Author: Matti Picus <matti.pi...@gmail.com>
Branch:
Changeset: r97174:5921676473ae
Date: 2019-08-14 17:01 +0300
http://bitbucket.org/pypy/pypy/changeset/5921676473ae/
Log: merge cryptograhpt-2.7 which updates vendored cryptography to 2.7
diff too long, truncating to 2000 out of 25452 lines
diff --git a/.hgignore b/.hgignore
--- a/.hgignore
+++ b/.hgignore
@@ -70,7 +70,9 @@
^lib_pypy/ctypes_config_cache/_.+_cache\.py$
^lib_pypy/ctypes_config_cache/_.+_.+_\.py$
^lib_pypy/_libmpdec/.+.o$
-^lib_pypy/.+.c$
+^lib_pypy/.+_cffi.c$
+^lib_pypy/_curses_cffi_check.c
+^lib_pypy/_pypy_openssl.c
^lib_pypy/.+.o$
^lib_pypy/.+.so$
^lib_pypy/.+.pyd$
diff --git a/lib_pypy/_cffi_ssl/README.md b/lib_pypy/_cffi_ssl/README.md
--- a/lib_pypy/_cffi_ssl/README.md
+++ b/lib_pypy/_cffi_ssl/README.md
@@ -1,21 +1,22 @@
# PyPy's SSL module
-All of the CFFI code is copied from cryptography, wich patches contributed
-back to cryptography. PyPy vendors it's own copy of the cffi backend thus
-it renames the compiled shared object to _pypy_openssl.so (which means
-that cryptography can ship their own cffi backend)
+All of the CFFI code is copied from cryptography. PyPy vendors it's own copy of
+the cffi backend thus it renames the compiled shared object to _pypy_openssl.so
+(which means that cryptography can ship their own cffi backend)
-NOTE: currently, we have the following changes:
+# Modifications to cryptography 2.7
-* ``_cffi_src/openssl/callbacks.py`` to not rely on the CPython C API
- (this change is now backported)
-
-* ``_cffi_src/utils.py`` for issue #2575 (29c9a89359e4)
-
-* ``_cffi_src/openssl/x509_vfy.py`` for issue #2605 (ca4d0c90f5a1)
-
-* ``_cffi_src/openssl/pypy_win32_extra.py`` for Win32-only functionality like
ssl.enum_certificates()
-
+- `_cffi_src/openssl/asn1.py` : revert removal of `ASN1_TIME_print`,
+ `ASN1_ITEM`, `ASN1_ITEM_EXP`, `ASN1_VALUE`, `ASN1_item_d2i`
+- `_cffi_src/openssl/bio.py` : revert removal of `BIO_s_file`,
`BIO_read_filename`
+- `_cffi_src/openssl/evp.py` : revert removal of `EVP_MD_size`
+- `_cffi_src/openssl/nid.py` : revert removal of `NID_ad_OCSP`,
+ `NID_info_access`, `NID_ad_ca_issuers`, `NID_crl_distribution_points`
+- `_cffi_src/openssl/pem.py` : revert removal of `PEM_read_bio_X509_AUX`
+- `_cffi_src/openssl/x509.py` : revert removal of `X509_get_ext_by_NID`,
+ `i2d_X509`
+- `_cffi_src/openssl/x509v3.py` : revert removal of `X509V3_EXT_get`,
+ `X509V3_EXT_METHOD`
# Tests?
@@ -25,11 +26,8 @@
Copy over all the sources into the folder `lib_pypy/_cffi_ssl/*`. Updating the
cffi backend can be simply done by the following command::
- $ cp -r <cloned cryptography folder>/src/_cffi_src/* .
-
-NOTE: you need to keep our version of ``_cffi_src/openssl/callbacks.py``
-for now!
+ $ cp -r <cloned cryptography folder>/src/* .
# Crpytography version
-Copied over release version `1.7.2`
+Copied over release version `2.7`
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_commoncrypto.py
b/lib_pypy/_cffi_ssl/_cffi_src/build_commoncrypto.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/build_commoncrypto.py
+++ /dev/null
@@ -1,33 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-from _cffi_src.utils import build_ffi_for_binding
-
-
-ffi = build_ffi_for_binding(
- module_name="_commoncrypto",
- module_prefix="_cffi_src.commoncrypto.",
- modules=[
- "cf",
- "common_digest",
- "common_hmac",
- "common_key_derivation",
- "common_cryptor",
- "common_symmetric_key_wrap",
- "seccertificate",
- "secimport",
- "secitem",
- "seckey",
- "seckeychain",
- "secpolicy",
- "sectransform",
- "sectrust",
- "secure_transport",
- ],
- extra_link_args=[
- "-framework", "Security", "-framework", "CoreFoundation"
- ],
-)
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
@@ -13,31 +13,43 @@
def _get_openssl_libraries(platform):
+ if os.environ.get("CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS", None):
+ return []
# OpenSSL goes by a different library name on different operating systems.
- if platform == "darwin":
- return _osx_libraries(
- os.environ.get("CRYPTOGRAPHY_OSX_NO_LINK_FLAGS")
+ if platform == "win32" and compiler_type() == "msvc":
+ windows_link_legacy_openssl = os.environ.get(
+ "CRYPTOGRAPHY_WINDOWS_LINK_LEGACY_OPENSSL", None
)
- elif platform == "win32":
- if compiler_type() == "msvc":
+ if windows_link_legacy_openssl is None:
+ # Link against the 1.1.0 names
+ libs = ["libssl", "libcrypto"]
+ else:
+ # Link against the 1.0.2 and lower names
libs = ["libeay32", "ssleay32"]
- else:
- libs = ["ssl", "crypto"]
return libs + ["advapi32", "crypt32", "gdi32", "user32", "ws2_32"]
else:
+ # darwin, linux, mingw all use this path
# In some circumstances, the order in which these libs are
# specified on the linker command-line is significant;
# libssl must come before libcrypto
- # (http://marc.info/?l=openssl-users&m=135361825921871)
+ # (https://marc.info/?l=openssl-users&m=135361825921871)
return ["ssl", "crypto"]
-def _osx_libraries(build_static):
- # For building statically we don't want to pass the -lssl or -lcrypto flags
- if build_static == "1":
+def _extra_compile_args(platform):
+ """
+ We set -Wconversion args here so that we only do Wconversion checks on the
+ code we're compiling and not on cffi itself (as passing -Wconversion in
+ CFLAGS would do). We set no error on sign conversion because some
+ function signatures in OpenSSL have changed from long -> unsigned long
+ in the past. Since that isn't a precision issue we don't care.
+ When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
+ revisit this.
+ """
+ if platform not in ["win32", "hp-ux11", "sunos5"]:
+ return ["-Wconversion", "-Wno-error=sign-conversion"]
+ else:
return []
- else:
- return ["ssl", "crypto"]
ffi = build_ffi_for_binding(
@@ -52,9 +64,9 @@
"bignum",
"bio",
"cmac",
- "cms",
"conf",
"crypto",
+ "ct",
"dh",
"dsa",
"ec",
@@ -63,6 +75,7 @@
"engine",
"err",
"evp",
+ "fips",
"hmac",
"nid",
"objects",
@@ -82,5 +95,13 @@
"callbacks",
],
libraries=_get_openssl_libraries(sys.platform),
+ # These args are passed here so that we only do Wconversion checks on the
+ # code we're compiling and not on cffi itself (as passing -Wconversion in
+ # CFLAGS would do). We set no error on sign convesrion because some
+ # function signatures in OpenSSL have changed from long -> unsigned long
+ # in the past. Since that isn't a precision issue we don't care.
+ # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
+ # revisit this.
+ extra_compile_args=_extra_compile_args(sys.platform),
extra_link_args=extra_link_args(compiler_type()),
)
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/__init__.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/__init__.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/__init__.py
+++ /dev/null
@@ -1,5 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/cf.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/cf.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/cf.py
+++ /dev/null
@@ -1,113 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <CoreFoundation/CoreFoundation.h>
-"""
-
-TYPES = """
-typedef bool Boolean;
-typedef signed long OSStatus;
-typedef unsigned char UInt8;
-typedef uint32_t UInt32;
-
-typedef const void * CFAllocatorRef;
-const CFAllocatorRef kCFAllocatorDefault;
-typedef ... *CFDataRef;
-typedef signed long long CFIndex;
-typedef ... *CFStringRef;
-typedef ... *CFArrayRef;
-typedef ... *CFMutableArrayRef;
-typedef ... *CFBooleanRef;
-typedef ... *CFErrorRef;
-typedef ... *CFNumberRef;
-typedef ... *CFTypeRef;
-typedef ... *CFDictionaryRef;
-typedef ... *CFMutableDictionaryRef;
-typedef struct {
- ...;
-} CFDictionaryKeyCallBacks;
-typedef struct {
- ...;
-} CFDictionaryValueCallBacks;
-typedef struct {
- ...;
-} CFRange;
-typedef struct {
- ...;
-} CFArrayCallBacks;
-
-typedef UInt32 CFStringEncoding;
-enum {
- kCFStringEncodingASCII = 0x0600
-};
-
-enum {
- kCFNumberSInt8Type = 1,
- kCFNumberSInt16Type = 2,
- kCFNumberSInt32Type = 3,
- kCFNumberSInt64Type = 4,
- kCFNumberFloat32Type = 5,
- kCFNumberFloat64Type = 6,
- kCFNumberCharType = 7,
- kCFNumberShortType = 8,
- kCFNumberIntType = 9,
- kCFNumberLongType = 10,
- kCFNumberLongLongType = 11,
- kCFNumberFloatType = 12,
- kCFNumberDoubleType = 13,
- kCFNumberCFIndexType = 14,
- kCFNumberNSIntegerType = 15,
- kCFNumberCGFloatType = 16,
- kCFNumberMaxType = 16
-};
-typedef int CFNumberType;
-
-const CFDictionaryKeyCallBacks kCFTypeDictionaryKeyCallBacks;
-const CFDictionaryValueCallBacks kCFTypeDictionaryValueCallBacks;
-
-const CFArrayCallBacks kCFTypeArrayCallBacks;
-
-const CFBooleanRef kCFBooleanTrue;
-const CFBooleanRef kCFBooleanFalse;
-"""
-
-FUNCTIONS = """
-CFDataRef CFDataCreate(CFAllocatorRef, const UInt8 *, CFIndex);
-CFStringRef CFStringCreateWithCString(CFAllocatorRef, const char *,
- CFStringEncoding);
-CFDictionaryRef CFDictionaryCreate(CFAllocatorRef, const void **,
- const void **, CFIndex,
- const CFDictionaryKeyCallBacks *,
- const CFDictionaryValueCallBacks *);
-CFMutableDictionaryRef CFDictionaryCreateMutable(
- CFAllocatorRef,
- CFIndex,
- const CFDictionaryKeyCallBacks *,
- const CFDictionaryValueCallBacks *
-);
-void CFDictionarySetValue(CFMutableDictionaryRef, const void *, const void *);
-CFIndex CFArrayGetCount(CFArrayRef);
-const void *CFArrayGetValueAtIndex(CFArrayRef, CFIndex);
-CFIndex CFDataGetLength(CFDataRef);
-void CFDataGetBytes(CFDataRef, CFRange, UInt8 *);
-CFRange CFRangeMake(CFIndex, CFIndex);
-void CFShow(CFTypeRef);
-Boolean CFBooleanGetValue(CFBooleanRef);
-CFNumberRef CFNumberCreate(CFAllocatorRef, CFNumberType, const void *);
-void CFRelease(CFTypeRef);
-CFTypeRef CFRetain(CFTypeRef);
-
-CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef, CFIndex,
- const CFArrayCallBacks *);
-void CFArrayAppendValue(CFMutableArrayRef, const void *);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_cryptor.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_cryptor.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_cryptor.py
+++ /dev/null
@@ -1,99 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <CommonCrypto/CommonCryptor.h>
-"""
-
-TYPES = """
-enum {
- kCCAlgorithmAES128 = 0,
- kCCAlgorithmDES,
- kCCAlgorithm3DES,
- kCCAlgorithmCAST,
- kCCAlgorithmRC4,
- kCCAlgorithmRC2,
- kCCAlgorithmBlowfish
-};
-typedef uint32_t CCAlgorithm;
-enum {
- kCCSuccess = 0,
- kCCParamError = -4300,
- kCCBufferTooSmall = -4301,
- kCCMemoryFailure = -4302,
- kCCAlignmentError = -4303,
- kCCDecodeError = -4304,
- kCCUnimplemented = -4305
-};
-typedef int32_t CCCryptorStatus;
-typedef uint32_t CCOptions;
-enum {
- kCCEncrypt = 0,
- kCCDecrypt,
-};
-typedef uint32_t CCOperation;
-typedef ... *CCCryptorRef;
-
-enum {
- kCCModeOptionCTR_LE = 0x0001,
- kCCModeOptionCTR_BE = 0x0002
-};
-
-typedef uint32_t CCModeOptions;
-
-enum {
- kCCModeECB = 1,
- kCCModeCBC = 2,
- kCCModeCFB = 3,
- kCCModeCTR = 4,
- kCCModeF8 = 5,
- kCCModeLRW = 6,
- kCCModeOFB = 7,
- kCCModeXTS = 8,
- kCCModeRC4 = 9,
- kCCModeCFB8 = 10,
- kCCModeGCM = 11
-};
-typedef uint32_t CCMode;
-enum {
- ccNoPadding = 0,
- ccPKCS7Padding = 1,
-};
-typedef uint32_t CCPadding;
-"""
-
-FUNCTIONS = """
-CCCryptorStatus CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm,
- CCPadding, const void *, const void *,
- size_t, const void *, size_t, int,
- CCModeOptions, CCCryptorRef *);
-CCCryptorStatus CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions,
- const void *, size_t, const void *,
- CCCryptorRef *);
-CCCryptorStatus CCCryptorUpdate(CCCryptorRef, const void *, size_t, void *,
- size_t, size_t *);
-CCCryptorStatus CCCryptorFinal(CCCryptorRef, void *, size_t, size_t *);
-CCCryptorStatus CCCryptorRelease(CCCryptorRef);
-
-CCCryptorStatus CCCryptorGCMAddIV(CCCryptorRef, const void *, size_t);
-CCCryptorStatus CCCryptorGCMAddAAD(CCCryptorRef, const void *, size_t);
-CCCryptorStatus CCCryptorGCMEncrypt(CCCryptorRef, const void *, size_t,
- void *);
-CCCryptorStatus CCCryptorGCMDecrypt(CCCryptorRef, const void *, size_t,
- void *);
-CCCryptorStatus CCCryptorGCMFinal(CCCryptorRef, const void *, size_t *);
-CCCryptorStatus CCCryptorGCMReset(CCCryptorRef);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-/* Not defined in the public header */
-enum {
- kCCModeGCM = 11
-};
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_digest.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_digest.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_digest.py
+++ /dev/null
@@ -1,58 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <CommonCrypto/CommonDigest.h>
-"""
-
-TYPES = """
-typedef uint32_t CC_LONG;
-typedef uint64_t CC_LONG64;
-typedef struct CC_MD5state_st {
- ...;
-} CC_MD5_CTX;
-typedef struct CC_SHA1state_st {
- ...;
-} CC_SHA1_CTX;
-typedef struct CC_SHA256state_st {
- ...;
-} CC_SHA256_CTX;
-typedef struct CC_SHA512state_st {
- ...;
-} CC_SHA512_CTX;
-"""
-
-FUNCTIONS = """
-int CC_MD5_Init(CC_MD5_CTX *);
-int CC_MD5_Update(CC_MD5_CTX *, const void *, CC_LONG);
-int CC_MD5_Final(unsigned char *, CC_MD5_CTX *);
-
-int CC_SHA1_Init(CC_SHA1_CTX *);
-int CC_SHA1_Update(CC_SHA1_CTX *, const void *, CC_LONG);
-int CC_SHA1_Final(unsigned char *, CC_SHA1_CTX *);
-
-int CC_SHA224_Init(CC_SHA256_CTX *);
-int CC_SHA224_Update(CC_SHA256_CTX *, const void *, CC_LONG);
-int CC_SHA224_Final(unsigned char *, CC_SHA256_CTX *);
-
-int CC_SHA256_Init(CC_SHA256_CTX *);
-int CC_SHA256_Update(CC_SHA256_CTX *, const void *, CC_LONG);
-int CC_SHA256_Final(unsigned char *, CC_SHA256_CTX *);
-
-int CC_SHA384_Init(CC_SHA512_CTX *);
-int CC_SHA384_Update(CC_SHA512_CTX *, const void *, CC_LONG);
-int CC_SHA384_Final(unsigned char *, CC_SHA512_CTX *);
-
-int CC_SHA512_Init(CC_SHA512_CTX *);
-int CC_SHA512_Update(CC_SHA512_CTX *, const void *, CC_LONG);
-int CC_SHA512_Final(unsigned char *, CC_SHA512_CTX *);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_hmac.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_hmac.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_hmac.py
+++ /dev/null
@@ -1,37 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <CommonCrypto/CommonHMAC.h>
-"""
-
-TYPES = """
-typedef struct {
- ...;
-} CCHmacContext;
-enum {
- kCCHmacAlgSHA1,
- kCCHmacAlgMD5,
- kCCHmacAlgSHA256,
- kCCHmacAlgSHA384,
- kCCHmacAlgSHA512,
- kCCHmacAlgSHA224
-};
-typedef uint32_t CCHmacAlgorithm;
-"""
-
-FUNCTIONS = """
-void CCHmacInit(CCHmacContext *, CCHmacAlgorithm, const void *, size_t);
-void CCHmacUpdate(CCHmacContext *, const void *, size_t);
-void CCHmacFinal(CCHmacContext *, void *);
-
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_key_derivation.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_key_derivation.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_key_derivation.py
+++ /dev/null
@@ -1,39 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <CommonCrypto/CommonKeyDerivation.h>
-"""
-
-TYPES = """
-enum {
- kCCPBKDF2 = 2,
-};
-typedef uint32_t CCPBKDFAlgorithm;
-enum {
- kCCPRFHmacAlgSHA1 = 1,
- kCCPRFHmacAlgSHA224 = 2,
- kCCPRFHmacAlgSHA256 = 3,
- kCCPRFHmacAlgSHA384 = 4,
- kCCPRFHmacAlgSHA512 = 5,
-};
-typedef uint32_t CCPseudoRandomAlgorithm;
-typedef unsigned int uint;
-"""
-
-FUNCTIONS = """
-int CCKeyDerivationPBKDF(CCPBKDFAlgorithm, const char *, size_t,
- const uint8_t *, size_t, CCPseudoRandomAlgorithm,
- uint, uint8_t *, size_t);
-uint CCCalibratePBKDF(CCPBKDFAlgorithm, size_t, size_t,
- CCPseudoRandomAlgorithm, size_t, uint32_t);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git
a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
+++ /dev/null
@@ -1,35 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <CommonCrypto/CommonSymmetricKeywrap.h>
-"""
-
-TYPES = """
-enum {
- kCCWRAPAES = 1,
-};
-
-typedef uint32_t CCWrappingAlgorithm;
-"""
-
-FUNCTIONS = """
-int CCSymmetricKeyWrap(CCWrappingAlgorithm, const uint8_t *, const size_t,
- const uint8_t *, size_t, const uint8_t *, size_t,
- uint8_t *, size_t *);
-int CCSymmetricKeyUnwrap(CCWrappingAlgorithm algorithm, const uint8_t *,
- const size_t, const uint8_t *, size_t,
- const uint8_t *, size_t, uint8_t *, size_t *);
-size_t CCSymmetricWrappedSize(CCWrappingAlgorithm, size_t);
-size_t CCSymmetricUnwrappedSize(CCWrappingAlgorithm, size_t);
-
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seccertificate.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seccertificate.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seccertificate.py
+++ /dev/null
@@ -1,23 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecCertificate.h>
-"""
-
-TYPES = """
-typedef ... *SecCertificateRef;
-"""
-
-FUNCTIONS = """
-SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef, CFDataRef);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secimport.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secimport.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secimport.py
+++ /dev/null
@@ -1,86 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecImportExport.h>
-"""
-
-TYPES = """
-typedef ... *SecAccessRef;
-
-CFStringRef kSecImportExportPassphrase;
-CFStringRef kSecImportExportKeychain;
-CFStringRef kSecImportExportAccess;
-
-typedef uint32_t SecExternalItemType;
-enum {
- kSecItemTypeUnknown,
- kSecItemTypePrivateKey,
- kSecItemTypePublicKey,
- kSecItemTypeSessionKey,
- kSecItemTypeCertificate,
- kSecItemTypeAggregate
-};
-
-
-typedef uint32_t SecExternalFormat;
-enum {
- kSecFormatUnknown = 0,
- kSecFormatOpenSSL,
- kSecFormatSSH,
- kSecFormatBSAFE,
- kSecFormatRawKey,
- kSecFormatWrappedPKCS8,
- kSecFormatWrappedOpenSSL,
- kSecFormatWrappedSSH,
- kSecFormatWrappedLSH,
- kSecFormatX509Cert,
- kSecFormatPEMSequence,
- kSecFormatPKCS7,
- kSecFormatPKCS12,
- kSecFormatNetscapeCertSequence,
- kSecFormatSSHv2
-};
-
-typedef uint32_t SecItemImportExportFlags;
-enum {
- kSecKeyImportOnlyOne = 0x00000001,
- kSecKeySecurePassphrase = 0x00000002,
- kSecKeyNoAccessControl = 0x00000004
-};
-typedef uint32_t SecKeyImportExportFlags;
-
-typedef struct {
- /* for import and export */
- uint32_t version;
- SecKeyImportExportFlags flags;
- CFTypeRef passphrase;
- CFStringRef alertTitle;
- CFStringRef alertPrompt;
-
- /* for import only */
- SecAccessRef accessRef;
- CFArrayRef keyUsage;
-
- CFArrayRef keyAttributes;
-} SecItemImportExportKeyParameters;
-"""
-
-FUNCTIONS = """
-OSStatus SecItemImport(CFDataRef, CFStringRef, SecExternalFormat *,
- SecExternalItemType *, SecItemImportExportFlags,
- const SecItemImportExportKeyParameters *,
- SecKeychainRef, CFArrayRef *);
-OSStatus SecPKCS12Import(CFDataRef, CFDictionaryRef, CFArrayRef *);
-OSStatus SecItemExport(CFTypeRef, SecExternalFormat, SecItemImportExportFlags,
- const SecItemImportExportKeyParameters *, CFDataRef *);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secitem.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secitem.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secitem.py
+++ /dev/null
@@ -1,27 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecItem.h>
-"""
-
-TYPES = """
-const CFTypeRef kSecAttrKeyType;
-const CFTypeRef kSecAttrKeySizeInBits;
-const CFTypeRef kSecAttrIsPermanent;
-const CFTypeRef kSecAttrKeyTypeRSA;
-const CFTypeRef kSecAttrKeyTypeDSA;
-const CFTypeRef kSecUseKeychain;
-"""
-
-FUNCTIONS = """
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckey.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckey.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckey.py
+++ /dev/null
@@ -1,24 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecKey.h>
-"""
-
-TYPES = """
-typedef ... *SecKeyRef;
-"""
-
-FUNCTIONS = """
-OSStatus SecKeyGeneratePair(CFDictionaryRef, SecKeyRef *, SecKeyRef *);
-size_t SecKeyGetBlockSize(SecKeyRef);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckeychain.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckeychain.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckeychain.py
+++ /dev/null
@@ -1,25 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecKeychain.h>
-"""
-
-TYPES = """
-typedef ... *SecKeychainRef;
-"""
-
-FUNCTIONS = """
-OSStatus SecKeychainCreate(const char *, UInt32, const void *, Boolean,
- SecAccessRef, SecKeychainRef *);
-OSStatus SecKeychainDelete(SecKeychainRef);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secpolicy.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secpolicy.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secpolicy.py
+++ /dev/null
@@ -1,23 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecPolicy.h>
-"""
-
-TYPES = """
-typedef ... *SecPolicyRef;
-"""
-
-FUNCTIONS = """
-SecPolicyRef SecPolicyCreateSSL(Boolean, CFStringRef);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectransform.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectransform.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectransform.py
+++ /dev/null
@@ -1,68 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecDigestTransform.h>
-#include <Security/SecSignVerifyTransform.h>
-#include <Security/SecEncryptTransform.h>
-"""
-
-TYPES = """
-typedef ... *SecTransformRef;
-
-CFStringRef kSecImportExportPassphrase;
-CFStringRef kSecImportExportKeychain;
-CFStringRef kSecImportExportAccess;
-
-CFStringRef kSecEncryptionMode;
-CFStringRef kSecEncryptKey;
-CFStringRef kSecIVKey;
-CFStringRef kSecModeCBCKey;
-CFStringRef kSecModeCFBKey;
-CFStringRef kSecModeECBKey;
-CFStringRef kSecModeNoneKey;
-CFStringRef kSecModeOFBKey;
-CFStringRef kSecOAEPEncodingParametersAttributeName;
-CFStringRef kSecPaddingKey;
-CFStringRef kSecPaddingNoneKey;
-CFStringRef kSecPaddingOAEPKey;
-CFStringRef kSecPaddingPKCS1Key;
-CFStringRef kSecPaddingPKCS5Key;
-CFStringRef kSecPaddingPKCS7Key;
-
-const CFStringRef kSecTransformInputAttributeName;
-const CFStringRef kSecTransformOutputAttributeName;
-const CFStringRef kSecTransformDebugAttributeName;
-const CFStringRef kSecTransformTransformName;
-const CFStringRef kSecTransformAbortAttributeName;
-
-CFStringRef kSecInputIsAttributeName;
-CFStringRef kSecInputIsPlainText;
-CFStringRef kSecInputIsDigest;
-CFStringRef kSecInputIsRaw;
-
-const CFStringRef kSecDigestTypeAttribute;
-const CFStringRef kSecDigestLengthAttribute;
-const CFStringRef kSecDigestMD5;
-const CFStringRef kSecDigestSHA1;
-const CFStringRef kSecDigestSHA2;
-"""
-
-FUNCTIONS = """
-Boolean SecTransformSetAttribute(SecTransformRef, CFStringRef, CFTypeRef,
- CFErrorRef *);
-SecTransformRef SecDecryptTransformCreate(SecKeyRef, CFErrorRef *);
-SecTransformRef SecEncryptTransformCreate(SecKeyRef, CFErrorRef *);
-SecTransformRef SecVerifyTransformCreate(SecKeyRef, CFDataRef, CFErrorRef *);
-SecTransformRef SecSignTransformCreate(SecKeyRef, CFErrorRef *) ;
-CFTypeRef SecTransformExecute(SecTransformRef, CFErrorRef *);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectrust.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectrust.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectrust.py
+++ /dev/null
@@ -1,39 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecTrust.h>
-"""
-
-TYPES = """
-typedef ... *SecTrustRef;
-typedef uint32_t SecTrustResultType;
-
-enum {
- kSecTrustResultInvalid,
- kSecTrustResultProceed,
- kSecTrustResultDeny,
- kSecTrustResultUnspecified,
- kSecTrustResultRecoverableTrustFailure,
- kSecTrustResultFatalTrustFailure,
- kSecTrustResultOtherError
-};
-"""
-
-FUNCTIONS = """
-OSStatus SecTrustEvaluate(SecTrustRef, SecTrustResultType *);
-OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *);
-"""
-
-MACROS = """
-/* The first argument changed from CFArrayRef to CFTypeRef in 10.8, so this
- * has to go here for compatibility.
- */
-OSStatus SecTrustCreateWithCertificates(CFTypeRef, CFTypeRef, SecTrustRef *);
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secure_transport.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secure_transport.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secure_transport.py
+++ /dev/null
@@ -1,308 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
-#include <Security/SecureTransport.h>
-"""
-
-TYPES = """
-typedef ... *SSLContextRef;
-typedef const void *SSLConnectionRef;
-
-typedef enum {
- kSSLSessionOptionBreakOnServerAuth,
- kSSLSessionOptionBreakOnCertRequested,
-} SSLSessionOption;
-
-typedef enum {
- kNeverAuthenticate,
- kAlwaysAuthenticate,
- kTryAuthenticate
-} SSLAuthenticate;
-
-typedef enum {
- kSSLIdle,
- kSSLHandshake,
- kSSLConnected,
- kSSLClosed,
- kSSLAborted
-} SSLSessionState;
-
-typedef enum {
- kSSLProtocolUnknown = 0,
- kSSLProtocol3 = 2,
- kTLSProtocol1 = 4,
- /* DEPRECATED on iOS */
- kSSLProtocol2 = 1,
- kSSLProtocol3Only = 3,
- kTLSProtocol1Only = 5,
- kSSLProtocolAll = 6,
-} SSLProtocol;
-
-typedef UInt32 SSLCipherSuite;
-enum {
- SSL_NULL_WITH_NULL_NULL = 0x0000,
- SSL_RSA_WITH_NULL_MD5 = 0x0001,
- SSL_RSA_WITH_NULL_SHA = 0x0002,
- SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
- SSL_RSA_WITH_RC4_128_MD5 = 0x0004,
- SSL_RSA_WITH_RC4_128_SHA = 0x0005,
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
- SSL_RSA_WITH_IDEA_CBC_SHA = 0x0007,
- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
- SSL_RSA_WITH_DES_CBC_SHA = 0x0009,
- SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
- SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
- SSL_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
- SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
- SSL_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
- SSL_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
- SSL_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
- SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
- SSL_DH_anon_WITH_RC4_128_MD5 = 0x0018,
- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
- SSL_DH_anon_WITH_DES_CBC_SHA = 0x001A,
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
- SSL_FORTEZZA_DMS_WITH_NULL_SHA = 0x001C,
- SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA =0x001D,
-
- /* TLS addenda using AES, per RFC 3268 */
- TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
- TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
- TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
- TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
- TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
- TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
- TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
- TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
-
- /* ECDSA addenda, RFC 4492 */
- TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
- TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
- TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
- TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
- TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
- TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
- TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
- TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
- TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
- TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
- TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
-
- /* TLS 1.2 addenda, RFC 5246 */
- /* Initial state. */
- TLS_NULL_WITH_NULL_NULL = 0x0000,
-
- /* Server provided RSA certificate for key exchange. */
- TLS_RSA_WITH_NULL_MD5 = 0x0001,
- TLS_RSA_WITH_NULL_SHA = 0x0002,
- TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
- TLS_RSA_WITH_RC4_128_SHA = 0x0005,
- TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
- TLS_RSA_WITH_NULL_SHA256 = 0x003B,
- TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
- TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
-
- /* Server-authenticated (and optionally client-authenticated)
- Diffie-Hellman. */
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
- TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
- TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
- TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
- TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
-
- /* Completely anonymous Diffie-Hellman */
- TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
- TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
- TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
-
- /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
- for TLS. */
- TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
- TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
- TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
- TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
- TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
- TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
- TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
- TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
-
- /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
- HMAC SHA-256/384. */
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
-
- /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
- SHA-256/384 and AES Galois Counter Mode (GCM) */
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
-
- /* RFC 5746 - Secure Renegotiation */
- TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
-
- /*
- * Tags for SSL 2 cipher kinds that are not specified
- * for SSL 3.
- */
- SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
- SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
- SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
- SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
- SSL_NO_SUCH_CIPHERSUITE = 0xFFFF
-};
-
-typedef enum {
- kSSLClientCertNone,
- kSSLClientCertRequested,
- kSSLClientCertSent,
- kSSLClientCertRejected
-} SSLClientCertificateState;
-
-enum {
- errSSLProtocol = -9800,
- errSSLNegotiation = -9801,
- errSSLFatalAlert = -9802,
- errSSLWouldBlock = -9803,
- errSSLSessionNotFound = -9804,
- errSSLClosedGraceful = -9805,
- errSSLClosedAbort = -9806,
- errSSLXCertChainInvalid = -9807,
- errSSLBadCert = -9808,
- errSSLCrypto = -9809,
- errSSLInternal = -9810,
- errSSLModuleAttach = -9811,
- errSSLUnknownRootCert = -9812,
- errSSLNoRootCert = -9813,
- errSSLCertExpired = -9814,
- errSSLCertNotYetValid = -9815,
- errSSLClosedNoNotify = -9816,
- errSSLBufferOverflow = -9817,
- errSSLBadCipherSuite = -9818,
- errSSLPeerUnexpectedMsg = -9819,
- errSSLPeerBadRecordMac = -9820,
- errSSLPeerDecryptionFail = -9821,
- errSSLPeerRecordOverflow = -9822,
- errSSLPeerDecompressFail = -9823,
- errSSLPeerHandshakeFail = -9824,
- errSSLPeerBadCert = -9825,
- errSSLPeerUnsupportedCert = -9826,
- errSSLPeerCertRevoked = -9827,
- errSSLPeerCertExpired = -9828,
- errSSLPeerCertUnknown = -9829,
- errSSLIllegalParam = -9830,
- errSSLPeerUnknownCA = -9831,
- errSSLPeerAccessDenied = -9832,
- errSSLPeerDecodeError = -9833,
- errSSLPeerDecryptError = -9834,
- errSSLPeerExportRestriction = -9835,
- errSSLPeerProtocolVersion = -9836,
- errSSLPeerInsufficientSecurity = -9837,
- errSSLPeerInternalError = -9838,
- errSSLPeerUserCancelled = -9839,
- errSSLPeerNoRenegotiation = -9840,
- errSSLServerAuthCompleted = -9841,
- errSSLClientCertRequested = -9842,
- errSSLHostNameMismatch = -9843,
- errSSLConnectionRefused = -9844,
- errSSLDecryptionFail = -9845,
- errSSLBadRecordMac = -9846,
- errSSLRecordOverflow = -9847,
- errSSLBadConfiguration = -9848,
- errSSLLast = -9849 /* end of range, to be deleted */
-};
-"""
-
-FUNCTIONS = """
-OSStatus SSLSetConnection(SSLContextRef, SSLConnectionRef);
-OSStatus SSLGetConnection(SSLContextRef, SSLConnectionRef *);
-OSStatus SSLSetSessionOption(SSLContextRef, SSLSessionOption, Boolean);
-OSStatus SSLSetClientSideAuthenticate(SSLContextRef, SSLAuthenticate);
-
-OSStatus SSLHandshake(SSLContextRef);
-OSStatus SSLGetSessionState(SSLContextRef, SSLSessionState *);
-OSStatus SSLGetNegotiatedProtocolVersion(SSLContextRef, SSLProtocol *);
-OSStatus SSLSetPeerID(SSLContextRef, const void *, size_t);
-OSStatus SSLGetPeerID(SSLContextRef, const void **, size_t *);
-OSStatus SSLGetBufferedReadSize(SSLContextRef, size_t *);
-OSStatus SSLRead(SSLContextRef, void *, size_t, size_t *);
-OSStatus SSLWrite(SSLContextRef, const void *, size_t, size_t *);
-OSStatus SSLClose(SSLContextRef);
-
-OSStatus SSLGetNumberSupportedCiphers(SSLContextRef, size_t *);
-OSStatus SSLGetSupportedCiphers(SSLContextRef, SSLCipherSuite *, size_t *);
-OSStatus SSLSetEnabledCiphers(SSLContextRef, const SSLCipherSuite *, size_t);
-OSStatus SSLGetNumberEnabledCiphers(SSLContextRef, size_t *);
-OSStatus SSLGetEnabledCiphers(SSLContextRef, SSLCipherSuite *, size_t *);
-OSStatus SSLGetNegotiatedCipher(SSLContextRef, SSLCipherSuite *);
-OSStatus SSLSetDiffieHellmanParams(SSLContextRef, const void *, size_t);
-OSStatus SSLGetDiffieHellmanParams(SSLContextRef, const void **, size_t *);
-
-OSStatus SSLSetCertificateAuthorities(SSLContextRef, CFTypeRef, Boolean);
-OSStatus SSLCopyCertificateAuthorities(SSLContextRef, CFArrayRef *);
-OSStatus SSLCopyDistinguishedNames(SSLContextRef, CFArrayRef *);
-OSStatus SSLSetCertificate(SSLContextRef, CFArrayRef);
-OSStatus SSLGetClientCertificateState(SSLContextRef,
- SSLClientCertificateState *);
-OSStatus SSLCopyPeerTrust(SSLContextRef, SecTrustRef *trust);
-
-OSStatus SSLSetPeerDomainName(SSLContextRef, const char *, size_t);
-OSStatus SSLGetPeerDomainNameLength(SSLContextRef, size_t *);
-OSStatus SSLGetPeerDomainName(SSLContextRef, char *, size_t *);
-"""
-
-MACROS = """
-"""
-
-CUSTOMIZATIONS = """
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
@@ -9,13 +9,7 @@
"""
TYPES = """
-static const int Cryptography_HAS_AES_WRAP;
-static const int Cryptography_HAS_AES_CTR128_ENCRYPT;
-
-struct aes_key_st {
- ...;
-};
-typedef struct aes_key_st AES_KEY;
+typedef ... AES_KEY;
"""
FUNCTIONS = """
@@ -28,23 +22,5 @@
const unsigned char *, unsigned int);
"""
-MACROS = """
-/* The ctr128_encrypt function is only useful in 1.0.0. We can use EVP for
- this in 1.0.1+. */
-void AES_ctr128_encrypt(const unsigned char *, unsigned char *,
- size_t, const AES_KEY *, unsigned char[],
- unsigned char[], unsigned int *);
+CUSTOMIZATIONS = """
"""
-
-CUSTOMIZATIONS = """
-static const long Cryptography_HAS_AES_WRAP = 1;
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER)
-static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 0;
-void (*AES_ctr128_encrypt)(const unsigned char *, unsigned char *,
- size_t, const AES_KEY *,
- unsigned char[], unsigned char[],
- unsigned int *) = NULL;
-#else
-static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 1;
-#endif
-"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/asn1.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/asn1.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/asn1.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/asn1.py
@@ -11,7 +11,6 @@
TYPES = """
typedef int... time_t;
-typedef int ASN1_BOOLEAN;
typedef ... ASN1_INTEGER;
struct asn1_string_st {
@@ -35,29 +34,17 @@
typedef ... ASN1_VALUE;
typedef ... ASN1_ITEM_EXP;
-
-typedef ... ASN1_UTCTIME;
+typedef ... ASN1_NULL;
static const int V_ASN1_GENERALIZEDTIME;
-static const int MBSTRING_FLAG;
-static const int MBSTRING_ASC;
-static const int MBSTRING_BMP;
static const int MBSTRING_UTF8;
-static const int MBSTRING_UNIV;
"""
FUNCTIONS = """
-ASN1_OBJECT *ASN1_OBJECT_new(void);
void ASN1_OBJECT_free(ASN1_OBJECT *);
-/* ASN1 OBJECT IDENTIFIER */
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **, const unsigned char **, long);
-
/* ASN1 STRING */
-ASN1_STRING *ASN1_STRING_new(void);
-ASN1_STRING *ASN1_STRING_type_new(int);
-void ASN1_STRING_free(ASN1_STRING *);
unsigned char *ASN1_STRING_data(ASN1_STRING *);
int ASN1_STRING_set(ASN1_STRING *, const void *, int);
@@ -70,95 +57,59 @@
ASN1_IA5STRING *ASN1_IA5STRING_new(void);
/* ASN1 INTEGER */
-ASN1_INTEGER *ASN1_INTEGER_new(void);
void ASN1_INTEGER_free(ASN1_INTEGER *);
int ASN1_INTEGER_set(ASN1_INTEGER *, long);
/* ASN1 TIME */
ASN1_TIME *ASN1_TIME_new(void);
void ASN1_TIME_free(ASN1_TIME *);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *,
- ASN1_GENERALIZEDTIME **);
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *, time_t);
-
-/* ASN1 UTCTIME */
-ASN1_UTCTIME *ASN1_UTCTIME_new(void);
-void ASN1_UTCTIME_free(ASN1_UTCTIME *);
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *, time_t);
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *, time_t);
+int ASN1_TIME_set_string(ASN1_TIME *, const char *);
/* ASN1 GENERALIZEDTIME */
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *, const char *);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *, time_t);
void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *);
-int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *, unsigned char **);
/* ASN1 ENUMERATED */
ASN1_ENUMERATED *ASN1_ENUMERATED_new(void);
void ASN1_ENUMERATED_free(ASN1_ENUMERATED *);
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long);
-int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *, unsigned char **);
ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long,
const ASN1_ITEM *);
int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *, int, int);
-"""
-
-MACROS = """
/* These became const ASN1_* in 1.1.0 */
-int i2d_ASN1_OBJECT(ASN1_OBJECT *, unsigned char **);
int ASN1_STRING_type(ASN1_STRING *);
int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *);
long ASN1_ENUMERATED_get(ASN1_ENUMERATED *);
int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *);
+/* This became const ASN1_TIME in 1.1.0f */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *,
+ ASN1_GENERALIZEDTIME **);
+
ASN1_UTF8STRING *ASN1_UTF8STRING_new(void);
void ASN1_UTF8STRING_free(ASN1_UTF8STRING *);
ASN1_BIT_STRING *ASN1_BIT_STRING_new(void);
void ASN1_BIT_STRING_free(ASN1_BIT_STRING *);
-int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *, unsigned char **);
-int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *, unsigned char **);
-int i2d_ASN1_INTEGER(ASN1_INTEGER *, unsigned char **);
+const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
+
/* This is not a macro, but is const on some versions of OpenSSL */
int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *, int);
-ASN1_TIME *M_ASN1_TIME_dup(void *);
-const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
-
-/* These aren't macros these arguments are all const X on openssl > 1.0.x */
int ASN1_TIME_print(BIO *, ASN1_TIME *);
int ASN1_STRING_length(ASN1_STRING *);
-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *);
-int ASN1_STRING_cmp(ASN1_STRING *, ASN1_STRING *);
-int ASN1_UTCTIME_print(BIO *, ASN1_UTCTIME *);
-
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *);
-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *, ASN1_OCTET_STRING *);
-
-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *);
-int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *);
-long ASN1_INTEGER_get(ASN1_INTEGER *);
+int ASN1_STRING_set_default_mask_asc(char *);
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *);
ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *);
-/* These isn't a macro the arg is const on openssl 1.0.2+ */
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *);
-int ASN1_UTCTIME_check(ASN1_UTCTIME *);
-
-/* Not a macro, const on openssl 1.0 */
-int ASN1_STRING_set_default_mask_asc(char *);
-
int i2d_ASN1_TYPE(ASN1_TYPE *, unsigned char **);
ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **, const unsigned char **, long);
+
+ASN1_NULL *ASN1_NULL_new(void);
"""
CUSTOMIZATIONS = """
-/* This macro is removed in 1.1.0. We re-add it if required to support
- pyOpenSSL versions older than whatever resolves
- https://github.com/pyca/pyopenssl/issues/431 */
-#if !defined(M_ASN1_TIME_dup)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((const ASN1_STRING *)a)
-#endif
"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/bignum.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bignum.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/bignum.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bignum.py
@@ -10,13 +10,21 @@
TYPES = """
typedef ... BN_CTX;
+typedef ... BN_MONT_CTX;
typedef ... BIGNUM;
typedef int... BN_ULONG;
"""
FUNCTIONS = """
+#define BN_FLG_CONSTTIME ...
+
+void BN_set_flags(BIGNUM *, int);
+
BIGNUM *BN_new(void);
void BN_free(BIGNUM *);
+void BN_clear_free(BIGNUM *);
+
+int BN_rand_range(BIGNUM *, const BIGNUM *);
BN_CTX *BN_CTX_new(void);
void BN_CTX_free(BN_CTX *);
@@ -25,17 +33,18 @@
BIGNUM *BN_CTX_get(BN_CTX *);
void BN_CTX_end(BN_CTX *);
-BIGNUM *BN_copy(BIGNUM *, const BIGNUM *);
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+int BN_MONT_CTX_set(BN_MONT_CTX *, const BIGNUM *, BN_CTX *);
+void BN_MONT_CTX_free(BN_MONT_CTX *);
+
BIGNUM *BN_dup(const BIGNUM *);
int BN_set_word(BIGNUM *, BN_ULONG);
-BN_ULONG BN_get_word(const BIGNUM *);
const BIGNUM *BN_value_one(void);
char *BN_bn2hex(const BIGNUM *);
int BN_hex2bn(BIGNUM **, const char *);
-int BN_dec2bn(BIGNUM **, const char *);
int BN_bn2bin(const BIGNUM *, unsigned char *);
BIGNUM *BN_bin2bn(const unsigned char *, int, BIGNUM *);
@@ -43,11 +52,9 @@
int BN_num_bits(const BIGNUM *);
int BN_cmp(const BIGNUM *, const BIGNUM *);
+int BN_is_negative(const BIGNUM *);
int BN_add(BIGNUM *, const BIGNUM *, const BIGNUM *);
int BN_sub(BIGNUM *, const BIGNUM *, const BIGNUM *);
-int BN_mul(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-int BN_sqr(BIGNUM *, const BIGNUM *, BN_CTX *);
-int BN_div(BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
int BN_nnmod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
int BN_mod_add(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
BN_CTX *);
@@ -55,33 +62,23 @@
BN_CTX *);
int BN_mod_mul(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
BN_CTX *);
-int BN_mod_sqr(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-int BN_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
int BN_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
BN_CTX *);
-int BN_gcd(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+int BN_mod_exp_mont(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *, BN_MONT_CTX *);
+int BN_mod_exp_mont_consttime(BIGNUM *, const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
BIGNUM *BN_mod_inverse(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-int BN_set_bit(BIGNUM *, int);
-int BN_clear_bit(BIGNUM *, int);
-
-int BN_is_bit_set(const BIGNUM *, int);
-
-int BN_mask_bits(BIGNUM *, int);
-"""
-
-MACROS = """
int BN_num_bytes(const BIGNUM *);
-int BN_zero(BIGNUM *);
-int BN_one(BIGNUM *);
int BN_mod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-int BN_lshift(BIGNUM *, const BIGNUM *, int);
-int BN_lshift1(BIGNUM *, BIGNUM *);
-
-int BN_rshift(BIGNUM *, BIGNUM *, int);
-int BN_rshift1(BIGNUM *, BIGNUM *);
+/* The following 3 prime methods are exposed for Tribler. */
+int BN_generate_prime_ex(BIGNUM *, int, int, const BIGNUM *,
+ const BIGNUM *, BN_GENCB *);
+int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, BN_GENCB *);
+const int BN_prime_checks_for_size(int);
"""
CUSTOMIZATIONS = """
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/bio.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bio.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/bio.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bio.py
@@ -9,136 +9,42 @@
"""
TYPES = """
-typedef struct bio_st BIO;
-typedef void bio_info_cb(BIO *, int, const char *, int, long, long);
-typedef ... bio_st;
+typedef ... BIO;
typedef ... BIO_METHOD;
-typedef ... BUF_MEM;
-
-static const int BIO_TYPE_MEM;
-static const int BIO_TYPE_FILE;
-static const int BIO_TYPE_FD;
-static const int BIO_TYPE_SOCKET;
-static const int BIO_TYPE_CONNECT;
-static const int BIO_TYPE_ACCEPT;
-static const int BIO_TYPE_NULL;
-static const int BIO_CLOSE;
-static const int BIO_NOCLOSE;
-static const int BIO_TYPE_SOURCE_SINK;
-static const int BIO_CTRL_RESET;
-static const int BIO_CTRL_EOF;
-static const int BIO_CTRL_SET;
-static const int BIO_CTRL_SET_CLOSE;
-static const int BIO_CTRL_FLUSH;
-static const int BIO_CTRL_DUP;
-static const int BIO_CTRL_GET_CLOSE;
-static const int BIO_CTRL_INFO;
-static const int BIO_CTRL_GET;
-static const int BIO_CTRL_PENDING;
-static const int BIO_CTRL_WPENDING;
-static const int BIO_C_FILE_SEEK;
-static const int BIO_C_FILE_TELL;
-static const int BIO_TYPE_NONE;
-static const int BIO_TYPE_NBIO_TEST;
-static const int BIO_TYPE_BIO;
-static const int BIO_TYPE_DESCRIPTOR;
-static const int BIO_FLAGS_READ;
-static const int BIO_FLAGS_WRITE;
-static const int BIO_FLAGS_IO_SPECIAL;
-static const int BIO_FLAGS_RWS;
-static const int BIO_FLAGS_SHOULD_RETRY;
-static const int BIO_TYPE_NULL_FILTER;
-static const int BIO_TYPE_SSL;
-static const int BIO_TYPE_MD;
-static const int BIO_TYPE_BUFFER;
-static const int BIO_TYPE_CIPHER;
-static const int BIO_TYPE_BASE64;
-static const int BIO_TYPE_FILTER;
"""
FUNCTIONS = """
int BIO_free(BIO *);
-void BIO_vfree(BIO *);
void BIO_free_all(BIO *);
-BIO *BIO_push(BIO *, BIO *);
-BIO *BIO_pop(BIO *);
-BIO *BIO_next(BIO *);
-BIO *BIO_find_type(BIO *, int);
BIO *BIO_new_file(const char *, const char *);
-BIO *BIO_new_fp(FILE *, int);
-BIO *BIO_new_fd(int, int);
-BIO *BIO_new_socket(int, int);
-long BIO_ctrl(BIO *, int, long, void *);
-long BIO_callback_ctrl(
- BIO *,
- int,
- void (*)(struct bio_st *, int, const char *, int, long, long)
-);
-long BIO_int_ctrl(BIO *, int, long, int);
+BIO *BIO_new_dgram(int, int);
size_t BIO_ctrl_pending(BIO *);
-size_t BIO_ctrl_wpending(BIO *);
int BIO_read(BIO *, void *, int);
int BIO_gets(BIO *, char *, int);
int BIO_write(BIO *, const void *, int);
-int BIO_puts(BIO *, const char *);
-int BIO_method_type(const BIO *);
-"""
-
-MACROS = """
/* Added in 1.1.0 */
int BIO_up_ref(BIO *);
-/* These added const to BIO_METHOD in 1.1.0 */
BIO *BIO_new(BIO_METHOD *);
BIO_METHOD *BIO_s_mem(void);
BIO_METHOD *BIO_s_file(void);
-BIO_METHOD *BIO_s_fd(void);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-/* BIO_new_mem_buf became const void * in 1.0.2g */
-BIO *BIO_new_mem_buf(void *, int);
-long BIO_set_fd(BIO *, long, int);
-long BIO_get_fd(BIO *, char *);
+BIO_METHOD *BIO_s_datagram(void);
+BIO *BIO_new_mem_buf(const void *, int);
long BIO_set_mem_eof_return(BIO *, int);
long BIO_get_mem_data(BIO *, char **);
-long BIO_set_mem_buf(BIO *, BUF_MEM *, int);
-long BIO_get_mem_ptr(BIO *, BUF_MEM **);
-long BIO_set_fp(BIO *, FILE *, int);
-long BIO_get_fp(BIO *, FILE **);
long BIO_read_filename(BIO *, char *);
-long BIO_write_filename(BIO *, char *);
-long BIO_append_filename(BIO *, char *);
-long BIO_rw_filename(BIO *, char *);
int BIO_should_read(BIO *);
int BIO_should_write(BIO *);
int BIO_should_io_special(BIO *);
-int BIO_retry_type(BIO *);
int BIO_should_retry(BIO *);
int BIO_reset(BIO *);
-int BIO_seek(BIO *, int);
-int BIO_tell(BIO *);
-int BIO_flush(BIO *);
-int BIO_eof(BIO *);
-int BIO_set_close(BIO *,long);
-int BIO_get_close(BIO *);
-int BIO_pending(BIO *);
-int BIO_wpending(BIO *);
-int BIO_get_info_callback(BIO *, bio_info_cb **);
-int BIO_set_info_callback(BIO *, bio_info_cb *);
-long BIO_get_buffer_num_lines(BIO *);
-long BIO_set_read_buffer_size(BIO *, long);
-long BIO_set_write_buffer_size(BIO *, long);
-long BIO_set_buffer_size(BIO *, long);
-long BIO_set_buffer_read_data(BIO *, void *, long);
long BIO_set_nbio(BIO *, long);
void BIO_set_retry_read(BIO *);
void BIO_clear_retry_flags(BIO *);
"""
CUSTOMIZATIONS = """
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 || defined(LIBRESSL_VERSION_NUMBER)
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
int BIO_up_ref(BIO *b) {
CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
return 1;
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/callbacks.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/callbacks.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/callbacks.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/callbacks.py
@@ -4,108 +4,85 @@
from __future__ import absolute_import, division, print_function
-import sys
-
-import cffi
-
INCLUDES = """
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <openssl/crypto.h>
+
+#ifdef _WIN32
+#define WIN32_LEAN_AND_MEAN
+#include <Windows.h>
+#include <Wincrypt.h>
+#include <Winsock2.h>
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#include <pthread.h>
+#endif
"""
TYPES = """
-static const long Cryptography_STATIC_CALLBACKS;
-
-/* crypto.h
- * CRYPTO_set_locking_callback
- * void (*cb)(int mode, int type, const char *file, int line)
- */
-extern "Python" void Cryptography_locking_cb(int, int, const char *, int);
-
-/* pem.h
- * int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
- */
-extern "Python" int Cryptography_pem_password_cb(char *, int, int, void *);
-
-/* rand.h
- * int (*bytes)(unsigned char *buf, int num);
- * int (*status)(void);
- */
-extern "Python" int Cryptography_rand_bytes(unsigned char *, int);
-extern "Python" int Cryptography_rand_status(void);
+typedef struct {
+ char *password;
+ int length;
+ int called;
+ int error;
+ int maxsize;
+} CRYPTOGRAPHY_PASSWORD_DATA;
"""
FUNCTIONS = """
-int _setup_ssl_threads(void);
-"""
-
-MACROS = """
+int Cryptography_setup_ssl_threads(void);
+int Cryptography_pem_password_cb(char *, int, int, void *);
"""
CUSTOMIZATIONS = """
-static const long Cryptography_STATIC_CALLBACKS = 1;
-"""
-
-if cffi.__version_info__ < (1, 4, 0) or sys.version_info >= (3, 5):
- # backwards compatibility for old cffi version on PyPy
- # and Python >=3.5 (https://github.com/pyca/cryptography/issues/2970)
- TYPES = "static const long Cryptography_STATIC_CALLBACKS;"
- CUSTOMIZATIONS = """static const long Cryptography_STATIC_CALLBACKS = 0;
-"""
-
-CUSTOMIZATIONS += """
/* This code is derived from the locking code found in the Python _ssl module's
locking callback for OpenSSL.
Copyright 2001-2016 Python Software Foundation; All Rights Reserved.
+
+ It has been subsequently modified to use cross platform locking without
+ using CPython APIs by Armin Rigo of the PyPy project.
*/
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
#ifdef _WIN32
-#ifdef _MSC_VER
-#ifdef inline
-#undef inline
-#endif
-#define inline __inline
-#endif
-#include <Windows.h>
-typedef CRITICAL_SECTION mutex1_t;
-static inline void mutex1_init(mutex1_t *mutex) {
+typedef CRITICAL_SECTION Cryptography_mutex;
+static __inline void cryptography_mutex_init(Cryptography_mutex *mutex) {
InitializeCriticalSection(mutex);
}
-static inline void mutex1_lock(mutex1_t *mutex) {
+static __inline void cryptography_mutex_lock(Cryptography_mutex *mutex) {
EnterCriticalSection(mutex);
}
-static inline void mutex1_unlock(mutex1_t *mutex) {
+static __inline void cryptography_mutex_unlock(Cryptography_mutex *mutex) {
LeaveCriticalSection(mutex);
}
#else
-#include <stdio.h>
-#include <stdlib.h>
-#include <pthread.h>
-typedef pthread_mutex_t mutex1_t;
-#define ASSERT_STATUS(call) \
- if (call != 0) { \
- perror("Fatal error in _cffi_ssl: " #call); \
- abort(); \
+typedef pthread_mutex_t Cryptography_mutex;
+#define ASSERT_STATUS(call) \
+ if ((call) != 0) { \
+ perror("Fatal error in callback initialization: " #call); \
+ abort(); \
}
-static inline void mutex1_init(mutex1_t *mutex) {
+static inline void cryptography_mutex_init(Cryptography_mutex *mutex) {
#if !defined(pthread_mutexattr_default)
# define pthread_mutexattr_default ((pthread_mutexattr_t *)NULL)
#endif
ASSERT_STATUS(pthread_mutex_init(mutex, pthread_mutexattr_default));
}
-static inline void mutex1_lock(mutex1_t *mutex) {
+static inline void cryptography_mutex_lock(Cryptography_mutex *mutex) {
ASSERT_STATUS(pthread_mutex_lock(mutex));
}
-static inline void mutex1_unlock(mutex1_t *mutex) {
+static inline void cryptography_mutex_unlock(Cryptography_mutex *mutex) {
ASSERT_STATUS(pthread_mutex_unlock(mutex));
}
#endif
+
static unsigned int _ssl_locks_count = 0;
-static mutex1_t *_ssl_locks = NULL;
+static Cryptography_mutex *_ssl_locks = NULL;
static void _ssl_thread_locking_function(int mode, int n, const char *file,
int line) {
@@ -129,24 +106,24 @@
}
if (mode & CRYPTO_LOCK) {
- mutex1_lock(_ssl_locks + n);
+ cryptography_mutex_lock(_ssl_locks + n);
} else {
- mutex1_unlock(_ssl_locks + n);
+ cryptography_mutex_unlock(_ssl_locks + n);
}
}
-static void init_mutexes(void)
-{
+static void init_mutexes(void) {
int i;
- for (i = 0; i < _ssl_locks_count; i++) {
- mutex1_init(_ssl_locks + i);
+ for (i = 0; i < _ssl_locks_count; i++) {
+ cryptography_mutex_init(_ssl_locks + i);
}
}
-int _setup_ssl_threads(void) {
+
+int Cryptography_setup_ssl_threads(void) {
if (_ssl_locks == NULL) {
_ssl_locks_count = CRYPTO_num_locks();
- _ssl_locks = malloc(sizeof(mutex1_t) * _ssl_locks_count);
+ _ssl_locks = calloc(_ssl_locks_count, sizeof(Cryptography_mutex));
if (_ssl_locks == NULL) {
return 0;
}
@@ -158,4 +135,34 @@
}
return 1;
}
+#else
+int (*Cryptography_setup_ssl_threads)(void) = NULL;
+#endif
+
+typedef struct {
+ char *password;
+ int length;
+ int called;
+ int error;
+ int maxsize;
+} CRYPTOGRAPHY_PASSWORD_DATA;
+
+int Cryptography_pem_password_cb(char *buf, int size,
+ int rwflag, void *userdata) {
+ /* The password cb is only invoked if OpenSSL decides the private
+ key is encrypted. So this path only occurs if it needs a password */
+ CRYPTOGRAPHY_PASSWORD_DATA *st = (CRYPTOGRAPHY_PASSWORD_DATA *)userdata;
+ st->called += 1;
+ st->maxsize = size;
+ if (st->length == 0) {
+ st->error = -1;
+ return 0;
+ } else if (st->length < size) {
+ memcpy(buf, st->password, st->length);
+ return st->length;
+ } else {
+ st->error = -2;
+ return 0;
+ }
+}
"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cmac.py
@@ -5,20 +5,16 @@
from __future__ import absolute_import, division, print_function
INCLUDES = """
-#if !defined(OPENSSL_NO_CMAC) && CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
+#if !defined(OPENSSL_NO_CMAC)
#include <openssl/cmac.h>
#endif
"""
TYPES = """
-static const int Cryptography_HAS_CMAC;
typedef ... CMAC_CTX;
"""
FUNCTIONS = """
-"""
-
-MACROS = """
CMAC_CTX *CMAC_CTX_new(void);
int CMAC_Init(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *, ENGINE *);
int CMAC_Update(CMAC_CTX *, const void *, size_t);
@@ -28,17 +24,4 @@
"""
CUSTOMIZATIONS = """
-#if !defined(OPENSSL_NO_CMAC) && CRYPTOGRAPHY_OPENSSL_101_OR_GREATER
-static const long Cryptography_HAS_CMAC = 1;
-#else
-static const long Cryptography_HAS_CMAC = 0;
-typedef void CMAC_CTX;
-CMAC_CTX *(*CMAC_CTX_new)(void) = NULL;
-int (*CMAC_Init)(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *,
- ENGINE *) = NULL;
-int (*CMAC_Update)(CMAC_CTX *, const void *, size_t) = NULL;
-int (*CMAC_Final)(CMAC_CTX *, unsigned char *, size_t *) = NULL;
-int (*CMAC_CTX_copy)(CMAC_CTX *, const CMAC_CTX *) = NULL;
-void (*CMAC_CTX_free)(CMAC_CTX *) = NULL;
-#endif
"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cms.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/cms.py
deleted file mode 100644
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/cms.py
+++ /dev/null
@@ -1,116 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import absolute_import, division, print_function
-
-INCLUDES = """
_______________________________________________
pypy-commit mailing list
pypy-commit@python.org
https://mail.python.org/mailman/listinfo/pypy-commit
