From d862933de5c344fcdf99ab2f43f3bf8da65f3e41 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 13 Nov 2016 15:55:22 -0500 Subject: C locking callback (#3226) * Remove Python OpenSSL locking callback and replace it with one in C The Python OpenSSL locking callback is unsafe; if GC is triggered during the callback's invocation, it can result in the callback being invoked reentrantly, which can lead to deadlocks. This patch replaces it with one in C that gets built at compile time via cffi along with the rest of the OpenSSL binding. * fixes for some issues * unused * revert these changes * these two for good measure * missing param * sigh, syntax * delete tests that assumed an ability to mess with locks * style fixes * licensing stuff * utf8 * Unicode. Huh. What it isn't good for, absolutely nothing. --- tests/hazmat/bindings/test_openssl.py | 65 ----------------------------------- 1 file changed, 65 deletions(-) (limited to 'tests/hazmat/bindings') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 1c395c25..bbdd87ca 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -31,71 +31,6 @@ class TestOpenSSL(object): lock_cb = b.lib.CRYPTO_get_locking_callback() assert lock_cb != b.ffi.NULL - def _skip_if_not_fallback_lock(self, b): - # only run this test if we are using our locking cb - original_cb = b.lib.CRYPTO_get_locking_callback() - if original_cb != b._lock_cb_handle: - pytest.skip( - "Not using the fallback Python locking callback " - "implementation. Probably because import _ssl set one" - ) - - def test_fallback_crypto_lock_via_openssl_api(self): - b = Binding() - b.init_static_locks() - - self._skip_if_not_fallback_lock(b) - - # check that the lock state changes appropriately - lock = b._locks[b.lib.CRYPTO_LOCK_SSL] - - # starts out unlocked - assert lock.acquire(False) - lock.release() - - b.lib.CRYPTO_lock( - b.lib.CRYPTO_LOCK | b.lib.CRYPTO_READ, - b.lib.CRYPTO_LOCK_SSL, b.ffi.NULL, 0 - ) - - # becomes locked - assert not lock.acquire(False) - - b.lib.CRYPTO_lock( - b.lib.CRYPTO_UNLOCK | b.lib.CRYPTO_READ, - b.lib.CRYPTO_LOCK_SSL, b.ffi.NULL, 0 - ) - - # then unlocked - assert lock.acquire(False) - lock.release() - - def test_fallback_crypto_lock_via_binding_api(self): - b = Binding() - b.init_static_locks() - - self._skip_if_not_fallback_lock(b) - - lock = b._locks[b.lib.CRYPTO_LOCK_SSL] - - with pytest.raises(RuntimeError): - b._lock_cb(0, b.lib.CRYPTO_LOCK_SSL, "", 1) - - # errors shouldn't cause locking - assert lock.acquire(False) - lock.release() - - b._lock_cb(b.lib.CRYPTO_LOCK | b.lib.CRYPTO_READ, - b.lib.CRYPTO_LOCK_SSL, "", 1) - # locked - assert not lock.acquire(False) - - b._lock_cb(b.lib.CRYPTO_UNLOCK | b.lib.CRYPTO_READ, - b.lib.CRYPTO_LOCK_SSL, "", 1) - # unlocked - assert lock.acquire(False) - lock.release() - def test_add_engine_more_than_once(self): b = Binding() b._register_osrandom_engine() -- cgit v1.2.3