Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 1 | /* SSL socket module |
| 2 | |
| 3 | SSL support based on patches by Brian E Gallew and Laszlo Kovacs. |
| 4 | |
| 5 | This module is imported by socket.py. It should *not* be used |
| 6 | directly. |
| 7 | |
| 8 | */ |
| 9 | |
| 10 | #include "Python.h" |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 11 | enum py_ssl_error { |
| 12 | /* these mirror ssl.h */ |
| 13 | PY_SSL_ERROR_NONE, |
| 14 | PY_SSL_ERROR_SSL, |
| 15 | PY_SSL_ERROR_WANT_READ, |
| 16 | PY_SSL_ERROR_WANT_WRITE, |
| 17 | PY_SSL_ERROR_WANT_X509_LOOKUP, |
| 18 | PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */ |
| 19 | PY_SSL_ERROR_ZERO_RETURN, |
| 20 | PY_SSL_ERROR_WANT_CONNECT, |
| 21 | /* start of non ssl.h errorcodes */ |
| 22 | PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */ |
| 23 | PY_SSL_ERROR_INVALID_ERROR_CODE |
| 24 | }; |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 25 | |
| 26 | /* Include symbols from _socket module */ |
| 27 | #include "socketmodule.h" |
| 28 | |
| 29 | /* Include OpenSSL header files */ |
| 30 | #include "openssl/rsa.h" |
| 31 | #include "openssl/crypto.h" |
| 32 | #include "openssl/x509.h" |
| 33 | #include "openssl/pem.h" |
| 34 | #include "openssl/ssl.h" |
| 35 | #include "openssl/err.h" |
| 36 | #include "openssl/rand.h" |
| 37 | |
| 38 | /* SSL error object */ |
| 39 | static PyObject *PySSLErrorObject; |
| 40 | |
| 41 | /* SSL socket object */ |
| 42 | |
| 43 | #define X509_NAME_MAXLEN 256 |
| 44 | |
| 45 | /* RAND_* APIs got added to OpenSSL in 0.9.5 */ |
| 46 | #if OPENSSL_VERSION_NUMBER >= 0x0090500fL |
| 47 | # define HAVE_OPENSSL_RAND 1 |
| 48 | #else |
| 49 | # undef HAVE_OPENSSL_RAND |
| 50 | #endif |
| 51 | |
| 52 | typedef struct { |
| 53 | PyObject_HEAD |
| 54 | PySocketSockObject *Socket; /* Socket on which we're layered */ |
| 55 | SSL_CTX* ctx; |
| 56 | SSL* ssl; |
| 57 | X509* server_cert; |
| 58 | BIO* sbio; |
| 59 | char server[X509_NAME_MAXLEN]; |
| 60 | char issuer[X509_NAME_MAXLEN]; |
| 61 | |
| 62 | } PySSLObject; |
| 63 | |
| 64 | staticforward PyTypeObject PySSL_Type; |
| 65 | staticforward PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args); |
| 66 | staticforward PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args); |
| 67 | |
| 68 | #define PySSLObject_Check(v) ((v)->ob_type == &PySSL_Type) |
| 69 | |
| 70 | /* XXX It might be helpful to augment the error message generated |
| 71 | below with the name of the SSL function that generated the error. |
| 72 | I expect it's obvious most of the time. |
| 73 | */ |
| 74 | |
| 75 | static PyObject * |
| 76 | PySSL_SetError(PySSLObject *obj, int ret) |
| 77 | { |
| 78 | PyObject *v, *n, *s; |
| 79 | char *errstr; |
| 80 | int err; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 81 | enum py_ssl_error p; |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 82 | |
| 83 | assert(ret <= 0); |
| 84 | |
| 85 | err = SSL_get_error(obj->ssl, ret); |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 86 | |
| 87 | switch (err) { |
| 88 | case SSL_ERROR_ZERO_RETURN: |
| 89 | errstr = "TLS/SSL connection has been closed"; |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 90 | p = PY_SSL_ERROR_ZERO_RETURN; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 91 | break; |
| 92 | case SSL_ERROR_WANT_READ: |
| 93 | errstr = "The operation did not complete (read)"; |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 94 | p = PY_SSL_ERROR_WANT_READ; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 95 | break; |
| 96 | case SSL_ERROR_WANT_WRITE: |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 97 | p = PY_SSL_ERROR_WANT_WRITE; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 98 | errstr = "The operation did not complete (write)"; |
| 99 | break; |
| 100 | case SSL_ERROR_WANT_X509_LOOKUP: |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 101 | p = PY_SSL_ERROR_WANT_X509_LOOKUP; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 102 | errstr = "The operation did not complete (X509 lookup)"; |
| 103 | break; |
| 104 | case SSL_ERROR_WANT_CONNECT: |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 105 | p = PY_SSL_ERROR_WANT_CONNECT; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 106 | errstr = "The operation did not complete (connect)"; |
| 107 | break; |
| 108 | case SSL_ERROR_SYSCALL: |
| 109 | { |
| 110 | unsigned long e = ERR_get_error(); |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 111 | if (e == 0) { |
| 112 | if (ret == 0) { |
| 113 | p = PY_SSL_ERROR_EOF; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 114 | errstr = "EOF occurred in violation of protocol"; |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 115 | } else if (ret == -1) { |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 116 | /* the underlying BIO reported an I/O error */ |
| 117 | return obj->Socket->errorhandler(); |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 118 | } else { /* possible? */ |
| 119 | p = PY_SSL_ERROR_SYSCALL; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 120 | errstr = "Some I/O error occurred"; |
| 121 | } |
| 122 | } else { |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 123 | p = PY_SSL_ERROR_SYSCALL; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 124 | /* XXX Protected by global interpreter lock */ |
| 125 | errstr = ERR_error_string(e, NULL); |
| 126 | } |
| 127 | break; |
| 128 | } |
| 129 | case SSL_ERROR_SSL: |
| 130 | { |
| 131 | unsigned long e = ERR_get_error(); |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 132 | p = PY_SSL_ERROR_SSL; |
| 133 | if (e != 0) |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 134 | /* XXX Protected by global interpreter lock */ |
| 135 | errstr = ERR_error_string(e, NULL); |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 136 | else { /* possible? */ |
| 137 | errstr = "A failure in the SSL library occurred"; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 138 | } |
| 139 | break; |
| 140 | } |
| 141 | default: |
Jeremy Hylton | 4e54730 | 2002-07-02 18:25:00 +0000 | [diff] [blame] | 142 | p = PY_SSL_ERROR_INVALID_ERROR_CODE; |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 143 | errstr = "Invalid error code"; |
| 144 | } |
| 145 | n = PyInt_FromLong((long) p); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 146 | if (n == NULL) |
| 147 | return NULL; |
| 148 | v = PyTuple_New(2); |
| 149 | if (v == NULL) { |
| 150 | Py_DECREF(n); |
| 151 | return NULL; |
| 152 | } |
| 153 | |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 154 | s = PyString_FromString(errstr); |
| 155 | if (s == NULL) { |
| 156 | Py_DECREF(v); |
| 157 | Py_DECREF(n); |
| 158 | } |
| 159 | PyTuple_SET_ITEM(v, 0, n); |
| 160 | PyTuple_SET_ITEM(v, 1, s); |
| 161 | PyErr_SetObject(PySSLErrorObject, v); |
| 162 | return NULL; |
| 163 | } |
| 164 | |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 165 | static PySSLObject * |
| 166 | newPySSLObject(PySocketSockObject *Sock, char *key_file, char *cert_file) |
| 167 | { |
| 168 | PySSLObject *self; |
| 169 | char *errstr = NULL; |
| 170 | int ret; |
| 171 | |
| 172 | self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ |
| 173 | if (self == NULL){ |
| 174 | errstr = "newPySSLObject error"; |
| 175 | goto fail; |
| 176 | } |
| 177 | memset(self->server, '\0', sizeof(char) * X509_NAME_MAXLEN); |
| 178 | memset(self->issuer, '\0', sizeof(char) * X509_NAME_MAXLEN); |
| 179 | self->server_cert = NULL; |
| 180 | self->ssl = NULL; |
| 181 | self->ctx = NULL; |
| 182 | self->Socket = NULL; |
| 183 | |
| 184 | if ((key_file && !cert_file) || (!key_file && cert_file)) { |
| 185 | errstr = "Both the key & certificate files must be specified"; |
| 186 | goto fail; |
| 187 | } |
| 188 | |
| 189 | self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */ |
| 190 | if (self->ctx == NULL) { |
| 191 | errstr = "SSL_CTX_new error"; |
| 192 | goto fail; |
| 193 | } |
| 194 | |
| 195 | if (key_file) { |
| 196 | if (SSL_CTX_use_PrivateKey_file(self->ctx, key_file, |
| 197 | SSL_FILETYPE_PEM) < 1) { |
| 198 | errstr = "SSL_CTX_use_PrivateKey_file error"; |
| 199 | goto fail; |
| 200 | } |
| 201 | |
| 202 | if (SSL_CTX_use_certificate_chain_file(self->ctx, |
| 203 | cert_file) < 1) { |
| 204 | errstr = "SSL_CTX_use_certificate_chain_file error"; |
| 205 | goto fail; |
| 206 | } |
| 207 | } |
| 208 | |
| 209 | SSL_CTX_set_verify(self->ctx, |
| 210 | SSL_VERIFY_NONE, NULL); /* set verify lvl */ |
| 211 | self->ssl = SSL_new(self->ctx); /* New ssl struct */ |
| 212 | SSL_set_fd(self->ssl, Sock->sock_fd); /* Set the socket for SSL */ |
| 213 | SSL_set_connect_state(self->ssl); |
| 214 | |
| 215 | /* Actually negotiate SSL connection */ |
| 216 | /* XXX If SSL_connect() returns 0, it's also a failure. */ |
| 217 | ret = SSL_connect(self->ssl); |
| 218 | if (ret <= 0) { |
| 219 | PySSL_SetError(self, ret); |
| 220 | goto fail; |
| 221 | } |
| 222 | self->ssl->debug = 1; |
| 223 | |
| 224 | if ((self->server_cert = SSL_get_peer_certificate(self->ssl))) { |
| 225 | X509_NAME_oneline(X509_get_subject_name(self->server_cert), |
| 226 | self->server, X509_NAME_MAXLEN); |
| 227 | X509_NAME_oneline(X509_get_issuer_name(self->server_cert), |
| 228 | self->issuer, X509_NAME_MAXLEN); |
| 229 | } |
| 230 | self->Socket = Sock; |
| 231 | Py_INCREF(self->Socket); |
| 232 | return self; |
| 233 | fail: |
| 234 | if (errstr) |
| 235 | PyErr_SetString(PySSLErrorObject, errstr); |
| 236 | Py_DECREF(self); |
| 237 | return NULL; |
| 238 | } |
| 239 | |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 240 | static PyObject * |
| 241 | PySocket_ssl(PyObject *self, PyObject *args) |
| 242 | { |
| 243 | PySSLObject *rv; |
| 244 | PySocketSockObject *Sock; |
| 245 | char *key_file = NULL; |
| 246 | char *cert_file = NULL; |
| 247 | |
| 248 | if (!PyArg_ParseTuple(args, "O!|zz:ssl", |
| 249 | PySocketModule.Sock_Type, |
| 250 | (PyObject*)&Sock, |
| 251 | &key_file, &cert_file)) |
| 252 | return NULL; |
| 253 | |
| 254 | rv = newPySSLObject(Sock, key_file, cert_file); |
| 255 | if (rv == NULL) |
| 256 | return NULL; |
| 257 | return (PyObject *)rv; |
| 258 | } |
| 259 | |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 260 | PyDoc_STRVAR(ssl_doc, |
| 261 | "ssl(socket, [keyfile, certfile]) -> sslobject"); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 262 | |
| 263 | /* SSL object methods */ |
| 264 | |
| 265 | static PyObject * |
| 266 | PySSL_server(PySSLObject *self) |
| 267 | { |
| 268 | return PyString_FromString(self->server); |
| 269 | } |
| 270 | |
| 271 | static PyObject * |
| 272 | PySSL_issuer(PySSLObject *self) |
| 273 | { |
| 274 | return PyString_FromString(self->issuer); |
| 275 | } |
| 276 | |
| 277 | |
| 278 | static void PySSL_dealloc(PySSLObject *self) |
| 279 | { |
| 280 | if (self->server_cert) /* Possible not to have one? */ |
| 281 | X509_free (self->server_cert); |
| 282 | if (self->ssl) |
| 283 | SSL_free(self->ssl); |
| 284 | if (self->ctx) |
| 285 | SSL_CTX_free(self->ctx); |
| 286 | Py_XDECREF(self->Socket); |
| 287 | PyObject_Del(self); |
| 288 | } |
| 289 | |
| 290 | static PyObject *PySSL_SSLwrite(PySSLObject *self, PyObject *args) |
| 291 | { |
| 292 | char *data; |
| 293 | int len; |
| 294 | |
| 295 | if (!PyArg_ParseTuple(args, "s#:write", &data, &len)) |
| 296 | return NULL; |
| 297 | |
| 298 | Py_BEGIN_ALLOW_THREADS |
| 299 | len = SSL_write(self->ssl, data, len); |
| 300 | Py_END_ALLOW_THREADS |
| 301 | if (len > 0) |
| 302 | return PyInt_FromLong(len); |
| 303 | else |
| 304 | return PySSL_SetError(self, len); |
| 305 | } |
| 306 | |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 307 | PyDoc_STRVAR(PySSL_SSLwrite_doc, |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 308 | "write(s) -> len\n\ |
| 309 | \n\ |
| 310 | Writes the string s into the SSL object. Returns the number\n\ |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 311 | of bytes written."); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 312 | |
| 313 | static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args) |
| 314 | { |
| 315 | PyObject *buf; |
| 316 | int count = 0; |
| 317 | int len = 1024; |
| 318 | |
| 319 | if (!PyArg_ParseTuple(args, "|i:read", &len)) |
| 320 | return NULL; |
| 321 | |
| 322 | if (!(buf = PyString_FromStringAndSize((char *) 0, len))) |
| 323 | return NULL; |
| 324 | |
| 325 | Py_BEGIN_ALLOW_THREADS |
| 326 | count = SSL_read(self->ssl, PyString_AsString(buf), len); |
| 327 | Py_END_ALLOW_THREADS |
| 328 | if (count <= 0) { |
| 329 | Py_DECREF(buf); |
| 330 | return PySSL_SetError(self, count); |
| 331 | } |
Tim Peters | 5de9842 | 2002-04-27 18:44:32 +0000 | [diff] [blame] | 332 | if (count != len) |
| 333 | _PyString_Resize(&buf, count); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 334 | return buf; |
| 335 | } |
| 336 | |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 337 | PyDoc_STRVAR(PySSL_SSLread_doc, |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 338 | "read([len]) -> string\n\ |
| 339 | \n\ |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 340 | Read up to len bytes from the SSL socket."); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 341 | |
| 342 | static PyMethodDef PySSLMethods[] = { |
| 343 | {"write", (PyCFunction)PySSL_SSLwrite, METH_VARARGS, |
| 344 | PySSL_SSLwrite_doc}, |
| 345 | {"read", (PyCFunction)PySSL_SSLread, METH_VARARGS, |
| 346 | PySSL_SSLread_doc}, |
| 347 | {"server", (PyCFunction)PySSL_server, METH_NOARGS}, |
| 348 | {"issuer", (PyCFunction)PySSL_issuer, METH_NOARGS}, |
| 349 | {NULL, NULL} |
| 350 | }; |
| 351 | |
| 352 | static PyObject *PySSL_getattr(PySSLObject *self, char *name) |
| 353 | { |
| 354 | return Py_FindMethod(PySSLMethods, (PyObject *)self, name); |
| 355 | } |
| 356 | |
| 357 | staticforward PyTypeObject PySSL_Type = { |
| 358 | PyObject_HEAD_INIT(NULL) |
| 359 | 0, /*ob_size*/ |
| 360 | "socket.SSL", /*tp_name*/ |
| 361 | sizeof(PySSLObject), /*tp_basicsize*/ |
| 362 | 0, /*tp_itemsize*/ |
| 363 | /* methods */ |
| 364 | (destructor)PySSL_dealloc, /*tp_dealloc*/ |
| 365 | 0, /*tp_print*/ |
| 366 | (getattrfunc)PySSL_getattr, /*tp_getattr*/ |
| 367 | 0, /*tp_setattr*/ |
| 368 | 0, /*tp_compare*/ |
| 369 | 0, /*tp_repr*/ |
| 370 | 0, /*tp_as_number*/ |
| 371 | 0, /*tp_as_sequence*/ |
| 372 | 0, /*tp_as_mapping*/ |
| 373 | 0, /*tp_hash*/ |
| 374 | }; |
| 375 | |
| 376 | #ifdef HAVE_OPENSSL_RAND |
| 377 | |
| 378 | /* helper routines for seeding the SSL PRNG */ |
| 379 | static PyObject * |
| 380 | PySSL_RAND_add(PyObject *self, PyObject *args) |
| 381 | { |
| 382 | char *buf; |
| 383 | int len; |
| 384 | double entropy; |
| 385 | |
| 386 | if (!PyArg_ParseTuple(args, "s#d:RAND_add", &buf, &len, &entropy)) |
| 387 | return NULL; |
| 388 | RAND_add(buf, len, entropy); |
| 389 | Py_INCREF(Py_None); |
| 390 | return Py_None; |
| 391 | } |
| 392 | |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 393 | PyDoc_STRVAR(PySSL_RAND_add_doc, |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 394 | "RAND_add(string, entropy)\n\ |
| 395 | \n\ |
| 396 | Mix string into the OpenSSL PRNG state. entropy (a float) is a lower\n\ |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 397 | bound on the entropy contained in string."); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 398 | |
| 399 | static PyObject * |
| 400 | PySSL_RAND_status(PyObject *self) |
| 401 | { |
| 402 | return PyInt_FromLong(RAND_status()); |
| 403 | } |
| 404 | |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 405 | PyDoc_STRVAR(PySSL_RAND_status_doc, |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 406 | "RAND_status() -> 0 or 1\n\ |
| 407 | \n\ |
| 408 | Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\ |
| 409 | It is necessary to seed the PRNG with RAND_add() on some platforms before\n\ |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 410 | using the ssl() function."); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 411 | |
| 412 | static PyObject * |
| 413 | PySSL_RAND_egd(PyObject *self, PyObject *arg) |
| 414 | { |
| 415 | int bytes; |
| 416 | |
| 417 | if (!PyString_Check(arg)) |
| 418 | return PyErr_Format(PyExc_TypeError, |
| 419 | "RAND_egd() expected string, found %s", |
| 420 | arg->ob_type->tp_name); |
| 421 | bytes = RAND_egd(PyString_AS_STRING(arg)); |
| 422 | if (bytes == -1) { |
| 423 | PyErr_SetString(PySSLErrorObject, |
| 424 | "EGD connection failed or EGD did not return " |
| 425 | "enough data to seed the PRNG"); |
| 426 | return NULL; |
| 427 | } |
| 428 | return PyInt_FromLong(bytes); |
| 429 | } |
| 430 | |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 431 | PyDoc_STRVAR(PySSL_RAND_egd_doc, |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 432 | "RAND_egd(path) -> bytes\n\ |
| 433 | \n\ |
| 434 | Queries the entropy gather daemon (EGD) on socket path. Returns number\n\ |
| 435 | of bytes read. Raises socket.sslerror if connection to EGD fails or\n\ |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 436 | if it does provide enough data to seed PRNG."); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 437 | |
| 438 | #endif |
| 439 | |
| 440 | /* List of functions exported by this module. */ |
| 441 | |
| 442 | static PyMethodDef PySSL_methods[] = { |
| 443 | {"ssl", PySocket_ssl, |
| 444 | METH_VARARGS, ssl_doc}, |
| 445 | #ifdef HAVE_OPENSSL_RAND |
| 446 | {"RAND_add", PySSL_RAND_add, METH_VARARGS, |
| 447 | PySSL_RAND_add_doc}, |
| 448 | {"RAND_egd", PySSL_RAND_egd, METH_O, |
| 449 | PySSL_RAND_egd_doc}, |
| 450 | {"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS, |
| 451 | PySSL_RAND_status_doc}, |
| 452 | #endif |
| 453 | {NULL, NULL} /* Sentinel */ |
| 454 | }; |
| 455 | |
| 456 | |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 457 | PyDoc_STRVAR(module_doc, |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 458 | "Implementation module for SSL socket operations. See the socket module\n\ |
Martin v. Löwis | 14f8b4c | 2002-06-13 20:33:02 +0000 | [diff] [blame] | 459 | for documentation."); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 460 | |
| 461 | DL_EXPORT(void) |
| 462 | init_ssl(void) |
| 463 | { |
| 464 | PyObject *m, *d; |
| 465 | |
| 466 | PySSL_Type.ob_type = &PyType_Type; |
| 467 | |
| 468 | m = Py_InitModule3("_ssl", PySSL_methods, module_doc); |
| 469 | d = PyModule_GetDict(m); |
| 470 | |
| 471 | /* Load _socket module and its C API */ |
| 472 | if (PySocketModule_ImportModuleAndAPI()) |
| 473 | return; |
| 474 | |
| 475 | /* Init OpenSSL */ |
| 476 | SSL_load_error_strings(); |
| 477 | SSLeay_add_ssl_algorithms(); |
| 478 | |
| 479 | /* Add symbols to module dict */ |
| 480 | PySSLErrorObject = PyErr_NewException("socket.sslerror", NULL, NULL); |
| 481 | if (PySSLErrorObject == NULL) |
| 482 | return; |
| 483 | PyDict_SetItemString(d, "sslerror", PySSLErrorObject); |
| 484 | if (PyDict_SetItemString(d, "SSLType", |
| 485 | (PyObject *)&PySSL_Type) != 0) |
| 486 | return; |
| 487 | PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN", |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 488 | PY_SSL_ERROR_ZERO_RETURN); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 489 | PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ", |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 490 | PY_SSL_ERROR_WANT_READ); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 491 | PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE", |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 492 | PY_SSL_ERROR_WANT_WRITE); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 493 | PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP", |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 494 | PY_SSL_ERROR_WANT_X509_LOOKUP); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 495 | PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL", |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 496 | PY_SSL_ERROR_SYSCALL); |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 497 | PyModule_AddIntConstant(m, "SSL_ERROR_SSL", |
Martin v. Löwis | 6af3e2d | 2002-04-20 07:47:40 +0000 | [diff] [blame] | 498 | PY_SSL_ERROR_SSL); |
| 499 | PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT", |
| 500 | PY_SSL_ERROR_WANT_CONNECT); |
| 501 | /* non ssl.h errorcodes */ |
| 502 | PyModule_AddIntConstant(m, "SSL_ERROR_EOF", |
| 503 | PY_SSL_ERROR_EOF); |
| 504 | PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE", |
| 505 | PY_SSL_ERROR_INVALID_ERROR_CODE); |
| 506 | |
Marc-André Lemburg | a5d2b4c | 2002-02-16 18:23:30 +0000 | [diff] [blame] | 507 | } |