diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-11 17:09:22 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-13 19:21:36 -0400 |
| commit | 19b478b464ab6015b4477e1d33b637c4f834df3e (patch) | |
| tree | 6ed366d75c625192e8dfa38f340511a628bbc8db /src/_cffi_src/openssl/ssl.py | |
| parent | 13b08fc678b7e1f099a35143032db8fd50fe4734 (diff) | |
| download | cryptography-19b478b464ab6015b4477e1d33b637c4f834df3e.tar.gz cryptography-19b478b464ab6015b4477e1d33b637c4f834df3e.tar.bz2 cryptography-19b478b464ab6015b4477e1d33b637c4f834df3e.zip | |
bind some new functions to access elements of the SSL struct
SSL_SESSION_get_master_key (added 1.1.0)
SSL_get_client_random (added 1.1.0)
SSL_get_server_random (added 1.1.0)
Diffstat (limited to 'src/_cffi_src/openssl/ssl.py')
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index a19db7a2..32383871 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -429,6 +429,11 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *); /* Added in 1.0.1 */ int SSL_SESSION_set1_id_context(SSL_SESSION *, const unsigned char *, unsigned int); +/* Added in 1.1.0 for the great opaquing of structs */ +size_t SSL_SESSION_get_master_key(const SSL_SESSION *, unsigned char *, + size_t); +size_t SSL_get_client_random(const SSL *, unsigned char *, size_t); +size_t SSL_get_server_random(const SSL *, unsigned char *, size_t); """ CUSTOMIZATIONS = """ @@ -461,6 +466,47 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) { return ctx->method; } #endif +/* Added in 1.1.0 in the great opaquing, but we need to define it for older + OpenSSLs. Such is our burden. */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +/* from ssl/ssl_lib.c */ +size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) +{ + if (outlen == 0) + return sizeof(ssl->s3->client_random); + if (outlen > sizeof(ssl->s3->client_random)) + outlen = sizeof(ssl->s3->client_random); + memcpy(out, ssl->s3->client_random, outlen); + return outlen; +} +/* Added in 1.1.0 as well */ +/* from ssl/ssl_lib.c */ +size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) +{ + if (outlen == 0) + return sizeof(ssl->s3->server_random); + if (outlen > sizeof(ssl->s3->server_random)) + outlen = sizeof(ssl->s3->server_random); + memcpy(out, ssl->s3->server_random, outlen); + return outlen; +} +/* Added in 1.1.0 as well */ +/* from ssl/ssl_lib.c */ +size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, + unsigned char *out, size_t outlen) +{ + if (session->master_key_length < 0) { + /* Should never happen */ + return 0; + } + if (outlen == 0) + return session->master_key_length; + if (outlen > (size_t)session->master_key_length) + outlen = session->master_key_length; + memcpy(out, session->master_key, outlen); + return outlen; +} +#endif /** Secure renegotiation is supported in OpenSSL >= 0.9.8m * But some Linux distributions have back ported some features. |