[pypy-commit] pypy py3.5: update cryptography cffi backend
plan_rich
pypy.commits at gmail.com
Sat Dec 17 04:43:16 EST 2016
Author: Richard Plangger <planrichi at gmail.com>
Branch: py3.5
Changeset: r89109:09da85689a2d
Date: 2016-12-17 10:40 +0100
http://bitbucket.org/pypy/pypy/changeset/09da85689a2d/
Log: update cryptography cffi backend
diff --git a/lib_pypy/_cffi_ssl/README.md b/lib_pypy/_cffi_ssl/README.md
--- a/lib_pypy/_cffi_ssl/README.md
+++ b/lib_pypy/_cffi_ssl/README.md
@@ -14,3 +14,7 @@
Copy over all the sources into the folder `lib_pypy/_cffi_ssl/*`. Updating the cffi backend can be simply done by the following command:
$ cp -r <cloned cryptography folder>/src/_cffi_src/* .
+
+# Crpytography version
+
+`c8f47ad2122efdd5e772aee13ed5d4c64e7d6086`
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
@@ -68,6 +68,7 @@
"objects",
"ocsp",
"opensslv",
+ "osrandom_engine",
"pem",
"pkcs12",
"rand",
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
@@ -10,7 +10,6 @@
TYPES = """
static const int Cryptography_HAS_AES_WRAP;
-static const int Cryptography_HAS_AES_CTR128_ENCRYPT;
struct aes_key_st {
...;
@@ -29,22 +28,8 @@
"""
MACROS = """
-/* The ctr128_encrypt function is only useful in 1.0.0. We can use EVP for
- this in 1.0.1+. */
-void AES_ctr128_encrypt(const unsigned char *, unsigned char *,
- size_t, const AES_KEY *, unsigned char[],
- unsigned char[], unsigned int *);
"""
CUSTOMIZATIONS = """
static const long Cryptography_HAS_AES_WRAP = 1;
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER)
-static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 0;
-void (*AES_ctr128_encrypt)(const unsigned char *, unsigned char *,
- size_t, const AES_KEY *,
- unsigned char[], unsigned char[],
- unsigned int *) = NULL;
-#else
-static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 1;
-#endif
"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
@@ -5,7 +5,7 @@
from __future__ import absolute_import, division, print_function
INCLUDES = """
-#if !defined(OPENSSL_NO_CMAC) && CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
+#if !defined(OPENSSL_NO_CMAC)
#include <openssl/cmac.h>
#endif
"""
@@ -28,7 +28,7 @@
"""
CUSTOMIZATIONS = """
-#if !defined(OPENSSL_NO_CMAC) && CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
+#if !defined(OPENSSL_NO_CMAC)
static const long Cryptography_HAS_CMAC = 1;
#else
static const long Cryptography_HAS_CMAC = 0;
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py
@@ -17,8 +17,6 @@
#include <windows.h>
#endif
-#define CRYPTOGRAPHY_OPENSSL_101_OR_GREATER \
- (OPENSSL_VERSION_NUMBER >= 0x10001000)
#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10002000)
#define CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER \
@@ -26,8 +24,6 @@
#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10100000)
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_101 \
- (OPENSSL_VERSION_NUMBER < 0x10001000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \
(OPENSSL_VERSION_NUMBER < 0x10002000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102BETA3 \
@@ -51,12 +47,8 @@
"""
TYPES = """
-static const int CRYPTOGRAPHY_OPENSSL_101_OR_GREATER;
-
static const int CRYPTOGRAPHY_OPENSSL_110_OR_GREATER;
-static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_101;
-
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I;
static const int CRYPTOGRAPHY_IS_LIBRESSL;
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py
@@ -14,7 +14,6 @@
TYPES = """
static const int Cryptography_HAS_EC;
-static const int Cryptography_HAS_EC_1_0_1;
static const int Cryptography_HAS_EC2M;
static const int Cryptography_HAS_EC_1_0_2;
@@ -327,13 +326,6 @@
int (*EC_METHOD_get_field_type)(const EC_METHOD *) = NULL;
-#else
-static const long Cryptography_HAS_EC = 1;
-#endif
-
-#if defined(OPENSSL_NO_EC) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_101
-static const long Cryptography_HAS_EC_1_0_1 = 0;
-
int (*EC_KEY_get_flags)(const EC_KEY *) = NULL;
void (*EC_KEY_set_flags)(EC_KEY *, int) = NULL;
void (*EC_KEY_clear_flags)(EC_KEY *, int) = NULL;
@@ -341,10 +333,9 @@
int (*EC_KEY_set_public_key_affine_coordinates)(
EC_KEY *, BIGNUM *, BIGNUM *) = NULL;
#else
-static const long Cryptography_HAS_EC_1_0_1 = 1;
+static const long Cryptography_HAS_EC = 1;
#endif
-
#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_EC2M)
static const long Cryptography_HAS_EC2M = 0;
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/evp.py
@@ -25,13 +25,6 @@
static const int EVP_CTRL_GCM_GET_TAG;
static const int EVP_CTRL_GCM_SET_TAG;
-typedef struct {
- int type;
- int alias;
- const char *name;
- const char *data;
-} OBJ_NAME;
-
static const int Cryptography_HAS_GCM;
static const int Cryptography_HAS_PBKDF2_HMAC;
static const int Cryptography_HAS_PKEY_CTX;
@@ -143,7 +136,6 @@
without worrying about what OpenSSL we're running against. */
EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void);
void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *);
-void OBJ_NAME_do_all(int, void (*) (const OBJ_NAME *, void *), void *);
"""
MACROS = """
@@ -164,7 +156,7 @@
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *);
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *, EC_KEY *);
-int EVP_MD_CTX_block_size(const EVP_MD_CTX *md);
+int EVP_MD_CTX_block_size(const EVP_MD_CTX *);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *);
@@ -176,7 +168,6 @@
int EVP_PBE_scrypt(const char *, size_t, const unsigned char *, size_t,
uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *,
size_t);
-#define OBJ_NAME_TYPE_MD_METH ...
"""
CUSTOMIZATIONS = """
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/objects.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/objects.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/objects.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/objects.py
@@ -9,6 +9,14 @@
"""
TYPES = """
+typedef struct {
+ int type;
+ int alias;
+ const char *name;
+ const char *data;
+} OBJ_NAME;
+
+static const long OBJ_NAME_TYPE_MD_METH;
"""
FUNCTIONS = """
@@ -24,6 +32,7 @@
int OBJ_cmp(const ASN1_OBJECT *, const ASN1_OBJECT *);
ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *);
int OBJ_create(const char *, const char *, const char *);
+void OBJ_NAME_do_all(int, void (*) (const OBJ_NAME *, void *), void *);
"""
MACROS = """
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py
@@ -20,7 +20,6 @@
static const int RSA_F4;
static const int Cryptography_HAS_PSS_PADDING;
-static const int Cryptography_HAS_MGF1_MD;
static const int Cryptography_HAS_RSA_OAEP_MD;
"""
@@ -73,12 +72,6 @@
CUSTOMIZATIONS = """
static const long Cryptography_HAS_PSS_PADDING = 1;
-#if CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
-static const long Cryptography_HAS_MGF1_MD = 1;
-#else
-static const long Cryptography_HAS_MGF1_MD = 0;
-int (*EVP_PKEY_CTX_set_rsa_mgf1_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL;
-#endif
#if defined(EVP_PKEY_CTX_set_rsa_oaep_md)
static const long Cryptography_HAS_RSA_OAEP_MD = 1;
#else
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
@@ -25,7 +25,6 @@
static const long Cryptography_HAS_GET_SERVER_TMP_KEY;
static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE;
static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
-static const long Cryptography_HAS_NPN_NEGOTIATED;
/* Internally invented symbol to tell us if SNI is supported */
static const long Cryptography_HAS_TLSEXT_HOSTNAME;
@@ -44,8 +43,8 @@
static const long Cryptography_HAS_SSL_SET_SSL_CTX;
static const long Cryptography_HAS_SSL_OP_NO_TICKET;
static const long Cryptography_HAS_NETBSD_D1_METH;
+static const long Cryptography_HAS_ALPN;
static const long Cryptography_HAS_NEXTPROTONEG;
-static const long Cryptography_HAS_ALPN;
static const long Cryptography_HAS_SET_CERT_CB;
static const long SSL_FILETYPE_PEM;
@@ -141,6 +140,7 @@
typedef ... SSL;
static const long TLSEXT_NAMETYPE_host_name;
+static const long TLSEXT_STATUSTYPE_ocsp;
typedef ... SSL_CIPHER;
typedef ... Cryptography_STACK_OF_SSL_CIPHER;
@@ -362,9 +362,6 @@
long SSL_session_reused(SSL *);
-/* NPN APIs were introduced in OpenSSL 1.0.1. To continue to support earlier
- * versions some special handling of these is necessary.
- */
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *,
int (*)(SSL *,
const unsigned char **,
@@ -413,7 +410,7 @@
/* Added in 1.0.2 */
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *);
-/* Added in 1.0.1 */
+
int SSL_SESSION_set1_id_context(SSL_SESSION *, const unsigned char *,
unsigned int);
/* Added in 1.1.0 for the great opaquing of structs */
@@ -437,28 +434,6 @@
"""
CUSTOMIZATIONS = """
-/* Added in 1.0.1 but we need it in all versions now due to the great
- opaquing. */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_101
-/* from ssl.h */
-#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
-/* from ssl/ssl_sess.c */
-int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
- unsigned int sid_ctx_len)
-{
- if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
- SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
- SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
- }
- s->sid_ctx_length = sid_ctx_len;
- memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
-
- return 1;
-}
-#endif
-
/* Added in 1.0.2 but we need it in all versions now due to the great
opaquing. */
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || defined(LIBRESSL_VERSION_NUMBER)
@@ -604,36 +579,7 @@
static const long Cryptography_HAS_NETBSD_D1_METH = 1;
#endif
-/* Because OPENSSL defines macros that claim lack of support for things, rather
- * than macros that claim support for things, we need to do a version check in
- * addition to a definition check. NPN was added in 1.0.1: for any version
- * before that, there is no compatibility.
- */
-#if defined(OPENSSL_NO_NEXTPROTONEG) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_101
-static const long Cryptography_HAS_NEXTPROTONEG = 0;
-void (*SSL_CTX_set_next_protos_advertised_cb)(SSL_CTX *,
- int (*)(SSL *,
- const unsigned char **,
- unsigned int *,
- void *),
- void *) = NULL;
-void (*SSL_CTX_set_next_proto_select_cb)(SSL_CTX *,
- int (*)(SSL *,
- unsigned char **,
- unsigned char *,
- const unsigned char *,
- unsigned int,
- void *),
- void *) = NULL;
-int (*SSL_select_next_proto)(unsigned char **, unsigned char *,
- const unsigned char *, unsigned int,
- const unsigned char *, unsigned int) = NULL;
-void (*SSL_get0_next_proto_negotiated)(const SSL *,
- const unsigned char **,
- unsigned *) = NULL;
-#else
static const long Cryptography_HAS_NEXTPROTONEG = 1;
-#endif
/* ALPN was added in OpenSSL 1.0.2. */
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !defined(LIBRESSL_VERSION_NUMBER)
@@ -706,13 +652,4 @@
static const long TLS_ST_BEFORE = 0;
static const long TLS_ST_OK = 0;
#endif
-
-/* This define is available in 1.0.1+ so we can remove this when we drop
- support for 1.0.0 */
-#ifdef OPENSSL_NPN_NEGOTIATED
-static const long Cryptography_HAS_NPN_NEGOTIATED = 1;
-#else
-static const long OPENSSL_NPN_NEGOTIATED = -1;
-static const long Cryptography_HAS_NPN_NEGOTIATED = 0;
-#endif
"""
More information about the pypy-commit
mailing list