Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 78b92a2f68ec960563e90c86bb41a2d128d0d1c8 / . / OpenSSL / ssl / ssl.c
blob: 03558c7f626bedd0dcdbbc5979e30679b25b7996 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * ssl.c
3 *
Jean-Paul Calderone8671c852011-03-02 19:26:20 -0500[diff] [blame]4 * Copyright (C) AB Strakt
5 * Copyright (C) Jean-Paul Calderone
6 * See LICENSE for details.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]7 *
8 * Main file of the SSL sub module.
9 * See the file RATIONALE for a short explanation of why this module was written.
10 *
11 * Reviewed 2001-07-23
12 */
13#include <Python.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -0500[diff] [blame]14
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -0500[diff] [blame]15#ifndef MS_WINDOWS
16# include <sys/socket.h>
17# include <netinet/in.h>
18# if !(defined(__BEOS__) || defined(__CYGWIN__))
19# include <netinet/tcp.h>
20# endif
21#else
22# include <winsock.h>
23# include <wincrypt.h>
24#endif
25
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]26#define SSL_MODULE
27#include "ssl.h"
28
29static char ssl_doc[] = "\n\
30Main file of the SSL sub module.\n\
Jean-Paul Calderone5aa15c72008-03-04 22:20:17 -0500[diff] [blame]31See the file RATIONALE for a short explanation of why this module was written.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]32";
33
Jean-Paul Calderone31ba5762010-11-01 17:30:41 -0400[diff] [blame]34crypto_X509Obj* (*new_x509)(X509*, int);
35crypto_X509NameObj* (*new_x509name)(X509_NAME*, int);
36crypto_X509StoreObj* (*new_x509store)(X509_STORE*, int);
37
38
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]39#ifndef PY3
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]40void **crypto_API;
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]41#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]42
Jean-Paul Calderone00db9da2008-09-21 17:42:34 -0400[diff] [blame]43int _pyOpenSSL_tstate_key;
44
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]45/* Exceptions defined by the SSL submodule */
46PyObject *ssl_Error, /* Base class */
47 *ssl_ZeroReturnError, /* Used with SSL_get_error */
48 *ssl_WantReadError, /* ... */
49 *ssl_WantWriteError, /* ... */
50 *ssl_WantX509LookupError, /* ... */
51 *ssl_SysCallError; /* Uses (errno,errstr) */
52
Jean-Paul Calderone2ca33022011-04-15 12:10:02 -0400[diff] [blame]53static char ssl_SSLeay_version_doc[] = "\n\
54Return a string describing the version of OpenSSL in use.\n\
55\n\
Jonathan Ballet78b92a22011-07-16 08:07:26 +0900[diff] [blame^]56:param type: One of the SSLEAY_ constants defined in this module.\n\
Jean-Paul Calderone2ca33022011-04-15 12:10:02 -0400[diff] [blame]57";
58
59static PyObject *
60ssl_SSLeay_version(PyObject *spam, PyObject *args) {
61 int t;
62 const char *version;
63
64 if (!PyArg_ParseTuple(args, "i:SSLeay_version", &t)) {
65 return NULL;
66 }
67
68 version = SSLeay_version(t);
69 return PyBytes_FromStringAndSize(version, strlen(version));
70}
71
72
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]73
74/* Methods in the OpenSSL.SSL module */
75static PyMethodDef ssl_methods[] = {
Jean-Paul Calderone2ca33022011-04-15 12:10:02 -0400[diff] [blame]76 { "SSLeay_version", ssl_SSLeay_version, METH_VARARGS, ssl_SSLeay_version_doc },
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]77 { NULL, NULL }
78};
79
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]80#ifdef PY3
81static struct PyModuleDef sslmodule = {
82 PyModuleDef_HEAD_INIT,
83 "SSL",
84 ssl_doc,
85 -1,
86 ssl_methods
87};
88#endif
89
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]90/*
91 * Initialize SSL sub module
92 *
93 * Arguments: None
94 * Returns: None
95 */
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]96PyOpenSSL_MODINIT(SSL) {
97 PyObject *module;
98#ifndef PY3
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]99 static void *ssl_API[ssl_API_pointers];
100 PyObject *ssl_api_object;
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]101
102 import_crypto();
Jean-Paul Calderonee56627a2010-11-01 00:03:15 -0400[diff] [blame]103
104 new_x509 = crypto_X509_New;
105 new_x509name = crypto_X509Name_New;
106 new_x509store = crypto_X509Store_New;
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400[diff] [blame]107#else
Jean-Paul Calderoneff077d62010-10-31 21:09:45 -0400[diff] [blame]108# ifdef _WIN32
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400[diff] [blame]109 HMODULE crypto = GetModuleHandle("crypto.pyd");
110 if (crypto == NULL) {
111 PyErr_SetString(PyExc_RuntimeError, "Unable to get crypto module");
Jean-Paul Calderoned1ce64c2010-10-31 21:18:37 -0400[diff] [blame]112 PyOpenSSL_MODRETURN(NULL);
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400[diff] [blame]113 }
114
Jean-Paul Calderone040112f2010-10-31 23:26:13 -0400[diff] [blame]115 new_x509 = (crypto_X509Obj* (*)(X509*, int))GetProcAddress(crypto, "crypto_X509_New");
Jean-Paul Calderone5bcb3032010-10-31 23:30:29 -0400[diff] [blame]116 new_x509name = (crypto_X509NameObj* (*)(X509_NAME*, int))GetProcAddress(crypto, "crypto_X509Name_New");
117 new_x509store = (crypto_X509StoreObj* (*)(X509_STORE*, int))GetProcAddress(crypto, "crypto_X509Store_New");
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400[diff] [blame]118# else
Jean-Paul Calderone1e9312e2010-10-31 21:26:18 -0400[diff] [blame]119 new_x509 = crypto_X509_New;
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400[diff] [blame]120 new_x509name = crypto_X509Name_New;
Jean-Paul Calderone1e9312e2010-10-31 21:26:18 -0400[diff] [blame]121 new_x509store = crypto_X509Store_New;
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400[diff] [blame]122# endif
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]123#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]124
125 SSL_library_init();
126 ERR_load_SSL_strings();
127
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]128#ifdef PY3
129 module = PyModule_Create(&sslmodule);
130#else
131 module = Py_InitModule3("SSL", ssl_methods, ssl_doc);
132#endif
133 if (module == NULL) {
Jean-Paul Calderoneb6d75252010-08-11 23:55:45 -0400[diff] [blame]134 PyOpenSSL_MODRETURN(NULL);
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]135 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]136
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]137#ifndef PY3
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]138 /* Initialize the C API pointer array */
139 ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
140 ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
141 ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]142 if (ssl_api_object != NULL) {
143 /* PyModule_AddObject steals a reference.
144 */
Jean-Paul Calderone026f6642011-04-20 18:59:33 -0400[diff] [blame]145 Py_INCREF(ssl_api_object);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]146 PyModule_AddObject(module, "_C_API", ssl_api_object);
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]147 }
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]148#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]149
150 /* Exceptions */
151/*
152 * ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
153 * inserting OpenSSL.SSL.name into dict, derviving the exception from base.
154 */
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]155#define ADD_EXCEPTION(_name, _base) \
156do { \
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]157 ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
158 if (ssl_##_name == NULL) \
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]159 goto error; \
160 /* PyModule_AddObject steals a reference. */ \
Jean-Paul Calderone026f6642011-04-20 18:59:33 -0400[diff] [blame]161 Py_INCREF(ssl_##_name); \
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]162 if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]163 goto error; \
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]164} while (0)
165
166 ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
Jean-Paul Calderone86ad7112010-05-11 16:08:45 -0400[diff] [blame]167 if (ssl_Error == NULL) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]168 goto error;
Jean-Paul Calderone86ad7112010-05-11 16:08:45 -0400[diff] [blame]169 }
Jean-Paul Calderone86ad7112010-05-11 16:08:45 -0400[diff] [blame]170
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500[diff] [blame]171 /* PyModule_AddObject steals a reference. */
172 Py_INCREF(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]173 if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
174 goto error;
175
176 ADD_EXCEPTION(ZeroReturnError, ssl_Error);
177 ADD_EXCEPTION(WantReadError, ssl_Error);
178 ADD_EXCEPTION(WantWriteError, ssl_Error);
179 ADD_EXCEPTION(WantX509LookupError, ssl_Error);
180 ADD_EXCEPTION(SysCallError, ssl_Error);
181#undef ADD_EXCEPTION
182
183 /* Method constants */
184 PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD);
185 PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD);
186 PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD);
187 PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD);
188
189 /* Verify constants */
190 PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE);
191 PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER);
192 PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT",
193 SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
194 PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE",
195 SSL_VERIFY_CLIENT_ONCE);
196
197 /* File type constants */
198 PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM);
199 PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1);
200
201 /* SSL option constants */
202 PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
203 PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA);
204 PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
205 PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
206 PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
207
208 /* More SSL option constants */
209 PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG);
210 PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG);
211 PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
212 PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
213 PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
214 PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING);
215 PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
216 PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG);
217 PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG);
218 PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
219 PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL);
220 PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE);
221 PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG);
222 PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1);
223 PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2);
224 PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
225 PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
226
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500[diff] [blame]227 /* DTLS related options. The first two of these were introduced in
228 * 2005, the third in 2007. To accomodate systems which are still using
229 * older versions, make them optional. */
230#ifdef SSL_OP_NO_QUERY_MTU
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500[diff] [blame]231 PyModule_AddIntConstant(module, "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU);
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500[diff] [blame]232#endif
233#ifdef SSL_OP_COOKIE_EXCHANGE
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500[diff] [blame]234 PyModule_AddIntConstant(module, "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE);
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500[diff] [blame]235#endif
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500[diff] [blame]236#ifdef SSL_OP_NO_TICKET
237 PyModule_AddIntConstant(module, "OP_NO_TICKET", SSL_OP_NO_TICKET);
238#endif
239
240 /* For SSL_set_shutdown */
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -0500[diff] [blame]241 PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN);
242 PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN);
243
Olivier Hervieua9aed932011-03-02 21:49:23 +0100[diff] [blame]244 /* For set_info_callback */
245 PyModule_AddIntConstant(module, "SSL_ST_CONNECT", SSL_ST_CONNECT);
246 PyModule_AddIntConstant(module, "SSL_ST_ACCEPT", SSL_ST_ACCEPT);
247 PyModule_AddIntConstant(module, "SSL_ST_MASK", SSL_ST_MASK);
248 PyModule_AddIntConstant(module, "SSL_ST_INIT", SSL_ST_INIT);
249 PyModule_AddIntConstant(module, "SSL_ST_BEFORE", SSL_ST_BEFORE);
250 PyModule_AddIntConstant(module, "SSL_ST_OK", SSL_ST_OK);
251 PyModule_AddIntConstant(module, "SSL_ST_RENEGOTIATE", SSL_ST_RENEGOTIATE);
252 PyModule_AddIntConstant(module, "SSL_CB_LOOP", SSL_CB_LOOP);
253 PyModule_AddIntConstant(module, "SSL_CB_EXIT", SSL_CB_EXIT);
254 PyModule_AddIntConstant(module, "SSL_CB_READ", SSL_CB_READ);
255 PyModule_AddIntConstant(module, "SSL_CB_WRITE", SSL_CB_WRITE);
256 PyModule_AddIntConstant(module, "SSL_CB_ALERT", SSL_CB_ALERT);
257 PyModule_AddIntConstant(module, "SSL_CB_READ_ALERT", SSL_CB_READ_ALERT);
258 PyModule_AddIntConstant(module, "SSL_CB_WRITE_ALERT", SSL_CB_WRITE_ALERT);
259 PyModule_AddIntConstant(module, "SSL_CB_ACCEPT_LOOP", SSL_CB_ACCEPT_LOOP);
260 PyModule_AddIntConstant(module, "SSL_CB_ACCEPT_EXIT", SSL_CB_ACCEPT_EXIT);
261 PyModule_AddIntConstant(module, "SSL_CB_CONNECT_LOOP", SSL_CB_CONNECT_LOOP);
262 PyModule_AddIntConstant(module, "SSL_CB_CONNECT_EXIT", SSL_CB_CONNECT_EXIT);
263 PyModule_AddIntConstant(module, "SSL_CB_HANDSHAKE_START", SSL_CB_HANDSHAKE_START);
264 PyModule_AddIntConstant(module, "SSL_CB_HANDSHAKE_DONE", SSL_CB_HANDSHAKE_DONE);
265
Jean-Paul Calderone2ca33022011-04-15 12:10:02 -0400[diff] [blame]266 /* Version information indicators, used with SSLeay_version */
267 PyModule_AddIntConstant(module, "SSLEAY_VERSION", SSLEAY_VERSION);
268 PyModule_AddIntConstant(module, "SSLEAY_CFLAGS", SSLEAY_CFLAGS);
269 PyModule_AddIntConstant(module, "SSLEAY_BUILT_ON", SSLEAY_BUILT_ON);
270 PyModule_AddIntConstant(module, "SSLEAY_PLATFORM", SSLEAY_PLATFORM);
271 PyModule_AddIntConstant(module, "SSLEAY_DIR", SSLEAY_DIR);
272
273 /* Straight up version number */
274 PyModule_AddIntConstant(module, "OPENSSL_VERSION_NUMBER", OPENSSL_VERSION_NUMBER);
275
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]276 if (!init_ssl_context(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]277 goto error;
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400[diff] [blame]278 if (!init_ssl_connection(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]279 goto error;
280
Jean-Paul Calderone00db9da2008-09-21 17:42:34 -0400[diff] [blame]281#ifdef WITH_THREAD
282 /*
283 * Initialize this module's threading support structures.
284 */
285 _pyOpenSSL_tstate_key = PyThread_create_key();
286#endif
287
Jean-Paul Calderoneb6d75252010-08-11 23:55:45 -0400[diff] [blame]288 PyOpenSSL_MODRETURN(module);
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400[diff] [blame]289
290error:
Jean-Paul Calderoneb6d75252010-08-11 23:55:45 -0400[diff] [blame]291 PyOpenSSL_MODRETURN(NULL);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]292 ;
293}