Line 0
Link Here
|
|
|
1 |
From 611fa5a0458a36bb8b13b3e251a5cd359fa34296 Mon Sep 17 00:00:00 2001 |
2 |
From: Paul Kehrer <paul.l.kehrer@gmail.com> |
3 |
Date: Thu, 31 May 2018 11:39:12 +0800 |
4 |
Subject: [PATCH] LibreSSL 2.7.x support (#4270) |
5 |
|
6 |
* libre 2.7.3 compatibility |
7 |
|
8 |
* add a changelog |
9 |
|
10 |
* actually build against 2.7.3 |
11 |
--- CHANGELOG.rst.orig 2018-03-27 16:42:49 UTC |
12 |
+++ CHANGELOG.rst |
13 |
@@ -1,7 +1,8 @@ |
14 |
Changelog |
15 |
========= |
16 |
|
17 |
-.. _v2-2-2: |
18 |
+* Fixed multiple issues preventing ``cryptography`` from compiling against |
19 |
+ LibreSSL 2.7.x. |
20 |
|
21 |
2.2.2 - 2018-03-27 |
22 |
~~~~~~~~~~~~~~~~~~ |
23 |
--- src/_cffi_src/openssl/bio.py.orig 2018-03-27 14:12:05 UTC |
24 |
+++ src/_cffi_src/openssl/bio.py |
25 |
@@ -144,7 +144,7 @@ void BIO_clear_retry_flags(BIO *); |
26 |
""" |
27 |
|
28 |
CUSTOMIZATIONS = """ |
29 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 |
30 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
31 |
int BIO_up_ref(BIO *b) { |
32 |
CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); |
33 |
return 1; |
34 |
--- src/_cffi_src/openssl/cryptography.py.orig 2018-03-27 14:12:05 UTC |
35 |
+++ src/_cffi_src/openssl/cryptography.py |
36 |
@@ -25,6 +25,9 @@ INCLUDES = """ |
37 |
#include <windows.h> |
38 |
#endif |
39 |
|
40 |
+#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER \ |
41 |
+ (CRYPTOGRAPHY_IS_LIBRESSL && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) |
42 |
+ |
43 |
#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ |
44 |
(OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL) |
45 |
#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \ |
46 |
--- src/_cffi_src/openssl/dh.py.orig 2018-03-27 14:12:05 UTC |
47 |
+++ src/_cffi_src/openssl/dh.py |
48 |
@@ -46,7 +46,7 @@ int Cryptography_i2d_DHxparams_bio(BIO * |
49 |
|
50 |
CUSTOMIZATIONS = """ |
51 |
/* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ |
52 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
53 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
54 |
void DH_get0_pqg(const DH *dh, |
55 |
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
56 |
{ |
57 |
--- src/_cffi_src/openssl/dsa.py.orig 2018-03-27 14:12:05 UTC |
58 |
+++ src/_cffi_src/openssl/dsa.py |
59 |
@@ -35,7 +35,7 @@ int DSA_generate_parameters_ex(DSA *, in |
60 |
|
61 |
CUSTOMIZATIONS = """ |
62 |
/* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ |
63 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
64 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
65 |
void DSA_get0_pqg(const DSA *d, |
66 |
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
67 |
{ |
68 |
--- src/_cffi_src/openssl/rsa.py.orig 2018-03-27 14:12:05 UTC |
69 |
+++ src/_cffi_src/openssl/rsa.py |
70 |
@@ -87,7 +87,7 @@ int (*EVP_PKEY_CTX_set0_rsa_oaep_label)( |
71 |
#endif |
72 |
|
73 |
/* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ |
74 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
75 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
76 |
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) |
77 |
{ |
78 |
/* If the fields n and e in r are NULL, the corresponding input |
79 |
--- src/_cffi_src/openssl/ssl.py.orig 2018-03-27 14:12:05 UTC |
80 |
+++ src/_cffi_src/openssl/ssl.py |
81 |
@@ -502,7 +502,7 @@ const SSL_METHOD *SSL_CTX_get_ssl_method |
82 |
|
83 |
/* Added in 1.1.0 in the great opaquing, but we need to define it for older |
84 |
OpenSSLs. Such is our burden. */ |
85 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
86 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
87 |
/* from ssl/ssl_lib.c */ |
88 |
size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) |
89 |
{ |
90 |
--- src/_cffi_src/openssl/x509.py.orig 2018-03-27 14:12:05 UTC |
91 |
+++ src/_cffi_src/openssl/x509.py |
92 |
@@ -340,7 +340,7 @@ void X509_REQ_get0_signature(const X509_ |
93 |
CUSTOMIZATIONS = """ |
94 |
/* Added in 1.0.2 beta but we need it in all versions now due to the great |
95 |
opaquing. */ |
96 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
97 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
98 |
/* from x509/x_x509.c version 1.0.2 */ |
99 |
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, |
100 |
const X509 *x) |
101 |
@@ -387,7 +387,17 @@ X509_REVOKED *Cryptography_X509_REVOKED_ |
102 |
/* Added in 1.1.0 but we need it in all versions now due to the great |
103 |
opaquing. */ |
104 |
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
105 |
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
106 |
+{ |
107 |
+ req->req_info->enc.modified = 1; |
108 |
+ return i2d_X509_REQ_INFO(req->req_info, pp); |
109 |
+} |
110 |
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
111 |
+ crl->crl->enc.modified = 1; |
112 |
+ return i2d_X509_CRL_INFO(crl->crl, pp); |
113 |
+} |
114 |
|
115 |
+#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
116 |
int X509_up_ref(X509 *x) { |
117 |
return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
118 |
} |
119 |
@@ -406,16 +416,6 @@ void X509_REQ_get0_signature(const X509_ |
120 |
if (palg != NULL) |
121 |
*palg = req->sig_alg; |
122 |
} |
123 |
-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
124 |
-{ |
125 |
- req->req_info->enc.modified = 1; |
126 |
- return i2d_X509_REQ_INFO(req->req_info, pp); |
127 |
-} |
128 |
-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
129 |
- crl->crl->enc.modified = 1; |
130 |
- return i2d_X509_CRL_INFO(crl->crl, pp); |
131 |
-} |
132 |
- |
133 |
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, |
134 |
const X509_ALGOR **palg) |
135 |
{ |
136 |
@@ -433,4 +433,5 @@ const ASN1_INTEGER *X509_REVOKED_get0_se |
137 |
return x->serialNumber; |
138 |
} |
139 |
#endif |
140 |
+#endif |
141 |
""" |
142 |
--- src/_cffi_src/openssl/x509_vfy.py.orig 2018-03-27 14:12:05 UTC |
143 |
+++ src/_cffi_src/openssl/x509_vfy.py |
144 |
@@ -246,6 +246,7 @@ static const long X509_V_FLAG_SUITEB_128 |
145 |
static const long X509_V_FLAG_SUITEB_192_LOS = 0; |
146 |
static const long X509_V_FLAG_SUITEB_128_LOS = 0; |
147 |
|
148 |
+#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
149 |
int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *, |
150 |
size_t) = NULL; |
151 |
int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *, |
152 |
@@ -256,6 +257,7 @@ int (*X509_VERIFY_PARAM_set1_ip_asc)(X50 |
153 |
void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, |
154 |
unsigned int) = NULL; |
155 |
#endif |
156 |
+#endif |
157 |
|
158 |
/* OpenSSL 1.0.2+ or Solaris's backport */ |
159 |
#ifdef X509_V_FLAG_PARTIAL_CHAIN |
160 |
@@ -273,7 +275,7 @@ static const long Cryptography_HAS_X509_ |
161 |
static const long X509_V_FLAG_TRUSTED_FIRST = 0; |
162 |
#endif |
163 |
|
164 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 |
165 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
166 |
Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) { |
167 |
return ctx->objs; |
168 |
} |
169 |
@@ -283,9 +285,7 @@ X509_VERIFY_PARAM *X509_STORE_get0_param |
170 |
int X509_OBJECT_get_type(const X509_OBJECT *x) { |
171 |
return x->type; |
172 |
} |
173 |
-#endif |
174 |
|
175 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
176 |
/* from x509/x509_vfy.c */ |
177 |
X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) |
178 |
{ |