Drop 1.0.0 (#3312)

* delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
author: Alex Gaynor <alex.gaynor@gmail.com> 2016-12-13 21:05:35 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-12-13 20:05:35 -0600
commit: 0e8cdf1023f6e2045de444b1c7e09f40cccf019e (patch)
tree: eb6241baa5c66447c988a5c45fed7f0cb77b8022 /tests/hazmat/backends/test_openssl.py
parent: 874445aea9e2d07a94444855ccfeaa3082de26a9 (diff)
download: cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.gz
cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.bz2
cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.zip
1 files changed, 1 insertions, 151 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 47c46065..6d6f3452 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -4,7 +4,6 @@
 
 from __future__ import absolute_import, division, print_function
 
-import datetime
 import itertools
 import os
 import subprocess
@@ -26,11 +25,9 @@ from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import dsa, ec, padding
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
-from cryptography.hazmat.primitives.ciphers.modes import CBC, CTR
+from cryptography.hazmat.primitives.ciphers.modes import CBC
 
-from ..primitives.fixtures_dsa import DSA_KEY_2048
 from ..primitives.fixtures_rsa import RSA_KEY_2048, RSA_KEY_512
-from ..primitives.test_ec import _skip_curve_unsupported
 from ...doubles import (
     DummyAsymmetricPadding, DummyCipherAlgorithm, DummyHashAlgorithm, DummyMode
 )
@@ -77,11 +74,6 @@ class TestOpenSSL(object):
     def test_supports_cipher(self):
         assert backend.cipher_supported(None, None) is False
 
-    def test_aes_ctr_always_available(self):
-        # AES CTR should always be available, even in 1.0.0.
-        assert backend.cipher_supported(AES(b"\x00" * 16),
-                                        CTR(b"\x00" * 16)) is True
-
     def test_register_duplicate_cipher_adapter(self):
         with pytest.raises(ValueError):
             backend.register_cipher_adapter(AES, CBC, None)
@@ -325,35 +317,6 @@ class TestOpenSSLRSA(object):
             backend.generate_rsa_private_key(public_exponent=65537,
                                              key_size=256)
 
-    @pytest.mark.skipif(
-        backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
-        reason="Requires an older OpenSSL. Must be < 1.0.1"
-    )
-    def test_non_sha1_pss_mgf1_hash_algorithm_on_old_openssl(self):
-        private_key = RSA_KEY_512.private_key(backend)
-        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
-            private_key.signer(
-                padding.PSS(
-                    mgf=padding.MGF1(
-                        algorithm=hashes.SHA256(),
-                    ),
-                    salt_length=padding.PSS.MAX_LENGTH
-                ),
-                hashes.SHA1()
-            )
-        public_key = private_key.public_key()
-        with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_HASH):
-            public_key.verifier(
-                b"sig",
-                padding.PSS(
-                    mgf=padding.MGF1(
-                        algorithm=hashes.SHA256(),
-                    ),
-                    salt_length=padding.PSS.MAX_LENGTH
-                ),
-                hashes.SHA1()
-            )
-
     def test_rsa_padding_unsupported_pss_mgf1_hash(self):
         assert backend.rsa_padding_supported(
             padding.PSS(mgf=padding.MGF1(DummyHashAlgorithm()), salt_length=0)
@@ -500,39 +463,12 @@ class TestOpenSSLRSA(object):
             )
 
 
-@pytest.mark.skipif(
-    backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101,
-    reason="Requires an OpenSSL version >= 1.0.1"
-)
 class TestOpenSSLCMAC(object):
     def test_unsupported_cipher(self):
         with raises_unsupported_algorithm(_Reasons.UNSUPPORTED_CIPHER):
             backend.create_cmac_ctx(DummyCipherAlgorithm())
 
 
-class TestOpenSSLCreateX509CSR(object):
-    @pytest.mark.skipif(
-        backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
-        reason="Requires an older OpenSSL. Must be < 1.0.1"
-    )
-    def test_unsupported_dsa_keys(self):
-        private_key = DSA_KEY_2048.private_key(backend)
-
-        with pytest.raises(NotImplementedError):
-            backend.create_x509_csr(object(), private_key, hashes.SHA1())
-
-    @pytest.mark.skipif(
-        backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
-        reason="Requires an older OpenSSL. Must be < 1.0.1"
-    )
-    def test_unsupported_ec_keys(self):
-        _skip_curve_unsupported(backend, ec.SECP256R1())
-        private_key = ec.generate_private_key(ec.SECP256R1(), backend)
-
-        with pytest.raises(NotImplementedError):
-            backend.create_x509_csr(object(), private_key, hashes.SHA1())
-
-
 class TestOpenSSLSignX509Certificate(object):
     def test_requires_certificate_builder(self):
         private_key = RSA_KEY_2048.private_key(backend)
@@ -542,55 +478,6 @@ class TestOpenSSLSignX509Certificate(object):
                 object(), private_key, DummyHashAlgorithm()
             )
 
-    @pytest.mark.skipif(
-        backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
-        reason="Requires an older OpenSSL. Must be < 1.0.1"
-    )
-    def test_sign_with_dsa_private_key_is_unsupported(self):
-        private_key = DSA_KEY_2048.private_key(backend)
-        builder = x509.CertificateBuilder()
-        builder = builder.subject_name(
-            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
-        ).issuer_name(
-            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
-        ).serial_number(
-            1
-        ).public_key(
-            private_key.public_key()
-        ).not_valid_before(
-            datetime.datetime(2002, 1, 1, 12, 1)
-        ).not_valid_after(
-            datetime.datetime(2032, 1, 1, 12, 1)
-        )
-
-        with pytest.raises(NotImplementedError):
-            builder.sign(private_key, hashes.SHA512(), backend)
-
-    @pytest.mark.skipif(
-        backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
-        reason="Requires an older OpenSSL. Must be < 1.0.1"
-    )
-    def test_sign_with_ec_private_key_is_unsupported(self):
-        _skip_curve_unsupported(backend, ec.SECP256R1())
-        private_key = ec.generate_private_key(ec.SECP256R1(), backend)
-        builder = x509.CertificateBuilder()
-        builder = builder.subject_name(
-            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
-        ).issuer_name(
-            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
-        ).serial_number(
-            1
-        ).public_key(
-            private_key.public_key()
-        ).not_valid_before(
-            datetime.datetime(2002, 1, 1, 12, 1)
-        ).not_valid_after(
-            datetime.datetime(2032, 1, 1, 12, 1)
-        )
-
-        with pytest.raises(NotImplementedError):
-            builder.sign(private_key, hashes.SHA512(), backend)
-
 
 class TestOpenSSLSignX509CertificateRevocationList(object):
     def test_invalid_builder(self):
@@ -599,43 +486,6 @@ class TestOpenSSLSignX509CertificateRevocationList(object):
         with pytest.raises(TypeError):
             backend.create_x509_crl(object(), private_key, hashes.SHA256())
 
-    @pytest.mark.skipif(
-        backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
-        reason="Requires an older OpenSSL. Must be < 1.0.1"
-    )
-    def test_sign_with_dsa_private_key_is_unsupported(self):
-        private_key = DSA_KEY_2048.private_key(backend)
-        builder = x509.CertificateRevocationListBuilder()
-        builder = builder.issuer_name(
-            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
-        ).last_update(
-            datetime.datetime(2002, 1, 1, 12, 1)
-        ).next_update(
-            datetime.datetime(2032, 1, 1, 12, 1)
-        )
-
-        with pytest.raises(NotImplementedError):
-            builder.sign(private_key, hashes.SHA1(), backend)
-
-    @pytest.mark.skipif(
-        backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
-        reason="Requires an older OpenSSL. Must be < 1.0.1"
-    )
-    def test_sign_with_ec_private_key_is_unsupported(self):
-        _skip_curve_unsupported(backend, ec.SECP256R1())
-        private_key = ec.generate_private_key(ec.SECP256R1(), backend)
-        builder = x509.CertificateRevocationListBuilder()
-        builder = builder.issuer_name(
-            x509.Name([x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u'US')])
-        ).last_update(
-            datetime.datetime(2002, 1, 1, 12, 1)
-        ).next_update(
-            datetime.datetime(2032, 1, 1, 12, 1)
-        )
-
-        with pytest.raises(NotImplementedError):
-            builder.sign(private_key, hashes.SHA512(), backend)
-
 
 class TestOpenSSLCreateRevokedCertificate(object):
     def test_invalid_builder(self):
author	Alex Gaynor <alex.gaynor@gmail.com>	2016-12-13 21:05:35 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-12-13 20:05:35 -0600
commit	0e8cdf1023f6e2045de444b1c7e09f40cccf019e (patch)
tree	eb6241baa5c66447c988a5c45fed7f0cb77b8022 /tests/hazmat/backends/test_openssl.py
parent	874445aea9e2d07a94444855ccfeaa3082de26a9 (diff)
download	cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.gz cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.tar.bz2 cryptography-0e8cdf1023f6e2045de444b1c7e09f40cccf019e.zip