[pypy-commit] pypy py3.5-ssl: copy changes made to cryptography, rename method name of call site
plan_rich
pypy.commits at gmail.com
Thu Nov 17 08:19:47 EST 2016
Author: Richard Plangger <planrichi at gmail.com>
Branch: py3.5-ssl
Changeset: r88435:74ee14214a4e
Date: 2016-11-17 14:18 +0100
http://bitbucket.org/pypy/pypy/changeset/74ee14214a4e/
Log: copy changes made to cryptography, rename method name of call site
diff --git a/lib_pypy/openssl/_cffi_src/build_openssl.py b/lib_pypy/openssl/_cffi_src/build_openssl.py
--- a/lib_pypy/openssl/_cffi_src/build_openssl.py
+++ b/lib_pypy/openssl/_cffi_src/build_openssl.py
@@ -7,7 +7,7 @@
import os
import sys
-from openssl._cffi_src.utils import (
+from _cffi_src.utils import (
build_ffi_for_binding, compiler_type, extra_link_args
)
diff --git a/lib_pypy/openssl/_cffi_src/hazmat_src/padding.c b/lib_pypy/openssl/_cffi_src/hazmat_src/padding.c
--- a/lib_pypy/openssl/_cffi_src/hazmat_src/padding.c
+++ b/lib_pypy/openssl/_cffi_src/hazmat_src/padding.c
@@ -4,25 +4,25 @@
/* Returns the value of the input with the most-significant-bit copied to all
of the bits. */
-static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) {
- return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1;
+static uint16_t Cryptography_DUPLICATE_MSB_TO_ALL(uint16_t a) {
+ return (1 - (a >> (sizeof(uint16_t) * 8 - 1))) - 1;
}
-/* This returns 0xFF if a < b else 0x00, but does so in a constant time
+/* This returns 0xFFFF if a < b else 0x0000, but does so in a constant time
fashion */
-static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) {
+static uint16_t Cryptography_constant_time_lt(uint16_t a, uint16_t b) {
a -= b;
return Cryptography_DUPLICATE_MSB_TO_ALL(a);
}
uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data,
- uint8_t block_len) {
- uint8_t i;
- uint8_t pad_size = data[block_len - 1];
- uint8_t mismatch = 0;
+ uint16_t block_len) {
+ uint16_t i;
+ uint16_t pad_size = data[block_len - 1];
+ uint16_t mismatch = 0;
for (i = 0; i < block_len; i++) {
unsigned int mask = Cryptography_constant_time_lt(i, pad_size);
- uint8_t b = data[block_len - 1 - i];
+ uint16_t b = data[block_len - 1 - i];
mismatch |= (mask & (pad_size ^ b));
}
@@ -31,6 +31,7 @@
mismatch |= Cryptography_constant_time_lt(block_len, pad_size);
/* Make sure any bits set are copied to the lowest bit */
+ mismatch |= mismatch >> 8;
mismatch |= mismatch >> 4;
mismatch |= mismatch >> 2;
mismatch |= mismatch >> 1;
@@ -39,14 +40,14 @@
}
uint8_t Cryptography_check_ansix923_padding(const uint8_t *data,
- uint8_t block_len) {
- uint8_t i;
- uint8_t pad_size = data[block_len - 1];
- uint8_t mismatch = 0;
+ uint16_t block_len) {
+ uint16_t i;
+ uint16_t pad_size = data[block_len - 1];
+ uint16_t mismatch = 0;
/* Skip the first one with the pad size */
for (i = 1; i < block_len; i++) {
unsigned int mask = Cryptography_constant_time_lt(i, pad_size);
- uint8_t b = data[block_len - 1 - i];
+ uint16_t b = data[block_len - 1 - i];
mismatch |= (mask & b);
}
@@ -55,6 +56,7 @@
mismatch |= Cryptography_constant_time_lt(block_len, pad_size);
/* Make sure any bits set are copied to the lowest bit */
+ mismatch |= mismatch >> 8;
mismatch |= mismatch >> 4;
mismatch |= mismatch >> 2;
mismatch |= mismatch >> 1;
diff --git a/lib_pypy/openssl/_cffi_src/openssl/callbacks.py b/lib_pypy/openssl/_cffi_src/openssl/callbacks.py
--- a/lib_pypy/openssl/_cffi_src/openssl/callbacks.py
+++ b/lib_pypy/openssl/_cffi_src/openssl/callbacks.py
@@ -12,6 +12,9 @@
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
+#include <openssl/crypto.h>
+
+#include <pythread.h>
"""
TYPES = """
@@ -37,6 +40,7 @@
"""
FUNCTIONS = """
+int _setup_ssl_threads(void);
"""
MACROS = """
@@ -50,4 +54,71 @@
# backwards compatibility for old cffi version on PyPy
# and Python >=3.5 (https://github.com/pyca/cryptography/issues/2970)
TYPES = "static const long Cryptography_STATIC_CALLBACKS;"
- CUSTOMIZATIONS = "static const long Cryptography_STATIC_CALLBACKS = 0;"
+ CUSTOMIZATIONS = """static const long Cryptography_STATIC_CALLBACKS = 0;
+"""
+
+CUSTOMIZATIONS += """
+/* This code is derived from the locking code found in the Python _ssl module's
+ locking callback for OpenSSL.
+
+ Copyright 2001-2016 Python Software Foundation; All Rights Reserved.
+*/
+
+static unsigned int _ssl_locks_count = 0;
+static PyThread_type_lock *_ssl_locks = NULL;
+
+static void _ssl_thread_locking_function(int mode, int n, const char *file,
+ int line) {
+ /* this function is needed to perform locking on shared data
+ structures. (Note that OpenSSL uses a number of global data
+ structures that will be implicitly shared whenever multiple
+ threads use OpenSSL.) Multi-threaded applications will
+ crash at random if it is not set.
+
+ locking_function() must be able to handle up to
+ CRYPTO_num_locks() different mutex locks. It sets the n-th
+ lock if mode & CRYPTO_LOCK, and releases it otherwise.
+
+ file and line are the file number of the function setting the
+ lock. They can be useful for debugging.
+ */
+
+ if ((_ssl_locks == NULL) ||
+ (n < 0) || ((unsigned)n >= _ssl_locks_count)) {
+ return;
+ }
+
+ if (mode & CRYPTO_LOCK) {
+ PyThread_acquire_lock(_ssl_locks[n], 1);
+ } else {
+ PyThread_release_lock(_ssl_locks[n]);
+ }
+}
+
+int _setup_ssl_threads(void) {
+ unsigned int i;
+
+ if (_ssl_locks == NULL) {
+ _ssl_locks_count = CRYPTO_num_locks();
+ _ssl_locks = PyMem_New(PyThread_type_lock, _ssl_locks_count);
+ if (_ssl_locks == NULL) {
+ PyErr_NoMemory();
+ return 0;
+ }
+ memset(_ssl_locks, 0, sizeof(PyThread_type_lock) * _ssl_locks_count);
+ for (i = 0; i < _ssl_locks_count; i++) {
+ _ssl_locks[i] = PyThread_allocate_lock();
+ if (_ssl_locks[i] == NULL) {
+ unsigned int j;
+ for (j = 0; j < i; j++) {
+ PyThread_free_lock(_ssl_locks[j]);
+ }
+ PyMem_Free(_ssl_locks);
+ return 0;
+ }
+ }
+ CRYPTO_set_locking_callback(_ssl_thread_locking_function);
+ }
+ return 1;
+}
+"""
diff --git a/lib_pypy/openssl/_cffi_src/openssl/ssl.py b/lib_pypy/openssl/_cffi_src/openssl/ssl.py
--- a/lib_pypy/openssl/_cffi_src/openssl/ssl.py
+++ b/lib_pypy/openssl/_cffi_src/openssl/ssl.py
@@ -137,16 +137,14 @@
typedef ... SSL_METHOD;
typedef ... SSL_CTX;
-
typedef ... SSL_SESSION;
typedef ... SSL;
-typedef ... Cryptography_STACK_OF_SSL_CIPHER;
-
static const long TLSEXT_NAMETYPE_host_name;
+typedef ... SSL_CIPHER;
+typedef ... Cryptography_STACK_OF_SSL_CIPHER;
typedef ... COMP_METHOD;
-typedef ... SSL_CIPHER;
"""
FUNCTIONS = """
diff --git a/lib_pypy/openssl/_cffi_src/openssl/x509_vfy.py b/lib_pypy/openssl/_cffi_src/openssl/x509_vfy.py
--- a/lib_pypy/openssl/_cffi_src/openssl/x509_vfy.py
+++ b/lib_pypy/openssl/_cffi_src/openssl/x509_vfy.py
@@ -181,7 +181,7 @@
Cryptography_STACK_OF_ASN1_OBJECT *);
void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *, int);
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *);
-
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *);
int Cryptography_X509_OBJECT_get_type(const X509_OBJECT *);
X509 * Cryptography_X509_OBJECT_data_x509(X509_OBJECT*);
"""
diff --git a/lib_pypy/openssl/_cffi_src/openssl/x509name.py b/lib_pypy/openssl/_cffi_src/openssl/x509name.py
--- a/lib_pypy/openssl/_cffi_src/openssl/x509name.py
+++ b/lib_pypy/openssl/_cffi_src/openssl/x509name.py
@@ -35,7 +35,7 @@
int X509_NAME_get_index_by_NID(X509_NAME *, int, int);
int X509_NAME_cmp(const X509_NAME *, const X509_NAME *);
X509_NAME *X509_NAME_dup(X509_NAME *);
-int X509_NAME_ENTRY_set(const X509_NAME_ENTRY * ne);
+int Cryptography_X509_NAME_ENTRY_set(X509_NAME_ENTRY *);
"""
MACROS = """
@@ -77,7 +77,13 @@
"""
CUSTOMIZATIONS = """
-int X509_NAME_ENTRY_set(const X509_NAME_ENTRY * ne) {
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER)
+int Cryptography_X509_NAME_ENTRY_set(X509_NAME_ENTRY *ne) {
+ return X509_NAME_ENTRY_set(ne);
+}
+#else
+int Cryptography_X509_NAME_ENTRY_set(X509_NAME_ENTRY *ne) {
return ne->set;
}
+#endif
"""
diff --git a/lib_pypy/openssl/_stdssl/certificate.py b/lib_pypy/openssl/_stdssl/certificate.py
--- a/lib_pypy/openssl/_stdssl/certificate.py
+++ b/lib_pypy/openssl/_stdssl/certificate.py
@@ -139,7 +139,7 @@
entry = lib.X509_NAME_get_entry(xname, index_counter);
# check to see if we've gotten to a new RDN
- _set = lib.X509_NAME_ENTRY_set(entry)
+ _set = lib.Cryptography_X509_NAME_ENTRY_set(entry)
if rdn_level >= 0:
if rdn_level != _set:
dn.append(tuple(rdn))
More information about the pypy-commit
mailing list