1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
====================
Wounded hero revived
====================
Lessons learned from porting M2Crypto to Py3k
:Author: Matěj Cepl <mcepl@cepl.eu>
Origins
=======
* Mitch Kapor sold Lotus to IBM and decided to perpetrate good.
One of his projects was Chandler_.
* Project is gone_ The only remainder of the project is
M2Crypto_, full Python binding for OpenSSL.
.. class:: handout
Once upon a time, one Mitch Kapor, who sold Lotus to IBM, and
with money he got decided to perpetrate good. He did many
truly good things for the computer world, was co-founder of
EFF, helped with Mozilla Foundation, but he also founded
rather unsuccessful project, a Python-based universal PIM,
called Chandler_.
Subversion of the project has been mirrored couple of times,
one by me.
.. _Chandler:
https://en.wikipedia.org/wiki/Chandler_(software)
.. _gone:
https://gitlab.com/mcepl/chandler
.. _M2Crypto:
https://gitlab.com/m2crypto/m2crypto/
M2Crypto
========
* M2Crypto was maintained by `Heikki Toivonen`_ few years after
Chandler folded, but his last release 0.21.1 was from 2011.
* Maintained in Red Hat by `Miloslav Trmač`_.
* I took over the project in May 2015.
.. class:: handout
Maintenaned in Red Hat by `Miloslav Trmač`_, who collected
all patches in RHEL package.
I took over the project in May 2015 with the intention just
to publish all patches and be a point of contact for any
issue reports. I haven’t expected much activity, because
package was very silent in RHEL.
.. _`Heikki Toivonen`:
https://www.heikkitoivonen.net/
.. _`Miloslav Trmač`:
https://github.com/mtrmac
Strengths and weaknesses
========================
.. Strengths
* Backed up by stable C library
* Rather large coverage of OpenSSL API
* Surprisingly widespread use
* Large test suite
.. Weakness
* Unknown issues
* Python 3
* M2Crypto API copies OpenSSL too closely
* Support for Mac OS X and Windows (not mentioning ``*BSD``) was
broken.
.. class:: handout
Backed by … comparing to PyCrypto and other horrors.
Opportunities & Threats
=======================
.. Opportunities
* Satisfying current user base
* Replacing horrors like PyCrypto
* Goal of maintenance is to maintain API
* Extend support on non-Linux platforms
.. Threats
* Python ``ssl`` module
* Python cryptography_
.. class:: handout
Distribution bug tracker (especially an enterprise one) is
not a good measure of the real state of use and quality of
package.
There are apparently many programmers for custom software,
who use M2Crypto (still it is one of the most complete
bindings for OpenSSL).
Threats as a “competing” projects, which may replace
M2Crypto.
.. _cryptography:
https://github.com/pyca/cryptography
Unicode
=======
* The biggest problem of all Python 2 programs: complete
confusion between py2k ``str`` means py3k ``str`` and when
``bytes``.
* There are numerous uses of both in M2Crypto, because of course
both strings and binary data are present in all functions of
OpenSSL.
Strategy
========
* Type Hints
* CI
* Extension of platform support
Type Hints
==========
* `PEP 484`_ providing **optional** type annotations. Quite
controversial, but clearly very useful for libraries
* Native for Python >= 3.5, but supports py2k compatible syntax::
def sum(x, y):
# type: (int, int) -> int
return x + y
* Especially useful for our situation: marking types helps us to
analyze what invidivual py2k ``str`` actually mean.
.. _`PEP 484`:
https://www.python.org/dev/peps/pep-0484/
C API
=====
* All Unicode/bytes translation happens on C level as well
* Based on ``swig``, which fortunately natively supports
``--py3``.
* Also need to support two versions of OpenSSL API, 1.1 and
older.
* Minimize use of ``#ifdef`` s and rather use included shims
for missing functions.
C shims of missing functions
============================
* For OpenSSL < 1.1
* For Python 2
- ``PyLong_FromLong()`` and ``PyUnicode_AsUTF8()`` just simple
``#define`` s.
- All Pythons >= 2.6 contain whole set of Py3k function stubs
in ``bytesobject.h``.
* For Python 3
- ``PyFile_AsFile()`` I have no idea, why it was removed from
py3k API
|
