update to py-rsa-3.4.1

tweaks from jca@, ok shadchin@ jca@ ajacoutot@
2016-03-29 17:44:29 +00:00 · 2016-03-29 17:44:29 +00:00 · 1cdb143662
commit 1cdb143662
parent 2447ae7a15
3 changed files with 7 additions and 114 deletions
--- a/security/py-rsa/Makefile
+++ b/security/py-rsa/Makefile
@ -1,11 +1,10 @@
-# $OpenBSD: Makefile,v 1.3 2016/01/08 09:23:00 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.4 2016/03/29 17:44:29 danj Exp $

 COMMENT=		Python RSA implementation

-MODPY_EGG_VERSION=	3.2.3
+MODPY_EGG_VERSION=	3.4.1
 DISTNAME=		rsa-${MODPY_EGG_VERSION}
 PKGNAME=		py-${DISTNAME}
-REVISION=		0

 CATEGORIES=		security

@ -19,18 +18,12 @@ MODPY_PI=		Yes
 MODPY_SETUPTOOLS=	Yes

 RUN_DEPENDS=		devel/py-asn1${MODPY_FLAVOR}
+TEST_DEPENDS=		${RUN_DEPENDS} \
+			devel/py-test${MODPY_FLAVOR}

 FLAVORS=		python3
 FLAVOR ?=

-.if ${FLAVOR:Mpython3}
-# needs devel/py-unittest2,python3
-#NO_TEST=		Yes
-.else
-TEST_DEPENDS=		${RUN_DEPENDS} \
-			devel/py-unittest2
-.endif
-
 .if ${FLAVOR:Mpython3}
 post-install:
 	for i in ${PREFIX}/bin/*; do \
@ -39,6 +32,6 @@ post-install:
 .endif

 do-test:
-	cd ${WRKSRC} && ${MODPY_BIN} ./run_tests.py
+	cd ${WRKSRC} && ${MODPY_BIN} -m pytest

 .include <bsd.port.mk>
--- a/security/py-rsa/distinfo
+++ b/security/py-rsa/distinfo
@ -1,2 +1,2 @@
-SHA256 (rsa-3.2.3.tar.gz) = FNsojMQNYzne32DXpHBTqwBLSol2pcWUAqIR2Pxb8h8=
-SIZE (rsa-3.2.3.tar.gz) = 35628
+SHA256 (rsa-3.4.1.tar.gz) = b7dNfX1uy63TfbrTKbMdhI+6X+i0CtbRLPfi5aoV5GQ=
+SIZE (rsa-3.4.1.tar.gz) = 40938
--- a/security/py-rsa/patches/patch-rsa_pkcs1_py
+++ b/security/py-rsa/patches/patch-rsa_pkcs1_py
@ -1,100 +0,0 @@
-$OpenBSD: patch-rsa_pkcs1_py,v 1.1 2016/01/08 09:23:00 ajacoutot Exp $
-
-https://bitbucket.org/sybren/python-rsa/commits/0cbcc529926afd61c6df4f50cfc29971beafd2c2/raw/
-
--- rsa/pkcs1.py.orig	Thu Nov  5 21:23:16 2015
-+++ rsa/pkcs1.py	Fri Jan  8 10:20:09 2016
-@@ -22,10 +22,10 @@ very clear example, read http://www.di-mgt.com.au/rsa_
- At least 8 bytes of random padding is used when encrypting a message. This makes
- these methods much more secure than the ones in the ``rsa`` module.
- 
-WARNING: this module leaks information when decryption or verification fails.
-The exceptions that are raised contain the Python traceback information, which
-can be used to deduce where in the process the failure occurred. DO NOT PASS
-SUCH INFORMATION to your users.
-+WARNING: this module leaks information when decryption fails. The exceptions
-+that are raised contain the Python traceback information, which can be used to
-+deduce where in the process the failure occurred. DO NOT PASS SUCH INFORMATION
-+to your users.
- '''
- 
- import hashlib
-@@ -288,37 +288,23 @@ def verify(message, signature, pub_key):
-     :param pub_key: the :py:class:`rsa.PublicKey` of the person signing the message.
-     :raise VerificationError: when the signature doesn't match the message.
- 
-    .. warning::
-
-        Never display the stack trace of a
-        :py:class:`rsa.pkcs1.VerificationError` exception. It shows where in
-        the code the exception occurred, and thus leaks information about the
-        key. It's only a tiny bit of information, but every bit makes cracking
-        the keys easier.
-
-     '''
-     
-    blocksize = common.byte_size(pub_key.n)
-+    keylength = common.byte_size(pub_key.n)
-     encrypted = transform.bytes2int(signature)
-     decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n)
-    clearsig = transform.int2bytes(decrypted, blocksize)
-
-    # If we can't find the signature  marker, verification failed.
-    if clearsig[0:2] != b('\x00\x01'):
-        raise VerificationError('Verification failed')
-+    clearsig = transform.int2bytes(decrypted, keylength)
-     
-    # Find the 00 separator between the padding and the payload
-    try:
-        sep_idx = clearsig.index(b('\x00'), 2)
-    except ValueError:
-        raise VerificationError('Verification failed')
-    
-    # Get the hash and the hash method
-    (method_name, signature_hash) = _find_method_hash(clearsig[sep_idx+1:])
-+    # Get the hash method
-+    method_name = _find_method_hash(clearsig)
-     message_hash = _hash(message, method_name)
- 
-    # Compare the real hash to the hash in the signature
-    if message_hash != signature_hash:
-+    # Reconstruct the expected padded hash
-+    cleartext = HASH_ASN1[method_name] + message_hash
-+    expected = _pad_for_signing(cleartext, keylength)
-+
-+    # Compare with the signed one
-+    if expected != clearsig:
-         raise VerificationError('Verification failed')
- 
-     return True
-@@ -351,24 +337,20 @@ def _hash(message, method_name):
-     return hasher.digest()
- 
- 
-def _find_method_hash(method_hash):
-    '''Finds the hash method and the hash itself.
-+def _find_method_hash(clearsig):
-+    '''Finds the hash method.
-     
-    :param method_hash: ASN1 code for the hash method concatenated with the
-        hash itself.
-+    :param clearsig: full padded ASN1 and hash.
-     
-    :return: tuple (method, hash) where ``method`` is the used hash method, and
-        ``hash`` is the hash itself.
-+    :return: the used hash method.
-     
-     :raise VerificationFailed: when the hash method cannot be found
- 
-     '''
- 
-     for (hashname, asn1code) in HASH_ASN1.items():
-        if not method_hash.startswith(asn1code):
-            continue
-        
-        return (hashname, method_hash[len(asn1code):])
-+        if asn1code in clearsig:
-+            return hashname
-     
-     raise VerificationError('Verification failed')
-