blob: 555b5e59d6d9048cade9d663c83ac6bf92d7cc83 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001/*
2 * ssl.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -04005 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05006 *
7 * Main file of the SSL sub module.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 *
10 * Reviewed 2001-07-23
11 */
12#include <Python.h>
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050013
Jean-Paul Calderone12ea9a02008-02-22 12:24:39 -050014#ifndef MS_WINDOWS
15# include <sys/socket.h>
16# include <netinet/in.h>
17# if !(defined(__BEOS__) || defined(__CYGWIN__))
18# include <netinet/tcp.h>
19# endif
20#else
21# include <winsock.h>
22# include <wincrypt.h>
23#endif
24
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050025#define SSL_MODULE
26#include "ssl.h"
27
28static char ssl_doc[] = "\n\
29Main file of the SSL sub module.\n\
Jean-Paul Calderone5aa15c72008-03-04 22:20:17 -050030See the file RATIONALE for a short explanation of why this module was written.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050031";
32
Jean-Paul Calderone31ba5762010-11-01 17:30:41 -040033crypto_X509Obj* (*new_x509)(X509*, int);
34crypto_X509NameObj* (*new_x509name)(X509_NAME*, int);
35crypto_X509StoreObj* (*new_x509store)(X509_STORE*, int);
36
37
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -040038#ifndef PY3
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050039void **crypto_API;
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -040040#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050041
Jean-Paul Calderone00db9da2008-09-21 17:42:34 -040042int _pyOpenSSL_tstate_key;
43
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050044/* Exceptions defined by the SSL submodule */
45PyObject *ssl_Error, /* Base class */
46 *ssl_ZeroReturnError, /* Used with SSL_get_error */
47 *ssl_WantReadError, /* ... */
48 *ssl_WantWriteError, /* ... */
49 *ssl_WantX509LookupError, /* ... */
50 *ssl_SysCallError; /* Uses (errno,errstr) */
51
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050052
53/* Methods in the OpenSSL.SSL module */
54static PyMethodDef ssl_methods[] = {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050055 { NULL, NULL }
56};
57
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -040058#ifdef PY3
59static struct PyModuleDef sslmodule = {
60 PyModuleDef_HEAD_INIT,
61 "SSL",
62 ssl_doc,
63 -1,
64 ssl_methods
65};
66#endif
67
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050068/*
69 * Initialize SSL sub module
70 *
71 * Arguments: None
72 * Returns: None
73 */
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -040074PyOpenSSL_MODINIT(SSL) {
75 PyObject *module;
76#ifndef PY3
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050077 static void *ssl_API[ssl_API_pointers];
78 PyObject *ssl_api_object;
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -040079
80 import_crypto();
Jean-Paul Calderonee56627a2010-11-01 00:03:15 -040081
82 new_x509 = crypto_X509_New;
83 new_x509name = crypto_X509Name_New;
84 new_x509store = crypto_X509Store_New;
Jean-Paul Calderone305626a2010-10-31 20:51:17 -040085#else
Jean-Paul Calderoneff077d62010-10-31 21:09:45 -040086# ifdef _WIN32
Jean-Paul Calderone305626a2010-10-31 20:51:17 -040087 HMODULE crypto = GetModuleHandle("crypto.pyd");
88 if (crypto == NULL) {
89 PyErr_SetString(PyExc_RuntimeError, "Unable to get crypto module");
Jean-Paul Calderoned1ce64c2010-10-31 21:18:37 -040090 PyOpenSSL_MODRETURN(NULL);
Jean-Paul Calderone305626a2010-10-31 20:51:17 -040091 }
92
Jean-Paul Calderone040112f2010-10-31 23:26:13 -040093 new_x509 = (crypto_X509Obj* (*)(X509*, int))GetProcAddress(crypto, "crypto_X509_New");
Jean-Paul Calderone5bcb3032010-10-31 23:30:29 -040094 new_x509name = (crypto_X509NameObj* (*)(X509_NAME*, int))GetProcAddress(crypto, "crypto_X509Name_New");
95 new_x509store = (crypto_X509StoreObj* (*)(X509_STORE*, int))GetProcAddress(crypto, "crypto_X509Store_New");
Jean-Paul Calderone305626a2010-10-31 20:51:17 -040096# else
Jean-Paul Calderone1e9312e2010-10-31 21:26:18 -040097 new_x509 = crypto_X509_New;
Jean-Paul Calderone305626a2010-10-31 20:51:17 -040098 new_x509name = crypto_X509Name_New;
Jean-Paul Calderone1e9312e2010-10-31 21:26:18 -040099 new_x509store = crypto_X509Store_New;
Jean-Paul Calderone305626a2010-10-31 20:51:17 -0400100# endif
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400101#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500102
103 SSL_library_init();
104 ERR_load_SSL_strings();
105
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400106#ifdef PY3
107 module = PyModule_Create(&sslmodule);
108#else
109 module = Py_InitModule3("SSL", ssl_methods, ssl_doc);
110#endif
111 if (module == NULL) {
Jean-Paul Calderoneb6d75252010-08-11 23:55:45 -0400112 PyOpenSSL_MODRETURN(NULL);
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400113 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500114
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400115#ifndef PY3
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500116 /* Initialize the C API pointer array */
117 ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
118 ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
119 ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500120 if (ssl_api_object != NULL) {
121 /* PyModule_AddObject steals a reference.
122 */
123 Py_INCREF((PyObject *)&ssl_Context_Type);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500124 PyModule_AddObject(module, "_C_API", ssl_api_object);
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500125 }
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400126#endif
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500127
128 /* Exceptions */
129/*
130 * ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
131 * inserting OpenSSL.SSL.name into dict, derviving the exception from base.
132 */
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500133#define ADD_EXCEPTION(_name, _base) \
134do { \
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500135 ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
136 if (ssl_##_name == NULL) \
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500137 goto error; \
138 /* PyModule_AddObject steals a reference. */ \
139 Py_INCREF((PyObject *)&ssl_##_name); \
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500140 if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500141 goto error; \
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500142} while (0)
143
144 ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
Jean-Paul Calderone86ad7112010-05-11 16:08:45 -0400145 if (ssl_Error == NULL) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500146 goto error;
Jean-Paul Calderone86ad7112010-05-11 16:08:45 -0400147 }
Jean-Paul Calderone86ad7112010-05-11 16:08:45 -0400148
Jean-Paul Calderoneaed23582011-03-12 22:45:02 -0500149 /* PyModule_AddObject steals a reference. */
150 Py_INCREF(ssl_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500151 if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
152 goto error;
153
154 ADD_EXCEPTION(ZeroReturnError, ssl_Error);
155 ADD_EXCEPTION(WantReadError, ssl_Error);
156 ADD_EXCEPTION(WantWriteError, ssl_Error);
157 ADD_EXCEPTION(WantX509LookupError, ssl_Error);
158 ADD_EXCEPTION(SysCallError, ssl_Error);
159#undef ADD_EXCEPTION
160
161 /* Method constants */
162 PyModule_AddIntConstant(module, "SSLv2_METHOD", ssl_SSLv2_METHOD);
163 PyModule_AddIntConstant(module, "SSLv3_METHOD", ssl_SSLv3_METHOD);
164 PyModule_AddIntConstant(module, "SSLv23_METHOD", ssl_SSLv23_METHOD);
165 PyModule_AddIntConstant(module, "TLSv1_METHOD", ssl_TLSv1_METHOD);
166
167 /* Verify constants */
168 PyModule_AddIntConstant(module, "VERIFY_NONE", SSL_VERIFY_NONE);
169 PyModule_AddIntConstant(module, "VERIFY_PEER", SSL_VERIFY_PEER);
170 PyModule_AddIntConstant(module, "VERIFY_FAIL_IF_NO_PEER_CERT",
171 SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
172 PyModule_AddIntConstant(module, "VERIFY_CLIENT_ONCE",
173 SSL_VERIFY_CLIENT_ONCE);
174
175 /* File type constants */
176 PyModule_AddIntConstant(module, "FILETYPE_PEM", SSL_FILETYPE_PEM);
177 PyModule_AddIntConstant(module, "FILETYPE_ASN1", SSL_FILETYPE_ASN1);
178
179 /* SSL option constants */
180 PyModule_AddIntConstant(module, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
181 PyModule_AddIntConstant(module, "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA);
182 PyModule_AddIntConstant(module, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
183 PyModule_AddIntConstant(module, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
184 PyModule_AddIntConstant(module, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
185
186 /* More SSL option constants */
187 PyModule_AddIntConstant(module, "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG);
188 PyModule_AddIntConstant(module, "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG);
189 PyModule_AddIntConstant(module, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
190 PyModule_AddIntConstant(module, "OP_SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
191 PyModule_AddIntConstant(module, "OP_MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
192 PyModule_AddIntConstant(module, "OP_MSIE_SSLV2_RSA_PADDING", SSL_OP_MSIE_SSLV2_RSA_PADDING);
193 PyModule_AddIntConstant(module, "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
194 PyModule_AddIntConstant(module, "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG);
195 PyModule_AddIntConstant(module, "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG);
196 PyModule_AddIntConstant(module, "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
197 PyModule_AddIntConstant(module, "OP_ALL", SSL_OP_ALL);
198 PyModule_AddIntConstant(module, "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE);
199 PyModule_AddIntConstant(module, "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG);
200 PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1);
201 PyModule_AddIntConstant(module, "OP_PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2);
202 PyModule_AddIntConstant(module, "OP_NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG);
203 PyModule_AddIntConstant(module, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
204
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500205 /* DTLS related options. The first two of these were introduced in
206 * 2005, the third in 2007. To accomodate systems which are still using
207 * older versions, make them optional. */
208#ifdef SSL_OP_NO_QUERY_MTU
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500209 PyModule_AddIntConstant(module, "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU);
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500210#endif
211#ifdef SSL_OP_COOKIE_EXCHANGE
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500212 PyModule_AddIntConstant(module, "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE);
Jean-Paul Calderoneb43c3912008-12-28 22:30:56 -0500213#endif
Jean-Paul Calderone327d8f92008-12-28 21:55:56 -0500214#ifdef SSL_OP_NO_TICKET
215 PyModule_AddIntConstant(module, "OP_NO_TICKET", SSL_OP_NO_TICKET);
216#endif
217
218 /* For SSL_set_shutdown */
Jean-Paul Calderone72b8f0f2008-02-21 23:57:40 -0500219 PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN);
220 PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN);
221
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400222 if (!init_ssl_context(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500223 goto error;
Jean-Paul Calderone1bd11fa2009-05-27 17:09:15 -0400224 if (!init_ssl_connection(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500225 goto error;
226
Jean-Paul Calderone00db9da2008-09-21 17:42:34 -0400227#ifdef WITH_THREAD
228 /*
229 * Initialize this module's threading support structures.
230 */
231 _pyOpenSSL_tstate_key = PyThread_create_key();
232#endif
233
Jean-Paul Calderoneb6d75252010-08-11 23:55:45 -0400234 PyOpenSSL_MODRETURN(module);
Jean-Paul Calderone83dbcfd2010-08-11 20:20:57 -0400235
236error:
Jean-Paul Calderoneb6d75252010-08-11 23:55:45 -0400237 PyOpenSSL_MODRETURN(NULL);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500238 ;
239}