More ifdef death (#3450)
* CMAC is always supported
* TLSv1.2 is always supported
* Releasing buffers is always supported
* Nonsense IE SSLv2 nonsens is always supported
diff --git a/src/_cffi_src/openssl/cmac.py b/src/_cffi_src/openssl/cmac.py
index 0998745..85b685d 100644
--- a/src/_cffi_src/openssl/cmac.py
+++ b/src/_cffi_src/openssl/cmac.py
@@ -28,17 +28,5 @@
"""
CUSTOMIZATIONS = """
-#if !defined(OPENSSL_NO_CMAC)
static const long Cryptography_HAS_CMAC = 1;
-#else
-static const long Cryptography_HAS_CMAC = 0;
-typedef void CMAC_CTX;
-CMAC_CTX *(*CMAC_CTX_new)(void) = NULL;
-int (*CMAC_Init)(CMAC_CTX *, const void *, size_t, const EVP_CIPHER *,
- ENGINE *) = NULL;
-int (*CMAC_Update)(CMAC_CTX *, const void *, size_t) = NULL;
-int (*CMAC_Final)(CMAC_CTX *, unsigned char *, size_t *) = NULL;
-int (*CMAC_CTX_copy)(CMAC_CTX *, const CMAC_CTX *) = NULL;
-void (*CMAC_CTX_free)(CMAC_CTX *) = NULL;
-#endif
"""
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 4daa4d8..c946b4c 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -511,33 +511,11 @@
static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 1;
static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 1;
static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE = 1;
-
-#ifdef SSL_MODE_RELEASE_BUFFERS
static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
-#else
-static const long Cryptography_HAS_RELEASE_BUFFERS = 0;
-const long SSL_MODE_RELEASE_BUFFERS = 0;
-#endif
-
static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
static const long Cryptography_HAS_TLSv1_1 = 1;
-
-#ifdef SSL_OP_NO_TLSv1_2
static const long Cryptography_HAS_TLSv1_2 = 1;
-#else
-static const long Cryptography_HAS_TLSv1_2 = 0;
-static const long SSL_OP_NO_TLSv1_2 = 0;
-SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
-SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
-SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
-#endif
-
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
-#else
-static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0;
-const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0;
-#endif
#ifdef OPENSSL_NO_EC
long (*SSL_CTX_set_tmp_ecdh)(SSL_CTX *, EC_KEY *) = NULL;
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 7c53d86..00aec37 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -649,11 +649,8 @@
return True
def cmac_algorithm_supported(self, algorithm):
- return (
- self._lib.Cryptography_HAS_CMAC == 1 and
- self.cipher_supported(
- algorithm, CBC(b"\x00" * algorithm.block_size)
- )
+ return self.cipher_supported(
+ algorithm, CBC(b"\x00" * algorithm.block_size)
)
def create_cmac_ctx(self, algorithm):
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index 7f488ba..7241a35 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -9,14 +9,6 @@
# cffi supports #if in cdef
CONDITIONAL_NAMES = {
- "Cryptography_HAS_CMAC": [
- "CMAC_CTX_new",
- "CMAC_Init",
- "CMAC_Update",
- "CMAC_Final",
- "CMAC_CTX_copy",
- "CMAC_CTX_free",
- ],
"Cryptography_HAS_CMS": [
"BIO_new_CMS",
"i2d_CMS_bio_stream",
@@ -191,27 +183,12 @@
"EVP_PKEY_CTX_set_rsa_oaep_md",
],
- "Cryptography_HAS_TLSv1_2": [
- "SSL_OP_NO_TLSv1_2",
- "TLSv1_2_method",
- "TLSv1_2_server_method",
- "TLSv1_2_client_method",
- ],
-
"Cryptography_HAS_SSL3_METHOD": [
"SSLv3_method",
"SSLv3_client_method",
"SSLv3_server_method",
],
- "Cryptography_HAS_RELEASE_BUFFERS": [
- "SSL_MODE_RELEASE_BUFFERS",
- ],
-
- "Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [
- "SSL_OP_MSIE_SSLV2_RSA_PADDING",
- ],
-
"Cryptography_HAS_NETBSD_D1_METH": [
"DTLSv1_method",
],