1# This file is dual licensed under the terms of the Apache License, Version 2# 2.0, and the BSD License. See the LICENSE file in the root of this repository 3# for complete details. 4 5from __future__ import absolute_import, division, print_function 6 7INCLUDES = """ 8#include <openssl/ssl.h> 9 10/* 11 * This is part of a work-around for the difficulty cffi has in dealing with 12 * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that 13 * will be an alias for this type and use the alias throughout. This works 14 * together with another opaque typedef for the same name in the TYPES section. 15 * Note that the result is an opaque type. 16 */ 17typedef STACK_OF(X509) Cryptography_STACK_OF_X509; 18typedef STACK_OF(X509_CRL) Cryptography_STACK_OF_X509_CRL; 19typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; 20""" 21 22TYPES = """ 23typedef ... Cryptography_STACK_OF_X509; 24typedef ... Cryptography_STACK_OF_X509_CRL; 25typedef ... Cryptography_STACK_OF_X509_REVOKED; 26 27typedef struct { 28 ASN1_OBJECT *algorithm; 29 ...; 30} X509_ALGOR; 31 32typedef ... X509_ATTRIBUTE; 33typedef ... X509_EXTENSION; 34typedef ... X509_EXTENSIONS; 35typedef ... X509_REQ; 36typedef ... X509_REVOKED; 37typedef ... X509_CRL; 38typedef ... X509; 39 40typedef ... NETSCAPE_SPKI; 41 42typedef ... PKCS8_PRIV_KEY_INFO; 43 44typedef void (*sk_X509_EXTENSION_freefunc)(X509_EXTENSION *); 45""" 46 47FUNCTIONS = """ 48X509 *X509_new(void); 49void X509_free(X509 *); 50X509 *X509_dup(X509 *); 51int X509_cmp(const X509 *, const X509 *); 52int X509_up_ref(X509 *); 53 54int X509_print_ex(BIO *, X509 *, unsigned long, unsigned long); 55 56int X509_set_version(X509 *, long); 57 58EVP_PKEY *X509_get_pubkey(X509 *); 59int X509_set_pubkey(X509 *, EVP_PKEY *); 60 61unsigned char *X509_alias_get0(X509 *, int *); 62int X509_sign(X509 *, EVP_PKEY *, const EVP_MD *); 63 64int X509_digest(const X509 *, const EVP_MD *, unsigned char *, unsigned int *); 65 66ASN1_TIME *X509_gmtime_adj(ASN1_TIME *, long); 67 68unsigned long X509_subject_name_hash(X509 *); 69 70int X509_set_subject_name(X509 *, X509_NAME *); 71 72int X509_set_issuer_name(X509 *, X509_NAME *); 73 74int X509_add_ext(X509 *, X509_EXTENSION *, int); 75X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *); 76 77ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *); 78void X509_EXTENSION_free(X509_EXTENSION *); 79 80int X509_REQ_set_version(X509_REQ *, long); 81X509_REQ *X509_REQ_new(void); 82void X509_REQ_free(X509_REQ *); 83int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *); 84int X509_REQ_set_subject_name(X509_REQ *, X509_NAME *); 85int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *); 86int X509_REQ_verify(X509_REQ *, EVP_PKEY *); 87EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *); 88int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long); 89int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *); 90X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *); 91X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *, int); 92int X509_REQ_get_attr_by_OBJ(const X509_REQ *, const ASN1_OBJECT *, int); 93void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *, int, int, void *); 94ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *, int); 95int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *); 96int X509_REQ_add1_attr_by_OBJ(X509_REQ *, const ASN1_OBJECT *, 97 int, const unsigned char *, int); 98 99int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int); 100ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *); 101 102X509_REVOKED *X509_REVOKED_new(void); 103void X509_REVOKED_free(X509_REVOKED *); 104 105int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *); 106 107int X509_REVOKED_add_ext(X509_REVOKED *, X509_EXTENSION*, int); 108int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long); 109X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *, int); 110 111int X509_REVOKED_set_revocationDate(X509_REVOKED *, ASN1_TIME *); 112 113X509_CRL *X509_CRL_new(void); 114X509_CRL *X509_CRL_dup(X509_CRL *); 115X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **); 116int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *); 117int X509_CRL_add_ext(X509_CRL *, X509_EXTENSION *, int); 118int X509_CRL_cmp(const X509_CRL *, const X509_CRL *); 119int X509_CRL_print(BIO *, X509_CRL *); 120int X509_CRL_set_issuer_name(X509_CRL *, X509_NAME *); 121int X509_CRL_set_version(X509_CRL *, long); 122int X509_CRL_sign(X509_CRL *, EVP_PKEY *, const EVP_MD *); 123int X509_CRL_sort(X509_CRL *); 124int X509_CRL_verify(X509_CRL *, EVP_PKEY *); 125int i2d_X509_CRL_bio(BIO *, X509_CRL *); 126void X509_CRL_free(X509_CRL *); 127 128int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *, EVP_PKEY *); 129int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *, EVP_PKEY *, const EVP_MD *); 130char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *); 131NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *, int); 132EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *); 133int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *, EVP_PKEY *); 134NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); 135void NETSCAPE_SPKI_free(NETSCAPE_SPKI *); 136 137/* ASN1 serialization */ 138int i2d_X509_bio(BIO *, X509 *); 139X509 *d2i_X509_bio(BIO *, X509 **); 140 141int i2d_X509_REQ_bio(BIO *, X509_REQ *); 142X509_REQ *d2i_X509_REQ_bio(BIO *, X509_REQ **); 143 144int i2d_PrivateKey_bio(BIO *, EVP_PKEY *); 145EVP_PKEY *d2i_PrivateKey_bio(BIO *, EVP_PKEY **); 146int i2d_PUBKEY_bio(BIO *, EVP_PKEY *); 147EVP_PKEY *d2i_PUBKEY_bio(BIO *, EVP_PKEY **); 148 149ASN1_INTEGER *X509_get_serialNumber(X509 *); 150int X509_set_serialNumber(X509 *, ASN1_INTEGER *); 151 152const char *X509_verify_cert_error_string(long); 153 154const char *X509_get_default_cert_dir(void); 155const char *X509_get_default_cert_file(void); 156const char *X509_get_default_cert_dir_env(void); 157const char *X509_get_default_cert_file_env(void); 158 159int i2d_RSAPrivateKey_bio(BIO *, RSA *); 160RSA *d2i_RSAPublicKey_bio(BIO *, RSA **); 161int i2d_RSAPublicKey_bio(BIO *, RSA *); 162int i2d_DSAPrivateKey_bio(BIO *, DSA *); 163 164/* These became const X509 in 1.1.0 */ 165int X509_get_ext_count(X509 *); 166X509_EXTENSION *X509_get_ext(X509 *, int); 167X509_NAME *X509_get_subject_name(X509 *); 168X509_NAME *X509_get_issuer_name(X509 *); 169 170/* This became const ASN1_OBJECT * in 1.1.0 */ 171X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **, 172 ASN1_OBJECT *, int, 173 ASN1_OCTET_STRING *); 174 175 176/* This became const X509_EXTENSION * in 1.1.0 */ 177int X509_EXTENSION_get_critical(X509_EXTENSION *); 178 179/* This became const X509_REVOKED * in 1.1.0 */ 180int X509_REVOKED_get_ext_count(X509_REVOKED *); 181X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *, int); 182 183/* This became const X509_CRL * in 1.1.0 */ 184X509_EXTENSION *X509_CRL_get_ext(X509_CRL *, int); 185int X509_CRL_get_ext_count(X509_CRL *); 186 187int X509_CRL_get0_by_serial(X509_CRL *, X509_REVOKED **, ASN1_INTEGER *); 188 189X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *); 190X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *); 191 192/* new in 1.0.2 */ 193int i2d_re_X509_tbs(X509 *, unsigned char **); 194int X509_get_signature_nid(const X509 *); 195 196const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); 197 198void X509_get0_signature(const ASN1_BIT_STRING **, 199 const X509_ALGOR **, const X509 *); 200 201long X509_get_version(X509 *); 202 203ASN1_TIME *X509_get_notBefore(X509 *); 204ASN1_TIME *X509_get_notAfter(X509 *); 205ASN1_TIME *X509_getm_notBefore(X509 *); 206ASN1_TIME *X509_getm_notAfter(X509 *); 207 208long X509_REQ_get_version(X509_REQ *); 209X509_NAME *X509_REQ_get_subject_name(X509_REQ *); 210 211Cryptography_STACK_OF_X509 *sk_X509_new_null(void); 212void sk_X509_free(Cryptography_STACK_OF_X509 *); 213int sk_X509_num(Cryptography_STACK_OF_X509 *); 214int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *); 215X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int); 216 217X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void); 218int sk_X509_EXTENSION_num(X509_EXTENSIONS *); 219X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int); 220int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); 221int sk_X509_EXTENSION_insert(X509_EXTENSIONS *, X509_EXTENSION *, int); 222X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); 223void sk_X509_EXTENSION_free(X509_EXTENSIONS *); 224void sk_X509_EXTENSION_pop_free(X509_EXTENSIONS *, sk_X509_EXTENSION_freefunc); 225 226int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *); 227X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int); 228 229Cryptography_STACK_OF_X509_CRL *sk_X509_CRL_new_null(void); 230void sk_X509_CRL_free(Cryptography_STACK_OF_X509_CRL *); 231int sk_X509_CRL_num(Cryptography_STACK_OF_X509_CRL *); 232int sk_X509_CRL_push(Cryptography_STACK_OF_X509_CRL *, X509_CRL *); 233X509_CRL *sk_X509_CRL_value(Cryptography_STACK_OF_X509_CRL *, int); 234 235long X509_CRL_get_version(X509_CRL *); 236ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *); 237ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *); 238X509_NAME *X509_CRL_get_issuer(X509_CRL *); 239Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *); 240 241/* These aren't macros these arguments are all const X on openssl > 1.0.x */ 242int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); 243int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); 244int X509_set_notBefore(X509 *, ASN1_TIME *); 245int X509_set_notAfter(X509 *, ASN1_TIME *); 246int X509_set1_notBefore(X509 *, ASN1_TIME *); 247int X509_set1_notAfter(X509 *, ASN1_TIME *); 248 249EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); 250int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); 251EC_KEY *d2i_ECPrivateKey_bio(BIO *, EC_KEY **); 252int i2d_ECPrivateKey_bio(BIO *, EC_KEY *); 253 254// declared in safestack 255int sk_ASN1_OBJECT_num(Cryptography_STACK_OF_ASN1_OBJECT *); 256ASN1_OBJECT *sk_ASN1_OBJECT_value(Cryptography_STACK_OF_ASN1_OBJECT *, int); 257void sk_ASN1_OBJECT_free(Cryptography_STACK_OF_ASN1_OBJECT *); 258Cryptography_STACK_OF_ASN1_OBJECT *sk_ASN1_OBJECT_new_null(void); 259int sk_ASN1_OBJECT_push(Cryptography_STACK_OF_ASN1_OBJECT *, ASN1_OBJECT *); 260 261/* these functions were added in 1.1.0 */ 262const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *); 263const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *); 264void X509_CRL_get0_signature(const X509_CRL *, const ASN1_BIT_STRING **, 265 const X509_ALGOR **); 266int i2d_re_X509_REQ_tbs(X509_REQ *, unsigned char **); 267int i2d_re_X509_CRL_tbs(X509_CRL *, unsigned char **); 268void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, 269 const X509_ALGOR **); 270""" 271 272CUSTOMIZATIONS = """ 273#if CRYPTOGRAPHY_IS_LIBRESSL 274int i2d_re_X509_tbs(X509 *x, unsigned char **pp) 275{ 276 /* in 1.0.2+ this function also sets x->cert_info->enc.modified = 1 277 but older OpenSSLs don't have the enc ASN1_ENCODING member in the 278 X509 struct. Setting modified to 1 marks the encoding 279 (x->cert_info->enc.enc) as invalid, but since the entire struct isn't 280 present we don't care. */ 281 return i2d_X509_CINF(x->cert_info, pp); 282} 283#endif 284 285/* Being kept around for pyOpenSSL */ 286X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) { 287 return X509_REVOKED_dup(rev); 288} 289/* Added in 1.1.0 but we need it in all versions now due to the great 290 opaquing. */ 291#if CRYPTOGRAPHY_IS_LIBRESSL 292int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) 293{ 294 req->req_info->enc.modified = 1; 295 return i2d_X509_REQ_INFO(req->req_info, pp); 296} 297int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { 298 crl->crl->enc.modified = 1; 299 return i2d_X509_CRL_INFO(crl->crl, pp); 300} 301#endif 302""" 303