|
Line 0
Link Here
|
|
|
1 |
From 611fa5a0458a36bb8b13b3e251a5cd359fa34296 Mon Sep 17 00:00:00 2001 |
| 2 |
From: Paul Kehrer <paul.l.kehrer@gmail.com> |
| 3 |
Date: Thu, 31 May 2018 11:39:12 +0800 |
| 4 |
Subject: [PATCH] LibreSSL 2.7.x support (#4270) |
| 5 |
|
| 6 |
* libre 2.7.3 compatibility |
| 7 |
|
| 8 |
* add a changelog |
| 9 |
|
| 10 |
* actually build against 2.7.3 |
| 11 |
--- CHANGELOG.rst.orig 2018-03-27 16:42:49 UTC |
| 12 |
+++ CHANGELOG.rst |
| 13 |
@@ -1,7 +1,8 @@ |
| 14 |
Changelog |
| 15 |
========= |
| 16 |
|
| 17 |
-.. _v2-2-2: |
| 18 |
+* Fixed multiple issues preventing ``cryptography`` from compiling against |
| 19 |
+ LibreSSL 2.7.x. |
| 20 |
|
| 21 |
2.2.2 - 2018-03-27 |
| 22 |
~~~~~~~~~~~~~~~~~~ |
| 23 |
--- src/_cffi_src/openssl/bio.py.orig 2018-03-27 14:12:05 UTC |
| 24 |
+++ src/_cffi_src/openssl/bio.py |
| 25 |
@@ -144,7 +144,7 @@ void BIO_clear_retry_flags(BIO *); |
| 26 |
""" |
| 27 |
|
| 28 |
CUSTOMIZATIONS = """ |
| 29 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 |
| 30 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 31 |
int BIO_up_ref(BIO *b) { |
| 32 |
CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); |
| 33 |
return 1; |
| 34 |
--- src/_cffi_src/openssl/cryptography.py.orig 2018-03-27 14:12:05 UTC |
| 35 |
+++ src/_cffi_src/openssl/cryptography.py |
| 36 |
@@ -25,6 +25,9 @@ INCLUDES = """ |
| 37 |
#include <windows.h> |
| 38 |
#endif |
| 39 |
|
| 40 |
+#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER \ |
| 41 |
+ (CRYPTOGRAPHY_IS_LIBRESSL && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) |
| 42 |
+ |
| 43 |
#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ |
| 44 |
(OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL) |
| 45 |
#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \ |
| 46 |
--- src/_cffi_src/openssl/dh.py.orig 2018-03-27 14:12:05 UTC |
| 47 |
+++ src/_cffi_src/openssl/dh.py |
| 48 |
@@ -46,7 +46,7 @@ int Cryptography_i2d_DHxparams_bio(BIO * |
| 49 |
|
| 50 |
CUSTOMIZATIONS = """ |
| 51 |
/* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ |
| 52 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
| 53 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 54 |
void DH_get0_pqg(const DH *dh, |
| 55 |
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
| 56 |
{ |
| 57 |
--- src/_cffi_src/openssl/dsa.py.orig 2018-03-27 14:12:05 UTC |
| 58 |
+++ src/_cffi_src/openssl/dsa.py |
| 59 |
@@ -35,7 +35,7 @@ int DSA_generate_parameters_ex(DSA *, in |
| 60 |
|
| 61 |
CUSTOMIZATIONS = """ |
| 62 |
/* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ |
| 63 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
| 64 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 65 |
void DSA_get0_pqg(const DSA *d, |
| 66 |
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
| 67 |
{ |
| 68 |
--- src/_cffi_src/openssl/rsa.py.orig 2018-03-27 14:12:05 UTC |
| 69 |
+++ src/_cffi_src/openssl/rsa.py |
| 70 |
@@ -87,7 +87,7 @@ int (*EVP_PKEY_CTX_set0_rsa_oaep_label)( |
| 71 |
#endif |
| 72 |
|
| 73 |
/* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ |
| 74 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
| 75 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 76 |
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) |
| 77 |
{ |
| 78 |
/* If the fields n and e in r are NULL, the corresponding input |
| 79 |
--- src/_cffi_src/openssl/ssl.py.orig 2018-03-27 14:12:05 UTC |
| 80 |
+++ src/_cffi_src/openssl/ssl.py |
| 81 |
@@ -502,7 +502,7 @@ const SSL_METHOD *SSL_CTX_get_ssl_method |
| 82 |
|
| 83 |
/* Added in 1.1.0 in the great opaquing, but we need to define it for older |
| 84 |
OpenSSLs. Such is our burden. */ |
| 85 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
| 86 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 87 |
/* from ssl/ssl_lib.c */ |
| 88 |
size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) |
| 89 |
{ |
| 90 |
--- src/_cffi_src/openssl/x509.py.orig 2018-03-27 14:12:05 UTC |
| 91 |
+++ src/_cffi_src/openssl/x509.py |
| 92 |
@@ -340,7 +340,7 @@ void X509_REQ_get0_signature(const X509_ |
| 93 |
CUSTOMIZATIONS = """ |
| 94 |
/* Added in 1.0.2 beta but we need it in all versions now due to the great |
| 95 |
opaquing. */ |
| 96 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 |
| 97 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 98 |
/* from x509/x_x509.c version 1.0.2 */ |
| 99 |
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, |
| 100 |
const X509 *x) |
| 101 |
@@ -387,7 +387,17 @@ X509_REVOKED *Cryptography_X509_REVOKED_ |
| 102 |
/* Added in 1.1.0 but we need it in all versions now due to the great |
| 103 |
opaquing. */ |
| 104 |
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 |
| 105 |
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
| 106 |
+{ |
| 107 |
+ req->req_info->enc.modified = 1; |
| 108 |
+ return i2d_X509_REQ_INFO(req->req_info, pp); |
| 109 |
+} |
| 110 |
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
| 111 |
+ crl->crl->enc.modified = 1; |
| 112 |
+ return i2d_X509_CRL_INFO(crl->crl, pp); |
| 113 |
+} |
| 114 |
|
| 115 |
+#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 116 |
int X509_up_ref(X509 *x) { |
| 117 |
return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 118 |
} |
| 119 |
@@ -406,16 +416,6 @@ void X509_REQ_get0_signature(const X509_ |
| 120 |
if (palg != NULL) |
| 121 |
*palg = req->sig_alg; |
| 122 |
} |
| 123 |
-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) |
| 124 |
-{ |
| 125 |
- req->req_info->enc.modified = 1; |
| 126 |
- return i2d_X509_REQ_INFO(req->req_info, pp); |
| 127 |
-} |
| 128 |
-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { |
| 129 |
- crl->crl->enc.modified = 1; |
| 130 |
- return i2d_X509_CRL_INFO(crl->crl, pp); |
| 131 |
-} |
| 132 |
- |
| 133 |
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, |
| 134 |
const X509_ALGOR **palg) |
| 135 |
{ |
| 136 |
@@ -433,4 +433,5 @@ const ASN1_INTEGER *X509_REVOKED_get0_se |
| 137 |
return x->serialNumber; |
| 138 |
} |
| 139 |
#endif |
| 140 |
+#endif |
| 141 |
""" |
| 142 |
--- src/_cffi_src/openssl/x509_vfy.py.orig 2018-03-27 14:12:05 UTC |
| 143 |
+++ src/_cffi_src/openssl/x509_vfy.py |
| 144 |
@@ -246,6 +246,7 @@ static const long X509_V_FLAG_SUITEB_128 |
| 145 |
static const long X509_V_FLAG_SUITEB_192_LOS = 0; |
| 146 |
static const long X509_V_FLAG_SUITEB_128_LOS = 0; |
| 147 |
|
| 148 |
+#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 149 |
int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *, |
| 150 |
size_t) = NULL; |
| 151 |
int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *, |
| 152 |
@@ -256,6 +257,7 @@ int (*X509_VERIFY_PARAM_set1_ip_asc)(X50 |
| 153 |
void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, |
| 154 |
unsigned int) = NULL; |
| 155 |
#endif |
| 156 |
+#endif |
| 157 |
|
| 158 |
/* OpenSSL 1.0.2+ or Solaris's backport */ |
| 159 |
#ifdef X509_V_FLAG_PARTIAL_CHAIN |
| 160 |
@@ -273,7 +275,7 @@ static const long Cryptography_HAS_X509_ |
| 161 |
static const long X509_V_FLAG_TRUSTED_FIRST = 0; |
| 162 |
#endif |
| 163 |
|
| 164 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 |
| 165 |
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |
| 166 |
Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) { |
| 167 |
return ctx->objs; |
| 168 |
} |
| 169 |
@@ -283,9 +285,7 @@ X509_VERIFY_PARAM *X509_STORE_get0_param |
| 170 |
int X509_OBJECT_get_type(const X509_OBJECT *x) { |
| 171 |
return x->type; |
| 172 |
} |
| 173 |
-#endif |
| 174 |
|
| 175 |
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 |
| 176 |
/* from x509/x509_vfy.c */ |
| 177 |
X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) |
| 178 |
{ |