diff options
| author | gesslerpd <gesslerpd@users.noreply.github.com> | 2018-01-18 11:37:47 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-01-18 11:37:47 -0600 |
| commit | 47d96e39e9b6d413f970cf02cc58553a9647241a (patch) | |
| tree | 966a591cf55b5946258b06921ec0eb656dcdbc6a | |
| parent | 5e866f7191cf307720811ac87364cd36e7fd990b (diff) | |
| download | cryptography-47d96e39e9b6d413f970cf02cc58553a9647241a.tar.gz cryptography-47d96e39e9b6d413f970cf02cc58553a9647241a.tar.bz2 cryptography-47d96e39e9b6d413f970cf02cc58553a9647241a.zip | |
Add bindings for PSK (#4084)
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 45 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 9 |
2 files changed, 53 insertions, 1 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 7bfdc710..420beb12 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -28,6 +28,7 @@ static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; static const long Cryptography_HAS_DTLS; static const long Cryptography_HAS_GENERIC_DTLS_METHOD; static const long Cryptography_HAS_SIGALGS; +static const long Cryptography_HAS_PSK; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -225,8 +226,27 @@ int SSL_CTX_use_PrivateKey_ASN1(int, SSL_CTX *, const unsigned char *, long); int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int); int SSL_CTX_check_private_key(const SSL_CTX *); void SSL_CTX_set_cert_verify_callback(SSL_CTX *, - int (*)(X509_STORE_CTX *,void *), + int (*)(X509_STORE_CTX *, void *), void *); + +int SSL_CTX_use_psk_identity_hint(SSL_CTX *, const char *); +void SSL_CTX_set_psk_server_callback(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + unsigned char *, + int + )); +void SSL_CTX_set_psk_client_callback(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + char *, + unsigned int, + unsigned char *, + unsigned int + )); + int SSL_CTX_set_session_id_context(SSL_CTX *, const unsigned char *, unsigned int); @@ -642,4 +662,27 @@ const long (*SSL_CTX_set1_sigalgs_list)(SSL_CTX *, const char *) = NULL; #else static const long Cryptography_HAS_SIGALGS = 1; #endif + +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_PSK = 0; +int (*SSL_CTX_use_psk_identity_hint)(SSL_CTX *, const char *) = NULL; +void (*SSL_CTX_set_psk_server_callback)(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + unsigned char *, + int + )) = NULL; +void (*SSL_CTX_set_psk_client_callback)(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + char *, + unsigned int, + unsigned char *, + unsigned int + )) = NULL; +#else +static const long Cryptography_HAS_PSK = 1; +#endif """ diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 8633373f..6dab2bf0 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -260,6 +260,14 @@ def cryptography_has_ssl_sigalgs(): ] +def cryptography_has_psk(): + return [ + "SSL_CTX_use_psk_identity_hint", + "SSL_CTX_set_psk_server_callback", + "SSL_CTX_set_psk_client_callback", + ] + + # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can # loop over them and delete unsupported names at runtime. It will be removed @@ -311,4 +319,5 @@ CONDITIONAL_NAMES = { ), "Cryptography_HAS_FIPS": cryptography_has_fips, "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs, + "Cryptography_HAS_PSK": cryptography_has_psk, } |