logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0002-Re-add-support-for-libressl.patch (13821B)


  1. From 308e4f113891bea997bcac7e7e48a18956478265 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Tue, 5 Oct 2021 14:44:43 -0700
  4. Subject: [PATCH] Re-add support for libressl
  5. ---
  6. Modules/_hashopenssl.c | 4 +++
  7. Modules/_ssl.c | 58 +++++++++++++++++++++------------
  8. Modules/_ssl/debughelpers.c | 4 +++
  9. Modules/clinic/_hashopenssl.c.h | 10 +++++-
  10. Modules/clinic/_ssl.c.h | 28 ++++++++++++----
  11. 5 files changed, 77 insertions(+), 27 deletions(-)
  12. diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
  13. index b9e68c05c3..75eb76266a 100644
  14. --- a/Modules/_hashopenssl.c
  15. +++ b/Modules/_hashopenssl.c
  16. @@ -40,10 +40,12 @@
  17. #define MUNCH_SIZE INT_MAX
  18. +#ifndef LIBRESSL_VERSION_NUMBER
  19. #define PY_OPENSSL_HAS_SCRYPT 1
  20. #define PY_OPENSSL_HAS_SHA3 1
  21. #define PY_OPENSSL_HAS_SHAKE 1
  22. #define PY_OPENSSL_HAS_BLAKE2 1
  23. +#endif
  24. static PyModuleDef _hashlibmodule;
  25. @@ -1794,6 +1796,7 @@ hashlib_md_meth_names(PyObject *module)
  26. return 0;
  27. }
  28. +#ifndef LIBRESSL_VERSION_NUMBER
  29. /*[clinic input]
  30. _hashlib.get_fips_mode -> int
  31. @@ -1831,6 +1834,7 @@ _hashlib_get_fips_mode_impl(PyObject *module)
  32. return result;
  33. #endif
  34. }
  35. +#endif
  36. static int
  37. diff --git a/Modules/_ssl.c b/Modules/_ssl.c
  38. index 6c63301b2a..d8a70d5511 100644
  39. --- a/Modules/_ssl.c
  40. +++ b/Modules/_ssl.c
  41. @@ -291,8 +291,10 @@ typedef struct {
  42. int post_handshake_auth;
  43. #endif
  44. PyObject *msg_cb;
  45. +#ifndef LIBRESSL_VERSION_NUMBER
  46. PyObject *keylog_filename;
  47. BIO *keylog_bio;
  48. +#endif
  49. /* Cached module state, also used in SSLSocket and SSLSession code. */
  50. _sslmodulestate *state;
  51. } PySSLContext;
  52. @@ -1829,6 +1831,7 @@ _ssl__SSLSocket_getpeercert_impl(PySSLSocket *self, int binary_mode)
  53. return result;
  54. }
  55. +#ifndef LIBRESSL_VERSION_NUMBER
  56. /*[clinic input]
  57. _ssl._SSLSocket.get_verified_chain
  58. @@ -1892,6 +1895,7 @@ _ssl__SSLSocket_get_unverified_chain_impl(PySSLSocket *self)
  59. }
  60. return retval;
  61. }
  62. +#endif
  63. static PyObject *
  64. cipher_to_tuple(const SSL_CIPHER *cipher)
  65. @@ -2298,8 +2302,7 @@ static PyObject *
  66. _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b)
  67. /*[clinic end generated code: output=aa7a6be5527358d8 input=77262d994fe5100a]*/
  68. {
  69. - size_t count = 0;
  70. - int retval;
  71. + int len;
  72. int sockstate;
  73. _PySSLError err;
  74. int nonblocking;
  75. @@ -2317,6 +2320,12 @@ _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b)
  76. Py_INCREF(sock);
  77. }
  78. + if (b->len > INT_MAX) {
  79. + PyErr_Format(PyExc_OverflowError,
  80. + "string longer than %d bytes", INT_MAX);
  81. + goto error;
  82. + }
  83. +
  84. if (sock != NULL) {
  85. /* just in case the blocking state of the socket has been changed */
  86. nonblocking = (sock->sock_timeout >= 0);
  87. @@ -2346,8 +2355,8 @@ _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b)
  88. do {
  89. PySSL_BEGIN_ALLOW_THREADS
  90. - retval = SSL_write_ex(self->ssl, b->buf, (size_t)b->len, &count);
  91. - err = _PySSL_errno(retval == 0, self->ssl, retval);
  92. + len = SSL_write(self->ssl, b->buf, (int)b->len);
  93. + err = _PySSL_errno(len <= 0, self->ssl, len);
  94. PySSL_END_ALLOW_THREADS
  95. self->err = err;
  96. @@ -2380,11 +2389,11 @@ _ssl__SSLSocket_write_impl(PySSLSocket *self, Py_buffer *b)
  97. err.ssl == SSL_ERROR_WANT_WRITE);
  98. Py_XDECREF(sock);
  99. - if (retval == 0)
  100. - return PySSL_SetError(self, retval, __FILE__, __LINE__);
  101. + if (len <= 0)
  102. + return PySSL_SetError(self, len, __FILE__, __LINE__);
  103. if (PySSL_ChainExceptions(self) < 0)
  104. return NULL;
  105. - return PyLong_FromSize_t(count);
  106. + return PyLong_FromLong(len);
  107. error:
  108. Py_XDECREF(sock);
  109. PySSL_ChainExceptions(self);
  110. @@ -2418,7 +2427,7 @@ _ssl__SSLSocket_pending_impl(PySSLSocket *self)
  111. /*[clinic input]
  112. _ssl._SSLSocket.read
  113. - size as len: Py_ssize_t
  114. + size as len: int
  115. [
  116. buffer: Py_buffer(accept={rwbuffer})
  117. ]
  118. @@ -2428,14 +2437,13 @@ Read up to size bytes from the SSL socket.
  119. [clinic start generated code]*/
  120. static PyObject *
  121. -_ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len,
  122. - int group_right_1, Py_buffer *buffer)
  123. -/*[clinic end generated code: output=49b16e6406023734 input=ec48bf622be1c4a1]*/
  124. +_ssl__SSLSocket_read_impl(PySSLSocket *self, int len, int group_right_1,
  125. + Py_buffer *buffer)
  126. +/*[clinic end generated code: output=00097776cec2a0af input=ff157eb918d0905b]*/
  127. {
  128. PyObject *dest = NULL;
  129. char *mem;
  130. - size_t count = 0;
  131. - int retval;
  132. + int count;
  133. int sockstate;
  134. _PySSLError err;
  135. int nonblocking;
  136. @@ -2498,8 +2506,8 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len,
  137. do {
  138. PySSL_BEGIN_ALLOW_THREADS
  139. - retval = SSL_read_ex(self->ssl, mem, (size_t)len, &count);
  140. - err = _PySSL_errno(retval == 0, self->ssl, retval);
  141. + count = SSL_read(self->ssl, mem, len);
  142. + err = _PySSL_errno(count <= 0, self->ssl, count);
  143. PySSL_END_ALLOW_THREADS
  144. self->err = err;
  145. @@ -2532,8 +2540,8 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len,
  146. } while (err.ssl == SSL_ERROR_WANT_READ ||
  147. err.ssl == SSL_ERROR_WANT_WRITE);
  148. - if (retval == 0) {
  149. - PySSL_SetError(self, retval, __FILE__, __LINE__);
  150. + if (count <= 0) {
  151. + PySSL_SetError(self, count, __FILE__, __LINE__);
  152. goto error;
  153. }
  154. if (self->exc_type != NULL)
  155. @@ -2546,7 +2554,7 @@ _ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len,
  156. return dest;
  157. }
  158. else {
  159. - return PyLong_FromSize_t(count);
  160. + return PyLong_FromLong(count);
  161. }
  162. error:
  163. @@ -3062,8 +3070,10 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
  164. self->hostflags = X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
  165. self->protocol = proto_version;
  166. self->msg_cb = NULL;
  167. +#ifndef LIBRESSL_VERSION_NUMBER
  168. self->keylog_filename = NULL;
  169. self->keylog_bio = NULL;
  170. +#endif
  171. self->alpn_protocols = NULL;
  172. self->set_sni_cb = NULL;
  173. self->state = get_ssl_state(module);
  174. @@ -3187,6 +3197,7 @@ context_clear(PySSLContext *self)
  175. {
  176. Py_CLEAR(self->set_sni_cb);
  177. Py_CLEAR(self->msg_cb);
  178. +#ifndef LIBRESSL_VERSION_NUMBER
  179. Py_CLEAR(self->keylog_filename);
  180. if (self->keylog_bio != NULL) {
  181. PySSL_BEGIN_ALLOW_THREADS
  182. @@ -3194,6 +3205,7 @@ context_clear(PySSLContext *self)
  183. PySSL_END_ALLOW_THREADS
  184. self->keylog_bio = NULL;
  185. }
  186. +#endif
  187. return 0;
  188. }
  189. @@ -3535,7 +3547,7 @@ set_maximum_version(PySSLContext *self, PyObject *arg, void *c)
  190. return set_min_max_proto_version(self, arg, 1);
  191. }
  192. -#ifdef TLS1_3_VERSION
  193. +#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
  194. static PyObject *
  195. get_num_tickets(PySSLContext *self, void *c)
  196. {
  197. @@ -3568,12 +3580,14 @@ PyDoc_STRVAR(PySSLContext_num_tickets_doc,
  198. "Control the number of TLSv1.3 session tickets");
  199. #endif /* TLS1_3_VERSION */
  200. +#ifndef LIBRESSL_VERSION_NUMBER
  201. static PyObject *
  202. get_security_level(PySSLContext *self, void *c)
  203. {
  204. return PyLong_FromLong(SSL_CTX_get_security_level(self->ctx));
  205. }
  206. PyDoc_STRVAR(PySSLContext_security_level_doc, "The current security level");
  207. +#endif
  208. static PyObject *
  209. get_options(PySSLContext *self, void *c)
  210. @@ -4603,13 +4617,15 @@ static PyGetSetDef context_getsetlist[] = {
  211. (setter) set_minimum_version, NULL},
  212. {"maximum_version", (getter) get_maximum_version,
  213. (setter) set_maximum_version, NULL},
  214. +#ifndef LIBRESSL_VERSION_NUMBER
  215. {"keylog_filename", (getter) _PySSLContext_get_keylog_filename,
  216. (setter) _PySSLContext_set_keylog_filename, NULL},
  217. +#endif
  218. {"_msg_callback", (getter) _PySSLContext_get_msg_callback,
  219. (setter) _PySSLContext_set_msg_callback, NULL},
  220. {"sni_callback", (getter) get_sni_callback,
  221. (setter) set_sni_callback, PySSLContext_sni_callback_doc},
  222. -#ifdef TLS1_3_VERSION
  223. +#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER)
  224. {"num_tickets", (getter) get_num_tickets,
  225. (setter) set_num_tickets, PySSLContext_num_tickets_doc},
  226. #endif
  227. @@ -4628,8 +4644,10 @@ static PyGetSetDef context_getsetlist[] = {
  228. (setter) set_verify_flags, NULL},
  229. {"verify_mode", (getter) get_verify_mode,
  230. (setter) set_verify_mode, NULL},
  231. +#ifndef LIBRESSL_VERSION_NUMBER
  232. {"security_level", (getter) get_security_level,
  233. NULL, PySSLContext_security_level_doc},
  234. +#endif
  235. {NULL}, /* sentinel */
  236. };
  237. diff --git a/Modules/_ssl/debughelpers.c b/Modules/_ssl/debughelpers.c
  238. index 03c125eb44..d992c5bc02 100644
  239. --- a/Modules/_ssl/debughelpers.c
  240. +++ b/Modules/_ssl/debughelpers.c
  241. @@ -114,6 +114,8 @@ _PySSLContext_set_msg_callback(PySSLContext *self, PyObject *arg, void *c) {
  242. return 0;
  243. }
  244. +#ifndef LIBRESSL_VERSION_NUMBER
  245. +
  246. static void
  247. _PySSL_keylog_callback(const SSL *ssl, const char *line)
  248. {
  249. @@ -217,3 +219,5 @@ _PySSLContext_set_keylog_filename(PySSLContext *self, PyObject *arg, void *c) {
  250. SSL_CTX_set_keylog_callback(self->ctx, _PySSL_keylog_callback);
  251. return 0;
  252. }
  253. +
  254. +#endif
  255. diff --git a/Modules/clinic/_hashopenssl.c.h b/Modules/clinic/_hashopenssl.c.h
  256. index de01489e6a..c686eddea8 100644
  257. --- a/Modules/clinic/_hashopenssl.c.h
  258. +++ b/Modules/clinic/_hashopenssl.c.h
  259. @@ -1275,6 +1275,8 @@ _hashlib_HMAC_hexdigest(HMACobject *self, PyObject *Py_UNUSED(ignored))
  260. return _hashlib_HMAC_hexdigest_impl(self);
  261. }
  262. +#if !defined(LIBRESSL_VERSION_NUMBER)
  263. +
  264. PyDoc_STRVAR(_hashlib_get_fips_mode__doc__,
  265. "get_fips_mode($module, /)\n"
  266. "--\n"
  267. @@ -1310,6 +1312,8 @@ _hashlib_get_fips_mode(PyObject *module, PyObject *Py_UNUSED(ignored))
  268. return return_value;
  269. }
  270. +#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
  271. +
  272. PyDoc_STRVAR(_hashlib_compare_digest__doc__,
  273. "compare_digest($module, a, b, /)\n"
  274. "--\n"
  275. @@ -1385,4 +1389,8 @@ _hashlib_compare_digest(PyObject *module, PyObject *const *args, Py_ssize_t narg
  276. #ifndef _HASHLIB_SCRYPT_METHODDEF
  277. #define _HASHLIB_SCRYPT_METHODDEF
  278. #endif /* !defined(_HASHLIB_SCRYPT_METHODDEF) */
  279. -/*[clinic end generated code: output=162369cb9d43f1cc input=a9049054013a1b77]*/
  280. +
  281. +#ifndef _HASHLIB_GET_FIPS_MODE_METHODDEF
  282. + #define _HASHLIB_GET_FIPS_MODE_METHODDEF
  283. +#endif /* !defined(_HASHLIB_GET_FIPS_MODE_METHODDEF) */
  284. +/*[clinic end generated code: output=a110f274fb33395d input=a9049054013a1b77]*/
  285. diff --git a/Modules/clinic/_ssl.c.h b/Modules/clinic/_ssl.c.h
  286. index b59b129af8..f6bcd09e03 100644
  287. --- a/Modules/clinic/_ssl.c.h
  288. +++ b/Modules/clinic/_ssl.c.h
  289. @@ -88,6 +88,8 @@ _ssl__SSLSocket_getpeercert(PySSLSocket *self, PyObject *const *args, Py_ssize_t
  290. return return_value;
  291. }
  292. +#if !defined(LIBRESSL_VERSION_NUMBER)
  293. +
  294. PyDoc_STRVAR(_ssl__SSLSocket_get_verified_chain__doc__,
  295. "get_verified_chain($self, /)\n"
  296. "--\n"
  297. @@ -105,6 +107,10 @@ _ssl__SSLSocket_get_verified_chain(PySSLSocket *self, PyObject *Py_UNUSED(ignore
  298. return _ssl__SSLSocket_get_verified_chain_impl(self);
  299. }
  300. +#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
  301. +
  302. +#if !defined(LIBRESSL_VERSION_NUMBER)
  303. +
  304. PyDoc_STRVAR(_ssl__SSLSocket_get_unverified_chain__doc__,
  305. "get_unverified_chain($self, /)\n"
  306. "--\n"
  307. @@ -122,6 +128,8 @@ _ssl__SSLSocket_get_unverified_chain(PySSLSocket *self, PyObject *Py_UNUSED(igno
  308. return _ssl__SSLSocket_get_unverified_chain_impl(self);
  309. }
  310. +#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
  311. +
  312. PyDoc_STRVAR(_ssl__SSLSocket_shared_ciphers__doc__,
  313. "shared_ciphers($self, /)\n"
  314. "--\n"
  315. @@ -271,25 +279,25 @@ PyDoc_STRVAR(_ssl__SSLSocket_read__doc__,
  316. {"read", (PyCFunction)_ssl__SSLSocket_read, METH_VARARGS, _ssl__SSLSocket_read__doc__},
  317. static PyObject *
  318. -_ssl__SSLSocket_read_impl(PySSLSocket *self, Py_ssize_t len,
  319. - int group_right_1, Py_buffer *buffer);
  320. +_ssl__SSLSocket_read_impl(PySSLSocket *self, int len, int group_right_1,
  321. + Py_buffer *buffer);
  322. static PyObject *
  323. _ssl__SSLSocket_read(PySSLSocket *self, PyObject *args)
  324. {
  325. PyObject *return_value = NULL;
  326. - Py_ssize_t len;
  327. + int len;
  328. int group_right_1 = 0;
  329. Py_buffer buffer = {NULL, NULL};
  330. switch (PyTuple_GET_SIZE(args)) {
  331. case 1:
  332. - if (!PyArg_ParseTuple(args, "n:read", &len)) {
  333. + if (!PyArg_ParseTuple(args, "i:read", &len)) {
  334. goto exit;
  335. }
  336. break;
  337. case 2:
  338. - if (!PyArg_ParseTuple(args, "nw*:read", &len, &buffer)) {
  339. + if (!PyArg_ParseTuple(args, "iw*:read", &len, &buffer)) {
  340. goto exit;
  341. }
  342. group_right_1 = 1;
  343. @@ -1351,6 +1359,14 @@ _ssl_enum_crls(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
  344. #endif /* defined(_MSC_VER) */
  345. +#ifndef _SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF
  346. + #define _SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF
  347. +#endif /* !defined(_SSL__SSLSOCKET_GET_VERIFIED_CHAIN_METHODDEF) */
  348. +
  349. +#ifndef _SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF
  350. + #define _SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF
  351. +#endif /* !defined(_SSL__SSLSOCKET_GET_UNVERIFIED_CHAIN_METHODDEF) */
  352. +
  353. #ifndef _SSL_ENUM_CERTIFICATES_METHODDEF
  354. #define _SSL_ENUM_CERTIFICATES_METHODDEF
  355. #endif /* !defined(_SSL_ENUM_CERTIFICATES_METHODDEF) */
  356. @@ -1358,4 +1374,4 @@ _ssl_enum_crls(PyObject *module, PyObject *const *args, Py_ssize_t nargs, PyObje
  357. #ifndef _SSL_ENUM_CRLS_METHODDEF
  358. #define _SSL_ENUM_CRLS_METHODDEF
  359. #endif /* !defined(_SSL_ENUM_CRLS_METHODDEF) */
  360. -/*[clinic end generated code: output=5a7d7bf5cf8ee092 input=a9049054013a1b77]*/
  361. +/*[clinic end generated code: output=0e12e5e4ee2221b5 input=a9049054013a1b77]*/
  362. --
  363. 2.32.0