From aece5b3d47282beed31f7119e273b65816a0cf93 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 4 Apr 2020 17:08:08 -0400 Subject: Drop support for OpenSSL 1.0.1 (#5178) --- tests/hazmat/bindings/test_openssl.py | 14 +------ tests/hazmat/primitives/test_aes.py | 72 ++++++++--------------------------- tests/wycheproof/test_ecdsa.py | 6 +-- tests/wycheproof/test_rsa.py | 2 +- 4 files changed, 20 insertions(+), 74 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index e9bcc18e..29a1c459 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -4,14 +4,11 @@ from __future__ import absolute_import, division, print_function -import pretend - import pytest from cryptography.exceptions import InternalError from cryptography.hazmat.bindings.openssl.binding import ( - Binding, _consume_errors, _openssl_assert, _verify_openssl_version, - _verify_package_version + Binding, _consume_errors, _openssl_assert, _verify_package_version ) @@ -125,12 +122,3 @@ class TestOpenSSL(object): def test_version_mismatch(self): with pytest.raises(ImportError): _verify_package_version("nottherightversion") - - def test_verify_openssl_version(self, monkeypatch): - monkeypatch.delenv("CRYPTOGRAPHY_ALLOW_OPENSSL_101", raising=False) - lib = pretend.stub( - CRYPTOGRAPHY_OPENSSL_LESS_THAN_102=True, - CRYPTOGRAPHY_IS_LIBRESSL=False - ) - with pytest.raises(RuntimeError): - _verify_openssl_version(lib) diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py index f1d434f1..d99ba406 100644 --- a/tests/hazmat/primitives/test_aes.py +++ b/tests/hazmat/primitives/test_aes.py @@ -352,25 +352,14 @@ class TestAESModeGCM(object): encryptor.authenticate_additional_data(aad) encryptor.finalize() - if ( - backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and - not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - ): - with pytest.raises(NotImplementedError): - decryptor = base.Cipher( - algorithms.AES(key), - modes.GCM(iv), - backend=backend - ).decryptor() - else: - decryptor = base.Cipher( - algorithms.AES(key), - modes.GCM(iv), - backend=backend - ).decryptor() - decryptor.authenticate_additional_data(aad) - with pytest.raises(ValueError): - decryptor.finalize() + decryptor = base.Cipher( + algorithms.AES(key), + modes.GCM(iv), + backend=backend + ).decryptor() + decryptor.authenticate_additional_data(aad) + with pytest.raises(ValueError): + decryptor.finalize() def test_gcm_tag_decrypt_mode(self, backend): key = binascii.unhexlify(b"5211242698bed4774a090620a6ca56f3") @@ -408,46 +397,15 @@ class TestAESModeGCM(object): encryptor.finalize() tag = encryptor.tag - if ( - backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and - not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - ): - with pytest.raises(NotImplementedError): - decryptor = base.Cipher( - algorithms.AES(key), - modes.GCM(iv), - backend=backend - ).decryptor() - decryptor = base.Cipher( - algorithms.AES(key), - modes.GCM(iv, tag=encryptor.tag), - backend=backend - ).decryptor() - else: - decryptor = base.Cipher( - algorithms.AES(key), - modes.GCM(iv), - backend=backend - ).decryptor() + decryptor = base.Cipher( + algorithms.AES(key), + modes.GCM(iv), + backend=backend + ).decryptor() decryptor.authenticate_additional_data(aad) - if ( - backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and - not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - ): - with pytest.raises(NotImplementedError): - decryptor.finalize_with_tag(tag) - decryptor.finalize() - else: - decryptor.finalize_with_tag(tag) - - @pytest.mark.supported( - only_if=lambda backend: ( - not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or - backend._lib.CRYPTOGRAPHY_IS_LIBRESSL - ), - skip_message="Not supported on OpenSSL 1.0.1", - ) + decryptor.finalize_with_tag(tag) + def test_gcm_tag_decrypt_finalize_tag_length(self, backend): decryptor = base.Cipher( algorithms.AES(b"0" * 16), diff --git a/tests/wycheproof/test_ecdsa.py b/tests/wycheproof/test_ecdsa.py index 14542ed7..49a3388d 100644 --- a/tests/wycheproof/test_ecdsa.py +++ b/tests/wycheproof/test_ecdsa.py @@ -62,9 +62,9 @@ def test_ecdsa_signature(backend, wycheproof): binascii.unhexlify(wycheproof.testgroup["keyDer"]), backend ) except (UnsupportedAlgorithm, ValueError): - # In OpenSSL 1.0.1, some keys fail to load with ValueError, instead of - # Unsupported Algorithm. We can remove handling for that exception - # when we drop support. + # In some OpenSSL 1.0.2s, some keys fail to load with ValueError, + # instead of Unsupported Algorithm. We can remove handling for that + # exception when we drop support. pytest.skip( "unable to load key (curve {})".format( wycheproof.testgroup["key"]["curve"] diff --git a/tests/wycheproof/test_rsa.py b/tests/wycheproof/test_rsa.py index 92fed2b0..064cc7cf 100644 --- a/tests/wycheproof/test_rsa.py +++ b/tests/wycheproof/test_rsa.py @@ -50,7 +50,7 @@ def should_verify(backend, wycheproof): @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.supported( only_if=lambda backend: ( - not backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 or + not backend._lib.CRYPTOGRAPHY_IS_LIBRESSL or backend._lib.CRYPTOGRAPHY_LIBRESSL_28_OR_GREATER ), skip_message=( -- cgit v1.2.3