Merge remote-tracking branch 'upstream/master'
diff --git a/cryptography/hazmat/bindings/openssl/rsa.py b/cryptography/hazmat/bindings/openssl/rsa.py
index 359305c..f895cd0 100644
--- a/cryptography/hazmat/bindings/openssl/rsa.py
+++ b/cryptography/hazmat/bindings/openssl/rsa.py
@@ -37,6 +37,7 @@
static const int RSA_F4;
static const int Cryptography_HAS_PSS_PADDING;
+static const int Cryptography_HAS_MGF1_MD;
"""
FUNCTIONS = """
@@ -70,6 +71,7 @@
MACROS = """
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *, int);
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *, int);
+int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *, EVP_MD *);
"""
CUSTOMIZATIONS = """
@@ -82,6 +84,12 @@
int (*EVP_PKEY_CTX_set_rsa_pss_saltlen)(EVP_PKEY_CTX *, int) = NULL;
static const long RSA_PKCS1_PSS_PADDING = 0;
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1000100f
+static const long Cryptography_HAS_MGF1_MD = 1;
+#else
+static const long Cryptography_HAS_MGF1_MD = 0;
+int (*EVP_PKEY_CTX_set_rsa_mgf1_md)(EVP_PKEY_CTX *, EVP_MD *) = NULL;
+#endif
"""
CONDITIONAL_NAMES = {
@@ -92,4 +100,7 @@
"Cryptography_HAS_PSS_PADDING": [
"RSA_PKCS1_PSS_PADDING",
],
+ "Cryptography_HAS_MGF1_MD": [
+ "EVP_PKEY_CTX_set_rsa_mgf1_md",
+ ],
}
diff --git a/cryptography/hazmat/primitives/twofactor/hotp.py b/cryptography/hazmat/primitives/twofactor/hotp.py
index 88bde71..8326022 100644
--- a/cryptography/hazmat/primitives/twofactor/hotp.py
+++ b/cryptography/hazmat/primitives/twofactor/hotp.py
@@ -27,6 +27,9 @@
if len(key) < 16:
raise ValueError("Key length has to be at least 128 bits.")
+ if not isinstance(length, six.integer_types):
+ raise TypeError("Length parameter must be an integer type")
+
if length < 6 or length > 8:
raise ValueError("Length of HOTP has to be between 6 to 8.")
diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst
index 0e78143..3912d48 100644
--- a/docs/hazmat/primitives/twofactor.rst
+++ b/docs/hazmat/primitives/twofactor.rst
@@ -50,7 +50,8 @@
:raises TypeError: This is raised if the provided ``algorithm`` is not
:class:`~cryptography.hazmat.primitives.hashes.SHA1()`,
:class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
- :class:`~cryptography.hazmat.primitives.hashes.SHA512()`.
+ :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
+ ``length`` parameter is not an integer.
.. method:: generate(counter)
@@ -145,7 +146,8 @@
:raises TypeError: This is raised if the provided ``algorithm`` is not
:class:`~cryptography.hazmat.primitives.hashes.SHA1()`,
:class:`~cryptography.hazmat.primitives.hashes.SHA256()` or
- :class:`~cryptography.hazmat.primitives.hashes.SHA512()`.
+ :class:`~cryptography.hazmat.primitives.hashes.SHA512()` or if the
+ ``length`` parameter is not an integer.
.. method:: generate(time)
diff --git a/tests/hazmat/primitives/twofactor/test_hotp.py b/tests/hazmat/primitives/twofactor/test_hotp.py
index 4c726b7..0f8c4a5 100644
--- a/tests/hazmat/primitives/twofactor/test_hotp.py
+++ b/tests/hazmat/primitives/twofactor/test_hotp.py
@@ -87,3 +87,9 @@
with pytest.raises(InvalidToken):
hotp.verify(b"123456", counter)
+
+ def test_length_not_int(self, backend):
+ secret = b"12345678901234567890"
+
+ with pytest.raises(TypeError):
+ HOTP(secret, b"foo", SHA1(), backend)