aboutsummaryrefslogtreecommitdiffstats
path: root/tests/hazmat/backends
Commit message (Collapse)AuthorAgeFilesLines
* Memleak tests (#3140)Alex Gaynor2017-03-141-0/+160
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Bind a pair of mem functions. * make these conditional * do the conditional correctly * move to the right section * I'm not saying libressl should be illegal, but it is annoying * sigh, typo * first cut at memleak tests. doesn't work * hack around the previous error, onto the next one * drop the pointless restoration of the original functions * Don't try to use the previous malloc functions. The default malloc is CRYPTO_malloc which calls the custom ptr you provided, so it just recurses forever. * flake8 * Get the code basically working * flake8 * say the correct incantation * Don't try to run on old OpenSSL * Flushing this is a good idea * Fixed a py2.7+ism * GRRRRR * WOrkaround for hilarity * Revert "WOrkaround for hilarity" This reverts commit 37b9f3b4ed4063eef5add3bb5d5dd592a007d439. * Swap out these functions for the originals * py3k fix * flake8 * nonsense for windows * py3k * seperate stdout and stderr because py26 has a warning on stderr * try writing this all out for windows * useful error messages * Debugging utility * Avoid this mess, don't dlopen anything * consistency * Throw away this FFI entirely * some useful comments
* reverts a change to our exceptions (#3429)Paul Kehrer2017-03-091-5/+3
| | | | | Trying to be too specific about why key loading fails is very difficult when you're using the same logic across DH, EC, RSA, and DSA. This makes it less fancy.
* missing coverage for dh_x942_serialization_supported in MultiBackend (#3432)Paul Kehrer2017-03-081-0/+1
|
* DH subgroup order (q) (#3369)Aviv Palivoda2017-03-052-4/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH q (subgroup order) * Change RFC5114.txt to NIST format * Add tests for DH q * Update docs for DH q * Fix pep8 * Improve test covergae for DH q * Create _dh_params_dup that copy q if DHparams_dup don't On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup call DHparams_dup and if the version is smaller than 1.0.2 copy q manually * Copy q manually on libressl * Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup * Support serialization of DH with q * Add tests for serialization of DH with q * Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true * Raise exception when trying to serialize DH X9.42 when not supported * raise unsupported key type when deserilizing DH X9.42 if not supported * pep8 fixes * Fix test_serialization * Add dhx_serialization_supported method to DHBacked * document q in dh_parameters_supported * Rename dhx_serialization_supported to dh_x942_serialization_supported
* switch the PEM password callback to a C implementation (#3382)Paul Kehrer2017-02-131-15/+24
| | | | | | | | | | | | | | | * switch the PEM password callback to a C implementation Calling from C to Python is fraught with edge cases, especially in subinterpreter land. This commit moves the PEM password callback logic into a small C function and then removes all the infrastructure for the cffi callbacks (as we no longer have any) * review feedback and update tests * rename the struct * aaand one more fix
* enforce password must be bytes when loading PEM/DER asymmetric keys (#3383)Paul Kehrer2017-02-081-1/+1
| | | | | | | | | | * enforce password must be bytes when loading PEM/DER asymmetric keys Previously we were using an ffi.buffer on the Python string, which was allowing text implicitly, but our documentation explicitly requires bytes. * add changelog entry
* add openssl_version_number & doc openssl_version_text (#3329)Paul Kehrer2016-12-211-0/+3
| | | | | | | | | | * add openssl_version_number & doc openssl_version_text fixes #3315 * more docs + actually assert on the test... * text
* Drop 1.0.0 (#3312)Alex Gaynor2016-12-131-151/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * delete the 1.0.0 support * drop the version check * drop the AES-CTR stuff * Update the example * openssl truncates for us now * delete unused test * unused imports * Remove a bunch of conditional bindings for NPN * no more 1.0.0 builders * libressl fix * update the docs * remove dead branches * oops * this is a word, damnit * spelling * try removing this * this test is not needed * unused import
* New osrandom_engine in C (#3229)Christian Heimes2016-12-091-13/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * New osrandom_engine in C Inspired by Python/random.c and the old implementation. Signed-off-by: Christian Heimes <christian@python.org> * osrandom_engine * Fix naming bug caused by search 'n replace mistake * Make it easier to override osrandom auto-detection * Add engine ctrl and backend API to get implementation from ENGINE Signed-off-by: Christian Heimes <christian@python.org> * Better test coverage, documentation, LICENSE Signed-off-by: Christian Heimes <christian@python.org> * Coverage is hard. Signed-off-by: Christian Heimes <christian@python.org> * * enable win32 check * read() returns size_t Signed-off-by: Christian Heimes <christian@python.org> * Add macOS to spelling list. Remove dead code from header file. Signed-off-by: Christian Heimes <christian@python.org> * remove CCRandomGenerateBytes path and update getentropy to work on macOS This change allows us to test all the engines in our CI: * getentropy (tested by macOS sierra) * getrandom (tested on several linux builders) * /dev/urandom (tested on FreeBSD, OS X 10.11 and below, & older linux) * CryptGenRandom (tested on windows builders) I also fixed bugs preventing compilation in the getentropy code * getentropy() returns int and is restricted to 256 bytes on macOS, too. Signed-off-by: Christian Heimes <christian@python.org> * add versionadded * Re-add import of os module * Fixes related to Alex's recent review. Signed-off-by: Christian Heimes <christian@python.org> * Add error reporting and fail for EAGAIN Add error reporting strings for various error cases. This gives us much nicer and understandable error messages. SYS_getrandom() EAGAIN is now an error. Cryptography refuses to initialize its osrandom engine when the Kernel's CPRNG hasn't been seeded yet. Signed-off-by: Christian Heimes <christian@python.org>
* OpenSSL DH backend implementation [Second attempt] (#2914)Aviv Palivoda2016-11-261-3/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Start of OpenSSL DH backend implementation * Supporting DH in MultiBackend * DHBackend has dh_parameters_supported method * Removed DHParametersWithNumbers and DHPrivateKeyWithNumbers from documentation * Removed ExchangeContext. exchange is a method of DHPrivateKeyWithSerialization * PEP8 fixes * Fixed TestDH.test_bad_tls_exchange * Fixed generate_private_key reference in dh documentation * test DH multibackend support * testing DH coversion to serialized * Validating that we receive serialized class in test_generate_dh * Testing DH exchange symmetric key padding * struct DH is now opaqued * PEP8 fixes * Testing load_dh_private_numbers throws ValueError when DH_check fails * Using openssl_assert * Passing keywords arguments in DH key exchange example * test_dh::test_bad_tls_exchange now uses pre calculated parameters * TestDH - Add test that the computed secret is equivalent to the definition by comparing with secret computed in pure python * Add missing generator parameter to DHBackend interface docs. * Include parameter type in DHBackend abc docs. * Add docs for dh.generate_parameters function * Remove the dh Numbers section, and move the DHNumbers class docs to where they are first used. * Add note of big endian byte packing to DH exchange method. * DH documentation updates. Add single sentence overview with wikipedia link. Add paragraph on assembling using Numbers objects. Add link to backend interface docs. First section was all indented, I think by mistake. * Add exchange method to DHPrivateKey abstract base class. * Small tweaks to DH documentation - remove Provider. * Add endian to dictionary * Use utils.int_from_bytes in test_tls_exchange_algorithm * Removed duplicate line * Change dh.rst exchange algorithm from doctest to code-block The example in the Diffie-Hellman exhange algorithm is using 2048 bits key. Generating the parameters of 2048 takes long time. This caused the automated tests to fail. In order to pass the tests we change the example to code-block so it will not run in the doc tests. * Fix dh docs * Document the generator in DHBackend relevant methods * Fix dh tests * use DHparams_dup * Fix key type to unsigned char as expected by DH_compute_key * Validate that DH generator is 2 or 5 * test dh exchange using botan vectors * group all numbers classes * Simplify _DHPrivateKey * Rename test with serialized to numbers * Move bad exchange params to external vector file * update exchange versionadded to 1.7 * Make key_size bit accurate * Change botan link * Added CHANGELOG entry
* change derive_elliptic_curve_public_point to return EllipticCurvePubl… (#3243)Paul Kehrer2016-11-181-3/+3
| | | | | | | | | | | | | | * change derive_elliptic_curve_public_point to return EllipticCurvePublicKey * also rename the backend interface method * review feedback * Rename to derive_elliptic_curve_private_key * Returns EllipticCurvePrivateKey * Reuses the EC_POINT in the openssl impl * Rename "secret" arg to "private_value" which is consistent with our naming for the value in ECPrivateNumbers.
* workaround for application bundling tools (#3235)Paul Kehrer2016-11-141-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | * cx_freeze support for default_backend * updated tabing to spaces * corrected spacing * moved finding backend to backends __init__ * update to check to see if sys is frozen * corrected pep8 issues * update based on comments * changes to simplify, support testing, and improve comments * add changelog entry * right, coverage. I remember now. Time for some contortions. * updated with review feedback
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-131-0/+6
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* add ec.private_key_from_secret_and_curve (#3225)Ofek Lev2016-11-111-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * finish https://github.com/pyca/cryptography/pull/1973 * change API & add test Function will now return an instance of EllipticCurvePrivateKey, as that is the users' ultimate goal anyway. * fix test * improve coverage * complete coverage * final fix * centos fix * retry * cleanup asserts * use openssl_assert * skip unsupported platforms * change API name to derive_private_key * change version added * improve description of `secret` param * separate successful and failure test cases * simplify successful case * add docs for derive_elliptic_curve_public_point * add period
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set (#3162)Paul Kehrer2016-09-221-1/+1
| | | | | | | | | | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set * add a comment explaining why we changed this * 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i * needs to be visible
* fix warnings in cffi 1.8.3 due to wrong buffer types (#3155)Paul Kehrer2016-09-211-2/+2
|
* Scrypt Implementation (#3117)Terry Chia2016-09-011-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | * Scrypt implementation. * Docs stuff. * Make example just an example and not a doctest. * Add changelog entry. * Docs cleanup. * Add more tests. * Add multibackend tests. * PEP8. * Add docs about Scrypt parameters. * Docs cleanup. * Add AlreadyFinalized.
* OpenSSL 1.1.0 support (#2826)Paul Kehrer2016-08-261-7/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * make pre5 work * add a blank line to make the diff happier * 1.1.0-pre6 working * support the changes since 1.1.0-pre6 * fixes * add 1.1.0 to travis * expose the symbol * better testing for numericstring * handle libre... * actually use the 1.1.0 we compile * cache the ossl-110 dir on travis * add some newlines * changelog entry for 1.1.0 support * note that we test on 1.1.0 * proper skip on this test * reorder
* Use a series of constants for OpenSSL version checks (#3037)Alex Gaynor2016-07-111-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | * Use a series of constants for OpenSSL version checks. N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely! * Convert some python as well, also add the file * flake8 * Simplify code, remove functionality that can be expressed more simply * clean up the tests as well * more constants * wrap long lines * reflect feedback * unused * add this back?
* Complete the removal of the string '0.9.8' (#3005)Alex Gaynor2016-06-201-1/+1
| | | We have always been at war with OpenSSL 0.9.8
* Remove a binding and comments that reference 0.9.8 (#2984)Alex Gaynor2016-06-181-1/+1
|
* Drop OpenSSL 0.9.8 (#2978)Alex Gaynor2016-06-181-25/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Drop OpenSSL 0.9.8 * Drop this test, it's not relevant any longer * unused import * Remove CRYPTOGRAPHY_ALLOW_OPENSSL_098=1 from our tox * removed unused code for Cryptography_HAS_PKEY_CTX * return unused code for _AESCTRCipherContext * syntax :-( * remove some unused tests and skips * remove unused code for Cryptography_HAS_PBKDF2_HMAC * Revert "return unused code for _AESCTRCipherContext" This reverts commit 7d149729205aa4c9735eb322414b167a75b302df. * Remove unused RSA code * Remove unused test code for conditional bindings * Remove unused dsa code * unused import * Remove unused x509 extension code * Remove unused EC code * Attempt to remove unused DER key loading code * document this * grammar * Added back this paragraph * Update docs
* RSA OAEP SHA2 Support (#2956)Paul Kehrer2016-06-041-2/+74
| | | | | | | | | | | | | | | | | | | | * some rsa oaep sha2 support * various improvements * fix a thing * simplify * update the test * styyyyyle * more styyyyle * fix libre, remove a skip that should never be hit * OAEP version check fixes
* Use teardown since we ignore the method arg anyways (#2928)Alex Gaynor2016-05-301-2/+1
|
* Replacing test_osrandom_engine_is_default. (#2905)Andreas Moser2016-05-291-0/+12
| | | | | | | | | | | | | | | | | | | * Removing test_osrandom_engine_is_default. test_osrandom_engine_is_default depends on having a valid sys.executable. This attribute is not always set (see https://docs.python.org/2/library/sys.html#sys.executable ) so, in some environments, this test fails. I moved the functionality of the test into the setup and teardown methods so the correct behavior is still tested. * Fixing some style issues. * Removing an unnecessary newline. * Putting back the test. * Moving the assert from teardown to setup.
* Merge pull request #2815 from reaperhulk/error-on-unusual-encodingsAlex Gaynor2016-03-121-0/+21
|\ | | | | Error on unusual encodings
| * py3 is a thingPaul Kehrer2016-03-121-1/+1
| |
| * move NUMERICSTRING certificate test to test_openssl & make it more specificPaul Kehrer2016-03-121-0/+21
| |
* | make multibackend error with an empty list. fixes #2717Paul Kehrer2016-03-111-5/+15
|/
* Un-double the test doublesAlex Gaynor2016-03-052-50/+16
|
* Send stderr someplaceAlex Gaynor2016-02-271-1/+2
| | | | Otherwise there's noise in the test output on python 2.6
* Actually allocate a buffer that is the correct size.Tristan Seligmann2016-02-081-2/+3
|
* give a real EVP_PKEY with an invalid default key type to the testPaul Kehrer2016-01-071-2/+0
|
* opaque EVP_PKEY since EVP_PKEY_id existsPaul Kehrer2016-01-071-1/+1
|
* Support EC and DSA signing of CRLs in the OpenSSL backendPaul Kehrer2015-12-271-0/+37
|
* move two tests to the openssl backend tests where they belongPaul Kehrer2015-12-261-1/+51
|
* RevokedCertificateBuilderPaul Kehrer2015-12-251-2/+2
|
* add create_x509_revoked_certificate to x509backend interfacePaul Kehrer2015-12-252-0/+12
|
* Merge pull request #2567 from alex/this-is-americaPaul Kehrer2015-12-241-1/+1
|\ | | | | Spell serialization consistently
| * Spell serialization consistentlyAlex Gaynor2015-12-241-1/+1
| |
* | CertificateRevocationListBuilderPaul Kehrer2015-12-241-3/+6
|/ | | | | RSA keys only. Currently does not support CRL extensions or CRLEntry extensions.
* coveragePaul Kehrer2015-12-241-0/+5
|
* add create_x509_crl interfacePaul Kehrer2015-12-241-0/+8
|
* Change password callback to use userdata pointerChristian Heimes2015-12-201-2/+15
| | | | | | | | | Instead of a closure the pem_password_cb now uses the void *userdata argument to exchange data with the callback function. It's a necessary step to port all callbacks to new static callbacks. See: #2477 Signed-off-by: Christian Heimes <christian@python.org>
* Merge branch 'master' into crl_ossl_backendErik Trauschke2015-10-202-4/+21
|\
| * better place for this testAlex Gaynor2015-10-191-7/+0
| |
| * another testAlex Gaynor2015-10-191-0/+7
| |
| * a refactor to the APIAlex Gaynor2015-10-172-23/+18
| |
| * Add an Elliptic Curve Key Exchange Algorithm(ECDH)Simo Sorce2015-10-172-2/+24
| | | | | | | | | | | | | | | | | | The ECDH Key Exchange algorithm as standardized in NIST publication 800-56A Revision 2 Includes tests with vectors from NIST. Signed-off-by: Simo Sorce <simo@redhat.com>
* | Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-281-19/+1
|\|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 06:58:51 +0000