update to python fastpi
This commit is contained in:
Iliyan Angelov
@@ -0,0 +1,3 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,34 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import types
|
||||
import typing
|
||||
|
||||
def check_pkcs7_padding(data: bytes) -> bool: ...
|
||||
def check_ansix923_padding(data: bytes) -> bool: ...
|
||||
|
||||
class ObjectIdentifier:
|
||||
def __init__(self, val: str) -> None: ...
|
||||
@property
|
||||
def dotted_string(self) -> str: ...
|
||||
@property
|
||||
def _name(self) -> str: ...
|
||||
|
||||
T = typing.TypeVar("T")
|
||||
|
||||
class FixedPool(typing.Generic[T]):
|
||||
def __init__(
|
||||
self,
|
||||
create: typing.Callable[[], T],
|
||||
) -> None: ...
|
||||
def acquire(self) -> PoolAcquisition[T]: ...
|
||||
|
||||
class PoolAcquisition(typing.Generic[T]):
|
||||
def __enter__(self) -> T: ...
|
||||
def __exit__(
|
||||
self,
|
||||
exc_type: typing.Optional[typing.Type[BaseException]],
|
||||
exc_value: typing.Optional[BaseException],
|
||||
exc_tb: typing.Optional[types.TracebackType],
|
||||
) -> None: ...
|
||||
@@ -0,0 +1,8 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import typing
|
||||
|
||||
lib = typing.Any
|
||||
ffi = typing.Any
|
||||
@@ -0,0 +1,16 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import typing
|
||||
|
||||
class TestCertificate:
|
||||
not_after_tag: int
|
||||
not_before_tag: int
|
||||
issuer_value_tags: typing.List[int]
|
||||
subject_value_tags: typing.List[int]
|
||||
|
||||
def decode_dss_signature(signature: bytes) -> typing.Tuple[int, int]: ...
|
||||
def encode_dss_signature(r: int, s: int) -> bytes: ...
|
||||
def parse_spki_for_data(data: bytes) -> bytes: ...
|
||||
def test_parse_certificate(data: bytes) -> TestCertificate: ...
|
||||
@@ -0,0 +1,17 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
class _Reasons:
|
||||
BACKEND_MISSING_INTERFACE: _Reasons
|
||||
UNSUPPORTED_HASH: _Reasons
|
||||
UNSUPPORTED_CIPHER: _Reasons
|
||||
UNSUPPORTED_PADDING: _Reasons
|
||||
UNSUPPORTED_MGF: _Reasons
|
||||
UNSUPPORTED_PUBLIC_KEY_ALGORITHM: _Reasons
|
||||
UNSUPPORTED_ELLIPTIC_CURVE: _Reasons
|
||||
UNSUPPORTED_SERIALIZATION: _Reasons
|
||||
UNSUPPORTED_X509: _Reasons
|
||||
UNSUPPORTED_EXCHANGE_ALGORITHM: _Reasons
|
||||
UNSUPPORTED_DIFFIE_HELLMAN: _Reasons
|
||||
UNSUPPORTED_MAC: _Reasons
|
||||
@@ -0,0 +1,25 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import typing
|
||||
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
|
||||
from cryptography.x509.ocsp import (
|
||||
OCSPRequest,
|
||||
OCSPRequestBuilder,
|
||||
OCSPResponse,
|
||||
OCSPResponseBuilder,
|
||||
OCSPResponseStatus,
|
||||
)
|
||||
|
||||
def load_der_ocsp_request(data: bytes) -> OCSPRequest: ...
|
||||
def load_der_ocsp_response(data: bytes) -> OCSPResponse: ...
|
||||
def create_ocsp_request(builder: OCSPRequestBuilder) -> OCSPRequest: ...
|
||||
def create_ocsp_response(
|
||||
status: OCSPResponseStatus,
|
||||
builder: typing.Optional[OCSPResponseBuilder],
|
||||
private_key: typing.Optional[PrivateKeyTypes],
|
||||
hash_algorithm: typing.Optional[hashes.HashAlgorithm],
|
||||
) -> OCSPResponse: ...
|
||||
@@ -0,0 +1,47 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import typing
|
||||
|
||||
from cryptography.hazmat.bindings._rust.openssl import (
|
||||
dh,
|
||||
dsa,
|
||||
ed448,
|
||||
ed25519,
|
||||
hashes,
|
||||
hmac,
|
||||
kdf,
|
||||
poly1305,
|
||||
x448,
|
||||
x25519,
|
||||
)
|
||||
|
||||
__all__ = [
|
||||
"openssl_version",
|
||||
"raise_openssl_error",
|
||||
"dh",
|
||||
"dsa",
|
||||
"hashes",
|
||||
"hmac",
|
||||
"kdf",
|
||||
"ed448",
|
||||
"ed25519",
|
||||
"poly1305",
|
||||
"x448",
|
||||
"x25519",
|
||||
]
|
||||
|
||||
def openssl_version() -> int: ...
|
||||
def raise_openssl_error() -> typing.NoReturn: ...
|
||||
def capture_error_stack() -> typing.List[OpenSSLError]: ...
|
||||
def is_fips_enabled() -> bool: ...
|
||||
|
||||
class OpenSSLError:
|
||||
@property
|
||||
def lib(self) -> int: ...
|
||||
@property
|
||||
def reason(self) -> int: ...
|
||||
@property
|
||||
def reason_text(self) -> bytes: ...
|
||||
def _lib_reason_match(self, lib: int, reason: int) -> bool: ...
|
||||
@@ -0,0 +1,22 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from cryptography.hazmat.primitives.asymmetric import dh
|
||||
|
||||
MIN_MODULUS_SIZE: int
|
||||
|
||||
class DHPrivateKey: ...
|
||||
class DHPublicKey: ...
|
||||
class DHParameters: ...
|
||||
|
||||
def generate_parameters(generator: int, key_size: int) -> dh.DHParameters: ...
|
||||
def private_key_from_ptr(ptr: int) -> dh.DHPrivateKey: ...
|
||||
def public_key_from_ptr(ptr: int) -> dh.DHPublicKey: ...
|
||||
def from_pem_parameters(data: bytes) -> dh.DHParameters: ...
|
||||
def from_der_parameters(data: bytes) -> dh.DHParameters: ...
|
||||
def from_private_numbers(numbers: dh.DHPrivateNumbers) -> dh.DHPrivateKey: ...
|
||||
def from_public_numbers(numbers: dh.DHPublicNumbers) -> dh.DHPublicKey: ...
|
||||
def from_parameter_numbers(
|
||||
numbers: dh.DHParameterNumbers,
|
||||
) -> dh.DHParameters: ...
|
||||
@@ -0,0 +1,20 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from cryptography.hazmat.primitives.asymmetric import dsa
|
||||
|
||||
class DSAPrivateKey: ...
|
||||
class DSAPublicKey: ...
|
||||
class DSAParameters: ...
|
||||
|
||||
def generate_parameters(key_size: int) -> dsa.DSAParameters: ...
|
||||
def private_key_from_ptr(ptr: int) -> dsa.DSAPrivateKey: ...
|
||||
def public_key_from_ptr(ptr: int) -> dsa.DSAPublicKey: ...
|
||||
def from_private_numbers(
|
||||
numbers: dsa.DSAPrivateNumbers,
|
||||
) -> dsa.DSAPrivateKey: ...
|
||||
def from_public_numbers(numbers: dsa.DSAPublicNumbers) -> dsa.DSAPublicKey: ...
|
||||
def from_parameter_numbers(
|
||||
numbers: dsa.DSAParameterNumbers,
|
||||
) -> dsa.DSAParameters: ...
|
||||
@@ -0,0 +1,14 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from cryptography.hazmat.primitives.asymmetric import ed25519
|
||||
|
||||
class Ed25519PrivateKey: ...
|
||||
class Ed25519PublicKey: ...
|
||||
|
||||
def generate_key() -> ed25519.Ed25519PrivateKey: ...
|
||||
def private_key_from_ptr(ptr: int) -> ed25519.Ed25519PrivateKey: ...
|
||||
def public_key_from_ptr(ptr: int) -> ed25519.Ed25519PublicKey: ...
|
||||
def from_private_bytes(data: bytes) -> ed25519.Ed25519PrivateKey: ...
|
||||
def from_public_bytes(data: bytes) -> ed25519.Ed25519PublicKey: ...
|
||||
@@ -0,0 +1,14 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from cryptography.hazmat.primitives.asymmetric import ed448
|
||||
|
||||
class Ed448PrivateKey: ...
|
||||
class Ed448PublicKey: ...
|
||||
|
||||
def generate_key() -> ed448.Ed448PrivateKey: ...
|
||||
def private_key_from_ptr(ptr: int) -> ed448.Ed448PrivateKey: ...
|
||||
def public_key_from_ptr(ptr: int) -> ed448.Ed448PublicKey: ...
|
||||
def from_private_bytes(data: bytes) -> ed448.Ed448PrivateKey: ...
|
||||
def from_public_bytes(data: bytes) -> ed448.Ed448PublicKey: ...
|
||||
@@ -0,0 +1,17 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import typing
|
||||
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
|
||||
class Hash(hashes.HashContext):
|
||||
def __init__(
|
||||
self, algorithm: hashes.HashAlgorithm, backend: typing.Any = None
|
||||
) -> None: ...
|
||||
@property
|
||||
def algorithm(self) -> hashes.HashAlgorithm: ...
|
||||
def update(self, data: bytes) -> None: ...
|
||||
def finalize(self) -> bytes: ...
|
||||
def copy(self) -> Hash: ...
|
||||
@@ -0,0 +1,21 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import typing
|
||||
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
|
||||
class HMAC(hashes.HashContext):
|
||||
def __init__(
|
||||
self,
|
||||
key: bytes,
|
||||
algorithm: hashes.HashAlgorithm,
|
||||
backend: typing.Any = None,
|
||||
) -> None: ...
|
||||
@property
|
||||
def algorithm(self) -> hashes.HashAlgorithm: ...
|
||||
def update(self, data: bytes) -> None: ...
|
||||
def finalize(self) -> bytes: ...
|
||||
def verify(self, signature: bytes) -> None: ...
|
||||
def copy(self) -> HMAC: ...
|
||||
@@ -0,0 +1,22 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from cryptography.hazmat.primitives.hashes import HashAlgorithm
|
||||
|
||||
def derive_pbkdf2_hmac(
|
||||
key_material: bytes,
|
||||
algorithm: HashAlgorithm,
|
||||
salt: bytes,
|
||||
iterations: int,
|
||||
length: int,
|
||||
) -> bytes: ...
|
||||
def derive_scrypt(
|
||||
key_material: bytes,
|
||||
salt: bytes,
|
||||
n: int,
|
||||
r: int,
|
||||
p: int,
|
||||
max_mem: int,
|
||||
length: int,
|
||||
) -> bytes: ...
|
||||
@@ -0,0 +1,13 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
class Poly1305:
|
||||
def __init__(self, key: bytes) -> None: ...
|
||||
@staticmethod
|
||||
def generate_tag(key: bytes, data: bytes) -> bytes: ...
|
||||
@staticmethod
|
||||
def verify_tag(key: bytes, data: bytes, tag: bytes) -> None: ...
|
||||
def update(self, data: bytes) -> None: ...
|
||||
def finalize(self) -> bytes: ...
|
||||
def verify(self, tag: bytes) -> None: ...
|
||||
@@ -0,0 +1,14 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from cryptography.hazmat.primitives.asymmetric import x25519
|
||||
|
||||
class X25519PrivateKey: ...
|
||||
class X25519PublicKey: ...
|
||||
|
||||
def generate_key() -> x25519.X25519PrivateKey: ...
|
||||
def private_key_from_ptr(ptr: int) -> x25519.X25519PrivateKey: ...
|
||||
def public_key_from_ptr(ptr: int) -> x25519.X25519PublicKey: ...
|
||||
def from_private_bytes(data: bytes) -> x25519.X25519PrivateKey: ...
|
||||
def from_public_bytes(data: bytes) -> x25519.X25519PublicKey: ...
|
||||
@@ -0,0 +1,14 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from cryptography.hazmat.primitives.asymmetric import x448
|
||||
|
||||
class X448PrivateKey: ...
|
||||
class X448PublicKey: ...
|
||||
|
||||
def generate_key() -> x448.X448PrivateKey: ...
|
||||
def private_key_from_ptr(ptr: int) -> x448.X448PrivateKey: ...
|
||||
def public_key_from_ptr(ptr: int) -> x448.X448PublicKey: ...
|
||||
def from_private_bytes(data: bytes) -> x448.X448PrivateKey: ...
|
||||
def from_public_bytes(data: bytes) -> x448.X448PublicKey: ...
|
||||
@@ -0,0 +1,15 @@
|
||||
import typing
|
||||
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from cryptography.hazmat.primitives.serialization import pkcs7
|
||||
|
||||
def serialize_certificates(
|
||||
certs: typing.List[x509.Certificate],
|
||||
encoding: serialization.Encoding,
|
||||
) -> bytes: ...
|
||||
def sign_and_serialize(
|
||||
builder: pkcs7.PKCS7SignatureBuilder,
|
||||
encoding: serialization.Encoding,
|
||||
options: typing.Iterable[pkcs7.PKCS7Options],
|
||||
) -> bytes: ...
|
||||
@@ -0,0 +1,44 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
import typing
|
||||
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives.asymmetric.padding import PSS, PKCS1v15
|
||||
from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
|
||||
|
||||
def load_pem_x509_certificate(data: bytes) -> x509.Certificate: ...
|
||||
def load_pem_x509_certificates(
|
||||
data: bytes,
|
||||
) -> typing.List[x509.Certificate]: ...
|
||||
def load_der_x509_certificate(data: bytes) -> x509.Certificate: ...
|
||||
def load_pem_x509_crl(data: bytes) -> x509.CertificateRevocationList: ...
|
||||
def load_der_x509_crl(data: bytes) -> x509.CertificateRevocationList: ...
|
||||
def load_pem_x509_csr(data: bytes) -> x509.CertificateSigningRequest: ...
|
||||
def load_der_x509_csr(data: bytes) -> x509.CertificateSigningRequest: ...
|
||||
def encode_name_bytes(name: x509.Name) -> bytes: ...
|
||||
def encode_extension_value(extension: x509.ExtensionType) -> bytes: ...
|
||||
def create_x509_certificate(
|
||||
builder: x509.CertificateBuilder,
|
||||
private_key: PrivateKeyTypes,
|
||||
hash_algorithm: typing.Optional[hashes.HashAlgorithm],
|
||||
padding: typing.Optional[typing.Union[PKCS1v15, PSS]],
|
||||
) -> x509.Certificate: ...
|
||||
def create_x509_csr(
|
||||
builder: x509.CertificateSigningRequestBuilder,
|
||||
private_key: PrivateKeyTypes,
|
||||
hash_algorithm: typing.Optional[hashes.HashAlgorithm],
|
||||
) -> x509.CertificateSigningRequest: ...
|
||||
def create_x509_crl(
|
||||
builder: x509.CertificateRevocationListBuilder,
|
||||
private_key: PrivateKeyTypes,
|
||||
hash_algorithm: typing.Optional[hashes.HashAlgorithm],
|
||||
) -> x509.CertificateRevocationList: ...
|
||||
|
||||
class Sct: ...
|
||||
class Certificate: ...
|
||||
class RevokedCertificate: ...
|
||||
class CertificateRevocationList: ...
|
||||
class CertificateSigningRequest: ...
|
||||
@@ -0,0 +1,3 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,329 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import typing
|
||||
|
||||
|
||||
def cryptography_has_set_cert_cb() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_CTX_set_cert_cb",
|
||||
"SSL_set_cert_cb",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_ssl_st() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_ST_BEFORE",
|
||||
"SSL_ST_OK",
|
||||
"SSL_ST_INIT",
|
||||
"SSL_ST_RENEGOTIATE",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_tls_st() -> typing.List[str]:
|
||||
return [
|
||||
"TLS_ST_BEFORE",
|
||||
"TLS_ST_OK",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_evp_pkey_dhx() -> typing.List[str]:
|
||||
return [
|
||||
"EVP_PKEY_DHX",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_mem_functions() -> typing.List[str]:
|
||||
return [
|
||||
"Cryptography_CRYPTO_set_mem_functions",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_x509_store_ctx_get_issuer() -> typing.List[str]:
|
||||
return [
|
||||
"X509_STORE_set_get_issuer",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_ed448() -> typing.List[str]:
|
||||
return [
|
||||
"EVP_PKEY_ED448",
|
||||
"NID_ED448",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_ed25519() -> typing.List[str]:
|
||||
return [
|
||||
"NID_ED25519",
|
||||
"EVP_PKEY_ED25519",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_poly1305() -> typing.List[str]:
|
||||
return [
|
||||
"NID_poly1305",
|
||||
"EVP_PKEY_POLY1305",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_evp_digestfinal_xof() -> typing.List[str]:
|
||||
return [
|
||||
"EVP_DigestFinalXOF",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_fips() -> typing.List[str]:
|
||||
return [
|
||||
"FIPS_mode_set",
|
||||
"FIPS_mode",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_ssl_sigalgs() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_CTX_set1_sigalgs_list",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_psk() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_CTX_use_psk_identity_hint",
|
||||
"SSL_CTX_set_psk_server_callback",
|
||||
"SSL_CTX_set_psk_client_callback",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_psk_tlsv13() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_CTX_set_psk_find_session_callback",
|
||||
"SSL_CTX_set_psk_use_session_callback",
|
||||
"Cryptography_SSL_SESSION_new",
|
||||
"SSL_CIPHER_find",
|
||||
"SSL_SESSION_set1_master_key",
|
||||
"SSL_SESSION_set_cipher",
|
||||
"SSL_SESSION_set_protocol_version",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_custom_ext() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_CTX_add_client_custom_ext",
|
||||
"SSL_CTX_add_server_custom_ext",
|
||||
"SSL_extension_supported",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_tlsv13_functions() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_VERIFY_POST_HANDSHAKE",
|
||||
"SSL_CTX_set_ciphersuites",
|
||||
"SSL_verify_client_post_handshake",
|
||||
"SSL_CTX_set_post_handshake_auth",
|
||||
"SSL_set_post_handshake_auth",
|
||||
"SSL_SESSION_get_max_early_data",
|
||||
"SSL_write_early_data",
|
||||
"SSL_read_early_data",
|
||||
"SSL_CTX_set_max_early_data",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_raw_key() -> typing.List[str]:
|
||||
return [
|
||||
"EVP_PKEY_new_raw_private_key",
|
||||
"EVP_PKEY_new_raw_public_key",
|
||||
"EVP_PKEY_get_raw_private_key",
|
||||
"EVP_PKEY_get_raw_public_key",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_engine() -> typing.List[str]:
|
||||
return [
|
||||
"ENGINE_by_id",
|
||||
"ENGINE_init",
|
||||
"ENGINE_finish",
|
||||
"ENGINE_get_default_RAND",
|
||||
"ENGINE_set_default_RAND",
|
||||
"ENGINE_unregister_RAND",
|
||||
"ENGINE_ctrl_cmd",
|
||||
"ENGINE_free",
|
||||
"ENGINE_get_name",
|
||||
"ENGINE_ctrl_cmd_string",
|
||||
"ENGINE_load_builtin_engines",
|
||||
"ENGINE_load_private_key",
|
||||
"ENGINE_load_public_key",
|
||||
"SSL_CTX_set_client_cert_engine",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_verified_chain() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_get0_verified_chain",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_srtp() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_CTX_set_tlsext_use_srtp",
|
||||
"SSL_set_tlsext_use_srtp",
|
||||
"SSL_get_selected_srtp_profile",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_providers() -> typing.List[str]:
|
||||
return [
|
||||
"OSSL_PROVIDER_load",
|
||||
"OSSL_PROVIDER_unload",
|
||||
"ERR_LIB_PROV",
|
||||
"PROV_R_WRONG_FINAL_BLOCK_LENGTH",
|
||||
"PROV_R_BAD_DECRYPT",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_op_no_renegotiation() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_OP_NO_RENEGOTIATION",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_dtls_get_data_mtu() -> typing.List[str]:
|
||||
return [
|
||||
"DTLS_get_data_mtu",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_300_fips() -> typing.List[str]:
|
||||
return [
|
||||
"EVP_default_properties_is_fips_enabled",
|
||||
"EVP_default_properties_enable_fips",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_ssl_cookie() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_OP_COOKIE_EXCHANGE",
|
||||
"DTLSv1_listen",
|
||||
"SSL_CTX_set_cookie_generate_cb",
|
||||
"SSL_CTX_set_cookie_verify_cb",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_pkcs7_funcs() -> typing.List[str]:
|
||||
return [
|
||||
"SMIME_write_PKCS7",
|
||||
"PEM_write_bio_PKCS7_stream",
|
||||
"PKCS7_sign_add_signer",
|
||||
"PKCS7_final",
|
||||
"PKCS7_verify",
|
||||
"SMIME_read_PKCS7",
|
||||
"PKCS7_get0_signers",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_bn_flags() -> typing.List[str]:
|
||||
return [
|
||||
"BN_FLG_CONSTTIME",
|
||||
"BN_set_flags",
|
||||
"BN_prime_checks_for_size",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_evp_pkey_dh() -> typing.List[str]:
|
||||
return [
|
||||
"EVP_PKEY_set1_DH",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_300_evp_cipher() -> typing.List[str]:
|
||||
return ["EVP_CIPHER_fetch", "EVP_CIPHER_free"]
|
||||
|
||||
|
||||
def cryptography_has_unexpected_eof_while_reading() -> typing.List[str]:
|
||||
return ["SSL_R_UNEXPECTED_EOF_WHILE_READING"]
|
||||
|
||||
|
||||
def cryptography_has_pkcs12_set_mac() -> typing.List[str]:
|
||||
return ["PKCS12_set_mac"]
|
||||
|
||||
|
||||
def cryptography_has_ssl_op_ignore_unexpected_eof() -> typing.List[str]:
|
||||
return [
|
||||
"SSL_OP_IGNORE_UNEXPECTED_EOF",
|
||||
]
|
||||
|
||||
|
||||
def cryptography_has_get_extms_support() -> typing.List[str]:
|
||||
return ["SSL_get_extms_support"]
|
||||
|
||||
|
||||
def cryptography_has_evp_pkey_set_peer_ex() -> typing.List[str]:
|
||||
return ["EVP_PKEY_derive_set_peer_ex"]
|
||||
|
||||
|
||||
def cryptography_has_evp_aead() -> typing.List[str]:
|
||||
return [
|
||||
"EVP_aead_chacha20_poly1305",
|
||||
"EVP_AEAD_CTX_free",
|
||||
"EVP_AEAD_CTX_seal",
|
||||
"EVP_AEAD_CTX_open",
|
||||
"EVP_AEAD_max_overhead",
|
||||
"Cryptography_EVP_AEAD_CTX_new",
|
||||
]
|
||||
|
||||
|
||||
# This is a mapping of
|
||||
# {condition: function-returning-names-dependent-on-that-condition} so we can
|
||||
# loop over them and delete unsupported names at runtime. It will be removed
|
||||
# when cffi supports #if in cdef. We use functions instead of just a dict of
|
||||
# lists so we can use coverage to measure which are used.
|
||||
CONDITIONAL_NAMES = {
|
||||
"Cryptography_HAS_SET_CERT_CB": cryptography_has_set_cert_cb,
|
||||
"Cryptography_HAS_SSL_ST": cryptography_has_ssl_st,
|
||||
"Cryptography_HAS_TLS_ST": cryptography_has_tls_st,
|
||||
"Cryptography_HAS_EVP_PKEY_DHX": cryptography_has_evp_pkey_dhx,
|
||||
"Cryptography_HAS_MEM_FUNCTIONS": cryptography_has_mem_functions,
|
||||
"Cryptography_HAS_X509_STORE_CTX_GET_ISSUER": (
|
||||
cryptography_has_x509_store_ctx_get_issuer
|
||||
),
|
||||
"Cryptography_HAS_ED448": cryptography_has_ed448,
|
||||
"Cryptography_HAS_ED25519": cryptography_has_ed25519,
|
||||
"Cryptography_HAS_POLY1305": cryptography_has_poly1305,
|
||||
"Cryptography_HAS_FIPS": cryptography_has_fips,
|
||||
"Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,
|
||||
"Cryptography_HAS_PSK": cryptography_has_psk,
|
||||
"Cryptography_HAS_PSK_TLSv1_3": cryptography_has_psk_tlsv13,
|
||||
"Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext,
|
||||
"Cryptography_HAS_TLSv1_3_FUNCTIONS": cryptography_has_tlsv13_functions,
|
||||
"Cryptography_HAS_RAW_KEY": cryptography_has_raw_key,
|
||||
"Cryptography_HAS_EVP_DIGESTFINAL_XOF": (
|
||||
cryptography_has_evp_digestfinal_xof
|
||||
),
|
||||
"Cryptography_HAS_ENGINE": cryptography_has_engine,
|
||||
"Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
|
||||
"Cryptography_HAS_SRTP": cryptography_has_srtp,
|
||||
"Cryptography_HAS_PROVIDERS": cryptography_has_providers,
|
||||
"Cryptography_HAS_OP_NO_RENEGOTIATION": (
|
||||
cryptography_has_op_no_renegotiation
|
||||
),
|
||||
"Cryptography_HAS_DTLS_GET_DATA_MTU": cryptography_has_dtls_get_data_mtu,
|
||||
"Cryptography_HAS_300_FIPS": cryptography_has_300_fips,
|
||||
"Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie,
|
||||
"Cryptography_HAS_PKCS7_FUNCS": cryptography_has_pkcs7_funcs,
|
||||
"Cryptography_HAS_BN_FLAGS": cryptography_has_bn_flags,
|
||||
"Cryptography_HAS_EVP_PKEY_DH": cryptography_has_evp_pkey_dh,
|
||||
"Cryptography_HAS_300_EVP_CIPHER": cryptography_has_300_evp_cipher,
|
||||
"Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING": (
|
||||
cryptography_has_unexpected_eof_while_reading
|
||||
),
|
||||
"Cryptography_HAS_PKCS12_SET_MAC": cryptography_has_pkcs12_set_mac,
|
||||
"Cryptography_HAS_SSL_OP_IGNORE_UNEXPECTED_EOF": (
|
||||
cryptography_has_ssl_op_ignore_unexpected_eof
|
||||
),
|
||||
"Cryptography_HAS_GET_EXTMS_SUPPORT": cryptography_has_get_extms_support,
|
||||
"Cryptography_HAS_EVP_PKEY_SET_PEER_EX": (
|
||||
cryptography_has_evp_pkey_set_peer_ex
|
||||
),
|
||||
"Cryptography_HAS_EVP_AEAD": (cryptography_has_evp_aead),
|
||||
}
|
||||
@@ -0,0 +1,179 @@
|
||||
# This file is dual licensed under the terms of the Apache License, Version
|
||||
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
||||
# for complete details.
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
import sys
|
||||
import threading
|
||||
import types
|
||||
import typing
|
||||
import warnings
|
||||
|
||||
import cryptography
|
||||
from cryptography.exceptions import InternalError
|
||||
from cryptography.hazmat.bindings._rust import _openssl, openssl
|
||||
from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
|
||||
|
||||
|
||||
def _openssl_assert(
|
||||
lib,
|
||||
ok: bool,
|
||||
errors: typing.Optional[typing.List[openssl.OpenSSLError]] = None,
|
||||
) -> None:
|
||||
if not ok:
|
||||
if errors is None:
|
||||
errors = openssl.capture_error_stack()
|
||||
|
||||
raise InternalError(
|
||||
"Unknown OpenSSL error. This error is commonly encountered when "
|
||||
"another library is not cleaning up the OpenSSL error stack. If "
|
||||
"you are using cryptography with another library that uses "
|
||||
"OpenSSL try disabling it before reporting a bug. Otherwise "
|
||||
"please file an issue at https://github.com/pyca/cryptography/"
|
||||
"issues with information on how to reproduce "
|
||||
"this. ({!r})".format(errors),
|
||||
errors,
|
||||
)
|
||||
|
||||
|
||||
def _legacy_provider_error(loaded: bool) -> None:
|
||||
if not loaded:
|
||||
raise RuntimeError(
|
||||
"OpenSSL 3.0's legacy provider failed to load. This is a fatal "
|
||||
"error by default, but cryptography supports running without "
|
||||
"legacy algorithms by setting the environment variable "
|
||||
"CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error,"
|
||||
" you have likely made a mistake with your OpenSSL configuration."
|
||||
)
|
||||
|
||||
|
||||
def build_conditional_library(
|
||||
lib: typing.Any,
|
||||
conditional_names: typing.Dict[str, typing.Callable[[], typing.List[str]]],
|
||||
) -> typing.Any:
|
||||
conditional_lib = types.ModuleType("lib")
|
||||
conditional_lib._original_lib = lib # type: ignore[attr-defined]
|
||||
excluded_names = set()
|
||||
for condition, names_cb in conditional_names.items():
|
||||
if not getattr(lib, condition):
|
||||
excluded_names.update(names_cb())
|
||||
|
||||
for attr in dir(lib):
|
||||
if attr not in excluded_names:
|
||||
setattr(conditional_lib, attr, getattr(lib, attr))
|
||||
|
||||
return conditional_lib
|
||||
|
||||
|
||||
class Binding:
|
||||
"""
|
||||
OpenSSL API wrapper.
|
||||
"""
|
||||
|
||||
lib: typing.ClassVar = None
|
||||
ffi = _openssl.ffi
|
||||
_lib_loaded = False
|
||||
_init_lock = threading.Lock()
|
||||
_legacy_provider: typing.Any = ffi.NULL
|
||||
_legacy_provider_loaded = False
|
||||
_default_provider: typing.Any = ffi.NULL
|
||||
|
||||
def __init__(self) -> None:
|
||||
self._ensure_ffi_initialized()
|
||||
|
||||
def _enable_fips(self) -> None:
|
||||
# This function enables FIPS mode for OpenSSL 3.0.0 on installs that
|
||||
# have the FIPS provider installed properly.
|
||||
_openssl_assert(self.lib, self.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER)
|
||||
self._base_provider = self.lib.OSSL_PROVIDER_load(
|
||||
self.ffi.NULL, b"base"
|
||||
)
|
||||
_openssl_assert(self.lib, self._base_provider != self.ffi.NULL)
|
||||
self.lib._fips_provider = self.lib.OSSL_PROVIDER_load(
|
||||
self.ffi.NULL, b"fips"
|
||||
)
|
||||
_openssl_assert(self.lib, self.lib._fips_provider != self.ffi.NULL)
|
||||
|
||||
res = self.lib.EVP_default_properties_enable_fips(self.ffi.NULL, 1)
|
||||
_openssl_assert(self.lib, res == 1)
|
||||
|
||||
@classmethod
|
||||
def _ensure_ffi_initialized(cls) -> None:
|
||||
with cls._init_lock:
|
||||
if not cls._lib_loaded:
|
||||
cls.lib = build_conditional_library(
|
||||
_openssl.lib, CONDITIONAL_NAMES
|
||||
)
|
||||
cls._lib_loaded = True
|
||||
# As of OpenSSL 3.0.0 we must register a legacy cipher provider
|
||||
# to get RC2 (needed for junk asymmetric private key
|
||||
# serialization), RC4, Blowfish, IDEA, SEED, etc. These things
|
||||
# are ugly legacy, but we aren't going to get rid of them
|
||||
# any time soon.
|
||||
if cls.lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
|
||||
if not os.environ.get("CRYPTOGRAPHY_OPENSSL_NO_LEGACY"):
|
||||
cls._legacy_provider = cls.lib.OSSL_PROVIDER_load(
|
||||
cls.ffi.NULL, b"legacy"
|
||||
)
|
||||
cls._legacy_provider_loaded = (
|
||||
cls._legacy_provider != cls.ffi.NULL
|
||||
)
|
||||
_legacy_provider_error(cls._legacy_provider_loaded)
|
||||
|
||||
cls._default_provider = cls.lib.OSSL_PROVIDER_load(
|
||||
cls.ffi.NULL, b"default"
|
||||
)
|
||||
_openssl_assert(
|
||||
cls.lib, cls._default_provider != cls.ffi.NULL
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def init_static_locks(cls) -> None:
|
||||
cls._ensure_ffi_initialized()
|
||||
|
||||
|
||||
def _verify_package_version(version: str) -> None:
|
||||
# Occasionally we run into situations where the version of the Python
|
||||
# package does not match the version of the shared object that is loaded.
|
||||
# This may occur in environments where multiple versions of cryptography
|
||||
# are installed and available in the python path. To avoid errors cropping
|
||||
# up later this code checks that the currently imported package and the
|
||||
# shared object that were loaded have the same version and raise an
|
||||
# ImportError if they do not
|
||||
so_package_version = _openssl.ffi.string(
|
||||
_openssl.lib.CRYPTOGRAPHY_PACKAGE_VERSION
|
||||
)
|
||||
if version.encode("ascii") != so_package_version:
|
||||
raise ImportError(
|
||||
"The version of cryptography does not match the loaded "
|
||||
"shared object. This can happen if you have multiple copies of "
|
||||
"cryptography installed in your Python path. Please try creating "
|
||||
"a new virtual environment to resolve this issue. "
|
||||
"Loaded python version: {}, shared object version: {}".format(
|
||||
version, so_package_version
|
||||
)
|
||||
)
|
||||
|
||||
_openssl_assert(
|
||||
_openssl.lib,
|
||||
_openssl.lib.OpenSSL_version_num() == openssl.openssl_version(),
|
||||
)
|
||||
|
||||
|
||||
_verify_package_version(cryptography.__version__)
|
||||
|
||||
Binding.init_static_locks()
|
||||
|
||||
if (
|
||||
sys.platform == "win32"
|
||||
and os.environ.get("PROCESSOR_ARCHITEW6432") is not None
|
||||
):
|
||||
warnings.warn(
|
||||
"You are using cryptography on a 32-bit Python on a 64-bit Windows "
|
||||
"Operating System. Cryptography will be significantly faster if you "
|
||||
"switch to using a 64-bit Python.",
|
||||
UserWarning,
|
||||
stacklevel=2,
|
||||
)
|
||||
Reference in New Issue
Block a user