From eaed9510a08ee61a7f495de554e4f936985d68bd Mon Sep 17 00:00:00 2001 From: Glyph Date: Fri, 26 Jun 2015 22:00:25 -0700 Subject: compare contents and not pointers --- tests/hazmat/backends/test_openssl.py | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 34fff277..8846491a 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -223,8 +223,10 @@ class TestOpenSSLRandomEngine(object): # for all these tests. backend.activate_osrandom_engine() current_default = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(current_default) - assert name == backend._lib.Cryptography_osrandom_engine_name + name = backend._ffi.string( + backend._lib.ENGINE_get_name(current_default) + ) + assert name == backend._binding._osrandom_engine_name def test_osrandom_engine_is_default(self, tmpdir): engine_printer = textwrap.dedent( @@ -277,15 +279,16 @@ class TestOpenSSLRandomEngine(object): backend.activate_osrandom_engine() e = backend._lib.ENGINE_get_default_RAND() name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name + assert (backend._ffi.string(name) == + backend._binding._osrandom_engine_name) res = backend._lib.ENGINE_free(e) assert res == 1 def test_activate_builtin_random(self): e = backend._lib.ENGINE_get_default_RAND() assert e != backend._ffi.NULL - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name + name = backend._ffi.string(backend._lib.ENGINE_get_name(e)) + assert name == backend._binding._osrandom_engine_name res = backend._lib.ENGINE_free(e) assert res == 1 backend.activate_builtin_random() @@ -302,14 +305,14 @@ class TestOpenSSLRandomEngine(object): def test_activate_osrandom_already_default(self): e = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name + name = backend._ffi.string(backend._lib.ENGINE_get_name(e)) + assert name == backend._binding._osrandom_engine_name res = backend._lib.ENGINE_free(e) assert res == 1 backend.activate_osrandom_engine() e = backend._lib.ENGINE_get_default_RAND() - name = backend._lib.ENGINE_get_name(e) - assert name == backend._lib.Cryptography_osrandom_engine_name + name = backend._ffi.string(backend._lib.ENGINE_get_name(e)) + assert name == backend._binding._osrandom_engine_name res = backend._lib.ENGINE_free(e) assert res == 1 -- cgit v1.2.3 From b51d246eb6ccaed7920ba6dd6a816f74d1158c16 Mon Sep 17 00:00:00 2001 From: Glyph Date: Fri, 26 Jun 2015 22:08:44 -0700 Subject: remove remaining vestiges, make adding twice work --- tests/hazmat/backends/test_openssl.py | 4 +--- tests/hazmat/bindings/test_openssl.py | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 8846491a..b24f03a8 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -259,9 +259,7 @@ class TestOpenSSLRandomEngine(object): stdout=out ) - osrandom_engine_name = backend._ffi.string( - backend._lib.Cryptography_osrandom_engine_name - ) + osrandom_engine_name = backend._binding._osrandom_engine_name assert engine_name.read().encode('ascii') == osrandom_engine_name diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index e6d6fc45..fe78b0ba 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -89,7 +89,7 @@ class TestOpenSSL(object): def test_add_engine_more_than_once(self): b = Binding() - res = b.lib.Cryptography_add_osrandom_engine() + res = b._register_osrandom_engine() assert res == 2 def test_ssl_ctx_options(self): -- cgit v1.2.3 From d70c98d28effdc410d5ac773e0e461fb548a40e0 Mon Sep 17 00:00:00 2001 From: Glyph Date: Fri, 26 Jun 2015 23:09:46 -0700 Subject: pointer shenanigans apparently (?) ENGINE_by_id treats its ID as an opaque *pointer* key and not actually as a string, and while CPython's CFFI support seems to manage to preserve the pointer identity when using the same Python string, PyPy doesn't. Fix things to use a cffi-wrapped pointer again and tests pass on PyPy. --- tests/hazmat/backends/test_openssl.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index b24f03a8..6a2e8a77 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -223,9 +223,7 @@ class TestOpenSSLRandomEngine(object): # for all these tests. backend.activate_osrandom_engine() current_default = backend._lib.ENGINE_get_default_RAND() - name = backend._ffi.string( - backend._lib.ENGINE_get_name(current_default) - ) + name = backend._lib.ENGINE_get_name(current_default) assert name == backend._binding._osrandom_engine_name def test_osrandom_engine_is_default(self, tmpdir): @@ -259,7 +257,9 @@ class TestOpenSSLRandomEngine(object): stdout=out ) - osrandom_engine_name = backend._binding._osrandom_engine_name + osrandom_engine_name = backend._ffi.string( + backend._binding._osrandom_engine_name + ) assert engine_name.read().encode('ascii') == osrandom_engine_name @@ -277,15 +277,14 @@ class TestOpenSSLRandomEngine(object): backend.activate_osrandom_engine() e = backend._lib.ENGINE_get_default_RAND() name = backend._lib.ENGINE_get_name(e) - assert (backend._ffi.string(name) == - backend._binding._osrandom_engine_name) + assert name == backend._binding._osrandom_engine_name res = backend._lib.ENGINE_free(e) assert res == 1 def test_activate_builtin_random(self): e = backend._lib.ENGINE_get_default_RAND() assert e != backend._ffi.NULL - name = backend._ffi.string(backend._lib.ENGINE_get_name(e)) + name = backend._lib.ENGINE_get_name(e) assert name == backend._binding._osrandom_engine_name res = backend._lib.ENGINE_free(e) assert res == 1 @@ -303,13 +302,13 @@ class TestOpenSSLRandomEngine(object): def test_activate_osrandom_already_default(self): e = backend._lib.ENGINE_get_default_RAND() - name = backend._ffi.string(backend._lib.ENGINE_get_name(e)) + name = backend._lib.ENGINE_get_name(e) assert name == backend._binding._osrandom_engine_name res = backend._lib.ENGINE_free(e) assert res == 1 backend.activate_osrandom_engine() e = backend._lib.ENGINE_get_default_RAND() - name = backend._ffi.string(backend._lib.ENGINE_get_name(e)) + name = backend._lib.ENGINE_get_name(e) assert name == backend._binding._osrandom_engine_name res = backend._lib.ENGINE_free(e) assert res == 1 -- cgit v1.2.3 From 1e3ffe10719ef8eeeda0df79aa3e708400f7028a Mon Sep 17 00:00:00 2001 From: Glyph Date: Sat, 27 Jun 2015 18:41:16 -0700 Subject: handle previous registration by raising RuntimeError --- tests/hazmat/bindings/test_openssl.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index fe78b0ba..75a8e3f1 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -89,8 +89,8 @@ class TestOpenSSL(object): def test_add_engine_more_than_once(self): b = Binding() - res = b._register_osrandom_engine() - assert res == 2 + with pytest.raises(RuntimeError): + b._register_osrandom_engine() def test_ssl_ctx_options(self): # Test that we're properly handling 32-bit unsigned on all platforms. -- cgit v1.2.3 From 7c3e7a83f06b0ff8f0c27a4486eaa6448ba6485e Mon Sep 17 00:00:00 2001 From: Glyph Date: Mon, 29 Jun 2015 17:21:02 -0700 Subject: the output of RAND_bytes is os.urandom's result --- tests/hazmat/bindings/test_openssl.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 75a8e3f1..207fece9 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -4,6 +4,8 @@ from __future__ import absolute_import, division, print_function +import os + import pytest from cryptography.hazmat.bindings.openssl.binding import Binding @@ -92,6 +94,18 @@ class TestOpenSSL(object): with pytest.raises(RuntimeError): b._register_osrandom_engine() + def test_actual_osrandom_bytes(self, monkeypatch): + sample_data = (b"\x01\x02\x03\x04" * 4) + length = len(sample_data) + def notrandom(size): + assert size == length + return sample_data + monkeypatch.setattr(os, "urandom", notrandom) + b = Binding() + buf = b.ffi.new("char[]", length) + b.lib.RAND_bytes(buf, length) + assert b.ffi.buffer(buf)[0:length] == sample_data + def test_ssl_ctx_options(self): # Test that we're properly handling 32-bit unsigned on all platforms. b = Binding() -- cgit v1.2.3 From 14e67ac4241a20c25f0d7751171c8b626f014e45 Mon Sep 17 00:00:00 2001 From: Glyph Date: Tue, 30 Jun 2015 01:46:38 -0700 Subject: Detect and ignore LibreSSL. --- tests/hazmat/bindings/test_openssl.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 207fece9..73952561 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -95,13 +95,15 @@ class TestOpenSSL(object): b._register_osrandom_engine() def test_actual_osrandom_bytes(self, monkeypatch): + b = Binding() + if b'LibreSSL' in b.ffi.string(b.lib.OPENSSL_VERSION_TEXT): + pytest.skip("LibreSSL hard-codes RAND_bytes to use arc4random.") sample_data = (b"\x01\x02\x03\x04" * 4) length = len(sample_data) def notrandom(size): assert size == length return sample_data monkeypatch.setattr(os, "urandom", notrandom) - b = Binding() buf = b.ffi.new("char[]", length) b.lib.RAND_bytes(buf, length) assert b.ffi.buffer(buf)[0:length] == sample_data -- cgit v1.2.3 From fa40f9f1b42b27d0f0e3f7581cf8d1997e36f0b0 Mon Sep 17 00:00:00 2001 From: Glyph Date: Tue, 30 Jun 2015 01:57:02 -0700 Subject: pep8 --- tests/hazmat/bindings/test_openssl.py | 1 + 1 file changed, 1 insertion(+) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 73952561..ff8bcca6 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -100,6 +100,7 @@ class TestOpenSSL(object): pytest.skip("LibreSSL hard-codes RAND_bytes to use arc4random.") sample_data = (b"\x01\x02\x03\x04" * 4) length = len(sample_data) + def notrandom(size): assert size == length return sample_data -- cgit v1.2.3 From b18fc3912682d39ba5a4addfab963e50736e689c Mon Sep 17 00:00:00 2001 From: Glyph Date: Tue, 30 Jun 2015 16:46:29 -0700 Subject: test libressl when there is no libressl --- tests/hazmat/bindings/test_openssl.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index ff8bcca6..f3f2eaf4 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -11,6 +11,20 @@ import pytest from cryptography.hazmat.bindings.openssl.binding import Binding +def skip_if_libre_ssl(openssl_version): + if b'LibreSSL' in openssl_version: + pytest.skip("LibreSSL hard-codes RAND_bytes to use arc4random.") + + +class TestLibreSkip(object): + def test_skip_no(self): + assert skip_if_libre_ssl(b"OpenSSL 0.9.8zf 19 Mar 2015") is None + + def test_skip_yes(self): + with pytest.raises(pytest.skip.Exception): + skip_if_libre_ssl(b"LibreSSL 2.1.6") + + class TestOpenSSL(object): def test_binding_loads(self): binding = Binding() @@ -96,8 +110,7 @@ class TestOpenSSL(object): def test_actual_osrandom_bytes(self, monkeypatch): b = Binding() - if b'LibreSSL' in b.ffi.string(b.lib.OPENSSL_VERSION_TEXT): - pytest.skip("LibreSSL hard-codes RAND_bytes to use arc4random.") + skip_if_libre_ssl(b.ffi.string(b.lib.OPENSSL_VERSION_TEXT)) sample_data = (b"\x01\x02\x03\x04" * 4) length = len(sample_data) -- cgit v1.2.3