3 files changed, 47 insertions, 62 deletions

diff --git a/cryptography/hazmat/backends/openssl/backend.py b/cryptography/hazmat/backends/openssl/backend.py
index e3f421a5..d2744cf3 100644
--- a/cryptography/hazmat/backends/openssl/backend.py
+++ b/cryptography/hazmat/backends/openssl/backend.py
@@ -734,7 +734,8 @@ class _RSASignatureContext(object):
             # PSS signature length (salt length is checked later)
             key_size_bytes = int(math.ceil(private_key.key_size / 8.0))
             if key_size_bytes - algorithm.digest_size - 2 < 0:
-                raise ValueError("Digest too large for key size.")
+                raise ValueError("Digest too large for key size. Use a larger "
+                                 "key.")
 
             if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
                 raise UnsupportedHash(
@@ -830,7 +831,8 @@ class _RSASignatureContext(object):
             assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
             assert (errors[0].reason ==
                     self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE)
-            raise ValueError("Salt length too long for key size")
+            raise ValueError("Salt length too long for key size. Try using "
+                             "MAX_LENGTH instead.")
 
         return self._backend._ffi.buffer(buf)[:]
 
@@ -872,7 +874,8 @@ class _RSASignatureContext(object):
             assert errors[0].lib == self._backend._lib.ERR_LIB_RSA
             assert (errors[0].reason ==
                     self._backend._lib.RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE)
-            raise ValueError("Salt length too long for key size")
+            raise ValueError("Salt length too long for key size. Try using "
+                             "MAX_LENGTH instead.")
 
         sig_buf = self._backend._ffi.new("char[]", pkey_size)
         sig_len = self._backend._lib.RSA_private_encrypt(
@@ -913,7 +916,10 @@ class _RSAVerificationContext(object):
             # PSS signature length (salt length is checked later)
             key_size_bytes = int(math.ceil(public_key.key_size / 8.0))
             if key_size_bytes - algorithm.digest_size - 2 < 0:
-                raise ValueError("Digest too large for key size.")
+                raise ValueError(
+                    "Digest too large for key size. Check that you have the "
+                    "correct key and digest algorithm."
+                )
 
             if not self._backend.mgf1_hash_supported(padding._mgf._algorithm):
                 raise UnsupportedHash(
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 957e70a3..eb7e1e60 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -28,7 +28,7 @@ from cryptography.exceptions import (
 from cryptography.hazmat.primitives import hashes, interfaces
 from cryptography.hazmat.primitives.asymmetric import padding, rsa
 
-from .utils import generate_rsa_verification_test, rsa_pss_signing_test
+from .utils import generate_rsa_verification_test
 from ...utils import (
     load_pkcs1_vectors, load_rsa_nist_vectors, load_vectors_from_file
 )
@@ -483,33 +483,42 @@ class TestRSASignature(object):
         verifier.update(binascii.unhexlify(example["message"]))
         verifier.verify()
 
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA224()),
-        skip_message="Does not support SHA224 with MGF1."
-    )
-    def test_pss_signing_sha224(self, backend):
-        rsa_pss_signing_test(backend, hashes.SHA224())
-
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA256()),
-        skip_message="Does not support SHA256 with MGF1."
-    )
-    def test_pss_signing_sha256(self, backend):
-        rsa_pss_signing_test(backend, hashes.SHA256())
-
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA384()),
-        skip_message="Does not support SHA384 with MGF1."
-    )
-    def test_pss_signing_sha384(self, backend):
-        rsa_pss_signing_test(backend, hashes.SHA384())
-
-    @pytest.mark.supported(
-        only_if=lambda backend: backend.mgf1_hash_supported(hashes.SHA512()),
-        skip_message="Does not support SHA512 with MGF1."
+    @pytest.mark.parametrize(
+        "hash_alg",
+        [hashes.SHA224(), hashes.SHA256(), hashes.SHA384(), hashes.SHA512()]
     )
-    def test_pss_signing_sha512(self, backend):
-        rsa_pss_signing_test(backend, hashes.SHA512())
+    def test_pss_signing_sha2(self, hash_alg, backend):
+        if not backend.mgf1_hash_supported(hash_alg):
+            pytest.skip(
+                "Does not support {0} with MGF1.".format(hash_alg.name)
+            )
+        private_key = rsa.RSAPrivateKey.generate(
+            public_exponent=65537,
+            key_size=768,
+            backend=backend
+        )
+        public_key = private_key.public_key()
+        pss = padding.PSS(
+            mgf=padding.MGF1(
+                algorithm=hash_alg,
+                salt_length=padding.MGF1.MAX_LENGTH
+            )
+        )
+        signer = private_key.signer(
+            pss,
+            hash_alg,
+            backend
+        )
+        signer.update(b"testing signature")
+        signature = signer.finalize()
+        verifier = public_key.verifier(
+            signature,
+            pss,
+            hash_alg,
+            backend
+        )
+        verifier.update(b"testing signature")
+        verifier.verify()
 
     @pytest.mark.supported(
         only_if=lambda backend: backend.hash_supported(hashes.SHA512()),
diff --git a/tests/hazmat/primitives/utils.py b/tests/hazmat/primitives/utils.py
index 76212daa..2e838474 100644
--- a/tests/hazmat/primitives/utils.py
+++ b/tests/hazmat/primitives/utils.py
@@ -24,7 +24,7 @@ from cryptography.exceptions import (
     NotYetFinalized
 )
 from cryptography.hazmat.primitives import hashes, hmac
-from cryptography.hazmat.primitives.asymmetric import padding, rsa
+from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives.ciphers import Cipher
 from cryptography.hazmat.primitives.kdf.hkdf import HKDF
 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
@@ -406,33 +406,3 @@ def rsa_verification_test(backend, params, hash_alg, pad_factory):
             verifier.verify()
     else:
         verifier.verify()
-
-
-def rsa_pss_signing_test(backend, hash_alg):
-    private_key = rsa.RSAPrivateKey.generate(
-        public_exponent=65537,
-        key_size=768,
-        backend=backend
-    )
-    public_key = private_key.public_key()
-    pss = padding.PSS(
-        mgf=padding.MGF1(
-            algorithm=hash_alg,
-            salt_length=padding.MGF1.MAX_LENGTH
-        )
-    )
-    signer = private_key.signer(
-        pss,
-        hash_alg,
-        backend
-    )
-    signer.update(b"testing signature")
-    signature = signer.finalize()
-    verifier = public_key.verifier(
-        signature,
-        pss,
-        hash_alg,
-        backend
-    )
-    verifier.update(b"testing signature")
-    verifier.verify()