1# This file is dual licensed under the terms of the Apache License, Version 2# 2.0, and the BSD License. See the LICENSE file in the root of this repository 3# for complete details. 4 5from __future__ import absolute_import, division, print_function 6 7INCLUDES = """ 8#include <openssl/ssl.h> 9 10typedef STACK_OF(SSL_CIPHER) Cryptography_STACK_OF_SSL_CIPHER; 11""" 12 13TYPES = """ 14static const long Cryptography_HAS_SSL_ST; 15static const long Cryptography_HAS_TLS_ST; 16static const long Cryptography_HAS_SSL3_METHOD; 17static const long Cryptography_HAS_TLSv1_1; 18static const long Cryptography_HAS_TLSv1_2; 19static const long Cryptography_HAS_TLSv1_3; 20static const long Cryptography_HAS_SECURE_RENEGOTIATION; 21static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS; 22static const long Cryptography_HAS_DTLS; 23static const long Cryptography_HAS_SIGALGS; 24static const long Cryptography_HAS_PSK; 25static const long Cryptography_HAS_VERIFIED_CHAIN; 26static const long Cryptography_HAS_KEYLOG; 27static const long Cryptography_HAS_GET_PROTO_VERSION; 28static const long Cryptography_HAS_TLSEXT_HOSTNAME; 29 30/* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is 31 * supported 32 */ 33static const long Cryptography_HAS_RELEASE_BUFFERS; 34 35/* Internally invented symbol to tell us if SSL_OP_NO_COMPRESSION is 36 * supported 37 */ 38static const long Cryptography_HAS_OP_NO_COMPRESSION; 39static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; 40static const long Cryptography_HAS_SSL_SET_SSL_CTX; 41static const long Cryptography_HAS_SSL_OP_NO_TICKET; 42static const long Cryptography_HAS_ALPN; 43static const long Cryptography_HAS_NEXTPROTONEG; 44static const long Cryptography_HAS_SET_CERT_CB; 45static const long Cryptography_HAS_CUSTOM_EXT; 46static const long Cryptography_HAS_SRTP; 47 48static const long SSL_FILETYPE_PEM; 49static const long SSL_FILETYPE_ASN1; 50static const long SSL_ERROR_NONE; 51static const long SSL_ERROR_ZERO_RETURN; 52static const long SSL_ERROR_WANT_READ; 53static const long SSL_ERROR_WANT_WRITE; 54static const long SSL_ERROR_WANT_X509_LOOKUP; 55static const long SSL_ERROR_WANT_CONNECT; 56static const long SSL_ERROR_SYSCALL; 57static const long SSL_ERROR_SSL; 58static const long SSL_SENT_SHUTDOWN; 59static const long SSL_RECEIVED_SHUTDOWN; 60static const long SSL_OP_NO_SSLv2; 61static const long SSL_OP_NO_SSLv3; 62static const long SSL_OP_NO_TLSv1; 63static const long SSL_OP_NO_TLSv1_1; 64static const long SSL_OP_NO_TLSv1_2; 65static const long SSL_OP_NO_TLSv1_3; 66static const long SSL_OP_NO_DTLSv1; 67static const long SSL_OP_NO_DTLSv1_2; 68static const long SSL_OP_NO_COMPRESSION; 69static const long SSL_OP_SINGLE_DH_USE; 70static const long SSL_OP_EPHEMERAL_RSA; 71static const long SSL_OP_MICROSOFT_SESS_ID_BUG; 72static const long SSL_OP_NETSCAPE_CHALLENGE_BUG; 73static const long SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; 74static const long SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; 75static const long SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; 76static const long SSL_OP_MSIE_SSLV2_RSA_PADDING; 77static const long SSL_OP_SSLEAY_080_CLIENT_DH_BUG; 78static const long SSL_OP_TLS_D5_BUG; 79static const long SSL_OP_TLS_BLOCK_PADDING_BUG; 80static const long SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; 81static const long SSL_OP_CIPHER_SERVER_PREFERENCE; 82static const long SSL_OP_TLS_ROLLBACK_BUG; 83static const long SSL_OP_PKCS1_CHECK_1; 84static const long SSL_OP_PKCS1_CHECK_2; 85static const long SSL_OP_NETSCAPE_CA_DN_BUG; 86static const long SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG; 87static const long SSL_OP_NO_QUERY_MTU; 88static const long SSL_OP_COOKIE_EXCHANGE; 89static const long SSL_OP_NO_TICKET; 90static const long SSL_OP_ALL; 91static const long SSL_OP_SINGLE_ECDH_USE; 92static const long SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; 93static const long SSL_OP_LEGACY_SERVER_CONNECT; 94static const long SSL_VERIFY_PEER; 95static const long SSL_VERIFY_FAIL_IF_NO_PEER_CERT; 96static const long SSL_VERIFY_CLIENT_ONCE; 97static const long SSL_VERIFY_NONE; 98static const long SSL_VERIFY_POST_HANDSHAKE; 99static const long SSL_SESS_CACHE_OFF; 100static const long SSL_SESS_CACHE_CLIENT; 101static const long SSL_SESS_CACHE_SERVER; 102static const long SSL_SESS_CACHE_BOTH; 103static const long SSL_SESS_CACHE_NO_AUTO_CLEAR; 104static const long SSL_SESS_CACHE_NO_INTERNAL_LOOKUP; 105static const long SSL_SESS_CACHE_NO_INTERNAL_STORE; 106static const long SSL_SESS_CACHE_NO_INTERNAL; 107static const long SSL_ST_CONNECT; 108static const long SSL_ST_ACCEPT; 109static const long SSL_ST_MASK; 110static const long SSL_ST_INIT; 111static const long SSL_ST_BEFORE; 112static const long SSL_ST_OK; 113static const long SSL_ST_RENEGOTIATE; 114static const long SSL_CB_LOOP; 115static const long SSL_CB_EXIT; 116static const long SSL_CB_READ; 117static const long SSL_CB_WRITE; 118static const long SSL_CB_ALERT; 119static const long SSL_CB_READ_ALERT; 120static const long SSL_CB_WRITE_ALERT; 121static const long SSL_CB_ACCEPT_LOOP; 122static const long SSL_CB_ACCEPT_EXIT; 123static const long SSL_CB_CONNECT_LOOP; 124static const long SSL_CB_CONNECT_EXIT; 125static const long SSL_CB_HANDSHAKE_START; 126static const long SSL_CB_HANDSHAKE_DONE; 127static const long SSL_MODE_RELEASE_BUFFERS; 128static const long SSL_MODE_ENABLE_PARTIAL_WRITE; 129static const long SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; 130static const long SSL_MODE_AUTO_RETRY; 131static const long SSL3_RANDOM_SIZE; 132static const long TLS_ST_BEFORE; 133static const long TLS_ST_OK; 134 135typedef ... SSL_METHOD; 136typedef ... SSL_CTX; 137 138typedef ... SSL_SESSION; 139 140typedef ... SSL; 141 142static const long TLSEXT_NAMETYPE_host_name; 143static const long TLSEXT_STATUSTYPE_ocsp; 144 145typedef ... SSL_CIPHER; 146typedef ... Cryptography_STACK_OF_SSL_CIPHER; 147 148typedef struct { 149 const char *name; 150 unsigned long id; 151} SRTP_PROTECTION_PROFILE; 152""" 153 154FUNCTIONS = """ 155/* SSL */ 156const char *SSL_state_string_long(const SSL *); 157SSL_SESSION *SSL_get1_session(SSL *); 158int SSL_set_session(SSL *, SSL_SESSION *); 159SSL *SSL_new(SSL_CTX *); 160void SSL_free(SSL *); 161int SSL_set_fd(SSL *, int); 162SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); 163void SSL_set_bio(SSL *, BIO *, BIO *); 164void SSL_set_connect_state(SSL *); 165void SSL_set_accept_state(SSL *); 166void SSL_set_shutdown(SSL *, int); 167int SSL_get_shutdown(const SSL *); 168int SSL_pending(const SSL *); 169int SSL_write(SSL *, const void *, int); 170int SSL_read(SSL *, void *, int); 171int SSL_peek(SSL *, void *, int); 172X509 *SSL_get_certificate(const SSL *); 173X509 *SSL_get_peer_certificate(const SSL *); 174int SSL_get_ex_data_X509_STORE_CTX_idx(void); 175 176/* Added in 1.0.2 */ 177X509_VERIFY_PARAM *SSL_get0_param(SSL *); 178X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *); 179 180int SSL_get_sigalgs(SSL *, int, int *, int *, int *, unsigned char *, 181 unsigned char *); 182 183Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); 184Cryptography_STACK_OF_X509 *SSL_get0_verified_chain(const SSL *); 185Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); 186 187int SSL_get_error(const SSL *, int); 188long SSL_get_verify_result(const SSL *ssl); 189int SSL_do_handshake(SSL *); 190int SSL_shutdown(SSL *); 191int SSL_renegotiate(SSL *); 192int SSL_renegotiate_pending(SSL *); 193const char *SSL_get_cipher_list(const SSL *, int); 194 195/* context */ 196void SSL_CTX_free(SSL_CTX *); 197long SSL_CTX_set_timeout(SSL_CTX *, long); 198int SSL_CTX_set_default_verify_paths(SSL_CTX *); 199void SSL_CTX_set_verify(SSL_CTX *, int, int (*)(int, X509_STORE_CTX *)); 200void SSL_CTX_set_verify_depth(SSL_CTX *, int); 201int SSL_CTX_get_verify_mode(const SSL_CTX *); 202int SSL_CTX_get_verify_depth(const SSL_CTX *); 203int SSL_CTX_set_cipher_list(SSL_CTX *, const char *); 204int SSL_CTX_load_verify_locations(SSL_CTX *, const char *, const char *); 205void SSL_CTX_set_default_passwd_cb(SSL_CTX *, pem_password_cb *); 206void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *, void *); 207int SSL_CTX_use_certificate(SSL_CTX *, X509 *); 208int SSL_CTX_use_certificate_file(SSL_CTX *, const char *, int); 209int SSL_CTX_use_certificate_chain_file(SSL_CTX *, const char *); 210int SSL_CTX_use_PrivateKey(SSL_CTX *, EVP_PKEY *); 211int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int); 212int SSL_CTX_check_private_key(const SSL_CTX *); 213void SSL_CTX_set_cert_verify_callback(SSL_CTX *, 214 int (*)(X509_STORE_CTX *, void *), 215 void *); 216 217void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, 218 int (*)( 219 SSL *, 220 unsigned char *, 221 unsigned int * 222 )); 223long SSL_CTX_get_read_ahead(SSL_CTX *); 224long SSL_CTX_set_read_ahead(SSL_CTX *, long); 225 226int SSL_CTX_use_psk_identity_hint(SSL_CTX *, const char *); 227void SSL_CTX_set_psk_server_callback(SSL_CTX *, 228 unsigned int (*)( 229 SSL *, 230 const char *, 231 unsigned char *, 232 unsigned int 233 )); 234void SSL_CTX_set_psk_client_callback(SSL_CTX *, 235 unsigned int (*)( 236 SSL *, 237 const char *, 238 char *, 239 unsigned int, 240 unsigned char *, 241 unsigned int 242 )); 243 244int SSL_CTX_set_session_id_context(SSL_CTX *, const unsigned char *, 245 unsigned int); 246 247void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); 248X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); 249int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); 250 251void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); 252 253void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int)); 254void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); 255 256void SSL_CTX_set_keylog_callback(SSL_CTX *, 257 void (*)(const SSL *, const char *)); 258void (*SSL_CTX_get_keylog_callback(SSL_CTX *))(const SSL *, const char *); 259 260long SSL_CTX_set1_sigalgs_list(SSL_CTX *, const char *); 261 262/* SSL_SESSION */ 263void SSL_SESSION_free(SSL_SESSION *); 264 265/* Information about actually used cipher */ 266const char *SSL_CIPHER_get_name(const SSL_CIPHER *); 267int SSL_CIPHER_get_bits(const SSL_CIPHER *, int *); 268/* the modern signature of this is uint32_t, but older openssl declared it 269 as unsigned long. To make our compiler flags happy we'll declare it as a 270 64-bit wide value, which should always be safe */ 271uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); 272int SSL_CIPHER_is_aead(const SSL_CIPHER *); 273int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); 274int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); 275int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *); 276int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *); 277 278size_t SSL_get_finished(const SSL *, void *, size_t); 279size_t SSL_get_peer_finished(const SSL *, void *, size_t); 280Cryptography_STACK_OF_X509_NAME *SSL_load_client_CA_file(const char *); 281 282const char *SSL_get_servername(const SSL *, const int); 283/* Function signature changed to const char * in 1.1.0 */ 284const char *SSL_CIPHER_get_version(const SSL_CIPHER *); 285/* These became macros in 1.1.0 */ 286int SSL_library_init(void); 287void SSL_load_error_strings(void); 288 289/* these CRYPTO_EX_DATA functions became macros in 1.1.0 */ 290int SSL_get_ex_new_index(long, void *, CRYPTO_EX_new *, CRYPTO_EX_dup *, 291 CRYPTO_EX_free *); 292int SSL_set_ex_data(SSL *, int, void *); 293int SSL_CTX_get_ex_new_index(long, void *, CRYPTO_EX_new *, CRYPTO_EX_dup *, 294 CRYPTO_EX_free *); 295int SSL_CTX_set_ex_data(SSL_CTX *, int, void *); 296 297SSL_SESSION *SSL_get_session(const SSL *); 298const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *, unsigned int *); 299long SSL_SESSION_get_time(const SSL_SESSION *); 300long SSL_SESSION_get_timeout(const SSL_SESSION *); 301int SSL_SESSION_has_ticket(const SSL_SESSION *); 302long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *); 303 304unsigned long SSL_set_mode(SSL *, unsigned long); 305unsigned long SSL_clear_mode(SSL *, unsigned long); 306unsigned long SSL_get_mode(SSL *); 307 308unsigned long SSL_set_options(SSL *, unsigned long); 309unsigned long SSL_get_options(SSL *); 310 311int SSL_want_read(const SSL *); 312int SSL_want_write(const SSL *); 313 314long SSL_total_renegotiations(SSL *); 315long SSL_get_secure_renegotiation_support(SSL *); 316 317long SSL_CTX_set_min_proto_version(SSL_CTX *, int); 318long SSL_CTX_set_max_proto_version(SSL_CTX *, int); 319long SSL_set_min_proto_version(SSL *, int); 320long SSL_set_max_proto_version(SSL *, int); 321 322long SSL_CTX_get_min_proto_version(SSL_CTX *); 323long SSL_CTX_get_max_proto_version(SSL_CTX *); 324long SSL_get_min_proto_version(SSL *); 325long SSL_get_max_proto_version(SSL *); 326 327/* Defined as unsigned long because SSL_OP_ALL is greater than signed 32-bit 328 and Windows defines long as 32-bit. */ 329unsigned long SSL_CTX_set_options(SSL_CTX *, unsigned long); 330unsigned long SSL_CTX_clear_options(SSL_CTX *, unsigned long); 331unsigned long SSL_CTX_get_options(SSL_CTX *); 332unsigned long SSL_CTX_set_mode(SSL_CTX *, unsigned long); 333unsigned long SSL_CTX_clear_mode(SSL_CTX *, unsigned long); 334unsigned long SSL_CTX_get_mode(SSL_CTX *); 335unsigned long SSL_CTX_set_session_cache_mode(SSL_CTX *, unsigned long); 336unsigned long SSL_CTX_get_session_cache_mode(SSL_CTX *); 337unsigned long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *); 338unsigned long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *); 339unsigned long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); 340 341/*- These aren't macros these functions are all const X on openssl > 1.0.x -*/ 342 343/* methods */ 344 345const SSL_METHOD *TLSv1_1_method(void); 346const SSL_METHOD *TLSv1_1_server_method(void); 347const SSL_METHOD *TLSv1_1_client_method(void); 348 349const SSL_METHOD *TLSv1_2_method(void); 350const SSL_METHOD *TLSv1_2_server_method(void); 351const SSL_METHOD *TLSv1_2_client_method(void); 352 353const SSL_METHOD *SSLv3_method(void); 354const SSL_METHOD *SSLv3_server_method(void); 355const SSL_METHOD *SSLv3_client_method(void); 356 357const SSL_METHOD *TLSv1_method(void); 358const SSL_METHOD *TLSv1_server_method(void); 359const SSL_METHOD *TLSv1_client_method(void); 360 361const SSL_METHOD *DTLSv1_method(void); 362const SSL_METHOD *DTLSv1_server_method(void); 363const SSL_METHOD *DTLSv1_client_method(void); 364 365/* Added in 1.0.2 */ 366const SSL_METHOD *DTLS_method(void); 367const SSL_METHOD *DTLS_server_method(void); 368const SSL_METHOD *DTLS_client_method(void); 369 370const SSL_METHOD *SSLv23_method(void); 371const SSL_METHOD *SSLv23_server_method(void); 372const SSL_METHOD *SSLv23_client_method(void); 373 374const SSL_METHOD *TLS_method(void); 375const SSL_METHOD *TLS_server_method(void); 376const SSL_METHOD *TLS_client_method(void); 377 378/*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/ 379SSL_CTX *SSL_CTX_new(SSL_METHOD *); 380long SSL_CTX_get_timeout(const SSL_CTX *); 381 382const SSL_CIPHER *SSL_get_current_cipher(const SSL *); 383const char *SSL_get_version(const SSL *); 384int SSL_version(const SSL *); 385 386void *SSL_CTX_get_ex_data(const SSL_CTX *, int); 387void *SSL_get_ex_data(const SSL *, int); 388 389void SSL_set_tlsext_host_name(SSL *, char *); 390void SSL_CTX_set_tlsext_servername_callback( 391 SSL_CTX *, 392 int (*)(SSL *, int *, void *)); 393void SSL_CTX_set_tlsext_servername_arg( 394 SSL_CTX *, void *); 395 396long SSL_set_tlsext_status_ocsp_resp(SSL *, unsigned char *, int); 397long SSL_get_tlsext_status_ocsp_resp(SSL *, const unsigned char **); 398long SSL_set_tlsext_status_type(SSL *, long); 399long SSL_CTX_set_tlsext_status_cb(SSL_CTX *, int(*)(SSL *, void *)); 400long SSL_CTX_set_tlsext_status_arg(SSL_CTX *, void *); 401 402int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *, const char *); 403int SSL_set_tlsext_use_srtp(SSL *, const char *); 404SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); 405 406long SSL_session_reused(SSL *); 407 408int SSL_select_next_proto(unsigned char **, unsigned char *, 409 const unsigned char *, unsigned int, 410 const unsigned char *, unsigned int); 411 412int sk_SSL_CIPHER_num(Cryptography_STACK_OF_SSL_CIPHER *); 413const SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int); 414 415/* ALPN APIs were introduced in OpenSSL 1.0.2. To continue to support earlier 416 * versions some special handling of these is necessary. 417 */ 418int SSL_CTX_set_alpn_protos(SSL_CTX *, const unsigned char *, unsigned); 419int SSL_set_alpn_protos(SSL *, const unsigned char *, unsigned); 420void SSL_CTX_set_alpn_select_cb(SSL_CTX *, 421 int (*) (SSL *, 422 const unsigned char **, 423 unsigned char *, 424 const unsigned char *, 425 unsigned int, 426 void *), 427 void *); 428void SSL_get0_alpn_selected(const SSL *, const unsigned char **, unsigned *); 429 430long SSL_get_server_tmp_key(SSL *, EVP_PKEY **); 431 432/* SSL_CTX_set_cert_cb is introduced in OpenSSL 1.0.2. To continue to support 433 * earlier versions some special handling of these is necessary. 434 */ 435void SSL_CTX_set_cert_cb(SSL_CTX *, int (*)(SSL *, void *), void *); 436void SSL_set_cert_cb(SSL *, int (*)(SSL *, void *), void *); 437 438int SSL_SESSION_set1_id_context(SSL_SESSION *, const unsigned char *, 439 unsigned int); 440/* Added in 1.1.0 for the great opaquing of structs */ 441size_t SSL_SESSION_get_master_key(const SSL_SESSION *, unsigned char *, 442 size_t); 443size_t SSL_get_client_random(const SSL *, unsigned char *, size_t); 444size_t SSL_get_server_random(const SSL *, unsigned char *, size_t); 445int SSL_export_keying_material(SSL *, unsigned char *, size_t, const char *, 446 size_t, const unsigned char *, size_t, int); 447 448long SSL_CTX_sess_number(SSL_CTX *); 449long SSL_CTX_sess_connect(SSL_CTX *); 450long SSL_CTX_sess_connect_good(SSL_CTX *); 451long SSL_CTX_sess_connect_renegotiate(SSL_CTX *); 452long SSL_CTX_sess_accept(SSL_CTX *); 453long SSL_CTX_sess_accept_good(SSL_CTX *); 454long SSL_CTX_sess_accept_renegotiate(SSL_CTX *); 455long SSL_CTX_sess_hits(SSL_CTX *); 456long SSL_CTX_sess_cb_hits(SSL_CTX *); 457long SSL_CTX_sess_misses(SSL_CTX *); 458long SSL_CTX_sess_timeouts(SSL_CTX *); 459long SSL_CTX_sess_cache_full(SSL_CTX *); 460 461/* DTLS support */ 462long Cryptography_DTLSv1_get_timeout(SSL *, time_t *, long *); 463long DTLSv1_handle_timeout(SSL *); 464long DTLS_set_link_mtu(SSL *, long); 465long DTLS_get_link_min_mtu(SSL *); 466 467/* Custom extensions. */ 468typedef int (*custom_ext_add_cb)(SSL *, unsigned int, 469 const unsigned char **, 470 size_t *, int *, 471 void *); 472 473typedef void (*custom_ext_free_cb)(SSL *, unsigned int, 474 const unsigned char *, 475 void *); 476 477typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, 478 const unsigned char *, 479 size_t, int *, 480 void *); 481 482int SSL_CTX_add_client_custom_ext(SSL_CTX *, unsigned int, 483 custom_ext_add_cb, 484 custom_ext_free_cb, void *, 485 custom_ext_parse_cb, 486 void *); 487 488int SSL_CTX_add_server_custom_ext(SSL_CTX *, unsigned int, 489 custom_ext_add_cb, 490 custom_ext_free_cb, void *, 491 custom_ext_parse_cb, 492 void *); 493 494int SSL_extension_supported(unsigned int); 495 496int SSL_CTX_set_ciphersuites(SSL_CTX *, const char *); 497int SSL_verify_client_post_handshake(SSL *); 498void SSL_CTX_set_post_handshake_auth(SSL_CTX *, int); 499void SSL_set_post_handshake_auth(SSL *, int); 500 501uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *); 502int SSL_write_early_data(SSL *, const void *, size_t, size_t *); 503int SSL_read_early_data(SSL *, void *, size_t, size_t *); 504int SSL_CTX_set_max_early_data(SSL_CTX *, uint32_t); 505""" 506 507CUSTOMIZATIONS = """ 508// This symbol is being preserved because removing it will break users with 509// pyOpenSSL < 19.1 and pip < 20.x. We need to leave this in place until those 510// users have upgraded. PersistentlyDeprecated2020 511static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; 512 513#if CRYPTOGRAPHY_IS_LIBRESSL 514static const long Cryptography_HAS_VERIFIED_CHAIN = 0; 515Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; 516#else 517static const long Cryptography_HAS_VERIFIED_CHAIN = 1; 518#endif 519 520#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 521static const long Cryptography_HAS_KEYLOG = 0; 522void (*SSL_CTX_set_keylog_callback)(SSL_CTX *, 523 void (*) (const SSL *, const char *) 524 ) = NULL; 525void (*(*SSL_CTX_get_keylog_callback)(SSL_CTX *))( 526 const SSL *, 527 const char * 528 ) = NULL; 529#else 530static const long Cryptography_HAS_KEYLOG = 1; 531#endif 532 533static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; 534 535#ifdef OPENSSL_NO_SSL3_METHOD 536static const long Cryptography_HAS_SSL3_METHOD = 0; 537SSL_METHOD* (*SSLv3_method)(void) = NULL; 538SSL_METHOD* (*SSLv3_client_method)(void) = NULL; 539SSL_METHOD* (*SSLv3_server_method)(void) = NULL; 540#else 541static const long Cryptography_HAS_SSL3_METHOD = 1; 542#endif 543 544static const long Cryptography_HAS_RELEASE_BUFFERS = 1; 545static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; 546static const long Cryptography_HAS_TLSv1_1 = 1; 547static const long Cryptography_HAS_TLSv1_2 = 1; 548static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; 549static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; 550static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; 551static const long Cryptography_HAS_NEXTPROTONEG = 0; 552static const long Cryptography_HAS_ALPN = 1; 553 554#if CRYPTOGRAPHY_IS_LIBRESSL 555void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; 556void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; 557static const long Cryptography_HAS_SET_CERT_CB = 0; 558#else 559static const long Cryptography_HAS_SET_CERT_CB = 1; 560#endif 561 562static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 1; 563 564/* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were 565 removed */ 566#if CRYPTOGRAPHY_IS_LIBRESSL 567static const long Cryptography_HAS_SSL_ST = 1; 568#else 569static const long Cryptography_HAS_SSL_ST = 0; 570static const long SSL_ST_BEFORE = 0; 571static const long SSL_ST_OK = 0; 572static const long SSL_ST_INIT = 0; 573static const long SSL_ST_RENEGOTIATE = 0; 574#endif 575#if !CRYPTOGRAPHY_IS_LIBRESSL 576static const long Cryptography_HAS_TLS_ST = 1; 577#else 578static const long Cryptography_HAS_TLS_ST = 0; 579static const long TLS_ST_BEFORE = 0; 580static const long TLS_ST_OK = 0; 581#endif 582 583#if CRYPTOGRAPHY_IS_LIBRESSL 584static const long SSL_OP_NO_DTLSv1 = 0; 585static const long SSL_OP_NO_DTLSv1_2 = 0; 586long (*DTLS_set_link_mtu)(SSL *, long) = NULL; 587long (*DTLS_get_link_min_mtu)(SSL *) = NULL; 588#endif 589 590static const long Cryptography_HAS_DTLS = 1; 591/* Wrap DTLSv1_get_timeout to avoid cffi to handle a 'struct timeval'. */ 592long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec, 593 long *ptv_usec) { 594 struct timeval tv = { 0 }; 595 long r = DTLSv1_get_timeout(ssl, &tv); 596 597 if (r == 1) { 598 if (ptv_sec) { 599 *ptv_sec = tv.tv_sec; 600 } 601 602 if (ptv_usec) { 603 *ptv_usec = tv.tv_usec; 604 } 605 } 606 607 return r; 608} 609 610#if CRYPTOGRAPHY_IS_LIBRESSL 611static const long Cryptography_HAS_SIGALGS = 0; 612const int (*SSL_get_sigalgs)(SSL *, int, int *, int *, int *, unsigned char *, 613 unsigned char *) = NULL; 614const long (*SSL_CTX_set1_sigalgs_list)(SSL_CTX *, const char *) = NULL; 615#else 616static const long Cryptography_HAS_SIGALGS = 1; 617#endif 618 619#if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_PSK) 620static const long Cryptography_HAS_PSK = 0; 621int (*SSL_CTX_use_psk_identity_hint)(SSL_CTX *, const char *) = NULL; 622void (*SSL_CTX_set_psk_server_callback)(SSL_CTX *, 623 unsigned int (*)( 624 SSL *, 625 const char *, 626 unsigned char *, 627 unsigned int 628 )) = NULL; 629void (*SSL_CTX_set_psk_client_callback)(SSL_CTX *, 630 unsigned int (*)( 631 SSL *, 632 const char *, 633 char *, 634 unsigned int, 635 unsigned char *, 636 unsigned int 637 )) = NULL; 638#else 639static const long Cryptography_HAS_PSK = 1; 640#endif 641 642#if !CRYPTOGRAPHY_IS_LIBRESSL 643static const long Cryptography_HAS_CUSTOM_EXT = 1; 644#else 645static const long Cryptography_HAS_CUSTOM_EXT = 0; 646typedef int (*custom_ext_add_cb)(SSL *, unsigned int, 647 const unsigned char **, 648 size_t *, int *, 649 void *); 650typedef void (*custom_ext_free_cb)(SSL *, unsigned int, 651 const unsigned char *, 652 void *); 653typedef int (*custom_ext_parse_cb)(SSL *, unsigned int, 654 const unsigned char *, 655 size_t, int *, 656 void *); 657int (*SSL_CTX_add_client_custom_ext)(SSL_CTX *, unsigned int, 658 custom_ext_add_cb, 659 custom_ext_free_cb, void *, 660 custom_ext_parse_cb, 661 void *) = NULL; 662int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int, 663 custom_ext_add_cb, 664 custom_ext_free_cb, void *, 665 custom_ext_parse_cb, 666 void *) = NULL; 667int (*SSL_extension_supported)(unsigned int) = NULL; 668#endif 669 670#ifndef OPENSSL_NO_SRTP 671static const long Cryptography_HAS_SRTP = 1; 672#else 673static const long Cryptography_HAS_SRTP = 0; 674int (*SSL_CTX_set_tlsext_use_srtp)(SSL_CTX *, const char *) = NULL; 675int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; 676SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; 677#endif 678 679#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 680static const long Cryptography_HAS_TLSv1_3 = 0; 681static const long SSL_OP_NO_TLSv1_3 = 0; 682static const long SSL_VERIFY_POST_HANDSHAKE = 0; 683int (*SSL_CTX_set_ciphersuites)(SSL_CTX *, const char *) = NULL; 684int (*SSL_verify_client_post_handshake)(SSL *) = NULL; 685void (*SSL_CTX_set_post_handshake_auth)(SSL_CTX *, int) = NULL; 686void (*SSL_set_post_handshake_auth)(SSL *, int) = NULL; 687uint32_t (*SSL_SESSION_get_max_early_data)(const SSL_SESSION *) = NULL; 688int (*SSL_write_early_data)(SSL *, const void *, size_t, size_t *) = NULL; 689int (*SSL_read_early_data)(SSL *, void *, size_t, size_t *) = NULL; 690int (*SSL_CTX_set_max_early_data)(SSL_CTX *, uint32_t) = NULL; 691#else 692static const long Cryptography_HAS_TLSv1_3 = 1; 693#endif 694 695#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL 696static const long Cryptography_HAS_GET_PROTO_VERSION = 0; 697 698long (*SSL_CTX_get_min_proto_version)(SSL_CTX *) = NULL; 699long (*SSL_CTX_get_max_proto_version)(SSL_CTX *) = NULL; 700long (*SSL_get_min_proto_version)(SSL *) = NULL; 701long (*SSL_get_max_proto_version)(SSL *) = NULL; 702#else 703static const long Cryptography_HAS_GET_PROTO_VERSION = 1; 704#endif 705""" 706