commit 1b1327cfe537b9e7bdc271239d1025c2479239c3
author Alex Stapleton <alexs@prol.etari.at> Sat Dec 21 15:16:57 2013 +0000
committer Alex Stapleton <alexs@prol.etari.at> Sat Dec 21 17:12:05 2013 +0000
tree 8a27a12313c0ba6ab6b62757d1332e18bac2df9c
parent 9b9318d79ba5927603b120411d13b607938cae56

Raise UnsupportedAlgorithm when initing Hash()

Instead of just an AssertionError.

cryptography/hazmat/backends/openssl/backend.py

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index 588a427..5b7cb3d 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -400,7 +400,11 @@
                                        self._backend.lib.EVP_MD_CTX_destroy)
             evp_md = self._backend.lib.EVP_get_digestbyname(
                 algorithm.name.encode("ascii"))
-            assert evp_md != self._backend.ffi.NULL
+            if evp_md == self._backend.ffi.NULL:
+                raise UnsupportedAlgorithm(
+                    "{0} is not a supported hash on this backend".format(
+                        algorithm.name)
+                )
             res = self._backend.lib.EVP_DigestInit_ex(ctx, evp_md,
                                                       self._backend.ffi.NULL)
             assert res != 0

docs/hazmat/primitives/cryptographic-hashes.rst

diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index 90ca198..3834737 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -28,6 +28,9 @@
         >>> digest.finalize()
         'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
 
+    If the backend doesn't support the requested ``algorithm`` an
+    :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised.
+
     Keep in mind that attacks against cryptographic hashes only get stronger
     with time, and that often algorithms that were once thought to be strong,
     become broken. Because of this it's important to include a plan for

tests/hazmat/primitives/test_hashes.py

diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index ff42e8f..72bc3e2 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -19,12 +19,18 @@
 
 import six
 
-from cryptography.exceptions import AlreadyFinalized
-from cryptography.hazmat.primitives import hashes
+from cryptography import utils
+from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm
+from cryptography.hazmat.primitives import hashes, interfaces
 
 from .utils import generate_base_hash_test
 
 
+@utils.register_interface(interfaces.HashAlgorithm)
+class UnsupportedDummyHash(object):
+    name = "unsupported-dummy-hash"
+
+
 class TestHashContext(object):
     def test_hash_reject_unicode(self, backend):
         m = hashes.Hash(hashes.SHA1(), backend=backend)
@@ -57,6 +63,10 @@
         with pytest.raises(AlreadyFinalized):
             h.finalize()
 
+    def test_unsupported_hash(self, backend):
+        with pytest.raises(UnsupportedAlgorithm):
+            hashes.Hash(UnsupportedDummyHash(), backend)
+
 
 class TestSHA1(object):
     test_SHA1 = generate_base_hash_test(