Author: Matti Picus <matti.pi...@gmail.com>
Branch:
Changeset: r96665:50956a7107b8
Date: 2019-05-24 07:42 +0300
http://bitbucket.org/pypy/pypy/changeset/50956a7107b8/
Log: merge cffi-libs, which moves _ssl and _hashlib to cffi-based
implementations
diff too long, truncating to 2000 out of 11657 lines
diff --git a/lib-python/2.7/test/test_ftplib.py
b/lib-python/2.7/test/test_ftplib.py
--- a/lib-python/2.7/test/test_ftplib.py
+++ b/lib-python/2.7/test/test_ftplib.py
@@ -234,11 +234,17 @@
def run(self):
self.active = True
self.__flag.set()
- while self.active and asyncore.socket_map:
- self.active_lock.acquire()
- asyncore.loop(timeout=0.1, count=1)
- self.active_lock.release()
- asyncore.close_all(ignore_all=True)
+ try:
+ while self.active and asyncore.socket_map:
+ self.active_lock.acquire()
+ try:
+ asyncore.loop(timeout=0.1, count=1)
+ except:
+ self.active_lock.release()
+ raise
+ self.active_lock.release()
+ finally:
+ asyncore.close_all(ignore_all=True)
def stop(self):
assert self.active
diff --git a/lib_pypy/_cffi_ssl/LICENSE b/lib_pypy/_cffi_ssl/LICENSE
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/LICENSE
@@ -0,0 +1,26 @@
+
+Except when otherwise stated (look for LICENSE files in directories or
+information at the beginning of each file) all software and
+documentation is licensed as follows:
+
+ The MIT License
+
+ Permission is hereby granted, free of charge, to any person
+ obtaining a copy of this software and associated documentation
+ files (the "Software"), to deal in the Software without
+ restriction, including without limitation the rights to use,
+ copy, modify, merge, publish, distribute, sublicense, and/or
+ sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ DEALINGS IN THE SOFTWARE.
+
diff --git a/lib_pypy/_cffi_ssl/README.md b/lib_pypy/_cffi_ssl/README.md
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/README.md
@@ -0,0 +1,35 @@
+# PyPy's SSL module
+
+All of the CFFI code is copied from cryptography, wich patches contributed
+back to cryptography. PyPy vendors it's own copy of the cffi backend thus
+it renames the compiled shared object to _pypy_openssl.so (which means
+that cryptography can ship their own cffi backend)
+
+NOTE: currently, we have the following changes:
+
+* ``_cffi_src/openssl/callbacks.py`` to not rely on the CPython C API
+ (this change is now backported)
+
+* ``_cffi_src/utils.py`` for issue #2575 (29c9a89359e4)
+
+* ``_cffi_src/openssl/x509_vfy.py`` for issue #2605 (ca4d0c90f5a1)
+
+* ``_cffi_src/openssl/pypy_win32_extra.py`` for Win32-only functionality like
ssl.enum_certificates()
+
+
+# Tests?
+
+Currently this module is tested using CPython's standard library test suite.
+
+# Install it into PyPy's source tree
+
+Copy over all the sources into the folder `lib_pypy/_cffi_ssl/*`. Updating the
cffi backend can be simply done by the following command::
+
+ $ cp -r <cloned cryptography folder>/src/_cffi_src/* .
+
+NOTE: you need to keep our version of ``_cffi_src/openssl/callbacks.py``
+for now!
+
+# Crpytography version
+
+Copied over release version `1.7.2`
diff --git a/lib_pypy/_cffi_ssl/__init__.py b/lib_pypy/_cffi_ssl/__init__.py
new file mode 100644
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/__init__.py
b/lib_pypy/_cffi_ssl/_cffi_src/__init__.py
new file mode 100644
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_commoncrypto.py
b/lib_pypy/_cffi_ssl/_cffi_src/build_commoncrypto.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/build_commoncrypto.py
@@ -0,0 +1,33 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+from _cffi_src.utils import build_ffi_for_binding
+
+
+ffi = build_ffi_for_binding(
+ module_name="_commoncrypto",
+ module_prefix="_cffi_src.commoncrypto.",
+ modules=[
+ "cf",
+ "common_digest",
+ "common_hmac",
+ "common_key_derivation",
+ "common_cryptor",
+ "common_symmetric_key_wrap",
+ "seccertificate",
+ "secimport",
+ "secitem",
+ "seckey",
+ "seckeychain",
+ "secpolicy",
+ "sectransform",
+ "sectrust",
+ "secure_transport",
+ ],
+ extra_link_args=[
+ "-framework", "Security", "-framework", "CoreFoundation"
+ ],
+)
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_constant_time.py
b/lib_pypy/_cffi_ssl/_cffi_src/build_constant_time.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/build_constant_time.py
@@ -0,0 +1,27 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+from _cffi_src.utils import build_ffi, compiler_type, extra_link_args
+
+
+with open(os.path.join(
+ os.path.dirname(__file__), "hazmat_src/constant_time.h"
+)) as f:
+ types = f.read()
+
+with open(os.path.join(
+ os.path.dirname(__file__), "hazmat_src/constant_time.c"
+)) as f:
+ functions = f.read()
+
+ffi = build_ffi(
+ module_name="_constant_time",
+ cdef_source=types,
+ verify_source=functions,
+ extra_link_args=extra_link_args(compiler_type()),
+)
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/build_openssl.py
@@ -0,0 +1,86 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+import sys
+
+from _cffi_src.utils import (
+ build_ffi_for_binding, compiler_type, extra_link_args
+)
+
+
+def _get_openssl_libraries(platform):
+ # OpenSSL goes by a different library name on different operating systems.
+ if platform == "darwin":
+ return _osx_libraries(
+ os.environ.get("CRYPTOGRAPHY_OSX_NO_LINK_FLAGS")
+ )
+ elif platform == "win32":
+ if compiler_type() == "msvc":
+ libs = ["libeay32", "ssleay32"]
+ else:
+ libs = ["ssl", "crypto"]
+ return libs + ["advapi32", "crypt32", "gdi32", "user32", "ws2_32"]
+ else:
+ # In some circumstances, the order in which these libs are
+ # specified on the linker command-line is significant;
+ # libssl must come before libcrypto
+ # (http://marc.info/?l=openssl-users&m=135361825921871)
+ return ["ssl", "crypto"]
+
+
+def _osx_libraries(build_static):
+ # For building statically we don't want to pass the -lssl or -lcrypto flags
+ if build_static == "1":
+ return []
+ else:
+ return ["ssl", "crypto"]
+
+
+ffi = build_ffi_for_binding(
+ module_name="_openssl",
+ module_prefix="_cffi_src.openssl.",
+ modules=[
+ # This goes first so we can define some cryptography-wide symbols.
+ "cryptography",
+
+ "aes",
+ "asn1",
+ "bignum",
+ "bio",
+ "cmac",
+ "cms",
+ "conf",
+ "crypto",
+ "dh",
+ "dsa",
+ "ec",
+ "ecdh",
+ "ecdsa",
+ "engine",
+ "err",
+ "evp",
+ "hmac",
+ "nid",
+ "objects",
+ "ocsp",
+ "opensslv",
+ "osrandom_engine",
+ "pem",
+ "pkcs12",
+ "rand",
+ "rsa",
+ "ssl",
+ "x509",
+ "x509name",
+ "x509v3",
+ "x509_vfy",
+ "pkcs7",
+ "callbacks",
+ ],
+ libraries=_get_openssl_libraries(sys.platform),
+ extra_link_args=extra_link_args(compiler_type()),
+)
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/build_padding.py
b/lib_pypy/_cffi_ssl/_cffi_src/build_padding.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/build_padding.py
@@ -0,0 +1,27 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import os
+
+from _cffi_src.utils import build_ffi, compiler_type, extra_link_args
+
+
+with open(os.path.join(
+ os.path.dirname(__file__), "hazmat_src/padding.h"
+)) as f:
+ types = f.read()
+
+with open(os.path.join(
+ os.path.dirname(__file__), "hazmat_src/padding.c"
+)) as f:
+ functions = f.read()
+
+ffi = build_ffi(
+ module_name="_padding",
+ cdef_source=types,
+ verify_source=functions,
+ extra_link_args=extra_link_args(compiler_type()),
+)
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/__init__.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/__init__.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/__init__.py
@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/cf.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/cf.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/cf.py
@@ -0,0 +1,113 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <CoreFoundation/CoreFoundation.h>
+"""
+
+TYPES = """
+typedef bool Boolean;
+typedef signed long OSStatus;
+typedef unsigned char UInt8;
+typedef uint32_t UInt32;
+
+typedef const void * CFAllocatorRef;
+const CFAllocatorRef kCFAllocatorDefault;
+typedef ... *CFDataRef;
+typedef signed long long CFIndex;
+typedef ... *CFStringRef;
+typedef ... *CFArrayRef;
+typedef ... *CFMutableArrayRef;
+typedef ... *CFBooleanRef;
+typedef ... *CFErrorRef;
+typedef ... *CFNumberRef;
+typedef ... *CFTypeRef;
+typedef ... *CFDictionaryRef;
+typedef ... *CFMutableDictionaryRef;
+typedef struct {
+ ...;
+} CFDictionaryKeyCallBacks;
+typedef struct {
+ ...;
+} CFDictionaryValueCallBacks;
+typedef struct {
+ ...;
+} CFRange;
+typedef struct {
+ ...;
+} CFArrayCallBacks;
+
+typedef UInt32 CFStringEncoding;
+enum {
+ kCFStringEncodingASCII = 0x0600
+};
+
+enum {
+ kCFNumberSInt8Type = 1,
+ kCFNumberSInt16Type = 2,
+ kCFNumberSInt32Type = 3,
+ kCFNumberSInt64Type = 4,
+ kCFNumberFloat32Type = 5,
+ kCFNumberFloat64Type = 6,
+ kCFNumberCharType = 7,
+ kCFNumberShortType = 8,
+ kCFNumberIntType = 9,
+ kCFNumberLongType = 10,
+ kCFNumberLongLongType = 11,
+ kCFNumberFloatType = 12,
+ kCFNumberDoubleType = 13,
+ kCFNumberCFIndexType = 14,
+ kCFNumberNSIntegerType = 15,
+ kCFNumberCGFloatType = 16,
+ kCFNumberMaxType = 16
+};
+typedef int CFNumberType;
+
+const CFDictionaryKeyCallBacks kCFTypeDictionaryKeyCallBacks;
+const CFDictionaryValueCallBacks kCFTypeDictionaryValueCallBacks;
+
+const CFArrayCallBacks kCFTypeArrayCallBacks;
+
+const CFBooleanRef kCFBooleanTrue;
+const CFBooleanRef kCFBooleanFalse;
+"""
+
+FUNCTIONS = """
+CFDataRef CFDataCreate(CFAllocatorRef, const UInt8 *, CFIndex);
+CFStringRef CFStringCreateWithCString(CFAllocatorRef, const char *,
+ CFStringEncoding);
+CFDictionaryRef CFDictionaryCreate(CFAllocatorRef, const void **,
+ const void **, CFIndex,
+ const CFDictionaryKeyCallBacks *,
+ const CFDictionaryValueCallBacks *);
+CFMutableDictionaryRef CFDictionaryCreateMutable(
+ CFAllocatorRef,
+ CFIndex,
+ const CFDictionaryKeyCallBacks *,
+ const CFDictionaryValueCallBacks *
+);
+void CFDictionarySetValue(CFMutableDictionaryRef, const void *, const void *);
+CFIndex CFArrayGetCount(CFArrayRef);
+const void *CFArrayGetValueAtIndex(CFArrayRef, CFIndex);
+CFIndex CFDataGetLength(CFDataRef);
+void CFDataGetBytes(CFDataRef, CFRange, UInt8 *);
+CFRange CFRangeMake(CFIndex, CFIndex);
+void CFShow(CFTypeRef);
+Boolean CFBooleanGetValue(CFBooleanRef);
+CFNumberRef CFNumberCreate(CFAllocatorRef, CFNumberType, const void *);
+void CFRelease(CFTypeRef);
+CFTypeRef CFRetain(CFTypeRef);
+
+CFMutableArrayRef CFArrayCreateMutable(CFAllocatorRef, CFIndex,
+ const CFArrayCallBacks *);
+void CFArrayAppendValue(CFMutableArrayRef, const void *);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_cryptor.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_cryptor.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_cryptor.py
@@ -0,0 +1,99 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <CommonCrypto/CommonCryptor.h>
+"""
+
+TYPES = """
+enum {
+ kCCAlgorithmAES128 = 0,
+ kCCAlgorithmDES,
+ kCCAlgorithm3DES,
+ kCCAlgorithmCAST,
+ kCCAlgorithmRC4,
+ kCCAlgorithmRC2,
+ kCCAlgorithmBlowfish
+};
+typedef uint32_t CCAlgorithm;
+enum {
+ kCCSuccess = 0,
+ kCCParamError = -4300,
+ kCCBufferTooSmall = -4301,
+ kCCMemoryFailure = -4302,
+ kCCAlignmentError = -4303,
+ kCCDecodeError = -4304,
+ kCCUnimplemented = -4305
+};
+typedef int32_t CCCryptorStatus;
+typedef uint32_t CCOptions;
+enum {
+ kCCEncrypt = 0,
+ kCCDecrypt,
+};
+typedef uint32_t CCOperation;
+typedef ... *CCCryptorRef;
+
+enum {
+ kCCModeOptionCTR_LE = 0x0001,
+ kCCModeOptionCTR_BE = 0x0002
+};
+
+typedef uint32_t CCModeOptions;
+
+enum {
+ kCCModeECB = 1,
+ kCCModeCBC = 2,
+ kCCModeCFB = 3,
+ kCCModeCTR = 4,
+ kCCModeF8 = 5,
+ kCCModeLRW = 6,
+ kCCModeOFB = 7,
+ kCCModeXTS = 8,
+ kCCModeRC4 = 9,
+ kCCModeCFB8 = 10,
+ kCCModeGCM = 11
+};
+typedef uint32_t CCMode;
+enum {
+ ccNoPadding = 0,
+ ccPKCS7Padding = 1,
+};
+typedef uint32_t CCPadding;
+"""
+
+FUNCTIONS = """
+CCCryptorStatus CCCryptorCreateWithMode(CCOperation, CCMode, CCAlgorithm,
+ CCPadding, const void *, const void *,
+ size_t, const void *, size_t, int,
+ CCModeOptions, CCCryptorRef *);
+CCCryptorStatus CCCryptorCreate(CCOperation, CCAlgorithm, CCOptions,
+ const void *, size_t, const void *,
+ CCCryptorRef *);
+CCCryptorStatus CCCryptorUpdate(CCCryptorRef, const void *, size_t, void *,
+ size_t, size_t *);
+CCCryptorStatus CCCryptorFinal(CCCryptorRef, void *, size_t, size_t *);
+CCCryptorStatus CCCryptorRelease(CCCryptorRef);
+
+CCCryptorStatus CCCryptorGCMAddIV(CCCryptorRef, const void *, size_t);
+CCCryptorStatus CCCryptorGCMAddAAD(CCCryptorRef, const void *, size_t);
+CCCryptorStatus CCCryptorGCMEncrypt(CCCryptorRef, const void *, size_t,
+ void *);
+CCCryptorStatus CCCryptorGCMDecrypt(CCCryptorRef, const void *, size_t,
+ void *);
+CCCryptorStatus CCCryptorGCMFinal(CCCryptorRef, const void *, size_t *);
+CCCryptorStatus CCCryptorGCMReset(CCCryptorRef);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+/* Not defined in the public header */
+enum {
+ kCCModeGCM = 11
+};
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_digest.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_digest.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_digest.py
@@ -0,0 +1,58 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <CommonCrypto/CommonDigest.h>
+"""
+
+TYPES = """
+typedef uint32_t CC_LONG;
+typedef uint64_t CC_LONG64;
+typedef struct CC_MD5state_st {
+ ...;
+} CC_MD5_CTX;
+typedef struct CC_SHA1state_st {
+ ...;
+} CC_SHA1_CTX;
+typedef struct CC_SHA256state_st {
+ ...;
+} CC_SHA256_CTX;
+typedef struct CC_SHA512state_st {
+ ...;
+} CC_SHA512_CTX;
+"""
+
+FUNCTIONS = """
+int CC_MD5_Init(CC_MD5_CTX *);
+int CC_MD5_Update(CC_MD5_CTX *, const void *, CC_LONG);
+int CC_MD5_Final(unsigned char *, CC_MD5_CTX *);
+
+int CC_SHA1_Init(CC_SHA1_CTX *);
+int CC_SHA1_Update(CC_SHA1_CTX *, const void *, CC_LONG);
+int CC_SHA1_Final(unsigned char *, CC_SHA1_CTX *);
+
+int CC_SHA224_Init(CC_SHA256_CTX *);
+int CC_SHA224_Update(CC_SHA256_CTX *, const void *, CC_LONG);
+int CC_SHA224_Final(unsigned char *, CC_SHA256_CTX *);
+
+int CC_SHA256_Init(CC_SHA256_CTX *);
+int CC_SHA256_Update(CC_SHA256_CTX *, const void *, CC_LONG);
+int CC_SHA256_Final(unsigned char *, CC_SHA256_CTX *);
+
+int CC_SHA384_Init(CC_SHA512_CTX *);
+int CC_SHA384_Update(CC_SHA512_CTX *, const void *, CC_LONG);
+int CC_SHA384_Final(unsigned char *, CC_SHA512_CTX *);
+
+int CC_SHA512_Init(CC_SHA512_CTX *);
+int CC_SHA512_Update(CC_SHA512_CTX *, const void *, CC_LONG);
+int CC_SHA512_Final(unsigned char *, CC_SHA512_CTX *);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_hmac.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_hmac.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_hmac.py
@@ -0,0 +1,37 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <CommonCrypto/CommonHMAC.h>
+"""
+
+TYPES = """
+typedef struct {
+ ...;
+} CCHmacContext;
+enum {
+ kCCHmacAlgSHA1,
+ kCCHmacAlgMD5,
+ kCCHmacAlgSHA256,
+ kCCHmacAlgSHA384,
+ kCCHmacAlgSHA512,
+ kCCHmacAlgSHA224
+};
+typedef uint32_t CCHmacAlgorithm;
+"""
+
+FUNCTIONS = """
+void CCHmacInit(CCHmacContext *, CCHmacAlgorithm, const void *, size_t);
+void CCHmacUpdate(CCHmacContext *, const void *, size_t);
+void CCHmacFinal(CCHmacContext *, void *);
+
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_key_derivation.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_key_derivation.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_key_derivation.py
@@ -0,0 +1,39 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <CommonCrypto/CommonKeyDerivation.h>
+"""
+
+TYPES = """
+enum {
+ kCCPBKDF2 = 2,
+};
+typedef uint32_t CCPBKDFAlgorithm;
+enum {
+ kCCPRFHmacAlgSHA1 = 1,
+ kCCPRFHmacAlgSHA224 = 2,
+ kCCPRFHmacAlgSHA256 = 3,
+ kCCPRFHmacAlgSHA384 = 4,
+ kCCPRFHmacAlgSHA512 = 5,
+};
+typedef uint32_t CCPseudoRandomAlgorithm;
+typedef unsigned int uint;
+"""
+
+FUNCTIONS = """
+int CCKeyDerivationPBKDF(CCPBKDFAlgorithm, const char *, size_t,
+ const uint8_t *, size_t, CCPseudoRandomAlgorithm,
+ uint, uint8_t *, size_t);
+uint CCCalibratePBKDF(CCPBKDFAlgorithm, size_t, size_t,
+ CCPseudoRandomAlgorithm, size_t, uint32_t);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git
a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/common_symmetric_key_wrap.py
@@ -0,0 +1,35 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <CommonCrypto/CommonSymmetricKeywrap.h>
+"""
+
+TYPES = """
+enum {
+ kCCWRAPAES = 1,
+};
+
+typedef uint32_t CCWrappingAlgorithm;
+"""
+
+FUNCTIONS = """
+int CCSymmetricKeyWrap(CCWrappingAlgorithm, const uint8_t *, const size_t,
+ const uint8_t *, size_t, const uint8_t *, size_t,
+ uint8_t *, size_t *);
+int CCSymmetricKeyUnwrap(CCWrappingAlgorithm algorithm, const uint8_t *,
+ const size_t, const uint8_t *, size_t,
+ const uint8_t *, size_t, uint8_t *, size_t *);
+size_t CCSymmetricWrappedSize(CCWrappingAlgorithm, size_t);
+size_t CCSymmetricUnwrappedSize(CCWrappingAlgorithm, size_t);
+
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seccertificate.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seccertificate.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seccertificate.py
@@ -0,0 +1,23 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecCertificate.h>
+"""
+
+TYPES = """
+typedef ... *SecCertificateRef;
+"""
+
+FUNCTIONS = """
+SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef, CFDataRef);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secimport.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secimport.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secimport.py
@@ -0,0 +1,86 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecImportExport.h>
+"""
+
+TYPES = """
+typedef ... *SecAccessRef;
+
+CFStringRef kSecImportExportPassphrase;
+CFStringRef kSecImportExportKeychain;
+CFStringRef kSecImportExportAccess;
+
+typedef uint32_t SecExternalItemType;
+enum {
+ kSecItemTypeUnknown,
+ kSecItemTypePrivateKey,
+ kSecItemTypePublicKey,
+ kSecItemTypeSessionKey,
+ kSecItemTypeCertificate,
+ kSecItemTypeAggregate
+};
+
+
+typedef uint32_t SecExternalFormat;
+enum {
+ kSecFormatUnknown = 0,
+ kSecFormatOpenSSL,
+ kSecFormatSSH,
+ kSecFormatBSAFE,
+ kSecFormatRawKey,
+ kSecFormatWrappedPKCS8,
+ kSecFormatWrappedOpenSSL,
+ kSecFormatWrappedSSH,
+ kSecFormatWrappedLSH,
+ kSecFormatX509Cert,
+ kSecFormatPEMSequence,
+ kSecFormatPKCS7,
+ kSecFormatPKCS12,
+ kSecFormatNetscapeCertSequence,
+ kSecFormatSSHv2
+};
+
+typedef uint32_t SecItemImportExportFlags;
+enum {
+ kSecKeyImportOnlyOne = 0x00000001,
+ kSecKeySecurePassphrase = 0x00000002,
+ kSecKeyNoAccessControl = 0x00000004
+};
+typedef uint32_t SecKeyImportExportFlags;
+
+typedef struct {
+ /* for import and export */
+ uint32_t version;
+ SecKeyImportExportFlags flags;
+ CFTypeRef passphrase;
+ CFStringRef alertTitle;
+ CFStringRef alertPrompt;
+
+ /* for import only */
+ SecAccessRef accessRef;
+ CFArrayRef keyUsage;
+
+ CFArrayRef keyAttributes;
+} SecItemImportExportKeyParameters;
+"""
+
+FUNCTIONS = """
+OSStatus SecItemImport(CFDataRef, CFStringRef, SecExternalFormat *,
+ SecExternalItemType *, SecItemImportExportFlags,
+ const SecItemImportExportKeyParameters *,
+ SecKeychainRef, CFArrayRef *);
+OSStatus SecPKCS12Import(CFDataRef, CFDictionaryRef, CFArrayRef *);
+OSStatus SecItemExport(CFTypeRef, SecExternalFormat, SecItemImportExportFlags,
+ const SecItemImportExportKeyParameters *, CFDataRef *);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secitem.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secitem.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secitem.py
@@ -0,0 +1,27 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecItem.h>
+"""
+
+TYPES = """
+const CFTypeRef kSecAttrKeyType;
+const CFTypeRef kSecAttrKeySizeInBits;
+const CFTypeRef kSecAttrIsPermanent;
+const CFTypeRef kSecAttrKeyTypeRSA;
+const CFTypeRef kSecAttrKeyTypeDSA;
+const CFTypeRef kSecUseKeychain;
+"""
+
+FUNCTIONS = """
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckey.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckey.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckey.py
@@ -0,0 +1,24 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecKey.h>
+"""
+
+TYPES = """
+typedef ... *SecKeyRef;
+"""
+
+FUNCTIONS = """
+OSStatus SecKeyGeneratePair(CFDictionaryRef, SecKeyRef *, SecKeyRef *);
+size_t SecKeyGetBlockSize(SecKeyRef);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckeychain.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckeychain.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/seckeychain.py
@@ -0,0 +1,25 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecKeychain.h>
+"""
+
+TYPES = """
+typedef ... *SecKeychainRef;
+"""
+
+FUNCTIONS = """
+OSStatus SecKeychainCreate(const char *, UInt32, const void *, Boolean,
+ SecAccessRef, SecKeychainRef *);
+OSStatus SecKeychainDelete(SecKeychainRef);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secpolicy.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secpolicy.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secpolicy.py
@@ -0,0 +1,23 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecPolicy.h>
+"""
+
+TYPES = """
+typedef ... *SecPolicyRef;
+"""
+
+FUNCTIONS = """
+SecPolicyRef SecPolicyCreateSSL(Boolean, CFStringRef);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectransform.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectransform.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectransform.py
@@ -0,0 +1,68 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecDigestTransform.h>
+#include <Security/SecSignVerifyTransform.h>
+#include <Security/SecEncryptTransform.h>
+"""
+
+TYPES = """
+typedef ... *SecTransformRef;
+
+CFStringRef kSecImportExportPassphrase;
+CFStringRef kSecImportExportKeychain;
+CFStringRef kSecImportExportAccess;
+
+CFStringRef kSecEncryptionMode;
+CFStringRef kSecEncryptKey;
+CFStringRef kSecIVKey;
+CFStringRef kSecModeCBCKey;
+CFStringRef kSecModeCFBKey;
+CFStringRef kSecModeECBKey;
+CFStringRef kSecModeNoneKey;
+CFStringRef kSecModeOFBKey;
+CFStringRef kSecOAEPEncodingParametersAttributeName;
+CFStringRef kSecPaddingKey;
+CFStringRef kSecPaddingNoneKey;
+CFStringRef kSecPaddingOAEPKey;
+CFStringRef kSecPaddingPKCS1Key;
+CFStringRef kSecPaddingPKCS5Key;
+CFStringRef kSecPaddingPKCS7Key;
+
+const CFStringRef kSecTransformInputAttributeName;
+const CFStringRef kSecTransformOutputAttributeName;
+const CFStringRef kSecTransformDebugAttributeName;
+const CFStringRef kSecTransformTransformName;
+const CFStringRef kSecTransformAbortAttributeName;
+
+CFStringRef kSecInputIsAttributeName;
+CFStringRef kSecInputIsPlainText;
+CFStringRef kSecInputIsDigest;
+CFStringRef kSecInputIsRaw;
+
+const CFStringRef kSecDigestTypeAttribute;
+const CFStringRef kSecDigestLengthAttribute;
+const CFStringRef kSecDigestMD5;
+const CFStringRef kSecDigestSHA1;
+const CFStringRef kSecDigestSHA2;
+"""
+
+FUNCTIONS = """
+Boolean SecTransformSetAttribute(SecTransformRef, CFStringRef, CFTypeRef,
+ CFErrorRef *);
+SecTransformRef SecDecryptTransformCreate(SecKeyRef, CFErrorRef *);
+SecTransformRef SecEncryptTransformCreate(SecKeyRef, CFErrorRef *);
+SecTransformRef SecVerifyTransformCreate(SecKeyRef, CFDataRef, CFErrorRef *);
+SecTransformRef SecSignTransformCreate(SecKeyRef, CFErrorRef *) ;
+CFTypeRef SecTransformExecute(SecTransformRef, CFErrorRef *);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectrust.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectrust.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/sectrust.py
@@ -0,0 +1,39 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecTrust.h>
+"""
+
+TYPES = """
+typedef ... *SecTrustRef;
+typedef uint32_t SecTrustResultType;
+
+enum {
+ kSecTrustResultInvalid,
+ kSecTrustResultProceed,
+ kSecTrustResultDeny,
+ kSecTrustResultUnspecified,
+ kSecTrustResultRecoverableTrustFailure,
+ kSecTrustResultFatalTrustFailure,
+ kSecTrustResultOtherError
+};
+"""
+
+FUNCTIONS = """
+OSStatus SecTrustEvaluate(SecTrustRef, SecTrustResultType *);
+OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *);
+"""
+
+MACROS = """
+/* The first argument changed from CFArrayRef to CFTypeRef in 10.8, so this
+ * has to go here for compatibility.
+ */
+OSStatus SecTrustCreateWithCertificates(CFTypeRef, CFTypeRef, SecTrustRef *);
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secure_transport.py
b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secure_transport.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/commoncrypto/secure_transport.py
@@ -0,0 +1,308 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <Security/SecureTransport.h>
+"""
+
+TYPES = """
+typedef ... *SSLContextRef;
+typedef const void *SSLConnectionRef;
+
+typedef enum {
+ kSSLSessionOptionBreakOnServerAuth,
+ kSSLSessionOptionBreakOnCertRequested,
+} SSLSessionOption;
+
+typedef enum {
+ kNeverAuthenticate,
+ kAlwaysAuthenticate,
+ kTryAuthenticate
+} SSLAuthenticate;
+
+typedef enum {
+ kSSLIdle,
+ kSSLHandshake,
+ kSSLConnected,
+ kSSLClosed,
+ kSSLAborted
+} SSLSessionState;
+
+typedef enum {
+ kSSLProtocolUnknown = 0,
+ kSSLProtocol3 = 2,
+ kTLSProtocol1 = 4,
+ /* DEPRECATED on iOS */
+ kSSLProtocol2 = 1,
+ kSSLProtocol3Only = 3,
+ kTLSProtocol1Only = 5,
+ kSSLProtocolAll = 6,
+} SSLProtocol;
+
+typedef UInt32 SSLCipherSuite;
+enum {
+ SSL_NULL_WITH_NULL_NULL = 0x0000,
+ SSL_RSA_WITH_NULL_MD5 = 0x0001,
+ SSL_RSA_WITH_NULL_SHA = 0x0002,
+ SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
+ SSL_RSA_WITH_RC4_128_MD5 = 0x0004,
+ SSL_RSA_WITH_RC4_128_SHA = 0x0005,
+ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
+ SSL_RSA_WITH_IDEA_CBC_SHA = 0x0007,
+ SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
+ SSL_RSA_WITH_DES_CBC_SHA = 0x0009,
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
+ SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
+ SSL_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
+ SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
+ SSL_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
+ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
+ SSL_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
+ SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
+ SSL_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
+ SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
+ SSL_DH_anon_WITH_RC4_128_MD5 = 0x0018,
+ SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
+ SSL_DH_anon_WITH_DES_CBC_SHA = 0x001A,
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
+ SSL_FORTEZZA_DMS_WITH_NULL_SHA = 0x001C,
+ SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA =0x001D,
+
+ /* TLS addenda using AES, per RFC 3268 */
+ TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
+ TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
+ TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
+ TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
+
+ /* ECDSA addenda, RFC 4492 */
+ TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
+ TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
+ TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
+ TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
+ TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
+ TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
+
+ /* TLS 1.2 addenda, RFC 5246 */
+ /* Initial state. */
+ TLS_NULL_WITH_NULL_NULL = 0x0000,
+
+ /* Server provided RSA certificate for key exchange. */
+ TLS_RSA_WITH_NULL_MD5 = 0x0001,
+ TLS_RSA_WITH_NULL_SHA = 0x0002,
+ TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
+ TLS_RSA_WITH_RC4_128_SHA = 0x0005,
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
+ TLS_RSA_WITH_NULL_SHA256 = 0x003B,
+ TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
+ TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
+
+ /* Server-authenticated (and optionally client-authenticated)
+ Diffie-Hellman. */
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
+
+ /* Completely anonymous Diffie-Hellman */
+ TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
+
+ /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
+ for TLS. */
+ TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
+ TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
+ TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
+ TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
+ TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
+ TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
+
+ /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
+ HMAC SHA-256/384. */
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
+
+ /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
+ SHA-256/384 and AES Galois Counter Mode (GCM) */
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
+
+ /* RFC 5746 - Secure Renegotiation */
+ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
+
+ /*
+ * Tags for SSL 2 cipher kinds that are not specified
+ * for SSL 3.
+ */
+ SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
+ SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
+ SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
+ SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
+ SSL_NO_SUCH_CIPHERSUITE = 0xFFFF
+};
+
+typedef enum {
+ kSSLClientCertNone,
+ kSSLClientCertRequested,
+ kSSLClientCertSent,
+ kSSLClientCertRejected
+} SSLClientCertificateState;
+
+enum {
+ errSSLProtocol = -9800,
+ errSSLNegotiation = -9801,
+ errSSLFatalAlert = -9802,
+ errSSLWouldBlock = -9803,
+ errSSLSessionNotFound = -9804,
+ errSSLClosedGraceful = -9805,
+ errSSLClosedAbort = -9806,
+ errSSLXCertChainInvalid = -9807,
+ errSSLBadCert = -9808,
+ errSSLCrypto = -9809,
+ errSSLInternal = -9810,
+ errSSLModuleAttach = -9811,
+ errSSLUnknownRootCert = -9812,
+ errSSLNoRootCert = -9813,
+ errSSLCertExpired = -9814,
+ errSSLCertNotYetValid = -9815,
+ errSSLClosedNoNotify = -9816,
+ errSSLBufferOverflow = -9817,
+ errSSLBadCipherSuite = -9818,
+ errSSLPeerUnexpectedMsg = -9819,
+ errSSLPeerBadRecordMac = -9820,
+ errSSLPeerDecryptionFail = -9821,
+ errSSLPeerRecordOverflow = -9822,
+ errSSLPeerDecompressFail = -9823,
+ errSSLPeerHandshakeFail = -9824,
+ errSSLPeerBadCert = -9825,
+ errSSLPeerUnsupportedCert = -9826,
+ errSSLPeerCertRevoked = -9827,
+ errSSLPeerCertExpired = -9828,
+ errSSLPeerCertUnknown = -9829,
+ errSSLIllegalParam = -9830,
+ errSSLPeerUnknownCA = -9831,
+ errSSLPeerAccessDenied = -9832,
+ errSSLPeerDecodeError = -9833,
+ errSSLPeerDecryptError = -9834,
+ errSSLPeerExportRestriction = -9835,
+ errSSLPeerProtocolVersion = -9836,
+ errSSLPeerInsufficientSecurity = -9837,
+ errSSLPeerInternalError = -9838,
+ errSSLPeerUserCancelled = -9839,
+ errSSLPeerNoRenegotiation = -9840,
+ errSSLServerAuthCompleted = -9841,
+ errSSLClientCertRequested = -9842,
+ errSSLHostNameMismatch = -9843,
+ errSSLConnectionRefused = -9844,
+ errSSLDecryptionFail = -9845,
+ errSSLBadRecordMac = -9846,
+ errSSLRecordOverflow = -9847,
+ errSSLBadConfiguration = -9848,
+ errSSLLast = -9849 /* end of range, to be deleted */
+};
+"""
+
+FUNCTIONS = """
+OSStatus SSLSetConnection(SSLContextRef, SSLConnectionRef);
+OSStatus SSLGetConnection(SSLContextRef, SSLConnectionRef *);
+OSStatus SSLSetSessionOption(SSLContextRef, SSLSessionOption, Boolean);
+OSStatus SSLSetClientSideAuthenticate(SSLContextRef, SSLAuthenticate);
+
+OSStatus SSLHandshake(SSLContextRef);
+OSStatus SSLGetSessionState(SSLContextRef, SSLSessionState *);
+OSStatus SSLGetNegotiatedProtocolVersion(SSLContextRef, SSLProtocol *);
+OSStatus SSLSetPeerID(SSLContextRef, const void *, size_t);
+OSStatus SSLGetPeerID(SSLContextRef, const void **, size_t *);
+OSStatus SSLGetBufferedReadSize(SSLContextRef, size_t *);
+OSStatus SSLRead(SSLContextRef, void *, size_t, size_t *);
+OSStatus SSLWrite(SSLContextRef, const void *, size_t, size_t *);
+OSStatus SSLClose(SSLContextRef);
+
+OSStatus SSLGetNumberSupportedCiphers(SSLContextRef, size_t *);
+OSStatus SSLGetSupportedCiphers(SSLContextRef, SSLCipherSuite *, size_t *);
+OSStatus SSLSetEnabledCiphers(SSLContextRef, const SSLCipherSuite *, size_t);
+OSStatus SSLGetNumberEnabledCiphers(SSLContextRef, size_t *);
+OSStatus SSLGetEnabledCiphers(SSLContextRef, SSLCipherSuite *, size_t *);
+OSStatus SSLGetNegotiatedCipher(SSLContextRef, SSLCipherSuite *);
+OSStatus SSLSetDiffieHellmanParams(SSLContextRef, const void *, size_t);
+OSStatus SSLGetDiffieHellmanParams(SSLContextRef, const void **, size_t *);
+
+OSStatus SSLSetCertificateAuthorities(SSLContextRef, CFTypeRef, Boolean);
+OSStatus SSLCopyCertificateAuthorities(SSLContextRef, CFArrayRef *);
+OSStatus SSLCopyDistinguishedNames(SSLContextRef, CFArrayRef *);
+OSStatus SSLSetCertificate(SSLContextRef, CFArrayRef);
+OSStatus SSLGetClientCertificateState(SSLContextRef,
+ SSLClientCertificateState *);
+OSStatus SSLCopyPeerTrust(SSLContextRef, SecTrustRef *trust);
+
+OSStatus SSLSetPeerDomainName(SSLContextRef, const char *, size_t);
+OSStatus SSLGetPeerDomainNameLength(SSLContextRef, size_t *);
+OSStatus SSLGetPeerDomainName(SSLContextRef, char *, size_t *);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/constant_time.c
b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/constant_time.c
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/constant_time.c
@@ -0,0 +1,22 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this
+// repository for complete details.
+
+uint8_t Cryptography_constant_time_bytes_eq(uint8_t *a, size_t len_a,
+ uint8_t *b, size_t len_b) {
+ size_t i = 0;
+ uint8_t mismatch = 0;
+ if (len_a != len_b) {
+ return 0;
+ }
+ for (i = 0; i < len_a; i++) {
+ mismatch |= a[i] ^ b[i];
+ }
+
+ /* Make sure any bits set are copied to the lowest bit */
+ mismatch |= mismatch >> 4;
+ mismatch |= mismatch >> 2;
+ mismatch |= mismatch >> 1;
+ /* Now check the low bit to see if it's set */
+ return (mismatch & 1) == 0;
+}
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/constant_time.h
b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/constant_time.h
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/constant_time.h
@@ -0,0 +1,6 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this
+// repository for complete details.
+
+uint8_t Cryptography_constant_time_bytes_eq(uint8_t *, size_t, uint8_t *,
+ size_t);
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/padding.c
b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/padding.c
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/padding.c
@@ -0,0 +1,65 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this
+// repository for complete details.
+
+/* Returns the value of the input with the most-significant-bit copied to all
+ of the bits. */
+static uint16_t Cryptography_DUPLICATE_MSB_TO_ALL(uint16_t a) {
+ return (1 - (a >> (sizeof(uint16_t) * 8 - 1))) - 1;
+}
+
+/* This returns 0xFFFF if a < b else 0x0000, but does so in a constant time
+ fashion */
+static uint16_t Cryptography_constant_time_lt(uint16_t a, uint16_t b) {
+ a -= b;
+ return Cryptography_DUPLICATE_MSB_TO_ALL(a);
+}
+
+uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data,
+ uint16_t block_len) {
+ uint16_t i;
+ uint16_t pad_size = data[block_len - 1];
+ uint16_t mismatch = 0;
+ for (i = 0; i < block_len; i++) {
+ unsigned int mask = Cryptography_constant_time_lt(i, pad_size);
+ uint16_t b = data[block_len - 1 - i];
+ mismatch |= (mask & (pad_size ^ b));
+ }
+
+ /* Check to make sure the pad_size was within the valid range. */
+ mismatch |= ~Cryptography_constant_time_lt(0, pad_size);
+ mismatch |= Cryptography_constant_time_lt(block_len, pad_size);
+
+ /* Make sure any bits set are copied to the lowest bit */
+ mismatch |= mismatch >> 8;
+ mismatch |= mismatch >> 4;
+ mismatch |= mismatch >> 2;
+ mismatch |= mismatch >> 1;
+ /* Now check the low bit to see if it's set */
+ return (mismatch & 1) == 0;
+}
+
+uint8_t Cryptography_check_ansix923_padding(const uint8_t *data,
+ uint16_t block_len) {
+ uint16_t i;
+ uint16_t pad_size = data[block_len - 1];
+ uint16_t mismatch = 0;
+ /* Skip the first one with the pad size */
+ for (i = 1; i < block_len; i++) {
+ unsigned int mask = Cryptography_constant_time_lt(i, pad_size);
+ uint16_t b = data[block_len - 1 - i];
+ mismatch |= (mask & b);
+ }
+
+ /* Check to make sure the pad_size was within the valid range. */
+ mismatch |= ~Cryptography_constant_time_lt(0, pad_size);
+ mismatch |= Cryptography_constant_time_lt(block_len, pad_size);
+
+ /* Make sure any bits set are copied to the lowest bit */
+ mismatch |= mismatch >> 8;
+ mismatch |= mismatch >> 4;
+ mismatch |= mismatch >> 2;
+ mismatch |= mismatch >> 1;
+ /* Now check the low bit to see if it's set */
+ return (mismatch & 1) == 0;
+}
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/padding.h
b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/padding.h
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/hazmat_src/padding.h
@@ -0,0 +1,6 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this
+// repository for complete details.
+
+uint8_t Cryptography_check_pkcs7_padding(const uint8_t *, uint8_t);
+uint8_t Cryptography_check_ansix923_padding(const uint8_t *, uint8_t);
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/__init__.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/__init__.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/__init__.py
@@ -0,0 +1,5 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/aes.py
@@ -0,0 +1,50 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <openssl/aes.h>
+"""
+
+TYPES = """
+static const int Cryptography_HAS_AES_WRAP;
+static const int Cryptography_HAS_AES_CTR128_ENCRYPT;
+
+struct aes_key_st {
+ ...;
+};
+typedef struct aes_key_st AES_KEY;
+"""
+
+FUNCTIONS = """
+int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *);
+int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *);
+
+int AES_wrap_key(AES_KEY *, const unsigned char *, unsigned char *,
+ const unsigned char *, unsigned int);
+int AES_unwrap_key(AES_KEY *, const unsigned char *, unsigned char *,
+ const unsigned char *, unsigned int);
+"""
+
+MACROS = """
+/* The ctr128_encrypt function is only useful in 1.0.0. We can use EVP for
+ this in 1.0.1+. */
+void AES_ctr128_encrypt(const unsigned char *, unsigned char *,
+ size_t, const AES_KEY *, unsigned char[],
+ unsigned char[], unsigned int *);
+"""
+
+CUSTOMIZATIONS = """
+static const long Cryptography_HAS_AES_WRAP = 1;
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER)
+static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 0;
+void (*AES_ctr128_encrypt)(const unsigned char *, unsigned char *,
+ size_t, const AES_KEY *,
+ unsigned char[], unsigned char[],
+ unsigned int *) = NULL;
+#else
+static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 1;
+#endif
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/asn1.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/asn1.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/asn1.py
@@ -0,0 +1,164 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <openssl/asn1.h>
+"""
+
+TYPES = """
+typedef int... time_t;
+
+typedef int ASN1_BOOLEAN;
+typedef ... ASN1_INTEGER;
+
+struct asn1_string_st {
+ int length;
+ int type;
+ unsigned char *data;
+ long flags;
+};
+
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_TIME;
+typedef ... ASN1_OBJECT;
+typedef struct asn1_string_st ASN1_STRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef ... ASN1_TYPE;
+typedef ... ASN1_GENERALIZEDTIME;
+typedef ... ASN1_ENUMERATED;
+typedef ... ASN1_ITEM;
+typedef ... ASN1_VALUE;
+
+typedef ... ASN1_ITEM_EXP;
+
+typedef ... ASN1_UTCTIME;
+
+static const int V_ASN1_GENERALIZEDTIME;
+
+static const int MBSTRING_FLAG;
+static const int MBSTRING_ASC;
+static const int MBSTRING_BMP;
+static const int MBSTRING_UTF8;
+static const int MBSTRING_UNIV;
+"""
+
+FUNCTIONS = """
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *);
+
+/* ASN1 OBJECT IDENTIFIER */
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **, const unsigned char **, long);
+
+/* ASN1 STRING */
+ASN1_STRING *ASN1_STRING_new(void);
+ASN1_STRING *ASN1_STRING_type_new(int);
+void ASN1_STRING_free(ASN1_STRING *);
+unsigned char *ASN1_STRING_data(ASN1_STRING *);
+int ASN1_STRING_set(ASN1_STRING *, const void *, int);
+
+/* ASN1 OCTET STRING */
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void);
+void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *, const unsigned char *, int);
+
+/* ASN1 IA5STRING */
+ASN1_IA5STRING *ASN1_IA5STRING_new(void);
+
+/* ASN1 INTEGER */
+ASN1_INTEGER *ASN1_INTEGER_new(void);
+void ASN1_INTEGER_free(ASN1_INTEGER *);
+int ASN1_INTEGER_set(ASN1_INTEGER *, long);
+
+/* ASN1 TIME */
+ASN1_TIME *ASN1_TIME_new(void);
+void ASN1_TIME_free(ASN1_TIME *);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *,
+ ASN1_GENERALIZEDTIME **);
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *, time_t);
+
+/* ASN1 UTCTIME */
+ASN1_UTCTIME *ASN1_UTCTIME_new(void);
+void ASN1_UTCTIME_free(ASN1_UTCTIME *);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *, time_t);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *, time_t);
+
+/* ASN1 GENERALIZEDTIME */
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *, const char *);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *, time_t);
+void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *);
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *, unsigned char **);
+
+/* ASN1 ENUMERATED */
+ASN1_ENUMERATED *ASN1_ENUMERATED_new(void);
+void ASN1_ENUMERATED_free(ASN1_ENUMERATED *);
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long);
+int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *, unsigned char **);
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long,
+ const ASN1_ITEM *);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *, int, int);
+"""
+
+MACROS = """
+/* These became const ASN1_* in 1.1.0 */
+int i2d_ASN1_OBJECT(ASN1_OBJECT *, unsigned char **);
+int ASN1_STRING_type(ASN1_STRING *);
+int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *);
+int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *);
+
+ASN1_UTF8STRING *ASN1_UTF8STRING_new(void);
+void ASN1_UTF8STRING_free(ASN1_UTF8STRING *);
+
+ASN1_BIT_STRING *ASN1_BIT_STRING_new(void);
+void ASN1_BIT_STRING_free(ASN1_BIT_STRING *);
+int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *, unsigned char **);
+int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *, unsigned char **);
+int i2d_ASN1_INTEGER(ASN1_INTEGER *, unsigned char **);
+/* This is not a macro, but is const on some versions of OpenSSL */
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *, int);
+ASN1_TIME *M_ASN1_TIME_dup(void *);
+const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
+
+/* These aren't macros these arguments are all const X on openssl > 1.0.x */
+
+int ASN1_TIME_print(BIO *, ASN1_TIME *);
+int ASN1_STRING_length(ASN1_STRING *);
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *);
+int ASN1_STRING_cmp(ASN1_STRING *, ASN1_STRING *);
+int ASN1_UTCTIME_print(BIO *, ASN1_UTCTIME *);
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *);
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *, ASN1_OCTET_STRING *);
+
+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *);
+int ASN1_INTEGER_cmp(ASN1_INTEGER *, ASN1_INTEGER *);
+long ASN1_INTEGER_get(ASN1_INTEGER *);
+
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *);
+
+/* These isn't a macro the arg is const on openssl 1.0.2+ */
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *);
+int ASN1_UTCTIME_check(ASN1_UTCTIME *);
+
+/* Not a macro, const on openssl 1.0 */
+int ASN1_STRING_set_default_mask_asc(char *);
+
+int i2d_ASN1_TYPE(ASN1_TYPE *, unsigned char **);
+ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **, const unsigned char **, long);
+"""
+
+CUSTOMIZATIONS = """
+/* This macro is removed in 1.1.0. We re-add it if required to support
+ pyOpenSSL versions older than whatever resolves
+ https://github.com/pyca/pyopenssl/issues/431 */
+#if !defined(M_ASN1_TIME_dup)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((const ASN1_STRING *)a)
+#endif
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/bignum.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bignum.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bignum.py
@@ -0,0 +1,88 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <openssl/bn.h>
+"""
+
+TYPES = """
+typedef ... BN_CTX;
+typedef ... BIGNUM;
+typedef int... BN_ULONG;
+"""
+
+FUNCTIONS = """
+BIGNUM *BN_new(void);
+void BN_free(BIGNUM *);
+
+BN_CTX *BN_CTX_new(void);
+void BN_CTX_free(BN_CTX *);
+
+void BN_CTX_start(BN_CTX *);
+BIGNUM *BN_CTX_get(BN_CTX *);
+void BN_CTX_end(BN_CTX *);
+
+BIGNUM *BN_copy(BIGNUM *, const BIGNUM *);
+BIGNUM *BN_dup(const BIGNUM *);
+
+int BN_set_word(BIGNUM *, BN_ULONG);
+BN_ULONG BN_get_word(const BIGNUM *);
+
+const BIGNUM *BN_value_one(void);
+
+char *BN_bn2hex(const BIGNUM *);
+int BN_hex2bn(BIGNUM **, const char *);
+int BN_dec2bn(BIGNUM **, const char *);
+
+int BN_bn2bin(const BIGNUM *, unsigned char *);
+BIGNUM *BN_bin2bn(const unsigned char *, int, BIGNUM *);
+
+int BN_num_bits(const BIGNUM *);
+
+int BN_cmp(const BIGNUM *, const BIGNUM *);
+int BN_add(BIGNUM *, const BIGNUM *, const BIGNUM *);
+int BN_sub(BIGNUM *, const BIGNUM *, const BIGNUM *);
+int BN_mul(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+int BN_sqr(BIGNUM *, const BIGNUM *, BN_CTX *);
+int BN_div(BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+int BN_nnmod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+int BN_mod_add(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *);
+int BN_mod_sub(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *);
+int BN_mod_mul(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *);
+int BN_mod_sqr(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+int BN_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+int BN_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *);
+int BN_gcd(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+BIGNUM *BN_mod_inverse(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+
+int BN_set_bit(BIGNUM *, int);
+int BN_clear_bit(BIGNUM *, int);
+
+int BN_is_bit_set(const BIGNUM *, int);
+
+int BN_mask_bits(BIGNUM *, int);
+"""
+
+MACROS = """
+int BN_num_bytes(const BIGNUM *);
+
+int BN_zero(BIGNUM *);
+int BN_one(BIGNUM *);
+int BN_mod(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+
+int BN_lshift(BIGNUM *, const BIGNUM *, int);
+int BN_lshift1(BIGNUM *, BIGNUM *);
+
+int BN_rshift(BIGNUM *, BIGNUM *, int);
+int BN_rshift1(BIGNUM *, BIGNUM *);
+"""
+
+CUSTOMIZATIONS = """
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/bio.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bio.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/bio.py
@@ -0,0 +1,147 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <openssl/bio.h>
+"""
+
+TYPES = """
+typedef struct bio_st BIO;
+typedef void bio_info_cb(BIO *, int, const char *, int, long, long);
+typedef ... bio_st;
+typedef ... BIO_METHOD;
+typedef ... BUF_MEM;
+
+static const int BIO_TYPE_MEM;
+static const int BIO_TYPE_FILE;
+static const int BIO_TYPE_FD;
+static const int BIO_TYPE_SOCKET;
+static const int BIO_TYPE_CONNECT;
+static const int BIO_TYPE_ACCEPT;
+static const int BIO_TYPE_NULL;
+static const int BIO_CLOSE;
+static const int BIO_NOCLOSE;
+static const int BIO_TYPE_SOURCE_SINK;
+static const int BIO_CTRL_RESET;
+static const int BIO_CTRL_EOF;
+static const int BIO_CTRL_SET;
+static const int BIO_CTRL_SET_CLOSE;
+static const int BIO_CTRL_FLUSH;
+static const int BIO_CTRL_DUP;
+static const int BIO_CTRL_GET_CLOSE;
+static const int BIO_CTRL_INFO;
+static const int BIO_CTRL_GET;
+static const int BIO_CTRL_PENDING;
+static const int BIO_CTRL_WPENDING;
+static const int BIO_C_FILE_SEEK;
+static const int BIO_C_FILE_TELL;
+static const int BIO_TYPE_NONE;
+static const int BIO_TYPE_NBIO_TEST;
+static const int BIO_TYPE_BIO;
+static const int BIO_TYPE_DESCRIPTOR;
+static const int BIO_FLAGS_READ;
+static const int BIO_FLAGS_WRITE;
+static const int BIO_FLAGS_IO_SPECIAL;
+static const int BIO_FLAGS_RWS;
+static const int BIO_FLAGS_SHOULD_RETRY;
+static const int BIO_TYPE_NULL_FILTER;
+static const int BIO_TYPE_SSL;
+static const int BIO_TYPE_MD;
+static const int BIO_TYPE_BUFFER;
+static const int BIO_TYPE_CIPHER;
+static const int BIO_TYPE_BASE64;
+static const int BIO_TYPE_FILTER;
+"""
+
+FUNCTIONS = """
+int BIO_free(BIO *);
+void BIO_vfree(BIO *);
+void BIO_free_all(BIO *);
+BIO *BIO_push(BIO *, BIO *);
+BIO *BIO_pop(BIO *);
+BIO *BIO_next(BIO *);
+BIO *BIO_find_type(BIO *, int);
+BIO *BIO_new_file(const char *, const char *);
+BIO *BIO_new_fp(FILE *, int);
+BIO *BIO_new_fd(int, int);
+BIO *BIO_new_socket(int, int);
+long BIO_ctrl(BIO *, int, long, void *);
+long BIO_callback_ctrl(
+ BIO *,
+ int,
+ void (*)(struct bio_st *, int, const char *, int, long, long)
+);
+long BIO_int_ctrl(BIO *, int, long, int);
+size_t BIO_ctrl_pending(BIO *);
+size_t BIO_ctrl_wpending(BIO *);
+int BIO_read(BIO *, void *, int);
+int BIO_gets(BIO *, char *, int);
+int BIO_write(BIO *, const void *, int);
+int BIO_puts(BIO *, const char *);
+int BIO_method_type(const BIO *);
+"""
+
+MACROS = """
+/* Added in 1.1.0 */
+int BIO_up_ref(BIO *);
+
+/* These added const to BIO_METHOD in 1.1.0 */
+BIO *BIO_new(BIO_METHOD *);
+BIO_METHOD *BIO_s_mem(void);
+BIO_METHOD *BIO_s_file(void);
+BIO_METHOD *BIO_s_fd(void);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_buffer(void);
+/* BIO_new_mem_buf became const void * in 1.0.2g */
+BIO *BIO_new_mem_buf(void *, int);
+long BIO_set_fd(BIO *, long, int);
+long BIO_get_fd(BIO *, char *);
+long BIO_set_mem_eof_return(BIO *, int);
+long BIO_get_mem_data(BIO *, char **);
+long BIO_set_mem_buf(BIO *, BUF_MEM *, int);
+long BIO_get_mem_ptr(BIO *, BUF_MEM **);
+long BIO_set_fp(BIO *, FILE *, int);
+long BIO_get_fp(BIO *, FILE **);
+long BIO_read_filename(BIO *, char *);
+long BIO_write_filename(BIO *, char *);
+long BIO_append_filename(BIO *, char *);
+long BIO_rw_filename(BIO *, char *);
+int BIO_should_read(BIO *);
+int BIO_should_write(BIO *);
+int BIO_should_io_special(BIO *);
+int BIO_retry_type(BIO *);
+int BIO_should_retry(BIO *);
+int BIO_reset(BIO *);
+int BIO_seek(BIO *, int);
+int BIO_tell(BIO *);
+int BIO_flush(BIO *);
+int BIO_eof(BIO *);
+int BIO_set_close(BIO *,long);
+int BIO_get_close(BIO *);
+int BIO_pending(BIO *);
+int BIO_wpending(BIO *);
+int BIO_get_info_callback(BIO *, bio_info_cb **);
+int BIO_set_info_callback(BIO *, bio_info_cb *);
+long BIO_get_buffer_num_lines(BIO *);
+long BIO_set_read_buffer_size(BIO *, long);
+long BIO_set_write_buffer_size(BIO *, long);
+long BIO_set_buffer_size(BIO *, long);
+long BIO_set_buffer_read_data(BIO *, void *, long);
+long BIO_set_nbio(BIO *, long);
+void BIO_set_retry_read(BIO *);
+void BIO_clear_retry_flags(BIO *);
+"""
+
+CUSTOMIZATIONS = """
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 || defined(LIBRESSL_VERSION_NUMBER)
+int BIO_up_ref(BIO *b) {
+ CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
+ return 1;
+}
+#endif
+"""
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/callbacks.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/callbacks.py
new file mode 100644
--- /dev/null
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/callbacks.py
@@ -0,0 +1,161 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import sys
+
+import cffi
+
+INCLUDES = """
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
_______________________________________________
pypy-commit mailing list
pypy-commit@python.org
https://mail.python.org/mailman/listinfo/pypy-commit
