Merge branch 'master' into fernet
diff --git a/AUTHORS.rst b/AUTHORS.rst
index 0ef9958..953ca55 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -10,3 +10,4 @@
* Christian Heimes <christian@python.org>
* Paul Kehrer <paul.l.kehrer@gmail.com>
* Jarret Raim <jarito@gmail.com>
+* Alex Stapleton <alexs@prol.etari.at> (A1C7 E50B 66DE 39ED C847 9665 8E3C 20D1 9BD9 5C4C)
diff --git a/cryptography/hazmat/backends/openssl/asn1.py b/cryptography/hazmat/backends/openssl/asn1.py
index a186d59..aeaf316 100644
--- a/cryptography/hazmat/backends/openssl/asn1.py
+++ b/cryptography/hazmat/backends/openssl/asn1.py
@@ -16,7 +16,24 @@
"""
TYPES = """
-typedef ... time_t;
+/*
+ * TODO: This typedef is wrong.
+ *
+ * This is due to limitations of cffi.
+ * See https://bitbucket.org/cffi/cffi/issue/69
+ *
+ * For another possible work-around (not used here because it involves more
+ * complicated use of the cffi API which falls outside the general pattern used
+ * by this package), see
+ * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/
+ *
+ * The work-around used here is to just be sure to declare a type that is at
+ * least as large as the real type. Maciej explains:
+ *
+ * <fijal> I think you want to declare your value too large (e.g. long)
+ * <fijal> that way you'll never pass garbage
+ */
+typedef intptr_t time_t;
typedef int ASN1_BOOLEAN;
typedef ... ASN1_INTEGER;
@@ -51,7 +68,7 @@
"""
FUNCTIONS = """
-ASN1_OBJECT *ASN1_OBJECT_new();
+ASN1_OBJECT *ASN1_OBJECT_new(void);
void ASN1_OBJECT_free(ASN1_OBJECT *);
/* ASN1 OBJECT IDENTIFIER */
@@ -59,7 +76,7 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *, unsigned char **);
/* ASN1 STRING */
-ASN1_STRING *ASN1_STRING_new();
+ASN1_STRING *ASN1_STRING_new(void);
ASN1_STRING *ASN1_STRING_type_new(int);
void ASN1_STRING_free(ASN1_STRING *);
unsigned char *ASN1_STRING_data(ASN1_STRING *);
@@ -68,18 +85,18 @@
int ASN1_STRING_to_UTF8(unsigned char **, ASN1_STRING *);
/* ASN1 OCTET STRING */
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_new();
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void);
void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *);
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *, const unsigned char *, int);
/* ASN1 INTEGER */
-ASN1_INTEGER *ASN1_INTEGER_new();
+ASN1_INTEGER *ASN1_INTEGER_new(void);
void ASN1_INTEGER_free(ASN1_INTEGER *);
int ASN1_INTEGER_set(ASN1_INTEGER *, long);
int i2a_ASN1_INTEGER(BIO *, ASN1_INTEGER *);
/* ASN1 TIME */
-ASN1_TIME *ASN1_TIME_new();
+ASN1_TIME *ASN1_TIME_new(void);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *,
ASN1_GENERALIZEDTIME **);
@@ -92,7 +109,7 @@
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *);
/* ASN1 ENUMERATED */
-ASN1_ENUMERATED *ASN1_ENUMERATED_new();
+ASN1_ENUMERATED *ASN1_ENUMERATED_new(void);
void ASN1_ENUMERATED_free(ASN1_ENUMERATED *);
int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long);
@@ -102,7 +119,7 @@
MACROS = """
ASN1_TIME *M_ASN1_TIME_dup(void *);
-ASN1_ITEM_EXP *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
+const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
/* These aren't macros these arguments are all const X on openssl > 1.0.x */
@@ -118,6 +135,7 @@
long ASN1_INTEGER_get(ASN1_INTEGER *);
BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *, BIGNUM *);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *, ASN1_INTEGER *);
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 7b67fb0..6231aad 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -85,6 +85,7 @@
"evp",
"hmac",
"nid",
+ "objects",
"opensslv",
"pem",
"pkcs7",
diff --git a/cryptography/hazmat/backends/openssl/bignum.py b/cryptography/hazmat/backends/openssl/bignum.py
index 68d0c3a..59efd17 100644
--- a/cryptography/hazmat/backends/openssl/bignum.py
+++ b/cryptography/hazmat/backends/openssl/bignum.py
@@ -17,11 +17,28 @@
TYPES = """
typedef ... BIGNUM;
-typedef ... BN_ULONG;
+/*
+ * TODO: This typedef is wrong.
+ *
+ * This is due to limitations of cffi.
+ * See https://bitbucket.org/cffi/cffi/issue/69
+ *
+ * For another possible work-around (not used here because it involves more
+ * complicated use of the cffi API which falls outside the general pattern used
+ * by this package), see
+ * http://paste.pound-python.org/show/iJcTUMkKeBeS6yXpZWUU/
+ *
+ * The work-around used here is to just be sure to declare a type that is at
+ * least as large as the real type. Maciej explains:
+ *
+ * <fijal> I think you want to declare your value too large (e.g. long)
+ * <fijal> that way you'll never pass garbage
+ */
+typedef uintptr_t BN_ULONG;
"""
FUNCTIONS = """
-BIGNUM *BN_new();
+BIGNUM *BN_new(void);
void BN_free(BIGNUM *);
int BN_set_word(BIGNUM *, BN_ULONG);
diff --git a/cryptography/hazmat/backends/openssl/bio.py b/cryptography/hazmat/backends/openssl/bio.py
index d164804..279ad22 100644
--- a/cryptography/hazmat/backends/openssl/bio.py
+++ b/cryptography/hazmat/backends/openssl/bio.py
@@ -50,6 +50,49 @@
...;
};
typedef ... BUF_MEM;
+
+static const int BIO_TYPE_MEM;
+static const int BIO_TYPE_FILE;
+static const int BIO_TYPE_FD;
+static const int BIO_TYPE_SOCKET;
+static const int BIO_TYPE_CONNECT;
+static const int BIO_TYPE_ACCEPT;
+static const int BIO_TYPE_NULL;
+static const int BIO_CLOSE;
+static const int BIO_NOCLOSE;
+static const int BIO_TYPE_SOURCE_SINK;
+static const int BIO_CTRL_RESET;
+static const int BIO_CTRL_EOF;
+static const int BIO_CTRL_SET;
+static const int BIO_CTRL_SET_CLOSE;
+static const int BIO_CTRL_FLUSH;
+static const int BIO_CTRL_DUP;
+static const int BIO_CTRL_GET_CLOSE;
+static const int BIO_CTRL_INFO;
+static const int BIO_CTRL_GET;
+static const int BIO_CTRL_PENDING;
+static const int BIO_CTRL_WPENDING;
+static const int BIO_C_FILE_SEEK;
+static const int BIO_C_FILE_TELL;
+static const int BIO_TYPE_NONE;
+static const int BIO_TYPE_PROXY_CLIENT;
+static const int BIO_TYPE_PROXY_SERVER;
+static const int BIO_TYPE_NBIO_TEST;
+static const int BIO_TYPE_BER;
+static const int BIO_TYPE_BIO;
+static const int BIO_TYPE_DESCRIPTOR;
+static const int BIO_FLAGS_READ;
+static const int BIO_FLAGS_WRITE;
+static const int BIO_FLAGS_IO_SPECIAL;
+static const int BIO_FLAGS_RWS;
+static const int BIO_FLAGS_SHOULD_RETRY;
+static const int BIO_TYPE_NULL_FILTER;
+static const int BIO_TYPE_SSL;
+static const int BIO_TYPE_MD;
+static const int BIO_TYPE_BUFFER;
+static const int BIO_TYPE_CIPHER;
+static const int BIO_TYPE_BASE64;
+static const int BIO_TYPE_FILTER;
"""
FUNCTIONS = """
@@ -63,16 +106,16 @@
BIO *BIO_next(BIO *);
BIO *BIO_find_type(BIO *, int);
int BIO_method_type(const BIO *);
-BIO_METHOD *BIO_s_mem();
+BIO_METHOD *BIO_s_mem(void);
BIO *BIO_new_mem_buf(void *, int);
-BIO_METHOD *BIO_s_file();
+BIO_METHOD *BIO_s_file(void);
BIO *BIO_new_file(const char *, const char *);
BIO *BIO_new_fp(FILE *, int);
-BIO_METHOD *BIO_s_fd();
+BIO_METHOD *BIO_s_fd(void);
BIO *BIO_new_fd(int, int);
-BIO_METHOD *BIO_s_socket();
+BIO_METHOD *BIO_s_socket(void);
BIO *BIO_new_socket(int, int);
-BIO_METHOD *BIO_s_null();
+BIO_METHOD *BIO_s_null(void);
long BIO_ctrl(BIO *, int, long, void *);
long BIO_callback_ctrl(
BIO *,
@@ -87,8 +130,8 @@
int BIO_gets(BIO *, char *, int);
int BIO_write(BIO *, const void *, int);
int BIO_puts(BIO *, const char *);
-BIO_METHOD *BIO_f_null();
-BIO_METHOD *BIO_f_buffer();
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_buffer(void);
"""
MACROS = """
@@ -100,10 +143,10 @@
long BIO_get_mem_ptr(BIO *, BUF_MEM **);
long BIO_set_fp(BIO *, FILE *, int);
long BIO_get_fp(BIO *, FILE **);
-int BIO_read_filename(BIO *, char *);
-int BIO_write_filename(BIO *, char *);
-int BIO_append_filename(BIO *, char *);
-int BIO_rw_filename(BIO *, char *);
+long BIO_read_filename(BIO *, char *);
+long BIO_write_filename(BIO *, char *);
+long BIO_append_filename(BIO *, char *);
+long BIO_rw_filename(BIO *, char *);
int BIO_should_read(BIO *);
int BIO_should_write(BIO *);
int BIO_should_io_special(BIO *);
@@ -125,48 +168,6 @@
long BIO_set_write_buffer_size(BIO *, long);
long BIO_set_buffer_size(BIO *, long);
long BIO_set_buffer_read_data(BIO *, void *, long);
-#define BIO_TYPE_MEM ...
-#define BIO_TYPE_FILE ...
-#define BIO_TYPE_FD ...
-#define BIO_TYPE_SOCKET ...
-#define BIO_TYPE_CONNECT ...
-#define BIO_TYPE_ACCEPT ...
-#define BIO_TYPE_NULL ...
-#define BIO_CLOSE ...
-#define BIO_NOCLOSE ...
-#define BIO_TYPE_SOURCE_SINK ...
-#define BIO_CTRL_RESET ...
-#define BIO_CTRL_EOF ...
-#define BIO_CTRL_SET ...
-#define BIO_CTRL_SET_CLOSE ...
-#define BIO_CTRL_FLUSH ...
-#define BIO_CTRL_DUP ...
-#define BIO_CTRL_GET_CLOSE ...
-#define BIO_CTRL_INFO ...
-#define BIO_CTRL_GET ...
-#define BIO_CTRL_PENDING ...
-#define BIO_CTRL_WPENDING ...
-#define BIO_C_FILE_SEEK ...
-#define BIO_C_FILE_TELL ...
-#define BIO_TYPE_NONE ...
-#define BIO_TYPE_PROXY_CLIENT ...
-#define BIO_TYPE_PROXY_SERVER ...
-#define BIO_TYPE_NBIO_TEST ...
-#define BIO_TYPE_BER ...
-#define BIO_TYPE_BIO ...
-#define BIO_TYPE_DESCRIPTOR ...
-#define BIO_FLAGS_READ ...
-#define BIO_FLAGS_WRITE ...
-#define BIO_FLAGS_IO_SPECIAL ...
-#define BIO_FLAGS_RWS ...
-#define BIO_FLAGS_SHOULD_RETRY ...
-#define BIO_TYPE_NULL_FILTER ...
-#define BIO_TYPE_SSL ...
-#define BIO_TYPE_MD ...
-#define BIO_TYPE_BUFFER ...
-#define BIO_TYPE_CIPHER ...
-#define BIO_TYPE_BASE64 ...
-#define BIO_TYPE_FILTER ...
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/crypto.py b/cryptography/hazmat/backends/openssl/crypto.py
index 71d32c5..835be14 100644
--- a/cryptography/hazmat/backends/openssl/crypto.py
+++ b/cryptography/hazmat/backends/openssl/crypto.py
@@ -21,27 +21,30 @@
static const int SSLEAY_PLATFORM;
static const int SSLEAY_DIR;
static const int SSLEAY_BUILT_ON;
+static const int CRYPTO_MEM_CHECK_ON;
+static const int CRYPTO_MEM_CHECK_OFF;
+static const int CRYPTO_MEM_CHECK_ENABLE;
+static const int CRYPTO_MEM_CHECK_DISABLE;
"""
FUNCTIONS = """
+unsigned long SSLeay(void);
+const char *SSLeay_version(int);
+
void CRYPTO_free(void *);
int CRYPTO_mem_ctrl(int);
-int CRYPTO_is_mem_check_on();
+int CRYPTO_is_mem_check_on(void);
void CRYPTO_mem_leaks(struct bio_st *);
-void CRYPTO_cleanup_all_ex_data();
+void CRYPTO_cleanup_all_ex_data(void);
void OPENSSL_free(void *);
"""
MACROS = """
void CRYPTO_add(int *, int, int);
-void CRYPTO_malloc_init();
-void CRYPTO_malloc_debug_init();
+void CRYPTO_malloc_init(void);
+void CRYPTO_malloc_debug_init(void);
-#define CRYPTO_MEM_CHECK_ON ...
-#define CRYPTO_MEM_CHECK_OFF ...
-#define CRYPTO_MEM_CHECK_ENABLE ...
-#define CRYPTO_MEM_CHECK_DISABLE ...
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/dh.py b/cryptography/hazmat/backends/openssl/dh.py
index 56fa8b4..3c12fbc 100644
--- a/cryptography/hazmat/backends/openssl/dh.py
+++ b/cryptography/hazmat/backends/openssl/dh.py
@@ -20,7 +20,7 @@
"""
FUNCTIONS = """
-DH *DH_new();
+DH *DH_new(void);
void DH_free(DH *);
"""
diff --git a/cryptography/hazmat/backends/openssl/engine.py b/cryptography/hazmat/backends/openssl/engine.py
index cc214f8..390bfde 100644
--- a/cryptography/hazmat/backends/openssl/engine.py
+++ b/cryptography/hazmat/backends/openssl/engine.py
@@ -17,11 +17,36 @@
TYPES = """
typedef ... ENGINE;
+typedef ... RSA_METHOD;
+typedef ... DSA_METHOD;
+typedef ... ECDH_METHOD;
+typedef ... ECDSA_METHOD;
+typedef ... DH_METHOD;
+typedef ... RAND_METHOD;
+typedef ... STORE_METHOD;
+typedef ... ENGINE_GEN_INT_FUNC_PTR;
+typedef ... ENGINE_CTRL_FUNC_PTR;
+typedef ... ENGINE_LOAD_KEY_PTR;
+typedef ... ENGINE_CIPHERS_PTR;
+typedef ... ENGINE_DIGESTS_PTR;
+typedef ... ENGINE_CMD_DEFN;
+typedef ... UI_METHOD;
+
+static const unsigned int ENGINE_METHOD_RSA;
+static const unsigned int ENGINE_METHOD_DSA;
+static const unsigned int ENGINE_METHOD_RAND;
+static const unsigned int ENGINE_METHOD_ECDH;
+static const unsigned int ENGINE_METHOD_ECDSA;
+static const unsigned int ENGINE_METHOD_CIPHERS;
+static const unsigned int ENGINE_METHOD_DIGESTS;
+static const unsigned int ENGINE_METHOD_STORE;
+static const unsigned int ENGINE_METHOD_ALL;
+static const unsigned int ENGINE_METHOD_NONE;
"""
FUNCTIONS = """
-ENGINE *ENGINE_get_first();
-ENGINE *ENGINE_get_last();
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
ENGINE *ENGINE_get_next(ENGINE *);
ENGINE *ENGINE_get_prev(ENGINE *);
int ENGINE_add(ENGINE *);
@@ -29,16 +54,20 @@
ENGINE *ENGINE_by_id(const char *);
int ENGINE_init(ENGINE *);
int ENGINE_finish(ENGINE *);
-int ENGINE_free(ENGINE *);
-void ENGINE_cleanup();
-void ENGINE_load_dynamic();
-void ENGINE_load_builtin_engines();
-int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int);
-int ENGINE_set_default(ENGINE *, unsigned int);
-int ENGINE_register_complete(ENGINE *);
-
+void ENGINE_load_openssl(void);
+void ENGINE_load_dynamic(void);
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_builtin_engines(void);
+void ENGINE_cleanup(void);
+ENGINE *ENGINE_get_default_RSA(void);
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_ECDH(void);
+ENGINE *ENGINE_get_default_ECDSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+ENGINE *ENGINE_get_cipher_engine(int);
+ENGINE *ENGINE_get_digest_engine(int);
int ENGINE_set_default_RSA(ENGINE *);
-int ENGINE_set_default_string(ENGINE *, const char *);
int ENGINE_set_default_DSA(ENGINE *);
int ENGINE_set_default_ECDH(ENGINE *);
int ENGINE_set_default_ECDSA(ENGINE *);
@@ -46,19 +75,86 @@
int ENGINE_set_default_RAND(ENGINE *);
int ENGINE_set_default_ciphers(ENGINE *);
int ENGINE_set_default_digests(ENGINE *);
+int ENGINE_set_default_string(ENGINE *, const char *);
+int ENGINE_set_default(ENGINE *, unsigned int);
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int);
+int ENGINE_register_RSA(ENGINE *);
+void ENGINE_unregister_RSA(ENGINE *);
+void ENGINE_register_all_RSA(void);
+int ENGINE_register_DSA(ENGINE *);
+void ENGINE_unregister_DSA(ENGINE *);
+void ENGINE_register_all_DSA(void);
+int ENGINE_register_ECDH(ENGINE *);
+void ENGINE_unregister_ECDH(ENGINE *);
+void ENGINE_register_all_ECDH(void);
+int ENGINE_register_ECDSA(ENGINE *);
+void ENGINE_unregister_ECDSA(ENGINE *);
+void ENGINE_register_all_ECDSA(void);
+int ENGINE_register_DH(ENGINE *);
+void ENGINE_unregister_DH(ENGINE *);
+void ENGINE_register_all_DH(void);
+int ENGINE_register_RAND(ENGINE *);
+void ENGINE_unregister_RAND(ENGINE *);
+void ENGINE_register_all_RAND(void);
+int ENGINE_register_STORE(ENGINE *);
+void ENGINE_unregister_STORE(ENGINE *);
+void ENGINE_register_all_STORE(void);
+int ENGINE_register_ciphers(ENGINE *);
+void ENGINE_unregister_ciphers(ENGINE *);
+void ENGINE_register_all_ciphers(void);
+int ENGINE_register_digests(ENGINE *);
+void ENGINE_unregister_digests(ENGINE *);
+void ENGINE_register_all_digests(void);
+int ENGINE_register_complete(ENGINE *);
+int ENGINE_register_all_complete(void);
+int ENGINE_ctrl(ENGINE *, int, long, void *, void (*)(void));
+int ENGINE_cmd_is_executable(ENGINE *, int);
+int ENGINE_ctrl_cmd(ENGINE *, const char *, long, void *, void (*)(void), int);
+int ENGINE_ctrl_cmd_string(ENGINE *, const char *, const char *, int);
+
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *);
+int ENGINE_up_ref(ENGINE *);
+int ENGINE_set_id(ENGINE *, const char *);
+int ENGINE_set_name(ENGINE *, const char *);
+int ENGINE_set_RSA(ENGINE *, const RSA_METHOD *);
+int ENGINE_set_DSA(ENGINE *, const DSA_METHOD *);
+int ENGINE_set_ECDH(ENGINE *, const ECDH_METHOD *);
+int ENGINE_set_ECDSA(ENGINE *, const ECDSA_METHOD *);
+int ENGINE_set_DH(ENGINE *, const DH_METHOD *);
+int ENGINE_set_RAND(ENGINE *, const RAND_METHOD *);
+int ENGINE_set_STORE(ENGINE *, const STORE_METHOD *);
+int ENGINE_set_destroy_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR);
+int ENGINE_set_init_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR);
+int ENGINE_set_finish_function(ENGINE *, ENGINE_GEN_INT_FUNC_PTR);
+int ENGINE_set_ctrl_function(ENGINE *, ENGINE_CTRL_FUNC_PTR);
+int ENGINE_set_load_privkey_function(ENGINE *, ENGINE_LOAD_KEY_PTR);
+int ENGINE_set_load_pubkey_function(ENGINE *, ENGINE_LOAD_KEY_PTR);
+int ENGINE_set_ciphers(ENGINE *, ENGINE_CIPHERS_PTR);
+int ENGINE_set_digests(ENGINE *, ENGINE_DIGESTS_PTR);
+int ENGINE_set_flags(ENGINE *, int);
+int ENGINE_set_cmd_defns(ENGINE *, const ENGINE_CMD_DEFN *);
+const char *ENGINE_get_id(const ENGINE *);
+const char *ENGINE_get_name(const ENGINE *);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *);
+const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *);
+const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *);
+const STORE_METHOD *ENGINE_get_STORE(const ENGINE *);
+
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *, int);
+const EVP_MD *ENGINE_get_digest(ENGINE *, int);
+int ENGINE_get_flags(const ENGINE *);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *);
+EVP_PKEY *ENGINE_load_private_key(ENGINE *, const char *, UI_METHOD *, void *);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *, const char *, UI_METHOD *, void *);
+void ENGINE_add_conf_module(void);
"""
MACROS = """
-#define ENGINE_METHOD_RSA ...
-#define ENGINE_METHOD_DSA ...
-#define ENGINE_METHOD_RAND ...
-#define ENGINE_METHOD_ECDH ...
-#define ENGINE_METHOD_ECDSA ...
-#define ENGINE_METHOD_CIPHERS ...
-#define ENGINE_METHOD_DIGESTS ...
-#define ENGINE_METHOD_STORE ...
-#define ENGINE_METHOD_ALL ...
-#define ENGINE_METHOD_NONE ...
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/err.py b/cryptography/hazmat/backends/openssl/err.py
index 2fb8bbe..6b2a77b 100644
--- a/cryptography/hazmat/backends/openssl/err.py
+++ b/cryptography/hazmat/backends/openssl/err.py
@@ -38,8 +38,8 @@
"""
FUNCTIONS = """
-void ERR_load_crypto_strings();
-void ERR_free_strings();
+void ERR_load_crypto_strings(void);
+void ERR_free_strings(void);
char* ERR_error_string(unsigned long, char *);
void ERR_error_string_n(unsigned long, char *, size_t);
const char* ERR_lib_error_string(unsigned long);
@@ -47,9 +47,9 @@
const char* ERR_reason_error_string(unsigned long);
void ERR_print_errors(BIO *);
void ERR_print_errors_fp(FILE *);
-unsigned long ERR_get_error();
-unsigned long ERR_peek_error();
-unsigned long ERR_peek_last_error();
+unsigned long ERR_get_error(void);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_last_error(void);
unsigned long ERR_get_error_line(const char **, int *);
unsigned long ERR_peek_error_line(const char **, int *);
unsigned long ERR_peek_last_error_line(const char **, int *);
@@ -61,7 +61,7 @@
int *, const char **, int *);
void ERR_put_error(int, int, int, const char *, int);
void ERR_add_error_data(int, ...);
-int ERR_get_next_error_library();
+int ERR_get_next_error_library(void);
"""
MACROS = """
diff --git a/cryptography/hazmat/backends/openssl/evp.py b/cryptography/hazmat/backends/openssl/evp.py
index 0662b1e..c426e52 100644
--- a/cryptography/hazmat/backends/openssl/evp.py
+++ b/cryptography/hazmat/backends/openssl/evp.py
@@ -24,7 +24,9 @@
...;
} EVP_CIPHER_CTX;
typedef ... EVP_MD;
-typedef struct env_md_ctx_st EVP_MD_CTX;
+typedef struct env_md_ctx_st {
+ ...;
+} EVP_MD_CTX;
typedef struct evp_pkey_st {
int type;
@@ -32,6 +34,7 @@
} EVP_PKEY;
static const int EVP_PKEY_RSA;
static const int EVP_PKEY_DSA;
+static const int EVP_MAX_MD_SIZE;
static const int EVP_CTRL_GCM_SET_IVLEN;
static const int EVP_CTRL_GCM_GET_TAG;
static const int EVP_CTRL_GCM_SET_TAG;
@@ -40,8 +43,6 @@
"""
FUNCTIONS = """
-void OpenSSL_add_all_algorithms();
-
const EVP_CIPHER *EVP_get_cipherbyname(const char *);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *, const EVP_CIPHER *, ENGINE *,
const unsigned char *, const unsigned char *);
@@ -63,11 +64,11 @@
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *);
int EVP_CIPHER_block_size(const EVP_CIPHER *);
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new();
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
-EVP_MD_CTX *EVP_MD_CTX_create();
+EVP_MD_CTX *EVP_MD_CTX_create(void);
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *);
int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, ENGINE *);
int EVP_DigestUpdate(EVP_MD_CTX *, const void *, size_t);
@@ -78,7 +79,7 @@
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *);
int EVP_MD_size(const EVP_MD *);
-EVP_PKEY *EVP_PKEY_new();
+EVP_PKEY *EVP_PKEY_new(void);
void EVP_PKEY_free(EVP_PKEY *);
int EVP_PKEY_type(int);
int EVP_PKEY_bits(EVP_PKEY *);
@@ -92,9 +93,12 @@
int EVP_VerifyUpdate(EVP_MD_CTX *, const void *, size_t);
int EVP_VerifyFinal(EVP_MD_CTX *, const unsigned char *, unsigned int,
EVP_PKEY *);
+
+const EVP_MD *EVP_md5(void);
"""
MACROS = """
+void OpenSSL_add_all_algorithms(void);
int EVP_PKEY_assign_RSA(EVP_PKEY *, RSA *);
int EVP_PKEY_assign_DSA(EVP_PKEY *, DSA *);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *);
diff --git a/cryptography/hazmat/backends/openssl/nid.py b/cryptography/hazmat/backends/openssl/nid.py
index 111f82f..40aed19 100644
--- a/cryptography/hazmat/backends/openssl/nid.py
+++ b/cryptography/hazmat/backends/openssl/nid.py
@@ -37,6 +37,7 @@
static const int NID_ecdsa_with_SHA512;
static const int NID_crl_reason;
static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+static const int NID_subject_alt_name;
"""
FUNCTIONS = """
diff --git a/cryptography/hazmat/backends/openssl/objects.py b/cryptography/hazmat/backends/openssl/objects.py
new file mode 100644
index 0000000..0abc42d
--- /dev/null
+++ b/cryptography/hazmat/backends/openssl/objects.py
@@ -0,0 +1,43 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+INCLUDES = """
+#include <openssl/objects.h>
+"""
+
+TYPES = """
+"""
+
+FUNCTIONS = """
+ASN1_OBJECT *OBJ_nid2obj(int);
+const char *OBJ_nid2ln(int);
+const char *OBJ_nid2sn(int);
+int OBJ_obj2nid(const ASN1_OBJECT *);
+int OBJ_ln2nid(const char *);
+int OBJ_sn2nid(const char *);
+int OBJ_txt2nid(const char *);
+ASN1_OBJECT *OBJ_txt2obj(const char *, int);
+int OBJ_obj2txt(char *, int, const ASN1_OBJECT *, int);
+int OBJ_cmp(const ASN1_OBJECT *, const ASN1_OBJECT *);
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *);
+int OBJ_create(const char *, const char *, const char *);
+void OBJ_cleanup(void);
+"""
+
+MACROS = """
+"""
+
+CUSTOMIZATIONS = """
+"""
+
+CONDITIONAL_NAMES = {}
diff --git a/cryptography/hazmat/backends/openssl/opensslv.py b/cryptography/hazmat/backends/openssl/opensslv.py
index 4e11032..397f4ca 100644
--- a/cryptography/hazmat/backends/openssl/opensslv.py
+++ b/cryptography/hazmat/backends/openssl/opensslv.py
@@ -17,7 +17,7 @@
TYPES = """
static const int OPENSSL_VERSION_NUMBER;
-static char *const OPENSSL_VERSION_TEXT;
+static const char *const OPENSSL_VERSION_TEXT;
"""
FUNCTIONS = """
diff --git a/cryptography/hazmat/backends/openssl/pkcs12.py b/cryptography/hazmat/backends/openssl/pkcs12.py
index b3ecd0a..bd01e75 100644
--- a/cryptography/hazmat/backends/openssl/pkcs12.py
+++ b/cryptography/hazmat/backends/openssl/pkcs12.py
@@ -28,9 +28,9 @@
MACROS = """
int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **,
- struct stack_st_X509 **);
+ Cryptography_STACK_OF_X509 **);
PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *,
- struct stack_st_X509 *, int, int, int, int, int);
+ Cryptography_STACK_OF_X509 *, int, int, int, int, int);
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/rand.py b/cryptography/hazmat/backends/openssl/rand.py
index 5ac36ca..0e645fb 100644
--- a/cryptography/hazmat/backends/openssl/rand.py
+++ b/cryptography/hazmat/backends/openssl/rand.py
@@ -19,17 +19,17 @@
"""
FUNCTIONS = """
-void ERR_load_RAND_strings();
+void ERR_load_RAND_strings(void);
void RAND_seed(const void *, int);
void RAND_add(const void *, int, double);
-int RAND_status();
+int RAND_status(void);
int RAND_egd(const char *);
int RAND_egd_bytes(const char *, int);
int RAND_query_egd_bytes(const char *, unsigned char *, int);
const char *RAND_file_name(char *, size_t);
int RAND_load_file(const char *, long);
int RAND_write_file(const char *);
-void RAND_cleanup();
+void RAND_cleanup(void);
int RAND_bytes(unsigned char *, int);
int RAND_pseudo_bytes(unsigned char *, int);
"""
diff --git a/cryptography/hazmat/backends/openssl/rsa.py b/cryptography/hazmat/backends/openssl/rsa.py
index e3a24d0..a44ca4a 100644
--- a/cryptography/hazmat/backends/openssl/rsa.py
+++ b/cryptography/hazmat/backends/openssl/rsa.py
@@ -33,10 +33,11 @@
static const int RSA_NO_PADDING;
static const int RSA_PKCS1_OAEP_PADDING;
static const int RSA_X931_PADDING;
+static const int RSA_F4;
"""
FUNCTIONS = """
-RSA *RSA_new();
+RSA *RSA_new(void);
void RSA_free(RSA *);
int RSA_size(const RSA *);
int RSA_generate_key_ex(RSA *, int, BIGNUM *, BN_GENCB *);
@@ -50,6 +51,7 @@
RSA *, int);
int RSA_private_decrypt(int, const unsigned char *, unsigned char *,
RSA *, int);
+int RSA_print(BIO *, const RSA *, int);
"""
MACROS = """
diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index f99c263..d0d5ae2 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -16,8 +16,12 @@
"""
TYPES = """
-/* Internally invented symbol to tell us if SSLv2 is supported */
+/*
+ * Internally invented symbols to tell which versions of SSL/TLS are supported.
+*/
static const int Cryptography_HAS_SSL2;
+static const int Cryptography_HAS_TLSv1_1;
+static const int Cryptography_HAS_TLSv1_2;
/* Internally invented symbol to tell us if SNI is supported */
static const int Cryptography_HAS_TLSEXT_HOSTNAME;
@@ -32,6 +36,8 @@
*/
static const int Cryptography_HAS_OP_NO_COMPRESSION;
+static const int Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING;
+
static const int SSL_FILETYPE_PEM;
static const int SSL_FILETYPE_ASN1;
static const int SSL_ERROR_NONE;
@@ -46,6 +52,8 @@
static const int SSL_OP_NO_SSLv2;
static const int SSL_OP_NO_SSLv3;
static const int SSL_OP_NO_TLSv1;
+static const int SSL_OP_NO_TLSv1_1;
+static const int SSL_OP_NO_TLSv1_2;
static const int SSL_OP_NO_COMPRESSION;
static const int SSL_OP_SINGLE_DH_USE;
static const int SSL_OP_EPHEMERAL_RSA;
@@ -54,6 +62,7 @@
static const int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
static const int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
static const int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
+static const int SSL_OP_MSIE_SSLV2_RSA_PADDING;
static const int SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
static const int SSL_OP_TLS_D5_BUG;
static const int SSL_OP_TLS_BLOCK_PADDING_BUG;
@@ -132,8 +141,8 @@
"""
FUNCTIONS = """
-void SSL_load_error_strings();
-int SSL_library_init();
+void SSL_load_error_strings(void);
+int SSL_library_init(void);
/* SSL */
SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *);
@@ -157,6 +166,10 @@
int SSL_write(SSL *, const void *, int);
int SSL_read(SSL *, void *, int);
X509 *SSL_get_peer_certificate(const SSL *);
+
+Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *);
+Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *);
+
int SSL_get_error(const SSL *, int);
int SSL_do_handshake(SSL *);
int SSL_shutdown(SSL *);
@@ -186,6 +199,9 @@
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
int SSL_CTX_add_client_CA(SSL_CTX *, X509 *);
+void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *);
+
+
/* X509_STORE_CTX */
int X509_STORE_CTX_get_error(X509_STORE_CTX *);
void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);
@@ -206,7 +222,7 @@
int SSL_want_read(const SSL *);
int SSL_want_write(const SSL *);
-int SSL_total_renegotiations(SSL *);
+long SSL_total_renegotiations(SSL *);
long SSL_CTX_set_options(SSL_CTX *, long);
long SSL_CTX_get_options(SSL_CTX *);
@@ -219,33 +235,49 @@
/*- These aren't macros these functions are all const X on openssl > 1.0.x -*/
+/* methods */
+
/* SSLv2 support is compiled out of some versions of OpenSSL. These will
* get special support when we generate the bindings so that if they are
* available they will be wrapped, but if they are not they won't cause
* problems (like link errors).
*/
-const SSL_METHOD *SSLv2_method();
-const SSL_METHOD *SSLv2_server_method();
-const SSL_METHOD *SSLv2_client_method();
+const SSL_METHOD *SSLv2_method(void);
+const SSL_METHOD *SSLv2_server_method(void);
+const SSL_METHOD *SSLv2_client_method(void);
-/* methods */
-const SSL_METHOD *SSLv3_method();
-const SSL_METHOD *SSLv3_server_method();
-const SSL_METHOD *SSLv3_client_method();
-const SSL_METHOD *TLSv1_method();
-const SSL_METHOD *TLSv1_server_method();
-const SSL_METHOD *TLSv1_client_method();
-const SSL_METHOD *SSLv23_method();
-const SSL_METHOD *SSLv23_server_method();
-const SSL_METHOD *SSLv23_client_method();
+/*
+ * TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of
+ * OpenSSL support them.
+ */
+const SSL_METHOD *TLSv1_1_method(void);
+const SSL_METHOD *TLSv1_1_server_method(void);
+const SSL_METHOD *TLSv1_1_client_method(void);
+
+const SSL_METHOD *TLSv1_2_method(void);
+const SSL_METHOD *TLSv1_2_server_method(void);
+const SSL_METHOD *TLSv1_2_client_method(void);
+
+const SSL_METHOD *SSLv3_method(void);
+const SSL_METHOD *SSLv3_server_method(void);
+const SSL_METHOD *SSLv3_client_method(void);
+
+const SSL_METHOD *TLSv1_method(void);
+const SSL_METHOD *TLSv1_server_method(void);
+const SSL_METHOD *TLSv1_client_method(void);
+
+const SSL_METHOD *SSLv23_method(void);
+const SSL_METHOD *SSLv23_server_method(void);
+const SSL_METHOD *SSLv23_client_method(void);
/*- These aren't macros these arguments are all const X on openssl > 1.0.x -*/
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *);
+SSL_CTX *SSL_CTX_new(SSL_METHOD *);
long SSL_CTX_get_timeout(const SSL_CTX *);
/* SNI APIs were introduced in OpenSSL 1.0.0. To continue to support
* earlier versions some special handling of these is necessary.
*/
+const char *SSL_get_servername(const SSL *, const int);
void SSL_set_tlsext_host_name(SSL *, char *);
void SSL_CTX_set_tlsext_servername_callback(
SSL_CTX *,
@@ -255,9 +287,9 @@
CUSTOMIZATIONS = """
#ifdef OPENSSL_NO_SSL2
static const long Cryptography_HAS_SSL2 = 0;
-SSL_METHOD* (*SSLv2_method)() = NULL;
-SSL_METHOD* (*SSLv2_client_method)() = NULL;
-SSL_METHOD* (*SSLv2_server_method)() = NULL;
+SSL_METHOD* (*SSLv2_method)(void) = NULL;
+SSL_METHOD* (*SSLv2_client_method)(void) = NULL;
+SSL_METHOD* (*SSLv2_server_method)(void) = NULL;
#else
static const long Cryptography_HAS_SSL2 = 1;
#endif
@@ -286,9 +318,50 @@
static const long Cryptography_HAS_OP_NO_COMPRESSION = 0;
const long SSL_OP_NO_COMPRESSION = 0;
#endif
+
+#ifdef SSL_OP_NO_TLSv1_1
+static const long Cryptography_HAS_TLSv1_1 = 1;
+#else
+static const long Cryptography_HAS_TLSv1_1 = 0;
+static const long SSL_OP_NO_TLSv1_1 = 0;
+SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
+SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
+SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
+#endif
+
+#ifdef SSL_OP_NO_TLSv1_2
+static const long Cryptography_HAS_TLSv1_2 = 1;
+#else
+static const long Cryptography_HAS_TLSv1_2 = 0;
+static const long SSL_OP_NO_TLSv1_2 = 0;
+SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
+SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
+SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
+#endif
+
+#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
+static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
+#else
+static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 0;
+const long SSL_OP_MSIE_SSLV2_RSA_PADDING = 0;
+#endif
"""
CONDITIONAL_NAMES = {
+ "Cryptography_HAS_TLSv1_1": [
+ "SSL_OP_NO_TLSv1_1",
+ "TLSv1_1_method",
+ "TLSv1_1_server_method",
+ "TLSv1_1_client_method",
+ ],
+
+ "Cryptography_HAS_TLSv1_2": [
+ "SSL_OP_NO_TLSv1_2",
+ "TLSv1_2_method",
+ "TLSv1_2_server_method",
+ "TLSv1_2_client_method",
+ ],
+
"Cryptography_HAS_SSL2": [
"SSLv2_method",
"SSLv2_client_method",
@@ -309,4 +382,7 @@
"SSL_OP_NO_COMPRESSION",
],
+ "Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING": [
+ "SSL_OP_MSIE_SSLV2_RSA_PADDING",
+ ],
}
diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py
index 5cba476..840254a 100644
--- a/cryptography/hazmat/backends/openssl/x509.py
+++ b/cryptography/hazmat/backends/openssl/x509.py
@@ -13,9 +13,22 @@
INCLUDES = """
#include <openssl/ssl.h>
+
+/*
+ * This is part of a work-around for the difficulty cffi has in dealing with
+ * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that
+ * will be an alias for this type and use the alias throughout. This works
+ * together with another opaque typedef for the same name in the TYPES section.
+ * Note that the result is an opaque type.
+ */
+typedef STACK_OF(X509) Cryptography_STACK_OF_X509;
+typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED;
"""
TYPES = """
+typedef ... Cryptography_STACK_OF_X509;
+typedef ... Cryptography_STACK_OF_X509_REVOKED;
+
typedef struct {
ASN1_OBJECT *algorithm;
...;
@@ -36,8 +49,6 @@
typedef ... X509_REQ;
-typedef ... x509_revoked_st;
-
typedef struct {
ASN1_INTEGER *serialNumber;
ASN1_TIME *revocationDate;
@@ -47,7 +58,7 @@
} X509_REVOKED;
typedef struct {
- struct stack_st_X509_REVOKED *revoked;
+ Cryptography_STACK_OF_X509_REVOKED *revoked;
...;
} X509_CRL_INFO;
@@ -66,7 +77,7 @@
"""
FUNCTIONS = """
-X509 *X509_new();
+X509 *X509_new(void);
void X509_free(X509 *);
X509 *X509_dup(X509 *);
@@ -101,7 +112,7 @@
void X509_EXTENSION_free(X509_EXTENSION *);
int X509_REQ_set_version(X509_REQ *, long);
-X509_REQ *X509_REQ_new();
+X509_REQ *X509_REQ_new(void);
void X509_REQ_free(X509_REQ *);
int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *);
int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *);
@@ -113,7 +124,7 @@
int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *);
-X509_REVOKED *X509_REVOKED_new();
+X509_REVOKED *X509_REVOKED_new(void);
void X509_REVOKED_free(X509_REVOKED *);
int X509_REVOKED_set_serialNumber(X509_REVOKED *, ASN1_INTEGER *);
@@ -121,7 +132,7 @@
int X509_REVOKED_add1_ext_i2d(X509_REVOKED *, int, void *, int, unsigned long);
X509_CRL *d2i_X509_CRL_bio(BIO *, X509_CRL **);
-X509_CRL *X509_CRL_new();
+X509_CRL *X509_CRL_new(void);
void X509_CRL_free(X509_CRL *);
int X509_CRL_add0_revoked(X509_CRL *, X509_REVOKED *);
int i2d_X509_CRL_bio(BIO *, X509_CRL *);
@@ -134,7 +145,7 @@
char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *);
EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *);
int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *, EVP_PKEY *);
-NETSCAPE_SPKI *NETSCAPE_SPKI_new();
+NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
void NETSCAPE_SPKI_free(NETSCAPE_SPKI *);
/* ASN1 serialization */
@@ -151,7 +162,7 @@
int X509_set_serialNumber(X509 *, ASN1_INTEGER *);
/* X509_STORE */
-X509_STORE *X509_STORE_new();
+X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *);
int X509_STORE_add_cert(X509_STORE *, X509 *);
"""
@@ -165,25 +176,25 @@
long X509_REQ_get_version(X509_REQ *);
X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
-struct stack_st_X509 *sk_X509_new_null();
-void sk_X509_free(struct stack_st_X509 *);
-int sk_X509_num(struct stack_st_X509 *);
-int sk_X509_push(struct stack_st_X509 *, X509 *);
-X509 *sk_X509_value(struct stack_st_X509 *, int);
+Cryptography_STACK_OF_X509 *sk_X509_new_null(void);
+void sk_X509_free(Cryptography_STACK_OF_X509 *);
+int sk_X509_num(Cryptography_STACK_OF_X509 *);
+int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *);
+X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int);
-X509_EXTENSIONS *sk_X509_EXTENSION_new_null();
+X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void);
int sk_X509_EXTENSION_num(X509_EXTENSIONS *);
X509_EXTENSION *sk_X509_EXTENSION_value(X509_EXTENSIONS *, int);
int sk_X509_EXTENSION_push(X509_EXTENSIONS *, X509_EXTENSION *);
-void sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int);
+X509_EXTENSION *sk_X509_EXTENSION_delete(X509_EXTENSIONS *, int);
void sk_X509_EXTENSION_free(X509_EXTENSIONS *);
-int sk_X509_REVOKED_num(struct stack_st_X509_REVOKED *);
-X509_REVOKED *sk_X509_REVOKED_value(struct stack_st_X509_REVOKED *, int);
+int sk_X509_REVOKED_num(Cryptography_STACK_OF_X509_REVOKED *);
+X509_REVOKED *sk_X509_REVOKED_value(Cryptography_STACK_OF_X509_REVOKED *, int);
/* These aren't macros these arguments are all const X on openssl > 1.0.x */
-int X509_CRL_set_lastUpdate(X509_CRL *, const ASN1_TIME *);
-int X509_CRL_set_nextUpdate(X509_CRL *, const ASN1_TIME *);
+int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *);
+int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py
index 4be39b5..bf627d6 100644
--- a/cryptography/hazmat/backends/openssl/x509name.py
+++ b/cryptography/hazmat/backends/openssl/x509name.py
@@ -13,11 +13,17 @@
INCLUDES = """
#include <openssl/x509.h>
+
+/*
+ * See the comment above Cryptography_STACK_OF_X509 in x509.py
+ */
+typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME;
"""
TYPES = """
typedef ... X509_NAME;
typedef ... X509_NAME_ENTRY;
+typedef ... Cryptography_STACK_OF_X509_NAME;
"""
FUNCTIONS = """
@@ -40,11 +46,11 @@
"""
MACROS = """
-struct stack_st_X509_NAME *sk_X509_NAME_new_null();
-int sk_X509_NAME_num(struct stack_st_X509_NAME *);
-int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *);
-X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int);
-void sk_X509_NAME_free(struct stack_st_X509_NAME *);
+Cryptography_STACK_OF_X509_NAME *sk_X509_NAME_new_null(void);
+int sk_X509_NAME_num(Cryptography_STACK_OF_X509_NAME *);
+int sk_X509_NAME_push(Cryptography_STACK_OF_X509_NAME *, X509_NAME *);
+X509_NAME *sk_X509_NAME_value(Cryptography_STACK_OF_X509_NAME *, int);
+void sk_X509_NAME_free(Cryptography_STACK_OF_X509_NAME *);
"""
CUSTOMIZATIONS = """
diff --git a/docs/contributing.rst b/docs/contributing.rst
index 620e1b6..657c435 100644
--- a/docs/contributing.rst
+++ b/docs/contributing.rst
@@ -110,14 +110,14 @@
...;
};
-Don't include stray ``void`` parameters:
+Include ``void`` if the function takes no arguments:
.. code-block:: c
// Good
- long f();
- // Bad
long f(void);
+ // Bad
+ long f();
Wrap lines at 80 characters like so:
@@ -136,6 +136,23 @@
// Bad
long f(int,char *)
+Values set by ``#define`` should be assigned the appropriate type. If you see
+this:
+
+.. code-block:: c
+
+ #define SOME_INTEGER_LITERAL 0x0;
+ #define SOME_UNSIGNED_INTEGER_LITERAL 0x0001U;
+ #define SOME_STRING_LITERAL "hello";
+
+...it should be added to the bindings like so:
+
+.. code-block:: c
+
+ static const int SOME_INTEGER_LITERAL;
+ static const unsigned int SOME_UNSIGNED_INTEGER_LITERAL;
+ static const char *const SOME_STRING_LITERAL;
+
Documentation
-------------
diff --git a/pytest.ini b/pytest.ini
index 1aeb23f..36d4edc 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -4,3 +4,4 @@
hmac: this test requires a backend providing HMACBackend
cipher: this test requires a backend providing CipherBackend
hash: this test requires a backend providing HashBackend
+ supported: parametrized test requiring only_if and skip_message
diff --git a/tests/conftest.py b/tests/conftest.py
index e059b63..0ddc333 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -4,7 +4,7 @@
HMACBackend, CipherBackend, HashBackend
)
-from .utils import check_for_iface
+from .utils import check_for_iface, check_backend_support
def pytest_generate_tests(metafunc):
@@ -19,3 +19,4 @@
check_for_iface("hmac", HMACBackend, item)
check_for_iface("cipher", CipherBackend, item)
check_for_iface("hash", HashBackend, item)
+ check_backend_support(item)
diff --git a/tests/hazmat/primitives/test_3des.py b/tests/hazmat/primitives/test_3des.py
index 439ca25..581c47e 100644
--- a/tests/hazmat/primitives/test_3des.py
+++ b/tests/hazmat/primitives/test_3des.py
@@ -28,6 +28,12 @@
from ...utils import load_nist_vectors
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8)
+ ),
+ skip_message="Does not support TripleDES CBC",
+)
@pytest.mark.cipher
class TestTripleDES_CBC(object):
test_KAT = generate_encrypt_test(
@@ -42,10 +48,6 @@
],
lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)),
lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8)
- ),
- skip_message="Does not support TripleDES CBC",
)
test_MMT = generate_encrypt_test(
@@ -60,13 +62,15 @@
binascii.unhexlify(key1 + key2 + key3)
),
lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.TripleDES("\x00" * 8), modes.CBC("\x00" * 8)
- ),
- skip_message="Does not support TripleDES CBC",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8)
+ ),
+ skip_message="Does not support TripleDES OFB",
+)
@pytest.mark.cipher
class TestTripleDES_OFB(object):
test_KAT = generate_encrypt_test(
@@ -81,10 +85,6 @@
],
lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)),
lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8)
- ),
- skip_message="Does not support TripleDES OFB",
)
test_MMT = generate_encrypt_test(
@@ -99,13 +99,15 @@
binascii.unhexlify(key1 + key2 + key3)
),
lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.TripleDES("\x00" * 8), modes.OFB("\x00" * 8)
- ),
- skip_message="Does not support TripleDES OFB",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8)
+ ),
+ skip_message="Does not support TripleDES CFB",
+)
@pytest.mark.cipher
class TestTripleDES_CFB(object):
test_KAT = generate_encrypt_test(
@@ -120,10 +122,6 @@
],
lambda keys, **kwargs: algorithms.TripleDES(binascii.unhexlify(keys)),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8)
- ),
- skip_message="Does not support TripleDES CFB",
)
test_MMT = generate_encrypt_test(
@@ -138,8 +136,4 @@
binascii.unhexlify(key1 + key2 + key3)
),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.TripleDES("\x00" * 8), modes.CFB("\x00" * 8)
- ),
- skip_message="Does not support TripleDES CFB",
)
diff --git a/tests/hazmat/primitives/test_aes.py b/tests/hazmat/primitives/test_aes.py
index e9ef385..8cba8c6 100644
--- a/tests/hazmat/primitives/test_aes.py
+++ b/tests/hazmat/primitives/test_aes.py
@@ -26,8 +26,14 @@
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16)
+ ),
+ skip_message="Does not support AES CBC",
+)
@pytest.mark.cipher
-class TestAES(object):
+class TestAES_CBC(object):
test_CBC = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "AES", "CBC"),
@@ -50,12 +56,17 @@
],
lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.CBC("\x00" * 16)
- ),
- skip_message="Does not support AES CBC",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.ECB()
+ ),
+ skip_message="Does not support AES ECB",
+)
+@pytest.mark.cipher
+class TestAES_ECB(object):
test_ECB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "AES", "ECB"),
@@ -78,12 +89,17 @@
],
lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)),
lambda **kwargs: modes.ECB(),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.ECB()
- ),
- skip_message="Does not support AES ECB",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16)
+ ),
+ skip_message="Does not support AES OFB",
+)
+@pytest.mark.cipher
+class TestAES_OFB(object):
test_OFB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "AES", "OFB"),
@@ -106,12 +122,17 @@
],
lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.OFB("\x00" * 16)
- ),
- skip_message="Does not support AES OFB",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16)
+ ),
+ skip_message="Does not support AES CFB",
+)
+@pytest.mark.cipher
+class TestAES_CFB(object):
test_CFB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "AES", "CFB"),
@@ -134,24 +155,34 @@
],
lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.CFB("\x00" * 16)
- ),
- skip_message="Does not support AES CFB",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16)
+ ),
+ skip_message="Does not support AES CTR",
+)
+@pytest.mark.cipher
+class TestAES_CTR(object):
test_CTR = generate_encrypt_test(
load_openssl_vectors,
os.path.join("ciphers", "AES", "CTR"),
["aes-128-ctr.txt", "aes-192-ctr.txt", "aes-256-ctr.txt"],
lambda key, **kwargs: algorithms.AES(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.CTR("\x00" * 16)
- ),
- skip_message="Does not support AES CTR",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12)
+ ),
+ skip_message="Does not support AES GCM",
+)
+@pytest.mark.cipher
+class TestAES_GCM(object):
test_GCM = generate_aead_test(
load_nist_vectors,
os.path.join("ciphers", "AES", "GCM"),
@@ -165,8 +196,4 @@
],
lambda key: algorithms.AES(key),
lambda iv, tag: modes.GCM(iv, tag),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12)
- ),
- skip_message="Does not support AES GCM",
)
diff --git a/tests/hazmat/primitives/test_arc4.py b/tests/hazmat/primitives/test_arc4.py
index f2e2452..33f7ff0 100644
--- a/tests/hazmat/primitives/test_arc4.py
+++ b/tests/hazmat/primitives/test_arc4.py
@@ -24,6 +24,12 @@
from ...utils import load_nist_vectors
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.ARC4("\x00" * 16), None
+ ),
+ skip_message="Does not support ARC4",
+)
@pytest.mark.cipher
class TestARC4(object):
test_rfc = generate_stream_encryption_test(
@@ -39,8 +45,4 @@
"rfc-6229-256.txt",
],
lambda key, **kwargs: algorithms.ARC4(binascii.unhexlify(key)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.ARC4("\x00" * 16), None
- ),
- skip_message="Does not support ARC4",
)
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index 22a7c02..30cf1d6 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -136,21 +136,19 @@
decryptor.finalize()
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12)
+ ),
+ skip_message="Does not support AES GCM",
+)
@pytest.mark.cipher
class TestAEADCipherContext(object):
test_aead_exceptions = generate_aead_exception_test(
algorithms.AES,
modes.GCM,
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12)
- ),
- skip_message="Does not support AES GCM",
)
test_aead_tag_exceptions = generate_aead_tag_exception_test(
algorithms.AES,
modes.GCM,
- only_if=lambda backend: backend.cipher_supported(
- algorithms.AES("\x00" * 16), modes.GCM("\x00" * 12)
- ),
- skip_message="Does not support AES GCM",
)
diff --git a/tests/hazmat/primitives/test_blowfish.py b/tests/hazmat/primitives/test_blowfish.py
index 79ceabe..18512a6 100644
--- a/tests/hazmat/primitives/test_blowfish.py
+++ b/tests/hazmat/primitives/test_blowfish.py
@@ -24,52 +24,69 @@
from ...utils import load_nist_vectors
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Blowfish("\x00" * 56), modes.ECB()
+ ),
+ skip_message="Does not support Blowfish ECB",
+)
@pytest.mark.cipher
-class TestBlowfish(object):
+class TestBlowfish_ECB(object):
test_ECB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "Blowfish"),
["bf-ecb.txt"],
lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)),
lambda **kwargs: modes.ECB(),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Blowfish("\x00" * 56), modes.ECB()
- ),
- skip_message="Does not support Blowfish ECB",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8)
+ ),
+ skip_message="Does not support Blowfish CBC",
+)
+@pytest.mark.cipher
+class TestBlowfish_CBC(object):
test_CBC = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "Blowfish"),
["bf-cbc.txt"],
lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Blowfish("\x00" * 56), modes.CBC("\x00" * 8)
- ),
- skip_message="Does not support Blowfish CBC",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8)
+ ),
+ skip_message="Does not support Blowfish OFB",
+)
+@pytest.mark.cipher
+class TestBlowfish_OFB(object):
test_OFB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "Blowfish"),
["bf-ofb.txt"],
lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Blowfish("\x00" * 56), modes.OFB("\x00" * 8)
- ),
- skip_message="Does not support Blowfish OFB",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8)
+ ),
+ skip_message="Does not support Blowfish CFB",
+)
+@pytest.mark.cipher
+class TestBlowfish_CFB(object):
test_CFB = generate_encrypt_test(
load_nist_vectors,
os.path.join("ciphers", "Blowfish"),
["bf-cfb.txt"],
lambda key, **kwargs: algorithms.Blowfish(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Blowfish("\x00" * 56), modes.CFB("\x00" * 8)
- ),
- skip_message="Does not support Blowfish CFB",
)
diff --git a/tests/hazmat/primitives/test_camellia.py b/tests/hazmat/primitives/test_camellia.py
index c376220..7c56f6f 100644
--- a/tests/hazmat/primitives/test_camellia.py
+++ b/tests/hazmat/primitives/test_camellia.py
@@ -26,8 +26,14 @@
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Camellia("\x00" * 16), modes.ECB()
+ ),
+ skip_message="Does not support Camellia ECB",
+)
@pytest.mark.cipher
-class TestCamellia(object):
+class TestCamellia_ECB(object):
test_ECB = generate_encrypt_test(
load_cryptrec_vectors,
os.path.join("ciphers", "Camellia"),
@@ -38,44 +44,55 @@
],
lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)),
lambda **kwargs: modes.ECB(),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Camellia("\x00" * 16), modes.ECB()
- ),
- skip_message="Does not support Camellia ECB",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16)
+ ),
+ skip_message="Does not support Camellia CBC",
+)
+@pytest.mark.cipher
+class TestCamellia_CBC(object):
test_CBC = generate_encrypt_test(
load_openssl_vectors,
os.path.join("ciphers", "Camellia"),
["camellia-cbc.txt"],
lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Camellia("\x00" * 16), modes.CBC("\x00" * 16)
- ),
- skip_message="Does not support Camellia CBC",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16)
+ ),
+ skip_message="Does not support Camellia OFB",
+)
+@pytest.mark.cipher
+class TestCamellia_OFB(object):
test_OFB = generate_encrypt_test(
load_openssl_vectors,
os.path.join("ciphers", "Camellia"),
["camellia-ofb.txt"],
lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Camellia("\x00" * 16), modes.OFB("\x00" * 16)
- ),
- skip_message="Does not support Camellia OFB",
)
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16)
+ ),
+ skip_message="Does not support Camellia CFB",
+)
+@pytest.mark.cipher
+class TestCamellia_CFB(object):
test_CFB = generate_encrypt_test(
load_openssl_vectors,
os.path.join("ciphers", "Camellia"),
["camellia-cfb.txt"],
lambda key, **kwargs: algorithms.Camellia(binascii.unhexlify(key)),
lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.Camellia("\x00" * 16), modes.CFB("\x00" * 16)
- ),
- skip_message="Does not support Camellia CFB",
)
diff --git a/tests/hazmat/primitives/test_cast5.py b/tests/hazmat/primitives/test_cast5.py
index a4789c6..d65a86b 100644
--- a/tests/hazmat/primitives/test_cast5.py
+++ b/tests/hazmat/primitives/test_cast5.py
@@ -24,6 +24,12 @@
from ...utils import load_nist_vectors
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.CAST5("\x00" * 16), modes.ECB()
+ ),
+ skip_message="Does not support CAST5 ECB",
+)
@pytest.mark.cipher
class TestCAST5(object):
test_ECB = generate_encrypt_test(
@@ -32,8 +38,4 @@
["cast5-ecb.txt"],
lambda key, **kwargs: algorithms.CAST5(binascii.unhexlify((key))),
lambda **kwargs: modes.ECB(),
- only_if=lambda backend: backend.cipher_supported(
- algorithms.CAST5("\x00" * 16), modes.ECB()
- ),
- skip_message="Does not support CAST5 ECB",
)
diff --git a/tests/hazmat/primitives/test_hash_vectors.py b/tests/hazmat/primitives/test_hash_vectors.py
index d9febea..13ffc3f 100644
--- a/tests/hazmat/primitives/test_hash_vectors.py
+++ b/tests/hazmat/primitives/test_hash_vectors.py
@@ -23,6 +23,10 @@
from ...utils import load_hash_vectors
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA1),
+ skip_message="Does not support SHA1",
+)
@pytest.mark.hash
class TestSHA1(object):
test_SHA1 = generate_hash_test(
@@ -33,11 +37,13 @@
"SHA1ShortMsg.rsp",
],
hashes.SHA1(),
- only_if=lambda backend: backend.hash_supported(hashes.SHA1),
- skip_message="Does not support SHA1",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA224),
+ skip_message="Does not support SHA224",
+)
@pytest.mark.hash
class TestSHA224(object):
test_SHA224 = generate_hash_test(
@@ -48,11 +54,13 @@
"SHA224ShortMsg.rsp",
],
hashes.SHA224(),
- only_if=lambda backend: backend.hash_supported(hashes.SHA224),
- skip_message="Does not support SHA224",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA256),
+ skip_message="Does not support SHA256",
+)
@pytest.mark.hash
class TestSHA256(object):
test_SHA256 = generate_hash_test(
@@ -63,11 +71,13 @@
"SHA256ShortMsg.rsp",
],
hashes.SHA256(),
- only_if=lambda backend: backend.hash_supported(hashes.SHA256),
- skip_message="Does not support SHA256",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA384),
+ skip_message="Does not support SHA384",
+)
@pytest.mark.hash
class TestSHA384(object):
test_SHA384 = generate_hash_test(
@@ -78,11 +88,13 @@
"SHA384ShortMsg.rsp",
],
hashes.SHA384(),
- only_if=lambda backend: backend.hash_supported(hashes.SHA384),
- skip_message="Does not support SHA384",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA512),
+ skip_message="Does not support SHA512",
+)
@pytest.mark.hash
class TestSHA512(object):
test_SHA512 = generate_hash_test(
@@ -93,11 +105,13 @@
"SHA512ShortMsg.rsp",
],
hashes.SHA512(),
- only_if=lambda backend: backend.hash_supported(hashes.SHA512),
- skip_message="Does not support SHA512",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
+ skip_message="Does not support RIPEMD160",
+)
@pytest.mark.hash
class TestRIPEMD160(object):
test_RIPEMD160 = generate_hash_test(
@@ -107,18 +121,18 @@
"ripevectors.txt",
],
hashes.RIPEMD160(),
- only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
- skip_message="Does not support RIPEMD160",
)
test_RIPEMD160_long_string = generate_long_string_hash_test(
hashes.RIPEMD160(),
"52783243c1697bdbe16d37f97f68f08325dc1528",
- only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
- skip_message="Does not support RIPEMD160",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
+ skip_message="Does not support Whirlpool",
+)
@pytest.mark.hash
class TestWhirlpool(object):
test_whirlpool = generate_hash_test(
@@ -128,8 +142,6 @@
"iso-test-vectors.txt",
],
hashes.Whirlpool(),
- only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
- skip_message="Does not support Whirlpool",
)
test_whirlpool_long_string = generate_long_string_hash_test(
@@ -137,11 +149,13 @@
("0c99005beb57eff50a7cf005560ddf5d29057fd86b2"
"0bfd62deca0f1ccea4af51fc15490eddc47af32bb2b"
"66c34ff9ad8c6008ad677f77126953b226e4ed8b01"),
- only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
- skip_message="Does not support Whirlpool",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.MD5),
+ skip_message="Does not support MD5",
+)
@pytest.mark.hash
class TestMD5(object):
test_md5 = generate_hash_test(
@@ -151,6 +165,4 @@
"rfc-1321.txt",
],
hashes.MD5(),
- only_if=lambda backend: backend.hash_supported(hashes.MD5),
- skip_message="Does not support MD5",
)
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 45faaab..c907ef6 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -69,89 +69,105 @@
hashes.Hash(UnsupportedDummyHash(), backend)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA1),
+ skip_message="Does not support SHA1",
+)
@pytest.mark.hash
class TestSHA1(object):
test_SHA1 = generate_base_hash_test(
hashes.SHA1(),
digest_size=20,
block_size=64,
- only_if=lambda backend: backend.hash_supported(hashes.SHA1),
- skip_message="Does not support SHA1",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA224),
+ skip_message="Does not support SHA224",
+)
@pytest.mark.hash
class TestSHA224(object):
test_SHA224 = generate_base_hash_test(
hashes.SHA224(),
digest_size=28,
block_size=64,
- only_if=lambda backend: backend.hash_supported(hashes.SHA224),
- skip_message="Does not support SHA224",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA256),
+ skip_message="Does not support SHA256",
+)
@pytest.mark.hash
class TestSHA256(object):
test_SHA256 = generate_base_hash_test(
hashes.SHA256(),
digest_size=32,
block_size=64,
- only_if=lambda backend: backend.hash_supported(hashes.SHA256),
- skip_message="Does not support SHA256",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA384),
+ skip_message="Does not support SHA384",
+)
@pytest.mark.hash
class TestSHA384(object):
test_SHA384 = generate_base_hash_test(
hashes.SHA384(),
digest_size=48,
block_size=128,
- only_if=lambda backend: backend.hash_supported(hashes.SHA384),
- skip_message="Does not support SHA384",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.SHA512),
+ skip_message="Does not support SHA512",
+)
@pytest.mark.hash
class TestSHA512(object):
test_SHA512 = generate_base_hash_test(
hashes.SHA512(),
digest_size=64,
block_size=128,
- only_if=lambda backend: backend.hash_supported(hashes.SHA512),
- skip_message="Does not support SHA512",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
+ skip_message="Does not support RIPEMD160",
+)
@pytest.mark.hash
class TestRIPEMD160(object):
test_RIPEMD160 = generate_base_hash_test(
hashes.RIPEMD160(),
digest_size=20,
block_size=64,
- only_if=lambda backend: backend.hash_supported(hashes.RIPEMD160),
- skip_message="Does not support RIPEMD160",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
+ skip_message="Does not support Whirlpool",
+)
@pytest.mark.hash
class TestWhirlpool(object):
test_Whirlpool = generate_base_hash_test(
hashes.Whirlpool(),
digest_size=64,
block_size=64,
- only_if=lambda backend: backend.hash_supported(hashes.Whirlpool),
- skip_message="Does not support Whirlpool",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hash_supported(hashes.MD5),
+ skip_message="Does not support MD5",
+)
@pytest.mark.hash
class TestMD5(object):
test_MD5 = generate_base_hash_test(
hashes.MD5(),
digest_size=16,
block_size=64,
- only_if=lambda backend: backend.hash_supported(hashes.MD5),
- skip_message="Does not support MD5",
)
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index 7acb78b..04913af 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -33,14 +33,19 @@
name = "unsupported-dummy-hash"
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.MD5),
+ skip_message="Does not support MD5",
+)
@pytest.mark.hmac
-class TestHMAC(object):
+class TestHMACCopy(object):
test_copy = generate_base_hmac_test(
hashes.MD5(),
- only_if=lambda backend: backend.hmac_supported(hashes.MD5),
- skip_message="Does not support MD5",
)
+
+@pytest.mark.hmac
+class TestHMAC(object):
def test_hmac_reject_unicode(self, backend):
h = hmac.HMAC(b"mykey", hashes.SHA1(), backend=backend)
with pytest.raises(TypeError):
diff --git a/tests/hazmat/primitives/test_hmac_vectors.py b/tests/hazmat/primitives/test_hmac_vectors.py
index 9bc06a2..c564445 100644
--- a/tests/hazmat/primitives/test_hmac_vectors.py
+++ b/tests/hazmat/primitives/test_hmac_vectors.py
@@ -21,6 +21,10 @@
from ...utils import load_hash_vectors
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.MD5),
+ skip_message="Does not support MD5",
+)
@pytest.mark.hmac
class TestHMAC_MD5(object):
test_hmac_md5 = generate_hmac_test(
@@ -30,11 +34,13 @@
"rfc-2202-md5.txt",
],
hashes.MD5(),
- only_if=lambda backend: backend.hmac_supported(hashes.MD5),
- skip_message="Does not support MD5",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.SHA1),
+ skip_message="Does not support SHA1",
+)
@pytest.mark.hmac
class TestHMAC_SHA1(object):
test_hmac_sha1 = generate_hmac_test(
@@ -44,11 +50,13 @@
"rfc-2202-sha1.txt",
],
hashes.SHA1(),
- only_if=lambda backend: backend.hmac_supported(hashes.SHA1),
- skip_message="Does not support SHA1",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.SHA224),
+ skip_message="Does not support SHA224",
+)
@pytest.mark.hmac
class TestHMAC_SHA224(object):
test_hmac_sha224 = generate_hmac_test(
@@ -58,11 +66,13 @@
"rfc-4231-sha224.txt",
],
hashes.SHA224(),
- only_if=lambda backend: backend.hmac_supported(hashes.SHA224),
- skip_message="Does not support SHA224",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.SHA256),
+ skip_message="Does not support SHA256",
+)
@pytest.mark.hmac
class TestHMAC_SHA256(object):
test_hmac_sha256 = generate_hmac_test(
@@ -72,11 +82,13 @@
"rfc-4231-sha256.txt",
],
hashes.SHA256(),
- only_if=lambda backend: backend.hmac_supported(hashes.SHA256),
- skip_message="Does not support SHA256",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.SHA384),
+ skip_message="Does not support SHA384",
+)
@pytest.mark.hmac
class TestHMAC_SHA384(object):
test_hmac_sha384 = generate_hmac_test(
@@ -86,11 +98,13 @@
"rfc-4231-sha384.txt",
],
hashes.SHA384(),
- only_if=lambda backend: backend.hmac_supported(hashes.SHA384),
- skip_message="Does not support SHA384",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.SHA512),
+ skip_message="Does not support SHA512",
+)
@pytest.mark.hmac
class TestHMAC_SHA512(object):
test_hmac_sha512 = generate_hmac_test(
@@ -100,11 +114,13 @@
"rfc-4231-sha512.txt",
],
hashes.SHA512(),
- only_if=lambda backend: backend.hmac_supported(hashes.SHA512),
- skip_message="Does not support SHA512",
)
+@pytest.mark.supported(
+ only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160),
+ skip_message="Does not support RIPEMD160",
+)
@pytest.mark.hmac
class TestHMAC_RIPEMD160(object):
test_hmac_ripemd160 = generate_hmac_test(
@@ -114,6 +130,4 @@
"rfc-2286-ripemd160.txt",
],
hashes.RIPEMD160(),
- only_if=lambda backend: backend.hmac_supported(hashes.RIPEMD160),
- skip_message="Does not support RIPEMD160",
)
diff --git a/tests/hazmat/primitives/test_utils.py b/tests/hazmat/primitives/test_utils.py
deleted file mode 100644
index c39364c..0000000
--- a/tests/hazmat/primitives/test_utils.py
+++ /dev/null
@@ -1,117 +0,0 @@
-import pytest
-
-from .utils import (
- base_hash_test, encrypt_test, hash_test, long_string_hash_test,
- base_hmac_test, hmac_test, stream_encryption_test, aead_test,
- aead_exception_test, aead_tag_exception_test,
-)
-
-
-class TestEncryptTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- encrypt_test(
- None, None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestAEADTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- aead_test(
- None, None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestAEADExceptionTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- aead_exception_test(
- None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestAEADTagExceptionTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- aead_tag_exception_test(
- None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestHashTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- hash_test(
- None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestBaseHashTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- base_hash_test(
- None, None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestLongHashTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- long_string_hash_test(
- None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestHMACTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- hmac_test(
- None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestBaseHMACTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- base_hmac_test(
- None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
-
-
-class TestStreamEncryptionTest(object):
- def test_skips_if_only_if_returns_false(self):
- with pytest.raises(pytest.skip.Exception) as exc_info:
- stream_encryption_test(
- None, None, None,
- only_if=lambda backend: False,
- skip_message="message!"
- )
- assert exc_info.value.args[0] == "message!"
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index e018477..cdcf84c 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -22,27 +22,17 @@
def generate_encrypt_test(param_loader, path, file_names, cipher_factory,
- mode_factory, only_if, skip_message=None):
+ mode_factory):
all_params = _load_all_params(path, file_names, param_loader)
@pytest.mark.parametrize("params", all_params)
def test_encryption(self, backend, params):
- encrypt_test(
- backend,
- cipher_factory,
- mode_factory,
- params,
- only_if,
- skip_message
- )
+ encrypt_test(backend, cipher_factory, mode_factory, params)
return test_encryption
-def encrypt_test(backend, cipher_factory, mode_factory, params, only_if,
- skip_message):
- if not only_if(backend):
- pytest.skip(skip_message)
+def encrypt_test(backend, cipher_factory, mode_factory, params):
plaintext = params["plaintext"]
ciphertext = params["ciphertext"]
cipher = Cipher(
@@ -61,27 +51,17 @@
def generate_aead_test(param_loader, path, file_names, cipher_factory,
- mode_factory, only_if, skip_message):
+ mode_factory):
all_params = _load_all_params(path, file_names, param_loader)
@pytest.mark.parametrize("params", all_params)
def test_aead(self, backend, params):
- aead_test(
- backend,
- cipher_factory,
- mode_factory,
- params,
- only_if,
- skip_message
- )
+ aead_test(backend, cipher_factory, mode_factory, params)
return test_aead
-def aead_test(backend, cipher_factory, mode_factory, params, only_if,
- skip_message):
- if not only_if(backend):
- pytest.skip(skip_message)
+def aead_test(backend, cipher_factory, mode_factory, params):
if params.get("pt") is not None:
plaintext = params["pt"]
ciphertext = params["ct"]
@@ -124,26 +104,16 @@
def generate_stream_encryption_test(param_loader, path, file_names,
- cipher_factory, only_if=None,
- skip_message=None):
+ cipher_factory):
all_params = _load_all_params(path, file_names, param_loader)
@pytest.mark.parametrize("params", all_params)
def test_stream_encryption(self, backend, params):
- stream_encryption_test(
- backend,
- cipher_factory,
- params,
- only_if,
- skip_message
- )
+ stream_encryption_test(backend, cipher_factory, params)
return test_stream_encryption
-def stream_encryption_test(backend, cipher_factory, params, only_if,
- skip_message):
- if not only_if(backend):
- pytest.skip(skip_message)
+def stream_encryption_test(backend, cipher_factory, params):
plaintext = params["plaintext"]
ciphertext = params["ciphertext"]
offset = params["offset"]
@@ -161,25 +131,16 @@
assert actual_plaintext == binascii.unhexlify(plaintext)
-def generate_hash_test(param_loader, path, file_names, hash_cls,
- only_if=None, skip_message=None):
+def generate_hash_test(param_loader, path, file_names, hash_cls):
all_params = _load_all_params(path, file_names, param_loader)
@pytest.mark.parametrize("params", all_params)
def test_hash(self, backend, params):
- hash_test(
- backend,
- hash_cls,
- params,
- only_if,
- skip_message
- )
+ hash_test(backend, hash_cls, params)
return test_hash
-def hash_test(backend, algorithm, params, only_if, skip_message):
- if only_if is not None and not only_if(backend):
- pytest.skip(skip_message)
+def hash_test(backend, algorithm, params):
msg = params[0]
md = params[1]
m = hashes.Hash(algorithm, backend=backend)
@@ -188,25 +149,13 @@
assert m.finalize() == binascii.unhexlify(expected_md)
-def generate_base_hash_test(algorithm, digest_size, block_size,
- only_if=None, skip_message=None):
+def generate_base_hash_test(algorithm, digest_size, block_size):
def test_base_hash(self, backend):
- base_hash_test(
- backend,
- algorithm,
- digest_size,
- block_size,
- only_if,
- skip_message,
- )
+ base_hash_test(backend, algorithm, digest_size, block_size)
return test_base_hash
-def base_hash_test(backend, algorithm, digest_size, block_size, only_if,
- skip_message):
- if only_if is not None and not only_if(backend):
- pytest.skip(skip_message)
-
+def base_hash_test(backend, algorithm, digest_size, block_size):
m = hashes.Hash(algorithm, backend=backend)
assert m.algorithm.digest_size == digest_size
assert m.algorithm.block_size == block_size
@@ -221,46 +170,42 @@
assert copy.finalize() == m.finalize()
-def generate_long_string_hash_test(hash_factory, md, only_if=None,
- skip_message=None):
+def generate_long_string_hash_test(hash_factory, md):
def test_long_string_hash(self, backend):
- long_string_hash_test(
- backend,
- hash_factory,
- md,
- only_if,
- skip_message
- )
+ long_string_hash_test(backend, hash_factory, md)
return test_long_string_hash
-def long_string_hash_test(backend, algorithm, md, only_if, skip_message):
- if only_if is not None and not only_if(backend):
- pytest.skip(skip_message)
+def long_string_hash_test(backend, algorithm, md):
m = hashes.Hash(algorithm, backend=backend)
m.update(b"a" * 1000000)
assert m.finalize() == binascii.unhexlify(md.lower().encode("ascii"))
-def generate_hmac_test(param_loader, path, file_names, algorithm,
- only_if=None, skip_message=None):
+def generate_base_hmac_test(hash_cls):
+ def test_base_hmac(self, backend):
+ base_hmac_test(backend, hash_cls)
+ return test_base_hmac
+
+
+def base_hmac_test(backend, algorithm):
+ key = b"ab"
+ h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend)
+ h_copy = h.copy()
+ assert h != h_copy
+ assert h._ctx != h_copy._ctx
+
+
+def generate_hmac_test(param_loader, path, file_names, algorithm):
all_params = _load_all_params(path, file_names, param_loader)
@pytest.mark.parametrize("params", all_params)
def test_hmac(self, backend, params):
- hmac_test(
- backend,
- algorithm,
- params,
- only_if,
- skip_message
- )
+ hmac_test(backend, algorithm, params)
return test_hmac
-def hmac_test(backend, algorithm, params, only_if, skip_message):
- if only_if is not None and not only_if(backend):
- pytest.skip(skip_message)
+def hmac_test(backend, algorithm, params):
msg = params[0]
md = params[1]
key = params[2]
@@ -269,44 +214,13 @@
assert h.finalize() == binascii.unhexlify(md.encode("ascii"))
-def generate_base_hmac_test(hash_cls, only_if=None, skip_message=None):
- def test_base_hmac(self, backend):
- base_hmac_test(
- backend,
- hash_cls,
- only_if,
- skip_message,
- )
- return test_base_hmac
-
-
-def base_hmac_test(backend, algorithm, only_if, skip_message):
- if only_if is not None and not only_if(backend):
- pytest.skip(skip_message)
- key = b"ab"
- h = hmac.HMAC(binascii.unhexlify(key), algorithm, backend=backend)
- h_copy = h.copy()
- assert h != h_copy
- assert h._ctx != h_copy._ctx
-
-
-def generate_aead_exception_test(cipher_factory, mode_factory,
- only_if, skip_message):
+def generate_aead_exception_test(cipher_factory, mode_factory):
def test_aead_exception(self, backend):
- aead_exception_test(
- backend,
- cipher_factory,
- mode_factory,
- only_if,
- skip_message
- )
+ aead_exception_test(backend, cipher_factory, mode_factory)
return test_aead_exception
-def aead_exception_test(backend, cipher_factory, mode_factory,
- only_if, skip_message):
- if not only_if(backend):
- pytest.skip(skip_message)
+def aead_exception_test(backend, cipher_factory, mode_factory):
cipher = Cipher(
cipher_factory(binascii.unhexlify(b"0" * 32)),
mode_factory(binascii.unhexlify(b"0" * 24)),
@@ -336,23 +250,13 @@
decryptor.tag
-def generate_aead_tag_exception_test(cipher_factory, mode_factory,
- only_if, skip_message):
+def generate_aead_tag_exception_test(cipher_factory, mode_factory):
def test_aead_tag_exception(self, backend):
- aead_tag_exception_test(
- backend,
- cipher_factory,
- mode_factory,
- only_if,
- skip_message
- )
+ aead_tag_exception_test(backend, cipher_factory, mode_factory)
return test_aead_tag_exception
-def aead_tag_exception_test(backend, cipher_factory, mode_factory,
- only_if, skip_message):
- if not only_if(backend):
- pytest.skip(skip_message)
+def aead_tag_exception_test(backend, cipher_factory, mode_factory):
cipher = Cipher(
cipher_factory(binascii.unhexlify(b"0" * 32)),
mode_factory(binascii.unhexlify(b"0" * 24)),
diff --git a/tests/test_utils.py b/tests/test_utils.py
index a65091f..c640367 100644
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -20,7 +20,8 @@
from .utils import (
load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors,
- load_openssl_vectors, load_hash_vectors, check_for_iface
+ load_openssl_vectors, load_hash_vectors, check_for_iface,
+ check_backend_support
)
@@ -41,6 +42,36 @@
check_for_iface("fake_name", FakeInterface, item)
+def test_check_backend_support_skip():
+ supported = pretend.stub(
+ kwargs={"only_if": lambda backend: False, "skip_message": "Nope"}
+ )
+ item = pretend.stub(keywords={"supported": supported},
+ funcargs={"backend": True})
+ with pytest.raises(pytest.skip.Exception) as exc_info:
+ check_backend_support(item)
+ assert exc_info.value.args[0] == "Nope"
+
+
+def test_check_backend_support_no_skip():
+ supported = pretend.stub(
+ kwargs={"only_if": lambda backend: True, "skip_message": "Nope"}
+ )
+ item = pretend.stub(keywords={"supported": supported},
+ funcargs={"backend": True})
+ assert check_backend_support(item) is None
+
+
+def test_check_backend_support_no_backend():
+ supported = pretend.stub(
+ kwargs={"only_if": "notalambda", "skip_message": "Nope"}
+ )
+ item = pretend.stub(keywords={"supported": supported},
+ funcargs={})
+ with pytest.raises(ValueError):
+ check_backend_support(item)
+
+
def test_load_nist_vectors():
vector_data = textwrap.dedent("""
# CAVS 11.1
diff --git a/tests/utils.py b/tests/utils.py
index 82021a5..beb2ca5 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -24,6 +24,16 @@
))
+def check_backend_support(item):
+ supported = item.keywords.get("supported")
+ if supported and "backend" in item.funcargs:
+ if not supported.kwargs["only_if"](item.funcargs["backend"]):
+ pytest.skip(supported.kwargs["skip_message"])
+ elif supported:
+ raise ValueError("This mark is only available on methods that take a "
+ "backend")
+
+
def load_vectors_from_file(filename, loader):
base = os.path.join(
os.path.dirname(__file__), "hazmat", "primitives", "vectors",