aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/_cffi_src/openssl/x509v3.py6
-rw-r--r--src/cryptography/hazmat/backends/openssl/backend.py5
-rw-r--r--src/cryptography/hazmat/backends/openssl/decode_asn1.py19
-rw-r--r--src/cryptography/hazmat/bindings/openssl/binding.py1
4 files changed, 26 insertions, 5 deletions
diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py
index 38099a9a..164c1a58 100644
--- a/src/_cffi_src/openssl/x509v3.py
+++ b/src/_cffi_src/openssl/x509v3.py
@@ -172,6 +172,8 @@ typedef struct {
} POLICYINFO;
typedef void (*sk_GENERAL_NAME_freefunc)(GENERAL_NAME *);
+typedef void (*sk_DIST_POINT_freefunc)(DIST_POINT *);
+typedef void (*sk_POLICYINFO_freefunc)(POLICYINFO *);
"""
@@ -244,12 +246,16 @@ void sk_DIST_POINT_free(Cryptography_STACK_OF_DIST_POINT *);
int sk_DIST_POINT_num(Cryptography_STACK_OF_DIST_POINT *);
DIST_POINT *sk_DIST_POINT_value(Cryptography_STACK_OF_DIST_POINT *, int);
int sk_DIST_POINT_push(Cryptography_STACK_OF_DIST_POINT *, DIST_POINT *);
+void sk_DIST_POINT_pop_free(Cryptography_STACK_OF_DIST_POINT *,
+ sk_DIST_POINT_freefunc);
void sk_POLICYINFO_free(Cryptography_STACK_OF_POLICYINFO *);
int sk_POLICYINFO_num(Cryptography_STACK_OF_POLICYINFO *);
POLICYINFO *sk_POLICYINFO_value(Cryptography_STACK_OF_POLICYINFO *, int);
int sk_POLICYINFO_push(Cryptography_STACK_OF_POLICYINFO *, POLICYINFO *);
Cryptography_STACK_OF_POLICYINFO *sk_POLICYINFO_new_null(void);
+void sk_POLICYINFO_pop_free(Cryptography_STACK_OF_POLICYINFO *,
+ sk_POLICYINFO_freefunc);
POLICYINFO *POLICYINFO_new(void);
void POLICYINFO_free(POLICYINFO *);
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 446891d3..41b86d6b 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -46,7 +46,6 @@ from cryptography.hazmat.backends.openssl.x509 import (
_Certificate, _CertificateRevocationList,
_CertificateSigningRequest, _RevokedCertificate
)
-from cryptography.hazmat.bindings._openssl import lib as _lib
from cryptography.hazmat.bindings.openssl import binding
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
@@ -1137,7 +1136,9 @@ class Backend(object):
evp_pkey = openssl_read_func(
mem_bio.bio,
self._ffi.NULL,
- self._ffi.addressof(_lib, "Cryptography_pem_password_cb"),
+ self._ffi.addressof(
+ self._lib._original_lib, "Cryptography_pem_password_cb"
+ ),
userdata,
)
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
index 2cbc349e..00937421 100644
--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -248,7 +248,14 @@ class _X509ExtensionParser(object):
def _decode_certificate_policies(backend, cp):
cp = backend._ffi.cast("Cryptography_STACK_OF_POLICYINFO *", cp)
- cp = backend._ffi.gc(cp, backend._lib.sk_POLICYINFO_free)
+
+ cp_freefunc = backend._ffi.addressof(
+ backend._lib._original_lib, "POLICYINFO_free"
+ )
+ cp = backend._ffi.gc(
+ cp, lambda c: backend._lib.sk_POLICYINFO_pop_free(c, cp_freefunc)
+ )
+
num = backend._lib.sk_POLICYINFO_num(cp)
certificate_policies = []
for i in range(num):
@@ -489,9 +496,15 @@ _DISTPOINT_TYPE_RELATIVENAME = 1
def _decode_crl_distribution_points(backend, cdps):
cdps = backend._ffi.cast("Cryptography_STACK_OF_DIST_POINT *", cdps)
- cdps = backend._ffi.gc(cdps, backend._lib.sk_DIST_POINT_free)
- num = backend._lib.sk_DIST_POINT_num(cdps)
+ dp_freefunc = backend._ffi.addressof(
+ backend._lib._original_lib, "DIST_POINT_free"
+ )
+ cdps = backend._ffi.gc(
+ cdps, lambda c: backend._lib.sk_DIST_POINT_pop_free(c, dp_freefunc)
+ )
+
+ num = backend._lib.sk_DIST_POINT_num(cdps)
dist_points = []
for i in range(num):
full_name = None
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 59092c0d..6b3d50c4 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -63,6 +63,7 @@ def _openssl_assert(lib, ok):
def build_conditional_library(lib, conditional_names):
conditional_lib = types.ModuleType("lib")
+ conditional_lib._original_lib = lib
excluded_names = set()
for condition, names in conditional_names.items():
if not getattr(lib, condition):
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-05 22:37:35 +0000