aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/openssl/asn1.py2
-rw-r--r--cryptography/hazmat/backends/openssl/bio.py8
-rw-r--r--cryptography/hazmat/backends/openssl/pkcs12.py4
-rw-r--r--cryptography/hazmat/backends/openssl/ssl.py11
-rw-r--r--cryptography/hazmat/backends/openssl/x509.py37
-rw-r--r--cryptography/hazmat/backends/openssl/x509name.py16
6 files changed, 51 insertions, 27 deletions
diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py
index c6382234..aeaf316e 100644
--- a/cryptography/hazmat/backends/openssl/asn1.py
+++ b/cryptography/hazmat/backends/openssl/asn1.py
@@ -135,7 +135,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *);
long ASN1_INTEGER_get(ASN1_INTEGER *);
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *, ASN1_INTEGER *);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *);
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/bio.py b/cryptography/hazmat/backends/openssl/bio.py
index 264a2410..279ad223 100644
--- a/cryptography/hazmat/backends/openssl/bio.py
+++ b/cryptography/hazmat/backends/openssl/bio.py
@@ -143,10 +143,10 @@ long BIO_set_mem_buf(BIO *, BUF_MEM *, int);
long BIO_get_mem_ptr(BIO *, BUF_MEM **);
long BIO_set_fp(BIO *, FILE *, int);
long BIO_get_fp(BIO *, FILE **);
-int BIO_read_filename(BIO *, char *);
-int BIO_write_filename(BIO *, char *);
-int BIO_append_filename(BIO *, char *);
-int BIO_rw_filename(BIO *, char *);
+long BIO_read_filename(BIO *, char *);
+long BIO_write_filename(BIO *, char *);
+long BIO_append_filename(BIO *, char *);
+long BIO_rw_filename(BIO *, char *);
int BIO_should_read(BIO *);
int BIO_should_write(BIO *);
int BIO_should_io_special(BIO *);
diff --git a/cryptography/hazmat/backends/openssl/pkcs12.py b/cryptography/hazmat/backends/openssl/pkcs12.py
index b3ecd0aa..bd01e756 100644
--- a/cryptography/hazmat/backends/openssl/pkcs12.py
+++ b/cryptography/hazmat/backends/openssl/pkcs12.py
@@ -28,9 +28,9 @@ int i2d_PKCS12_bio(BIO *, PKCS12 *);
MACROS = """
int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **,
- struct stack_st_X509 **);
+ Cryptography_STACK_OF_X509 **);
PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *,
- struct stack_st_X509 *, int, int, int, int, int);
+ Cryptography_STACK_OF_X509 *, int, int, int, int, int);
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index 596db05b..2b1fb4a3 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -157,6 +157,10 @@ int SSL_pending(const SSL *);
int SSL_write(SSL *, const void *, int);
int SSL_read(SSL *, void *, int);
X509 *SSL_get_peer_certificate(const SSL *);
+
+Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *);
+Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *);
+
int SSL_get_error(const SSL *, int);
int SSL_do_handshake(SSL *);
int SSL_shutdown(SSL *);
@@ -186,6 +190,9 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
int SSL_CTX_add_client_CA(SSL_CTX *, X509 *);
+void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *);
+
+
/* X509_STORE_CTX */
int X509_STORE_CTX_get_error(X509_STORE_CTX *);
void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);
@@ -206,7 +213,7 @@ long SSL_get_options(SSL *);
int SSL_want_read(const SSL *);
int SSL_want_write(const SSL *);
-int SSL_total_renegotiations(SSL *);
+long SSL_total_renegotiations(SSL *);
long SSL_CTX_set_options(SSL_CTX *, long);
long SSL_CTX_get_options(SSL_CTX *);
@@ -240,7 +247,7 @@ const SSL_METHOD *SSLv23_server_method(void);
const SSL_METHOD *SSLv23_client_method(void);
/*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *);
+SSL_CTX *SSL_CTX_new(SSL_METHOD *);
long SSL_CTX_get_timeout(const SSL_CTX *);
/* SNI APIs were introduced in OpenSSL 1.0.0. To continue to support
diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py
index 632efb31..840254a2 100644
--- a/cryptography/hazmat/backends/openssl/x509.py
+++ b/cryptography/hazmat/backends/openssl/x509.py
@@ -13,9 +13,22 @@
INCLUDES = """
#include <openssl/ssl.h>
+
+/*
+ * This is part of a work-around for the difficulty cffi has in dealing with
+ * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that
+ * will be an alias for this type and use the alias throughout. This works
+ * together with another opaque typedef for the same name in the TYPES section.
+ * Note that the result is an opaque type.
+ */
+typedef STACK_OF(X509) Cryptography_STACK_OF_X509;
+typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED;
"""
TYPES = """
+typedef ... Cryptography_STACK_OF_X509;
+typedef ... Cryptography_STACK_OF_X509_REVOKED;
+
typedef struct {
ASN1_OBJECT *algorithm;
...;
@@ -36,8 +49,6 @@ typedef ... X509_EXTENSIONS;
typedef ... X509_REQ;
-typedef ... x509_revoked_st;
-
typedef struct {
ASN1_INTEGER *serialNumber;
ASN1_TIME *revocationDate;
@@ -47,7 +58,7 @@ typedef struct {
} X509_REVOKED;
typedef struct {
- struct stack_st_X509_REVOKED *revoked;
+ Cryptography_STACK_OF_X509_REVOKED *revoked;
...;
} X509_CRL_INFO;
@@ -165,25 +176,25 @@ ASN1_TIME *X509_get_notAfter(X509 *);
long X509_REQ_get_version(X509_REQ *);
X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
-struct stack_st_X509 *sk_X509_new_null(void);
-void sk_X509_free(struct stack_st_X509 *);
-int sk_X509_num(struct stack_st_X509 *);
-int sk_X509_push(struct stack_st_X509 *, X509 *);
-X509 *sk_X509_value(struct stack_st_X509 *, int);
+Cryptography_STACK_OF_X509 *sk_X509_new_null(void);
+void sk_X509_free(Cryptography_STACK_OF_X509 *);
+int sk_X509_num(Cryptography_STACK_OF_X509 *);
+int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *);
+X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int);
X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void);
int sk_X509_EXTENSION_num(X509_EXTENSIONS *);
X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int);
int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *);
-void sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int);
+X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int);
void sk_X509_EXTENSION_free(X509_EXTENSIONS *);
-int sk_X509_REVOKED_num(struct stack_st_X509_REVOKED *);
-X509_REVOKED *sk_X509_REVOKED_value(struct stack_st_X509_REVOKED *, int);
+int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *);
+X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int);
/* These aren't macros these arguments are all const X on openssl > 1.0.x */
-int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *);
-int X509_CRL_set_nextUpdate(X509_CRL *, const ASN1_TIME *);
+int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *);
+int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py
index 0543e387..bf627d61 100644
--- a/cryptography/hazmat/backends/openssl/x509name.py
+++ b/cryptography/hazmat/backends/openssl/x509name.py
@@ -13,11 +13,17 @@
INCLUDES = """
#include <openssl/x509.h>
+
+/*
+ * See the comment above Cryptography_STACK_OF_X509 in x509.py
+ */
+typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME;
"""
TYPES = """
typedef ... X509_NAME;
typedef ... X509_NAME_ENTRY;
+typedef ... Cryptography_STACK_OF_X509_NAME;
"""
FUNCTIONS = """
@@ -40,11 +46,11 @@ void X509_NAME_free(X509_NAME *);
"""
MACROS = """
-struct stack_st_X509_NAME *sk_X509_NAME_new_null(void);
-int sk_X509_NAME_num(struct stack_st_X509_NAME *);
-int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *);
-X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int);
-void sk_X509_NAME_free(struct stack_st_X509_NAME *);
+Cryptography_STACK_OF_X509_NAME *sk_X509_NAME_new_null(void);
+int sk_X509_NAME_num(Cryptography_STACK_OF_X509_NAME *);
+int sk_X509_NAME_push(Cryptography_STACK_OF_X509_NAME *, X509_NAME *);
+X509_NAME *sk_X509_NAME_value(Cryptography_STACK_OF_X509_NAME *, int);
+void sk_X509_NAME_free(Cryptography_STACK_OF_X509_NAME *);
"""
CUSTOMIZATIONS = """
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 08:38:46 +0000