Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 1 | /* |
| 2 | * crypto.c |
| 3 | * |
Jean-Paul Calderone | 8671c85 | 2011-03-02 19:26:20 -0500 | [diff] [blame] | 4 | * Copyright (C) AB Strakt |
| 5 | * Copyright (C) Keyphrene |
| 6 | * Copyright (C) Jean-Paul Calderone |
| 7 | * See LICENSE for details. |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 8 | * |
| 9 | * Main file of crypto sub module. |
| 10 | * See the file RATIONALE for a short explanation of why this module was written. |
| 11 | * |
| 12 | * Reviewed 2001-07-23 |
| 13 | */ |
| 14 | #include <Python.h> |
| 15 | #define crypto_MODULE |
| 16 | #include "crypto.h" |
Rick Dean | 623ee36 | 2009-07-17 12:22:16 -0500 | [diff] [blame] | 17 | #include "pkcs12.h" |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 18 | |
| 19 | static char crypto_doc[] = "\n\ |
| 20 | Main file of crypto sub module.\n\ |
| 21 | See the file RATIONALE for a short explanation of why this module was written.\n\ |
| 22 | "; |
| 23 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 24 | void **ssl_API; |
| 25 | |
| 26 | PyObject *crypto_Error; |
| 27 | |
Jean-Paul Calderone | 7b643a9 | 2010-08-28 14:40:58 -0400 | [diff] [blame] | 28 | int crypto_byte_converter(PyObject *input, void* output) { |
| 29 | char **message = output; |
| 30 | if (input == Py_None) { |
| 31 | *message = NULL; |
| 32 | } else if (PyBytes_CheckExact(input)) { |
| 33 | *message = PyBytes_AsString(input); |
| 34 | } else { |
| 35 | return 0; |
| 36 | } |
| 37 | return 1; |
| 38 | } |
| 39 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 40 | static int |
| 41 | global_passphrase_callback(char *buf, int len, int rwflag, void *cb_arg) |
| 42 | { |
| 43 | PyObject *func, *argv, *ret; |
| 44 | int nchars; |
| 45 | |
| 46 | func = (PyObject *)cb_arg; |
| 47 | argv = Py_BuildValue("(i)", rwflag); |
| 48 | ret = PyEval_CallObject(func, argv); |
| 49 | Py_DECREF(argv); |
| 50 | if (ret == NULL) |
| 51 | return 0; |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 52 | if (!PyBytes_Check(ret)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 53 | { |
| 54 | PyErr_SetString(PyExc_ValueError, "String expected"); |
| 55 | return 0; |
| 56 | } |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 57 | nchars = PyBytes_Size(ret); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 58 | if (nchars > len) |
| 59 | nchars = len; |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 60 | strncpy(buf, PyBytes_AsString(ret), nchars); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 61 | return nchars; |
| 62 | } |
| 63 | |
| 64 | static char crypto_load_privatekey_doc[] = "\n\ |
| 65 | Load a private key from a buffer\n\ |
| 66 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 67 | :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\ |
| 68 | :param buffer: The buffer the key is stored in\n\ |
| 69 | :param passphrase: (optional) if encrypted PEM format, this can be\n\ |
Jean-Paul Calderone | 54bcc83 | 2009-05-27 14:06:48 -0400 | [diff] [blame] | 70 | either the passphrase to use, or a callback for\n\ |
| 71 | providing the passphrase.\n\ |
| 72 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 73 | :return: The PKey object\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 74 | "; |
| 75 | |
| 76 | static PyObject * |
| 77 | crypto_load_privatekey(PyObject *spam, PyObject *args) |
| 78 | { |
| 79 | crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int); |
| 80 | int type, len; |
| 81 | char *buffer; |
| 82 | PyObject *pw = NULL; |
| 83 | pem_password_cb *cb = NULL; |
| 84 | void *cb_arg = NULL; |
| 85 | BIO *bio; |
| 86 | EVP_PKEY *pkey; |
| 87 | |
| 88 | if (!PyArg_ParseTuple(args, "is#|O:load_privatekey", &type, &buffer, &len, &pw)) |
| 89 | return NULL; |
| 90 | |
| 91 | if (pw != NULL) |
| 92 | { |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 93 | if (PyBytes_Check(pw)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 94 | { |
| 95 | cb = NULL; |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 96 | cb_arg = PyBytes_AsString(pw); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 97 | } |
| 98 | else if (PyCallable_Check(pw)) |
| 99 | { |
| 100 | cb = global_passphrase_callback; |
| 101 | cb_arg = pw; |
| 102 | } |
| 103 | else |
| 104 | { |
| 105 | PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable"); |
| 106 | return NULL; |
| 107 | } |
| 108 | } |
| 109 | |
| 110 | bio = BIO_new_mem_buf(buffer, len); |
| 111 | switch (type) |
| 112 | { |
| 113 | case X509_FILETYPE_PEM: |
| 114 | pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, cb_arg); |
| 115 | break; |
| 116 | |
| 117 | case X509_FILETYPE_ASN1: |
| 118 | pkey = d2i_PrivateKey_bio(bio, NULL); |
| 119 | break; |
| 120 | |
| 121 | default: |
| 122 | PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1"); |
| 123 | BIO_free(bio); |
| 124 | return NULL; |
| 125 | } |
| 126 | BIO_free(bio); |
| 127 | |
| 128 | if (pkey == NULL) |
| 129 | { |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 130 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 131 | return NULL; |
| 132 | } |
| 133 | |
| 134 | return (PyObject *)crypto_PKey_New(pkey, 1); |
| 135 | } |
| 136 | |
| 137 | static char crypto_dump_privatekey_doc[] = "\n\ |
| 138 | Dump a private key to a buffer\n\ |
| 139 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 140 | :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\ |
| 141 | :param pkey: The PKey to dump\n\ |
| 142 | :param cipher: (optional) if encrypted PEM format, the cipher to\n\ |
Jean-Paul Calderone | 54bcc83 | 2009-05-27 14:06:48 -0400 | [diff] [blame] | 143 | use\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 144 | :param passphrase - (optional) if encrypted PEM format, this can be either\n\ |
Jean-Paul Calderone | 54bcc83 | 2009-05-27 14:06:48 -0400 | [diff] [blame] | 145 | the passphrase to use, or a callback for providing the\n\ |
| 146 | passphrase.\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 147 | :return: The buffer with the dumped key in\n\ |
| 148 | :rtype: C{str}\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 149 | "; |
| 150 | |
| 151 | static PyObject * |
| 152 | crypto_dump_privatekey(PyObject *spam, PyObject *args) |
| 153 | { |
| 154 | int type, ret, buf_len; |
| 155 | char *temp; |
| 156 | PyObject *buffer; |
| 157 | char *cipher_name = NULL; |
| 158 | const EVP_CIPHER *cipher = NULL; |
| 159 | PyObject *pw = NULL; |
| 160 | pem_password_cb *cb = NULL; |
| 161 | void *cb_arg = NULL; |
| 162 | BIO *bio; |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 163 | RSA *rsa; |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 164 | crypto_PKeyObj *pkey; |
| 165 | |
| 166 | if (!PyArg_ParseTuple(args, "iO!|sO:dump_privatekey", &type, |
| 167 | &crypto_PKey_Type, &pkey, &cipher_name, &pw)) |
| 168 | return NULL; |
| 169 | |
| 170 | if (cipher_name != NULL && pw == NULL) |
| 171 | { |
| 172 | PyErr_SetString(PyExc_ValueError, "Illegal number of arguments"); |
| 173 | return NULL; |
| 174 | } |
| 175 | if (cipher_name != NULL) |
| 176 | { |
| 177 | cipher = EVP_get_cipherbyname(cipher_name); |
| 178 | if (cipher == NULL) |
| 179 | { |
| 180 | PyErr_SetString(PyExc_ValueError, "Invalid cipher name"); |
| 181 | return NULL; |
| 182 | } |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 183 | if (PyBytes_Check(pw)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 184 | { |
| 185 | cb = NULL; |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 186 | cb_arg = PyBytes_AsString(pw); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 187 | } |
| 188 | else if (PyCallable_Check(pw)) |
| 189 | { |
| 190 | cb = global_passphrase_callback; |
| 191 | cb_arg = pw; |
| 192 | } |
| 193 | else |
| 194 | { |
| 195 | PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable"); |
| 196 | return NULL; |
| 197 | } |
| 198 | } |
| 199 | |
| 200 | bio = BIO_new(BIO_s_mem()); |
| 201 | switch (type) |
| 202 | { |
| 203 | case X509_FILETYPE_PEM: |
| 204 | ret = PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_arg); |
| 205 | if (PyErr_Occurred()) |
| 206 | { |
| 207 | BIO_free(bio); |
| 208 | return NULL; |
| 209 | } |
| 210 | break; |
| 211 | |
| 212 | case X509_FILETYPE_ASN1: |
| 213 | ret = i2d_PrivateKey_bio(bio, pkey->pkey); |
| 214 | break; |
| 215 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 216 | case X509_FILETYPE_TEXT: |
| 217 | rsa = EVP_PKEY_get1_RSA(pkey->pkey); |
| 218 | ret = RSA_print(bio, rsa, 0); |
| 219 | RSA_free(rsa); |
| 220 | break; |
| 221 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 222 | default: |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 223 | PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT"); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 224 | BIO_free(bio); |
| 225 | return NULL; |
| 226 | } |
| 227 | |
| 228 | if (ret == 0) |
| 229 | { |
| 230 | BIO_free(bio); |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 231 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 232 | return NULL; |
| 233 | } |
| 234 | |
| 235 | buf_len = BIO_get_mem_data(bio, &temp); |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 236 | buffer = PyBytes_FromStringAndSize(temp, buf_len); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 237 | BIO_free(bio); |
| 238 | |
| 239 | return buffer; |
| 240 | } |
| 241 | |
| 242 | static char crypto_load_certificate_doc[] = "\n\ |
| 243 | Load a certificate from a buffer\n\ |
| 244 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 245 | :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 246 | buffer - The buffer the certificate is stored in\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 247 | :return: The X509 object\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 248 | "; |
| 249 | |
| 250 | static PyObject * |
| 251 | crypto_load_certificate(PyObject *spam, PyObject *args) |
| 252 | { |
| 253 | crypto_X509Obj *crypto_X509_New(X509 *, int); |
| 254 | int type, len; |
| 255 | char *buffer; |
| 256 | BIO *bio; |
| 257 | X509 *cert; |
| 258 | |
| 259 | if (!PyArg_ParseTuple(args, "is#:load_certificate", &type, &buffer, &len)) |
| 260 | return NULL; |
| 261 | |
| 262 | bio = BIO_new_mem_buf(buffer, len); |
| 263 | switch (type) |
| 264 | { |
| 265 | case X509_FILETYPE_PEM: |
| 266 | cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); |
| 267 | break; |
| 268 | |
| 269 | case X509_FILETYPE_ASN1: |
| 270 | cert = d2i_X509_bio(bio, NULL); |
| 271 | break; |
| 272 | |
| 273 | default: |
| 274 | PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1"); |
| 275 | BIO_free(bio); |
| 276 | return NULL; |
| 277 | } |
| 278 | BIO_free(bio); |
| 279 | |
| 280 | if (cert == NULL) |
| 281 | { |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 282 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 283 | return NULL; |
| 284 | } |
| 285 | |
| 286 | return (PyObject *)crypto_X509_New(cert, 1); |
| 287 | } |
| 288 | |
| 289 | static char crypto_dump_certificate_doc[] = "\n\ |
| 290 | Dump a certificate to a buffer\n\ |
| 291 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 292 | :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\ |
| 293 | :param cert: The certificate to dump\n\ |
| 294 | :return: The buffer with the dumped certificate in\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 295 | "; |
| 296 | |
| 297 | static PyObject * |
| 298 | crypto_dump_certificate(PyObject *spam, PyObject *args) |
| 299 | { |
| 300 | int type, ret, buf_len; |
| 301 | char *temp; |
| 302 | PyObject *buffer; |
| 303 | BIO *bio; |
| 304 | crypto_X509Obj *cert; |
| 305 | |
| 306 | if (!PyArg_ParseTuple(args, "iO!:dump_certificate", &type, |
| 307 | &crypto_X509_Type, &cert)) |
| 308 | return NULL; |
| 309 | |
| 310 | bio = BIO_new(BIO_s_mem()); |
| 311 | switch (type) |
| 312 | { |
| 313 | case X509_FILETYPE_PEM: |
| 314 | ret = PEM_write_bio_X509(bio, cert->x509); |
| 315 | break; |
| 316 | |
| 317 | case X509_FILETYPE_ASN1: |
| 318 | ret = i2d_X509_bio(bio, cert->x509); |
| 319 | break; |
| 320 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 321 | case X509_FILETYPE_TEXT: |
| 322 | ret = X509_print_ex(bio, cert->x509, 0, 0); |
| 323 | break; |
| 324 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 325 | default: |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 326 | PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT"); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 327 | BIO_free(bio); |
| 328 | return NULL; |
| 329 | } |
| 330 | |
| 331 | if (ret == 0) |
| 332 | { |
| 333 | BIO_free(bio); |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 334 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 335 | return NULL; |
| 336 | } |
| 337 | |
| 338 | buf_len = BIO_get_mem_data(bio, &temp); |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 339 | buffer = PyBytes_FromStringAndSize(temp, buf_len); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 340 | BIO_free(bio); |
| 341 | |
| 342 | return buffer; |
| 343 | } |
| 344 | |
| 345 | static char crypto_load_certificate_request_doc[] = "\n\ |
| 346 | Load a certificate request from a buffer\n\ |
| 347 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 348 | :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 349 | buffer - The buffer the certificate request is stored in\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 350 | :return: The X509Req object\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 351 | "; |
| 352 | |
| 353 | static PyObject * |
| 354 | crypto_load_certificate_request(PyObject *spam, PyObject *args) |
| 355 | { |
| 356 | crypto_X509ReqObj *crypto_X509Req_New(X509_REQ *, int); |
| 357 | int type, len; |
| 358 | char *buffer; |
| 359 | BIO *bio; |
| 360 | X509_REQ *req; |
| 361 | |
| 362 | if (!PyArg_ParseTuple(args, "is#:load_certificate_request", &type, &buffer, &len)) |
| 363 | return NULL; |
| 364 | |
| 365 | bio = BIO_new_mem_buf(buffer, len); |
| 366 | switch (type) |
| 367 | { |
| 368 | case X509_FILETYPE_PEM: |
| 369 | req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL); |
| 370 | break; |
| 371 | |
| 372 | case X509_FILETYPE_ASN1: |
| 373 | req = d2i_X509_REQ_bio(bio, NULL); |
| 374 | break; |
| 375 | |
| 376 | default: |
| 377 | PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1"); |
| 378 | BIO_free(bio); |
| 379 | return NULL; |
| 380 | } |
| 381 | BIO_free(bio); |
| 382 | |
| 383 | if (req == NULL) |
| 384 | { |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 385 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 386 | return NULL; |
| 387 | } |
| 388 | |
| 389 | return (PyObject *)crypto_X509Req_New(req, 1); |
| 390 | } |
| 391 | |
| 392 | static char crypto_dump_certificate_request_doc[] = "\n\ |
| 393 | Dump a certificate request to a buffer\n\ |
| 394 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 395 | :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 396 | req - The certificate request to dump\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 397 | :return: The buffer with the dumped certificate request in\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 398 | "; |
| 399 | |
| 400 | static PyObject * |
| 401 | crypto_dump_certificate_request(PyObject *spam, PyObject *args) |
| 402 | { |
| 403 | int type, ret, buf_len; |
| 404 | char *temp; |
| 405 | PyObject *buffer; |
| 406 | BIO *bio; |
| 407 | crypto_X509ReqObj *req; |
| 408 | |
| 409 | if (!PyArg_ParseTuple(args, "iO!:dump_certificate_request", &type, |
| 410 | &crypto_X509Req_Type, &req)) |
| 411 | return NULL; |
| 412 | |
| 413 | bio = BIO_new(BIO_s_mem()); |
| 414 | switch (type) |
| 415 | { |
| 416 | case X509_FILETYPE_PEM: |
| 417 | ret = PEM_write_bio_X509_REQ(bio, req->x509_req); |
| 418 | break; |
| 419 | |
| 420 | case X509_FILETYPE_ASN1: |
| 421 | ret = i2d_X509_REQ_bio(bio, req->x509_req); |
| 422 | break; |
| 423 | |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 424 | case X509_FILETYPE_TEXT: |
| 425 | ret = X509_REQ_print_ex(bio, req->x509_req, 0, 0); |
| 426 | break; |
| 427 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 428 | default: |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 429 | PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT"); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 430 | BIO_free(bio); |
| 431 | return NULL; |
| 432 | } |
| 433 | |
| 434 | if (ret == 0) |
| 435 | { |
| 436 | BIO_free(bio); |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 437 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 438 | return NULL; |
| 439 | } |
| 440 | |
| 441 | buf_len = BIO_get_mem_data(bio, &temp); |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 442 | buffer = PyBytes_FromStringAndSize(temp, buf_len); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 443 | BIO_free(bio); |
| 444 | |
| 445 | return buffer; |
| 446 | } |
| 447 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 448 | static char crypto_load_crl_doc[] = "\n\ |
| 449 | Load a certificate revocation list from a buffer\n\ |
| 450 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 451 | :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\ |
| 452 | :param buffer: The buffer the CRL is stored in\n\ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 453 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 454 | :return: The PKey object\n\ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 455 | "; |
| 456 | |
| 457 | static PyObject * |
Jean-Paul Calderone | 03ae4d3 | 2010-05-24 18:04:59 -0400 | [diff] [blame] | 458 | crypto_load_crl(PyObject *spam, PyObject *args) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 459 | int type, len; |
| 460 | char *buffer; |
| 461 | BIO *bio; |
| 462 | X509_CRL *crl; |
| 463 | |
Jean-Paul Calderone | 03ae4d3 | 2010-05-24 18:04:59 -0400 | [diff] [blame] | 464 | if (!PyArg_ParseTuple(args, "is#:load_crl", &type, &buffer, &len)) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 465 | return NULL; |
Jean-Paul Calderone | 03ae4d3 | 2010-05-24 18:04:59 -0400 | [diff] [blame] | 466 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 467 | |
| 468 | bio = BIO_new_mem_buf(buffer, len); |
Jean-Paul Calderone | 03ae4d3 | 2010-05-24 18:04:59 -0400 | [diff] [blame] | 469 | switch (type) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 470 | case X509_FILETYPE_PEM: |
| 471 | crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL); |
| 472 | break; |
| 473 | |
| 474 | case X509_FILETYPE_ASN1: |
| 475 | crl = d2i_X509_CRL_bio(bio, NULL); |
| 476 | break; |
| 477 | |
| 478 | default: |
| 479 | PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1"); |
| 480 | BIO_free(bio); |
| 481 | return NULL; |
| 482 | } |
| 483 | BIO_free(bio); |
| 484 | |
Jean-Paul Calderone | 03ae4d3 | 2010-05-24 18:04:59 -0400 | [diff] [blame] | 485 | if (crl == NULL) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 486 | exception_from_error_queue(crypto_Error); |
| 487 | return NULL; |
| 488 | } |
| 489 | |
| 490 | return (PyObject *)crypto_CRL_New(crl); |
| 491 | } |
| 492 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 493 | static char crypto_load_pkcs7_data_doc[] = "\n\ |
| 494 | Load pkcs7 data from a buffer\n\ |
| 495 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 496 | :param type: The file type (one of FILETYPE_PEM or FILETYPE_ASN1)\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 497 | buffer - The buffer with the pkcs7 data.\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 498 | :return: The PKCS7 object\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 499 | "; |
| 500 | |
| 501 | static PyObject * |
| 502 | crypto_load_pkcs7_data(PyObject *spam, PyObject *args) |
| 503 | { |
| 504 | int type, len; |
| 505 | char *buffer; |
| 506 | BIO *bio; |
| 507 | PKCS7 *pkcs7 = NULL; |
| 508 | |
| 509 | if (!PyArg_ParseTuple(args, "is#:load_pkcs7_data", &type, &buffer, &len)) |
| 510 | return NULL; |
| 511 | |
| 512 | /* |
| 513 | * Try to read the pkcs7 data from the bio |
| 514 | */ |
| 515 | bio = BIO_new_mem_buf(buffer, len); |
| 516 | switch (type) |
| 517 | { |
| 518 | case X509_FILETYPE_PEM: |
| 519 | pkcs7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL); |
| 520 | break; |
| 521 | |
| 522 | case X509_FILETYPE_ASN1: |
| 523 | pkcs7 = d2i_PKCS7_bio(bio, NULL); |
| 524 | break; |
| 525 | |
| 526 | default: |
| 527 | PyErr_SetString(PyExc_ValueError, |
| 528 | "type argument must be FILETYPE_PEM or FILETYPE_ASN1"); |
| 529 | return NULL; |
| 530 | } |
| 531 | BIO_free(bio); |
| 532 | |
| 533 | /* |
| 534 | * Check if we got a PKCS7 structure |
| 535 | */ |
| 536 | if (pkcs7 == NULL) |
| 537 | { |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 538 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 539 | return NULL; |
| 540 | } |
| 541 | |
| 542 | return (PyObject *)crypto_PKCS7_New(pkcs7, 1); |
| 543 | } |
| 544 | |
| 545 | static char crypto_load_pkcs12_doc[] = "\n\ |
| 546 | Load a PKCS12 object from a buffer\n\ |
| 547 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 548 | :param buffer: The buffer the certificate is stored in\n\ |
Jean-Paul Calderone | 54bcc83 | 2009-05-27 14:06:48 -0400 | [diff] [blame] | 549 | passphrase (Optional) - The password to decrypt the PKCS12 lump\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 550 | :returns: The PKCS12 object\n\ |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 551 | "; |
| 552 | |
| 553 | static PyObject * |
| 554 | crypto_load_pkcs12(PyObject *spam, PyObject *args) |
| 555 | { |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 556 | int len; |
| 557 | char *buffer, *passphrase = NULL; |
| 558 | BIO *bio; |
| 559 | PKCS12 *p12; |
| 560 | |
| 561 | if (!PyArg_ParseTuple(args, "s#|s:load_pkcs12", &buffer, &len, &passphrase)) |
| 562 | return NULL; |
| 563 | |
| 564 | bio = BIO_new_mem_buf(buffer, len); |
| 565 | if ((p12 = d2i_PKCS12_bio(bio, NULL)) == NULL) |
| 566 | { |
| 567 | BIO_free(bio); |
Rick Dean | d369c93 | 2009-07-08 11:48:33 -0500 | [diff] [blame] | 568 | exception_from_error_queue(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 569 | return NULL; |
| 570 | } |
| 571 | BIO_free(bio); |
| 572 | |
| 573 | return (PyObject *)crypto_PKCS12_New(p12, passphrase); |
| 574 | } |
| 575 | |
| 576 | |
Jean-Paul Calderone | 7df40db | 2008-03-03 15:12:42 -0500 | [diff] [blame] | 577 | static char crypto_X509_verify_cert_error_string_doc[] = "\n\ |
| 578 | Get X509 verify certificate error string.\n\ |
| 579 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 580 | :param errnum: The error number.\n\ |
| 581 | :return: Error string as a Python string\n\ |
Jean-Paul Calderone | 7df40db | 2008-03-03 15:12:42 -0500 | [diff] [blame] | 582 | "; |
| 583 | |
| 584 | static PyObject * |
| 585 | crypto_X509_verify_cert_error_string(PyObject *spam, PyObject *args) |
| 586 | { |
| 587 | int errnum; |
| 588 | const char *str; |
| 589 | |
| 590 | if (!PyArg_ParseTuple(args, "i", &errnum)) |
| 591 | return NULL; |
| 592 | |
| 593 | str = X509_verify_cert_error_string(errnum); |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 594 | return PyText_FromString(str); |
Jean-Paul Calderone | 7df40db | 2008-03-03 15:12:42 -0500 | [diff] [blame] | 595 | } |
| 596 | |
Jean-Paul Calderone | 1206daf | 2009-07-16 16:07:42 -0400 | [diff] [blame] | 597 | static char crypto_exception_from_error_queue_doc[] = "\n\ |
| 598 | Raise an exception from the current OpenSSL error queue.\n\ |
| 599 | "; |
| 600 | |
| 601 | static PyObject * |
| 602 | crypto_exception_from_error_queue(PyObject *spam, PyObject *eggs) { |
| 603 | exception_from_error_queue(crypto_Error); |
| 604 | return NULL; |
| 605 | } |
| 606 | |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 607 | static char crypto_sign_doc[] = "\n\ |
| 608 | Sign data with a digest\n\ |
| 609 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 610 | :param pkey: Pkey to sign with\n\ |
| 611 | :param data: data to be signed\n\ |
| 612 | :param digest: message digest to use\n\ |
| 613 | :return: signature\n\ |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 614 | "; |
| 615 | |
| 616 | static PyObject * |
Jean-Paul Calderone | 8b37f0a | 2010-06-22 09:43:42 -0400 | [diff] [blame] | 617 | crypto_sign(PyObject *spam, PyObject *args) { |
| 618 | PyObject *buffer; |
| 619 | crypto_PKeyObj *pkey; |
| 620 | char *data = NULL; |
David Brodsky | 5c01977 | 2010-12-07 20:08:50 +0100 | [diff] [blame] | 621 | int data_len; |
Jean-Paul Calderone | 8b37f0a | 2010-06-22 09:43:42 -0400 | [diff] [blame] | 622 | char *digest_name; |
| 623 | int err; |
| 624 | unsigned int sig_len; |
| 625 | const EVP_MD *digest; |
| 626 | EVP_MD_CTX md_ctx; |
| 627 | unsigned char sig_buf[512]; |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 628 | |
Jean-Paul Calderone | 7b643a9 | 2010-08-28 14:40:58 -0400 | [diff] [blame] | 629 | if (!PyArg_ParseTuple( |
David Brodsky | 5c01977 | 2010-12-07 20:08:50 +0100 | [diff] [blame] | 630 | args, "O!" BYTESTRING_FMT "#s:sign", &crypto_PKey_Type, |
| 631 | &pkey, &data, &data_len, &digest_name)) { |
Jean-Paul Calderone | 8b37f0a | 2010-06-22 09:43:42 -0400 | [diff] [blame] | 632 | return NULL; |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 633 | } |
| 634 | |
Jean-Paul Calderone | 8b37f0a | 2010-06-22 09:43:42 -0400 | [diff] [blame] | 635 | if ((digest = EVP_get_digestbyname(digest_name)) == NULL) { |
| 636 | PyErr_SetString(PyExc_ValueError, "No such digest method"); |
| 637 | return NULL; |
| 638 | } |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 639 | |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 640 | EVP_SignInit(&md_ctx, digest); |
David Brodsky | 5c01977 | 2010-12-07 20:08:50 +0100 | [diff] [blame] | 641 | EVP_SignUpdate(&md_ctx, data, data_len); |
Jean-Paul Calderone | 8b37f0a | 2010-06-22 09:43:42 -0400 | [diff] [blame] | 642 | sig_len = sizeof(sig_buf); |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 643 | err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey->pkey); |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 644 | |
Jean-Paul Calderone | 8b37f0a | 2010-06-22 09:43:42 -0400 | [diff] [blame] | 645 | if (err != 1) { |
| 646 | exception_from_error_queue(crypto_Error); |
| 647 | return NULL; |
| 648 | } |
| 649 | |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 650 | buffer = PyBytes_FromStringAndSize((char*)sig_buf, sig_len); |
Jean-Paul Calderone | 8b37f0a | 2010-06-22 09:43:42 -0400 | [diff] [blame] | 651 | return buffer; |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 652 | } |
| 653 | |
| 654 | static char crypto_verify_doc[] = "\n\ |
| 655 | Verify a signature\n\ |
| 656 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame^] | 657 | :param cert: signing certificate (X509 object)\n\ |
| 658 | :param signature: signature returned by sign function\n\ |
| 659 | :param data: data to be verified\n\ |
| 660 | :param digest: message digest to use\n\ |
| 661 | :return: None if the signature is correct, raise exception otherwise\n\ |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 662 | "; |
| 663 | |
| 664 | static PyObject * |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 665 | crypto_verify(PyObject *spam, PyObject *args) { |
| 666 | crypto_X509Obj *cert; |
| 667 | unsigned char *signature; |
| 668 | int sig_len; |
| 669 | char *data, *digest_name; |
David Brodsky | 5c01977 | 2010-12-07 20:08:50 +0100 | [diff] [blame] | 670 | int data_len; |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 671 | int err; |
| 672 | const EVP_MD *digest; |
| 673 | EVP_MD_CTX md_ctx; |
| 674 | EVP_PKEY *pkey; |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 675 | |
Jean-Paul Calderone | 7b643a9 | 2010-08-28 14:40:58 -0400 | [diff] [blame] | 676 | #ifdef PY3 |
David Brodsky | 5c01977 | 2010-12-07 20:08:50 +0100 | [diff] [blame] | 677 | if (!PyArg_ParseTuple(args, "O!" BYTESTRING_FMT "#" BYTESTRING_FMT "#s:verify", &crypto_X509_Type, &cert, &signature, &sig_len, &data, &data_len, &digest_name)) { |
Jean-Paul Calderone | 7b643a9 | 2010-08-28 14:40:58 -0400 | [diff] [blame] | 678 | #else |
David Brodsky | 5c01977 | 2010-12-07 20:08:50 +0100 | [diff] [blame] | 679 | if (!PyArg_ParseTuple(args, "O!t#s#s:verify", &crypto_X509_Type, &cert, &signature, &sig_len, &data, &data_len, &digest_name)) { |
Jean-Paul Calderone | 7b643a9 | 2010-08-28 14:40:58 -0400 | [diff] [blame] | 680 | #endif |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 681 | return NULL; |
| 682 | } |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 683 | |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 684 | if ((digest = EVP_get_digestbyname(digest_name)) == NULL){ |
| 685 | PyErr_SetString(PyExc_ValueError, "No such digest method"); |
| 686 | return NULL; |
| 687 | } |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 688 | |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 689 | pkey = X509_get_pubkey(cert->x509); |
| 690 | if (pkey == NULL) { |
| 691 | PyErr_SetString(PyExc_ValueError, "No public key"); |
| 692 | return NULL; |
| 693 | } |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 694 | |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 695 | EVP_VerifyInit(&md_ctx, digest); |
David Brodsky | 5c01977 | 2010-12-07 20:08:50 +0100 | [diff] [blame] | 696 | EVP_VerifyUpdate(&md_ctx, data, data_len); |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 697 | err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey); |
| 698 | EVP_PKEY_free(pkey); |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 699 | |
Jean-Paul Calderone | b1fac9f | 2010-06-22 09:44:33 -0400 | [diff] [blame] | 700 | if (err != 1) { |
| 701 | exception_from_error_queue(crypto_Error); |
| 702 | return NULL; |
| 703 | } |
| 704 | |
| 705 | Py_INCREF(Py_None); |
| 706 | return Py_None; |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 707 | } |
Jean-Paul Calderone | 1206daf | 2009-07-16 16:07:42 -0400 | [diff] [blame] | 708 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 709 | /* Methods in the OpenSSL.crypto module (i.e. none) */ |
| 710 | static PyMethodDef crypto_methods[] = { |
| 711 | /* Module functions */ |
| 712 | { "load_privatekey", (PyCFunction)crypto_load_privatekey, METH_VARARGS, crypto_load_privatekey_doc }, |
| 713 | { "dump_privatekey", (PyCFunction)crypto_dump_privatekey, METH_VARARGS, crypto_dump_privatekey_doc }, |
| 714 | { "load_certificate", (PyCFunction)crypto_load_certificate, METH_VARARGS, crypto_load_certificate_doc }, |
| 715 | { "dump_certificate", (PyCFunction)crypto_dump_certificate, METH_VARARGS, crypto_dump_certificate_doc }, |
| 716 | { "load_certificate_request", (PyCFunction)crypto_load_certificate_request, METH_VARARGS, crypto_load_certificate_request_doc }, |
| 717 | { "dump_certificate_request", (PyCFunction)crypto_dump_certificate_request, METH_VARARGS, crypto_dump_certificate_request_doc }, |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 718 | { "load_crl", (PyCFunction)crypto_load_crl, METH_VARARGS, crypto_load_crl_doc }, |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 719 | { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc }, |
| 720 | { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc }, |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 721 | { "sign", (PyCFunction)crypto_sign, METH_VARARGS, crypto_sign_doc }, |
| 722 | { "verify", (PyCFunction)crypto_verify, METH_VARARGS, crypto_verify_doc }, |
Jean-Paul Calderone | 7df40db | 2008-03-03 15:12:42 -0500 | [diff] [blame] | 723 | { "X509_verify_cert_error_string", (PyCFunction)crypto_X509_verify_cert_error_string, METH_VARARGS, crypto_X509_verify_cert_error_string_doc }, |
Jean-Paul Calderone | 1206daf | 2009-07-16 16:07:42 -0400 | [diff] [blame] | 724 | { "_exception_from_error_queue", (PyCFunction)crypto_exception_from_error_queue, METH_NOARGS, crypto_exception_from_error_queue_doc }, |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 725 | { NULL, NULL } |
| 726 | }; |
| 727 | |
Jean-Paul Calderone | aea5d90 | 2008-04-26 19:53:39 -0400 | [diff] [blame] | 728 | |
| 729 | #ifdef WITH_THREAD |
| 730 | |
| 731 | #include <pythread.h> |
| 732 | |
| 733 | /** |
| 734 | * This array will store all of the mutexes available to OpenSSL. |
| 735 | */ |
| 736 | static PyThread_type_lock *mutex_buf = NULL; |
| 737 | |
| 738 | |
| 739 | /** |
| 740 | * Callback function supplied to OpenSSL to acquire or release a lock. |
| 741 | * |
| 742 | */ |
| 743 | static void locking_function(int mode, int n, const char * file, int line) { |
| 744 | if (mode & CRYPTO_LOCK) { |
| 745 | PyThread_acquire_lock(mutex_buf[n], WAIT_LOCK); |
| 746 | } else { |
| 747 | PyThread_release_lock(mutex_buf[n]); |
| 748 | } |
| 749 | } |
| 750 | |
| 751 | |
| 752 | /** |
| 753 | * Initialize OpenSSL for use from multiple threads. |
| 754 | * |
| 755 | * Returns: 0 if initialization fails, 1 otherwise. |
| 756 | */ |
| 757 | static int init_openssl_threads(void) { |
| 758 | int i; |
| 759 | |
| 760 | mutex_buf = (PyThread_type_lock *)malloc( |
| 761 | CRYPTO_num_locks() * sizeof(PyThread_type_lock)); |
| 762 | if (!mutex_buf) { |
| 763 | return 0; |
| 764 | } |
| 765 | for (i = 0; i < CRYPTO_num_locks(); ++i) { |
| 766 | mutex_buf[i] = PyThread_allocate_lock(); |
| 767 | } |
Jean-Paul Calderone | 28ebb30 | 2008-12-29 16:25:30 -0500 | [diff] [blame] | 768 | CRYPTO_set_id_callback((unsigned long (*)(void))PyThread_get_thread_ident); |
Jean-Paul Calderone | aea5d90 | 2008-04-26 19:53:39 -0400 | [diff] [blame] | 769 | CRYPTO_set_locking_callback(locking_function); |
| 770 | return 1; |
| 771 | } |
| 772 | |
| 773 | /* /\** */ |
| 774 | /* * Clean up after OpenSSL thread initialization. */ |
| 775 | /* *\/ */ |
| 776 | /* static int deinit_openssl_threads() { */ |
| 777 | /* int i; */ |
| 778 | |
| 779 | /* if (!mutex_buf) { */ |
| 780 | /* return 0; */ |
| 781 | /* } */ |
| 782 | /* CRYPTO_set_id_callback(NULL); */ |
| 783 | /* CRYPTO_set_locking_callback(NULL); */ |
| 784 | /* for (i = 0; i < CRYPTO_num_locks(); i++) { */ |
| 785 | /* PyThread_free_lock(mutex_buf[i]); */ |
| 786 | /* } */ |
| 787 | /* free(mutex_buf); */ |
| 788 | /* mutex_buf = NULL; */ |
| 789 | /* return 1; */ |
| 790 | /* } */ |
| 791 | |
| 792 | #endif |
| 793 | |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 794 | #ifdef PY3 |
| 795 | static struct PyModuleDef cryptomodule = { |
| 796 | PyModuleDef_HEAD_INIT, |
| 797 | "crypto", |
| 798 | crypto_doc, |
| 799 | -1, |
| 800 | crypto_methods |
| 801 | }; |
| 802 | #endif |
Jean-Paul Calderone | aea5d90 | 2008-04-26 19:53:39 -0400 | [diff] [blame] | 803 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 804 | /* |
| 805 | * Initialize crypto sub module |
| 806 | * |
| 807 | * Arguments: None |
| 808 | * Returns: None |
| 809 | */ |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 810 | PyOpenSSL_MODINIT(crypto) { |
| 811 | #ifndef PY3 |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 812 | static void *crypto_API[crypto_API_pointers]; |
| 813 | PyObject *c_api_object; |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 814 | #endif |
Jean-Paul Calderone | 0cdb7bd | 2009-07-04 10:21:07 -0400 | [diff] [blame] | 815 | PyObject *module; |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 816 | |
| 817 | ERR_load_crypto_strings(); |
| 818 | OpenSSL_add_all_algorithms(); |
| 819 | |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 820 | #ifdef PY3 |
| 821 | module = PyModule_Create(&cryptomodule); |
| 822 | #else |
| 823 | module = Py_InitModule3("crypto", crypto_methods, crypto_doc); |
| 824 | #endif |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 825 | |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 826 | if (module == NULL) { |
Jean-Paul Calderone | 3fe7f67 | 2010-08-11 23:55:10 -0400 | [diff] [blame] | 827 | PyOpenSSL_MODRETURN(NULL); |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 828 | } |
| 829 | |
| 830 | #ifndef PY3 |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 831 | /* Initialize the C API pointer array */ |
| 832 | crypto_API[crypto_X509_New_NUM] = (void *)crypto_X509_New; |
| 833 | crypto_API[crypto_X509Name_New_NUM] = (void *)crypto_X509Name_New; |
| 834 | crypto_API[crypto_X509Req_New_NUM] = (void *)crypto_X509Req_New; |
| 835 | crypto_API[crypto_X509Store_New_NUM] = (void *)crypto_X509Store_New; |
| 836 | crypto_API[crypto_PKey_New_NUM] = (void *)crypto_PKey_New; |
| 837 | crypto_API[crypto_X509Extension_New_NUM] = (void *)crypto_X509Extension_New; |
| 838 | crypto_API[crypto_PKCS7_New_NUM] = (void *)crypto_PKCS7_New; |
| 839 | crypto_API[crypto_NetscapeSPKI_New_NUM] = (void *)crypto_NetscapeSPKI_New; |
| 840 | c_api_object = PyCObject_FromVoidPtr((void *)crypto_API, NULL); |
Jean-Paul Calderone | aed2358 | 2011-03-12 22:45:02 -0500 | [diff] [blame] | 841 | if (c_api_object != NULL) { |
| 842 | /* PyModule_AddObject steals a reference. |
| 843 | */ |
Jean-Paul Calderone | 026f664 | 2011-04-20 18:59:33 -0400 | [diff] [blame] | 844 | Py_INCREF(c_api_object); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 845 | PyModule_AddObject(module, "_C_API", c_api_object); |
Jean-Paul Calderone | aed2358 | 2011-03-12 22:45:02 -0500 | [diff] [blame] | 846 | } |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 847 | #endif |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 848 | |
| 849 | crypto_Error = PyErr_NewException("OpenSSL.crypto.Error", NULL, NULL); |
| 850 | if (crypto_Error == NULL) |
| 851 | goto error; |
Jean-Paul Calderone | aed2358 | 2011-03-12 22:45:02 -0500 | [diff] [blame] | 852 | |
| 853 | /* PyModule_AddObject steals a reference. |
| 854 | */ |
Jean-Paul Calderone | 026f664 | 2011-04-20 18:59:33 -0400 | [diff] [blame] | 855 | Py_INCREF(crypto_Error); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 856 | if (PyModule_AddObject(module, "Error", crypto_Error) != 0) |
| 857 | goto error; |
| 858 | |
| 859 | PyModule_AddIntConstant(module, "FILETYPE_PEM", X509_FILETYPE_PEM); |
| 860 | PyModule_AddIntConstant(module, "FILETYPE_ASN1", X509_FILETYPE_ASN1); |
Rick Dean | 5b7b637 | 2009-04-01 11:34:06 -0500 | [diff] [blame] | 861 | PyModule_AddIntConstant(module, "FILETYPE_TEXT", X509_FILETYPE_TEXT); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 862 | |
| 863 | PyModule_AddIntConstant(module, "TYPE_RSA", crypto_TYPE_RSA); |
| 864 | PyModule_AddIntConstant(module, "TYPE_DSA", crypto_TYPE_DSA); |
| 865 | |
Jean-Paul Calderone | aea5d90 | 2008-04-26 19:53:39 -0400 | [diff] [blame] | 866 | #ifdef WITH_THREAD |
| 867 | if (!init_openssl_threads()) |
| 868 | goto error; |
| 869 | #endif |
Jean-Paul Calderone | 2e1da57 | 2009-06-27 10:44:00 -0400 | [diff] [blame] | 870 | if (!init_crypto_x509(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 871 | goto error; |
Jean-Paul Calderone | 2cd7a92 | 2009-06-27 11:02:46 -0400 | [diff] [blame] | 872 | if (!init_crypto_x509name(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 873 | goto error; |
Jean-Paul Calderone | 0cdb7bd | 2009-07-04 10:21:07 -0400 | [diff] [blame] | 874 | if (!init_crypto_x509store(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 875 | goto error; |
Jean-Paul Calderone | f159252 | 2009-06-27 11:10:43 -0400 | [diff] [blame] | 876 | if (!init_crypto_x509req(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 877 | goto error; |
Jean-Paul Calderone | 2e1da57 | 2009-06-27 10:44:00 -0400 | [diff] [blame] | 878 | if (!init_crypto_pkey(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 879 | goto error; |
Jean-Paul Calderone | 51e9066 | 2009-06-27 11:17:28 -0400 | [diff] [blame] | 880 | if (!init_crypto_x509extension(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 881 | goto error; |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 882 | if (!init_crypto_pkcs7(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 883 | goto error; |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 884 | if (!init_crypto_pkcs12(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 885 | goto error; |
Jean-Paul Calderone | dc138fa | 2009-06-27 14:32:07 -0400 | [diff] [blame] | 886 | if (!init_crypto_netscape_spki(module)) |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 887 | goto error; |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 888 | if (!init_crypto_crl(module)) |
| 889 | goto error; |
| 890 | if (!init_crypto_revoked(module)) |
| 891 | goto error; |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 892 | |
Jean-Paul Calderone | 3fe7f67 | 2010-08-11 23:55:10 -0400 | [diff] [blame] | 893 | PyOpenSSL_MODRETURN(module); |
Jean-Paul Calderone | ef853eb | 2010-08-10 19:47:06 -0400 | [diff] [blame] | 894 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 895 | error: |
Jean-Paul Calderone | 3fe7f67 | 2010-08-11 23:55:10 -0400 | [diff] [blame] | 896 | PyOpenSSL_MODRETURN(NULL); |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 897 | ; |
| 898 | } |