ALP-pool/saltbundlepy-cryptography
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 saltbundlepy-cryptography revision d5f8d01eea0cb589ece0faab0f3846e8

Browse Source
This commit is contained in:
Adrian Schröter 2024-11-15 12:52:40 +01:00
parent c273a65be7
commit d98a437783
4 changed files with 48 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
definitions-ERR_GET.patch
View File

@ -1,18 +1,16 @@
--- a/src/_cffi_src/openssl/err.py
+++ b/src/_cffi_src/openssl/err.py
@@ -38,12 +38,10 @@
unsigned long ERR_peek_error(void);
void ERR_clear_error(void);
void ERR_put_error(int, int, int, const char *, int);
-
-int ERR_GET_LIB(unsigned long);
-int ERR_GET_FUNC(unsigned long);
-int ERR_GET_REASON(unsigned long);
-
@@ -46,4 +46,13 @@
"""
CUSTOMIZATIONS = """
+# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL)
+# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL)
+# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL)
+#ifndef ERR_GET_LIB
+#define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL)
+#endif
+#ifndef ERR_GET_FUNC
+#define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL)
+#endif
+#ifndef ERR_GET_REASON
+#define ERR_GET_REASON(l) (int)( (l) & 0xFFFL)
+#endif
"""

23
fix-build-with-old-ssl.patch
View File

@ -105,8 +105,8 @@
}
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+EVP_MD_CTX *(*EVP_MD_CTX_new)(void) = NULL;
+void (*EVP_MD_CTX_free)(EVP_MD_CTX *) = NULL;
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t,
+ uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *,
+ size_t) = NULL;
@ -196,7 +196,7 @@
return &bs->tbsResponseData;
--- a/src/_cffi_src/openssl/rsa.py
+++ b/src/_cffi_src/openssl/rsa.py
@@ -58,4 +58,20 @@
@@ -58,4 +58,27 @@
int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *,
int) = NULL;
#endif
@ -204,8 +204,15 @@
+int (*RSA_set0_key)(RSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL;
+int (*RSA_set0_factors)(RSA *, BIGNUM *, BIGNUM *) = NULL;
+int (*RSA_set0_crt_params)(RSA *, BIGNUM *, BIGNUM *, BIGNUM *) = NULL;
+void (*RSA_get0_key)(const RSA *, const BIGNUM **, const BIGNUM **,
+ const BIGNUM **) = NULL;
+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
+ const BIGNUM **d) {
+ if (n != NULL)
+ *n = r->n;
+ if (e != NULL)
+ *e = r->e;
+ if (d != NULL)
+ *d = r->d;
+}
+void (*RSA_get0_factors)(const RSA *, const BIGNUM **, const BIGNUM **) = NULL;
+void (*RSA_get0_crt_params)(const RSA *, const BIGNUM **, const BIGNUM **,
+ const BIGNUM **) = NULL;
@ -277,12 +284,14 @@
"""
--- a/src/_cffi_src/openssl/x509name.py
+++ b/src/_cffi_src/openssl/x509name.py
@@ -75,4 +75,7 @@
@@ -75,4 +75,9 @@
"""
CUSTOMIZATIONS = """
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+int (*X509_NAME_ENTRY_set)(X509_NAME_ENTRY *) = NULL;
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) {
+ return ne->set;
+}
+#endif
"""
--- a/src/_cffi_src/openssl/x509.py

21
saltbundlepy-cryptography.changes
View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Mon Aug 26 13:55:57 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
- Fix the definitions of RSA_get0_key, EVP_MD_CTX_new,
EVP_MD_CTX_free and X509_NAME_ENTRY_set to prevent segfaults
on running Salt Testsuite with old OpenSSL versions.
- Modified:
* fix-build-with-old-ssl.patch
-------------------------------------------------------------------
Wed Aug 14 08:25:25 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
- Make patch for missing ERR_GET_... definitions more flexible
for different OpenSSL versions
- Add simple test into %check section to check if the definitions
are in place on building the package
- Modified:
* definitions-ERR_GET.patch
-------------------------------------------------------------------
Fri Jul 26 07:06:38 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>

2
saltbundlepy-cryptography.spec
View File

@ -116,7 +116,7 @@ find . -name .keep -print -delete
%check
%{python_expand # Just a simple test loading the module
export PYTHONPATH="%{buildroot}%{$python_sitearch}"
$python -c 'from cryptography.hazmat.bindings._openssl import ffi, lib; fips_mode = getattr(lib, "FIPS_mode"); mode = fips_mode()'
$python -c 'from cryptography.hazmat.bindings._openssl import lib; mode = lib.FIPS_mode(); lib.ERR_GET_LIB(0); lib.ERR_GET_FUNC(0); lib.ERR_GET_REASON(0)'
}
%if %{with test}
%pytest_arch