wolfssl / wolfssl-py Goto Github PK

View Code? Open in Web Editor NEW

39.0 21.0 23.0 1.99 MB

Python wrapper for wolfSSL embedded SSL/TLS library.

Home Page: https://wolfssl.github.io/wolfssl-py/

Makefile 2.72% Python 97.28%

ssl tls python-ssl security cryptography python-wrapper tls12 tls13 dtls python2

wolfssl-py's Introduction

Welcome

wolfSSL Python, a.k.a. wolfssl is a Python module that encapsulates wolfSSL's SSL/TLS library.

The wolfSSL SSL/TLS library is a lightweight, portable, C-language-based library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well.

Prerequisites

Linux

During installation via pip this will download the wolfSSL source and compile it, it therefore needs the same prerequisites as the wolfSSL C library. Therefore in Debian / Ubuntu you should do:

$ sudo apt install build-essential
$ sudo apt build-dep libwolfssl-dev

Compiling

The setup.py file covers most things you will need to do to build and install from source. As pre-requisites you will need to install either from your OS repository or pip. You'll also need the Python development package for your Python version:

cffi
tox
pytest

To build a source package run python setup.py sdist, to build a wheel package run python setup.py bdist_wheel. To test the build run tox. The tox tests rely on Python 3.9 being installed, if you do not have this version we recommend using pyenv to install it.

Installation

We provide Python wheels (prebuilt binaries) for OSX 64 bits and Linux 64 bits:

$ pip install wheel
$ pip install wolfssl

To build wolfssl-py from source:

$ cd wolfssl-py
$ pip install .

The default pip install clones wolfSSL from GitHub. To build wolfssl-py using a local installation of the native wolfSSL C library, the USE_LOCAL_WOLFSSL environment variable should be set. USE_LOCAL_WOLFSSL can be set to "1" to use the default library installation location (/usr/local/lib, /usr/local/include), or to use a custom location it can be set to the install location of your native wolfSSL library. For example:

# Uses default install location
$ USE_LOCAL_WOLFSSL=1 pip install .

# Uses custom install location
$ USE_LOCAL_WOLFSSL=/tmp/install pip install .

Testing

To run the tox tests in the source code, you'll need tox and a few other requirements.

Make sure that the testing requirements are installed:

sudo -H pip install -r requirements/test.txt

Run make check:

$ make check
...
_________________________________ summary _________________________________
py3: commands succeeded
congratulations :)

Support

For support and questions, please email [email protected].

wolfssl-py's People

Contributors

Stargazers

Watchers

wolfssl-py's Issues

DTLS bindings

Are there any plans to create bindings for DTLS methods?

Issue while installing wolfssl in windows

Hi,

i am trying to install wolfssl library in windows. i have python 3.10.11 version.
when i am giving pip install wolfssl comamnd, it is exiting the process with error
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command './autogen.sh' returned non-zero exit status 1.

can anybody please help me with this issue as it is a top priority for me.

README needs to express that the wolfSSL build deps need to be installed first

You need to do sudo apt build-dep wolfssl-dev first if you don't have the wolfSSL build pre-requisites installed.

Lock full after receiving connection from few clients

I am receiving this error from wolfssl python library.
Am using python 3.6 and this is what I get in console after like 5 clients connect to my socket:

wolfSSL Leaving SendTls13EncryptedExtensions, return -308
wolfSSL error occurred, error = 308 line:7618 file:src/tls13.c
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Entering SSL_CTX_free
python: ../nptl/pthread_mutex_lock.c:425: __pthread_mutex_lock_full: Assertion `INTERNAL_SYSCALL_ERRNO (e, __err) != ESRCH || !robust' failed.

Is there anything you could help with this? If you need more info, let me know I will anwser.

That's the part of code I am using:

    def __init__(self, host, port):
        self.host = host
        self.port = port
        self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
        self.sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        self.sock.setblocking(True)
        self.sock.bind((self.host, self.port))
        self.lock = threading.Lock()

    def listen(self):
        self.sock.listen(10)
        print('Server listening on port', self.sock.getsockname()[1])
        context = wolfssl.SSLContext(wolfssl.PROTOCOL_TLSv1_3, server_side=True)
        context.load_cert_chain(CERTIFICATE, KEY)
        context.verify_mode = wolfssl.CERT_REQUIRED
        context.load_verify_locations(CERTIFICATE)
        try:
            while True:
                new_socket, from_address = self.sock.accept()
                print('Connection address:', from_address)
                new_socket.settimeout(60)
                new_socket.setblocking(True)
                secure_socket = context.wrap_socket(new_socket)
                threading.Thread(target=self.listen_to_client, args=(secure_socket, from_address)).start()
        finally:
            self.sock.close()

`send()` on Python 2.7 sends data in clear text

On Python 2.7, calling SSLSocket.send(data) results in the data being sent in clear text.

Overriding methods like socket.send and socket.recv in a subclass is not sufficient. The super class implementation (plain socket.send) is called instead of the subclass implementation (SSLSocket.send). They are treated specially by socket, so must be handled specially in subclasses.

See https://github.com/python/cpython/blob/ad65d09fd02512b2ccf500f6c11063f705c9cd28/Lib/ssl.py#L576 for how the built-in ssl module handles this.

Provide DTLS example with PSK use

Can you please provide an example of DTLS PSK use?

Locally built wolfSSL uses local WolfSSL .so instead of bundling WolfSSL

Hey there!

I want to use wolfssl-py with RSA key exchange. Hence, I built wolfssl with the needed flags (and successfully made use of the combiled .so using a C program).

Unfortunately, building wolfssl-py does not work out as expected.
After running USE_LOCAL_WOLFSSL=/usr/local pip3 install ~/Desktop/wolfssl-py/ a package is installed.

But executing my program fails with

Traceback (most recent call last):
[...]
  File "/home/lgrote/Documents/app/venv/lib64/python3.11/site-packages/wolfssl/__init__.py", line 144, in __init__
    _lib.wolfSSL_Init()
    ^^^^
NameError: name '_lib' is not defined
Exception ignored in: <function SSLContext.__del__ at 0x7fafdad49580>
Traceback (most recent call last):
  File "/home/lgrote/Documents/app/venv/lib64/python3.11/site-packages/wolfssl/__init__.py", line 167, in __del__
    if getattr(self, 'native_object', _ffi.NULL) != _ffi.NULL:
                                      ^^^^
NameError: name '_ffi' is not defined

Process finished with exit code 1

Indeed, the generated folder in site-packages does not contain _ffi.py.

Any help here would be appreciated. Please let me know if you need any additional information.

DTLS server with PSK

Hi,

i know wolfssl library has support for TLS_PSK_WITH_AES_128_GCM_SHA256 cipher, but i cannot find how can i implement this in server.py example, if i manually specify it i get the following error:

root@ubuntu:/home/administrator/wolfssl# python3 server.py -l TLS_PSK_WITH_AES_128_GCM_SHA256
Server listening on port 2100
Traceback (most recent call last):
  File "dtls.py", line 126, in <module>
    main()
  File "dtls.py", line 96, in main
    context.set_ciphers(args.l)
  File "/usr/local/lib/python3.5/dist-packages/wolfssl/__init__.py", line 146, in set_ciphers
    raise SSLError("Unnable to set cipher list")

Any help will be appreciated.

Marius.

Can wolfssl context be used with requests http adaptor?

#!/usr/bin/python3
import requests
import wolfssl

from collections import OrderedDict
from requests.adapters import HTTPAdapter


class CipherSuiteAdapter(HTTPAdapter):

    def __init__(self, **kwargs):

        wolfssl.WolfSSL.enable_debug()
        self.ssl_context = wolfssl.SSLContext(wolfssl.PROTOCOL_TLSv1_2)
        self.ssl_context.verify_mode = wolfssl.CERT_NONE
        self.ssl_context.set_ciphers('ECDHE-RSA-AES128-GCM-SHA256')

        super(CipherSuiteAdapter, self).__init__(**kwargs)

    # ------------------------------------------------------------------------------- #

    def init_poolmanager(self, *args, **kwargs):
        kwargs['ssl_context'] = self.ssl_context
        return super(CipherSuiteAdapter, self).init_poolmanager(*args, **kwargs)

    # ------------------------------------------------------------------------------- #

    def proxy_manager_for(self, *args, **kwargs):
        kwargs['ssl_context'] = self.ssl_context
        return super(CipherSuiteAdapter, self).proxy_manager_for(*args, **kwargs)

# ------------------------------------------------------------------------------- #


session = requests.session()
session.mount('https://', CipherSuiteAdapter())
session.headers = OrderedDict([
    ("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0"),
    ("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"),
    ("Accept-Language", "en-US,en;q=0.5"),
    ("Accept-Encoding", "gzip, deflate")
])

print(session.get('https://somewebsite/', verify=False).status_code)

The following results in..

Traceback (most recent call last):
  File "./wolf.py", line 54, in <module>
    print(session.get('https://somewebsite', verify=False).status_code)
  File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 546, in get
    return self.request('GET', url, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python3.7/dist-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/local/lib/python3.7/dist-packages/urllib3/connectionpool.py", line 603, in urlopen
    chunked=chunked)
  File "/usr/local/lib/python3.7/dist-packages/urllib3/connectionpool.py", line 344, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/dist-packages/urllib3/connectionpool.py", line 843, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/dist-packages/urllib3/connection.py", line 370, in connect
    ssl_context=context)
  File "/usr/local/lib/python3.7/dist-packages/urllib3/util/ssl_.py", line 355, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/dist-packages/wolfssl/__init__.py", line 243, in wrap_socket
    _context=self, server_hostname=server_hostname)
  File "/usr/local/lib/python3.7/dist-packages/wolfssl/__init__.py", line 396, in __init__
    self._context.use_sni(server_hostname)
  File "/usr/local/lib/python3.7/dist-packages/wolfssl/__init__.py", line 263, in use_sni
    server_hostname, len(server_hostname))
TypeError: initializer for ctype 'void *' must be a cdata pointer, not str

Errors at free(), please update to latest wolfssl version.

Hi,

when using wolfssl I got different errors about free(). (See below, I know I run some unusual case/code paths here, but that's intended by the code I have.)
I know that there were some fixes concerning free in wolfssl itself, so could you please update the included wolfssl to the latest version. Then I could check if my problems disappear.

double free or corruption (!prev)
Fatal Python error: Aborted

Current thread 0x0000007f59bab1c0 (most recent call first):
  File "/usr/local/lib/python3.9/dist-packages/wolfssl/__init__.py", line 473 in _release_native_object
  File "/usr/local/lib/python3.9/dist-packages/wolfssl/__init__.py", line 692 in shutdown

free(): invalid pointer
Fatal Python error: Aborted

Thread 0x0000007f5763e1c0 (most recent call first):
File "/usr/local/lib/python3.9/dist-packages/wolfssl/__init__.py", line 694 in shutdown
Fatal Python error: Segmentation fault

Pip Install Issues

Having issues pip installing WolfSSl. Was this designed to only install on linux machines?

Turn off this advice by setting config variable advice.detachedHead to false

Updating files: 100% (1566/1566), done.
'.' is not recognized as an internal or external command,
operable program or batch file.
'libtoolize' is not recognized as an internal or external command,
operable program or batch file.
Traceback (most recent call last):
  File "C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\src\wolfssl\_build_wolfssl.py", line 171, in make
    call("./autogen.sh")
  File "C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\src\wolfssl\_build_wolfssl.py", line 69, in call
    subprocess.check_call(cmd, shell=True, env=os.environ)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\subprocess.py", line 364, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command './autogen.sh' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\setup.py", line 82, in <module>
    setup(
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\site-packages\setuptools\__init__.py", line 145, in setup
    return distutils.core.setup(**attrs)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\core.py", line 148, in setup
    dist.run_commands()
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\dist.py", line 966, in run_commands
    self.run_command(cmd)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\dist.py", line 985, in run_command
    cmd_obj.run()
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\site-packages\setuptools\command\install.py", line 61, in run
    return orig.install.run(self)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\command\install.py", line 545, in run
    self.run_command('build')
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\cmd.py", line 313, in run_command
    self.distribution.run_command(command)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\dist.py", line 985, in run_command
    cmd_obj.run()
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\command\build.py", line 135, in run
    self.run_command(cmd_name)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\cmd.py", line 313, in run_command
    self.distribution.run_command(command)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\dist.py", line 985, in run_command
    cmd_obj.run()
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\site-packages\cffi\setuptools_ext.py", line 144, in run
    base_class.run(self)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\site-packages\setuptools\command\build_ext.py", line 84, in run
    _build_ext.run(self)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\command\build_ext.py", line 340, in run
    self.build_extensions()
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\command\build_ext.py", line 449, in build_extensions
    self._build_extensions_serial()
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\distutils\command\build_ext.py", line 474, in _build_extensions_serial
    self.build_extension(ext)
  File "C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\setup.py", line 76, in build_extension
    build_wolfssl(wolfssl.__wolfssl_version__)
  File "C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\src\wolfssl\_build_wolfssl.py", line 189, in build_wolfssl
    make(make_flags(prefix))
  File "C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\src\wolfssl\_build_wolfssl.py", line 173, in make
    call("libtoolize")
  File "C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\src\wolfssl\_build_wolfssl.py", line 69, in call
    subprocess.check_call(cmd, shell=True, env=os.environ)
  File "c:\users\black\appdata\local\programs\python\python38-32\lib\subprocess.py", line 364, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command 'libtoolize' returned non-zero exit status 1.
Calling: 'git clone --depth=1 --branch=v4.1.0-stable https://github.com/wolfssl/wolfssl.git C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\lib\wolfssl\src' from working directory C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl
Calling: 'git clean -fdX' from working directory C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\lib\wolfssl\src
Calling: './autogen.sh' from working directory C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\lib\wolfssl\src
Calling: 'libtoolize' from working directory C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\lib\wolfssl\src
----------------------------------------

ERROR: Command errored out with exit status 1: 'c:\users\black\appdata\local\programs\python\python38-32\python.exe' -u -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\setup.py'"'"'; file='"'"'C:\Users\black\AppData\Local\Temp\pip-install-lxm3h28j\wolfssl\setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(file);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record 'C:\Users\black\AppData\Local\Temp\pip-record-khfdl5ri\install-record.txt' --single-version-externally-managed --compile Check the logs for full command output.
WARNING: You are using pip version 19.2.3, however version 21.0.1 is available.
You should consider upgrading via the 'python -m pip install --upgrade pip' command.

TLS v1.3

Hello,

Are there any plans to include bindings for the TLS v1.3 functionality?

Best,
George

wolfSSL_pending

I have two questions. My first question, is this project still being maintained? My second question- is it possible to implement wolfSSL_pending into the python wrapper?

wolfssl-py, enable cipher suite

Dear wolfssl-py developers,
I'm using your library to try to connect to an old corporate server, with sslv3 and SSL_RSA_WITH_RC4_128_SHA as a cipher (yeah, I know it's bad).

I'm struggling to enable the cipher suite I need.

$ python3 example.py
Traceback (most recent call last):
  File "example.py", line 32, in <module>
    context = wolfssl.wrap_socket(bind_socket, ciphers='SSL_RSA_WITH_RC4_128_SHA')
  File "/usr/local/lib/python3.7/site-packages/wolfssl/__init__.py", line 904, in wrap_socket
    ciphers=ciphers)
  File "/usr/local/lib/python3.7/site-packages/wolfssl/__init__.py", line 388, in __init__
    self._context.set_ciphers(ciphers)
  File "/usr/local/lib/python3.7/site-packages/wolfssl/__init__.py", line 257, in set_ciphers
    raise SSLError("Unable to set cipher list")
wolfssl.exceptions.SSLError: Unable to set cipher list

I installed wolfssl-py from pip. There's any way to enable SSL_RSA_WITH_RC4_128_SHA from the library (or during its installation)?

Thank you,
Regards