From 01eb304b082b4ae5769eb0b2e1184dbca010961a Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 25 Apr 2020 23:42:20 -0400
Subject: Dropped support for LibreSSL 2.7, 2.8, and 2.9.0 (2.9.1+ are still
 supported) (#5231)

---
 src/_cffi_src/openssl/cryptography.py                    | 12 ------------
 src/_cffi_src/openssl/ssl.py                             | 10 ----------
 src/cryptography/hazmat/bindings/openssl/_conditional.py | 15 ---------------
 src/cryptography/hazmat/primitives/ciphers/aead.py       |  6 ------
 4 files changed, 43 deletions(-)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index 0da882c6..cd583313 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -33,16 +33,6 @@ INCLUDES = """
 #include <Winsock2.h>
 #endif
 
-#if CRYPTOGRAPHY_IS_LIBRESSL
-#define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER \
-    (LIBRESSL_VERSION_NUMBER >= 0x2080000f)
-#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER \
-    (LIBRESSL_VERSION_NUMBER >= 0x2090100f)
-#else
-#define CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER (0)
-#define CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER (0)
-#endif
-
 #define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
     (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL)
 #define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
@@ -72,8 +62,6 @@ static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111;
 static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
 
 static const int CRYPTOGRAPHY_IS_LIBRESSL;
-
-static const int CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER;
 """
 
 FUNCTIONS = """
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index c803ae7a..4ba86693 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -26,7 +26,6 @@ static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE;
 static const long Cryptography_HAS_SSL_CTX_SET_CLIENT_CERT_ENGINE;
 static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
 static const long Cryptography_HAS_DTLS;
-static const long Cryptography_HAS_GENERIC_DTLS_METHOD;
 static const long Cryptography_HAS_SIGALGS;
 static const long Cryptography_HAS_PSK;
 static const long Cryptography_HAS_CIPHER_DETAILS;
@@ -710,15 +709,6 @@ static const long TLS_ST_BEFORE = 0;
 static const long TLS_ST_OK = 0;
 #endif
 
-/* LibreSSL 2.9.1 added only the DTLS_*_method functions */
-#if CRYPTOGRAPHY_IS_LIBRESSL && !CRYPTOGRAPHY_LIBRESSL_291_OR_GREATER
-static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 0;
-const SSL_METHOD *(*DTLS_method)(void) = NULL;
-const SSL_METHOD *(*DTLS_server_method)(void) = NULL;
-const SSL_METHOD *(*DTLS_client_method)(void) = NULL;
-#else
-static const long Cryptography_HAS_GENERIC_DTLS_METHOD = 1;
-#endif
 #if CRYPTOGRAPHY_IS_LIBRESSL
 static const long SSL_OP_NO_DTLSv1 = 0;
 static const long SSL_OP_NO_DTLSv1_2 = 0;
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index b089f65b..3bc879c4 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -102,18 +102,6 @@ def cryptography_has_scrypt():
     ]
 
 
-def cryptography_has_generic_dtls_method():
-    return [
-        "DTLS_method",
-        "DTLS_server_method",
-        "DTLS_client_method",
-        "SSL_OP_NO_DTLSv1",
-        "SSL_OP_NO_DTLSv1_2",
-        "DTLS_set_link_mtu",
-        "DTLS_get_link_min_mtu",
-    ]
-
-
 def cryptography_has_evp_pkey_dhx():
     return [
         "EVP_PKEY_DHX",
@@ -336,9 +324,6 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_TLS_ST": cryptography_has_tls_st,
     "Cryptography_HAS_LOCKING_CALLBACKS": cryptography_has_locking_callbacks,
     "Cryptography_HAS_SCRYPT": cryptography_has_scrypt,
-    "Cryptography_HAS_GENERIC_DTLS_METHOD": (
-        cryptography_has_generic_dtls_method
-    ),
     "Cryptography_HAS_EVP_PKEY_DHX": cryptography_has_evp_pkey_dhx,
     "Cryptography_HAS_MEM_FUNCTIONS": cryptography_has_mem_functions,
     "Cryptography_HAS_SCT": cryptography_has_sct,
diff --git a/src/cryptography/hazmat/primitives/ciphers/aead.py b/src/cryptography/hazmat/primitives/ciphers/aead.py
index a20a80f3..72cb30c3 100644
--- a/src/cryptography/hazmat/primitives/ciphers/aead.py
+++ b/src/cryptography/hazmat/primitives/ciphers/aead.py
@@ -80,12 +80,6 @@ class AESCCM(object):
 
         self._tag_length = tag_length
 
-        if not backend.aead_cipher_supported(self):
-            raise exceptions.UnsupportedAlgorithm(
-                "AESCCM is not supported by this version of OpenSSL",
-                exceptions._Reasons.UNSUPPORTED_CIPHER
-            )
-
     @classmethod
     def generate_key(cls, bit_length):
         if not isinstance(bit_length, int):
-- 
cgit v1.2.3