Commit Graph

500 Commits

Author SHA1 Message Date
Jeffrey R. Van Voorst 7e7223e18f
gh-116810: fix memory leak in ssl module (GH-123249)
Resolve a memory leak introduced in CPython 3.10's :mod:`ssl` when the :attr:`ssl.SSLSocket.session` property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.

Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Antoine Pitrou <antoine@python.org>
2024-09-30 12:43:50 -07:00
Will Childs-Klein 56a3ce2715
gh-117784: Only reference PHA functions ifndef SSL_VERIFY_POST_HANDSHAKE (GH-117785)
With this change, builds with OpenSSL forks that don't have this functionalty
(like AWS-LC or BoringSSL) will require less patching.
2024-07-01 15:28:35 +02:00
Victor Stinner 12af8ec864
gh-121040: Use __attribute__((fallthrough)) (#121044)
Fix warnings when using -Wimplicit-fallthrough compiler flag.

Annotate explicitly "fall through" switch cases with a new
_Py_FALLTHROUGH macro which uses __attribute__((fallthrough)) if
available. Replace "fall through" comments with _Py_FALLTHROUGH.

Add _Py__has_attribute() macro. No longer define __has_attribute()
macro if it's not defined. Move also _Py__has_builtin() at the top
of pyport.h.

Co-Authored-By: Nikita Sobolev <mail@sobolevn.me>
2024-06-27 09:58:44 +00:00
Brett Simmers c2627d6eea
gh-116322: Add Py_mod_gil module slot (#116882)
This PR adds the ability to enable the GIL if it was disabled at
interpreter startup, and modifies the multi-phase module initialization
path to enable the GIL when loading a module, unless that module's spec
includes a slot indicating it can run safely without the GIL.

PEP 703 called the constant for the slot `Py_mod_gil_not_used`; I went
with `Py_MOD_GIL_NOT_USED` for consistency with gh-104148.

A warning will be issued up to once per interpreter for the first
GIL-using module that is loaded. If `-v` is given, a shorter message
will be printed to stderr every time a GIL-using module is loaded
(including the first one that issues a warning).
2024-05-03 11:30:55 -04:00
Alexander Kanavin 37ccf16786
gh-101732: Modules/_ssl.c: use Y2038 compatible openssl function when available (GH-118425) 2024-05-03 15:34:05 +02:00
mpage df73179048
gh-111926: Make weakrefs thread-safe in free-threaded builds (#117168)
Most mutable data is protected by a striped lock that is keyed on the
referenced object's address. The weakref's hash is protected using the
weakref's per-object lock.
 
Note that this only affects free-threaded builds. Apart from some minor
refactoring, the added code is all either gated by `ifdef`s or is a no-op
(e.g. `Py_BEGIN_CRITICAL_SECTION`).
2024-04-08 10:58:38 -04:00
Gregory P. Smith 8cb7d7ff86
gh-117310: Remove extra DECREF on "no ciphers" error path in `_ssl._SSLContext` constructor (#117309)
Remove extra self DECREF on ssl "no ciphers" error path.

This doesn't come up in practice because nobody links against a broken
OpenSSL library that provides nothing.
2024-03-28 11:11:58 +01:00
yevgeny hong ea9a296fce
gh-115627: Fix PySSL_SetError handling SSL_ERROR_SYSCALL (GH-115628)
Python 3.10 changed from using SSL_write() and SSL_read() to SSL_write_ex() and
SSL_read_ex(), but did not update handling of the return value.

Change error handling so that the return value is not examined.
OSError (not EOF) is now returned when retval is 0.

According to *recent* man pages of all functions for which we call
PySSL_SetError, (in OpenSSL 3.0 and 1.1.1), their return value should
be used to determine whether an error happened (i.e. if PySSL_SetError
should be called), but not what kind of error happened (so,
PySSL_SetError shouldn't need retval). To get the error,
we need to use SSL_get_error.

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
2024-03-26 08:45:43 +01:00
Victor Stinner d207c7cd5a
gh-110850: Cleanup pycore_time.h includes (#115724)
<pycore_time.h> include is no longer needed to get the PyTime_t type
in internal header files. This type is now provided by <Python.h>
include. Add <pycore_time.h> includes to C files instead.
2024-02-20 16:50:43 +00:00
Victor Stinner 9af80ec83d
gh-110850: Replace _PyTime_t with PyTime_t (#115719)
Run command:

sed -i -e 's!\<_PyTime_t\>!PyTime_t!g' $(find -name "*.c" -o -name "*.h")
2024-02-20 15:02:27 +00:00
David Benjamin bce693111b
gh-114572: Fix locking in cert_store_stats and get_ca_certs (#114573)
* gh-114572: Fix locking in cert_store_stats and get_ca_certs

cert_store_stats and get_ca_certs query the SSLContext's X509_STORE with
X509_STORE_get0_objects, but reading the result requires a lock. See
https://github.com/openssl/openssl/pull/23224 for details.

Instead, use X509_STORE_get1_objects, newly added in that PR.
X509_STORE_get1_objects does not exist in current OpenSSLs, but we can
polyfill it with X509_STORE_lock and X509_STORE_unlock.

* Work around const-correctness problem

* Add missing X509_STORE_get1_objects failure check

* Add blurb
2024-02-15 19:24:51 -05:00
Rami 84d1f76092
gh-89532: Remove LibreSSL workarounds (#28728)
Remove LibreSSL specific workaround ifdefs from `_ssl.c` and delete the non-version-specific `_ssl_data.h` file (relevant for OpenSSL < 1.1.1, which we no longer support per PEP 644).

Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2024-01-06 23:25:58 +00:00
David Benjamin af2b8f6845
gh-113332: Simplify calls to SSL_(CTX_)set_verify in _ssl.c (#113333)
_ssl.c currently tries to preserve the verification callback, but at no
point does it ever set one. Just pass in NULL.
2023-12-26 16:35:41 -05:00
Grant Ramsay e413daf5f6
gh-112454: Disable TLS-PSK if OpenSSL was built without PSK support (#112491)
If OpenSSL was built without PSK support, the python TLS-PSK
methods will raise "NotImplementedError" if called.

Add a constant "ssl.HAS_PSK" to check if TLS-PSK is supported
2023-11-28 16:15:39 -08:00
Grant Ramsay e954ac7205
gh-63284: Add support for TLS-PSK (pre-shared key) to the ssl module (#103181)
Add support for TLS-PSK (pre-shared key) to the ssl module.

---------

Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2023-11-27 04:01:44 +00:00
Nikita Sobolev f6304949bb
gh-111230: Fix errors checking in _ssl module init (#111232)
Introduce ADD_INT_CONST macro wrapper for PyModule_AddIntConstant()
2023-10-25 15:42:18 +02:00
Furkan Onder 32c37fe1ba
gh-67565: Remove redundant C-contiguity checks (GH-105521)
Co-authored-by: Stefan Krah <skrah@bytereef.org>
2023-10-23 12:54:46 +03:00
Victor Stinner 79823c103b
gh-106320: Remove private _PyErr_ChainExceptions() (#108713)
Remove _PyErr_ChainExceptions(), _PyErr_ChainExceptions1() and
_PyErr_SetFromPyStatus() functions from the public C API.

* Move the private _PyErr_ChainExceptions() and
  _PyErr_ChainExceptions1() function to the internal C API
  (pycore_pyerrors.h).
* Move the private _PyErr_SetFromPyStatus() to the internal C API
  (pycore_initconfig.h).
* No longer export the _PyErr_ChainExceptions() function.
* Move run_in_subinterp_with_config() from _testcapi to
  _testinternalcapi.
2023-08-31 13:53:19 +02:00
Serhiy Storchaka 2b15536fa9
gh-107913: Fix possible losses of OSError error codes (GH-107930)
Functions like PyErr_SetFromErrno() and SetFromWindowsErr() should be
called immediately after using the C API which sets errno or the Windows
error code.
2023-08-27 00:35:06 +03:00
Pablo Galindo Salgado 77e09192b5
gh-107077: Raise SSLCertVerificationError even if the error is set via SSL_ERROR_SYSCALL (#107586)
Co-authored-by: T. Wouters <thomas@python.org>
2023-08-03 12:37:14 +00:00
Serhiy Storchaka 329e4a1a3f
gh-86493: Modernize modules initialization code (GH-106858)
Use PyModule_Add() or PyModule_AddObjectRef() instead of soft deprecated
PyModule_AddObject().
2023-07-25 14:34:49 +03:00
Victor Stinner adb27ea2d5
gh-106320: Remove _PyIsSelectable_fd() C API (#107142)
Move _PyIsSelectable_fd() macro to the internal C API
(pycore_fileutils.h).
2023-07-23 19:07:12 +00:00
Serhiy Storchaka a293fa5915
gh-86493: Use PyModule_Add() instead of PyModule_AddObjectRef() (GH-106860) 2023-07-18 23:59:53 +03:00
Serhiy Storchaka 3e65baee72
gh-86493: Fix possible leaks in some modules initialization (GH-106768)
Fix _ssl, _stat, _testinternalcapi, _threadmodule, cmath, math, posix, time.
2023-07-18 10:50:47 +03:00
Nikita Sobolev ebf2c56b33
gh-106831: Fix NULL check of d2i_SSL_SESSION() result in _ssl.c (#106832) 2023-07-17 19:55:40 +00:00
Victor Stinner ad95c7253a
gh-106687: _ssl: use uint64_t for SSL options (#106700)
SSL_CTX_get_options() uses uint64_t for options:
https://www.openssl.org/docs/man3.1/man3/SSL_CTX_get_options.html

Fix this compiler warning on Windows with MSC:

    conversion from 'uint64_t' to 'long', possible loss of data
2023-07-17 17:55:30 +02:00
Grant Ramsay 21d98be422
gh-105293: Do not call SSL_CTX_set_session_id_context on client side SSL context (#105295)
* gh-105293: Do not call SSL_CTX_set_session_id_context on client side SSL context

Openssl states this is a "server side only" operation.
Calling this on a client side socket can result in unexpected behavior

* Add news entry on SSL "set session id context" changes
2023-07-14 00:10:54 -07:00
Inada Naoki d5bd32fb48
gh-104922: remove PY_SSIZE_T_CLEAN (#106315) 2023-07-02 15:07:46 +09:00
Victor Stinner 7b3ed5b29f
gh-105927: _ssl GET_SOCKET() uses _PyWeakref_GET_REF() (#106002) 2023-06-23 03:02:02 +02:00
Victor Stinner 74da6f7c9f
gh-105927: _ssl uses _PyWeakref_GET_REF() (#105965) 2023-06-21 16:33:32 +02:00
Erlend E. Aasland 01f4230460
gh-105375: Harden _ssl initialisation (#105599)
Add proper error handling to prevent reference leaks and overwritten
exceptions.
2023-06-11 11:56:32 +02:00
Gregory P. Smith ede89af605
gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (#105174)
Upgrade builds to OpenSSL 1.1.1u.

This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t.

The Mac/BuildScript/build-installer.py was already updated.

Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9, and adds a new _ssl_data_31.h file from 3.1.1 along with the ssl.c code to use it.

Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting).

backports of this prior to 3.12 will not include the openssl 3.1 header.
2023-06-01 09:42:18 -07:00
Kumar Aditya b9c807a260
GH-103092: isolate `_ssl` (#104725) 2023-05-22 06:14:48 +05:30
Serhiy Storchaka f3466bc040
gh-98836: Extend PyUnicode_FromFormat() (GH-98838)
* Support for conversion specifiers o (octal) and X (uppercase hexadecimal).
* Support for length modifiers j (intmax_t) and t (ptrdiff_t).
* Length modifiers are now applied to all integer conversions.
* Support for wchar_t C strings (%ls and %lV).
* Support for variable width and precision (*).
* Support for flag - (left alignment).
2023-05-22 00:32:39 +03:00
Eric Snow a9c6e0618f
gh-99113: Add Py_MOD_PER_INTERPRETER_GIL_SUPPORTED (gh-104205)
Here we are doing no more than adding the value for Py_mod_multiple_interpreters and using it for stdlib modules.  We will start checking for it in gh-104206 (once PyInterpreterState.ceval.own_gil is added in gh-104204).
2023-05-05 21:11:27 +00:00
Dong-hee Na 35167043e3
gh-103242: Migrate SSLContext.set_ecdh_curve not to use deprecated APIs (#103378)
Migrate `SSLContext.set_ecdh_curve()` not to use deprecated OpenSSL APIs.
2023-04-08 10:56:42 -07:00
David Benjamin 02f9920900
gh-100062: Remove error code tables from _ssl and err_names_to_codes (GH-100063)
Prior to https://github.com/python/cpython/pull/25300, the
make_ssl_data.py script used various tables, exposed in _ssl, to update
the error list.

After that PR, this is no longer used. Moreover, the err_names_to_codes
map isn't used at all. Clean those up. This gets them out of the way if,
in the future, OpenSSL provides an API to do what the code here is doing
directly. (https://github.com/openssl/openssl/issues/19848)
2023-04-03 23:44:00 +01:00
Ikko Eltociear Ashimine a0305c5fdf
fix typo in _ssl.c (GH-103192)
seperated -> separated

Automerge-Triggered-By: GH:AlexWaygood
2023-04-02 08:25:46 -07:00
David Benjamin acfe02f3b0
gh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 (GH-100373)
In PEM, we need to parse until error and then suppress `PEM_R_NO_START_LINE`, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing `ASN1_R_HEADER_TOO_LONG` doesn't quite work because that error also covers some cases that should be rejected.

Instead, check `BIO_eof` early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s
2023-03-24 06:04:30 -07:00
Benjamin Fogle af9c34f6ef
gh-96931: Fix incorrect results in ssl.SSLSocket.shared_ciphers (#96932) 2023-03-22 15:08:41 +01:00
David Benjamin 420bbb783b
GH-95494: Fix transport EOF handling in OpenSSL 3.0 (GH-95495)
GH-25309 enabled SSL_OP_IGNORE_UNEXPECTED_EOF by default, with a comment
that it restores OpenSSL 1.1.1 behavior, but this wasn't quite right.
That option causes OpenSSL to treat transport EOF as the same as
close_notify (i.e. SSL_ERROR_ZERO_RETURN), whereas Python actually has
distinct SSLEOFError and SSLZeroReturnError exceptions. (The latter is
usually mapped to a zero return from read.) In OpenSSL 1.1.1, the ssl
module would raise them for transport EOF and close_notify,
respectively. In OpenSSL 3.0, both act like close_notify.

Fix this by, instead, just detecting SSL_R_UNEXPECTED_EOF_WHILE_READING
and mapping that to the other exception type.

There doesn't seem to have been any unit test of this error, so fill in
the missing one. This had to be done with the BIO path because it's
actually slightly tricky to simulate a transport EOF with Python's fd
based APIs. (If you instruct the server to close the socket, it gets
confused, probably because the server's SSL object is still referencing
the now dead fd?)
2023-03-22 13:16:26 +01:00
Irit Katriel e108af6eca
gh-102192: remove redundant exception fields from ssl module socket (#102466) 2023-03-16 16:41:10 +00:00
Max Bachmann c6858d1e7f
gh-102255: Improve build support for Windows API partitions (GH-102256)
Add `MS_WINDOWS_DESKTOP`, `MS_WINDOWS_APPS`, `MS_WINDOWS_SYSTEM` and `MS_WINDOWS_GAMES` preprocessor definitions to allow switching off functionality missing from particular API partitions ("partitions" are used in Windows to identify overlapping subsets of APIs).
CPython only officially supports `MS_WINDOWS_DESKTOP` and `MS_WINDOWS_SYSTEM` (APPS is included by normal desktop builds, but APPS without DESKTOP is not covered). Other configurations are a convenience for people building their own runtimes.
`MS_WINDOWS_GAMES` is for the Xbox subset of the Windows API, which is also available on client OS, but is restricted compared to `MS_WINDOWS_DESKTOP`. These restrictions may change over time, as they relate to the build headers rather than the OS support, and so we assume that Xbox builds will use the latest available version of the GDK.
2023-03-09 21:09:12 +00:00
Thomas Grainger 79ccc03b62
gh-89051: Add ssl.OP_LEGACY_SERVER_CONNECT (#93927)
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Fixes https://github.com/python/cpython/issues/89051
2022-12-20 09:10:30 +02:00
Serhiy Storchaka a87c46eab3
bpo-15999: Accept arbitrary values for boolean parameters. (#15609)
builtins and extension module functions and methods that expect boolean values for parameters now accept any Python object rather than just a bool or int type. This is more consistent with how native Python code itself behaves.
2022-12-03 11:52:21 -08:00
Illia Volochii 9dc08361be
gh-96828: Add an `ssl.OP_ENABLE_KTLS` option (GH-96830)
Expose the constant when OpenSSL defines it.
2022-11-23 18:24:09 -08:00
Victor Stinner c340cbb7f7
gh-99300: Use Py_NewRef() in Modules/ directory (#99468)
Replace Py_INCREF() and Py_XINCREF() with Py_NewRef() and
Py_XNewRef() in test C files of the Modules/ directory.
2022-11-14 13:44:56 +01:00
David Benjamin 936f71e5d4
gh-95095: Use SSL_CTX_get_max_proto_version instead of SSL_CTX_ctrl (GH-95096)
The wrapper macros are more readable and match the form recommended in
the OpenSSL documentation. They also slightly less error-prone, as the
mapping of arguments to SSL_CTX_ctrl is not always clear. (Though in
this case it's straightforward.)
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_get_max_proto_version.html
2022-07-21 11:44:30 -07:00
Christian Heimes 78307c7dc2
gh-94637: Release GIL in SSLContext.set_default_verify_paths (GH-94658) 2022-07-09 18:11:15 +02:00
Victor Stinner 600c65c094
gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code (#94312)
Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".
2022-06-28 13:57:08 +02:00