Skip to content

Support OpenSSL Providers #13115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 6 commits into from
+141 −0
Closed

Support OpenSSL Providers #13115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ef55c86
add provider and store api support
tsturzl Jun 24, 2025
b2573ca
it builds and I can use the functions
tsturzl Jun 25, 2025
4964471
add some endpoints, and remove some that aren't availble in earlier
tsturzl Jun 26, 2025
c305883
remove typo
tsturzl Jun 26, 2025
a32e720
exclude from other SSL libs
tsturzl Jun 26, 2025
c9eaa2c
missed one
tsturzl Jun 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions src/_cffi_src/build_openssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,14 @@
"pem",
"rand",
"rsa",
"context",
"ssl",
"x509",
"x509name",
"x509v3",
"x509_vfy",
"provider",
"store",
],
)

Expand Down
26 changes: 26 additions & 0 deletions src/_cffi_src/openssl/context.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

from __future__ import annotations

INCLUDES = """
#include <openssl/crypto.h>
"""

TYPES = """
typedef ... OSSL_LIB_CTX;
"""

FUNCTIONS = """
OSSL_LIB_CTX *OSSL_LIB_CTX_new(void);
void OSSL_LIB_CTX_free(OSSL_LIB_CTX *);
"""

CUSTOMIZATIONS = """
#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL \
|| CRYPTOGRAPHY_IS_AWSLC
OSSL_LIB_CTX *(*OSSL_LIB_CTX_new)(void) = NULL;
void (*OSSL_LIB_CTX_free)(OSSL_LIB_CTX *) = NULL;
#endif
"""
35 changes: 35 additions & 0 deletions src/_cffi_src/openssl/provider.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

from __future__ import annotations

INCLUDES = """
#include <openssl/provider.h>
"""

TYPES = """
typedef ... OSSL_PROVIDER;
"""

FUNCTIONS = """
int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *, const char *);

OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *, const char *);
OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *, const char *, int);
int OSSL_PROVIDER_unload(OSSL_PROVIDER *);
"""

CUSTOMIZATIONS = """

#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL \
|| CRYPTOGRAPHY_IS_AWSLC
int (*OSSL_PROVIDER_set_default_search_path)(OSSL_LIB_CTX *,
const char *) = NULL;

OSSL_PROVIDER *(*OSSL_PROVIDER_load)(OSSL_LIB_CTX *, const char *) = NULL;
OSSL_PROVIDER *(*OSSL_PROVIDER_try_load)(OSSL_LIB_CTX *,
const char *, int) = NULL;
int (*OSSL_PROVIDER_unload)(OSSL_PROVIDER *) = NULL;
#endif
"""
4 changes: 4 additions & 0 deletions src/_cffi_src/openssl/ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -336,6 +336,7 @@

/*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/
SSL_CTX *SSL_CTX_new(SSL_METHOD *);
SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *, const char *, const SSL_METHOD *);
long SSL_CTX_get_timeout(const SSL_CTX *);

const SSL_CIPHER *SSL_get_current_cipher(const SSL *);
Expand Down Expand Up @@ -650,6 +651,9 @@
size_t *,
SSL_SESSION **
)) = NULL;

SSL_CTX *(*SSL_CTX_new_ex)(OSSL_LIB_CTX *,
const char *, const SSL_METHOD *) = NULL;
#if CRYPTOGRAPHY_IS_BORINGSSL
const SSL_CIPHER *(*SSL_CIPHER_find)(SSL *, const unsigned char *) = NULL;
#endif
Expand Down
73 changes: 73 additions & 0 deletions src/_cffi_src/openssl/store.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

from __future__ import annotations

INCLUDES = """
#include <openssl/store.h>
"""

TYPES = """
typedef ... OSSL_STORE_CTX;
typedef ... OSSL_STORE_INFO;
typedef ... OSSL_PARAM;
typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
void *);
"""

FUNCTIONS = """
OSSL_STORE_CTX * OSSL_STORE_open(const char *, const UI_METHOD *,
void *, OSSL_STORE_post_process_info_fn, void *);
OSSL_STORE_CTX * OSSL_STORE_open_ex(const char *, OSSL_LIB_CTX *, const char *,
const UI_METHOD *, void *,
const OSSL_PARAM [],
OSSL_STORE_post_process_info_fn,
void *);
int OSSL_STORE_close(OSSL_STORE_CTX *);
const char *OSSL_STORE_INFO_type_string(int);

OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *);
void OSSL_STORE_INFO_free(OSSL_STORE_INFO *);
int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *);
EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *);
EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *);
EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *);
EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *);
EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *);
EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *);
X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *);
X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *);
X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *);
X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *);
"""

CUSTOMIZATIONS = """
#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL \
|| CRYPTOGRAPHY_IS_AWSLC
OSSL_STORE_CTX * (*OSSL_STORE_open)(const char *, const UI_METHOD *,
void *, OSSL_STORE_post_process_info_fn, void *) = NULL;
OSSL_STORE_CTX * (*OSSL_STORE_open_ex)(const char *, OSSL_LIB_CTX *,
const char *,
const UI_METHOD *, void *,
const OSSL_PARAM [],
OSSL_STORE_post_process_info_fn,
void *) = NULL;
int (*OSSL_STORE_close)(OSSL_STORE_CTX *) = NULL;
const char *(*OSSL_STORE_INFO_type_string)(int) = NULL;

OSSL_STORE_INFO *(*OSSL_STORE_load)(OSSL_STORE_CTX *) = NULL;
void (*OSSL_STORE_INFO_free)(OSSL_STORE_INFO *) = NULL;
int (*OSSL_STORE_INFO_get_type)(const OSSL_STORE_INFO *) = NULL;
EVP_PKEY *(*OSSL_STORE_INFO_get0_PARAMS)(const OSSL_STORE_INFO *) = NULL;
EVP_PKEY *(*OSSL_STORE_INFO_get1_PARAMS)(const OSSL_STORE_INFO *) = NULL;
EVP_PKEY *(*OSSL_STORE_INFO_get0_PUBKEY)(const OSSL_STORE_INFO *) = NULL;
EVP_PKEY *(*OSSL_STORE_INFO_get1_PUBKEY)(const OSSL_STORE_INFO *) = NULL;
EVP_PKEY *(*OSSL_STORE_INFO_get0_PKEY)(const OSSL_STORE_INFO *) = NULL;
EVP_PKEY *(*OSSL_STORE_INFO_get1_PKEY)(const OSSL_STORE_INFO *) = NULL;
X509 *(*OSSL_STORE_INFO_get0_CERT)(const OSSL_STORE_INFO *) = NULL;
X509 *(*OSSL_STORE_INFO_get1_CERT)(const OSSL_STORE_INFO *) = NULL;
X509_CRL *(*OSSL_STORE_INFO_get0_CRL)(const OSSL_STORE_INFO *) = NULL;
X509_CRL *(*OSSL_STORE_INFO_get1_CRL)(const OSSL_STORE_INFO *) = NULL;
#endif
"""
Loading