diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 7 | ||||
| -rw-r--r-- | tests/hazmat/backends/test_openssl.py | 8 |
2 files changed, 12 insertions, 3 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 67b365fa..74faee57 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -162,8 +162,11 @@ class Backend(object): ) assert res == 1 else: - # OpenSSL < 1.0.0 - assert isinstance(algorithm, hashes.SHA1) + if not isinstance(algorithm, hashes.SHA1): + raise UnsupportedAlgorithm( + "This version of OpenSSL only supports PBKDF2HMAC with " + "SHA1" + ) res = self._lib.PKCS5_PBKDF2_HMAC_SHA1( key_material, len(key_material), diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py index 9f00364f..ea04c133 100644 --- a/tests/hazmat/backends/test_openssl.py +++ b/tests/hazmat/backends/test_openssl.py @@ -16,7 +16,7 @@ import pytest from cryptography import utils from cryptography.exceptions import UnsupportedAlgorithm, InternalError from cryptography.hazmat.backends.openssl.backend import backend, Backend -from cryptography.hazmat.primitives import interfaces +from cryptography.hazmat.primitives import interfaces, hashes from cryptography.hazmat.primitives.ciphers import Cipher from cryptography.hazmat.primitives.ciphers.algorithms import AES from cryptography.hazmat.primitives.ciphers.modes import CBC @@ -146,3 +146,9 @@ class TestOpenSSL(object): b"error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:" b"data not multiple of block length" ) + + def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self): + if backend.pbkdf2_hmac_supported(hashes.SHA256()): + pytest.skip("Requires an older OpenSSL") + with pytest.raises(UnsupportedAlgorithm): + backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"") |