Skip to content

Test libre #4211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

Test libre #4211

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5768b3b
Fix build with LibreSSL 2.7
Sp1l Apr 29, 2018
2c44d40
Fix pep8 issues
Sp1l Apr 30, 2018
7b3a56c
Merge 2c44d40b3870c93e38ae1e9df7944d4251f67e5a into ca2055f9822def12e…
Sp1l Apr 30, 2018
207c908
add jenkins test
reaperhulk Apr 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions Jenkinsfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,11 @@ def configs = [
imageName: 'pyca/cryptography-runner-jessie-libressl:2.6.4',
toxenvs: ['py27'],
],
[
label: 'docker',
imageName: 'pyca/cryptography-runner-jessie-libressl:2.7.2',
toxenvs: ['py27'],
],
[
label: 'docker',
imageName: 'pyca/cryptography-runner-ubuntu-xenial',
Expand Down
2 changes: 1 addition & 1 deletion src/_cffi_src/openssl/crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@
# define OPENSSL_PLATFORM SSLEAY_PLATFORM
# define OPENSSL_DIR SSLEAY_DIR
#endif
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
static const long Cryptography_HAS_LOCKING_CALLBACKS = 1;
#else
static const long Cryptography_HAS_LOCKING_CALLBACKS = 0;
Expand Down
44 changes: 34 additions & 10 deletions src/_cffi_src/openssl/cryptography.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,27 +28,51 @@
#include <Winsock2.h>
#endif

#if CRYPTOGRAPHY_IS_LIBRESSL
#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER >= 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER >= 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER >= 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER >= 0x20700000)

#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \
(OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER < 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \
(OPENSSL_VERSION_NUMBER < 0x1000209f || CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER < 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \
(OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER < 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \
(OPENSSL_VERSION_NUMBER < 0x10100004 || CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER < 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \
(OPENSSL_VERSION_NUMBER < 0x10100005 || CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER < 0x20700000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \
(OPENSSL_VERSION_NUMBER < 0x10100006 || CRYPTOGRAPHY_IS_LIBRESSL)
(LIBRESSL_VERSION_NUMBER < 0x20700000)
#else
#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10002000)
#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x100020cf)
#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10100000)
#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x1010006f)

#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \
(OPENSSL_VERSION_NUMBER < 0x10002000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \
(OPENSSL_VERSION_NUMBER < 0x1000209f)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \
(OPENSSL_VERSION_NUMBER < 0x10100000)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \
(OPENSSL_VERSION_NUMBER < 0x10100004)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \
(OPENSSL_VERSION_NUMBER < 0x10100005)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \
(OPENSSL_VERSION_NUMBER < 0x10100006)
#endif
"""

TYPES = """
Expand Down
4 changes: 2 additions & 2 deletions src/_cffi_src/openssl/ct.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from __future__ import absolute_import, division, print_function

INCLUDES = """
#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
#include <openssl/ct.h>

typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT;
Expand Down Expand Up @@ -55,7 +55,7 @@
"""

CUSTOMIZATIONS = """
#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
static const long Cryptography_HAS_SCT = 1;
#else
static const long Cryptography_HAS_SCT = 0;
Expand Down
4 changes: 2 additions & 2 deletions src/_cffi_src/openssl/ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -671,7 +671,7 @@

/* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were
removed */
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
static const long Cryptography_HAS_SSL_ST = 1;
#else
static const long Cryptography_HAS_SSL_ST = 0;
Expand All @@ -680,7 +680,7 @@
static const long SSL_ST_INIT = 0;
static const long SSL_ST_RENEGOTIATE = 0;
#endif
#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !CRYPTOGRAPHY_IS_LIBRESSL
static const long Cryptography_HAS_TLS_ST = 1;
#else
static const long Cryptography_HAS_TLS_ST = 0;
Expand Down
24 changes: 14 additions & 10 deletions src/_cffi_src/openssl/x509.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,7 @@

/* Added in 1.0.2 but we need it in all versions now due to the great
opaquing. */
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || CRYPTOGRAPHY_IS_LIBRESSL
/* from x509/x_x509.c */
int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
{
Expand Down Expand Up @@ -406,15 +406,6 @@
if (palg != NULL)
*palg = req->sig_alg;
}
int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
{
req->req_info->enc.modified = 1;
return i2d_X509_REQ_INFO(req->req_info, pp);
}
int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
crl->crl->enc.modified = 1;
return i2d_X509_CRL_INFO(crl->crl, pp);
}

void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg)
Expand All @@ -433,4 +424,17 @@
return x->serialNumber;
}
#endif

#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
crl->crl->enc.modified = 1;
return i2d_X509_CRL_INFO(crl->crl, pp);
}

int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
{
req->req_info->enc.modified = 1;
return i2d_X509_REQ_INFO(req->req_info, pp);
}
#endif
"""
16 changes: 15 additions & 1 deletion src/_cffi_src/openssl/x509_vfy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,20 @@
unsigned int) = NULL;
#endif

#if CRYPTOGRAPHY_OPENSSL_102_OR_GREATER && CRYPTOGRAPHY_IS_LIBRESSL
static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately
below because it shows up in some earlier 3rd party OpenSSL packages. */
static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
static const long X509_V_FLAG_SUITEB_192_LOS = 0;
static const long X509_V_FLAG_SUITEB_128_LOS = 0;
#endif

/* OpenSSL 1.0.2+ or Solaris's backport */
#ifdef X509_V_FLAG_PARTIAL_CHAIN
static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1;
Expand Down Expand Up @@ -297,7 +311,7 @@
}
#endif

#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0;
typedef void *X509_STORE_CTX_get_issuer_fn;
X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL;
Expand Down