d49da0
From e3e043ab363387033ddfdcaf3c15d8cf8dda17ed Mon Sep 17 00:00:00 2001
d49da0
From: Christian Heimes <cheimes@redhat.com>
d49da0
Date: Tue, 27 Oct 2020 16:42:15 +0100
d49da0
Subject: [PATCH 1] Re-add deprecated and removed features
d49da0
d49da0
* encode_rfc6979_signature()
d49da0
* decode_rfc6979_signature()
d49da0
* Certificate.serial property
d49da0
* MACContext
d49da0
* osrandom engine is disabled
d49da0
d49da0
Signed-off-by: Christian Heimes <cheimes@redhat.com>
d49da0
---
d49da0
 .../hazmat/backends/openssl/cmac.py           |  3 +-
d49da0
 .../hazmat/backends/openssl/hmac.py           |  3 +-
d49da0
 .../hazmat/backends/openssl/x509.py           |  4 ++
d49da0
 .../hazmat/primitives/asymmetric/utils.py     |  8 ++++
d49da0
 src/cryptography/hazmat/primitives/cmac.py    |  3 +-
d49da0
 src/cryptography/hazmat/primitives/hmac.py    |  3 +-
d49da0
 src/cryptography/hazmat/primitives/mac.py     | 37 +++++++++++++++++++
d49da0
 src/cryptography/x509/extensions.py           |  6 ++-
d49da0
 tests/hazmat/backends/test_openssl.py         |  3 ++
d49da0
 tests/hazmat/primitives/test_asym_utils.py    |  9 +++++
d49da0
 tests/x509/test_x509.py                       |  1 +
d49da0
 tests/x509/test_x509_ext.py                   |  5 +++
d49da0
 12 files changed, 80 insertions(+), 5 deletions(-)
d49da0
 create mode 100644 src/cryptography/hazmat/primitives/mac.py
d49da0
d49da0
diff --git a/src/cryptography/hazmat/backends/openssl/cmac.py b/src/cryptography/hazmat/backends/openssl/cmac.py
d49da0
index 195fc230f..5281f634d 100644
d49da0
--- a/src/cryptography/hazmat/backends/openssl/cmac.py
d49da0
+++ b/src/cryptography/hazmat/backends/openssl/cmac.py
d49da0
@@ -11,10 +11,11 @@ from cryptography.exceptions import (
d49da0
     UnsupportedAlgorithm,
d49da0
     _Reasons,
d49da0
 )
d49da0
-from cryptography.hazmat.primitives import constant_time
d49da0
+from cryptography.hazmat.primitives import constant_time, mac
d49da0
 from cryptography.hazmat.primitives.ciphers.modes import CBC
d49da0
 
d49da0
 
d49da0
+@utils.register_interface(mac.MACContext)
d49da0
 class _CMACContext(object):
d49da0
     def __init__(self, backend, algorithm, ctx=None):
d49da0
         if not backend.cmac_algorithm_supported(algorithm):
d49da0
diff --git a/src/cryptography/hazmat/backends/openssl/hmac.py b/src/cryptography/hazmat/backends/openssl/hmac.py
d49da0
index 5024223b2..11c850e10 100644
d49da0
--- a/src/cryptography/hazmat/backends/openssl/hmac.py
d49da0
+++ b/src/cryptography/hazmat/backends/openssl/hmac.py
d49da0
@@ -11,9 +11,10 @@ from cryptography.exceptions import (
d49da0
     UnsupportedAlgorithm,
d49da0
     _Reasons,
d49da0
 )
d49da0
-from cryptography.hazmat.primitives import constant_time, hashes
d49da0
+from cryptography.hazmat.primitives import constant_time, hashes, mac
d49da0
 
d49da0
 
d49da0
+@utils.register_interface(mac.MACContext)
d49da0
 @utils.register_interface(hashes.HashContext)
d49da0
 class _HMACContext(object):
d49da0
     def __init__(self, backend, key, algorithm, ctx=None):
d49da0
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
d49da0
index 4d0dac764..c9074f59e 100644
d49da0
--- a/src/cryptography/hazmat/backends/openssl/x509.py
d49da0
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
d49da0
@@ -73,6 +73,10 @@ class _Certificate(object):
d49da0
         self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL)
d49da0
         return _asn1_integer_to_int(self._backend, asn1_int)
d49da0
 
d49da0
+    @property
d49da0
+    def serial(self):
d49da0
+        return self.serial_number
d49da0
+
d49da0
     def public_key(self):
d49da0
         pkey = self._backend._lib.X509_get_pubkey(self._x509)
d49da0
         if pkey == self._backend._ffi.NULL:
d49da0
diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py
d49da0
index 5f9b67786..886d7565b 100644
d49da0
--- a/src/cryptography/hazmat/primitives/asymmetric/utils.py
d49da0
+++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py
d49da0
@@ -39,3 +39,11 @@ class Prehashed(object):
d49da0
         self._digest_size = algorithm.digest_size
d49da0
 
d49da0
     digest_size = utils.read_only_property("_digest_size")
d49da0
+
d49da0
+
d49da0
+def decode_rfc6979_signature(signature):
d49da0
+    return decode_dss_signature(signature)
d49da0
+
d49da0
+
d49da0
+def encode_rfc6979_signature(r, s):
d49da0
+    return encode_dss_signature(r, s)
d49da0
diff --git a/src/cryptography/hazmat/primitives/cmac.py b/src/cryptography/hazmat/primitives/cmac.py
d49da0
index bf962c906..7f37f13cc 100644
d49da0
--- a/src/cryptography/hazmat/primitives/cmac.py
d49da0
+++ b/src/cryptography/hazmat/primitives/cmac.py
d49da0
@@ -12,9 +12,10 @@ from cryptography.exceptions import (
d49da0
 )
d49da0
 from cryptography.hazmat.backends import _get_backend
d49da0
 from cryptography.hazmat.backends.interfaces import CMACBackend
d49da0
-from cryptography.hazmat.primitives import ciphers
d49da0
+from cryptography.hazmat.primitives import ciphers, mac
d49da0
 
d49da0
 
d49da0
+@utils.register_interface(mac.MACContext)
d49da0
 class CMAC(object):
d49da0
     def __init__(self, algorithm, backend=None, ctx=None):
d49da0
         backend = _get_backend(backend)
d49da0
diff --git a/src/cryptography/hazmat/primitives/hmac.py b/src/cryptography/hazmat/primitives/hmac.py
d49da0
index 8c421dc68..6f03a1071 100644
d49da0
--- a/src/cryptography/hazmat/primitives/hmac.py
d49da0
+++ b/src/cryptography/hazmat/primitives/hmac.py
d49da0
@@ -12,9 +12,10 @@ from cryptography.exceptions import (
d49da0
 )
d49da0
 from cryptography.hazmat.backends import _get_backend
d49da0
 from cryptography.hazmat.backends.interfaces import HMACBackend
d49da0
-from cryptography.hazmat.primitives import hashes
d49da0
+from cryptography.hazmat.primitives import hashes, mac
d49da0
 
d49da0
 
d49da0
+@utils.register_interface(mac.MACContext)
d49da0
 @utils.register_interface(hashes.HashContext)
d49da0
 class HMAC(object):
d49da0
     def __init__(self, key, algorithm, backend=None, ctx=None):
d49da0
diff --git a/src/cryptography/hazmat/primitives/mac.py b/src/cryptography/hazmat/primitives/mac.py
d49da0
new file mode 100644
d49da0
index 000000000..4c95190ba
d49da0
--- /dev/null
d49da0
+++ b/src/cryptography/hazmat/primitives/mac.py
d49da0
@@ -0,0 +1,37 @@
d49da0
+# This file is dual licensed under the terms of the Apache License, Version
d49da0
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
d49da0
+# for complete details.
d49da0
+
d49da0
+from __future__ import absolute_import, division, print_function
d49da0
+
d49da0
+import abc
d49da0
+
d49da0
+import six
d49da0
+
d49da0
+
d49da0
+@six.add_metaclass(abc.ABCMeta)
d49da0
+class MACContext(object):
d49da0
+    @abc.abstractmethod
d49da0
+    def update(self, data):
d49da0
+        """
d49da0
+        Processes the provided bytes.
d49da0
+        """
d49da0
+
d49da0
+    @abc.abstractmethod
d49da0
+    def finalize(self):
d49da0
+        """
d49da0
+        Returns the message authentication code as bytes.
d49da0
+        """
d49da0
+
d49da0
+    @abc.abstractmethod
d49da0
+    def copy(self):
d49da0
+        """
d49da0
+        Return a MACContext that is a copy of the current context.
d49da0
+        """
d49da0
+
d49da0
+    @abc.abstractmethod
d49da0
+    def verify(self, signature):
d49da0
+        """
d49da0
+        Checks if the generated message authentication code matches the
d49da0
+        signature.
d49da0
+        """
d49da0
diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
d49da0
index 130ba69b8..ddbccdf3b 100644
d49da0
--- a/src/cryptography/x509/extensions.py
d49da0
+++ b/src/cryptography/x509/extensions.py
d49da0
@@ -218,8 +218,12 @@ class AuthorityKeyIdentifier(object):
d49da0
 
d49da0
     @classmethod
d49da0
     def from_issuer_subject_key_identifier(cls, ski):
d49da0
+        if isinstance(ski, SubjectKeyIdentifier):
d49da0
+            digest = ski.digest
d49da0
+        else:
d49da0
+            digest = ski.value.digest
d49da0
         return cls(
d49da0
-            key_identifier=ski.digest,
d49da0
+            key_identifier=digest,
d49da0
             authority_cert_issuer=None,
d49da0
             authority_cert_serial_number=None,
d49da0
         )
d49da0
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
d49da0
index 2f7e7bebf..73c17d84f 100644
d49da0
--- a/tests/hazmat/backends/test_openssl.py
d49da0
+++ b/tests/hazmat/backends/test_openssl.py
d49da0
@@ -301,6 +301,9 @@ class TestOpenSSLRandomEngine(object):
d49da0
         res = backend._lib.ENGINE_free(e)
d49da0
         assert res == 1
d49da0
 
d49da0
+    def test_rhel8_no_osrandom(self):
d49da0
+        pytest.fail("osrandom engine is not FIPS compliant, see RHBZ#1762667")
d49da0
+
d49da0
 
d49da0
 @pytest.mark.skipif(
d49da0
     backend._lib.CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE,
d49da0
diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py
d49da0
index 70bff012f..334b459b5 100644
d49da0
--- a/tests/hazmat/primitives/test_asym_utils.py
d49da0
+++ b/tests/hazmat/primitives/test_asym_utils.py
d49da0
@@ -10,6 +10,8 @@ from cryptography.hazmat.primitives.asymmetric.utils import (
d49da0
     Prehashed,
d49da0
     decode_dss_signature,
d49da0
     encode_dss_signature,
d49da0
+    encode_rfc6979_signature,
d49da0
+    decode_rfc6979_signature
d49da0
 )
d49da0
 
d49da0
 
d49da0
@@ -75,3 +77,10 @@ def test_decode_dss_invalid_asn1():
d49da0
 def test_pass_invalid_prehashed_arg():
d49da0
     with pytest.raises(TypeError):
d49da0
         Prehashed(object())
d49da0
+
d49da0
+
d49da0
+def test_deprecated_rfc6979_signature():
d49da0
+    sig = encode_rfc6979_signature(1, 1)
d49da0
+    assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
d49da0
+    decoded = decode_rfc6979_signature(sig)
d49da0
+    assert decoded == (1, 1)
d49da0
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py
d49da0
index 11c80816c..e5bdf17d4 100644
d49da0
--- a/tests/x509/test_x509.py
d49da0
+++ b/tests/x509/test_x509.py
d49da0
@@ -685,6 +685,7 @@ class TestRSACertificate(object):
d49da0
         )
d49da0
         assert isinstance(cert, x509.Certificate)
d49da0
         assert cert.serial_number == 11559813051657483483
d49da0
+        assert cert.serial == cert.serial_number
d49da0
         fingerprint = binascii.hexlify(cert.fingerprint(hashes.SHA1()))
d49da0
         assert fingerprint == b"2b619ed04bfc9c3b08eb677d272192286a0947a8"
d49da0
         assert isinstance(cert.signature_hash_algorithm, hashes.SHA1)
d49da0
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
d49da0
index 2cd216fb6..ac2b2c03d 100644
d49da0
--- a/tests/x509/test_x509_ext.py
d49da0
+++ b/tests/x509/test_x509_ext.py
d49da0
@@ -3442,6 +3442,11 @@ class TestAuthorityKeyIdentifierExtension(object):
d49da0
         )
d49da0
         assert ext.value == aki
d49da0
 
d49da0
+        aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
d49da0
+            ski_ext
d49da0
+        )
d49da0
+        assert ext.value == aki
d49da0
+
d49da0
 
d49da0
 class TestNameConstraints(object):
d49da0
     def test_ipaddress_wrong_type(self):
d49da0
-- 
d49da0
2.26.2
d49da0