1 /* SSL socket module
2
3 SSL support based on patches by Brian E Gallew and Laszlo Kovacs.
4 Re-worked a bit by Bill Janssen to add server-side support and
5 certificate decoding. Chris Stawarz contributed some non-blocking
6 patches.
7
8 This module is imported by ssl.py. It should *not* be used
9 directly.
10
11 XXX should partial writes be enabled, SSL_MODE_ENABLE_PARTIAL_WRITE?
12
13 XXX integrate several "shutdown modes" as suggested in
14 http://bugs.python.org/issue8108#msg102867 ?
15 */
16
17 #define PY_SSIZE_T_CLEAN
18
19 #include "Python.h"
20
21 #include "pythread.h"
22
23 /* Redefined below for Windows debug builds after important #includes */
24 #define _PySSL_FIX_ERRNO
25
26 #define PySSL_BEGIN_ALLOW_THREADS_S(save) \
27 do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0)
28 #define PySSL_END_ALLOW_THREADS_S(save) \
29 do { if (_ssl_locks_count>0) { PyEval_RestoreThread(save); } _PySSL_FIX_ERRNO; } while (0)
30 #define PySSL_BEGIN_ALLOW_THREADS { \
31 PyThreadState *_save = NULL; \
32 PySSL_BEGIN_ALLOW_THREADS_S(_save);
33 #define PySSL_BLOCK_THREADS PySSL_END_ALLOW_THREADS_S(_save);
34 #define PySSL_UNBLOCK_THREADS PySSL_BEGIN_ALLOW_THREADS_S(_save);
35 #define PySSL_END_ALLOW_THREADS PySSL_END_ALLOW_THREADS_S(_save); }
36
37 /* Include symbols from _socket module */
38 #include "socketmodule.h"
39
40 static PySocketModule_APIObject PySocketModule;
41
42 #if defined(HAVE_POLL_H)
43 #include <poll.h>
44 #elif defined(HAVE_SYS_POLL_H)
45 #include <sys/poll.h>
46 #endif
47
48 /* Don't warn about deprecated functions */
49 #ifdef __GNUC__
50 #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
51 #endif
52 #ifdef __clang__
53 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
54 #endif
55
56 /* Include OpenSSL header files */
57 #include "openssl/rsa.h"
58 #include "openssl/crypto.h"
59 #include "openssl/x509.h"
60 #include "openssl/x509v3.h"
61 #include "openssl/pem.h"
62 #include "openssl/ssl.h"
63 #include "openssl/err.h"
64 #include "openssl/rand.h"
65 #include "openssl/bio.h"
66 #include "openssl/dh.h"
67
68 #ifndef HAVE_X509_VERIFY_PARAM_SET1_HOST
69 # ifdef LIBRESSL_VERSION_NUMBER
70 # error "LibreSSL is missing X509_VERIFY_PARAM_set1_host(), see https://github.com/libressl-portable/portable/issues/381"
71 # elif OPENSSL_VERSION_NUMBER > 0x1000200fL
72 # define HAVE_X509_VERIFY_PARAM_SET1_HOST
73 # else
74 # error "libssl is too old and does not support X509_VERIFY_PARAM_set1_host()"
75 # endif
76 #endif
77
78 #ifndef OPENSSL_THREADS
79 # error "OPENSSL_THREADS is not defined, Python requires thread-safe OpenSSL"
80 #endif
81
82 /* SSL error object */
83 static PyObject *PySSLErrorObject;
84 static PyObject *PySSLCertVerificationErrorObject;
85 static PyObject *PySSLZeroReturnErrorObject;
86 static PyObject *PySSLWantReadErrorObject;
87 static PyObject *PySSLWantWriteErrorObject;
88 static PyObject *PySSLSyscallErrorObject;
89 static PyObject *PySSLEOFErrorObject;
90
91 /* Error mappings */
92 static PyObject *err_codes_to_names;
93 static PyObject *err_names_to_codes;
94 static PyObject *lib_codes_to_names;
95
96 struct py_ssl_error_code {
97 const char *mnemonic;
98 int library, reason;
99 };
100 struct py_ssl_library_code {
101 const char *library;
102 int code;
103 };
104
105 #if defined(MS_WINDOWS) && defined(Py_DEBUG)
106 /* Debug builds on Windows rely on getting errno directly from OpenSSL.
107 * However, because it uses a different CRT, we need to transfer the
108 * value of errno from OpenSSL into our debug CRT.
109 *
110 * Don't be fooled - this is horribly ugly code. The only reasonable
111 * alternative is to do both debug and release builds of OpenSSL, which
112 * requires much uglier code to transform their automatically generated
113 * makefile. This is the lesser of all the evils.
114 */
115
_PySSLFixErrno(void)116 static void _PySSLFixErrno(void) {
117 HMODULE ucrtbase = GetModuleHandleW(L"ucrtbase.dll");
118 if (!ucrtbase) {
119 /* If ucrtbase.dll is not loaded but the SSL DLLs are, we likely
120 * have a catastrophic failure, but this function is not the
121 * place to raise it. */
122 return;
123 }
124
125 typedef int *(__stdcall *errno_func)(void);
126 errno_func ssl_errno = (errno_func)GetProcAddress(ucrtbase, "_errno");
127 if (ssl_errno) {
128 errno = *ssl_errno();
129 *ssl_errno() = 0;
130 } else {
131 errno = ENOTRECOVERABLE;
132 }
133 }
134
135 #undef _PySSL_FIX_ERRNO
136 #define _PySSL_FIX_ERRNO _PySSLFixErrno()
137 #endif
138
139 /* Include generated data (error codes) */
140 #include "_ssl_data.h"
141
142 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
143 # define OPENSSL_VERSION_1_1 1
144 # define PY_OPENSSL_1_1_API 1
145 #endif
146
147 /* OpenSSL API compat */
148 #ifdef OPENSSL_API_COMPAT
149 #if OPENSSL_API_COMPAT >= 0x10100000L
150
151 /* OpenSSL API 1.1.0+ does not include version methods */
152 #ifndef OPENSSL_NO_TLS1_METHOD
153 #define OPENSSL_NO_TLS1_METHOD 1
154 #endif
155 #ifndef OPENSSL_NO_TLS1_1_METHOD
156 #define OPENSSL_NO_TLS1_1_METHOD 1
157 #endif
158 #ifndef OPENSSL_NO_TLS1_2_METHOD
159 #define OPENSSL_NO_TLS1_2_METHOD 1
160 #endif
161
162 #endif /* >= 1.1.0 compcat */
163 #endif /* OPENSSL_API_COMPAT */
164
165 /* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
166 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
167 # define PY_OPENSSL_1_1_API 1
168 #endif
169
170 /* SNI support (client- and server-side) appeared in OpenSSL 1.0.0 and 0.9.8f
171 * This includes the SSL_set_SSL_CTX() function.
172 */
173 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
174 # define HAVE_SNI 1
175 #else
176 # define HAVE_SNI 0
177 #endif
178
179 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
180 # define HAVE_ALPN 1
181 #else
182 # define HAVE_ALPN 0
183 #endif
184
185 /* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped
186 * NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility
187 * reasons. The check for TLSEXT_TYPE_next_proto_neg works with
188 * OpenSSL 1.0.1+ and LibreSSL.
189 * OpenSSL 1.1.1-pre1 dropped NPN but still has TLSEXT_TYPE_next_proto_neg.
190 */
191 #ifdef OPENSSL_NO_NEXTPROTONEG
192 # define HAVE_NPN 0
193 #elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
194 # define HAVE_NPN 0
195 #elif defined(TLSEXT_TYPE_next_proto_neg)
196 # define HAVE_NPN 1
197 #else
198 # define HAVE_NPN 0
199 #endif
200
201 #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
202 #define HAVE_OPENSSL_KEYLOG 1
203 #endif
204
205 #ifndef INVALID_SOCKET /* MS defines this */
206 #define INVALID_SOCKET (-1)
207 #endif
208
209 /* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
210 #ifndef OPENSSL_VERSION_1_1
211 #define HAVE_OPENSSL_CRYPTO_LOCK
212 #endif
213
214 #if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
215 #define OPENSSL_NO_SSL2
216 #endif
217
218 #ifndef PY_OPENSSL_1_1_API
219 /* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
220
221 #define TLS_method SSLv23_method
222 #define TLS_client_method SSLv23_client_method
223 #define TLS_server_method SSLv23_server_method
224 #define ASN1_STRING_get0_data ASN1_STRING_data
225 #define X509_get0_notBefore X509_get_notBefore
226 #define X509_get0_notAfter X509_get_notAfter
227 #define OpenSSL_version_num SSLeay
228 #define OpenSSL_version SSLeay_version
229 #define OPENSSL_VERSION SSLEAY_VERSION
230
X509_NAME_ENTRY_set(const X509_NAME_ENTRY * ne)231 static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
232 {
233 return ne->set;
234 }
235
236 #ifndef OPENSSL_NO_COMP
237 /* LCOV_EXCL_START */
COMP_get_type(const COMP_METHOD * meth)238 static int COMP_get_type(const COMP_METHOD *meth)
239 {
240 return meth->type;
241 }
242 /* LCOV_EXCL_STOP */
243 #endif
244
SSL_CTX_get_default_passwd_cb(SSL_CTX * ctx)245 static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
246 {
247 return ctx->default_passwd_callback;
248 }
249
SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX * ctx)250 static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
251 {
252 return ctx->default_passwd_callback_userdata;
253 }
254
X509_OBJECT_get_type(X509_OBJECT * x)255 static int X509_OBJECT_get_type(X509_OBJECT *x)
256 {
257 return x->type;
258 }
259
X509_OBJECT_get0_X509(X509_OBJECT * x)260 static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x)
261 {
262 return x->data.x509;
263 }
264
BIO_up_ref(BIO * b)265 static int BIO_up_ref(BIO *b)
266 {
267 CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
268 return 1;
269 }
270
STACK_OF(X509_OBJECT)271 static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) {
272 return store->objs;
273 }
274
275 static int
SSL_SESSION_has_ticket(const SSL_SESSION * s)276 SSL_SESSION_has_ticket(const SSL_SESSION *s)
277 {
278 return (s->tlsext_ticklen > 0) ? 1 : 0;
279 }
280
281 static unsigned long
SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION * s)282 SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
283 {
284 return s->tlsext_tick_lifetime_hint;
285 }
286
287 #endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
288
289 /* Default cipher suites */
290 #ifndef PY_SSL_DEFAULT_CIPHERS
291 #define PY_SSL_DEFAULT_CIPHERS 1
292 #endif
293
294 #if PY_SSL_DEFAULT_CIPHERS == 0
295 #ifndef PY_SSL_DEFAULT_CIPHER_STRING
296 #error "Py_SSL_DEFAULT_CIPHERS 0 needs Py_SSL_DEFAULT_CIPHER_STRING"
297 #endif
298 #elif PY_SSL_DEFAULT_CIPHERS == 1
299 /* Python custom selection of sensible cipher suites
300 * DEFAULT: OpenSSL's default cipher list. Since 1.0.2 the list is in sensible order.
301 * !aNULL:!eNULL: really no NULL ciphers
302 * !MD5:!3DES:!DES:!RC4:!IDEA:!SEED: no weak or broken algorithms on old OpenSSL versions.
303 * !aDSS: no authentication with discrete logarithm DSA algorithm
304 * !SRP:!PSK: no secure remote password or pre-shared key authentication
305 */
306 #define PY_SSL_DEFAULT_CIPHER_STRING "DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK"
307 #elif PY_SSL_DEFAULT_CIPHERS == 2
308 /* Ignored in SSLContext constructor, only used to as _ssl.DEFAULT_CIPHER_STRING */
309 #define PY_SSL_DEFAULT_CIPHER_STRING SSL_DEFAULT_CIPHER_LIST
310 #else
311 #error "Unsupported PY_SSL_DEFAULT_CIPHERS"
312 #endif
313
314
315 enum py_ssl_error {
316 /* these mirror ssl.h */
317 PY_SSL_ERROR_NONE,
318 PY_SSL_ERROR_SSL,
319 PY_SSL_ERROR_WANT_READ,
320 PY_SSL_ERROR_WANT_WRITE,
321 PY_SSL_ERROR_WANT_X509_LOOKUP,
322 PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */
323 PY_SSL_ERROR_ZERO_RETURN,
324 PY_SSL_ERROR_WANT_CONNECT,
325 /* start of non ssl.h errorcodes */
326 PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */
327 PY_SSL_ERROR_NO_SOCKET, /* socket has been GC'd */
328 PY_SSL_ERROR_INVALID_ERROR_CODE
329 };
330
331 enum py_ssl_server_or_client {
332 PY_SSL_CLIENT,
333 PY_SSL_SERVER
334 };
335
336 enum py_ssl_cert_requirements {
337 PY_SSL_CERT_NONE,
338 PY_SSL_CERT_OPTIONAL,
339 PY_SSL_CERT_REQUIRED
340 };
341
342 enum py_ssl_version {
343 PY_SSL_VERSION_SSL2,
344 PY_SSL_VERSION_SSL3=1,
345 PY_SSL_VERSION_TLS, /* SSLv23 */
346 PY_SSL_VERSION_TLS1,
347 PY_SSL_VERSION_TLS1_1,
348 PY_SSL_VERSION_TLS1_2,
349 PY_SSL_VERSION_TLS_CLIENT=0x10,
350 PY_SSL_VERSION_TLS_SERVER,
351 };
352
353 enum py_proto_version {
354 PY_PROTO_MINIMUM_SUPPORTED = -2,
355 PY_PROTO_SSLv3 = SSL3_VERSION,
356 PY_PROTO_TLSv1 = TLS1_VERSION,
357 PY_PROTO_TLSv1_1 = TLS1_1_VERSION,
358 PY_PROTO_TLSv1_2 = TLS1_2_VERSION,
359 #ifdef TLS1_3_VERSION
360 PY_PROTO_TLSv1_3 = TLS1_3_VERSION,
361 #else
362 PY_PROTO_TLSv1_3 = 0x304,
363 #endif
364 PY_PROTO_MAXIMUM_SUPPORTED = -1,
365
366 /* OpenSSL has no dedicated API to set the minimum version to the maximum
367 * available version, and the other way around. We have to figure out the
368 * minimum and maximum available version on our own and hope for the best.
369 */
370 #if defined(SSL3_VERSION) && !defined(OPENSSL_NO_SSL3)
371 PY_PROTO_MINIMUM_AVAILABLE = PY_PROTO_SSLv3,
372 #elif defined(TLS1_VERSION) && !defined(OPENSSL_NO_TLS1)
373 PY_PROTO_MINIMUM_AVAILABLE = PY_PROTO_TLSv1,
374 #elif defined(TLS1_1_VERSION) && !defined(OPENSSL_NO_TLS1_1)
375 PY_PROTO_MINIMUM_AVAILABLE = PY_PROTO_TLSv1_1,
376 #elif defined(TLS1_2_VERSION) && !defined(OPENSSL_NO_TLS1_2)
377 PY_PROTO_MINIMUM_AVAILABLE = PY_PROTO_TLSv1_2,
378 #elif defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3)
379 PY_PROTO_MINIMUM_AVAILABLE = PY_PROTO_TLSv1_3,
380 #else
381 #error "PY_PROTO_MINIMUM_AVAILABLE not found"
382 #endif
383
384 #if defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3)
385 PY_PROTO_MAXIMUM_AVAILABLE = PY_PROTO_TLSv1_3,
386 #elif defined(TLS1_2_VERSION) && !defined(OPENSSL_NO_TLS1_2)
387 PY_PROTO_MAXIMUM_AVAILABLE = PY_PROTO_TLSv1_2,
388 #elif defined(TLS1_1_VERSION) && !defined(OPENSSL_NO_TLS1_1)
389 PY_PROTO_MAXIMUM_AVAILABLE = PY_PROTO_TLSv1_1,
390 #elif defined(TLS1_VERSION) && !defined(OPENSSL_NO_TLS1)
391 PY_PROTO_MAXIMUM_AVAILABLE = PY_PROTO_TLSv1,
392 #elif defined(SSL3_VERSION) && !defined(OPENSSL_NO_SSL3)
393 PY_PROTO_MAXIMUM_AVAILABLE = PY_PROTO_SSLv3,
394 #else
395 #error "PY_PROTO_MAXIMUM_AVAILABLE not found"
396 #endif
397 };
398
399
400 /* serves as a flag to see whether we've initialized the SSL thread support. */
401 /* 0 means no, greater than 0 means yes */
402
403 static unsigned int _ssl_locks_count = 0;
404
405 /* SSL socket object */
406
407 #define X509_NAME_MAXLEN 256
408
409 /* SSL_CTX_clear_options() and SSL_clear_options() were first added in
410 * OpenSSL 0.9.8m but do not appear in some 0.9.9-dev versions such the
411 * 0.9.9 from "May 2008" that NetBSD 5.0 uses. */
412 #if OPENSSL_VERSION_NUMBER >= 0x009080dfL && OPENSSL_VERSION_NUMBER != 0x00909000L
413 # define HAVE_SSL_CTX_CLEAR_OPTIONS
414 #else
415 # undef HAVE_SSL_CTX_CLEAR_OPTIONS
416 #endif
417
418 /* In case of 'tls-unique' it will be 12 bytes for TLS, 36 bytes for
419 * older SSL, but let's be safe */
420 #define PySSL_CB_MAXLEN 128
421
422
423 typedef struct {
424 PyObject_HEAD
425 SSL_CTX *ctx;
426 #if HAVE_NPN
427 unsigned char *npn_protocols;
428 int npn_protocols_len;
429 #endif
430 #if HAVE_ALPN
431 unsigned char *alpn_protocols;
432 unsigned int alpn_protocols_len;
433 #endif
434 #ifndef OPENSSL_NO_TLSEXT
435 PyObject *set_sni_cb;
436 #endif
437 int check_hostname;
438 /* OpenSSL has no API to get hostflags from X509_VERIFY_PARAM* struct.
439 * We have to maintain our own copy. OpenSSL's hostflags default to 0.
440 */
441 unsigned int hostflags;
442 int protocol;
443 #ifdef TLS1_3_VERSION
444 int post_handshake_auth;
445 #endif
446 PyObject *msg_cb;
447 #ifdef HAVE_OPENSSL_KEYLOG
448 PyObject *keylog_filename;
449 BIO *keylog_bio;
450 #endif
451 } PySSLContext;
452
453 typedef struct {
454 int ssl; /* last seen error from SSL */
455 int c; /* last seen error from libc */
456 #ifdef MS_WINDOWS
457 int ws; /* last seen error from winsock */
458 #endif
459 } _PySSLError;
460
461 typedef struct {
462 PyObject_HEAD
463 PyObject *Socket; /* weakref to socket on which we're layered */
464 SSL *ssl;
465 PySSLContext *ctx; /* weakref to SSL context */
466 char shutdown_seen_zero;
467 enum py_ssl_server_or_client socket_type;
468 PyObject *owner; /* Python level "owner" passed to servername callback */
469 PyObject *server_hostname;
470 _PySSLError err; /* last seen error from various sources */
471 /* Some SSL callbacks don't have error reporting. Callback wrappers
472 * store exception information on the socket. The handshake, read, write,
473 * and shutdown methods check for chained exceptions.
474 */
475 PyObject *exc_type;
476 PyObject *exc_value;
477 PyObject *exc_tb;
478 } PySSLSocket;
479
480 typedef struct {
481 PyObject_HEAD
482 BIO *bio;
483 int eof_written;
484 } PySSLMemoryBIO;
485
486 typedef struct {
487 PyObject_HEAD
488 SSL_SESSION *session;
489 PySSLContext *ctx;
490 } PySSLSession;
491
492 static PyTypeObject PySSLContext_Type;
493 static PyTypeObject PySSLSocket_Type;
494 static PyTypeObject PySSLMemoryBIO_Type;
495 static PyTypeObject PySSLSession_Type;
496
_PySSL_errno(int failed,const SSL * ssl,int retcode)497 static inline _PySSLError _PySSL_errno(int failed, const SSL *ssl, int retcode)
498 {
499 _PySSLError err = { 0 };
500 if (failed) {
501 #ifdef MS_WINDOWS
502 err.ws = WSAGetLastError();
503 _PySSL_FIX_ERRNO;
504 #endif
505 err.c = errno;
506 err.ssl = SSL_get_error(ssl, retcode);
507 }
508 return err;
509 }
510
511 /*[clinic input]
512 module _ssl
513 class _ssl._SSLContext "PySSLContext *" "&PySSLContext_Type"
514 class _ssl._SSLSocket "PySSLSocket *" "&PySSLSocket_Type"
515 class _ssl.MemoryBIO "PySSLMemoryBIO *" "&PySSLMemoryBIO_Type"
516 class _ssl.SSLSession "PySSLSession *" "&PySSLSession_Type"
517 [clinic start generated code]*/
518 /*[clinic end generated code: output=da39a3ee5e6b4b0d input=bdc67fafeeaa8109]*/
519
520 #include "clinic/_ssl.c.h"
521
522 static int PySSL_select(PySocketSockObject *s, int writing, _PyTime_t timeout);
523
524 static int PySSL_set_owner(PySSLSocket *, PyObject *, void *);
525 static int PySSL_set_session(PySSLSocket *, PyObject *, void *);
526 #define PySSLSocket_Check(v) (Py_TYPE(v) == &PySSLSocket_Type)
527 #define PySSLMemoryBIO_Check(v) (Py_TYPE(v) == &PySSLMemoryBIO_Type)
528 #define PySSLSession_Check(v) (Py_TYPE(v) == &PySSLSession_Type)
529
530 typedef enum {
531 SOCKET_IS_NONBLOCKING,
532 SOCKET_IS_BLOCKING,
533 SOCKET_HAS_TIMED_OUT,
534 SOCKET_HAS_BEEN_CLOSED,
535 SOCKET_TOO_LARGE_FOR_SELECT,
536 SOCKET_OPERATION_OK
537 } timeout_state;
538
539 /* Wrap error strings with filename and line # */
540 #define ERRSTR1(x,y,z) (x ":" y ": " z)
541 #define ERRSTR(x) ERRSTR1("_ssl.c", Py_STRINGIFY(__LINE__), x)
542
543 /* Get the socket from a PySSLSocket, if it has one */
544 #define GET_SOCKET(obj) ((obj)->Socket ? \
545 (PySocketSockObject *) PyWeakref_GetObject((obj)->Socket) : NULL)
546
547 /* If sock is NULL, use a timeout of 0 second */
548 #define GET_SOCKET_TIMEOUT(sock) \
549 ((sock != NULL) ? (sock)->sock_timeout : 0)
550
551 #include "_ssl/debughelpers.c"
552
553 /*
554 * SSL errors.
555 */
556
557 PyDoc_STRVAR(SSLError_doc,
558 "An error occurred in the SSL implementation.");
559
560 PyDoc_STRVAR(SSLCertVerificationError_doc,
561 "A certificate could not be verified.");
562
563 PyDoc_STRVAR(SSLZeroReturnError_doc,
564 "SSL/TLS session closed cleanly.");
565
566 PyDoc_STRVAR(SSLWantReadError_doc,
567 "Non-blocking SSL socket needs to read more data\n"
568 "before the requested operation can be completed.");
569
570 PyDoc_STRVAR(SSLWantWriteError_doc,
571 "Non-blocking SSL socket needs to write more data\n"
572 "before the requested operation can be completed.");
573
574 PyDoc_STRVAR(SSLSyscallError_doc,
575 "System error when attempting SSL operation.");
576
577 PyDoc_STRVAR(SSLEOFError_doc,
578 "SSL/TLS connection terminated abruptly.");
579
580 static PyObject *
SSLError_str(PyOSErrorObject * self)581 SSLError_str(PyOSErrorObject *self)
582 {
583 if (self->strerror != NULL && PyUnicode_Check(self->strerror)) {
584 Py_INCREF(self->strerror);
585 return self->strerror;
586 }
587 else
588 return PyObject_Str(self->args);
589 }
590
591 static PyType_Slot sslerror_type_slots[] = {
592 {Py_tp_base, NULL}, /* Filled out in module init as it's not a constant */
593 {Py_tp_doc, (void*)SSLError_doc},
594 {Py_tp_str, SSLError_str},
595 {0, 0},
596 };
597
598 static PyType_Spec sslerror_type_spec = {
599 "ssl.SSLError",
600 sizeof(PyOSErrorObject),
601 0,
602 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
603 sslerror_type_slots
604 };
605
606 static void
fill_and_set_sslerror(PySSLSocket * sslsock,PyObject * type,int ssl_errno,const char * errstr,int lineno,unsigned long errcode)607 fill_and_set_sslerror(PySSLSocket *sslsock, PyObject *type, int ssl_errno,
608 const char *errstr, int lineno, unsigned long errcode)
609 {
610 PyObject *err_value = NULL, *reason_obj = NULL, *lib_obj = NULL;
611 PyObject *verify_obj = NULL, *verify_code_obj = NULL;
612 PyObject *init_value, *msg, *key;
613 _Py_IDENTIFIER(reason);
614 _Py_IDENTIFIER(library);
615 _Py_IDENTIFIER(verify_message);
616 _Py_IDENTIFIER(verify_code);
617
618 if (errcode != 0) {
619 int lib, reason;
620
621 lib = ERR_GET_LIB(errcode);
622 reason = ERR_GET_REASON(errcode);
623 key = Py_BuildValue("ii", lib, reason);
624 if (key == NULL)
625 goto fail;
626 reason_obj = PyDict_GetItemWithError(err_codes_to_names, key);
627 Py_DECREF(key);
628 if (reason_obj == NULL && PyErr_Occurred()) {
629 goto fail;
630 }
631 key = PyLong_FromLong(lib);
632 if (key == NULL)
633 goto fail;
634 lib_obj = PyDict_GetItemWithError(lib_codes_to_names, key);
635 Py_DECREF(key);
636 if (lib_obj == NULL && PyErr_Occurred()) {
637 goto fail;
638 }
639 if (errstr == NULL)
640 errstr = ERR_reason_error_string(errcode);
641 }
642 if (errstr == NULL)
643 errstr = "unknown error";
644
645 /* verify code for cert validation error */
646 if ((sslsock != NULL) && (type == PySSLCertVerificationErrorObject)) {
647 const char *verify_str = NULL;
648 long verify_code;
649
650 verify_code = SSL_get_verify_result(sslsock->ssl);
651 verify_code_obj = PyLong_FromLong(verify_code);
652 if (verify_code_obj == NULL) {
653 goto fail;
654 }
655
656 switch (verify_code) {
657 #ifdef X509_V_ERR_HOSTNAME_MISMATCH
658 /* OpenSSL >= 1.0.2, LibreSSL >= 2.5.3 */
659 case X509_V_ERR_HOSTNAME_MISMATCH:
660 verify_obj = PyUnicode_FromFormat(
661 "Hostname mismatch, certificate is not valid for '%S'.",
662 sslsock->server_hostname
663 );
664 break;
665 #endif
666 #ifdef X509_V_ERR_IP_ADDRESS_MISMATCH
667 case X509_V_ERR_IP_ADDRESS_MISMATCH:
668 verify_obj = PyUnicode_FromFormat(
669 "IP address mismatch, certificate is not valid for '%S'.",
670 sslsock->server_hostname
671 );
672 break;
673 #endif
674 default:
675 verify_str = X509_verify_cert_error_string(verify_code);
676 if (verify_str != NULL) {
677 verify_obj = PyUnicode_FromString(verify_str);
678 } else {
679 verify_obj = Py_None;
680 Py_INCREF(verify_obj);
681 }
682 break;
683 }
684 if (verify_obj == NULL) {
685 goto fail;
686 }
687 }
688
689 if (verify_obj && reason_obj && lib_obj)
690 msg = PyUnicode_FromFormat("[%S: %S] %s: %S (_ssl.c:%d)",
691 lib_obj, reason_obj, errstr, verify_obj,
692 lineno);
693 else if (reason_obj && lib_obj)
694 msg = PyUnicode_FromFormat("[%S: %S] %s (_ssl.c:%d)",
695 lib_obj, reason_obj, errstr, lineno);
696 else if (lib_obj)
697 msg = PyUnicode_FromFormat("[%S] %s (_ssl.c:%d)",
698 lib_obj, errstr, lineno);
699 else
700 msg = PyUnicode_FromFormat("%s (_ssl.c:%d)", errstr, lineno);
701 if (msg == NULL)
702 goto fail;
703
704 init_value = Py_BuildValue("iN", ERR_GET_REASON(ssl_errno), msg);
705 if (init_value == NULL)
706 goto fail;
707
708 err_value = PyObject_CallObject(type, init_value);
709 Py_DECREF(init_value);
710 if (err_value == NULL)
711 goto fail;
712
713 if (reason_obj == NULL)
714 reason_obj = Py_None;
715 if (_PyObject_SetAttrId(err_value, &PyId_reason, reason_obj))
716 goto fail;
717
718 if (lib_obj == NULL)
719 lib_obj = Py_None;
720 if (_PyObject_SetAttrId(err_value, &PyId_library, lib_obj))
721 goto fail;
722
723 if ((sslsock != NULL) && (type == PySSLCertVerificationErrorObject)) {
724 /* Only set verify code / message for SSLCertVerificationError */
725 if (_PyObject_SetAttrId(err_value, &PyId_verify_code,
726 verify_code_obj))
727 goto fail;
728 if (_PyObject_SetAttrId(err_value, &PyId_verify_message, verify_obj))
729 goto fail;
730 }
731
732 PyErr_SetObject(type, err_value);
733 fail:
734 Py_XDECREF(err_value);
735 Py_XDECREF(verify_code_obj);
736 Py_XDECREF(verify_obj);
737 }
738
739 static int
PySSL_ChainExceptions(PySSLSocket * sslsock)740 PySSL_ChainExceptions(PySSLSocket *sslsock) {
741 if (sslsock->exc_type == NULL)
742 return 0;
743
744 _PyErr_ChainExceptions(sslsock->exc_type, sslsock->exc_value, sslsock->exc_tb);
745 sslsock->exc_type = NULL;
746 sslsock->exc_value = NULL;
747 sslsock->exc_tb = NULL;
748 return -1;
749 }
750
751 static PyObject *
PySSL_SetError(PySSLSocket * sslsock,int ret,const char * filename,int lineno)752 PySSL_SetError(PySSLSocket *sslsock, int ret, const char *filename, int lineno)
753 {
754 PyObject *type = PySSLErrorObject;
755 char *errstr = NULL;
756 _PySSLError err;
757 enum py_ssl_error p = PY_SSL_ERROR_NONE;
758 unsigned long e = 0;
759
760 assert(ret <= 0);
761 e = ERR_peek_last_error();
762
763 if (sslsock->ssl != NULL) {
764 err = sslsock->err;
765
766 switch (err.ssl) {
767 case SSL_ERROR_ZERO_RETURN:
768 errstr = "TLS/SSL connection has been closed (EOF)";
769 type = PySSLZeroReturnErrorObject;
770 p = PY_SSL_ERROR_ZERO_RETURN;
771 break;
772 case SSL_ERROR_WANT_READ:
773 errstr = "The operation did not complete (read)";
774 type = PySSLWantReadErrorObject;
775 p = PY_SSL_ERROR_WANT_READ;
776 break;
777 case SSL_ERROR_WANT_WRITE:
778 p = PY_SSL_ERROR_WANT_WRITE;
779 type = PySSLWantWriteErrorObject;
780 errstr = "The operation did not complete (write)";
781 break;
782 case SSL_ERROR_WANT_X509_LOOKUP:
783 p = PY_SSL_ERROR_WANT_X509_LOOKUP;
784 errstr = "The operation did not complete (X509 lookup)";
785 break;
786 case SSL_ERROR_WANT_CONNECT:
787 p = PY_SSL_ERROR_WANT_CONNECT;
788 errstr = "The operation did not complete (connect)";
789 break;
790 case SSL_ERROR_SYSCALL:
791 {
792 if (e == 0) {
793 PySocketSockObject *s = GET_SOCKET(sslsock);
794 if (ret == 0 || (((PyObject *)s) == Py_None)) {
795 p = PY_SSL_ERROR_EOF;
796 type = PySSLEOFErrorObject;
797 errstr = "EOF occurred in violation of protocol";
798 } else if (s && ret == -1) {
799 /* underlying BIO reported an I/O error */
800 ERR_clear_error();
801 #ifdef MS_WINDOWS
802 if (err.ws) {
803 return PyErr_SetFromWindowsErr(err.ws);
804 }
805 #endif
806 if (err.c) {
807 errno = err.c;
808 return PyErr_SetFromErrno(PyExc_OSError);
809 }
810 Py_INCREF(s);
811 s->errorhandler();
812 Py_DECREF(s);
813 return NULL;
814 } else { /* possible? */
815 p = PY_SSL_ERROR_SYSCALL;
816 type = PySSLSyscallErrorObject;
817 errstr = "Some I/O error occurred";
818 }
819 } else {
820 p = PY_SSL_ERROR_SYSCALL;
821 }
822 break;
823 }
824 case SSL_ERROR_SSL:
825 {
826 p = PY_SSL_ERROR_SSL;
827 if (e == 0) {
828 /* possible? */
829 errstr = "A failure in the SSL library occurred";
830 }
831 if (ERR_GET_LIB(e) == ERR_LIB_SSL &&
832 ERR_GET_REASON(e) == SSL_R_CERTIFICATE_VERIFY_FAILED) {
833 type = PySSLCertVerificationErrorObject;
834 }
835 break;
836 }
837 default:
838 p = PY_SSL_ERROR_INVALID_ERROR_CODE;
839 errstr = "Invalid error code";
840 }
841 }
842 fill_and_set_sslerror(sslsock, type, p, errstr, lineno, e);
843 ERR_clear_error();
844 PySSL_ChainExceptions(sslsock);
845 return NULL;
846 }
847
848 static PyObject *
_setSSLError(const char * errstr,int errcode,const char * filename,int lineno)849 _setSSLError (const char *errstr, int errcode, const char *filename, int lineno) {
850
851 if (errstr == NULL)
852 errcode = ERR_peek_last_error();
853 else
854 errcode = 0;
855 fill_and_set_sslerror(NULL, PySSLErrorObject, errcode, errstr, lineno, errcode);
856 ERR_clear_error();
857 return NULL;
858 }
859
860 /*
861 * SSL objects
862 */
863
864 static int
_ssl_configure_hostname(PySSLSocket * self,const char * server_hostname)865 _ssl_configure_hostname(PySSLSocket *self, const char* server_hostname)
866 {
867 int retval = -1;
868 ASN1_OCTET_STRING *ip;
869 PyObject *hostname;
870 size_t len;
871
872 assert(server_hostname);
873
874 /* Disable OpenSSL's special mode with leading dot in hostname:
875 * When name starts with a dot (e.g ".example.com"), it will be
876 * matched by a certificate valid for any sub-domain of name.
877 */
878 len = strlen(server_hostname);
879 if (len == 0 || *server_hostname == '.') {
880 PyErr_SetString(
881 PyExc_ValueError,
882 "server_hostname cannot be an empty string or start with a "
883 "leading dot.");
884 return retval;
885 }
886
887 /* inet_pton is not available on all platforms. */
888 ip = a2i_IPADDRESS(server_hostname);
889 if (ip == NULL) {
890 ERR_clear_error();
891 }
892
893 hostname = PyUnicode_Decode(server_hostname, len, "ascii", "strict");
894 if (hostname == NULL) {
895 goto error;
896 }
897 self->server_hostname = hostname;
898
899 /* Only send SNI extension for non-IP hostnames */
900 if (ip == NULL) {
901 if (!SSL_set_tlsext_host_name(self->ssl, server_hostname)) {
902 _setSSLError(NULL, 0, __FILE__, __LINE__);
903 }
904 }
905 if (self->ctx->check_hostname) {
906 X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
907 if (ip == NULL) {
908 if (!X509_VERIFY_PARAM_set1_host(param, server_hostname,
909 strlen(server_hostname))) {
910 _setSSLError(NULL, 0, __FILE__, __LINE__);
911 goto error;
912 }
913 } else {
914 if (!X509_VERIFY_PARAM_set1_ip(param, ASN1_STRING_get0_data(ip),
915 ASN1_STRING_length(ip))) {
916 _setSSLError(NULL, 0, __FILE__, __LINE__);
917 goto error;
918 }
919 }
920 }
921 retval = 0;
922 error:
923 if (ip != NULL) {
924 ASN1_OCTET_STRING_free(ip);
925 }
926 return retval;
927 }
928
929 static PySSLSocket *
newPySSLSocket(PySSLContext * sslctx,PySocketSockObject * sock,enum py_ssl_server_or_client socket_type,char * server_hostname,PyObject * owner,PyObject * session,PySSLMemoryBIO * inbio,PySSLMemoryBIO * outbio)930 newPySSLSocket(PySSLContext *sslctx, PySocketSockObject *sock,
931 enum py_ssl_server_or_client socket_type,
932 char *server_hostname,
933 PyObject *owner, PyObject *session,
934 PySSLMemoryBIO *inbio, PySSLMemoryBIO *outbio)
935 {
936 PySSLSocket *self;
937 SSL_CTX *ctx = sslctx->ctx;
938 _PySSLError err = { 0 };
939
940 self = PyObject_New(PySSLSocket, &PySSLSocket_Type);
941 if (self == NULL)
942 return NULL;
943
944 self->ssl = NULL;
945 self->Socket = NULL;
946 self->ctx = sslctx;
947 Py_INCREF(sslctx);
948 self->shutdown_seen_zero = 0;
949 self->owner = NULL;
950 self->server_hostname = NULL;
951 self->err = err;
952 self->exc_type = NULL;
953 self->exc_value = NULL;
954 self->exc_tb = NULL;
955
956 /* Make sure the SSL error state is initialized */
957 ERR_clear_error();
958
959 PySSL_BEGIN_ALLOW_THREADS
960 self->ssl = SSL_new(ctx);
961 PySSL_END_ALLOW_THREADS
962 if (self->ssl == NULL) {
963 Py_DECREF(self);
964 _setSSLError(NULL, 0, __FILE__, __LINE__);
965 return NULL;
966 }
967 SSL_set_app_data(self->ssl, self);
968 if (sock) {
969 SSL_set_fd(self->ssl, Py_SAFE_DOWNCAST(sock->sock_fd, SOCKET_T, int));
970 } else {
971 /* BIOs are reference counted and SSL_set_bio borrows our reference.
972 * To prevent a double free in memory_bio_dealloc() we need to take an
973 * extra reference here. */
974 BIO_up_ref(inbio->bio);
975 BIO_up_ref(outbio->bio);
976 SSL_set_bio(self->ssl, inbio->bio, outbio->bio);
977 }
978 SSL_set_mode(self->ssl,
979 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_AUTO_RETRY);
980
981 #ifdef TLS1_3_VERSION
982 if (sslctx->post_handshake_auth == 1) {
983 if (socket_type == PY_SSL_SERVER) {
984 /* bpo-37428: OpenSSL does not ignore SSL_VERIFY_POST_HANDSHAKE.
985 * Set SSL_VERIFY_POST_HANDSHAKE flag only for server sockets and
986 * only in combination with SSL_VERIFY_PEER flag. */
987 int mode = SSL_get_verify_mode(self->ssl);
988 if (mode & SSL_VERIFY_PEER) {
989 int (*verify_cb)(int, X509_STORE_CTX *) = NULL;
990 verify_cb = SSL_get_verify_callback(self->ssl);
991 mode |= SSL_VERIFY_POST_HANDSHAKE;
992 SSL_set_verify(self->ssl, mode, verify_cb);
993 }
994 } else {
995 /* client socket */
996 SSL_set_post_handshake_auth(self->ssl, 1);
997 }
998 }
999 #endif
1000
1001 if (server_hostname != NULL) {
1002 if (_ssl_configure_hostname(self, server_hostname) < 0) {
1003 Py_DECREF(self);
1004 return NULL;
1005 }
1006 }
1007 /* If the socket is in non-blocking mode or timeout mode, set the BIO
1008 * to non-blocking mode (blocking is the default)
1009 */
1010 if (sock && sock->sock_timeout >= 0) {
1011 BIO_set_nbio(SSL_get_rbio(self->ssl), 1);
1012 BIO_set_nbio(SSL_get_wbio(self->ssl), 1);
1013 }
1014
1015 PySSL_BEGIN_ALLOW_THREADS
1016 if (socket_type == PY_SSL_CLIENT)
1017 SSL_set_connect_state(self->ssl);
1018 else
1019 SSL_set_accept_state(self->ssl);
1020 PySSL_END_ALLOW_THREADS
1021
1022 self->socket_type = socket_type;
1023 if (sock != NULL) {
1024 self->Socket = PyWeakref_NewRef((PyObject *) sock, NULL);
1025 if (self->Socket == NULL) {
1026 Py_DECREF(self);
1027 return NULL;
1028 }
1029 }
1030 if (owner && owner != Py_None) {
1031 if (PySSL_set_owner(self, owner, NULL) == -1) {
1032 Py_DECREF(self);
1033 return NULL;
1034 }
1035 }
1036 if (session && session != Py_None) {
1037 if (PySSL_set_session(self, session, NULL) == -1) {
1038 Py_DECREF(self);
1039 return NULL;
1040 }
1041 }
1042 return self;
1043 }
1044
1045 /* SSL object methods */
1046
1047 /*[clinic input]
1048 _ssl._SSLSocket.do_handshake
1049 [clinic start generated code]*/
1050
1051 static PyObject *
_ssl__SSLSocket_do_handshake_impl(PySSLSocket * self)1052 _ssl__SSLSocket_do_handshake_impl(PySSLSocket *self)
1053 /*[clinic end generated code: output=6c0898a8936548f6 input=d2d737de3df018c8]*/
1054 {
1055 int ret;
1056 _PySSLError err;
1057 int sockstate, nonblocking;
1058 PySocketSockObject *sock = GET_SOCKET(self);
1059 _PyTime_t timeout, deadline = 0;
1060 int has_timeout;
1061
1062 if (sock) {
1063 if (((PyObject*)sock) == Py_None) {
1064 _setSSLError("Underlying socket connection gone",
1065 PY_SSL_ERROR_NO_SOCKET, __FILE__, __LINE__);
1066 return NULL;
1067 }
1068 Py_INCREF(sock);
1069
1070 /* just in case the blocking state of the socket has been changed */
1071 nonblocking = (sock->sock_timeout >= 0);
1072 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
1073 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
1074 }
1075
1076 timeout = GET_SOCKET_TIMEOUT(sock);
1077 has_timeout = (timeout > 0);
1078 if (has_timeout)
1079 deadline = _PyTime_GetMonotonicClock() + timeout;
1080
1081 /* Actually negotiate SSL connection */
1082 /* XXX If SSL_do_handshake() returns 0, it's also a failure. */
1083 do {
1084 PySSL_BEGIN_ALLOW_THREADS
1085 ret = SSL_do_handshake(self->ssl);
1086 err = _PySSL_errno(ret < 1, self->ssl, ret);
1087 PySSL_END_ALLOW_THREADS
1088 self->err = err;
1089
1090 if (PyErr_CheckSignals())
1091 goto error;
1092
1093 if (has_timeout)
1094 timeout = deadline - _PyTime_GetMonotonicClock();
1095
1096 if (err.ssl == SSL_ERROR_WANT_READ) {
1097 sockstate = PySSL_select(sock, 0, timeout);
1098 } else if (err.ssl == SSL_ERROR_WANT_WRITE) {
1099 sockstate = PySSL_select(sock, 1, timeout);
1100 } else {
1101 sockstate = SOCKET_OPERATION_OK;
1102 }
1103
1104 if (sockstate == SOCKET_HAS_TIMED_OUT) {
1105 PyErr_SetString(PySocketModule.timeout_error,
1106 ERRSTR("The handshake operation timed out"));
1107 goto error;
1108 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
1109 PyErr_SetString(PySSLErrorObject,
1110 ERRSTR("Underlying socket has been closed."));
1111 goto error;
1112 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
1113 PyErr_SetString(PySSLErrorObject,
1114 ERRSTR("Underlying socket too large for select()."));
1115 goto error;
1116 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
1117 break;
1118 }
1119 } while (err.ssl == SSL_ERROR_WANT_READ ||
1120 err.ssl == SSL_ERROR_WANT_WRITE);
1121 Py_XDECREF(sock);
1122 if (ret < 1)
1123 return PySSL_SetError(self, ret, __FILE__, __LINE__);
1124 if (PySSL_ChainExceptions(self) < 0)
1125 return NULL;
1126 Py_RETURN_NONE;
1127 error:
1128 Py_XDECREF(sock);
1129 PySSL_ChainExceptions(self);
1130 return NULL;
1131 }
1132
1133 static PyObject *
_asn1obj2py(const ASN1_OBJECT * name,int no_name)1134 _asn1obj2py(const ASN1_OBJECT *name, int no_name)
1135 {
1136 char buf[X509_NAME_MAXLEN];
1137 char *namebuf = buf;
1138 int buflen;
1139 PyObject *name_obj = NULL;
1140
1141 buflen = OBJ_obj2txt(namebuf, X509_NAME_MAXLEN, name, no_name);
1142 if (buflen < 0) {
1143 _setSSLError(NULL, 0, __FILE__, __LINE__);
1144 return NULL;
1145 }
1146 /* initial buffer is too small for oid + terminating null byte */
1147 if (buflen > X509_NAME_MAXLEN - 1) {
1148 /* make OBJ_obj2txt() calculate the required buflen */
1149 buflen = OBJ_obj2txt(NULL, 0, name, no_name);
1150 /* allocate len + 1 for terminating NULL byte */
1151 namebuf = PyMem_Malloc(buflen + 1);
1152 if (namebuf == NULL) {
1153 PyErr_NoMemory();
1154 return NULL;
1155 }
1156 buflen = OBJ_obj2txt(namebuf, buflen + 1, name, no_name);
1157 if (buflen < 0) {
1158 _setSSLError(NULL, 0, __FILE__, __LINE__);
1159 goto done;
1160 }
1161 }
1162 if (!buflen && no_name) {
1163 Py_INCREF(Py_None);
1164 name_obj = Py_None;
1165 }
1166 else {
1167 name_obj = PyUnicode_FromStringAndSize(namebuf, buflen);
1168 }
1169
1170 done:
1171 if (buf != namebuf) {
1172 PyMem_Free(namebuf);
1173 }
1174 return name_obj;
1175 }
1176
1177 static PyObject *
_create_tuple_for_attribute(ASN1_OBJECT * name,ASN1_STRING * value)1178 _create_tuple_for_attribute(ASN1_OBJECT *name, ASN1_STRING *value)
1179 {
1180 Py_ssize_t buflen;
1181 unsigned char *valuebuf = NULL;
1182 PyObject *attr;
1183
1184 buflen = ASN1_STRING_to_UTF8(&valuebuf, value);
1185 if (buflen < 0) {
1186 _setSSLError(NULL, 0, __FILE__, __LINE__);
1187 return NULL;
1188 }
1189 attr = Py_BuildValue("Ns#", _asn1obj2py(name, 0), valuebuf, buflen);
1190 OPENSSL_free(valuebuf);
1191 return attr;
1192 }
1193
1194 static PyObject *
_create_tuple_for_X509_NAME(X509_NAME * xname)1195 _create_tuple_for_X509_NAME (X509_NAME *xname)
1196 {
1197 PyObject *dn = NULL; /* tuple which represents the "distinguished name" */
1198 PyObject *rdn = NULL; /* tuple to hold a "relative distinguished name" */
1199 PyObject *rdnt;
1200 PyObject *attr = NULL; /* tuple to hold an attribute */
1201 int entry_count = X509_NAME_entry_count(xname);
1202 X509_NAME_ENTRY *entry;
1203 ASN1_OBJECT *name;
1204 ASN1_STRING *value;
1205 int index_counter;
1206 int rdn_level = -1;
1207 int retcode;
1208
1209 dn = PyList_New(0);
1210 if (dn == NULL)
1211 return NULL;
1212 /* now create another tuple to hold the top-level RDN */
1213 rdn = PyList_New(0);
1214 if (rdn == NULL)
1215 goto fail0;
1216
1217 for (index_counter = 0;
1218 index_counter < entry_count;
1219 index_counter++)
1220 {
1221 entry = X509_NAME_get_entry(xname, index_counter);
1222
1223 /* check to see if we've gotten to a new RDN */
1224 if (rdn_level >= 0) {
1225 if (rdn_level != X509_NAME_ENTRY_set(entry)) {
1226 /* yes, new RDN */
1227 /* add old RDN to DN */
1228 rdnt = PyList_AsTuple(rdn);
1229 Py_DECREF(rdn);
1230 if (rdnt == NULL)
1231 goto fail0;
1232 retcode = PyList_Append(dn, rdnt);
1233 Py_DECREF(rdnt);
1234 if (retcode < 0)
1235 goto fail0;
1236 /* create new RDN */
1237 rdn = PyList_New(0);
1238 if (rdn == NULL)
1239 goto fail0;
1240 }
1241 }
1242 rdn_level = X509_NAME_ENTRY_set(entry);
1243
1244 /* now add this attribute to the current RDN */
1245 name = X509_NAME_ENTRY_get_object(entry);
1246 value = X509_NAME_ENTRY_get_data(entry);
1247 attr = _create_tuple_for_attribute(name, value);
1248 /*
1249 fprintf(stderr, "RDN level %d, attribute %s: %s\n",
1250 entry->set,
1251 PyBytes_AS_STRING(PyTuple_GET_ITEM(attr, 0)),
1252 PyBytes_AS_STRING(PyTuple_GET_ITEM(attr, 1)));
1253 */
1254 if (attr == NULL)
1255 goto fail1;
1256 retcode = PyList_Append(rdn, attr);
1257 Py_DECREF(attr);
1258 if (retcode < 0)
1259 goto fail1;
1260 }
1261 /* now, there's typically a dangling RDN */
1262 if (rdn != NULL) {
1263 if (PyList_GET_SIZE(rdn) > 0) {
1264 rdnt = PyList_AsTuple(rdn);
1265 Py_DECREF(rdn);
1266 if (rdnt == NULL)
1267 goto fail0;
1268 retcode = PyList_Append(dn, rdnt);
1269 Py_DECREF(rdnt);
1270 if (retcode < 0)
1271 goto fail0;
1272 }
1273 else {
1274 Py_DECREF(rdn);
1275 }
1276 }
1277
1278 /* convert list to tuple */
1279 rdnt = PyList_AsTuple(dn);
1280 Py_DECREF(dn);
1281 if (rdnt == NULL)
1282 return NULL;
1283 return rdnt;
1284
1285 fail1:
1286 Py_XDECREF(rdn);
1287
1288 fail0:
1289 Py_XDECREF(dn);
1290 return NULL;
1291 }
1292
1293 static PyObject *
_get_peer_alt_names(X509 * certificate)1294 _get_peer_alt_names (X509 *certificate) {
1295
1296 /* this code follows the procedure outlined in
1297 OpenSSL's crypto/x509v3/v3_prn.c:X509v3_EXT_print()
1298 function to extract the STACK_OF(GENERAL_NAME),
1299 then iterates through the stack to add the
1300 names. */
1301
1302 int j;
1303 PyObject *peer_alt_names = Py_None;
1304 PyObject *v = NULL, *t;
1305 GENERAL_NAMES *names = NULL;
1306 GENERAL_NAME *name;
1307 BIO *biobuf = NULL;
1308 char buf[2048];
1309 char *vptr;
1310 int len;
1311
1312 if (certificate == NULL)
1313 return peer_alt_names;
1314
1315 /* get a memory buffer */
1316 biobuf = BIO_new(BIO_s_mem());
1317 if (biobuf == NULL) {
1318 PyErr_SetString(PySSLErrorObject, "failed to allocate BIO");
1319 return NULL;
1320 }
1321
1322 names = (GENERAL_NAMES *)X509_get_ext_d2i(
1323 certificate, NID_subject_alt_name, NULL, NULL);
1324 if (names != NULL) {
1325 if (peer_alt_names == Py_None) {
1326 peer_alt_names = PyList_New(0);
1327 if (peer_alt_names == NULL)
1328 goto fail;
1329 }
1330
1331 for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
1332 /* get a rendering of each name in the set of names */
1333 int gntype;
1334 ASN1_STRING *as = NULL;
1335
1336 name = sk_GENERAL_NAME_value(names, j);
1337 gntype = name->type;
1338 switch (gntype) {
1339 case GEN_DIRNAME:
1340 /* we special-case DirName as a tuple of
1341 tuples of attributes */
1342
1343 t = PyTuple_New(2);
1344 if (t == NULL) {
1345 goto fail;
1346 }
1347
1348 v = PyUnicode_FromString("DirName");
1349 if (v == NULL) {
1350 Py_DECREF(t);
1351 goto fail;
1352 }
1353 PyTuple_SET_ITEM(t, 0, v);
1354
1355 v = _create_tuple_for_X509_NAME (name->d.dirn);
1356 if (v == NULL) {
1357 Py_DECREF(t);
1358 goto fail;
1359 }
1360 PyTuple_SET_ITEM(t, 1, v);
1361 break;
1362
1363 case GEN_EMAIL:
1364 case GEN_DNS:
1365 case GEN_URI:
1366 /* GENERAL_NAME_print() doesn't handle NULL bytes in ASN1_string
1367 correctly, CVE-2013-4238 */
1368 t = PyTuple_New(2);
1369 if (t == NULL)
1370 goto fail;
1371 switch (gntype) {
1372 case GEN_EMAIL:
1373 v = PyUnicode_FromString("email");
1374 as = name->d.rfc822Name;
1375 break;
1376 case GEN_DNS:
1377 v = PyUnicode_FromString("DNS");
1378 as = name->d.dNSName;
1379 break;
1380 case GEN_URI:
1381 v = PyUnicode_FromString("URI");
1382 as = name->d.uniformResourceIdentifier;
1383 break;
1384 }
1385 if (v == NULL) {
1386 Py_DECREF(t);
1387 goto fail;
1388 }
1389 PyTuple_SET_ITEM(t, 0, v);
1390 v = PyUnicode_FromStringAndSize((char *)ASN1_STRING_get0_data(as),
1391 ASN1_STRING_length(as));
1392 if (v == NULL) {
1393 Py_DECREF(t);
1394 goto fail;
1395 }
1396 PyTuple_SET_ITEM(t, 1, v);
1397 break;
1398
1399 case GEN_RID:
1400 t = PyTuple_New(2);
1401 if (t == NULL)
1402 goto fail;
1403
1404 v = PyUnicode_FromString("Registered ID");
1405 if (v == NULL) {
1406 Py_DECREF(t);
1407 goto fail;
1408 }
1409 PyTuple_SET_ITEM(t, 0, v);
1410
1411 len = i2t_ASN1_OBJECT(buf, sizeof(buf)-1, name->d.rid);
1412 if (len < 0) {
1413 Py_DECREF(t);
1414 _setSSLError(NULL, 0, __FILE__, __LINE__);
1415 goto fail;
1416 } else if (len >= (int)sizeof(buf)) {
1417 v = PyUnicode_FromString("<INVALID>");
1418 } else {
1419 v = PyUnicode_FromStringAndSize(buf, len);
1420 }
1421 if (v == NULL) {
1422 Py_DECREF(t);
1423 goto fail;
1424 }
1425 PyTuple_SET_ITEM(t, 1, v);
1426 break;
1427
1428 case GEN_IPADD:
1429 /* OpenSSL < 3.0.0 adds a trailing \n to IPv6. 3.0.0 removed
1430 * the trailing newline. Remove it in all versions
1431 */
1432 t = PyTuple_New(2);
1433 if (t == NULL)
1434 goto fail;
1435
1436 v = PyUnicode_FromString("IP Address");
1437 if (v == NULL) {
1438 Py_DECREF(t);
1439 goto fail;
1440 }
1441 PyTuple_SET_ITEM(t, 0, v);
1442
1443 if (name->d.ip->length == 4) {
1444 unsigned char *p = name->d.ip->data;
1445 v = PyUnicode_FromFormat(
1446 "%d.%d.%d.%d",
1447 p[0], p[1], p[2], p[3]
1448 );
1449 } else if (name->d.ip->length == 16) {
1450 /* PyUnicode_FromFormat() does not support %X */
1451 unsigned char *p = name->d.ip->data;
1452 len = sprintf(
1453 buf,
1454 "%X:%X:%X:%X:%X:%X:%X:%X",
1455 p[0] << 8 | p[1],
1456 p[2] << 8 | p[3],
1457 p[4] << 8 | p[5],
1458 p[6] << 8 | p[7],
1459 p[8] << 8 | p[9],
1460 p[10] << 8 | p[11],
1461 p[12] << 8 | p[13],
1462 p[14] << 8 | p[15]
1463 );
1464 v = PyUnicode_FromStringAndSize(buf, len);
1465 } else {
1466 v = PyUnicode_FromString("<invalid>");
1467 }
1468
1469 if (v == NULL) {
1470 Py_DECREF(t);
1471 goto fail;
1472 }
1473 PyTuple_SET_ITEM(t, 1, v);
1474 break;
1475
1476 default:
1477 /* for everything else, we use the OpenSSL print form */
1478 switch (gntype) {
1479 /* check for new general name type */
1480 case GEN_OTHERNAME:
1481 case GEN_X400:
1482 case GEN_EDIPARTY:
1483 case GEN_RID:
1484 break;
1485 default:
1486 if (PyErr_WarnFormat(PyExc_RuntimeWarning, 1,
1487 "Unknown general name type %d",
1488 gntype) == -1) {
1489 goto fail;
1490 }
1491 break;
1492 }
1493 (void) BIO_reset(biobuf);
1494 GENERAL_NAME_print(biobuf, name);
1495 len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1496 if (len < 0) {
1497 _setSSLError(NULL, 0, __FILE__, __LINE__);
1498 goto fail;
1499 }
1500 vptr = strchr(buf, ':');
1501 if (vptr == NULL) {
1502 PyErr_Format(PyExc_ValueError,
1503 "Invalid value %.200s",
1504 buf);
1505 goto fail;
1506 }
1507 t = PyTuple_New(2);
1508 if (t == NULL)
1509 goto fail;
1510 v = PyUnicode_FromStringAndSize(buf, (vptr - buf));
1511 if (v == NULL) {
1512 Py_DECREF(t);
1513 goto fail;
1514 }
1515 PyTuple_SET_ITEM(t, 0, v);
1516 v = PyUnicode_FromStringAndSize((vptr + 1),
1517 (len - (vptr - buf + 1)));
1518 if (v == NULL) {
1519 Py_DECREF(t);
1520 goto fail;
1521 }
1522 PyTuple_SET_ITEM(t, 1, v);
1523 break;
1524 }
1525
1526 /* and add that rendering to the list */
1527
1528 if (PyList_Append(peer_alt_names, t) < 0) {
1529 Py_DECREF(t);
1530 goto fail;
1531 }
1532 Py_DECREF(t);
1533 }
1534 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
1535 }
1536 BIO_free(biobuf);
1537 if (peer_alt_names != Py_None) {
1538 v = PyList_AsTuple(peer_alt_names);
1539 Py_DECREF(peer_alt_names);
1540 return v;
1541 } else {
1542 return peer_alt_names;
1543 }
1544
1545
1546 fail:
1547 if (biobuf != NULL)
1548 BIO_free(biobuf);
1549
1550 if (peer_alt_names != Py_None) {
1551 Py_XDECREF(peer_alt_names);
1552 }
1553
1554 return NULL;
1555 }
1556
1557 static PyObject *
_get_aia_uri(X509 * certificate,int nid)1558 _get_aia_uri(X509 *certificate, int nid) {
1559 PyObject *lst = NULL, *ostr = NULL;
1560 int i, result;
1561 AUTHORITY_INFO_ACCESS *info;
1562
1563 info = X509_get_ext_d2i(certificate, NID_info_access, NULL, NULL);
1564 if (info == NULL)
1565 return Py_None;
1566 if (sk_ACCESS_DESCRIPTION_num(info) == 0) {
1567 AUTHORITY_INFO_ACCESS_free(info);
1568 return Py_None;
1569 }
1570
1571 if ((lst = PyList_New(0)) == NULL) {
1572 goto fail;
1573 }
1574
1575 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
1576 ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
1577 ASN1_IA5STRING *uri;
1578
1579 if ((OBJ_obj2nid(ad->method) != nid) ||
1580 (ad->location->type != GEN_URI)) {
1581 continue;
1582 }
1583 uri = ad->location->d.uniformResourceIdentifier;
1584 ostr = PyUnicode_FromStringAndSize((char *)uri->data,
1585 uri->length);
1586 if (ostr == NULL) {
1587 goto fail;
1588 }
1589 result = PyList_Append(lst, ostr);
1590 Py_DECREF(ostr);
1591 if (result < 0) {
1592 goto fail;
1593 }
1594 }
1595 AUTHORITY_INFO_ACCESS_free(info);
1596
1597 /* convert to tuple or None */
1598 if (PyList_Size(lst) == 0) {
1599 Py_DECREF(lst);
1600 return Py_None;
1601 } else {
1602 PyObject *tup;
1603 tup = PyList_AsTuple(lst);
1604 Py_DECREF(lst);
1605 return tup;
1606 }
1607
1608 fail:
1609 AUTHORITY_INFO_ACCESS_free(info);
1610 Py_XDECREF(lst);
1611 return NULL;
1612 }
1613
1614 static PyObject *
_get_crl_dp(X509 * certificate)1615 _get_crl_dp(X509 *certificate) {
1616 STACK_OF(DIST_POINT) *dps;
1617 int i, j;
1618 PyObject *lst, *res = NULL;
1619
1620 dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
1621
1622 if (dps == NULL)
1623 return Py_None;
1624
1625 lst = PyList_New(0);
1626 if (lst == NULL)
1627 goto done;
1628
1629 for (i=0; i < sk_DIST_POINT_num(dps); i++) {
1630 DIST_POINT *dp;
1631 STACK_OF(GENERAL_NAME) *gns;
1632
1633 dp = sk_DIST_POINT_value(dps, i);
1634 if (dp->distpoint == NULL) {
1635 /* Ignore empty DP value, CVE-2019-5010 */
1636 continue;
1637 }
1638 gns = dp->distpoint->name.fullname;
1639
1640 for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {
1641 GENERAL_NAME *gn;
1642 ASN1_IA5STRING *uri;
1643 PyObject *ouri;
1644 int err;
1645
1646 gn = sk_GENERAL_NAME_value(gns, j);
1647 if (gn->type != GEN_URI) {
1648 continue;
1649 }
1650 uri = gn->d.uniformResourceIdentifier;
1651 ouri = PyUnicode_FromStringAndSize((char *)uri->data,
1652 uri->length);
1653 if (ouri == NULL)
1654 goto done;
1655
1656 err = PyList_Append(lst, ouri);
1657 Py_DECREF(ouri);
1658 if (err < 0)
1659 goto done;
1660 }
1661 }
1662
1663 /* Convert to tuple. */
1664 res = (PyList_GET_SIZE(lst) > 0) ? PyList_AsTuple(lst) : Py_None;
1665
1666 done:
1667 Py_XDECREF(lst);
1668 CRL_DIST_POINTS_free(dps);
1669 return res;
1670 }
1671
1672 static PyObject *
_decode_certificate(X509 * certificate)1673 _decode_certificate(X509 *certificate) {
1674
1675 PyObject *retval = NULL;
1676 BIO *biobuf = NULL;
1677 PyObject *peer;
1678 PyObject *peer_alt_names = NULL;
1679 PyObject *issuer;
1680 PyObject *version;
1681 PyObject *sn_obj;
1682 PyObject *obj;
1683 ASN1_INTEGER *serialNumber;
1684 char buf[2048];
1685 int len, result;
1686 const ASN1_TIME *notBefore, *notAfter;
1687 PyObject *pnotBefore, *pnotAfter;
1688
1689 retval = PyDict_New();
1690 if (retval == NULL)
1691 return NULL;
1692
1693 peer = _create_tuple_for_X509_NAME(
1694 X509_get_subject_name(certificate));
1695 if (peer == NULL)
1696 goto fail0;
1697 if (PyDict_SetItemString(retval, (const char *) "subject", peer) < 0) {
1698 Py_DECREF(peer);
1699 goto fail0;
1700 }
1701 Py_DECREF(peer);
1702
1703 issuer = _create_tuple_for_X509_NAME(
1704 X509_get_issuer_name(certificate));
1705 if (issuer == NULL)
1706 goto fail0;
1707 if (PyDict_SetItemString(retval, (const char *)"issuer", issuer) < 0) {
1708 Py_DECREF(issuer);
1709 goto fail0;
1710 }
1711 Py_DECREF(issuer);
1712
1713 version = PyLong_FromLong(X509_get_version(certificate) + 1);
1714 if (version == NULL)
1715 goto fail0;
1716 if (PyDict_SetItemString(retval, "version", version) < 0) {
1717 Py_DECREF(version);
1718 goto fail0;
1719 }
1720 Py_DECREF(version);
1721
1722 /* get a memory buffer */
1723 biobuf = BIO_new(BIO_s_mem());
1724 if (biobuf == NULL) {
1725 PyErr_SetString(PySSLErrorObject, "failed to allocate BIO");
1726 goto fail0;
1727 }
1728
1729 (void) BIO_reset(biobuf);
1730 serialNumber = X509_get_serialNumber(certificate);
1731 /* should not exceed 20 octets, 160 bits, so buf is big enough */
1732 i2a_ASN1_INTEGER(biobuf, serialNumber);
1733 len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1734 if (len < 0) {
1735 _setSSLError(NULL, 0, __FILE__, __LINE__);
1736 goto fail1;
1737 }
1738 sn_obj = PyUnicode_FromStringAndSize(buf, len);
1739 if (sn_obj == NULL)
1740 goto fail1;
1741 if (PyDict_SetItemString(retval, "serialNumber", sn_obj) < 0) {
1742 Py_DECREF(sn_obj);
1743 goto fail1;
1744 }
1745 Py_DECREF(sn_obj);
1746
1747 (void) BIO_reset(biobuf);
1748 notBefore = X509_get0_notBefore(certificate);
1749 ASN1_TIME_print(biobuf, notBefore);
1750 len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1751 if (len < 0) {
1752 _setSSLError(NULL, 0, __FILE__, __LINE__);
1753 goto fail1;
1754 }
1755 pnotBefore = PyUnicode_FromStringAndSize(buf, len);
1756 if (pnotBefore == NULL)
1757 goto fail1;
1758 if (PyDict_SetItemString(retval, "notBefore", pnotBefore) < 0) {
1759 Py_DECREF(pnotBefore);
1760 goto fail1;
1761 }
1762 Py_DECREF(pnotBefore);
1763
1764 (void) BIO_reset(biobuf);
1765 notAfter = X509_get0_notAfter(certificate);
1766 ASN1_TIME_print(biobuf, notAfter);
1767 len = BIO_gets(biobuf, buf, sizeof(buf)-1);
1768 if (len < 0) {
1769 _setSSLError(NULL, 0, __FILE__, __LINE__);
1770 goto fail1;
1771 }
1772 pnotAfter = PyUnicode_FromStringAndSize(buf, len);
1773 if (pnotAfter == NULL)
1774 goto fail1;
1775 if (PyDict_SetItemString(retval, "notAfter", pnotAfter) < 0) {
1776 Py_DECREF(pnotAfter);
1777 goto fail1;
1778 }
1779 Py_DECREF(pnotAfter);
1780
1781 /* Now look for subjectAltName */
1782
1783 peer_alt_names = _get_peer_alt_names(certificate);
1784 if (peer_alt_names == NULL)
1785 goto fail1;
1786 else if (peer_alt_names != Py_None) {
1787 if (PyDict_SetItemString(retval, "subjectAltName",
1788 peer_alt_names) < 0) {
1789 Py_DECREF(peer_alt_names);
1790 goto fail1;
1791 }
1792 Py_DECREF(peer_alt_names);
1793 }
1794
1795 /* Authority Information Access: OCSP URIs */
1796 obj = _get_aia_uri(certificate, NID_ad_OCSP);
1797 if (obj == NULL) {
1798 goto fail1;
1799 } else if (obj != Py_None) {
1800 result = PyDict_SetItemString(retval, "OCSP", obj);
1801 Py_DECREF(obj);
1802 if (result < 0) {
1803 goto fail1;
1804 }
1805 }
1806
1807 obj = _get_aia_uri(certificate, NID_ad_ca_issuers);
1808 if (obj == NULL) {
1809 goto fail1;
1810 } else if (obj != Py_None) {
1811 result = PyDict_SetItemString(retval, "caIssuers", obj);
1812 Py_DECREF(obj);
1813 if (result < 0) {
1814 goto fail1;
1815 }
1816 }
1817
1818 /* CDP (CRL distribution points) */
1819 obj = _get_crl_dp(certificate);
1820 if (obj == NULL) {
1821 goto fail1;
1822 } else if (obj != Py_None) {
1823 result = PyDict_SetItemString(retval, "crlDistributionPoints", obj);
1824 Py_DECREF(obj);
1825 if (result < 0) {
1826 goto fail1;
1827 }
1828 }
1829
1830 BIO_free(biobuf);
1831 return retval;
1832
1833 fail1:
1834 if (biobuf != NULL)
1835 BIO_free(biobuf);
1836 fail0:
1837 Py_XDECREF(retval);
1838 return NULL;
1839 }
1840
1841 static PyObject *
_certificate_to_der(X509 * certificate)1842 _certificate_to_der(X509 *certificate)
1843 {
1844 unsigned char *bytes_buf = NULL;
1845 int len;
1846 PyObject *retval;
1847
1848 bytes_buf = NULL;
1849 len = i2d_X509(certificate, &bytes_buf);
1850 if (len < 0) {
1851 _setSSLError(NULL, 0, __FILE__, __LINE__);
1852 return NULL;
1853 }
1854 /* this is actually an immutable bytes sequence */
1855 retval = PyBytes_FromStringAndSize((const char *) bytes_buf, len);
1856 OPENSSL_free(bytes_buf);
1857 return retval;
1858 }
1859
1860 /*[clinic input]
1861 _ssl._test_decode_cert
1862 path: object(converter="PyUnicode_FSConverter")
1863 /
1864
1865 [clinic start generated code]*/
1866
1867 static PyObject *
_ssl__test_decode_cert_impl(PyObject * module,PyObject * path)1868 _ssl__test_decode_cert_impl(PyObject *module, PyObject *path)
1869 /*[clinic end generated code: output=96becb9abb23c091 input=cdeaaf02d4346628]*/
1870 {
1871 PyObject *retval = NULL;
1872 X509 *x=NULL;
1873 BIO *cert;
1874
1875 if ((cert=BIO_new(BIO_s_file())) == NULL) {
1876 PyErr_SetString(PySSLErrorObject,
1877 "Can't malloc memory to read file");
1878 goto fail0;
1879 }
1880
1881 if (BIO_read_filename(cert, PyBytes_AsString(path)) <= 0) {
1882 PyErr_SetString(PySSLErrorObject,
1883 "Can't open file");
1884 goto fail0;
1885 }
1886
1887 x = PEM_read_bio_X509(cert, NULL, NULL, NULL);
1888 if (x == NULL) {
1889 PyErr_SetString(PySSLErrorObject,
1890 "Error decoding PEM-encoded file");
1891 goto fail0;
1892 }
1893
1894 retval = _decode_certificate(x);
1895 X509_free(x);
1896
1897 fail0:
1898 Py_DECREF(path);
1899 if (cert != NULL) BIO_free(cert);
1900 return retval;
1901 }
1902
1903
1904 /*[clinic input]
1905 _ssl._SSLSocket.getpeercert
1906 der as binary_mode: bool = False
1907 /
1908
1909 Returns the certificate for the peer.
1910
1911 If no certificate was provided, returns None. If a certificate was
1912 provided, but not validated, returns an empty dictionary. Otherwise
1913 returns a dict containing information about the peer certificate.
1914
1915 If the optional argument is True, returns a DER-encoded copy of the
1916 peer certificate, or None if no certificate was provided. This will
1917 return the certificate even if it wasn't validated.
1918 [clinic start generated code]*/
1919
1920 static PyObject *
_ssl__SSLSocket_getpeercert_impl(PySSLSocket * self,int binary_mode)1921 _ssl__SSLSocket_getpeercert_impl(PySSLSocket *self, int binary_mode)
1922 /*[clinic end generated code: output=1f0ab66dfb693c88 input=c0fbe802e57629b7]*/
1923 {
1924 int verification;
1925 X509 *peer_cert;
1926 PyObject *result;
1927
1928 if (!SSL_is_init_finished(self->ssl)) {
1929 PyErr_SetString(PyExc_ValueError,
1930 "handshake not done yet");
1931 return NULL;
1932 }
1933 peer_cert = SSL_get_peer_certificate(self->ssl);
1934 if (peer_cert == NULL)
1935 Py_RETURN_NONE;
1936
1937 if (binary_mode) {
1938 /* return cert in DER-encoded format */
1939 result = _certificate_to_der(peer_cert);
1940 } else {
1941 verification = SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(self->ssl));
1942 if ((verification & SSL_VERIFY_PEER) == 0)
1943 result = PyDict_New();
1944 else
1945 result = _decode_certificate(peer_cert);
1946 }
1947 X509_free(peer_cert);
1948 return result;
1949 }
1950
1951 static PyObject *
cipher_to_tuple(const SSL_CIPHER * cipher)1952 cipher_to_tuple(const SSL_CIPHER *cipher)
1953 {
1954 const char *cipher_name, *cipher_protocol;
1955 PyObject *v, *retval = PyTuple_New(3);
1956 if (retval == NULL)
1957 return NULL;
1958
1959 cipher_name = SSL_CIPHER_get_name(cipher);
1960 if (cipher_name == NULL) {
1961 Py_INCREF(Py_None);
1962 PyTuple_SET_ITEM(retval, 0, Py_None);
1963 } else {
1964 v = PyUnicode_FromString(cipher_name);
1965 if (v == NULL)
1966 goto fail;
1967 PyTuple_SET_ITEM(retval, 0, v);
1968 }
1969
1970 cipher_protocol = SSL_CIPHER_get_version(cipher);
1971 if (cipher_protocol == NULL) {
1972 Py_INCREF(Py_None);
1973 PyTuple_SET_ITEM(retval, 1, Py_None);
1974 } else {
1975 v = PyUnicode_FromString(cipher_protocol);
1976 if (v == NULL)
1977 goto fail;
1978 PyTuple_SET_ITEM(retval, 1, v);
1979 }
1980
1981 v = PyLong_FromLong(SSL_CIPHER_get_bits(cipher, NULL));
1982 if (v == NULL)
1983 goto fail;
1984 PyTuple_SET_ITEM(retval, 2, v);
1985
1986 return retval;
1987
1988 fail:
1989 Py_DECREF(retval);
1990 return NULL;
1991 }
1992
1993 #if OPENSSL_VERSION_NUMBER >= 0x10002000UL
1994 static PyObject *
cipher_to_dict(const SSL_CIPHER * cipher)1995 cipher_to_dict(const SSL_CIPHER *cipher)
1996 {
1997 const char *cipher_name, *cipher_protocol;
1998
1999 unsigned long cipher_id;
2000 int alg_bits, strength_bits, len;
2001 char buf[512] = {0};
2002 #if OPENSSL_VERSION_1_1
2003 int aead, nid;
2004 const char *skcipher = NULL, *digest = NULL, *kx = NULL, *auth = NULL;
2005 #endif
2006
2007 /* can be NULL */
2008 cipher_name = SSL_CIPHER_get_name(cipher);
2009 cipher_protocol = SSL_CIPHER_get_version(cipher);
2010 cipher_id = SSL_CIPHER_get_id(cipher);
2011 SSL_CIPHER_description(cipher, buf, sizeof(buf) - 1);
2012 /* Downcast to avoid a warning. Safe since buf is always 512 bytes */
2013 len = (int)strlen(buf);
2014 if (len > 1 && buf[len-1] == '\n')
2015 buf[len-1] = '\0';
2016 strength_bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
2017
2018 #if OPENSSL_VERSION_1_1
2019 aead = SSL_CIPHER_is_aead(cipher);
2020 nid = SSL_CIPHER_get_cipher_nid(cipher);
2021 skcipher = nid != NID_undef ? OBJ_nid2ln(nid) : NULL;
2022 nid = SSL_CIPHER_get_digest_nid(cipher);
2023 digest = nid != NID_undef ? OBJ_nid2ln(nid) : NULL;
2024 nid = SSL_CIPHER_get_kx_nid(cipher);
2025 kx = nid != NID_undef ? OBJ_nid2ln(nid) : NULL;
2026 nid = SSL_CIPHER_get_auth_nid(cipher);
2027 auth = nid != NID_undef ? OBJ_nid2ln(nid) : NULL;
2028 #endif
2029
2030 return Py_BuildValue(
2031 "{sksssssssisi"
2032 #if OPENSSL_VERSION_1_1
2033 "sOssssssss"
2034 #endif
2035 "}",
2036 "id", cipher_id,
2037 "name", cipher_name,
2038 "protocol", cipher_protocol,
2039 "description", buf,
2040 "strength_bits", strength_bits,
2041 "alg_bits", alg_bits
2042 #if OPENSSL_VERSION_1_1
2043 ,"aead", aead ? Py_True : Py_False,
2044 "symmetric", skcipher,
2045 "digest", digest,
2046 "kea", kx,
2047 "auth", auth
2048 #endif
2049 );
2050 }
2051 #endif
2052
2053 /*[clinic input]
2054 _ssl._SSLSocket.shared_ciphers
2055 [clinic start generated code]*/
2056
2057 static PyObject *
_ssl__SSLSocket_shared_ciphers_impl(PySSLSocket * self)2058 _ssl__SSLSocket_shared_ciphers_impl(PySSLSocket *self)
2059 /*[clinic end generated code: output=3d174ead2e42c4fd input=0bfe149da8fe6306]*/
2060 {
2061 STACK_OF(SSL_CIPHER) *ciphers;
2062 int i;
2063 PyObject *res;
2064
2065 ciphers = SSL_get_ciphers(self->ssl);
2066 if (!ciphers)
2067 Py_RETURN_NONE;
2068 res = PyList_New(sk_SSL_CIPHER_num(ciphers));
2069 if (!res)
2070 return NULL;
2071 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
2072 PyObject *tup = cipher_to_tuple(sk_SSL_CIPHER_value(ciphers, i));
2073 if (!tup) {
2074 Py_DECREF(res);
2075 return NULL;
2076 }
2077 PyList_SET_ITEM(res, i, tup);
2078 }
2079 return res;
2080 }
2081
2082 /*[clinic input]
2083 _ssl._SSLSocket.cipher
2084 [clinic start generated code]*/
2085
2086 static PyObject *
_ssl__SSLSocket_cipher_impl(PySSLSocket * self)2087 _ssl__SSLSocket_cipher_impl(PySSLSocket *self)
2088 /*[clinic end generated code: output=376417c16d0e5815 input=548fb0e27243796d]*/
2089 {
2090 const SSL_CIPHER *current;
2091
2092 if (self->ssl == NULL)
2093 Py_RETURN_NONE;
2094 current = SSL_get_current_cipher(self->ssl);
2095 if (current == NULL)
2096 Py_RETURN_NONE;
2097 return cipher_to_tuple(current);
2098 }
2099
2100 /*[clinic input]
2101 _ssl._SSLSocket.version
2102 [clinic start generated code]*/
2103
2104 static PyObject *
_ssl__SSLSocket_version_impl(PySSLSocket * self)2105 _ssl__SSLSocket_version_impl(PySSLSocket *self)
2106 /*[clinic end generated code: output=178aed33193b2cdb input=900186a503436fd6]*/
2107 {
2108 const char *version;
2109
2110 if (self->ssl == NULL)
2111 Py_RETURN_NONE;
2112 if (!SSL_is_init_finished(self->ssl)) {
2113 /* handshake not finished */
2114 Py_RETURN_NONE;
2115 }
2116 version = SSL_get_version(self->ssl);
2117 if (!strcmp(version, "unknown"))
2118 Py_RETURN_NONE;
2119 return PyUnicode_FromString(version);
2120 }
2121
2122 #if HAVE_NPN
2123 /*[clinic input]
2124 _ssl._SSLSocket.selected_npn_protocol
2125 [clinic start generated code]*/
2126
2127 static PyObject *
_ssl__SSLSocket_selected_npn_protocol_impl(PySSLSocket * self)2128 _ssl__SSLSocket_selected_npn_protocol_impl(PySSLSocket *self)
2129 /*[clinic end generated code: output=b91d494cd207ecf6 input=c28fde139204b826]*/
2130 {
2131 const unsigned char *out;
2132 unsigned int outlen;
2133
2134 SSL_get0_next_proto_negotiated(self->ssl,
2135 &out, &outlen);
2136
2137 if (out == NULL)
2138 Py_RETURN_NONE;
2139 return PyUnicode_FromStringAndSize((char *)out, outlen);
2140 }
2141 #endif
2142
2143 #if HAVE_ALPN
2144 /*[clinic input]
2145 _ssl._SSLSocket.selected_alpn_protocol
2146 [clinic start generated code]*/
2147
2148 static PyObject *
_ssl__SSLSocket_selected_alpn_protocol_impl(PySSLSocket * self)2149 _ssl__SSLSocket_selected_alpn_protocol_impl(PySSLSocket *self)
2150 /*[clinic end generated code: output=ec33688b303d250f input=442de30e35bc2913]*/
2151 {
2152 const unsigned char *out;
2153 unsigned int outlen;
2154
2155 SSL_get0_alpn_selected(self->ssl, &out, &outlen);
2156
2157 if (out == NULL)
2158 Py_RETURN_NONE;
2159 return PyUnicode_FromStringAndSize((char *)out, outlen);
2160 }
2161 #endif
2162
2163 /*[clinic input]
2164 _ssl._SSLSocket.compression
2165 [clinic start generated code]*/
2166
2167 static PyObject *
_ssl__SSLSocket_compression_impl(PySSLSocket * self)2168 _ssl__SSLSocket_compression_impl(PySSLSocket *self)
2169 /*[clinic end generated code: output=bd16cb1bb4646ae7 input=5d059d0a2bbc32c8]*/
2170 {
2171 #ifdef OPENSSL_NO_COMP
2172 Py_RETURN_NONE;
2173 #else
2174 const COMP_METHOD *comp_method;
2175 const char *short_name;
2176
2177 if (self->ssl == NULL)
2178 Py_RETURN_NONE;
2179 comp_method = SSL_get_current_compression(self->ssl);
2180 if (comp_method == NULL || COMP_get_type(comp_method) == NID_undef)
2181 Py_RETURN_NONE;
2182 short_name = OBJ_nid2sn(COMP_get_type(comp_method));
2183 if (short_name == NULL)
2184 Py_RETURN_NONE;
2185 return PyUnicode_DecodeFSDefault(short_name);
2186 #endif
2187 }
2188
PySSL_get_context(PySSLSocket * self,void * closure)2189 static PySSLContext *PySSL_get_context(PySSLSocket *self, void *closure) {
2190 Py_INCREF(self->ctx);
2191 return self->ctx;
2192 }
2193
PySSL_set_context(PySSLSocket * self,PyObject * value,void * closure)2194 static int PySSL_set_context(PySSLSocket *self, PyObject *value,
2195 void *closure) {
2196
2197 if (PyObject_TypeCheck(value, &PySSLContext_Type)) {
2198 #if !HAVE_SNI
2199 PyErr_SetString(PyExc_NotImplementedError, "setting a socket's "
2200 "context is not supported by your OpenSSL library");
2201 return -1;
2202 #else
2203 Py_INCREF(value);
2204 Py_SETREF(self->ctx, (PySSLContext *)value);
2205 SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
2206 #endif
2207 } else {
2208 PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext");
2209 return -1;
2210 }
2211
2212 return 0;
2213 }
2214
2215 PyDoc_STRVAR(PySSL_set_context_doc,
2216 "_setter_context(ctx)\n\
2217 \
2218 This changes the context associated with the SSLSocket. This is typically\n\
2219 used from within a callback function set by the sni_callback\n\
2220 on the SSLContext to change the certificate information associated with the\n\
2221 SSLSocket before the cryptographic exchange handshake messages\n");
2222
2223
2224 static PyObject *
PySSL_get_server_side(PySSLSocket * self,void * c)2225 PySSL_get_server_side(PySSLSocket *self, void *c)
2226 {
2227 return PyBool_FromLong(self->socket_type == PY_SSL_SERVER);
2228 }
2229
2230 PyDoc_STRVAR(PySSL_get_server_side_doc,
2231 "Whether this is a server-side socket.");
2232
2233 static PyObject *
PySSL_get_server_hostname(PySSLSocket * self,void * c)2234 PySSL_get_server_hostname(PySSLSocket *self, void *c)
2235 {
2236 if (self->server_hostname == NULL)
2237 Py_RETURN_NONE;
2238 Py_INCREF(self->server_hostname);
2239 return self->server_hostname;
2240 }
2241
2242 PyDoc_STRVAR(PySSL_get_server_hostname_doc,
2243 "The currently set server hostname (for SNI).");
2244
2245 static PyObject *
PySSL_get_owner(PySSLSocket * self,void * c)2246 PySSL_get_owner(PySSLSocket *self, void *c)
2247 {
2248 PyObject *owner;
2249
2250 if (self->owner == NULL)
2251 Py_RETURN_NONE;
2252
2253 owner = PyWeakref_GetObject(self->owner);
2254 Py_INCREF(owner);
2255 return owner;
2256 }
2257
2258 static int
PySSL_set_owner(PySSLSocket * self,PyObject * value,void * c)2259 PySSL_set_owner(PySSLSocket *self, PyObject *value, void *c)
2260 {
2261 Py_XSETREF(self->owner, PyWeakref_NewRef(value, NULL));
2262 if (self->owner == NULL)
2263 return -1;
2264 return 0;
2265 }
2266
2267 PyDoc_STRVAR(PySSL_get_owner_doc,
2268 "The Python-level owner of this object.\
2269 Passed as \"self\" in servername callback.");
2270
2271 static int
PySSL_traverse(PySSLSocket * self,visitproc visit,void * arg)2272 PySSL_traverse(PySSLSocket *self, visitproc visit, void *arg)
2273 {
2274 Py_VISIT(self->exc_type);
2275 Py_VISIT(self->exc_value);
2276 Py_VISIT(self->exc_tb);
2277 return 0;
2278 }
2279
2280 static int
PySSL_clear(PySSLSocket * self)2281 PySSL_clear(PySSLSocket *self)
2282 {
2283 Py_CLEAR(self->exc_type);
2284 Py_CLEAR(self->exc_value);
2285 Py_CLEAR(self->exc_tb);
2286 return 0;
2287 }
2288
2289 static void
PySSL_dealloc(PySSLSocket * self)2290 PySSL_dealloc(PySSLSocket *self)
2291 {
2292 if (self->ssl)
2293 SSL_free(self->ssl);
2294 Py_XDECREF(self->Socket);
2295 Py_XDECREF(self->ctx);
2296 Py_XDECREF(self->server_hostname);
2297 Py_XDECREF(self->owner);
2298 PyObject_Del(self);
2299 }
2300
2301 /* If the socket has a timeout, do a select()/poll() on the socket.
2302 The argument writing indicates the direction.
2303 Returns one of the possibilities in the timeout_state enum (above).
2304 */
2305
2306 static int
PySSL_select(PySocketSockObject * s,int writing,_PyTime_t timeout)2307 PySSL_select(PySocketSockObject *s, int writing, _PyTime_t timeout)
2308 {
2309 int rc;
2310 #ifdef HAVE_POLL
2311 struct pollfd pollfd;
2312 _PyTime_t ms;
2313 #else
2314 int nfds;
2315 fd_set fds;
2316 struct timeval tv;
2317 #endif
2318
2319 /* Nothing to do unless we're in timeout mode (not non-blocking) */
2320 if ((s == NULL) || (timeout == 0))
2321 return SOCKET_IS_NONBLOCKING;
2322 else if (timeout < 0) {
2323 if (s->sock_timeout > 0)
2324 return SOCKET_HAS_TIMED_OUT;
2325 else
2326 return SOCKET_IS_BLOCKING;
2327 }
2328
2329 /* Guard against closed socket */
2330 if (s->sock_fd == INVALID_SOCKET)
2331 return SOCKET_HAS_BEEN_CLOSED;
2332
2333 /* Prefer poll, if available, since you can poll() any fd
2334 * which can't be done with select(). */
2335 #ifdef HAVE_POLL
2336 pollfd.fd = s->sock_fd;
2337 pollfd.events = writing ? POLLOUT : POLLIN;
2338
2339 /* timeout is in seconds, poll() uses milliseconds */
2340 ms = (int)_PyTime_AsMilliseconds(timeout, _PyTime_ROUND_CEILING);
2341 assert(ms <= INT_MAX);
2342
2343 PySSL_BEGIN_ALLOW_THREADS
2344 rc = poll(&pollfd, 1, (int)ms);
2345 PySSL_END_ALLOW_THREADS
2346 #else
2347 /* Guard against socket too large for select*/
2348 if (!_PyIsSelectable_fd(s->sock_fd))
2349 return SOCKET_TOO_LARGE_FOR_SELECT;
2350
2351 _PyTime_AsTimeval_noraise(timeout, &tv, _PyTime_ROUND_CEILING);
2352
2353 FD_ZERO(&fds);
2354 FD_SET(s->sock_fd, &fds);
2355
2356 /* Wait until the socket becomes ready */
2357 PySSL_BEGIN_ALLOW_THREADS
2358 nfds = Py_SAFE_DOWNCAST(s->sock_fd+1, SOCKET_T, int);
2359 if (writing)
2360 rc = select(nfds, NULL, &fds, NULL, &tv);
2361 else
2362 rc = select(nfds, &fds, NULL, NULL, &tv);
2363 PySSL_END_ALLOW_THREADS
2364 #endif
2365
2366 /* Return SOCKET_TIMED_OUT on timeout, SOCKET_OPERATION_OK otherwise
2367 (when we are able to write or when there's something to read) */
2368 return rc == 0 ? SOCKET_HAS_TIMED_OUT : SOCKET_OPERATION_OK;
2369 }
2370
2371 /*[clinic input]
2372 _ssl._SSLSocket.write
2373 b: Py_buffer
2374 /
2375
2376 Writes the bytes-like object b into the SSL object.
2377
2378 Returns the number of bytes written.
2379 [clinic start generated code]*/
2380
2381 static PyObject *
_ssl__SSLSocket_write_impl(PySSLSocket * self,Py_buffer * b)2382 _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b)
2383 /*[clinic end generated code: output=aa7a6be5527358d8 input=77262d994fe5100a]*/
2384 {
2385 int len;
2386 int sockstate;
2387 _PySSLError err;
2388 int nonblocking;
2389 PySocketSockObject *sock = GET_SOCKET(self);
2390 _PyTime_t timeout, deadline = 0;
2391 int has_timeout;
2392
2393 if (sock != NULL) {
2394 if (((PyObject*)sock) == Py_None) {
2395 _setSSLError("Underlying socket connection gone",
2396 PY_SSL_ERROR_NO_SOCKET, __FILE__, __LINE__);
2397 return NULL;
2398 }
2399 Py_INCREF(sock);
2400 }
2401
2402 if (b->len > INT_MAX) {
2403 PyErr_Format(PyExc_OverflowError,
2404 "string longer than %d bytes", INT_MAX);
2405 goto error;
2406 }
2407
2408 if (sock != NULL) {
2409 /* just in case the blocking state of the socket has been changed */
2410 nonblocking = (sock->sock_timeout >= 0);
2411 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
2412 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
2413 }
2414
2415 timeout = GET_SOCKET_TIMEOUT(sock);
2416 has_timeout = (timeout > 0);
2417 if (has_timeout)
2418 deadline = _PyTime_GetMonotonicClock() + timeout;
2419
2420 sockstate = PySSL_select(sock, 1, timeout);
2421 if (sockstate == SOCKET_HAS_TIMED_OUT) {
2422 PyErr_SetString(PySocketModule.timeout_error,
2423 "The write operation timed out");
2424 goto error;
2425 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
2426 PyErr_SetString(PySSLErrorObject,
2427 "Underlying socket has been closed.");
2428 goto error;
2429 } else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
2430 PyErr_SetString(PySSLErrorObject,
2431 "Underlying socket too large for select().");
2432 goto error;
2433 }
2434
2435 do {
2436 PySSL_BEGIN_ALLOW_THREADS
2437 len = SSL_write(self->ssl, b->buf, (int)b->len);
2438 err = _PySSL_errno(len <= 0, self->ssl, len);
2439 PySSL_END_ALLOW_THREADS
2440 self->err = err;
2441
2442 if (PyErr_CheckSignals())
2443 goto error;
2444
2445 if (has_timeout)
2446 timeout = deadline - _PyTime_GetMonotonicClock();
2447
2448 if (err.ssl == SSL_ERROR_WANT_READ) {
2449 sockstate = PySSL_select(sock, 0, timeout);
2450 } else if (err.ssl == SSL_ERROR_WANT_WRITE) {
2451 sockstate = PySSL_select(sock, 1, timeout);
2452 } else {
2453 sockstate = SOCKET_OPERATION_OK;
2454 }
2455
2456 if (sockstate == SOCKET_HAS_TIMED_OUT) {
2457 PyErr_SetString(PySocketModule.timeout_error,
2458 "The write operation timed out");
2459 goto error;
2460 } else if (sockstate == SOCKET_HAS_BEEN_CLOSED) {
2461 PyErr_SetString(PySSLErrorObject,
2462 "Underlying socket has been closed.");
2463 goto error;
2464 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
2465 break;
2466 }
2467 } while (err.ssl == SSL_ERROR_WANT_READ ||
2468 err.ssl == SSL_ERROR_WANT_WRITE);
2469
2470 Py_XDECREF(sock);
2471 if (len <= 0)
2472 return PySSL_SetError(self, len, __FILE__, __LINE__);
2473 if (PySSL_ChainExceptions(self) < 0)
2474 return NULL;
2475 return PyLong_FromLong(len);
2476 error:
2477 Py_XDECREF(sock);
2478 PySSL_ChainExceptions(self);
2479 return NULL;
2480 }
2481
2482 /*[clinic input]
2483 _ssl._SSLSocket.pending
2484
2485 Returns the number of already decrypted bytes available for read, pending on the connection.
2486 [clinic start generated code]*/
2487
2488 static PyObject *
_ssl__SSLSocket_pending_impl(PySSLSocket * self)2489 _ssl__SSLSocket_pending_impl(PySSLSocket *self)
2490 /*[clinic end generated code: output=983d9fecdc308a83 input=2b77487d6dfd597f]*/
2491 {
2492 int count = 0;
2493 _PySSLError err;
2494
2495 PySSL_BEGIN_ALLOW_THREADS
2496 count = SSL_pending(self->ssl);
2497 err = _PySSL_errno(count < 0, self->ssl, count);
2498 PySSL_END_ALLOW_THREADS
2499 self->err = err;
2500
2501 if (count < 0)
2502 return PySSL_SetError(self, count, __FILE__, __LINE__);
2503 else
2504 return PyLong_FromLong(count);
2505 }
2506
2507 /*[clinic input]
2508 _ssl._SSLSocket.read
2509 size as len: int
2510 [
2511 buffer: Py_buffer(accept={rwbuffer})
2512 ]
2513 /
2514
2515 Read up to size bytes from the SSL socket.
2516 [clinic start generated code]*/
2517
2518 static PyObject *
_ssl__SSLSocket_read_impl(PySSLSocket * self,int len,int group_right_1,Py_buffer * buffer)2519 _ssl__SSLSocket_read_impl(PySSLSocket *self, int len, int group_right_1,
2520 Py_buffer *buffer)
2521 /*[clinic end generated code: output=00097776cec2a0af input=ff157eb918d0905b]*/
2522 {
2523 PyObject *dest = NULL;
2524 char *mem;
2525 int count;
2526 int sockstate;
2527 _PySSLError err;
2528 int nonblocking;
2529 PySocketSockObject *sock = GET_SOCKET(self);
2530 _PyTime_t timeout, deadline = 0;
2531 int has_timeout;
2532
2533 if (!group_right_1 && len < 0) {
2534 PyErr_SetString(PyExc_ValueError, "size should not be negative");
2535 return NULL;
2536 }
2537
2538 if (sock != NULL) {
2539 if (((PyObject*)sock) == Py_None) {
2540 _setSSLError("Underlying socket connection gone",
2541 PY_SSL_ERROR_NO_SOCKET, __FILE__, __LINE__);
2542 return NULL;
2543 }
2544 Py_INCREF(sock);
2545 }
2546
2547 if (!group_right_1) {
2548 dest = PyBytes_FromStringAndSize(NULL, len);
2549 if (dest == NULL)
2550 goto error;
2551 if (len == 0) {
2552 Py_XDECREF(sock);
2553 return dest;
2554 }
2555 mem = PyBytes_AS_STRING(dest);
2556 }
2557 else {
2558 mem = buffer->buf;
2559 if (len <= 0 || len > buffer->len) {
2560 len = (int) buffer->len;
2561 if (buffer->len != len) {
2562 PyErr_SetString(PyExc_OverflowError,
2563 "maximum length can't fit in a C 'int'");
2564 goto error;
2565 }
2566 if (len == 0) {
2567 count = 0;
2568 goto done;
2569 }
2570 }
2571 }
2572
2573 if (sock != NULL) {
2574 /* just in case the blocking state of the socket has been changed */
2575 nonblocking = (sock->sock_timeout >= 0);
2576 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
2577 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
2578 }
2579
2580 timeout = GET_SOCKET_TIMEOUT(sock);
2581 has_timeout = (timeout > 0);
2582 if (has_timeout)
2583 deadline = _PyTime_GetMonotonicClock() + timeout;
2584
2585 do {
2586 PySSL_BEGIN_ALLOW_THREADS
2587 count = SSL_read(self->ssl, mem, len);
2588 err = _PySSL_errno(count <= 0, self->ssl, count);
2589 PySSL_END_ALLOW_THREADS
2590 self->err = err;
2591
2592 if (PyErr_CheckSignals())
2593 goto error;
2594
2595 if (has_timeout)
2596 timeout = deadline - _PyTime_GetMonotonicClock();
2597
2598 if (err.ssl == SSL_ERROR_WANT_READ) {
2599 sockstate = PySSL_select(sock, 0, timeout);
2600 } else if (err.ssl == SSL_ERROR_WANT_WRITE) {
2601 sockstate = PySSL_select(sock, 1, timeout);
2602 } else if (err.ssl == SSL_ERROR_ZERO_RETURN &&
2603 SSL_get_shutdown(self->ssl) == SSL_RECEIVED_SHUTDOWN)
2604 {
2605 count = 0;
2606 goto done;
2607 }
2608 else
2609 sockstate = SOCKET_OPERATION_OK;
2610
2611 if (sockstate == SOCKET_HAS_TIMED_OUT) {
2612 PyErr_SetString(PySocketModule.timeout_error,
2613 "The read operation timed out");
2614 goto error;
2615 } else if (sockstate == SOCKET_IS_NONBLOCKING) {
2616 break;
2617 }
2618 } while (err.ssl == SSL_ERROR_WANT_READ ||
2619 err.ssl == SSL_ERROR_WANT_WRITE);
2620
2621 if (count <= 0) {
2622 PySSL_SetError(self, count, __FILE__, __LINE__);
2623 goto error;
2624 }
2625 if (self->exc_type != NULL)
2626 goto error;
2627
2628 done:
2629 Py_XDECREF(sock);
2630 if (!group_right_1) {
2631 _PyBytes_Resize(&dest, count);
2632 return dest;
2633 }
2634 else {
2635 return PyLong_FromLong(count);
2636 }
2637
2638 error:
2639 PySSL_ChainExceptions(self);
2640 Py_XDECREF(sock);
2641 if (!group_right_1)
2642 Py_XDECREF(dest);
2643 return NULL;
2644 }
2645
2646 /*[clinic input]
2647 _ssl._SSLSocket.shutdown
2648
2649 Does the SSL shutdown handshake with the remote end.
2650 [clinic start generated code]*/
2651
2652 static PyObject *
_ssl__SSLSocket_shutdown_impl(PySSLSocket * self)2653 _ssl__SSLSocket_shutdown_impl(PySSLSocket *self)
2654 /*[clinic end generated code: output=ca1aa7ed9d25ca42 input=11d39e69b0a2bf4a]*/
2655 {
2656 _PySSLError err;
2657 int sockstate, nonblocking, ret;
2658 int zeros = 0;
2659 PySocketSockObject *sock = GET_SOCKET(self);
2660 _PyTime_t timeout, deadline = 0;
2661 int has_timeout;
2662
2663 if (sock != NULL) {
2664 /* Guard against closed socket */
2665 if ((((PyObject*)sock) == Py_None) || (sock->sock_fd == INVALID_SOCKET)) {
2666 _setSSLError("Underlying socket connection gone",
2667 PY_SSL_ERROR_NO_SOCKET, __FILE__, __LINE__);
2668 return NULL;
2669 }
2670 Py_INCREF(sock);
2671
2672 /* Just in case the blocking state of the socket has been changed */
2673 nonblocking = (sock->sock_timeout >= 0);
2674 BIO_set_nbio(SSL_get_rbio(self->ssl), nonblocking);
2675 BIO_set_nbio(SSL_get_wbio(self->ssl), nonblocking);
2676 }
2677
2678 timeout = GET_SOCKET_TIMEOUT(sock);
2679 has_timeout = (timeout > 0);
2680 if (has_timeout)
2681 deadline = _PyTime_GetMonotonicClock() + timeout;
2682
2683 while (1) {
2684 PySSL_BEGIN_ALLOW_THREADS
2685 /* Disable read-ahead so that unwrap can work correctly.
2686 * Otherwise OpenSSL might read in too much data,
2687 * eating clear text data that happens to be
2688 * transmitted after the SSL shutdown.
2689 * Should be safe to call repeatedly every time this
2690 * function is used and the shutdown_seen_zero != 0
2691 * condition is met.
2692 */
2693 if (self->shutdown_seen_zero)
2694 SSL_set_read_ahead(self->ssl, 0);
2695 ret = SSL_shutdown(self->ssl);
2696 err = _PySSL_errno(ret < 0, self->ssl, ret);
2697 PySSL_END_ALLOW_THREADS
2698 self->err = err;
2699
2700 /* If err == 1, a secure shutdown with SSL_shutdown() is complete */
2701 if (ret > 0)
2702 break;
2703 if (ret == 0) {
2704 /* Don't loop endlessly; instead preserve legacy
2705 behaviour of trying SSL_shutdown() only twice.
2706 This looks necessary for OpenSSL < 0.9.8m */
2707 if (++zeros > 1)
2708 break;
2709 /* Shutdown was sent, now try receiving */
2710 self->shutdown_seen_zero = 1;
2711 continue;
2712 }
2713
2714 if (has_timeout)
2715 timeout = deadline - _PyTime_GetMonotonicClock();
2716
2717 /* Possibly retry shutdown until timeout or failure */
2718 if (err.ssl == SSL_ERROR_WANT_READ)
2719 sockstate = PySSL_select(sock, 0, timeout);
2720 else if (err.ssl == SSL_ERROR_WANT_WRITE)
2721 sockstate = PySSL_select(sock, 1, timeout);
2722 else
2723 break;
2724
2725 if (sockstate == SOCKET_HAS_TIMED_OUT) {
2726 if (err.ssl == SSL_ERROR_WANT_READ)
2727 PyErr_SetString(PySocketModule.timeout_error,
2728 "The read operation timed out");
2729 else
2730 PyErr_SetString(PySocketModule.timeout_error,
2731 "The write operation timed out");
2732 goto error;
2733 }
2734 else if (sockstate == SOCKET_TOO_LARGE_FOR_SELECT) {
2735 PyErr_SetString(PySSLErrorObject,
2736 "Underlying socket too large for select().");
2737 goto error;
2738 }
2739 else if (sockstate != SOCKET_OPERATION_OK)
2740 /* Retain the SSL error code */
2741 break;
2742 }
2743 if (ret < 0) {
2744 Py_XDECREF(sock);
2745 PySSL_SetError(self, ret, __FILE__, __LINE__);
2746 return NULL;
2747 }
2748 if (self->exc_type != NULL)
2749 goto error;
2750 if (sock)
2751 /* It's already INCREF'ed */
2752 return (PyObject *) sock;
2753 else
2754 Py_RETURN_NONE;
2755
2756 error:
2757 Py_XDECREF(sock);
2758 PySSL_ChainExceptions(self);
2759 return NULL;
2760 }
2761
2762 /*[clinic input]
2763 _ssl._SSLSocket.get_channel_binding
2764 cb_type: str = "tls-unique"
2765
2766 Get channel binding data for current connection.
2767
2768 Raise ValueError if the requested `cb_type` is not supported. Return bytes
2769 of the data or None if the data is not available (e.g. before the handshake).
2770 Only 'tls-unique' channel binding data from RFC 5929 is supported.
2771 [clinic start generated code]*/
2772
2773 static PyObject *
_ssl__SSLSocket_get_channel_binding_impl(PySSLSocket * self,const char * cb_type)2774 _ssl__SSLSocket_get_channel_binding_impl(PySSLSocket *self,
2775 const char *cb_type)
2776 /*[clinic end generated code: output=34bac9acb6a61d31 input=08b7e43b99c17d41]*/
2777 {
2778 char buf[PySSL_CB_MAXLEN];
2779 size_t len;
2780
2781 if (strcmp(cb_type, "tls-unique") == 0) {
2782 if (SSL_session_reused(self->ssl) ^ !self->socket_type) {
2783 /* if session is resumed XOR we are the client */
2784 len = SSL_get_finished(self->ssl, buf, PySSL_CB_MAXLEN);
2785 }
2786 else {
2787 /* if a new session XOR we are the server */
2788 len = SSL_get_peer_finished(self->ssl, buf, PySSL_CB_MAXLEN);
2789 }
2790 }
2791 else {
2792 PyErr_Format(
2793 PyExc_ValueError,
2794 "'%s' channel binding type not implemented",
2795 cb_type
2796 );
2797 return NULL;
2798 }
2799
2800 /* It cannot be negative in current OpenSSL version as of July 2011 */
2801 if (len == 0)
2802 Py_RETURN_NONE;
2803
2804 return PyBytes_FromStringAndSize(buf, len);
2805 }
2806
2807 /*[clinic input]
2808 _ssl._SSLSocket.verify_client_post_handshake
2809
2810 Initiate TLS 1.3 post-handshake authentication
2811 [clinic start generated code]*/
2812
2813 static PyObject *
_ssl__SSLSocket_verify_client_post_handshake_impl(PySSLSocket * self)2814 _ssl__SSLSocket_verify_client_post_handshake_impl(PySSLSocket *self)
2815 /*[clinic end generated code: output=532147f3b1341425 input=6bfa874810a3d889]*/
2816 {
2817 #ifdef TLS1_3_VERSION
2818 int err = SSL_verify_client_post_handshake(self->ssl);
2819 if (err == 0)
2820 return _setSSLError(NULL, 0, __FILE__, __LINE__);
2821 else
2822 Py_RETURN_NONE;
2823 #else
2824 PyErr_SetString(PyExc_NotImplementedError,
2825 "Post-handshake auth is not supported by your "
2826 "OpenSSL version.");
2827 return NULL;
2828 #endif
2829 }
2830
2831 #ifdef OPENSSL_VERSION_1_1
2832
2833 static SSL_SESSION*
_ssl_session_dup(SSL_SESSION * session)2834 _ssl_session_dup(SSL_SESSION *session) {
2835 SSL_SESSION *newsession = NULL;
2836 int slen;
2837 unsigned char *senc = NULL, *p;
2838 const unsigned char *const_p;
2839
2840 if (session == NULL) {
2841 PyErr_SetString(PyExc_ValueError, "Invalid session");
2842 goto error;
2843 }
2844
2845 /* get length */
2846 slen = i2d_SSL_SESSION(session, NULL);
2847 if (slen == 0 || slen > 0xFF00) {
2848 PyErr_SetString(PyExc_ValueError, "i2d() failed.");
2849 goto error;
2850 }
2851 if ((senc = PyMem_Malloc(slen)) == NULL) {
2852 PyErr_NoMemory();
2853 goto error;
2854 }
2855 p = senc;
2856 if (!i2d_SSL_SESSION(session, &p)) {
2857 PyErr_SetString(PyExc_ValueError, "i2d() failed.");
2858 goto error;
2859 }
2860 const_p = senc;
2861 newsession = d2i_SSL_SESSION(NULL, &const_p, slen);
2862 if (session == NULL) {
2863 goto error;
2864 }
2865 PyMem_Free(senc);
2866 return newsession;
2867 error:
2868 if (senc != NULL) {
2869 PyMem_Free(senc);
2870 }
2871 return NULL;
2872 }
2873 #endif
2874
2875 static PyObject *
PySSL_get_session(PySSLSocket * self,void * closure)2876 PySSL_get_session(PySSLSocket *self, void *closure) {
2877 /* get_session can return sessions from a server-side connection,
2878 * it does not check for handshake done or client socket. */
2879 PySSLSession *pysess;
2880 SSL_SESSION *session;
2881
2882 #ifdef OPENSSL_VERSION_1_1
2883 /* duplicate session as workaround for session bug in OpenSSL 1.1.0,
2884 * https://github.com/openssl/openssl/issues/1550 */
2885 session = SSL_get0_session(self->ssl); /* borrowed reference */
2886 if (session == NULL) {
2887 Py_RETURN_NONE;
2888 }
2889 if ((session = _ssl_session_dup(session)) == NULL) {
2890 return NULL;
2891 }
2892 #else
2893 session = SSL_get1_session(self->ssl);
2894 if (session == NULL) {
2895 Py_RETURN_NONE;
2896 }
2897 #endif
2898 pysess = PyObject_GC_New(PySSLSession, &PySSLSession_Type);
2899 if (pysess == NULL) {
2900 SSL_SESSION_free(session);
2901 return NULL;
2902 }
2903
2904 assert(self->ctx);
2905 pysess->ctx = self->ctx;
2906 Py_INCREF(pysess->ctx);
2907 pysess->session = session;
2908 PyObject_GC_Track(pysess);
2909 return (PyObject *)pysess;
2910 }
2911
PySSL_set_session(PySSLSocket * self,PyObject * value,void * closure)2912 static int PySSL_set_session(PySSLSocket *self, PyObject *value,
2913 void *closure)
2914 {
2915 PySSLSession *pysess;
2916 #ifdef OPENSSL_VERSION_1_1
2917 SSL_SESSION *session;
2918 #endif
2919 int result;
2920
2921 if (!PySSLSession_Check(value)) {
2922 PyErr_SetString(PyExc_TypeError, "Value is not a SSLSession.");
2923 return -1;
2924 }
2925 pysess = (PySSLSession *)value;
2926
2927 if (self->ctx->ctx != pysess->ctx->ctx) {
2928 PyErr_SetString(PyExc_ValueError,
2929 "Session refers to a different SSLContext.");
2930 return -1;
2931 }
2932 if (self->socket_type != PY_SSL_CLIENT) {
2933 PyErr_SetString(PyExc_ValueError,
2934 "Cannot set session for server-side SSLSocket.");
2935 return -1;
2936 }
2937 if (SSL_is_init_finished(self->ssl)) {
2938 PyErr_SetString(PyExc_ValueError,
2939 "Cannot set session after handshake.");
2940 return -1;
2941 }
2942 #ifdef OPENSSL_VERSION_1_1
2943 /* duplicate session */
2944 if ((session = _ssl_session_dup(pysess->session)) == NULL) {
2945 return -1;
2946 }
2947 result = SSL_set_session(self->ssl, session);
2948 /* free duplicate, SSL_set_session() bumps ref count */
2949 SSL_SESSION_free(session);
2950 #else
2951 result = SSL_set_session(self->ssl, pysess->session);
2952 #endif
2953 if (result == 0) {
2954 _setSSLError(NULL, 0, __FILE__, __LINE__);
2955 return -1;
2956 }
2957 return 0;
2958 }
2959
2960 PyDoc_STRVAR(PySSL_set_session_doc,
2961 "_setter_session(session)\n\
2962 \
2963 Get / set SSLSession.");
2964
2965 static PyObject *
PySSL_get_session_reused(PySSLSocket * self,void * closure)2966 PySSL_get_session_reused(PySSLSocket *self, void *closure) {
2967 if (SSL_session_reused(self->ssl)) {
2968 Py_RETURN_TRUE;
2969 } else {
2970 Py_RETURN_FALSE;
2971 }
2972 }
2973
2974 PyDoc_STRVAR(PySSL_get_session_reused_doc,
2975 "Was the client session reused during handshake?");
2976
2977 static PyGetSetDef ssl_getsetlist[] = {
2978 {"context", (getter) PySSL_get_context,
2979 (setter) PySSL_set_context, PySSL_set_context_doc},
2980 {"server_side", (getter) PySSL_get_server_side, NULL,
2981 PySSL_get_server_side_doc},
2982 {"server_hostname", (getter) PySSL_get_server_hostname, NULL,
2983 PySSL_get_server_hostname_doc},
2984 {"owner", (getter) PySSL_get_owner, (setter) PySSL_set_owner,
2985 PySSL_get_owner_doc},
2986 {"session", (getter) PySSL_get_session,
2987 (setter) PySSL_set_session, PySSL_set_session_doc},
2988 {"session_reused", (getter) PySSL_get_session_reused, NULL,
2989 PySSL_get_session_reused_doc},
2990 {NULL}, /* sentinel */
2991 };
2992
2993 static PyMethodDef PySSLMethods[] = {
2994 _SSL__SSLSOCKET_DO_HANDSHAKE_METHODDEF
2995 _SSL__SSLSOCKET_WRITE_METHODDEF
2996 _SSL__SSLSOCKET_READ_METHODDEF
2997 _SSL__SSLSOCKET_PENDING_METHODDEF
2998 _SSL__SSLSOCKET_GETPEERCERT_METHODDEF
2999 _SSL__SSLSOCKET_GET_CHANNEL_BINDING_METHODDEF
3000 _SSL__SSLSOCKET_CIPHER_METHODDEF
3001 _SSL__SSLSOCKET_SHARED_CIPHERS_METHODDEF
3002 _SSL__SSLSOCKET_VERSION_METHODDEF
3003 _SSL__SSLSOCKET_SELECTED_NPN_PROTOCOL_METHODDEF
3004 _SSL__SSLSOCKET_SELECTED_ALPN_PROTOCOL_METHODDEF
3005 _SSL__SSLSOCKET_COMPRESSION_METHODDEF
3006 _SSL__SSLSOCKET_SHUTDOWN_METHODDEF
3007 _SSL__SSLSOCKET_VERIFY_CLIENT_POST_HANDSHAKE_METHODDEF
3008 {NULL, NULL}
3009 };
3010
3011 static PyTypeObject PySSLSocket_Type = {
3012 PyVarObject_HEAD_INIT(NULL, 0)
3013 "_ssl._SSLSocket", /*tp_name*/
3014 sizeof(PySSLSocket), /*tp_basicsize*/
3015 0, /*tp_itemsize*/
3016 /* methods */
3017 (destructor)PySSL_dealloc, /*tp_dealloc*/
3018 0, /*tp_vectorcall_offset*/
3019 0, /*tp_getattr*/
3020 0, /*tp_setattr*/
3021 0, /*tp_as_async*/
3022 0, /*tp_repr*/
3023 0, /*tp_as_number*/
3024 0, /*tp_as_sequence*/
3025 0, /*tp_as_mapping*/
3026 0, /*tp_hash*/
3027 0, /*tp_call*/
3028 0, /*tp_str*/
3029 0, /*tp_getattro*/
3030 0, /*tp_setattro*/
3031 0, /*tp_as_buffer*/
3032 Py_TPFLAGS_DEFAULT, /*tp_flags*/
3033 0, /*tp_doc*/
3034 (traverseproc) PySSL_traverse, /*tp_traverse*/
3035 (inquiry) PySSL_clear, /*tp_clear*/
3036 0, /*tp_richcompare*/
3037 0, /*tp_weaklistoffset*/
3038 0, /*tp_iter*/
3039 0, /*tp_iternext*/
3040 PySSLMethods, /*tp_methods*/
3041 0, /*tp_members*/
3042 ssl_getsetlist, /*tp_getset*/
3043 };
3044
3045
3046 /*
3047 * _SSLContext objects
3048 */
3049
3050 static int
_set_verify_mode(PySSLContext * self,enum py_ssl_cert_requirements n)3051 _set_verify_mode(PySSLContext *self, enum py_ssl_cert_requirements n)
3052 {
3053 int mode;
3054 int (*verify_cb)(int, X509_STORE_CTX *) = NULL;
3055
3056 switch(n) {
3057 case PY_SSL_CERT_NONE:
3058 mode = SSL_VERIFY_NONE;
3059 break;
3060 case PY_SSL_CERT_OPTIONAL:
3061 mode = SSL_VERIFY_PEER;
3062 break;
3063 case PY_SSL_CERT_REQUIRED:
3064 mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
3065 break;
3066 default:
3067 PyErr_SetString(PyExc_ValueError,
3068 "invalid value for verify_mode");
3069 return -1;
3070 }
3071
3072 /* bpo-37428: newPySSLSocket() sets SSL_VERIFY_POST_HANDSHAKE flag for
3073 * server sockets and SSL_set_post_handshake_auth() for client. */
3074
3075 /* keep current verify cb */
3076 verify_cb = SSL_CTX_get_verify_callback(self->ctx);
3077 SSL_CTX_set_verify(self->ctx, mode, verify_cb);
3078 return 0;
3079 }
3080
3081 /*[clinic input]
3082 @classmethod
3083 _ssl._SSLContext.__new__
3084 protocol as proto_version: int
3085 /
3086 [clinic start generated code]*/
3087
3088 static PyObject *
_ssl__SSLContext_impl(PyTypeObject * type,int proto_version)3089 _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
3090 /*[clinic end generated code: output=2cf0d7a0741b6bd1 input=8d58a805b95fc534]*/
3091 {
3092 PySSLContext *self;
3093 long options;
3094 SSL_CTX *ctx = NULL;
3095 X509_VERIFY_PARAM *params;
3096 int result;
3097 #if defined(SSL_MODE_RELEASE_BUFFERS)
3098 unsigned long libver;
3099 #endif
3100
3101 PySSL_BEGIN_ALLOW_THREADS
3102 switch(proto_version) {
3103 #if defined(SSL3_VERSION) && !defined(OPENSSL_NO_SSL3)
3104 case PY_SSL_VERSION_SSL3:
3105 ctx = SSL_CTX_new(SSLv3_method());
3106 break;
3107 #endif
3108 #if (defined(TLS1_VERSION) && \
3109 !defined(OPENSSL_NO_TLS1) && \
3110 !defined(OPENSSL_NO_TLS1_METHOD))
3111 case PY_SSL_VERSION_TLS1:
3112 ctx = SSL_CTX_new(TLSv1_method());
3113 break;
3114 #endif
3115 #if (defined(TLS1_1_VERSION) && \
3116 !defined(OPENSSL_NO_TLS1_1) && \
3117 !defined(OPENSSL_NO_TLS1_1_METHOD))
3118 case PY_SSL_VERSION_TLS1_1:
3119 ctx = SSL_CTX_new(TLSv1_1_method());
3120 break;
3121 #endif
3122 #if (defined(TLS1_2_VERSION) && \
3123 !defined(OPENSSL_NO_TLS1_2) && \
3124 !defined(OPENSSL_NO_TLS1_2_METHOD))
3125 case PY_SSL_VERSION_TLS1_2:
3126 ctx = SSL_CTX_new(TLSv1_2_method());
3127 break;
3128 #endif
3129 case PY_SSL_VERSION_TLS:
3130 /* SSLv23 */
3131 ctx = SSL_CTX_new(TLS_method());
3132 break;
3133 case PY_SSL_VERSION_TLS_CLIENT:
3134 ctx = SSL_CTX_new(TLS_client_method());
3135 break;
3136 case PY_SSL_VERSION_TLS_SERVER:
3137 ctx = SSL_CTX_new(TLS_server_method());
3138 break;
3139 default:
3140 proto_version = -1;
3141 }
3142 PySSL_END_ALLOW_THREADS
3143
3144 if (proto_version == -1) {
3145 PyErr_SetString(PyExc_ValueError,
3146 "invalid or unsupported protocol version");
3147 return NULL;
3148 }
3149 if (ctx == NULL) {
3150 _setSSLError(NULL, 0, __FILE__, __LINE__);
3151 return NULL;
3152 }
3153
3154 assert(type != NULL && type->tp_alloc != NULL);
3155 self = (PySSLContext *) type->tp_alloc(type, 0);
3156 if (self == NULL) {
3157 SSL_CTX_free(ctx);
3158 return NULL;
3159 }
3160 self->ctx = ctx;
3161 self->hostflags = X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
3162 self->protocol = proto_version;
3163 self->msg_cb = NULL;
3164 #ifdef HAVE_OPENSSL_KEYLOG
3165 self->keylog_filename = NULL;
3166 self->keylog_bio = NULL;
3167 #endif
3168 #if HAVE_NPN
3169 self->npn_protocols = NULL;
3170 #endif
3171 #if HAVE_ALPN
3172 self->alpn_protocols = NULL;
3173 #endif
3174 #ifndef OPENSSL_NO_TLSEXT
3175 self->set_sni_cb = NULL;
3176 #endif
3177 /* Don't check host name by default */
3178 if (proto_version == PY_SSL_VERSION_TLS_CLIENT) {
3179 self->check_hostname = 1;
3180 if (_set_verify_mode(self, PY_SSL_CERT_REQUIRED) == -1) {
3181 Py_DECREF(self);
3182 return NULL;
3183 }
3184 } else {
3185 self->check_hostname = 0;
3186 if (_set_verify_mode(self, PY_SSL_CERT_NONE) == -1) {
3187 Py_DECREF(self);
3188 return NULL;
3189 }
3190 }
3191 /* Defaults */
3192 options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
3193 if (proto_version != PY_SSL_VERSION_SSL2)
3194 options |= SSL_OP_NO_SSLv2;
3195 if (proto_version != PY_SSL_VERSION_SSL3)
3196 options |= SSL_OP_NO_SSLv3;
3197 /* Minimal security flags for server and client side context.
3198 * Client sockets ignore server-side parameters. */
3199 #ifdef SSL_OP_NO_COMPRESSION
3200 options |= SSL_OP_NO_COMPRESSION;
3201 #endif
3202 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
3203 options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
3204 #endif
3205 #ifdef SSL_OP_SINGLE_DH_USE
3206 options |= SSL_OP_SINGLE_DH_USE;
3207 #endif
3208 #ifdef SSL_OP_SINGLE_ECDH_USE
3209 options |= SSL_OP_SINGLE_ECDH_USE;
3210 #endif
3211 SSL_CTX_set_options(self->ctx, options);
3212
3213 /* A bare minimum cipher list without completely broken cipher suites.
3214 * It's far from perfect but gives users a better head start. */
3215 if (proto_version != PY_SSL_VERSION_SSL2) {
3216 #if PY_SSL_DEFAULT_CIPHERS == 2
3217 /* stick to OpenSSL's default settings */
3218 result = 1;
3219 #else
3220 result = SSL_CTX_set_cipher_list(ctx, PY_SSL_DEFAULT_CIPHER_STRING);
3221 #endif
3222 } else {
3223 /* SSLv2 needs MD5 */
3224 result = SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!eNULL");
3225 }
3226 if (result == 0) {
3227 Py_DECREF(self);
3228 ERR_clear_error();
3229 PyErr_SetString(PySSLErrorObject,
3230 "No cipher can be selected.");
3231 return NULL;
3232 }
3233
3234 #if defined(SSL_MODE_RELEASE_BUFFERS)
3235 /* Set SSL_MODE_RELEASE_BUFFERS. This potentially greatly reduces memory
3236 usage for no cost at all. However, don't do this for OpenSSL versions
3237 between 1.0.1 and 1.0.1h or 1.0.0 and 1.0.0m, which are affected by CVE
3238 2014-0198. I can't find exactly which beta fixed this CVE, so be
3239 conservative and assume it wasn't fixed until release. We do this check
3240 at runtime to avoid problems from the dynamic linker.
3241 See #25672 for more on this. */
3242 libver = OpenSSL_version_num();
3243 if (!(libver >= 0x10001000UL && libver < 0x1000108fUL) &&
3244 !(libver >= 0x10000000UL && libver < 0x100000dfUL)) {
3245 SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS);
3246 }
3247 #endif
3248
3249
3250 #if !defined(OPENSSL_NO_ECDH) && !defined(OPENSSL_VERSION_1_1)
3251 /* Allow automatic ECDH curve selection (on OpenSSL 1.0.2+), or use
3252 prime256v1 by default. This is Apache mod_ssl's initialization
3253 policy, so we should be safe. OpenSSL 1.1 has it enabled by default.
3254 */
3255 #if defined(SSL_CTX_set_ecdh_auto)
3256 SSL_CTX_set_ecdh_auto(self->ctx, 1);
3257 #else
3258 {
3259 EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
3260 SSL_CTX_set_tmp_ecdh(self->ctx, key);
3261 EC_KEY_free(key);
3262 }
3263 #endif
3264 #endif
3265
3266 #define SID_CTX "Python"
3267 SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX,
3268 sizeof(SID_CTX));
3269 #undef SID_CTX
3270
3271 params = SSL_CTX_get0_param(self->ctx);
3272 #ifdef X509_V_FLAG_TRUSTED_FIRST
3273 /* Improve trust chain building when cross-signed intermediate
3274 certificates are present. See https://bugs.python.org/issue23476. */
3275 X509_VERIFY_PARAM_set_flags(params, X509_V_FLAG_TRUSTED_FIRST);
3276 #endif
3277 X509_VERIFY_PARAM_set_hostflags(params, self->hostflags);
3278
3279 #ifdef TLS1_3_VERSION
3280 self->post_handshake_auth = 0;
3281 SSL_CTX_set_post_handshake_auth(self->ctx, self->post_handshake_auth);
3282 #endif
3283
3284 return (PyObject *)self;
3285 }
3286
3287 static int
context_traverse(PySSLContext * self,visitproc visit,void * arg)3288 context_traverse(PySSLContext *self, visitproc visit, void *arg)
3289 {
3290 #ifndef OPENSSL_NO_TLSEXT
3291 Py_VISIT(self->set_sni_cb);
3292 #endif
3293 Py_VISIT(self->msg_cb);
3294 return 0;
3295 }
3296
3297 static int
context_clear(PySSLContext * self)3298 context_clear(PySSLContext *self)
3299 {
3300 #ifndef OPENSSL_NO_TLSEXT
3301 Py_CLEAR(self->set_sni_cb);
3302 #endif
3303 Py_CLEAR(self->msg_cb);
3304 #ifdef HAVE_OPENSSL_KEYLOG
3305 Py_CLEAR(self->keylog_filename);
3306 if (self->keylog_bio != NULL) {
3307 PySSL_BEGIN_ALLOW_THREADS
3308 BIO_free_all(self->keylog_bio);
3309 PySSL_END_ALLOW_THREADS
3310 self->keylog_bio = NULL;
3311 }
3312 #endif
3313 return 0;
3314 }
3315
3316 static void
context_dealloc(PySSLContext * self)3317 context_dealloc(PySSLContext *self)
3318 {
3319 /* bpo-31095: UnTrack is needed before calling any callbacks */
3320 PyObject_GC_UnTrack(self);
3321 context_clear(self);
3322 SSL_CTX_free(self->ctx);
3323 #if HAVE_NPN
3324 PyMem_FREE(self->npn_protocols);
3325 #endif
3326 #if HAVE_ALPN
3327 PyMem_FREE(self->alpn_protocols);
3328 #endif
3329 Py_TYPE(self)->tp_free(self);
3330 }
3331
3332 /*[clinic input]
3333 _ssl._SSLContext.set_ciphers
3334 cipherlist: str
3335 /
3336 [clinic start generated code]*/
3337
3338 static PyObject *
_ssl__SSLContext_set_ciphers_impl(PySSLContext * self,const char * cipherlist)3339 _ssl__SSLContext_set_ciphers_impl(PySSLContext *self, const char *cipherlist)
3340 /*[clinic end generated code: output=3a3162f3557c0f3f input=a7ac931b9f3ca7fc]*/
3341 {
3342 int ret = SSL_CTX_set_cipher_list(self->ctx, cipherlist);
3343 if (ret == 0) {
3344 /* Clearing the error queue is necessary on some OpenSSL versions,
3345 otherwise the error will be reported again when another SSL call
3346 is done. */
3347 ERR_clear_error();
3348 PyErr_SetString(PySSLErrorObject,
3349 "No cipher can be selected.");
3350 return NULL;
3351 }
3352 Py_RETURN_NONE;
3353 }
3354
3355 #if OPENSSL_VERSION_NUMBER >= 0x10002000UL
3356 /*[clinic input]
3357 _ssl._SSLContext.get_ciphers
3358 [clinic start generated code]*/
3359
3360 static PyObject *
_ssl__SSLContext_get_ciphers_impl(PySSLContext * self)3361 _ssl__SSLContext_get_ciphers_impl(PySSLContext *self)
3362 /*[clinic end generated code: output=a56e4d68a406dfc4 input=a2aadc9af89b79c5]*/
3363 {
3364 SSL *ssl = NULL;
3365 STACK_OF(SSL_CIPHER) *sk = NULL;
3366 const SSL_CIPHER *cipher;
3367 int i=0;
3368 PyObject *result = NULL, *dct;
3369
3370 ssl = SSL_new(self->ctx);
3371 if (ssl == NULL) {
3372 _setSSLError(NULL, 0, __FILE__, __LINE__);
3373 goto exit;
3374 }
3375 sk = SSL_get_ciphers(ssl);
3376
3377 result = PyList_New(sk_SSL_CIPHER_num(sk));
3378 if (result == NULL) {
3379 goto exit;
3380 }
3381
3382 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
3383 cipher = sk_SSL_CIPHER_value(sk, i);
3384 dct = cipher_to_dict(cipher);
3385 if (dct == NULL) {
3386 Py_CLEAR(result);
3387 goto exit;
3388 }
3389 PyList_SET_ITEM(result, i, dct);
3390 }
3391
3392 exit:
3393 if (ssl != NULL)
3394 SSL_free(ssl);
3395 return result;
3396
3397 }
3398 #endif
3399
3400
3401 #if HAVE_NPN || HAVE_ALPN
3402 static int
do_protocol_selection(int alpn,unsigned char ** out,unsigned char * outlen,const unsigned char * server_protocols,unsigned int server_protocols_len,const unsigned char * client_protocols,unsigned int client_protocols_len)3403 do_protocol_selection(int alpn, unsigned char **out, unsigned char *outlen,
3404 const unsigned char *server_protocols, unsigned int server_protocols_len,
3405 const unsigned char *client_protocols, unsigned int client_protocols_len)
3406 {
3407 int ret;
3408 if (client_protocols == NULL) {
3409 client_protocols = (unsigned char *)"";
3410 client_protocols_len = 0;
3411 }
3412 if (server_protocols == NULL) {
3413 server_protocols = (unsigned char *)"";
3414 server_protocols_len = 0;
3415 }
3416
3417 ret = SSL_select_next_proto(out, outlen,
3418 server_protocols, server_protocols_len,
3419 client_protocols, client_protocols_len);
3420 if (alpn && ret != OPENSSL_NPN_NEGOTIATED)
3421 return SSL_TLSEXT_ERR_NOACK;
3422
3423 return SSL_TLSEXT_ERR_OK;
3424 }
3425 #endif
3426
3427 #if HAVE_NPN
3428 /* this callback gets passed to SSL_CTX_set_next_protos_advertise_cb */
3429 static int
_advertiseNPN_cb(SSL * s,const unsigned char ** data,unsigned int * len,void * args)3430 _advertiseNPN_cb(SSL *s,
3431 const unsigned char **data, unsigned int *len,
3432 void *args)
3433 {
3434 PySSLContext *ssl_ctx = (PySSLContext *) args;
3435
3436 if (ssl_ctx->npn_protocols == NULL) {
3437 *data = (unsigned char *)"";
3438 *len = 0;
3439 } else {
3440 *data = ssl_ctx->npn_protocols;
3441 *len = ssl_ctx->npn_protocols_len;
3442 }
3443
3444 return SSL_TLSEXT_ERR_OK;
3445 }
3446 /* this callback gets passed to SSL_CTX_set_next_proto_select_cb */
3447 static int
_selectNPN_cb(SSL * s,unsigned char ** out,unsigned char * outlen,const unsigned char * server,unsigned int server_len,void * args)3448 _selectNPN_cb(SSL *s,
3449 unsigned char **out, unsigned char *outlen,
3450 const unsigned char *server, unsigned int server_len,
3451 void *args)
3452 {
3453 PySSLContext *ctx = (PySSLContext *)args;
3454 return do_protocol_selection(0, out, outlen, server, server_len,
3455 ctx->npn_protocols, ctx->npn_protocols_len);
3456 }
3457 #endif
3458
3459 /*[clinic input]
3460 _ssl._SSLContext._set_npn_protocols
3461 protos: Py_buffer
3462 /
3463 [clinic start generated code]*/
3464
3465 static PyObject *
_ssl__SSLContext__set_npn_protocols_impl(PySSLContext * self,Py_buffer * protos)3466 _ssl__SSLContext__set_npn_protocols_impl(PySSLContext *self,
3467 Py_buffer *protos)
3468 /*[clinic end generated code: output=72b002c3324390c6 input=319fcb66abf95bd7]*/
3469 {
3470 #if HAVE_NPN
3471 PyMem_Free(self->npn_protocols);
3472 self->npn_protocols = PyMem_Malloc(protos->len);
3473 if (self->npn_protocols == NULL)
3474 return PyErr_NoMemory();
3475 memcpy(self->npn_protocols, protos->buf, protos->len);
3476 self->npn_protocols_len = (int) protos->len;
3477
3478 /* set both server and client callbacks, because the context can
3479 * be used to create both types of sockets */
3480 SSL_CTX_set_next_protos_advertised_cb(self->ctx,
3481 _advertiseNPN_cb,
3482 self);
3483 SSL_CTX_set_next_proto_select_cb(self->ctx,
3484 _selectNPN_cb,
3485 self);
3486
3487 Py_RETURN_NONE;
3488 #else
3489 PyErr_SetString(PyExc_NotImplementedError,
3490 "The NPN extension requires OpenSSL 1.0.1 or later.");
3491 return NULL;
3492 #endif
3493 }
3494
3495 #if HAVE_ALPN
3496 static int
_selectALPN_cb(SSL * s,const unsigned char ** out,unsigned char * outlen,const unsigned char * client_protocols,unsigned int client_protocols_len,void * args)3497 _selectALPN_cb(SSL *s,
3498 const unsigned char **out, unsigned char *outlen,
3499 const unsigned char *client_protocols, unsigned int client_protocols_len,
3500 void *args)
3501 {
3502 PySSLContext *ctx = (PySSLContext *)args;
3503 return do_protocol_selection(1, (unsigned char **)out, outlen,
3504 ctx->alpn_protocols, ctx->alpn_protocols_len,
3505 client_protocols, client_protocols_len);
3506 }
3507 #endif
3508
3509 /*[clinic input]
3510 _ssl._SSLContext._set_alpn_protocols
3511 protos: Py_buffer
3512 /
3513 [clinic start generated code]*/
3514
3515 static PyObject *
_ssl__SSLContext__set_alpn_protocols_impl(PySSLContext * self,Py_buffer * protos)3516 _ssl__SSLContext__set_alpn_protocols_impl(PySSLContext *self,
3517 Py_buffer *protos)
3518 /*[clinic end generated code: output=87599a7f76651a9b input=9bba964595d519be]*/
3519 {
3520 #if HAVE_ALPN
3521 if ((size_t)protos->len > UINT_MAX) {
3522 PyErr_Format(PyExc_OverflowError,
3523 "protocols longer than %u bytes", UINT_MAX);
3524 return NULL;
3525 }
3526
3527 PyMem_FREE(self->alpn_protocols);
3528 self->alpn_protocols = PyMem_Malloc(protos->len);
3529 if (!self->alpn_protocols)
3530 return PyErr_NoMemory();
3531 memcpy(self->alpn_protocols, protos->buf, protos->len);
3532 self->alpn_protocols_len = (unsigned int)protos->len;
3533
3534 if (SSL_CTX_set_alpn_protos(self->ctx, self->alpn_protocols, self->alpn_protocols_len))
3535 return PyErr_NoMemory();
3536 SSL_CTX_set_alpn_select_cb(self->ctx, _selectALPN_cb, self);
3537
3538 Py_RETURN_NONE;
3539 #else
3540 PyErr_SetString(PyExc_NotImplementedError,
3541 "The ALPN extension requires OpenSSL 1.0.2 or later.");
3542 return NULL;
3543 #endif
3544 }
3545
3546 static PyObject *
get_verify_mode(PySSLContext * self,void * c)3547 get_verify_mode(PySSLContext *self, void *c)
3548 {
3549 /* ignore SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_POST_HANDSHAKE */
3550 int mask = (SSL_VERIFY_NONE | SSL_VERIFY_PEER |
3551 SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
3552 switch (SSL_CTX_get_verify_mode(self->ctx) & mask) {
3553 case SSL_VERIFY_NONE:
3554 return PyLong_FromLong(PY_SSL_CERT_NONE);
3555 case SSL_VERIFY_PEER:
3556 return PyLong_FromLong(PY_SSL_CERT_OPTIONAL);
3557 case SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT:
3558 return PyLong_FromLong(PY_SSL_CERT_REQUIRED);
3559 }
3560 PyErr_SetString(PySSLErrorObject,
3561 "invalid return value from SSL_CTX_get_verify_mode");
3562 return NULL;
3563 }
3564
3565 static int
set_verify_mode(PySSLContext * self,PyObject * arg,void * c)3566 set_verify_mode(PySSLContext *self, PyObject *arg, void *c)
3567 {
3568 int n;
3569 if (!PyArg_Parse(arg, "i", &n))
3570 return -1;
3571 if (n == PY_SSL_CERT_NONE && self->check_hostname) {
3572 PyErr_SetString(PyExc_ValueError,
3573 "Cannot set verify_mode to CERT_NONE when "
3574 "check_hostname is enabled.");
3575 return -1;
3576 }
3577 return _set_verify_mode(self, n);
3578 }
3579
3580 static PyObject *
get_verify_flags(PySSLContext * self,void * c)3581 get_verify_flags(PySSLContext *self, void *c)
3582 {
3583 X509_VERIFY_PARAM *param;
3584 unsigned long flags;
3585
3586 param = SSL_CTX_get0_param(self->ctx);
3587 flags = X509_VERIFY_PARAM_get_flags(param);
3588 return PyLong_FromUnsignedLong(flags);
3589 }
3590
3591 static int
set_verify_flags(PySSLContext * self,PyObject * arg,void * c)3592 set_verify_flags(PySSLContext *self, PyObject *arg, void *c)
3593 {
3594 X509_VERIFY_PARAM *param;
3595 unsigned long new_flags, flags, set, clear;
3596
3597 if (!PyArg_Parse(arg, "k", &new_flags))
3598 return -1;
3599 param = SSL_CTX_get0_param(self->ctx);
3600 flags = X509_VERIFY_PARAM_get_flags(param);
3601 clear = flags & ~new_flags;
3602 set = ~flags & new_flags;
3603 if (clear) {
3604 if (!X509_VERIFY_PARAM_clear_flags(param, clear)) {
3605 _setSSLError(NULL, 0, __FILE__, __LINE__);
3606 return -1;
3607 }
3608 }
3609 if (set) {
3610 if (!X509_VERIFY_PARAM_set_flags(param, set)) {
3611 _setSSLError(NULL, 0, __FILE__, __LINE__);
3612 return -1;
3613 }
3614 }
3615 return 0;
3616 }
3617
3618 /* Getter and setter for protocol version */
3619 #if defined(SSL_CTRL_GET_MAX_PROTO_VERSION)
3620
3621
3622 static int
set_min_max_proto_version(PySSLContext * self,PyObject * arg,int what)3623 set_min_max_proto_version(PySSLContext *self, PyObject *arg, int what)
3624 {
3625 long v;
3626 int result;
3627
3628 if (!PyArg_Parse(arg, "l", &v))
3629 return -1;
3630 if (v > INT_MAX) {
3631 PyErr_SetString(PyExc_OverflowError, "Option is too long");
3632 return -1;
3633 }
3634
3635 switch(self->protocol) {
3636 case PY_SSL_VERSION_TLS_CLIENT: /* fall through */
3637 case PY_SSL_VERSION_TLS_SERVER: /* fall through */
3638 case PY_SSL_VERSION_TLS:
3639 break;
3640 default:
3641 PyErr_SetString(
3642 PyExc_ValueError,
3643 "The context's protocol doesn't support modification of "
3644 "highest and lowest version."
3645 );
3646 return -1;
3647 }
3648
3649 if (what == 0) {
3650 switch(v) {
3651 case PY_PROTO_MINIMUM_SUPPORTED:
3652 v = 0;
3653 break;
3654 case PY_PROTO_MAXIMUM_SUPPORTED:
3655 /* Emulate max for set_min_proto_version */
3656 v = PY_PROTO_MAXIMUM_AVAILABLE;
3657 break;
3658 default:
3659 break;
3660 }
3661 result = SSL_CTX_set_min_proto_version(self->ctx, v);
3662 }
3663 else {
3664 switch(v) {
3665 case PY_PROTO_MAXIMUM_SUPPORTED:
3666 v = 0;
3667 break;
3668 case PY_PROTO_MINIMUM_SUPPORTED:
3669 /* Emulate max for set_min_proto_version */
3670 v = PY_PROTO_MINIMUM_AVAILABLE;
3671 break;
3672 default:
3673 break;
3674 }
3675 result = SSL_CTX_set_max_proto_version(self->ctx, v);
3676 }
3677 if (result == 0) {
3678 PyErr_Format(PyExc_ValueError,
3679 "Unsupported protocol version 0x%x", v);
3680 return -1;
3681 }
3682 return 0;
3683 }
3684
3685 static PyObject *
get_minimum_version(PySSLContext * self,void * c)3686 get_minimum_version(PySSLContext *self, void *c)
3687 {
3688 int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL);
3689 if (v == 0) {
3690 v = PY_PROTO_MINIMUM_SUPPORTED;
3691 }
3692 return PyLong_FromLong(v);
3693 }
3694
3695 static int
set_minimum_version(PySSLContext * self,PyObject * arg,void * c)3696 set_minimum_version(PySSLContext *self, PyObject *arg, void *c)
3697 {
3698 return set_min_max_proto_version(self, arg, 0);
3699 }
3700
3701 static PyObject *
get_maximum_version(PySSLContext * self,void * c)3702 get_maximum_version(PySSLContext *self, void *c)
3703 {
3704 int v = SSL_CTX_ctrl(self->ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL);
3705 if (v == 0) {
3706 v = PY_PROTO_MAXIMUM_SUPPORTED;
3707 }
3708 return PyLong_FromLong(v);
3709 }
3710
3711 static int
set_maximum_version(PySSLContext * self,PyObject * arg,void * c)3712 set_maximum_version(PySSLContext *self, PyObject *arg, void *c)
3713 {
3714 return set_min_max_proto_version(self, arg, 1);
3715 }
3716 #endif /* SSL_CTRL_GET_MAX_PROTO_VERSION */
3717
3718 #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
3719 static PyObject *
get_num_tickets(PySSLContext * self,void * c)3720 get_num_tickets(PySSLContext *self, void *c)
3721 {
3722 return PyLong_FromSize_t(SSL_CTX_get_num_tickets(self->ctx));
3723 }
3724
3725 static int
set_num_tickets(PySSLContext * self,PyObject * arg,void * c)3726 set_num_tickets(PySSLContext *self, PyObject *arg, void *c)
3727 {
3728 long num;
3729 if (!PyArg_Parse(arg, "l", &num))
3730 return -1;
3731 if (num < 0) {
3732 PyErr_SetString(PyExc_ValueError, "value must be non-negative");
3733 return -1;
3734 }
3735 if (self->protocol != PY_SSL_VERSION_TLS_SERVER) {
3736 PyErr_SetString(PyExc_ValueError,
3737 "SSLContext is not a server context.");
3738 return -1;
3739 }
3740 if (SSL_CTX_set_num_tickets(self->ctx, num) != 1) {
3741 PyErr_SetString(PyExc_ValueError, "failed to set num tickets.");
3742 return -1;
3743 }
3744 return 0;
3745 }
3746
3747 PyDoc_STRVAR(PySSLContext_num_tickets_doc,
3748 "Control the number of TLSv1.3 session tickets");
3749 #endif /* OpenSSL 1.1.1 */
3750
3751 static PyObject *
get_options(PySSLContext * self,void * c)3752 get_options(PySSLContext *self, void *c)
3753 {
3754 return PyLong_FromLong(SSL_CTX_get_options(self->ctx));
3755 }
3756
3757 static int
set_options(PySSLContext * self,PyObject * arg,void * c)3758 set_options(PySSLContext *self, PyObject *arg, void *c)
3759 {
3760 long new_opts, opts, set, clear;
3761 if (!PyArg_Parse(arg, "l", &new_opts))
3762 return -1;
3763 opts = SSL_CTX_get_options(self->ctx);
3764 clear = opts & ~new_opts;
3765 set = ~opts & new_opts;
3766 if (clear) {
3767 #ifdef HAVE_SSL_CTX_CLEAR_OPTIONS
3768 SSL_CTX_clear_options(self->ctx, clear);
3769 #else
3770 PyErr_SetString(PyExc_ValueError,
3771 "can't clear options before OpenSSL 0.9.8m");
3772 return -1;
3773 #endif
3774 }
3775 if (set)
3776 SSL_CTX_set_options(self->ctx, set);
3777 return 0;
3778 }
3779
3780 static PyObject *
get_host_flags(PySSLContext * self,void * c)3781 get_host_flags(PySSLContext *self, void *c)
3782 {
3783 return PyLong_FromUnsignedLong(self->hostflags);
3784 }
3785
3786 static int
set_host_flags(PySSLContext * self,PyObject * arg,void * c)3787 set_host_flags(PySSLContext *self, PyObject *arg, void *c)
3788 {
3789 X509_VERIFY_PARAM *param;
3790 unsigned int new_flags = 0;
3791
3792 if (!PyArg_Parse(arg, "I", &new_flags))
3793 return -1;
3794
3795 param = SSL_CTX_get0_param(self->ctx);
3796 self->hostflags = new_flags;
3797 X509_VERIFY_PARAM_set_hostflags(param, new_flags);
3798 return 0;
3799 }
3800
3801 static PyObject *
get_check_hostname(PySSLContext * self,void * c)3802 get_check_hostname(PySSLContext *self, void *c)
3803 {
3804 return PyBool_FromLong(self->check_hostname);
3805 }
3806
3807 static int
set_check_hostname(PySSLContext * self,PyObject * arg,void * c)3808 set_check_hostname(PySSLContext *self, PyObject *arg, void *c)
3809 {
3810 int check_hostname;
3811 if (!PyArg_Parse(arg, "p", &check_hostname))
3812 return -1;
3813 if (check_hostname &&
3814 SSL_CTX_get_verify_mode(self->ctx) == SSL_VERIFY_NONE) {
3815 /* check_hostname = True sets verify_mode = CERT_REQUIRED */
3816 if (_set_verify_mode(self, PY_SSL_CERT_REQUIRED) == -1) {
3817 return -1;
3818 }
3819 }
3820 self->check_hostname = check_hostname;
3821 return 0;
3822 }
3823
3824 static PyObject *
get_post_handshake_auth(PySSLContext * self,void * c)3825 get_post_handshake_auth(PySSLContext *self, void *c) {
3826 #if TLS1_3_VERSION
3827 return PyBool_FromLong(self->post_handshake_auth);
3828 #else
3829 Py_RETURN_NONE;
3830 #endif
3831 }
3832
3833 #if TLS1_3_VERSION
3834 static int
set_post_handshake_auth(PySSLContext * self,PyObject * arg,void * c)3835 set_post_handshake_auth(PySSLContext *self, PyObject *arg, void *c) {
3836 if (arg == NULL) {
3837 PyErr_SetString(PyExc_AttributeError, "cannot delete attribute");
3838 return -1;
3839 }
3840 int pha = PyObject_IsTrue(arg);
3841
3842 if (pha == -1) {
3843 return -1;
3844 }
3845 self->post_handshake_auth = pha;
3846
3847 /* bpo-37428: newPySSLSocket() sets SSL_VERIFY_POST_HANDSHAKE flag for
3848 * server sockets and SSL_set_post_handshake_auth() for client. */
3849
3850 return 0;
3851 }
3852 #endif
3853
3854 static PyObject *
get_protocol(PySSLContext * self,void * c)3855 get_protocol(PySSLContext *self, void *c) {
3856 return PyLong_FromLong(self->protocol);
3857 }
3858
3859 typedef struct {
3860 PyThreadState *thread_state;
3861 PyObject *callable;
3862 char *password;
3863 int size;
3864 int error;
3865 } _PySSLPasswordInfo;
3866
3867 static int
_pwinfo_set(_PySSLPasswordInfo * pw_info,PyObject * password,const char * bad_type_error)3868 _pwinfo_set(_PySSLPasswordInfo *pw_info, PyObject* password,
3869 const char *bad_type_error)
3870 {
3871 /* Set the password and size fields of a _PySSLPasswordInfo struct
3872 from a unicode, bytes, or byte array object.
3873 The password field will be dynamically allocated and must be freed
3874 by the caller */
3875 PyObject *password_bytes = NULL;
3876 const char *data = NULL;
3877 Py_ssize_t size;
3878
3879 if (PyUnicode_Check(password)) {
3880 password_bytes = PyUnicode_AsUTF8String(password);
3881 if (!password_bytes) {
3882 goto error;
3883 }
3884 data = PyBytes_AS_STRING(password_bytes);
3885 size = PyBytes_GET_SIZE(password_bytes);
3886 } else if (PyBytes_Check(password)) {
3887 data = PyBytes_AS_STRING(password);
3888 size = PyBytes_GET_SIZE(password);
3889 } else if (PyByteArray_Check(password)) {
3890 data = PyByteArray_AS_STRING(password);
3891 size = PyByteArray_GET_SIZE(password);
3892 } else {
3893 PyErr_SetString(PyExc_TypeError, bad_type_error);
3894 goto error;
3895 }
3896
3897 if (size > (Py_ssize_t)INT_MAX) {
3898 PyErr_Format(PyExc_ValueError,
3899 "password cannot be longer than %d bytes", INT_MAX);
3900 goto error;
3901 }
3902
3903 PyMem_Free(pw_info->password);
3904 pw_info->password = PyMem_Malloc(size);
3905 if (!pw_info->password) {
3906 PyErr_SetString(PyExc_MemoryError,
3907 "unable to allocate password buffer");
3908 goto error;
3909 }
3910 memcpy(pw_info->password, data, size);
3911 pw_info->size = (int)size;
3912
3913 Py_XDECREF(password_bytes);
3914 return 1;
3915
3916 error:
3917 Py_XDECREF(password_bytes);
3918 return 0;
3919 }
3920
3921 static int
_password_callback(char * buf,int size,int rwflag,void * userdata)3922 _password_callback(char *buf, int size, int rwflag, void *userdata)
3923 {
3924 _PySSLPasswordInfo *pw_info = (_PySSLPasswordInfo*) userdata;
3925 PyObject *fn_ret = NULL;
3926
3927 PySSL_END_ALLOW_THREADS_S(pw_info->thread_state);
3928
3929 if (pw_info->callable) {
3930 fn_ret = _PyObject_CallNoArg(pw_info->callable);
3931 if (!fn_ret) {
3932 /* TODO: It would be nice to move _ctypes_add_traceback() into the
3933 core python API, so we could use it to add a frame here */
3934 goto error;
3935 }
3936
3937 if (!_pwinfo_set(pw_info, fn_ret,
3938 "password callback must return a string")) {
3939 goto error;
3940 }
3941 Py_CLEAR(fn_ret);
3942 }
3943
3944 if (pw_info->size > size) {
3945 PyErr_Format(PyExc_ValueError,
3946 "password cannot be longer than %d bytes", size);
3947 goto error;
3948 }
3949
3950 PySSL_BEGIN_ALLOW_THREADS_S(pw_info->thread_state);
3951 memcpy(buf, pw_info->password, pw_info->size);
3952 return pw_info->size;
3953
3954 error:
3955 Py_XDECREF(fn_ret);
3956 PySSL_BEGIN_ALLOW_THREADS_S(pw_info->thread_state);
3957 pw_info->error = 1;
3958 return -1;
3959 }
3960
3961 /*[clinic input]
3962 _ssl._SSLContext.load_cert_chain
3963 certfile: object
3964 keyfile: object = None
3965 password: object = None
3966
3967 [clinic start generated code]*/
3968
3969 static PyObject *
_ssl__SSLContext_load_cert_chain_impl(PySSLContext * self,PyObject * certfile,PyObject * keyfile,PyObject * password)3970 _ssl__SSLContext_load_cert_chain_impl(PySSLContext *self, PyObject *certfile,
3971 PyObject *keyfile, PyObject *password)
3972 /*[clinic end generated code: output=9480bc1c380e2095 input=30bc7e967ea01a58]*/
3973 {
3974 PyObject *certfile_bytes = NULL, *keyfile_bytes = NULL;
3975 pem_password_cb *orig_passwd_cb = SSL_CTX_get_default_passwd_cb(self->ctx);
3976 void *orig_passwd_userdata = SSL_CTX_get_default_passwd_cb_userdata(self->ctx);
3977 _PySSLPasswordInfo pw_info = { NULL, NULL, NULL, 0, 0 };
3978 int r;
3979
3980 errno = 0;
3981 ERR_clear_error();
3982 if (keyfile == Py_None)
3983 keyfile = NULL;
3984 if (!PyUnicode_FSConverter(certfile, &certfile_bytes)) {
3985 if (PyErr_ExceptionMatches(PyExc_TypeError)) {
3986 PyErr_SetString(PyExc_TypeError,
3987 "certfile should be a valid filesystem path");
3988 }
3989 return NULL;
3990 }
3991 if (keyfile && !PyUnicode_FSConverter(keyfile, &keyfile_bytes)) {
3992 if (PyErr_ExceptionMatches(PyExc_TypeError)) {
3993 PyErr_SetString(PyExc_TypeError,
3994 "keyfile should be a valid filesystem path");
3995 }
3996 goto error;
3997 }
3998 if (password != Py_None) {
3999 if (PyCallable_Check(password)) {
4000 pw_info.callable = password;
4001 } else if (!_pwinfo_set(&pw_info, password,
4002 "password should be a string or callable")) {
4003 goto error;
4004 }
4005 SSL_CTX_set_default_passwd_cb(self->ctx, _password_callback);
4006 SSL_CTX_set_default_passwd_cb_userdata(self->ctx, &pw_info);
4007 }
4008 PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
4009 r = SSL_CTX_use_certificate_chain_file(self->ctx,
4010 PyBytes_AS_STRING(certfile_bytes));
4011 PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
4012 if (r != 1) {
4013 if (pw_info.error) {
4014 ERR_clear_error();
4015 /* the password callback has already set the error information */
4016 }
4017 else if (errno != 0) {
4018 ERR_clear_error();
4019 PyErr_SetFromErrno(PyExc_OSError);
4020 }
4021 else {
4022 _setSSLError(NULL, 0, __FILE__, __LINE__);
4023 }
4024 goto error;
4025 }
4026 PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
4027 r = SSL_CTX_use_PrivateKey_file(self->ctx,
4028 PyBytes_AS_STRING(keyfile ? keyfile_bytes : certfile_bytes),
4029 SSL_FILETYPE_PEM);
4030 PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
4031 Py_CLEAR(keyfile_bytes);
4032 Py_CLEAR(certfile_bytes);
4033 if (r != 1) {
4034 if (pw_info.error) {
4035 ERR_clear_error();
4036 /* the password callback has already set the error information */
4037 }
4038 else if (errno != 0) {
4039 ERR_clear_error();
4040 PyErr_SetFromErrno(PyExc_OSError);
4041 }
4042 else {
4043 _setSSLError(NULL, 0, __FILE__, __LINE__);
4044 }
4045 goto error;
4046 }
4047 PySSL_BEGIN_ALLOW_THREADS_S(pw_info.thread_state);
4048 r = SSL_CTX_check_private_key(self->ctx);
4049 PySSL_END_ALLOW_THREADS_S(pw_info.thread_state);
4050 if (r != 1) {
4051 _setSSLError(NULL, 0, __FILE__, __LINE__);
4052 goto error;
4053 }
4054 SSL_CTX_set_default_passwd_cb(self->ctx, orig_passwd_cb);
4055 SSL_CTX_set_default_passwd_cb_userdata(self->ctx, orig_passwd_userdata);
4056 PyMem_Free(pw_info.password);
4057 Py_RETURN_NONE;
4058
4059 error:
4060 SSL_CTX_set_default_passwd_cb(self->ctx, orig_passwd_cb);
4061 SSL_CTX_set_default_passwd_cb_userdata(self->ctx, orig_passwd_userdata);
4062 PyMem_Free(pw_info.password);
4063 Py_XDECREF(keyfile_bytes);
4064 Py_XDECREF(certfile_bytes);
4065 return NULL;
4066 }
4067
4068 /* internal helper function, returns -1 on error
4069 */
4070 static int
_add_ca_certs(PySSLContext * self,void * data,Py_ssize_t len,int filetype)4071 _add_ca_certs(PySSLContext *self, void *data, Py_ssize_t len,
4072 int filetype)
4073 {
4074 BIO *biobuf = NULL;
4075 X509_STORE *store;
4076 int retval = 0, err, loaded = 0;
4077
4078 assert(filetype == SSL_FILETYPE_ASN1 || filetype == SSL_FILETYPE_PEM);
4079
4080 if (len <= 0) {
4081 PyErr_SetString(PyExc_ValueError,
4082 "Empty certificate data");
4083 return -1;
4084 } else if (len > INT_MAX) {
4085 PyErr_SetString(PyExc_OverflowError,
4086 "Certificate data is too long.");
4087 return -1;
4088 }
4089
4090 biobuf = BIO_new_mem_buf(data, (int)len);
4091 if (biobuf == NULL) {
4092 _setSSLError("Can't allocate buffer", 0, __FILE__, __LINE__);
4093 return -1;
4094 }
4095
4096 store = SSL_CTX_get_cert_store(self->ctx);
4097 assert(store != NULL);
4098
4099 while (1) {
4100 X509 *cert = NULL;
4101 int r;
4102
4103 if (filetype == SSL_FILETYPE_ASN1) {
4104 cert = d2i_X509_bio(biobuf, NULL);
4105 } else {
4106 cert = PEM_read_bio_X509(biobuf, NULL,
4107 SSL_CTX_get_default_passwd_cb(self->ctx),
4108 SSL_CTX_get_default_passwd_cb_userdata(self->ctx)
4109 );
4110 }
4111 if (cert == NULL) {
4112 break;
4113 }
4114 r = X509_STORE_add_cert(store, cert);
4115 X509_free(cert);
4116 if (!r) {
4117 err = ERR_peek_last_error();
4118 if ((ERR_GET_LIB(err) == ERR_LIB_X509) &&
4119 (ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
4120 /* cert already in hash table, not an error */
4121 ERR_clear_error();
4122 } else {
4123 break;
4124 }
4125 }
4126 loaded++;
4127 }
4128
4129 err = ERR_peek_last_error();
4130 if ((filetype == SSL_FILETYPE_ASN1) &&
4131 (loaded > 0) &&
4132 (ERR_GET_LIB(err) == ERR_LIB_ASN1) &&
4133 (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG)) {
4134 /* EOF ASN1 file, not an error */
4135 ERR_clear_error();
4136 retval = 0;
4137 } else if ((filetype == SSL_FILETYPE_PEM) &&
4138 (loaded > 0) &&
4139 (ERR_GET_LIB(err) == ERR_LIB_PEM) &&
4140 (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
4141 /* EOF PEM file, not an error */
4142 ERR_clear_error();
4143 retval = 0;
4144 } else {
4145 _setSSLError(NULL, 0, __FILE__, __LINE__);
4146 retval = -1;
4147 }
4148
4149 BIO_free(biobuf);
4150 return retval;
4151 }
4152
4153
4154 /*[clinic input]
4155 _ssl._SSLContext.load_verify_locations
4156 cafile: object = None
4157 capath: object = None
4158 cadata: object = None
4159
4160 [clinic start generated code]*/
4161
4162 static PyObject *
_ssl__SSLContext_load_verify_locations_impl(PySSLContext * self,PyObject * cafile,PyObject * capath,PyObject * cadata)4163 _ssl__SSLContext_load_verify_locations_impl(PySSLContext *self,
4164 PyObject *cafile,
4165 PyObject *capath,
4166 PyObject *cadata)
4167 /*[clinic end generated code: output=454c7e41230ca551 input=42ecfe258233e194]*/
4168 {
4169 PyObject *cafile_bytes = NULL, *capath_bytes = NULL;
4170 const char *cafile_buf = NULL, *capath_buf = NULL;
4171 int r = 0, ok = 1;
4172
4173 errno = 0;
4174 if (cafile == Py_None)
4175 cafile = NULL;
4176 if (capath == Py_None)
4177 capath = NULL;
4178 if (cadata == Py_None)
4179 cadata = NULL;
4180
4181 if (cafile == NULL && capath == NULL && cadata == NULL) {
4182 PyErr_SetString(PyExc_TypeError,
4183 "cafile, capath and cadata cannot be all omitted");
4184 goto error;
4185 }
4186 if (cafile && !PyUnicode_FSConverter(cafile, &cafile_bytes)) {
4187 if (PyErr_ExceptionMatches(PyExc_TypeError)) {
4188 PyErr_SetString(PyExc_TypeError,
4189 "cafile should be a valid filesystem path");
4190 }
4191 goto error;
4192 }
4193 if (capath && !PyUnicode_FSConverter(capath, &capath_bytes)) {
4194 if (PyErr_ExceptionMatches(PyExc_TypeError)) {
4195 PyErr_SetString(PyExc_TypeError,
4196 "capath should be a valid filesystem path");
4197 }
4198 goto error;
4199 }
4200
4201 /* validata cadata type and load cadata */
4202 if (cadata) {
4203 if (PyUnicode_Check(cadata)) {
4204 PyObject *cadata_ascii = PyUnicode_AsASCIIString(cadata);
4205 if (cadata_ascii == NULL) {
4206 if (PyErr_ExceptionMatches(PyExc_UnicodeEncodeError)) {
4207 goto invalid_cadata;
4208 }
4209 goto error;
4210 }
4211 r = _add_ca_certs(self,
4212 PyBytes_AS_STRING(cadata_ascii),
4213 PyBytes_GET_SIZE(cadata_ascii),
4214 SSL_FILETYPE_PEM);
4215 Py_DECREF(cadata_ascii);
4216 if (r == -1) {
4217 goto error;
4218 }
4219 }
4220 else if (PyObject_CheckBuffer(cadata)) {
4221 Py_buffer buf;
4222 if (PyObject_GetBuffer(cadata, &buf, PyBUF_SIMPLE)) {
4223 goto error;
4224 }
4225 if (!PyBuffer_IsContiguous(&buf, 'C') || buf.ndim > 1) {
4226 PyBuffer_Release(&buf);
4227 PyErr_SetString(PyExc_TypeError,
4228 "cadata should be a contiguous buffer with "
4229 "a single dimension");
4230 goto error;
4231 }
4232 r = _add_ca_certs(self, buf.buf, buf.len, SSL_FILETYPE_ASN1);
4233 PyBuffer_Release(&buf);
4234 if (r == -1) {
4235 goto error;
4236 }
4237 }
4238 else {
4239 invalid_cadata:
4240 PyErr_SetString(PyExc_TypeError,
4241 "cadata should be an ASCII string or a "
4242 "bytes-like object");
4243 goto error;
4244 }
4245 }
4246
4247 /* load cafile or capath */
4248 if (cafile || capath) {
4249 if (cafile)
4250 cafile_buf = PyBytes_AS_STRING(cafile_bytes);
4251 if (capath)
4252 capath_buf = PyBytes_AS_STRING(capath_bytes);
4253 PySSL_BEGIN_ALLOW_THREADS
4254 r = SSL_CTX_load_verify_locations(self->ctx, cafile_buf, capath_buf);
4255 PySSL_END_ALLOW_THREADS
4256 if (r != 1) {
4257 ok = 0;
4258 if (errno != 0) {
4259 ERR_clear_error();
4260 PyErr_SetFromErrno(PyExc_OSError);
4261 }
4262 else {
4263 _setSSLError(NULL, 0, __FILE__, __LINE__);
4264 }
4265 goto error;
4266 }
4267 }
4268 goto end;
4269
4270 error:
4271 ok = 0;
4272 end:
4273 Py_XDECREF(cafile_bytes);
4274 Py_XDECREF(capath_bytes);
4275 if (ok) {
4276 Py_RETURN_NONE;
4277 } else {
4278 return NULL;
4279 }
4280 }
4281
4282 /*[clinic input]
4283 _ssl._SSLContext.load_dh_params
4284 path as filepath: object
4285 /
4286
4287 [clinic start generated code]*/
4288
4289 static PyObject *
_ssl__SSLContext_load_dh_params(PySSLContext * self,PyObject * filepath)4290 _ssl__SSLContext_load_dh_params(PySSLContext *self, PyObject *filepath)
4291 /*[clinic end generated code: output=1c8e57a38e055af0 input=c8871f3c796ae1d6]*/
4292 {
4293 FILE *f;
4294 DH *dh;
4295
4296 f = _Py_fopen_obj(filepath, "rb");
4297 if (f == NULL)
4298 return NULL;
4299
4300 errno = 0;
4301 PySSL_BEGIN_ALLOW_THREADS
4302 dh = PEM_read_DHparams(f, NULL, NULL, NULL);
4303 fclose(f);
4304 PySSL_END_ALLOW_THREADS
4305 if (dh == NULL) {
4306 if (errno != 0) {
4307 ERR_clear_error();
4308 PyErr_SetFromErrnoWithFilenameObject(PyExc_OSError, filepath);
4309 }
4310 else {
4311 _setSSLError(NULL, 0, __FILE__, __LINE__);
4312 }
4313 return NULL;
4314 }
4315 if (!SSL_CTX_set_tmp_dh(self->ctx, dh)) {
4316 DH_free(dh);
4317 return _setSSLError(NULL, 0, __FILE__, __LINE__);
4318 }
4319 DH_free(dh);
4320 Py_RETURN_NONE;
4321 }
4322
4323 /*[clinic input]
4324 _ssl._SSLContext._wrap_socket
4325 sock: object(subclass_of="PySocketModule.Sock_Type")
4326 server_side: int
4327 server_hostname as hostname_obj: object = None
4328 *
4329 owner: object = None
4330 session: object = None
4331
4332 [clinic start generated code]*/
4333
4334 static PyObject *
_ssl__SSLContext__wrap_socket_impl(PySSLContext * self,PyObject * sock,int server_side,PyObject * hostname_obj,PyObject * owner,PyObject * session)4335 _ssl__SSLContext__wrap_socket_impl(PySSLContext *self, PyObject *sock,
4336 int server_side, PyObject *hostname_obj,
4337 PyObject *owner, PyObject *session)
4338 /*[clinic end generated code: output=f103f238633940b4 input=957d5006183d1894]*/
4339 {
4340 char *hostname = NULL;
4341 PyObject *res;
4342
4343 /* server_hostname is either None (or absent), or to be encoded
4344 as IDN A-label (ASCII str) without NULL bytes. */
4345 if (hostname_obj != Py_None) {
4346 if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
4347 return NULL;
4348 }
4349
4350 res = (PyObject *) newPySSLSocket(self, (PySocketSockObject *)sock,
4351 server_side, hostname,
4352 owner, session,
4353 NULL, NULL);
4354 if (hostname != NULL)
4355 PyMem_Free(hostname);
4356 return res;
4357 }
4358
4359 /*[clinic input]
4360 _ssl._SSLContext._wrap_bio
4361 incoming: object(subclass_of="&PySSLMemoryBIO_Type", type="PySSLMemoryBIO *")
4362 outgoing: object(subclass_of="&PySSLMemoryBIO_Type", type="PySSLMemoryBIO *")
4363 server_side: int
4364 server_hostname as hostname_obj: object = None
4365 *
4366 owner: object = None
4367 session: object = None
4368
4369 [clinic start generated code]*/
4370
4371 static PyObject *
_ssl__SSLContext__wrap_bio_impl(PySSLContext * self,PySSLMemoryBIO * incoming,PySSLMemoryBIO * outgoing,int server_side,PyObject * hostname_obj,PyObject * owner,PyObject * session)4372 _ssl__SSLContext__wrap_bio_impl(PySSLContext *self, PySSLMemoryBIO *incoming,
4373 PySSLMemoryBIO *outgoing, int server_side,
4374 PyObject *hostname_obj, PyObject *owner,
4375 PyObject *session)
4376 /*[clinic end generated code: output=5c5d6d9b41f99332 input=8cf22f4d586ac56a]*/
4377 {
4378 char *hostname = NULL;
4379 PyObject *res;
4380
4381 /* server_hostname is either None (or absent), or to be encoded
4382 as IDN A-label (ASCII str) without NULL bytes. */
4383 if (hostname_obj != Py_None) {
4384 if (!PyArg_Parse(hostname_obj, "es", "ascii", &hostname))
4385 return NULL;
4386 }
4387
4388 res = (PyObject *) newPySSLSocket(self, NULL, server_side, hostname,
4389 owner, session,
4390 incoming, outgoing);
4391
4392 PyMem_Free(hostname);
4393 return res;
4394 }
4395
4396 /*[clinic input]
4397 _ssl._SSLContext.session_stats
4398 [clinic start generated code]*/
4399
4400 static PyObject *
_ssl__SSLContext_session_stats_impl(PySSLContext * self)4401 _ssl__SSLContext_session_stats_impl(PySSLContext *self)
4402 /*[clinic end generated code: output=0d96411c42893bfb input=7e0a81fb11102c8b]*/
4403 {
4404 int r;
4405 PyObject *value, *stats = PyDict_New();
4406 if (!stats)
4407 return NULL;
4408
4409 #define ADD_STATS(SSL_NAME, KEY_NAME) \
4410 value = PyLong_FromLong(SSL_CTX_sess_ ## SSL_NAME (self->ctx)); \
4411 if (value == NULL) \
4412 goto error; \
4413 r = PyDict_SetItemString(stats, KEY_NAME, value); \
4414 Py_DECREF(value); \
4415 if (r < 0) \
4416 goto error;
4417
4418 ADD_STATS(number, "number");
4419 ADD_STATS(connect, "connect");
4420 ADD_STATS(connect_good, "connect_good");
4421 ADD_STATS(connect_renegotiate, "connect_renegotiate");
4422 ADD_STATS(accept, "accept");
4423 ADD_STATS(accept_good, "accept_good");
4424 ADD_STATS(accept_renegotiate, "accept_renegotiate");
4425 ADD_STATS(accept, "accept");
4426 ADD_STATS(hits, "hits");
4427 ADD_STATS(misses, "misses");
4428 ADD_STATS(timeouts, "timeouts");
4429 ADD_STATS(cache_full, "cache_full");
4430
4431 #undef ADD_STATS
4432
4433 return stats;
4434
4435 error:
4436 Py_DECREF(stats);
4437 return NULL;
4438 }
4439
4440 /*[clinic input]
4441 _ssl._SSLContext.set_default_verify_paths
4442 [clinic start generated code]*/
4443
4444 static PyObject *
_ssl__SSLContext_set_default_verify_paths_impl(PySSLContext * self)4445 _ssl__SSLContext_set_default_verify_paths_impl(PySSLContext *self)
4446 /*[clinic end generated code: output=0bee74e6e09deaaa input=35f3408021463d74]*/
4447 {
4448 if (!SSL_CTX_set_default_verify_paths(self->ctx)) {
4449 _setSSLError(NULL, 0, __FILE__, __LINE__);
4450 return NULL;
4451 }
4452 Py_RETURN_NONE;
4453 }
4454
4455 #ifndef OPENSSL_NO_ECDH
4456 /*[clinic input]
4457 _ssl._SSLContext.set_ecdh_curve
4458 name: object
4459 /
4460
4461 [clinic start generated code]*/
4462
4463 static PyObject *
_ssl__SSLContext_set_ecdh_curve(PySSLContext * self,PyObject * name)4464 _ssl__SSLContext_set_ecdh_curve(PySSLContext *self, PyObject *name)
4465 /*[clinic end generated code: output=23022c196e40d7d2 input=c2bafb6f6e34726b]*/
4466 {
4467 PyObject *name_bytes;
4468 int nid;
4469 EC_KEY *key;
4470
4471 if (!PyUnicode_FSConverter(name, &name_bytes))
4472 return NULL;
4473 assert(PyBytes_Check(name_bytes));
4474 nid = OBJ_sn2nid(PyBytes_AS_STRING(name_bytes));
4475 Py_DECREF(name_bytes);
4476 if (nid == 0) {
4477 PyErr_Format(PyExc_ValueError,
4478 "unknown elliptic curve name %R", name);
4479 return NULL;
4480 }
4481 key = EC_KEY_new_by_curve_name(nid);
4482 if (key == NULL) {
4483 _setSSLError(NULL, 0, __FILE__, __LINE__);
4484 return NULL;
4485 }
4486 SSL_CTX_set_tmp_ecdh(self->ctx, key);
4487 EC_KEY_free(key);
4488 Py_RETURN_NONE;
4489 }
4490 #endif
4491
4492 #if HAVE_SNI && !defined(OPENSSL_NO_TLSEXT)
4493 static int
_servername_callback(SSL * s,int * al,void * args)4494 _servername_callback(SSL *s, int *al, void *args)
4495 {
4496 int ret;
4497 PySSLContext *ssl_ctx = (PySSLContext *) args;
4498 PySSLSocket *ssl;
4499 PyObject *result;
4500 /* The high-level ssl.SSLSocket object */
4501 PyObject *ssl_socket;
4502 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
4503 PyGILState_STATE gstate = PyGILState_Ensure();
4504
4505 if (ssl_ctx->set_sni_cb == NULL) {
4506 /* remove race condition in this the call back while if removing the
4507 * callback is in progress */
4508 PyGILState_Release(gstate);
4509 return SSL_TLSEXT_ERR_OK;
4510 }
4511
4512 ssl = SSL_get_app_data(s);
4513 assert(PySSLSocket_Check(ssl));
4514
4515 /* The servername callback expects an argument that represents the current
4516 * SSL connection and that has a .context attribute that can be changed to
4517 * identify the requested hostname. Since the official API is the Python
4518 * level API we want to pass the callback a Python level object rather than
4519 * a _ssl.SSLSocket instance. If there's an "owner" (typically an
4520 * SSLObject) that will be passed. Otherwise if there's a socket then that
4521 * will be passed. If both do not exist only then the C-level object is
4522 * passed. */
4523 if (ssl->owner)
4524 ssl_socket = PyWeakref_GetObject(ssl->owner);
4525 else if (ssl->Socket)
4526 ssl_socket = PyWeakref_GetObject(ssl->Socket);
4527 else
4528 ssl_socket = (PyObject *) ssl;
4529
4530 Py_INCREF(ssl_socket);
4531 if (ssl_socket == Py_None)
4532 goto error;
4533
4534 if (servername == NULL) {
4535 result = PyObject_CallFunctionObjArgs(ssl_ctx->set_sni_cb, ssl_socket,
4536 Py_None, ssl_ctx, NULL);
4537 }
4538 else {
4539 PyObject *servername_bytes;
4540 PyObject *servername_str;
4541
4542 servername_bytes = PyBytes_FromString(servername);
4543 if (servername_bytes == NULL) {
4544 PyErr_WriteUnraisable((PyObject *) ssl_ctx);
4545 goto error;
4546 }
4547 /* server_hostname was encoded to an A-label by our caller; put it
4548 * back into a str object, but still as an A-label (bpo-28414)
4549 */
4550 servername_str = PyUnicode_FromEncodedObject(servername_bytes, "ascii", NULL);
4551 if (servername_str == NULL) {
4552 PyErr_WriteUnraisable(servername_bytes);
4553 Py_DECREF(servername_bytes);
4554 goto error;
4555 }
4556 Py_DECREF(servername_bytes);
4557 result = PyObject_CallFunctionObjArgs(
4558 ssl_ctx->set_sni_cb, ssl_socket, servername_str,
4559 ssl_ctx, NULL);
4560 Py_DECREF(servername_str);
4561 }
4562 Py_DECREF(ssl_socket);
4563
4564 if (result == NULL) {
4565 PyErr_WriteUnraisable(ssl_ctx->set_sni_cb);
4566 *al = SSL_AD_HANDSHAKE_FAILURE;
4567 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
4568 }
4569 else {
4570 /* Result may be None, a SSLContext or an integer
4571 * None and SSLContext are OK, integer or other values are an error.
4572 */
4573 if (result == Py_None) {
4574 ret = SSL_TLSEXT_ERR_OK;
4575 } else {
4576 *al = (int) PyLong_AsLong(result);
4577 if (PyErr_Occurred()) {
4578 PyErr_WriteUnraisable(result);
4579 *al = SSL_AD_INTERNAL_ERROR;
4580 }
4581 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
4582 }
4583 Py_DECREF(result);
4584 }
4585
4586 PyGILState_Release(gstate);
4587 return ret;
4588
4589 error:
4590 Py_DECREF(ssl_socket);
4591 *al = SSL_AD_INTERNAL_ERROR;
4592 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
4593 PyGILState_Release(gstate);
4594 return ret;
4595 }
4596 #endif
4597
4598 static PyObject *
get_sni_callback(PySSLContext * self,void * c)4599 get_sni_callback(PySSLContext *self, void *c)
4600 {
4601 PyObject *cb = self->set_sni_cb;
4602 if (cb == NULL) {
4603 Py_RETURN_NONE;
4604 }
4605 Py_INCREF(cb);
4606 return cb;
4607 }
4608
4609 static int
set_sni_callback(PySSLContext * self,PyObject * arg,void * c)4610 set_sni_callback(PySSLContext *self, PyObject *arg, void *c)
4611 {
4612 if (self->protocol == PY_SSL_VERSION_TLS_CLIENT) {
4613 PyErr_SetString(PyExc_ValueError,
4614 "sni_callback cannot be set on TLS_CLIENT context");
4615 return -1;
4616 }
4617 #if HAVE_SNI && !defined(OPENSSL_NO_TLSEXT)
4618 Py_CLEAR(self->set_sni_cb);
4619 if (arg == Py_None) {
4620 SSL_CTX_set_tlsext_servername_callback(self->ctx, NULL);
4621 }
4622 else {
4623 if (!PyCallable_Check(arg)) {
4624 SSL_CTX_set_tlsext_servername_callback(self->ctx, NULL);
4625 PyErr_SetString(PyExc_TypeError,
4626 "not a callable object");
4627 return -1;
4628 }
4629 Py_INCREF(arg);
4630 self->set_sni_cb = arg;
4631 SSL_CTX_set_tlsext_servername_callback(self->ctx, _servername_callback);
4632 SSL_CTX_set_tlsext_servername_arg(self->ctx, self);
4633 }
4634 return 0;
4635 #else
4636 PyErr_SetString(PyExc_NotImplementedError,
4637 "The TLS extension servername callback, "
4638 "SSL_CTX_set_tlsext_servername_callback, "
4639 "is not in the current OpenSSL library.");
4640 return -1;
4641 #endif
4642 }
4643
4644 PyDoc_STRVAR(PySSLContext_sni_callback_doc,
4645 "Set a callback that will be called when a server name is provided by the SSL/TLS client in the SNI extension.\n\
4646 \n\
4647 If the argument is None then the callback is disabled. The method is called\n\
4648 with the SSLSocket, the server name as a string, and the SSLContext object.\n\
4649 See RFC 6066 for details of the SNI extension.");
4650
4651 /*[clinic input]
4652 _ssl._SSLContext.cert_store_stats
4653
4654 Returns quantities of loaded X.509 certificates.
4655
4656 X.509 certificates with a CA extension and certificate revocation lists
4657 inside the context's cert store.
4658
4659 NOTE: Certificates in a capath directory aren't loaded unless they have
4660 been used at least once.
4661 [clinic start generated code]*/
4662
4663 static PyObject *
_ssl__SSLContext_cert_store_stats_impl(PySSLContext * self)4664 _ssl__SSLContext_cert_store_stats_impl(PySSLContext *self)
4665 /*[clinic end generated code: output=5f356f4d9cca874d input=eb40dd0f6d0e40cf]*/
4666 {
4667 X509_STORE *store;
4668 STACK_OF(X509_OBJECT) *objs;
4669 X509_OBJECT *obj;
4670 int x509 = 0, crl = 0, ca = 0, i;
4671
4672 store = SSL_CTX_get_cert_store(self->ctx);
4673 objs = X509_STORE_get0_objects(store);
4674 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
4675 obj = sk_X509_OBJECT_value(objs, i);
4676 switch (X509_OBJECT_get_type(obj)) {
4677 case X509_LU_X509:
4678 x509++;
4679 if (X509_check_ca(X509_OBJECT_get0_X509(obj))) {
4680 ca++;
4681 }
4682 break;
4683 case X509_LU_CRL:
4684 crl++;
4685 break;
4686 default:
4687 /* Ignore X509_LU_FAIL, X509_LU_RETRY, X509_LU_PKEY.
4688 * As far as I can tell they are internal states and never
4689 * stored in a cert store */
4690 break;
4691 }
4692 }
4693 return Py_BuildValue("{sisisi}", "x509", x509, "crl", crl,
4694 "x509_ca", ca);
4695 }
4696
4697 /*[clinic input]
4698 _ssl._SSLContext.get_ca_certs
4699 binary_form: bool = False
4700
4701 Returns a list of dicts with information of loaded CA certs.
4702
4703 If the optional argument is True, returns a DER-encoded copy of the CA
4704 certificate.
4705
4706 NOTE: Certificates in a capath directory aren't loaded unless they have
4707 been used at least once.
4708 [clinic start generated code]*/
4709
4710 static PyObject *
_ssl__SSLContext_get_ca_certs_impl(PySSLContext * self,int binary_form)4711 _ssl__SSLContext_get_ca_certs_impl(PySSLContext *self, int binary_form)
4712 /*[clinic end generated code: output=0d58f148f37e2938 input=6887b5a09b7f9076]*/
4713 {
4714 X509_STORE *store;
4715 STACK_OF(X509_OBJECT) *objs;
4716 PyObject *ci = NULL, *rlist = NULL;
4717 int i;
4718
4719 if ((rlist = PyList_New(0)) == NULL) {
4720 return NULL;
4721 }
4722
4723 store = SSL_CTX_get_cert_store(self->ctx);
4724 objs = X509_STORE_get0_objects(store);
4725 for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
4726 X509_OBJECT *obj;
4727 X509 *cert;
4728
4729 obj = sk_X509_OBJECT_value(objs, i);
4730 if (X509_OBJECT_get_type(obj) != X509_LU_X509) {
4731 /* not a x509 cert */
4732 continue;
4733 }
4734 /* CA for any purpose */
4735 cert = X509_OBJECT_get0_X509(obj);
4736 if (!X509_check_ca(cert)) {
4737 continue;
4738 }
4739 if (binary_form) {
4740 ci = _certificate_to_der(cert);
4741 } else {
4742 ci = _decode_certificate(cert);
4743 }
4744 if (ci == NULL) {
4745 goto error;
4746 }
4747 if (PyList_Append(rlist, ci) == -1) {
4748 goto error;
4749 }
4750 Py_CLEAR(ci);
4751 }
4752 return rlist;
4753
4754 error:
4755 Py_XDECREF(ci);
4756 Py_XDECREF(rlist);
4757 return NULL;
4758 }
4759
4760
4761 static PyGetSetDef context_getsetlist[] = {
4762 {"check_hostname", (getter) get_check_hostname,
4763 (setter) set_check_hostname, NULL},
4764 {"_host_flags", (getter) get_host_flags,
4765 (setter) set_host_flags, NULL},
4766 #if SSL_CTRL_GET_MAX_PROTO_VERSION
4767 {"minimum_version", (getter) get_minimum_version,
4768 (setter) set_minimum_version, NULL},
4769 {"maximum_version", (getter) get_maximum_version,
4770 (setter) set_maximum_version, NULL},
4771 #endif
4772 #ifdef HAVE_OPENSSL_KEYLOG
4773 {"keylog_filename", (getter) _PySSLContext_get_keylog_filename,
4774 (setter) _PySSLContext_set_keylog_filename, NULL},
4775 #endif
4776 {"_msg_callback", (getter) _PySSLContext_get_msg_callback,
4777 (setter) _PySSLContext_set_msg_callback, NULL},
4778 {"sni_callback", (getter) get_sni_callback,
4779 (setter) set_sni_callback, PySSLContext_sni_callback_doc},
4780 #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
4781 {"num_tickets", (getter) get_num_tickets,
4782 (setter) set_num_tickets, PySSLContext_num_tickets_doc},
4783 #endif
4784 {"options", (getter) get_options,
4785 (setter) set_options, NULL},
4786 {"post_handshake_auth", (getter) get_post_handshake_auth,
4787 #ifdef TLS1_3_VERSION
4788 (setter) set_post_handshake_auth,
4789 #else
4790 NULL,
4791 #endif
4792 NULL},
4793 {"protocol", (getter) get_protocol,
4794 NULL, NULL},
4795 {"verify_flags", (getter) get_verify_flags,
4796 (setter) set_verify_flags, NULL},
4797 {"verify_mode", (getter) get_verify_mode,
4798 (setter) set_verify_mode, NULL},
4799 {NULL}, /* sentinel */
4800 };
4801
4802 static struct PyMethodDef context_methods[] = {
4803 _SSL__SSLCONTEXT__WRAP_SOCKET_METHODDEF
4804 _SSL__SSLCONTEXT__WRAP_BIO_METHODDEF
4805 _SSL__SSLCONTEXT_SET_CIPHERS_METHODDEF
4806 _SSL__SSLCONTEXT__SET_ALPN_PROTOCOLS_METHODDEF
4807 _SSL__SSLCONTEXT__SET_NPN_PROTOCOLS_METHODDEF
4808 _SSL__SSLCONTEXT_LOAD_CERT_CHAIN_METHODDEF
4809 _SSL__SSLCONTEXT_LOAD_DH_PARAMS_METHODDEF
4810 _SSL__SSLCONTEXT_LOAD_VERIFY_LOCATIONS_METHODDEF
4811 _SSL__SSLCONTEXT_SESSION_STATS_METHODDEF
4812 _SSL__SSLCONTEXT_SET_DEFAULT_VERIFY_PATHS_METHODDEF
4813 _SSL__SSLCONTEXT_SET_ECDH_CURVE_METHODDEF
4814 _SSL__SSLCONTEXT_CERT_STORE_STATS_METHODDEF
4815 _SSL__SSLCONTEXT_GET_CA_CERTS_METHODDEF
4816 _SSL__SSLCONTEXT_GET_CIPHERS_METHODDEF
4817 {NULL, NULL} /* sentinel */
4818 };
4819
4820 static PyTypeObject PySSLContext_Type = {
4821 PyVarObject_HEAD_INIT(NULL, 0)
4822 "_ssl._SSLContext", /*tp_name*/
4823 sizeof(PySSLContext), /*tp_basicsize*/
4824 0, /*tp_itemsize*/
4825 (destructor)context_dealloc, /*tp_dealloc*/
4826 0, /*tp_vectorcall_offset*/
4827 0, /*tp_getattr*/
4828 0, /*tp_setattr*/
4829 0, /*tp_as_async*/
4830 0, /*tp_repr*/
4831 0, /*tp_as_number*/
4832 0, /*tp_as_sequence*/
4833 0, /*tp_as_mapping*/
4834 0, /*tp_hash*/
4835 0, /*tp_call*/
4836 0, /*tp_str*/
4837 0, /*tp_getattro*/
4838 0, /*tp_setattro*/
4839 0, /*tp_as_buffer*/
4840 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC, /*tp_flags*/
4841 0, /*tp_doc*/
4842 (traverseproc) context_traverse, /*tp_traverse*/
4843 (inquiry) context_clear, /*tp_clear*/
4844 0, /*tp_richcompare*/
4845 0, /*tp_weaklistoffset*/
4846 0, /*tp_iter*/
4847 0, /*tp_iternext*/
4848 context_methods, /*tp_methods*/
4849 0, /*tp_members*/
4850 context_getsetlist, /*tp_getset*/
4851 0, /*tp_base*/
4852 0, /*tp_dict*/
4853 0, /*tp_descr_get*/
4854 0, /*tp_descr_set*/
4855 0, /*tp_dictoffset*/
4856 0, /*tp_init*/
4857 0, /*tp_alloc*/
4858 _ssl__SSLContext, /*tp_new*/
4859 };
4860
4861
4862 /*
4863 * MemoryBIO objects
4864 */
4865
4866 /*[clinic input]
4867 @classmethod
4868 _ssl.MemoryBIO.__new__
4869
4870 [clinic start generated code]*/
4871
4872 static PyObject *
_ssl_MemoryBIO_impl(PyTypeObject * type)4873 _ssl_MemoryBIO_impl(PyTypeObject *type)
4874 /*[clinic end generated code: output=8820a58db78330ac input=26d22e4909ecb1b5]*/
4875 {
4876 BIO *bio;
4877 PySSLMemoryBIO *self;
4878
4879 bio = BIO_new(BIO_s_mem());
4880 if (bio == NULL) {
4881 PyErr_SetString(PySSLErrorObject,
4882 "failed to allocate BIO");
4883 return NULL;
4884 }
4885 /* Since our BIO is non-blocking an empty read() does not indicate EOF,
4886 * just that no data is currently available. The SSL routines should retry
4887 * the read, which we can achieve by calling BIO_set_retry_read(). */
4888 BIO_set_retry_read(bio);
4889 BIO_set_mem_eof_return(bio, -1);
4890
4891 assert(type != NULL && type->tp_alloc != NULL);
4892 self = (PySSLMemoryBIO *) type->tp_alloc(type, 0);
4893 if (self == NULL) {
4894 BIO_free(bio);
4895 return NULL;
4896 }
4897 self->bio = bio;
4898 self->eof_written = 0;
4899
4900 return (PyObject *) self;
4901 }
4902
4903 static void
memory_bio_dealloc(PySSLMemoryBIO * self)4904 memory_bio_dealloc(PySSLMemoryBIO *self)
4905 {
4906 BIO_free(self->bio);
4907 Py_TYPE(self)->tp_free(self);
4908 }
4909
4910 static PyObject *
memory_bio_get_pending(PySSLMemoryBIO * self,void * c)4911 memory_bio_get_pending(PySSLMemoryBIO *self, void *c)
4912 {
4913 return PyLong_FromSize_t(BIO_ctrl_pending(self->bio));
4914 }
4915
4916 PyDoc_STRVAR(PySSL_memory_bio_pending_doc,
4917 "The number of bytes pending in the memory BIO.");
4918
4919 static PyObject *
memory_bio_get_eof(PySSLMemoryBIO * self,void * c)4920 memory_bio_get_eof(PySSLMemoryBIO *self, void *c)
4921 {
4922 return PyBool_FromLong((BIO_ctrl_pending(self->bio) == 0)
4923 && self->eof_written);
4924 }
4925
4926 PyDoc_STRVAR(PySSL_memory_bio_eof_doc,
4927 "Whether the memory BIO is at EOF.");
4928
4929 /*[clinic input]
4930 _ssl.MemoryBIO.read
4931 size as len: int = -1
4932 /
4933
4934 Read up to size bytes from the memory BIO.
4935
4936 If size is not specified, read the entire buffer.
4937 If the return value is an empty bytes instance, this means either
4938 EOF or that no data is available. Use the "eof" property to
4939 distinguish between the two.
4940 [clinic start generated code]*/
4941
4942 static PyObject *
_ssl_MemoryBIO_read_impl(PySSLMemoryBIO * self,int len)4943 _ssl_MemoryBIO_read_impl(PySSLMemoryBIO *self, int len)
4944 /*[clinic end generated code: output=a657aa1e79cd01b3 input=574d7be06a902366]*/
4945 {
4946 int avail, nbytes;
4947 PyObject *result;
4948
4949 avail = (int)Py_MIN(BIO_ctrl_pending(self->bio), INT_MAX);
4950 if ((len < 0) || (len > avail))
4951 len = avail;
4952
4953 result = PyBytes_FromStringAndSize(NULL, len);
4954 if ((result == NULL) || (len == 0))
4955 return result;
4956
4957 nbytes = BIO_read(self->bio, PyBytes_AS_STRING(result), len);
4958 if (nbytes < 0) {
4959 Py_DECREF(result);
4960 _setSSLError(NULL, 0, __FILE__, __LINE__);
4961 return NULL;
4962 }
4963
4964 /* There should never be any short reads but check anyway. */
4965 if (nbytes < len) {
4966 _PyBytes_Resize(&result, nbytes);
4967 }
4968
4969 return result;
4970 }
4971
4972 /*[clinic input]
4973 _ssl.MemoryBIO.write
4974 b: Py_buffer
4975 /
4976
4977 Writes the bytes b into the memory BIO.
4978
4979 Returns the number of bytes written.
4980 [clinic start generated code]*/
4981
4982 static PyObject *
_ssl_MemoryBIO_write_impl(PySSLMemoryBIO * self,Py_buffer * b)4983 _ssl_MemoryBIO_write_impl(PySSLMemoryBIO *self, Py_buffer *b)
4984 /*[clinic end generated code: output=156ec59110d75935 input=e45757b3e17c4808]*/
4985 {
4986 int nbytes;
4987
4988 if (b->len > INT_MAX) {
4989 PyErr_Format(PyExc_OverflowError,
4990 "string longer than %d bytes", INT_MAX);
4991 return NULL;
4992 }
4993
4994 if (self->eof_written) {
4995 PyErr_SetString(PySSLErrorObject,
4996 "cannot write() after write_eof()");
4997 return NULL;
4998 }
4999
5000 nbytes = BIO_write(self->bio, b->buf, (int)b->len);
5001 if (nbytes < 0) {
5002 _setSSLError(NULL, 0, __FILE__, __LINE__);
5003 return NULL;
5004 }
5005
5006 return PyLong_FromLong(nbytes);
5007 }
5008
5009 /*[clinic input]
5010 _ssl.MemoryBIO.write_eof
5011
5012 Write an EOF marker to the memory BIO.
5013
5014 When all data has been read, the "eof" property will be True.
5015 [clinic start generated code]*/
5016
5017 static PyObject *
_ssl_MemoryBIO_write_eof_impl(PySSLMemoryBIO * self)5018 _ssl_MemoryBIO_write_eof_impl(PySSLMemoryBIO *self)
5019 /*[clinic end generated code: output=d4106276ccd1ed34 input=56a945f1d29e8bd6]*/
5020 {
5021 self->eof_written = 1;
5022 /* After an EOF is written, a zero return from read() should be a real EOF
5023 * i.e. it should not be retried. Clear the SHOULD_RETRY flag. */
5024 BIO_clear_retry_flags(self->bio);
5025 BIO_set_mem_eof_return(self->bio, 0);
5026
5027 Py_RETURN_NONE;
5028 }
5029
5030 static PyGetSetDef memory_bio_getsetlist[] = {
5031 {"pending", (getter) memory_bio_get_pending, NULL,
5032 PySSL_memory_bio_pending_doc},
5033 {"eof", (getter) memory_bio_get_eof, NULL,
5034 PySSL_memory_bio_eof_doc},
5035 {NULL}, /* sentinel */
5036 };
5037
5038 static struct PyMethodDef memory_bio_methods[] = {
5039 _SSL_MEMORYBIO_READ_METHODDEF
5040 _SSL_MEMORYBIO_WRITE_METHODDEF
5041 _SSL_MEMORYBIO_WRITE_EOF_METHODDEF
5042 {NULL, NULL} /* sentinel */
5043 };
5044
5045 static PyTypeObject PySSLMemoryBIO_Type = {
5046 PyVarObject_HEAD_INIT(NULL, 0)
5047 "_ssl.MemoryBIO", /*tp_name*/
5048 sizeof(PySSLMemoryBIO), /*tp_basicsize*/
5049 0, /*tp_itemsize*/
5050 (destructor)memory_bio_dealloc, /*tp_dealloc*/
5051 0, /*tp_vectorcall_offset*/
5052 0, /*tp_getattr*/
5053 0, /*tp_setattr*/
5054 0, /*tp_as_async*/
5055 0, /*tp_repr*/
5056 0, /*tp_as_number*/
5057 0, /*tp_as_sequence*/
5058 0, /*tp_as_mapping*/
5059 0, /*tp_hash*/
5060 0, /*tp_call*/
5061 0, /*tp_str*/
5062 0, /*tp_getattro*/
5063 0, /*tp_setattro*/
5064 0, /*tp_as_buffer*/
5065 Py_TPFLAGS_DEFAULT, /*tp_flags*/
5066 0, /*tp_doc*/
5067 0, /*tp_traverse*/
5068 0, /*tp_clear*/
5069 0, /*tp_richcompare*/
5070 0, /*tp_weaklistoffset*/
5071 0, /*tp_iter*/
5072 0, /*tp_iternext*/
5073 memory_bio_methods, /*tp_methods*/
5074 0, /*tp_members*/
5075 memory_bio_getsetlist, /*tp_getset*/
5076 0, /*tp_base*/
5077 0, /*tp_dict*/
5078 0, /*tp_descr_get*/
5079 0, /*tp_descr_set*/
5080 0, /*tp_dictoffset*/
5081 0, /*tp_init*/
5082 0, /*tp_alloc*/
5083 _ssl_MemoryBIO, /*tp_new*/
5084 };
5085
5086
5087 /*
5088 * SSL Session object
5089 */
5090
5091 static void
PySSLSession_dealloc(PySSLSession * self)5092 PySSLSession_dealloc(PySSLSession *self)
5093 {
5094 /* bpo-31095: UnTrack is needed before calling any callbacks */
5095 PyObject_GC_UnTrack(self);
5096 Py_XDECREF(self->ctx);
5097 if (self->session != NULL) {
5098 SSL_SESSION_free(self->session);
5099 }
5100 PyObject_GC_Del(self);
5101 }
5102
5103 static PyObject *
PySSLSession_richcompare(PyObject * left,PyObject * right,int op)5104 PySSLSession_richcompare(PyObject *left, PyObject *right, int op)
5105 {
5106 int result;
5107
5108 if (left == NULL || right == NULL) {
5109 PyErr_BadInternalCall();
5110 return NULL;
5111 }
5112
5113 if (!PySSLSession_Check(left) || !PySSLSession_Check(right)) {
5114 Py_RETURN_NOTIMPLEMENTED;
5115 }
5116
5117 if (left == right) {
5118 result = 0;
5119 } else {
5120 const unsigned char *left_id, *right_id;
5121 unsigned int left_len, right_len;
5122 left_id = SSL_SESSION_get_id(((PySSLSession *)left)->session,
5123 &left_len);
5124 right_id = SSL_SESSION_get_id(((PySSLSession *)right)->session,
5125 &right_len);
5126 if (left_len == right_len) {
5127 result = memcmp(left_id, right_id, left_len);
5128 } else {
5129 result = 1;
5130 }
5131 }
5132
5133 switch (op) {
5134 case Py_EQ:
5135 if (result == 0) {
5136 Py_RETURN_TRUE;
5137 } else {
5138 Py_RETURN_FALSE;
5139 }
5140 break;
5141 case Py_NE:
5142 if (result != 0) {
5143 Py_RETURN_TRUE;
5144 } else {
5145 Py_RETURN_FALSE;
5146 }
5147 break;
5148 case Py_LT:
5149 case Py_LE:
5150 case Py_GT:
5151 case Py_GE:
5152 Py_RETURN_NOTIMPLEMENTED;
5153 break;
5154 default:
5155 PyErr_BadArgument();
5156 return NULL;
5157 }
5158 }
5159
5160 static int
PySSLSession_traverse(PySSLSession * self,visitproc visit,void * arg)5161 PySSLSession_traverse(PySSLSession *self, visitproc visit, void *arg)
5162 {
5163 Py_VISIT(self->ctx);
5164 return 0;
5165 }
5166
5167 static int
PySSLSession_clear(PySSLSession * self)5168 PySSLSession_clear(PySSLSession *self)
5169 {
5170 Py_CLEAR(self->ctx);
5171 return 0;
5172 }
5173
5174
5175 static PyObject *
PySSLSession_get_time(PySSLSession * self,void * closure)5176 PySSLSession_get_time(PySSLSession *self, void *closure) {
5177 return PyLong_FromLong(SSL_SESSION_get_time(self->session));
5178 }
5179
5180 PyDoc_STRVAR(PySSLSession_get_time_doc,
5181 "Session creation time (seconds since epoch).");
5182
5183
5184 static PyObject *
PySSLSession_get_timeout(PySSLSession * self,void * closure)5185 PySSLSession_get_timeout(PySSLSession *self, void *closure) {
5186 return PyLong_FromLong(SSL_SESSION_get_timeout(self->session));
5187 }
5188
5189 PyDoc_STRVAR(PySSLSession_get_timeout_doc,
5190 "Session timeout (delta in seconds).");
5191
5192
5193 static PyObject *
PySSLSession_get_ticket_lifetime_hint(PySSLSession * self,void * closure)5194 PySSLSession_get_ticket_lifetime_hint(PySSLSession *self, void *closure) {
5195 unsigned long hint = SSL_SESSION_get_ticket_lifetime_hint(self->session);
5196 return PyLong_FromUnsignedLong(hint);
5197 }
5198
5199 PyDoc_STRVAR(PySSLSession_get_ticket_lifetime_hint_doc,
5200 "Ticket life time hint.");
5201
5202
5203 static PyObject *
PySSLSession_get_session_id(PySSLSession * self,void * closure)5204 PySSLSession_get_session_id(PySSLSession *self, void *closure) {
5205 const unsigned char *id;
5206 unsigned int len;
5207 id = SSL_SESSION_get_id(self->session, &len);
5208 return PyBytes_FromStringAndSize((const char *)id, len);
5209 }
5210
5211 PyDoc_STRVAR(PySSLSession_get_session_id_doc,
5212 "Session id");
5213
5214
5215 static PyObject *
PySSLSession_get_has_ticket(PySSLSession * self,void * closure)5216 PySSLSession_get_has_ticket(PySSLSession *self, void *closure) {
5217 if (SSL_SESSION_has_ticket(self->session)) {
5218 Py_RETURN_TRUE;
5219 } else {
5220 Py_RETURN_FALSE;
5221 }
5222 }
5223
5224 PyDoc_STRVAR(PySSLSession_get_has_ticket_doc,
5225 "Does the session contain a ticket?");
5226
5227
5228 static PyGetSetDef PySSLSession_getsetlist[] = {
5229 {"has_ticket", (getter) PySSLSession_get_has_ticket, NULL,
5230 PySSLSession_get_has_ticket_doc},
5231 {"id", (getter) PySSLSession_get_session_id, NULL,
5232 PySSLSession_get_session_id_doc},
5233 {"ticket_lifetime_hint", (getter) PySSLSession_get_ticket_lifetime_hint,
5234 NULL, PySSLSession_get_ticket_lifetime_hint_doc},
5235 {"time", (getter) PySSLSession_get_time, NULL,
5236 PySSLSession_get_time_doc},
5237 {"timeout", (getter) PySSLSession_get_timeout, NULL,
5238 PySSLSession_get_timeout_doc},
5239 {NULL}, /* sentinel */
5240 };
5241
5242 static PyTypeObject PySSLSession_Type = {
5243 PyVarObject_HEAD_INIT(NULL, 0)
5244 "_ssl.Session", /*tp_name*/
5245 sizeof(PySSLSession), /*tp_basicsize*/
5246 0, /*tp_itemsize*/
5247 (destructor)PySSLSession_dealloc, /*tp_dealloc*/
5248 0, /*tp_vectorcall_offset*/
5249 0, /*tp_getattr*/
5250 0, /*tp_setattr*/
5251 0, /*tp_as_async*/
5252 0, /*tp_repr*/
5253 0, /*tp_as_number*/
5254 0, /*tp_as_sequence*/
5255 0, /*tp_as_mapping*/
5256 0, /*tp_hash*/
5257 0, /*tp_call*/
5258 0, /*tp_str*/
5259 0, /*tp_getattro*/
5260 0, /*tp_setattro*/
5261 0, /*tp_as_buffer*/
5262 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC, /*tp_flags*/
5263 0, /*tp_doc*/
5264 (traverseproc)PySSLSession_traverse, /*tp_traverse*/
5265 (inquiry)PySSLSession_clear, /*tp_clear*/
5266 PySSLSession_richcompare, /*tp_richcompare*/
5267 0, /*tp_weaklistoffset*/
5268 0, /*tp_iter*/
5269 0, /*tp_iternext*/
5270 0, /*tp_methods*/
5271 0, /*tp_members*/
5272 PySSLSession_getsetlist, /*tp_getset*/
5273 };
5274
5275
5276 /* helper routines for seeding the SSL PRNG */
5277 /*[clinic input]
5278 _ssl.RAND_add
5279 string as view: Py_buffer(accept={str, buffer})
5280 entropy: double
5281 /
5282
5283 Mix string into the OpenSSL PRNG state.
5284
5285 entropy (a float) is a lower bound on the entropy contained in
5286 string. See RFC 4086.
5287 [clinic start generated code]*/
5288
5289 static PyObject *
_ssl_RAND_add_impl(PyObject * module,Py_buffer * view,double entropy)5290 _ssl_RAND_add_impl(PyObject *module, Py_buffer *view, double entropy)
5291 /*[clinic end generated code: output=e6dd48df9c9024e9 input=5c33017422828f5c]*/
5292 {
5293 const char *buf;
5294 Py_ssize_t len, written;
5295
5296 buf = (const char *)view->buf;
5297 len = view->len;
5298 do {
5299 written = Py_MIN(len, INT_MAX);
5300 RAND_add(buf, (int)written, entropy);
5301 buf += written;
5302 len -= written;
5303 } while (len);
5304 Py_RETURN_NONE;
5305 }
5306
5307 static PyObject *
PySSL_RAND(int len,int pseudo)5308 PySSL_RAND(int len, int pseudo)
5309 {
5310 int ok;
5311 PyObject *bytes;
5312 unsigned long err;
5313 const char *errstr;
5314 PyObject *v;
5315
5316 if (len < 0) {
5317 PyErr_SetString(PyExc_ValueError, "num must be positive");
5318 return NULL;
5319 }
5320
5321 bytes = PyBytes_FromStringAndSize(NULL, len);
5322 if (bytes == NULL)
5323 return NULL;
5324 if (pseudo) {
5325 #ifdef PY_OPENSSL_1_1_API
5326 ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
5327 #else
5328 ok = RAND_pseudo_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
5329 #endif
5330 if (ok == 0 || ok == 1)
5331 return Py_BuildValue("NO", bytes, ok == 1 ? Py_True : Py_False);
5332 }
5333 else {
5334 ok = RAND_bytes((unsigned char*)PyBytes_AS_STRING(bytes), len);
5335 if (ok == 1)
5336 return bytes;
5337 }
5338 Py_DECREF(bytes);
5339
5340 err = ERR_get_error();
5341 errstr = ERR_reason_error_string(err);
5342 v = Py_BuildValue("(ks)", err, errstr);
5343 if (v != NULL) {
5344 PyErr_SetObject(PySSLErrorObject, v);
5345 Py_DECREF(v);
5346 }
5347 return NULL;
5348 }
5349
5350 /*[clinic input]
5351 _ssl.RAND_bytes
5352 n: int
5353 /
5354
5355 Generate n cryptographically strong pseudo-random bytes.
5356 [clinic start generated code]*/
5357
5358 static PyObject *
_ssl_RAND_bytes_impl(PyObject * module,int n)5359 _ssl_RAND_bytes_impl(PyObject *module, int n)
5360 /*[clinic end generated code: output=977da635e4838bc7 input=678ddf2872dfebfc]*/
5361 {
5362 return PySSL_RAND(n, 0);
5363 }
5364
5365 /*[clinic input]
5366 _ssl.RAND_pseudo_bytes
5367 n: int
5368 /
5369
5370 Generate n pseudo-random bytes.
5371
5372 Return a pair (bytes, is_cryptographic). is_cryptographic is True
5373 if the bytes generated are cryptographically strong.
5374 [clinic start generated code]*/
5375
5376 static PyObject *
_ssl_RAND_pseudo_bytes_impl(PyObject * module,int n)5377 _ssl_RAND_pseudo_bytes_impl(PyObject *module, int n)
5378 /*[clinic end generated code: output=b1509e937000e52d input=58312bd53f9bbdd0]*/
5379 {
5380 return PySSL_RAND(n, 1);
5381 }
5382
5383 /*[clinic input]
5384 _ssl.RAND_status
5385
5386 Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.
5387
5388 It is necessary to seed the PRNG with RAND_add() on some platforms before
5389 using the ssl() function.
5390 [clinic start generated code]*/
5391
5392 static PyObject *
_ssl_RAND_status_impl(PyObject * module)5393 _ssl_RAND_status_impl(PyObject *module)
5394 /*[clinic end generated code: output=7e0aaa2d39fdc1ad input=8a774b02d1dc81f3]*/
5395 {
5396 return PyLong_FromLong(RAND_status());
5397 }
5398
5399 #ifndef OPENSSL_NO_EGD
5400 /* LCOV_EXCL_START */
5401 /*[clinic input]
5402 _ssl.RAND_egd
5403 path: object(converter="PyUnicode_FSConverter")
5404 /
5405
5406 Queries the entropy gather daemon (EGD) on the socket named by 'path'.
5407
5408 Returns number of bytes read. Raises SSLError if connection to EGD
5409 fails or if it does not provide enough data to seed PRNG.
5410 [clinic start generated code]*/
5411
5412 static PyObject *
_ssl_RAND_egd_impl(PyObject * module,PyObject * path)5413 _ssl_RAND_egd_impl(PyObject *module, PyObject *path)
5414 /*[clinic end generated code: output=02a67c7c367f52fa input=1aeb7eb948312195]*/
5415 {
5416 int bytes = RAND_egd(PyBytes_AsString(path));
5417 Py_DECREF(path);
5418 if (bytes == -1) {
5419 PyErr_SetString(PySSLErrorObject,
5420 "EGD connection failed or EGD did not return "
5421 "enough data to seed the PRNG");
5422 return NULL;
5423 }
5424 return PyLong_FromLong(bytes);
5425 }
5426 /* LCOV_EXCL_STOP */
5427 #endif /* OPENSSL_NO_EGD */
5428
5429
5430
5431 /*[clinic input]
5432 _ssl.get_default_verify_paths
5433
5434 Return search paths and environment vars that are used by SSLContext's set_default_verify_paths() to load default CAs.
5435
5436 The values are 'cert_file_env', 'cert_file', 'cert_dir_env', 'cert_dir'.
5437 [clinic start generated code]*/
5438
5439 static PyObject *
_ssl_get_default_verify_paths_impl(PyObject * module)5440 _ssl_get_default_verify_paths_impl(PyObject *module)
5441 /*[clinic end generated code: output=e5b62a466271928b input=5210c953d98c3eb5]*/
5442 {
5443 PyObject *ofile_env = NULL;
5444 PyObject *ofile = NULL;
5445 PyObject *odir_env = NULL;
5446 PyObject *odir = NULL;
5447
5448 #define CONVERT(info, target) { \
5449 const char *tmp = (info); \
5450 target = NULL; \
5451 if (!tmp) { Py_INCREF(Py_None); target = Py_None; } \
5452 else if ((target = PyUnicode_DecodeFSDefault(tmp)) == NULL) { \
5453 target = PyBytes_FromString(tmp); } \
5454 if (!target) goto error; \
5455 }
5456
5457 CONVERT(X509_get_default_cert_file_env(), ofile_env);
5458 CONVERT(X509_get_default_cert_file(), ofile);
5459 CONVERT(X509_get_default_cert_dir_env(), odir_env);
5460 CONVERT(X509_get_default_cert_dir(), odir);
5461 #undef CONVERT
5462
5463 return Py_BuildValue("NNNN", ofile_env, ofile, odir_env, odir);
5464
5465 error:
5466 Py_XDECREF(ofile_env);
5467 Py_XDECREF(ofile);
5468 Py_XDECREF(odir_env);
5469 Py_XDECREF(odir);
5470 return NULL;
5471 }
5472
5473 static PyObject*
asn1obj2py(ASN1_OBJECT * obj)5474 asn1obj2py(ASN1_OBJECT *obj)
5475 {
5476 int nid;
5477 const char *ln, *sn;
5478
5479 nid = OBJ_obj2nid(obj);
5480 if (nid == NID_undef) {
5481 PyErr_Format(PyExc_ValueError, "Unknown object");
5482 return NULL;
5483 }
5484 sn = OBJ_nid2sn(nid);
5485 ln = OBJ_nid2ln(nid);
5486 return Py_BuildValue("issN", nid, sn, ln, _asn1obj2py(obj, 1));
5487 }
5488
5489 /*[clinic input]
5490 _ssl.txt2obj
5491 txt: str
5492 name: bool = False
5493
5494 Lookup NID, short name, long name and OID of an ASN1_OBJECT.
5495
5496 By default objects are looked up by OID. With name=True short and
5497 long name are also matched.
5498 [clinic start generated code]*/
5499
5500 static PyObject *
_ssl_txt2obj_impl(PyObject * module,const char * txt,int name)5501 _ssl_txt2obj_impl(PyObject *module, const char *txt, int name)
5502 /*[clinic end generated code: output=c38e3991347079c1 input=1c1e7d0aa7c48602]*/
5503 {
5504 PyObject *result = NULL;
5505 ASN1_OBJECT *obj;
5506
5507 obj = OBJ_txt2obj(txt, name ? 0 : 1);
5508 if (obj == NULL) {
5509 PyErr_Format(PyExc_ValueError, "unknown object '%.100s'", txt);
5510 return NULL;
5511 }
5512 result = asn1obj2py(obj);
5513 ASN1_OBJECT_free(obj);
5514 return result;
5515 }
5516
5517 /*[clinic input]
5518 _ssl.nid2obj
5519 nid: int
5520 /
5521
5522 Lookup NID, short name, long name and OID of an ASN1_OBJECT by NID.
5523 [clinic start generated code]*/
5524
5525 static PyObject *
_ssl_nid2obj_impl(PyObject * module,int nid)5526 _ssl_nid2obj_impl(PyObject *module, int nid)
5527 /*[clinic end generated code: output=4a98ab691cd4f84a input=51787a3bee7d8f98]*/
5528 {
5529 PyObject *result = NULL;
5530 ASN1_OBJECT *obj;
5531
5532 if (nid < NID_undef) {
5533 PyErr_SetString(PyExc_ValueError, "NID must be positive.");
5534 return NULL;
5535 }
5536 obj = OBJ_nid2obj(nid);
5537 if (obj == NULL) {
5538 PyErr_Format(PyExc_ValueError, "unknown NID %i", nid);
5539 return NULL;
5540 }
5541 result = asn1obj2py(obj);
5542 ASN1_OBJECT_free(obj);
5543 return result;
5544 }
5545
5546 #ifdef _MSC_VER
5547
5548 static PyObject*
certEncodingType(DWORD encodingType)5549 certEncodingType(DWORD encodingType)
5550 {
5551 static PyObject *x509_asn = NULL;
5552 static PyObject *pkcs_7_asn = NULL;
5553
5554 if (x509_asn == NULL) {
5555 x509_asn = PyUnicode_InternFromString("x509_asn");
5556 if (x509_asn == NULL)
5557 return NULL;
5558 }
5559 if (pkcs_7_asn == NULL) {
5560 pkcs_7_asn = PyUnicode_InternFromString("pkcs_7_asn");
5561 if (pkcs_7_asn == NULL)
5562 return NULL;
5563 }
5564 switch(encodingType) {
5565 case X509_ASN_ENCODING:
5566 Py_INCREF(x509_asn);
5567 return x509_asn;
5568 case PKCS_7_ASN_ENCODING:
5569 Py_INCREF(pkcs_7_asn);
5570 return pkcs_7_asn;
5571 default:
5572 return PyLong_FromLong(encodingType);
5573 }
5574 }
5575
5576 static PyObject*
parseKeyUsage(PCCERT_CONTEXT pCertCtx,DWORD flags)5577 parseKeyUsage(PCCERT_CONTEXT pCertCtx, DWORD flags)
5578 {
5579 CERT_ENHKEY_USAGE *usage;
5580 DWORD size, error, i;
5581 PyObject *retval;
5582
5583 if (!CertGetEnhancedKeyUsage(pCertCtx, flags, NULL, &size)) {
5584 error = GetLastError();
5585 if (error == CRYPT_E_NOT_FOUND) {
5586 Py_RETURN_TRUE;
5587 }
5588 return PyErr_SetFromWindowsErr(error);
5589 }
5590
5591 usage = (CERT_ENHKEY_USAGE*)PyMem_Malloc(size);
5592 if (usage == NULL) {
5593 return PyErr_NoMemory();
5594 }
5595
5596 /* Now get the actual enhanced usage property */
5597 if (!CertGetEnhancedKeyUsage(pCertCtx, flags, usage, &size)) {
5598 PyMem_Free(usage);
5599 error = GetLastError();
5600 if (error == CRYPT_E_NOT_FOUND) {
5601 Py_RETURN_TRUE;
5602 }
5603 return PyErr_SetFromWindowsErr(error);
5604 }
5605 retval = PyFrozenSet_New(NULL);
5606 if (retval == NULL) {
5607 goto error;
5608 }
5609 for (i = 0; i < usage->cUsageIdentifier; ++i) {
5610 if (usage->rgpszUsageIdentifier[i]) {
5611 PyObject *oid;
5612 int err;
5613 oid = PyUnicode_FromString(usage->rgpszUsageIdentifier[i]);
5614 if (oid == NULL) {
5615 Py_CLEAR(retval);
5616 goto error;
5617 }
5618 err = PySet_Add(retval, oid);
5619 Py_DECREF(oid);
5620 if (err == -1) {
5621 Py_CLEAR(retval);
5622 goto error;
5623 }
5624 }
5625 }
5626 error:
5627 PyMem_Free(usage);
5628 return retval;
5629 }
5630
5631 static HCERTSTORE
ssl_collect_certificates(const char * store_name)5632 ssl_collect_certificates(const char *store_name)
5633 {
5634 /* this function collects the system certificate stores listed in
5635 * system_stores into a collection certificate store for being
5636 * enumerated. The store must be readable to be added to the
5637 * store collection.
5638 */
5639
5640 HCERTSTORE hCollectionStore = NULL, hSystemStore = NULL;
5641 static DWORD system_stores[] = {
5642 CERT_SYSTEM_STORE_LOCAL_MACHINE,
5643 CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE,
5644 CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY,
5645 CERT_SYSTEM_STORE_CURRENT_USER,
5646 CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY,
5647 CERT_SYSTEM_STORE_SERVICES,
5648 CERT_SYSTEM_STORE_USERS};
5649 size_t i, storesAdded;
5650 BOOL result;
5651
5652 hCollectionStore = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0,
5653 (HCRYPTPROV)NULL, 0, NULL);
5654 if (!hCollectionStore) {
5655 return NULL;
5656 }
5657 storesAdded = 0;
5658 for (i = 0; i < sizeof(system_stores) / sizeof(DWORD); i++) {
5659 hSystemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0,
5660 (HCRYPTPROV)NULL,
5661 CERT_STORE_READONLY_FLAG |
5662 system_stores[i], store_name);
5663 if (hSystemStore) {
5664 result = CertAddStoreToCollection(hCollectionStore, hSystemStore,
5665 CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 0);
5666 if (result) {
5667 ++storesAdded;
5668 }
5669 CertCloseStore(hSystemStore, 0); /* flag must be 0 */
5670 }
5671 }
5672 if (storesAdded == 0) {
5673 CertCloseStore(hCollectionStore, CERT_CLOSE_STORE_FORCE_FLAG);
5674 return NULL;
5675 }
5676
5677 return hCollectionStore;
5678 }
5679
5680 /*[clinic input]
5681 _ssl.enum_certificates
5682 store_name: str
5683
5684 Retrieve certificates from Windows' cert store.
5685
5686 store_name may be one of 'CA', 'ROOT' or 'MY'. The system may provide
5687 more cert storages, too. The function returns a list of (bytes,
5688 encoding_type, trust) tuples. The encoding_type flag can be interpreted
5689 with X509_ASN_ENCODING or PKCS_7_ASN_ENCODING. The trust setting is either
5690 a set of OIDs or the boolean True.
5691 [clinic start generated code]*/
5692
5693 static PyObject *
_ssl_enum_certificates_impl(PyObject * module,const char * store_name)5694 _ssl_enum_certificates_impl(PyObject *module, const char *store_name)
5695 /*[clinic end generated code: output=5134dc8bb3a3c893 input=915f60d70461ea4e]*/
5696 {
5697 HCERTSTORE hCollectionStore = NULL;
5698 PCCERT_CONTEXT pCertCtx = NULL;
5699 PyObject *keyusage = NULL, *cert = NULL, *enc = NULL, *tup = NULL;
5700 PyObject *result = NULL;
5701
5702 result = PySet_New(NULL);
5703 if (result == NULL) {
5704 return NULL;
5705 }
5706 hCollectionStore = ssl_collect_certificates(store_name);
5707 if (hCollectionStore == NULL) {
5708 Py_DECREF(result);
5709 return PyErr_SetFromWindowsErr(GetLastError());
5710 }
5711
5712 while (pCertCtx = CertEnumCertificatesInStore(hCollectionStore, pCertCtx)) {
5713 cert = PyBytes_FromStringAndSize((const char*)pCertCtx->pbCertEncoded,
5714 pCertCtx->cbCertEncoded);
5715 if (!cert) {
5716 Py_CLEAR(result);
5717 break;
5718 }
5719 if ((enc = certEncodingType(pCertCtx->dwCertEncodingType)) == NULL) {
5720 Py_CLEAR(result);
5721 break;
5722 }
5723 keyusage = parseKeyUsage(pCertCtx, CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG);
5724 if (keyusage == Py_True) {
5725 Py_DECREF(keyusage);
5726 keyusage = parseKeyUsage(pCertCtx, CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG);
5727 }
5728 if (keyusage == NULL) {
5729 Py_CLEAR(result);
5730 break;
5731 }
5732 if ((tup = PyTuple_New(3)) == NULL) {
5733 Py_CLEAR(result);
5734 break;
5735 }
5736 PyTuple_SET_ITEM(tup, 0, cert);
5737 cert = NULL;
5738 PyTuple_SET_ITEM(tup, 1, enc);
5739 enc = NULL;
5740 PyTuple_SET_ITEM(tup, 2, keyusage);
5741 keyusage = NULL;
5742 if (PySet_Add(result, tup) == -1) {
5743 Py_CLEAR(result);
5744 Py_CLEAR(tup);
5745 break;
5746 }
5747 Py_CLEAR(tup);
5748 }
5749 if (pCertCtx) {
5750 /* loop ended with an error, need to clean up context manually */
5751 CertFreeCertificateContext(pCertCtx);
5752 }
5753
5754 /* In error cases cert, enc and tup may not be NULL */
5755 Py_XDECREF(cert);
5756 Py_XDECREF(enc);
5757 Py_XDECREF(keyusage);
5758 Py_XDECREF(tup);
5759
5760 /* CERT_CLOSE_STORE_FORCE_FLAG forces freeing of memory for all contexts
5761 associated with the store, in this case our collection store and the
5762 associated system stores. */
5763 if (!CertCloseStore(hCollectionStore, CERT_CLOSE_STORE_FORCE_FLAG)) {
5764 /* This error case might shadow another exception.*/
5765 Py_XDECREF(result);
5766 return PyErr_SetFromWindowsErr(GetLastError());
5767 }
5768
5769 /* convert set to list */
5770 if (result == NULL) {
5771 return NULL;
5772 } else {
5773 PyObject *lst = PySequence_List(result);
5774 Py_DECREF(result);
5775 return lst;
5776 }
5777 }
5778
5779 /*[clinic input]
5780 _ssl.enum_crls
5781 store_name: str
5782
5783 Retrieve CRLs from Windows' cert store.
5784
5785 store_name may be one of 'CA', 'ROOT' or 'MY'. The system may provide
5786 more cert storages, too. The function returns a list of (bytes,
5787 encoding_type) tuples. The encoding_type flag can be interpreted with
5788 X509_ASN_ENCODING or PKCS_7_ASN_ENCODING.
5789 [clinic start generated code]*/
5790
5791 static PyObject *
_ssl_enum_crls_impl(PyObject * module,const char * store_name)5792 _ssl_enum_crls_impl(PyObject *module, const char *store_name)
5793 /*[clinic end generated code: output=bce467f60ccd03b6 input=a1f1d7629f1c5d3d]*/
5794 {
5795 HCERTSTORE hCollectionStore = NULL;
5796 PCCRL_CONTEXT pCrlCtx = NULL;
5797 PyObject *crl = NULL, *enc = NULL, *tup = NULL;
5798 PyObject *result = NULL;
5799
5800 result = PySet_New(NULL);
5801 if (result == NULL) {
5802 return NULL;
5803 }
5804 hCollectionStore = ssl_collect_certificates(store_name);
5805 if (hCollectionStore == NULL) {
5806 Py_DECREF(result);
5807 return PyErr_SetFromWindowsErr(GetLastError());
5808 }
5809
5810 while (pCrlCtx = CertEnumCRLsInStore(hCollectionStore, pCrlCtx)) {
5811 crl = PyBytes_FromStringAndSize((const char*)pCrlCtx->pbCrlEncoded,
5812 pCrlCtx->cbCrlEncoded);
5813 if (!crl) {
5814 Py_CLEAR(result);
5815 break;
5816 }
5817 if ((enc = certEncodingType(pCrlCtx->dwCertEncodingType)) == NULL) {
5818 Py_CLEAR(result);
5819 break;
5820 }
5821 if ((tup = PyTuple_New(2)) == NULL) {
5822 Py_CLEAR(result);
5823 break;
5824 }
5825 PyTuple_SET_ITEM(tup, 0, crl);
5826 crl = NULL;
5827 PyTuple_SET_ITEM(tup, 1, enc);
5828 enc = NULL;
5829
5830 if (PySet_Add(result, tup) == -1) {
5831 Py_CLEAR(result);
5832 Py_CLEAR(tup);
5833 break;
5834 }
5835 Py_CLEAR(tup);
5836 }
5837 if (pCrlCtx) {
5838 /* loop ended with an error, need to clean up context manually */
5839 CertFreeCRLContext(pCrlCtx);
5840 }
5841
5842 /* In error cases cert, enc and tup may not be NULL */
5843 Py_XDECREF(crl);
5844 Py_XDECREF(enc);
5845 Py_XDECREF(tup);
5846
5847 /* CERT_CLOSE_STORE_FORCE_FLAG forces freeing of memory for all contexts
5848 associated with the store, in this case our collection store and the
5849 associated system stores. */
5850 if (!CertCloseStore(hCollectionStore, CERT_CLOSE_STORE_FORCE_FLAG)) {
5851 /* This error case might shadow another exception.*/
5852 Py_XDECREF(result);
5853 return PyErr_SetFromWindowsErr(GetLastError());
5854 }
5855 /* convert set to list */
5856 if (result == NULL) {
5857 return NULL;
5858 } else {
5859 PyObject *lst = PySequence_List(result);
5860 Py_DECREF(result);
5861 return lst;
5862 }
5863 }
5864
5865 #endif /* _MSC_VER */
5866
5867 /* List of functions exported by this module. */
5868 static PyMethodDef PySSL_methods[] = {
5869 _SSL__TEST_DECODE_CERT_METHODDEF
5870 _SSL_RAND_ADD_METHODDEF
5871 _SSL_RAND_BYTES_METHODDEF
5872 _SSL_RAND_PSEUDO_BYTES_METHODDEF
5873 _SSL_RAND_EGD_METHODDEF
5874 _SSL_RAND_STATUS_METHODDEF
5875 _SSL_GET_DEFAULT_VERIFY_PATHS_METHODDEF
5876 _SSL_ENUM_CERTIFICATES_METHODDEF
5877 _SSL_ENUM_CRLS_METHODDEF
5878 _SSL_TXT2OBJ_METHODDEF
5879 _SSL_NID2OBJ_METHODDEF
5880 {NULL, NULL} /* Sentinel */
5881 };
5882
5883
5884 #ifdef HAVE_OPENSSL_CRYPTO_LOCK
5885
5886 /* an implementation of OpenSSL threading operations in terms
5887 * of the Python C thread library
5888 * Only used up to 1.0.2. OpenSSL 1.1.0+ has its own locking code.
5889 */
5890
5891 static PyThread_type_lock *_ssl_locks = NULL;
5892
5893 #if OPENSSL_VERSION_NUMBER >= 0x10000000
5894 /* use new CRYPTO_THREADID API. */
5895 static void
_ssl_threadid_callback(CRYPTO_THREADID * id)5896 _ssl_threadid_callback(CRYPTO_THREADID *id)
5897 {
5898 CRYPTO_THREADID_set_numeric(id, PyThread_get_thread_ident());
5899 }
5900 #else
5901 /* deprecated CRYPTO_set_id_callback() API. */
5902 static unsigned long
_ssl_thread_id_function(void)5903 _ssl_thread_id_function (void) {
5904 return PyThread_get_thread_ident();
5905 }
5906 #endif
5907
_ssl_thread_locking_function(int mode,int n,const char * file,int line)5908 static void _ssl_thread_locking_function
5909 (int mode, int n, const char *file, int line) {
5910 /* this function is needed to perform locking on shared data
5911 structures. (Note that OpenSSL uses a number of global data
5912 structures that will be implicitly shared whenever multiple
5913 threads use OpenSSL.) Multi-threaded applications will
5914 crash at random if it is not set.
5915
5916 locking_function() must be able to handle up to
5917 CRYPTO_num_locks() different mutex locks. It sets the n-th
5918 lock if mode & CRYPTO_LOCK, and releases it otherwise.
5919
5920 file and line are the file number of the function setting the
5921 lock. They can be useful for debugging.
5922 */
5923
5924 if ((_ssl_locks == NULL) ||
5925 (n < 0) || ((unsigned)n >= _ssl_locks_count))
5926 return;
5927
5928 if (mode & CRYPTO_LOCK) {
5929 PyThread_acquire_lock(_ssl_locks[n], 1);
5930 } else {
5931 PyThread_release_lock(_ssl_locks[n]);
5932 }
5933 }
5934
_setup_ssl_threads(void)5935 static int _setup_ssl_threads(void) {
5936
5937 unsigned int i;
5938
5939 if (_ssl_locks == NULL) {
5940 _ssl_locks_count = CRYPTO_num_locks();
5941 _ssl_locks = PyMem_Calloc(_ssl_locks_count,
5942 sizeof(PyThread_type_lock));
5943 if (_ssl_locks == NULL) {
5944 PyErr_NoMemory();
5945 return 0;
5946 }
5947 for (i = 0; i < _ssl_locks_count; i++) {
5948 _ssl_locks[i] = PyThread_allocate_lock();
5949 if (_ssl_locks[i] == NULL) {
5950 unsigned int j;
5951 for (j = 0; j < i; j++) {
5952 PyThread_free_lock(_ssl_locks[j]);
5953 }
5954 PyMem_Free(_ssl_locks);
5955 return 0;
5956 }
5957 }
5958 CRYPTO_set_locking_callback(_ssl_thread_locking_function);
5959 #if OPENSSL_VERSION_NUMBER >= 0x10000000
5960 CRYPTO_THREADID_set_callback(_ssl_threadid_callback);
5961 #else
5962 CRYPTO_set_id_callback(_ssl_thread_id_function);
5963 #endif
5964 }
5965 return 1;
5966 }
5967
5968 #endif /* HAVE_OPENSSL_CRYPTO_LOCK for OpenSSL < 1.1.0 */
5969
5970 PyDoc_STRVAR(module_doc,
5971 "Implementation module for SSL socket operations. See the socket module\n\
5972 for documentation.");
5973
5974
5975 static struct PyModuleDef _sslmodule = {
5976 PyModuleDef_HEAD_INIT,
5977 "_ssl",
5978 module_doc,
5979 -1,
5980 PySSL_methods,
5981 NULL,
5982 NULL,
5983 NULL,
5984 NULL
5985 };
5986
5987
5988 static void
parse_openssl_version(unsigned long libver,unsigned int * major,unsigned int * minor,unsigned int * fix,unsigned int * patch,unsigned int * status)5989 parse_openssl_version(unsigned long libver,
5990 unsigned int *major, unsigned int *minor,
5991 unsigned int *fix, unsigned int *patch,
5992 unsigned int *status)
5993 {
5994 *status = libver & 0xF;
5995 libver >>= 4;
5996 *patch = libver & 0xFF;
5997 libver >>= 8;
5998 *fix = libver & 0xFF;
5999 libver >>= 8;
6000 *minor = libver & 0xFF;
6001 libver >>= 8;
6002 *major = libver & 0xFF;
6003 }
6004
6005 PyMODINIT_FUNC
PyInit__ssl(void)6006 PyInit__ssl(void)
6007 {
6008 PyObject *m, *d, *r, *bases;
6009 unsigned long libver;
6010 unsigned int major, minor, fix, patch, status;
6011 PySocketModule_APIObject *socket_api;
6012 struct py_ssl_error_code *errcode;
6013 struct py_ssl_library_code *libcode;
6014
6015 if (PyType_Ready(&PySSLContext_Type) < 0)
6016 return NULL;
6017 if (PyType_Ready(&PySSLSocket_Type) < 0)
6018 return NULL;
6019 if (PyType_Ready(&PySSLMemoryBIO_Type) < 0)
6020 return NULL;
6021 if (PyType_Ready(&PySSLSession_Type) < 0)
6022 return NULL;
6023
6024
6025 m = PyModule_Create(&_sslmodule);
6026 if (m == NULL)
6027 return NULL;
6028 d = PyModule_GetDict(m);
6029
6030 /* Load _socket module and its C API */
6031 socket_api = PySocketModule_ImportModuleAndAPI();
6032 if (!socket_api)
6033 return NULL;
6034 PySocketModule = *socket_api;
6035
6036 #ifndef OPENSSL_VERSION_1_1
6037 /* Load all algorithms and initialize cpuid */
6038 OPENSSL_add_all_algorithms_noconf();
6039 /* Init OpenSSL */
6040 SSL_load_error_strings();
6041 SSL_library_init();
6042 #endif
6043
6044 #ifdef HAVE_OPENSSL_CRYPTO_LOCK
6045 /* note that this will start threading if not already started */
6046 if (!_setup_ssl_threads()) {
6047 return NULL;
6048 }
6049 #elif OPENSSL_VERSION_1_1
6050 /* OpenSSL 1.1.0 builtin thread support is enabled */
6051 _ssl_locks_count++;
6052 #endif
6053
6054 /* Add symbols to module dict */
6055 sslerror_type_slots[0].pfunc = PyExc_OSError;
6056 PySSLErrorObject = PyType_FromSpec(&sslerror_type_spec);
6057 if (PySSLErrorObject == NULL)
6058 return NULL;
6059
6060 /* ssl.CertificateError used to be a subclass of ValueError */
6061 bases = Py_BuildValue("OO", PySSLErrorObject, PyExc_ValueError);
6062 if (bases == NULL)
6063 return NULL;
6064 PySSLCertVerificationErrorObject = PyErr_NewExceptionWithDoc(
6065 "ssl.SSLCertVerificationError", SSLCertVerificationError_doc,
6066 bases, NULL);
6067 Py_DECREF(bases);
6068 PySSLZeroReturnErrorObject = PyErr_NewExceptionWithDoc(
6069 "ssl.SSLZeroReturnError", SSLZeroReturnError_doc,
6070 PySSLErrorObject, NULL);
6071 PySSLWantReadErrorObject = PyErr_NewExceptionWithDoc(
6072 "ssl.SSLWantReadError", SSLWantReadError_doc,
6073 PySSLErrorObject, NULL);
6074 PySSLWantWriteErrorObject = PyErr_NewExceptionWithDoc(
6075 "ssl.SSLWantWriteError", SSLWantWriteError_doc,
6076 PySSLErrorObject, NULL);
6077 PySSLSyscallErrorObject = PyErr_NewExceptionWithDoc(
6078 "ssl.SSLSyscallError", SSLSyscallError_doc,
6079 PySSLErrorObject, NULL);
6080 PySSLEOFErrorObject = PyErr_NewExceptionWithDoc(
6081 "ssl.SSLEOFError", SSLEOFError_doc,
6082 PySSLErrorObject, NULL);
6083 if (PySSLCertVerificationErrorObject == NULL
6084 || PySSLZeroReturnErrorObject == NULL
6085 || PySSLWantReadErrorObject == NULL
6086 || PySSLWantWriteErrorObject == NULL
6087 || PySSLSyscallErrorObject == NULL
6088 || PySSLEOFErrorObject == NULL)
6089 return NULL;
6090 if (PyDict_SetItemString(d, "SSLError", PySSLErrorObject) != 0
6091 || PyDict_SetItemString(d, "SSLCertVerificationError",
6092 PySSLCertVerificationErrorObject) != 0
6093 || PyDict_SetItemString(d, "SSLZeroReturnError", PySSLZeroReturnErrorObject) != 0
6094 || PyDict_SetItemString(d, "SSLWantReadError", PySSLWantReadErrorObject) != 0
6095 || PyDict_SetItemString(d, "SSLWantWriteError", PySSLWantWriteErrorObject) != 0
6096 || PyDict_SetItemString(d, "SSLSyscallError", PySSLSyscallErrorObject) != 0
6097 || PyDict_SetItemString(d, "SSLEOFError", PySSLEOFErrorObject) != 0)
6098 return NULL;
6099 if (PyDict_SetItemString(d, "_SSLContext",
6100 (PyObject *)&PySSLContext_Type) != 0)
6101 return NULL;
6102 if (PyDict_SetItemString(d, "_SSLSocket",
6103 (PyObject *)&PySSLSocket_Type) != 0)
6104 return NULL;
6105 if (PyDict_SetItemString(d, "MemoryBIO",
6106 (PyObject *)&PySSLMemoryBIO_Type) != 0)
6107 return NULL;
6108 if (PyDict_SetItemString(d, "SSLSession",
6109 (PyObject *)&PySSLSession_Type) != 0)
6110 return NULL;
6111
6112 PyModule_AddStringConstant(m, "_DEFAULT_CIPHERS",
6113 PY_SSL_DEFAULT_CIPHER_STRING);
6114
6115 PyModule_AddIntConstant(m, "SSL_ERROR_ZERO_RETURN",
6116 PY_SSL_ERROR_ZERO_RETURN);
6117 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_READ",
6118 PY_SSL_ERROR_WANT_READ);
6119 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_WRITE",
6120 PY_SSL_ERROR_WANT_WRITE);
6121 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_X509_LOOKUP",
6122 PY_SSL_ERROR_WANT_X509_LOOKUP);
6123 PyModule_AddIntConstant(m, "SSL_ERROR_SYSCALL",
6124 PY_SSL_ERROR_SYSCALL);
6125 PyModule_AddIntConstant(m, "SSL_ERROR_SSL",
6126 PY_SSL_ERROR_SSL);
6127 PyModule_AddIntConstant(m, "SSL_ERROR_WANT_CONNECT",
6128 PY_SSL_ERROR_WANT_CONNECT);
6129 /* non ssl.h errorcodes */
6130 PyModule_AddIntConstant(m, "SSL_ERROR_EOF",
6131 PY_SSL_ERROR_EOF);
6132 PyModule_AddIntConstant(m, "SSL_ERROR_INVALID_ERROR_CODE",
6133 PY_SSL_ERROR_INVALID_ERROR_CODE);
6134 /* cert requirements */
6135 PyModule_AddIntConstant(m, "CERT_NONE",
6136 PY_SSL_CERT_NONE);
6137 PyModule_AddIntConstant(m, "CERT_OPTIONAL",
6138 PY_SSL_CERT_OPTIONAL);
6139 PyModule_AddIntConstant(m, "CERT_REQUIRED",
6140 PY_SSL_CERT_REQUIRED);
6141 /* CRL verification for verification_flags */
6142 PyModule_AddIntConstant(m, "VERIFY_DEFAULT",
6143 0);
6144 PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_LEAF",
6145 X509_V_FLAG_CRL_CHECK);
6146 PyModule_AddIntConstant(m, "VERIFY_CRL_CHECK_CHAIN",
6147 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
6148 PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
6149 X509_V_FLAG_X509_STRICT);
6150 #ifdef X509_V_FLAG_TRUSTED_FIRST
6151 PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST",
6152 X509_V_FLAG_TRUSTED_FIRST);
6153 #endif
6154
6155 /* Alert Descriptions from ssl.h */
6156 /* note RESERVED constants no longer intended for use have been removed */
6157 /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 */
6158
6159 #define ADD_AD_CONSTANT(s) \
6160 PyModule_AddIntConstant(m, "ALERT_DESCRIPTION_"#s, \
6161 SSL_AD_##s)
6162
6163 ADD_AD_CONSTANT(CLOSE_NOTIFY);
6164 ADD_AD_CONSTANT(UNEXPECTED_MESSAGE);
6165 ADD_AD_CONSTANT(BAD_RECORD_MAC);
6166 ADD_AD_CONSTANT(RECORD_OVERFLOW);
6167 ADD_AD_CONSTANT(DECOMPRESSION_FAILURE);
6168 ADD_AD_CONSTANT(HANDSHAKE_FAILURE);
6169 ADD_AD_CONSTANT(BAD_CERTIFICATE);
6170 ADD_AD_CONSTANT(UNSUPPORTED_CERTIFICATE);
6171 ADD_AD_CONSTANT(CERTIFICATE_REVOKED);
6172 ADD_AD_CONSTANT(CERTIFICATE_EXPIRED);
6173 ADD_AD_CONSTANT(CERTIFICATE_UNKNOWN);
6174 ADD_AD_CONSTANT(ILLEGAL_PARAMETER);
6175 ADD_AD_CONSTANT(UNKNOWN_CA);
6176 ADD_AD_CONSTANT(ACCESS_DENIED);
6177 ADD_AD_CONSTANT(DECODE_ERROR);
6178 ADD_AD_CONSTANT(DECRYPT_ERROR);
6179 ADD_AD_CONSTANT(PROTOCOL_VERSION);
6180 ADD_AD_CONSTANT(INSUFFICIENT_SECURITY);
6181 ADD_AD_CONSTANT(INTERNAL_ERROR);
6182 ADD_AD_CONSTANT(USER_CANCELLED);
6183 ADD_AD_CONSTANT(NO_RENEGOTIATION);
6184 /* Not all constants are in old OpenSSL versions */
6185 #ifdef SSL_AD_UNSUPPORTED_EXTENSION
6186 ADD_AD_CONSTANT(UNSUPPORTED_EXTENSION);
6187 #endif
6188 #ifdef SSL_AD_CERTIFICATE_UNOBTAINABLE
6189 ADD_AD_CONSTANT(CERTIFICATE_UNOBTAINABLE);
6190 #endif
6191 #ifdef SSL_AD_UNRECOGNIZED_NAME
6192 ADD_AD_CONSTANT(UNRECOGNIZED_NAME);
6193 #endif
6194 #ifdef SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE
6195 ADD_AD_CONSTANT(BAD_CERTIFICATE_STATUS_RESPONSE);
6196 #endif
6197 #ifdef SSL_AD_BAD_CERTIFICATE_HASH_VALUE
6198 ADD_AD_CONSTANT(BAD_CERTIFICATE_HASH_VALUE);
6199 #endif
6200 #ifdef SSL_AD_UNKNOWN_PSK_IDENTITY
6201 ADD_AD_CONSTANT(UNKNOWN_PSK_IDENTITY);
6202 #endif
6203
6204 #undef ADD_AD_CONSTANT
6205
6206 /* protocol versions */
6207 #ifndef OPENSSL_NO_SSL2
6208 PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
6209 PY_SSL_VERSION_SSL2);
6210 #endif
6211 #ifndef OPENSSL_NO_SSL3
6212 PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
6213 PY_SSL_VERSION_SSL3);
6214 #endif
6215 PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
6216 PY_SSL_VERSION_TLS);
6217 PyModule_AddIntConstant(m, "PROTOCOL_TLS",
6218 PY_SSL_VERSION_TLS);
6219 PyModule_AddIntConstant(m, "PROTOCOL_TLS_CLIENT",
6220 PY_SSL_VERSION_TLS_CLIENT);
6221 PyModule_AddIntConstant(m, "PROTOCOL_TLS_SERVER",
6222 PY_SSL_VERSION_TLS_SERVER);
6223 PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
6224 PY_SSL_VERSION_TLS1);
6225 PyModule_AddIntConstant(m, "PROTOCOL_TLSv1_1",
6226 PY_SSL_VERSION_TLS1_1);
6227 PyModule_AddIntConstant(m, "PROTOCOL_TLSv1_2",
6228 PY_SSL_VERSION_TLS1_2);
6229
6230 /* protocol options */
6231 PyModule_AddIntConstant(m, "OP_ALL",
6232 SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
6233 PyModule_AddIntConstant(m, "OP_NO_SSLv2", SSL_OP_NO_SSLv2);
6234 PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
6235 PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
6236 PyModule_AddIntConstant(m, "OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1);
6237 PyModule_AddIntConstant(m, "OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2);
6238 #ifdef SSL_OP_NO_TLSv1_3
6239 PyModule_AddIntConstant(m, "OP_NO_TLSv1_3", SSL_OP_NO_TLSv1_3);
6240 #else
6241 PyModule_AddIntConstant(m, "OP_NO_TLSv1_3", 0);
6242 #endif
6243 PyModule_AddIntConstant(m, "OP_CIPHER_SERVER_PREFERENCE",
6244 SSL_OP_CIPHER_SERVER_PREFERENCE);
6245 PyModule_AddIntConstant(m, "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE);
6246 PyModule_AddIntConstant(m, "OP_NO_TICKET", SSL_OP_NO_TICKET);
6247 #ifdef SSL_OP_SINGLE_ECDH_USE
6248 PyModule_AddIntConstant(m, "OP_SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE);
6249 #endif
6250 #ifdef SSL_OP_NO_COMPRESSION
6251 PyModule_AddIntConstant(m, "OP_NO_COMPRESSION",
6252 SSL_OP_NO_COMPRESSION);
6253 #endif
6254 #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
6255 PyModule_AddIntConstant(m, "OP_ENABLE_MIDDLEBOX_COMPAT",
6256 SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
6257 #endif
6258 #ifdef SSL_OP_NO_RENEGOTIATION
6259 PyModule_AddIntConstant(m, "OP_NO_RENEGOTIATION",
6260 SSL_OP_NO_RENEGOTIATION);
6261 #endif
6262
6263 #ifdef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
6264 PyModule_AddIntConstant(m, "HOSTFLAG_ALWAYS_CHECK_SUBJECT",
6265 X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT);
6266 #endif
6267 #ifdef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
6268 PyModule_AddIntConstant(m, "HOSTFLAG_NEVER_CHECK_SUBJECT",
6269 X509_CHECK_FLAG_NEVER_CHECK_SUBJECT);
6270 #endif
6271 #ifdef X509_CHECK_FLAG_NO_WILDCARDS
6272 PyModule_AddIntConstant(m, "HOSTFLAG_NO_WILDCARDS",
6273 X509_CHECK_FLAG_NO_WILDCARDS);
6274 #endif
6275 #ifdef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
6276 PyModule_AddIntConstant(m, "HOSTFLAG_NO_PARTIAL_WILDCARDS",
6277 X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
6278 #endif
6279 #ifdef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
6280 PyModule_AddIntConstant(m, "HOSTFLAG_MULTI_LABEL_WILDCARDS",
6281 X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS);
6282 #endif
6283 #ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
6284 PyModule_AddIntConstant(m, "HOSTFLAG_SINGLE_LABEL_SUBDOMAINS",
6285 X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS);
6286 #endif
6287
6288 /* protocol versions */
6289 PyModule_AddIntConstant(m, "PROTO_MINIMUM_SUPPORTED",
6290 PY_PROTO_MINIMUM_SUPPORTED);
6291 PyModule_AddIntConstant(m, "PROTO_MAXIMUM_SUPPORTED",
6292 PY_PROTO_MAXIMUM_SUPPORTED);
6293 PyModule_AddIntConstant(m, "PROTO_SSLv3", PY_PROTO_SSLv3);
6294 PyModule_AddIntConstant(m, "PROTO_TLSv1", PY_PROTO_TLSv1);
6295 PyModule_AddIntConstant(m, "PROTO_TLSv1_1", PY_PROTO_TLSv1_1);
6296 PyModule_AddIntConstant(m, "PROTO_TLSv1_2", PY_PROTO_TLSv1_2);
6297 PyModule_AddIntConstant(m, "PROTO_TLSv1_3", PY_PROTO_TLSv1_3);
6298
6299 #define addbool(m, key, value) \
6300 do { \
6301 PyObject *bool_obj = (value) ? Py_True : Py_False; \
6302 Py_INCREF(bool_obj); \
6303 PyModule_AddObject((m), (key), bool_obj); \
6304 } while (0)
6305
6306 #if HAVE_SNI
6307 addbool(m, "HAS_SNI", 1);
6308 #else
6309 addbool(m, "HAS_SNI", 0);
6310 #endif
6311
6312 addbool(m, "HAS_TLS_UNIQUE", 1);
6313
6314 #ifndef OPENSSL_NO_ECDH
6315 addbool(m, "HAS_ECDH", 1);
6316 #else
6317 addbool(m, "HAS_ECDH", 0);
6318 #endif
6319
6320 #if HAVE_NPN
6321 addbool(m, "HAS_NPN", 1);
6322 #else
6323 addbool(m, "HAS_NPN", 0);
6324 #endif
6325
6326 #if HAVE_ALPN
6327 addbool(m, "HAS_ALPN", 1);
6328 #else
6329 addbool(m, "HAS_ALPN", 0);
6330 #endif
6331
6332 #if defined(SSL2_VERSION) && !defined(OPENSSL_NO_SSL2)
6333 addbool(m, "HAS_SSLv2", 1);
6334 #else
6335 addbool(m, "HAS_SSLv2", 0);
6336 #endif
6337
6338 #if defined(SSL3_VERSION) && !defined(OPENSSL_NO_SSL3)
6339 addbool(m, "HAS_SSLv3", 1);
6340 #else
6341 addbool(m, "HAS_SSLv3", 0);
6342 #endif
6343
6344 #if defined(TLS1_VERSION) && !defined(OPENSSL_NO_TLS1)
6345 addbool(m, "HAS_TLSv1", 1);
6346 #else
6347 addbool(m, "HAS_TLSv1", 0);
6348 #endif
6349
6350 #if defined(TLS1_1_VERSION) && !defined(OPENSSL_NO_TLS1_1)
6351 addbool(m, "HAS_TLSv1_1", 1);
6352 #else
6353 addbool(m, "HAS_TLSv1_1", 0);
6354 #endif
6355
6356 #if defined(TLS1_2_VERSION) && !defined(OPENSSL_NO_TLS1_2)
6357 addbool(m, "HAS_TLSv1_2", 1);
6358 #else
6359 addbool(m, "HAS_TLSv1_2", 0);
6360 #endif
6361
6362 #if defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3)
6363 addbool(m, "HAS_TLSv1_3", 1);
6364 #else
6365 addbool(m, "HAS_TLSv1_3", 0);
6366 #endif
6367
6368 /* Mappings for error codes */
6369 err_codes_to_names = PyDict_New();
6370 err_names_to_codes = PyDict_New();
6371 if (err_codes_to_names == NULL || err_names_to_codes == NULL)
6372 return NULL;
6373 errcode = error_codes;
6374 while (errcode->mnemonic != NULL) {
6375 PyObject *mnemo, *key;
6376 mnemo = PyUnicode_FromString(errcode->mnemonic);
6377 key = Py_BuildValue("ii", errcode->library, errcode->reason);
6378 if (mnemo == NULL || key == NULL)
6379 return NULL;
6380 if (PyDict_SetItem(err_codes_to_names, key, mnemo))
6381 return NULL;
6382 if (PyDict_SetItem(err_names_to_codes, mnemo, key))
6383 return NULL;
6384 Py_DECREF(key);
6385 Py_DECREF(mnemo);
6386 errcode++;
6387 }
6388 if (PyModule_AddObject(m, "err_codes_to_names", err_codes_to_names))
6389 return NULL;
6390 if (PyModule_AddObject(m, "err_names_to_codes", err_names_to_codes))
6391 return NULL;
6392
6393 lib_codes_to_names = PyDict_New();
6394 if (lib_codes_to_names == NULL)
6395 return NULL;
6396 libcode = library_codes;
6397 while (libcode->library != NULL) {
6398 PyObject *mnemo, *key;
6399 key = PyLong_FromLong(libcode->code);
6400 mnemo = PyUnicode_FromString(libcode->library);
6401 if (key == NULL || mnemo == NULL)
6402 return NULL;
6403 if (PyDict_SetItem(lib_codes_to_names, key, mnemo))
6404 return NULL;
6405 Py_DECREF(key);
6406 Py_DECREF(mnemo);
6407 libcode++;
6408 }
6409 if (PyModule_AddObject(m, "lib_codes_to_names", lib_codes_to_names))
6410 return NULL;
6411
6412 /* OpenSSL version */
6413 /* SSLeay() gives us the version of the library linked against,
6414 which could be different from the headers version.
6415 */
6416 libver = OpenSSL_version_num();
6417 r = PyLong_FromUnsignedLong(libver);
6418 if (r == NULL)
6419 return NULL;
6420 if (PyModule_AddObject(m, "OPENSSL_VERSION_NUMBER", r))
6421 return NULL;
6422 parse_openssl_version(libver, &major, &minor, &fix, &patch, &status);
6423 r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
6424 if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
6425 return NULL;
6426 r = PyUnicode_FromString(OpenSSL_version(OPENSSL_VERSION));
6427 if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
6428 return NULL;
6429
6430 libver = OPENSSL_VERSION_NUMBER;
6431 parse_openssl_version(libver, &major, &minor, &fix, &patch, &status);
6432 r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
6433 if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
6434 return NULL;
6435
6436 return m;
6437 }
6438