def setup_ssl(self):
# Make a BIO_s_socket.
self.sockbio = m2.bio_new_socket(self.socket.fileno(), 0)
# Link SSL struct with the BIO_socket.
m2.ssl_set_bio(self.ssl, self.sockbio, self.sockbio)
# Make a BIO_f_ssl.
self.sslbio = m2.bio_new(m2.bio_f_ssl())
# Link BIO_f_ssl with the SSL struct.
m2.bio_set_ssl(self.sslbio, self.ssl, m2.bio_noclose)
def setup_ssl(self):
# Make a BIO_s_socket.
self.sockbio = m2.bio_new_socket(self.socket.fileno(), 0)
# Link SSL struct with the BIO_socket.
m2.ssl_set_bio(self.ssl, self.sockbio, self.sockbio)
# Make a BIO_f_ssl.
self.sslbio = m2.bio_new(m2.bio_f_ssl())
# Link BIO_f_ssl with the SSL struct.
m2.bio_set_ssl(self.sslbio, self.ssl, m2.bio_noclose)
def __init__(self, under_bio, mode='rwb', _pyfree=1):
BIO.__init__(self, _pyfree=_pyfree)
self.io = m2.bio_new(m2.bio_f_buffer())
self.bio = m2.bio_push(self.io, under_bio._ptr())
# This reference keeps the underlying BIO alive while we're not closed.
self._under_bio = under_bio
if 'w' in mode:
self.write_closed = 0
else:
self.write_closed = 1
def __init__(self, under_bio, mode='rwb', _pyfree=1):
BIO.__init__(self, _pyfree=_pyfree)
self.io = m2.bio_new(m2.bio_f_buffer())
self.bio = m2.bio_push(self.io, under_bio._ptr())
# This reference keeps the underlying BIO alive while we're not closed.
self._under_bio = under_bio
if 'w' in mode:
self.write_closed = 0
else:
self.write_closed = 1
def __init__(self, data=None):
# type: (Optional[bytes]) -> None
super(MemoryBuffer, self).__init__(self)
if data is not None and not isinstance(data, bytes):
raise TypeError("data must be bytes or None, not %s" %
(type(data).__name__, ))
self.bio = m2.bio_new(m2.bio_s_mem())
self._pyfree = 1
if data is not None:
m2.bio_write(self.bio, data)
def __init__(self, data=None):
# type: (Optional[bytes]) -> None
super(MemoryBuffer, self).__init__(self)
if data is not None and not isinstance(data, bytes):
raise TypeError(
"data must be bytes or None, not %s" % (type(data).__name__, ))
self.bio = m2.bio_new(m2.bio_s_mem())
self._pyfree = 1
if data is not None:
m2.bio_write(self.bio, data)
def startTLS(self, ctx):
"""
Start SSL/TLS. If this is not called, this instance just passes data
through untouched.
"""
# NOTE: This method signature must match the startTLS() method Twisted
# expects transports to have. This will be called automatically
# by Twisted in STARTTLS situations, for example with SMTP.
if self.tlsStarted:
raise Exception, 'TLS already started'
if debug:
print 'TwistedProtocolWrapper.startTLS'
self.ctx = ctx
self.internalBio = m2.bio_new(m2.bio_s_bio())
m2.bio_set_write_buf_size(self.internalBio, 0)
self.networkBio = _BioProxy(m2.bio_new(m2.bio_s_bio()))
m2.bio_set_write_buf_size(self.networkBio._ptr(), 0)
m2.bio_make_bio_pair(self.internalBio, self.networkBio._ptr())
self.sslBio = _BioProxy(m2.bio_new(m2.bio_f_ssl()))
self.ssl = _SSLProxy(m2.ssl_new(self.ctx.ctx))
if self.isClient:
m2.ssl_set_connect_state(self.ssl._ptr())
else:
m2.ssl_set_accept_state(self.ssl._ptr())
m2.ssl_set_bio(self.ssl._ptr(), self.internalBio, self.internalBio)
m2.bio_set_ssl(self.sslBio._ptr(), self.ssl._ptr(), m2.bio_noclose)
# Need this for writes that are larger than BIO pair buffers
mode = m2.ssl_get_mode(self.ssl._ptr())
m2.ssl_set_mode(self.ssl._ptr(),
mode |
m2.SSL_MODE_ENABLE_PARTIAL_WRITE |
m2.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
self.tlsStarted = 1
def startTLS(self, ctx):
"""
Start SSL/TLS. If this is not called, this instance just passes data
through untouched.
"""
# NOTE: This method signature must match the startTLS() method Twisted
# expects transports to have. This will be called automatically
# by Twisted in STARTTLS situations, for example with SMTP.
if self.tlsStarted:
raise Exception, 'TLS already started'
if debug:
print 'TwistedProtocolWrapper.startTLS'
self.ctx = ctx
self.internalBio = m2.bio_new(m2.bio_s_bio())
m2.bio_set_write_buf_size(self.internalBio, 0)
self.networkBio = m2.bio_new(m2.bio_s_bio())
m2.bio_set_write_buf_size(self.networkBio, 0)
m2.bio_make_bio_pair(self.internalBio, self.networkBio)
self.sslBio = _SSLBioProxy(m2.bio_new(m2.bio_f_ssl()))
self.ssl = _SSLProxy(m2.ssl_new(self.ctx.ctx))
if self.isClient:
m2.ssl_set_connect_state(self.ssl._ptr())
else:
m2.ssl_set_accept_state(self.ssl._ptr())
m2.ssl_set_bio(self.ssl._ptr(), self.internalBio, self.internalBio)
m2.bio_set_ssl(self.sslBio._ptr(), self.ssl._ptr(), m2.bio_noclose)
# Need this for writes that are larger than BIO pair buffers
mode = m2.ssl_get_mode(self.ssl._ptr())
m2.ssl_set_mode(
self.ssl._ptr(), mode | m2.SSL_MODE_ENABLE_PARTIAL_WRITE
| m2.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
self.tlsStarted = 1
def c_style(HOST, PORT, req):
# Set up SSL context.
ctx = m2.ssl_ctx_new(m2.sslv3_method())
m2.ssl_ctx_use_cert(ctx, 'client.pem')
m2.ssl_ctx_use_privkey(ctx, 'client.pem')
# Make the socket connection.
s = socket(AF_INET, SOCK_STREAM)
s.connect((HOST, PORT))
# Set up the SSL connection.
sbio = m2.bio_new_socket(s.fileno(), 0)
ssl = m2.ssl_new(ctx)
m2.ssl_set_bio(ssl, sbio, sbio)
m2.ssl_connect(ssl)
sslbio = m2.bio_new(m2.bio_f_ssl())
m2.bio_set_ssl(sslbio, ssl, 0)
# Push a buffering BIO over the SSL BIO.
iobuf = m2.bio_new(m2.bio_f_buffer())
topbio = m2.bio_push(iobuf, sslbio)
# Send the request.
m2.bio_write(sslbio, req)
# Receive the response.
while 1:
data = m2.bio_gets(topbio, 4096)
if not data: break
sys.stdout.write(data)
# Cleanup. May be missing some necessary steps. ;-|
m2.bio_pop(topbio)
m2.bio_free(iobuf)
m2.ssl_shutdown(ssl)
m2.ssl_free(ssl)
m2.ssl_ctx_free(ctx)
s.close()
def c_style(HOST, PORT, req):
# Set up SSL context.
ctx = m2.ssl_ctx_new(m2.sslv3_method())
m2.ssl_ctx_use_cert(ctx, 'client.pem')
m2.ssl_ctx_use_privkey(ctx, 'client.pem')
# Make the socket connection.
s = socket(AF_INET, SOCK_STREAM)
s.connect((HOST, PORT))
# Set up the SSL connection.
sbio = m2.bio_new_socket(s.fileno(), 0)
ssl = m2.ssl_new(ctx)
m2.ssl_set_bio(ssl, sbio, sbio)
m2.ssl_connect(ssl)
sslbio = m2.bio_new(m2.bio_f_ssl())
m2.bio_set_ssl(sslbio, ssl, 0)
# Push a buffering BIO over the SSL BIO.
iobuf = m2.bio_new(m2.bio_f_buffer())
topbio = m2.bio_push(iobuf, sslbio)
# Send the request.
m2.bio_write(sslbio, req)
# Receive the response.
while 1:
data = m2.bio_gets(topbio, 4096)
if not data: break
sys.stdout.write(data)
# Cleanup. May be missing some necessary steps. ;-|
m2.bio_pop(topbio)
m2.bio_free(iobuf)
m2.ssl_shutdown(ssl)
m2.ssl_free(ssl)
m2.ssl_ctx_free(ctx)
s.close()
def __init__(self, obio):
# type: (BIO) -> None
BIO.__init__(self, _pyfree=1)
self.obio = obio
self.bio = m2.bio_new(m2.bio_f_cipher())
self.closed = 0
def __init__(self, _pyfree=1):
# type: (int) -> None
BIO.__init__(self, _pyfree=_pyfree)
self.bio = m2.bio_new(m2.bio_f_ssl())
self.closed = 0
#!/usr/bin/env python2.0
"""Demonstrates the use of m2.bio_set_mem_eof_return().
Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved."""
from M2Crypto import m2
m2.lib_init()
use_mem = 1
if use_mem:
bio = m2.bio_new(m2.bio_s_mem())
else:
bio = m2.bio_new_file('XXX', 'wb')
ciph = m2.bf_cbc()
filt = m2.bio_new(m2.bio_f_cipher())
m2.bio_set_cipher(filt, ciph, 'key', 'iv', 1)
m2.bio_push(filt, bio)
m2.bio_write(filt, '12345678901234567890')
m2.bio_flush(filt)
m2.bio_pop(filt)
m2.bio_free(filt)
if use_mem:
m2.bio_set_mem_eof_return(bio, 0)
xxx = m2.bio_read(bio, 100)
print `xxx`, len(xxx)
m2.bio_free(bio)
if use_mem:
bio = m2.bio_new(m2.bio_s_mem())
m2.bio_write(bio, xxx)
def __init__(self, _pyfree=1):
# type: (int) -> None
BIO.__init__(self, _pyfree=_pyfree)
self.bio = m2.bio_new(m2.bio_f_ssl())
self.closed = 0
def __init__(self, obio):
# type: (BIO) -> None
BIO.__init__(self, _pyfree=1)
self.obio = obio
self.bio = m2.bio_new(m2.bio_f_cipher())
self.closed = 0
# || \/ |
# Application buffer <===> TLS read/write/etc
# | /\ ||
# | || \/
# | BIO pair (internal_bio)
# | BIO pair (network_bio)
# | /\ ||
# | || \/
# socket read/write <===> BIO read/write
# /\ || |
# || \/ |
# network |
#
# [From http://www.mail-archive.com/[email protected]/msg57297.html]
bio_internal = m2.bio_new(m2.bio_s_bio())
bio_network = m2.bio_new(m2.bio_s_bio())
self._m2_check_err(m2.bio_make_bio_pair(bio_internal, bio_network))
self._bio_network = _BIOWrapper(bio_network, self._ssl)
self._bio_ssl = _BIOWrapper(m2.bio_new(m2.bio_f_ssl()), self._ssl)
self._m2_check_err(m2.ssl_set_bio(self._ssl.obj, bio_internal, bio_internal))
self._m2_check_err(m2.bio_set_ssl(self._bio_ssl.obj, self._ssl.obj, m2.bio_noclose))
# Need this for writes that are larger than BIO pair buffers
mode = m2.ssl_get_mode(self._ssl.obj)
mode |= m2.SSL_MODE_ENABLE_PARTIAL_WRITE | m2.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
self._m2_check_err(m2.ssl_set_mode(self._ssl.obj, mode))
self._tls_started = True
self._starttls_kwargs = kwargs
def __init__(self, _pyfree=1):
BIO.__init__(self, _pyfree)
self.bio = m2.bio_new(m2.bio_f_ssl())
self.closed = 0
def __init__(self, _pyfree=1):
BIO.__init__(self, _pyfree)
self.bio = m2.bio_new(m2.bio_f_ssl())
self.closed = 0
def __init__(self, obio):
BIO.__init__(self, _pyfree=1)
self.obio = obio
self.bio = m2.bio_new(m2.bio_f_cipher())
self.closed = 0
def __init__(self, data=None):
BIO.__init__(self)
self.bio = m2.bio_new(m2.bio_s_mem())
self._pyfree = 1
if data is not None:
m2.bio_write(self.bio, data)
def __init__(self, obio):
BIO.__init__(self, _pyfree=1)
self.obio = obio
self.bio = m2.bio_new(m2.bio_f_cipher())
self.closed = 0
def __init__(self, _pyfree=1):
# type: (int) -> None
super(SSLBio, self).__init__(self, _pyfree=_pyfree)
self.bio = m2.bio_new(m2.bio_f_ssl())
self.closed = 0
def __init__(self, obio):
# type: (BIO) -> None
super(CipherStream, self).__init__(self, _pyfree=1)
self.obio = obio
self.bio = m2.bio_new(m2.bio_f_cipher())
self.closed = 0
def __init__(self, obio):
# type: (BIO) -> None
super(CipherStream, self).__init__(self, _pyfree=1)
self.obio = obio
self.bio = m2.bio_new(m2.bio_f_cipher())
self.closed = 0
# || \/ |
# Application buffer <===> TLS read/write/etc
# | /\ ||
# | || \/
# | BIO pair (internal_bio)
# | BIO pair (network_bio)
# | /\ ||
# | || \/
# socket read/write <===> BIO read/write
# /\ || |
# || \/ |
# network |
#
# [From http://www.mail-archive.com/[email protected]/msg57297.html]
bio_internal = m2.bio_new(m2.bio_s_bio())
bio_network = m2.bio_new(m2.bio_s_bio())
self._m2_check_err(m2.bio_make_bio_pair(bio_internal, bio_network))
self._bio_network = _BIOWrapper(bio_network, self._ssl)
self._bio_ssl = _BIOWrapper(m2.bio_new(m2.bio_f_ssl()), self._ssl)
self._m2_check_err(
m2.ssl_set_bio(self._ssl.obj, bio_internal, bio_internal))
self._m2_check_err(
m2.bio_set_ssl(self._bio_ssl.obj, self._ssl.obj, m2.bio_noclose))
# Need this for writes that are larger than BIO pair buffers
mode = m2.ssl_get_mode(self._ssl.obj)
mode |= m2.SSL_MODE_ENABLE_PARTIAL_WRITE | m2.SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
self._m2_check_err(m2.ssl_set_mode(self._ssl.obj, mode))
def __init__(self, _pyfree=1):
# type: (int) -> None
super(SSLBio, self).__init__(self, _pyfree=_pyfree)
self.bio = m2.bio_new(m2.bio_f_ssl())
self.closed = 0
def cmembufi(iter, txt=txt):
buf = m2.bio_new(m2.bio_s_mem())
for i in range(iter):
m2.bio_write(buf, txt)
m2.bio_set_mem_eof_return(buf, 0)
out = m2.bio_read(buf, m2.bio_ctrl_pending(buf))
def __init__(self, data=None):
BIO.__init__(self)
self.bio = m2.bio_new(m2.bio_s_mem())
self._pyfree = 1
if data is not None:
m2.bio_write(self.bio, data)
def cmembufi(iter, txt=txt):
buf = m2.bio_new(m2.bio_s_mem())
for i in range(iter):
m2.bio_write(buf, txt)
m2.bio_set_mem_eof_return(buf, 0)
out = m2.bio_read(buf, m2.bio_ctrl_pending(buf))