OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-dnspython?expand=0&rev=41
This commit is contained in:
Tomáš Chvátal
Git OBS Bridge
parent
ad27d482f0
commit
4a234f3edc
@ -17,11 +17,11 @@ Subject: [PATCH] Update DNSSEC code to use pycryptodome instead of pycrypto.
|
||||
8 files changed, 105 insertions(+), 126 deletions(-)
|
||||
delete mode 100644 dns/hash.py
|
||||
|
||||
diff --git a/dns/__init__.py b/dns/__init__.py
|
||||
index c848e48..3852729 100644
|
||||
--- a/dns/__init__.py
|
||||
+++ b/dns/__init__.py
|
||||
@@ -22,7 +22,6 @@
|
||||
Index: dnspython-1.15.0/dns/__init__.py
|
||||
===================================================================
|
||||
--- dnspython-1.15.0.orig/dns/__init__.py
|
||||
+++ dnspython-1.15.0/dns/__init__.py
|
||||
@@ -22,7 +22,6 @@ __all__ = [
|
||||
'entropy',
|
||||
'exception',
|
||||
'flags',
|
||||
@ -29,11 +29,11 @@ index c848e48..3852729 100644
|
||||
'inet',
|
||||
'ipv4',
|
||||
'ipv6',
|
||||
diff --git a/dns/dnssec.py b/dns/dnssec.py
|
||||
index b91a64f..2b5d5b2 100644
|
||||
--- a/dns/dnssec.py
|
||||
+++ b/dns/dnssec.py
|
||||
@@ -20,7 +20,6 @@
|
||||
Index: dnspython-1.15.0/dns/dnssec.py
|
||||
===================================================================
|
||||
--- dnspython-1.15.0.orig/dns/dnssec.py
|
||||
+++ dnspython-1.15.0/dns/dnssec.py
|
||||
@@ -20,7 +20,6 @@ import struct
|
||||
import time
|
||||
|
||||
import dns.exception
|
||||
@ -41,7 +41,7 @@ index b91a64f..2b5d5b2 100644
|
||||
import dns.name
|
||||
import dns.node
|
||||
import dns.rdataset
|
||||
@@ -28,7 +27,8 @@
|
||||
@@ -28,7 +27,8 @@ import dns.rdata
|
||||
import dns.rdatatype
|
||||
import dns.rdataclass
|
||||
from ._compat import string_types
|
||||
@ -50,47 +50,35 @@ index b91a64f..2b5d5b2 100644
|
||||
+from Crypto.Signature import pkcs1_15, DSS
|
||||
|
||||
class UnsupportedAlgorithm(dns.exception.DNSException):
|
||||
"""The DNSSEC algorithm is not supported."""
|
||||
@@ -39,27 +39,27 @@ class ValidationFailure(dns.exception.DNSException):
|
||||
|
||||
@@ -39,34 +39,34 @@ class ValidationFailure(dns.exception.DN
|
||||
|
||||
"""The DNSSEC signature is invalid."""
|
||||
|
||||
#: RSAMD5
|
||||
-RSAMD5 = 1
|
||||
+ALGO_RSAMD5 = 1
|
||||
#: DH
|
||||
-DH = 2
|
||||
+ALGO_DH = 2
|
||||
#: DSA
|
||||
-DSA = 3
|
||||
+ALGO_DSA = 3
|
||||
#: ECC
|
||||
-ECC = 4
|
||||
+ALGO_ECC = 4
|
||||
#: RSASHA1
|
||||
-RSASHA1 = 5
|
||||
+ALGO_RSASHA1 = 5
|
||||
#: DSANSEC3SHA1
|
||||
-DSANSEC3SHA1 = 6
|
||||
+ALGO_DSANSEC3SHA1 = 6
|
||||
#: RSASHA1NSEC3SHA1
|
||||
-RSASHA1NSEC3SHA1 = 7
|
||||
+ALGO_RSASHA1NSEC3SHA1 = 7
|
||||
#: RSASHA256
|
||||
-RSASHA256 = 8
|
||||
+ALGO_RSASHA256 = 8
|
||||
#: RSASHA512
|
||||
-RSASHA512 = 10
|
||||
+ALGO_RSASHA512 = 10
|
||||
#: ECDSAP256SHA256
|
||||
-ECDSAP256SHA256 = 13
|
||||
+ALGO_ECDSAP256SHA256 = 13
|
||||
#: ECDSAP384SHA384
|
||||
-ECDSAP384SHA384 = 14
|
||||
+ALGO_RSAMD5 = 1
|
||||
+ALGO_DH = 2
|
||||
+ALGO_DSA = 3
|
||||
+ALGO_ECC = 4
|
||||
+ALGO_RSASHA1 = 5
|
||||
+ALGO_DSANSEC3SHA1 = 6
|
||||
+ALGO_RSASHA1NSEC3SHA1 = 7
|
||||
+ALGO_RSASHA256 = 8
|
||||
+ALGO_RSASHA512 = 10
|
||||
+ALGO_ECDSAP256SHA256 = 13
|
||||
+ALGO_ECDSAP384SHA384 = 14
|
||||
#: INDIRECT
|
||||
INDIRECT = 252
|
||||
#: PRIVATEDNS
|
||||
@@ -68,18 +68,18 @@ class ValidationFailure(dns.exception.DNSException):
|
||||
PRIVATEDNS = 253
|
||||
PRIVATEOID = 254
|
||||
|
||||
_algorithm_by_text = {
|
||||
@ -120,8 +108,8 @@ index b91a64f..2b5d5b2 100644
|
||||
'PRIVATEDNS': PRIVATEDNS,
|
||||
'PRIVATEOID': PRIVATEOID,
|
||||
}
|
||||
@@ -132,7 +132,7 @@ def key_id(key, origin=None):
|
||||
|
||||
@@ -107,7 +107,7 @@ def _to_rdata(record, origin):
|
||||
def key_id(key, origin=None):
|
||||
rdata = _to_rdata(key, origin)
|
||||
rdata = bytearray(rdata)
|
||||
- if key.algorithm == RSAMD5:
|
||||
@ -129,8 +117,8 @@ index b91a64f..2b5d5b2 100644
|
||||
return (rdata[-3] << 8) + rdata[-2]
|
||||
else:
|
||||
total = 0
|
||||
@@ -164,10 +164,10 @@ def make_ds(name, key, algorithm, origin=None):
|
||||
|
||||
@@ -123,10 +123,10 @@ def key_id(key, origin=None):
|
||||
def make_ds(name, key, algorithm, origin=None):
|
||||
if algorithm.upper() == 'SHA1':
|
||||
dsalg = 1
|
||||
- hash = dns.hash.hashes['SHA1']()
|
||||
@ -142,7 +130,7 @@ index b91a64f..2b5d5b2 100644
|
||||
else:
|
||||
raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm)
|
||||
|
||||
@@ -203,51 +203,51 @@ def _find_candidate_keys(keys, rrsig):
|
||||
@@ -162,51 +162,51 @@ def _find_candidate_keys(keys, rrsig):
|
||||
|
||||
|
||||
def _is_rsa(algorithm):
|
||||
@ -210,7 +198,7 @@ index b91a64f..2b5d5b2 100644
|
||||
raise ValidationFailure('unknown hash for algorithm %u' % algorithm)
|
||||
|
||||
|
||||
@@ -326,11 +326,13 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
|
||||
@@ -284,11 +284,13 @@ def _validate_rrsig(rrset, rrsig, keys,
|
||||
keyptr = keyptr[2:]
|
||||
rsa_e = keyptr[0:bytes_]
|
||||
rsa_n = keyptr[bytes_:]
|
||||
@ -229,7 +217,7 @@ index b91a64f..2b5d5b2 100644
|
||||
elif _is_dsa(rrsig.algorithm):
|
||||
keyptr = candidate_key.key
|
||||
(t,) = struct.unpack('!B', keyptr[0:1])
|
||||
@@ -348,20 +350,19 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
|
||||
@@ -306,20 +308,19 @@ def _validate_rrsig(rrset, rrsig, keys,
|
||||
Crypto.Util.number.bytes_to_long(dsa_g),
|
||||
Crypto.Util.number.bytes_to_long(dsa_p),
|
||||
Crypto.Util.number.bytes_to_long(dsa_q)))
|
||||
@ -257,8 +245,8 @@ index b91a64f..2b5d5b2 100644
|
||||
+
|
||||
x = Crypto.Util.number.bytes_to_long(keyptr[0:key_len])
|
||||
y = Crypto.Util.number.bytes_to_long(keyptr[key_len:key_len * 2])
|
||||
if not ecdsa.ecdsa.point_is_valid(curve.generator, x, y):
|
||||
@@ -374,6 +375,7 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
|
||||
assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
|
||||
@@ -331,6 +332,7 @@ def _validate_rrsig(rrset, rrsig, keys,
|
||||
s = rrsig.signature[key_len:]
|
||||
sig = ecdsa.ecdsa.Signature(Crypto.Util.number.bytes_to_long(r),
|
||||
Crypto.Util.number.bytes_to_long(s))
|
||||
@ -266,7 +254,7 @@ index b91a64f..2b5d5b2 100644
|
||||
else:
|
||||
raise ValidationFailure('unknown algorithm %u' % rrsig.algorithm)
|
||||
|
||||
@@ -395,24 +397,31 @@ def _validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
|
||||
@@ -352,24 +354,31 @@ def _validate_rrsig(rrset, rrsig, keys,
|
||||
hash.update(rrlen)
|
||||
hash.update(rrdata)
|
||||
|
||||
@ -315,7 +303,7 @@ index b91a64f..2b5d5b2 100644
|
||||
raise ValidationFailure('verify failure')
|
||||
|
||||
|
||||
@@ -444,10 +453,8 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
|
||||
@@ -401,10 +410,8 @@ def _validate(rrset, rrsigset, keys, ori
|
||||
rrname = rrset.name
|
||||
|
||||
if isinstance(rrsigset, tuple):
|
||||
@ -326,7 +314,7 @@ index b91a64f..2b5d5b2 100644
|
||||
rrsigrdataset = rrsigset
|
||||
|
||||
rrname = rrname.choose_relativity(origin)
|
||||
@@ -465,7 +472,7 @@ def _validate(rrset, rrsigset, keys, origin=None, now=None):
|
||||
@@ -422,7 +429,7 @@ def _validate(rrset, rrsigset, keys, ori
|
||||
|
||||
|
||||
def _need_pycrypto(*args, **kwargs):
|
||||
@ -335,10 +323,9 @@ index b91a64f..2b5d5b2 100644
|
||||
|
||||
try:
|
||||
import Crypto.PublicKey.RSA
|
||||
diff --git a/dns/hash.py b/dns/hash.py
|
||||
deleted file mode 100644
|
||||
index 966838a..0000000
|
||||
--- a/dns/hash.py
|
||||
Index: dnspython-1.15.0/dns/hash.py
|
||||
===================================================================
|
||||
--- dnspython-1.15.0.orig/dns/hash.py
|
||||
+++ /dev/null
|
||||
@@ -1,31 +0,0 @@
|
||||
-# Copyright (C) 2011 Nominum, Inc.
|
||||
@ -372,11 +359,11 @@ index 966838a..0000000
|
||||
-
|
||||
-def get(algorithm):
|
||||
- return hashes[algorithm.upper()]
|
||||
diff --git a/dns/tsig.py b/dns/tsig.py
|
||||
index c57d879..fd9d56a 100644
|
||||
--- a/dns/tsig.py
|
||||
+++ b/dns/tsig.py
|
||||
@@ -19,9 +19,9 @@
|
||||
Index: dnspython-1.15.0/dns/tsig.py
|
||||
===================================================================
|
||||
--- dnspython-1.15.0.orig/dns/tsig.py
|
||||
+++ dnspython-1.15.0/dns/tsig.py
|
||||
@@ -19,9 +19,9 @@ import hmac
|
||||
import struct
|
||||
|
||||
import dns.exception
|
||||
@ -396,11 +383,11 @@ index c57d879..fd9d56a 100644
|
||||
except KeyError:
|
||||
raise NotImplementedError("TSIG algorithm " + str(algorithm) +
|
||||
" is not supported")
|
||||
diff --git a/tests/test_dnssec.py b/tests/test_dnssec.py
|
||||
index 80bd626..9fb037e 100644
|
||||
--- a/tests/test_dnssec.py
|
||||
+++ b/tests/test_dnssec.py
|
||||
@@ -156,22 +156,22 @@
|
||||
Index: dnspython-1.15.0/tests/test_dnssec.py
|
||||
===================================================================
|
||||
--- dnspython-1.15.0.orig/tests/test_dnssec.py
|
||||
+++ dnspython-1.15.0/tests/test_dnssec.py
|
||||
@@ -156,22 +156,22 @@ abs_other_ecdsa384_soa = dns.rrset.from_
|
||||
abs_ecdsa384_soa_rrsig = dns.rrset.from_text('example.', 86400, 'IN', 'RRSIG',
|
||||
"SOA 14 1 86400 20130929021229 20130921230729 63571 example. CrnCu34EeeRz0fEhL9PLlwjpBKGYW8QjBjFQTwd+ViVLRAS8tNkcDwQE NhSV89NEjj7ze1a/JcCfcJ+/mZgnvH4NHLNg3Tf6KuLZsgs2I4kKQXEk 37oIHravPEOlGYNI")
|
||||
|
||||
@ -427,7 +414,7 @@ index 80bd626..9fb037e 100644
|
||||
def testAbsoluteRSABad(self):
|
||||
def bad():
|
||||
dns.dnssec.validate(abs_other_soa, abs_soa_rrsig, abs_keys, None,
|
||||
@@ -179,13 +179,13 @@ def bad():
|
||||
@@ -179,13 +179,13 @@ class DNSSECValidatorTestCase(unittest.T
|
||||
self.failUnlessRaises(dns.dnssec.ValidationFailure, bad)
|
||||
|
||||
@unittest.skipUnless(dns.dnssec._have_pycrypto,
|
||||
@ -443,7 +430,7 @@ index 80bd626..9fb037e 100644
|
||||
def testRelativeRSABad(self):
|
||||
def bad():
|
||||
dns.dnssec.validate(rel_other_soa, rel_soa_rrsig, rel_keys,
|
||||
@@ -197,13 +197,13 @@ def testMakeSHA256DS(self):
|
||||
@@ -197,13 +197,13 @@ class DNSSECValidatorTestCase(unittest.T
|
||||
self.failUnless(ds == good_ds)
|
||||
|
||||
@unittest.skipUnless(dns.dnssec._have_pycrypto,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user