Overview

File fix-build-with-old-ssl.patch of Package saltbundlepy-cryptography

diff -urN a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
--- a/src/_cffi_src/openssl/cryptography.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/cryptography.py	2022-07-21 11:23:07.808333258 +0300
@@ -36,6 +36,8 @@
 #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
     (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
 
+#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \
+    (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
     (OPENSSL_VERSION_NUMBER < 0x101000af || CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \
@@ -44,6 +46,10 @@
     (OPENSSL_VERSION_NUMBER < 0x10101020 || CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \
     (OPENSSL_VERSION_NUMBER < 0x10101040 || CRYPTOGRAPHY_IS_LIBRESSL)
+
+#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
+    (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL)
+
 #if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \
     !defined(OPENSSL_NO_ENGINE)) || defined(USE_OSRANDOM_RNG_FOR_TESTING)
 #define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1
diff -urN a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
--- a/src/_cffi_src/openssl/evp.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/evp.py	2022-07-21 18:11:28.352135303 +0300
@@ -123,7 +123,6 @@
 int EVP_PKEY_id(const EVP_PKEY *);
 int Cryptography_EVP_PKEY_id(const EVP_PKEY *);
 
-EVP_MD_CTX *EVP_MD_CTX_new(void);
 void EVP_MD_CTX_free(EVP_MD_CTX *);
 /* Backwards compat aliases for pyOpenSSL */
 EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void);
@@ -179,7 +178,11 @@
     return EVP_PKEY_id(key);
 }
 EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) {
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+    return EVP_MD_CTX_create();
+#else
     return EVP_MD_CTX_new();
+#endif
 }
 void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *md) {
     EVP_MD_CTX_free(md);
diff -urN a/src/_cffi_src/openssl/hmac.py b/src/_cffi_src/openssl/hmac.py
--- a/src/_cffi_src/openssl/hmac.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/hmac.py	2022-07-21 16:25:45.615520831 +0300
@@ -18,7 +18,6 @@
 int HMAC_Final(HMAC_CTX *, unsigned char *, unsigned int *);
 int HMAC_CTX_copy(HMAC_CTX *, HMAC_CTX *);
 
-HMAC_CTX *HMAC_CTX_new(void);
 void HMAC_CTX_free(HMAC_CTX *ctx);
 """
 
diff -urN a/src/_cffi_src/openssl/nid.py b/src/_cffi_src/openssl/nid.py
--- a/src/_cffi_src/openssl/nid.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/nid.py	2022-07-21 11:19:33.081013268 +0300
@@ -31,12 +31,24 @@
 """
 
 CUSTOMIZATIONS = """
+#ifndef NID_X25519
+static const long Cryptography_HAS_X25519 = 0;
+static const int NID_X25519 = 0;
+#else
+static const long Cryptography_HAS_X25519 = 1;
+#endif
 #ifndef NID_ED25519
 static const long Cryptography_HAS_ED25519 = 0;
 static const int NID_ED25519 = 0;
 #else
 static const long Cryptography_HAS_ED25519 = 1;
 #endif
+#ifndef NID_X448
+static const long Cryptography_HAS_X448 = 0;
+static const int NID_X448 = 0;
+#else
+static const long Cryptography_HAS_X448 = 1;
+#endif
 #ifndef NID_ED448
 static const long Cryptography_HAS_ED448 = 0;
 static const int NID_ED448 = 0;
diff -urN a/src/_cffi_src/openssl/ocsp.py b/src/_cffi_src/openssl/ocsp.py
--- a/src/_cffi_src/openssl/ocsp.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/ocsp.py	2022-07-21 16:30:29.744225229 +0300
@@ -78,7 +78,7 @@
 
 CUSTOMIZATIONS = """
 #if ( \
-    !CRYPTOGRAPHY_IS_LIBRESSL && \
+    CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && \
     CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
     )
 /* These structs come from ocsp_lcl.h and are needed to de-opaque the struct
@@ -105,7 +105,7 @@
 };
 #endif
 
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
 /* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */
 const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
 {
@@ -147,7 +147,7 @@
 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J
 const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
 {
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
     return bs->signatureAlgorithm;
 #else
     return &bs->signatureAlgorithm;
@@ -156,7 +156,7 @@
 
 const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
 {
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
     return bs->tbsResponseData;
 #else
     return &bs->tbsResponseData;
diff -urN a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
--- a/src/_cffi_src/openssl/ssl.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/ssl.py	2022-07-21 17:38:42.744768841 +0300
@@ -371,10 +371,6 @@
 const SSL_METHOD *SSLv23_server_method(void);
 const SSL_METHOD *SSLv23_client_method(void);
 
-const SSL_METHOD *TLS_method(void);
-const SSL_METHOD *TLS_server_method(void);
-const SSL_METHOD *TLS_client_method(void);
-
 /*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/
 SSL_CTX *SSL_CTX_new(SSL_METHOD *);
 long SSL_CTX_get_timeout(const SSL_CTX *);
@@ -510,7 +506,7 @@
 // users have upgraded. PersistentlyDeprecated2020
 static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1;
 
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
 static const long Cryptography_HAS_VERIFIED_CHAIN = 0;
 Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL;
 #else
@@ -563,7 +559,7 @@
 
 /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were
    removed */
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
 static const long Cryptography_HAS_SSL_ST = 1;
 #else
 static const long Cryptography_HAS_SSL_ST = 0;
@@ -572,7 +568,7 @@
 static const long SSL_ST_INIT = 0;
 static const long SSL_ST_RENEGOTIATE = 0;
 #endif
-#if !CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER
 static const long Cryptography_HAS_TLS_ST = 1;
 #else
 static const long Cryptography_HAS_TLS_ST = 0;
diff -urN a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
--- a/src/_cffi_src/openssl/x509.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/x509.py	2022-07-21 17:55:24.114799867 +0300
@@ -288,7 +288,7 @@
 }
 /* Added in 1.1.0 but we need it in all versions now due to the great
    opaquing. */
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
 int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
 {
     req->req_info->enc.modified = 1;
@@ -298,5 +298,45 @@
     crl->crl->enc.modified = 1;
     return i2d_X509_CRL_INFO(crl->crl, pp);
 }
+
+int X509_up_ref(X509 *x) {
+   return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+}
+
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
+{
+    return x->cert_info->signature;
+}
+
+/* from x509/x509_req.c */
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = req->signature;
+    if (palg != NULL)
+        *palg = req->sig_alg;
+}
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = crl->signature;
+    if (palg != NULL)
+        *palg = crl->sig_alg;
+}
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
+{
+    return x->revocationDate;
+}
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
+{
+    return x->serialNumber;
+}
+
+#define X509_set1_notBefore X509_set_notBefore
+#define X509_set1_notAfter X509_set_notAfter
+#define X509_getm_notAfter X509_get_notAfter
+#define X509_getm_notBefore X509_get_notBefore
 #endif
 """
diff -urN a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py
--- a/src/_cffi_src/openssl/x509_vfy.py	2021-02-07 19:39:35.000000000 +0300
+++ b/src/_cffi_src/openssl/x509_vfy.py	2022-07-21 17:53:37.752891469 +0300
@@ -234,7 +234,7 @@
 static const long X509_V_FLAG_SUITEB_128_LOS = 0;
 #endif
 
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL
 static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 0;
 #ifndef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
 static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0;
@@ -243,7 +243,30 @@
 static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1;
 #endif
 
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) {
+    return ctx->objs;
+}
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) {
+    return store->param;
+}
+int X509_OBJECT_get_type(const X509_OBJECT *x) {
+    return x->type;
+}
+
+/* from x509/x509_vfy.c */
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
+    return x->data.x509;
+}
+#endif
+
+
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
 static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0;
 typedef void *X509_STORE_CTX_get_issuer_fn;
 X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL;
openSUSE Build Service is sponsored by
Places