diff options
| author | torkve <torkve@yandex-team.ru> | 2022-02-10 16:48:23 +0300 |
|---|---|---|
| committer | Daniil Cherednik <dcherednik@yandex-team.ru> | 2022-02-10 16:48:23 +0300 |
| commit | d2e3ef74aed5c066cc49df962b30ceb4318778ac (patch) | |
| tree | 5d5cb817648f650d76cf1076100726fd9b8448e8 /contrib/python/cryptography/_cffi_src | |
| parent | f9cfbeee51d5849127bb58793a2edcdfd7bb91bb (diff) | |
| download | ydb-d2e3ef74aed5c066cc49df962b30ceb4318778ac.tar.gz | |
Restoring authorship annotation for <torkve@yandex-team.ru>. Commit 2 of 2.
Diffstat (limited to 'contrib/python/cryptography/_cffi_src')
36 files changed, 2092 insertions, 2092 deletions
diff --git a/contrib/python/cryptography/_cffi_src/build_openssl.py b/contrib/python/cryptography/_cffi_src/build_openssl.py index ea26b01ce8..4380c33969 100644 --- a/contrib/python/cryptography/_cffi_src/build_openssl.py +++ b/contrib/python/cryptography/_cffi_src/build_openssl.py @@ -6,71 +6,71 @@ from __future__ import absolute_import, division, print_function import os import sys -from distutils import dist -from distutils.ccompiler import get_default_compiler -from distutils.command.config import config +from distutils import dist +from distutils.ccompiler import get_default_compiler +from distutils.command.config import config from _cffi_src.utils import ( - build_ffi_for_binding, - compiler_type, - extra_link_args, + build_ffi_for_binding, + compiler_type, + extra_link_args, ) def _get_openssl_libraries(platform): - if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None): - return [] + if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None): + return [] # OpenSSL goes by a different library name on different operating systems. - if platform == "win32" and compiler_type() == "msvc": - return [ - "libssl", - "libcrypto", - "advapi32", - "crypt32", - "gdi32", - "user32", - "ws2_32", - ] + if platform == "win32" and compiler_type() == "msvc": + return [ + "libssl", + "libcrypto", + "advapi32", + "crypt32", + "gdi32", + "user32", + "ws2_32", + ] else: - # darwin, linux, mingw all use this path + # darwin, linux, mingw all use this path # In some circumstances, the order in which these libs are # specified on the linker command-line is significant; # libssl must come before libcrypto - # (https://marc.info/?l=openssl-users&m=135361825921871) - # -lpthread required due to usage of pthread an potential - # existance of a static part containing e.g. pthread_atfork - # (https://github.com/pyca/cryptography/issues/5084) - if sys.platform == "zos": - return ["ssl", "crypto"] - else: - return ["ssl", "crypto", "pthread"] + # (https://marc.info/?l=openssl-users&m=135361825921871) + # -lpthread required due to usage of pthread an potential + # existance of a static part containing e.g. pthread_atfork + # (https://github.com/pyca/cryptography/issues/5084) + if sys.platform == "zos": + return ["ssl", "crypto"] + else: + return ["ssl", "crypto", "pthread"] -def _extra_compile_args(platform): - """ - We set -Wconversion args here so that we only do Wconversion checks on the - code we're compiling and not on cffi itself (as passing -Wconversion in - CFLAGS would do). We set no error on sign conversion because some - function signatures in LibreSSL differ from OpenSSL have changed on long - vs. unsigned long in the past. Since that isn't a precision issue we don't - care. - """ - # make sure the compiler used supports the flags to be added - is_gcc = False - if get_default_compiler() == "unix": - d = dist.Distribution() - cmd = config(d) - cmd._check_compiler() - is_gcc = ( - "gcc" in cmd.compiler.compiler[0] - or "clang" in cmd.compiler.compiler[0] - ) - if is_gcc or not ( - platform in ["win32", "hp-ux11", "sunos5"] - or platform.startswith("aix") - ): - return ["-Wconversion", "-Wno-error=sign-conversion"] - else: +def _extra_compile_args(platform): + """ + We set -Wconversion args here so that we only do Wconversion checks on the + code we're compiling and not on cffi itself (as passing -Wconversion in + CFLAGS would do). We set no error on sign conversion because some + function signatures in LibreSSL differ from OpenSSL have changed on long + vs. unsigned long in the past. Since that isn't a precision issue we don't + care. + """ + # make sure the compiler used supports the flags to be added + is_gcc = False + if get_default_compiler() == "unix": + d = dist.Distribution() + cmd = config(d) + cmd._check_compiler() + is_gcc = ( + "gcc" in cmd.compiler.compiler[0] + or "clang" in cmd.compiler.compiler[0] + ) + if is_gcc or not ( + platform in ["win32", "hp-ux11", "sunos5"] + or platform.startswith("aix") + ): + return ["-Wconversion", "-Wno-error=sign-conversion"] + else: return [] @@ -87,7 +87,7 @@ ffi = build_ffi_for_binding( "cmac", "conf", "crypto", - "ct", + "ct", "dh", "dsa", "ec", @@ -96,13 +96,13 @@ ffi = build_ffi_for_binding( "engine", "err", "evp", - "fips", + "fips", "hmac", "nid", "objects", "ocsp", "opensslv", - "osrandom_engine", + "osrandom_engine", "pem", "pkcs12", "rand", @@ -116,6 +116,6 @@ ffi = build_ffi_for_binding( "callbacks", ], libraries=_get_openssl_libraries(sys.platform), - extra_compile_args=_extra_compile_args(sys.platform), + extra_compile_args=_extra_compile_args(sys.platform), extra_link_args=extra_link_args(compiler_type()), ) diff --git a/contrib/python/cryptography/_cffi_src/build_padding.py b/contrib/python/cryptography/_cffi_src/build_padding.py index 730239cbc7..207f4a658e 100644 --- a/contrib/python/cryptography/_cffi_src/build_padding.py +++ b/contrib/python/cryptography/_cffi_src/build_padding.py @@ -9,14 +9,14 @@ import os from _cffi_src.utils import build_ffi, compiler_type, extra_link_args -with open( - os.path.join(os.path.dirname(__file__), "hazmat_src/padding.h") -) as f: +with open( + os.path.join(os.path.dirname(__file__), "hazmat_src/padding.h") +) as f: types = f.read() -with open( - os.path.join(os.path.dirname(__file__), "hazmat_src/padding.c") -) as f: +with open( + os.path.join(os.path.dirname(__file__), "hazmat_src/padding.c") +) as f: functions = f.read() ffi = build_ffi( diff --git a/contrib/python/cryptography/_cffi_src/hazmat_src/padding.c b/contrib/python/cryptography/_cffi_src/hazmat_src/padding.c index c2572e3ba4..a6e05dee1e 100644 --- a/contrib/python/cryptography/_cffi_src/hazmat_src/padding.c +++ b/contrib/python/cryptography/_cffi_src/hazmat_src/padding.c @@ -1,7 +1,7 @@ // This file is dual licensed under the terms of the Apache License, Version // 2.0, and the BSD License. See the LICENSE file in the root of this // repository for complete details. - + /* Returns the value of the input with the most-significant-bit copied to all of the bits. */ static uint16_t Cryptography_DUPLICATE_MSB_TO_ALL(uint16_t a) { diff --git a/contrib/python/cryptography/_cffi_src/openssl/aes.py b/contrib/python/cryptography/_cffi_src/openssl/aes.py index adcdb10dae..25ef3ec0e3 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/aes.py +++ b/contrib/python/cryptography/_cffi_src/openssl/aes.py @@ -9,7 +9,7 @@ INCLUDES = """ """ TYPES = """ -typedef ... AES_KEY; +typedef ... AES_KEY; """ FUNCTIONS = """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/asn1.py b/contrib/python/cryptography/_cffi_src/openssl/asn1.py index 11ff55628e..da55b670e0 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/asn1.py +++ b/contrib/python/cryptography/_cffi_src/openssl/asn1.py @@ -27,13 +27,13 @@ typedef struct asn1_string_st ASN1_TIME; typedef ... ASN1_OBJECT; typedef struct asn1_string_st ASN1_STRING; typedef struct asn1_string_st ASN1_UTF8STRING; -typedef struct { - int type; - ...; -} ASN1_TYPE; +typedef struct { + int type; + ...; +} ASN1_TYPE; typedef ... ASN1_GENERALIZEDTIME; typedef ... ASN1_ENUMERATED; -typedef ... ASN1_NULL; +typedef ... ASN1_NULL; static const int V_ASN1_GENERALIZEDTIME; @@ -62,7 +62,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *, long); /* ASN1 TIME */ ASN1_TIME *ASN1_TIME_new(void); void ASN1_TIME_free(ASN1_TIME *); -int ASN1_TIME_set_string(ASN1_TIME *, const char *); +int ASN1_TIME_set_string(ASN1_TIME *, const char *); /* ASN1 GENERALIZEDTIME */ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *, time_t); @@ -80,10 +80,10 @@ int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *); long ASN1_ENUMERATED_get(ASN1_ENUMERATED *); int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *); -/* This became const ASN1_TIME in 1.1.0f */ -ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *, - ASN1_GENERALIZEDTIME **); - +/* This became const ASN1_TIME in 1.1.0f */ +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *, + ASN1_GENERALIZEDTIME **); + ASN1_UTF8STRING *ASN1_UTF8STRING_new(void); void ASN1_UTF8STRING_free(ASN1_UTF8STRING *); @@ -93,15 +93,15 @@ void ASN1_BIT_STRING_free(ASN1_BIT_STRING *); int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *, int); int ASN1_STRING_length(ASN1_STRING *); -int ASN1_STRING_set_default_mask_asc(char *); +int ASN1_STRING_set_default_mask_asc(char *); BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *); ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *); int i2d_ASN1_TYPE(ASN1_TYPE *, unsigned char **); ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **, const unsigned char **, long); - -ASN1_NULL *ASN1_NULL_new(void); + +ASN1_NULL *ASN1_NULL_new(void); """ CUSTOMIZATIONS = """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/bignum.py b/contrib/python/cryptography/_cffi_src/openssl/bignum.py index 0399ddfb52..751018391d 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/bignum.py +++ b/contrib/python/cryptography/_cffi_src/openssl/bignum.py @@ -10,22 +10,22 @@ INCLUDES = """ TYPES = """ typedef ... BN_CTX; -typedef ... BN_MONT_CTX; +typedef ... BN_MONT_CTX; typedef ... BIGNUM; typedef int... BN_ULONG; """ FUNCTIONS = """ -#define BN_FLG_CONSTTIME ... - -void BN_set_flags(BIGNUM *, int); - +#define BN_FLG_CONSTTIME ... + +void BN_set_flags(BIGNUM *, int); + BIGNUM *BN_new(void); void BN_free(BIGNUM *); -void BN_clear_free(BIGNUM *); +void BN_clear_free(BIGNUM *); + +int BN_rand_range(BIGNUM *, const BIGNUM *); -int BN_rand_range(BIGNUM *, const BIGNUM *); - BN_CTX *BN_CTX_new(void); void BN_CTX_free(BN_CTX *); @@ -33,10 +33,10 @@ void BN_CTX_start(BN_CTX *); BIGNUM *BN_CTX_get(BN_CTX *); void BN_CTX_end(BN_CTX *); -BN_MONT_CTX *BN_MONT_CTX_new(void); -int BN_MONT_CTX_set(BN_MONT_CTX *, const BIGNUM *, BN_CTX *); -void BN_MONT_CTX_free(BN_MONT_CTX *); - +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_MONT_CTX_set(BN_MONT_CTX *, const BIGNUM *, BN_CTX *); +void BN_MONT_CTX_free(BN_MONT_CTX *); + BIGNUM *BN_dup(const BIGNUM *); int BN_set_word(BIGNUM *, BN_ULONG); @@ -52,7 +52,7 @@ BIGNUM *BN_bin2bn(const unsigned char *, int, BIGNUM *); int BN_num_bits(const BIGNUM *); int BN_cmp(const BIGNUM *, const BIGNUM *); -int BN_is_negative(const BIGNUM *); +int BN_is_negative(const BIGNUM *); int BN_add(BIGNUM *, const BIGNUM *, const BIGNUM *); int BN_sub(BIGNUM *, const BIGNUM *, const BIGNUM *); int BN_nnmod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); @@ -64,21 +64,21 @@ int BN_mod_mul(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); int BN_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -int BN_mod_exp_mont(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *, BN_MONT_CTX *); -int BN_mod_exp_mont_consttime(BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +int BN_mod_exp_mont(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); +int BN_mod_exp_mont_consttime(BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, BN_CTX *, BN_MONT_CTX *); BIGNUM *BN_mod_inverse(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); int BN_num_bytes(const BIGNUM *); int BN_mod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); -/* The following 3 prime methods are exposed for Tribler. */ -int BN_generate_prime_ex(BIGNUM *, int, int, const BIGNUM *, - const BIGNUM *, BN_GENCB *); -int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, BN_GENCB *); -const int BN_prime_checks_for_size(int); +/* The following 3 prime methods are exposed for Tribler. */ +int BN_generate_prime_ex(BIGNUM *, int, int, const BIGNUM *, + const BIGNUM *, BN_GENCB *); +int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, BN_GENCB *); +const int BN_prime_checks_for_size(int); """ CUSTOMIZATIONS = """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/bio.py b/contrib/python/cryptography/_cffi_src/openssl/bio.py index e2a589eec9..52d57c6228 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/bio.py +++ b/contrib/python/cryptography/_cffi_src/openssl/bio.py @@ -9,15 +9,15 @@ INCLUDES = """ """ TYPES = """ -typedef ... BIO; +typedef ... BIO; typedef ... BIO_METHOD; """ FUNCTIONS = """ int BIO_free(BIO *); -void BIO_free_all(BIO *); +void BIO_free_all(BIO *); BIO *BIO_new_file(const char *, const char *); -BIO *BIO_new_dgram(int, int); +BIO *BIO_new_dgram(int, int); size_t BIO_ctrl_pending(BIO *); int BIO_read(BIO *, void *, int); int BIO_gets(BIO *, char *, int); @@ -27,8 +27,8 @@ int BIO_up_ref(BIO *); BIO *BIO_new(BIO_METHOD *); BIO_METHOD *BIO_s_mem(void); -BIO_METHOD *BIO_s_datagram(void); -BIO *BIO_new_mem_buf(const void *, int); +BIO_METHOD *BIO_s_datagram(void); +BIO *BIO_new_mem_buf(const void *, int); long BIO_set_mem_eof_return(BIO *, int); long BIO_get_mem_data(BIO *, char **); int BIO_should_read(BIO *); diff --git a/contrib/python/cryptography/_cffi_src/openssl/callbacks.py b/contrib/python/cryptography/_cffi_src/openssl/callbacks.py index f50a9b4e8e..19301b973a 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/callbacks.py +++ b/contrib/python/cryptography/_cffi_src/openssl/callbacks.py @@ -5,48 +5,48 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ -#include <string.h> +#include <string.h> """ TYPES = """ -typedef struct { - char *password; - int length; - int called; - int error; - int maxsize; -} CRYPTOGRAPHY_PASSWORD_DATA; +typedef struct { + char *password; + int length; + int called; + int error; + int maxsize; +} CRYPTOGRAPHY_PASSWORD_DATA; """ FUNCTIONS = """ -int Cryptography_pem_password_cb(char *, int, int, void *); +int Cryptography_pem_password_cb(char *, int, int, void *); """ CUSTOMIZATIONS = """ -typedef struct { - char *password; - int length; - int called; - int error; - int maxsize; -} CRYPTOGRAPHY_PASSWORD_DATA; - -int Cryptography_pem_password_cb(char *buf, int size, - int rwflag, void *userdata) { - /* The password cb is only invoked if OpenSSL decides the private - key is encrypted. So this path only occurs if it needs a password */ - CRYPTOGRAPHY_PASSWORD_DATA *st = (CRYPTOGRAPHY_PASSWORD_DATA *)userdata; - st->called += 1; - st->maxsize = size; - if (st->length == 0) { - st->error = -1; - return 0; - } else if (st->length < size) { - memcpy(buf, st->password, st->length); - return st->length; - } else { - st->error = -2; - return 0; - } -} +typedef struct { + char *password; + int length; + int called; + int error; + int maxsize; +} CRYPTOGRAPHY_PASSWORD_DATA; + +int Cryptography_pem_password_cb(char *buf, int size, + int rwflag, void *userdata) { + /* The password cb is only invoked if OpenSSL decides the private + key is encrypted. So this path only occurs if it needs a password */ + CRYPTOGRAPHY_PASSWORD_DATA *st = (CRYPTOGRAPHY_PASSWORD_DATA *)userdata; + st->called += 1; + st->maxsize = size; + if (st->length == 0) { + st->error = -1; + return 0; + } else if (st->length < size) { + memcpy(buf, st->password, st->length); + return st->length; + } else { + st->error = -2; + return 0; + } +} """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/cmac.py b/contrib/python/cryptography/_cffi_src/openssl/cmac.py index 68e0a989aa..557abd1ca8 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/cmac.py +++ b/contrib/python/cryptography/_cffi_src/openssl/cmac.py @@ -5,7 +5,7 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ -#if !defined(OPENSSL_NO_CMAC) +#if !defined(OPENSSL_NO_CMAC) #include <openssl/cmac.h> #endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/crypto.py b/contrib/python/cryptography/_cffi_src/openssl/crypto.py index f8936cb679..6064a4eeea 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/crypto.py +++ b/contrib/python/cryptography/_cffi_src/openssl/crypto.py @@ -9,8 +9,8 @@ INCLUDES = """ """ TYPES = """ -static const long Cryptography_HAS_MEM_FUNCTIONS; -static const long Cryptography_HAS_OPENSSL_CLEANUP; +static const long Cryptography_HAS_MEM_FUNCTIONS; +static const long Cryptography_HAS_OPENSSL_CLEANUP; static const int SSLEAY_VERSION; static const int SSLEAY_CFLAGS; @@ -25,7 +25,7 @@ static const int OPENSSL_DIR; """ FUNCTIONS = """ -void OPENSSL_cleanup(void); +void OPENSSL_cleanup(void); /* SSLeay was removed in 1.1.0 */ unsigned long SSLeay(void); @@ -35,19 +35,19 @@ unsigned long OpenSSL_version_num(void); const char *OpenSSL_version(int); /* this is a macro in 1.1.0 */ -void *OPENSSL_malloc(size_t); +void *OPENSSL_malloc(size_t); void OPENSSL_free(void *); - -/* Signature changed significantly in 1.1.0, only expose there for sanity */ -int Cryptography_CRYPTO_set_mem_functions( - void *(*)(size_t, const char *, int), - void *(*)(void *, size_t, const char *, int), - void (*)(void *, const char *, int)); - -void *Cryptography_malloc_wrapper(size_t, const char *, int); -void *Cryptography_realloc_wrapper(void *, size_t, const char *, int); -void Cryptography_free_wrapper(void *, const char *, int); + +/* Signature changed significantly in 1.1.0, only expose there for sanity */ +int Cryptography_CRYPTO_set_mem_functions( + void *(*)(size_t, const char *, int), + void *(*)(void *, size_t, const char *, int), + void (*)(void *, const char *, int)); + +void *Cryptography_malloc_wrapper(size_t, const char *, int); +void *Cryptography_realloc_wrapper(void *, size_t, const char *, int); +void Cryptography_free_wrapper(void *, const char *, int); """ CUSTOMIZATIONS = """ @@ -74,44 +74,44 @@ CUSTOMIZATIONS = """ # define OPENSSL_PLATFORM SSLEAY_PLATFORM # define OPENSSL_DIR SSLEAY_DIR #endif - -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_OPENSSL_CLEANUP = 0; - -void (*OPENSSL_cleanup)(void) = NULL; - -/* This function has a significantly different signature pre-1.1.0. since it is - * for testing only, we don't bother to expose it on older OpenSSLs. - */ -static const long Cryptography_HAS_MEM_FUNCTIONS = 0; -int (*Cryptography_CRYPTO_set_mem_functions)( - void *(*)(size_t, const char *, int), - void *(*)(void *, size_t, const char *, int), - void (*)(void *, const char *, int)) = NULL; - -#else -static const long Cryptography_HAS_OPENSSL_CLEANUP = 1; -static const long Cryptography_HAS_MEM_FUNCTIONS = 1; - -int Cryptography_CRYPTO_set_mem_functions( - void *(*m)(size_t, const char *, int), - void *(*r)(void *, size_t, const char *, int), - void (*f)(void *, const char *, int) -) { - return CRYPTO_set_mem_functions(m, r, f); -} + +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_OPENSSL_CLEANUP = 0; + +void (*OPENSSL_cleanup)(void) = NULL; + +/* This function has a significantly different signature pre-1.1.0. since it is + * for testing only, we don't bother to expose it on older OpenSSLs. + */ +static const long Cryptography_HAS_MEM_FUNCTIONS = 0; +int (*Cryptography_CRYPTO_set_mem_functions)( + void *(*)(size_t, const char *, int), + void *(*)(void *, size_t, const char *, int), + void (*)(void *, const char *, int)) = NULL; + +#else +static const long Cryptography_HAS_OPENSSL_CLEANUP = 1; +static const long Cryptography_HAS_MEM_FUNCTIONS = 1; + +int Cryptography_CRYPTO_set_mem_functions( + void *(*m)(size_t, const char *, int), + void *(*r)(void *, size_t, const char *, int), + void (*f)(void *, const char *, int) +) { + return CRYPTO_set_mem_functions(m, r, f); +} #endif - -void *Cryptography_malloc_wrapper(size_t size, const char *path, int line) { - return malloc(size); -} - -void *Cryptography_realloc_wrapper(void *ptr, size_t size, const char *path, - int line) { - return realloc(ptr, size); -} - -void Cryptography_free_wrapper(void *ptr, const char *path, int line) { - free(ptr); -} + +void *Cryptography_malloc_wrapper(size_t size, const char *path, int line) { + return malloc(size); +} + +void *Cryptography_realloc_wrapper(void *ptr, size_t size, const char *path, + int line) { + return realloc(ptr, size); +} + +void Cryptography_free_wrapper(void *ptr, const char *path, int line) { + free(ptr); +} """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/cryptography.py b/contrib/python/cryptography/_cffi_src/openssl/cryptography.py index ca8ee5e09b..f24bee5a4f 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/cryptography.py +++ b/contrib/python/cryptography/_cffi_src/openssl/cryptography.py @@ -5,59 +5,59 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ -/* define our OpenSSL API compatibility level to 1.0.1. Any symbols older than - that will raise an error during compilation. We can raise this number again - after we drop 1.0.2 support in the distant future. */ -#define OPENSSL_API_COMPAT 0x10001000L - +/* define our OpenSSL API compatibility level to 1.0.1. Any symbols older than + that will raise an error during compilation. We can raise this number again + after we drop 1.0.2 support in the distant future. */ +#define OPENSSL_API_COMPAT 0x10001000L + #include <openssl/opensslv.h> - - -#if defined(LIBRESSL_VERSION_NUMBER) -#define CRYPTOGRAPHY_IS_LIBRESSL 1 -#else -#define CRYPTOGRAPHY_IS_LIBRESSL 0 -#endif - + + +#if defined(LIBRESSL_VERSION_NUMBER) +#define CRYPTOGRAPHY_IS_LIBRESSL 1 +#else +#define CRYPTOGRAPHY_IS_LIBRESSL 0 +#endif + /* LibreSSL removed e_os2.h from the public headers so we'll only include it if we're using vanilla OpenSSL. */ -#if !CRYPTOGRAPHY_IS_LIBRESSL +#if !CRYPTOGRAPHY_IS_LIBRESSL #include <openssl/e_os2.h> #endif #if defined(_WIN32) -#define WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN #include <windows.h> -#include <Wincrypt.h> -#include <Winsock2.h> +#include <Wincrypt.h> +#include <Winsock2.h> #endif -#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) +#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ + (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ - (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \ - (OPENSSL_VERSION_NUMBER < 0x10101000 || CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B \ - (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL) -#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \ - (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL) -#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \ - !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING) -#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1 -#else -#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 0 -#endif +#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ + (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) +#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \ + (OPENSSL_VERSION_NUMBER < 0x10101000 || CRYPTOGRAPHY_IS_LIBRESSL) +#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B \ + (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL) +#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \ + (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL) +#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \ + !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING) +#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1 +#else +#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 0 +#endif """ TYPES = """ -static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; +static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER; -static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; -static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; -static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE; +static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111; +static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B; +static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE; static const int CRYPTOGRAPHY_IS_LIBRESSL; """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/ct.py b/contrib/python/cryptography/_cffi_src/openssl/ct.py index 6dc2513285..5f0670635f 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/ct.py +++ b/contrib/python/cryptography/_cffi_src/openssl/ct.py @@ -1,118 +1,118 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#if CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER && !defined(OPENSSL_NO_CT) -#include <openssl/ct.h> - -typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT; -#endif -""" - -TYPES = """ -static const long Cryptography_HAS_SCT; - -typedef enum { - SCT_VERSION_NOT_SET, - SCT_VERSION_V1 -} sct_version_t; - -typedef enum { - CT_LOG_ENTRY_TYPE_NOT_SET, - CT_LOG_ENTRY_TYPE_X509, - CT_LOG_ENTRY_TYPE_PRECERT -} ct_log_entry_type_t; - -typedef enum { - SCT_SOURCE_UNKNOWN, - SCT_SOURCE_TLS_EXTENSION, - SCT_SOURCE_X509V3_EXTENSION, - SCT_SOURCE_OCSP_STAPLED_RESPONSE -} sct_source_t; - -typedef ... SCT; -typedef ... Cryptography_STACK_OF_SCT; -""" - -FUNCTIONS = """ -sct_version_t SCT_get_version(const SCT *); - -ct_log_entry_type_t SCT_get_log_entry_type(const SCT *); - -size_t SCT_get0_log_id(const SCT *, unsigned char **); - -size_t SCT_get0_signature(const SCT *, unsigned char **); - -uint64_t SCT_get_timestamp(const SCT *); - -int SCT_set_source(SCT *, sct_source_t); - -Cryptography_STACK_OF_SCT *sk_SCT_new_null(void); -void sk_SCT_free(Cryptography_STACK_OF_SCT *); -int sk_SCT_num(const Cryptography_STACK_OF_SCT *); -SCT *sk_SCT_value(const Cryptography_STACK_OF_SCT *, int); -int sk_SCT_push(Cryptography_STACK_OF_SCT *, SCT *); - -void SCT_LIST_free(Cryptography_STACK_OF_SCT *); - -SCT *SCT_new(void); -int SCT_set1_log_id(SCT *, unsigned char *, size_t); -void SCT_set_timestamp(SCT *, uint64_t); -int SCT_set_version(SCT *, sct_version_t); -int SCT_set_log_entry_type(SCT *, ct_log_entry_type_t); -""" - -CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER && !defined(OPENSSL_NO_CT) -static const long Cryptography_HAS_SCT = 1; -#else -static const long Cryptography_HAS_SCT = 0; - -typedef enum { - SCT_VERSION_NOT_SET, - SCT_VERSION_V1 -} sct_version_t; -typedef enum { - CT_LOG_ENTRY_TYPE_NOT_SET, - CT_LOG_ENTRY_TYPE_X509, - CT_LOG_ENTRY_TYPE_PRECERT -} ct_log_entry_type_t; -typedef enum { - SCT_SOURCE_UNKNOWN, - SCT_SOURCE_TLS_EXTENSION, - SCT_SOURCE_X509V3_EXTENSION, - SCT_SOURCE_OCSP_STAPLED_RESPONSE -} sct_source_t; - -/* OpenSSL compiled with `no-ct` still defines the `SCT` struct. */ -#if !defined(OPENSSL_NO_CT) -typedef void SCT; -#endif - -typedef void Cryptography_STACK_OF_SCT; - -sct_version_t (*SCT_get_version)(const SCT *) = NULL; -ct_log_entry_type_t (*SCT_get_log_entry_type)(const SCT *) = NULL; -size_t (*SCT_get0_log_id)(const SCT *, unsigned char **) = NULL; -size_t (*SCT_get0_signature)(const SCT *, unsigned char **) = NULL; -uint64_t (*SCT_get_timestamp)(const SCT *) = NULL; - -int (*SCT_set_source)(SCT *, sct_source_t) = NULL; - -Cryptography_STACK_OF_SCT *(*sk_SCT_new_null)(void) = NULL; -void (*sk_SCT_free)(Cryptography_STACK_OF_SCT *) = NULL; -int (*sk_SCT_num)(const Cryptography_STACK_OF_SCT *) = NULL; -SCT *(*sk_SCT_value)(const Cryptography_STACK_OF_SCT *, int) = NULL; -int (*sk_SCT_push)(Cryptography_STACK_OF_SCT *, SCT *) = NULL; - -void (*SCT_LIST_free)(Cryptography_STACK_OF_SCT *) = NULL; -SCT *(*SCT_new)(void) = NULL; -int (*SCT_set1_log_id)(SCT *, unsigned char *, size_t) = NULL; -void (*SCT_set_timestamp)(SCT *, uint64_t) = NULL; -int (*SCT_set_version)(SCT *, sct_version_t) = NULL; -int (*SCT_set_log_entry_type)(SCT *, ct_log_entry_type_t) = NULL; -#endif -""" +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +INCLUDES = """ +#if CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER && !defined(OPENSSL_NO_CT) +#include <openssl/ct.h> + +typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT; +#endif +""" + +TYPES = """ +static const long Cryptography_HAS_SCT; + +typedef enum { + SCT_VERSION_NOT_SET, + SCT_VERSION_V1 +} sct_version_t; + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET, + CT_LOG_ENTRY_TYPE_X509, + CT_LOG_ENTRY_TYPE_PRECERT +} ct_log_entry_type_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef ... SCT; +typedef ... Cryptography_STACK_OF_SCT; +""" + +FUNCTIONS = """ +sct_version_t SCT_get_version(const SCT *); + +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *); + +size_t SCT_get0_log_id(const SCT *, unsigned char **); + +size_t SCT_get0_signature(const SCT *, unsigned char **); + +uint64_t SCT_get_timestamp(const SCT *); + +int SCT_set_source(SCT *, sct_source_t); + +Cryptography_STACK_OF_SCT *sk_SCT_new_null(void); +void sk_SCT_free(Cryptography_STACK_OF_SCT *); +int sk_SCT_num(const Cryptography_STACK_OF_SCT *); +SCT *sk_SCT_value(const Cryptography_STACK_OF_SCT *, int); +int sk_SCT_push(Cryptography_STACK_OF_SCT *, SCT *); + +void SCT_LIST_free(Cryptography_STACK_OF_SCT *); + +SCT *SCT_new(void); +int SCT_set1_log_id(SCT *, unsigned char *, size_t); +void SCT_set_timestamp(SCT *, uint64_t); +int SCT_set_version(SCT *, sct_version_t); +int SCT_set_log_entry_type(SCT *, ct_log_entry_type_t); +""" + +CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER && !defined(OPENSSL_NO_CT) +static const long Cryptography_HAS_SCT = 1; +#else +static const long Cryptography_HAS_SCT = 0; + +typedef enum { + SCT_VERSION_NOT_SET, + SCT_VERSION_V1 +} sct_version_t; +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET, + CT_LOG_ENTRY_TYPE_X509, + CT_LOG_ENTRY_TYPE_PRECERT +} ct_log_entry_type_t; +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +/* OpenSSL compiled with `no-ct` still defines the `SCT` struct. */ +#if !defined(OPENSSL_NO_CT) +typedef void SCT; +#endif + +typedef void Cryptography_STACK_OF_SCT; + +sct_version_t (*SCT_get_version)(const SCT *) = NULL; +ct_log_entry_type_t (*SCT_get_log_entry_type)(const SCT *) = NULL; +size_t (*SCT_get0_log_id)(const SCT *, unsigned char **) = NULL; +size_t (*SCT_get0_signature)(const SCT *, unsigned char **) = NULL; +uint64_t (*SCT_get_timestamp)(const SCT *) = NULL; + +int (*SCT_set_source)(SCT *, sct_source_t) = NULL; + +Cryptography_STACK_OF_SCT *(*sk_SCT_new_null)(void) = NULL; +void (*sk_SCT_free)(Cryptography_STACK_OF_SCT *) = NULL; +int (*sk_SCT_num)(const Cryptography_STACK_OF_SCT *) = NULL; +SCT *(*sk_SCT_value)(const Cryptography_STACK_OF_SCT *, int) = NULL; +int (*sk_SCT_push)(Cryptography_STACK_OF_SCT *, SCT *) = NULL; + +void (*SCT_LIST_free)(Cryptography_STACK_OF_SCT *) = NULL; +SCT *(*SCT_new)(void) = NULL; +int (*SCT_set1_log_id)(SCT *, unsigned char *, size_t) = NULL; +void (*SCT_set_timestamp)(SCT *, uint64_t) = NULL; +int (*SCT_set_version)(SCT *, sct_version_t) = NULL; +int (*SCT_set_log_entry_type)(SCT *, ct_log_entry_type_t) = NULL; +#endif +""" diff --git a/contrib/python/cryptography/_cffi_src/openssl/dh.py b/contrib/python/cryptography/_cffi_src/openssl/dh.py index 5afb06e36b..947a5a8ee0 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/dh.py +++ b/contrib/python/cryptography/_cffi_src/openssl/dh.py @@ -10,8 +10,8 @@ INCLUDES = """ TYPES = """ typedef ... DH; - -const long DH_NOT_SUITABLE_GENERATOR; + +const long DH_NOT_SUITABLE_GENERATOR; """ FUNCTIONS = """ @@ -29,138 +29,138 @@ int DH_set0_pqg(DH *, BIGNUM *, BIGNUM *, BIGNUM *); void DH_get0_key(const DH *, const BIGNUM **, const BIGNUM **); int DH_set0_key(DH *, BIGNUM *, BIGNUM *); -int Cryptography_DH_check(const DH *, int *); +int Cryptography_DH_check(const DH *, int *); int DH_generate_parameters_ex(DH *, int, int, BN_GENCB *); -DH *d2i_DHparams_bio(BIO *, DH **); -int i2d_DHparams_bio(BIO *, DH *); -DH *Cryptography_d2i_DHxparams_bio(BIO *bp, DH **x); -int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x); +DH *d2i_DHparams_bio(BIO *, DH **); +int i2d_DHparams_bio(BIO *, DH *); +DH *Cryptography_d2i_DHxparams_bio(BIO *bp, DH **x); +int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_LIBRESSL -#ifndef DH_CHECK_Q_NOT_PRIME -#define DH_CHECK_Q_NOT_PRIME 0x10 -#endif - -#ifndef DH_CHECK_INVALID_Q_VALUE -#define DH_CHECK_INVALID_Q_VALUE 0x20 -#endif - -#ifndef DH_CHECK_INVALID_J_VALUE -#define DH_CHECK_INVALID_J_VALUE 0x40 -#endif - -/* DH_check implementation taken from OpenSSL 1.1.0pre6 */ - -/*- - * Check that p is a safe prime and - * if g is 2, 3 or 5, check that it is a suitable generator - * where - * for 2, p mod 24 == 11 - * for 3, p mod 12 == 5 - * for 5, p mod 10 == 3 or 7 - * should hold. - */ - -int Cryptography_DH_check(const DH *dh, int *ret) -{ - int ok = 0, r; - BN_CTX *ctx = NULL; - BN_ULONG l; - BIGNUM *t1 = NULL, *t2 = NULL; - - *ret = 0; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - if (t1 == NULL) - goto err; - t2 = BN_CTX_get(ctx); - if (t2 == NULL) - goto err; - - if (dh->q) { - if (BN_cmp(dh->g, BN_value_one()) <= 0) - *ret |= DH_NOT_SUITABLE_GENERATOR; - else if (BN_cmp(dh->g, dh->p) >= 0) - *ret |= DH_NOT_SUITABLE_GENERATOR; - else { - /* Check g^q == 1 mod p */ - if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) - goto err; - if (!BN_is_one(t1)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } - r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); - if (r < 0) - goto err; - if (!r) - *ret |= DH_CHECK_Q_NOT_PRIME; - /* Check p == 1 mod q i.e. q divides p - 1 */ - if (!BN_div(t1, t2, dh->p, dh->q, ctx)) - goto err; - if (!BN_is_one(t2)) - *ret |= DH_CHECK_INVALID_Q_VALUE; - if (dh->j && BN_cmp(dh->j, t1)) - *ret |= DH_CHECK_INVALID_J_VALUE; - - } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { - l = BN_mod_word(dh->p, 24); - if (l == (BN_ULONG)-1) - goto err; - if (l != 11) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { - l = BN_mod_word(dh->p, 10); - if (l == (BN_ULONG)-1) - goto err; - if ((l != 3) && (l != 7)) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } else - *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - - r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); - if (r < 0) - goto err; - if (!r) - *ret |= DH_CHECK_P_NOT_PRIME; - else if (!dh->q) { - if (!BN_rshift1(t1, dh->p)) - goto err; - r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); - if (r < 0) - goto err; - if (!r) - *ret |= DH_CHECK_P_NOT_SAFE_PRIME; - } - ok = 1; - err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return (ok); -} -#else -int Cryptography_DH_check(const DH *dh, int *ret) { - return DH_check(dh, ret); -} -#endif - -/* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */ -/* Define our own to simplify support across all versions. */ -#if defined(EVP_PKEY_DHX) && EVP_PKEY_DHX != -1 -DH *Cryptography_d2i_DHxparams_bio(BIO *bp, DH **x) { - return ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x); -} -int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x) { - return ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x); -} -#else -DH *(*Cryptography_d2i_DHxparams_bio)(BIO *bp, DH **x) = NULL; -int (*Cryptography_i2d_DHxparams_bio)(BIO *bp, DH *x) = NULL; -#endif +#if CRYPTOGRAPHY_IS_LIBRESSL +#ifndef DH_CHECK_Q_NOT_PRIME +#define DH_CHECK_Q_NOT_PRIME 0x10 +#endif + +#ifndef DH_CHECK_INVALID_Q_VALUE +#define DH_CHECK_INVALID_Q_VALUE 0x20 +#endif + +#ifndef DH_CHECK_INVALID_J_VALUE +#define DH_CHECK_INVALID_J_VALUE 0x40 +#endif + +/* DH_check implementation taken from OpenSSL 1.1.0pre6 */ + +/*- + * Check that p is a safe prime and + * if g is 2, 3 or 5, check that it is a suitable generator + * where + * for 2, p mod 24 == 11 + * for 3, p mod 12 == 5 + * for 5, p mod 10 == 3 or 7 + * should hold. + */ + +int Cryptography_DH_check(const DH *dh, int *ret) +{ + int ok = 0, r; + BN_CTX *ctx = NULL; + BN_ULONG l; + BIGNUM *t1 = NULL, *t2 = NULL; + + *ret = 0; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + if (t1 == NULL) + goto err; + t2 = BN_CTX_get(ctx); + if (t2 == NULL) + goto err; + + if (dh->q) { + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else if (BN_cmp(dh->g, dh->p) >= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else { + /* Check g^q == 1 mod p */ + if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) + goto err; + if (!BN_is_one(t1)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } + r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) + *ret |= DH_CHECK_Q_NOT_PRIME; + /* Check p == 1 mod q i.e. q divides p - 1 */ + if (!BN_div(t1, t2, dh->p, dh->q, ctx)) + goto err; + if (!BN_is_one(t2)) + *ret |= DH_CHECK_INVALID_Q_VALUE; + if (dh->j && BN_cmp(dh->j, t1)) + *ret |= DH_CHECK_INVALID_J_VALUE; + + } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { + l = BN_mod_word(dh->p, 24); + if (l == (BN_ULONG)-1) + goto err; + if (l != 11) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { + l = BN_mod_word(dh->p, 10); + if (l == (BN_ULONG)-1) + goto err; + if ((l != 3) && (l != 7)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } else + *ret |= DH_UNABLE_TO_CHECK_GENERATOR; + + r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) + *ret |= DH_CHECK_P_NOT_PRIME; + else if (!dh->q) { + if (!BN_rshift1(t1, dh->p)) + goto err; + r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); + if (r < 0) + goto err; + if (!r) + *ret |= DH_CHECK_P_NOT_SAFE_PRIME; + } + ok = 1; + err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return (ok); +} +#else +int Cryptography_DH_check(const DH *dh, int *ret) { + return DH_check(dh, ret); +} +#endif + +/* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */ +/* Define our own to simplify support across all versions. */ +#if defined(EVP_PKEY_DHX) && EVP_PKEY_DHX != -1 +DH *Cryptography_d2i_DHxparams_bio(BIO *bp, DH **x) { + return ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x); +} +int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x) { + return ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x); +} +#else +DH *(*Cryptography_d2i_DHxparams_bio)(BIO *bp, DH **x) = NULL; +int (*Cryptography_i2d_DHxparams_bio)(BIO *bp, DH *x) = NULL; +#endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/ec.py b/contrib/python/cryptography/_cffi_src/openssl/ec.py index 5361430c00..6432fc22e9 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/ec.py +++ b/contrib/python/cryptography/_cffi_src/openssl/ec.py @@ -104,12 +104,12 @@ int EC_POINT_mul(const EC_GROUP *, EC_POINT *, const BIGNUM *, int EC_METHOD_get_field_type(const EC_METHOD *); const char *EC_curve_nid2nist(int); - -int EC_GROUP_get_asn1_flag(const EC_GROUP *); + +int EC_GROUP_get_asn1_flag(const EC_GROUP *); """ CUSTOMIZATIONS = """ -#if defined(OPENSSL_NO_EC2M) +#if defined(OPENSSL_NO_EC2M) static const long Cryptography_HAS_EC2M = 0; int (*EC_POINT_set_affine_coordinates_GF2m)(const EC_GROUP *, EC_POINT *, diff --git a/contrib/python/cryptography/_cffi_src/openssl/ecdh.py b/contrib/python/cryptography/_cffi_src/openssl/ecdh.py index f2bf7eaaf5..c73cc9f36f 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/ecdh.py +++ b/contrib/python/cryptography/_cffi_src/openssl/ecdh.py @@ -14,7 +14,7 @@ TYPES = """ FUNCTIONS = """ int ECDH_compute_key(void *, size_t, const EC_POINT *, EC_KEY *, void *(*)(const void *, size_t, void *, size_t *)); -long SSL_CTX_set_ecdh_auto(SSL_CTX *, int); +long SSL_CTX_set_ecdh_auto(SSL_CTX *, int); """ CUSTOMIZATIONS = """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/engine.py b/contrib/python/cryptography/_cffi_src/openssl/engine.py index a390d99e33..24cdd42a83 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/engine.py +++ b/contrib/python/cryptography/_cffi_src/openssl/engine.py @@ -10,9 +10,9 @@ INCLUDES = """ TYPES = """ typedef ... ENGINE; -typedef ... UI_METHOD; +typedef ... UI_METHOD; -static const long Cryptography_HAS_ENGINE; +static const long Cryptography_HAS_ENGINE; """ FUNCTIONS = """ @@ -26,40 +26,40 @@ int ENGINE_ctrl_cmd(ENGINE *, const char *, long, void *, void (*)(void), int); int ENGINE_free(ENGINE *); const char *ENGINE_get_name(const ENGINE *); -// These bindings are unused by cryptography or pyOpenSSL but are present -// for advanced users who need them. -int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); -void ENGINE_load_builtin_engines(void); -EVP_PKEY *ENGINE_load_private_key(ENGINE *, const char *, UI_METHOD *, void *); -EVP_PKEY *ENGINE_load_public_key(ENGINE *, const char *, UI_METHOD *, void *); +// These bindings are unused by cryptography or pyOpenSSL but are present +// for advanced users who need them. +int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int); +void ENGINE_load_builtin_engines(void); +EVP_PKEY *ENGINE_load_private_key(ENGINE *, const char *, UI_METHOD *, void *); +EVP_PKEY *ENGINE_load_public_key(ENGINE *, const char *, UI_METHOD *, void *); """ -CUSTOMIZATIONS = """ -#ifdef OPENSSL_NO_ENGINE -static const long Cryptography_HAS_ENGINE = 0; +CUSTOMIZATIONS = """ +#ifdef OPENSSL_NO_ENGINE +static const long Cryptography_HAS_ENGINE = 0; -ENGINE *(*ENGINE_by_id)(const char *) = NULL; -int (*ENGINE_init)(ENGINE *) = NULL; -int (*ENGINE_finish)(ENGINE *) = NULL; -ENGINE *(*ENGINE_get_default_RAND)(void) = NULL; -int (*ENGINE_set_default_RAND)(ENGINE *) = NULL; -void (*ENGINE_unregister_RAND)(ENGINE *) = NULL; -int (*ENGINE_ctrl_cmd)(ENGINE *, const char *, long, void *, - void (*)(void), int) = NULL; +ENGINE *(*ENGINE_by_id)(const char *) = NULL; +int (*ENGINE_init)(ENGINE *) = NULL; +int (*ENGINE_finish)(ENGINE *) = NULL; +ENGINE *(*ENGINE_get_default_RAND)(void) = NULL; +int (*ENGINE_set_default_RAND)(ENGINE *) = NULL; +void (*ENGINE_unregister_RAND)(ENGINE *) = NULL; +int (*ENGINE_ctrl_cmd)(ENGINE *, const char *, long, void *, + void (*)(void), int) = NULL; + +int (*ENGINE_free)(ENGINE *) = NULL; +const char *(*ENGINE_get_id)(const ENGINE *) = NULL; +const char *(*ENGINE_get_name)(const ENGINE *) = NULL; + +int (*ENGINE_ctrl_cmd_string)(ENGINE *, const char *, const char *, + int) = NULL; +void (*ENGINE_load_builtin_engines)(void) = NULL; +EVP_PKEY *(*ENGINE_load_private_key)(ENGINE *, const char *, UI_METHOD *, + void *) = NULL; +EVP_PKEY *(*ENGINE_load_public_key)(ENGINE *, const char *, + UI_METHOD *, void *) = NULL; -int (*ENGINE_free)(ENGINE *) = NULL; -const char *(*ENGINE_get_id)(const ENGINE *) = NULL; -const char *(*ENGINE_get_name)(const ENGINE *) = NULL; - -int (*ENGINE_ctrl_cmd_string)(ENGINE *, const char *, const char *, - int) = NULL; -void (*ENGINE_load_builtin_engines)(void) = NULL; -EVP_PKEY *(*ENGINE_load_private_key)(ENGINE *, const char *, UI_METHOD *, - void *) = NULL; -EVP_PKEY *(*ENGINE_load_public_key)(ENGINE *, const char *, - UI_METHOD *, void *) = NULL; - #else -static const long Cryptography_HAS_ENGINE = 1; +static const long Cryptography_HAS_ENGINE = 1; #endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/err.py b/contrib/python/cryptography/_cffi_src/openssl/err.py index b0c1a0f618..0dd7414674 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/err.py +++ b/contrib/python/cryptography/_cffi_src/openssl/err.py @@ -9,13 +9,13 @@ INCLUDES = """ """ TYPES = """ -static const int EVP_F_EVP_ENCRYPTFINAL_EX; -static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; -static const int EVP_R_BAD_DECRYPT; -static const int EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM; -static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR; -static const int PEM_R_UNSUPPORTED_ENCRYPTION; -static const int EVP_R_UNKNOWN_PBE_ALGORITHM; +static const int EVP_F_EVP_ENCRYPTFINAL_EX; +static const int EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH; +static const int EVP_R_BAD_DECRYPT; +static const int EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM; +static const int PKCS12_R_PKCS12_CIPHERFINAL_ERROR; +static const int PEM_R_UNSUPPORTED_ENCRYPTION; +static const int EVP_R_UNKNOWN_PBE_ALGORITHM; static const int ERR_LIB_EVP; static const int ERR_LIB_PEM; diff --git a/contrib/python/cryptography/_cffi_src/openssl/evp.py b/contrib/python/cryptography/_cffi_src/openssl/evp.py index 8dfb05cb8b..ab7cfeb395 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/evp.py +++ b/contrib/python/cryptography/_cffi_src/openssl/evp.py @@ -19,24 +19,24 @@ typedef ... EVP_PKEY_CTX; static const int EVP_PKEY_RSA; static const int EVP_PKEY_DSA; static const int EVP_PKEY_DH; -static const int EVP_PKEY_DHX; +static const int EVP_PKEY_DHX; static const int EVP_PKEY_EC; -static const int EVP_PKEY_X25519; -static const int EVP_PKEY_ED25519; -static const int EVP_PKEY_X448; -static const int EVP_PKEY_ED448; -static const int EVP_PKEY_POLY1305; +static const int EVP_PKEY_X25519; +static const int EVP_PKEY_ED25519; +static const int EVP_PKEY_X448; +static const int EVP_PKEY_ED448; +static const int EVP_PKEY_POLY1305; static const int EVP_MAX_MD_SIZE; -static const int EVP_CTRL_AEAD_SET_IVLEN; -static const int EVP_CTRL_AEAD_GET_TAG; -static const int EVP_CTRL_AEAD_SET_TAG; +static const int EVP_CTRL_AEAD_SET_IVLEN; +static const int EVP_CTRL_AEAD_GET_TAG; +static const int EVP_CTRL_AEAD_SET_TAG; static const int Cryptography_HAS_SCRYPT; -static const int Cryptography_HAS_EVP_PKEY_DHX; -static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint; -static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY; -static const long Cryptography_HAS_RAW_KEY; -static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF; +static const int Cryptography_HAS_EVP_PKEY_DHX; +static const int Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint; +static const int Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY; +static const long Cryptography_HAS_RAW_KEY; +static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF; """ FUNCTIONS = """ @@ -57,7 +57,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *); int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *); int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t); int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *); -int EVP_DigestFinalXOF(EVP_MD_CTX *, unsigned char *, size_t); +int EVP_DigestFinalXOF(EVP_MD_CTX *, unsigned char *, size_t); const EVP_MD *EVP_get_digestbyname(const char *); EVP_PKEY *EVP_PKEY_new(void); @@ -82,14 +82,14 @@ int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t); int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int, EVP_PKEY *); -int EVP_DigestSignInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, - ENGINE *, EVP_PKEY *); -int EVP_DigestSignUpdate(EVP_MD_CTX *, const void *, size_t); -int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *); -int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, - ENGINE *, EVP_PKEY *); +int EVP_DigestSignInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, + ENGINE *, EVP_PKEY *); +int EVP_DigestSignUpdate(EVP_MD_CTX *, const void *, size_t); +int EVP_DigestSignFinal(EVP_MD_CTX *, unsigned char *, size_t *); +int EVP_DigestVerifyInit(EVP_MD_CTX *, EVP_PKEY_CTX **, const EVP_MD *, + ENGINE *, EVP_PKEY *); + - EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *, ENGINE *); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int, ENGINE *); @@ -101,9 +101,9 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *, unsigned char *, size_t *, int EVP_PKEY_verify_init(EVP_PKEY_CTX *); int EVP_PKEY_verify(EVP_PKEY_CTX *, const unsigned char *, size_t, const unsigned char *, size_t); -int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *); -int EVP_PKEY_verify_recover(EVP_PKEY_CTX *, unsigned char *, - size_t *, const unsigned char *, size_t); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *, unsigned char *, + size_t *, const unsigned char *, size_t); int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *); int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *); @@ -113,31 +113,31 @@ int EVP_PKEY_set1_DH(EVP_PKEY *, DH *); int EVP_PKEY_cmp(const EVP_PKEY *, const EVP_PKEY *); -int EVP_PKEY_keygen_init(EVP_PKEY_CTX *); -int EVP_PKEY_keygen(EVP_PKEY_CTX *, EVP_PKEY **); -int EVP_PKEY_derive_init(EVP_PKEY_CTX *); -int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *, EVP_PKEY *); -int EVP_PKEY_derive(EVP_PKEY_CTX *, unsigned char *, size_t *); -int EVP_PKEY_set_type(EVP_PKEY *, int); - +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *); +int EVP_PKEY_keygen(EVP_PKEY_CTX *, EVP_PKEY **); +int EVP_PKEY_derive_init(EVP_PKEY_CTX *); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *, EVP_PKEY *); +int EVP_PKEY_derive(EVP_PKEY_CTX *, unsigned char *, size_t *); +int EVP_PKEY_set_type(EVP_PKEY *, int); + int EVP_PKEY_id(const EVP_PKEY *); int Cryptography_EVP_PKEY_id(const EVP_PKEY *); -EVP_MD_CTX *EVP_MD_CTX_new(void); -void EVP_MD_CTX_free(EVP_MD_CTX *); -/* Backwards compat aliases for pyOpenSSL */ +EVP_MD_CTX *EVP_MD_CTX_new(void); +void EVP_MD_CTX_free(EVP_MD_CTX *); +/* Backwards compat aliases for pyOpenSSL */ EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void); void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *); - -/* Added in 1.1.1 */ -int EVP_DigestSign(EVP_MD_CTX *, unsigned char *, size_t *, - const unsigned char *, size_t); -int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, - const unsigned char *, size_t); -/* Added in 1.1.0 */ -size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *, unsigned char **); -int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *, const unsigned char *, - size_t); + +/* Added in 1.1.1 */ +int EVP_DigestSign(EVP_MD_CTX *, unsigned char *, size_t *, + const unsigned char *, size_t); +int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, + const unsigned char *, size_t); +/* Added in 1.1.0 */ +size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *, unsigned char **); +int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *, const unsigned char *, + size_t); /* EVP_PKEY * became const in 1.1.0 */ int EVP_PKEY_bits(EVP_PKEY *); @@ -158,21 +158,21 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *, const EVP_MD *); int EVP_PBE_scrypt(const char *, size_t, const unsigned char *, size_t, uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, size_t); - -EVP_PKEY *EVP_PKEY_new_raw_private_key(int, ENGINE *, const unsigned char *, - size_t); -EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, - size_t); -int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *); -int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); + +EVP_PKEY *EVP_PKEY_new_raw_private_key(int, ENGINE *, const unsigned char *, + size_t); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, + size_t); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *, unsigned char *, size_t *); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); """ CUSTOMIZATIONS = """ -#ifdef EVP_PKEY_DHX -const long Cryptography_HAS_EVP_PKEY_DHX = 1; +#ifdef EVP_PKEY_DHX +const long Cryptography_HAS_EVP_PKEY_DHX = 1; #else -const long Cryptography_HAS_EVP_PKEY_DHX = 0; -const long EVP_PKEY_DHX = -1; +const long Cryptography_HAS_EVP_PKEY_DHX = 0; +const long EVP_PKEY_DHX = -1; #endif int Cryptography_EVP_PKEY_id(const EVP_PKEY *key) { @@ -181,11 +181,11 @@ int Cryptography_EVP_PKEY_id(const EVP_PKEY *key) { EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) { return EVP_MD_CTX_new(); } -void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *md) { - EVP_MD_CTX_free(md); +void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *md) { + EVP_MD_CTX_free(md); } - -#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_SCRYPT) + +#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_SCRYPT) static const long Cryptography_HAS_SCRYPT = 0; int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, @@ -193,80 +193,80 @@ int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, #else static const long Cryptography_HAS_SCRYPT = 1; #endif - -#if !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 1; -#else -static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0; -size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL; -int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, - size_t) = NULL; -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; -static const long Cryptography_HAS_RAW_KEY = 0; -static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; -int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; -int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, - const unsigned char *tbs, size_t) = NULL; -int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, - const unsigned char *, size_t) = NULL; -EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, - size_t) = NULL; -EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, - size_t) = NULL; -int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, - size_t *) = NULL; -int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, - size_t *) = NULL; -#else -static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; -static const long Cryptography_HAS_RAW_KEY = 1; -static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; -#endif - -/* OpenSSL 1.1.0+ does this define for us, but if not present we'll do it */ -#if !defined(EVP_CTRL_AEAD_SET_IVLEN) -# define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -#endif -#if !defined(EVP_CTRL_AEAD_GET_TAG) -# define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG -#endif -#if !defined(EVP_CTRL_AEAD_SET_TAG) -# define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG -#endif - -/* This is tied to X25519 support so we reuse the Cryptography_HAS_X25519 - conditional to remove it. OpenSSL 1.1.0 didn't have this define, but - 1.1.1 will when it is released. We can remove this in the distant - future when we drop 1.1.0 support. */ -#ifndef EVP_PKEY_X25519 -#define EVP_PKEY_X25519 NID_X25519 -#endif - -/* This is tied to X448 support so we reuse the Cryptography_HAS_X448 - conditional to remove it. OpenSSL 1.1.1 adds this define. We can remove - this in the distant future when we drop 1.1.0 support. */ -#ifndef EVP_PKEY_X448 -#define EVP_PKEY_X448 NID_X448 -#endif - -/* This is tied to ED25519 support so we reuse the Cryptography_HAS_ED25519 - conditional to remove it. */ -#ifndef EVP_PKEY_ED25519 -#define EVP_PKEY_ED25519 NID_ED25519 -#endif - -/* This is tied to ED448 support so we reuse the Cryptography_HAS_ED448 - conditional to remove it. */ -#ifndef EVP_PKEY_ED448 -#define EVP_PKEY_ED448 NID_ED448 -#endif - -/* This is tied to poly1305 support so we reuse the Cryptography_HAS_POLY1305 - conditional to remove it. */ -#ifndef EVP_PKEY_POLY1305 -#define EVP_PKEY_POLY1305 NID_poly1305 -#endif + +#if !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 1; +#else +static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0; +size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL; +int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, + size_t) = NULL; +#endif + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 +static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; +static const long Cryptography_HAS_RAW_KEY = 0; +static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; +int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; +int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, + const unsigned char *tbs, size_t) = NULL; +int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, + const unsigned char *, size_t) = NULL; +EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, + size_t) = NULL; +EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, + size_t) = NULL; +int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, + size_t *) = NULL; +int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, + size_t *) = NULL; +#else +static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; +static const long Cryptography_HAS_RAW_KEY = 1; +static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; +#endif + +/* OpenSSL 1.1.0+ does this define for us, but if not present we'll do it */ +#if !defined(EVP_CTRL_AEAD_SET_IVLEN) +# define EVP_CTRL_AEAD_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN +#endif +#if !defined(EVP_CTRL_AEAD_GET_TAG) +# define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG +#endif +#if !defined(EVP_CTRL_AEAD_SET_TAG) +# define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG +#endif + +/* This is tied to X25519 support so we reuse the Cryptography_HAS_X25519 + conditional to remove it. OpenSSL 1.1.0 didn't have this define, but + 1.1.1 will when it is released. We can remove this in the distant + future when we drop 1.1.0 support. */ +#ifndef EVP_PKEY_X25519 +#define EVP_PKEY_X25519 NID_X25519 +#endif + +/* This is tied to X448 support so we reuse the Cryptography_HAS_X448 + conditional to remove it. OpenSSL 1.1.1 adds this define. We can remove + this in the distant future when we drop 1.1.0 support. */ +#ifndef EVP_PKEY_X448 +#define EVP_PKEY_X448 NID_X448 +#endif + +/* This is tied to ED25519 support so we reuse the Cryptography_HAS_ED25519 + conditional to remove it. */ +#ifndef EVP_PKEY_ED25519 +#define EVP_PKEY_ED25519 NID_ED25519 +#endif + +/* This is tied to ED448 support so we reuse the Cryptography_HAS_ED448 + conditional to remove it. */ +#ifndef EVP_PKEY_ED448 +#define EVP_PKEY_ED448 NID_ED448 +#endif + +/* This is tied to poly1305 support so we reuse the Cryptography_HAS_POLY1305 + conditional to remove it. */ +#ifndef EVP_PKEY_POLY1305 +#define EVP_PKEY_POLY1305 NID_poly1305 +#endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/fips.py b/contrib/python/cryptography/_cffi_src/openssl/fips.py index f15281416b..c92bca494b 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/fips.py +++ b/contrib/python/cryptography/_cffi_src/openssl/fips.py @@ -1,28 +1,28 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -INCLUDES = """ -#include <openssl/crypto.h> -""" - -TYPES = """ -static const long Cryptography_HAS_FIPS; -""" - -FUNCTIONS = """ -int FIPS_mode_set(int); -int FIPS_mode(void); -""" - -CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_FIPS = 0; -int (*FIPS_mode_set)(int) = NULL; -int (*FIPS_mode)(void) = NULL; -#else -static const long Cryptography_HAS_FIPS = 1; -#endif -""" +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +INCLUDES = """ +#include <openssl/crypto.h> +""" + +TYPES = """ +static const long Cryptography_HAS_FIPS; +""" + +FUNCTIONS = """ +int FIPS_mode_set(int); +int FIPS_mode(void); +""" + +CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_FIPS = 0; +int (*FIPS_mode_set)(int) = NULL; +int (*FIPS_mode)(void) = NULL; +#else +static const long Cryptography_HAS_FIPS = 1; +#endif +""" diff --git a/contrib/python/cryptography/_cffi_src/openssl/hmac.py b/contrib/python/cryptography/_cffi_src/openssl/hmac.py index 1619f5a3d6..2e0e33ffe3 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/hmac.py +++ b/contrib/python/cryptography/_cffi_src/openssl/hmac.py @@ -18,8 +18,8 @@ int HMAC_Update(HMAC_CTX *, const unsigned char *, size_t); int HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *); int HMAC_CTX_copy(HMAC_CTX *, HMAC_CTX *); -HMAC_CTX *HMAC_CTX_new(void); -void HMAC_CTX_free(HMAC_CTX *ctx); +HMAC_CTX *HMAC_CTX_new(void); +void HMAC_CTX_free(HMAC_CTX *ctx); """ CUSTOMIZATIONS = """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/nid.py b/contrib/python/cryptography/_cffi_src/openssl/nid.py index f52110be32..9ef88cdbbd 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/nid.py +++ b/contrib/python/cryptography/_cffi_src/openssl/nid.py @@ -9,44 +9,44 @@ INCLUDES = """ """ TYPES = """ -static const int Cryptography_HAS_ED448; -static const int Cryptography_HAS_ED25519; -static const int Cryptography_HAS_POLY1305; - +static const int Cryptography_HAS_ED448; +static const int Cryptography_HAS_ED25519; +static const int Cryptography_HAS_POLY1305; + static const int NID_undef; static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -static const int NID_X25519; -static const int NID_X448; -static const int NID_ED25519; -static const int NID_ED448; -static const int NID_poly1305; +static const int NID_X25519; +static const int NID_X448; +static const int NID_ED25519; +static const int NID_ED448; +static const int NID_poly1305; static const int NID_subject_alt_name; static const int NID_crl_reason; - -static const int NID_pkcs7_signed; + +static const int NID_pkcs7_signed; """ FUNCTIONS = """ """ CUSTOMIZATIONS = """ -#ifndef NID_ED25519 -static const long Cryptography_HAS_ED25519 = 0; -static const int NID_ED25519 = 0; -#else -static const long Cryptography_HAS_ED25519 = 1; -#endif -#ifndef NID_ED448 -static const long Cryptography_HAS_ED448 = 0; -static const int NID_ED448 = 0; -#else -static const long Cryptography_HAS_ED448 = 1; -#endif -#ifndef NID_poly1305 -static const long Cryptography_HAS_POLY1305 = 0; -static const int NID_poly1305 = 0; -#else -static const long Cryptography_HAS_POLY1305 = 1; -#endif +#ifndef NID_ED25519 +static const long Cryptography_HAS_ED25519 = 0; +static const int NID_ED25519 = 0; +#else +static const long Cryptography_HAS_ED25519 = 1; +#endif +#ifndef NID_ED448 +static const long Cryptography_HAS_ED448 = 0; +static const int NID_ED448 = 0; +#else +static const long Cryptography_HAS_ED448 = 1; +#endif +#ifndef NID_poly1305 +static const long Cryptography_HAS_POLY1305 = 0; +static const int NID_poly1305 = 0; +#else +static const long Cryptography_HAS_POLY1305 = 1; +#endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/objects.py b/contrib/python/cryptography/_cffi_src/openssl/objects.py index 87710f07f2..236903d986 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/objects.py +++ b/contrib/python/cryptography/_cffi_src/openssl/objects.py @@ -9,14 +9,14 @@ INCLUDES = """ """ TYPES = """ -typedef struct { - int type; - int alias; - const char *name; - const char *data; -} OBJ_NAME; - -static const long OBJ_NAME_TYPE_MD_METH; +typedef struct { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; + +static const long OBJ_NAME_TYPE_MD_METH; """ FUNCTIONS = """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/ocsp.py b/contrib/python/cryptography/_cffi_src/openssl/ocsp.py index 85fa7e9317..c3d034c2c4 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/ocsp.py +++ b/contrib/python/cryptography/_cffi_src/openssl/ocsp.py @@ -15,24 +15,24 @@ typedef ... OCSP_RESPONSE; typedef ... OCSP_BASICRESP; typedef ... OCSP_SINGLERESP; typedef ... OCSP_CERTID; -typedef ... OCSP_RESPDATA; -static const long OCSP_NOCERTS; -static const long OCSP_RESPID_KEY; +typedef ... OCSP_RESPDATA; +static const long OCSP_NOCERTS; +static const long OCSP_RESPID_KEY; """ FUNCTIONS = """ int OCSP_response_status(OCSP_RESPONSE *); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *); int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *); -const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *); -Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs(const OCSP_BASICRESP *); -const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( - const OCSP_BASICRESP *); -const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *); -int OCSP_resp_get0_id(const OCSP_BASICRESP *, const ASN1_OCTET_STRING **, - const X509_NAME **); -const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *); -const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *); +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *); +Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs(const OCSP_BASICRESP *); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( + const OCSP_BASICRESP *); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *); +int OCSP_resp_get0_id(const OCSP_BASICRESP *, const ASN1_OCTET_STRING **, + const X509_NAME **); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *); X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *, int); int OCSP_resp_count(OCSP_BASICRESP *); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *, int); @@ -42,14 +42,14 @@ X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *, int); int OCSP_single_get0_status(OCSP_SINGLERESP *, int *, ASN1_GENERALIZEDTIME **, ASN1_GENERALIZEDTIME **, ASN1_GENERALIZEDTIME **); -int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *); -X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *, int); +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *, int); int OCSP_request_onereq_count(OCSP_REQUEST *); OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *, int); OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *); -OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *, OCSP_CERTID *); -OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *, const X509 *, const X509 *); -void OCSP_CERTID_free(OCSP_CERTID *); +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *, OCSP_CERTID *); +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *, const X509 *, const X509 *); +void OCSP_CERTID_free(OCSP_CERTID *); OCSP_BASICRESP *OCSP_BASICRESP_new(void); @@ -58,109 +58,109 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *, OCSP_CERTID *, int, int, ASN1_TIME *, ASN1_TIME *, ASN1_TIME *); int OCSP_basic_add1_cert(OCSP_BASICRESP *, X509 *); -int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *, X509_EXTENSION *, int); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *, X509_EXTENSION *, int); int OCSP_basic_sign(OCSP_BASICRESP *, X509 *, EVP_PKEY *, const EVP_MD *, Cryptography_STACK_OF_X509 *, unsigned long); OCSP_RESPONSE *OCSP_response_create(int, OCSP_BASICRESP *); -void OCSP_RESPONSE_free(OCSP_RESPONSE *); +void OCSP_RESPONSE_free(OCSP_RESPONSE *); OCSP_REQUEST *OCSP_REQUEST_new(void); void OCSP_REQUEST_free(OCSP_REQUEST *); -int OCSP_REQUEST_add_ext(OCSP_REQUEST *, X509_EXTENSION *, int); -int OCSP_id_get0_info(ASN1_OCTET_STRING **, ASN1_OBJECT **, - ASN1_OCTET_STRING **, ASN1_INTEGER **, OCSP_CERTID *); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *, X509_EXTENSION *, int); +int OCSP_id_get0_info(ASN1_OCTET_STRING **, ASN1_OBJECT **, + ASN1_OCTET_STRING **, ASN1_INTEGER **, OCSP_CERTID *); OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *, OCSP_REQUEST **); OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *, OCSP_RESPONSE **); int i2d_OCSP_REQUEST_bio(BIO *, OCSP_REQUEST *); int i2d_OCSP_RESPONSE_bio(BIO *, OCSP_RESPONSE *); -int i2d_OCSP_RESPDATA(OCSP_RESPDATA *, unsigned char **); +int i2d_OCSP_RESPDATA(OCSP_RESPDATA *, unsigned char **); """ CUSTOMIZATIONS = """ -#if ( \ - !CRYPTOGRAPHY_IS_LIBRESSL && \ - CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ - ) -/* These structs come from ocsp_lcl.h and are needed to de-opaque the struct - for the getters in OpenSSL 1.1.0 through 1.1.0i */ -struct ocsp_responder_id_st { - int type; - union { - X509_NAME *byName; - ASN1_OCTET_STRING *byKey; - } value; -}; -struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -}; -struct ocsp_basic_response_st { - OCSP_RESPDATA tbsResponseData; - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; -#endif - -#if CRYPTOGRAPHY_IS_LIBRESSL -/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */ -const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) -{ - return single->certId; -} -const Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs( - const OCSP_BASICRESP *bs) -{ - return bs->certs; -} -int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, - const ASN1_OCTET_STRING **pid, - const X509_NAME **pname) -{ - const OCSP_RESPID *rid = bs->tbsResponseData->responderId; - - if (rid->type == V_OCSP_RESPID_NAME) { - *pname = rid->value.byName; - *pid = NULL; - } else if (rid->type == V_OCSP_RESPID_KEY) { - *pid = rid->value.byKey; - *pname = NULL; - } else { - return 0; - } - return 1; -} -const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( - const OCSP_BASICRESP* bs) -{ - return bs->tbsResponseData->producedAt; -} -const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) -{ - return bs->signature; -} -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J -const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) -{ -#if CRYPTOGRAPHY_IS_LIBRESSL - return bs->signatureAlgorithm; -#else - return &bs->signatureAlgorithm; -#endif -} - -const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) -{ -#if CRYPTOGRAPHY_IS_LIBRESSL - return bs->tbsResponseData; -#else - return &bs->tbsResponseData; -#endif -} -#endif +#if ( \ + !CRYPTOGRAPHY_IS_LIBRESSL && \ + CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ + ) +/* These structs come from ocsp_lcl.h and are needed to de-opaque the struct + for the getters in OpenSSL 1.1.0 through 1.1.0i */ +struct ocsp_responder_id_st { + int type; + union { + X509_NAME *byName; + ASN1_OCTET_STRING *byKey; + } value; +}; +struct ocsp_response_data_st { + ASN1_INTEGER *version; + OCSP_RESPID responderId; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(OCSP_SINGLERESP) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; +}; +struct ocsp_basic_response_st { + OCSP_RESPDATA tbsResponseData; + X509_ALGOR signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +}; +#endif + +#if CRYPTOGRAPHY_IS_LIBRESSL +/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */ +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) +{ + return single->certId; +} +const Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs( + const OCSP_BASICRESP *bs) +{ + return bs->certs; +} +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, + const X509_NAME **pname) +{ + const OCSP_RESPID *rid = bs->tbsResponseData->responderId; + + if (rid->type == V_OCSP_RESPID_NAME) { + *pname = rid->value.byName; + *pid = NULL; + } else if (rid->type == V_OCSP_RESPID_KEY) { + *pid = rid->value.byKey; + *pname = NULL; + } else { + return 0; + } + return 1; +} +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( + const OCSP_BASICRESP* bs) +{ + return bs->tbsResponseData->producedAt; +} +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) +{ + return bs->signature; +} +#endif + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) +{ +#if CRYPTOGRAPHY_IS_LIBRESSL + return bs->signatureAlgorithm; +#else + return &bs->signatureAlgorithm; +#endif +} + +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) +{ +#if CRYPTOGRAPHY_IS_LIBRESSL + return bs->tbsResponseData; +#else + return &bs->tbsResponseData; +#endif +} +#endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/osrandom_engine.py b/contrib/python/cryptography/_cffi_src/openssl/osrandom_engine.py index 01541d8106..ed1068ef8a 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/osrandom_engine.py +++ b/contrib/python/cryptography/_cffi_src/openssl/osrandom_engine.py @@ -1,24 +1,24 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import absolute_import, division, print_function - -import os - -HERE = os.path.dirname(os.path.abspath(__file__)) - -with open(os.path.join(HERE, "src/osrandom_engine.h")) as f: - INCLUDES = f.read() - -TYPES = """ -static const char *const Cryptography_osrandom_engine_name; -static const char *const Cryptography_osrandom_engine_id; -""" - -FUNCTIONS = """ -int Cryptography_add_osrandom_engine(void); -""" - -with open(os.path.join(HERE, "src/osrandom_engine.c")) as f: - CUSTOMIZATIONS = f.read() +# This file is dual licensed under the terms of the Apache License, Version +# 2.0, and the BSD License. See the LICENSE file in the root of this repository +# for complete details. + +from __future__ import absolute_import, division, print_function + +import os + +HERE = os.path.dirname(os.path.abspath(__file__)) + +with open(os.path.join(HERE, "src/osrandom_engine.h")) as f: + INCLUDES = f.read() + +TYPES = """ +static const char *const Cryptography_osrandom_engine_name; +static const char *const Cryptography_osrandom_engine_id; +""" + +FUNCTIONS = """ +int Cryptography_add_osrandom_engine(void); +""" + +with open(os.path.join(HERE, "src/osrandom_engine.c")) as f: + CUSTOMIZATIONS = f.read() diff --git a/contrib/python/cryptography/_cffi_src/openssl/pem.py b/contrib/python/cryptography/_cffi_src/openssl/pem.py index 3346d39bf3..3f279c4fff 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/pem.py +++ b/contrib/python/cryptography/_cffi_src/openssl/pem.py @@ -65,11 +65,11 @@ int PEM_write_bio_ECPrivateKey(BIO *, EC_KEY *, const EVP_CIPHER *, unsigned char *, int, pem_password_cb *, void *); int PEM_write_bio_DHparams(BIO *, DH *); -int PEM_write_bio_DHxparams(BIO *, DH *); +int PEM_write_bio_DHxparams(BIO *, DH *); """ CUSTOMIZATIONS = """ -#if !defined(EVP_PKEY_DHX) || EVP_PKEY_DHX == -1 -int (*PEM_write_bio_DHxparams)(BIO *, DH *) = NULL; +#if !defined(EVP_PKEY_DHX) || EVP_PKEY_DHX == -1 +int (*PEM_write_bio_DHxparams)(BIO *, DH *) = NULL; #endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/pkcs7.py b/contrib/python/cryptography/_cffi_src/openssl/pkcs7.py index 8f754377e4..c22263dfe6 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/pkcs7.py +++ b/contrib/python/cryptography/_cffi_src/openssl/pkcs7.py @@ -24,7 +24,7 @@ typedef struct { typedef ... PKCS7_DIGEST; typedef ... PKCS7_ENCRYPT; typedef ... PKCS7_ENVELOPE; -typedef ... PKCS7_SIGNER_INFO; +typedef ... PKCS7_SIGNER_INFO; typedef struct { ASN1_OBJECT *type; @@ -52,23 +52,23 @@ static const int PKCS7_NOSMIMECAP; static const int PKCS7_NOVERIFY; static const int PKCS7_STREAM; static const int PKCS7_TEXT; -static const int PKCS7_PARTIAL; +static const int PKCS7_PARTIAL; """ FUNCTIONS = """ void PKCS7_free(PKCS7 *); PKCS7 *PKCS7_sign(X509 *, EVP_PKEY *, Cryptography_STACK_OF_X509 *, - BIO *, int); -int SMIME_write_PKCS7(BIO *, PKCS7 *, BIO *, int); -int PEM_write_bio_PKCS7_stream(BIO *, PKCS7 *, BIO *, int); -PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *, X509 *, EVP_PKEY *, - const EVP_MD *, int); -int PKCS7_final(PKCS7 *, BIO *, int); -/* Included verify due to external consumer, see - https://github.com/pyca/cryptography/issues/5433 */ + BIO *, int); +int SMIME_write_PKCS7(BIO *, PKCS7 *, BIO *, int); +int PEM_write_bio_PKCS7_stream(BIO *, PKCS7 *, BIO *, int); +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *, X509 *, EVP_PKEY *, + const EVP_MD *, int); +int PKCS7_final(PKCS7 *, BIO *, int); +/* Included verify due to external consumer, see + https://github.com/pyca/cryptography/issues/5433 */ int PKCS7_verify(PKCS7 *, Cryptography_STACK_OF_X509 *, X509_STORE *, BIO *, BIO *, int); -PKCS7 *SMIME_read_PKCS7(BIO *, BIO **); +PKCS7 *SMIME_read_PKCS7(BIO *, BIO **); int PKCS7_type_is_signed(PKCS7 *); int PKCS7_type_is_enveloped(PKCS7 *); diff --git a/contrib/python/cryptography/_cffi_src/openssl/rand.py b/contrib/python/cryptography/_cffi_src/openssl/rand.py index 40e1477fb0..1bc2ec0bc3 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/rand.py +++ b/contrib/python/cryptography/_cffi_src/openssl/rand.py @@ -9,11 +9,11 @@ INCLUDES = """ """ TYPES = """ -typedef ... RAND_METHOD; +typedef ... RAND_METHOD; """ FUNCTIONS = """ -int RAND_set_rand_method(const RAND_METHOD *); +int RAND_set_rand_method(const RAND_METHOD *); void RAND_add(const void *, int, double); int RAND_status(void); int RAND_bytes(unsigned char *, int); diff --git a/contrib/python/cryptography/_cffi_src/openssl/rsa.py b/contrib/python/cryptography/_cffi_src/openssl/rsa.py index 5e6a65dc0b..92b8fa4600 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/rsa.py +++ b/contrib/python/cryptography/_cffi_src/openssl/rsa.py @@ -18,7 +18,7 @@ static const int RSA_PKCS1_PSS_PADDING; static const int RSA_F4; static const int Cryptography_HAS_RSA_OAEP_MD; -static const int Cryptography_HAS_RSA_OAEP_LABEL; +static const int Cryptography_HAS_RSA_OAEP_LABEL; """ FUNCTIONS = """ @@ -42,20 +42,20 @@ void RSA_get0_crt_params(const RSA *, const BIGNUM **, const BIGNUM **, int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *, int); int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *, int); int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *, EVP_MD *); -int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *, unsigned char *, int); +int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *, unsigned char *, int); int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *, EVP_MD *); """ CUSTOMIZATIONS = """ -#if !CRYPTOGRAPHY_IS_LIBRESSL +#if !CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_RSA_OAEP_MD = 1; -static const long Cryptography_HAS_RSA_OAEP_LABEL = 1; +static const long Cryptography_HAS_RSA_OAEP_LABEL = 1; #else static const long Cryptography_HAS_RSA_OAEP_MD = 0; -static const long Cryptography_HAS_RSA_OAEP_LABEL = 0; +static const long Cryptography_HAS_RSA_OAEP_LABEL = 0; int (*EVP_PKEY_CTX_set_rsa_oaep_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL; -int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *, - int) = NULL; -#endif +int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *, + int) = NULL; +#endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.c b/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.c index fb765b1c02..a84857b86d 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.c +++ b/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.c @@ -1,660 +1,660 @@ -/* osurandom engine - * - * Windows CryptGenRandom() - * macOS >= 10.12 getentropy() - * OpenBSD 5.6+ getentropy() - * other BSD getentropy() if SYS_getentropy is defined - * Linux 3.17+ getrandom() with fallback to /dev/urandom - * other /dev/urandom with cached fd - * - * The /dev/urandom, getrandom and getentropy code is derived from Python's - * Python/random.c, written by Antoine Pitrou and Victor Stinner. - * - * Copyright 2001-2016 Python Software Foundation; All Rights Reserved. - */ - -#ifdef __linux__ -#include <poll.h> -#endif - -#if CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE -/* OpenSSL has ENGINE support and is older than 1.1.1d (the first version that - * properly implements fork safety in its RNG) so build the engine. */ -static const char *Cryptography_osrandom_engine_id = "osrandom"; - -/**************************************************************************** - * Windows - */ -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM -static const char *Cryptography_osrandom_engine_name = "osrandom_engine CryptGenRandom()"; -static HCRYPTPROV hCryptProv = 0; - -static int osrandom_init(ENGINE *e) { - if (hCryptProv != 0) { - return 1; - } - if (CryptAcquireContext(&hCryptProv, NULL, NULL, - PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { - return 1; - } else { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_INIT, - CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT, - __FILE__, __LINE__ - ); - return 0; - } -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - if (hCryptProv == 0) { - return 0; - } - - if (!CryptGenRandom(hCryptProv, (DWORD)size, buffer)) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM, - __FILE__, __LINE__ - ); - return 0; - } - return 1; -} - -static int osrandom_finish(ENGINE *e) { - if (CryptReleaseContext(hCryptProv, 0)) { - hCryptProv = 0; - return 1; - } else { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_FINISH, - CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT, - __FILE__, __LINE__ - ); - return 0; - } -} - -static int osrandom_rand_status(void) { - return hCryptProv != 0; -} - -static const char *osurandom_get_implementation(void) { - return "CryptGenRandom"; -} - -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM */ - -/**************************************************************************** - * /dev/urandom helpers for all non-BSD Unix platforms - */ -#ifdef CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM - -static struct { - int fd; - dev_t st_dev; - ino_t st_ino; -} urandom_cache = { -1 }; - -static int open_cloexec(const char *path) { - int open_flags = O_RDONLY; -#ifdef O_CLOEXEC - open_flags |= O_CLOEXEC; -#endif - - int fd = open(path, open_flags); - if (fd == -1) { - return -1; - } - -#ifndef O_CLOEXEC - int flags = fcntl(fd, F_GETFD); - if (flags == -1) { - return -1; - } - if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) { - return -1; - } -#endif - return fd; -} - -#ifdef __linux__ -/* On Linux, we open("/dev/random") and use poll() to wait until it's readable - * before we read from /dev/urandom, this ensures that we don't read from - * /dev/urandom before the kernel CSPRNG is initialized. This isn't necessary on - * other platforms because they don't have the same _bug_ as Linux does with - * /dev/urandom and early boot. */ -static int wait_on_devrandom(void) { - struct pollfd pfd = {}; - int ret = 0; - int random_fd = open_cloexec("/dev/random"); - if (random_fd < 0) { - return -1; - } - pfd.fd = random_fd; - pfd.events = POLLIN; - pfd.revents = 0; - do { - ret = poll(&pfd, 1, -1); - } while (ret < 0 && (errno == EINTR || errno == EAGAIN)); - close(random_fd); - return ret; -} -#endif - -/* return -1 on error */ -static int dev_urandom_fd(void) { - int fd = -1; - struct stat st; - - /* Check that fd still points to the correct device */ - if (urandom_cache.fd >= 0) { - if (fstat(urandom_cache.fd, &st) - || st.st_dev != urandom_cache.st_dev - || st.st_ino != urandom_cache.st_ino) { - /* Somebody replaced our FD. Invalidate our cache but don't - * close the fd. */ - urandom_cache.fd = -1; - } - } - if (urandom_cache.fd < 0) { -#ifdef __linux__ - if (wait_on_devrandom() < 0) { - goto error; - } -#endif - - fd = open_cloexec("/dev/urandom"); - if (fd < 0) { - goto error; - } - if (fstat(fd, &st)) { - goto error; - } - /* Another thread initialized the fd */ - if (urandom_cache.fd >= 0) { - close(fd); - return urandom_cache.fd; - } - urandom_cache.st_dev = st.st_dev; - urandom_cache.st_ino = st.st_ino; - urandom_cache.fd = fd; - } - return urandom_cache.fd; - - error: - if (fd != -1) { - close(fd); - } - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD, - CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED, - __FILE__, __LINE__ - ); - return -1; -} - -static int dev_urandom_read(unsigned char *buffer, int size) { - int fd; - int n; - - fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - - while (size > 0) { - do { - n = (int)read(fd, buffer, (size_t)size); - } while (n < 0 && errno == EINTR); - - if (n <= 0) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ, - CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED, - __FILE__, __LINE__ - ); - return 0; - } - buffer += n; - size -= n; - } - return 1; -} - -static void dev_urandom_close(void) { - if (urandom_cache.fd >= 0) { - int fd; - struct stat st; - - if (fstat(urandom_cache.fd, &st) - && st.st_dev == urandom_cache.st_dev - && st.st_ino == urandom_cache.st_ino) { - fd = urandom_cache.fd; - urandom_cache.fd = -1; - close(fd); - } - } -} -#endif /* CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM */ - -/**************************************************************************** - * BSD getentropy - */ -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY -static const char *Cryptography_osrandom_engine_name = "osrandom_engine getentropy()"; - -static int getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_NOT_INIT; - -static int osrandom_init(ENGINE *e) { -#if !defined(__APPLE__) - getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS; -#else - if (__builtin_available(macOS 10.12, *)) { - getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS; - } else { - getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK; - int fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - } -#endif - return 1; -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - int len; - int res; - - switch(getentropy_works) { -#if defined(__APPLE__) - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK: - return dev_urandom_read(buffer, size); -#endif - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: - while (size > 0) { - /* OpenBSD and macOS restrict maximum buffer size to 256. */ - len = size > 256 ? 256 : size; -/* on mac, availability is already checked using `__builtin_available` above */ -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wunguarded-availability" - res = getentropy(buffer, (size_t)len); -#pragma clang diagnostic pop - if (res < 0) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED, - __FILE__, __LINE__ - ); - return 0; - } - buffer += len; - size -= len; - } - return 1; - } - __builtin_unreachable(); -} - -static int osrandom_finish(ENGINE *e) { - return 1; -} - -static int osrandom_rand_status(void) { - return 1; -} - -static const char *osurandom_get_implementation(void) { - switch(getentropy_works) { - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK: - return "/dev/urandom"; - case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: - return "getentropy"; - } - __builtin_unreachable(); -} -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY */ - -/**************************************************************************** - * Linux getrandom engine with fallback to dev_urandom - */ - -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM -static const char *Cryptography_osrandom_engine_name = "osrandom_engine getrandom()"; - -static int getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT; - -static int osrandom_init(ENGINE *e) { - /* We try to detect working getrandom until we succeed. */ - if (getrandom_works != CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS) { - long n; - char dest[1]; - /* if the kernel CSPRNG is not initialized this will block */ - n = syscall(SYS_getrandom, dest, sizeof(dest), 0); - if (n == sizeof(dest)) { - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS; - } else { - int e = errno; - switch(e) { - case ENOSYS: - /* Fallback: Kernel does not support the syscall. */ - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK; - break; - case EPERM: - /* Fallback: seccomp prevents syscall */ - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK; - break; - default: - /* EINTR cannot occur for buflen < 256. */ - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_INIT, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED, - "errno", e - ); - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED; - break; - } - } - } - - /* fallback to dev urandom */ - if (getrandom_works == CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK) { - int fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - } - return 1; -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - long n; - - switch(getrandom_works) { - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED, - __FILE__, __LINE__ - ); - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT, - __FILE__, __LINE__ - ); - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: - return dev_urandom_read(buffer, size); - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: - while (size > 0) { - do { - n = syscall(SYS_getrandom, buffer, size, 0); - } while (n < 0 && errno == EINTR); - - if (n <= 0) { - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED, - __FILE__, __LINE__ - ); - return 0; - } - buffer += n; - size -= (int)n; - } - return 1; - } - __builtin_unreachable(); -} - -static int osrandom_finish(ENGINE *e) { - dev_urandom_close(); - return 1; -} - -static int osrandom_rand_status(void) { - switch(getrandom_works) { - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: - return 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: - return urandom_cache.fd >= 0; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: - return 1; - } - __builtin_unreachable(); -} - -static const char *osurandom_get_implementation(void) { - switch(getrandom_works) { - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: - return "<failed>"; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: - return "<not initialized>"; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: - return "/dev/urandom"; - case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: - return "getrandom"; - } - __builtin_unreachable(); -} -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM */ - -/**************************************************************************** - * dev_urandom engine for all remaining platforms - */ - -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM -static const char *Cryptography_osrandom_engine_name = "osrandom_engine /dev/urandom"; - -static int osrandom_init(ENGINE *e) { - int fd = dev_urandom_fd(); - if (fd < 0) { - return 0; - } - return 1; -} - -static int osrandom_rand_bytes(unsigned char *buffer, int size) { - return dev_urandom_read(buffer, size); -} - -static int osrandom_finish(ENGINE *e) { - dev_urandom_close(); - return 1; -} - -static int osrandom_rand_status(void) { - return urandom_cache.fd >= 0; -} - -static const char *osurandom_get_implementation(void) { - return "/dev/urandom"; -} -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM */ - -/**************************************************************************** - * ENGINE boiler plate - */ - -/* This replicates the behavior of the OpenSSL FIPS RNG, which returns a - -1 in the event that there is an error when calling RAND_pseudo_bytes. */ -static int osrandom_pseudo_rand_bytes(unsigned char *buffer, int size) { - int res = osrandom_rand_bytes(buffer, size); - if (res == 0) { - return -1; - } else { - return res; - } -} - -static RAND_METHOD osrandom_rand = { - NULL, - osrandom_rand_bytes, - NULL, - NULL, - osrandom_pseudo_rand_bytes, - osrandom_rand_status, -}; - -static const ENGINE_CMD_DEFN osrandom_cmd_defns[] = { - {CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION, - "get_implementation", - "Get CPRNG implementation.", - ENGINE_CMD_FLAG_NO_INPUT}, - {0, NULL, NULL, 0} -}; - -static int osrandom_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) { - const char *name; - size_t len; - - switch (cmd) { - case CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION: - /* i: buffer size, p: char* buffer */ - name = osurandom_get_implementation(); - len = strlen(name); - if ((p == NULL) && (i == 0)) { - /* return required buffer len */ - return (int)len; - } - if ((p == NULL) || i < 0 || ((size_t)i <= len)) { - /* no buffer or buffer too small */ - ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - strcpy((char *)p, name); - return (int)len; - default: - ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } -} - -/* error reporting */ -#define ERR_FUNC(func) ERR_PACK(0, func, 0) -#define ERR_REASON(reason) ERR_PACK(0, 0, reason) - -static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_lib_name[] = { - {0, "osrandom_engine"}, - {0, NULL} -}; - -static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_str_funcs[] = { - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_INIT), - "osrandom_init"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES), - "osrandom_rand_bytes"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_FINISH), - "osrandom_finish"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD), - "dev_urandom_fd"}, - {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ), - "dev_urandom_read"}, - {0, NULL} -}; - -static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_str_reasons[] = { - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT), - "CryptAcquireContext() failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM), - "CryptGenRandom() failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT), - "CryptReleaseContext() failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED), - "getentropy() failed"}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED), - "open('/dev/urandom') failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED), - "Reading from /dev/urandom fd failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED), - "getrandom() initialization failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED), - "getrandom() initialization failed with unexpected errno."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED), - "getrandom() syscall failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT), - "getrandom() engine was not properly initialized."}, - {0, NULL} -}; - -static int Cryptography_OSRandom_lib_error_code = 0; - -static void ERR_load_Cryptography_OSRandom_strings(void) -{ - if (Cryptography_OSRandom_lib_error_code == 0) { - Cryptography_OSRandom_lib_error_code = ERR_get_next_error_library(); - ERR_load_strings(Cryptography_OSRandom_lib_error_code, - CRYPTOGRAPHY_OSRANDOM_lib_name); - ERR_load_strings(Cryptography_OSRandom_lib_error_code, - CRYPTOGRAPHY_OSRANDOM_str_funcs); - ERR_load_strings(Cryptography_OSRandom_lib_error_code, - CRYPTOGRAPHY_OSRANDOM_str_reasons); - } -} - -static void ERR_Cryptography_OSRandom_error(int function, int reason, - char *file, int line) -{ - ERR_PUT_error(Cryptography_OSRandom_lib_error_code, function, reason, - file, line); -} - -/* Returns 1 if successfully added, 2 if engine has previously been added, - and 0 for error. */ -int Cryptography_add_osrandom_engine(void) { - ENGINE *e; - - ERR_load_Cryptography_OSRandom_strings(); - - e = ENGINE_by_id(Cryptography_osrandom_engine_id); - if (e != NULL) { - ENGINE_free(e); - return 2; - } else { - ERR_clear_error(); - } - - e = ENGINE_new(); - if (e == NULL) { - return 0; - } - if (!ENGINE_set_id(e, Cryptography_osrandom_engine_id) || - !ENGINE_set_name(e, Cryptography_osrandom_engine_name) || - !ENGINE_set_RAND(e, &osrandom_rand) || - !ENGINE_set_init_function(e, osrandom_init) || - !ENGINE_set_finish_function(e, osrandom_finish) || - !ENGINE_set_cmd_defns(e, osrandom_cmd_defns) || - !ENGINE_set_ctrl_function(e, osrandom_ctrl)) { - ENGINE_free(e); - return 0; - } - if (!ENGINE_add(e)) { - ENGINE_free(e); - return 0; - } - if (!ENGINE_free(e)) { - return 0; - } - - return 1; -} - -#else -/* If OpenSSL has no ENGINE support then we don't want - * to compile the osrandom engine, but we do need some - * placeholders */ -static const char *Cryptography_osrandom_engine_id = "no-engine-support"; -static const char *Cryptography_osrandom_engine_name = "osrandom_engine disabled"; - -int Cryptography_add_osrandom_engine(void) { - return 0; -} - -#endif +/* osurandom engine + * + * Windows CryptGenRandom() + * macOS >= 10.12 getentropy() + * OpenBSD 5.6+ getentropy() + * other BSD getentropy() if SYS_getentropy is defined + * Linux 3.17+ getrandom() with fallback to /dev/urandom + * other /dev/urandom with cached fd + * + * The /dev/urandom, getrandom and getentropy code is derived from Python's + * Python/random.c, written by Antoine Pitrou and Victor Stinner. + * + * Copyright 2001-2016 Python Software Foundation; All Rights Reserved. + */ + +#ifdef __linux__ +#include <poll.h> +#endif + +#if CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE +/* OpenSSL has ENGINE support and is older than 1.1.1d (the first version that + * properly implements fork safety in its RNG) so build the engine. */ +static const char *Cryptography_osrandom_engine_id = "osrandom"; + +/**************************************************************************** + * Windows + */ +#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM +static const char *Cryptography_osrandom_engine_name = "osrandom_engine CryptGenRandom()"; +static HCRYPTPROV hCryptProv = 0; + +static int osrandom_init(ENGINE *e) { + if (hCryptProv != 0) { + return 1; + } + if (CryptAcquireContext(&hCryptProv, NULL, NULL, + PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { + return 1; + } else { + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_INIT, + CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT, + __FILE__, __LINE__ + ); + return 0; + } +} + +static int osrandom_rand_bytes(unsigned char *buffer, int size) { + if (hCryptProv == 0) { + return 0; + } + + if (!CryptGenRandom(hCryptProv, (DWORD)size, buffer)) { + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, + CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM, + __FILE__, __LINE__ + ); + return 0; + } + return 1; +} + +static int osrandom_finish(ENGINE *e) { + if (CryptReleaseContext(hCryptProv, 0)) { + hCryptProv = 0; + return 1; + } else { + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_FINISH, + CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT, + __FILE__, __LINE__ + ); + return 0; + } +} + +static int osrandom_rand_status(void) { + return hCryptProv != 0; +} + +static const char *osurandom_get_implementation(void) { + return "CryptGenRandom"; +} + +#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM */ + +/**************************************************************************** + * /dev/urandom helpers for all non-BSD Unix platforms + */ +#ifdef CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM + +static struct { + int fd; + dev_t st_dev; + ino_t st_ino; +} urandom_cache = { -1 }; + +static int open_cloexec(const char *path) { + int open_flags = O_RDONLY; +#ifdef O_CLOEXEC + open_flags |= O_CLOEXEC; +#endif + + int fd = open(path, open_flags); + if (fd == -1) { + return -1; + } + +#ifndef O_CLOEXEC + int flags = fcntl(fd, F_GETFD); + if (flags == -1) { + return -1; + } + if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) { + return -1; + } +#endif + return fd; +} + +#ifdef __linux__ +/* On Linux, we open("/dev/random") and use poll() to wait until it's readable + * before we read from /dev/urandom, this ensures that we don't read from + * /dev/urandom before the kernel CSPRNG is initialized. This isn't necessary on + * other platforms because they don't have the same _bug_ as Linux does with + * /dev/urandom and early boot. */ +static int wait_on_devrandom(void) { + struct pollfd pfd = {}; + int ret = 0; + int random_fd = open_cloexec("/dev/random"); + if (random_fd < 0) { + return -1; + } + pfd.fd = random_fd; + pfd.events = POLLIN; + pfd.revents = 0; + do { + ret = poll(&pfd, 1, -1); + } while (ret < 0 && (errno == EINTR || errno == EAGAIN)); + close(random_fd); + return ret; +} +#endif + +/* return -1 on error */ +static int dev_urandom_fd(void) { + int fd = -1; + struct stat st; + + /* Check that fd still points to the correct device */ + if (urandom_cache.fd >= 0) { + if (fstat(urandom_cache.fd, &st) + || st.st_dev != urandom_cache.st_dev + || st.st_ino != urandom_cache.st_ino) { + /* Somebody replaced our FD. Invalidate our cache but don't + * close the fd. */ + urandom_cache.fd = -1; + } + } + if (urandom_cache.fd < 0) { +#ifdef __linux__ + if (wait_on_devrandom() < 0) { + goto error; + } +#endif + + fd = open_cloexec("/dev/urandom"); + if (fd < 0) { + goto error; + } + if (fstat(fd, &st)) { + goto error; + } + /* Another thread initialized the fd */ + if (urandom_cache.fd >= 0) { + close(fd); + return urandom_cache.fd; + } + urandom_cache.st_dev = st.st_dev; + urandom_cache.st_ino = st.st_ino; + urandom_cache.fd = fd; + } + return urandom_cache.fd; + + error: + if (fd != -1) { + close(fd); + } + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD, + CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED, + __FILE__, __LINE__ + ); + return -1; +} + +static int dev_urandom_read(unsigned char *buffer, int size) { + int fd; + int n; + + fd = dev_urandom_fd(); + if (fd < 0) { + return 0; + } + + while (size > 0) { + do { + n = (int)read(fd, buffer, (size_t)size); + } while (n < 0 && errno == EINTR); + + if (n <= 0) { + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ, + CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED, + __FILE__, __LINE__ + ); + return 0; + } + buffer += n; + size -= n; + } + return 1; +} + +static void dev_urandom_close(void) { + if (urandom_cache.fd >= 0) { + int fd; + struct stat st; + + if (fstat(urandom_cache.fd, &st) + && st.st_dev == urandom_cache.st_dev + && st.st_ino == urandom_cache.st_ino) { + fd = urandom_cache.fd; + urandom_cache.fd = -1; + close(fd); + } + } +} +#endif /* CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM */ + +/**************************************************************************** + * BSD getentropy + */ +#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY +static const char *Cryptography_osrandom_engine_name = "osrandom_engine getentropy()"; + +static int getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_NOT_INIT; + +static int osrandom_init(ENGINE *e) { +#if !defined(__APPLE__) + getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS; +#else + if (__builtin_available(macOS 10.12, *)) { + getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS; + } else { + getentropy_works = CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK; + int fd = dev_urandom_fd(); + if (fd < 0) { + return 0; + } + } +#endif + return 1; +} + +static int osrandom_rand_bytes(unsigned char *buffer, int size) { + int len; + int res; + + switch(getentropy_works) { +#if defined(__APPLE__) + case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK: + return dev_urandom_read(buffer, size); +#endif + case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: + while (size > 0) { + /* OpenBSD and macOS restrict maximum buffer size to 256. */ + len = size > 256 ? 256 : size; +/* on mac, availability is already checked using `__builtin_available` above */ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunguarded-availability" + res = getentropy(buffer, (size_t)len); +#pragma clang diagnostic pop + if (res < 0) { + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, + CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED, + __FILE__, __LINE__ + ); + return 0; + } + buffer += len; + size -= len; + } + return 1; + } + __builtin_unreachable(); +} + +static int osrandom_finish(ENGINE *e) { + return 1; +} + +static int osrandom_rand_status(void) { + return 1; +} + +static const char *osurandom_get_implementation(void) { + switch(getentropy_works) { + case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK: + return "/dev/urandom"; + case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: + return "getentropy"; + } + __builtin_unreachable(); +} +#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY */ + +/**************************************************************************** + * Linux getrandom engine with fallback to dev_urandom + */ + +#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM +static const char *Cryptography_osrandom_engine_name = "osrandom_engine getrandom()"; + +static int getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT; + +static int osrandom_init(ENGINE *e) { + /* We try to detect working getrandom until we succeed. */ + if (getrandom_works != CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS) { + long n; + char dest[1]; + /* if the kernel CSPRNG is not initialized this will block */ + n = syscall(SYS_getrandom, dest, sizeof(dest), 0); + if (n == sizeof(dest)) { + getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS; + } else { + int e = errno; + switch(e) { + case ENOSYS: + /* Fallback: Kernel does not support the syscall. */ + getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK; + break; + case EPERM: + /* Fallback: seccomp prevents syscall */ + getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK; + break; + default: + /* EINTR cannot occur for buflen < 256. */ + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_INIT, + CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED, + "errno", e + ); + getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED; + break; + } + } + } + + /* fallback to dev urandom */ + if (getrandom_works == CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK) { + int fd = dev_urandom_fd(); + if (fd < 0) { + return 0; + } + } + return 1; +} + +static int osrandom_rand_bytes(unsigned char *buffer, int size) { + long n; + + switch(getrandom_works) { + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, + CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED, + __FILE__, __LINE__ + ); + return 0; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, + CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT, + __FILE__, __LINE__ + ); + return 0; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: + return dev_urandom_read(buffer, size); + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: + while (size > 0) { + do { + n = syscall(SYS_getrandom, buffer, size, 0); + } while (n < 0 && errno == EINTR); + + if (n <= 0) { + ERR_Cryptography_OSRandom_error( + CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, + CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED, + __FILE__, __LINE__ + ); + return 0; + } + buffer += n; + size -= (int)n; + } + return 1; + } + __builtin_unreachable(); +} + +static int osrandom_finish(ENGINE *e) { + dev_urandom_close(); + return 1; +} + +static int osrandom_rand_status(void) { + switch(getrandom_works) { + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: + return 0; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: + return 0; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: + return urandom_cache.fd >= 0; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: + return 1; + } + __builtin_unreachable(); +} + +static const char *osurandom_get_implementation(void) { + switch(getrandom_works) { + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED: + return "<failed>"; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT: + return "<not initialized>"; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK: + return "/dev/urandom"; + case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: + return "getrandom"; + } + __builtin_unreachable(); +} +#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM */ + +/**************************************************************************** + * dev_urandom engine for all remaining platforms + */ + +#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM +static const char *Cryptography_osrandom_engine_name = "osrandom_engine /dev/urandom"; + +static int osrandom_init(ENGINE *e) { + int fd = dev_urandom_fd(); + if (fd < 0) { + return 0; + } + return 1; +} + +static int osrandom_rand_bytes(unsigned char *buffer, int size) { + return dev_urandom_read(buffer, size); +} + +static int osrandom_finish(ENGINE *e) { + dev_urandom_close(); + return 1; +} + +static int osrandom_rand_status(void) { + return urandom_cache.fd >= 0; +} + +static const char *osurandom_get_implementation(void) { + return "/dev/urandom"; +} +#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM */ + +/**************************************************************************** + * ENGINE boiler plate + */ + +/* This replicates the behavior of the OpenSSL FIPS RNG, which returns a + -1 in the event that there is an error when calling RAND_pseudo_bytes. */ +static int osrandom_pseudo_rand_bytes(unsigned char *buffer, int size) { + int res = osrandom_rand_bytes(buffer, size); + if (res == 0) { + return -1; + } else { + return res; + } +} + +static RAND_METHOD osrandom_rand = { + NULL, + osrandom_rand_bytes, + NULL, + NULL, + osrandom_pseudo_rand_bytes, + osrandom_rand_status, +}; + +static const ENGINE_CMD_DEFN osrandom_cmd_defns[] = { + {CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION, + "get_implementation", + "Get CPRNG implementation.", + ENGINE_CMD_FLAG_NO_INPUT}, + {0, NULL, NULL, 0} +}; + +static int osrandom_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) { + const char *name; + size_t len; + + switch (cmd) { + case CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION: + /* i: buffer size, p: char* buffer */ + name = osurandom_get_implementation(); + len = strlen(name); + if ((p == NULL) && (i == 0)) { + /* return required buffer len */ + return (int)len; + } + if ((p == NULL) || i < 0 || ((size_t)i <= len)) { + /* no buffer or buffer too small */ + ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_INVALID_ARGUMENT); + return 0; + } + strcpy((char *)p, name); + return (int)len; + default: + ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + return 0; + } +} + +/* error reporting */ +#define ERR_FUNC(func) ERR_PACK(0, func, 0) +#define ERR_REASON(reason) ERR_PACK(0, 0, reason) + +static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_lib_name[] = { + {0, "osrandom_engine"}, + {0, NULL} +}; + +static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_str_funcs[] = { + {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_INIT), + "osrandom_init"}, + {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES), + "osrandom_rand_bytes"}, + {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_FINISH), + "osrandom_finish"}, + {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD), + "dev_urandom_fd"}, + {ERR_FUNC(CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ), + "dev_urandom_read"}, + {0, NULL} +}; + +static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_str_reasons[] = { + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT), + "CryptAcquireContext() failed."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM), + "CryptGenRandom() failed."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT), + "CryptReleaseContext() failed."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED), + "getentropy() failed"}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED), + "open('/dev/urandom') failed."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED), + "Reading from /dev/urandom fd failed."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED), + "getrandom() initialization failed."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED), + "getrandom() initialization failed with unexpected errno."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED), + "getrandom() syscall failed."}, + {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT), + "getrandom() engine was not properly initialized."}, + {0, NULL} +}; + +static int Cryptography_OSRandom_lib_error_code = 0; + +static void ERR_load_Cryptography_OSRandom_strings(void) +{ + if (Cryptography_OSRandom_lib_error_code == 0) { + Cryptography_OSRandom_lib_error_code = ERR_get_next_error_library(); + ERR_load_strings(Cryptography_OSRandom_lib_error_code, + CRYPTOGRAPHY_OSRANDOM_lib_name); + ERR_load_strings(Cryptography_OSRandom_lib_error_code, + CRYPTOGRAPHY_OSRANDOM_str_funcs); + ERR_load_strings(Cryptography_OSRandom_lib_error_code, + CRYPTOGRAPHY_OSRANDOM_str_reasons); + } +} + +static void ERR_Cryptography_OSRandom_error(int function, int reason, + char *file, int line) +{ + ERR_PUT_error(Cryptography_OSRandom_lib_error_code, function, reason, + file, line); +} + +/* Returns 1 if successfully added, 2 if engine has previously been added, + and 0 for error. */ +int Cryptography_add_osrandom_engine(void) { + ENGINE *e; + + ERR_load_Cryptography_OSRandom_strings(); + + e = ENGINE_by_id(Cryptography_osrandom_engine_id); + if (e != NULL) { + ENGINE_free(e); + return 2; + } else { + ERR_clear_error(); + } + + e = ENGINE_new(); + if (e == NULL) { + return 0; + } + if (!ENGINE_set_id(e, Cryptography_osrandom_engine_id) || + !ENGINE_set_name(e, Cryptography_osrandom_engine_name) || + !ENGINE_set_RAND(e, &osrandom_rand) || + !ENGINE_set_init_function(e, osrandom_init) || + !ENGINE_set_finish_function(e, osrandom_finish) || + !ENGINE_set_cmd_defns(e, osrandom_cmd_defns) || + !ENGINE_set_ctrl_function(e, osrandom_ctrl)) { + ENGINE_free(e); + return 0; + } + if (!ENGINE_add(e)) { + ENGINE_free(e); + return 0; + } + if (!ENGINE_free(e)) { + return 0; + } + + return 1; +} + +#else +/* If OpenSSL has no ENGINE support then we don't want + * to compile the osrandom engine, but we do need some + * placeholders */ +static const char *Cryptography_osrandom_engine_id = "no-engine-support"; +static const char *Cryptography_osrandom_engine_name = "osrandom_engine disabled"; + +int Cryptography_add_osrandom_engine(void) { + return 0; +} + +#endif diff --git a/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.h b/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.h index 29fb9f6f9f..93d918b88b 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.h +++ b/contrib/python/cryptography/_cffi_src/openssl/src/osrandom_engine.h @@ -1,118 +1,118 @@ -#ifndef OPENSSL_NO_ENGINE -/* OpenSSL has ENGINE support so include all of this. */ -#ifdef _WIN32 - #include <Wincrypt.h> -#else - #include <fcntl.h> - #include <unistd.h> - /* for defined(BSD) */ - #ifndef __MVS__ - #include <sys/param.h> - #endif - - #ifdef BSD - /* for SYS_getentropy */ - #include <sys/syscall.h> - #endif - - #ifdef __APPLE__ - #include <sys/random.h> - /* To support weak linking we need to declare this as a weak import even if - * it's not present in sys/random (e.g. macOS < 10.12). */ - extern int getentropy(void *buffer, size_t size) __attribute((weak_import)); - #endif - - #ifdef __linux__ - /* for SYS_getrandom */ - #include <sys/syscall.h> - #ifndef GRND_NONBLOCK - #define GRND_NONBLOCK 0x0001 - #endif /* GRND_NONBLOCK */ - - #ifndef SYS_getrandom - /* We only bother to define the constants for platforms where we ship - * wheels, since that's the predominant way you get a situation where - * you don't have SYS_getrandom at compile time but do have the syscall - * at runtime */ - #if defined(__x86_64__) - #define SYS_getrandom 318 - #elif defined(__i386__) - #define SYS_getrandom 355 - #elif defined(__aarch64__) - #define SYS_getrandom 278 - #endif - #endif - #endif /* __linux__ */ -#endif /* _WIN32 */ - -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM 1 -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY 2 -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM 3 -#define CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM 4 - -#ifndef CRYPTOGRAPHY_OSRANDOM_ENGINE - #if defined(_WIN32) - /* Windows */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM - #elif defined(BSD) && defined(SYS_getentropy) - /* OpenBSD 5.6+ & macOS with SYS_getentropy defined, although < 10.12 will fallback - * to urandom */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY - #elif defined(__linux__) && defined(SYS_getrandom) - /* Linux 3.17+ */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM - #else - /* Keep this as last entry, fall back to /dev/urandom */ - #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM - #endif -#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE */ - -/* Fallbacks need /dev/urandom helper functions. */ -#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM || \ - CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM || \ - (CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY && \ - defined(__APPLE__)) - #define CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM 1 -#endif - -enum { - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED = -2, - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT, - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK, - CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS -}; - -enum { - CRYPTOGRAPHY_OSRANDOM_GETENTROPY_NOT_INIT, - CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK, - CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS -}; - -/* engine ctrl */ -#define CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION ENGINE_CMD_BASE - -/* error reporting */ -static void ERR_load_Cryptography_OSRandom_strings(void); -static void ERR_Cryptography_OSRandom_error(int function, int reason, - char *file, int line); - -#define CRYPTOGRAPHY_OSRANDOM_F_INIT 100 -#define CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES 101 -#define CRYPTOGRAPHY_OSRANDOM_F_FINISH 102 -#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD 300 -#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ 301 - -#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT 100 -#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM 101 -#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT 102 - -#define CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED 200 - -#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED 300 -#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED 301 - -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED 400 -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED 402 -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED 403 -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT 404 -#endif +#ifndef OPENSSL_NO_ENGINE +/* OpenSSL has ENGINE support so include all of this. */ +#ifdef _WIN32 + #include <Wincrypt.h> +#else + #include <fcntl.h> + #include <unistd.h> + /* for defined(BSD) */ + #ifndef __MVS__ + #include <sys/param.h> + #endif + + #ifdef BSD + /* for SYS_getentropy */ + #include <sys/syscall.h> + #endif + + #ifdef __APPLE__ + #include <sys/random.h> + /* To support weak linking we need to declare this as a weak import even if + * it's not present in sys/random (e.g. macOS < 10.12). */ + extern int getentropy(void *buffer, size_t size) __attribute((weak_import)); + #endif + + #ifdef __linux__ + /* for SYS_getrandom */ + #include <sys/syscall.h> + #ifndef GRND_NONBLOCK + #define GRND_NONBLOCK 0x0001 + #endif /* GRND_NONBLOCK */ + + #ifndef SYS_getrandom + /* We only bother to define the constants for platforms where we ship + * wheels, since that's the predominant way you get a situation where + * you don't have SYS_getrandom at compile time but do have the syscall + * at runtime */ + #if defined(__x86_64__) + #define SYS_getrandom 318 + #elif defined(__i386__) + #define SYS_getrandom 355 + #elif defined(__aarch64__) + #define SYS_getrandom 278 + #endif + #endif + #endif /* __linux__ */ +#endif /* _WIN32 */ + +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM 1 +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY 2 +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM 3 +#define CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM 4 + +#ifndef CRYPTOGRAPHY_OSRANDOM_ENGINE + #if defined(_WIN32) + /* Windows */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_CRYPTGENRANDOM + #elif defined(BSD) && defined(SYS_getentropy) + /* OpenBSD 5.6+ & macOS with SYS_getentropy defined, although < 10.12 will fallback + * to urandom */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY + #elif defined(__linux__) && defined(SYS_getrandom) + /* Linux 3.17+ */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM + #else + /* Keep this as last entry, fall back to /dev/urandom */ + #define CRYPTOGRAPHY_OSRANDOM_ENGINE CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM + #endif +#endif /* CRYPTOGRAPHY_OSRANDOM_ENGINE */ + +/* Fallbacks need /dev/urandom helper functions. */ +#if CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETRANDOM || \ + CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_DEV_URANDOM || \ + (CRYPTOGRAPHY_OSRANDOM_ENGINE == CRYPTOGRAPHY_OSRANDOM_ENGINE_GETENTROPY && \ + defined(__APPLE__)) + #define CRYPTOGRAPHY_OSRANDOM_NEEDS_DEV_URANDOM 1 +#endif + +enum { + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED = -2, + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_NOT_INIT, + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK, + CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS +}; + +enum { + CRYPTOGRAPHY_OSRANDOM_GETENTROPY_NOT_INIT, + CRYPTOGRAPHY_OSRANDOM_GETENTROPY_FALLBACK, + CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS +}; + +/* engine ctrl */ +#define CRYPTOGRAPHY_OSRANDOM_GET_IMPLEMENTATION ENGINE_CMD_BASE + +/* error reporting */ +static void ERR_load_Cryptography_OSRandom_strings(void); +static void ERR_Cryptography_OSRandom_error(int function, int reason, + char *file, int line); + +#define CRYPTOGRAPHY_OSRANDOM_F_INIT 100 +#define CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES 101 +#define CRYPTOGRAPHY_OSRANDOM_F_FINISH 102 +#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_FD 300 +#define CRYPTOGRAPHY_OSRANDOM_F_DEV_URANDOM_READ 301 + +#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTACQUIRECONTEXT 100 +#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTGENRANDOM 101 +#define CRYPTOGRAPHY_OSRANDOM_R_CRYPTRELEASECONTEXT 102 + +#define CRYPTOGRAPHY_OSRANDOM_R_GETENTROPY_FAILED 200 + +#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_OPEN_FAILED 300 +#define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED 301 + +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED 400 +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED 402 +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED 403 +#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT 404 +#endif diff --git a/contrib/python/cryptography/_cffi_src/openssl/ssl.py b/contrib/python/cryptography/_cffi_src/openssl/ssl.py index 112c0c4ffc..9400f115fb 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/ssl.py +++ b/contrib/python/cryptography/_cffi_src/openssl/ssl.py @@ -16,15 +16,15 @@ static const long Cryptography_HAS_TLS_ST; static const long Cryptography_HAS_SSL3_METHOD; static const long Cryptography_HAS_TLSv1_1; static const long Cryptography_HAS_TLSv1_2; -static const long Cryptography_HAS_TLSv1_3; +static const long Cryptography_HAS_TLSv1_3; static const long Cryptography_HAS_SECURE_RENEGOTIATION; static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; -static const long Cryptography_HAS_DTLS; -static const long Cryptography_HAS_SIGALGS; -static const long Cryptography_HAS_PSK; -static const long Cryptography_HAS_VERIFIED_CHAIN; -static const long Cryptography_HAS_KEYLOG; -static const long Cryptography_HAS_GET_PROTO_VERSION; +static const long Cryptography_HAS_DTLS; +static const long Cryptography_HAS_SIGALGS; +static const long Cryptography_HAS_PSK; +static const long Cryptography_HAS_VERIFIED_CHAIN; +static const long Cryptography_HAS_KEYLOG; +static const long Cryptography_HAS_GET_PROTO_VERSION; static const long Cryptography_HAS_TLSEXT_HOSTNAME; /* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is @@ -39,11 +39,11 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; static const long Cryptography_HAS_SSL_SET_SSL_CTX; static const long Cryptography_HAS_SSL_OP_NO_TICKET; -static const long Cryptography_HAS_ALPN; +static const long Cryptography_HAS_ALPN; static const long Cryptography_HAS_NEXTPROTONEG; static const long Cryptography_HAS_SET_CERT_CB; -static const long Cryptography_HAS_CUSTOM_EXT; -static const long Cryptography_HAS_SRTP; +static const long Cryptography_HAS_CUSTOM_EXT; +static const long Cryptography_HAS_SRTP; static const long SSL_FILETYPE_PEM; static const long SSL_FILETYPE_ASN1; @@ -62,9 +62,9 @@ static const long SSL_OP_NO_SSLv3; static const long SSL_OP_NO_TLSv1; static const long SSL_OP_NO_TLSv1_1; static const long SSL_OP_NO_TLSv1_2; -static const long SSL_OP_NO_TLSv1_3; -static const long SSL_OP_NO_DTLSv1; -static const long SSL_OP_NO_DTLSv1_2; +static const long SSL_OP_NO_TLSv1_3; +static const long SSL_OP_NO_DTLSv1; +static const long SSL_OP_NO_DTLSv1_2; static const long SSL_OP_NO_COMPRESSION; static const long SSL_OP_SINGLE_DH_USE; static const long SSL_OP_EPHEMERAL_RSA; @@ -95,7 +95,7 @@ static const long SSL_VERIFY_PEER; static const long SSL_VERIFY_FAIL_IF_NO_PEER_CERT; static const long SSL_VERIFY_CLIENT_ONCE; static const long SSL_VERIFY_NONE; -static const long SSL_VERIFY_POST_HANDSHAKE; +static const long SSL_VERIFY_POST_HANDSHAKE; static const long SSL_SESS_CACHE_OFF; static const long SSL_SESS_CACHE_CLIENT; static const long SSL_SESS_CACHE_SERVER; @@ -140,15 +140,15 @@ typedef ... SSL_SESSION; typedef ... SSL; static const long TLSEXT_NAMETYPE_host_name; -static const long TLSEXT_STATUSTYPE_ocsp; +static const long TLSEXT_STATUSTYPE_ocsp; typedef ... SSL_CIPHER; typedef ... Cryptography_STACK_OF_SSL_CIPHER; - -typedef struct { - const char *name; - unsigned long id; -} SRTP_PROTECTION_PROFILE; + +typedef struct { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; """ FUNCTIONS = """ @@ -169,23 +169,23 @@ int SSL_pending(const SSL *); int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); int SSL_peek(SSL *, void *, int); -X509 *SSL_get_certificate(const SSL *); +X509 *SSL_get_certificate(const SSL *); X509 *SSL_get_peer_certificate(const SSL *); int SSL_get_ex_data_X509_STORE_CTX_idx(void); -/* Added in 1.0.2 */ -X509_VERIFY_PARAM *SSL_get0_param(SSL *); -X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *); - -int SSL_get_sigalgs(SSL *, int, int *, int *, int *, unsigned char *, - unsigned char *); - +/* Added in 1.0.2 */ +X509_VERIFY_PARAM *SSL_get0_param(SSL *); +X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *); + +int SSL_get_sigalgs(SSL *, int, int *, int *, int *, unsigned char *, + unsigned char *); + Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); -Cryptography_STACK_OF_X509 *SSL_get0_verified_chain(const SSL *); +Cryptography_STACK_OF_X509 *SSL_get0_verified_chain(const SSL *); Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); -long SSL_get_verify_result(const SSL *ssl); +long SSL_get_verify_result(const SSL *ssl); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); int SSL_renegotiate(SSL *); @@ -211,36 +211,36 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *, EVP_PKEY *); int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int); int SSL_CTX_check_private_key(const SSL_CTX *); void SSL_CTX_set_cert_verify_callback(SSL_CTX *, - int (*)(X509_STORE_CTX *, void *), + int (*)(X509_STORE_CTX *, void *), void *); - -void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, - int (*)( - SSL *, - unsigned char *, - unsigned int * - )); -long SSL_CTX_get_read_ahead(SSL_CTX *); -long SSL_CTX_set_read_ahead(SSL_CTX *, long); - -int SSL_CTX_use_psk_identity_hint(SSL_CTX *, const char *); -void SSL_CTX_set_psk_server_callback(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - unsigned char *, - unsigned int - )); -void SSL_CTX_set_psk_client_callback(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - char *, - unsigned int, - unsigned char *, - unsigned int - )); - + +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, + int (*)( + SSL *, + unsigned char *, + unsigned int * + )); +long SSL_CTX_get_read_ahead(SSL_CTX *); +long SSL_CTX_set_read_ahead(SSL_CTX *, long); + +int SSL_CTX_use_psk_identity_hint(SSL_CTX *, const char *); +void SSL_CTX_set_psk_server_callback(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + unsigned char *, + unsigned int + )); +void SSL_CTX_set_psk_client_callback(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + char *, + unsigned int, + unsigned char *, + unsigned int + )); + int SSL_CTX_set_session_id_context(SSL_CTX *, const unsigned char *, unsigned int); @@ -253,27 +253,27 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int)); void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); -void SSL_CTX_set_keylog_callback(SSL_CTX *, - void (*)(const SSL *, const char *)); -void (*SSL_CTX_get_keylog_callback(SSL_CTX *))(const SSL *, const char *); - -long SSL_CTX_set1_sigalgs_list(SSL_CTX *, const char *); - +void SSL_CTX_set_keylog_callback(SSL_CTX *, + void (*)(const SSL *, const char *)); +void (*SSL_CTX_get_keylog_callback(SSL_CTX *))(const SSL *, const char *); + +long SSL_CTX_set1_sigalgs_list(SSL_CTX *, const char *); + /* SSL_SESSION */ void SSL_SESSION_free(SSL_SESSION *); /* Information about actually used cipher */ const char *SSL_CIPHER_get_name(const SSL_CIPHER *); int SSL_CIPHER_get_bits(const SSL_CIPHER *, int *); -/* the modern signature of this is uint32_t, but older openssl declared it - as unsigned long. To make our compiler flags happy we'll declare it as a - 64-bit wide value, which should always be safe */ -uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); -int SSL_CIPHER_is_aead(const SSL_CIPHER *); -int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *); -int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *); +/* the modern signature of this is uint32_t, but older openssl declared it + as unsigned long. To make our compiler flags happy we'll declare it as a + 64-bit wide value, which should always be safe */ +uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); +int SSL_CIPHER_is_aead(const SSL_CIPHER *); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *); +int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *); size_t SSL_get_finished(const SSL *, void *, size_t); size_t SSL_get_peer_finished(const SSL *, void *, size_t); @@ -296,13 +296,13 @@ int SSL_CTX_set_ex_data(SSL_CTX *, int, void *); SSL_SESSION *SSL_get_session(const SSL *); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *, unsigned int *); -long SSL_SESSION_get_time(const SSL_SESSION *); -long SSL_SESSION_get_timeout(const SSL_SESSION *); -int SSL_SESSION_has_ticket(const SSL_SESSION *); -long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *); +long SSL_SESSION_get_time(const SSL_SESSION *); +long SSL_SESSION_get_timeout(const SSL_SESSION *); +int SSL_SESSION_has_ticket(const SSL_SESSION *); +long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *); unsigned long SSL_set_mode(SSL *, unsigned long); -unsigned long SSL_clear_mode(SSL *, unsigned long); +unsigned long SSL_clear_mode(SSL *, unsigned long); unsigned long SSL_get_mode(SSL *); unsigned long SSL_set_options(SSL *, unsigned long); @@ -314,23 +314,23 @@ int SSL_want_write(const SSL *); long SSL_total_renegotiations(SSL *); long SSL_get_secure_renegotiation_support(SSL *); -long SSL_CTX_set_min_proto_version(SSL_CTX *, int); -long SSL_CTX_set_max_proto_version(SSL_CTX *, int); -long SSL_set_min_proto_version(SSL *, int); -long SSL_set_max_proto_version(SSL *, int); - -long SSL_CTX_get_min_proto_version(SSL_CTX *); -long SSL_CTX_get_max_proto_version(SSL_CTX *); -long SSL_get_min_proto_version(SSL *); -long SSL_get_max_proto_version(SSL *); - +long SSL_CTX_set_min_proto_version(SSL_CTX *, int); +long SSL_CTX_set_max_proto_version(SSL_CTX *, int); +long SSL_set_min_proto_version(SSL *, int); +long SSL_set_max_proto_version(SSL *, int); + +long SSL_CTX_get_min_proto_version(SSL_CTX *); +long SSL_CTX_get_max_proto_version(SSL_CTX *); +long SSL_get_min_proto_version(SSL *); +long SSL_get_max_proto_version(SSL *); + /* Defined as unsigned long because SSL_OP_ALL is greater than signed 32-bit and Windows defines long as 32-bit. */ unsigned long SSL_CTX_set_options(SSL_CTX *, unsigned long); unsigned long SSL_CTX_clear_options(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_options(SSL_CTX *); unsigned long SSL_CTX_set_mode(SSL_CTX *, unsigned long); -unsigned long SSL_CTX_clear_mode(SSL_CTX *, unsigned long); +unsigned long SSL_CTX_clear_mode(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_mode(SSL_CTX *); unsigned long SSL_CTX_set_session_cache_mode(SSL_CTX *, unsigned long); unsigned long SSL_CTX_get_session_cache_mode(SSL_CTX *); @@ -362,19 +362,19 @@ const SSL_METHOD *DTLSv1_method(void); const SSL_METHOD *DTLSv1_server_method(void); const SSL_METHOD *DTLSv1_client_method(void); -/* Added in 1.0.2 */ -const SSL_METHOD *DTLS_method(void); -const SSL_METHOD *DTLS_server_method(void); -const SSL_METHOD *DTLS_client_method(void); - +/* Added in 1.0.2 */ +const SSL_METHOD *DTLS_method(void); +const SSL_METHOD *DTLS_server_method(void); +const SSL_METHOD *DTLS_client_method(void); + const SSL_METHOD *SSLv23_method(void); const SSL_METHOD *SSLv23_server_method(void); const SSL_METHOD *SSLv23_client_method(void); -const SSL_METHOD *TLS_method(void); -const SSL_METHOD *TLS_server_method(void); -const SSL_METHOD *TLS_client_method(void); - +const SSL_METHOD *TLS_method(void); +const SSL_METHOD *TLS_server_method(void); +const SSL_METHOD *TLS_client_method(void); + /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/ SSL_CTX *SSL_CTX_new(SSL_METHOD *); long SSL_CTX_get_timeout(const SSL_CTX *); @@ -389,7 +389,7 @@ void *SSL_get_ex_data(const SSL *, int); void SSL_set_tlsext_host_name(SSL *, char *); void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, - int (*)(SSL *, int *, void *)); + int (*)(SSL *, int *, void *)); void SSL_CTX_set_tlsext_servername_arg( SSL_CTX *, void *); @@ -399,10 +399,10 @@ long SSL_set_tlsext_status_type(SSL *, long); long SSL_CTX_set_tlsext_status_cb(SSL_CTX *, int(*)(SSL *, void *)); long SSL_CTX_set_tlsext_status_arg(SSL_CTX *, void *); -int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *, const char *); -int SSL_set_tlsext_use_srtp(SSL *, const char *); -SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); - +int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *, const char *); +int SSL_set_tlsext_use_srtp(SSL *, const char *); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); + long SSL_session_reused(SSL *); int SSL_select_next_proto(unsigned char **, unsigned char *, @@ -442,8 +442,8 @@ size_t SSL_SESSION_get_master_key(const SSL_SESSION *, unsigned char *, size_t); size_t SSL_get_client_random(const SSL *, unsigned char *, size_t); size_t SSL_get_server_random(const SSL *, unsigned char *, size_t); -int SSL_export_keying_material(SSL *, unsigned char *, size_t, const char *, - size_t, const unsigned char *, size_t, int); +int SSL_export_keying_material(SSL *, unsigned char *, size_t, const char *, + size_t, const unsigned char *, size_t, int); long SSL_CTX_sess_number(SSL_CTX *); long SSL_CTX_sess_connect(SSL_CTX *); @@ -457,77 +457,77 @@ long SSL_CTX_sess_cb_hits(SSL_CTX *); long SSL_CTX_sess_misses(SSL_CTX *); long SSL_CTX_sess_timeouts(SSL_CTX *); long SSL_CTX_sess_cache_full(SSL_CTX *); - -/* DTLS support */ -long Cryptography_DTLSv1_get_timeout(SSL *, time_t *, long *); -long DTLSv1_handle_timeout(SSL *); -long DTLS_set_link_mtu(SSL *, long); -long DTLS_get_link_min_mtu(SSL *); - -/* Custom extensions. */ -typedef int (*custom_ext_add_cb)(SSL *, unsigned int, - const unsigned char **, - size_t *, int *, - void *); - -typedef void (*custom_ext_free_cb)(SSL *, unsigned int, - const unsigned char *, - void *); - -typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, - const unsigned char *, - size_t, int *, - void *); - -int SSL_CTX_add_client_custom_ext(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *); - -int SSL_CTX_add_server_custom_ext(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *); - -int SSL_extension_supported(unsigned int); - -int SSL_CTX_set_ciphersuites(SSL_CTX *, const char *); -int SSL_verify_client_post_handshake(SSL *); -void SSL_CTX_set_post_handshake_auth(SSL_CTX *, int); -void SSL_set_post_handshake_auth(SSL *, int); - -uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *); -int SSL_write_early_data(SSL *, const void *, size_t, size_t *); -int SSL_read_early_data(SSL *, void *, size_t, size_t *); -int SSL_CTX_set_max_early_data(SSL_CTX *, uint32_t); + +/* DTLS support */ +long Cryptography_DTLSv1_get_timeout(SSL *, time_t *, long *); +long DTLSv1_handle_timeout(SSL *); +long DTLS_set_link_mtu(SSL *, long); +long DTLS_get_link_min_mtu(SSL *); + +/* Custom extensions. */ +typedef int (*custom_ext_add_cb)(SSL *, unsigned int, + const unsigned char **, + size_t *, int *, + void *); + +typedef void (*custom_ext_free_cb)(SSL *, unsigned int, + const unsigned char *, + void *); + +typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, + const unsigned char *, + size_t, int *, + void *); + +int SSL_CTX_add_client_custom_ext(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *); + +int SSL_CTX_add_server_custom_ext(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *); + +int SSL_extension_supported(unsigned int); + +int SSL_CTX_set_ciphersuites(SSL_CTX *, const char *); +int SSL_verify_client_post_handshake(SSL *); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *, int); +void SSL_set_post_handshake_auth(SSL *, int); + +uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *); +int SSL_write_early_data(SSL *, const void *, size_t, size_t *); +int SSL_read_early_data(SSL *, void *, size_t, size_t *); +int SSL_CTX_set_max_early_data(SSL_CTX *, uint32_t); """ CUSTOMIZATIONS = """ -// This symbol is being preserved because removing it will break users with -// pyOpenSSL < 19.1 and pip < 20.x. We need to leave this in place until those -// users have upgraded. PersistentlyDeprecated2020 -static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; - -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_VERIFIED_CHAIN = 0; -Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; -#else -static const long Cryptography_HAS_VERIFIED_CHAIN = 1; +// This symbol is being preserved because removing it will break users with +// pyOpenSSL < 19.1 and pip < 20.x. We need to leave this in place until those +// users have upgraded. PersistentlyDeprecated2020 +static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; + +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_VERIFIED_CHAIN = 0; +Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; +#else +static const long Cryptography_HAS_VERIFIED_CHAIN = 1; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -static const long Cryptography_HAS_KEYLOG = 0; -void (*SSL_CTX_set_keylog_callback)(SSL_CTX *, - void (*) (const SSL *, const char *) - ) = NULL; -void (*(*SSL_CTX_get_keylog_callback)(SSL_CTX *))( - const SSL *, - const char * - ) = NULL; -#else -static const long Cryptography_HAS_KEYLOG = 1; +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 +static const long Cryptography_HAS_KEYLOG = 0; +void (*SSL_CTX_set_keylog_callback)(SSL_CTX *, + void (*) (const SSL *, const char *) + ) = NULL; +void (*(*SSL_CTX_get_keylog_callback)(SSL_CTX *))( + const SSL *, + const char * + ) = NULL; +#else +static const long Cryptography_HAS_KEYLOG = 1; #endif static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; @@ -548,10 +548,10 @@ static const long Cryptography_HAS_TLSv1_2 = 1; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; -static const long Cryptography_HAS_NEXTPROTONEG = 0; +static const long Cryptography_HAS_NEXTPROTONEG = 0; static const long Cryptography_HAS_ALPN = 1; -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_IS_LIBRESSL void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; static const long Cryptography_HAS_SET_CERT_CB = 0; @@ -563,7 +563,7 @@ static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 1; /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were removed */ -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_SSL_ST = 1; #else static const long Cryptography_HAS_SSL_ST = 0; @@ -572,7 +572,7 @@ static const long SSL_ST_OK = 0; static const long SSL_ST_INIT = 0; static const long SSL_ST_RENEGOTIATE = 0; #endif -#if !CRYPTOGRAPHY_IS_LIBRESSL +#if !CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_TLS_ST = 1; #else static const long Cryptography_HAS_TLS_ST = 0; @@ -580,126 +580,126 @@ static const long TLS_ST_BEFORE = 0; static const long TLS_ST_OK = 0; #endif -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long SSL_OP_NO_DTLSv1 = 0; -static const long SSL_OP_NO_DTLSv1_2 = 0; -long (*DTLS_set_link_mtu)(SSL *, long) = NULL; -long (*DTLS_get_link_min_mtu)(SSL *) = NULL; +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long SSL_OP_NO_DTLSv1 = 0; +static const long SSL_OP_NO_DTLSv1_2 = 0; +long (*DTLS_set_link_mtu)(SSL *, long) = NULL; +long (*DTLS_get_link_min_mtu)(SSL *) = NULL; +#endif + +static const long Cryptography_HAS_DTLS = 1; +/* Wrap DTLSv1_get_timeout to avoid cffi to handle a 'struct timeval'. */ +long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec, + long *ptv_usec) { + struct timeval tv = { 0 }; + long r = DTLSv1_get_timeout(ssl, &tv); + + if (r == 1) { + if (ptv_sec) { + *ptv_sec = tv.tv_sec; + } + + if (ptv_usec) { + *ptv_usec = tv.tv_usec; + } + } + + return r; +} + +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_SIGALGS = 0; +const int (*SSL_get_sigalgs)(SSL *, int, int *, int *, int *, unsigned char *, + unsigned char *) = NULL; +const long (*SSL_CTX_set1_sigalgs_list)(SSL_CTX *, const char *) = NULL; +#else +static const long Cryptography_HAS_SIGALGS = 1; +#endif + +#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_PSK) +static const long Cryptography_HAS_PSK = 0; +int (*SSL_CTX_use_psk_identity_hint)(SSL_CTX *, const char *) = NULL; +void (*SSL_CTX_set_psk_server_callback)(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + unsigned char *, + unsigned int + )) = NULL; +void (*SSL_CTX_set_psk_client_callback)(SSL_CTX *, + unsigned int (*)( + SSL *, + const char *, + char *, + unsigned int, + unsigned char *, + unsigned int + )) = NULL; +#else +static const long Cryptography_HAS_PSK = 1; +#endif + +#if !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_CUSTOM_EXT = 1; +#else +static const long Cryptography_HAS_CUSTOM_EXT = 0; +typedef int (*custom_ext_add_cb)(SSL *, unsigned int, + const unsigned char **, + size_t *, int *, + void *); +typedef void (*custom_ext_free_cb)(SSL *, unsigned int, + const unsigned char *, + void *); +typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, + const unsigned char *, + size_t, int *, + void *); +int (*SSL_CTX_add_client_custom_ext)(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *) = NULL; +int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int, + custom_ext_add_cb, + custom_ext_free_cb, void *, + custom_ext_parse_cb, + void *) = NULL; +int (*SSL_extension_supported)(unsigned int) = NULL; +#endif + +#ifndef OPENSSL_NO_SRTP +static const long Cryptography_HAS_SRTP = 1; +#else +static const long Cryptography_HAS_SRTP = 0; +int (*SSL_CTX_set_tlsext_use_srtp)(SSL_CTX *, const char *) = NULL; +int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; +SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; +#endif + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 +static const long Cryptography_HAS_TLSv1_3 = 0; +static const long SSL_OP_NO_TLSv1_3 = 0; +static const long SSL_VERIFY_POST_HANDSHAKE = 0; +int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL; +int (*SSL_verify_client_post_handshake)(SSL *) = NULL; +void (*SSL_CTX_set_post_handshake_auth)(SSL_CTX *, int) = NULL; +void (*SSL_set_post_handshake_auth)(SSL *, int) = NULL; +uint32_t (*SSL_SESSION_get_max_early_data)(const SSL_SESSION *) = NULL; +int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL; +int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL; +int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL; +#else +static const long Cryptography_HAS_TLSv1_3 = 1; +#endif + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_GET_PROTO_VERSION = 0; + +long (*SSL_CTX_get_min_proto_version)(SSL_CTX *) = NULL; +long (*SSL_CTX_get_max_proto_version)(SSL_CTX *) = NULL; +long (*SSL_get_min_proto_version)(SSL *) = NULL; +long (*SSL_get_max_proto_version)(SSL *) = NULL; +#else +static const long Cryptography_HAS_GET_PROTO_VERSION = 1; #endif - -static const long Cryptography_HAS_DTLS = 1; -/* Wrap DTLSv1_get_timeout to avoid cffi to handle a 'struct timeval'. */ -long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec, - long *ptv_usec) { - struct timeval tv = { 0 }; - long r = DTLSv1_get_timeout(ssl, &tv); - - if (r == 1) { - if (ptv_sec) { - *ptv_sec = tv.tv_sec; - } - - if (ptv_usec) { - *ptv_usec = tv.tv_usec; - } - } - - return r; -} - -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_SIGALGS = 0; -const int (*SSL_get_sigalgs)(SSL *, int, int *, int *, int *, unsigned char *, - unsigned char *) = NULL; -const long (*SSL_CTX_set1_sigalgs_list)(SSL_CTX *, const char *) = NULL; -#else -static const long Cryptography_HAS_SIGALGS = 1; -#endif - -#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_PSK) -static const long Cryptography_HAS_PSK = 0; -int (*SSL_CTX_use_psk_identity_hint)(SSL_CTX *, const char *) = NULL; -void (*SSL_CTX_set_psk_server_callback)(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - unsigned char *, - unsigned int - )) = NULL; -void (*SSL_CTX_set_psk_client_callback)(SSL_CTX *, - unsigned int (*)( - SSL *, - const char *, - char *, - unsigned int, - unsigned char *, - unsigned int - )) = NULL; -#else -static const long Cryptography_HAS_PSK = 1; -#endif - -#if !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_CUSTOM_EXT = 1; -#else -static const long Cryptography_HAS_CUSTOM_EXT = 0; -typedef int (*custom_ext_add_cb)(SSL *, unsigned int, - const unsigned char **, - size_t *, int *, - void *); -typedef void (*custom_ext_free_cb)(SSL *, unsigned int, - const unsigned char *, - void *); -typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, - const unsigned char *, - size_t, int *, - void *); -int (*SSL_CTX_add_client_custom_ext)(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *) = NULL; -int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int, - custom_ext_add_cb, - custom_ext_free_cb, void *, - custom_ext_parse_cb, - void *) = NULL; -int (*SSL_extension_supported)(unsigned int) = NULL; -#endif - -#ifndef OPENSSL_NO_SRTP -static const long Cryptography_HAS_SRTP = 1; -#else -static const long Cryptography_HAS_SRTP = 0; -int (*SSL_CTX_set_tlsext_use_srtp)(SSL_CTX *, const char *) = NULL; -int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; -SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 -static const long Cryptography_HAS_TLSv1_3 = 0; -static const long SSL_OP_NO_TLSv1_3 = 0; -static const long SSL_VERIFY_POST_HANDSHAKE = 0; -int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL; -int (*SSL_verify_client_post_handshake)(SSL *) = NULL; -void (*SSL_CTX_set_post_handshake_auth)(SSL_CTX *, int) = NULL; -void (*SSL_set_post_handshake_auth)(SSL *, int) = NULL; -uint32_t (*SSL_SESSION_get_max_early_data)(const SSL_SESSION *) = NULL; -int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL; -int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL; -int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL; -#else -static const long Cryptography_HAS_TLSv1_3 = 1; -#endif - -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_GET_PROTO_VERSION = 0; - -long (*SSL_CTX_get_min_proto_version)(SSL_CTX *) = NULL; -long (*SSL_CTX_get_max_proto_version)(SSL_CTX *) = NULL; -long (*SSL_get_min_proto_version)(SSL *) = NULL; -long (*SSL_get_max_proto_version)(SSL *) = NULL; -#else -static const long Cryptography_HAS_GET_PROTO_VERSION = 1; -#endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/x509.py b/contrib/python/cryptography/_cffi_src/openssl/x509.py index 2d835ab27b..24946ea48d 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/x509.py +++ b/contrib/python/cryptography/_cffi_src/openssl/x509.py @@ -29,7 +29,7 @@ typedef struct { ...; } X509_ALGOR; -typedef ... X509_ATTRIBUTE; +typedef ... X509_ATTRIBUTE; typedef ... X509_EXTENSION; typedef ... X509_EXTENSIONS; typedef ... X509_REQ; @@ -41,7 +41,7 @@ typedef ... NETSCAPE_SPKI; typedef ... PKCS8_PRIV_KEY_INFO; -typedef void (*sk_X509_EXTENSION_freefunc)(X509_EXTENSION *); +typedef void (*sk_X509_EXTENSION_freefunc)(X509_EXTENSION *); """ FUNCTIONS = """ @@ -49,7 +49,7 @@ X509 *X509_new(void); void X509_free(X509 *); X509 *X509_dup(X509 *); int X509_cmp(const X509 *, const X509 *); -int X509_up_ref(X509 *); +int X509_up_ref(X509 *); int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); @@ -88,13 +88,13 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *); int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long); int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *); X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *); -X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *, int); -int X509_REQ_get_attr_by_OBJ(const X509_REQ *, const ASN1_OBJECT *, int); -void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *, int, int, void *); -ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *, int); -int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *); -int X509_REQ_add1_attr_by_OBJ(X509_REQ *, const ASN1_OBJECT *, - int, const unsigned char *, int); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *, int); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *, const ASN1_OBJECT *, int); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *, int, int, void *); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *, int); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *, const ASN1_OBJECT *, + int, const unsigned char *, int); int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *); @@ -111,7 +111,7 @@ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *, int); int X509_REVOKED_set_revocationDate(X509_REVOKED *, ASN1_TIME *); X509_CRL *X509_CRL_new(void); -X509_CRL *X509_CRL_dup(X509_CRL *); +X509_CRL *X509_CRL_dup(X509_CRL *); X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **); int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *); int X509_CRL_add_ext(X509_CRL *, X509_EXTENSION *, int); @@ -184,9 +184,9 @@ X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *, int); X509_EXTENSION *X509_CRL_get_ext(X509_CRL *, int); int X509_CRL_get_ext_count(X509_CRL *); -int X509_CRL_get0_by_serial(X509_CRL *, X509_REVOKED **, ASN1_INTEGER *); +int X509_CRL_get0_by_serial(X509_CRL *, X509_REVOKED **, ASN1_INTEGER *); -X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *); X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *); /* new in 1.0.2 */ @@ -195,15 +195,15 @@ int X509_get_signature_nid(const X509 *); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); -void X509_get0_signature(const ASN1_BIT_STRING **, - const X509_ALGOR **, const X509 *); +void X509_get0_signature(const ASN1_BIT_STRING **, + const X509_ALGOR **, const X509 *); long X509_get_version(X509 *); ASN1_TIME *X509_get_notBefore(X509 *); ASN1_TIME *X509_get_notAfter(X509 *); -ASN1_TIME *X509_getm_notBefore(X509 *); -ASN1_TIME *X509_getm_notAfter(X509 *); +ASN1_TIME *X509_getm_notBefore(X509 *); +ASN1_TIME *X509_getm_notAfter(X509 *); long X509_REQ_get_version(X509_REQ *); X509_NAME *X509_REQ_get_subject_name(X509_REQ *); @@ -221,7 +221,7 @@ int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); int sk_X509_EXTENSION_insert(X509_EXTENSIONS *, X509_EXTENSION *, int); X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); void sk_X509_EXTENSION_free(X509_EXTENSIONS *); -void sk_X509_EXTENSION_pop_free(X509_EXTENSIONS *, sk_X509_EXTENSION_freefunc); +void sk_X509_EXTENSION_pop_free(X509_EXTENSIONS *, sk_X509_EXTENSION_freefunc); int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); @@ -232,7 +232,7 @@ int sk_X509_CRL_num(Cryptography_STACK_OF_X509_CRL *); int sk_X509_CRL_push(Cryptography_STACK_OF_X509_CRL *, X509_CRL *); X509_CRL *sk_X509_CRL_value(Cryptography_STACK_OF_X509_CRL *, int); -long X509_CRL_get_version(X509_CRL *); +long X509_CRL_get_version(X509_CRL *); ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *); ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *); X509_NAME *X509_CRL_get_issuer(X509_CRL *); @@ -243,8 +243,8 @@ int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); int X509_set_notBefore(X509 *, ASN1_TIME *); int X509_set_notAfter(X509 *, ASN1_TIME *); -int X509_set1_notBefore(X509 *, ASN1_TIME *); -int X509_set1_notAfter(X509 *, ASN1_TIME *); +int X509_set1_notBefore(X509 *, ASN1_TIME *); +int X509_set1_notAfter(X509 *, ASN1_TIME *); EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); @@ -270,7 +270,7 @@ void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_IS_LIBRESSL int i2d_re_X509_tbs(X509 *x, unsigned char **pp) { /* in 1.0.2+ this function also sets x->cert_info->enc.modified = 1 @@ -282,21 +282,21 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp) } #endif -/* Being kept around for pyOpenSSL */ +/* Being kept around for pyOpenSSL */ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) { - return X509_REVOKED_dup(rev); + return X509_REVOKED_dup(rev); } /* Added in 1.1.0 but we need it in all versions now due to the great opaquing. */ -#if CRYPTOGRAPHY_IS_LIBRESSL -int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) -{ - req->req_info->enc.modified = 1; - return i2d_X509_REQ_INFO(req->req_info, pp); -} -int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { - crl->crl->enc.modified = 1; - return i2d_X509_CRL_INFO(crl->crl, pp); -} +#if CRYPTOGRAPHY_IS_LIBRESSL +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) +{ + req->req_info->enc.modified = 1; + return i2d_X509_REQ_INFO(req->req_info, pp); +} +int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { + crl->crl->enc.modified = 1; + return i2d_X509_CRL_INFO(crl->crl, pp); +} #endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/x509_vfy.py b/contrib/python/cryptography/_cffi_src/openssl/x509_vfy.py index b93f41f9db..ba3d3dbb14 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/x509_vfy.py +++ b/contrib/python/cryptography/_cffi_src/openssl/x509_vfy.py @@ -19,9 +19,9 @@ typedef STACK_OF(X509_OBJECT) Cryptography_STACK_OF_X509_OBJECT; """ TYPES = """ -static const long Cryptography_HAS_102_VERIFICATION; -static const long Cryptography_HAS_110_VERIFICATION_PARAMS; -static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER; +static const long Cryptography_HAS_102_VERIFICATION; +static const long Cryptography_HAS_110_VERIFICATION_PARAMS; +static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER; typedef ... Cryptography_STACK_OF_ASN1_OBJECT; typedef ... Cryptography_STACK_OF_X509_OBJECT; @@ -31,8 +31,8 @@ typedef ... X509_STORE; typedef ... X509_VERIFY_PARAM; typedef ... X509_STORE_CTX; -typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **, X509_STORE_CTX *, X509 *); - +typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **, X509_STORE_CTX *, X509 *); + /* While these are defined in the source as ints, they're tagged here as longs, just in case they ever grow to large, such as what we saw with OP_ALL. */ @@ -126,13 +126,13 @@ static const long X509_V_FLAG_PARTIAL_CHAIN; static const long X509_LU_X509; static const long X509_LU_CRL; - -static const long X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; -static const long X509_CHECK_FLAG_NO_WILDCARDS; -static const long X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; -static const long X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; -static const long X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; -static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; + +static const long X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; +static const long X509_CHECK_FLAG_NO_WILDCARDS; +static const long X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; +static const long X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; +static const long X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; +static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; """ FUNCTIONS = """ @@ -171,7 +171,7 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *); X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *); int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *); void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int); -int X509_STORE_CTX_get1_issuer(X509 **, X509_STORE_CTX *, X509 *); +int X509_STORE_CTX_get1_issuer(X509 **, X509_STORE_CTX *, X509 *); /* X509_VERIFY_PARAM */ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); @@ -211,18 +211,18 @@ X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *); Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *); X509 *X509_OBJECT_get0_X509(X509_OBJECT *); int X509_OBJECT_get_type(const X509_OBJECT *); - -/* added in 1.1.0 */ -X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *); -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *); -void X509_STORE_set_get_issuer(X509_STORE *, X509_STORE_CTX_get_issuer_fn); + +/* added in 1.1.0 */ +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *); +X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *); +void X509_STORE_set_get_issuer(X509_STORE *, X509_STORE_CTX_get_issuer_fn); """ CUSTOMIZATIONS = """ -#if !CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_102_VERIFICATION = 1; +#if !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_102_VERIFICATION = 1; #else -static const long Cryptography_HAS_102_VERIFICATION = 0; +static const long Cryptography_HAS_102_VERIFICATION = 0; static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; @@ -234,22 +234,22 @@ static const long X509_V_FLAG_SUITEB_192_LOS = 0; static const long X509_V_FLAG_SUITEB_128_LOS = 0; #endif -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 0; -#ifndef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT -static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0; -#endif -#else -static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1; -#endif - -#if CRYPTOGRAPHY_IS_LIBRESSL -static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0; -typedef void *X509_STORE_CTX_get_issuer_fn; -X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL; -void (*X509_STORE_set_get_issuer)(X509_STORE *, - X509_STORE_CTX_get_issuer_fn) = NULL; -#else -static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1; -#endif +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 0; +#ifndef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT +static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0; +#endif +#else +static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1; +#endif + +#if CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0; +typedef void *X509_STORE_CTX_get_issuer_fn; +X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL; +void (*X509_STORE_set_get_issuer)(X509_STORE *, + X509_STORE_CTX_get_issuer_fn) = NULL; +#else +static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1; +#endif """ diff --git a/contrib/python/cryptography/_cffi_src/openssl/x509name.py b/contrib/python/cryptography/_cffi_src/openssl/x509name.py index 25150762f8..1fbe26aa74 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/x509name.py +++ b/contrib/python/cryptography/_cffi_src/openssl/x509name.py @@ -35,12 +35,12 @@ void X509_NAME_ENTRY_free(X509_NAME_ENTRY *); int X509_NAME_get_index_by_NID(X509_NAME *, int, int); int X509_NAME_cmp(const X509_NAME *, const X509_NAME *); X509_NAME *X509_NAME_dup(X509_NAME *); -int X509_NAME_ENTRY_set(X509_NAME_ENTRY *); +int X509_NAME_ENTRY_set(X509_NAME_ENTRY *); /* These became const X509_NAME * in 1.1.0 */ int X509_NAME_entry_count(X509_NAME *); X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *, int); char *X509_NAME_oneline(X509_NAME *, char *, int); -int X509_NAME_print_ex(BIO *, X509_NAME *, int, unsigned long); +int X509_NAME_print_ex(BIO *, X509_NAME *, int, unsigned long); /* These became const X509_NAME_ENTRY * in 1.1.0 */ ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *); diff --git a/contrib/python/cryptography/_cffi_src/openssl/x509v3.py b/contrib/python/cryptography/_cffi_src/openssl/x509v3.py index 9cf56b64ff..5968120652 100644 --- a/contrib/python/cryptography/_cffi_src/openssl/x509v3.py +++ b/contrib/python/cryptography/_cffi_src/openssl/x509v3.py @@ -142,15 +142,15 @@ typedef struct { } DIST_POINT; typedef struct { - DIST_POINT_NAME *distpoint; - int onlyuser; - int onlyCA; - ASN1_BIT_STRING *onlysomereasons; - int indirectCRL; - int onlyattr; -} ISSUING_DIST_POINT; - -typedef struct { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +} ISSUING_DIST_POINT; + +typedef struct { ASN1_STRING *organization; Cryptography_STACK_OF_ASN1_INTEGER *noticenos; } NOTICEREF; @@ -175,9 +175,9 @@ typedef struct { } POLICYINFO; typedef void (*sk_GENERAL_NAME_freefunc)(GENERAL_NAME *); -typedef void (*sk_DIST_POINT_freefunc)(DIST_POINT *); -typedef void (*sk_POLICYINFO_freefunc)(POLICYINFO *); -typedef void (*sk_ACCESS_DESCRIPTION_freefunc)(ACCESS_DESCRIPTION *); +typedef void (*sk_DIST_POINT_freefunc)(DIST_POINT *); +typedef void (*sk_POLICYINFO_freefunc)(POLICYINFO *); +typedef void (*sk_ACCESS_DESCRIPTION_freefunc)(ACCESS_DESCRIPTION *); """ @@ -229,8 +229,8 @@ ACCESS_DESCRIPTION *sk_ACCESS_DESCRIPTION_value( Cryptography_STACK_OF_ACCESS_DESCRIPTION *, int ); void sk_ACCESS_DESCRIPTION_free(Cryptography_STACK_OF_ACCESS_DESCRIPTION *); -void sk_ACCESS_DESCRIPTION_pop_free(Cryptography_STACK_OF_ACCESS_DESCRIPTION *, - sk_ACCESS_DESCRIPTION_freefunc); +void sk_ACCESS_DESCRIPTION_pop_free(Cryptography_STACK_OF_ACCESS_DESCRIPTION *, + sk_ACCESS_DESCRIPTION_freefunc); int sk_ACCESS_DESCRIPTION_push(Cryptography_STACK_OF_ACCESS_DESCRIPTION *, ACCESS_DESCRIPTION *); @@ -245,18 +245,18 @@ void sk_DIST_POINT_free(Cryptography_STACK_OF_DIST_POINT *); int sk_DIST_POINT_num(Cryptography_STACK_OF_DIST_POINT *); DIST_POINT *sk_DIST_POINT_value(Cryptography_STACK_OF_DIST_POINT *, int); int sk_DIST_POINT_push(Cryptography_STACK_OF_DIST_POINT *, DIST_POINT *); -void sk_DIST_POINT_pop_free(Cryptography_STACK_OF_DIST_POINT *, - sk_DIST_POINT_freefunc); -void CRL_DIST_POINTS_free(Cryptography_STACK_OF_DIST_POINT *); +void sk_DIST_POINT_pop_free(Cryptography_STACK_OF_DIST_POINT *, + sk_DIST_POINT_freefunc); +void CRL_DIST_POINTS_free(Cryptography_STACK_OF_DIST_POINT *); void sk_POLICYINFO_free(Cryptography_STACK_OF_POLICYINFO *); int sk_POLICYINFO_num(Cryptography_STACK_OF_POLICYINFO *); POLICYINFO *sk_POLICYINFO_value(Cryptography_STACK_OF_POLICYINFO *, int); int sk_POLICYINFO_push(Cryptography_STACK_OF_POLICYINFO *, POLICYINFO *); Cryptography_STACK_OF_POLICYINFO *sk_POLICYINFO_new_null(void); -void sk_POLICYINFO_pop_free(Cryptography_STACK_OF_POLICYINFO *, - sk_POLICYINFO_freefunc); -void CERTIFICATEPOLICIES_free(Cryptography_STACK_OF_POLICYINFO *); +void sk_POLICYINFO_pop_free(Cryptography_STACK_OF_POLICYINFO *, + sk_POLICYINFO_freefunc); +void CERTIFICATEPOLICIES_free(Cryptography_STACK_OF_POLICYINFO *); POLICYINFO *POLICYINFO_new(void); void POLICYINFO_free(POLICYINFO *); @@ -305,9 +305,9 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *); GENERAL_NAME *GENERAL_NAME_new(void); void GENERAL_NAME_free(GENERAL_NAME *); - -ISSUING_DIST_POINT *ISSUING_DIST_POINT_new(void); -void ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *); + +ISSUING_DIST_POINT *ISSUING_DIST_POINT_new(void); +void ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *); """ CUSTOMIZATIONS = """ diff --git a/contrib/python/cryptography/_cffi_src/utils.py b/contrib/python/cryptography/_cffi_src/utils.py index 3682879e6b..56745a3e5b 100644 --- a/contrib/python/cryptography/_cffi_src/utils.py +++ b/contrib/python/cryptography/_cffi_src/utils.py @@ -4,7 +4,7 @@ from __future__ import absolute_import, division, print_function -import os +import os import sys from distutils.ccompiler import new_compiler from distutils.dist import Distribution @@ -12,27 +12,27 @@ from distutils.dist import Distribution from cffi import FFI -# Load the cryptography __about__ to get the current package version -base_src = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) -about = {} -with open(os.path.join(base_src, "cryptography", "__about__.py")) as f: - exec (f.read(), about) - - -def build_ffi_for_binding( - module_name, - module_prefix, - modules, - libraries=[], - extra_compile_args=[], - extra_link_args=[], -): +# Load the cryptography __about__ to get the current package version +base_src = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) +about = {} +with open(os.path.join(base_src, "cryptography", "__about__.py")) as f: + exec (f.read(), about) + + +def build_ffi_for_binding( + module_name, + module_prefix, + modules, + libraries=[], + extra_compile_args=[], + extra_link_args=[], +): """ Modules listed in ``modules`` should have the following attributes: * ``INCLUDES``: A string containing C includes. * ``TYPES``: A string containing C declarations for types. - * ``FUNCTIONS``: A string containing C declarations for functions & macros. + * ``FUNCTIONS``: A string containing C declarations for functions & macros. * ``CUSTOMIZATIONS``: A string containing arbitrary top-level C code, this can be used to do things like test for a define and provide an alternate implementation based on that. @@ -50,10 +50,10 @@ def build_ffi_for_binding( includes.append(module.INCLUDES) customizations.append(module.CUSTOMIZATIONS) - verify_source = "\n".join(includes + customizations) + verify_source = "\n".join(includes + customizations) ffi = build_ffi( module_name, - cdef_source="\n".join(types + functions), + cdef_source="\n".join(types + functions), verify_source=verify_source, libraries=libraries, extra_compile_args=extra_compile_args, @@ -63,20 +63,20 @@ def build_ffi_for_binding( return ffi -def build_ffi( - module_name, - cdef_source, - verify_source, - libraries=[], - extra_compile_args=[], - extra_link_args=[], -): +def build_ffi( + module_name, + cdef_source, + verify_source, + libraries=[], + extra_compile_args=[], + extra_link_args=[], +): ffi = FFI() - # Always add the CRYPTOGRAPHY_PACKAGE_VERSION to the shared object - cdef_source += "\nstatic const char *const CRYPTOGRAPHY_PACKAGE_VERSION;" - verify_source += '\n#define CRYPTOGRAPHY_PACKAGE_VERSION "{}"'.format( - about["__version__"] - ) + # Always add the CRYPTOGRAPHY_PACKAGE_VERSION to the shared object + cdef_source += "\nstatic const char *const CRYPTOGRAPHY_PACKAGE_VERSION;" + verify_source += '\n#define CRYPTOGRAPHY_PACKAGE_VERSION "{}"'.format( + about["__version__"] + ) ffi.cdef(cdef_source) ffi.set_source( module_name, @@ -89,10 +89,10 @@ def build_ffi( def extra_link_args(compiler_type): - if compiler_type == "msvc": + if compiler_type == "msvc": # Enable NX and ASLR for Windows builds on MSVC. These are enabled by # default on Python 3.3+ but not on 2.x. - return ["/NXCOMPAT", "/DYNAMICBASE"] + return ["/NXCOMPAT", "/DYNAMICBASE"] else: return [] @@ -100,11 +100,11 @@ def extra_link_args(compiler_type): def compiler_type(): """ Gets the compiler type from distutils. On Windows with MSVC it will be - "msvc". On macOS and linux it is "unix". + "msvc". On macOS and linux it is "unix". """ dist = Distribution() dist.parse_config_files() - cmd = dist.get_command_obj("build") + cmd = dist.get_command_obj("build") cmd.ensure_finalized() compiler = new_compiler(compiler=cmd.compiler) return compiler.compiler_type |