Move a few more constants fully to Rust (#10428)

8 files changed, 24 insertions, 18 deletions

diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 6115e48..7cf98af 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -59,13 +59,13 @@ class TestOpenSSL:
         # Verify the correspondence between these two. And do it in a way that
         # ensures coverage.
         if version.startswith("LibreSSL"):
-            assert backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-        if backend._lib.CRYPTOGRAPHY_IS_LIBRESSL:
+            assert rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL
+        if rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL:
             assert version.startswith("LibreSSL")
 
         if version.startswith("BoringSSL"):
-            assert backend._lib.CRYPTOGRAPHY_IS_BORINGSSL
-        if backend._lib.CRYPTOGRAPHY_IS_BORINGSSL:
+            assert rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
+        if rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
             assert version.startswith("BoringSSL")
 
     def test_openssl_version_number(self):
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index ef45b30..db6410d 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -24,7 +24,7 @@ class TestOpenSSL:
         # Test that we're properly handling 32-bit unsigned on all platforms.
         b = Binding()
         # SSL_OP_ALL is 0 on BoringSSL
-        if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL:
+        if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
             assert b.lib.SSL_OP_ALL > 0
         ctx = b.lib.SSL_CTX_new(b.lib.TLS_method())
         assert ctx != b.ffi.NULL
@@ -39,7 +39,7 @@ class TestOpenSSL:
         # Test that we're properly handling 32-bit unsigned on all platforms.
         b = Binding()
         # SSL_OP_ALL is 0 on BoringSSL
-        if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL:
+        if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
             assert b.lib.SSL_OP_ALL > 0
         ctx = b.lib.SSL_CTX_new(b.lib.TLS_method())
         assert ctx != b.ffi.NULL
@@ -55,7 +55,7 @@ class TestOpenSSL:
     def test_conditional_removal(self):
         b = Binding()
 
-        if not b.lib.CRYPTOGRAPHY_IS_LIBRESSL:
+        if not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL:
             assert b.lib.TLS_ST_OK
         else:
             with pytest.raises(AttributeError):
@@ -76,7 +76,7 @@ class TestOpenSSL:
         error = exc_info.value.err_code[0]
         assert error.lib == b.lib.ERR_LIB_EVP
         assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
-        if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL:
+        if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
             assert b"data not multiple of block length" in error.reason_text
 
     def test_version_mismatch(self):
@@ -103,5 +103,5 @@ class TestOpenSSL:
         error = exc_info.value.err_code[0]
         assert error.lib == b.lib.ERR_LIB_EVP
         assert error.reason == b.lib.EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH
-        if not b.lib.CRYPTOGRAPHY_IS_BORINGSSL:
+        if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL:
             assert b"data not multiple of block length" in error.reason_text
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index 1f3dfd0..7b4b065 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -8,6 +8,7 @@ import os
 
 import pytest
 
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives.ciphers import algorithms, base, modes
 
 from ...doubles import DummyMode
@@ -61,7 +62,7 @@ class TestAESModeXTS:
             enc.update(b"0" * 15)
 
     @pytest.mark.supported(
-        only_if=lambda backend: (not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL),
+        only_if=lambda backend: not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL,
         skip_message="duplicate key encryption error added in OpenSSL 1.1.1d",
     )
     def test_xts_no_duplicate_keys_encryption(self, backend):
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
index 4b3b63a..d287d29 100644
--- a/tests/hazmat/primitives/test_dh.py
+++ b/tests/hazmat/primitives/test_dh.py
@@ -11,6 +11,7 @@ import typing
 
 import pytest
 
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import dh
 
@@ -379,7 +380,7 @@ class TestDH:
     @pytest.mark.skip_fips(reason="key_size too small for FIPS")
     @pytest.mark.supported(
         only_if=lambda backend: (
-            not backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+            not rust_openssl.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
         ),
         skip_message="256-bit DH keys are not supported in OpenSSL 3.0.0+",
     )
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 9a368e6..a558af3 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -13,6 +13,7 @@ from binascii import hexlify
 import pytest
 
 from cryptography import exceptions, utils, x509
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.asymmetric.utils import (
@@ -133,7 +134,7 @@ def test_derive_point_at_infinity(backend):
     # BoringSSL rejects infinity points before it ever gets to us, so it
     # uses a more generic error message.
     match = (
-        "infinity" if not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL else "Invalid"
+        "infinity" if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL else "Invalid"
     )
     with pytest.raises(ValueError, match=match):
         ec.derive_private_key(q, ec.SECP256R1())
@@ -423,7 +424,7 @@ class TestECDSAVectors:
         # uses a more generic error message.
         match = (
             r"infinity|invalid form"
-            if not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL
+            if not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
             else None
         )
         with pytest.raises(ValueError, match=match):
diff --git a/tests/hazmat/primitives/test_pkcs12.py b/tests/hazmat/primitives/test_pkcs12.py
index cb998c4..d9f2cde 100644
--- a/tests/hazmat/primitives/test_pkcs12.py
+++ b/tests/hazmat/primitives/test_pkcs12.py
@@ -10,6 +10,7 @@ import pytest
 
 from cryptography import x509
 from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.decrepit.ciphers.algorithms import RC2
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import (
@@ -558,7 +559,7 @@ class TestPKCS12Creation:
     ):
         if (
             enc_alg is PBES.PBESv2SHA256AndAES256CBC
-        ) and not backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
+        ) and not rust_openssl.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
             pytest.skip("PBESv2 is not supported on OpenSSL < 3.0")
 
         if (
@@ -615,7 +616,7 @@ class TestPKCS12Creation:
 
     @pytest.mark.supported(
         only_if=lambda backend: (
-            not backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
+            not rust_openssl.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER
         ),
         skip_message="Requires OpenSSL < 3.0.0 (or Libre/Boring)",
     )
diff --git a/tests/hazmat/primitives/test_pkcs7.py b/tests/hazmat/primitives/test_pkcs7.py
index 03b04cd..837ad26 100644
--- a/tests/hazmat/primitives/test_pkcs7.py
+++ b/tests/hazmat/primitives/test_pkcs7.py
@@ -11,6 +11,7 @@ import pytest
 
 from cryptography import x509
 from cryptography.exceptions import _Reasons
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ed25519, padding, rsa
 from cryptography.hazmat.primitives.serialization import pkcs7
@@ -148,7 +149,7 @@ def _pkcs7_verify(encoding, sig, msg, certs, options, backend):
     backend.openssl_assert(res == 1)
     # OpenSSL 3.0 leaves a random bio error on the stack:
     # https://github.com/openssl/openssl/issues/16681
-    if backend._lib.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
+    if rust_openssl.CRYPTOGRAPHY_OPENSSL_300_OR_GREATER:
         backend._consume_errors()
 
 
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index eb74be7..3ce55b4 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -15,6 +15,7 @@ from cryptography.exceptions import (
     UnsupportedAlgorithm,
     _Reasons,
 )
+from cryptography.hazmat.bindings._rust import openssl as rust_openssl
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import padding, rsa
 from cryptography.hazmat.primitives.asymmetric import utils as asym_utils
@@ -251,7 +252,7 @@ class TestRSA:
         assert public_num.e == public_num2.e
 
     @pytest.mark.supported(
-        only_if=lambda backend: not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL,
+        only_if=lambda backend: not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL,
         skip_message="Does not support RSA PSS loading",
     )
     @pytest.mark.parametrize(
@@ -302,7 +303,7 @@ class TestRSA:
             )
 
     @pytest.mark.supported(
-        only_if=lambda backend: backend._lib.CRYPTOGRAPHY_IS_BORINGSSL,
+        only_if=lambda backend: rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL,
         skip_message="Test requires a backend without RSA-PSS key support",
     )
     def test_load_pss_unsupported(self, backend):