diff options
author | Amaury Forgeot d'Arc <amauryfa@gmail.com> | 2018-07-23 09:14:48 +0200 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-07-23 15:14:48 +0800 |
commit | eb49820cd0750319eabb79a582f8a98419b819c5 (patch) | |
tree | 1142d12e3242ee70f5e1842d2bed83aea077d7f9 | |
parent | fcf431a7764fdb93a012466f449a06dc15e53258 (diff) | |
download | cryptography-eb49820cd0750319eabb79a582f8a98419b819c5.tar.gz cryptography-eb49820cd0750319eabb79a582f8a98419b819c5.tar.bz2 cryptography-eb49820cd0750319eabb79a582f8a98419b819c5.zip |
Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() in PyPy (#4364)
* Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() added by Python 3.6.1.
* Add placeholders for other versions
* Remove parameter names
* LibreSSL 2.7 has the new functions
* Add entries in _conditional.py
* SSL_CIPHER_get_id returns int, not char*
-rw-r--r-- | src/_cffi_src/openssl/ssl.py | 19 | ||||
-rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 11 |
2 files changed, 30 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index a9fc2ff3..2aa5d010 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -29,6 +29,7 @@ static const long Cryptography_HAS_DTLS; static const long Cryptography_HAS_GENERIC_DTLS_METHOD; static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; +static const long Cryptography_HAS_CIPHER_DETAILS; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -284,6 +285,12 @@ void SSL_SESSION_free(SSL_SESSION *); /* Information about actually used cipher */ const char *SSL_CIPHER_get_name(const SSL_CIPHER *); int SSL_CIPHER_get_bits(const SSL_CIPHER *, int *); +uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *); +int SSL_CIPHER_is_aead(const SSL_CIPHER *); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *); size_t SSL_get_finished(const SSL *, void *, size_t); size_t SSL_get_peer_finished(const SSL *, void *, size_t); @@ -790,4 +797,16 @@ int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int, int (*SSL_extension_supported)(unsigned int) = NULL; #endif + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +int (*SSL_CIPHER_is_aead)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_cipher_nid)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_digest_nid)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_kx_nid)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_auth_nid)(const SSL_CIPHER *) = NULL; +static const long Cryptography_HAS_CIPHER_DETAILS = 0; +#else +static const long Cryptography_HAS_CIPHER_DETAILS = 1; +#endif + """ diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index b3e4e8bd..eb31c105 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -246,6 +246,16 @@ def cryptography_has_openssl_cleanup(): ] +def cryptography_has_cipher_details(): + return [ + "SSL_CIPHER_is_aead", + "SSL_CIPHER_get_cipher_nid", + "SSL_CIPHER_get_digest_nid", + "SSL_CIPHER_get_kx_nid", + "SSL_CIPHER_get_auth_nid", + ] + + # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can # loop over them and delete unsupported names at runtime. It will be removed @@ -299,4 +309,5 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_PSK": cryptography_has_psk, "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext, "Cryptography_HAS_OPENSSL_CLEANUP": cryptography_has_openssl_cleanup, + "Cryptography_HAS_CIPHER_DETAILS": cryptography_has_cipher_details, } |