diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-02-13 20:01:23 -0600 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-02-13 18:01:23 -0800 |
| commit | 4a90c254278231d7defeac304a3cfd752e96e786 (patch) | |
| tree | 7133b8188ad38f12b44c40064c6021566e070595 /src/_cffi_src | |
| parent | bd7cd2d43f75bd34830dfbeaf0ac4f8be2fce9a7 (diff) | |
| download | cryptography-4a90c254278231d7defeac304a3cfd752e96e786.tar.gz cryptography-4a90c254278231d7defeac304a3cfd752e96e786.tar.bz2 cryptography-4a90c254278231d7defeac304a3cfd752e96e786.zip | |
switch the PEM password callback to a C implementation (#3382)
* switch the PEM password callback to a C implementation
Calling from C to Python is fraught with edge cases, especially in
subinterpreter land. This commit moves the PEM password callback logic
into a small C function and then removes all the infrastructure for the
cffi callbacks (as we no longer have any)
* review feedback and update tests
* rename the struct
* aaand one more fix
Diffstat (limited to 'src/_cffi_src')
| -rw-r--r-- | src/_cffi_src/openssl/callbacks.py | 66 |
1 files changed, 35 insertions, 31 deletions
diff --git a/src/_cffi_src/openssl/callbacks.py b/src/_cffi_src/openssl/callbacks.py index 0194d2a5..a5f6f361 100644 --- a/src/_cffi_src/openssl/callbacks.py +++ b/src/_cffi_src/openssl/callbacks.py @@ -4,8 +4,6 @@ from __future__ import absolute_import, division, print_function -import cffi - INCLUDES = """ #include <openssl/ssl.h> #include <openssl/x509.h> @@ -16,45 +14,24 @@ INCLUDES = """ """ TYPES = """ -static const long Cryptography_STATIC_CALLBACKS; - -/* crypto.h - * CRYPTO_set_locking_callback - * void (*cb)(int mode, int type, const char *file, int line) - */ -extern "Python" void Cryptography_locking_cb(int, int, const char *, int); - -/* pem.h - * int pem_password_cb(char *buf, int size, int rwflag, void *userdata); - */ -extern "Python" int Cryptography_pem_password_cb(char *, int, int, void *); - -/* rand.h - * int (*bytes)(unsigned char *buf, int num); - * int (*status)(void); - */ -extern "Python" int Cryptography_rand_bytes(unsigned char *, int); -extern "Python" int Cryptography_rand_status(void); +typedef struct { + char *password; + int length; + int called; + int error; + int maxsize; +} CRYPTOGRAPHY_PASSWORD_DATA; """ FUNCTIONS = """ int _setup_ssl_threads(void); +int Cryptography_pem_password_cb(char *, int, int, void *); """ MACROS = """ """ CUSTOMIZATIONS = """ -static const long Cryptography_STATIC_CALLBACKS = 1; -""" - -if cffi.__version_info__ < (1, 4, 0): - # backwards compatibility for old cffi version on PyPy - TYPES = "static const long Cryptography_STATIC_CALLBACKS;" - CUSTOMIZATIONS = """static const long Cryptography_STATIC_CALLBACKS = 0; -""" - -CUSTOMIZATIONS += """ /* This code is derived from the locking code found in the Python _ssl module's locking callback for OpenSSL. @@ -118,4 +95,31 @@ int _setup_ssl_threads(void) { } return 1; } + +typedef struct { + char *password; + int length; + int called; + int error; + int maxsize; +} CRYPTOGRAPHY_PASSWORD_DATA; + +int Cryptography_pem_password_cb(char *buf, int size, + int rwflag, void *userdata) { + /* The password cb is only invoked if OpenSSL decides the private + key is encrypted. So this path only occurs if it needs a password */ + CRYPTOGRAPHY_PASSWORD_DATA *st = (CRYPTOGRAPHY_PASSWORD_DATA *)userdata; + st->called += 1; + st->maxsize = size; + if (st->length == 0) { + st->error = -1; + return 0; + } else if (st->length < size) { + memcpy(buf, st->password, st->length); + return st->length; + } else { + st->error = -2; + return 0; + } +} """ |