From 4a90c254278231d7defeac304a3cfd752e96e786 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 13 Feb 2017 20:01:23 -0600 Subject: switch the PEM password callback to a C implementation (#3382) * switch the PEM password callback to a C implementation Calling from C to Python is fraught with edge cases, especially in subinterpreter land. This commit moves the PEM password callback logic into a small C function and then removes all the infrastructure for the cffi callbacks (as we no longer have any) * review feedback and update tests * rename the struct * aaand one more fix --- src/_cffi_src/openssl/callbacks.py | 66 ++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 31 deletions(-) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/callbacks.py b/src/_cffi_src/openssl/callbacks.py index 0194d2a5..a5f6f361 100644 --- a/src/_cffi_src/openssl/callbacks.py +++ b/src/_cffi_src/openssl/callbacks.py @@ -4,8 +4,6 @@ from __future__ import absolute_import, division, print_function -import cffi - INCLUDES = """ #include #include @@ -16,45 +14,24 @@ INCLUDES = """ """ TYPES = """ -static const long Cryptography_STATIC_CALLBACKS; - -/* crypto.h - * CRYPTO_set_locking_callback - * void (*cb)(int mode, int type, const char *file, int line) - */ -extern "Python" void Cryptography_locking_cb(int, int, const char *, int); - -/* pem.h - * int pem_password_cb(char *buf, int size, int rwflag, void *userdata); - */ -extern "Python" int Cryptography_pem_password_cb(char *, int, int, void *); - -/* rand.h - * int (*bytes)(unsigned char *buf, int num); - * int (*status)(void); - */ -extern "Python" int Cryptography_rand_bytes(unsigned char *, int); -extern "Python" int Cryptography_rand_status(void); +typedef struct { + char *password; + int length; + int called; + int error; + int maxsize; +} CRYPTOGRAPHY_PASSWORD_DATA; """ FUNCTIONS = """ int _setup_ssl_threads(void); +int Cryptography_pem_password_cb(char *, int, int, void *); """ MACROS = """ """ CUSTOMIZATIONS = """ -static const long Cryptography_STATIC_CALLBACKS = 1; -""" - -if cffi.__version_info__ < (1, 4, 0): - # backwards compatibility for old cffi version on PyPy - TYPES = "static const long Cryptography_STATIC_CALLBACKS;" - CUSTOMIZATIONS = """static const long Cryptography_STATIC_CALLBACKS = 0; -""" - -CUSTOMIZATIONS += """ /* This code is derived from the locking code found in the Python _ssl module's locking callback for OpenSSL. @@ -118,4 +95,31 @@ int _setup_ssl_threads(void) { } return 1; } + +typedef struct { + char *password; + int length; + int called; + int error; + int maxsize; +} CRYPTOGRAPHY_PASSWORD_DATA; + +int Cryptography_pem_password_cb(char *buf, int size, + int rwflag, void *userdata) { + /* The password cb is only invoked if OpenSSL decides the private + key is encrypted. So this path only occurs if it needs a password */ + CRYPTOGRAPHY_PASSWORD_DATA *st = (CRYPTOGRAPHY_PASSWORD_DATA *)userdata; + st->called += 1; + st->maxsize = size; + if (st->length == 0) { + st->error = -1; + return 0; + } else if (st->length < size) { + memcpy(buf, st->password, st->length); + return st->length; + } else { + st->error = -2; + return 0; + } +} """ -- cgit v1.2.3