate modules --- cryptography/hazmat/backends/openssl/ssl.py | 9 --------- cryptography/hazmat/backends/openssl/x509.py | 3 +++ cryptography/hazmat/backends/openssl/x509name.py | 3 +++ 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index e4192349..32ea2190 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -13,12 +13,6 @@ INCLUDES = """ #include - -/* - * Get some simpler definitions for some types used by later prototypes. - */ -typedef STACK_OF(X509) Cryptography_STACK_OF_X509; -typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ TYPES = """ @@ -116,9 +110,6 @@ static const int X509_V_OK; typedef ... SSL_METHOD; typedef ... SSL_CTX; -typedef ... Cryptography_STACK_OF_X509; -typedef ... Cryptography_STACK_OF_X509_NAME; - typedef struct { int master_key_length; unsigned char master_key[...]; diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 632efb31..8f4f3a0b 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -13,6 +13,8 @@ INCLUDES = """ #include + +typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ TYPES = """ @@ -63,6 +65,7 @@ typedef struct { typedef ... X509_STORE; typedef ... NETSCAPE_SPKI; +typedef ... Cryptography_STACK_OF_X509; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index 0543e387..25638ab0 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -13,11 +13,14 @@ INCLUDES = """ #include + +typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ TYPES = """ typedef ... X509_NAME; typedef ... X509_NAME_ENTRY; +typedef ... Cryptography_STACK_OF_X509_NAME; """ FUNCTIONS = """ -- cgit v1.2.3 From b14472fdb3deae6525df4823376fb4add191eeb9 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 13:10:18 -0500 Subject: Switch other spellings of this type from `struct stack_st_X509` to `Cryptography_STACK_OF_X590` (and similar for X509_NAME) --- cryptography/hazmat/backends/openssl/pkcs12.py | 4 ++-- cryptography/hazmat/backends/openssl/x509.py | 10 +++++----- cryptography/hazmat/backends/openssl/x509name.py | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/pkcs12.py b/cryptography/hazmat/backends/openssl/pkcs12.py index b3ecd0aa..bd01e756 100644 --- a/cryptography/hazmat/backends/openssl/pkcs12.py +++ b/cryptography/hazmat/backends/openssl/pkcs12.py @@ -28,9 +28,9 @@ int i2d_PKCS12_bio(BIO *, PKCS12 *); MACROS = """ int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **, - struct stack_st_X509 **); + Cryptography_STACK_OF_X509 **); PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *, - struct stack_st_X509 *, int, int, int, int, int); + Cryptography_STACK_OF_X509 *, int, int, int, int, int); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 8f4f3a0b..f0c84fd6 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -168,11 +168,11 @@ ASN1_TIME *X509_get_notAfter(X509 *); long X509_REQ_get_version(X509_REQ *); X509_NAME *X509_REQ_get_subject_name(X509_REQ *); -struct stack_st_X509 *sk_X509_new_null(void); -void sk_X509_free(struct stack_st_X509 *); -int sk_X509_num(struct stack_st_X509 *); -int sk_X509_push(struct stack_st_X509 *, X509 *); -X509 *sk_X509_value(struct stack_st_X509 *, int); +Cryptography_STACK_OF_X509 *sk_X509_new_null(void); +void sk_X509_free(Cryptography_STACK_OF_X509 *); +int sk_X509_num(Cryptography_STACK_OF_X509 *); +int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *); +X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int); X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void); int sk_X509_EXTENSION_num(X509_EXTENSIONS *); diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index 25638ab0..a6f0a3c2 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -43,11 +43,11 @@ void X509_NAME_free(X509_NAME *); """ MACROS = """ -struct stack_st_X509_NAME *sk_X509_NAME_new_null(void); -int sk_X509_NAME_num(struct stack_st_X509_NAME *); -int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *); -X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int); -void sk_X509_NAME_free(struct stack_st_X509_NAME *); +Cryptography_STACK_OF_X509_NAME *sk_X509_NAME_new_null(void); +int sk_X509_NAME_num(Cryptography_STACK_OF_X509_NAME *); +int sk_X509_NAME_push(Cryptography_STACK_OF_X509_NAME *, X509_NAME *); +X509_NAME *sk_X509_NAME_value(Cryptography_STACK_OF_X509_NAME *, int); +void sk_X509_NAME_free(Cryptography_STACK_OF_X509_NAME *); """ CUSTOMIZATIONS = """ -- cgit v1.2.3 From ec79c43e9b6d35c9e715f3d0bf25a0cfd71fdc56 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 13:12:46 -0500 Subject: clean up the comments a bit --- cryptography/hazmat/backends/openssl/ssl.py | 8 -------- cryptography/hazmat/backends/openssl/x509.py | 7 +++++++ cryptography/hazmat/backends/openssl/x509name.py | 3 +++ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 32ea2190..499e9c3a 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -158,11 +158,6 @@ int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); -/* - * OpenSSL defines these with STACK_OF(...) but the STACK_OF macro does not - * play well with cffi. - */ - Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); @@ -195,9 +190,6 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); -/* - * See comment above about STACK_OF(...) - */ void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index f0c84fd6..c83f5685 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -14,6 +14,13 @@ INCLUDES = """ #include +/* + * This is part of a work-around for the difficulty cffi has in dealing with + * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that + * will be an alias for this type and use the alias throughout. This works + * together with another opaque typedef for the same name in the TYPES section. + * Note that the result is an opaque type. + */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index a6f0a3c2..bf627d61 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -14,6 +14,9 @@ INCLUDES = """ #include +/* + * See the comment above Cryptography_STACK_OF_X509 in x509.py + */ typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ -- cgit v1.2.3 From dec26e5aae31e645533ef9920c9f7d638745ee9a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 28 Dec 2013 14:35:16 -0800 Subject: Port the STACK_OF(X509_REVOKED) stuff to use the same pattern @exarkun figured out for X509 --- cryptography/hazmat/backends/openssl/x509.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index f0061a70..2e7505a0 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -22,9 +22,13 @@ INCLUDES = """ * Note that the result is an opaque type. */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; +typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; """ TYPES = """ +typedef ... Cryptography_STACK_OF_X509; +typedef ... Cryptography_STACK_OF_X509_REVOKED; + typedef struct { ASN1_OBJECT *algorithm; ...; @@ -45,8 +49,6 @@ typedef ... X509_EXTENSIONS; typedef ... X509_REQ; -typedef ... x509_revoked_st; - typedef struct { ASN1_INTEGER *serialNumber; ASN1_TIME *revocationDate; @@ -56,7 +58,7 @@ typedef struct { } X509_REVOKED; typedef struct { - struct stack_st_X509_REVOKED *revoked; + Cryptography_STACK_OF_X509_REVOKED *revoked; ...; } X509_CRL_INFO; @@ -72,7 +74,6 @@ typedef struct { typedef ... X509_STORE; typedef ... NETSCAPE_SPKI; -typedef ... Cryptography_STACK_OF_X509; """ FUNCTIONS = """ @@ -188,8 +189,8 @@ int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); void sk_X509_EXTENSION_free(X509_EXTENSIONS *); -int sk_X509_REVOKED_num(struct stack_st_X509_REVOKED *); -X509_REVOKED *sk_X509_REVOKED_value(struct stack_st_X509_REVOKED *, int); +int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); +X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *); -- cgit v1.2.3 From fe7cc9455c2973bf1b4a044cb38c20fa4c25df28 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 28 Dec 2013 17:44:48 -0600 Subject: remove some consts in the function arg declarations These functions take const in OpenSSL 1.0.0+ but not in 0.9.8. Removing the const declaration will silence warnings for 0.9.8 but not cause them in 1.0.0+. Not ideal, but *fingers crossed* shouldn't cause problems --- cryptography/hazmat/backends/openssl/asn1.py | 2 +- cryptography/hazmat/backends/openssl/ssl.py | 2 +- cryptography/hazmat/backends/openssl/x509.py | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index bf3cf48f..6701ea63 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -135,7 +135,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *); long ASN1_INTEGER_get(ASN1_INTEGER *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); -ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *, ASN1_INTEGER *); +ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 499e9c3a..fc7ccf37 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -247,7 +247,7 @@ const SSL_METHOD *SSLv23_server_method(void); const SSL_METHOD *SSLv23_client_method(void); /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/ -SSL_CTX *SSL_CTX_new(const SSL_METHOD *); +SSL_CTX *SSL_CTX_new(SSL_METHOD *); long SSL_CTX_get_timeout(const SSL_CTX *); /* SNI APIs were introduced in OpenSSL 1.0.0. To continue to support diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 2e7505a0..840254a2 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -193,8 +193,8 @@ int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ -int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *); -int X509_CRL_set_nextUpdate(X509_CRL *, const ASN1_TIME *); +int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); +int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); """ CUSTOMIZATIONS = """ -- cgit v1.2.3 From ddc4e3a7c9f2cfcf618d140730eb799bb5d5055a Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 29 Dec 2013 00:06:02 +0000 Subject: time_t is signed Unless you are on QNX, lulz. --- cryptography/hazmat/backends/openssl/asn1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index bf3cf48f..c6382234 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -33,7 +33,7 @@ TYPES = """ * I think you want to declare your value too large (e.g. long) * that way you'll never pass garbage */ -typedef uintptr_t time_t; +typedef intptr_t time_t; typedef int ASN1_BOOLEAN; typedef ... ASN1_INTEGER; -- cgit v1.2.3 From 6d43f5bde0efa27e784223aae18ca12f6ed1e11c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 28 Dec 2013 16:42:42 -0800 Subject: Make some types wider to be warning free on OS X --- cryptography/hazmat/backends/openssl/bio.py | 8 ++++---- cryptography/hazmat/backends/openssl/ssl.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/bio.py b/cryptography/hazmat/backends/openssl/bio.py index 264a2410..279ad223 100644 --- a/cryptography/hazmat/backends/openssl/bio.py +++ b/cryptography/hazmat/backends/openssl/bio.py @@ -143,10 +143,10 @@ long BIO_set_mem_buf(BIO *, BUF_MEM *, int); long BIO_get_mem_ptr(BIO *, BUF_MEM **); long BIO_set_fp(BIO *, FILE *, int); long BIO_get_fp(BIO *, FILE **); -int BIO_read_filename(BIO *, char *); -int BIO_write_filename(BIO *, char *); -int BIO_append_filename(BIO *, char *); -int BIO_rw_filename(BIO *, char *); +long BIO_read_filename(BIO *, char *); +long BIO_write_filename(BIO *, char *); +long BIO_append_filename(BIO *, char *); +long BIO_rw_filename(BIO *, char *); int BIO_should_read(BIO *); int BIO_should_write(BIO *); int BIO_should_io_special(BIO *); diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index fc7ccf37..2b1fb4a3 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -213,7 +213,7 @@ long SSL_get_options(SSL *); int SSL_want_read(const SSL *); int SSL_want_write(const SSL *); -int SSL_total_renegotiations(SSL *); +long SSL_total_renegotiations(SSL *); long SSL_CTX_set_options(SSL_CTX *, long); long SSL_CTX_get_options(SSL_CTX *); -- cgit v1.2.3 From e951cbc50cf2d159d520e9c7a46749e25c9b219b Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sun, 29 Dec 2013 07:34:25 -0500 Subject: Optionally bind some TLSv1_1 and TLSv1_2 features --- cryptography/hazmat/backends/openssl/ssl.py | 59 ++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 2b1fb4a3..6afe3a9d 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -16,8 +16,12 @@ INCLUDES = """ """ TYPES = """ -/* Internally invented symbol to tell us if SSLv2 is supported */ +/* + * Internally invented symbols to tell which versions of SSL/TLS are supported. +*/ static const int Cryptography_HAS_SSL2; +static const int Cryptography_HAS_TLSv1_1; +static const int Cryptography_HAS_TLSv1_2; /* Internally invented symbol to tell us if SNI is supported */ static const int Cryptography_HAS_TLSEXT_HOSTNAME; @@ -46,6 +50,8 @@ static const int SSL_RECEIVED_SHUTDOWN; static const int SSL_OP_NO_SSLv2; static const int SSL_OP_NO_SSLv3; static const int SSL_OP_NO_TLSv1; +static const int SSL_OP_NO_TLSv1_1; +static const int SSL_OP_NO_TLSv1_2; static const int SSL_OP_NO_COMPRESSION; static const int SSL_OP_SINGLE_DH_USE; static const int SSL_OP_EPHEMERAL_RSA; @@ -226,6 +232,8 @@ long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); /*- These aren't macros these functions are all const X on openssl > 1.0.x -*/ +/* methods */ + /* SSLv2 support is compiled out of some versions of OpenSSL. These will * get special support when we generate the bindings so that if they are * available they will be wrapped, but if they are not they won't cause @@ -235,13 +243,26 @@ const SSL_METHOD *SSLv2_method(void); const SSL_METHOD *SSLv2_server_method(void); const SSL_METHOD *SSLv2_client_method(void); -/* methods */ +/* + * TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of + * OpenSSL support them. + */ +const SSL_METHOD *TLSv1_1_method(void); +const SSL_METHOD *TLSv1_1_server_method(void); +const SSL_METHOD *TLSv1_1_client_method(void); + +const SSL_METHOD *TLSv1_2_method(void); +const SSL_METHOD *TLSv1_2_server_method(void); +const SSL_METHOD *TLSv1_2_client_method(void); + const SSL_METHOD *SSLv3_method(void); const SSL_METHOD *SSLv3_server_method(void); const SSL_METHOD *SSLv3_client_method(void); + const SSL_METHOD *TLSv1_method(void); const SSL_METHOD *TLSv1_server_method(void); const SSL_METHOD *TLSv1_client_method(void); + const SSL_METHOD *SSLv23_method(void); const SSL_METHOD *SSLv23_server_method(void); const SSL_METHOD *SSLv23_client_method(void); @@ -294,9 +315,43 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; const long SSL_OP_NO_COMPRESSION = 0; #endif + +#ifdef SSL_OP_NO_TLSv1_1 +static const long Cryptography_HAS_TLSv1_1 = 1; +#else +static const long Cryptography_HAS_TLSv1_1 = 0; +static const int SSL_OP_NO_TLSv1_1 = 0; +SSL_METHOD* (*TLSv1_1_method)(void) = NULL; +SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL; +SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL; +#endif + +#ifdef SSL_OP_NO_TLSv1_2 +static const long Cryptography_HAS_TLSv1_2 = 1; +#else +static const long Cryptography_HAS_TLSv1_2 = 0; +static const int SSL_OP_NO_TLSv1_2 = 0; +SSL_METHOD* (*TLSv1_2_method)(void) = NULL; +SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL; +SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL; +#endif """ CONDITIONAL_NAMES = { + "Cryptography_HAS_TLSv1_1": [ + "SSL_OP_NO_TLSv1_1", + "TLSv1_1_method", + "TLSv1_1_server_method", + "TLSv1_1_client_method", + ], + + "Cryptography_HAS_TLSv1_2": [ + "SSL_OP_NO_TLSv1_2", + "TLSv1_2_method", + "TLSv1_2_server_method", + "TLSv1_2_client_method", + ], + "Cryptography_HAS_SSL2": [ "SSLv2_method", "SSLv2_client_method", -- cgit v1.2.3 From 0cbe7a16e6c8be28ab8b3eb520ca9c271b8ab5ae Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 29 Dec 2013 08:20:52 -0800 Subject: Restore exposing a symbol when it's available. Refs #351 --- cryptography/hazmat/backends/openssl/ssl.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 2b1fb4a3..4322cc76 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -32,6 +32,8 @@ static const int Cryptography_HAS_RELEASE_BUFFERS; */ static const int Cryptography_HAS_OP_NO_COMPRESSION; +static const int Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; + static const int SSL_FILETYPE_PEM; static const int SSL_FILETYPE_ASN1; static const int SSL_ERROR_NONE; @@ -54,6 +56,7 @@ static const int SSL_OP_NETSCAPE_CHALLENGE_BUG; static const int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; static const int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; static const int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; +static const int SSL_OP_MSIE_SSLV2_RSA_PADDING; static const int SSL_OP_SSLEAY_080_CLIENT_DH_BUG; static const int SSL_OP_TLS_D5_BUG; static const int SSL_OP_TLS_BLOCK_PADDING_BUG; @@ -294,6 +297,13 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; const long SSL_OP_NO_COMPRESSION = 0; #endif + +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING +static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; +#else +static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; +const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; +#endif """ CONDITIONAL_NAMES = { @@ -317,4 +327,7 @@ CONDITIONAL_NAMES = { "SSL_OP_NO_COMPRESSION", ], + "Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [ + "SSL_OP_MSIE_SSLV2_RSA_PADDING", + ], } -- cgit v1.2.3 From 6eb15b0925ccf504941b35685afea9eef09d937a Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sun, 29 Dec 2013 14:14:37 -0500 Subject: Switch to long for these stand-in constants as suggested by reaperhulk to avoid compiler warnings --- cryptography/hazmat/backends/openssl/ssl.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index cc3b3fe6..48910573 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -323,7 +323,7 @@ const long SSL_OP_NO_COMPRESSION = 0; static const long Cryptography_HAS_TLSv1_1 = 1; #else static const long Cryptography_HAS_TLSv1_1 = 0; -static const int SSL_OP_NO_TLSv1_1 = 0; +static const long SSL_OP_NO_TLSv1_1 = 0; SSL_METHOD* (*TLSv1_1_method)(void) = NULL; SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL; SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL; @@ -333,7 +333,7 @@ SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL; static const long Cryptography_HAS_TLSv1_2 = 1; #else static const long Cryptography_HAS_TLSv1_2 = 0; -static const int SSL_OP_NO_TLSv1_2 = 0; +static const long SSL_OP_NO_TLSv1_2 = 0; SSL_METHOD* (*TLSv1_2_method)(void) = NULL; SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL; SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL; -- cgit v1.2.3 From d69cb49b273c47382ff135269903716729a06158 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sun, 29 Dec 2013 14:15:13 -0500 Subject: fix bogus merge --- cryptography/hazmat/backends/openssl/ssl.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 48910573..d0d5ae2d 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -337,6 +337,7 @@ static const long SSL_OP_NO_TLSv1_2 = 0; SSL_METHOD* (*TLSv1_2_method)(void) = NULL; SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL; SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL; +#endif #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; -- cgit v1.2.3 From 3c661e02397072746dd85397b300076a61fba58c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 29 Dec 2013 20:52:44 -0600 Subject: add the rest of the engine methods --- cryptography/hazmat/backends/openssl/engine.py | 108 +++++++++++++++++++++++-- 1 file changed, 101 insertions(+), 7 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/engine.py b/cryptography/hazmat/backends/openssl/engine.py index acd92eee..dc9c2748 100644 --- a/cryptography/hazmat/backends/openssl/engine.py +++ b/cryptography/hazmat/backends/openssl/engine.py @@ -17,6 +17,20 @@ INCLUDES = """ TYPES = """ typedef ... ENGINE; +typedef ... RSA_METHOD; +typedef ... DSA_METHOD; +typedef ... ECDH_METHOD; +typedef ... ECDSA_METHOD; +typedef ... DH_METHOD; +typedef ... RAND_METHOD; +typedef ... STORE_METHOD; +typedef ... ENGINE_GEN_INT_FUNC_PTR; +typedef ... ENGINE_CTRL_FUNC_PTR; +typedef ... ENGINE_LOAD_KEY_PTR; +typedef ... ENGINE_CIPHERS_PTR; +typedef ... ENGINE_DIGESTS_PTR; +typedef ... ENGINE_CMD_DEFN; +typedef ... UI_METHOD; static const unsigned int ENGINE_METHOD_RSA; static const unsigned int ENGINE_METHOD_DSA; @@ -40,16 +54,20 @@ int ENGINE_remove(ENGINE *); ENGINE *ENGINE_by_id(const char *); int ENGINE_init(ENGINE *); int ENGINE_finish(ENGINE *); -int ENGINE_free(ENGINE *); -void ENGINE_cleanup(void); +void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); +void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); -int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); -int ENGINE_set_default(ENGINE *, unsigned int); -int ENGINE_register_complete(ENGINE *); - +void ENGINE_cleanup(void); +ENGINE *ENGINE_get_default_RSA(void); +ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); +ENGINE *ENGINE_get_default_ECDSA(void); +ENGINE *ENGINE_get_default_DH(void); +ENGINE *ENGINE_get_default_RAND(void); +ENGINE *ENGINE_get_cipher_engine(int nid); +ENGINE *ENGINE_get_digest_engine(int nid); int ENGINE_set_default_RSA(ENGINE *); -int ENGINE_set_default_string(ENGINE *, const char *); int ENGINE_set_default_DSA(ENGINE *); int ENGINE_set_default_ECDH(ENGINE *); int ENGINE_set_default_ECDSA(ENGINE *); @@ -57,7 +75,83 @@ int ENGINE_set_default_DH(ENGINE *); int ENGINE_set_default_RAND(ENGINE *); int ENGINE_set_default_ciphers(ENGINE *); int ENGINE_set_default_digests(ENGINE *); +int ENGINE_set_default_string(ENGINE *, const char *); +int ENGINE_set_default(ENGINE *, unsigned int); +unsigned int ENGINE_get_table_flags(void); +void ENGINE_set_table_flags(unsigned int); +int ENGINE_register_RSA(ENGINE *); +void ENGINE_unregister_RSA(ENGINE *); +void ENGINE_register_all_RSA(void); +int ENGINE_register_DSA(ENGINE *); +void ENGINE_unregister_DSA(ENGINE *); +void ENGINE_register_all_DSA(void); +int ENGINE_register_ECDH(ENGINE *); +void ENGINE_unregister_ECDH(ENGINE *); +void ENGINE_register_all_ECDH(void); +int ENGINE_register_ECDSA(ENGINE *); +void ENGINE_unregister_ECDSA(ENGINE *); +void ENGINE_register_all_ECDSA(void); +int ENGINE_register_DH(ENGINE *); +void ENGINE_unregister_DH(ENGINE *); +void ENGINE_register_all_DH(void); +int ENGINE_register_RAND(ENGINE *); +void ENGINE_unregister_RAND(ENGINE *); +void ENGINE_register_all_RAND(void); +int ENGINE_register_STORE(ENGINE *); +void ENGINE_unregister_STORE(ENGINE *); +void ENGINE_register_all_STORE(void); +int ENGINE_register_ciphers(ENGINE *); +void ENGINE_unregister_ciphers(ENGINE *); +void ENGINE_register_all_ciphers(void); +int ENGINE_register_digests(ENGINE *); +void ENGINE_unregister_digests(ENGINE *); +void ENGINE_register_all_digests(void); +int ENGINE_register_complete(ENGINE *); +int ENGINE_register_all_complete(void); +int ENGINE_ctrl(ENGINE *, int, long, void *, void (*)(void)); +int ENGINE_cmd_is_executable(ENGINE *, int); +int ENGINE_ctrl_cmd(ENGINE *, const char *, long, void *, void (*)(void), int); +int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); + +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *); +int ENGINE_up_ref(ENGINE *); +int ENGINE_set_id(ENGINE *, const char *); +int ENGINE_set_name(ENGINE *, const char *); +int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *); +int ENGINE_set_DSA(ENGINE *, const DSA_METHOD *); +int ENGINE_set_ECDH(ENGINE *, const ECDH_METHOD *); +int ENGINE_set_ECDSA(ENGINE *, const ECDSA_METHOD *); +int ENGINE_set_DH(ENGINE *, const DH_METHOD *); +int ENGINE_set_RAND(ENGINE *, const RAND_METHOD *); +int ENGINE_set_STORE(ENGINE *, const STORE_METHOD *); +int ENGINE_set_destroy_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR); +int ENGINE_set_init_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR); +int ENGINE_set_finish_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR); +int ENGINE_set_ctrl_function(ENGINE *, ENGINE_CTRL_FUNC_PTR); +int ENGINE_set_load_privkey_function(ENGINE *, ENGINE_LOAD_KEY_PTR); +int ENGINE_set_load_pubkey_function(ENGINE *, ENGINE_LOAD_KEY_PTR); +int ENGINE_set_ciphers(ENGINE *, ENGINE_CIPHERS_PTR); +int ENGINE_set_digests(ENGINE *, ENGINE_DIGESTS_PTR); +int ENGINE_set_flags(ENGINE *, int); +int ENGINE_set_cmd_defns(ENGINE *, const ENGINE_CMD_DEFN *); +const char *ENGINE_get_id(const ENGINE *); +const char *ENGINE_get_name(const ENGINE *); +const RSA_METHOD *ENGINE_get_RSA(const ENGINE *); +const DSA_METHOD *ENGINE_get_DSA(const ENGINE *); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *); +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *); +const DH_METHOD *ENGINE_get_DH(const ENGINE *); +const RAND_METHOD *ENGINE_get_RAND(const ENGINE *); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *); +const EVP_CIPHER *ENGINE_get_cipher(ENGINE *, int); +const EVP_MD *ENGINE_get_digest(ENGINE *, int); +int ENGINE_get_flags(const ENGINE *); +const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *); +EVP_PKEY *ENGINE_load_private_key(ENGINE *, const char *, UI_METHOD *, void *); +EVP_PKEY *ENGINE_load_public_key(ENGINE *, const char *, UI_METHOD *, void *); +void ENGINE_add_conf_module(void); """ MACROS = """ -- cgit v1.2.3 From 718bb42f9e9692fd7be4084bfb16d0deb08d3cc3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 29 Dec 2013 20:56:23 -0600 Subject: missed some param names (C style fix) --- cryptography/hazmat/backends/openssl/engine.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/engine.py b/cryptography/hazmat/backends/openssl/engine.py index dc9c2748..390bfde1 100644 --- a/cryptography/hazmat/backends/openssl/engine.py +++ b/cryptography/hazmat/backends/openssl/engine.py @@ -65,8 +65,8 @@ ENGINE *ENGINE_get_default_ECDH(void); ENGINE *ENGINE_get_default_ECDSA(void); ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_RAND(void); -ENGINE *ENGINE_get_cipher_engine(int nid); -ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_cipher_engine(int); +ENGINE *ENGINE_get_digest_engine(int); int ENGINE_set_default_RSA(ENGINE *); int ENGINE_set_default_DSA(ENGINE *); int ENGINE_set_default_ECDH(ENGINE *); -- cgit v1.2.3