net-libs/wvstreams: drop obsolete LibreSSL patch(es)
Package-Manager: Portage-3.0.18-prefix, Repoman-3.0.3 Signed-off-by: Sam James <sam@gentoo.org>
This commit is contained in:
parent
9cab1d5d9b
commit
949dc3a476
|
@ -1,114 +0,0 @@
|
|||
From cb8a81da928054c2e8174d671f2abc88f4f35b87 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Strogin <steils@gentoo.org>
|
||||
Date: Mon, 10 Jun 2019 17:07:06 +0300
|
||||
Subject: [PATCH] Fix LibreSSL support
|
||||
|
||||
---
|
||||
crypto/wvocsp.cc | 34 ++++++++++++++++++++++++++++++++++
|
||||
crypto/wvx509mgr.cc | 14 ++++++++++++++
|
||||
include/wvdigest.h | 1 +
|
||||
3 files changed, 49 insertions(+)
|
||||
|
||||
diff --git a/crypto/wvocsp.cc b/crypto/wvocsp.cc
|
||||
index 7d5da072..7a157f90 100644
|
||||
--- a/crypto/wvocsp.cc
|
||||
+++ b/crypto/wvocsp.cc
|
||||
@@ -130,6 +130,7 @@ bool WvOCSPResp::signedbycert(const WvX509 &cert) const
|
||||
}
|
||||
|
||||
|
||||
+#ifndef LIBRESSL_VERSION_NUMBER
|
||||
WvX509 WvOCSPResp::get_signing_cert() const
|
||||
{
|
||||
const STACK_OF(X509) *certs = OCSP_resp_get0_certs(bs);
|
||||
@@ -143,6 +144,39 @@ WvX509 WvOCSPResp::get_signing_cert() const
|
||||
|
||||
return WvX509();
|
||||
}
|
||||
+#else
|
||||
+WvX509 WvOCSPResp::get_signing_cert() const
|
||||
+{
|
||||
+ if (!bs || !sk_X509_num(bs->certs))
|
||||
+ return WvX509();
|
||||
+
|
||||
+ // note: the following bit of code is taken almost verbatim from
|
||||
+ // ocsp_vfy.c in OpenSSL 0.9.8. Copyright and attribution should
|
||||
+ // properly belong to them
|
||||
+
|
||||
+ OCSP_RESPID *id = bs->tbsResponseData->responderId;
|
||||
+
|
||||
+ if (id->type == V_OCSP_RESPID_NAME)
|
||||
+ {
|
||||
+ X509 *x = X509_find_by_subject(bs->certs, id->value.byName);
|
||||
+ if (x)
|
||||
+ return WvX509(X509_dup(x));
|
||||
+ }
|
||||
+
|
||||
+ if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
|
||||
+ unsigned char tmphash[SHA_DIGEST_LENGTH];
|
||||
+ unsigned char *keyhash = id->value.byKey->data;
|
||||
+ for (int i = 0; i < sk_X509_num(bs->certs); i++)
|
||||
+ {
|
||||
+ X509 *x = sk_X509_value(bs->certs, i);
|
||||
+ X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
|
||||
+ if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
|
||||
+ return WvX509(X509_dup(x));
|
||||
+ }
|
||||
+
|
||||
+ return WvX509();
|
||||
+}
|
||||
+#endif /* LIBRESSL_VERSION_NUMBER */
|
||||
|
||||
|
||||
WvOCSPResp::Status WvOCSPResp::get_status(const WvX509 &cert,
|
||||
diff --git a/crypto/wvx509mgr.cc b/crypto/wvx509mgr.cc
|
||||
index 156d3a49..e2bb3ffe 100644
|
||||
--- a/crypto/wvx509mgr.cc
|
||||
+++ b/crypto/wvx509mgr.cc
|
||||
@@ -350,8 +350,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const
|
||||
return false;
|
||||
}
|
||||
|
||||
+#ifndef LIBRESSL_VERSION_NUMBER
|
||||
uint32_t ex_flags = X509_get_extension_flags(cert);
|
||||
uint32_t ex_kusage = X509_get_key_usage(cert);
|
||||
+#else
|
||||
+ X509_check_purpose(cert, -1, -1);
|
||||
+ uint32_t ex_flags = cert->ex_flags;
|
||||
+ uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ?
|
||||
+ cert->ex_kusage : UINT32_MAX;
|
||||
+#endif
|
||||
if (cert == unsignedcert.cert)
|
||||
{
|
||||
debug("Self Signing!\n");
|
||||
@@ -392,8 +399,15 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const
|
||||
|
||||
bool WvX509Mgr::signcrl(WvCRL &crl) const
|
||||
{
|
||||
+#ifndef LIBRESSL_VERSION_NUMBER
|
||||
uint32_t ex_flags = X509_get_extension_flags(cert);
|
||||
uint32_t ex_kusage = X509_get_key_usage(cert);
|
||||
+#else
|
||||
+ X509_check_purpose(cert, -1, -1);
|
||||
+ uint32_t ex_flags = cert->ex_flags;
|
||||
+ uint32_t ex_kusage = (cert->ex_flags & EXFLAG_KUSAGE) ?
|
||||
+ cert->ex_kusage : UINT32_MAX;
|
||||
+#endif
|
||||
if (!isok() || !crl.isok())
|
||||
{
|
||||
debug(WvLog::Warning, "Asked to sign CRL, but certificate or CRL (or "
|
||||
diff --git a/include/wvdigest.h b/include/wvdigest.h
|
||||
index f2eed401..e637fb49 100644
|
||||
--- a/include/wvdigest.h
|
||||
+++ b/include/wvdigest.h
|
||||
@@ -10,6 +10,7 @@
|
||||
#include "wvencoder.h"
|
||||
#include <stdint.h>
|
||||
#include <openssl/evp.h>
|
||||
+#include <openssl/hmac.h>
|
||||
|
||||
|
||||
/**
|
||||
--
|
||||
2.21.0
|
||||
|
Loading…
Reference in New Issue