From 4a234f3edc388fbda0a4eb14f243657fde96854bc4530a93a241a0fa36b80dce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Wed, 9 May 2018 13:48:08 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/devel:languages:python/python-dnspython?expand=0&rev=41

---
 pycryptodome.patch | 117 ++++++++++++++++++++-------------------------
 1 file changed, 52 insertions(+), 65 deletions(-)

diff --git a/pycryptodome.patch b/pycryptodome.patch
index a0b378f..1f55d08 100644
--- a/pycryptodome.patch
+++ b/pycryptodome.patch
@@ -17,11 +17,11 @@ Subject: [PATCH] Update DNSSEC code to use pycryptodome instead of pycrypto.
  8 files changed, 105 insertions(+), 126 deletions(-)
  delete mode 100644 dns/hash.py
 
-diff --git a/dns/__init__.py b/dns/__init__.py
-index c848e48..3852729 100644
---- a/dns/__init__.py
-+++ b/dns/__init__.py
-@@ -22,7 +22,6 @@
+Index: dnspython-1.15.0/dns/__init__.py
+===================================================================
+--- dnspython-1.15.0.orig/dns/__init__.py
++++ dnspython-1.15.0/dns/__init__.py
+@@ -22,7 +22,6 @@ __all__ = [
      'entropy',
      'exception',
      'flags',
@@ -29,11 +29,11 @@ index c848e48..3852729 100644
      'inet',
      'ipv4',
      'ipv6',
-diff --git a/dns/dnssec.py b/dns/dnssec.py
-index b91a64f..2b5d5b2 100644
---- a/dns/dnssec.py
-+++ b/dns/dnssec.py
-@@ -20,7 +20,6 @@
+Index: dnspython-1.15.0/dns/dnssec.py
+===================================================================
+--- dnspython-1.15.0.orig/dns/dnssec.py
++++ dnspython-1.15.0/dns/dnssec.py
+@@ -20,7 +20,6 @@ import struct
  import time
  
  import dns.exception
@@ -41,7 +41,7 @@ index b91a64f..2b5d5b2 100644
  import dns.name
  import dns.node
  import dns.rdataset
-@@ -28,7 +27,8 @@
+@@ -28,7 +27,8 @@ import dns.rdata
  import dns.rdatatype
  import dns.rdataclass
  from ._compat import string_types
@@ -50,47 +50,35 @@ index b91a64f..2b5d5b2 100644
 +from Crypto.Signature import pkcs1_15, DSS
  
  class UnsupportedAlgorithm(dns.exception.DNSException):
-     """The DNSSEC algorithm is not supported."""
-@@ -39,27 +39,27 @@ class ValidationFailure(dns.exception.DNSException):
  
+@@ -39,34 +39,34 @@ class ValidationFailure(dns.exception.DN
+ 
+     """The DNSSEC signature is invalid."""
  
- #: RSAMD5
 -RSAMD5 = 1
-+ALGO_RSAMD5 = 1
- #: DH
 -DH = 2
-+ALGO_DH = 2
- #: DSA
 -DSA = 3
-+ALGO_DSA = 3
- #: ECC
 -ECC = 4
-+ALGO_ECC = 4
- #: RSASHA1
 -RSASHA1 = 5
-+ALGO_RSASHA1 = 5
- #: DSANSEC3SHA1
 -DSANSEC3SHA1 = 6
-+ALGO_DSANSEC3SHA1 = 6
- #: RSASHA1NSEC3SHA1
 -RSASHA1NSEC3SHA1 = 7
-+ALGO_RSASHA1NSEC3SHA1 = 7
- #: RSASHA256
 -RSASHA256 = 8
-+ALGO_RSASHA256 = 8
- #: RSASHA512
 -RSASHA512 = 10
-+ALGO_RSASHA512 = 10
- #: ECDSAP256SHA256
 -ECDSAP256SHA256 = 13
-+ALGO_ECDSAP256SHA256 = 13
- #: ECDSAP384SHA384
 -ECDSAP384SHA384 = 14
++ALGO_RSAMD5 = 1
++ALGO_DH = 2
++ALGO_DSA = 3
++ALGO_ECC = 4
++ALGO_RSASHA1 = 5
++ALGO_DSANSEC3SHA1 = 6
++ALGO_RSASHA1NSEC3SHA1 = 7
++ALGO_RSASHA256 = 8
++ALGO_RSASHA512 = 10
++ALGO_ECDSAP256SHA256 = 13
 +ALGO_ECDSAP384SHA384 = 14
- #: INDIRECT
  INDIRECT = 252
- #: PRIVATEDNS
-@@ -68,18 +68,18 @@ class ValidationFailure(dns.exception.DNSException):
+ PRIVATEDNS = 253
  PRIVATEOID = 254
  
  _algorithm_by_text = {
@@ -120,8 +108,8 @@ index b91a64f..2b5d5b2 100644
      'PRIVATEDNS': PRIVATEDNS,
      'PRIVATEOID': PRIVATEOID,
  }
-@@ -132,7 +132,7 @@ def key_id(key, origin=None):
- 
+@@ -107,7 +107,7 @@ def _to_rdata(record, origin):
+ def key_id(key, origin=None):
      rdata = _to_rdata(key, origin)
      rdata = bytearray(rdata)
 -    if key.algorithm == RSAMD5:
@@ -129,8 +117,8 @@ index b91a64f..2b5d5b2 100644
          return (rdata[-3] << 8) + rdata[-2]
      else:
          total = 0
-@@ -164,10 +164,10 @@ def make_ds(name, key, algorithm, origin=None):
- 
+@@ -123,10 +123,10 @@ def key_id(key, origin=None):
+ def make_ds(name, key, algorithm, origin=None):
      if algorithm.upper() == 'SHA1':
          dsalg = 1
 -        hash = dns.hash.hashes['SHA1']()
@@ -142,7 +130,7 @@ index b91a64f..2b5d5b2 100644
      else:
          raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm)
  
-@@ -203,51 +203,51 @@ def _find_candidate_keys(keys, rrsig):
+@@ -162,51 +162,51 @@ def _find_candidate_keys(keys, rrsig):
  
  
  def _is_rsa(algorithm):
@@ -210,7 +198,7 @@ index b91a64f..2b5d5b2 100644
      raise ValidationFailure('unknown hash for algorithm %u' % algorithm)
  
  
-@@ -326,11 +326,13 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+@@ -284,11 +284,13 @@ def _validate_rrsig(rrset, rrsig, keys,
                  keyptr = keyptr[2:]
              rsa_e = keyptr[0:bytes_]
              rsa_n = keyptr[bytes_:]
@@ -229,7 +217,7 @@ index b91a64f..2b5d5b2 100644
          elif _is_dsa(rrsig.algorithm):
              keyptr = candidate_key.key
              (t,) = struct.unpack('!B', keyptr[0:1])
-@@ -348,20 +350,19 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+@@ -306,20 +308,19 @@ def _validate_rrsig(rrset, rrsig, keys,
                   Crypto.Util.number.bytes_to_long(dsa_g),
                   Crypto.Util.number.bytes_to_long(dsa_p),
                   Crypto.Util.number.bytes_to_long(dsa_q)))
@@ -257,8 +245,8 @@ index b91a64f..2b5d5b2 100644
 +
              x = Crypto.Util.number.bytes_to_long(keyptr[0:key_len])
              y = Crypto.Util.number.bytes_to_long(keyptr[key_len:key_len * 2])
-             if not ecdsa.ecdsa.point_is_valid(curve.generator, x, y):
-@@ -374,6 +375,7 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+             assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
+@@ -331,6 +332,7 @@ def _validate_rrsig(rrset, rrsig, keys,
              s = rrsig.signature[key_len:]
              sig = ecdsa.ecdsa.Signature(Crypto.Util.number.bytes_to_long(r),
                                          Crypto.Util.number.bytes_to_long(s))
@@ -266,7 +254,7 @@ index b91a64f..2b5d5b2 100644
          else:
              raise ValidationFailure('unknown algorithm %u' % rrsig.algorithm)
  
-@@ -395,24 +397,31 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
+@@ -352,24 +354,31 @@ def _validate_rrsig(rrset, rrsig, keys,
              hash.update(rrlen)
              hash.update(rrdata)
  
@@ -315,7 +303,7 @@ index b91a64f..2b5d5b2 100644
      raise ValidationFailure('verify failure')
  
  
-@@ -444,10 +453,8 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
+@@ -401,10 +410,8 @@ def _validate(rrset, rrsigset, keys, ori
          rrname = rrset.name
  
      if isinstance(rrsigset, tuple):
@@ -326,7 +314,7 @@ index b91a64f..2b5d5b2 100644
          rrsigrdataset = rrsigset
  
      rrname = rrname.choose_relativity(origin)
-@@ -465,7 +472,7 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
+@@ -422,7 +429,7 @@ def _validate(rrset, rrsigset, keys, ori
  
  
  def _need_pycrypto(*args, **kwargs):
@@ -335,10 +323,9 @@ index b91a64f..2b5d5b2 100644
  
  try:
      import Crypto.PublicKey.RSA
-diff --git a/dns/hash.py b/dns/hash.py
-deleted file mode 100644
-index 966838a..0000000
---- a/dns/hash.py
+Index: dnspython-1.15.0/dns/hash.py
+===================================================================
+--- dnspython-1.15.0.orig/dns/hash.py
 +++ /dev/null
 @@ -1,31 +0,0 @@
 -# Copyright (C) 2011 Nominum, Inc.
@@ -372,11 +359,11 @@ index 966838a..0000000
 -
 -def get(algorithm):
 -    return hashes[algorithm.upper()]
-diff --git a/dns/tsig.py b/dns/tsig.py
-index c57d879..fd9d56a 100644
---- a/dns/tsig.py
-+++ b/dns/tsig.py
-@@ -19,9 +19,9 @@
+Index: dnspython-1.15.0/dns/tsig.py
+===================================================================
+--- dnspython-1.15.0.orig/dns/tsig.py
++++ dnspython-1.15.0/dns/tsig.py
+@@ -19,9 +19,9 @@ import hmac
  import struct
  
  import dns.exception
@@ -396,11 +383,11 @@ index c57d879..fd9d56a 100644
      except KeyError:
          raise NotImplementedError("TSIG algorithm " + str(algorithm) +
                                    " is not supported")
-diff --git a/tests/test_dnssec.py b/tests/test_dnssec.py
-index 80bd626..9fb037e 100644
---- a/tests/test_dnssec.py
-+++ b/tests/test_dnssec.py
-@@ -156,22 +156,22 @@
+Index: dnspython-1.15.0/tests/test_dnssec.py
+===================================================================
+--- dnspython-1.15.0.orig/tests/test_dnssec.py
++++ dnspython-1.15.0/tests/test_dnssec.py
+@@ -156,22 +156,22 @@ abs_other_ecdsa384_soa = dns.rrset.from_
  abs_ecdsa384_soa_rrsig = dns.rrset.from_text('example.', 86400, 'IN', 'RRSIG',
                                               "SOA 14 1 86400 20130929021229 20130921230729 63571 example. CrnCu34EeeRz0fEhL9PLlwjpBKGYW8QjBjFQTwd+ViVLRAS8tNkcDwQE NhSV89NEjj7ze1a/JcCfcJ+/mZgnvH4NHLNg3Tf6KuLZsgs2I4kKQXEk 37oIHravPEOlGYNI")
  
@@ -427,7 +414,7 @@ index 80bd626..9fb037e 100644
      def testAbsoluteRSABad(self):
          def bad():
              dns.dnssec.validate(abs_other_soa, abs_soa_rrsig, abs_keys, None,
-@@ -179,13 +179,13 @@ def bad():
+@@ -179,13 +179,13 @@ class DNSSECValidatorTestCase(unittest.T
          self.failUnlessRaises(dns.dnssec.ValidationFailure, bad)
  
      @unittest.skipUnless(dns.dnssec._have_pycrypto,
@@ -443,7 +430,7 @@ index 80bd626..9fb037e 100644
      def testRelativeRSABad(self):
          def bad():
              dns.dnssec.validate(rel_other_soa, rel_soa_rrsig, rel_keys,
-@@ -197,13 +197,13 @@ def testMakeSHA256DS(self):
+@@ -197,13 +197,13 @@ class DNSSECValidatorTestCase(unittest.T
          self.failUnless(ds == good_ds)
  
      @unittest.skipUnless(dns.dnssec._have_pycrypto,