[pypy-commit] pypy py3.5: update to cryptography 1.7.2
plan_rich
pypy.commits at gmail.com
Mon Feb 20 05:19:33 EST 2017
Author: Richard Plangger <planrichi at gmail.com>
Branch: py3.5
Changeset: r90224:c6383e02884f
Date: 2017-02-20 11:18 +0100
http://bitbucket.org/pypy/pypy/changeset/c6383e02884f/
Log: update to cryptography 1.7.2
diff --git a/lib_pypy/_cffi_ssl/README.md b/lib_pypy/_cffi_ssl/README.md
--- a/lib_pypy/_cffi_ssl/README.md
+++ b/lib_pypy/_cffi_ssl/README.md
@@ -17,4 +17,4 @@
# Crpytography version
-`c8f47ad2122efdd5e772aee13ed5d4c64e7d6086`
+Copied over release version `1.7.2`
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
@@ -10,6 +10,7 @@
TYPES = """
static const int Cryptography_HAS_AES_WRAP;
+static const int Cryptography_HAS_AES_CTR128_ENCRYPT;
struct aes_key_st {
...;
@@ -28,8 +29,22 @@
"""
MACROS = """
+/* The ctr128_encrypt function is only useful in 1.0.0. We can use EVP for
+ this in 1.0.1+. */
+void AES_ctr128_encrypt(const unsigned char *, unsigned char *,
+ size_t, const AES_KEY *, unsigned char[],
+ unsigned char[], unsigned int *);
"""
CUSTOMIZATIONS = """
static const long Cryptography_HAS_AES_WRAP = 1;
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER)
+static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 0;
+void (*AES_ctr128_encrypt)(const unsigned char *, unsigned char *,
+ size_t, const AES_KEY *,
+ unsigned char[], unsigned char[],
+ unsigned int *) = NULL;
+#else
+static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 1;
+#endif
"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
@@ -5,7 +5,7 @@
from __future__ import absolute_import, division, print_function
INCLUDES = """
-#if !defined(OPENSSL_NO_CMAC)
+#if !defined(OPENSSL_NO_CMAC) && CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
#include <openssl/cmac.h>
#endif
"""
@@ -28,7 +28,7 @@
"""
CUSTOMIZATIONS = """
-#if !defined(OPENSSL_NO_CMAC)
+#if !defined(OPENSSL_NO_CMAC) && CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
static const long Cryptography_HAS_CMAC = 1;
#else
static const long Cryptography_HAS_CMAC = 0;
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cryptography.py
@@ -17,6 +17,8 @@
#include <windows.h>
#endif
+#define CRYPTOGRAPHY_OPENSSL_101_OR_GREATER \
+ (OPENSSL_VERSION_NUMBER >= 0x10001000)
#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10002000)
#define CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER \
@@ -24,6 +26,8 @@
#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10100000)
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_101 \
+ (OPENSSL_VERSION_NUMBER < 0x10001000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \
(OPENSSL_VERSION_NUMBER < 0x10002000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102BETA3 \
@@ -47,8 +51,12 @@
"""
TYPES = """
+static const int CRYPTOGRAPHY_OPENSSL_101_OR_GREATER;
+
static const int CRYPTOGRAPHY_OPENSSL_110_OR_GREATER;
+static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_101;
+
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I;
static const int CRYPTOGRAPHY_IS_LIBRESSL;
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ec.py
@@ -14,6 +14,7 @@
TYPES = """
static const int Cryptography_HAS_EC;
+static const int Cryptography_HAS_EC_1_0_1;
static const int Cryptography_HAS_EC2M;
static const int Cryptography_HAS_EC_1_0_2;
@@ -326,6 +327,13 @@
int (*EC_METHOD_get_field_type)(const EC_METHOD *) = NULL;
+#else
+static const long Cryptography_HAS_EC = 1;
+#endif
+
+#if defined(OPENSSL_NO_EC) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_101
+static const long Cryptography_HAS_EC_1_0_1 = 0;
+
int (*EC_KEY_get_flags)(const EC_KEY *) = NULL;
void (*EC_KEY_set_flags)(EC_KEY *, int) = NULL;
void (*EC_KEY_clear_flags)(EC_KEY *, int) = NULL;
@@ -333,9 +341,10 @@
int (*EC_KEY_set_public_key_affine_coordinates)(
EC_KEY *, BIGNUM *, BIGNUM *) = NULL;
#else
-static const long Cryptography_HAS_EC = 1;
+static const long Cryptography_HAS_EC_1_0_1 = 1;
#endif
+
#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_EC2M)
static const long Cryptography_HAS_EC2M = 0;
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/rsa.py
@@ -20,6 +20,7 @@
static const int RSA_F4;
static const int Cryptography_HAS_PSS_PADDING;
+static const int Cryptography_HAS_MGF1_MD;
static const int Cryptography_HAS_RSA_OAEP_MD;
"""
@@ -72,6 +73,12 @@
CUSTOMIZATIONS = """
static const long Cryptography_HAS_PSS_PADDING = 1;
+#if CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
+static const long Cryptography_HAS_MGF1_MD = 1;
+#else
+static const long Cryptography_HAS_MGF1_MD = 0;
+int (*EVP_PKEY_CTX_set_rsa_mgf1_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL;
+#endif
#if defined(EVP_PKEY_CTX_set_rsa_oaep_md)
static const long Cryptography_HAS_RSA_OAEP_MD = 1;
#else
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
@@ -25,6 +25,7 @@
static const long Cryptography_HAS_GET_SERVER_TMP_KEY;
static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE;
static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
+static const long Cryptography_HAS_NPN_NEGOTIATED;
/* Internally invented symbol to tell us if SNI is supported */
static const long Cryptography_HAS_TLSEXT_HOSTNAME;
@@ -43,8 +44,8 @@
static const long Cryptography_HAS_SSL_SET_SSL_CTX;
static const long Cryptography_HAS_SSL_OP_NO_TICKET;
static const long Cryptography_HAS_NETBSD_D1_METH;
+static const long Cryptography_HAS_NEXTPROTONEG;
static const long Cryptography_HAS_ALPN;
-static const long Cryptography_HAS_NEXTPROTONEG;
static const long Cryptography_HAS_SET_CERT_CB;
static const long SSL_FILETYPE_PEM;
@@ -362,6 +363,9 @@
long SSL_session_reused(SSL *);
+/* NPN APIs were introduced in OpenSSL 1.0.1. To continue to support earlier
+ * versions some special handling of these is necessary.
+ */
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *,
int (*)(SSL *,
const unsigned char **,
@@ -410,7 +414,7 @@
/* Added in 1.0.2 */
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *);
-
+/* Added in 1.0.1 */
int SSL_SESSION_set1_id_context(SSL_SESSION *, const unsigned char *,
unsigned int);
/* Added in 1.1.0 for the great opaquing of structs */
@@ -434,6 +438,28 @@
"""
CUSTOMIZATIONS = """
+/* Added in 1.0.1 but we need it in all versions now due to the great
+ opaquing. */
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_101
+/* from ssl.h */
+#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
+#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
+/* from ssl/ssl_sess.c */
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+{
+ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+ SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ s->sid_ctx_length = sid_ctx_len;
+ memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+
+ return 1;
+}
+#endif
+
/* Added in 1.0.2 but we need it in all versions now due to the great
opaquing. */
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || defined(LIBRESSL_VERSION_NUMBER)
@@ -579,7 +605,36 @@
static const long Cryptography_HAS_NETBSD_D1_METH = 1;
#endif
+/* Because OPENSSL defines macros that claim lack of support for things, rather
+ * than macros that claim support for things, we need to do a version check in
+ * addition to a definition check. NPN was added in 1.0.1: for any version
+ * before that, there is no compatibility.
+ */
+#if defined(OPENSSL_NO_NEXTPROTONEG) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_101
+static const long Cryptography_HAS_NEXTPROTONEG = 0;
+void (*SSL_CTX_set_next_protos_advertised_cb)(SSL_CTX *,
+ int (*)(SSL *,
+ const unsigned char **,
+ unsigned int *,
+ void *),
+ void *) = NULL;
+void (*SSL_CTX_set_next_proto_select_cb)(SSL_CTX *,
+ int (*)(SSL *,
+ unsigned char **,
+ unsigned char *,
+ const unsigned char *,
+ unsigned int,
+ void *),
+ void *) = NULL;
+int (*SSL_select_next_proto)(unsigned char **, unsigned char *,
+ const unsigned char *, unsigned int,
+ const unsigned char *, unsigned int) = NULL;
+void (*SSL_get0_next_proto_negotiated)(const SSL *,
+ const unsigned char **,
+ unsigned *) = NULL;
+#else
static const long Cryptography_HAS_NEXTPROTONEG = 1;
+#endif
/* ALPN was added in OpenSSL 1.0.2. */
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !defined(LIBRESSL_VERSION_NUMBER)
@@ -652,4 +707,13 @@
static const long TLS_ST_BEFORE = 0;
static const long TLS_ST_OK = 0;
#endif
+
+/* This define is available in 1.0.1+ so we can remove this when we drop
+ support for 1.0.0 */
+#ifdef OPENSSL_NPN_NEGOTIATED
+static const long Cryptography_HAS_NPN_NEGOTIATED = 1;
+#else
+static const long OPENSSL_NPN_NEGOTIATED = -1;
+static const long Cryptography_HAS_NPN_NEGOTIATED = 0;
+#endif
"""
More information about the pypy-commit
mailing list