diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/backend.py | 6 | ||||
| -rw-r--r-- | docs/hazmat/primitives/hmac.rst | 2 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hmac.py | 14 |
3 files changed, 19 insertions, 3 deletions
diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py index 588a4273..94826874 100644 --- a/cryptography/hazmat/backends/openssl/backend.py +++ b/cryptography/hazmat/backends/openssl/backend.py @@ -442,7 +442,11 @@ class _HMACContext(object): ctx = self._backend.ffi.gc(ctx, self._backend.lib.HMAC_CTX_cleanup) evp_md = self._backend.lib.EVP_get_digestbyname( algorithm.name.encode('ascii')) - assert evp_md != self._backend.ffi.NULL + if evp_md == self._backend.ffi.NULL: + raise UnsupportedAlgorithm( + "{0} is not a supported hash on this backend".format( + algorithm.name) + ) res = self._backend.lib.Cryptography_HMAC_Init_ex( ctx, key, len(key), evp_md, self._backend.ffi.NULL ) diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index 0c0d0220..0547b7d2 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -34,6 +34,8 @@ message. >>> h.finalize() '#F\xdaI\x8b"e\xc4\xf1\xbb\x9a\x8fc\xff\xf5\xdex.\xbc\xcd/+\x8a\x86\x1d\x84\'\xc3\xa6\x1d\xd8J' + If the backend doesn't support the requested ``algorithm`` an + :class:`~cryptography.exceptions.UnsupportedAlgorithm` will be raised. :param key: Secret key as ``bytes``. :param algorithm: A diff --git a/tests/hazmat/primitives/test_hmac.py b/tests/hazmat/primitives/test_hmac.py index 992bcb1a..124c4377 100644 --- a/tests/hazmat/primitives/test_hmac.py +++ b/tests/hazmat/primitives/test_hmac.py @@ -19,12 +19,18 @@ import pytest import six -from cryptography.exceptions import AlreadyFinalized -from cryptography.hazmat.primitives import hashes, hmac +from cryptography import utils +from cryptography.exceptions import AlreadyFinalized, UnsupportedAlgorithm +from cryptography.hazmat.primitives import hashes, hmac, interfaces from .utils import generate_base_hmac_test +@utils.register_interface(interfaces.HashAlgorithm) +class UnsupportedDummyHash(object): + name = "unsupported-dummy-hash" + + class TestHMAC(object): test_copy = generate_base_hmac_test( hashes.MD5(), @@ -63,3 +69,7 @@ class TestHMAC(object): with pytest.raises(AlreadyFinalized): h.finalize() + + def test_unsupported_hash(self, backend): + with pytest.raises(UnsupportedAlgorithm): + hmac.HMAC(b"key", UnsupportedDummyHash(), backend) |