Merge pull request #744 from Ayrx/osx-version-check
Added check to turn off CC backend for OS X version < 10.8
diff --git a/AUTHORS.rst b/AUTHORS.rst
index b03b9c0..99c6f8e 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -6,7 +6,7 @@
* Alex Gaynor <alex.gaynor@gmail.com> (E27D 4AA0 1651 72CB C5D2 AF2B 125F 5C67 DFE9 4084)
* Hynek Schlawack <hs@ox.cx> (C2A0 4F86 ACE2 8ADC F817 DBB7 AE25 3622 7F69 F181)
* Donald Stufft <donald@stufft.io>
-* Laurens Van Houtven <_@lvh.io>
+* Laurens Van Houtven <_@lvh.io> (D9DC 4315 772F 8E91 DD22 B153 DFD1 3DF7 A8DD 569B)
* Christian Heimes <christian@python.org>
* Paul Kehrer <paul.l.kehrer@gmail.com>
* Jarret Raim <jarito@gmail.com>
diff --git a/cryptography/exceptions.py b/cryptography/exceptions.py
index b496259..a26dbe1 100644
--- a/cryptography/exceptions.py
+++ b/cryptography/exceptions.py
@@ -16,6 +16,18 @@
pass
+class UnsupportedCipher(UnsupportedAlgorithm):
+ pass
+
+
+class UnsupportedHash(UnsupportedAlgorithm):
+ pass
+
+
+class UnsupportedPadding(UnsupportedAlgorithm):
+ pass
+
+
class AlreadyFinalized(Exception):
pass
@@ -46,7 +58,3 @@
class InvalidToken(Exception):
pass
-
-
-class UnsupportedPadding(Exception):
- pass
diff --git a/cryptography/hazmat/backends/commoncrypto/backend.py b/cryptography/hazmat/backends/commoncrypto/backend.py
index 4a451d3..53228b3 100644
--- a/cryptography/hazmat/backends/commoncrypto/backend.py
+++ b/cryptography/hazmat/backends/commoncrypto/backend.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- UnsupportedAlgorithm, InvalidTag, InternalError
+ InvalidTag, InternalError, UnsupportedCipher, UnsupportedHash
)
from cryptography.hazmat.backends.interfaces import (
HashBackend, HMACBackend, CipherBackend, PBKDF2HMACBackend
@@ -273,7 +273,7 @@
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedAlgorithm(
+ raise UnsupportedCipher(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -346,7 +346,7 @@
try:
cipher_enum, mode_enum = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedAlgorithm(
+ raise UnsupportedCipher(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -420,7 +420,7 @@
try:
methods = self._backend._hash_mapping[self.algorithm.name]
except KeyError:
- raise UnsupportedAlgorithm(
+ raise UnsupportedHash(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -463,7 +463,7 @@
try:
alg = self._backend._supported_hmac_algorithms[algorithm.name]
except KeyError:
- raise UnsupportedAlgorithm(
+ raise UnsupportedHash(
"{0} is not a supported HMAC hash on this backend".format(
algorithm.name)
)
diff --git a/cryptography/hazmat/backends/multibackend.py b/cryptography/hazmat/backends/multibackend.py
index de1fff7..cca82a5 100644
--- a/cryptography/hazmat/backends/multibackend.py
+++ b/cryptography/hazmat/backends/multibackend.py
@@ -14,7 +14,9 @@
from __future__ import absolute_import, division, print_function
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.exceptions import (
+ UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
+)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend
)
@@ -46,17 +48,17 @@
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_encryption_ctx(algorithm, mode)
- except UnsupportedAlgorithm:
+ except UnsupportedCipher:
pass
- raise UnsupportedAlgorithm
+ raise UnsupportedCipher
def create_symmetric_decryption_ctx(self, algorithm, mode):
for b in self._filtered_backends(CipherBackend):
try:
return b.create_symmetric_decryption_ctx(algorithm, mode)
- except UnsupportedAlgorithm:
+ except UnsupportedCipher:
pass
- raise UnsupportedAlgorithm
+ raise UnsupportedCipher
def hash_supported(self, algorithm):
return any(
@@ -68,9 +70,9 @@
for b in self._filtered_backends(HashBackend):
try:
return b.create_hash_ctx(algorithm)
- except UnsupportedAlgorithm:
+ except UnsupportedHash:
pass
- raise UnsupportedAlgorithm
+ raise UnsupportedHash
def hmac_supported(self, algorithm):
return any(
@@ -82,9 +84,9 @@
for b in self._filtered_backends(HMACBackend):
try:
return b.create_hmac_ctx(key, algorithm)
- except UnsupportedAlgorithm:
+ except UnsupportedHash:
pass
- raise UnsupportedAlgorithm
+ raise UnsupportedHash
def pbkdf2_hmac_supported(self, algorithm):
return any(
@@ -99,9 +101,9 @@
return b.derive_pbkdf2_hmac(
algorithm, length, salt, iterations, key_material
)
- except UnsupportedAlgorithm:
+ except UnsupportedHash:
pass
- raise UnsupportedAlgorithm
+ raise UnsupportedHash
def generate_rsa_private_key(self, public_exponent, key_size):
for b in self._filtered_backends(RSABackend):
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index f05ee3d..b4625aa 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -18,8 +18,8 @@
from cryptography import utils
from cryptography.exceptions import (
- UnsupportedAlgorithm, InvalidTag, InternalError, AlreadyFinalized,
- UnsupportedPadding, InvalidSignature
+ InvalidTag, InternalError, AlreadyFinalized, UnsupportedCipher,
+ UnsupportedHash, UnsupportedPadding, InvalidSignature
)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend
@@ -211,7 +211,7 @@
assert res == 1
else:
if not isinstance(algorithm, hashes.SHA1):
- raise UnsupportedAlgorithm(
+ raise UnsupportedHash(
"This version of OpenSSL only supports PBKDF2HMAC with "
"SHA1"
)
@@ -377,7 +377,7 @@
try:
adapter = registry[type(cipher), type(mode)]
except KeyError:
- raise UnsupportedAlgorithm(
+ raise UnsupportedCipher(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -385,7 +385,7 @@
evp_cipher = adapter(self._backend, cipher, mode)
if evp_cipher == self._backend._ffi.NULL:
- raise UnsupportedAlgorithm(
+ raise UnsupportedCipher(
"cipher {0} in {1} mode is not supported "
"by this backend".format(
cipher.name, mode.name if mode else mode)
@@ -438,6 +438,15 @@
self._ctx = ctx
def update(self, data):
+ # OpenSSL 0.9.8e has an assertion in its EVP code that causes it
+ # to SIGABRT if you call update with an empty byte string. This can be
+ # removed when we drop support for 0.9.8e (CentOS/RHEL 5). This branch
+ # should be taken only when length is zero and mode is not GCM because
+ # AES GCM can return improper tag values if you don't call update
+ # with empty plaintext when authenticating AAD for ...reasons.
+ if len(data) == 0 and not isinstance(self._mode, GCM):
+ return b""
+
buf = self._backend._ffi.new("unsigned char[]",
len(data) + self._block_size - 1)
outlen = self._backend._ffi.new("int *")
@@ -517,7 +526,7 @@
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode("ascii"))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedAlgorithm(
+ raise UnsupportedHash(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
@@ -567,7 +576,7 @@
evp_md = self._backend._lib.EVP_get_digestbyname(
algorithm.name.encode('ascii'))
if evp_md == self._backend._ffi.NULL:
- raise UnsupportedAlgorithm(
+ raise UnsupportedHash(
"{0} is not a supported hash on this backend".format(
algorithm.name)
)
diff --git a/cryptography/hazmat/bindings/openssl/aes.py b/cryptography/hazmat/bindings/openssl/aes.py
index 6cbcd57..95ed527 100644
--- a/cryptography/hazmat/bindings/openssl/aes.py
+++ b/cryptography/hazmat/bindings/openssl/aes.py
@@ -16,6 +16,8 @@
"""
TYPES = """
+static const int Cryptography_HAS_AES_WRAP;
+
struct aes_key_st {
...;
};
@@ -25,16 +27,34 @@
FUNCTIONS = """
int AES_set_encrypt_key(const unsigned char *, const int, AES_KEY *);
int AES_set_decrypt_key(const unsigned char *, const int, AES_KEY *);
+"""
+
+MACROS = """
+/* these can be moved back to FUNCTIONS once we drop support for 0.9.8h.
+ This should be when we drop RHEL/CentOS 5, which is on 0.9.8e. */
int AES_wrap_key(AES_KEY *, const unsigned char *, unsigned char *,
const unsigned char *, unsigned int);
int AES_unwrap_key(AES_KEY *, const unsigned char *, unsigned char *,
const unsigned char *, unsigned int);
"""
-MACROS = """
-"""
-
CUSTOMIZATIONS = """
+// OpenSSL 0.9.8h+
+#if OPENSSL_VERSION_NUMBER >= 0x0090808fL
+static const long Cryptography_HAS_AES_WRAP = 1;
+#else
+static const long Cryptography_HAS_AES_WRAP = 0;
+int (*AES_wrap_key)(AES_KEY *, const unsigned char *, unsigned char *,
+ const unsigned char *, unsigned int) = NULL;
+int (*AES_unwrap_key)(AES_KEY *, const unsigned char *, unsigned char *,
+ const unsigned char *, unsigned int) = NULL;
+#endif
+
"""
-CONDITIONAL_NAMES = {}
+CONDITIONAL_NAMES = {
+ "Cryptography_HAS_AES_WRAP": [
+ "AES_wrap_key",
+ "AES_unwrap_key",
+ ],
+}
diff --git a/cryptography/hazmat/bindings/openssl/bio.py b/cryptography/hazmat/bindings/openssl/bio.py
index 279ad22..2817268 100644
--- a/cryptography/hazmat/bindings/openssl/bio.py
+++ b/cryptography/hazmat/bindings/openssl/bio.py
@@ -105,7 +105,6 @@
BIO *BIO_pop(BIO *);
BIO *BIO_next(BIO *);
BIO *BIO_find_type(BIO *, int);
-int BIO_method_type(const BIO *);
BIO_METHOD *BIO_s_mem(void);
BIO *BIO_new_mem_buf(void *, int);
BIO_METHOD *BIO_s_file(void);
@@ -168,6 +167,10 @@
long BIO_set_write_buffer_size(BIO *, long);
long BIO_set_buffer_size(BIO *, long);
long BIO_set_buffer_read_data(BIO *, void *, long);
+
+/* The following was a macro in 0.9.8e. Once we drop support for RHEL/CentOS 5
+ we should move this back to FUNCTIONS. */
+int BIO_method_type(const BIO *);
"""
CUSTOMIZATIONS = """
diff --git a/cryptography/hazmat/bindings/openssl/dsa.py b/cryptography/hazmat/bindings/openssl/dsa.py
index e04507c..664296d 100644
--- a/cryptography/hazmat/bindings/openssl/dsa.py
+++ b/cryptography/hazmat/bindings/openssl/dsa.py
@@ -35,6 +35,7 @@
DSA *DSA_generate_parameters(int, unsigned char *, int, int *, unsigned long *,
void (*)(int, int, void *), void *);
int DSA_generate_key(DSA *);
+DSA *DSA_new(void);
void DSA_free(DSA *);
"""
diff --git a/cryptography/hazmat/bindings/openssl/ec.py b/cryptography/hazmat/bindings/openssl/ec.py
index 4a42960..9d6f7cb 100644
--- a/cryptography/hazmat/bindings/openssl/ec.py
+++ b/cryptography/hazmat/bindings/openssl/ec.py
@@ -27,150 +27,6 @@
int nid;
const char *comment;
} EC_builtin_curve;
-
-static const int NID_X9_62_c2pnb163v1;
-static const int NID_X9_62_c2pnb163v2;
-static const int NID_X9_62_c2pnb163v3;
-static const int NID_X9_62_c2pnb176v1;
-static const int NID_X9_62_c2tnb191v1;
-static const int NID_X9_62_c2tnb191v2;
-static const int NID_X9_62_c2tnb191v3;
-static const int NID_X9_62_c2onb191v4;
-static const int NID_X9_62_c2onb191v5;
-static const int NID_X9_62_c2pnb208w1;
-static const int NID_X9_62_c2tnb239v1;
-static const int NID_X9_62_c2tnb239v2;
-static const int NID_X9_62_c2tnb239v3;
-static const int NID_X9_62_c2onb239v4;
-static const int NID_X9_62_c2onb239v5;
-static const int NID_X9_62_c2pnb272w1;
-static const int NID_X9_62_c2pnb304w1;
-static const int NID_X9_62_c2tnb359v1;
-static const int NID_X9_62_c2pnb368w1;
-static const int NID_X9_62_c2tnb431r1;
-static const int NID_X9_62_prime192v1;
-static const int NID_X9_62_prime192v2;
-static const int NID_X9_62_prime192v3;
-static const int NID_X9_62_prime239v1;
-static const int NID_X9_62_prime239v2;
-static const int NID_X9_62_prime239v3;
-static const int NID_X9_62_prime256v1;
-static const int NID_secp112r1;
-static const int NID_secp112r2;
-static const int NID_secp128r1;
-static const int NID_secp128r2;
-static const int NID_secp160k1;
-static const int NID_secp160r1;
-static const int NID_secp160r2;
-static const int NID_sect163k1;
-static const int NID_sect163r1;
-static const int NID_sect163r2;
-static const int NID_secp192k1;
-static const int NID_secp224k1;
-static const int NID_secp224r1;
-static const int NID_secp256k1;
-static const int NID_secp384r1;
-static const int NID_secp521r1;
-static const int NID_sect113r1;
-static const int NID_sect113r2;
-static const int NID_sect131r1;
-static const int NID_sect131r2;
-static const int NID_sect193r1;
-static const int NID_sect193r2;
-static const int NID_sect233k1;
-static const int NID_sect233r1;
-static const int NID_sect239k1;
-static const int NID_sect283k1;
-static const int NID_sect283r1;
-static const int NID_sect409k1;
-static const int NID_sect409r1;
-static const int NID_sect571k1;
-static const int NID_sect571r1;
-static const int NID_wap_wsg_idm_ecid_wtls1;
-static const int NID_wap_wsg_idm_ecid_wtls3;
-static const int NID_wap_wsg_idm_ecid_wtls4;
-static const int NID_wap_wsg_idm_ecid_wtls5;
-static const int NID_wap_wsg_idm_ecid_wtls6;
-static const int NID_wap_wsg_idm_ecid_wtls7;
-static const int NID_wap_wsg_idm_ecid_wtls8;
-static const int NID_wap_wsg_idm_ecid_wtls9;
-static const int NID_wap_wsg_idm_ecid_wtls10;
-static const int NID_wap_wsg_idm_ecid_wtls11;
-static const int NID_wap_wsg_idm_ecid_wtls12;
-static const int NID_ipsec3;
-static const int NID_ipsec4;
-static const char *const SN_X9_62_c2pnb163v1;
-static const char *const SN_X9_62_c2pnb163v2;
-static const char *const SN_X9_62_c2pnb163v3;
-static const char *const SN_X9_62_c2pnb176v1;
-static const char *const SN_X9_62_c2tnb191v1;
-static const char *const SN_X9_62_c2tnb191v2;
-static const char *const SN_X9_62_c2tnb191v3;
-static const char *const SN_X9_62_c2onb191v4;
-static const char *const SN_X9_62_c2onb191v5;
-static const char *const SN_X9_62_c2pnb208w1;
-static const char *const SN_X9_62_c2tnb239v1;
-static const char *const SN_X9_62_c2tnb239v2;
-static const char *const SN_X9_62_c2tnb239v3;
-static const char *const SN_X9_62_c2onb239v4;
-static const char *const SN_X9_62_c2onb239v5;
-static const char *const SN_X9_62_c2pnb272w1;
-static const char *const SN_X9_62_c2pnb304w1;
-static const char *const SN_X9_62_c2tnb359v1;
-static const char *const SN_X9_62_c2pnb368w1;
-static const char *const SN_X9_62_c2tnb431r1;
-static const char *const SN_X9_62_prime192v1;
-static const char *const SN_X9_62_prime192v2;
-static const char *const SN_X9_62_prime192v3;
-static const char *const SN_X9_62_prime239v1;
-static const char *const SN_X9_62_prime239v2;
-static const char *const SN_X9_62_prime239v3;
-static const char *const SN_X9_62_prime256v1;
-static const char *const SN_secp112r1;
-static const char *const SN_secp112r2;
-static const char *const SN_secp128r1;
-static const char *const SN_secp128r2;
-static const char *const SN_secp160k1;
-static const char *const SN_secp160r1;
-static const char *const SN_secp160r2;
-static const char *const SN_sect163k1;
-static const char *const SN_sect163r1;
-static const char *const SN_sect163r2;
-static const char *const SN_secp192k1;
-static const char *const SN_secp224k1;
-static const char *const SN_secp224r1;
-static const char *const SN_secp256k1;
-static const char *const SN_secp384r1;
-static const char *const SN_secp521r1;
-static const char *const SN_sect113r1;
-static const char *const SN_sect113r2;
-static const char *const SN_sect131r1;
-static const char *const SN_sect131r2;
-static const char *const SN_sect193r1;
-static const char *const SN_sect193r2;
-static const char *const SN_sect233k1;
-static const char *const SN_sect233r1;
-static const char *const SN_sect239k1;
-static const char *const SN_sect283k1;
-static const char *const SN_sect283r1;
-static const char *const SN_sect409k1;
-static const char *const SN_sect409r1;
-static const char *const SN_sect571k1;
-static const char *const SN_sect571r1;
-static const char *const SN_wap_wsg_idm_ecid_wtls1;
-static const char *const SN_wap_wsg_idm_ecid_wtls3;
-static const char *const SN_wap_wsg_idm_ecid_wtls4;
-static const char *const SN_wap_wsg_idm_ecid_wtls5;
-static const char *const SN_wap_wsg_idm_ecid_wtls6;
-static const char *const SN_wap_wsg_idm_ecid_wtls7;
-static const char *const SN_wap_wsg_idm_ecid_wtls8;
-static const char *const SN_wap_wsg_idm_ecid_wtls9;
-static const char *const SN_wap_wsg_idm_ecid_wtls10;
-static const char *const SN_wap_wsg_idm_ecid_wtls11;
-static const char *const SN_wap_wsg_idm_ecid_wtls12;
-static const char *const SN_ipsec3;
-static const char *const SN_ipsec4;
-
"""
FUNCTIONS = """
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index f2058ad..f21d98b 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -17,6 +17,7 @@
TYPES = """
static const int Cryptography_HAS_REMOVE_THREAD_STATE;
+static const int Cryptography_HAS_098H_ERROR_CODES;
struct ERR_string_data_st {
unsigned long error;
@@ -50,8 +51,6 @@
static const int ASN1_F_ASN1_UNPACK_STRING;
static const int ASN1_F_ASN1_UTCTIME_SET;
static const int ASN1_F_ASN1_VERIFY;
-static const int ASN1_F_B64_READ_ASN1;
-static const int ASN1_F_B64_WRITE_ASN1;
static const int ASN1_F_BITSTR_CB;
static const int ASN1_F_BN_TO_ASN1_ENUMERATED;
static const int ASN1_F_BN_TO_ASN1_INTEGER;
@@ -71,8 +70,6 @@
static const int ASN1_F_OID_MODULE_INIT;
static const int ASN1_F_PARSE_TAGGING;
static const int ASN1_F_PKCS5_PBE_SET;
-static const int ASN1_F_SMIME_READ_ASN1;
-static const int ASN1_F_SMIME_TEXT;
static const int ASN1_F_X509_CINF_NEW;
static const int ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
static const int ASN1_R_BUFFER_TOO_SMALL;
@@ -86,10 +83,7 @@
static const int ASN1_R_ERROR_LOADING_SECTION;
static const int ASN1_R_MSTRING_WRONG_TAG;
static const int ASN1_R_NESTED_ASN1_STRING;
-static const int ASN1_R_NO_CONTENT_TYPE;
static const int ASN1_R_NO_MATCHING_CHOICE_TYPE;
-static const int ASN1_R_NO_MULTIPART_BODY_FAILURE;
-static const int ASN1_R_NO_MULTIPART_BOUNDARY;
static const int ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM;
static const int ASN1_R_UNKNOWN_OBJECT_TYPE;
static const int ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE;
@@ -257,6 +251,16 @@
* supporting 0.9.8
*/
void ERR_remove_thread_state(const CRYPTO_THREADID *);
+
+/* These were added in OpenSSL 0.9.8h. When we drop support for RHEL/CentOS 5
+ we should be able to move these back to TYPES. */
+static const int ASN1_F_B64_READ_ASN1;
+static const int ASN1_F_B64_WRITE_ASN1;
+static const int ASN1_F_SMIME_READ_ASN1;
+static const int ASN1_F_SMIME_TEXT;
+static const int ASN1_R_NO_CONTENT_TYPE;
+static const int ASN1_R_NO_MULTIPART_BODY_FAILURE;
+static const int ASN1_R_NO_MULTIPART_BOUNDARY;
"""
CUSTOMIZATIONS = """
@@ -267,10 +271,33 @@
typedef uint32_t CRYPTO_THREADID;
void (*ERR_remove_thread_state)(const CRYPTO_THREADID *) = NULL;
#endif
+
+// OpenSSL 0.9.8h+
+#if OPENSSL_VERSION_NUMBER >= 0x0090808fL
+static const long Cryptography_HAS_098H_ERROR_CODES = 1;
+#else
+static const long Cryptography_HAS_098H_ERROR_CODES = 0;
+static const int ASN1_F_B64_READ_ASN1 = 0;
+static const int ASN1_F_B64_WRITE_ASN1 = 0;
+static const int ASN1_F_SMIME_READ_ASN1 = 0;
+static const int ASN1_F_SMIME_TEXT = 0;
+static const int ASN1_R_NO_CONTENT_TYPE = 0;
+static const int ASN1_R_NO_MULTIPART_BODY_FAILURE = 0;
+static const int ASN1_R_NO_MULTIPART_BOUNDARY = 0;
+#endif
"""
CONDITIONAL_NAMES = {
"Cryptography_HAS_REMOVE_THREAD_STATE": [
"ERR_remove_thread_state"
],
+ "Cryptography_HAS_098H_ERROR_CODES": [
+ "ASN1_F_B64_READ_ASN1",
+ "ASN1_F_B64_WRITE_ASN1",
+ "ASN1_F_SMIME_READ_ASN1",
+ "ASN1_F_SMIME_TEXT",
+ "ASN1_R_NO_CONTENT_TYPE",
+ "ASN1_R_NO_MULTIPART_BODY_FAILURE",
+ "ASN1_R_NO_MULTIPART_BOUNDARY",
+ ],
}
diff --git a/cryptography/hazmat/bindings/openssl/evp.py b/cryptography/hazmat/bindings/openssl/evp.py
index a5e19c3..77128c4 100644
--- a/cryptography/hazmat/bindings/openssl/evp.py
+++ b/cryptography/hazmat/bindings/openssl/evp.py
@@ -64,8 +64,6 @@
const unsigned char *, int);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
-const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *);
-int EVP_CIPHER_block_size(const EVP_CIPHER *);
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *);
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
@@ -79,8 +77,6 @@
int EVP_MD_CTX_cleanup(EVP_MD_CTX *);
void EVP_MD_CTX_destroy(EVP_MD_CTX *);
const EVP_MD *EVP_get_digestbyname(const char *);
-const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *);
-int EVP_MD_size(const EVP_MD *);
EVP_PKEY *EVP_PKEY_new(void);
void EVP_PKEY_free(EVP_PKEY *);
@@ -143,6 +139,13 @@
int EVP_PKEY_verify_init(EVP_PKEY_CTX *);
int EVP_PKEY_verify(EVP_PKEY_CTX *, const unsigned char *, size_t,
const unsigned char *, size_t);
+
+/* The following were macros in 0.9.8e. Once we drop support for RHEL/CentOS 5
+ we should move these back to FUNCTIONS. */
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *);
+int EVP_CIPHER_block_size(const EVP_CIPHER *);
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *);
+int EVP_MD_size(const EVP_MD *);
"""
CUSTOMIZATIONS = """
@@ -154,7 +157,7 @@
const long EVP_CTRL_GCM_SET_TAG = -1;
const long EVP_CTRL_GCM_SET_IVLEN = -1;
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10000000
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
const long Cryptography_HAS_PBKDF2_HMAC = 1;
const long Cryptography_HAS_PKEY_CTX = 1;
#else
diff --git a/cryptography/hazmat/bindings/openssl/nid.py b/cryptography/hazmat/bindings/openssl/nid.py
index 40aed19..cb83c1b 100644
--- a/cryptography/hazmat/bindings/openssl/nid.py
+++ b/cryptography/hazmat/bindings/openssl/nid.py
@@ -14,6 +14,8 @@
INCLUDES = ""
TYPES = """
+static const int Cryptography_HAS_ECDSA_SHA2_NIDS;
+
static const int NID_undef;
static const int NID_dsa;
static const int NID_dsaWithSHA;
@@ -38,6 +40,148 @@
static const int NID_crl_reason;
static const int NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
static const int NID_subject_alt_name;
+static const int NID_X9_62_c2pnb163v1;
+static const int NID_X9_62_c2pnb163v2;
+static const int NID_X9_62_c2pnb163v3;
+static const int NID_X9_62_c2pnb176v1;
+static const int NID_X9_62_c2tnb191v1;
+static const int NID_X9_62_c2tnb191v2;
+static const int NID_X9_62_c2tnb191v3;
+static const int NID_X9_62_c2onb191v4;
+static const int NID_X9_62_c2onb191v5;
+static const int NID_X9_62_c2pnb208w1;
+static const int NID_X9_62_c2tnb239v1;
+static const int NID_X9_62_c2tnb239v2;
+static const int NID_X9_62_c2tnb239v3;
+static const int NID_X9_62_c2onb239v4;
+static const int NID_X9_62_c2onb239v5;
+static const int NID_X9_62_c2pnb272w1;
+static const int NID_X9_62_c2pnb304w1;
+static const int NID_X9_62_c2tnb359v1;
+static const int NID_X9_62_c2pnb368w1;
+static const int NID_X9_62_c2tnb431r1;
+static const int NID_X9_62_prime192v1;
+static const int NID_X9_62_prime192v2;
+static const int NID_X9_62_prime192v3;
+static const int NID_X9_62_prime239v1;
+static const int NID_X9_62_prime239v2;
+static const int NID_X9_62_prime239v3;
+static const int NID_X9_62_prime256v1;
+static const int NID_secp112r1;
+static const int NID_secp112r2;
+static const int NID_secp128r1;
+static const int NID_secp128r2;
+static const int NID_secp160k1;
+static const int NID_secp160r1;
+static const int NID_secp160r2;
+static const int NID_sect163k1;
+static const int NID_sect163r1;
+static const int NID_sect163r2;
+static const int NID_secp192k1;
+static const int NID_secp224k1;
+static const int NID_secp224r1;
+static const int NID_secp256k1;
+static const int NID_secp384r1;
+static const int NID_secp521r1;
+static const int NID_sect113r1;
+static const int NID_sect113r2;
+static const int NID_sect131r1;
+static const int NID_sect131r2;
+static const int NID_sect193r1;
+static const int NID_sect193r2;
+static const int NID_sect233k1;
+static const int NID_sect233r1;
+static const int NID_sect239k1;
+static const int NID_sect283k1;
+static const int NID_sect283r1;
+static const int NID_sect409k1;
+static const int NID_sect409r1;
+static const int NID_sect571k1;
+static const int NID_sect571r1;
+static const int NID_wap_wsg_idm_ecid_wtls1;
+static const int NID_wap_wsg_idm_ecid_wtls3;
+static const int NID_wap_wsg_idm_ecid_wtls4;
+static const int NID_wap_wsg_idm_ecid_wtls5;
+static const int NID_wap_wsg_idm_ecid_wtls6;
+static const int NID_wap_wsg_idm_ecid_wtls7;
+static const int NID_wap_wsg_idm_ecid_wtls8;
+static const int NID_wap_wsg_idm_ecid_wtls9;
+static const int NID_wap_wsg_idm_ecid_wtls10;
+static const int NID_wap_wsg_idm_ecid_wtls11;
+static const int NID_wap_wsg_idm_ecid_wtls12;
+static const int NID_ipsec3;
+static const int NID_ipsec4;
+static const char *const SN_X9_62_c2pnb163v1;
+static const char *const SN_X9_62_c2pnb163v2;
+static const char *const SN_X9_62_c2pnb163v3;
+static const char *const SN_X9_62_c2pnb176v1;
+static const char *const SN_X9_62_c2tnb191v1;
+static const char *const SN_X9_62_c2tnb191v2;
+static const char *const SN_X9_62_c2tnb191v3;
+static const char *const SN_X9_62_c2onb191v4;
+static const char *const SN_X9_62_c2onb191v5;
+static const char *const SN_X9_62_c2pnb208w1;
+static const char *const SN_X9_62_c2tnb239v1;
+static const char *const SN_X9_62_c2tnb239v2;
+static const char *const SN_X9_62_c2tnb239v3;
+static const char *const SN_X9_62_c2onb239v4;
+static const char *const SN_X9_62_c2onb239v5;
+static const char *const SN_X9_62_c2pnb272w1;
+static const char *const SN_X9_62_c2pnb304w1;
+static const char *const SN_X9_62_c2tnb359v1;
+static const char *const SN_X9_62_c2pnb368w1;
+static const char *const SN_X9_62_c2tnb431r1;
+static const char *const SN_X9_62_prime192v1;
+static const char *const SN_X9_62_prime192v2;
+static const char *const SN_X9_62_prime192v3;
+static const char *const SN_X9_62_prime239v1;
+static const char *const SN_X9_62_prime239v2;
+static const char *const SN_X9_62_prime239v3;
+static const char *const SN_X9_62_prime256v1;
+static const char *const SN_secp112r1;
+static const char *const SN_secp112r2;
+static const char *const SN_secp128r1;
+static const char *const SN_secp128r2;
+static const char *const SN_secp160k1;
+static const char *const SN_secp160r1;
+static const char *const SN_secp160r2;
+static const char *const SN_sect163k1;
+static const char *const SN_sect163r1;
+static const char *const SN_sect163r2;
+static const char *const SN_secp192k1;
+static const char *const SN_secp224k1;
+static const char *const SN_secp224r1;
+static const char *const SN_secp256k1;
+static const char *const SN_secp384r1;
+static const char *const SN_secp521r1;
+static const char *const SN_sect113r1;
+static const char *const SN_sect113r2;
+static const char *const SN_sect131r1;
+static const char *const SN_sect131r2;
+static const char *const SN_sect193r1;
+static const char *const SN_sect193r2;
+static const char *const SN_sect233k1;
+static const char *const SN_sect233r1;
+static const char *const SN_sect239k1;
+static const char *const SN_sect283k1;
+static const char *const SN_sect283r1;
+static const char *const SN_sect409k1;
+static const char *const SN_sect409r1;
+static const char *const SN_sect571k1;
+static const char *const SN_sect571r1;
+static const char *const SN_wap_wsg_idm_ecid_wtls1;
+static const char *const SN_wap_wsg_idm_ecid_wtls3;
+static const char *const SN_wap_wsg_idm_ecid_wtls4;
+static const char *const SN_wap_wsg_idm_ecid_wtls5;
+static const char *const SN_wap_wsg_idm_ecid_wtls6;
+static const char *const SN_wap_wsg_idm_ecid_wtls7;
+static const char *const SN_wap_wsg_idm_ecid_wtls8;
+static const char *const SN_wap_wsg_idm_ecid_wtls9;
+static const char *const SN_wap_wsg_idm_ecid_wtls10;
+static const char *const SN_wap_wsg_idm_ecid_wtls11;
+static const char *const SN_wap_wsg_idm_ecid_wtls12;
+static const char *const SN_ipsec3;
+static const char *const SN_ipsec4;
"""
FUNCTIONS = """
@@ -47,6 +191,23 @@
"""
CUSTOMIZATIONS = """
+// OpenSSL 0.9.8g+
+#if OPENSSL_VERSION_NUMBER >= 0x0090807fL
+static const long Cryptography_HAS_ECDSA_SHA2_NIDS = 1;
+#else
+static const long Cryptography_HAS_ECDSA_SHA2_NIDS = 0;
+static const int NID_ecdsa_with_SHA224 = 0;
+static const int NID_ecdsa_with_SHA256 = 0;
+static const int NID_ecdsa_with_SHA384 = 0;
+static const int NID_ecdsa_with_SHA512 = 0;
+#endif
"""
-CONDITIONAL_NAMES = {}
+CONDITIONAL_NAMES = {
+ "Cryptography_HAS_ECDSA_SHA2_NIDS": [
+ "NID_ecdsa_with_SHA224",
+ "NID_ecdsa_with_SHA256",
+ "NID_ecdsa_with_SHA384",
+ "NID_ecdsa_with_SHA512",
+ ],
+}
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index 25e4967..25bef49 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -37,6 +37,8 @@
static const int Cryptography_HAS_OP_NO_COMPRESSION;
static const int Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING;
+static const int Cryptography_HAS_SSL_SET_SSL_CTX;
+static const int Cryptography_HAS_SSL_OP_NO_TICKET;
static const int SSL_FILETYPE_PEM;
static const int SSL_FILETYPE_ASN1;
@@ -150,7 +152,6 @@
int SSL_library_init(void);
/* SSL */
-SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *);
SSL_SESSION *SSL_get1_session(SSL *);
int SSL_set_session(SSL *, SSL_SESSION *);
int SSL_get_verify_mode(const SSL *);
@@ -187,8 +188,6 @@
void SSL_CTX_set_verify(SSL_CTX *, int, int (*)(int, X509_STORE_CTX *));
void SSL_CTX_set_verify_depth(SSL_CTX *, int);
int (*SSL_CTX_get_verify_callback(const SSL_CTX *))(int, X509_STORE_CTX *);
-void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int));
-void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int);
int SSL_CTX_get_verify_mode(const SSL_CTX *);
int SSL_CTX_get_verify_depth(const SSL_CTX *);
int SSL_CTX_set_cipher_list(SSL_CTX *, const char *);
@@ -304,6 +303,14 @@
int (*)(const SSL *, int *, void *));
long SSL_session_reused(SSL *);
+
+/* The following were macros in 0.9.8e. Once we drop support for RHEL/CentOS 5
+ we should move these back to FUNCTIONS. */
+void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int));
+void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int);
+/* This function does not exist in 0.9.8e. Once we drop support for
+ RHEL/CentOS 5 this can be moved back to FUNCTIONS. */
+SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *);
"""
CUSTOMIZATIONS = """
@@ -371,6 +378,22 @@
#ifdef OPENSSL_NO_EC
long (*SSL_CTX_set_tmp_ecdh)(SSL_CTX *, EC_KEY *) = NULL;
#endif
+
+#ifdef SSL_OP_NO_TICKET
+static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
+#else
+static const long Cryptography_HAS_SSL_OP_NO_TICKET = 0;
+const long SSL_OP_NO_TICKET = 0;
+#endif
+
+// OpenSSL 0.9.8f+
+#if OPENSSL_VERSION_NUMBER >= 0x00908070L
+static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
+#else
+static const long Cryptography_HAS_SSL_SET_SSL_CTX = 0;
+static const int TLSEXT_NAMETYPE_host_name = 0;
+SSL_CTX *(*SSL_set_SSL_CTX)(SSL *, SSL_CTX *) = NULL;
+#endif
"""
CONDITIONAL_NAMES = {
@@ -414,5 +437,14 @@
"Cryptography_HAS_EC": [
"SSL_CTX_set_tmp_ecdh",
- ]
+ ],
+
+ "Cryptography_HAS_SSL_OP_NO_TICKET": [
+ "SSL_OP_NO_TICKET",
+ ],
+
+ "Cryptography_HAS_SSL_SET_SSL_CTX": [
+ "SSL_set_SSL_CTX",
+ "TLSEXT_NAMETYPE_host_name",
+ ],
}
diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py
index 95c88b3..e8b036c 100644
--- a/cryptography/hazmat/bindings/openssl/x509.py
+++ b/cryptography/hazmat/bindings/openssl/x509.py
@@ -120,8 +120,6 @@
int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *);
int X509_REQ_verify(X509_REQ *, EVP_PKEY *);
EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *);
-int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *);
-X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *);
int X509_REQ_print_ex(BIO *, X509_REQ *, unsigned long, unsigned long);
int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
@@ -208,9 +206,18 @@
/* These aren't macros these arguments are all const X on openssl > 1.0.x */
int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *);
int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
+
+/* these use STACK_OF(X509_EXTENSION) in 0.9.8e. Once we drop support for
+ RHEL/CentOS 5 we should move these back to FUNCTIONS. */
+int X509_REQ_add_extensions(X509_REQ *, X509_EXTENSIONS *);
+X509_EXTENSIONS *X509_REQ_get_extensions(X509_REQ *);
"""
CUSTOMIZATIONS = """
+// OpenSSL 0.9.8e does not have this definition
+#if OPENSSL_VERSION_NUMBER <= 0x0090805fL
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+#endif
"""
CONDITIONAL_NAMES = {}
diff --git a/cryptography/hazmat/primitives/kdf/pbkdf2.py b/cryptography/hazmat/primitives/kdf/pbkdf2.py
index 71b8821..3942778 100644
--- a/cryptography/hazmat/primitives/kdf/pbkdf2.py
+++ b/cryptography/hazmat/primitives/kdf/pbkdf2.py
@@ -17,7 +17,7 @@
from cryptography import utils
from cryptography.exceptions import (
- InvalidKey, UnsupportedAlgorithm, AlreadyFinalized
+ InvalidKey, UnsupportedHash, AlreadyFinalized
)
from cryptography.hazmat.primitives import constant_time, interfaces
@@ -26,7 +26,7 @@
class PBKDF2HMAC(object):
def __init__(self, algorithm, length, salt, iterations, backend):
if not backend.pbkdf2_hmac_supported(algorithm):
- raise UnsupportedAlgorithm(
+ raise UnsupportedHash(
"{0} is not supported for PBKDF2 by this backend".format(
algorithm.name)
)
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index 7f9ae34..48c4bca 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -25,11 +25,24 @@
This is raised when additional data is added to a context after update
has already been called.
+.. class:: UnsupportedCipher
-.. class:: UnsupportedAlgorithm
+ .. versionadded:: 0.3
- This is raised when a backend doesn't support the requested algorithm (or
- combination of algorithms).
+ This is raised when a backend doesn't support the requested cipher
+ algorithm and mode combination.
+
+.. class:: UnsupportedHash
+
+ .. versionadded:: 0.3
+
+ This is raised when a backend doesn't support the requested hash algorithm.
+
+.. class:: UnsupportedPadding
+
+ .. versionadded:: 0.3
+
+ This is raised when the requested padding is not supported by the backend.
.. class:: InvalidKey
@@ -43,7 +56,3 @@
This is raised when the verify method of a one time password function's
computed token does not match the expected token.
-
-.. class:: UnsupportedPadding
-
- This is raised when the chosen padding is not supported by the backend.
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index af19fbc..a7a9661 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -258,7 +258,7 @@
style key serialization.
.. method:: load_openssl_pem_private_key(data, password)
-
+
:param bytes data: PEM data to deserialize.
:param bytes password: The password to use if this data is encrypted.
diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst
index 6c56aca..86b8585 100644
--- a/docs/hazmat/primitives/cryptographic-hashes.rst
+++ b/docs/hazmat/primitives/cryptographic-hashes.rst
@@ -29,7 +29,7 @@
'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
If the backend doesn't support the requested ``algorithm`` an
- :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised.
+ :class:`~cryptography.exceptions.UnsupportedHash` will be raised.
Keep in mind that attacks against cryptographic hashes only get stronger
with time, and that often algorithms that were once thought to be strong,
diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst
index 0118be7..1a2838f 100644
--- a/docs/hazmat/primitives/hmac.rst
+++ b/docs/hazmat/primitives/hmac.rst
@@ -35,7 +35,7 @@
'#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J'
If the backend doesn't support the requested ``algorithm`` an
- :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised.
+ :class:`~cryptography.exceptions.UnsupportedHash` will be raised.
To check that a given signature is correct use the :meth:`verify` method.
You will receive an exception if the signature is wrong:
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 2306c5b..2bc25c5 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -61,7 +61,7 @@
provider.
If the backend doesn't support the requested combination of ``cipher``
- and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm`
+ and ``mode`` an :class:`~cryptography.exceptions.UnsupportedCipher`
will be raised.
.. method:: decryptor()
@@ -71,7 +71,7 @@
provider.
If the backend doesn't support the requested combination of ``cipher``
- and ``mode`` an :class:`cryptography.exceptions.UnsupportedAlgorithm`
+ and ``mode`` an :class:`cryptography.exceptions.UnsupportedCipher`
will be raised.
.. _symmetric-encryption-algorithms:
diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
index 7cc0f72..7feb0c7 100644
--- a/tests/hazmat/backends/test_commoncrypto.py
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -14,7 +14,7 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, InternalError
+from cryptography.exceptions import UnsupportedCipher, InternalError
from cryptography.hazmat.bindings.commoncrypto.binding import Binding
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.ciphers.algorithms import AES
@@ -61,5 +61,5 @@
cipher = Cipher(
DummyCipher(), GCM(b"fake_iv_here"), backend=b,
)
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedCipher):
cipher.encryptor()
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index 6316818..87ef044 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -14,7 +14,9 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.exceptions import (
+ UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
+)
from cryptography.hazmat.backends.interfaces import (
CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend
)
@@ -34,11 +36,11 @@
def create_symmetric_encryption_ctx(self, algorithm, mode):
if not self.cipher_supported(algorithm, mode):
- raise UnsupportedAlgorithm
+ raise UnsupportedCipher
def create_symmetric_decryption_ctx(self, algorithm, mode):
if not self.cipher_supported(algorithm, mode):
- raise UnsupportedAlgorithm
+ raise UnsupportedCipher
@utils.register_interface(HashBackend)
@@ -51,7 +53,7 @@
def create_hash_ctx(self, algorithm):
if not self.hash_supported(algorithm):
- raise UnsupportedAlgorithm
+ raise UnsupportedHash
@utils.register_interface(HMACBackend)
@@ -64,7 +66,7 @@
def create_hmac_ctx(self, key, algorithm):
if not self.hmac_supported(algorithm):
- raise UnsupportedAlgorithm
+ raise UnsupportedHash
@utils.register_interface(PBKDF2HMACBackend)
@@ -78,7 +80,7 @@
def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
key_material):
if not self.pbkdf2_hmac_supported(algorithm):
- raise UnsupportedAlgorithm
+ raise UnsupportedHash
@utils.register_interface(RSABackend)
@@ -119,9 +121,9 @@
modes.CBC(b"\x00" * 16),
backend=backend
)
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedCipher):
cipher.encryptor()
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedCipher):
cipher.decryptor()
def test_hashes(self):
@@ -132,7 +134,7 @@
hashes.Hash(hashes.MD5(), backend=backend)
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedHash):
hashes.Hash(hashes.SHA1(), backend=backend)
def test_hmac(self):
@@ -143,7 +145,7 @@
hmac.HMAC(b"", hashes.MD5(), backend=backend)
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedHash):
hmac.HMAC(b"", hashes.SHA1(), backend=backend)
def test_pbkdf2(self):
@@ -154,7 +156,7 @@
backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedHash):
backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
def test_rsa(self):
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 42c1b39..c679218 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -14,7 +14,9 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, InternalError
+from cryptography.exceptions import (
+ UnsupportedCipher, UnsupportedHash, InternalError
+)
from cryptography.hazmat.backends.openssl.backend import backend, Backend
from cryptography.hazmat.primitives import interfaces, hashes
from cryptography.hazmat.primitives.ciphers import Cipher
@@ -68,7 +70,7 @@
cipher = Cipher(
DummyCipher(), mode, backend=b,
)
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedCipher):
cipher.encryptor()
def test_consume_errors(self):
@@ -130,7 +132,7 @@
def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self):
if backend.pbkdf2_hmac_supported(hashes.SHA256()):
pytest.skip("Requires an older OpenSSL")
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedHash):
backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"")
# This test is not in the next class because to check if it's really
diff --git a/tests/hazmat/primitives/test_block.py b/tests/hazmat/primitives/test_block.py
index f758ffa..8ff00fd 100644
--- a/tests/hazmat/primitives/test_block.py
+++ b/tests/hazmat/primitives/test_block.py
@@ -18,9 +18,7 @@
import pytest
from cryptography import utils
-from cryptography.exceptions import (
- UnsupportedAlgorithm, AlreadyFinalized,
-)
+from cryptography.exceptions import UnsupportedCipher, AlreadyFinalized
from cryptography.hazmat.primitives import interfaces
from cryptography.hazmat.primitives.ciphers import (
Cipher, algorithms, modes
@@ -116,10 +114,10 @@
cipher = Cipher(
DummyCipher(), mode, backend
)
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedCipher):
cipher.encryptor()
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedCipher):
cipher.decryptor()
def test_incorrectly_padded(self, backend):
diff --git a/tests/hazmat/primitives/test_hashes.py b/tests/hazmat/primitives/test_hashes.py
index 9ca2fee..fc53d63 100644
--- a/tests/hazmat/primitives/test_hashes.py
+++ b/tests/hazmat/primitives/test_hashes.py
@@ -20,7 +20,7 @@
import six
from cryptography import utils
-from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm
+from cryptography.exceptions import AlreadyFinalized, UnsupportedHash
from cryptography.hazmat.primitives import hashes, interfaces
from .utils import generate_base_hash_test
@@ -65,7 +65,7 @@
h.finalize()
def test_unsupported_hash(self, backend):
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedHash):
hashes.Hash(UnsupportedDummyHash(), backend)
diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py
index dd9cdaa..88bed52 100644
--- a/tests/hazmat/primitives/test_hmac.py
+++ b/tests/hazmat/primitives/test_hmac.py
@@ -21,7 +21,7 @@
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, UnsupportedAlgorithm, InvalidSignature
+ AlreadyFinalized, UnsupportedHash, InvalidSignature
)
from cryptography.hazmat.primitives import hashes, hmac, interfaces
@@ -102,5 +102,5 @@
h.verify(six.u(''))
def test_unsupported_hash(self, backend):
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedHash):
hmac.HMAC(b"key", UnsupportedDummyHash(), backend)
diff --git a/tests/hazmat/primitives/test_pbkdf2hmac.py b/tests/hazmat/primitives/test_pbkdf2hmac.py
index 6ad225a..f895935 100644
--- a/tests/hazmat/primitives/test_pbkdf2hmac.py
+++ b/tests/hazmat/primitives/test_pbkdf2hmac.py
@@ -18,7 +18,7 @@
from cryptography import utils
from cryptography.exceptions import (
- InvalidKey, UnsupportedAlgorithm, AlreadyFinalized
+ InvalidKey, UnsupportedHash, AlreadyFinalized
)
from cryptography.hazmat.primitives import hashes, interfaces
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
@@ -48,7 +48,7 @@
kdf.verify(b"password", key)
def test_unsupported_algorithm(self):
- with pytest.raises(UnsupportedAlgorithm):
+ with pytest.raises(UnsupportedHash):
PBKDF2HMAC(DummyHash(), 20, b"salt", 10, default_backend())
def test_invalid_key(self):