diff options
| -rw-r--r-- | .travis.yml | 18 | ||||
| -rwxr-xr-x | .travis/run.sh | 4 | ||||
| -rw-r--r-- | Jenkinsfile | 2 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ocsp.py | 8 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/src/osrandom_engine.c | 12 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 19 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509.py | 8 |
7 files changed, 42 insertions, 29 deletions
diff --git a/.travis.yml b/.travis.yml index a85a8b66..a34c50e9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -47,12 +47,18 @@ matrix: env: TOXENV=py37 OPENSSL=1.1.1-pre9 dist: xenial sudo: true - - python: 3.6 - env: TOXENV=py36 LIBRESSL=2.4.5 - - python: 3.6 - env: TOXENV=py36 LIBRESSL=2.6.5 - - python: 3.6 - env: TOXENV=py36 LIBRESSL=2.7.4 + - python: 3.7 + env: TOXENV=py37 LIBRESSL=2.4.5 + dist: xenial + sudo: true + - python: 3.7 + env: TOXENV=py37 LIBRESSL=2.6.5 + dist: xenial + sudo: true + - python: 3.7 + env: TOXENV=py37 LIBRESSL=2.7.4 + dist: xenial + sudo: true - python: 3.6 env: TOXENV=docs OPENSSL=1.1.0i addons: diff --git a/.travis/run.sh b/.travis/run.sh index 352c252e..5e0e56df 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -7,12 +7,14 @@ if [[ "${TOXENV}" == "pypy" ]]; then fi if [ -n "${LIBRESSL}" ]; then OPENSSL=$LIBRESSL + export CFLAGS="-Werror -Wno-error=deprecated-declarations -Wno-error=discarded-qualifiers -Wno-error=unused-function" fi + if [ -n "${OPENSSL}" ]; then OPENSSL_DIR="ossl-2/${OPENSSL}" export PATH="$HOME/$OPENSSL_DIR/bin:$PATH" - export CFLAGS="-I$HOME/$OPENSSL_DIR/include" + export CFLAGS="${CFLAGS} -I$HOME/$OPENSSL_DIR/include" # rpath on linux will cause it to use an absolute path so we don't need to # do LD_LIBRARY_PATH export LDFLAGS="-L$HOME/$OPENSSL_DIR/lib -Wl,-rpath=$HOME/$OPENSSL_DIR/lib" diff --git a/Jenkinsfile b/Jenkinsfile index f89728f3..8bb15d62 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -210,7 +210,7 @@ def build(toxenv, label, imageName, artifacts, artifactExcludes) { cd cryptography CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 \ LDFLAGS="/usr/local/opt/openssl\\@1.1/lib/libcrypto.a /usr/local/opt/openssl\\@1.1/lib/libssl.a" \ - CFLAGS="-I/usr/local/opt/openssl\\@1.1/include -Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.9" \ + CFLAGS="-I/usr/local/opt/openssl\\@1.1/include -Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.9" \ tox -r -- --color=yes --wycheproof-root=../wycheproof virtualenv .venv source .venv/bin/activate diff --git a/src/_cffi_src/openssl/ocsp.py b/src/_cffi_src/openssl/ocsp.py index dbe0367f..db8597af 100644 --- a/src/_cffi_src/openssl/ocsp.py +++ b/src/_cffi_src/openssl/ocsp.py @@ -149,12 +149,20 @@ const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) CRYPTOGRAPHY_OPENSSL_BETWEEN_111_and_111PRE9 const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) { +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + return bs->signatureAlgorithm; +#else return &bs->signatureAlgorithm; +#endif } const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) { +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 + return bs->tbsResponseData; +#else return &bs->tbsResponseData; +#endif } #endif """ diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c index 4fcd34fb..947c79aa 100644 --- a/src/_cffi_src/openssl/src/osrandom_engine.c +++ b/src/_cffi_src/openssl/src/osrandom_engine.c @@ -149,7 +149,7 @@ static int dev_urandom_fd(void) { static int dev_urandom_read(unsigned char *buffer, int size) { int fd; - ssize_t n; + int n; fd = dev_urandom_fd(); if (fd < 0) { @@ -158,7 +158,7 @@ static int dev_urandom_read(unsigned char *buffer, int size) { while (size > 0) { do { - n = read(fd, buffer, (size_t)size); + n = (int)read(fd, buffer, (size_t)size); } while (n < 0 && errno == EINTR); if (n <= 0) { @@ -219,7 +219,7 @@ static int osrandom_init(ENGINE *e) { } static int osrandom_rand_bytes(unsigned char *buffer, int size) { - size_t len; + int len; int res; switch(getentropy_works) { @@ -230,8 +230,8 @@ static int osrandom_rand_bytes(unsigned char *buffer, int size) { case CRYPTOGRAPHY_OSRANDOM_GETENTROPY_WORKS: while (size > 0) { /* OpenBSD and macOS restrict maximum buffer size to 256. */ - len = size > 256 ? 256 : (size_t)size; - res = getentropy(buffer, len); + len = size > 256 ? 256 : size; + res = getentropy(buffer, (size_t)len); if (res < 0) { ERR_Cryptography_OSRandom_error( CRYPTOGRAPHY_OSRANDOM_F_RAND_BYTES, @@ -362,7 +362,7 @@ static int osrandom_rand_bytes(unsigned char *buffer, int size) { return 0; } buffer += n; - size -= n; + size -= (int)n; } return 1; } diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 2aa5d010..2e32b8f3 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -238,12 +238,6 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *, unsigned char *, unsigned int * )); -void SSL_CTX_set_cookie_verify_cb(SSL_CTX *, - int (*)( - SSL *, - const unsigned char *, - unsigned int - )); long SSL_CTX_get_read_ahead(SSL_CTX *); long SSL_CTX_set_read_ahead(SSL_CTX *, long); @@ -285,7 +279,10 @@ void SSL_SESSION_free(SSL_SESSION *); /* Information about actually used cipher */ const char *SSL_CIPHER_get_name(const SSL_CIPHER *); int SSL_CIPHER_get_bits(const SSL_CIPHER *, int *); -uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *); +/* the modern signature of this is uint32_t, but older openssl declared it + as unsigned long. To make our compiler flags happy we'll declare it as a + 64-bit wide value, which should always be safe */ +uint64_t SSL_CIPHER_get_id(const SSL_CIPHER *); int SSL_CIPHER_is_aead(const SSL_CIPHER *); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *); @@ -700,10 +697,10 @@ static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0; const SSL_METHOD *(*DTLS_method)(void) = NULL; const SSL_METHOD *(*DTLS_server_method)(void) = NULL; const SSL_METHOD *(*DTLS_client_method)(void) = NULL; -static const long SSL_OP_NO_DTLSv1 = NULL; -static const long SSL_OP_NO_DTLSv1_2 = NULL; -long *(*DTLS_set_link_mtu)(SSL *, long) = NULL; -long *(*DTLS_get_link_min_mtu)(SSL *) = NULL; +static const long SSL_OP_NO_DTLSv1 = 0; +static const long SSL_OP_NO_DTLSv1_2 = 0; +long (*DTLS_set_link_mtu)(SSL *, long) = NULL; +long (*DTLS_get_link_min_mtu)(SSL *) = NULL; #else static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1; #endif diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index 3f2ac90d..748c6c8c 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -260,8 +260,8 @@ int X509_get_signature_nid(const X509 *); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *); -/* in 1.1.0 becomes const ASN1_BIT_STRING, const X509_ALGOR */ -void X509_get0_signature(ASN1_BIT_STRING **, X509_ALGOR **, X509 *); +void X509_get0_signature(const ASN1_BIT_STRING **, + const X509_ALGOR **, const X509 *); long X509_get_version(X509 *); @@ -347,8 +347,8 @@ CUSTOMIZATIONS = """ opaquing. */ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER /* from x509/x_x509.c version 1.0.2 */ -void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, - const X509 *x) +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x) { if (psig) *psig = x->signature; |