From af09025900863a2a196eb67b1ec844a8626caa0c Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 08:22:03 -0500 Subject: bind a few more assorted random simple things --- cryptography/hazmat/backends/openssl/crypto.py | 6 ++++++ cryptography/hazmat/backends/openssl/opensslv.py | 1 + cryptography/hazmat/backends/openssl/rand.py | 1 + cryptography/hazmat/backends/openssl/ssl.py | 2 ++ 4 files changed, 10 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py index 8d88c16e..71d32c52 100644 --- a/cryptography/hazmat/backends/openssl/crypto.py +++ b/cryptography/hazmat/backends/openssl/crypto.py @@ -16,6 +16,11 @@ INCLUDES = """ """ TYPES = """ +static const int SSLEAY_VERSION; +static const int SSLEAY_CFLAGS; +static const int SSLEAY_PLATFORM; +static const int SSLEAY_DIR; +static const int SSLEAY_BUILT_ON; """ FUNCTIONS = """ @@ -32,6 +37,7 @@ MACROS = """ void CRYPTO_add(int *, int, int); void CRYPTO_malloc_init(); void CRYPTO_malloc_debug_init(); + #define CRYPTO_MEM_CHECK_ON ... #define CRYPTO_MEM_CHECK_OFF ... #define CRYPTO_MEM_CHECK_ENABLE ... diff --git a/cryptography/hazmat/backends/openssl/opensslv.py b/cryptography/hazmat/backends/openssl/opensslv.py index 37bbd2a7..4e110327 100644 --- a/cryptography/hazmat/backends/openssl/opensslv.py +++ b/cryptography/hazmat/backends/openssl/opensslv.py @@ -16,6 +16,7 @@ INCLUDES = """ """ TYPES = """ +static const int OPENSSL_VERSION_NUMBER; static char *const OPENSSL_VERSION_TEXT; """ diff --git a/cryptography/hazmat/backends/openssl/rand.py b/cryptography/hazmat/backends/openssl/rand.py index ddd0a3d8..5ac36cac 100644 --- a/cryptography/hazmat/backends/openssl/rand.py +++ b/cryptography/hazmat/backends/openssl/rand.py @@ -19,6 +19,7 @@ TYPES = """ """ FUNCTIONS = """ +void ERR_load_RAND_strings(); void RAND_seed(const void *, int); void RAND_add(const void *, int, double); int RAND_status(); diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index bf1ffcc6..168d5429 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -36,6 +36,7 @@ static const int SSL_RECEIVED_SHUTDOWN; static const int SSL_OP_NO_SSLv2; static const int SSL_OP_NO_SSLv3; static const int SSL_OP_NO_TLSv1; +static const int SSL_OP_NO_COMPRESSION; static const int SSL_OP_SINGLE_DH_USE; static const int SSL_OP_EPHEMERAL_RSA; static const int SSL_OP_MICROSOFT_SESS_ID_BUG; @@ -93,6 +94,7 @@ static const int SSL_CB_HANDSHAKE_DONE; static const int SSL_MODE_ENABLE_PARTIAL_WRITE; static const int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; static const int SSL_MODE_AUTO_RETRY; +static const int SSL_MODE_RELEASE_BUFFERS; static const int SSL3_RANDOM_SIZE; typedef ... X509_STORE_CTX; static const int X509_V_OK; -- cgit v1.2.3 From 21a37548b5c1cd2df9f2e3e7131e4ae3d72c333a Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 11:13:34 -0500 Subject: Try making SSL_MODE_RELEASE_BUFFERS conditional on whether the underlying OpenSSL library has this flag --- cryptography/hazmat/backends/openssl/ssl.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 168d5429..3af0074e 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -94,7 +94,6 @@ static const int SSL_CB_HANDSHAKE_DONE; static const int SSL_MODE_ENABLE_PARTIAL_WRITE; static const int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; static const int SSL_MODE_AUTO_RETRY; -static const int SSL_MODE_RELEASE_BUFFERS; static const int SSL3_RANDOM_SIZE; typedef ... X509_STORE_CTX; static const int X509_V_OK; @@ -263,6 +262,13 @@ void (*SSL_CTX_set_tlsext_servername_callback)( SSL_CTX *, int (*)(const SSL *, int *, void *)) = NULL; #endif + +#ifdef SSL_MODE_RELEASE_BUFFERS +static const int Cryptography_HAS_RELEASE_BUFFERS = 1; +#else +static const int Cryptography_HAS_RELEASE_BUFFERS = 0; +const int SSL_MODE_RELEASE_BUFFERS = 0; +#endif """ CONDITIONAL_NAMES = { @@ -276,5 +282,10 @@ CONDITIONAL_NAMES = { "SSL_set_tlsext_host_name", "SSL_get_servername", "SSL_CTX_set_tlsext_servername_callback", - ] + ], + + "Cryptography_HAS_RELEASE_BUFFERS": [ + "SSL_MODE_RELEASE_BUFFERS", + ], + } -- cgit v1.2.3 From ab51df1d664fafe1426748e38ddb125cf31d4052 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 11:16:12 -0500 Subject: Finish that conditional support --- cryptography/hazmat/backends/openssl/ssl.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 3af0074e..a1acde38 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -22,6 +22,11 @@ static const int Cryptography_HAS_SSL2; /* Internally invented symbol to tell us if SNI is supported */ static const int Cryptography_HAS_TLSEXT_HOSTNAME; +/* Internally invented symbol to tell us if SSL_MODE_RELEASE_BUFFERS is + * supported + */ +static const int Cryptography_HAS_RELEASE_BUFFERS; + static const int SSL_FILETYPE_PEM; static const int SSL_FILETYPE_ASN1; static const int SSL_ERROR_NONE; @@ -91,6 +96,7 @@ static const int SSL_CB_CONNECT_LOOP; static const int SSL_CB_CONNECT_EXIT; static const int SSL_CB_HANDSHAKE_START; static const int SSL_CB_HANDSHAKE_DONE; +static const int SSL_MODE_RELEASE_BUFFERS; static const int SSL_MODE_ENABLE_PARTIAL_WRITE; static const int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER; static const int SSL_MODE_AUTO_RETRY; -- cgit v1.2.3 From 22af23ebbbee831f8d9874ebf9080b4b5ed545b7 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 23 Dec 2013 15:00:02 -0500 Subject: Also make SSL_OP_NO_COMPRESSION optional --- cryptography/hazmat/backends/openssl/ssl.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index a1acde38..3fd0bf23 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -27,6 +27,11 @@ static const int Cryptography_HAS_TLSEXT_HOSTNAME; */ static const int Cryptography_HAS_RELEASE_BUFFERS; +/* Internally invented symbol to tell us if SSL_OP_NO_COMPRESSION is + * supported + */ +static const int Cryptography_HAS_OP_NO_COMPRESSION; + static const int SSL_FILETYPE_PEM; static const int SSL_FILETYPE_ASN1; static const int SSL_ERROR_NONE; @@ -275,6 +280,13 @@ static const int Cryptography_HAS_RELEASE_BUFFERS = 1; static const int Cryptography_HAS_RELEASE_BUFFERS = 0; const int SSL_MODE_RELEASE_BUFFERS = 0; #endif + +#ifdef SSL_OP_NO_COMPRESSION +static const int Cryptography_HAS_OP_NO_COMPRESSION = 1; +#else +static const int Cryptography_HAS_OP_NO_COMPRESSION = 0; +const int SSL_OP_NO_COMPRESSION = 0; +#endif """ CONDITIONAL_NAMES = { @@ -294,4 +306,8 @@ CONDITIONAL_NAMES = { "SSL_MODE_RELEASE_BUFFERS", ], + "Cryptography_HAS_OP_NO_COMPRESSION": [ + "SSL_OP_NO_COMPRESSION", + ], + } -- cgit v1.2.3 From 90ae866e0a83ef92ce2b2e7c58ccb86e79f3bee8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Dec 2013 17:21:00 -0600 Subject: add hmac_supported method to backend. Previously we were implicitly assuming that if a hash was supported then its hmac equivalent was as well. --- cryptography/hazmat/backends/openssl/backend.py | 3 +++ docs/hazmat/backends/interfaces.rst | 15 +++++++++++++-- tests/hazmat/primitives/test_hmac.py | 2 +- tests/hazmat/primitives/test_hmac_vectors.py | 14 +++++++------- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index f11ddf22..7b67fb0b 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -184,6 +184,9 @@ class Backend(object): digest = self.lib.EVP_get_digestbyname(algorithm.name.encode("ascii")) return digest != self.ffi.NULL + def hmac_supported(self, algorithm): + return self.hash_supported(algorithm) + def create_hash_ctx(self, algorithm): return _HashContext(self, algorithm) diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index b524943d..45fbaf09 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -126,12 +126,23 @@ A specific ``backend`` may provide one or more of these interfaces. A backend with methods for using cryptographic hash functions as message authentication codes. + .. method:: hmac_supported(algorithm) + + Check if the specified ``algorithm`` is supported by this backend. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` + provider. + + :returns: ``True`` if the specified ``algorithm`` is supported for HMAC + by this backend, otherwise ``False``. + .. method:: create_hmac_ctx(algorithm) Create a :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that - uses the specified ``algorithm`` to calculate a hash-based message - authentication code. + uses the specified ``algorithm`` to calculate a hash-based message + authentication code. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 124c4377..1e776c98 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -34,7 +34,7 @@ class UnsupportedDummyHash(object): class TestHMAC(object): test_copy = generate_base_hmac_test( hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), + only_if=lambda backend: backend.hmac_supported(hashes.MD5), skip_message="Does not support MD5", ) diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index 7d0f156a..f884d850 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -27,7 +27,7 @@ class TestHMAC_MD5(object): "rfc-2202-md5.txt", ], hashes.MD5(), - only_if=lambda backend: backend.hash_supported(hashes.MD5), + only_if=lambda backend: backend.hmac_supported(hashes.MD5), skip_message="Does not support MD5", ) @@ -40,7 +40,7 @@ class TestHMAC_SHA1(object): "rfc-2202-sha1.txt", ], hashes.SHA1(), - only_if=lambda backend: backend.hash_supported(hashes.SHA1), + only_if=lambda backend: backend.hmac_supported(hashes.SHA1), skip_message="Does not support SHA1", ) @@ -53,7 +53,7 @@ class TestHMAC_SHA224(object): "rfc-4231-sha224.txt", ], hashes.SHA224(), - only_if=lambda backend: backend.hash_supported(hashes.SHA224), + only_if=lambda backend: backend.hmac_supported(hashes.SHA224), skip_message="Does not support SHA224", ) @@ -66,7 +66,7 @@ class TestHMAC_SHA256(object): "rfc-4231-sha256.txt", ], hashes.SHA256(), - only_if=lambda backend: backend.hash_supported(hashes.SHA256), + only_if=lambda backend: backend.hmac_supported(hashes.SHA256), skip_message="Does not support SHA256", ) @@ -79,7 +79,7 @@ class TestHMAC_SHA384(object): "rfc-4231-sha384.txt", ], hashes.SHA384(), - only_if=lambda backend: backend.hash_supported(hashes.SHA384), + only_if=lambda backend: backend.hmac_supported(hashes.SHA384), skip_message="Does not support SHA384", ) @@ -92,7 +92,7 @@ class TestHMAC_SHA512(object): "rfc-4231-sha512.txt", ], hashes.SHA512(), - only_if=lambda backend: backend.hash_supported(hashes.SHA512), + only_if=lambda backend: backend.hmac_supported(hashes.SHA512), skip_message="Does not support SHA512", ) @@ -105,6 +105,6 @@ class TestHMAC_RIPEMD160(object): "rfc-2286-ripemd160.txt", ], hashes.RIPEMD160(), - only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160), + only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160), skip_message="Does not support RIPEMD160", ) -- cgit v1.2.3 From 4f776c495cfef4dd29023cb7bb035612d1e53916 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Dec 2013 17:25:54 -0600 Subject: fix erroneous indent and add abstractmethod to HMACBackend --- cryptography/hazmat/backends/interfaces.py | 7 +++++++ docs/hazmat/backends/interfaces.rst | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 912476bb..9a570968 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -59,6 +59,13 @@ class HashBackend(six.with_metaclass(abc.ABCMeta)): class HMACBackend(six.with_metaclass(abc.ABCMeta)): + @abc.abstractmethod + def hmac_supported(self, algorithm): + """ + Return True if the hash algorithm is supported for HMAC by this + backend. + """ + @abc.abstractmethod def create_hmac_ctx(self, key, algorithm): """ diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 45fbaf09..5b6cd64d 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -141,8 +141,8 @@ A specific ``backend`` may provide one or more of these interfaces. Create a :class:`~cryptogrpahy.hazmat.primitives.interfaces.HashContext` that - uses the specified ``algorithm`` to calculate a hash-based message - authentication code. + uses the specified ``algorithm`` to calculate a hash-based message + authentication code. :param algorithm: An instance of a :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` -- cgit v1.2.3 From 93a0b2f1f7ec9fcc2c0f5327f4f88378ae19561e Mon Sep 17 00:00:00 2001 From: David Reid Date: Mon, 23 Dec 2013 15:56:21 -0800 Subject: Run py.test with catpure=no for more faster. --- tox.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tox.ini b/tox.ini index 39fe024f..61143112 100644 --- a/tox.ini +++ b/tox.ini @@ -7,7 +7,7 @@ deps = coverage pretend commands = - coverage run --source=cryptography/,tests/ -m pytest --strict + coverage run --source=cryptography/,tests/ -m pytest --capture=no --strict coverage report -m [testenv:docs] @@ -24,7 +24,7 @@ commands = # Temporarily disable coverage on pypy because of performance problems with # coverage.py on pypy. [testenv:pypy] -commands = py.test +commands = py.test --capture=no [testenv:pep8] deps = flake8 -- cgit v1.2.3 From c80c68da793a255c552e0131ebc07ba2cf911570 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 23 Dec 2013 19:38:08 -0600 Subject: add more skip check lambdas --- tests/hazmat/primitives/test_3des.py | 24 ++++++++++++++++++++++++ tests/hazmat/primitives/test_aes.py | 16 ++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index 0db56f47..4e380dee 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -39,6 +39,10 @@ class TestTripleDES_CBC(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) + ), + skip_message="Does not support TripleDES CBC", ) test_MMT = generate_encrypt_test( @@ -53,6 +57,10 @@ class TestTripleDES_CBC(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8) + ), + skip_message="Does not support TripleDES CBC", ) @@ -69,6 +77,10 @@ class TestTripleDES_OFB(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) + ), + skip_message="Does not support TripleDES OFB", ) test_MMT = generate_encrypt_test( @@ -83,6 +95,10 @@ class TestTripleDES_OFB(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8) + ), + skip_message="Does not support TripleDES OFB", ) @@ -99,6 +115,10 @@ class TestTripleDES_CFB(object): ], lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) + ), + skip_message="Does not support TripleDES CFB", ) test_MMT = generate_encrypt_test( @@ -113,4 +133,8 @@ class TestTripleDES_CFB(object): binascii.unhexlify(key1 + key2 + key3) ), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8) + ), + skip_message="Does not support TripleDES CFB", ) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 9e5a3cb5..241772e6 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -47,6 +47,10 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16) + ), + skip_message="Does not support AES CBC", ) test_ECB = generate_encrypt_test( @@ -71,6 +75,10 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda **kwargs: modes.ECB(), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.ECB() + ), + skip_message="Does not support AES ECB", ) test_OFB = generate_encrypt_test( @@ -95,6 +103,10 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16) + ), + skip_message="Does not support AES OFB", ) test_CFB = generate_encrypt_test( @@ -119,6 +131,10 @@ class TestAES(object): ], lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)), lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)), + only_if=lambda backend: backend.cipher_supported( + algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16) + ), + skip_message="Does not support AES CFB", ) test_CTR = generate_encrypt_test( -- cgit v1.2.3 From 1a9bbf24301a9b0dc76ede1128d74ca629075888 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 10:59:50 -0800 Subject: Document our API stability policy. Fixes #312 --- docs/contributing.rst | 1 - docs/index.rst | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/contributing.rst b/docs/contributing.rst index 744f2098..620e1b6a 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -136,7 +136,6 @@ Include a space after commas between parameters: // Bad long f(int,char *) - Documentation ------------- diff --git a/docs/index.rst b/docs/index.rst index 381063df..70558bda 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -75,4 +75,5 @@ The ``cryptography`` open source project contributing security + api-stability community -- cgit v1.2.3 From f5415c859d4e413e9ac8b1862157babdcbda88ec Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 11:00:15 -0800 Subject: Forgotten file --- docs/api-stability.rst | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 docs/api-stability.rst diff --git a/docs/api-stability.rst b/docs/api-stability.rst new file mode 100644 index 00000000..6497a687 --- /dev/null +++ b/docs/api-stability.rst @@ -0,0 +1,48 @@ +API Stability +============= + +From its first release, ``cryptography`` will have a strong API stability +policy. + +What does this policy cover? +---------------------------- + +This policy includes any API or behavior which is documented in this +documentation. + +What does "stable" mean? +------------------------ + +* Public APIs will not be removed or renamed without providing a compatibility + alias. +* The behavior of existing APIs will not change. + +What doesn't this policy cover? +------------------------------- + +* We may add new features, things like the result of ``dir(obj))`` or the + contents of ``obj.__dict__`` may change. +* Objects are not guarnteed to be pickleable, and pickled objects from one + version of ``cryptography`` may not be loadable in future versions. + +Security +~~~~~~~~ + +In the event a security vulnerability, or hardening necessitates it, we will +break backwards compatibility in order to address an issue. + +Deprecation +----------- + +From time to time we will want to change the behavior of an API or remove it +entirely. In that case, here's how the process will work: + +* In ``cryptography X.Y`` the feature exists. +* In ``cryptography X.Y+1`` using that feature will emit a + ``PendingDeprecationWarning``. +* In ``cryptography X.Y+2`` using that feature will emit a + ``DeprecationWarning``. +* In ``cryptography X.Y+3`` the feature will be removed or changed. + +In short, code which runs without warnings will always continue to work for a +period of two releases. -- cgit v1.2.3 From 6cf1e697a8024c779b9b86d29f300a3bfed30cfe Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 11:02:54 -0800 Subject: Note abotu development versions --- docs/api-stability.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/api-stability.rst b/docs/api-stability.rst index 6497a687..40608ac5 100644 --- a/docs/api-stability.rst +++ b/docs/api-stability.rst @@ -24,6 +24,8 @@ What doesn't this policy cover? contents of ``obj.__dict__`` may change. * Objects are not guarnteed to be pickleable, and pickled objects from one version of ``cryptography`` may not be loadable in future versions. +* Development versions of ``cryptography``. Before a feature is in a release, + it is not covered by this policy and may change. Security ~~~~~~~~ -- cgit v1.2.3 From d43134ae57a1bb91bfa47a53176a88789728d686 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 11:03:16 -0800 Subject: Typo --- docs/api-stability.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api-stability.rst b/docs/api-stability.rst index 40608ac5..a457306f 100644 --- a/docs/api-stability.rst +++ b/docs/api-stability.rst @@ -22,7 +22,7 @@ What doesn't this policy cover? * We may add new features, things like the result of ``dir(obj))`` or the contents of ``obj.__dict__`` may change. -* Objects are not guarnteed to be pickleable, and pickled objects from one +* Objects are not guaranteed to be pickleable, and pickled objects from one version of ``cryptography`` may not be loadable in future versions. * Development versions of ``cryptography``. Before a feature is in a release, it is not covered by this policy and may change. -- cgit v1.2.3 From 1c9e57bbc64d5023ec9d35f162b0a071a39b0a48 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 12:47:45 -0800 Subject: Rephrase --- docs/api-stability.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/api-stability.rst b/docs/api-stability.rst index a457306f..e87cc140 100644 --- a/docs/api-stability.rst +++ b/docs/api-stability.rst @@ -30,8 +30,9 @@ What doesn't this policy cover? Security ~~~~~~~~ -In the event a security vulnerability, or hardening necessitates it, we will -break backwards compatibility in order to address an issue. +One exception to our API stability policy is for security. We will violate this +policy as necessary in order to resolve a security issue or harden +``cryptography`` against a possible attack. Deprecation ----------- -- cgit v1.2.3 From 8f42fe4e86267c4dee696707ac08371a1aa2531a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 13:15:52 -0800 Subject: Slightly reorganize and cleanuip the backend docs --- docs/hazmat/backends/index.rst | 24 ++++++++++++------------ docs/hazmat/backends/openssl.rst | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/hazmat/backends/index.rst b/docs/hazmat/backends/index.rst index a89cf0d5..06951281 100644 --- a/docs/hazmat/backends/index.rst +++ b/docs/hazmat/backends/index.rst @@ -1,17 +1,10 @@ .. hazmat:: -Bindings +Backends ======== -.. toctree:: - :maxdepth: 1 - - openssl - interfaces - - -Getting a Backend Provider -~~~~~~~~~~~~~~~~~~~~~~~~~~ +Getting a Backend +----------------- .. currentmodule:: cryptography.hazmat.backends @@ -19,8 +12,7 @@ Getting a Backend Provider the widest number of supported cryptographic algorithms as well as supporting platform specific implementations. -You can get the default backend by calling -:func:`~default_backend`. +You can get the default backend by calling :func:`~default_backend`. The default backend will change over time as we implement new backends and the libraries we use in those backends changes. @@ -32,3 +24,11 @@ the libraries we use in those backends changes. :class:`~interfaces.CipherBackend`, :class:`~interfaces.HashBackend`, and :class:`~interfaces.HMACBackend`. +Individual Backends +------------------- + +.. toctree:: + :maxdepth: 1 + + openssl + interfaces diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst index 12fbff04..5e51c75e 100644 --- a/docs/hazmat/backends/openssl.rst +++ b/docs/hazmat/backends/openssl.rst @@ -1,7 +1,7 @@ .. hazmat:: -OpenSSL -======= +OpenSSL Backend +=============== These are `CFFI`_ bindings to the `OpenSSL`_ C library. -- cgit v1.2.3 From 2a36dd1b9f68f34f2545e519f8eac00b8b40c59d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 13:44:45 -0800 Subject: Cover a missed branch --- tests/hazmat/primitives/utils.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py index b00d3184..e0184777 100644 --- a/tests/hazmat/primitives/utils.py +++ b/tests/hazmat/primitives/utils.py @@ -22,8 +22,7 @@ def _load_all_params(path, file_names, param_loader): def generate_encrypt_test(param_loader, path, file_names, cipher_factory, - mode_factory, only_if=lambda backend: True, - skip_message=None): + mode_factory, only_if, skip_message=None): all_params = _load_all_params(path, file_names, param_loader) @pytest.mark.parametrize("params", all_params) -- cgit v1.2.3 From 7e4bc6d87741e8469ffcd00dc8004875ec9a95fe Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 24 Dec 2013 22:23:53 -0600 Subject: add test marks for various backend functionality --- pytest.ini | 4 ++++ tests/conftest.py | 16 ++++++++++++++++ tests/skip_check.py | 22 ++++++++++++++++++++++ tests/test_skip_check.py | 31 +++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+) create mode 100644 tests/skip_check.py create mode 100644 tests/test_skip_check.py diff --git a/pytest.ini b/pytest.ini index 723735ac..1aeb23fc 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,2 +1,6 @@ [pytest] addopts = -r s +markers = + hmac: this test requires a backend providing HMACBackend + cipher: this test requires a backend providing CipherBackend + hash: this test requires a backend providing HashBackend diff --git a/tests/conftest.py b/tests/conftest.py index 71662802..91ba988f 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1,5 +1,21 @@ +import pytest + +from cryptography.hazmat.backends.interfaces import ( + HMACBackend, CipherBackend, HashBackend +) + +from .skip_check import skip_check + + def pytest_generate_tests(metafunc): from cryptography.hazmat.backends import _ALL_BACKENDS if "backend" in metafunc.fixturenames: metafunc.parametrize("backend", _ALL_BACKENDS) + + +@pytest.mark.trylast +def pytest_runtest_setup(item): + skip_check('hmac', HMACBackend, item) + skip_check('cipher', CipherBackend, item) + skip_check('hash', HashBackend, item) diff --git a/tests/skip_check.py b/tests/skip_check.py new file mode 100644 index 00000000..4d454d73 --- /dev/null +++ b/tests/skip_check.py @@ -0,0 +1,22 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import pytest + + +def skip_check(name, iface, item): + if name in item.keywords and item.funcargs.get('backend') is not None: + if not isinstance(item.funcargs['backend'], iface): + pytest.skip("Backend does not support {}".format(name)) diff --git a/tests/test_skip_check.py b/tests/test_skip_check.py new file mode 100644 index 00000000..3b303aca --- /dev/null +++ b/tests/test_skip_check.py @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import pretend + +import pytest + +from .skip_check import skip_check + + +class FakeInterface(object): + pass + + +def test_skip_check(): + item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) + with pytest.raises(pytest.skip.Exception) as exc_info: + skip_check("fake_name", FakeInterface, item) + assert exc_info.value.args[0] == "Backend does not support fake_name" -- cgit v1.2.3 From 0cbcfa67fc7c1e13764f4b662fc238a372507af8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 24 Dec 2013 22:29:12 -0600 Subject: whoops, python 2.6 compatible format string --- tests/skip_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/skip_check.py b/tests/skip_check.py index 4d454d73..454a3c5f 100644 --- a/tests/skip_check.py +++ b/tests/skip_check.py @@ -19,4 +19,4 @@ import pytest def skip_check(name, iface, item): if name in item.keywords and item.funcargs.get('backend') is not None: if not isinstance(item.funcargs['backend'], iface): - pytest.skip("Backend does not support {}".format(name)) + pytest.skip("Backend does not support {0}".format(name)) -- cgit v1.2.3 From 4f2b1031c3c155b9af3817126b9ac508cbf849a3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 24 Dec 2013 22:24:31 -0600 Subject: add all the markers to the tests --- tests/hazmat/primitives/test_3des.py | 4 ++++ tests/hazmat/primitives/test_aes.py | 2 ++ tests/hazmat/primitives/test_arc4.py | 2 ++ tests/hazmat/primitives/test_block.py | 3 +++ tests/hazmat/primitives/test_blowfish.py | 2 ++ tests/hazmat/primitives/test_camellia.py | 2 ++ tests/hazmat/primitives/test_cast5.py | 2 ++ tests/hazmat/primitives/test_hash_vectors.py | 9 +++++++++ tests/hazmat/primitives/test_hashes.py | 9 +++++++++ tests/hazmat/primitives/test_hmac.py | 1 + tests/hazmat/primitives/test_hmac_vectors.py | 9 +++++++++ 11 files changed, 45 insertions(+) diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index 4e380dee..4c43898c 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -19,6 +19,7 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes @@ -26,6 +27,7 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestTripleDES_CBC(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -64,6 +66,7 @@ class TestTripleDES_CBC(object): ) +@pytest.mark.cipher class TestTripleDES_OFB(object): test_KAT = generate_encrypt_test( load_nist_vectors, @@ -102,6 +105,7 @@ class TestTripleDES_OFB(object): ) +@pytest.mark.cipher class TestTripleDES_CFB(object): test_KAT = generate_encrypt_test( load_nist_vectors, diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 241772e6..5b706842 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes @@ -24,6 +25,7 @@ from ...utils import ( ) +@pytest.mark.cipher class TestAES(object): test_CBC = generate_encrypt_test( load_nist_vectors, diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py index a9ef2bbe..d506a8a1 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/test_arc4.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest from cryptography.hazmat.primitives.ciphers import algorithms @@ -22,6 +23,7 @@ from .utils import generate_stream_encryption_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestARC4(object): test_rfc = generate_stream_encryption_test( load_nist_vectors, diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py index 573f5633..22a7c02f 100644 --- a/tests/hazmat/primitives/test_block.py +++ b/tests/hazmat/primitives/test_block.py @@ -41,6 +41,7 @@ class DummyCipher(object): name = "dummy-cipher" +@pytest.mark.cipher class TestCipher(object): def test_creates_encryptor(self, backend): cipher = Cipher( @@ -64,6 +65,7 @@ class TestCipher(object): Cipher(algorithm, mode=None, backend=backend) +@pytest.mark.cipher class TestCipherContext(object): def test_use_after_finalize(self, backend): cipher = Cipher( @@ -134,6 +136,7 @@ class TestCipherContext(object): decryptor.finalize() +@pytest.mark.cipher class TestAEADCipherContext(object): test_aead_exceptions = generate_aead_exception_test( algorithms.AES, diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py index 065855d7..2d5dc521 100644 --- a/tests/hazmat/primitives/test_blowfish.py +++ b/tests/hazmat/primitives/test_blowfish.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes @@ -22,6 +23,7 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestBlowfish(object): test_ECB = generate_encrypt_test( load_nist_vectors, diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index 6e5fe682..0b6c37fb 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes @@ -24,6 +25,7 @@ from ...utils import ( ) +@pytest.mark.cipher class TestCamellia(object): test_ECB = generate_encrypt_test( load_cryptrec_vectors, diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index 406f9b55..2ebc040b 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os +import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes @@ -22,6 +23,7 @@ from .utils import generate_encrypt_test from ...utils import load_nist_vectors +@pytest.mark.cipher class TestCAST5(object): test_ECB = generate_encrypt_test( load_nist_vectors, diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index a8655812..5c9e9bed 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -14,6 +14,7 @@ from __future__ import absolute_import, division, print_function import os +import pytest from cryptography.hazmat.primitives import hashes @@ -21,6 +22,7 @@ from .utils import generate_hash_test, generate_long_string_hash_test from ...utils import load_hash_vectors +@pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_hash_test( load_hash_vectors, @@ -35,6 +37,7 @@ class TestSHA1(object): ) +@pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_hash_test( load_hash_vectors, @@ -49,6 +52,7 @@ class TestSHA224(object): ) +@pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_hash_test( load_hash_vectors, @@ -63,6 +67,7 @@ class TestSHA256(object): ) +@pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_hash_test( load_hash_vectors, @@ -77,6 +82,7 @@ class TestSHA384(object): ) +@pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_hash_test( load_hash_vectors, @@ -91,6 +97,7 @@ class TestSHA512(object): ) +@pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_hash_test( load_hash_vectors, @@ -111,6 +118,7 @@ class TestRIPEMD160(object): ) +@pytest.mark.hash class TestWhirlpool(object): test_whirlpool = generate_hash_test( load_hash_vectors, @@ -133,6 +141,7 @@ class TestWhirlpool(object): ) +@pytest.mark.hash class TestMD5(object): test_md5 = generate_hash_test( load_hash_vectors, diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py index 72bc3e27..45faaab2 100644 --- a/tests/hazmat/primitives/test_hashes.py +++ b/tests/hazmat/primitives/test_hashes.py @@ -31,6 +31,7 @@ class UnsupportedDummyHash(object): name = "unsupported-dummy-hash" +@pytest.mark.hash class TestHashContext(object): def test_hash_reject_unicode(self, backend): m = hashes.Hash(hashes.SHA1(), backend=backend) @@ -68,6 +69,7 @@ class TestHashContext(object): hashes.Hash(UnsupportedDummyHash(), backend) +@pytest.mark.hash class TestSHA1(object): test_SHA1 = generate_base_hash_test( hashes.SHA1(), @@ -78,6 +80,7 @@ class TestSHA1(object): ) +@pytest.mark.hash class TestSHA224(object): test_SHA224 = generate_base_hash_test( hashes.SHA224(), @@ -88,6 +91,7 @@ class TestSHA224(object): ) +@pytest.mark.hash class TestSHA256(object): test_SHA256 = generate_base_hash_test( hashes.SHA256(), @@ -98,6 +102,7 @@ class TestSHA256(object): ) +@pytest.mark.hash class TestSHA384(object): test_SHA384 = generate_base_hash_test( hashes.SHA384(), @@ -108,6 +113,7 @@ class TestSHA384(object): ) +@pytest.mark.hash class TestSHA512(object): test_SHA512 = generate_base_hash_test( hashes.SHA512(), @@ -118,6 +124,7 @@ class TestSHA512(object): ) +@pytest.mark.hash class TestRIPEMD160(object): test_RIPEMD160 = generate_base_hash_test( hashes.RIPEMD160(), @@ -128,6 +135,7 @@ class TestRIPEMD160(object): ) +@pytest.mark.hash class TestWhirlpool(object): test_Whirlpool = generate_base_hash_test( hashes.Whirlpool(), @@ -138,6 +146,7 @@ class TestWhirlpool(object): ) +@pytest.mark.hash class TestMD5(object): test_MD5 = generate_base_hash_test( hashes.MD5(), diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 1e776c98..6d8cc27b 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -31,6 +31,7 @@ class UnsupportedDummyHash(object): name = "unsupported-dummy-hash" +@pytest.mark.hmac class TestHMAC(object): test_copy = generate_base_hmac_test( hashes.MD5(), diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py index f884d850..9bc06a2e 100644 --- a/tests/hazmat/primitives/test_hmac_vectors.py +++ b/tests/hazmat/primitives/test_hmac_vectors.py @@ -13,12 +13,15 @@ from __future__ import absolute_import, division, print_function +import pytest + from cryptography.hazmat.primitives import hashes from .utils import generate_hmac_test from ...utils import load_hash_vectors +@pytest.mark.hmac class TestHMAC_MD5(object): test_hmac_md5 = generate_hmac_test( load_hash_vectors, @@ -32,6 +35,7 @@ class TestHMAC_MD5(object): ) +@pytest.mark.hmac class TestHMAC_SHA1(object): test_hmac_sha1 = generate_hmac_test( load_hash_vectors, @@ -45,6 +49,7 @@ class TestHMAC_SHA1(object): ) +@pytest.mark.hmac class TestHMAC_SHA224(object): test_hmac_sha224 = generate_hmac_test( load_hash_vectors, @@ -58,6 +63,7 @@ class TestHMAC_SHA224(object): ) +@pytest.mark.hmac class TestHMAC_SHA256(object): test_hmac_sha256 = generate_hmac_test( load_hash_vectors, @@ -71,6 +77,7 @@ class TestHMAC_SHA256(object): ) +@pytest.mark.hmac class TestHMAC_SHA384(object): test_hmac_sha384 = generate_hmac_test( load_hash_vectors, @@ -84,6 +91,7 @@ class TestHMAC_SHA384(object): ) +@pytest.mark.hmac class TestHMAC_SHA512(object): test_hmac_sha512 = generate_hmac_test( load_hash_vectors, @@ -97,6 +105,7 @@ class TestHMAC_SHA512(object): ) +@pytest.mark.hmac class TestHMAC_RIPEMD160(object): test_hmac_ripemd160 = generate_hmac_test( load_hash_vectors, -- cgit v1.2.3 From 5a09c6e9545373cece95f87ed28579f05959fced Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 21:03:23 -0800 Subject: Include teh name of the backend in the error message --- tests/skip_check.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/skip_check.py b/tests/skip_check.py index 454a3c5f..42a152ea 100644 --- a/tests/skip_check.py +++ b/tests/skip_check.py @@ -17,6 +17,8 @@ import pytest def skip_check(name, iface, item): - if name in item.keywords and item.funcargs.get('backend') is not None: - if not isinstance(item.funcargs['backend'], iface): - pytest.skip("Backend does not support {0}".format(name)) + if name in item.keywords and "backend" in item.funcargs: + if not isinstance(item.funcargs["backend"], iface): + pytest.skip("{0} backend does not support {1}".format( + item.funcargs["backend"], name + )) -- cgit v1.2.3 From 6198da1fcce93d7efb89995d0a10d9170ee8f230 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 21:03:43 -0800 Subject: Update test --- tests/test_skip_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_skip_check.py b/tests/test_skip_check.py index 3b303aca..73a6e563 100644 --- a/tests/test_skip_check.py +++ b/tests/test_skip_check.py @@ -28,4 +28,4 @@ def test_skip_check(): item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: skip_check("fake_name", FakeInterface, item) - assert exc_info.value.args[0] == "Backend does not support fake_name" + assert exc_info.value.args[0] == "True backend does not support fake_name" -- cgit v1.2.3 From 8d85b058d28d37f1f505292f7cc6311092dd4f39 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 24 Dec 2013 23:50:59 -0600 Subject: correct import style --- tests/hazmat/primitives/test_3des.py | 1 + tests/hazmat/primitives/test_aes.py | 1 + tests/hazmat/primitives/test_arc4.py | 1 + tests/hazmat/primitives/test_blowfish.py | 1 + tests/hazmat/primitives/test_camellia.py | 1 + tests/hazmat/primitives/test_cast5.py | 1 + tests/hazmat/primitives/test_hash_vectors.py | 1 + 7 files changed, 7 insertions(+) diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py index 4c43898c..439ca258 100644 --- a/tests/hazmat/primitives/test_3des.py +++ b/tests/hazmat/primitives/test_3des.py @@ -19,6 +19,7 @@ from __future__ import absolute_import, division, print_function import binascii import os + import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index 5b706842..e9ef3853 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os + import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py index d506a8a1..f2e2452c 100644 --- a/tests/hazmat/primitives/test_arc4.py +++ b/tests/hazmat/primitives/test_arc4.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os + import pytest from cryptography.hazmat.primitives.ciphers import algorithms diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py index 2d5dc521..79ceabe7 100644 --- a/tests/hazmat/primitives/test_blowfish.py +++ b/tests/hazmat/primitives/test_blowfish.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os + import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py index 0b6c37fb..c376220e 100644 --- a/tests/hazmat/primitives/test_camellia.py +++ b/tests/hazmat/primitives/test_camellia.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os + import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py index 2ebc040b..a4789c65 100644 --- a/tests/hazmat/primitives/test_cast5.py +++ b/tests/hazmat/primitives/test_cast5.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import binascii import os + import pytest from cryptography.hazmat.primitives.ciphers import algorithms, modes diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py index 5c9e9bed..d9febea9 100644 --- a/tests/hazmat/primitives/test_hash_vectors.py +++ b/tests/hazmat/primitives/test_hash_vectors.py @@ -14,6 +14,7 @@ from __future__ import absolute_import, division, print_function import os + import pytest from cryptography.hazmat.primitives import hashes -- cgit v1.2.3 From 2b3f94271209883aab4181ac5401c699c5c60b75 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 24 Dec 2013 21:55:24 -0800 Subject: Move stuff around and coverage --- tests/conftest.py | 8 ++++---- tests/skip_check.py | 24 ------------------------ tests/test_skip_check.py | 31 ------------------------------- tests/test_utils.py | 21 ++++++++++++++++++++- tests/utils.py | 12 +++++++++++- 5 files changed, 35 insertions(+), 61 deletions(-) delete mode 100644 tests/skip_check.py delete mode 100644 tests/test_skip_check.py diff --git a/tests/conftest.py b/tests/conftest.py index 91ba988f..e059b630 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,7 +4,7 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .skip_check import skip_check +from .utils import check_for_iface def pytest_generate_tests(metafunc): @@ -16,6 +16,6 @@ def pytest_generate_tests(metafunc): @pytest.mark.trylast def pytest_runtest_setup(item): - skip_check('hmac', HMACBackend, item) - skip_check('cipher', CipherBackend, item) - skip_check('hash', HashBackend, item) + check_for_iface("hmac", HMACBackend, item) + check_for_iface("cipher", CipherBackend, item) + check_for_iface("hash", HashBackend, item) diff --git a/tests/skip_check.py b/tests/skip_check.py deleted file mode 100644 index 42a152ea..00000000 --- a/tests/skip_check.py +++ /dev/null @@ -1,24 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function - -import pytest - - -def skip_check(name, iface, item): - if name in item.keywords and "backend" in item.funcargs: - if not isinstance(item.funcargs["backend"], iface): - pytest.skip("{0} backend does not support {1}".format( - item.funcargs["backend"], name - )) diff --git a/tests/test_skip_check.py b/tests/test_skip_check.py deleted file mode 100644 index 73a6e563..00000000 --- a/tests/test_skip_check.py +++ /dev/null @@ -1,31 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function - -import pretend - -import pytest - -from .skip_check import skip_check - - -class FakeInterface(object): - pass - - -def test_skip_check(): - item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) - with pytest.raises(pytest.skip.Exception) as exc_info: - skip_check("fake_name", FakeInterface, item) - assert exc_info.value.args[0] == "True backend does not support fake_name" diff --git a/tests/test_utils.py b/tests/test_utils.py index 5c58fd76..a65091ff 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,14 +14,33 @@ import os import textwrap +import pretend + import pytest from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, - load_openssl_vectors, load_hash_vectors, + load_openssl_vectors, load_hash_vectors, check_for_iface ) +class FakeInterface(object): + pass + + +def test_check_for_iface(): + item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_for_iface("fake_name", FakeInterface, item) + assert exc_info.value.args[0] == "True backend does not support fake_name" + + item = pretend.stub( + keywords=["fake_name"], + funcargs={"backend": FakeInterface()} + ) + check_for_iface("fake_name", FakeInterface, item) + + def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 94f97d59..82021a5f 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -11,7 +11,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -import os.path +import os + +import pytest + + +def check_for_iface(name, iface, item): + if name in item.keywords and "backend" in item.funcargs: + if not isinstance(item.funcargs["backend"], iface): + pytest.skip("{0} backend does not support {1}".format( + item.funcargs["backend"], name + )) def load_vectors_from_file(filename, loader): -- cgit v1.2.3 From a4a8a0378c158ac8ba1d83619a909021bef17dd1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 25 Dec 2013 14:51:27 -0600 Subject: clean up warnings. 3 left on 1.0.1e, 21 left 0.9.8y (OS X) --- cryptography/hazmat/backends/openssl/evp.py | 10 +++++----- cryptography/hazmat/backends/openssl/ssl.py | 22 +++++++++++----------- cryptography/hazmat/backends/openssl/x509.py | 6 +++--- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py index 8cf96b2d..0662b1ef 100644 --- a/cryptography/hazmat/backends/openssl/evp.py +++ b/cryptography/hazmat/backends/openssl/evp.py @@ -103,12 +103,12 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *, int, int, void *); CUSTOMIZATIONS = """ #ifdef EVP_CTRL_GCM_SET_TAG -const int Cryptography_HAS_GCM = 1; +const long Cryptography_HAS_GCM = 1; #else -const int Cryptography_HAS_GCM = 0; -const int EVP_CTRL_GCM_GET_TAG = -1; -const int EVP_CTRL_GCM_SET_TAG = -1; -const int EVP_CTRL_GCM_SET_IVLEN = -1; +const long Cryptography_HAS_GCM = 0; +const long EVP_CTRL_GCM_GET_TAG = -1; +const long EVP_CTRL_GCM_SET_TAG = -1; +const long EVP_CTRL_GCM_SET_IVLEN = -1; #endif """ diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 3fd0bf23..a2aba4d9 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -207,7 +207,7 @@ long SSL_get_options(SSL *); int SSL_want_read(const SSL *); int SSL_want_write(const SSL *); -int SSL_total_renegotiations(const SSL *); +int SSL_total_renegotiations(SSL *); long SSL_CTX_set_options(SSL_CTX *, long); long SSL_CTX_get_options(SSL_CTX *); @@ -255,18 +255,18 @@ void SSL_CTX_set_tlsext_servername_callback( CUSTOMIZATIONS = """ #ifdef OPENSSL_NO_SSL2 -static const int Cryptography_HAS_SSL2 = 0; +static const long Cryptography_HAS_SSL2 = 0; SSL_METHOD* (*SSLv2_method)() = NULL; SSL_METHOD* (*SSLv2_client_method)() = NULL; SSL_METHOD* (*SSLv2_server_method)() = NULL; #else -static const int Cryptography_HAS_SSL2 = 1; +static const long Cryptography_HAS_SSL2 = 1; #endif #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -static const int Cryptography_HAS_TLSEXT_HOSTNAME = 1; +static const long Cryptography_HAS_TLSEXT_HOSTNAME = 1; #else -static const int Cryptography_HAS_TLSEXT_HOSTNAME = 0; +static const long Cryptography_HAS_TLSEXT_HOSTNAME = 0; void (*SSL_set_tlsext_host_name)(SSL *, char *) = NULL; const char* (*SSL_get_servername)(const SSL *, const int) = NULL; void (*SSL_CTX_set_tlsext_servername_callback)( @@ -275,17 +275,17 @@ void (*SSL_CTX_set_tlsext_servername_callback)( #endif #ifdef SSL_MODE_RELEASE_BUFFERS -static const int Cryptography_HAS_RELEASE_BUFFERS = 1; +static const long Cryptography_HAS_RELEASE_BUFFERS = 1; #else -static const int Cryptography_HAS_RELEASE_BUFFERS = 0; -const int SSL_MODE_RELEASE_BUFFERS = 0; +static const long Cryptography_HAS_RELEASE_BUFFERS = 0; +const long SSL_MODE_RELEASE_BUFFERS = 0; #endif #ifdef SSL_OP_NO_COMPRESSION -static const int Cryptography_HAS_OP_NO_COMPRESSION = 1; +static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; #else -static const int Cryptography_HAS_OP_NO_COMPRESSION = 0; -const int SSL_OP_NO_COMPRESSION = 0; +static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; +const long SSL_OP_NO_COMPRESSION = 0; #endif """ diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index dd7815fa..5cba476e 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -47,7 +47,7 @@ typedef struct { } X509_REVOKED; typedef struct { - struct x509_revoked_st *revoked; + struct stack_st_X509_REVOKED *revoked; ...; } X509_CRL_INFO; @@ -178,8 +178,8 @@ int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *); void sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int); void sk_X509_EXTENSION_free(X509_EXTENSIONS *); -int sk_X509_REVOKED_num(struct x509_revoked_st *); -X509_REVOKED *sk_X509_REVOKED_value(struct x509_revoked_st *, int); +int sk_X509_REVOKED_num(struct stack_st_X509_REVOKED *); +X509_REVOKED *sk_X509_REVOKED_value(struct stack_st_X509_REVOKED *, int); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *); -- cgit v1.2.3 From 4bf5f32cdfbbed0895918d4e8ed51a1adc410f40 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 25 Dec 2013 15:33:33 -0600 Subject: 2 more warnings fixed (on both 1.0.1e and 0.9.8y) --- cryptography/hazmat/backends/openssl/ssl.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index a2aba4d9..ba4451c2 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -144,8 +144,8 @@ int SSL_get_verify_mode(const SSL *); void SSL_set_verify_depth(SSL *, int); int SSL_get_verify_depth(const SSL *); int (*SSL_get_verify_callback(const SSL *))(int, X509_STORE_CTX *); -void SSL_set_info_callback(SSL *, void (*)()); -void (*SSL_get_info_callback(const SSL *))(); +void SSL_set_info_callback(SSL *ssl, void (*)(const SSL *, int, int)); +void (*SSL_get_info_callback(const SSL *))(const SSL *,int, int); SSL *SSL_new(SSL_CTX *); void SSL_free(SSL *); int SSL_set_fd(SSL *, int); -- cgit v1.2.3 From 04fd62fc1502f59d25cf03611aadacbc2007b9c8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 25 Dec 2013 15:43:22 -0600 Subject: fix last warning (macro returns ASN1_ITEM_EXP *) * 0 warnings in OpenSSL 1.0.1e * 18 warnings in 0.9.8y --- cryptography/hazmat/backends/openssl/asn1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py index b56932fa..a186d592 100644 --- a/cryptography/hazmat/backends/openssl/asn1.py +++ b/cryptography/hazmat/backends/openssl/asn1.py @@ -102,7 +102,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long, MACROS = """ ASN1_TIME *M_ASN1_TIME_dup(void *); -ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *); +ASN1_ITEM_EXP *ASN1_ITEM_ptr(ASN1_ITEM_EXP *); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ -- cgit v1.2.3 From b236b77f686cc24b441cbf0e9521e0679d8a9c61 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 25 Dec 2013 16:49:33 -0600 Subject: fix a style error --- cryptography/hazmat/backends/openssl/ssl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index ba4451c2..2777ad4a 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -145,7 +145,7 @@ void SSL_set_verify_depth(SSL *, int); int SSL_get_verify_depth(const SSL *); int (*SSL_get_verify_callback(const SSL *))(int, X509_STORE_CTX *); void SSL_set_info_callback(SSL *ssl, void (*)(const SSL *, int, int)); -void (*SSL_get_info_callback(const SSL *))(const SSL *,int, int); +void (*SSL_get_info_callback(const SSL *))(const SSL *, int, int); SSL *SSL_new(SSL_CTX *); void SSL_free(SSL *); int SSL_set_fd(SSL *, int); -- cgit v1.2.3 From 5f61765a723b162c7067ef72df7ab9ee88a6fd0f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 25 Dec 2013 18:06:42 -0600 Subject: remove SSL_OP_MSIE_SSLV2_RSA_PADDING According to the header it ahs had "no effect singe 0.9.7h and 0.9.8b" but more importantly they decided to re-use the constant (wtf?) in an upcoming OpenSSL release so anybody running bleeding edge will get an undefined symbol To see the commit where they reused the define: https://github.com/openssl/openssl/commit/dece3209f299ebcd82414868ee39b2c6feb3be0a --- cryptography/hazmat/backends/openssl/ssl.py | 1 - 1 file changed, 1 deletion(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 3fd0bf23..77185dfd 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -54,7 +54,6 @@ static const int SSL_OP_NETSCAPE_CHALLENGE_BUG; static const int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; static const int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; static const int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; -static const int SSL_OP_MSIE_SSLV2_RSA_PADDING; static const int SSL_OP_SSLEAY_080_CLIENT_DH_BUG; static const int SSL_OP_TLS_D5_BUG; static const int SSL_OP_TLS_BLOCK_PADDING_BUG; -- cgit v1.2.3