diff options
| author | torkve <torkve@yandex-team.ru> | 2022-02-10 16:48:23 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:48:23 +0300 |
| commit | d2e3ef74aed5c066cc49df962b30ceb4318778ac (patch) | |
| tree | 5d5cb817648f650d76cf1076100726fd9b8448e8 /contrib/python/cryptography/_cffi_src/openssl/ssl.py | |
| parent | f9cfbeee51d5849127bb58793a2edcdfd7bb91bb (diff) | |
| download | ydb-d2e3ef74aed5c066cc49df962b30ceb4318778ac.tar.gz | |
Restoring authorship annotation for <torkve@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'contrib/python/cryptography/_cffi_src/openssl/ssl.py')
| -rw-r--r-- | contrib/python/cryptography/_cffi_src/openssl/ssl.py | 594 |
1 files changed, 297 insertions, 297 deletions
diff --git a/contrib/python/cryptography/_cffi_src/openssl/ssl.py b/contrib/python/cryptography/_cffi_src/openssl/ssl.py index 112c0c4ffc..9400f115fb 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/ssl.py +++ b/contrib/python/cryptography/_cffi_src/openssl/ssl.py @@ -16,15 +16,15 @@ static const long Cryptography_HAS_TLS_ST; static const long Cryptography_HAS_SSL3_METHOD; static const long Cryptography_HAS_TLSv1_1; static const long Cryptography_HAS_TLSv1_2; -static const long Cryptography_HAS_TLSv1_3; +static const long Cryptography_HAS_TLSv1_3; static const long Cryptography_HAS_SECURE_RENEGOTIATION; static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; -static const long Cryptography_HAS_DTLS; -static const long Cryptography_HAS_SIGALGS; -static const long Cryptography_HAS_PSK; -static const long Cryptography_HAS_VERIFIED_CHAIN; -static const long Cryptography_HAS_KEYLOG; -static const long Cryptography_HAS_GET_PROTO_VERSION; +static const long Cryptography_HAS_DTLS; +static const long Cryptography_HAS_SIGALGS; +static const long Cryptography_HAS_PSK; +static const long Cryptography_HAS_VERIFIED_CHAIN; +static const long Cryptography_HAS_KEYLOG; +static const long Cryptography_HAS_GET_PROTO_VERSION; static const long Cryptography_HAS_TLSEXT_HOSTNAME; /* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is @@ -39,11 +39,11 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; static const long Cryptography_HAS_SSL_SET_SSL_CTX; static const long Cryptography_HAS_SSL_OP_NO_TICKET; -static const long Cryptography_HAS_ALPN; +static const long Cryptography_HAS_ALPN; static const long Cryptography_HAS_NEXTPROTONEG; static const long Cryptography_HAS_SET_CERT_CB; -static const long Cryptography_HAS_CUSTOM_EXT; -static const long Cryptography_HAS_SRTP; +static const long Cryptography_HAS_CUSTOM_EXT; +static const long Cryptography_HAS_SRTP; static const long SSL_FILETYPE_PEM; static const long SSL_FILETYPE_ASN1; @@ -62,9 +62,9 @@ static const long SSL_OP_NO_SSLv3; static const long SSL_OP_NO_TLSv1; static const long SSL_OP_NO_TLSv1_1; static const long SSL_OP_NO_TLSv1_2; -static const long SSL_OP_NO_TLSv1_3; -static const long SSL_OP_NO_DTLSv1; -static const long SSL_OP_NO_DTLSv1_2; +static const long SSL_OP_NO_TLSv1_3; +static const long SSL_OP_NO_DTLSv1; +static const long SSL_OP_NO_DTLSv1_2; static const long SSL_OP_NO_COMPRESSION; static const long SSL_OP_SINGLE_DH_USE; static const long SSL_OP_EPHEMERAL_RSA; @@ -95,7 +95,7 @@ static const long SSL_VERIFY_PEER; static const long SSL_VERIFY_FAIL_IF_NO_PEER_CERT; static const long SSL_VERIFY_CLIENT_ONCE; static const long SSL_VERIFY_NONE; -static const long SSL_VERIFY_POST_HANDSHAKE; +static const long SSL_VERIFY_POST_HANDSHAKE; static const long SSL_SESS_CACHE_OFF; static const long SSL_SESS_CACHE_CLIENT; static const long SSL_SESS_CACHE_SERVER; @@ -140,15 +140,15 @@ typedef ... SSL_SESSION; typedef ... SSL; static const long TLSEXT_NAMETYPE_host_name; -static const long TLSEXT_STATUSTYPE_ocsp; +static const long TLSEXT_STATUSTYPE_ocsp; typedef ... SSL_CIPHER; typedef ... Cryptography_STACK_OF_SSL_CIPHER; - -typedef struct { - const char *name; - unsigned long id; -} SRTP_PROTECTION_PROFILE; + +typedef struct { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; """ FUNCTIONS = """ @@ -169,23 +169,23 @@ int SSL_pending(const SSL *); int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); int SSL_peek(SSL *, void *, int); -X509 *SSL_get_certificate(const SSL *); +X509 *SSL_get_certificate(const SSL *); X509 *SSL_get_peer_certificate(const SSL *); int SSL_get_ex_data_X509_STORE_CTX_idx(void); -/* Added in 1.0.2 */ -X509_VERIFY_PARAM *SSL_get0_param(SSL *); -X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *); - -int SSL_get_sigalgs(SSL *, int, int *, int *, int *, unsigned char *, - unsigned char *); - +/* Added in 1.0.2 */ +X509_VERIFY_PARAM *SSL_get0_param(SSL *); +X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *); + +int SSL_get_sigalgs(SSL *, int, int *, int *, int *, unsigned char *, + unsigned char *); + Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); -Cryptography_STACK_OF_X509 *SSL_get0_verified_chain(const SSL *); +Cryptography_STACK_OF_X509 *SSL_get0_verified_chain(const SSL *); Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); -long SSL_get_verify_result(const SSL *ssl); +long SSL_get_verify_result(const SSL *ssl); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); int SSL_renegotiate(SSL *); @@ -211,36 +211,36 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *, EVP_PKEY *); int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int); int SSL_CTX_check_private_key(const SSL_CTX *); void SSL_CTX_set_cert_verify_callback(SSL_CTX *, - int (*)(X509_STORE_CTX *, void *), + int (*)(X509_STORE_CTX *, void *), void *); - -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, - int (*)( - SSL *, - unsigned char *, - unsigned int * - )); -long SSL_CTX_get_read_ahead(SSL_CTX *); -long SSL_CTX_set_read_ahead(SSL_CTX *, long); - -int SSL_CTX_use_psk_identity_hint(SSL_CTX *, const char *); -void SSL_CTX_set_psk_server_callback(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - unsigned char *, - unsigned int - )); -void SSL_CTX_set_psk_client_callback(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - char *, - unsigned int, - unsigned char *, - unsigned int - )); - + +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, + int (*)( + SSL *, + unsigned char *, + unsigned int * + )); +long SSL_CTX_get_read_ahead(SSL_CTX *); +long SSL_CTX_set_read_ahead(SSL_CTX *, long); + +int SSL_CTX_use_psk_identity_hint(SSL_CTX *, const char *); +void SSL_CTX_set_psk_server_callback(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + unsigned char *, + unsigned int + )); +void SSL_CTX_set_psk_client_callback(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + char *, + unsigned int, + unsigned char *, + unsigned int + )); + int SSL_CTX_set_session_id_context(SSL_CTX *, const unsigned char *, unsigned int); @@ -253,27 +253,27 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int)); void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); -void SSL_CTX_set_keylog_callback(SSL_CTX *, - void (*)(const SSL *, const char *)); -void (*SSL_CTX_get_keylog_callback(SSL_CTX *))(const SSL *, const char *); - -long SSL_CTX_set1_sigalgs_list(SSL_CTX *, const char *); - +void SSL_CTX_set_keylog_callback(SSL_CTX *, + void (*)(const SSL *, const char *)); +void (*SSL_CTX_get_keylog_callback(SSL_CTX *))(const SSL *, const char *); + +long SSL_CTX_set1_sigalgs_list(SSL_CTX *, const char *); + /* SSL_SESSION */ void SSL_SESSION_free(SSL_SESSION *); /* Information about actually used cipher */ const char *SSL_CIPHER_get_name(const SSL_CIPHER *); int SSL_CIPHER_get_bits(const SSL_CIPHER *, int *); -/* the modern signature of this is uint32_t, but older openssl declared it - as unsigned long. To make our compiler flags happy we'll declare it as a - 64-bit wide value, which should always be safe */ -uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); -int SSL_CIPHER_is_aead(const SSL_CIPHER *); -int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *); +/* the modern signature of this is uint32_t, but older openssl declared it + as unsigned long. To make our compiler flags happy we'll declare it as a + 64-bit wide value, which should always be safe */ +uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); +int SSL_CIPHER_is_aead(const SSL_CIPHER *); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *); size_t SSL_get_finished(const SSL *, void *, size_t); size_t SSL_get_peer_finished(const SSL *, void *, size_t); @@ -296,13 +296,13 @@ int SSL_CTX_set_ex_data(SSL_CTX *, int, void *); SSL_SESSION *SSL_get_session(const SSL *); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *, unsigned int *); -long SSL_SESSION_get_time(const SSL_SESSION *); -long SSL_SESSION_get_timeout(const SSL_SESSION *); -int SSL_SESSION_has_ticket(const SSL_SESSION *); -long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *); +long SSL_SESSION_get_time(const SSL_SESSION *); +long SSL_SESSION_get_timeout(const SSL_SESSION *); +int SSL_SESSION_has_ticket(const SSL_SESSION *); +long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *); unsigned long SSL_set_mode(SSL *, unsigned long); -unsigned long SSL_clear_mode(SSL *, unsigned long); +unsigned long SSL_clear_mode(SSL *, unsigned long); unsigned long SSL_get_mode(SSL *); unsigned long SSL_set_options(SSL *, unsigned long); @@ -314,23 +314,23 @@ int SSL_want_write(const SSL *); long SSL_total_renegotiations(SSL *); long SSL_get_secure_renegotiation_support(SSL *); -long SSL_CTX_set_min_proto_version(SSL_CTX *, int); -long SSL_CTX_set_max_proto_version(SSL_CTX *, int); -long SSL_set_min_proto_version(SSL *, int); -long SSL_set_max_proto_version(SSL *, int); - -long SSL_CTX_get_min_proto_version(SSL_CTX *); -long SSL_CTX_get_max_proto_version(SSL_CTX *); -long SSL_get_min_proto_version(SSL *); -long SSL_get_max_proto_version(SSL *); - +long SSL_CTX_set_min_proto_version(SSL_CTX *, int); +long SSL_CTX_set_max_proto_version(SSL_CTX *, int); +long SSL_set_min_proto_version(SSL *, int); +long SSL_set_max_proto_version(SSL *, int); + +long SSL_CTX_get_min_proto_version(SSL_CTX *); +long SSL_CTX_get_max_proto_version(SSL_CTX *); +long SSL_get_min_proto_version(SSL *); +long SSL_get_max_proto_version(SSL *); + /* Defined as unsigned long because SSL_OP_ALL is greater than signed 32-bit and Windows defines long as 32-bit. */ unsigned long SSL_CTX_set_options(SSL_CTX *, unsigned long); unsigned long SSL_CTX_clear_options(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_options(SSL_CTX *); unsigned long SSL_CTX_set_mode(SSL_CTX *, unsigned long); -unsigned long SSL_CTX_clear_mode(SSL_CTX *, unsigned long); +unsigned long SSL_CTX_clear_mode(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_mode(SSL_CTX *); unsigned long SSL_CTX_set_session_cache_mode(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_session_cache_mode(SSL_CTX *); @@ -362,19 +362,19 @@ const SSL_METHOD *DTLSv1_method(void); const SSL_METHOD *DTLSv1_server_method(void); const SSL_METHOD *DTLSv1_client_method(void); -/* Added in 1.0.2 */ -const SSL_METHOD *DTLS_method(void); -const SSL_METHOD *DTLS_server_method(void); -const SSL_METHOD *DTLS_client_method(void); - +/* Added in 1.0.2 */ +const SSL_METHOD *DTLS_method(void); +const SSL_METHOD *DTLS_server_method(void); +const SSL_METHOD *DTLS_client_method(void); + const SSL_METHOD *SSLv23_method(void); const SSL_METHOD *SSLv23_server_method(void); const SSL_METHOD *SSLv23_client_method(void); -const SSL_METHOD *TLS_method(void); -const SSL_METHOD *TLS_server_method(void); -const SSL_METHOD *TLS_client_method(void); - +const SSL_METHOD *TLS_method(void); +const SSL_METHOD *TLS_server_method(void); +const SSL_METHOD *TLS_client_method(void); + /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/ SSL_CTX *SSL_CTX_new(SSL_METHOD *); long SSL_CTX_get_timeout(const SSL_CTX *); @@ -389,7 +389,7 @@ void *SSL_get_ex_data(const SSL *, int); void SSL_set_tlsext_host_name(SSL *, char *); void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, - int (*)(SSL *, int *, void *)); + int (*)(SSL *, int *, void *)); void SSL_CTX_set_tlsext_servername_arg( SSL_CTX *, void *); @@ -399,10 +399,10 @@ long SSL_set_tlsext_status_type(SSL *, long); long SSL_CTX_set_tlsext_status_cb(SSL_CTX *, int(*)(SSL *, void *)); long SSL_CTX_set_tlsext_status_arg(SSL_CTX *, void *); -int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *, const char *); -int SSL_set_tlsext_use_srtp(SSL *, const char *); -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); - +int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *, const char *); +int SSL_set_tlsext_use_srtp(SSL *, const char *); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); + long SSL_session_reused(SSL *); int SSL_select_next_proto(unsigned char **, unsigned char *, @@ -442,8 +442,8 @@ size_t SSL_SESSION_get_master_key(const SSL_SESSION *, unsigned char *, size_t); size_t SSL_get_client_random(const SSL *, unsigned char *, size_t); size_t SSL_get_server_random(const SSL *, unsigned char *, size_t); -int SSL_export_keying_material(SSL *, unsigned char *, size_t, const char *, - size_t, const unsigned char *, size_t, int); +int SSL_export_keying_material(SSL *, unsigned char *, size_t, const char *, + size_t, const unsigned char *, size_t, int); long SSL_CTX_sess_number(SSL_CTX *); long SSL_CTX_sess_connect(SSL_CTX *); @@ -457,77 +457,77 @@ long SSL_CTX_sess_cb_hits(SSL_CTX *); long SSL_CTX_sess_misses(SSL_CTX *); long SSL_CTX_sess_timeouts(SSL_CTX *); long SSL_CTX_sess_cache_full(SSL_CTX *); - -/* DTLS support */ -long Cryptography_DTLSv1_get_timeout(SSL *, time_t *, long *); -long DTLSv1_handle_timeout(SSL *); -long DTLS_set_link_mtu(SSL *, long); -long DTLS_get_link_min_mtu(SSL *); - -/* Custom extensions. */ -typedef int (*custom_ext_add_cb)(SSL *, unsigned int, - const unsigned char **, - size_t *, int *, - void *); - -typedef void (*custom_ext_free_cb)(SSL *, unsigned int, - const unsigned char *, - void *); - -typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, - const unsigned char *, - size_t, int *, - void *); - -int SSL_CTX_add_client_custom_ext(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *); - -int SSL_CTX_add_server_custom_ext(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *); - -int SSL_extension_supported(unsigned int); - -int SSL_CTX_set_ciphersuites(SSL_CTX *, const char *); -int SSL_verify_client_post_handshake(SSL *); -void SSL_CTX_set_post_handshake_auth(SSL_CTX *, int); -void SSL_set_post_handshake_auth(SSL *, int); - -uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *); -int SSL_write_early_data(SSL *, const void *, size_t, size_t *); -int SSL_read_early_data(SSL *, void *, size_t, size_t *); -int SSL_CTX_set_max_early_data(SSL_CTX *, uint32_t); + +/* DTLS support */ +long Cryptography_DTLSv1_get_timeout(SSL *, time_t *, long *); +long DTLSv1_handle_timeout(SSL *); +long DTLS_set_link_mtu(SSL *, long); +long DTLS_get_link_min_mtu(SSL *); + +/* Custom extensions. */ +typedef int (*custom_ext_add_cb)(SSL *, unsigned int, + const unsigned char **, + size_t *, int *, + void *); + +typedef void (*custom_ext_free_cb)(SSL *, unsigned int, + const unsigned char *, + void *); + +typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, + const unsigned char *, + size_t, int *, + void *); + +int SSL_CTX_add_client_custom_ext(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *); + +int SSL_CTX_add_server_custom_ext(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *); + +int SSL_extension_supported(unsigned int); + +int SSL_CTX_set_ciphersuites(SSL_CTX *, const char *); +int SSL_verify_client_post_handshake(SSL *); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *, int); +void SSL_set_post_handshake_auth(SSL *, int); + +uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *); +int SSL_write_early_data(SSL *, const void *, size_t, size_t *); +int SSL_read_early_data(SSL *, void *, size_t, size_t *); +int SSL_CTX_set_max_early_data(SSL_CTX *, uint32_t); """ CUSTOMIZATIONS = """ -// This symbol is being preserved because removing it will break users with -// pyOpenSSL < 19.1 and pip < 20.x. We need to leave this in place until those -// users have upgraded. PersistentlyDeprecated2020 -static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; - -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_VERIFIED_CHAIN = 0; -Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; -#else -static const long Cryptography_HAS_VERIFIED_CHAIN = 1; +// This symbol is being preserved because removing it will break users with +// pyOpenSSL < 19.1 and pip < 20.x. We need to leave this in place until those +// users have upgraded. PersistentlyDeprecated2020 +static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; + +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_VERIFIED_CHAIN = 0; +Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; +#else +static const long Cryptography_HAS_VERIFIED_CHAIN = 1; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -static const long Cryptography_HAS_KEYLOG = 0; -void (*SSL_CTX_set_keylog_callback)(SSL_CTX *, - void (*) (const SSL *, const char *) - ) = NULL; -void (*(*SSL_CTX_get_keylog_callback)(SSL_CTX *))( - const SSL *, - const char * - ) = NULL; -#else -static const long Cryptography_HAS_KEYLOG = 1; +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 +static const long Cryptography_HAS_KEYLOG = 0; +void (*SSL_CTX_set_keylog_callback)(SSL_CTX *, + void (*) (const SSL *, const char *) + ) = NULL; +void (*(*SSL_CTX_get_keylog_callback)(SSL_CTX *))( + const SSL *, + const char * + ) = NULL; +#else +static const long Cryptography_HAS_KEYLOG = 1; #endif static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; @@ -548,10 +548,10 @@ static const long Cryptography_HAS_TLSv1_2 = 1; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; -static const long Cryptography_HAS_NEXTPROTONEG = 0; +static const long Cryptography_HAS_NEXTPROTONEG = 0; static const long Cryptography_HAS_ALPN = 1; -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_IS_LIBRESSL void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; static const long Cryptography_HAS_SET_CERT_CB = 0; @@ -563,7 +563,7 @@ static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 1; /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were removed */ -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_SSL_ST = 1; #else static const long Cryptography_HAS_SSL_ST = 0; @@ -572,7 +572,7 @@ static const long SSL_ST_OK = 0; static const long SSL_ST_INIT = 0; static const long SSL_ST_RENEGOTIATE = 0; #endif -#if !CRYPTOGRAPHY_IS_LIBRESSL +#if !CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_TLS_ST = 1; #else static const long Cryptography_HAS_TLS_ST = 0; @@ -580,126 +580,126 @@ static const long TLS_ST_BEFORE = 0; static const long TLS_ST_OK = 0; #endif -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long SSL_OP_NO_DTLSv1 = 0; -static const long SSL_OP_NO_DTLSv1_2 = 0; -long (*DTLS_set_link_mtu)(SSL *, long) = NULL; -long (*DTLS_get_link_min_mtu)(SSL *) = NULL; +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long SSL_OP_NO_DTLSv1 = 0; +static const long SSL_OP_NO_DTLSv1_2 = 0; +long (*DTLS_set_link_mtu)(SSL *, long) = NULL; +long (*DTLS_get_link_min_mtu)(SSL *) = NULL; +#endif + +static const long Cryptography_HAS_DTLS = 1; +/* Wrap DTLSv1_get_timeout to avoid cffi to handle a 'struct timeval'. */ +long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec, + long *ptv_usec) { + struct timeval tv = { 0 }; + long r = DTLSv1_get_timeout(ssl, &tv); + + if (r == 1) { + if (ptv_sec) { + *ptv_sec = tv.tv_sec; + } + + if (ptv_usec) { + *ptv_usec = tv.tv_usec; + } + } + + return r; +} + +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_SIGALGS = 0; +const int (*SSL_get_sigalgs)(SSL *, int, int *, int *, int *, unsigned char *, + unsigned char *) = NULL; +const long (*SSL_CTX_set1_sigalgs_list)(SSL_CTX *, const char *) = NULL; +#else +static const long Cryptography_HAS_SIGALGS = 1; +#endif + +#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_PSK) +static const long Cryptography_HAS_PSK = 0; +int (*SSL_CTX_use_psk_identity_hint)(SSL_CTX *, const char *) = NULL; +void (*SSL_CTX_set_psk_server_callback)(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + unsigned char *, + unsigned int + )) = NULL; +void (*SSL_CTX_set_psk_client_callback)(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + char *, + unsigned int, + unsigned char *, + unsigned int + )) = NULL; +#else +static const long Cryptography_HAS_PSK = 1; +#endif + +#if !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_CUSTOM_EXT = 1; +#else +static const long Cryptography_HAS_CUSTOM_EXT = 0; +typedef int (*custom_ext_add_cb)(SSL *, unsigned int, + const unsigned char **, + size_t *, int *, + void *); +typedef void (*custom_ext_free_cb)(SSL *, unsigned int, + const unsigned char *, + void *); +typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, + const unsigned char *, + size_t, int *, + void *); +int (*SSL_CTX_add_client_custom_ext)(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *) = NULL; +int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *) = NULL; +int (*SSL_extension_supported)(unsigned int) = NULL; +#endif + +#ifndef OPENSSL_NO_SRTP +static const long Cryptography_HAS_SRTP = 1; +#else +static const long Cryptography_HAS_SRTP = 0; +int (*SSL_CTX_set_tlsext_use_srtp)(SSL_CTX *, const char *) = NULL; +int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; +SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; +#endif + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 +static const long Cryptography_HAS_TLSv1_3 = 0; +static const long SSL_OP_NO_TLSv1_3 = 0; +static const long SSL_VERIFY_POST_HANDSHAKE = 0; +int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL; +int (*SSL_verify_client_post_handshake)(SSL *) = NULL; +void (*SSL_CTX_set_post_handshake_auth)(SSL_CTX *, int) = NULL; +void (*SSL_set_post_handshake_auth)(SSL *, int) = NULL; +uint32_t (*SSL_SESSION_get_max_early_data)(const SSL_SESSION *) = NULL; +int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL; +int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL; +int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL; +#else +static const long Cryptography_HAS_TLSv1_3 = 1; +#endif + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_GET_PROTO_VERSION = 0; + +long (*SSL_CTX_get_min_proto_version)(SSL_CTX *) = NULL; +long (*SSL_CTX_get_max_proto_version)(SSL_CTX *) = NULL; +long (*SSL_get_min_proto_version)(SSL *) = NULL; +long (*SSL_get_max_proto_version)(SSL *) = NULL; +#else +static const long Cryptography_HAS_GET_PROTO_VERSION = 1; #endif - -static const long Cryptography_HAS_DTLS = 1; -/* Wrap DTLSv1_get_timeout to avoid cffi to handle a 'struct timeval'. */ -long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec, - long *ptv_usec) { - struct timeval tv = { 0 }; - long r = DTLSv1_get_timeout(ssl, &tv); - - if (r == 1) { - if (ptv_sec) { - *ptv_sec = tv.tv_sec; - } - - if (ptv_usec) { - *ptv_usec = tv.tv_usec; - } - } - - return r; -} - -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_SIGALGS = 0; -const int (*SSL_get_sigalgs)(SSL *, int, int *, int *, int *, unsigned char *, - unsigned char *) = NULL; -const long (*SSL_CTX_set1_sigalgs_list)(SSL_CTX *, const char *) = NULL; -#else -static const long Cryptography_HAS_SIGALGS = 1; -#endif - -#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_PSK) -static const long Cryptography_HAS_PSK = 0; -int (*SSL_CTX_use_psk_identity_hint)(SSL_CTX *, const char *) = NULL; -void (*SSL_CTX_set_psk_server_callback)(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - unsigned char *, - unsigned int - )) = NULL; -void (*SSL_CTX_set_psk_client_callback)(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - char *, - unsigned int, - unsigned char *, - unsigned int - )) = NULL; -#else -static const long Cryptography_HAS_PSK = 1; -#endif - -#if !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_CUSTOM_EXT = 1; -#else -static const long Cryptography_HAS_CUSTOM_EXT = 0; -typedef int (*custom_ext_add_cb)(SSL *, unsigned int, - const unsigned char **, - size_t *, int *, - void *); -typedef void (*custom_ext_free_cb)(SSL *, unsigned int, - const unsigned char *, - void *); -typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, - const unsigned char *, - size_t, int *, - void *); -int (*SSL_CTX_add_client_custom_ext)(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *) = NULL; -int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *) = NULL; -int (*SSL_extension_supported)(unsigned int) = NULL; -#endif - -#ifndef OPENSSL_NO_SRTP -static const long Cryptography_HAS_SRTP = 1; -#else -static const long Cryptography_HAS_SRTP = 0; -int (*SSL_CTX_set_tlsext_use_srtp)(SSL_CTX *, const char *) = NULL; -int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; -SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -static const long Cryptography_HAS_TLSv1_3 = 0; -static const long SSL_OP_NO_TLSv1_3 = 0; -static const long SSL_VERIFY_POST_HANDSHAKE = 0; -int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL; -int (*SSL_verify_client_post_handshake)(SSL *) = NULL; -void (*SSL_CTX_set_post_handshake_auth)(SSL_CTX *, int) = NULL; -void (*SSL_set_post_handshake_auth)(SSL *, int) = NULL; -uint32_t (*SSL_SESSION_get_max_early_data)(const SSL_SESSION *) = NULL; -int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL; -int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL; -int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL; -#else -static const long Cryptography_HAS_TLSv1_3 = 1; -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_GET_PROTO_VERSION = 0; - -long (*SSL_CTX_get_min_proto_version)(SSL_CTX *) = NULL; -long (*SSL_CTX_get_max_proto_version)(SSL_CTX *) = NULL; -long (*SSL_get_min_proto_version)(SSL *) = NULL; -long (*SSL_get_max_proto_version)(SSL *) = NULL; -#else -static const long Cryptography_HAS_GET_PROTO_VERSION = 1; -#endif """ |