File: ssl-patch.patch

package info (click to toggle)
ilorest 5.2.0.0-7
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 12,668 kB
  • sloc: python: 45,028; javascript: 10,504; sh: 3,041; makefile: 301; ruby: 204
file content (75 lines) | stat: -rw-r--r-- 2,402 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
diff -Naur Python-2.7.14.org/Lib/ssl.py Python-2.7.14/Lib/ssl.py
--- Python-2.7.14.org/Lib/ssl.py	2017-09-16 12:38:35.000000000 -0500
+++ Python-2.7.14/Lib/ssl.py	2017-12-13 13:25:17.641116512 -0600
@@ -111,6 +111,11 @@
 except ImportError:
     # LibreSSL does not provide RAND_egd
     pass
+# Try exposing the FIPS functions if available.
+try:
+    from _ssl import FIPS_mode, FIPS_mode_set
+except ImportError:
+    pass
 
 def _import_symbols(prefix):
     for n in dir(_ssl):
diff -Naur Python-2.7.14.org/Modules/_ssl.c Python-2.7.14/Modules/_ssl.c
--- Python-2.7.14.org/Modules/_ssl.c	2017-09-16 12:38:35.000000000 -0500
+++ Python-2.7.14/Modules/_ssl.c	2017-12-13 13:25:40.285116822 -0600
@@ -3914,6 +3914,43 @@
 
 #endif /* _MSC_VER */
 
+/* Comment the below macro definition
+ * to exclude FIPS_mode functions from build. */
+#define EXPORT_FIPSMODE_FUNCS
+
+#ifdef EXPORT_FIPSMODE_FUNCS
+
+static PyObject *
+PySSL_FIPS_mode(PyObject *self) {
+    return PyLong_FromLong(FIPS_mode());
+}
+
+PyDoc_STRVAR(PySSL_FIPS_mode_doc,
+"FIPS_mode() -> int\n\
+\n\
+Returns != 0 (1) if FIPS mode is enabled, 0 otherwise.");
+
+static PyObject *
+PySSL_FIPS_mode_set(PyObject *self, PyObject *arg) {
+    if (!PyLong_Check(arg))
+        return PyErr_Format(PyExc_TypeError,
+                            "FIPS_mode_set() expected int, found %s",
+                            Py_TYPE(arg)->tp_name);
+    if (FIPS_mode_set(PyLong_AsUnsignedLong(arg)) == 0) {
+        _setSSLError(ERR_error_string(ERR_get_error(), NULL) , 0, __FILE__, __LINE__);
+        return NULL;
+    }
+    Py_RETURN_NONE;
+}
+
+PyDoc_STRVAR(PySSL_FIPS_mode_set_doc,
+"FIPS_mode_set(mode) -> None\n\
+\n\
+Tries to set the FIPS mode to 'mode' (int).\n\
+Returns nothing. Raises TypeError when 'mode' is invalid,\n\
+SSLError when enabling FIPS mode fails.");
+#endif  //EXPORT_FIPSMODE_FUNCS
+
 /* List of functions exported by this module. */
 
 static PyMethodDef PySSL_methods[] = {
@@ -3941,6 +3978,12 @@
      METH_VARARGS | METH_KEYWORDS, PySSL_txt2obj_doc},
     {"nid2obj", (PyCFunction)PySSL_nid2obj,
      METH_VARARGS, PySSL_nid2obj_doc},
+#ifdef EXPORT_FIPSMODE_FUNCS
+	{"FIPS_mode", (PyCFunction)PySSL_FIPS_mode, METH_NOARGS,
+	PySSL_FIPS_mode_doc},
+	{"FIPS_mode_set", (PyCFunction)PySSL_FIPS_mode_set, METH_O,
+	PySSL_FIPS_mode_set_doc},
+#endif
     {NULL,                  NULL}            /* Sentinel */
 };