Changeset View
Changeset View
Standalone View
Standalone View
security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
- This file was added.
From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001 | |||||
From: Charlie Li <vishwin@users.noreply.github.com> | |||||
Date: Sun, 3 Oct 2021 00:20:31 -0400 | |||||
Subject: [PATCH] Support LibreSSL 3.4.0 (#6360) | |||||
* Add LibreSSL 3.4.0 to CI | |||||
* Add a LibreSSL 3.4.0 guard | |||||
Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0. | |||||
* DTLS_get_data_mtu does not exist in LibreSSL | |||||
* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+ | |||||
* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL | |||||
* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL | |||||
While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended. | |||||
--- | |||||
.github/workflows/ci.yml | 6 ++++-- | |||||
src/_cffi_src/openssl/cryptography.py | 3 +++ | |||||
src/_cffi_src/openssl/evp.py | 15 ++++++++++----- | |||||
src/_cffi_src/openssl/ssl.py | 3 ++- | |||||
4 files changed, 19 insertions(+), 8 deletions(-) | |||||
diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py | |||||
index 878d22d8..821ddc9f 100644 | |||||
--- src/_cffi_src/openssl/cryptography.py | |||||
+++ src/_cffi_src/openssl/cryptography.py | |||||
@@ -36,8 +36,11 @@ INCLUDES = """ | |||||
#if CRYPTOGRAPHY_IS_LIBRESSL | |||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \ | |||||
(LIBRESSL_VERSION_NUMBER < 0x3030200f) | |||||
+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \ | |||||
+ (LIBRESSL_VERSION_NUMBER < 0x3040000f) | |||||
#else | |||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0) | |||||
+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0) | |||||
#endif | |||||
#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ | |||||
diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py | |||||
index ab7cfeb3..cad3339a 100644 | |||||
--- src/_cffi_src/openssl/evp.py | |||||
+++ src/_cffi_src/openssl/evp.py | |||||
@@ -203,15 +203,21 @@ int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, | |||||
size_t) = NULL; | |||||
#endif | |||||
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 | |||||
+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ | |||||
+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) | |||||
static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0; | |||||
-static const long Cryptography_HAS_RAW_KEY = 0; | |||||
-static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; | |||||
-int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; | |||||
int (*EVP_DigestSign)(EVP_MD_CTX *, unsigned char *, size_t *, | |||||
const unsigned char *tbs, size_t) = NULL; | |||||
int (*EVP_DigestVerify)(EVP_MD_CTX *, const unsigned char *, size_t, | |||||
const unsigned char *, size_t) = NULL; | |||||
+#else | |||||
+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; | |||||
+#endif | |||||
+ | |||||
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 | |||||
+static const long Cryptography_HAS_RAW_KEY = 0; | |||||
+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0; | |||||
+int (*EVP_DigestFinalXOF)(EVP_MD_CTX *, unsigned char *, size_t) = NULL; | |||||
EVP_PKEY *(*EVP_PKEY_new_raw_private_key)(int, ENGINE *, const unsigned char *, | |||||
size_t) = NULL; | |||||
EVP_PKEY *(*EVP_PKEY_new_raw_public_key)(int, ENGINE *, const unsigned char *, | |||||
@@ -221,7 +227,6 @@ int (*EVP_PKEY_get_raw_private_key)(const EVP_PKEY *, unsigned char *, | |||||
int (*EVP_PKEY_get_raw_public_key)(const EVP_PKEY *, unsigned char *, | |||||
size_t *) = NULL; | |||||
#else | |||||
-static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1; | |||||
static const long Cryptography_HAS_RAW_KEY = 1; | |||||
static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1; | |||||
#endif | |||||
diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py | |||||
index ca275e91..0830a463 100644 | |||||
--- src/_cffi_src/openssl/ssl.py | |||||
+++ src/_cffi_src/openssl/ssl.py | |||||
@@ -678,7 +678,8 @@ int (*SSL_set_tlsext_use_srtp)(SSL *, const char *) = NULL; | |||||
SRTP_PROTECTION_PROFILE * (*SSL_get_selected_srtp_profile)(SSL *) = NULL; | |||||
#endif | |||||
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 | |||||
+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 || \ | |||||
+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL) | |||||
static const long Cryptography_HAS_TLSv1_3 = 0; | |||||
static const long SSL_OP_NO_TLSv1_3 = 0; | |||||
static const long SSL_VERIFY_POST_HANDSHAKE = 0; | |||||
-- | |||||
2.32.0 | |||||