diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-12-13 21:05:35 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-12-13 20:05:35 -0600 |
| commit | 0e8cdf1023f6e2045de444b1c7e09f40cccf019e (patch) | |
| tree | eb6241baa5c66447c988a5c45fed7f0cb77b8022 /tests/hazmat | |
| parent | 874445aea9e2d07a94444855ccfeaa3082de26a9 (diff) | |
| download | cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.gz cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.bz2 cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.zip | |
Drop 1.0.0 (#3312)
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
Diffstat (limited to 'tests/hazmat')
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 152 | ||||
| -rw-r--r-- | tests/hazmat/bindings/test_openssl.py | 17 |
2 files changed, 8 insertions, 161 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 47c46065..6d6f3452 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -4,7 +4,6 @@ from __future__ import absolute_import, division, print_function -import datetime import itertools import os import subprocess @@ -26,11 +25,9 @@ from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES -from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR +from cryptography.hazmat.primitives.ciphers.modes import CBC -from ..primitives.fixtures_dsa import DSA_KEY_2048 from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512 -from ..primitives.test_ec import _skip_curve_unsupported from ...doubles import ( DummyAsymmetricPadding, DummyCipherAlgorithm, DummyHashAlgorithm, DummyMode ) @@ -77,11 +74,6 @@ class TestOpenSSL(object): def test_supports_cipher(self): assert backend.cipher_supported(None, None) is False - def test_aes_ctr_always_available(self): - # AES CTR should always be available, even in 1.0.0. - assert backend.cipher_supported(AES(b"\x00" * 16), - CTR(b"\x00" * 16)) is True - def test_register_duplicate_cipher_adapter(self): with pytest.raises(ValueError): backend.register_cipher_adapter(AES, CBC, None) @@ -325,35 +317,6 @@ class TestOpenSSLRSA(object): backend.generate_rsa_private_key(public_exponent=65537, key_size=256) - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER, - reason="Requires an older OpenSSL. Must be < 1.0.1" - ) - def test_non_sha1_pss_mgf1_hash_algorithm_on_old_openssl(self): - private_key = RSA_KEY_512.private_key(backend) - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): - private_key.signer( - padding.PSS( - mgf=padding.MGF1( - algorithm=hashes.SHA256(), - ), - salt_length=padding.PSS.MAX_LENGTH - ), - hashes.SHA1() - ) - public_key = private_key.public_key() - with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH): - public_key.verifier( - b"sig", - padding.PSS( - mgf=padding.MGF1( - algorithm=hashes.SHA256(), - ), - salt_length=padding.PSS.MAX_LENGTH - ), - hashes.SHA1() - ) - def test_rsa_padding_unsupported_pss_mgf1_hash(self): assert backend.rsa_padding_supported( padding.PSS(mgf=padding.MGF1(DummyHashAlgorithm()), salt_length=0) @@ -500,39 +463,12 @@ class TestOpenSSLRSA(object): ) -@pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101, - reason="Requires an OpenSSL version >= 1.0.1" -) class TestOpenSSLCMAC(object): def test_unsupported_cipher(self): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER): backend.create_cmac_ctx(DummyCipherAlgorithm()) -class TestOpenSSLCreateX509CSR(object): - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER, - reason="Requires an older OpenSSL. Must be < 1.0.1" - ) - def test_unsupported_dsa_keys(self): - private_key = DSA_KEY_2048.private_key(backend) - - with pytest.raises(NotImplementedError): - backend.create_x509_csr(object(), private_key, hashes.SHA1()) - - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER, - reason="Requires an older OpenSSL. Must be < 1.0.1" - ) - def test_unsupported_ec_keys(self): - _skip_curve_unsupported(backend, ec.SECP256R1()) - private_key = ec.generate_private_key(ec.SECP256R1(), backend) - - with pytest.raises(NotImplementedError): - backend.create_x509_csr(object(), private_key, hashes.SHA1()) - - class TestOpenSSLSignX509Certificate(object): def test_requires_certificate_builder(self): private_key = RSA_KEY_2048.private_key(backend) @@ -542,55 +478,6 @@ class TestOpenSSLSignX509Certificate(object): object(), private_key, DummyHashAlgorithm() ) - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER, - reason="Requires an older OpenSSL. Must be < 1.0.1" - ) - def test_sign_with_dsa_private_key_is_unsupported(self): - private_key = DSA_KEY_2048.private_key(backend) - builder = x509.CertificateBuilder() - builder = builder.subject_name( - x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')]) - ).issuer_name( - x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')]) - ).serial_number( - 1 - ).public_key( - private_key.public_key() - ).not_valid_before( - datetime.datetime(2002, 1, 1, 12, 1) - ).not_valid_after( - datetime.datetime(2032, 1, 1, 12, 1) - ) - - with pytest.raises(NotImplementedError): - builder.sign(private_key, hashes.SHA512(), backend) - - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER, - reason="Requires an older OpenSSL. Must be < 1.0.1" - ) - def test_sign_with_ec_private_key_is_unsupported(self): - _skip_curve_unsupported(backend, ec.SECP256R1()) - private_key = ec.generate_private_key(ec.SECP256R1(), backend) - builder = x509.CertificateBuilder() - builder = builder.subject_name( - x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')]) - ).issuer_name( - x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')]) - ).serial_number( - 1 - ).public_key( - private_key.public_key() - ).not_valid_before( - datetime.datetime(2002, 1, 1, 12, 1) - ).not_valid_after( - datetime.datetime(2032, 1, 1, 12, 1) - ) - - with pytest.raises(NotImplementedError): - builder.sign(private_key, hashes.SHA512(), backend) - class TestOpenSSLSignX509CertificateRevocationList(object): def test_invalid_builder(self): @@ -599,43 +486,6 @@ class TestOpenSSLSignX509CertificateRevocationList(object): with pytest.raises(TypeError): backend.create_x509_crl(object(), private_key, hashes.SHA256()) - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER, - reason="Requires an older OpenSSL. Must be < 1.0.1" - ) - def test_sign_with_dsa_private_key_is_unsupported(self): - private_key = DSA_KEY_2048.private_key(backend) - builder = x509.CertificateRevocationListBuilder() - builder = builder.issuer_name( - x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')]) - ).last_update( - datetime.datetime(2002, 1, 1, 12, 1) - ).next_update( - datetime.datetime(2032, 1, 1, 12, 1) - ) - - with pytest.raises(NotImplementedError): - builder.sign(private_key, hashes.SHA1(), backend) - - @pytest.mark.skipif( - backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER, - reason="Requires an older OpenSSL. Must be < 1.0.1" - ) - def test_sign_with_ec_private_key_is_unsupported(self): - _skip_curve_unsupported(backend, ec.SECP256R1()) - private_key = ec.generate_private_key(ec.SECP256R1(), backend) - builder = x509.CertificateRevocationListBuilder() - builder = builder.issuer_name( - x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')]) - ).last_update( - datetime.datetime(2002, 1, 1, 12, 1) - ).next_update( - datetime.datetime(2032, 1, 1, 12, 1) - ) - - with pytest.raises(NotImplementedError): - builder.sign(private_key, hashes.SHA512(), backend) - class TestOpenSSLCreateRevokedCertificate(object): def test_invalid_builder(self): diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 3e01717c..85b51725 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -8,7 +8,7 @@ import pytest from cryptography.exceptions import InternalError from cryptography.hazmat.bindings.openssl.binding import ( - Binding, _OpenSSLErrorWithText, _openssl_assert, _verify_openssl_version + Binding, _OpenSSLErrorWithText, _openssl_assert ) @@ -79,11 +79,14 @@ class TestOpenSSL(object): def test_conditional_removal(self): b = Binding() - if b.lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER: - assert b.lib.CMAC_Init + if ( + b.lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER and + not b.lib.CRYPTOGRAPHY_IS_LIBRESSL + ): + assert b.lib.TLS_ST_OK else: with pytest.raises(AttributeError): - b.lib.CMAC_Init + b.lib.TLS_ST_OK def test_openssl_assert_error_on_stack(self): b = Binding() @@ -107,9 +110,3 @@ class TestOpenSSL(object): b'ex:data not multiple of block length' ) )] - - def test_verify_openssl_version(self, monkeypatch): - monkeypatch.delenv("CRYPTOGRAPHY_ALLOW_OPENSSL_100", raising=False) - with pytest.raises(RuntimeError): - # OpenSSL 1.0.0 - _verify_openssl_version(0x100000F) |