Merge branch 'master' into urandom-engine

* master:
  PKCS #1 RSA test vector loader
  Removed pointless anchor
  Docs need virtualenv as well
  Everything about bash is the worst
  Some reST markup nonsense
  Fix for OS X
  More clearly describe the behavior of constant_time.bytes_eq
  Run the doc tests under OS X
  Made OpenSSL's derive_pbkdf2_hmac raise the right exception
  Document which backends implement which itnerfaces. Fixes pyca#538
  pep8
  Fixed a typo in the docs
  Make the default backend be a multi-backend

Conflicts:
	tests/hazmat/backends/test_openssl.py

.travis.yml

@@ -86,9 +86,6 @@ matrix:
         - os: osx
           env: TOX_ENV=py3pep8
           compiler: gcc
-        - os: osx
-          env: TOX_ENV=docs
-          compiler: clang
         - os: osx
           env: TOX_ENV=pep8
           compiler: clang

.travis/install.sh

@@ -16,9 +16,14 @@ if [[ "${OPENSSL}" == "0.9.8" ]]; then
     fi
 fi
 
-if [[ "${TOX_ENV}" == "docs" && "$(name -s)" != "Darwin" ]]; then
-    sudo apt-get -y update
-    sudo apt-get install libenchant-dev
+if [[ "${TOX_ENV}" == "docs" ]]; then
+    if [[ "$(uname -s)" == "Darwin" ]]; then
+        brew update
+        brew install enchant
+    else
+        sudo apt-get -y update
+        sudo apt-get install libenchant-dev
+    fi
 fi
 
 if [[ "$(uname -s)" == "Darwin" ]]; then
@@ -51,6 +56,11 @@ if [[ "$(uname -s)" == "Darwin" ]]; then
             pyenv global 3.3.2
             pip install virtualenv
             ;;
+        docs)
+            curl -O https://raw.github.com/pypa/pip/master/contrib/get-pip.py
+            sudo python get-pip.py
+            sudo pip install virtualenv
+            ;;
     esac
     pyenv rehash
 else

cryptography/hazmat/backends/__init__.py

@@ -12,6 +12,7 @@
 # limitations under the License.
 
 from cryptography.hazmat.backends import openssl
+from cryptography.hazmat.backends.multibackend import MultiBackend
 from cryptography.hazmat.bindings.commoncrypto.binding import (
     Binding as CommonCryptoBinding
 )
@@ -23,5 +24,8 @@
     _ALL_BACKENDS.append(commoncrypto.backend)
 
 
+_default_backend = MultiBackend(_ALL_BACKENDS)
+
+
 def default_backend():
-    return openssl.backend
+    return _default_backend

cryptography/hazmat/backends/openssl/backend.py

@@ -217,8 +217,11 @@ def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
             )
             assert res == 1
         else:
-            # OpenSSL < 1.0.0
-            assert isinstance(algorithm, hashes.SHA1)
+            if not isinstance(algorithm, hashes.SHA1):
+                raise UnsupportedAlgorithm(
+                    "This version of OpenSSL only supports PBKDF2HMAC with "
+                    "SHA1"
+                )
             res = self._lib.PKCS5_PBKDF2_HMAC_SHA1(
                 key_material,
                 len(key_material),

docs/hazmat/backends/interfaces.rst

@@ -19,6 +19,11 @@ A specific ``backend`` may provide one or more of these interfaces.
     A backend which provides methods for using ciphers for encryption
     and decryption.
 
+    The following backends implement this interface:
+
+    * :doc:`/hazmat/backends/openssl`
+    * :doc:`/hazmat/backends/commoncrypto`
+
     .. method:: cipher_supported(cipher, mode)
 
         Check if a ``cipher`` and ``mode`` combination is supported by
@@ -76,6 +81,11 @@ A specific ``backend`` may provide one or more of these interfaces.
 
     A backend with methods for using cryptographic hash functions.
 
+    The following backends implement this interface:
+
+    * :doc:`/hazmat/backends/openssl`
+    * :doc:`/hazmat/backends/commoncrypto`
+
     .. method:: hash_supported(algorithm)
 
         Check if the specified ``algorithm`` is supported by this backend.
@@ -107,6 +117,11 @@ A specific ``backend`` may provide one or more of these interfaces.
     A backend with methods for using cryptographic hash functions as message
     authentication codes.
 
+    The following backends implement this interface:
+
+    * :doc:`/hazmat/backends/openssl`
+    * :doc:`/hazmat/backends/commoncrypto`
+
     .. method:: hmac_supported(algorithm)
 
         Check if the specified ``algorithm`` is supported by this backend.
@@ -139,6 +154,11 @@ A specific ``backend`` may provide one or more of these interfaces.
 
     A backend with methods for using PBKDF2 using HMAC as a PRF.
 
+    The following backends implement this interface:
+
+    * :doc:`/hazmat/backends/openssl`
+    * :doc:`/hazmat/backends/commoncrypto`
+
     .. method:: pbkdf2_hmac_supported(algorithm)
 
         Check if the specified ``algorithm`` is supported by this backend.
@@ -171,4 +191,3 @@ A specific ``backend`` may provide one or more of these interfaces.
             the derived key. This is typically a password.
 
         :return bytes: Derived key.
-

docs/hazmat/backends/multibackend.rst

@@ -18,10 +18,10 @@ MultiBackend
         >>> from cryptography.hazmat.primitives import hashes
         >>> backend1.hash_supported(hashes.SHA256())
         False
-        >>> backend2.hash_supported(hashes.SHA1())
+        >>> backend2.hash_supported(hashes.SHA256())
         True
         >>> multi_backend = MultiBackend([backend1, backend2])
-        >>> multi_backend.hash_supported(hashes.SHA1())
+        >>> multi_backend.hash_supported(hashes.SHA256())
         True
 
     :param backends: A ``list`` of backend objects. Backends are checked for

docs/hazmat/bindings/commoncrypto.rst

@@ -27,4 +27,4 @@ Mac OS X.
 
 
 .. _`CFFI`: https://cffi.readthedocs.org/
-.. _`CommonCrypto`: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html#//apple_ref/doc/man/3cc/CommonCrypto
+.. _`CommonCrypto`: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man3/Common%20Crypto.3cc.html

docs/hazmat/primitives/constant-time.rst

@@ -19,8 +19,10 @@ about the timing attacks on KeyCzar and Java's ``MessageDigest.isEqual()``.
 
 .. function:: bytes_eq(a, b)
 
-    Compare ``a`` and ``b`` to one another in constant time if they are of the
-    same length.
+    Compares ``a`` and ``b`` with one another. If ``a`` and ``b`` have
+    different lengths, this returns ``False`` immediately. Otherwise it
+    compares them in a way that takes the same amount of time, regardless of
+    how many characters are the same between the two.
 
     .. doctest::
 
@@ -30,9 +32,10 @@ about the timing attacks on KeyCzar and Java's ``MessageDigest.isEqual()``.
         >>> constant_time.bytes_eq(b"foo", b"bar")
         False
 
-    :param a bytes: The left-hand side.
-    :param b bytes: The right-hand side.
-    :returns boolean: True if ``a`` has the same bytes as ``b``.
+    :param bytes a: The left-hand side.
+    :param bytes b: The right-hand side.
+    :returns bool: ``True`` if ``a`` has the same bytes as ``b``, otherwise
+                   ``False``.
 
 
 .. _`Coda Hale's blog post`: http://codahale.com/a-lesson-in-timing-attacks/

tests/hazmat/backends/test_openssl.py

@@ -20,7 +20,7 @@
 from cryptography import utils
 from cryptography.exceptions import UnsupportedAlgorithm, InternalError
 from cryptography.hazmat.backends.openssl.backend import backend, Backend
-from cryptography.hazmat.primitives import interfaces
+from cryptography.hazmat.primitives import interfaces, hashes
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
 from cryptography.hazmat.primitives.ciphers.modes import CBC
@@ -246,6 +246,12 @@ def test_error_strings_loaded(self):
             b"data not multiple of block length"
         )
 
+    def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self):
+        if backend.pbkdf2_hmac_supported(hashes.SHA256()):
+            pytest.skip("Requires an older OpenSSL")
+        with pytest.raises(UnsupportedAlgorithm):
+            backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"")
+
     # This test is not in the next class because to check if it's really
     # default we don't want to run the setup_method before it
     def test_osrandom_engine_is_default(self):