Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(11)

Side by Side Diff: Modules/_ssl.c

Issue 10639: reindent.py converts newlines to platform default
Patch Set: Created 8 years, 8 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Modules/signalmodule.c ('k') | Modules/timemodule.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* SSL socket module 1 /* SSL socket module
2 2
3 SSL support based on patches by Brian E Gallew and Laszlo Kovacs. 3 SSL support based on patches by Brian E Gallew and Laszlo Kovacs.
4 Re-worked a bit by Bill Janssen to add server-side support and 4 Re-worked a bit by Bill Janssen to add server-side support and
5 certificate decoding. Chris Stawarz contributed some non-blocking 5 certificate decoding. Chris Stawarz contributed some non-blocking
6 patches. 6 patches.
7 7
8 This module is imported by ssl.py. It should *not* be used 8 This module is imported by ssl.py. It should *not* be used
9 directly. 9 directly.
10 10
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
115 # undef HAVE_OPENSSL_RAND 115 # undef HAVE_OPENSSL_RAND
116 #endif 116 #endif
117 117
118 /* SSL_CTX_clear_options() and SSL_clear_options() were first added in 118 /* SSL_CTX_clear_options() and SSL_clear_options() were first added in
119 * OpenSSL 0.9.8m but do not appear in some 0.9.9-dev versions such the 119 * OpenSSL 0.9.8m but do not appear in some 0.9.9-dev versions such the
120 * 0.9.9 from "May 2008" that NetBSD 5.0 uses. */ 120 * 0.9.9 from "May 2008" that NetBSD 5.0 uses. */
121 #if OPENSSL_VERSION_NUMBER >= 0x009080dfL && OPENSSL_VERSION_NUMBER != 0x0090900 0L 121 #if OPENSSL_VERSION_NUMBER >= 0x009080dfL && OPENSSL_VERSION_NUMBER != 0x0090900 0L
122 # define HAVE_SSL_CTX_CLEAR_OPTIONS 122 # define HAVE_SSL_CTX_CLEAR_OPTIONS
123 #else 123 #else
124 # undef HAVE_SSL_CTX_CLEAR_OPTIONS 124 # undef HAVE_SSL_CTX_CLEAR_OPTIONS
125 #endif
126
127 /* In case of 'tls-unique' it will be 12 bytes for TLS, 36 bytes for
128 * older SSL, but let's be safe */
129 #define PySSL_CB_MAXLEN 128
130
131 /* SSL_get_finished got added to OpenSSL in 0.9.5 */
132 #if OPENSSL_VERSION_NUMBER >= 0x0090500fL
133 # define HAVE_OPENSSL_FINISHED 1
134 #else
135 # define HAVE_OPENSSL_FINISHED 0
136 #endif 125 #endif
137 126
138 typedef struct { 127 typedef struct {
139 PyObject_HEAD 128 PyObject_HEAD
140 SSL_CTX *ctx; 129 SSL_CTX *ctx;
141 } PySSLContext; 130 } PySSLContext;
142 131
143 typedef struct { 132 typedef struct {
144 PyObject_HEAD 133 PyObject_HEAD
145 PyObject *Socket; /* weakref to socket on which we're layered */ 134 PyObject *Socket; /* weakref to socket on which we're layered */
146 SSL *ssl; 135 SSL *ssl;
147 X509 *peer_cert; 136 X509 *peer_cert;
148 int shutdown_seen_zero; 137 int shutdown_seen_zero;
149 enum py_ssl_server_or_client socket_type;
150 } PySSLSocket; 138 } PySSLSocket;
151 139
152 static PyTypeObject PySSLContext_Type; 140 static PyTypeObject PySSLContext_Type;
153 static PyTypeObject PySSLSocket_Type; 141 static PyTypeObject PySSLSocket_Type;
154 142
155 static PyObject *PySSL_SSLwrite(PySSLSocket *self, PyObject *args); 143 static PyObject *PySSL_SSLwrite(PySSLSocket *self, PyObject *args);
156 static PyObject *PySSL_SSLread(PySSLSocket *self, PyObject *args); 144 static PyObject *PySSL_SSLread(PySSLSocket *self, PyObject *args);
157 static int check_socket_and_wait_for_timeout(PySocketSockObject *s, 145 static int check_socket_and_wait_for_timeout(PySocketSockObject *s,
158 int writing); 146 int writing);
159 static PyObject *PySSL_peercert(PySSLSocket *self, PyObject *args); 147 static PyObject *PySSL_peercert(PySSLSocket *self, PyObject *args);
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after
333 BIO_set_nbio(SSL_get_wbio(self->ssl), 1); 321 BIO_set_nbio(SSL_get_wbio(self->ssl), 1);
334 } 322 }
335 323
336 PySSL_BEGIN_ALLOW_THREADS 324 PySSL_BEGIN_ALLOW_THREADS
337 if (socket_type == PY_SSL_CLIENT) 325 if (socket_type == PY_SSL_CLIENT)
338 SSL_set_connect_state(self->ssl); 326 SSL_set_connect_state(self->ssl);
339 else 327 else
340 SSL_set_accept_state(self->ssl); 328 SSL_set_accept_state(self->ssl);
341 PySSL_END_ALLOW_THREADS 329 PySSL_END_ALLOW_THREADS
342 330
343 self->socket_type = socket_type;
344 self->Socket = PyWeakref_NewRef((PyObject *) sock, NULL); 331 self->Socket = PyWeakref_NewRef((PyObject *) sock, NULL);
345 return self; 332 return self;
346 } 333 }
347 334
348 /* SSL object methods */ 335 /* SSL object methods */
349 336
350 static PyObject *PySSL_SSLdo_handshake(PySSLSocket *self) 337 static PyObject *PySSL_SSLdo_handshake(PySSLSocket *self)
351 { 338 {
352 int ret; 339 int ret;
353 int err; 340 int err;
(...skipping 1029 matching lines...) Expand 10 before | Expand all | Expand 10 after
1383 Py_DECREF(sock); 1370 Py_DECREF(sock);
1384 return NULL; 1371 return NULL;
1385 } 1372 }
1386 1373
1387 PyDoc_STRVAR(PySSL_SSLshutdown_doc, 1374 PyDoc_STRVAR(PySSL_SSLshutdown_doc,
1388 "shutdown(s) -> socket\n\ 1375 "shutdown(s) -> socket\n\
1389 \n\ 1376 \n\
1390 Does the SSL shutdown handshake with the remote end, and returns\n\ 1377 Does the SSL shutdown handshake with the remote end, and returns\n\
1391 the underlying socket object."); 1378 the underlying socket object.");
1392 1379
1393 #if HAVE_OPENSSL_FINISHED
1394 static PyObject *
1395 PySSL_tls_unique_cb(PySSLSocket *self)
1396 {
1397 PyObject *retval = NULL;
1398 char buf[PySSL_CB_MAXLEN];
1399 int len;
1400
1401 if (SSL_session_reused(self->ssl) ^ !self->socket_type) {
1402 /* if session is resumed XOR we are the client */
1403 len = SSL_get_finished(self->ssl, buf, PySSL_CB_MAXLEN);
1404 }
1405 else {
1406 /* if a new session XOR we are the server */
1407 len = SSL_get_peer_finished(self->ssl, buf, PySSL_CB_MAXLEN);
1408 }
1409
1410 /* It cannot be negative in current OpenSSL version as of July 2011 */
1411 assert(len >= 0);
1412 if (len == 0)
1413 Py_RETURN_NONE;
1414
1415 retval = PyBytes_FromStringAndSize(buf, len);
1416
1417 return retval;
1418 }
1419
1420 PyDoc_STRVAR(PySSL_tls_unique_cb_doc,
1421 "tls_unique_cb() -> bytes\n\
1422 \n\
1423 Returns the 'tls-unique' channel binding data, as defined by RFC 5929.\n\
1424 \n\
1425 If the TLS handshake is not yet complete, None is returned");
1426
1427 #endif /* HAVE_OPENSSL_FINISHED */
1428 1380
1429 static PyMethodDef PySSLMethods[] = { 1381 static PyMethodDef PySSLMethods[] = {
1430 {"do_handshake", (PyCFunction)PySSL_SSLdo_handshake, METH_NOARGS}, 1382 {"do_handshake", (PyCFunction)PySSL_SSLdo_handshake, METH_NOARGS},
1431 {"write", (PyCFunction)PySSL_SSLwrite, METH_VARARGS, 1383 {"write", (PyCFunction)PySSL_SSLwrite, METH_VARARGS,
1432 PySSL_SSLwrite_doc}, 1384 PySSL_SSLwrite_doc},
1433 {"read", (PyCFunction)PySSL_SSLread, METH_VARARGS, 1385 {"read", (PyCFunction)PySSL_SSLread, METH_VARARGS,
1434 PySSL_SSLread_doc}, 1386 PySSL_SSLread_doc},
1435 {"pending", (PyCFunction)PySSL_SSLpending, METH_NOARGS, 1387 {"pending", (PyCFunction)PySSL_SSLpending, METH_NOARGS,
1436 PySSL_SSLpending_doc}, 1388 PySSL_SSLpending_doc},
1437 {"peer_certificate", (PyCFunction)PySSL_peercert, METH_VARARGS, 1389 {"peer_certificate", (PyCFunction)PySSL_peercert, METH_VARARGS,
1438 PySSL_peercert_doc}, 1390 PySSL_peercert_doc},
1439 {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS}, 1391 {"cipher", (PyCFunction)PySSL_cipher, METH_NOARGS},
1440 {"shutdown", (PyCFunction)PySSL_SSLshutdown, METH_NOARGS, 1392 {"shutdown", (PyCFunction)PySSL_SSLshutdown, METH_NOARGS,
1441 PySSL_SSLshutdown_doc}, 1393 PySSL_SSLshutdown_doc},
1442 #if HAVE_OPENSSL_FINISHED
1443 {"tls_unique_cb", (PyCFunction)PySSL_tls_unique_cb, METH_NOARGS,
1444 PySSL_tls_unique_cb_doc},
1445 #endif
1446 {NULL, NULL} 1394 {NULL, NULL}
1447 }; 1395 };
1448 1396
1449 static PyTypeObject PySSLSocket_Type = { 1397 static PyTypeObject PySSLSocket_Type = {
1450 PyVarObject_HEAD_INIT(NULL, 0) 1398 PyVarObject_HEAD_INIT(NULL, 0)
1451 "_ssl._SSLSocket", /*tp_name*/ 1399 "_ssl._SSLSocket", /*tp_name*/
1452 sizeof(PySSLSocket), /*tp_basicsize*/ 1400 sizeof(PySSLSocket), /*tp_basicsize*/
1453 0, /*tp_itemsize*/ 1401 0, /*tp_itemsize*/
1454 /* methods */ 1402 /* methods */
1455 (destructor)PySSL_dealloc, /*tp_dealloc*/ 1403 (destructor)PySSL_dealloc, /*tp_dealloc*/
(...skipping 689 matching lines...) Expand 10 before | Expand all | Expand 10 after
2145 PyModuleDef_HEAD_INIT, 2093 PyModuleDef_HEAD_INIT,
2146 "_ssl", 2094 "_ssl",
2147 module_doc, 2095 module_doc,
2148 -1, 2096 -1,
2149 PySSL_methods, 2097 PySSL_methods,
2150 NULL, 2098 NULL,
2151 NULL, 2099 NULL,
2152 NULL, 2100 NULL,
2153 NULL 2101 NULL
2154 }; 2102 };
2155
2156
2157 static void
2158 parse_openssl_version(unsigned long libver,
2159 unsigned int *major, unsigned int *minor,
2160 unsigned int *fix, unsigned int *patch,
2161 unsigned int *status)
2162 {
2163 *status = libver & 0xF;
2164 libver >>= 4;
2165 *patch = libver & 0xFF;
2166 libver >>= 8;
2167 *fix = libver & 0xFF;
2168 libver >>= 8;
2169 *minor = libver & 0xFF;
2170 libver >>= 8;
2171 *major = libver & 0xFF;
2172 }
2173 2103
2174 PyMODINIT_FUNC 2104 PyMODINIT_FUNC
2175 PyInit__ssl(void) 2105 PyInit__ssl(void)
2176 { 2106 {
2177 PyObject *m, *d, *r; 2107 PyObject *m, *d, *r;
2178 unsigned long libver; 2108 unsigned long libver;
2179 unsigned int major, minor, fix, patch, status; 2109 unsigned int major, minor, fix, patch, status;
2180 PySocketModule_APIObject *socket_api; 2110 PySocketModule_APIObject *socket_api;
2181 2111
2182 if (PyType_Ready(&PySSLContext_Type) < 0) 2112 if (PyType_Ready(&PySSLContext_Type) < 0)
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after
2265 PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3); 2195 PyModule_AddIntConstant(m, "OP_NO_SSLv3", SSL_OP_NO_SSLv3);
2266 PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1); 2196 PyModule_AddIntConstant(m, "OP_NO_TLSv1", SSL_OP_NO_TLSv1);
2267 2197
2268 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME 2198 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2269 r = Py_True; 2199 r = Py_True;
2270 #else 2200 #else
2271 r = Py_False; 2201 r = Py_False;
2272 #endif 2202 #endif
2273 Py_INCREF(r); 2203 Py_INCREF(r);
2274 PyModule_AddObject(m, "HAS_SNI", r); 2204 PyModule_AddObject(m, "HAS_SNI", r);
2275
2276 #if HAVE_OPENSSL_FINISHED
2277 r = Py_True;
2278 #else
2279 r = Py_False;
2280 #endif
2281 Py_INCREF(r);
2282 PyModule_AddObject(m, "HAS_TLS_UNIQUE", r);
2283 2205
2284 /* OpenSSL version */ 2206 /* OpenSSL version */
2285 /* SSLeay() gives us the version of the library linked against, 2207 /* SSLeay() gives us the version of the library linked against,
2286 which could be different from the headers version. 2208 which could be different from the headers version.
2287 */ 2209 */
2288 libver = SSLeay(); 2210 libver = SSLeay();
2289 r = PyLong_FromUnsignedLong(libver); 2211 r = PyLong_FromUnsignedLong(libver);
2290 if (r == NULL) 2212 if (r == NULL)
2291 return NULL; 2213 return NULL;
2292 if (PyModule_AddObject(m, "OPENSSL_VERSION_NUMBER", r)) 2214 if (PyModule_AddObject(m, "OPENSSL_VERSION_NUMBER", r))
2293 return NULL; 2215 return NULL;
2294 parse_openssl_version(libver, &major, &minor, &fix, &patch, &status); 2216 status = libver & 0xF;
2217 libver >>= 4;
2218 patch = libver & 0xFF;
2219 libver >>= 8;
2220 fix = libver & 0xFF;
2221 libver >>= 8;
2222 minor = libver & 0xFF;
2223 libver >>= 8;
2224 major = libver & 0xFF;
2295 r = Py_BuildValue("IIIII", major, minor, fix, patch, status); 2225 r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
2296 if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r)) 2226 if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION_INFO", r))
2297 return NULL; 2227 return NULL;
2298 r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION)); 2228 r = PyUnicode_FromString(SSLeay_version(SSLEAY_VERSION));
2299 if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r)) 2229 if (r == NULL || PyModule_AddObject(m, "OPENSSL_VERSION", r))
2300 return NULL;
2301
2302 libver = OPENSSL_VERSION_NUMBER;
2303 parse_openssl_version(libver, &major, &minor, &fix, &patch, &status);
2304 r = Py_BuildValue("IIIII", major, minor, fix, patch, status);
2305 if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
2306 return NULL; 2230 return NULL;
2307 2231
2308 return m; 2232 return m;
2309 } 2233 }
OLDNEW
« no previous file with comments | « Modules/signalmodule.c ('k') | Modules/timemodule.c » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+