Use a series of constants for OpenSSL version checks (#3037)
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 2d3bf24..38f1134 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -320,7 +320,7 @@
key_size=256)
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER >= 0x1000100f,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_non_sha1_pss_mgf1_hash_algorithm_on_old_openssl(self):
@@ -495,7 +495,7 @@
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER <= 0x10001000,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101,
reason="Requires an OpenSSL version >= 1.0.1"
)
class TestOpenSSLCMAC(object):
@@ -506,7 +506,7 @@
class TestOpenSSLCreateX509CSR(object):
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_unsupported_dsa_keys(self):
@@ -516,7 +516,7 @@
backend.create_x509_csr(object(), private_key, hashes.SHA1())
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_unsupported_ec_keys(self):
@@ -537,7 +537,7 @@
)
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_sign_with_dsa_private_key_is_unsupported(self):
@@ -561,7 +561,7 @@
builder.sign(private_key, hashes.SHA512(), backend)
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_sign_with_ec_private_key_is_unsupported(self):
@@ -594,7 +594,7 @@
backend.create_x509_crl(object(), private_key, hashes.SHA256())
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_sign_with_dsa_private_key_is_unsupported(self):
@@ -612,7 +612,7 @@
builder.sign(private_key, hashes.SHA1(), backend)
@pytest.mark.skipif(
- backend._lib.OPENSSL_VERSION_NUMBER >= 0x10001000,
+ backend._lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER,
reason="Requires an older OpenSSL. Must be < 1.0.1"
)
def test_sign_with_ec_private_key_is_unsupported(self):
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
index 41c653b..f41bcf3 100644
--- a/tests/hazmat/bindings/test_openssl.py
+++ b/tests/hazmat/bindings/test_openssl.py
@@ -138,7 +138,7 @@
def test_conditional_removal(self):
b = Binding()
- if b.lib.OPENSSL_VERSION_NUMBER >= 0x10001000:
+ if b.lib.CRYPTOGRAPHY_OPENSSL_101_OR_GREATER:
assert b.lib.CMAC_Init
else:
with pytest.raises(AttributeError):
diff --git a/tests/test_x509.py b/tests/test_x509.py
index ebe6dc5..40efb6d 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -1935,7 +1935,7 @@
@pytest.mark.requires_backend_interface(interface=DSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
def test_build_cert_with_dsa_private_key(self, backend):
- if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
+ if backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101:
pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
issuer_private_key = DSA_KEY_2048.private_key(backend)
@@ -1983,7 +1983,7 @@
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
def test_build_cert_with_ec_private_key(self, backend):
- if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
+ if backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101:
pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
_skip_curve_unsupported(backend, ec.SECP256R1())
@@ -2537,7 +2537,7 @@
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
def test_build_ca_request_with_ec(self, backend):
- if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
+ if backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101:
pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
_skip_curve_unsupported(backend, ec.SECP256R1())
@@ -2567,7 +2567,7 @@
@pytest.mark.requires_backend_interface(interface=DSABackend)
def test_build_ca_request_with_dsa(self, backend):
- if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
+ if backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101:
pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
private_key = DSA_KEY_2048.private_key(backend)
diff --git a/tests/test_x509_crlbuilder.py b/tests/test_x509_crlbuilder.py
index 32a0748..96311ee 100644
--- a/tests/test_x509_crlbuilder.py
+++ b/tests/test_x509_crlbuilder.py
@@ -309,7 +309,7 @@
@pytest.mark.requires_backend_interface(interface=DSABackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
def test_sign_dsa_key(self, backend):
- if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
+ if backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101:
pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
private_key = DSA_KEY_2048.private_key(backend)
invalidity_date = x509.InvalidityDate(
@@ -355,7 +355,7 @@
@pytest.mark.requires_backend_interface(interface=EllipticCurveBackend)
@pytest.mark.requires_backend_interface(interface=X509Backend)
def test_sign_ec_key_unsupported(self, backend):
- if backend._lib.OPENSSL_VERSION_NUMBER < 0x10001000:
+ if backend._lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_101:
pytest.skip("Requires a newer OpenSSL. Must be >= 1.0.1")
_skip_curve_unsupported(backend, ec.SECP256R1())
private_key = ec.generate_private_key(ec.SECP256R1(), backend)