rpms/python3.9
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rebased to Python 3.5.2

Browse source
This commit is contained in:
Tomas Orsava 2016-08-15 12:39:18 +02:00
commit 6cd1c5f463
12 changed files with 128 additions and 428 deletions
Download patch file Download diff file Expand all files Collapse all files

93
00146-hashlib-fips.patch
View file

@ -1,6 +1,8 @@
--- Python-3.4.0b1/Lib/hashlib.py.hashlib-fips 2013-11-24 21:36:54.000000000 +0100
+++ Python-3.4.0b1/Lib/hashlib.py 2013-11-27 11:45:17.073617547 +0100
@@ -23,6 +23,16 @@
diff --git a/Lib/hashlib.py b/Lib/hashlib.py
index 316cece..b7ad879 100644
--- a/Lib/hashlib.py
+++ b/Lib/hashlib.py
@@ -23,6 +23,16 @@ the zlib module.
Choose your hash function wisely. Some have known collision weaknesses.
sha384 and sha512 will be slow on 32 bit platforms.
@ -17,7 +19,7 @@
Hash objects have these methods:
- update(arg): Update the hash object with the bytes in arg. Repeated calls
are equivalent to a single call with the concatenation of all
@@ -63,6 +73,19 @@
@@ -62,6 +72,18 @@ algorithms_available = set(__always_supported)
__all__ = __always_supported + ('new', 'algorithms_guaranteed',
'algorithms_available', 'pbkdf2_hmac')
@ -33,11 +35,10 @@
+ kwargs.pop('usedforsecurity')
+ return func(*args, **kwargs)
+ return inner
+
__builtin_constructor_cache = {}
@@ -108,34 +131,41 @@
@@ -100,31 +122,39 @@ def __get_openssl_constructor(name):
f = getattr(_hashlib, 'openssl_' + name)
# Allow the C module to raise ValueError. The function will be
# defined but the hash not actually available thanks to OpenSSL.
@ -88,11 +89,8 @@
+ # because we want to make sure that Fedora uses everything from OpenSSL
return __get_builtin_constructor(name)(data)
-
try:
import _hashlib
new = __hash_new
@@ -215,7 +245,10 @@
@@ -207,7 +237,10 @@ for __func_name in __always_supported:
# try them all, some may not work due to the OpenSSL
# version not supporting that algorithm.
try:
@ -104,14 +102,17 @@
except ValueError:
import logging
logging.exception('code for hash %s was not found.', __func_name)
@@ -223,3 +256,4 @@
@@ -215,3 +248,4 @@ for __func_name in __always_supported:
# Cleanup locals()
del __always_supported, __func_name, __get_hash
del __py_new, __hash_new, __get_openssl_constructor
+del __ignore_usedforsecurity
--- Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-27 11:55:42.769601363 +0100
+++ Python-3.4.0b1/Lib/test/test_hashlib.py 2013-11-28 09:33:03.929008508 +0100
@@ -24,7 +24,22 @@
\ No newline at end of file
diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py
index c9b113e..60e2392 100644
--- a/Lib/test/test_hashlib.py
+++ b/Lib/test/test_hashlib.py
@@ -24,7 +24,22 @@ from test.support import _4G, bigmemtest, import_fresh_module
COMPILED_WITH_PYDEBUG = hasattr(sys, 'gettotalrefcount')
c_hashlib = import_fresh_module('hashlib', fresh=['_hashlib'])
@ -135,7 +136,7 @@
def hexstr(s):
assert isinstance(s, bytes), repr(s)
@@ -34,6 +49,16 @@
@@ -34,6 +49,16 @@ def hexstr(s):
r += h[(i >> 4) & 0xF] + h[i & 0xF]
return r
@ -152,7 +153,7 @@
class HashLibTestCase(unittest.TestCase):
supported_hash_names = ( 'md5', 'MD5', 'sha1', 'SHA1',
@@ -66,11 +91,11 @@
@@ -63,11 +88,11 @@ class HashLibTestCase(unittest.TestCase):
# For each algorithm, test the direct constructor and the use
# of hashlib.new given the algorithm name.
for algorithm, constructors in self.constructors_to_test.items():
@ -167,7 +168,7 @@
constructors.add(_test_algorithm_via_hashlib_new)
_hashlib = self._conditional_import_module('_hashlib')
@@ -82,26 +107,12 @@
@@ -79,27 +104,12 @@ class HashLibTestCase(unittest.TestCase):
for algorithm, constructors in self.constructors_to_test.items():
constructor = getattr(_hashlib, 'openssl_'+algorithm, None)
if constructor:
@ -192,10 +193,11 @@
- if _sha512:
- add_builtin_constructor('sha384')
- add_builtin_constructor('sha512')
-
super(HashLibTestCase, self).__init__(*args, **kwargs)
@@ -157,9 +169,6 @@
@property
@@ -148,9 +158,6 @@ class HashLibTestCase(unittest.TestCase):
else:
del sys.modules['_md5']
self.assertRaises(TypeError, get_builtin_constructor, 3)
@ -205,7 +207,7 @@
def test_hexdigest(self):
for cons in self.hash_constructors:
@@ -558,6 +567,65 @@
@@ -433,6 +440,64 @@ class HashLibTestCase(unittest.TestCase):
self.assertEqual(expected_hash, hasher.hexdigest())
@ -267,21 +269,23 @@
+
+ m = _hashlib.new('md5', b'abc\n', usedforsecurity=False)
+ self.assertEquals(m.hexdigest(), "0bee89b07a248e27c83fc3d5951213c1")
+
class KDFTests(unittest.TestCase):
@@ -639,6 +707,7 @@
with self.assertRaisesRegex(ValueError, 'unsupported hash type'):
pbkdf2('unknown', b'pass', b'salt', 1)
@@ -516,7 +581,7 @@ class KDFTests(unittest.TestCase):
out = pbkdf2(hash_name='sha1', password=b'password', salt=b'salt',
iterations=1, dklen=None)
self.assertEqual(out, self.pbkdf2_results['sha1'][0][0])
-
+ @unittest.skip('skipped on Fedora, as we always use OpenSSL pbkdf2_hmac')
def test_pbkdf2_hmac_py(self):
self._test_pbkdf2_hmac(py_hashlib.pbkdf2_hmac)
--- Python-3.4.0b1/Modules/_hashopenssl.c.hashlib-fips 2013-11-24 21:36:56.000000000 +0100
+++ Python-3.4.0b1/Modules/_hashopenssl.c 2013-11-27 12:01:57.443537463 +0100
@@ -19,6 +19,8 @@
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index 44765ac..b8cf490 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -20,6 +20,8 @@
/* EVP is the preferred interface to hashing in OpenSSL */
@ -290,7 +294,7 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
/* We use the object interface to discover what hashes OpenSSL supports. */
@@ -48,11 +50,19 @@
@@ -45,11 +47,19 @@ typedef struct {
static PyTypeObject EVPtype;
@ -314,7 +318,7 @@
DEFINE_CONSTS_FOR_NEW(md5)
DEFINE_CONSTS_FOR_NEW(sha1)
@@ -97,6 +107,48 @@
@@ -92,6 +102,48 @@ EVP_hash(EVPobject *self, const void *vp, Py_ssize_t len)
}
}
@ -363,7 +367,7 @@
/* Internal methods for a hash object */
static void
@@ -281,15 +333,16 @@
@@ -259,15 +311,16 @@ EVP_repr(EVPobject *self)
static int
EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
{
@ -383,7 +387,7 @@
return -1;
}
@@ -310,7 +363,12 @@
@@ -288,7 +341,12 @@ EVP_tp_init(EVPobject *self, PyObject *args, PyObject *kwds)
PyBuffer_Release(&view);
return -1;
}
@ -397,7 +401,7 @@
self->name = name_obj;
Py_INCREF(self->name);
@@ -394,7 +452,8 @@
@@ -372,7 +430,8 @@ static PyTypeObject EVPtype = {
static PyObject *
EVPnew(PyObject *name_obj,
const EVP_MD *digest, const EVP_MD_CTX *initial_ctx,
@ -407,7 +411,7 @@
{
EVPobject *self;
@@ -409,7 +468,12 @@
@@ -387,7 +446,12 @@ EVPnew(PyObject *name_obj,
if (initial_ctx) {
EVP_MD_CTX_copy(&self->ctx, initial_ctx);
} else {
@ -421,7 +425,7 @@
}
if (cp && len) {
@@ -433,21 +497,29 @@
@@ -411,21 +475,29 @@ PyDoc_STRVAR(EVP_new__doc__,
An optional string argument may be provided and will be\n\
automatically hashed.\n\
\n\
@ -455,17 +459,17 @@
return NULL;
}
@@ -461,7 +533,8 @@
@@ -439,7 +511,8 @@ EVP_new(PyObject *self, PyObject *args, PyObject *kwdict)
digest = EVP_get_digestbyname(name);
- ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len);
+ ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, view.len,
+ usedforsecurity);
+ usedforsecurity);
if (data_obj)
PyBuffer_Release(&view);
@@ -742,57 +815,115 @@
@@ -722,57 +795,114 @@ generate_hash_name_list(void)
/*
@ -508,8 +512,8 @@
+ return implement_specific_EVP_new(self, args, kwdict, \
+ "|Oi:" #NAME, \
+ &cached_info_ ## NAME ); \
+ }
+
}
+static PyObject *
+implement_specific_EVP_new(PyObject *self, PyObject *args, PyObject *kwdict,
+ const char *format,
@ -554,8 +558,8 @@
+ } else {
+ PyErr_SetString(PyExc_ValueError, "Error initializing hash");
+ }
}
+ }
+
+ if (data_obj)
+ PyBuffer_Release(&view);
+
@ -614,11 +618,10 @@
+ }
+ }
+}
+
GEN_CONSTRUCTOR(md5)
GEN_CONSTRUCTOR(sha1)
@@ -843,13 +974,10 @@
@@ -819,13 +949,10 @@ PyInit__hashlib(void)
{
PyObject *m, *openssl_md_meth_names;