1. photon
  2. Commit 5da51cf7c1d6bf77f2c17b6be635518a2a9f96ce
Browse code

python3-Twisted: use fips allowed algorithm in sslverify

Change-Id: Ia3b2db5d0429358169c1768d929cff1f62facd2c
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/20858

Shreenidhi Shedi authored on 2023/05/29 15:08:06
Showing 2 changed files
SPECS/python-Twisted/0001-sslverify.py-use-fips-compatible-sha512-instead-of-m.patch
History View file @ 5da51cf
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,50 @@
0 
+From ef68bf10fd3ab306ce6e9c6fff44e860f4d4c867 Mon Sep 17 00:00:00 2001
1 
+From: Shreenidhi Shedi <sshedi@vmware.com>
2 
+Date: Mon, 29 May 2023 11:33:44 +0530
3 
+Subject: [PATCH] sslverify.py: use fips compatible sha512 instead of md5
4 
+
5 
+Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
6 
+---
7 
+ src/twisted/internet/_sslverify.py | 8 ++++----
8 
+ 1 file changed, 4 insertions(+), 4 deletions(-)
9 
+
10 
+diff --git a/src/twisted/internet/_sslverify.py b/src/twisted/internet/_sslverify.py
11 
+index 6824482..48bb569 100644
12 
+--- a/src/twisted/internet/_sslverify.py
13 
+@@ -7,7 +7,7 @@
14 
+ import warnings
15 
+ from binascii import hexlify
16 
+ from functools import lru_cache
17 
+-from hashlib import md5
18 
++from hashlib import sha512
19 
+
20 
+ from zope.interface import Interface, implementer
21 
+
22 
+@@ -519,12 +519,12 @@ class Certificate(CertBase):
23 
+         """
24 
+         return self.original.get_serial_number()
25 
+
26 
+-    def digest(self, method="md5"):
27 
++    def digest(self, method="sha512"):
28 
+         """
29 
+         Return a digest hash of this certificate using the specified hash
30 
+         algorithm.
31 
+
32 
+-        @param method: One of C{'md5'} or C{'sha'}.
33 
++        @param method: C{'sha'}.
34 
+
35 
+         @return: The digest of the object, formatted as b":"-delimited hex
36 
+             pairs
37 
+@@ -750,7 +750,7 @@ class PublicKey:
38 
+         @rtype: native L{str}
39 
+         """
40 
+         raw = crypto.dump_publickey(crypto.FILETYPE_ASN1, self.original)
41 
+-        h = md5()
42 
++        h = sha512()
43 
+         h.update(raw)
44 
+         return h.hexdigest()
45 
+
46 
+--
47 
+2.40.1
48 
+
SPECS/python-Twisted/python-Twisted.spec
History View file @ 5da51cf
... ... 
@@ -1,41 +1,49 @@
1 
-%global debug_package %{nil}
1 
+%global debug_package   %{nil}
2 
+%define srcname         Twisted
3 
+
2 4 
 Summary:        An asynchronous networking framework written in Python
3 5 
 Name:           python3-Twisted
4 6 
 Version:        22.10.0
5 
-Release:        2%{?dist}
7 
+Release:        3%{?dist}
6 8 
 License:        MIT
7 9 
 Group:          Development/Languages/Python
8 10 
 Vendor:         VMware, Inc.
9 11 
 Distribution:   Photon
10 12 
 Url:            https://twistedmatrix.com
11 
-Source0:        https://pypi.python.org/packages/source/T/Twisted/Twisted-%{version}.tar.gz
12 
-%define sha512  Twisted=36adac424f6776c7db870d2291713da41054e974dfac0dbc1cbd55f76915a92073bcb25d4593b82e229d154d5297c67e7ba82d808921d206c97c8024bd5431a8
13 
-Patch0:         no_packet.patch
14 
-
15 
-BuildRequires:  python3-devel
16 
-BuildRequires:  python3-incremental
17 
-BuildRequires:  python3-zope.interface
18 
-BuildRequires:  python3-setuptools
19 
-BuildRequires:  python3-xml
20 
-BuildRequires:  python3-automat
21 
-
22 
-%if %{with_check}
23 
-BuildRequires:  net-tools
24 
-BuildRequires:  sudo
25 
-BuildRequires:  shadow
26 
-BuildRequires:  curl-devel
13 
+
14 
+Source0: https://pypi.python.org/packages/source/T/Twisted/%{srcname}-%{version}.tar.gz
15 
+%define sha512 %{srcname}=36adac424f6776c7db870d2291713da41054e974dfac0dbc1cbd55f76915a92073bcb25d4593b82e229d154d5297c67e7ba82d808921d206c97c8024bd5431a8
16 
+
17 
+Patch0: no_packet.patch
18 
+Patch1: 0001-sslverify.py-use-fips-compatible-sha512-instead-of-m.patch
19 
+
20 
+BuildRequires: python3-devel
21 
+BuildRequires: python3-incremental
22 
+BuildRequires: python3-zope.interface
23 
+BuildRequires: python3-setuptools
24 
+BuildRequires: python3-xml
25 
+BuildRequires: python3-automat
26 
+
27 
+%if 0%{?with_check}
28 
+BuildRequires: net-tools
29 
+BuildRequires: sudo
30 
+BuildRequires: shadow
31 
+BuildRequires: curl-devel
32 
+BuildRequires: python3-pip
33 
+BuildRequires: python3-constantly
34 
+
27 35 
 %endif
28 36
29 
-Requires:       python3
30 
-Requires:       python3-zope.interface
31 
-Requires:       python3-netaddr
32 
-Requires:       python3-incremental
33 
-Requires:       python3-constantly
34 
-Requires:       python3-hyperlink
35 
-Requires:       python3-attrs
36 
-Requires:       python3-PyHamcrest
37 
-Requires:       python3-service_identity >= 18.1.0
38 
-Requires:       python3-typing-extensions
37 
+Requires: python3
38 
+Requires: python3-zope.interface
39 
+Requires: python3-netaddr
40 
+Requires: python3-incremental
41 
+Requires: python3-constantly
42 
+Requires: python3-hyperlink
43 
+Requires: python3-attrs
44 
+Requires: python3-PyHamcrest
45 
+Requires: python3-service_identity >= 18.1.0
46 
+Requires: python3-typing-extensions
39 47
40 48 
 %description
41 49 
 Twisted is an event-driven networking engine written in Python and licensed under the open source ​MIT
... ... 
@@ -43,45 +51,45 @@ license. Twisted runs on Python 2 and an ever growing subset also works with Pyt
43 43 
 many common network protocols, including SMTP, POP3, IMAP, SSHv2, and DNS.
44 44
45 45 
 %prep
46 
-%autosetup -p1 -n Twisted-%{version}
46 
+%autosetup -p1 -n %{srcname}-%{version}
47 47
48 48 
 %build
49 
-%py3_build
49 
+%{py3_build}
50 50
51 51 
 %install
52 
-%py3_install
53 
-mv %{buildroot}/%{_bindir}/twistd %{buildroot}/%{_bindir}/twistd3
54 
-mv %{buildroot}/%{_bindir}/trial %{buildroot}/%{_bindir}/trial3
55 
-mv %{buildroot}/%{_bindir}/tkconch %{buildroot}/%{_bindir}/tkconch3
56 
-mv %{buildroot}/%{_bindir}/pyhtmlizer %{buildroot}/%{_bindir}/pyhtmlizer3
57 
-mv %{buildroot}/%{_bindir}/twist %{buildroot}/%{_bindir}/twist3
58 
-mv %{buildroot}/%{_bindir}/conch %{buildroot}/%{_bindir}/conch3
59 
-mv %{buildroot}/%{_bindir}/ckeygen %{buildroot}/%{_bindir}/ckeygen3
60 
-mv %{buildroot}/%{_bindir}/cftp %{buildroot}/%{_bindir}/cftp3
52 
+%{py3_install}
53 
+
54 
+for fn in twistd trial tkconch pyhtmlizer twist conch ckeygen cftp; do
55 
+  ln -sv ${fn} %{buildroot}%{_bindir}/${fn}3
56 
+done
61 57
58 
+%if 0%{?with_check}
62 59 
 %check
63 
-route add -net 224.0.0.0 netmask 240.0.0.0 dev lo
64 
-useradd test -G root -m
65 
-pushd ../p3dir
66 
-pip3 install --upgrade tox
67 
-chmod g+w . -R
68 
-LANG=en_US.UTF-8 tox -e py36-alldeps-nocov
69 
-popd
60 
+export LC_ALL=C
61 
+PATH=%{buildroot}%{_bindir}:$PATH \
62 
+     PYTHONPATH=%{buildroot}%{python3_sitelib} \
63 
+     %{buildroot}%{_bindir}/trial twisted
64 
+%endif
65 
+
66 
+%clean
67 
+rm -rf %{buildroot}
70 68
71 69 
 %files
72 70 
 %defattr(-,root,root)
73 71 
 %{python3_sitelib}/*
74 72 
 %{_bindir}/mailmail
75 
-%{_bindir}/twistd3
76 
-%{_bindir}/trial3
77 
-%{_bindir}/tkconch3
78 
-%{_bindir}/pyhtmlizer3
79 
-%{_bindir}/twist3
80 
-%{_bindir}/conch3
81 
-%{_bindir}/ckeygen3
82 
-%{_bindir}/cftp3
73 
+%{_bindir}/twistd*
74 
+%{_bindir}/trial*
75 
+%{_bindir}/tkconch*
76 
+%{_bindir}/pyhtmlizer*
77 
+%{_bindir}/twist*
78 
+%{_bindir}/conch*
79 
+%{_bindir}/ckeygen*
80 
+%{_bindir}/cftp*
83 81
84 82 
 %changelog
83 
+* Mon May 29 2023 Shreenidhi Shedi <sshedi@vmware.com> 22.10.0-3
84 
+- Use fips allowed hashing algorithms in sslverify
85 85 
 * Tue Dec 06 2022 Prashant S Chauhan <psinghchauha@vmware.com> 22.10.0-2
86 86 
 - Update release to compile with python 3.11
87 87 
 * Mon Oct 31 2022 Prashant S Chauhan <psinghchauha@vmware.com> 22.10.0-1