Drop cryptography<2.0.0 (2017)

Author: gpotter2

.travis.yml

@@ -26,11 +26,6 @@ matrix:
           env:
             - TOXENV=py27-linux_non_root,codecov
 
-        - os: linux
-          python: 2.7
-          env:
-            - TOXENV=py27-linux_non_root_old-cryptography,codecov
-
         - os: linux
           dist: xenial
           python: 3.8

scapy/config.py

@@ -387,17 +387,6 @@ def isCryptographyValid():
     return _version_checker(cryptography, (1, 7))
 
 
-def isCryptographyRecent():
-    """
-    Check if the cryptography library is recent (2.0 and later)
-    """
-    try:
-        import cryptography
-    except ImportError:
-        return False
-    return _version_checker(cryptography, (2, 0))
-
-
 def isCryptographyAdvanced():
     """
     Check if the cryptography library is present, and if it supports X25519,
@@ -651,8 +640,7 @@ class Conf(ConfClass):
                    'tftp', 'vrrp', 'vxlan', 'x509', 'zigbee']
     contribs = dict()
     crypto_valid = isCryptographyValid()
-    crypto_valid_recent = isCryptographyRecent()
-    crypto_valid_advanced = crypto_valid_recent and isCryptographyAdvanced()
+    crypto_valid_advanced = isCryptographyAdvanced()
     fancy_prompt = True
     auto_crop_tables = True
     recv_poll_rate = 0.05

scapy/layers/tls/cert.py

@@ -51,7 +51,6 @@
     from cryptography.hazmat.backends import default_backend
     from cryptography.hazmat.primitives import serialization
     from cryptography.hazmat.primitives.asymmetric import rsa, ec
-if conf.crypto_valid_recent:
     from cryptography.hazmat.backends.openssl.ec import InvalidSignature
 
 
@@ -331,16 +330,11 @@ def encrypt(self, msg, h="sha256", **kwargs):
     @crypto_validator
     def verify(self, msg, sig, h="sha256", **kwargs):
         # 'sig' should be a DER-encoded signature, as per RFC 3279
-        if conf.crypto_valid_recent:
-            try:
-                self.pubkey.verify(sig, msg, ec.ECDSA(_get_hash(h)))
-                return True
-            except InvalidSignature:
-                return False
-        else:
-            verifier = self.pubkey.verifier(sig, ec.ECDSA(_get_hash(h)))
-            verifier.update(msg)
-            return verifier.verify()
+        try:
+            self.pubkey.verify(sig, msg, ec.ECDSA(_get_hash(h)))
+            return True
+        except InvalidSignature:
+            return False
 
 
 ################
@@ -540,25 +534,15 @@ def import_from_asn1pkt(self, privkey):
     @crypto_validator
     def verify(self, msg, sig, h="sha256", **kwargs):
         # 'sig' should be a DER-encoded signature, as per RFC 3279
-        if conf.crypto_valid_recent:
-            try:
-                self.pubkey.verify(sig, msg, ec.ECDSA(_get_hash(h)))
-                return True
-            except InvalidSignature:
-                return False
-        else:
-            verifier = self.pubkey.verifier(sig, ec.ECDSA(_get_hash(h)))
-            verifier.update(msg)
-            return verifier.verify()
+        try:
+            self.pubkey.verify(sig, msg, ec.ECDSA(_get_hash(h)))
+            return True
+        except InvalidSignature:
+            return False
 
     @crypto_validator
     def sign(self, data, h="sha256", **kwargs):
-        if conf.crypto_valid_recent:
-            return self.key.sign(data, ec.ECDSA(_get_hash(h)))
-        else:
-            signer = self.key.signer(ec.ECDSA(_get_hash(h)))
-            signer.update(data)
-            return signer.finalize()
+        return self.key.sign(data, ec.ECDSA(_get_hash(h)))
 
 
 ################

tox.ini

@@ -90,22 +90,6 @@ commands =
   coverage combine
 
 
-[testenv:py27-linux_non_root_old-cryptography]
-description = "Scapy unit tests - old cryptography module"
-whitelist_externals = sudo
-passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT
-deps = mock
-       # cryptography requirements
-       setuptools>=18.5
-       cryptography==1.9
-       coverage
-       python-can
-
-commands =
-  coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 -K netaccess -K needs_root -K crypto_advanced {posargs}
-  coverage combine
-
-
 [testenv:codecov]
 description = "Upload coverage results to codecov"
 passenv = TOXENV CI TRAVIS TRAVIS_* APPVEYOR APPVEYOR_*