From fbb128fa06b81d64d2e9d27f17d65685b3d6624c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 9 Jan 2014 23:24:44 -0600 Subject: add brewed openssl to travis osx --- .travis.yml | 17 +---------------- .travis/install.sh | 4 ++++ 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index babea99b..950cb487 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,7 +30,7 @@ install: - ./.travis/install.sh script: - - if [[ "$(uname -s)" == "Darwin" ]]; then eval "$(pyenv init -)"; fi && source ~/.venv/bin/activate && tox -e $TOX_ENV + - if [[ "$(uname -s)" == "Darwin" ]]; then export ARCHFLAGS="-arch x86_64" && export LDFLAGS="-L/usr/local/opt/openssl/lib" && export CFLAGS="-I/usr/local/opt/openssl/include" && eval "$(pyenv init -)"; fi && source ~/.venv/bin/activate && tox -e $TOX_ENV after_success: - coveralls @@ -63,21 +63,6 @@ matrix: - os: osx env: TOX_ENV=pypy compiler: gcc - - os: osx - env: TOX_ENV=py26 - compiler: clang - - os: osx - env: TOX_ENV=py27 - compiler: clang - - os: osx - env: TOX_ENV=py32 - compiler: clang - - os: osx - env: TOX_ENV=py33 - compiler: clang - - os: osx - env: TOX_ENV=pypy - compiler: clang - os: osx env: TOX_ENV=py26 OPENSSL=0.9.8 compiler: gcc diff --git a/.travis/install.sh b/.travis/install.sh index 8d6840f2..777ca87a 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -43,6 +43,10 @@ if [[ "$(uname -s)" == "Darwin" ]]; then ;; esac pyenv rehash + if [[ "${OPENSSL}" != "0.9.8" ]]; then + curl -O https://langui.sh/travis/openssl-1.0.1f.mavericks.bottle.tar.gz + brew install openssl-1.0.1f.mavericks.bottle.tar.gz + fi else # add mega-python ppa sudo add-apt-repository -y ppa:fkrull/deadsnakes -- cgit v1.2.3 From fff077f5de6877280e1172a504fd3c91a927fb99 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 9 Jan 2014 23:42:31 -0600 Subject: move script to separate file for readability --- .travis.yml | 2 +- .travis/run.sh | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100755 .travis/run.sh diff --git a/.travis.yml b/.travis.yml index 950cb487..e77a3b26 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,7 +30,7 @@ install: - ./.travis/install.sh script: - - if [[ "$(uname -s)" == "Darwin" ]]; then export ARCHFLAGS="-arch x86_64" && export LDFLAGS="-L/usr/local/opt/openssl/lib" && export CFLAGS="-I/usr/local/opt/openssl/include" && eval "$(pyenv init -)"; fi && source ~/.venv/bin/activate && tox -e $TOX_ENV + - ./.travis/run.sh after_success: - coveralls diff --git a/.travis/run.sh b/.travis/run.sh new file mode 100755 index 00000000..2d99f8c4 --- /dev/null +++ b/.travis/run.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e +set -x + +if [[ "$(uname -s)" == "Darwin" ]]; then + eval "$(pyenv init -)" + if [[ "${OPENSSL}" != "0.9.8" ]]; then + export ARCHFLAGS="-arch x86_64" + export LDFLAGS="-L/usr/local/opt/openssl/lib" + export CFLAGS="-I/usr/local/opt/openssl/include" + fi +fi +source ~/.venv/bin/activate +tox -e $TOX_ENV -- cgit v1.2.3 From ccb4f6f4d9ce86208cfe40451f390191e4bf3596 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 9 Jan 2014 23:42:53 -0600 Subject: let's see what version of openssl is already installed on these slaves --- .travis/install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis/install.sh b/.travis/install.sh index 777ca87a..3f0f8ffd 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -44,8 +44,10 @@ if [[ "$(uname -s)" == "Darwin" ]]; then esac pyenv rehash if [[ "${OPENSSL}" != "0.9.8" ]]; then + /usr/local/opt/openssl/bin/openssl version curl -O https://langui.sh/travis/openssl-1.0.1f.mavericks.bottle.tar.gz brew install openssl-1.0.1f.mavericks.bottle.tar.gz + /usr/local/opt/openssl/bin/openssl version fi else # add mega-python ppa -- cgit v1.2.3 From c4359578acac27d9709c284a1f350c44245c60ef Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 9 Jan 2014 23:51:30 -0600 Subject: remove unneeded openssl bottle --- .travis.yml | 2 +- .travis/install.sh | 6 ------ .travis/run.sh | 2 ++ 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index e77a3b26..a70bb8cf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,7 +33,7 @@ script: - ./.travis/run.sh after_success: - - coveralls + - source ~/.venv/bin/activate && coveralls notifications: irc: diff --git a/.travis/install.sh b/.travis/install.sh index 3f0f8ffd..8d6840f2 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -43,12 +43,6 @@ if [[ "$(uname -s)" == "Darwin" ]]; then ;; esac pyenv rehash - if [[ "${OPENSSL}" != "0.9.8" ]]; then - /usr/local/opt/openssl/bin/openssl version - curl -O https://langui.sh/travis/openssl-1.0.1f.mavericks.bottle.tar.gz - brew install openssl-1.0.1f.mavericks.bottle.tar.gz - /usr/local/opt/openssl/bin/openssl version - fi else # add mega-python ppa sudo add-apt-repository -y ppa:fkrull/deadsnakes diff --git a/.travis/run.sh b/.travis/run.sh index 2d99f8c4..8b3093df 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -6,6 +6,8 @@ set -x if [[ "$(uname -s)" == "Darwin" ]]; then eval "$(pyenv init -)" if [[ "${OPENSSL}" != "0.9.8" ]]; then + # travis has 1.0.1e installed via homebrew on OS X by default + # so set our flags to use that export ARCHFLAGS="-arch x86_64" export LDFLAGS="-L/usr/local/opt/openssl/lib" export CFLAGS="-I/usr/local/opt/openssl/include" -- cgit v1.2.3 From 8d0434332075768668331abd568ad5a69bb81df4 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 11 Jan 2014 20:20:07 -0500 Subject: Make just one call to ffi.cdef for most of the definitions --- cryptography/hazmat/bindings/utils.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py index 69290eb3..9cc05506 100644 --- a/cryptography/hazmat/bindings/utils.py +++ b/cryptography/hazmat/bindings/utils.py @@ -34,6 +34,7 @@ def build_ffi(module_prefix, modules, pre_include, post_include, libraries): condition. """ ffi = cffi.FFI() + types = [] includes = [] functions = [] macros = [] @@ -43,8 +44,7 @@ def build_ffi(module_prefix, modules, pre_include, post_include, libraries): __import__(module_name) module = sys.modules[module_name] - ffi.cdef(module.TYPES) - + types.append(module.TYPES) macros.append(module.MACROS) functions.append(module.FUNCTIONS) includes.append(module.INCLUDES) @@ -53,10 +53,7 @@ def build_ffi(module_prefix, modules, pre_include, post_include, libraries): # loop over the functions & macros after declaring all the types # so we can set interdependent types in different files and still # have them all defined before we parse the funcs & macros - for func in functions: - ffi.cdef(func) - for macro in macros: - ffi.cdef(macro) + ffi.cdef("\n".join(types + functions + macros)) # We include functions here so that if we got any of their definitions # wrong, the underlying C compiler will explode. In C you are allowed -- cgit v1.2.3 From e1e8e561cc54d66b9fbb5ccf436830b0ceeb1474 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 11 Jan 2014 21:19:11 -0600 Subject: remove comment that's no longer needed --- cryptography/hazmat/bindings/utils.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/cryptography/hazmat/bindings/utils.py b/cryptography/hazmat/bindings/utils.py index 9cc05506..b8253483 100644 --- a/cryptography/hazmat/bindings/utils.py +++ b/cryptography/hazmat/bindings/utils.py @@ -50,9 +50,6 @@ def build_ffi(module_prefix, modules, pre_include, post_include, libraries): includes.append(module.INCLUDES) customizations.append(module.CUSTOMIZATIONS) - # loop over the functions & macros after declaring all the types - # so we can set interdependent types in different files and still - # have them all defined before we parse the funcs & macros ffi.cdef("\n".join(types + functions + macros)) # We include functions here so that if we got any of their definitions -- cgit v1.2.3 From 007e5e11d761a9d05adf7f074c8fdda427c38b10 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 12 Jan 2014 14:25:49 -0800 Subject: Verify the tag len for GCM --- docs/hazmat/primitives/symmetric-encryption.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 83165690..7d954046 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -324,6 +324,11 @@ Modes return (iv, ciphertext, encryptor.tag) def decrypt(key, associated_data, iv, ciphertext, tag): + if len(tag) != 16: + raise ValueError( + "tag must be 16 bytes -- truncation not supported" + ) + # Construct a Cipher object, with the key, iv, and additionally the # GCM tag used for authenticating the message. decryptor = Cipher( -- cgit v1.2.3 From 26287be0dccc51730608475fdde8f0b3f474e20e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 12 Jan 2014 23:50:42 -0500 Subject: check if openssl is installed via homebrew on osx. install if not --- .travis/install.sh | 15 +++++++++++---- .travis/run.sh | 3 +-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.travis/install.sh b/.travis/install.sh index 8d6840f2..fd210d43 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -3,10 +3,17 @@ set -e set -x -if [[ "${OPENSSL}" == "0.9.8" && "$(uname -s)" != "Darwin" ]]; then - sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ lucid main" - sudo apt-get -y update - sudo apt-get install -y --force-yes libssl-dev/lucid +if [[ "${OPENSSL}" == "0.9.8" ]]; then + if [[ "$(uname -s)" != "Darwin" ]]; then + sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ lucid main" + sudo apt-get -y update + sudo apt-get install -y --force-yes libssl-dev/lucid + else + # travis has openssl installed via brew already, but let's be sure + if [[ "$(brew list | grep openssl)" != "openssl" ]]; then + brew install openssl + fi + fi fi if [[ "$(uname -s)" == "Darwin" ]]; then diff --git a/.travis/run.sh b/.travis/run.sh index 8b3093df..4c01d67a 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -6,8 +6,7 @@ set -x if [[ "$(uname -s)" == "Darwin" ]]; then eval "$(pyenv init -)" if [[ "${OPENSSL}" != "0.9.8" ]]; then - # travis has 1.0.1e installed via homebrew on OS X by default - # so set our flags to use that + # so set our flags to use homebrew openssl export ARCHFLAGS="-arch x86_64" export LDFLAGS="-L/usr/local/opt/openssl/lib" export CFLAGS="-I/usr/local/opt/openssl/include" -- cgit v1.2.3 From eadc2eeb2137ac5716089654594b91055647f28f Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 12:52:51 -0600 Subject: Start binding some stuff for ECDHE in pyOpenSSL. --- cryptography/hazmat/bindings/openssl/binding.py | 1 + cryptography/hazmat/bindings/openssl/ec.py | 31 +++++++++++++++++++++++++ cryptography/hazmat/bindings/openssl/ssl.py | 2 ++ 3 files changed, 34 insertions(+) create mode 100644 cryptography/hazmat/bindings/openssl/ec.py diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py index 8a4e1dd3..88299d14 100644 --- a/cryptography/hazmat/bindings/openssl/binding.py +++ b/cryptography/hazmat/bindings/openssl/binding.py @@ -48,6 +48,7 @@ class Binding(object): "crypto", "dh", "dsa", + "ec", "engine", "err", "evp", diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py new file mode 100644 index 00000000..7532a85e --- /dev/null +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +INCLUDES = """ +""" + +TYPES = """ +typdef ... EC_KEY; +""" + +FUNCTIONS = """ +EC_KEY *EC_KEY_new_by_curve_name(int); +""" + +MACROS = """ +""" + +CUSTOMIZATIONS = """ +""" + +CONDITIONAL_NAMES = {} diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index d0d5ae2d..ffc30963 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -77,6 +77,7 @@ static const int SSL_OP_NO_QUERY_MTU; static const int SSL_OP_COOKIE_EXCHANGE; static const int SSL_OP_NO_TICKET; static const int SSL_OP_ALL; +static const int SSL_OP_SINGLE_ECDH_USE; static const int SSL_VERIFY_PEER; static const int SSL_VERIFY_FAIL_IF_NO_PEER_CERT; static const int SSL_VERIFY_CLIENT_ONCE; @@ -231,6 +232,7 @@ long SSL_CTX_get_mode(SSL_CTX *); long SSL_CTX_set_session_cache_mode(SSL_CTX *, long); long SSL_CTX_get_session_cache_mode(SSL_CTX *); long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *); +long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *); long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); /*- These aren't macros these functions are all const X on openssl > 1.0.x -*/ -- cgit v1.2.3 From f2c5bfa982914237f930ba67daf2f29cebdcf4ad Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 12:55:35 -0600 Subject: oops --- cryptography/hazmat/bindings/openssl/ec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 7532a85e..24539477 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -15,7 +15,7 @@ INCLUDES = """ """ TYPES = """ -typdef ... EC_KEY; +typedef ... EC_KEY; """ FUNCTIONS = """ -- cgit v1.2.3 From df25003eccb13aa307a97eb0d982168bbef63441 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 13:19:30 -0600 Subject: This is also a requirement --- dev-requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/dev-requirements.txt b/dev-requirements.txt index b2a6c79c..70a2b9bf 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -5,6 +5,7 @@ iso8601 pretend pytest sphinx +sphinxcontrib-spelling sphinx_rtd_theme tox twine -- cgit v1.2.3 From eb656bd97fe5eaac3bb54e3c3c73cbceddcb87b8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 14:43:37 -0600 Subject: Don't require sphinx spelling to be installed, for readthedocs benefit --- docs/conf.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/conf.py b/docs/conf.py index a42dcb22..fbd6d57b 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -19,6 +19,11 @@ try: except ImportError: sphinx_rtd_theme = None +try: + from sphinxcontrib import spelling +except ImportError: + spelling = None + # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the @@ -38,9 +43,11 @@ extensions = [ 'sphinx.ext.intersphinx', 'sphinx.ext.viewcode', 'cryptography-docs', - 'sphinxcontrib.spelling', ] +if spelling is not None: + extensions.append('sphinxcontrib.spelling') + # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] -- cgit v1.2.3 From 2b49e3456e14e7a85983571a12070dc8cecbb7c5 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 16 Jan 2014 15:42:40 -0500 Subject: add conditional ERR_remove_thread_state. PyOpenSSL uses this --- cryptography/hazmat/bindings/openssl/crypto.py | 2 ++ cryptography/hazmat/bindings/openssl/err.py | 19 ++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/crypto.py b/cryptography/hazmat/bindings/openssl/crypto.py index 189867bd..40d91bf2 100644 --- a/cryptography/hazmat/bindings/openssl/crypto.py +++ b/cryptography/hazmat/bindings/openssl/crypto.py @@ -16,6 +16,8 @@ INCLUDES = """ """ TYPES = """ +typedef ... CRYPTO_THREADID; + static const int SSLEAY_VERSION; static const int SSLEAY_CFLAGS; static const int SSLEAY_PLATFORM; diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 1b66bd2a..99808d41 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -16,6 +16,8 @@ INCLUDES = """ """ TYPES = """ +static const int Cryptography_HAS_NEW_THREAD_METHOD; + struct ERR_string_data_st { unsigned long error; const char *string; @@ -114,9 +116,24 @@ int ERR_GET_LIB(unsigned long); int ERR_GET_FUNC(unsigned long); int ERR_GET_REASON(unsigned long); int ERR_FATAL_ERROR(unsigned long); +/* introduced in 1.0.0 so we have to handle this specially to continue + * supporting 0.9.8 + */ +void ERR_remove_thread_state(const CRYPTO_THREADID *); """ CUSTOMIZATIONS = """ +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +static const long Cryptography_HAS_NEW_THREAD_METHOD = 1; +#else +static const long Cryptography_HAS_NEW_THREAD_METHOD = 0; +typedef uint32_t CRYPTO_THREADID; +void (*ERR_remove_thread_state)(const CRYPTO_THREADID *); +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_NEW_THREAD_METHOD": [ + "ERR_remove_thread_state" + ], +} -- cgit v1.2.3 From 162eead0c6848b8aedf326a89b1ef76c510d3096 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 17:04:05 -0600 Subject: Allow these to not be defined because lololol fedora/centos --- cryptography/hazmat/bindings/openssl/ec.py | 12 +++++++++++- cryptography/hazmat/bindings/openssl/ssl.py | 8 ++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 24539477..9720a60b 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -26,6 +26,16 @@ MACROS = """ """ CUSTOMIZATIONS = """ +#ifdef OPENSSL_NO_EC +static const long Cryptography_HAS_EC = 0; +#else +static const long Cryptography_HAS_EC = 1; +EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_EC": [ + "EC_KEY_new_by_curve_name", + ] +} diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index ffc30963..cd872d18 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -347,6 +347,10 @@ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0; #endif + +#ifdef OPENSSL_NO_EC +long (*SSL_CTX_set_tmp_ecdh)(SSL_CTX *, EC_KEY *) = NULL; +#endif """ CONDITIONAL_NAMES = { @@ -387,4 +391,8 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [ "SSL_OP_MSIE_SSLV2_RSA_PADDING", ], + + "Cryptography_HAS_EC": [ + "EC_KEY_new_by_curve_name", + ] } -- cgit v1.2.3 From d63149471b054de94090e3eb503f010ecc5569bc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 17:27:02 -0600 Subject: reversed --- cryptography/hazmat/bindings/openssl/ec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 9720a60b..3acb77e2 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -28,9 +28,9 @@ MACROS = """ CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_EC static const long Cryptography_HAS_EC = 0; +EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; #else static const long Cryptography_HAS_EC = 1; -EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; #endif """ -- cgit v1.2.3 From 3e5e6863c498791f0a74df1875b8ec92a473acdc Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 17:59:08 -0600 Subject: Added forgotten decl --- cryptography/hazmat/bindings/openssl/ec.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index 3acb77e2..cbb03360 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -15,6 +15,8 @@ INCLUDES = """ """ TYPES = """ +static const int Cryptography_HAS_EC; + typedef ... EC_KEY; """ -- cgit v1.2.3 From dd97bfef26c28cd2a91e8fe7ad13cbfbd9535299 Mon Sep 17 00:00:00 2001 From: David Reid Date: Thu, 16 Jan 2014 19:46:22 -0800 Subject: Specify the epub theme to fix the epub build on RTD. --- docs/conf.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/conf.py b/docs/conf.py index fbd6d57b..3486fb38 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -270,3 +270,5 @@ texinfo_documents = [ # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = {'http://docs.python.org/': None} + +epub_theme = 'epub' -- cgit v1.2.3 From 675577bdb921c08bc604138050ce26c877d3f36e Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 16 Jan 2014 22:04:58 -0600 Subject: Expose the nids for the various eliptical curve things. I don't understand what these mean. --- cryptography/hazmat/bindings/openssl/ec.py | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index cbb03360..c9ca388f 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -12,12 +12,22 @@ # limitations under the License. INCLUDES = """ +#include +#include """ TYPES = """ static const int Cryptography_HAS_EC; typedef ... EC_KEY; + +static const int NID_X9_62_prime192v1; +static const int NID_X9_62_prime192v2; +static const int NID_X9_62_prime192v3; +static const int NID_X9_62_prime239v1; +static const int NID_X9_62_prime239v2; +static const int NID_X9_62_prime239v3; +static const int NID_X9_62_prime256v1; """ FUNCTIONS = """ @@ -31,6 +41,14 @@ CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_EC static const long Cryptography_HAS_EC = 0; EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; + +static const long NID_X9_62_prime192v1 = -1; +static const long NID_X9_62_prime192v2 = -1; +static const long NID_X9_62_prime192v3 = -1; +static const long NID_X9_62_prime239v1 = -1; +static const long NID_X9_62_prime239v2 = -1; +static const long NID_X9_62_prime239v3 = -1; +static const long NID_X9_62_prime256v1 = -1; #else static const long Cryptography_HAS_EC = 1; #endif @@ -39,5 +57,13 @@ static const long Cryptography_HAS_EC = 1; CONDITIONAL_NAMES = { "Cryptography_HAS_EC": [ "EC_KEY_new_by_curve_name", - ] + + "NID_X9_62_prime192v1", + "NID_X9_62_prime192v2", + "NID_X9_62_prime192v3", + "NID_X9_62_prime239v1", + "NID_X9_62_prime239v2", + "NID_X9_62_prime239v3", + "NID_X9_62_prime256v1", + ], } -- cgit v1.2.3 From 78de94dc4e016beecaeed13aecc98ee6bde28115 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 17 Jan 2014 12:02:27 -0600 Subject: Expose a name needed for ECDHE -- the NIDs are always available --- cryptography/hazmat/bindings/openssl/ec.py | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py index c9ca388f..9f10365a 100644 --- a/cryptography/hazmat/bindings/openssl/ec.py +++ b/cryptography/hazmat/bindings/openssl/ec.py @@ -32,6 +32,7 @@ static const int NID_X9_62_prime256v1; FUNCTIONS = """ EC_KEY *EC_KEY_new_by_curve_name(int); +void EC_KEY_free(EC_KEY *); """ MACROS = """ @@ -41,14 +42,7 @@ CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_EC static const long Cryptography_HAS_EC = 0; EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL; - -static const long NID_X9_62_prime192v1 = -1; -static const long NID_X9_62_prime192v2 = -1; -static const long NID_X9_62_prime192v3 = -1; -static const long NID_X9_62_prime239v1 = -1; -static const long NID_X9_62_prime239v2 = -1; -static const long NID_X9_62_prime239v3 = -1; -static const long NID_X9_62_prime256v1 = -1; +void (*EC_KEY_free)(EC_KEY *) = NULL; #else static const long Cryptography_HAS_EC = 1; #endif @@ -57,13 +51,6 @@ static const long Cryptography_HAS_EC = 1; CONDITIONAL_NAMES = { "Cryptography_HAS_EC": [ "EC_KEY_new_by_curve_name", - - "NID_X9_62_prime192v1", - "NID_X9_62_prime192v2", - "NID_X9_62_prime192v3", - "NID_X9_62_prime239v1", - "NID_X9_62_prime239v2", - "NID_X9_62_prime239v3", - "NID_X9_62_prime256v1", + "EC_KEY_free", ], } -- cgit v1.2.3 From 8ea6a82864ef0074b5b0b6e8327fd155b5075a12 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 17 Jan 2014 16:08:46 -0600 Subject: Document when the common crypto bindings were added --- docs/changelog.rst | 5 ++++- docs/hazmat/bindings/commoncrypto.rst | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index 41db635e..289992f4 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -1,9 +1,12 @@ Changelog ========= + 0.2 - 2014-XX-XX ~~~~~~~~~~~~~~~~ -* In development. +**In development** + +* Added initial CommonCrypto bindings. 0.1 - 2014-01-08 ~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/bindings/commoncrypto.rst b/docs/hazmat/bindings/commoncrypto.rst index 25535e02..c4f614c2 100644 --- a/docs/hazmat/bindings/commoncrypto.rst +++ b/docs/hazmat/bindings/commoncrypto.rst @@ -5,6 +5,8 @@ CommonCrypto Binding .. currentmodule:: cryptography.hazmat.bindings.commoncrypto.binding +.. versionadded:: 0.2 + These are `CFFI`_ bindings to the `CommonCrypto`_ C library. It is available on Mac OS X. -- cgit v1.2.3 From e30d62cd9e2cf95259721b24bbf6d33aaf08161b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 17 Jan 2014 21:15:41 -0600 Subject: rename variable to be less confusing and terrible --- cryptography/hazmat/bindings/openssl/err.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 99808d41..5399b597 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -16,7 +16,7 @@ INCLUDES = """ """ TYPES = """ -static const int Cryptography_HAS_NEW_THREAD_METHOD; +static const int Cryptography_HAS_REMOVE_THREAD_STATE; struct ERR_string_data_st { unsigned long error; @@ -124,16 +124,16 @@ void ERR_remove_thread_state(const CRYPTO_THREADID *); CUSTOMIZATIONS = """ #if OPENSSL_VERSION_NUMBER >= 0x10000000L -static const long Cryptography_HAS_NEW_THREAD_METHOD = 1; +static const long Cryptography_HAS_REMOVE_THREAD_STATE = 1; #else -static const long Cryptography_HAS_NEW_THREAD_METHOD = 0; +static const long Cryptography_HAS_REMOVE_THREAD_STATE = 0; typedef uint32_t CRYPTO_THREADID; void (*ERR_remove_thread_state)(const CRYPTO_THREADID *); #endif """ CONDITIONAL_NAMES = { - "Cryptography_HAS_NEW_THREAD_METHOD": [ + "Cryptography_HAS_REMOVE_THREAD_STATE": [ "ERR_remove_thread_state" ], } -- cgit v1.2.3 From f72b557efecbb1c78411775f6f89f7b0a7c98841 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 18 Jan 2014 09:36:45 +0000 Subject: Tell cffi these opaque types are pointers. Fixes #469 --- cryptography/hazmat/bindings/openssl/engine.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/engine.py b/cryptography/hazmat/bindings/openssl/engine.py index 390bfde1..77118e81 100644 --- a/cryptography/hazmat/bindings/openssl/engine.py +++ b/cryptography/hazmat/bindings/openssl/engine.py @@ -24,11 +24,11 @@ typedef ... ECDSA_METHOD; typedef ... DH_METHOD; typedef ... RAND_METHOD; typedef ... STORE_METHOD; -typedef ... ENGINE_GEN_INT_FUNC_PTR; -typedef ... ENGINE_CTRL_FUNC_PTR; -typedef ... ENGINE_LOAD_KEY_PTR; -typedef ... ENGINE_CIPHERS_PTR; -typedef ... ENGINE_DIGESTS_PTR; +typedef ... *ENGINE_GEN_INT_FUNC_PTR; +typedef ... *ENGINE_CTRL_FUNC_PTR; +typedef ... *ENGINE_LOAD_KEY_PTR; +typedef ... *ENGINE_CIPHERS_PTR; +typedef ... *ENGINE_DIGESTS_PTR; typedef ... ENGINE_CMD_DEFN; typedef ... UI_METHOD; -- cgit v1.2.3 From 13c48f710b9e1fa51f3a1eddeaf07fd7d1393540 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sat, 18 Jan 2014 09:57:00 +0000 Subject: More bindings for asymmetric stuff --- cryptography/hazmat/bindings/openssl/err.py | 150 ++++++++++++++++++++++++++-- cryptography/hazmat/bindings/openssl/pem.py | 25 ++++- 2 files changed, 168 insertions(+), 7 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py index 5399b597..ddb60ef7 100644 --- a/cryptography/hazmat/bindings/openssl/err.py +++ b/cryptography/hazmat/bindings/openssl/err.py @@ -24,17 +24,157 @@ struct ERR_string_data_st { }; typedef struct ERR_string_data_st ERR_STRING_DATA; -static const int ASN1_R_BAD_PASSWORD_READ; static const int ERR_LIB_EVP; static const int ERR_LIB_PEM; +static const int ERR_LIB_ASN1; +static const int ASN1_F_ASN1_ENUMERATED_TO_BN; +static const int ASN1_F_ASN1_EX_C2I; +static const int ASN1_F_ASN1_FIND_END; +static const int ASN1_F_ASN1_GENERALIZEDTIME_SET; +static const int ASN1_F_ASN1_GENERATE_V3; +static const int ASN1_F_ASN1_GET_OBJECT; +static const int ASN1_F_ASN1_ITEM_I2D_FP; +static const int ASN1_F_ASN1_ITEM_PACK; +static const int ASN1_F_ASN1_ITEM_SIGN; +static const int ASN1_F_ASN1_ITEM_UNPACK; +static const int ASN1_F_ASN1_ITEM_VERIFY; +static const int ASN1_F_ASN1_MBSTRING_NCOPY; +static const int ASN1_F_ASN1_TEMPLATE_EX_D2I; +static const int ASN1_F_ASN1_TEMPLATE_NEW; +static const int ASN1_F_ASN1_TEMPLATE_NOEXP_D2I; +static const int ASN1_F_ASN1_TIME_SET; +static const int ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING; +static const int ASN1_F_ASN1_TYPE_GET_OCTETSTRING; +static const int ASN1_F_ASN1_UNPACK_STRING; +static const int ASN1_F_ASN1_UTCTIME_SET; +static const int ASN1_F_ASN1_VERIFY; +static const int ASN1_F_B64_READ_ASN1; +static const int ASN1_F_B64_WRITE_ASN1; +static const int ASN1_F_BITSTR_CB; +static const int ASN1_F_BN_TO_ASN1_ENUMERATED; +static const int ASN1_F_BN_TO_ASN1_INTEGER; +static const int ASN1_F_D2I_ASN1_TYPE_BYTES; +static const int ASN1_F_D2I_ASN1_UINTEGER; +static const int ASN1_F_D2I_ASN1_UTCTIME; +static const int ASN1_F_D2I_NETSCAPE_RSA; +static const int ASN1_F_D2I_NETSCAPE_RSA_2; +static const int ASN1_F_D2I_PRIVATEKEY; +static const int ASN1_F_D2I_X509; +static const int ASN1_F_D2I_X509_CINF; +static const int ASN1_F_D2I_X509_PKEY; +static const int ASN1_F_I2D_ASN1_SET; +static const int ASN1_F_I2D_ASN1_TIME; +static const int ASN1_F_I2D_DSA_PUBKEY; +static const int ASN1_F_LONG_C2I; +static const int ASN1_F_OID_MODULE_INIT; +static const int ASN1_F_PARSE_TAGGING; +static const int ASN1_F_PKCS5_PBE_SET; +static const int ASN1_F_SMIME_READ_ASN1; +static const int ASN1_F_SMIME_TEXT; +static const int ASN1_F_X509_CINF_NEW; +static const int ASN1_R_BOOLEAN_IS_WRONG_LENGTH; +static const int ASN1_R_BUFFER_TOO_SMALL; +static const int ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER; +static const int ASN1_R_DATA_IS_WRONG; +static const int ASN1_R_DECODE_ERROR; +static const int ASN1_R_DECODING_ERROR; +static const int ASN1_R_DEPTH_EXCEEDED; +static const int ASN1_R_ENCODE_ERROR; +static const int ASN1_R_ERROR_GETTING_TIME; +static const int ASN1_R_ERROR_LOADING_SECTION; +static const int ASN1_R_MSTRING_WRONG_TAG; +static const int ASN1_R_NESTED_ASN1_STRING; +static const int ASN1_R_NO_CONTENT_TYPE; +static const int ASN1_R_NO_MATCHING_CHOICE_TYPE; +static const int ASN1_R_NO_MULTIPART_BODY_FAILURE; +static const int ASN1_R_NO_MULTIPART_BOUNDARY; +static const int ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM; +static const int ASN1_R_UNKNOWN_OBJECT_TYPE; +static const int ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE; +static const int ASN1_R_UNKNOWN_TAG; +static const int ASN1_R_UNKOWN_FORMAT; +static const int ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE; +static const int ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM; +static const int ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE; +static const int ASN1_R_UNSUPPORTED_TYPE; +static const int ASN1_R_WRONG_TAG; +static const int ASN1_R_WRONG_TYPE; + +static const int EVP_F_AES_INIT_KEY; +static const int EVP_F_CAMELLIA_INIT_KEY; +static const int EVP_F_D2I_PKEY; +static const int EVP_F_DSA_PKEY2PKCS8; +static const int EVP_F_DSAPKEY2PKCS8; +static const int EVP_F_ECDSA_PKEY2PKCS8; +static const int EVP_F_ECKEY_PKEY2PKCS8; +static const int EVP_F_EVP_CIPHER_CTX_CTRL; +static const int EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH; +static const int EVP_F_EVP_CIPHERINIT_EX; static const int EVP_F_EVP_DECRYPTFINAL_EX; +static const int EVP_F_EVP_DIGESTINIT_EX; static const int EVP_F_EVP_ENCRYPTFINAL_EX; - +static const int EVP_F_EVP_MD_CTX_COPY_EX; +static const int EVP_F_EVP_OPENINIT; +static const int EVP_F_EVP_PBE_ALG_ADD; +static const int EVP_F_EVP_PBE_CIPHERINIT; +static const int EVP_F_EVP_PKCS82PKEY; +static const int EVP_F_EVP_PKEY2PKCS8_BROKEN; +static const int EVP_F_EVP_PKEY_COPY_PARAMETERS; +static const int EVP_F_EVP_PKEY_DECRYPT; +static const int EVP_F_EVP_PKEY_ENCRYPT; +static const int EVP_F_EVP_PKEY_GET1_DH; +static const int EVP_F_EVP_PKEY_GET1_DSA; +static const int EVP_F_EVP_PKEY_GET1_ECDSA; +static const int EVP_F_EVP_PKEY_GET1_EC_KEY; +static const int EVP_F_EVP_PKEY_GET1_RSA; +static const int EVP_F_EVP_PKEY_NEW; +static const int EVP_F_EVP_RIJNDAEL; +static const int EVP_F_EVP_SIGNFINAL; +static const int EVP_F_EVP_VERIFYFINAL; +static const int EVP_F_PKCS5_PBE_KEYIVGEN; +static const int EVP_F_PKCS5_V2_PBE_KEYIVGEN; +static const int EVP_F_PKCS8_SET_BROKEN; +static const int EVP_F_RC2_MAGIC_TO_METH; +static const int EVP_F_RC5_CTRL; +static const int EVP_R_AES_KEY_SETUP_FAILED; +static const int EVP_R_ASN1_LIB; +static const int EVP_R_BAD_BLOCK_LENGTH; +static const int EVP_R_BAD_KEY_LENGTH; +static const int EVP_R_BN_DECODE_ERROR; +static const int EVP_R_BN_PUBKEY_ERROR; +static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED; +static const int EVP_R_CIPHER_PARAMETER_ERROR; +static const int EVP_R_CTRL_NOT_IMPLEMENTED; +static const int EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED; static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; +static const int EVP_R_DECODE_ERROR; +static const int EVP_R_DIFFERENT_KEY_TYPES; +static const int EVP_R_DISABLED_FOR_FIPS; +static const int EVP_R_ENCODE_ERROR; +static const int EVP_R_INITIALIZATION_ERROR; +static const int EVP_R_INPUT_NOT_INITIALIZED; +static const int EVP_R_INVALID_KEY_LENGTH; +static const int EVP_R_IV_TOO_LARGE; +static const int EVP_R_KEYGEN_FAILURE; +static const int EVP_R_MISSING_PARAMETERS; +static const int EVP_R_NO_CIPHER_SET; +static const int EVP_R_NO_DIGEST_SET; +static const int EVP_R_NO_DSA_PARAMETERS; +static const int EVP_R_NO_SIGN_FUNCTION_CONFIGURED; +static const int EVP_R_NO_VERIFY_FUNCTION_CONFIGURED; +static const int EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE; +static const int EVP_R_PUBLIC_KEY_NOT_RSA; +static const int EVP_R_UNKNOWN_PBE_ALGORITHM; +static const int EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS; +static const int EVP_R_UNSUPPORTED_CIPHER; +static const int EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION; +static const int EVP_R_UNSUPPORTED_KEYLENGTH; +static const int EVP_R_UNSUPPORTED_SALT_TYPE; +static const int EVP_R_WRONG_FINAL_BLOCK_LENGTH; +static const int EVP_R_WRONG_PUBLIC_KEY_TYPE; -static const int PEM_F_D2I_PKCS8PRIVATEKEY_BIO; static const int PEM_F_D2I_PKCS8PRIVATEKEY_BIO; static const int PEM_F_D2I_PKCS8PRIVATEKEY_FP; static const int PEM_F_DO_PK8PKEY; @@ -52,7 +192,6 @@ static const int PEM_F_PEM_PK8PKEY; static const int PEM_F_PEM_READ; static const int PEM_F_PEM_READ_BIO; static const int PEM_F_PEM_READ_BIO_PRIVATEKEY; -static const int PEM_F_PEM_READ_BIO_PRIVATEKEY; static const int PEM_F_PEM_READ_PRIVATEKEY; static const int PEM_F_PEM_SEALFINAL; static const int PEM_F_PEM_SEALINIT; @@ -68,12 +207,11 @@ static const int PEM_R_BAD_DECRYPT; static const int PEM_R_BAD_END_LINE; static const int PEM_R_BAD_IV_CHARS; static const int PEM_R_BAD_PASSWORD_READ; -static const int PEM_R_BAD_PASSWORD_READ; static const int PEM_R_ERROR_CONVERTING_PRIVATE_KEY; +static const int PEM_R_NO_START_LINE; static const int PEM_R_NOT_DEK_INFO; static const int PEM_R_NOT_ENCRYPTED; static const int PEM_R_NOT_PROC_TYPE; -static const int PEM_R_NO_START_LINE; static const int PEM_R_PROBLEMS_GETTING_PASSWORD; static const int PEM_R_PUBLIC_KEY_NO_RSA; static const int PEM_R_READ_KEY; diff --git a/cryptography/hazmat/bindings/openssl/pem.py b/cryptography/hazmat/bindings/openssl/pem.py index ee5552c5..8b717c2d 100644 --- a/cryptography/hazmat/bindings/openssl/pem.py +++ b/cryptography/hazmat/bindings/openssl/pem.py @@ -27,7 +27,7 @@ int PEM_write_bio_PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, unsigned char *, int, pem_password_cb *, void *); EVP_PKEY *PEM_read_bio_PrivateKey(BIO *, EVP_PKEY **, pem_password_cb *, - void *); + void *); int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *); @@ -48,6 +48,29 @@ int PEM_write_bio_X509_CRL(BIO *, X509_CRL *); PKCS7 *PEM_read_bio_PKCS7(BIO *, PKCS7 **, pem_password_cb *, void *); DH *PEM_read_bio_DHparams(BIO *, DH **, pem_password_cb *, void *); + +DSA *PEM_read_bio_DSAPrivateKey(BIO *, DSA **, pem_password_cb *, void *); + +RSA *PEM_read_bio_RSAPrivateKey(BIO *, RSA **, pem_password_cb *, void *); + +int PEM_write_bio_DSAPrivateKey(BIO *, DSA *, const EVP_CIPHER *, + unsigned char *, int, + pem_password_cb *, void *); + +int PEM_write_bio_RSAPrivateKey(BIO *, RSA *, const EVP_CIPHER *, + unsigned char *, int, + pem_password_cb *, void *); + +DSA *PEM_read_bio_DSA_PUBKEY(BIO *, DSA **, pem_password_cb *, void *); + +RSA *PEM_read_bio_RSAPublicKey(BIO *, RSA **, pem_password_cb *, void *); + +int PEM_write_bio_DSA_PUBKEY(BIO *, DSA *); + +int PEM_write_bio_RSAPublicKey(BIO *, const RSA *); + +EVP_PKEY *PEM_read_bio_PUBKEY(BIO *, EVP_PKEY **, pem_password_cb *, void *); +int PEM_write_bio_PUBKEY(BIO *, EVP_PKEY *); """ MACROS = """ -- cgit v1.2.3 From 259f30dc084d1eebec921b29ade3b37e0da29c19 Mon Sep 17 00:00:00 2001 From: Alex Stapleton Date: Sun, 19 Jan 2014 11:39:57 +0000 Subject: Expose the innards of DH and DSA So we can manually construct or serialise keys at some point. Also BN2BIN stuff because JWK uses the base64 version of this representation. --- cryptography/hazmat/bindings/openssl/bignum.py | 3 +++ cryptography/hazmat/bindings/openssl/dh.py | 8 +++++++- cryptography/hazmat/bindings/openssl/dsa.py | 9 ++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/bignum.py b/cryptography/hazmat/bindings/openssl/bignum.py index 59efd171..6545f329 100644 --- a/cryptography/hazmat/bindings/openssl/bignum.py +++ b/cryptography/hazmat/bindings/openssl/bignum.py @@ -47,6 +47,9 @@ char *BN_bn2hex(const BIGNUM *); int BN_hex2bn(BIGNUM **, const char *); int BN_dec2bn(BIGNUM **, const char *); +int BN_bn2bin(const BIGNUM *, unsigned char *); +BIGNUM *BN_bin2bn(const unsigned char *, int, BIGNUM *); + int BN_num_bits(const BIGNUM *); """ diff --git a/cryptography/hazmat/bindings/openssl/dh.py b/cryptography/hazmat/bindings/openssl/dh.py index 3c12fbc6..edbe0e39 100644 --- a/cryptography/hazmat/bindings/openssl/dh.py +++ b/cryptography/hazmat/bindings/openssl/dh.py @@ -16,7 +16,13 @@ INCLUDES = """ """ TYPES = """ -typedef ... DH; +typedef struct dh_st { + BIGNUM *p; // prime number (shared) + BIGNUM *g; // generator of Z_p (shared) + BIGNUM *priv_key; // private DH value x + BIGNUM *pub_key; // public DH value g^x + ...; +} DH; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py index 3b77d7ae..9068e057 100644 --- a/cryptography/hazmat/bindings/openssl/dsa.py +++ b/cryptography/hazmat/bindings/openssl/dsa.py @@ -16,7 +16,14 @@ INCLUDES = """ """ TYPES = """ -typedef ... DSA; +typedef struct dsa_st { + BIGNUM *p; // prime number (public) + BIGNUM *q; // 160-bit subprime, q | p-1 (public) + BIGNUM *g; // generator of subgroup (public) + BIGNUM *priv_key; // private key x + BIGNUM *pub_key; // public key y = g^x + ...; +} DSA; """ FUNCTIONS = """ -- cgit v1.2.3