diff options
| -rw-r--r-- | src/_cffi_src/openssl/ec.py | 160 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ecdh.py | 11 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ecdsa.py | 32 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/err.py | 7 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/evp.py | 6 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/pem.py | 7 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 6 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509.py | 14 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 17 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 111 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 24 |
11 files changed, 7 insertions, 388 deletions
diff --git a/src/_cffi_src/openssl/ec.py b/src/_cffi_src/openssl/ec.py index d1745054..206ab6a7 100644 --- a/src/_cffi_src/openssl/ec.py +++ b/src/_cffi_src/openssl/ec.py @@ -5,10 +5,7 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ -#ifndef OPENSSL_NO_EC #include <openssl/ec.h> -#endif - #include <openssl/obj_mac.h> """ @@ -183,160 +180,9 @@ const char *EC_curve_nid2nist(int); """ CUSTOMIZATIONS = """ -#ifdef OPENSSL_NO_EC -static const long Cryptography_HAS_EC = 0; - -typedef void EC_KEY; -typedef void EC_GROUP; -typedef void EC_POINT; -typedef void EC_METHOD; -typedef struct { - int nid; - const char *comment; -} EC_builtin_curve; -typedef enum { - POINT_CONVERSION_COMPRESSED, - POINT_CONVERSION_UNCOMPRESSED, - POINT_CONVERSION_HYBRID, -} point_conversion_form_t; - -static const int OPENSSL_EC_NAMED_CURVE = 0; - -void (*EC_KEY_free)(EC_KEY *) = NULL; -EC_KEY *(*EC_KEY_new)(void) = NULL; -size_t (*EC_get_builtin_curves)(EC_builtin_curve *, size_t) = NULL; -EC_KEY *(*EC_KEY_new_by_curve_name)(int) = NULL; -EC_KEY *(*EC_KEY_copy)(EC_KEY *, const EC_KEY *) = NULL; -EC_KEY *(*EC_KEY_dup)(const EC_KEY *) = NULL; -int (*EC_KEY_up_ref)(EC_KEY *) = NULL; -const EC_GROUP *(*EC_KEY_get0_group)(const EC_KEY *) = NULL; -int (*EC_GROUP_get_order)(const EC_GROUP *, BIGNUM *, BN_CTX *) = NULL; -int (*EC_KEY_set_group)(EC_KEY *, const EC_GROUP *) = NULL; -void (*EC_GROUP_set_asn1_flag)(EC_GROUP *, int) = NULL; -void (*EC_GROUP_set_point_conversion_form)(EC_GROUP *, - point_conversion_form_t) = NULL; -const BIGNUM *(*EC_KEY_get0_private_key)(const EC_KEY *) = NULL; -int (*EC_KEY_set_private_key)(EC_KEY *, const BIGNUM *) = NULL; -const EC_POINT *(*EC_KEY_get0_public_key)(const EC_KEY *) = NULL; -int (*EC_KEY_set_public_key)(EC_KEY *, const EC_POINT *) = NULL; -unsigned int (*EC_KEY_get_enc_flags)(const EC_KEY *) = NULL; -void (*EC_KEY_set_enc_flags)(EC_KEY *eckey, unsigned int) = NULL; -point_conversion_form_t (*EC_KEY_get_conv_form)(const EC_KEY *) = NULL; -void (*EC_KEY_set_conv_form)(EC_KEY *, point_conversion_form_t) = NULL; -void (*EC_KEY_set_asn1_flag)(EC_KEY *, int) = NULL; -int (*EC_KEY_precompute_mult)(EC_KEY *, BN_CTX *) = NULL; -int (*EC_KEY_generate_key)(EC_KEY *) = NULL; -int (*EC_KEY_check_key)(const EC_KEY *) = NULL; - -EC_GROUP *(*EC_GROUP_new)(const EC_METHOD *); -void (*EC_GROUP_free)(EC_GROUP *); -void (*EC_GROUP_clear_free)(EC_GROUP *); - -EC_GROUP *(*EC_GROUP_new_curve_GFp)( - const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - -EC_GROUP *(*EC_GROUP_new_by_curve_name)(int); - -int (*EC_GROUP_set_curve_GFp)( - EC_GROUP *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - -int (*EC_GROUP_get_curve_GFp)( - const EC_GROUP *, BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *); - -int (*EC_GROUP_get_degree)(const EC_GROUP *) = NULL; - -const EC_METHOD *(*EC_GROUP_method_of)(const EC_GROUP *) = NULL; -const EC_POINT *(*EC_GROUP_get0_generator)(const EC_GROUP *) = NULL; -int (*EC_GROUP_get_curve_name)(const EC_GROUP *) = NULL; - -EC_POINT *(*EC_POINT_new)(const EC_GROUP *) = NULL; -void (*EC_POINT_free)(EC_POINT *) = NULL; -void (*EC_POINT_clear_free)(EC_POINT *) = NULL; -int (*EC_POINT_copy)(EC_POINT *, const EC_POINT *) = NULL; -EC_POINT *(*EC_POINT_dup)(const EC_POINT *, const EC_GROUP *) = NULL; -const EC_METHOD *(*EC_POINT_method_of)(const EC_POINT *) = NULL; -int (*EC_POINT_set_to_infinity)(const EC_GROUP *, EC_POINT *) = NULL; -int (*EC_POINT_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, - const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *) = NULL; - -int (*EC_POINT_get_Jprojective_coordinates_GFp)(const EC_GROUP *, - const EC_POINT *, BIGNUM *, BIGNUM *, BIGNUM *, BN_CTX *) = NULL; - -int (*EC_POINT_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *, - const BIGNUM *, const BIGNUM *, BN_CTX *) = NULL; - -int (*EC_POINT_get_affine_coordinates_GFp)(const EC_GROUP *, - const EC_POINT *, BIGNUM *, BIGNUM *, BN_CTX *) = NULL; - -int (*EC_POINT_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *, - const BIGNUM *, int, BN_CTX *) = NULL; - -size_t (*EC_POINT_point2oct)(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t, - unsigned char *, size_t, BN_CTX *) = NULL; - -int (*EC_POINT_oct2point)(const EC_GROUP *, EC_POINT *, - const unsigned char *, size_t, BN_CTX *) = NULL; - -BIGNUM *(*EC_POINT_point2bn)(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, BIGNUM *, BN_CTX *) = NULL; - -EC_POINT *(*EC_POINT_bn2point)(const EC_GROUP *, const BIGNUM *, - EC_POINT *, BN_CTX *) = NULL; - -char *(*EC_POINT_point2hex)(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, BN_CTX *) = NULL; - -EC_POINT *(*EC_POINT_hex2point)(const EC_GROUP *, const char *, - EC_POINT *, BN_CTX *) = NULL; - -int (*EC_POINT_add)(const EC_GROUP *, EC_POINT *, const EC_POINT *, - const EC_POINT *, BN_CTX *) = NULL; - -int (*EC_POINT_dbl)(const EC_GROUP *, EC_POINT *, const EC_POINT *, - BN_CTX *) = NULL; - -int (*EC_POINT_invert)(const EC_GROUP *, EC_POINT *, BN_CTX *) = NULL; -int (*EC_POINT_is_at_infinity)(const EC_GROUP *, const EC_POINT *) = NULL; - -int (*EC_POINT_is_on_curve)(const EC_GROUP *, const EC_POINT *, - BN_CTX *) = NULL; - -int (*EC_POINT_cmp)( - const EC_GROUP *, const EC_POINT *, const EC_POINT *, BN_CTX *) = NULL; - -int (*EC_POINT_make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *) = NULL; - -int (*EC_POINTs_make_affine)(const EC_GROUP *, size_t, EC_POINT *[], - BN_CTX *) = NULL; - -int (*EC_POINTs_mul)( - const EC_GROUP *, EC_POINT *, const BIGNUM *, - size_t, const EC_POINT *[], const BIGNUM *[], BN_CTX *) = NULL; - -int (*EC_POINT_mul)(const EC_GROUP *, EC_POINT *, const BIGNUM *, - const EC_POINT *, const BIGNUM *, BN_CTX *) = NULL; - -int (*EC_GROUP_precompute_mult)(EC_GROUP *, BN_CTX *) = NULL; -int (*EC_GROUP_have_precompute_mult)(const EC_GROUP *) = NULL; - -const EC_METHOD *(*EC_GFp_simple_method)() = NULL; -const EC_METHOD *(*EC_GFp_mont_method)() = NULL; -const EC_METHOD *(*EC_GFp_nist_method)() = NULL; - -int (*EC_METHOD_get_field_type)(const EC_METHOD *) = NULL; - -int (*EC_KEY_get_flags)(const EC_KEY *) = NULL; -void (*EC_KEY_set_flags)(EC_KEY *, int) = NULL; -void (*EC_KEY_clear_flags)(EC_KEY *, int) = NULL; - -int (*EC_KEY_set_public_key_affine_coordinates)( - EC_KEY *, BIGNUM *, BIGNUM *) = NULL; -#else static const long Cryptography_HAS_EC = 1; -#endif -#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_EC2M) +#if defined(OPENSSL_NO_EC2M) static const long Cryptography_HAS_EC2M = 0; const EC_METHOD *(*EC_GF2m_simple_method)() = NULL; @@ -362,8 +208,8 @@ EC_GROUP *(*EC_GROUP_new_curve_GF2m)( static const long Cryptography_HAS_EC2M = 1; #endif -#if defined(OPENSSL_NO_EC) || CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || \ - defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20020002L +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 || defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER < 0x20020002L static const long Cryptography_HAS_EC_1_0_2 = 0; const char *(*EC_curve_nid2nist)(int) = NULL; #else diff --git a/src/_cffi_src/openssl/ecdh.py b/src/_cffi_src/openssl/ecdh.py index 2dd5fd72..5ed426aa 100644 --- a/src/_cffi_src/openssl/ecdh.py +++ b/src/_cffi_src/openssl/ecdh.py @@ -5,9 +5,7 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ -#ifndef OPENSSL_NO_ECDH #include <openssl/ecdh.h> -#endif """ TYPES = """ @@ -25,16 +23,7 @@ int SSL_CTX_set_ecdh_auto(SSL_CTX *, int); """ CUSTOMIZATIONS = """ -#ifdef OPENSSL_NO_ECDH -static const long Cryptography_HAS_ECDH = 0; - -int (*ECDH_compute_key)(void *, size_t, const EC_POINT *, EC_KEY *, - void *(*)(const void *, size_t, void *, - size_t *)) = NULL; - -#else static const long Cryptography_HAS_ECDH = 1; -#endif #ifndef SSL_CTX_set_ecdh_auto static const long Cryptography_HAS_SET_ECDH_AUTO = 0; diff --git a/src/_cffi_src/openssl/ecdsa.py b/src/_cffi_src/openssl/ecdsa.py index f3e9fba0..2022b814 100644 --- a/src/_cffi_src/openssl/ecdsa.py +++ b/src/_cffi_src/openssl/ecdsa.py @@ -5,9 +5,7 @@ from __future__ import absolute_import, division, print_function INCLUDES = """ -#ifndef OPENSSL_NO_ECDSA #include <openssl/ecdsa.h> -#endif """ TYPES = """ @@ -44,35 +42,5 @@ int ECDSA_size(const EC_KEY *); """ CUSTOMIZATIONS = """ -#ifdef OPENSSL_NO_ECDSA -static const long Cryptography_HAS_ECDSA = 0; - -typedef struct { - BIGNUM *r; - BIGNUM *s; -} ECDSA_SIG; - -ECDSA_SIG* (*ECDSA_SIG_new)() = NULL; -void (*ECDSA_SIG_free)(ECDSA_SIG *) = NULL; -int (*i2d_ECDSA_SIG)(const ECDSA_SIG *, unsigned char **) = NULL; -ECDSA_SIG* (*d2i_ECDSA_SIG)(ECDSA_SIG **s, const unsigned char **, - long) = NULL; -ECDSA_SIG* (*ECDSA_do_sign)(const unsigned char *, int, EC_KEY *eckey) = NULL; -ECDSA_SIG* (*ECDSA_do_sign_ex)(const unsigned char *, int, const BIGNUM *, - const BIGNUM *, EC_KEY *) = NULL; -int (*ECDSA_do_verify)(const unsigned char *, int, const ECDSA_SIG *, - EC_KEY *) = NULL; -int (*ECDSA_sign_setup)(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **) = NULL; -int (*ECDSA_sign)(int, const unsigned char *, int, unsigned char *, - unsigned int *, EC_KEY *) = NULL; -int (*ECDSA_sign_ex)(int, const unsigned char *, int dgstlen, unsigned char *, - unsigned int *, const BIGNUM *, const BIGNUM *, - EC_KEY *) = NULL; -int (*ECDSA_verify)(int, const unsigned char *, int, const unsigned char *, - int, EC_KEY *) = NULL; -int (*ECDSA_size)(const EC_KEY *) = NULL; - -#else static const long Cryptography_HAS_ECDSA = 1; -#endif """ diff --git a/src/_cffi_src/openssl/err.py b/src/_cffi_src/openssl/err.py index 041723c0..8554ef40 100644 --- a/src/_cffi_src/openssl/err.py +++ b/src/_cffi_src/openssl/err.py @@ -269,14 +269,7 @@ int ERR_GET_REASON(unsigned long); """ CUSTOMIZATIONS = """ -// OpenSSL without EC. e.g. RHEL -#ifndef OPENSSL_NO_EC static const long Cryptography_HAS_EC_CODES = 1; -#else -static const long Cryptography_HAS_EC_CODES = 0; -static const int EC_R_UNKNOWN_GROUP = 0; -static const int EC_F_EC_GROUP_NEW_BY_CURVE_NAME = 0; -#endif #ifdef RSA_R_PKCS_DECODING_ERROR static const long Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR = 1; diff --git a/src/_cffi_src/openssl/evp.py b/src/_cffi_src/openssl/evp.py index 18d6d624..526e419c 100644 --- a/src/_cffi_src/openssl/evp.py +++ b/src/_cffi_src/openssl/evp.py @@ -185,12 +185,6 @@ const long Cryptography_HAS_EVP_PKEY_DHX = 0; const long EVP_PKEY_DHX = -1; #endif -#ifdef OPENSSL_NO_EC -int (*EVP_PKEY_assign_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; -EC_KEY *(*EVP_PKEY_get1_EC_KEY)(EVP_PKEY *) = NULL; -int (*EVP_PKEY_set1_EC_KEY)(EVP_PKEY *, EC_KEY *) = NULL; -#endif - int Cryptography_EVP_PKEY_id(const EVP_PKEY *key) { return EVP_PKEY_id(key); } diff --git a/src/_cffi_src/openssl/pem.py b/src/_cffi_src/openssl/pem.py index 99881dd7..1d292a2e 100644 --- a/src/_cffi_src/openssl/pem.py +++ b/src/_cffi_src/openssl/pem.py @@ -85,11 +85,4 @@ int PEM_write_bio_DHparams(BIO *, DH *); """ CUSTOMIZATIONS = """ -// Cryptography_HAS_EC is provided by ec.py so we don't need to define it here -#ifdef OPENSSL_NO_EC -int (*PEM_write_bio_ECPrivateKey)(BIO *, EC_KEY *, const EVP_CIPHER *, - unsigned char *, int, pem_password_cb *, - void *) = NULL; -#endif - """ diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index c946b4ce..4669151f 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -516,13 +516,7 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_TLSv1_1 = 1; static const long Cryptography_HAS_TLSv1_2 = 1; static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; - -#ifdef OPENSSL_NO_EC -long (*SSL_CTX_set_tmp_ecdh)(SSL_CTX *, EC_KEY *) = NULL; -#endif - static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; - static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; /* NetBSD shipped without including d1_meth.c. This workaround checks to see diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index d3a97a28..bb981060 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -374,20 +374,6 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp) } #endif -#ifdef OPENSSL_NO_EC -int (*i2d_EC_PUBKEY)(EC_KEY *, unsigned char **) = NULL; -EC_KEY *(*d2i_EC_PUBKEY)(EC_KEY **, const unsigned char **, long) = NULL; -EC_KEY *(*d2i_EC_PUBKEY_bio)(BIO *, EC_KEY **) = NULL; -int (*i2d_EC_PUBKEY_bio)(BIO *, EC_KEY *) = NULL; -EC_KEY *(*d2i_ECPrivateKey)(EC_KEY **, const unsigned char **, long) = NULL; -EC_KEY *(*d2i_ECPrivateKey_bio)(BIO *, EC_KEY **) = NULL; -int (*i2d_ECPrivateKey)(EC_KEY *, unsigned char **) = NULL; -int (*i2d_ECPrivateKey_bio)(BIO *, EC_KEY *) = NULL; - -EC_KEY *(*o2i_ECPublicKey)(EC_KEY **, const unsigned char **, long) = NULL; -int (*i2o_ECPublicKey)(EC_KEY *, unsigned char **) = NULL; -#endif - /* X509_REVOKED_dup only exists on 1.0.2+. It is implemented using IMPLEMENT_ASN1_DUP_FUNCTION. The below is the equivalent so we have it available on all OpenSSLs. */ diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 00aec374..a08cdb07 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -477,8 +477,7 @@ class Backend(object): self.openssl_assert(dsa_cdata != self._ffi.NULL) dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) return _DSAPrivateKey(self, dsa_cdata, evp_pkey) - elif (self._lib.Cryptography_HAS_EC == 1 and - key_type == self._lib.EVP_PKEY_EC): + elif key_type == self._lib.EVP_PKEY_EC: ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) self.openssl_assert(ec_cdata != self._ffi.NULL) ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) @@ -509,8 +508,7 @@ class Backend(object): self.openssl_assert(dsa_cdata != self._ffi.NULL) dsa_cdata = self._ffi.gc(dsa_cdata, self._lib.DSA_free) return _DSAPublicKey(self, dsa_cdata, evp_pkey) - elif (self._lib.Cryptography_HAS_EC == 1 and - key_type == self._lib.EVP_PKEY_EC): + elif key_type == self._lib.EVP_PKEY_EC: ec_cdata = self._lib.EVP_PKEY_get1_EC_KEY(evp_pkey) self.openssl_assert(ec_cdata != self._ffi.NULL) ec_cdata = self._ffi.gc(ec_cdata, self._lib.EC_KEY_free) @@ -1226,9 +1224,6 @@ class Backend(object): raise ValueError("Could not deserialize key data.") def elliptic_curve_supported(self, curve): - if self._lib.Cryptography_HAS_EC != 1: - return False - try: curve_nid = self._elliptic_curve_to_nid(curve) except UnsupportedAlgorithm: @@ -1255,9 +1250,6 @@ class Backend(object): def elliptic_curve_signature_algorithm_supported( self, signature_algorithm, curve ): - if self._lib.Cryptography_HAS_EC != 1: - return False - # We only support ECDSA right now. if not isinstance(signature_algorithm, ec.ECDSA): return False @@ -1363,7 +1355,6 @@ class Backend(object): def elliptic_curve_exchange_algorithm_supported(self, algorithm, curve): return ( self.elliptic_curve_supported(curve) and - self._lib.Cryptography_HAS_ECDH == 1 and isinstance(algorithm, ec.ECDH) ) @@ -1498,7 +1489,6 @@ class Backend(object): elif key_type == self._lib.EVP_PKEY_DSA: write_bio = self._lib.PEM_write_bio_DSAPrivateKey else: - assert self._lib.Cryptography_HAS_EC == 1 assert key_type == self._lib.EVP_PKEY_EC write_bio = self._lib.PEM_write_bio_ECPrivateKey @@ -1537,8 +1527,7 @@ class Backend(object): def _private_key_bytes_traditional_der(self, key_type, cdata): if key_type == self._lib.EVP_PKEY_RSA: write_bio = self._lib.i2d_RSAPrivateKey_bio - elif (self._lib.Cryptography_HAS_EC == 1 and - key_type == self._lib.EVP_PKEY_EC): + elif key_type == self._lib.EVP_PKEY_EC: write_bio = self._lib.i2d_ECPrivateKey_bio else: self.openssl_assert(key_type == self._lib.EVP_PKEY_DSA) diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index 7241a35a..8c420c82 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -40,96 +40,6 @@ CONDITIONAL_NAMES = { "CMS_USE_KEYID", "CMS_DEBUG_DECRYPT", ], - "Cryptography_HAS_EC": [ - "OPENSSL_EC_NAMED_CURVE", - "EC_GROUP_new", - "EC_GROUP_free", - "EC_GROUP_clear_free", - "EC_GROUP_new_curve_GFp", - "EC_GROUP_new_by_curve_name", - "EC_GROUP_set_curve_GFp", - "EC_GROUP_get_curve_GFp", - "EC_GROUP_method_of", - "EC_GROUP_get0_generator", - "EC_GROUP_get_curve_name", - "EC_GROUP_get_degree", - "EC_GROUP_set_asn1_flag", - "EC_GROUP_set_point_conversion_form", - "EC_KEY_new", - "EC_KEY_free", - "EC_get_builtin_curves", - "EC_KEY_new_by_curve_name", - "EC_KEY_copy", - "EC_KEY_dup", - "EC_KEY_up_ref", - "EC_KEY_set_group", - "EC_KEY_get0_private_key", - "EC_KEY_set_private_key", - "EC_KEY_set_public_key", - "EC_KEY_get_enc_flags", - "EC_KEY_set_enc_flags", - "EC_KEY_set_conv_form", - "EC_KEY_set_asn1_flag", - "EC_KEY_precompute_mult", - "EC_KEY_generate_key", - "EC_KEY_check_key", - "EC_POINT_new", - "EC_POINT_free", - "EC_POINT_clear_free", - "EC_POINT_copy", - "EC_POINT_dup", - "EC_POINT_method_of", - "EC_POINT_set_to_infinity", - "EC_POINT_set_Jprojective_coordinates_GFp", - "EC_POINT_get_Jprojective_coordinates_GFp", - "EC_POINT_set_affine_coordinates_GFp", - "EC_POINT_get_affine_coordinates_GFp", - "EC_POINT_set_compressed_coordinates_GFp", - "EC_POINT_point2oct", - "EC_POINT_oct2point", - "EC_POINT_point2bn", - "EC_POINT_bn2point", - "EC_POINT_point2hex", - "EC_POINT_hex2point", - "EC_POINT_add", - "EC_POINT_dbl", - "EC_POINT_invert", - "EC_POINT_is_at_infinity", - "EC_POINT_is_on_curve", - "EC_POINT_cmp", - "EC_POINT_make_affine", - "EC_POINTs_make_affine", - "EC_POINTs_mul", - "EC_POINT_mul", - "EC_GROUP_precompute_mult", - "EC_GROUP_have_precompute_mult", - "EC_GFp_simple_method", - "EC_GFp_mont_method", - "EC_GFp_nist_method", - "EC_METHOD_get_field_type", - "EVP_PKEY_assign_EC_KEY", - "EVP_PKEY_get1_EC_KEY", - "EVP_PKEY_set1_EC_KEY", - "PEM_write_bio_ECPrivateKey", - "i2d_EC_PUBKEY", - "d2i_EC_PUBKEY", - "d2i_EC_PUBKEY_bio", - "i2d_EC_PUBKEY_bio", - "d2i_ECPrivateKey", - "d2i_ECPrivateKey_bio", - "i2d_ECPrivateKey", - "i2d_ECPrivateKey_bio", - "i2o_ECPublicKey", - "o2i_ECPublicKey", - "SSL_CTX_set_tmp_ecdh", - "POINT_CONVERSION_COMPRESSED", - "POINT_CONVERSION_UNCOMPRESSED", - "POINT_CONVERSION_HYBRID", - "EC_KEY_get_flags", - "EC_KEY_set_flags", - "EC_KEY_clear_flags", - "EC_KEY_set_public_key_affine_coordinates", - ], "Cryptography_HAS_EC2M": [ "EC_GF2m_simple_method", @@ -144,33 +54,12 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_EC_1_0_2": [ "EC_curve_nid2nist", ], - "Cryptography_HAS_ECDH": [ - "ECDH_compute_key", - ], "Cryptography_HAS_SET_ECDH_AUTO": [ "SSL_CTX_set_ecdh_auto", ], - "Cryptography_HAS_ECDSA": [ - "ECDSA_SIG_new", - "ECDSA_SIG_free", - "i2d_ECDSA_SIG", - "d2i_ECDSA_SIG", - "ECDSA_do_sign", - "ECDSA_do_sign_ex", - "ECDSA_do_verify", - "ECDSA_sign_setup", - "ECDSA_sign", - "ECDSA_sign_ex", - "ECDSA_verify", - "ECDSA_size", - ], "Cryptography_HAS_ENGINE_CRYPTODEV": [ "ENGINE_load_cryptodev" ], - "Cryptography_HAS_EC_CODES": [ - "EC_R_UNKNOWN_GROUP", - "EC_F_EC_GROUP_NEW_BY_CURVE_NAME" - ], "Cryptography_HAS_RSA_R_PKCS_DECODING_ERROR": [ "RSA_R_PKCS_DECODING_ERROR" ], diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 4feab1eb..f6b57964 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -22,7 +22,7 @@ from cryptography.hazmat.backends.openssl.backend import ( ) from cryptography.hazmat.backends.openssl.ec import _sn_to_elliptic_curve from cryptography.hazmat.primitives import hashes, serialization -from cryptography.hazmat.primitives.asymmetric import dh, dsa, ec, padding +from cryptography.hazmat.primitives.asymmetric import dh, dsa, padding from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC @@ -550,33 +550,11 @@ class TestOpenSSLSerializationWithOpenSSL(object): ) -class DummyLibrary(object): - Cryptography_HAS_EC = 0 - - class TestOpenSSLEllipticCurve(object): - def test_elliptic_curve_supported(self, monkeypatch): - monkeypatch.setattr(backend, "_lib", DummyLibrary()) - - assert backend.elliptic_curve_supported(None) is False - - def test_elliptic_curve_signature_algorithm_supported(self, monkeypatch): - monkeypatch.setattr(backend, "_lib", DummyLibrary()) - - assert backend.elliptic_curve_signature_algorithm_supported( - None, None - ) is False - def test_sn_to_elliptic_curve_not_supported(self): with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_ELLIPTIC_CURVE): _sn_to_elliptic_curve(backend, b"fake") - def test_elliptic_curve_exchange_algorithm_supported(self, monkeypatch): - monkeypatch.setattr(backend, "_lib", DummyLibrary()) - assert not backend.elliptic_curve_exchange_algorithm_supported( - ec.ECDH(), ec.SECP256R1() - ) - @pytest.mark.requires_backend_interface(interface=RSABackend) class TestRSAPEMSerialization(object): |