[pypy-commit] pypy openssl-1.1: some blind LibreSSL fixes
arigo
pypy.commits at gmail.com
Tue Nov 1 14:16:23 EDT 2016
Author: Armin Rigo <arigo at tunes.org>
Branch: openssl-1.1
Changeset: r88047:a11c8673e565
Date: 2016-11-01 19:15 +0100
http://bitbucket.org/pypy/pypy/changeset/a11c8673e565/
Log: some blind LibreSSL fixes
diff --git a/rpython/rlib/ropenssl.py b/rpython/rlib/ropenssl.py
--- a/rpython/rlib/ropenssl.py
+++ b/rpython/rlib/ropenssl.py
@@ -59,7 +59,7 @@
'#define pypy_GENERAL_NAME_pop_free(names) (sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free))',
'#define pypy_DIST_POINT_fullname(obj) (obj->distpoint->name.fullname)',
# Backwards compatibility for functions introduced in 1.1
- '#if (OPENSSL_VERSION_NUMBER < 0x10100000)\n'
+ '#if (OPENSSL_VERSION_NUMBER < 0x10100000) || defined(LIBRESSL_VERSION_NUMBER)\n'
'# define COMP_get_name(meth) (meth->name)\n'
'# define COMP_get_type(meth) (meth->type)\n'
'# define X509_NAME_ENTRY_set(ne) (ne->set)\n'
@@ -67,9 +67,9 @@
'# define X509_OBJECT_get_type(obj) (obj->type)\n'
'# define X509_STORE_get0_objects(store) (store->objs)\n'
'# define X509_STORE_get0_param(store) (store->param)\n'
- '#else /* (OPENSSL_VERSION_NUMBER < 0x10100000) */\n'
+ '#else\n'
'# define OPENSSL_NO_SSL2\n'
- '#endif /* (OPENSSL_VERSION_NUMBER < 0x10100000) */',
+ '#endif',
],
)
@@ -108,6 +108,7 @@
ASN1_ITEM_EXP = ASN1_ITEM
OPENSSL_VERSION_NUMBER = cconfig["OPENSSL_VERSION_NUMBER"]
LIBRESSL = cconfig["LIBRESSL"]
+OPENSSL_1_1 = OPENSSL_VERSION_NUMBER >= 0x10100000 and not LIBRESSL
HAVE_TLSv1_2 = OPENSSL_VERSION_NUMBER >= 0x10001000
@@ -137,7 +138,7 @@
SSL_OP_SINGLE_ECDH_USE = rffi_platform.ConstantInteger(
"SSL_OP_SINGLE_ECDH_USE")
SSL_OP_NO_COMPRESSION = rffi_platform.DefinedConstantInteger(
- "SSL_OP_NO_COMPRESSION")
+ "SSL_OP_NO_COMPRESSION")
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = rffi_platform.ConstantInteger(
"SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS")
SSL_OP_CIPHER_SERVER_PREFERENCE = rffi_platform.ConstantInteger(
@@ -283,9 +284,9 @@
name, argtypes, restype, **kw)
ssl_external('SSL_load_error_strings', [], lltype.Void,
- macro=bool(OPENSSL_VERSION_NUMBER >= 0x10100000 and not LIBRESSL) or None)
+ macro=OPENSSL_1_1 or None)
ssl_external('SSL_library_init', [], rffi.INT,
- macro=bool(OPENSSL_VERSION_NUMBER >= 0x10100000 and not LIBRESSL) or None)
+ macro=OPENSSL_1_1 or None)
ssl_external('CRYPTO_num_locks', [], rffi.INT)
ssl_external('CRYPTO_set_locking_callback',
[lltype.Ptr(lltype.FuncType(
@@ -314,8 +315,7 @@
# Windows note: fails in untranslated tests if the following function is
# made 'macro=True'. Not sure I want to dig into the reason for that mess.
libssl_TLS_method = external(
- 'TLS_method' if OPENSSL_VERSION_NUMBER >= 0x10100000
- else 'SSLv23_method',
+ 'TLS_method' if OPENSSL_1_1 else 'SSLv23_method',
[], SSL_METHOD)
ssl_external('SSL_CTX_use_PrivateKey_file', [SSL_CTX, rffi.CCHARP, rffi.INT], rffi.INT,
save_err=rffi.RFFI_FULL_ERRNO_ZERO)
@@ -345,7 +345,7 @@
lltype.Void, macro=True)
ssl_external('SSL_CTX_set_tlsext_servername_arg', [SSL_CTX, rffi.VOIDP], lltype.Void, macro=True)
ssl_external('SSL_CTX_set_tmp_ecdh', [SSL_CTX, EC_KEY], lltype.Void, macro=True)
-if 0x10100000 > OPENSSL_VERSION_NUMBER >= 0x10002000:
+if OPENSSL_VERSION_NUMBER >= 0x10002000 and not OPENSSL_1_1:
ssl_external('SSL_CTX_set_ecdh_auto', [SSL_CTX, rffi.INT], lltype.Void,
macro=True)
else:
@@ -392,7 +392,7 @@
ssl_external('X509_NAME_ENTRY_get_object', [X509_NAME_ENTRY], ASN1_OBJECT)
ssl_external('X509_NAME_ENTRY_get_data', [X509_NAME_ENTRY], ASN1_STRING)
ssl_external('X509_NAME_ENTRY_set', [X509_NAME_ENTRY], rffi.INT,
- macro=bool(OPENSSL_VERSION_NUMBER < 0x10100000) or None)
+ macro=(not OPENSSL_1_1) or None)
ssl_external('i2d_X509', [X509, rffi.CCHARPP], rffi.INT, save_err=SAVE_ERR)
ssl_external('X509_free', [X509], lltype.Void, releasegil=False)
ssl_external('X509_check_ca', [X509], rffi.INT)
@@ -411,9 +411,9 @@
ssl_external('X509_VERIFY_PARAM_clear_flags', [X509_VERIFY_PARAM, rffi.ULONG], rffi.INT)
ssl_external('X509_STORE_add_cert', [X509_STORE, X509], rffi.INT)
ssl_external('X509_STORE_get0_objects', [X509_STORE], stack_st_X509_OBJECT,
- macro=bool(OPENSSL_VERSION_NUMBER < 0x10100000) or None)
+ macro=bool(not OPENSSL_1_1) or None)
ssl_external('X509_STORE_get0_param', [X509_STORE], X509_VERIFY_PARAM,
- macro=bool(OPENSSL_VERSION_NUMBER < 0x10100000) or None)
+ macro=bool(not OPENSSL_1_1) or None)
ssl_external('X509_get_default_cert_file_env', [], rffi.CCHARP)
ssl_external('X509_get_default_cert_file', [], rffi.CCHARP)
@@ -451,13 +451,13 @@
ssl_external('sk_X509_OBJECT_value', [stack_st_X509_OBJECT, rffi.INT],
X509_OBJECT, macro=True)
ssl_external('X509_OBJECT_get0_X509', [X509_OBJECT], X509,
- macro=bool(OPENSSL_VERSION_NUMBER < 0x10100000) or None)
+ macro=bool(not OPENSSL_1_1) or None)
ssl_external('X509_OBJECT_get_type', [X509_OBJECT], rffi.INT,
- macro=bool(OPENSSL_VERSION_NUMBER < 0x10100000) or None)
+ macro=bool(not OPENSSL_1_1) or None)
ssl_external('COMP_get_name', [COMP_METHOD], rffi.CCHARP,
- macro=bool(OPENSSL_VERSION_NUMBER < 0x10100000) or None)
+ macro=bool(not OPENSSL_1_1) or None)
ssl_external('COMP_get_type', [COMP_METHOD], rffi.INT,
- macro=bool(OPENSSL_VERSION_NUMBER < 0x10100000) or None)
+ macro=bool(not OPENSSL_1_1) or None)
ssl_external('sk_DIST_POINT_num', [stack_st_DIST_POINT], rffi.INT,
macro=True)
ssl_external('sk_DIST_POINT_value', [stack_st_DIST_POINT, rffi.INT], DIST_POINT,
@@ -499,7 +499,7 @@
# with the GIL held, and so is allowed to run in a RPython __del__ method.
ssl_external('SSL_free', [SSL], lltype.Void, releasegil=False)
ssl_external('SSL_CTX_free', [SSL_CTX], lltype.Void, releasegil=False)
-if OPENSSL_VERSION_NUMBER >= 0x10100000:
+if OPENSSL_1_1:
ssl_external('OPENSSL_free', [rffi.VOIDP], lltype.Void, macro=True)
else:
ssl_external('CRYPTO_free', [rffi.VOIDP], lltype.Void)
@@ -572,7 +572,7 @@
OpenSSL_add_all_digests = external(
'OpenSSL_add_all_digests', [], lltype.Void,
- macro=bool(OPENSSL_VERSION_NUMBER >= 0x10100000 and not LIBRESSL) or None)
+ macro=OPENSSL_1_1 or None)
EVP_get_digestbyname = external(
'EVP_get_digestbyname',
[rffi.CCHARP], EVP_MD)
@@ -592,15 +592,13 @@
EVP_MD_CTX_copy = external(
'EVP_MD_CTX_copy', [EVP_MD_CTX, EVP_MD_CTX], rffi.INT)
EVP_MD_CTX_new = external(
- 'EVP_MD_CTX_new' if OPENSSL_VERSION_NUMBER >= 0x10100000
- else 'EVP_MD_CTX_create',
+ 'EVP_MD_CTX_new' if OPENSSL_1_1 else 'EVP_MD_CTX_create',
[], EVP_MD_CTX)
EVP_MD_CTX_free = external(
- 'EVP_MD_CTX_free' if OPENSSL_VERSION_NUMBER >= 0x10100000
- else 'EVP_MD_CTX_destroy',
+ 'EVP_MD_CTX_free' if OPENSSL_1_1 else 'EVP_MD_CTX_destroy',
[EVP_MD_CTX], lltype.Void, releasegil=False)
-if OPENSSL_VERSION_NUMBER >= 0x10100000 and not LIBRESSL:
+if OPENSSL_1_1:
PKCS5_PBKDF2_HMAC = external('PKCS5_PBKDF2_HMAC', [
rffi.CCHARP, rffi.INT, rffi.CCHARP, rffi.INT, rffi.INT, EVP_MD,
rffi.INT, rffi.CCHARP], rffi.INT)
More information about the pypy-commit
mailing list