[pypy-commit] pypy default: cleanup
pjenvey
noreply at buildbot.pypy.org
Wed Jul 16 22:55:30 CEST 2014
Author: Philip Jenvey <pjenvey at underboss.org>
Branch:
Changeset: r72459:1fa3f31534b0
Date: 2014-07-16 13:54 -0700
http://bitbucket.org/pypy/pypy/changeset/1fa3f31534b0/
Log: cleanup
diff --git a/pypy/module/_ssl/interp_ssl.py b/pypy/module/_ssl/interp_ssl.py
--- a/pypy/module/_ssl/interp_ssl.py
+++ b/pypy/module/_ssl/interp_ssl.py
@@ -1,14 +1,12 @@
-from __future__ import with_statement
-from rpython.rtyper.lltypesystem import rffi, lltype
+from rpython.rlib import rpoll, rsocket
+from rpython.rlib.rarithmetic import intmask
+from rpython.rlib.ropenssl import *
+from rpython.rtyper.lltypesystem import lltype, rffi
+
+from pypy.interpreter.baseobjspace import W_Root
from pypy.interpreter.error import OperationError
-from pypy.interpreter.baseobjspace import W_Root
+from pypy.interpreter.gateway import interp2app, unwrap_spec
from pypy.interpreter.typedef import TypeDef
-from pypy.interpreter.gateway import interp2app, unwrap_spec
-
-from rpython.rlib.rarithmetic import intmask
-from rpython.rlib import rpoll, rsocket
-from rpython.rlib.ropenssl import *
-
from pypy.module._socket import interp_socket
@@ -83,19 +81,15 @@
Mix string into the OpenSSL PRNG state. entropy (a float) is a lower
bound on the entropy contained in string."""
-
- buf = rffi.str2charp(string)
- try:
+ with rffi.scoped_str2charp(string) as buf:
libssl_RAND_add(buf, len(string), entropy)
- finally:
- rffi.free_charp(buf)
def RAND_status(space):
"""RAND_status() -> 0 or 1
- Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.
- It is necessary to seed the PRNG with RAND_add() on some platforms before
- using the ssl() function."""
+ Returns 1 if the OpenSSL PRNG has been seeded with enough data
+ and 0 if not. It is necessary to seed the PRNG with RAND_add()
+ on some platforms before using the ssl() function."""
res = libssl_RAND_status()
return space.wrap(res)
@@ -107,16 +101,12 @@
Queries the entropy gather daemon (EGD) on socket path. Returns number
of bytes read. Raises socket.sslerror if connection to EGD fails or
if it does provide enough data to seed PRNG."""
-
- socket_path = rffi.str2charp(path)
- try:
+ with rffi.scoped_str2charp(path) as socket_path:
bytes = libssl_RAND_egd(socket_path)
- finally:
- rffi.free_charp(socket_path)
if bytes == -1:
- msg = "EGD connection failed or EGD did not return"
- msg += " enough data to seed the PRNG"
- raise ssl_error(space, msg)
+ raise ssl_error(space,
+ "EGD connection failed or EGD did not return "
+ "enough data to seed the PRNG")
return space.wrap(bytes)
@@ -127,9 +117,11 @@
self.ctx = lltype.nullptr(SSL_CTX.TO)
self.ssl = lltype.nullptr(SSL.TO)
self.peer_cert = lltype.nullptr(X509.TO)
- self._server = lltype.malloc(rffi.CCHARP.TO, X509_NAME_MAXLEN, flavor='raw')
+ self._server = lltype.malloc(rffi.CCHARP.TO, X509_NAME_MAXLEN,
+ flavor='raw')
self._server[0] = '\0'
- self._issuer = lltype.malloc(rffi.CCHARP.TO, X509_NAME_MAXLEN, flavor='raw')
+ self._issuer = lltype.malloc(rffi.CCHARP.TO, X509_NAME_MAXLEN,
+ flavor='raw')
self._issuer[0] = '\0'
self.shutdown_seen_zero = False
@@ -162,8 +154,7 @@
of bytes written."""
self._refresh_nonblocking(space)
- sockstate = check_socket_and_wait_for_timeout(space,
- self.w_socket, True)
+ sockstate = checkwait(space, self.w_socket, True)
if sockstate == SOCKET_HAS_TIMED_OUT:
raise ssl_error(space, "The write operation timed out")
elif sockstate == SOCKET_HAS_BEEN_CLOSED:
@@ -179,11 +170,9 @@
err = libssl_SSL_get_error(self.ssl, num_bytes)
if err == SSL_ERROR_WANT_READ:
- sockstate = check_socket_and_wait_for_timeout(space,
- self.w_socket, False)
+ sockstate = checkwait(space, self.w_socket, False)
elif err == SSL_ERROR_WANT_WRITE:
- sockstate = check_socket_and_wait_for_timeout(space,
- self.w_socket, True)
+ sockstate = checkwait(space, self.w_socket, True)
else:
sockstate = SOCKET_OPERATION_OK
@@ -219,19 +208,19 @@
"""read([len]) -> string
Read up to len bytes from the SSL socket."""
-
count = libssl_SSL_pending(self.ssl)
if not count:
- sockstate = check_socket_and_wait_for_timeout(space, self.w_socket,
- False)
+ sockstate = checkwait(space, self.w_socket, False)
if sockstate == SOCKET_HAS_TIMED_OUT:
raise ssl_error(space, "The read operation timed out")
elif sockstate == SOCKET_TOO_LARGE_FOR_SELECT:
- raise ssl_error(space, "Underlying socket too large for select().")
+ raise ssl_error(space,
+ "Underlying socket too large for select().")
elif sockstate == SOCKET_HAS_BEEN_CLOSED:
if libssl_SSL_get_shutdown(self.ssl) == SSL_RECEIVED_SHUTDOWN:
return space.wrap('')
- raise ssl_error(space, "Socket closed without SSL shutdown handshake")
+ raise ssl_error(space,
+ "Socket closed without SSL shutdown handshake")
with rffi.scoped_alloc_buffer(num_bytes) as buf:
while True:
@@ -241,11 +230,9 @@
err = libssl_SSL_get_error(self.ssl, count)
if err == SSL_ERROR_WANT_READ:
- sockstate = check_socket_and_wait_for_timeout(space,
- self.w_socket, False)
+ sockstate = checkwait(space, self.w_socket, False)
elif err == SSL_ERROR_WANT_WRITE:
- sockstate = check_socket_and_wait_for_timeout(space,
- self.w_socket, True)
+ sockstate = checkwait(space, self.w_socket, True)
elif (err == SSL_ERROR_ZERO_RETURN and
libssl_SSL_get_shutdown(self.ssl) == SSL_RECEIVED_SHUTDOWN):
return space.wrap("")
@@ -286,11 +273,9 @@
err = libssl_SSL_get_error(self.ssl, ret)
# XXX PyErr_CheckSignals()
if err == SSL_ERROR_WANT_READ:
- sockstate = check_socket_and_wait_for_timeout(
- space, self.w_socket, False)
+ sockstate = checkwait(space, self.w_socket, False)
elif err == SSL_ERROR_WANT_WRITE:
- sockstate = check_socket_and_wait_for_timeout(
- space, self.w_socket, True)
+ sockstate = checkwait(space, self.w_socket, True)
else:
sockstate = SOCKET_OPERATION_OK
if sockstate == SOCKET_HAS_TIMED_OUT:
@@ -298,7 +283,8 @@
elif sockstate == SOCKET_HAS_BEEN_CLOSED:
raise ssl_error(space, "Underlying socket has been closed.")
elif sockstate == SOCKET_TOO_LARGE_FOR_SELECT:
- raise ssl_error(space, "Underlying socket too large for select().")
+ raise ssl_error(space,
+ "Underlying socket too large for select().")
elif sockstate == SOCKET_IS_NONBLOCKING:
break
@@ -330,7 +316,6 @@
self._refresh_nonblocking(space)
zeros = 0
-
while True:
# Disable read-ahead so that unwrap can work correctly.
# Otherwise OpenSSL might read in too much data,
@@ -360,11 +345,9 @@
# Possibly retry shutdown until timeout or failure
ssl_err = libssl_SSL_get_error(self.ssl, ret)
if ssl_err == SSL_ERROR_WANT_READ:
- sockstate = check_socket_and_wait_for_timeout(
- space, self.w_socket, False)
+ sockstate = checkwait(space, self.w_socket, False)
elif ssl_err == SSL_ERROR_WANT_WRITE:
- sockstate = check_socket_and_wait_for_timeout(
- space, self.w_socket, True)
+ sockstate = checkwait(space, self.w_socket, True)
else:
break
@@ -374,7 +357,8 @@
else:
raise ssl_error(space, "The write operation timed out")
elif sockstate == SOCKET_TOO_LARGE_FOR_SELECT:
- raise ssl_error(space, "Underlying socket too large for select().")
+ raise ssl_error(space,
+ "Underlying socket too large for select().")
elif sockstate != SOCKET_OPERATION_OK:
# Retain the SSL error code
break
@@ -392,35 +376,29 @@
return space.w_None
name = libssl_SSL_CIPHER_get_name(current)
- if name:
- w_name = space.wrap(rffi.charp2str(name))
- else:
- w_name = space.w_None
+ w_name = space.wrap(rffi.charp2str(name)) if name else space.w_None
proto = libssl_SSL_CIPHER_get_version(current)
- if proto:
- w_proto = space.wrap(rffi.charp2str(proto))
- else:
- w_proto = space.w_None
+ w_proto = space.wrap(rffi.charp2str(proto)) if proto else space.w_None
bits = libssl_SSL_CIPHER_get_bits(current,
lltype.nullptr(rffi.INTP.TO))
w_bits = space.newint(bits)
-
return space.newtuple([w_name, w_proto, w_bits])
@unwrap_spec(der=bool)
def peer_certificate(self, space, der=False):
"""peer_certificate([der=False]) -> certificate
- Returns the certificate for the peer. If no certificate was provided,
- returns None. If a certificate was provided, but not validated, returns
- an empty dictionary. Otherwise returns a dict containing information
- about the peer certificate.
+ Returns the certificate for the peer. If no certificate was
+ provided, returns None. If a certificate was provided, but not
+ validated, returns an empty dictionary. Otherwise returns a
+ dict containing information about the peer certificate.
- If the optional argument is True, returns a DER-encoded copy of the
- peer certificate, or None if no certificate was provided. This will
- return the certificate even if it wasn't validated."""
+ If the optional argument is True, returns a DER-encoded copy of
+ the peer certificate, or None if no certificate was provided.
+ This will return the certificate even if it wasn't validated.
+ """
if not self.peer_cert:
return space.w_None
@@ -579,15 +557,16 @@
name = libssl_sk_GENERAL_NAME_value(names, j)
gntype = intmask(name[0].c_type)
if gntype == GEN_DIRNAME:
- # we special-case DirName as a tuple of tuples of attributes
+ # we special-case DirName as a tuple of tuples of
+ # attributes
dirname = libssl_pypy_GENERAL_NAME_dirn(name)
w_t = space.newtuple([
space.wrap("DirName"),
_create_tuple_for_X509_NAME(space, dirname)
])
elif gntype in (GEN_EMAIL, GEN_DNS, GEN_URI):
- # GENERAL_NAME_print() doesn't handle NULL bytes in ASN1_string
- # correctly, CVE-2013-4238
+ # GENERAL_NAME_print() doesn't handle NULL bytes in
+ # ASN1_string correctly, CVE-2013-4238
if gntype == GEN_EMAIL:
v = space.wrap("email")
elif gntype == GEN_DNS:
@@ -664,26 +643,11 @@
sock_fd = space.int_w(space.call_method(w_sock, "fileno"))
w_timeout = space.call_method(w_sock, "gettimeout")
- if space.is_none(w_timeout):
- has_timeout = False
- else:
- has_timeout = True
- if space.is_none(w_key_file):
- key_file = None
- else:
- key_file = space.str_w(w_key_file)
- if space.is_none(w_cert_file):
- cert_file = None
- else:
- cert_file = space.str_w(w_cert_file)
- if space.is_none(w_cacerts_file):
- cacerts_file = None
- else:
- cacerts_file = space.str_w(w_cacerts_file)
- if space.is_none(w_ciphers):
- ciphers = None
- else:
- ciphers = space.str_w(w_ciphers)
+ has_timeout = not space.is_none(w_timeout)
+ key_file = space.str_or_None_w(w_key_file)
+ cert_file = space.str_or_None_w(w_cert_file)
+ cacerts_file = space.str_or_None_w(w_cacerts_file)
+ ciphers = space.str_or_None_w(w_ciphers)
if side == PY_SSL_SERVER and (not key_file or not cert_file):
raise ssl_error(space, "Both the key & certificate files "
@@ -746,8 +710,8 @@
libssl_SSL_set_fd(ss.ssl, sock_fd) # set the socket for SSL
# The ACCEPT_MOVING_WRITE_BUFFER flag is necessary because the address
# of a str object may be changed by the garbage collector.
- libssl_SSL_set_mode(ss.ssl,
- SSL_MODE_AUTO_RETRY | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+ libssl_SSL_set_mode(
+ ss.ssl, SSL_MODE_AUTO_RETRY | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
# If the socket is in non-blocking mode or timeout mode, set the BIO
# to non-blocking mode (blocking is the default)
@@ -764,7 +728,7 @@
ss.w_socket = w_sock
return ss
-def check_socket_and_wait_for_timeout(space, w_sock, writing):
+def checkwait(space, w_sock, writing):
"""If the socket has a timeout, do a select()/poll() on the socket.
The argument writing indicates the direction.
Returns one of the possibilities in the timeout_state enum (above)."""
More information about the pypy-commit
mailing list