enable wconversion and finish fixes (#3728)

* enable wconversion and finish fixes

* don't pass -Wconversion if it's win32

4 files changed, 29 insertions, 5 deletions

diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
index 853f4488..86ee5007 100644
--- a/src/_cffi_src/build_openssl.py
+++ b/src/_cffi_src/build_openssl.py
@@ -36,6 +36,22 @@ def _get_openssl_libraries(platform):
         return ["ssl", "crypto"]
 
 
+def _extra_compile_args(platform):
+    """
+    We set -Wconversion args here so that we only do Wconversion checks on the
+    code we're compiling and not on cffi itself (as passing -Wconversion in
+    CFLAGS would do). We set no error on sign conversion because some
+    function signatures in OpenSSL have changed from long -> unsigned long
+    in the past. Since that isn't a precision issue we don't care.
+    When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
+    revisit this.
+    """
+    if platform != "win32":
+        return ["-Wconversion", "-Wno-error=sign-conversion"]
+    else:
+        return []
+
+
 ffi = build_ffi_for_binding(
     module_name="_openssl",
     module_prefix="_cffi_src.openssl.",
@@ -79,5 +95,13 @@ ffi = build_ffi_for_binding(
         "callbacks",
     ],
     libraries=_get_openssl_libraries(sys.platform),
+    # These args are passed here so that we only do Wconversion checks on the
+    # code we're compiling and not on cffi itself (as passing -Wconversion in
+    # CFLAGS would do). We set no error on sign convesrion because some
+    # function signatures in OpenSSL have changed from long -> unsigned long
+    # in the past. Since that isn't a precision issue we don't care.
+    # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
+    # revisit this.
+    extra_compile_args=_extra_compile_args(sys.platform),
     extra_link_args=extra_link_args(compiler_type()),
 )
diff --git a/src/_cffi_src/openssl/ecdh.py b/src/_cffi_src/openssl/ecdh.py
index 5ed426aa..7f658808 100644
--- a/src/_cffi_src/openssl/ecdh.py
+++ b/src/_cffi_src/openssl/ecdh.py
@@ -19,7 +19,7 @@ FUNCTIONS = """
 MACROS = """
 int ECDH_compute_key(void *, size_t, const EC_POINT *, EC_KEY *,
                      void *(*)(const void *, size_t, void *, size_t *));
-int SSL_CTX_set_ecdh_auto(SSL_CTX *, int);
+long SSL_CTX_set_ecdh_auto(SSL_CTX *, int);
 """
 
 CUSTOMIZATIONS = """
@@ -27,7 +27,7 @@ static const long Cryptography_HAS_ECDH = 1;
 
 #ifndef SSL_CTX_set_ecdh_auto
 static const long Cryptography_HAS_SET_ECDH_AUTO = 0;
-int (*SSL_CTX_set_ecdh_auto)(SSL_CTX *, int) = NULL;
+long (*SSL_CTX_set_ecdh_auto)(SSL_CTX *, int) = NULL;
 #else
 static const long Cryptography_HAS_SET_ECDH_AUTO = 1;
 #endif
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
index 0f538286..a4edfc5a 100644
--- a/src/_cffi_src/openssl/evp.py
+++ b/src/_cffi_src/openssl/evp.py
@@ -230,8 +230,8 @@ static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 1;
 #else
 static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0;
 size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL;
-size_t (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
-                                         size_t) = NULL;
+int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
+                                      size_t) = NULL;
 #endif
 
 /* OpenSSL 1.1.0+ does this define for us, but if not present we'll do it */
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 99d67bb1..116a54d4 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -611,7 +611,7 @@ static const long Cryptography_HAS_DTLS = 1;
 long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec,
                                      long *ptv_usec) {
     struct timeval tv = { 0 };
-    int r = DTLSv1_get_timeout(ssl, &tv);
+    long r = DTLSv1_get_timeout(ssl, &tv);
 
     if (r == 1) {
         if (ptv_sec) {