Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 09654fe80485651048943099a0fecc65aa3bc7e8 / . / src / crypto / crypto.c
blob: b9599094e77a1e25fd222c84bd10583149395bb8 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * crypto.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -0400[diff] [blame]5 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]6 *
7 * Main file of crypto sub module.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 *
10 * Reviewed 2001-07-23
11 */
12#include <Python.h>
13#define crypto_MODULE
14#include "crypto.h"
15
16static char crypto_doc[] = "\n\
17Main file of crypto sub module.\n\
18See the file RATIONALE for a short explanation of why this module was written.\n\
19";
20
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]21void **ssl_API;
22
23PyObject *crypto_Error;
24
25static int
26global_passphrase_callback(char *buf, int len, int rwflag, void *cb_arg)
27{
28 PyObject *func, *argv, *ret;
29 int nchars;
30
31 func = (PyObject *)cb_arg;
32 argv = Py_BuildValue("(i)", rwflag);
33 ret = PyEval_CallObject(func, argv);
34 Py_DECREF(argv);
35 if (ret == NULL)
36 return 0;
37 if (!PyString_Check(ret))
38 {
39 PyErr_SetString(PyExc_ValueError, "String expected");
40 return 0;
41 }
42 nchars = PyString_Size(ret);
43 if (nchars > len)
44 nchars = len;
45 strncpy(buf, PyString_AsString(ret), nchars);
46 return nchars;
47}
48
49static char crypto_load_privatekey_doc[] = "\n\
50Load a private key from a buffer\n\
51\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]52@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
53@param buffer: The buffer the key is stored in\n\
54@param passphrase: (optional) if encrypted PEM format, this can be\n\
55 either the passphrase to use, or a callback for\n\
56 providing the passphrase.\n\
57\n\
58@return: The PKey object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]59";
60
61static PyObject *
62crypto_load_privatekey(PyObject *spam, PyObject *args)
63{
64 crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
65 int type, len;
66 char *buffer;
67 PyObject *pw = NULL;
68 pem_password_cb *cb = NULL;
69 void *cb_arg = NULL;
70 BIO *bio;
71 EVP_PKEY *pkey;
72
73 if (!PyArg_ParseTuple(args, "is#|O:load_privatekey", &type, &buffer, &len, &pw))
74 return NULL;
75
76 if (pw != NULL)
77 {
78 if (PyString_Check(pw))
79 {
80 cb = NULL;
81 cb_arg = PyString_AsString(pw);
82 }
83 else if (PyCallable_Check(pw))
84 {
85 cb = global_passphrase_callback;
86 cb_arg = pw;
87 }
88 else
89 {
90 PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
91 return NULL;
92 }
93 }
94
95 bio = BIO_new_mem_buf(buffer, len);
96 switch (type)
97 {
98 case X509_FILETYPE_PEM:
99 pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, cb_arg);
100 break;
101
102 case X509_FILETYPE_ASN1:
103 pkey = d2i_PrivateKey_bio(bio, NULL);
104 break;
105
106 default:
107 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
108 BIO_free(bio);
109 return NULL;
110 }
111 BIO_free(bio);
112
113 if (pkey == NULL)
114 {
115 exception_from_error_queue();
116 return NULL;
117 }
118
119 return (PyObject *)crypto_PKey_New(pkey, 1);
120}
121
122static char crypto_dump_privatekey_doc[] = "\n\
123Dump a private key to a buffer\n\
124\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]125@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
126@param pkey: The PKey to dump\n\
127@param cipher: (optional) if encrypted PEM format, the cipher to\n\
128 use\n\
129@param passphrase - (optional) if encrypted PEM format, this can be either\n\
130 the passphrase to use, or a callback for providing the\n\
131 passphrase.\n\
132@return: The buffer with the dumped key in\n\
133@rtype: C{str}\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]134";
135
136static PyObject *
137crypto_dump_privatekey(PyObject *spam, PyObject *args)
138{
139 int type, ret, buf_len;
140 char *temp;
141 PyObject *buffer;
142 char *cipher_name = NULL;
143 const EVP_CIPHER *cipher = NULL;
144 PyObject *pw = NULL;
145 pem_password_cb *cb = NULL;
146 void *cb_arg = NULL;
147 BIO *bio;
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]148 RSA *rsa;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]149 crypto_PKeyObj *pkey;
150
151 if (!PyArg_ParseTuple(args, "iO!|sO:dump_privatekey", &type,
152 &crypto_PKey_Type, &pkey, &cipher_name, &pw))
153 return NULL;
154
155 if (cipher_name != NULL && pw == NULL)
156 {
157 PyErr_SetString(PyExc_ValueError, "Illegal number of arguments");
158 return NULL;
159 }
160 if (cipher_name != NULL)
161 {
162 cipher = EVP_get_cipherbyname(cipher_name);
163 if (cipher == NULL)
164 {
165 PyErr_SetString(PyExc_ValueError, "Invalid cipher name");
166 return NULL;
167 }
168 if (PyString_Check(pw))
169 {
170 cb = NULL;
171 cb_arg = PyString_AsString(pw);
172 }
173 else if (PyCallable_Check(pw))
174 {
175 cb = global_passphrase_callback;
176 cb_arg = pw;
177 }
178 else
179 {
180 PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
181 return NULL;
182 }
183 }
184
185 bio = BIO_new(BIO_s_mem());
186 switch (type)
187 {
188 case X509_FILETYPE_PEM:
189 ret = PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_arg);
190 if (PyErr_Occurred())
191 {
192 BIO_free(bio);
193 return NULL;
194 }
195 break;
196
197 case X509_FILETYPE_ASN1:
198 ret = i2d_PrivateKey_bio(bio, pkey->pkey);
199 break;
200
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]201 case X509_FILETYPE_TEXT:
202 rsa = EVP_PKEY_get1_RSA(pkey->pkey);
203 ret = RSA_print(bio, rsa, 0);
204 RSA_free(rsa);
205 break;
206
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]207 default:
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]208 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]209 BIO_free(bio);
210 return NULL;
211 }
212
213 if (ret == 0)
214 {
215 BIO_free(bio);
216 exception_from_error_queue();
217 return NULL;
218 }
219
220 buf_len = BIO_get_mem_data(bio, &temp);
221 buffer = PyString_FromStringAndSize(temp, buf_len);
222 BIO_free(bio);
223
224 return buffer;
225}
226
227static char crypto_load_certificate_doc[] = "\n\
228Load a certificate from a buffer\n\
229\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]230@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]231 buffer - The buffer the certificate is stored in\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]232@return: The X509 object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]233";
234
235static PyObject *
236crypto_load_certificate(PyObject *spam, PyObject *args)
237{
238 crypto_X509Obj *crypto_X509_New(X509 *, int);
239 int type, len;
240 char *buffer;
241 BIO *bio;
242 X509 *cert;
243
244 if (!PyArg_ParseTuple(args, "is#:load_certificate", &type, &buffer, &len))
245 return NULL;
246
247 bio = BIO_new_mem_buf(buffer, len);
248 switch (type)
249 {
250 case X509_FILETYPE_PEM:
251 cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
252 break;
253
254 case X509_FILETYPE_ASN1:
255 cert = d2i_X509_bio(bio, NULL);
256 break;
257
258 default:
259 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
260 BIO_free(bio);
261 return NULL;
262 }
263 BIO_free(bio);
264
265 if (cert == NULL)
266 {
267 exception_from_error_queue();
268 return NULL;
269 }
270
271 return (PyObject *)crypto_X509_New(cert, 1);
272}
273
274static char crypto_dump_certificate_doc[] = "\n\
275Dump a certificate to a buffer\n\
276\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]277@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
278@param cert: The certificate to dump\n\
279@return: The buffer with the dumped certificate in\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]280";
281
282static PyObject *
283crypto_dump_certificate(PyObject *spam, PyObject *args)
284{
285 int type, ret, buf_len;
286 char *temp;
287 PyObject *buffer;
288 BIO *bio;
289 crypto_X509Obj *cert;
290
291 if (!PyArg_ParseTuple(args, "iO!:dump_certificate", &type,
292 &crypto_X509_Type, &cert))
293 return NULL;
294
295 bio = BIO_new(BIO_s_mem());
296 switch (type)
297 {
298 case X509_FILETYPE_PEM:
299 ret = PEM_write_bio_X509(bio, cert->x509);
300 break;
301
302 case X509_FILETYPE_ASN1:
303 ret = i2d_X509_bio(bio, cert->x509);
304 break;
305
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]306 case X509_FILETYPE_TEXT:
307 ret = X509_print_ex(bio, cert->x509, 0, 0);
308 break;
309
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]310 default:
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]311 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]312 BIO_free(bio);
313 return NULL;
314 }
315
316 if (ret == 0)
317 {
318 BIO_free(bio);
319 exception_from_error_queue();
320 return NULL;
321 }
322
323 buf_len = BIO_get_mem_data(bio, &temp);
324 buffer = PyString_FromStringAndSize(temp, buf_len);
325 BIO_free(bio);
326
327 return buffer;
328}
329
330static char crypto_load_certificate_request_doc[] = "\n\
331Load a certificate request from a buffer\n\
332\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]333@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]334 buffer - The buffer the certificate request is stored in\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]335@return: The X509Req object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]336";
337
338static PyObject *
339crypto_load_certificate_request(PyObject *spam, PyObject *args)
340{
341 crypto_X509ReqObj *crypto_X509Req_New(X509_REQ *, int);
342 int type, len;
343 char *buffer;
344 BIO *bio;
345 X509_REQ *req;
346
347 if (!PyArg_ParseTuple(args, "is#:load_certificate_request", &type, &buffer, &len))
348 return NULL;
349
350 bio = BIO_new_mem_buf(buffer, len);
351 switch (type)
352 {
353 case X509_FILETYPE_PEM:
354 req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL);
355 break;
356
357 case X509_FILETYPE_ASN1:
358 req = d2i_X509_REQ_bio(bio, NULL);
359 break;
360
361 default:
362 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
363 BIO_free(bio);
364 return NULL;
365 }
366 BIO_free(bio);
367
368 if (req == NULL)
369 {
370 exception_from_error_queue();
371 return NULL;
372 }
373
374 return (PyObject *)crypto_X509Req_New(req, 1);
375}
376
377static char crypto_dump_certificate_request_doc[] = "\n\
378Dump a certificate request to a buffer\n\
379\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]380@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]381 req - The certificate request to dump\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]382@return: The buffer with the dumped certificate request in\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]383";
384
385static PyObject *
386crypto_dump_certificate_request(PyObject *spam, PyObject *args)
387{
388 int type, ret, buf_len;
389 char *temp;
390 PyObject *buffer;
391 BIO *bio;
392 crypto_X509ReqObj *req;
393
394 if (!PyArg_ParseTuple(args, "iO!:dump_certificate_request", &type,
395 &crypto_X509Req_Type, &req))
396 return NULL;
397
398 bio = BIO_new(BIO_s_mem());
399 switch (type)
400 {
401 case X509_FILETYPE_PEM:
402 ret = PEM_write_bio_X509_REQ(bio, req->x509_req);
403 break;
404
405 case X509_FILETYPE_ASN1:
406 ret = i2d_X509_REQ_bio(bio, req->x509_req);
407 break;
408
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]409 case X509_FILETYPE_TEXT:
410 ret = X509_REQ_print_ex(bio, req->x509_req, 0, 0);
411 break;
412
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]413 default:
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]414 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]415 BIO_free(bio);
416 return NULL;
417 }
418
419 if (ret == 0)
420 {
421 BIO_free(bio);
422 exception_from_error_queue();
423 return NULL;
424 }
425
426 buf_len = BIO_get_mem_data(bio, &temp);
427 buffer = PyString_FromStringAndSize(temp, buf_len);
428 BIO_free(bio);
429
430 return buffer;
431}
432
433static char crypto_load_pkcs7_data_doc[] = "\n\
434Load pkcs7 data from a buffer\n\
435\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]436@param type: The file type (one of FILETYPE_PEM or FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]437 buffer - The buffer with the pkcs7 data.\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]438@return: The PKCS7 object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]439";
440
441static PyObject *
442crypto_load_pkcs7_data(PyObject *spam, PyObject *args)
443{
444 int type, len;
445 char *buffer;
446 BIO *bio;
447 PKCS7 *pkcs7 = NULL;
448
449 if (!PyArg_ParseTuple(args, "is#:load_pkcs7_data", &type, &buffer, &len))
450 return NULL;
451
452 /*
453 * Try to read the pkcs7 data from the bio
454 */
455 bio = BIO_new_mem_buf(buffer, len);
456 switch (type)
457 {
458 case X509_FILETYPE_PEM:
459 pkcs7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL);
460 break;
461
462 case X509_FILETYPE_ASN1:
463 pkcs7 = d2i_PKCS7_bio(bio, NULL);
464 break;
465
466 default:
467 PyErr_SetString(PyExc_ValueError,
468 "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
469 return NULL;
470 }
471 BIO_free(bio);
472
473 /*
474 * Check if we got a PKCS7 structure
475 */
476 if (pkcs7 == NULL)
477 {
478 exception_from_error_queue();
479 return NULL;
480 }
481
482 return (PyObject *)crypto_PKCS7_New(pkcs7, 1);
483}
484
485static char crypto_load_pkcs12_doc[] = "\n\
486Load a PKCS12 object from a buffer\n\
487\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]488@param buffer: The buffer the certificate is stored in\n\
489 passphrase (Optional) - The password to decrypt the PKCS12 lump\n\
490@returns: The PKCS12 object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]491";
492
493static PyObject *
494crypto_load_pkcs12(PyObject *spam, PyObject *args)
495{
496 crypto_PKCS12Obj *crypto_PKCS12_New(PKCS12 *, char *);
497 int len;
498 char *buffer, *passphrase = NULL;
499 BIO *bio;
500 PKCS12 *p12;
501
502 if (!PyArg_ParseTuple(args, "s#|s:load_pkcs12", &buffer, &len, &passphrase))
503 return NULL;
504
505 bio = BIO_new_mem_buf(buffer, len);
506 if ((p12 = d2i_PKCS12_bio(bio, NULL)) == NULL)
507 {
508 BIO_free(bio);
509 exception_from_error_queue();
510 return NULL;
511 }
512 BIO_free(bio);
513
514 return (PyObject *)crypto_PKCS12_New(p12, passphrase);
515}
516
517
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]518static char crypto_X509Name_doc[] = "\n\
519The factory function inserted in the module dictionary as a copy\n\
520constructor for X509Name objects.\n\
521\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]522@param name: An X509Name object to copy\n\
523@return: The X509Name object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]524";
525
526static PyObject *
527crypto_X509Name(PyObject *spam, PyObject *args)
528{
529 crypto_X509NameObj *name;
530
531 if (!PyArg_ParseTuple(args, "O!:X509Name", &crypto_X509Name_Type, &name))
532 return NULL;
533
534 return (PyObject *)crypto_X509Name_New(X509_NAME_dup(name->x509_name), 1);
535}
536
537static char crypto_X509Req_doc[] = "\n\
538The factory function inserted in the module dictionary to create X509Req\n\
539objects\n\
540\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]541@returns: The X509Req object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]542";
543
544static PyObject *
545crypto_X509Req(PyObject *spam, PyObject *args)
546{
547 if (!PyArg_ParseTuple(args, ":X509Req"))
548 return NULL;
549
550 return (PyObject *)crypto_X509Req_New(X509_REQ_new(), 1);
551}
552
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]553
554static char crypto_X509Extension_doc[] = "\n\
555The factory function inserted in the module dictionary to create\n\
556X509Extension objects.\n\
557\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]558@param typename: The name of the extension to create.\n\
559@type typename: C{str}\n\
560@param critical: A flag indicating whether this is a critical extension.\n\
561@param value: The value of the extension.\n\
562@type value: C{str}\n\
563@return: The X509Extension object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]564";
565
566static PyObject *
567crypto_X509Extension(PyObject *spam, PyObject *args)
568{
569 char *type_name, *value;
570 int critical;
571
572 if (!PyArg_ParseTuple(args, "sis:X509Extension", &type_name, &critical,
573 &value))
574 return NULL;
575
576 return (PyObject *)crypto_X509Extension_New(type_name, critical, value);
577}
578
579static char crypto_NetscapeSPKI_doc[] = "\n\
580The factory function inserted in the module dictionary to create NetscapeSPKI\n\
581objects\n\
582\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]583@param enc: Base64 encoded NetscapeSPKI object.\n\
584@type enc: C{str}\n\
585@return: The NetscapeSPKI object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]586";
587
588static PyObject *
589crypto_NetscapeSPKI(PyObject *spam, PyObject *args)
590{
591 char *enc = NULL;
592 int enc_len = -1;
593 NETSCAPE_SPKI *spki;
594
595 if (!PyArg_ParseTuple(args, "|s#:NetscapeSPKI", &enc, &enc_len))
596 return NULL;
597
598 if (enc_len >= 0)
599 spki = NETSCAPE_SPKI_b64_decode(enc, enc_len);
600 else
601 spki = NETSCAPE_SPKI_new();
602 if (spki == NULL)
603 {
604 exception_from_error_queue();
605 return NULL;
606 }
607 return (PyObject *)crypto_NetscapeSPKI_New(spki, 1);
608}
609
Jean-Paul Calderone7df40db2008-03-03 15:12:42 -0500[diff] [blame]610static char crypto_X509_verify_cert_error_string_doc[] = "\n\
611Get X509 verify certificate error string.\n\
612\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]613@param errnum: The error number.\n\
614@return: Error string as a Python string\n\
Jean-Paul Calderone7df40db2008-03-03 15:12:42 -0500[diff] [blame]615";
616
617static PyObject *
618crypto_X509_verify_cert_error_string(PyObject *spam, PyObject *args)
619{
620 int errnum;
621 const char *str;
622
623 if (!PyArg_ParseTuple(args, "i", &errnum))
624 return NULL;
625
626 str = X509_verify_cert_error_string(errnum);
627 return PyString_FromString(str);
628}
629
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]630/* Methods in the OpenSSL.crypto module (i.e. none) */
631static PyMethodDef crypto_methods[] = {
632 /* Module functions */
633 { "load_privatekey", (PyCFunction)crypto_load_privatekey, METH_VARARGS, crypto_load_privatekey_doc },
634 { "dump_privatekey", (PyCFunction)crypto_dump_privatekey, METH_VARARGS, crypto_dump_privatekey_doc },
635 { "load_certificate", (PyCFunction)crypto_load_certificate, METH_VARARGS, crypto_load_certificate_doc },
636 { "dump_certificate", (PyCFunction)crypto_dump_certificate, METH_VARARGS, crypto_dump_certificate_doc },
637 { "load_certificate_request", (PyCFunction)crypto_load_certificate_request, METH_VARARGS, crypto_load_certificate_request_doc },
638 { "dump_certificate_request", (PyCFunction)crypto_dump_certificate_request, METH_VARARGS, crypto_dump_certificate_request_doc },
639 { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc },
640 { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc },
641 /* Factory functions */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]642 { "X509Name",(PyCFunction)crypto_X509Name,METH_VARARGS, crypto_X509Name_doc },
643 { "X509Req", (PyCFunction)crypto_X509Req, METH_VARARGS, crypto_X509Req_doc },
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]644 { "X509Extension", (PyCFunction)crypto_X509Extension, METH_VARARGS, crypto_X509Extension_doc },
645 { "NetscapeSPKI", (PyCFunction)crypto_NetscapeSPKI, METH_VARARGS, crypto_NetscapeSPKI_doc },
Jean-Paul Calderone7df40db2008-03-03 15:12:42 -0500[diff] [blame]646 { "X509_verify_cert_error_string", (PyCFunction)crypto_X509_verify_cert_error_string, METH_VARARGS, crypto_X509_verify_cert_error_string_doc },
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]647 { NULL, NULL }
648};
649
Jean-Paul Calderoneaea5d902008-04-26 19:53:39 -0400[diff] [blame]650
651#ifdef WITH_THREAD
652
653#include <pythread.h>
654
655/**
656 * This array will store all of the mutexes available to OpenSSL.
657 */
658static PyThread_type_lock *mutex_buf = NULL;
659
660
661/**
662 * Callback function supplied to OpenSSL to acquire or release a lock.
663 *
664 */
665static void locking_function(int mode, int n, const char * file, int line) {
666 if (mode & CRYPTO_LOCK) {
667 PyThread_acquire_lock(mutex_buf[n], WAIT_LOCK);
668 } else {
669 PyThread_release_lock(mutex_buf[n]);
670 }
671}
672
673
674/**
675 * Initialize OpenSSL for use from multiple threads.
676 *
677 * Returns: 0 if initialization fails, 1 otherwise.
678 */
679static int init_openssl_threads(void) {
680 int i;
681
682 mutex_buf = (PyThread_type_lock *)malloc(
683 CRYPTO_num_locks() * sizeof(PyThread_type_lock));
684 if (!mutex_buf) {
685 return 0;
686 }
687 for (i = 0; i < CRYPTO_num_locks(); ++i) {
688 mutex_buf[i] = PyThread_allocate_lock();
689 }
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]690 CRYPTO_set_id_callback((unsigned long (*)(void))PyThread_get_thread_ident);
Jean-Paul Calderoneaea5d902008-04-26 19:53:39 -0400[diff] [blame]691 CRYPTO_set_locking_callback(locking_function);
692 return 1;
693}
694
695/* /\** */
696/* * Clean up after OpenSSL thread initialization. */
697/* *\/ */
698/* static int deinit_openssl_threads() { */
699/* int i; */
700
701/* if (!mutex_buf) { */
702/* return 0; */
703/* } */
704/* CRYPTO_set_id_callback(NULL); */
705/* CRYPTO_set_locking_callback(NULL); */
706/* for (i = 0; i < CRYPTO_num_locks(); i++) { */
707/* PyThread_free_lock(mutex_buf[i]); */
708/* } */
709/* free(mutex_buf); */
710/* mutex_buf = NULL; */
711/* return 1; */
712/* } */
713
714#endif
715
716
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]717/*
718 * Initialize crypto sub module
719 *
720 * Arguments: None
721 * Returns: None
722 */
723void
724initcrypto(void)
725{
726 static void *crypto_API[crypto_API_pointers];
727 PyObject *c_api_object;
728 PyObject *module, *dict;
729
730 ERR_load_crypto_strings();
731 OpenSSL_add_all_algorithms();
732
733 if ((module = Py_InitModule3("crypto", crypto_methods, crypto_doc)) == NULL)
734 return;
735
736 /* Initialize the C API pointer array */
737 crypto_API[crypto_X509_New_NUM] = (void *)crypto_X509_New;
738 crypto_API[crypto_X509Name_New_NUM] = (void *)crypto_X509Name_New;
739 crypto_API[crypto_X509Req_New_NUM] = (void *)crypto_X509Req_New;
740 crypto_API[crypto_X509Store_New_NUM] = (void *)crypto_X509Store_New;
741 crypto_API[crypto_PKey_New_NUM] = (void *)crypto_PKey_New;
742 crypto_API[crypto_X509Extension_New_NUM] = (void *)crypto_X509Extension_New;
743 crypto_API[crypto_PKCS7_New_NUM] = (void *)crypto_PKCS7_New;
744 crypto_API[crypto_NetscapeSPKI_New_NUM] = (void *)crypto_NetscapeSPKI_New;
745 c_api_object = PyCObject_FromVoidPtr((void *)crypto_API, NULL);
746 if (c_api_object != NULL)
747 PyModule_AddObject(module, "_C_API", c_api_object);
748
749 crypto_Error = PyErr_NewException("OpenSSL.crypto.Error", NULL, NULL);
750 if (crypto_Error == NULL)
751 goto error;
752 if (PyModule_AddObject(module, "Error", crypto_Error) != 0)
753 goto error;
754
755 PyModule_AddIntConstant(module, "FILETYPE_PEM", X509_FILETYPE_PEM);
756 PyModule_AddIntConstant(module, "FILETYPE_ASN1", X509_FILETYPE_ASN1);
Rick Dean5b7b6372009-04-01 11:34:06 -0500[diff] [blame]757 PyModule_AddIntConstant(module, "FILETYPE_TEXT", X509_FILETYPE_TEXT);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]758
759 PyModule_AddIntConstant(module, "TYPE_RSA", crypto_TYPE_RSA);
760 PyModule_AddIntConstant(module, "TYPE_DSA", crypto_TYPE_DSA);
761
762 dict = PyModule_GetDict(module);
Jean-Paul Calderoneaea5d902008-04-26 19:53:39 -0400[diff] [blame]763#ifdef WITH_THREAD
764 if (!init_openssl_threads())
765 goto error;
766#endif
Jean-Paul Calderone2e1da572009-06-27 10:44:00 -0400[diff] [blame]767 if (!init_crypto_x509(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]768 goto error;
769 if (!init_crypto_x509name(dict))
770 goto error;
771 if (!init_crypto_x509store(dict))
772 goto error;
773 if (!init_crypto_x509req(dict))
774 goto error;
Jean-Paul Calderone2e1da572009-06-27 10:44:00 -0400[diff] [blame]775 if (!init_crypto_pkey(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]776 goto error;
777 if (!init_crypto_x509extension(dict))
778 goto error;
779 if (!init_crypto_pkcs7(dict))
780 goto error;
781 if (!init_crypto_pkcs12(dict))
782 goto error;
783 if (!init_crypto_netscape_spki(dict))
784 goto error;
785
786error:
787 ;
788}
789