blob: 43c8c90b4e3c22bc042bb20f7c3c8195adc151d0 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05001/*
2 * crypto.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -04005 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -05006 *
7 * Main file of crypto sub module.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 *
10 * Reviewed 2001-07-23
11 */
12#include <Python.h>
13#define crypto_MODULE
14#include "crypto.h"
15
16static char crypto_doc[] = "\n\
17Main file of crypto sub module.\n\
18See the file RATIONALE for a short explanation of why this module was written.\n\
19";
20
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050021void **ssl_API;
22
23PyObject *crypto_Error;
24
25static int
26global_passphrase_callback(char *buf, int len, int rwflag, void *cb_arg)
27{
28 PyObject *func, *argv, *ret;
29 int nchars;
30
31 func = (PyObject *)cb_arg;
32 argv = Py_BuildValue("(i)", rwflag);
33 ret = PyEval_CallObject(func, argv);
34 Py_DECREF(argv);
35 if (ret == NULL)
36 return 0;
37 if (!PyString_Check(ret))
38 {
39 PyErr_SetString(PyExc_ValueError, "String expected");
40 return 0;
41 }
42 nchars = PyString_Size(ret);
43 if (nchars > len)
44 nchars = len;
45 strncpy(buf, PyString_AsString(ret), nchars);
46 return nchars;
47}
48
49static char crypto_load_privatekey_doc[] = "\n\
50Load a private key from a buffer\n\
51\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -040052@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
53@param buffer: The buffer the key is stored in\n\
54@param passphrase: (optional) if encrypted PEM format, this can be\n\
55 either the passphrase to use, or a callback for\n\
56 providing the passphrase.\n\
57\n\
58@return: The PKey object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -050059";
60
61static PyObject *
62crypto_load_privatekey(PyObject *spam, PyObject *args)
63{
64 crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
65 int type, len;
66 char *buffer;
67 PyObject *pw = NULL;
68 pem_password_cb *cb = NULL;
69 void *cb_arg = NULL;
70 BIO *bio;
71 EVP_PKEY *pkey;
72
73 if (!PyArg_ParseTuple(args, "is#|O:load_privatekey", &type, &buffer, &len, &pw))
74 return NULL;
75
76 if (pw != NULL)
77 {
78 if (PyString_Check(pw))
79 {
80 cb = NULL;
81 cb_arg = PyString_AsString(pw);
82 }
83 else if (PyCallable_Check(pw))
84 {
85 cb = global_passphrase_callback;
86 cb_arg = pw;
87 }
88 else
89 {
90 PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
91 return NULL;
92 }
93 }
94
95 bio = BIO_new_mem_buf(buffer, len);
96 switch (type)
97 {
98 case X509_FILETYPE_PEM:
99 pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, cb_arg);
100 break;
101
102 case X509_FILETYPE_ASN1:
103 pkey = d2i_PrivateKey_bio(bio, NULL);
104 break;
105
106 default:
107 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
108 BIO_free(bio);
109 return NULL;
110 }
111 BIO_free(bio);
112
113 if (pkey == NULL)
114 {
115 exception_from_error_queue();
116 return NULL;
117 }
118
119 return (PyObject *)crypto_PKey_New(pkey, 1);
120}
121
122static char crypto_dump_privatekey_doc[] = "\n\
123Dump a private key to a buffer\n\
124\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400125@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
126@param pkey: The PKey to dump\n\
127@param cipher: (optional) if encrypted PEM format, the cipher to\n\
128 use\n\
129@param passphrase - (optional) if encrypted PEM format, this can be either\n\
130 the passphrase to use, or a callback for providing the\n\
131 passphrase.\n\
132@return: The buffer with the dumped key in\n\
133@rtype: C{str}\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500134";
135
136static PyObject *
137crypto_dump_privatekey(PyObject *spam, PyObject *args)
138{
139 int type, ret, buf_len;
140 char *temp;
141 PyObject *buffer;
142 char *cipher_name = NULL;
143 const EVP_CIPHER *cipher = NULL;
144 PyObject *pw = NULL;
145 pem_password_cb *cb = NULL;
146 void *cb_arg = NULL;
147 BIO *bio;
Rick Dean5b7b6372009-04-01 11:34:06 -0500148 RSA *rsa;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500149 crypto_PKeyObj *pkey;
150
151 if (!PyArg_ParseTuple(args, "iO!|sO:dump_privatekey", &type,
152 &crypto_PKey_Type, &pkey, &cipher_name, &pw))
153 return NULL;
154
155 if (cipher_name != NULL && pw == NULL)
156 {
157 PyErr_SetString(PyExc_ValueError, "Illegal number of arguments");
158 return NULL;
159 }
160 if (cipher_name != NULL)
161 {
162 cipher = EVP_get_cipherbyname(cipher_name);
163 if (cipher == NULL)
164 {
165 PyErr_SetString(PyExc_ValueError, "Invalid cipher name");
166 return NULL;
167 }
168 if (PyString_Check(pw))
169 {
170 cb = NULL;
171 cb_arg = PyString_AsString(pw);
172 }
173 else if (PyCallable_Check(pw))
174 {
175 cb = global_passphrase_callback;
176 cb_arg = pw;
177 }
178 else
179 {
180 PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable");
181 return NULL;
182 }
183 }
184
185 bio = BIO_new(BIO_s_mem());
186 switch (type)
187 {
188 case X509_FILETYPE_PEM:
189 ret = PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_arg);
190 if (PyErr_Occurred())
191 {
192 BIO_free(bio);
193 return NULL;
194 }
195 break;
196
197 case X509_FILETYPE_ASN1:
198 ret = i2d_PrivateKey_bio(bio, pkey->pkey);
199 break;
200
Rick Dean5b7b6372009-04-01 11:34:06 -0500201 case X509_FILETYPE_TEXT:
202 rsa = EVP_PKEY_get1_RSA(pkey->pkey);
203 ret = RSA_print(bio, rsa, 0);
204 RSA_free(rsa);
205 break;
206
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500207 default:
Rick Dean5b7b6372009-04-01 11:34:06 -0500208 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500209 BIO_free(bio);
210 return NULL;
211 }
212
213 if (ret == 0)
214 {
215 BIO_free(bio);
216 exception_from_error_queue();
217 return NULL;
218 }
219
220 buf_len = BIO_get_mem_data(bio, &temp);
221 buffer = PyString_FromStringAndSize(temp, buf_len);
222 BIO_free(bio);
223
224 return buffer;
225}
226
227static char crypto_load_certificate_doc[] = "\n\
228Load a certificate from a buffer\n\
229\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400230@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500231 buffer - The buffer the certificate is stored in\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400232@return: The X509 object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500233";
234
235static PyObject *
236crypto_load_certificate(PyObject *spam, PyObject *args)
237{
238 crypto_X509Obj *crypto_X509_New(X509 *, int);
239 int type, len;
240 char *buffer;
241 BIO *bio;
242 X509 *cert;
243
244 if (!PyArg_ParseTuple(args, "is#:load_certificate", &type, &buffer, &len))
245 return NULL;
246
247 bio = BIO_new_mem_buf(buffer, len);
248 switch (type)
249 {
250 case X509_FILETYPE_PEM:
251 cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
252 break;
253
254 case X509_FILETYPE_ASN1:
255 cert = d2i_X509_bio(bio, NULL);
256 break;
257
258 default:
259 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
260 BIO_free(bio);
261 return NULL;
262 }
263 BIO_free(bio);
264
265 if (cert == NULL)
266 {
267 exception_from_error_queue();
268 return NULL;
269 }
270
271 return (PyObject *)crypto_X509_New(cert, 1);
272}
273
274static char crypto_dump_certificate_doc[] = "\n\
275Dump a certificate to a buffer\n\
276\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400277@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
278@param cert: The certificate to dump\n\
279@return: The buffer with the dumped certificate in\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500280";
281
282static PyObject *
283crypto_dump_certificate(PyObject *spam, PyObject *args)
284{
285 int type, ret, buf_len;
286 char *temp;
287 PyObject *buffer;
288 BIO *bio;
289 crypto_X509Obj *cert;
290
291 if (!PyArg_ParseTuple(args, "iO!:dump_certificate", &type,
292 &crypto_X509_Type, &cert))
293 return NULL;
294
295 bio = BIO_new(BIO_s_mem());
296 switch (type)
297 {
298 case X509_FILETYPE_PEM:
299 ret = PEM_write_bio_X509(bio, cert->x509);
300 break;
301
302 case X509_FILETYPE_ASN1:
303 ret = i2d_X509_bio(bio, cert->x509);
304 break;
305
Rick Dean5b7b6372009-04-01 11:34:06 -0500306 case X509_FILETYPE_TEXT:
307 ret = X509_print_ex(bio, cert->x509, 0, 0);
308 break;
309
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500310 default:
Rick Dean5b7b6372009-04-01 11:34:06 -0500311 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500312 BIO_free(bio);
313 return NULL;
314 }
315
316 if (ret == 0)
317 {
318 BIO_free(bio);
319 exception_from_error_queue();
320 return NULL;
321 }
322
323 buf_len = BIO_get_mem_data(bio, &temp);
324 buffer = PyString_FromStringAndSize(temp, buf_len);
325 BIO_free(bio);
326
327 return buffer;
328}
329
330static char crypto_load_certificate_request_doc[] = "\n\
331Load a certificate request from a buffer\n\
332\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400333@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500334 buffer - The buffer the certificate request is stored in\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400335@return: The X509Req object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500336";
337
338static PyObject *
339crypto_load_certificate_request(PyObject *spam, PyObject *args)
340{
341 crypto_X509ReqObj *crypto_X509Req_New(X509_REQ *, int);
342 int type, len;
343 char *buffer;
344 BIO *bio;
345 X509_REQ *req;
346
347 if (!PyArg_ParseTuple(args, "is#:load_certificate_request", &type, &buffer, &len))
348 return NULL;
349
350 bio = BIO_new_mem_buf(buffer, len);
351 switch (type)
352 {
353 case X509_FILETYPE_PEM:
354 req = PEM_read_bio_X509_REQ(bio, NULL, NULL, NULL);
355 break;
356
357 case X509_FILETYPE_ASN1:
358 req = d2i_X509_REQ_bio(bio, NULL);
359 break;
360
361 default:
362 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
363 BIO_free(bio);
364 return NULL;
365 }
366 BIO_free(bio);
367
368 if (req == NULL)
369 {
370 exception_from_error_queue();
371 return NULL;
372 }
373
374 return (PyObject *)crypto_X509Req_New(req, 1);
375}
376
377static char crypto_dump_certificate_request_doc[] = "\n\
378Dump a certificate request to a buffer\n\
379\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400380@param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500381 req - The certificate request to dump\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400382@return: The buffer with the dumped certificate request in\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500383";
384
385static PyObject *
386crypto_dump_certificate_request(PyObject *spam, PyObject *args)
387{
388 int type, ret, buf_len;
389 char *temp;
390 PyObject *buffer;
391 BIO *bio;
392 crypto_X509ReqObj *req;
393
394 if (!PyArg_ParseTuple(args, "iO!:dump_certificate_request", &type,
395 &crypto_X509Req_Type, &req))
396 return NULL;
397
398 bio = BIO_new(BIO_s_mem());
399 switch (type)
400 {
401 case X509_FILETYPE_PEM:
402 ret = PEM_write_bio_X509_REQ(bio, req->x509_req);
403 break;
404
405 case X509_FILETYPE_ASN1:
406 ret = i2d_X509_REQ_bio(bio, req->x509_req);
407 break;
408
Rick Dean5b7b6372009-04-01 11:34:06 -0500409 case X509_FILETYPE_TEXT:
410 ret = X509_REQ_print_ex(bio, req->x509_req, 0, 0);
411 break;
412
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500413 default:
Rick Dean5b7b6372009-04-01 11:34:06 -0500414 PyErr_SetString(PyExc_ValueError, "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT");
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500415 BIO_free(bio);
416 return NULL;
417 }
418
419 if (ret == 0)
420 {
421 BIO_free(bio);
422 exception_from_error_queue();
423 return NULL;
424 }
425
426 buf_len = BIO_get_mem_data(bio, &temp);
427 buffer = PyString_FromStringAndSize(temp, buf_len);
428 BIO_free(bio);
429
430 return buffer;
431}
432
433static char crypto_load_pkcs7_data_doc[] = "\n\
434Load pkcs7 data from a buffer\n\
435\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400436@param type: The file type (one of FILETYPE_PEM or FILETYPE_ASN1)\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500437 buffer - The buffer with the pkcs7 data.\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400438@return: The PKCS7 object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500439";
440
441static PyObject *
442crypto_load_pkcs7_data(PyObject *spam, PyObject *args)
443{
444 int type, len;
445 char *buffer;
446 BIO *bio;
447 PKCS7 *pkcs7 = NULL;
448
449 if (!PyArg_ParseTuple(args, "is#:load_pkcs7_data", &type, &buffer, &len))
450 return NULL;
451
452 /*
453 * Try to read the pkcs7 data from the bio
454 */
455 bio = BIO_new_mem_buf(buffer, len);
456 switch (type)
457 {
458 case X509_FILETYPE_PEM:
459 pkcs7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL);
460 break;
461
462 case X509_FILETYPE_ASN1:
463 pkcs7 = d2i_PKCS7_bio(bio, NULL);
464 break;
465
466 default:
467 PyErr_SetString(PyExc_ValueError,
468 "type argument must be FILETYPE_PEM or FILETYPE_ASN1");
469 return NULL;
470 }
471 BIO_free(bio);
472
473 /*
474 * Check if we got a PKCS7 structure
475 */
476 if (pkcs7 == NULL)
477 {
478 exception_from_error_queue();
479 return NULL;
480 }
481
482 return (PyObject *)crypto_PKCS7_New(pkcs7, 1);
483}
484
485static char crypto_load_pkcs12_doc[] = "\n\
486Load a PKCS12 object from a buffer\n\
487\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400488@param buffer: The buffer the certificate is stored in\n\
489 passphrase (Optional) - The password to decrypt the PKCS12 lump\n\
490@returns: The PKCS12 object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500491";
492
493static PyObject *
494crypto_load_pkcs12(PyObject *spam, PyObject *args)
495{
496 crypto_PKCS12Obj *crypto_PKCS12_New(PKCS12 *, char *);
497 int len;
498 char *buffer, *passphrase = NULL;
499 BIO *bio;
500 PKCS12 *p12;
501
502 if (!PyArg_ParseTuple(args, "s#|s:load_pkcs12", &buffer, &len, &passphrase))
503 return NULL;
504
505 bio = BIO_new_mem_buf(buffer, len);
506 if ((p12 = d2i_PKCS12_bio(bio, NULL)) == NULL)
507 {
508 BIO_free(bio);
509 exception_from_error_queue();
510 return NULL;
511 }
512 BIO_free(bio);
513
514 return (PyObject *)crypto_PKCS12_New(p12, passphrase);
515}
516
517
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500518static char crypto_X509Req_doc[] = "\n\
519The factory function inserted in the module dictionary to create X509Req\n\
520objects\n\
521\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400522@returns: The X509Req object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500523";
524
525static PyObject *
526crypto_X509Req(PyObject *spam, PyObject *args)
527{
528 if (!PyArg_ParseTuple(args, ":X509Req"))
529 return NULL;
530
531 return (PyObject *)crypto_X509Req_New(X509_REQ_new(), 1);
532}
533
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500534
535static char crypto_X509Extension_doc[] = "\n\
536The factory function inserted in the module dictionary to create\n\
537X509Extension objects.\n\
538\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400539@param typename: The name of the extension to create.\n\
540@type typename: C{str}\n\
541@param critical: A flag indicating whether this is a critical extension.\n\
542@param value: The value of the extension.\n\
543@type value: C{str}\n\
544@return: The X509Extension object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500545";
546
547static PyObject *
548crypto_X509Extension(PyObject *spam, PyObject *args)
549{
550 char *type_name, *value;
551 int critical;
552
553 if (!PyArg_ParseTuple(args, "sis:X509Extension", &type_name, &critical,
554 &value))
555 return NULL;
556
557 return (PyObject *)crypto_X509Extension_New(type_name, critical, value);
558}
559
560static char crypto_NetscapeSPKI_doc[] = "\n\
561The factory function inserted in the module dictionary to create NetscapeSPKI\n\
562objects\n\
563\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400564@param enc: Base64 encoded NetscapeSPKI object.\n\
565@type enc: C{str}\n\
566@return: The NetscapeSPKI object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500567";
568
569static PyObject *
570crypto_NetscapeSPKI(PyObject *spam, PyObject *args)
571{
572 char *enc = NULL;
573 int enc_len = -1;
574 NETSCAPE_SPKI *spki;
575
576 if (!PyArg_ParseTuple(args, "|s#:NetscapeSPKI", &enc, &enc_len))
577 return NULL;
578
579 if (enc_len >= 0)
580 spki = NETSCAPE_SPKI_b64_decode(enc, enc_len);
581 else
582 spki = NETSCAPE_SPKI_new();
583 if (spki == NULL)
584 {
585 exception_from_error_queue();
586 return NULL;
587 }
588 return (PyObject *)crypto_NetscapeSPKI_New(spki, 1);
589}
590
Jean-Paul Calderone7df40db2008-03-03 15:12:42 -0500591static char crypto_X509_verify_cert_error_string_doc[] = "\n\
592Get X509 verify certificate error string.\n\
593\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400594@param errnum: The error number.\n\
595@return: Error string as a Python string\n\
Jean-Paul Calderone7df40db2008-03-03 15:12:42 -0500596";
597
598static PyObject *
599crypto_X509_verify_cert_error_string(PyObject *spam, PyObject *args)
600{
601 int errnum;
602 const char *str;
603
604 if (!PyArg_ParseTuple(args, "i", &errnum))
605 return NULL;
606
607 str = X509_verify_cert_error_string(errnum);
608 return PyString_FromString(str);
609}
610
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500611/* Methods in the OpenSSL.crypto module (i.e. none) */
612static PyMethodDef crypto_methods[] = {
613 /* Module functions */
614 { "load_privatekey", (PyCFunction)crypto_load_privatekey, METH_VARARGS, crypto_load_privatekey_doc },
615 { "dump_privatekey", (PyCFunction)crypto_dump_privatekey, METH_VARARGS, crypto_dump_privatekey_doc },
616 { "load_certificate", (PyCFunction)crypto_load_certificate, METH_VARARGS, crypto_load_certificate_doc },
617 { "dump_certificate", (PyCFunction)crypto_dump_certificate, METH_VARARGS, crypto_dump_certificate_doc },
618 { "load_certificate_request", (PyCFunction)crypto_load_certificate_request, METH_VARARGS, crypto_load_certificate_request_doc },
619 { "dump_certificate_request", (PyCFunction)crypto_dump_certificate_request, METH_VARARGS, crypto_dump_certificate_request_doc },
620 { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc },
621 { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc },
622 /* Factory functions */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500623 { "X509Req", (PyCFunction)crypto_X509Req, METH_VARARGS, crypto_X509Req_doc },
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500624 { "X509Extension", (PyCFunction)crypto_X509Extension, METH_VARARGS, crypto_X509Extension_doc },
625 { "NetscapeSPKI", (PyCFunction)crypto_NetscapeSPKI, METH_VARARGS, crypto_NetscapeSPKI_doc },
Jean-Paul Calderone7df40db2008-03-03 15:12:42 -0500626 { "X509_verify_cert_error_string", (PyCFunction)crypto_X509_verify_cert_error_string, METH_VARARGS, crypto_X509_verify_cert_error_string_doc },
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500627 { NULL, NULL }
628};
629
Jean-Paul Calderoneaea5d902008-04-26 19:53:39 -0400630
631#ifdef WITH_THREAD
632
633#include <pythread.h>
634
635/**
636 * This array will store all of the mutexes available to OpenSSL.
637 */
638static PyThread_type_lock *mutex_buf = NULL;
639
640
641/**
642 * Callback function supplied to OpenSSL to acquire or release a lock.
643 *
644 */
645static void locking_function(int mode, int n, const char * file, int line) {
646 if (mode & CRYPTO_LOCK) {
647 PyThread_acquire_lock(mutex_buf[n], WAIT_LOCK);
648 } else {
649 PyThread_release_lock(mutex_buf[n]);
650 }
651}
652
653
654/**
655 * Initialize OpenSSL for use from multiple threads.
656 *
657 * Returns: 0 if initialization fails, 1 otherwise.
658 */
659static int init_openssl_threads(void) {
660 int i;
661
662 mutex_buf = (PyThread_type_lock *)malloc(
663 CRYPTO_num_locks() * sizeof(PyThread_type_lock));
664 if (!mutex_buf) {
665 return 0;
666 }
667 for (i = 0; i < CRYPTO_num_locks(); ++i) {
668 mutex_buf[i] = PyThread_allocate_lock();
669 }
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500670 CRYPTO_set_id_callback((unsigned long (*)(void))PyThread_get_thread_ident);
Jean-Paul Calderoneaea5d902008-04-26 19:53:39 -0400671 CRYPTO_set_locking_callback(locking_function);
672 return 1;
673}
674
675/* /\** */
676/* * Clean up after OpenSSL thread initialization. */
677/* *\/ */
678/* static int deinit_openssl_threads() { */
679/* int i; */
680
681/* if (!mutex_buf) { */
682/* return 0; */
683/* } */
684/* CRYPTO_set_id_callback(NULL); */
685/* CRYPTO_set_locking_callback(NULL); */
686/* for (i = 0; i < CRYPTO_num_locks(); i++) { */
687/* PyThread_free_lock(mutex_buf[i]); */
688/* } */
689/* free(mutex_buf); */
690/* mutex_buf = NULL; */
691/* return 1; */
692/* } */
693
694#endif
695
696
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500697/*
698 * Initialize crypto sub module
699 *
700 * Arguments: None
701 * Returns: None
702 */
703void
704initcrypto(void)
705{
706 static void *crypto_API[crypto_API_pointers];
707 PyObject *c_api_object;
708 PyObject *module, *dict;
709
710 ERR_load_crypto_strings();
711 OpenSSL_add_all_algorithms();
712
713 if ((module = Py_InitModule3("crypto", crypto_methods, crypto_doc)) == NULL)
714 return;
715
716 /* Initialize the C API pointer array */
717 crypto_API[crypto_X509_New_NUM] = (void *)crypto_X509_New;
718 crypto_API[crypto_X509Name_New_NUM] = (void *)crypto_X509Name_New;
719 crypto_API[crypto_X509Req_New_NUM] = (void *)crypto_X509Req_New;
720 crypto_API[crypto_X509Store_New_NUM] = (void *)crypto_X509Store_New;
721 crypto_API[crypto_PKey_New_NUM] = (void *)crypto_PKey_New;
722 crypto_API[crypto_X509Extension_New_NUM] = (void *)crypto_X509Extension_New;
723 crypto_API[crypto_PKCS7_New_NUM] = (void *)crypto_PKCS7_New;
724 crypto_API[crypto_NetscapeSPKI_New_NUM] = (void *)crypto_NetscapeSPKI_New;
725 c_api_object = PyCObject_FromVoidPtr((void *)crypto_API, NULL);
726 if (c_api_object != NULL)
727 PyModule_AddObject(module, "_C_API", c_api_object);
728
729 crypto_Error = PyErr_NewException("OpenSSL.crypto.Error", NULL, NULL);
730 if (crypto_Error == NULL)
731 goto error;
732 if (PyModule_AddObject(module, "Error", crypto_Error) != 0)
733 goto error;
734
735 PyModule_AddIntConstant(module, "FILETYPE_PEM", X509_FILETYPE_PEM);
736 PyModule_AddIntConstant(module, "FILETYPE_ASN1", X509_FILETYPE_ASN1);
Rick Dean5b7b6372009-04-01 11:34:06 -0500737 PyModule_AddIntConstant(module, "FILETYPE_TEXT", X509_FILETYPE_TEXT);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500738
739 PyModule_AddIntConstant(module, "TYPE_RSA", crypto_TYPE_RSA);
740 PyModule_AddIntConstant(module, "TYPE_DSA", crypto_TYPE_DSA);
741
742 dict = PyModule_GetDict(module);
Jean-Paul Calderoneaea5d902008-04-26 19:53:39 -0400743#ifdef WITH_THREAD
744 if (!init_openssl_threads())
745 goto error;
746#endif
Jean-Paul Calderone2e1da572009-06-27 10:44:00 -0400747 if (!init_crypto_x509(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500748 goto error;
Jean-Paul Calderone2cd7a922009-06-27 11:02:46 -0400749 if (!init_crypto_x509name(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500750 goto error;
751 if (!init_crypto_x509store(dict))
752 goto error;
753 if (!init_crypto_x509req(dict))
754 goto error;
Jean-Paul Calderone2e1da572009-06-27 10:44:00 -0400755 if (!init_crypto_pkey(module))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500756 goto error;
757 if (!init_crypto_x509extension(dict))
758 goto error;
759 if (!init_crypto_pkcs7(dict))
760 goto error;
761 if (!init_crypto_pkcs12(dict))
762 goto error;
763 if (!init_crypto_netscape_spki(dict))
764 goto error;
765
766error:
767 ;
768}
769