View | Details | Raw Unified | Return to bug 226906 | Differences between
and this patch

Collapse All | Expand All

(-)security/py-cryptography/files/patch-issue4210 (+182 lines)
Line 0 Link Here
1
--- src/_cffi_src/openssl/crypto.py.orig	2017-11-30 01:53:32 UTC
2
+++ src/_cffi_src/openssl/crypto.py
3
@@ -92,7 +92,7 @@ CUSTOMIZATIONS = """
4
 # define OPENSSL_PLATFORM        SSLEAY_PLATFORM
5
 # define OPENSSL_DIR             SSLEAY_DIR
6
 #endif
7
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
8
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
9
 static const long Cryptography_HAS_LOCKING_CALLBACKS = 1;
10
 #else
11
 static const long Cryptography_HAS_LOCKING_CALLBACKS = 0;
12
--- src/_cffi_src/openssl/cryptography.py.orig	2017-11-30 01:53:32 UTC
13
+++ src/_cffi_src/openssl/cryptography.py
14
@@ -25,27 +25,31 @@ INCLUDES = """
15
 #include <windows.h>
16
 #endif
17
 
18
-#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
19
-    (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL)
20
-#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
21
-    (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL)
22
-#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
23
-    (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL)
24
-#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
25
-    (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
26
+#if CRYPTOGRAPHY_IS_LIBRESSL
27
+#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
28
+#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
29
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
30
+#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000)
31
 
32
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \
33
-    (OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL)
34
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \
35
-    (OPENSSL_VERSION_NUMBER < 0x1000209f || CRYPTOGRAPHY_IS_LIBRESSL)
36
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \
37
-    (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL)
38
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \
39
-    (OPENSSL_VERSION_NUMBER < 0x10100004 || CRYPTOGRAPHY_IS_LIBRESSL)
40
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \
41
-    (OPENSSL_VERSION_NUMBER < 0x10100005 || CRYPTOGRAPHY_IS_LIBRESSL)
42
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \
43
-    (OPENSSL_VERSION_NUMBER < 0x10100006 || CRYPTOGRAPHY_IS_LIBRESSL)
44
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (LIBRESSL_VERSION_NUMBER < 0x20700000)
45
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (LIBRESSL_VERSION_NUMBER < 0x20700000)
46
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (LIBRESSL_VERSION_NUMBER < 0x20700000)
47
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (LIBRESSL_VERSION_NUMBER < 0x20700000)
48
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (LIBRESSL_VERSION_NUMBER < 0x20700000)
49
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (LIBRESSL_VERSION_NUMBER < 0x20700000)
50
+#else
51
+#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10002000)
52
+#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x100020cf)
53
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10100000) 
54
+#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x1010006f)
55
+
56
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (OPENSSL_VERSION_NUMBER < 0x10002000)
57
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (OPENSSL_VERSION_NUMBER < 0x1000209f)
58
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (OPENSSL_VERSION_NUMBER < 0x10100000)
59
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (OPENSSL_VERSION_NUMBER < 0x10100004)
60
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (OPENSSL_VERSION_NUMBER < 0x10100005)
61
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (OPENSSL_VERSION_NUMBER < 0x10100006)
62
+#endif
63
 """
64
 
65
 TYPES = """
66
--- src/_cffi_src/openssl/ct.py.orig	2018-04-29 18:09:26 UTC
67
+++ src/_cffi_src/openssl/ct.py
68
@@ -5,7 +5,7 @@
69
 from __future__ import absolute_import, division, print_function
70
 
71
 INCLUDES = """
72
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
73
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
74
 #include <openssl/ct.h>
75
 
76
 typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT;
77
@@ -55,7 +55,7 @@ void SCT_LIST_free(Cryptography_STACK_OF
78
 """
79
 
80
 CUSTOMIZATIONS = """
81
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
82
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
83
 static const long Cryptography_HAS_SCT = 1;
84
 #else
85
 static const long Cryptography_HAS_SCT = 0;
86
--- src/_cffi_src/openssl/ssl.py.orig	2017-11-30 01:53:32 UTC
87
+++ src/_cffi_src/openssl/ssl.py
88
@@ -578,7 +578,7 @@ static const long Cryptography_HAS_SSL_C
89
 
90
 /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were
91
    removed */
92
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
93
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
94
 static const long Cryptography_HAS_SSL_ST = 1;
95
 #else
96
 static const long Cryptography_HAS_SSL_ST = 0;
97
@@ -587,7 +587,7 @@ static const long SSL_ST_OK = 0;
98
 static const long SSL_ST_INIT = 0;
99
 static const long SSL_ST_RENEGOTIATE = 0;
100
 #endif
101
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
102
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
103
 static const long Cryptography_HAS_TLS_ST = 1;
104
 #else
105
 static const long Cryptography_HAS_TLS_ST = 0;
106
--- src/_cffi_src/openssl/x509.py.orig	2017-11-30 01:53:32 UTC
107
+++ src/_cffi_src/openssl/x509.py
108
@@ -359,7 +359,7 @@ int X509_get_signature_nid(const X509 *x
109
 
110
 /* Added in 1.0.2 but we need it in all versions now due to the great
111
    opaquing. */
112
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
113
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL
114
 /* from x509/x_x509.c */
115
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
116
 {
117
@@ -401,15 +401,6 @@ void X509_REQ_get0_signature(const X509_
118
     if (palg != NULL)
119
         *palg = req->sig_alg;
120
 }
121
-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
122
-{
123
-    req->req_info->enc.modified = 1;
124
-    return i2d_X509_REQ_INFO(req->req_info, pp);
125
-}
126
-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
127
-    crl->crl->enc.modified = 1;
128
-    return i2d_X509_CRL_INFO(crl->crl, pp);
129
-}
130
 
131
 void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
132
                              const X509_ALGOR **palg)
133
@@ -428,4 +419,17 @@ const ASN1_INTEGER *X509_REVOKED_get0_se
134
     return x->serialNumber;
135
 }
136
 #endif
137
+
138
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
139
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
140
+    crl->crl->enc.modified = 1;
141
+    return i2d_X509_CRL_INFO(crl->crl, pp);
142
+}
143
+
144
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
145
+{
146
+    req->req_info->enc.modified = 1;
147
+    return i2d_X509_REQ_INFO(req->req_info, pp);
148
+}
149
+#endif
150
 """
151
--- src/_cffi_src/openssl/x509_vfy.py.orig	2017-11-30 01:53:32 UTC
152
+++ src/_cffi_src/openssl/x509_vfy.py
153
@@ -257,6 +257,20 @@ void (*X509_VERIFY_PARAM_set_hostflags)(
154
                                         unsigned int) = NULL;
155
 #endif
156
 
157
+#if CRYPTOGRAPHY_OPENSSL_102_OR_GREATER && CRYPTOGRAPHY_IS_LIBRESSL
158
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
159
+static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
160
+static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
161
+static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
162
+static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
163
+static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
164
+/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
165
+   below because it shows up in some earlier 3rd party OpenSSL packages. */
166
+static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
167
+static const long X509_V_FLAG_SUITEB_192_LOS = 0;
168
+static const long X509_V_FLAG_SUITEB_128_LOS = 0;
169
+#endif
170
+
171
 /* OpenSSL 1.0.2+ or Solaris's backport */
172
 #ifdef X509_V_FLAG_PARTIAL_CHAIN
173
 static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
174
@@ -297,7 +311,7 @@ X509 *X509_OBJECT_get0_X509(X509_OBJECT 
175
 }
176
 #endif
177
 
178
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
179
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
180
 static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0;
181
 typedef void *X509_STORE_CTX_get_issuer_fn;
182
 X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL;

Return to bug 226906