lower ciphername, add api supports, improved assertion message
* supports method added to api to check if a ciphername is available.
This will be used with skipif (and probably elsewhere)
* ciphername lowered. OpenSSL frequently supports aliases for various
casing, but reliably supports all lowercase.
(e.g. camellia-128-cbc, vs Camellia-128-CBC)
* When a cipher is not found an error will now be raised telling you
what string cipher it couldn't find. This should probably become a
real error like CipherNotFoundError.
diff --git a/cryptography/bindings/openssl/api.py b/cryptography/bindings/openssl/api.py
index 1292778..073cb53 100644
--- a/cryptography/bindings/openssl/api.py
+++ b/cryptography/bindings/openssl/api.py
@@ -72,6 +72,10 @@
"""
return self.ffi.string(self.lib.OPENSSL_VERSION_TEXT).decode("ascii")
+ def supports(self, ciphername):
+ return (self._ffi.NULL !=
+ self._lib.EVP_get_cipherbyname(ciphername.encode("ascii")))
+
def create_block_cipher_context(self, cipher, mode):
ctx = self.ffi.new("EVP_CIPHER_CTX *")
res = self.lib.EVP_CIPHER_CTX_init(ctx)
@@ -80,9 +84,10 @@
# TODO: compute name using a better algorithm
ciphername = "{0}-{1}-{2}".format(
cipher.name, cipher.key_size, mode.name
- )
- evp_cipher = self.lib.EVP_get_cipherbyname(ciphername.encode("ascii"))
- assert evp_cipher != self.ffi.NULL
+ ).lower()
+ evp_cipher = self._lib.EVP_get_cipherbyname(ciphername.encode("ascii"))
+ if evp_cipher == self._ffi.NULL:
+ raise AssertionError("Unsupported cipher: {0}".format(ciphername))
if isinstance(mode, interfaces.ModeWithInitializationVector):
iv_nonce = mode.initialization_vector
else: