From d2e85573d6bcdd23a9c719dacf182165bafa22c9 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Thu, 24 Jan 2019 10:48:19 -0500
Subject: Run wycheproof RSA tests on LibreSSL>=2.8 (#4737)

* Run wycheproof RSA tests on LibreSSL>=2.8

* Define it this way

* These are errors on libressl
---
 src/_cffi_src/openssl/cryptography.py | 11 ++++++++++-
 tests/wycheproof/test_rsa.py          | 12 ++++++------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index e16fc57d..23ce87cf 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -33,8 +33,15 @@ INCLUDES = """
 #include <Winsock2.h>
 #endif
 
+#if CRYPTOGRAPHY_IS_LIBRESSL
 #define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER \
-    (CRYPTOGRAPHY_IS_LIBRESSL && LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
+    (LIBRESSL_VERSION_NUMBER >= 0x2070000f)
+#define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \
+    (LIBRESSL_VERSION_NUMBER >= 0x2080000f)
+#else
+#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER (0)
+#define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0)
+#endif
 
 #define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
     (OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL)
@@ -67,6 +74,8 @@ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102;
 static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111;
 
 static const int CRYPTOGRAPHY_IS_LIBRESSL;
+
+static const int CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER;
 """
 
 FUNCTIONS = """
diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py
index 3d35f42d..112805b4 100644
--- a/tests/wycheproof/test_rsa.py
+++ b/tests/wycheproof/test_rsa.py
@@ -29,8 +29,10 @@ def should_verify(backend, wycheproof):
 
     if wycheproof.acceptable:
         if (
-            backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and
-            wycheproof.has_flag("MissingNull")
+            (
+                backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER or
+                backend._lib.CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER
+            ) and wycheproof.has_flag("MissingNull")
         ):
             return False
         return True
@@ -41,10 +43,8 @@ def should_verify(backend, wycheproof):
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.supported(
     only_if=lambda backend: (
-        # TODO: this also skips on LibreSSL, which is ok for now, since these
-        # don't pass on Libre, but we'll need to fix this when LibreSSL 2.8 is
-        # released.
-        not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+        not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
+        backend._lib.CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER
     ),
     skip_message=(
         "Many of these tests fail on OpenSSL < 1.0.2 and since upstream isn't"
-- 
cgit v1.2.3