updates for review feedback
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 66ee1e4..e63b079 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -159,7 +159,7 @@
"""
@abc.abstractmethod
- def dsa_parameters_supported(self, p, q):
+ def dsa_parameters_supported(self, p, q, g):
"""
Return True if the parameters are supported by the backend for DSA.
"""
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index ea58d75..37d1c35 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -492,20 +492,14 @@
return ctx
def dsa_hash_supported(self, algorithm):
- if (
- self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and
- not isinstance(algorithm, hashes.SHA1)
- ):
- return False
+ if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f:
+ return isinstance(algorithm, hashes.SHA1)
else:
return self.hash_supported(algorithm)
- def dsa_parameters_supported(self, p, q):
- if (
- self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f and
- not (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160)
- ):
- return False
+ def dsa_parameters_supported(self, p, q, g):
+ if self._lib.OPENSSL_VERSION_NUMBER < 0x1000000f:
+ return (utils.bit_length(p) <= 1024 and utils.bit_length(q) <= 160)
else:
return True
@@ -1334,8 +1328,7 @@
@utils.register_interface(interfaces.AsymmetricVerificationContext)
class _DSAVerificationContext(object):
- def __init__(
- self, backend, public_key, signature, algorithm):
+ def __init__(self, backend, public_key, signature, algorithm):
self._backend = backend
self._public_key = public_key
self._signature = signature
@@ -1361,6 +1354,8 @@
data_to_verify = self._hash_ctx.finalize()
self._hash_ctx = None
+ # The first parameter passed to DSA_verify is unused by OpenSSL but
+ # must be an integer.
res = self._backend._lib.DSA_verify(
0, data_to_verify, len(data_to_verify), self._signature,
len(self._signature), self._dsa_cdata)
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 3b3d5ef..6833f22 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -351,7 +351,8 @@
:class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey`
provider.
- :param bytes signature: The signature to verify.
+ :param bytes signature: The signature to verify. DER encoded as
+ specified in :rfc:`6979`.
:param algorithm: An instance of a
:class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
@@ -369,14 +370,16 @@
:returns: ``True`` if the specified ``algorithm`` is supported by this
backend, otherwise ``False``.
- .. method:: dsa_parameters_supported(p, q):
+ .. method:: dsa_parameters_supported(p, q, g):
:param int p: The p value of a DSA key.
:param int q: The q value of a DSA key.
- :returns: ``True`` if the given values of ``p`` and ``q`` are supported
- by this backend, otherwise ``False``.
+ :param int g: The g value of a DSA key.
+
+ :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are
+ supported by this backend, otherwise ``False``.
.. class:: CMACBackend
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index 5cee570..03e476b 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -142,7 +142,7 @@
... hashes.SHA256(),
... default_backend()
... )
- >>> data= b"this is some data I'd like to sign"
+ >>> data = b"this is some data I'd like to sign"
>>> signer.update(data)
>>> signature = signer.finalize()
>>> public_key = private_key.public_key()
@@ -154,7 +154,7 @@
>>> verifier.update(data)
>>> verifier.verify()
- :param bytes signature: The signature to verify in DER encoding as
+ :param bytes signature: The signature to verify. DER encoded as
specified in :rfc:`6979`.
:param algorithm: An instance of a
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 67f9029..c6642e0 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -744,8 +744,11 @@
def test_dsa_verification(self, vector, backend):
digest_algorithm = vector['digest_algorithm'].replace("-", "")
algorithm = self._algorithms_dict[digest_algorithm]
- if (not backend.dsa_parameters_supported(vector['p'], vector['q'])
- or not backend.dsa_hash_supported(algorithm)):
+ if (
+ not backend.dsa_parameters_supported(
+ vector['p'], vector['q'], vector['g']
+ ) or not backend.dsa_hash_supported(algorithm)
+ ):
pytest.skip(
"{0} does not support the provided parameters".format(backend)
)