Merge branch 'master' into urandom-engine

* master: (108 commits)
  PBKDF2HMAC requires a PBKDF2HMACBackend provider.
  one more replacement
  simplify hmac supported and hash supported calls for commoncrypto
  simplify check for algorithm
  a bit more language work + changelog changes for pbkdf2hmac
  one more style fix
  a few typo fixes, capitalization, etc
  switch to private attributes in pbkdf2hmac
  expand docs to talk more about the purposes of KDFs
  update docs re: PBKDF2HMAC iterations
  add test for null char replacement
  Added installation section to index.rst
  called -> used
  quotes inside, diff examples
  Expose this method because probably someone will need it eventually
  fix spacing, remove versionadded since HashAlgorithm was in 0.1
  document HashAlgorithm
  Added canonical installation document with details about various platforms, fixes #519
  update docs for pbkdf2
  Add bindings for X509_REQ_get_extensions.
  ...

Conflicts:
	cryptography/hazmat/bindings/openssl/binding.py
	docs/hazmat/backends/openssl.rst

2 files changed, 70 insertions, 5 deletions

diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
new file mode 100644
index 00000000..7cc0f72f
--- /dev/null
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -0,0 +1,65 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pytest
+
+from cryptography import utils
+from cryptography.exceptions import UnsupportedAlgorithm, InternalError
+from cryptography.hazmat.bindings.commoncrypto.binding import Binding
+from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives.ciphers.algorithms import AES
+from cryptography.hazmat.primitives.ciphers.base import Cipher
+from cryptography.hazmat.primitives.ciphers.modes import CBC, GCM
+
+
+@utils.register_interface(interfaces.CipherAlgorithm)
+class DummyCipher(object):
+    name = "dummy-cipher"
+    block_size = 128
+
+
+@pytest.mark.skipif(not Binding.is_available(),
+                    reason="CommonCrypto not available")
+class TestCommonCrypto(object):
+    def test_supports_cipher(self):
+        from cryptography.hazmat.backends.commoncrypto.backend import backend
+        assert backend.cipher_supported(None, None) is False
+
+    def test_register_duplicate_cipher_adapter(self):
+        from cryptography.hazmat.backends.commoncrypto.backend import backend
+        with pytest.raises(ValueError):
+            backend._register_cipher_adapter(
+                AES, backend._lib.kCCAlgorithmAES128,
+                CBC, backend._lib.kCCModeCBC
+            )
+
+    def test_handle_response(self):
+        from cryptography.hazmat.backends.commoncrypto.backend import backend
+
+        with pytest.raises(ValueError):
+            backend._check_response(backend._lib.kCCAlignmentError)
+
+        with pytest.raises(InternalError):
+            backend._check_response(backend._lib.kCCMemoryFailure)
+
+        with pytest.raises(InternalError):
+            backend._check_response(backend._lib.kCCDecodeError)
+
+    def test_nonexistent_aead_cipher(self):
+        from cryptography.hazmat.backends.commoncrypto.backend import Backend
+        b = Backend()
+        cipher = Cipher(
+            DummyCipher(), GCM(b"fake_iv_here"), backend=b,
+        )
+        with pytest.raises(UnsupportedAlgorithm):
+            cipher.encryptor()
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 51eb408f..e527ed19 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -16,7 +16,7 @@ import cffi
 import pytest
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.exceptions import UnsupportedAlgorithm, InternalError
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.backends.openssl.backend import backend, Backend
 from cryptography.hazmat.primitives import interfaces
@@ -168,20 +168,20 @@ class TestOpenSSL(object):
             cipher.encryptor()
 
     def test_handle_unknown_error(self):
-        with pytest.raises(SystemError):
+        with pytest.raises(InternalError):
             backend._handle_error_code(0, 0, 0)
 
-        with pytest.raises(SystemError):
+        with pytest.raises(InternalError):
             backend._handle_error_code(backend._lib.ERR_LIB_EVP, 0, 0)
 
-        with pytest.raises(SystemError):
+        with pytest.raises(InternalError):
             backend._handle_error_code(
                 backend._lib.ERR_LIB_EVP,
                 backend._lib.EVP_F_EVP_ENCRYPTFINAL_EX,
                 0
             )
 
-        with pytest.raises(SystemError):
+        with pytest.raises(InternalError):
             backend._handle_error_code(
                 backend._lib.ERR_LIB_EVP,
                 backend._lib.EVP_F_EVP_DECRYPTFINAL_EX,