PageRenderTime 24ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 1ms

/pypy/rlib/ropenssl.py

https://bitbucket.org/pypy/pypy/
Python | 293 lines | 249 code | 33 blank | 11 comment | 8 complexity | 6ed692ecfdb8a995a3859fa72b26aa2d MD5 | raw file
Possible License(s): AGPL-3.0, BSD-3-Clause, Apache-2.0 
    

  1. from pypy.rpython.lltypesystem import rffi, lltype
    2. 

  2. from pypy.rpython.tool import rffi_platform
    3. 

  3. from pypy.translator.platform import platform
    4. 

  4. from pypy.translator.tool.cbuild import ExternalCompilationInfo
    5. 

  5. 

  6. import sys
    7. 

  7. 

  8. if sys.platform == 'win32' and platform.name != 'mingw32':
    9. 

  9.     libraries = ['libeay32', 'ssleay32',
    10. 

  10.                  'user32', 'advapi32', 'gdi32', 'msvcrt', 'ws2_32']
    11. 

  11.     includes = [
    12. 

  12.         # ssl.h includes winsock.h, which will conflict with our own
    13. 

  13.         # need of winsock2.  Remove this when separate compilation is
    14. 

  14.         # available...
    15. 

  15.         'winsock2.h',
    16. 

  16.         # wincrypt.h defines X509_NAME, include it here
    17. 

  17.         # so that openssl/ssl.h can repair this nonsense.
    18. 

  18.         'wincrypt.h']
    19. 

  19. else:
    20. 

  20.     libraries = ['ssl', 'crypto']
    21. 

  21.     includes = []
    22. 

  22. 

  23. includes += [
    24. 

  24.     'openssl/ssl.h', 
    25. 

  25.     'openssl/err.h',
    26. 

  26.     'openssl/rand.h',
    27. 

  27.     'openssl/evp.h',
    28. 

  28.     'openssl/ossl_typ.h',
    29. 

  29.     'openssl/x509v3.h']
    30. 

  30. 

  31. eci = ExternalCompilationInfo(
    32. 

  32.     libraries = libraries,
    33. 

  33.     includes = includes,
    34. 

  34.     export_symbols = [],
    35. 

  35.     post_include_bits = [
    36. 

  36.         # Unnamed structures are not supported by rffi_platform.
    37. 

  37.         # So we replace an attribute access with a macro call.
    38. 

  38.         '#define pypy_GENERAL_NAME_dirn(name) (name->d.dirn)',
    39. 

  39.         ],
    40. 

  40.     )
    41. 

  41. 

  42. eci = rffi_platform.configure_external_library(
    43. 

  43.     'openssl', eci,
    44. 

  44.     [dict(prefix='openssl-',
    45. 

  45.           include_dir='inc32', library_dir='out32'),
    46. 

  46.      ])
    47. 

  47. 

  48. # WinSock does not use a bitmask in select, and uses
    49. 

  49. # socket handles greater than FD_SETSIZE
    50. 

  50. if sys.platform == 'win32':
    51. 

  51.     MAX_FD_SIZE = None
    52. 

  52. else:
    53. 

  53.     from pypy.rlib._rsocket_rffi import FD_SETSIZE as MAX_FD_SIZE
    54. 

  54. 

  55. ASN1_STRING = lltype.Ptr(lltype.ForwardReference())
    56. 

  56. ASN1_ITEM = rffi.COpaquePtr('ASN1_ITEM')
    57. 

  57. X509_NAME = rffi.COpaquePtr('X509_NAME')
    58. 

  58. 

  59. class CConfig:
    60. 

  60.     _compilation_info_ = eci
    61. 

  61. 

  62.     OPENSSL_VERSION_NUMBER = rffi_platform.ConstantInteger(
    63. 

  63.         "OPENSSL_VERSION_NUMBER")
    64. 

  64.     SSLEAY_VERSION = rffi_platform.DefinedConstantString(
    65. 

  65.         "SSLEAY_VERSION", "SSLeay_version(SSLEAY_VERSION)")
    66. 

  66.     OPENSSL_NO_SSL2 = rffi_platform.Defined("OPENSSL_NO_SSL2")
    67. 

  67.     SSL_FILETYPE_PEM = rffi_platform.ConstantInteger("SSL_FILETYPE_PEM")
    68. 

  68.     SSL_OP_ALL = rffi_platform.ConstantInteger("SSL_OP_ALL")
    69. 

  69.     SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = rffi_platform.ConstantInteger(
    70. 

  70.         "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS")
    71. 

  71.     SSL_VERIFY_NONE = rffi_platform.ConstantInteger("SSL_VERIFY_NONE")
    72. 

  72.     SSL_VERIFY_PEER = rffi_platform.ConstantInteger("SSL_VERIFY_PEER")
    73. 

  73.     SSL_VERIFY_FAIL_IF_NO_PEER_CERT = rffi_platform.ConstantInteger("SSL_VERIFY_FAIL_IF_NO_PEER_CERT")
    74. 

  74.     SSL_ERROR_WANT_READ = rffi_platform.ConstantInteger(
    75. 

  75.         "SSL_ERROR_WANT_READ")
    76. 

  76.     SSL_ERROR_WANT_WRITE = rffi_platform.ConstantInteger(
    77. 

  77.         "SSL_ERROR_WANT_WRITE")
    78. 

  78.     SSL_ERROR_ZERO_RETURN = rffi_platform.ConstantInteger(
    79. 

  79.         "SSL_ERROR_ZERO_RETURN")
    80. 

  80.     SSL_ERROR_WANT_X509_LOOKUP = rffi_platform.ConstantInteger(
    81. 

  81.         "SSL_ERROR_WANT_X509_LOOKUP")
    82. 

  82.     SSL_ERROR_WANT_CONNECT = rffi_platform.ConstantInteger(
    83. 

  83.         "SSL_ERROR_WANT_CONNECT")
    84. 

  84.     SSL_ERROR_SYSCALL = rffi_platform.ConstantInteger("SSL_ERROR_SYSCALL")
    85. 

  85.     SSL_ERROR_SSL = rffi_platform.ConstantInteger("SSL_ERROR_SSL")
    86. 

  86.     SSL_RECEIVED_SHUTDOWN = rffi_platform.ConstantInteger(
    87. 

  87.         "SSL_RECEIVED_SHUTDOWN")
    88. 

  88.     SSL_MODE_AUTO_RETRY = rffi_platform.ConstantInteger("SSL_MODE_AUTO_RETRY")
    89. 

  89. 

  90.     NID_subject_alt_name = rffi_platform.ConstantInteger("NID_subject_alt_name")
    91. 

  91.     GEN_DIRNAME = rffi_platform.ConstantInteger("GEN_DIRNAME")
    92. 

  92. 

  93.     CRYPTO_LOCK = rffi_platform.ConstantInteger("CRYPTO_LOCK")
    94. 

  94. 

  95.     # Some structures, with only the fields used in the _ssl module
    96. 

  96.     X509_name_entry_st = rffi_platform.Struct('struct X509_name_entry_st',
    97. 

  97.                                               [('set', rffi.INT)])
    98. 

  98.     asn1_string_st = rffi_platform.Struct('struct asn1_string_st',
    99. 

  99.                                           [('length', rffi.INT),
    100. 

  100.                                            ('data', rffi.CCHARP)])
    101. 

  101.     X509_extension_st = rffi_platform.Struct(
    102. 

  102.         'struct X509_extension_st',
    103. 

  103.         [('value', ASN1_STRING)])
    104. 

  104.     ASN1_ITEM_EXP = lltype.FuncType([], ASN1_ITEM)
    105. 

  105.     X509V3_EXT_D2I = lltype.FuncType([rffi.VOIDP, rffi.CCHARPP, rffi.LONG], 
    106. 

  106.                                      rffi.VOIDP)
    107. 

  107.     v3_ext_method = rffi_platform.Struct(
    108. 

  108.         'struct v3_ext_method',
    109. 

  109.         [('it', lltype.Ptr(ASN1_ITEM_EXP)),
    110. 

  110.          ('d2i', lltype.Ptr(X509V3_EXT_D2I))])
    111. 

  111.     GENERAL_NAME_st = rffi_platform.Struct(
    112. 

  112.         'struct GENERAL_NAME_st',
    113. 

  113.         [('type', rffi.INT),
    114. 

  114.          ])
    115. 

  115.     EVP_MD_st = rffi_platform.Struct(
    116. 

  116.         'EVP_MD',
    117. 

  117.         [('md_size', rffi.INT),
    118. 

  118.          ('block_size', rffi.INT)])
    119. 

  119.     EVP_MD_SIZE = rffi_platform.SizeOf('EVP_MD')
    120. 

  120.     EVP_MD_CTX_SIZE = rffi_platform.SizeOf('EVP_MD_CTX')
    121. 

  121. 

  122. 

  123. for k, v in rffi_platform.configure(CConfig).items():
    124. 

  124.     globals()[k] = v
    125. 

  125. 

  126. # opaque structures
    127. 

  127. SSL_METHOD = rffi.COpaquePtr('SSL_METHOD')
    128. 

  128. SSL_CTX = rffi.COpaquePtr('SSL_CTX')
    129. 

  129. SSL_CIPHER = rffi.COpaquePtr('SSL_CIPHER')
    130. 

  130. SSL = rffi.COpaquePtr('SSL')
    131. 

  131. BIO = rffi.COpaquePtr('BIO')
    132. 

  132. X509 = rffi.COpaquePtr('X509')
    133. 

  133. X509_NAME_ENTRY = rffi.CArrayPtr(X509_name_entry_st)
    134. 

  134. X509_EXTENSION = rffi.CArrayPtr(X509_extension_st)
    135. 

  135. X509V3_EXT_METHOD = rffi.CArrayPtr(v3_ext_method)
    136. 

  136. ASN1_OBJECT = rffi.COpaquePtr('ASN1_OBJECT')
    137. 

  137. ASN1_STRING.TO.become(asn1_string_st)
    138. 

  138. ASN1_TIME = rffi.COpaquePtr('ASN1_TIME')
    139. 

  139. ASN1_INTEGER = rffi.COpaquePtr('ASN1_INTEGER')
    140. 

  140. GENERAL_NAMES = rffi.COpaquePtr('GENERAL_NAMES')
    141. 

  141. GENERAL_NAME = rffi.CArrayPtr(GENERAL_NAME_st)
    142. 

  142. 

  143. HAVE_OPENSSL_RAND = OPENSSL_VERSION_NUMBER >= 0x0090500f
    144. 

  144. 

  145. def external(name, argtypes, restype, **kw):
    146. 

  146.     kw['compilation_info'] = eci
    147. 

  147.     if not kw.get('macro', False):
    148. 

  148.         eci.export_symbols += (name,)
    149. 

  149.     return rffi.llexternal(
    150. 

  150.         name, argtypes, restype, **kw)
    151. 

  151. 

  152. def ssl_external(name, argtypes, restype, **kw):
    153. 

  153.     globals()['libssl_' + name] = external(
    154. 

  154.         name, argtypes, restype, **kw)
    155. 

  155. 

  156. ssl_external('SSL_load_error_strings', [], lltype.Void)
    157. 

  157. ssl_external('SSL_library_init', [], rffi.INT)
    158. 

  158. ssl_external('CRYPTO_num_locks', [], rffi.INT)
    159. 

  159. ssl_external('CRYPTO_set_locking_callback',
    160. 

  160.              [lltype.Ptr(lltype.FuncType(
    161. 

  161.                 [rffi.INT, rffi.INT, rffi.CCHARP, rffi.INT], lltype.Void))],
    162. 

  162.              lltype.Void)
    163. 

  163. ssl_external('CRYPTO_set_id_callback',
    164. 

  164.              [lltype.Ptr(lltype.FuncType([], rffi.LONG))],
    165. 

  165.              lltype.Void)
    166. 

  166. 

  167. if HAVE_OPENSSL_RAND:
    168. 

  168.     ssl_external('RAND_add', [rffi.CCHARP, rffi.INT, rffi.DOUBLE], lltype.Void)
    169. 

  169.     ssl_external('RAND_status', [], rffi.INT)
    170. 

  170.     ssl_external('RAND_egd', [rffi.CCHARP], rffi.INT)
    171. 

  171. ssl_external('SSL_CTX_new', [SSL_METHOD], SSL_CTX)
    172. 

  172. ssl_external('SSL_get_SSL_CTX', [SSL], SSL_CTX)
    173. 

  173. ssl_external('TLSv1_method', [], SSL_METHOD)
    174. 

  174. ssl_external('SSLv2_method', [], SSL_METHOD)
    175. 

  175. ssl_external('SSLv3_method', [], SSL_METHOD)
    176. 

  176. ssl_external('SSLv23_method', [], SSL_METHOD)
    177. 

  177. ssl_external('SSL_CTX_use_PrivateKey_file', [SSL_CTX, rffi.CCHARP, rffi.INT], rffi.INT)
    178. 

  178. ssl_external('SSL_CTX_use_certificate_chain_file', [SSL_CTX, rffi.CCHARP], rffi.INT)
    179. 

  179. ssl_external('SSL_CTX_set_options', [SSL_CTX, rffi.INT], rffi.INT, macro=True)
    180. 

  180. ssl_external('SSL_CTX_ctrl', [SSL_CTX, rffi.INT, rffi.INT, rffi.VOIDP], rffi.INT)
    181. 

  181. ssl_external('SSL_CTX_set_verify', [SSL_CTX, rffi.INT, rffi.VOIDP], lltype.Void)
    182. 

  182. ssl_external('SSL_CTX_get_verify_mode', [SSL_CTX], rffi.INT)
    183. 

  183. ssl_external('SSL_CTX_set_cipher_list', [SSL_CTX, rffi.CCHARP], rffi.INT)
    184. 

  184. ssl_external('SSL_CTX_load_verify_locations', [SSL_CTX, rffi.CCHARP, rffi.CCHARP], rffi.INT)
    185. 

  185. ssl_external('SSL_new', [SSL_CTX], SSL)
    186. 

  186. ssl_external('SSL_set_fd', [SSL, rffi.INT], rffi.INT)
    187. 

  187. ssl_external('SSL_set_mode', [SSL, rffi.INT], rffi.INT, macro=True)
    188. 

  188. ssl_external('SSL_ctrl', [SSL, rffi.INT, rffi.INT, rffi.VOIDP], rffi.INT)
    189. 

  189. ssl_external('BIO_ctrl', [BIO, rffi.INT, rffi.INT, rffi.VOIDP], rffi.INT)
    190. 

  190. ssl_external('SSL_get_rbio', [SSL], BIO)
    191. 

  191. ssl_external('SSL_get_wbio', [SSL], BIO)
    192. 

  192. ssl_external('SSL_set_connect_state', [SSL], lltype.Void)
    193. 

  193. ssl_external('SSL_set_accept_state', [SSL], lltype.Void)
    194. 

  194. ssl_external('SSL_connect', [SSL], rffi.INT)
    195. 

  195. ssl_external('SSL_do_handshake', [SSL], rffi.INT)
    196. 

  196. ssl_external('SSL_shutdown', [SSL], rffi.INT)
    197. 

  197. ssl_external('SSL_get_error', [SSL, rffi.INT], rffi.INT)
    198. 

  198. ssl_external('SSL_get_shutdown', [SSL], rffi.INT)
    199. 

  199. ssl_external('SSL_set_read_ahead', [SSL, rffi.INT], lltype.Void)
    200. 

  200. 

  201. ssl_external('SSL_get_peer_certificate', [SSL], X509)
    202. 

  202. ssl_external('X509_get_subject_name', [X509], X509_NAME)
    203. 

  203. ssl_external('X509_get_issuer_name', [X509], X509_NAME)
    204. 

  204. ssl_external('X509_NAME_oneline', [X509_NAME, rffi.CCHARP, rffi.INT], rffi.CCHARP)
    205. 

  205. ssl_external('X509_NAME_entry_count', [X509_NAME], rffi.INT)
    206. 

  206. ssl_external('X509_NAME_get_entry', [X509_NAME, rffi.INT], X509_NAME_ENTRY)
    207. 

  207. ssl_external('X509_NAME_ENTRY_get_object', [X509_NAME_ENTRY], ASN1_OBJECT)
    208. 

  208. ssl_external('X509_NAME_ENTRY_get_data', [X509_NAME_ENTRY], ASN1_STRING)
    209. 

  209. ssl_external('i2d_X509', [X509, rffi.CCHARPP], rffi.INT)
    210. 

  210. ssl_external('X509_free', [X509], lltype.Void)
    211. 

  211. ssl_external('X509_get_notBefore', [X509], ASN1_TIME, macro=True)
    212. 

  212. ssl_external('X509_get_notAfter', [X509], ASN1_TIME, macro=True)
    213. 

  213. ssl_external('X509_get_serialNumber', [X509], ASN1_INTEGER)
    214. 

  214. ssl_external('X509_get_version', [X509], rffi.INT, macro=True)
    215. 

  215. ssl_external('X509_get_ext_by_NID', [X509, rffi.INT, rffi.INT], rffi.INT)
    216. 

  216. ssl_external('X509_get_ext', [X509, rffi.INT], X509_EXTENSION)
    217. 

  217. ssl_external('X509V3_EXT_get', [X509_EXTENSION], X509V3_EXT_METHOD)
    218. 

  218. 

  219. 

  220. ssl_external('OBJ_obj2txt',
    221. 

  221.              [rffi.CCHARP, rffi.INT, ASN1_OBJECT, rffi.INT], rffi.INT)
    222. 

  222. ssl_external('ASN1_STRING_to_UTF8', [rffi.CCHARPP, ASN1_STRING], rffi.INT)
    223. 

  223. ssl_external('ASN1_TIME_print', [BIO, ASN1_TIME], rffi.INT)
    224. 

  224. ssl_external('i2a_ASN1_INTEGER', [BIO, ASN1_INTEGER], rffi.INT)
    225. 

  225. ssl_external('ASN1_item_d2i', 
    226. 

  226.              [rffi.VOIDP, rffi.CCHARPP, rffi.LONG, ASN1_ITEM], rffi.VOIDP)
    227. 

  227. ssl_external('ASN1_ITEM_ptr', [rffi.VOIDP], ASN1_ITEM, macro=True)
    228. 

  228. 

  229. ssl_external('sk_GENERAL_NAME_num', [GENERAL_NAMES], rffi.INT,
    230. 

  230.              macro=True)
    231. 

  231. ssl_external('sk_GENERAL_NAME_value', [GENERAL_NAMES, rffi.INT], GENERAL_NAME,
    232. 

  232.              macro=True)
    233. 

  233. ssl_external('GENERAL_NAME_print', [BIO, GENERAL_NAME], rffi.INT)
    234. 

  234. ssl_external('pypy_GENERAL_NAME_dirn', [GENERAL_NAME], X509_NAME,
    235. 

  235.              macro=True)
    236. 

  236. 

  237. ssl_external('SSL_get_current_cipher', [SSL], SSL_CIPHER)
    238. 

  238. ssl_external('SSL_CIPHER_get_name', [SSL_CIPHER], rffi.CCHARP)
    239. 

  239. ssl_external('SSL_CIPHER_get_version', [SSL_CIPHER], rffi.CCHARP)
    240. 

  240. ssl_external('SSL_CIPHER_get_bits', [SSL_CIPHER, rffi.INTP], rffi.INT)
    241. 

  241. 

  242. ssl_external('ERR_get_error', [], rffi.INT)
    243. 

  243. ssl_external('ERR_error_string', [rffi.ULONG, rffi.CCHARP], rffi.CCHARP)
    244. 

  244. 

  245. ssl_external('SSL_free', [SSL], lltype.Void)
    246. 

  246. ssl_external('SSL_CTX_free', [SSL_CTX], lltype.Void)
    247. 

  247. ssl_external('CRYPTO_free', [rffi.VOIDP], lltype.Void)
    248. 

  248. libssl_OPENSSL_free = libssl_CRYPTO_free
    249. 

  249. 

  250. ssl_external('SSL_write', [SSL, rffi.CCHARP, rffi.INT], rffi.INT)
    251. 

  251. ssl_external('SSL_pending', [SSL], rffi.INT)
    252. 

  252. ssl_external('SSL_read', [SSL, rffi.CCHARP, rffi.INT], rffi.INT)
    253. 

  253. 

  254. BIO_METHOD = rffi.COpaquePtr('BIO_METHOD')
    255. 

  255. ssl_external('BIO_s_mem', [], BIO_METHOD)
    256. 

  256. ssl_external('BIO_s_file', [], BIO_METHOD)
    257. 

  257. ssl_external('BIO_new', [BIO_METHOD], BIO)
    258. 

  258. ssl_external('BIO_set_nbio', [BIO, rffi.INT], rffi.INT, macro=True)
    259. 

  259. ssl_external('BIO_free', [BIO], rffi.INT)
    260. 

  260. ssl_external('BIO_reset', [BIO], rffi.INT, macro=True)
    261. 

  261. ssl_external('BIO_read_filename', [BIO, rffi.CCHARP], rffi.INT, macro=True)
    262. 

  262. ssl_external('BIO_gets', [BIO, rffi.CCHARP, rffi.INT], rffi.INT)
    263. 

  263. ssl_external('PEM_read_bio_X509_AUX',
    264. 

  264.              [BIO, rffi.VOIDP, rffi.VOIDP, rffi.VOIDP], X509)
    265. 

  265. 

  266. EVP_MD_CTX = rffi.COpaquePtr('EVP_MD_CTX', compilation_info=eci)
    267. 

  267. EVP_MD     = lltype.Ptr(EVP_MD_st)
    268. 

  268. 

  269. OpenSSL_add_all_digests = external(
    270. 

  270.     'OpenSSL_add_all_digests', [], lltype.Void)
    271. 

  271. EVP_get_digestbyname = external(
    272. 

  272.     'EVP_get_digestbyname',
    273. 

  273.     [rffi.CCHARP], EVP_MD)
    274. 

  274. EVP_DigestInit = external(
    275. 

  275.     'EVP_DigestInit',
    276. 

  276.     [EVP_MD_CTX, EVP_MD], rffi.INT)
    277. 

  277. EVP_DigestUpdate = external(
    278. 

  278.     'EVP_DigestUpdate',
    279. 

  279.     [EVP_MD_CTX, rffi.CCHARP, rffi.SIZE_T], rffi.INT)
    280. 

  280. EVP_DigestFinal = external(
    281. 

  281.     'EVP_DigestFinal',
    282. 

  282.     [EVP_MD_CTX, rffi.CCHARP, rffi.VOIDP], rffi.INT)
    283. 

  283. EVP_MD_CTX_copy = external(
    284. 

  284.     'EVP_MD_CTX_copy', [EVP_MD_CTX, EVP_MD_CTX], rffi.INT)
    285. 

  285. EVP_MD_CTX_cleanup = external(
    286. 

  286.     'EVP_MD_CTX_cleanup', [EVP_MD_CTX], rffi.INT, threadsafe=False)
    287. 

  287. 

  288. def init_ssl():
    289. 

  289.     libssl_SSL_load_error_strings()
    290. 

  290.     libssl_SSL_library_init()
    291. 

  291. 

  292. def init_digests():
    293. 

  293.     OpenSSL_add_all_digests()
    294. 

  294.