Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 25cb7dfb0f0c32b51a813869f4ef3ab25cba5b2a / . / Modules / _ssl.c
blob: cfcb8a5763b495c8736f4bd7bf2fe3a646915d1b [file] [log] [blame]
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]1/* SSL socket module
2
3 SSL support based on patches by Brian E Gallew and Laszlo Kovacs.
4
5 This module is imported by socket.py. It should *not* be used
6 directly.
7
8*/
9
10#include "Python.h"
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]11enum py_ssl_error {
12 /* these mirror ssl.h */
13 PY_SSL_ERROR_NONE,
14 PY_SSL_ERROR_SSL,
15 PY_SSL_ERROR_WANT_READ,
16 PY_SSL_ERROR_WANT_WRITE,
17 PY_SSL_ERROR_WANT_X509_LOOKUP,
18 PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */
19 PY_SSL_ERROR_ZERO_RETURN,
20 PY_SSL_ERROR_WANT_CONNECT,
21 /* start of non ssl.h errorcodes */
22 PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */
23 PY_SSL_ERROR_INVALID_ERROR_CODE
24};
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]25
26/* Include symbols from _socket module */
27#include "socketmodule.h"
28
29/* Include OpenSSL header files */
30#include "openssl/rsa.h"
31#include "openssl/crypto.h"
32#include "openssl/x509.h"
33#include "openssl/pem.h"
34#include "openssl/ssl.h"
35#include "openssl/err.h"
36#include "openssl/rand.h"
37
38/* SSL error object */
39static PyObject *PySSLErrorObject;
40
41/* SSL socket object */
42
43#define X509_NAME_MAXLEN 256
44
45/* RAND_* APIs got added to OpenSSL in 0.9.5 */
46#if OPENSSL_VERSION_NUMBER >= 0x0090500fL
47# define HAVE_OPENSSL_RAND 1
48#else
49# undef HAVE_OPENSSL_RAND
50#endif
51
52typedef struct {
53 PyObject_HEAD
54 PySocketSockObject *Socket; /* Socket on which we're layered */
55 SSL_CTX* ctx;
56 SSL* ssl;
57 X509* server_cert;
58 BIO* sbio;
59 char server[X509_NAME_MAXLEN];
60 char issuer[X509_NAME_MAXLEN];
61
62} PySSLObject;
63
Jeremy Hylton938ace62002-07-17 16:30:39 +0000[diff] [blame]64static PyTypeObject PySSL_Type;
65static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args);
66static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]67
68#define PySSLObject_Check(v) ((v)->ob_type == &PySSL_Type)
69
70/* XXX It might be helpful to augment the error message generated
71 below with the name of the SSL function that generated the error.
72 I expect it's obvious most of the time.
73*/
74
75static PyObject *
76PySSL_SetError(PySSLObject *obj, int ret)
77{
78 PyObject *v, *n, *s;
79 char *errstr;
80 int err;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]81 enum py_ssl_error p;
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]82
83 assert(ret <= 0);
84
85 err = SSL_get_error(obj->ssl, ret);
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]86
87 switch (err) {
88 case SSL_ERROR_ZERO_RETURN:
89 errstr = "TLS/SSL connection has been closed";
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]90 p = PY_SSL_ERROR_ZERO_RETURN;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]91 break;
92 case SSL_ERROR_WANT_READ:
93 errstr = "The operation did not complete (read)";
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]94 p = PY_SSL_ERROR_WANT_READ;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]95 break;
96 case SSL_ERROR_WANT_WRITE:
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]97 p = PY_SSL_ERROR_WANT_WRITE;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]98 errstr = "The operation did not complete (write)";
99 break;
100 case SSL_ERROR_WANT_X509_LOOKUP:
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]101 p = PY_SSL_ERROR_WANT_X509_LOOKUP;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]102 errstr = "The operation did not complete (X509 lookup)";
103 break;
104 case SSL_ERROR_WANT_CONNECT:
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]105 p = PY_SSL_ERROR_WANT_CONNECT;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]106 errstr = "The operation did not complete (connect)";
107 break;
108 case SSL_ERROR_SYSCALL:
109 {
110 unsigned long e = ERR_get_error();
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]111 if (e == 0) {
112 if (ret == 0) {
113 p = PY_SSL_ERROR_EOF;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]114 errstr = "EOF occurred in violation of protocol";
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]115 } else if (ret == -1) {
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]116 /* the underlying BIO reported an I/O error */
117 return obj->Socket->errorhandler();
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]118 } else { /* possible? */
119 p = PY_SSL_ERROR_SYSCALL;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]120 errstr = "Some I/O error occurred";
121 }
122 } else {
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]123 p = PY_SSL_ERROR_SYSCALL;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]124 /* XXX Protected by global interpreter lock */
125 errstr = ERR_error_string(e, NULL);
126 }
127 break;
128 }
129 case SSL_ERROR_SSL:
130 {
131 unsigned long e = ERR_get_error();
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]132 p = PY_SSL_ERROR_SSL;
133 if (e != 0)
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]134 /* XXX Protected by global interpreter lock */
135 errstr = ERR_error_string(e, NULL);
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]136 else { /* possible? */
137 errstr = "A failure in the SSL library occurred";
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]138 }
139 break;
140 }
141 default:
Jeremy Hylton4e547302002-07-02 18:25:00 +0000[diff] [blame]142 p = PY_SSL_ERROR_INVALID_ERROR_CODE;
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]143 errstr = "Invalid error code";
144 }
145 n = PyInt_FromLong((long) p);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]146 if (n == NULL)
147 return NULL;
148 v = PyTuple_New(2);
149 if (v == NULL) {
150 Py_DECREF(n);
151 return NULL;
152 }
153
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]154 s = PyString_FromString(errstr);
155 if (s == NULL) {
156 Py_DECREF(v);
157 Py_DECREF(n);
158 }
159 PyTuple_SET_ITEM(v, 0, n);
160 PyTuple_SET_ITEM(v, 1, s);
161 PyErr_SetObject(PySSLErrorObject, v);
162 return NULL;
163}
164
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]165static PySSLObject *
166newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file)
167{
168 PySSLObject *self;
169 char *errstr = NULL;
170 int ret;
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]171 int err;
172 int timedout;
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]173
174 self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */
175 if (self == NULL){
176 errstr = "newPySSLObject error";
177 goto fail;
178 }
179 memset(self->server, '\0', sizeof(char) * X509_NAME_MAXLEN);
180 memset(self->issuer, '\0', sizeof(char) * X509_NAME_MAXLEN);
181 self->server_cert = NULL;
182 self->ssl = NULL;
183 self->ctx = NULL;
184 self->Socket = NULL;
185
186 if ((key_file && !cert_file) || (!key_file && cert_file)) {
187 errstr = "Both the key & certificate files must be specified";
188 goto fail;
189 }
190
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]191 Py_BEGIN_ALLOW_THREADS
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]192 self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]193 Py_END_ALLOW_THREADS
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]194 if (self->ctx == NULL) {
195 errstr = "SSL_CTX_new error";
196 goto fail;
197 }
198
199 if (key_file) {
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]200 Py_BEGIN_ALLOW_THREADS
201 ret = SSL_CTX_use_PrivateKey_file(self->ctx, key_file,
202 SSL_FILETYPE_PEM);
203 Py_END_ALLOW_THREADS
204 if (ret < 1) {
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]205 errstr = "SSL_CTX_use_PrivateKey_file error";
206 goto fail;
207 }
208
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]209 Py_BEGIN_ALLOW_THREADS
210 ret = SSL_CTX_use_certificate_chain_file(self->ctx,
211 cert_file);
212 Py_END_ALLOW_THREADS
213 if (ret < 1) {
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]214 errstr = "SSL_CTX_use_certificate_chain_file error";
215 goto fail;
216 }
217 }
218
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]219 Py_BEGIN_ALLOW_THREADS
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]220 SSL_CTX_set_verify(self->ctx,
221 SSL_VERIFY_NONE, NULL); /* set verify lvl */
222 self->ssl = SSL_new(self->ctx); /* New ssl struct */
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]223 Py_END_ALLOW_THREADS
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]224 SSL_set_fd(self->ssl, Sock->sock_fd); /* Set the socket for SSL */
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]225
226 /* If the socket is is non-blocking mode or timeout mode, set the BIO
227 * to non-blocking mode (blocking is the default)
228 */
229 if (Sock->sock_timeout >= 0.0) {
230 /* Set both the read and write BIO's to non-blocking mode */
231 BIO_set_nbio(SSL_get_rbio(self->ssl), 1);
232 BIO_set_nbio(SSL_get_wbio(self->ssl), 1);
233 }
234
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]235 Py_BEGIN_ALLOW_THREADS
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]236 SSL_set_connect_state(self->ssl);
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]237 Py_END_ALLOW_THREADS
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]238
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]239 /* Actually negotiate SSL connection */
240 /* XXX If SSL_connect() returns 0, it's also a failure. */
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]241 timedout = 0;
242 do {
243 Py_BEGIN_ALLOW_THREADS
244 ret = SSL_connect(self->ssl);
245 err = SSL_get_error(self->ssl, ret);
246 Py_END_ALLOW_THREADS
247 if (err == SSL_ERROR_WANT_READ) {
248 timedout = wait_for_timeout(Sock, 0);
249 } else if (err == SSL_ERROR_WANT_WRITE) {
250 timedout = wait_for_timeout(Sock, 1);
251 }
252 if (timedout) {
253 PyErr_SetString(PySSLErrorObject, "The connect operation timed out");
254 return NULL;
255 }
256 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]257 if (ret <= 0) {
258 PySSL_SetError(self, ret);
259 goto fail;
260 }
261 self->ssl->debug = 1;
262
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]263 Py_BEGIN_ALLOW_THREADS
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]264 if ((self->server_cert = SSL_get_peer_certificate(self->ssl))) {
265 X509_NAME_oneline(X509_get_subject_name(self->server_cert),
266 self->server, X509_NAME_MAXLEN);
267 X509_NAME_oneline(X509_get_issuer_name(self->server_cert),
268 self->issuer, X509_NAME_MAXLEN);
269 }
Martin v. Löwis09c35f72002-07-28 09:57:45 +0000[diff] [blame]270 Py_END_ALLOW_THREADS
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]271 self->Socket = Sock;
272 Py_INCREF(self->Socket);
273 return self;
274 fail:
275 if (errstr)
276 PyErr_SetString(PySSLErrorObject, errstr);
277 Py_DECREF(self);
278 return NULL;
279}
280
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]281static PyObject *
282PySocket_ssl(PyObject *self, PyObject *args)
283{
284 PySSLObject *rv;
285 PySocketSockObject *Sock;
286 char *key_file = NULL;
287 char *cert_file = NULL;
288
289 if (!PyArg_ParseTuple(args, "O!|zz:ssl",
290 PySocketModule.Sock_Type,
291 (PyObject*)&Sock,
292 &key_file, &cert_file))
293 return NULL;
294
295 rv = newPySSLObject(Sock, key_file, cert_file);
296 if (rv == NULL)
297 return NULL;
298 return (PyObject *)rv;
299}
300
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]301PyDoc_STRVAR(ssl_doc,
302"ssl(socket, [keyfile, certfile]) -> sslobject");
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]303
304/* SSL object methods */
305
306static PyObject *
307PySSL_server(PySSLObject *self)
308{
309 return PyString_FromString(self->server);
310}
311
312static PyObject *
313PySSL_issuer(PySSLObject *self)
314{
315 return PyString_FromString(self->issuer);
316}
317
318
319static void PySSL_dealloc(PySSLObject *self)
320{
321 if (self->server_cert) /* Possible not to have one? */
322 X509_free (self->server_cert);
323 if (self->ssl)
324 SSL_free(self->ssl);
325 if (self->ctx)
326 SSL_CTX_free(self->ctx);
327 Py_XDECREF(self->Socket);
328 PyObject_Del(self);
329}
330
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]331/* If the socket has a timeout, do a select() on the socket.
332 The argument writing indicates the direction.
333 Return non-zero if the socket timed out, zero otherwise.
334 */
335static int
336wait_for_timeout(PySocketSockObject *s, int writing)
337{
338 fd_set fds;
339 struct timeval tv;
340 int rc;
341
342 /* Nothing to do unless we're in timeout mode (not non-blocking) */
343 if (s->sock_timeout <= 0.0)
344 return 0;
345
346 /* Guard against closed socket */
347 if (s->sock_fd < 0)
348 return 0;
349
350 /* Construct the arguments to select */
351 tv.tv_sec = (int)s->sock_timeout;
352 tv.tv_usec = (int)((s->sock_timeout - tv.tv_sec) * 1e6);
353 FD_ZERO(&fds);
354 FD_SET(s->sock_fd, &fds);
355
356 /* See if the socket is ready */
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]357 Py_BEGIN_ALLOW_THREADS
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]358 if (writing)
359 rc = select(s->sock_fd+1, NULL, &fds, NULL, &tv);
360 else
361 rc = select(s->sock_fd+1, &fds, NULL, NULL, &tv);
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]362 Py_END_ALLOW_THREADS
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]363
364 /* Return 1 on timeout, 0 otherwise */
365 return rc == 0;
366}
367
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]368static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args)
369{
370 char *data;
371 int len;
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]372 int timedout;
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]373 int err;
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]374
375 if (!PyArg_ParseTuple(args, "s#:write", &data, &len))
376 return NULL;
377
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]378 timedout = wait_for_timeout(self->Socket, 1);
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]379 if (timedout) {
380 PyErr_SetString(PySSLErrorObject, "The write operation timed out");
381 return NULL;
382 }
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]383 do {
384 err = 0;
385 Py_BEGIN_ALLOW_THREADS
386 len = SSL_write(self->ssl, data, len);
387 err = SSL_get_error(self->ssl, len);
388 Py_END_ALLOW_THREADS
389 if (err == SSL_ERROR_WANT_READ) {
390 timedout = wait_for_timeout(self->Socket, 0);
391 } else if (err == SSL_ERROR_WANT_WRITE) {
392 timedout = wait_for_timeout(self->Socket, 1);
393 }
394 if (timedout) {
395 PyErr_SetString(PySSLErrorObject, "The write operation timed out");
396 return NULL;
397 }
398 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]399 if (len > 0)
400 return PyInt_FromLong(len);
401 else
402 return PySSL_SetError(self, len);
403}
404
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]405PyDoc_STRVAR(PySSL_SSLwrite_doc,
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]406"write(s) -> len\n\
407\n\
408Writes the string s into the SSL object. Returns the number\n\
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]409of bytes written.");
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]410
411static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args)
412{
413 PyObject *buf;
414 int count = 0;
415 int len = 1024;
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]416 int timedout;
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]417 int err;
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]418
419 if (!PyArg_ParseTuple(args, "|i:read", &len))
420 return NULL;
421
422 if (!(buf = PyString_FromStringAndSize((char *) 0, len)))
423 return NULL;
424
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]425 timedout = wait_for_timeout(self->Socket, 0);
Guido van Rossum99d4abf2003-01-27 22:22:50 +0000[diff] [blame]426 if (timedout) {
427 PyErr_SetString(PySSLErrorObject, "The read operation timed out");
428 return NULL;
429 }
Guido van Rossum4f707ac2003-01-31 18:13:18 +0000[diff] [blame]430 do {
431 err = 0;
432 Py_BEGIN_ALLOW_THREADS
433 count = SSL_read(self->ssl, PyString_AsString(buf), len);
434 err = SSL_get_error(self->ssl, count);
435 Py_END_ALLOW_THREADS
436 if (err == SSL_ERROR_WANT_READ) {
437 timedout = wait_for_timeout(self->Socket, 0);
438 } else if (err == SSL_ERROR_WANT_WRITE) {
439 timedout = wait_for_timeout(self->Socket, 1);
440 }
441 if (timedout) {
442 PyErr_SetString(PySSLErrorObject, "The read operation timed out");
443 return NULL;
444 }
445 } while (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]446 if (count <= 0) {
447 Py_DECREF(buf);
448 return PySSL_SetError(self, count);
449 }
Tim Peters5de98422002-04-27 18:44:32 +0000[diff] [blame]450 if (count != len)
451 _PyString_Resize(&buf, count);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]452 return buf;
453}
454
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]455PyDoc_STRVAR(PySSL_SSLread_doc,
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]456"read([len]) -> string\n\
457\n\
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]458Read up to len bytes from the SSL socket.");
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]459
460static PyMethodDef PySSLMethods[] = {
461 {"write", (PyCFunction)PySSL_SSLwrite, METH_VARARGS,
462 PySSL_SSLwrite_doc},
463 {"read", (PyCFunction)PySSL_SSLread, METH_VARARGS,
464 PySSL_SSLread_doc},
465 {"server", (PyCFunction)PySSL_server, METH_NOARGS},
466 {"issuer", (PyCFunction)PySSL_issuer, METH_NOARGS},
467 {NULL, NULL}
468};
469
470static PyObject *PySSL_getattr(PySSLObject *self, char *name)
471{
472 return Py_FindMethod(PySSLMethods, (PyObject *)self, name);
473}
474
Jeremy Hylton938ace62002-07-17 16:30:39 +0000[diff] [blame]475static PyTypeObject PySSL_Type = {
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]476 PyObject_HEAD_INIT(NULL)
477 0, /*ob_size*/
478 "socket.SSL", /*tp_name*/
479 sizeof(PySSLObject), /*tp_basicsize*/
480 0, /*tp_itemsize*/
481 /* methods */
482 (destructor)PySSL_dealloc, /*tp_dealloc*/
483 0, /*tp_print*/
484 (getattrfunc)PySSL_getattr, /*tp_getattr*/
485 0, /*tp_setattr*/
486 0, /*tp_compare*/
487 0, /*tp_repr*/
488 0, /*tp_as_number*/
489 0, /*tp_as_sequence*/
490 0, /*tp_as_mapping*/
491 0, /*tp_hash*/
492};
493
494#ifdef HAVE_OPENSSL_RAND
495
496/* helper routines for seeding the SSL PRNG */
497static PyObject *
498PySSL_RAND_add(PyObject *self, PyObject *args)
499{
500 char *buf;
501 int len;
502 double entropy;
503
504 if (!PyArg_ParseTuple(args, "s#d:RAND_add", &buf, &len, &entropy))
505 return NULL;
506 RAND_add(buf, len, entropy);
507 Py_INCREF(Py_None);
508 return Py_None;
509}
510
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]511PyDoc_STRVAR(PySSL_RAND_add_doc,
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]512"RAND_add(string, entropy)\n\
513\n\
514Mix string into the OpenSSL PRNG state. entropy (a float) is a lower\n\
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]515bound on the entropy contained in string.");
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]516
517static PyObject *
518PySSL_RAND_status(PyObject *self)
519{
520 return PyInt_FromLong(RAND_status());
521}
522
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]523PyDoc_STRVAR(PySSL_RAND_status_doc,
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]524"RAND_status() -> 0 or 1\n\
525\n\
526Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
527It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]528using the ssl() function.");
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]529
530static PyObject *
531PySSL_RAND_egd(PyObject *self, PyObject *arg)
532{
533 int bytes;
534
535 if (!PyString_Check(arg))
536 return PyErr_Format(PyExc_TypeError,
537 "RAND_egd() expected string, found %s",
538 arg->ob_type->tp_name);
539 bytes = RAND_egd(PyString_AS_STRING(arg));
540 if (bytes == -1) {
541 PyErr_SetString(PySSLErrorObject,
542 "EGD connection failed or EGD did not return "
543 "enough data to seed the PRNG");
544 return NULL;
545 }
546 return PyInt_FromLong(bytes);
547}
548
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]549PyDoc_STRVAR(PySSL_RAND_egd_doc,
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]550"RAND_egd(path) -> bytes\n\
551\n\
552Queries the entropy gather daemon (EGD) on socket path. Returns number\n\
553of bytes read. Raises socket.sslerror if connection to EGD fails or\n\
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]554if it does provide enough data to seed PRNG.");
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]555
556#endif
557
558/* List of functions exported by this module. */
559
560static PyMethodDef PySSL_methods[] = {
561 {"ssl", PySocket_ssl,
562 METH_VARARGS, ssl_doc},
563#ifdef HAVE_OPENSSL_RAND
564 {"RAND_add", PySSL_RAND_add, METH_VARARGS,
565 PySSL_RAND_add_doc},
566 {"RAND_egd", PySSL_RAND_egd, METH_O,
567 PySSL_RAND_egd_doc},
568 {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
569 PySSL_RAND_status_doc},
570#endif
571 {NULL, NULL} /* Sentinel */
572};
573
574
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]575PyDoc_STRVAR(module_doc,
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]576"Implementation module for SSL socket operations. See the socket module\n\
Martin v. Löwis14f8b4c2002-06-13 20:33:02 +0000[diff] [blame]577for documentation.");
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]578
Mark Hammondfe51c6d2002-08-02 02:27:13 +0000[diff] [blame]579PyMODINIT_FUNC
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]580init_ssl(void)
581{
582 PyObject *m, *d;
583
584 PySSL_Type.ob_type = &PyType_Type;
585
586 m = Py_InitModule3("_ssl", PySSL_methods, module_doc);
587 d = PyModule_GetDict(m);
588
589 /* Load _socket module and its C API */
590 if (PySocketModule_ImportModuleAndAPI())
591 return;
592
593 /* Init OpenSSL */
594 SSL_load_error_strings();
595 SSLeay_add_ssl_algorithms();
596
597 /* Add symbols to module dict */
598 PySSLErrorObject = PyErr_NewException("socket.sslerror", NULL, NULL);
599 if (PySSLErrorObject == NULL)
600 return;
601 PyDict_SetItemString(d, "sslerror", PySSLErrorObject);
602 if (PyDict_SetItemString(d, "SSLType",
603 (PyObject *)&PySSL_Type) != 0)
604 return;
605 PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]606 PY_SSL_ERROR_ZERO_RETURN);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]607 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]608 PY_SSL_ERROR_WANT_READ);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]609 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]610 PY_SSL_ERROR_WANT_WRITE);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]611 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]612 PY_SSL_ERROR_WANT_X509_LOOKUP);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]613 PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]614 PY_SSL_ERROR_SYSCALL);
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]615 PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
Martin v. Löwis6af3e2d2002-04-20 07:47:40 +0000[diff] [blame]616 PY_SSL_ERROR_SSL);
617 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
618 PY_SSL_ERROR_WANT_CONNECT);
619 /* non ssl.h errorcodes */
620 PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
621 PY_SSL_ERROR_EOF);
622 PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
623 PY_SSL_ERROR_INVALID_ERROR_CODE);
624
Marc-André Lemburga5d2b4c2002-02-16 18:23:30 +0000[diff] [blame]625}