diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-03-26 11:07:31 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-03-26 11:07:31 -0400 |
| commit | 8d85b9564284a66aa28a0cbb759090b777698e43 (patch) | |
| tree | 150f2e89467805934f9a0915fe11896b8dfd510c | |
| parent | 9ef1d6fe96b897207739cd75ff283a0f061fd5a0 (diff) | |
| download | cryptography-8d85b9564284a66aa28a0cbb759090b777698e43.tar.gz cryptography-8d85b9564284a66aa28a0cbb759090b777698e43.tar.bz2 cryptography-8d85b9564284a66aa28a0cbb759090b777698e43.zip | |
Attempt to simplify the libressl checing (#3482)
* Attempt to simplify the libressl checing
* SHENANGINS
* Attempted fix
* More simplification
| -rw-r--r-- | src/_cffi_src/openssl/bio.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/crypto.py | 4 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/cryptography.py | 36 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ct.py | 4 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/dh.py | 4 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/dsa.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ec.py | 4 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/engine.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/evp.py | 7 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/hmac.py | 4 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/rand.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/rsa.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 14 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509.py | 6 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509_vfy.py | 19 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509name.py | 2 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 5 | ||||
| -rw-r--r-- | tests/hazmat/bindings/test_openssl.py | 10 |
18 files changed, 57 insertions, 72 deletions
diff --git a/src/_cffi_src/openssl/bio.py b/src/_cffi_src/openssl/bio.py index a134d9b6..72a513e6 100644 --- a/src/_cffi_src/openssl/bio.py +++ b/src/_cffi_src/openssl/bio.py @@ -138,7 +138,7 @@ void BIO_clear_retry_flags(BIO *); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 int BIO_up_ref(BIO *b) { CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); return 1; diff --git a/src/_cffi_src/openssl/crypto.py b/src/_cffi_src/openssl/crypto.py index 906dcacd..64c0aa4d 100644 --- a/src/_cffi_src/openssl/crypto.py +++ b/src/_cffi_src/openssl/crypto.py @@ -95,7 +95,7 @@ CUSTOMIZATIONS = """ # define OPENSSL_PLATFORM SSLEAY_PLATFORM # define OPENSSL_DIR SSLEAY_DIR #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 static const long Cryptography_HAS_LOCKING_CALLBACKS = 1; #else static const long Cryptography_HAS_LOCKING_CALLBACKS = 0; @@ -114,7 +114,7 @@ static const long CRYPTO_LOCK_SSL = 0; void (*CRYPTO_lock)(int, int, const char *, int) = NULL; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 /* This function has a significantly different signature pre-1.1.0. since it is * for testing only, we don't bother to expose it on older OpenSSLs. */ diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index 1ce9d0f4..8372055b 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -6,44 +6,44 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ #include <openssl/opensslv.h> + + +#if defined(LIBRESSL_VERSION_NUMBER) +#define CRYPTOGRAPHY_IS_LIBRESSL 1 +#else +#define CRYPTOGRAPHY_IS_LIBRESSL 0 +#endif + /* LibreSSL removed e_os2.h from the public headers so we'll only include it if we're using vanilla OpenSSL. */ -#if !defined(LIBRESSL_VERSION_NUMBER) +#if !CRYPTOGRAPHY_IS_LIBRESSL #include <openssl/e_os2.h> #endif #if defined(_WIN32) #include <windows.h> #endif -#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x10002000) #define CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x10002002) + (OPENSSL_VERSION_NUMBER >= 0x10002002 && !CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \ - (OPENSSL_VERSION_NUMBER >= 0x10100000) + (OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \ - (OPENSSL_VERSION_NUMBER < 0x10002000) + (OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102BETA3 \ - (OPENSSL_VERSION_NUMBER < 0x10002003) + (OPENSSL_VERSION_NUMBER < 0x10002003 || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I \ - (OPENSSL_VERSION_NUMBER < 0x1000209fL) + (OPENSSL_VERSION_NUMBER < 0x1000209f || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 \ - (OPENSSL_VERSION_NUMBER < 0x10100000) + (OPENSSL_VERSION_NUMBER < 0x10100000 || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE4 \ - (OPENSSL_VERSION_NUMBER < 0x10100004) + (OPENSSL_VERSION_NUMBER < 0x10100004 || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 \ - (OPENSSL_VERSION_NUMBER < 0x10100005) + (OPENSSL_VERSION_NUMBER < 0x10100005 || CRYPTOGRAPHY_IS_LIBRESSL) #define CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 \ - (OPENSSL_VERSION_NUMBER < 0x10100006) - -#if defined(LIBRESSL_VERSION_NUMBER) -#define CRYPTOGRAPHY_IS_LIBRESSL 1 -#else -#define CRYPTOGRAPHY_IS_LIBRESSL 0 -#endif + (OPENSSL_VERSION_NUMBER < 0x10100006 || CRYPTOGRAPHY_IS_LIBRESSL) """ TYPES = """ diff --git a/src/_cffi_src/openssl/ct.py b/src/_cffi_src/openssl/ct.py index 1ea31386..cdbaac03 100644 --- a/src/_cffi_src/openssl/ct.py +++ b/src/_cffi_src/openssl/ct.py @@ -5,7 +5,7 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ -#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER #include <openssl/ct.h> typedef STACK_OF(SCT) Cryptography_STACK_OF_SCT; @@ -47,7 +47,7 @@ SCT *sk_SCT_value(const Cryptography_STACK_OF_SCT *, int); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER static const long Cryptography_HAS_SCT = 1; #else static const long Cryptography_HAS_SCT = 0; diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py index 7e8a9704..922f5e9f 100644 --- a/src/_cffi_src/openssl/dh.py +++ b/src/_cffi_src/openssl/dh.py @@ -45,7 +45,7 @@ int i2d_DHparams_bio(BIO *, DH *); CUSTOMIZATIONS = """ /* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { @@ -116,7 +116,7 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) } #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 #ifndef DH_CHECK_Q_NOT_PRIME #define DH_CHECK_Q_NOT_PRIME 0x10 #endif diff --git a/src/_cffi_src/openssl/dsa.py b/src/_cffi_src/openssl/dsa.py index 5970e2fd..05282c0e 100644 --- a/src/_cffi_src/openssl/dsa.py +++ b/src/_cffi_src/openssl/dsa.py @@ -38,7 +38,7 @@ int DSA_generate_parameters_ex(DSA *, int, unsigned char *, int, CUSTOMIZATIONS = """ /* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { diff --git a/src/_cffi_src/openssl/ec.py b/src/_cffi_src/openssl/ec.py index 206ab6a7..c9598b56 100644 --- a/src/_cffi_src/openssl/ec.py +++ b/src/_cffi_src/openssl/ec.py @@ -208,8 +208,8 @@ EC_GROUP *(*EC_GROUP_new_curve_GF2m)( static const long Cryptography_HAS_EC2M = 1; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || defined(LIBRESSL_VERSION_NUMBER) && \ - LIBRESSL_VERSION_NUMBER < 0x20020002L +#if (!CRYPTOGRAPHY_IS_LIBRESSL && CRYPTOGRAPHY_OPENSSL_LESS_THAN_102) || \ + (CRYPTOGRAPHY_IS_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x20020002L) static const long Cryptography_HAS_EC_1_0_2 = 0; const char *(*EC_curve_nid2nist)(int) = NULL; #else diff --git a/src/_cffi_src/openssl/engine.py b/src/_cffi_src/openssl/engine.py index 8547768f..02216f4e 100644 --- a/src/_cffi_src/openssl/engine.py +++ b/src/_cffi_src/openssl/engine.py @@ -137,7 +137,7 @@ void ENGINE_load_cryptodev(void); """ CUSTOMIZATIONS = """ -#if defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_ENGINE_CRYPTODEV = 0; void (*ENGINE_load_cryptodev)(void) = NULL; #else diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py index 526e419c..127dacf7 100644 --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py @@ -190,21 +190,20 @@ int Cryptography_EVP_PKEY_id(const EVP_PKEY *key) { } EVP_MD_CTX *Cryptography_EVP_MD_CTX_new(void) { -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 return EVP_MD_CTX_create(); #else return EVP_MD_CTX_new(); #endif } void Cryptography_EVP_MD_CTX_free(EVP_MD_CTX *ctx) { -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 EVP_MD_CTX_destroy(ctx); #else EVP_MD_CTX_free(ctx); #endif } -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) \ - || defined(OPENSSL_NO_SCRYPT) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(OPENSSL_NO_SCRYPT) static const long Cryptography_HAS_SCRYPT = 0; int (*EVP_PBE_scrypt)(const char *, size_t, const unsigned char *, size_t, uint64_t, uint64_t, uint64_t, uint64_t, unsigned char *, diff --git a/src/_cffi_src/openssl/hmac.py b/src/_cffi_src/openssl/hmac.py index daedd328..f15f4dd3 100644 --- a/src/_cffi_src/openssl/hmac.py +++ b/src/_cffi_src/openssl/hmac.py @@ -27,7 +27,7 @@ MACROS = """ CUSTOMIZATIONS = """ HMAC_CTX *Cryptography_HMAC_CTX_new(void) { -#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER return HMAC_CTX_new(); #else /* This uses OPENSSL_zalloc in 1.1.0, which is malloc + memset */ @@ -39,7 +39,7 @@ HMAC_CTX *Cryptography_HMAC_CTX_new(void) { void Cryptography_HMAC_CTX_free(HMAC_CTX *ctx) { -#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER return HMAC_CTX_free(ctx); #else if (ctx != NULL) { diff --git a/src/_cffi_src/openssl/rand.py b/src/_cffi_src/openssl/rand.py index 5f24a8d0..a294e961 100644 --- a/src/_cffi_src/openssl/rand.py +++ b/src/_cffi_src/openssl/rand.py @@ -38,7 +38,7 @@ int RAND_query_egd_bytes(const char *, unsigned char *, int); """ CUSTOMIZATIONS = """ -#if defined(LIBRESSL_VERSION_NUMBER) || CRYPTOGRAPHY_OPENSSL_110_OR_GREATER +#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_OPENSSL_110_OR_GREATER static const long Cryptography_HAS_EGD = 0; int (*RAND_egd)(const char *) = NULL; int (*RAND_egd_bytes)(const char *, int) = NULL; diff --git a/src/_cffi_src/openssl/rsa.py b/src/_cffi_src/openssl/rsa.py index e9074905..ed826ec6 100644 --- a/src/_cffi_src/openssl/rsa.py +++ b/src/_cffi_src/openssl/rsa.py @@ -80,7 +80,7 @@ int (*EVP_PKEY_CTX_set_rsa_oaep_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL; #endif /* These functions were added in OpenSSL 1.1.0-pre5 (beta2) */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { /* If the fields n and e in r are NULL, the corresponding input diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 7f932e2a..48a8278c 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -439,7 +439,7 @@ long DTLSv1_handle_timeout(SSL *); CUSTOMIZATIONS = """ /* Added in 1.0.2 but we need it in all versions now due to the great opaquing. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 /* from ssl/ssl_lib.c */ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) { return ctx->method; @@ -448,7 +448,7 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) { /* Added in 1.1.0 in the great opaquing, but we need to define it for older OpenSSLs. Such is our burden. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 /* from ssl/ssl_lib.c */ size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) { @@ -519,7 +519,7 @@ static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; static const long Cryptography_HAS_NEXTPROTONEG = 1; /* ALPN was added in OpenSSL 1.0.2. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL int (*SSL_CTX_set_alpn_protos)(SSL_CTX *, const unsigned char *, unsigned) = NULL; @@ -541,7 +541,7 @@ static const long Cryptography_HAS_ALPN = 1; #endif /* SSL_CTX_set_cert_cb was added in OpenSSL 1.0.2. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; static const long Cryptography_HAS_SET_CERT_CB = 0; @@ -553,7 +553,7 @@ static const long Cryptography_HAS_SET_CERT_CB = 1; /* In OpenSSL 1.0.2i+ the handling of COMP_METHOD when OPENSSL_NO_COMP was changed and we no longer need to typedef void */ #if (defined(OPENSSL_NO_COMP) && CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I) || \ - defined(LIBRESSL_VERSION_NUMBER) + CRYPTOGRAPHY_IS_LIBRESSL static const long Cryptography_HAS_COMPRESSION = 0; typedef void COMP_METHOD; #else @@ -573,7 +573,7 @@ static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS = 1; /* in OpenSSL 1.1.0 the SSL_ST values were renamed to TLS_ST and several were removed */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 static const long Cryptography_HAS_SSL_ST = 1; #else static const long Cryptography_HAS_SSL_ST = 0; @@ -582,7 +582,7 @@ static const long SSL_ST_OK = 0; static const long SSL_ST_INIT = 0; static const long SSL_ST_RENEGOTIATE = 0; #endif -#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER static const long Cryptography_HAS_TLS_ST = 1; #else static const long Cryptography_HAS_TLS_ST = 0; diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index bb981060..98b5b8e2 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -341,7 +341,7 @@ void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, CUSTOMIZATIONS = """ /* Added in 1.0.2 beta but we need it in all versions now due to the great opaquing. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 /* from x509/x_x509.c version 1.0.2 */ void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) @@ -361,7 +361,7 @@ int X509_get_signature_nid(const X509 *x) /* Added in 1.0.2beta3 but we need it in all versions now due to the great opaquing. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102BETA3 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102BETA3 /* from x509/x_x509.c */ int i2d_re_X509_tbs(X509 *x, unsigned char **pp) { @@ -383,7 +383,7 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) { /* Added in 1.1.0 but we need it in all versions now due to the great opaquing. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) { diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py index 4a4b13a1..72691977 100644 --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -212,12 +212,14 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *); """ CUSTOMIZATIONS = """ -/* OpenSSL 1.0.2beta2+ verification error codes */ -#if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER && \ - !defined(LIBRESSL_VERSION_NUMBER) +/* OpenSSL 1.0.2beta2+ verification parameters and error codes */ +#if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1; +static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; +static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; + static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; @@ -227,14 +229,7 @@ static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; static const long X509_V_ERR_HOSTNAME_MISMATCH = 0; static const long X509_V_ERR_EMAIL_MISMATCH = 0; static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; -#endif -/* OpenSSL 1.0.2beta2+ verification parameters */ -#if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER && \ - !defined(LIBRESSL_VERSION_NUMBER) -static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; -#else -static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; /* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately below because it shows up in some earlier 3rd party OpenSSL packages. */ static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; @@ -268,7 +263,7 @@ static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0; static const long X509_V_FLAG_TRUSTED_FIRST = 0; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE6 Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) { return ctx->objs; } @@ -280,7 +275,7 @@ int X509_OBJECT_get_type(const X509_OBJECT *x) { } #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 || defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110PRE5 /* from x509/x509_vfy.c */ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) { diff --git a/src/_cffi_src/openssl/x509name.py b/src/_cffi_src/openssl/x509name.py index 0554a024..ea1ccf6e 100644 --- a/src/_cffi_src/openssl/x509name.py +++ b/src/_cffi_src/openssl/x509name.py @@ -77,7 +77,7 @@ Cryptography_STACK_OF_X509_NAME_ENTRY *sk_X509_NAME_ENTRY_dup( """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER) +#if CRYPTOGRAPHY_OPENSSL_110_OR_GREATER int Cryptography_X509_NAME_ENTRY_set(X509_NAME_ENTRY *ne) { return X509_NAME_ENTRY_set(ne); } diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index f6b57964..20c073a4 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -576,10 +576,7 @@ class TestGOSTCertificate(object): x509.load_der_x509_certificate, backend ) - if ( - backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I or - backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - ): + if backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I: with pytest.raises(ValueError) as exc: cert.subject diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 449e581e..9b0da67c 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -21,10 +21,7 @@ class TestOpenSSL(object): def test_crypto_lock_init(self): b = Binding() - if ( - b.lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and - not b.lib.CRYPTOGRAPHY_IS_LIBRESSL - ): + if b.lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER: pytest.skip("Requires an older OpenSSL. Must be < 1.1.0") b.init_static_locks() @@ -79,10 +76,7 @@ class TestOpenSSL(object): def test_conditional_removal(self): b = Binding() - if ( - b.lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and - not b.lib.CRYPTOGRAPHY_IS_LIBRESSL - ): + if b.lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER: assert b.lib.TLS_ST_OK else: with pytest.raises(AttributeError): |