diff options
| -rw-r--r-- | .travis.yml | 2 | ||||
| -rw-r--r-- | CHANGELOG.rst | 1 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/bio.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/cryptography.py | 3 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/dh.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/dsa.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/rsa.py | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 6 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509.py | 4 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509_vfy.py | 4 |
10 files changed, 12 insertions, 16 deletions
diff --git a/.travis.yml b/.travis.yml index 82d533ed..eac49d98 100644 --- a/.travis.yml +++ b/.travis.yml @@ -60,8 +60,6 @@ matrix: - python: 3.8 env: TOXENV=py38 OPENSSL=1.1.1d OPENSSL_CONFIG_FLAGS=no-engine - python: 3.8 - env: TOXENV=py38 LIBRESSL=2.6.5 - - python: 3.8 env: TOXENV=py38 LIBRESSL=2.7.5 - python: 3.8 env: TOXENV=py38 LIBRESSL=2.8.3 diff --git a/CHANGELOG.rst b/CHANGELOG.rst index b727c8aa..964f43da 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -10,6 +10,7 @@ Changelog * Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. +* Support for LibreSSL 2.6.x has been removed. * Removed support for calling :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes` with no arguments, as per our deprecation policy. You must now pass diff --git a/src/_cffi_src/openssl/bio.py b/src/_cffi_src/openssl/bio.py index 0e6cb38c..8f5a3e6a 100644 --- a/src/_cffi_src/openssl/bio.py +++ b/src/_cffi_src/openssl/bio.py @@ -41,7 +41,7 @@ void BIO_clear_retry_flags(BIO *); """ CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL int BIO_up_ref(BIO *b) { CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO); return 1; diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py index ac32fdff..ddcbf2bd 100644 --- a/src/_cffi_src/openssl/cryptography.py +++ b/src/_cffi_src/openssl/cryptography.py @@ -34,14 +34,11 @@ INCLUDES = """ #endif #if CRYPTOGRAPHY_IS_LIBRESSL -#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER \ - (LIBRESSL_VERSION_NUMBER >= 0x2070000f) #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \ (LIBRESSL_VERSION_NUMBER >= 0x2080000f) #define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER \ (LIBRESSL_VERSION_NUMBER >= 0x2090100f) #else -#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER (0) #define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0) #define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER (0) #endif diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py index 6fdc7dd6..0e1df23a 100644 --- a/src/_cffi_src/openssl/dh.py +++ b/src/_cffi_src/openssl/dh.py @@ -39,7 +39,7 @@ int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x); CUSTOMIZATIONS = """ /* These functions were added in OpenSSL 1.1.0 */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { diff --git a/src/_cffi_src/openssl/dsa.py b/src/_cffi_src/openssl/dsa.py index a4a87c36..938c18fc 100644 --- a/src/_cffi_src/openssl/dsa.py +++ b/src/_cffi_src/openssl/dsa.py @@ -35,7 +35,7 @@ int DSA_generate_parameters_ex(DSA *, int, unsigned char *, int, CUSTOMIZATIONS = """ /* These functions were added in OpenSSL 1.1.0 */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { diff --git a/src/_cffi_src/openssl/rsa.py b/src/_cffi_src/openssl/rsa.py index 216e633a..4b915463 100644 --- a/src/_cffi_src/openssl/rsa.py +++ b/src/_cffi_src/openssl/rsa.py @@ -76,7 +76,7 @@ int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *, #endif /* These functions were added in OpenSSL 1.1.0 */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { /* If the fields n and e in r are NULL, the corresponding input diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 071ac76a..307cce46 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -570,7 +570,7 @@ static const long Cryptography_HAS_VERIFIED_CHAIN = 1; /* Added in 1.1.0 in the great opaquing, but we need to define it for older OpenSSLs. Such is our burden. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL /* from ssl/ssl_lib.c */ size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) { @@ -651,7 +651,7 @@ static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; static const long Cryptography_HAS_NEXTPROTONEG = 1; /* SSL_get0_param was added in OpenSSL 1.0.2. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL X509_VERIFY_PARAM *(*SSL_get0_param)(SSL *) = NULL; #else #endif @@ -834,7 +834,7 @@ int (*SSL_CTX_add_server_custom_ext)(SSL_CTX *, unsigned int, int (*SSL_extension_supported)(unsigned int) = NULL; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL int (*SSL_CIPHER_is_aead)(const SSL_CIPHER *) = NULL; int (*SSL_CIPHER_get_cipher_nid)(const SSL_CIPHER *) = NULL; int (*SSL_CIPHER_get_digest_nid)(const SSL_CIPHER *) = NULL; diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index b48f3179..991e1f09 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -270,7 +270,7 @@ void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **, CUSTOMIZATIONS = """ /* Added in 1.0.2 beta but we need it in all versions now due to the great opaquing. */ -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL /* from x509/x_x509.c version 1.0.2 */ void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x) @@ -327,7 +327,7 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) { return i2d_X509_CRL_INFO(crl->crl, pp); } -#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if !CRYPTOGRAPHY_IS_LIBRESSL int X509_up_ref(X509 *x) { return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); } diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py index 42da3b1e..675ce823 100644 --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -269,7 +269,7 @@ static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; static const long X509_V_FLAG_SUITEB_192_LOS = 0; static const long X509_V_FLAG_SUITEB_128_LOS = 0; -#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if !CRYPTOGRAPHY_IS_LIBRESSL int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *, size_t) = NULL; int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *, @@ -307,7 +307,7 @@ static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0; static const long X509_V_FLAG_TRUSTED_FIRST = 0; #endif -#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) { return ctx->objs; } |