From 4c62259947d83ce31b035684727c2c55ef4f08bf Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 1 Feb 2025 10:15:18 -0800 Subject: [PATCH] PoC for using capabilities from Rust --- .github/workflows/ci.yml | 54 ++++++++++++++++++------------------- src/OpenSSL/SSL.py | 57 +++++++++------------------------------- tox.ini | 2 +- 3 files changed, 40 insertions(+), 73 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5ecfb125..3de4de47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,16 +11,16 @@ jobs: matrix: PYTHON: # Base builds - - {VERSION: "3.7", TOXENV: "py37"} - - {VERSION: "3.8", TOXENV: "py38"} - - {VERSION: "3.9", TOXENV: "py39"} - - {VERSION: "3.10", TOXENV: "py310"} - - {VERSION: "3.11", TOXENV: "py311"} - - {VERSION: "3.12", TOXENV: "py312"} - - {VERSION: "3.13-dev", TOXENV: "py313"} - - {VERSION: "pypy-3.9", TOXENV: "pypy3"} - - {VERSION: "pypy-3.10", TOXENV: "pypy3"} - - {VERSION: "3.11", TOXENV: "py311-useWheel", OS: "windows-2022" } + # - {VERSION: "3.7", TOXENV: "py37"} + # - {VERSION: "3.8", TOXENV: "py38"} + # - {VERSION: "3.9", TOXENV: "py39"} + # - {VERSION: "3.10", TOXENV: "py310"} + # - {VERSION: "3.11", TOXENV: "py311"} + # - {VERSION: "3.12", TOXENV: "py312"} + # - {VERSION: "3.13-dev", TOXENV: "py313"} + # - {VERSION: "pypy-3.9", TOXENV: "pypy3"} + # - {VERSION: "pypy-3.10", TOXENV: "pypy3"} + # - {VERSION: "3.11", TOXENV: "py311-useWheel", OS: "windows-2022" } # -cryptographyMain - {VERSION: "3.7", TOXENV: "py37-cryptographyMain"} - {VERSION: "3.8", TOXENV: "py38-cryptographyMain"} @@ -32,24 +32,24 @@ jobs: - {VERSION: "pypy-3.9", TOXENV: "pypy3-cryptographyMain"} - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMain"} # -cryptographyMinimum - - {VERSION: "3.7", TOXENV: "py37-cryptographyMinimum"} - - {VERSION: "3.8", TOXENV: "py38-cryptographyMinimum"} - - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum"} - - {VERSION: "3.10", TOXENV: "py310-cryptographyMinimum"} - - {VERSION: "3.11", TOXENV: "py311-cryptographyMinimum"} - - {VERSION: "3.12", TOXENV: "py312-cryptographyMinimum"} - - {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMinimum"} - - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMinimum"} + # - {VERSION: "3.7", TOXENV: "py37-cryptographyMinimum"} + # - {VERSION: "3.8", TOXENV: "py38-cryptographyMinimum"} + # - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum"} + # - {VERSION: "3.10", TOXENV: "py310-cryptographyMinimum"} + # - {VERSION: "3.11", TOXENV: "py311-cryptographyMinimum"} + # - {VERSION: "3.12", TOXENV: "py312-cryptographyMinimum"} + # - {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMinimum"} + # - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMinimum"} # Cryptography wheels - - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum-useWheel"} - - {VERSION: "3.9", TOXENV: "py39-useWheel"} + # - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum-useWheel"} + # - {VERSION: "3.9", TOXENV: "py39-useWheel"} # Random order - - {VERSION: "3.9", TOXENV: "py39-randomorder"} + # - {VERSION: "3.9", TOXENV: "py39-randomorder"} # Meta - {VERSION: "3.9", TOXENV: "check-manifest"} - {VERSION: "3.11", TOXENV: "lint"} - - {VERSION: "3.11", TOXENV: "py311-mypy"} - - {VERSION: "3.9", TOXENV: "docs"} + # - {VERSION: "3.11", TOXENV: "py311-mypy"} + # - {VERSION: "3.9", TOXENV: "docs"} name: "${{ matrix.PYTHON.TOXENV }}${{ matrix.PYTHON.OS && format(' on {0}', matrix.PYTHON.OS) || '' }}" steps: - uses: actions/checkout@v4 @@ -87,10 +87,10 @@ jobs: strategy: fail-fast: false matrix: - DOWNSTREAM: - - twisted - - certbot - - certbot-josepy + DOWNSTREAM: [] + # - twisted + # - certbot + # - certbot-josepy PYTHON: - 3.12 name: "Downstream tests for ${{ matrix.DOWNSTREAM }}" diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 0cde0b26..0f40b60e 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -13,6 +13,7 @@ from weakref import WeakValueDictionary from cryptography import x509 +from cryptography.hazmat.bindings._rust import pyopenssl from cryptography.hazmat.primitives.asymmetric import ec from OpenSSL._util import ( @@ -169,16 +170,16 @@ SENT_SHUTDOWN = _lib.SSL_SENT_SHUTDOWN RECEIVED_SHUTDOWN = _lib.SSL_RECEIVED_SHUTDOWN -SSLv23_METHOD = 3 -TLSv1_METHOD = 4 -TLSv1_1_METHOD = 5 -TLSv1_2_METHOD = 6 -TLS_METHOD = 7 -TLS_SERVER_METHOD = 8 -TLS_CLIENT_METHOD = 9 -DTLS_METHOD = 10 -DTLS_SERVER_METHOD = 11 -DTLS_CLIENT_METHOD = 12 +SSLv23_METHOD = pyopenssl.SSLv23_METHOD +TLSv1_METHOD = pyopenssl.TLSv1_METHOD +TLSv1_1_METHOD = pyopenssl.TLSv1_1_METHOD +TLSv1_2_METHOD = pyopenssl.TLSv1_2_METHOD +TLS_METHOD = pyopenssl.TLS_METHOD +TLS_SERVER_METHOD = pyopenssl.TLS_SERVER_METHOD +TLS_CLIENT_METHOD = pyopenssl.TLS_CLIENT_METHOD +DTLS_METHOD = pyopenssl.DTLS_METHOD +DTLS_SERVER_METHOD = pyopenssl.DTLS_SERVER_METHOD +DTLS_CLIENT_METHOD = pyopenssl.DTLS_CLIENT_METHOD SSL3_VERSION: int = _lib.SSL3_VERSION TLS1_VERSION: int = _lib.TLS1_VERSION @@ -827,7 +828,7 @@ class Session: _session: Any -class Context: +class Context(pyopenssl.Context): """ :class:`OpenSSL.SSL.Context` instances define the parameters for setting up new SSL connections. @@ -838,38 +839,7 @@ class Context: not be used. """ - _methods: typing.ClassVar[ - dict[int, tuple[Callable[[], Any], int | None]] - ] = { - SSLv23_METHOD: (_lib.TLS_method, None), - TLSv1_METHOD: (_lib.TLS_method, TLS1_VERSION), - TLSv1_1_METHOD: (_lib.TLS_method, TLS1_1_VERSION), - TLSv1_2_METHOD: (_lib.TLS_method, TLS1_2_VERSION), - TLS_METHOD: (_lib.TLS_method, None), - TLS_SERVER_METHOD: (_lib.TLS_server_method, None), - TLS_CLIENT_METHOD: (_lib.TLS_client_method, None), - DTLS_METHOD: (_lib.DTLS_method, None), - DTLS_SERVER_METHOD: (_lib.DTLS_server_method, None), - DTLS_CLIENT_METHOD: (_lib.DTLS_client_method, None), - } - def __init__(self, method: int) -> None: - if not isinstance(method, int): - raise TypeError("method must be an integer") - - try: - method_func, version = self._methods[method] - except KeyError: - raise ValueError("No such protocol") - - method_obj = method_func() - _openssl_assert(method_obj != _ffi.NULL) - - context = _lib.SSL_CTX_new(method_obj) - _openssl_assert(context != _ffi.NULL) - context = _ffi.gc(context, _lib.SSL_CTX_free) - - self._context = context self._passphrase_helper: _PassphraseHelper | None = None self._passphrase_callback: _PassphraseCallback[Any] | None = None self._passphrase_userdata: Any | None = None @@ -894,9 +864,6 @@ def __init__(self, method: int) -> None: self._cookie_verify_helper: _CookieVerifyCallbackHelper | None = None self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE) - if version is not None: - self.set_min_proto_version(version) - self.set_max_proto_version(version) def set_min_proto_version(self, version: int) -> None: """ diff --git a/tox.ini b/tox.ini index 50105fa8..b4cc3b26 100644 --- a/tox.ini +++ b/tox.ini @@ -27,7 +27,7 @@ setenv = PIP_NO_BINARY=cryptography useWheel: PIP_NO_BINARY= commands = - cryptographyMain: pip install -U git+https://github.com/pyca/cryptography.git + cryptographyMain: pip install -U git+https://github.com/alex/cryptography.git@openssl-horror-show openssl version coverage run --parallel -m OpenSSL.debug coverage run --parallel -m pytest -v {posargs}