From 40c6bf654c71fa72dc62fadf5a013bc3e6fb391c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 18 Jun 2016 13:07:57 -0500
Subject: remove unneeded AES conditionals now that we no longer support 0.9.8
 (#2985)

* remove unneeded AES conditionals now that we no longer support 0.9.8

* This comment was inaccurate. EVP AES CTR is available in 1.0.1+, not 1.0.0.

* update function definition to match 1.0.0 and move to functions
---
 src/_cffi_src/openssl/aes.py                       | 25 ++++++----------------
 .../hazmat/bindings/openssl/_conditional.py        |  4 ----
 2 files changed, 6 insertions(+), 23 deletions(-)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/aes.py b/src/_cffi_src/openssl/aes.py
index 438431b5..37e7e267 100644
--- a/src/_cffi_src/openssl/aes.py
+++ b/src/_cffi_src/openssl/aes.py
@@ -21,36 +21,23 @@ typedef struct aes_key_st AES_KEY;
 FUNCTIONS = """
 int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *);
 int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *);
-"""
 
-MACROS = """
-/* these can be moved back to FUNCTIONS once we drop support for 0.9.8h.
-   This should be when we drop RHEL/CentOS 5, which is on 0.9.8e. */
 int AES_wrap_key(AES_KEY *, const unsigned char *, unsigned char *,
                  const unsigned char *, unsigned int);
 int AES_unwrap_key(AES_KEY *, const unsigned char *, unsigned char *,
                    const unsigned char *, unsigned int);
-
-/* The ctr128_encrypt function is only useful in 0.9.8. You should use EVP for
-   this in 1.0.0+. It is defined in macros because the function signature
-   changed after 0.9.8 */
+/* The ctr128_encrypt function is only useful in 1.0.0. We can use EVP for
+   this in 1.0.1+. */
 void AES_ctr128_encrypt(const unsigned char *, unsigned char *,
-                        const size_t, const AES_KEY *,
-                        unsigned char[], unsigned char[], unsigned int *);
+                        size_t, const AES_KEY *, unsigned char[],
+                        unsigned char[], unsigned int *);
+"""
 
+MACROS = """
 """
 
 CUSTOMIZATIONS = """
-/* OpenSSL 0.9.8h+ */
-#if OPENSSL_VERSION_NUMBER >= 0x0090808fL
 static const long Cryptography_HAS_AES_WRAP = 1;
-#else
-static const long Cryptography_HAS_AES_WRAP = 0;
-int (*AES_wrap_key)(AES_KEY *, const unsigned char *, unsigned char *,
-                    const unsigned char *, unsigned int) = NULL;
-int (*AES_unwrap_key)(AES_KEY *, const unsigned char *, unsigned char *,
-                      const unsigned char *, unsigned int) = NULL;
-#endif
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 static const int Cryptography_HAS_AES_CTR128_ENCRYPT = 0;
 void (*AES_ctr128_encrypt)(const unsigned char *, unsigned char *,
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index bdfeca91..1e8f99cd 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -9,10 +9,6 @@ from __future__ import absolute_import, division, print_function
 # cffi supports #if in cdef
 
 CONDITIONAL_NAMES = {
-    "Cryptography_HAS_AES_WRAP": [
-        "AES_wrap_key",
-        "AES_unwrap_key",
-    ],
     "Cryptography_HAS_CMAC": [
         "CMAC_CTX_new",
         "CMAC_Init",
-- 
cgit v1.2.3