View | Details | Raw Unified | Return to bug 226906 | Differences between
and this patch

Collapse All | Expand All

(-)security/py-cryptography/files/patch-issue4168 (+111 lines)
Line 0 Link Here
1
$OpenBSD: patch-src__cffi_src_openssl_x509_py,v 1.1 2018/02/18 13:44:41 sthen Exp $
2
3
Index: src/_cffi_src/openssl/x509.py
4
--- src/_cffi_src/openssl/x509.py.orig
5
+++ src/_cffi_src/openssl/x509.py
6
@@ -255,8 +255,7 @@ int X509_get_signature_nid(const X509 *);
7
 
8
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *);
9
 
10
-/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */
11
-void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *);
12
+void X509_get0_signature(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *);
13
 
14
 long X509_get_version(X509 *);
15
 
16
@@ -339,7 +338,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A
17
 CUSTOMIZATIONS = """
18
 /* Added in 1.0.2 beta but we need it in all versions now due to the great
19
    opaquing. */
20
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
21
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && \
22
+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
23
 /* from x509/x_x509.c version 1.0.2 */
24
 void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
25
                          const X509 *x)
26
@@ -383,9 +383,11 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOK
27
    opaquing. */
28
 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
29
 
30
+#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
31
 int X509_up_ref(X509 *x) {
32
    return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
33
 }
34
+#endif
35
 
36
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
37
 {
38
$OpenBSD: patch-src__cffi_src_openssl_x509_vfy_py,v 1.7 2018/02/22 18:49:16 sthen Exp $
39
40
Index: src/_cffi_src/openssl/x509_vfy.py
41
--- src/_cffi_src/openssl/x509_vfy.py.orig
42
+++ src/_cffi_src/openssl/x509_vfy.py
43
@@ -204,7 +204,7 @@ int sk_X509_OBJECT_num(Cryptography_STACK_OF_X509_OBJE
44
 X509_OBJECT *sk_X509_OBJECT_value(Cryptography_STACK_OF_X509_OBJECT *, int);
45
 X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *);
46
 Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *);
47
-X509 *X509_OBJECT_get0_X509(X509_OBJECT *);
48
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *);
49
 int X509_OBJECT_get_type(const X509_OBJECT *);
50
 
51
 /* added in 1.1.0 */
52
@@ -220,14 +220,11 @@ static const long Cryptography_HAS_102_VERIFICATION_ER
53
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
54
 #else
55
 static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
56
+#if LIBRESSL_VERSION_NUMBER >= 0x2070000fL
57
+static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
58
+#else
59
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
60
 
61
-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
62
-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
63
-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
64
-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
65
-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
66
-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
67
 /* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added
68
    in the future... */
69
 #ifndef X509_V_ERR_HOSTNAME_MISMATCH
70
@@ -240,12 +237,6 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0;
71
 static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
72
 #endif
73
 
74
-/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
75
-   below because it shows up in some earlier 3rd party OpenSSL packages. */
76
-static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
77
-static const long X509_V_FLAG_SUITEB_192_LOS = 0;
78
-static const long X509_V_FLAG_SUITEB_128_LOS = 0;
79
-
80
 int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
81
                                    size_t) = NULL;
82
 int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
83
@@ -257,6 +248,19 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PA
84
                                         unsigned int) = NULL;
85
 #endif
86
 
87
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
88
+static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
89
+static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
90
+static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
91
+static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
92
+static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
93
+/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
94
+   below because it shows up in some earlier 3rd party OpenSSL packages. */
95
+static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
96
+static const long X509_V_FLAG_SUITEB_192_LOS = 0;
97
+static const long X509_V_FLAG_SUITEB_128_LOS = 0;
98
+#endif
99
+
100
 /* OpenSSL 1.0.2+ or Solaris's backport */
101
 #ifdef X509_V_FLAG_PARTIAL_CHAIN
102
 static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
103
@@ -292,7 +296,7 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
104
     return ctx->cert;
105
 }
106
 
107
-X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
108
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *x) {
109
     return x->data.x509;
110
 }
111
 #endif

Return to bug 226906