diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 6 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/ec.py | 2 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/serialization.rst | 4 | ||||
| -rw-r--r-- | tests/hazmat/bindings/test_openssl.py | 18 |
4 files changed, 18 insertions, 12 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index c28d2335..389ef0be 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -1075,12 +1075,12 @@ class Backend(object): ) @contextmanager - def _bn_ctx_manager(self): + def _tmp_bn_ctx(self): bn_ctx = self._lib.BN_CTX_new() assert bn_ctx != self._ffi.NULL bn_ctx = self._ffi.gc(bn_ctx, self._lib.BN_CTX_free) + self._lib.BN_CTX_start(bn_ctx) try: - self._lib.BN_CTX_start(bn_ctx) yield bn_ctx finally: self._lib.BN_CTX_end(bn_ctx) @@ -1124,7 +1124,7 @@ class Backend(object): assert set_func and get_func - with self._bn_ctx_manager() as bn_ctx: + with self._tmp_bn_ctx() as bn_ctx: check_x = self._lib.BN_CTX_get(bn_ctx) check_y = self._lib.BN_CTX_get(bn_ctx) diff --git a/cryptography/hazmat/backends/openssl/ec.py b/cryptography/hazmat/backends/openssl/ec.py index 51fc8f4b..611dba2c 100644 --- a/cryptography/hazmat/backends/openssl/ec.py +++ b/cryptography/hazmat/backends/openssl/ec.py @@ -38,7 +38,7 @@ def _truncate_digest_for_ecdsa(ec_key_cdata, digest, backend): group = _lib.EC_KEY_get0_group(ec_key_cdata) - with backend._bn_ctx_manager() as bn_ctx: + with backend._tmp_bn_ctx() as bn_ctx: order = _lib.BN_CTX_get(bn_ctx) assert order != _ffi.NULL diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 18b89c44..b86fab64 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -107,8 +107,8 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END :returns: A new instance of a public key. - :raises ValueError: If the PEM data could not be decrypted or if its - structure could not be decoded successfully. + :raises ValueError: If the PEM data's structure could not be decoded + successfully. :raises UnsupportedAlgorithm: If the serialized key is of a type that is not supported by the backend. diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index ca6e9ab0..78da965f 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -109,9 +109,11 @@ class TestOpenSSL(object): assert b.lib.SSL_OP_ALL > 0 ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method()) ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) + current_options = b.lib.SSL_CTX_get_options(ctx) resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL) - assert resp == b.lib.SSL_OP_ALL - assert b.lib.SSL_OP_ALL == b.lib.SSL_CTX_get_options(ctx) + expected_options = current_options | b.lib.SSL_OP_ALL + assert resp == expected_options + assert b.lib.SSL_CTX_get_options(ctx) == expected_options def test_ssl_options(self): # Test that we're properly handling 32-bit unsigned on all platforms. @@ -121,9 +123,11 @@ class TestOpenSSL(object): ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) ssl = b.lib.SSL_new(ctx) ssl = b.ffi.gc(ssl, b.lib.SSL_free) + current_options = b.lib.SSL_get_options(ssl) resp = b.lib.SSL_set_options(ssl, b.lib.SSL_OP_ALL) - assert resp == b.lib.SSL_OP_ALL - assert b.lib.SSL_OP_ALL == b.lib.SSL_get_options(ssl) + expected_options = current_options | b.lib.SSL_OP_ALL + assert resp == expected_options + assert b.lib.SSL_get_options(ssl) == expected_options def test_ssl_mode(self): # Test that we're properly handling 32-bit unsigned on all platforms. @@ -133,9 +137,11 @@ class TestOpenSSL(object): ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free) ssl = b.lib.SSL_new(ctx) ssl = b.ffi.gc(ssl, b.lib.SSL_free) + current_options = b.lib.SSL_get_mode(ssl) resp = b.lib.SSL_set_mode(ssl, b.lib.SSL_OP_ALL) - assert resp == b.lib.SSL_OP_ALL - assert b.lib.SSL_OP_ALL == b.lib.SSL_get_mode(ssl) + expected_options = current_options | b.lib.SSL_OP_ALL + assert resp == expected_options + assert b.lib.SSL_get_mode(ssl) == expected_options def test_windows_static_dynamic_libraries(self): assert "ssleay32mt" in _get_windows_libraries("static") |