Merge pull request #2073 from glyph/no-c-random

Replace C implementation of OS Random engine with Python one that just calls os.urandom
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-06-30 20:46:51 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-06-30 20:46:51 -0500
commit: 0a4c9ccf944cad5767a45f542ff170177b9b76dd (patch)
tree: 05841433bd2970d38dc0a69e06a495ddcc38d476 /tests/hazmat
parent: 902e55cbcb5d379cbddd3e55e8eece5ac5d46ad4 (diff)
parent: b18fc3912682d39ba5a4addfab963e50736e689c (diff)
download: cryptography-0a4c9ccf944cad5767a45f542ff170177b9b76dd.tar.gz
cryptography-0a4c9ccf944cad5767a45f542ff170177b9b76dd.tar.bz2
cryptography-0a4c9ccf944cad5767a45f542ff170177b9b76dd.zip
2 files changed, 38 insertions, 8 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 34fff277..6a2e8a77 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -224,7 +224,7 @@ class TestOpenSSLRandomEngine(object):
         backend.activate_osrandom_engine()
         current_default = backend._lib.ENGINE_get_default_RAND()
         name = backend._lib.ENGINE_get_name(current_default)
-        assert name == backend._lib.Cryptography_osrandom_engine_name
+        assert name == backend._binding._osrandom_engine_name
 
     def test_osrandom_engine_is_default(self, tmpdir):
         engine_printer = textwrap.dedent(
@@ -258,7 +258,7 @@ class TestOpenSSLRandomEngine(object):
             )
 
         osrandom_engine_name = backend._ffi.string(
-            backend._lib.Cryptography_osrandom_engine_name
+            backend._binding._osrandom_engine_name
         )
 
         assert engine_name.read().encode('ascii') == osrandom_engine_name
@@ -277,7 +277,7 @@ class TestOpenSSLRandomEngine(object):
         backend.activate_osrandom_engine()
         e = backend._lib.ENGINE_get_default_RAND()
         name = backend._lib.ENGINE_get_name(e)
-        assert name == backend._lib.Cryptography_osrandom_engine_name
+        assert name == backend._binding._osrandom_engine_name
         res = backend._lib.ENGINE_free(e)
         assert res == 1
 
@@ -285,7 +285,7 @@ class TestOpenSSLRandomEngine(object):
         e = backend._lib.ENGINE_get_default_RAND()
         assert e != backend._ffi.NULL
         name = backend._lib.ENGINE_get_name(e)
-        assert name == backend._lib.Cryptography_osrandom_engine_name
+        assert name == backend._binding._osrandom_engine_name
         res = backend._lib.ENGINE_free(e)
         assert res == 1
         backend.activate_builtin_random()
@@ -303,13 +303,13 @@ class TestOpenSSLRandomEngine(object):
     def test_activate_osrandom_already_default(self):
         e = backend._lib.ENGINE_get_default_RAND()
         name = backend._lib.ENGINE_get_name(e)
-        assert name == backend._lib.Cryptography_osrandom_engine_name
+        assert name == backend._binding._osrandom_engine_name
         res = backend._lib.ENGINE_free(e)
         assert res == 1
         backend.activate_osrandom_engine()
         e = backend._lib.ENGINE_get_default_RAND()
         name = backend._lib.ENGINE_get_name(e)
-        assert name == backend._lib.Cryptography_osrandom_engine_name
+        assert name == backend._binding._osrandom_engine_name
         res = backend._lib.ENGINE_free(e)
         assert res == 1
 
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index e6d6fc45..f3f2eaf4 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -4,11 +4,27 @@
 
 from __future__ import absolute_import, division, print_function
 
+import os
+
 import pytest
 
 from cryptography.hazmat.bindings.openssl.binding import Binding
 
 
+def skip_if_libre_ssl(openssl_version):
+    if b'LibreSSL' in openssl_version:
+        pytest.skip("LibreSSL hard-codes RAND_bytes to use arc4random.")
+
+
+class TestLibreSkip(object):
+    def test_skip_no(self):
+        assert skip_if_libre_ssl(b"OpenSSL 0.9.8zf 19 Mar 2015") is None
+
+    def test_skip_yes(self):
+        with pytest.raises(pytest.skip.Exception):
+            skip_if_libre_ssl(b"LibreSSL 2.1.6")
+
+
 class TestOpenSSL(object):
     def test_binding_loads(self):
         binding = Binding()
@@ -89,8 +105,22 @@ class TestOpenSSL(object):
 
     def test_add_engine_more_than_once(self):
         b = Binding()
-        res = b.lib.Cryptography_add_osrandom_engine()
-        assert res == 2
+        with pytest.raises(RuntimeError):
+            b._register_osrandom_engine()
+
+    def test_actual_osrandom_bytes(self, monkeypatch):
+        b = Binding()
+        skip_if_libre_ssl(b.ffi.string(b.lib.OPENSSL_VERSION_TEXT))
+        sample_data = (b"\x01\x02\x03\x04" * 4)
+        length = len(sample_data)
+
+        def notrandom(size):
+            assert size == length
+            return sample_data
+        monkeypatch.setattr(os, "urandom", notrandom)
+        buf = b.ffi.new("char[]", length)
+        b.lib.RAND_bytes(buf, length)
+        assert b.ffi.buffer(buf)[0:length] == sample_data
 
     def test_ssl_ctx_options(self):
         # Test that we're properly handling 32-bit unsigned on all platforms.
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-06-30 20:46:51 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-06-30 20:46:51 -0500
commit	0a4c9ccf944cad5767a45f542ff170177b9b76dd (patch)
tree	05841433bd2970d38dc0a69e06a495ddcc38d476 /tests/hazmat
parent	902e55cbcb5d379cbddd3e55e8eece5ac5d46ad4 (diff)
parent	b18fc3912682d39ba5a4addfab963e50736e689c (diff)
download	cryptography-0a4c9ccf944cad5767a45f542ff170177b9b76dd.tar.gz cryptography-0a4c9ccf944cad5767a45f542ff170177b9b76dd.tar.bz2 cryptography-0a4c9ccf944cad5767a45f542ff170177b9b76dd.zip