Merge remote-tracking branch 'origin/master' into some-typedef-fixes

9 files changed, 70 insertions, 18 deletions

diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 912476bb..9a570968 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -60,6 +60,13 @@ class HashBackend(six.with_metaclass(abc.ABCMeta)):
 
 class HMACBackend(six.with_metaclass(abc.ABCMeta)):
     @abc.abstractmethod
+    def hmac_supported(self, algorithm):
+        """
+        Return True if the hash algorithm is supported for HMAC by this
+        backend.
+        """
+
+    @abc.abstractmethod
     def create_hmac_ctx(self, key, algorithm):
         """
         Create a HashContext for calculating a message authentication code.
diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py
index 385c5e8c..e285954a 100644
--- a/cryptography/hazmat/backends/openssl/asn1.py
+++ b/cryptography/hazmat/backends/openssl/asn1.py
@@ -109,7 +109,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long,
 
 MACROS = """
 ASN1_TIME *M_ASN1_TIME_dup(void *);
-ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
+ASN1_ITEM_EXP *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
 
 /* These aren't macros these arguments are all const X on openssl > 1.0.x */
 
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index f11ddf22..7b67fb0b 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -184,6 +184,9 @@ class Backend(object):
         digest = self.lib.EVP_get_digestbyname(algorithm.name.encode("ascii"))
         return digest != self.ffi.NULL
 
+    def hmac_supported(self, algorithm):
+        return self.hash_supported(algorithm)
+
     def create_hash_ctx(self, algorithm):
         return _HashContext(self, algorithm)
 
diff --git a/cryptography/hazmat/backends/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py
index 8d88c16e..71d32c52 100644
--- a/cryptography/hazmat/backends/openssl/crypto.py
+++ b/cryptography/hazmat/backends/openssl/crypto.py
@@ -16,6 +16,11 @@ INCLUDES = """
 """
 
 TYPES = """
+static const int SSLEAY_VERSION;
+static const int SSLEAY_CFLAGS;
+static const int SSLEAY_PLATFORM;
+static const int SSLEAY_DIR;
+static const int SSLEAY_BUILT_ON;
 """
 
 FUNCTIONS = """
@@ -32,6 +37,7 @@ MACROS = """
 void CRYPTO_add(int *, int, int);
 void CRYPTO_malloc_init();
 void CRYPTO_malloc_debug_init();
+
 #define CRYPTO_MEM_CHECK_ON ...
 #define CRYPTO_MEM_CHECK_OFF ...
 #define CRYPTO_MEM_CHECK_ENABLE ...
diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py
index 8cf96b2d..0662b1ef 100644
--- a/cryptography/hazmat/backends/openssl/evp.py
+++ b/cryptography/hazmat/backends/openssl/evp.py
@@ -103,12 +103,12 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *);
 
 CUSTOMIZATIONS = """
 #ifdef EVP_CTRL_GCM_SET_TAG
-const int Cryptography_HAS_GCM = 1;
+const long Cryptography_HAS_GCM = 1;
 #else
-const int Cryptography_HAS_GCM = 0;
-const int EVP_CTRL_GCM_GET_TAG = -1;
-const int EVP_CTRL_GCM_SET_TAG = -1;
-const int EVP_CTRL_GCM_SET_IVLEN = -1;
+const long Cryptography_HAS_GCM = 0;
+const long EVP_CTRL_GCM_GET_TAG = -1;
+const long EVP_CTRL_GCM_SET_TAG = -1;
+const long EVP_CTRL_GCM_SET_IVLEN = -1;
 #endif
 """
 
diff --git a/cryptography/hazmat/backends/openssl/opensslv.py b/cryptography/hazmat/backends/openssl/opensslv.py
index 37bbd2a7..4e110327 100644
--- a/cryptography/hazmat/backends/openssl/opensslv.py
+++ b/cryptography/hazmat/backends/openssl/opensslv.py
@@ -16,6 +16,7 @@ INCLUDES = """
 """
 
 TYPES = """
+static const int OPENSSL_VERSION_NUMBER;
 static char *const OPENSSL_VERSION_TEXT;
 """
 
diff --git a/cryptography/hazmat/backends/openssl/rand.py b/cryptography/hazmat/backends/openssl/rand.py
index ddd0a3d8..5ac36cac 100644
--- a/cryptography/hazmat/backends/openssl/rand.py
+++ b/cryptography/hazmat/backends/openssl/rand.py
@@ -19,6 +19,7 @@ TYPES = """
 """
 
 FUNCTIONS = """
+void ERR_load_RAND_strings();
 void RAND_seed(const void *, int);
 void RAND_add(const void *, int, double);
 int RAND_status();
diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index bf1ffcc6..f99c2636 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -22,6 +22,16 @@ static const int Cryptography_HAS_SSL2;
 /* Internally invented symbol to tell us if SNI is supported */
 static const int Cryptography_HAS_TLSEXT_HOSTNAME;
 
+/* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is
+ * supported
+ */
+static const int Cryptography_HAS_RELEASE_BUFFERS;
+
+/* Internally invented symbol to tell us if SSL_OP_NO_COMPRESSION is
+ * supported
+ */
+static const int Cryptography_HAS_OP_NO_COMPRESSION;
+
 static const int SSL_FILETYPE_PEM;
 static const int SSL_FILETYPE_ASN1;
 static const int SSL_ERROR_NONE;
@@ -36,6 +46,7 @@ static const int SSL_RECEIVED_SHUTDOWN;
 static const int SSL_OP_NO_SSLv2;
 static const int SSL_OP_NO_SSLv3;
 static const int SSL_OP_NO_TLSv1;
+static const int SSL_OP_NO_COMPRESSION;
 static const int SSL_OP_SINGLE_DH_USE;
 static const int SSL_OP_EPHEMERAL_RSA;
 static const int SSL_OP_MICROSOFT_SESS_ID_BUG;
@@ -43,7 +54,6 @@ static const int SSL_OP_NETSCAPE_CHALLENGE_BUG;
 static const int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
 static const int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
 static const int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
-static const int SSL_OP_MSIE_SSLV2_RSA_PADDING;
 static const int SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
 static const int SSL_OP_TLS_D5_BUG;
 static const int SSL_OP_TLS_BLOCK_PADDING_BUG;
@@ -90,6 +100,7 @@ static const int SSL_CB_CONNECT_LOOP;
 static const int SSL_CB_CONNECT_EXIT;
 static const int SSL_CB_HANDSHAKE_START;
 static const int SSL_CB_HANDSHAKE_DONE;
+static const int SSL_MODE_RELEASE_BUFFERS;
 static const int SSL_MODE_ENABLE_PARTIAL_WRITE;
 static const int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
 static const int SSL_MODE_AUTO_RETRY;
@@ -132,8 +143,8 @@ int SSL_get_verify_mode(const SSL *);
 void SSL_set_verify_depth(SSL *, int);
 int SSL_get_verify_depth(const SSL *);
 int (*SSL_get_verify_callback(const SSL *))(int, X509_STORE_CTX *);
-void SSL_set_info_callback(SSL *, void (*)());
-void (*SSL_get_info_callback(const SSL *))();
+void SSL_set_info_callback(SSL *ssl, void (*)(const SSL *, int, int));
+void (*SSL_get_info_callback(const SSL *))(const SSL *, int, int);
 SSL *SSL_new(SSL_CTX *);
 void SSL_free(SSL *);
 int SSL_set_fd(SSL *, int);
@@ -195,7 +206,7 @@ long SSL_get_options(SSL *);
 int SSL_want_read(const SSL *);
 int SSL_want_write(const SSL *);
 
-int SSL_total_renegotiations(const SSL *);
+int SSL_total_renegotiations(SSL *);
 
 long SSL_CTX_set_options(SSL_CTX *, long);
 long SSL_CTX_get_options(SSL_CTX *);
@@ -243,24 +254,38 @@ void SSL_CTX_set_tlsext_servername_callback(
 
 CUSTOMIZATIONS = """
 #ifdef OPENSSL_NO_SSL2
-static const int Cryptography_HAS_SSL2 = 0;
+static const long Cryptography_HAS_SSL2 = 0;
 SSL_METHOD* (*SSLv2_method)() = NULL;
 SSL_METHOD* (*SSLv2_client_method)() = NULL;
 SSL_METHOD* (*SSLv2_server_method)() = NULL;
 #else
-static const int Cryptography_HAS_SSL2 = 1;
+static const long Cryptography_HAS_SSL2 = 1;
 #endif
 
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-static const int Cryptography_HAS_TLSEXT_HOSTNAME = 1;
+static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1;
 #else
-static const int Cryptography_HAS_TLSEXT_HOSTNAME = 0;
+static const long Cryptography_HAS_TLSEXT_HOSTNAME = 0;
 void (*SSL_set_tlsext_host_name)(SSL *, char *) = NULL;
 const char* (*SSL_get_servername)(const SSL *, const int) = NULL;
 void (*SSL_CTX_set_tlsext_servername_callback)(
     SSL_CTX *,
     int (*)(const SSL *, int *, void *)) = NULL;
 #endif
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
+#else
+static const long Cryptography_HAS_RELEASE_BUFFERS = 0;
+const long SSL_MODE_RELEASE_BUFFERS = 0;
+#endif
+
+#ifdef SSL_OP_NO_COMPRESSION
+static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
+#else
+static const long Cryptography_HAS_OP_NO_COMPRESSION = 0;
+const long SSL_OP_NO_COMPRESSION = 0;
+#endif
 """
 
 CONDITIONAL_NAMES = {
@@ -274,5 +299,14 @@ CONDITIONAL_NAMES = {
         "SSL_set_tlsext_host_name",
         "SSL_get_servername",
         "SSL_CTX_set_tlsext_servername_callback",
-    ]
+    ],
+
+    "Cryptography_HAS_RELEASE_BUFFERS": [
+        "SSL_MODE_RELEASE_BUFFERS",
+    ],
+
+    "Cryptography_HAS_OP_NO_COMPRESSION": [
+        "SSL_OP_NO_COMPRESSION",
+    ],
+
 }
diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py
index dd7815fa..5cba476e 100644
--- a/cryptography/hazmat/backends/openssl/x509.py
+++ b/cryptography/hazmat/backends/openssl/x509.py
@@ -47,7 +47,7 @@ typedef struct {
 } X509_REVOKED;
 
 typedef struct {
-    struct x509_revoked_st *revoked;
+    struct stack_st_X509_REVOKED *revoked;
     ...;
 } X509_CRL_INFO;
 
@@ -178,8 +178,8 @@ int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *);
 void sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int);
 void sk_X509_EXTENSION_free(X509_EXTENSIONS *);
 
-int sk_X509_REVOKED_num(struct x509_revoked_st *);
-X509_REVOKED *sk_X509_REVOKED_value(struct x509_revoked_st *, int);
+int sk_X509_REVOKED_num(struct stack_st_X509_REVOKED *);
+X509_REVOKED *sk_X509_REVOKED_value(struct stack_st_X509_REVOKED *, int);
 
 /* These aren't macros these arguments are all const X on openssl > 1.0.x */
 int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *);