aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/backends/commoncrypto/hmac.py2
-rw-r--r--cryptography/hazmat/backends/openssl/cmac.py2
-rw-r--r--cryptography/hazmat/backends/openssl/hmac.py2
-rw-r--r--cryptography/hazmat/primitives/cmac.py8
-rw-r--r--cryptography/hazmat/primitives/hmac.py12
5 files changed, 12 insertions, 14 deletions
diff --git a/cryptography/hazmat/backends/commoncrypto/hmac.py b/cryptography/hazmat/backends/commoncrypto/hmac.py
index b4c7cc3c..ee7e3abb 100644
--- a/cryptography/hazmat/backends/commoncrypto/hmac.py
+++ b/cryptography/hazmat/backends/commoncrypto/hmac.py
@@ -63,8 +63,6 @@ class _HMACContext(object):
return self._backend._ffi.buffer(buf)[:]
def verify(self, signature):
- if not isinstance(signature, bytes):
- raise TypeError("signature must be bytes.")
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/backends/openssl/cmac.py b/cryptography/hazmat/backends/openssl/cmac.py
index 113188ca..1ad6055b 100644
--- a/cryptography/hazmat/backends/openssl/cmac.py
+++ b/cryptography/hazmat/backends/openssl/cmac.py
@@ -84,8 +84,6 @@ class _CMACContext(object):
)
def verify(self, signature):
- if not isinstance(signature, bytes):
- raise TypeError("signature must be bytes.")
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/backends/openssl/hmac.py b/cryptography/hazmat/backends/openssl/hmac.py
index 07babbf9..c324bd8c 100644
--- a/cryptography/hazmat/backends/openssl/hmac.py
+++ b/cryptography/hazmat/backends/openssl/hmac.py
@@ -85,8 +85,6 @@ class _HMACContext(object):
return self._backend._ffi.buffer(buf)[:outlen[0]]
def verify(self, signature):
- if not isinstance(signature, bytes):
- raise TypeError("signature must be bytes.")
digest = self.finalize()
if not constant_time.bytes_eq(digest, signature):
raise InvalidSignature("Signature did not match digest.")
diff --git a/cryptography/hazmat/primitives/cmac.py b/cryptography/hazmat/primitives/cmac.py
index 7ae5c118..d5e26a57 100644
--- a/cryptography/hazmat/primitives/cmac.py
+++ b/cryptography/hazmat/primitives/cmac.py
@@ -59,9 +59,11 @@ class CMAC(object):
def verify(self, signature):
if not isinstance(signature, bytes):
raise TypeError("signature must be bytes.")
- digest = self.finalize()
- if not constant_time.bytes_eq(digest, signature):
- raise InvalidSignature("Signature did not match digest.")
+ if self._ctx is None:
+ raise AlreadyFinalized("Context was already finalized.")
+
+ ctx, self._ctx = self._ctx, None
+ ctx.verify(signature)
def copy(self):
if self._ctx is None:
diff --git a/cryptography/hazmat/primitives/hmac.py b/cryptography/hazmat/primitives/hmac.py
index 22a31391..47a048ff 100644
--- a/cryptography/hazmat/primitives/hmac.py
+++ b/cryptography/hazmat/primitives/hmac.py
@@ -15,10 +15,10 @@ from __future__ import absolute_import, division, print_function
from cryptography import utils
from cryptography.exceptions import (
- AlreadyFinalized, InvalidSignature, UnsupportedAlgorithm, _Reasons
+ AlreadyFinalized, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.interfaces import HMACBackend
-from cryptography.hazmat.primitives import constant_time, interfaces
+from cryptography.hazmat.primitives import interfaces
@utils.register_interface(interfaces.MACContext)
@@ -71,6 +71,8 @@ class HMAC(object):
def verify(self, signature):
if not isinstance(signature, bytes):
raise TypeError("signature must be bytes.")
- digest = self.finalize()
- if not constant_time.bytes_eq(digest, signature):
- raise InvalidSignature("Signature did not match digest.")
+ if self._ctx is None:
+ raise AlreadyFinalized("Context was already finalized.")
+
+ ctx, self._ctx = self._ctx, None
+ ctx.verify(signature)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 05:13:15 +0000