@@ -589,136 +589,136 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_ssl_ctx_init_obj, mod_ssl_ctx_init);
589
589
590
590
591
591
592
- STATIC mp_obj_ssl_socket_t * socket_new (mp_obj_t sock , struct ssl_args * args ) {
593
- // Verify the socket object has the full stream protocol
594
- mp_get_stream_raise (sock , MP_STREAM_OP_READ | MP_STREAM_OP_WRITE | MP_STREAM_OP_IOCTL );
595
-
596
- #if MICROPY_PY_USSL_FINALISER
597
- mp_obj_ssl_socket_t * o = m_new_obj_with_finaliser (mp_obj_ssl_socket_t );
598
- #else
599
- mp_obj_ssl_socket_t * o = m_new_obj (mp_obj_ssl_socket_t );
600
- #endif
601
- o -> base .type = & ussl_socket_type ;
602
- o -> sock = sock ;
603
-
604
- int ret ;
605
- mbedtls_ssl_init (& o -> ssl );
606
- mbedtls_ssl_config_init (& o -> conf );
607
- mbedtls_x509_crt_init (& o -> cacert );
608
- mbedtls_x509_crt_init (& o -> cert );
609
- mbedtls_pk_init (& o -> pkey );
610
- mbedtls_ctr_drbg_init (& o -> ctr_drbg );
611
- #ifdef MBEDTLS_DEBUG_C
612
- // Debug level (0-4) 1=warning, 2=info, 3=debug, 4=verbose
613
- mbedtls_debug_set_threshold (3 );
614
- #endif
615
-
616
- mbedtls_entropy_init (& o -> entropy );
617
- const byte seed [] = "upy" ;
618
- ret = mbedtls_ctr_drbg_seed (& o -> ctr_drbg , mbedtls_entropy_func , & o -> entropy , seed , sizeof (seed ));
619
- if (ret != 0 ) {
620
- goto cleanup ;
621
- }
622
-
623
- ret = mbedtls_ssl_config_defaults (& o -> conf ,
624
- args -> server_side .u_bool ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT ,
625
- MBEDTLS_SSL_TRANSPORT_STREAM ,
626
- MBEDTLS_SSL_PRESET_DEFAULT );
627
- if (ret != 0 ) {
628
- goto cleanup ;
629
- }
630
-
631
- mbedtls_ssl_conf_authmode (& o -> conf , args -> cert_reqs .u_int );
632
- mbedtls_ssl_conf_rng (& o -> conf , mbedtls_ctr_drbg_random , & o -> ctr_drbg );
633
- #ifdef MBEDTLS_DEBUG_C
634
- mbedtls_ssl_conf_dbg (& o -> conf , mbedtls_debug , NULL );
635
- #endif
636
-
637
- ret = mbedtls_ssl_setup (& o -> ssl , & o -> conf );
638
- if (ret != 0 ) {
639
- goto cleanup ;
640
- }
641
-
642
- if (args -> server_hostname .u_obj != mp_const_none ) {
643
- const char * sni = mp_obj_str_get_str (args -> server_hostname .u_obj );
644
- ret = mbedtls_ssl_set_hostname (& o -> ssl , sni );
645
- if (ret != 0 ) {
646
- goto cleanup ;
647
- }
648
- }
649
-
650
- mbedtls_ssl_set_bio (& o -> ssl , & o -> sock , _mbedtls_ssl_send , _mbedtls_ssl_recv , NULL );
651
-
652
- if (args -> key .u_obj != mp_const_none ) {
653
- size_t key_len ;
654
- const byte * key = (const byte * )mp_obj_str_get_data (args -> key .u_obj , & key_len );
655
- // len should include terminating null
656
- ret = mbedtls_pk_parse_key (& o -> pkey , key , key_len + 1 , NULL , 0 );
657
- if (ret != 0 ) {
658
- ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA ; // use general error for all key errors
659
- goto cleanup ;
660
- }
661
-
662
- size_t cert_len ;
663
- const byte * cert = (const byte * )mp_obj_str_get_data (args -> cert .u_obj , & cert_len );
664
- // len should include terminating null
665
- ret = mbedtls_x509_crt_parse (& o -> cert , cert , cert_len + 1 );
666
- if (ret != 0 ) {
667
- ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA ; // use general error for all cert errors
668
- goto cleanup ;
669
- }
670
-
671
- ret = mbedtls_ssl_conf_own_cert (& o -> conf , & o -> cert , & o -> pkey );
672
- if (ret != 0 ) {
673
- goto cleanup ;
674
- }
675
- }
676
-
677
- if (args -> cadata .u_obj != mp_const_none ) {
678
- size_t cacert_len ;
679
- const byte * cacert = (const byte * )mp_obj_str_get_data (args -> cadata .u_obj , & cacert_len );
680
- // len should include terminating null
681
- ret = mbedtls_x509_crt_parse (& o -> cacert , cacert , cacert_len + 1 );
682
- if (ret != 0 ) {
683
- ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA ; // use general error for all cert errors
684
- goto cleanup ;
685
- }
686
-
687
- mbedtls_ssl_conf_ca_chain (& o -> conf , & o -> cacert , NULL );
688
- }
689
-
690
- if (args -> do_handshake .u_bool ) {
691
- while ((ret = mbedtls_ssl_handshake (& o -> ssl )) != 0 ) {
692
- if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) {
693
- goto cleanup ;
694
- }
695
- #ifdef MICROPY_EVENT_POLL_HOOK
696
- MICROPY_EVENT_POLL_HOOK
697
- #endif
698
- }
699
- }
700
-
701
- return o ;
702
-
703
- cleanup :
704
- mbedtls_pk_free (& o -> pkey );
705
- mbedtls_x509_crt_free (& o -> cert );
706
- mbedtls_x509_crt_free (& o -> cacert );
707
- mbedtls_ssl_free (& o -> ssl );
708
- mbedtls_ssl_config_free (& o -> conf );
709
- mbedtls_ctr_drbg_free (& o -> ctr_drbg );
710
- mbedtls_entropy_free (& o -> entropy );
711
-
712
- if (ret == MBEDTLS_ERR_SSL_ALLOC_FAILED ) {
713
- mp_raise_OSError (MP_ENOMEM );
714
- } else if (ret == MBEDTLS_ERR_PK_BAD_INPUT_DATA ) {
715
- mp_raise_ValueError (MP_ERROR_TEXT ("invalid key" ));
716
- } else if (ret == MBEDTLS_ERR_X509_BAD_INPUT_DATA ) {
717
- mp_raise_ValueError (MP_ERROR_TEXT ("invalid cert" ));
718
- } else {
719
- mbedtls_raise_error (ret );
720
- }
721
- }
592
+ // STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
593
+ // // Verify the socket object has the full stream protocol
594
+ // mp_get_stream_raise(sock, MP_STREAM_OP_READ | MP_STREAM_OP_WRITE | MP_STREAM_OP_IOCTL);
595
+ //
596
+ // #if MICROPY_PY_USSL_FINALISER
597
+ // mp_obj_ssl_socket_t *o = m_new_obj_with_finaliser(mp_obj_ssl_socket_t);
598
+ // #else
599
+ // mp_obj_ssl_socket_t *o = m_new_obj(mp_obj_ssl_socket_t);
600
+ // #endif
601
+ // o->base.type = &ussl_socket_type;
602
+ // o->sock = sock;
603
+ //
604
+ // int ret;
605
+ // mbedtls_ssl_init(&o->ssl);
606
+ // mbedtls_ssl_config_init(&o->conf);
607
+ // mbedtls_x509_crt_init(&o->cacert);
608
+ // mbedtls_x509_crt_init(&o->cert);
609
+ // mbedtls_pk_init(&o->pkey);
610
+ // mbedtls_ctr_drbg_init(&o->ctr_drbg);
611
+ // #ifdef MBEDTLS_DEBUG_C
612
+ // // Debug level (0-4) 1=warning, 2=info, 3=debug, 4=verbose
613
+ // mbedtls_debug_set_threshold(3);
614
+ // #endif
615
+ //
616
+ // mbedtls_entropy_init(&o->entropy);
617
+ // const byte seed[] = "upy";
618
+ // ret = mbedtls_ctr_drbg_seed(&o->ctr_drbg, mbedtls_entropy_func, &o->entropy, seed, sizeof(seed));
619
+ // if (ret != 0) {
620
+ // goto cleanup;
621
+ // }
622
+ //
623
+ // ret = mbedtls_ssl_config_defaults(&o->conf,
624
+ // args->server_side.u_bool ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
625
+ // MBEDTLS_SSL_TRANSPORT_STREAM,
626
+ // MBEDTLS_SSL_PRESET_DEFAULT);
627
+ // if (ret != 0) {
628
+ // goto cleanup;
629
+ // }
630
+ //
631
+ // mbedtls_ssl_conf_authmode(&o->conf, args->cert_reqs.u_int);
632
+ // mbedtls_ssl_conf_rng(&o->conf, mbedtls_ctr_drbg_random, &o->ctr_drbg);
633
+ // #ifdef MBEDTLS_DEBUG_C
634
+ // mbedtls_ssl_conf_dbg(&o->conf, mbedtls_debug, NULL);
635
+ // #endif
636
+ //
637
+ // ret = mbedtls_ssl_setup(&o->ssl, &o->conf);
638
+ // if (ret != 0) {
639
+ // goto cleanup;
640
+ // }
641
+ //
642
+ // if (args->server_hostname.u_obj != mp_c
10000
onst_none) {
643
+ // const char *sni = mp_obj_str_get_str(args->server_hostname.u_obj);
644
+ // ret = mbedtls_ssl_set_hostname(&o->ssl, sni);
645
+ // if (ret != 0) {
646
+ // goto cleanup;
647
+ // }
648
+ // }
649
+ //
650
+ // mbedtls_ssl_set_bio(&o->ssl, &o->sock, _mbedtls_ssl_send, _mbedtls_ssl_recv, NULL);
651
+ //
652
+ // if (args->key.u_obj != mp_const_none) {
653
+ // size_t key_len;
654
+ // const byte *key = (const byte *)mp_obj_str_get_data(args->key.u_obj, &key_len);
655
+ // // len should include terminating null
656
+ // ret = mbedtls_pk_parse_key(&o->pkey, key, key_len + 1, NULL, 0);
657
+ // if (ret != 0) {
658
+ // ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; // use general error for all key errors
659
+ // goto cleanup;
660
+ // }
661
+ //
662
+ // size_t cert_len;
663
+ // const byte *cert = (const byte *)mp_obj_str_get_data(args->cert.u_obj, &cert_len);
664
+ // // len should include terminating null
665
+ // ret = mbedtls_x509_crt_parse(&o->cert, cert, cert_len + 1);
666
+ // if (ret != 0) {
667
+ // ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; // use general error for all cert errors
668
+ // goto cleanup;
669
+ // }
670
+ //
671
+ // ret = mbedtls_ssl_conf_own_cert(&o->conf, &o->cert, &o->pkey);
672
+ // if (ret != 0) {
673
+ // goto cleanup;
674
+ // }
675
+ // }
676
+ //
677
+ // if (args->cadata.u_obj != mp_const_none) {
678
+ // size_t cacert_len;
679
+ // const byte *cacert = (const byte *)mp_obj_str_get_data(args->cadata.u_obj, &cacert_len);
680
+ // // len should include terminating null
681
+ // ret = mbedtls_x509_crt_parse(&o->cacert, cacert, cacert_len + 1);
682
+ // if (ret != 0) {
683
+ // ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; // use general error for all cert errors
684
+ // goto cleanup;
685
+ // }
686
+ //
687
+ // mbedtls_ssl_conf_ca_chain(&o->conf, &o->cacert, NULL);
688
+ // }
689
+ //
690
+ // if (args->do_handshake.u_bool) {
691
+ // while ((ret = mbedtls_ssl_handshake(&o->ssl)) != 0) {
692
+ // if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
693
+ // goto cleanup;
694
+ // }
695
+ // #ifdef MICROPY_EVENT_POLL_HOOK
696
+ // MICROPY_EVENT_POLL_HOOK
697
+ // #endif
698
+ // }
699
+ // }
700
+ //
701
+ // return o;
702
+ //
703
+ // cleanup:
704
+ // mbedtls_pk_free(&o->pkey);
705
+ // mbedtls_x509_crt_free(&o->cert);
706
+ // mbedtls_x509_crt_free(&o->cacert);
707
+ // mbedtls_ssl_free(&o->ssl);
708
+ // mbedtls_ssl_config_free(&o->conf);
709
+ // mbedtls_ctr_drbg_free(&o->ctr_drbg);
710
+ // mbedtls_entropy_free(&o->entropy);
711
+ //
712
+ // if (ret == MBEDTLS_ERR_SSL_ALLOC_FAILED) {
713
+ // mp_raise_OSError(MP_ENOMEM);
714
+ // } else if (ret == MBEDTLS_ERR_PK_BAD_INPUT_DATA) {
715
+ // mp_raise_ValueError(MP_ERROR_TEXT("invalid key"));
716
+ // } else if (ret == MBEDTLS_ERR_X509_BAD_INPUT_DATA) {
717
+ // mp_raise_ValueError(MP_ERROR_TEXT("invalid cert"));
718
+ // } else {
719
+ // mbedtls_raise_error(ret);
720
+ // }
721
+ // }
722
722
723
723
STATIC mp_obj_t mod_ssl_getpeercert (mp_obj_t o_in , mp_obj_t binary_form ) {
724
724
mp_obj_ssl_socket_t * o = MP_OBJ_TO_PTR (o_in );
@@ -851,32 +851,32 @@ STATIC const mp_obj_type_t ussl_socket_type = {
851
851
.locals_dict = (void * )& ussl_socket_locals_dict ,
852
852
};
853
853
854
- STATIC mp_obj_t mod_ssl_wrap_socket (size_t n_args , const mp_obj_t * pos_args , mp_map_t * kw_args ) {
855
- // TODO: Implement more args
856
- static const mp_arg_t allowed_args [] = {
857
- { MP_QSTR_key , MP_ARG_KW_ONLY | MP_ARG_OBJ , {.u_rom_obj = MP_ROM_NONE } },
858
- { MP_QSTR_cert , MP_ARG_KW_ONLY | MP_ARG_OBJ , {.u_rom_obj = MP_ROM_NONE } },
859
- { MP_QSTR_server_side , MP_ARG_KW_ONLY | MP_ARG_BOOL , {.u_bool = false} },
860
- { MP_QSTR_server_hostname , MP_ARG_KW_ONLY | MP_ARG_OBJ , {.u_rom_obj = MP_ROM_NONE } },
861
- { MP_QSTR_cert_reqs , MP_ARG_KW_ONLY | MP_ARG_INT , {.u_int = MBEDTLS_SSL_VERIFY_NONE }},
862
- { MP_QSTR_cadata , MP_ARG_KW_ONLY | MP_ARG_OBJ , {.u_rom_obj = MP_ROM_NONE } },
863
- { MP_QSTR_do_handshake , MP_ARG_KW_ONLY | MP_ARG_BOOL , {.u_bool = true} },
864
- };
865
-
866
- // TODO: Check that sock implements stream protocol
867
- mp_obj_t sock = pos_args [0 ];
868
-
869
- struct ssl_args args ;
870
- mp_arg_parse_all (n_args - 1 , pos_args + 1 , kw_args ,
871
- MP_ARRAY_SIZE (allowed_args ), allowed_args , (mp_arg_val_t * )& args );
872
-
873
- return MP_OBJ_FROM_PTR (socket_new (sock , & args ));
874
- }
875
- STATIC MP_DEFINE_CONST_FUN_OBJ_KW (mod_ssl_wrap_socket_obj , 1 , mod_ssl_wrap_socket );
854
+ // STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
855
+ // // TODO: Implement more args
856
+ // static const mp_arg_t allowed_args[] = {
857
+ // { MP_QSTR_key, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
858
+ // { MP_QSTR_cert, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
859
+ // { MP_QSTR_server_side, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} },
860
+ // { MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
861
+ // { MP_QSTR_cert_reqs, MP_ARG_KW_ONLY | MP_ARG_INT, {.u_int = MBEDTLS_SSL_VERIFY_NONE}},
862
+ // { MP_QSTR_cadata, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
863
+ // { MP_QSTR_do_handshake, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = true} },
864
+ // };
865
+ //
866
+ // // TODO: Check that sock implements stream protocol
867
+ // mp_obj_t sock = pos_args[0];
868
+ //
869
+ // struct ssl_args args;
870
+ // mp_arg_parse_all(n_args - 1, pos_args + 1, kw_args,
871
+ // MP_ARRAY_SIZE(allowed_args), allowed_args, (mp_arg_val_t *)&args);
872
+ //
873
+ // return MP_OBJ_FROM_PTR(socket_new(sock, &args));
874
+ // }
875
+ // STATIC MP_DEFINE_CONST_FUN_OBJ_KW(mod_ssl_wrap_socket_obj, 1, mod_ssl_wrap_socket);
876
876
877
877
STATIC const mp_rom_map_elem_t mp_module_ssl_globals_table [] = {
878
878
{ MP_ROM_QSTR (MP_QSTR___name__ ), MP_ROM_QSTR (MP_QSTR_ussl ) },
879
- { MP_ROM_QSTR (MP_QSTR_wrap_socket ), MP_ROM_PTR (& mod_ssl_wrap_socket_obj ) },
879
+ // { MP_ROM_QSTR(MP_QSTR_wrap_socket), MP_ROM_PTR(&mod_ssl_wrap_socket_obj) },
880
880
{ MP_ROM_QSTR (MP_QSTR_ctx_init ), MP_ROM_PTR (& mod_ssl_ctx_init_obj ) },
881
881
{ MP_ROM_QSTR (MP_QSTR_MBEDTLS_VERSION ), MP_ROM_PTR (& mbedtls_version_obj )},
882
882
{ MP_ROM_QSTR (MP_QSTR_CERT_NONE ), MP_ROM_INT (MBEDTLS_SSL_VERIFY_NONE ) },
0 commit comments