aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.travis.yml2
-rw-r--r--CHANGELOG.rst2
-rw-r--r--src/_cffi_src/openssl/bio.py2
-rw-r--r--src/_cffi_src/openssl/cryptography.py3
-rw-r--r--src/_cffi_src/openssl/dh.py2
-rw-r--r--src/_cffi_src/openssl/dsa.py2
-rw-r--r--src/_cffi_src/openssl/rsa.py2
-rw-r--r--src/_cffi_src/openssl/ssl.py2
-rw-r--r--src/_cffi_src/openssl/x509.py23
-rw-r--r--src/_cffi_src/openssl/x509_vfy.py6
10 files changed, 29 insertions, 17 deletions
diff --git a/.travis.yml b/.travis.yml
index 9b60e644..ff4ec0bd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -42,6 +42,8 @@ matrix:
- python: 3.6
env: TOXENV=py36 LIBRESSL=2.6.4
- python: 3.6
+ env: TOXENV=py36 LIBRESSL=2.7.3
+ - python: 3.6
env: TOXENV=docs OPENSSL=1.1.0h
addons:
apt:
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 9a3e5b88..57ea2da3 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -13,6 +13,8 @@ Changelog
* Support for Python 2.7.x without ``hmac.compare_digest`` has been deprecated.
We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
``cryptography`` release.
+* Fixed multiple issues preventing ``cryptography`` from compiling against
+ LibreSSL 2.7.x.
.. _v2-2-2:
diff --git a/src/_cffi_src/openssl/bio.py b/src/_cffi_src/openssl/bio.py
index a95dbf47..8ae7045c 100644
--- a/src/_cffi_src/openssl/bio.py
+++ b/src/_cffi_src/openssl/bio.py
@@ -40,7 +40,7 @@ void BIO_clear_retry_flags(BIO *);
"""
CUSTOMIZATIONS = """
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
int BIO_up_ref(BIO *b) {
CRYPTO_add(&b->references, 1, CRYPTO_LOCK_BIO);
return 1;
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index 137e2f9e..667fbf46 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -28,6 +28,9 @@ INCLUDES = """
#include <Winsock2.h>
#endif
+#define CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER \
+ (CRYPTOGRAPHY_IS_LIBRESSL && LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
+
#define CRYPTOGRAPHY_OPENSSL_102_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10002000 && !CRYPTOGRAPHY_IS_LIBRESSL)
#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
diff --git a/src/_cffi_src/openssl/dh.py b/src/_cffi_src/openssl/dh.py
index 64172eb6..b0fd21f5 100644
--- a/src/_cffi_src/openssl/dh.py
+++ b/src/_cffi_src/openssl/dh.py
@@ -46,7 +46,7 @@ int Cryptography_i2d_DHxparams_bio(BIO *bp, DH *x);
CUSTOMIZATIONS = """
/* These functions were added in OpenSSL 1.1.0 */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
void DH_get0_pqg(const DH *dh,
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
{
diff --git a/src/_cffi_src/openssl/dsa.py b/src/_cffi_src/openssl/dsa.py
index f960d59a..a4a87c36 100644
--- a/src/_cffi_src/openssl/dsa.py
+++ b/src/_cffi_src/openssl/dsa.py
@@ -35,7 +35,7 @@ int DSA_generate_parameters_ex(DSA *, int, unsigned char *, int,
CUSTOMIZATIONS = """
/* These functions were added in OpenSSL 1.1.0 */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
void DSA_get0_pqg(const DSA *d,
const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
{
diff --git a/src/_cffi_src/openssl/rsa.py b/src/_cffi_src/openssl/rsa.py
index 9455433e..216e633a 100644
--- a/src/_cffi_src/openssl/rsa.py
+++ b/src/_cffi_src/openssl/rsa.py
@@ -76,7 +76,7 @@ int (*EVP_PKEY_CTX_set0_rsa_oaep_label)(EVP_PKEY_CTX *, unsigned char *,
#endif
/* These functions were added in OpenSSL 1.1.0 */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
/* If the fields n and e in r are NULL, the corresponding input
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 91cedac0..a9fc2ff3 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -536,7 +536,7 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) {
/* Added in 1.1.0 in the great opaquing, but we need to define it for older
OpenSSLs. Such is our burden. */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
/* from ssl/ssl_lib.c */
size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
{
diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 2b845118..97ade5bc 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -340,7 +340,7 @@ void X509_REQ_get0_signature(const X509_REQ *, const ASN1_BIT_STRING **,
CUSTOMIZATIONS = """
/* Added in 1.0.2 beta but we need it in all versions now due to the great
opaquing. */
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
/* from x509/x_x509.c version 1.0.2 */
void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
const X509 *x)
@@ -387,7 +387,17 @@ X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) {
/* Added in 1.1.0 but we need it in all versions now due to the great
opaquing. */
#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+ req->req_info->enc.modified = 1;
+ return i2d_X509_REQ_INFO(req->req_info, pp);
+}
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
+ crl->crl->enc.modified = 1;
+ return i2d_X509_CRL_INFO(crl->crl, pp);
+}
+#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
int X509_up_ref(X509 *x) {
return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
}
@@ -406,16 +416,6 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
if (palg != NULL)
*palg = req->sig_alg;
}
-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
-{
- req->req_info->enc.modified = 1;
- return i2d_X509_REQ_INFO(req->req_info, pp);
-}
-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) {
- crl->crl->enc.modified = 1;
- return i2d_X509_CRL_INFO(crl->crl, pp);
-}
-
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg)
{
@@ -433,4 +433,5 @@ const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
return x->serialNumber;
}
#endif
+#endif
"""
diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py
index a4b91200..618b5c21 100644
--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -246,6 +246,7 @@ static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
static const long X509_V_FLAG_SUITEB_192_LOS = 0;
static const long X509_V_FLAG_SUITEB_128_LOS = 0;
+#if !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
size_t) = NULL;
int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *,
@@ -256,6 +257,7 @@ int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL;
void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *,
unsigned int) = NULL;
#endif
+#endif
/* OpenSSL 1.0.2+ or Solaris's backport */
#ifdef X509_V_FLAG_PARTIAL_CHAIN
@@ -273,7 +275,7 @@ static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0;
static const long X509_V_FLAG_TRUSTED_FIRST = 0;
#endif
-#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) {
return ctx->objs;
}
@@ -293,7 +295,9 @@ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) {
return x->data.x509;
}
+#endif
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 0;
typedef void *X509_STORE_CTX_get_issuer_fn;
X509_STORE_CTX_get_issuer_fn (*X509_STORE_get_get_issuer)(X509_STORE *) = NULL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 13:53:43 +0000