Line 0
Link Here
|
|
|
1 |
--- src/_cffi_src/openssl/crypto.py.orig 2017-11-30 01:53:32 UTC |
2 |
+++ src/_cffi_src/openssl/crypto.py |
3 |
@@ -92,7 +92,7 @@ CUSTOMIZATIONS = """ |
4 |
# define OPENSSL_PLATFORM SSLEAY_PLATFORM |
5 |
# define OPENSSL_DIR SSLEAY_DIR |
6 |
#endif |
7 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
8 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
9 |
static const long Cryptography_HAS_LOCKING_CALLBACKS = 1; |
10 |
#else |
11 |
static const long Cryptography_HAS_LOCKING_CALLBACKS = 0; |
12 |
--- src/_cffi_src/openssl/cryptography.py.orig 2017-11-30 01:53:32 UTC |
13 |
+++ src/_cffi_src/openssl/cryptography.py |
14 |
@@ -25,27 +25,31 @@ INCLUDES = """ |
15 |
#include <windows.h> |
16 |
#endif |
17 |
|
18 |
-#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ |
19 |
- (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL) |
20 |
-#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \ |
21 |
- (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL) |
22 |
-#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \ |
23 |
- (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL) |
24 |
-#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ |
25 |
- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) |
26 |
+#if CRYPTOGRAPHY_IS_LIBRESSL |
27 |
+#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
28 |
+#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
29 |
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
30 |
+#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
31 |
|
32 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \ |
33 |
- (OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL) |
34 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \ |
35 |
- (OPENSSL_VERSION_NUMBER < 0x1000209f || CRYPTOGRAPHY_IS_LIBRESSL) |
36 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \ |
37 |
- (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL) |
38 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \ |
39 |
- (OPENSSL_VERSION_NUMBER < 0x10100004 || CRYPTOGRAPHY_IS_LIBRESSL) |
40 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \ |
41 |
- (OPENSSL_VERSION_NUMBER < 0x10100005 || CRYPTOGRAPHY_IS_LIBRESSL) |
42 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \ |
43 |
- (OPENSSL_VERSION_NUMBER < 0x10100006 || CRYPTOGRAPHY_IS_LIBRESSL) |
44 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
45 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (LIBRESSL_VERSION_NUMBER < 0x20700000) |
46 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
47 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
48 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
49 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
50 |
+#else |
51 |
+#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10002000) |
52 |
+#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x100020cf) |
53 |
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10100000) |
54 |
+#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x1010006f) |
55 |
+ |
56 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (OPENSSL_VERSION_NUMBER < 0x10002000) |
57 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (OPENSSL_VERSION_NUMBER < 0x1000209f) |
58 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (OPENSSL_VERSION_NUMBER < 0x10100000) |
59 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (OPENSSL_VERSION_NUMBER < 0x10100004) |
60 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (OPENSSL_VERSION_NUMBER < 0x10100005) |
61 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (OPENSSL_VERSION_NUMBER < 0x10100006) |
62 |
+#endif |
63 |
""" |
64 |
|
65 |
TYPES = """ |
66 |
--- src/_cffi_src/openssl/ct.py.orig 2017-11-30 01:53:32 UTC |
67 |
+++ src/_cffi_src/openssl/ct.py |
68 |
@@ -5,7 +5,7 @@ |
69 |
from __future__ import absolute_import, division, print_function |
70 |
|
71 |
INCLUDES = """ |
72 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
73 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
74 |
#include <openssl/ct.h> |
75 |
|
76 |
typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT; |
77 |
@@ -55,7 +55,7 @@ void SCT_LIST_free(Cryptography_STACK_OF |
78 |
""" |
79 |
|
80 |
CUSTOMIZATIONS = """ |
81 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
82 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
83 |
static const long Cryptography_HAS_SCT = 1; |
84 |
#else |
85 |
static const long Cryptography_HAS_SCT = 0; |
86 |
--- src/_cffi_src/openssl/evp.py.orig 2017-11-30 01:53:32 UTC |
87 |
+++ src/_cffi_src/openssl/evp.py |
88 |
@@ -213,7 +213,8 @@ void Cryptography_EVP_MD_CTX_free(EVP_MD |
89 |
EVP_MD_CTX_free(ctx); |
90 |
#endif |
91 |
} |
92 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(OPENSSL_NO_SCRYPT) |
93 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(OPENSSL_NO_SCRYPT) || \ |
94 |
+ CRYPTOGRAPHY_IS_LIBRESSL |
95 |
static const long Cryptography_HAS_SCRYPT = 0; |
96 |
int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, |
97 |
uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, |
98 |
@@ -222,7 +223,7 @@ int (*EVP_PBE_scrypt)(const char *, size |
99 |
static const long Cryptography_HAS_SCRYPT = 1; |
100 |
#endif |
101 |
|
102 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
103 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
104 |
static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 1; |
105 |
#else |
106 |
static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0; |
107 |
--- src/_cffi_src/openssl/ssl.py.orig 2017-11-30 01:53:32 UTC |
108 |
+++ src/_cffi_src/openssl/ssl.py |
109 |
@@ -444,7 +444,7 @@ long DTLSv1_handle_timeout(SSL *); |
110 |
CUSTOMIZATIONS = """ |
111 |
/* Added in 1.0.2 but we need it in all versions now due to the great |
112 |
opaquing. */ |
113 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
114 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL |
115 |
/* from ssl/ssl_lib.c */ |
116 |
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) { |
117 |
return ctx->method; |
118 |
@@ -546,7 +546,7 @@ static const long Cryptography_HAS_ALPN |
119 |
#endif |
120 |
|
121 |
/* SSL_CTX_set_cert_cb was added in OpenSSL 1.0.2. */ |
122 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
123 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL |
124 |
void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; |
125 |
void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; |
126 |
static const long Cryptography_HAS_SET_CERT_CB = 0; |
127 |
@@ -578,7 +578,7 @@ static const long Cryptography_HAS_SSL_C |
128 |
|
129 |
/* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were |
130 |
removed */ |
131 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
132 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
133 |
static const long Cryptography_HAS_SSL_ST = 1; |
134 |
#else |
135 |
static const long Cryptography_HAS_SSL_ST = 0; |
136 |
@@ -587,7 +587,7 @@ static const long SSL_ST_OK = 0; |
137 |
static const long SSL_ST_INIT = 0; |
138 |
static const long SSL_ST_RENEGOTIATE = 0; |
139 |
#endif |
140 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
141 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
142 |
static const long Cryptography_HAS_TLS_ST = 1; |
143 |
#else |
144 |
static const long Cryptography_HAS_TLS_ST = 0; |
145 |
@@ -595,7 +595,8 @@ static const long TLS_ST_BEFORE = 0; |
146 |
static const long TLS_ST_OK = 0; |
147 |
#endif |
148 |
|
149 |
-#if defined(OPENSSL_NO_DTLS) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
150 |
+#if defined(OPENSSL_NO_DTLS) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || \ |
151 |
+ CRYPTOGRAPHY_IS_LIBRESSL |
152 |
static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0; |
153 |
const SSL_METHOD *(*DTLS_method)(void) = NULL; |
154 |
const SSL_METHOD *(*DTLS_server_method)(void) = NULL; |
155 |
--- src/_cffi_src/openssl/x509.py.orig 2017-11-30 01:53:32 UTC |
156 |
+++ src/_cffi_src/openssl/x509.py |
157 |
@@ -359,7 +359,7 @@ int X509_get_signature_nid(const X509 *x |
158 |
|
159 |
/* Added in 1.0.2 but we need it in all versions now due to the great |
160 |
opaquing. */ |
161 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
162 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL |
163 |
/* from x509/x_x509.c */ |
164 |
int i2d_re_X509_tbs(X509 *x, unsigned char **pp) |
165 |
{ |
166 |
@@ -401,15 +401,6 @@ void X509_REQ_get0_signature(const X509_ |
167 |
if (palg != NULL) |
168 |
*palg = req->sig_alg; |
169 |
} |
170 |
-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
171 |
-{ |
172 |
- req->req_info->enc.modified = 1; |
173 |
- return i2d_X509_REQ_INFO(req->req_info, pp); |
174 |
-} |
175 |
-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
176 |
- crl->crl->enc.modified = 1; |
177 |
- return i2d_X509_CRL_INFO(crl->crl, pp); |
178 |
-} |
179 |
|
180 |
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, |
181 |
const X509_ALGOR **palg) |
182 |
@@ -428,4 +419,17 @@ const ASN1_INTEGER *X509_REVOKED_get0_se |
183 |
return x->serialNumber; |
184 |
} |
185 |
#endif |
186 |
+ |
187 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
188 |
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
189 |
+ crl->crl->enc.modified = 1; |
190 |
+ return i2d_X509_CRL_INFO(crl->crl, pp); |
191 |
+} |
192 |
+ |
193 |
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
194 |
+{ |
195 |
+ req->req_info->enc.modified = 1; |
196 |
+ return i2d_X509_REQ_INFO(req->req_info, pp); |
197 |
+} |
198 |
+#endif |
199 |
""" |
200 |
--- src/_cffi_src/openssl/x509_vfy.py.orig 2017-11-30 01:53:32 UTC |
201 |
+++ src/_cffi_src/openssl/x509_vfy.py |
202 |
@@ -257,6 +257,20 @@ void (*X509_VERIFY_PARAM_set_hostflags)( |
203 |
unsigned int) = NULL; |
204 |
#endif |
205 |
|
206 |
+#if CRYPTOGRAPHY_OPENSSL_102_OR_GREATER && CRYPTOGRAPHY_IS_LIBRESSL |
207 |
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; |
208 |
+static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; |
209 |
+static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; |
210 |
+static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; |
211 |
+static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; |
212 |
+static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; |
213 |
+/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately |
214 |
+ below because it shows up in some earlier 3rd party OpenSSL packages. */ |
215 |
+static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; |
216 |
+static const long X509_V_FLAG_SUITEB_192_LOS = 0; |
217 |
+static const long X509_V_FLAG_SUITEB_128_LOS = 0; |
218 |
+#endif |
219 |
+ |
220 |
/* OpenSSL 1.0.2+ or Solaris's backport */ |
221 |
#ifdef X509_V_FLAG_PARTIAL_CHAIN |
222 |
static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1; |
223 |
@@ -297,7 +311,7 @@ X509 *X509_OBJECT_get0_X509(X509_OBJECT |
224 |
} |
225 |
#endif |
226 |
|
227 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
228 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
229 |
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0; |
230 |
typedef void *X509_STORE_CTX_get_issuer_fn; |
231 |
X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL; |