diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2023-03-06 13:05:46 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-06 05:05:46 +0000 |
| commit | 0b2d648a4da183a1611a729207f64090fa74628e (patch) | |
| tree | 9a28eac9d55ec4a473e23f03120b97784e23b4da | |
| parent | ba46c3a39d9fbccade65c8f7436171cd6f7d9996 (diff) | |
| download | cryptography-0b2d648a4da183a1611a729207f64090fa74628e.tar.gz | |
remove memleak tests for x509 paths that no longer use openssl (#8461)
| -rw-r--r-- | tests/hazmat/backends/test_openssl_memleak.py | 162 |
1 files changed, 0 insertions, 162 deletions
diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py index b124582b6..6ffe1a406 100644 --- a/tests/hazmat/backends/test_openssl_memleak.py +++ b/tests/hazmat/backends/test_openssl_memleak.py @@ -268,30 +268,6 @@ class TestAssertNoMemoryLeaks: @pytest.mark.skip_fips(reason="FIPS self-test sets allow_customize = 0") @skip_if_memtesting_not_supported() class TestOpenSSLMemoryLeaks: - def test_x509_csr_extensions(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.hazmat.primitives.asymmetric import rsa - - private_key = rsa.generate_private_key( - key_size=2048, public_exponent=65537, backend=backend - ) - cert = x509.CertificateSigningRequestBuilder().subject_name( - x509.Name([]) - ).add_extension( - x509.OCSPNoCheck(), critical=False - ).sign(private_key, hashes.SHA256(), backend) - - cert.extensions - """ - ) - ) - def test_ec_private_numbers_private_key(self): assert_no_memory_leaks( textwrap.dedent( @@ -345,31 +321,6 @@ class TestOpenSSLMemoryLeaks: ) ) - def test_create_ocsp_request(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.x509 import ocsp - import cryptography_vectors - - path = "x509/PKITS_data/certs/ValidcRLIssuerTest28EE.crt" - with cryptography_vectors.open_vector_file(path, "rb") as f: - cert = x509.load_der_x509_certificate( - f.read(), backend - ) - builder = ocsp.OCSPRequestBuilder() - builder = builder.add_certificate( - cert, cert, hashes.SHA1() - ).add_extension(x509.OCSPNonce(b"0000"), False) - req = builder.build() - """ - ) - ) - @pytest.mark.parametrize( "path", ["pkcs12/cert-aes256cbc-no-key.p12", "pkcs12/cert-key-aes256cbc.p12"], @@ -393,119 +344,6 @@ class TestOpenSSLMemoryLeaks: [path], ) - def test_create_crl_with_idp(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - import datetime - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.hazmat.primitives.asymmetric import ec - from cryptography.x509.oid import NameOID - - key = ec.generate_private_key(ec.SECP256R1(), backend) - last_update = datetime.datetime(2002, 1, 1, 12, 1) - next_update = datetime.datetime(2030, 1, 1, 12, 1) - idp = x509.IssuingDistributionPoint( - full_name=None, - relative_name=x509.RelativeDistinguishedName([ - x509.NameAttribute( - oid=x509.NameOID.ORGANIZATION_NAME, value=u"PyCA") - ]), - only_contains_user_certs=False, - only_contains_ca_certs=True, - only_some_reasons=None, - indirect_crl=False, - only_contains_attribute_certs=False, - ) - builder = x509.CertificateRevocationListBuilder().issuer_name( - x509.Name([ - x509.NameAttribute( - NameOID.COMMON_NAME, u"cryptography.io CA" - ) - ]) - ).last_update( - last_update - ).next_update( - next_update - ).add_extension( - idp, True - ) - - crl = builder.sign(key, hashes.SHA256(), backend) - crl.extensions.get_extension_for_class( - x509.IssuingDistributionPoint - ) - """ - ) - ) - - def test_create_certificate_with_extensions(self): - assert_no_memory_leaks( - textwrap.dedent( - """ - def func(): - import datetime - - from cryptography import x509 - from cryptography.hazmat.backends.openssl import backend - from cryptography.hazmat.primitives import hashes - from cryptography.hazmat.primitives.asymmetric import ec - from cryptography.x509.oid import ( - AuthorityInformationAccessOID, ExtendedKeyUsageOID, NameOID - ) - - private_key = ec.generate_private_key(ec.SECP256R1(), backend) - - not_valid_before = datetime.datetime.now() - not_valid_after = not_valid_before + datetime.timedelta(days=365) - - aia = x509.AuthorityInformationAccess([ - x509.AccessDescription( - AuthorityInformationAccessOID.OCSP, - x509.UniformResourceIdentifier(u"http://ocsp.domain.com") - ), - x509.AccessDescription( - AuthorityInformationAccessOID.CA_ISSUERS, - x509.UniformResourceIdentifier(u"http://domain.com/ca.crt") - ) - ]) - sans = [u'*.example.org', u'foobar.example.net'] - san = x509.SubjectAlternativeName(list(map(x509.DNSName, sans))) - - ski = x509.SubjectKeyIdentifier.from_public_key( - private_key.public_key() - ) - eku = x509.ExtendedKeyUsage([ - ExtendedKeyUsageOID.CLIENT_AUTH, - ExtendedKeyUsageOID.SERVER_AUTH, - ExtendedKeyUsageOID.CODE_SIGNING, - ]) - - builder = x509.CertificateBuilder().serial_number( - 777 - ).issuer_name(x509.Name([ - x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), - ])).subject_name(x509.Name([ - x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), - ])).public_key( - private_key.public_key() - ).add_extension( - aia, critical=False - ).not_valid_before( - not_valid_before - ).not_valid_after( - not_valid_after - ) - - cert = builder.sign(private_key, hashes.SHA256(), backend) - cert.extensions - """ - ) - ) - def test_write_pkcs12_key_and_certificates(self): assert_no_memory_leaks( textwrap.dedent( |