From e432562e771f7e190310a093e93a217871e35c90 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 19 Dec 2016 17:25:00 -0600
Subject: DTLS bindings (#3309)

* add DTLSv1_2 methods

* add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout()

* fix: PEP8 failed

fix the following error:

./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters)

see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/

* Revert "add DTLSv1_2 methods"

This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e.

* replace 'long int' by 'long'

To be more consistent with the naming convention

cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970

* wrap with braces

cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057

* conditionally bind all DTLS

* rebase error

* rename wrapped function
---
 src/_cffi_src/openssl/ssl.py                       | 31 ++++++++++++++++++++++
 .../hazmat/bindings/openssl/_conditional.py        |  4 +++
 2 files changed, 35 insertions(+)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 6fdc2015..7a041e5d 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -25,6 +25,7 @@ static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE;
 static const long Cryptography_HAS_GET_SERVER_TMP_KEY;
 static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE;
 static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
+static const long Cryptography_HAS_DTLS;
 
 /* Internally invented symbol to tell us if SNI is supported */
 static const long Cryptography_HAS_TLSEXT_HOSTNAME;
@@ -431,6 +432,10 @@ long SSL_CTX_sess_cb_hits(SSL_CTX *);
 long SSL_CTX_sess_misses(SSL_CTX *);
 long SSL_CTX_sess_timeouts(SSL_CTX *);
 long SSL_CTX_sess_cache_full(SSL_CTX *);
+
+/* DTLS support */
+long Cryptography_DTLSv1_get_timeout(SSL *, time_t *, long *);
+long DTLSv1_handle_timeout(SSL *);
 """
 
 CUSTOMIZATIONS = """
@@ -652,4 +657,30 @@ static const long Cryptography_HAS_TLS_ST = 0;
 static const long TLS_ST_BEFORE = 0;
 static const long TLS_ST_OK = 0;
 #endif
+
+#ifndef OPENSSL_NO_DTLS
+static const long Cryptography_HAS_DTLS = 1;
+/* Wrap DTLSv1_get_timeout to avoid cffi to handle a 'struct timeval'. */
+long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec,
+                                     long *ptv_usec) {
+    struct timeval tv = { 0 };
+    int r = DTLSv1_get_timeout(ssl, &tv);
+
+    if (r == 1) {
+        if (ptv_sec) {
+            *ptv_sec = tv.tv_sec;
+        }
+
+        if (ptv_usec) {
+            *ptv_usec = tv.tv_usec;
+        }
+    }
+
+    return r;
+}
+#else
+static const long Cryptography_HAS_DTLS = 0;
+long (*DTLSv1_get_timeout_wrapped)(SSL *, time_t *, long int *) = NULL;
+long (*DTLSv1_handle_timeout)(SSL *) = NULL;
+#endif
 """
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index 46c32d14..291cea8c 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -303,4 +303,8 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_SCRYPT": [
         "EVP_PBE_scrypt",
     ],
+    "Cryptography_HAS_DTLS": [
+        "Cryptography_DTLSv1_get_timeout",
+        "DTLSv1_handle_timeout",
+    ],
 }
-- 
cgit v1.2.3