diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-09-05 21:44:29 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-09-05 22:44:29 -0400 |
| commit | f88aea5d8b9452677bd23a9bba917b900cd634c0 (patch) | |
| tree | beb2b819e25f6f8cc365d6870915960c6547ea76 /src/_cffi_src | |
| parent | 18d49d0c6cd117e82934f65e641c1d830edd20df (diff) | |
| download | cryptography-f88aea5d8b9452677bd23a9bba917b900cd634c0.tar.gz cryptography-f88aea5d8b9452677bd23a9bba917b900cd634c0.tar.bz2 cryptography-f88aea5d8b9452677bd23a9bba917b900cd634c0.zip | |
Add flags to error on compile with incompatible pointer type (#4455)
* try something a bit different.
* newer compiler plz
* permute
* fix some warnings
* fix getters on OpenSSL < 1.1.0
* this is getting involved
* given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb
Diffstat (limited to 'src/_cffi_src')
| -rw-r--r-- | src/_cffi_src/openssl/ocsp.py | 8 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/src/osrandom_engine.c | 12 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 19 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509.py | 8 |
4 files changed, 26 insertions, 21 deletions
diff --git a/src/_cffi_src/openssl/ocsp.py b/src/_cffi_src/openssl/ocsp.py index dbe0367f..db8597af 100644 --- a/src/_cffi_src/openssl/ocsp.py +++ b/src/_cffi_src/openssl/ocsp.py @@ -149,12 +149,20 @@ const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) CRYPTOGRAPHY_OPENSSL_BETWEEN_111_and_111PRE9 const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) { +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + return bs->signatureAlgorithm; +#else return &bs->signatureAlgorithm; +#endif } const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) { +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + return bs->tbsResponseData; +#else return &bs->tbsResponseData; +#endif } #endif """ diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c index 4fcd34fb..947c79aa 100644 --- a/src/_cffi_src/openssl/src/osrandom_engine.c +++ b/src/_cffi_src/openssl/src/osrandom_engine.c @@ -149,7 +149,7 @@ static int dev_urandom_fd(void) { static int dev_urandom_read(unsigned char *buffer, int size) { int fd; - ssize_t n; + int n; fd = dev_urandom_fd(); if (fd < 0) { @@ -158,7 +158,7 @@ static int dev_urandom_read(unsigned char *buffer, int size) { while (size > 0) { do { - n = read(fd, buffer, (size_t)size); + n = (int)read(fd, buffer, (size_t)size); } while (n < 0 && errno == EINTR); if (n <= 0) { @@ -219,7 +219,7 @@ static int osrandom_init(ENGINE *e) { } static int osrandom_rand_bytes(unsigned char *buffer, int size) { - size_t len; + int len; int res; switch(getentropy_works) { @@ -230,8 +230,8 @@ static int osrandom_rand_bytes(unsigned char *buffer, int size) { case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: while (size > 0) { /* OpenBSD and macOS restrict maximum buffer size to 256. */ - len = size > 256 ? 256 : (size_t)size; - res = getentropy(buffer, len); + len = size > 256 ? 256 : size; + res = getentropy(buffer, (size_t)len); if (res < 0) { ERR_Cryptography_OSRandom_error( CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, @@ -362,7 +362,7 @@ static int osrandom_rand_bytes(unsigned char *buffer, int size) { return 0; } buffer += n; - size -= n; + size -= (int)n; } return 1; } diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 2aa5d010..2e32b8f3 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -238,12 +238,6 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, unsigned char *, unsigned int * )); -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *, - int (*)( - SSL *, - const unsigned char *, - unsigned int - )); long SSL_CTX_get_read_ahead(SSL_CTX *); long SSL_CTX_set_read_ahead(SSL_CTX *, long); @@ -285,7 +279,10 @@ void SSL_SESSION_free(SSL_SESSION *); /* Information about actually used cipher */ const char *SSL_CIPHER_get_name(const SSL_CIPHER *); int SSL_CIPHER_get_bits(const SSL_CIPHER *, int *); -uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *); +/* the modern signature of this is uint32_t, but older openssl declared it + as unsigned long. To make our compiler flags happy we'll declare it as a + 64-bit wide value, which should always be safe */ +uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); int SSL_CIPHER_is_aead(const SSL_CIPHER *); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); @@ -700,10 +697,10 @@ static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0; const SSL_METHOD *(*DTLS_method)(void) = NULL; const SSL_METHOD *(*DTLS_server_method)(void) = NULL; const SSL_METHOD *(*DTLS_client_method)(void) = NULL; -static const long SSL_OP_NO_DTLSv1 = NULL; -static const long SSL_OP_NO_DTLSv1_2 = NULL; -long *(*DTLS_set_link_mtu)(SSL *, long) = NULL; -long *(*DTLS_get_link_min_mtu)(SSL *) = NULL; +static const long SSL_OP_NO_DTLSv1 = 0; +static const long SSL_OP_NO_DTLSv1_2 = 0; +long (*DTLS_set_link_mtu)(SSL *, long) = NULL; +long (*DTLS_get_link_min_mtu)(SSL *) = NULL; #else static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1; #endif diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index 3f2ac90d..748c6c8c 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -260,8 +260,8 @@ int X509_get_signature_nid(const X509 *); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); -/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */ -void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *); +void X509_get0_signature(const ASN1_BIT_STRING **, + const X509_ALGOR **, const X509 *); long X509_get_version(X509 *); @@ -347,8 +347,8 @@ CUSTOMIZATIONS = """ opaquing. */ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER /* from x509/x_x509.c version 1.0.2 */ -void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, - const X509 *x) +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x) { if (psig) *psig = x->signature; |