1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import annotations
6
7
8def cryptography_has_set_cert_cb() -> list[str]:
9 return [
10 "SSL_CTX_set_cert_cb",
11 "SSL_set_cert_cb",
12 ]
13
14
15def cryptography_has_ssl_st() -> list[str]:
16 return [
17 "SSL_ST_BEFORE",
18 "SSL_ST_OK",
19 "SSL_ST_INIT",
20 "SSL_ST_RENEGOTIATE",
21 ]
22
23
24def cryptography_has_tls_st() -> list[str]:
25 return [
26 "TLS_ST_BEFORE",
27 "TLS_ST_OK",
28 ]
29
30
31def cryptography_has_ed448() -> list[str]:
32 return [
33 "EVP_PKEY_ED448",
34 ]
35
36
37def cryptography_has_ssl_sigalgs() -> list[str]:
38 return [
39 "SSL_CTX_set1_sigalgs_list",
40 ]
41
42
43def cryptography_has_psk() -> list[str]:
44 return [
45 "SSL_CTX_use_psk_identity_hint",
46 "SSL_CTX_set_psk_server_callback",
47 "SSL_CTX_set_psk_client_callback",
48 ]
49
50
51def cryptography_has_psk_tlsv13() -> list[str]:
52 return [
53 "SSL_CTX_set_psk_find_session_callback",
54 "SSL_CTX_set_psk_use_session_callback",
55 "Cryptography_SSL_SESSION_new",
56 "SSL_CIPHER_find",
57 "SSL_SESSION_set1_master_key",
58 "SSL_SESSION_set_cipher",
59 "SSL_SESSION_set_protocol_version",
60 ]
61
62
63def cryptography_has_custom_ext() -> list[str]:
64 return [
65 "SSL_CTX_add_client_custom_ext",
66 "SSL_CTX_add_server_custom_ext",
67 "SSL_extension_supported",
68 ]
69
70
71def cryptography_has_tlsv13_functions() -> list[str]:
72 return [
73 "SSL_VERIFY_POST_HANDSHAKE",
74 "SSL_CTX_set_ciphersuites",
75 "SSL_verify_client_post_handshake",
76 "SSL_CTX_set_post_handshake_auth",
77 "SSL_set_post_handshake_auth",
78 "SSL_SESSION_get_max_early_data",
79 "SSL_write_early_data",
80 "SSL_read_early_data",
81 "SSL_CTX_set_max_early_data",
82 ]
83
84
85def cryptography_has_engine() -> list[str]:
86 return [
87 "ENGINE_by_id",
88 "ENGINE_init",
89 "ENGINE_finish",
90 "ENGINE_get_default_RAND",
91 "ENGINE_set_default_RAND",
92 "ENGINE_unregister_RAND",
93 "ENGINE_ctrl_cmd",
94 "ENGINE_free",
95 "ENGINE_get_name",
96 "ENGINE_ctrl_cmd_string",
97 "ENGINE_load_builtin_engines",
98 "ENGINE_load_private_key",
99 "ENGINE_load_public_key",
100 "SSL_CTX_set_client_cert_engine",
101 ]
102
103
104def cryptography_has_verified_chain() -> list[str]:
105 return [
106 "SSL_get0_verified_chain",
107 ]
108
109
110def cryptography_has_srtp() -> list[str]:
111 return [
112 "SSL_CTX_set_tlsext_use_srtp",
113 "SSL_set_tlsext_use_srtp",
114 "SSL_get_selected_srtp_profile",
115 ]
116
117
118def cryptography_has_providers() -> list[str]:
119 return [
120 "OSSL_PROVIDER_load",
121 "OSSL_PROVIDER_unload",
122 "ERR_LIB_PROV",
123 "PROV_R_WRONG_FINAL_BLOCK_LENGTH",
124 "PROV_R_BAD_DECRYPT",
125 ]
126
127
128def cryptography_has_op_no_renegotiation() -> list[str]:
129 return [
130 "SSL_OP_NO_RENEGOTIATION",
131 ]
132
133
134def cryptography_has_dtls_get_data_mtu() -> list[str]:
135 return [
136 "DTLS_get_data_mtu",
137 ]
138
139
140def cryptography_has_300_fips() -> list[str]:
141 return [
142 "EVP_default_properties_enable_fips",
143 ]
144
145
146def cryptography_has_ssl_cookie() -> list[str]:
147 return [
148 "SSL_OP_COOKIE_EXCHANGE",
149 "DTLSv1_listen",
150 "SSL_CTX_set_cookie_generate_cb",
151 "SSL_CTX_set_cookie_verify_cb",
152 ]
153
154
155def cryptography_has_pkcs7_funcs() -> list[str]:
156 return [
157 "PKCS7_verify",
158 "SMIME_read_PKCS7",
159 ]
160
161
162def cryptography_has_prime_checks() -> list[str]:
163 return [
164 "BN_prime_checks_for_size",
165 ]
166
167
168def cryptography_has_300_evp_cipher() -> list[str]:
169 return ["EVP_CIPHER_fetch", "EVP_CIPHER_free"]
170
171
172def cryptography_has_unexpected_eof_while_reading() -> list[str]:
173 return ["SSL_R_UNEXPECTED_EOF_WHILE_READING"]
174
175
176def cryptography_has_pkcs12_set_mac() -> list[str]:
177 return ["PKCS12_set_mac"]
178
179
180def cryptography_has_ssl_op_ignore_unexpected_eof() -> list[str]:
181 return [
182 "SSL_OP_IGNORE_UNEXPECTED_EOF",
183 ]
184
185
186def cryptography_has_get_extms_support() -> list[str]:
187 return ["SSL_get_extms_support"]
188
189
190# This is a mapping of
191# {condition: function-returning-names-dependent-on-that-condition} so we can
192# loop over them and delete unsupported names at runtime. It will be removed
193# when cffi supports #if in cdef. We use functions instead of just a dict of
194# lists so we can use coverage to measure which are used.
195CONDITIONAL_NAMES = {
196 "Cryptography_HAS_SET_CERT_CB": cryptography_has_set_cert_cb,
197 "Cryptography_HAS_SSL_ST": cryptography_has_ssl_st,
198 "Cryptography_HAS_TLS_ST": cryptography_has_tls_st,
199 "Cryptography_HAS_ED448": cryptography_has_ed448,
200 "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,
201 "Cryptography_HAS_PSK": cryptography_has_psk,
202 "Cryptography_HAS_PSK_TLSv1_3": cryptography_has_psk_tlsv13,
203 "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext,
204 "Cryptography_HAS_TLSv1_3_FUNCTIONS": cryptography_has_tlsv13_functions,
205 "Cryptography_HAS_ENGINE": cryptography_has_engine,
206 "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
207 "Cryptography_HAS_SRTP": cryptography_has_srtp,
208 "Cryptography_HAS_PROVIDERS": cryptography_has_providers,
209 "Cryptography_HAS_OP_NO_RENEGOTIATION": (
210 cryptography_has_op_no_renegotiation
211 ),
212 "Cryptography_HAS_DTLS_GET_DATA_MTU": cryptography_has_dtls_get_data_mtu,
213 "Cryptography_HAS_300_FIPS": cryptography_has_300_fips,
214 "Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie,
215 "Cryptography_HAS_PKCS7_FUNCS": cryptography_has_pkcs7_funcs,
216 "Cryptography_HAS_PRIME_CHECKS": cryptography_has_prime_checks,
217 "Cryptography_HAS_300_EVP_CIPHER": cryptography_has_300_evp_cipher,
218 "Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING": (
219 cryptography_has_unexpected_eof_while_reading
220 ),
221 "Cryptography_HAS_PKCS12_SET_MAC": cryptography_has_pkcs12_set_mac,
222 "Cryptography_HAS_SSL_OP_IGNORE_UNEXPECTED_EOF": (
223 cryptography_has_ssl_op_ignore_unexpected_eof
224 ),
225 "Cryptography_HAS_GET_EXTMS_SUPPORT": cryptography_has_get_extms_support,
226}