• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# This file is dual licensed under the terms of the Apache License, Version
2# 2.0, and the BSD License. See the LICENSE file in the root of this repository
3# for complete details.
4
5from __future__ import absolute_import, division, print_function
6
7
8def cryptography_has_ec2m():
9    return [
10        "EC_POINT_set_affine_coordinates_GF2m",
11        "EC_POINT_get_affine_coordinates_GF2m",
12        "EC_POINT_set_compressed_coordinates_GF2m",
13    ]
14
15
16def cryptography_has_ec_1_0_2():
17    return [
18        "EC_curve_nid2nist",
19    ]
20
21
22def cryptography_has_set_ecdh_auto():
23    return [
24        "SSL_CTX_set_ecdh_auto",
25    ]
26
27
28def cryptography_has_rsa_r_pkcs_decoding_error():
29    return [
30        "RSA_R_PKCS_DECODING_ERROR"
31    ]
32
33
34def cryptography_has_rsa_oaep_md():
35    return [
36        "EVP_PKEY_CTX_set_rsa_oaep_md",
37    ]
38
39
40def cryptography_has_rsa_oaep_label():
41    return [
42        "EVP_PKEY_CTX_set0_rsa_oaep_label",
43    ]
44
45
46def cryptography_has_ssl3_method():
47    return [
48        "SSLv3_method",
49        "SSLv3_client_method",
50        "SSLv3_server_method",
51    ]
52
53
54def cryptography_has_alpn():
55    return [
56        "SSL_CTX_set_alpn_protos",
57        "SSL_set_alpn_protos",
58        "SSL_CTX_set_alpn_select_cb",
59        "SSL_get0_alpn_selected",
60    ]
61
62
63def cryptography_has_compression():
64    return [
65        "SSL_get_current_compression",
66        "SSL_get_current_expansion",
67        "SSL_COMP_get_name",
68    ]
69
70
71def cryptography_has_get_server_tmp_key():
72    return [
73        "SSL_get_server_tmp_key",
74    ]
75
76
77def cryptography_has_102_verification_error_codes():
78    return [
79        'X509_V_ERR_SUITE_B_INVALID_VERSION',
80        'X509_V_ERR_SUITE_B_INVALID_ALGORITHM',
81        'X509_V_ERR_SUITE_B_INVALID_CURVE',
82        'X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM',
83        'X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED',
84        'X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256',
85        'X509_V_ERR_HOSTNAME_MISMATCH',
86        'X509_V_ERR_EMAIL_MISMATCH',
87        'X509_V_ERR_IP_ADDRESS_MISMATCH'
88    ]
89
90
91def cryptography_has_102_verification_params():
92    return [
93        "X509_V_FLAG_SUITEB_128_LOS_ONLY",
94        "X509_V_FLAG_SUITEB_192_LOS",
95        "X509_V_FLAG_SUITEB_128_LOS",
96        "X509_VERIFY_PARAM_set1_host",
97        "X509_VERIFY_PARAM_set1_email",
98        "X509_VERIFY_PARAM_set1_ip",
99        "X509_VERIFY_PARAM_set1_ip_asc",
100        "X509_VERIFY_PARAM_set_hostflags",
101        "SSL_get0_param",
102        "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT",
103        "X509_CHECK_FLAG_NO_WILDCARDS",
104        "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS",
105        "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS",
106        "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS"
107    ]
108
109
110def cryptography_has_110_verification_params():
111    return [
112        "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT"
113    ]
114
115
116def cryptography_has_x509_v_flag_trusted_first():
117    return [
118        "X509_V_FLAG_TRUSTED_FIRST",
119    ]
120
121
122def cryptography_has_x509_v_flag_partial_chain():
123    return [
124        "X509_V_FLAG_PARTIAL_CHAIN",
125    ]
126
127
128def cryptography_has_set_cert_cb():
129    return [
130        "SSL_CTX_set_cert_cb",
131        "SSL_set_cert_cb",
132    ]
133
134
135def cryptography_has_ssl_st():
136    return [
137        "SSL_ST_BEFORE",
138        "SSL_ST_OK",
139        "SSL_ST_INIT",
140        "SSL_ST_RENEGOTIATE",
141    ]
142
143
144def cryptography_has_tls_st():
145    return [
146        "TLS_ST_BEFORE",
147        "TLS_ST_OK",
148    ]
149
150
151def cryptography_has_locking_callbacks():
152    return [
153        "CRYPTO_LOCK",
154        "CRYPTO_UNLOCK",
155        "CRYPTO_READ",
156        "CRYPTO_LOCK_SSL",
157        "CRYPTO_lock",
158        "Cryptography_setup_ssl_threads",
159    ]
160
161
162def cryptography_has_scrypt():
163    return [
164        "EVP_PBE_scrypt",
165    ]
166
167
168def cryptography_has_generic_dtls_method():
169    return [
170        "DTLS_method",
171        "DTLS_server_method",
172        "DTLS_client_method",
173        "SSL_OP_NO_DTLSv1",
174        "SSL_OP_NO_DTLSv1_2",
175        "DTLS_set_link_mtu",
176        "DTLS_get_link_min_mtu",
177    ]
178
179
180def cryptography_has_evp_pkey_dhx():
181    return [
182        "EVP_PKEY_DHX",
183    ]
184
185
186def cryptography_has_mem_functions():
187    return [
188        "Cryptography_CRYPTO_set_mem_functions",
189    ]
190
191
192def cryptography_has_sct():
193    return [
194        "SCT_get_version",
195        "SCT_get_log_entry_type",
196        "SCT_get0_log_id",
197        "SCT_get0_signature",
198        "SCT_get_timestamp",
199        "SCT_set_source",
200        "sk_SCT_num",
201        "sk_SCT_value",
202        "SCT_LIST_free",
203        "sk_SCT_push",
204        "sk_SCT_new_null",
205        "SCT_new",
206        "SCT_set1_log_id",
207        "SCT_set_timestamp",
208        "SCT_set_version",
209        "SCT_set_log_entry_type",
210    ]
211
212
213def cryptography_has_x509_store_ctx_get_issuer():
214    return [
215        "X509_STORE_get_get_issuer",
216        "X509_STORE_set_get_issuer",
217    ]
218
219
220def cryptography_has_x25519():
221    return [
222        "EVP_PKEY_X25519",
223        "NID_X25519",
224    ]
225
226
227def cryptography_has_x448():
228    return [
229        "EVP_PKEY_X448",
230        "NID_X448",
231    ]
232
233
234def cryptography_has_ed448():
235    return [
236        "EVP_PKEY_ED448",
237        "NID_ED448",
238    ]
239
240
241def cryptography_has_ed25519():
242    return [
243        "NID_ED25519",
244        "EVP_PKEY_ED25519",
245    ]
246
247
248def cryptography_has_oneshot_evp_digest_sign_verify():
249    return [
250        "EVP_DigestSign",
251        "EVP_DigestVerify",
252    ]
253
254
255def cryptography_has_evp_digestfinal_xof():
256    return [
257        "EVP_DigestFinalXOF",
258    ]
259
260
261def cryptography_has_evp_pkey_get_set_tls_encodedpoint():
262    return [
263        "EVP_PKEY_get1_tls_encodedpoint",
264        "EVP_PKEY_set1_tls_encodedpoint",
265    ]
266
267
268def cryptography_has_fips():
269    return [
270        "FIPS_set_mode",
271        "FIPS_mode",
272    ]
273
274
275def cryptography_has_ssl_sigalgs():
276    return [
277        "SSL_CTX_set1_sigalgs_list",
278        "SSL_get_sigalgs",
279    ]
280
281
282def cryptography_has_psk():
283    return [
284        "SSL_CTX_use_psk_identity_hint",
285        "SSL_CTX_set_psk_server_callback",
286        "SSL_CTX_set_psk_client_callback",
287    ]
288
289
290def cryptography_has_custom_ext():
291    return [
292        "SSL_CTX_add_client_custom_ext",
293        "SSL_CTX_add_server_custom_ext",
294        "SSL_extension_supported",
295    ]
296
297
298def cryptography_has_openssl_cleanup():
299    return [
300        "OPENSSL_cleanup",
301    ]
302
303
304def cryptography_has_cipher_details():
305    return [
306        "SSL_CIPHER_is_aead",
307        "SSL_CIPHER_get_cipher_nid",
308        "SSL_CIPHER_get_digest_nid",
309        "SSL_CIPHER_get_kx_nid",
310        "SSL_CIPHER_get_auth_nid",
311    ]
312
313
314def cryptography_has_tlsv13():
315    return [
316        "SSL_OP_NO_TLSv1_3",
317        "SSL_VERIFY_POST_HANDSHAKE",
318        "SSL_CTX_set_ciphersuites",
319        "SSL_verify_client_post_handshake",
320        "SSL_CTX_set_post_handshake_auth",
321        "SSL_set_post_handshake_auth",
322        "SSL_SESSION_get_max_early_data",
323        "SSL_write_early_data",
324        "SSL_read_early_data",
325        "SSL_CTX_set_max_early_data",
326    ]
327
328
329def cryptography_has_raw_key():
330    return [
331        "EVP_PKEY_new_raw_private_key",
332        "EVP_PKEY_new_raw_public_key",
333        "EVP_PKEY_get_raw_private_key",
334        "EVP_PKEY_get_raw_public_key",
335    ]
336
337
338def cryptography_has_evp_r_memory_limit_exceeded():
339    return [
340        "EVP_R_MEMORY_LIMIT_EXCEEDED",
341    ]
342
343
344# This is a mapping of
345# {condition: function-returning-names-dependent-on-that-condition} so we can
346# loop over them and delete unsupported names at runtime. It will be removed
347# when cffi supports #if in cdef. We use functions instead of just a dict of
348# lists so we can use coverage to measure which are used.
349CONDITIONAL_NAMES = {
350    "Cryptography_HAS_EC2M": cryptography_has_ec2m,
351    "Cryptography_HAS_EC_1_0_2": cryptography_has_ec_1_0_2,
352    "Cryptography_HAS_SET_ECDH_AUTO": cryptography_has_set_ecdh_auto,
353    "Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR": (
354        cryptography_has_rsa_r_pkcs_decoding_error
355    ),
356    "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
357    "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
358    "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
359    "Cryptography_HAS_ALPN": cryptography_has_alpn,
360    "Cryptography_HAS_COMPRESSION": cryptography_has_compression,
361    "Cryptography_HAS_GET_SERVER_TMP_KEY": cryptography_has_get_server_tmp_key,
362    "Cryptography_HAS_102_VERIFICATION_ERROR_CODES": (
363        cryptography_has_102_verification_error_codes
364    ),
365    "Cryptography_HAS_102_VERIFICATION_PARAMS": (
366        cryptography_has_102_verification_params
367    ),
368    "Cryptography_HAS_110_VERIFICATION_PARAMS": (
369        cryptography_has_110_verification_params
370    ),
371    "Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": (
372        cryptography_has_x509_v_flag_trusted_first
373    ),
374    "Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN": (
375        cryptography_has_x509_v_flag_partial_chain
376    ),
377    "Cryptography_HAS_SET_CERT_CB": cryptography_has_set_cert_cb,
378    "Cryptography_HAS_SSL_ST": cryptography_has_ssl_st,
379    "Cryptography_HAS_TLS_ST": cryptography_has_tls_st,
380    "Cryptography_HAS_LOCKING_CALLBACKS": cryptography_has_locking_callbacks,
381    "Cryptography_HAS_SCRYPT": cryptography_has_scrypt,
382    "Cryptography_HAS_GENERIC_DTLS_METHOD": (
383        cryptography_has_generic_dtls_method
384    ),
385    "Cryptography_HAS_EVP_PKEY_DHX": cryptography_has_evp_pkey_dhx,
386    "Cryptography_HAS_MEM_FUNCTIONS": cryptography_has_mem_functions,
387    "Cryptography_HAS_SCT": cryptography_has_sct,
388    "Cryptography_HAS_X509_STORE_CTX_GET_ISSUER": (
389        cryptography_has_x509_store_ctx_get_issuer
390    ),
391    "Cryptography_HAS_X25519": cryptography_has_x25519,
392    "Cryptography_HAS_X448": cryptography_has_x448,
393    "Cryptography_HAS_ED448": cryptography_has_ed448,
394    "Cryptography_HAS_ED25519": cryptography_has_ed25519,
395    "Cryptography_HAS_ONESHOT_EVP_DIGEST_SIGN_VERIFY": (
396        cryptography_has_oneshot_evp_digest_sign_verify
397    ),
398    "Cryptography_HAS_EVP_PKEY_get_set_tls_encodedpoint": (
399        cryptography_has_evp_pkey_get_set_tls_encodedpoint
400    ),
401    "Cryptography_HAS_FIPS": cryptography_has_fips,
402    "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,
403    "Cryptography_HAS_PSK": cryptography_has_psk,
404    "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext,
405    "Cryptography_HAS_OPENSSL_CLEANUP": cryptography_has_openssl_cleanup,
406    "Cryptography_HAS_CIPHER_DETAILS": cryptography_has_cipher_details,
407    "Cryptography_HAS_TLSv1_3": cryptography_has_tlsv13,
408    "Cryptography_HAS_RAW_KEY": cryptography_has_raw_key,
409    "Cryptography_HAS_EVP_DIGESTFINAL_XOF": (
410        cryptography_has_evp_digestfinal_xof
411    ),
412    "Cryptography_HAS_EVP_R_MEMORY_LIMIT_EXCEEDED": (
413        cryptography_has_evp_r_memory_limit_exceeded
414    ),
415}
416