File: //var/opt/nydus/ops/oscrypto/_openssl/_libcrypto_cffi.py
# coding: utf-8
from __future__ import unicode_literals, division, absolute_import, print_function
import re
from .. import _backend_config
from .._errors import pretty_message
from .._ffi import get_library, register_ffi
from ..errors import LibraryNotFoundError
from cffi import FFI
__all__ = [
'is_libressl',
'libcrypto',
'libressl_version',
'libressl_version_info',
'version',
'version_info',
]
libcrypto_path = _backend_config().get('libcrypto_path')
if libcrypto_path is None:
libcrypto_path = get_library('crypto', 'libcrypto.dylib', '42')
if not libcrypto_path:
raise LibraryNotFoundError('The library libcrypto could not be found')
try:
vffi = FFI()
vffi.cdef("const char *SSLeay_version(int type);")
version_string = vffi.string(vffi.dlopen(libcrypto_path).SSLeay_version(0)).decode('utf-8')
except (AttributeError):
vffi = FFI()
vffi.cdef("const char *OpenSSL_version(int type);")
version_string = vffi.string(vffi.dlopen(libcrypto_path).OpenSSL_version(0)).decode('utf-8')
is_libressl = 'LibreSSL' in version_string
version_match = re.search('\\b(\\d+\\.\\d+\\.\\d+[a-z]*)\\b', version_string)
if not version_match:
version_match = re.search('(?<=LibreSSL )(\\d+\\.\\d+(\\.\\d+)?)\\b', version_string)
if not version_match:
raise LibraryNotFoundError('Error detecting the version of libcrypto')
version = version_match.group(1)
version_parts = re.sub('(\\d+)([a-z]+)', '\\1.\\2', version).split('.')
version_info = tuple(int(part) if part.isdigit() else part for part in version_parts)
# LibreSSL is compatible with libcrypto from OpenSSL 1.0.1
libressl_version = ''
libressl_version_info = tuple()
if is_libressl:
libressl_version = version
libressl_version_info = version_info
version = '1.0.1'
version_info = (1, 0, 1)
ffi = FFI()
libcrypto = ffi.dlopen(libcrypto_path)
register_ffi(libcrypto, ffi)
if version_info < (0, 9, 8):
raise LibraryNotFoundError(pretty_message(
'''
OpenSSL versions older than 0.9.8 are not supported - found version %s
''',
version
))
if version_info < (1, 1):
ffi.cdef("""
void ERR_load_crypto_strings(void);
void ERR_free_strings(void);
""")
if version_info >= (3, ):
ffi.cdef("""
typedef ... OSSL_LIB_CTX;
typedef ... OSSL_PROVIDER;
int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name);
OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name);
""")
# The typedef uintptr_t lines here allow us to check for a NULL pointer,
# without having to redefine the structs in our code. This is kind of a hack,
# but it should cause problems since we treat these as opaque.
ffi.cdef("""
typedef ... EVP_MD;
typedef uintptr_t EVP_CIPHER_CTX;
typedef ... EVP_CIPHER;
typedef ... ENGINE;
typedef uintptr_t EVP_PKEY;
typedef uintptr_t X509;
typedef uintptr_t DH;
typedef uintptr_t RSA;
typedef uintptr_t DSA;
typedef uintptr_t EC_KEY;
typedef ... EVP_MD_CTX;
typedef ... EVP_PKEY_CTX;
typedef ... BN_GENCB;
typedef ... BIGNUM;
unsigned long ERR_get_error(void);
char *ERR_error_string(unsigned long e, char *buf);
unsigned long ERR_peek_error(void);
void OPENSSL_config(const char *config_name);
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
const EVP_CIPHER *EVP_aes_128_cbc(void);
const EVP_CIPHER *EVP_aes_192_cbc(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_des_cbc(void);
const EVP_CIPHER *EVP_des_ede_cbc(void);
const EVP_CIPHER *EVP_des_ede3_cbc(void);
const EVP_CIPHER *EVP_rc4(void);
const EVP_CIPHER *EVP_rc2_cbc(void);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ENGINE *impl, const char *key,
const char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, char *out, int *outl,
const char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, char *out, int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ENGINE *impl, const char *key,
const char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, char *out, int *outl,
const char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, char *out, int *outl);
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const char **pp,
long length);
EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const char **pp, long length);
int i2d_PUBKEY(EVP_PKEY *a, char **pp);
void EVP_PKEY_free(EVP_PKEY *key);
X509 *d2i_X509(X509 **px, const char **in, int len);
int i2d_X509(X509 *x, char **out);
EVP_PKEY *X509_get_pubkey(X509 *x);
void X509_free(X509 *a);
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
void RSA_free(RSA *r);
int RSA_public_encrypt(int flen, const char *from,
char *to, RSA *rsa, int padding);
int RSA_private_encrypt(int flen, const char *from,
char *to, RSA *rsa, int padding);
int RSA_public_decrypt(int flen, const char *from,
char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, const char *from,
char *to, RSA *rsa, int padding);
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);
const EVP_MD *EVP_sha384(void);
const EVP_MD *EVP_sha512(void);
int PKCS12_key_gen_uni(char *pass, int passlen, char *salt,
int saltlen, int id, int iter, int n,
char *out, const EVP_MD *md_type);
void BN_free(BIGNUM *a);
int BN_dec2bn(BIGNUM **a, const char *str);
DH *DH_new(void);
int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb);
int i2d_DHparams(const DH *a, char **pp);
void DH_free(DH *dh);
RSA *RSA_new(void);
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
int i2d_RSAPublicKey(RSA *a, char **pp);
int i2d_RSAPrivateKey(RSA *a, char **pp);
DSA *DSA_new(void);
int DSA_generate_parameters_ex(DSA *dsa, int bits,
const char *seed, int seed_len, int *counter_ret,
unsigned long *h_ret, BN_GENCB *cb);
int DSA_generate_key(DSA *a);
int i2d_DSA_PUBKEY(const DSA *a, char **pp);
int i2d_DSAPrivateKey(const DSA *a, char **pp);
void DSA_free(DSA *dsa);
EC_KEY *EC_KEY_new_by_curve_name(int nid);
int EC_KEY_generate_key(EC_KEY *key);
void EC_KEY_set_asn1_flag(EC_KEY *, int);
int i2d_ECPrivateKey(EC_KEY *key, char **out);
int i2o_ECPublicKey(EC_KEY *key, char **out);
void EC_KEY_free(EC_KEY *key);
""")
if version_info < (3, ):
ffi.cdef("""
int EVP_PKEY_size(EVP_PKEY *pkey);
""")
else:
ffi.cdef("""
int EVP_PKEY_get_size(EVP_PKEY *pkey);
""")
if version_info < (1, 1):
ffi.cdef("""
EVP_MD_CTX *EVP_MD_CTX_create(void);
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
""")
else:
ffi.cdef("""
EVP_MD_CTX *EVP_MD_CTX_new(void);
void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
""")
if version_info < (1,):
ffi.cdef("""
typedef ... *DSA_SIG;
typedef ... *ECDSA_SIG;
DSA_SIG *DSA_do_sign(const char *dgst, int dlen, DSA *dsa);
ECDSA_SIG *ECDSA_do_sign(const char *dgst, int dgst_len, EC_KEY *eckey);
DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const char **pp, long length);
ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const char **pp, long len);
int i2d_DSA_SIG(const DSA_SIG *a, char **pp);
int i2d_ECDSA_SIG(const ECDSA_SIG *a, char **pp);
int DSA_do_verify(const char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa);
int ECDSA_do_verify(const char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey);
void DSA_SIG_free(DSA_SIG *a);
void ECDSA_SIG_free(ECDSA_SIG *a);
DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
int RSA_verify_PKCS1_PSS(RSA *rsa, const char *mHash,
const EVP_MD *Hash, const char *EM,
int sLen);
int RSA_padding_add_PKCS1_PSS(RSA *rsa, char *EM,
const char *mHash, const EVP_MD *Hash,
int sLen);
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
int EVP_SignFinal(EVP_MD_CTX *ctx, char *sig, unsigned int *s, EVP_PKEY *pkey);
int EVP_VerifyFinal(EVP_MD_CTX *ctx, char *sigbuf, unsigned int siglen, EVP_PKEY *pkey);
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
""")
else:
ffi.cdef("""
int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
const char *salt, int saltlen, int iter,
const EVP_MD *digest,
int keylen, char *out);
int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, char *sig, size_t *siglen);
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const char *sig, size_t siglen);
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2);
""")