diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-02-13 20:01:23 -0600 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-02-13 18:01:23 -0800 |
| commit | 4a90c254278231d7defeac304a3cfd752e96e786 (patch) | |
| tree | 7133b8188ad38f12b44c40064c6021566e070595 /tests | |
| parent | bd7cd2d43f75bd34830dfbeaf0ac4f8be2fce9a7 (diff) | |
| download | cryptography-4a90c254278231d7defeac304a3cfd752e96e786.tar.gz cryptography-4a90c254278231d7defeac304a3cfd752e96e786.tar.bz2 cryptography-4a90c254278231d7defeac304a3cfd752e96e786.zip | |
switch the PEM password callback to a C implementation (#3382)
* switch the PEM password callback to a C implementation
Calling from C to Python is fraught with edge cases, especially in
subinterpreter land. This commit moves the PEM password callback logic
into a small C function and then removes all the infrastructure for the
cffi callbacks (as we no longer have any)
* review feedback and update tests
* rename the struct
* aaand one more fix
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index a8198317..ff8a42ef 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -497,23 +497,32 @@ class TestOpenSSLCreateRevokedCertificate(object): class TestOpenSSLSerializationWithOpenSSL(object): - def test_pem_password_cb_buffer_too_small(self): - ffi_cb, userdata = backend._pem_password_cb(b"aa") - handle = backend._ffi.new_handle(userdata) - buf = backend._ffi.new('char *') - assert ffi_cb(buf, 1, False, handle) == 0 - assert userdata.called == 1 - assert isinstance(userdata.exception, ValueError) - def test_pem_password_cb(self): - password = b'abcdefg' - buf_size = len(password) + 1 - ffi_cb, userdata = backend._pem_password_cb(password) - handle = backend._ffi.new_handle(userdata) - buf = backend._ffi.new('char[]', buf_size) - assert ffi_cb(buf, buf_size, False, handle) == len(password) + userdata = backend._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *") + pw = b"abcdefg" + password = backend._ffi.new("char []", pw) + userdata.password = password + userdata.length = len(pw) + buflen = 10 + buf = backend._ffi.new("char []", buflen) + res = backend._lib.Cryptography_pem_password_cb( + buf, buflen, 0, userdata + ) + assert res == len(pw) assert userdata.called == 1 - assert backend._ffi.string(buf, len(password)) == password + assert backend._ffi.buffer(buf, len(pw))[:] == pw + assert userdata.maxsize == buflen + assert userdata.error == 0 + + def test_pem_password_cb_no_password(self): + userdata = backend._ffi.new("CRYPTOGRAPHY_PASSWORD_DATA *") + buflen = 10 + buf = backend._ffi.new("char []", buflen) + res = backend._lib.Cryptography_pem_password_cb( + buf, buflen, 0, userdata + ) + assert res == 0 + assert userdata.error == -1 def test_unsupported_evp_pkey_type(self): key = backend._create_evp_pkey_gc() |