Drop support for OpenSSL 1.0.1 (#5178)

4 files changed, 20 insertions, 74 deletions

diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index e9bcc18e..29a1c459 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -4,14 +4,11 @@
 
 from __future__ import absolute_import, division, print_function
 
-import pretend
-
 import pytest
 
 from cryptography.exceptions import InternalError
 from cryptography.hazmat.bindings.openssl.binding import (
-    Binding, _consume_errors, _openssl_assert, _verify_openssl_version,
-    _verify_package_version
+    Binding, _consume_errors, _openssl_assert, _verify_package_version
 )
 
 
@@ -125,12 +122,3 @@ class TestOpenSSL(object):
     def test_version_mismatch(self):
         with pytest.raises(ImportError):
             _verify_package_version("nottherightversion")
-
-    def test_verify_openssl_version(self, monkeypatch):
-        monkeypatch.delenv("CRYPTOGRAPHY_ALLOW_OPENSSL_101", raising=False)
-        lib = pretend.stub(
-            CRYPTOGRAPHY_OPENSSL_LESS_THAN_102=True,
-            CRYPTOGRAPHY_IS_LIBRESSL=False
-        )
-        with pytest.raises(RuntimeError):
-            _verify_openssl_version(lib)
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index f1d434f1..d99ba406 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -352,25 +352,14 @@ class TestAESModeGCM(object):
         encryptor.authenticate_additional_data(aad)
         encryptor.finalize()
 
-        if (
-            backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
-            not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-        ):
-            with pytest.raises(NotImplementedError):
-                decryptor = base.Cipher(
-                    algorithms.AES(key),
-                    modes.GCM(iv),
-                    backend=backend
-                ).decryptor()
-        else:
-            decryptor = base.Cipher(
-                algorithms.AES(key),
-                modes.GCM(iv),
-                backend=backend
-            ).decryptor()
-            decryptor.authenticate_additional_data(aad)
-            with pytest.raises(ValueError):
-                decryptor.finalize()
+        decryptor = base.Cipher(
+            algorithms.AES(key),
+            modes.GCM(iv),
+            backend=backend
+        ).decryptor()
+        decryptor.authenticate_additional_data(aad)
+        with pytest.raises(ValueError):
+            decryptor.finalize()
 
     def test_gcm_tag_decrypt_mode(self, backend):
         key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3")
@@ -408,46 +397,15 @@ class TestAESModeGCM(object):
         encryptor.finalize()
         tag = encryptor.tag
 
-        if (
-            backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
-            not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-        ):
-            with pytest.raises(NotImplementedError):
-                decryptor = base.Cipher(
-                    algorithms.AES(key),
-                    modes.GCM(iv),
-                    backend=backend
-                ).decryptor()
-            decryptor = base.Cipher(
-                algorithms.AES(key),
-                modes.GCM(iv, tag=encryptor.tag),
-                backend=backend
-            ).decryptor()
-        else:
-            decryptor = base.Cipher(
-                algorithms.AES(key),
-                modes.GCM(iv),
-                backend=backend
-            ).decryptor()
+        decryptor = base.Cipher(
+            algorithms.AES(key),
+            modes.GCM(iv),
+            backend=backend
+        ).decryptor()
         decryptor.authenticate_additional_data(aad)
 
-        if (
-            backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
-            not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-        ):
-            with pytest.raises(NotImplementedError):
-                decryptor.finalize_with_tag(tag)
-            decryptor.finalize()
-        else:
-            decryptor.finalize_with_tag(tag)
-
-    @pytest.mark.supported(
-        only_if=lambda backend: (
-            not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
-            backend._lib.CRYPTOGRAPHY_IS_LIBRESSL
-        ),
-        skip_message="Not supported on OpenSSL 1.0.1",
-    )
+        decryptor.finalize_with_tag(tag)
+
     def test_gcm_tag_decrypt_finalize_tag_length(self, backend):
         decryptor = base.Cipher(
             algorithms.AES(b"0" * 16),
diff --git a/tests/wycheproof/test_ecdsa.py b/tests/wycheproof/test_ecdsa.py
index 14542ed7..49a3388d 100644
--- a/tests/wycheproof/test_ecdsa.py
+++ b/tests/wycheproof/test_ecdsa.py
@@ -62,9 +62,9 @@ def test_ecdsa_signature(backend, wycheproof):
             binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend
         )
     except (UnsupportedAlgorithm, ValueError):
-        # In OpenSSL 1.0.1, some keys fail to load with ValueError, instead of
-        # Unsupported Algorithm. We can remove handling for that exception
-        # when we drop support.
+        # In some OpenSSL 1.0.2s, some keys fail to load with ValueError,
+        # instead of  Unsupported Algorithm. We can remove handling for that
+        # exception when we drop support.
         pytest.skip(
             "unable to load key (curve {})".format(
                 wycheproof.testgroup["key"]["curve"]
diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py
index 92fed2b0..064cc7cf 100644
--- a/tests/wycheproof/test_rsa.py
+++ b/tests/wycheproof/test_rsa.py
@@ -50,7 +50,7 @@ def should_verify(backend, wycheproof):
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.supported(
     only_if=lambda backend: (
-        not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or
+        not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL or
         backend._lib.CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER
     ),
     skip_message=(