diff options
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/ssl.py | 23 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/constant_time.py | 20 | ||||
| -rw-r--r-- | cryptography/hazmat/primitives/padding.py | 20 |
3 files changed, 51 insertions, 12 deletions
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index 9735ae6a..b4319e8b 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -41,6 +41,7 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; static const long Cryptography_HAS_SSL_SET_SSL_CTX; static const long Cryptography_HAS_SSL_OP_NO_TICKET; +static const long Cryptography_HAS_NETBSD_D1_METH; static const long SSL_FILETYPE_PEM; static const long SSL_FILETYPE_ASN1; @@ -401,6 +402,24 @@ static const long Cryptography_HAS_SSL_SET_SSL_CTX = 0; static const long TLSEXT_NAMETYPE_host_name = 0; SSL_CTX *(*SSL_set_SSL_CTX)(SSL *, SSL_CTX *) = NULL; #endif + +/* NetBSD shipped without including d1_meth.c. This workaround checks to see + if the version of NetBSD we're currently running on is old enough to + have the bug and provides an empty implementation so we can link and + then remove the function from the ffi object. */ +#ifdef __NetBSD__ +# include <sys/param.h> +# if (__NetBSD_Version__ < 699003800) +static const long Cryptography_HAS_NETBSD_D1_METH = 0; +const SSL_METHOD *DTLSv1_method(void) { + return NULL; +} +# else +static const long Cryptography_HAS_NETBSD_D1_METH = 1; +# endif +#else +static const long Cryptography_HAS_NETBSD_D1_METH = 1; +#endif """ CONDITIONAL_NAMES = { @@ -454,4 +473,8 @@ CONDITIONAL_NAMES = { "SSL_set_SSL_CTX", "TLSEXT_NAMETYPE_host_name", ], + + "Cryptography_HAS_NETBSD_D1_METH": [ + "DTLSv1_method", + ], } diff --git a/cryptography/hazmat/primitives/constant_time.py b/cryptography/hazmat/primitives/constant_time.py index e88a0d95..e0e9aa37 100644 --- a/cryptography/hazmat/primitives/constant_time.py +++ b/cryptography/hazmat/primitives/constant_time.py @@ -13,18 +13,20 @@ from __future__ import absolute_import, division, print_function +import sys + import cffi import six +from cryptography.hazmat.bindings.utils import _create_modulename -_ffi = cffi.FFI() -_ffi.cdef(""" +TYPES = """ uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *, size_t); -""") -_lib = _ffi.verify( - """ +""" + +FUNCTIONS = """ uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, uint8_t *b, size_t len_b) { size_t i = 0; @@ -43,7 +45,13 @@ uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a, /* Now check the low bit to see if it's set */ return (mismatch & 1) == 0; } -""", +""" + +_ffi = cffi.FFI() +_ffi.cdef(TYPES) +_lib = _ffi.verify( + source=FUNCTIONS, + modulename=_create_modulename([TYPES], FUNCTIONS, sys.version), ext_package="cryptography", ) diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index bf634a65..d78c6a5b 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -13,20 +13,22 @@ from __future__ import absolute_import, division, print_function +import sys + import cffi import six from cryptography import utils +from cryptography.hazmat.bindings.utils import _create_modulename from cryptography.hazmat.primitives import interfaces -_ffi = cffi.FFI() -_ffi.cdef(""" +TYPES = """ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t); -""") -_lib = _ffi.verify( - """ +""" + +FUNCTIONS = """ /* Returns the value of the input with the most-significant-bit copied to all of the bits. */ static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) { @@ -62,7 +64,13 @@ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, /* Now check the low bit to see if it's set */ return (mismatch & 1) == 0; } -""", +""" + +_ffi = cffi.FFI() +_ffi.cdef(TYPES) +_lib = _ffi.verify( + source=FUNCTIONS, + modulename=_create_modulename([TYPES], FUNCTIONS, sys.version), ext_package="cryptography", ) |