Attachment #240367 for bug #269705




 
 /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */
 /* Define our own to simplify support across all versions. */
--- src/_cffi_src/openssl/evp.py.orig	2023-02-24 07:28:50 UTC
+++ src/_cffi_src/openssl/evp.py
@@ -203,7 +203,20 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, cons
                                       size_t) = NULL;
 #endif
 
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
+#if CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
+static const long Cryptography_HAS_RAW_KEY = 0;
+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL;
+EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *,
+                                       size_t) = NULL;
+EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *,
+                                      size_t) = NULL;
+int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *,
+                                    size_t *) = NULL;
+int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *,
+                                   size_t *) = NULL;
+#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
 static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
 static const long Cryptography_HAS_RAW_KEY = 0;
 static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
--- src/_cffi_src/openssl/fips.py.orig	2022-10-17 11:12:47 UTC
+++ src/_cffi_src/openssl/fips.py
@@ -17,11 +17,5 @@ int FIPS_mode(void);

 
 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
 static const long Cryptography_HAS_KEYLOG = 0;
@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST = 1;
 #endif
 
 #if CRYPTOGRAPHY_IS_LIBRESSL
-#endif
-
-#if CRYPTOGRAPHY_IS_LIBRESSL
-static const long SSL_OP_NO_DTLSv1 = 0;
-static const long SSL_OP_NO_DTLSv1_2 = 0;
 long (*DTLS_set_link_mtu)(SSL *, long) = NULL;
 long (*DTLS_get_link_min_mtu)(SSL *) = NULL;
 #endif
 
 static const long Cryptography_HAS_DTLS = 1;
--- src/_cffi_src/openssl/x509.py.orig	2022-10-17 11:26:23 UTC
+++ src/_cffi_src/openssl/x509.py
@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A

Return to bug 269705

Lines 144-149 Link Here

(-)b/security/py-cryptography/files/patch-libressl35 (-11 / +30 lines)
144		144
145	/* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */	145	/* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */
146	/* Define our own to simplify support across all versions. */	146	/* Define our own to simplify support across all versions. */
		147	--- src/_cffi_src/openssl/evp.py.orig 2023-02-24 07:28:50 UTC
		148	+++ src/_cffi_src/openssl/evp.py
		149	@@ -203,7 +203,20 @@ int (EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY , cons
		150	size_t) = NULL;
		151	#endif
		152
		153	-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
		154	+#if CRYPTOGRAPHY_IS_LIBRESSL
		155	+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
		156	+static const long Cryptography_HAS_RAW_KEY = 0;
		157	+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
		158	+int (EVP_DigestFinalXOF)(EVP_MD_CTX , unsigned char *, size_t) = NULL;
		159	+EVP_PKEY (EVP_PKEY_new_raw_private_key)(int, ENGINE , const unsigned char ,
		160	+ size_t) = NULL;
		161	+EVP_PKEY (EVP_PKEY_new_raw_public_key)(int, ENGINE , const unsigned char ,
		162	+ size_t) = NULL;
		163	+int (EVP_PKEY_get_raw_private_key)(const EVP_PKEY , unsigned char *,
		164	+ size_t *) = NULL;
		165	+int (EVP_PKEY_get_raw_public_key)(const EVP_PKEY , unsigned char *,
		166	+ size_t *) = NULL;
		167	+#elif CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
		168	static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
		169	static const long Cryptography_HAS_RAW_KEY = 0;
		170	static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
147	--- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC	171	--- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC
148	+++ src/_cffi_src/openssl/fips.py	172	+++ src/_cffi_src/openssl/fips.py
149	@@ -17,11 +17,5 @@ int FIPS_mode(void);	173	@@ -17,11 +17,5 @@ int FIPS_mode(void);
Lines 246-265 Link Here
246		270
247	#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111	271	#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
248	static const long Cryptography_HAS_KEYLOG = 0;	272	static const long Cryptography_HAS_KEYLOG = 0;
249	@@ -583,13 +578,6 @@ static const long Cryptography_HAS_TLS_ST = 1;	273	@@ -586,8 +581,6 @@ static const long Cryptography_HAS_TLS_ST = 1;
250	static const long Cryptography_HAS_TLS_ST = 0;	274	#endif
251	static const long TLS_ST_BEFORE = 0;	275
252	static const long TLS_ST_OK = 0;	276	#if CRYPTOGRAPHY_IS_LIBRESSL
253	-#endif
254	-
255	-#if CRYPTOGRAPHY_IS_LIBRESSL
256	-static const long SSL_OP_NO_DTLSv1 = 0;	277	-static const long SSL_OP_NO_DTLSv1 = 0;
257	-static const long SSL_OP_NO_DTLSv1_2 = 0;	278	-static const long SSL_OP_NO_DTLSv1_2 = 0;
258	-long (DTLS_set_link_mtu)(SSL , long) = NULL;	279	long (DTLS_set_link_mtu)(SSL , long) = NULL;
259	-long (DTLS_get_link_min_mtu)(SSL ) = NULL;	280	long (DTLS_get_link_min_mtu)(SSL ) = NULL;
260	#endif	281	#endif
261
262	static const long Cryptography_HAS_DTLS = 1;
263	--- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC	282	--- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC
264	+++ src/_cffi_src/openssl/x509.py	283	+++ src/_cffi_src/openssl/x509.py
265	@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A	284	@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A