diff options
| author | Zeev Tarantov <zeev.tarantov@gmail.com> | 2015-05-09 09:27:06 +0000 |
|---|---|---|
| committer | Zeev Tarantov <zeev.tarantov@gmail.com> | 2015-05-09 14:08:37 +0000 |
| commit | b570bf456a4191785542b2b49bdcfff06e96330e (patch) | |
| tree | 4909f1c39438919c897cd79b44c40887aca358b4 | |
| parent | 47889447e14dbd15337558bdd8281121fe57feb1 (diff) | |
| download | cryptography-b570bf456a4191785542b2b49bdcfff06e96330e.tar.gz cryptography-b570bf456a4191785542b2b49bdcfff06e96330e.tar.bz2 cryptography-b570bf456a4191785542b2b49bdcfff06e96330e.zip | |
add support for retreiving value of received temporary key in server key exchange message, to implement functionality like openssl's ssl_print_tmp_key
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/ec.py | 15 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/evp.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/ssl.py | 17 |
3 files changed, 35 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/bindings/openssl/ec.py b/src/cryptography/hazmat/bindings/openssl/ec.py index 84a596eb..c5052d36 100644 --- a/src/cryptography/hazmat/bindings/openssl/ec.py +++ b/src/cryptography/hazmat/bindings/openssl/ec.py @@ -17,6 +17,7 @@ static const int Cryptography_HAS_EC; static const int Cryptography_HAS_EC_1_0_1; static const int Cryptography_HAS_EC_NISTP_64_GCC_128; static const int Cryptography_HAS_EC2M; +static const int Cryptography_HAS_EC_1_0_2; static const int OPENSSL_EC_NAMED_CURVE; @@ -188,6 +189,8 @@ const EC_METHOD *EC_GFp_nistp521_method(); const EC_METHOD *EC_GF2m_simple_method(); int EC_METHOD_get_field_type(const EC_METHOD *); + +const char *EC_curve_nid2nist(int); """ CUSTOMIZATIONS = """ @@ -385,6 +388,14 @@ EC_GROUP *(*EC_GROUP_new_curve_GF2m)( #else static const long Cryptography_HAS_EC2M = 1; #endif + +#if defined(OPENSSL_NO_EC) || OPENSSL_VERSION_NUMBER < 0x1000200f || \ + defined(LIBRESSL_VERSION_NUMBER) +static const long Cryptography_HAS_EC_1_0_2 = 0; +const char *(*EC_curve_nid2nist)(int) = NULL; +#else +static const long Cryptography_HAS_EC_1_0_2 = 1; +#endif """ CONDITIONAL_NAMES = { @@ -478,4 +489,8 @@ CONDITIONAL_NAMES = { "EC_GROUP_get_curve_GF2m", "EC_GROUP_new_curve_GF2m", ], + + "Cryptography_HAS_EC_1_0_2": [ + "EC_curve_nid2nist", + ], } diff --git a/src/cryptography/hazmat/bindings/openssl/evp.py b/src/cryptography/hazmat/bindings/openssl/evp.py index 780ce900..93aa83de 100644 --- a/src/cryptography/hazmat/bindings/openssl/evp.py +++ b/src/cryptography/hazmat/bindings/openssl/evp.py @@ -28,6 +28,7 @@ typedef struct evp_pkey_st { typedef ... EVP_PKEY_CTX; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; +static const int EVP_PKEY_DH; static const int EVP_PKEY_EC; static const int EVP_MAX_MD_SIZE; static const int EVP_CTRL_GCM_SET_IVLEN; @@ -154,6 +155,7 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *, const unsigned char *, size_t, const unsigned char *, size_t); int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *); int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *); +int EVP_PKEY_id(const EVP_PKEY *); /* The following were macros in 0.9.8e. Once we drop support for RHEL/CentOS 5 we should move these back to FUNCTIONS. */ @@ -221,6 +223,7 @@ int (*Cryptography_EVP_PKEY_encrypt)(EVP_PKEY_CTX *, unsigned char *, size_t *, const unsigned char *, size_t) = NULL; int (*Cryptography_EVP_PKEY_decrypt)(EVP_PKEY_CTX *, unsigned char *, size_t *, const unsigned char *, size_t) = NULL; +int (*EVP_PKEY_id)(const EVP_PKEY *) = NULL; #endif #ifdef OPENSSL_NO_EC int (*EVP_PKEY_assign_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; @@ -252,6 +255,7 @@ CONDITIONAL_NAMES = { "Cryptography_EVP_PKEY_decrypt", "EVP_PKEY_decrypt_init", "EVP_PKEY_CTX_set_signature_md", + "EVP_PKEY_id", ], "Cryptography_HAS_EC": [ "EVP_PKEY_assign_EC_KEY", diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py index fd719c52..c12624bc 100644 --- a/src/cryptography/hazmat/bindings/openssl/ssl.py +++ b/src/cryptography/hazmat/bindings/openssl/ssl.py @@ -23,6 +23,7 @@ static const long Cryptography_HAS_COMPRESSION; static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB; static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP; static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE; +static const long Cryptography_HAS_GET_SERVER_TMP_KEY; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -383,6 +384,8 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *, void *), void *); void SSL_get0_alpn_selected(const SSL *, const unsigned char **, unsigned *); + +long SSL_get_server_tmp_key(SSL *, EVP_PKEY **); """ CUSTOMIZATIONS = """ @@ -584,6 +587,7 @@ static const long Cryptography_HAS_ALPN = 0; #else static const long Cryptography_HAS_ALPN = 1; #endif + #if defined(OPENSSL_NO_COMP) || defined(LIBRESSL_VERSION_NUMBER) static const long Cryptography_HAS_COMPRESSION = 0; typedef void COMP_METHOD; @@ -591,6 +595,13 @@ typedef void COMP_METHOD; static const long Cryptography_HAS_COMPRESSION = 1; #endif +#if defined(SSL_CTRL_GET_SERVER_TMP_KEY) +static const long Cryptography_HAS_GET_SERVER_TMP_KEY = 1; +#else +static const long Cryptography_HAS_GET_SERVER_TMP_KEY = 0; +long (*SSL_get_server_tmp_key)(SSL *, EVP_PKEY **) = NULL; +#endif + """ CONDITIONAL_NAMES = { @@ -692,5 +703,9 @@ CONDITIONAL_NAMES = { "SSL_get_current_compression", "SSL_get_current_expansion", "SSL_COMP_get_name", - ] + ], + + "Cryptography_HAS_GET_SERVER_TMP_KEY": [ + "SSL_get_server_tmp_key", + ], } |