enable wconversion and finish fixes (#3728)
* enable wconversion and finish fixes
* don't pass -Wconversion if it's win32
diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
index 853f448..86ee500 100644
--- a/src/_cffi_src/build_openssl.py
+++ b/src/_cffi_src/build_openssl.py
@@ -36,6 +36,22 @@
return ["ssl", "crypto"]
+def _extra_compile_args(platform):
+ """
+ We set -Wconversion args here so that we only do Wconversion checks on the
+ code we're compiling and not on cffi itself (as passing -Wconversion in
+ CFLAGS would do). We set no error on sign conversion because some
+ function signatures in OpenSSL have changed from long -> unsigned long
+ in the past. Since that isn't a precision issue we don't care.
+ When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
+ revisit this.
+ """
+ if platform != "win32":
+ return ["-Wconversion", "-Wno-error=sign-conversion"]
+ else:
+ return []
+
+
ffi = build_ffi_for_binding(
module_name="_openssl",
module_prefix="_cffi_src.openssl.",
@@ -79,5 +95,13 @@
"callbacks",
],
libraries=_get_openssl_libraries(sys.platform),
+ # These args are passed here so that we only do Wconversion checks on the
+ # code we're compiling and not on cffi itself (as passing -Wconversion in
+ # CFLAGS would do). We set no error on sign convesrion because some
+ # function signatures in OpenSSL have changed from long -> unsigned long
+ # in the past. Since that isn't a precision issue we don't care.
+ # When we drop support for CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 we can
+ # revisit this.
+ extra_compile_args=_extra_compile_args(sys.platform),
extra_link_args=extra_link_args(compiler_type()),
)
diff --git a/src/_cffi_src/openssl/ecdh.py b/src/_cffi_src/openssl/ecdh.py
index 5ed426a..7f65880 100644
--- a/src/_cffi_src/openssl/ecdh.py
+++ b/src/_cffi_src/openssl/ecdh.py
@@ -19,7 +19,7 @@
MACROS = """
int ECDH_compute_key(void *, size_t, const EC_POINT *, EC_KEY *,
void *(*)(const void *, size_t, void *, size_t *));
-int SSL_CTX_set_ecdh_auto(SSL_CTX *, int);
+long SSL_CTX_set_ecdh_auto(SSL_CTX *, int);
"""
CUSTOMIZATIONS = """
@@ -27,7 +27,7 @@
#ifndef SSL_CTX_set_ecdh_auto
static const long Cryptography_HAS_SET_ECDH_AUTO = 0;
-int (*SSL_CTX_set_ecdh_auto)(SSL_CTX *, int) = NULL;
+long (*SSL_CTX_set_ecdh_auto)(SSL_CTX *, int) = NULL;
#else
static const long Cryptography_HAS_SET_ECDH_AUTO = 1;
#endif
diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py
index 0f53828..a4edfc5 100644
--- a/src/_cffi_src/openssl/evp.py
+++ b/src/_cffi_src/openssl/evp.py
@@ -230,8 +230,8 @@
#else
static const long Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint = 0;
size_t (*EVP_PKEY_get1_tls_encodedpoint)(EVP_PKEY *, unsigned char **) = NULL;
-size_t (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
- size_t) = NULL;
+int (*EVP_PKEY_set1_tls_encodedpoint)(EVP_PKEY *, const unsigned char *,
+ size_t) = NULL;
#endif
/* OpenSSL 1.1.0+ does this define for us, but if not present we'll do it */
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 99d67bb..116a54d 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -611,7 +611,7 @@
long Cryptography_DTLSv1_get_timeout(SSL *ssl, time_t *ptv_sec,
long *ptv_usec) {
struct timeval tv = { 0 };
- int r = DTLSv1_get_timeout(ssl, &tv);
+ long r = DTLSv1_get_timeout(ssl, &tv);
if (r == 1) {
if (ptv_sec) {