3 files changed, 56 insertions, 50 deletions

diff --git a/tests/hazmat/backends/test_commoncrypto.py b/tests/hazmat/backends/test_commoncrypto.py
index 7cc0f72f..7feb0c72 100644
--- a/tests/hazmat/backends/test_commoncrypto.py
+++ b/tests/hazmat/backends/test_commoncrypto.py
@@ -14,7 +14,7 @@
 import pytest
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, InternalError
+from cryptography.exceptions import UnsupportedCipher, InternalError
 from cryptography.hazmat.bindings.commoncrypto.binding import Binding
 from cryptography.hazmat.primitives import interfaces
 from cryptography.hazmat.primitives.ciphers.algorithms import AES
@@ -61,5 +61,5 @@ class TestCommonCrypto(object):
         cipher = Cipher(
             DummyCipher(), GCM(b"fake_iv_here"), backend=b,
         )
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedCipher):
             cipher.encryptor()
diff --git a/tests/hazmat/backends/test_multibackend.py b/tests/hazmat/backends/test_multibackend.py
index ce77ce2f..87ef0446 100644
--- a/tests/hazmat/backends/test_multibackend.py
+++ b/tests/hazmat/backends/test_multibackend.py
@@ -14,12 +14,15 @@
 import pytest
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm
+from cryptography.exceptions import (
+    UnsupportedAlgorithm, UnsupportedCipher, UnsupportedHash
+)
 from cryptography.hazmat.backends.interfaces import (
     CipherBackend, HashBackend, HMACBackend, PBKDF2HMACBackend, RSABackend
 )
 from cryptography.hazmat.backends.multibackend import MultiBackend
 from cryptography.hazmat.primitives import hashes, hmac
+from cryptography.hazmat.primitives.asymmetric import padding
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 
 
@@ -33,11 +36,11 @@ class DummyCipherBackend(object):
 
     def create_symmetric_encryption_ctx(self, algorithm, mode):
         if not self.cipher_supported(algorithm, mode):
-            raise UnsupportedAlgorithm
+            raise UnsupportedCipher
 
     def create_symmetric_decryption_ctx(self, algorithm, mode):
         if not self.cipher_supported(algorithm, mode):
-            raise UnsupportedAlgorithm
+            raise UnsupportedCipher
 
 
 @utils.register_interface(HashBackend)
@@ -50,7 +53,7 @@ class DummyHashBackend(object):
 
     def create_hash_ctx(self, algorithm):
         if not self.hash_supported(algorithm):
-            raise UnsupportedAlgorithm
+            raise UnsupportedHash
 
 
 @utils.register_interface(HMACBackend)
@@ -63,7 +66,7 @@ class DummyHMACBackend(object):
 
     def create_hmac_ctx(self, key, algorithm):
         if not self.hmac_supported(algorithm):
-            raise UnsupportedAlgorithm
+            raise UnsupportedHash
 
 
 @utils.register_interface(PBKDF2HMACBackend)
@@ -77,7 +80,7 @@ class DummyPBKDF2HMACBackend(object):
     def derive_pbkdf2_hmac(self, algorithm, length, salt, iterations,
                            key_material):
         if not self.pbkdf2_hmac_supported(algorithm):
-            raise UnsupportedAlgorithm
+            raise UnsupportedHash
 
 
 @utils.register_interface(RSABackend)
@@ -85,6 +88,13 @@ class DummyRSABackend(object):
     def generate_rsa_private_key(self, public_exponent, private_key):
         pass
 
+    def create_rsa_signature_ctx(self, private_key, padding, algorithm):
+        pass
+
+    def create_rsa_verification_ctx(self, public_key, signature, padding,
+                                    algorithm):
+        pass
+
 
 class TestMultiBackend(object):
     def test_ciphers(self):
@@ -111,9 +121,9 @@ class TestMultiBackend(object):
             modes.CBC(b"\x00" * 16),
             backend=backend
         )
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedCipher):
             cipher.encryptor()
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedCipher):
             cipher.decryptor()
 
     def test_hashes(self):
@@ -124,7 +134,7 @@ class TestMultiBackend(object):
 
         hashes.Hash(hashes.MD5(), backend=backend)
 
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedHash):
             hashes.Hash(hashes.SHA1(), backend=backend)
 
     def test_hmac(self):
@@ -135,7 +145,7 @@ class TestMultiBackend(object):
 
         hmac.HMAC(b"", hashes.MD5(), backend=backend)
 
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedHash):
             hmac.HMAC(b"", hashes.SHA1(), backend=backend)
 
     def test_pbkdf2(self):
@@ -146,7 +156,7 @@ class TestMultiBackend(object):
 
         backend.derive_pbkdf2_hmac(hashes.MD5(), 10, b"", 10, b"")
 
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedHash):
             backend.derive_pbkdf2_hmac(hashes.SHA1(), 10, b"", 10, b"")
 
     def test_rsa(self):
@@ -158,6 +168,20 @@ class TestMultiBackend(object):
             key_size=1024, public_exponent=65537
         )
 
+        backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
+                                         hashes.MD5())
+
+        backend.create_rsa_verification_ctx("public_key", "sig",
+                                            padding.PKCS1v15(), hashes.MD5())
+
         backend = MultiBackend([])
         with pytest.raises(UnsupportedAlgorithm):
             backend.generate_rsa_private_key(key_size=1024, public_exponent=3)
+
+        with pytest.raises(UnsupportedAlgorithm):
+            backend.create_rsa_signature_ctx("private_key", padding.PKCS1v15(),
+                                             hashes.MD5())
+
+        with pytest.raises(UnsupportedAlgorithm):
+            backend.create_rsa_verification_ctx(
+                "public_key", "sig", padding.PKCS1v15(), hashes.MD5())
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index b24808df..c6792185 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -14,7 +14,9 @@
 import pytest
 
 from cryptography import utils
-from cryptography.exceptions import UnsupportedAlgorithm, InternalError
+from cryptography.exceptions import (
+    UnsupportedCipher, UnsupportedHash, InternalError
+)
 from cryptography.hazmat.backends.openssl.backend import backend, Backend
 from cryptography.hazmat.primitives import interfaces, hashes
 from cryptography.hazmat.primitives.ciphers import Cipher
@@ -68,49 +70,20 @@ class TestOpenSSL(object):
         cipher = Cipher(
             DummyCipher(), mode, backend=b,
         )
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedCipher):
             cipher.encryptor()
 
-    def test_handle_unknown_error(self):
-        with pytest.raises(InternalError):
-            backend._handle_error_code(0)
-
-        backend._lib.ERR_put_error(backend._lib.ERR_LIB_EVP, 0, 0,
-                                   b"test_openssl.py", -1)
-        with pytest.raises(InternalError):
-            backend._handle_error(None)
-
-        backend._lib.ERR_put_error(
-            backend._lib.ERR_LIB_EVP,
-            backend._lib.EVP_F_EVP_ENCRYPTFINAL_EX,
-            0,
-            b"test_openssl.py",
-            -1
-        )
-        with pytest.raises(InternalError):
-            backend._handle_error(None)
-
-        backend._lib.ERR_put_error(
-            backend._lib.ERR_LIB_EVP,
-            backend._lib.EVP_F_EVP_DECRYPTFINAL_EX,
-            0,
-            b"test_openssl.py",
-            -1
-        )
-        with pytest.raises(InternalError):
-            backend._handle_error(None)
-
-    def test_handle_multiple_errors(self):
+    def test_consume_errors(self):
         for i in range(10):
             backend._lib.ERR_put_error(backend._lib.ERR_LIB_EVP, 0, 0,
                                        b"test_openssl.py", -1)
 
         assert backend._lib.ERR_peek_error() != 0
 
-        with pytest.raises(InternalError):
-            backend._handle_error(None)
+        errors = backend._consume_errors()
 
         assert backend._lib.ERR_peek_error() == 0
+        assert len(errors) == 10
 
     def test_openssl_error_string(self):
         backend._lib.ERR_put_error(
@@ -121,8 +94,8 @@ class TestOpenSSL(object):
             -1
         )
 
-        with pytest.raises(InternalError) as exc:
-            backend._handle_error(None)
+        errors = backend._consume_errors()
+        exc = backend._unknown_error(errors[0])
 
         assert (
             "digital envelope routines:"
@@ -147,10 +120,19 @@ class TestOpenSSL(object):
             b"data not multiple of block length"
         )
 
+    def test_unknown_error_in_cipher_finalize(self):
+        cipher = Cipher(AES(b"\0" * 16), CBC(b"\0" * 16), backend=backend)
+        enc = cipher.encryptor()
+        enc.update(b"\0")
+        backend._lib.ERR_put_error(0, 0, 1,
+                                   b"test_openssl.py", -1)
+        with pytest.raises(InternalError):
+            enc.finalize()
+
     def test_derive_pbkdf2_raises_unsupported_on_old_openssl(self):
         if backend.pbkdf2_hmac_supported(hashes.SHA256()):
             pytest.skip("Requires an older OpenSSL")
-        with pytest.raises(UnsupportedAlgorithm):
+        with pytest.raises(UnsupportedHash):
             backend.derive_pbkdf2_hmac(hashes.SHA256(), 10, b"", 1000, b"")
 
     # This test is not in the next class because to check if it's really