From 2d3b420383fc6aa16675e04caec56ca6b16069a1 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 28 Jul 2019 13:06:40 -0400 Subject: Remove asn1crypto dependency (#4941) * Remove non-test dependencies on asn1crypto. cryptography.io actually contains two OpenSSL bindings right now, the expected cffi one, and an optional one hidden in asn1crypto. asn1crypto contains a lot of things that cryptography.io doesn't use, including a BER parser and a hand-rolled and not constant-time EC implementation. Instead, check in a much small DER-only parser in cryptography/hazmat. A quick benchmark suggests this parser is also faster than asn1crypto: from __future__ import absolute_import, division, print_function import timeit print(timeit.timeit( "decode_dss_signature(sig)", setup=r""" from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature sig=b"\x30\x2d\x02\x15\x00\xb5\xaf\x30\x78\x67\xfb\x8b\x54\x39\x00\x13\xcc\x67\x02\x0d\xdf\x1f\x2c\x0b\x81\x02\x14\x62\x0d\x3b\x22\xab\x50\x31\x44\x0c\x3e\x35\xea\xb6\xf4\x81\x29\x8f\x9e\x9f\x08" """, number=10000)) Python 2.7: asn1crypto: 0.25 _der.py: 0.098 Python 3.5: asn1crypto: 0.17 _der.py: 0.10 * Remove test dependencies on asn1crypto. The remaining use of asn1crypto was some sanity-checking of Certificates. Add a minimal X.509 parser to extract the relevant fields. * Add a read_single_element helper function. The outermost read is a little tedious. * Address flake8 warnings * Fix test for long-form vs short-form lengths. Testing a zero length trips both this check and the non-minimal long form check. Use a one-byte length to cover the missing branch. * Remove support for negative integers. These never come up in valid signatures. Note, however, this does change public API. * Update src/cryptography/hazmat/primitives/asymmetric/utils.py Co-Authored-By: Alex Gaynor * Review comments * Avoid hardcoding the serialization of NULL in decode_asn1.py too. --- .azure-pipelines/wheel-builder.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to '.azure-pipelines') diff --git a/.azure-pipelines/wheel-builder.yml b/.azure-pipelines/wheel-builder.yml index edd1dd51..b3ec8ee0 100644 --- a/.azure-pipelines/wheel-builder.yml +++ b/.azure-pipelines/wheel-builder.yml @@ -37,7 +37,7 @@ jobs: displayName: Update wheel to the latest version - script: .venv/bin/pip install -U pip==10.0.1 displayName: Downgrade pip lol - - script: .venv/bin/pip install cffi six asn1crypto ipaddress "enum34; python_version < '3'" + - script: .venv/bin/pip install cffi six ipaddress "enum34; python_version < '3'" displayName: Install our Python dependencies - script: | @@ -106,7 +106,7 @@ jobs: displayName: Create virtualenv - script: .venv/bin/pip install -U pip==10.0.1 displayName: Downgrade pip lol - - script: .venv/bin/pip install cffi six asn1crypto ipaddress enum34 + - script: .venv/bin/pip install cffi six ipaddress enum34 displayName: Install our Python dependencies - script: | set -e @@ -207,7 +207,7 @@ jobs: steps: - script: '"C:/Python%PYTHON_VERSION%/python.exe" -m pip install -U pip==10.0.1' displayName: Downgrade pip lol - - script: '"C:/Python%PYTHON_VERSION%/Scripts/pip" install wheel cffi six asn1crypto ipaddress enum34' + - script: '"C:/Python%PYTHON_VERSION%/Scripts/pip" install wheel cffi six ipaddress enum34' displayName: Install wheel and our Python dependencies - script: | set INCLUDE=C:/%OPENSSL_DIR%/include;%INCLUDE% -- cgit v1.2.3