From 16a95ead463cea2bc36391394bec226633ef20ca Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 19 Feb 2015 09:14:16 -0600 Subject: conditionally bind EGD for libressl --- src/cryptography/hazmat/bindings/openssl/rand.py | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/rand.py b/src/cryptography/hazmat/bindings/openssl/rand.py index c30af921..6330482c 100644 --- a/src/cryptography/hazmat/bindings/openssl/rand.py +++ b/src/cryptography/hazmat/bindings/openssl/rand.py @@ -9,6 +9,7 @@ INCLUDES = """ """ TYPES = """ +static const long Cryptography_HAS_EGD; """ FUNCTIONS = """ @@ -16,9 +17,6 @@ void ERR_load_RAND_strings(void); void RAND_seed(const void *, int); void RAND_add(const void *, int, double); int RAND_status(void); -int RAND_egd(const char *); -int RAND_egd_bytes(const char *, int); -int RAND_query_egd_bytes(const char *, unsigned char *, int); const char *RAND_file_name(char *, size_t); int RAND_load_file(const char *, long); int RAND_write_file(const char *); @@ -28,9 +26,26 @@ int RAND_pseudo_bytes(unsigned char *, int); """ MACROS = """ +int RAND_egd(const char *); +int RAND_egd_bytes(const char *, int); +int RAND_query_egd_bytes(const char *, unsigned char *, int); """ CUSTOMIZATIONS = """ +#if defined(LIBRESSL_VERSION_NUMBER) +static const long Cryptography_HAS_EGD = 0; +int (*RAND_egd)(const char *) = NULL; +int (*RAND_egd_bytes)(const char *, int) = NULL; +int (*RAND_query_egd_bytes)(const char *, unsigned char *, int) = NULL; +#else +static const long Cryptography_HAS_EGD = 1; +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_EGD": [ + "RAND_egd", + "RAND_egd_bytes", + "RAND_query_egd_bytes", + ] +} -- cgit v1.2.3 From 1165473f748ed8c1d661f9587963e99ad11fa51d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 19 Feb 2015 09:16:45 -0600 Subject: conditionally bind cryptodev engine for LibreSSL --- src/cryptography/hazmat/bindings/openssl/engine.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/engine.py b/src/cryptography/hazmat/bindings/openssl/engine.py index 33c79982..3ebfa6c1 100644 --- a/src/cryptography/hazmat/bindings/openssl/engine.py +++ b/src/cryptography/hazmat/bindings/openssl/engine.py @@ -9,6 +9,8 @@ INCLUDES = """ """ TYPES = """ +static const long Cryptography_HAS_ENGINE_CRYPTODEV; + typedef ... ENGINE; typedef ... RSA_METHOD; typedef ... DSA_METHOD; @@ -49,7 +51,6 @@ int ENGINE_init(ENGINE *); int ENGINE_finish(ENGINE *); void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); -void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); void ENGINE_cleanup(void); ENGINE *ENGINE_get_default_RSA(void); @@ -148,9 +149,20 @@ void ENGINE_add_conf_module(void); """ MACROS = """ +void ENGINE_load_cryptodev(void); """ CUSTOMIZATIONS = """ +#if defined(LIBRESSL_VERSION_NUMBER) +static const long Cryptography_HAS_ENGINE_CRYPTODEV = 0; +void (*ENGINE_load_cryptodev)(void) = NULL; +#else +static const long Cryptography_HAS_ENGINE_CRYPTODEV = 1; +#endif """ -CONDITIONAL_NAMES = {} +CONDITIONAL_NAMES = { + "Cryptography_HAS_ENGINE_CRYPTODEV": [ + "ENGINE_load_cryptodev" + ] +} -- cgit v1.2.3 From 6f711102f5549cb367bbd6c6e2222dc3d8847bbc Mon Sep 17 00:00:00 2001 From: Steven McDonald Date: Wed, 18 Feb 2015 16:18:29 +1100 Subject: Define COMP_METHOD when building against LibreSSL LibreSSL no longer uses compression in ssl.h, so the case that was formerly activated by defining OPENSSL_NO_COMP is now the default, and COMP_METHOD isn't defined (it's defined in comp.h, but that's no longer included by ssl.h). In order to make all the type definitions here line up with what's actually in LibreSSL's ssl.h, define COMP_METHOD as void. This definition is still compatible with the later type declaration in ssl.py: typedef ... COMP_METHOD; --- src/cryptography/hazmat/bindings/openssl/ssl.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py index bf627139..2bbe4043 100644 --- a/src/cryptography/hazmat/bindings/openssl/ssl.py +++ b/src/cryptography/hazmat/bindings/openssl/ssl.py @@ -7,6 +7,14 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ #include +/* LibreSSL has removed support for compression, and with it the + * COMP_METHOD use in ssl.h. This is a hack to make the function types + * in this code match those in ssl.h. + */ +#ifdef LIBRESSL_VERSION_NUMBER +#define COMP_METHOD void +#endif + typedef STACK_OF(SSL_CIPHER) Cryptography_STACK_OF_SSL_CIPHER; """ -- cgit v1.2.3 From fab60f1cced530d5d0c53584d66ca91d77700a07 Mon Sep 17 00:00:00 2001 From: Steven McDonald Date: Wed, 18 Feb 2015 16:25:29 +1100 Subject: Disable features exclusive to newer OpenSSL when using LibreSSL Some features added to newer OpenSSL versions are absent in LibreSSL, so don't mark these as present if LIBRESSL_VERSION_NUMBER is defined. --- src/cryptography/hazmat/bindings/openssl/x509_vfy.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/x509_vfy.py b/src/cryptography/hazmat/bindings/openssl/x509_vfy.py index 6f05f4d7..1f75b86f 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/src/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -191,7 +191,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *, const char *); CUSTOMIZATIONS = """ /* OpenSSL 1.0.2+ verification error codes */ -#if OPENSSL_VERSION_NUMBER >= 0x10002000L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1; #else static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; @@ -207,7 +207,7 @@ static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; #endif /* OpenSSL 1.0.2+ verification parameters */ -#if OPENSSL_VERSION_NUMBER >= 0x10002000L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; -- cgit v1.2.3 From c965f0ad5b6cbb8920521fdb2ecb79e851af7d19 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 19 Feb 2015 13:55:34 -0600 Subject: move COMP_METHOD define and change to typedef for libre --- src/cryptography/hazmat/bindings/openssl/ssl.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py index 2bbe4043..1a6f1c20 100644 --- a/src/cryptography/hazmat/bindings/openssl/ssl.py +++ b/src/cryptography/hazmat/bindings/openssl/ssl.py @@ -7,14 +7,6 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ #include -/* LibreSSL has removed support for compression, and with it the - * COMP_METHOD use in ssl.h. This is a hack to make the function types - * in this code match those in ssl.h. - */ -#ifdef LIBRESSL_VERSION_NUMBER -#define COMP_METHOD void -#endif - typedef STACK_OF(SSL_CIPHER) Cryptography_STACK_OF_SSL_CIPHER; """ @@ -552,6 +544,14 @@ static const long Cryptography_HAS_ALPN = 0; #else static const long Cryptography_HAS_ALPN = 1; #endif +/* LibreSSL has removed support for compression, and with it the + * COMP_METHOD use in ssl.h. This is a hack to make the function types + * in this code match those in ssl.h. + */ +#ifdef LIBRESSL_VERSION_NUMBER +typedef void COMP_METHOD; +#endif + """ CONDITIONAL_NAMES = { -- cgit v1.2.3 From 8996f672f2c2fa49ecb59841e0b6bfea17e8ce13 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 19 Feb 2015 14:06:39 -0600 Subject: move some compression things around for libre --- src/cryptography/hazmat/bindings/openssl/ssl.py | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py index 1a6f1c20..bc4b2e79 100644 --- a/src/cryptography/hazmat/bindings/openssl/ssl.py +++ b/src/cryptography/hazmat/bindings/openssl/ssl.py @@ -19,6 +19,7 @@ static const long Cryptography_HAS_SSL3_METHOD; static const long Cryptography_HAS_TLSv1_1; static const long Cryptography_HAS_TLSv1_2; static const long Cryptography_HAS_SECURE_RENEGOTIATION; +static const long Cryptography_HAS_COMPRESSION; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -189,10 +190,6 @@ int SSL_shutdown(SSL *); const char *SSL_get_cipher_list(const SSL *, int); Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *); -const COMP_METHOD *SSL_get_current_compression(SSL *); -const COMP_METHOD *SSL_get_current_expansion(SSL *); -const char *SSL_COMP_get_name(const COMP_METHOD *); - /* context */ void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *, long); @@ -232,6 +229,11 @@ size_t SSL_get_peer_finished(const SSL *, void *, size_t); """ MACROS = """ +/* not macros, but will be conditionally bound so can't live in functions */ +const COMP_METHOD *SSL_get_current_compression(SSL *); +const COMP_METHOD *SSL_get_current_expansion(SSL *); +const char *SSL_COMP_get_name(const COMP_METHOD *); + unsigned long SSL_set_mode(SSL *, unsigned long); unsigned long SSL_get_mode(SSL *); @@ -549,7 +551,10 @@ static const long Cryptography_HAS_ALPN = 1; * in this code match those in ssl.h. */ #ifdef LIBRESSL_VERSION_NUMBER +static const long Cryptography_HAS_COMPRESSION = 0; typedef void COMP_METHOD; +#else +static const long Cryptography_HAS_COMPRESSION = 1; #endif """ @@ -634,5 +639,11 @@ CONDITIONAL_NAMES = { "SSL_set_alpn_protos", "SSL_CTX_set_alpn_select_cb", "SSL_get0_alpn_selected", + ], + + "Cryptography_HAS_COMPRESSION": [ + "SSL_get_current_compression", + "SSL_get_current_expansion", + "SSL_COMP_get_name", ] } -- cgit v1.2.3