added v3

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/__init__.py

@@ -0,0 +1,3 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi

@@ -0,0 +1,28 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import padding
+
+def check_ansix923_padding(data: bytes) -> bool: ...
+
+class PKCS7PaddingContext(padding.PaddingContext):
+    def __init__(self, block_size: int) -> None: ...
+    def update(self, data: bytes) -> bytes: ...
+    def finalize(self) -> bytes: ...
+
+class PKCS7UnpaddingContext(padding.PaddingContext):
+    def __init__(self, block_size: int) -> None: ...
+    def update(self, data: bytes) -> bytes: ...
+    def finalize(self) -> bytes: ...
+
+class ObjectIdentifier:
+    def __init__(self, val: str) -> None: ...
+    @property
+    def dotted_string(self) -> str: ...
+    @property
+    def _name(self) -> str: ...
+
+T = typing.TypeVar("T")

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/_openssl.pyi

@@ -0,0 +1,8 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+lib = typing.Any
+ffi = typing.Any

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi

@@ -0,0 +1,7 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+def decode_dss_signature(signature: bytes) -> tuple[int, int]: ...
+def encode_dss_signature(r: int, s: int) -> bytes: ...
+def parse_spki_for_data(data: bytes) -> bytes: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/exceptions.pyi

@@ -0,0 +1,17 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+class _Reasons:
+    BACKEND_MISSING_INTERFACE: _Reasons
+    UNSUPPORTED_HASH: _Reasons
+    UNSUPPORTED_CIPHER: _Reasons
+    UNSUPPORTED_PADDING: _Reasons
+    UNSUPPORTED_MGF: _Reasons
+    UNSUPPORTED_PUBLIC_KEY_ALGORITHM: _Reasons
+    UNSUPPORTED_ELLIPTIC_CURVE: _Reasons
+    UNSUPPORTED_SERIALIZATION: _Reasons
+    UNSUPPORTED_X509: _Reasons
+    UNSUPPORTED_EXCHANGE_ALGORITHM: _Reasons
+    UNSUPPORTED_DIFFIE_HELLMAN: _Reasons
+    UNSUPPORTED_MAC: _Reasons

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi

@@ -0,0 +1,117 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import datetime
+import typing
+
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
+from cryptography.x509 import ocsp
+
+class OCSPRequest:
+    @property
+    def issuer_key_hash(self) -> bytes: ...
+    @property
+    def issuer_name_hash(self) -> bytes: ...
+    @property
+    def hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def serial_number(self) -> int: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+
+class OCSPResponse:
+    @property
+    def responses(self) -> typing.Iterator[OCSPSingleResponse]: ...
+    @property
+    def response_status(self) -> ocsp.OCSPResponseStatus: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_response_bytes(self) -> bytes: ...
+    @property
+    def certificates(self) -> list[x509.Certificate]: ...
+    @property
+    def responder_key_hash(self) -> bytes | None: ...
+    @property
+    def responder_name(self) -> x509.Name | None: ...
+    @property
+    def produced_at(self) -> datetime.datetime: ...
+    @property
+    def produced_at_utc(self) -> datetime.datetime: ...
+    @property
+    def certificate_status(self) -> ocsp.OCSPCertStatus: ...
+    @property
+    def revocation_time(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_time_utc(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_reason(self) -> x509.ReasonFlags | None: ...
+    @property
+    def this_update(self) -> datetime.datetime: ...
+    @property
+    def this_update_utc(self) -> datetime.datetime: ...
+    @property
+    def next_update(self) -> datetime.datetime | None: ...
+    @property
+    def next_update_utc(self) -> datetime.datetime | None: ...
+    @property
+    def issuer_key_hash(self) -> bytes: ...
+    @property
+    def issuer_name_hash(self) -> bytes: ...
+    @property
+    def hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def serial_number(self) -> int: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def single_extensions(self) -> x509.Extensions: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+
+class OCSPSingleResponse:
+    @property
+    def certificate_status(self) -> ocsp.OCSPCertStatus: ...
+    @property
+    def revocation_time(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_time_utc(self) -> datetime.datetime | None: ...
+    @property
+    def revocation_reason(self) -> x509.ReasonFlags | None: ...
+    @property
+    def this_update(self) -> datetime.datetime: ...
+    @property
+    def this_update_utc(self) -> datetime.datetime: ...
+    @property
+    def next_update(self) -> datetime.datetime | None: ...
+    @property
+    def next_update_utc(self) -> datetime.datetime | None: ...
+    @property
+    def issuer_key_hash(self) -> bytes: ...
+    @property
+    def issuer_name_hash(self) -> bytes: ...
+    @property
+    def hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def serial_number(self) -> int: ...
+
+def load_der_ocsp_request(data: bytes) -> ocsp.OCSPRequest: ...
+def load_der_ocsp_response(data: bytes) -> ocsp.OCSPResponse: ...
+def create_ocsp_request(
+    builder: ocsp.OCSPRequestBuilder,
+) -> ocsp.OCSPRequest: ...
+def create_ocsp_response(
+    status: ocsp.OCSPResponseStatus,
+    builder: ocsp.OCSPResponseBuilder | None,
+    private_key: PrivateKeyTypes | None,
+    hash_algorithm: hashes.HashAlgorithm | None,
+) -> ocsp.OCSPResponse: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi

@@ -0,0 +1,72 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.bindings._rust.openssl import (
+    aead,
+    ciphers,
+    cmac,
+    dh,
+    dsa,
+    ec,
+    ed448,
+    ed25519,
+    hashes,
+    hmac,
+    kdf,
+    keys,
+    poly1305,
+    rsa,
+    x448,
+    x25519,
+)
+
+__all__ = [
+    "aead",
+    "ciphers",
+    "cmac",
+    "dh",
+    "dsa",
+    "ec",
+    "ed448",
+    "ed25519",
+    "hashes",
+    "hmac",
+    "kdf",
+    "keys",
+    "openssl_version",
+    "openssl_version_text",
+    "poly1305",
+    "raise_openssl_error",
+    "rsa",
+    "x448",
+    "x25519",
+]
+
+CRYPTOGRAPHY_IS_LIBRESSL: bool
+CRYPTOGRAPHY_IS_BORINGSSL: bool
+CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: bool
+CRYPTOGRAPHY_OPENSSL_309_OR_GREATER: bool
+CRYPTOGRAPHY_OPENSSL_320_OR_GREATER: bool
+
+class Providers: ...
+
+_legacy_provider_loaded: bool
+_providers: Providers
+
+def openssl_version() -> int: ...
+def openssl_version_text() -> str: ...
+def raise_openssl_error() -> typing.NoReturn: ...
+def capture_error_stack() -> list[OpenSSLError]: ...
+def is_fips_enabled() -> bool: ...
+def enable_fips(providers: Providers) -> None: ...
+
+class OpenSSLError:
+    @property
+    def lib(self) -> int: ...
+    @property
+    def reason(self) -> int: ...
+    @property
+    def reason_text(self) -> bytes: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/aead.pyi

@@ -0,0 +1,103 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+class AESGCM:
+    def __init__(self, key: bytes) -> None: ...
+    @staticmethod
+    def generate_key(key_size: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+
+class ChaCha20Poly1305:
+    def __init__(self, key: bytes) -> None: ...
+    @staticmethod
+    def generate_key() -> bytes: ...
+    def encrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+
+class AESCCM:
+    def __init__(self, key: bytes, tag_length: int = 16) -> None: ...
+    @staticmethod
+    def generate_key(key_size: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+
+class AESSIV:
+    def __init__(self, key: bytes) -> None: ...
+    @staticmethod
+    def generate_key(key_size: int) -> bytes: ...
+    def encrypt(
+        self,
+        data: bytes,
+        associated_data: list[bytes] | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        data: bytes,
+        associated_data: list[bytes] | None,
+    ) -> bytes: ...
+
+class AESOCB3:
+    def __init__(self, key: bytes) -> None: ...
+    @staticmethod
+    def generate_key(key_size: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+
+class AESGCMSIV:
+    def __init__(self, key: bytes) -> None: ...
+    @staticmethod
+    def generate_key(key_size: int) -> bytes: ...
+    def encrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...
+    def decrypt(
+        self,
+        nonce: bytes,
+        data: bytes,
+        associated_data: bytes | None,
+    ) -> bytes: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi

@@ -0,0 +1,38 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import ciphers
+from cryptography.hazmat.primitives.ciphers import modes
+
+@typing.overload
+def create_encryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag
+) -> ciphers.AEADEncryptionContext: ...
+@typing.overload
+def create_encryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode
+) -> ciphers.CipherContext: ...
+@typing.overload
+def create_decryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.ModeWithAuthenticationTag
+) -> ciphers.AEADDecryptionContext: ...
+@typing.overload
+def create_decryption_ctx(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode
+) -> ciphers.CipherContext: ...
+def cipher_supported(
+    algorithm: ciphers.CipherAlgorithm, mode: modes.Mode
+) -> bool: ...
+def _advance(
+    ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int
+) -> None: ...
+def _advance_aad(
+    ctx: ciphers.AEADEncryptionContext | ciphers.AEADDecryptionContext, n: int
+) -> None: ...
+
+class CipherContext: ...
+class AEADEncryptionContext: ...
+class AEADDecryptionContext: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi

@@ -0,0 +1,18 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import ciphers
+
+class CMAC:
+    def __init__(
+        self,
+        algorithm: ciphers.BlockCipherAlgorithm,
+        backend: typing.Any = None,
+    ) -> None: ...
+    def update(self, data: bytes) -> None: ...
+    def finalize(self) -> bytes: ...
+    def verify(self, signature: bytes) -> None: ...
+    def copy(self) -> CMAC: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/dh.pyi

@@ -0,0 +1,51 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric import dh
+
+MIN_MODULUS_SIZE: int
+
+class DHPrivateKey: ...
+class DHPublicKey: ...
+class DHParameters: ...
+
+class DHPrivateNumbers:
+    def __init__(self, x: int, public_numbers: DHPublicNumbers) -> None: ...
+    def private_key(self, backend: typing.Any = None) -> dh.DHPrivateKey: ...
+    @property
+    def x(self) -> int: ...
+    @property
+    def public_numbers(self) -> DHPublicNumbers: ...
+
+class DHPublicNumbers:
+    def __init__(
+        self, y: int, parameter_numbers: DHParameterNumbers
+    ) -> None: ...
+    def public_key(self, backend: typing.Any = None) -> dh.DHPublicKey: ...
+    @property
+    def y(self) -> int: ...
+    @property
+    def parameter_numbers(self) -> DHParameterNumbers: ...
+
+class DHParameterNumbers:
+    def __init__(self, p: int, g: int, q: int | None = None) -> None: ...
+    def parameters(self, backend: typing.Any = None) -> dh.DHParameters: ...
+    @property
+    def p(self) -> int: ...
+    @property
+    def g(self) -> int: ...
+    @property
+    def q(self) -> int | None: ...
+
+def generate_parameters(
+    generator: int, key_size: int, backend: typing.Any = None
+) -> dh.DHParameters: ...
+def from_pem_parameters(
+    data: bytes, backend: typing.Any = None
+) -> dh.DHParameters: ...
+def from_der_parameters(
+    data: bytes, backend: typing.Any = None
+) -> dh.DHParameters: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi

@@ -0,0 +1,41 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric import dsa
+
+class DSAPrivateKey: ...
+class DSAPublicKey: ...
+class DSAParameters: ...
+
+class DSAPrivateNumbers:
+    def __init__(self, x: int, public_numbers: DSAPublicNumbers) -> None: ...
+    @property
+    def x(self) -> int: ...
+    @property
+    def public_numbers(self) -> DSAPublicNumbers: ...
+    def private_key(self, backend: typing.Any = None) -> dsa.DSAPrivateKey: ...
+
+class DSAPublicNumbers:
+    def __init__(
+        self, y: int, parameter_numbers: DSAParameterNumbers
+    ) -> None: ...
+    @property
+    def y(self) -> int: ...
+    @property
+    def parameter_numbers(self) -> DSAParameterNumbers: ...
+    def public_key(self, backend: typing.Any = None) -> dsa.DSAPublicKey: ...
+
+class DSAParameterNumbers:
+    def __init__(self, p: int, q: int, g: int) -> None: ...
+    @property
+    def p(self) -> int: ...
+    @property
+    def q(self) -> int: ...
+    @property
+    def g(self) -> int: ...
+    def parameters(self, backend: typing.Any = None) -> dsa.DSAParameters: ...
+
+def generate_parameters(key_size: int) -> dsa.DSAParameters: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/ec.pyi

@@ -0,0 +1,52 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric import ec
+
+class ECPrivateKey: ...
+class ECPublicKey: ...
+
+class EllipticCurvePrivateNumbers:
+    def __init__(
+        self, private_value: int, public_numbers: EllipticCurvePublicNumbers
+    ) -> None: ...
+    def private_key(
+        self, backend: typing.Any = None
+    ) -> ec.EllipticCurvePrivateKey: ...
+    @property
+    def private_value(self) -> int: ...
+    @property
+    def public_numbers(self) -> EllipticCurvePublicNumbers: ...
+
+class EllipticCurvePublicNumbers:
+    def __init__(self, x: int, y: int, curve: ec.EllipticCurve) -> None: ...
+    def public_key(
+        self, backend: typing.Any = None
+    ) -> ec.EllipticCurvePublicKey: ...
+    @property
+    def x(self) -> int: ...
+    @property
+    def y(self) -> int: ...
+    @property
+    def curve(self) -> ec.EllipticCurve: ...
+    def __eq__(self, other: object) -> bool: ...
+
+def curve_supported(curve: ec.EllipticCurve) -> bool: ...
+def generate_private_key(
+    curve: ec.EllipticCurve, backend: typing.Any = None
+) -> ec.EllipticCurvePrivateKey: ...
+def from_private_numbers(
+    numbers: ec.EllipticCurvePrivateNumbers,
+) -> ec.EllipticCurvePrivateKey: ...
+def from_public_numbers(
+    numbers: ec.EllipticCurvePublicNumbers,
+) -> ec.EllipticCurvePublicKey: ...
+def from_public_bytes(
+    curve: ec.EllipticCurve, data: bytes
+) -> ec.EllipticCurvePublicKey: ...
+def derive_private_key(
+    private_value: int, curve: ec.EllipticCurve
+) -> ec.EllipticCurvePrivateKey: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi

@@ -0,0 +1,12 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography.hazmat.primitives.asymmetric import ed25519
+
+class Ed25519PrivateKey: ...
+class Ed25519PublicKey: ...
+
+def generate_key() -> ed25519.Ed25519PrivateKey: ...
+def from_private_bytes(data: bytes) -> ed25519.Ed25519PrivateKey: ...
+def from_public_bytes(data: bytes) -> ed25519.Ed25519PublicKey: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi

@@ -0,0 +1,12 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography.hazmat.primitives.asymmetric import ed448
+
+class Ed448PrivateKey: ...
+class Ed448PublicKey: ...
+
+def generate_key() -> ed448.Ed448PrivateKey: ...
+def from_private_bytes(data: bytes) -> ed448.Ed448PrivateKey: ...
+def from_public_bytes(data: bytes) -> ed448.Ed448PublicKey: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi

@@ -0,0 +1,19 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import hashes
+
+class Hash(hashes.HashContext):
+    def __init__(
+        self, algorithm: hashes.HashAlgorithm, backend: typing.Any = None
+    ) -> None: ...
+    @property
+    def algorithm(self) -> hashes.HashAlgorithm: ...
+    def update(self, data: bytes) -> None: ...
+    def finalize(self) -> bytes: ...
+    def copy(self) -> Hash: ...
+
+def hash_supported(algorithm: hashes.HashAlgorithm) -> bool: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi

@@ -0,0 +1,21 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives import hashes
+
+class HMAC(hashes.HashContext):
+    def __init__(
+        self,
+        key: bytes,
+        algorithm: hashes.HashAlgorithm,
+        backend: typing.Any = None,
+    ) -> None: ...
+    @property
+    def algorithm(self) -> hashes.HashAlgorithm: ...
+    def update(self, data: bytes) -> None: ...
+    def finalize(self) -> bytes: ...
+    def verify(self, signature: bytes) -> None: ...
+    def copy(self) -> HMAC: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi

@@ -0,0 +1,43 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.hashes import HashAlgorithm
+
+def derive_pbkdf2_hmac(
+    key_material: bytes,
+    algorithm: HashAlgorithm,
+    salt: bytes,
+    iterations: int,
+    length: int,
+) -> bytes: ...
+
+class Scrypt:
+    def __init__(
+        self,
+        salt: bytes,
+        length: int,
+        n: int,
+        r: int,
+        p: int,
+        backend: typing.Any = None,
+    ) -> None: ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...
+
+class Argon2id:
+    def __init__(
+        self,
+        *,
+        salt: bytes,
+        length: int,
+        iterations: int,
+        lanes: int,
+        memory_cost: int,
+        ad: bytes | None = None,
+        secret: bytes | None = None,
+    ) -> None: ...
+    def derive(self, key_material: bytes) -> bytes: ...
+    def verify(self, key_material: bytes, expected_key: bytes) -> None: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/keys.pyi

@@ -0,0 +1,33 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric.types import (
+    PrivateKeyTypes,
+    PublicKeyTypes,
+)
+
+def load_der_private_key(
+    data: bytes,
+    password: bytes | None,
+    backend: typing.Any = None,
+    *,
+    unsafe_skip_rsa_key_validation: bool = False,
+) -> PrivateKeyTypes: ...
+def load_pem_private_key(
+    data: bytes,
+    password: bytes | None,
+    backend: typing.Any = None,
+    *,
+    unsafe_skip_rsa_key_validation: bool = False,
+) -> PrivateKeyTypes: ...
+def load_der_public_key(
+    data: bytes,
+    backend: typing.Any = None,
+) -> PublicKeyTypes: ...
+def load_pem_public_key(
+    data: bytes,
+    backend: typing.Any = None,
+) -> PublicKeyTypes: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi

@@ -0,0 +1,13 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+class Poly1305:
+    def __init__(self, key: bytes) -> None: ...
+    @staticmethod
+    def generate_tag(key: bytes, data: bytes) -> bytes: ...
+    @staticmethod
+    def verify_tag(key: bytes, data: bytes, tag: bytes) -> None: ...
+    def update(self, data: bytes) -> None: ...
+    def finalize(self) -> bytes: ...
+    def verify(self, tag: bytes) -> None: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi

@@ -0,0 +1,55 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography.hazmat.primitives.asymmetric import rsa
+
+class RSAPrivateKey: ...
+class RSAPublicKey: ...
+
+class RSAPrivateNumbers:
+    def __init__(
+        self,
+        p: int,
+        q: int,
+        d: int,
+        dmp1: int,
+        dmq1: int,
+        iqmp: int,
+        public_numbers: RSAPublicNumbers,
+    ) -> None: ...
+    @property
+    def p(self) -> int: ...
+    @property
+    def q(self) -> int: ...
+    @property
+    def d(self) -> int: ...
+    @property
+    def dmp1(self) -> int: ...
+    @property
+    def dmq1(self) -> int: ...
+    @property
+    def iqmp(self) -> int: ...
+    @property
+    def public_numbers(self) -> RSAPublicNumbers: ...
+    def private_key(
+        self,
+        backend: typing.Any = None,
+        *,
+        unsafe_skip_rsa_key_validation: bool = False,
+    ) -> rsa.RSAPrivateKey: ...
+
+class RSAPublicNumbers:
+    def __init__(self, e: int, n: int) -> None: ...
+    @property
+    def n(self) -> int: ...
+    @property
+    def e(self) -> int: ...
+    def public_key(self, backend: typing.Any = None) -> rsa.RSAPublicKey: ...
+
+def generate_private_key(
+    public_exponent: int,
+    key_size: int,
+) -> rsa.RSAPrivateKey: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi

@@ -0,0 +1,12 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography.hazmat.primitives.asymmetric import x25519
+
+class X25519PrivateKey: ...
+class X25519PublicKey: ...
+
+def generate_key() -> x25519.X25519PrivateKey: ...
+def from_private_bytes(data: bytes) -> x25519.X25519PrivateKey: ...
+def from_public_bytes(data: bytes) -> x25519.X25519PublicKey: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/openssl/x448.pyi

@@ -0,0 +1,12 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography.hazmat.primitives.asymmetric import x448
+
+class X448PrivateKey: ...
+class X448PublicKey: ...
+
+def generate_key() -> x448.X448PrivateKey: ...
+def from_private_bytes(data: bytes) -> x448.X448PrivateKey: ...
+def from_public_bytes(data: bytes) -> x448.X448PublicKey: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/pkcs12.pyi

@@ -0,0 +1,46 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography import x509
+from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
+from cryptography.hazmat.primitives.serialization import (
+    KeySerializationEncryption,
+)
+from cryptography.hazmat.primitives.serialization.pkcs12 import (
+    PKCS12KeyAndCertificates,
+    PKCS12PrivateKeyTypes,
+)
+
+class PKCS12Certificate:
+    def __init__(
+        self, cert: x509.Certificate, friendly_name: bytes | None
+    ) -> None: ...
+    @property
+    def friendly_name(self) -> bytes | None: ...
+    @property
+    def certificate(self) -> x509.Certificate: ...
+
+def load_key_and_certificates(
+    data: bytes,
+    password: bytes | None,
+    backend: typing.Any = None,
+) -> tuple[
+    PrivateKeyTypes | None,
+    x509.Certificate | None,
+    list[x509.Certificate],
+]: ...
+def load_pkcs12(
+    data: bytes,
+    password: bytes | None,
+    backend: typing.Any = None,
+) -> PKCS12KeyAndCertificates: ...
+def serialize_key_and_certificates(
+    name: bytes | None,
+    key: PKCS12PrivateKeyTypes | None,
+    cert: x509.Certificate | None,
+    cas: typing.Iterable[x509.Certificate | PKCS12Certificate] | None,
+    encryption_algorithm: KeySerializationEncryption,
+) -> bytes: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/pkcs7.pyi

@@ -0,0 +1,49 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import typing
+
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.serialization import pkcs7
+
+def serialize_certificates(
+    certs: list[x509.Certificate],
+    encoding: serialization.Encoding,
+) -> bytes: ...
+def encrypt_and_serialize(
+    builder: pkcs7.PKCS7EnvelopeBuilder,
+    encoding: serialization.Encoding,
+    options: typing.Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def sign_and_serialize(
+    builder: pkcs7.PKCS7SignatureBuilder,
+    encoding: serialization.Encoding,
+    options: typing.Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def decrypt_der(
+    data: bytes,
+    certificate: x509.Certificate,
+    private_key: rsa.RSAPrivateKey,
+    options: typing.Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def decrypt_pem(
+    data: bytes,
+    certificate: x509.Certificate,
+    private_key: rsa.RSAPrivateKey,
+    options: typing.Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def decrypt_smime(
+    data: bytes,
+    certificate: x509.Certificate,
+    private_key: rsa.RSAPrivateKey,
+    options: typing.Iterable[pkcs7.PKCS7Options],
+) -> bytes: ...
+def load_pem_pkcs7_certificates(
+    data: bytes,
+) -> list[x509.Certificate]: ...
+def load_der_pkcs7_certificates(
+    data: bytes,
+) -> list[x509.Certificate]: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/test_support.pyi

@@ -0,0 +1,22 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from cryptography import x509
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.serialization import pkcs7
+
+class TestCertificate:
+    not_after_tag: int
+    not_before_tag: int
+    issuer_value_tags: list[int]
+    subject_value_tags: list[int]
+
+def test_parse_certificate(data: bytes) -> TestCertificate: ...
+def pkcs7_verify(
+    encoding: serialization.Encoding,
+    sig: bytes,
+    msg: bytes | None,
+    certs: list[x509.Certificate],
+    options: list[pkcs7.PKCS7Options],
+) -> None: ...

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi

@@ -0,0 +1,246 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import datetime
+import typing
+
+from cryptography import x509
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
+from cryptography.hazmat.primitives.asymmetric.padding import PSS, PKCS1v15
+from cryptography.hazmat.primitives.asymmetric.types import (
+    CertificateIssuerPublicKeyTypes,
+    CertificatePublicKeyTypes,
+    PrivateKeyTypes,
+)
+from cryptography.x509 import certificate_transparency
+
+def load_pem_x509_certificate(
+    data: bytes, backend: typing.Any = None
+) -> x509.Certificate: ...
+def load_der_x509_certificate(
+    data: bytes, backend: typing.Any = None
+) -> x509.Certificate: ...
+def load_pem_x509_certificates(
+    data: bytes,
+) -> list[x509.Certificate]: ...
+def load_pem_x509_crl(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateRevocationList: ...
+def load_der_x509_crl(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateRevocationList: ...
+def load_pem_x509_csr(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateSigningRequest: ...
+def load_der_x509_csr(
+    data: bytes, backend: typing.Any = None
+) -> x509.CertificateSigningRequest: ...
+def encode_name_bytes(name: x509.Name) -> bytes: ...
+def encode_extension_value(extension: x509.ExtensionType) -> bytes: ...
+def create_x509_certificate(
+    builder: x509.CertificateBuilder,
+    private_key: PrivateKeyTypes,
+    hash_algorithm: hashes.HashAlgorithm | None,
+    rsa_padding: PKCS1v15 | PSS | None,
+) -> x509.Certificate: ...
+def create_x509_csr(
+    builder: x509.CertificateSigningRequestBuilder,
+    private_key: PrivateKeyTypes,
+    hash_algorithm: hashes.HashAlgorithm | None,
+    rsa_padding: PKCS1v15 | PSS | None,
+) -> x509.CertificateSigningRequest: ...
+def create_x509_crl(
+    builder: x509.CertificateRevocationListBuilder,
+    private_key: PrivateKeyTypes,
+    hash_algorithm: hashes.HashAlgorithm | None,
+    rsa_padding: PKCS1v15 | PSS | None,
+) -> x509.CertificateRevocationList: ...
+
+class Sct:
+    @property
+    def version(self) -> certificate_transparency.Version: ...
+    @property
+    def log_id(self) -> bytes: ...
+    @property
+    def timestamp(self) -> datetime.datetime: ...
+    @property
+    def entry_type(self) -> certificate_transparency.LogEntryType: ...
+    @property
+    def signature_hash_algorithm(self) -> hashes.HashAlgorithm: ...
+    @property
+    def signature_algorithm(
+        self,
+    ) -> certificate_transparency.SignatureAlgorithm: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def extension_bytes(self) -> bytes: ...
+
+class Certificate:
+    def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
+    @property
+    def serial_number(self) -> int: ...
+    @property
+    def version(self) -> x509.Version: ...
+    def public_key(self) -> CertificatePublicKeyTypes: ...
+    @property
+    def public_key_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def not_valid_before(self) -> datetime.datetime: ...
+    @property
+    def not_valid_before_utc(self) -> datetime.datetime: ...
+    @property
+    def not_valid_after(self) -> datetime.datetime: ...
+    @property
+    def not_valid_after_utc(self) -> datetime.datetime: ...
+    @property
+    def issuer(self) -> x509.Name: ...
+    @property
+    def subject(self) -> x509.Name: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_algorithm_parameters(
+        self,
+    ) -> None | PSS | PKCS1v15 | ECDSA: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_certificate_bytes(self) -> bytes: ...
+    @property
+    def tbs_precertificate_bytes(self) -> bytes: ...
+    def __eq__(self, other: object) -> bool: ...
+    def __hash__(self) -> int: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    def verify_directly_issued_by(self, issuer: Certificate) -> None: ...
+
+class RevokedCertificate: ...
+
+class CertificateRevocationList:
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    def fingerprint(self, algorithm: hashes.HashAlgorithm) -> bytes: ...
+    def get_revoked_certificate_by_serial_number(
+        self, serial_number: int
+    ) -> RevokedCertificate | None: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_algorithm_parameters(
+        self,
+    ) -> None | PSS | PKCS1v15 | ECDSA: ...
+    @property
+    def issuer(self) -> x509.Name: ...
+    @property
+    def next_update(self) -> datetime.datetime | None: ...
+    @property
+    def next_update_utc(self) -> datetime.datetime | None: ...
+    @property
+    def last_update(self) -> datetime.datetime: ...
+    @property
+    def last_update_utc(self) -> datetime.datetime: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_certlist_bytes(self) -> bytes: ...
+    def __eq__(self, other: object) -> bool: ...
+    def __len__(self) -> int: ...
+    @typing.overload
+    def __getitem__(self, idx: int) -> x509.RevokedCertificate: ...
+    @typing.overload
+    def __getitem__(self, idx: slice) -> list[x509.RevokedCertificate]: ...
+    def __iter__(self) -> typing.Iterator[x509.RevokedCertificate]: ...
+    def is_signature_valid(
+        self, public_key: CertificateIssuerPublicKeyTypes
+    ) -> bool: ...
+
+class CertificateSigningRequest:
+    def __eq__(self, other: object) -> bool: ...
+    def __hash__(self) -> int: ...
+    def public_key(self) -> CertificatePublicKeyTypes: ...
+    @property
+    def subject(self) -> x509.Name: ...
+    @property
+    def signature_hash_algorithm(
+        self,
+    ) -> hashes.HashAlgorithm | None: ...
+    @property
+    def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
+    @property
+    def signature_algorithm_parameters(
+        self,
+    ) -> None | PSS | PKCS1v15 | ECDSA: ...
+    @property
+    def extensions(self) -> x509.Extensions: ...
+    @property
+    def attributes(self) -> x509.Attributes: ...
+    def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
+    @property
+    def signature(self) -> bytes: ...
+    @property
+    def tbs_certrequest_bytes(self) -> bytes: ...
+    @property
+    def is_signature_valid(self) -> bool: ...
+    def get_attribute_for_oid(self, oid: x509.ObjectIdentifier) -> bytes: ...
+
+class PolicyBuilder:
+    def time(self, new_time: datetime.datetime) -> PolicyBuilder: ...
+    def store(self, new_store: Store) -> PolicyBuilder: ...
+    def max_chain_depth(self, new_max_chain_depth: int) -> PolicyBuilder: ...
+    def build_client_verifier(self) -> ClientVerifier: ...
+    def build_server_verifier(
+        self, subject: x509.verification.Subject
+    ) -> ServerVerifier: ...
+
+class VerifiedClient:
+    @property
+    def subjects(self) -> list[x509.GeneralName] | None: ...
+    @property
+    def chain(self) -> list[x509.Certificate]: ...
+
+class ClientVerifier:
+    @property
+    def validation_time(self) -> datetime.datetime: ...
+    @property
+    def store(self) -> Store: ...
+    @property
+    def max_chain_depth(self) -> int: ...
+    def verify(
+        self,
+        leaf: x509.Certificate,
+        intermediates: list[x509.Certificate],
+    ) -> VerifiedClient: ...
+
+class ServerVerifier:
+    @property
+    def subject(self) -> x509.verification.Subject: ...
+    @property
+    def validation_time(self) -> datetime.datetime: ...
+    @property
+    def store(self) -> Store: ...
+    @property
+    def max_chain_depth(self) -> int: ...
+    def verify(
+        self,
+        leaf: x509.Certificate,
+        intermediates: list[x509.Certificate],
+    ) -> list[x509.Certificate]: ...
+
+class Store:
+    def __init__(self, certs: list[x509.Certificate]) -> None: ...
+
+class VerificationError(Exception):
+    pass

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/openssl/__init__.py

@@ -0,0 +1,3 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py

@@ -0,0 +1,183 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import annotations
+
+
+def cryptography_has_set_cert_cb() -> list[str]:
+    return [
+        "SSL_CTX_set_cert_cb",
+        "SSL_set_cert_cb",
+    ]
+
+
+def cryptography_has_ssl_st() -> list[str]:
+    return [
+        "SSL_ST_BEFORE",
+        "SSL_ST_OK",
+        "SSL_ST_INIT",
+        "SSL_ST_RENEGOTIATE",
+    ]
+
+
+def cryptography_has_tls_st() -> list[str]:
+    return [
+        "TLS_ST_BEFORE",
+        "TLS_ST_OK",
+    ]
+
+
+def cryptography_has_ssl_sigalgs() -> list[str]:
+    return [
+        "SSL_CTX_set1_sigalgs_list",
+    ]
+
+
+def cryptography_has_psk() -> list[str]:
+    return [
+        "SSL_CTX_use_psk_identity_hint",
+        "SSL_CTX_set_psk_server_callback",
+        "SSL_CTX_set_psk_client_callback",
+    ]
+
+
+def cryptography_has_psk_tlsv13() -> list[str]:
+    return [
+        "SSL_CTX_set_psk_find_session_callback",
+        "SSL_CTX_set_psk_use_session_callback",
+        "Cryptography_SSL_SESSION_new",
+        "SSL_CIPHER_find",
+        "SSL_SESSION_set1_master_key",
+        "SSL_SESSION_set_cipher",
+        "SSL_SESSION_set_protocol_version",
+    ]
+
+
+def cryptography_has_custom_ext() -> list[str]:
+    return [
+        "SSL_CTX_add_client_custom_ext",
+        "SSL_CTX_add_server_custom_ext",
+        "SSL_extension_supported",
+    ]
+
+
+def cryptography_has_tlsv13_functions() -> list[str]:
+    return [
+        "SSL_VERIFY_POST_HANDSHAKE",
+        "SSL_CTX_set_ciphersuites",
+        "SSL_verify_client_post_handshake",
+        "SSL_CTX_set_post_handshake_auth",
+        "SSL_set_post_handshake_auth",
+        "SSL_SESSION_get_max_early_data",
+        "SSL_write_early_data",
+        "SSL_read_early_data",
+        "SSL_CTX_set_max_early_data",
+    ]
+
+
+def cryptography_has_engine() -> list[str]:
+    return [
+        "ENGINE_by_id",
+        "ENGINE_init",
+        "ENGINE_finish",
+        "ENGINE_get_default_RAND",
+        "ENGINE_set_default_RAND",
+        "ENGINE_unregister_RAND",
+        "ENGINE_ctrl_cmd",
+        "ENGINE_free",
+        "ENGINE_get_name",
+        "ENGINE_ctrl_cmd_string",
+        "ENGINE_load_builtin_engines",
+        "ENGINE_load_private_key",
+        "ENGINE_load_public_key",
+        "SSL_CTX_set_client_cert_engine",
+    ]
+
+
+def cryptography_has_verified_chain() -> list[str]:
+    return [
+        "SSL_get0_verified_chain",
+    ]
+
+
+def cryptography_has_srtp() -> list[str]:
+    return [
+        "SSL_CTX_set_tlsext_use_srtp",
+        "SSL_set_tlsext_use_srtp",
+        "SSL_get_selected_srtp_profile",
+    ]
+
+
+def cryptography_has_op_no_renegotiation() -> list[str]:
+    return [
+        "SSL_OP_NO_RENEGOTIATION",
+    ]
+
+
+def cryptography_has_dtls_get_data_mtu() -> list[str]:
+    return [
+        "DTLS_get_data_mtu",
+    ]
+
+
+def cryptography_has_ssl_cookie() -> list[str]:
+    return [
+        "SSL_OP_COOKIE_EXCHANGE",
+        "DTLSv1_listen",
+        "SSL_CTX_set_cookie_generate_cb",
+        "SSL_CTX_set_cookie_verify_cb",
+    ]
+
+
+def cryptography_has_prime_checks() -> list[str]:
+    return [
+        "BN_prime_checks_for_size",
+    ]
+
+
+def cryptography_has_unexpected_eof_while_reading() -> list[str]:
+    return ["SSL_R_UNEXPECTED_EOF_WHILE_READING"]
+
+
+def cryptography_has_ssl_op_ignore_unexpected_eof() -> list[str]:
+    return [
+        "SSL_OP_IGNORE_UNEXPECTED_EOF",
+    ]
+
+
+def cryptography_has_get_extms_support() -> list[str]:
+    return ["SSL_get_extms_support"]
+
+
+# This is a mapping of
+# {condition: function-returning-names-dependent-on-that-condition} so we can
+# loop over them and delete unsupported names at runtime. It will be removed
+# when cffi supports #if in cdef. We use functions instead of just a dict of
+# lists so we can use coverage to measure which are used.
+CONDITIONAL_NAMES = {
+    "Cryptography_HAS_SET_CERT_CB": cryptography_has_set_cert_cb,
+    "Cryptography_HAS_SSL_ST": cryptography_has_ssl_st,
+    "Cryptography_HAS_TLS_ST": cryptography_has_tls_st,
+    "Cryptography_HAS_SIGALGS": cryptography_has_ssl_sigalgs,
+    "Cryptography_HAS_PSK": cryptography_has_psk,
+    "Cryptography_HAS_PSK_TLSv1_3": cryptography_has_psk_tlsv13,
+    "Cryptography_HAS_CUSTOM_EXT": cryptography_has_custom_ext,
+    "Cryptography_HAS_TLSv1_3_FUNCTIONS": cryptography_has_tlsv13_functions,
+    "Cryptography_HAS_ENGINE": cryptography_has_engine,
+    "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
+    "Cryptography_HAS_SRTP": cryptography_has_srtp,
+    "Cryptography_HAS_OP_NO_RENEGOTIATION": (
+        cryptography_has_op_no_renegotiation
+    ),
+    "Cryptography_HAS_DTLS_GET_DATA_MTU": cryptography_has_dtls_get_data_mtu,
+    "Cryptography_HAS_SSL_COOKIE": cryptography_has_ssl_cookie,
+    "Cryptography_HAS_PRIME_CHECKS": cryptography_has_prime_checks,
+    "Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING": (
+        cryptography_has_unexpected_eof_while_reading
+    ),
+    "Cryptography_HAS_SSL_OP_IGNORE_UNEXPECTED_EOF": (
+        cryptography_has_ssl_op_ignore_unexpected_eof
+    ),
+    "Cryptography_HAS_GET_EXTMS_SUPPORT": cryptography_has_get_extms_support,
+}

venv/lib/python3.11/site-packages/cryptography/hazmat/bindings/openssl/binding.py

@@ -0,0 +1,121 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import annotations
+
+import os
+import sys
+import threading
+import types
+import typing
+import warnings
+
+import cryptography
+from cryptography.exceptions import InternalError
+from cryptography.hazmat.bindings._rust import _openssl, openssl
+from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
+
+
+def _openssl_assert(ok: bool) -> None:
+    if not ok:
+        errors = openssl.capture_error_stack()
+
+        raise InternalError(
+            "Unknown OpenSSL error. This error is commonly encountered when "
+            "another library is not cleaning up the OpenSSL error stack. If "
+            "you are using cryptography with another library that uses "
+            "OpenSSL try disabling it before reporting a bug. Otherwise "
+            "please file an issue at https://github.com/pyca/cryptography/"
+            "issues with information on how to reproduce "
+            f"this. ({errors!r})",
+            errors,
+        )
+
+
+def build_conditional_library(
+    lib: typing.Any,
+    conditional_names: dict[str, typing.Callable[[], list[str]]],
+) -> typing.Any:
+    conditional_lib = types.ModuleType("lib")
+    conditional_lib._original_lib = lib  # type: ignore[attr-defined]
+    excluded_names = set()
+    for condition, names_cb in conditional_names.items():
+        if not getattr(lib, condition):
+            excluded_names.update(names_cb())
+
+    for attr in dir(lib):
+        if attr not in excluded_names:
+            setattr(conditional_lib, attr, getattr(lib, attr))
+
+    return conditional_lib
+
+
+class Binding:
+    """
+    OpenSSL API wrapper.
+    """
+
+    lib: typing.ClassVar = None
+    ffi = _openssl.ffi
+    _lib_loaded = False
+    _init_lock = threading.Lock()
+
+    def __init__(self) -> None:
+        self._ensure_ffi_initialized()
+
+    @classmethod
+    def _ensure_ffi_initialized(cls) -> None:
+        with cls._init_lock:
+            if not cls._lib_loaded:
+                cls.lib = build_conditional_library(
+                    _openssl.lib, CONDITIONAL_NAMES
+                )
+                cls._lib_loaded = True
+
+    @classmethod
+    def init_static_locks(cls) -> None:
+        cls._ensure_ffi_initialized()
+
+
+def _verify_package_version(version: str) -> None:
+    # Occasionally we run into situations where the version of the Python
+    # package does not match the version of the shared object that is loaded.
+    # This may occur in environments where multiple versions of cryptography
+    # are installed and available in the python path. To avoid errors cropping
+    # up later this code checks that the currently imported package and the
+    # shared object that were loaded have the same version and raise an
+    # ImportError if they do not
+    so_package_version = _openssl.ffi.string(
+        _openssl.lib.CRYPTOGRAPHY_PACKAGE_VERSION
+    )
+    if version.encode("ascii") != so_package_version:
+        raise ImportError(
+            "The version of cryptography does not match the loaded "
+            "shared object. This can happen if you have multiple copies of "
+            "cryptography installed in your Python path. Please try creating "
+            "a new virtual environment to resolve this issue. "
+            f"Loaded python version: {version}, "
+            f"shared object version: {so_package_version}"
+        )
+
+    _openssl_assert(
+        _openssl.lib.OpenSSL_version_num() == openssl.openssl_version(),
+    )
+
+
+_verify_package_version(cryptography.__version__)
+
+Binding.init_static_locks()
+
+if (
+    sys.platform == "win32"
+    and os.environ.get("PROCESSOR_ARCHITEW6432") is not None
+):
+    warnings.warn(
+        "You are using cryptography on a 32-bit Python on a 64-bit Windows "
+        "Operating System. Cryptography will be significantly faster if you "
+        "switch to using a 64-bit Python.",
+        UserWarning,
+        stacklevel=2,
+    )