Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:saltstack:bundle:next:python311:AlmaLinux9
saltbundlepy-cryptography
fix-build-with-old-ssl.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-build-with-old-ssl.patch of Package saltbundlepy-cryptography
--- a/src/_cffi_src/openssl/bio.py +++ b/src/_cffi_src/openssl/bio.py @@ -41,4 +41,7 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +int (*BIO_up_ref)(BIO *) = NULL; +#endif """ --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -36,6 +36,8 @@ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \ (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL) +#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \ + (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \ @@ -44,6 +46,10 @@ (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \ (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL) + +#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \ + (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL) + #if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \ !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING) #define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1 --- a/src/_cffi_src/openssl/crypto.py +++ b/src/_cffi_src/openssl/crypto.py @@ -51,6 +51,10 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +void (*OPENSSL_cleanup)(void) = NULL; +#endif + /* In 1.1.0 SSLeay has finally been retired. We bidirectionally define the values so you can use either one. This is so we can use the new function names no matter what OpenSSL we're running on, but users on older pyOpenSSL --- a/src/_cffi_src/openssl/dh.py +++ b/src/_cffi_src/openssl/dh.py @@ -38,6 +38,15 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +/* added in 1.1.0 when the DH struct was opaqued */ +void (*DH_get0_pqg)(const DH *, const BIGNUM **, const BIGNUM **, + const BIGNUM **) = NULL; +int (*DH_set0_pqg)(DH *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL; +void (*DH_get0_key)(const DH *, const BIGNUM **, const BIGNUM **) = NULL; +int (*DH_set0_key)(DH *, BIGNUM *, BIGNUM *) = NULL; +#endif + #if CRYPTOGRAPHY_IS_LIBRESSL #ifndef DH_CHECK_Q_NOT_PRIME #define DH_CHECK_Q_NOT_PRIME 0x10 --- a/src/_cffi_src/openssl/dsa.py +++ b/src/_cffi_src/openssl/dsa.py @@ -34,4 +34,11 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +void (*DSA_get0_pqg)(const DSA *, const BIGNUM **, const BIGNUM **, + const BIGNUM **) = NULL; +int (*DSA_set0_pqg)(DSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL; +void (*DSA_get0_key)(const DSA *, const BIGNUM **, const BIGNUM **); +int (*DSA_set0_key)(DSA *, BIGNUM *, BIGNUM *) = NULL; +#endif """ --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py @@ -134,6 +134,7 @@ const unsigned char *, size_t); int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, const unsigned char *, size_t); + /* Added in 1.1.0 */ size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *, unsigned char **); int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *, const unsigned char *, @@ -179,12 +180,32 @@ return EVP_PKEY_id(key); } EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) { +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + return EVP_MD_CTX_create(); +#else return EVP_MD_CTX_new(); +#endif } + void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *md) { +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + EVP_MD_CTX_destroy(md); +#else EVP_MD_CTX_free(md); +#endif } +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +#define EVP_MD_CTX_new EVP_MD_CTX_create +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, + uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, + size_t) = NULL; +size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL; +int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *, + size_t) = NULL; +#endif + #if CRYPTOGRAPHY_IS_LIBRESSL || defined(OPENSSL_NO_SCRYPT) static const long Cryptography_HAS_SCRYPT = 0; int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, --- a/src/_cffi_src/openssl/hmac.py +++ b/src/_cffi_src/openssl/hmac.py @@ -23,4 +23,8 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +HMAC_CTX *(*HMAC_CTX_new)(void) = NULL; +void (*HMAC_CTX_free)(HMAC_CTX *ctx) = NULL; +#endif """ --- a/src/_cffi_src/openssl/nid.py +++ b/src/_cffi_src/openssl/nid.py @@ -31,12 +31,24 @@ """ CUSTOMIZATIONS = """ +#ifndef NID_X25519 +static const long Cryptography_HAS_X25519 = 0; +static const int NID_X25519 = 0; +#else +static const long Cryptography_HAS_X25519 = 1; +#endif #ifndef NID_ED25519 static const long Cryptography_HAS_ED25519 = 0; static const int NID_ED25519 = 0; #else static const long Cryptography_HAS_ED25519 = 1; #endif +#ifndef NID_X448 +static const long Cryptography_HAS_X448 = 0; +static const int NID_X448 = 0; +#else +static const long Cryptography_HAS_X448 = 1; +#endif #ifndef NID_ED448 static const long Cryptography_HAS_ED448 = 0; static const int NID_ED448 = 0; --- a/src/_cffi_src/openssl/ocsp.py +++ b/src/_cffi_src/openssl/ocsp.py @@ -78,7 +78,7 @@ CUSTOMIZATIONS = """ #if ( \ - !CRYPTOGRAPHY_IS_LIBRESSL && \ + CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && \ CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \ ) /* These structs come from ocsp_lcl.h and are needed to de-opaque the struct @@ -105,7 +105,7 @@ }; #endif -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 /* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */ const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) { @@ -147,7 +147,7 @@ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) { -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 return bs->signatureAlgorithm; #else return &bs->signatureAlgorithm; @@ -156,7 +156,7 @@ const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) { -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 return bs->tbsResponseData; #else return &bs->tbsResponseData; --- a/src/_cffi_src/openssl/rsa.py +++ b/src/_cffi_src/openssl/rsa.py @@ -58,4 +58,27 @@ int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *, int) = NULL; #endif +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +int (*RSA_set0_key)(RSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL; +int (*RSA_set0_factors)(RSA *, BIGNUM *, BIGNUM *) = NULL; +int (*RSA_set0_crt_params)(RSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL; +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, + const BIGNUM **d) { + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} +void (*RSA_get0_factors)(const RSA *, const BIGNUM **, const BIGNUM **) = NULL; +void (*RSA_get0_crt_params)(const RSA *, const BIGNUM **, const BIGNUM **, + const BIGNUM **) = NULL; +int (*EVP_PKEY_CTX_set_rsa_padding)(EVP_PKEY_CTX *, int) = NULL; +int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL; +int (*EVP_PKEY_CTX_set_rsa_mgf1_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL; +int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *, int) = NULL; + +//int (*EVP_PKEY_CTX_set_rsa_oaep_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL; +#endif """ --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -510,7 +510,7 @@ // users have upgraded. PersistentlyDeprecated2020 static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 static const long Cryptography_HAS_VERIFIED_CHAIN = 0; Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; #else @@ -563,7 +563,7 @@ /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were removed */ -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 static const long Cryptography_HAS_SSL_ST = 1; #else static const long Cryptography_HAS_SSL_ST = 0; @@ -572,7 +572,7 @@ static const long SSL_ST_INIT = 0; static const long SSL_ST_RENEGOTIATE = 0; #endif -#if !CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER static const long Cryptography_HAS_TLS_ST = 1; #else static const long Cryptography_HAS_TLS_ST = 0; @@ -702,4 +702,28 @@ #else static const long Cryptography_HAS_GET_PROTO_VERSION = 1; #endif +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +const SSL_METHOD *(*TLS_method)(void) = NULL; +const SSL_METHOD *(*TLS_server_method)(void) = NULL; +const SSL_METHOD *(*TLS_client_method)(void) = NULL; + +int (*SSL_CIPHER_is_aead)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_cipher_nid)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_digest_nid)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_kx_nid)(const SSL_CIPHER *) = NULL; +int (*SSL_CIPHER_get_auth_nid)(const SSL_CIPHER *) = NULL; + +long (*SSL_CTX_set_min_proto_version)(SSL_CTX *, int) = NULL; +long (*SSL_CTX_set_max_proto_version)(SSL_CTX *, int) = NULL; +long (*SSL_set_min_proto_version)(SSL *, int) = NULL; +long (*SSL_set_max_proto_version)(SSL *, int) = NULL; + +int (*SSL_SESSION_has_ticket)(const SSL_SESSION *) = NULL; +long (*SSL_SESSION_get_ticket_lifetime_hint)(const SSL_SESSION *) = NULL; + +size_t (*SSL_SESSION_get_master_key)(const SSL_SESSION *, unsigned char *, + size_t) = NULL; +size_t (*SSL_get_client_random)(const SSL *, unsigned char *, size_t) = NULL; +size_t (*SSL_get_server_random)(const SSL *, unsigned char *, size_t) = NULL; +#endif """ --- a/src/_cffi_src/openssl/x509name.py +++ b/src/_cffi_src/openssl/x509name.py @@ -75,4 +75,9 @@ """ CUSTOMIZATIONS = """ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) { + return ne->set; +} +#endif """ --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -288,7 +288,7 @@ } /* Added in 1.1.0 but we need it in all versions now due to the great opaquing. */ -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) { req->req_info->enc.modified = 1; @@ -298,5 +298,45 @@ crl->crl->enc.modified = 1; return i2d_X509_CRL_INFO(crl->crl, pp); } + +int X509_up_ref(X509 *x) { + return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); +} + +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) +{ + return x->cert_info->signature; +} + +/* from x509/x509_req.c */ +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) +{ + if (psig != NULL) + *psig = req->signature; + if (palg != NULL) + *palg = req->sig_alg; +} +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) +{ + if (psig != NULL) + *psig = crl->signature; + if (palg != NULL) + *palg = crl->sig_alg; +} +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) +{ + return x->revocationDate; +} +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +{ + return x->serialNumber; +} + +#define X509_set1_notBefore X509_set_notBefore +#define X509_set1_notAfter X509_set_notAfter +#define X509_getm_notAfter X509_get_notAfter +#define X509_getm_notBefore X509_get_notBefore #endif """ --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -234,7 +234,7 @@ static const long X509_V_FLAG_SUITEB_128_LOS = 0; #endif -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 0; #ifndef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0; @@ -243,7 +243,30 @@ static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1; #endif -#if CRYPTOGRAPHY_IS_LIBRESSL +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) { + return ctx->objs; +} +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) { + return store->param; +} +int X509_OBJECT_get_type(const X509_OBJECT *x) { + return x->type; +} + +/* from x509/x509_vfy.c */ +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) +{ + return ctx->cert; +} + +X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) { + return x->data.x509; +} +#endif + + +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0; typedef void *X509_STORE_CTX_get_issuer_fn; X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor