|
Lines 73-78
Link Here
|
| 73 |
#include "openssl/err.h" |
73 |
#include "openssl/err.h" |
| 74 |
#include "openssl/rand.h" |
74 |
#include "openssl/rand.h" |
| 75 |
#include "openssl/bio.h" |
75 |
#include "openssl/bio.h" |
|
|
76 |
#include "openssl/dh.h" |
| 76 |
|
77 |
|
| 77 |
/* SSL error object */ |
78 |
/* SSL error object */ |
| 78 |
static PyObject *PySSLErrorObject; |
79 |
static PyObject *PySSLErrorObject; |
|
Lines 139-147
Link Here
|
| 139 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
140 |
#define HAVE_OPENSSL_CRYPTO_LOCK |
| 140 |
#endif |
141 |
#endif |
| 141 |
|
142 |
|
|
|
143 |
#ifndef OPENSSL_VERSION_1_1 |
| 142 |
#define TLS_method SSLv23_method |
144 |
#define TLS_method SSLv23_method |
| 143 |
#define TLS_client_method SSLv23_client_method |
145 |
#define TLS_client_method SSLv23_client_method |
| 144 |
#define TLS_server_method SSLv23_server_method |
146 |
#define TLS_server_method SSLv23_server_method |
|
|
147 |
#define X509_get0_notBefore X509_get_notBefore |
| 148 |
#define X509_get0_notAfter X509_get_notAfter |
| 149 |
#define ASN1_STRING_get0_data ASN1_STRING_data |
| 150 |
#define OpenSSL_version_num SSLeay |
| 151 |
#define OpenSSL_version SSLeay_version |
| 152 |
#define OPENSSL_VERSION SSLEAY_VERSION |
| 153 |
#endif |
| 145 |
|
154 |
|
| 146 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
155 |
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) |
| 147 |
{ |
156 |
{ |
|
Lines 1062-1068
Link Here
|
| 1062 |
goto fail; |
1071 |
goto fail; |
| 1063 |
} |
1072 |
} |
| 1064 |
PyTuple_SET_ITEM(t, 0, v); |
1073 |
PyTuple_SET_ITEM(t, 0, v); |
| 1065 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_data(as), |
1074 |
v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as), |
| 1066 |
ASN1_STRING_length(as)); |
1075 |
ASN1_STRING_length(as)); |
| 1067 |
if (v == NULL) { |
1076 |
if (v == NULL) { |
| 1068 |
Py_DECREF(t); |
1077 |
Py_DECREF(t); |
|
Lines 1365-1371
Link Here
|
| 1365 |
Py_DECREF(sn_obj); |
1374 |
Py_DECREF(sn_obj); |
| 1366 |
|
1375 |
|
| 1367 |
(void) BIO_reset(biobuf); |
1376 |
(void) BIO_reset(biobuf); |
| 1368 |
notBefore = X509_get_notBefore(certificate); |
1377 |
notBefore = X509_get0_notBefore(certificate); |
| 1369 |
ASN1_TIME_print(biobuf, notBefore); |
1378 |
ASN1_TIME_print(biobuf, notBefore); |
| 1370 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1379 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
| 1371 |
if (len < 0) { |
1380 |
if (len < 0) { |
|
Lines 1382-1388
Link Here
|
| 1382 |
Py_DECREF(pnotBefore); |
1391 |
Py_DECREF(pnotBefore); |
| 1383 |
|
1392 |
|
| 1384 |
(void) BIO_reset(biobuf); |
1393 |
(void) BIO_reset(biobuf); |
| 1385 |
notAfter = X509_get_notAfter(certificate); |
1394 |
notAfter = X509_get0_notAfter(certificate); |
| 1386 |
ASN1_TIME_print(biobuf, notAfter); |
1395 |
ASN1_TIME_print(biobuf, notAfter); |
| 1387 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
1396 |
len = BIO_gets(biobuf, buf, sizeof(buf)-1); |
| 1388 |
if (len < 0) { |
1397 |
if (len < 0) { |
|
Lines 2835-2841
Link Here
|
| 2835 |
conservative and assume it wasn't fixed until release. We do this check |
2844 |
conservative and assume it wasn't fixed until release. We do this check |
| 2836 |
at runtime to avoid problems from the dynamic linker. |
2845 |
at runtime to avoid problems from the dynamic linker. |
| 2837 |
See #25672 for more on this. */ |
2846 |
See #25672 for more on this. */ |
| 2838 |
libver = SSLeay(); |
2847 |
libver = OpenSSL_version_num(); |
| 2839 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
2848 |
if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) && |
| 2840 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
2849 |
!(libver >= 0x10000000UL && libver < 0x100000dfUL)) { |
| 2841 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
2850 |
SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS); |
|
Lines 4647-4653
Link Here
|
| 4647 |
if (bytes == NULL) |
4656 |
if (bytes == NULL) |
| 4648 |
return NULL; |
4657 |
return NULL; |
| 4649 |
if (pseudo) { |
4658 |
if (pseudo) { |
|
|
4659 |
#ifdef OPENSSL_VERSION_1_1 |
| 4660 |
ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
| 4661 |
#else |
| 4650 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
4662 |
ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len); |
|
|
4663 |
#endif |
| 4651 |
if (ok == 0 || ok == 1) |
4664 |
if (ok == 0 || ok == 1) |
| 4652 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
4665 |
return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False); |
| 4653 |
} |
4666 |
} |
|
Lines 5287-5293
Link Here
|
| 5287 |
return NULL; |
5300 |
return NULL; |
| 5288 |
PySocketModule = *socket_api; |
5301 |
PySocketModule = *socket_api; |
| 5289 |
|
5302 |
|
| 5290 |
#ifndef OPENSSL_VERSION_1_1 |
5303 |
#ifdef OPENSSL_VERSION_1_1 |
|
|
5304 |
OPENSSL_init_ssl(0, NULL); |
| 5305 |
#else |
| 5291 |
/* Load all algorithms and initialize cpuid */ |
5306 |
/* Load all algorithms and initialize cpuid */ |
| 5292 |
OPENSSL_add_all_algorithms_noconf(); |
5307 |
OPENSSL_add_all_algorithms_noconf(); |
| 5293 |
/* Init OpenSSL */ |
5308 |
/* Init OpenSSL */ |
|
Lines 5587-5596
Link Here
|
| 5587 |
return NULL; |
5602 |
return NULL; |
| 5588 |
|
5603 |
|
| 5589 |
/* OpenSSL version */ |
5604 |
/* OpenSSL version */ |
| 5590 |
/* SSLeay() gives us the version of the library linked against, |
5605 |
/* OpenSSL_version_num() gives us the version of the library linked against, |
| 5591 |
which could be different from the headers version. |
5606 |
which could be different from the headers version. |
| 5592 |
*/ |
5607 |
*/ |
| 5593 |
libver = SSLeay(); |
5608 |
libver = OpenSSL_version_num(); |
| 5594 |
r = PyLong_FromUnsignedLong(libver); |
5609 |
r = PyLong_FromUnsignedLong(libver); |
| 5595 |
if (r == NULL) |
5610 |
if (r == NULL) |
| 5596 |
return NULL; |
5611 |
return NULL; |
|
Lines 5600-5606
Link Here
|
| 5600 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
5615 |
r = Py_BuildValue("IIIII", major, minor, fix, patch, status); |
| 5601 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
5616 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) |
| 5602 |
return NULL; |
5617 |
return NULL; |
| 5603 |
r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); |
5618 |
r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION)); |
| 5604 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
5619 |
if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) |
| 5605 |
return NULL; |
5620 |
return NULL; |
| 5606 |
|
5621 |
|
