Merge pull request #470 from alex/bind-ecdhe-stuff
Start binding some stuff for ECDHE in pyOpenSSL.
diff --git a/cryptography/hazmat/bindings/openssl/binding.py b/cryptography/hazmat/bindings/openssl/binding.py
index 8a4e1dd..88299d1 100644
--- a/cryptography/hazmat/bindings/openssl/binding.py
+++ b/cryptography/hazmat/bindings/openssl/binding.py
@@ -48,6 +48,7 @@
"crypto",
"dh",
"dsa",
+ "ec",
"engine",
"err",
"evp",
diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py
new file mode 100644
index 0000000..cbb0336
--- /dev/null
+++ b/cryptography/hazmat/bindings/openssl/ec.py
@@ -0,0 +1,43 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+INCLUDES = """
+"""
+
+TYPES = """
+static const int Cryptography_HAS_EC;
+
+typedef ... EC_KEY;
+"""
+
+FUNCTIONS = """
+EC_KEY *EC_KEY_new_by_curve_name(int);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+#ifdef OPENSSL_NO_EC
+static const long Cryptography_HAS_EC = 0;
+EC_KEY* (*EC_KEY_new_by_curve_name)(int) = NULL;
+#else
+static const long Cryptography_HAS_EC = 1;
+#endif
+"""
+
+CONDITIONAL_NAMES = {
+ "Cryptography_HAS_EC": [
+ "EC_KEY_new_by_curve_name",
+ ]
+}
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index d0d5ae2..cd872d1 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -77,6 +77,7 @@
static const int SSL_OP_COOKIE_EXCHANGE;
static const int SSL_OP_NO_TICKET;
static const int SSL_OP_ALL;
+static const int SSL_OP_SINGLE_ECDH_USE;
static const int SSL_VERIFY_PEER;
static const int SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
static const int SSL_VERIFY_CLIENT_ONCE;
@@ -231,6 +232,7 @@
long SSL_CTX_set_session_cache_mode(SSL_CTX *, long);
long SSL_CTX_get_session_cache_mode(SSL_CTX *);
long SSL_CTX_set_tmp_dh(SSL_CTX *, DH *);
+long SSL_CTX_set_tmp_ecdh(SSL_CTX *, EC_KEY *);
long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *);
/*- These aren't macros these functions are all const X on openssl > 1.0.x -*/
@@ -345,6 +347,10 @@
static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0;
const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0;
#endif
+
+#ifdef OPENSSL_NO_EC
+long (*SSL_CTX_set_tmp_ecdh)(SSL_CTX *, EC_KEY *) = NULL;
+#endif
"""
CONDITIONAL_NAMES = {
@@ -385,4 +391,8 @@
"Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [
"SSL_OP_MSIE_SSLV2_RSA_PADDING",
],
+
+ "Cryptography_HAS_EC": [
+ "EC_KEY_new_by_curve_name",
+ ]
}