D37049.diff
No OneTemporary
Actions

Size

17 KB

Referenced Files

None

Subscribers

None

D37049.diff
View Options

	diff --git a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988 b/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
	deleted file mode 100644
	--- a/security/py-cryptography/files/patch-Fix-build-with-LibreSSL-3.3.2-5988
	+++ /dev/null
	@@ -1,62 +0,0 @@
	-From 94590a9aecc9e5ef6fc8eda52bae43643a4c44bd Mon Sep 17 00:00:00 2001
	-From: Charlie Li <vishwin@users.noreply.github.com>
	-Date: Mon, 19 Apr 2021 18:38:38 -0400
	-Subject: [PATCH] Fix build with LibreSSL 3.3.2 (#5988)
	-
	-* LibreSSL 3.3.2 supports SSL_OP_NO_DTLS*
	-
	-While here, bump CI
	-
	-* Fix preprocessor guards for LibreSSL's SSL_OP_NO_DTLS*
	-
	-DTLS_set_link_mtu and DTLS_get_link_min_mtu are not part of 3.3.2
	-
	-* Switch to LESS_THAN context for LibreSSL 3.3.2
	-
	-While here, fix indents
	-
	-* Remove extra C variable declaration
	-
	-The variable is not actually used from Python
	----
	- .github/workflows/ci.yml \| 2 +-
	- src/_cffi_src/openssl/cryptography.py \| 7 +++++++
	- src/_cffi_src/openssl/ssl.py \| 2 ++
	- 3 files changed, 10 insertions(+), 1 deletion(-)
	-
	-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
	-index e2b5a132..b9c7a793 100644
	---- src/_cffi_src/openssl/cryptography.py
	-+++ src/_cffi_src/openssl/cryptography.py
	-@@ -32,6 +32,13 @@ INCLUDES = """
	- #include <Winsock2.h>
	- #endif
	-
	-+#if CRYPTOGRAPHY_IS_LIBRESSL
	-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
	-+ (LIBRESSL_VERSION_NUMBER < 0x3030200f)
	-+#else
	-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
	-+#endif
	-+
	- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
	- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
	-
	-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
	-index 11a7d63a..081ef041 100644
	---- src/_cffi_src/openssl/ssl.py
	-+++ src/_cffi_src/openssl/ssl.py
	-@@ -586,8 +586,10 @@ static const long TLS_ST_OK = 0;
	- #endif
	-
	- #if CRYPTOGRAPHY_IS_LIBRESSL
	-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332
	- static const long SSL_OP_NO_DTLSv1 = 0;
	- static const long SSL_OP_NO_DTLSv1_2 = 0;
	-+#endif
	- long (DTLS_set_link_mtu)(SSL , long) = NULL;
	- long (DTLS_get_link_min_mtu)(SSL ) = NULL;
	- #endif
	---
	-2.31.1
	-
	diff --git a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360 b/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
	deleted file mode 100644
	--- a/security/py-cryptography/files/patch-Support-LibreSSL-3.4.0-6360
	+++ /dev/null
	@@ -1,98 +0,0 @@
	-From 7a341a5d3cb9380e77b0241b5198373ab6fc355e Mon Sep 17 00:00:00 2001
	-From: Charlie Li <vishwin@users.noreply.github.com>
	-Date: Sun, 3 Oct 2021 00:20:31 -0400
	-Subject: [PATCH] Support LibreSSL 3.4.0 (#6360)
	-
	-* Add LibreSSL 3.4.0 to CI
	-
	-* Add a LibreSSL 3.4.0 guard
	-
	-Since LibreSSL 3.4.0 makes most of the TLSv1.3 API available, redefine CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 to LibreSSL versions below 3.4.0.
	-
	-* DTLS_get_data_mtu does not exist in LibreSSL
	-
	-* Only EVP_Digest{Sign,Verify} exist in LibreSSL 3.4.0+
	-
	-* SSL_CTX_{set,get}_keylog_callback does not exist in LibreSSL
	-
	-* Do not pollute CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 with LibreSSL
	-
	-While LibreSSL 3.4.0 supports more of TLSv1.3 API, the guard redefinition caused the X448 tests to run when not intended.
	----
	- .github/workflows/ci.yml \| 6 ++++--
	- src/_cffi_src/openssl/cryptography.py \| 3 +++
	- src/_cffi_src/openssl/evp.py \| 15 ++++++++++-----
	- src/_cffi_src/openssl/ssl.py \| 3 ++-
	- 4 files changed, 19 insertions(+), 8 deletions(-)
	-
	-diff --git src/_cffi_src/openssl/cryptography.py src/_cffi_src/openssl/cryptography.py
	-index 878d22d8..821ddc9f 100644
	---- src/_cffi_src/openssl/cryptography.py
	-+++ src/_cffi_src/openssl/cryptography.py
	-@@ -36,8 +36,11 @@ INCLUDES = """
	- #if CRYPTOGRAPHY_IS_LIBRESSL
	- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 \
	- (LIBRESSL_VERSION_NUMBER < 0x3030200f)
	-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \
	-+ (LIBRESSL_VERSION_NUMBER < 0x3040000f)
	- #else
	- #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
	-+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0)
	- #endif
	-
	- #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
	-diff --git src/_cffi_src/openssl/evp.py src/_cffi_src/openssl/evp.py
	-index ab7cfeb3..cad3339a 100644
	---- src/_cffi_src/openssl/evp.py
	-+++ src/_cffi_src/openssl/evp.py
	-@@ -203,15 +203,21 @@ int (EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY , const unsigned char *,
	- size_t) = NULL;
	- #endif
	-
	--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
	-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \|\| \
	-+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
	- static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 0;
	--static const long Cryptography_HAS_RAW_KEY = 0;
	--static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
	--int (EVP_DigestFinalXOF)(EVP_MD_CTX , unsigned char *, size_t) = NULL;
	- int (EVP_DigestSign)(EVP_MD_CTX , unsigned char , size_t ,
	- const unsigned char *tbs, size_t) = NULL;
	- int (EVP_DigestVerify)(EVP_MD_CTX , const unsigned char *, size_t,
	- const unsigned char *, size_t) = NULL;
	-+#else
	-+static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
	-+#endif
	-+
	-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
	-+static const long Cryptography_HAS_RAW_KEY = 0;
	-+static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 0;
	-+int (EVP_DigestFinalXOF)(EVP_MD_CTX , unsigned char *, size_t) = NULL;
	- EVP_PKEY (EVP_PKEY_new_raw_private_key)(int, ENGINE , const unsigned char ,
	- size_t) = NULL;
	- EVP_PKEY (EVP_PKEY_new_raw_public_key)(int, ENGINE , const unsigned char ,
	-@@ -221,7 +227,6 @@ int (EVP_PKEY_get_raw_private_key)(const EVP_PKEY , unsigned char *,
	- int (EVP_PKEY_get_raw_public_key)(const EVP_PKEY , unsigned char *,
	- size_t *) = NULL;
	- #else
	--static const long Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY = 1;
	- static const long Cryptography_HAS_RAW_KEY = 1;
	- static const long Cryptography_HAS_EVP_DIGESTFINAL_XOF = 1;
	- #endif
	-diff --git src/_cffi_src/openssl/ssl.py src/_cffi_src/openssl/ssl.py
	-index ca275e91..0830a463 100644
	---- src/_cffi_src/openssl/ssl.py
	-+++ src/_cffi_src/openssl/ssl.py
	-@@ -678,7 +678,8 @@ int (SSL_set_tlsext_use_srtp)(SSL , const char *) = NULL;
	- SRTP_PROTECTION_PROFILE * (SSL_get_selected_srtp_profile)(SSL ) = NULL;
	- #endif
	-
	--#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
	-+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \|\| \
	-+ (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
	- static const long Cryptography_HAS_TLSv1_3 = 0;
	- static const long SSL_OP_NO_TLSv1_3 = 0;
	- static const long SSL_VERIFY_POST_HANDSHAKE = 0;
	---
	-2.32.0
	-
	diff --git a/security/py-cryptography/files/patch-src___cffi__src_openssl_cryptography.py b/security/py-cryptography/files/patch-src___cffi__src_openssl_cryptography.py
	new file mode 100644
	--- /dev/null
	+++ b/security/py-cryptography/files/patch-src___cffi__src_openssl_cryptography.py
	@@ -0,0 +1,26 @@
	+--- src/_cffi_src/openssl/cryptography.py.orig 2022-10-17 10:52:36 UTC
	++++ src/_cffi_src/openssl/cryptography.py
	+@@ -33,17 +33,17 @@ INCLUDES = """
	+ #endif
	+
	+ #define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
	+- (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
	++ OPENSSL_VERSION_NUMBER >= 0x1010006f
	+
	+ #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
	+- (OPENSSL_VERSION_NUMBER < 0x101000af \|\| CRYPTOGRAPHY_IS_LIBRESSL)
	++ OPENSSL_VERSION_NUMBER < 0x101000af
	+ #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 \
	+- (OPENSSL_VERSION_NUMBER < 0x10101000 \|\| CRYPTOGRAPHY_IS_LIBRESSL)
	++ OPENSSL_VERSION_NUMBER < 0x10101000
	+ #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B \
	+- (OPENSSL_VERSION_NUMBER < 0x10101020 \|\| CRYPTOGRAPHY_IS_LIBRESSL)
	++ OPENSSL_VERSION_NUMBER < 0x10101020
	+ #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D \
	+- (OPENSSL_VERSION_NUMBER < 0x10101040 \|\| CRYPTOGRAPHY_IS_LIBRESSL)
	+-#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && !CRYPTOGRAPHY_IS_LIBRESSL && \
	++ OPENSSL_VERSION_NUMBER < 0x10101040
	++#if (CRYPTOGRAPHY_OPENSSL_LESS_THAN_111D && \
	+ !defined(OPENSSL_NO_ENGINE)) \|\| defined(USE_OSRANDOM_RNG_FOR_TESTING)
	+ #define CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE 1
	+ #else
	diff --git a/security/py-cryptography/files/patch-src___cffi__src_openssl_dh.py b/security/py-cryptography/files/patch-src___cffi__src_openssl_dh.py
	new file mode 100644
	--- /dev/null
	+++ b/security/py-cryptography/files/patch-src___cffi__src_openssl_dh.py
	@@ -0,0 +1,120 @@
	+--- src/_cffi_src/openssl/dh.py.orig 2022-10-17 11:10:57 UTC
	++++ src/_cffi_src/openssl/dh.py
	+@@ -37,117 +37,9 @@ int Cryptography_i2d_DHxparams_bio(BIO bp, DH x);
	+ """
	+
	+ CUSTOMIZATIONS = """
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+-#ifndef DH_CHECK_Q_NOT_PRIME
	+-#define DH_CHECK_Q_NOT_PRIME 0x10
	+-#endif
	+-
	+-#ifndef DH_CHECK_INVALID_Q_VALUE
	+-#define DH_CHECK_INVALID_Q_VALUE 0x20
	+-#endif
	+-
	+-#ifndef DH_CHECK_INVALID_J_VALUE
	+-#define DH_CHECK_INVALID_J_VALUE 0x40
	+-#endif
	+-
	+-/* DH_check implementation taken from OpenSSL 1.1.0pre6 */
	+-
	+-/*-
	+- * Check that p is a safe prime and
	+- * if g is 2, 3 or 5, check that it is a suitable generator
	+- * where
	+- * for 2, p mod 24 == 11
	+- * for 3, p mod 12 == 5
	+- * for 5, p mod 10 == 3 or 7
	+- * should hold.
	+- */
	+-
	+-int Cryptography_DH_check(const DH dh, int ret)
	+-{
	+- int ok = 0, r;
	+- BN_CTX *ctx = NULL;
	+- BN_ULONG l;
	+- BIGNUM t1 = NULL, t2 = NULL;
	+-
	+- *ret = 0;
	+- ctx = BN_CTX_new();
	+- if (ctx == NULL)
	+- goto err;
	+- BN_CTX_start(ctx);
	+- t1 = BN_CTX_get(ctx);
	+- if (t1 == NULL)
	+- goto err;
	+- t2 = BN_CTX_get(ctx);
	+- if (t2 == NULL)
	+- goto err;
	+-
	+- if (dh->q) {
	+- if (BN_cmp(dh->g, BN_value_one()) <= 0)
	+- *ret \|= DH_NOT_SUITABLE_GENERATOR;
	+- else if (BN_cmp(dh->g, dh->p) >= 0)
	+- *ret \|= DH_NOT_SUITABLE_GENERATOR;
	+- else {
	+- /* Check g^q == 1 mod p */
	+- if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
	+- goto err;
	+- if (!BN_is_one(t1))
	+- *ret \|= DH_NOT_SUITABLE_GENERATOR;
	+- }
	+- r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
	+- if (r < 0)
	+- goto err;
	+- if (!r)
	+- *ret \|= DH_CHECK_Q_NOT_PRIME;
	+- /* Check p == 1 mod q i.e. q divides p - 1 */
	+- if (!BN_div(t1, t2, dh->p, dh->q, ctx))
	+- goto err;
	+- if (!BN_is_one(t2))
	+- *ret \|= DH_CHECK_INVALID_Q_VALUE;
	+- if (dh->j && BN_cmp(dh->j, t1))
	+- *ret \|= DH_CHECK_INVALID_J_VALUE;
	+-
	+- } else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
	+- l = BN_mod_word(dh->p, 24);
	+- if (l == (BN_ULONG)-1)
	+- goto err;
	+- if (l != 11)
	+- *ret \|= DH_NOT_SUITABLE_GENERATOR;
	+- } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
	+- l = BN_mod_word(dh->p, 10);
	+- if (l == (BN_ULONG)-1)
	+- goto err;
	+- if ((l != 3) && (l != 7))
	+- *ret \|= DH_NOT_SUITABLE_GENERATOR;
	+- } else
	+- *ret \|= DH_UNABLE_TO_CHECK_GENERATOR;
	+-
	+- r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
	+- if (r < 0)
	+- goto err;
	+- if (!r)
	+- *ret \|= DH_CHECK_P_NOT_PRIME;
	+- else if (!dh->q) {
	+- if (!BN_rshift1(t1, dh->p))
	+- goto err;
	+- r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
	+- if (r < 0)
	+- goto err;
	+- if (!r)
	+- *ret \|= DH_CHECK_P_NOT_SAFE_PRIME;
	+- }
	+- ok = 1;
	+- err:
	+- if (ctx != NULL) {
	+- BN_CTX_end(ctx);
	+- BN_CTX_free(ctx);
	+- }
	+- return (ok);
	+-}
	+-#else
	+ int Cryptography_DH_check(const DH dh, int ret) {
	+ return DH_check(dh, ret);
	+ }
	+-#endif
	+
	+ /* These functions were added in OpenSSL 1.1.0f commit d0c50e80a8 */
	+ /* Define our own to simplify support across all versions. */
	diff --git a/security/py-cryptography/files/patch-src___cffi__src_openssl_fips.py b/security/py-cryptography/files/patch-src___cffi__src_openssl_fips.py
	new file mode 100644
	--- /dev/null
	+++ b/security/py-cryptography/files/patch-src___cffi__src_openssl_fips.py
	@@ -0,0 +1,14 @@
	+--- src/_cffi_src/openssl/fips.py.orig 2022-10-17 11:12:47 UTC
	++++ src/_cffi_src/openssl/fips.py
	+@@ -17,11 +17,5 @@ int FIPS_mode(void);
	+ """
	+
	+ CUSTOMIZATIONS = """
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+-static const long Cryptography_HAS_FIPS = 0;
	+-int (*FIPS_mode_set)(int) = NULL;
	+-int (*FIPS_mode)(void) = NULL;
	+-#else
	+ static const long Cryptography_HAS_FIPS = 1;
	+-#endif
	+ """
	diff --git a/security/py-cryptography/files/patch-src___cffi__src_openssl_ocsp.py b/security/py-cryptography/files/patch-src___cffi__src_openssl_ocsp.py
	new file mode 100644
	--- /dev/null
	+++ b/security/py-cryptography/files/patch-src___cffi__src_openssl_ocsp.py
	@@ -0,0 +1,73 @@
	+--- src/_cffi_src/openssl/ocsp.py.orig 2022-10-17 11:14:50 UTC
	++++ src/_cffi_src/openssl/ocsp.py
	+@@ -77,7 +77,6 @@ int i2d_OCSP_RESPDATA(OCSP_RESPDATA , unsigned char
	+
	+ CUSTOMIZATIONS = """
	+ #if ( \
	+- !CRYPTOGRAPHY_IS_LIBRESSL && \
	+ CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J \
	+ )
	+ /* These structs come from ocsp_lcl.h and are needed to de-opaque the struct
	+@@ -104,62 +103,15 @@ struct ocsp_basic_response_st {
	+ };
	+ #endif
	+
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+-/* These functions are all taken from ocsp_cl.c in OpenSSL 1.1.0 */
	+-const OCSP_CERTID OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP single)
	+-{
	+- return single->certId;
	+-}
	+-const Cryptography_STACK_OF_X509 *OCSP_resp_get0_certs(
	+- const OCSP_BASICRESP *bs)
	+-{
	+- return bs->certs;
	+-}
	+-int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
	+- const ASN1_OCTET_STRING **pid,
	+- const X509_NAME **pname)
	+-{
	+- const OCSP_RESPID *rid = bs->tbsResponseData->responderId;
	+-
	+- if (rid->type == V_OCSP_RESPID_NAME) {
	+- *pname = rid->value.byName;
	+- *pid = NULL;
	+- } else if (rid->type == V_OCSP_RESPID_KEY) {
	+- *pid = rid->value.byKey;
	+- *pname = NULL;
	+- } else {
	+- return 0;
	+- }
	+- return 1;
	+-}
	+-const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
	+- const OCSP_BASICRESP* bs)
	+-{
	+- return bs->tbsResponseData->producedAt;
	+-}
	+-const ASN1_OCTET_STRING OCSP_resp_get0_signature(const OCSP_BASICRESP bs)
	+-{
	+- return bs->signature;
	+-}
	+-#endif
	+-
	+ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110J
	+ const X509_ALGOR OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP bs)
	+ {
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+- return bs->signatureAlgorithm;
	+-#else
	+ return &bs->signatureAlgorithm;
	+-#endif
	+ }
	+
	+ const OCSP_RESPDATA OCSP_resp_get0_respdata(const OCSP_BASICRESP bs)
	+ {
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+- return bs->tbsResponseData;
	+-#else
	+ return &bs->tbsResponseData;
	+-#endif
	+ }
	+ #endif
	+ """
	diff --git a/security/py-cryptography/files/patch-src___cffi__src_openssl_ssl.py b/security/py-cryptography/files/patch-src___cffi__src_openssl_ssl.py
	new file mode 100644
	--- /dev/null
	+++ b/security/py-cryptography/files/patch-src___cffi__src_openssl_ssl.py
	@@ -0,0 +1,29 @@
	+--- src/_cffi_src/openssl/ssl.py.orig 2022-10-17 11:17:08 UTC
	++++ src/_cffi_src/openssl/ssl.py
	+@@ -515,12 +515,7 @@ CUSTOMIZATIONS = """
	+ // users have upgraded. PersistentlyDeprecated2020
	+ static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1;
	+
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+-static const long Cryptography_HAS_VERIFIED_CHAIN = 0;
	+-Cryptography_STACK_OF_X509 (SSL_get0_verified_chain)(const SSL *) = NULL;
	+-#else
	+ static const long Cryptography_HAS_VERIFIED_CHAIN = 1;
	+-#endif
	+
	+ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
	+ static const long Cryptography_HAS_KEYLOG = 0;
	+@@ -583,13 +578,6 @@ static const long Cryptography_HAS_TLS_ST = 1;
	+ static const long Cryptography_HAS_TLS_ST = 0;
	+ static const long TLS_ST_BEFORE = 0;
	+ static const long TLS_ST_OK = 0;
	+-#endif
	+-
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+-static const long SSL_OP_NO_DTLSv1 = 0;
	+-static const long SSL_OP_NO_DTLSv1_2 = 0;
	+-long (DTLS_set_link_mtu)(SSL , long) = NULL;
	+-long (DTLS_get_link_min_mtu)(SSL ) = NULL;
	+ #endif
	+
	+ static const long Cryptography_HAS_DTLS = 1;
	diff --git a/security/py-cryptography/files/patch-src___cffi__src_openssl_x509.py b/security/py-cryptography/files/patch-src___cffi__src_openssl_x509.py
	new file mode 100644
	--- /dev/null
	+++ b/security/py-cryptography/files/patch-src___cffi__src_openssl_x509.py
	@@ -0,0 +1,36 @@
	+--- src/_cffi_src/openssl/x509.py.orig 2022-10-17 11:26:23 UTC
	++++ src/_cffi_src/openssl/x509.py
	+@@ -276,33 +276,8 @@ void X509_REQ_get0_signature(const X509_REQ *, const A
	+ """
	+
	+ CUSTOMIZATIONS = """
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+-int i2d_re_X509_tbs(X509 x, unsigned char *pp)
	+-{
	+- /* in 1.0.2+ this function also sets x->cert_info->enc.modified = 1
	+- but older OpenSSLs don't have the enc ASN1_ENCODING member in the
	+- X509 struct. Setting modified to 1 marks the encoding
	+- (x->cert_info->enc.enc) as invalid, but since the entire struct isn't
	+- present we don't care. */
	+- return i2d_X509_CINF(x->cert_info, pp);
	+-}
	+-#endif
	+-
	+ /* Being kept around for pyOpenSSL */
	+ X509_REVOKED Cryptography_X509_REVOKED_dup(X509_REVOKED rev) {
	+ return X509_REVOKED_dup(rev);
	+ }
	+-/* Added in 1.1.0 but we need it in all versions now due to the great
	+- opaquing. */
	+-#if CRYPTOGRAPHY_IS_LIBRESSL
	+-int i2d_re_X509_REQ_tbs(X509_REQ req, unsigned char *pp)
	+-{
	+- req->req_info->enc.modified = 1;
	+- return i2d_X509_REQ_INFO(req->req_info, pp);
	+-}
	+-int i2d_re_X509_CRL_tbs(X509_CRL crl, unsigned char *pp) {
	+- crl->crl->enc.modified = 1;
	+- return i2d_X509_CRL_INFO(crl->crl, pp);
	+-}
	+-#endif
	+ """

File Metadata

Mime Type: text/plain
Expires: Sat, Jan 25, 12:47 AM (11 h, 49 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16113491
Default Alt Text: D37049.diff (17 KB)

D37049.diffNo OneTemporaryActions

D37049.diffView Options

File Metadata

Event Timeline

D37049.diff
No OneTemporary
Actions

D37049.diff
View Options