Author: Matti Picus <[email protected]>
Branch: py3.6
Changeset: r96666:6941f917df42
Date: 2019-05-24 08:05 +0300
http://bitbucket.org/pypy/pypy/changeset/6941f917df42/
Log: merge default into py3.6
diff --git a/lib_pypy/_cffi_ssl/__init__.py b/lib_pypy/_cffi_ssl/__init__.py
new file mode 100644
diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/ssl.py
@@ -71,6 +71,7 @@
static const long SSL_OP_MICROSOFT_SESS_ID_BUG;
static const long SSL_OP_NETSCAPE_CHALLENGE_BUG;
static const long SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
+static const long SSL_OP_NO_SSLv2;
static const long SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
static const long SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
static const long SSL_OP_MSIE_SSLV2_RSA_PADDING;
diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -1,7 +1,6 @@
import sys
import time
-import _thread
-import socket
+import thread as _thread
import weakref
from _pypy_openssl import ffi
from _pypy_openssl import lib
@@ -70,6 +69,7 @@
globals()[name[4:]] = getattr(lib, name)
OP_ALL = lib.SSL_OP_ALL & ~lib.SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+OP_NO_SSLv2 = lib.SSL_OP_NO_SSLv2
SSL_CLIENT = 0
SSL_SERVER = 1
@@ -78,7 +78,8 @@
if lib.Cryptography_HAS_SSL2:
PROTOCOL_SSLv2 = 0
-PROTOCOL_SSLv3 = 1
+if lib.Cryptography_HAS_SSL3_METHOD:
+ PROTOCOL_SSLv3 = 1
PROTOCOL_SSLv23 = 2
PROTOCOL_TLS = PROTOCOL_SSLv23
PROTOCOL_TLSv1 = 3
@@ -310,6 +311,9 @@
return self.socket_type == SSL_SERVER
def do_handshake(self):
+ # delay to prevent circular imports
+ import socket
+
sock = self.get_socket_or_connection_gone()
ssl = self.ssl
timeout = _socket_timeout(sock)
@@ -381,6 +385,9 @@
return _decode_certificate(self.peer_cert)
def write(self, bytestring):
+ # delay to prevent circular imports
+ import socket
+
deadline = 0
b = _str_to_ffi_buffer(bytestring)
sock = self.get_socket_or_connection_gone()
@@ -439,6 +446,9 @@
raise pyssl_error(self, length)
def read(self, length, buffer_into=None):
+ # delay to prevent circular imports
+ import socket
+
ssl = self.ssl
if length < 0 and buffer_into is None:
@@ -579,6 +589,9 @@
return sock
def shutdown(self):
+ # delay to prevent circular imports
+ import socket
+
sock = self.get_socket_or_None()
nonblocking = False
ssl = self.ssl
@@ -804,7 +817,7 @@
method = lib.TLSv1_1_method()
elif lib.Cryptography_HAS_TLSv1_2 and protocol == PROTOCOL_TLSv1_2 :
method = lib.TLSv1_2_method()
- elif protocol == PROTOCOL_SSLv3 and lib.Cryptography_HAS_SSL3_METHOD:
+ elif lib.Cryptography_HAS_SSL3_METHOD and protocol == PROTOCOL_SSLv3:
method = lib.SSLv3_method()
elif lib.Cryptography_HAS_SSL2 and protocol == PROTOCOL_SSLv2:
method = lib.SSLv2_method()
@@ -835,7 +848,7 @@
options = lib.SSL_OP_ALL & ~lib.SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
if not lib.Cryptography_HAS_SSL2 or protocol != PROTOCOL_SSLv2:
options |= lib.SSL_OP_NO_SSLv2
- if protocol != PROTOCOL_SSLv3:
+ if not lib.Cryptography_HAS_SSL3_METHOD or protocol != PROTOCOL_SSLv3:
options |= lib.SSL_OP_NO_SSLv3
# Minimal security flags for server and client side context.
# Client sockets ignore server-side parameters.
diff --git a/lib_pypy/_cffi_ssl/_stdssl/error.py
b/lib_pypy/_cffi_ssl/_stdssl/error.py
--- a/lib_pypy/_cffi_ssl/_stdssl/error.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/error.py
@@ -1,6 +1,7 @@
import sys
import os
import traceback
+(??)
from _pypy_openssl import ffi
from _pypy_openssl import lib
diff --git a/lib_pypy/_cffi_ssl/_stdssl/utility.py
b/lib_pypy/_cffi_ssl/_stdssl/utility.py
--- a/lib_pypy/_cffi_ssl/_stdssl/utility.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/utility.py
@@ -19,7 +19,7 @@
elif isinstance(view, memoryview):
# NOTE pypy limitation StringBuffer does not allow
# to get a raw address to the string!
- view = bytes(view)
+ view = view.tobytes()
# dont call call ffi.from_buffer(bytes(view)), arguments
# like ints/bools should result in a TypeError
return ffi.from_buffer(view)
diff --git a/lib_pypy/_ssl/__init__.py b/lib_pypy/_ssl/__init__.py
--- a/lib_pypy/_ssl/__init__.py
+++ b/lib_pypy/_ssl/__init__.py
@@ -3,6 +3,8 @@
from _cffi_ssl import _stdssl
from _cffi_ssl._stdssl import *
+OP_SINGLE_DH_USE = lib.SSL_OP_SINGLE_DH_USE
+OP_SINGLE_ECDH_USE = lib.SSL_OP_SINGLE_ECDH_USE
try: from __pypy__ import builtinify
except ImportError: builtinify = lambda f: f
diff --git a/pypy/config/pypyoption.py b/pypy/config/pypyoption.py
--- a/pypy/config/pypyoption.py
+++ b/pypy/config/pypyoption.py
@@ -113,42 +113,6 @@
module_suggests["cpyext"].append(("translation.shared", True))
-# NOTE: this dictionary is not used any more
-module_import_dependencies = {
- # no _rawffi if importing rpython.rlib.clibffi raises ImportError
- # or CompilationError or py.test.skip.Exception
- "_rawffi" : ["rpython.rlib.clibffi"],
-
- "zlib" : ["rpython.rlib.rzlib"],
- "bz2" : ["pypy.module.bz2.interp_bz2"],
- "pyexpat" : ["pypy.module.pyexpat.interp_pyexpat"],
- "_minimal_curses": ["pypy.module._minimal_curses.fficurses"],
- "_continuation": ["rpython.rlib.rstacklet"],
- "_vmprof" : ["pypy.module._vmprof.interp_vmprof"],
- "faulthandler" : ["pypy.module._vmprof.interp_vmprof"],
- "_lzma" : ["pypy.module._lzma.interp_lzma"],
- }
-
-def get_module_validator(modname):
- # NOTE: this function is not used any more
- if modname in module_import_dependencies:
- modlist = module_import_dependencies[modname]
- def validator(config):
- from rpython.rtyper.tool.rffi_platform import CompilationError
- try:
- for name in modlist:
- __import__(name)
- except (ImportError, CompilationError, py.test.skip.Exception) as
e:
- errcls = e.__class__.__name__
- raise Exception(
- "The module %r is disabled\n" % (modname,) +
- "because importing %s raised %s\n" % (name, errcls) +
- str(e))
- return validator
- else:
- return None
-
-
pypy_optiondescription = OptionDescription("objspace", "Object Space Options",
[
OptionDescription("usemodules", "Which Modules should be used", [
BoolOption(modname, "use module %s" % (modname, ),
@@ -157,7 +121,7 @@
requires=module_dependencies.get(modname, []),
suggests=module_suggests.get(modname, []),
negation=modname not in essential_modules,
- ) #validator=get_module_validator(modname))
+ )
for modname in all_modules]),
BoolOption("allworkingmodules", "use as many working modules as possible",
diff --git a/pypy/doc/whatsnew-head.rst b/pypy/doc/whatsnew-head.rst
--- a/pypy/doc/whatsnew-head.rst
+++ b/pypy/doc/whatsnew-head.rst
@@ -29,3 +29,8 @@
.. branch: shadowstack-issue2722
Make the shadowstack size more dynamic
+
+.. branch: cffi-libs
+
+Move _ssl and _hashlib from rpython to a cffi-based module, like on python3.
+Reduces the number of problematic linked-in libraries (libssl, libcrypto)
diff --git a/pypy/tool/build_cffi_imports.py b/pypy/tool/build_cffi_imports.py
--- a/pypy/tool/build_cffi_imports.py
+++ b/pypy/tool/build_cffi_imports.py
@@ -14,7 +14,7 @@
"tk": "_tkinter/tklib_build.py",
"curses": "_curses_build.py" if sys.platform != "win32" else None,
"syslog": "_syslog_build.py" if sys.platform != "win32" else None,
- "_gdbm": "_gdbm_build.py" if sys.platform != "win32" else None,
+ "gdbm": "_gdbm_build.py" if sys.platform != "win32" else None,
"pwdgrp": "_pwdgrp_build.py" if sys.platform != "win32" else None,
"resource": "_resource_build.py" if sys.platform != "win32" else None,
"lzma": "_lzma_build.py",
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit
