diff options
| -rw-r--r-- | src/_cffi_src/build_openssl.py | 1 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/fips.py | 28 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 |
3 files changed, 37 insertions, 0 deletions
diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 86ee5007..7ec235ff 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -76,6 +76,7 @@ ffi = build_ffi_for_binding( "engine", "err", "evp", + "fips", "hmac", "nid", "objects", diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py new file mode 100644 index 00000000..c92bca49 --- /dev/null +++ b/src/_cffi_src/openssl/fips.py @@ -0,0 +1,28 @@ +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +INCLUDES = """ +#include <openssl/crypto.h> +""" + +TYPES = """ +static const long Cryptography_HAS_FIPS; +""" + +FUNCTIONS = """ +int FIPS_mode_set(int); +int FIPS_mode(void); +""" + +CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_FIPS = 0; +int (*FIPS_mode_set)(int) = NULL; +int (*FIPS_mode)(void) = NULL; +#else +static const long Cryptography_HAS_FIPS = 1; +#endif +""" diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 8eb67760..866cf4a6 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -243,6 +243,13 @@ def cryptography_has_evp_pkey_get_set_tls_encodedpoint(): ] +def cryptography_has_fips(): + return [ + "FIPS_set_mode", + "FIPS_mode", + ] + + # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can # loop over them and delete unsupported names at runtime. It will be removed @@ -292,4 +299,5 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint": ( cryptography_has_evp_pkey_get_set_tls_encodedpoint ), + "Cryptography_HAS_FIPS": cryptography_has_fips, } |