diff options
| author | David Reid <dreid@dreid.org> | 2014-02-04 16:49:28 -0800 |
|---|---|---|
| committer | David Reid <dreid@dreid.org> | 2014-02-04 16:49:28 -0800 |
| commit | 6781094003b86c0a6997452876ae63acd49809e1 (patch) | |
| tree | 7c5a810630a5417913be50e788fd5024a33ff129 | |
| parent | e45826f8dc75dd159582ecc15dfc7626ef908a1f (diff) | |
| parent | 09d08ae07a72506b81bc640a2af70397f3ab2594 (diff) | |
| download | cryptography-6781094003b86c0a6997452876ae63acd49809e1.tar.gz cryptography-6781094003b86c0a6997452876ae63acd49809e1.tar.bz2 cryptography-6781094003b86c0a6997452876ae63acd49809e1.zip | |
Merge pull request #561 from alex/unsupported-algorithm
Made OpenSSL's derive_pbkdf2_hmac raise the right exception
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 7 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 8 |
2 files changed, 12 insertions, 3 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 67b365fa..74faee57 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -162,8 +162,11 @@ class Backend(object): ) assert res == 1 else: - # OpenSSL < 1.0.0 - assert isinstance(algorithm, hashes.SHA1) + if not isinstance(algorithm, hashes.SHA1): + raise UnsupportedAlgorithm( + "This version of OpenSSL only supports PBKDF2HMAC with " + "SHA1" + ) res = self._lib.PKCS5_PBKDF2_HMAC_SHA1( key_material, len(key_material), diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 9f00364f..ea04c133 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -16,7 +16,7 @@ import pytest from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, InternalError from cryptography.hazmat.backends.openssl.backend import backend, Backend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import interfaces, hashes from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC @@ -146,3 +146,9 @@ class TestOpenSSL(object): b"error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:" b"data not multiple of block length" ) + + def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self): + if backend.pbkdf2_hmac_supported(hashes.SHA256()): + pytest.skip("Requires an older OpenSSL") + with pytest.raises(UnsupportedAlgorithm): + backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") |