Merge pull request #1159 from reaperhulk/deprecate-mgf1

deprecate mgf1_hash_supported

3 files changed, 20 insertions, 5 deletions

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index bf97e42d..53d92be3 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -560,6 +560,15 @@ class Backend(object):
                                        algorithm)
 
     def mgf1_hash_supported(self, algorithm):
+        warnings.warn(
+            "mgf1_hash_supported is deprecated and will be removed in "
+            "a future version.",
+            utils.DeprecatedIn05,
+            stacklevel=2
+        )
+        return self._mgf1_hash_supported(algorithm)
+
+    def _mgf1_hash_supported(self, algorithm):
         if self._lib.Cryptography_HAS_MGF1_MD:
             return self.hash_supported(algorithm)
         else:
@@ -569,7 +578,7 @@ class Backend(object):
         if isinstance(padding, PKCS1v15):
             return True
         elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1):
-            return self.mgf1_hash_supported(padding._mgf._algorithm)
+            return self._mgf1_hash_supported(padding._mgf._algorithm)
         elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1):
             return isinstance(padding._mgf._algorithm, hashes.SHA1)
         else:
@@ -1518,7 +1527,7 @@ class _RSASignatureContext(object):
                 raise ValueError("Digest too large for key size. Use a larger "
                                  "key.")
 
-            if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
+            if not self._backend._mgf1_hash_supported(padding._mgf._algorithm):
                 raise UnsupportedAlgorithm(
                     "When OpenSSL is older than 1.0.1 then only SHA1 is "
                     "supported with MGF1.",
@@ -1709,7 +1718,7 @@ class _RSAVerificationContext(object):
                     "correct key and digest algorithm."
                 )
 
-            if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
+            if not self._backend._mgf1_hash_supported(padding._mgf._algorithm):
                 raise UnsupportedAlgorithm(
                     "When OpenSSL is older than 1.0.1 then only SHA1 is "
                     "supported with MGF1.",
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index a18a3d57..9e476f72 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -255,10 +255,13 @@ A specific ``backend`` may provide one or more of these interfaces.
 
     .. method:: mgf1_hash_supported(algorithm)
 
+        ..deprecated:: 0.5
+
         Check if the specified ``algorithm`` is supported for use with
         :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1`
         inside :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`
-        padding.
+        padding. This method is deprecated in favor of
+        ``rsa_padding_supported``.
 
         :param algorithm: An instance of a
             :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm`
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index f9e692b4..0dd91695 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -353,7 +353,10 @@ class TestOpenSSLRSA(object):
             )
 
     def test_unsupported_mgf1_hash_algorithm(self):
-        assert backend.mgf1_hash_supported(DummyHash()) is False
+        assert pytest.deprecated_call(
+            backend.mgf1_hash_supported,
+            DummyHash()
+        ) is False
 
     def test_rsa_padding_unsupported_pss_mgf1_hash(self):
         assert backend.rsa_padding_supported(