Fix compilation without deprecated OpenSSL APIs

src/_cffi_src/openssl/asn1.py

@@ -105,4 +105,7 @@
 """
 
 CUSTOMIZATIONS = """
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define ASN1_STRING_data ASN1_STRING_get0_data
+#endif
 """

src/_cffi_src/openssl/conf.py

@@ -17,4 +17,8 @@
 """
 
 CUSTOMIZATIONS = """
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define OPENSSL_config(x) 0
+#define OPENSSL_no_config() 0
+#endif
 """

src/_cffi_src/openssl/crypto.py

@@ -113,4 +113,8 @@
 void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
     free(ptr);
 }
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define CRYPTO_get_locking_callback() 0
+#endif
 """

src/_cffi_src/openssl/ecdh.py

@@ -17,4 +17,7 @@
 """
 
 CUSTOMIZATIONS = """
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define SSL_CTX_set_ecdh_auto(a, b) ((b) != 0)
+#endif
 """

src/_cffi_src/openssl/evp.py

@@ -269,4 +269,9 @@
 #ifndef EVP_PKEY_POLY1305
 #define EVP_PKEY_POLY1305 NID_poly1305
 #endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
+#define OpenSSL_add_all_algorithms() do {} while(0)
+#endif
 """

src/_cffi_src/openssl/ssl.py

@@ -13,12 +13,14 @@
 static const long Cryptography_HAS_SSL_ST;
 static const long Cryptography_HAS_TLS_ST;
 static const long Cryptography_HAS_SSL3_METHOD;
-static const long Cryptography_HAS_TLSv1_1;
-static const long Cryptography_HAS_TLSv1_2;
+static const long Cryptography_HAS_TLS1_METHOD;
+static const long Cryptography_HAS_TLS1_1_METHOD;
+static const long Cryptography_HAS_TLS1_2_METHOD;
 static const long Cryptography_HAS_TLSv1_3;
 static const long Cryptography_HAS_SECURE_RENEGOTIATION;
 static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
 static const long Cryptography_HAS_DTLS;
+static const long Cryptography_HAS_DTLS1_METHOD;
 static const long Cryptography_HAS_SIGALGS;
 static const long Cryptography_HAS_PSK;
 static const long Cryptography_HAS_VERIFIED_CHAIN;
@@ -548,8 +550,43 @@
 
 static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
 static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
-static const long Cryptography_HAS_TLSv1_1 = 1;
-static const long Cryptography_HAS_TLSv1_2 = 1;
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_METHOD = 0;
+const SSL_METHOD* (*TLSv1_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_1_METHOD = 0;
+const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_1_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_TLS1_2_METHOD = 0;
+const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
+const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_TLS1_2_METHOD = 1;
+#endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_DTLS1_METHOD = 0;
+const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
+const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
+const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
+#else
+static const long Cryptography_HAS_DTLS1_METHOD = 1;
+#endif
+
 static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
 static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
 static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
@@ -708,4 +745,9 @@
 #else
 static const long Cryptography_HAS_GET_PROTO_VERSION = 1;
 #endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define SSL_library_init() 1
+#define SSL_load_error_strings() 0
+#endif
 """

src/_cffi_src/openssl/x509.py

@@ -305,4 +305,16 @@
     return i2d_X509_CRL_INFO(crl->crl, pp);
 }
 #endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define X509_get_notBefore X509_get0_notBefore
+#define X509_get_notAfter X509_get0_notAfter
+#define X509_set_notBefore X509_set1_notBefore
+#define X509_set_notAfter X509_set1_notAfter
+
+#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
+#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
+#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
 """

src/_cffi_src/openssl/x509_vfy.py

@@ -257,4 +257,10 @@
 #else
 static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
 #endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
+#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
+#define X509_STORE_CTX_get_chain X509_STORE_CTX_get1_chain
+#endif
 """

src/cryptography/hazmat/bindings/openssl/_conditional.py

@@ -31,6 +31,38 @@ def cryptography_has_ssl3_method():
     ]
 
 
+def cryptography_has_tls1_method():
+    return [
+        "TLSv1_method",
+        "TLSv1_client_method",
+        "TLSv1_server_method",
+    ]
+
+
+def cryptography_has_tls1_1_method():
+    return [
+        "TLSv1_1_method",
+        "TLSv1_1_client_method",
+        "TLSv1_1_server_method",
+    ]
+
+
+def cryptography_has_tls1_2_method():
+    return [
+        "TLSv1_2_method",
+        "TLSv1_2_client_method",
+        "TLSv1_2_server_method",
+    ]
+
+
+def cryptography_has_dtls1_method():
+    return [
+        "DTLSv1_method",
+        "DTLSv1_client_method",
+        "DTLSv1_server_method",
+    ]
+
+
 def cryptography_has_102_verification():
     return [
         "X509_V_ERR_SUITE_B_INVALID_VERSION",
@@ -280,6 +312,10 @@ def cryptography_has_get_proto_version():
     "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
     "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
     "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
+    "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
+    "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
+    "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
+    "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
     "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
     "Cryptography_HAS_110_VERIFICATION_PARAMS": (
         cryptography_has_110_verification_params