mirror of
https://github.com/saymrwulf/cryptography.git
synced 2026-05-14 20:37:55 +00:00
Support LibreSSL 3.5.0 (#6919)
* Add LibreSSL 3.5.0 to CI
* Add LibreSSL 3.5.0 guard
* Expose FIPS functions in LibreSSL 3.5.0+
* Expose DH API in LibreSSL 3.5.0+
* Expose SSL_get0_verified_chain and SSL_CTX_{set,get}_keylog_callback in LibreSSL 3.5.0+
* Fix SSL_CTX_{set,get}_keylog_callback guard
* Add missing CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 symbol
* Fix SSL_CTX_{set,get}_keylog_callback guard again
* Condense LibreSSL 3.5.0 defines
* Kick CircleCI
This commit is contained in:
Charlie Li
GitHub
parent
d2fedefe1e
commit
1cc4a6e786
5 changed files with 10 additions and 4 deletions
1
.github/workflows/ci.yml
vendored
1
.github/workflows/ci.yml
vendored
|
|
@ -39,6 +39,7 @@ jobs:
|
|||
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.2.7"}}
|
||||
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.3.5"}}
|
||||
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.4.2"}}
|
||||
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.5.0"}}
|
||||
- {VERSION: "3.10", TOXENV: "py310"}
|
||||
- {VERSION: "3.11-dev", TOXENV: "py311"}
|
||||
- {VERSION: "3.10", TOXENV: "py310-randomorder"}
|
||||
|
|
|
|||
|
|
@ -45,11 +45,14 @@ INCLUDES = """
|
|||
(LIBRESSL_VERSION_NUMBER < 0x3030200f)
|
||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 \
|
||||
(LIBRESSL_VERSION_NUMBER < 0x3040000f)
|
||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 \
|
||||
(LIBRESSL_VERSION_NUMBER < 0x3050000f)
|
||||
|
||||
#else
|
||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_322 (0)
|
||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
|
||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0)
|
||||
#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 (0)
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
|
|
@ -84,6 +87,7 @@ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
|
|||
static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE;
|
||||
|
||||
static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340;
|
||||
static const int CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350;
|
||||
|
||||
static const int CRYPTOGRAPHY_IS_LIBRESSL;
|
||||
static const int CRYPTOGRAPHY_IS_BORINGSSL;
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ int Cryptography_i2d_DHxparams_bio(BIO *, DH *);
|
|||
"""
|
||||
|
||||
CUSTOMIZATIONS = """
|
||||
#if CRYPTOGRAPHY_IS_LIBRESSL
|
||||
#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350
|
||||
#ifndef DH_CHECK_Q_NOT_PRIME
|
||||
#define DH_CHECK_Q_NOT_PRIME 0x10
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ int FIPS_mode(void);
|
|||
"""
|
||||
|
||||
CUSTOMIZATIONS = """
|
||||
#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
|
||||
#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 || CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
|
||||
static const long Cryptography_HAS_FIPS = 0;
|
||||
int (*FIPS_mode_set)(int) = NULL;
|
||||
int (*FIPS_mode)(void) = NULL;
|
||||
|
|
|
|||
|
|
@ -529,14 +529,15 @@ static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1;
|
|||
int (*SSL_CTX_set_client_cert_engine)(SSL_CTX *, ENGINE *) = NULL;
|
||||
#endif
|
||||
|
||||
#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL
|
||||
#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 || CRYPTOGRAPHY_IS_BORINGSSL
|
||||
static const long Cryptography_HAS_VERIFIED_CHAIN = 0;
|
||||
Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL;
|
||||
#else
|
||||
static const long Cryptography_HAS_VERIFIED_CHAIN = 1;
|
||||
#endif
|
||||
|
||||
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111
|
||||
#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 || \
|
||||
(CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 && !CRYPTOGRAPHY_IS_LIBRESSL)
|
||||
static const long Cryptography_HAS_KEYLOG = 0;
|
||||
void (*SSL_CTX_set_keylog_callback)(SSL_CTX *,
|
||||
void (*) (const SSL *, const char *)
|
||||
|
|
|
|||
Loading…
Reference in a new issue