diff options
-rw-r--r-- | src/OpenSSL/crypto.py | 28 | ||||
-rw-r--r-- | tests/test_crypto.py | 25 | ||||
-rw-r--r-- | tests/test_ssl.py | 9 |
3 files changed, 15 insertions, 47 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index b71de57..5a54bc9 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -79,19 +79,6 @@ _raise_current_error = partial(_exception_from_error_queue, Error) _openssl_assert = _make_assert(Error) -def _get_backend(): - """ - Importing the backend from cryptography has the side effect of activating - the osrandom engine. This mutates the global state of OpenSSL in the - process and causes issues for various programs that use subinterpreters or - embed Python. By putting the import in this function we can avoid - triggering this side effect unless _get_backend is called. - """ - from cryptography.hazmat.backends.openssl.backend import backend - - return backend - - def _untested_error(where): """ An OpenSSL API failed somehow. Additionally, the failure which was @@ -241,13 +228,12 @@ class PKey: load_der_public_key, ) - backend = _get_backend() if self._only_public: der = dump_publickey(FILETYPE_ASN1, self) - return load_der_public_key(der, backend) + return load_der_public_key(der) else: der = dump_privatekey(FILETYPE_ASN1, self) - return load_der_private_key(der, None, backend) + return load_der_private_key(der, None) @classmethod def from_cryptography_key(cls, crypto_key): @@ -897,8 +883,7 @@ class X509Req: der = dump_certificate_request(FILETYPE_ASN1, self) - backend = _get_backend() - return load_der_x509_csr(der, backend) + return load_der_x509_csr(der) @classmethod def from_cryptography(cls, crypto_req): @@ -1118,8 +1103,7 @@ class X509: from cryptography.x509 import load_der_x509_certificate der = dump_certificate(FILETYPE_ASN1, self) - backend = _get_backend() - return load_der_x509_certificate(der, backend) + return load_der_x509_certificate(der) @classmethod def from_cryptography(cls, crypto_cert): @@ -2267,9 +2251,7 @@ class CRL: from cryptography.x509 import load_der_x509_crl der = dump_crl(FILETYPE_ASN1, self) - - backend = _get_backend() - return load_der_x509_crl(der, backend) + return load_der_x509_crl(der) @classmethod def from_cryptography(cls, crypto_crl): diff --git a/tests/test_crypto.py b/tests/test_crypto.py index ca2a17a..e7460f5 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -15,7 +15,6 @@ import sys import pytest from cryptography import x509 -from cryptography.hazmat.backends.openssl.backend import backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa @@ -1017,9 +1016,7 @@ class TestPKey: """ PKey.from_cryptography_key creates a proper private PKey. """ - key = serialization.load_pem_private_key( - intermediate_key_pem, None, backend - ) + key = serialization.load_pem_private_key(intermediate_key_pem, None) pkey = PKey.from_cryptography_key(key) assert isinstance(pkey, PKey) @@ -1031,7 +1028,7 @@ class TestPKey: """ PKey.from_cryptography_key creates a proper public PKey. """ - key = serialization.load_pem_public_key(cleartextPublicKeyPEM, backend) + key = serialization.load_pem_public_key(cleartextPublicKeyPEM) pkey = PKey.from_cryptography_key(key) assert isinstance(pkey, PKey) @@ -1043,9 +1040,7 @@ class TestPKey: """ PKey.from_cryptography_key raises TypeError with an unsupported type. """ - key = serialization.load_pem_private_key( - ec_private_key_pem, None, backend - ) + key = serialization.load_pem_private_key(ec_private_key_pem, None) with pytest.raises(TypeError): PKey.from_cryptography_key(key) @@ -1699,9 +1694,7 @@ class TestX509Req(_PKeyInteractionTestsMixin): assert request.verify(pkey) def test_convert_from_cryptography(self): - crypto_req = x509.load_pem_x509_csr( - cleartextCertificateRequestPEM, backend - ) + crypto_req = x509.load_pem_x509_csr(cleartextCertificateRequestPEM) req = X509Req.from_cryptography(crypto_req) assert isinstance(req, X509Req) @@ -2217,9 +2210,7 @@ tgI5 cert.sign(object(), b"sha256") def test_convert_from_cryptography(self): - crypto_cert = x509.load_pem_x509_certificate( - intermediate_cert_pem, backend - ) + crypto_cert = x509.load_pem_x509_certificate(intermediate_cert_pem) cert = X509.from_cryptography(crypto_cert) assert isinstance(cert, X509) @@ -3561,7 +3552,7 @@ class TestCRL: dumped_crl = self._get_crl().export( self.cert, self.pkey, days=20, digest=b"sha256" ) - crl = x509.load_pem_x509_crl(dumped_crl, backend) + crl = x509.load_pem_x509_crl(dumped_crl) revoked = crl.get_revoked_certificate_by_serial_number(0x03AB) assert revoked is not None assert crl.issuer == x509.Name( @@ -3588,7 +3579,7 @@ class TestCRL: dumped_crl = self._get_crl().export( self.cert, self.pkey, FILETYPE_ASN1, digest=b"sha256" ) - crl = x509.load_der_x509_crl(dumped_crl, backend) + crl = x509.load_der_x509_crl(dumped_crl) revoked = crl.get_revoked_certificate_by_serial_number(0x03AB) assert revoked is not None assert crl.issuer == x509.Name( @@ -3857,7 +3848,7 @@ class TestCRL: assert err.value.certificate.get_subject().CN == "intermediate-service" def test_convert_from_cryptography(self): - crypto_crl = x509.load_pem_x509_crl(crlData, backend) + crypto_crl = x509.load_pem_x509_crl(crlData) crl = CRL.from_cryptography(crypto_crl) assert isinstance(crl, CRL) diff --git a/tests/test_ssl.py b/tests/test_ssl.py index bda2870..8685ebc 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -40,7 +40,6 @@ import pytest from pretend import raiser from cryptography import x509 -from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa @@ -447,9 +446,7 @@ def ca_file(tmpdir): """ Create a valid PEM file with CA certificates and return the path. """ - key = rsa.generate_private_key( - public_exponent=65537, key_size=2048, backend=default_backend() - ) + key = rsa.generate_private_key(public_exponent=65537, key_size=2048) public_key = key.public_key() builder = x509.CertificateBuilder() @@ -469,9 +466,7 @@ def ca_file(tmpdir): critical=True, ) - certificate = builder.sign( - private_key=key, algorithm=hashes.SHA256(), backend=default_backend() - ) + certificate = builder.sign(private_key=key, algorithm=hashes.SHA256()) ca_file = tmpdir.join("test.pem") ca_file.write_binary( |