From b4911f49493b6cb032ef0e44a0451897dd43c9a0 Mon Sep 17 00:00:00 2001 From: mcfreis Date: Mon, 20 Mar 2017 14:14:14 +0100 Subject: [PATCH] Beautified lists and maps, grouped imports for easy merges in the future - no changed functionality! * dtls/openssl.py: - Ordered constants according to header file from openSSL - Beautified __all__-list and map for _make_function() in order to easy merges in the future - Added a few returns in order to evaluate the success of the called methods * dtls/patch.py: Grouped imports in the following order - system, local * dtls/sslconnection.py: ssl protocol not hardcoded anymore for forked objects * dtls/x509.py: logger messages working again --- ChangeLog | 12 ++ dtls/openssl.py | 449 ++++++++++++++++++++++-------------------- dtls/patch.py | 47 ++--- dtls/sslconnection.py | 40 ++-- dtls/x509.py | 27 ++- 5 files changed, 305 insertions(+), 270 deletions(-) diff --git a/ChangeLog b/ChangeLog index 373f614..d41b469 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2017-03-17 Björn Freise + + Beautified lists and maps, grouped imports for easy merges in the future - no changed functionality! + + * dtls/openssl.py: + - Ordered constants according to header file from openSSL + - Beautified __all__-list and map for _make_function() in order to easy merges in the future + - Added a few returns in order to evaluate the success of the called methods + * dtls/patch.py: Grouped imports in the following order - system, local + * dtls/sslconnection.py: ssl protocol not hardcoded anymore for forked objects + * dtls/x509.py: logger messages working again + 2017-02-27 Ray Brown * dtls/openssl.py: support reading directly into given buffer instead of forcing buffer copy (for ssl module compatibility) diff --git a/dtls/openssl.py b/dtls/openssl.py index 4099504..c04520f 100644 --- a/dtls/openssl.py +++ b/dtls/openssl.py @@ -102,26 +102,31 @@ GEN_DIRNAME = 4 NID_subject_alt_name = 85 CRYPTO_LOCK = 1 -# -# Integer constants - internal -# -SSL_CTRL_SET_SESS_CACHE_MODE = 44 -SSL_CTRL_SET_READ_AHEAD = 41 -SSL_CTRL_OPTIONS = 32 -BIO_CTRL_INFO = 3 -BIO_CTRL_DGRAM_SET_CONNECTED = 32 -BIO_CTRL_DGRAM_GET_PEER = 46 -BIO_CTRL_DGRAM_SET_PEER = 44 -BIO_C_SET_NBIO = 102 -DTLS_CTRL_GET_TIMEOUT = 73 -DTLS_CTRL_HANDLE_TIMEOUT = 74 -DTLS_CTRL_LISTEN = 75 -X509_NAME_MAXLEN = 256 -GETS_MAXLEN = 2048 - -# -# Parameter data types -# +# +# Integer constants - internal +# +SSL_CTRL_OPTIONS = 32 +SSL_CTRL_SET_READ_AHEAD = 41 +SSL_CTRL_SET_SESS_CACHE_MODE = 44 + +BIO_CTRL_INFO = 3 +BIO_CTRL_DGRAM_SET_CONNECTED = 32 +BIO_CTRL_DGRAM_SET_PEER = 44 +BIO_CTRL_DGRAM_GET_PEER = 46 + +BIO_C_SET_NBIO = 102 + +DTLS_CTRL_GET_TIMEOUT = 73 +DTLS_CTRL_HANDLE_TIMEOUT = 74 +DTLS_CTRL_LISTEN = 75 + +X509_NAME_MAXLEN = 256 +GETS_MAXLEN = 2048 + + +# +# Parameter data types +# class c_long_parm(object): """Long integer paramter class @@ -467,130 +472,149 @@ def _make_function(name, lib, args, export=True, errcheck="default"): if errcheck: func.errcheck = errcheck globals()[glbl_name] = func - -_subst = {c_long_parm: c_long} -_sigs = {} -__all__ = ["BIO_NOCLOSE", "BIO_CLOSE", - "SSLEAY_VERSION", - "SSL_OP_NO_COMPRESSION", - "SSL_VERIFY_NONE", "SSL_VERIFY_PEER", - "SSL_VERIFY_FAIL_IF_NO_PEER_CERT", "SSL_VERIFY_CLIENT_ONCE", - "SSL_SESS_CACHE_OFF", "SSL_SESS_CACHE_CLIENT", - "SSL_SESS_CACHE_SERVER", "SSL_SESS_CACHE_BOTH", - "SSL_SESS_CACHE_NO_AUTO_CLEAR", "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP", - "SSL_SESS_CACHE_NO_INTERNAL_STORE", "SSL_SESS_CACHE_NO_INTERNAL", - "SSL_FILE_TYPE_PEM", - "GEN_DIRNAME", "NID_subject_alt_name", - "CRYPTO_LOCK", - "CRYPTO_set_locking_callback", - "DTLSv1_get_timeout", "DTLSv1_handle_timeout", - "DTLSv1_listen", - "BIO_gets", "BIO_read", "BIO_get_mem_data", - "BIO_dgram_set_connected", - "BIO_dgram_get_peer", "BIO_dgram_set_peer", - "BIO_set_nbio", - "SSL_CTX_set_session_cache_mode", "SSL_CTX_set_read_ahead", - "SSL_CTX_set_options", - "SSL_read", "SSL_write", - "SSL_CTX_set_cookie_cb", - "OBJ_obj2txt", "decode_ASN1_STRING", "ASN1_TIME_print", - "X509_get_notAfter", - "ASN1_item_d2i", "GENERAL_NAME_print", - "sk_value", - "sk_pop_free", - "i2d_X509"] # note: the following map adds to this list - -map(lambda x: _make_function(*x), ( - ("SSL_library_init", libssl, ((c_int, "ret"),)), - ("SSL_load_error_strings", libssl, ((None, "ret"),)), - ("SSLeay", libcrypto, ((c_long_parm, "ret"),)), - ("SSLeay_version", libcrypto, ((c_char_p, "ret"), (c_int, "t"))), - ("CRYPTO_set_locking_callback", libcrypto, - ((None, "ret"), (c_void_p, "func")), False), - ("CRYPTO_get_id_callback", libcrypto, ((c_void_p, "ret"),), True, None), - ("CRYPTO_num_locks", libcrypto, ((c_int, "ret"),)), - ("DTLSv1_server_method", libssl, ((DTLSv1Method, "ret"),)), - ("DTLSv1_client_method", libssl, ((DTLSv1Method, "ret"),)), - ("SSL_CTX_new", libssl, ((SSLCTX, "ret"), (DTLSv1Method, "meth"))), - ("SSL_CTX_free", libssl, ((None, "ret"), (SSLCTX, "ctx"))), - ("SSL_CTX_set_cookie_generate_cb", libssl, - ((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_gen_cookie_cb")), False), - ("SSL_CTX_set_cookie_verify_cb", libssl, - ((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_verify_cookie_cb")), - False), - ("SSL_new", libssl, ((SSL, "ret"), (SSLCTX, "ctx"))), - ("SSL_free", libssl, ((None, "ret"), (SSL, "ssl"))), - ("SSL_set_bio", libssl, - ((None, "ret"), (SSL, "ssl"), (BIO, "rbio"), (BIO, "wbio"))), - ("BIO_new", libcrypto, ((BIO, "ret"), (BIO_METHOD, "type"))), - ("BIO_s_mem", libcrypto, ((BIO_METHOD, "ret"),)), - ("BIO_new_file", libcrypto, - ((BIO, "ret"), (c_char_p, "filename"), (c_char_p, "mode"))), - ("BIO_new_dgram", libcrypto, - ((BIO, "ret"), (c_int, "fd"), (c_int, "close_flag"))), - ("BIO_free", libcrypto, ((c_int, "ret"), (BIO, "a"))), - ("BIO_gets", libcrypto, - ((c_int, "ret"), (BIO, "b"), (POINTER(c_char), "buf"), (c_int, "size")), - False), - ("BIO_read", libcrypto, - ((c_int, "ret"), (BIO, "b"), (c_void_p, "buf"), (c_int, "len")), False), - ("SSL_CTX_ctrl", libssl, - ((c_long_parm, "ret"), (SSLCTX, "ctx"), (c_int, "cmd"), (c_long, "larg"), - (c_void_p, "parg")), False), - ("BIO_ctrl", libcrypto, - ((c_long_parm, "ret"), (BIO, "bp"), (c_int, "cmd"), (c_long, "larg"), - (c_void_p, "parg")), False), - ("SSL_ctrl", libssl, - ((c_long_parm, "ret"), (SSL, "ssl"), (c_int, "cmd"), (c_long, "larg"), - (c_void_p, "parg")), False), - ("ERR_get_error", libcrypto, ((c_long_parm, "ret"),), False), - ("ERR_error_string_n", libcrypto, - ((None, "ret"), (c_ulong, "e"), (c_char_p, "buf"), (c_size_t, "len")), - False), - ("SSL_get_error", libssl, ((c_int, "ret"), (SSL, "ssl"), (c_int, "ret")), - False, None), - ("SSL_CTX_set_cipher_list", libssl, - ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "str"))), - ("SSL_CTX_use_certificate_file", libssl, + +_subst = {c_long_parm: c_long} +_sigs = {} +__all__ = [ + # Constants + "BIO_NOCLOSE", "BIO_CLOSE", + "SSLEAY_VERSION", + "SSL_OP_NO_COMPRESSION", + "SSL_VERIFY_NONE", "SSL_VERIFY_PEER", + "SSL_VERIFY_FAIL_IF_NO_PEER_CERT", "SSL_VERIFY_CLIENT_ONCE", + "SSL_SESS_CACHE_OFF", "SSL_SESS_CACHE_CLIENT", + "SSL_SESS_CACHE_SERVER", "SSL_SESS_CACHE_BOTH", + "SSL_SESS_CACHE_NO_AUTO_CLEAR", "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP", + "SSL_SESS_CACHE_NO_INTERNAL_STORE", "SSL_SESS_CACHE_NO_INTERNAL", + "SSL_FILE_TYPE_PEM", + "GEN_DIRNAME", "NID_subject_alt_name", + "CRYPTO_LOCK", + # Methods + "CRYPTO_set_locking_callback", + "DTLSv1_get_timeout", "DTLSv1_handle_timeout", + "DTLSv1_listen", + "BIO_gets", "BIO_read", "BIO_get_mem_data", + "BIO_dgram_set_connected", + "BIO_dgram_get_peer", "BIO_dgram_set_peer", + "BIO_set_nbio", + "SSL_CTX_set_session_cache_mode", "SSL_CTX_set_read_ahead", + "SSL_CTX_set_options", + "SSL_read", "SSL_write", + "SSL_CTX_set_cookie_cb", + "OBJ_obj2txt", "decode_ASN1_STRING", "ASN1_TIME_print", + "X509_get_notAfter", + "ASN1_item_d2i", "GENERAL_NAME_print", + "sk_value", + "sk_pop_free", + "i2d_X509", +] # note: the following map adds to this list + +map(lambda x: _make_function(*x), ( + ("SSL_library_init", libssl, + ((c_int, "ret"),)), + ("SSL_load_error_strings", libssl, + ((None, "ret"),)), + ("SSLeay", libcrypto, + ((c_long_parm, "ret"),)), + ("SSLeay_version", libcrypto, + ((c_char_p, "ret"), (c_int, "t"))), + ("CRYPTO_set_locking_callback", libcrypto, + ((None, "ret"), (c_void_p, "func")), False), + ("CRYPTO_get_id_callback", libcrypto, + ((c_void_p, "ret"),), True, None), + ("CRYPTO_num_locks", libcrypto, + ((c_int, "ret"),)), + ("DTLSv1_server_method", libssl, + ((DTLSv1Method, "ret"),)), + ("DTLSv1_client_method", libssl, + ((DTLSv1Method, "ret"),)), + ("SSL_CTX_new", libssl, + ((SSLCTX, "ret"), (DTLSv1Method, "meth"))), + ("SSL_CTX_free", libssl, + ((None, "ret"), (SSLCTX, "ctx"))), + ("SSL_CTX_set_cookie_generate_cb", libssl, + ((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_gen_cookie_cb")), False), + ("SSL_CTX_set_cookie_verify_cb", libssl, + ((None, "ret"), (SSLCTX, "ctx"), (c_void_p, "app_verify_cookie_cb")), False), + ("SSL_new", libssl, + ((SSL, "ret"), (SSLCTX, "ctx"))), + ("SSL_free", libssl, + ((None, "ret"), (SSL, "ssl"))), + ("SSL_set_bio", libssl, + ((None, "ret"), (SSL, "ssl"), (BIO, "rbio"), (BIO, "wbio"))), + ("BIO_new", libcrypto, + ((BIO, "ret"), (BIO_METHOD, "type"))), + ("BIO_s_mem", libcrypto, + ((BIO_METHOD, "ret"),)), + ("BIO_new_file", libcrypto, + ((BIO, "ret"), (c_char_p, "filename"), (c_char_p, "mode"))), + ("BIO_new_dgram", libcrypto, + ((BIO, "ret"), (c_int, "fd"), (c_int, "close_flag"))), + ("BIO_free", libcrypto, + ((c_int, "ret"), (BIO, "a"))), + ("BIO_gets", libcrypto, + ((c_int, "ret"), (BIO, "b"), (POINTER(c_char), "buf"), (c_int, "size")), False), + ("BIO_read", libcrypto, + ((c_int, "ret"), (BIO, "b"), (c_void_p, "buf"), (c_int, "len")), False), + ("SSL_CTX_ctrl", libssl, + ((c_long_parm, "ret"), (SSLCTX, "ctx"), (c_int, "cmd"), (c_long, "larg"), (c_void_p, "parg")), False), + ("BIO_ctrl", libcrypto, + ((c_long_parm, "ret"), (BIO, "bp"), (c_int, "cmd"), (c_long, "larg"), (c_void_p, "parg")), False), + ("SSL_ctrl", libssl, + ((c_long_parm, "ret"), (SSL, "ssl"), (c_int, "cmd"), (c_long, "larg"), (c_void_p, "parg")), False), + ("ERR_get_error", libcrypto, + ((c_long_parm, "ret"),), False), + ("ERR_error_string_n", libcrypto, + ((None, "ret"), (c_ulong, "e"), (c_char_p, "buf"), (c_size_t, "len")), False), + ("SSL_get_error", libssl, + ((c_int, "ret"), (SSL, "ssl"), (c_int, "ret")), False, None), + ("SSL_CTX_set_cipher_list", libssl, + ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "str"))), + ("SSL_CTX_use_certificate_file", libssl, ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"), (c_int, "type"))), ("SSL_CTX_use_certificate_chain_file", libssl, ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"))), - ("SSL_CTX_use_PrivateKey_file", libssl, - ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"), (c_int, "type"))), - ("SSL_CTX_load_verify_locations", libssl, - ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "CAfile"), - (c_char_p, "CApath"))), - ("SSL_CTX_set_verify", libssl, - ((None, "ret"), (SSLCTX, "ctx"), (c_int, "mode"), - (c_void_p, "verify_callback", 1, None))), - ("SSL_accept", libssl, ((c_int, "ret"), (SSL, "ssl"))), - ("SSL_connect", libssl, ((c_int, "ret"), (SSL, "ssl"))), - ("SSL_set_connect_state", libssl, ((None, "ret"), (SSL, "ssl"))), - ("SSL_set_accept_state", libssl, ((None, "ret"), (SSL, "ssl"))), - ("SSL_do_handshake", libssl, ((c_int, "ret"), (SSL, "ssl"))), - ("SSL_get_peer_certificate", libssl, ((X509, "ret"), (SSL, "ssl"))), - ("SSL_read", libssl, - ((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False), - ("SSL_write", libssl, - ((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False), - ("SSL_pending", libssl, ((c_int, "ret"), (SSL, "ssl")), True, None), - ("SSL_shutdown", libssl, ((c_int, "ret"), (SSL, "ssl"))), - ("SSL_set_read_ahead", libssl, - ((None, "ret"), (SSL, "ssl"), (c_int, "yes"))), - ("X509_free", libcrypto, ((None, "ret"), (X509, "a"))), - ("PEM_read_bio_X509_AUX", libcrypto, - ((X509, "ret"), (BIO, "bp"), (c_void_p, "x", 1, None), - (c_void_p, "cb", 1, None), (c_void_p, "u", 1, None))), - ("OBJ_obj2txt", libcrypto, - ((c_int, "ret"), (POINTER(c_char), "buf"), (c_int, "buf_len"), - (ASN1_OBJECT, "a"), (c_int, "no_name")), False), - ("CRYPTO_free", libcrypto, ((None, "ret"), (c_void_p, "ptr"))), - ("ASN1_STRING_to_UTF8", libcrypto, - ((c_int, "ret"), (POINTER(POINTER(c_ubyte)), "out"), (ASN1_STRING, "in")), - False), - ("X509_NAME_entry_count", libcrypto, - ((c_int, "ret"), (POINTER(X509_name_st), "name")), True, None), - ("X509_NAME_get_entry", libcrypto, + ("SSL_CTX_use_PrivateKey_file", libssl, + ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "file"), (c_int, "type"))), + ("SSL_CTX_load_verify_locations", libssl, + ((c_int, "ret"), (SSLCTX, "ctx"), (c_char_p, "CAfile"), (c_char_p, "CApath"))), + ("SSL_CTX_set_verify", libssl, + ((None, "ret"), (SSLCTX, "ctx"), (c_int, "mode"), (c_void_p, "verify_callback", 1, None))), + ("SSL_accept", libssl, + ((c_int, "ret"), (SSL, "ssl"))), + ("SSL_connect", libssl, + ((c_int, "ret"), (SSL, "ssl"))), + ("SSL_set_connect_state", libssl, + ((None, "ret"), (SSL, "ssl"))), + ("SSL_set_accept_state", libssl, + ((None, "ret"), (SSL, "ssl"))), + ("SSL_do_handshake", libssl, + ((c_int, "ret"), (SSL, "ssl"))), + ("SSL_get_peer_certificate", libssl, + ((X509, "ret"), (SSL, "ssl"))), + ("SSL_read", libssl, + ((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False), + ("SSL_write", libssl, + ((c_int, "ret"), (SSL, "ssl"), (c_void_p, "buf"), (c_int, "num")), False), + ("SSL_pending", libssl, + ((c_int, "ret"), (SSL, "ssl")), True, None), + ("SSL_shutdown", libssl, + ((c_int, "ret"), (SSL, "ssl"))), + ("SSL_set_read_ahead", libssl, + ((None, "ret"), (SSL, "ssl"), (c_int, "yes"))), + ("X509_free", libcrypto, + ((None, "ret"), (X509, "a"))), + ("PEM_read_bio_X509_AUX", libcrypto, + ((X509, "ret"), (BIO, "bp"), (c_void_p, "x", 1, None), (c_void_p, "cb", 1, None), (c_void_p, "u", 1, None))), + ("OBJ_obj2txt", libcrypto, + ((c_int, "ret"), (POINTER(c_char), "buf"), (c_int, "buf_len"), (ASN1_OBJECT, "a"), (c_int, "no_name")), False), + ("CRYPTO_free", libcrypto, + ((None, "ret"), (c_void_p, "ptr"))), + ("ASN1_STRING_to_UTF8", libcrypto, + ((c_int, "ret"), (POINTER(POINTER(c_ubyte)), "out"), (ASN1_STRING, "in")), False), + ("X509_NAME_entry_count", libcrypto, + ((c_int, "ret"), (POINTER(X509_name_st), "name")), True, None), + ("X509_NAME_get_entry", libcrypto, ((POINTER(X509_NAME_ENTRY), "ret"), (POINTER(X509_name_st), "name"), (c_int, "loc")), True, errcheck_p), ("X509_NAME_ENTRY_get_object", libcrypto, @@ -599,40 +623,37 @@ map(lambda x: _make_function(*x), ( ((ASN1_STRING, "ret"), (POINTER(X509_NAME_ENTRY), "ne"))), ("X509_get_subject_name", libcrypto, ((POINTER(X509_name_st), "ret"), (X509, "a")), True, errcheck_p), - ("ASN1_TIME_print", libcrypto, - ((c_int, "ret"), (BIO, "fp"), (ASN1_TIME, "a")), False), - ("X509_get_ext_by_NID", libcrypto, - ((c_int, "ret"), (X509, "x"), (c_int, "nid"), (c_int, "lastpos")), - True, None), - ("X509_get_ext", libcrypto, - ((POINTER(X509_EXTENSION), "ret"), (X509, "x"), (c_int, "loc")), - True, errcheck_p), - ("X509V3_EXT_get", libcrypto, - ((POINTER(X509V3_EXT_METHOD), "ret"), (POINTER(X509_EXTENSION), "ext")), - True, errcheck_p), - ("ASN1_item_d2i", libcrypto, - ((c_void_p, "ret"), (c_void_p, "val"), (POINTER(POINTER(c_ubyte)), "in"), - (c_long, "len"), (c_void_p, "it")), False, None), - ("sk_num", libcrypto, ((c_int, "ret"), (STACK, "stack")), True, None), - ("sk_value", libcrypto, - ((c_void_p, "ret"), (STACK, "stack"), (c_int, "loc")), False), - ("GENERAL_NAME_print", libcrypto, - ((c_int, "ret"), (BIO, "out"), (POINTER(GENERAL_NAME), "gen")), False), - ("sk_pop_free", libcrypto, - ((None, "ret"), (STACK, "st"), (c_void_p, "func")), False), - ("i2d_X509_bio", libcrypto, ((c_int, "ret"), (BIO, "bp"), (X509, "x")), - False), - ("SSL_get_current_cipher", libssl, ((SSL_CIPHER, "ret"), (SSL, "ssl"))), - ("SSL_CIPHER_get_name", libssl, - ((c_char_p, "ret"), (SSL_CIPHER, "cipher"))), - ("SSL_CIPHER_get_version", libssl, - ((c_char_p, "ret"), (SSL_CIPHER, "cipher"))), - ("SSL_CIPHER_get_bits", libssl, - ((c_int, "ret"), (SSL_CIPHER, "cipher"), - (POINTER(c_int), "alg_bits", 1, None)), True, None), - )) - -# + ("ASN1_TIME_print", libcrypto, + ((c_int, "ret"), (BIO, "fp"), (ASN1_TIME, "a")), False), + ("X509_get_ext_by_NID", libcrypto, + ((c_int, "ret"), (X509, "x"), (c_int, "nid"), (c_int, "lastpos")), True, None), + ("X509_get_ext", libcrypto, + ((POINTER(X509_EXTENSION), "ret"), (X509, "x"), (c_int, "loc")), True, errcheck_p), + ("X509V3_EXT_get", libcrypto, + ((POINTER(X509V3_EXT_METHOD), "ret"), (POINTER(X509_EXTENSION), "ext")), True, errcheck_p), + ("ASN1_item_d2i", libcrypto, + ((c_void_p, "ret"), (c_void_p, "val"), (POINTER(POINTER(c_ubyte)), "in"), (c_long, "len"), (c_void_p, "it")), False, None), + ("sk_num", libcrypto, + ((c_int, "ret"), (STACK, "stack")), True, None), + ("sk_value", libcrypto, + ((c_void_p, "ret"), (STACK, "stack"), (c_int, "loc")), False), + ("GENERAL_NAME_print", libcrypto, + ((c_int, "ret"), (BIO, "out"), (POINTER(GENERAL_NAME), "gen")), False), + ("sk_pop_free", libcrypto, + ((None, "ret"), (STACK, "st"), (c_void_p, "func")), False), + ("i2d_X509_bio", libcrypto, + ((c_int, "ret"), (BIO, "bp"), (X509, "x")), False), + ("SSL_get_current_cipher", libssl, + ((SSL_CIPHER, "ret"), (SSL, "ssl"))), + ("SSL_CIPHER_get_name", libssl, + ((c_char_p, "ret"), (SSL_CIPHER, "cipher"))), + ("SSL_CIPHER_get_version", libssl, + ((c_char_p, "ret"), (SSL_CIPHER, "cipher"))), + ("SSL_CIPHER_get_bits", libssl, + ((c_int, "ret"), (SSL_CIPHER, "cipher"), (POINTER(c_int), "alg_bits", 1, None)), True, None), + )) + +# # Wrappers - functions generally equivalent to OpenSSL library macros # _rvoid_int_int_charp_int = CFUNCTYPE(None, c_int, c_int, c_char_p, c_int) @@ -647,21 +668,21 @@ def CRYPTO_set_locking_callback(locking_function): global _locking_cb # for keep-alive _locking_cb = _rvoid_int_int_charp_int(py_locking_function) _CRYPTO_set_locking_callback(_locking_cb) - -def SSL_CTX_set_session_cache_mode(ctx, mode): - # Returns the previous value of mode - _SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, mode, None) - -def SSL_CTX_set_read_ahead(ctx, m): - # Returns the previous value of m - _SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, None) - -def SSL_CTX_set_options(ctx, options): - # Returns the new option bitmaks after adding the given options - _SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, options, None) - -_rint_voidp_ubytep_uintp = CFUNCTYPE(c_int, c_void_p, POINTER(c_ubyte), - POINTER(c_uint)) + +def SSL_CTX_set_session_cache_mode(ctx, mode): + # Returns the previous value of mode + return _SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, mode, None) + +def SSL_CTX_set_read_ahead(ctx, m): + # Returns the previous value of m + return _SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, None) + +def SSL_CTX_set_options(ctx, options): + # Returns the new option bitmaks after adding the given options + return _SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, options, None) + +_rint_voidp_ubytep_uintp = CFUNCTYPE(c_int, c_void_p, POINTER(c_ubyte), + POINTER(c_uint)) _rint_voidp_ubytep_uint = CFUNCTYPE(c_int, c_void_p, POINTER(c_ubyte), c_uint) def SSL_CTX_set_cookie_cb(ctx, generate, verify): @@ -690,25 +711,25 @@ def SSL_CTX_set_cookie_cb(ctx, generate, verify): _SSL_CTX_set_cookie_generate_cb(ctx, gen_cb) _SSL_CTX_set_cookie_verify_cb(ctx, ver_cb) return gen_cb, ver_cb - -def BIO_dgram_set_connected(bio, peer_address): - su = sockaddr_u_from_addr_tuple(peer_address) - _BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_CONNECTED, 0, byref(su)) - -def BIO_dgram_get_peer(bio): - su = sockaddr_u() + +def BIO_dgram_set_connected(bio, peer_address): + su = sockaddr_u_from_addr_tuple(peer_address) + return _BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_CONNECTED, 0, byref(su)) + +def BIO_dgram_get_peer(bio): + su = sockaddr_u() _BIO_ctrl(bio, BIO_CTRL_DGRAM_GET_PEER, 0, byref(su)) return addr_tuple_from_sockaddr_u(su) - -def BIO_dgram_set_peer(bio, peer_address): - su = sockaddr_u_from_addr_tuple(peer_address) - _BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_PEER, 0, byref(su)) - -def BIO_set_nbio(bio, n): - _BIO_ctrl(bio, BIO_C_SET_NBIO, 1 if n else 0, None) - -def DTLSv1_get_timeout(ssl): - tv = TIMEVAL() + +def BIO_dgram_set_peer(bio, peer_address): + su = sockaddr_u_from_addr_tuple(peer_address) + return _BIO_ctrl(bio, BIO_CTRL_DGRAM_SET_PEER, 0, byref(su)) + +def BIO_set_nbio(bio, n): + return _BIO_ctrl(bio, BIO_C_SET_NBIO, 1 if n else 0, None) + +def DTLSv1_get_timeout(ssl): + tv = TIMEVAL() ret = _SSL_ctrl(ssl, DTLS_CTRL_GET_TIMEOUT, 0, byref(tv)) if ret != 1: return @@ -724,13 +745,13 @@ def DTLSv1_handle_timeout(ssl): return True # There was an error: either too many timeouts have occurred or a # retransmission failed - assert ret < 0 - if ret > 0: - ret = -10 - errcheck_p(ret, _SSL_ctrl, (ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, None)) - -def DTLSv1_listen(ssl): - su = sockaddr_u() + assert ret < 0 + if ret > 0: + ret = -10 + return errcheck_p(ret, _SSL_ctrl, (ssl, DTLS_CTRL_HANDLE_TIMEOUT, 0, None)) + +def DTLSv1_listen(ssl): + su = sockaddr_u() ret = _SSL_ctrl(ssl, DTLS_CTRL_LISTEN, 0, byref(su)) errcheck_ord(ret, _SSL_ctrl, (ssl, DTLS_CTRL_LISTEN, 0, byref(su))) return addr_tuple_from_sockaddr_u(su) diff --git a/dtls/patch.py b/dtls/patch.py index acd54dd..f90132b 100644 --- a/dtls/patch.py +++ b/dtls/patch.py @@ -31,22 +31,23 @@ has the following effects: * Direct instantiation of SSLSocket as well as instantiation through ssl.wrap_socket are supported * Invocation of the function get_server_certificate with a value of - PROTOCOL_DTLSv1 for the parameter ssl_version is supported -""" - -from socket import SOCK_DGRAM, socket, _delegate_methods, error as socket_error -from socket import AF_INET, SOCK_STREAM, SOCK_DGRAM, getaddrinfo -from sslconnection import SSLConnection, PROTOCOL_DTLSv1, CERT_NONE -from sslconnection import DTLS_OPENSSL_VERSION_NUMBER, DTLS_OPENSSL_VERSION -from sslconnection import DTLS_OPENSSL_VERSION_INFO -from err import raise_as_ssl_module_error -from types import MethodType -from weakref import proxy -import errno - -def do_patch(): - import ssl as _ssl # import to be avoided if ssl module is never patched - global _orig_SSLSocket_init, _orig_get_server_certificate + PROTOCOL_DTLSv1 for the parameter ssl_version is supported +""" + +from socket import socket, getaddrinfo, _delegate_methods, error as socket_error +from socket import AF_INET, SOCK_STREAM, SOCK_DGRAM +from types import MethodType +from weakref import proxy +import errno + +from sslconnection import SSLConnection, PROTOCOL_DTLSv1, CERT_NONE +from sslconnection import DTLS_OPENSSL_VERSION_NUMBER, DTLS_OPENSSL_VERSION, DTLS_OPENSSL_VERSION_INFO +from err import raise_as_ssl_module_error + + +def do_patch(): + import ssl as _ssl # import to be avoided if ssl module is never patched + global _orig_SSLSocket_init, _orig_get_server_certificate global ssl ssl = _ssl if hasattr(ssl, "PROTOCOL_DTLSv1"): @@ -73,13 +74,13 @@ def _get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None): If 'ssl_version' is specified, use it in the connection attempt. """ - if ssl_version != PROTOCOL_DTLSv1: - return _orig_get_server_certificate(addr, ssl_version, ca_certs) - - if (ca_certs is not None): - cert_reqs = ssl.CERT_REQUIRED - else: - cert_reqs = ssl.CERT_NONE + if ssl_version != PROTOCOL_DTLSv1: + return _orig_get_server_certificate(addr, ssl_version, ca_certs) + + if ca_certs is not None: + cert_reqs = ssl.CERT_REQUIRED + else: + cert_reqs = ssl.CERT_NONE af = getaddrinfo(addr[0], addr[1])[0][0] s = ssl.wrap_socket(socket(af, SOCK_DGRAM), ssl_version=ssl_version, diff --git a/dtls/sslconnection.py b/dtls/sslconnection.py index 09fc3dc..2b6caf2 100644 --- a/dtls/sslconnection.py +++ b/dtls/sslconnection.py @@ -45,12 +45,13 @@ import socket import hmac import datetime from logging import getLogger -from os import urandom -from select import select -from weakref import proxy -from err import openssl_error, InvalidSocketError -from err import raise_ssl_error -from err import SSL_ERROR_WANT_READ, SSL_ERROR_SYSCALL +from os import urandom +from select import select +from weakref import proxy + +from err import openssl_error, InvalidSocketError +from err import raise_ssl_error +from err import SSL_ERROR_WANT_READ, SSL_ERROR_SYSCALL from err import ERR_COOKIE_MISMATCH, ERR_NO_CERTS from err import ERR_NO_CIPHER, ERR_HANDSHAKE_TIMEOUT, ERR_PORT_UNREACHABLE from err import ERR_READ_TIMEOUT, ERR_WRITE_TIMEOUT @@ -331,12 +332,13 @@ class SSLConnection(object): ciphers = "DEFAULT" self._sock = sock - self._keyfile = keyfile - self._certfile = certfile - self._cert_reqs = cert_reqs - self._ca_certs = ca_certs - self._do_handshake_on_connect = do_handshake_on_connect - self._suppress_ragged_eofs = suppress_ragged_eofs + self._keyfile = keyfile + self._certfile = certfile + self._cert_reqs = cert_reqs + self._ssl_version = ssl_version + self._ca_certs = ca_certs + self._do_handshake_on_connect = do_handshake_on_connect + self._suppress_ragged_eofs = suppress_ragged_eofs self._ciphers = ciphers self._handshake_done = False self._wbio_nb = self._rbio_nb = False @@ -459,13 +461,13 @@ class SSLConnection(object): if not self._pending_peer_address: if not self.listen(): - _logger.debug("Accept returning without connection") - return - new_conn = SSLConnection(self, self._keyfile, self._certfile, True, - self._cert_reqs, PROTOCOL_DTLSv1, - self._ca_certs, self._do_handshake_on_connect, - self._suppress_ragged_eofs, self._ciphers) - new_peer = self._pending_peer_address + _logger.debug("Accept returning without connection") + return + new_conn = SSLConnection(self, self._keyfile, self._certfile, True, + self._cert_reqs, self._ssl_version, + self._ca_certs, self._do_handshake_on_connect, + self._suppress_ragged_eofs, self._ciphers) + new_peer = self._pending_peer_address self._pending_peer_address = None if self._do_handshake_on_connect: # Note that since that connection's socket was just created in its diff --git a/dtls/x509.py b/dtls/x509.py index bb194ae..311d73b 100644 --- a/dtls/x509.py +++ b/dtls/x509.py @@ -40,24 +40,23 @@ _logger = getLogger(__name__) class _X509(_Rsrc): """Wrapper for the cryptographic library's X509 resource""" def __init__(self, value): - super(_X509, self).__init__(value) - - def __del__(self): - _logger.debug("Freeing X509: %d", self._value._as_parameter) - X509_free(self._value) - self._value = None - + super(_X509, self).__init__(value) + + def __del__(self): + _logger.debug("Freeing X509: %d", self.raw) + X509_free(self._value) + self._value = None + class _STACK(_Rsrc): """Wrapper for the cryptographic library's stacks""" def __init__(self, value): - super(_STACK, self).__init__(value) - - def __del__(self): - _logger.debug("Freeing stack: %d", self._value._as_parameter) - sk_pop_free(self._value) - self._value = None - + super(_STACK, self).__init__(value) + + def __del__(self): + _logger.debug("Freeing stack: %d", self.raw) + sk_pop_free(self._value) + self._value = None def decode_cert(cert): """Convert an X509 certificate into a Python dictionary