diff options
| author | Rob Austein <sra@hactrn.net> | 2012-09-04 21:59:21 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2012-09-04 21:59:21 +0000 |
| commit | bfcb8d6f65c49ee6cda2889a0d579fc5f9092e52 (patch) | |
| tree | 264cbb29444fbf6c7a06c7d12f2518370d0d2b05 | |
| parent | 4afd0257dbc5ce692227854a7897d9368f0b0553 (diff) | |
As part of dragging POW.c into the 21st century, get rid of huge
swacks of code which either haven't been used in RPKI for years or
have never been used in RPKI at all, and which, in either case, I'd
rather not have to maintain: SSL/TLS, MD2, RIPEMD160, HMAC. There's
almost certainly more to prune, but this was the lowest-hanging fruit.
svn path=/branches/tk274/; revision=4696
| -rw-r--r-- | rpkid/ext/POW.c | 2197 | ||||
| -rw-r--r-- | rpkid/rpki/POW/__init__.py | 1 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 2 |
3 files changed, 18 insertions, 2182 deletions
diff --git a/rpkid/ext/POW.c b/rpkid/ext/POW.c index b9f78f04..0567d0d6 100644 --- a/rpkid/ext/POW.c +++ b/rpkid/ext/POW.c @@ -43,19 +43,14 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/pem.h> -#include <openssl/ssl.h> #include <openssl/evp.h> #include <openssl/err.h> #include <openssl/md5.h> -#ifndef OPENSSL_NO_MD2 -#include <openssl/md2.h> -#endif #include <openssl/sha.h> -#include <openssl/hmac.h> -#include <openssl/ripemd.h> #include <openssl/cms.h> #include <time.h> +#include <string.h> // Symmetric ciphers #define DES_ECB 1 @@ -95,22 +90,6 @@ #define RC5_32_12_16_ECB 35 #define RC5_32_12_16_OFB 36 -// SSL connection methods -#define SSLV2_SERVER_METHOD 1 -#define SSLV2_CLIENT_METHOD 2 -#define SSLV2_METHOD 3 -#define SSLV3_SERVER_METHOD 4 -#define SSLV3_CLIENT_METHOD 5 -#define SSLV3_METHOD 6 -#define TLSV1_SERVER_METHOD 7 -#define TLSV1_CLIENT_METHOD 8 -#define TLSV1_METHOD 9 -#define SSLV23_SERVER_METHOD 10 -#define SSLV23_CLIENT_METHOD 11 -#define SSLV23_METHOD 12 - -// SSL connection states - // PEM encoded data types #define RSA_PUBLIC_KEY 1 #define RSA_PRIVATE_KEY 2 @@ -126,17 +105,11 @@ #define RSA_CIPHER 1 #define DSA_CIPHER 2 #define DH_CIPHER 3 -//#define NO_DSA -//#define NO_DH // Digests -#ifndef OPENSSL_NO_MD2 -#define MD2_DIGEST 1 -#endif #define MD5_DIGEST 2 #define SHA_DIGEST 3 #define SHA1_DIGEST 4 -#define RIPEMD160_DIGEST 5 #define SHA256_DIGEST 6 #define SHA384_DIGEST 7 #define SHA512_DIGEST 8 @@ -156,15 +129,9 @@ #define X_X509_crl_Check(op) ((op)->ob_type == &x509_crltype) #define X_X509_revoked_Check(op) ((op)->ob_type == &x509_revokedtype) #define X_asymmetric_Check(op) ((op)->ob_type == &asymmetrictype) -#define X_symmetric_Check(op) ((op)->ob_type == &symmetrictype) #define X_digest_Check(op) ((op)->ob_type == &digesttype) -#define X_hmac_Check(op) ((op)->ob_type == &hmactype) -#define X_ssl_Check(op) ((op)->ob_type == &ssltype) #define X_cms_Check(op) ((op)->ob_type == &cmstype) -// Symbolic representation of "no SSL shutdown mode requested" -#define SSL_NO_SHUTDOWN 0 - static char pow_module__doc__ [] = "<moduleDescription>\n" " <header>\n" @@ -213,15 +180,12 @@ static char pow_module__doc__ [] = /*========== Pre-definitions ==========*/ static PyObject *ErrorObject, - *SSLErrorObject, - *ZeroReturnErrorObject, - *WantReadErrorObject, - *WantWriteErrorObject, - *SSLSyscallErrorObject, - *SSLErrorSSLErrorObject, - *SSLSyscallSSLErrorObject, - *SSLUnexpectedEOFErrorObject, - *SSLOtherErrorObject; + *POWErrorObject, + *POWSyscallErrorObject, + *POWErrorSSLErrorObject, + *POWSyscallSSLErrorObject, + *POWUnexpectedEOFErrorObject, + *POWOtherErrorObject; static PyTypeObject x509type, @@ -229,10 +193,7 @@ static PyTypeObject x509_crltype, x509_revokedtype, asymmetrictype, - symmetrictype, digesttype, - hmactype, - ssltype, cmstype; /*========== Pre-definitions ==========*/ @@ -266,32 +227,12 @@ typedef struct { typedef struct { PyObject_HEAD - EVP_CIPHER_CTX cipher_ctx; - int cipher_type; -} symmetric_object; - -typedef struct { - PyObject_HEAD EVP_MD_CTX digest_ctx; int digest_type; } digest_object; typedef struct { PyObject_HEAD - HMAC_CTX hmac_ctx; -} hmac_object; - -typedef struct { - PyObject_HEAD - int ctxset; - SSL *ssl; - SSL_CTX *ctx; - STACK_OF(X509) *trusted_certs; - char *x509_cb_err; -} ssl_object; - -typedef struct { - PyObject_HEAD CMS_ContentInfo *cms; } cms_object; @@ -497,72 +438,6 @@ set_openssl_exception(PyObject *error_class, const char *msg) Py_XDECREF(errors); } -static void -set_openssl_ssl_exception(const ssl_object *self, const int ret) -{ - int err = SSL_get_error(self->ssl, ret); - const char *s = NULL; - - switch(err) { - - /* - * These three get their own exceptions. - */ - - case SSL_ERROR_ZERO_RETURN: - PyErr_SetNone(ZeroReturnErrorObject); - break; - case SSL_ERROR_WANT_READ: - PyErr_SetNone(WantReadErrorObject); - break; - case SSL_ERROR_WANT_WRITE: - PyErr_SetNone(WantWriteErrorObject); - break; - - case SSL_ERROR_SYSCALL: - /* - * Horrible jumbled mess of I/O related errors. I'd ask what they - * were thinking, except that it's pretty clear that they weren't. - */ - if (ERR_peek_error()) - set_openssl_exception(SSLSyscallSSLErrorObject, NULL); - else if (ret) - PyErr_SetFromErrno(SSLSyscallErrorObject); - else - PyErr_SetNone(SSLUnexpectedEOFErrorObject); - break; - - case SSL_ERROR_SSL: - /* - * Generic OpenSSL error during an SSL call. I think. - */ - set_openssl_exception(SSLErrorSSLErrorObject, self->x509_cb_err); - break; - - /* - * All other SSL errors are returned as a (number, string) tuple. - */ - - case SSL_ERROR_NONE: - s = "SSL_ERROR_NONE"; - break; - case SSL_ERROR_WANT_X509_LOOKUP: - s = "SSL_ERROR_WANT_X509_LOOKUP"; - break; - case SSL_ERROR_WANT_CONNECT: - s = "SSL_ERROR_WANT_CONNECT"; - break; - case SSL_ERROR_WANT_ACCEPT: - s = "SSL_ERROR_WANT_ACCEPT"; - break; - default: - s = "UNKNOWN_SSL_ERROR"; - } - - if (s) - PyErr_SetObject(SSLOtherErrorObject, Py_BuildValue("(is)", err, s)); -} - static PyObject * X509_object_helper_set_name(X509_NAME *name, PyObject *dn_obj) { @@ -833,7 +708,7 @@ BIO_to_PyString_helper(BIO *bio) return NULL; } -/*========== helper funcitons ==========*/ +/*========== helper functions ==========*/ /*========== X509 code ==========*/ static x509_object * @@ -1045,13 +920,9 @@ static char X509_object_sign__doc__[] = " signed, it should be one of the following:\n" " </para>\n" " <simplelist>\n" -#ifndef OPENSSL_NO_MD2 -" <member><constant>MD2_DIGEST</constant></member>\n" -#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" -" <member><constant>RIPEMD160_DIGEST</constant></member>\n" " <member><constant>SHA256_DIGEST</constant></member>\n" " <member><constant>SHA384_DIGEST</constant></member>\n" " <member><constant>SHA512_DIGEST</constant></member>\n" @@ -1086,13 +957,6 @@ X509_object_sign(x509_object *self, PyObject *args) lose("could not sign certificate"); break; -#ifndef OPENSSL_NO_MD2 - case MD2_DIGEST: - if (!X509_sign(self->x509, pkey, EVP_md2())) - lose("could not sign certificate"); - break; -#endif - case SHA_DIGEST: if (!X509_sign(self->x509, pkey, EVP_sha())) lose("could not sign certificate"); @@ -1103,11 +967,6 @@ X509_object_sign(x509_object *self, PyObject *args) lose("could not sign certificate"); break; - case RIPEMD160_DIGEST: - if (!X509_sign(self->x509, pkey, EVP_ripemd160())) - lose("could not sign certificate"); - break; - case SHA256_DIGEST: if (!X509_sign(self->x509, pkey, EVP_sha256())) lose("could not sign certificate"); @@ -3083,13 +2942,9 @@ static char x509_crl_object_sign__doc__[] = " signed, it should be one of the following:\n" " </para>\n" " <simplelist>\n" -#ifndef OPENSSL_NO_MD2 -" <member><constant>MD2_DIGEST</constant></member>\n" -#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" -" <member><constant>RIPEMD160_DIGEST</constant></member>\n" " <member><constant>SHA256_DIGEST</constant></member>\n" " <member><constant>SHA384_DIGEST</constant></member>\n" " <member><constant>SHA512_DIGEST</constant></member>\n" @@ -3123,13 +2978,6 @@ x509_crl_object_sign(x509_crl_object *self, PyObject *args) lose("could not sign CRL"); break; -#ifndef OPENSSL_NO_MD2 - case MD2_DIGEST: - if (!X509_CRL_sign(self->crl, pkey, EVP_md2())) - lose("could not sign CRL"); - break; -#endif - case SHA_DIGEST: if (!X509_CRL_sign(self->crl, pkey, EVP_sha())) lose("could not sign CRL"); @@ -3140,11 +2988,6 @@ x509_crl_object_sign(x509_crl_object *self, PyObject *args) lose("could not sign CRL"); break; - case RIPEMD160_DIGEST: - if (!X509_CRL_sign(self->crl, pkey, EVP_ripemd160())) - lose("could not sign CRL"); - break; - case SHA256_DIGEST: if (!X509_CRL_sign(self->crl, pkey, EVP_sha256())) lose("could not sign CRL"); @@ -3813,1104 +3656,6 @@ static PyTypeObject x509_revokedtype = { }; /*========== x509 revoked Code ==========*/ -/*========== ssl Code ==========*/ -static char ssl_object_use_certificate__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>useCertificate</name>\n" -" <parameter>cert</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" The parameter <parameter>cert</parameter> must be an\n" -" instance of the <classname>X590</classname> class and must be\n" -" called before <function>setFd</function>.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_use_certificate(ssl_object *self, PyObject *args) -{ - x509_object *x509 = NULL; - - if (!PyArg_ParseTuple(args, "O!", &x509type, &x509)) - goto error; - - if (self->ctxset) - lose("cannot be called after setFd()"); - - if (!SSL_CTX_use_certificate(self->ctx, x509->x509)) - lose("could not use certificate"); - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static PyObject * -ssl_object_add_certificate(ssl_object *self, PyObject *args) -{ - x509_object *x509 = NULL; - X509 *x = NULL; - - if (!PyArg_ParseTuple(args, "O!", &x509type, &x509)) - goto error; - - if (self->ctxset) - lose("cannot be called after setFd()"); - - if ((x = X509_dup(x509->x509)) == NULL) - lose("could not duplicate X509 object"); - - if (!SSL_CTX_add_extra_chain_cert(self->ctx, x)) - lose_openssl_error("Could not add certificate"); - - x = NULL; - - Py_RETURN_NONE; - - error: - X509_free(x); - return NULL; -} - -static PyObject * -ssl_object_add_trust(ssl_object *self, PyObject *args) -{ - x509_object *x509 = NULL; - X509 *x = NULL; - - if (!PyArg_ParseTuple(args, "O!", &x509type, &x509)) - goto error; - - if (self->ctxset) - lose("Cannot be called after setFd()"); - - if (self->trusted_certs == NULL && - (self->trusted_certs = sk_X509_new_null()) == NULL) - lose("Couldn't allocate trusted certificate stack"); - - if ((x = X509_dup(x509->x509)) == NULL) - lose("Couldn't duplicate X509 object"); - - if (!sk_X509_push(self->trusted_certs, x)) - lose("Couldn't push cert onto trusted certificate stack"); - - x = NULL; - - Py_RETURN_NONE; - - error: - X509_free(x); - return NULL; -} - -static char ssl_object_use_key__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>useKey</name>\n" -" <parameter>key</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" The parameter <parameter>key</parameter> must be an\n" -" instance of the <classname>Asymmetric</classname> class and\n" -" must contain the private key. This function cannot be called\n" -" after <function>useKey</function>.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_use_key(ssl_object *self, PyObject *args) -{ - asymmetric_object *asym = NULL; - EVP_PKEY *pkey = NULL; - - if (!PyArg_ParseTuple(args, "O!", &asymmetrictype, &asym)) - goto error; - - if (self->ctxset) - lose("cannot be called after setFd()"); - - if ((pkey = EVP_PKEY_new()) == NULL) - lose("could not allocate memory"); - - if (asym->key_type != RSA_PRIVATE_KEY) - lose("cannot use this type of key"); - - if (!EVP_PKEY_set1_RSA(pkey, asym->cipher)) - lose("EVP_PKEY assignment error"); - - if (!SSL_CTX_use_PrivateKey(self->ctx, pkey)) - lose("ctx key assignment error"); - - Py_RETURN_NONE; - - error: - EVP_PKEY_free(pkey); - return NULL; -} - -static char ssl_object_check_key__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>checkKey</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This simple method will return 1 if the public key, contained in\n" -" the X509 certificate this <classname>Ssl</classname> instance is using,\n" -" matches the private key this <classname>Ssl</classname> instance is using.\n" -" Otherwise it will return 0.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_check_key(ssl_object *self, PyObject *args) -{ - return PyBool_FromLong(SSL_CTX_check_private_key(self->ctx)); -} - -static char ssl_object_set_fd__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>setFd</name>\n" -" <parameter>descriptor</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function is used to associate a file descriptor with a\n" -" <classname>Ssl</classname> object. The file descriptor should\n" -" belong to an open TCP connection. Once this function has\n" -" been called, calling <function>useKey</function> or\n" -" <function>useCertificate</function> will, fail rasing exceptions.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_set_fd(ssl_object *self, PyObject *args) -{ - int fd = 0, self_index = 0; - - if (!PyArg_ParseTuple(args, "i", &fd)) - goto error; - - if ((self->ssl = SSL_new(self->ctx)) == NULL) - lose("Unable to create ssl structure"); - - SSL_set_mode(self->ssl, (SSL_MODE_ENABLE_PARTIAL_WRITE | - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)); - - if (!SSL_set_fd(self->ssl, fd)) - lose("Unable to set file descriptor"); - - if ((self_index = SSL_get_ex_new_index(0, "self_index", NULL, NULL, NULL)) != -1) - SSL_set_ex_data(self->ssl, self_index, self); - else - lose("Unable to create ex data index"); - - self->ctxset = 1; - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static char ssl_object_fileno__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>fileno</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function is used to extract the file descriptor associated\n" -" with a <classname>Ssl</classname> object.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_fileno(ssl_object *self, PyObject *args) -{ - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - return Py_BuildValue("i", SSL_get_fd(self->ssl)); - - error: - - return NULL; -} - -static char ssl_object_accept__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>accept</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function will attempt the SSL level accept with a\n" -" client. The <classname>Ssl</classname> object must have been\n" -" created using a <constant>XXXXX_SERVER_METHOD</constant> or\n" -" a <constant>XXXXX_METHOD</constant> and this function should only be\n" -" called after <function>useKey</function>,\n" -" <function>useCertificate</function> and\n" -" <function>setFd</function> functions have been called.\n" -" </para>\n" -"\n" -" <example>\n" -" <title><function>accept</function> function usage</title>\n" -" <programlisting>\n" -" keyFile = open('test/private.key', 'r')\n" -" certFile = open('test/cacert.pem', 'r')\n" -"\n" -" rsa = POW.pemRead(POW.RSA_PRIVATE_KEY, keyFile.read(), 'pass')\n" -" x509 = POW.pemRead(POW.X509_CERTIFICATE, certFile.read())\n" -"\n" -" keyFile.close()\n" -" certFile.close()\n" -"\n" -" sl = POW.Ssl(POW.SSLV23_SERVER_METHOD)\n" -" sl.useCertificate(x509)\n" -" sl.useKey(rsa)\n" -"\n" -" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n" -" s.bind(('localhost', 1111))\n" -" s.listen(5)\n" -" s2, addr = s.accept()\n" -"\n" -" s.close()\n" -"\n" -" sl.setFd(s2.fileno())\n" -" sl.accept()\n" -" print sl.read(1024)\n" -" sl.write('Message from server to client...')\n" -"\n" -" s2.close()\n" -" </programlisting>\n" -" </example>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_accept(ssl_object *self, PyObject *args) -{ - int ret = 0; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - Py_BEGIN_ALLOW_THREADS; - ret = SSL_accept(self->ssl); - Py_END_ALLOW_THREADS; - - if (ret <= 0) - lose_ssl_error(self, ret); - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static char ssl_object_connect__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>connect</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function will attempt the SSL level connection with a\n" -" server. The <classname>Ssl</classname> object must have been\n" -" created using a <constant>XXXXX_CLIENT_METHOD</constant> or\n" -" a <constant>XXXXX_METHOD</constant> and this function should only be\n" -" called after <function>setFd</function> has already been\n" -" called.\n" -" </para>\n" -"\n" -" <example>\n" -" <title><function>connect</function> function usage</title>\n" -" <programlisting>\n" -" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n" -" s.connect(('localhost', 1111))\n" -"\n" -" sl = POW.Ssl(POW.SSLV23_CLIENT_METHOD)\n" -" sl.setFd(s.fileno())\n" -" sl.connect()\n" -" sl.write('Message from client to server...')\n" -" print sl.read(1024)\n" -" </programlisting>\n" -" </example>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_connect(ssl_object *self, PyObject *args) -{ - int ret; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - Py_BEGIN_ALLOW_THREADS; - ret = SSL_connect(self->ssl); - Py_END_ALLOW_THREADS; - - if (ret <= 0) - lose_ssl_error(self, ret); - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static char ssl_object_write__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>write</name>\n" -" <parameter>string</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method writes the <parameter>string</parameter> to the\n" -" <classname>Ssl</classname> object, to be read by it's peer. This\n" -" function is analogous to the <classname>socket</classname>\n" -" classes <function>write</function> function.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_write(ssl_object *self, PyObject *args) -{ - char *msg; - int length = 0, ret = 0; - - if (!PyArg_ParseTuple(args, "s#", &msg, &length)) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - Py_BEGIN_ALLOW_THREADS; - ret = SSL_write(self->ssl, msg, length); - Py_END_ALLOW_THREADS; - - if (ret <= 0) - lose_ssl_error(self, ret); - - return Py_BuildValue("i", ret); - - error: - - return NULL; -} - -static char ssl_object_read__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>read</name>\n" -" <parameter>amount = 1024</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method reads up to <parameter>amount</parameter> characters from the\n" -" <classname>Ssl</classname> object. This\n" -" function is analogous to the <classname>socket</classname>\n" -" classes <function>read</function> function.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_read(ssl_object *self, PyObject *args) -{ - PyObject *data; - char *msg = NULL; - int len = 1024, ret = 0; - - if (!PyArg_ParseTuple(args, "|i", &len)) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - if ((msg = malloc(len)) == NULL) - lose("unable to allocate memory"); - - Py_BEGIN_ALLOW_THREADS; - ret = SSL_read(self->ssl, msg, len); - Py_END_ALLOW_THREADS; - - if (ret <= 0) - lose_ssl_error(self, ret); - - data = Py_BuildValue("s#", msg, ret); - - free(msg); - return data; - - error: - - if (msg) - free(msg); - - return NULL; -} - -static char ssl_object_peer_certificate__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>peerCertificate</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method returns any peer certificate presented in the initial\n" -" SSL negotiation or <constant>None</constant>. If a certificate is\n" -" returned, it will be an instance of <classname>X509</classname>.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_peer_certificate(ssl_object *self, PyObject *args) -{ - X509 *x509 = NULL; - x509_object *x509_obj = NULL; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - if ((x509_obj = X509_object_new()) == NULL) - lose("could not create x509 object"); - - x509 = SSL_get_peer_certificate(self->ssl); - - if (x509) { - X509_free(x509_obj->x509); - x509_obj->x509 = x509; - return (PyObject *) x509_obj; - } - else { - Py_XDECREF(x509_obj); - Py_RETURN_NONE; - } - - error: - X509_free(x509); - Py_XDECREF(x509_obj); - return NULL; -} - -static char ssl_object_clear__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>clear</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method will clear the SSL session ready for\n" -" a new SSL connection. It will not effect the underlying socket.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_clear(ssl_object *self, PyObject *args) -{ - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - if (!SSL_clear(self->ssl)) - lose("failed to clear ssl connection"); - - if (self->x509_cb_err) { - free(self->x509_cb_err); - self->x509_cb_err = NULL; - } - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static char ssl_object_shutdown__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>shutdown</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method will issue a <constant>shutdown</constant> signal to it's peer.\n" -" If this connection's peer has already initiated a shutdown this call\n" -" will succeed, otherwise it will raise and exception. In order to\n" -" check the shutdown handshake was successful,\n" -" <function>shutdown</function> must be called again. If no\n" -" exception is raised, the handshake is complete.\n" -" </para>\n" -" <para>\n" -" The odd\n" -" implementation of this function reflects the underlying OpenSSL\n" -" function, which reflects the SSL protocol. Although rasing an\n" -" exception is a bit annoying, the alternative, returning true all\n" -" false will not tell you why the call failed and the exception\n" -" will, at least that is the theory. Look up the exact meaning\n" -" of the exceptions in the OpenSSL man page SSL_get_error.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_shutdown(ssl_object *self, PyObject *args) -{ - int ret = 0; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - ret = SSL_shutdown(self->ssl); - - /* - * The original POW behavior here seems nuts to me. SSL_shutdown() - * returns a tristate: - * - * 1: fully closed - * 0: close notification sent, waiting for peer - * -1: error, WANT_READ, or WANT_WRITE - * - * Doc claims the protocol allows us to bail on 0 return if we don't - * want to wait. So the "obvious" thing to do here is return boolean - * for 1 or 0 and raise an exception for -1. Original author's explanation - * for why he didn't do that makes no sense to me, so I've changed it. - */ - - if (ret < 0) - lose_ssl_error(self, ret); - - return PyBool_FromLong(ret); - - error: - - return NULL; -} - -static char ssl_object_get_shutdown__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>getShutdown</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function returns an integer indicating the state of the\n" -" SSL connection. <constant>SSL_RECEIVED_SHUTDOWN</constant>\n" -" will be set the if it's peer sends a <constant>shutdown</constant>\n" -" signal or the underlying socket\n" -" receives a close notify . The possible values are:\n" -" </para>\n" -" <simplelist>\n" -" <member><constant>SSL_NO_SHUTDOWN</constant></member>\n" -" <member><constant>SSL_SENT_SHUTDOWN</constant></member>\n" -" <member><constant>SSL_RECEIVED_SHUTDOWN</constant></member>\n" -" <member><constant>SSL_SENT_SHUTDOWN</constant> | <constant>SSL_RECEIVED_SHUTDOWN</constant></member>\n" -" </simplelist>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_get_shutdown(ssl_object *self, PyObject *args) -{ - int state = 0; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - state = SSL_get_shutdown(self->ssl); - - return Py_BuildValue("i", state); - - error: - - return NULL; -} - -static char ssl_object_get_ciphers__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>getCiphers</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function returns a list of available ciphers ordered from\n" -" most favored to least. This function must be called after\n" -" <function>setFd</function>.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_get_ciphers(ssl_object *self, PyObject *args) -{ - int i = 0; - const char *cipher = NULL; - PyObject *list = NULL, *name = NULL; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - list = PyList_New(0); - - cipher = SSL_get_cipher_list(self->ssl, 0); - while (cipher) { - if ((name = PyString_FromString(cipher)) == NULL) - goto error; - if (PyList_Append(list, name) != 0) - goto error; - Py_XDECREF(name); - name = NULL; - cipher = SSL_get_cipher_list(self->ssl, ++i); - } - return list; - - error: - - Py_XDECREF(name); - Py_XDECREF(list); - return NULL; -} - -static char ssl_object_set_ciphers__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>setCiphers</name>\n" -" <parameter>ciphers</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" <function>setCiphers</function>\n" -" can help protect against certain types of attacks which try to\n" -" coerce the server, client or both to negotiate a weak cipher.\n" -" <parameter>ciphers</parameter> should be a list of strings, as\n" -" produced by <function>getCiphers</function> and described in the\n" -" OpenSSL man page ciphers. <function>setCiphers</function> should\n" -" only be called after <function>setFd</function>.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_set_ciphers(ssl_object *self, PyObject *args) -{ - PyObject *ciphers = NULL; - PyObject *cipher = NULL; - int size = 0, cipherstrlen = 0, nextstrlen = 0, i = 0; - char *cipherstr = NULL; - - if (!PyArg_ParseTuple(args, "O", &ciphers)) - goto error; - - if (!PyList_Check(ciphers) && !PyTuple_Check(ciphers)) - lose_type_error("inapropriate type"); - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - cipherstr = malloc(8); // Very bogus, realloc() dosn't work without some - // previously allocated memory! Really should. - memset(cipherstr, 0, 8); - size = PySequence_Size(ciphers); - for (i = 0; i < size; i++) { - if ((cipher = PySequence_GetItem(ciphers, i)) == NULL) - goto error; - - if (!PyString_Check(cipher)) - lose_type_error("inapropriate type"); - - cipherstrlen = strlen(cipherstr); - nextstrlen = strlen(PyString_AsString(cipher)); - - if ((cipherstr = realloc(cipherstr, cipherstrlen + nextstrlen + 2)) == NULL) - lose_type_error("could allocate memory"); - - if (cipherstrlen) - strcat(cipherstr, ":\0"); - - strcat(cipherstr, PyString_AsString(cipher)); - Py_XDECREF(cipher); - cipher = NULL; - } - SSL_set_cipher_list(self->ssl, cipherstr); - free(cipherstr); - Py_RETURN_NONE; - - error: - - if (cipherstr) - free(cipherstr); - - Py_XDECREF(cipher); - - return NULL; -} - -static char ssl_object_get_cipher__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>getCipher</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function returns the current cipher in use.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_get_cipher(ssl_object *self, PyObject *args) -{ - if (!PyArg_ParseTuple(args, "")) - goto error; - - if (!self->ctxset) - lose("cannot be called before setFd()"); - - return Py_BuildValue("s", SSL_get_cipher(self->ssl)); - - error: - - return NULL; -} - -static int ssl_object_verify_callback(X509_STORE_CTX *ctx, void *arg) -{ - ssl_object *self = arg; - int ok; - - if (self->trusted_certs) - X509_STORE_CTX_trusted_stack(ctx, self->trusted_certs); - - if (self->x509_cb_err) { - free(self->x509_cb_err); - self->x509_cb_err = NULL; - } - - ok = X509_verify_cert(ctx) == 1; - - if (!ok) { - - /* - * We probably should be pushing out structured Python data here - * rather than a string, but we're pretty deep in the OpenSSL call - * chain at this point and I'd rather not risk whacky interactions - * with the Python garbage collector. Try this kludge initially, - * rewrite as something better later if it looks worth the effort. - */ - - BIO *b = BIO_new(BIO_s_mem()); - char *buf = NULL; - int len; - - if (!b) - goto fail; - - BIO_puts(b, "TLS validation failure:\n\n"); - - if (self->trusted_certs) { - int i; - BIO_puts(b, "Trusted cert stack\n"); - for (i = 0; i < sk_X509_num(self->trusted_certs); i++) { - X509 *x = sk_X509_value(self->trusted_certs, i); - BIO_printf(b, "[%d] ", i); - if (x) - X509_print(b, x); - else - BIO_puts(b, "<NULL>!\n"); - } - } else { - BIO_puts(b, "No trusted cert stack\n"); - } - - BIO_printf(b, - "\nX509_verify_cert() error: error depth %d error %d current_cert %p current_issuer %p current_crl %p: %s\n", - ctx->error_depth, - ctx->error, - ctx->current_cert, - ctx->current_issuer, - ctx->current_crl, - X509_verify_cert_error_string(ctx->error)); - if (ctx->current_cert) - X509_print(b, ctx->current_cert); - - /* This seems to be returning garbage, don't know why */ - if (ctx->current_issuer) - X509_print(b, ctx->current_issuer); - - if ((len = BIO_ctrl_pending(b)) == 0 || (buf = malloc(len + 1)) == NULL) - goto fail; - - if (BIO_read(b, buf, len) == len) { - buf[len] = '\0'; - self->x509_cb_err = buf; - } else { - free(buf); - } - - fail: - BIO_free(b); - } - - return ok; -} - -static char ssl_object_set_verify_mode__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <name>setVerifyMode</name>\n" -" <parameter>mode</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This function sets the behavior of the SSL handshake. The\n" -" parameter <parameter>mode</parameter> should be one of the\n" -" following:\n" -" </para>\n" -" <simplelist>\n" -" <member><constant>SSL_VERIFY_NONE</constant></member>\n" -" <member><constant>SSL_VERIFY_PEER</constant></member>\n" -" <member><constant>SSL_VERIFY_PEER</constant> |\n" -" <constant>SSL_VERIFY_FAIL_IF_NO_PEER_CERT</constant></member>\n" -" </simplelist>\n" -" <para>\n" -" See the OpenSSL man page <function>SSL_CTX_set_verify</function>\n" -" for details. This function must be called after <function>setfd</function>\n" -" has been called.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -ssl_object_set_verify_mode(ssl_object *self, PyObject *args) -{ - int mode = 0; - - if (!PyArg_ParseTuple(args, "i", &mode)) - goto error; - - if (self->ctxset) - lose("cannot be called after setfd()"); - - SSL_CTX_set_verify(self->ctx, mode, NULL); - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static struct PyMethodDef ssl_object_methods[] = { - {"useCertificate", (PyCFunction)ssl_object_use_certificate, METH_VARARGS, NULL}, - {"addCertificate", (PyCFunction)ssl_object_add_certificate, METH_VARARGS, NULL}, - {"addTrust", (PyCFunction)ssl_object_add_trust, METH_VARARGS, NULL}, - {"useKey", (PyCFunction)ssl_object_use_key, METH_VARARGS, NULL}, - {"checkKey", (PyCFunction)ssl_object_check_key, METH_VARARGS, NULL}, - {"setFd", (PyCFunction)ssl_object_set_fd, METH_VARARGS, NULL}, - {"fileno", (PyCFunction)ssl_object_fileno, METH_VARARGS, NULL}, - {"connect", (PyCFunction)ssl_object_connect, METH_VARARGS, NULL}, - {"accept", (PyCFunction)ssl_object_accept, METH_VARARGS, NULL}, - {"write", (PyCFunction)ssl_object_write, METH_VARARGS, NULL}, - {"read", (PyCFunction)ssl_object_read, METH_VARARGS, NULL}, - {"peerCertificate", (PyCFunction)ssl_object_peer_certificate, METH_VARARGS, NULL}, - {"clear", (PyCFunction)ssl_object_clear, METH_VARARGS, NULL}, - {"shutdown", (PyCFunction)ssl_object_shutdown, METH_VARARGS, NULL}, - {"getShutdown", (PyCFunction)ssl_object_get_shutdown, METH_VARARGS, NULL}, - {"getCiphers", (PyCFunction)ssl_object_get_ciphers, METH_VARARGS, NULL}, - {"setCiphers", (PyCFunction)ssl_object_set_ciphers, METH_VARARGS, NULL}, - {"getCipher", (PyCFunction)ssl_object_get_cipher, METH_VARARGS, NULL}, - {"setVerifyMode", (PyCFunction)ssl_object_set_verify_mode, METH_VARARGS, NULL}, - - {NULL} /* sentinel */ -}; - -static ssl_object * -newssl_object(int type) -{ - ssl_object *self; - const SSL_METHOD *method; - - - if ((self = PyObject_NEW(ssl_object, &ssltype)) == NULL) - goto error; - - self->ctxset = 0; - self->ssl = NULL; - self->trusted_certs = NULL; - self->x509_cb_err = NULL; - - switch (type) { - case SSLV2_SERVER_METHOD: method = SSLv2_server_method(); break; - case SSLV2_CLIENT_METHOD: method = SSLv2_client_method(); break; - case SSLV2_METHOD: method = SSLv2_method(); break; - case SSLV3_SERVER_METHOD: method = SSLv3_server_method(); break; - case SSLV3_CLIENT_METHOD: method = SSLv3_client_method(); break; - case SSLV3_METHOD: method = SSLv3_method(); break; - case TLSV1_SERVER_METHOD: method = TLSv1_server_method(); break; - case TLSV1_CLIENT_METHOD: method = TLSv1_client_method(); break; - case TLSV1_METHOD: method = TLSv1_method(); break; - case SSLV23_SERVER_METHOD: method = SSLv23_server_method(); break; - case SSLV23_CLIENT_METHOD: method = SSLv23_client_method(); break; - case SSLV23_METHOD: method = SSLv23_method(); break; - - default: - lose("unknown ctx method"); - } - - if ((self->ctx = SSL_CTX_new(method)) == NULL) - lose("unable to create new ctx"); - - SSL_CTX_set_cert_verify_callback(self->ctx, ssl_object_verify_callback, self); - - return self; - - error: - - Py_XDECREF(self); - return NULL; -} - -static PyObject * -ssl_object_getattr(ssl_object *self, char *name) -{ - return Py_FindMethod(ssl_object_methods, (PyObject *)self, name); -} - -static void -ssl_object_dealloc(ssl_object *self) -{ - SSL_free(self->ssl); - SSL_CTX_free(self->ctx); - sk_X509_pop_free(self->trusted_certs, X509_free); - if (self->x509_cb_err) - free(self->x509_cb_err); - PyObject_Del(self); -} - -static char ssltype__doc__[] = -"<class>\n" -" <header>\n" -" <name>Ssl</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This class provides access to the Secure Socket Layer\n" -" functionality of OpenSSL. It is designed to be a simple as\n" -" possible to use and is not designed for high performance\n" -" applications which handle many simultaneous connections. The\n" -" original motivation for writing this library was to provide a\n" -" security layer for network agents written in Python, for this\n" -" application, good performance with multiple concurrent connections\n" -" is not an issue.\n" -" </para>\n" -" </body>\n" -"</class>\n" -; - -static PyTypeObject ssltype = { - PyObject_HEAD_INIT(0) - 0, /*ob_size*/ - "Ssl", /*tp_name*/ - sizeof(ssl_object), /*tp_basicsize*/ - 0, /*tp_itemsize*/ - (destructor)ssl_object_dealloc, /*tp_dealloc*/ - (printfunc)0, /*tp_print*/ - (getattrfunc)ssl_object_getattr, /*tp_getattr*/ - (setattrfunc)0, /*tp_setattr*/ - (cmpfunc)0, /*tp_compare*/ - (reprfunc)0, /*tp_repr*/ - 0, /*tp_as_number*/ - 0, /*tp_as_sequence*/ - 0, /*tp_as_mapping*/ - (hashfunc)0, /*tp_hash*/ - (ternaryfunc)0, /*tp_call*/ - (reprfunc)0, /*tp_str*/ - 0, - 0, - 0, - 0, - ssltype__doc__ /* Documentation string */ -}; -/*========== ssl Object ==========*/ - /*========== asymmetric Object ==========*/ static asymmetric_object * asymmetric_object_new(int cipher_type, int key_size) @@ -5395,13 +4140,9 @@ static char asymmetric_object_sign__doc__[] = " following:\n" " </para>\n" " <simplelist>\n" -#ifndef OPENSSL_NO_MD2 -" <member><constant>MD2_DIGEST</constant></member>\n" -#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" -" <member><constant>RIPEMD160_DIGEST</constant></member>\n" " <member><constant>SHA256_DIGEST</constant></member>\n" " <member><constant>SHA384_DIGEST</constant></member>\n" " <member><constant>SHA512_DIGEST</constant></member>\n" @@ -5431,12 +4172,6 @@ asymmetric_object_sign(asymmetric_object *self, PyObject *args) lose("could not allocate memory"); switch(digest_type) { -#ifndef OPENSSL_NO_MD2 - case MD2_DIGEST: - digest_nid = NID_md2; - digest_len = MD2_DIGEST_LENGTH; - break; -#endif case MD5_DIGEST: digest_nid = NID_md5; digest_len = MD5_DIGEST_LENGTH; @@ -5449,10 +4184,6 @@ asymmetric_object_sign(asymmetric_object *self, PyObject *args) digest_nid = NID_sha1; digest_len = SHA_DIGEST_LENGTH; break; - case RIPEMD160_DIGEST: - digest_nid = NID_ripemd160; - digest_len = RIPEMD160_DIGEST_LENGTH; - break; case SHA256_DIGEST: digest_nid = NID_sha256; digest_len = SHA256_DIGEST_LENGTH; @@ -5534,13 +4265,9 @@ static char asymmetric_object_verify__doc__[] = " following:\n" " </para>\n" " <simplelist>\n" -#ifndef OPENSSL_NO_MD2 -" <member><constant>MD2_DIGEST</constant></member>\n" -#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" -" <member><constant>RIPEMD160_DIGEST</constant></member>\n" " <member><constant>SHA256_DIGEST</constant></member>\n" " <member><constant>SHA384_DIGEST</constant></member>\n" " <member><constant>SHA512_DIGEST</constant></member>\n" @@ -5563,12 +4290,6 @@ asymmetric_object_verify(asymmetric_object *self, PyObject *args) goto error; switch (digest_type) { -#ifndef OPENSSL_NO_MD2 - case MD2_DIGEST: - digest_len = MD2_DIGEST_LENGTH; - digest_nid = NID_md2; - break; -#endif case MD5_DIGEST: digest_len = MD5_DIGEST_LENGTH; digest_nid = NID_md5; @@ -5581,10 +4302,6 @@ asymmetric_object_verify(asymmetric_object *self, PyObject *args) digest_len = SHA_DIGEST_LENGTH; digest_nid = NID_sha1; break; - case RIPEMD160_DIGEST: - digest_len = RIPEMD160_DIGEST_LENGTH; - digest_nid = NID_ripemd160; - break; case SHA256_DIGEST: digest_len = SHA256_DIGEST_LENGTH; digest_nid = NID_sha256; @@ -5679,299 +4396,6 @@ static PyTypeObject asymmetrictype = { }; /*========== asymmetric Code ==========*/ -/*========== symmetric Code ==========*/ -static symmetric_object * -symmetric_object_new(int cipher_type) -{ - symmetric_object *self = NULL; - - if ((self = PyObject_New(symmetric_object, &symmetrictype)) == NULL) - goto error; - - self->cipher_type = cipher_type; - EVP_CIPHER_CTX_init(&self->cipher_ctx); - - return self; - - error: - - Py_XDECREF(self); - return NULL; -} - -static char symmetric_object_encrypt_init__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Symmetric</memberof>\n" -" <name>encryptInit</name>\n" -" <parameter>key</parameter>\n" -" <parameter>initialvalue = ''</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method sets up the cipher object to start encrypting a stream\n" -" of data. The first parameter is the key used to encrypt the\n" -" data. The second, the <parameter>initialvalue</parameter> serves\n" -" a similar purpose the the salt supplied to the Unix\n" -" <function>crypt</function> function.\n" -" The <parameter>initialvalue</parameter> is normally chosen at random and\n" -" often transmitted with the encrypted data, its purpose is to prevent\n" -" two identical plain texts resulting in two identical cipher texts.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -symmetric_object_encrypt_init(symmetric_object *self, PyObject *args) -{ - unsigned char *key = NULL, *iv = NULL, nulliv [] = ""; - const EVP_CIPHER *cipher = NULL; - - if (!PyArg_ParseTuple(args, "s|s", &key, &iv)) - goto error; - - if (!iv) - iv = nulliv; - - if ((cipher = evp_cipher_factory(self->cipher_type)) == NULL) - lose("unsupported cipher"); - - if (!EVP_EncryptInit(&self->cipher_ctx, cipher, key, iv)) - lose("could not initialise cipher"); - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static char symmetric_object_decrypt_init__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Symmetric</memberof>\n" -" <name>decryptInit</name>\n" -" <parameter>key</parameter>\n" -" <parameter>initialvalue = ''</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method sets up the cipher object to start decrypting a stream\n" -" of data. The first value must be the key used to encrypt the\n" -" data. The second parameter is the <parameter>initialvalue</parameter>\n" -" used to encrypt the data.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -symmetric_object_decrypt_init(symmetric_object *self, PyObject *args) -{ - unsigned char *key = NULL, *iv = NULL, nulliv [] = ""; - const EVP_CIPHER *cipher = NULL; - - if (!PyArg_ParseTuple(args, "s|s", &key, &iv)) - goto error; - - if (!iv) - iv = nulliv; - - if ((cipher = evp_cipher_factory(self->cipher_type)) == NULL) - lose("unsupported cipher"); - - if (!EVP_DecryptInit(&self->cipher_ctx, cipher, key, iv)) - lose("could not initialise cipher"); - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static char symmetric_object_update__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Symmetric</memberof>\n" -" <name>update</name>\n" -" <parameter>data</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method is used to process the bulk of data being encrypted\n" -" or decrypted by the cipher object. <parameter>data</parameter>\n" -" should be a string.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -symmetric_object_update(symmetric_object *self, PyObject *args) -{ - int inl = 0, outl = 0; - unsigned char *in = NULL, *out = NULL; - PyObject *py_out = NULL; - - if (!PyArg_ParseTuple(args, "s#", &in, &inl)) - goto error; - - if ((out = malloc(inl + EVP_CIPHER_CTX_block_size(&self->cipher_ctx))) == NULL) - lose("could not allocate memory"); - - if (!EVP_CipherUpdate(&self->cipher_ctx, out, &outl, in, inl)) - lose("could not update cipher"); - - if ((py_out = Py_BuildValue("s#", out, outl)) == NULL) - lose("could not allocate memory"); - - free(out); - return py_out; - - error: - - if (out) - free(out); - - return NULL; -} - -static char symmetric_object_final__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Symmetric</memberof>\n" -" <name>final</name>\n" -" <parameter>size = 1024</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" Most ciphers are block ciphers, that is they encrypt or decrypt a block of\n" -" data at a time. Often the data being processed will not fill an\n" -" entire block, this method processes these half-empty blocks. A\n" -" string is returned of a maximum length <parameter>size</parameter>.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -symmetric_object_final(symmetric_object *self, PyObject *args) -{ - int outl = 0, size = 1024; - unsigned char *out = NULL; - PyObject *py_out = NULL; - - if (!PyArg_ParseTuple(args, "|i", &size)) - goto error; - - if ((out = malloc(size + EVP_CIPHER_CTX_block_size(&self->cipher_ctx))) == NULL) - lose("could not allocate memory"); - - if (!EVP_CipherFinal(&self->cipher_ctx, out, &outl)) - lose("could not update cipher"); - - if ((py_out = Py_BuildValue("s#", out, outl)) == NULL) - lose("could not allocate memory"); - - free(out); - return py_out; - - error: - - if (out) - free(out); - - return NULL; -} - -static struct PyMethodDef symmetric_object_methods[] = { - {"encryptInit", (PyCFunction)symmetric_object_encrypt_init, METH_VARARGS, NULL}, - {"decryptInit", (PyCFunction)symmetric_object_decrypt_init, METH_VARARGS, NULL}, - {"update", (PyCFunction)symmetric_object_update, METH_VARARGS, NULL}, - {"final", (PyCFunction)symmetric_object_final, METH_VARARGS, NULL}, - - {NULL} /* sentinel */ -}; - -static PyObject * -symmetric_object_getattr(symmetric_object *self, char *name) -{ - return Py_FindMethod(symmetric_object_methods, (PyObject *)self, name); -} - -static void -symmetric_object_dealloc(symmetric_object *self, char *name) -{ - PyObject_Del(self); -} - -static char symmetrictype__doc__[] = -"<class>\n" -" <header>\n" -" <name>Symmetric</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This class provides access to all the symmetric ciphers in OpenSSL.\n" -" Initialisation of the cipher structures is performed late, only\n" -" when <function>encryptInit</function> or\n" -" <function>decryptInit</function> is called, the\n" -" constructor only records the cipher type. It is possible to reuse\n" -" the <classname>Symmetric</classname> objects by calling\n" -" <function>encryptInit</function> or <function>decryptInit</function>\n" -" again.\n" -" </para>\n" -" <example>\n" -" <title><classname>Symmetric</classname> class usage</title>\n" -" <programlisting>\n" -" passphrase = 'my silly passphrase'\n" -" md5 = POW.Digest(POW.MD5_DIGEST)\n" -" md5.update(passphrase)\n" -" password = md5.digest()[:8]\n" -"\n" -" plaintext = 'cast test message'\n" -" cast = POW.Symmetric(POW.CAST5_CFB)\n" -" cast.encryptInit(password)\n" -" ciphertext = cast.update(plaintext) + cast.final()\n" -" print 'Cipher text:', ciphertext\n" -"\n" -" cast.decryptInit(password)\n" -" out = cast.update(ciphertext) + cast.final()\n" -" print 'Deciphered text:', out\n" -" </programlisting>\n" -" </example>\n" -" </body>\n" -"</class>\n" -; - -static PyTypeObject symmetrictype = { - PyObject_HEAD_INIT(0) - 0, /*ob_size*/ - "Symmetric", /*tp_name*/ - sizeof(symmetric_object), /*tp_basicsize*/ - 0, /*tp_itemsize*/ - (destructor)symmetric_object_dealloc, /*tp_dealloc*/ - (printfunc)0, /*tp_print*/ - (getattrfunc)symmetric_object_getattr, /*tp_getattr*/ - (setattrfunc)0, /*tp_setattr*/ - (cmpfunc)0, /*tp_compare*/ - (reprfunc)0, /*tp_repr*/ - 0, /*tp_as_number*/ - 0, /*tp_as_sequence*/ - 0, /*tp_as_mapping*/ - (hashfunc)0, /*tp_hash*/ - (ternaryfunc)0, /*tp_call*/ - (reprfunc)0, /*tp_str*/ - 0, - 0, - 0, - 0, - symmetrictype__doc__ /* Documentation string */ -}; -/*========== symmetric Code ==========*/ - /*========== digest Code ==========*/ static digest_object * digest_object_new(int digest_type) @@ -5982,12 +4406,6 @@ digest_object_new(int digest_type) goto error; switch(digest_type) { -#ifndef OPENSSL_NO_MD2 - case MD2_DIGEST: - self->digest_type = MD2_DIGEST; - EVP_DigestInit(&self->digest_ctx, EVP_md2()); - break; -#endif case MD5_DIGEST: self->digest_type = MD5_DIGEST; EVP_DigestInit(&self->digest_ctx, EVP_md5()); @@ -6000,10 +4418,6 @@ digest_object_new(int digest_type) self->digest_type = SHA1_DIGEST; EVP_DigestInit(&self->digest_ctx, EVP_sha1()); break; - case RIPEMD160_DIGEST: - self->digest_type = RIPEMD160_DIGEST; - EVP_DigestInit(&self->digest_ctx, EVP_ripemd160()); - break; case SHA256_DIGEST: self->digest_type = SHA256_DIGEST; EVP_DigestInit(&self->digest_ctx, EVP_sha256()); @@ -6217,232 +4631,6 @@ static PyTypeObject digesttype = { }; /*========== digest Code ==========*/ -/*========== hmac Code ==========*/ -static hmac_object * -hmac_object_new(int digest_type, char *key, int key_len) -{ - hmac_object *self = NULL; - const EVP_MD *md = NULL; - - if ((self = PyObject_New(hmac_object, &hmactype)) == NULL) - goto error; - - switch (digest_type) { -#ifndef OPENSSL_NO_MD2 - case MD2_DIGEST: - md = EVP_md2(); - break; -#endif - case MD5_DIGEST: - md = EVP_md5(); - break; - case SHA_DIGEST: - md = EVP_sha(); - break; - case SHA1_DIGEST: - md = EVP_sha1(); - break; - case RIPEMD160_DIGEST: - md = EVP_ripemd160(); - break; - case SHA256_DIGEST: - md = EVP_sha256(); - break; - case SHA384_DIGEST: - md = EVP_sha384(); - break; - case SHA512_DIGEST: - md = EVP_sha512(); - break; - default: - lose("unsupported digest"); - } - - HMAC_Init(&self->hmac_ctx, key, key_len, md); - - return self; - - error: - - Py_XDECREF(self); - return NULL; -} - -static char hmac_object_update__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Hmac</memberof>\n" -" <name>update</name>\n" -" <parameter>data</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method updates the internal structures of the\n" -" <classname>Hmac</classname> object with <parameter>data</parameter>.\n" -" <parameter>data</parameter> should be a string.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -hmac_object_update(hmac_object *self, PyObject *args) -{ - unsigned char *data = NULL; - int len = 0; - - if (!PyArg_ParseTuple(args, "s#", &data, &len)) - goto error; - - HMAC_Update(&self->hmac_ctx, data, len); - - Py_RETURN_NONE; - - error: - - return NULL; -} - -static char hmac_object_copy__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Hmac</memberof>\n" -" <name>copy</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method returns a copy of the <classname>Hmac</classname>\n" -" object.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -hmac_object_copy(hmac_object *self, PyObject *args) -{ - hmac_object *new = NULL; - - if ((new = PyObject_New(hmac_object, &hmactype)) == NULL) - lose("could not allocate memory"); - - memcpy(&new->hmac_ctx, &self->hmac_ctx, sizeof(HMAC_CTX)); - - return (PyObject*) new; - - error: - - Py_XDECREF(new); - return NULL; -} - -static char hmac_object_mac__doc__[] = -"<method>\n" -" <header>\n" -" <memberof>Hmac</memberof>\n" -" <name>mac</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This method returns the MAC of all the data which has been\n" -" processed. This function can be called at any time and will not\n" -" effect the internal structure of the <classname>Hmac</classname>\n" -" object.\n" -" </para>\n" -" </body>\n" -"</method>\n" -; - -static PyObject * -hmac_object_mac(hmac_object *self, PyObject *args) -{ - unsigned char hmac_text[EVP_MAX_MD_SIZE]; - void *hmac_copy = NULL; - unsigned int hmac_len = 0; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - if ((hmac_copy = malloc(sizeof(HMAC_CTX))) == NULL) - lose("could not allocate memory"); - - memcpy(hmac_copy, &self->hmac_ctx, sizeof(HMAC_CTX)); - HMAC_Final(hmac_copy, hmac_text, &hmac_len); - - free(hmac_copy); - return Py_BuildValue("s#", hmac_text, hmac_len); - - error: - - if (hmac_copy) - free(hmac_copy); - - return NULL; -} - - -static struct PyMethodDef hmac_object_methods[] = { - {"update", (PyCFunction)hmac_object_update, METH_VARARGS, NULL}, - {"mac", (PyCFunction)hmac_object_mac, METH_VARARGS, NULL}, - {"copy", (PyCFunction)hmac_object_copy, METH_VARARGS, NULL}, - - {NULL} /* sentinel */ -}; - -static PyObject * -hmac_object_getattr(hmac_object *self, char *name) -{ - return Py_FindMethod(hmac_object_methods, (PyObject *)self, name); -} - -static void -hmac_object_dealloc(hmac_object *self, char *name) -{ - PyObject_Del(self); -} - -static char hmactype__doc__[] = -"<class>\n" -" <header>\n" -" <name>Hmac</name>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This class provides access to the HMAC functionality of OpenSSL.\n" -" HMAC's are a variant on digest based MACs, which have the\n" -" interesting property of a provable level of security. HMAC is\n" -" discussed further in RFC 2104.\n" -" </para>\n" -" </body>\n" -"</class>\n" -; - -static PyTypeObject hmactype = { - PyObject_HEAD_INIT(0) - 0, /*ob_size*/ - "Hmac", /*tp_name*/ - sizeof(hmac_object), /*tp_basicsize*/ - 0, /*tp_itemsize*/ - (destructor)hmac_object_dealloc, /*tp_dealloc*/ - (printfunc)0, /*tp_print*/ - (getattrfunc)hmac_object_getattr, /*tp_getattr*/ - (setattrfunc)0, /*tp_setattr*/ - (cmpfunc)0, /*tp_compare*/ - (reprfunc)0, /*tp_repr*/ - 0, /*tp_as_number*/ - 0, /*tp_as_sequence*/ - 0, /*tp_as_mapping*/ - (hashfunc)0, /*tp_hash*/ - (ternaryfunc)0, /*tp_call*/ - (reprfunc)0, /*tp_str*/ - 0, - 0, - 0, - 0, - hmactype__doc__ /* Documentation string */ -}; -/*========== hmac Code ==========*/ - /*========== CMS code ==========*/ static cms_object * CMS_object_new(void) @@ -7112,56 +5300,6 @@ static PyTypeObject cmstype = { /*========== CMS Code ==========*/ /*========== module functions ==========*/ -static char pow_module_new_ssl__doc__[] = -"<constructor>\n" -" <header>\n" -" <memberof>Ssl</memberof>\n" -" <parameter>protocol = SSLV23METHOD</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This constructor creates a new <classname>Ssl</classname> object which will behave as a client\n" -" or server, depending on the <parameter>protocol</parameter> value passed. The\n" -" <parameter>protocol</parameter> also determines the protocol type\n" -" and version and should be one of the following:\n" -" </para>\n" -"\n" -" <simplelist>\n" -" <member><constant>SSLV2_SERVER_METHOD</constant></member>\n" -" <member><constant>SSLV2_CLIENT_METHOD</constant></member>\n" -" <member><constant>SSLV2_METHOD</constant></member>\n" -" <member><constant>SSLV3_SERVER_METHOD</constant></member>\n" -" <member><constant>SSLV3_CLIENT_METHOD</constant></member>\n" -" <member><constant>SSLV3_METHOD</constant></member>\n" -" <member><constant>TLSV1_SERVER_METHOD</constant></member>\n" -" <member><constant>TLSV1_CLIENT_METHOD</constant></member>\n" -" <member><constant>TLSV1_METHOD</constant></member>\n" -" <member><constant>SSLV23_SERVER_METHOD</constant></member>\n" -" <member><constant>SSLV23_CLIENT_METHOD</constant></member>\n" -" <member><constant>SSLV23_METHOD</constant></member>\n" -" </simplelist>\n" -" </body>\n" -"</constructor>\n" -; - -static PyObject * -pow_module_new_ssl (PyObject *self, PyObject *args) -{ - ssl_object *ssl = NULL; - int ctxtype = SSLV23_METHOD; - - if (!PyArg_ParseTuple(args, "|i", &ctxtype)) - goto error; - - if ((ssl = newssl_object(ctxtype)) == NULL) - goto error; - - return (PyObject*) ssl; - - error: - - return NULL; -} static char pow_module_new_x509__doc__[] = "<constructor>\n" @@ -7265,13 +5403,9 @@ static char pow_module_new_digest__doc__[] = " of digest to create and should be one of the following:\n" " </para>\n" " <simplelist>\n" -#ifndef OPENSSL_NO_MD2 -" <member><constant>MD2_DIGEST</constant></member>\n" -#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" -" <member><constant>RIPEMD160_DIGEST</constant></member>\n" " <member><constant>SHA256_DIGEST</constant></member>\n" " <member><constant>SHA384_DIGEST</constant></member>\n" " <member><constant>SHA512_DIGEST</constant></member>\n" @@ -7309,13 +5443,9 @@ static char pow_module_new_hmac__doc__[] = " string and <parameter>type</parameter> should be one of the following:\n" " </para>\n" " <simplelist>\n" -#ifndef OPENSSL_NO_MD2 -" <member><constant>MD2_DIGEST</constant></member>\n" -#endif " <member><constant>MD5_DIGEST</constant></member>\n" " <member><constant>SHA_DIGEST</constant></member>\n" " <member><constant>SHA1_DIGEST</constant></member>\n" -" <member><constant>RIPEMD160_DIGEST</constant></member>\n" " <member><constant>SHA256_DIGEST</constant></member>\n" " <member><constant>SHA384_DIGEST</constant></member>\n" " <member><constant>SHA512_DIGEST</constant></member>\n" @@ -7547,81 +5677,6 @@ pow_module_new_x509_store (PyObject *self, PyObject *args) return NULL; } -static char pow_module_new_symmetric__doc__[] = -"<constructor>\n" -" <header>\n" -" <memberof>Symmetric</memberof>\n" -" <parameter>type</parameter>\n" -" </header>\n" -" <body>\n" -" <para>\n" -" This constructor creates a new <classname>Symmetric</classname>\n" -" object. The parameter <parameter>type</parameter> specifies which kind\n" -" of cipher to create. <constant>type</constant> should be one of the following:\n" -" </para>\n" -" <simplelist columns = \"2\">\n" -" <member><constant>DES_ECB</constant></member>\n" -" <member><constant>DES_EDE</constant></member>\n" -" <member><constant>DES_EDE3</constant></member>\n" -" <member><constant>DES_CFB</constant></member>\n" -" <member><constant>DES_EDE_CFB</constant></member>\n" -" <member><constant>DES_EDE3_CFB</constant></member>\n" -" <member><constant>DES_OFB</constant></member>\n" -" <member><constant>DES_EDE_OFB</constant></member>\n" -" <member><constant>DES_EDE3_OFB</constant></member>\n" -" <member><constant>DES_CBC</constant></member>\n" -" <member><constant>DES_EDE_CBC</constant></member>\n" -" <member><constant>DES_EDE3_CBC</constant></member>\n" -" <member><constant>DESX_CBC</constant></member>\n" -" <member><constant>RC4</constant></member>\n" -" <member><constant>RC4_40</constant></member>\n" -" <member><constant>IDEA_ECB</constant></member>\n" -" <member><constant>IDEA_CFB</constant></member>\n" -" <member><constant>IDEA_OFB</constant></member>\n" -" <member><constant>IDEA_CBC</constant></member>\n" -" <member><constant>RC2_ECB</constant></member>\n" -" <member><constant>RC2_CBC</constant></member>\n" -" <member><constant>RC2_40_CBC</constant></member>\n" -" <member><constant>RC2_CFB</constant></member>\n" -" <member><constant>RC2_OFB</constant></member>\n" -" <member><constant>BF_ECB</constant></member>\n" -" <member><constant>BF_CBC</constant></member>\n" -" <member><constant>BF_CFB</constant></member>\n" -" <member><constant>BF_OFB</constant></member>\n" -" <member><constant>CAST5_ECB</constant></member>\n" -" <member><constant>CAST5_CBC</constant></member>\n" -" <member><constant>CAST5_CFB</constant></member>\n" -" <member><constant>CAST5_OFB</constant></member>\n" -" <member><constant>RC5_32_12_16_CBC</constant></member>\n" -" <member><constant>RC5_32_12_16_CFB</constant></member>\n" -" <member><constant>RC5_32_12_16_ECB</constant></member>\n" -" <member><constant>RC5_32_12_16_OFB</constant></member>\n" -" </simplelist>\n" -" <para>\n" -" Please note your version of OpenSSL might not have been compiled with\n" -" all the ciphers listed above. If that is the case, which is very\n" -" likely if you are using a stock binary, the unsuported ciphers will not even\n" -" be in the module namespace.\n" -" </para>\n" -" </body>\n" -"</constructor>\n" -; - -static PyObject * -pow_module_new_symmetric (PyObject *self, PyObject *args) -{ - int cipher_type = 0; - - if (!PyArg_ParseTuple(args, "i", &cipher_type)) - goto error; - - return (PyObject *) symmetric_object_new(cipher_type); - - error: - - return NULL; -} - static char pow_module_new_x509_crl__doc__[] = "<constructor>\n" " <header>\n" @@ -7942,185 +5997,13 @@ pow_module_read_random_file(PyObject *self, PyObject *args) return NULL; } -static PyObject * -pow_module_docset(PyObject *self, PyObject *args) -{ - PyObject *docset; - - if (!PyArg_ParseTuple(args, "")) - goto error; - - docset = PyList_New(0); - - // module documentation - docset_helper_add(docset, pow_module__doc__); - - // constructors - docset_helper_add(docset, pow_module_new_symmetric__doc__); - docset_helper_add(docset, pow_module_new_asymmetric__doc__); - docset_helper_add(docset, pow_module_new_digest__doc__); - docset_helper_add(docset, pow_module_new_hmac__doc__); - docset_helper_add(docset, pow_module_new_ssl__doc__); - docset_helper_add(docset, pow_module_new_x509__doc__); - docset_helper_add(docset, pow_module_new_x509_store__doc__); - docset_helper_add(docset, pow_module_new_x509_crl__doc__); - docset_helper_add(docset, pow_module_new_x509_revoked__doc__); - docset_helper_add(docset, pow_module_new_cms__doc__); - - // functions - docset_helper_add(docset, pow_module_pem_read__doc__); - docset_helper_add(docset, pow_module_der_read__doc__); - docset_helper_add(docset, pow_module_seed__doc__); - docset_helper_add(docset, pow_module_add__doc__); - docset_helper_add(docset, pow_module_read_random_file__doc__); - docset_helper_add(docset, pow_module_write_random_file__doc__); - docset_helper_add(docset, pow_module_get_error__doc__); - docset_helper_add(docset, pow_module_clear_error__doc__); - docset_helper_add(docset, pow_module_add_object__doc__); - - // ssl documentation - docset_helper_add(docset, ssltype__doc__); - docset_helper_add(docset, ssl_object_set_fd__doc__); - docset_helper_add(docset, ssl_object_fileno__doc__); - docset_helper_add(docset, ssl_object_accept__doc__); - docset_helper_add(docset, ssl_object_connect__doc__); - docset_helper_add(docset, ssl_object_write__doc__); - docset_helper_add(docset, ssl_object_read__doc__); - docset_helper_add(docset, ssl_object_peer_certificate__doc__); - docset_helper_add(docset, ssl_object_use_certificate__doc__); - docset_helper_add(docset, ssl_object_use_key__doc__); - docset_helper_add(docset, ssl_object_check_key__doc__); - docset_helper_add(docset, ssl_object_clear__doc__); - docset_helper_add(docset, ssl_object_shutdown__doc__); - docset_helper_add(docset, ssl_object_get_shutdown__doc__); - docset_helper_add(docset, ssl_object_get_ciphers__doc__); - docset_helper_add(docset, ssl_object_set_ciphers__doc__); - docset_helper_add(docset, ssl_object_get_cipher__doc__); - docset_helper_add(docset, ssl_object_set_verify_mode__doc__); - - // x509 documentation - docset_helper_add(docset, x509type__doc__); - docset_helper_add(docset, X509_object_pem_write__doc__); - docset_helper_add(docset, X509_object_der_write__doc__); - docset_helper_add(docset, X509_object_sign__doc__); - docset_helper_add(docset, X509_object_set_public_key__doc__); - docset_helper_add(docset, X509_object_get_version__doc__); - docset_helper_add(docset, X509_object_set_version__doc__); - docset_helper_add(docset, X509_object_get_serial__doc__); - docset_helper_add(docset, X509_object_set_serial__doc__); - docset_helper_add(docset, X509_object_get_issuer__doc__); - docset_helper_add(docset, X509_object_set_issuer__doc__); - docset_helper_add(docset, X509_object_get_subject__doc__); - docset_helper_add(docset, X509_object_set_subject__doc__); - docset_helper_add(docset, X509_object_get_not_before__doc__); - docset_helper_add(docset, X509_object_set_not_before__doc__); - docset_helper_add(docset, X509_object_get_not_after__doc__); - docset_helper_add(docset, X509_object_set_not_after__doc__); - docset_helper_add(docset, X509_object_add_extension__doc__); - docset_helper_add(docset, X509_object_clear_extensions__doc__); - docset_helper_add(docset, X509_object_count_extensions__doc__); - docset_helper_add(docset, X509_object_get_extension__doc__); - docset_helper_add(docset, x509_object_pprint__doc__); - - // x509_crl documentation - docset_helper_add(docset, x509_crltype__doc__); - docset_helper_add(docset, x509_crl_object_pem_write__doc__); - docset_helper_add(docset, x509_crl_object_der_write__doc__); - docset_helper_add(docset, x509_crl_object_get_version__doc__); - docset_helper_add(docset, x509_crl_object_set_version__doc__); - docset_helper_add(docset, x509_crl_object_get_issuer__doc__); - docset_helper_add(docset, x509_crl_object_set_issuer__doc__); - docset_helper_add(docset, x509_crl_object_get_this_update__doc__); - docset_helper_add(docset, x509_crl_object_set_this_update__doc__); - docset_helper_add(docset, x509_crl_object_get_next_update__doc__); - docset_helper_add(docset, x509_crl_object_set_next_update__doc__); - docset_helper_add(docset, x509_crl_object_get_revoked__doc__); - docset_helper_add(docset, x509_crl_object_set_revoked__doc__); - docset_helper_add(docset, x509_crl_object_verify__doc__); - docset_helper_add(docset, x509_crl_object_sign__doc__); - docset_helper_add(docset, X509_crl_object_add_extension__doc__); - docset_helper_add(docset, X509_crl_object_clear_extensions__doc__); - docset_helper_add(docset, X509_crl_object_count_extensions__doc__); - docset_helper_add(docset, X509_crl_object_get_extension__doc__); - docset_helper_add(docset, x509_crl_object_pprint__doc__); - - // x509_revoked documentation - docset_helper_add(docset, x509_revokedtype__doc__); - docset_helper_add(docset, x509_revoked_object_get_date__doc__); - docset_helper_add(docset, x509_revoked_object_set_date__doc__); - docset_helper_add(docset, x509_revoked_object_get_serial__doc__); - docset_helper_add(docset, x509_revoked_object_set_serial__doc__); - docset_helper_add(docset, X509_revoked_object_add_extension__doc__); - docset_helper_add(docset, X509_revoked_object_clear_extensions__doc__); - docset_helper_add(docset, X509_revoked_object_count_extensions__doc__); - docset_helper_add(docset, X509_revoked_object_get_extension__doc__); - - // x509_store documentation - docset_helper_add(docset, x509_storetype__doc__); - docset_helper_add(docset, x509_store_object_verify__doc__); - docset_helper_add(docset, x509_store_object_verify_chain__doc__); - docset_helper_add(docset, x509_store_object_verify_detailed__doc__); - docset_helper_add(docset, x509_store_object_add_trust__doc__); - docset_helper_add(docset, x509_store_object_add_crl__doc__); - - // digest documentation - docset_helper_add(docset, digesttype__doc__); - docset_helper_add(docset, digest_object_update__doc__); - docset_helper_add(docset, digest_object_copy__doc__); - docset_helper_add(docset, digest_object_digest__doc__); - - // hmac documentation - docset_helper_add(docset, hmactype__doc__); - docset_helper_add(docset, hmac_object_update__doc__); - docset_helper_add(docset, hmac_object_copy__doc__); - docset_helper_add(docset, hmac_object_mac__doc__); - - // cms documentation - docset_helper_add(docset, CMS_object_pem_write__doc__); - docset_helper_add(docset, CMS_object_der_write__doc__); - docset_helper_add(docset, CMS_object_sign__doc__); - docset_helper_add(docset, CMS_object_verify__doc__); - docset_helper_add(docset, CMS_object_eContentType__doc__); - docset_helper_add(docset, CMS_object_signingTime__doc__); - docset_helper_add(docset, CMS_object_pprint__doc__); - docset_helper_add(docset, CMS_object_certs__doc__); - docset_helper_add(docset, CMS_object_crls__doc__); - - // symmetric documentation - docset_helper_add(docset, symmetrictype__doc__); - docset_helper_add(docset, symmetric_object_encrypt_init__doc__); - docset_helper_add(docset, symmetric_object_decrypt_init__doc__); - docset_helper_add(docset, symmetric_object_update__doc__); - docset_helper_add(docset, symmetric_object_final__doc__); - - // asymmetric documentation - docset_helper_add(docset, asymmetrictype__doc__); - docset_helper_add(docset, asymmetric_object_pem_write__doc__); - docset_helper_add(docset, asymmetric_object_der_write__doc__); - docset_helper_add(docset, asymmetric_object_public_encrypt__doc__); - docset_helper_add(docset, asymmetric_object_public_decrypt__doc__); - docset_helper_add(docset, asymmetric_object_private_encrypt__doc__); - docset_helper_add(docset, asymmetric_object_private_decrypt__doc__); - docset_helper_add(docset, asymmetric_object_sign__doc__); - docset_helper_add(docset, asymmetric_object_verify__doc__); - - return docset; - - error: - - return NULL; -} - static struct PyMethodDef pow_module_methods[] = { - {"Ssl", (PyCFunction)pow_module_new_ssl, METH_VARARGS, NULL}, {"X509", (PyCFunction)pow_module_new_x509, METH_VARARGS, NULL}, {"pemRead", (PyCFunction)pow_module_pem_read, METH_VARARGS, NULL}, {"derRead", (PyCFunction)pow_module_der_read, METH_VARARGS, NULL}, {"Digest", (PyCFunction)pow_module_new_digest, METH_VARARGS, NULL}, - {"Hmac", (PyCFunction)pow_module_new_hmac, METH_VARARGS, NULL}, {"CMS", (PyCFunction)pow_module_new_cms, METH_VARARGS, NULL}, {"Asymmetric", (PyCFunction)pow_module_new_asymmetric, METH_VARARGS, NULL}, - {"Symmetric", (PyCFunction)pow_module_new_symmetric, METH_VARARGS, NULL}, {"X509Store", (PyCFunction)pow_module_new_x509_store, METH_VARARGS, NULL}, {"X509Crl", (PyCFunction)pow_module_new_x509_crl, METH_VARARGS, NULL}, {"X509Revoked", (PyCFunction)pow_module_new_x509_revoked, METH_VARARGS, NULL}, @@ -8132,8 +6015,6 @@ static struct PyMethodDef pow_module_methods[] = { {"writeRandomFile", (PyCFunction)pow_module_write_random_file, METH_VARARGS, NULL}, {"addObject", (PyCFunction)pow_module_add_object, METH_VARARGS, NULL}, - {"_docset", (PyCFunction)pow_module_docset, METH_VARARGS, NULL}, - {NULL} /* sentinel */ }; /*========== module functions ==========*/ @@ -8149,69 +6030,29 @@ init_POW(void) x509_storetype.ob_type = &PyType_Type; x509_crltype.ob_type = &PyType_Type; x509_revokedtype.ob_type = &PyType_Type; - ssltype.ob_type = &PyType_Type; asymmetrictype.ob_type = &PyType_Type; - symmetrictype.ob_type = &PyType_Type; digesttype.ob_type = &PyType_Type; - hmactype.ob_type = &PyType_Type; cmstype.ob_type = &PyType_Type; m = Py_InitModule3("_POW", pow_module_methods, pow_module__doc__); -#define Define_Exception(__name__, __parent__) \ - PyModule_AddObject(m, #__name__, ((__name__##Object) = PyErr_NewException("POW." #__name__, __parent__, NULL))) +#define Define_Exception(__name__, __parent__) \ + PyModule_AddObject(m, #__name__, ((__name__##Object) \ + = PyErr_NewException("POW." #__name__, __parent__, NULL))) Define_Exception(Error, NULL); - Define_Exception(SSLError, ErrorObject); - Define_Exception(ZeroReturnError, SSLErrorObject); - Define_Exception(WantReadError, SSLErrorObject); - Define_Exception(WantWriteError, SSLErrorObject); - Define_Exception(SSLSyscallError, SSLErrorObject); - Define_Exception(SSLErrorSSLError, SSLErrorObject); - Define_Exception(SSLSyscallSSLError, SSLErrorObject); - Define_Exception(SSLUnexpectedEOFError,SSLErrorObject); - Define_Exception(SSLOtherError, SSLErrorObject); + Define_Exception(POWError, ErrorObject); + Define_Exception(POWSyscallError, POWErrorObject); + Define_Exception(POWErrorSSLError, POWErrorObject); + Define_Exception(POWSyscallSSLError, POWErrorObject); + Define_Exception(POWUnexpectedEOFError,POWErrorObject); + Define_Exception(POWOtherError, POWErrorObject); #undef Define_Exception #define Define_Integer_Constant(__name__) \ PyModule_AddIntConstant(m, #__name__, __name__) - // constants for SSL_get_error() - Define_Integer_Constant(SSL_ERROR_NONE); - Define_Integer_Constant(SSL_ERROR_ZERO_RETURN); - Define_Integer_Constant(SSL_ERROR_WANT_READ); - Define_Integer_Constant(SSL_ERROR_WANT_WRITE); - Define_Integer_Constant(SSL_ERROR_WANT_X509_LOOKUP); - Define_Integer_Constant(SSL_ERROR_SYSCALL); - Define_Integer_Constant(SSL_ERROR_SSL); - Define_Integer_Constant(SSL_ERROR_WANT_CONNECT); - Define_Integer_Constant(SSL_ERROR_WANT_ACCEPT); - - // constants for different types of connection methods - Define_Integer_Constant(SSLV2_SERVER_METHOD); - Define_Integer_Constant(SSLV2_CLIENT_METHOD); - Define_Integer_Constant(SSLV2_METHOD); - Define_Integer_Constant(SSLV3_SERVER_METHOD); - Define_Integer_Constant(SSLV3_CLIENT_METHOD); - Define_Integer_Constant(SSLV3_METHOD); - Define_Integer_Constant(SSLV23_SERVER_METHOD); - Define_Integer_Constant(SSLV23_CLIENT_METHOD); - Define_Integer_Constant(SSLV23_METHOD); - Define_Integer_Constant(TLSV1_SERVER_METHOD); - Define_Integer_Constant(TLSV1_CLIENT_METHOD); - Define_Integer_Constant(TLSV1_METHOD); - - Define_Integer_Constant(SSL_NO_SHUTDOWN); - Define_Integer_Constant(SSL_SENT_SHUTDOWN); - Define_Integer_Constant(SSL_RECEIVED_SHUTDOWN); - - // ssl verification mode - Define_Integer_Constant(SSL_VERIFY_NONE); - Define_Integer_Constant(SSL_VERIFY_PEER); - Define_Integer_Constant(SSL_VERIFY_FAIL_IF_NO_PEER_CERT); - Define_Integer_Constant(SSL_VERIFY_CLIENT_ONCE); - // object format types Define_Integer_Constant(LONGNAME_FORMAT); Define_Integer_Constant(SHORTNAME_FORMAT); @@ -8296,13 +6137,9 @@ init_POW(void) #endif // message digests -#ifndef OPENSSL_NO_MD2 - Define_Integer_Constant(MD2_DIGEST); -#endif Define_Integer_Constant(MD5_DIGEST); Define_Integer_Constant(SHA_DIGEST); Define_Integer_Constant(SHA1_DIGEST); - Define_Integer_Constant(RIPEMD160_DIGEST); Define_Integer_Constant(SHA256_DIGEST); Define_Integer_Constant(SHA384_DIGEST); Define_Integer_Constant(SHA512_DIGEST); diff --git a/rpkid/rpki/POW/__init__.py b/rpkid/rpki/POW/__init__.py index b150bbf1..b632c850 100644 --- a/rpkid/rpki/POW/__init__.py +++ b/rpkid/rpki/POW/__init__.py @@ -1,5 +1,4 @@ from _POW import * -from _POW import _docset ## @mainpage ## diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 2fbd25ed..fd149373 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -13,7 +13,7 @@ some of the nasty details. This involves a lot of format conversion. $Id$ -Copyright (C) 2009--2011 Internet Systems Consortium ("ISC") +Copyright (C) 2009--2012 Internet Systems Consortium ("ISC") Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above |