|
Line 0
Link Here
|
|
|
1 |
--- src/_cffi_src/openssl/crypto.py.orig 2017-11-30 01:53:32 UTC |
| 2 |
+++ src/_cffi_src/openssl/crypto.py |
| 3 |
@@ -92,7 +92,7 @@ CUSTOMIZATIONS = """ |
| 4 |
# define OPENSSL_PLATFORM SSLEAY_PLATFORM |
| 5 |
# define OPENSSL_DIR SSLEAY_DIR |
| 6 |
#endif |
| 7 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
| 8 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
| 9 |
static const long Cryptography_HAS_LOCKING_CALLBACKS = 1; |
| 10 |
#else |
| 11 |
static const long Cryptography_HAS_LOCKING_CALLBACKS = 0; |
| 12 |
--- src/_cffi_src/openssl/cryptography.py.orig 2017-11-30 01:53:32 UTC |
| 13 |
+++ src/_cffi_src/openssl/cryptography.py |
| 14 |
@@ -25,27 +25,31 @@ INCLUDES = """ |
| 15 |
#include <windows.h> |
| 16 |
#endif |
| 17 |
|
| 18 |
-#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ |
| 19 |
- (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL) |
| 20 |
-#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \ |
| 21 |
- (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL) |
| 22 |
-#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \ |
| 23 |
- (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL) |
| 24 |
-#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ |
| 25 |
- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) |
| 26 |
+#if CRYPTOGRAPHY_IS_LIBRESSL |
| 27 |
+#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
| 28 |
+#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
| 29 |
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
| 30 |
+#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (LIBRESSL_VERSION_NUMBER >= 0x20700000) |
| 31 |
|
| 32 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \ |
| 33 |
- (OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL) |
| 34 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \ |
| 35 |
- (OPENSSL_VERSION_NUMBER < 0x1000209f || CRYPTOGRAPHY_IS_LIBRESSL) |
| 36 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \ |
| 37 |
- (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL) |
| 38 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \ |
| 39 |
- (OPENSSL_VERSION_NUMBER < 0x10100004 || CRYPTOGRAPHY_IS_LIBRESSL) |
| 40 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \ |
| 41 |
- (OPENSSL_VERSION_NUMBER < 0x10100005 || CRYPTOGRAPHY_IS_LIBRESSL) |
| 42 |
-#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \ |
| 43 |
- (OPENSSL_VERSION_NUMBER < 0x10100006 || CRYPTOGRAPHY_IS_LIBRESSL) |
| 44 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
| 45 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (LIBRESSL_VERSION_NUMBER < 0x20700000) |
| 46 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
| 47 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
| 48 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
| 49 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (LIBRESSL_VERSION_NUMBER < 0x20700000) |
| 50 |
+#else |
| 51 |
+#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10002000) |
| 52 |
+#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x100020cf) |
| 53 |
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x10100000) |
| 54 |
+#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER (OPENSSL_VERSION_NUMBER >= 0x1010006f) |
| 55 |
+ |
| 56 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 (OPENSSL_VERSION_NUMBER < 0x10002000) |
| 57 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I (OPENSSL_VERSION_NUMBER < 0x1000209f) |
| 58 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 (OPENSSL_VERSION_NUMBER < 0x10100000) |
| 59 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 (OPENSSL_VERSION_NUMBER < 0x10100004) |
| 60 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 (OPENSSL_VERSION_NUMBER < 0x10100005) |
| 61 |
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 (OPENSSL_VERSION_NUMBER < 0x10100006) |
| 62 |
+#endif |
| 63 |
""" |
| 64 |
|
| 65 |
TYPES = """ |
| 66 |
--- src/_cffi_src/openssl/ct.py.orig 2017-11-30 01:53:32 UTC |
| 67 |
+++ src/_cffi_src/openssl/ct.py |
| 68 |
@@ -5,7 +5,7 @@ |
| 69 |
from __future__ import absolute_import, division, print_function |
| 70 |
|
| 71 |
INCLUDES = """ |
| 72 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
| 73 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
| 74 |
#include <openssl/ct.h> |
| 75 |
|
| 76 |
typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT; |
| 77 |
@@ -55,7 +55,7 @@ void SCT_LIST_free(Cryptography_STACK_OF |
| 78 |
""" |
| 79 |
|
| 80 |
CUSTOMIZATIONS = """ |
| 81 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
| 82 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
| 83 |
static const long Cryptography_HAS_SCT = 1; |
| 84 |
#else |
| 85 |
static const long Cryptography_HAS_SCT = 0; |
| 86 |
--- src/_cffi_src/openssl/evp.py.orig 2017-11-30 01:53:32 UTC |
| 87 |
+++ src/_cffi_src/openssl/evp.py |
| 88 |
@@ -213,7 +213,8 @@ void Cryptography_EVP_MD_CTX_free(EVP_MD |
| 89 |
EVP_MD_CTX_free(ctx); |
| 90 |
#endif |
| 91 |
} |
| 92 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(OPENSSL_NO_SCRYPT) |
| 93 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(OPENSSL_NO_SCRYPT) || \ |
| 94 |
+ CRYPTOGRAPHY_IS_LIBRESSL |
| 95 |
static const long Cryptography_HAS_SCRYPT = 0; |
| 96 |
int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, |
| 97 |
uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, |
| 98 |
@@ -222,7 +223,7 @@ int (*EVP_PBE_scrypt)(const char *, size |
| 99 |
static const long Cryptography_HAS_SCRYPT = 1; |
| 100 |
#endif |
| 101 |
|
| 102 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
| 103 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
| 104 |
static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 1; |
| 105 |
#else |
| 106 |
static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0; |
| 107 |
--- src/_cffi_src/openssl/ssl.py.orig 2017-11-30 01:53:32 UTC |
| 108 |
+++ src/_cffi_src/openssl/ssl.py |
| 109 |
@@ -444,7 +444,7 @@ long DTLSv1_handle_timeout(SSL *); |
| 110 |
CUSTOMIZATIONS = """ |
| 111 |
/* Added in 1.0.2 but we need it in all versions now due to the great |
| 112 |
opaquing. */ |
| 113 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
| 114 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL |
| 115 |
/* from ssl/ssl_lib.c */ |
| 116 |
const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) { |
| 117 |
return ctx->method; |
| 118 |
@@ -546,7 +546,7 @@ static const long Cryptography_HAS_ALPN |
| 119 |
#endif |
| 120 |
|
| 121 |
/* SSL_CTX_set_cert_cb was added in OpenSSL 1.0.2. */ |
| 122 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
| 123 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL |
| 124 |
void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; |
| 125 |
void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; |
| 126 |
static const long Cryptography_HAS_SET_CERT_CB = 0; |
| 127 |
@@ -578,7 +578,7 @@ static const long Cryptography_HAS_SSL_C |
| 128 |
|
| 129 |
/* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were |
| 130 |
removed */ |
| 131 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
| 132 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
| 133 |
static const long Cryptography_HAS_SSL_ST = 1; |
| 134 |
#else |
| 135 |
static const long Cryptography_HAS_SSL_ST = 0; |
| 136 |
@@ -587,7 +587,7 @@ static const long SSL_ST_OK = 0; |
| 137 |
static const long SSL_ST_INIT = 0; |
| 138 |
static const long SSL_ST_RENEGOTIATE = 0; |
| 139 |
#endif |
| 140 |
-#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER |
| 141 |
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL |
| 142 |
static const long Cryptography_HAS_TLS_ST = 1; |
| 143 |
#else |
| 144 |
static const long Cryptography_HAS_TLS_ST = 0; |
| 145 |
@@ -595,7 +595,8 @@ static const long TLS_ST_BEFORE = 0; |
| 146 |
static const long TLS_ST_OK = 0; |
| 147 |
#endif |
| 148 |
|
| 149 |
-#if defined(OPENSSL_NO_DTLS) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
| 150 |
+#if defined(OPENSSL_NO_DTLS) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || \ |
| 151 |
+ CRYPTOGRAPHY_IS_LIBRESSL |
| 152 |
static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0; |
| 153 |
const SSL_METHOD *(*DTLS_method)(void) = NULL; |
| 154 |
const SSL_METHOD *(*DTLS_server_method)(void) = NULL; |
| 155 |
--- src/_cffi_src/openssl/x509.py.orig 2017-11-30 01:53:32 UTC |
| 156 |
+++ src/_cffi_src/openssl/x509.py |
| 157 |
@@ -359,7 +359,7 @@ int X509_get_signature_nid(const X509 *x |
| 158 |
|
| 159 |
/* Added in 1.0.2 but we need it in all versions now due to the great |
| 160 |
opaquing. */ |
| 161 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
| 162 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL |
| 163 |
/* from x509/x_x509.c */ |
| 164 |
int i2d_re_X509_tbs(X509 *x, unsigned char **pp) |
| 165 |
{ |
| 166 |
@@ -401,15 +401,6 @@ void X509_REQ_get0_signature(const X509_ |
| 167 |
if (palg != NULL) |
| 168 |
*palg = req->sig_alg; |
| 169 |
} |
| 170 |
-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
| 171 |
-{ |
| 172 |
- req->req_info->enc.modified = 1; |
| 173 |
- return i2d_X509_REQ_INFO(req->req_info, pp); |
| 174 |
-} |
| 175 |
-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
| 176 |
- crl->crl->enc.modified = 1; |
| 177 |
- return i2d_X509_CRL_INFO(crl->crl, pp); |
| 178 |
-} |
| 179 |
|
| 180 |
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, |
| 181 |
const X509_ALGOR **palg) |
| 182 |
@@ -428,4 +419,17 @@ const ASN1_INTEGER *X509_REVOKED_get0_se |
| 183 |
return x->serialNumber; |
| 184 |
} |
| 185 |
#endif |
| 186 |
+ |
| 187 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
| 188 |
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
| 189 |
+ crl->crl->enc.modified = 1; |
| 190 |
+ return i2d_X509_CRL_INFO(crl->crl, pp); |
| 191 |
+} |
| 192 |
+ |
| 193 |
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
| 194 |
+{ |
| 195 |
+ req->req_info->enc.modified = 1; |
| 196 |
+ return i2d_X509_REQ_INFO(req->req_info, pp); |
| 197 |
+} |
| 198 |
+#endif |
| 199 |
""" |
| 200 |
--- src/_cffi_src/openssl/x509_vfy.py.orig 2017-11-30 01:53:32 UTC |
| 201 |
+++ src/_cffi_src/openssl/x509_vfy.py |
| 202 |
@@ -257,6 +257,20 @@ void (*X509_VERIFY_PARAM_set_hostflags)( |
| 203 |
unsigned int) = NULL; |
| 204 |
#endif |
| 205 |
|
| 206 |
+#if CRYPTOGRAPHY_OPENSSL_102_OR_GREATER && CRYPTOGRAPHY_IS_LIBRESSL |
| 207 |
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; |
| 208 |
+static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; |
| 209 |
+static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; |
| 210 |
+static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; |
| 211 |
+static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; |
| 212 |
+static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; |
| 213 |
+/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately |
| 214 |
+ below because it shows up in some earlier 3rd party OpenSSL packages. */ |
| 215 |
+static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; |
| 216 |
+static const long X509_V_FLAG_SUITEB_192_LOS = 0; |
| 217 |
+static const long X509_V_FLAG_SUITEB_128_LOS = 0; |
| 218 |
+#endif |
| 219 |
+ |
| 220 |
/* OpenSSL 1.0.2+ or Solaris's backport */ |
| 221 |
#ifdef X509_V_FLAG_PARTIAL_CHAIN |
| 222 |
static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1; |
| 223 |
@@ -297,7 +311,7 @@ X509 *X509_OBJECT_get0_X509(X509_OBJECT |
| 224 |
} |
| 225 |
#endif |
| 226 |
|
| 227 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
| 228 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL |
| 229 |
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0; |
| 230 |
typedef void *X509_STORE_CTX_get_issuer_fn; |
| 231 |
X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL; |