388 lines
13 KiB
Diff
388 lines
13 KiB
Diff
--- a/src/_cffi_src/openssl/bio.py
|
|
+++ b/src/_cffi_src/openssl/bio.py
|
|
@@ -41,4 +41,7 @@
|
|
"""
|
|
|
|
CUSTOMIZATIONS = """
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+int (*BIO_up_ref)(BIO *) = NULL;
|
|
+#endif
|
|
"""
|
|
--- a/src/_cffi_src/openssl/cryptography.py
|
|
+++ b/src/_cffi_src/openssl/cryptography.py
|
|
@@ -36,6 +36,8 @@
|
|
#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
|
|
(OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
|
|
|
|
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \
|
|
+ (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL)
|
|
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
|
|
(OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL)
|
|
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \
|
|
@@ -44,6 +46,10 @@
|
|
(OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL)
|
|
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \
|
|
(OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL)
|
|
+
|
|
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
|
|
+ (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL)
|
|
+
|
|
#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \
|
|
!defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING)
|
|
#define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1
|
|
--- a/src/_cffi_src/openssl/crypto.py
|
|
+++ b/src/_cffi_src/openssl/crypto.py
|
|
@@ -51,6 +51,10 @@
|
|
"""
|
|
|
|
CUSTOMIZATIONS = """
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+void (*OPENSSL_cleanup)(void) = NULL;
|
|
+#endif
|
|
+
|
|
/* In 1.1.0 SSLeay has finally been retired. We bidirectionally define the
|
|
values so you can use either one. This is so we can use the new function
|
|
names no matter what OpenSSL we're running on, but users on older pyOpenSSL
|
|
--- a/src/_cffi_src/openssl/dh.py
|
|
+++ b/src/_cffi_src/openssl/dh.py
|
|
@@ -38,6 +38,15 @@
|
|
"""
|
|
|
|
CUSTOMIZATIONS = """
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+/* added in 1.1.0 when the DH struct was opaqued */
|
|
+void (*DH_get0_pqg)(const DH *, const BIGNUM **, const BIGNUM **,
|
|
+ const BIGNUM **) = NULL;
|
|
+int (*DH_set0_pqg)(DH *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL;
|
|
+void (*DH_get0_key)(const DH *, const BIGNUM **, const BIGNUM **) = NULL;
|
|
+int (*DH_set0_key)(DH *, BIGNUM *, BIGNUM *) = NULL;
|
|
+#endif
|
|
+
|
|
#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
#ifndef DH_CHECK_Q_NOT_PRIME
|
|
#define DH_CHECK_Q_NOT_PRIME 0x10
|
|
--- a/src/_cffi_src/openssl/dsa.py
|
|
+++ b/src/_cffi_src/openssl/dsa.py
|
|
@@ -34,4 +34,11 @@
|
|
"""
|
|
|
|
CUSTOMIZATIONS = """
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+void (*DSA_get0_pqg)(const DSA *, const BIGNUM **, const BIGNUM **,
|
|
+ const BIGNUM **) = NULL;
|
|
+int (*DSA_set0_pqg)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL;
|
|
+void (*DSA_get0_key)(const DSA *, const BIGNUM **, const BIGNUM **);
|
|
+int (*DSA_set0_key)(DSA *, BIGNUM *, BIGNUM *) = NULL;
|
|
+#endif
|
|
"""
|
|
--- a/src/_cffi_src/openssl/evp.py
|
|
+++ b/src/_cffi_src/openssl/evp.py
|
|
@@ -134,6 +134,7 @@
|
|
const unsigned char *, size_t);
|
|
int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t,
|
|
const unsigned char *, size_t);
|
|
+
|
|
/* Added in 1.1.0 */
|
|
size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *, unsigned char **);
|
|
int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *, const unsigned char *,
|
|
@@ -179,12 +180,32 @@
|
|
return EVP_PKEY_id(key);
|
|
}
|
|
EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) {
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+ return EVP_MD_CTX_create();
|
|
+#else
|
|
return EVP_MD_CTX_new();
|
|
+#endif
|
|
}
|
|
+
|
|
void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *md) {
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+ EVP_MD_CTX_destroy(md);
|
|
+#else
|
|
EVP_MD_CTX_free(md);
|
|
+#endif
|
|
}
|
|
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+EVP_MD_CTX *(*EVP_MD_CTX_new)(void) = NULL;
|
|
+void (*EVP_MD_CTX_free)(EVP_MD_CTX *) = NULL;
|
|
+int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t,
|
|
+ uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *,
|
|
+ size_t) = NULL;
|
|
+size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL;
|
|
+int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
|
|
+ size_t) = NULL;
|
|
+#endif
|
|
+
|
|
#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_SCRYPT)
|
|
static const long Cryptography_HAS_SCRYPT = 0;
|
|
int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t,
|
|
--- a/src/_cffi_src/openssl/hmac.py
|
|
+++ b/src/_cffi_src/openssl/hmac.py
|
|
@@ -23,4 +23,8 @@
|
|
"""
|
|
|
|
CUSTOMIZATIONS = """
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+HMAC_CTX *(*HMAC_CTX_new)(void) = NULL;
|
|
+void (*HMAC_CTX_free)(HMAC_CTX *ctx) = NULL;
|
|
+#endif
|
|
"""
|
|
--- a/src/_cffi_src/openssl/nid.py
|
|
+++ b/src/_cffi_src/openssl/nid.py
|
|
@@ -31,12 +31,24 @@
|
|
"""
|
|
|
|
CUSTOMIZATIONS = """
|
|
+#ifndef NID_X25519
|
|
+static const long Cryptography_HAS_X25519 = 0;
|
|
+static const int NID_X25519 = 0;
|
|
+#else
|
|
+static const long Cryptography_HAS_X25519 = 1;
|
|
+#endif
|
|
#ifndef NID_ED25519
|
|
static const long Cryptography_HAS_ED25519 = 0;
|
|
static const int NID_ED25519 = 0;
|
|
#else
|
|
static const long Cryptography_HAS_ED25519 = 1;
|
|
#endif
|
|
+#ifndef NID_X448
|
|
+static const long Cryptography_HAS_X448 = 0;
|
|
+static const int NID_X448 = 0;
|
|
+#else
|
|
+static const long Cryptography_HAS_X448 = 1;
|
|
+#endif
|
|
#ifndef NID_ED448
|
|
static const long Cryptography_HAS_ED448 = 0;
|
|
static const int NID_ED448 = 0;
|
|
--- a/src/_cffi_src/openssl/ocsp.py
|
|
+++ b/src/_cffi_src/openssl/ocsp.py
|
|
@@ -78,7 +78,7 @@
|
|
|
|
CUSTOMIZATIONS = """
|
|
#if ( \
|
|
- !CRYPTOGRAPHY_IS_LIBRESSL && \
|
|
+ CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && \
|
|
CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
|
|
)
|
|
/* These structs come from ocsp_lcl.h and are needed to de-opaque the struct
|
|
@@ -105,7 +105,7 @@
|
|
};
|
|
#endif
|
|
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */
|
|
const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
|
|
{
|
|
@@ -147,7 +147,7 @@
|
|
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J
|
|
const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
|
|
{
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
return bs->signatureAlgorithm;
|
|
#else
|
|
return &bs->signatureAlgorithm;
|
|
@@ -156,7 +156,7 @@
|
|
|
|
const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
|
|
{
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
return bs->tbsResponseData;
|
|
#else
|
|
return &bs->tbsResponseData;
|
|
--- a/src/_cffi_src/openssl/rsa.py
|
|
+++ b/src/_cffi_src/openssl/rsa.py
|
|
@@ -58,4 +58,20 @@
|
|
int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *,
|
|
int) = NULL;
|
|
#endif
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+int (*RSA_set0_key)(RSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL;
|
|
+int (*RSA_set0_factors)(RSA *, BIGNUM *, BIGNUM *) = NULL;
|
|
+int (*RSA_set0_crt_params)(RSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL;
|
|
+void (*RSA_get0_key)(const RSA *, const BIGNUM **, const BIGNUM **,
|
|
+ const BIGNUM **) = NULL;
|
|
+void (*RSA_get0_factors)(const RSA *, const BIGNUM **, const BIGNUM **) = NULL;
|
|
+void (*RSA_get0_crt_params)(const RSA *, const BIGNUM **, const BIGNUM **,
|
|
+ const BIGNUM **) = NULL;
|
|
+int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL;
|
|
+int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL;
|
|
+int (*EVP_PKEY_CTX_set_rsa_mgf1_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL;
|
|
+int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *, int) = NULL;
|
|
+
|
|
+//int (*EVP_PKEY_CTX_set_rsa_oaep_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL;
|
|
+#endif
|
|
"""
|
|
--- a/src/_cffi_src/openssl/ssl.py
|
|
+++ b/src/_cffi_src/openssl/ssl.py
|
|
@@ -510,7 +510,7 @@
|
|
// users have upgraded. PersistentlyDeprecated2020
|
|
static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1;
|
|
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
static const long Cryptography_HAS_VERIFIED_CHAIN = 0;
|
|
Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL;
|
|
#else
|
|
@@ -563,7 +563,7 @@
|
|
|
|
/* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were
|
|
removed */
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
static const long Cryptography_HAS_SSL_ST = 1;
|
|
#else
|
|
static const long Cryptography_HAS_SSL_ST = 0;
|
|
@@ -572,7 +572,7 @@
|
|
static const long SSL_ST_INIT = 0;
|
|
static const long SSL_ST_RENEGOTIATE = 0;
|
|
#endif
|
|
-#if !CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
|
|
static const long Cryptography_HAS_TLS_ST = 1;
|
|
#else
|
|
static const long Cryptography_HAS_TLS_ST = 0;
|
|
@@ -702,4 +702,28 @@
|
|
#else
|
|
static const long Cryptography_HAS_GET_PROTO_VERSION = 1;
|
|
#endif
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+const SSL_METHOD *(*TLS_method)(void) = NULL;
|
|
+const SSL_METHOD *(*TLS_server_method)(void) = NULL;
|
|
+const SSL_METHOD *(*TLS_client_method)(void) = NULL;
|
|
+
|
|
+int (*SSL_CIPHER_is_aead)(const SSL_CIPHER *) = NULL;
|
|
+int (*SSL_CIPHER_get_cipher_nid)(const SSL_CIPHER *) = NULL;
|
|
+int (*SSL_CIPHER_get_digest_nid)(const SSL_CIPHER *) = NULL;
|
|
+int (*SSL_CIPHER_get_kx_nid)(const SSL_CIPHER *) = NULL;
|
|
+int (*SSL_CIPHER_get_auth_nid)(const SSL_CIPHER *) = NULL;
|
|
+
|
|
+long (*SSL_CTX_set_min_proto_version)(SSL_CTX *, int) = NULL;
|
|
+long (*SSL_CTX_set_max_proto_version)(SSL_CTX *, int) = NULL;
|
|
+long (*SSL_set_min_proto_version)(SSL *, int) = NULL;
|
|
+long (*SSL_set_max_proto_version)(SSL *, int) = NULL;
|
|
+
|
|
+int (*SSL_SESSION_has_ticket)(const SSL_SESSION *) = NULL;
|
|
+long (*SSL_SESSION_get_ticket_lifetime_hint)(const SSL_SESSION *) = NULL;
|
|
+
|
|
+size_t (*SSL_SESSION_get_master_key)(const SSL_SESSION *, unsigned char *,
|
|
+ size_t) = NULL;
|
|
+size_t (*SSL_get_client_random)(const SSL *, unsigned char *, size_t) = NULL;
|
|
+size_t (*SSL_get_server_random)(const SSL *, unsigned char *, size_t) = NULL;
|
|
+#endif
|
|
"""
|
|
--- a/src/_cffi_src/openssl/x509name.py
|
|
+++ b/src/_cffi_src/openssl/x509name.py
|
|
@@ -75,4 +75,7 @@
|
|
"""
|
|
|
|
CUSTOMIZATIONS = """
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
+int (*X509_NAME_ENTRY_set)(X509_NAME_ENTRY *) = NULL;
|
|
+#endif
|
|
"""
|
|
--- a/src/_cffi_src/openssl/x509.py
|
|
+++ b/src/_cffi_src/openssl/x509.py
|
|
@@ -288,7 +288,7 @@
|
|
}
|
|
/* Added in 1.1.0 but we need it in all versions now due to the great
|
|
opaquing. */
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
|
|
{
|
|
req->req_info->enc.modified = 1;
|
|
@@ -298,5 +298,45 @@
|
|
crl->crl->enc.modified = 1;
|
|
return i2d_X509_CRL_INFO(crl->crl, pp);
|
|
}
|
|
+
|
|
+int X509_up_ref(X509 *x) {
|
|
+ return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
|
|
+}
|
|
+
|
|
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
|
|
+{
|
|
+ return x->cert_info->signature;
|
|
+}
|
|
+
|
|
+/* from x509/x509_req.c */
|
|
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
|
|
+ const X509_ALGOR **palg)
|
|
+{
|
|
+ if (psig != NULL)
|
|
+ *psig = req->signature;
|
|
+ if (palg != NULL)
|
|
+ *palg = req->sig_alg;
|
|
+}
|
|
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
|
|
+ const X509_ALGOR **palg)
|
|
+{
|
|
+ if (psig != NULL)
|
|
+ *psig = crl->signature;
|
|
+ if (palg != NULL)
|
|
+ *palg = crl->sig_alg;
|
|
+}
|
|
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
|
|
+{
|
|
+ return x->revocationDate;
|
|
+}
|
|
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
|
|
+{
|
|
+ return x->serialNumber;
|
|
+}
|
|
+
|
|
+#define X509_set1_notBefore X509_set_notBefore
|
|
+#define X509_set1_notAfter X509_set_notAfter
|
|
+#define X509_getm_notAfter X509_get_notAfter
|
|
+#define X509_getm_notBefore X509_get_notBefore
|
|
#endif
|
|
"""
|
|
--- a/src/_cffi_src/openssl/x509_vfy.py
|
|
+++ b/src/_cffi_src/openssl/x509_vfy.py
|
|
@@ -234,7 +234,7 @@
|
|
static const long X509_V_FLAG_SUITEB_128_LOS = 0;
|
|
#endif
|
|
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
|
|
static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 0;
|
|
#ifndef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
|
|
static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0;
|
|
@@ -243,7 +243,30 @@
|
|
static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1;
|
|
#endif
|
|
|
|
-#if CRYPTOGRAPHY_IS_LIBRESSL
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
|
|
+Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) {
|
|
+ return ctx->objs;
|
|
+}
|
|
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) {
|
|
+ return store->param;
|
|
+}
|
|
+int X509_OBJECT_get_type(const X509_OBJECT *x) {
|
|
+ return x->type;
|
|
+}
|
|
+
|
|
+/* from x509/x509_vfy.c */
|
|
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
|
|
+{
|
|
+ return ctx->cert;
|
|
+}
|
|
+
|
|
+X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
|
|
+ return x->data.x509;
|
|
+}
|
|
+#endif
|
|
+
|
|
+
|
|
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
|
|
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0;
|
|
typedef void *X509_STORE_CTX_get_issuer_fn;
|
|
X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL;
|