[Pkg-freeipa-devel] python-nss: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Tue Sep 20 13:13:11 UTC 2016
.hgtags | 13
MANIFEST | 1
doc/ChangeLog | 79
doc/examples/cert_dump.py | 108 -
doc/examples/cert_trust.py | 48
doc/examples/httplib_example.py | 55
doc/examples/pbkdf2_example.py | 227 ++
doc/examples/ssl_example.py | 140 -
doc/examples/ssl_version_range.py | 90
doc/examples/verify_cert.py | 85
doc/examples/verify_server.py | 77
setup.py | 60
src/__init__.py | 3
src/py_nspr_common.h | 397 +++-
src/py_nspr_error.c | 149 -
src/py_nspr_error.h | 12
src/py_nspr_io.c | 400 ++--
src/py_nspr_io.h | 11
src/py_nss.c | 3643 ++++++++++++++++++++++++++------------
src/py_nss.h | 12
src/py_ssl.c | 423 ++--
src/py_ssl.h | 12
src/py_traceback.h | 18
test/run_tests | 9
test/setup_certs.py | 98 -
test/test_cert_components.py | 41
test/test_cert_request.py | 10
test/test_cipher.py | 50
test/test_client_server.py | 148 -
test/test_digest.py | 62
test/test_misc.py | 9
test/test_ocsp.py | 4
test/test_pkcs12.py | 67
33 files changed, 4472 insertions(+), 2089 deletions(-)
New commits:
commit 170f503ce2b087a4204505eb8698a9bfe9ea9480
Author: John Dennis <jdennis at redhat.com>
Date: Fri Sep 2 13:05:56 2016 -0400
Add missing CHACHA20 constants to Changelog
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 4068326..ddb4b2a 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,4 +1,6 @@
-2016-09-01 John Dennis <jdennis at redhat.com> 1.0.0beta2
+2016-09-01 John Dennis <jdennis at redhat.com> 1.0.0
+ * Official 1.0.0 release, only minor tweaks from 1.0.0.beta1
+
* Allow custom include root in setup.py as command line arg
* Add TLS chacha20 poly1305 constants
@@ -11,6 +13,15 @@
- nss.get_all_tokens
+ * The following constants were added:
+
+ - ssl.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+
+
2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
The primary enhancement in this version is support for Python3
Single code base supports both Py2 (minimum version 2.7) and Py3
commit 92ef898ee4e5f3796648a8c30696f6f7128827a7
Author: John Dennis <jdennis at redhat.com>
Date: Fri Sep 2 12:35:48 2016 -0400
Added tag PYNSS_RELEASE_1_0_0 for changeset 96fff7c15b21
diff --git a/.hgtags b/.hgtags
index b032733..be4368c 100644
--- a/.hgtags
+++ b/.hgtags
@@ -33,3 +33,5 @@ cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
+84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
+96fff7c15b21fb0e25acfa9d68b9094623f5fcf4 PYNSS_RELEASE_1_0_0
commit 0fc1959ba1690cbfb1c83c8e1de9161015304326
Author: John Dennis <jdennis at redhat.com>
Date: Fri Sep 2 12:21:37 2016 -0400
add nss.get_all_tokens()
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 42cb63c..4068326 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -7,6 +7,10 @@
possible for the binding to know in all cases, especially if the
socket is created from an external socket passed in.
+ * The following module functions were added:
+
+ - nss.get_all_tokens
+
2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
The primary enhancement in this version is support for Python3
Single code base supports both Py2 (minimum version 2.7) and Py3
diff --git a/src/py_nss.c b/src/py_nss.c
index 08a4998..3e8ccdb 100644
--- a/src/py_nss.c
+++ b/src/py_nss.c
@@ -2452,6 +2452,32 @@ CERTCertExtension_tuple(CERTCertExtension **extensions, RepresentationKind repr_
static PyObject *
+PK11SlotList_to_tuple(PK11SlotList *list)
+{
+ Py_ssize_t len, i;
+ PyObject *tuple = NULL;
+ PyObject *py_slotinfo = NULL;
+ PK11SlotListElement *le;
+
+ /* Count number of elements in list, allocate tuple */
+ for (le = list->head, len = 0; le; le = le->next) len++;
+
+ if ((tuple = PyTuple_New(len)) == NULL) {
+ return NULL;
+ }
+
+ for (le = list->head, i = 0; le; le = le->next, i++) {
+ if ((py_slotinfo = PK11Slot_new_from_PK11SlotInfo(le->slot)) == NULL) {
+ Py_DECREF(tuple);
+ return NULL;
+ }
+ PyTuple_SetItem(tuple, i, py_slotinfo);
+ }
+
+ return tuple;
+}
+
+static PyObject *
CERTCertList_to_tuple(CERTCertList *cert_list, bool add_reference)
{
Py_ssize_t n_certs = 0;
@@ -22693,6 +22719,100 @@ pk11_get_internal_key_slot(PyObject *self, PyObject *args)
return py_slot;
}
+
+PyDoc_STRVAR(pk11_get_all_tokens_doc,
+"get_all_tokens(mechanism=CKM_INVALID_MECHANISM, need_rw=False, load_certs=False, pin_args=None) -> (PK11Slot, ...)\n\
+\n\
+:Parameters:\n\
+ mechanism : int\n\
+ key mechanism enumeration constant (CKM_*).\n\
+ Use CKM_INVALID_MECHANISM to get all tokens.\n\
+ need_rw : boolean\n\
+ need read/write\n\
+ load_certs : boolean\n\
+ load certificates\n\
+ pin_args : tuple\n\
+ Extra parameters which will\n\
+ be passed to the password callback function.\n\
+\n\
+Return a tuple of PK11Slot objects.\n\
+\n\
+Example::\n\
+\n\
+ import nss.nss as nss\n\
+ nss.nss_init_nodb()\n\
+\n\
+ slots = nss.get_all_tokens()\n\
+ for slot in slots:\n\
+ print slot\n\
+ print\n\
+\n\
+ Slot Name: NSS User Private Key and Certificate Services\n\
+ Token Name: NSS Certificate DB\n\
+ Is Hardware: False\n\
+ Is Present: True\n\
+ Is Read Only: True\n\
+ Is Internal: True\n\
+ Needs Login: False\n\
+ Needs User Init: True\n\
+ Is Friendly: True\n\
+ Is Removable: False\n\
+ Has Protected Authentication Path: False\n\
+ Is Disabled: False (no reason)\n\
+ Has Root Certs: False\n\
+ Best Wrap Mechanism: CKM_DES3_ECB (0x132)\n\
+\n\
+ Slot Name: NSS Internal Cryptographic Services\n\
+ Token Name: NSS Generic Crypto Services\n\
+ Is Hardware: False\n\
+ Is Present: True\n\
+ Is Read Only: True\n\
+ Is Internal: True\n\
+ Needs Login: False\n\
+ Needs User Init: True\n\
+ Is Friendly: True\n\
+ Is Removable: False\n\
+ Has Protected Authentication Path: False\n\
+ Is Disabled: False (no reason)\n\
+ Has Root Certs: False\n\
+ Best Wrap Mechanism: CKM_DES3_ECB (0x132)\n\
+\n\
+");
+
+static PyObject *
+pk11_get_all_tokens(PyObject *self, PyObject *args, PyObject *kwds)
+{
+ static char *kwlist[] = {"mechanism", "need_rw", "load_certs", "pin_args", NULL};
+ unsigned long mechanism = CKM_INVALID_MECHANISM;
+ int need_rw = 0;
+ int load_certs = 0;
+ PyObject *pin_args = Py_None;
+ PyObject *tuple = NULL;
+ PK11SlotList *list = NULL;
+
+
+ TraceMethodEnter(self);
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "|kiiO&:get_all_tokens", kwlist,
+ &mechanism, &need_rw, &load_certs,
+ TupleOrNoneConvert, &pin_args))
+ return NULL;
+
+ if (PyNone_Check(pin_args)) {
+ pin_args = NULL;
+ }
+
+ if ((list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, pin_args)) == NULL) {
+ return set_nspr_error(NULL);
+ }
+
+ tuple = PK11SlotList_to_tuple(list);
+ PK11_FreeSlotList(list);
+
+ return tuple;
+}
+
+
PyDoc_STRVAR(pk11_find_slot_by_name_doc,
"find_slot_by_name(name) -> `PK11Slot`\n\
\n\
@@ -25053,6 +25173,7 @@ module_methods[] = {
{"get_best_slot", (PyCFunction)pk11_get_best_slot, METH_VARARGS, pk11_get_best_slot_doc},
{"get_internal_slot", (PyCFunction)pk11_get_internal_slot, METH_NOARGS, pk11_get_internal_slot_doc},
{"get_internal_key_slot", (PyCFunction)pk11_get_internal_key_slot, METH_NOARGS, pk11_get_internal_key_slot_doc},
+ {"get_all_tokens", (PyCFunction)pk11_get_all_tokens, METH_VARARGS|METH_KEYWORDS, pk11_get_all_tokens_doc},
{"find_slot_by_name", (PyCFunction)pk11_find_slot_by_name, METH_VARARGS, pk11_find_slot_by_name_doc},
{"create_context_by_sym_key", (PyCFunction)pk11_create_context_by_sym_key, METH_VARARGS|METH_KEYWORDS, pk11_create_context_by_sym_key_doc},
{"import_sym_key", (PyCFunction)pk11_import_sym_key, METH_VARARGS, pk11_import_sym_key_doc},
commit 089b0e696309144bd2d8e66d4378cade1833007f
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 1 15:24:13 2016 -0400
Added tag PYNSS_RELEASE_1_0_0 for changeset 84c4fa461e30
diff --git a/.hgtags b/.hgtags
index 19d6b29..b032733 100644
--- a/.hgtags
+++ b/.hgtags
@@ -32,3 +32,4 @@ bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
+84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
commit 76e1f280e1f56221a59a8ef1b24a3cc1545e3822
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 1 15:23:37 2016 -0400
bump version to 1.0.0
diff --git a/setup.py b/setup.py
index b0040d9..dcc17b9 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
from distutils.command.build_py import build_py as _build_py
from distutils.command.sdist import sdist as _sdist
-version = "1.0.0beta2"
+version = "1.0.0"
doc_manifest = [
[['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index c785819..d9a352b 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
"""
-__version__ = '1.0.0beta2'
+__version__ = '1.0.0'
commit b3ca66790e2d9446be9d2e641586db365369f023
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 1 14:57:16 2016 -0400
Remove checks for whether a socket is open for reading. It's not
possible for the binding to know in all cases, especially if the
socket is created from an external socket passed in.
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 060e39c..42cb63c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,12 @@
+2016-09-01 John Dennis <jdennis at redhat.com> 1.0.0beta2
+ * Allow custom include root in setup.py as command line arg
+
+ * Add TLS chacha20 poly1305 constants
+
+ * Remove checks for whether a socket is open for reading. It's not
+ possible for the binding to know in all cases, especially if the
+ socket is created from an external socket passed in.
+
2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
The primary enhancement in this version is support for Python3
Single code base supports both Py2 (minimum version 2.7) and Py3
diff --git a/setup.py b/setup.py
index 7f2b966..b0040d9 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
from distutils.command.build_py import build_py as _build_py
from distutils.command.sdist import sdist as _sdist
-version = "1.0.0beta1"
+version = "1.0.0beta2"
doc_manifest = [
[['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index a805466..c785819 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
"""
-__version__ = '1.0.0beta1'
+__version__ = '1.0.0beta2'
diff --git a/src/py_nspr_io.c b/src/py_nspr_io.c
index 04af9cb..edaa022 100644
--- a/src/py_nspr_io.c
+++ b/src/py_nspr_io.c
@@ -1518,11 +1518,11 @@ HostEntry_new_from_PRNetAddr(PRNetAddr *pr_netaddr)
} \
}
-#define SOCKET_CHECK_OPEN(py_socket) \
-{ \
- if (!py_socket->open_for_read || !py_socket->pr_socket) { \
- return err_closed(); \
- } \
+#define SOCKET_CHECK_OPEN(py_socket) \
+{ \
+ if (!py_socket->pr_socket) { \
+ return err_closed(); \
+ } \
}
static void
@@ -2057,7 +2057,6 @@ Socket_connect(Socket *self, PyObject *args, PyObject *kwds)
}
Py_END_ALLOW_THREADS
- SOCKET_OPEN_FOR_READ(self);
Py_RETURN_NONE;
}
@@ -2116,7 +2115,6 @@ Socket_accept(Socket *self, PyObject *args, PyObject *kwds)
if ((py_socket = Socket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
goto error;
}
- SOCKET_OPEN_FOR_READ(py_socket);
if ((return_values = Py_BuildValue("NN", py_socket, py_netaddr)) == NULL) {
goto error;
@@ -2201,7 +2199,6 @@ Socket_accept_read(Socket *self, PyObject *args, PyObject *kwds)
if ((py_socket = Socket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
goto error;
}
- SOCKET_OPEN_FOR_READ(py_socket);
if ((return_values = Py_BuildValue("NNN", py_socket, py_netaddr, py_buf)) == NULL) {
goto error;
@@ -2332,10 +2329,6 @@ Socket_shutdown(Socket *self, PyObject *args, PyObject *kwds)
}
Py_END_ALLOW_THREADS
- if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
- SOCKET_CLOSED_FOR_READ(self);
- }
-
Py_RETURN_NONE;
}
@@ -2360,11 +2353,11 @@ Socket_close(Socket *self, PyObject *args)
Py_BEGIN_ALLOW_THREADS
if (PR_Close(self->pr_socket) != PR_SUCCESS) {
Py_BLOCK_THREADS
+ self->pr_socket = NULL;
return set_nspr_error(NULL);
}
Py_END_ALLOW_THREADS
- SOCKET_CLOSED_FOR_READ(self);
self->pr_socket = NULL;
Py_RETURN_NONE;
}
@@ -3315,7 +3308,6 @@ Socket_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
self->family = 0;
self->py_netaddr = NULL;
self->makefile_refs = 0;
- self->open_for_read = 0;
INIT_READAHEAD(&self->readahead);
TraceObjNewLeave(self);
diff --git a/src/py_nspr_io.h b/src/py_nspr_io.h
index 6e898aa..b576380 100644
--- a/src/py_nspr_io.h
+++ b/src/py_nspr_io.h
@@ -66,20 +66,6 @@ typedef struct {
} ReadAhead;
-#define SOCKET_OPEN_FOR_READ(py_socket) \
-{ \
- Socket *sock = (Socket*)py_socket; \
- \
- sock->open_for_read = 1; \
-}
-
-#define SOCKET_CLOSED_FOR_READ(py_socket) \
-{ \
- Socket *sock = (Socket*)py_socket; \
- \
- sock->open_for_read = 0; \
-}
-
#define INIT_READAHEAD(readahead) \
{ \
(readahead)->buf = NULL; \
@@ -99,7 +85,6 @@ typedef struct {
PRFileDesc *pr_socket; \
int family; \
int makefile_refs; \
- int open_for_read; \
NetworkAddress *py_netaddr; \
ReadAhead readahead;
diff --git a/src/py_ssl.c b/src/py_ssl.c
index 2344b1b..169fcad 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -576,7 +576,6 @@ SSLSocket_accept(SSLSocket *self, PyObject *args, PyObject *kwds)
if ((py_ssl_socket = SSLSocket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
goto error;
}
- SOCKET_OPEN_FOR_READ(py_ssl_socket);
if ((return_value = Py_BuildValue("NN", py_ssl_socket, py_netaddr)) == NULL) {
goto error;
commit 4201d4b3737dca4e09ad2d9847f257ede299ea69
Author: John Dennis <jdennis at redhat.com>
Date: Mon Aug 15 11:40:06 2016 -0400
Add TLS chacha20 poly1305 constants
diff --git a/src/py_ssl.c b/src/py_ssl.c
index 36e4555..2344b1b 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -4708,6 +4708,17 @@ if (_AddIntConstantWithLookup(m, #constant, constant, \
ExportConstant(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
ExportConstant(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+ /* draft-ietf-tls-chacha20-poly1305-04 */
+#ifdef TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ ExportConstant(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+ ExportConstant(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
+ ExportConstant(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+#endif
+#ifdef TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+ ExportConstant(TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
+ ExportConstant(TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
+#endif
+
/* Netscape "experimental" cipher suites. */
ExportConstant(SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA);
ExportConstant(SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA);
commit ef2380a1b8a447595ad4bc28f88668087c7ff74d
Author: John Dennis <jdennis at redhat.com>
Date: Tue Aug 9 17:49:38 2016 -0400
Allow custom include root in setup.py as command line arg
Patch sumitted by Evan Tschuy <evantschuy at gmail.com> in bug
https://bugzilla.redhat.com/show_bug.cgi?id=1365684
Thanks Evan!
diff --git a/setup.py b/setup.py
index 9be8378..7f2b966 100644
--- a/setup.py
+++ b/setup.py
@@ -64,7 +64,7 @@ def update_version():
else:
os.unlink(tmp_file)
-def find_include_dir(dir_names, include_files, include_roots=['/usr/include', '/usr/local/include']):
+def find_include_dir(dir_names, include_files, include_roots=None):
'''
Locate an include directory on the system which contains the specified include files.
You must provide a list of directory basenames to search. You may optionally provide
@@ -73,6 +73,8 @@ def find_include_dir(dir_names, include_files, include_roots=['/usr/include', '/
files that directory is returned. If no directory is found containing all the include
files a ValueError is raised.
'''
+ if not include_roots:
+ include_roots = ['/usr/include', '/usr/local/include']
if len(dir_names) == 0:
raise ValueError("directory search list is empty")
if len(include_files) == 0:
@@ -313,6 +315,7 @@ def main(argv):
debug_compile_args = ['-O0', '-g']
extra_compile_args = []
+ include_roots = []
for arg in argv[:]:
if arg in ('-d', '--debug'):
@@ -323,9 +326,12 @@ def main(argv):
print("compiling with trace")
extra_compile_args += ['-DDEBUG']
argv.remove(arg)
+ if arg.startswith('--include-root'):
+ include_roots.append(arg.split('--include-root=')[1])
+ argv.remove(arg)
- nss_include_dir = find_include_dir(['nss3', 'nss'], ['nss.h', 'pk11pub.h'])
- nspr_include_dir = find_include_dir(['nspr4', 'nspr'], ['nspr.h', 'prio.h'])
+ nss_include_dir = find_include_dir(['nss3', 'nss'], ['nss.h', 'pk11pub.h'], include_roots=include_roots)
+ nspr_include_dir = find_include_dir(['nspr4', 'nspr'], ['nspr.h', 'prio.h'], include_roots=include_roots)
nss_error_extension = \
Extension('nss.error',
commit 314c72fca918fc77d097ab2283a57343589c131e
Author: John Dennis <jdennis at redhat.com>
Date: Tue Feb 16 11:36:41 2016 -0500
Added tag PYNSS_RELEASE_0_17_0 for changeset 2c018bb03ee3
diff --git a/.hgtags b/.hgtags
index baa166d..19d6b29 100644
--- a/.hgtags
+++ b/.hgtags
@@ -30,3 +30,5 @@ b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
+bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
+2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
commit 25cfdec7ea38b2e775bc3dc71a151895d3991dd6
Author: John Dennis <jdennis at redhat.com>
Date: Tue Feb 16 10:48:08 2016 -0500
Added tag PYNSS_RELEASE_1_0_0beta1 for changeset cb9a0b1701b6
diff --git a/.hgtags b/.hgtags
index 475ab07..baa166d 100644
--- a/.hgtags
+++ b/.hgtags
@@ -29,3 +29,4 @@ b22fb316b72706f0e53165905436b64ab7ef0f75 PYNSS_RELEASE_0_16_0
b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
+cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
commit 07bac1186345016efb409dafe60850d4e640bda5
Author: John Dennis <jdennis at redhat.com>
Date: Tue Feb 16 10:33:39 2016 -0500
Use functions SSL_GetNumImplementedCiphers() and SSL_GetImplementedCiphers()
instead of global SSL_ImplementedCiphers
diff --git a/src/py_ssl.c b/src/py_ssl.c
index c3c509e..36e4555 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -4402,15 +4402,20 @@ MOD_INIT(ssl)
return MOD_ERROR_VAL;
/* SSL_ImplementedCiphers */
- if ((py_ssl_implemented_ciphers = PyTuple_New(SSL_NumImplementedCiphers)) == NULL) {
- return MOD_ERROR_VAL;
- }
+ {
+ PRUint16 n_implemented_ciphers = SSL_GetNumImplementedCiphers();
+ const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
- for (i = 0; i < SSL_NumImplementedCiphers; i++) {
- PyTuple_SetItem(py_ssl_implemented_ciphers, i, PyLong_FromLong(SSL_ImplementedCiphers[i]));
- }
+ if ((py_ssl_implemented_ciphers = PyTuple_New(n_implemented_ciphers)) == NULL) {
+ return MOD_ERROR_VAL;
+ }
- PyModule_AddObject(m, "ssl_implemented_ciphers", py_ssl_implemented_ciphers);
+ for (i = 0; i < n_implemented_ciphers; i++) {
+ PyTuple_SetItem(py_ssl_implemented_ciphers, i, PyLong_FromLong(implemented_ciphers[i]));
+ }
+
+ PyModule_AddObject(m, "ssl_implemented_ciphers", py_ssl_implemented_ciphers);
+ }
/***************************************************************************
* SSL Library Version
commit e1356f4426e284c5eea74e3b453c249971ccdd92
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 3 18:32:00 2015 -0400
Set version to 1.0.0beta1
Update Changlog
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 9b45856..060e39c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,26 @@
+2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
+ The primary enhancement in this version is support for Python3
+ Single code base supports both Py2 (minimum version 2.7) and Py3
+
+ When built for Py2:
+ - text will be a Unicode object
+ - binary data will be a str object
+ - ints will be Python long object
+ When built for Py3:
+ - text will be a str object
+ - binary data will be a bytes object
+ - ints will be a Python int object
+
+ All pure Python tests and examples have been ported to Py3
+ syntax but should continue to run under Py2.
+
+ * The following class methods were added:
+
+ - PK11Slot.check_security_officer_passwd
+ - PK11Slot.check_user_passwd
+ - PK11Slot.change_passwd
+ - PK11Slot.init_pin
+
2014-11-07 John Dennis <jdennis at redhat.com> 0.17.0
The primary enhancement in this version is adding support for PBKDF2
diff --git a/setup.py b/setup.py
index 94f0ca3..9be8378 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
from distutils.command.build_py import build_py as _build_py
from distutils.command.sdist import sdist as _sdist
-version = "1.0.0"
+version = "1.0.0beta1"
doc_manifest = [
[['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index d9a352b..a805466 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
"""
-__version__ = '1.0.0'
+__version__ = '1.0.0beta1'
commit 6b596815041bfa7d836074f33aad337bfe36a6be
Author: John Dennis <jdennis at redhat.com>
Date: Tue Sep 1 18:39:53 2015 -0400
fix oid_dotted_decimal() fails for unrecognised oids
see https://bugzilla.redhat.com/show_bug.cgi?id=1246729
diff --git a/src/py_nss.c b/src/py_nss.c
index 81ee358..08a4998 100644
--- a/src/py_nss.c
+++ b/src/py_nss.c
@@ -2984,12 +2984,7 @@ get_oid_tag_from_object(PyObject *obj)
return -1;
}
/* Get the OID tag from the SECItem */
- if ((oid_tag = SECOID_FindOIDTag(&item)) == SEC_OID_UNKNOWN) {
- SECITEM_FreeItem(&item, PR_FALSE);
- PyErr_Format(PyExc_ValueError, "could not convert \"%s\" to OID tag", type_string);
- Py_DECREF(py_obj_string_utf8);
- return -1;
- }
+ oid_tag = SECOID_FindOIDTag(&item);
SECITEM_FreeItem(&item, PR_FALSE);
} else {
oid_tag = oid_tag_from_name(type_string);
@@ -11263,12 +11258,7 @@ AVA_init(AVA *self, PyObject *args, PyObject *kwds)
}
if (oid_tag == SEC_OID_UNKNOWN) {
- PyObject *type_str = PyObject_String(py_type);
- PyObject *type_str_utf8 = PyBaseString_UTF8(type_str, "oid type");
- PyErr_Format(PyExc_ValueError, "unable to convert \"%s\" to known OID",
- PyBytes_AsString(type_str_utf8));
- Py_DECREF(type_str);
- Py_XDECREF(type_str_utf8);
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return -1;
}
@@ -22203,8 +22193,11 @@ cert_oid_str(PyObject *self, PyObject *args)
return NULL;
oid_tag = get_oid_tag_from_object(arg);
- if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+ if (oid_tag == SEC_OID_UNKNOWN) {
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return NULL;
+ } else if (oid_tag == -1) {
+ return NULL; /* exception already set */
}
if ((oiddata = SECOID_FindOIDByTag(oid_tag)) == NULL) {
@@ -22247,8 +22240,11 @@ cert_oid_tag_name(PyObject *self, PyObject *args)
return NULL;
oid_tag = get_oid_tag_from_object(arg);
- if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+ if (oid_tag == SEC_OID_UNKNOWN) {
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return NULL;
+ } else if (oid_tag == -1) {
+ return NULL; /* exception already set */
}
py_name = oid_tag_to_pystr_name(oid_tag);
@@ -22287,8 +22283,11 @@ cert_oid_tag(PyObject *self, PyObject *args)
return NULL;
oid_tag = get_oid_tag_from_object(arg);
- if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+ if (oid_tag == SEC_OID_UNKNOWN) {
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return NULL;
+ } else if (oid_tag == -1) {
+ return NULL; /* exception already set */
}
result = PyLong_FromLong(oid_tag);
@@ -22326,9 +22325,17 @@ cert_oid_dotted_decimal(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "O:oid_dotted_decimal", &arg))
return NULL;
+ if (PySecItem_Check(arg)) {
+ return oid_secitem_to_pystr_dotted_decimal(&((SecItem *)arg)->item);
+ }
+
oid_tag = get_oid_tag_from_object(arg);
- if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+
+ if (oid_tag == SEC_OID_UNKNOWN) {
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return NULL;
+ } else if (oid_tag == -1) {
+ return NULL; /* exception already set */
}
if ((oiddata = SECOID_FindOIDByTag(oid_tag)) == NULL) {
commit 62b5c6357ca81366252f822264d985f8a0eec8b6
Author: John Dennis <jdennis at redhat.com>
Date: Thu Aug 20 11:37:10 2015 -0400
Add PK11Slot methods for password and pin operations
PK11Slot.check_security_officer_passwd
PK11Slot.check_user_passwd
PK11Slot.change_passwd
PK11Slot.init_pin
diff --git a/src/py_nss.c b/src/py_nss.c
index 08c1998..81ee358 100644
--- a/src/py_nss.c
+++ b/src/py_nss.c
@@ -3413,6 +3413,36 @@ SymKeyOrNoneConvert(PyObject *obj, PyObject **param)
return 0;
}
+/*
+ * Note, this is only necessary in Py2, it is equivalent to the 's'
+ * PyArg_Parse format conversion in Py3 with the exception a PyBytes
+ * object is returned which must be DECREF'ed instead of returning a
+ * char * pointer.
+ */
+static int
+UTF8Convert(PyObject *obj, PyObject **param)
+{
+ PyObject *py_utf8 = NULL;
+
+ if (!obj) {
+ *param = NULL;
+ return 0;
+ }
+
+ if ((py_utf8 = PyBaseString_UTF8(obj, NULL)) != NULL) {
+ *param = py_utf8;
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * Note, this is only necessary in Py2, it is equivalent to the 'z'
+ * PyArg_Parse format conversion in Py3 with the exception a PyBytes
+ * object is returned (if obj is non-NULL or not None) which must be
+ * DECREF'ed instead of returning a char * pointer.
+ */
static int
UTF8OrNoneConvert(PyObject *obj, PyObject **param)
{
@@ -13820,6 +13850,169 @@ PK11Slot_authenticate(PK11Slot *self, PyObject *args)
}
+PyDoc_STRVAR(PK11Slot_check_security_officer_passwd_doc,
+"check_security_officer_passwd(security_officer_passwd) -> bool\n\
+\n\
+Verify security officer password.\n\
+\n\
+:Parameters:\n\
+ security_officer_passwd : string\n\
+ Security Officer password.\n\
+");
+
+static PyObject *
+PK11Slot_check_security_officer_passwd(PK11Slot *self, PyObject *args)
+{
+ SECStatus result;
+ PyObject *security_officer_passwd = NULL;
+
+ TraceMethodEnter(self);
+
+ if (!PyArg_ParseTuple(args, "O&:check_security_officer_passwd",
+ UTF8Convert, &security_officer_passwd
+ ))
+ return NULL;
+
+ result = PK11_CheckSSOPassword(self->slot,
+ PyBytes_AsString(security_officer_passwd));
+
+ if (result != SECSuccess && PORT_GetError() != SEC_ERROR_BAD_PASSWORD) {
+ Py_DECREF(security_officer_passwd);
+ return set_nspr_error(NULL);
+ }
+
+ Py_DECREF(security_officer_passwd);
+
+ if (result == SECSuccess) {
+ Py_RETURN_TRUE;
+ } else {
+ Py_RETURN_FALSE;
+ }
+}
+
+PyDoc_STRVAR(PK11Slot_check_user_passwd_doc,
+"check_user_passwd(user_passwd)\n\
+\n\
+Verify security officer password.\n\
+\n\
+:Parameters:\n\
+ user_passwd : string\n\
+ user password.\n\
+");
+
+static PyObject *
+PK11Slot_check_user_passwd(PK11Slot *self, PyObject *args)
+{
+ SECStatus result;
+ PyObject *user_passwd = NULL;
+
+ TraceMethodEnter(self);
+
+ if (!PyArg_ParseTuple(args, "O&:check_user_passwd",
+ UTF8Convert, &user_passwd
+ ))
+ return NULL;
+
+ result = PK11_CheckUserPassword(self->slot,
+ PyBytes_AsString(user_passwd));
+
+ if (result != SECSuccess && PORT_GetError() != SEC_ERROR_BAD_PASSWORD) {
+ Py_DECREF(user_passwd);
+ return set_nspr_error(NULL);
+ }
+
+ Py_DECREF(user_passwd);
+
+ if (result == SECSuccess) {
+ Py_RETURN_TRUE;
+ } else {
+ Py_RETURN_FALSE;
+ }
+}
+
+PyDoc_STRVAR(PK11Slot_change_passwd_doc,
+"change_passwd(old_passwd=None, new_passwd=None)\n\
+\n\
+Change the user password on the token.\n\
+\n\
+:Parameters:\n\
+ old_passwd : string or None\n\
+ Previouis password.\n\
+ new_passwd : string or None\n\
+ New password.\n\
+");
+
+static PyObject *
+PK11Slot_change_passwd(PK11Slot *self, PyObject *args, PyObject *kwds)
+{
+ static char *kwlist[] = {"old_passwd", "new_passwd", NULL};
+ PyObject *old_passwd = NULL;
+ PyObject *new_passwd = NULL;
+
+ TraceMethodEnter(self);
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "O!|O&O&:change_passwd", kwlist,
+ UTF8OrNoneConvert, &old_passwd,
+ UTF8OrNoneConvert, &new_passwd
+ ))
+ return NULL;
+
+ if (PK11_ChangePW(self->slot,
+ old_passwd ? PyBytes_AsString(old_passwd) : NULL,
+ new_passwd ? PyBytes_AsString(new_passwd) : NULL) != SECSuccess) {
+ Py_XDECREF(old_passwd);
+ Py_XDECREF(new_passwd);
+ return set_nspr_error(NULL);
+ }
+
+ Py_XDECREF(old_passwd);
+ Py_XDECREF(new_passwd);
+
+ Py_RETURN_NONE;
+
+}
+PyDoc_STRVAR(PK11Slot_init_pin_doc,
+"init_pin(security_officer_passwd=None, user_passwd=None)\n\
+\n\
+Initialize the token's pin for first use.\n\
+\n\
+:Parameters:\n\
+ security_officer_passwd : string or None\n\
+ Security Officer password used to unlock token.\n\
+ user_passwd : string or None\n\
+ User password to set as token pin.\n\
+");
+
+static PyObject *
+PK11Slot_init_pin(PK11Slot *self, PyObject *args, PyObject *kwds)
+{
+ static char *kwlist[] = {"security_officer_passwd", "user_passwd", NULL};
+ PyObject *security_officer_passwd = NULL;
+ PyObject *user_passwd = NULL;
+
+ TraceMethodEnter(self);
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "O!|O&O&:init_pin", kwlist,
+ UTF8OrNoneConvert, &security_officer_passwd,
+ UTF8OrNoneConvert, &user_passwd
+ ))
+ return NULL;
+
+ if (PK11_InitPin(self->slot,
+ security_officer_passwd ? PyBytes_AsString(security_officer_passwd) : NULL,
+ user_passwd ? PyBytes_AsString(user_passwd) : NULL) != SECSuccess) {
More information about the Pkg-freeipa-devel
mailing list