diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2020-12-10 21:56:08 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-10 20:56:08 -0600 |
| commit | d8c6c1eef3c277ff02ec6f3a57ae4a07b0d4e34c (patch) | |
| tree | 23a5f1fc95301ea1bbed8ee089187036a51fe326 | |
| parent | 4a19a43c3ba98922e7a130bbf1888c57a378dda0 (diff) | |
| download | cryptography-d8c6c1eef3c277ff02ec6f3a57ae4a07b0d4e34c.tar.gz | |
Update APIs to use non-deprecated OpenSSL ones where possible (#5633)
cherry picked from #4920
| -rw-r--r-- | src/_cffi_src/openssl/asn1.py | 1 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/evp.py | 1 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509.py | 15 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509_vfy.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/ciphers.py | 2 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 8 |
7 files changed, 24 insertions, 11 deletions
diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py index 3e646239d..0841a115d 100644 --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py @@ -44,6 +44,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *); /* ASN1 STRING */ unsigned char *ASN1_STRING_data(ASN1_STRING *); +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *); int ASN1_STRING_set(ASN1_STRING *, const void *, int); /* ASN1 OCTET STRING */ diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py index c9575dc47..2b2f995e3 100644 --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py @@ -47,6 +47,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, unsigned char *, int *, const unsigned char *, int); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *); EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int); diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index e7f1368cf..778b5da31 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -201,8 +201,10 @@ long X509_get_version(X509 *); ASN1_TIME *X509_get_notBefore(X509 *); ASN1_TIME *X509_get_notAfter(X509 *); -ASN1_TIME *X509_getm_notBefore(X509 *); -ASN1_TIME *X509_getm_notAfter(X509 *); +ASN1_TIME *X509_getm_notBefore(const X509 *); +ASN1_TIME *X509_getm_notAfter(const X509 *); +const ASN1_TIME *X509_get0_notBefore(const X509 *); +const ASN1_TIME *X509_get0_notAfter(const X509 *); long X509_REQ_get_version(X509_REQ *); X509_NAME *X509_REQ_get_subject_name(X509_REQ *); @@ -234,6 +236,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography_STACK_OF_X509_CRL *, int); long X509_CRL_get_version(X509_CRL *); ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *); ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *); X509_NAME *X509_CRL_get_issuer(X509_CRL *); Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *); @@ -242,8 +246,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); int X509_set_notBefore(X509 *, ASN1_TIME *); int X509_set_notAfter(X509 *, ASN1_TIME *); -int X509_set1_notBefore(X509 *, ASN1_TIME *); -int X509_set1_notAfter(X509 *, ASN1_TIME *); + +int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *); +int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *); +int X509_set1_notBefore(X509 *, const ASN1_TIME *); +int X509_set1_notAfter(X509 *, const ASN1_TIME *); EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py index 57de6d0ec..dc4895f4e 100644 --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -155,8 +155,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *, X509_STORE *, X509 *, Cryptography_STACK_OF_X509 *); void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *, + Cryptography_STACK_OF_X509 *); void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *); void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *, + Cryptography_STACK_OF_X509 *); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *); void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *); int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *); diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 76fe79f73..271873d92 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1101,12 +1101,12 @@ class Backend(object): # Set the last update time. last_update = self._create_asn1_time(builder._last_update) - res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update) + res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update) self.openssl_assert(res == 1) # Set the next update time. next_update = self._create_asn1_time(builder._next_update) - res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update) + res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update) self.openssl_assert(res == 1) # Add extensions. diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index 36871d066..760774079 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -198,7 +198,7 @@ class _CipherContext(object): self._backend.openssl_assert(res != 0) self._tag = self._backend._ffi.buffer(tag_buf)[:] - res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx) + res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx) self._backend.openssl_assert(res == 1) return self._backend._ffi.buffer(buf)[: outlen[0]] diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index d7497a3e5..cb71e645c 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -85,12 +85,12 @@ class _Certificate(object): @property def not_valid_before(self): - asn1_time = self._backend._lib.X509_getm_notBefore(self._x509) + asn1_time = self._backend._lib.X509_get0_notBefore(self._x509) return _parse_asn1_time(self._backend, asn1_time) @property def not_valid_after(self): - asn1_time = self._backend._lib.X509_getm_notAfter(self._x509) + asn1_time = self._backend._lib.X509_get0_notAfter(self._x509) return _parse_asn1_time(self._backend, asn1_time) @property @@ -276,13 +276,13 @@ class _CertificateRevocationList(object): @property def next_update(self): - nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl) + nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl) self._backend.openssl_assert(nu != self._backend._ffi.NULL) return _parse_asn1_time(self._backend, nu) @property def last_update(self): - lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl) + lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl) self._backend.openssl_assert(lu != self._backend._ffi.NULL) return _parse_asn1_time(self._backend, lu) |