From 61d0b6741030881d7753f6cbd98d3a5d50cce836 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 13 Jul 2024 09:49:04 -0400 Subject: [PATCH 1/4] Remove PKCS#12 bindings (#11259) They're no longer used! --- src/_cffi_src/build_openssl.py | 1 - src/_cffi_src/openssl/pkcs12.py | 38 ------------------- .../hazmat/bindings/openssl/_conditional.py | 5 --- 3 files changed, 44 deletions(-) delete mode 100644 src/_cffi_src/openssl/pkcs12.py diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 642b56ce490f..15ac1848493b 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -35,7 +35,6 @@ "objects", "opensslv", "pem", - "pkcs12", "rand", "rsa", "ssl", diff --git a/src/_cffi_src/openssl/pkcs12.py b/src/_cffi_src/openssl/pkcs12.py deleted file mode 100644 index 234f97b3ea65..000000000000 --- a/src/_cffi_src/openssl/pkcs12.py +++ /dev/null @@ -1,38 +0,0 @@ -# This file is dual licensed under the terms of the Apache License, Version -# 2.0, and the BSD License. See the LICENSE file in the root of this repository -# for complete details. - -from __future__ import annotations - -INCLUDES = """ -#include -""" - -TYPES = """ -static const long Cryptography_HAS_PKCS12_SET_MAC; - -typedef ... PKCS12; -""" - -FUNCTIONS = """ -void PKCS12_free(PKCS12 *); - -PKCS12 *d2i_PKCS12_bio(BIO *, PKCS12 **); -int i2d_PKCS12_bio(BIO *, PKCS12 *); -int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **, - Cryptography_STACK_OF_X509 **); -PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *, - Cryptography_STACK_OF_X509 *, int, int, int, int, int); -int PKCS12_set_mac(PKCS12 *, const char *, int, unsigned char *, int, int, - const EVP_MD *); -""" - -CUSTOMIZATIONS = """ -#if CRYPTOGRAPHY_IS_BORINGSSL -static const long Cryptography_HAS_PKCS12_SET_MAC = 0; -int (*PKCS12_set_mac)(PKCS12 *, const char *, int, unsigned char *, int, int, - const EVP_MD *) = NULL; -#else -static const long Cryptography_HAS_PKCS12_SET_MAC = 1; -#endif -""" diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 805991c560c3..ee47d1888d80 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -147,10 +147,6 @@ def cryptography_has_unexpected_eof_while_reading() -> list[str]: return ["SSL_R_UNEXPECTED_EOF_WHILE_READING"] -def cryptography_has_pkcs12_set_mac() -> list[str]: - return ["PKCS12_set_mac"] - - def cryptography_has_ssl_op_ignore_unexpected_eof() -> list[str]: return [ "SSL_OP_IGNORE_UNEXPECTED_EOF", @@ -188,7 +184,6 @@ def cryptography_has_get_extms_support() -> list[str]: "Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING": ( cryptography_has_unexpected_eof_while_reading ), - "Cryptography_HAS_PKCS12_SET_MAC": cryptography_has_pkcs12_set_mac, "Cryptography_HAS_SSL_OP_IGNORE_UNEXPECTED_EOF": ( cryptography_has_ssl_op_ignore_unexpected_eof ), From 6b911a8b4d5177a4cbc8177f6c2793202fc56b17 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 13 Jul 2024 09:49:24 -0400 Subject: [PATCH 2/4] Remove unused nid cffi definitions (#11260) --- src/_cffi_src/openssl/nid.py | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/_cffi_src/openssl/nid.py b/src/_cffi_src/openssl/nid.py index fe1cdda10137..9051977f0ab6 100644 --- a/src/_cffi_src/openssl/nid.py +++ b/src/_cffi_src/openssl/nid.py @@ -9,11 +9,7 @@ """ TYPES = """ -static const int Cryptography_HAS_ED448; - static const int NID_undef; -static const int NID_aes_256_cbc; -static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC; static const int NID_subject_alt_name; static const int NID_crl_reason; @@ -23,9 +19,4 @@ """ CUSTOMIZATIONS = """ -#ifndef NID_ED448 -static const long Cryptography_HAS_ED448 = 0; -#else -static const long Cryptography_HAS_ED448 = 1; -#endif """ From f28072ff88c1e901e754a5d08aae66b44dd8b953 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 13 Jul 2024 09:49:43 -0400 Subject: [PATCH 3/4] Remove more unused cffi type definitions (#11263) --- src/_cffi_src/openssl/x509_vfy.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py index 26eed9974f82..57c8d870011e 100644 --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -14,12 +14,10 @@ * together with another opaque typedef for the same name in the TYPES section. * Note that the result is an opaque type. */ -typedef STACK_OF(ASN1_OBJECT) Cryptography_STACK_OF_ASN1_OBJECT; typedef STACK_OF(X509_OBJECT) Cryptography_STACK_OF_X509_OBJECT; """ TYPES = """ -typedef ... Cryptography_STACK_OF_ASN1_OBJECT; typedef ... Cryptography_STACK_OF_X509_OBJECT; typedef ... X509_OBJECT; From db3dd51d6d93c567f2ed6f0fe980bce0cdc9524c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 13 Jul 2024 09:50:02 -0400 Subject: [PATCH 4/4] Remove unused cffi type definitions (#11262) --- src/_cffi_src/openssl/x509.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index b43593543cee..140c39708b8c 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -15,17 +15,14 @@ * Note that the result is an opaque type. */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; -typedef STACK_OF(X509_CRL) Cryptography_STACK_OF_X509_CRL; typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; """ TYPES = """ typedef ... Cryptography_STACK_OF_X509; -typedef ... Cryptography_STACK_OF_X509_CRL; typedef ... Cryptography_STACK_OF_X509_REVOKED; typedef ... X509_ALGOR; -typedef ... X509_ATTRIBUTE; typedef ... X509_EXTENSION; typedef ... X509_EXTENSIONS; typedef ... X509_REQ; @@ -35,8 +32,6 @@ typedef ... NETSCAPE_SPKI; -typedef ... PKCS8_PRIV_KEY_INFO; - typedef void (*sk_X509_EXTENSION_freefunc)(X509_EXTENSION *); """