mirror of
https://github.com/gentoo-mirror/gentoo.git
synced 2026-05-25 00:57:32 -07:00
198 lines
6.6 KiB
Diff
198 lines
6.6 KiB
Diff
From eed8d3b553e00e04c1f97c87ea02723630fb15a4 Mon Sep 17 00:00:00 2001
|
|
From: hasufell <hasufell@gentoo.org>
|
|
Date: Sun, 20 Sep 2015 14:25:43 +0200
|
|
Subject: [PATCH] Backport upstream libressl patches to python-3.3
|
|
|
|
https://hg.python.org/cpython/raw-rev/7f82f50fdad0
|
|
https://hg.python.org/cpython/raw-rev/4dac45f88d45
|
|
---
|
|
Lib/ssl.py | 7 ++++++-
|
|
Lib/test/test_ssl.py | 21 +++++++++++++--------
|
|
Modules/_ssl.c | 4 ++++
|
|
configure | 42 ++++++++++++++++++++++++++++++++++++++++++
|
|
configure.ac | 3 +++
|
|
pyconfig.h.in | 3 +++
|
|
6 files changed, 71 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/Lib/ssl.py b/Lib/ssl.py
|
|
index cd8d6b4..445ae87 100644
|
|
--- a/Lib/ssl.py
|
|
+++ b/Lib/ssl.py
|
|
@@ -78,7 +78,12 @@ try:
|
|
from _ssl import OP_SINGLE_ECDH_USE
|
|
except ImportError:
|
|
pass
|
|
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
|
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
|
|
+try:
|
|
+ from _ssl import RAND_egd
|
|
+except ImportError:
|
|
+ # LibreSSL does not provide RAND_egd
|
|
+ pass
|
|
from _ssl import (
|
|
SSL_ERROR_ZERO_RETURN,
|
|
SSL_ERROR_WANT_READ,
|
|
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
|
|
index 9fc6027..879f791 100644
|
|
--- a/Lib/test/test_ssl.py
|
|
+++ b/Lib/test/test_ssl.py
|
|
@@ -130,8 +130,9 @@ class BasicSocketTests(unittest.TestCase):
|
|
self.assertRaises(ValueError, ssl.RAND_bytes, -5)
|
|
self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
|
|
|
|
- self.assertRaises(TypeError, ssl.RAND_egd, 1)
|
|
- self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
|
|
+ if hasattr(ssl, 'RAND_egd'):
|
|
+ self.assertRaises(TypeError, ssl.RAND_egd, 1)
|
|
+ self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
|
|
ssl.RAND_add("this is a random string", 75.0)
|
|
|
|
@unittest.skipUnless(os.name == 'posix', 'requires posix')
|
|
@@ -250,11 +251,11 @@ class BasicSocketTests(unittest.TestCase):
|
|
# Some sanity checks follow
|
|
# >= 0.9
|
|
self.assertGreaterEqual(n, 0x900000)
|
|
- # < 2.0
|
|
- self.assertLess(n, 0x20000000)
|
|
+ # < 3.0
|
|
+ self.assertLess(n, 0x30000000)
|
|
major, minor, fix, patch, status = t
|
|
self.assertGreaterEqual(major, 0)
|
|
- self.assertLess(major, 2)
|
|
+ self.assertLess(major, 3)
|
|
self.assertGreaterEqual(minor, 0)
|
|
self.assertLess(minor, 256)
|
|
self.assertGreaterEqual(fix, 0)
|
|
@@ -263,9 +264,13 @@ class BasicSocketTests(unittest.TestCase):
|
|
self.assertLessEqual(patch, 26)
|
|
self.assertGreaterEqual(status, 0)
|
|
self.assertLessEqual(status, 15)
|
|
- # Version string as returned by OpenSSL, the format might change
|
|
- self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),
|
|
- (s, t))
|
|
+ # Version string as returned by {Open,Libre}SSL, the format might change
|
|
+ if "LibreSSL" in s:
|
|
+ self.assertTrue(s.startswith("LibreSSL {:d}.{:d}".format(major, minor)),
|
|
+ (s, t))
|
|
+ else:
|
|
+ self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),
|
|
+ (s, t))
|
|
|
|
@support.cpython_only
|
|
def test_refcycle(self):
|
|
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
|
|
index 499e8ba..cb151ba 100644
|
|
--- a/Modules/_ssl.c
|
|
+++ b/Modules/_ssl.c
|
|
@@ -2559,6 +2559,7 @@ Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.\n\
|
|
It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
|
|
using the ssl() function.");
|
|
|
|
+#ifdef HAVE_RAND_EGD
|
|
static PyObject *
|
|
PySSL_RAND_egd(PyObject *self, PyObject *args)
|
|
{
|
|
@@ -2586,6 +2587,7 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
|
|
Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
|
|
Returns number of bytes read. Raises SSLError if connection to EGD\n\
|
|
fails or if it does not provide enough data to seed PRNG.");
|
|
+#endif /* HAVE_RAND_EGD */
|
|
|
|
#endif /* HAVE_OPENSSL_RAND */
|
|
|
|
@@ -2604,8 +2606,10 @@ static PyMethodDef PySSL_methods[] = {
|
|
PySSL_RAND_bytes_doc},
|
|
{"RAND_pseudo_bytes", PySSL_RAND_pseudo_bytes, METH_VARARGS,
|
|
PySSL_RAND_pseudo_bytes_doc},
|
|
+#ifdef HAVE_RAND_EGD
|
|
{"RAND_egd", PySSL_RAND_egd, METH_VARARGS,
|
|
PySSL_RAND_egd_doc},
|
|
+#endif
|
|
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
|
|
PySSL_RAND_status_doc},
|
|
#endif
|
|
diff --git a/configure b/configure
|
|
index 6be41f5..5b5a2a0 100755
|
|
--- a/configure
|
|
+++ b/configure
|
|
@@ -8823,6 +8823,48 @@ _ACEOF
|
|
|
|
fi
|
|
# Dynamic linking for HP-UX
|
|
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RAND_egd in -lcrypto" >&5
|
|
+$as_echo_n "checking for RAND_egd in -lcrypto... " >&6; }
|
|
+if ${ac_cv_lib_crypto_RAND_egd+:} false; then :
|
|
+ $as_echo_n "(cached) " >&6
|
|
+else
|
|
+ ac_check_lib_save_LIBS=$LIBS
|
|
+LIBS="-lcrypto $LIBS"
|
|
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
|
+/* end confdefs.h. */
|
|
+
|
|
+/* Override any GCC internal prototype to avoid an error.
|
|
+ Use char because int might match the return type of a GCC
|
|
+ builtin and then its argument prototype would still apply. */
|
|
+#ifdef __cplusplus
|
|
+extern "C"
|
|
+#endif
|
|
+char RAND_egd ();
|
|
+int
|
|
+main ()
|
|
+{
|
|
+return RAND_egd ();
|
|
+ ;
|
|
+ return 0;
|
|
+}
|
|
+_ACEOF
|
|
+if ac_fn_c_try_link "$LINENO"; then :
|
|
+ ac_cv_lib_crypto_RAND_egd=yes
|
|
+else
|
|
+ ac_cv_lib_crypto_RAND_egd=no
|
|
+fi
|
|
+rm -f core conftest.err conftest.$ac_objext \
|
|
+ conftest$ac_exeext conftest.$ac_ext
|
|
+LIBS=$ac_check_lib_save_LIBS
|
|
+fi
|
|
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_RAND_egd" >&5
|
|
+$as_echo "$ac_cv_lib_crypto_RAND_egd" >&6; }
|
|
+if test "x$ac_cv_lib_crypto_RAND_egd" = xyes; then :
|
|
+
|
|
+$as_echo "#define HAVE_RAND_EGD 1" >>confdefs.h
|
|
+
|
|
+fi
|
|
+
|
|
|
|
# only check for sem_init if thread support is requested
|
|
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 6a64bff..90f315a 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -2181,6 +2181,9 @@ AC_MSG_RESULT($SHLIBS)
|
|
AC_CHECK_LIB(sendfile, sendfile)
|
|
AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/Solaris and SYSV
|
|
AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX
|
|
+AC_CHECK_LIB(crypto, RAND_egd,
|
|
+ AC_DEFINE(HAVE_RAND_EGD, 1,
|
|
+ [Define if the libcrypto has RAND_egd]))
|
|
|
|
# only check for sem_init if thread support is requested
|
|
if test "$with_threads" = "yes" -o -z "$with_threads"; then
|
|
diff --git a/pyconfig.h.in b/pyconfig.h.in
|
|
index 0020300..0d37f67 100644
|
|
--- a/pyconfig.h.in
|
|
+++ b/pyconfig.h.in
|
|
@@ -660,6 +660,9 @@
|
|
/* Define to 1 if you have the `pwrite' function. */
|
|
#undef HAVE_PWRITE
|
|
|
|
+/* Define if the libcrypto has RAND_egd */
|
|
+#undef HAVE_RAND_EGD
|
|
+
|
|
/* Define to 1 if you have the `readlink' function. */
|
|
#undef HAVE_READLINK
|
|
|
|
--
|
|
2.5.2
|
|
|