From 13fc9134148485827e93d16e63c5b7e9c3ee11ae Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 13 Jan 2024 05:25:49 -0500
Subject: [PATCH] Remove Python bindings to EVP_AEAD (#10171)

---
 src/_cffi_src/build_openssl.py                |  1 -
 src/_cffi_src/openssl/evp_aead.py             | 88 -------------------
 .../hazmat/bindings/openssl/_conditional.py   | 12 ---
 3 files changed, 101 deletions(-)
 delete mode 100644 src/_cffi_src/openssl/evp_aead.py

diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
index 3a7d86caaec4..6065e7aeed37 100644
--- a/src/_cffi_src/build_openssl.py
+++ b/src/_cffi_src/build_openssl.py
@@ -33,7 +33,6 @@
         "engine",
         "err",
         "evp",
-        "evp_aead",
         "nid",
         "objects",
         "opensslv",
diff --git a/src/_cffi_src/openssl/evp_aead.py b/src/_cffi_src/openssl/evp_aead.py
deleted file mode 100644
index a748bcd7a6a8..000000000000
--- a/src/_cffi_src/openssl/evp_aead.py
+++ /dev/null
@@ -1,88 +0,0 @@
-# This file is dual licensed under the terms of the Apache License, Version
-# 2.0, and the BSD License. See the LICENSE file in the root of this repository
-# for complete details.
-
-from __future__ import annotations
-
-INCLUDES = """
-#if CRYPTOGRAPHY_IS_BORINGSSL
-#include <openssl/aead.h>
-#endif
-"""
-
-TYPES = """
-typedef ... EVP_AEAD;
-typedef ... EVP_AEAD_CTX;
-static const size_t EVP_AEAD_DEFAULT_TAG_LENGTH;
-
-static const long Cryptography_HAS_EVP_AEAD;
-"""
-
-FUNCTIONS = """
-const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
-void EVP_AEAD_CTX_free(EVP_AEAD_CTX *);
-int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *, uint8_t *, size_t *, size_t,
-                      const uint8_t *, size_t, const uint8_t *, size_t,
-                      const uint8_t *, size_t);
-int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *, uint8_t *, size_t *, size_t,
-                      const uint8_t *, size_t, const uint8_t *, size_t,
-                      const uint8_t *, size_t);
-size_t EVP_AEAD_max_overhead(const EVP_AEAD *);
-/* The function EVP_AEAD_CTX_NEW() has different signatures in BoringSSL and
-   LibreSSL, so we cannot declare it here. We define a wrapper for it instead.
-*/
-EVP_AEAD_CTX *Cryptography_EVP_AEAD_CTX_new(const EVP_AEAD *,
-                                            const uint8_t *, size_t,
-                                            size_t);
-"""
-
-CUSTOMIZATIONS = """
-#if CRYPTOGRAPHY_IS_BORINGSSL || CRYPTOGRAPHY_IS_LIBRESSL
-static const long Cryptography_HAS_EVP_AEAD = 1;
-#else
-static const long Cryptography_HAS_EVP_AEAD = 0;
-#endif
-
-#if CRYPTOGRAPHY_IS_BORINGSSL
-EVP_AEAD_CTX *Cryptography_EVP_AEAD_CTX_new(const EVP_AEAD *aead,
-                                            const uint8_t *key,
-                                            size_t key_len, size_t tag_len) {
-   return EVP_AEAD_CTX_new(aead, key, key_len, tag_len);
-}
-#elif CRYPTOGRAPHY_IS_LIBRESSL
-EVP_AEAD_CTX *Cryptography_EVP_AEAD_CTX_new(const EVP_AEAD *aead,
-                                            const uint8_t *key,
-                                            size_t key_len, size_t tag_len) {
-   EVP_AEAD_CTX *ctx = EVP_AEAD_CTX_new();
-   if (ctx == NULL) {
-      return NULL;
-   }
-
-   /* This mimics BoringSSL's behavior: any error here is pushed onto
-      the stack.
-   */
-   int result = EVP_AEAD_CTX_init(ctx, aead, key, key_len, tag_len, NULL);
-   if (result != 1) {
-      return NULL;
-   }
-
-   return ctx;
-}
-#else
-typedef void EVP_AEAD;
-typedef void EVP_AEAD_CTX;
-static const size_t EVP_AEAD_DEFAULT_TAG_LENGTH = 0;
-const EVP_AEAD *(*EVP_aead_chacha20_poly1305)(void) = NULL;
-void (*EVP_AEAD_CTX_free)(EVP_AEAD_CTX *) = NULL;
-int (*EVP_AEAD_CTX_seal)(const EVP_AEAD_CTX *, uint8_t *, size_t *, size_t,
-                         const uint8_t *, size_t, const uint8_t *, size_t,
-                         const uint8_t *, size_t) = NULL;
-int (*EVP_AEAD_CTX_open)(const EVP_AEAD_CTX *, uint8_t *, size_t *, size_t,
-                         const uint8_t *, size_t, const uint8_t *, size_t,
-                         const uint8_t *, size_t) = NULL;
-size_t (*EVP_AEAD_max_overhead)(const EVP_AEAD *) = NULL;
-EVP_AEAD_CTX *(*Cryptography_EVP_AEAD_CTX_new)(const EVP_AEAD *,
-                                               const uint8_t *, size_t,
-                                               size_t) = NULL;
-#endif
-"""
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py
index 47bbf71a3572..21e517352c7f 100644
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -199,17 +199,6 @@ def cryptography_has_get_extms_support() -> list[str]:
     return ["SSL_get_extms_support"]
 
 
-def cryptography_has_evp_aead() -> list[str]:
-    return [
-        "EVP_aead_chacha20_poly1305",
-        "EVP_AEAD_CTX_free",
-        "EVP_AEAD_CTX_seal",
-        "EVP_AEAD_CTX_open",
-        "EVP_AEAD_max_overhead",
-        "Cryptography_EVP_AEAD_CTX_new",
-    ]
-
-
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
 # loop over them and delete unsupported names at runtime. It will be removed
@@ -248,5 +237,4 @@ def cryptography_has_evp_aead() -> list[str]:
         cryptography_has_ssl_op_ignore_unexpected_eof
     ),
     "Cryptography_HAS_GET_EXTMS_SUPPORT": cryptography_has_get_extms_support,
-    "Cryptography_HAS_EVP_AEAD": cryptography_has_evp_aead,
 }