Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 592480 | Differences between
and this patch

Collapse All | Expand All

(-)Python-3.4.6-orig/Modules/_ssl.c (-48 / +117 lines)
Lines 90-95 Link Here
90
/* Include generated data (error codes) */
90
/* Include generated data (error codes) */
91
#include "_ssl_data.h"
91
#include "_ssl_data.h"
92
92
93
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
94
#  define OPENSSL_VERSION_1_1 1
95
#endif
96
93
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
97
/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
94
    http://www.openssl.org/news/changelog.html
98
    http://www.openssl.org/news/changelog.html
95
 */
99
 */
Lines 203-208 Link Here
203
# define HAVE_OPENSSL_VERIFY_PARAM
207
# define HAVE_OPENSSL_VERIFY_PARAM
204
#endif
208
#endif
205
209
210
#ifndef OPENSSL_VERSION_1_1
211
/* OpenSSL 1.1.0+ */
212
#ifndef OPENSSL_NO_SSL2
213
#define OPENSSL_NO_SSL2
214
#endif
215
#if defined(WITH_THREAD)
216
#define HAVE_OPENSSL_CRYPTO_LOCK
217
#endif
218
#endif
219
220
#ifndef OPENSSL_VERSION_1_1
221
#define TLS_method SSLv23_method
222
#define TLS_client_method SSLv23_client_method
223
#define TLS_server_method SSLv23_server_method
224
#define X509_get0_notBefore X509_get_notBefore
225
#define X509_get0_notAfter X509_get_notAfter
226
#define ASN1_STRING_get0_data ASN1_STRING_data
227
#define OpenSSL_version_num SSLeay
228
#define OpenSSL_version SSLeay_version
229
#define OPENSSL_VERSION SSLEAY_VERSION
230
#endif
206
231
207
typedef struct {
232
typedef struct {
208
    PyObject_HEAD
233
    PyObject_HEAD
Lines 691-697 Link Here
691
716
692
        /* check to see if we've gotten to a new RDN */
717
        /* check to see if we've gotten to a new RDN */
693
        if (rdn_level >= 0) {
718
        if (rdn_level >= 0) {
694
            if (rdn_level != entry->set) {
719
            if (rdn_level != X509_NAME_ENTRY_set(entry)) {
695
                /* yes, new RDN */
720
                /* yes, new RDN */
696
                /* add old RDN to DN */
721
                /* add old RDN to DN */
697
                rdnt = PyList_AsTuple(rdn);
722
                rdnt = PyList_AsTuple(rdn);
Lines 708-714 Link Here
708
                    goto fail0;
733
                    goto fail0;
709
            }
734
            }
710
        }
735
        }
711
        rdn_level = entry->set;
736
        rdn_level = X509_NAME_ENTRY_set(entry);
712
737
713
        /* now add this attribute to the current RDN */
738
        /* now add this attribute to the current RDN */
714
        name = X509_NAME_ENTRY_get_object(entry);
739
        name = X509_NAME_ENTRY_get_object(entry);
Lines 811-828 Link Here
811
            goto fail;
836
            goto fail;
812
        }
837
        }
813
838
814
        p = ext->value->data;
839
        p = X509_EXTENSION_get_data(ext)->data;
815
        if (method->it)
840
        if (method->it)
816
            names = (GENERAL_NAMES*)
841
            names = (GENERAL_NAMES*)
817
              (ASN1_item_d2i(NULL,
842
              (ASN1_item_d2i(NULL,
818
                             &p,
843
                             &p,
819
                             ext->value->length,
844
                             X509_EXTENSION_get_data(ext)->length,
820
                             ASN1_ITEM_ptr(method->it)));
845
                             ASN1_ITEM_ptr(method->it)));
821
        else
846
        else
822
            names = (GENERAL_NAMES*)
847
            names = (GENERAL_NAMES*)
823
              (method->d2i(NULL,
848
              (method->d2i(NULL,
824
                           &p,
849
                           &p,
825
                           ext->value->length));
850
                           X509_EXTENSION_get_data(ext)->length));
826
851
827
        for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
852
        for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
828
            /* get a rendering of each name in the set of names */
853
            /* get a rendering of each name in the set of names */
Lines 883-889 Link Here
883
                    goto fail;
908
                    goto fail;
884
                }
909
                }
885
                PyTuple_SET_ITEM(t, 0, v);
910
                PyTuple_SET_ITEM(t, 0, v);
886
                v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as),
911
                v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as),
887
                                                ASN1_STRING_length(as));
912
                                                ASN1_STRING_length(as));
888
                if (v == NULL) {
913
                if (v == NULL) {
889
                    Py_DECREF(t);
914
                    Py_DECREF(t);
Lines 1033-1045 Link Here
1033
    int i, j;
1058
    int i, j;
1034
    PyObject *lst, *res = NULL;
1059
    PyObject *lst, *res = NULL;
1035
1060
1036
#if OPENSSL_VERSION_NUMBER < 0x10001000L
1037
    dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
1061
    dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
1038
#else
1039
    /* Calls x509v3_cache_extensions and sets up crldp */
1040
    X509_check_ca(certificate);
1041
    dps = certificate->crldp;
1042
#endif
1043
1062
1044
    if (dps == NULL)
1063
    if (dps == NULL)
1045
        return Py_None;
1064
        return Py_None;
Lines 1161-1167 Link Here
1161
    Py_DECREF(sn_obj);
1180
    Py_DECREF(sn_obj);
1162
1181
1163
    (void) BIO_reset(biobuf);
1182
    (void) BIO_reset(biobuf);
1164
    notBefore = X509_get_notBefore(certificate);
1183
    notBefore = X509_get0_notBefore(certificate);
1165
    ASN1_TIME_print(biobuf, notBefore);
1184
    ASN1_TIME_print(biobuf, notBefore);
1166
    len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1185
    len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1167
    if (len < 0) {
1186
    if (len < 0) {
Lines 1178-1184 Link Here
1178
    Py_DECREF(pnotBefore);
1197
    Py_DECREF(pnotBefore);
1179
1198
1180
    (void) BIO_reset(biobuf);
1199
    (void) BIO_reset(biobuf);
1181
    notAfter = X509_get_notAfter(certificate);
1200
    notAfter = X509_get0_notAfter(certificate);
1182
    ASN1_TIME_print(biobuf, notAfter);
1201
    ASN1_TIME_print(biobuf, notAfter);
1183
    len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1202
    len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1184
    if (len < 0) {
1203
    if (len < 0) {
Lines 1427-1435 Link Here
1427
    if (self->ssl == NULL)
1446
    if (self->ssl == NULL)
1428
        Py_RETURN_NONE;
1447
        Py_RETURN_NONE;
1429
    comp_method = SSL_get_current_compression(self->ssl);
1448
    comp_method = SSL_get_current_compression(self->ssl);
1430
    if (comp_method == NULL || comp_method->type == NID_undef)
1449
    if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef)
1431
        Py_RETURN_NONE;
1450
        Py_RETURN_NONE;
1432
    short_name = OBJ_nid2sn(comp_method->type);
1451
    short_name = OBJ_nid2sn(COMP_get_type(comp_method));
1433
    if (short_name == NULL)
1452
    if (short_name == NULL)
1434
        Py_RETURN_NONE;
1453
        Py_RETURN_NONE;
1435
    return PyUnicode_DecodeFSDefault(short_name);
1454
    return PyUnicode_DecodeFSDefault(short_name);
Lines 1987-2010 Link Here
1987
        return NULL;
2006
        return NULL;
1988
2007
1989
    PySSL_BEGIN_ALLOW_THREADS
2008
    PySSL_BEGIN_ALLOW_THREADS
1990
    if (proto_version == PY_SSL_VERSION_TLS1)
2009
    if (proto_version == PY_SSL_VERSION_TLS1) {
2010
#ifdef OPENSSL_VERSION_1_1
2011
        ctx = SSL_CTX_new(TLS_method());
2012
        SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2013
#else
1991
        ctx = SSL_CTX_new(TLSv1_method());
2014
        ctx = SSL_CTX_new(TLSv1_method());
2015
#endif
2016
    }
1992
#if HAVE_TLSv1_2
2017
#if HAVE_TLSv1_2
1993
    else if (proto_version == PY_SSL_VERSION_TLS1_1)
2018
    else if (proto_version == PY_SSL_VERSION_TLS1_1) {
2019
#ifdef OPENSSL_VERSION_1_1
2020
        ctx = SSL_CTX_new(TLS_method());
2021
        SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2022
#else
1994
        ctx = SSL_CTX_new(TLSv1_1_method());
2023
        ctx = SSL_CTX_new(TLSv1_1_method());
1995
    else if (proto_version == PY_SSL_VERSION_TLS1_2)
2024
#endif
2025
    }
2026
    else if (proto_version == PY_SSL_VERSION_TLS1_2) {
2027
#ifdef OPENSSL_VERSION_1_1
2028
        ctx = SSL_CTX_new(TLS_method());
2029
        SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2030
#else
1996
        ctx = SSL_CTX_new(TLSv1_2_method());
2031
        ctx = SSL_CTX_new(TLSv1_2_method());
1997
#endif
2032
#endif
2033
    }
2034
#endif
1998
#ifndef OPENSSL_NO_SSL3
2035
#ifndef OPENSSL_NO_SSL3
1999
    else if (proto_version == PY_SSL_VERSION_SSL3)
2036
    else if (proto_version == PY_SSL_VERSION_SSL3) {
2037
#ifdef OPENSSL_VERSION_1_1
2038
        ctx = SSL_CTX_new(TLS_method());
2039
        SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2040
#else
2000
        ctx = SSL_CTX_new(SSLv3_method());
2041
        ctx = SSL_CTX_new(SSLv3_method());
2001
#endif
2042
#endif
2043
    }
2044
#endif
2002
#ifndef OPENSSL_NO_SSL2
2045
#ifndef OPENSSL_NO_SSL2
2003
    else if (proto_version == PY_SSL_VERSION_SSL2)
2046
    else if (proto_version == PY_SSL_VERSION_SSL2) {
2047
#ifdef OPENSSL_VERSION_1_1
2048
        ctx = SSL_CTX_new(TLS_method());
2049
        SSL_CTX_set_min_proto_version(ctx, SSL2_VERSION);
2050
#else
2004
        ctx = SSL_CTX_new(SSLv2_method());
2051
        ctx = SSL_CTX_new(SSLv2_method());
2005
#endif
2052
#endif
2053
    }
2054
#endif
2006
    else if (proto_version == PY_SSL_VERSION_SSL23)
2055
    else if (proto_version == PY_SSL_VERSION_SSL23)
2007
        ctx = SSL_CTX_new(SSLv23_method());
2056
        ctx = SSL_CTX_new(TLS_method());
2008
    else
2057
    else
2009
        proto_version = -1;
2058
        proto_version = -1;
2010
    PySSL_END_ALLOW_THREADS
2059
    PySSL_END_ALLOW_THREADS
Lines 2259-2268 Link Here
2259
get_verify_flags(PySSLContext *self, void *c)
2308
get_verify_flags(PySSLContext *self, void *c)
2260
{
2309
{
2261
    X509_STORE *store;
2310
    X509_STORE *store;
2311
    X509_VERIFY_PARAM *param;
2262
    unsigned long flags;
2312
    unsigned long flags;
2263
2313
2264
    store = SSL_CTX_get_cert_store(self->ctx);
2314
    store = SSL_CTX_get_cert_store(self->ctx);
2265
    flags = X509_VERIFY_PARAM_get_flags(store->param);
2315
    param = X509_STORE_get0_param(store);
2316
    flags = X509_VERIFY_PARAM_get_flags(param);
2266
    return PyLong_FromUnsignedLong(flags);
2317
    return PyLong_FromUnsignedLong(flags);
2267
}
2318
}
2268
2319
Lines 2270-2291 Link Here
2270
set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
2321
set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
2271
{
2322
{
2272
    X509_STORE *store;
2323
    X509_STORE *store;
2324
    X509_VERIFY_PARAM *param;
2273
    unsigned long new_flags, flags, set, clear;
2325
    unsigned long new_flags, flags, set, clear;
2274
2326
2275
    if (!PyArg_Parse(arg, "k", &new_flags))
2327
    if (!PyArg_Parse(arg, "k", &new_flags))
2276
        return -1;
2328
        return -1;
2277
    store = SSL_CTX_get_cert_store(self->ctx);
2329
    store = SSL_CTX_get_cert_store(self->ctx);
2278
    flags = X509_VERIFY_PARAM_get_flags(store->param);
2330
    param = X509_STORE_get0_param(store);
2331
    flags = X509_VERIFY_PARAM_get_flags(param);
2279
    clear = flags & ~new_flags;
2332
    clear = flags & ~new_flags;
2280
    set = ~flags & new_flags;
2333
    set = ~flags & new_flags;
2281
    if (clear) {
2334
    if (clear) {
2282
        if (!X509_VERIFY_PARAM_clear_flags(store->param, clear)) {
2335
        if (!X509_VERIFY_PARAM_clear_flags(param, clear)) {
2283
            _setSSLError(NULL, 0, __FILE__, __LINE__);
2336
            _setSSLError(NULL, 0, __FILE__, __LINE__);
2284
            return -1;
2337
            return -1;
2285
        }
2338
        }
2286
    }
2339
    }
2287
    if (set) {
2340
    if (set) {
2288
        if (!X509_VERIFY_PARAM_set_flags(store->param, set)) {
2341
        if (!X509_VERIFY_PARAM_set_flags(param, set)) {
2289
            _setSSLError(NULL, 0, __FILE__, __LINE__);
2342
            _setSSLError(NULL, 0, __FILE__, __LINE__);
2290
            return -1;
2343
            return -1;
2291
        }
2344
        }
Lines 2455-2462 Link Here
2455
    char *kwlist[] = {"certfile", "keyfile", "password", NULL};
2508
    char *kwlist[] = {"certfile", "keyfile", "password", NULL};
2456
    PyObject *certfile, *keyfile = NULL, *password = NULL;
2509
    PyObject *certfile, *keyfile = NULL, *password = NULL;
2457
    PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL;
2510
    PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL;
2458
    pem_password_cb *orig_passwd_cb = self->ctx->default_passwd_callback;
2511
    pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx);
2459
    void *orig_passwd_userdata = self->ctx->default_passwd_callback_userdata;
2512
    void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx);
2460
    _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
2513
    _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
2461
    int r;
2514
    int r;
2462
2515
Lines 2587-2594 Link Here
2587
            cert = d2i_X509_bio(biobuf, NULL);
2640
            cert = d2i_X509_bio(biobuf, NULL);
2588
        } else {
2641
        } else {
2589
            cert = PEM_read_bio_X509(biobuf, NULL,
2642
            cert = PEM_read_bio_X509(biobuf, NULL,
2590
                                     self->ctx->default_passwd_callback,
2643
                                     SSL_CTX_get_default_passwd_cb(self->ctx),
2591
                                     self->ctx->default_passwd_callback_userdata);
2644
                                     SSL_CTX_get_default_passwd_cb_userdata(self->ctx)
2645
                                     );
2592
        }
2646
        }
2593
        if (cert == NULL) {
2647
        if (cert == NULL) {
2594
            break;
2648
            break;
Lines 3036-3060 Link Here
3036
cert_store_stats(PySSLContext *self)
3090
cert_store_stats(PySSLContext *self)
3037
{
3091
{
3038
    X509_STORE *store;
3092
    X509_STORE *store;
3093
    STACK_OF(X509_OBJECT) *objs;
3039
    X509_OBJECT *obj;
3094
    X509_OBJECT *obj;
3040
    int x509 = 0, crl = 0, pkey = 0, ca = 0, i;
3095
    int x509 = 0, crl = 0, ca = 0, i;
3041
3096
3042
    store = SSL_CTX_get_cert_store(self->ctx);
3097
    store = SSL_CTX_get_cert_store(self->ctx);
3043
    for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) {
3098
    objs = X509_STORE_get0_objects(store);
3044
        obj = sk_X509_OBJECT_value(store->objs, i);
3099
    for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
3045
        switch (obj->type) {
3100
        obj = sk_X509_OBJECT_value(objs, i);
3101
        switch (X509_OBJECT_get_type(obj)) {
3046
            case X509_LU_X509:
3102
            case X509_LU_X509:
3047
                x509++;
3103
                x509++;
3048
                if (X509_check_ca(obj->data.x509)) {
3104
                if (X509_check_ca(X509_OBJECT_get0_X509(obj))) {
3049
                    ca++;
3105
                    ca++;
3050
                }
3106
                }
3051
                break;
3107
                break;
3052
            case X509_LU_CRL:
3108
            case X509_LU_CRL:
3053
                crl++;
3109
                crl++;
3054
                break;
3110
                break;
3055
            case X509_LU_PKEY:
3056
                pkey++;
3057
                break;
3058
            default:
3111
            default:
3059
                /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY.
3112
                /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY.
3060
                 * As far as I can tell they are internal states and never
3113
                 * As far as I can tell they are internal states and never
Lines 3079-3084 Link Here
3079
{
3132
{
3080
    char *kwlist[] = {"binary_form", NULL};
3133
    char *kwlist[] = {"binary_form", NULL};
3081
    X509_STORE *store;
3134
    X509_STORE *store;
3135
    STACK_OF(X509_OBJECT) *objs;
3082
    PyObject *ci = NULL, *rlist = NULL;
3136
    PyObject *ci = NULL, *rlist = NULL;
3083
    int i;
3137
    int i;
3084
    int binary_mode = 0;
3138
    int binary_mode = 0;
Lines 3093-3109 Link Here
3093
    }
3147
    }
3094
3148
3095
    store = SSL_CTX_get_cert_store(self->ctx);
3149
    store = SSL_CTX_get_cert_store(self->ctx);
3096
    for (i = 0; i < sk_X509_OBJECT_num(store->objs); i++) {
3150
    objs = X509_STORE_get0_objects(store);
3151
    for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
3097
        X509_OBJECT *obj;
3152
        X509_OBJECT *obj;
3098
        X509 *cert;
3153
        X509 *cert;
3099
3154
3100
        obj = sk_X509_OBJECT_value(store->objs, i);
3155
        obj = sk_X509_OBJECT_value(objs, i);
3101
        if (obj->type != X509_LU_X509) {
3156
        if (X509_OBJECT_get_type(obj) != X509_LU_X509) {
3102
            /* not a x509 cert */
3157
            /* not a x509 cert */
3103
            continue;
3158
            continue;
3104
        }
3159
        }
3105
        /* CA for any purpose */
3160
        /* CA for any purpose */
3106
        cert = obj->data.x509;
3161
        cert = X509_OBJECT_get0_X509(obj);
3107
        if (!X509_check_ca(cert)) {
3162
        if (!X509_check_ca(cert)) {
3108
            continue;
3163
            continue;
3109
        }
3164
        }
Lines 3262-3268 Link Here
3262
    if (bytes == NULL)
3317
    if (bytes == NULL)
3263
        return NULL;
3318
        return NULL;
3264
    if (pseudo) {
3319
    if (pseudo) {
3320
#ifdef OPENSSL_VERSION_1_1
3321
        ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
3322
#else
3265
        ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
3323
        ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
3324
#endif
3266
        if (ok == 0 || ok == 1)
3325
        if (ok == 0 || ok == 1)
3267
            return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False);
3326
            return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False);
3268
    }
3327
    }
Lines 3776-3782 Link Here
3776
};
3835
};
3777
3836
3778
3837
3779
#ifdef WITH_THREAD
3838
#ifdef HAVE_OPENSSL_CRYPTO_LOCK
3780
3839
3781
/* an implementation of OpenSSL threading operations in terms
3840
/* an implementation of OpenSSL threading operations in terms
3782
   of the Python C thread library */
3841
   of the Python C thread library */
Lines 3860-3866 Link Here
3860
    return 1;
3919
    return 1;
3861
}
3920
}
3862
3921
3863
#endif  /* def HAVE_THREAD */
3922
#endif  /* HAVE_OPENSSL_CRYPTO_LOCK for WITH_THREAD && OpenSSL < 1.1.0 */
3864
3923
3865
PyDoc_STRVAR(module_doc,
3924
PyDoc_STRVAR(module_doc,
3866
"Implementation module for SSL socket operations.  See the socket module\n\
3925
"Implementation module for SSL socket operations.  See the socket module\n\
Lines 3924-3939 Link Here
3924
    PySocketModule = *socket_api;
3983
    PySocketModule = *socket_api;
3925
3984
3926
    /* Init OpenSSL */
3985
    /* Init OpenSSL */
3986
#ifdef OPENSSL_VERSION_1_1
3987
    OPENSSL_init_ssl(0, NULL);
3988
#else
3927
    SSL_load_error_strings();
3989
    SSL_load_error_strings();
3928
    SSL_library_init();
3990
    SSL_library_init();
3991
#endif
3929
#ifdef WITH_THREAD
3992
#ifdef WITH_THREAD
3993
#ifdef HAVE_OPENSSL_CRYPTO_LOCK
3930
    /* note that this will start threading if not already started */
3994
    /* note that this will start threading if not already started */
3931
    if (!_setup_ssl_threads()) {
3995
    if (!_setup_ssl_threads()) {
3932
        return NULL;
3996
        return NULL;
3933
    }
3997
    }
3998
#elif OPENSSL_VERSION_1_1 && defined(OPENSSL_THREADS)
3999
    /* OpenSSL 1.1.0 builtin thread support is enabled */
4000
    _ssl_locks_count++;
3934
#endif
4001
#endif
4002
#endif  /* WITH_THREAD */
4003
#ifndef OPENSSL_VERSION_1_1
3935
    OpenSSL_add_all_algorithms();
4004
    OpenSSL_add_all_algorithms();
3936
4005
#endif
3937
    /* Add symbols to module dict */
4006
    /* Add symbols to module dict */
3938
    sslerror_type_slots[0].pfunc = PyExc_OSError;
4007
    sslerror_type_slots[0].pfunc = PyExc_OSError;
3939
    PySSLErrorObject = PyType_FromSpec(&sslerror_type_spec);
4008
    PySSLErrorObject = PyType_FromSpec(&sslerror_type_spec);
Lines 4183-4192 Link Here
4183
        return NULL;
4252
        return NULL;
4184
4253
4185
    /* OpenSSL version */
4254
    /* OpenSSL version */
4186
    /* SSLeay() gives us the version of the library linked against,
4255
    /* OpenSSL_version_num() gives us the version of the library linked against,
4187
       which could be different from the headers version.
4256
       which could be different from the headers version.
4188
    */
4257
    */
4189
    libver = SSLeay();
4258
    libver = OpenSSL_version_num();
4190
    r = PyLong_FromUnsignedLong(libver);
4259
    r = PyLong_FromUnsignedLong(libver);
4191
    if (r == NULL)
4260
    if (r == NULL)
4192
        return NULL;
4261
        return NULL;
Lines 4196-4202 Link Here
4196
    r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
4265
    r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
4197
    if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
4266
    if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
4198
        return NULL;
4267
        return NULL;
4199
    r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION));
4268
    r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION));
4200
    if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
4269
    if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
4201
        return NULL;
4270
        return NULL;
4202
4271
(-)Python-3.4.6-orig/Modules/_hashopenssl.c (-22 / +48 lines)
Lines 20-26 Link Here
20
20
21
/* EVP is the preferred interface to hashing in OpenSSL */
21
/* EVP is the preferred interface to hashing in OpenSSL */
22
#include <openssl/evp.h>
22
#include <openssl/evp.h>
23
#include <openssl/hmac.h>
24
/* We use the object interface to discover what hashes OpenSSL supports. */
23
/* We use the object interface to discover what hashes OpenSSL supports. */
25
#include <openssl/objects.h>
24
#include <openssl/objects.h>
26
#include "openssl/err.h"
25
#include "openssl/err.h"
Lines 36-45 Link Here
36
#define _OPENSSL_SUPPORTS_SHA2
35
#define _OPENSSL_SUPPORTS_SHA2
37
#endif
36
#endif
38
37
38
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
39
/* OpenSSL < 1.1.0 */
40
#define EVP_MD_CTX_new EVP_MD_CTX_create
41
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
42
#define HAS_FAST_PKCS5_PBKDF2_HMAC 0
43
#include <openssl/hmac.h>
44
#else
45
/* OpenSSL >= 1.1.0 */
46
#define HAS_FAST_PKCS5_PBKDF2_HMAC 1
47
#endif
48
39
typedef struct {
49
typedef struct {
40
    PyObject_HEAD
50
    PyObject_HEAD
41
    PyObject            *name;  /* name of this hash algorithm */
51
    PyObject            *name;  /* name of this hash algorithm */
42
    EVP_MD_CTX           ctx;   /* OpenSSL message digest context */
52
    EVP_MD_CTX          *ctx;   /* OpenSSL message digest context */
43
#ifdef WITH_THREAD
53
#ifdef WITH_THREAD
44
    PyThread_type_lock   lock;  /* OpenSSL context lock */
54
    PyThread_type_lock   lock;  /* OpenSSL context lock */
45
#endif
55
#endif
Lines 51-57 Link Here
51
61
52
#define DEFINE_CONSTS_FOR_NEW(Name)  \
62
#define DEFINE_CONSTS_FOR_NEW(Name)  \
53
    static PyObject *CONST_ ## Name ## _name_obj = NULL; \
63
    static PyObject *CONST_ ## Name ## _name_obj = NULL; \
54
    static EVP_MD_CTX CONST_new_ ## Name ## _ctx; \
55
    static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL;
64
    static EVP_MD_CTX *CONST_new_ ## Name ## _ctx_p = NULL;
56
65
57
DEFINE_CONSTS_FOR_NEW(md5)
66
DEFINE_CONSTS_FOR_NEW(md5)
Lines 91-97 Link Here
91
            process = MUNCH_SIZE;
100
            process = MUNCH_SIZE;
92
        else
101
        else
93
            process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int);
102
            process = Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int);
94
        EVP_DigestUpdate(&self->ctx, (const void*)cp, process);
103
        EVP_DigestUpdate(self->ctx, (const void*)cp, process);
95
        len -= process;
104
        len -= process;
96
        cp += process;
105
        cp += process;
97
    }
106
    }
Lines 106-112 Link Here
106
    if (self->lock != NULL)
115
    if (self->lock != NULL)
107
        PyThread_free_lock(self->lock);
116
        PyThread_free_lock(self->lock);
108
#endif
117
#endif
109
    EVP_MD_CTX_cleanup(&self->ctx);
118
    EVP_MD_CTX_free(self->ctx);
110
    Py_XDECREF(self->name);
119
    Py_XDECREF(self->name);
111
    PyObject_Del(self);
120
    PyObject_Del(self);
112
}
121
}
Lines 114-120 Link Here
114
static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)
123
static void locked_EVP_MD_CTX_copy(EVP_MD_CTX *new_ctx_p, EVPobject *self)
115
{
124
{
116
    ENTER_HASHLIB(self);
125
    ENTER_HASHLIB(self);
117
    EVP_MD_CTX_copy(new_ctx_p, &self->ctx);
126
    EVP_MD_CTX_copy(new_ctx_p, self->ctx);
118
    LEAVE_HASHLIB(self);
127
    LEAVE_HASHLIB(self);
119
}
128
}
120
129
Lines 131-137 Link Here
131
    if ( (newobj = newEVPobject(self->name))==NULL)
140
    if ( (newobj = newEVPobject(self->name))==NULL)
132
        return NULL;
141
        return NULL;
133
142
134
    locked_EVP_MD_CTX_copy(&newobj->ctx, self);
143
    locked_EVP_MD_CTX_copy(newobj->ctx, self);
135
    return (PyObject *)newobj;
144
    return (PyObject *)newobj;
136
}
145
}
137
146
Lines 142-157 Link Here
142
EVP_digest(EVPobject *self, PyObject *unused)
151
EVP_digest(EVPobject *self, PyObject *unused)
143
{
152
{
144
    unsigned char digest[EVP_MAX_MD_SIZE];
153
    unsigned char digest[EVP_MAX_MD_SIZE];
145
    EVP_MD_CTX temp_ctx;
154
    EVP_MD_CTX *temp_ctx;
146
    PyObject *retval;
155
    PyObject *retval;
147
    unsigned int digest_size;
156
    unsigned int digest_size;
148
157
149
    locked_EVP_MD_CTX_copy(&temp_ctx, self);
158
    temp_ctx = EVP_MD_CTX_new();
159
    if (temp_ctx == NULL) {
160
        PyErr_NoMemory();
161
        return NULL;
162
    }
163
164
    locked_EVP_MD_CTX_copy(temp_ctx, self);
150
    digest_size = EVP_MD_CTX_size(&temp_ctx);
165
    digest_size = EVP_MD_CTX_size(&temp_ctx);
151
    EVP_DigestFinal(&temp_ctx, digest, NULL);
166
    EVP_DigestFinal(temp_ctx, digest, NULL);
152
167
153
    retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
168
    retval = PyBytes_FromStringAndSize((const char *)digest, digest_size);
154
    EVP_MD_CTX_cleanup(&temp_ctx);
169
    EVP_MD_CTX_free(temp_ctx);
155
    return retval;
170
    return retval;
156
}
171
}
157
172
Lines 162-178 Link Here
162
EVP_hexdigest(EVPobject *self, PyObject *unused)
177
EVP_hexdigest(EVPobject *self, PyObject *unused)
163
{
178
{
164
    unsigned char digest[EVP_MAX_MD_SIZE];
179
    unsigned char digest[EVP_MAX_MD_SIZE];
165
    EVP_MD_CTX temp_ctx;
180
    EVP_MD_CTX *temp_ctx;
166
    PyObject *retval;
181
    PyObject *retval;
167
    char *hex_digest;
182
    char *hex_digest;
168
    unsigned int i, j, digest_size;
183
    unsigned int i, j, digest_size;
169
184
170
    /* Get the raw (binary) digest value */
185
    /* Get the raw (binary) digest value */
171
    locked_EVP_MD_CTX_copy(&temp_ctx, self);
186
    locked_EVP_MD_CTX_copy(temp_ctx, self);
172
    digest_size = EVP_MD_CTX_size(&temp_ctx);
187
    digest_size = EVP_MD_CTX_size(temp_ctx);
173
    EVP_DigestFinal(&temp_ctx, digest, NULL);
188
    EVP_DigestFinal(temp_ctx, digest, NULL);
174
189
175
    EVP_MD_CTX_cleanup(&temp_ctx);
190
    EVP_MD_CTX_free(temp_ctx);
176
191
177
    /* Allocate a new buffer */
192
    /* Allocate a new buffer */
178
    hex_digest = PyMem_Malloc(digest_size * 2 + 1);
193
    hex_digest = PyMem_Malloc(digest_size * 2 + 1);
Lines 241-247 Link Here
241
EVP_get_block_size(EVPobject *self, void *closure)
256
EVP_get_block_size(EVPobject *self, void *closure)
242
{
257
{
243
    long block_size;
258
    long block_size;
244
    block_size = EVP_MD_CTX_block_size(&self->ctx);
259
    block_size = EVP_MD_CTX_block_size(self->ctx);
245
    return PyLong_FromLong(block_size);
260
    return PyLong_FromLong(block_size);
246
}
261
}
247
262
Lines 249-255 Link Here
249
EVP_get_digest_size(EVPobject *self, void *closure)
264
EVP_get_digest_size(EVPobject *self, void *closure)
250
{
265
{
251
    long size;
266
    long size;
252
    size = EVP_MD_CTX_size(&self->ctx);
267
    size = EVP_MD_CTX_size(self->ctx);
253
    return PyLong_FromLong(size);
268
    return PyLong_FromLong(size);
254
}
269
}
255
270
Lines 310-316 Link Here
310
            PyBuffer_Release(&view);
325
            PyBuffer_Release(&view);
311
        return -1;
326
        return -1;
312
    }
327
    }
313
    EVP_DigestInit(&self->ctx, digest);
328
    EVP_DigestInit(self->ctx, digest);
314
329
315
    self->name = name_obj;
330
    self->name = name_obj;
316
    Py_INCREF(self->name);
331
    Py_INCREF(self->name);
Lines 407-415 Link Here
407
        return NULL;
422
        return NULL;
408
423
409
    if (initial_ctx) {
424
    if (initial_ctx) {
410
        EVP_MD_CTX_copy(&self->ctx, initial_ctx);
425
        EVP_MD_CTX_copy(self->ctx, initial_ctx);
411
    } else {
426
    } else {
412
        EVP_DigestInit(&self->ctx, digest);
427
        EVP_DigestInit(self->ctx, digest);
413
    }
428
    }
414
429
415
    if (cp && len) {
430
    if (cp && len) {
Lines 475-480 Link Here
475
490
476
#define PY_PBKDF2_HMAC 1
491
#define PY_PBKDF2_HMAC 1
477
492
493
#if !HAS_FAST_PKCS5_PBKDF2_HMAC
478
/* Improved implementation of PKCS5_PBKDF2_HMAC()
494
/* Improved implementation of PKCS5_PBKDF2_HMAC()
479
 *
495
 *
480
 * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of
496
 * PKCS5_PBKDF2_HMAC_fast() hashes the password exactly one time instead of
Lines 556-561 Link Here
556
    HMAC_CTX_cleanup(&hctx_tpl);
572
    HMAC_CTX_cleanup(&hctx_tpl);
557
    return 1;
573
    return 1;
558
}
574
}
575
#endif
559
576
560
/* LCOV_EXCL_START */
577
/* LCOV_EXCL_START */
561
static PyObject *
578
static PyObject *
Lines 668-677 Link Here
668
    key = PyBytes_AS_STRING(key_obj);
685
    key = PyBytes_AS_STRING(key_obj);
669
686
670
    Py_BEGIN_ALLOW_THREADS
687
    Py_BEGIN_ALLOW_THREADS
688
#if HAS_FAST_PKCS5_PBKDF2_HMAC
689
    retval = PKCS5_PBKDF2_HMAC((char*)password.buf, (int)password.len,
690
                               (unsigned char *)salt.buf, (int)salt.len,
691
                               iterations, digest, dklen,
692
                               (unsigned char *)key);
693
#else
671
    retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len,
694
    retval = PKCS5_PBKDF2_HMAC_fast((char*)password.buf, (int)password.len,
672
                                    (unsigned char *)salt.buf, (int)salt.len,
695
                                    (unsigned char *)salt.buf, (int)salt.len,
673
                                    iterations, digest, dklen,
696
                                    iterations, digest, dklen,
674
                                    (unsigned char *)key);
697
                                    (unsigned char *)key);
698
#endif
675
    Py_END_ALLOW_THREADS
699
    Py_END_ALLOW_THREADS
676
700
677
    if (!retval) {
701
    if (!retval) {
Lines 790-796 Link Here
790
    if (CONST_ ## NAME ## _name_obj == NULL) { \
814
    if (CONST_ ## NAME ## _name_obj == NULL) { \
791
        CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \
815
        CONST_ ## NAME ## _name_obj = PyUnicode_FromString(#NAME); \
792
        if (EVP_get_digestbyname(#NAME)) { \
816
        if (EVP_get_digestbyname(#NAME)) { \
793
            CONST_new_ ## NAME ## _ctx_p = &CONST_new_ ## NAME ## _ctx; \
817
            CONST_new_ ## NAME ## _ctx_p = EVP_MD_CTX_new(); \
794
            EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \
818
            EVP_DigestInit(CONST_new_ ## NAME ## _ctx_p, EVP_get_digestbyname(#NAME)); \
795
        } \
819
        } \
796
    } \
820
    } \
Lines 845-852 Link Here
845
{
869
{
846
    PyObject *m, *openssl_md_meth_names;
870
    PyObject *m, *openssl_md_meth_names;
847
871
872
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
848
    OpenSSL_add_all_digests();
873
    OpenSSL_add_all_digests();
849
    ERR_load_crypto_strings();
874
    ERR_load_crypto_strings();
875
#endif
850
876
851
    /* TODO build EVP_functions openssl_* entries dynamically based
877
    /* TODO build EVP_functions openssl_* entries dynamically based
852
     * on what hashes are supported rather than listing many
878
     * on what hashes are supported rather than listing many

Return to bug 592480