Skip to content

Commit

Permalink
Merge pull request #88 from samrushing/issue-87
Browse files Browse the repository at this point in the history 
support changed openssl 1.1.0 APIs for EVP_{MD,CIPHER}_CTX.
  • Loading branch information
@samrushing
samrushing committed Jul 2, 2019
2 parents 17c8d10 + ab29292 commit 9496a64
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 30 deletions.
17 changes: 6 additions & 11 deletions coro/ssl/openssl.pxi
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -115,17 +115,9 @@ cdef extern from "openssl/rsa.h":
cdef extern from "openssl/evp.h": cdef extern from "openssl/evp.h":
ctypedef struct EVP_PKEY ctypedef struct EVP_PKEY
ctypedef struct EVP_CIPHER ctypedef struct EVP_CIPHER
ctypedef struct EVP_CIPHER_CTX: ctypedef struct EVP_CIPHER_CTX
# for some reason pyrex won't just let me declare the struct's existence.
int nid
int block_size
int key_len
int iv_len
unsigned long flags
ctypedef struct EVP_MD ctypedef struct EVP_MD
ctypedef struct EVP_MD_CTX: ctypedef struct EVP_MD_CTX
# same as above
unsigned long flags
EVP_MD *EVP_sha256() EVP_MD *EVP_sha256()
EVP_MD *EVP_sha512() EVP_MD *EVP_sha512()
EVP_PKEY * EVP_PKEY_new() EVP_PKEY * EVP_PKEY_new()
Expand All @@ -136,13 +128,16 @@ cdef extern from "openssl/evp.h":
void EVP_CIPHER_free (EVP_CIPHER *) void EVP_CIPHER_free (EVP_CIPHER *)
EVP_CIPHER * EVP_get_cipherbyname (char *) EVP_CIPHER * EVP_get_cipherbyname (char *)
EVP_MD * EVP_get_digestbyname (char *) EVP_MD * EVP_get_digestbyname (char *)
EVP_CIPHER_CTX * EVP_CIPHER_CTX_new()
void EVP_CIPHER_CTX_free (EVP_CIPHER_CTX *)
void EVP_CIPHER_CTX_init (EVP_CIPHER_CTX *) void EVP_CIPHER_CTX_init (EVP_CIPHER_CTX *)
EVP_MD_CTX * EVP_MD_CTX_new ()
void EVP_MD_CTX_free (EVP_MD_CTX *)
void EVP_MD_CTX_init (EVP_MD_CTX *) void EVP_MD_CTX_init (EVP_MD_CTX *)
int EVP_CIPHER_CTX_set_key_length (EVP_CIPHER_CTX *, int) int EVP_CIPHER_CTX_set_key_length (EVP_CIPHER_CTX *, int)
int EVP_CIPHER_CTX_key_length (EVP_CIPHER_CTX *) int EVP_CIPHER_CTX_key_length (EVP_CIPHER_CTX *)
int EVP_CIPHER_CTX_iv_length (EVP_CIPHER_CTX *) int EVP_CIPHER_CTX_iv_length (EVP_CIPHER_CTX *)
int EVP_CIPHER_CTX_cleanup (EVP_CIPHER_CTX *) int EVP_CIPHER_CTX_cleanup (EVP_CIPHER_CTX *)
int EVP_MD_CTX_cleanup (EVP_MD_CTX *)
int EVP_CipherInit_ex (EVP_CIPHER_CTX *, EVP_CIPHER *, void *, char *, char *, int) int EVP_CipherInit_ex (EVP_CIPHER_CTX *, EVP_CIPHER *, void *, char *, char *, int)
int EVP_DigestInit_ex (EVP_MD_CTX *, EVP_MD *, void *) int EVP_DigestInit_ex (EVP_MD_CTX *, EVP_MD *, void *)
int EVP_CipherUpdate (EVP_CIPHER_CTX *, char *, int *, char *, int) int EVP_CipherUpdate (EVP_CIPHER_CTX *, char *, int *, char *, int)
Expand Down
41 changes: 22 additions & 19 deletions coro/ssl/openssl.pyx
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -1200,7 +1200,7 @@ IF NPN:


cdef class cipher: cdef class cipher:


cdef EVP_CIPHER_CTX ctx cdef EVP_CIPHER_CTX * ctx
cdef readonly int block_size cdef readonly int block_size
cdef readonly int encrypt cdef readonly int encrypt
cdef readonly object key cdef readonly object key
Expand All @@ -1212,32 +1212,34 @@ cdef class cipher:
cipher = EVP_get_cipherbyname (kind) cipher = EVP_get_cipherbyname (kind)
if cipher is NULL: if cipher is NULL:
raise UnknownCipherType (kind) raise UnknownCipherType (kind)
EVP_CIPHER_CTX_init (&self.ctx) self.ctx = EVP_CIPHER_CTX_new()
if EVP_CipherInit_ex (&self.ctx, cipher, NULL, NULL, NULL, encrypt) == 0: if EVP_CipherInit_ex (self.ctx, cipher, NULL, NULL, NULL, encrypt) == 0:
raise_ssl_error() raise_ssl_error()
if key is not None: if key is not None:
self.set_key (key) self.set_key (key)
if iv is not None: if iv is not None:
self.set_iv (iv) self.set_iv (iv)
self.block_size = EVP_CIPHER_CTX_block_size (&self.ctx) self.block_size = EVP_CIPHER_CTX_block_size (self.ctx)


def __dealloc__ (self): def __dealloc__ (self):
EVP_CIPHER_CTX_cleanup (&self.ctx) EVP_CIPHER_CTX_cleanup (self.ctx)
EVP_CIPHER_CTX_free (self.ctx)
self.ctx = NULL


def get_key_length (self): def get_key_length (self):
return EVP_CIPHER_CTX_key_length (&self.ctx) return EVP_CIPHER_CTX_key_length (self.ctx)


def get_iv_length (self): def get_iv_length (self):
return EVP_CIPHER_CTX_iv_length (&self.ctx) return EVP_CIPHER_CTX_iv_length (self.ctx)


cpdef set_key (self, bytes key): cpdef set_key (self, bytes key):
if EVP_CipherInit_ex (&self.ctx, NULL, NULL, <char *> key, NULL, self.encrypt) == 0: if EVP_CipherInit_ex (self.ctx, NULL, NULL, <char *> key, NULL, self.encrypt) == 0:
raise_ssl_error() raise_ssl_error()
else: else:
self.key = key self.key = key


cpdef set_iv (self, bytes iv): cpdef set_iv (self, bytes iv):
if EVP_CipherInit_ex (&self.ctx, NULL, NULL, NULL, <char *> iv, self.encrypt) == 0: if EVP_CipherInit_ex (self.ctx, NULL, NULL, NULL, <char *> iv, self.encrypt) == 0:
raise_ssl_error() raise_ssl_error()
else: else:
self.iv = iv self.iv = iv
Expand All @@ -1247,7 +1249,7 @@ cdef class cipher:
cdef int osize = self.block_size + isize cdef int osize = self.block_size + isize
out_string = PyBytes_FromStringAndSize (NULL, osize) out_string = PyBytes_FromStringAndSize (NULL, osize)
if EVP_CipherUpdate ( if EVP_CipherUpdate (
&self.ctx, <char*>out_string, &osize, <char *>data, isize self.ctx, <char*>out_string, &osize, <char *>data, isize
) == 0: ) == 0:
raise_ssl_error() raise_ssl_error()
elif osize != len (out_string): elif osize != len (out_string):
Expand All @@ -1258,7 +1260,7 @@ cdef class cipher:
def final (self): def final (self):
cdef int osize = self.block_size cdef int osize = self.block_size
ostring = PyBytes_FromStringAndSize (NULL, osize) ostring = PyBytes_FromStringAndSize (NULL, osize)
if EVP_CipherFinal_ex (&self.ctx, <char *>ostring, &osize) == 0: if EVP_CipherFinal_ex (self.ctx, <char *>ostring, &osize) == 0:
raise_ssl_error() raise_ssl_error()
elif osize != self.block_size: elif osize != self.block_size:
return ostring[:osize] return ostring[:osize]
Expand All @@ -1282,29 +1284,30 @@ def get_all_ciphers():


cdef class digest: cdef class digest:


cdef EVP_MD_CTX ctx cdef EVP_MD_CTX * ctx


def __init__ (self, kind): def __init__ (self, kind):
cdef EVP_MD * digest cdef EVP_MD * digest
digest = EVP_get_digestbyname (kind) digest = EVP_get_digestbyname (kind)
if digest is NULL: if digest is NULL:
raise UnknownDigestType (kind) raise UnknownDigestType (kind)
EVP_MD_CTX_init (&self.ctx) self.ctx = EVP_MD_CTX_new()
if EVP_DigestInit_ex (&self.ctx, digest, NULL) == 0: EVP_MD_CTX_init (self.ctx)
if EVP_DigestInit_ex (self.ctx, digest, NULL) == 0:
raise_ssl_error() raise_ssl_error()


def __dealloc__ (self): def __dealloc__ (self):
EVP_MD_CTX_cleanup (&self.ctx) EVP_MD_CTX_free (self.ctx)


def update (self, bytes data): def update (self, bytes data):
cdef int isize cdef int isize
if EVP_DigestUpdate (&self.ctx, <char*>data, len(data)) == 0: if EVP_DigestUpdate (self.ctx, <char*>data, len(data)) == 0:
raise_ssl_error() raise_ssl_error()


def final (self): def final (self):
cdef int osize cdef int osize
cdef bytes ostring = PyBytes_FromStringAndSize (NULL, EVP_MAX_MD_SIZE) cdef bytes ostring = PyBytes_FromStringAndSize (NULL, EVP_MAX_MD_SIZE)
if EVP_DigestFinal_ex (&self.ctx, <char*>ostring, &osize) == 0: if EVP_DigestFinal_ex (self.ctx, <char*>ostring, &osize) == 0:
raise_ssl_error() raise_ssl_error()
elif osize != len(ostring): elif osize != len(ostring):
return ostring[:osize] return ostring[:osize]
Expand All @@ -1315,7 +1318,7 @@ cdef class digest:
cdef int osize cdef int osize
cdef bytes sig = PyBytes_FromStringAndSize (NULL, key._size()) cdef bytes sig = PyBytes_FromStringAndSize (NULL, key._size())
# Finalize/sign the hash # Finalize/sign the hash
if EVP_SignFinal (&self.ctx, <char*>sig, &osize, key.pkey) == 0: if EVP_SignFinal (self.ctx, <char*>sig, &osize, key.pkey) == 0:
raise_ssl_error() raise_ssl_error()
elif osize != len(sig): elif osize != len(sig):
return sig[:osize] return sig[:osize]
Expand All @@ -1325,7 +1328,7 @@ cdef class digest:
def verify (self, pkey key, sig): def verify (self, pkey key, sig):
cdef int result cdef int result
# verify this signature # verify this signature
result = EVP_VerifyFinal (&self.ctx, sig, len(sig), key.pkey) result = EVP_VerifyFinal (self.ctx, sig, len(sig), key.pkey)
if result == 1: if result == 1:
return True return True
elif result == 0: elif result == 0:
Expand Down

0 comments on commit 9496a64

Please sign in to comment.